--- /dev/null
+*.d
+.config
+eapol_test
+preauth_test
+wpa_cli
+wpa_passphrase
+wpa_supplicant
--- /dev/null
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+\f
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+\f
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+\f
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+\f
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+\f
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
--- /dev/null
+ChangeLog for wpa_supplicant
+
+2008-02-19 - v0.5.10
+ * added support for Makefile builds to include debug-log-to-a-file
+ functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
+ * added network configuration parameter 'frequency' for setting
+ initial channel for IBSS (adhoc) networks
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * added driver_wext workaround for race condition between scanning and
+ association with drivers that take very long time to scan all
+ channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
+ using a longer hardcoded timeout for the scan if the driver supports
+ notifications for scan completion (SIOCGIWSCAN event); this helps,
+ e.g., in cases where wpa_supplicant and madwifi driver ended up in
+ loop where the driver did not even try to associate
+ * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
+ attributes in EAP-SIM Start/Response when using fast reauthentication
+ * fixed problems in getting NDIS events from WMI on Windows 2000
+
+2007-12-02 - v0.5.9
+ * fixed an integer overflow issue in the ASN.1 parser used by the
+ (experimental) internal TLS implementation to avoid a potential
+ buffer read overflow
+ * fixed a race condition with -W option (wait for a control interface
+ monitor before starting) that could have caused the first messages to
+ be lost
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * added ctrl_iface RECONNECT (wpa_cli reconnect) command
+ (like reassociate, but only takes effect if already associated)
+ * fixed a possible race condition between wpa_cli reassociate and
+ wpa_cli disconnect
+ * return a non-zero exit code from non-interactive wpa_cli if the
+ command is not recognized or fails
+ * fixed 0.5.8 regressions in BSS selection that prevented wildcard SSID
+ from being used with non-WPA networks and disabled workaround for
+ ignoring bogus WPA/RSN IE in non-WPA configuration
+ * fixed OpenSSL TLS wrapper to clear trusted CA list to allow
+ network blocks to use different trusted CA configurations
+ * fixed a potential EAP state machine loop when mloving from PSK to EAP
+ configuration without restarting wpa_supplicant
+
+2007-05-28 - v0.5.8
+ * updated driver_wext.c to build with the current wireless-dev.git tree
+ and net/d80211 changes
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-03.txt)
+ * fixed 'make install'
+ * fixed EAP-TTLS implementation not to crash on use of freed memory
+ if TLS library initialization fails
+ * fixed EAP-AKA Notification processing to allow Notification to be
+ processed after AKA Challenge response has been sent
+
+2006-12-31 - v0.5.7
+ * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
+ * updated EAP-PSK to use the IANA-allocated EAP type 47
+ * fixed EAP-PAX key derivation
+ * fixed EAP-PSK bit ordering of the Flags field
+ * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
+ tunnelled identity request (previously, the identifier from the outer
+ method was used, not the tunnelled identifier which could be
+ different)
+ * fixed EAP-TTLS AVP parser processing for too short AVP lengths
+ * added support for EAP-FAST authentication with inner methods that
+ generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
+ for PAC provisioning)
+ * fixed dbus ctrl_iface to validate message interface before
+ dispatching to avoid a possible segfault [Bug 190]
+ * fixed PeerKey key derivation to use the correct PRF label
+ * updated Windows binary build to link against OpenSSL 0.9.8d and
+ added support for EAP-FAST
+
+2006-11-24 - v0.5.6
+ * added experimental, integrated TLSv1 client implementation with the
+ needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
+ setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
+ .config); this can be useful, e.g., if the target system does not
+ have a suitable TLS library and a minimal code size is required
+ (total size of this internal TLS/crypto code is bit under 50 kB on
+ x86 and the crypto code is shared by rest of the supplicant so some
+ of it was already required; TLSv1/X.509/ASN.1/RSA added about 25 kB)
+ * removed STAKey handshake since PeerKey handshake has replaced it in
+ IEEE 802.11ma and there are no known deployments of STAKey
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-01.txt)
+ * added preliminary implementation of IEEE 802.11w/D1.0 (management
+ frame protection)
+ (Note: this requires driver support to work properly.)
+ (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
+ * fixed Windows named pipes ctrl_iface to not stop listening for
+ commands if client program opens a named pipe and closes it
+ immediately without sending a command
+ * fixed USIM PIN status determination for the case that PIN is not
+ needed (this allows EAP-AKA to be used with USIM cards that do not
+ use PIN)
+ * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
+ be used with cards that do not support file selection based on
+ partial AID
+ * added support for matching the subjectAltName of the authentication
+ server certificate against multiple name components (e.g.,
+ altsubject_match="DNS:server.example.com;DNS:server2.example.com")
+ * fixed EAP-SIM/AKA key derivation for re-authentication case (only
+ affects IEEE 802.1X with dynamic WEP keys)
+ * changed ctrl_iface network configuration 'get' operations to not
+ return password/key material; if these fields are requested, "*"
+ will be returned if the password/key is set, but the value of the
+ parameter is not exposed
+
+2006-08-27 - v0.5.5
+ * added support for building Windows version with UNICODE defined
+ (wide-char functions)
+ * driver_ndis: fixed static WEP configuration to avoid race condition
+ issues with some NDIS drivers between association and setting WEP
+ keys
+ * driver_ndis: added validation for IELength value in scan results to
+ avoid crashes when using buggy NDIS drivers [Bug 165]
+ * fixed Release|Win32 target in the Visual Studio project files
+ (previously, only Debug|Win32 target was set properly)
+ * changed control interface API call wpa_ctrl_pending() to allow it to
+ return -1 on error (e.g., connection lost); control interface clients
+ will need to make sure that they verify that the value is indeed >0
+ when determining whether there are pending messages
+ * added an alternative control interface backend for Windows targets:
+ Named Pipe (CONFIG_CTRL_IFACE=named_pipe); this is now the default
+ control interface mechanism for Windows builds (previously, UDP to
+ localhost was used)
+ * changed ctrl_interface configuration for UNIX domain sockets:
+ - deprecated ctrl_interface_group variable (it may be removed in
+ future versions)
+ - allow both directory and group be configured with ctrl_interface
+ in following format: DIR=/var/run/wpa_supplicant GROUP=wheel
+ - ctrl_interface=/var/run/wpa_supplicant is still supported for the
+ case when group is not changed
+ * added support for controlling more than one interface per process in
+ Windows version
+ * added a workaround for a case where the AP is using unknown address
+ (e.g., MAC address of the wired interface) as the source address for
+ EAPOL-Key frames; previously, that source address was used as the
+ destination for EAPOL-Key frames and in key derivation; now, BSSID is
+ used even if the source address does not match with it
+ (this resolves an interoperability issue with Thomson SpeedTouch 580)
+ * added a workaround for UDP-based control interface (which was used in
+ Windows builds before this release) to prevent packets with forged
+ addresses from being accepted as local control requests
+ * removed ndis_events.cpp and possibility of using external
+ ndis_events.exe; C version (ndis_events.c) is fully functional and
+ there is no desire to maintain two separate versions of this
+ implementation
+ * ndis_events: Changed NDIS event notification design to use WMI to
+ learn the adapter description through Win32_PnPEntity class; this
+ should fix some cases where the adapter name was not recognized
+ correctly (e.g., with some USB WLAN adapters, e.g., Ralink RT2500
+ USB) [Bug 113]
+ * fixed selection of the first network in ap_scan=2 mode; previously,
+ wpa_supplicant could get stuck in SCANNING state when only the first
+ network for enabled (e.g., after 'wpa_cli select_network 0')
+ * winsvc: added support for configuring ctrl_interface parameters in
+ registry (ctrl_interface string value in
+ HKLM\SOFTWARE\wpa_supplicant\interfaces\0000 key); this new value is
+ required to enable control interface (previously, this was hardcoded
+ to be enabled)
+ * allow wpa_gui subdirectory to be built with both Qt3 and Qt4
+ * converted wpa_gui-qt4 subdirectory to use Qt4 specific project format
+
+2006-06-20 - v0.5.4
+ * fixed build with CONFIG_STAKEY=y [Bug 143]
+ * added support for doing MLME (IEEE 802.11 management frame
+ processing) in wpa_supplicant when using Devicescape IEEE 802.11
+ stack (wireless-dev.git tree)
+ * added a new network block configuration option, fragment_size, to
+ configure the maximum EAP fragment size
+ * driver_ndis: Disable WZC automatically for the selected interface to
+ avoid conflicts with two programs trying to control the radio; WZC
+ will be re-enabled (if it was enabled originally) when wpa_supplicant
+ is terminated
+ * added an experimental TLSv1 client implementation
+ (CONFIG_TLS=internal) that can be used instead of an external TLS
+ library, e.g., to reduce total size requirement on systems that do
+ not include any TLS library by default (this is not yet complete;
+ basic functionality is there, but certificate validation is not yet
+ included)
+ * added PeerKey handshake implementation for IEEE 802.11e
+ direct link setup (DLS) to replace STAKey handshake
+ * fixed WPA PSK update through ctrl_iface for the case where the old
+ PSK was derived from an ASCII passphrase and the new PSK is set as
+ a raw PSK (hex string)
+ * added new configuration option for identifying which network block
+ was used (id_str in wpa_supplicant.conf; included on
+ WPA_EVENT_CONNECT monitor event and as WPA_ID_STR environmental
+ variable in wpa_cli action scripts; in addition WPA_ID variable is
+ set to the current unique identifier that wpa_supplicant assigned
+ automatically for the network and that can be used with
+ GET_NETWORK/SET_NETWORK ctrl_iface commands)
+ * wpa_cli action script is now called only when the connect/disconnect
+ status changes or when associating with a different network
+ * fixed configuration parser not to remove CCMP from group cipher list
+ if WPA-None (adhoc) is used (pairwise=NONE in that case)
+ * fixed integrated NDIS events processing not to hang the process due
+ to a missed change in eloop_win.c API in v0.5.3 [Bug 155]
+ * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
+ draft-clancy-emu-eap-shared-secret-00.txt)
+ * added Microsoft Visual Studio 2005 solution and project files for
+ build wpa_supplicant for Windows (see vs2005 subdirectory)
+ * eloop_win: fixed unregistration of Windows events
+ * l2_packet_winpcap: fixed a deadlock in deinitializing l2_packet
+ at the end of RSN pre-authentication and added unregistration of
+ a Windows event to avoid getting eloop_win stuck with an invalid
+ handle
+ * driver_ndis: added support for selecting AP based on BSSID
+ * added new environmental variable for wpa_cli action scripts:
+ WPA_CTRL_DIR is the current control interface directory
+ * driver_ndis: added support for using NDISUIO instead of WinPcap for
+ OID set/query operations (CONFIG_USE_NDISUIO=y in .config); with new
+ l2_packet_ndis (CONFIG_L2_PACKET=ndis), this can be used to build
+ wpa_supplicant without requiring WinPcap; note that using NDISUIO
+ requires that WZC is disabled (net stop wzcsvc) since NDISUIO allows
+ only one application to open the device
+ * changed NDIS driver naming to only include device GUID, e.g.,
+ {7EE3EFE5-C165-472F-986D-F6FBEDFE8C8D}, instead of including WinPcap
+ specific \Device\NPF_ prefix before the GUID; the prefix is still
+ allowed for backwards compatibility, but it is not required anymore
+ when specifying the interface
+ * driver_ndis: re-initialize driver interface is the adapter is removed
+ and re-inserted [Bug 159]
+ * driver_madwifi: fixed TKIP and CCMP sequence number configuration on
+ big endian hosts [Bug 146]
+
+2006-04-27 - v0.5.3
+ * fixed EAP-GTC response to include correct user identity when run as
+ phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
+ * driver_ndis: Fixed encryption mode configuration for unencrypted
+ networks (some NDIS drivers ignored this, but others, e.g., Broadcom,
+ refused to associate with open networks) [Bug 106]
+ * driver_ndis: use BSSID OID polling to detect when IBSS network is
+ formed even when ndis_events code is included since some NDIS drivers
+ do not generate media connect events in IBSS mode
+ * config_winreg: allow global ctrl_interface parameter to be configured
+ in Windows registry
+ * config_winreg: added support for saving configuration data into
+ Windows registry
+ * added support for controlling network device operational state
+ (dormant/up) for Linux 2.6.17 to improve DHCP processing (see
+ http://www.flamewarmaster.de/software/dhcpclient/ for a DHCP client
+ that can use this information)
+ * driver_wext: added support for WE-21 change to SSID configuration
+ * driver_wext: fixed privacy configuration for static WEP keys mode
+ [Bug 140]
+ * added an optional driver_ops callback for MLME-SETPROTECTION.request
+ primitive
+ * added support for EAP-SAKE (no EAP method number allocated yet, so
+ this is using the same experimental type 255 as EAP-PSK)
+ * added support for dynamically loading EAP methods (.so files) instead
+ of requiring them to be statically linked in; this is disabled by
+ default (see CONFIG_DYNAMIC_EAP_METHODS in defconfig for information
+ on how to use this)
+
+2006-03-19 - v0.5.2
+ * do not try to use USIM APDUs when initializing PC/SC for SIM card
+ access for a network that has not enabled EAP-AKA
+ * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
+ v0.5.1 due to the new support for expanded EAP types)
+ * added support for generating EAP Expanded Nak
+ * try to fetch scan results once before requesting new scan when
+ starting up in ap_scan=1 mode (this can speed up initial association
+ a lot with, e.g., madwifi-ng driver)
+ * added support for receiving EAPOL frames from a Linux bridge
+ interface (-bbr0 on command line)
+ * fixed EAPOL re-authentication for sessions that used PMKSA caching
+ * changed EAP method registration to use a dynamic list of methods
+ instead of a static list generated at build time
+ * fixed PMKSA cache deinitialization not to use freed memory when
+ removing PMKSA entries
+ * fixed a memory leak in EAP-TTLS re-authentication
+ * reject WPA/WPA2 message 3/4 if it does not include any valid
+ WPA/RSN IE
+ * driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
+ if the driver does not support SIOCSIWAUTH
+
+2006-01-29 - v0.5.1
+ * driver_test: added better support for multiple APs and STAs by using
+ a directory with sockets that include MAC address for each device in
+ the name (driver_param=test_dir=/tmp/test)
+ * added support for EAP expanded type (vendor specific EAP methods)
+ * added AP_SCAN command into ctrl_iface so that ap_scan configuration
+ option can be changed if needed
+ * wpa_cli/wpa_gui: skip non-socket files in control directory when
+ using UNIX domain sockets; this avoids selecting an incorrect
+ interface (e.g., a PID file could be in this directory, even though
+ use of this directory for something else than socket files is not
+ recommended)
+ * fixed TLS library deinitialization after RSN pre-authentication not
+ to disable TLS library for normal authentication
+ * driver_wext: Remove null-termination from SSID length if the driver
+ used it; some Linux drivers do this and they were causing problems in
+ wpa_supplicant not finding matching configuration block. This change
+ would break a case where the SSID actually ends in '\0', but that is
+ not likely to happen in real use.
+ * fixed PMKSA cache processing not to trigger deauthentication if the
+ current PMKSA cache entry is replaced with a valid new entry
+ * fixed PC/SC initialization for ap_scan != 1 modes (this fixes
+ EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
+ ap_scan=2)
+
+2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
+ * added experimental STAKey handshake implementation for IEEE 802.11e
+ direct link setup (DLS); note: this is disabled by default in both
+ build and runtime configuration (can be enabled with CONFIG_STAKEY=y
+ and stakey=1)
+ * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
+ decrypt AT_ENCR_DATA attributes correctly
+ * fixed EAP-AKA to allow resynchronization within the same session
+ * made code closer to ANSI C89 standard to make it easier to port to
+ other C libraries and compilers
+ * started moving operating system or C library specific functions into
+ wrapper functions defined in os.h and implemented in os_*.c to make
+ code more portable
+ * wpa_supplicant can now be built with Microsoft Visual C++
+ (e.g., with the freely available Toolkit 2003 version or Visual
+ C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
+ example makefile for nmake
+ * added support for using Windows registry for command line parameters
+ (CONFIG_MAIN=main_winsvc) and configuration data
+ (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
+ contents; this version can be run both as a Windows service and as a
+ normal application; 'wpasvc.exe app' to start as applicant,
+ 'wpasvc.exe reg <full path to wpasvc.exe>' to register a service,
+ 'net start wpasvc' to start the service, 'wpasvc.exe unreg' to
+ unregister a service
+ * made it possible to link ndis_events.exe functionality into
+ wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED
+ * added better support for multiple control interface backends
+ (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported
+ * fixed PC/SC code to use correct length for GSM AUTH command buffer
+ and to not use pioRecvPci with SCardTransmit() calls; these were not
+ causing visible problems with pcsc-lite, but Windows Winscard.dll
+ refused the previously used parameters; this fixes EAP-SIM and
+ EAP-AKA authentication using SIM/USIM card under Windows
+ * added new event loop implementation for Windows using
+ WaitForMultipleObject() instead of select() in order to allow waiting
+ for non-socket objects; this can be selected with
+ CONFIG_ELOOP=eloop_win in .config
+ * added support for selecting l2_packet implementation in .config
+ (CONFIG_L2_PACKET; following options are available now: linux, pcap,
+ winpcap, freebsd, none)
+ * added new l2_packet implementation for WinPcap
+ (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
+ reduce latency in EAPOL receive processing from about 100 ms to about
+ 3 ms
+ * added support for EAP-FAST key derivation using other ciphers than
+ RC4-128-SHA for authentication and AES128-SHA for provisioning
+ * added support for configuring CA certificate as DER file and as a
+ configuration blob
+ * fixed private key configuration as configuration blob and added
+ support for using PKCS#12 as a blob
+ * tls_gnutls: added support for using PKCS#12 files; added support for
+ session resumption
+ * added support for loading trusted CA certificates from Windows
+ certificate store: ca_cert="cert_store://<name>", where <name> is
+ likely CA (Intermediate CA certificates) or ROOT (root certificates)
+ * added C version of ndis_events.cpp and made it possible to build this
+ with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more
+ easily on cross-compilation builds
+ * added wpasvc.exe into Windows binary release; this is an alternative
+ version of wpa_supplicant.exe with configuration backend using
+ Windows registry and with the entry point designed to run as a
+ Windows service
+ * integrated ndis_events.exe functionality into wpa_supplicant.exe and
+ wpasvc.exe and removed this additional tool from the Windows binary
+ release since it is not needed anymore
+ * load winscard.dll functions dynamically when building with MinGW
+ since MinGW does not yet include winscard library
+
+2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
+ * l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
+ and WinPcap to receive frames sent to PAE group address
+ * disable EAP state machine when IEEE 802.1X authentication is not used
+ in order to get rid of bogus "EAP failed" messages
+ * fixed OpenSSL error reporting to go through all pending errors to
+ avoid confusing reports of old errors being reported at later point
+ during handshake
+ * fixed configuration file updating to not write empty variables
+ (e.g., proto or key_mgmt) that the file parser would not accept
+ * fixed ADD_NETWORK ctrl_iface command to use the same default values
+ for variables as empty network definitions read from config file
+ would get
+ * fixed EAP state machine to not discard EAP-Failure messages in many
+ cases (e.g., during TLS handshake)
+ * fixed a infinite loop in private key reading if the configured file
+ cannot be parsed successfully
+ * driver_madwifi: added support for madwifi-ng
+ * wpa_gui: do not display password/PSK field contents
+ * wpa_gui: added CA certificate configuration
+ * driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID
+ * driver_ndis: include Beacon IEs in AssocInfo in order to notice if
+ the new AP is using different WPA/RSN IE
+ * use longer timeout for IEEE 802.11 association to avoid problems with
+ drivers that may take more than five second to associate
+
+2005-10-27 - v0.4.6
+ * allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
+ RSN IE, but WPA IE would match with wpa_supplicant configuration
+ * added support for named configuration blobs in order to avoid having
+ to use file system for external files (e.g., certificates);
+ variables can be set to "blob://<blob name>" instead of file path to
+ use a named blob; supported fields: pac_file, client_cert,
+ private_key
+ * fixed RSN pre-authentication (it was broken in the clean up of WPA
+ state machine interface in v0.4.5)
+ * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
+ sure the driver configures broadcast decryption correctly
+ * added ca_path (and ca_path2) configuration variables that can be used
+ to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
+ system-wide trusted CA list
+ * added support for starting wpa_supplicant without a configuration
+ file (-C argument must be used to set ctrl_interface parameter for
+ this case; in addition, -p argument can be used to provide
+ driver_param; these new arguments can also be used with a
+ configuration to override the values from the configuration)
+ * added global control interface that can be optionally used for adding
+ and removing network interfaces dynamically (-g command line argument
+ for both wpa_supplicant and wpa_cli) without having to restart
+ wpa_supplicant process
+ * wpa_gui:
+ - try to save configuration whenever something is modified
+ - added WEP key configuration
+ - added possibility to edit the current network configuration
+ * driver_ndis: fixed driver polling not to increase frequency on each
+ received EAPOL frame due to incorrectly cancelled timeout
+ * added simple configuration file examples (in examples subdirectory)
+ * fixed driver_wext.c to filter wireless events based on ifindex to
+ avoid interfaces receiving events from other interfaces
+ * delay sending initial EAPOL-Start couple of seconds to speed up
+ authentication for the most common case of Authenticator starting
+ EAP authentication immediately after association
+
+2005-09-25 - v0.4.5
+ * added a workaround for clearing keys with ndiswrapper to allow
+ roaming from WPA enabled AP to plaintext one
+ * added docbook documentation (doc/docbook) that can be used to
+ generate, e.g., man pages
+ * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
+ PF_PACKET in order to prepare for network devices that do not use
+ Ethernet headers (e.g., network stack with native IEEE 802.11 frames)
+ * use receipt of EAPOL-Key frame as a lower layer success indication
+ for EAP state machine to allow recovery from dropped EAP-Success
+ frame
+ * cleaned up internal EAPOL frame processing by not including link
+ layer (Ethernet) header during WPA and EAPOL/EAP processing; this
+ header is added only when transmitted the frame; this makes it easier
+ to use wpa_supplicant on link layers that use different header than
+ Ethernet
+ * updated EAP-PSK to use draft 9 by default since this can now be
+ tested with hostapd; removed support for draft 3, including
+ server_nai configuration option from network blocks
+ * driver_wired: add PAE address to the multicast address list in order
+ to be able to receive EAPOL frames with drivers that do not include
+ these multicast addresses by default
+ * driver_wext: add support for WE-19
+ * added support for multiple configuration backends (CONFIG_BACKEND
+ option); currently, only 'file' is supported (i.e., the format used
+ in wpa_supplicant.conf)
+ * added support for updating configuration ('wpa_cli save_config');
+ this is disabled by default and can be enabled with global
+ update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli
+ and wpa_gui to store the configuration changes in a permanent store
+ * added GET_NETWORK ctrl_iface command
+ (e.g., 'wpa_cli get_network 0 ssid')
+
+2005-08-21 - v0.4.4
+ * replaced OpenSSL patch for EAP-FAST support
+ (openssl-tls-extensions.patch) with a more generic and correct
+ patch (the new patch is not compatible with the previous one, so the
+ OpenSSL library will need to be patched with the new patch in order
+ to be able to build wpa_supplicant with EAP-FAST support)
+ * added support for using Windows certificate store (through CryptoAPI)
+ for client certificate and private key operations (EAP-TLS)
+ (see wpa_supplicant.conf for more information on how to configure
+ this with private_key)
+ * ported wpa_gui to Windows
+ * added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be
+ built with the open source version of the Qt4 for Windows
+ * allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used
+ with drivers that do not support WPA
+ * ndis_events: fixed Windows 2000 support
+ * added support for enabling/disabling networks from the list of all
+ configured networks ('wpa_cli enable_network <network id>' and
+ 'wpa_cli disable_network <network id>')
+ * added support for adding and removing network from the current
+ configuration ('wpa_cli add_network' and 'wpa_cli remove_network
+ <network id>'); added networks are disabled by default and they can
+ be enabled with enable_network command once the configuration is done
+ for the new network; note: configuration file is not yet updated, so
+ these new networks are lost when wpa_supplicant is restarted
+ * added support for setting network configuration parameters through
+ the control interface, for example:
+ wpa_cli set_network 0 ssid "\"my network\""
+ * fixed parsing of strings that include both " and # within double
+ quoted area (e.g., "start"#end")
+ * added EAP workaround for PEAP session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
+ (this was allowed for PEAPv1 before, but now it is also allowed for
+ PEAPv0 since at least one RADIUS authentication server seems to be
+ doing this for PEAPv0, too)
+ * wpa_gui: added preliminary support for adding new networks to the
+ wpa_supplicant configuration (double click on the scan results to
+ open network configuration)
+
+2005-06-26 - v0.4.3
+ * removed interface for external EAPOL/EAP supplicant (e.g.,
+ Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required
+ anymore and is unlikely to be used by anyone
+ * driver_ndis: fixed WinPcap 3.0 support
+ * fixed build with CONFIG_DNET_PCAP=y on Linux
+ * l2_packet: moved different implementations into separate files
+ (l2_packet_*.c)
+
+2005-06-12 - v0.4.2
+ * driver_ipw: updated driver structures to match with ipw2200-1.0.4
+ (note: ipw2100-1.1.0 is likely to require an update to work with
+ this)
+ * added support for using ap_scan=2 mode with multiple network blocks;
+ wpa_supplicant will go through the networks one by one until the
+ driver reports a successful association; this uses the same order for
+ networks as scan_ssid=1 scans, i.e., the priority field is ignored
+ and the network block order in the file is used instead
+ * fixed a potential issue in RSN pre-authentication ending up using
+ freed memory if pre-authentication times out
+ * added support for matching alternative subject name extensions of the
+ authentication server certificate; new configuration variables
+ altsubject_match and altsubject_match2
+ * driver_ndis: added support for IEEE 802.1X authentication with wired
+ NDIS drivers
+ * added support for querying private key password (EAP-TLS) through the
+ control interface (wpa_cli/wpa_gui) if one is not included in the
+ configuration file
+ * driver_broadcom: fixed couple of memory leaks in scan result
+ processing
+ * EAP-PAX is now registered as EAP type 46
+ * fixed EAP-PAX MAC calculation
+ * fixed EAP-PAX CK and ICK key derivation
+ * added support for using password with EAP-PAX (as an alternative to
+ entering key with eappsk); SHA-1 hash of the password will be used as
+ the key in this case
+ * added support for arbitrary driver interface parameters through the
+ configuration file with a new driver_param field; this adds a new
+ driver_ops function set_param()
+ * added possibility to override l2_packet module with driver interface
+ API (new send_eapol handler); this can be used to implement driver
+ specific TX/RX functions for EAPOL frames
+ * fixed ctrl_interface_group processing for the case where gid is
+ entered as a number, not group name
+ * driver_test: added support for testing hostapd with wpa_supplicant
+ by using test driver interface without any kernel drivers or network
+ cards
+
+2005-05-22 - v0.4.1
+ * driver_madwifi: fixed WPA/WPA2 mode configuration to allow EAPOL
+ packets to be encrypted; this was apparently broken by the changed
+ ioctl order in v0.4.0
+ * driver_madwifi: added preliminary support for compiling against 'BSD'
+ branch of madwifi CVS tree
+ * added support for EAP-MSCHAPv2 password retries within the same EAP
+ authentication session
+ * added support for password changes with EAP-MSCHAPv2 (used when the
+ password has expired)
+ * added support for reading additional certificates from PKCS#12 files
+ and adding them to the certificate chain
+ * fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
+ were used
+ * fixed a possible double free in EAP-TTLS fast-reauthentication when
+ identity or password is entered through control interface
+ * display EAP Notification messages to user through control interface
+ with "CTRL-EVENT-EAP-NOTIFICATION" prefix
+ * added GUI version of wpa_cli, wpa_gui; this is not build
+ automatically with 'make'; use 'make wpa_gui' to build (this requires
+ Qt development tools)
+ * added 'disconnect' command to control interface for setting
+ wpa_supplicant in state where it will not associate before
+ 'reassociate' command has been used
+ * added support for selecting a network from the list of all configured
+ networks ('wpa_cli select_network <network id>'; this disabled all
+ other networks; to re-enable, 'wpa_cli select_network any')
+ * added support for getting scan results through control interface
+ * added EAP workaround for PEAPv1 session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
+
+2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
+ * added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be
+ used to reduce the size of the wpa_supplicant considerably if
+ debugging code is not needed
+ * fixed EAPOL-Key validation to drop packets with invalid Key Data
+ Length; such frames could have crashed wpa_supplicant due to buffer
+ overflow
+ * added support for wired authentication (IEEE 802.1X on wired
+ Ethernet); driver interface 'wired'
+ * obsoleted set_wpa() handler in the driver interface API (it can be
+ replaced by moving enable/disable functionality into init()/deinit())
+ (calls to set_wpa() are still present for backwards compatibility,
+ but they may be removed in the future)
+ * driver_madwifi: fixed association in plaintext mode
+ * modified the EAP workaround that accepts EAP-Success with incorrect
+ Identifier to be even less strict about verification in order to
+ interoperate with some authentication servers
+ * added support for sending TLS alerts
+ * added support for 'any' SSID wildcard; if ssid is not configured or
+ is set to an empty string, any SSID will be accepted for non-WPA AP
+ * added support for asking PIN (for SIM) from frontends (e.g.,
+ wpa_cli); if a PIN is needed, but not included in the configuration
+ file, a control interface request is sent and EAP processing is
+ delayed until the PIN is available
+ * added support for using external devices (e.g., a smartcard) for
+ private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
+ new wpa_supplicant.conf variables:
+ - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path
+ - network: engine, engine_id, key_id
+ * added experimental support for EAP-PAX
+ * added monitor mode for wpa_cli (-a<path to a program to run>) that
+ allows external commands (e.g., shell scripts) to be run based on
+ wpa_supplicant events, e.g., when authentication has been completed
+ and data connection is ready; other related wpa_cli arguments:
+ -B (run in background), -P (write PID file); wpa_supplicant has a new
+ command line argument (-W) that can be used to make it wait until a
+ control interface command is received in order to avoid missing
+ events
+ * added support for opportunistic WPA2 PMKSA key caching (disabled by
+ default, can be enabled with proactive_key_caching=1)
+ * fixed RSN IE in 4-Way Handshake message 2/4 for the case where
+ Authenticator rejects PMKSA caching attempt and the driver is not
+ using assoc_info events
+ * added -P<pid file> argument for wpa_supplicant to write the current
+ process id into a file
+
+2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
+ * added new phase1 option parameter, include_tls_length=1, to force
+ wpa_supplicant to add TLS Message Length field to all TLS messages
+ even if the packet is not fragmented; this may be needed with some
+ authentication servers
+ * fixed WPA/RSN IE verification in message 3 of 4-Way Handshake when
+ using drivers that take care of AP selection (e.g., when using
+ ap_scan=2)
+ * fixed reprocessing of pending request after ctrl_iface requests for
+ identity/password/otp
+ * fixed ctrl_iface requests for identity/password/otp in Phase 2 of
+ EAP-PEAP and EAP-TTLS
+ * all drivers using driver_wext: set interface up and select Managed
+ mode when starting wpa_supplicant; set interface down when exiting
+ * renamed driver_ipw2100.c to driver_ipw.c since it now supports both
+ ipw2100 and ipw2200; please note that this also changed the
+ configuration variable in .config to CONFIG_DRIVER_IPW
+
+2005-01-24 - v0.3.6
+ * fixed a busy loop introduced in v0.3.5 for scan result processing
+ when no matching AP is found
+
+2005-01-23 - v0.3.5
+ * added a workaround for an interoperability issue with a Cisco AP
+ when using WPA2-PSK
+ * fixed non-WPA IEEE 802.1X to use the same authentication timeout as
+ WPA with IEEE 802.1X (i.e., timeout 10 -> 70 sec to allow
+ retransmission of dropped frames)
+ * fixed issues with 64-bit CPUs and SHA1 cleanup in previous version
+ (e.g., segfault when processing EAPOL-Key frames)
+ * fixed EAP workaround and fast reauthentication configuration for
+ RSN pre-authentication; previously these were disabled and
+ pre-authentication would fail if the used authentication server
+ requires EAP workarounds
+ * added support for blacklisting APs that fail or timeout
+ authentication in ap_scan=1 mode so that all APs are tried in cases
+ where the ones with strongest signal level are failing authentication
+ * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
+ authentication attempt
+ * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
+ in the previous authentication (previously, only Phase 1 success was
+ verified)
+
+2005-01-09 - v0.3.4
+ * added preliminary support for IBSS (ad-hoc) mode configuration
+ (mode=1 in network block); this included a new key_mgmt mode
+ WPA-NONE, i.e., TKIP or CCMP with a fixed key (based on psk) and no
+ key management; see wpa_supplicant.conf for more details and an
+ example on how to configure this (note: this is currently implemented
+ only for driver_hostapd.c, but the changes should be trivial to add
+ in associate() handler for other drivers, too (assuming the driver
+ supports WPA-None)
+ * added preliminary port for native Windows (i.e., no cygwin) using
+ mingw
+
+2005-01-02 - v0.3.3
+ * added optional support for GNU Readline and History Libraries for
+ wpa_cli (CONFIG_READLINE)
+ * cleaned up EAP state machine <-> method interface and number of
+ small problems with error case processing not terminating on
+ EAP-Failure but waiting for timeout
+ * added couple of workarounds for interoperability issues with a
+ Cisco AP when using WPA2
+ * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
+ Note: This requires a patch for openssl to add support for TLS
+ extensions and number of workarounds for operations without
+ certificates. Proof of concept type of experimental patch is
+ included in openssl-tls-extensions.patch.
+
+2004-12-19 - v0.3.2
+ * fixed private key loading for cases where passphrase is not set
+ * fixed Windows/cygwin L2 packet handler freeing; previous version
+ could cause a segfault when RSN pre-authentication was completed
+ * added support for PMKSA caching with drivers that generate RSN IEs
+ (e.g., NDIS); currently, this is only implemented in driver_ndis.c,
+ but similar code can be easily added to driver_ndiswrapper.c once
+ ndiswrapper gets full support for RSN PMKSA caching
+ * improved recovery from PMKID mismatches by requesting full EAP
+ authentication in case of failed PMKSA caching attempt
+ * driver_ndis: added support for NDIS NdisMIncidateStatus() events
+ (this requires that ndis_events is ran while wpa_supplicant is
+ running)
+ * driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
+ * added support for driver interfaces to replace the interface name
+ based on driver/OS specific mapping, e.g., in case of driver_ndis,
+ this allows the beginning of the adapter description to be used as
+ the interface name
+ * added support for CR+LF (Windows-style) line ends in configuration
+ file
+ * driver_ndis: enable radio before starting scanning, disable radio
+ when exiting
+ * modified association event handler to set portEnabled = FALSE before
+ clearing port Valid in order to reset EAP state machine and avoid
+ problems with new authentication getting ignored because of state
+ machines ending up in AUTHENTICATED/SUCCESS state based on old
+ information
+ * added support for driver events to add PMKID candidates in order to
+ allow drivers to give priority to most likely roaming candidates
+ * driver_hostap: moved PrivacyInvoked configuration to associate()
+ function so that this will not be set for plaintext connections
+ * added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that driver
+ interface can distinguish plaintext and IEEE 802.1X (no WPA)
+ authentication
+ * fixed static WEP key configuration to use broadcast/default type for
+ all keys (previously, the default TX key was configured as pairwise/
+ unicast key)
+ * driver_ndis: added legacy WPA capability detection for non-WPA2
+ drivers
+ * added support for setting static WEP keys for IEEE 802.1X without
+ dynamic WEP keying (eapol_flags=0)
+
+2004-12-12 - v0.3.1
+ * added support for reading PKCS#12 (PFX) files (as a replacement for
+ PEM/DER) to get certificate and private key (CONFIG_PKCS12)
+ * fixed compilation with CONFIG_PCSC=y
+ * added new ap_scan mode, ap_scan=2, for drivers that take care of
+ association, but need to be configured with security policy and SSID,
+ e.g., ndiswrapper and NDIS driver; this mode should allow such
+ drivers to work with hidden SSIDs and optimized roaming; when
+ ap_scan=2 is used, only the first network block in the configuration
+ file is used and this configuration should have explicit security
+ policy (i.e., only one option in the lists) for key_mgmt, pairwise,
+ group, proto variables
+ * added experimental port of wpa_supplicant for Windows
+ - driver_ndis.c driver interface (NDIS OIDs)
+ - currently, this requires cygwin and WinPcap
+ - small utility, win_if_list, can be used to get interface name
+ * control interface can now be removed at build time; add
+ CONFIG_CTRL_IFACE=y to .config to maintain old functionality
+ * optional Xsupplicant interface can now be removed at build time;
+ (CONFIG_XSUPPLICANT_IFACE=y in .config to bring it back)
+ * added auth_alg to driver interface associate() parameters to make it
+ easier for drivers to configure authentication algorithm as part of
+ the association
+
+2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
+ * driver_broadcom: added new driver interface for Broadcom wl.o driver
+ (a generic driver for Broadcom IEEE 802.11a/g cards)
+ * wpa_cli: fixed parsing of -p <path> command line argument
+ * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
+ ACK, not tunneled EAP-Success (of which only the first byte was
+ actually send due to a bug in previous code); this seems to
+ interoperate with most RADIUS servers that implements PEAPv1
+ * PEAPv1: added support for terminating PEAP authentication on tunneled
+ EAP-Success message; this can be configured by adding
+ peap_outer_success=0 on phase1 parameters in wpa_supplicant.conf
+ (some RADIUS servers require this whereas others require a tunneled
+ reply
+ * PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., to
+ the old label for key derivation; previously, the default was 1,
+ but it looks like most existing PEAPv1 implementations use the old
+ label which is thus more suitable default option
+ * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
+ * fixed parsing of wep_tx_keyidx
+ * added support for configuring list of allowed Phase 2 EAP types
+ (for both EAP-PEAP and EAP-TTLS) instead of only one type
+ * added support for configuring IEEE 802.11 authentication algorithm
+ (auth_alg; mainly for using Shared Key authentication with static
+ WEP keys)
+ * added support for EAP-AKA (with UMTS SIM)
+ * fixed couple of errors in PCSC handling that could have caused
+ random-looking errors for EAP-SIM
+ * added support for EAP-SIM pseudonyms and fast re-authentication
+ * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
+ session resumption)
+ * added support for EAP-SIM with two challanges
+ (phase1="sim_min_num_chal=3" can be used to require three challenges)
+ * added support for configuring DH/DSA parameters for an ephemeral DH
+ key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
+ dh_file and dh_file2 (phase 2); this adds support for using DSA keys
+ and optional DH key exchange to achieve forward secracy with RSA keys
+ * added support for matching subject of the authentication server
+ certificate with a substring when using EAP-TLS/PEAP/TTLS; new
+ configuration variables subject_match and subject_match2
+ * changed SSID configuration in driver_wext.c (used by many driver
+ interfaces) to use ssid_len+1 as the length for SSID since some Linux
+ drivers expect this
+ * fixed couple of unaligned reads in scan result parsing to fix WPA
+ connection on some platforms (e.g., ARM)
+ * added driver interface for Intel ipw2100 driver
+ * added support for LEAP with WPA
+ * added support for larger scan results report (old limit was 4 kB of
+ data, i.e., about 35 or so APs) when using Linux wireless extensions
+ v17 or newer
+ * fixed a bug in PMKSA cache processing: skip sending of EAPOL-Start
+ only if there is a PMKSA cache entry for the current AP
+ * fixed error handling for case where reading of scan results fails:
+ must schedule a new scan or wpa_supplicant will remain waiting
+ forever
+ * changed debug output to remove shared password/key material by
+ default; all key information can be included with -K command line
+ argument to match the previous behavior
+ * added support for timestamping debug log messages (disabled by
+ default, can be enabled with -t command line argument)
+ * set pairwise/group cipher suite for non-WPA IEEE 802.1X to WEP-104
+ if keys are not configured to be used; this fixes IEEE 802.1X mode
+ with drivers that use this information to configure whether Privacy
+ bit can be in Beacon frames (e.g., ndiswrapper)
+ * avoid clearing driver keys if no keys have been configured since last
+ key clear request; this seems to improve reliability of group key
+ handshake for ndiswrapper & NDIS driver which seems to be suffering
+ of some kind of timing issue when the keys are cleared again after
+ association
+ * changed driver interface API:
+ - WPA_SUPPLICANT_DRIVER_VERSION define can be used to determine which
+ version is being used (now, this is set to 2; previously, it was
+ not defined)
+ - pass pointer to private data structure to all calls
+ - the new API is not backwards compatible; all in-tree driver
+ interfaces has been converted to the new API
+ * added support for controlling multiple interfaces (radios) per
+ wpa_supplicant process; each interface needs to be listed on the
+ command line (-c, -i, -D arguments) with -N as a separator
+ (-cwpa1.conf -iwlan0 -Dhostap -N -cwpa2.conf -iath0 -Dmadwifi)
+ * added a workaround for EAP servers that incorrectly use same Id for
+ sequential EAP packets
+ * changed libpcap/libdnet configuration to use .config variable,
+ CONFIG_DNET_PCAP, instead of requiring Makefile modification
+ * improved downgrade attack detection in IE verification of msg 3/4:
+ verify both WPA and RSN IEs, if present, not only the selected one;
+ reject the AP if an RSN IE is found in msg 3/4, but not in Beacon or
+ Probe Response frame, and RSN is enabled in wpa_supplicant
+ configuration
+ * fixed WPA msg 3/4 processing to allow Key Data field contain other
+ IEs than just one WPA IE
+ * added support for FreeBSD and driver interface for the BSD net80211
+ layer (CONFIG_DRIVER_BSD=y in .config); please note that some of the
+ required kernel mods have not yet been committed
+ * made EAP workarounds configurable; enabled by default, can be
+ disabled with network block option eap_workaround=0
+
+2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
+ * resolved couple of interoperability issues with EAP-PEAPv1 and
+ Phase 2 (inner EAP) fragment reassembly
+ * driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the
+ AP is using non-zero key index for the unicast key and key index zero
+ for the broadcast key
+ * driver_hostap: fixed IEEE 802.1X WEP key updates and
+ re-authentication by allowing unencrypted EAPOL frames when not using
+ WPA
+ * added a new driver interface, 'wext', which uses only standard,
+ driver independent functionality in Linux wireless extensions;
+ currently, this can be used only for non-WPA IEEE 802.1X mode, but
+ eventually, this is to be extended to support full WPA/WPA2 once
+ Linux wireless extensions get support for this
+ * added support for mode in which the driver is responsible for AP
+ scanning and selection; this is disabled by default and can be
+ enabled with global ap_scan=0 variable in wpa_supplicant.conf;
+ this mode can be used, e.g., with generic 'wext' driver interface to
+ use wpa_supplicant as IEEE 802.1X Supplicant with any Linux driver
+ supporting wireless extensions.
+ * driver_madwifi: fixed WPA2 configuration and scan_ssid=1 (e.g.,
+ operation with an AP that does not include SSID in the Beacon frames)
+ * added support for new EAP authentication methods:
+ EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
+ * added support for asking one-time-passwords from frontends (e.g.,
+ wpa_cli); this 'otp' command works otherwise like 'password' command,
+ but the password is used only once and the frontend will be asked for
+ a new password whenever a request from authenticator requires a
+ password; this can be used with both EAP-OTP and EAP-GTC
+ * changed wpa_cli to automatically re-establish connection so that it
+ does not need to be re-started when wpa_supplicant is terminated and
+ started again
+ * improved user data (identity/password/otp) requests through
+ frontends: process pending EAPOL packets after getting new
+ information so that full authentication does not need to be
+ restarted; in addition, send pending requests again whenever a new
+ frontend is attached
+ * changed control frontends to use a new directory for socket files to
+ make it easier for wpa_cli to automatically select between interfaces
+ and to provide access control for the control interface;
+ wpa_supplicant.conf: ctrl_interface is now a path
+ (/var/run/wpa_supplicant is the recommended path) and
+ ctrl_interface_group can be used to select which group gets access to
+ the control interface;
+ wpa_cli: by default, try to connect to the first interface available
+ in /var/run/wpa_supplicant; this path can be overriden with -p option
+ and an interface can be selected with -i option (i.e., in most common
+ cases, wpa_cli does not need to get any arguments)
+ * added support for LEAP
+ * added driver interface for Linux ndiswrapper
+ * added priority option for network blocks in the configuration file;
+ this allows networks to be grouped based on priority (the scan
+ results are searched for matches with network blocks in this order)
+
+2004-06-20 - v0.2.3
+ * sort scan results to improve AP selection
+ * fixed control interface socket removal for some error cases
+ * improved scan requesting and authentication timeout
+ * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
+ TLS processing
+ * PEAP version can now be forced with phase1="peapver=<ver>"
+ (mostly for testing; by default, the highest version supported by
+ both the Supplicant and Authentication Server is selected
+ automatically)
+ * added support for madwifi driver (Atheros ar521x)
+ * added a workaround for cases where AP sets Install Tx/Rx bit for
+ WPA Group Key messages when pairwise keys are used (without this,
+ the Group Key would be used for Tx and the AP would drop frames
+ from the station)
+ * added GSM SIM/USIM interface for GSM authentication algorithm for
+ EAP-SIM; this requires pcsc-lite
+ * added support for ATMEL AT76C5XXx driver
+ * fixed IEEE 802.1X WEP key derivation in the case where Authenticator
+ does not include key data in the EAPOL-Key frame (i.e., part of
+ EAP keying material is used as data encryption key)
+ * added support for using plaintext and static WEP networks
+ (key_mgmt=NONE)
+
+2004-05-31 - v0.2.2
+ * added support for new EAP authentication methods:
+ EAP-TTLS/EAP-MD5-Challenge
+ EAP-TTLS/EAP-GTC
+ EAP-TTLS/EAP-MSCHAPv2
+ EAP-TTLS/EAP-TLS
+ EAP-TTLS/MSCHAPv2
+ EAP-TTLS/MSCHAP
+ EAP-TTLS/PAP
+ EAP-TTLS/CHAP
+ EAP-PEAP/TLS
+ EAP-PEAP/GTC
+ EAP-PEAP/MD5-Challenge
+ EAP-GTC
+ EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
+ * added support for anonymous identity (to be used when identity is
+ sent in plaintext; real identity will be used within TLS protected
+ tunnel (e.g., with EAP-TTLS)
+ * added event messages from wpa_supplicant to frontends, e.g., wpa_cli
+ * added support for requesting identity and password information using
+ control interface; in other words, the password for EAP-PEAP or
+ EAP-TTLS does not need to be included in the configuration file since
+ a frontand (e.g., wpa_cli) can ask it from the user
+ * improved RSN pre-authentication to use a candidate list and process
+ all candidates from each scan; not only one per scan
+ * fixed RSN IE and WPA IE capabilities field parsing
+ * ignore Tx bit in GTK IE when Pairwise keys are used
+ * avoid making new scan requests during IEEE 802.1X negotiation
+ * use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant
+ with TLS support (this replaces the included implementation with
+ library code to save about 8 kB since the library code is needed
+ anyway for TLS)
+ * fixed WPA-PSK only mode when compiled without IEEE 802.1X support
+ (i.e., without CONFIG_IEEE8021X_EAPOL=y in .config)
+
+2004-05-06 - v0.2.1
+ * added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1)
+ Supplicant
+ - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1]
+ - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
+ - EAP-MD5 (cannot be used with WPA-RADIUS)
+ [draft-ietf-eap-rfc2284bis-09.txt]
+ - EAP-TLS [RFC 2716]
+ - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
+ - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
+ [draft-kamath-pppext-eap-mschapv2-00.txt]
+ (PEAP version 0, 1, and parts of 2; only 0 and 1 are enabled by
+ default; tested with FreeRADIUS, Microsoft IAS, and Funk Odyssey)
+ - new configuration file options: eap, identity, password, ca_cert,
+ client_cert, privatekey, private_key_passwd
+ - Xsupplicant is not required anymore, but it can be used by
+ disabling the internal IEEE 802.1X Supplicant with -e command line
+ option
+ - this code is not included in the default build; Makefile need to
+ be edited for this (uncomment lines for selected functionality)
+ - EAP-TLS and EAP-PEAP require openssl libraries
+ * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
+ * added support for non-WPA IEEE 802.1X mode with dynamic WEP keys
+ (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
+ EAPOL-Key frames instead of WPA key handshakes)
+ * added support for IEEE 802.11i/RSN (WPA2)
+ - improved PTK Key Handshake
+ - PMKSA caching, pre-authentication
+ * fixed wpa_supplicant to ignore possible extra data after WPA
+ EAPOL-Key packets (this fixes 'Invalid EAPOL-Key MIC when using
+ TPTK' error from message 3 of 4-Way Handshake in case the AP
+ includes extra data after the EAPOL-Key)
+ * added interface for external programs (frontends) to control
+ wpa_supplicant
+ - CLI example (wpa_cli) with interactive mode and command line
+ mode
+ - replaced SIGUSR1 status/statistics with the new control interface
+ * made some feature compile time configurable
+ - .config file for make
+ - driver interfaces (hostap, hermes, ..)
+ - EAPOL/EAP functions
+
+2004-02-15 - v0.2.0
+ * Initial version of wpa_supplicant
--- /dev/null
+ifndef CC
+CC=gcc
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+# Include directories for CVS version
+CFLAGS += -I. -I../utils -I../hostapd
+
+ALL=wpa_supplicant wpa_passphrase wpa_cli
+
+all: verify_config $(ALL) dynamic_eap_methods
+
+verify_config:
+ @if [ ! -r .config ]; then \
+ echo 'Building wpa_supplicant requires a configuration file'; \
+ echo '(.config). See README for more instructions. You can'; \
+ echo 'run "cp defconfig .config" to create an example'; \
+ echo 'configuration.'; \
+ exit 1; \
+ fi
+
+mkconfig:
+ @if [ -e .config ]; then \
+ echo '.config exists - did not replace it'; \
+ exit 1; \
+ fi
+ echo CONFIG_DRIVER_HOSTAP=y >> .config
+ echo CONFIG_DRIVER_WEXT=y >> .config
+ echo CONFIG_WIRELESS_EXTENSION=y >> .config
+
+install: all
+ mkdir -p $(DESTDIR)/usr/local/sbin/
+ for i in $(ALL); do cp $$i $(DESTDIR)/usr/local/sbin/$$i; done
+
+OBJS = config.o \
+ common.o md5.o md4.o \
+ rc4.o sha1.o des.o
+OBJS_p = wpa_passphrase.o sha1.o md5.o md4.o \
+ common.o des.o
+OBJS_c = wpa_cli.o wpa_ctrl.o
+
+-include .config
+
+ifndef CONFIG_OS
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_OS=win32
+else
+CONFIG_OS=unix
+endif
+endif
+
+ifeq ($(CONFIG_OS), internal)
+CFLAGS += -DOS_NO_C_LIB_DEFINES
+endif
+
+OBJS += os_$(CONFIG_OS).o
+OBJS_p += os_$(CONFIG_OS).o
+OBJS_c += os_$(CONFIG_OS).o
+
+ifndef CONFIG_ELOOP
+CONFIG_ELOOP=eloop
+endif
+OBJS += $(CONFIG_ELOOP).o
+
+
+ifdef CONFIG_EAPOL_TEST
+CFLAGS += -Werror -DEAPOL_TEST
+endif
+
+ifndef CONFIG_BACKEND
+CONFIG_BACKEND=file
+endif
+
+ifeq ($(CONFIG_BACKEND), file)
+OBJS += config_file.o base64.o
+CFLAGS += -DCONFIG_BACKEND_FILE
+endif
+
+ifeq ($(CONFIG_BACKEND), winreg)
+OBJS += config_winreg.o
+endif
+
+ifeq ($(CONFIG_BACKEND), none)
+OBJS += config_none.o
+endif
+
+ifdef CONFIG_DRIVER_HOSTAP
+CFLAGS += -DCONFIG_DRIVER_HOSTAP
+OBJS_d += driver_hostap.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_WEXT
+CFLAGS += -DCONFIG_DRIVER_WEXT
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_PRISM54
+CFLAGS += -DCONFIG_DRIVER_PRISM54
+OBJS_d += driver_prism54.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_HERMES
+CFLAGS += -DCONFIG_DRIVER_HERMES
+OBJS_d += driver_hermes.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_MADWIFI
+CFLAGS += -DCONFIG_DRIVER_MADWIFI
+OBJS_d += driver_madwifi.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_ATMEL
+CFLAGS += -DCONFIG_DRIVER_ATMEL
+OBJS_d += driver_atmel.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_NDISWRAPPER
+CFLAGS += -DCONFIG_DRIVER_NDISWRAPPER
+OBJS_d += driver_ndiswrapper.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BROADCOM
+CFLAGS += -DCONFIG_DRIVER_BROADCOM
+OBJS_d += driver_broadcom.o
+endif
+
+ifdef CONFIG_DRIVER_IPW
+CFLAGS += -DCONFIG_DRIVER_IPW
+OBJS_d += driver_ipw.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BSD
+CFLAGS += -DCONFIG_DRIVER_BSD
+OBJS_d += driver_bsd.o
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=freebsd
+endif
+endif
+
+ifdef CONFIG_DRIVER_NDIS
+CFLAGS += -DCONFIG_DRIVER_NDIS
+OBJS_d += driver_ndis.o driver_ndis_.o
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=pcap
+endif
+CONFIG_WINPCAP=y
+ifdef CONFIG_USE_NDISUIO
+CFLAGS += -DCONFIG_USE_NDISUIO
+endif
+endif
+
+ifdef CONFIG_DRIVER_WIRED
+CFLAGS += -DCONFIG_DRIVER_WIRED
+OBJS_d += driver_wired.o
+endif
+
+ifdef CONFIG_DRIVER_TEST
+CFLAGS += -DCONFIG_DRIVER_TEST
+OBJS_d += driver_test.o
+endif
+
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=linux
+endif
+
+OBJS += l2_packet_$(CONFIG_L2_PACKET).o
+
+ifeq ($(CONFIG_L2_PACKET), pcap)
+ifdef CONFIG_WINPCAP
+CFLAGS += -DCONFIG_WINPCAP
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+else
+LIBS += -ldnet -lpcap
+endif
+endif
+
+ifeq ($(CONFIG_L2_PACKET), winpcap)
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+endif
+
+ifeq ($(CONFIG_L2_PACKET), freebsd)
+LIBS += -lpcap
+endif
+
+ifdef CONFIG_EAP_TLS
+# EAP-TLS
+ifeq ($(CONFIG_EAP_TLS), dyn)
+CFLAGS += -DEAP_TLS_DYNAMIC
+EAPDYN += eap_tls.so
+else
+CFLAGS += -DEAP_TLS
+OBJS += eap_tls.o
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PEAP
+# EAP-PEAP
+ifeq ($(CONFIG_EAP_PEAP), dyn)
+CFLAGS += -DEAP_PEAP_DYNAMIC
+EAPDYN += eap_peap.so
+else
+CFLAGS += -DEAP_PEAP
+OBJS += eap_peap.o
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_TLV=y
+endif
+
+ifdef CONFIG_EAP_TTLS
+# EAP-TTLS
+ifeq ($(CONFIG_EAP_TTLS), dyn)
+CFLAGS += -DEAP_TTLS_DYNAMIC
+EAPDYN += eap_ttls.so
+else
+CFLAGS += -DEAP_TTLS
+OBJS += eap_ttls.o
+endif
+MS_FUNCS=y
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_MD5
+# EAP-MD5
+ifeq ($(CONFIG_EAP_MD5), dyn)
+CFLAGS += -DEAP_MD5_DYNAMIC
+EAPDYN += eap_md5.so
+else
+CFLAGS += -DEAP_MD5
+OBJS += eap_md5.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+# backwards compatibility for old spelling
+ifdef CONFIG_MSCHAPV2
+ifndef CONFIG_EAP_MSCHAPV2
+CONFIG_EAP_MSCHAPV2=y
+endif
+endif
+
+ifdef CONFIG_EAP_MSCHAPV2
+# EAP-MSCHAPv2
+ifeq ($(CONFIG_EAP_MSCHAPV2), dyn)
+CFLAGS += -DEAP_MSCHAPv2_DYNAMIC
+EAPDYN += eap_mschapv2.so
+else
+CFLAGS += -DEAP_MSCHAPv2
+OBJS += eap_mschapv2.o
+endif
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GTC
+# EAP-GTC
+ifeq ($(CONFIG_EAP_GTC), dyn)
+CFLAGS += -DEAP_GTC_DYNAMIC
+EAPDYN += eap_gtc.so
+else
+CFLAGS += -DEAP_GTC
+OBJS += eap_gtc.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_OTP
+# EAP-OTP
+ifeq ($(CONFIG_EAP_OTP), dyn)
+CFLAGS += -DEAP_OTP_DYNAMIC
+EAPDYN += eap_otp.so
+else
+CFLAGS += -DEAP_OTP
+OBJS += eap_otp.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SIM
+# EAP-SIM
+ifeq ($(CONFIG_EAP_SIM), dyn)
+CFLAGS += -DEAP_SIM_DYNAMIC
+EAPDYN += eap_sim.so
+else
+CFLAGS += -DEAP_SIM
+OBJS += eap_sim.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_LEAP
+# EAP-LEAP
+ifeq ($(CONFIG_EAP_LEAP), dyn)
+CFLAGS += -DEAP_LEAP_DYNAMIC
+EAPDYN += eap_leap.so
+else
+CFLAGS += -DEAP_LEAP
+OBJS += eap_leap.o
+endif
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PSK
+# EAP-PSK
+ifeq ($(CONFIG_EAP_PSK), dyn)
+CFLAGS += -DEAP_PSK_DYNAMIC
+EAPDYN += eap_psk.so
+else
+CFLAGS += -DEAP_PSK
+OBJS += eap_psk.o eap_psk_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_AKA
+# EAP-AKA
+ifeq ($(CONFIG_EAP_AKA), dyn)
+CFLAGS += -DEAP_AKA_DYNAMIC
+EAPDYN += eap_aka.so
+else
+CFLAGS += -DEAP_AKA
+OBJS += eap_aka.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_SIM_COMMON
+OBJS += eap_sim_common.o
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_TLV
+# EAP-TLV
+CFLAGS += -DEAP_TLV
+OBJS += eap_tlv.o
+endif
+
+ifdef CONFIG_EAP_FAST
+# EAP-FAST
+ifeq ($(CONFIG_EAP_FAST), dyn)
+CFLAGS += -DEAP_FAST_DYNAMIC
+EAPDYN += eap_fast.so
+else
+CFLAGS += -DEAP_FAST
+OBJS += eap_fast.o
+endif
+TLS_FUNCS=y
+endif
+
+ifdef CONFIG_EAP_PAX
+# EAP-PAX
+ifeq ($(CONFIG_EAP_PAX), dyn)
+CFLAGS += -DEAP_PAX_DYNAMIC
+EAPDYN += eap_pax.so
+else
+CFLAGS += -DEAP_PAX
+OBJS += eap_pax.o eap_pax_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SAKE
+# EAP-SAKE
+ifeq ($(CONFIG_EAP_SAKE), dyn)
+CFLAGS += -DEAP_SAKE_DYNAMIC
+EAPDYN += eap_sake.so
+else
+CFLAGS += -DEAP_SAKE
+OBJS += eap_sake.o eap_sake_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GPSK
+# EAP-GPSK
+ifeq ($(CONFIG_EAP_GPSK), dyn)
+CFLAGS += -DEAP_GPSK_DYNAMIC
+EAPDYN += eap_gpsk.so
+else
+CFLAGS += -DEAP_GPSK
+OBJS += eap_gpsk.o eap_gpsk_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+ifdef CONFIG_EAP_GPSK_SHA256
+CFLAGS += -DEAP_GPSK_SHA256
+NEED_SHA256=y
+endif
+endif
+
+ifdef CONFIG_EAP_VENDOR_TEST
+ifeq ($(CONFIG_EAP_VENDOR_TEST), dyn)
+CFLAGS += -DEAP_VENDOR_TEST_DYNAMIC
+EAPDYN += eap_vendor_test.so
+else
+CFLAGS += -DEAP_VENDOR_TEST
+OBJS += eap_vendor_test.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_IEEE8021X_EAPOL
+# IEEE 802.1X/EAPOL state machines (e.g., for RADIUS authentication)
+CFLAGS += -DIEEE8021X_EAPOL
+OBJS += eapol_sm.o eap.o eap_methods.o
+ifdef CONFIG_DYNAMIC_EAP_METHODS
+CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
+LIBS += -ldl -rdynamic
+endif
+endif
+
+ifdef CONFIG_PCSC
+# PC/SC interface for smartcards (USIM, GSM SIM)
+CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
+OBJS += pcsc_funcs.o
+# -lpthread may not be needed depending on how pcsc-lite was configured
+ifdef CONFIG_NATIVE_WINDOWS
+#Once MinGW gets support for WinScard, -lwinscard could be used instead of the
+#dynamic symbol loading that is now used in pcsc_funcs.c
+#LIBS += -lwinscard
+else
+LIBS += -lpcsclite -lpthread
+endif
+endif
+
+ifndef CONFIG_TLS
+CONFIG_TLS=openssl
+endif
+
+ifeq ($(CONFIG_TLS), internal)
+ifndef CONFIG_CRYPTO
+CONFIG_CRYPTO=internal
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+
+
+ifdef TLS_FUNCS
+# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
+CFLAGS += -DEAP_TLS_FUNCS
+OBJS += eap_tls_common.o
+ifeq ($(CONFIG_TLS), openssl)
+CFLAGS += -DEAP_TLS_OPENSSL
+OBJS += tls_openssl.o
+LIBS += -lssl -lcrypto
+LIBS_p += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += tls_gnutls.o
+LIBS += -lgnutls -lgcrypt -lgpg-error
+LIBS_p += -lgcrypt
+ifdef CONFIG_GNUTLS_EXTRA
+CFLAGS += -DCONFIG_GNUTLS_EXTRA
+LIBS += -lgnutls-extra
+endif
+endif
+ifeq ($(CONFIG_TLS), schannel)
+OBJS += tls_schannel.o
+endif
+ifeq ($(CONFIG_TLS), internal)
+OBJS += tls_internal.o tlsv1_common.o tlsv1_client.o asn1.o x509v3.o
+OBJS_p += asn1.o rc4.o aes_wrap.o
+ifneq ($(CONFIG_BACKEND), file)
+OBJS += base64.o
+endif
+CFLAGS += -DCONFIG_TLS_INTERNAL
+ifeq ($(CONFIG_CRYPTO), internal)
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+else
+LIBS += -ltommath
+LIBS_p += -ltommath
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+ifeq ($(CONFIG_TLS), none)
+OBJS += tls_none.o
+CFLAGS += -DEAP_TLS_NONE
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+ifdef CONFIG_SMARTCARD
+ifndef CONFIG_NATIVE_WINDOWS
+ifneq ($(CONFIG_L2_PACKET), freebsd)
+LIBS += -ldl
+endif
+endif
+endif
+NEED_CRYPTO=y
+else
+OBJS += tls_none.o
+endif
+
+ifdef CONFIG_PKCS12
+CFLAGS += -DPKCS12_FUNCS
+endif
+
+ifdef CONFIG_SMARTCARD
+CFLAGS += -DCONFIG_SMARTCARD
+endif
+
+ifdef MS_FUNCS
+OBJS += ms_funcs.o
+NEED_CRYPTO=y
+endif
+
+ifdef NEED_CRYPTO
+ifndef TLS_FUNCS
+ifeq ($(CONFIG_TLS), openssl)
+LIBS += -lcrypto
+LIBS_p += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+LIBS += -lgcrypt
+LIBS_p += -lgcrypt
+endif
+ifeq ($(CONFIG_TLS), schannel)
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+endif
+ifeq ($(CONFIG_TLS), openssl)
+OBJS += crypto.o
+OBJS_p += crypto.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += crypto_gnutls.o
+OBJS_p += crypto_gnutls.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), schannel)
+OBJS += crypto_cryptoapi.o
+OBJS_p += crypto_cryptoapi.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+OBJS += crypto_libtomcrypt.o
+OBJS_p += crypto_libtomcrypt.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+OBJS += crypto_internal.o rsa.o bignum.o
+OBJS_p += crypto_internal.o rsa.o bignum.o
+CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_DES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD4=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_CRYPTO), cryptoapi)
+OBJS += crypto_cryptoapi.o
+OBJS_p += crypto_cryptoapi.o
+CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI
+CONFIG_INTERNAL_SHA256=y
+endif
+endif
+ifeq ($(CONFIG_TLS), none)
+OBJS += crypto_none.o
+OBJS_p += crypto_none.o
+CONFIG_INTERNAL_SHA256=y
+endif
+else
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+endif
+
+ifdef CONFIG_INTERNAL_AES
+CFLAGS += -DINTERNAL_AES
+endif
+ifdef CONFIG_INTERNAL_SHA1
+CFLAGS += -DINTERNAL_SHA1
+endif
+ifdef CONFIG_INTERNAL_SHA256
+CFLAGS += -DINTERNAL_SHA256
+endif
+ifdef CONFIG_INTERNAL_MD5
+CFLAGS += -DINTERNAL_MD5
+endif
+ifdef CONFIG_INTERNAL_MD4
+CFLAGS += -DINTERNAL_MD4
+endif
+ifdef CONFIG_INTERNAL_DES
+CFLAGS += -DINTERNAL_DES
+endif
+
+ifdef NEED_SHA256
+OBJS += sha256.o
+endif
+
+ifdef CONFIG_WIRELESS_EXTENSION
+CFLAGS += -DCONFIG_WIRELESS_EXTENSION
+OBJS_d += driver_wext.o
+endif
+
+ifdef CONFIG_CTRL_IFACE
+ifeq ($(CONFIG_CTRL_IFACE), y)
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_CTRL_IFACE=named_pipe
+else
+CONFIG_CTRL_IFACE=unix
+endif
+endif
+CFLAGS += -DCONFIG_CTRL_IFACE
+ifeq ($(CONFIG_CTRL_IFACE), unix)
+CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
+endif
+ifeq ($(CONFIG_CTRL_IFACE), udp)
+CFLAGS += -DCONFIG_CTRL_IFACE_UDP
+endif
+ifeq ($(CONFIG_CTRL_IFACE), named_pipe)
+CFLAGS += -DCONFIG_CTRL_IFACE_NAMED_PIPE
+endif
+OBJS += ctrl_iface.o ctrl_iface_$(CONFIG_CTRL_IFACE).o
+endif
+
+ifdef CONFIG_CTRL_IFACE_DBUS
+CFLAGS += -DCONFIG_CTRL_IFACE_DBUS -DDBUS_API_SUBJECT_TO_CHANGE
+OBJS += ctrl_iface_dbus.o ctrl_iface_dbus_handlers.o dbus_dict_helpers.o
+ifndef DBUS_LIBS
+DBUS_LIBS := $(shell pkg-config --libs dbus-1)
+endif
+LIBS += $(DBUS_LIBS)
+ifndef DBUS_INCLUDE
+DBUS_INCLUDE := $(shell pkg-config --cflags dbus-1)
+endif
+dbus_version=$(subst ., ,$(shell pkg-config --modversion dbus-1))
+DBUS_VERSION_MAJOR=$(word 1,$(dbus_version))
+DBUS_VERSION_MINOR=$(word 2,$(dbus_version))
+ifeq ($(DBUS_VERSION_MAJOR),)
+DBUS_VERSION_MAJOR=0
+endif
+ifeq ($(DBUS_VERSION_MINOR),)
+DBUS_VERSION_MINOR=0
+endif
+DBUS_INCLUDE += -DDBUS_VERSION_MAJOR=$(DBUS_VERSION_MAJOR)
+DBUS_INCLUDE += -DDBUS_VERSION_MINOR=$(DBUS_VERSION_MINOR)
+CFLAGS += $(DBUS_INCLUDE)
+endif
+
+ifdef CONFIG_READLINE
+CFLAGS += -DCONFIG_READLINE
+LIBS_c += -lncurses -lreadline
+endif
+
+ifdef CONFIG_NATIVE_WINDOWS
+CFLAGS += -DCONFIG_NATIVE_WINDOWS
+LIBS += -lws2_32 -lgdi32 -lcrypt32
+LIBS_c += -lws2_32
+LIBS_p += -lws2_32
+ifeq ($(CONFIG_CRYPTO), cryptoapi)
+LIBS_p += -lcrypt32
+endif
+endif
+
+ifdef CONFIG_NO_STDOUT_DEBUG
+CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
+ifndef CONFIG_CTRL_IFACE
+CFLAGS += -DCONFIG_NO_WPA_MSG
+endif
+endif
+
+ifdef CONFIG_IPV6
+# for eapol_test only
+CFLAGS += -DCONFIG_IPV6
+endif
+
+ifdef CONFIG_PEERKEY
+CFLAGS += -DCONFIG_PEERKEY
+endif
+
+ifdef CONFIG_IEEE80211W
+CFLAGS += -DCONFIG_IEEE80211W
+NEED_SHA256=y
+endif
+
+ifndef CONFIG_NO_WPA
+OBJS += wpa.o preauth.o pmksa_cache.o
+NEED_AES=y
+else
+CFLAGS += -DCONFIG_NO_WPA -DCONFIG_NO_WPA2
+endif
+
+ifdef CONFIG_NO_WPA2
+CFLAGS += -DCONFIG_NO_WPA2
+endif
+
+ifdef CONFIG_NO_AES_EXTRAS
+CFLAGS += -DCONFIG_NO_AES_WRAP
+CFLAGS += -DCONFIG_NO_AES_CTR -DCONFIG_NO_AES_OMAC1
+CFLAGS += -DCONFIG_NO_AES_EAX -DCONFIG_NO_AES_CBC
+endif
+
+ifdef NEED_AES
+OBJS += aes_wrap.o
+endif
+
+ifdef CONFIG_CLIENT_MLME
+OBJS += mlme.o
+CFLAGS += -DCONFIG_CLIENT_MLME
+endif
+
+ifndef CONFIG_MAIN
+CONFIG_MAIN=main
+endif
+
+ifdef CONFIG_DEBUG_FILE
+CFLAGS += -DCONFIG_DEBUG_FILE
+endif
+
+OBJS += wpa_supplicant.o events.o
+OBJS_t := $(OBJS) eapol_test.o radius.o radius_client.o
+OBJS_t2 := $(OBJS) preauth_test.o
+OBJS += $(CONFIG_MAIN).o drivers.o $(OBJS_d)
+
+ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+CFLAGS += -DCONFIG_NDIS_EVENTS_INTEGRATED
+OBJS += ndis_events.o
+EXTRALIBS += -loleaut32 -lole32 -luuid
+ifdef PLATFORMSDKLIB
+EXTRALIBS += $(PLATFORMSDKLIB)/WbemUuid.Lib
+else
+EXTRALIBS += WbemUuid.Lib
+endif
+endif
+
+ifndef LDO
+LDO=$(CC)
+endif
+
+dynamic_eap_methods: $(EAPDYN)
+
+wpa_supplicant: .config $(OBJS)
+ $(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+
+eapol_test: .config $(OBJS_t)
+ $(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
+
+preauth_test: .config $(OBJS_t2)
+ $(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
+
+wpa_passphrase: $(OBJS_p)
+ $(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p)
+
+wpa_cli: $(OBJS_c)
+ $(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
+
+OBJSa=asn1_test.o asn1.o x509v3.o common.o os_unix.o \
+ crypto_$(CONFIG_CRYPTO).o md5.o sha1.o \
+ rc4.o des.o aes_wrap.o \
+ bignum.o rsa.o
+asn1_test: $(OBJSa)
+ $(LDO) $(LDFLAGS) -o asn1_test $(OBJSa)
+
+OBJSx=tests/test_x509v3.o asn1.o x509v3.o \
+ common.o os_unix.o \
+ crypto_$(CONFIG_CRYPTO).o \
+ md5.o sha1.o \
+ rc4.o des.o aes_wrap.o \
+ bignum.o rsa.o
+test_x509v3: $(OBJSx)
+ $(LDO) $(LDFLAGS) -o test_x509v3 $(OBJSx)
+
+win_if_list: win_if_list.c
+ $(LDO) $(LDFLAGS) -o $@ win_if_list.c $(CFLAGS) $(LIBS_w)
+
+eap_psk.so: eap_psk.c eap_psk_common.c
+ $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
+ -Deap_peer_psk_register=eap_peer_method_dynamic_init
+
+eap_pax.so: eap_pax.c eap_pax_common.c
+ $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
+ -Deap_peer_pax_register=eap_peer_method_dynamic_init
+
+eap_sake.so: eap_sake.c eap_sake_common.c
+ $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
+ -Deap_peer_sake_register=eap_peer_method_dynamic_init
+
+%.so: %.c
+ $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $< \
+ -D$(*:eap_%=eap_peer_%)_register=eap_peer_method_dynamic_init
+
+
+wpa_supplicant.exe: wpa_supplicant
+ mv -f $< $@
+wpa_cli.exe: wpa_cli
+ mv -f $< $@
+wpa_passphrase.exe: wpa_passphrase
+ mv -f $< $@
+win_if_list.exe: win_if_list
+ mv -f $< $@
+eapol_test.exe: eapol_test
+ mv -f $< $@
+
+WINALL=wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe win_if_list.exe
+
+windows-bin: $(WINALL)
+ $(STRIP) $(WINALL)
+
+wpa_gui/Makefile:
+ qmake -o wpa_gui/Makefile wpa_gui/wpa_gui.pro
+
+wpa_gui: wpa_gui/Makefile
+ $(MAKE) -C wpa_gui
+
+TEST_MS_FUNCS_OBJS = crypto.o sha1.o md5.o \
+ os_unix.o rc4.o tests/test_ms_funcs.o
+test-ms_funcs: $(TEST_MS_FUNCS_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_MS_FUNCS_OBJS) $(LIBS) -lcrypto
+ ./test-ms_funcs
+ rm test-ms_funcs
+
+TEST_SHA1_OBJS = sha1.o md5.o tests/test_sha1.o #crypto.o
+test-sha1: $(TEST_SHA1_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_SHA1_OBJS) $(LIBS)
+ ./test-sha1
+ rm test-sha1
+
+TEST_SHA256_OBJS = sha256.o md5.o tests/test_sha256.o crypto.o
+test-sha256: $(TEST_SHA256_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_SHA256_OBJS) $(LIBS)
+ ./test-sha256
+ rm test-sha256
+
+TEST_AES_OBJS = aes_wrap.o tests/test_aes.o # crypto.o
+test-aes: $(TEST_AES_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_AES_OBJS) $(LIBS)
+ ./test-aes
+ rm test-aes
+
+TEST_EAP_SIM_COMMON_OBJS = sha1.o md5.o \
+ aes_wrap.o common.o os_unix.o \
+ tests/test_eap_sim_common.o
+test-eap_sim_common: $(TEST_EAP_SIM_COMMON_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_AES_OBJS) $(LIBS)
+ ./test-eap_sim_common
+ rm test-eap_sim_common
+
+TEST_MD4_OBJS = md4.o tests/test_md4.o #crypto.o
+test-md4: $(TEST_MD4_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_MD4_OBJS) $(LIBS)
+ ./test-md4
+ rm test-md4
+
+TEST_MD5_OBJS = md5.o tests/test_md5.o #crypto.o
+test-md5: $(TEST_MD5_OBJS)
+ $(LDO) $(LDFLAGS) -o $@ $(TEST_MD5_OBJS) $(LIBS)
+ ./test-md5
+ rm test-md5
+
+tests: test-ms_funcs test-sha1 test-aes test-eap_sim_common test-md4 test-md5
+
+clean:
+ rm -f core *~ *.o *.d eap_*.so $(ALL) $(WINALL)
+
+%.eps: %.fig
+ fig2dev -L eps $*.fig $*.eps
+
+%.png: %.fig
+ fig2dev -L png -m 3 $*.fig | pngtopnm | pnmscale 0.4 | pnmtopng \
+ > $*.png
+
+docs-pics: doc/wpa_supplicant.png doc/wpa_supplicant.eps
+
+docs: docs-pics
+ doxygen doc/doxygen.full
+ $(MAKE) -C doc/latex
+ cp doc/latex/refman.pdf wpa_supplicant-devel.pdf
+
+docs-fast: docs-pics
+ doxygen doc/doxygen.fast
+
+clean-docs:
+ rm -rf doc/latex doc/html
+ rm -f doc/wpa_supplicant.{eps,png} wpa_supplicant-devel.pdf
+
+-include $(OBJS:%.o=%.d)
--- /dev/null
+WPA Supplicant
+==============
+
+Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+This program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+
+
+License
+-------
+
+GPL v2:
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2 as
+published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+(this copy of the license is in COPYING file)
+
+
+Alternatively, this software may be distributed, used, and modified
+under the terms of BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+ names of its contributors may be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+Features
+--------
+
+Supported WPA/IEEE 802.11i features:
+- WPA-PSK ("WPA-Personal")
+- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
+ Following authentication methods are supported with an integrate IEEE 802.1X
+ Supplicant:
+ * EAP-TLS
+ * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
+ * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
+ * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
+ * EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
+ * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
+ * EAP-TTLS/EAP-MD5-Challenge
+ * EAP-TTLS/EAP-GTC
+ * EAP-TTLS/EAP-OTP
+ * EAP-TTLS/EAP-MSCHAPv2
+ * EAP-TTLS/EAP-TLS
+ * EAP-TTLS/MSCHAPv2
+ * EAP-TTLS/MSCHAP
+ * EAP-TTLS/PAP
+ * EAP-TTLS/CHAP
+ * EAP-SIM
+ * EAP-AKA
+ * EAP-PSK
+ * EAP-PAX
+ * EAP-SAKE
+ * EAP-GPSK
+ * LEAP (note: requires special support from the driver for IEEE 802.11
+ authentication)
+ (following methods are supported, but since they do not generate keying
+ material, they cannot be used with WPA or IEEE 802.1X WEP keying)
+ * EAP-MD5-Challenge
+ * EAP-MSCHAPv2
+ * EAP-GTC
+ * EAP-OTP
+- key management for CCMP, TKIP, WEP104, WEP40
+- RSN/WPA2 (IEEE 802.11i)
+ * pre-authentication
+ * PMKSA caching
+
+Supported TLS/crypto libraries:
+- OpenSSL (default)
+- GnuTLS
+
+Internal TLS/crypto implementation (optional):
+- can be used in place of an external TLS/crypto library
+- TLSv1
+- X.509 certificate processing
+- PKCS #1
+- ASN.1
+- RSA
+- bignum
+- minimal size (ca. 50 kB binary, parts of which are already needed for WPA;
+ TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86)
+
+
+Requirements
+------------
+
+Current hardware/software requirements:
+- Linux kernel 2.4.x or 2.6.x with Linux Wireless Extensions v15 or newer
+- FreeBSD 6-CURRENT
+- NetBSD-current
+- Microsoft Windows with WinPcap (at least WinXP, may work with other versions)
+- drivers:
+ Linux drivers that support WPA/WPA2 configuration with the generic
+ Linux wireless extensions (WE-18 or newer). Even though there are
+ number of driver specific interface included in wpa_supplicant, please
+ note that Linux drivers are moving to use generic wireless extensions
+ and driver_wext (-Dwext on wpa_supplicant command line) should be the
+ default option to start with before falling back to driver specific
+ interface.
+
+ Host AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)
+ (http://hostap.epitest.fi/)
+ Driver need to be set in Managed mode ('iwconfig wlan0 mode managed').
+ Please note that station firmware version needs to be 1.7.0 or newer
+ to work in WPA mode.
+
+ Linuxant DriverLoader (http://www.linuxant.com/driverloader/)
+ with Windows NDIS driver for your wlan card supporting WPA.
+
+ Agere Systems Inc. Linux Driver
+ (http://www.agere.com/support/drivers/)
+ Please note that the driver interface file (driver_hermes.c) and
+ hardware specific include files are not included in the
+ wpa_supplicant distribution. You will need to copy these from the
+ source package of the Agere driver.
+
+ madwifi driver for cards based on Atheros chip set (ar521x)
+ (http://sourceforge.net/projects/madwifi/)
+ Please note that you will need to modify the wpa_supplicant .config
+ file to use the correct path for the madwifi driver root directory
+ (CFLAGS += -I../madwifi/wpa line in example defconfig).
+
+ ATMEL AT76C5XXx driver for USB and PCMCIA cards
+ (http://atmelwlandriver.sourceforge.net/).
+
+ Linux ndiswrapper (http://ndiswrapper.sourceforge.net/) with
+ Windows NDIS driver.
+
+ Broadcom wl.o driver
+ This is a generic Linux driver for Broadcom IEEE 802.11a/g cards.
+ However, it is proprietary driver that is not publicly available
+ except for couple of exceptions, mainly Broadcom-based APs/wireless
+ routers that use Linux. The driver binary can be downloaded, e.g.,
+ from Linksys support site (http://www.linksys.com/support/gpl.asp)
+ for Linksys WRT54G. The GPL tarball includes cross-compiler and
+ the needed header file, wlioctl.h, for compiling wpa_supplicant.
+ This driver support in wpa_supplicant is expected to work also with
+ other devices based on Broadcom driver (assuming the driver includes
+ client mode support).
+
+ Intel ipw2100 driver
+ (http://sourceforge.net/projects/ipw2100/)
+
+ Intel ipw2200 driver
+ (http://sourceforge.net/projects/ipw2200/)
+
+ In theory, any driver that supports Linux wireless extensions can be
+ used with IEEE 802.1X (i.e., not WPA) when using ap_scan=0 option in
+ configuration file.
+
+ Wired Ethernet drivers (with ap_scan=0)
+
+ BSD net80211 layer (e.g., Atheros driver)
+ At the moment, this is for FreeBSD 6-CURRENT branch and NetBSD-current.
+
+ Windows NDIS
+ The current Windows port requires WinPcap (http://winpcap.polito.it/).
+ See README-Windows.txt for more information.
+
+wpa_supplicant was designed to be portable for different drivers and
+operating systems. Hopefully, support for more wlan cards and OSes will be
+added in the future. See developer's documentation
+(http://hostap.epitest.fi/wpa_supplicant/devel/) for more information about the
+design of wpa_supplicant and porting to other drivers. One main goal
+is to add full WPA/WPA2 support to Linux wireless extensions to allow
+new drivers to be supported without having to implement new
+driver-specific interface code in wpa_supplicant.
+
+Optional libraries for layer2 packet processing:
+- libpcap (tested with 0.7.2, most relatively recent versions assumed to work,
+ this is likely to be available with most distributions,
+ http://tcpdump.org/)
+- libdnet (tested with v1.4, most versions assumed to work,
+ http://libdnet.sourceforge.net/)
+
+These libraries are _not_ used in the default Linux build. Instead,
+internal Linux specific implementation is used. libpcap/libdnet are
+more portable and they can be used by adding CONFIG_L2_PACKET=pcap into
+.config. They may also be selected automatically for other operating
+systems. In case of Windows builds, WinPcap is used by default
+(CONFIG_L2_PACKET=winpcap).
+
+
+Optional libraries for EAP-TLS, EAP-PEAP, and EAP-TTLS:
+- OpenSSL (tested with 0.9.7c and 0.9.7d, and 0.9.8 versions; assumed to
+ work with most relatively recent versions; this is likely to be
+ available with most distributions, http://www.openssl.org/)
+- GnuTLS
+- internal TLSv1 implementation
+
+TLS options for EAP-FAST:
+- OpenSSL 0.9.8d _with_ openssl-0.9.8d-tls-extensions.patch applied
+ (i.e., the default OpenSSL package does not include support for
+ extensions needed for EAP-FAST)
+- internal TLSv1 implementation
+
+One of these libraries is needed when EAP-TLS, EAP-PEAP, EAP-TTLS, or
+EAP-FAST support is enabled. WPA-PSK mode does not require this or EAPOL/EAP
+implementation. A configuration file, .config, for compilation is
+needed to enable IEEE 802.1X/EAPOL and EAP methods. Note that EAP-MD5,
+EAP-GTC, EAP-OTP, and EAP-MSCHAPV2 cannot be used alone with WPA, so
+they should only be enabled if testing the EAPOL/EAP state
+machines. However, there can be used as inner authentication
+algorithms with EAP-PEAP and EAP-TTLS.
+
+See Building and installing section below for more detailed
+information about the wpa_supplicant build time configuration.
+
+
+
+WPA
+---
+
+The original security mechanism of IEEE 802.11 standard was not
+designed to be strong and has proven to be insufficient for most
+networks that require some kind of security. Task group I (Security)
+of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
+to address the flaws of the base standard and has in practice
+completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
+802.11 standard was approved in June 2004 and published in July 2004.
+
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
+IEEE 802.11i work (draft 3.0) to define a subset of the security
+enhancements that can be implemented with existing wlan hardware. This
+is called Wi-Fi Protected Access<TM> (WPA). This has now become a
+mandatory component of interoperability testing and certification done
+by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
+site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+
+IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
+for protecting wireless networks. WEP uses RC4 with 40-bit keys,
+24-bit initialization vector (IV), and CRC32 to protect against packet
+forgery. All these choices have proven to be insufficient: key space is
+too small against current attacks, RC4 key scheduling is insufficient
+(beginning of the pseudorandom stream should be skipped), IV space is
+too small and IV reuse makes attacks easier, there is no replay
+protection, and non-keyed authentication does not protect against bit
+flipping packet data.
+
+WPA is an intermediate solution for the security issues. It uses
+Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
+compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+
+Keys can be managed using two different mechanisms. WPA can either use
+an external authentication server (e.g., RADIUS) and EAP just like
+IEEE 802.1X is using or pre-shared keys without need for additional
+servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
+respectively. Both mechanisms will generate a master session key for
+the Authenticator (AP) and Supplicant (client station).
+
+WPA implements a new key handshake (4-Way Handshake and Group Key
+Handshake) for generating and exchanging data encryption keys between
+the Authenticator and Supplicant. This handshake is also used to
+verify that both Authenticator and Supplicant know the master session
+key. These handshakes are identical regardless of the selected key
+management mechanism (only the method for generating master session
+key changes).
+
+
+
+IEEE 802.11i / WPA2
+-------------------
+
+The design for parts of IEEE 802.11i that were not included in WPA has
+finished (May 2004) and this amendment to IEEE 802.11 was approved in
+June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
+version of WPA called WPA2. This includes, e.g., support for more
+robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
+to replace TKIP and optimizations for handoff (reduced number of
+messages in initial key handshake, pre-authentication, and PMKSA caching).
+
+
+
+wpa_supplicant
+--------------
+
+wpa_supplicant is an implementation of the WPA Supplicant component,
+i.e., the part that runs in the client stations. It implements WPA key
+negotiation with a WPA Authenticator and EAP authentication with
+Authentication Server. In addition, it controls the roaming and IEEE
+802.11 authentication/association of the wlan driver.
+
+wpa_supplicant is designed to be a "daemon" program that runs in the
+background and acts as the backend component controlling the wireless
+connection. wpa_supplicant supports separate frontend programs and an
+example text-based frontend, wpa_cli, is included with wpa_supplicant.
+
+Following steps are used when associating with an AP using WPA:
+
+- wpa_supplicant requests the kernel driver to scan neighboring BSSes
+- wpa_supplicant selects a BSS based on its configuration
+- wpa_supplicant requests the kernel driver to associate with the chosen
+ BSS
+- If WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP
+ authentication with the authentication server (proxied by the
+ Authenticator in the AP)
+- If WPA-EAP: master key is received from the IEEE 802.1X Supplicant
+- If WPA-PSK: wpa_supplicant uses PSK as the master session key
+- wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake
+ with the Authenticator (AP)
+- wpa_supplicant configures encryption keys for unicast and broadcast
+- normal data packets can be transmitted and received
+
+
+
+Building and installing
+-----------------------
+
+In order to be able to build wpa_supplicant, you will first need to
+select which parts of it will be included. This is done by creating a
+build time configuration file, .config, in the wpa_supplicant root
+directory. Configuration options are text lines using following
+format: CONFIG_<option>=y. Lines starting with # are considered
+comments and are ignored. See defconfig file for an example configuration
+and a list of available options and additional notes.
+
+The build time configuration can be used to select only the needed
+features and limit the binary size and requirements for external
+libraries. The main configuration parts are the selection of which
+driver interfaces (e.g., hostap, madwifi, ..) and which authentication
+methods (e.g., EAP-TLS, EAP-PEAP, ..) are included.
+
+Following build time configuration options are used to control IEEE
+802.1X/EAPOL and EAP state machines and all EAP methods. Including
+TLS, PEAP, or TTLS will require linking wpa_supplicant with OpenSSL
+library for TLS implementation. Alternatively, GnuTLS or the internal
+TLSv1 implementation can be used for TLS functionaly.
+
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+
+Following option can be used to include GSM SIM/USIM interface for GSM/UMTS
+authentication algorithm (for EAP-SIM/EAP-AKA). This requires pcsc-lite
+(http://www.linuxnet.com/) for smart card access.
+
+CONFIG_PCSC=y
+
+Following options can be added to .config to select which driver
+interfaces are included. Hermes driver interface needs to be downloaded
+from Agere (see above). CONFIG_WIRELESS_EXTENSION will be used
+automatically if any of the selected drivers need it.
+
+CONFIG_WIRELESS_EXTENSION=y
+CONFIG_DRIVER_HOSTAP=y
+CONFIG_DRIVER_HERMES=y
+CONFIG_DRIVER_MADWIFI=y
+CONFIG_DRIVER_ATMEL=y
+CONFIG_DRIVER_WEXT=y
+CONFIG_DRIVER_NDISWRAPPER=y
+CONFIG_DRIVER_BROADCOM=y
+CONFIG_DRIVER_IPW=y
+CONFIG_DRIVER_BSD=y
+CONFIG_DRIVER_NDIS=y
+
+Following example includes all features and driver interfaces that are
+included in the wpa_supplicant package:
+
+CONFIG_DRIVER_HOSTAP=y
+CONFIG_DRIVER_HERMES=y
+CONFIG_DRIVER_MADWIFI=y
+CONFIG_DRIVER_ATMEL=y
+CONFIG_DRIVER_WEXT=y
+CONFIG_DRIVER_NDISWRAPPER=y
+CONFIG_DRIVER_BROADCOM=y
+CONFIG_DRIVER_IPW=y
+CONFIG_DRIVER_BSD=y
+CONFIG_DRIVER_NDIS=y
+CONFIG_WIRELESS_EXTENSION=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_PCSC=y
+
+EAP-PEAP and EAP-TTLS will automatically include configured EAP
+methods (MD5, OTP, GTC, MSCHAPV2) for inner authentication selection.
+
+
+After you have created a configuration file, you can build
+wpa_supplicant and wpa_cli with 'make' command. You may then install
+the binaries to a suitable system directory, e.g., /usr/local/bin.
+
+Example commands:
+
+# build wpa_supplicant and wpa_cli
+make
+# install binaries (this may need root privileges)
+cp wpa_cli wpa_supplicant /usr/local/bin
+
+
+You will need to make a configuration file, e.g.,
+/etc/wpa_supplicant.conf, with network configuration for the networks
+you are going to use. Configuration file section below includes
+explanation fo the configuration file format and includes various
+examples. Once the configuration is ready, you can test whether the
+configuration work by first running wpa_supplicant with following
+command to start it on foreground with debugging enabled:
+
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+
+Assuming everything goes fine, you can start using following command
+to start wpa_supplicant on background without debugging:
+
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+
+Please note that if you included more than one driver interface in the
+build time configuration (.config), you may need to specify which
+interface to use by including -D<driver name> option on the command
+line. See following section for more details on command line options
+for wpa_supplicant.
+
+
+
+Command line options
+--------------------
+
+usage:
+ wpa_supplicant [-BddfhKLqqtuvwW] [-P<pid file>] [-g<global ctrl>] \
+ -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-p<driver_param>] \
+ [-b<br_ifname> [-N -i<ifname> -c<conf> [-C<ctrl>] [-D<driver>] \
+ [-p<driver_param>] [-b<br_ifname>] ...]
+
+options:
+ -b = optional bridge interface name
+ -B = run daemon in the background
+ -c = Configuration file
+ -C = ctrl_interface parameter (only used if -c is not)
+ -i = interface name
+ -d = increase debugging verbosity (-dd even more)
+ -D = driver name
+ -f = Log output to default log location (normally /tmp)
+ -g = global ctrl_interface
+ -K = include keys (passwords, etc.) in debug output
+ -t = include timestamp in debug messages
+ -h = show this help text
+ -L = show license (GPL and BSD)
+ -p = driver parameters
+ -P = PID file
+ -q = decrease debugging verbosity (-qq even less)
+ -v = show version
+ -w = wait for interface to be added, if needed
+ -W = wait for a control interface monitor before starting
+ -N = start describing new interface
+
+drivers:
+ hostap = Host AP driver (Intersil Prism2/2.5/3) [default]
+ (this can also be used with Linuxant DriverLoader)
+ hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II)
+ madwifi = MADWIFI 802.11 support (Atheros, etc.)
+ atmel = ATMEL AT76C5XXx (USB, PCMCIA)
+ wext = Linux wireless extensions (generic)
+ ndiswrapper = Linux ndiswrapper
+ broadcom = Broadcom wl.o driver
+ ipw = Intel ipw2100/2200 driver (old; use wext with Linux 2.6.13 or newer)
+ wired = wpa_supplicant wired Ethernet driver
+ bsd = BSD 802.11 support (Atheros, etc.)
+ ndis = Windows NDIS driver
+
+In most common cases, wpa_supplicant is started with
+
+wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0
+
+This makes the process fork into background and wait for the wlan0
+interface if it is not available at startup time.
+
+The easiest way to debug problems, and to get debug log for bug
+reports, is to start wpa_supplicant on foreground with debugging
+enabled:
+
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+
+
+wpa_supplicant can control multiple interfaces (radios) either by
+running one process for each interface separately or by running just
+one process and list of options at command line. Each interface is
+separated with -N argument. As an example, following command would
+start wpa_supplicant for two interfaces:
+
+wpa_supplicant \
+ -c wpa1.conf -i wlan0 -D hostap -N \
+ -c wpa2.conf -i ath0 -D madwifi
+
+
+If the interface is added in a Linux bridge (e.g., br0), the bridge
+interface needs to be configured to wpa_supplicant in addition to the
+main interface:
+
+wpa_supplicant -cw.conf -Dmadwifi -iath0 -bbr0
+
+
+Configuration file
+------------------
+
+wpa_supplicant is configured using a text file that lists all accepted
+networks and security policies, including pre-shared keys. See
+example configuration file, wpa_supplicant.conf, for detailed
+information about the configuration format and supported fields.
+
+Changes to configuration file can be reloaded be sending SIGHUP signal
+to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly,
+reloading can be triggered with 'wpa_cli reconfigure' command.
+
+Configuration file can include one or more network blocks, e.g., one
+for each used SSID. wpa_supplicant will automatically select the best
+betwork based on the order of network blocks in the configuration
+file, network security level (WPA/WPA2 is preferred), and signal
+strength.
+
+Example configuration files for some common configurations:
+
+1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work
+ network
+
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+
+
+2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel
+ (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series)
+
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+
+
+3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+ unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+
+
+4) IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and
+ broadcast); use EAP-TLS for authentication
+
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+
+
+5) Catch all example that allows more or less all configuration modes. The
+ configuration options are used based on what security policy is used in the
+ selected SSID. This is mostly for testing and is not recommended for normal
+ use.
+
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+
+
+6) Authentication for wired Ethernet. This can be used with 'wired' interface
+ (-Dwired on command line).
+
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+
+
+
+Certificates
+------------
+
+Some EAP authentication methods require use of certificates. EAP-TLS
+uses both server side and client certificates whereas EAP-PEAP and
+EAP-TTLS only require the server side certificate. When client
+certificate is used, a matching private key file has to also be
+included in configuration. If the private key uses a passphrase, this
+has to be configured in wpa_supplicant.conf ("private_key_passwd").
+
+wpa_supplicant supports X.509 certificates in PEM and DER
+formats. User certificate and private key can be included in the same
+file.
+
+If the user certificate and private key is received in PKCS#12/PFX
+format, they need to be converted to suitable PEM/DER format for
+wpa_supplicant. This can be done, e.g., with following commands:
+
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+
+
+
+wpa_cli
+-------
+
+wpa_cli is a text-based frontend program for interacting with
+wpa_supplicant. It is used to query current status, change
+configuration, trigger events, and request interactive user input.
+
+wpa_cli can show the current authentication status, selected security
+mode, dot11 and dot1x MIBs, etc. In addition, it can configure some
+variables like EAPOL state machine parameters and trigger events like
+reassociation and IEEE 802.1X logoff/logon. wpa_cli provides a user
+interface to request authentication information, like username and
+password, if these are not included in the configuration. This can be
+used to implement, e.g., one-time-passwords or generic token card
+authentication where the authentication is based on a
+challenge-response that uses an external device for generating the
+response.
+
+The control interface of wpa_supplicant can be configured to allow
+non-root user access (ctrl_interface_group in the configuration
+file). This makes it possible to run wpa_cli with a normal user
+account.
+
+wpa_cli supports two modes: interactive and command line. Both modes
+share the same command set and the main difference is in interactive
+mode providing access to unsolicited messages (event messages,
+username/password requests).
+
+Interactive mode is started when wpa_cli is executed without including
+the command as a command line parameter. Commands are then entered on
+the wpa_cli prompt. In command line mode, the same commands are
+entered as command line arguments for wpa_cli.
+
+
+Interactive authentication parameters request
+
+When wpa_supplicant need authentication parameters, like username and
+password, which are not present in the configuration file, it sends a
+request message to all attached frontend programs, e.g., wpa_cli in
+interactive mode. wpa_cli shows these requests with
+"CTRL-REQ-<type>-<id>:<text>" prefix. <type> is IDENTITY, PASSWORD, or
+OTP (one-time-password). <id> is a unique identifier for the current
+network. <text> is description of the request. In case of OTP request,
+it includes the challenge from the authentication server.
+
+The reply to these requests can be given with 'identity', 'password',
+and 'otp' commands. <id> needs to be copied from the the matching
+request. 'password' and 'otp' commands can be used regardless of
+whether the request was for PASSWORD or OTP. The main difference
+between these two commands is that values given with 'password' are
+remembered as long as wpa_supplicant is running whereas values given
+with 'otp' are used only once and then forgotten, i.e., wpa_supplicant
+will ask frontend for a new value for every use. This can be used to
+implement one-time-password lists and generic token card -based
+authentication.
+
+Example request for password and a matching reply:
+
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+
+Example request for generic token card challenge-response:
+
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+
+
+wpa_cli commands
+
+ status = get current WPA/EAPOL/EAP status
+ mib = get MIB variables (dot1x, dot11)
+ help = show this usage help
+ interface [ifname] = show interfaces/select interface
+ level <debug level> = change debug level
+ license = show full wpa_cli license
+ logoff = IEEE 802.1X EAPOL state machine logoff
+ logon = IEEE 802.1X EAPOL state machine logon
+ set = set variables (shows list of variables when run without arguments)
+ pmksa = show PMKSA cache
+ reassociate = force reassociation
+ reconfigure = force wpa_supplicant to re-read its configuration file
+ preauthenticate <BSSID> = force preauthentication
+ identity <network id> <identity> = configure identity for an SSID
+ password <network id> <password> = configure password for an SSID
+ pin <network id> <pin> = configure pin for an SSID
+ otp <network id> <password> = configure one-time-password for an SSID
+ passphrase <network id> <passphrase> = configure private key passphrase
+ for an SSID
+ bssid <network id> <BSSID> = set preferred BSSID for an SSID
+ list_networks = list configured networks
+ select_network <network id> = select a network (disable others)
+ enable_network <network id> = enable a network
+ disable_network <network id> = disable a network
+ add_network = add a network
+ remove_network <network id> = remove a network
+ set_network <network id> <variable> <value> = set network variables (shows
+ list of variables when run without arguments)
+ get_network <network id> <variable> = get network variables
+ save_config = save the current configuration
+ disconnect = disconnect and wait for reassociate command before connecting
+ scan = request new BSS scan
+ scan_results = get latest scan results
+ get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilies
+ terminate = terminate wpa_supplicant
+ quit = exit wpa_cli
+
+
+wpa_cli command line options
+
+wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \
+ [-P<pid file>] [-g<global ctrl>] [command..]
+ -h = help (show this usage text)
+ -v = shown version information
+ -a = run in daemon mode executing the action file based on events from
+ wpa_supplicant
+ -B = run a daemon in the background
+ default path: /var/run/wpa_supplicant
+ default interface: first interface found in socket path
+
+
+Using wpa_cli to run external program on connect/disconnect
+-----------------------------------------------------------
+
+wpa_cli can used to run external programs whenever wpa_supplicant
+connects or disconnects from a network. This can be used, e.g., to
+update network configuration and/or trigget DHCP client to update IP
+addresses, etc.
+
+One wpa_cli process in "action" mode needs to be started for each
+interface. For example, the following command starts wpa_cli for the
+default ingterface (-i can be used to select the interface in case of
+more than one interface being used at the same time):
+
+wpa_cli -a/sbin/wpa_action.sh -B
+
+The action file (-a option, /sbin/wpa_action.sh in this example) will
+be executed whenever wpa_supplicant completes authentication (connect
+event) or detects disconnection). The action script will be called
+with two command line arguments: interface name and event (CONNECTED
+or DISCONNECTED). If the action script needs to get more information
+about the current network, it can use 'wpa_cli status' to query
+wpa_supplicant for more information.
+
+Following example can be used as a simple template for an action
+script:
+
+#!/bin/sh
+
+IFNAME=$1
+CMD=$2
+
+if [ "$CMD" == "CONNECTED" ]; then
+ SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
+ # configure network, signal DHCP client, etc.
+fi
+
+if [ "$CMD" == "DISCONNECTED" ]; then
+ # remove network configuration, if needed
+fi
+
+
+
+Integrating with pcmcia-cs/cardmgr scripts
+------------------------------------------
+
+wpa_supplicant needs to be running when using a wireless network with
+WPA. It can be started either from system startup scripts or from
+pcmcia-cs/cardmgr scripts (when using PC Cards). WPA handshake must be
+completed before data frames can be exchanged, so wpa_supplicant
+should be started before DHCP client.
+
+Command line option '-w' can be used if wpa_supplicant is started
+before the wireless LAN interface is present (e.g., before inserting
+the PC Card) or is not yet up.
+
+For example, following small changes to pcmcia-cs scripts can be used
+to enable WPA support:
+
+Add MODE="Managed" and WPA="y" to the network scheme in
+/etc/pcmcia/wireless.opts.
+
+Add the following block to the end of 'start' action handler in
+/etc/pcmcia/wireless:
+
+ if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf \
+ -i$DEVICE
+ fi
+
+Add the following block to the end of 'stop' action handler (may need
+to be separated from other actions) in /etc/pcmcia/wireless:
+
+ if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+ fi
+
+This will make cardmgr start wpa_supplicant when the card is plugged
+in. wpa_supplicant will wait until the interface is set up--either
+when a static IP address is configured or when DHCP client is
+started--and will then negotiate keys with the AP.
+
+
+
+Dynamic interface add and operation without configuration files
+---------------------------------------------------------------
+
+wpa_supplicant can be started without any configuration files or
+network interfaces. When used in this way, a global (i.e., per
+wpa_supplicant process) control interface is used to add and remove
+network interfaces. Each network interface can then be configured
+through a per-network interface control interface. For example,
+following commands show how to start wpa_supplicant without any
+network interfaces and then add a network interface and configure a
+network (SSID):
+
+# Start wpa_supplicant in the background
+wpa_supplicant -g/var/run/wpa_supplicant-global -B
+
+# Add a new interface (wlan0, no configuration file, driver=wext, and
+# enable control interface)
+wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan0 \
+ "" wext /var/run/wpa_supplicant
+
+# Configure a network using the newly added network interface:
+wpa_cli -iwlan0 add_network
+wpa_cli -iwlan0 set_network 0 ssid '"test"'
+wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
+wpa_cli -iwlan0 set_network 0 psk '"12345678"'
+wpa_cli -iwlan0 set_network 0 pairwise TKIP
+wpa_cli -iwlan0 set_network 0 group TKIP
+wpa_cli -iwlan0 set_network 0 proto WPA
+wpa_cli -iwlan0 enable_network 0
+
+# At this point, the new network interface should start trying to associate
+# with the WPA-PSK network using SSID test.
+
+# Remove network interface
+wpa_cli -g/var/run/wpa_supplicant-global interface_remove wlan0
--- /dev/null
+wpa_supplicant for Windows
+==========================
+
+Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> and
+contributors
+All Rights Reserved.
+
+This program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+This product includes software developed by the OpenSSL Project
+for use in the OpenSSL Toolkit (http://www.openssl.org/)
+
+
+wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X
+Supplicant on Windows. The current port requires that WinPcap
+(http://winpcap.polito.it/) is installed for accessing packets and the
+driver interface. Both release versions 3.0 and 3.1 are supported.
+
+The current port is still somewhat experimental. It has been tested
+mainly on Windows XP (SP2) with limited set of NDIS drivers. In
+addition, the current version has been reported to work with Windows
+2000.
+
+All security modes have been verified to work (at least complete
+authentication and successfully ping a wired host):
+- plaintext
+- static WEP / open system authentication
+- static WEP / shared key authentication
+- IEEE 802.1X with dynamic WEP keys
+- WPA-PSK, TKIP, CCMP, TKIP+CCMP
+- WPA-EAP, TKIP, CCMP, TKIP+CCMP
+- WPA2-PSK, TKIP, CCMP, TKIP+CCMP
+- WPA2-EAP, TKIP, CCMP, TKIP+CCMP
+
+
+Binary version
+--------------
+
+Compiled binary version of the wpa_supplicant and additional tools is
+available from http://hostap.epitest.fi/wpa_supplicant/. These
+binaries can be used after installing WinPcap.
+
+
+Building wpa_supplicant with mingw
+----------------------------------
+
+The default build setup for wpa_supplicant is to use MinGW and
+cross-compiling from Linux to MinGW/Windows. It should also be
+possible to build this under Windows using the MinGW tools, but that
+is not tested nor supported and is likely to require some changes to
+the Makefile unless cygwin is used.
+
+
+Building wpa_supplicant with MSVC
+---------------------------------
+
+wpa_supplicant can be built with Microsoft Visual C++ compiler. This
+has been tested with Microsoft Visual C++ Toolkit 2003 and Visual
+Studio 2005 using the included nmake.mak as a Makefile for nmake. IDE
+can also be used by creating a project that includes the files and
+defines mentioned in nmake.mak. Example VS2005 solution and project
+files are included in vs2005 subdirectory. This can be used as a
+starting point for building the programs with VS2005 IDE.
+
+WinPcap development package is needed for the build and this can be
+downloaded from http://www.winpcap.org/install/bin/WpdPack_3_1.zip. The
+default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
+that Include and Lib directories are in this directory. The files can be
+stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
+match with the selected directory. In case a project file in the IDE is
+used, these Include and Lib directories need to be added to project
+properties as additional include/library directories.
+
+OpenSSL source package can be downloaded from
+http://www.openssl.org/source/openssl-0.9.8b.tar.gz and built and
+installed following instructions in INSTALL.W32. Note that if EAP-FAST
+support will be included in the wpa_supplicant, OpenSSL needs to be
+patched to# support it openssl-tls-extensions.patch. The example
+nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
+this directory can be modified by changing OPENSSLDIR variable in
+nmake.mak.
+
+If you do not need EAP-FAST support, you may also be able to use Win32
+binary installation package of OpenSSL from
+http://www.slproweb.com/products/Win32OpenSSL.html instead of building
+the library yourself. In this case, you will need to copy Include and
+Lib directories in suitable directory, e.g., C:\dev\openssl for the
+default nmake.mak. Copy {Win32OpenSSLRoot}\include into
+C:\dev\openssl\include and make C:\dev\openssl\lib subdirectory with
+files from {Win32OpenSSLRoot}\VC (i.e., libeay*.lib and ssleay*.lib).
+This will end up using dynamically linked OpenSSL (i.e., .dll files are
+needed) for it. Alternative, you can copy files from
+{Win32OpenSSLRoot}\VC\static to create a static build (no OpenSSL .dll
+files needed).
+
+
+Building wpa_supplicant for cygwin
+----------------------------------
+
+wpa_supplicant can be built for cygwin by installing the needed
+development packages for cygwin. This includes things like compiler,
+make, openssl development package, etc. In addition, developer's pack
+for WinPcap (WPdpack.zip) from
+http://winpcap.polito.it/install/default.htm is needed.
+
+.config file should enable only one driver interface,
+CONFIG_DRIVER_NDIS. In addition, include directories may need to be
+added to match the system. An example configuration is available in
+defconfig. The library and include files for WinPcap will either need
+to be installed in compiler/linker default directories or their
+location will need to be adding to .config when building
+wpa_supplicant.
+
+Othen than this, the build should be more or less identical to Linux
+version, i.e., just run make after having created .config file. An
+additional tool, win_if_list.exe, can be built by running "make
+win_if_list".
+
+
+Building wpa_gui
+----------------
+
+wpa_gui uses Qt application framework from Trolltech. It can be built
+with the open source version of Qt4 and MinGW. Following commands can
+be used to build the binary in the Qt 4 Command Prompt:
+
+# go to the root directory of wpa_supplicant source code
+cd wpa_gui-qt4
+qmake -o Makefile wpa_gui.pro
+make
+# the wpa_gui.exe binary is created into 'release' subdirectory
+
+
+Using wpa_supplicant for Windows
+--------------------------------
+
+wpa_supplicant and wpa_cli behave more or less identically to Linux
+version, so instructions in README and example wpa_supplicant.conf
+should be applicable for most parts. In addition, there is another
+version of wpa_supplicant, wpasvc.exe, which can be used as a Windows
+service and which reads its configuration from registry instead of
+text file.
+
+When using access points in "hidden SSID" mode, ap_scan=2 mode need to
+be used (see wpa_supplicant.conf for more information).
+
+Windows NDIS/WinPcap uses quite long interface names, so some care
+will be needed when starting wpa_supplicant. Alternatively, the
+adapter description can be used as the interface name which may be
+easier since it is usually in more human-readable
+format. win_if_list.exe can be used to find out the proper interface
+name.
+
+Example steps in starting up wpa_supplicant:
+
+# win_if_list.exe
+ifname: \Device\NPF_GenericNdisWanAdapter
+description: Generic NdisWan adapter
+
+ifname: \Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}
+description: Atheros Wireless Network Adapter (Microsoft's Packet Scheduler)
+
+ifname: \Device\NPF_{732546E7-E26C-48E3-9871-7537B020A211}
+description: Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler)
+
+
+Since the example configuration used Atheros WLAN card, the middle one
+is the correct interface in this case. The interface name for -i
+command line option is the full string following "ifname:" (the
+"\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
+would be started with the following command:
+
+# wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
+
+-d optional enables some more debugging (use -dd for even more, if
+needed). It can be left out if debugging information is not needed.
+
+With the alternative mechanism for selecting the interface, this
+command has identical results in this case:
+
+# wpa_supplicant.exe -iAtheros -c wpa_supplicant.conf -d
+
+
+Simple configuration example for WPA-PSK:
+
+#ap_scan=2
+ctrl_interface=
+network={
+ ssid="test"
+ key_mgmt=WPA-PSK
+ proto=WPA
+ pairwise=TKIP
+ psk="secret passphrase"
+}
+
+(remove '#' from the comment out ap_scan line to enable mode in which
+wpa_supplicant tries to associate with the SSID without doing
+scanning; this allows APs with hidden SSIDs to be used)
+
+
+wpa_cli.exe and wpa_gui.exe can be used to interact with the
+wpa_supplicant.exe program in the same way as with Linux. Note that
+ctrl_interface is using UNIX domain sockets when built for cygwin, but
+the native build for Windows uses named pipes and the contents of the
+ctrl_interface configuration item is used to control access to the
+interface. Anyway, this variable has to be included in the configuration
+to enable the control interface.
+
+
+Example SDDL string formats:
+
+(local admins group has permission, but nobody else):
+
+ctrl_interface=SDDL=D:(A;;GA;;;BA)
+
+("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
+"BA" == "builtin administrators" == the local admins. The empty fields
+are for flags and object GUIDs, none of which should be required in this
+case.)
+
+(local admins and the local "power users" group have permissions,
+but nobody else):
+
+ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
+
+(One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
+one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
+
+(close to wide open, but you have to be a valid user on
+the machine):
+
+ctrl_interface=SDDL=D:(A;;GA;;;AU)
+
+(One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
+group.)
+
+This one would allow absolutely everyone (including anonymous
+users) -- this is *not* recommended, since named pipes can be attached
+to from anywhere on the network (i.e. there's no "this machine only"
+like there is with 127.0.0.1 sockets):
+
+ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
+
+(BU == "builtin users", "AN" == "anonymous")
+
+See also [1] for the format of ACEs, and [2] for the possible strings
+that can be used for principal names.
+
+[1]
+http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
+[2]
+http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
+
+
+Starting wpa_supplicant as a Windows service (wpasvc.exe)
+---------------------------------------------------------
+
+wpa_supplicant can be started as a Windows service by using wpasvc.exe
+program that is alternative build of wpa_supplicant.exe. Most of the
+core functionality of wpasvc.exe is identical to wpa_supplicant.exe,
+but it is using Windows registry for configuration information instead
+of a text file and command line parameters. In addition, it can be
+registered as a service that can be started automatically or manually
+like any other Windows service.
+
+The root of wpa_supplicant configuration in registry is
+HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
+parameters and a 'interfaces' subkey with all the interface configuration
+(adapter to confname mapping). Each such mapping is a subkey that has
+'adapter', 'config', and 'ctrl_interface' values.
+
+This program can be run either as a normal command line application,
+e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
+Service need to be registered with 'wpasvc.exe reg <full path to
+wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
+the service with the current location of wpasvc.exe. After this, wpasvc
+can be started like any other Windows service (e.g., 'net start wpasvc')
+or it can be configured to start automatically through the Services tool
+in administrative tasks. The service can be unregistered with
+'wpasvc.exe unreg'.
+
+If the service is set to start during system bootup to make the
+network connection available before any user has logged in, there may
+be a long (half a minute or so) delay in starting up wpa_supplicant
+due to WinPcap needing a driver called "Network Monitor Driver" which
+is started by default on demand.
+
+To speed up wpa_supplicant start during system bootup, "Network
+Monitor Driver" can be configured to be started sooner by setting its
+startup type to System instead of the default Demand. To do this, open
+up Device Manager, select Show Hidden Devices, expand the "Non
+Plug-and-Play devices" branch, double click "Network Monitor Driver",
+go to the Driver tab, and change the Demand setting to System instead.
+
+Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
+key. Each configuration profile has its own key under this. In terms of text
+files, each profile would map to a separate text file with possibly multiple
+networks. Under each profile, there is a networks key that lists all
+networks as a subkey. Each network has set of values in the same way as
+network block in the configuration file. In addition, blobs subkey has
+possible blobs as values.
+
+HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
+ ssid="example"
+ key_mgmt=WPA-PSK
+
+See win_example.reg for an example on how to setup wpasvc.exe
+parameters in registry. It can also be imported to registry as a
+starting point for the configuration.
+
+
+
+License information for third party software used in this product:
+
+ OpenSSL License
+ ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
--- /dev/null
+/*
+ * AES (Rijndael) cipher
+ *
+ * Modifications to public domain implementation:
+ * - support only 128-bit keys
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ * cost of reduced throughput (quite small difference on Pentium 4,
+ * 10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+/*
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* #define FULL_UNROLL */
+#define AES_SMALL_TABLES
+
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+ 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+ 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+ 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+ 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+ 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+ 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+ 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+ 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+ 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+ 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+ 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+ 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+ 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+ 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+ 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+ 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+ 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+ 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+ 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+ 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+ 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+ 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+ 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+ 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+ 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+ 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+ 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+ 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+ 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+ 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+ 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+ 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+ 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+ 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+ 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+ 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+ 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+ 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+ 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+ 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+ 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+ 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+ 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+ 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+ 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+ 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+ 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+ 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+ 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+ 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+ 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+ 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+ 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+ 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+ 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+ 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+ 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+ 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+ 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+ 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+ 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+ 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+ 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+ 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Te1[256] = {
+ 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+ 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+ 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+ 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+ 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+ 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+ 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+ 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+ 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+ 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+ 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+ 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+ 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+ 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+ 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+ 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+ 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+ 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+ 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+ 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+ 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+ 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+ 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+ 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+ 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+ 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+ 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+ 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+ 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+ 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+ 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+ 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+ 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+ 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+ 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+ 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+ 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+ 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+ 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+ 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+ 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+ 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+ 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+ 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+ 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+ 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+ 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+ 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+ 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+ 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+ 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+ 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+ 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+ 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+ 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+ 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+ 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+ 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+ 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+ 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+ 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+ 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+ 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+ 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+ 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+ 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+ 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+ 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+ 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+ 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+ 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+ 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+ 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+ 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+ 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+ 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+ 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+ 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+ 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+ 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+ 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+ 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+ 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+ 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+ 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+ 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+ 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+ 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+ 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+ 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+ 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+ 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+ 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+ 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+ 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+ 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+ 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+ 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+ 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+ 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+ 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+ 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+ 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+ 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+ 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+ 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+ 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+ 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+ 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+ 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+ 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+ 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+ 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+ 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+ 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+ 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+ 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+ 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+ 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+ 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+ 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+ 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+ 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+ 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+ 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+ 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+ 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+ 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+ 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+ 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+ 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+ 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+ 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+ 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+ 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+ 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+ 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+ 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+ 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+ 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+ 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+ 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+ 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+ 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+ 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+ 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+ 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+ 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+ 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+ 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+ 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+ 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+ 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+ 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+ 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+ 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+ 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+ 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+ 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+ 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+ 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+ 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+ 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+ 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+ 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+ 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+ 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+ 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+ 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+ 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+ 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+ 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+ 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+ 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+ 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+ 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+ 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+ 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+ 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+ 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+ 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+ 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+ 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+ 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+ 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+ 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+ 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+ 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+ 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+ 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+ 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+ 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+ 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+ 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+ 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+ 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+ 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+ 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+ 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+ 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+ 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+ 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+ 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+ 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+ 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+ 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+ 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+ 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+ 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+ 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+ 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+ 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+ 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+ 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+ 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+ 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+ 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+ 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+ 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+ 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+ 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+ 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+ 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+ 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+ 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+ 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+ 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+ 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+ 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+ 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+ 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+ 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+ 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+ 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+ 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+ 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+ 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+ 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+ 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+ 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+ 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+ 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+ 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+ 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+ 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+ 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+ 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+ 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+ 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+ 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+ 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+ 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+ 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+ 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+ 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+ 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+#endif /* AES_SMALL_TABLES */
+static const u32 Td0[256] = {
+ 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+ 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+ 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+ 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+ 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+ 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+ 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+ 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+ 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+ 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+ 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+ 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+ 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+ 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+ 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+ 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+ 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+ 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+ 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+ 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+ 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+ 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+ 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+ 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+ 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+ 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+ 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+ 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+ 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+ 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+ 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+ 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+ 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+ 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+ 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+ 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+ 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+ 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+ 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+ 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+ 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+ 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+ 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+ 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+ 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+ 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+ 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+ 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+ 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+ 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+ 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+ 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+ 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+ 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+ 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+ 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+ 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+ 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+ 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+ 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+ 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+ 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+ 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+ 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Td1[256] = {
+ 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+ 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+ 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+ 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+ 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+ 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+ 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+ 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+ 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+ 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+ 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+ 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+ 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+ 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+ 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+ 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+ 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+ 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+ 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+ 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+ 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+ 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+ 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+ 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+ 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+ 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+ 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+ 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+ 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+ 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+ 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+ 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+ 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+ 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+ 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+ 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+ 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+ 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+ 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+ 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+ 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+ 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+ 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+ 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+ 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+ 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+ 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+ 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+ 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+ 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+ 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+ 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+ 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+ 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+ 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+ 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+ 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+ 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+ 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+ 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+ 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+ 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+ 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+ 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+ 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+ 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+ 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+ 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+ 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+ 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+ 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+ 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+ 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+ 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+ 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+ 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+ 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+ 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+ 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+ 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+ 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+ 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+ 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+ 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+ 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+ 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+ 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+ 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+ 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+ 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+ 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+ 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+ 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+ 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+ 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+ 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+ 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+ 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+ 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+ 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+ 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+ 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+ 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+ 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+ 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+ 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+ 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+ 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+ 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+ 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+ 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+ 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+ 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+ 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+ 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+ 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+ 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+ 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+ 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+ 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+ 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+ 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+ 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+ 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+ 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+ 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+ 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+ 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+ 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+ 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+ 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+ 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+ 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+ 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+ 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+ 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+ 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+ 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+ 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+ 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+ 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+ 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+ 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+ 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+ 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+ 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+ 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+ 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+ 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+ 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+ 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+ 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+ 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+ 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+ 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+ 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+ 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+ 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+ 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+ 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+ 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+ 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+ 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+ 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+ 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+ 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+ 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+ 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+ 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+ 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+ 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+ 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+ 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+ 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+ 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+ 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+ 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+ 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+ 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+ 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+ 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+ 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+ 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+ 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+ 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+ 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+ 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+ 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+ 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+ 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+ 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+ 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+ 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+ 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+ 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+ 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+ 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+ 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+ 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+ 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+ 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+ 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+ 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+ 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+ 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+ 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+ 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+ 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+ 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+ 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+ 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+ 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+ 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+ 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+ 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+ 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+ 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+ 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+ 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+ 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+ 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+ 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+ 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+ 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+ 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+ 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+ 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+ 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+ 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+ 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+ 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+ 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+ 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+ 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+ 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+ 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+ 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+ 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+ 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+ 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+ 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+ 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+ 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+ 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+ 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+ 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+ 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+ 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+ 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+ 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+ 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+ 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+ 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+ 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+ 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+ 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000,
+ 0x10000000, 0x20000000, 0x40000000, 0x80000000,
+ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#else /* AES_SMALL_TABLES */
+static const u8 Td4s[256] = {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u8 rcons[] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
+ /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#endif /* AES_SMALL_TABLES */
+
+
+#ifndef AES_SMALL_TABLES
+
+#define RCON(i) rcon[(i)]
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) Te1[((i) >> 16) & 0xff]
+#define TE2(i) Te2[((i) >> 8) & 0xff]
+#define TE3(i) Te3[(i) & 0xff]
+#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000)
+#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff)
+#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000)
+#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff)
+#define TE4(i) (Te4[(i)] & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) Td1[((i) >> 16) & 0xff]
+#define TD2(i) Td2[((i) >> 8) & 0xff]
+#define TD3(i) Td3[(i) & 0xff]
+#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000)
+#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff)
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) Td1[(i) & 0xff]
+#define TD2_(i) Td2[(i) & 0xff]
+#define TD3_(i) Td3[(i) & 0xff]
+
+#else /* AES_SMALL_TABLES */
+
+#define RCON(i) (rcons[(i)] << 24)
+
+static inline u32 rotr(u32 val, int bits)
+{
+ return (val >> bits) | (val << (32 - bits));
+}
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
+#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
+#define TE3(i) rotr(Te0[(i) & 0xff], 24)
+#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
+#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
+#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
+#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
+#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
+#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
+#define TD3(i) rotr(Td0[(i) & 0xff], 24)
+#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
+#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
+#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
+#define TD44(i) (Td4s[(i) & 0xff])
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
+#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
+#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
+
+#endif /* AES_SMALL_TABLES */
+
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+
+#ifdef _MSC_VER
+#define GETU32(p) SWAP(*((u32 *)(p)))
+#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { \
+(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
+(ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
+#endif
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[])
+{
+ int i;
+ u32 temp;
+
+ rk[0] = GETU32(cipherKey );
+ rk[1] = GETU32(cipherKey + 4);
+ rk[2] = GETU32(cipherKey + 8);
+ rk[3] = GETU32(cipherKey + 12);
+ for (i = 0; i < 10; i++) {
+ temp = rk[3];
+ rk[4] = rk[0] ^
+ TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^
+ RCON(i);
+ rk[5] = rk[1] ^ rk[4];
+ rk[6] = rk[2] ^ rk[5];
+ rk[7] = rk[3] ^ rk[6];
+ rk += 4;
+ }
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[])
+{
+ int Nr = 10, i, j;
+ u32 temp;
+
+ /* expand the cipher key: */
+ rijndaelKeySetupEnc(rk, cipherKey);
+ /* invert the order of the round keys: */
+ for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+ }
+ /* apply the inverse MixColumn transform to all round keys but the
+ * first and the last: */
+ for (i = 1; i < Nr; i++) {
+ rk += 4;
+ for (j = 0; j < 4; j++) {
+ rk[j] = TD0_(TE4((rk[j] >> 24) )) ^
+ TD1_(TE4((rk[j] >> 16) & 0xff)) ^
+ TD2_(TE4((rk[j] >> 8) & 0xff)) ^
+ TD3_(TE4((rk[j] ) & 0xff));
+ }
+ }
+}
+
+void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16])
+{
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+ const int Nr = 10;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(pt ) ^ rk[0];
+ s1 = GETU32(pt + 4) ^ rk[1];
+ s2 = GETU32(pt + 8) ^ rk[2];
+ s3 = GETU32(pt + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
+d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
+d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
+d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+ ROUND(1,t,s);
+ ROUND(2,s,t);
+ ROUND(3,t,s);
+ ROUND(4,s,t);
+ ROUND(5,t,s);
+ ROUND(6,s,t);
+ ROUND(7,t,s);
+ ROUND(8,s,t);
+ ROUND(9,t,s);
+
+ rk += Nr << 2;
+
+#else /* !FULL_UNROLL */
+
+ /* Nr - 1 full rounds: */
+ r = Nr >> 1;
+ for (;;) {
+ ROUND(1,t,s);
+ rk += 8;
+ if (--r == 0)
+ break;
+ ROUND(0,s,t);
+ }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
+ PUTU32(ct , s0);
+ s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
+ PUTU32(ct + 4, s1);
+ s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
+ PUTU32(ct + 8, s2);
+ s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
+ PUTU32(ct + 12, s3);
+}
+
+void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16])
+{
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+ const int Nr = 10;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(ct ) ^ rk[0];
+ s1 = GETU32(ct + 4) ^ rk[1];
+ s2 = GETU32(ct + 8) ^ rk[2];
+ s3 = GETU32(ct + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \
+d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \
+d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \
+d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+ ROUND(1,t,s);
+ ROUND(2,s,t);
+ ROUND(3,t,s);
+ ROUND(4,s,t);
+ ROUND(5,t,s);
+ ROUND(6,s,t);
+ ROUND(7,t,s);
+ ROUND(8,s,t);
+ ROUND(9,t,s);
+
+ rk += Nr << 2;
+
+#else /* !FULL_UNROLL */
+
+ /* Nr - 1 full rounds: */
+ r = Nr >> 1;
+ for (;;) {
+ ROUND(1,t,s);
+ rk += 8;
+ if (--r == 0)
+ break;
+ ROUND(0,s,t);
+ }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0];
+ PUTU32(pt , s0);
+ s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1];
+ PUTU32(pt + 4, s1);
+ s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2];
+ PUTU32(pt + 8, s2);
+ s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3];
+ PUTU32(pt + 12, s3);
+}
+
+
+
+/* Generic wrapper functions for AES functions */
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ u32 *rk;
+ if (len != 16)
+ return NULL;
+ rk = os_malloc(4 * 44);
+ if (rk == NULL)
+ return NULL;
+ rijndaelKeySetupEnc(rk, key);
+ return rk;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ rijndaelEncrypt(ctx, plain, crypt);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ os_free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ u32 *rk;
+ if (len != 16)
+ return NULL;
+ rk = os_malloc(4 * 44);
+ if (rk == NULL)
+ return NULL;
+ rijndaelKeySetupDec(rk, key);
+ return rk;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ rijndaelDecrypt(ctx, crypt, plain);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ os_free(ctx);
+}
--- /dev/null
+/*
+ * AES functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AES_H
+#define AES_H
+
+void * aes_encrypt_init(const u8 *key, size_t len);
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
+void aes_encrypt_deinit(void *ctx);
+void * aes_decrypt_init(const u8 *key, size_t len);
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
+void aes_decrypt_deinit(void *ctx);
+
+#endif /* AES_H */
--- /dev/null
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "aes_wrap.h"
+#include "crypto.h"
+
+#ifdef INTERNAL_AES
+#include "aes.c"
+#endif /* INTERNAL_AES */
+
+
+#ifndef CONFIG_NO_AES_WRAP
+
+/**
+ * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: 16-octet Key encryption key (KEK)
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bits
+ * @cipher: Wrapped key, (n + 1) * 64 bits
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
+{
+ u8 *a, *r, b[16];
+ int i, j;
+ void *ctx;
+
+ a = cipher;
+ r = cipher + 8;
+
+ /* 1) Initialize variables. */
+ os_memset(a, 0xa6, 8);
+ os_memcpy(r, plain, 8 * n);
+
+ ctx = aes_encrypt_init(kek, 16);
+ if (ctx == NULL)
+ return -1;
+
+ /* 2) Calculate intermediate values.
+ * For j = 0 to 5
+ * For i=1 to n
+ * B = AES(K, A | R[i])
+ * A = MSB(64, B) ^ t where t = (n*j)+i
+ * R[i] = LSB(64, B)
+ */
+ for (j = 0; j <= 5; j++) {
+ r = cipher + 8;
+ for (i = 1; i <= n; i++) {
+ os_memcpy(b, a, 8);
+ os_memcpy(b + 8, r, 8);
+ aes_encrypt(ctx, b, b);
+ os_memcpy(a, b, 8);
+ a[7] ^= n * j + i;
+ os_memcpy(r, b + 8, 8);
+ r += 8;
+ }
+ }
+ aes_encrypt_deinit(ctx);
+
+ /* 3) Output the results.
+ *
+ * These are already in @cipher due to the location of temporary
+ * variables.
+ */
+
+ return 0;
+}
+
+#endif /* CONFIG_NO_AES_WRAP */
+
+
+/**
+ * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: Key encryption key (KEK)
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
+ * @plain: Plaintext key, n * 64 bits
+ * Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
+ */
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
+{
+ u8 a[8], *r, b[16];
+ int i, j;
+ void *ctx;
+
+ /* 1) Initialize variables. */
+ os_memcpy(a, cipher, 8);
+ r = plain;
+ os_memcpy(r, cipher + 8, 8 * n);
+
+ ctx = aes_decrypt_init(kek, 16);
+ if (ctx == NULL)
+ return -1;
+
+ /* 2) Compute intermediate values.
+ * For j = 5 to 0
+ * For i = n to 1
+ * B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
+ * A = MSB(64, B)
+ * R[i] = LSB(64, B)
+ */
+ for (j = 5; j >= 0; j--) {
+ r = plain + (n - 1) * 8;
+ for (i = n; i >= 1; i--) {
+ os_memcpy(b, a, 8);
+ b[7] ^= n * j + i;
+
+ os_memcpy(b + 8, r, 8);
+ aes_decrypt(ctx, b, b);
+ os_memcpy(a, b, 8);
+ os_memcpy(r, b + 8, 8);
+ r -= 8;
+ }
+ }
+ aes_decrypt_deinit(ctx);
+
+ /* 3) Output results.
+ *
+ * These are already in @plain due to the location of temporary
+ * variables. Just verify that the IV matches with the expected value.
+ */
+ for (i = 0; i < 8; i++) {
+ if (a[i] != 0xa6)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+#define BLOCK_SIZE 16
+
+#ifndef CONFIG_NO_AES_OMAC1
+
+static void gf_mulx(u8 *pad)
+{
+ int i, carry;
+
+ carry = pad[0] & 0x80;
+ for (i = 0; i < BLOCK_SIZE - 1; i++)
+ pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+ pad[BLOCK_SIZE - 1] <<= 1;
+ if (carry)
+ pad[BLOCK_SIZE - 1] ^= 0x87;
+}
+
+
+/**
+ * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
+ * @key: 128-bit key for the hash operation
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ void *ctx;
+ u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
+ const u8 *pos, *end;
+ size_t i, e, left, total_len;
+
+ ctx = aes_encrypt_init(key, 16);
+ if (ctx == NULL)
+ return -1;
+ os_memset(cbc, 0, BLOCK_SIZE);
+
+ total_len = 0;
+ for (e = 0; e < num_elem; e++)
+ total_len += len[e];
+ left = total_len;
+
+ e = 0;
+ pos = addr[0];
+ end = pos + len[0];
+
+ while (left >= BLOCK_SIZE) {
+ for (i = 0; i < BLOCK_SIZE; i++) {
+ cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
+ if (left > BLOCK_SIZE)
+ aes_encrypt(ctx, cbc, cbc);
+ left -= BLOCK_SIZE;
+ }
+
+ os_memset(pad, 0, BLOCK_SIZE);
+ aes_encrypt(ctx, pad, pad);
+ gf_mulx(pad);
+
+ if (left || total_len == 0) {
+ for (i = 0; i < left; i++) {
+ cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
+ cbc[left] ^= 0x80;
+ gf_mulx(pad);
+ }
+
+ for (i = 0; i < BLOCK_SIZE; i++)
+ pad[i] ^= cbc[i];
+ aes_encrypt(ctx, pad, mac);
+ aes_encrypt_deinit(ctx);
+ return 0;
+}
+
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
+}
+
+#endif /* CONFIG_NO_AES_OMAC1 */
+
+
+/**
+ * aes_128_encrypt_block - Perform one AES 128-bit block operation
+ * @key: Key for AES
+ * @in: Input data (16 bytes)
+ * @out: Output of the AES block operation (16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+{
+ void *ctx;
+ ctx = aes_encrypt_init(key, 16);
+ if (ctx == NULL)
+ return -1;
+ aes_encrypt(ctx, in, out);
+ aes_encrypt_deinit(ctx);
+ return 0;
+}
+
+
+#ifndef CONFIG_NO_AES_CTR
+
+/**
+ * aes_128_ctr_encrypt - AES-128 CTR mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+ u8 *data, size_t data_len)
+{
+ void *ctx;
+ size_t j, len, left = data_len;
+ int i;
+ u8 *pos = data;
+ u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
+
+ ctx = aes_encrypt_init(key, 16);
+ if (ctx == NULL)
+ return -1;
+ os_memcpy(counter, nonce, BLOCK_SIZE);
+
+ while (left > 0) {
+ aes_encrypt(ctx, counter, buf);
+
+ len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
+ for (j = 0; j < len; j++)
+ pos[j] ^= buf[j];
+ pos += len;
+ left -= len;
+
+ for (i = BLOCK_SIZE - 1; i >= 0; i--) {
+ counter[i]++;
+ if (counter[i])
+ break;
+ }
+ }
+ aes_encrypt_deinit(ctx);
+ return 0;
+}
+
+#endif /* CONFIG_NO_AES_CTR */
+
+
+#ifndef CONFIG_NO_AES_EAX
+
+/**
+ * aes_128_eax_encrypt - AES-128 EAX mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+ const u8 *hdr, size_t hdr_len,
+ u8 *data, size_t data_len, u8 *tag)
+{
+ u8 *buf;
+ size_t buf_len;
+ u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+ int i;
+
+ if (nonce_len > data_len)
+ buf_len = nonce_len;
+ else
+ buf_len = data_len;
+ if (hdr_len > buf_len)
+ buf_len = hdr_len;
+ buf_len += 16;
+
+ buf = os_malloc(buf_len);
+ if (buf == NULL)
+ return -1;
+
+ os_memset(buf, 0, 15);
+
+ buf[15] = 0;
+ os_memcpy(buf + 16, nonce, nonce_len);
+ omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+ buf[15] = 1;
+ os_memcpy(buf + 16, hdr, hdr_len);
+ omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+ aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+ buf[15] = 2;
+ os_memcpy(buf + 16, data, data_len);
+ omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+ os_free(buf);
+
+ for (i = 0; i < BLOCK_SIZE; i++)
+ tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
+
+ return 0;
+}
+
+
+/**
+ * aes_128_eax_decrypt - AES-128 EAX mode decryption
+ * @key: Key for decryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure, -2 if tag does not match
+ */
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+ const u8 *hdr, size_t hdr_len,
+ u8 *data, size_t data_len, const u8 *tag)
+{
+ u8 *buf;
+ size_t buf_len;
+ u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+ int i;
+
+ if (nonce_len > data_len)
+ buf_len = nonce_len;
+ else
+ buf_len = data_len;
+ if (hdr_len > buf_len)
+ buf_len = hdr_len;
+ buf_len += 16;
+
+ buf = os_malloc(buf_len);
+ if (buf == NULL)
+ return -1;
+
+ os_memset(buf, 0, 15);
+
+ buf[15] = 0;
+ os_memcpy(buf + 16, nonce, nonce_len);
+ omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+ buf[15] = 1;
+ os_memcpy(buf + 16, hdr, hdr_len);
+ omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+ buf[15] = 2;
+ os_memcpy(buf + 16, data, data_len);
+ omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+ os_free(buf);
+
+ for (i = 0; i < BLOCK_SIZE; i++) {
+ if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
+ return -2;
+ }
+
+ aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+
+ return 0;
+}
+
+#endif /* CONFIG_NO_AES_EAX */
+
+
+#ifndef CONFIG_NO_AES_CBC
+
+/**
+ * aes_128_cbc_encrypt - AES-128 CBC encryption
+ * @key: Encryption key
+ * @iv: Encryption IV for CBC mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ void *ctx;
+ u8 cbc[BLOCK_SIZE];
+ u8 *pos = data;
+ int i, j, blocks;
+
+ ctx = aes_encrypt_init(key, 16);
+ if (ctx == NULL)
+ return -1;
+ os_memcpy(cbc, iv, BLOCK_SIZE);
+
+ blocks = data_len / BLOCK_SIZE;
+ for (i = 0; i < blocks; i++) {
+ for (j = 0; j < BLOCK_SIZE; j++)
+ cbc[j] ^= pos[j];
+ aes_encrypt(ctx, cbc, cbc);
+ os_memcpy(pos, cbc, BLOCK_SIZE);
+ pos += BLOCK_SIZE;
+ }
+ aes_encrypt_deinit(ctx);
+ return 0;
+}
+
+
+/**
+ * aes_128_cbc_decrypt - AES-128 CBC decryption
+ * @key: Decryption key
+ * @iv: Decryption IV for CBC mode (16 bytes)
+ * @data: Data to decrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ void *ctx;
+ u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
+ u8 *pos = data;
+ int i, j, blocks;
+
+ ctx = aes_decrypt_init(key, 16);
+ if (ctx == NULL)
+ return -1;
+ os_memcpy(cbc, iv, BLOCK_SIZE);
+
+ blocks = data_len / BLOCK_SIZE;
+ for (i = 0; i < blocks; i++) {
+ os_memcpy(tmp, pos, BLOCK_SIZE);
+ aes_decrypt(ctx, pos, pos);
+ for (j = 0; j < BLOCK_SIZE; j++)
+ pos[j] ^= cbc[j];
+ os_memcpy(cbc, tmp, BLOCK_SIZE);
+ pos += BLOCK_SIZE;
+ }
+ aes_decrypt_deinit(ctx);
+ return 0;
+}
+
+#endif /* CONFIG_NO_AES_CBC */
--- /dev/null
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AES_WRAP_H
+#define AES_WRAP_H
+
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+ u8 *data, size_t data_len);
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+ const u8 *hdr, size_t hdr_len,
+ u8 *data, size_t data_len, u8 *tag);
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+ const u8 *hdr, size_t hdr_len,
+ u8 *data, size_t data_len, const u8 *tag);
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
+ size_t data_len);
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
+ size_t data_len);
+
+#endif /* AES_WRAP_H */
--- /dev/null
+/*
+ * ASN.1 DER parsing
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+#ifdef CONFIG_INTERNAL_X509
+
+#include "asn1.h"
+
+int asn1_get_next(const u8 *buf, size_t len, struct asn1_hdr *hdr)
+{
+ const u8 *pos, *end;
+ u8 tmp;
+
+ os_memset(hdr, 0, sizeof(*hdr));
+ pos = buf;
+ end = buf + len;
+
+ hdr->identifier = *pos++;
+ hdr->class = hdr->identifier >> 6;
+ hdr->constructed = !!(hdr->identifier & (1 << 5));
+
+ if ((hdr->identifier & 0x1f) == 0x1f) {
+ hdr->tag = 0;
+ do {
+ if (pos >= end) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Identifier "
+ "underflow");
+ return -1;
+ }
+ tmp = *pos++;
+ wpa_printf(MSG_MSGDUMP, "ASN.1: Extended tag data: "
+ "0x%02x", tmp);
+ hdr->tag = (hdr->tag << 7) | (tmp & 0x7f);
+ } while (tmp & 0x80);
+ } else
+ hdr->tag = hdr->identifier & 0x1f;
+
+ tmp = *pos++;
+ if (tmp & 0x80) {
+ if (tmp == 0xff) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Reserved length "
+ "value 0xff used");
+ return -1;
+ }
+ tmp &= 0x7f; /* number of subsequent octets */
+ hdr->length = 0;
+ if (tmp > 4) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Too long length field");
+ return -1;
+ }
+ while (tmp--) {
+ if (pos >= end) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Length "
+ "underflow");
+ return -1;
+ }
+ hdr->length = (hdr->length << 8) | *pos++;
+ }
+ } else {
+ /* Short form - length 0..127 in one octet */
+ hdr->length = tmp;
+ }
+
+ if (end < pos || hdr->length > (unsigned int) (end - pos)) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Contents underflow");
+ return -1;
+ }
+
+ hdr->payload = pos;
+ return 0;
+}
+
+
+int asn1_get_oid(const u8 *buf, size_t len, struct asn1_oid *oid,
+ const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+ unsigned long val;
+ u8 tmp;
+
+ os_memset(oid, 0, sizeof(*oid));
+
+ if (asn1_get_next(buf, len, &hdr) < 0 || hdr.length == 0)
+ return -1;
+
+ if (hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OID) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Expected OID - found class %d "
+ "tag 0x%x", hdr.class, hdr.tag);
+ return -1;
+ }
+
+ pos = hdr.payload;
+ end = hdr.payload + hdr.length;
+ *next = end;
+
+ while (pos < end) {
+ val = 0;
+
+ do {
+ if (pos >= end)
+ return -1;
+ tmp = *pos++;
+ val = (val << 7) | (tmp & 0x7f);
+ } while (tmp & 0x80);
+
+ if (oid->len >= ASN1_MAX_OID_LEN) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Too long OID value");
+ return -1;
+ }
+ if (oid->len == 0) {
+ /*
+ * The first octet encodes the first two object
+ * identifier components in (X*40) + Y formula.
+ * X = 0..2.
+ */
+ oid->oid[0] = val / 40;
+ if (oid->oid[0] > 2)
+ oid->oid[0] = 2;
+ oid->oid[1] = val - oid->oid[0] * 40;
+ oid->len = 2;
+ } else
+ oid->oid[oid->len++] = val;
+ }
+
+ return 0;
+}
+
+
+void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
+{
+ char *pos = buf;
+ size_t i;
+ int ret;
+
+ if (len == 0)
+ return;
+
+ buf[0] = '\0';
+
+ for (i = 0; i < oid->len; i++) {
+ ret = os_snprintf(pos, buf + len - pos,
+ "%s%lu",
+ i == 0 ? "" : ".", oid->oid[i]);
+ if (ret < 0 || ret >= buf + len - pos)
+ break;
+ pos += ret;
+ }
+ buf[len - 1] = '\0';
+}
+
+
+static u8 rotate_bits(u8 octet)
+{
+ int i;
+ u8 res;
+
+ res = 0;
+ for (i = 0; i < 8; i++) {
+ res <<= 1;
+ if (octet & 1)
+ res |= 1;
+ octet >>= 1;
+ }
+
+ return res;
+}
+
+
+unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len)
+{
+ unsigned long val = 0;
+ const u8 *pos = buf;
+
+ /* BER requires that unused bits are zero, so we can ignore the number
+ * of unused bits */
+ pos++;
+
+ if (len >= 2)
+ val |= rotate_bits(*pos++);
+ if (len >= 3)
+ val |= ((unsigned long) rotate_bits(*pos++)) << 8;
+ if (len >= 4)
+ val |= ((unsigned long) rotate_bits(*pos++)) << 16;
+ if (len >= 5)
+ val |= ((unsigned long) rotate_bits(*pos++)) << 24;
+ if (len >= 6)
+ wpa_printf(MSG_DEBUG, "X509: %s - some bits ignored "
+ "(BIT STRING length %lu)",
+ __func__, (unsigned long) len);
+
+ return val;
+}
+
+#endif /* CONFIG_INTERNAL_X509 */
--- /dev/null
+/*
+ * ASN.1 DER parsing
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef ASN1_H
+#define ASN1_H
+
+#define ASN1_TAG_EOC 0x00 /* not used with DER */
+#define ASN1_TAG_BOOLEAN 0x01
+#define ASN1_TAG_INTEGER 0x02
+#define ASN1_TAG_BITSTRING 0x03
+#define ASN1_TAG_OCTETSTRING 0x04
+#define ASN1_TAG_NULL 0x05
+#define ASN1_TAG_OID 0x06
+#define ASN1_TAG_OBJECT_DESCRIPTOR 0x07 /* not yet parsed */
+#define ASN1_TAG_EXTERNAL 0x08 /* not yet parsed */
+#define ASN1_TAG_REAL 0x09 /* not yet parsed */
+#define ASN1_TAG_ENUMERATED 0x0A /* not yet parsed */
+#define ASN1_TAG_UTF8STRING 0x0C /* not yet parsed */
+#define ANS1_TAG_RELATIVE_OID 0x0D
+#define ASN1_TAG_SEQUENCE 0x10 /* shall be constructed */
+#define ASN1_TAG_SET 0x11
+#define ASN1_TAG_NUMERICSTRING 0x12 /* not yet parsed */
+#define ASN1_TAG_PRINTABLESTRING 0x13
+#define ASN1_TAG_TG1STRING 0x14 /* not yet parsed */
+#define ASN1_TAG_VIDEOTEXSTRING 0x15 /* not yet parsed */
+#define ASN1_TAG_IA5STRING 0x16
+#define ASN1_TAG_UTCTIME 0x17
+#define ASN1_TAG_GENERALIZEDTIME 0x18 /* not yet parsed */
+#define ASN1_TAG_GRAPHICSTRING 0x19 /* not yet parsed */
+#define ASN1_TAG_VISIBLESTRING 0x1A
+#define ASN1_TAG_GENERALSTRING 0x1B /* not yet parsed */
+#define ASN1_TAG_UNIVERSALSTRING 0x1C /* not yet parsed */
+#define ASN1_TAG_BMPSTRING 0x1D /* not yet parsed */
+
+#define ASN1_CLASS_UNIVERSAL 0
+#define ASN1_CLASS_APPLICATION 1
+#define ASN1_CLASS_CONTEXT_SPECIFIC 2
+#define ASN1_CLASS_PRIVATE 3
+
+
+struct asn1_hdr {
+ const u8 *payload;
+ u8 identifier, class, constructed;
+ unsigned int tag, length;
+};
+
+#define ASN1_MAX_OID_LEN 20
+struct asn1_oid {
+ unsigned long oid[ASN1_MAX_OID_LEN];
+ size_t len;
+};
+
+
+int asn1_get_next(const u8 *buf, size_t len, struct asn1_hdr *hdr);
+int asn1_get_oid(const u8 *buf, size_t len, struct asn1_oid *oid,
+ const u8 **next);
+void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len);
+unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
+
+#endif /* ASN1_H */
--- /dev/null
+/*
+ * Testing tool for ASN.1/X.509v3 routines
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "asn1.h"
+#include "x509v3.h"
+
+extern int wpa_debug_level;
+
+
+static const char * asn1_class_str(int class)
+{
+ switch (class) {
+ case ASN1_CLASS_UNIVERSAL:
+ return "Universal";
+ case ASN1_CLASS_APPLICATION:
+ return "Application";
+ case ASN1_CLASS_CONTEXT_SPECIFIC:
+ return "Context-specific";
+ case ASN1_CLASS_PRIVATE:
+ return "Private";
+ default:
+ return "?";
+ }
+}
+
+
+int asn1_parse(const u8 *buf, size_t len, int level)
+{
+ const u8 *pos, *prev, *end;
+ char prefix[10], str[100];
+ int _level;
+ struct asn1_hdr hdr;
+ struct asn1_oid oid;
+ u8 tmp;
+
+ _level = level;
+ if ((size_t) _level > sizeof(prefix) - 1)
+ _level = sizeof(prefix) - 1;
+ memset(prefix, ' ', _level);
+ prefix[_level] = '\0';
+
+ pos = buf;
+ end = buf + len;
+
+ while (pos < end) {
+ if (asn1_get_next(pos, end - pos, &hdr) < 0)
+ return -1;
+
+ prev = pos;
+ pos = hdr.payload;
+
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s Class %d(%s) P/C %d(%s) "
+ "Tag %u Length %u",
+ prefix, hdr.class, asn1_class_str(hdr.class),
+ hdr.constructed,
+ hdr.constructed ? "Constructed" : "Primitive",
+ hdr.tag, hdr.length);
+
+ if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC &&
+ hdr.constructed) {
+ if (asn1_parse(pos, hdr.length, level + 1) < 0)
+ return -1;
+ pos += hdr.length;
+ }
+
+ if (hdr.class != ASN1_CLASS_UNIVERSAL)
+ continue;
+
+ switch (hdr.tag) {
+ case ASN1_TAG_EOC:
+ if (hdr.length) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Non-zero "
+ "end-of-contents length (%u)",
+ hdr.length);
+ return -1;
+ }
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s EOC", prefix);
+ break;
+ case ASN1_TAG_BOOLEAN:
+ if (hdr.length != 1) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Unexpected "
+ "Boolean length (%u)", hdr.length);
+ return -1;
+ }
+ tmp = *pos++;
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s Boolean %s",
+ prefix, tmp ? "TRUE" : "FALSE");
+ break;
+ case ASN1_TAG_INTEGER:
+ wpa_hexdump(MSG_MSGDUMP, "ASN.1: INTEGER",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_BITSTRING:
+ wpa_hexdump(MSG_MSGDUMP, "ASN.1: BitString",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_OCTETSTRING:
+ wpa_hexdump(MSG_MSGDUMP, "ASN.1: OctetString",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_NULL:
+ if (hdr.length) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Non-zero Null "
+ "length (%u)", hdr.length);
+ return -1;
+ }
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s Null", prefix);
+ break;
+ case ASN1_TAG_OID:
+ if (asn1_get_oid(prev, end - prev, &oid, &prev) < 0) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Invalid OID");
+ return -1;
+ }
+ asn1_oid_to_str(&oid, str, sizeof(str));
+ wpa_printf(MSG_DEBUG, "ASN.1:%s OID %s", prefix, str);
+ pos += hdr.length;
+ break;
+ case ANS1_TAG_RELATIVE_OID:
+ wpa_hexdump(MSG_MSGDUMP, "ASN.1: Relative OID",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_SEQUENCE:
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s SEQUENCE", prefix);
+ if (asn1_parse(pos, hdr.length, level + 1) < 0)
+ return -1;
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_SET:
+ wpa_printf(MSG_MSGDUMP, "ASN.1:%s SET", prefix);
+ if (asn1_parse(pos, hdr.length, level + 1) < 0)
+ return -1;
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_PRINTABLESTRING:
+ wpa_hexdump_ascii(MSG_MSGDUMP,
+ "ASN.1: PrintableString",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_IA5STRING:
+ wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: IA5String",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_UTCTIME:
+ wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: UTCTIME",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ case ASN1_TAG_VISIBLESTRING:
+ wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: VisibleString",
+ pos, hdr.length);
+ pos += hdr.length;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "ASN.1: Unknown tag %d",
+ hdr.tag);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ u8 buf[3000];
+ size_t len;
+ struct x509_certificate *cert;
+
+ wpa_debug_level = 0;
+
+ f = fopen(argv[1], "rb");
+ if (f == NULL)
+ return -1;
+ len = fread(buf, 1, sizeof(buf), f);
+ fclose(f);
+
+ if (asn1_parse(buf, len, 0) < 0)
+ printf("Failed to parse DER ASN.1\n");
+
+ printf("\n\n");
+
+ cert = x509_certificate_parse(buf, len);
+ if (cert == NULL)
+ printf("Failed to parse X.509 certificate\n");
+ x509_certificate_free(cert);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Base64 encoding/decoding (RFC1341)
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "os.h"
+#include "base64.h"
+
+static const unsigned char base64_table[65] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/**
+ * base64_encode - Base64 encode
+ * @src: Data to be encoded
+ * @len: Length of the data to be encoded
+ * @out_len: Pointer to output length variable, or %NULL if not used
+ * Returns: Allocated buffer of out_len bytes of encoded data,
+ * or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer. Returned buffer is
+ * nul terminated to make it easier to use as a C string. The nul terminator is
+ * not included in out_len.
+ */
+unsigned char * base64_encode(const unsigned char *src, size_t len,
+ size_t *out_len)
+{
+ unsigned char *out, *pos;
+ const unsigned char *end, *in;
+ size_t olen;
+ int line_len;
+
+ olen = len * 4 / 3 + 4; /* 3-byte blocks to 4-byte */
+ olen += olen / 72; /* line feeds */
+ olen++; /* nul termination */
+ out = os_malloc(olen);
+ if (out == NULL)
+ return NULL;
+
+ end = src + len;
+ in = src;
+ pos = out;
+ line_len = 0;
+ while (end - in >= 3) {
+ *pos++ = base64_table[in[0] >> 2];
+ *pos++ = base64_table[((in[0] & 0x03) << 4) | (in[1] >> 4)];
+ *pos++ = base64_table[((in[1] & 0x0f) << 2) | (in[2] >> 6)];
+ *pos++ = base64_table[in[2] & 0x3f];
+ in += 3;
+ line_len += 4;
+ if (line_len >= 72) {
+ *pos++ = '\n';
+ line_len = 0;
+ }
+ }
+
+ if (end - in) {
+ *pos++ = base64_table[in[0] >> 2];
+ if (end - in == 1) {
+ *pos++ = base64_table[(in[0] & 0x03) << 4];
+ *pos++ = '=';
+ } else {
+ *pos++ = base64_table[((in[0] & 0x03) << 4) |
+ (in[1] >> 4)];
+ *pos++ = base64_table[(in[1] & 0x0f) << 2];
+ }
+ *pos++ = '=';
+ line_len += 4;
+ }
+
+ if (line_len)
+ *pos++ = '\n';
+
+ *pos = '\0';
+ if (out_len)
+ *out_len = pos - out;
+ return out;
+}
+
+
+/**
+ * base64_decode - Base64 decode
+ * @src: Data to be decoded
+ * @len: Length of the data to be decoded
+ * @out_len: Pointer to output length variable
+ * Returns: Allocated buffer of out_len bytes of decoded data,
+ * or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer.
+ */
+unsigned char * base64_decode(const unsigned char *src, size_t len,
+ size_t *out_len)
+{
+ unsigned char dtable[256], *out, *pos, in[4], block[4], tmp;
+ size_t i, count, olen;
+
+ os_memset(dtable, 0x80, 256);
+ for (i = 0; i < sizeof(base64_table) - 1; i++)
+ dtable[base64_table[i]] = (unsigned char) i;
+ dtable['='] = 0;
+
+ count = 0;
+ for (i = 0; i < len; i++) {
+ if (dtable[src[i]] != 0x80)
+ count++;
+ }
+
+ if (count % 4)
+ return NULL;
+
+ olen = count / 4 * 3;
+ pos = out = os_malloc(olen);
+ if (out == NULL)
+ return NULL;
+
+ count = 0;
+ for (i = 0; i < len; i++) {
+ tmp = dtable[src[i]];
+ if (tmp == 0x80)
+ continue;
+
+ in[count] = src[i];
+ block[count] = tmp;
+ count++;
+ if (count == 4) {
+ *pos++ = (block[0] << 2) | (block[1] >> 4);
+ *pos++ = (block[1] << 4) | (block[2] >> 2);
+ *pos++ = (block[2] << 6) | block[3];
+ count = 0;
+ }
+ }
+
+ if (pos > out) {
+ if (in[2] == '=')
+ pos -= 2;
+ else if (in[3] == '=')
+ pos--;
+ }
+
+ *out_len = pos - out;
+ return out;
+}
+
+
+#ifdef TEST_MAIN
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ size_t len, elen;
+ unsigned char *buf, *e;
+
+ if (argc != 4) {
+ printf("Usage: base64 <encode|decode> <in file> <out file>\n");
+ return -1;
+ }
+
+ buf = os_readfile(argv[2], &len);
+ if (buf == NULL)
+ return -1;
+
+ if (strcmp(argv[1], "encode") == 0)
+ e = base64_encode(buf, len, &elen);
+ else
+ e = base64_decode(buf, len, &elen);
+ if (e == NULL)
+ return -2;
+ f = fopen(argv[3], "w");
+ if (f == NULL)
+ return -3;
+ fwrite(e, 1, elen, f);
+ fclose(f);
+ free(e);
+
+ return 0;
+}
+#endif /* TEST_MAIN */
--- /dev/null
+/*
+ * Base64 encoding/decoding (RFC1341)
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef BASE64_H
+#define BASE64_h
+
+unsigned char * base64_encode(const unsigned char *src, size_t len,
+ size_t *out_len);
+unsigned char * base64_decode(const unsigned char *src, size_t len,
+ size_t *out_len);
+
+#endif /* BASE64_H */
--- /dev/null
+/*
+ * Big number math
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "bignum.h"
+
+#ifdef CONFIG_INTERNAL_LIBTOMMATH
+#include "libtommath.c"
+#else /* CONFIG_INTERNAL_LIBTOMMATH */
+#include <tommath.h>
+#endif /* CONFIG_INTERNAL_LIBTOMMATH */
+
+
+/*
+ * The current version is just a wrapper for LibTomMath library, so
+ * struct bignum is just typecast to mp_int.
+ */
+
+/**
+ * bignum_init - Allocate memory for bignum
+ * Returns: Pointer to allocated bignum or %NULL on failure
+ */
+struct bignum * bignum_init(void)
+{
+ struct bignum *n = os_zalloc(sizeof(mp_int));
+ if (n == NULL)
+ return NULL;
+ if (mp_init((mp_int *) n) != MP_OKAY) {
+ os_free(n);
+ n = NULL;
+ }
+ return n;
+}
+
+
+/**
+ * bignum_deinit - Free bignum
+ * @n: Bignum from bignum_init()
+ */
+void bignum_deinit(struct bignum *n)
+{
+ if (n) {
+ mp_clear((mp_int *) n);
+ os_free(n);
+ }
+}
+
+
+/**
+ * bignum_get_unsigned_bin - Get length of bignum as an unsigned binary buffer
+ * @n: Bignum from bignum_init()
+ * Returns: Length of n if written to a binary buffer
+ */
+size_t bignum_get_unsigned_bin_len(struct bignum *n)
+{
+ return mp_unsigned_bin_size((mp_int *) n);
+}
+
+
+/**
+ * bignum_get_unsigned_bin - Set binary buffer to unsigned bignum
+ * @n: Bignum from bignum_init()
+ * @buf: Buffer for the binary number
+ * @len: Length of the buffer, can be %NULL if buffer is known to be long
+ * enough. Set to used buffer length on success if not %NULL.
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_get_unsigned_bin(const struct bignum *n, u8 *buf, size_t *len)
+{
+ size_t need = mp_unsigned_bin_size((mp_int *) n);
+ if (len && need > *len) {
+ *len = need;
+ return -1;
+ }
+ if (mp_to_unsigned_bin((mp_int *) n, buf) != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ if (len)
+ *len = need;
+ return 0;
+}
+
+
+/**
+ * bignum_set_unsigned_bin - Set bignum based on unsigned binary buffer
+ * @a: Bignum from bignum_init(); to be set to the given value
+ * @buf: Buffer with unsigned binary value
+ * @len: Length of buf in octets
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_set_unsigned_bin(struct bignum *n, const u8 *buf, size_t len)
+{
+ if (mp_read_unsigned_bin((mp_int *) n, (u8 *) buf, len) != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * bignum_cmp - Signed comparison
+ * @a: Bignum from bignum_init()
+ * @b: Bignum from bignum_init()
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_cmp(const struct bignum *a, const struct bignum *b)
+{
+ return mp_cmp((mp_int *) a, (mp_int *) b);
+}
+
+
+/**
+ * bignum_cmd_d - Compare bignum to standard integer
+ * @a: Bignum from bignum_init()
+ * @b: Small integer
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_cmp_d(const struct bignum *a, unsigned long b)
+{
+ return mp_cmp_d((mp_int *) a, b);
+}
+
+
+/**
+ * bignum_add - c = a + b
+ * @a: Bignum from bignum_init()
+ * @b: Bignum from bignum_init()
+ * @c: Bignum from bignum_init(); used to store the result of a + b
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_add(const struct bignum *a, const struct bignum *b,
+ struct bignum *c)
+{
+ if (mp_add((mp_int *) a, (mp_int *) b, (mp_int *) c) != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * bignum_sub - c = a - b
+ * @a: Bignum from bignum_init()
+ * @b: Bignum from bignum_init()
+ * @c: Bignum from bignum_init(); used to store the result of a - b
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_sub(const struct bignum *a, const struct bignum *b,
+ struct bignum *c)
+{
+ if (mp_sub((mp_int *) a, (mp_int *) b, (mp_int *) c) != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * bignum_mul - c = a * b
+ * @a: Bignum from bignum_init()
+ * @b: Bignum from bignum_init()
+ * @c: Bignum from bignum_init(); used to store the result of a * b
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_mul(const struct bignum *a, const struct bignum *b,
+ struct bignum *c)
+{
+ if (mp_mul((mp_int *) a, (mp_int *) b, (mp_int *) c) != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * bignum_mulmod - d = a * b (mod c)
+ * @a: Bignum from bignum_init()
+ * @b: Bignum from bignum_init()
+ * @c: Bignum from bignum_init(); modulus
+ * @d: Bignum from bignum_init(); used to store the result of a * b (mod c)
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_mulmod(const struct bignum *a, const struct bignum *b,
+ const struct bignum *c, struct bignum *d)
+{
+ if (mp_mulmod((mp_int *) a, (mp_int *) b, (mp_int *) c, (mp_int *) d)
+ != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * bignum_exptmod - Modular exponentiation: d = a^b (mod c)
+ * @a: Bignum from bignum_init(); base
+ * @b: Bignum from bignum_init(); exponent
+ * @c: Bignum from bignum_init(); modulus
+ * @d: Bignum from bignum_init(); used to store the result of a^b (mod c)
+ * Returns: 0 on success, -1 on failure
+ */
+int bignum_exptmod(const struct bignum *a, const struct bignum *b,
+ const struct bignum *c, struct bignum *d)
+{
+ if (mp_exptmod((mp_int *) a, (mp_int *) b, (mp_int *) c, (mp_int *) d)
+ != MP_OKAY) {
+ wpa_printf(MSG_DEBUG, "BIGNUM: %s failed", __func__);
+ return -1;
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Big number math
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef BIGNUM_H
+#define BIGNUM_H
+
+struct bignum;
+
+struct bignum * bignum_init(void);
+void bignum_deinit(struct bignum *n);
+size_t bignum_get_unsigned_bin_len(struct bignum *n);
+int bignum_get_unsigned_bin(const struct bignum *n, u8 *buf, size_t *len);
+int bignum_set_unsigned_bin(struct bignum *n, const u8 *buf, size_t len);
+int bignum_cmp(const struct bignum *a, const struct bignum *b);
+int bignum_cmp_d(const struct bignum *a, unsigned long b);
+int bignum_add(const struct bignum *a, const struct bignum *b,
+ struct bignum *c);
+int bignum_sub(const struct bignum *a, const struct bignum *b,
+ struct bignum *c);
+int bignum_mul(const struct bignum *a, const struct bignum *b,
+ struct bignum *c);
+int bignum_mulmod(const struct bignum *a, const struct bignum *b,
+ const struct bignum *c, struct bignum *d);
+int bignum_exptmod(const struct bignum *a, const struct bignum *b,
+ const struct bignum *c, struct bignum *d);
+
+#endif /* BIGNUM_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd - Build time configuration defines
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This header file can be used to define configuration defines that were
+ * originally defined in Makefile. This is mainly meant for IDE use or for
+ * systems that do not have suitable 'make' tool. In these cases, it may be
+ * easier to have a single place for defining all the needed C pre-processor
+ * defines.
+ */
+
+#ifndef BUILD_CONFIG_H
+#define BUILD_CONFIG_H
+
+/* Insert configuration defines, e.g., #define EAP_MD5, here, if needed. */
+
+#ifdef CONFIG_WIN32_DEFAULTS
+#define CONFIG_NATIVE_WINDOWS
+#define CONFIG_ANSI_C_EXTRA
+#define CONFIG_WINPCAP
+#define IEEE8021X_EAPOL
+#define EAP_TLS_FUNCS
+#define PKCS12_FUNCS
+#define PCSC_FUNCS
+#define CONFIG_CTRL_IFACE
+#define CONFIG_CTRL_IFACE_NAMED_PIPE
+#define CONFIG_DRIVER_NDIS
+#define CONFIG_NDIS_EVENTS_INTEGRATED
+#define CONFIG_DEBUG_FILE
+#define EAP_MD5
+#define EAP_TLS
+#define EAP_MSCHAPv2
+#define EAP_PEAP
+#define EAP_TTLS
+#define EAP_GTC
+#define EAP_OTP
+#define EAP_LEAP
+#define _CRT_SECURE_NO_DEPRECATE
+#endif /* CONFIG_WIN32_DEFAULTS */
+
+#endif /* BUILD_CONFIG_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+
+#ifdef CONFIG_DEBUG_FILE
+static FILE *out_file = NULL;
+#endif /* CONFIG_DEBUG_FILE */
+int wpa_debug_level = MSG_INFO;
+int wpa_debug_show_keys = 0;
+int wpa_debug_timestamp = 0;
+
+
+static int hex2num(char c)
+{
+ if (c >= '0' && c <= '9')
+ return c - '0';
+ if (c >= 'a' && c <= 'f')
+ return c - 'a' + 10;
+ if (c >= 'A' && c <= 'F')
+ return c - 'A' + 10;
+ return -1;
+}
+
+
+static int hex2byte(const char *hex)
+{
+ int a, b;
+ a = hex2num(*hex++);
+ if (a < 0)
+ return -1;
+ b = hex2num(*hex++);
+ if (b < 0)
+ return -1;
+ return (a << 4) | b;
+}
+
+
+/**
+ * hwaddr_aton - Convert ASCII string to MAC address
+ * @txt: MAC address as a string (e.g., "00:11:22:33:44:55")
+ * @addr: Buffer for the MAC address (ETH_ALEN = 6 bytes)
+ * Returns: 0 on success, -1 on failure (e.g., string not a MAC address)
+ */
+int hwaddr_aton(const char *txt, u8 *addr)
+{
+ int i;
+
+ for (i = 0; i < 6; i++) {
+ int a, b;
+
+ a = hex2num(*txt++);
+ if (a < 0)
+ return -1;
+ b = hex2num(*txt++);
+ if (b < 0)
+ return -1;
+ *addr++ = (a << 4) | b;
+ if (i < 5 && *txt++ != ':')
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * hexstr2bin - Convert ASCII hex string into binary data
+ * @hex: ASCII hex string (e.g., "01ab")
+ * @buf: Buffer for the binary data
+ * @len: Length of the text to convert in bytes (of buf); hex will be double
+ * this size
+ * Returns: 0 on success, -1 on failure (invalid hex string)
+ */
+int hexstr2bin(const char *hex, u8 *buf, size_t len)
+{
+ size_t i;
+ int a;
+ const char *ipos = hex;
+ u8 *opos = buf;
+
+ for (i = 0; i < len; i++) {
+ a = hex2byte(ipos);
+ if (a < 0)
+ return -1;
+ *opos++ = a;
+ ipos += 2;
+ }
+ return 0;
+}
+
+
+/**
+ * inc_byte_array - Increment arbitrary length byte array by one
+ * @counter: Pointer to byte array
+ * @len: Length of the counter in bytes
+ *
+ * This function increments the last byte of the counter by one and continues
+ * rolling over to more significant bytes if the byte was incremented from
+ * 0xff to 0x00.
+ */
+void inc_byte_array(u8 *counter, size_t len)
+{
+ int pos = len - 1;
+ while (pos >= 0) {
+ counter[pos]++;
+ if (counter[pos] != 0)
+ break;
+ pos--;
+ }
+}
+
+
+void wpa_get_ntp_timestamp(u8 *buf)
+{
+ struct os_time now;
+ u32 sec, usec;
+
+ /* 64-bit NTP timestamp (time from 1900-01-01 00:00:00) */
+ os_get_time(&now);
+ sec = host_to_be32(now.sec + 2208988800U); /* Epoch to 1900 */
+ /* Estimate 2^32/10^6 = 4295 - 1/32 - 1/512 */
+ usec = now.usec;
+ usec = host_to_be32(4295 * usec - (usec >> 5) - (usec >> 9));
+ os_memcpy(buf, (u8 *) &sec, 4);
+ os_memcpy(buf + 4, (u8 *) &usec, 4);
+}
+
+
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+
+void wpa_debug_print_timestamp(void)
+{
+ struct os_time tv;
+
+ if (!wpa_debug_timestamp)
+ return;
+
+ os_get_time(&tv);
+#ifdef CONFIG_DEBUG_FILE
+ if (out_file) {
+ fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
+ (unsigned int) tv.usec);
+ } else
+#endif /* CONFIG_DEBUG_FILE */
+ printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
+}
+
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ if (level >= wpa_debug_level) {
+ wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+ if (out_file) {
+ vfprintf(out_file, fmt, ap);
+ fprintf(out_file, "\n");
+ } else {
+#endif /* CONFIG_DEBUG_FILE */
+ vprintf(fmt, ap);
+ printf("\n");
+#ifdef CONFIG_DEBUG_FILE
+ }
+#endif /* CONFIG_DEBUG_FILE */
+ }
+ va_end(ap);
+}
+
+
+static void _wpa_hexdump(int level, const char *title, const u8 *buf,
+ size_t len, int show)
+{
+ size_t i;
+ if (level < wpa_debug_level)
+ return;
+ wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+ if (out_file) {
+ fprintf(out_file, "%s - hexdump(len=%lu):",
+ title, (unsigned long) len);
+ if (buf == NULL) {
+ fprintf(out_file, " [NULL]");
+ } else if (show) {
+ for (i = 0; i < len; i++)
+ fprintf(out_file, " %02x", buf[i]);
+ } else {
+ fprintf(out_file, " [REMOVED]");
+ }
+ fprintf(out_file, "\n");
+ } else {
+#endif /* CONFIG_DEBUG_FILE */
+ printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+ if (buf == NULL) {
+ printf(" [NULL]");
+ } else if (show) {
+ for (i = 0; i < len; i++)
+ printf(" %02x", buf[i]);
+ } else {
+ printf(" [REMOVED]");
+ }
+ printf("\n");
+#ifdef CONFIG_DEBUG_FILE
+ }
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len)
+{
+ _wpa_hexdump(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
+{
+ _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys);
+}
+
+
+static void _wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+ size_t len, int show)
+{
+ size_t i, llen;
+ const u8 *pos = buf;
+ const size_t line_len = 16;
+
+ if (level < wpa_debug_level)
+ return;
+ wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+ if (out_file) {
+ if (!show) {
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+ title, (unsigned long) len);
+ return;
+ }
+ if (buf == NULL) {
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [NULL]\n",
+ title, (unsigned long) len);
+ return;
+ }
+ fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
+ title, (unsigned long) len);
+ while (len) {
+ llen = len > line_len ? line_len : len;
+ fprintf(out_file, " ");
+ for (i = 0; i < llen; i++)
+ fprintf(out_file, " %02x", pos[i]);
+ for (i = llen; i < line_len; i++)
+ fprintf(out_file, " ");
+ fprintf(out_file, " ");
+ for (i = 0; i < llen; i++) {
+ if (isprint(pos[i]))
+ fprintf(out_file, "%c", pos[i]);
+ else
+ fprintf(out_file, "_");
+ }
+ for (i = llen; i < line_len; i++)
+ fprintf(out_file, " ");
+ fprintf(out_file, "\n");
+ pos += llen;
+ len -= llen;
+ }
+ } else {
+#endif /* CONFIG_DEBUG_FILE */
+ if (!show) {
+ printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+ title, (unsigned long) len);
+ return;
+ }
+ if (buf == NULL) {
+ printf("%s - hexdump_ascii(len=%lu): [NULL]\n",
+ title, (unsigned long) len);
+ return;
+ }
+ printf("%s - hexdump_ascii(len=%lu):\n", title, (unsigned long) len);
+ while (len) {
+ llen = len > line_len ? line_len : len;
+ printf(" ");
+ for (i = 0; i < llen; i++)
+ printf(" %02x", pos[i]);
+ for (i = llen; i < line_len; i++)
+ printf(" ");
+ printf(" ");
+ for (i = 0; i < llen; i++) {
+ if (isprint(pos[i]))
+ printf("%c", pos[i]);
+ else
+ printf("_");
+ }
+ for (i = llen; i < line_len; i++)
+ printf(" ");
+ printf("\n");
+ pos += llen;
+ len -= llen;
+ }
+#ifdef CONFIG_DEBUG_FILE
+ }
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, size_t len)
+{
+ _wpa_hexdump_ascii(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+ size_t len)
+{
+ _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+}
+
+
+int wpa_debug_open_file(const char *path)
+{
+#ifdef CONFIG_DEBUG_FILE
+ if (!path)
+ return 0;
+ out_file = fopen(path, "a");
+ if (out_file == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
+ "output file, using standard output");
+ return -1;
+ }
+#ifndef _WIN32
+ setvbuf(out_file, NULL, _IOLBF, 0);
+#endif /* _WIN32 */
+#endif /* CONFIG_DEBUG_FILE */
+ return 0;
+}
+
+
+void wpa_debug_close_file(void)
+{
+#ifdef CONFIG_DEBUG_FILE
+ if (!out_file)
+ return;
+ fclose(out_file);
+ out_file = NULL;
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifndef CONFIG_NO_WPA_MSG
+static wpa_msg_cb_func wpa_msg_cb = NULL;
+
+void wpa_msg_register_cb(wpa_msg_cb_func func)
+{
+ wpa_msg_cb = func;
+}
+
+
+void wpa_msg(void *ctx, int level, char *fmt, ...)
+{
+ va_list ap;
+ char *buf;
+ const int buflen = 2048;
+ int len;
+
+ buf = os_malloc(buflen);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_msg: Failed to allocate message "
+ "buffer");
+ return;
+ }
+ va_start(ap, fmt);
+ len = vsnprintf(buf, buflen, fmt, ap);
+ va_end(ap);
+ wpa_printf(level, "%s", buf);
+ if (wpa_msg_cb)
+ wpa_msg_cb(ctx, level, buf, len);
+ os_free(buf);
+}
+#endif /* CONFIG_NO_WPA_MSG */
+
+
+static inline int _wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data,
+ size_t len, int uppercase)
+{
+ size_t i;
+ char *pos = buf, *end = buf + buf_size;
+ int ret;
+ if (buf_size == 0)
+ return 0;
+ for (i = 0; i < len; i++) {
+ ret = os_snprintf(pos, end - pos, uppercase ? "%02X" : "%02x",
+ data[i]);
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return pos - buf;
+ }
+ pos += ret;
+ }
+ end[-1] = '\0';
+ return pos - buf;
+}
+
+/**
+ * wpa_snprintf_hex - Print data as a hex string into a buffer
+ * @buf: Memory area to use as the output buffer
+ * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1)
+ * @data: Data to be printed
+ * @len: Length of data in bytes
+ * Returns: Number of bytes written
+ */
+int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len)
+{
+ return _wpa_snprintf_hex(buf, buf_size, data, len, 0);
+}
+
+
+/**
+ * wpa_snprintf_hex_uppercase - Print data as a upper case hex string into buf
+ * @buf: Memory area to use as the output buffer
+ * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1)
+ * @data: Data to be printed
+ * @len: Length of data in bytes
+ * Returns: Number of bytes written
+ */
+int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
+ size_t len)
+{
+ return _wpa_snprintf_hex(buf, buf_size, data, len, 1);
+}
+
+
+#ifdef CONFIG_ANSI_C_EXTRA
+
+#ifdef _WIN32_WCE
+void perror(const char *s)
+{
+ wpa_printf(MSG_ERROR, "%s: GetLastError: %d",
+ s, (int) GetLastError());
+}
+#endif /* _WIN32_WCE */
+
+
+int optind = 1;
+int optopt;
+char *optarg;
+
+int getopt(int argc, char *const argv[], const char *optstring)
+{
+ static int optchr = 1;
+ char *cp;
+
+ if (optchr == 1) {
+ if (optind >= argc) {
+ /* all arguments processed */
+ return EOF;
+ }
+
+ if (argv[optind][0] != '-' || argv[optind][1] == '\0') {
+ /* no option characters */
+ return EOF;
+ }
+ }
+
+ if (os_strcmp(argv[optind], "--") == 0) {
+ /* no more options */
+ optind++;
+ return EOF;
+ }
+
+ optopt = argv[optind][optchr];
+ cp = os_strchr(optstring, optopt);
+ if (cp == NULL || optopt == ':') {
+ if (argv[optind][++optchr] == '\0') {
+ optchr = 1;
+ optind++;
+ }
+ return '?';
+ }
+
+ if (cp[1] == ':') {
+ /* Argument required */
+ optchr = 1;
+ if (argv[optind][optchr + 1]) {
+ /* No space between option and argument */
+ optarg = &argv[optind++][optchr + 1];
+ } else if (++optind >= argc) {
+ /* option requires an argument */
+ return '?';
+ } else {
+ /* Argument in the next argv */
+ optarg = argv[optind++];
+ }
+ } else {
+ /* No argument */
+ if (argv[optind][++optchr] == '\0') {
+ optchr = 1;
+ optind++;
+ }
+ optarg = NULL;
+ }
+ return *cp;
+}
+#endif /* CONFIG_ANSI_C_EXTRA */
+
+
+#ifdef CONFIG_NATIVE_WINDOWS
+/**
+ * wpa_unicode2ascii_inplace - Convert unicode string into ASCII
+ * @str: Pointer to string to convert
+ *
+ * This function converts a unicode string to ASCII using the same
+ * buffer for output. If UNICODE is not set, the buffer is not
+ * modified.
+ */
+void wpa_unicode2ascii_inplace(TCHAR *str)
+{
+#ifdef UNICODE
+ char *dst = (char *) str;
+ while (*str)
+ *dst++ = (char) *str++;
+ *dst = '\0';
+#endif /* UNICODE */
+}
+
+
+TCHAR * wpa_strdup_tchar(const char *str)
+{
+#ifdef UNICODE
+ TCHAR *buf;
+ buf = os_malloc((strlen(str) + 1) * sizeof(TCHAR));
+ if (buf == NULL)
+ return NULL;
+ wsprintf(buf, L"%S", str);
+ return buf;
+#else /* UNICODE */
+ return os_strdup(str);
+#endif /* UNICODE */
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+
+/**
+ * wpa_ssid_txt - Convert SSID to a printable string
+ * @ssid: SSID (32-octet string)
+ * @ssid_len: Length of ssid in octets
+ * Returns: Pointer to a printable string
+ *
+ * This function can be used to convert SSIDs into printable form. In most
+ * cases, SSIDs do not use unprintable characters, but IEEE 802.11 standard
+ * does not limit the used character set, so anything could be used in an SSID.
+ *
+ * This function uses a static buffer, so only one call can be used at the
+ * time, i.e., this is not re-entrant and the returned buffer must be used
+ * before calling this again.
+ */
+const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len)
+{
+ static char ssid_txt[33];
+ char *pos;
+
+ if (ssid_len > 32)
+ ssid_len = 32;
+ os_memcpy(ssid_txt, ssid, ssid_len);
+ ssid_txt[ssid_len] = '\0';
+ for (pos = ssid_txt; *pos != '\0'; pos++) {
+ if ((u8) *pos < 32 || (u8) *pos >= 127)
+ *pos = '_';
+ }
+ return ssid_txt;
+}
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include "os.h"
+
+#ifdef __linux__
+#include <endian.h>
+#include <byteswap.h>
+#endif /* __linux__ */
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/types.h>
+#include <sys/endian.h>
+#define __BYTE_ORDER _BYTE_ORDER
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define __BIG_ENDIAN _BIG_ENDIAN
+#define bswap_16 bswap16
+#define bswap_32 bswap32
+#define bswap_64 bswap64
+#endif /* defined(__FreeBSD__) || defined(__NetBSD__) ||
+ * defined(__DragonFly__) */
+
+#ifdef CONFIG_TI_COMPILER
+#define __BIG_ENDIAN 4321
+#define __LITTLE_ENDIAN 1234
+#ifdef __big_endian__
+#define __BYTE_ORDER __BIG_ENDIAN
+#else
+#define __BYTE_ORDER __LITTLE_ENDIAN
+#endif
+#endif /* CONFIG_TI_COMPILER */
+
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock.h>
+
+typedef int socklen_t;
+
+#ifndef MSG_DONTWAIT
+#define MSG_DONTWAIT 0 /* not supported */
+#endif
+
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
+
+#ifdef _MSC_VER
+#define inline __inline
+#endif /* _MSC_VER */
+
+static inline unsigned short wpa_swap_16(unsigned short v)
+{
+ return ((v & 0xff) << 8) | (v >> 8);
+}
+
+static inline unsigned int wpa_swap_32(unsigned int v)
+{
+ return ((v & 0xff) << 24) | ((v & 0xff00) << 8) |
+ ((v & 0xff0000) >> 8) | (v >> 24);
+}
+
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) wpa_swap_16(n)
+#define host_to_be16(n) wpa_swap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) wpa_swap_32(n)
+#define host_to_be32(n) wpa_swap_32(n)
+
+#else /* __CYGWIN__ */
+
+#ifndef __BYTE_ORDER
+#ifndef __LITTLE_ENDIAN
+#ifndef __BIG_ENDIAN
+#define __LITTLE_ENDIAN 1234
+#define __BIG_ENDIAN 4321
+#if defined(sparc)
+#define __BYTE_ORDER __BIG_ENDIAN
+#endif
+#endif /* __BIG_ENDIAN */
+#endif /* __LITTLE_ENDIAN */
+#endif /* __BYTE_ORDER */
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) bswap_16(n)
+#define host_to_be16(n) bswap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) bswap_32(n)
+#define host_to_be32(n) bswap_32(n)
+#define le_to_host64(n) (n)
+#define host_to_le64(n) (n)
+#define be_to_host64(n) bswap_64(n)
+#define host_to_be64(n) bswap_64(n)
+#elif __BYTE_ORDER == __BIG_ENDIAN
+#define le_to_host16(n) bswap_16(n)
+#define host_to_le16(n) bswap_16(n)
+#define be_to_host16(n) (n)
+#define host_to_be16(n) (n)
+#define le_to_host32(n) bswap_32(n)
+#define be_to_host32(n) (n)
+#define host_to_be32(n) (n)
+#define le_to_host64(n) bswap_64(n)
+#define host_to_le64(n) bswap_64(n)
+#define be_to_host64(n) (n)
+#define host_to_be64(n) (n)
+#ifndef WORDS_BIGENDIAN
+#define WORDS_BIGENDIAN
+#endif
+#else
+#error Could not determine CPU byte order
+#endif
+
+#endif /* __CYGWIN__ */
+
+/* Macros for handling unaligned 16-bit variables */
+#define WPA_GET_BE16(a) ((u16) (((a)[0] << 8) | (a)[1]))
+#define WPA_PUT_BE16(a, val) \
+ do { \
+ (a)[0] = ((u16) (val)) >> 8; \
+ (a)[1] = ((u16) (val)) & 0xff; \
+ } while (0)
+
+#define WPA_GET_LE16(a) ((u16) (((a)[1] << 8) | (a)[0]))
+#define WPA_PUT_LE16(a, val) \
+ do { \
+ (a)[1] = ((u16) (val)) >> 8; \
+ (a)[0] = ((u16) (val)) & 0xff; \
+ } while (0)
+
+#define WPA_GET_BE24(a) ((((u32) (a)[0]) << 16) | (((u32) (a)[1]) << 8) | \
+ ((u32) (a)[2]))
+#define WPA_PUT_BE24(a, val) \
+ do { \
+ (a)[0] = (u8) (((u32) (val)) >> 16); \
+ (a)[1] = (u8) (((u32) (val)) >> 8); \
+ (a)[2] = (u8) (((u32) (val)) & 0xff); \
+ } while (0)
+
+#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
+ (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
+#define WPA_PUT_BE32(a, val) \
+ do { \
+ (a)[0] = (u8) (((u32) (val)) >> 24); \
+ (a)[1] = (u8) (((u32) (val)) >> 16); \
+ (a)[2] = (u8) (((u32) (val)) >> 8); \
+ (a)[3] = (u8) (((u32) (val)) & 0xff); \
+ } while (0)
+
+#define WPA_PUT_BE64(a, val) \
+ do { \
+ (a)[0] = (u8) (((u64) (val)) >> 56); \
+ (a)[1] = (u8) (((u64) (val)) >> 48); \
+ (a)[2] = (u8) (((u64) (val)) >> 40); \
+ (a)[3] = (u8) (((u64) (val)) >> 32); \
+ (a)[4] = (u8) (((u64) (val)) >> 24); \
+ (a)[5] = (u8) (((u64) (val)) >> 16); \
+ (a)[6] = (u8) (((u64) (val)) >> 8); \
+ (a)[7] = (u8) (((u64) (val)) & 0xff); \
+ } while (0)
+
+
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif
+
+#ifdef _MSC_VER
+typedef UINT64 u64;
+typedef UINT32 u32;
+typedef UINT16 u16;
+typedef UINT8 u8;
+typedef INT64 s64;
+typedef INT32 s32;
+typedef INT16 s16;
+typedef INT8 s8;
+#define WPA_TYPES_DEFINED
+#endif /* _MSC_VER */
+
+#ifdef __vxworks
+typedef unsigned long long u64;
+typedef UINT32 u32;
+typedef UINT16 u16;
+typedef UINT8 u8;
+typedef long long s64;
+typedef INT32 s32;
+typedef INT16 s16;
+typedef INT8 s8;
+#define WPA_TYPES_DEFINED
+#endif /* __vxworks */
+
+#ifdef CONFIG_TI_COMPILER
+#ifdef _LLONG_AVAILABLE
+typedef unsigned long long u64;
+#else
+/*
+ * TODO: 64-bit variable not available. Using long as a workaround to test the
+ * build, but this will likely not work for all operations.
+ */
+typedef unsigned long u64;
+#endif
+typedef unsigned int u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+#define WPA_TYPES_DEFINED
+#endif /* CONFIG_TI_COMPILER */
+
+#ifndef WPA_TYPES_DEFINED
+#ifdef CONFIG_USE_INTTYPES_H
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif
+typedef uint64_t u64;
+typedef uint32_t u32;
+typedef uint16_t u16;
+typedef uint8_t u8;
+typedef int64_t s64;
+typedef int32_t s32;
+typedef int16_t s16;
+typedef int8_t s8;
+#define WPA_TYPES_DEFINED
+#endif /* !WPA_TYPES_DEFINED */
+
+#define hostapd_get_rand os_get_random
+int hwaddr_aton(const char *txt, u8 *addr);
+int hexstr2bin(const char *hex, u8 *buf, size_t len);
+void inc_byte_array(u8 *counter, size_t len);
+void wpa_get_ntp_timestamp(u8 *buf);
+
+
+#ifdef __GNUC__
+#define PRINTF_FORMAT(a,b) __attribute__ ((format (printf, (a), (b))))
+#define STRUCT_PACKED __attribute__ ((packed))
+#else
+#define PRINTF_FORMAT(a,b)
+#define STRUCT_PACKED
+#endif
+
+
+/* Debugging function - conditional printf and hex dump. Driver wrappers can
+ * use these for debugging purposes. */
+
+enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR };
+
+#ifdef CONFIG_NO_STDOUT_DEBUG
+
+#define wpa_debug_print_timestamp() do { } while (0)
+#define wpa_printf(args...) do { } while (0)
+#define wpa_hexdump(l,t,b,le) do { } while (0)
+#define wpa_hexdump_key(l,t,b,le) do { } while (0)
+#define wpa_hexdump_ascii(l,t,b,le) do { } while (0)
+#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0)
+#define wpa_debug_open_file(p) do { } while (0)
+#define wpa_debug_close_file() do { } while (0)
+
+#else /* CONFIG_NO_STDOUT_DEBUG */
+
+int wpa_debug_open_file(const char *path);
+void wpa_debug_close_file(void);
+
+/**
+ * wpa_debug_printf_timestamp - Print timestamp for debug output
+ *
+ * This function prints a timestamp in <seconds from 1970>.<microsoconds>
+ * format if debug output has been configured to include timestamps in debug
+ * messages.
+ */
+void wpa_debug_print_timestamp(void);
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+PRINTF_FORMAT(2, 3);
+
+/**
+ * wpa_hexdump - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump.
+ */
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump. This works
+ * like wpa_hexdump(), but by default, does not include secret keys (passwords,
+ * etc.) in debug output.
+ */
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_ascii - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown.
+ */
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+ size_t len);
+
+/**
+ * wpa_hexdump_ascii_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
+ * default, does not include secret keys (passwords, etc.) in debug output.
+ */
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+ size_t len);
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef CONFIG_NO_WPA_MSG
+#define wpa_msg(args...) do { } while (0)
+#define wpa_msg_register_cb(f) do { } while (0)
+#else /* CONFIG_NO_WPA_MSG */
+/**
+ * wpa_msg - Conditional printf for default target and ctrl_iface monitors
+ * @ctx: Pointer to context data; this is the ctx variable registered
+ * with struct wpa_driver_ops::init()
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. This function is like wpa_printf(), but it also sends the
+ * same message to all attached ctrl_iface monitors.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_msg(void *ctx, int level, char *fmt, ...) PRINTF_FORMAT(3, 4);
+
+typedef void (*wpa_msg_cb_func)(void *ctx, int level, const char *txt,
+ size_t len);
+
+/**
+ * wpa_msg_register_cb - Register callback function for wpa_msg() messages
+ * @func: Callback function (%NULL to unregister)
+ */
+void wpa_msg_register_cb(wpa_msg_cb_func func);
+#endif /* CONFIG_NO_WPA_MSG */
+
+
+int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len);
+int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
+ size_t len);
+
+
+#ifdef EAPOL_TEST
+#define WPA_ASSERT(a) \
+ do { \
+ if (!(a)) { \
+ printf("WPA_ASSERT FAILED '" #a "' " \
+ "%s %s:%d\n", \
+ __FUNCTION__, __FILE__, __LINE__); \
+ exit(1); \
+ } \
+ } while (0)
+#else
+#define WPA_ASSERT(a) do { } while (0)
+#endif
+
+
+#ifdef _MSC_VER
+#undef vsnprintf
+#define vsnprintf _vsnprintf
+#undef close
+#define close closesocket
+#endif /* _MSC_VER */
+
+
+#ifdef CONFIG_ANSI_C_EXTRA
+
+#if !defined(_MSC_VER) || _MSC_VER < 1400
+/* snprintf - used in number of places; sprintf() is _not_ a good replacement
+ * due to possible buffer overflow; see, e.g.,
+ * http://www.ijs.si/software/snprintf/ for portable implementation of
+ * snprintf. */
+int snprintf(char *str, size_t size, const char *format, ...);
+
+/* vsnprintf - only used for wpa_msg() in wpa_supplicant.c */
+int vsnprintf(char *str, size_t size, const char *format, va_list ap);
+#endif /* !defined(_MSC_VER) || _MSC_VER < 1400 */
+
+/* getopt - only used in main.c */
+int getopt(int argc, char *const argv[], const char *optstring);
+extern char *optarg;
+extern int optind;
+
+#ifndef CONFIG_NO_SOCKLEN_T_TYPEDEF
+#ifndef __socklen_t_defined
+typedef int socklen_t;
+#endif
+#endif
+
+/* inline - define as __inline or just define it to be empty, if needed */
+#ifdef CONFIG_NO_INLINE
+#define inline
+#else
+#define inline __inline
+#endif
+
+#ifndef __func__
+#define __func__ "__func__ not defined"
+#endif
+
+#ifndef bswap_16
+#define bswap_16(a) ((((u16) (a) << 8) & 0xff00) | (((u16) (a) >> 8) & 0xff))
+#endif
+
+#ifndef bswap_32
+#define bswap_32(a) ((((u32) (a) << 24) & 0xff000000) | \
+ (((u32) (a) << 8) & 0xff0000) | \
+ (((u32) (a) >> 8) & 0xff00) | \
+ (((u32) (a) >> 24) & 0xff))
+#endif
+
+#ifndef MSG_DONTWAIT
+#define MSG_DONTWAIT 0
+#endif
+
+#ifdef _WIN32_WCE
+void perror(const char *s);
+#endif /* _WIN32_WCE */
+
+#endif /* CONFIG_ANSI_C_EXTRA */
+
+#define wpa_zalloc(s) os_zalloc((s))
+
+#ifdef CONFIG_NATIVE_WINDOWS
+void wpa_unicode2ascii_inplace(TCHAR *str);
+TCHAR * wpa_strdup_tchar(const char *str);
+#else /* CONFIG_NATIVE_WINDOWS */
+#define wpa_unicode2ascii_inplace(s) do { } while (0)
+#define wpa_strdup_tchar(s) strdup((s))
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len);
+
+typedef u32 __be32;
+typedef u64 __be64;
+
+#endif /* COMMON_H */
--- /dev/null
+/*
+ * WPA Supplicant / Configuration parser and common functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa.h"
+#include "sha1.h"
+#include "eapol_sm.h"
+#include "eap.h"
+#include "l2_packet.h"
+#include "config.h"
+
+
+/*
+ * Structure for network configuration parsing. This data is used to implement
+ * a generic parser for each network block variable. The table of configuration
+ * variables is defined below in this file (ssid_fields[]).
+ */
+struct parse_data {
+ /* Configuration variable name */
+ char *name;
+
+ /* Parser function for this variable */
+ int (*parser)(const struct parse_data *data, struct wpa_ssid *ssid,
+ int line, const char *value);
+
+ /* Writer function (i.e., to get the variable in text format from
+ * internal presentation). */
+ char * (*writer)(const struct parse_data *data, struct wpa_ssid *ssid);
+
+ /* Variable specific parameters for the parser. */
+ void *param1, *param2, *param3, *param4;
+
+ /* 0 = this variable can be included in debug output and ctrl_iface
+ * 1 = this variable contains key/private data and it must not be
+ * included in debug output unless explicitly requested. In
+ * addition, this variable will not be readable through the
+ * ctrl_iface.
+ */
+ int key_data;
+};
+
+
+static char * wpa_config_parse_string(const char *value, size_t *len)
+{
+ if (*value == '"') {
+ char *pos;
+ value++;
+ pos = os_strrchr(value, '"');
+ if (pos == NULL || pos[1] != '\0')
+ return NULL;
+ *pos = '\0';
+ *len = os_strlen(value);
+ return os_strdup(value);
+ } else {
+ u8 *str;
+ size_t tlen, hlen = os_strlen(value);
+ if (hlen & 1)
+ return NULL;
+ tlen = hlen / 2;
+ str = os_malloc(tlen + 1);
+ if (str == NULL)
+ return NULL;
+ if (hexstr2bin(value, str, tlen)) {
+ os_free(str);
+ return NULL;
+ }
+ str[tlen] = '\0';
+ *len = tlen;
+ return (char *) str;
+ }
+}
+
+
+static int wpa_config_parse_str(const struct parse_data *data,
+ struct wpa_ssid *ssid,
+ int line, const char *value)
+{
+ size_t res_len, *dst_len;
+ char **dst, *tmp;
+
+ tmp = wpa_config_parse_string(value, &res_len);
+ if (tmp == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to parse %s '%s'.",
+ line, data->name,
+ data->key_data ? "[KEY DATA REMOVED]" : value);
+ return -1;
+ }
+
+ if (data->key_data) {
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
+ (u8 *) tmp, res_len);
+ } else {
+ wpa_hexdump_ascii(MSG_MSGDUMP, data->name,
+ (u8 *) tmp, res_len);
+ }
+
+ if (data->param3 && res_len < (size_t) data->param3) {
+ wpa_printf(MSG_ERROR, "Line %d: too short %s (len=%lu "
+ "min_len=%ld)", line, data->name,
+ (unsigned long) res_len, (long) data->param3);
+ os_free(tmp);
+ return -1;
+ }
+
+ if (data->param4 && res_len > (size_t) data->param4) {
+ wpa_printf(MSG_ERROR, "Line %d: too long %s (len=%lu "
+ "max_len=%ld)", line, data->name,
+ (unsigned long) res_len, (long) data->param4);
+ os_free(tmp);
+ return -1;
+ }
+
+ dst = (char **) (((u8 *) ssid) + (long) data->param1);
+ dst_len = (size_t *) (((u8 *) ssid) + (long) data->param2);
+ os_free(*dst);
+ *dst = tmp;
+ if (data->param2)
+ *dst_len = res_len;
+
+ return 0;
+}
+
+
+static int is_hex(const u8 *data, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (data[i] < 32 || data[i] >= 127)
+ return 1;
+ }
+ return 0;
+}
+
+
+static char * wpa_config_write_string_ascii(const u8 *value, size_t len)
+{
+ char *buf;
+
+ buf = os_malloc(len + 3);
+ if (buf == NULL)
+ return NULL;
+ buf[0] = '"';
+ os_memcpy(buf + 1, value, len);
+ buf[len + 1] = '"';
+ buf[len + 2] = '\0';
+
+ return buf;
+}
+
+
+static char * wpa_config_write_string_hex(const u8 *value, size_t len)
+{
+ char *buf;
+
+ buf = os_zalloc(2 * len + 1);
+ if (buf == NULL)
+ return NULL;
+ wpa_snprintf_hex(buf, 2 * len + 1, value, len);
+
+ return buf;
+}
+
+
+static char * wpa_config_write_string(const u8 *value, size_t len)
+{
+ if (value == NULL)
+ return NULL;
+
+ if (is_hex(value, len))
+ return wpa_config_write_string_hex(value, len);
+ else
+ return wpa_config_write_string_ascii(value, len);
+}
+
+
+static char * wpa_config_write_str(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ size_t len;
+ char **src;
+
+ src = (char **) (((u8 *) ssid) + (long) data->param1);
+ if (*src == NULL)
+ return NULL;
+
+ if (data->param2)
+ len = *((size_t *) (((u8 *) ssid) + (long) data->param2));
+ else
+ len = os_strlen(*src);
+
+ return wpa_config_write_string((const u8 *) *src, len);
+}
+
+
+static int wpa_config_parse_int(const struct parse_data *data,
+ struct wpa_ssid *ssid,
+ int line, const char *value)
+{
+ int *dst;
+
+ dst = (int *) (((u8 *) ssid) + (long) data->param1);
+ *dst = atoi(value);
+ wpa_printf(MSG_MSGDUMP, "%s=%d (0x%x)", data->name, *dst, *dst);
+
+ if (data->param3 && *dst < (long) data->param3) {
+ wpa_printf(MSG_ERROR, "Line %d: too small %s (value=%d "
+ "min_value=%ld)", line, data->name, *dst,
+ (long) data->param3);
+ *dst = (long) data->param3;
+ return -1;
+ }
+
+ if (data->param4 && *dst > (long) data->param4) {
+ wpa_printf(MSG_ERROR, "Line %d: too large %s (value=%d "
+ "max_value=%ld)", line, data->name, *dst,
+ (long) data->param4);
+ *dst = (long) data->param4;
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static char * wpa_config_write_int(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ int *src;
+ char *value;
+
+ src = (int *) (((u8 *) ssid) + (long) data->param1);
+
+ value = os_malloc(20);
+ if (value == NULL)
+ return NULL;
+ os_snprintf(value, 20, "%d", *src);
+ value[20 - 1] = '\0';
+ return value;
+}
+
+
+static int wpa_config_parse_bssid(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ if (hwaddr_aton(value, ssid->bssid)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid BSSID '%s'.",
+ line, value);
+ return -1;
+ }
+ ssid->bssid_set = 1;
+ wpa_hexdump(MSG_MSGDUMP, "BSSID", ssid->bssid, ETH_ALEN);
+ return 0;
+}
+
+
+static char * wpa_config_write_bssid(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (!ssid->bssid_set)
+ return NULL;
+
+ value = os_malloc(20);
+ if (value == NULL)
+ return NULL;
+ os_snprintf(value, 20, MACSTR, MAC2STR(ssid->bssid));
+ value[20 - 1] = '\0';
+ return value;
+}
+
+
+static int wpa_config_parse_psk(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ if (*value == '"') {
+ const char *pos;
+ size_t len;
+
+ value++;
+ pos = os_strrchr(value, '"');
+ if (pos)
+ len = pos - value;
+ else
+ len = os_strlen(value);
+ if (len < 8 || len > 63) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid passphrase "
+ "length %lu (expected: 8..63) '%s'.",
+ line, (unsigned long) len, value);
+ return -1;
+ }
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
+ (u8 *) value, len);
+ if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
+ os_memcmp(ssid->passphrase, value, len) == 0)
+ return 0;
+ ssid->psk_set = 0;
+ os_free(ssid->passphrase);
+ ssid->passphrase = os_malloc(len + 1);
+ if (ssid->passphrase == NULL)
+ return -1;
+ os_memcpy(ssid->passphrase, value, len);
+ ssid->passphrase[len] = '\0';
+ return 0;
+ }
+
+ if (hexstr2bin(value, ssid->psk, PMK_LEN) ||
+ value[PMK_LEN * 2] != '\0') {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
+ line, value);
+ return -1;
+ }
+
+ os_free(ssid->passphrase);
+ ssid->passphrase = NULL;
+
+ ssid->psk_set = 1;
+ wpa_hexdump_key(MSG_MSGDUMP, "PSK", ssid->psk, PMK_LEN);
+ return 0;
+}
+
+
+static char * wpa_config_write_psk(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ if (ssid->passphrase)
+ return wpa_config_write_string_ascii(
+ (const u8 *) ssid->passphrase,
+ os_strlen(ssid->passphrase));
+
+ if (ssid->psk_set)
+ return wpa_config_write_string_hex(ssid->psk, PMK_LEN);
+
+ return NULL;
+}
+
+
+static int wpa_config_parse_proto(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int val = 0, last, errors = 0;
+ char *start, *end, *buf;
+
+ buf = os_strdup(value);
+ if (buf == NULL)
+ return -1;
+ start = buf;
+
+ while (*start != '\0') {
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start == '\0')
+ break;
+ end = start;
+ while (*end != ' ' && *end != '\t' && *end != '\0')
+ end++;
+ last = *end == '\0';
+ *end = '\0';
+ if (os_strcmp(start, "WPA") == 0)
+ val |= WPA_PROTO_WPA;
+ else if (os_strcmp(start, "RSN") == 0 ||
+ os_strcmp(start, "WPA2") == 0)
+ val |= WPA_PROTO_RSN;
+ else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid proto '%s'",
+ line, start);
+ errors++;
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+ os_free(buf);
+
+ if (val == 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: no proto values configured.", line);
+ errors++;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "proto: 0x%x", val);
+ ssid->proto = val;
+ return errors ? -1 : 0;
+}
+
+
+static char * wpa_config_write_proto(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ int first = 1, ret;
+ char *buf, *pos, *end;
+
+ pos = buf = os_zalloc(10);
+ if (buf == NULL)
+ return NULL;
+ end = buf + 10;
+
+ if (ssid->proto & WPA_PROTO_WPA) {
+ ret = os_snprintf(pos, end - pos, "%sWPA", first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (ssid->proto & WPA_PROTO_RSN) {
+ ret = os_snprintf(pos, end - pos, "%sRSN", first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return buf;
+ pos += ret;
+ first = 0;
+ }
+
+ return buf;
+}
+
+
+static int wpa_config_parse_key_mgmt(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int val = 0, last, errors = 0;
+ char *start, *end, *buf;
+
+ buf = os_strdup(value);
+ if (buf == NULL)
+ return -1;
+ start = buf;
+
+ while (*start != '\0') {
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start == '\0')
+ break;
+ end = start;
+ while (*end != ' ' && *end != '\t' && *end != '\0')
+ end++;
+ last = *end == '\0';
+ *end = '\0';
+ if (os_strcmp(start, "WPA-PSK") == 0)
+ val |= WPA_KEY_MGMT_PSK;
+ else if (os_strcmp(start, "WPA-EAP") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X;
+ else if (os_strcmp(start, "IEEE8021X") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_NO_WPA;
+ else if (os_strcmp(start, "NONE") == 0)
+ val |= WPA_KEY_MGMT_NONE;
+ else if (os_strcmp(start, "WPA-NONE") == 0)
+ val |= WPA_KEY_MGMT_WPA_NONE;
+ else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
+ line, start);
+ errors++;
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+ os_free(buf);
+
+ if (val == 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: no key_mgmt values configured.", line);
+ errors++;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "key_mgmt: 0x%x", val);
+ ssid->key_mgmt = val;
+ return errors ? -1 : 0;
+}
+
+
+static char * wpa_config_write_key_mgmt(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *buf, *pos, *end;
+ int ret;
+
+ pos = buf = os_zalloc(50);
+ if (buf == NULL)
+ return NULL;
+ end = buf + 50;
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
+ ret = os_snprintf(pos, end - pos, "%sWPA-PSK",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
+ ret = os_snprintf(pos, end - pos, "%sWPA-EAP",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ ret = os_snprintf(pos, end - pos, "%sIEEE8021X",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sNONE",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sWPA-NONE",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ return buf;
+}
+
+
+static int wpa_config_parse_cipher(int line, const char *value)
+{
+ int val = 0, last;
+ char *start, *end, *buf;
+
+ buf = os_strdup(value);
+ if (buf == NULL)
+ return -1;
+ start = buf;
+
+ while (*start != '\0') {
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start == '\0')
+ break;
+ end = start;
+ while (*end != ' ' && *end != '\t' && *end != '\0')
+ end++;
+ last = *end == '\0';
+ *end = '\0';
+ if (os_strcmp(start, "CCMP") == 0)
+ val |= WPA_CIPHER_CCMP;
+ else if (os_strcmp(start, "TKIP") == 0)
+ val |= WPA_CIPHER_TKIP;
+ else if (os_strcmp(start, "WEP104") == 0)
+ val |= WPA_CIPHER_WEP104;
+ else if (os_strcmp(start, "WEP40") == 0)
+ val |= WPA_CIPHER_WEP40;
+ else if (os_strcmp(start, "NONE") == 0)
+ val |= WPA_CIPHER_NONE;
+ else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
+ line, start);
+ os_free(buf);
+ return -1;
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+ os_free(buf);
+
+ if (val == 0) {
+ wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
+ line);
+ return -1;
+ }
+ return val;
+}
+
+
+static char * wpa_config_write_cipher(int cipher)
+{
+ char *buf, *pos, *end;
+ int ret;
+
+ pos = buf = os_zalloc(50);
+ if (buf == NULL)
+ return NULL;
+ end = buf + 50;
+
+ if (cipher & WPA_CIPHER_CCMP) {
+ ret = os_snprintf(pos, end - pos, "%sCCMP",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (cipher & WPA_CIPHER_TKIP) {
+ ret = os_snprintf(pos, end - pos, "%sTKIP",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (cipher & WPA_CIPHER_WEP104) {
+ ret = os_snprintf(pos, end - pos, "%sWEP104",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (cipher & WPA_CIPHER_WEP40) {
+ ret = os_snprintf(pos, end - pos, "%sWEP40",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (cipher & WPA_CIPHER_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sNONE",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ return buf;
+}
+
+
+static int wpa_config_parse_pairwise(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int val;
+ val = wpa_config_parse_cipher(line, value);
+ if (val == -1)
+ return -1;
+ if (val & ~(WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE)) {
+ wpa_printf(MSG_ERROR, "Line %d: not allowed pairwise cipher "
+ "(0x%x).", line, val);
+ return -1;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "pairwise: 0x%x", val);
+ ssid->pairwise_cipher = val;
+ return 0;
+}
+
+
+static char * wpa_config_write_pairwise(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_cipher(ssid->pairwise_cipher);
+}
+
+
+static int wpa_config_parse_group(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int val;
+ val = wpa_config_parse_cipher(line, value);
+ if (val == -1)
+ return -1;
+ if (val & ~(WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | WPA_CIPHER_WEP104 |
+ WPA_CIPHER_WEP40)) {
+ wpa_printf(MSG_ERROR, "Line %d: not allowed group cipher "
+ "(0x%x).", line, val);
+ return -1;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "group: 0x%x", val);
+ ssid->group_cipher = val;
+ return 0;
+}
+
+
+static char * wpa_config_write_group(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_cipher(ssid->group_cipher);
+}
+
+
+static int wpa_config_parse_auth_alg(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int val = 0, last, errors = 0;
+ char *start, *end, *buf;
+
+ buf = os_strdup(value);
+ if (buf == NULL)
+ return -1;
+ start = buf;
+
+ while (*start != '\0') {
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start == '\0')
+ break;
+ end = start;
+ while (*end != ' ' && *end != '\t' && *end != '\0')
+ end++;
+ last = *end == '\0';
+ *end = '\0';
+ if (os_strcmp(start, "OPEN") == 0)
+ val |= WPA_AUTH_ALG_OPEN;
+ else if (os_strcmp(start, "SHARED") == 0)
+ val |= WPA_AUTH_ALG_SHARED;
+ else if (os_strcmp(start, "LEAP") == 0)
+ val |= WPA_AUTH_ALG_LEAP;
+ else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid auth_alg '%s'",
+ line, start);
+ errors++;
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+ os_free(buf);
+
+ if (val == 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: no auth_alg values configured.", line);
+ errors++;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "auth_alg: 0x%x", val);
+ ssid->auth_alg = val;
+ return errors ? -1 : 0;
+}
+
+
+static char * wpa_config_write_auth_alg(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *buf, *pos, *end;
+ int ret;
+
+ pos = buf = os_zalloc(30);
+ if (buf == NULL)
+ return NULL;
+ end = buf + 30;
+
+ if (ssid->auth_alg & WPA_AUTH_ALG_OPEN) {
+ ret = os_snprintf(pos, end - pos, "%sOPEN",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->auth_alg & WPA_AUTH_ALG_SHARED) {
+ ret = os_snprintf(pos, end - pos, "%sSHARED",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ if (ssid->auth_alg & WPA_AUTH_ALG_LEAP) {
+ ret = os_snprintf(pos, end - pos, "%sLEAP",
+ pos == buf ? "" : " ");
+ if (ret < 0 || ret >= end - pos) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+
+ return buf;
+}
+
+
+#ifdef IEEE8021X_EAPOL
+static int wpa_config_parse_eap(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int last, errors = 0;
+ char *start, *end, *buf;
+ struct eap_method_type *methods = NULL, *tmp;
+ size_t num_methods = 0;
+
+ buf = os_strdup(value);
+ if (buf == NULL)
+ return -1;
+ start = buf;
+
+ while (*start != '\0') {
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start == '\0')
+ break;
+ end = start;
+ while (*end != ' ' && *end != '\t' && *end != '\0')
+ end++;
+ last = *end == '\0';
+ *end = '\0';
+ tmp = methods;
+ methods = os_realloc(methods,
+ (num_methods + 1) * sizeof(*methods));
+ if (methods == NULL) {
+ os_free(tmp);
+ os_free(buf);
+ return -1;
+ }
+ methods[num_methods].method = eap_get_type(
+ start, &methods[num_methods].vendor);
+ if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
+ methods[num_methods].method == EAP_TYPE_NONE) {
+ wpa_printf(MSG_ERROR, "Line %d: unknown EAP method "
+ "'%s'", line, start);
+ wpa_printf(MSG_ERROR, "You may need to add support for"
+ " this EAP method during wpa_supplicant\n"
+ "build time configuration.\n"
+ "See README for more information.");
+ errors++;
+ } else if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
+ methods[num_methods].method == EAP_TYPE_LEAP)
+ ssid->leap++;
+ else
+ ssid->non_leap++;
+ num_methods++;
+ if (last)
+ break;
+ start = end + 1;
+ }
+ os_free(buf);
+
+ tmp = methods;
+ methods = os_realloc(methods, (num_methods + 1) * sizeof(*methods));
+ if (methods == NULL) {
+ os_free(tmp);
+ return -1;
+ }
+ methods[num_methods].vendor = EAP_VENDOR_IETF;
+ methods[num_methods].method = EAP_TYPE_NONE;
+ num_methods++;
+
+ wpa_hexdump(MSG_MSGDUMP, "eap methods",
+ (u8 *) methods, num_methods * sizeof(*methods));
+ ssid->eap_methods = methods;
+ return errors ? -1 : 0;
+}
+
+
+static char * wpa_config_write_eap(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ int i, ret;
+ char *buf, *pos, *end;
+ const struct eap_method_type *eap_methods = ssid->eap_methods;
+ const char *name;
+
+ if (eap_methods == NULL)
+ return NULL;
+
+ pos = buf = os_zalloc(100);
+ if (buf == NULL)
+ return NULL;
+ end = buf + 100;
+
+ for (i = 0; eap_methods[i].vendor != EAP_VENDOR_IETF ||
+ eap_methods[i].method != EAP_TYPE_NONE; i++) {
+ name = eap_get_name(eap_methods[i].vendor,
+ eap_methods[i].method);
+ if (name) {
+ ret = os_snprintf(pos, end - pos, "%s%s",
+ pos == buf ? "" : " ", name);
+ if (ret < 0 || ret >= end - pos)
+ break;
+ pos += ret;
+ }
+ }
+
+ end[-1] = '\0';
+
+ return buf;
+}
+#endif /* IEEE8021X_EAPOL */
+
+
+static int wpa_config_parse_wep_key(u8 *key, size_t *len, int line,
+ const char *value, int idx)
+{
+ char *buf, title[20];
+
+ buf = wpa_config_parse_string(value, len);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid WEP key %d '%s'.",
+ line, idx, value);
+ return -1;
+ }
+ if (*len > MAX_WEP_KEY_LEN) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long WEP key %d '%s'.",
+ line, idx, value);
+ os_free(buf);
+ return -1;
+ }
+ os_memcpy(key, buf, *len);
+ os_free(buf);
+ os_snprintf(title, sizeof(title), "wep_key%d", idx);
+ wpa_hexdump_key(MSG_MSGDUMP, title, key, *len);
+ return 0;
+}
+
+
+static int wpa_config_parse_wep_key0(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ return wpa_config_parse_wep_key(ssid->wep_key[0],
+ &ssid->wep_key_len[0], line,
+ value, 0);
+}
+
+
+static int wpa_config_parse_wep_key1(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ return wpa_config_parse_wep_key(ssid->wep_key[1],
+ &ssid->wep_key_len[1], line,
+ value, 1);
+}
+
+
+static int wpa_config_parse_wep_key2(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ return wpa_config_parse_wep_key(ssid->wep_key[2],
+ &ssid->wep_key_len[2], line,
+ value, 2);
+}
+
+
+static int wpa_config_parse_wep_key3(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ return wpa_config_parse_wep_key(ssid->wep_key[3],
+ &ssid->wep_key_len[3], line,
+ value, 3);
+}
+
+
+static char * wpa_config_write_wep_key(struct wpa_ssid *ssid, int idx)
+{
+ if (ssid->wep_key_len[idx] == 0)
+ return NULL;
+ return wpa_config_write_string(ssid->wep_key[idx],
+ ssid->wep_key_len[idx]);
+}
+
+
+static char * wpa_config_write_wep_key0(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_wep_key(ssid, 0);
+}
+
+
+static char * wpa_config_write_wep_key1(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_wep_key(ssid, 1);
+}
+
+
+static char * wpa_config_write_wep_key2(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_wep_key(ssid, 2);
+}
+
+
+static char * wpa_config_write_wep_key3(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ return wpa_config_write_wep_key(ssid, 3);
+}
+
+
+/* Helper macros for network block parser */
+
+#ifdef OFFSET
+#undef OFFSET
+#endif /* OFFSET */
+/* OFFSET: Get offset of a variable within the wpa_ssid structure */
+#define OFFSET(v) ((void *) &((struct wpa_ssid *) 0)->v)
+
+/* STR: Define a string variable for an ASCII string; f = field name */
+#define _STR(f) #f, wpa_config_parse_str, wpa_config_write_str, OFFSET(f)
+#define STR(f) _STR(f), NULL, NULL, NULL, 0
+#define STR_KEY(f) _STR(f), NULL, NULL, NULL, 1
+
+/* STR_LEN: Define a string variable with a separate variable for storing the
+ * data length. Unlike STR(), this can be used to store arbitrary binary data
+ * (i.e., even nul termination character). */
+#define _STR_LEN(f) _STR(f), OFFSET(f ## _len)
+#define STR_LEN(f) _STR_LEN(f), NULL, NULL, 0
+#define STR_LEN_KEY(f) _STR_LEN(f), NULL, NULL, 1
+
+/* STR_RANGE: Like STR_LEN(), but with minimum and maximum allowed length
+ * explicitly specified. */
+#define _STR_RANGE(f, min, max) _STR_LEN(f), (void *) (min), (void *) (max)
+#define STR_RANGE(f, min, max) _STR_RANGE(f, min, max), 0
+#define STR_RANGE_KEY(f, min, max) _STR_RANGE(f, min, max), 1
+
+#define _INT(f) #f, wpa_config_parse_int, wpa_config_write_int, \
+ OFFSET(f), (void *) 0
+
+/* INT: Define an integer variable */
+#define INT(f) _INT(f), NULL, NULL, 0
+
+/* INT_RANGE: Define an integer variable with allowed value range */
+#define INT_RANGE(f, min, max) _INT(f), (void *) (min), (void *) (max), 0
+
+/* FUNC: Define a configuration variable that uses a custom function for
+ * parsing and writing the value. */
+#define _FUNC(f) #f, wpa_config_parse_ ## f, wpa_config_write_ ## f, \
+ NULL, NULL, NULL, NULL
+#define FUNC(f) _FUNC(f), 0
+#define FUNC_KEY(f) _FUNC(f), 1
+
+/*
+ * Table of network configuration variables. This table is used to parse each
+ * network configuration variable, e.g., each line in wpa_supplicant.conf file
+ * that is inside a network block.
+ *
+ * This table is generated using the helper macros defined above and with
+ * generous help from the C pre-processor. The field name is stored as a string
+ * into .name and for STR and INT types, the offset of the target buffer within
+ * struct wpa_ssid is stored in .param1. .param2 (if not NULL) is similar
+ * offset to the field containing the length of the configuration variable.
+ * .param3 and .param4 can be used to mark the allowed range (length for STR
+ * and value for INT).
+ *
+ * For each configuration line in wpa_supplicant.conf, the parser goes through
+ * this table and select the entry that matches with the field name. The parser
+ * function (.parser) is then called to parse the actual value of the field.
+ *
+ * This kind of mechanism makes it easy to add new configuration parameters,
+ * since only one line needs to be added into this table and into the
+ * struct wpa_ssid definition if the new variable is either a string or
+ * integer. More complex types will need to use their own parser and writer
+ * functions.
+ */
+static const struct parse_data ssid_fields[] = {
+ { STR_RANGE(ssid, 0, MAX_SSID_LEN) },
+ { INT_RANGE(scan_ssid, 0, 1) },
+ { FUNC(bssid) },
+ { FUNC_KEY(psk) },
+ { FUNC(proto) },
+ { FUNC(key_mgmt) },
+ { FUNC(pairwise) },
+ { FUNC(group) },
+ { FUNC(auth_alg) },
+#ifdef IEEE8021X_EAPOL
+ { FUNC(eap) },
+ { STR_LEN(identity) },
+ { STR_LEN(anonymous_identity) },
+ { STR_RANGE_KEY(eappsk, EAP_PSK_LEN_MIN, EAP_PSK_LEN_MAX) },
+ { STR_LEN(nai) },
+ { STR_LEN_KEY(password) },
+ { STR(ca_cert) },
+ { STR(ca_path) },
+ { STR(client_cert) },
+ { STR(private_key) },
+ { STR_KEY(private_key_passwd) },
+ { STR(dh_file) },
+ { STR(subject_match) },
+ { STR(altsubject_match) },
+ { STR(ca_cert2) },
+ { STR(ca_path2) },
+ { STR(client_cert2) },
+ { STR(private_key2) },
+ { STR_KEY(private_key2_passwd) },
+ { STR(dh_file2) },
+ { STR(subject_match2) },
+ { STR(altsubject_match2) },
+ { STR(phase1) },
+ { STR(phase2) },
+ { STR(pcsc) },
+ { STR_KEY(pin) },
+ { STR(engine_id) },
+ { STR(key_id) },
+ { INT(engine) },
+ { INT(eapol_flags) },
+#endif /* IEEE8021X_EAPOL */
+ { FUNC_KEY(wep_key0) },
+ { FUNC_KEY(wep_key1) },
+ { FUNC_KEY(wep_key2) },
+ { FUNC_KEY(wep_key3) },
+ { INT(wep_tx_keyidx) },
+ { INT(priority) },
+#ifdef IEEE8021X_EAPOL
+ { INT(eap_workaround) },
+ { STR(pac_file) },
+ { INT(fragment_size) },
+#endif /* IEEE8021X_EAPOL */
+ { INT_RANGE(mode, 0, 1) },
+ { INT_RANGE(proactive_key_caching, 0, 1) },
+ { INT_RANGE(disabled, 0, 1) },
+ { STR(id_str) },
+#ifdef CONFIG_IEEE80211W
+ { INT_RANGE(ieee80211w, 0, 2) },
+#endif /* CONFIG_IEEE80211W */
+ { INT_RANGE(peerkey, 0, 1) },
+ { INT_RANGE(mixed_cell, 0, 1) },
+ { INT_RANGE(frequency, 0, 10000) }
+};
+
+#undef OFFSET
+#undef _STR
+#undef STR
+#undef STR_KEY
+#undef _STR_LEN
+#undef STR_LEN
+#undef STR_LEN_KEY
+#undef _STR_RANGE
+#undef STR_RANGE
+#undef STR_RANGE_KEY
+#undef _INT
+#undef INT
+#undef INT_RANGE
+#undef _FUNC
+#undef FUNC
+#undef FUNC_KEY
+#define NUM_SSID_FIELDS (sizeof(ssid_fields) / sizeof(ssid_fields[0]))
+
+
+/**
+ * wpa_config_add_prio_network - Add a network to priority lists
+ * @config: Configuration data from wpa_config_read()
+ * @ssid: Pointer to the network configuration to be added to the list
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to add a network block to the priority list of
+ * networks. This must be called for each network when reading in the full
+ * configuration. In addition, this can be used indirectly when updating
+ * priorities by calling wpa_config_update_prio_list().
+ */
+int wpa_config_add_prio_network(struct wpa_config *config,
+ struct wpa_ssid *ssid)
+{
+ int prio;
+ struct wpa_ssid *prev, **nlist;
+
+ /*
+ * Add to an existing priority list if one is available for the
+ * configured priority level for this network.
+ */
+ for (prio = 0; prio < config->num_prio; prio++) {
+ prev = config->pssid[prio];
+ if (prev->priority == ssid->priority) {
+ while (prev->pnext)
+ prev = prev->pnext;
+ prev->pnext = ssid;
+ return 0;
+ }
+ }
+
+ /* First network for this priority - add a new priority list */
+ nlist = os_realloc(config->pssid,
+ (config->num_prio + 1) * sizeof(struct wpa_ssid *));
+ if (nlist == NULL)
+ return -1;
+
+ for (prio = 0; prio < config->num_prio; prio++) {
+ if (nlist[prio]->priority < ssid->priority)
+ break;
+ }
+
+ os_memmove(&nlist[prio + 1], &nlist[prio],
+ (config->num_prio - prio) * sizeof(struct wpa_ssid *));
+
+ nlist[prio] = ssid;
+ config->num_prio++;
+ config->pssid = nlist;
+
+ return 0;
+}
+
+
+/**
+ * wpa_config_update_prio_list - Update network priority list
+ * @config: Configuration data from wpa_config_read()
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called to update the priority list of networks in the
+ * configuration when a network is being added or removed. This is also called
+ * if a priority for a network is changed.
+ */
+static int wpa_config_update_prio_list(struct wpa_config *config)
+{
+ struct wpa_ssid *ssid;
+ int ret = 0;
+
+ os_free(config->pssid);
+ config->pssid = NULL;
+ config->num_prio = 0;
+
+ ssid = config->ssid;
+ while (ssid) {
+ ssid->pnext = NULL;
+ if (wpa_config_add_prio_network(config, ssid) < 0)
+ ret = -1;
+ ssid = ssid->next;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_config_free_ssid - Free network/ssid configuration data
+ * @ssid: Configuration data for the network
+ *
+ * This function frees all resources allocated for the network configuration
+ * data.
+ */
+void wpa_config_free_ssid(struct wpa_ssid *ssid)
+{
+ os_free(ssid->ssid);
+ os_free(ssid->passphrase);
+#ifdef IEEE8021X_EAPOL
+ os_free(ssid->eap_methods);
+ os_free(ssid->identity);
+ os_free(ssid->anonymous_identity);
+ os_free(ssid->eappsk);
+ os_free(ssid->nai);
+ os_free(ssid->password);
+ os_free(ssid->ca_cert);
+ os_free(ssid->ca_path);
+ os_free(ssid->client_cert);
+ os_free(ssid->private_key);
+ os_free(ssid->private_key_passwd);
+ os_free(ssid->dh_file);
+ os_free(ssid->subject_match);
+ os_free(ssid->altsubject_match);
+ os_free(ssid->ca_cert2);
+ os_free(ssid->ca_path2);
+ os_free(ssid->client_cert2);
+ os_free(ssid->private_key2);
+ os_free(ssid->private_key2_passwd);
+ os_free(ssid->dh_file2);
+ os_free(ssid->subject_match2);
+ os_free(ssid->altsubject_match2);
+ os_free(ssid->phase1);
+ os_free(ssid->phase2);
+ os_free(ssid->pcsc);
+ os_free(ssid->pin);
+ os_free(ssid->engine_id);
+ os_free(ssid->key_id);
+ os_free(ssid->otp);
+ os_free(ssid->pending_req_otp);
+ os_free(ssid->pac_file);
+ os_free(ssid->new_password);
+#endif /* IEEE8021X_EAPOL */
+ os_free(ssid->id_str);
+ os_free(ssid);
+}
+
+
+/**
+ * wpa_config_free - Free configuration data
+ * @config: Configuration data from wpa_config_read()
+ *
+ * This function frees all resources allocated for the configuration data by
+ * wpa_config_read().
+ */
+void wpa_config_free(struct wpa_config *config)
+{
+ struct wpa_config_blob *blob, *prevblob;
+ struct wpa_ssid *ssid, *prev = NULL;
+ ssid = config->ssid;
+ while (ssid) {
+ prev = ssid;
+ ssid = ssid->next;
+ wpa_config_free_ssid(prev);
+ }
+
+ blob = config->blobs;
+ prevblob = NULL;
+ while (blob) {
+ prevblob = blob;
+ blob = blob->next;
+ wpa_config_free_blob(prevblob);
+ }
+
+ os_free(config->ctrl_interface);
+ os_free(config->ctrl_interface_group);
+ os_free(config->opensc_engine_path);
+ os_free(config->pkcs11_engine_path);
+ os_free(config->pkcs11_module_path);
+ os_free(config->driver_param);
+ os_free(config->pssid);
+ os_free(config);
+}
+
+
+#ifdef IEEE8021X_EAPOL
+/**
+ * wpa_config_allowed_eap_method - Check whether EAP method is allowed
+ * @ssid: Pointer to configuration data
+ * @vendor: Vendor-Id for expanded types or 0 = IETF for legacy types
+ * @method: EAP type
+ * Returns: 1 = allowed EAP method, 0 = not allowed
+ */
+int wpa_config_allowed_eap_method(struct wpa_ssid *ssid, int vendor,
+ u32 method)
+{
+ int i;
+ struct eap_method_type *m;
+
+ if (ssid == NULL || ssid->eap_methods == NULL)
+ return 1;
+
+ m = ssid->eap_methods;
+ for (i = 0; m[i].vendor != EAP_VENDOR_IETF ||
+ m[i].method != EAP_TYPE_NONE; i++) {
+ if (m[i].vendor == vendor && m[i].method == method)
+ return 1;
+ }
+ return 0;
+}
+#endif /* IEEE8021X_EAPOL */
+
+
+/**
+ * wpa_config_get_network - Get configured network based on id
+ * @config: Configuration data from wpa_config_read()
+ * @id: Unique network id to search for
+ * Returns: Network configuration or %NULL if not found
+ */
+struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id)
+{
+ struct wpa_ssid *ssid;
+
+ ssid = config->ssid;
+ while (ssid) {
+ if (id == ssid->id)
+ break;
+ ssid = ssid->next;
+ }
+
+ return ssid;
+}
+
+
+/**
+ * wpa_config_add_network - Add a new network with empty configuration
+ * @config: Configuration data from wpa_config_read()
+ * Returns: The new network configuration or %NULL if operation failed
+ */
+struct wpa_ssid * wpa_config_add_network(struct wpa_config *config)
+{
+ int id;
+ struct wpa_ssid *ssid, *last = NULL;
+
+ id = -1;
+ ssid = config->ssid;
+ while (ssid) {
+ if (ssid->id > id)
+ id = ssid->id;
+ last = ssid;
+ ssid = ssid->next;
+ }
+ id++;
+
+ ssid = os_zalloc(sizeof(*ssid));
+ if (ssid == NULL)
+ return NULL;
+ ssid->id = id;
+ if (last)
+ last->next = ssid;
+ else
+ config->ssid = ssid;
+
+ wpa_config_update_prio_list(config);
+
+ return ssid;
+}
+
+
+/**
+ * wpa_config_remove_network - Remove a configured network based on id
+ * @config: Configuration data from wpa_config_read()
+ * @id: Unique network id to search for
+ * Returns: 0 on success, or -1 if the network was not found
+ */
+int wpa_config_remove_network(struct wpa_config *config, int id)
+{
+ struct wpa_ssid *ssid, *prev = NULL;
+
+ ssid = config->ssid;
+ while (ssid) {
+ if (id == ssid->id)
+ break;
+ prev = ssid;
+ ssid = ssid->next;
+ }
+
+ if (ssid == NULL)
+ return -1;
+
+ if (prev)
+ prev->next = ssid->next;
+ else
+ config->ssid = ssid->next;
+
+ wpa_config_update_prio_list(config);
+ wpa_config_free_ssid(ssid);
+ return 0;
+}
+
+
+/**
+ * wpa_config_set_network_defaults - Set network default values
+ * @ssid: Pointer to network configuration data
+ */
+void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
+{
+ ssid->proto = DEFAULT_PROTO;
+ ssid->pairwise_cipher = DEFAULT_PAIRWISE;
+ ssid->group_cipher = DEFAULT_GROUP;
+ ssid->key_mgmt = DEFAULT_KEY_MGMT;
+#ifdef IEEE8021X_EAPOL
+ ssid->eapol_flags = DEFAULT_EAPOL_FLAGS;
+ ssid->eap_workaround = DEFAULT_EAP_WORKAROUND;
+ ssid->fragment_size = DEFAULT_FRAGMENT_SIZE;
+#endif /* IEEE8021X_EAPOL */
+}
+
+
+/**
+ * wpa_config_set - Set a variable in network configuration
+ * @ssid: Pointer to network configuration data
+ * @var: Variable name, e.g., "ssid"
+ * @value: Variable value
+ * @line: Line number in configuration file or 0 if not used
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function can be used to set network configuration variables based on
+ * both the configuration file and management interface input. The value
+ * parameter must be in the same format as the text-based configuration file is
+ * using. For example, strings are using double quotation marks.
+ */
+int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
+ int line)
+{
+ size_t i;
+ int ret = 0;
+
+ if (ssid == NULL || var == NULL || value == NULL)
+ return -1;
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+ if (os_strcmp(var, field->name) != 0)
+ continue;
+
+ if (field->parser(field, ssid, line, value)) {
+ if (line) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to "
+ "parse %s '%s'.", line, var, value);
+ }
+ ret = -1;
+ }
+ break;
+ }
+ if (i == NUM_SSID_FIELDS) {
+ if (line) {
+ wpa_printf(MSG_ERROR, "Line %d: unknown network field "
+ "'%s'.", line, var);
+ }
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_config_get - Get a variable in network configuration
+ * @ssid: Pointer to network configuration data
+ * @var: Variable name, e.g., "ssid"
+ * Returns: Value of the variable or %NULL on failure
+ *
+ * This function can be used to get network configuration variables. The
+ * returned value is a copy of the configuration variable in text format, i.e,.
+ * the same format that the text-based configuration file and wpa_config_set()
+ * are using for the value. The caller is responsible for freeing the returned
+ * value.
+ */
+char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
+{
+ size_t i;
+
+ if (ssid == NULL || var == NULL)
+ return NULL;
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+ if (os_strcmp(var, field->name) == 0)
+ return field->writer(field, ssid);
+ }
+
+ return NULL;
+}
+
+
+/**
+ * wpa_config_get_no_key - Get a variable in network configuration (no keys)
+ * @ssid: Pointer to network configuration data
+ * @var: Variable name, e.g., "ssid"
+ * Returns: Value of the variable or %NULL on failure
+ *
+ * This function can be used to get network configuration variable like
+ * wpa_config_get(). The only difference is that this functions does not expose
+ * key/password material from the configuration. In case a key/password field
+ * is requested, the returned value is an empty string or %NULL if the variable
+ * is not set or "*" if the variable is set (regardless of its value). The
+ * returned value is a copy of the configuration variable in text format, i.e,.
+ * the same format that the text-based configuration file and wpa_config_set()
+ * are using for the value. The caller is responsible for freeing the returned
+ * value.
+ */
+char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var)
+{
+ size_t i;
+
+ if (ssid == NULL || var == NULL)
+ return NULL;
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+ if (os_strcmp(var, field->name) == 0) {
+ char *res = field->writer(field, ssid);
+ if (field->key_data) {
+ if (res && res[0]) {
+ wpa_printf(MSG_DEBUG, "Do not allow "
+ "key_data field to be "
+ "exposed");
+ os_free(res);
+ return os_strdup("*");
+ }
+
+ os_free(res);
+ return NULL;
+ }
+ return res;
+ }
+ }
+
+ return NULL;
+}
+
+
+/**
+ * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID
+ * @ssid: Pointer to network configuration data
+ *
+ * This function must be called to update WPA PSK when either SSID or the
+ * passphrase has changed for the network configuration.
+ */
+void wpa_config_update_psk(struct wpa_ssid *ssid)
+{
+ pbkdf2_sha1(ssid->passphrase,
+ (char *) ssid->ssid, ssid->ssid_len, 4096,
+ ssid->psk, PMK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
+ ssid->psk, PMK_LEN);
+ ssid->psk_set = 1;
+}
+
+
+/**
+ * wpa_config_get_blob - Get a named configuration blob
+ * @config: Configuration data from wpa_config_read()
+ * @name: Name of the blob
+ * Returns: Pointer to blob data or %NULL if not found
+ */
+const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
+ const char *name)
+{
+ struct wpa_config_blob *blob = config->blobs;
+
+ while (blob) {
+ if (os_strcmp(blob->name, name) == 0)
+ return blob;
+ blob = blob->next;
+ }
+ return NULL;
+}
+
+
+/**
+ * wpa_config_set_blob - Set or add a named configuration blob
+ * @config: Configuration data from wpa_config_read()
+ * @blob: New value for the blob
+ *
+ * Adds a new configuration blob or replaces the current value of an existing
+ * blob.
+ */
+void wpa_config_set_blob(struct wpa_config *config,
+ struct wpa_config_blob *blob)
+{
+ wpa_config_remove_blob(config, blob->name);
+ blob->next = config->blobs;
+ config->blobs = blob;
+}
+
+
+/**
+ * wpa_config_free_blob - Free blob data
+ * @blob: Pointer to blob to be freed
+ */
+void wpa_config_free_blob(struct wpa_config_blob *blob)
+{
+ if (blob) {
+ os_free(blob->name);
+ os_free(blob->data);
+ os_free(blob);
+ }
+}
+
+
+/**
+ * wpa_config_remove_blob - Remove a named configuration blob
+ * @config: Configuration data from wpa_config_read()
+ * @name: Name of the blob to remove
+ * Returns: 0 if blob was removed or -1 if blob was not found
+ */
+int wpa_config_remove_blob(struct wpa_config *config, const char *name)
+{
+ struct wpa_config_blob *pos = config->blobs, *prev = NULL;
+
+ while (pos) {
+ if (os_strcmp(pos->name, name) == 0) {
+ if (prev)
+ prev->next = pos->next;
+ else
+ config->blobs = pos->next;
+ wpa_config_free_blob(pos);
+ return 0;
+ }
+ prev = pos;
+ pos = pos->next;
+ }
+
+ return -1;
+}
+
+
+/**
+ * wpa_config_alloc_empty - Allocate an empty configuration
+ * @ctrl_interface: Control interface parameters, e.g., path to UNIX domain
+ * socket
+ * @driver_param: Driver parameters
+ * Returns: Pointer to allocated configuration data or %NULL on failure
+ */
+struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
+ const char *driver_param)
+{
+ struct wpa_config *config;
+
+ config = os_zalloc(sizeof(*config));
+ if (config == NULL)
+ return NULL;
+ config->eapol_version = DEFAULT_EAPOL_VERSION;
+ config->ap_scan = DEFAULT_AP_SCAN;
+ config->fast_reauth = DEFAULT_FAST_REAUTH;
+
+ if (ctrl_interface)
+ config->ctrl_interface = os_strdup(ctrl_interface);
+ if (driver_param)
+ config->driver_param = os_strdup(driver_param);
+
+ return config;
+}
+
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+/**
+ * wpa_config_debug_dump_networks - Debug dump of configured networks
+ * @config: Configuration data from wpa_config_read()
+ */
+void wpa_config_debug_dump_networks(struct wpa_config *config)
+{
+ int prio;
+ struct wpa_ssid *ssid;
+
+ for (prio = 0; prio < config->num_prio; prio++) {
+ ssid = config->pssid[prio];
+ wpa_printf(MSG_DEBUG, "Priority group %d",
+ ssid->priority);
+ while (ssid) {
+ wpa_printf(MSG_DEBUG, " id=%d ssid='%s'",
+ ssid->id,
+ wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
+ ssid = ssid->pnext;
+ }
+ }
+}
+#endif /* CONFIG_NO_STDOUT_DEBUG */
--- /dev/null
+/*
+ * WPA Supplicant / Configuration file structures
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#define DEFAULT_EAPOL_VERSION 1
+#define DEFAULT_AP_SCAN 1
+#define DEFAULT_FAST_REAUTH 1
+
+#include "config_ssid.h"
+
+/**
+ * struct wpa_config_blob - Named configuration blob
+ *
+ * This data structure is used to provide storage for binary objects to store
+ * abstract information like certificates and private keys inlined with the
+ * configuration data.
+ */
+struct wpa_config_blob {
+ /**
+ * name - Blob name
+ */
+ char *name;
+
+ /**
+ * data - Pointer to binary data
+ */
+ u8 *data;
+
+ /**
+ * len - Length of binary data
+ */
+ size_t len;
+
+ /**
+ * next - Pointer to next blob in the configuration
+ */
+ struct wpa_config_blob *next;
+};
+
+
+/**
+ * struct wpa_config - wpa_supplicant configuration data
+ *
+ * This data structure is presents the per-interface (radio) configuration
+ * data. In many cases, there is only one struct wpa_config instance, but if
+ * more than one network interface is being controlled, one instance is used
+ * for each.
+ */
+struct wpa_config {
+ /**
+ * ssid - Head of the global network list
+ *
+ * This is the head for the list of all the configured networks.
+ */
+ struct wpa_ssid *ssid;
+
+ /**
+ * pssid - Per-priority network lists (in priority order)
+ */
+ struct wpa_ssid **pssid;
+
+ /**
+ * num_prio - Number of different priorities used in the pssid lists
+ *
+ * This indicates how many per-priority network lists are included in
+ * pssid.
+ */
+ int num_prio;
+
+ /**
+ * eapol_version - IEEE 802.1X/EAPOL version number
+ *
+ * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which
+ * defines EAPOL version 2. However, there are many APs that do not
+ * handle the new version number correctly (they seem to drop the
+ * frames completely). In order to make wpa_supplicant interoperate
+ * with these APs, the version number is set to 1 by default. This
+ * configuration value can be used to set it to the new version (2).
+ */
+ int eapol_version;
+
+ /**
+ * ap_scan - AP scanning/selection
+ *
+ * By default, wpa_supplicant requests driver to perform AP
+ * scanning and then uses the scan results to select a
+ * suitable AP. Another alternative is to allow the driver to
+ * take care of AP scanning and selection and use
+ * wpa_supplicant just to process EAPOL frames based on IEEE
+ * 802.11 association information from the driver.
+ *
+ * 1: wpa_supplicant initiates scanning and AP selection (default).
+ *
+ * 0: Driver takes care of scanning, AP selection, and IEEE 802.11
+ * association parameters (e.g., WPA IE generation); this mode can
+ * also be used with non-WPA drivers when using IEEE 802.1X mode;
+ * do not try to associate with APs (i.e., external program needs
+ * to control association). This mode must also be used when using
+ * wired Ethernet drivers.
+ *
+ * 2: like 0, but associate with APs using security policy and SSID
+ * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS
+ * drivers to enable operation with hidden SSIDs and optimized roaming;
+ * in this mode, the network blocks in the configuration are tried
+ * one by one until the driver reports successful association; each
+ * network block should have explicit security policy (i.e., only one
+ * option in the lists) for key_mgmt, pairwise, group, proto variables.
+ */
+ int ap_scan;
+
+ /**
+ * ctrl_interface - Parameters for the control interface
+ *
+ * If this is specified, %wpa_supplicant will open a control interface
+ * that is available for external programs to manage %wpa_supplicant.
+ * The meaning of this string depends on which control interface
+ * mechanism is used. For all cases, the existance of this parameter
+ * in configuration is used to determine whether the control interface
+ * is enabled.
+ *
+ * For UNIX domain sockets (default on Linux and BSD): This is a
+ * directory that will be created for UNIX domain sockets for listening
+ * to requests from external programs (CLI/GUI, etc.) for status
+ * information and configuration. The socket file will be named based
+ * on the interface name, so multiple %wpa_supplicant processes can be
+ * run at the same time if more than one interface is used.
+ * /var/run/wpa_supplicant is the recommended directory for sockets and
+ * by default, wpa_cli will use it when trying to connect with
+ * %wpa_supplicant.
+ *
+ * Access control for the control interface can be configured
+ * by setting the directory to allow only members of a group
+ * to use sockets. This way, it is possible to run
+ * %wpa_supplicant as root (since it needs to change network
+ * configuration and open raw sockets) and still allow GUI/CLI
+ * components to be run as non-root users. However, since the
+ * control interface can be used to change the network
+ * configuration, this access needs to be protected in many
+ * cases. By default, %wpa_supplicant is configured to use gid
+ * 0 (root). If you want to allow non-root users to use the
+ * control interface, add a new group and change this value to
+ * match with that group. Add users that should have control
+ * interface access to this group.
+ *
+ * When configuring both the directory and group, use following format:
+ * DIR=/var/run/wpa_supplicant GROUP=wheel
+ * DIR=/var/run/wpa_supplicant GROUP=0
+ * (group can be either group name or gid)
+ *
+ * For UDP connections (default on Windows): The value will be ignored.
+ * This variable is just used to select that the control interface is
+ * to be created. The value can be set to, e.g., udp
+ * (ctrl_interface=udp).
+ *
+ * For Windows Named Pipe: This value can be used to set the security
+ * descriptor for controlling access to the control interface. Security
+ * descriptor can be set using Security Descriptor String Format (see
+ * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp).
+ * The descriptor string needs to be prefixed with SDDL=. For example,
+ * ctrl_interface=SDDL=D: would set an empty DACL (which will reject
+ * all connections).
+ */
+ char *ctrl_interface;
+
+ /**
+ * ctrl_interface_group - Control interface group (DEPRECATED)
+ *
+ * This variable is only used for backwards compatibility. Group for
+ * UNIX domain sockets should now be specified using GROUP=<group> in
+ * ctrl_interface variable.
+ */
+ char *ctrl_interface_group;
+
+ /**
+ * fast_reauth - EAP fast re-authentication (session resumption)
+ *
+ * By default, fast re-authentication is enabled for all EAP methods
+ * that support it. This variable can be used to disable fast
+ * re-authentication (by setting fast_reauth=0). Normally, there is no
+ * need to disable fast re-authentication.
+ */
+ int fast_reauth;
+
+ /**
+ * opensc_engine_path - Path to the OpenSSL engine for opensc
+ *
+ * This is an OpenSSL specific configuration option for loading OpenSC
+ * engine (engine_opensc.so); if %NULL, this engine is not loaded.
+ */
+ char *opensc_engine_path;
+
+ /**
+ * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11
+ *
+ * This is an OpenSSL specific configuration option for loading PKCS#11
+ * engine (engine_pkcs11.so); if %NULL, this engine is not loaded.
+ */
+ char *pkcs11_engine_path;
+
+ /**
+ * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module
+ *
+ * This is an OpenSSL specific configuration option for configuring
+ * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this
+ * module is not loaded.
+ */
+ char *pkcs11_module_path;
+
+ /**
+ * driver_param - Driver interface parameters
+ *
+ * This text string is passed to the selected driver interface with the
+ * optional struct wpa_driver_ops::set_param() handler. This can be
+ * used to configure driver specific options without having to add new
+ * driver interface functionality.
+ */
+ char *driver_param;
+
+ /**
+ * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK
+ *
+ * dot11 MIB variable for the maximum lifetime of a PMK in the PMK
+ * cache (unit: seconds).
+ */
+ unsigned int dot11RSNAConfigPMKLifetime;
+
+ /**
+ * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold
+ *
+ * dot11 MIB variable for the percentage of the PMK lifetime
+ * that should expire before an IEEE 802.1X reauthentication occurs.
+ */
+ unsigned int dot11RSNAConfigPMKReauthThreshold;
+
+ /**
+ * dot11RSNAConfigSATimeout - Security association timeout
+ *
+ * dot11 MIB variable for the maximum time a security association
+ * shall take to set up (unit: seconds).
+ */
+ unsigned int dot11RSNAConfigSATimeout;
+
+ /**
+ * update_config - Is wpa_supplicant allowed to update configuration
+ *
+ * This variable control whether wpa_supplicant is allow to re-write
+ * its configuration with wpa_config_write(). If this is zero,
+ * configuration data is only changed in memory and the external data
+ * is not overriden. If this is non-zero, wpa_supplicant will update
+ * the configuration data (e.g., a file) whenever configuration is
+ * changed. This update may replace the old configuration which can
+ * remove comments from it in case of a text file configuration.
+ */
+ int update_config;
+
+ /**
+ * blobs - Configuration blobs
+ */
+ struct wpa_config_blob *blobs;
+};
+
+
+/* Prototypes for common functions from config.c */
+
+void wpa_config_free(struct wpa_config *ssid);
+void wpa_config_free_ssid(struct wpa_ssid *ssid);
+struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id);
+struct wpa_ssid * wpa_config_add_network(struct wpa_config *config);
+int wpa_config_remove_network(struct wpa_config *config, int id);
+void wpa_config_set_network_defaults(struct wpa_ssid *ssid);
+int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
+ int line);
+char * wpa_config_get(struct wpa_ssid *ssid, const char *var);
+char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var);
+void wpa_config_update_psk(struct wpa_ssid *ssid);
+int wpa_config_add_prio_network(struct wpa_config *config,
+ struct wpa_ssid *ssid);
+
+const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
+ const char *name);
+void wpa_config_set_blob(struct wpa_config *config,
+ struct wpa_config_blob *blob);
+void wpa_config_free_blob(struct wpa_config_blob *blob);
+int wpa_config_remove_blob(struct wpa_config *config, const char *name);
+struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
+ const char *driver_param);
+#ifndef CONFIG_NO_STDOUT_DEBUG
+void wpa_config_debug_dump_networks(struct wpa_config *config);
+#else /* CONFIG_NO_STDOUT_DEBUG */
+#define wpa_config_debug_dump_networks(c) do { } while (0)
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+/* Prototypes for backend specific functions from the selected config_*.c */
+
+/**
+ * wpa_config_read - Read and parse configuration database
+ * @name: Name of the configuration (e.g., path and file name for the
+ * configuration file)
+ * Returns: Pointer to allocated configuration data or %NULL on failure
+ *
+ * This function reads configuration data, parses its contents, and allocates
+ * data structures needed for storing configuration information. The allocated
+ * data can be freed with wpa_config_free().
+ *
+ * Each configuration backend needs to implement this function.
+ */
+struct wpa_config * wpa_config_read(const char *name);
+
+/**
+ * wpa_config_write - Write or update configuration data
+ * @name: Name of the configuration (e.g., path and file name for the
+ * configuration file)
+ * @config: Configuration data from wpa_config_read()
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function write all configuration data into an external database (e.g.,
+ * a text file) in a format that can be read with wpa_config_read(). This can
+ * be used to allow wpa_supplicant to update its configuration, e.g., when a
+ * new network is added or a password is changed.
+ *
+ * Each configuration backend needs to implement this function.
+ */
+int wpa_config_write(const char *name, struct wpa_config *config);
+
+#endif /* CONFIG_H */
--- /dev/null
+/*
+ * WPA Supplicant / Configuration backend: text file
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements a configuration backend for text files. All the
+ * configuration information is stored in a text file that uses a format
+ * described in the sample configuration file, wpa_supplicant.conf.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "config.h"
+#include "base64.h"
+#include "eap_methods.h"
+
+
+/**
+ * wpa_config_get_line - Read the next configuration file line
+ * @s: Buffer for the line
+ * @size: The buffer length
+ * @stream: File stream to read from
+ * @line: Pointer to a variable storing the file line number
+ * @_pos: Buffer for the pointer to the beginning of data on the text line or
+ * %NULL if not needed (returned value used instead)
+ * Returns: Pointer to the beginning of data on the text line or %NULL if no
+ * more text lines are available.
+ *
+ * This function reads the next non-empty line from the configuration file and
+ * removes comments. The returned string is guaranteed to be null-terminated.
+ */
+static char * wpa_config_get_line(char *s, int size, FILE *stream, int *line,
+ char **_pos)
+{
+ char *pos, *end, *sstart;
+
+ while (fgets(s, size, stream)) {
+ (*line)++;
+ s[size - 1] = '\0';
+ pos = s;
+
+ /* Skip white space from the beginning of line. */
+ while (*pos == ' ' || *pos == '\t' || *pos == '\r')
+ pos++;
+
+ /* Skip comment lines and empty lines */
+ if (*pos == '#' || *pos == '\n' || *pos == '\0')
+ continue;
+
+ /*
+ * Remove # comments unless they are within a double quoted
+ * string.
+ */
+ sstart = os_strchr(pos, '"');
+ if (sstart)
+ sstart = os_strrchr(sstart + 1, '"');
+ if (!sstart)
+ sstart = pos;
+ end = os_strchr(sstart, '#');
+ if (end)
+ *end-- = '\0';
+ else
+ end = pos + os_strlen(pos) - 1;
+
+ /* Remove trailing white space. */
+ while (end > pos &&
+ (*end == '\n' || *end == ' ' || *end == '\t' ||
+ *end == '\r'))
+ *end-- = '\0';
+
+ if (*pos == '\0')
+ continue;
+
+ if (_pos)
+ *_pos = pos;
+ return pos;
+ }
+
+ if (_pos)
+ *_pos = NULL;
+ return NULL;
+}
+
+
+static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
+{
+ int errors = 0;
+
+ if (ssid->passphrase) {
+ if (ssid->psk_set) {
+ wpa_printf(MSG_ERROR, "Line %d: both PSK and "
+ "passphrase configured.", line);
+ errors++;
+ }
+ wpa_config_update_psk(ssid);
+ }
+
+ if ((ssid->key_mgmt & WPA_KEY_MGMT_PSK) && !ssid->psk_set) {
+ wpa_printf(MSG_ERROR, "Line %d: WPA-PSK accepted for key "
+ "management, but no PSK configured.", line);
+ errors++;
+ }
+
+ if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
+ !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
+ !(ssid->pairwise_cipher & WPA_CIPHER_NONE)) {
+ /* Group cipher cannot be stronger than the pairwise cipher. */
+ wpa_printf(MSG_DEBUG, "Line %d: removed CCMP from group cipher"
+ " list since it was not allowed for pairwise "
+ "cipher", line);
+ ssid->group_cipher &= ~WPA_CIPHER_CCMP;
+ }
+
+ return errors;
+}
+
+
+static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id)
+{
+ struct wpa_ssid *ssid;
+ int errors = 0, end = 0;
+ char buf[256], *pos, *pos2;
+
+ wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new network block",
+ *line);
+ ssid = os_zalloc(sizeof(*ssid));
+ if (ssid == NULL)
+ return NULL;
+ ssid->id = id;
+
+ wpa_config_set_network_defaults(ssid);
+
+ while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
+ if (os_strcmp(pos, "}") == 0) {
+ end = 1;
+ break;
+ }
+
+ pos2 = os_strchr(pos, '=');
+ if (pos2 == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid SSID line "
+ "'%s'.", *line, pos);
+ errors++;
+ continue;
+ }
+
+ *pos2++ = '\0';
+ if (*pos2 == '"') {
+ if (os_strchr(pos2 + 1, '"') == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid "
+ "quotation '%s'.", *line, pos2);
+ errors++;
+ continue;
+ }
+ }
+
+ if (wpa_config_set(ssid, pos, pos2, *line) < 0)
+ errors++;
+ }
+
+ if (!end) {
+ wpa_printf(MSG_ERROR, "Line %d: network block was not "
+ "terminated properly.", *line);
+ errors++;
+ }
+
+ errors += wpa_config_validate_network(ssid, *line);
+
+ if (errors) {
+ wpa_config_free_ssid(ssid);
+ ssid = NULL;
+ }
+
+ return ssid;
+}
+
+
+static struct wpa_config_blob * wpa_config_read_blob(FILE *f, int *line,
+ const char *name)
+{
+ struct wpa_config_blob *blob;
+ char buf[256], *pos;
+ unsigned char *encoded = NULL, *nencoded;
+ int end = 0;
+ size_t encoded_len = 0, len;
+
+ wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new named blob '%s'",
+ *line, name);
+
+ while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
+ if (os_strcmp(pos, "}") == 0) {
+ end = 1;
+ break;
+ }
+
+ len = os_strlen(pos);
+ nencoded = os_realloc(encoded, encoded_len + len);
+ if (nencoded == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: not enough memory for "
+ "blob", *line);
+ os_free(encoded);
+ return NULL;
+ }
+ encoded = nencoded;
+ os_memcpy(encoded + encoded_len, pos, len);
+ encoded_len += len;
+ }
+
+ if (!end) {
+ wpa_printf(MSG_ERROR, "Line %d: blob was not terminated "
+ "properly", *line);
+ os_free(encoded);
+ return NULL;
+ }
+
+ blob = os_zalloc(sizeof(*blob));
+ if (blob == NULL) {
+ os_free(encoded);
+ return NULL;
+ }
+ blob->name = os_strdup(name);
+ blob->data = base64_decode(encoded, encoded_len, &blob->len);
+ os_free(encoded);
+
+ if (blob->name == NULL || blob->data == NULL) {
+ wpa_config_free_blob(blob);
+ return NULL;
+ }
+
+ return blob;
+}
+
+
+struct wpa_config * wpa_config_read(const char *name)
+{
+ FILE *f;
+ char buf[256], *pos;
+ int errors = 0, line = 0;
+ struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
+ struct wpa_config *config;
+ int id = 0;
+
+ config = wpa_config_alloc_empty(NULL, NULL);
+ if (config == NULL)
+ return NULL;
+ wpa_printf(MSG_DEBUG, "Reading configuration file '%s'", name);
+ f = fopen(name, "r");
+ if (f == NULL) {
+ os_free(config);
+ return NULL;
+ }
+
+ while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
+ if (os_strcmp(pos, "network={") == 0) {
+ ssid = wpa_config_read_network(f, &line, id++);
+ if (ssid == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to "
+ "parse network block.", line);
+ errors++;
+ continue;
+ }
+ if (head == NULL) {
+ head = tail = ssid;
+ } else {
+ tail->next = ssid;
+ tail = ssid;
+ }
+ if (wpa_config_add_prio_network(config, ssid)) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to add "
+ "network block to priority list.",
+ line);
+ errors++;
+ continue;
+ }
+ } else if (os_strncmp(pos, "blob-base64-", 12) == 0) {
+ char *bname = pos + 12, *name_end;
+ struct wpa_config_blob *blob;
+
+ name_end = os_strchr(bname, '=');
+ if (name_end == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: no blob name "
+ "terminator", line);
+ errors++;
+ continue;
+ }
+ *name_end = '\0';
+
+ blob = wpa_config_read_blob(f, &line, bname);
+ if (blob == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to read"
+ " blob %s", line, bname);
+ errors++;
+ continue;
+ }
+ wpa_config_set_blob(config, blob);
+#ifdef CONFIG_CTRL_IFACE
+ } else if (os_strncmp(pos, "ctrl_interface=", 15) == 0) {
+ os_free(config->ctrl_interface);
+ config->ctrl_interface = os_strdup(pos + 15);
+ wpa_printf(MSG_DEBUG, "ctrl_interface='%s'",
+ config->ctrl_interface);
+ } else if (os_strncmp(pos, "ctrl_interface_group=", 21) == 0) {
+ os_free(config->ctrl_interface_group);
+ config->ctrl_interface_group = os_strdup(pos + 21);
+ wpa_printf(MSG_DEBUG, "ctrl_interface_group='%s' "
+ "(DEPRECATED)",
+ config->ctrl_interface_group);
+#endif /* CONFIG_CTRL_IFACE */
+ } else if (os_strncmp(pos, "eapol_version=", 14) == 0) {
+ config->eapol_version = atoi(pos + 14);
+ if (config->eapol_version < 1 ||
+ config->eapol_version > 2) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid EAPOL "
+ "version (%d): '%s'.",
+ line, config->eapol_version, pos);
+ errors++;
+ continue;
+ }
+ wpa_printf(MSG_DEBUG, "eapol_version=%d",
+ config->eapol_version);
+ } else if (os_strncmp(pos, "ap_scan=", 8) == 0) {
+ config->ap_scan = atoi(pos + 8);
+ wpa_printf(MSG_DEBUG, "ap_scan=%d", config->ap_scan);
+ } else if (os_strncmp(pos, "fast_reauth=", 12) == 0) {
+ config->fast_reauth = atoi(pos + 12);
+ wpa_printf(MSG_DEBUG, "fast_reauth=%d",
+ config->fast_reauth);
+ } else if (os_strncmp(pos, "opensc_engine_path=", 19) == 0) {
+ os_free(config->opensc_engine_path);
+ config->opensc_engine_path = os_strdup(pos + 19);
+ wpa_printf(MSG_DEBUG, "opensc_engine_path='%s'",
+ config->opensc_engine_path);
+ } else if (os_strncmp(pos, "pkcs11_engine_path=", 19) == 0) {
+ os_free(config->pkcs11_engine_path);
+ config->pkcs11_engine_path = os_strdup(pos + 19);
+ wpa_printf(MSG_DEBUG, "pkcs11_engine_path='%s'",
+ config->pkcs11_engine_path);
+ } else if (os_strncmp(pos, "pkcs11_module_path=", 19) == 0) {
+ os_free(config->pkcs11_module_path);
+ config->pkcs11_module_path = os_strdup(pos + 19);
+ wpa_printf(MSG_DEBUG, "pkcs11_module_path='%s'",
+ config->pkcs11_module_path);
+ } else if (os_strncmp(pos, "driver_param=", 13) == 0) {
+ os_free(config->driver_param);
+ config->driver_param = os_strdup(pos + 13);
+ wpa_printf(MSG_DEBUG, "driver_param='%s'",
+ config->driver_param);
+ } else if (os_strncmp(pos, "dot11RSNAConfigPMKLifetime=", 27)
+ == 0) {
+ config->dot11RSNAConfigPMKLifetime = atoi(pos + 27);
+ wpa_printf(MSG_DEBUG, "dot11RSNAConfigPMKLifetime=%d",
+ config->dot11RSNAConfigPMKLifetime);
+ } else if (os_strncmp(pos,
+ "dot11RSNAConfigPMKReauthThreshold=", 34)
+ == 0) {
+ config->dot11RSNAConfigPMKReauthThreshold =
+ atoi(pos + 34);
+ wpa_printf(MSG_DEBUG,
+ "dot11RSNAConfigPMKReauthThreshold=%d",
+ config->dot11RSNAConfigPMKReauthThreshold);
+ } else if (os_strncmp(pos, "dot11RSNAConfigSATimeout=", 25) ==
+ 0) {
+ config->dot11RSNAConfigSATimeout = atoi(pos + 25);
+ wpa_printf(MSG_DEBUG, "dot11RSNAConfigSATimeout=%d",
+ config->dot11RSNAConfigSATimeout);
+ } else if (os_strncmp(pos, "update_config=", 14) == 0) {
+ config->update_config = atoi(pos + 14);
+ wpa_printf(MSG_DEBUG, "update_config=%d",
+ config->update_config);
+ } else if (os_strncmp(pos, "load_dynamic_eap=", 17) == 0) {
+ char *so = pos + 17;
+ int ret;
+ wpa_printf(MSG_DEBUG, "load_dynamic_eap=%s", so);
+ ret = eap_peer_method_load(so);
+ if (ret == -2) {
+ wpa_printf(MSG_DEBUG, "This EAP type was "
+ "already loaded - not reloading.");
+ } else if (ret) {
+ wpa_printf(MSG_ERROR, "Line %d: Failed to "
+ "load dynamic EAP method '%s'.",
+ line, so);
+ errors++;
+ }
+ } else {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid configuration "
+ "line '%s'.", line, pos);
+ errors++;
+ continue;
+ }
+ }
+
+ fclose(f);
+
+ config->ssid = head;
+ wpa_config_debug_dump_networks(config);
+
+ if (errors) {
+ wpa_config_free(config);
+ config = NULL;
+ head = NULL;
+ }
+
+ return config;
+}
+
+
+static void write_str(FILE *f, const char *field, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, field);
+ if (value == NULL)
+ return;
+ fprintf(f, "\t%s=%s\n", field, value);
+ os_free(value);
+}
+
+
+static void write_int(FILE *f, const char *field, int value, int def)
+{
+ if (value == def)
+ return;
+ fprintf(f, "\t%s=%d\n", field, value);
+}
+
+
+static void write_bssid(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, "bssid");
+ if (value == NULL)
+ return;
+ fprintf(f, "\tbssid=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_psk(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, "psk");
+ if (value == NULL)
+ return;
+ fprintf(f, "\tpsk=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_proto(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->proto == DEFAULT_PROTO)
+ return;
+
+ value = wpa_config_get(ssid, "proto");
+ if (value == NULL)
+ return;
+ if (value[0])
+ fprintf(f, "\tproto=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_key_mgmt(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
+ return;
+
+ value = wpa_config_get(ssid, "key_mgmt");
+ if (value == NULL)
+ return;
+ if (value[0])
+ fprintf(f, "\tkey_mgmt=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_pairwise(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->pairwise_cipher == DEFAULT_PAIRWISE)
+ return;
+
+ value = wpa_config_get(ssid, "pairwise");
+ if (value == NULL)
+ return;
+ if (value[0])
+ fprintf(f, "\tpairwise=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_group(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->group_cipher == DEFAULT_GROUP)
+ return;
+
+ value = wpa_config_get(ssid, "group");
+ if (value == NULL)
+ return;
+ if (value[0])
+ fprintf(f, "\tgroup=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_auth_alg(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->auth_alg == 0)
+ return;
+
+ value = wpa_config_get(ssid, "auth_alg");
+ if (value == NULL)
+ return;
+ if (value[0])
+ fprintf(f, "\tauth_alg=%s\n", value);
+ os_free(value);
+}
+
+
+#ifdef IEEE8021X_EAPOL
+static void write_eap(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ value = wpa_config_get(ssid, "eap");
+ if (value == NULL)
+ return;
+
+ if (value[0])
+ fprintf(f, "\teap=%s\n", value);
+ os_free(value);
+}
+#endif /* IEEE8021X_EAPOL */
+
+
+static void write_wep_key(FILE *f, int idx, struct wpa_ssid *ssid)
+{
+ char field[20], *value;
+
+ os_snprintf(field, sizeof(field), "wep_key%d", idx);
+ value = wpa_config_get(ssid, field);
+ if (value) {
+ fprintf(f, "\t%s=%s\n", field, value);
+ os_free(value);
+ }
+}
+
+
+static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
+{
+ int i;
+
+#define STR(t) write_str(f, #t, ssid)
+#define INT(t) write_int(f, #t, ssid->t, 0)
+#define INT_DEF(t, def) write_int(f, #t, ssid->t, def)
+
+ STR(ssid);
+ INT(scan_ssid);
+ write_bssid(f, ssid);
+ write_psk(f, ssid);
+ write_proto(f, ssid);
+ write_key_mgmt(f, ssid);
+ write_pairwise(f, ssid);
+ write_group(f, ssid);
+ write_auth_alg(f, ssid);
+#ifdef IEEE8021X_EAPOL
+ write_eap(f, ssid);
+ STR(identity);
+ STR(anonymous_identity);
+ STR(eappsk);
+ STR(nai);
+ STR(password);
+ STR(ca_cert);
+ STR(ca_path);
+ STR(client_cert);
+ STR(private_key);
+ STR(private_key_passwd);
+ STR(dh_file);
+ STR(subject_match);
+ STR(altsubject_match);
+ STR(ca_cert2);
+ STR(ca_path2);
+ STR(client_cert2);
+ STR(private_key2);
+ STR(private_key2_passwd);
+ STR(dh_file2);
+ STR(subject_match2);
+ STR(altsubject_match2);
+ STR(phase1);
+ STR(phase2);
+ STR(pcsc);
+ STR(pin);
+ STR(engine_id);
+ STR(key_id);
+ INT(engine);
+ INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
+#endif /* IEEE8021X_EAPOL */
+ for (i = 0; i < 4; i++)
+ write_wep_key(f, i, ssid);
+ INT(wep_tx_keyidx);
+ INT(priority);
+#ifdef IEEE8021X_EAPOL
+ INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
+ STR(pac_file);
+ INT_DEF(fragment_size, DEFAULT_FRAGMENT_SIZE);
+#endif /* IEEE8021X_EAPOL */
+ INT(mode);
+ INT(proactive_key_caching);
+ INT(disabled);
+ INT(peerkey);
+#ifdef CONFIG_IEEE80211W
+ INT(ieee80211w);
+#endif /* CONFIG_IEEE80211W */
+ STR(id_str);
+
+#undef STR
+#undef INT
+#undef INT_DEF
+}
+
+
+static int wpa_config_write_blob(FILE *f, struct wpa_config_blob *blob)
+{
+ unsigned char *encoded;
+
+ encoded = base64_encode(blob->data, blob->len, NULL);
+ if (encoded == NULL)
+ return -1;
+
+ fprintf(f, "\nblob-base64-%s={\n%s}\n", blob->name, encoded);
+ os_free(encoded);
+ return 0;
+}
+
+
+static void wpa_config_write_global(FILE *f, struct wpa_config *config)
+{
+#ifdef CONFIG_CTRL_IFACE
+ if (config->ctrl_interface)
+ fprintf(f, "ctrl_interface=%s\n", config->ctrl_interface);
+ if (config->ctrl_interface_group)
+ fprintf(f, "ctrl_interface_group=%s\n",
+ config->ctrl_interface_group);
+#endif /* CONFIG_CTRL_IFACE */
+ if (config->eapol_version != DEFAULT_EAPOL_VERSION)
+ fprintf(f, "eapol_version=%d\n", config->eapol_version);
+ if (config->ap_scan != DEFAULT_AP_SCAN)
+ fprintf(f, "ap_scan=%d\n", config->ap_scan);
+ if (config->fast_reauth != DEFAULT_FAST_REAUTH)
+ fprintf(f, "fast_reauth=%d\n", config->fast_reauth);
+ if (config->opensc_engine_path)
+ fprintf(f, "opensc_engine_path=%s\n",
+ config->opensc_engine_path);
+ if (config->pkcs11_engine_path)
+ fprintf(f, "pkcs11_engine_path=%s\n",
+ config->pkcs11_engine_path);
+ if (config->pkcs11_module_path)
+ fprintf(f, "pkcs11_module_path=%s\n",
+ config->pkcs11_module_path);
+ if (config->driver_param)
+ fprintf(f, "driver_param=%s\n", config->driver_param);
+ if (config->dot11RSNAConfigPMKLifetime)
+ fprintf(f, "dot11RSNAConfigPMKLifetime=%d\n",
+ config->dot11RSNAConfigPMKLifetime);
+ if (config->dot11RSNAConfigPMKReauthThreshold)
+ fprintf(f, "dot11RSNAConfigPMKReauthThreshold=%d\n",
+ config->dot11RSNAConfigPMKReauthThreshold);
+ if (config->dot11RSNAConfigSATimeout)
+ fprintf(f, "dot11RSNAConfigSATimeout=%d\n",
+ config->dot11RSNAConfigSATimeout);
+ if (config->update_config)
+ fprintf(f, "update_config=%d\n", config->update_config);
+}
+
+
+int wpa_config_write(const char *name, struct wpa_config *config)
+{
+ FILE *f;
+ struct wpa_ssid *ssid;
+ struct wpa_config_blob *blob;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
+
+ f = fopen(name, "w");
+ if (f == NULL) {
+ wpa_printf(MSG_DEBUG, "Failed to open '%s' for writing", name);
+ return -1;
+ }
+
+ wpa_config_write_global(f, config);
+
+ for (ssid = config->ssid; ssid; ssid = ssid->next) {
+ fprintf(f, "\nnetwork={\n");
+ wpa_config_write_network(f, ssid);
+ fprintf(f, "}\n");
+ }
+
+ for (blob = config->blobs; blob; blob = blob->next) {
+ ret = wpa_config_write_blob(f, blob);
+ if (ret)
+ break;
+ }
+
+ fclose(f);
+
+ wpa_printf(MSG_DEBUG, "Configuration file '%s' written %ssuccessfully",
+ name, ret ? "un" : "");
+ return ret;
+}
--- /dev/null
+/*
+ * WPA Supplicant / Configuration backend: empty starting point
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements dummy example of a configuration backend. None of the
+ * functions are actually implemented so this can be used as a simple
+ * compilation test or a starting point for a new configuration backend.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "config.h"
+#include "base64.h"
+
+
+struct wpa_config * wpa_config_read(const char *name)
+{
+ struct wpa_config *config;
+
+ config = wpa_config_alloc_empty(NULL, NULL);
+ if (config == NULL)
+ return NULL;
+ /* TODO: fill in configuration data */
+ return config;
+}
+
+
+int wpa_config_write(const char *name, struct wpa_config *config)
+{
+ struct wpa_ssid *ssid;
+ struct wpa_config_blob *blob;
+
+ wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
+
+ /* TODO: write global config parameters */
+
+
+ for (ssid = config->ssid; ssid; ssid = ssid->next) {
+ /* TODO: write networks */
+ }
+
+ for (blob = config->blobs; blob; blob = blob->next) {
+ /* TODO: write blobs */
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * WPA Supplicant / Network configuration structures
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_SSID_H
+#define CONFIG_SSID_H
+
+#ifndef BIT
+#define BIT(n) (1 << (n))
+#endif
+
+#define WPA_CIPHER_NONE BIT(0)
+#define WPA_CIPHER_WEP40 BIT(1)
+#define WPA_CIPHER_WEP104 BIT(2)
+#define WPA_CIPHER_TKIP BIT(3)
+#define WPA_CIPHER_CCMP BIT(4)
+#ifdef CONFIG_IEEE80211W
+#define WPA_CIPHER_AES_128_CMAC BIT(5)
+#endif /* CONFIG_IEEE80211W */
+
+#define WPA_KEY_MGMT_IEEE8021X BIT(0)
+#define WPA_KEY_MGMT_PSK BIT(1)
+#define WPA_KEY_MGMT_NONE BIT(2)
+#define WPA_KEY_MGMT_IEEE8021X_NO_WPA BIT(3)
+#define WPA_KEY_MGMT_WPA_NONE BIT(4)
+
+#define WPA_PROTO_WPA BIT(0)
+#define WPA_PROTO_RSN BIT(1)
+
+#define WPA_AUTH_ALG_OPEN BIT(0)
+#define WPA_AUTH_ALG_SHARED BIT(1)
+#define WPA_AUTH_ALG_LEAP BIT(2)
+
+#define MAX_SSID_LEN 32
+#define PMK_LEN 32
+#define EAP_PSK_LEN_MIN 16
+#define EAP_PSK_LEN_MAX 32
+
+
+#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+#define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
+ EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
+#define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)
+#define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X)
+#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
+#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | \
+ WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)
+#define DEFAULT_FRAGMENT_SIZE 1398
+
+/**
+ * struct wpa_ssid - Network configuration data
+ *
+ * This structure includes all the configuration variables for a network. This
+ * data is included in the per-interface configuration data as an element of
+ * the network list, struct wpa_config::ssid. Each network block in the
+ * configuration is mapped to a struct wpa_ssid instance.
+ */
+struct wpa_ssid {
+ /**
+ * next - Next network in global list
+ *
+ * This pointer can be used to iterate over all networks. The head of
+ * this list is stored in the ssid field of struct wpa_config.
+ */
+ struct wpa_ssid *next;
+
+ /**
+ * pnext - Next network in per-priority list
+ *
+ * This pointer can be used to iterate over all networks in the same
+ * priority class. The heads of these list are stored in the pssid
+ * fields of struct wpa_config.
+ */
+ struct wpa_ssid *pnext;
+
+ /**
+ * id - Unique id for the network
+ *
+ * This identifier is used as a unique identifier for each network
+ * block when using the control interface. Each network is allocated an
+ * id when it is being created, either when reading the configuration
+ * file or when a new network is added through the control interface.
+ */
+ int id;
+
+ /**
+ * priority - Priority group
+ *
+ * By default, all networks will get same priority group (0). If some
+ * of the networks are more desirable, this field can be used to change
+ * the order in which wpa_supplicant goes through the networks when
+ * selecting a BSS. The priority groups will be iterated in decreasing
+ * priority (i.e., the larger the priority value, the sooner the
+ * network is matched against the scan results). Within each priority
+ * group, networks will be selected based on security policy, signal
+ * strength, etc.
+ *
+ * Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are
+ * not using this priority to select the order for scanning. Instead,
+ * they try the networks in the order that used in the configuration
+ * file.
+ */
+ int priority;
+
+ /**
+ * ssid - Service set identifier (network name)
+ *
+ * This is the SSID for the network. For wireless interfaces, this is
+ * used to select which network will be used. If set to %NULL (or
+ * ssid_len=0), any SSID can be used. For wired interfaces, this must
+ * be set to %NULL. Note: SSID may contain any characters, even nul
+ * (ASCII 0) and as such, this should not be assumed to be a nul
+ * terminated string. ssid_len defines how many characters are valid
+ * and the ssid field is not guaranteed to be nul terminated.
+ */
+ u8 *ssid;
+
+ /**
+ * ssid_len - Length of the SSID
+ */
+ size_t ssid_len;
+
+ /**
+ * bssid - BSSID
+ *
+ * If set, this network block is used only when associating with the AP
+ * using the configured BSSID
+ */
+ u8 bssid[ETH_ALEN];
+
+ /**
+ * bssid_set - Whether BSSID is configured for this network
+ */
+ int bssid_set;
+
+ /**
+ * psk - WPA pre-shared key (256 bits)
+ */
+ u8 psk[PMK_LEN];
+
+ /**
+ * psk_set - Whether PSK field is configured
+ */
+ int psk_set;
+
+ /**
+ * passphrase - WPA ASCII passphrase
+ *
+ * If this is set, psk will be generated using the SSID and passphrase
+ * configured for the network. ASCII passphrase must be between 8 and
+ * 63 characters (inclusive).
+ */
+ char *passphrase;
+
+ /**
+ * pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_*
+ */
+ int pairwise_cipher;
+
+ /**
+ * group_cipher - Bitfield of allowed group ciphers, WPA_CIPHER_*
+ */
+ int group_cipher;
+
+ /**
+ * key_mgmt - Bitfield of allowed key management protocols
+ *
+ * WPA_KEY_MGMT_*
+ */
+ int key_mgmt;
+
+ /**
+ * proto - Bitfield of allowed protocols, WPA_PROTO_*
+ */
+ int proto;
+
+ /**
+ * auth_alg - Bitfield of allowed authentication algorithms
+ *
+ * WPA_AUTH_ALG_*
+ */
+ int auth_alg;
+
+ /**
+ * scan_ssid - Scan this SSID with Probe Requests
+ *
+ * scan_ssid can be used to scan for APs using hidden SSIDs.
+ * Note: Many drivers do not support this. ap_mode=2 can be used with
+ * such drivers to use hidden SSIDs.
+ */
+ int scan_ssid;
+
+#ifdef IEEE8021X_EAPOL
+
+ /**
+ * identity - EAP Identity
+ */
+ u8 *identity;
+
+ /**
+ * identity_len - EAP Identity length
+ */
+ size_t identity_len;
+
+ /**
+ * anonymous_identity - Anonymous EAP Identity
+ *
+ * This field is used for unencrypted use with EAP types that support
+ * different tunnelled identity, e.g., EAP-TTLS, in order to reveal the
+ * real identity (identity field) only to the authentication server.
+ */
+ u8 *anonymous_identity;
+
+ /**
+ * anonymous_identity_len - Length of anonymous_identity
+ */
+ size_t anonymous_identity_len;
+
+ /**
+ * eappsk - EAP-PSK/PAX/SAKE pre-shared key
+ */
+ u8 *eappsk;
+
+ /**
+ * eappsk_len - EAP-PSK/PAX/SAKE pre-shared key length
+ *
+ * This field is always 16 for the current version of EAP-PSK/PAX and
+ * 32 for EAP-SAKE.
+ */
+ size_t eappsk_len;
+
+ /**
+ * nai - User NAI (for EAP-PSK/PAX/SAKE)
+ */
+ u8 *nai;
+
+ /**
+ * nai_len - Length of nai field
+ */
+ size_t nai_len;
+
+ /**
+ * password - Password string for EAP
+ */
+ u8 *password;
+
+ /**
+ * password_len - Length of password field
+ */
+ size_t password_len;
+
+ /**
+ * ca_cert - File path to CA certificate file (PEM/DER)
+ *
+ * This file can have one or more trusted CA certificates. If ca_cert
+ * and ca_path are not included, server certificate will not be
+ * verified. This is insecure and a trusted CA certificate should
+ * always be configured when using EAP-TLS/TTLS/PEAP. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ *
+ * On Windows, trusted CA certificates can be loaded from the system
+ * certificate store by setting this to cert_store://<name>, e.g.,
+ * ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
+ * Note that when running wpa_supplicant as an application, the user
+ * certificate store (My user account) is used, whereas computer store
+ * (Computer account) is used when running wpasvc as a service.
+ */
+ u8 *ca_cert;
+
+ /**
+ * ca_path - Directory path for CA certificate files (PEM)
+ *
+ * This path may contain multiple CA certificates in OpenSSL format.
+ * Common use for this is to point to system trusted CA list which is
+ * often installed into directory like /etc/ssl/certs. If configured,
+ * these certificates are added to the list of trusted CAs. ca_cert
+ * may also be included in that case, but it is not required.
+ */
+ u8 *ca_path;
+
+ /**
+ * client_cert - File path to client certificate file (PEM/DER)
+ *
+ * This field is used with EAP method that use TLS authentication.
+ * Usually, this is only configured for EAP-TLS, even though this could
+ * in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *client_cert;
+
+ /**
+ * private_key - File path to client private key file (PEM/DER/PFX)
+ *
+ * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
+ * commented out. Both the private key and certificate will be read
+ * from the PKCS#12 file in this case. Full path to the file should be
+ * used since working directory may change when wpa_supplicant is run
+ * in the background.
+ *
+ * Windows certificate store can be used by leaving client_cert out and
+ * configuring private_key in one of the following formats:
+ *
+ * cert://substring_to_match
+ *
+ * hash://certificate_thumbprint_in_hex
+ *
+ * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
+ *
+ * Note that when running wpa_supplicant as an application, the user
+ * certificate store (My user account) is used, whereas computer store
+ * (Computer account) is used when running wpasvc as a service.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *private_key;
+
+ /**
+ * private_key_passwd - Password for private key file
+ *
+ * If left out, this will be asked through control interface.
+ */
+ u8 *private_key_passwd;
+
+ /**
+ * dh_file - File path to DH/DSA parameters file (in PEM format)
+ *
+ * This is an optional configuration file for setting parameters for an
+ * ephemeral DH key exchange. In most cases, the default RSA
+ * authentication does not use this configuration. However, it is
+ * possible setup RSA to use ephemeral DH key exchange. In addition,
+ * ciphers with DSA keys always use ephemeral DH keys. This can be used
+ * to achieve forward secrecy. If the file is in DSA parameters format,
+ * it will be automatically converted into DH params. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *dh_file;
+
+ /**
+ * subject_match - Constraint for server certificate subject
+ *
+ * This substring is matched against the subject of the authentication
+ * server certificate. If this string is set, the server sertificate is
+ * only accepted if it contains this string in the subject. The subject
+ * string is in following format:
+ *
+ * /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com
+ */
+ u8 *subject_match;
+
+ /**
+ * altsubject_match - Constraint for server certificate alt. subject
+ *
+ * Semicolon separated string of entries to be matched against the
+ * alternative subject name of the authentication server certificate.
+ * If this string is set, the server sertificate is only accepted if it
+ * contains one of the entries in an alternative subject name
+ * extension.
+ *
+ * altSubjectName string is in following format: TYPE:VALUE
+ *
+ * Example: EMAIL:server@example.com
+ * Example: DNS:server.example.com;DNS:server2.example.com
+ *
+ * Following types are supported: EMAIL, DNS, URI
+ */
+ u8 *altsubject_match;
+
+ /**
+ * ca_cert2 - File path to CA certificate file (PEM/DER) (Phase 2)
+ *
+ * This file can have one or more trusted CA certificates. If ca_cert2
+ * and ca_path2 are not included, server certificate will not be
+ * verified. This is insecure and a trusted CA certificate should
+ * always be configured. Full path to the file should be used since
+ * working directory may change when wpa_supplicant is run in the
+ * background.
+ *
+ * This field is like ca_cert, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *ca_cert2;
+
+ /**
+ * ca_path2 - Directory path for CA certificate files (PEM) (Phase 2)
+ *
+ * This path may contain multiple CA certificates in OpenSSL format.
+ * Common use for this is to point to system trusted CA list which is
+ * often installed into directory like /etc/ssl/certs. If configured,
+ * these certificates are added to the list of trusted CAs. ca_cert
+ * may also be included in that case, but it is not required.
+ *
+ * This field is like ca_path, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ u8 *ca_path2;
+
+ /**
+ * client_cert2 - File path to client certificate file
+ *
+ * This field is like client_cert, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *client_cert2;
+
+ /**
+ * private_key2 - File path to client private key file
+ *
+ * This field is like private_key, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *private_key2;
+
+ /**
+ * private_key2_passwd - Password for private key file
+ *
+ * This field is like private_key_passwd, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ u8 *private_key2_passwd;
+
+ /**
+ * dh_file2 - File path to DH/DSA parameters file (in PEM format)
+ *
+ * This field is like dh_file, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the
+ * file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ *
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ u8 *dh_file2;
+
+ /**
+ * subject_match2 - Constraint for server certificate subject
+ *
+ * This field is like subject_match, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ u8 *subject_match2;
+
+ /**
+ * altsubject_match2 - Constraint for server certificate alt. subject
+ *
+ * This field is like altsubject_match, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ u8 *altsubject_match2;
+
+ /**
+ * eap_methods - Allowed EAP methods
+ *
+ * (vendor=EAP_VENDOR_IETF,method=EAP_TYPE_NONE) terminated list of
+ * allowed EAP methods or %NULL if all methods are accepted.
+ */
+ struct eap_method_type *eap_methods;
+
+ /**
+ * phase1 - Phase 1 (outer authentication) parameters
+ *
+ * String with field-value pairs, e.g., "peapver=0" or
+ * "peapver=1 peaplabel=1".
+ *
+ * 'peapver' can be used to force which PEAP version (0 or 1) is used.
+ *
+ * 'peaplabel=1' can be used to force new label, "client PEAP
+ * encryption", to be used during key derivation when PEAPv1 or newer.
+ *
+ * Most existing PEAPv1 implementation seem to be using the old label,
+ * "client EAP encryption", and wpa_supplicant is now using that as the
+ * default value.
+ *
+ * Some servers, e.g., Radiator, may require peaplabel=1 configuration
+ * to interoperate with PEAPv1; see eap_testing.txt for more details.
+ *
+ * 'peap_outer_success=0' can be used to terminate PEAP authentication
+ * on tunneled EAP-Success. This is required with some RADIUS servers
+ * that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
+ * Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode).
+ *
+ * include_tls_length=1 can be used to force wpa_supplicant to include
+ * TLS Message Length field in all TLS messages even if they are not
+ * fragmented.
+ *
+ * sim_min_num_chal=3 can be used to configure EAP-SIM to require three
+ * challenges (by default, it accepts 2 or 3).
+ *
+ * fast_provisioning=1 can be used to enable in-line provisioning of
+ * EAP-FAST credentials (PAC)
+ */
+ char *phase1;
+
+ /**
+ * phase2 - Phase2 (inner authentication with TLS tunnel) parameters
+ *
+ * String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
+ * "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS.
+ */
+ char *phase2;
+
+ /**
+ * pcsc - Parameters for PC/SC smartcard interface for USIM and GSM SIM
+ *
+ * This field is used to configure PC/SC smartcard interface.
+ * Currently, the only configuration is whether this field is %NULL (do
+ * not use PC/SC) or non-NULL (e.g., "") to enable PC/SC.
+ *
+ * This field is used for EAP-SIM and EAP-AKA.
+ */
+ char *pcsc;
+
+ /**
+ * pin - PIN for USIM, GSM SIM, and smartcards
+ *
+ * This field is used to configure PIN for SIM and smartcards for
+ * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a
+ * smartcard is used for private key operations.
+ *
+ * If left out, this will be asked through control interface.
+ */
+ char *pin;
+
+ /**
+ * engine - Enable OpenSSL engine (e.g., for smartcard access)
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ */
+ int engine;
+
+ /**
+ * engine_id - Engine ID for OpenSSL engine
+ *
+ * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11
+ * engine.
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ */
+ char *engine_id;
+
+ /**
+ * key_id - Key ID for OpenSSL engine
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ */
+ char *key_id;
+
+#define EAPOL_FLAG_REQUIRE_KEY_UNICAST BIT(0)
+#define EAPOL_FLAG_REQUIRE_KEY_BROADCAST BIT(1)
+ /**
+ * eapol_flags - Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*)
+ */
+ int eapol_flags;
+
+#endif /* IEEE8021X_EAPOL */
+
+#define NUM_WEP_KEYS 4
+#define MAX_WEP_KEY_LEN 16
+ /**
+ * wep_key - WEP keys
+ */
+ u8 wep_key[NUM_WEP_KEYS][MAX_WEP_KEY_LEN];
+
+ /**
+ * wep_key_len - WEP key lengths
+ */
+ size_t wep_key_len[NUM_WEP_KEYS];
+
+ /**
+ * wep_tx_keyidx - Default key index for TX frames using WEP
+ */
+ int wep_tx_keyidx;
+
+ /**
+ * proactive_key_caching - Enable proactive key caching
+ *
+ * This field can be used to enable proactive key caching which is also
+ * known as opportunistic PMKSA caching for WPA2. This is disabled (0)
+ * by default. Enable by setting this to 1.
+ *
+ * Proactive key caching is used to make supplicant assume that the APs
+ * are using the same PMK and generate PMKSA cache entries without
+ * doing RSN pre-authentication. This requires support from the AP side
+ * and is normally used with wireless switches that co-locate the
+ * authenticator.
+ */
+ int proactive_key_caching;
+
+ /**
+ * mixed_cell - Whether mixed cells are allowed
+ *
+ * This option can be used to configure whether so called mixed cells,
+ * i.e., networks that use both plaintext and encryption in the same
+ * SSID, are allowed. This is disabled (0) by default. Enable by
+ * setting this to 1.
+ */
+ int mixed_cell;
+
+#ifdef IEEE8021X_EAPOL
+
+ /**
+ * otp - One-time-password
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when OTP is entered through the control interface.
+ */
+ u8 *otp;
+
+ /**
+ * otp_len - Length of the otp field
+ */
+ size_t otp_len;
+
+ /**
+ * pending_req_identity - Whether there is a pending identity request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_identity;
+
+ /**
+ * pending_req_password - Whether there is a pending password request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_password;
+
+ /**
+ * pending_req_pin - Whether there is a pending PIN request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_pin;
+
+ /**
+ * pending_req_new_password - Pending password update request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_new_password;
+
+ /**
+ * pending_req_passphrase - Pending passphrase request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_passphrase;
+
+ /**
+ * pending_req_otp - Whether there is a pending OTP request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ char *pending_req_otp;
+
+ /**
+ * pending_req_otp_len - Length of the pending OTP request
+ */
+ size_t pending_req_otp_len;
+
+ /**
+ * leap - Number of EAP methods using LEAP
+ *
+ * This field should be set to 1 if LEAP is enabled. This is used to
+ * select IEEE 802.11 authentication algorithm.
+ */
+ int leap;
+
+ /**
+ * non_leap - Number of EAP methods not using LEAP
+ *
+ * This field should be set to >0 if any EAP method other than LEAP is
+ * enabled. This is used to select IEEE 802.11 authentication
+ * algorithm.
+ */
+ int non_leap;
+
+ /**
+ * eap_workaround - EAP workarounds enabled
+ *
+ * wpa_supplicant supports number of "EAP workarounds" to work around
+ * interoperability issues with incorrectly behaving authentication
+ * servers. This is recommended to be enabled by default because some
+ * of the issues are present in large number of authentication servers.
+ *
+ * Strict EAP conformance mode can be configured by disabling
+ * workarounds with eap_workaround = 0.
+ */
+ unsigned int eap_workaround;
+
+ /**
+ * pac_file - File path or blob name for the PAC entries (EAP-FAST)
+ *
+ * wpa_supplicant will need to be able to create this file and write
+ * updates to it when PAC is being provisioned or refreshed. Full path
+ * to the file should be used since working directory may change when
+ * wpa_supplicant is run in the background.
+ * Alternatively, a named configuration blob can be used by setting
+ * this to blob://<blob name>.
+ */
+ char *pac_file;
+
+#endif /* IEEE8021X_EAPOL */
+
+ /**
+ * mode - IEEE 802.11 operation mode (Infrastucture/IBSS)
+ *
+ * 0 = infrastructure (Managed) mode, i.e., associate with an AP.
+ *
+ * 1 = IBSS (ad-hoc, peer-to-peer)
+ *
+ * Note: IBSS can only be used with key_mgmt NONE (plaintext and
+ * static WEP) and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In
+ * addition, ap_scan has to be set to 2 for IBSS. WPA-None requires
+ * following network block options: proto=WPA, key_mgmt=WPA-NONE,
+ * pairwise=NONE, group=TKIP (or CCMP, but not both), and psk must also
+ * be set (either directly or using ASCII passphrase).
+ */
+ int mode;
+
+#ifdef IEEE8021X_EAPOL
+
+ /**
+ * mschapv2_retry - MSCHAPv2 retry in progress
+ *
+ * This field is used internally by EAP-MSCHAPv2 and should not be set
+ * as part of configuration.
+ */
+ int mschapv2_retry;
+
+ /**
+ * new_password - New password for password update
+ *
+ * This field is used during MSCHAPv2 password update. This is normally
+ * requested from the user through the control interface and not set
+ * from configuration.
+ */
+ u8 *new_password;
+
+ /**
+ * new_password_len - Length of new_password field
+ */
+ size_t new_password_len;
+
+#endif /* IEEE8021X_EAPOL */
+
+ /**
+ * disabled - Whether this network is currently disabled
+ *
+ * 0 = this network can be used (default).
+ * 1 = this network block is disabled (can be enabled through
+ * ctrl_iface, e.g., with wpa_cli or wpa_gui).
+ */
+ int disabled;
+
+ /**
+ * peerkey - Whether PeerKey handshake for direct links is allowed
+ *
+ * This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are
+ * enabled.
+ *
+ * 0 = disabled (default)
+ * 1 = enabled
+ */
+ int peerkey;
+
+#ifdef IEEE8021X_EAPOL
+
+ /**
+ * fragment_size - Maximum EAP fragment size in bytes (default 1398)
+ *
+ * This value limits the fragment size for EAP methods that support
+ * fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
+ * small enough to make the EAP messages fit in MTU of the network
+ * interface used for EAPOL. The default value is suitable for most
+ * cases.
+ */
+ int fragment_size;
+
+#endif /* IEEE8021X_EAPOL */
+
+ /**
+ * id_str - Network identifier string for external scripts
+ *
+ * This value is passed to external ctrl_iface monitors in
+ * WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR
+ * environment variable for action scripts.
+ */
+ char *id_str;
+
+#ifdef CONFIG_IEEE80211W
+ /**
+ * ieee80211w - Whether management frame protection is enabled
+ *
+ * This value is used to configure policy for management frame
+ * protection (IEEE 802.11w). 0 = disabled, 1 = optional, 2 = required.
+ */
+ enum {
+ NO_IEEE80211W = 0,
+ IEEE80211W_OPTIONAL = 1,
+ IEEE80211W_REQUIRED = 2
+ } ieee80211w;
+#endif /* CONFIG_IEEE80211W */
+
+ /**
+ * frequency - Channel frequency in megahertz (MHz) for IBSS
+ *
+ * This value is used to configure the initial channel for IBSS (adhoc)
+ * networks, e.g., 2412 = IEEE 802.11b/g channel 1. It is ignored in
+ * the infrastructure mode. In addition, this value is only used by the
+ * station that creates the IBSS. If an IBSS network with the
+ * configured SSID is already present, the frequency of the network
+ * will be used instead of this configured value.
+ */
+ int frequency;
+};
+
+int wpa_config_allowed_eap_method(struct wpa_ssid *ssid, int vendor,
+ u32 method);
+
+#endif /* CONFIG_SSID_H */
--- /dev/null
+/*
+ * hostapd / Shared configuration file defines
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_TYPES_H
+#define CONFIG_TYPES_H
+
+struct hostapd_ip_addr {
+ union {
+ struct in_addr v4;
+#ifdef CONFIG_IPV6
+ struct in6_addr v6;
+#endif /* CONFIG_IPV6 */
+ } u;
+ int af; /* AF_INET / AF_INET6 */
+};
+
+#endif /* CONFIG_TYPES_H */
--- /dev/null
+/*
+ * WPA Supplicant / Configuration backend: Windows registry
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements a configuration backend for Windows registry.. All the
+ * configuration information is stored in the registry and the format for
+ * network configuration fields is same as described in the sample
+ * configuration file, wpa_supplicant.conf.
+ *
+ * Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
+ * key. Each configuration profile has its own key under this. In terms of text
+ * files, each profile would map to a separate text file with possibly multiple
+ * networks. Under each profile, there is a networks key that lists all
+ * networks as a subkey. Each network has set of values in the same way as
+ * network block in the configuration file. In addition, blobs subkey has
+ * possible blobs as values.
+ *
+ * HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
+ * ssid="example"
+ * key_mgmt=WPA-PSK
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "config.h"
+
+#ifndef WPA_KEY_ROOT
+#define WPA_KEY_ROOT HKEY_LOCAL_MACHINE
+#endif
+#ifndef WPA_KEY_PREFIX
+#define WPA_KEY_PREFIX TEXT("SOFTWARE\\wpa_supplicant")
+#endif
+
+#ifdef UNICODE
+#define TSTR "%S"
+#else /* UNICODE */
+#define TSTR "%s"
+#endif /* UNICODE */
+
+
+static int wpa_config_read_blobs(struct wpa_config *config, HKEY hk)
+{
+ struct wpa_config_blob *blob;
+ int errors = 0;
+ HKEY bhk;
+ LONG ret;
+ DWORD i;
+
+ ret = RegOpenKeyEx(hk, TEXT("blobs"), 0, KEY_QUERY_VALUE, &bhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "Could not open wpa_supplicant config "
+ "blobs key");
+ return 0; /* assume no blobs */
+ }
+
+ for (i = 0; ; i++) {
+#define TNAMELEN 255
+ TCHAR name[TNAMELEN];
+ char data[4096];
+ DWORD namelen, datalen, type;
+
+ namelen = TNAMELEN;
+ datalen = sizeof(data);
+ ret = RegEnumValue(bhk, i, name, &namelen, NULL, &type,
+ (LPBYTE) data, &datalen);
+
+ if (ret == ERROR_NO_MORE_ITEMS)
+ break;
+
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "RegEnumValue failed: 0x%x",
+ (unsigned int) ret);
+ break;
+ }
+
+ if (namelen >= TNAMELEN)
+ namelen = TNAMELEN - 1;
+ name[namelen] = TEXT('\0');
+ wpa_unicode2ascii_inplace(name);
+
+ if (datalen >= sizeof(data))
+ datalen = sizeof(data) - 1;
+
+ wpa_printf(MSG_MSGDUMP, "blob %d: field='%s' len %d",
+ (int) i, name, (int) datalen);
+
+ blob = os_zalloc(sizeof(*blob));
+ if (blob == NULL) {
+ errors++;
+ break;
+ }
+ blob->name = os_strdup((char *) name);
+ blob->data = os_malloc(datalen);
+ if (blob->name == NULL || blob->data == NULL) {
+ wpa_config_free_blob(blob);
+ errors++;
+ break;
+ }
+ os_memcpy(blob->data, data, datalen);
+ blob->len = datalen;
+
+ wpa_config_set_blob(config, blob);
+ }
+
+ RegCloseKey(bhk);
+
+ return errors ? -1 : 0;
+}
+
+
+static int wpa_config_read_reg_dword(HKEY hk, const TCHAR *name, int *_val)
+{
+ DWORD val, buflen;
+ LONG ret;
+
+ buflen = sizeof(val);
+ ret = RegQueryValueEx(hk, name, NULL, NULL, (LPBYTE) &val, &buflen);
+ if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
+ wpa_printf(MSG_DEBUG, TSTR "=%d", name, (int) val);
+ *_val = val;
+ return 0;
+ }
+
+ return -1;
+}
+
+
+static char * wpa_config_read_reg_string(HKEY hk, const TCHAR *name)
+{
+ DWORD buflen;
+ LONG ret;
+ TCHAR *val;
+
+ buflen = 0;
+ ret = RegQueryValueEx(hk, name, NULL, NULL, NULL, &buflen);
+ if (ret != ERROR_SUCCESS)
+ return NULL;
+ val = os_malloc(buflen);
+ if (val == NULL)
+ return NULL;
+
+ ret = RegQueryValueEx(hk, name, NULL, NULL, (LPBYTE) val, &buflen);
+ if (ret != ERROR_SUCCESS) {
+ os_free(val);
+ return NULL;
+ }
+
+ wpa_unicode2ascii_inplace(val);
+ wpa_printf(MSG_DEBUG, TSTR "=%s", name, (char *) val);
+ return (char *) val;
+}
+
+
+static int wpa_config_read_global(struct wpa_config *config, HKEY hk)
+{
+ int errors = 0;
+
+ wpa_config_read_reg_dword(hk, TEXT("ap_scan"), &config->ap_scan);
+ wpa_config_read_reg_dword(hk, TEXT("fast_reauth"),
+ &config->fast_reauth);
+ wpa_config_read_reg_dword(hk, TEXT("dot11RSNAConfigPMKLifetime"),
+ &config->dot11RSNAConfigPMKLifetime);
+ wpa_config_read_reg_dword(hk,
+ TEXT("dot11RSNAConfigPMKReauthThreshold"),
+ &config->dot11RSNAConfigPMKReauthThreshold);
+ wpa_config_read_reg_dword(hk, TEXT("dot11RSNAConfigSATimeout"),
+ &config->dot11RSNAConfigSATimeout);
+ wpa_config_read_reg_dword(hk, TEXT("update_config"),
+ &config->update_config);
+
+ if (wpa_config_read_reg_dword(hk, TEXT("eapol_version"),
+ &config->eapol_version) == 0) {
+ if (config->eapol_version < 1 ||
+ config->eapol_version > 2) {
+ wpa_printf(MSG_ERROR, "Invalid EAPOL version (%d)",
+ config->eapol_version);
+ errors++;
+ }
+ }
+
+ config->ctrl_interface = wpa_config_read_reg_string(
+ hk, TEXT("ctrl_interface"));
+
+ return errors ? -1 : 0;
+}
+
+
+static struct wpa_ssid * wpa_config_read_network(HKEY hk, const TCHAR *netw,
+ int id)
+{
+ HKEY nhk;
+ LONG ret;
+ DWORD i;
+ struct wpa_ssid *ssid;
+ int errors = 0;
+
+ ret = RegOpenKeyEx(hk, netw, 0, KEY_QUERY_VALUE, &nhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "Could not open wpa_supplicant config "
+ "network '" TSTR "'", netw);
+ return NULL;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "Start of a new network '" TSTR "'", netw);
+ ssid = os_zalloc(sizeof(*ssid));
+ if (ssid == NULL) {
+ RegCloseKey(nhk);
+ return NULL;
+ }
+ ssid->id = id;
+
+ wpa_config_set_network_defaults(ssid);
+
+ for (i = 0; ; i++) {
+ TCHAR name[255], data[1024];
+ DWORD namelen, datalen, type;
+
+ namelen = 255;
+ datalen = sizeof(data);
+ ret = RegEnumValue(nhk, i, name, &namelen, NULL, &type,
+ (LPBYTE) data, &datalen);
+
+ if (ret == ERROR_NO_MORE_ITEMS)
+ break;
+
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "RegEnumValue failed: 0x%x",
+ (unsigned int) ret);
+ break;
+ }
+
+ if (namelen >= 255)
+ namelen = 255 - 1;
+ name[namelen] = TEXT('\0');
+
+ if (datalen >= 1024)
+ datalen = 1024 - 1;
+ data[datalen] = TEXT('\0');
+
+ wpa_unicode2ascii_inplace(name);
+ wpa_unicode2ascii_inplace(data);
+ if (wpa_config_set(ssid, (char *) name, (char *) data, 0) < 0)
+ errors++;
+ }
+
+ RegCloseKey(nhk);
+
+ if (ssid->passphrase) {
+ if (ssid->psk_set) {
+ wpa_printf(MSG_ERROR, "Both PSK and passphrase "
+ "configured for network '" TSTR "'.", netw);
+ errors++;
+ }
+ wpa_config_update_psk(ssid);
+ }
+
+ if ((ssid->key_mgmt & WPA_KEY_MGMT_PSK) && !ssid->psk_set) {
+ wpa_printf(MSG_ERROR, "WPA-PSK accepted for key management, "
+ "but no PSK configured for network '" TSTR "'.",
+ netw);
+ errors++;
+ }
+
+ if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
+ !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
+ !(ssid->pairwise_cipher & WPA_CIPHER_NONE)) {
+ /* Group cipher cannot be stronger than the pairwise cipher. */
+ wpa_printf(MSG_DEBUG, "Removed CCMP from group cipher "
+ "list since it was not allowed for pairwise "
+ "cipher for network '" TSTR "'.", netw);
+ ssid->group_cipher &= ~WPA_CIPHER_CCMP;
+ }
+
+ if (errors) {
+ wpa_config_free_ssid(ssid);
+ ssid = NULL;
+ }
+
+ return ssid;
+}
+
+
+static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
+{
+ HKEY nhk;
+ struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
+ int errors = 0;
+ LONG ret;
+ DWORD i;
+
+ ret = RegOpenKeyEx(hk, TEXT("networks"), 0, KEY_ENUMERATE_SUB_KEYS,
+ &nhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "Could not open wpa_supplicant networks "
+ "registry key");
+ return -1;
+ }
+
+ for (i = 0; ; i++) {
+ TCHAR name[255];
+ DWORD namelen;
+
+ namelen = 255;
+ ret = RegEnumKeyEx(nhk, i, name, &namelen, NULL, NULL, NULL,
+ NULL);
+
+ if (ret == ERROR_NO_MORE_ITEMS)
+ break;
+
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "RegEnumKeyEx failed: 0x%x",
+ (unsigned int) ret);
+ break;
+ }
+
+ if (namelen >= 255)
+ namelen = 255 - 1;
+ name[namelen] = '\0';
+
+ ssid = wpa_config_read_network(nhk, name, i);
+ if (ssid == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to parse network "
+ "profile '%s'.", name);
+ errors++;
+ continue;
+ }
+ if (head == NULL) {
+ head = tail = ssid;
+ } else {
+ tail->next = ssid;
+ tail = ssid;
+ }
+ if (wpa_config_add_prio_network(config, ssid)) {
+ wpa_printf(MSG_ERROR, "Failed to add network profile "
+ "'%s' to priority list.", name);
+ errors++;
+ continue;
+ }
+ }
+
+ RegCloseKey(nhk);
+
+ config->ssid = head;
+
+ return errors ? -1 : 0;
+}
+
+
+struct wpa_config * wpa_config_read(const char *name)
+{
+ TCHAR buf[256];
+ int errors = 0;
+ struct wpa_config *config;
+ HKEY hk;
+ LONG ret;
+
+ config = wpa_config_alloc_empty(NULL, NULL);
+ if (config == NULL)
+ return NULL;
+ wpa_printf(MSG_DEBUG, "Reading configuration profile '%s'", name);
+
+#ifdef UNICODE
+ _snwprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%S"), name);
+#else /* UNICODE */
+ os_snprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%s"), name);
+#endif /* UNICODE */
+
+ ret = RegOpenKeyEx(WPA_KEY_ROOT, buf, 0, KEY_QUERY_VALUE, &hk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "Could not open wpa_supplicant "
+ "configuration registry HKLM\\" TSTR, buf);
+ os_free(config);
+ return NULL;
+ }
+
+ if (wpa_config_read_global(config, hk))
+ errors++;
+
+ if (wpa_config_read_networks(config, hk))
+ errors++;
+
+ if (wpa_config_read_blobs(config, hk))
+ errors++;
+
+ wpa_config_debug_dump_networks(config);
+
+ RegCloseKey(hk);
+
+ if (errors) {
+ wpa_config_free(config);
+ config = NULL;
+ }
+
+ return config;
+}
+
+
+static int wpa_config_write_reg_dword(HKEY hk, const TCHAR *name, int val,
+ int def)
+{
+ LONG ret;
+ DWORD _val = val;
+
+ if (val == def) {
+ RegDeleteValue(hk, name);
+ return 0;
+ }
+
+ ret = RegSetValueEx(hk, name, 0, REG_DWORD, (LPBYTE) &_val,
+ sizeof(_val));
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "WINREG: Failed to set %s=%d: error %d",
+ name, val, (int) GetLastError());
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_config_write_reg_string(HKEY hk, const char *name,
+ const char *val)
+{
+ LONG ret;
+ TCHAR *_name, *_val;
+
+ _name = wpa_strdup_tchar(name);
+ if (_name == NULL)
+ return -1;
+
+ if (val == NULL) {
+ RegDeleteValue(hk, _name);
+ os_free(_name);
+ return 0;
+ }
+
+ _val = wpa_strdup_tchar(val);
+ if (_val == NULL) {
+ os_free(_name);
+ return -1;
+ }
+ ret = RegSetValueEx(hk, _name, 0, REG_SZ, (BYTE *) _val,
+ (os_strlen(val) + 1) * sizeof(TCHAR));
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "WINREG: Failed to set %s='%s': "
+ "error %d", name, val, (int) GetLastError());
+ os_free(_name);
+ os_free(_val);
+ return -1;
+ }
+
+ os_free(_name);
+ os_free(_val);
+ return 0;
+}
+
+
+static int wpa_config_write_global(struct wpa_config *config, HKEY hk)
+{
+#ifdef CONFIG_CTRL_IFACE
+ wpa_config_write_reg_string(hk, "ctrl_interface",
+ config->ctrl_interface);
+#endif /* CONFIG_CTRL_IFACE */
+
+ wpa_config_write_reg_dword(hk, TEXT("eapol_version"),
+ config->eapol_version,
+ DEFAULT_EAPOL_VERSION);
+ wpa_config_write_reg_dword(hk, TEXT("ap_scan"), config->ap_scan,
+ DEFAULT_AP_SCAN);
+ wpa_config_write_reg_dword(hk, TEXT("fast_reauth"),
+ config->fast_reauth, DEFAULT_FAST_REAUTH);
+ wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigPMKLifetime"),
+ config->dot11RSNAConfigPMKLifetime, 0);
+ wpa_config_write_reg_dword(hk,
+ TEXT("dot11RSNAConfigPMKReauthThreshold"),
+ config->dot11RSNAConfigPMKReauthThreshold,
+ 0);
+ wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigSATimeout"),
+ config->dot11RSNAConfigSATimeout, 0);
+ wpa_config_write_reg_dword(hk, TEXT("update_config"),
+ config->update_config,
+ 0);
+
+ return 0;
+}
+
+
+static int wpa_config_delete_subkeys(HKEY hk, const TCHAR *key)
+{
+ HKEY nhk;
+ int i, errors = 0;
+ LONG ret;
+
+ ret = RegOpenKeyEx(hk, key, 0, KEY_ENUMERATE_SUB_KEYS | DELETE, &nhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "WINREG: Could not open key '" TSTR
+ "' for subkey deletion: error 0x%x (%d)", key,
+ (unsigned int) ret, (int) GetLastError());
+ return 0;
+ }
+
+ for (i = 0; ; i++) {
+ TCHAR name[255];
+ DWORD namelen;
+
+ namelen = 255;
+ ret = RegEnumKeyEx(nhk, i, name, &namelen, NULL, NULL, NULL,
+ NULL);
+
+ if (ret == ERROR_NO_MORE_ITEMS)
+ break;
+
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "RegEnumKeyEx failed: 0x%x (%d)",
+ (unsigned int) ret, (int) GetLastError());
+ break;
+ }
+
+ if (namelen >= 255)
+ namelen = 255 - 1;
+ name[namelen] = TEXT('\0');
+
+ ret = RegDeleteKey(nhk, name);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "RegDeleteKey failed: 0x%x (%d)",
+ (unsigned int) ret, (int) GetLastError());
+ errors++;
+ }
+ }
+
+ RegCloseKey(nhk);
+
+ return errors ? -1 : 0;
+}
+
+
+static void write_str(HKEY hk, const char *field, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, field);
+ if (value == NULL)
+ return;
+ wpa_config_write_reg_string(hk, field, value);
+ os_free(value);
+}
+
+
+static void write_int(HKEY hk, const char *field, int value, int def)
+{
+ char val[20];
+ if (value == def)
+ return;
+ os_snprintf(val, sizeof(val), "%d", value);
+ wpa_config_write_reg_string(hk, field, val);
+}
+
+
+static void write_bssid(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, "bssid");
+ if (value == NULL)
+ return;
+ wpa_config_write_reg_string(hk, "bssid", value);
+ os_free(value);
+}
+
+
+static void write_psk(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value = wpa_config_get(ssid, "psk");
+ if (value == NULL)
+ return;
+ wpa_config_write_reg_string(hk, "psk", value);
+ os_free(value);
+}
+
+
+static void write_proto(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->proto == DEFAULT_PROTO)
+ return;
+
+ value = wpa_config_get(ssid, "proto");
+ if (value == NULL)
+ return;
+ if (value[0])
+ wpa_config_write_reg_string(hk, "proto", value);
+ os_free(value);
+}
+
+
+static void write_key_mgmt(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
+ return;
+
+ value = wpa_config_get(ssid, "key_mgmt");
+ if (value == NULL)
+ return;
+ if (value[0])
+ wpa_config_write_reg_string(hk, "key_mgmt", value);
+ os_free(value);
+}
+
+
+static void write_pairwise(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->pairwise_cipher == DEFAULT_PAIRWISE)
+ return;
+
+ value = wpa_config_get(ssid, "pairwise");
+ if (value == NULL)
+ return;
+ if (value[0])
+ wpa_config_write_reg_string(hk, "pairwise", value);
+ os_free(value);
+}
+
+
+static void write_group(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->group_cipher == DEFAULT_GROUP)
+ return;
+
+ value = wpa_config_get(ssid, "group");
+ if (value == NULL)
+ return;
+ if (value[0])
+ wpa_config_write_reg_string(hk, "group", value);
+ os_free(value);
+}
+
+
+static void write_auth_alg(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (ssid->auth_alg == 0)
+ return;
+
+ value = wpa_config_get(ssid, "auth_alg");
+ if (value == NULL)
+ return;
+ if (value[0])
+ wpa_config_write_reg_string(hk, "auth_alg", value);
+ os_free(value);
+}
+
+
+#ifdef IEEE8021X_EAPOL
+static void write_eap(HKEY hk, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ value = wpa_config_get(ssid, "eap");
+ if (value == NULL)
+ return;
+
+ if (value[0])
+ wpa_config_write_reg_string(hk, "eap", value);
+ os_free(value);
+}
+#endif /* IEEE8021X_EAPOL */
+
+
+static void write_wep_key(HKEY hk, int idx, struct wpa_ssid *ssid)
+{
+ char field[20], *value;
+
+ os_snprintf(field, sizeof(field), "wep_key%d", idx);
+ value = wpa_config_get(ssid, field);
+ if (value) {
+ wpa_config_write_reg_string(hk, field, value);
+ os_free(value);
+ }
+}
+
+
+static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
+{
+ int i, errors = 0;
+ HKEY nhk, netw;
+ LONG ret;
+ TCHAR name[5];
+
+ ret = RegOpenKeyEx(hk, TEXT("networks"), 0, KEY_CREATE_SUB_KEY, &nhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "WINREG: Could not open networks key "
+ "for subkey addition: error 0x%x (%d)",
+ (unsigned int) ret, (int) GetLastError());
+ return 0;
+ }
+
+#ifdef UNICODE
+ wsprintf(name, L"%04d", id);
+#else /* UNICODE */
+ os_snprintf(name, sizeof(name), "%04d", id);
+#endif /* UNICODE */
+ ret = RegCreateKeyEx(nhk, name, 0, NULL, 0, KEY_WRITE, NULL, &netw,
+ NULL);
+ RegCloseKey(nhk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "WINREG: Could not add network key '%s':"
+ " error 0x%x (%d)",
+ name, (unsigned int) ret, (int) GetLastError());
+ return -1;
+ }
+
+#define STR(t) write_str(netw, #t, ssid)
+#define INT(t) write_int(netw, #t, ssid->t, 0)
+#define INT_DEF(t, def) write_int(netw, #t, ssid->t, def)
+
+ STR(ssid);
+ INT(scan_ssid);
+ write_bssid(netw, ssid);
+ write_psk(netw, ssid);
+ write_proto(netw, ssid);
+ write_key_mgmt(netw, ssid);
+ write_pairwise(netw, ssid);
+ write_group(netw, ssid);
+ write_auth_alg(netw, ssid);
+#ifdef IEEE8021X_EAPOL
+ write_eap(netw, ssid);
+ STR(identity);
+ STR(anonymous_identity);
+ STR(eappsk);
+ STR(nai);
+ STR(password);
+ STR(ca_cert);
+ STR(ca_path);
+ STR(client_cert);
+ STR(private_key);
+ STR(private_key_passwd);
+ STR(dh_file);
+ STR(subject_match);
+ STR(altsubject_match);
+ STR(ca_cert2);
+ STR(ca_path2);
+ STR(client_cert2);
+ STR(private_key2);
+ STR(private_key2_passwd);
+ STR(dh_file2);
+ STR(subject_match2);
+ STR(altsubject_match2);
+ STR(phase1);
+ STR(phase2);
+ STR(pcsc);
+ STR(pin);
+ STR(engine_id);
+ STR(key_id);
+ INT(engine);
+ INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
+#endif /* IEEE8021X_EAPOL */
+ for (i = 0; i < 4; i++)
+ write_wep_key(netw, i, ssid);
+ INT(wep_tx_keyidx);
+ INT(priority);
+#ifdef IEEE8021X_EAPOL
+ INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
+ STR(pac_file);
+ INT_DEF(fragment_size, DEFAULT_FRAGMENT_SIZE);
+#endif /* IEEE8021X_EAPOL */
+ INT(mode);
+ INT(proactive_key_caching);
+ INT(disabled);
+ INT(peerkey);
+#ifdef CONFIG_IEEE80211W
+ INT(ieee80211w);
+#endif /* CONFIG_IEEE80211W */
+ STR(id_str);
+
+#undef STR
+#undef INT
+#undef INT_DEF
+
+ RegCloseKey(netw);
+
+ return errors ? -1 : 0;
+}
+
+
+static int wpa_config_write_blob(HKEY hk, struct wpa_config_blob *blob)
+{
+ HKEY bhk;
+ LONG ret;
+ TCHAR *name;
+
+ ret = RegCreateKeyEx(hk, TEXT("blobs"), 0, NULL, 0, KEY_WRITE, NULL,
+ &bhk, NULL);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "WINREG: Could not add blobs key: "
+ "error 0x%x (%d)",
+ (unsigned int) ret, (int) GetLastError());
+ return -1;
+ }
+
+ name = wpa_strdup_tchar(blob->name);
+ ret = RegSetValueEx(bhk, name, 0, REG_BINARY, blob->data,
+ blob->len);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "WINREG: Failed to set blob %s': "
+ "error 0x%x (%d)", blob->name, (unsigned int) ret,
+ (int) GetLastError());
+ RegCloseKey(bhk);
+ os_free(name);
+ return -1;
+ }
+ os_free(name);
+
+ RegCloseKey(bhk);
+
+ return 0;
+}
+
+
+int wpa_config_write(const char *name, struct wpa_config *config)
+{
+ TCHAR buf[256];
+ HKEY hk;
+ LONG ret;
+ int errors = 0;
+ struct wpa_ssid *ssid;
+ struct wpa_config_blob *blob;
+ int id;
+
+ wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
+
+#ifdef UNICODE
+ _snwprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%S"), name);
+#else /* UNICODE */
+ os_snprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%s"), name);
+#endif /* UNICODE */
+
+ ret = RegOpenKeyEx(WPA_KEY_ROOT, buf, 0, KEY_SET_VALUE | DELETE, &hk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_ERROR, "Could not open wpa_supplicant "
+ "configuration registry %s: error %d", buf,
+ (int) GetLastError());
+ return -1;
+ }
+
+ if (wpa_config_write_global(config, hk)) {
+ wpa_printf(MSG_ERROR, "Failed to write global configuration "
+ "data");
+ errors++;
+ }
+
+ wpa_config_delete_subkeys(hk, TEXT("networks"));
+ for (ssid = config->ssid, id = 0; ssid; ssid = ssid->next, id++) {
+ if (wpa_config_write_network(hk, ssid, id))
+ errors++;
+ }
+
+ RegDeleteKey(hk, TEXT("blobs"));
+ for (blob = config->blobs; blob; blob = blob->next) {
+ if (wpa_config_write_blob(hk, blob))
+ errors++;
+ }
+
+ RegCloseKey(hk);
+
+ wpa_printf(MSG_DEBUG, "Configuration '%s' written %ssuccessfully",
+ name, errors ? "un" : "");
+ return errors ? -1 : 0;
+}
--- /dev/null
+/*
+ * WPA Supplicant / wrapper functions for libcrypto
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <openssl/opensslv.h>
+#include <openssl/md4.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/des.h>
+#include <openssl/aes.h>
+
+#include "common.h"
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000
+#define DES_key_schedule des_key_schedule
+#define DES_cblock des_cblock
+#define DES_set_key(key, schedule) des_set_key((key), *(schedule))
+#define DES_ecb_encrypt(input, output, ks, enc) \
+ des_ecb_encrypt((input), (output), *(ks), (enc))
+#endif /* openssl < 0.9.7 */
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ MD4_CTX ctx;
+ size_t i;
+
+ MD4_Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ MD4_Update(&ctx, addr[i], len[i]);
+ MD4_Final(mac, &ctx);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ u8 pkey[8], next, tmp;
+ int i;
+ DES_key_schedule ks;
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ pkey[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ pkey[i] = next | 1;
+
+ DES_set_key(&pkey, &ks);
+ DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
+ DES_ENCRYPT);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ MD5_CTX ctx;
+ size_t i;
+
+ MD5_Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ MD5_Update(&ctx, addr[i], len[i]);
+ MD5_Final(mac, &ctx);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ SHA_CTX ctx;
+ size_t i;
+
+ SHA1_Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ SHA1_Update(&ctx, addr[i], len[i]);
+ SHA1_Final(mac, &ctx);
+}
+
+
+static void sha1_transform(u8 *state, const u8 data[64])
+{
+ SHA_CTX context;
+ os_memset(&context, 0, sizeof(context));
+ os_memcpy(&context.h0, state, 5 * 4);
+ SHA1_Transform(&context, data);
+ os_memcpy(state, &context.h0, 5 * 4);
+}
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ u8 xkey[64];
+ u32 t[5], _t[5];
+ int i, j, m, k;
+ u8 *xpos = x;
+ u32 carry;
+
+ if (seed_len > sizeof(xkey))
+ seed_len = sizeof(xkey);
+
+ /* FIPS 186-2 + change notice 1 */
+
+ os_memcpy(xkey, seed, seed_len);
+ os_memset(xkey + seed_len, 0, 64 - seed_len);
+ t[0] = 0x67452301;
+ t[1] = 0xEFCDAB89;
+ t[2] = 0x98BADCFE;
+ t[3] = 0x10325476;
+ t[4] = 0xC3D2E1F0;
+
+ m = xlen / 40;
+ for (j = 0; j < m; j++) {
+ /* XSEED_j = 0 */
+ for (i = 0; i < 2; i++) {
+ /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+ /* w_i = G(t, XVAL) */
+ os_memcpy(_t, t, 20);
+ sha1_transform((u8 *) _t, xkey);
+ _t[0] = host_to_be32(_t[0]);
+ _t[1] = host_to_be32(_t[1]);
+ _t[2] = host_to_be32(_t[2]);
+ _t[3] = host_to_be32(_t[3]);
+ _t[4] = host_to_be32(_t[4]);
+ os_memcpy(xpos, _t, 20);
+
+ /* XKEY = (1 + XKEY + w_i) mod 2^b */
+ carry = 1;
+ for (k = 19; k >= 0; k--) {
+ carry += xkey[k] + xpos[k];
+ xkey[k] = carry & 0xff;
+ carry >>= 8;
+ }
+
+ xpos += 20;
+ }
+ /* x_j = w_0|w_1 */
+ }
+
+ return 0;
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ AES_KEY *ak;
+ ak = os_malloc(sizeof(*ak));
+ if (ak == NULL)
+ return NULL;
+ if (AES_set_encrypt_key(key, 8 * len, ak) < 0) {
+ os_free(ak);
+ return NULL;
+ }
+ return ak;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ AES_encrypt(plain, crypt, ctx);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ os_free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ AES_KEY *ak;
+ ak = os_malloc(sizeof(*ak));
+ if (ak == NULL)
+ return NULL;
+ if (AES_set_decrypt_key(key, 8 * len, ak) < 0) {
+ os_free(ak);
+ return NULL;
+ }
+ return ak;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ AES_decrypt(crypt, plain, ctx);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ os_free(ctx);
+}
+#endif /* EAP_TLS_FUNCS */
--- /dev/null
+/*
+ * WPA Supplicant / wrapper functions for crypto libraries
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file defines the cryptographic functions that need to be implemented
+ * for wpa_supplicant and hostapd. When TLS is not used, internal
+ * implementation of MD5, SHA1, and AES is used and no external libraries are
+ * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the
+ * crypto library used by the TLS implementation is expected to be used for
+ * non-TLS needs, too, in order to save space by not implementing these
+ * functions twice.
+ *
+ * Wrapper code for using each crypto library is in its own file (crypto*.c)
+ * and one of these files is build and linked in to provide the functions
+ * defined here.
+ */
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+/**
+ * md4_vector - MD4 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * md5_vector - MD5 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * sha1_vector - SHA-1 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac);
+
+/**
+ * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF
+ * @seed: Seed/key for the PRF
+ * @seed_len: Seed length in bytes
+ * @x: Buffer for PRF output
+ * @xlen: Output length in bytes
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function implements random number generation specified in NIST FIPS
+ * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to
+ * SHA-1, but has different message padding.
+ */
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen);
+
+/**
+ * sha256_vector - SHA256 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac);
+
+/**
+ * des_encrypt - Encrypt one block with DES
+ * @clear: 8 octets (in)
+ * @key: 7 octets (in) (no parity bits included)
+ * @cypher: 8 octets (out)
+ */
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher);
+
+/**
+ * aes_encrypt_init - Initialize AES for encryption
+ * @key: Encryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_encrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_encrypt - Encrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @plain: Plaintext data to be encrypted (16 bytes)
+ * @crypt: Buffer for the encrypted data (16 bytes)
+ */
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
+
+/**
+ * aes_encrypt_deinit - Deinitialize AES encryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_encrypt_deinit(void *ctx);
+
+/**
+ * aes_decrypt_init - Initialize AES for decryption
+ * @key: Decryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_decrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_decrypt - Decrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @crypt: Encrypted data (16 bytes)
+ * @plain: Buffer for the decrypted data (16 bytes)
+ */
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
+
+/**
+ * aes_decrypt_deinit - Deinitialize AES decryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_decrypt_deinit(void *ctx);
+
+
+enum crypto_hash_alg {
+ CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1,
+ CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1
+};
+
+struct crypto_hash;
+
+/**
+ * crypto_hash_init - Initialize hash/HMAC function
+ * @alg: Hash algorithm
+ * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
+ * @key_len: Length of the key in bytes
+ * Returns: Pointer to hash context to use with other hash functions or %NULL
+ * on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ size_t key_len);
+
+/**
+ * crypto_hash_update - Add data to hash calculation
+ * @ctx: Context pointer from crypto_hash_init()
+ * @data: Data buffer to add
+ * @len: Length of the buffer
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
+
+/**
+ * crypto_hash_finish - Complete hash calculation
+ * @ctx: Context pointer from crypto_hash_init()
+ * @hash: Buffer for hash value or %NULL if caller is just freeing the hash
+ * context
+ * @len: Pointer to length of the buffer or %NULL if caller is just freeing the
+ * hash context; on return, this is set to the actual length of the hash value
+ * Returns: 0 on success, -1 if buffer is too small (len set to needed length),
+ * or -2 on other failures (including failed crypto_hash_update() operations)
+ *
+ * This function calculates the hash value and frees the context buffer that
+ * was used for hash calculation.
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
+
+
+enum crypto_cipher_alg {
+ CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
+ CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
+};
+
+struct crypto_cipher;
+
+/**
+ * crypto_cipher_init - Initialize block/stream cipher function
+ * @alg: Cipher algorithm
+ * @iv: Initialization vector for block ciphers or %NULL for stream ciphers
+ * @key: Cipher key
+ * @key_len: Length of key in bytes
+ * Returns: Pointer to cipher context to use with other cipher functions or
+ * %NULL on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ const u8 *iv, const u8 *key,
+ size_t key_len);
+
+/**
+ * crypto_cipher_encrypt - Cipher encrypt
+ * @ctx: Context pointer from crypto_cipher_init()
+ * @plain: Plaintext to cipher
+ * @crypt: Resulting ciphertext
+ * @len: Length of the plaintext
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
+ u8 *crypt, size_t len);
+
+/**
+ * crypto_cipher_decrypt - Cipher decrypt
+ * @ctx: Context pointer from crypto_cipher_init()
+ * @crypt: Ciphertext to decrypt
+ * @plain: Resulting plaintext
+ * @len: Length of the cipher text
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
+ u8 *plain, size_t len);
+
+/**
+ * crypto_cipher_decrypt - Free cipher context
+ * @ctx: Context pointer from crypto_cipher_init()
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_cipher_deinit(struct crypto_cipher *ctx);
+
+
+struct crypto_public_key;
+struct crypto_private_key;
+
+/**
+ * crypto_public_key_import - Import an RSA public key
+ * @key: Key buffer (DER encoded RSA public key)
+ * @len: Key buffer length in bytes
+ * Returns: Pointer to the public key or %NULL on failure
+ *
+ * This function can just return %NULL if the crypto library supports X.509
+ * parsing. In that case, crypto_public_key_from_cert() is used to import the
+ * public key from a certificate.
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len);
+
+/**
+ * crypto_private_key_import - Import an RSA private key
+ * @key: Key buffer (DER encoded RSA private key)
+ * @len: Key buffer length in bytes
+ * Returns: Pointer to the private key or %NULL on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_private_key * crypto_private_key_import(const u8 *key,
+ size_t len);
+
+/**
+ * crypto_public_key_from_cert - Import an RSA public key from a certificate
+ * @buf: DER encoded X.509 certificate
+ * @len: Certificate buffer length in bytes
+ * Returns: Pointer to public key or %NULL on failure
+ *
+ * This function can just return %NULL if the crypto library does not support
+ * X.509 parsing. In that case, internal code will be used to parse the
+ * certificate and public key is imported using crypto_public_key_import().
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
+ size_t len);
+
+/**
+ * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5)
+ * @key: Public key
+ * @in: Plaintext buffer
+ * @inlen: Length of plaintext buffer in bytes
+ * @out: Output buffer for encrypted data
+ * @outlen: Length of output buffer in bytes; set to used length on success
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen);
+
+/**
+ * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1)
+ * @key: Private key from crypto_private_key_import()
+ * @in: Plaintext buffer
+ * @inlen: Length of plaintext buffer in bytes
+ * @out: Output buffer for encrypted (signed) data
+ * @outlen: Length of output buffer in bytes; set to used length on success
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen);
+
+/**
+ * crypto_public_key_free - Free public key
+ * @key: Public key
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_public_key_free(struct crypto_public_key *key);
+
+/**
+ * crypto_private_key_free - Free private key
+ * @key: Private key from crypto_private_key_import()
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_private_key_free(struct crypto_private_key *key);
+
+/**
+ * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature
+ * @key: Public key
+ * @crypt: Encrypted signature data (using the private key)
+ * @crypt_len: Encrypted signature data length
+ * @plain: Buffer for plaintext (at least crypt_len bytes)
+ * @plain_len: Plaintext length (max buffer size on input, real len on output);
+ * Returns: 0 on success, -1 on failure
+ */
+int crypto_public_key_decrypt_pkcs1(struct crypto_public_key *key,
+ const u8 *crypt, size_t crypt_len,
+ u8 *plain, size_t *plain_len);
+
+/**
+ * crypto_global_init - Initialize crypto wrapper
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_global_init(void);
+
+/**
+ * crypto_global_deinit - Deinitialize crypto wrapper
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_global_deinit(void);
+
+/**
+ * crypto_mod_exp - Modular exponentiation of large integers
+ * @base: Base integer (big endian byte array)
+ * @base_len: Length of base integer in bytes
+ * @power: Power integer (big endian byte array)
+ * @power_len: Length of power integer in bytes
+ * @modulus: Modulus integer (big endian byte array)
+ * @modulus_len: Length of modulus integer in bytes
+ * @result: Buffer for the result
+ * @result_len: Result length (max buffer size on input, real len on output)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function calculates result = base ^ power mod modulus. modules_len is
+ * used as the maximum size of modulus buffer. It is set to the used size on
+ * success.
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_mod_exp(const u8 *base, size_t base_len,
+ const u8 *power, size_t power_len,
+ const u8 *modulus, size_t modulus_len,
+ u8 *result, size_t *result_len);
+
+#endif /* CRYPTO_H */
--- /dev/null
+/*
+ * WPA Supplicant / Crypto wrapper for Microsoft CryptoAPI
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <windows.h>
+#include <wincrypt.h>
+
+#include "common.h"
+#include "crypto.h"
+
+#ifndef MS_ENH_RSA_AES_PROV
+#ifdef UNICODE
+#define MS_ENH_RSA_AES_PROV \
+L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#else
+#define MS_ENH_RSA_AES_PROV \
+"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#endif
+#endif /* MS_ENH_RSA_AES_PROV */
+
+#ifndef CALG_HMAC
+#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
+#endif
+
+#ifdef CONFIG_TLS_INTERNAL
+#ifdef __MINGW32_VERSION
+/*
+ * MinGW does not yet include all the needed definitions for CryptoAPI, so
+ * define here whatever extra is needed.
+ */
+
+static PCCERT_CONTEXT WINAPI
+(*CertCreateCertificateContext)(DWORD dwCertEncodingType,
+ const BYTE *pbCertEncoded,
+ DWORD cbCertEncoded)
+= NULL; /* to be loaded from crypt32.dll */
+
+static BOOL WINAPI
+(*CryptImportPublicKeyInfo)(HCRYPTPROV hCryptProv, DWORD dwCertEncodingType,
+ PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey)
+= NULL; /* to be loaded from crypt32.dll */
+
+
+static int mingw_load_crypto_func(void)
+{
+ HINSTANCE dll;
+
+ /* MinGW does not yet have full CryptoAPI support, so load the needed
+ * function here. */
+
+ if (CertCreateCertificateContext)
+ return 0;
+
+ dll = LoadLibrary("crypt32");
+ if (dll == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 "
+ "library");
+ return -1;
+ }
+
+ CertCreateCertificateContext = (void *) GetProcAddress(
+ dll, "CertCreateCertificateContext");
+ if (CertCreateCertificateContext == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
+ "CertCreateCertificateContext() address from "
+ "crypt32 library");
+ return -1;
+ }
+
+ CryptImportPublicKeyInfo = GetProcAddress(
+ dll, "CryptImportPublicKeyInfo");
+ if (CryptImportPublicKeyInfo == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
+ "CryptImportPublicKeyInfo() address from "
+ "crypt32 library");
+ return -1;
+ }
+
+ return 0;
+}
+
+#else /* __MINGW32_VERSION */
+
+static int mingw_load_crypto_func(void)
+{
+ return 0;
+}
+
+#endif /* __MINGW32_VERSION */
+#endif /* CONFIG_TLS_INTERNAL */
+
+
+static void cryptoapi_report_error(const char *msg)
+{
+ char *s, *pos;
+ DWORD err = GetLastError();
+
+ if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
+ FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL, err, 0, (LPTSTR) &s, 0, NULL) == 0) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: %s: %d", msg, (int) err);
+ }
+
+ pos = s;
+ while (*pos) {
+ if (*pos == '\n' || *pos == '\r') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+
+ wpa_printf(MSG_DEBUG, "CryptoAPI: %s: %d: (%s)", msg, (int) err, s);
+ LocalFree(s);
+}
+
+
+int cryptoapi_hash_vector(ALG_ID alg, size_t hash_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ HCRYPTPROV prov;
+ HCRYPTHASH hash;
+ size_t i;
+ DWORD hlen;
+ int ret = 0;
+
+ if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, 0)) {
+ cryptoapi_report_error("CryptAcquireContext");
+ return -1;
+ }
+
+ if (!CryptCreateHash(prov, alg, 0, 0, &hash)) {
+ cryptoapi_report_error("CryptCreateHash");
+ CryptReleaseContext(prov, 0);
+ return -1;
+ }
+
+ for (i = 0; i < num_elem; i++) {
+ if (!CryptHashData(hash, (BYTE *) addr[i], len[i], 0)) {
+ cryptoapi_report_error("CryptHashData");
+ CryptDestroyHash(hash);
+ CryptReleaseContext(prov, 0);
+ }
+ }
+
+ hlen = hash_len;
+ if (!CryptGetHashParam(hash, HP_HASHVAL, mac, &hlen, 0)) {
+ cryptoapi_report_error("CryptGetHashParam");
+ ret = -1;
+ }
+
+ CryptDestroyHash(hash);
+ CryptReleaseContext(prov, 0);
+
+ return ret;
+}
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ cryptoapi_hash_vector(CALG_MD4, 16, num_elem, addr, len, mac);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ u8 next, tmp;
+ int i;
+ HCRYPTPROV prov;
+ HCRYPTKEY ckey;
+ DWORD dlen;
+ struct {
+ BLOBHEADER hdr;
+ DWORD len;
+ BYTE key[8];
+ } key_blob;
+ DWORD mode = CRYPT_MODE_ECB;
+
+ key_blob.hdr.bType = PLAINTEXTKEYBLOB;
+ key_blob.hdr.bVersion = CUR_BLOB_VERSION;
+ key_blob.hdr.reserved = 0;
+ key_blob.hdr.aiKeyAlg = CALG_DES;
+ key_blob.len = 8;
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ key_blob.key[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ key_blob.key[i] = next | 1;
+
+ if (!CryptAcquireContext(&prov, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptAcquireContext failed: "
+ "%d", (int) GetLastError());
+ return;
+ }
+
+ if (!CryptImportKey(prov, (BYTE *) &key_blob, sizeof(key_blob), 0, 0,
+ &ckey)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptImportKey failed: %d",
+ (int) GetLastError());
+ CryptReleaseContext(prov, 0);
+ return;
+ }
+
+ if (!CryptSetKeyParam(ckey, KP_MODE, (BYTE *) &mode, 0)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptSetKeyParam(KP_MODE) "
+ "failed: %d", (int) GetLastError());
+ CryptDestroyKey(ckey);
+ CryptReleaseContext(prov, 0);
+ return;
+ }
+
+ os_memcpy(cypher, clear, 8);
+ dlen = 8;
+ if (!CryptEncrypt(ckey, 0, FALSE, 0, cypher, &dlen, 8)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptEncrypt failed: %d",
+ (int) GetLastError());
+ os_memset(cypher, 0, 8);
+ }
+
+ CryptDestroyKey(ckey);
+ CryptReleaseContext(prov, 0);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ cryptoapi_hash_vector(CALG_MD5, 16, num_elem, addr, len, mac);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ cryptoapi_hash_vector(CALG_SHA, 20, num_elem, addr, len, mac);
+}
+
+
+struct aes_context {
+ HCRYPTPROV prov;
+ HCRYPTKEY ckey;
+};
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ struct aes_context *akey;
+ struct {
+ BLOBHEADER hdr;
+ DWORD len;
+ BYTE key[16];
+ } key_blob;
+ DWORD mode = CRYPT_MODE_ECB;
+
+ if (len != 16)
+ return NULL;
+
+ key_blob.hdr.bType = PLAINTEXTKEYBLOB;
+ key_blob.hdr.bVersion = CUR_BLOB_VERSION;
+ key_blob.hdr.reserved = 0;
+ key_blob.hdr.aiKeyAlg = CALG_AES_128;
+ key_blob.len = len;
+ os_memcpy(key_blob.key, key, len);
+
+ akey = os_zalloc(sizeof(*akey));
+ if (akey == NULL)
+ return NULL;
+
+ if (!CryptAcquireContext(&akey->prov, NULL,
+ MS_ENH_RSA_AES_PROV, PROV_RSA_AES,
+ CRYPT_VERIFYCONTEXT)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptAcquireContext failed: "
+ "%d", (int) GetLastError());
+ os_free(akey);
+ return NULL;
+ }
+
+ if (!CryptImportKey(akey->prov, (BYTE *) &key_blob, sizeof(key_blob),
+ 0, 0, &akey->ckey)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptImportKey failed: %d",
+ (int) GetLastError());
+ CryptReleaseContext(akey->prov, 0);
+ os_free(akey);
+ return NULL;
+ }
+
+ if (!CryptSetKeyParam(akey->ckey, KP_MODE, (BYTE *) &mode, 0)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptSetKeyParam(KP_MODE) "
+ "failed: %d", (int) GetLastError());
+ CryptDestroyKey(akey->ckey);
+ CryptReleaseContext(akey->prov, 0);
+ os_free(akey);
+ return NULL;
+ }
+
+ return akey;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ struct aes_context *akey = ctx;
+ DWORD dlen;
+
+ os_memcpy(crypt, plain, 16);
+ dlen = 16;
+ if (!CryptEncrypt(akey->ckey, 0, FALSE, 0, crypt, &dlen, 16)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptEncrypt failed: %d",
+ (int) GetLastError());
+ os_memset(crypt, 0, 16);
+ }
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ struct aes_context *akey = ctx;
+ if (akey) {
+ CryptDestroyKey(akey->ckey);
+ CryptReleaseContext(akey->prov, 0);
+ os_free(akey);
+ }
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ return aes_encrypt_init(key, len);
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ struct aes_context *akey = ctx;
+ DWORD dlen;
+
+ os_memcpy(plain, crypt, 16);
+ dlen = 16;
+
+ if (!CryptDecrypt(akey->ckey, 0, FALSE, 0, plain, &dlen)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: CryptDecrypt failed: %d",
+ (int) GetLastError());
+ }
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ aes_encrypt_deinit(ctx);
+}
+
+#ifdef CONFIG_TLS_INTERNAL
+
+struct crypto_hash {
+ enum crypto_hash_alg alg;
+ int error;
+ HCRYPTPROV prov;
+ HCRYPTHASH hash;
+ HCRYPTKEY key;
+};
+
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_hash *ctx;
+ ALG_ID calg;
+ struct {
+ BLOBHEADER hdr;
+ DWORD len;
+ BYTE key[32];
+ } key_blob;
+
+ os_memset(&key_blob, 0, sizeof(key_blob));
+ switch (alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ calg = CALG_MD5;
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ calg = CALG_SHA;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ calg = CALG_HMAC;
+ key_blob.hdr.bType = PLAINTEXTKEYBLOB;
+ key_blob.hdr.bVersion = CUR_BLOB_VERSION;
+ key_blob.hdr.reserved = 0;
+ /*
+ * Note: RC2 is not really used, but that can be used to
+ * import HMAC keys of up to 16 byte long.
+ * CRYPT_IPSEC_HMAC_KEY flag for CryptImportKey() is needed to
+ * be able to import longer keys (HMAC-SHA1 uses 20-byte key).
+ */
+ key_blob.hdr.aiKeyAlg = CALG_RC2;
+ key_blob.len = key_len;
+ if (key_len > sizeof(key_blob.key))
+ return NULL;
+ os_memcpy(key_blob.key, key, key_len);
+ break;
+ default:
+ return NULL;
+ }
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->alg = alg;
+
+ if (!CryptAcquireContext(&ctx->prov, NULL, NULL, PROV_RSA_FULL, 0)) {
+ cryptoapi_report_error("CryptAcquireContext");
+ os_free(ctx);
+ return NULL;
+ }
+
+ if (calg == CALG_HMAC) {
+#ifndef CRYPT_IPSEC_HMAC_KEY
+#define CRYPT_IPSEC_HMAC_KEY 0x00000100
+#endif
+ if (!CryptImportKey(ctx->prov, (BYTE *) &key_blob,
+ sizeof(key_blob), 0, CRYPT_IPSEC_HMAC_KEY,
+ &ctx->key)) {
+ cryptoapi_report_error("CryptImportKey");
+ CryptReleaseContext(ctx->prov, 0);
+ os_free(ctx);
+ return NULL;
+ }
+ }
+
+ if (!CryptCreateHash(ctx->prov, calg, ctx->key, 0, &ctx->hash)) {
+ cryptoapi_report_error("CryptCreateHash");
+ CryptReleaseContext(ctx->prov, 0);
+ os_free(ctx);
+ return NULL;
+ }
+
+ if (calg == CALG_HMAC) {
+ HMAC_INFO info;
+ os_memset(&info, 0, sizeof(info));
+ switch (alg) {
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ info.HashAlgid = CALG_MD5;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ info.HashAlgid = CALG_SHA;
+ break;
+ default:
+ /* unreachable */
+ break;
+ }
+
+ if (!CryptSetHashParam(ctx->hash, HP_HMAC_INFO, (BYTE *) &info,
+ 0)) {
+ cryptoapi_report_error("CryptSetHashParam");
+ CryptDestroyHash(ctx->hash);
+ CryptReleaseContext(ctx->prov, 0);
+ os_free(ctx);
+ return NULL;
+ }
+ }
+
+ return ctx;
+}
+
+
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
+{
+ if (ctx == NULL || ctx->error)
+ return;
+
+ if (!CryptHashData(ctx->hash, (BYTE *) data, len, 0)) {
+ cryptoapi_report_error("CryptHashData");
+ ctx->error = 1;
+ }
+}
+
+
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
+{
+ int ret = 0;
+ DWORD hlen;
+
+ if (ctx == NULL)
+ return -2;
+
+ if (mac == NULL || len == NULL)
+ goto done;
+
+ if (ctx->error) {
+ ret = -2;
+ goto done;
+ }
+
+ hlen = *len;
+ if (!CryptGetHashParam(ctx->hash, HP_HASHVAL, mac, &hlen, 0)) {
+ cryptoapi_report_error("CryptGetHashParam");
+ ret = -2;
+ }
+ *len = hlen;
+
+done:
+ if (ctx->alg == CRYPTO_HASH_ALG_HMAC_SHA1 ||
+ ctx->alg == CRYPTO_HASH_ALG_HMAC_MD5)
+ CryptDestroyKey(ctx->key);
+
+ os_free(ctx);
+
+ return ret;
+}
+
+
+struct crypto_cipher {
+ HCRYPTPROV prov;
+ HCRYPTKEY key;
+};
+
+
+struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ const u8 *iv, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_cipher *ctx;
+ struct {
+ BLOBHEADER hdr;
+ DWORD len;
+ BYTE key[32];
+ } key_blob;
+ DWORD mode = CRYPT_MODE_CBC;
+
+ key_blob.hdr.bType = PLAINTEXTKEYBLOB;
+ key_blob.hdr.bVersion = CUR_BLOB_VERSION;
+ key_blob.hdr.reserved = 0;
+ key_blob.len = key_len;
+ if (key_len > sizeof(key_blob.key))
+ return NULL;
+ os_memcpy(key_blob.key, key, key_len);
+
+ switch (alg) {
+ case CRYPTO_CIPHER_ALG_AES:
+ if (key_len == 32)
+ key_blob.hdr.aiKeyAlg = CALG_AES_256;
+ else if (key_len == 24)
+ key_blob.hdr.aiKeyAlg = CALG_AES_192;
+ else
+ key_blob.hdr.aiKeyAlg = CALG_AES_128;
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ key_blob.hdr.aiKeyAlg = CALG_3DES;
+ break;
+ case CRYPTO_CIPHER_ALG_DES:
+ key_blob.hdr.aiKeyAlg = CALG_DES;
+ break;
+ case CRYPTO_CIPHER_ALG_RC2:
+ key_blob.hdr.aiKeyAlg = CALG_RC2;
+ break;
+ case CRYPTO_CIPHER_ALG_RC4:
+ key_blob.hdr.aiKeyAlg = CALG_RC4;
+ break;
+ default:
+ return NULL;
+ }
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ if (!CryptAcquireContext(&ctx->prov, NULL, MS_ENH_RSA_AES_PROV,
+ PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
+ cryptoapi_report_error("CryptAcquireContext");
+ goto fail1;
+ }
+
+ if (!CryptImportKey(ctx->prov, (BYTE *) &key_blob,
+ sizeof(key_blob), 0, 0, &ctx->key)) {
+ cryptoapi_report_error("CryptImportKey");
+ goto fail2;
+ }
+
+ if (!CryptSetKeyParam(ctx->key, KP_MODE, (BYTE *) &mode, 0)) {
+ cryptoapi_report_error("CryptSetKeyParam(KP_MODE)");
+ goto fail3;
+ }
+
+ if (iv && !CryptSetKeyParam(ctx->key, KP_IV, (BYTE *) iv, 0)) {
+ cryptoapi_report_error("CryptSetKeyParam(KP_IV)");
+ goto fail3;
+ }
+
+ return ctx;
+
+fail3:
+ CryptDestroyKey(ctx->key);
+fail2:
+ CryptReleaseContext(ctx->prov, 0);
+fail1:
+ os_free(ctx);
+ return NULL;
+}
+
+
+int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
+ u8 *crypt, size_t len)
+{
+ DWORD dlen;
+
+ os_memcpy(crypt, plain, len);
+ dlen = len;
+ if (!CryptEncrypt(ctx->key, 0, FALSE, 0, crypt, &dlen, len)) {
+ cryptoapi_report_error("CryptEncrypt");
+ os_memset(crypt, 0, len);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
+ u8 *plain, size_t len)
+{
+ DWORD dlen;
+
+ os_memcpy(plain, crypt, len);
+ dlen = len;
+ if (!CryptDecrypt(ctx->key, 0, FALSE, 0, plain, &dlen)) {
+ cryptoapi_report_error("CryptDecrypt");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void crypto_cipher_deinit(struct crypto_cipher *ctx)
+{
+ CryptDestroyKey(ctx->key);
+ CryptReleaseContext(ctx->prov, 0);
+ os_free(ctx);
+}
+
+
+struct crypto_public_key {
+ HCRYPTPROV prov;
+ HCRYPTKEY rsa;
+};
+
+struct crypto_private_key {
+ HCRYPTPROV prov;
+ HCRYPTKEY rsa;
+};
+
+
+struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len)
+{
+ /* Use crypto_public_key_from_cert() instead. */
+ return NULL;
+}
+
+
+struct crypto_private_key * crypto_private_key_import(const u8 *key,
+ size_t len)
+{
+ /* TODO */
+ return NULL;
+}
+
+
+struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
+ size_t len)
+{
+ struct crypto_public_key *pk;
+ PCCERT_CONTEXT cc;
+
+ pk = os_zalloc(sizeof(*pk));
+ if (pk == NULL)
+ return NULL;
+
+ cc = CertCreateCertificateContext(X509_ASN_ENCODING |
+ PKCS_7_ASN_ENCODING, buf, len);
+ if (!cc) {
+ cryptoapi_report_error("CryptCreateCertificateContext");
+ os_free(pk);
+ return NULL;
+ }
+
+ if (!CryptAcquireContext(&pk->prov, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+ 0)) {
+ cryptoapi_report_error("CryptAcquireContext");
+ os_free(pk);
+ CertFreeCertificateContext(cc);
+ return NULL;
+ }
+
+ if (!CryptImportPublicKeyInfo(pk->prov, X509_ASN_ENCODING |
+ PKCS_7_ASN_ENCODING,
+ &cc->pCertInfo->SubjectPublicKeyInfo,
+ &pk->rsa)) {
+ cryptoapi_report_error("CryptImportPublicKeyInfo");
+ CryptReleaseContext(pk->prov, 0);
+ os_free(pk);
+ CertFreeCertificateContext(cc);
+ return NULL;
+ }
+
+ CertFreeCertificateContext(cc);
+
+ return pk;
+}
+
+
+int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ DWORD clen;
+ u8 *tmp;
+ size_t i;
+
+ if (*outlen < inlen)
+ return -1;
+ tmp = malloc(*outlen);
+ if (tmp == NULL)
+ return -1;
+
+ os_memcpy(tmp, in, inlen);
+ clen = inlen;
+ if (!CryptEncrypt(key->rsa, 0, TRUE, 0, tmp, &clen, *outlen)) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Failed to encrypt using "
+ "public key: %d", (int) GetLastError());
+ os_free(tmp);
+ return -1;
+ }
+
+ *outlen = clen;
+
+ /* Reverse the output */
+ for (i = 0; i < *outlen; i++)
+ out[i] = tmp[*outlen - 1 - i];
+
+ os_free(tmp);
+
+ return 0;
+}
+
+
+int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ /* TODO */
+ return -1;
+}
+
+
+void crypto_public_key_free(struct crypto_public_key *key)
+{
+ if (key) {
+ CryptDestroyKey(key->rsa);
+ CryptReleaseContext(key->prov, 0);
+ os_free(key);
+ }
+}
+
+
+void crypto_private_key_free(struct crypto_private_key *key)
+{
+ if (key) {
+ CryptDestroyKey(key->rsa);
+ CryptReleaseContext(key->prov, 0);
+ os_free(key);
+ }
+}
+
+
+int crypto_global_init(void)
+{
+ return mingw_load_crypto_func();
+}
+
+
+void crypto_global_deinit(void)
+{
+}
+
+#endif /* CONFIG_TLS_INTERNAL */
+
+#endif /* EAP_TLS_FUNCS */
--- /dev/null
+/*
+ * WPA Supplicant / wrapper functions for libgcrypt
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <gcrypt.h>
+
+#include "common.h"
+#include "crypto.h"
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ gcry_md_hd_t hd;
+ unsigned char *p;
+ size_t i;
+
+ if (gcry_md_open(&hd, GCRY_MD_MD4, 0) != GPG_ERR_NO_ERROR)
+ return;
+ for (i = 0; i < num_elem; i++)
+ gcry_md_write(hd, addr[i], len[i]);
+ p = gcry_md_read(hd, GCRY_MD_MD4);
+ if (p)
+ memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_MD4));
+ gcry_md_close(hd);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ gcry_cipher_hd_t hd;
+ u8 pkey[8], next, tmp;
+ int i;
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ pkey[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ pkey[i] = next | 1;
+
+ gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+ gcry_err_code(gcry_cipher_setkey(hd, pkey, 8));
+ gcry_cipher_encrypt(hd, cypher, 8, clear, 8);
+ gcry_cipher_close(hd);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ gcry_md_hd_t hd;
+ unsigned char *p;
+ size_t i;
+
+ if (gcry_md_open(&hd, GCRY_MD_MD5, 0) != GPG_ERR_NO_ERROR)
+ return;
+ for (i = 0; i < num_elem; i++)
+ gcry_md_write(hd, addr[i], len[i]);
+ p = gcry_md_read(hd, GCRY_MD_MD5);
+ if (p)
+ memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_MD5));
+ gcry_md_close(hd);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ gcry_md_hd_t hd;
+ unsigned char *p;
+ size_t i;
+
+ if (gcry_md_open(&hd, GCRY_MD_SHA1, 0) != GPG_ERR_NO_ERROR)
+ return;
+ for (i = 0; i < num_elem; i++)
+ gcry_md_write(hd, addr[i], len[i]);
+ p = gcry_md_read(hd, GCRY_MD_SHA1);
+ if (p)
+ memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_SHA1));
+ gcry_md_close(hd);
+}
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ /* FIX: how to do this with libgcrypt? */
+ return -1;
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ gcry_cipher_hd_t hd;
+
+ if (gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0) !=
+ GPG_ERR_NO_ERROR) {
+ printf("cipher open failed\n");
+ return NULL;
+ }
+ if (gcry_cipher_setkey(hd, key, len) != GPG_ERR_NO_ERROR) {
+ printf("setkey failed\n");
+ gcry_cipher_close(hd);
+ return NULL;
+ }
+
+ return hd;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ gcry_cipher_hd_t hd = ctx;
+ gcry_cipher_encrypt(hd, crypt, 16, plain, 16);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ gcry_cipher_hd_t hd = ctx;
+ gcry_cipher_close(hd);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ gcry_cipher_hd_t hd;
+
+ if (gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0) !=
+ GPG_ERR_NO_ERROR)
+ return NULL;
+ if (gcry_cipher_setkey(hd, key, len) != GPG_ERR_NO_ERROR) {
+ gcry_cipher_close(hd);
+ return NULL;
+ }
+
+ return hd;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ gcry_cipher_hd_t hd = ctx;
+ gcry_cipher_decrypt(hd, plain, 16, crypt, 16);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ gcry_cipher_hd_t hd = ctx;
+ gcry_cipher_close(hd);
+}
+#endif /* EAP_TLS_FUNCS */
--- /dev/null
+/*
+ * WPA Supplicant / Crypto wrapper for internal crypto implementation
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+#include "md5.h"
+#include "sha1.h"
+#include "rc4.h"
+#include "aes.h"
+#include "rsa.h"
+#include "bignum.h"
+
+
+#ifdef EAP_TLS_FUNCS
+
+#ifdef CONFIG_TLS_INTERNAL
+
+/* from des.c */
+struct des3_key_s {
+ u32 ek[3][32];
+ u32 dk[3][32];
+};
+
+void des3_key_setup(const u8 *key, struct des3_key_s *dkey);
+void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt);
+void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain);
+
+
+struct MD5Context {
+ u32 buf[4];
+ u32 bits[2];
+ u8 in[64];
+};
+
+struct SHA1Context {
+ u32 state[5];
+ u32 count[2];
+ unsigned char buffer[64];
+};
+
+
+struct crypto_hash {
+ enum crypto_hash_alg alg;
+ union {
+ struct MD5Context md5;
+ struct SHA1Context sha1;
+ } u;
+ u8 key[64];
+ size_t key_len;
+};
+
+
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_hash *ctx;
+ u8 k_pad[64];
+ u8 tk[20];
+ size_t i;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->alg = alg;
+
+ switch (alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ MD5Init(&ctx->u.md5);
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ SHA1Init(&ctx->u.sha1);
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ if (key_len > sizeof(k_pad)) {
+ MD5Init(&ctx->u.md5);
+ MD5Update(&ctx->u.md5, key, key_len);
+ MD5Final(tk, &ctx->u.md5);
+ key = tk;
+ key_len = 16;
+ }
+ os_memcpy(ctx->key, key, key_len);
+ ctx->key_len = key_len;
+
+ os_memcpy(k_pad, key, key_len);
+ os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
+ for (i = 0; i < sizeof(k_pad); i++)
+ k_pad[i] ^= 0x36;
+ MD5Init(&ctx->u.md5);
+ MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ if (key_len > sizeof(k_pad)) {
+ SHA1Init(&ctx->u.sha1);
+ SHA1Update(&ctx->u.sha1, key, key_len);
+ SHA1Final(tk, &ctx->u.sha1);
+ key = tk;
+ key_len = 20;
+ }
+ os_memcpy(ctx->key, key, key_len);
+ ctx->key_len = key_len;
+
+ os_memcpy(k_pad, key, key_len);
+ os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
+ for (i = 0; i < sizeof(k_pad); i++)
+ k_pad[i] ^= 0x36;
+ SHA1Init(&ctx->u.sha1);
+ SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
+ break;
+ default:
+ os_free(ctx);
+ return NULL;
+ }
+
+ return ctx;
+}
+
+
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
+{
+ if (ctx == NULL)
+ return;
+
+ switch (ctx->alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ MD5Update(&ctx->u.md5, data, len);
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ SHA1Update(&ctx->u.sha1, data, len);
+ break;
+ }
+}
+
+
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
+{
+ u8 k_pad[64];
+ size_t i;
+
+ if (ctx == NULL)
+ return -2;
+
+ if (mac == NULL || len == NULL) {
+ os_free(ctx);
+ return 0;
+ }
+
+ switch (ctx->alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ if (*len < 16) {
+ *len = 16;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 16;
+ MD5Final(mac, &ctx->u.md5);
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ if (*len < 20) {
+ *len = 20;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 20;
+ SHA1Final(mac, &ctx->u.sha1);
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ if (*len < 16) {
+ *len = 16;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 16;
+
+ MD5Final(mac, &ctx->u.md5);
+
+ os_memcpy(k_pad, ctx->key, ctx->key_len);
+ os_memset(k_pad + ctx->key_len, 0,
+ sizeof(k_pad) - ctx->key_len);
+ for (i = 0; i < sizeof(k_pad); i++)
+ k_pad[i] ^= 0x5c;
+ MD5Init(&ctx->u.md5);
+ MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
+ MD5Update(&ctx->u.md5, mac, 16);
+ MD5Final(mac, &ctx->u.md5);
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ if (*len < 20) {
+ *len = 20;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 20;
+
+ SHA1Final(mac, &ctx->u.sha1);
+
+ os_memcpy(k_pad, ctx->key, ctx->key_len);
+ os_memset(k_pad + ctx->key_len, 0,
+ sizeof(k_pad) - ctx->key_len);
+ for (i = 0; i < sizeof(k_pad); i++)
+ k_pad[i] ^= 0x5c;
+ SHA1Init(&ctx->u.sha1);
+ SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
+ SHA1Update(&ctx->u.sha1, mac, 20);
+ SHA1Final(mac, &ctx->u.sha1);
+ break;
+ }
+
+ os_free(ctx);
+
+ return 0;
+}
+
+
+struct crypto_cipher {
+ enum crypto_cipher_alg alg;
+ union {
+ struct {
+ size_t used_bytes;
+ u8 key[16];
+ size_t keylen;
+ } rc4;
+ struct {
+ u8 cbc[32];
+ size_t block_size;
+ void *ctx_enc;
+ void *ctx_dec;
+ } aes;
+ struct {
+ struct des3_key_s key;
+ u8 cbc[8];
+ } des3;
+ } u;
+};
+
+
+struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ const u8 *iv, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_cipher *ctx;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->alg = alg;
+
+ switch (alg) {
+ case CRYPTO_CIPHER_ALG_RC4:
+ if (key_len > sizeof(ctx->u.rc4.key)) {
+ os_free(ctx);
+ return NULL;
+ }
+ ctx->u.rc4.keylen = key_len;
+ os_memcpy(ctx->u.rc4.key, key, key_len);
+ break;
+ case CRYPTO_CIPHER_ALG_AES:
+ if (key_len > sizeof(ctx->u.aes.cbc)) {
+ os_free(ctx);
+ return NULL;
+ }
+ ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
+ if (ctx->u.aes.ctx_enc == NULL) {
+ os_free(ctx);
+ return NULL;
+ }
+ ctx->u.aes.ctx_dec = aes_decrypt_init(key, key_len);
+ if (ctx->u.aes.ctx_dec == NULL) {
+ aes_encrypt_deinit(ctx->u.aes.ctx_enc);
+ os_free(ctx);
+ return NULL;
+ }
+ ctx->u.aes.block_size = key_len;
+ os_memcpy(ctx->u.aes.cbc, iv, ctx->u.aes.block_size);
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ if (key_len != 24) {
+ os_free(ctx);
+ return NULL;
+ }
+ des3_key_setup(key, &ctx->u.des3.key);
+ os_memcpy(ctx->u.des3.cbc, iv, 8);
+ break;
+ default:
+ os_free(ctx);
+ return NULL;
+ }
+
+ return ctx;
+}
+
+
+int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
+ u8 *crypt, size_t len)
+{
+ size_t i, j, blocks;
+
+ switch (ctx->alg) {
+ case CRYPTO_CIPHER_ALG_RC4:
+ if (plain != crypt)
+ os_memcpy(crypt, plain, len);
+ rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
+ ctx->u.rc4.used_bytes, crypt, len);
+ ctx->u.rc4.used_bytes += len;
+ break;
+ case CRYPTO_CIPHER_ALG_AES:
+ if (len % ctx->u.aes.block_size)
+ return -1;
+ blocks = len / ctx->u.aes.block_size;
+ for (i = 0; i < blocks; i++) {
+ for (j = 0; j < ctx->u.aes.block_size; j++)
+ ctx->u.aes.cbc[j] ^= plain[j];
+ aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
+ ctx->u.aes.cbc);
+ os_memcpy(crypt, ctx->u.aes.cbc,
+ ctx->u.aes.block_size);
+ plain += ctx->u.aes.block_size;
+ crypt += ctx->u.aes.block_size;
+ }
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ if (len % 8)
+ return -1;
+ blocks = len / 8;
+ for (i = 0; i < blocks; i++) {
+ for (j = 0; j < 8; j++)
+ ctx->u.des3.cbc[j] ^= plain[j];
+ des3_encrypt(ctx->u.des3.cbc, &ctx->u.des3.key,
+ ctx->u.des3.cbc);
+ os_memcpy(crypt, ctx->u.des3.cbc, 8);
+ plain += 8;
+ crypt += 8;
+ }
+ break;
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
+ u8 *plain, size_t len)
+{
+ size_t i, j, blocks;
+ u8 tmp[32];
+
+ switch (ctx->alg) {
+ case CRYPTO_CIPHER_ALG_RC4:
+ if (plain != crypt)
+ os_memcpy(plain, crypt, len);
+ rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
+ ctx->u.rc4.used_bytes, plain, len);
+ ctx->u.rc4.used_bytes += len;
+ break;
+ case CRYPTO_CIPHER_ALG_AES:
+ if (len % ctx->u.aes.block_size)
+ return -1;
+ blocks = len / ctx->u.aes.block_size;
+ for (i = 0; i < blocks; i++) {
+ os_memcpy(tmp, crypt, ctx->u.aes.block_size);
+ aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
+ for (j = 0; j < ctx->u.aes.block_size; j++)
+ plain[j] ^= ctx->u.aes.cbc[j];
+ os_memcpy(ctx->u.aes.cbc, tmp, ctx->u.aes.block_size);
+ plain += ctx->u.aes.block_size;
+ crypt += ctx->u.aes.block_size;
+ }
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ if (len % 8)
+ return -1;
+ blocks = len / 8;
+ for (i = 0; i < blocks; i++) {
+ os_memcpy(tmp, crypt, 8);
+ des3_decrypt(crypt, &ctx->u.des3.key, plain);
+ for (j = 0; j < 8; j++)
+ plain[j] ^= ctx->u.des3.cbc[j];
+ os_memcpy(ctx->u.des3.cbc, tmp, 8);
+ plain += 8;
+ crypt += 8;
+ }
+ break;
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void crypto_cipher_deinit(struct crypto_cipher *ctx)
+{
+ switch (ctx->alg) {
+ case CRYPTO_CIPHER_ALG_AES:
+ aes_encrypt_deinit(ctx->u.aes.ctx_enc);
+ aes_decrypt_deinit(ctx->u.aes.ctx_dec);
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ break;
+ default:
+ break;
+ }
+ os_free(ctx);
+}
+
+
+/* Dummy structures; these are just typecast to struct crypto_rsa_key */
+struct crypto_public_key;
+struct crypto_private_key;
+
+
+struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len)
+{
+ return (struct crypto_public_key *)
+ crypto_rsa_import_public_key(key, len);
+}
+
+
+struct crypto_private_key * crypto_private_key_import(const u8 *key,
+ size_t len)
+{
+ return (struct crypto_private_key *)
+ crypto_rsa_import_private_key(key, len);
+}
+
+
+struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
+ size_t len)
+{
+ /* No X.509 support in crypto_internal.c */
+ return NULL;
+}
+
+
+static int pkcs1_generate_encryption_block(u8 block_type, size_t modlen,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ size_t ps_len;
+ u8 *pos;
+
+ /*
+ * PKCS #1 v1.5, 8.1:
+ *
+ * EB = 00 || BT || PS || 00 || D
+ * BT = 00 or 01 for private-key operation; 02 for public-key operation
+ * PS = k-3-||D||; at least eight octets
+ * (BT=0: PS=0x00, BT=1: PS=0xff, BT=2: PS=pseudorandom non-zero)
+ * k = length of modulus in octets (modlen)
+ */
+
+ if (modlen < 12 || modlen > *outlen || inlen > modlen - 11) {
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Invalid buffer "
+ "lengths (modlen=%lu outlen=%lu inlen=%lu)",
+ __func__, (unsigned long) modlen,
+ (unsigned long) *outlen,
+ (unsigned long) inlen);
+ return -1;
+ }
+
+ pos = out;
+ *pos++ = 0x00;
+ *pos++ = block_type; /* BT */
+ ps_len = modlen - inlen - 3;
+ switch (block_type) {
+ case 0:
+ os_memset(pos, 0x00, ps_len);
+ pos += ps_len;
+ break;
+ case 1:
+ os_memset(pos, 0xff, ps_len);
+ pos += ps_len;
+ break;
+ case 2:
+ if (os_get_random(pos, ps_len) < 0) {
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Failed to get "
+ "random data for PS", __func__);
+ return -1;
+ }
+ while (ps_len--) {
+ if (*pos == 0x00)
+ *pos = 0x01;
+ pos++;
+ }
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Unsupported block type "
+ "%d", __func__, block_type);
+ return -1;
+ }
+ *pos++ = 0x00;
+ os_memcpy(pos, in, inlen); /* D */
+
+ return 0;
+}
+
+
+static int crypto_rsa_encrypt_pkcs1(int block_type, struct crypto_rsa_key *key,
+ int use_private,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ size_t modlen;
+
+ modlen = crypto_rsa_get_modulus_len(key);
+
+ if (pkcs1_generate_encryption_block(block_type, modlen, in, inlen,
+ out, outlen) < 0)
+ return -1;
+
+ return crypto_rsa_exptmod(out, modlen, out, outlen, key, use_private);
+}
+
+
+int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ return crypto_rsa_encrypt_pkcs1(2, (struct crypto_rsa_key *) key,
+ 0, in, inlen, out, outlen);
+}
+
+
+int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ return crypto_rsa_encrypt_pkcs1(1, (struct crypto_rsa_key *) key,
+ 1, in, inlen, out, outlen);
+}
+
+
+void crypto_public_key_free(struct crypto_public_key *key)
+{
+ crypto_rsa_free((struct crypto_rsa_key *) key);
+}
+
+
+void crypto_private_key_free(struct crypto_private_key *key)
+{
+ crypto_rsa_free((struct crypto_rsa_key *) key);
+}
+
+
+int crypto_public_key_decrypt_pkcs1(struct crypto_public_key *key,
+ const u8 *crypt, size_t crypt_len,
+ u8 *plain, size_t *plain_len)
+{
+ size_t len;
+ u8 *pos;
+
+ len = *plain_len;
+ if (crypto_rsa_exptmod(crypt, crypt_len, plain, &len,
+ (struct crypto_rsa_key *) key, 0) < 0)
+ return -1;
+
+ /*
+ * PKCS #1 v1.5, 8.1:
+ *
+ * EB = 00 || BT || PS || 00 || D
+ * BT = 01
+ * PS = k-3-||D|| times FF
+ * k = length of modulus in octets
+ */
+
+ if (len < 3 + 8 + 16 /* min hash len */ ||
+ plain[0] != 0x00 || plain[1] != 0x01 || plain[2] != 0xff) {
+ wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
+ "structure");
+ return -1;
+ }
+
+ pos = plain + 3;
+ while (pos < plain + len && *pos == 0xff)
+ pos++;
+ if (pos - plain - 2 < 8) {
+ /* PKCS #1 v1.5, 8.1: At least eight octets long PS */
+ wpa_printf(MSG_INFO, "LibTomCrypt: Too short signature "
+ "padding");
+ return -1;
+ }
+
+ if (pos + 16 /* min hash len */ >= plain + len || *pos != 0x00) {
+ wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
+ "structure (2)");
+ return -1;
+ }
+ pos++;
+ len -= pos - plain;
+
+ /* Strip PKCS #1 header */
+ os_memmove(plain, pos, len);
+ *plain_len = len;
+
+ return 0;
+}
+
+
+int crypto_global_init(void)
+{
+ return 0;
+}
+
+
+void crypto_global_deinit(void)
+{
+}
+
+
+#ifdef EAP_FAST
+
+int crypto_mod_exp(const u8 *base, size_t base_len,
+ const u8 *power, size_t power_len,
+ const u8 *modulus, size_t modulus_len,
+ u8 *result, size_t *result_len)
+{
+ struct bignum *bn_base, *bn_exp, *bn_modulus, *bn_result;
+ int ret = 0;
+
+ bn_base = bignum_init();
+ bn_exp = bignum_init();
+ bn_modulus = bignum_init();
+ bn_result = bignum_init();
+
+ if (bn_base == NULL || bn_exp == NULL || bn_modulus == NULL ||
+ bn_result == NULL)
+ goto error;
+
+ if (bignum_set_unsigned_bin(bn_base, base, base_len) < 0 ||
+ bignum_set_unsigned_bin(bn_exp, power, power_len) < 0 ||
+ bignum_set_unsigned_bin(bn_modulus, modulus, modulus_len) < 0)
+ goto error;
+
+ if (bignum_exptmod(bn_base, bn_exp, bn_modulus, bn_result) < 0)
+ goto error;
+
+ ret = bignum_get_unsigned_bin(bn_result, result, result_len);
+
+error:
+ bignum_deinit(bn_base);
+ bignum_deinit(bn_exp);
+ bignum_deinit(bn_modulus);
+ bignum_deinit(bn_result);
+ return ret;
+}
+
+#endif /* EAP_FAST */
+
+
+#endif /* CONFIG_TLS_INTERNAL */
+
+#endif /* EAP_TLS_FUNCS */
--- /dev/null
+/*
+ * WPA Supplicant / Crypto wrapper for LibTomCrypt (for internal TLSv1)
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <tomcrypt.h>
+
+#include "common.h"
+#include "rc4.h"
+#include "crypto.h"
+
+#ifndef mp_init_multi
+#define mp_init_multi ltc_init_multi
+#define mp_clear_multi ltc_deinit_multi
+#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a)
+#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b)
+#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c)
+#define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d)
+#endif
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ hash_state md;
+ size_t i;
+
+ md4_init(&md);
+ for (i = 0; i < num_elem; i++)
+ md4_process(&md, addr[i], len[i]);
+ md4_done(&md, mac);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ u8 pkey[8], next, tmp;
+ int i;
+ symmetric_key skey;
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ pkey[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ pkey[i] = next | 1;
+
+ des_setup(pkey, 8, 0, &skey);
+ des_ecb_encrypt(clear, cypher, &skey);
+ des_done(&skey);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ hash_state md;
+ size_t i;
+
+ md5_init(&md);
+ for (i = 0; i < num_elem; i++)
+ md5_process(&md, addr[i], len[i]);
+ md5_done(&md, mac);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ hash_state md;
+ size_t i;
+
+ sha1_init(&md);
+ for (i = 0; i < num_elem; i++)
+ sha1_process(&md, addr[i], len[i]);
+ sha1_done(&md, mac);
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ symmetric_key *skey;
+ skey = os_malloc(sizeof(*skey));
+ if (skey == NULL)
+ return NULL;
+ if (aes_setup(key, len, 0, skey) != CRYPT_OK) {
+ os_free(skey);
+ return NULL;
+ }
+ return skey;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ symmetric_key *skey = ctx;
+ aes_ecb_encrypt(plain, crypt, skey);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ symmetric_key *skey = ctx;
+ aes_done(skey);
+ os_free(skey);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ symmetric_key *skey;
+ skey = os_malloc(sizeof(*skey));
+ if (skey == NULL)
+ return NULL;
+ if (aes_setup(key, len, 0, skey) != CRYPT_OK) {
+ os_free(skey);
+ return NULL;
+ }
+ return skey;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ symmetric_key *skey = ctx;
+ aes_ecb_encrypt(plain, (u8 *) crypt, skey);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ symmetric_key *skey = ctx;
+ aes_done(skey);
+ os_free(skey);
+}
+
+
+#ifdef CONFIG_TLS_INTERNAL
+
+struct crypto_hash {
+ enum crypto_hash_alg alg;
+ int error;
+ union {
+ hash_state md;
+ hmac_state hmac;
+ } u;
+};
+
+
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_hash *ctx;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->alg = alg;
+
+ switch (alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ if (md5_init(&ctx->u.md) != CRYPT_OK)
+ goto fail;
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ if (sha1_init(&ctx->u.md) != CRYPT_OK)
+ goto fail;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ if (hmac_init(&ctx->u.hmac, find_hash("md5"), key, key_len) !=
+ CRYPT_OK)
+ goto fail;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ if (hmac_init(&ctx->u.hmac, find_hash("sha1"), key, key_len) !=
+ CRYPT_OK)
+ goto fail;
+ break;
+ default:
+ goto fail;
+ }
+
+ return ctx;
+
+fail:
+ os_free(ctx);
+ return NULL;
+}
+
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
+{
+ if (ctx == NULL || ctx->error)
+ return;
+
+ switch (ctx->alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ ctx->error = md5_process(&ctx->u.md, data, len) != CRYPT_OK;
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ ctx->error = sha1_process(&ctx->u.md, data, len) != CRYPT_OK;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ ctx->error = hmac_process(&ctx->u.hmac, data, len) != CRYPT_OK;
+ break;
+ }
+}
+
+
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
+{
+ int ret = 0;
+ unsigned long clen;
+
+ if (ctx == NULL)
+ return -2;
+
+ if (mac == NULL || len == NULL) {
+ os_free(ctx);
+ return 0;
+ }
+
+ if (ctx->error) {
+ os_free(ctx);
+ return -2;
+ }
+
+ switch (ctx->alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ if (*len < 16) {
+ *len = 16;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 16;
+ if (md5_done(&ctx->u.md, mac) != CRYPT_OK)
+ ret = -2;
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ if (*len < 20) {
+ *len = 20;
+ os_free(ctx);
+ return -1;
+ }
+ *len = 20;
+ if (sha1_done(&ctx->u.md, mac) != CRYPT_OK)
+ ret = -2;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ if (*len < 20) {
+ *len = 20;
+ os_free(ctx);
+ return -1;
+ }
+ /* continue */
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ if (*len < 16) {
+ *len = 16;
+ os_free(ctx);
+ return -1;
+ }
+ clen = *len;
+ if (hmac_done(&ctx->u.hmac, mac, &clen) != CRYPT_OK) {
+ os_free(ctx);
+ return -1;
+ }
+ *len = clen;
+ break;
+ default:
+ ret = -2;
+ break;
+ }
+
+ os_free(ctx);
+
+ return ret;
+}
+
+
+struct crypto_cipher {
+ int rc4;
+ union {
+ symmetric_CBC cbc;
+ struct {
+ size_t used_bytes;
+ u8 key[16];
+ size_t keylen;
+ } rc4;
+ } u;
+};
+
+
+struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ const u8 *iv, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_cipher *ctx;
+ int idx, res, rc4 = 0;
+
+ switch (alg) {
+ case CRYPTO_CIPHER_ALG_AES:
+ idx = find_cipher("aes");
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ idx = find_cipher("3des");
+ break;
+ case CRYPTO_CIPHER_ALG_DES:
+ idx = find_cipher("des");
+ break;
+ case CRYPTO_CIPHER_ALG_RC2:
+ idx = find_cipher("rc2");
+ break;
+ case CRYPTO_CIPHER_ALG_RC4:
+ idx = -1;
+ rc4 = 1;
+ break;
+ default:
+ return NULL;
+ }
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ if (rc4) {
+ ctx->rc4 = 1;
+ if (key_len > sizeof(ctx->u.rc4.key)) {
+ os_free(ctx);
+ return NULL;
+ }
+ ctx->u.rc4.keylen = key_len;
+ os_memcpy(ctx->u.rc4.key, key, key_len);
+ } else {
+ res = cbc_start(idx, iv, key, key_len, 0, &ctx->u.cbc);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_DEBUG, "LibTomCrypt: Cipher start "
+ "failed: %s", error_to_string(res));
+ os_free(ctx);
+ return NULL;
+ }
+ }
+
+ return ctx;
+}
+
+int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
+ u8 *crypt, size_t len)
+{
+ int res;
+
+ if (ctx->rc4) {
+ if (plain != crypt)
+ os_memcpy(crypt, plain, len);
+ rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
+ ctx->u.rc4.used_bytes, crypt, len);
+ ctx->u.rc4.used_bytes += len;
+ return 0;
+ }
+
+ res = cbc_encrypt(plain, crypt, len, &ctx->u.cbc);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_DEBUG, "LibTomCrypt: CBC encryption "
+ "failed: %s", error_to_string(res));
+ return -1;
+ }
+ return 0;
+}
+
+
+int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
+ u8 *plain, size_t len)
+{
+ int res;
+
+ if (ctx->rc4) {
+ if (plain != crypt)
+ os_memcpy(plain, crypt, len);
+ rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
+ ctx->u.rc4.used_bytes, plain, len);
+ ctx->u.rc4.used_bytes += len;
+ return 0;
+ }
+
+ res = cbc_decrypt(crypt, plain, len, &ctx->u.cbc);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_DEBUG, "LibTomCrypt: CBC decryption "
+ "failed: %s", error_to_string(res));
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void crypto_cipher_deinit(struct crypto_cipher *ctx)
+{
+ if (!ctx->rc4)
+ cbc_done(&ctx->u.cbc);
+ os_free(ctx);
+}
+
+
+struct crypto_public_key {
+ rsa_key rsa;
+};
+
+struct crypto_private_key {
+ rsa_key rsa;
+};
+
+
+struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len)
+{
+ int res;
+ struct crypto_public_key *pk;
+
+ pk = os_zalloc(sizeof(*pk));
+ if (pk == NULL)
+ return NULL;
+
+ res = rsa_import(key, len, &pk->rsa);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_ERROR, "LibTomCrypt: Failed to import "
+ "public key (res=%d '%s')",
+ res, error_to_string(res));
+ os_free(pk);
+ return NULL;
+ }
+
+ if (pk->rsa.type != PK_PUBLIC) {
+ wpa_printf(MSG_ERROR, "LibTomCrypt: Public key was not of "
+ "correct type");
+ rsa_free(&pk->rsa);
+ os_free(pk);
+ return NULL;
+ }
+
+ return pk;
+}
+
+
+struct crypto_private_key * crypto_private_key_import(const u8 *key,
+ size_t len)
+{
+ int res;
+ struct crypto_private_key *pk;
+
+ pk = os_zalloc(sizeof(*pk));
+ if (pk == NULL)
+ return NULL;
+
+ res = rsa_import(key, len, &pk->rsa);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_ERROR, "LibTomCrypt: Failed to import "
+ "private key (res=%d '%s')",
+ res, error_to_string(res));
+ os_free(pk);
+ return NULL;
+ }
+
+ if (pk->rsa.type != PK_PRIVATE) {
+ wpa_printf(MSG_ERROR, "LibTomCrypt: Private key was not of "
+ "correct type");
+ rsa_free(&pk->rsa);
+ os_free(pk);
+ return NULL;
+ }
+
+ return pk;
+}
+
+
+struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
+ size_t len)
+{
+ /* No X.509 support in LibTomCrypt */
+ return NULL;
+}
+
+
+static int pkcs1_generate_encryption_block(u8 block_type, size_t modlen,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ size_t ps_len;
+ u8 *pos;
+
+ /*
+ * PKCS #1 v1.5, 8.1:
+ *
+ * EB = 00 || BT || PS || 00 || D
+ * BT = 00 or 01 for private-key operation; 02 for public-key operation
+ * PS = k-3-||D||; at least eight octets
+ * (BT=0: PS=0x00, BT=1: PS=0xff, BT=2: PS=pseudorandom non-zero)
+ * k = length of modulus in octets (modlen)
+ */
+
+ if (modlen < 12 || modlen > *outlen || inlen > modlen - 11) {
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Invalid buffer "
+ "lengths (modlen=%lu outlen=%lu inlen=%lu)",
+ __func__, (unsigned long) modlen,
+ (unsigned long) *outlen,
+ (unsigned long) inlen);
+ return -1;
+ }
+
+ pos = out;
+ *pos++ = 0x00;
+ *pos++ = block_type; /* BT */
+ ps_len = modlen - inlen - 3;
+ switch (block_type) {
+ case 0:
+ os_memset(pos, 0x00, ps_len);
+ pos += ps_len;
+ break;
+ case 1:
+ os_memset(pos, 0xff, ps_len);
+ pos += ps_len;
+ break;
+ case 2:
+ if (os_get_random(pos, ps_len) < 0) {
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Failed to get "
+ "random data for PS", __func__);
+ return -1;
+ }
+ while (ps_len--) {
+ if (*pos == 0x00)
+ *pos = 0x01;
+ pos++;
+ }
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "PKCS #1: %s - Unsupported block type "
+ "%d", __func__, block_type);
+ return -1;
+ }
+ *pos++ = 0x00;
+ os_memcpy(pos, in, inlen); /* D */
+
+ return 0;
+}
+
+
+static int crypto_rsa_encrypt_pkcs1(int block_type, rsa_key *key, int key_type,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ unsigned long len, modlen;
+ int res;
+
+ modlen = mp_unsigned_bin_size(key->N);
+
+ if (pkcs1_generate_encryption_block(block_type, modlen, in, inlen,
+ out, outlen) < 0)
+ return -1;
+
+ len = *outlen;
+ res = rsa_exptmod(out, modlen, out, &len, key_type, key);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_DEBUG, "LibTomCrypt: rsa_exptmod failed: %s",
+ error_to_string(res));
+ return -1;
+ }
+ *outlen = len;
+
+ return 0;
+}
+
+
+int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ return crypto_rsa_encrypt_pkcs1(2, &key->rsa, PK_PUBLIC, in, inlen,
+ out, outlen);
+}
+
+
+int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
+ const u8 *in, size_t inlen,
+ u8 *out, size_t *outlen)
+{
+ return crypto_rsa_encrypt_pkcs1(1, &key->rsa, PK_PRIVATE, in, inlen,
+ out, outlen);
+}
+
+
+void crypto_public_key_free(struct crypto_public_key *key)
+{
+ if (key) {
+ rsa_free(&key->rsa);
+ os_free(key);
+ }
+}
+
+
+void crypto_private_key_free(struct crypto_private_key *key)
+{
+ if (key) {
+ rsa_free(&key->rsa);
+ os_free(key);
+ }
+}
+
+
+int crypto_public_key_decrypt_pkcs1(struct crypto_public_key *key,
+ const u8 *crypt, size_t crypt_len,
+ u8 *plain, size_t *plain_len)
+{
+ int res;
+ unsigned long len;
+ u8 *pos;
+
+ len = *plain_len;
+ res = rsa_exptmod(crypt, crypt_len, plain, &len, PK_PUBLIC,
+ &key->rsa);
+ if (res != CRYPT_OK) {
+ wpa_printf(MSG_DEBUG, "LibTomCrypt: rsa_exptmod failed: %s",
+ error_to_string(res));
+ return -1;
+ }
+
+ /*
+ * PKCS #1 v1.5, 8.1:
+ *
+ * EB = 00 || BT || PS || 00 || D
+ * BT = 01
+ * PS = k-3-||D|| times FF
+ * k = length of modulus in octets
+ */
+
+ if (len < 3 + 8 + 16 /* min hash len */ ||
+ plain[0] != 0x00 || plain[1] != 0x01 || plain[2] != 0xff) {
+ wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
+ "structure");
+ return -1;
+ }
+
+ pos = plain + 3;
+ while (pos < plain + len && *pos == 0xff)
+ pos++;
+ if (pos - plain - 2 < 8) {
+ /* PKCS #1 v1.5, 8.1: At least eight octets long PS */
+ wpa_printf(MSG_INFO, "LibTomCrypt: Too short signature "
+ "padding");
+ return -1;
+ }
+
+ if (pos + 16 /* min hash len */ >= plain + len || *pos != 0x00) {
+ wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
+ "structure (2)");
+ return -1;
+ }
+ pos++;
+ len -= pos - plain;
+
+ /* Strip PKCS #1 header */
+ os_memmove(plain, pos, len);
+ *plain_len = len;
+
+ return 0;
+}
+
+
+int crypto_global_init(void)
+{
+ ltc_mp = tfm_desc;
+ /* TODO: only register algorithms that are really needed */
+ if (register_hash(&md4_desc) < 0 ||
+ register_hash(&md5_desc) < 0 ||
+ register_hash(&sha1_desc) < 0 ||
+ register_cipher(&aes_desc) < 0 ||
+ register_cipher(&des_desc) < 0 ||
+ register_cipher(&des3_desc) < 0) {
+ wpa_printf(MSG_ERROR, "TLSv1: Failed to register "
+ "hash/cipher functions");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void crypto_global_deinit(void)
+{
+}
+
+
+#ifdef EAP_FAST
+
+int crypto_mod_exp(const u8 *base, size_t base_len,
+ const u8 *power, size_t power_len,
+ const u8 *modulus, size_t modulus_len,
+ u8 *result, size_t *result_len)
+{
+ void *b, *p, *m, *r;
+
+ if (mp_init_multi(&b, &p, &m, &r, NULL) != CRYPT_OK)
+ return -1;
+
+ if (mp_read_unsigned_bin(b, (u8 *) base, base_len) != CRYPT_OK ||
+ mp_read_unsigned_bin(p, (u8 *) power, power_len) != CRYPT_OK ||
+ mp_read_unsigned_bin(m, (u8 *) modulus, modulus_len) != CRYPT_OK)
+ goto fail;
+
+ if (mp_exptmod(b, p, m, r) != CRYPT_OK)
+ goto fail;
+
+ *result_len = mp_unsigned_bin_size(r);
+ if (mp_to_unsigned_bin(r, result) != CRYPT_OK)
+ goto fail;
+
+ mp_clear_multi(b, p, m, r, NULL);
+ return 0;
+
+fail:
+ mp_clear_multi(b, p, m, r, NULL);
+ return -1;
+}
+
+#endif /* EAP_FAST */
+
+#endif /* CONFIG_TLS_INTERNAL */
+
+#endif /* EAP_TLS_FUNCS */
--- /dev/null
+/*
+ * WPA Supplicant / Empty template functions for crypto wrapper
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+}
--- /dev/null
+/*
+ * WPA Supplicant / Control interface (shared code for all backends)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "wpa_supplicant.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface.h"
+#include "l2_packet.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "wpa_ctrl.h"
+#include "eap.h"
+
+
+static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
+ char *buf, int len);
+
+
+static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
+ char *cmd)
+{
+ char *value;
+ int ret = 0;
+
+ value = os_strchr(cmd, ' ');
+ if (value == NULL)
+ return -1;
+ *value++ = '\0';
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE SET '%s'='%s'", cmd, value);
+ if (os_strcasecmp(cmd, "EAPOL::heldPeriod") == 0) {
+ eapol_sm_configure(wpa_s->eapol,
+ atoi(value), -1, -1, -1);
+ } else if (os_strcasecmp(cmd, "EAPOL::authPeriod") == 0) {
+ eapol_sm_configure(wpa_s->eapol,
+ -1, atoi(value), -1, -1);
+ } else if (os_strcasecmp(cmd, "EAPOL::startPeriod") == 0) {
+ eapol_sm_configure(wpa_s->eapol,
+ -1, -1, atoi(value), -1);
+ } else if (os_strcasecmp(cmd, "EAPOL::maxStart") == 0) {
+ eapol_sm_configure(wpa_s->eapol,
+ -1, -1, -1, atoi(value));
+ } else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKLifetime") == 0) {
+ if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
+ atoi(value)))
+ ret = -1;
+ } else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKReauthThreshold") ==
+ 0) {
+ if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
+ atoi(value)))
+ ret = -1;
+ } else if (os_strcasecmp(cmd, "dot11RSNAConfigSATimeout") == 0) {
+ if (wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT, atoi(value)))
+ ret = -1;
+ } else
+ ret = -1;
+
+ return ret;
+}
+
+
+static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
+ char *addr)
+{
+ u8 bssid[ETH_ALEN];
+
+ if (hwaddr_aton(addr, bssid)) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH: invalid address "
+ "'%s'", addr);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH " MACSTR, MAC2STR(bssid));
+ rsn_preauth_deinit(wpa_s->wpa);
+ if (rsn_preauth_init(wpa_s->wpa, bssid, wpa_s->current_ssid))
+ return -1;
+
+ return 0;
+}
+
+
+#ifdef CONFIG_PEERKEY
+/* MLME-STKSTART.request(peer) */
+static int wpa_supplicant_ctrl_iface_stkstart(
+ struct wpa_supplicant *wpa_s, char *addr)
+{
+ u8 peer[ETH_ALEN];
+
+ if (hwaddr_aton(addr, peer)) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE STKSTART: invalid "
+ "address '%s'", peer);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE STKSTART " MACSTR,
+ MAC2STR(peer));
+
+ return wpa_sm_stkstart(wpa_s->wpa, peer);
+}
+#endif /* CONFIG_PEERKEY */
+
+
+static int wpa_supplicant_ctrl_iface_ctrl_rsp(struct wpa_supplicant *wpa_s,
+ char *rsp)
+{
+#ifdef IEEE8021X_EAPOL
+ char *pos, *id_pos;
+ int id;
+ struct wpa_ssid *ssid;
+
+ pos = os_strchr(rsp, '-');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+ id_pos = pos;
+ pos = os_strchr(pos, ':');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+ id = atoi(id_pos);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: field=%s id=%d", rsp, id);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
+ (u8 *) pos, os_strlen(pos));
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
+ "to update", id);
+ return -1;
+ }
+
+ if (os_strcmp(rsp, "IDENTITY") == 0) {
+ os_free(ssid->identity);
+ ssid->identity = (u8 *) os_strdup(pos);
+ ssid->identity_len = os_strlen(pos);
+ ssid->pending_req_identity = 0;
+ if (ssid == wpa_s->current_ssid)
+ wpa_s->reassociate = 1;
+ } else if (os_strcmp(rsp, "PASSWORD") == 0) {
+ os_free(ssid->password);
+ ssid->password = (u8 *) os_strdup(pos);
+ ssid->password_len = os_strlen(pos);
+ ssid->pending_req_password = 0;
+ if (ssid == wpa_s->current_ssid)
+ wpa_s->reassociate = 1;
+ } else if (os_strcmp(rsp, "NEW_PASSWORD") == 0) {
+ os_free(ssid->new_password);
+ ssid->new_password = (u8 *) os_strdup(pos);
+ ssid->new_password_len = os_strlen(pos);
+ ssid->pending_req_new_password = 0;
+ if (ssid == wpa_s->current_ssid)
+ wpa_s->reassociate = 1;
+ } else if (os_strcmp(rsp, "PIN") == 0) {
+ os_free(ssid->pin);
+ ssid->pin = os_strdup(pos);
+ ssid->pending_req_pin = 0;
+ if (ssid == wpa_s->current_ssid)
+ wpa_s->reassociate = 1;
+ } else if (os_strcmp(rsp, "OTP") == 0) {
+ os_free(ssid->otp);
+ ssid->otp = (u8 *) os_strdup(pos);
+ ssid->otp_len = os_strlen(pos);
+ os_free(ssid->pending_req_otp);
+ ssid->pending_req_otp = NULL;
+ ssid->pending_req_otp_len = 0;
+ } else if (os_strcmp(rsp, "PASSPHRASE") == 0) {
+ os_free(ssid->private_key_passwd);
+ ssid->private_key_passwd = (u8 *) os_strdup(pos);
+ ssid->pending_req_passphrase = 0;
+ if (ssid == wpa_s->current_ssid)
+ wpa_s->reassociate = 1;
+ } else {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", rsp);
+ return -1;
+ }
+
+ return 0;
+#else /* IEEE8021X_EAPOL */
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: 802.1X not included");
+ return -1;
+#endif /* IEEE8021X_EAPOL */
+}
+
+
+static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
+ const char *params,
+ char *buf, size_t buflen)
+{
+ char *pos, *end, tmp[30];
+ int res, verbose, ret;
+
+ verbose = os_strcmp(params, "-VERBOSE") == 0;
+ pos = buf;
+ end = buf + buflen;
+ if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
+ MAC2STR(wpa_s->bssid));
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ if (ssid) {
+ u8 *_ssid = ssid->ssid;
+ size_t ssid_len = ssid->ssid_len;
+ u8 ssid_buf[MAX_SSID_LEN];
+ if (ssid_len == 0) {
+ int _res = wpa_drv_get_ssid(wpa_s, ssid_buf);
+ if (_res < 0)
+ ssid_len = 0;
+ else
+ ssid_len = _res;
+ _ssid = ssid_buf;
+ }
+ ret = os_snprintf(pos, end - pos, "ssid=%s\nid=%d\n",
+ wpa_ssid_txt(_ssid, ssid_len),
+ ssid->id);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ if (ssid->id_str) {
+ ret = os_snprintf(pos, end - pos,
+ "id_str=%s\n",
+ ssid->id_str);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+ }
+
+ pos += wpa_sm_get_status(wpa_s->wpa, pos, end - pos, verbose);
+ }
+ ret = os_snprintf(pos, end - pos, "wpa_state=%s\n",
+ wpa_supplicant_state_txt(wpa_s->wpa_state));
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ if (wpa_s->l2 &&
+ l2_packet_get_ip_addr(wpa_s->l2, tmp, sizeof(tmp)) >= 0) {
+ ret = os_snprintf(pos, end - pos, "ip_address=%s\n", tmp);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ res = eapol_sm_get_status(wpa_s->eapol, pos, end - pos,
+ verbose);
+ if (res >= 0)
+ pos += res;
+ }
+
+ res = rsn_preauth_get_status(wpa_s->wpa, pos, end - pos, verbose);
+ if (res >= 0)
+ pos += res;
+
+ return pos - buf;
+}
+
+
+static int wpa_supplicant_ctrl_iface_bssid(struct wpa_supplicant *wpa_s,
+ char *cmd)
+{
+ char *pos;
+ int id;
+ struct wpa_ssid *ssid;
+ u8 bssid[ETH_ALEN];
+
+ /* cmd: "<network id> <BSSID>" */
+ pos = os_strchr(cmd, ' ');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: id=%d bssid='%s'", id, pos);
+ if (hwaddr_aton(pos, bssid)) {
+ wpa_printf(MSG_DEBUG ,"CTRL_IFACE: invalid BSSID '%s'", pos);
+ return -1;
+ }
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
+ "to update", id);
+ return -1;
+ }
+
+ os_memcpy(ssid->bssid, bssid, ETH_ALEN);
+ ssid->bssid_set =
+ os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0;
+
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_list_networks(
+ struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
+{
+ char *pos, *end;
+ struct wpa_ssid *ssid;
+ int ret;
+
+ pos = buf;
+ end = buf + buflen;
+ ret = os_snprintf(pos, end - pos,
+ "network id / ssid / bssid / flags\n");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ ret = os_snprintf(pos, end - pos, "%d\t%s",
+ ssid->id,
+ wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ if (ssid->bssid_set) {
+ ret = os_snprintf(pos, end - pos, "\t" MACSTR,
+ MAC2STR(ssid->bssid));
+ } else {
+ ret = os_snprintf(pos, end - pos, "\tany");
+ }
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ ret = os_snprintf(pos, end - pos, "\t%s%s",
+ ssid == wpa_s->current_ssid ?
+ "[CURRENT]" : "",
+ ssid->disabled ? "[DISABLED]" : "");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ ret = os_snprintf(pos, end - pos, "\n");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ ssid = ssid->next;
+ }
+
+ return pos - buf;
+}
+
+
+static char * wpa_supplicant_cipher_txt(char *pos, char *end, int cipher)
+{
+ int first = 1, ret;
+ ret = os_snprintf(pos, end - pos, "-");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ if (cipher & WPA_CIPHER_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sNONE", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (cipher & WPA_CIPHER_WEP40) {
+ ret = os_snprintf(pos, end - pos, "%sWEP40", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (cipher & WPA_CIPHER_WEP104) {
+ ret = os_snprintf(pos, end - pos, "%sWEP104",
+ first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (cipher & WPA_CIPHER_TKIP) {
+ ret = os_snprintf(pos, end - pos, "%sTKIP", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (cipher & WPA_CIPHER_CCMP) {
+ ret = os_snprintf(pos, end - pos, "%sCCMP", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ return pos;
+}
+
+
+static char * wpa_supplicant_ie_txt(char *pos, char *end, const char *proto,
+ const u8 *ie, size_t ie_len)
+{
+ struct wpa_ie_data data;
+ int first, ret;
+
+ ret = os_snprintf(pos, end - pos, "[%s-", proto);
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+
+ if (wpa_parse_wpa_ie(ie, ie_len, &data) < 0) {
+ ret = os_snprintf(pos, end - pos, "?]");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ return pos;
+ }
+
+ first = 1;
+ if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
+ ret = os_snprintf(pos, end - pos, "%sEAP", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (data.key_mgmt & WPA_KEY_MGMT_PSK) {
+ ret = os_snprintf(pos, end - pos, "%sPSK", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+ if (data.key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sNone", first ? "" : "+");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ first = 0;
+ }
+
+ pos = wpa_supplicant_cipher_txt(pos, end, data.pairwise_cipher);
+
+ if (data.capabilities & WPA_CAPABILITY_PREAUTH) {
+ ret = os_snprintf(pos, end - pos, "-preauth");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+ }
+
+ ret = os_snprintf(pos, end - pos, "]");
+ if (ret < 0 || ret >= end - pos)
+ return pos;
+ pos += ret;
+
+ return pos;
+}
+
+
+static int wpa_supplicant_ctrl_iface_scan_results(
+ struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
+{
+ char *pos, *end;
+ struct wpa_scan_result *res;
+ int i, ret;
+
+ if (wpa_s->scan_results == NULL &&
+ wpa_supplicant_get_scan_results(wpa_s) < 0)
+ return 0;
+ if (wpa_s->scan_results == NULL)
+ return 0;
+
+ pos = buf;
+ end = buf + buflen;
+ ret = os_snprintf(pos, end - pos, "bssid / frequency / signal level / "
+ "flags / ssid\n");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ for (i = 0; i < wpa_s->num_scan_results; i++) {
+ res = &wpa_s->scan_results[i];
+ ret = os_snprintf(pos, end - pos, MACSTR "\t%d\t%d\t",
+ MAC2STR(res->bssid), res->freq, res->level);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ if (res->wpa_ie_len) {
+ pos = wpa_supplicant_ie_txt(pos, end, "WPA",
+ res->wpa_ie,
+ res->wpa_ie_len);
+ }
+ if (res->rsn_ie_len) {
+ pos = wpa_supplicant_ie_txt(pos, end, "WPA2",
+ res->rsn_ie,
+ res->rsn_ie_len);
+ }
+ if (!res->wpa_ie_len && !res->rsn_ie_len &&
+ res->caps & IEEE80211_CAP_PRIVACY) {
+ ret = os_snprintf(pos, end - pos, "[WEP]");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+ if (res->caps & IEEE80211_CAP_IBSS) {
+ ret = os_snprintf(pos, end - pos, "[IBSS]");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ ret = os_snprintf(pos, end - pos, "\t%s",
+ wpa_ssid_txt(res->ssid, res->ssid_len));
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ ret = os_snprintf(pos, end - pos, "\n");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ return pos - buf;
+}
+
+
+static int wpa_supplicant_ctrl_iface_select_network(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int id;
+ struct wpa_ssid *ssid;
+
+ /* cmd: "<network id>" or "any" */
+ if (os_strcmp(cmd, "any") == 0) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK any");
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ ssid->disabled = 0;
+ ssid = ssid->next;
+ }
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ return 0;
+ }
+
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK id=%d", id);
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ if (ssid != wpa_s->current_ssid && wpa_s->current_ssid)
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+
+ /* Mark all other networks disabled and trigger reassociation */
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ ssid->disabled = id != ssid->id;
+ ssid = ssid->next;
+ }
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_enable_network(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int id;
+ struct wpa_ssid *ssid;
+
+ /* cmd: "<network id>" */
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: ENABLE_NETWORK id=%d", id);
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ if (wpa_s->current_ssid == NULL && ssid->disabled) {
+ /*
+ * Try to reassociate since there is no current configuration
+ * and a new network was made available. */
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
+ ssid->disabled = 0;
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_disable_network(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int id;
+ struct wpa_ssid *ssid;
+
+ /* cmd: "<network id>" */
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: DISABLE_NETWORK id=%d", id);
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ if (ssid == wpa_s->current_ssid)
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ ssid->disabled = 1;
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_add_network(
+ struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
+{
+ struct wpa_ssid *ssid;
+ int ret;
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_NETWORK");
+
+ ssid = wpa_config_add_network(wpa_s->conf);
+ if (ssid == NULL)
+ return -1;
+ ssid->disabled = 1;
+ wpa_config_set_network_defaults(ssid);
+
+ ret = os_snprintf(buf, buflen, "%d\n", ssid->id);
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+}
+
+
+static int wpa_supplicant_ctrl_iface_remove_network(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int id;
+ struct wpa_ssid *ssid;
+
+ /* cmd: "<network id>" */
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK id=%d", id);
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL ||
+ wpa_config_remove_network(wpa_s->conf, id) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ if (ssid == wpa_s->current_ssid) {
+ /*
+ * Invalidate the EAP session cache if the current network is
+ * removed.
+ */
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ }
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_set_network(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int id;
+ struct wpa_ssid *ssid;
+ char *name, *value;
+
+ /* cmd: "<network id> <variable name> <value>" */
+ name = os_strchr(cmd, ' ');
+ if (name == NULL)
+ return -1;
+ *name++ = '\0';
+
+ value = os_strchr(name, ' ');
+ if (value == NULL)
+ return -1;
+ *value++ = '\0';
+
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_NETWORK id=%d name='%s'",
+ id, name);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
+ (u8 *) value, os_strlen(value));
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ if (wpa_config_set(ssid, name, value, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set network "
+ "variable '%s'", name);
+ return -1;
+ }
+
+ if (wpa_s->current_ssid == ssid) {
+ /*
+ * Invalidate the EAP session cache if anything in the current
+ * configuration changes.
+ */
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+ }
+
+ if ((os_strcmp(name, "psk") == 0 &&
+ value[0] == '"' && ssid->ssid_len) ||
+ (os_strcmp(name, "ssid") == 0 && ssid->passphrase))
+ wpa_config_update_psk(ssid);
+
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_get_network(
+ struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
+{
+ int id;
+ struct wpa_ssid *ssid;
+ char *name, *value;
+
+ /* cmd: "<network id> <variable name>" */
+ name = os_strchr(cmd, ' ');
+ if (name == NULL || buflen == 0)
+ return -1;
+ *name++ = '\0';
+
+ id = atoi(cmd);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_NETWORK id=%d name='%s'",
+ id, name);
+
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
+ "id=%d", id);
+ return -1;
+ }
+
+ value = wpa_config_get_no_key(ssid, name);
+ if (value == NULL) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to get network "
+ "variable '%s'", name);
+ return -1;
+ }
+
+ os_snprintf(buf, buflen, "%s", value);
+ buf[buflen - 1] = '\0';
+
+ os_free(value);
+
+ return os_strlen(buf);
+}
+
+
+static int wpa_supplicant_ctrl_iface_save_config(struct wpa_supplicant *wpa_s)
+{
+ int ret;
+
+ if (!wpa_s->conf->update_config) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Not allowed "
+ "to update configuration (update_config=0)");
+ return -1;
+ }
+
+ ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Failed to "
+ "update configuration");
+ } else {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Configuration"
+ " updated");
+ }
+
+ return ret;
+}
+
+
+static int wpa_supplicant_ctrl_iface_get_capability(
+ struct wpa_supplicant *wpa_s, const char *_field, char *buf,
+ size_t buflen)
+{
+ struct wpa_driver_capa capa;
+ int res, first = 1, ret;
+ char *pos, *end, *strict;
+ char field[30];
+
+ /* Determine whether or not strict checking was requested */
+ os_snprintf(field, sizeof(field), "%s", _field);
+ field[sizeof(field) - 1] = '\0';
+ strict = os_strchr(field, ' ');
+ if (strict != NULL) {
+ *strict++ = '\0';
+ if (os_strcmp(strict, "strict") != 0)
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s' %s",
+ field, strict ? strict : "");
+
+ if (os_strcmp(field, "eap") == 0) {
+ return eap_get_names(buf, buflen);
+ }
+
+ res = wpa_drv_get_capa(wpa_s, &capa);
+
+ pos = buf;
+ end = pos + buflen;
+
+ if (os_strcmp(field, "pairwise") == 0) {
+ if (res < 0) {
+ if (strict)
+ return 0;
+ ret = os_snprintf(buf, buflen, "CCMP TKIP NONE");
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
+ ret = os_snprintf(pos, end - pos, "%sCCMP",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) {
+ ret = os_snprintf(pos, end - pos, "%sTKIP",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
+ ret = os_snprintf(pos, end - pos, "%sNONE",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ return pos - buf;
+ }
+
+ if (os_strcmp(field, "group") == 0) {
+ if (res < 0) {
+ if (strict)
+ return 0;
+ ret = os_snprintf(buf, buflen,
+ "CCMP TKIP WEP104 WEP40");
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
+ ret = os_snprintf(pos, end - pos, "%sCCMP",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) {
+ ret = os_snprintf(pos, end - pos, "%sTKIP",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) {
+ ret = os_snprintf(pos, end - pos, "%sWEP104",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_WEP40) {
+ ret = os_snprintf(pos, end - pos, "%sWEP40",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ return pos - buf;
+ }
+
+ if (os_strcmp(field, "key_mgmt") == 0) {
+ if (res < 0) {
+ if (strict)
+ return 0;
+ ret = os_snprintf(buf, buflen, "WPA-PSK WPA-EAP "
+ "IEEE8021X WPA-NONE NONE");
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+ }
+
+ ret = os_snprintf(pos, end - pos, "NONE IEEE8021X");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
+ ret = os_snprintf(pos, end - pos, " WPA-EAP");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+ ret = os_snprintf(pos, end - pos, " WPA-PSK");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
+ ret = os_snprintf(pos, end - pos, " WPA-NONE");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ return pos - buf;
+ }
+
+ if (os_strcmp(field, "proto") == 0) {
+ if (res < 0) {
+ if (strict)
+ return 0;
+ ret = os_snprintf(buf, buflen, "RSN WPA");
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+ }
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+ ret = os_snprintf(pos, end - pos, "%sRSN",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) {
+ ret = os_snprintf(pos, end - pos, "%sWPA",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ return pos - buf;
+ }
+
+ if (os_strcmp(field, "auth_alg") == 0) {
+ if (res < 0) {
+ if (strict)
+ return 0;
+ ret = os_snprintf(buf, buflen, "OPEN SHARED LEAP");
+ if (ret < 0 || (size_t) ret >= buflen)
+ return -1;
+ return ret;
+ }
+
+ if (capa.auth & (WPA_DRIVER_AUTH_OPEN)) {
+ ret = os_snprintf(pos, end - pos, "%sOPEN",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.auth & (WPA_DRIVER_AUTH_SHARED)) {
+ ret = os_snprintf(pos, end - pos, "%sSHARED",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ if (capa.auth & (WPA_DRIVER_AUTH_LEAP)) {
+ ret = os_snprintf(pos, end - pos, "%sLEAP",
+ first ? "" : " ");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ first = 0;
+ }
+
+ return pos - buf;
+ }
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
+ field);
+
+ return -1;
+}
+
+
+static int wpa_supplicant_ctrl_iface_ap_scan(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ int ap_scan = atoi(cmd);
+
+ if (ap_scan < 0 || ap_scan > 2)
+ return -1;
+ wpa_s->conf->ap_scan = ap_scan;
+ return 0;
+}
+
+
+char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
+ char *buf, size_t *resp_len)
+{
+ char *reply;
+ const int reply_size = 2048;
+ int ctrl_rsp = 0;
+ int reply_len;
+
+ if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
+ os_strncmp(buf, "SET_NETWORK ", 12) == 0) {
+ wpa_hexdump_ascii_key(MSG_DEBUG, "RX ctrl_iface",
+ (const u8 *) buf, os_strlen(buf));
+ } else {
+ wpa_hexdump_ascii(MSG_DEBUG, "RX ctrl_iface",
+ (const u8 *) buf, os_strlen(buf));
+ }
+
+ reply = os_malloc(reply_size);
+ if (reply == NULL) {
+ *resp_len = 1;
+ return NULL;
+ }
+
+ os_memcpy(reply, "OK\n", 3);
+ reply_len = 3;
+
+ if (os_strcmp(buf, "PING") == 0) {
+ os_memcpy(reply, "PONG\n", 5);
+ reply_len = 5;
+ } else if (os_strcmp(buf, "MIB") == 0) {
+ reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
+ if (reply_len >= 0) {
+ int res;
+ res = eapol_sm_get_mib(wpa_s->eapol, reply + reply_len,
+ reply_size - reply_len);
+ if (res < 0)
+ reply_len = -1;
+ else
+ reply_len += res;
+ }
+ } else if (os_strncmp(buf, "STATUS", 6) == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_status(
+ wpa_s, buf + 6, reply, reply_size);
+ } else if (os_strcmp(buf, "PMKSA") == 0) {
+ reply_len = pmksa_cache_list(wpa_s->wpa, reply, reply_size);
+ } else if (os_strncmp(buf, "SET ", 4) == 0) {
+ if (wpa_supplicant_ctrl_iface_set(wpa_s, buf + 4))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "LOGON") == 0) {
+ eapol_sm_notify_logoff(wpa_s->eapol, FALSE);
+ } else if (os_strcmp(buf, "LOGOFF") == 0) {
+ eapol_sm_notify_logoff(wpa_s->eapol, TRUE);
+ } else if (os_strcmp(buf, "REASSOCIATE") == 0) {
+ wpa_s->disconnected = 0;
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ } else if (os_strcmp(buf, "RECONNECT") == 0) {
+ if (wpa_s->disconnected) {
+ wpa_s->disconnected = 0;
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
+ } else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
+ if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
+ reply_len = -1;
+#ifdef CONFIG_PEERKEY
+ } else if (os_strncmp(buf, "STKSTART ", 9) == 0) {
+ if (wpa_supplicant_ctrl_iface_stkstart(wpa_s, buf + 9))
+ reply_len = -1;
+#endif /* CONFIG_PEERKEY */
+ } else if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0)
+ {
+ if (wpa_supplicant_ctrl_iface_ctrl_rsp(
+ wpa_s, buf + os_strlen(WPA_CTRL_RSP)))
+ reply_len = -1;
+ else
+ ctrl_rsp = 1;
+ } else if (os_strcmp(buf, "RECONFIGURE") == 0) {
+ if (wpa_supplicant_reload_configuration(wpa_s))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "TERMINATE") == 0) {
+ eloop_terminate();
+ } else if (os_strncmp(buf, "BSSID ", 6) == 0) {
+ if (wpa_supplicant_ctrl_iface_bssid(wpa_s, buf + 6))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "LIST_NETWORKS") == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_list_networks(
+ wpa_s, reply, reply_size);
+ } else if (os_strcmp(buf, "DISCONNECT") == 0) {
+ wpa_s->reassociate = 0;
+ wpa_s->disconnected = 1;
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ } else if (os_strcmp(buf, "SCAN") == 0) {
+ wpa_s->scan_req = 2;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ } else if (os_strcmp(buf, "SCAN_RESULTS") == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_scan_results(
+ wpa_s, reply, reply_size);
+ } else if (os_strncmp(buf, "SELECT_NETWORK ", 15) == 0) {
+ if (wpa_supplicant_ctrl_iface_select_network(wpa_s, buf + 15))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "ENABLE_NETWORK ", 15) == 0) {
+ if (wpa_supplicant_ctrl_iface_enable_network(wpa_s, buf + 15))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "DISABLE_NETWORK ", 16) == 0) {
+ if (wpa_supplicant_ctrl_iface_disable_network(wpa_s, buf + 16))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "ADD_NETWORK") == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_add_network(
+ wpa_s, reply, reply_size);
+ } else if (os_strncmp(buf, "REMOVE_NETWORK ", 15) == 0) {
+ if (wpa_supplicant_ctrl_iface_remove_network(wpa_s, buf + 15))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "SET_NETWORK ", 12) == 0) {
+ if (wpa_supplicant_ctrl_iface_set_network(wpa_s, buf + 12))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "GET_NETWORK ", 12) == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_get_network(
+ wpa_s, buf + 12, reply, reply_size);
+ } else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
+ if (wpa_supplicant_ctrl_iface_save_config(wpa_s))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "GET_CAPABILITY ", 15) == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_get_capability(
+ wpa_s, buf + 15, reply, reply_size);
+ } else if (os_strncmp(buf, "AP_SCAN ", 8) == 0) {
+ if (wpa_supplicant_ctrl_iface_ap_scan(wpa_s, buf + 8))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "INTERFACES") == 0) {
+ reply_len = wpa_supplicant_global_iface_interfaces(
+ wpa_s->global, reply, reply_size);
+ } else {
+ os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
+ reply_len = 16;
+ }
+
+ if (reply_len < 0) {
+ os_memcpy(reply, "FAIL\n", 5);
+ reply_len = 5;
+ }
+
+ if (ctrl_rsp)
+ eapol_sm_notify_ctrl_response(wpa_s->eapol);
+
+ *resp_len = reply_len;
+ return reply;
+}
+
+
+static int wpa_supplicant_global_iface_add(struct wpa_global *global,
+ char *cmd)
+{
+ struct wpa_interface iface;
+ char *pos;
+
+ /*
+ * <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB<driver_param>
+ * TAB<bridge_ifname>
+ */
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_ADD '%s'", cmd);
+
+ os_memset(&iface, 0, sizeof(iface));
+
+ do {
+ iface.ifname = pos = cmd;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.ifname[0] == '\0')
+ return -1;
+ if (pos == NULL)
+ break;
+
+ iface.confname = pos;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.confname[0] == '\0')
+ iface.confname = NULL;
+ if (pos == NULL)
+ break;
+
+ iface.driver = pos;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.driver[0] == '\0')
+ iface.driver = NULL;
+ if (pos == NULL)
+ break;
+
+ iface.ctrl_interface = pos;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.ctrl_interface[0] == '\0')
+ iface.ctrl_interface = NULL;
+ if (pos == NULL)
+ break;
+
+ iface.driver_param = pos;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.driver_param[0] == '\0')
+ iface.driver_param = NULL;
+ if (pos == NULL)
+ break;
+
+ iface.bridge_ifname = pos;
+ pos = os_strchr(pos, '\t');
+ if (pos)
+ *pos++ = '\0';
+ if (iface.bridge_ifname[0] == '\0')
+ iface.bridge_ifname = NULL;
+ if (pos == NULL)
+ break;
+ } while (0);
+
+ if (wpa_supplicant_get_iface(global, iface.ifname))
+ return -1;
+
+ return wpa_supplicant_add_iface(global, &iface) ? 0 : -1;
+}
+
+
+static int wpa_supplicant_global_iface_remove(struct wpa_global *global,
+ char *cmd)
+{
+ struct wpa_supplicant *wpa_s;
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_REMOVE '%s'", cmd);
+
+ wpa_s = wpa_supplicant_get_iface(global, cmd);
+ if (wpa_s == NULL)
+ return -1;
+ return wpa_supplicant_remove_iface(global, wpa_s);
+}
+
+
+static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
+ char *buf, int len)
+{
+ int res;
+ char *pos, *end;
+ struct wpa_supplicant *wpa_s;
+
+ wpa_s = global->ifaces;
+ pos = buf;
+ end = buf + len;
+
+ while (wpa_s) {
+ res = os_snprintf(pos, end - pos, "%s\n", wpa_s->ifname);
+ if (res < 0 || res >= end - pos) {
+ *pos = '\0';
+ break;
+ }
+ pos += res;
+ wpa_s = wpa_s->next;
+ }
+ return pos - buf;
+}
+
+
+char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
+ char *buf, size_t *resp_len)
+{
+ char *reply;
+ const int reply_size = 2048;
+ int reply_len;
+
+ wpa_hexdump_ascii(MSG_DEBUG, "RX global ctrl_iface",
+ (const u8 *) buf, os_strlen(buf));
+
+ reply = os_malloc(reply_size);
+ if (reply == NULL) {
+ *resp_len = 1;
+ return NULL;
+ }
+
+ os_memcpy(reply, "OK\n", 3);
+ reply_len = 3;
+
+ if (os_strcmp(buf, "PING") == 0) {
+ os_memcpy(reply, "PONG\n", 5);
+ reply_len = 5;
+ } else if (os_strncmp(buf, "INTERFACE_ADD ", 14) == 0) {
+ if (wpa_supplicant_global_iface_add(global, buf + 14))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "INTERFACE_REMOVE ", 17) == 0) {
+ if (wpa_supplicant_global_iface_remove(global, buf + 17))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "INTERFACES") == 0) {
+ reply_len = wpa_supplicant_global_iface_interfaces(
+ global, reply, reply_size);
+ } else if (os_strcmp(buf, "TERMINATE") == 0) {
+ eloop_terminate();
+ } else {
+ os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
+ reply_len = 16;
+ }
+
+ if (reply_len < 0) {
+ os_memcpy(reply, "FAIL\n", 5);
+ reply_len = 5;
+ }
+
+ *resp_len = reply_len;
+ return reply;
+}
--- /dev/null
+/*
+ * WPA Supplicant / UNIX domain socket -based control interface
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CTRL_IFACE_H
+#define CTRL_IFACE_H
+
+#ifdef CONFIG_CTRL_IFACE
+
+/* Shared functions from ctrl_iface.c; to be called by ctrl_iface backends */
+
+/**
+ * wpa_supplicant_ctrl_iface_process - Process ctrl_iface command
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @buf: Received command buffer (nul terminated string)
+ * @resp_len: Variable to be set to the response length
+ * Returns: Response (*resp_len bytes) or %NULL on failure
+ *
+ * Control interface backends call this function when receiving a message that
+ * they do not process internally, i.e., anything else than ATTACH, DETACH,
+ * and LEVEL. The return response value is then sent to the external program
+ * that sent the command. Caller is responsible for freeing the buffer after
+ * this. If %NULL is returned, *resp_len can be set to two special values:
+ * 1 = send "FAIL\n" response, 2 = send "OK\n" response. If *resp_len has any
+ * other value, no response is sent.
+ */
+char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
+ char *buf, size_t *resp_len);
+
+/**
+ * wpa_supplicant_ctrl_iface_process - Process global ctrl_iface command
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * @buf: Received command buffer (nul terminated string)
+ * @resp_len: Variable to be set to the response length
+ * Returns: Response (*resp_len bytes) or %NULL on failure
+ *
+ * Control interface backends call this function when receiving a message from
+ * the global ctrl_iface connection. The return response value is then sent to
+ * the external program that sent the command. Caller is responsible for
+ * freeing the buffer after this. If %NULL is returned, *resp_len can be set to
+ * two special values: 1 = send "FAIL\n" response, 2 = send "OK\n" response. If
+ * *resp_len has any other value, no response is sent.
+ */
+char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
+ char *buf, size_t *resp_len);
+
+
+/* Functions that each ctrl_iface backend must implement */
+
+/**
+ * wpa_supplicant_ctrl_iface_init - Initialize control interface
+ * @wpa_s: Pointer to wpa_supplicant data
+ * Returns: Pointer to private data on success, %NULL on failure
+ *
+ * Initialize the control interface and start receiving commands from external
+ * programs.
+ *
+ * Required to be implemented in each control interface backend.
+ */
+struct ctrl_iface_priv *
+wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s);
+
+/**
+ * wpa_supplicant_ctrl_iface_deinit - Deinitialize control interface
+ * @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
+ *
+ * Deinitialize the control interface that was initialized with
+ * wpa_supplicant_ctrl_iface_init().
+ *
+ * Required to be implemented in each control interface backend.
+ */
+void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv);
+
+/**
+ * wpa_supplicant_ctrl_iface_wait - Wait for ctrl_iface monitor
+ * @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
+ *
+ * Wait until the first message from an external program using the control
+ * interface is received. This function can be used to delay normal startup
+ * processing to allow control interface programs to attach with
+ * %wpa_supplicant before normal operations are started.
+ *
+ * Required to be implemented in each control interface backend.
+ */
+void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv);
+
+/**
+ * wpa_supplicant_global_ctrl_iface_init - Initialize global control interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * Returns: Pointer to private data on success, %NULL on failure
+ *
+ * Initialize the global control interface and start receiving commands from
+ * external programs.
+ *
+ * Required to be implemented in each control interface backend.
+ */
+struct ctrl_iface_global_priv *
+wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global);
+
+/**
+ * wpa_supplicant_global_ctrl_iface_deinit - Deinitialize global ctrl interface
+ * @priv: Pointer to private data from wpa_supplicant_global_ctrl_iface_init()
+ *
+ * Deinitialize the global control interface that was initialized with
+ * wpa_supplicant_global_ctrl_iface_init().
+ *
+ * Required to be implemented in each control interface backend.
+ */
+void wpa_supplicant_global_ctrl_iface_deinit(
+ struct ctrl_iface_global_priv *priv);
+
+#else /* CONFIG_CTRL_IFACE */
+
+static inline struct ctrl_iface_priv *
+wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
+{
+ return (void *) -1;
+}
+
+static inline void
+wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+{
+}
+
+static inline void
+wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv, int level,
+ char *buf, size_t len)
+{
+}
+
+static inline void
+wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
+{
+}
+
+static inline struct ctrl_iface_global_priv *
+wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
+{
+ return (void *) 1;
+}
+
+static inline void
+wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
+{
+}
+
+#endif /* CONFIG_CTRL_IFACE */
+
+#endif /* CTRL_IFACE_H */
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include <dbus/dbus.h>
+
+#include "common.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "wpa_supplicant.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface_dbus.h"
+#include "ctrl_iface_dbus_handlers.h"
+#include "l2_packet.h"
+#include "preauth.h"
+#include "wpa_ctrl.h"
+#include "eap.h"
+
+#define DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR)
+#define DBUS_VER(major, minor) ((major) << 8 | (minor))
+
+#if DBUS_VERSION < DBUS_VER(1,1)
+#define dbus_watch_get_unix_fd dbus_watch_get_fd
+#endif
+
+
+struct ctrl_iface_dbus_priv {
+ DBusConnection *con;
+ int should_dispatch;
+ struct wpa_global *global;
+
+ u32 next_objid;
+};
+
+
+static void process_watch(struct ctrl_iface_dbus_priv *iface,
+ DBusWatch *watch, eloop_event_type type)
+{
+ dbus_connection_ref(iface->con);
+
+ iface->should_dispatch = 0;
+
+ if (type == EVENT_TYPE_READ)
+ dbus_watch_handle(watch, DBUS_WATCH_READABLE);
+ else if (type == EVENT_TYPE_WRITE)
+ dbus_watch_handle(watch, DBUS_WATCH_WRITABLE);
+ else if (type == EVENT_TYPE_EXCEPTION)
+ dbus_watch_handle(watch, DBUS_WATCH_ERROR);
+
+ if (iface->should_dispatch) {
+ while (dbus_connection_get_dispatch_status(iface->con) ==
+ DBUS_DISPATCH_DATA_REMAINS)
+ dbus_connection_dispatch(iface->con);
+ iface->should_dispatch = 0;
+ }
+
+ dbus_connection_unref(iface->con);
+}
+
+
+static void process_watch_exception(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_EXCEPTION);
+}
+
+
+static void process_watch_read(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_READ);
+}
+
+
+static void process_watch_write(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_WRITE);
+}
+
+
+static void connection_setup_add_watch(struct ctrl_iface_dbus_priv *iface,
+ DBusWatch *watch)
+{
+ unsigned int flags;
+ int fd;
+
+ if (!dbus_watch_get_enabled(watch))
+ return;
+
+ flags = dbus_watch_get_flags(watch);
+ fd = dbus_watch_get_unix_fd(watch);
+
+ eloop_register_sock(fd, EVENT_TYPE_EXCEPTION, process_watch_exception,
+ iface, watch);
+
+ if (flags & DBUS_WATCH_READABLE) {
+ eloop_register_sock(fd, EVENT_TYPE_READ, process_watch_read,
+ iface, watch);
+ }
+ if (flags & DBUS_WATCH_WRITABLE) {
+ eloop_register_sock(fd, EVENT_TYPE_WRITE, process_watch_write,
+ iface, watch);
+ }
+
+ dbus_watch_set_data(watch, iface, NULL);
+}
+
+
+static void connection_setup_remove_watch(struct ctrl_iface_dbus_priv *iface,
+ DBusWatch *watch)
+{
+ unsigned int flags;
+ int fd;
+
+ flags = dbus_watch_get_flags(watch);
+ fd = dbus_watch_get_unix_fd(watch);
+
+ eloop_unregister_sock(fd, EVENT_TYPE_EXCEPTION);
+
+ if (flags & DBUS_WATCH_READABLE)
+ eloop_unregister_sock(fd, EVENT_TYPE_READ);
+ if (flags & DBUS_WATCH_WRITABLE)
+ eloop_unregister_sock(fd, EVENT_TYPE_WRITE);
+
+ dbus_watch_set_data(watch, NULL, NULL);
+}
+
+
+static dbus_bool_t add_watch(DBusWatch *watch, void *data)
+{
+ connection_setup_add_watch(data, watch);
+ return TRUE;
+}
+
+
+static void remove_watch(DBusWatch *watch, void *data)
+{
+ connection_setup_remove_watch(data, watch);
+}
+
+
+static void watch_toggled(DBusWatch *watch, void *data)
+{
+ if (dbus_watch_get_enabled(watch))
+ add_watch(watch, data);
+ else
+ remove_watch(watch, data);
+}
+
+
+static void process_timeout(void *eloop_ctx, void *sock_ctx)
+{
+ DBusTimeout *timeout = sock_ctx;
+
+ dbus_timeout_handle(timeout);
+}
+
+
+static void connection_setup_add_timeout(struct ctrl_iface_dbus_priv *iface,
+ DBusTimeout *timeout)
+{
+ if (!dbus_timeout_get_enabled(timeout))
+ return;
+
+ eloop_register_timeout(0, dbus_timeout_get_interval(timeout) * 1000,
+ process_timeout, iface, timeout);
+
+ dbus_timeout_set_data(timeout, iface, NULL);
+}
+
+
+static void connection_setup_remove_timeout(struct ctrl_iface_dbus_priv *iface,
+ DBusTimeout *timeout)
+{
+ eloop_cancel_timeout(process_timeout, iface, timeout);
+ dbus_timeout_set_data(timeout, NULL, NULL);
+}
+
+
+static dbus_bool_t add_timeout(DBusTimeout *timeout, void *data)
+{
+ if (!dbus_timeout_get_enabled(timeout))
+ return TRUE;
+
+ connection_setup_add_timeout(data, timeout);
+
+ return TRUE;
+}
+
+
+static void remove_timeout(DBusTimeout *timeout, void *data)
+{
+ connection_setup_remove_timeout(data, timeout);
+}
+
+
+static void timeout_toggled(DBusTimeout *timeout, void *data)
+{
+ if (dbus_timeout_get_enabled(timeout))
+ add_timeout(timeout, data);
+ else
+ remove_timeout(timeout, data);
+}
+
+
+static void process_wakeup_main(int sig, void *eloop_ctx, void *signal_ctx)
+{
+ struct ctrl_iface_dbus_priv *iface = signal_ctx;
+
+ if (sig != SIGPOLL || !iface->con)
+ return;
+
+ if (dbus_connection_get_dispatch_status(iface->con) !=
+ DBUS_DISPATCH_DATA_REMAINS)
+ return;
+
+ /* Only dispatch once - we do not want to starve other events */
+ dbus_connection_ref(iface->con);
+ dbus_connection_dispatch(iface->con);
+ dbus_connection_unref(iface->con);
+}
+
+
+/**
+ * wakeup_main - Attempt to wake our mainloop up
+ * @data: dbus control interface private data
+ *
+ * Try to wake up the main eloop so it will process
+ * dbus events that may have happened.
+ */
+static void wakeup_main(void *data)
+{
+ struct ctrl_iface_dbus_priv *iface = data;
+
+ /* Use SIGPOLL to break out of the eloop select() */
+ raise(SIGPOLL);
+ iface->should_dispatch = 1;
+}
+
+
+/**
+ * connection_setup_wakeup_main - Tell dbus about our wakeup_main function
+ * @iface: dbus control interface private data
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register our wakeup_main handler with dbus
+ */
+static int connection_setup_wakeup_main(struct ctrl_iface_dbus_priv *iface)
+{
+ if (eloop_register_signal(SIGPOLL, process_wakeup_main, iface))
+ return -1;
+
+ dbus_connection_set_wakeup_main_function(iface->con, wakeup_main,
+ iface, NULL);
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_dbus_next_objid - Return next available object id
+ * @iface: dbus control interface private data
+ * Returns: Object id
+ */
+u32 wpa_supplicant_dbus_next_objid (struct ctrl_iface_dbus_priv *iface)
+{
+ return iface->next_objid++;
+}
+
+
+/**
+ * wpas_dbus_decompose_object_path - Decompose an interface object path into parts
+ * @path: The dbus object path
+ * @network: (out) the configured network this object path refers to, if any
+ * @bssid: (out) the scanned bssid this object path refers to, if any
+ * Returns: The object path of the network interface this path refers to
+ *
+ * For a given object path, decomposes the object path into object id, network,
+ * and BSSID parts, if those parts exist.
+ */
+char * wpas_dbus_decompose_object_path(const char *path, char **network,
+ char **bssid)
+{
+ const unsigned int dev_path_prefix_len =
+ strlen(WPAS_DBUS_PATH_INTERFACES "/");
+ char *obj_path_only;
+ char *next_sep;
+
+ /* Be a bit paranoid about path */
+ if (!path || strncmp(path, WPAS_DBUS_PATH_INTERFACES "/",
+ dev_path_prefix_len))
+ return NULL;
+
+ /* Ensure there's something at the end of the path */
+ if ((path + dev_path_prefix_len)[0] == '\0')
+ return NULL;
+
+ obj_path_only = strdup(path);
+ if (obj_path_only == NULL)
+ return NULL;
+
+ next_sep = strchr(obj_path_only + dev_path_prefix_len, '/');
+ if (next_sep != NULL) {
+ const char *net_part = strstr(next_sep,
+ WPAS_DBUS_NETWORKS_PART "/");
+ const char *bssid_part = strstr(next_sep,
+ WPAS_DBUS_BSSIDS_PART "/");
+
+ if (network && net_part) {
+ /* Deal with a request for a configured network */
+ const char *net_name = net_part +
+ strlen(WPAS_DBUS_NETWORKS_PART "/");
+ *network = NULL;
+ if (strlen(net_name))
+ *network = strdup(net_name);
+ } else if (bssid && bssid_part) {
+ /* Deal with a request for a scanned BSSID */
+ const char *bssid_name = bssid_part +
+ strlen(WPAS_DBUS_BSSIDS_PART "/");
+ if (strlen(bssid_name))
+ *bssid = strdup(bssid_name);
+ else
+ *bssid = NULL;
+ }
+
+ /* Cut off interface object path before "/" */
+ *next_sep = '\0';
+ }
+
+ return obj_path_only;
+}
+
+
+/**
+ * wpas_dbus_new_invalid_iface_error - Return a new invalid interface error message
+ * @message: Pointer to incoming dbus message this error refers to
+ * Returns: A dbus error message
+ *
+ * Convenience function to create and return an invalid interface error
+ */
+DBusMessage * wpas_dbus_new_invalid_iface_error(DBusMessage *message)
+{
+ return dbus_message_new_error(message, WPAS_ERROR_INVALID_IFACE,
+ "wpa_supplicant knows nothing about "
+ "this interface.");
+}
+
+
+/**
+ * wpas_dbus_new_invalid_network_error - Return a new invalid network error message
+ * @message: Pointer to incoming dbus message this error refers to
+ * Returns: a dbus error message
+ *
+ * Convenience function to create and return an invalid network error
+ */
+DBusMessage * wpas_dbus_new_invalid_network_error(DBusMessage *message)
+{
+ return dbus_message_new_error(message, WPAS_ERROR_INVALID_NETWORK,
+ "The requested network does not exist.");
+}
+
+
+/**
+ * wpas_dbus_new_invalid_bssid_error - Return a new invalid bssid error message
+ * @message: Pointer to incoming dbus message this error refers to
+ * Returns: a dbus error message
+ *
+ * Convenience function to create and return an invalid bssid error
+ */
+static DBusMessage * wpas_dbus_new_invalid_bssid_error(DBusMessage *message)
+{
+ return dbus_message_new_error(message, WPAS_ERROR_INVALID_BSSID,
+ "The BSSID requested was invalid.");
+}
+
+
+/**
+ * wpas_dispatch_network_method - dispatch messages for configured networks
+ * @message: the incoming dbus message
+ * @wpa_s: a network interface's data
+ * @network_id: id of the configured network we're interested in
+ * Returns: a reply dbus message, or a dbus error message
+ *
+ * This function dispatches all incoming dbus messages for configured networks.
+ */
+static DBusMessage * wpas_dispatch_network_method(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ int network_id)
+{
+ DBusMessage *reply = NULL;
+ const char *method = dbus_message_get_member(message);
+ struct wpa_ssid *ssid;
+
+ ssid = wpa_config_get_network(wpa_s->conf, network_id);
+ if (ssid == NULL)
+ return wpas_dbus_new_invalid_network_error(message);
+
+ if (!strcmp(method, "set"))
+ reply = wpas_dbus_iface_set_network(message, wpa_s, ssid);
+ else if (!strcmp(method, "enable"))
+ reply = wpas_dbus_iface_enable_network(message, wpa_s, ssid);
+ else if (!strcmp(method, "disable"))
+ reply = wpas_dbus_iface_disable_network(message, wpa_s, ssid);
+
+ return reply;
+}
+
+
+/**
+ * wpas_dispatch_bssid_method - dispatch messages for scanned networks
+ * @message: the incoming dbus message
+ * @wpa_s: a network interface's data
+ * @bssid: bssid of the scanned network we're interested in
+ * Returns: a reply dbus message, or a dbus error message
+ *
+ * This function dispatches all incoming dbus messages for scanned networks.
+ */
+static DBusMessage * wpas_dispatch_bssid_method(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ const char *bssid)
+{
+ DBusMessage *reply = NULL;
+ const char *method = dbus_message_get_member(message);
+ struct wpa_scan_result * res = NULL;
+ int i;
+
+ /* Ensure we actually have scan data */
+ if (wpa_s->scan_results == NULL &&
+ wpa_supplicant_get_scan_results(wpa_s) < 0) {
+ reply = wpas_dbus_new_invalid_bssid_error(message);
+ goto out;
+ }
+
+ /* Find the bssid's scan data */
+ for (i = 0; i < wpa_s->num_scan_results; i++) {
+ struct wpa_scan_result * search_res = &wpa_s->scan_results[i];
+ char mac_str[18];
+
+ memset(mac_str, 0, sizeof(mac_str));
+ snprintf(mac_str, sizeof(mac_str) - 1, WPAS_DBUS_BSSID_FORMAT,
+ MAC2STR(search_res->bssid));
+ if (!strcmp(bssid, mac_str)) {
+ res = search_res;
+ }
+ }
+
+ if (!res) {
+ reply = wpas_dbus_new_invalid_bssid_error(message);
+ goto out;
+ }
+
+ /* Dispatch the method call against the scanned bssid */
+ if (!strcmp(method, "properties"))
+ reply = wpas_dbus_bssid_properties(message, wpa_s, res);
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_iface_message_handler - Dispatch messages for interfaces or networks
+ * @connection: Connection to the system message bus
+ * @message: An incoming dbus message
+ * @user_data: A pointer to a dbus control interface data structure
+ * Returns: Whether or not the message was handled
+ *
+ * This function dispatches all incoming dbus messages for network interfaces,
+ * or objects owned by them, such as scanned BSSIDs and configured networks.
+ */
+static DBusHandlerResult wpas_iface_message_handler(DBusConnection *connection,
+ DBusMessage *message,
+ void *user_data)
+{
+ struct wpa_supplicant *wpa_s = user_data;
+ const char *method = dbus_message_get_member(message);
+ const char *path = dbus_message_get_path(message);
+ const char *msg_interface = dbus_message_get_interface(message);
+ char *iface_obj_path = NULL;
+ char *network = NULL;
+ char *bssid = NULL;
+ DBusMessage *reply = NULL;
+
+ /* Caller must specify a message interface */
+ if (!msg_interface)
+ goto out;
+
+ iface_obj_path = wpas_dbus_decompose_object_path(path, &network,
+ &bssid);
+ if (iface_obj_path == NULL) {
+ reply = wpas_dbus_new_invalid_iface_error(message);
+ goto out;
+ }
+
+ /* Make sure the message's object path actually refers to the
+ * wpa_supplicant structure it's supposed to (which is wpa_s)
+ */
+ if (wpa_supplicant_get_iface_by_dbus_path(wpa_s->global,
+ iface_obj_path) != wpa_s) {
+ reply = wpas_dbus_new_invalid_iface_error(message);
+ goto out;
+ }
+
+ if (network && !strcmp(msg_interface, WPAS_DBUS_IFACE_NETWORK)) {
+ /* A method for one of this interface's configured networks */
+ int nid = strtoul(network, NULL, 10);
+ if (errno != EINVAL)
+ reply = wpas_dispatch_network_method(message, wpa_s,
+ nid);
+ else
+ reply = wpas_dbus_new_invalid_network_error(message);
+ } else if (bssid && !strcmp(msg_interface, WPAS_DBUS_IFACE_BSSID)) {
+ /* A method for one of this interface's scanned BSSIDs */
+ reply = wpas_dispatch_bssid_method(message, wpa_s, bssid);
+ } else if (!strcmp(msg_interface, WPAS_DBUS_IFACE_INTERFACE)) {
+ /* A method for an interface only. */
+ if (!strcmp(method, "scan"))
+ reply = wpas_dbus_iface_scan(message, wpa_s);
+ else if (!strcmp(method, "scanResults"))
+ reply = wpas_dbus_iface_scan_results(message, wpa_s);
+ else if (!strcmp(method, "addNetwork"))
+ reply = wpas_dbus_iface_add_network(message, wpa_s);
+ else if (!strcmp(method, "removeNetwork"))
+ reply = wpas_dbus_iface_remove_network(message, wpa_s);
+ else if (!strcmp(method, "selectNetwork"))
+ reply = wpas_dbus_iface_select_network(message, wpa_s);
+ else if (!strcmp(method, "capabilities"))
+ reply = wpas_dbus_iface_capabilities(message, wpa_s);
+ else if (!strcmp(method, "disconnect"))
+ reply = wpas_dbus_iface_disconnect(message, wpa_s);
+ else if (!strcmp(method, "setAPScan"))
+ reply = wpas_dbus_iface_set_ap_scan(message, wpa_s);
+ else if (!strcmp(method, "state"))
+ reply = wpas_dbus_iface_get_state(message, wpa_s);
+ else if (!strcmp(method, "setBlobs"))
+ reply = wpas_dbus_iface_set_blobs(message, wpa_s);
+ else if (!strcmp(method, "removeBlobs"))
+ reply = wpas_dbus_iface_remove_blobs(message, wpa_s);
+ }
+
+ /* If the message was handled, send back the reply */
+ if (reply) {
+ dbus_connection_send(connection, reply, NULL);
+ dbus_message_unref(reply);
+ }
+
+out:
+ free(iface_obj_path);
+ free(network);
+ free(bssid);
+ return reply ? DBUS_HANDLER_RESULT_HANDLED :
+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+}
+
+
+/**
+ * wpas_message_handler - dispatch incoming dbus messages
+ * @connection: connection to the system message bus
+ * @message: an incoming dbus message
+ * @user_data: a pointer to a dbus control interface data structure
+ * Returns: whether or not the message was handled
+ *
+ * This function dispatches all incoming dbus messages to the correct
+ * handlers, depending on what the message's target object path is,
+ * and what the method call is.
+ */
+static DBusHandlerResult wpas_message_handler(DBusConnection *connection,
+ DBusMessage *message, void *user_data)
+{
+ struct ctrl_iface_dbus_priv *ctrl_iface = user_data;
+ const char *method;
+ const char *path;
+ const char *msg_interface;
+ DBusMessage *reply = NULL;
+
+ method = dbus_message_get_member(message);
+ path = dbus_message_get_path(message);
+ msg_interface = dbus_message_get_interface(message);
+ if (!method || !path || !ctrl_iface || !msg_interface)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ /* Validate the method interface */
+ if (strcmp(msg_interface, WPAS_DBUS_INTERFACE) != 0)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ if (!strcmp(path, WPAS_DBUS_PATH)) {
+ /* dispatch methods against our global dbus interface here */
+ if (!strcmp(method, "addInterface")) {
+ reply = wpas_dbus_global_add_interface(
+ message, ctrl_iface->global);
+ } else if (!strcmp(method, "removeInterface")) {
+ reply = wpas_dbus_global_remove_interface(
+ message, ctrl_iface->global);
+ } else if (!strcmp(method, "getInterface")) {
+ reply = wpas_dbus_global_get_interface(
+ message, ctrl_iface->global);
+ }
+ }
+
+ /* If the message was handled, send back the reply */
+ if (reply) {
+ dbus_connection_send(connection, reply, NULL);
+ dbus_message_unref(reply);
+ }
+
+ return reply ? DBUS_HANDLER_RESULT_HANDLED :
+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+}
+
+
+/**
+ * wpa_supplicant_dbus_notify_scan_results - Send a scan results signal
+ * @wpa_s: %wpa_supplicant network interface data
+ * Returns: 0 on success, -1 on failure
+ *
+ * Notify listeners that this interface has updated scan results.
+ */
+void wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_dbus_priv *iface = wpa_s->global->dbus_ctrl_iface;
+ DBusMessage *signal;
+ const char *path;
+
+ /* Do nothing if the control interface is not turned on */
+ if (iface == NULL)
+ return;
+
+ path = wpa_supplicant_get_dbus_path(wpa_s);
+ if (path == NULL) {
+ perror("wpa_supplicant_dbus_notify_scan_results[dbus]: "
+ "interface didn't have a dbus path");
+ wpa_printf(MSG_ERROR,
+ "wpa_supplicant_dbus_notify_scan_results[dbus]: "
+ "interface didn't have a dbus path; can't send "
+ "scan result signal.");
+ return;
+ }
+ signal = dbus_message_new_signal(path, WPAS_DBUS_IFACE_INTERFACE,
+ "ScanResultsAvailable");
+ if (signal == NULL) {
+ perror("wpa_supplicant_dbus_notify_scan_results[dbus]: "
+ "couldn't create dbus signal; likely out of memory");
+ wpa_printf(MSG_ERROR, "dbus control interface: not enough "
+ "memory to send scan results signal.");
+ return;
+ }
+ dbus_connection_send(iface->con, signal, NULL);
+ dbus_message_unref(signal);
+}
+
+
+/**
+ * wpa_supplicant_dbus_notify_state_change - Send a state change signal
+ * @wpa_s: %wpa_supplicant network interface data
+ * @new_state: new state wpa_supplicant is entering
+ * @old_state: old state wpa_supplicant is leaving
+ * Returns: 0 on success, -1 on failure
+ *
+ * Notify listeners that wpa_supplicant has changed state
+ */
+void wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
+ wpa_states new_state,
+ wpa_states old_state)
+{
+ struct ctrl_iface_dbus_priv *iface;
+ DBusMessage *signal = NULL;
+ const char *path;
+ const char *new_state_str, *old_state_str;
+
+ /* Do nothing if the control interface is not turned on */
+ if (wpa_s->global == NULL)
+ return;
+ iface = wpa_s->global->dbus_ctrl_iface;
+ if (iface == NULL)
+ return;
+
+ /* Only send signal if state really changed */
+ if (new_state == old_state)
+ return;
+
+ path = wpa_supplicant_get_dbus_path(wpa_s);
+ if (path == NULL) {
+ perror("wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "interface didn't have a dbus path");
+ wpa_printf(MSG_ERROR,
+ "wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "interface didn't have a dbus path; can't send "
+ "signal.");
+ return;
+ }
+ signal = dbus_message_new_signal(path, WPAS_DBUS_IFACE_INTERFACE,
+ "StateChange");
+ if (signal == NULL) {
+ perror("wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "couldn't create dbus signal; likely out of memory");
+ wpa_printf(MSG_ERROR,
+ "wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "couldn't create dbus signal; likely out of "
+ "memory.");
+ return;
+ }
+
+ new_state_str = wpa_supplicant_state_txt(new_state);
+ old_state_str = wpa_supplicant_state_txt(old_state);
+ if (new_state_str == NULL || old_state_str == NULL) {
+ perror("wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "couldn't convert state strings");
+ wpa_printf(MSG_ERROR,
+ "wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "couldn't convert state strings.");
+ goto out;
+ }
+
+ if (!dbus_message_append_args(signal,
+ DBUS_TYPE_STRING, &new_state_str,
+ DBUS_TYPE_STRING, &old_state_str,
+ DBUS_TYPE_INVALID)) {
+ perror("wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "not enough memory to construct state change signal.");
+ wpa_printf(MSG_ERROR,
+ "wpa_supplicant_dbus_notify_state_change[dbus]: "
+ "not enough memory to construct state change "
+ "signal.");
+ goto out;
+ }
+ dbus_connection_send(iface->con, signal, NULL);
+
+out:
+ dbus_message_unref(signal);
+}
+
+
+/**
+ * integrate_with_eloop - Register our mainloop integration with dbus
+ * @connection: connection to the system message bus
+ * @iface: a dbus control interface data structure
+ * Returns: 0 on success, -1 on failure
+ *
+ * We register our mainloop integration functions with dbus here.
+ */
+static int integrate_with_eloop(DBusConnection *connection,
+ struct ctrl_iface_dbus_priv *iface)
+{
+ if (!dbus_connection_set_watch_functions(connection, add_watch,
+ remove_watch, watch_toggled,
+ iface, NULL)) {
+ perror("dbus_connection_set_watch_functions[dbus]");
+ wpa_printf(MSG_ERROR, "Not enough memory to set up dbus.");
+ return -1;
+ }
+
+ if (!dbus_connection_set_timeout_functions(connection, add_timeout,
+ remove_timeout,
+ timeout_toggled, iface,
+ NULL)) {
+ perror("dbus_connection_set_timeout_functions[dbus]");
+ wpa_printf(MSG_ERROR, "Not enough memory to set up dbus.");
+ return -1;
+ }
+
+ if (connection_setup_wakeup_main(iface) < 0) {
+ perror("connection_setup_wakeup_main[dbus]");
+ wpa_printf(MSG_ERROR, "Could not setup main wakeup function.");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * dispatch_initial_dbus_messages - Dispatch initial dbus messages after
+ * claiming bus name
+ * @eloop_ctx: the DBusConnection to dispatch on
+ * @timeout_ctx: unused
+ *
+ * If clients are quick to notice that wpa_supplicant claimed its bus name,
+ * there may have been messages that came in before initialization was
+ * all finished. Dispatch those here.
+ */
+static void dispatch_initial_dbus_messages(void *eloop_ctx, void *timeout_ctx)
+{
+ DBusConnection *con = eloop_ctx;
+
+ while (dbus_connection_get_dispatch_status(con) ==
+ DBUS_DISPATCH_DATA_REMAINS)
+ dbus_connection_dispatch(con);
+}
+
+
+/**
+ * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * Returns: Pointer to dbus_ctrl_iface date or %NULL on failure
+ *
+ * Initialize the dbus control interface and start receiving commands from
+ * external programs over the bus.
+ */
+struct ctrl_iface_dbus_priv *
+wpa_supplicant_dbus_ctrl_iface_init(struct wpa_global *global)
+{
+ struct ctrl_iface_dbus_priv *iface;
+ DBusError error;
+ int ret = -1;
+ DBusObjectPathVTable wpas_vtable = {
+ NULL, &wpas_message_handler, NULL, NULL, NULL, NULL
+ };
+
+ iface = wpa_zalloc(sizeof(struct ctrl_iface_dbus_priv));
+ if (iface == NULL)
+ return NULL;
+
+ iface->global = global;
+
+ /* Get a reference to the system bus */
+ dbus_error_init(&error);
+ iface->con = dbus_bus_get(DBUS_BUS_SYSTEM, &error);
+ dbus_error_free(&error);
+ if (!iface->con) {
+ perror("dbus_bus_get[ctrl_iface_dbus]");
+ wpa_printf(MSG_ERROR, "Could not acquire the system bus.");
+ goto fail;
+ }
+
+ /* Tell dbus about our mainloop integration functions */
+ if (integrate_with_eloop(iface->con, iface))
+ goto fail;
+
+ /* Register the message handler for the global dbus interface */
+ if (!dbus_connection_register_object_path(iface->con,
+ WPAS_DBUS_PATH, &wpas_vtable,
+ iface)) {
+ perror("dbus_connection_register_object_path[dbus]");
+ wpa_printf(MSG_ERROR, "Could not set up DBus message "
+ "handler.");
+ goto fail;
+ }
+
+ /* Register our service with the message bus */
+ dbus_error_init(&error);
+ switch (dbus_bus_request_name(iface->con, WPAS_DBUS_SERVICE,
+ 0, &error)) {
+ case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
+ ret = 0;
+ break;
+ case DBUS_REQUEST_NAME_REPLY_EXISTS:
+ case DBUS_REQUEST_NAME_REPLY_IN_QUEUE:
+ case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
+ perror("dbus_bus_request_name[dbus]");
+ wpa_printf(MSG_ERROR, "Could not request DBus service name: "
+ "already registered.");
+ break;
+ default:
+ perror("dbus_bus_request_name[dbus]");
+ wpa_printf(MSG_ERROR, "Could not request DBus service name: "
+ "%s %s.", error.name, error.message);
+ break;
+ }
+ dbus_error_free(&error);
+
+ if (ret != 0)
+ goto fail;
+
+ wpa_printf(MSG_DEBUG, "Providing DBus service '" WPAS_DBUS_SERVICE
+ "'.");
+
+ /*
+ * Dispatch initial DBus messages that may have come in since the bus
+ * name was claimed above. Happens when clients are quick to notice the
+ * wpa_supplicant service.
+ *
+ * FIXME: is there a better solution to this problem?
+ */
+ eloop_register_timeout(0, 50, dispatch_initial_dbus_messages,
+ iface->con, NULL);
+
+ return iface;
+
+fail:
+ wpa_supplicant_dbus_ctrl_iface_deinit(iface);
+ return NULL;
+}
+
+
+/**
+ * wpa_supplicant_dbus_ctrl_iface_deinit - Deinitialize dbus ctrl interface
+ * @iface: Pointer to dbus private data from
+ * wpa_supplicant_dbus_ctrl_iface_init()
+ *
+ * Deinitialize the dbus control interface that was initialized with
+ * wpa_supplicant_dbus_ctrl_iface_init().
+ */
+void wpa_supplicant_dbus_ctrl_iface_deinit(struct ctrl_iface_dbus_priv *iface)
+{
+ if (iface == NULL)
+ return;
+
+ if (iface->con) {
+ eloop_cancel_timeout(dispatch_initial_dbus_messages,
+ iface->con, NULL);
+ dbus_connection_set_watch_functions(iface->con, NULL, NULL,
+ NULL, NULL, NULL);
+ dbus_connection_set_timeout_functions(iface->con, NULL, NULL,
+ NULL, NULL, NULL);
+ dbus_connection_unref(iface->con);
+ }
+
+ memset(iface, 0, sizeof(struct ctrl_iface_dbus_priv));
+ free(iface);
+}
+
+
+/**
+ * wpas_dbus_register_new_iface - Register a new interface with dbus
+ * @global: Global %wpa_supplicant data
+ * @wpa_s: %wpa_supplicant interface description structure to register
+ * Returns: 0 on success, -1 on error
+ *
+ * Registers a new interface with dbus and assigns it a dbus object path.
+ */
+int wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_dbus_priv *ctrl_iface =
+ wpa_s->global->dbus_ctrl_iface;
+ DBusConnection * con;
+ u32 next;
+ DBusObjectPathVTable vtable = {
+ NULL, &wpas_iface_message_handler, NULL, NULL, NULL, NULL
+ };
+ char *path;
+ int ret = -1;
+
+ /* Do nothing if the control interface is not turned on */
+ if (ctrl_iface == NULL)
+ return 0;
+
+ con = ctrl_iface->con;
+ next = wpa_supplicant_dbus_next_objid(ctrl_iface);
+
+ /* Create and set the interface's object path */
+ path = wpa_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
+ if (path == NULL)
+ return -1;
+ snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
+ WPAS_DBUS_PATH_INTERFACES "/%u",
+ next);
+ if (wpa_supplicant_set_dbus_path(wpa_s, path)) {
+ wpa_printf(MSG_DEBUG,
+ "Failed to set dbus path for interface %s",
+ wpa_s->ifname);
+ goto out;
+ }
+
+ /* Register the message handler for the interface functions */
+ if (!dbus_connection_register_fallback(con, path, &vtable, wpa_s)) {
+ perror("wpas_dbus_register_iface [dbus]");
+ wpa_printf(MSG_ERROR, "Could not set up DBus message "
+ "handler for interface %s.", wpa_s->ifname);
+ goto out;
+ }
+ ret = 0;
+
+out:
+ free(path);
+ return ret;
+}
+
+
+/**
+ * wpas_dbus_unregister_iface - Unregister an interface from dbus
+ * @wpa_s: wpa_supplicant interface structure
+ * Returns: 0 on success, -1 on failure
+ *
+ * Unregisters the interface with dbus
+ */
+int wpas_dbus_unregister_iface(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_dbus_priv *ctrl_iface;
+ DBusConnection *con;
+ const char *path;
+
+ /* Do nothing if the control interface is not turned on */
+ if (wpa_s == NULL || wpa_s->global == NULL)
+ return 0;
+ ctrl_iface = wpa_s->global->dbus_ctrl_iface;
+ if (ctrl_iface == NULL)
+ return 0;
+
+ con = ctrl_iface->con;
+ path = wpa_supplicant_get_dbus_path(wpa_s);
+
+ if (!dbus_connection_unregister_object_path(con, path))
+ return -1;
+
+ free(wpa_s->dbus_path);
+ wpa_s->dbus_path = NULL;
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_get_iface_by_dbus_path - Get a new network interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * @path: Pointer to a dbus object path representing an interface
+ * Returns: Pointer to the interface or %NULL if not found
+ */
+struct wpa_supplicant * wpa_supplicant_get_iface_by_dbus_path(
+ struct wpa_global *global, const char *path)
+{
+ struct wpa_supplicant *wpa_s;
+
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (strcmp(wpa_s->dbus_path, path) == 0)
+ return wpa_s;
+ }
+ return NULL;
+}
+
+
+/**
+ * wpa_supplicant_set_dbus_path - Assign a dbus path to an interface
+ * @wpa_s: wpa_supplicant interface structure
+ * @path: dbus path to set on the interface
+ * Returns: 0 on succes, -1 on error
+ */
+int wpa_supplicant_set_dbus_path(struct wpa_supplicant *wpa_s,
+ const char *path)
+{
+ u32 len = strlen (path);
+ if (len >= WPAS_DBUS_OBJECT_PATH_MAX)
+ return -1;
+ if (wpa_s->dbus_path)
+ return -1;
+ wpa_s->dbus_path = strdup(path);
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_get_dbus_path - Get an interface's dbus path
+ * @wpa_s: %wpa_supplicant interface structure
+ * Returns: Interface's dbus object path, or %NULL on error
+ */
+const char * wpa_supplicant_get_dbus_path(struct wpa_supplicant *wpa_s)
+{
+ return wpa_s->dbus_path;
+}
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CTRL_IFACE_DBUS_H
+#define CTRL_IFACE_DBUS_H
+
+#ifdef CONFIG_CTRL_IFACE_DBUS
+
+#ifndef SIGPOLL
+#ifdef SIGIO
+/*
+ * If we do not have SIGPOLL, try to use SIGIO instead. This is needed for
+ * FreeBSD.
+ */
+#define SIGPOLL SIGIO
+#endif
+#endif
+
+#include <dbus/dbus.h>
+
+#define WPAS_DBUS_OBJECT_PATH_MAX 150
+
+#define WPAS_DBUS_SERVICE "fi.epitest.hostap.WPASupplicant"
+#define WPAS_DBUS_PATH "/fi/epitest/hostap/WPASupplicant"
+#define WPAS_DBUS_INTERFACE "fi.epitest.hostap.WPASupplicant"
+
+#define WPAS_DBUS_PATH_INTERFACES WPAS_DBUS_PATH "/Interfaces"
+#define WPAS_DBUS_IFACE_INTERFACE WPAS_DBUS_INTERFACE ".Interface"
+
+#define WPAS_DBUS_NETWORKS_PART "Networks"
+#define WPAS_DBUS_IFACE_NETWORK WPAS_DBUS_INTERFACE ".Network"
+
+#define WPAS_DBUS_BSSIDS_PART "BSSIDs"
+#define WPAS_DBUS_IFACE_BSSID WPAS_DBUS_INTERFACE ".BSSID"
+
+
+/* Errors */
+#define WPAS_ERROR_INVALID_NETWORK \
+ WPAS_DBUS_IFACE_INTERFACE ".InvalidNetwork"
+#define WPAS_ERROR_INVALID_BSSID \
+ WPAS_DBUS_IFACE_INTERFACE ".InvalidBSSID"
+
+#define WPAS_ERROR_INVALID_OPTS \
+ WPAS_DBUS_INTERFACE ".InvalidOptions"
+#define WPAS_ERROR_INVALID_IFACE \
+ WPAS_DBUS_INTERFACE ".InvalidInterface"
+
+#define WPAS_ERROR_ADD_ERROR \
+ WPAS_DBUS_INTERFACE ".AddError"
+#define WPAS_ERROR_EXISTS_ERROR \
+ WPAS_DBUS_INTERFACE ".ExistsError"
+#define WPAS_ERROR_REMOVE_ERROR \
+ WPAS_DBUS_INTERFACE ".RemoveError"
+
+#define WPAS_ERROR_SCAN_ERROR \
+ WPAS_DBUS_IFACE_INTERFACE ".ScanError"
+#define WPAS_ERROR_ADD_NETWORK_ERROR \
+ WPAS_DBUS_IFACE_INTERFACE ".AddNetworkError"
+#define WPAS_ERROR_INTERNAL_ERROR \
+ WPAS_DBUS_IFACE_INTERFACE ".InternalError"
+#define WPAS_ERROR_REMOVE_NETWORK_ERROR \
+ WPAS_DBUS_IFACE_INTERFACE ".RemoveNetworkError"
+
+#define WPAS_DBUS_BSSID_FORMAT "%02x%02x%02x%02x%02x%02x"
+
+struct wpa_global;
+struct wpa_supplicant;
+
+struct ctrl_iface_dbus_priv *
+wpa_supplicant_dbus_ctrl_iface_init(struct wpa_global *global);
+void wpa_supplicant_dbus_ctrl_iface_deinit(struct ctrl_iface_dbus_priv *iface);
+void wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
+ wpa_states new_state,
+ wpa_states old_state);
+
+char * wpas_dbus_decompose_object_path(const char *path, char **network,
+ char **bssid);
+
+int wpas_dbus_register_iface(struct wpa_supplicant *wpa_s);
+int wpas_dbus_unregister_iface(struct wpa_supplicant *wpa_s);
+
+
+/* Methods internal to the dbus control interface */
+u32 wpa_supplicant_dbus_next_objid(struct ctrl_iface_dbus_priv *iface);
+
+int wpa_supplicant_set_dbus_path(struct wpa_supplicant *wpa_s,
+ const char *path);
+const char *wpa_supplicant_get_dbus_path(struct wpa_supplicant *wpa_s);
+struct wpa_supplicant * wpa_supplicant_get_iface_by_dbus_path(
+ struct wpa_global *global, const char *path);
+
+DBusMessage * wpas_dbus_new_invalid_iface_error(DBusMessage *message);
+DBusMessage * wpas_dbus_new_invalid_network_error(DBusMessage *message);
+
+#else /* CONFIG_CTRL_IFACE_DBUS */
+
+static inline struct ctrl_iface_dbus_priv *
+wpa_supplicant_dbus_ctrl_iface_init(struct wpa_global *global)
+{
+ return (struct ctrl_iface_dbus_priv *) 1;
+}
+
+static inline void
+wpa_supplicant_dbus_ctrl_iface_deinit(struct ctrl_iface_dbus_priv *iface)
+{
+}
+
+static inline void
+wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void
+wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
+ wpa_states new_state,
+ wpa_states old_state)
+{
+}
+
+static inline int
+wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
+{
+ return 0;
+}
+
+static inline int
+wpas_dbus_unregister_iface(struct wpa_supplicant *wpa_s)
+{
+ return 0;
+}
+
+#endif /* CONFIG_CTRL_IFACE_DBUS */
+
+#endif /* CTRL_IFACE_DBUS_H */
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include <dbus/dbus.h>
+
+#include "common.h"
+#include "config.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface_dbus.h"
+#include "ctrl_iface_dbus_handlers.h"
+#include "l2_packet.h"
+#include "eap_methods.h"
+#include "dbus_dict_helpers.h"
+#include "wpa.h"
+
+
+/**
+ * wpas_dbus_new_invalid_opts_error - Return a new invalid options error message
+ * @message: Pointer to incoming dbus message this error refers to
+ * Returns: a dbus error message
+ *
+ * Convenience function to create and return an invalid options error
+ */
+static DBusMessage * wpas_dbus_new_invalid_opts_error(DBusMessage *message,
+ const char *arg)
+{
+ DBusMessage *reply;
+
+ reply = dbus_message_new_error(message, WPAS_ERROR_INVALID_OPTS,
+ "Did not receive correct message "
+ "arguments.");
+ if (arg != NULL)
+ dbus_message_append_args(reply, DBUS_TYPE_STRING, &arg,
+ DBUS_TYPE_INVALID);
+
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_new_success_reply - Return a new success reply message
+ * @message: Pointer to incoming dbus message this reply refers to
+ * Returns: a dbus message containing a single UINT32 that indicates
+ * success (ie, a value of 1)
+ *
+ * Convenience function to create and return a success reply message
+ */
+static DBusMessage * wpas_dbus_new_success_reply(DBusMessage *message)
+{
+ DBusMessage *reply;
+ unsigned int success = 1;
+
+ reply = dbus_message_new_method_return(message);
+ dbus_message_append_args(reply, DBUS_TYPE_UINT32, &success,
+ DBUS_TYPE_INVALID);
+ return reply;
+}
+
+
+static void wpas_dbus_free_wpa_interface(struct wpa_interface *iface)
+{
+ free((char *) iface->driver);
+ free((char *) iface->driver_param);
+ free((char *) iface->confname);
+ free((char *) iface->bridge_ifname);
+}
+
+
+/**
+ * wpas_dbus_global_add_interface - Request registration of a network interface
+ * @message: Pointer to incoming dbus message
+ * @global: %wpa_supplicant global data structure
+ * Returns: The object path of the new interface object,
+ * or a dbus error message with more information
+ *
+ * Handler function for "addInterface" method call. Handles requests
+ * by dbus clients to register a network interface that wpa_supplicant
+ * will manage.
+ */
+DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,
+ struct wpa_global *global)
+{
+ struct wpa_interface iface;
+ char *ifname = NULL;
+ DBusMessage *reply = NULL;
+ DBusMessageIter iter;
+
+ memset(&iface, 0, sizeof(iface));
+
+ dbus_message_iter_init(message, &iter);
+
+ /* First argument: interface name (DBUS_TYPE_STRING)
+ * Required; must be non-zero length
+ */
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
+ goto error;
+ dbus_message_iter_get_basic(&iter, &ifname);
+ if (!strlen(ifname))
+ goto error;
+ iface.ifname = ifname;
+
+ /* Second argument: dict of options */
+ if (dbus_message_iter_next(&iter)) {
+ DBusMessageIter iter_dict;
+ struct wpa_dbus_dict_entry entry;
+
+ if (!wpa_dbus_dict_open_read(&iter, &iter_dict))
+ goto error;
+ while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
+ if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
+ goto error;
+ if (!strcmp(entry.key, "driver") &&
+ (entry.type == DBUS_TYPE_STRING)) {
+ iface.driver = strdup(entry.str_value);
+ if (iface.driver == NULL)
+ goto error;
+ } else if (!strcmp(entry.key, "driver-params") &&
+ (entry.type == DBUS_TYPE_STRING)) {
+ iface.driver_param = strdup(entry.str_value);
+ if (iface.driver_param == NULL)
+ goto error;
+ } else if (!strcmp(entry.key, "config-file") &&
+ (entry.type == DBUS_TYPE_STRING)) {
+ iface.confname = strdup(entry.str_value);
+ if (iface.confname == NULL)
+ goto error;
+ } else if (!strcmp(entry.key, "bridge-ifname") &&
+ (entry.type == DBUS_TYPE_STRING)) {
+ iface.bridge_ifname = strdup(entry.str_value);
+ if (iface.bridge_ifname == NULL)
+ goto error;
+ } else {
+ wpa_dbus_dict_entry_clear(&entry);
+ goto error;
+ }
+ wpa_dbus_dict_entry_clear(&entry);
+ }
+ }
+
+ /*
+ * Try to get the wpa_supplicant record for this iface, return
+ * an error if we already control it.
+ */
+ if (wpa_supplicant_get_iface(global, iface.ifname) != 0) {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_EXISTS_ERROR,
+ "wpa_supplicant already "
+ "controls this interface.");
+ } else {
+ struct wpa_supplicant *wpa_s;
+ /* Otherwise, have wpa_supplicant attach to it. */
+ if ((wpa_s = wpa_supplicant_add_iface(global, &iface))) {
+ const char *path = wpa_supplicant_get_dbus_path(wpa_s);
+ reply = dbus_message_new_method_return(message);
+ dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH,
+ &path, DBUS_TYPE_INVALID);
+ } else {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_ADD_ERROR,
+ "wpa_supplicant "
+ "couldn't grab this "
+ "interface.");
+ }
+ }
+ wpas_dbus_free_wpa_interface(&iface);
+ return reply;
+
+error:
+ wpas_dbus_free_wpa_interface(&iface);
+ return wpas_dbus_new_invalid_opts_error(message, NULL);
+}
+
+
+/**
+ * wpas_dbus_global_remove_interface - Request deregistration of an interface
+ * @message: Pointer to incoming dbus message
+ * @global: wpa_supplicant global data structure
+ * Returns: a dbus message containing a UINT32 indicating success (1) or
+ * failure (0), or returns a dbus error message with more information
+ *
+ * Handler function for "removeInterface" method call. Handles requests
+ * by dbus clients to deregister a network interface that wpa_supplicant
+ * currently manages.
+ */
+DBusMessage * wpas_dbus_global_remove_interface(DBusMessage *message,
+ struct wpa_global *global)
+{
+ struct wpa_supplicant *wpa_s;
+ char *path;
+ DBusMessage *reply = NULL;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_OBJECT_PATH, &path,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ wpa_s = wpa_supplicant_get_iface_by_dbus_path(global, path);
+ if (wpa_s == NULL) {
+ reply = wpas_dbus_new_invalid_iface_error(message);
+ goto out;
+ }
+
+ if (!wpa_supplicant_remove_iface(global, wpa_s)) {
+ reply = wpas_dbus_new_success_reply(message);
+ } else {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_REMOVE_ERROR,
+ "wpa_supplicant couldn't "
+ "remove this interface.");
+ }
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_global_get_interface - Get the object path for an interface name
+ * @message: Pointer to incoming dbus message
+ * @global: %wpa_supplicant global data structure
+ * Returns: The object path of the interface object,
+ * or a dbus error message with more information
+ *
+ * Handler function for "getInterface" method call. Handles requests
+ * by dbus clients for the object path of an specific network interface.
+ */
+DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,
+ struct wpa_global *global)
+{
+ DBusMessage *reply = NULL;
+ const char *ifname;
+ const char *path;
+ struct wpa_supplicant *wpa_s;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_STRING, &ifname,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ wpa_s = wpa_supplicant_get_iface(global, ifname);
+ if (wpa_s == NULL) {
+ reply = wpas_dbus_new_invalid_iface_error(message);
+ goto out;
+ }
+
+ path = wpa_supplicant_get_dbus_path(wpa_s);
+ if (path == NULL) {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_INTERNAL_ERROR,
+ "an internal error occurred "
+ "getting the interface.");
+ goto out;
+ }
+
+ reply = dbus_message_new_method_return(message);
+ dbus_message_append_args(reply,
+ DBUS_TYPE_OBJECT_PATH, &path,
+ DBUS_TYPE_INVALID);
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_scan - Request a wireless scan on an interface
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: a dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "scan" method call of a network device. Requests
+ * that wpa_supplicant perform a wireless scan as soon as possible
+ * on a particular wireless interface.
+ */
+DBusMessage * wpas_dbus_iface_scan(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ wpa_s->scan_req = 2;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ return wpas_dbus_new_success_reply(message);
+}
+
+
+/**
+ * wpas_dbus_iface_scan_results - Get the results of a recent scan request
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: a dbus message containing a dbus array of objects paths, or returns
+ * a dbus error message if not scan results could be found
+ *
+ * Handler function for "scanResults" method call of a network device. Returns
+ * a dbus message containing the object paths of wireless networks found.
+ */
+DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ DBusMessageIter iter;
+ DBusMessageIter sub_iter;
+ int i;
+
+ /* Ensure we've actually got scan results to return */
+ if (wpa_s->scan_results == NULL &&
+ wpa_supplicant_get_scan_results(wpa_s) < 0) {
+ reply = dbus_message_new_error(message, WPAS_ERROR_SCAN_ERROR,
+ "An error ocurred getting scan "
+ "results.");
+ goto out;
+ }
+
+ /* Create and initialize the return message */
+ reply = dbus_message_new_method_return(message);
+ dbus_message_iter_init_append(reply, &iter);
+ dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY,
+ DBUS_TYPE_OBJECT_PATH_AS_STRING,
+ &sub_iter);
+
+ /* Loop through scan results and append each result's object path */
+ for (i = 0; i < wpa_s->num_scan_results; i++) {
+ struct wpa_scan_result *res = &wpa_s->scan_results[i];
+ char *path;
+
+ path = wpa_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
+ if (path == NULL) {
+ perror("wpas_dbus_iface_scan_results[dbus]: out of "
+ "memory.");
+ wpa_printf(MSG_ERROR, "dbus control interface: not "
+ "enough memory to send scan results "
+ "signal.");
+ break;
+ }
+ /* Construct the object path for this network. Note that ':'
+ * is not a valid character in dbus object paths.
+ */
+ snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
+ "%s/" WPAS_DBUS_BSSIDS_PART "/"
+ WPAS_DBUS_BSSID_FORMAT,
+ wpa_supplicant_get_dbus_path(wpa_s),
+ MAC2STR(res->bssid));
+ dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_OBJECT_PATH, &path);
+ free(path);
+ }
+
+ dbus_message_iter_close_container(&iter, &sub_iter);
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_bssid_properties - Return the properties of a scanned network
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * @res: wpa_supplicant scan result for which to get properties
+ * Returns: a dbus message containing the properties for the requested network
+ *
+ * Handler function for "properties" method call of a scanned network.
+ * Returns a dbus message containing the the properties.
+ */
+DBusMessage * wpas_dbus_bssid_properties(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *res)
+{
+ DBusMessage *reply = NULL;
+ char *bssid_data, *ssid_data, *wpa_ie_data, *rsn_ie_data;
+ DBusMessageIter iter, iter_dict;
+
+ /* dbus needs the address of a pointer to the actual value
+ * for array types, not the address of the value itself.
+ */
+ bssid_data = (char *) &res->bssid;
+ ssid_data = (char *) &res->ssid;
+ wpa_ie_data = (char *) &res->wpa_ie;
+ rsn_ie_data = (char *) &res->rsn_ie;
+
+ /* Dump the properties into a dbus message */
+ reply = dbus_message_new_method_return(message);
+
+ dbus_message_iter_init_append(reply, &iter);
+ if (!wpa_dbus_dict_open_write(&iter, &iter_dict))
+ goto error;
+
+ if (!wpa_dbus_dict_append_byte_array(&iter_dict, "bssid",
+ bssid_data, ETH_ALEN))
+ goto error;
+ if (!wpa_dbus_dict_append_byte_array(&iter_dict, "ssid",
+ ssid_data, res->ssid_len))
+ goto error;
+ if (res->wpa_ie_len) {
+ if (!wpa_dbus_dict_append_byte_array(&iter_dict, "wpaie",
+ wpa_ie_data,
+ res->wpa_ie_len)) {
+ goto error;
+ }
+ }
+ if (res->rsn_ie_len) {
+ if (!wpa_dbus_dict_append_byte_array(&iter_dict, "rsnie",
+ rsn_ie_data,
+ res->rsn_ie_len)) {
+ goto error;
+ }
+ }
+ if (res->freq) {
+ if (!wpa_dbus_dict_append_int32(&iter_dict, "frequency",
+ res->freq))
+ goto error;
+ }
+ if (!wpa_dbus_dict_append_uint16(&iter_dict, "capabilities",
+ res->caps))
+ goto error;
+ if (!wpa_dbus_dict_append_int32(&iter_dict, "quality", res->qual))
+ goto error;
+ if (!wpa_dbus_dict_append_int32(&iter_dict, "noise", res->noise))
+ goto error;
+ if (!wpa_dbus_dict_append_int32(&iter_dict, "level", res->level))
+ goto error;
+ if (!wpa_dbus_dict_append_int32(&iter_dict, "maxrate", res->maxrate))
+ goto error;
+
+ if (!wpa_dbus_dict_close_write(&iter, &iter_dict))
+ goto error;
+
+ return reply;
+
+error:
+ if (reply)
+ dbus_message_unref(reply);
+ return dbus_message_new_error(message, WPAS_ERROR_INTERNAL_ERROR,
+ "an internal error occurred returning "
+ "BSSID properties.");
+}
+
+
+/**
+ * wpas_dbus_iface_capabilities - Return interface capabilities
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a dict of strings
+ *
+ * Handler function for "capabilities" method call of an interface.
+ */
+DBusMessage * wpas_dbus_iface_capabilities(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ struct wpa_driver_capa capa;
+ int res;
+ DBusMessageIter iter, iter_dict;
+ char **eap_methods;
+ size_t num_items;
+ dbus_bool_t strict = FALSE;
+ DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_BOOLEAN, &strict,
+ DBUS_TYPE_INVALID))
+ strict = FALSE;
+
+ reply = dbus_message_new_method_return(message);
+
+ dbus_message_iter_init_append(reply, &iter);
+ if (!wpa_dbus_dict_open_write(&iter, &iter_dict))
+ goto error;
+
+ /* EAP methods */
+ eap_methods = eap_get_names_as_string_array(&num_items);
+ if (eap_methods) {
+ dbus_bool_t success = FALSE;
+ size_t i = 0;
+
+ success = wpa_dbus_dict_append_string_array(
+ &iter_dict, "eap", (const char **) eap_methods,
+ num_items);
+
+ /* free returned method array */
+ while (eap_methods[i])
+ free(eap_methods[i++]);
+ free(eap_methods);
+
+ if (!success)
+ goto error;
+ }
+
+ res = wpa_drv_get_capa(wpa_s, &capa);
+
+ /***** pairwise cipher */
+ if (res < 0) {
+ if (!strict) {
+ const char *args[] = {"CCMP", "TKIP", "NONE"};
+ if (!wpa_dbus_dict_append_string_array(
+ &iter_dict, "pairwise", args,
+ sizeof(args) / sizeof(char*)))
+ goto error;
+ }
+ } else {
+ if (!wpa_dbus_dict_begin_string_array(&iter_dict, "pairwise",
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "CCMP"))
+ goto error;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "TKIP"))
+ goto error;
+ }
+
+ if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "NONE"))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(&iter_dict,
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+ }
+
+ /***** group cipher */
+ if (res < 0) {
+ if (!strict) {
+ const char *args[] = {
+ "CCMP", "TKIP", "WEP104", "WEP40"
+ };
+ if (!wpa_dbus_dict_append_string_array(
+ &iter_dict, "group", args,
+ sizeof(args) / sizeof(char*)))
+ goto error;
+ }
+ } else {
+ if (!wpa_dbus_dict_begin_string_array(&iter_dict, "group",
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "CCMP"))
+ goto error;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "TKIP"))
+ goto error;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WEP104"))
+ goto error;
+ }
+
+ if (capa.enc & WPA_DRIVER_CAPA_ENC_WEP40) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WEP40"))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(&iter_dict,
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+ }
+
+ /***** key management */
+ if (res < 0) {
+ if (!strict) {
+ const char *args[] = {
+ "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE",
+ "NONE"
+ };
+ if (!wpa_dbus_dict_append_string_array(
+ &iter_dict, "key_mgmt", args,
+ sizeof(args) / sizeof(char*)))
+ goto error;
+ }
+ } else {
+ if (!wpa_dbus_dict_begin_string_array(&iter_dict, "key_mgmt",
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+
+ if (!wpa_dbus_dict_string_array_add_element(&iter_array,
+ "NONE"))
+ goto error;
+
+ if (!wpa_dbus_dict_string_array_add_element(&iter_array,
+ "IEEE8021X"))
+ goto error;
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WPA-EAP"))
+ goto error;
+ }
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WPA-PSK"))
+ goto error;
+ }
+
+ if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WPA-NONE"))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(&iter_dict,
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+ }
+
+ /***** WPA protocol */
+ if (res < 0) {
+ if (!strict) {
+ const char *args[] = { "RSN", "WPA" };
+ if (!wpa_dbus_dict_append_string_array(
+ &iter_dict, "proto", args,
+ sizeof(args) / sizeof(char*)))
+ goto error;
+ }
+ } else {
+ if (!wpa_dbus_dict_begin_string_array(&iter_dict, "proto",
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "RSN"))
+ goto error;
+ }
+
+ if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "WPA"))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(&iter_dict,
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+ }
+
+ /***** auth alg */
+ if (res < 0) {
+ if (!strict) {
+ const char *args[] = { "OPEN", "SHARED", "LEAP" };
+ if (!wpa_dbus_dict_append_string_array(
+ &iter_dict, "auth_alg", args,
+ sizeof(args) / sizeof(char*)))
+ goto error;
+ }
+ } else {
+ if (!wpa_dbus_dict_begin_string_array(&iter_dict, "auth_alg",
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+
+ if (capa.auth & (WPA_DRIVER_AUTH_OPEN)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "OPEN"))
+ goto error;
+ }
+
+ if (capa.auth & (WPA_DRIVER_AUTH_SHARED)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "SHARED"))
+ goto error;
+ }
+
+ if (capa.auth & (WPA_DRIVER_AUTH_LEAP)) {
+ if (!wpa_dbus_dict_string_array_add_element(
+ &iter_array, "LEAP"))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(&iter_dict,
+ &iter_dict_entry,
+ &iter_dict_val,
+ &iter_array))
+ goto error;
+ }
+
+ if (!wpa_dbus_dict_close_write(&iter, &iter_dict))
+ goto error;
+
+ return reply;
+
+error:
+ if (reply)
+ dbus_message_unref(reply);
+ return dbus_message_new_error(message, WPAS_ERROR_INTERNAL_ERROR,
+ "an internal error occurred returning "
+ "interface capabilities.");
+}
+
+
+/**
+ * wpas_dbus_iface_add_network - Add a new configured network
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing the object path of the new network
+ *
+ * Handler function for "addNetwork" method call of a network interface.
+ */
+DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ struct wpa_ssid *ssid;
+ char *path = NULL;
+
+ path = wpa_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
+ if (path == NULL) {
+ perror("wpas_dbus_iface_scan_results[dbus]: out of "
+ "memory.");
+ wpa_printf(MSG_ERROR, "dbus control interface: not "
+ "enough memory to send scan results "
+ "signal.");
+ goto out;
+ }
+
+ ssid = wpa_config_add_network(wpa_s->conf);
+ if (ssid == NULL) {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_ADD_NETWORK_ERROR,
+ "wpa_supplicant could not add "
+ "a network on this interface.");
+ goto out;
+ }
+ ssid->disabled = 1;
+ wpa_config_set_network_defaults(ssid);
+
+ /* Construct the object path for this network. */
+ snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
+ "%s/" WPAS_DBUS_NETWORKS_PART "/%d",
+ wpa_supplicant_get_dbus_path(wpa_s),
+ ssid->id);
+
+ reply = dbus_message_new_method_return(message);
+ dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH,
+ &path, DBUS_TYPE_INVALID);
+
+out:
+ free(path);
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_remove_network - Remove a configured network
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "removeNetwork" method call of a network interface.
+ */
+DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ const char *op;
+ char *iface = NULL, *net_id = NULL;
+ int id;
+ struct wpa_ssid *ssid;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_OBJECT_PATH, &op,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ /* Extract the network ID */
+ iface = wpas_dbus_decompose_object_path(op, &net_id, NULL);
+ if (iface == NULL) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+ /* Ensure the network is actually a child of this interface */
+ if (strcmp(iface, wpa_supplicant_get_dbus_path(wpa_s)) != 0) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+
+ id = strtoul(net_id, NULL, 10);
+ ssid = wpa_config_get_network(wpa_s->conf, id);
+ if (ssid == NULL) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+
+ if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
+ reply = dbus_message_new_error(message,
+ WPAS_ERROR_REMOVE_NETWORK_ERROR,
+ "error removing the specified "
+ "on this interface.");
+ goto out;
+ }
+
+ if (ssid == wpa_s->current_ssid)
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ reply = wpas_dbus_new_success_reply(message);
+
+out:
+ free(iface);
+ free(net_id);
+ return reply;
+}
+
+
+static const char *dont_quote[] = {
+ "key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap",
+ "opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path",
+ "bssid", NULL
+};
+
+static dbus_bool_t should_quote_opt(const char *key)
+{
+ int i = 0;
+ while (dont_quote[i] != NULL) {
+ if (strcmp(key, dont_quote[i]) == 0)
+ return FALSE;
+ i++;
+ }
+ return TRUE;
+}
+
+/**
+ * wpas_dbus_iface_set_network - Set options for a configured network
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * @ssid: wpa_ssid structure for a configured network
+ * Returns: a dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "set" method call of a configured network.
+ */
+DBusMessage * wpas_dbus_iface_set_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ DBusMessage *reply = NULL;
+ struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
+ DBusMessageIter iter, iter_dict;
+
+ dbus_message_iter_init(message, &iter);
+
+ if (!wpa_dbus_dict_open_read(&iter, &iter_dict)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
+ char *value = NULL;
+ size_t size = 50;
+ int ret;
+
+ if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) {
+ reply = wpas_dbus_new_invalid_opts_error(message,
+ NULL);
+ goto out;
+ }
+
+ /* Type conversions, since wpa_supplicant wants strings */
+ if (entry.type == DBUS_TYPE_ARRAY &&
+ entry.array_type == DBUS_TYPE_BYTE) {
+ if (entry.array_len <= 0)
+ goto error;
+
+ size = entry.array_len * 2 + 1;
+ value = wpa_zalloc(size);
+ if (value == NULL)
+ goto error;
+ ret = wpa_snprintf_hex(value, size,
+ (u8 *) entry.bytearray_value,
+ entry.array_len);
+ if (ret <= 0)
+ goto error;
+ } else if (entry.type == DBUS_TYPE_STRING) {
+ if (should_quote_opt(entry.key)) {
+ size = strlen(entry.str_value);
+ /* Zero-length option check */
+ if (size <= 0)
+ goto error;
+ size += 3; /* For quotes and terminator */
+ value = wpa_zalloc(size);
+ if (value == NULL)
+ goto error;
+ ret = snprintf(value, size, "\"%s\"",
+ entry.str_value);
+ if (ret < 0 || (size_t) ret != (size - 1))
+ goto error;
+ } else {
+ value = strdup(entry.str_value);
+ if (value == NULL)
+ goto error;
+ }
+ } else if (entry.type == DBUS_TYPE_UINT32) {
+ value = wpa_zalloc(size);
+ if (value == NULL)
+ goto error;
+ ret = snprintf(value, size, "%u", entry.uint32_value);
+ if (ret <= 0)
+ goto error;
+ } else if (entry.type == DBUS_TYPE_INT32) {
+ value = wpa_zalloc(size);
+ if (value == NULL)
+ goto error;
+ ret = snprintf(value, size, "%d", entry.int32_value);
+ if (ret <= 0)
+ goto error;
+ } else
+ goto error;
+
+ if (wpa_config_set(ssid, entry.key, value, 0) < 0)
+ goto error;
+
+ if ((strcmp(entry.key, "psk") == 0 &&
+ value[0] == '"' && ssid->ssid_len) ||
+ (strcmp(entry.key, "ssid") == 0 && ssid->passphrase))
+ wpa_config_update_psk(ssid);
+
+ free(value);
+ wpa_dbus_dict_entry_clear(&entry);
+ continue;
+
+ error:
+ free(value);
+ reply = wpas_dbus_new_invalid_opts_error(message, entry.key);
+ wpa_dbus_dict_entry_clear(&entry);
+ break;
+ }
+
+ if (!reply)
+ reply = wpas_dbus_new_success_reply(message);
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_enable_network - Mark a configured network as enabled
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * @ssid: wpa_ssid structure for a configured network
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "enable" method call of a configured network.
+ */
+DBusMessage * wpas_dbus_iface_enable_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ if (wpa_s->current_ssid == NULL && ssid->disabled) {
+ /*
+ * Try to reassociate since there is no current configuration
+ * and a new network was made available.
+ */
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
+ ssid->disabled = 0;
+
+ return wpas_dbus_new_success_reply(message);
+}
+
+
+/**
+ * wpas_dbus_iface_disable_network - Mark a configured network as disabled
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * @ssid: wpa_ssid structure for a configured network
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "disable" method call of a configured network.
+ */
+DBusMessage * wpas_dbus_iface_disable_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ if (ssid == wpa_s->current_ssid)
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ ssid->disabled = 1;
+
+ return wpas_dbus_new_success_reply(message);
+}
+
+
+/**
+ * wpas_dbus_iface_select_network - Attempt association with a configured network
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "selectNetwork" method call of network interface.
+ */
+DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ const char *op;
+ struct wpa_ssid *ssid;
+ char *iface_obj_path = NULL;
+ char *network = NULL;
+
+ if (strlen(dbus_message_get_signature(message)) == 0) {
+ /* Any network */
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ ssid->disabled = 0;
+ ssid = ssid->next;
+ }
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ } else {
+ const char *obj_path;
+ int nid;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_OBJECT_PATH, &op,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message,
+ NULL);
+ goto out;
+ }
+
+ /* Extract the network number */
+ iface_obj_path = wpas_dbus_decompose_object_path(op,
+ &network,
+ NULL);
+ if (iface_obj_path == NULL) {
+ reply = wpas_dbus_new_invalid_iface_error(message);
+ goto out;
+ }
+ /* Ensure the object path really points to this interface */
+ obj_path = wpa_supplicant_get_dbus_path(wpa_s);
+ if (strcmp(iface_obj_path, obj_path) != 0) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+
+ nid = strtoul(network, NULL, 10);
+ if (errno == EINVAL) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+
+ ssid = wpa_config_get_network(wpa_s->conf, nid);
+ if (ssid == NULL) {
+ reply = wpas_dbus_new_invalid_network_error(message);
+ goto out;
+ }
+
+ /* Finally, associate with the network */
+ if (ssid != wpa_s->current_ssid && wpa_s->current_ssid)
+ wpa_supplicant_disassociate(wpa_s,
+ REASON_DEAUTH_LEAVING);
+
+ /* Mark all other networks disabled and trigger reassociation
+ */
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ ssid->disabled = (nid != ssid->id);
+ ssid = ssid->next;
+ }
+ wpa_s->disconnected = 0;
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
+
+ reply = wpas_dbus_new_success_reply(message);
+
+out:
+ free(iface_obj_path);
+ free(network);
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_disconnect - Terminate the current connection
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "disconnect" method call of network interface.
+ */
+DBusMessage * wpas_dbus_iface_disconnect(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ wpa_s->disconnected = 1;
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+
+ return wpas_dbus_new_success_reply(message);
+}
+
+
+/**
+ * wpas_dbus_iface_set_ap_scan - Control roaming mode
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Handler function for "setAPScan" method call.
+ */
+DBusMessage * wpas_dbus_iface_set_ap_scan(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ dbus_uint32_t ap_scan = 1;
+
+ if (!dbus_message_get_args(message, NULL, DBUS_TYPE_UINT32, &ap_scan,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ if (ap_scan > 2) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+ wpa_s->conf->ap_scan = ap_scan;
+ reply = wpas_dbus_new_success_reply(message);
+
+out:
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_get_state - Get interface state
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing a STRING representing the current
+ * interface state
+ *
+ * Handler function for "state" method call.
+ */
+DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ const char *str_state;
+
+ reply = dbus_message_new_method_return(message);
+ if (reply != NULL) {
+ str_state = wpa_supplicant_state_txt(wpa_s->wpa_state);
+ dbus_message_append_args(reply, DBUS_TYPE_STRING, &str_state,
+ DBUS_TYPE_INVALID);
+ }
+
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_set_blobs - Store named binary blobs (ie, for certificates)
+ * @message: Pointer to incoming dbus message
+ * @global: %wpa_supplicant global data structure
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Asks wpa_supplicant to internally store a one or more binary blobs.
+ */
+DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
+ DBusMessageIter iter, iter_dict;
+
+ dbus_message_iter_init(message, &iter);
+
+ if (!wpa_dbus_dict_open_read(&iter, &iter_dict))
+ return wpas_dbus_new_invalid_opts_error(message, NULL);
+
+ while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
+ struct wpa_config_blob *blob;
+
+ if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) {
+ reply = wpas_dbus_new_invalid_opts_error(message,
+ NULL);
+ break;
+ }
+
+ if (entry.type != DBUS_TYPE_ARRAY ||
+ entry.array_type != DBUS_TYPE_BYTE) {
+ reply = wpas_dbus_new_invalid_opts_error(
+ message, "Byte array expected.");
+ break;
+ }
+
+ if ((entry.array_len <= 0) || (entry.array_len > 65536) ||
+ !strlen(entry.key)) {
+ reply = wpas_dbus_new_invalid_opts_error(
+ message, "Invalid array size.");
+ break;
+ }
+
+ blob = os_zalloc(sizeof(*blob));
+ if (blob == NULL) {
+ reply = dbus_message_new_error(
+ message, WPAS_ERROR_ADD_ERROR,
+ "Not enough memory to add blob.");
+ break;
+ }
+ blob->data = os_zalloc(entry.array_len);
+ if (blob->data == NULL) {
+ reply = dbus_message_new_error(
+ message, WPAS_ERROR_ADD_ERROR,
+ "Not enough memory to add blob data.");
+ os_free(blob);
+ break;
+ }
+
+ blob->name = os_strdup(entry.key);
+ blob->len = entry.array_len;
+ os_memcpy(blob->data, (u8 *) entry.bytearray_value,
+ entry.array_len);
+ if (blob->name == NULL || blob->data == NULL) {
+ wpa_config_free_blob(blob);
+ reply = dbus_message_new_error(
+ message, WPAS_ERROR_ADD_ERROR,
+ "Error adding blob.");
+ break;
+ }
+
+ /* Success */
+ wpa_config_remove_blob(wpa_s->conf, blob->name);
+ wpa_config_set_blob(wpa_s->conf, blob);
+ wpa_dbus_dict_entry_clear(&entry);
+ }
+ wpa_dbus_dict_entry_clear(&entry);
+
+ return reply ? reply : wpas_dbus_new_success_reply(message);
+}
+
+
+/**
+ * wpas_dbus_iface_remove_blob - Remove named binary blobs
+ * @message: Pointer to incoming dbus message
+ * @global: %wpa_supplicant global data structure
+ * Returns: A dbus message containing a UINT32 indicating success (1) or
+ * failure (0)
+ *
+ * Asks wpa_supplicant to remove one or more previously stored binary blobs.
+ */
+DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessageIter iter, array;
+ char *err_msg = NULL;
+
+ dbus_message_iter_init(message, &iter);
+
+ if ((dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) ||
+ (dbus_message_iter_get_element_type (&iter) != DBUS_TYPE_STRING))
+ return wpas_dbus_new_invalid_opts_error(message, NULL);
+
+ dbus_message_iter_recurse(&iter, &array);
+ while (dbus_message_iter_get_arg_type(&array) == DBUS_TYPE_STRING) {
+ const char *name;
+
+ dbus_message_iter_get_basic(&array, &name);
+ if (!strlen(name))
+ err_msg = "Invalid blob name.";
+
+ if (wpa_config_remove_blob(wpa_s->conf, name) != 0)
+ err_msg = "Error removing blob.";
+ dbus_message_iter_next(&array);
+ }
+
+ if (err_msg) {
+ return dbus_message_new_error(message, WPAS_ERROR_REMOVE_ERROR,
+ err_msg);
+ }
+
+ return wpas_dbus_new_success_reply(message);
+}
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CTRL_IFACE_DBUS_HANDLERS_H
+#define CTRL_IFACE_DBUS_HANDLERS_H
+
+#ifdef CONFIG_CTRL_IFACE_DBUS
+
+DBusMessage * wpas_dbus_new_invalid_iface_error(DBusMessage *message);
+
+DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,
+ struct wpa_global *global);
+
+DBusMessage * wpas_dbus_global_remove_interface(DBusMessage *message,
+ struct wpa_global *global);
+
+DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,
+ struct wpa_global *global);
+
+DBusMessage * wpas_dbus_iface_scan(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_bssid_properties(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *res);
+
+DBusMessage * wpas_dbus_iface_capabilities(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_set_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+
+DBusMessage * wpas_dbus_iface_enable_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+
+DBusMessage * wpas_dbus_iface_disable_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+
+DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_disconnect(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_set_ap_scan(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
+#endif /* CONFIG_CTRL_IFACE_DBUS */
+
+#endif /* CTRL_IFACE_DBUS_HANDLERS_H */
+
--- /dev/null
+/*
+ * WPA Supplicant / Windows Named Pipe -based control interface
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface.h"
+#include "wpa_ctrl.h"
+
+#ifdef __MINGW32_VERSION
+/* mingw-w32api v3.1 does not yet include sddl.h, so define needed parts here
+ */
+#define SDDL_REVISION_1 1
+BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
+ LPCSTR, DWORD, PSECURITY_DESCRIPTOR *, PULONG);
+BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
+ LPCWSTR, DWORD, PSECURITY_DESCRIPTOR *, PULONG);
+#ifdef UNICODE
+#define ConvertStringSecurityDescriptorToSecurityDescriptor \
+ConvertStringSecurityDescriptorToSecurityDescriptorW
+#else
+#define ConvertStringSecurityDescriptorToSecurityDescriptor \
+ConvertStringSecurityDescriptorToSecurityDescriptorA
+#endif
+#else /* __MINGW32_VERSION */
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0500
+#endif
+#include <sddl.h>
+#endif /* __MINGW32_VERSION */
+
+#ifndef WPA_SUPPLICANT_NAMED_PIPE
+#define WPA_SUPPLICANT_NAMED_PIPE "WpaSupplicant"
+#endif
+#define NAMED_PIPE_PREFIX TEXT("\\\\.\\pipe\\") TEXT(WPA_SUPPLICANT_NAMED_PIPE)
+
+/* Per-interface ctrl_iface */
+
+#define REQUEST_BUFSIZE 256
+#define REPLY_BUFSIZE 4096
+
+struct ctrl_iface_priv;
+
+/**
+ * struct wpa_ctrl_dst - Internal data structure of control interface clients
+ *
+ * This structure is used to store information about registered control
+ * interface monitors into struct wpa_supplicant. This data is private to
+ * ctrl_iface_named_pipe.c and should not be touched directly from other files.
+ */
+struct wpa_ctrl_dst {
+ /* Note: OVERLAPPED must be the first member of struct wpa_ctrl_dst */
+ OVERLAPPED overlap;
+ struct wpa_ctrl_dst *next, *prev;
+ struct ctrl_iface_priv *priv;
+ HANDLE pipe;
+ int attached;
+ int debug_level;
+ int errors;
+ char req_buf[REQUEST_BUFSIZE];
+ char *rsp_buf;
+ int used;
+};
+
+
+struct ctrl_iface_priv {
+ struct wpa_supplicant *wpa_s;
+ struct wpa_ctrl_dst *ctrl_dst;
+ SECURITY_ATTRIBUTES attr;
+ int sec_attr_set;
+};
+
+
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len);
+
+static void ctrl_close_pipe(struct wpa_ctrl_dst *dst);
+static void wpa_supplicant_ctrl_iface_receive(void *, void *);
+static VOID WINAPI ctrl_iface_read_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap);
+
+struct wpa_global_dst;
+static void global_close_pipe(struct wpa_global_dst *dst);
+static void wpa_supplicant_global_iface_receive(void *eloop_data,
+ void *user_ctx);
+static VOID WINAPI global_iface_read_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap);
+
+
+static int ctrl_broken_pipe(HANDLE pipe, int used)
+{
+ DWORD err;
+
+ if (PeekNamedPipe(pipe, NULL, 0, NULL, NULL, NULL))
+ return 0;
+
+ err = GetLastError();
+ if (err == ERROR_BROKEN_PIPE || (err == ERROR_BAD_PIPE && used))
+ return 1;
+ return 0;
+}
+
+
+static void ctrl_flush_broken_pipes(struct ctrl_iface_priv *priv)
+{
+ struct wpa_ctrl_dst *dst, *next;
+
+ dst = priv->ctrl_dst;
+
+ while (dst) {
+ next = dst->next;
+ if (ctrl_broken_pipe(dst->pipe, dst->used)) {
+ wpa_printf(MSG_DEBUG, "CTRL: closing broken pipe %p",
+ dst);
+ ctrl_close_pipe(dst);
+ }
+ dst = next;
+ }
+}
+
+
+static int ctrl_open_pipe(struct ctrl_iface_priv *priv)
+{
+ struct wpa_ctrl_dst *dst;
+ DWORD err;
+ TCHAR name[256];
+
+ dst = os_zalloc(sizeof(*dst));
+ if (dst == NULL)
+ return -1;
+ wpa_printf(MSG_DEBUG, "CTRL: Open pipe %p", dst);
+
+ dst->priv = priv;
+ dst->debug_level = MSG_INFO;
+ dst->pipe = INVALID_HANDLE_VALUE;
+
+ dst->overlap.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
+ if (dst->overlap.hEvent == NULL) {
+ wpa_printf(MSG_ERROR, "CTRL: CreateEvent failed: %d",
+ (int) GetLastError());
+ goto fail;
+ }
+
+ eloop_register_event(dst->overlap.hEvent,
+ sizeof(dst->overlap.hEvent),
+ wpa_supplicant_ctrl_iface_receive, dst, NULL);
+
+#ifdef UNICODE
+ _snwprintf(name, 256, NAMED_PIPE_PREFIX TEXT("-%S"),
+ priv->wpa_s->ifname);
+#else /* UNICODE */
+ os_snprintf(name, 256, NAMED_PIPE_PREFIX "-%s",
+ priv->wpa_s->ifname);
+#endif /* UNICODE */
+
+ /* TODO: add support for configuring access list for the pipe */
+ dst->pipe = CreateNamedPipe(name,
+ PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
+ PIPE_TYPE_MESSAGE |
+ PIPE_READMODE_MESSAGE |
+ PIPE_WAIT,
+ 15, REPLY_BUFSIZE, REQUEST_BUFSIZE,
+ 1000,
+ priv->sec_attr_set ? &priv->attr : NULL);
+ if (dst->pipe == INVALID_HANDLE_VALUE) {
+ wpa_printf(MSG_ERROR, "CTRL: CreateNamedPipe failed: %d",
+ (int) GetLastError());
+ goto fail;
+ }
+
+ if (ConnectNamedPipe(dst->pipe, &dst->overlap)) {
+ wpa_printf(MSG_ERROR, "CTRL: ConnectNamedPipe failed: %d",
+ (int) GetLastError());
+ CloseHandle(dst->pipe);
+ os_free(dst);
+ return -1;
+ }
+
+ err = GetLastError();
+ switch (err) {
+ case ERROR_IO_PENDING:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: connection in "
+ "progress");
+ break;
+ case ERROR_PIPE_CONNECTED:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: already "
+ "connected");
+ if (SetEvent(dst->overlap.hEvent))
+ break;
+ /* fall through */
+ default:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe error: %d",
+ (int) err);
+ CloseHandle(dst->pipe);
+ os_free(dst);
+ return -1;
+ }
+
+ dst->next = priv->ctrl_dst;
+ if (dst->next)
+ dst->next->prev = dst;
+ priv->ctrl_dst = dst;
+
+ return 0;
+
+fail:
+ ctrl_close_pipe(dst);
+ return -1;
+}
+
+
+static void ctrl_close_pipe(struct wpa_ctrl_dst *dst)
+{
+ wpa_printf(MSG_DEBUG, "CTRL: close pipe %p", dst);
+
+ if (dst->overlap.hEvent) {
+ eloop_unregister_event(dst->overlap.hEvent,
+ sizeof(dst->overlap.hEvent));
+ CloseHandle(dst->overlap.hEvent);
+ }
+
+ if (dst->pipe != INVALID_HANDLE_VALUE) {
+ /*
+ * Could use FlushFileBuffers() here to guarantee that all data
+ * gets delivered to the client, but that can block, so let's
+ * not do this for now.
+ * FlushFileBuffers(dst->pipe);
+ */
+ CloseHandle(dst->pipe);
+ }
+
+ if (dst->prev)
+ dst->prev->next = dst->next;
+ else
+ dst->priv->ctrl_dst = dst->next;
+ if (dst->next)
+ dst->next->prev = dst->prev;
+
+ os_free(dst->rsp_buf);
+ os_free(dst);
+}
+
+
+static VOID WINAPI ctrl_iface_write_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap)
+{
+ struct wpa_ctrl_dst *dst = (struct wpa_ctrl_dst *) overlap;
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped write completed: dst=%p "
+ "err=%d bytes=%d", dst, (int) err, (int) bytes);
+ if (err) {
+ ctrl_close_pipe(dst);
+ return;
+ }
+
+ os_free(dst->rsp_buf);
+ dst->rsp_buf = NULL;
+
+ if (!ReadFileEx(dst->pipe, dst->req_buf, sizeof(dst->req_buf),
+ &dst->overlap, ctrl_iface_read_completed)) {
+ wpa_printf(MSG_DEBUG, "CTRL: ReadFileEx failed: %d",
+ (int) GetLastError());
+ ctrl_close_pipe(dst);
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped read started for %p", dst);
+}
+
+
+static void wpa_supplicant_ctrl_iface_rx(struct wpa_ctrl_dst *dst, size_t len)
+{
+ struct wpa_supplicant *wpa_s = dst->priv->wpa_s;
+ char *reply = NULL, *send_buf;
+ size_t reply_len = 0, send_len;
+ int new_attached = 0;
+ char *buf = dst->req_buf;
+
+ dst->used = 1;
+ if (len >= REQUEST_BUFSIZE)
+ len = REQUEST_BUFSIZE - 1;
+ buf[len] = '\0';
+
+ if (os_strcmp(buf, "ATTACH") == 0) {
+ dst->attached = 1;
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached");
+ new_attached = 1;
+ reply_len = 2;
+ } else if (os_strcmp(buf, "DETACH") == 0) {
+ dst->attached = 0;
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached");
+ reply_len = 2;
+ } else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", buf + 6);
+ dst->debug_level = atoi(buf + 6);
+ reply_len = 2;
+ } else {
+ reply = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
+ &reply_len);
+ }
+
+ if (reply) {
+ send_buf = reply;
+ send_len = reply_len;
+ } else if (reply_len == 2) {
+ send_buf = "OK\n";
+ send_len = 3;
+ } else {
+ send_buf = "FAIL\n";
+ send_len = 5;
+ }
+
+ os_free(dst->rsp_buf);
+ dst->rsp_buf = os_malloc(send_len);
+ if (dst->rsp_buf == NULL) {
+ ctrl_close_pipe(dst);
+ os_free(reply);
+ return;
+ }
+ os_memcpy(dst->rsp_buf, send_buf, send_len);
+ os_free(reply);
+
+ if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap,
+ ctrl_iface_write_completed)) {
+ wpa_printf(MSG_DEBUG, "CTRL: WriteFileEx failed: %d",
+ (int) GetLastError());
+ ctrl_close_pipe(dst);
+ } else {
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped write started for %p",
+ dst);
+ }
+
+ if (new_attached)
+ eapol_sm_notify_ctrl_attached(wpa_s->eapol);
+}
+
+
+static VOID WINAPI ctrl_iface_read_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap)
+{
+ struct wpa_ctrl_dst *dst = (struct wpa_ctrl_dst *) overlap;
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped read completed: dst=%p err=%d "
+ "bytes=%d", dst, (int) err, (int) bytes);
+ if (err == 0 && bytes > 0)
+ wpa_supplicant_ctrl_iface_rx(dst, bytes);
+}
+
+
+static void wpa_supplicant_ctrl_iface_receive(void *eloop_data, void *user_ctx)
+{
+ struct wpa_ctrl_dst *dst = eloop_data;
+ struct ctrl_iface_priv *priv = dst->priv;
+ DWORD bytes;
+
+ wpa_printf(MSG_DEBUG, "CTRL: wpa_supplicant_ctrl_iface_receive");
+ ResetEvent(dst->overlap.hEvent);
+
+ if (!GetOverlappedResult(dst->pipe, &dst->overlap, &bytes, FALSE)) {
+ wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult failed: %d",
+ (int) GetLastError());
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult: New client "
+ "connected");
+
+ /* Open a new named pipe for the next client. */
+ ctrl_open_pipe(priv);
+
+ /* Use write completion function to start reading a command */
+ ctrl_iface_write_completed(0, 0, &dst->overlap);
+
+ ctrl_flush_broken_pipes(priv);
+}
+
+
+static int ctrl_iface_parse(struct ctrl_iface_priv *priv, const char *params)
+{
+ const char *sddl = NULL;
+ TCHAR *t_sddl;
+
+ if (os_strncmp(params, "SDDL=", 5) == 0)
+ sddl = params + 5;
+ if (!sddl) {
+ sddl = os_strstr(params, " SDDL=");
+ if (sddl)
+ sddl += 6;
+ }
+
+ if (!sddl)
+ return 0;
+
+ wpa_printf(MSG_DEBUG, "CTRL: SDDL='%s'", sddl);
+ os_memset(&priv->attr, 0, sizeof(priv->attr));
+ priv->attr.nLength = sizeof(priv->attr);
+ priv->attr.bInheritHandle = FALSE;
+ t_sddl = wpa_strdup_tchar(sddl);
+ if (t_sddl == NULL)
+ return -1;
+ if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
+ t_sddl, SDDL_REVISION_1,
+ (PSECURITY_DESCRIPTOR *) &priv->attr.lpSecurityDescriptor,
+ NULL)) {
+ os_free(t_sddl);
+ wpa_printf(MSG_ERROR, "CTRL: SDDL='%s' - could not convert to "
+ "security descriptor: %d",
+ sddl, (int) GetLastError());
+ return -1;
+ }
+ os_free(t_sddl);
+
+ priv->sec_attr_set = 1;
+
+ return 0;
+}
+
+
+static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
+ const char *txt, size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
+ return;
+ wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
+}
+
+
+struct ctrl_iface_priv *
+wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_priv *priv;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->wpa_s = wpa_s;
+
+ if (wpa_s->conf->ctrl_interface == NULL)
+ return priv;
+
+ if (ctrl_iface_parse(priv, wpa_s->conf->ctrl_interface) < 0) {
+ os_free(priv);
+ return NULL;
+ }
+
+ if (ctrl_open_pipe(priv) < 0) {
+ os_free(priv);
+ return NULL;
+ }
+
+ wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
+
+ return priv;
+}
+
+
+void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+{
+ while (priv->ctrl_dst)
+ ctrl_close_pipe(priv->ctrl_dst);
+ if (priv->sec_attr_set)
+ LocalFree(priv->attr.lpSecurityDescriptor);
+ os_free(priv);
+}
+
+
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len)
+{
+ struct wpa_ctrl_dst *dst, *next;
+ char levelstr[10];
+ int idx;
+ char *sbuf;
+ int llen;
+ DWORD written;
+
+ dst = priv->ctrl_dst;
+ if (dst == NULL)
+ return;
+
+ os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
+
+ llen = os_strlen(levelstr);
+ sbuf = os_malloc(llen + len);
+ if (sbuf == NULL)
+ return;
+
+ os_memcpy(sbuf, levelstr, llen);
+ os_memcpy(sbuf + llen, buf, len);
+
+ idx = 0;
+ while (dst) {
+ next = dst->next;
+ if (dst->attached && level >= dst->debug_level) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %p",
+ dst);
+ if (!WriteFile(dst->pipe, sbuf, llen + len, &written,
+ NULL)) {
+ wpa_printf(MSG_DEBUG, "CTRL: WriteFile to dst "
+ "%p failed: %d",
+ dst, (int) GetLastError());
+ dst->errors++;
+ if (dst->errors > 10)
+ ctrl_close_pipe(dst);
+ } else
+ dst->errors = 0;
+ }
+ idx++;
+ dst = next;
+ }
+ os_free(sbuf);
+}
+
+
+void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
+{
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
+ priv->wpa_s->ifname);
+ if (priv->ctrl_dst == NULL)
+ return;
+ WaitForSingleObject(priv->ctrl_dst->pipe, INFINITE);
+}
+
+
+/* Global ctrl_iface */
+
+struct ctrl_iface_global_priv;
+
+struct wpa_global_dst {
+ /* Note: OVERLAPPED must be the first member of struct wpa_global_dst
+ */
+ OVERLAPPED overlap;
+ struct wpa_global_dst *next, *prev;
+ struct ctrl_iface_global_priv *priv;
+ HANDLE pipe;
+ char req_buf[REQUEST_BUFSIZE];
+ char *rsp_buf;
+ int used;
+};
+
+struct ctrl_iface_global_priv {
+ struct wpa_global *global;
+ struct wpa_global_dst *ctrl_dst;
+};
+
+
+static void global_flush_broken_pipes(struct ctrl_iface_global_priv *priv)
+{
+ struct wpa_global_dst *dst, *next;
+
+ dst = priv->ctrl_dst;
+
+ while (dst) {
+ next = dst->next;
+ if (ctrl_broken_pipe(dst->pipe, dst->used)) {
+ wpa_printf(MSG_DEBUG, "CTRL: closing broken pipe %p",
+ dst);
+ global_close_pipe(dst);
+ }
+ dst = next;
+ }
+}
+
+
+static int global_open_pipe(struct ctrl_iface_global_priv *priv)
+{
+ struct wpa_global_dst *dst;
+ DWORD err;
+
+ dst = os_zalloc(sizeof(*dst));
+ if (dst == NULL)
+ return -1;
+ wpa_printf(MSG_DEBUG, "CTRL: Open pipe %p", dst);
+
+ dst->priv = priv;
+ dst->pipe = INVALID_HANDLE_VALUE;
+
+ dst->overlap.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
+ if (dst->overlap.hEvent == NULL) {
+ wpa_printf(MSG_ERROR, "CTRL: CreateEvent failed: %d",
+ (int) GetLastError());
+ goto fail;
+ }
+
+ eloop_register_event(dst->overlap.hEvent,
+ sizeof(dst->overlap.hEvent),
+ wpa_supplicant_global_iface_receive, dst, NULL);
+
+ /* TODO: add support for configuring access list for the pipe */
+ dst->pipe = CreateNamedPipe(NAMED_PIPE_PREFIX,
+ PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
+ PIPE_TYPE_MESSAGE |
+ PIPE_READMODE_MESSAGE |
+ PIPE_WAIT,
+ 10, REPLY_BUFSIZE, REQUEST_BUFSIZE,
+ 1000, NULL);
+ if (dst->pipe == INVALID_HANDLE_VALUE) {
+ wpa_printf(MSG_ERROR, "CTRL: CreateNamedPipe failed: %d",
+ (int) GetLastError());
+ goto fail;
+ }
+
+ if (ConnectNamedPipe(dst->pipe, &dst->overlap)) {
+ wpa_printf(MSG_ERROR, "CTRL: ConnectNamedPipe failed: %d",
+ (int) GetLastError());
+ CloseHandle(dst->pipe);
+ os_free(dst);
+ return -1;
+ }
+
+ err = GetLastError();
+ switch (err) {
+ case ERROR_IO_PENDING:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: connection in "
+ "progress");
+ break;
+ case ERROR_PIPE_CONNECTED:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: already "
+ "connected");
+ if (SetEvent(dst->overlap.hEvent))
+ break;
+ /* fall through */
+ default:
+ wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe error: %d",
+ (int) err);
+ CloseHandle(dst->pipe);
+ os_free(dst);
+ return -1;
+ }
+
+ dst->next = priv->ctrl_dst;
+ if (dst->next)
+ dst->next->prev = dst;
+ priv->ctrl_dst = dst;
+
+ return 0;
+
+fail:
+ global_close_pipe(dst);
+ return -1;
+}
+
+
+static void global_close_pipe(struct wpa_global_dst *dst)
+{
+ wpa_printf(MSG_DEBUG, "CTRL: close pipe %p", dst);
+
+ if (dst->overlap.hEvent) {
+ eloop_unregister_event(dst->overlap.hEvent,
+ sizeof(dst->overlap.hEvent));
+ CloseHandle(dst->overlap.hEvent);
+ }
+
+ if (dst->pipe != INVALID_HANDLE_VALUE) {
+ /*
+ * Could use FlushFileBuffers() here to guarantee that all data
+ * gets delivered to the client, but that can block, so let's
+ * not do this for now.
+ * FlushFileBuffers(dst->pipe);
+ */
+ CloseHandle(dst->pipe);
+ }
+
+ if (dst->prev)
+ dst->prev->next = dst->next;
+ else
+ dst->priv->ctrl_dst = dst->next;
+ if (dst->next)
+ dst->next->prev = dst->prev;
+
+ os_free(dst->rsp_buf);
+ os_free(dst);
+}
+
+
+static VOID WINAPI global_iface_write_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap)
+{
+ struct wpa_global_dst *dst = (struct wpa_global_dst *) overlap;
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped write completed: dst=%p "
+ "err=%d bytes=%d", dst, (int) err, (int) bytes);
+ if (err) {
+ global_close_pipe(dst);
+ return;
+ }
+
+ os_free(dst->rsp_buf);
+ dst->rsp_buf = NULL;
+
+ if (!ReadFileEx(dst->pipe, dst->req_buf, sizeof(dst->req_buf),
+ &dst->overlap, global_iface_read_completed)) {
+ wpa_printf(MSG_DEBUG, "CTRL: ReadFileEx failed: %d",
+ (int) GetLastError());
+ global_close_pipe(dst);
+ /* FIX: if this was the pipe waiting for new global
+ * connections, at this point there are no open global pipes..
+ * Should try to open a new pipe.. */
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped read started for %p", dst);
+}
+
+
+static void wpa_supplicant_global_iface_rx(struct wpa_global_dst *dst,
+ size_t len)
+{
+ struct wpa_global *global = dst->priv->global;
+ char *reply = NULL, *send_buf;
+ size_t reply_len = 0, send_len;
+ char *buf = dst->req_buf;
+
+ dst->used = 1;
+ if (len >= REQUEST_BUFSIZE)
+ len = REQUEST_BUFSIZE - 1;
+ buf[len] = '\0';
+
+ reply = wpa_supplicant_global_ctrl_iface_process(global, buf,
+ &reply_len);
+ if (reply) {
+ send_buf = reply;
+ send_len = reply_len;
+ } else if (reply_len) {
+ send_buf = "FAIL\n";
+ send_len = 5;
+ } else {
+ os_free(dst->rsp_buf);
+ dst->rsp_buf = NULL;
+ return;
+ }
+
+ os_free(dst->rsp_buf);
+ dst->rsp_buf = os_malloc(send_len);
+ if (dst->rsp_buf == NULL) {
+ global_close_pipe(dst);
+ os_free(reply);
+ return;
+ }
+ os_memcpy(dst->rsp_buf, send_buf, send_len);
+ os_free(reply);
+
+ if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap,
+ global_iface_write_completed)) {
+ wpa_printf(MSG_DEBUG, "CTRL: WriteFileEx failed: %d",
+ (int) GetLastError());
+ global_close_pipe(dst);
+ } else {
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped write started for %p",
+ dst);
+ }
+}
+
+
+static VOID WINAPI global_iface_read_completed(DWORD err, DWORD bytes,
+ LPOVERLAPPED overlap)
+{
+ struct wpa_global_dst *dst = (struct wpa_global_dst *) overlap;
+ wpa_printf(MSG_DEBUG, "CTRL: Overlapped read completed: dst=%p err=%d "
+ "bytes=%d", dst, (int) err, (int) bytes);
+ if (err == 0 && bytes > 0)
+ wpa_supplicant_global_iface_rx(dst, bytes);
+}
+
+
+static void wpa_supplicant_global_iface_receive(void *eloop_data,
+ void *user_ctx)
+{
+ struct wpa_global_dst *dst = eloop_data;
+ struct ctrl_iface_global_priv *priv = dst->priv;
+ DWORD bytes;
+
+ wpa_printf(MSG_DEBUG, "CTRL: wpa_supplicant_global_iface_receive");
+ ResetEvent(dst->overlap.hEvent);
+
+ if (!GetOverlappedResult(dst->pipe, &dst->overlap, &bytes, FALSE)) {
+ wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult failed: %d",
+ (int) GetLastError());
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult: New client "
+ "connected");
+
+ /* Open a new named pipe for the next client. */
+ if (global_open_pipe(priv) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL: global_open_pipe failed");
+ return;
+ }
+
+ /* Use write completion function to start reading a command */
+ global_iface_write_completed(0, 0, &dst->overlap);
+
+ global_flush_broken_pipes(priv);
+}
+
+
+struct ctrl_iface_global_priv *
+wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
+{
+ struct ctrl_iface_global_priv *priv;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->global = global;
+
+ if (global_open_pipe(priv) < 0) {
+ os_free(priv);
+ return NULL;
+ }
+
+ return priv;
+}
+
+
+void
+wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
+{
+ while (priv->ctrl_dst)
+ global_close_pipe(priv->ctrl_dst);
+ os_free(priv);
+}
--- /dev/null
+/*
+ * WPA Supplicant / UDP socket -based control interface
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface.h"
+#include "wpa_ctrl.h"
+
+
+#define COOKIE_LEN 8
+
+/* Per-interface ctrl_iface */
+
+/**
+ * struct wpa_ctrl_dst - Internal data structure of control interface monitors
+ *
+ * This structure is used to store information about registered control
+ * interface monitors into struct wpa_supplicant. This data is private to
+ * ctrl_iface_udp.c and should not be touched directly from other files.
+ */
+struct wpa_ctrl_dst {
+ struct wpa_ctrl_dst *next;
+ struct sockaddr_in addr;
+ socklen_t addrlen;
+ int debug_level;
+ int errors;
+};
+
+
+struct ctrl_iface_priv {
+ struct wpa_supplicant *wpa_s;
+ int sock;
+ struct wpa_ctrl_dst *ctrl_dst;
+ u8 cookie[COOKIE_LEN];
+};
+
+
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len);
+
+
+static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,
+ struct sockaddr_in *from,
+ socklen_t fromlen)
+{
+ struct wpa_ctrl_dst *dst;
+
+ dst = os_zalloc(sizeof(*dst));
+ if (dst == NULL)
+ return -1;
+ os_memcpy(&dst->addr, from, sizeof(struct sockaddr_in));
+ dst->addrlen = fromlen;
+ dst->debug_level = MSG_INFO;
+ dst->next = priv->ctrl_dst;
+ priv->ctrl_dst = dst;
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
+ inet_ntoa(from->sin_addr), ntohs(from->sin_port));
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,
+ struct sockaddr_in *from,
+ socklen_t fromlen)
+{
+ struct wpa_ctrl_dst *dst, *prev = NULL;
+
+ dst = priv->ctrl_dst;
+ while (dst) {
+ if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
+ from->sin_port == dst->addr.sin_port) {
+ if (prev == NULL)
+ priv->ctrl_dst = dst->next;
+ else
+ prev->next = dst->next;
+ os_free(dst);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
+ "%s:%d", inet_ntoa(from->sin_addr),
+ ntohs(from->sin_port));
+ return 0;
+ }
+ prev = dst;
+ dst = dst->next;
+ }
+ return -1;
+}
+
+
+static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
+ struct sockaddr_in *from,
+ socklen_t fromlen,
+ char *level)
+{
+ struct wpa_ctrl_dst *dst;
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
+
+ dst = priv->ctrl_dst;
+ while (dst) {
+ if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
+ from->sin_port == dst->addr.sin_port) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
+ "level %s:%d", inet_ntoa(from->sin_addr),
+ ntohs(from->sin_port));
+ dst->debug_level = atoi(level);
+ return 0;
+ }
+ dst = dst->next;
+ }
+
+ return -1;
+}
+
+
+static char *
+wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
+ size_t *reply_len)
+{
+ char *reply;
+ reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
+ if (reply == NULL) {
+ *reply_len = 1;
+ return NULL;
+ }
+
+ os_memcpy(reply, "COOKIE=", 7);
+ wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
+ priv->cookie, COOKIE_LEN);
+
+ *reply_len = 7 + 2 * COOKIE_LEN;
+ return reply;
+}
+
+
+static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct ctrl_iface_priv *priv = sock_ctx;
+ char buf[256], *pos;
+ int res;
+ struct sockaddr_in from;
+ socklen_t fromlen = sizeof(from);
+ char *reply = NULL;
+ size_t reply_len = 0;
+ int new_attached = 0;
+ u8 cookie[COOKIE_LEN];
+
+ res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(ctrl_iface)");
+ return;
+ }
+ if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
+ /*
+ * The OS networking stack is expected to drop this kind of
+ * frames since the socket is bound to only localhost address.
+ * Just in case, drop the frame if it is coming from any other
+ * address.
+ */
+ wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
+ "source %s", inet_ntoa(from.sin_addr));
+ return;
+ }
+ buf[res] = '\0';
+
+ if (os_strcmp(buf, "GET_COOKIE") == 0) {
+ reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
+ goto done;
+ }
+
+ /*
+ * Require that the client includes a prefix with the 'cookie' value
+ * fetched with GET_COOKIE command. This is used to verify that the
+ * client has access to a bidirectional link over UDP in order to
+ * avoid attacks using forged localhost IP address even if the OS does
+ * not block such frames from remote destinations.
+ */
+ if (os_strncmp(buf, "COOKIE=", 7) != 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
+ "drop request");
+ return;
+ }
+
+ if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
+ "request - drop request");
+ return;
+ }
+
+ if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
+ "drop request");
+ return;
+ }
+
+ pos = buf + 7 + 2 * COOKIE_LEN;
+ while (*pos == ' ')
+ pos++;
+
+ if (os_strcmp(pos, "ATTACH") == 0) {
+ if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))
+ reply_len = 1;
+ else {
+ new_attached = 1;
+ reply_len = 2;
+ }
+ } else if (os_strcmp(pos, "DETACH") == 0) {
+ if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))
+ reply_len = 1;
+ else
+ reply_len = 2;
+ } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
+ if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
+ pos + 6))
+ reply_len = 1;
+ else
+ reply_len = 2;
+ } else {
+ reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
+ &reply_len);
+ }
+
+ done:
+ if (reply) {
+ sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen);
+ os_free(reply);
+ } else if (reply_len == 1) {
+ sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+ fromlen);
+ } else if (reply_len == 2) {
+ sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
+ fromlen);
+ }
+
+ if (new_attached)
+ eapol_sm_notify_ctrl_attached(wpa_s->eapol);
+}
+
+
+static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
+ const char *txt, size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
+ return;
+ wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
+}
+
+
+struct ctrl_iface_priv *
+wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_priv *priv;
+ struct sockaddr_in addr;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->wpa_s = wpa_s;
+ priv->sock = -1;
+ os_get_random(priv->cookie, COOKIE_LEN);
+
+ if (wpa_s->conf->ctrl_interface == NULL)
+ return priv;
+
+ priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (priv->sock < 0) {
+ perror("socket(PF_INET)");
+ goto fail;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = htonl((127 << 24) | 1);
+ addr.sin_port = htons(WPA_CTRL_IFACE_PORT);
+ if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ perror("bind(AF_INET)");
+ goto fail;
+ }
+
+ eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
+ wpa_s, priv);
+ wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
+
+ return priv;
+
+fail:
+ if (priv->sock >= 0)
+ close(priv->sock);
+ os_free(priv);
+ return NULL;
+}
+
+
+void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+{
+ struct wpa_ctrl_dst *dst, *prev;
+
+ if (priv->sock > -1) {
+ eloop_unregister_read_sock(priv->sock);
+ if (priv->ctrl_dst) {
+ /*
+ * Wait a second before closing the control socket if
+ * there are any attached monitors in order to allow
+ * them to receive any pending messages.
+ */
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
+ "monitors to receive messages");
+ os_sleep(1, 0);
+ }
+ close(priv->sock);
+ priv->sock = -1;
+ }
+
+ dst = priv->ctrl_dst;
+ while (dst) {
+ prev = dst;
+ dst = dst->next;
+ os_free(prev);
+ }
+ os_free(priv);
+}
+
+
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len)
+{
+ struct wpa_ctrl_dst *dst, *next;
+ char levelstr[10];
+ int idx;
+ char *sbuf;
+ int llen;
+
+ dst = priv->ctrl_dst;
+ if (priv->sock < 0 || dst == NULL)
+ return;
+
+ os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
+
+ llen = os_strlen(levelstr);
+ sbuf = os_malloc(llen + len);
+ if (sbuf == NULL)
+ return;
+
+ os_memcpy(sbuf, levelstr, llen);
+ os_memcpy(sbuf + llen, buf, len);
+
+ idx = 0;
+ while (dst) {
+ next = dst->next;
+ if (level >= dst->debug_level) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
+ inet_ntoa(dst->addr.sin_addr),
+ ntohs(dst->addr.sin_port));
+ if (sendto(priv->sock, sbuf, llen + len, 0,
+ (struct sockaddr *) &dst->addr,
+ sizeof(dst->addr)) < 0) {
+ perror("sendto(CTRL_IFACE monitor)");
+ dst->errors++;
+ if (dst->errors > 10) {
+ wpa_supplicant_ctrl_iface_detach(
+ priv, &dst->addr,
+ dst->addrlen);
+ }
+ } else
+ dst->errors = 0;
+ }
+ idx++;
+ dst = next;
+ }
+ os_free(sbuf);
+}
+
+
+void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
+{
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
+ priv->wpa_s->ifname);
+ eloop_wait_for_read_sock(priv->sock);
+}
+
+
+/* Global ctrl_iface */
+
+struct ctrl_iface_global_priv {
+ int sock;
+ u8 cookie[COOKIE_LEN];
+};
+
+
+static char *
+wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
+ size_t *reply_len)
+{
+ char *reply;
+ reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
+ if (reply == NULL) {
+ *reply_len = 1;
+ return NULL;
+ }
+
+ os_memcpy(reply, "COOKIE=", 7);
+ wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
+ priv->cookie, COOKIE_LEN);
+
+ *reply_len = 7 + 2 * COOKIE_LEN;
+ return reply;
+}
+
+
+static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_global *global = eloop_ctx;
+ struct ctrl_iface_global_priv *priv = sock_ctx;
+ char buf[256], *pos;
+ int res;
+ struct sockaddr_in from;
+ socklen_t fromlen = sizeof(from);
+ char *reply;
+ size_t reply_len;
+ u8 cookie[COOKIE_LEN];
+
+ res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(ctrl_iface)");
+ return;
+ }
+ if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
+ /*
+ * The OS networking stack is expected to drop this kind of
+ * frames since the socket is bound to only localhost address.
+ * Just in case, drop the frame if it is coming from any other
+ * address.
+ */
+ wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
+ "source %s", inet_ntoa(from.sin_addr));
+ return;
+ }
+ buf[res] = '\0';
+
+ if (os_strcmp(buf, "GET_COOKIE") == 0) {
+ reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
+ goto done;
+ }
+
+ if (os_strncmp(buf, "COOKIE=", 7) != 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
+ "drop request");
+ return;
+ }
+
+ if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
+ "request - drop request");
+ return;
+ }
+
+ if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
+ "drop request");
+ return;
+ }
+
+ pos = buf + 7 + 2 * COOKIE_LEN;
+ while (*pos == ' ')
+ pos++;
+
+ reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
+ &reply_len);
+
+ done:
+ if (reply) {
+ sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen);
+ os_free(reply);
+ } else if (reply_len) {
+ sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+ fromlen);
+ }
+}
+
+
+struct ctrl_iface_global_priv *
+wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
+{
+ struct ctrl_iface_global_priv *priv;
+ struct sockaddr_in addr;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->sock = -1;
+ os_get_random(priv->cookie, COOKIE_LEN);
+
+ if (global->params.ctrl_interface == NULL)
+ return priv;
+
+ wpa_printf(MSG_DEBUG, "Global control interface '%s'",
+ global->params.ctrl_interface);
+
+ priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (priv->sock < 0) {
+ perror("socket(PF_INET)");
+ goto fail;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = htonl((127 << 24) | 1);
+ addr.sin_port = htons(WPA_GLOBAL_CTRL_IFACE_PORT);
+ if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ perror("bind(AF_INET)");
+ goto fail;
+ }
+
+ eloop_register_read_sock(priv->sock,
+ wpa_supplicant_global_ctrl_iface_receive,
+ global, priv);
+
+ return priv;
+
+fail:
+ if (priv->sock >= 0)
+ close(priv->sock);
+ os_free(priv);
+ return NULL;
+}
+
+
+void
+wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
+{
+ if (priv->sock >= 0) {
+ eloop_unregister_read_sock(priv->sock);
+ close(priv->sock);
+ }
+ os_free(priv);
+}
--- /dev/null
+/*
+ * WPA Supplicant / UNIX domain socket -based control interface
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <grp.h>
+
+#include "common.h"
+#include "eloop.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface.h"
+
+/* Per-interface ctrl_iface */
+
+/**
+ * struct wpa_ctrl_dst - Internal data structure of control interface monitors
+ *
+ * This structure is used to store information about registered control
+ * interface monitors into struct wpa_supplicant. This data is private to
+ * ctrl_iface_unix.c and should not be touched directly from other files.
+ */
+struct wpa_ctrl_dst {
+ struct wpa_ctrl_dst *next;
+ struct sockaddr_un addr;
+ socklen_t addrlen;
+ int debug_level;
+ int errors;
+};
+
+
+struct ctrl_iface_priv {
+ struct wpa_supplicant *wpa_s;
+ int sock;
+ struct wpa_ctrl_dst *ctrl_dst;
+};
+
+
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len);
+
+
+static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,
+ struct sockaddr_un *from,
+ socklen_t fromlen)
+{
+ struct wpa_ctrl_dst *dst;
+
+ dst = os_zalloc(sizeof(*dst));
+ if (dst == NULL)
+ return -1;
+ os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
+ dst->addrlen = fromlen;
+ dst->debug_level = MSG_INFO;
+ dst->next = priv->ctrl_dst;
+ priv->ctrl_dst = dst;
+ wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached",
+ (u8 *) from->sun_path, fromlen - sizeof(from->sun_family));
+ return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,
+ struct sockaddr_un *from,
+ socklen_t fromlen)
+{
+ struct wpa_ctrl_dst *dst, *prev = NULL;
+
+ dst = priv->ctrl_dst;
+ while (dst) {
+ if (fromlen == dst->addrlen &&
+ os_memcmp(from->sun_path, dst->addr.sun_path,
+ fromlen - sizeof(from->sun_family)) == 0) {
+ if (prev == NULL)
+ priv->ctrl_dst = dst->next;
+ else
+ prev->next = dst->next;
+ os_free(dst);
+ wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
+ (u8 *) from->sun_path,
+ fromlen - sizeof(from->sun_family));
+ return 0;
+ }
+ prev = dst;
+ dst = dst->next;
+ }
+ return -1;
+}
+
+
+static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
+ struct sockaddr_un *from,
+ socklen_t fromlen,
+ char *level)
+{
+ struct wpa_ctrl_dst *dst;
+
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
+
+ dst = priv->ctrl_dst;
+ while (dst) {
+ if (fromlen == dst->addrlen &&
+ os_memcmp(from->sun_path, dst->addr.sun_path,
+ fromlen - sizeof(from->sun_family)) == 0) {
+ wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor "
+ "level", (u8 *) from->sun_path,
+ fromlen - sizeof(from->sun_family));
+ dst->debug_level = atoi(level);
+ return 0;
+ }
+ dst = dst->next;
+ }
+
+ return -1;
+}
+
+
+static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct ctrl_iface_priv *priv = sock_ctx;
+ char buf[256];
+ int res;
+ struct sockaddr_un from;
+ socklen_t fromlen = sizeof(from);
+ char *reply = NULL;
+ size_t reply_len = 0;
+ int new_attached = 0;
+
+ res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(ctrl_iface)");
+ return;
+ }
+ buf[res] = '\0';
+
+ if (os_strcmp(buf, "ATTACH") == 0) {
+ if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))
+ reply_len = 1;
+ else {
+ new_attached = 1;
+ reply_len = 2;
+ }
+ } else if (os_strcmp(buf, "DETACH") == 0) {
+ if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))
+ reply_len = 1;
+ else
+ reply_len = 2;
+ } else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
+ if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
+ buf + 6))
+ reply_len = 1;
+ else
+ reply_len = 2;
+ } else {
+ reply = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
+ &reply_len);
+ }
+
+ if (reply) {
+ sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen);
+ os_free(reply);
+ } else if (reply_len == 1) {
+ sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+ fromlen);
+ } else if (reply_len == 2) {
+ sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
+ fromlen);
+ }
+
+ if (new_attached)
+ eapol_sm_notify_ctrl_attached(wpa_s->eapol);
+}
+
+
+static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s)
+{
+ char *buf;
+ size_t len;
+ char *pbuf, *dir = NULL, *gid_str = NULL;
+
+ if (wpa_s->conf->ctrl_interface == NULL)
+ return NULL;
+
+ pbuf = os_strdup(wpa_s->conf->ctrl_interface);
+ if (pbuf == NULL)
+ return NULL;
+ if (os_strncmp(pbuf, "DIR=", 4) == 0) {
+ dir = pbuf + 4;
+ gid_str = os_strstr(dir, " GROUP=");
+ if (gid_str) {
+ *gid_str = '\0';
+ gid_str += 7;
+ }
+ } else
+ dir = pbuf;
+
+ len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2;
+ buf = os_malloc(len);
+ if (buf == NULL) {
+ os_free(pbuf);
+ return NULL;
+ }
+
+ os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname);
+#ifdef __CYGWIN__
+ {
+ /* Windows/WinPcap uses interface names that are not suitable
+ * as a file name - convert invalid chars to underscores */
+ char *pos = buf;
+ while (*pos) {
+ if (*pos == '\\')
+ *pos = '_';
+ pos++;
+ }
+ }
+#endif /* __CYGWIN__ */
+ os_free(pbuf);
+ return buf;
+}
+
+
+static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
+ const char *txt, size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
+ return;
+ wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
+}
+
+
+struct ctrl_iface_priv *
+wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_priv *priv;
+ struct sockaddr_un addr;
+ char *fname = NULL;
+ gid_t gid = 0;
+ int gid_set = 0;
+ char *buf, *dir = NULL, *gid_str = NULL;
+ struct group *grp;
+ char *endp;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->wpa_s = wpa_s;
+ priv->sock = -1;
+
+ if (wpa_s->conf->ctrl_interface == NULL)
+ return priv;
+
+ buf = os_strdup(wpa_s->conf->ctrl_interface);
+ if (buf == NULL)
+ goto fail;
+ if (os_strncmp(buf, "DIR=", 4) == 0) {
+ dir = buf + 4;
+ gid_str = os_strstr(dir, " GROUP=");
+ if (gid_str) {
+ *gid_str = '\0';
+ gid_str += 7;
+ }
+ } else {
+ dir = buf;
+ gid_str = wpa_s->conf->ctrl_interface_group;
+ }
+
+ if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) {
+ if (errno == EEXIST) {
+ wpa_printf(MSG_DEBUG, "Using existing control "
+ "interface directory.");
+ } else {
+ perror("mkdir[ctrl_interface]");
+ goto fail;
+ }
+ }
+
+ if (gid_str) {
+ grp = getgrnam(gid_str);
+ if (grp) {
+ gid = grp->gr_gid;
+ gid_set = 1;
+ wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
+ " (from group name '%s')",
+ (int) gid, gid_str);
+ } else {
+ /* Group name not found - try to parse this as gid */
+ gid = strtol(gid_str, &endp, 10);
+ if (*gid_str == '\0' || *endp != '\0') {
+ wpa_printf(MSG_DEBUG, "CTRL: Invalid group "
+ "'%s'", gid_str);
+ goto fail;
+ }
+ gid_set = 1;
+ wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+ (int) gid);
+ }
+ }
+
+ if (gid_set && chown(dir, -1, gid) < 0) {
+ perror("chown[ctrl_interface]");
+ goto fail;
+ }
+
+ if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >=
+ sizeof(addr.sun_path))
+ goto fail;
+
+ priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
+ if (priv->sock < 0) {
+ perror("socket(PF_UNIX)");
+ goto fail;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ fname = wpa_supplicant_ctrl_iface_path(wpa_s);
+ if (fname == NULL)
+ goto fail;
+ os_strncpy(addr.sun_path, fname, sizeof(addr.sun_path));
+ if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
+ strerror(errno));
+ if (connect(priv->sock, (struct sockaddr *) &addr,
+ sizeof(addr)) < 0) {
+ wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
+ " allow connections - assuming it was left"
+ "over from forced program termination");
+ if (unlink(fname) < 0) {
+ perror("unlink[ctrl_iface]");
+ wpa_printf(MSG_ERROR, "Could not unlink "
+ "existing ctrl_iface socket '%s'",
+ fname);
+ goto fail;
+ }
+ if (bind(priv->sock, (struct sockaddr *) &addr,
+ sizeof(addr)) < 0) {
+ perror("bind(PF_UNIX)");
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
+ "ctrl_iface socket '%s'", fname);
+ } else {
+ wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
+ "be in use - cannot override it");
+ wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
+ "not used anymore", fname);
+ os_free(fname);
+ fname = NULL;
+ goto fail;
+ }
+ }
+
+ if (gid_set && chown(fname, -1, gid) < 0) {
+ perror("chown[ctrl_interface/ifname]");
+ goto fail;
+ }
+
+ if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
+ perror("chmod[ctrl_interface/ifname]");
+ goto fail;
+ }
+ os_free(fname);
+
+ eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
+ wpa_s, priv);
+ wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
+
+ os_free(buf);
+ return priv;
+
+fail:
+ if (priv->sock >= 0)
+ close(priv->sock);
+ os_free(priv);
+ if (fname) {
+ unlink(fname);
+ os_free(fname);
+ }
+ os_free(buf);
+ return NULL;
+}
+
+
+void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+{
+ struct wpa_ctrl_dst *dst, *prev;
+
+ if (priv->sock > -1) {
+ char *fname;
+ char *buf, *dir = NULL, *gid_str = NULL;
+ eloop_unregister_read_sock(priv->sock);
+ if (priv->ctrl_dst) {
+ /*
+ * Wait a second before closing the control socket if
+ * there are any attached monitors in order to allow
+ * them to receive any pending messages.
+ */
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
+ "monitors to receive messages");
+ os_sleep(1, 0);
+ }
+ close(priv->sock);
+ priv->sock = -1;
+ fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s);
+ if (fname) {
+ unlink(fname);
+ os_free(fname);
+ }
+
+ buf = os_strdup(priv->wpa_s->conf->ctrl_interface);
+ if (buf == NULL)
+ goto free_dst;
+ if (os_strncmp(buf, "DIR=", 4) == 0) {
+ dir = buf + 4;
+ gid_str = os_strstr(dir, " GROUP=");
+ if (gid_str) {
+ *gid_str = '\0';
+ gid_str += 7;
+ }
+ } else
+ dir = buf;
+
+ if (rmdir(dir) < 0) {
+ if (errno == ENOTEMPTY) {
+ wpa_printf(MSG_DEBUG, "Control interface "
+ "directory not empty - leaving it "
+ "behind");
+ } else {
+ perror("rmdir[ctrl_interface]");
+ }
+ }
+ os_free(buf);
+ }
+
+free_dst:
+ dst = priv->ctrl_dst;
+ while (dst) {
+ prev = dst;
+ dst = dst->next;
+ os_free(prev);
+ }
+ os_free(priv);
+}
+
+
+/**
+ * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors
+ * @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
+ * @level: Priority level of the message
+ * @buf: Message data
+ * @len: Message length
+ *
+ * Send a packet to all monitor programs attached to the control interface.
+ */
+static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
+ int level, const char *buf,
+ size_t len)
+{
+ struct wpa_ctrl_dst *dst, *next;
+ char levelstr[10];
+ int idx;
+ struct msghdr msg;
+ struct iovec io[2];
+
+ dst = priv->ctrl_dst;
+ if (priv->sock < 0 || dst == NULL)
+ return;
+
+ os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
+ io[0].iov_base = levelstr;
+ io[0].iov_len = os_strlen(levelstr);
+ io[1].iov_base = (char *) buf;
+ io[1].iov_len = len;
+ os_memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 2;
+
+ idx = 0;
+ while (dst) {
+ next = dst->next;
+ if (level >= dst->debug_level) {
+ wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor send",
+ (u8 *) dst->addr.sun_path, dst->addrlen -
+ sizeof(dst->addr.sun_family));
+ msg.msg_name = (void *) &dst->addr;
+ msg.msg_namelen = dst->addrlen;
+ if (sendmsg(priv->sock, &msg, 0) < 0) {
+ perror("sendmsg(CTRL_IFACE monitor)");
+ dst->errors++;
+ if (dst->errors > 10) {
+ wpa_supplicant_ctrl_iface_detach(
+ priv, &dst->addr,
+ dst->addrlen);
+ }
+ } else
+ dst->errors = 0;
+ }
+ idx++;
+ dst = next;
+ }
+}
+
+
+void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
+{
+ char buf[256];
+ int res;
+ struct sockaddr_un from;
+ socklen_t fromlen = sizeof(from);
+
+ for (;;) {
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to "
+ "attach", priv->wpa_s->ifname);
+ eloop_wait_for_read_sock(priv->sock);
+
+ res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(ctrl_iface)");
+ continue;
+ }
+ buf[res] = '\0';
+
+ if (os_strcmp(buf, "ATTACH") == 0) {
+ /* handle ATTACH signal of first monitor interface */
+ if (!wpa_supplicant_ctrl_iface_attach(priv, &from,
+ fromlen)) {
+ sendto(priv->sock, "OK\n", 3, 0,
+ (struct sockaddr *) &from, fromlen);
+ /* OK to continue */
+ return;
+ } else {
+ sendto(priv->sock, "FAIL\n", 5, 0,
+ (struct sockaddr *) &from, fromlen);
+ }
+ } else {
+ /* return FAIL for all other signals */
+ sendto(priv->sock, "FAIL\n", 5, 0,
+ (struct sockaddr *) &from, fromlen);
+ }
+ }
+}
+
+
+/* Global ctrl_iface */
+
+struct ctrl_iface_global_priv {
+ struct wpa_global *global;
+ int sock;
+};
+
+
+static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_global *global = eloop_ctx;
+ char buf[256];
+ int res;
+ struct sockaddr_un from;
+ socklen_t fromlen = sizeof(from);
+ char *reply;
+ size_t reply_len;
+
+ res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(ctrl_iface)");
+ return;
+ }
+ buf[res] = '\0';
+
+ reply = wpa_supplicant_global_ctrl_iface_process(global, buf,
+ &reply_len);
+
+ if (reply) {
+ sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen);
+ os_free(reply);
+ } else if (reply_len) {
+ sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+ fromlen);
+ }
+}
+
+
+struct ctrl_iface_global_priv *
+wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
+{
+ struct ctrl_iface_global_priv *priv;
+ struct sockaddr_un addr;
+
+ priv = os_zalloc(sizeof(*priv));
+ if (priv == NULL)
+ return NULL;
+ priv->global = global;
+ priv->sock = -1;
+
+ if (global->params.ctrl_interface == NULL)
+ return priv;
+
+ wpa_printf(MSG_DEBUG, "Global control interface '%s'",
+ global->params.ctrl_interface);
+
+ priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
+ if (priv->sock < 0) {
+ perror("socket(PF_UNIX)");
+ goto fail;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_strncpy(addr.sun_path, global->params.ctrl_interface,
+ sizeof(addr.sun_path));
+ if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ perror("bind(PF_UNIX)");
+ if (connect(priv->sock, (struct sockaddr *) &addr,
+ sizeof(addr)) < 0) {
+ wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
+ " allow connections - assuming it was left"
+ "over from forced program termination");
+ if (unlink(global->params.ctrl_interface) < 0) {
+ perror("unlink[ctrl_iface]");
+ wpa_printf(MSG_ERROR, "Could not unlink "
+ "existing ctrl_iface socket '%s'",
+ global->params.ctrl_interface);
+ goto fail;
+ }
+ if (bind(priv->sock, (struct sockaddr *) &addr,
+ sizeof(addr)) < 0) {
+ perror("bind(PF_UNIX)");
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
+ "ctrl_iface socket '%s'",
+ global->params.ctrl_interface);
+ } else {
+ wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
+ "be in use - cannot override it");
+ wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
+ "not used anymore",
+ global->params.ctrl_interface);
+ goto fail;
+ }
+ }
+
+ eloop_register_read_sock(priv->sock,
+ wpa_supplicant_global_ctrl_iface_receive,
+ global, NULL);
+
+ return priv;
+
+fail:
+ if (priv->sock >= 0)
+ close(priv->sock);
+ os_free(priv);
+ return NULL;
+}
+
+
+void
+wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
+{
+ if (priv->sock >= 0) {
+ eloop_unregister_read_sock(priv->sock);
+ close(priv->sock);
+ }
+ if (priv->global->params.ctrl_interface)
+ unlink(priv->global->params.ctrl_interface);
+ os_free(priv);
+}
--- /dev/null
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="fi.epitest.hostap.WPASupplicant"/>
+
+ <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+ <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+ </policy>
+ <policy context="default">
+ <deny own="fi.epitest.hostap.WPASupplicant"/>
+ <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
+ <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
+ </policy>
+</busconfig>
--- /dev/null
+[D-BUS Service]
+Name=fi.epitest.hostap.WPASupplicant
+Exec=/sbin/wpa_supplicant -u
+User=root
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <dbus/dbus.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "common.h"
+#include "dbus_dict_helpers.h"
+
+
+/**
+ * Start a dict in a dbus message. Should be paired with a call to
+ * {@link wpa_dbus_dict_close_write}.
+ *
+ * @param iter A valid dbus message iterator
+ * @param iter_dict (out) A dict iterator to pass to further dict functions
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_open_write(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict)
+{
+ dbus_bool_t result;
+
+ if (!iter || !iter_dict)
+ return FALSE;
+
+ result = dbus_message_iter_open_container(
+ iter,
+ DBUS_TYPE_ARRAY,
+ DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING
+ DBUS_TYPE_STRING_AS_STRING
+ DBUS_TYPE_VARIANT_AS_STRING
+ DBUS_DICT_ENTRY_END_CHAR_AS_STRING,
+ iter_dict);
+ return result;
+}
+
+
+/**
+ * End a dict element in a dbus message. Should be paired with
+ * a call to {@link wpa_dbus_dict_open_write}.
+ *
+ * @param iter valid dbus message iterator, same as passed to
+ * wpa_dbus_dict_open_write()
+ * @param iter_dict a dbus dict iterator returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_close_write(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict)
+{
+ if (!iter || !iter_dict)
+ return FALSE;
+
+ return dbus_message_iter_close_container(iter, iter_dict);
+}
+
+
+static const char * _wpa_get_type_as_string_from_type(const int type)
+{
+ switch(type) {
+ case DBUS_TYPE_BYTE:
+ return DBUS_TYPE_BYTE_AS_STRING;
+ case DBUS_TYPE_BOOLEAN:
+ return DBUS_TYPE_BOOLEAN_AS_STRING;
+ case DBUS_TYPE_INT16:
+ return DBUS_TYPE_INT16_AS_STRING;
+ case DBUS_TYPE_UINT16:
+ return DBUS_TYPE_UINT16_AS_STRING;
+ case DBUS_TYPE_INT32:
+ return DBUS_TYPE_INT32_AS_STRING;
+ case DBUS_TYPE_UINT32:
+ return DBUS_TYPE_UINT32_AS_STRING;
+ case DBUS_TYPE_INT64:
+ return DBUS_TYPE_INT64_AS_STRING;
+ case DBUS_TYPE_UINT64:
+ return DBUS_TYPE_UINT64_AS_STRING;
+ case DBUS_TYPE_DOUBLE:
+ return DBUS_TYPE_DOUBLE_AS_STRING;
+ case DBUS_TYPE_STRING:
+ return DBUS_TYPE_STRING_AS_STRING;
+ case DBUS_TYPE_OBJECT_PATH:
+ return DBUS_TYPE_OBJECT_PATH_AS_STRING;
+ case DBUS_TYPE_ARRAY:
+ return DBUS_TYPE_ARRAY_AS_STRING;
+ default:
+ return NULL;
+ }
+}
+
+
+static dbus_bool_t _wpa_dbus_add_dict_entry_start(
+ DBusMessageIter *iter_dict, DBusMessageIter *iter_dict_entry,
+ const char *key, const int value_type)
+{
+ if (!dbus_message_iter_open_container(iter_dict,
+ DBUS_TYPE_DICT_ENTRY, NULL,
+ iter_dict_entry))
+ return FALSE;
+
+ if (!dbus_message_iter_append_basic(iter_dict_entry, DBUS_TYPE_STRING,
+ &key))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+static dbus_bool_t _wpa_dbus_add_dict_entry_end(
+ DBusMessageIter *iter_dict, DBusMessageIter *iter_dict_entry,
+ DBusMessageIter *iter_dict_val)
+{
+ if (!dbus_message_iter_close_container(iter_dict_entry, iter_dict_val))
+ return FALSE;
+ if (!dbus_message_iter_close_container(iter_dict, iter_dict_entry))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+static dbus_bool_t _wpa_dbus_add_dict_entry_basic(DBusMessageIter *iter_dict,
+ const char *key,
+ const int value_type,
+ const void *value)
+{
+ DBusMessageIter iter_dict_entry, iter_dict_val;
+ const char *type_as_string = NULL;
+
+ type_as_string = _wpa_get_type_as_string_from_type(value_type);
+ if (!type_as_string)
+ return FALSE;
+
+ if (!_wpa_dbus_add_dict_entry_start(iter_dict, &iter_dict_entry,
+ key, value_type))
+ return FALSE;
+
+ if (!dbus_message_iter_open_container(&iter_dict_entry,
+ DBUS_TYPE_VARIANT,
+ type_as_string, &iter_dict_val))
+ return FALSE;
+
+ if (!dbus_message_iter_append_basic(&iter_dict_val, value_type, value))
+ return FALSE;
+
+ if (!_wpa_dbus_add_dict_entry_end(iter_dict, &iter_dict_entry,
+ &iter_dict_val))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+static dbus_bool_t _wpa_dbus_add_dict_entry_byte_array(
+ DBusMessageIter *iter_dict, const char *key,
+ const char *value, const dbus_uint32_t value_len)
+{
+ DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
+ dbus_uint32_t i;
+
+ if (!_wpa_dbus_add_dict_entry_start(iter_dict, &iter_dict_entry,
+ key, DBUS_TYPE_ARRAY))
+ return FALSE;
+
+ if (!dbus_message_iter_open_container(&iter_dict_entry,
+ DBUS_TYPE_VARIANT,
+ DBUS_TYPE_ARRAY_AS_STRING
+ DBUS_TYPE_BYTE_AS_STRING,
+ &iter_dict_val))
+ return FALSE;
+
+ if (!dbus_message_iter_open_container(&iter_dict_val, DBUS_TYPE_ARRAY,
+ DBUS_TYPE_BYTE_AS_STRING,
+ &iter_array))
+ return FALSE;
+
+ for (i = 0; i < value_len; i++) {
+ if (!dbus_message_iter_append_basic(&iter_array,
+ DBUS_TYPE_BYTE,
+ &(value[i])))
+ return FALSE;
+ }
+
+ if (!dbus_message_iter_close_container(&iter_dict_val, &iter_array))
+ return FALSE;
+
+ if (!_wpa_dbus_add_dict_entry_end(iter_dict, &iter_dict_entry,
+ &iter_dict_val))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/**
+ * Add a string entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The string value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_string(DBusMessageIter *iter_dict,
+ const char *key, const char *value)
+{
+ if (!key || !value)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_STRING,
+ &value);
+}
+
+
+/**
+ * Add a byte entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The byte value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_byte(DBusMessageIter *iter_dict,
+ const char *key, const char value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_BYTE,
+ &value);
+}
+
+
+/**
+ * Add a boolean entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The boolean value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_bool(DBusMessageIter *iter_dict,
+ const char *key, const dbus_bool_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key,
+ DBUS_TYPE_BOOLEAN, &value);
+}
+
+
+/**
+ * Add a 16-bit signed integer entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 16-bit signed integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_int16(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int16_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_INT16,
+ &value);
+}
+
+
+/**
+ * Add a 16-bit unsigned integer entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 16-bit unsigned integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_uint16(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint16_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_UINT16,
+ &value);
+}
+
+
+/**
+ * Add a 32-bit signed integer to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 32-bit signed integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_int32(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int32_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_INT32,
+ &value);
+}
+
+
+/**
+ * Add a 32-bit unsigned integer entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 32-bit unsigned integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_uint32(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint32_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_UINT32,
+ &value);
+}
+
+
+/**
+ * Add a 64-bit integer entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 64-bit integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_int64(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int64_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_INT64,
+ &value);
+}
+
+
+/**
+ * Add a 64-bit unsigned integer entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The 64-bit unsigned integer value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_uint64(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint64_t value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_UINT64,
+ &value);
+}
+
+
+/**
+ * Add a double-precision floating point entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The double-precision floating point value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_double(DBusMessageIter *iter_dict,
+ const char * key,
+ const double value)
+{
+ if (!key)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_DOUBLE,
+ &value);
+}
+
+
+/**
+ * Add a DBus object path entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The DBus object path value
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_object_path(DBusMessageIter *iter_dict,
+ const char *key,
+ const char *value)
+{
+ if (!key || !value)
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_basic(iter_dict, key,
+ DBUS_TYPE_OBJECT_PATH, &value);
+}
+
+
+/**
+ * Add a byte array entry to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param value The byte array
+ * @param value_len The length of the byte array, in bytes
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_byte_array(DBusMessageIter *iter_dict,
+ const char *key,
+ const char *value,
+ const dbus_uint32_t value_len)
+{
+ if (!key)
+ return FALSE;
+ if (!value && (value_len != 0))
+ return FALSE;
+ return _wpa_dbus_add_dict_entry_byte_array(iter_dict, key, value,
+ value_len);
+}
+
+
+/**
+ * Begin a string array entry in the dict
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link nmu_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param iter_dict_entry A private DBusMessageIter provided by the caller to
+ * be passed to {@link wpa_dbus_dict_end_string_array}
+ * @param iter_dict_val A private DBusMessageIter provided by the caller to
+ * be passed to {@link wpa_dbus_dict_end_string_array}
+ * @param iter_array On return, the DBusMessageIter to be passed to
+ * {@link wpa_dbus_dict_string_array_add_element}
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_begin_string_array(DBusMessageIter *iter_dict,
+ const char *key,
+ DBusMessageIter *iter_dict_entry,
+ DBusMessageIter *iter_dict_val,
+ DBusMessageIter *iter_array)
+{
+ if (!iter_dict || !iter_dict_entry || !iter_dict_val || !iter_array)
+ return FALSE;
+
+ if (!_wpa_dbus_add_dict_entry_start(iter_dict, iter_dict_entry,
+ key, DBUS_TYPE_ARRAY))
+ return FALSE;
+
+ if (!dbus_message_iter_open_container(iter_dict_entry,
+ DBUS_TYPE_VARIANT,
+ DBUS_TYPE_ARRAY_AS_STRING
+ DBUS_TYPE_STRING_AS_STRING,
+ iter_dict_val))
+ return FALSE;
+
+ if (!dbus_message_iter_open_container(iter_dict_val, DBUS_TYPE_ARRAY,
+ DBUS_TYPE_BYTE_AS_STRING,
+ iter_array))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/**
+ * Add a single string element to a string array dict entry
+ *
+ * @param iter_array A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_begin_string_array}'s
+ * iter_array parameter
+ * @param elem The string element to be added to the dict entry's string array
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_string_array_add_element(DBusMessageIter *iter_array,
+ const char *elem)
+{
+ if (!iter_array || !elem)
+ return FALSE;
+
+ return dbus_message_iter_append_basic(iter_array, DBUS_TYPE_STRING,
+ &elem);
+}
+
+
+/**
+ * End a string array dict entry
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link nmu_dbus_dict_open_write}
+ * @param iter_dict_entry A private DBusMessageIter returned from
+ * {@link wpa_dbus_dict_end_string_array}
+ * @param iter_dict_val A private DBusMessageIter returned from
+ * {@link wpa_dbus_dict_end_string_array}
+ * @param iter_array A DBusMessageIter returned from
+ * {@link wpa_dbus_dict_end_string_array}
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_end_string_array(DBusMessageIter *iter_dict,
+ DBusMessageIter *iter_dict_entry,
+ DBusMessageIter *iter_dict_val,
+ DBusMessageIter *iter_array)
+{
+ if (!iter_dict || !iter_dict_entry || !iter_dict_val || !iter_array)
+ return FALSE;
+
+ if (!dbus_message_iter_close_container(iter_dict_val, iter_array))
+ return FALSE;
+
+ if (!_wpa_dbus_add_dict_entry_end(iter_dict, iter_dict_entry,
+ iter_dict_val))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/**
+ * Convenience function to add an entire string array to the dict.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link nmu_dbus_dict_open_write}
+ * @param key The key of the dict item
+ * @param items The array of strings
+ * @param num_items The number of strings in the array
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_append_string_array(DBusMessageIter *iter_dict,
+ const char *key,
+ const char **items,
+ const dbus_uint32_t num_items)
+{
+ DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
+ dbus_uint32_t i;
+
+ if (!key)
+ return FALSE;
+ if (!items && (num_items != 0))
+ return FALSE;
+
+ if (!wpa_dbus_dict_begin_string_array(iter_dict, key,
+ &iter_dict_entry, &iter_dict_val,
+ &iter_array))
+ return FALSE;
+
+ for (i = 0; i < num_items; i++) {
+ if (!wpa_dbus_dict_string_array_add_element(&iter_array,
+ items[i]))
+ return FALSE;
+ }
+
+ if (!wpa_dbus_dict_end_string_array(iter_dict, &iter_dict_entry,
+ &iter_dict_val, &iter_array))
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/*****************************************************/
+/* Stuff for reading dicts */
+/*****************************************************/
+
+/**
+ * Start reading from a dbus dict.
+ *
+ * @param iter A valid DBusMessageIter pointing to the start of the dict
+ * @param iter_dict (out) A DBusMessageIter to be passed to
+ * {@link wpa_dbus_dict_read_next_entry}
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict)
+{
+ if (!iter || !iter_dict)
+ return FALSE;
+
+ if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY ||
+ dbus_message_iter_get_element_type(iter) != DBUS_TYPE_DICT_ENTRY)
+ return FALSE;
+
+ dbus_message_iter_recurse(iter, iter_dict);
+ return TRUE;
+}
+
+
+static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
+ DBusMessageIter *iter, int array_len, int array_type,
+ struct wpa_dbus_dict_entry *entry)
+{
+ dbus_uint32_t i = 0;
+ dbus_bool_t success = FALSE;
+ char byte;
+
+ /* Zero-length arrays are valid. */
+ if (array_len == 0) {
+ entry->bytearray_value = NULL;
+ entry->array_type = DBUS_TYPE_BYTE;
+ success = TRUE;
+ goto done;
+ }
+
+ entry->bytearray_value = wpa_zalloc(array_len * sizeof(char));
+ if (!entry->bytearray_value) {
+ perror("_wpa_dbus_dict_entry_get_byte_array[dbus]: out of "
+ "memory");
+ goto done;
+ }
+
+ entry->array_type = DBUS_TYPE_BYTE;
+ entry->array_len = array_len;
+ while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_BYTE) {
+ dbus_message_iter_get_basic(iter, &byte);
+ entry->bytearray_value[i++] = byte;
+ dbus_message_iter_next(iter);
+ }
+ success = TRUE;
+
+done:
+ return success;
+}
+
+
+static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
+ DBusMessageIter *iter, int array_len, int array_type,
+ struct wpa_dbus_dict_entry *entry)
+{
+ dbus_uint32_t count = 0;
+ dbus_bool_t success = FALSE;
+ char **buffer;
+
+ entry->strarray_value = NULL;
+ entry->array_type = DBUS_TYPE_STRING;
+
+ /* Zero-length arrays are valid. */
+ if (array_len == 0) {
+ success = TRUE;
+ goto done;
+ }
+
+ buffer = wpa_zalloc(sizeof (char *) * 8);
+ if (buffer == NULL) {
+ perror("_wpa_dbus_dict_entry_get_string_array[dbus] out of "
+ "memory trying to retrieve a string array");
+ goto done;
+ }
+
+ entry->strarray_value = buffer;
+ entry->array_len = 0;
+ while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_STRING) {
+ const char *value;
+ char *str;
+
+ if ((count % 8) == 0 && count != 0) {
+ char **tmp;
+ tmp = realloc(buffer, sizeof(char *) * (count + 8));
+ if (tmp == NULL) {
+ perror("_wpa_dbus_dict_entry_get_string_array["
+ "dbus] out of memory trying to "
+ "retrieve the string array");
+ free(buffer);
+ buffer = NULL;
+ goto done;
+ }
+ buffer = tmp;
+ }
+ entry->strarray_value = buffer;
+
+ dbus_message_iter_get_basic(iter, &value);
+ str = strdup(value);
+ if (str == NULL) {
+ perror("_wpa_dbus_dict_entry_get_string_array[dbus] "
+ "out of memory trying to duplicate the string "
+ "array");
+ goto done;
+ }
+ entry->strarray_value[count] = str;
+ entry->array_len = ++count;
+ dbus_message_iter_next(iter);
+ }
+ success = TRUE;
+
+done:
+ return success;
+}
+
+
+static dbus_bool_t _wpa_dbus_dict_entry_get_array(
+ DBusMessageIter *iter_dict_val, struct wpa_dbus_dict_entry *entry)
+{
+ int array_type = dbus_message_iter_get_element_type(iter_dict_val);
+ int array_len;
+ dbus_bool_t success = FALSE;
+ DBusMessageIter iter_array;
+
+ if (!entry)
+ return FALSE;
+
+ dbus_message_iter_recurse(iter_dict_val, &iter_array);
+
+ array_len = dbus_message_iter_get_array_len(&iter_array);
+ if (array_len < 0)
+ return FALSE;
+
+ switch (array_type) {
+ case DBUS_TYPE_BYTE:
+ success = _wpa_dbus_dict_entry_get_byte_array(&iter_array,
+ array_len,
+ array_type,
+ entry);
+ break;
+ case DBUS_TYPE_STRING:
+ success = _wpa_dbus_dict_entry_get_string_array(&iter_array,
+ array_len,
+ array_type,
+ entry);
+ break;
+ default:
+ break;
+ }
+
+ return success;
+}
+
+
+static dbus_bool_t _wpa_dbus_dict_fill_value_from_variant(
+ struct wpa_dbus_dict_entry *entry, DBusMessageIter *iter_dict_val)
+{
+ dbus_bool_t success = TRUE;
+
+ switch (entry->type) {
+ case DBUS_TYPE_STRING: {
+ const char *v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->str_value = strdup(v);
+ break;
+ }
+ case DBUS_TYPE_BOOLEAN: {
+ dbus_bool_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->bool_value = v;
+ break;
+ }
+ case DBUS_TYPE_BYTE: {
+ char v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->byte_value = v;
+ break;
+ }
+ case DBUS_TYPE_INT16: {
+ dbus_int16_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->int16_value = v;
+ break;
+ }
+ case DBUS_TYPE_UINT16: {
+ dbus_uint16_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->uint16_value = v;
+ break;
+ }
+ case DBUS_TYPE_INT32: {
+ dbus_int32_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->int32_value = v;
+ break;
+ }
+ case DBUS_TYPE_UINT32: {
+ dbus_uint32_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->uint32_value = v;
+ break;
+ }
+ case DBUS_TYPE_INT64: {
+ dbus_int64_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->int64_value = v;
+ break;
+ }
+ case DBUS_TYPE_UINT64: {
+ dbus_uint64_t v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->uint64_value = v;
+ break;
+ }
+ case DBUS_TYPE_DOUBLE: {
+ double v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->double_value = v;
+ break;
+ }
+ case DBUS_TYPE_OBJECT_PATH: {
+ char *v;
+ dbus_message_iter_get_basic(iter_dict_val, &v);
+ entry->str_value = strdup(v);
+ break;
+ }
+ case DBUS_TYPE_ARRAY: {
+ success = _wpa_dbus_dict_entry_get_array(iter_dict_val, entry);
+ break;
+ }
+ default:
+ success = FALSE;
+ break;
+ }
+
+ return success;
+}
+
+
+/**
+ * Read the current key/value entry from the dict. Entries are dynamically
+ * allocated when needed and must be freed after use with the
+ * {@link wpa_dbus_dict_entry_clear} function.
+ *
+ * The returned entry object will be filled with the type and value of the next
+ * entry in the dict, or the type will be DBUS_TYPE_INVALID if an error
+ * occurred.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_read}
+ * @param entry A valid dict entry object into which the dict key and value
+ * will be placed
+ * @return TRUE on success, FALSE on failure
+ *
+ */
+dbus_bool_t wpa_dbus_dict_get_entry(DBusMessageIter *iter_dict,
+ struct wpa_dbus_dict_entry * entry)
+{
+ DBusMessageIter iter_dict_entry, iter_dict_val;
+ int type;
+ const char *key;
+
+ if (!iter_dict || !entry)
+ goto error;
+
+ if (dbus_message_iter_get_arg_type(iter_dict) != DBUS_TYPE_DICT_ENTRY)
+ goto error;
+
+ dbus_message_iter_recurse(iter_dict, &iter_dict_entry);
+ dbus_message_iter_get_basic(&iter_dict_entry, &key);
+ entry->key = key;
+
+ if (!dbus_message_iter_next(&iter_dict_entry))
+ goto error;
+ type = dbus_message_iter_get_arg_type(&iter_dict_entry);
+ if (type != DBUS_TYPE_VARIANT)
+ goto error;
+
+ dbus_message_iter_recurse(&iter_dict_entry, &iter_dict_val);
+ entry->type = dbus_message_iter_get_arg_type(&iter_dict_val);
+ if (!_wpa_dbus_dict_fill_value_from_variant(entry, &iter_dict_val))
+ goto error;
+
+ dbus_message_iter_next(iter_dict);
+ return TRUE;
+
+error:
+ if (entry) {
+ wpa_dbus_dict_entry_clear(entry);
+ entry->type = DBUS_TYPE_INVALID;
+ entry->array_type = DBUS_TYPE_INVALID;
+ }
+
+ return FALSE;
+}
+
+
+/**
+ * Return whether or not there are additional dictionary entries.
+ *
+ * @param iter_dict A valid DBusMessageIter returned from
+ * {@link wpa_dbus_dict_open_read}
+ * @return TRUE if more dict entries exists, FALSE if no more dict entries
+ * exist
+ */
+dbus_bool_t wpa_dbus_dict_has_dict_entry(DBusMessageIter *iter_dict)
+{
+ if (!iter_dict) {
+ perror("wpa_dbus_dict_has_dict_entry[dbus]: out of memory");
+ return FALSE;
+ }
+ return dbus_message_iter_get_arg_type(iter_dict) ==
+ DBUS_TYPE_DICT_ENTRY;
+}
+
+
+/**
+ * Free any memory used by the entry object.
+ *
+ * @param entry The entry object
+ */
+void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry)
+{
+ if (!entry)
+ return;
+ switch (entry->type) {
+ case DBUS_TYPE_OBJECT_PATH:
+ case DBUS_TYPE_STRING:
+ free(entry->str_value);
+ break;
+ case DBUS_TYPE_ARRAY:
+ switch (entry->array_type) {
+ case DBUS_TYPE_BYTE:
+ free(entry->bytearray_value);
+ break;
+ }
+ break;
+ }
+
+ memset(entry, 0, sizeof(struct wpa_dbus_dict_entry));
+}
--- /dev/null
+/*
+ * WPA Supplicant / dbus-based control interface
+ * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DBUS_DICT_HELPERS_H
+#define DBUS_DICT_HELPERS_H
+
+/*
+ * Adding a dict to a DBusMessage
+ */
+
+dbus_bool_t wpa_dbus_dict_open_write(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict);
+
+dbus_bool_t wpa_dbus_dict_close_write(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict);
+
+dbus_bool_t wpa_dbus_dict_append_string(DBusMessageIter *iter_dict,
+ const char *key, const char *value);
+
+dbus_bool_t wpa_dbus_dict_append_byte(DBusMessageIter *iter_dict,
+ const char *key, const char value);
+
+dbus_bool_t wpa_dbus_dict_append_bool(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_bool_t value);
+
+dbus_bool_t wpa_dbus_dict_append_int16(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int16_t value);
+
+dbus_bool_t wpa_dbus_dict_append_uint16(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint16_t value);
+
+dbus_bool_t wpa_dbus_dict_append_int32(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int32_t value);
+
+dbus_bool_t wpa_dbus_dict_append_uint32(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint32_t value);
+
+dbus_bool_t wpa_dbus_dict_append_int64(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_int64_t value);
+
+dbus_bool_t wpa_dbus_dict_append_uint64(DBusMessageIter *iter_dict,
+ const char *key,
+ const dbus_uint64_t value);
+
+dbus_bool_t wpa_dbus_dict_append_double(DBusMessageIter *iter_dict,
+ const char *key,
+ const double value);
+
+dbus_bool_t wpa_dbus_dict_append_object_path(DBusMessageIter *iter_dict,
+ const char *key,
+ const char *value);
+
+dbus_bool_t wpa_dbus_dict_append_byte_array(DBusMessageIter *iter_dict,
+ const char *key,
+ const char *value,
+ const dbus_uint32_t value_len);
+
+/* Manual construction and addition of string array elements */
+dbus_bool_t wpa_dbus_dict_begin_string_array(DBusMessageIter *iter_dict,
+ const char *key,
+ DBusMessageIter *iter_dict_entry,
+ DBusMessageIter *iter_dict_val,
+ DBusMessageIter *iter_array);
+
+dbus_bool_t wpa_dbus_dict_string_array_add_element(DBusMessageIter *iter_array,
+ const char *elem);
+
+dbus_bool_t wpa_dbus_dict_end_string_array(DBusMessageIter *iter_dict,
+ DBusMessageIter *iter_dict_entry,
+ DBusMessageIter *iter_dict_val,
+ DBusMessageIter *iter_array);
+
+/* Convenience function to add a whole string list */
+dbus_bool_t wpa_dbus_dict_append_string_array(DBusMessageIter *iter_dict,
+ const char *key,
+ const char **items,
+ const dbus_uint32_t num_items);
+
+/*
+ * Reading a dict from a DBusMessage
+ */
+
+struct wpa_dbus_dict_entry {
+ int type; /** the dbus type of the dict entry's value */
+ int array_type; /** the dbus type of the array elements if the dict
+ entry value contains an array */
+ const char *key; /** key of the dict entry */
+
+ /** Possible values of the property */
+ union {
+ char *str_value;
+ char byte_value;
+ dbus_bool_t bool_value;
+ dbus_int16_t int16_value;
+ dbus_uint16_t uint16_value;
+ dbus_int32_t int32_value;
+ dbus_uint32_t uint32_value;
+ dbus_int64_t int64_value;
+ dbus_uint64_t uint64_value;
+ double double_value;
+ char *bytearray_value;
+ char **strarray_value;
+ };
+ dbus_uint32_t array_len; /** length of the array if the dict entry's
+ value contains an array */
+};
+
+dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
+ DBusMessageIter *iter_dict);
+
+dbus_bool_t wpa_dbus_dict_get_entry(DBusMessageIter *iter_dict,
+ struct wpa_dbus_dict_entry *entry);
+
+dbus_bool_t wpa_dbus_dict_has_dict_entry(DBusMessageIter *iter_dict);
+
+void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry);
+
+#endif /* DBUS_DICT_HELPERS_H */
--- /dev/null
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Example configuration for various cross-compilation platforms
+
+#### sveasoft (e.g., for Linksys WRT54G) ######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
+#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
+###############################################################################
+
+#### openwrt (e.g., for Linksys WRT54G) #######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
+# -I../WRT54GS/release/src/include
+#LIBS = -lssl
+###############################################################################
+
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for Agere driver
+#CONFIG_DRIVER_HERMES=y
+# Change include directories to match with the local setup
+#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
+#CFLAGS += -I../../include/wireless
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+# Change include directories to match with the local setup
+#CFLAGS += -I../madwifi/wpa
+
+# Driver interface for Prism54 driver
+# (Note: Prism54 is not yet supported, i.e., this will not work as-is and is
+# for developers only)
+#CONFIG_DRIVER_PRISM54=y
+
+# Driver interface for ndiswrapper
+#CONFIG_DRIVER_NDISWRAPPER=y
+
+# Driver interface for Atmel driver
+CONFIG_DRIVER_ATMEL=y
+
+# Driver interface for Broadcom driver
+#CONFIG_DRIVER_BROADCOM=y
+# Example path for wlioctl.h; change to match your configuration
+#CFLAGS += -I/opt/WRT54GS/release/src/include
+
+# Driver interface for Intel ipw2100/2200 driver
+#CONFIG_DRIVER_IPW=y
+
+# Driver interface for generic Linux wireless extensions
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for development testing
+#CONFIG_DRIVER_TEST=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
+# save about 1 kB in code size when building only WPA-Personal (no EAP support)
+# or 6 kB if building for WPA-Enterprise.
+#CONFIG_NO_WPA2=y
+
+# Remove AES extra functions. This can be used to reduce code size by about
+# 1.5 kB by removing extra AES modes that are not needed for commonly used
+# client configurations (they are needed for some EAP types).
+#CONFIG_NO_AES_EXTRAS=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operatins system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+# eloop_none = Empty template
+#CONFIG_ELOOP=eloop
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
+# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
+# even though the core GnuTLS library is released under LGPL, this extra
+# library uses GPL and as such, the terms of GPL apply to the combination
+# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
+# apply for distribution of the resulting binary.
+#CONFIG_GNUTLS_EXTRA=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for DBus control interface
+#CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# Include client MLME (management frame processing).
+# This can be used to move MLME processing of Devicescape IEEE 802.11 stack
+# into user space.
+#CONFIG_CLIENT_MLME=y
+# Currently, driver_devicescape.c build requires some additional parameters
+# to be able to include some of the kernel header files. Following lines can
+# be used to set these (WIRELESS_DEV must point to the root directory of the
+# wireless-dev.git tree).
+#WIRELESS_DEV=/usr/src/wireless-dev
+#CFLAGS += -I$(WIRELESS_DEV)/net/mac80211
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
--- /dev/null
+/*
+ * WPA Supplicant - Common definitions
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DEFS_H
+#define DEFS_H
+
+#ifdef FALSE
+#undef FALSE
+#endif
+#ifdef TRUE
+#undef TRUE
+#endif
+typedef enum { FALSE = 0, TRUE = 1 } Boolean;
+
+
+typedef enum { WPA_ALG_NONE, WPA_ALG_WEP, WPA_ALG_TKIP, WPA_ALG_CCMP,
+ WPA_ALG_IGTK, WPA_ALG_DHV } wpa_alg;
+typedef enum { CIPHER_NONE, CIPHER_WEP40, CIPHER_TKIP, CIPHER_CCMP,
+ CIPHER_WEP104 } wpa_cipher;
+typedef enum { KEY_MGMT_802_1X, KEY_MGMT_PSK, KEY_MGMT_NONE,
+ KEY_MGMT_802_1X_NO_WPA, KEY_MGMT_WPA_NONE } wpa_key_mgmt;
+
+/**
+ * enum wpa_states - wpa_supplicant state
+ *
+ * These enumeration values are used to indicate the current wpa_supplicant
+ * state (wpa_s->wpa_state). The current state can be retrieved with
+ * wpa_supplicant_get_state() function and the state can be changed by calling
+ * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
+ * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
+ * to access the state variable.
+ */
+typedef enum {
+ /**
+ * WPA_DISCONNECTED - Disconnected state
+ *
+ * This state indicates that client is not associated, but is likely to
+ * start looking for an access point. This state is entered when a
+ * connection is lost.
+ */
+ WPA_DISCONNECTED,
+
+ /**
+ * WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
+ *
+ * This state is entered if there are no enabled networks in the
+ * configuration. wpa_supplicant is not trying to associate with a new
+ * network and external interaction (e.g., ctrl_iface call to add or
+ * enable a network) is needed to start association.
+ */
+ WPA_INACTIVE,
+
+ /**
+ * WPA_SCANNING - Scanning for a network
+ *
+ * This state is entered when wpa_supplicant starts scanning for a
+ * network.
+ */
+ WPA_SCANNING,
+
+ /**
+ * WPA_ASSOCIATING - Trying to associate with a BSS/SSID
+ *
+ * This state is entered when wpa_supplicant has found a suitable BSS
+ * to associate with and the driver is configured to try to associate
+ * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
+ * state is entered when the driver is configured to try to associate
+ * with a network using the configured SSID and security policy.
+ */
+ WPA_ASSOCIATING,
+
+ /**
+ * WPA_ASSOCIATED - Association completed
+ *
+ * This state is entered when the driver reports that association has
+ * been successfully completed with an AP. If IEEE 802.1X is used
+ * (with or without WPA/WPA2), wpa_supplicant remains in this state
+ * until the IEEE 802.1X/EAPOL authentication has been completed.
+ */
+ WPA_ASSOCIATED,
+
+ /**
+ * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
+ *
+ * This state is entered when WPA/WPA2 4-Way Handshake is started. In
+ * case of WPA-PSK, this happens when receiving the first EAPOL-Key
+ * frame after association. In case of WPA-EAP, this state is entered
+ * when the IEEE 802.1X/EAPOL authentication has been completed.
+ */
+ WPA_4WAY_HANDSHAKE,
+
+ /**
+ * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
+ *
+ * This state is entered when 4-Way Key Handshake has been completed
+ * (i.e., when the supplicant sends out message 4/4) and when Group
+ * Key rekeying is started by the AP (i.e., when supplicant receives
+ * message 1/2).
+ */
+ WPA_GROUP_HANDSHAKE,
+
+ /**
+ * WPA_COMPLETED - All authentication completed
+ *
+ * This state is entered when the full authentication process is
+ * completed. In case of WPA2, this happens when the 4-Way Handshake is
+ * successfully completed. With WPA, this state is entered after the
+ * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
+ * completed after dynamic keys are received (or if not used, after
+ * the EAP authentication has been completed). With static WEP keys and
+ * plaintext connections, this state is entered when an association
+ * has been completed.
+ *
+ * This state indicates that the supplicant has completed its
+ * processing for the association phase and that data connection is
+ * fully configured.
+ */
+ WPA_COMPLETED
+} wpa_states;
+
+#define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0
+#define MLME_SETPROTECTION_PROTECT_TYPE_RX 1
+#define MLME_SETPROTECTION_PROTECT_TYPE_TX 2
+#define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3
+
+#define MLME_SETPROTECTION_KEY_TYPE_GROUP 0
+#define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1
+
+#endif /* DEFS_H */
--- /dev/null
+/*
+ * DES and 3DES-EDE ciphers
+ *
+ * Modifications to LibTomCrypt implementation:
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+
+
+#ifdef INTERNAL_DES
+
+/*
+ * This implementation is based on a DES implementation included in
+ * LibTomCrypt. The version here is modified to fit in wpa_supplicant/hostapd
+ * coding style.
+ */
+
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/**
+ DES code submitted by Dobes Vandermeer
+*/
+
+#define ROLc(x, y) \
+ ((((unsigned long) (x) << (unsigned long) ((y) & 31)) | \
+ (((unsigned long) (x) & 0xFFFFFFFFUL) >> \
+ (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
+#define RORc(x, y) \
+ (((((unsigned long) (x) & 0xFFFFFFFFUL) >> \
+ (unsigned long) ((y) & 31)) | \
+ ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & \
+ 0xFFFFFFFFUL)
+
+
+static const u32 bytebit[8] =
+{
+ 0200, 0100, 040, 020, 010, 04, 02, 01
+};
+
+static const u32 bigbyte[24] =
+{
+ 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL,
+ 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL,
+ 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL,
+ 0x800UL, 0x400UL, 0x200UL, 0x100UL,
+ 0x80UL, 0x40UL, 0x20UL, 0x10UL,
+ 0x8UL, 0x4UL, 0x2UL, 0x1L
+};
+
+/* Use the key schedule specific in the standard (ANSI X3.92-1981) */
+
+static const u8 pc1[56] = {
+ 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
+ 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
+ 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
+ 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
+};
+
+static const u8 totrot[16] = {
+ 1, 2, 4, 6,
+ 8, 10, 12, 14,
+ 15, 17, 19, 21,
+ 23, 25, 27, 28
+};
+
+static const u8 pc2[48] = {
+ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
+ 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
+ 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
+ 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
+};
+
+
+static const u32 SP1[64] =
+{
+ 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL,
+ 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL,
+ 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL,
+ 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL,
+ 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL,
+ 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL,
+ 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL,
+ 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL,
+ 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL,
+ 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL,
+ 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL,
+ 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL,
+ 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL,
+ 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL,
+ 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL,
+ 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL
+};
+
+static const u32 SP2[64] =
+{
+ 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL,
+ 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL,
+ 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL,
+ 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL,
+ 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL,
+ 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL,
+ 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL,
+ 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL,
+ 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL,
+ 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL,
+ 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL,
+ 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL,
+ 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL,
+ 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL,
+ 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL,
+ 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL
+};
+
+static const u32 SP3[64] =
+{
+ 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL,
+ 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL,
+ 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL,
+ 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL,
+ 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL,
+ 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL,
+ 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL,
+ 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL,
+ 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL,
+ 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL,
+ 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL,
+ 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL,
+ 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL,
+ 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL,
+ 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL,
+ 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL
+};
+
+static const u32 SP4[64] =
+{
+ 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL,
+ 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL,
+ 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL,
+ 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL,
+ 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL,
+ 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL,
+ 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL,
+ 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL,
+ 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL,
+ 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL,
+ 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL,
+ 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL,
+ 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL,
+ 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL,
+ 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL,
+ 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL
+};
+
+static const u32 SP5[64] =
+{
+ 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL,
+ 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL,
+ 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL,
+ 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL,
+ 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL,
+ 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL,
+ 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL,
+ 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL,
+ 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL,
+ 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL,
+ 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL,
+ 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL,
+ 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL,
+ 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL,
+ 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL,
+ 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL
+};
+
+static const u32 SP6[64] =
+{
+ 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL,
+ 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL,
+ 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL,
+ 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL,
+ 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL,
+ 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL,
+ 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL,
+ 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL,
+ 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL,
+ 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL,
+ 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL,
+ 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL,
+ 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL,
+ 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL,
+ 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL,
+ 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL
+};
+
+static const u32 SP7[64] =
+{
+ 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL,
+ 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL,
+ 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL,
+ 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL,
+ 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL,
+ 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL,
+ 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL,
+ 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL,
+ 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL,
+ 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL,
+ 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL,
+ 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL,
+ 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL,
+ 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL,
+ 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL,
+ 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL
+};
+
+static const u32 SP8[64] =
+{
+ 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL,
+ 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL,
+ 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL,
+ 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL,
+ 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL,
+ 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL,
+ 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL,
+ 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL,
+ 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL,
+ 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL,
+ 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL,
+ 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL,
+ 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL,
+ 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL,
+ 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL,
+ 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL
+};
+
+
+static void cookey(const u32 *raw1, u32 *keyout)
+{
+ u32 *cook;
+ const u32 *raw0;
+ u32 dough[32];
+ int i;
+
+ cook = dough;
+ for (i = 0; i < 16; i++, raw1++) {
+ raw0 = raw1++;
+ *cook = (*raw0 & 0x00fc0000L) << 6;
+ *cook |= (*raw0 & 0x00000fc0L) << 10;
+ *cook |= (*raw1 & 0x00fc0000L) >> 10;
+ *cook++ |= (*raw1 & 0x00000fc0L) >> 6;
+ *cook = (*raw0 & 0x0003f000L) << 12;
+ *cook |= (*raw0 & 0x0000003fL) << 16;
+ *cook |= (*raw1 & 0x0003f000L) >> 4;
+ *cook++ |= (*raw1 & 0x0000003fL);
+ }
+
+ os_memcpy(keyout, dough, sizeof(dough));
+}
+
+
+static void deskey(const u8 *key, int decrypt, u32 *keyout)
+{
+ u32 i, j, l, m, n, kn[32];
+ u8 pc1m[56], pcr[56];
+
+ for (j = 0; j < 56; j++) {
+ l = (u32) pc1[j];
+ m = l & 7;
+ pc1m[j] = (u8)
+ ((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0);
+ }
+
+ for (i = 0; i < 16; i++) {
+ if (decrypt)
+ m = (15 - i) << 1;
+ else
+ m = i << 1;
+ n = m + 1;
+ kn[m] = kn[n] = 0L;
+ for (j = 0; j < 28; j++) {
+ l = j + (u32) totrot[i];
+ if (l < 28)
+ pcr[j] = pc1m[l];
+ else
+ pcr[j] = pc1m[l - 28];
+ }
+ for (/* j = 28 */; j < 56; j++) {
+ l = j + (u32) totrot[i];
+ if (l < 56)
+ pcr[j] = pc1m[l];
+ else
+ pcr[j] = pc1m[l - 28];
+ }
+ for (j = 0; j < 24; j++) {
+ if ((int) pcr[(int) pc2[j]] != 0)
+ kn[m] |= bigbyte[j];
+ if ((int) pcr[(int) pc2[j + 24]] != 0)
+ kn[n] |= bigbyte[j];
+ }
+ }
+
+ cookey(kn, keyout);
+}
+
+
+static void desfunc(u32 *block, const u32 *keys)
+{
+ u32 work, right, leftt;
+ int cur_round;
+
+ leftt = block[0];
+ right = block[1];
+
+ work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
+ right ^= work;
+ leftt ^= (work << 4);
+
+ work = ((leftt >> 16) ^ right) & 0x0000ffffL;
+ right ^= work;
+ leftt ^= (work << 16);
+
+ work = ((right >> 2) ^ leftt) & 0x33333333L;
+ leftt ^= work;
+ right ^= (work << 2);
+
+ work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
+ leftt ^= work;
+ right ^= (work << 8);
+
+ right = ROLc(right, 1);
+ work = (leftt ^ right) & 0xaaaaaaaaL;
+
+ leftt ^= work;
+ right ^= work;
+ leftt = ROLc(leftt, 1);
+
+ for (cur_round = 0; cur_round < 8; cur_round++) {
+ work = RORc(right, 4) ^ *keys++;
+ leftt ^= SP7[work & 0x3fL]
+ ^ SP5[(work >> 8) & 0x3fL]
+ ^ SP3[(work >> 16) & 0x3fL]
+ ^ SP1[(work >> 24) & 0x3fL];
+ work = right ^ *keys++;
+ leftt ^= SP8[ work & 0x3fL]
+ ^ SP6[(work >> 8) & 0x3fL]
+ ^ SP4[(work >> 16) & 0x3fL]
+ ^ SP2[(work >> 24) & 0x3fL];
+
+ work = RORc(leftt, 4) ^ *keys++;
+ right ^= SP7[ work & 0x3fL]
+ ^ SP5[(work >> 8) & 0x3fL]
+ ^ SP3[(work >> 16) & 0x3fL]
+ ^ SP1[(work >> 24) & 0x3fL];
+ work = leftt ^ *keys++;
+ right ^= SP8[ work & 0x3fL]
+ ^ SP6[(work >> 8) & 0x3fL]
+ ^ SP4[(work >> 16) & 0x3fL]
+ ^ SP2[(work >> 24) & 0x3fL];
+ }
+
+ right = RORc(right, 1);
+ work = (leftt ^ right) & 0xaaaaaaaaL;
+ leftt ^= work;
+ right ^= work;
+ leftt = RORc(leftt, 1);
+ work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
+ right ^= work;
+ leftt ^= (work << 8);
+ /* -- */
+ work = ((leftt >> 2) ^ right) & 0x33333333L;
+ right ^= work;
+ leftt ^= (work << 2);
+ work = ((right >> 16) ^ leftt) & 0x0000ffffL;
+ leftt ^= work;
+ right ^= (work << 16);
+ work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
+ leftt ^= work;
+ right ^= (work << 4);
+
+ block[0] = right;
+ block[1] = leftt;
+}
+
+
+/* wpa_supplicant/hostapd specific wrapper */
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ u8 pkey[8], next, tmp;
+ int i;
+ u32 ek[32], work[2];
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ pkey[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ pkey[i] = next | 1;
+
+ deskey(pkey, 0, ek);
+
+ work[0] = WPA_GET_BE32(clear);
+ work[1] = WPA_GET_BE32(clear + 4);
+ desfunc(work, ek);
+ WPA_PUT_BE32(cypher, work[0]);
+ WPA_PUT_BE32(cypher + 4, work[1]);
+}
+
+
+struct des3_key_s {
+ u32 ek[3][32];
+ u32 dk[3][32];
+};
+
+void des3_key_setup(const u8 *key, struct des3_key_s *dkey)
+{
+ deskey(key, 0, dkey->ek[0]);
+ deskey(key + 8, 1, dkey->ek[1]);
+ deskey(key + 16, 0, dkey->ek[2]);
+
+ deskey(key, 1, dkey->dk[2]);
+ deskey(key + 8, 0, dkey->dk[1]);
+ deskey(key + 16, 1, dkey->dk[0]);
+}
+
+
+void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt)
+{
+ u32 work[2];
+
+ work[0] = WPA_GET_BE32(plain);
+ work[1] = WPA_GET_BE32(plain + 4);
+ desfunc(work, key->ek[0]);
+ desfunc(work, key->ek[1]);
+ desfunc(work, key->ek[2]);
+ WPA_PUT_BE32(crypt, work[0]);
+ WPA_PUT_BE32(crypt + 4, work[1]);
+}
+
+
+void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain)
+{
+ u32 work[2];
+
+ work[0] = WPA_GET_BE32(crypt);
+ work[1] = WPA_GET_BE32(crypt + 4);
+ desfunc(work, key->dk[0]);
+ desfunc(work, key->dk[1]);
+ desfunc(work, key->dk[2]);
+ WPA_PUT_BE32(plain, work[0]);
+ WPA_PUT_BE32(plain + 4, work[1]);
+}
+
+#endif /* INTERNAL_DES */
--- /dev/null
+html
+latex
+wpa_supplicant.eps
+wpa_supplicant.png
--- /dev/null
+/**
+\page code_structure Structure of the source code
+
+[ \ref wpa_supplicant_core "wpa_supplicant core functionality" |
+\ref generic_helper_func "Generic helper functions" |
+\ref crypto_func "Cryptographic functions" |
+\ref configuration "Configuration" |
+\ref ctrl_iface "Control interface" |
+\ref wpa_code "WPA supplicant" |
+\ref eap_peer "EAP peer" |
+\ref eapol_supp "EAPOL supplicant" |
+\ref win_port "Windows port" |
+\ref test_programs "Test programs" ]
+
+%wpa_supplicant implementation is divided into number of independent
+modules. Core code includes functionality for controlling the network
+selection, association, and configuration. Independent modules include
+WPA code (key handshake, PMKSA caching, pre-authentication), EAPOL
+state machine, and EAP state machine and methods. In addition, there
+are number of separate files for generic helper functions.
+
+Both WPA and EAPOL/EAP state machines can be used separately in other
+programs than %wpa_supplicant. As an example, the included test
+programs eapol_test and preauth_test are using these modules.
+
+\ref driver_wrapper "Driver interface API" is defined in driver.h and
+all hardware/driver dependent functionality is implemented in
+driver_*.c.
+
+
+\section wpa_supplicant_core wpa_supplicant core functionality
+
+wpa_supplicant.c
+ Program initialization, main control loop
+
+main.c
+ main() for UNIX-like operating systems and MinGW (Windows); this
+ uses command line arguments to configure wpa_supplicant
+
+events.c
+ Driver event processing; wpa_supplicant_event() and related functions
+
+wpa_supplicant_i.h
+ Internal definitions for %wpa_supplicant core; should not be
+ included into independent modules
+
+wpa_supplicant.h
+ Definitions for driver event data and message logging
+
+
+\section generic_helper_func Generic helper functions
+
+%wpa_supplicant uses generic helper functions some of which are shared
+with with hostapd. The following C files are currently used:
+
+eloop.c and eloop.h
+ Event loop (select() loop with registerable timeouts, socket read
+ callbacks, and signal callbacks)
+
+common.c and common.h
+ Common helper functions
+
+defs.h
+ Definitions shared by multiple files
+
+l2_packet.h, l2_packet_linux.c, and l2_packet_pcap.c
+ Layer 2 (link) access wrapper (includes native Linux implementation
+ and wrappers for libdnet/libpcap). A new l2_packet implementation
+ may need to be added when porting to new operating systems that are
+ not supported by libdnet/libpcap. Makefile can be used to select which
+ l2_packet implementation is included. l2_packet_linux.c uses Linux
+ packet sockets and l2_packet_pcap.c has a more portable version using
+ libpcap and libdnet.
+
+pcsc_funcs.c and pcsc_funcs.h
+ Wrapper for PC/SC lite SIM and smart card readers
+
+priv_netlink.h
+ Private version of netlink definitions from Linux kernel header files;
+ this could be replaced with C library header file once suitable
+ version becomes commonly available
+
+version.h
+ Version number definitions
+
+wireless_copy.h
+ Private version of Linux wireless extensions definitions from kernel
+ header files; this could be replaced with C library header file once
+ suitable version becomes commonly available
+
+
+\section crypto_func Cryptographic functions
+
+md5.c and md5.h
+ MD5 (replaced with a crypto library if TLS support is included)
+ HMAC-MD5 (keyed checksum for message authenticity validation)
+
+rc4.c and rc4.h
+ RC4 (broadcast/default key encryption)
+
+sha1.c and sha1.h
+ SHA-1 (replaced with a crypto library if TLS support is included)
+ HMAC-SHA-1 (keyed checksum for message authenticity validation)
+ PRF-SHA-1 (pseudorandom (key/nonce generation) function)
+ PBKDF2-SHA-1 (ASCII passphrase to shared secret)
+ T-PRF (for EAP-FAST)
+ TLS-PRF (RFC 2246)
+
+aes_wrap.c, aes_wrap.h, aes.c
+ AES (replaced with a crypto library if TLS support is included),
+ AES Key Wrap Algorithm with 128-bit KEK, RFC3394 (broadcast/default
+ key encryption),
+ One-Key CBC MAC (OMAC1) hash with AES-128,
+ AES-128 CTR mode encryption,
+ AES-128 EAX mode encryption/decryption,
+ AES-128 CBC
+
+crypto.h
+ Definition of crypto library wrapper
+
+crypto.c
+ Wrapper functions for libcrypto (OpenSSL)
+
+crypto_gnutls.c
+ Wrapper functions for libgcrypt (used by GnuTLS)
+
+ms_funcs.c and ms_funcs.h
+ Helper functions for MSCHAPV2 and LEAP
+
+tls.h
+ Definition of TLS library wrapper
+
+tls_none.c
+ Dummy implementation of TLS library wrapper for cases where TLS
+ functionality is not included.
+
+tls_openssl.c
+ TLS library wrapper for openssl
+
+tls_gnutls.c
+ TLS library wrapper for GnuTLS
+
+
+\section configuration Configuration
+
+config_ssid.h
+ Definition of per network configuration items
+
+config.h
+ Definition of the %wpa_supplicant configuration
+
+config.c
+ Configuration parser and common functions
+
+config_file.c
+ Configuration backend for text files (e.g., wpa_supplicant.conf)
+
+
+\section ctrl_iface Control interface
+
+%wpa_supplicant has a \ref ctrl_iface_page "control interface"
+that can be used to get status
+information and manage operations from external programs. An example
+command line interface (wpa_cli) and GUI (wpa_gui) for this interface
+are included in the %wpa_supplicant distribution.
+
+ctrl_iface.c and ctrl_iface.h
+ %wpa_supplicant-side of the control interface
+
+wpa_ctrl.c and wpa_ctrl.h
+ Library functions for external programs to provide access to the
+ %wpa_supplicant control interface
+
+wpa_cli.c
+ Example program for using %wpa_supplicant control interface
+
+
+\section wpa_code WPA supplicant
+
+wpa.c and wpa.h
+ WPA state machine and 4-Way/Group Key Handshake processing
+
+preauth.c and preauth.h
+ PMKSA caching and pre-authentication (RSN/WPA2)
+
+wpa_i.h
+ Internal definitions for WPA code; not to be included to other modules.
+
+\section eap_peer EAP peer
+
+\ref eap_module "EAP peer implementation" is a separate module that
+can be used by other programs than just %wpa_supplicant.
+
+eap.c and eap.h
+ EAP state machine and method interface
+
+eap_defs.h
+ Common EAP definitions
+
+eap_i.h
+ Internal definitions for EAP state machine and EAP methods; not to be
+ included in other modules
+
+eap_sim_common.c and eap_sim_common.h
+ Common code for EAP-SIM and EAP-AKA
+
+eap_tls_common.c and eap_tls_common.h
+ Common code for EAP-PEAP, EAP-TTLS, and EAP-FAST
+
+eap_tlv.c and eap_tlv.h
+ EAP-TLV code for EAP-PEAP and EAP-FAST
+
+eap_ttls.c and eap_ttls.h
+ EAP-TTLS
+
+eap_pax.c, eap_pax_common.h, eap_pax_common.c
+ EAP-PAX
+
+eap_psk.c, eap_psk_common.h, eap_psk_common.c
+ EAP-PSK (note: this is not needed for WPA-PSK)
+
+eap_sake.c, eap_sake_common.h, eap_sake_common.c
+ EAP-SAKE
+
+eap_gpsk.c, eap_gpsk_common.h, eap_gpsk_common.c
+ EAP-GPSK
+
+eap_aka.c, eap_fast.c, eap_gtc.c, eap_leap.c, eap_md5.c, eap_mschapv2.c,
+eap_otp.c, eap_peap.c, eap_sim.c, eap_tls.c
+ Other EAP method implementations
+
+
+\section eapol_supp EAPOL supplicant
+
+eapol_sm.c and eapol_sm.h
+ EAPOL supplicant state machine and IEEE 802.1X processing
+
+
+\section win_port Windows port
+
+ndis_events.cpp
+ External program for receiving NdisMIndicateStatus() events and
+ delivering them to %wpa_supplicant in more easier to use form
+
+win_if_list.c
+ External program for listing current network interface
+
+
+\section test_programs Test programs
+
+radius_client.c and radius_client.h
+ RADIUS authentication client implementation for eapol_test
+
+radius.c and radius.h
+ RADIUS message processing for eapol_test
+
+config_types.h and hostapd.h
+ Minimal version of hostapd header files for eapol_test
+
+eapol_test.c
+ Standalone EAP testing tool with integrated RADIUS authentication
+ client
+
+preauth_test.c
+ Standalone RSN pre-authentication tool
+
+wpa_passphrase.c
+ WPA ASCII passphrase to PSK conversion
+
+*/
--- /dev/null
+/**
+\page ctrl_iface_page Control interface
+
+%wpa_supplicant implements a control interface that can be used by
+external programs to control the operations of the %wpa_supplicant
+daemon and to get status information and event notifications. There is
+a small C library, in a form of a single C file, wpa_ctrl.c, that
+provides helper functions to facilitate the use of the control
+interface. External programs can link this file into them and then use
+the library functions documented in wpa_ctrl.h to interact with
+%wpa_supplicant. This library can also be used with C++. wpa_cli.c and
+wpa_gui are example programs using this library.
+
+There are multiple mechanisms for inter-process communication. For
+example, Linux version of %wpa_supplicant is using UNIX domain sockets
+for the control interface and Windows version UDP sockets. The use of
+the functions defined in wpa_ctrl.h can be used to hide the details of
+the used IPC from external programs.
+
+
+\section using_ctrl_iface Using the control interface
+
+External programs, e.g., a GUI or a configuration utility, that need to
+communicate with %wpa_supplicant should link in wpa_ctrl.c. This
+allows them to use helper functions to open connection to the control
+interface with wpa_ctrl_open() and to send commands with
+wpa_ctrl_request().
+
+%wpa_supplicant uses the control interface for two types of communication:
+commands and unsolicited event messages. Commands are a pair of
+messages, a request from the external program and a response from
+%wpa_supplicant. These can be executed using wpa_ctrl_request().
+Unsolicited event messages are sent by %wpa_supplicant to the control
+interface connection without specific request from the external program
+for receiving each message. However, the external program needs to
+attach to the control interface with wpa_ctrl_attach() to receive these
+unsolicited messages.
+
+If the control interface connection is used both for commands and
+unsolicited event messages, there is potential for receiving an
+unsolicited message between the command request and response.
+wpa_ctrl_request() caller will need to supply a callback, msg_cb,
+for processing these messages. Often it is easier to open two
+control interface connections by calling wpa_ctrl_open() twice and
+then use one of the connections for commands and the other one for
+unsolicited messages. This way command request/response pairs will
+not be broken by unsolicited messages. wpa_cli is an example of how
+to use only one connection for both purposes and wpa_gui demonstrates
+how to use two separate connections.
+
+Once the control interface connection is not needed anymore, it should
+be closed by calling wpa_ctrl_close(). If the connection was used for
+unsolicited event messages, it should be first detached by calling
+wpa_ctrl_detach().
+
+
+\section ctrl_iface_cmds Control interface commands
+
+Following commands can be used with wpa_ctrl_request():
+
+\subsection ctrl_iface_PING PING
+
+This command can be used to test whether %wpa_supplicant is replying
+to the control interface commands. The expected reply is \c PONG if the
+connection is open and %wpa_supplicant is processing commands.
+
+
+\subsection ctrl_iface_MIB MIB
+
+Request a list of MIB variables (dot1x, dot11). The output is a text
+block with each line in \c variable=value format. For example:
+
+\verbatim
+dot11RSNAOptionImplemented=TRUE
+dot11RSNAPreauthenticationImplemented=TRUE
+dot11RSNAEnabled=FALSE
+dot11RSNAPreauthenticationEnabled=FALSE
+dot11RSNAConfigVersion=1
+dot11RSNAConfigPairwiseKeysSupported=5
+dot11RSNAConfigGroupCipherSize=128
+dot11RSNAConfigPMKLifetime=43200
+dot11RSNAConfigPMKReauthThreshold=70
+dot11RSNAConfigNumberOfPTKSAReplayCounters=1
+dot11RSNAConfigSATimeout=60
+dot11RSNAAuthenticationSuiteSelected=00-50-f2-2
+dot11RSNAPairwiseCipherSelected=00-50-f2-4
+dot11RSNAGroupCipherSelected=00-50-f2-4
+dot11RSNAPMKIDUsed=
+dot11RSNAAuthenticationSuiteRequested=00-50-f2-2
+dot11RSNAPairwiseCipherRequested=00-50-f2-4
+dot11RSNAGroupCipherRequested=00-50-f2-4
+dot11RSNAConfigNumberOfGTKSAReplayCounters=0
+dot11RSNA4WayHandshakeFailures=0
+dot1xSuppPaeState=5
+dot1xSuppHeldPeriod=60
+dot1xSuppAuthPeriod=30
+dot1xSuppStartPeriod=30
+dot1xSuppMaxStart=3
+dot1xSuppSuppControlledPortStatus=Authorized
+dot1xSuppBackendPaeState=2
+dot1xSuppEapolFramesRx=0
+dot1xSuppEapolFramesTx=440
+dot1xSuppEapolStartFramesTx=2
+dot1xSuppEapolLogoffFramesTx=0
+dot1xSuppEapolRespFramesTx=0
+dot1xSuppEapolReqIdFramesRx=0
+dot1xSuppEapolReqFramesRx=0
+dot1xSuppInvalidEapolFramesRx=0
+dot1xSuppEapLengthErrorFramesRx=0
+dot1xSuppLastEapolFrameVersion=0
+dot1xSuppLastEapolFrameSource=00:00:00:00:00:00
+\endverbatim
+
+
+\subsection ctrl_iface_STATUS STATUS
+
+Request current WPA/EAPOL/EAP status information. The output is a text
+block with each line in \c variable=value format. For example:
+
+\verbatim
+bssid=02:00:01:02:03:04
+ssid=test network
+pairwise_cipher=CCMP
+group_cipher=CCMP
+key_mgmt=WPA-PSK
+wpa_state=COMPLETED
+ip_address=192.168.1.21
+Supplicant PAE state=AUTHENTICATED
+suppPortStatus=Authorized
+EAP state=SUCCESS
+\endverbatim
+
+
+\subsection ctrl_iface_STATUS-VERBOSE STATUS-VERBOSE
+
+Same as STATUS, but with more verbosity (i.e., more \c variable=value pairs).
+
+\verbatim
+bssid=02:00:01:02:03:04
+ssid=test network
+id=0
+pairwise_cipher=CCMP
+group_cipher=CCMP
+key_mgmt=WPA-PSK
+wpa_state=COMPLETED
+ip_address=192.168.1.21
+Supplicant PAE state=AUTHENTICATED
+suppPortStatus=Authorized
+heldPeriod=60
+authPeriod=30
+startPeriod=30
+maxStart=3
+portControl=Auto
+Supplicant Backend state=IDLE
+EAP state=SUCCESS
+reqMethod=0
+methodState=NONE
+decision=COND_SUCC
+ClientTimeout=60
+\endverbatim
+
+
+\subsection ctrl_iface_PMKSA PMKSA
+
+Show PMKSA cache
+
+\verbatim
+Index / AA / PMKID / expiration (in seconds) / opportunistic
+1 / 02:00:01:02:03:04 / 000102030405060708090a0b0c0d0e0f / 41362 / 0
+2 / 02:00:01:33:55:77 / 928389281928383b34afb34ba4212345 / 362 / 1
+\endverbatim
+
+
+\subsection ctrl_iface_SET SET <variable> <value>
+
+Set variables:
+- EAPOL::heldPeriod
+- EAPOL::authPeriod
+- EAPOL::startPeriod
+- EAPOL::maxStart
+- dot11RSNAConfigPMKLifetime
+- dot11RSNAConfigPMKReauthThreshold
+- dot11RSNAConfigSATimeout
+
+Example command:
+\verbatim
+SET EAPOL::heldPeriod 45
+\endverbatim
+
+
+\subsection ctrl_iface_LOGON LOGON
+
+IEEE 802.1X EAPOL state machine logon.
+
+
+\subsection ctrl_iface_LOGOFF LOGOFF
+
+IEEE 802.1X EAPOL state machine logoff.
+
+
+\subsection ctrl_iface_REASSOCIATE REASSOCIATE
+
+Force reassociation.
+
+
+\subsection ctrl_iface_RECONNECT RECONNECT
+
+Connect if disconnected (i.e., like \c REASSOCIATE, but only connect
+if in disconnected state).
+
+
+\subsection ctrl_iface_PREAUTH PREAUTH <BSSID>
+
+Start pre-authentication with the given BSSID.
+
+
+\subsection ctrl_iface_ATTACH ATTACH
+
+Attach the connection as a monitor for unsolicited events. This can
+be done with wpa_ctrl_attach().
+
+
+\subsection ctrl_iface_DETACH DETACH
+
+Detach the connection as a monitor for unsolicited events. This can
+be done with wpa_ctrl_detach().
+
+
+\subsection ctrl_iface_LEVEL LEVEL <debug level>
+
+Change debug level.
+
+
+\subsection ctrl_iface_RECONFIGURE RECONFIGURE
+
+Force %wpa_supplicant to re-read its configuration data.
+
+
+\subsection ctrl_iface_TERMINATE TERMINATE
+
+Terminate %wpa_supplicant process.
+
+
+\subsection ctrl_iface_BSSID BSSID <network id> <BSSID>
+
+Set preferred BSSID for a network. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_LIST_NETWORKS LIST_NETWORKS
+
+List configured networks.
+
+\verbatim
+network id / ssid / bssid / flags
+0 example network any [CURRENT]
+\endverbatim
+
+(note: fields are separated with tabs)
+
+
+\subsection ctrl_iface_DISCONNECT DISCONNECT
+
+Disconnect and wait for \c REASSOCIATE or \c RECONNECT command before
+connecting.
+
+
+\subsection ctrl_iface_SCAN SCAN
+
+Request a new BSS scan.
+
+
+\subsection ctrl_iface_SCAN_RESULTS SCAN_RESULTS
+
+Get the latest scan results.
+
+\verbatim
+bssid / frequency / signal level / flags / ssid
+00:09:5b:95:e0:4e 2412 208 [WPA-PSK-CCMP] jkm private
+02:55:24:33:77:a3 2462 187 [WPA-PSK-TKIP] testing
+00:09:5b:95:e0:4f 2412 209 jkm guest
+\endverbatim
+
+(note: fields are separated with tabs)
+
+
+\subsection ctrl_iface_SELECT_NETWORK SELECT_NETWORK <network id>
+
+Select a network (disable others). Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_ENABLE_NETWORK ENABLE_NETWORK <network id>
+
+Enable a network. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_DISABLE_NETWORK DISABLE_NETWORK <network id>
+
+Disable a network. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_ADD_NETWORK ADD_NETWORK
+
+Add a new network. This command creates a new network with empty
+configuration. The new network is disabled and once it has been
+configured it can be enabled with \c ENABLE_NETWORK command. \c ADD_NETWORK
+returns the network id of the new network or FAIL on failure.
+
+
+\subsection ctrl_iface_REMOVE_NETWORK REMOVE_NETWORK <network id>
+
+Remove a network. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_SET_NETWORK SET_NETWORK <network id> <variable> <value>
+
+Set network variables. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+This command uses the same variables and data formats as the
+configuration file. See example wpa_supplicant.conf for more details.
+
+- ssid (network name, SSID)
+- psk (WPA passphrase or pre-shared key)
+- key_mgmt (key management protocol)
+- identity (EAP identity)
+- password (EAP password)
+- ...
+
+
+\subsection ctrl_iface_GET_NETWORK GET_NETWORK <network id> <variable>
+
+Get network variables. Network id can be received from the
+\c LIST_NETWORKS command output.
+
+
+\subsection ctrl_iface_SAVE_CONFIG SAVE_CONFIG
+
+Save the current configuration.
+
+
+\section ctrl_iface_interactive Interactive requests
+
+If %wpa_supplicant needs additional information during authentication
+(e.g., password), it will use a specific prefix, \c CTRL-REQ-
+(\a WPA_CTRL_REQ macro) in an unsolicited event message. An external
+program, e.g., a GUI, can provide such information by using
+\c CTRL-RSP- (\a WPA_CTRL_RSP macro) prefix in a command with matching
+field name.
+
+The following fields can be requested in this way from the user:
+- IDENTITY (EAP identity/user name)
+- PASSWORD (EAP password)
+- NEW_PASSWORD (New password if the server is requesting password change)
+- PIN (PIN code for accessing a SIM or smartcard)
+- OTP (one-time password; like password, but the value is used only once)
+- PASSPHRASE (passphrase for a private key file)
+
+\verbatim
+CTRL-REQ-<field name>-<network id>-<human readable text>
+CTRL-RSP-<field name>-<network id>-<value>
+\endverbatim
+
+For example, request from %wpa_supplicant:
+\verbatim
+CTRL-REQ-PASSWORD-1-Password needed for SSID test-network
+\endverbatim
+
+And a matching reply from the GUI:
+\verbatim
+CTRL-RSP-PASSWORD-1-secret
+\endverbatim
+
+
+\subsection ctrl_iface_GET_CAPABILITY GET_CAPABILITY <option> [strict]
+
+Get list of supported functionality (eap, pairwise, group,
+proto). Supported functionality is shown as space separate lists of
+values used in the same format as in %wpa_supplicant configuration.
+If optional argument, 'strict', is added, only the values that the
+driver claims to explicitly support are included. Without this, all
+available capabilities are included if the driver does not provide
+a mechanism for querying capabilities.
+
+Example request/reply pairs:
+
+\verbatim
+GET_CAPABILITY eap
+AKA FAST GTC LEAP MD5 MSCHAPV2 OTP PAX PEAP PSK SIM TLS TTLS
+\endverbatim
+
+\verbatim
+GET_CAPABILITY pairwise
+CCMP TKIP NONE
+\endverbatim
+
+\verbatim
+GET_CAPABILITY pairwise strict
+\endverbatim
+
+\verbatim
+GET_CAPABILITY group
+CCMP TKIP WEP104 WEP40
+\endverbatim
+
+\verbatim
+GET_CAPABILITY key_mgmt
+WPA-PSK WPA-EAP IEEE8021X NONE
+\endverbatim
+
+\verbatim
+GET_CAPABILITY proto
+RSN WPA
+\endverbatim
+
+\verbatim
+GET_CAPABILITY auth_alg
+OPEN SHARED LEAP
+\endverbatim
+
+
+\subsection ctrl_iface_AP_SCAN AP_SCAN <ap_scan value>
+
+Change ap_scan value:
+0 = no scanning,
+1 = %wpa_supplicant requests scans and uses scan results to select the AP,
+2 = %wpa_supplicant does not use scanning and just requests driver to
+associate and take care of AP selection
+
+
+\subsection ctrl_iface_INTERFACES INTERFACES
+
+List configured interfaces.
+
+\verbatim
+wlan0
+eth0
+\endverbatim
+
+*/
--- /dev/null
+manpage.links
+manpage.refs
+*.8
+*.5
+*.html
+*.pdf
--- /dev/null
+all: man html pdf
+
+FILES += wpa_background
+FILES += wpa_cli
+FILES += wpa_passphrase
+FILES += wpa_supplicant.conf
+FILES += wpa_supplicant
+
+man:
+ for i in $(FILES); do docbook2man $$i.sgml; done
+
+html:
+ for i in $(FILES); do docbook2html $$i.sgml && \
+ mv index.html $$i.html; done
+
+pdf:
+ for i in $(FILES); do docbook2pdf $$i.sgml; done
+
+
+clean:
+ rm -f wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8
+ rm -f wpa_supplicant.conf.5
+ rm -f manpage.links manpage.refs
+ rm -f $(FILES:%=%.pdf)
+ rm -f $(FILES:%=%.html)
--- /dev/null
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WPA_BACKGROUND" "8" "19 February 2008" "" ""
+
+.SH NAME
+wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i
+.SH "WPA"
+.PP
+The original security mechanism of IEEE 802.11 standard was
+not designed to be strong and has proven to be insufficient for
+most networks that require some kind of security. Task group I
+(Security) of IEEE 802.11 working group
+(http://www.ieee802.org/11/) has worked to address the flaws of
+the base standard and has in practice completed its work in May
+2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
+approved in June 2004 and published in July 2004.
+.PP
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
+of the IEEE 802.11i work (draft 3.0) to define a subset of the
+security enhancements that can be implemented with existing wlan
+hardware. This is called Wi-Fi Protected Access<TM> (WPA). This
+has now become a mandatory component of interoperability testing
+and certification done by Wi-Fi Alliance. Wi-Fi provides
+information about WPA at its web site
+(http://www.wi-fi.org/OpenSection/protected_access.asp).
+.PP
+IEEE 802.11 standard defined wired equivalent privacy (WEP)
+algorithm for protecting wireless networks. WEP uses RC4 with
+40-bit keys, 24-bit initialization vector (IV), and CRC32 to
+protect against packet forgery. All these choices have proven to
+be insufficient: key space is too small against current attacks,
+RC4 key scheduling is insufficient (beginning of the pseudorandom
+stream should be skipped), IV space is too small and IV reuse
+makes attacks easier, there is no replay protection, and non-keyed
+authentication does not protect against bit flipping packet
+data.
+.PP
+WPA is an intermediate solution for the security issues. It
+uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
+is a compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+.PP
+Keys can be managed using two different mechanisms. WPA can
+either use an external authentication server (e.g., RADIUS) and
+EAP just like IEEE 802.1X is using or pre-shared keys without need
+for additional servers. Wi-Fi calls these "WPA-Enterprise" and
+"WPA-Personal", respectively. Both mechanisms will generate a
+master session key for the Authenticator (AP) and Supplicant
+(client station).
+.PP
+WPA implements a new key handshake (4-Way Handshake and
+Group Key Handshake) for generating and exchanging data encryption
+keys between the Authenticator and Supplicant. This handshake is
+also used to verify that both Authenticator and Supplicant know
+the master session key. These handshakes are identical regardless
+of the selected key management mechanism (only the method for
+generating master session key changes).
+.SH "IEEE 802.11I / WPA2"
+.PP
+The design for parts of IEEE 802.11i that were not included
+in WPA has finished (May 2004) and this amendment to IEEE 802.11
+was approved in June 2004. Wi-Fi Alliance is using the final IEEE
+802.11i as a new version of WPA called WPA2. This includes, e.g.,
+support for more robust encryption algorithm (CCMP: AES in Counter
+mode with CBC-MAC) to replace TKIP and optimizations for handoff
+(reduced number of messages in initial key handshake,
+pre-authentication, and PMKSA caching).
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2005,
+Jouni Malinen <j@w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+
+<refentry>
+ <refmeta>
+ <refentrytitle>wpa_background</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+ <refnamediv>
+ <refname>wpa_background</refname>
+ <refpurpose>Background information on Wi-Fi Protected Access and IEEE 802.11i</refpurpose>
+ </refnamediv>
+ <refsect1>
+ <title>WPA</title>
+
+ <para>The original security mechanism of IEEE 802.11 standard was
+ not designed to be strong and has proven to be insufficient for
+ most networks that require some kind of security. Task group I
+ (Security) of IEEE 802.11 working group
+ (http://www.ieee802.org/11/) has worked to address the flaws of
+ the base standard and has in practice completed its work in May
+ 2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
+ approved in June 2004 and published in July 2004.</para>
+
+ <para>Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
+ of the IEEE 802.11i work (draft 3.0) to define a subset of the
+ security enhancements that can be implemented with existing wlan
+ hardware. This is called Wi-Fi Protected Access<TM> (WPA). This
+ has now become a mandatory component of interoperability testing
+ and certification done by Wi-Fi Alliance. Wi-Fi provides
+ information about WPA at its web site
+ (http://www.wi-fi.org/OpenSection/protected_access.asp).</para>
+
+ <para>IEEE 802.11 standard defined wired equivalent privacy (WEP)
+ algorithm for protecting wireless networks. WEP uses RC4 with
+ 40-bit keys, 24-bit initialization vector (IV), and CRC32 to
+ protect against packet forgery. All these choices have proven to
+ be insufficient: key space is too small against current attacks,
+ RC4 key scheduling is insufficient (beginning of the pseudorandom
+ stream should be skipped), IV space is too small and IV reuse
+ makes attacks easier, there is no replay protection, and non-keyed
+ authentication does not protect against bit flipping packet
+ data.</para>
+
+ <para>WPA is an intermediate solution for the security issues. It
+ uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
+ is a compromise on strong security and possibility to use existing
+ hardware. It still uses RC4 for the encryption like WEP, but with
+ per-packet RC4 keys. In addition, it implements replay protection,
+ keyed packet authentication mechanism (Michael MIC).</para>
+
+ <para>Keys can be managed using two different mechanisms. WPA can
+ either use an external authentication server (e.g., RADIUS) and
+ EAP just like IEEE 802.1X is using or pre-shared keys without need
+ for additional servers. Wi-Fi calls these "WPA-Enterprise" and
+ "WPA-Personal", respectively. Both mechanisms will generate a
+ master session key for the Authenticator (AP) and Supplicant
+ (client station).</para>
+
+ <para>WPA implements a new key handshake (4-Way Handshake and
+ Group Key Handshake) for generating and exchanging data encryption
+ keys between the Authenticator and Supplicant. This handshake is
+ also used to verify that both Authenticator and Supplicant know
+ the master session key. These handshakes are identical regardless
+ of the selected key management mechanism (only the method for
+ generating master session key changes).</para>
+ </refsect1>
+
+ <refsect1>
+ <title>IEEE 802.11i / WPA2</title>
+
+ <para>The design for parts of IEEE 802.11i that were not included
+ in WPA has finished (May 2004) and this amendment to IEEE 802.11
+ was approved in June 2004. Wi-Fi Alliance is using the final IEEE
+ 802.11i as a new version of WPA called WPA2. This includes, e.g.,
+ support for more robust encryption algorithm (CCMP: AES in Counter
+ mode with CBC-MAC) to replace TKIP and optimizations for handoff
+ (reduced number of messages in initial key handshake,
+ pre-authentication, and PMKSA caching).</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Legal</title>
+ <para>wpa_supplicant is copyright (c) 2003-2005,
+ Jouni Malinen <email>j@w1.fi</email> and
+ contributors.
+ All Rights Reserved.</para>
+
+ <para>This program is dual-licensed under both the GPL version 2
+ and BSD license. Either license may be used at your option.</para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WPA_CLI" "8" "19 February 2008" "" ""
+
+.SH NAME
+wpa_cli \- WPA command line client
+.SH SYNOPSIS
+
+\fBwpa_cli\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-hvB\fR ] [ \fB-a \fIaction file\fB\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fB\fIcommand ...\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_cli is a text-based frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration, trigger events, and request interactive user
+input.
+.PP
+wpa_cli can show the current authentication status, selected
+security mode, dot11 and dot1x MIBs, etc. In addition, it can
+configure some variables like EAPOL state machine parameters and
+trigger events like reassociation and IEEE 802.1X
+logoff/logon. wpa_cli provides a user interface to request
+authentication information, like username and password, if these
+are not included in the configuration. This can be used to
+implement, e.g., one-time-passwords or generic token card
+authentication where the authentication is based on a
+challenge-response that uses an external device for generating the
+response.
+.PP
+The control interface of wpa_supplicant can be configured to
+allow non-root user access (ctrl_interface_group in the
+configuration file). This makes it possible to run wpa_cli with a
+normal user account.
+.PP
+wpa_cli supports two modes: interactive and command
+line. Both modes share the same command set and the main
+difference is in interactive mode providing access to unsolicited
+messages (event messages, username/password requests).
+.PP
+Interactive mode is started when wpa_cli is executed without
+including the command as a command line parameter. Commands are
+then entered on the wpa_cli prompt. In command line mode, the same
+commands are entered as command line arguments for wpa_cli.
+.SH "INTERACTIVE AUTHENTICATION PARAMETERS REQUEST"
+.PP
+When wpa_supplicant need authentication parameters, like
+username and password, which are not present in the configuration
+file, it sends a request message to all attached frontend programs,
+e.g., wpa_cli in interactive mode. wpa_cli shows these requests
+with "CTRL-REQ-<type>-<id>:<text>"
+prefix. <type> is IDENTITY, PASSWORD, or OTP
+(one-time-password). <id> is a unique identifier for the
+current network. <text> is description of the request. In
+case of OTP request, it includes the challenge from the
+authentication server.
+.PP
+The reply to these requests can be given with 'identity',
+'password', and 'otp' commands. <id> needs to be copied from the
+the matching request. 'password' and 'otp' commands can be used
+regardless of whether the request was for PASSWORD or OTP. The
+main difference between these two commands is that values given
+with 'password' are remembered as long as wpa_supplicant is
+running whereas values given with 'otp' are used only once and
+then forgotten, i.e., wpa_supplicant will ask frontend for a new
+value for every use. This can be used to implement
+one-time-password lists and generic token card -based
+authentication.
+.PP
+Example request for password and a matching reply:
+.sp
+.RS
+
+.nf
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+.fi
+.RE
+.PP
+Example request for generic token card challenge-response:
+.sp
+.RS
+
+.nf
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-v\fR
+Show version information.
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-a file\fR
+Run in daemon mode executing the action file
+based on events from wpa_supplicant. The specified file will
+be executed with the first argument set to interface name and
+second to "CONNECTED" or "DISCONNECTED" depending on the event.
+This can be used to execute networking tools required to configure
+the interface.
+
+Additionally, three environmental variables are available to
+the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
+contains the absolute path to the ctrl_interface socket. WPA_ID
+contains the unique network_id identifier assigned to the active
+network, and WPA_ID_STR contains the content of the id_str option.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBcommand\fR
+Run a command. The available commands are
+listed in the next section.
+.SH "COMMANDS"
+.PP
+The following commands are available:
+.TP
+\fBstatus\fR
+get current WPA/EAPOL/EAP status
+.TP
+\fBmib\fR
+get MIB variables (dot1x, dot11)
+.TP
+\fBhelp\fR
+show this usage help
+.TP
+\fBinterface [ifname]\fR
+show interfaces/select interface
+.TP
+\fBlevel <debug level>\fR
+change debug level
+.TP
+\fBlicense\fR
+show full wpa_cli license
+.TP
+\fBlogoff\fR
+IEEE 802.1X EAPOL state machine logoff
+.TP
+\fBlogon\fR
+IEEE 802.1X EAPOL state machine logon
+.TP
+\fBset\fR
+set variables (shows list of variables when run without arguments)
+.TP
+\fBpmksa\fR
+show PMKSA cache
+.TP
+\fBreassociate\fR
+force reassociation
+.TP
+\fBreconfigure\fR
+force wpa_supplicant to re-read its configuration file
+.TP
+\fBpreauthenticate <BSSID>\fR
+force preauthentication
+.TP
+\fBidentity <network id> <identity>\fR
+configure identity for an SSID
+.TP
+\fBpassword <network id> <password>\fR
+configure password for an SSID
+.TP
+\fBpin <network id> <pin>\fR
+configure pin for an SSID
+.TP
+\fBotp <network id> <password>\fR
+configure one-time-password for an SSID
+.TP
+\fBbssid <network id> <BSSID>\fR
+set preferred BSSID for an SSID
+.TP
+\fBlist_networks\fR
+list configured networks
+.TP
+\fBterminate\fR
+terminate \fBwpa_supplicant\fR
+.TP
+\fBquit\fR
+exit wpa_cli
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2005,
+Jouni Malinen <j@w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+
+<refentry>
+ <refmeta>
+ <refentrytitle>wpa_cli</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+ <refnamediv>
+ <refname>wpa_cli</refname>
+
+ <refpurpose>WPA command line client</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>wpa_cli</command>
+ <arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
+ <arg>-i <replaceable>ifname</replaceable></arg>
+ <arg>-hvB</arg>
+ <arg>-a <replaceable>action file</replaceable></arg>
+ <arg>-P <replaceable>pid file</replaceable></arg>
+ <arg><replaceable>command ...</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Overview</title>
+
+ <para>wpa_cli is a text-based frontend program for interacting
+ with wpa_supplicant. It is used to query current status, change
+ configuration, trigger events, and request interactive user
+ input.</para>
+
+ <para>wpa_cli can show the current authentication status, selected
+ security mode, dot11 and dot1x MIBs, etc. In addition, it can
+ configure some variables like EAPOL state machine parameters and
+ trigger events like reassociation and IEEE 802.1X
+ logoff/logon. wpa_cli provides a user interface to request
+ authentication information, like username and password, if these
+ are not included in the configuration. This can be used to
+ implement, e.g., one-time-passwords or generic token card
+ authentication where the authentication is based on a
+ challenge-response that uses an external device for generating the
+ response.</para>
+
+ <para>The control interface of wpa_supplicant can be configured to
+ allow non-root user access (ctrl_interface_group in the
+ configuration file). This makes it possible to run wpa_cli with a
+ normal user account.</para>
+
+ <para>wpa_cli supports two modes: interactive and command
+ line. Both modes share the same command set and the main
+ difference is in interactive mode providing access to unsolicited
+ messages (event messages, username/password requests).</para>
+
+ <para>Interactive mode is started when wpa_cli is executed without
+ including the command as a command line parameter. Commands are
+ then entered on the wpa_cli prompt. In command line mode, the same
+ commands are entered as command line arguments for wpa_cli.</para>
+ </refsect1>
+ <refsect1>
+ <title>Interactive authentication parameters request</title>
+
+ <para>When wpa_supplicant need authentication parameters, like
+ username and password, which are not present in the configuration
+ file, it sends a request message to all attached frontend programs,
+ e.g., wpa_cli in interactive mode. wpa_cli shows these requests
+ with "CTRL-REQ-<type>-<id>:<text>"
+ prefix. <type> is IDENTITY, PASSWORD, or OTP
+ (one-time-password). <id> is a unique identifier for the
+ current network. <text> is description of the request. In
+ case of OTP request, it includes the challenge from the
+ authentication server.</para>
+
+ <para>The reply to these requests can be given with 'identity',
+ 'password', and 'otp' commands. <id> needs to be copied from the
+ the matching request. 'password' and 'otp' commands can be used
+ regardless of whether the request was for PASSWORD or OTP. The
+ main difference between these two commands is that values given
+ with 'password' are remembered as long as wpa_supplicant is
+ running whereas values given with 'otp' are used only once and
+ then forgotten, i.e., wpa_supplicant will ask frontend for a new
+ value for every use. This can be used to implement
+ one-time-password lists and generic token card -based
+ authentication.</para>
+
+ <para>Example request for password and a matching reply:</para>
+
+<blockquote><programlisting>
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+</programlisting></blockquote>
+
+ <para>Example request for generic token card challenge-response:</para>
+
+<blockquote><programlisting>
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+</programlisting></blockquote>
+
+ </refsect1>
+ <refsect1>
+ <title>Command Arguments</title>
+ <variablelist>
+ <varlistentry>
+ <term>-p path</term>
+
+ <listitem><para>Change the path where control sockets should
+ be found.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i ifname</term>
+
+ <listitem><para>Specify the interface that is being
+ configured. By default, choose the first interface found with
+ a control socket in the socket path.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem><para>Help. Show a usage message.</para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem><para>Show version information.</para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-B</term>
+ <listitem><para>Run as a daemon in the background.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-a file</term>
+
+ <listitem><para>Run in daemon mode executing the action file
+ based on events from wpa_supplicant. The specified file will
+ be executed with the first argument set to interface name and
+ second to "CONNECTED" or "DISCONNECTED" depending on the event.
+ This can be used to execute networking tools required to configure
+ the interface.</para>
+
+ <para>Additionally, three environmental variables are available to
+ the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
+ contains the absolute path to the ctrl_interface socket. WPA_ID
+ contains the unique network_id identifier assigned to the active
+ network, and WPA_ID_STR contains the content of the id_str option.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-P file</term>
+
+ <listitem><para>Set the location of the PID
+ file.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>command</term>
+
+ <listitem><para>Run a command. The available commands are
+ listed in the next section.</para></listitem>
+
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>Commands</title>
+ <para>The following commands are available:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>status</term>
+ <listitem>
+ <para>get current WPA/EAPOL/EAP status</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>mib</term>
+ <listitem>
+ <para>get MIB variables (dot1x, dot11)</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>help</term>
+ <listitem>
+ <para>show this usage help</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>interface [ifname]</term>
+ <listitem>
+ <para>show interfaces/select interface</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>level <debug level></term>
+ <listitem>
+ <para>change debug level</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>license</term>
+ <listitem>
+ <para>show full wpa_cli license</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>logoff</term>
+ <listitem>
+ <para>IEEE 802.1X EAPOL state machine logoff</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>logon</term>
+ <listitem>
+ <para>IEEE 802.1X EAPOL state machine logon</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>set</term>
+ <listitem>
+ <para>set variables (shows list of variables when run without arguments)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>pmksa</term>
+ <listitem>
+ <para>show PMKSA cache</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>reassociate</term>
+ <listitem>
+ <para>force reassociation</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>reconfigure</term>
+ <listitem>
+ <para>force wpa_supplicant to re-read its configuration file</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>preauthenticate <BSSID></term>
+ <listitem>
+ <para>force preauthentication</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>identity <network id> <identity></term>
+ <listitem>
+ <para>configure identity for an SSID</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>password <network id> <password></term>
+ <listitem>
+ <para>configure password for an SSID</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>pin <network id> <pin></term>
+ <listitem>
+ <para>configure pin for an SSID</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>otp <network id> <password></term>
+ <listitem>
+ <para>configure one-time-password for an SSID</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>bssid <network id> <BSSID></term>
+ <listitem>
+ <para>set preferred BSSID for an SSID</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>list_networks</term>
+ <listitem>
+ <para>list configured networks</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>terminate</term>
+ <listitem>
+ <para>terminate <command>wpa_supplicant</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>quit</term>
+ <listitem><para>exit wpa_cli</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Legal</title>
+ <para>wpa_supplicant is copyright (c) 2003-2005,
+ Jouni Malinen <email>j@w1.fi</email> and
+ contributors.
+ All Rights Reserved.</para>
+
+ <para>This program is dual-licensed under both the GPL version 2
+ and BSD license. Either license may be used at your option.</para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WPA_PASSPHRASE" "8" "19 February 2008" "" ""
+
+.SH NAME
+wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID
+.SH SYNOPSIS
+
+\fBwpa_passphrase\fR [ \fB\fIssid\fB\fR ] [ \fB\fIpassphrase\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_passphrase\fR pre-computes PSK entries for
+network configuration blocks of a
+\fIwpa_supplicant.conf\fR file. An ASCII passphrase
+and SSID are used to generate a 256-bit PSK.
+.SH "OPTIONS"
+.TP
+\fBssid\fR
+The SSID whose passphrase should be derived.
+.TP
+\fBpassphrase\fR
+The passphrase to use. If not included on the command line,
+passphrase will be read from standard input.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2005,
+Jouni Malinen <j@w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+
+<refentry>
+ <refmeta>
+ <refentrytitle>wpa_passphrase</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+ <refnamediv>
+ <refname>wpa_passphrase</refname>
+ <refpurpose>Generate a WPA PSK from an ASCII passphrase for a SSID</refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>wpa_passphrase</command>
+ <arg><replaceable>ssid</replaceable></arg>
+ <arg><replaceable>passphrase</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Overview</title>
+
+ <para><command>wpa_passphrase</command> pre-computes PSK entries for
+ network configuration blocks of a
+ <filename>wpa_supplicant.conf</filename> file. An ASCII passphrase
+ and SSID are used to generate a 256-bit PSK.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Options</title>
+ <variablelist>
+ <varlistentry>
+ <term>ssid</term>
+ <listitem>
+ <para>The SSID whose passphrase should be derived.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>passphrase</term>
+ <listitem>
+ <para>The passphrase to use. If not included on the command line,
+ passphrase will be read from standard input.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+
+ </refsect1>
+ <refsect1>
+ <title>Legal</title>
+ <para>wpa_supplicant is copyright (c) 2003-2005,
+ Jouni Malinen <email>j@w1.fi</email> and
+ contributors.
+ All Rights Reserved.</para>
+
+ <para>This program is dual-licensed under both the GPL version 2
+ and BSD license. Either license may be used at your option.</para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WPA_SUPPLICANT" "8" "19 February 2008" "" ""
+
+.SH NAME
+wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant
+.SH SYNOPSIS
+
+\fBwpa_supplicant\fR [ \fB-BddfhKLqqtuvwW\fR ] [ \fB-i\fIifname\fB\fR ] [ \fB-c\fIconfig file\fB\fR ] [ \fB-D\fIdriver\fB\fR ] [ \fB-P\fIPID_file\fB\fR ] [ \fB-f\fIoutput file\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+Wireless networks do not require physical access to the network equipment
+in the same way as wired networks. This makes it easier for unauthorized
+users to passively monitor a network and capture all transmitted frames.
+In addition, unauthorized use of the network is much easier. In many cases,
+this can happen even without user's explicit knowledge since the wireless
+LAN adapter may have been configured to automatically join any available
+network.
+.PP
+Link-layer encryption can be used to provide a layer of security for
+wireless networks. The original wireless LAN standard, IEEE 802.11,
+included a simple encryption mechanism, WEP. However, that proved to
+be flawed in many areas and network protected with WEP cannot be consider
+secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
+can be used to improve the network security, but even that has inherited
+security issues due to the use of WEP for encryption. Wi-Fi Protected
+Access and IEEE 802.11i amendment to the wireless LAN standard introduce
+a much improvement mechanism for securing wireless networks. IEEE 802.11i
+enabled networks that are using CCMP (encryption mechanism based on strong
+cryptographic algorithm AES) can finally be called secure used for
+applications which require efficient protection against unauthorized
+access.
+.PP
+\fBwpa_supplicant\fR is an implementation of
+the WPA Supplicant component, i.e., the part that runs in the
+client stations. It implements WPA key negotiation with a WPA
+Authenticator and EAP authentication with Authentication
+Server. In addition, it controls the roaming and IEEE 802.11
+authentication/association of the wireless LAN driver.
+.PP
+\fBwpa_supplicant\fR is designed to be a
+"daemon" program that runs in the background and acts as the
+backend component controlling the wireless
+connection. \fBwpa_supplicant\fR supports separate
+frontend programs and an example text-based frontend,
+\fBwpa_cli\fR, is included with
+wpa_supplicant.
+.PP
+Before wpa_supplicant can do its work, the network interface
+must be available. That means that the physical device must be
+present and enabled, and the driver for the device must have be
+loaded. Note, however, that the '-w' option of the wpa_supplicant
+daemon instructs the daemon to continue running and to wait for
+the interface to become available. Without the '-w' option, the
+daemon will exit immediately if the device is not already
+available.
+.PP
+After \fBwpa_supplicant\fR has configured the
+network device, higher level configuration such as DHCP may
+proceed. There are a variety of ways to integrate wpa_supplicant
+into a machine's networking scripts, a few of which are described
+in sections below.
+.PP
+The following steps are used when associating with an AP
+using WPA:
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to scan neighboring BSSes
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR selects a BSS based on
+its configuration
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to associate with the chosen BSS
+.TP 0.2i
+\(bu
+If WPA-EAP: integrated IEEE 802.1X Supplicant or
+external Xsupplicant completes EAP authentication with the
+authentication server (proxied by the Authenticator in the
+AP)
+.TP 0.2i
+\(bu
+If WPA-EAP: master key is received from the IEEE 802.1X
+Supplicant
+.TP 0.2i
+\(bu
+If WPA-PSK: \fBwpa_supplicant\fR uses PSK
+as the master session key
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR completes WPA 4-Way
+Handshake and Group Key Handshake with the Authenticator
+(AP)
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR configures encryption
+keys for unicast and broadcast
+.TP 0.2i
+\(bu
+normal data packets can be transmitted and received
+.SH "SUPPORTED FEATURES"
+.PP
+Supported WPA/IEEE 802.11i features:
+.TP 0.2i
+\(bu
+WPA-PSK ("WPA-Personal")
+.TP 0.2i
+\(bu
+WPA with EAP (e.g., with RADIUS authentication server)
+("WPA-Enterprise") Following authentication methods are
+supported with an integrate IEEE 802.1X Supplicant:
+.RS
+.TP 0.2i
+\(bu
+EAP-TLS
+.RE
+.RS
+.TP 0.2i
+\(bu
+EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-GTC
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-OTP
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-TLS
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAP
+.TP 0.2i
+\(bu
+EAP-TTLS/PAP
+.TP 0.2i
+\(bu
+EAP-TTLS/CHAP
+.TP 0.2i
+\(bu
+EAP-SIM
+.TP 0.2i
+\(bu
+EAP-AKA
+.TP 0.2i
+\(bu
+EAP-PSK
+.TP 0.2i
+\(bu
+EAP-PAX
+.TP 0.2i
+\(bu
+LEAP (note: requires special support from
+the driver for IEEE 802.11 authentication)
+.TP 0.2i
+\(bu
+(following methods are supported, but since
+they do not generate keying material, they cannot be used
+with WPA or IEEE 802.1X WEP keying)
+.TP 0.2i
+\(bu
+EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-GTC
+.TP 0.2i
+\(bu
+EAP-OTP
+.RE
+.TP 0.2i
+\(bu
+key management for CCMP, TKIP, WEP104, WEP40
+.TP 0.2i
+\(bu
+RSN/WPA2 (IEEE 802.11i)
+.RS
+.TP 0.2i
+\(bu
+pre-authentication
+.TP 0.2i
+\(bu
+PMKSA caching
+.RE
+.SH "AVAILABLE DRIVERS"
+.PP
+The available drivers to specify with the -D option are:
+.TP
+\fBhostap\fR
+(default) Host AP driver (Intersil Prism2/2.5/3).
+(this can also be used with Linuxant DriverLoader).
+.TP
+\fBhermes\fR
+Agere Systems Inc. driver (Hermes-I/Hermes-II).
+.TP
+\fBmadwifi\fR
+MADWIFI 802.11 support (Atheros, etc.).
+.TP
+\fBatmel\fR
+ATMEL AT76C5XXx (USB, PCMCIA).
+.TP
+\fBwext\fR
+Linux wireless extensions (generic).
+.TP
+\fBndiswrapper\fR
+Linux ndiswrapper.
+.TP
+\fBbroadcom\fR
+Broadcom wl.o driver.
+.TP
+\fBipw\fR
+Intel ipw2100/2200 driver.
+.TP
+\fBwired\fR
+wpa_supplicant wired Ethernet driver
+.TP
+\fBbsd\fR
+BSD 802.11 support (Atheros, etc.).
+.TP
+\fBndis\fR
+Windows NDIS driver.
+.SH "COMMAND LINE OPTIONS"
+.TP
+\fB-B\fR
+Run daemon in the background.
+.TP
+\fB-i ifname\fR
+Interface to listen on.
+.TP
+\fB-c filename\fR
+Path to configuration file.
+.TP
+\fB-P PID_file\fR
+Path to PID file.
+.TP
+\fB-C ctrl_interface\fR
+Path to ctrl_interface socket (only used if -c is not).
+.TP
+\fB-g global ctrl_interface\fR
+Path to global ctrl_interface socket.
+.TP
+\fB-D driver\fR
+Driver to use. See the available options below.
+.TP
+\fB-f output file\fR
+Log output to specified file instead of stdout.
+.TP
+\fB-d\fR
+Increase debugging verbosity (-dd even more).
+.TP
+\fB-K\fR
+Include keys (passwords, etc.) in debug output.
+.TP
+\fB-t\fR
+Include timestamp in debug messages.
+.TP
+\fB-e\fR
+Use external IEEE 802.1X Supplicant (e.g.,
+\fBxsupplicant\fR) (this disables the internal
+Supplicant).
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-L\fR
+Show license (GPL and BSD).
+.TP
+\fB-q\fR
+Decrease debugging verbosity (-qq even less).
+.TP
+\fB-v\fR
+Show version.
+.TP
+\fB-w\fR
+wait for interface to be added, if needed. normally,
+\fBwpa_supplicant\fR will exit if the interface
+is not there yet.
+.TP
+\fB-N\fR
+Start describing new interface.
+.SH "EXAMPLES"
+.PP
+In most common cases, \fBwpa_supplicant\fR is
+started with:
+.sp
+.RS
+
+.nf
+wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0
+.fi
+.RE
+.PP
+This makes the process fork into background and wait for the wlan0
+interface if it is not available at startup time.
+.PP
+The easiest way to debug problems, and to get debug log for
+bug reports, is to start \fBwpa_supplicant\fR on
+foreground with debugging enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+.fi
+.RE
+.PP
+\fBwpa_supplicant\fR can control multiple
+interfaces (radios) either by running one process for each
+interface separately or by running just one process and list of
+options at command line. Each interface is separated with -N
+argument. As an example, following command would start
+wpa_supplicant for two interfaces:
+.sp
+.RS
+
+.nf
+wpa_supplicant \\
+ -c wpa1.conf -i wlan0 -D hostap -N \\
+ -c wpa2.conf -i ath0 -D madwifi
+.fi
+.RE
+.SH "OS REQUIREMENTS"
+.PP
+Current hardware/software requirements:
+.TP 0.2i
+\(bu
+Linux kernel 2.4.x or 2.6.x with Linux Wireless
+Extensions v15 or newer
+.TP 0.2i
+\(bu
+FreeBSD 6-CURRENT
+.TP 0.2i
+\(bu
+Microsoft Windows with WinPcap (at least WinXP, may work
+with other versions)
+.SH "SUPPORTED DRIVERS"
+.TP
+\fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR
+(http://hostap.epitest.fi/) Driver needs to be set in
+Managed mode ('iwconfig wlan0 mode managed'). Please note
+that station firmware version needs to be 1.7.0 or newer to
+work in WPA mode.
+.TP
+\fBLinuxant DriverLoader\fR
+(http://www.linuxant.com/driverloader/)
+with Windows NDIS driver for your wlan card supporting WPA.
+.TP
+\fBAgere Systems Inc. Linux Driver\fR
+(http://www.agere.com/support/drivers/) Please note
+that the driver interface file (driver_hermes.c) and hardware
+specific include files are not included in the wpa_supplicant
+distribution. You will need to copy these from the source
+package of the Agere driver.
+.TP
+\fBmadwifi driver for cards based on Atheros chip set (ar521x)\fR
+(http://sourceforge.net/projects/madwifi/) Please
+note that you will need to modify the wpa_supplicant .config
+file to use the correct path for the madwifi driver root
+directory (CFLAGS += -I../madwifi/wpa line in example
+defconfig).
+.TP
+\fBATMEL AT76C5XXx driver for USB and PCMCIA cards\fR
+(http://atmelwlandriver.sourceforge.net/).
+.TP
+\fBLinux ndiswrapper\fR
+(http://ndiswrapper.sourceforge.net/) with Windows
+NDIS driver.
+.TP
+\fBBroadcom wl.o driver\fR
+This is a generic Linux driver for Broadcom IEEE
+802.11a/g cards. However, it is proprietary driver that is
+not publicly available except for couple of exceptions, mainly
+Broadcom-based APs/wireless routers that use Linux. The driver
+binary can be downloaded, e.g., from Linksys support site
+(http://www.linksys.com/support/gpl.asp) for Linksys
+WRT54G. The GPL tarball includes cross-compiler and the needed
+header file, wlioctl.h, for compiling wpa_supplicant. This
+driver support in wpa_supplicant is expected to work also with
+other devices based on Broadcom driver (assuming the driver
+includes client mode support).
+.TP
+\fB Intel ipw2100 driver\fR
+(http://sourceforge.net/projects/ipw2100/)
+.TP
+\fBIntel ipw2200 driver\fR
+(http://sourceforge.net/projects/ipw2200/)
+.TP
+\fBLinux wireless extensions\fR
+In theory, any driver that supports Linux wireless
+extensions can be used with IEEE 802.1X (i.e., not WPA) when
+using ap_scan=0 option in configuration file.
+.TP
+\fBWired Ethernet drivers\fR
+Use ap_scan=0.
+.TP
+\fBBSD net80211 layer (e.g., Atheros driver)\fR
+At the moment, this is for FreeBSD 6-CURRENT branch.
+.TP
+\fBWindows NDIS\fR
+The current Windows port requires WinPcap
+(http://winpcap.polito.it/). See README-Windows.txt for more
+information.
+.PP
+wpa_supplicant was designed to be portable for different
+drivers and operating systems. Hopefully, support for more wlan
+cards and OSes will be added in the future. See developer.txt for
+more information about the design of wpa_supplicant and porting to
+other drivers. One main goal is to add full WPA/WPA2 support to
+Linux wireless extensions to allow new drivers to be supported
+without having to implement new driver-specific interface code in
+wpa_supplicant.
+.SH "ARCHITECTURE"
+.PP
+The
+\fBwpa_supplicant\fR system consists of the following
+components:
+.TP
+\fB\fIwpa_supplicant.conf\fB \fR
+the configuration file describing all networks that the
+user wants the computer to connect to.
+.TP
+\fBwpa_supplicant\fR
+the program that directly interacts with the
+network interface.
+.TP
+\fBwpa_cli\fR
+the
+client program that provides a high-level interface to the
+functionality of the daemon.
+.TP
+\fBwpa_passphrase\fR
+a utility needed to construct
+\fIwpa_supplicant.conf\fR files that include
+encrypted passwords.
+.SH "QUICK START"
+.PP
+First, make a configuration file, e.g.
+\fI/etc/wpa_supplicant.conf\fR, that describes the networks
+you are interested in. See \fBwpa_supplicant.conf\fR(5)
+for details.
+.PP
+Once the configuration is ready, you can test whether the
+configuration works by running \fBwpa_supplicant\fR
+with following command to start it on foreground with debugging
+enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+
+.fi
+.RE
+.PP
+Assuming everything goes fine, you can start using following
+command to start \fBwpa_supplicant\fR on background
+without debugging:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+
+.fi
+.RE
+.PP
+Please note that if you included more than one driver
+interface in the build time configuration (.config), you may need
+to specify which interface to use by including -D<driver
+name> option on the command line.
+.SH "INTERFACE TO PCMCIA-CS/CARDMRG"
+.PP
+For example, following small changes to pcmcia-cs scripts
+can be used to enable WPA support:
+.PP
+Add MODE="Managed" and WPA="y" to the network scheme in
+\fI/etc/pcmcia/wireless.opts\fR\&.
+.PP
+Add the following block to the end of 'start' action handler
+in \fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -i$DEVICE
+fi
+
+.fi
+.RE
+.PP
+Add the following block to the end of 'stop' action handler
+(may need to be separated from other actions) in
+\fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+fi
+
+.fi
+.RE
+.PP
+This will make \fBcardmgr\fR start
+\fBwpa_supplicant\fR when the card is plugged
+in. \fBwpa_supplicant\fR will wait until the
+interface is set up--either when a static IP address is configured
+or when DHCP client is started--and will then negotiate keys with
+the AP.
+.SH "SEE ALSO"
+.PP
+\fBwpa_background\fR(8)
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_cli\fR(8)
+\fBwpa_passphrase\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2005,
+Jouni Malinen <j@w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
--- /dev/null
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WPA_SUPPLICANT.CONF" "5" "19 February 2008" "" ""
+
+.SH NAME
+wpa_supplicant.conf \- configuration file for wpa_supplicant
+.SH "OVERVIEW"
+.PP
+\fBwpa_supplicant\fR is configured using a text
+file that lists all accepted networks and security policies,
+including pre-shared keys. See the example configuration file,
+probably in \fB/usr/share/doc/wpa_supplicant/\fR, for
+detailed information about the configuration format and supported
+fields.
+.PP
+All file paths in this configuration file should use full
+(absolute, not relative to working directory) path in order to allow
+working directory to be changed. This can happen if wpa_supplicant is
+run in the background.
+.PP
+Changes to configuration file can be reloaded be sending
+SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP
+wpa_supplicant'). Similarly, reloading can be triggered with
+the 'wpa_cli reconfigure' command.
+.PP
+Configuration file can include one or more network blocks,
+e.g., one for each used SSID. wpa_supplicant will automatically
+select the best network based on the order of network blocks in
+the configuration file, network security level (WPA/WPA2 is
+preferred), and signal strength.
+.SH "QUICK EXAMPLES"
+.TP 3
+1.
+WPA-Personal (PSK) as home network and WPA-Enterprise with
+EAP-TLS as work network.
+.sp
+.RS
+
+.nf
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+.fi
+.RE
+.TP 3
+2.
+WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
+use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
+Aegis, Interlink RAD-Series)
+.sp
+.RS
+
+.nf
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+.fi
+.RE
+.TP 3
+3.
+EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
+identity for the unencrypted use. Real identity is sent only
+within an encrypted TLS tunnel.
+.sp
+.RS
+
+.nf
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+.fi
+.RE
+.TP 3
+4.
+IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
+(require both unicast and broadcast); use EAP-TLS for
+authentication
+.sp
+.RS
+
+.nf
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+.fi
+.RE
+.TP 3
+5.
+Catch all example that allows more or less all
+configuration modes. The configuration options are used based
+on what security policy is used in the selected SSID. This is
+mostly for testing and is not recommended for normal
+use.
+.sp
+.RS
+
+.nf
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+.fi
+.RE
+.TP 3
+6.
+Authentication for wired Ethernet. This can be used with
+'wired' interface (-Dwired on command line).
+.sp
+.RS
+
+.nf
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+.fi
+.RE
+.SH "CERTIFICATES"
+.PP
+Some EAP authentication methods require use of
+certificates. EAP-TLS uses both server side and client
+certificates whereas EAP-PEAP and EAP-TTLS only require the server
+side certificate. When client certificate is used, a matching
+private key file has to also be included in configuration. If the
+private key uses a passphrase, this has to be configured in
+wpa_supplicant.conf ("private_key_passwd").
+.PP
+wpa_supplicant supports X.509 certificates in PEM and DER
+formats. User certificate and private key can be included in the
+same file.
+.PP
+If the user certificate and private key is received in
+PKCS#12/PFX format, they need to be converted to suitable PEM/DER
+format for wpa_supplicant. This can be done, e.g., with following
+commands:
+.sp
+.RS
+
+.nf
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+\fBopenssl\fR(1)
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry>
+ <refmeta>
+ <refentrytitle>wpa_supplicant.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </refmeta>
+ <refnamediv>
+ <refname>wpa_supplicant.conf</refname>
+ <refpurpose>configuration file for wpa_supplicant</refpurpose>
+ </refnamediv>
+ <refsect1>
+ <title>Overview</title>
+
+ <para><command>wpa_supplicant</command> is configured using a text
+ file that lists all accepted networks and security policies,
+ including pre-shared keys. See the example configuration file,
+ probably in <command>/usr/share/doc/wpa_supplicant/</command>, for
+ detailed information about the configuration format and supported
+ fields.</para>
+
+ <para>All file paths in this configuration file should use full
+ (absolute, not relative to working directory) path in order to allow
+ working directory to be changed. This can happen if wpa_supplicant is
+ run in the background.</para>
+
+ <para>Changes to configuration file can be reloaded be sending
+ SIGHUP signal to <command>wpa_supplicant</command> ('killall -HUP
+ wpa_supplicant'). Similarly, reloading can be triggered with
+ the 'wpa_cli reconfigure' command.</para>
+
+ <para>Configuration file can include one or more network blocks,
+ e.g., one for each used SSID. wpa_supplicant will automatically
+ select the best network based on the order of network blocks in
+ the configuration file, network security level (WPA/WPA2 is
+ preferred), and signal strength.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Quick Examples</title>
+
+ <orderedlist>
+ <listitem>
+
+ <para>WPA-Personal (PSK) as home network and WPA-Enterprise with
+ EAP-TLS as work network.</para>
+
+<blockquote><programlisting>
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+</programlisting></blockquote>
+ </listitem>
+
+ <listitem>
+ <para>WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
+ use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
+ Aegis, Interlink RAD-Series)</para>
+
+<blockquote><programlisting>
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+</programlisting></blockquote>
+ </listitem>
+
+ <listitem>
+ <para>EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
+ identity for the unencrypted use. Real identity is sent only
+ within an encrypted TLS tunnel.</para>
+
+
+<blockquote><programlisting>
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+</programlisting></blockquote>
+
+ </listitem>
+
+ <listitem>
+ <para>IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
+ (require both unicast and broadcast); use EAP-TLS for
+ authentication</para>
+
+<blockquote><programlisting>
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+</programlisting></blockquote>
+ </listitem>
+
+
+ <listitem>
+ <para>Catch all example that allows more or less all
+ configuration modes. The configuration options are used based
+ on what security policy is used in the selected SSID. This is
+ mostly for testing and is not recommended for normal
+ use.</para>
+
+<blockquote><programlisting>
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+</programlisting></blockquote>
+ </listitem>
+
+ <listitem>
+ <para>Authentication for wired Ethernet. This can be used with
+ 'wired' interface (-Dwired on command line).</para>
+
+<blockquote><programlisting>
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+</programlisting></blockquote>
+ </listitem>
+ </orderedlist>
+
+
+
+
+
+ </refsect1>
+ <refsect1>
+ <title>Certificates</title>
+
+ <para>Some EAP authentication methods require use of
+ certificates. EAP-TLS uses both server side and client
+ certificates whereas EAP-PEAP and EAP-TTLS only require the server
+ side certificate. When client certificate is used, a matching
+ private key file has to also be included in configuration. If the
+ private key uses a passphrase, this has to be configured in
+ wpa_supplicant.conf ("private_key_passwd").</para>
+
+ <para>wpa_supplicant supports X.509 certificates in PEM and DER
+ formats. User certificate and private key can be included in the
+ same file.</para>
+
+ <para>If the user certificate and private key is received in
+ PKCS#12/PFX format, they need to be converted to suitable PEM/DER
+ format for wpa_supplicant. This can be done, e.g., with following
+ commands:</para>
+<blockquote><programlisting>
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+</programlisting></blockquote>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>openssl</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+
+<refentry>
+ <refmeta>
+ <refentrytitle>wpa_supplicant</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+ <refnamediv>
+ <refname>wpa_supplicant</refname>
+ <refpurpose>Wi-Fi Protected Access client and IEEE 802.1X supplicant</refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>wpa_supplicant</command>
+ <arg>-BddfhKLqqtuvwW</arg>
+ <arg>-i<replaceable>ifname</replaceable></arg>
+ <arg>-c<replaceable>config file</replaceable></arg>
+ <arg>-D<replaceable>driver</replaceable></arg>
+ <arg>-P<replaceable>PID_file</replaceable></arg>
+ <arg>-f<replaceable>output file</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+ <refsect1>
+ <title>Overview</title>
+
+ <para>
+ Wireless networks do not require physical access to the network equipment
+ in the same way as wired networks. This makes it easier for unauthorized
+ users to passively monitor a network and capture all transmitted frames.
+ In addition, unauthorized use of the network is much easier. In many cases,
+ this can happen even without user's explicit knowledge since the wireless
+ LAN adapter may have been configured to automatically join any available
+ network.
+ </para>
+
+ <para>
+ Link-layer encryption can be used to provide a layer of security for
+ wireless networks. The original wireless LAN standard, IEEE 802.11,
+ included a simple encryption mechanism, WEP. However, that proved to
+ be flawed in many areas and network protected with WEP cannot be consider
+ secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
+ can be used to improve the network security, but even that has inherited
+ security issues due to the use of WEP for encryption. Wi-Fi Protected
+ Access and IEEE 802.11i amendment to the wireless LAN standard introduce
+ a much improvement mechanism for securing wireless networks. IEEE 802.11i
+ enabled networks that are using CCMP (encryption mechanism based on strong
+ cryptographic algorithm AES) can finally be called secure used for
+ applications which require efficient protection against unauthorized
+ access.
+ </para>
+
+ <para><command>wpa_supplicant</command> is an implementation of
+ the WPA Supplicant component, i.e., the part that runs in the
+ client stations. It implements WPA key negotiation with a WPA
+ Authenticator and EAP authentication with Authentication
+ Server. In addition, it controls the roaming and IEEE 802.11
+ authentication/association of the wireless LAN driver.</para>
+
+ <para><command>wpa_supplicant</command> is designed to be a
+ "daemon" program that runs in the background and acts as the
+ backend component controlling the wireless
+ connection. <command>wpa_supplicant</command> supports separate
+ frontend programs and an example text-based frontend,
+ <command>wpa_cli</command>, is included with
+ wpa_supplicant.</para>
+
+ <para>Before wpa_supplicant can do its work, the network interface
+ must be available. That means that the physical device must be
+ present and enabled, and the driver for the device must have be
+ loaded. Note, however, that the '-w' option of the wpa_supplicant
+ daemon instructs the daemon to continue running and to wait for
+ the interface to become available. Without the '-w' option, the
+ daemon will exit immediately if the device is not already
+ available.</para>
+
+ <para>After <command>wpa_supplicant</command> has configured the
+ network device, higher level configuration such as DHCP may
+ proceed. There are a variety of ways to integrate wpa_supplicant
+ into a machine's networking scripts, a few of which are described
+ in sections below.</para>
+
+ <para>The following steps are used when associating with an AP
+ using WPA:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><command>wpa_supplicant</command> requests the kernel
+ driver to scan neighboring BSSes</para>
+ </listitem>
+
+ <listitem>
+ <para><command>wpa_supplicant</command> selects a BSS based on
+ its configuration</para>
+ </listitem>
+
+ <listitem>
+ <para><command>wpa_supplicant</command> requests the kernel
+ driver to associate with the chosen BSS</para>
+ </listitem>
+
+ <listitem>
+ <para>If WPA-EAP: integrated IEEE 802.1X Supplicant or
+ external Xsupplicant completes EAP authentication with the
+ authentication server (proxied by the Authenticator in the
+ AP)</para>
+ </listitem>
+
+ <listitem>
+ <para>If WPA-EAP: master key is received from the IEEE 802.1X
+ Supplicant</para>
+ </listitem>
+
+ <listitem>
+ <para>If WPA-PSK: <command>wpa_supplicant</command> uses PSK
+ as the master session key</para>
+ </listitem>
+
+ <listitem>
+ <para><command>wpa_supplicant</command> completes WPA 4-Way
+ Handshake and Group Key Handshake with the Authenticator
+ (AP)</para>
+ </listitem>
+
+ <listitem>
+ <para><command>wpa_supplicant</command> configures encryption
+ keys for unicast and broadcast</para>
+ </listitem>
+
+ <listitem>
+ <para>normal data packets can be transmitted and received</para>
+ </listitem>
+ </itemizedlist>
+ </refsect1>
+
+ <refsect1>
+ <title>Supported Features</title>
+ <para>Supported WPA/IEEE 802.11i features:</para>
+ <itemizedlist>
+ <listitem>
+ <para>WPA-PSK ("WPA-Personal")</para>
+ </listitem>
+
+ <listitem>
+ <para>WPA with EAP (e.g., with RADIUS authentication server)
+ ("WPA-Enterprise") Following authentication methods are
+ supported with an integrate IEEE 802.1X Supplicant:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>EAP-TLS</para>
+ </listitem>
+ </itemizedlist>
+
+ <itemizedlist>
+ <listitem>
+ <para>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</para>
+ </listitem>
+
+
+ <listitem>
+ <para>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</para>
+ </listitem>
+
+ <listitem>
+ <para>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</para>
+ </listitem>
+
+ <listitem>
+ <para>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</para>
+ </listitem>
+
+ <listitem>
+ <para>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</para>
+ </listitem>
+
+ <listitem>
+ <para>EAP-TTLS/EAP-MD5-Challenge</para>
+ </listitem>
+
+ <listitem>
+ <para>EAP-TTLS/EAP-GTC</para>
+ </listitem>
+
+ <listitem><para>EAP-TTLS/EAP-OTP</para></listitem>
+
+ <listitem><para>EAP-TTLS/EAP-MSCHAPv2</para></listitem>
+
+ <listitem><para>EAP-TTLS/EAP-TLS</para></listitem>
+
+ <listitem><para>EAP-TTLS/MSCHAPv2</para></listitem>
+
+ <listitem><para>EAP-TTLS/MSCHAP</para></listitem>
+
+ <listitem><para>EAP-TTLS/PAP</para></listitem>
+
+ <listitem><para>EAP-TTLS/CHAP</para></listitem>
+
+ <listitem><para>EAP-SIM</para></listitem>
+
+ <listitem><para>EAP-AKA</para></listitem>
+
+ <listitem><para>EAP-PSK</para></listitem>
+
+ <listitem><para>EAP-PAX</para></listitem>
+
+ <listitem><para>LEAP (note: requires special support from
+ the driver for IEEE 802.11 authentication)</para></listitem>
+
+ <listitem><para>(following methods are supported, but since
+ they do not generate keying material, they cannot be used
+ with WPA or IEEE 802.1X WEP keying)</para></listitem>
+
+ <listitem><para>EAP-MD5-Challenge </para></listitem>
+
+ <listitem><para>EAP-MSCHAPv2</para></listitem>
+
+ <listitem><para>EAP-GTC</para></listitem>
+
+ <listitem><para>EAP-OTP</para></listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>key management for CCMP, TKIP, WEP104, WEP40</para>
+ </listitem>
+
+ <listitem>
+ <para>RSN/WPA2 (IEEE 802.11i)</para>
+ <itemizedlist>
+ <listitem>
+ <para>pre-authentication</para>
+ </listitem>
+
+ <listitem>
+ <para>PMKSA caching</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+ </refsect1>
+
+ <refsect1>
+ <title>Available Drivers</title>
+ <para>The available drivers to specify with the -D option are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>hostap</term>
+ <listitem>
+ <para>(default) Host AP driver (Intersil Prism2/2.5/3).
+ (this can also be used with Linuxant DriverLoader).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>hermes</term>
+ <listitem>
+ <para>Agere Systems Inc. driver (Hermes-I/Hermes-II).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>madwifi</term>
+ <listitem>
+ <para>MADWIFI 802.11 support (Atheros, etc.).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>atmel</term>
+ <listitem>
+ <para>ATMEL AT76C5XXx (USB, PCMCIA).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>wext</term>
+ <listitem>
+ <para>Linux wireless extensions (generic).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ndiswrapper</term>
+ <listitem>
+ <para>Linux ndiswrapper.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>broadcom</term>
+ <listitem>
+ <para>Broadcom wl.o driver.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ipw</term>
+ <listitem>
+ <para>Intel ipw2100/2200 driver.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>wired</term>
+ <listitem>
+ <para>wpa_supplicant wired Ethernet driver</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>bsd</term>
+ <listitem>
+ <para>BSD 802.11 support (Atheros, etc.).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ndis</term>
+ <listitem>
+ <para>Windows NDIS driver.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Command Line Options</title>
+ <variablelist>
+ <varlistentry>
+ <term>-B</term>
+ <listitem>
+ <para>Run daemon in the background.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i ifname</term>
+ <listitem>
+ <para>Interface to listen on.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c filename</term>
+ <listitem>
+ <para>Path to configuration file.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-P PID_file</term>
+ <listitem>
+ <para>Path to PID file.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-C ctrl_interface</term>
+ <listitem>
+ <para>Path to ctrl_interface socket (only used if -c is not).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g global ctrl_interface</term>
+ <listitem>
+ <para>Path to global ctrl_interface socket.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D driver</term>
+ <listitem>
+ <para>Driver to use. See the available options below.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f output file</term>
+ <listitem>
+ <para>Log output to specified file instead of stdout.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-d</term>
+ <listitem>
+ <para>Increase debugging verbosity (-dd even more).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-K</term>
+ <listitem>
+ <para>Include keys (passwords, etc.) in debug output.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t</term>
+ <listitem>
+ <para>Include timestamp in debug messages.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-e</term>
+ <listitem>
+ <para>Use external IEEE 802.1X Supplicant (e.g.,
+ <command>xsupplicant</command>) (this disables the internal
+ Supplicant).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>Help. Show a usage message.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-L</term>
+ <listitem>
+ <para>Show license (GPL and BSD).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-q</term>
+ <listitem>
+ <para>Decrease debugging verbosity (-qq even less).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>Show version.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-w</term>
+ <listitem>
+ <para>wait for interface to be added, if needed. normally,
+ <command>wpa_supplicant</command> will exit if the interface
+ is not there yet.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-N</term>
+ <listitem>
+ <para>Start describing new interface.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+
+ <para>In most common cases, <command>wpa_supplicant</command> is
+ started with:</para>
+
+<blockquote><programlisting>
+wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0
+</programlisting></blockquote>
+
+ <para>This makes the process fork into background and wait for the wlan0
+ interface if it is not available at startup time.</para>
+
+ <para>The easiest way to debug problems, and to get debug log for
+ bug reports, is to start <command>wpa_supplicant</command> on
+ foreground with debugging enabled:</para>
+
+<blockquote><programlisting>
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+</programlisting></blockquote>
+
+ <para><command>wpa_supplicant</command> can control multiple
+ interfaces (radios) either by running one process for each
+ interface separately or by running just one process and list of
+ options at command line. Each interface is separated with -N
+ argument. As an example, following command would start
+ wpa_supplicant for two interfaces:</para>
+
+<blockquote><programlisting>
+wpa_supplicant \
+ -c wpa1.conf -i wlan0 -D hostap -N \
+ -c wpa2.conf -i ath0 -D madwifi
+</programlisting></blockquote>
+ </refsect1>
+
+ <refsect1>
+ <title>OS Requirements</title>
+ <para>Current hardware/software requirements:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Linux kernel 2.4.x or 2.6.x with Linux Wireless
+ Extensions v15 or newer</para>
+ </listitem>
+
+
+ <listitem>
+ <para>FreeBSD 6-CURRENT</para>
+ </listitem>
+
+ <listitem>
+ <para>Microsoft Windows with WinPcap (at least WinXP, may work
+ with other versions)</para>
+ </listitem>
+ </itemizedlist>
+ </refsect1>
+
+ <refsect1>
+ <title>Supported Drivers</title>
+ <variablelist>
+ <varlistentry>
+ <term>Host AP driver for Prism2/2.5/3 (development
+ snapshot/v0.2.x)</term>
+ <listitem>
+ <para> (http://hostap.epitest.fi/) Driver needs to be set in
+ Managed mode ('iwconfig wlan0 mode managed'). Please note
+ that station firmware version needs to be 1.7.0 or newer to
+ work in WPA mode.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Linuxant DriverLoader</term>
+ <listitem>
+ <para>(http://www.linuxant.com/driverloader/)
+ with Windows NDIS driver for your wlan card supporting WPA.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Agere Systems Inc. Linux Driver</term>
+ <listitem>
+ <para> (http://www.agere.com/support/drivers/) Please note
+ that the driver interface file (driver_hermes.c) and hardware
+ specific include files are not included in the wpa_supplicant
+ distribution. You will need to copy these from the source
+ package of the Agere driver.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>madwifi driver for cards based on Atheros chip set (ar521x)</term>
+ <listitem>
+ <para> (http://sourceforge.net/projects/madwifi/) Please
+ note that you will need to modify the wpa_supplicant .config
+ file to use the correct path for the madwifi driver root
+ directory (CFLAGS += -I../madwifi/wpa line in example
+ defconfig).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ATMEL AT76C5XXx driver for USB and PCMCIA cards</term>
+ <listitem>
+ <para> (http://atmelwlandriver.sourceforge.net/).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Linux ndiswrapper</term>
+ <listitem>
+ <para> (http://ndiswrapper.sourceforge.net/) with Windows
+ NDIS driver.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Broadcom wl.o driver</term>
+ <listitem>
+ <para> This is a generic Linux driver for Broadcom IEEE
+ 802.11a/g cards. However, it is proprietary driver that is
+ not publicly available except for couple of exceptions, mainly
+ Broadcom-based APs/wireless routers that use Linux. The driver
+ binary can be downloaded, e.g., from Linksys support site
+ (http://www.linksys.com/support/gpl.asp) for Linksys
+ WRT54G. The GPL tarball includes cross-compiler and the needed
+ header file, wlioctl.h, for compiling wpa_supplicant. This
+ driver support in wpa_supplicant is expected to work also with
+ other devices based on Broadcom driver (assuming the driver
+ includes client mode support).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term> Intel ipw2100 driver</term>
+ <listitem>
+ <para> (http://sourceforge.net/projects/ipw2100/)</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Intel ipw2200 driver</term>
+ <listitem>
+ <para> (http://sourceforge.net/projects/ipw2200/)</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Linux wireless extensions</term>
+ <listitem>
+ <para>In theory, any driver that supports Linux wireless
+ extensions can be used with IEEE 802.1X (i.e., not WPA) when
+ using ap_scan=0 option in configuration file.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Wired Ethernet drivers</term>
+ <listitem>
+ <para>Use ap_scan=0.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>BSD net80211 layer (e.g., Atheros driver)</term>
+ <listitem>
+ <para>At the moment, this is for FreeBSD 6-CURRENT branch.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Windows NDIS</term>
+ <listitem>
+ <para>The current Windows port requires WinPcap
+ (http://winpcap.polito.it/). See README-Windows.txt for more
+ information.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+
+ <para>wpa_supplicant was designed to be portable for different
+ drivers and operating systems. Hopefully, support for more wlan
+ cards and OSes will be added in the future. See developer.txt for
+ more information about the design of wpa_supplicant and porting to
+ other drivers. One main goal is to add full WPA/WPA2 support to
+ Linux wireless extensions to allow new drivers to be supported
+ without having to implement new driver-specific interface code in
+ wpa_supplicant.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Architecture</title> <para>The
+ <command>wpa_supplicant</command> system consists of the following
+ components:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><filename>wpa_supplicant.conf</filename> </term>
+ <listitem>
+ <para>the configuration file describing all networks that the
+ user wants the computer to connect to. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><command>wpa_supplicant</command></term>
+ <listitem><para>the program that directly interacts with the
+ network interface. </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><command>wpa_cli</command></term> <listitem><para> the
+ client program that provides a high-level interface to the
+ functionality of the daemon. </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><command>wpa_passphrase</command></term>
+ <listitem><para>a utility needed to construct
+ <filename>wpa_supplicant.conf</filename> files that include
+ encrypted passwords.</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Quick Start</title>
+
+ <para>First, make a configuration file, e.g.
+ <filename>/etc/wpa_supplicant.conf</filename>, that describes the networks
+ you are interested in. See <citerefentry>
+ <refentrytitle>wpa_supplicant.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>
+ for details.</para>
+
+ <para>Once the configuration is ready, you can test whether the
+ configuration works by running <command>wpa_supplicant</command>
+ with following command to start it on foreground with debugging
+ enabled:</para>
+
+ <blockquote><programlisting>
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+ </programlisting></blockquote>
+
+ <para>Assuming everything goes fine, you can start using following
+ command to start <command>wpa_supplicant</command> on background
+ without debugging:</para>
+
+ <blockquote><programlisting>
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+ </programlisting></blockquote>
+
+ <para>Please note that if you included more than one driver
+ interface in the build time configuration (.config), you may need
+ to specify which interface to use by including -D<driver
+ name> option on the command line.</para>
+
+ <!-- XXX at this point, the page could include a little script
+ based on wpa_cli to wait for a connection and then run
+ dhclient -->
+
+ </refsect1>
+
+ <refsect1>
+ <title>Interface to pcmcia-cs/cardmrg</title>
+
+ <para>For example, following small changes to pcmcia-cs scripts
+ can be used to enable WPA support:</para>
+
+ <para>Add MODE="Managed" and WPA="y" to the network scheme in
+ <filename>/etc/pcmcia/wireless.opts</filename>.</para>
+
+ <para>Add the following block to the end of 'start' action handler
+ in <filename>/etc/pcmcia/wireless</filename>:</para>
+
+ <blockquote><programlisting>
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -i$DEVICE
+fi
+ </programlisting></blockquote>
+
+
+ <para>Add the following block to the end of 'stop' action handler
+ (may need to be separated from other actions) in
+ <filename>/etc/pcmcia/wireless</filename>:</para>
+
+ <blockquote><programlisting>
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+fi
+ </programlisting></blockquote>
+
+ <para>This will make <command>cardmgr</command> start
+ <command>wpa_supplicant</command> when the card is plugged
+ in. <command>wpa_supplicant</command> will wait until the
+ interface is set up--either when a static IP address is configured
+ or when DHCP client is started--and will then negotiate keys with
+ the AP.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>wpa_background</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>wpa_supplicant.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>wpa_cli</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ <citerefentry>
+ <refentrytitle>wpa_passphrase</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Legal</title>
+ <para>wpa_supplicant is copyright (c) 2003-2005,
+ Jouni Malinen <email>j@w1.fi</email> and
+ contributors.
+ All Rights Reserved.</para>
+
+ <para>This program is dual-licensed under both the GPL version 2
+ and BSD license. Either license may be used at your option.</para>
+ </refsect1>
+</refentry>
--- /dev/null
+# Doxyfile 1.4.1
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME = wpa_supplicant
+PROJECT_NUMBER = 0.5.x
+OUTPUT_DIRECTORY = doc
+CREATE_SUBDIRS = NO
+OUTPUT_LANGUAGE = English
+USE_WINDOWS_ENCODING = NO
+BRIEF_MEMBER_DESC = YES
+REPEAT_BRIEF = YES
+ABBREVIATE_BRIEF = "The $name class" \
+ "The $name widget" \
+ "The $name file" \
+ is \
+ provides \
+ specifies \
+ contains \
+ represents \
+ a \
+ an \
+ the
+ALWAYS_DETAILED_SEC = NO
+INLINE_INHERITED_MEMB = NO
+FULL_PATH_NAMES = YES
+STRIP_FROM_PATH =
+STRIP_FROM_INC_PATH =
+SHORT_NAMES = NO
+JAVADOC_AUTOBRIEF = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP = NO
+INHERIT_DOCS = YES
+DISTRIBUTE_GROUP_DOC = NO
+TAB_SIZE = 8
+ALIASES =
+OPTIMIZE_OUTPUT_FOR_C = YES
+OPTIMIZE_OUTPUT_JAVA = NO
+SUBGROUPING = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL = NO
+EXTRACT_PRIVATE = NO
+EXTRACT_STATIC = NO
+EXTRACT_LOCAL_CLASSES = YES
+EXTRACT_LOCAL_METHODS = NO
+HIDE_UNDOC_MEMBERS = NO
+HIDE_UNDOC_CLASSES = NO
+HIDE_FRIEND_COMPOUNDS = NO
+HIDE_IN_BODY_DOCS = NO
+INTERNAL_DOCS = NO
+CASE_SENSE_NAMES = YES
+HIDE_SCOPE_NAMES = NO
+SHOW_INCLUDE_FILES = YES
+INLINE_INFO = YES
+SORT_MEMBER_DOCS = YES
+SORT_BRIEF_DOCS = NO
+SORT_BY_SCOPE_NAME = NO
+GENERATE_TODOLIST = YES
+GENERATE_TESTLIST = YES
+GENERATE_BUGLIST = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS =
+MAX_INITIALIZER_LINES = 30
+SHOW_USED_FILES = YES
+SHOW_DIRECTORIES = NO
+FILE_VERSION_FILTER =
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET = NO
+WARNINGS = YES
+WARN_IF_UNDOCUMENTED = YES
+WARN_IF_DOC_ERROR = YES
+WARN_NO_PARAMDOC = YES
+WARN_FORMAT = "$file:$line: $text"
+WARN_LOGFILE =
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT = . \
+ ../hostapd/aes.c \
+ ../hostapd/rc4.c \
+ ../hostapd/rc4.h \
+ ../hostapd/md5.c \
+ ../hostapd/md5.h \
+ ../hostapd/sha1.c \
+ ../hostapd/sha1.h \
+ ../hostapd/common.c \
+ ../hostapd/common.h \
+ ../hostapd/eloop.c \
+ ../hostapd/eloop.h \
+ ../hostapd/aes_wrap.c \
+ ../hostapd/aes_wrap.h
+FILE_PATTERNS = *.c *.h *.doxygen
+RECURSIVE = YES
+EXCLUDE =
+EXCLUDE_SYMLINKS = NO
+EXCLUDE_PATTERNS =
+EXAMPLE_PATH =
+EXAMPLE_PATTERNS = *
+EXAMPLE_RECURSIVE = NO
+IMAGE_PATH = doc
+INPUT_FILTER = kerneldoc2doxygen.pl
+FILTER_PATTERNS =
+FILTER_SOURCE_FILES = YES
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER = YES
+INLINE_SOURCES = NO
+STRIP_CODE_COMMENTS = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION = NO
+VERBATIM_HEADERS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX = YES
+COLS_IN_ALPHA_INDEX = 3
+IGNORE_PREFIX =
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML = YES
+HTML_OUTPUT = html
+HTML_FILE_EXTENSION = .html
+HTML_HEADER =
+HTML_FOOTER =
+HTML_STYLESHEET =
+HTML_ALIGN_MEMBERS = YES
+GENERATE_HTMLHELP = NO
+CHM_FILE =
+HHC_LOCATION =
+GENERATE_CHI = NO
+BINARY_TOC = NO
+TOC_EXPAND = NO
+DISABLE_INDEX = NO
+ENUM_VALUES_PER_LINE = 4
+GENERATE_TREEVIEW = NO
+TREEVIEW_WIDTH = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX = NO
+LATEX_OUTPUT = latex
+LATEX_CMD_NAME = latex
+MAKEINDEX_CMD_NAME = makeindex
+COMPACT_LATEX = NO
+PAPER_TYPE = a4wide
+EXTRA_PACKAGES =
+LATEX_HEADER =
+PDF_HYPERLINKS = YES
+USE_PDFLATEX = YES
+LATEX_BATCHMODE = NO
+LATEX_HIDE_INDICES = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF = NO
+RTF_OUTPUT = rtf
+COMPACT_RTF = NO
+RTF_HYPERLINKS = NO
+RTF_STYLESHEET_FILE =
+RTF_EXTENSIONS_FILE =
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN = NO
+MAN_OUTPUT = man
+MAN_EXTENSION = .3
+MAN_LINKS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML = NO
+XML_OUTPUT = xml
+XML_SCHEMA =
+XML_DTD =
+XML_PROGRAMLISTING = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD = NO
+PERLMOD_LATEX = NO
+PERLMOD_PRETTY = YES
+PERLMOD_MAKEVAR_PREFIX =
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING = YES
+MACRO_EXPANSION = NO
+EXPAND_ONLY_PREDEF = NO
+SEARCH_INCLUDES = YES
+INCLUDE_PATH =
+INCLUDE_FILE_PATTERNS =
+PREDEFINED = IEEE8021X_EAPOL
+EXPAND_AS_DEFINED =
+SKIP_FUNCTION_MACROS = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+TAGFILES =
+GENERATE_TAGFILE =
+ALLEXTERNALS = NO
+EXTERNAL_GROUPS = YES
+PERL_PATH = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS = NO
+HIDE_UNDOC_RELATIONS = YES
+HAVE_DOT = NO
+CLASS_GRAPH = YES
+COLLABORATION_GRAPH = YES
+GROUP_GRAPHS = YES
+UML_LOOK = NO
+TEMPLATE_RELATIONS = NO
+INCLUDE_GRAPH = YES
+INCLUDED_BY_GRAPH = YES
+CALL_GRAPH = YES
+GRAPHICAL_HIERARCHY = YES
+DIRECTORY_GRAPH = NO
+DOT_IMAGE_FORMAT = png
+DOT_PATH =
+DOTFILE_DIRS =
+MAX_DOT_GRAPH_WIDTH = 1024
+MAX_DOT_GRAPH_HEIGHT = 1024
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = NO
+DOT_MULTI_TARGETS = NO
+GENERATE_LEGEND = YES
+DOT_CLEANUP = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+SEARCHENGINE = NO
--- /dev/null
+# Doxyfile 1.4.1
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME = wpa_supplicant
+PROJECT_NUMBER = 0.5.x
+OUTPUT_DIRECTORY = doc
+CREATE_SUBDIRS = NO
+OUTPUT_LANGUAGE = English
+USE_WINDOWS_ENCODING = NO
+BRIEF_MEMBER_DESC = YES
+REPEAT_BRIEF = YES
+ABBREVIATE_BRIEF = "The $name class" \
+ "The $name widget" \
+ "The $name file" \
+ is \
+ provides \
+ specifies \
+ contains \
+ represents \
+ a \
+ an \
+ the
+ALWAYS_DETAILED_SEC = NO
+INLINE_INHERITED_MEMB = NO
+FULL_PATH_NAMES = YES
+STRIP_FROM_PATH =
+STRIP_FROM_INC_PATH =
+SHORT_NAMES = NO
+JAVADOC_AUTOBRIEF = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP = NO
+INHERIT_DOCS = YES
+DISTRIBUTE_GROUP_DOC = NO
+TAB_SIZE = 8
+ALIASES =
+OPTIMIZE_OUTPUT_FOR_C = YES
+OPTIMIZE_OUTPUT_JAVA = NO
+SUBGROUPING = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL = NO
+EXTRACT_PRIVATE = NO
+EXTRACT_STATIC = NO
+EXTRACT_LOCAL_CLASSES = YES
+EXTRACT_LOCAL_METHODS = NO
+HIDE_UNDOC_MEMBERS = NO
+HIDE_UNDOC_CLASSES = NO
+HIDE_FRIEND_COMPOUNDS = NO
+HIDE_IN_BODY_DOCS = NO
+INTERNAL_DOCS = NO
+CASE_SENSE_NAMES = YES
+HIDE_SCOPE_NAMES = NO
+SHOW_INCLUDE_FILES = YES
+INLINE_INFO = YES
+SORT_MEMBER_DOCS = YES
+SORT_BRIEF_DOCS = NO
+SORT_BY_SCOPE_NAME = NO
+GENERATE_TODOLIST = YES
+GENERATE_TESTLIST = YES
+GENERATE_BUGLIST = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS =
+MAX_INITIALIZER_LINES = 30
+SHOW_USED_FILES = YES
+SHOW_DIRECTORIES = NO
+FILE_VERSION_FILTER =
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET = NO
+WARNINGS = YES
+WARN_IF_UNDOCUMENTED = YES
+WARN_IF_DOC_ERROR = YES
+WARN_NO_PARAMDOC = YES
+WARN_FORMAT = "$file:$line: $text"
+WARN_LOGFILE =
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT = .
+FILE_PATTERNS = *.c *.h *.doxygen
+RECURSIVE = YES
+EXCLUDE =
+EXCLUDE_SYMLINKS = NO
+EXCLUDE_PATTERNS =
+EXAMPLE_PATH =
+EXAMPLE_PATTERNS = *
+EXAMPLE_RECURSIVE = NO
+IMAGE_PATH = doc
+INPUT_FILTER = kerneldoc2doxygen.pl
+FILTER_PATTERNS =
+FILTER_SOURCE_FILES = YES
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER = YES
+INLINE_SOURCES = NO
+STRIP_CODE_COMMENTS = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION = NO
+VERBATIM_HEADERS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX = YES
+COLS_IN_ALPHA_INDEX = 3
+IGNORE_PREFIX =
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML = YES
+HTML_OUTPUT = html
+HTML_FILE_EXTENSION = .html
+HTML_HEADER =
+HTML_FOOTER =
+HTML_STYLESHEET =
+HTML_ALIGN_MEMBERS = YES
+GENERATE_HTMLHELP = NO
+CHM_FILE =
+HHC_LOCATION =
+GENERATE_CHI = NO
+BINARY_TOC = NO
+TOC_EXPAND = NO
+DISABLE_INDEX = NO
+ENUM_VALUES_PER_LINE = 4
+GENERATE_TREEVIEW = NO
+TREEVIEW_WIDTH = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX = YES
+LATEX_OUTPUT = latex
+LATEX_CMD_NAME = latex
+MAKEINDEX_CMD_NAME = makeindex
+COMPACT_LATEX = NO
+PAPER_TYPE = a4wide
+EXTRA_PACKAGES =
+LATEX_HEADER =
+PDF_HYPERLINKS = YES
+USE_PDFLATEX = YES
+LATEX_BATCHMODE = NO
+LATEX_HIDE_INDICES = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF = NO
+RTF_OUTPUT = rtf
+COMPACT_RTF = NO
+RTF_HYPERLINKS = NO
+RTF_STYLESHEET_FILE =
+RTF_EXTENSIONS_FILE =
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN = NO
+MAN_OUTPUT = man
+MAN_EXTENSION = .3
+MAN_LINKS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML = NO
+XML_OUTPUT = xml
+XML_SCHEMA =
+XML_DTD =
+XML_PROGRAMLISTING = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD = NO
+PERLMOD_LATEX = NO
+PERLMOD_PRETTY = YES
+PERLMOD_MAKEVAR_PREFIX =
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING = YES
+MACRO_EXPANSION = NO
+EXPAND_ONLY_PREDEF = NO
+SEARCH_INCLUDES = YES
+INCLUDE_PATH =
+INCLUDE_FILE_PATTERNS =
+PREDEFINED = IEEE8021X_EAPOL CONFIG_CTRL_IFACE
+EXPAND_AS_DEFINED =
+SKIP_FUNCTION_MACROS = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+TAGFILES =
+GENERATE_TAGFILE =
+ALLEXTERNALS = NO
+EXTERNAL_GROUPS = YES
+PERL_PATH = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS = NO
+HIDE_UNDOC_RELATIONS = YES
+HAVE_DOT = YES
+CLASS_GRAPH = YES
+COLLABORATION_GRAPH = YES
+GROUP_GRAPHS = YES
+UML_LOOK = NO
+TEMPLATE_RELATIONS = NO
+INCLUDE_GRAPH = YES
+INCLUDED_BY_GRAPH = YES
+CALL_GRAPH = YES
+GRAPHICAL_HIERARCHY = YES
+DIRECTORY_GRAPH = NO
+DOT_IMAGE_FORMAT = png
+DOT_PATH =
+DOTFILE_DIRS =
+MAX_DOT_GRAPH_WIDTH = 1024
+MAX_DOT_GRAPH_HEIGHT = 1024
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = NO
+DOT_MULTI_TARGETS = NO
+GENERATE_LEGEND = YES
+DOT_CLEANUP = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+SEARCHENGINE = YES
--- /dev/null
+/**
+\page driver_wrapper Driver wrapper implementation (driver.h, drivers.c)
+
+All hardware and driver dependent functionality is in separate C files
+that implement defined wrapper functions. Other parts
+of the %wpa_supplicant are designed to be hardware, driver, and operating
+system independent.
+
+Driver wrappers need to implement whatever calls are used in the
+target operating system/driver for controlling wireless LAN
+devices. As an example, in case of Linux, these are mostly some glue
+code and ioctl() calls and netlink message parsing for Linux Wireless
+Extensions (WE). Since features required for WPA were added only recently to
+Linux Wireless Extensions (in version 18), some driver specific code is used
+in number of driver interface implementations. These driver dependent parts
+can be replaced with generic code in driver_wext.c once the target driver
+includes full support for WE-18. After that, all Linux drivers, at
+least in theory, could use the same driver wrapper code.
+
+A driver wrapper needs to implement some or all of the functions
+defined in driver.h. These functions are registered by filling struct
+wpa_driver_ops with function pointers. Hardware independent parts of
+%wpa_supplicant will call these functions to control the driver/wlan
+card. In addition, support for driver events is required. The event
+callback function, wpa_supplicant_event(), and its parameters are
+documented in wpa_supplicant.h. In addition, a pointer to the 'struct
+wpa_driver_ops' needs to be registered in drivers.c file.
+
+When porting to other operating systems, the driver wrapper should be
+modified to use the native interface of the target OS. It is possible
+that some extra requirements for the interface between the driver
+wrapper and generic %wpa_supplicant code are discovered during porting
+to a new operating system. These will be addressed on case by case
+basis by modifying the interface and updating the other driver
+wrappers for this. The goal is to avoid changing this interface
+without very good reasons in order to limit the number of changes
+needed to other wrappers and hardware independent parts of
+%wpa_supplicant. When changes are required, recommended way is to
+make them in backwards compatible way that allows existing driver
+interface implementations to be compiled without any modification.
+
+Generic Linux Wireless Extensions functions are implemented in
+driver_wext.c. All Linux driver wrappers can use these when the kernel
+driver supports the generic ioctl()s and wireless events. Driver
+specific functions are implemented in separate C files, e.g.,
+driver_hostap.c. These files need to define struct wpa_driver_ops
+entry that will be used in wpa_supplicant.c when calling driver
+functions. struct wpa_driver_ops entries are registered in drivers.c.
+
+In general, it is likely to be useful to first take a look at couple
+of driver interface examples before starting on implementing a new
+one. driver_hostap.c and driver_wext.c include a complete
+implementation for Linux drivers that use %wpa_supplicant-based control
+of WPA IE and roaming. driver_ndis.c (with help from driver_ndis_.c)
+is an example of a complete interface for Windows NDIS interface for
+drivers that generate WPA IE themselves and decide when to roam. These
+example implementations include full support for all security modes.
+
+
+\section driver_req Driver requirements for WPA
+
+WPA introduces new requirements for the device driver. At least some
+of these need to be implemented in order to provide enough support for
+%wpa_supplicant.
+
+\subsection driver_tkip_ccmp TKIP/CCMP
+
+WPA requires that the pairwise cipher suite (encryption algorithm for
+unicast data packets) is TKIP or CCMP. These are new encryption
+protocols and thus, the driver will need to be modified to support
+them. Depending on the used wlan hardware, some parts of these may be
+implemented by the hardware/firmware.
+
+Specification for both TKIP and CCMP is available from IEEE (IEEE
+802.11i amendment). Fully functional, hardware independent
+implementation of both encryption protocols is also available in Host
+AP driver (driver/modules/hostap_{tkip,ccmp}.c). In addition, Linux 2.6
+kernel tree has generic implementations for WEP, TKIP, and CCMP that can
+be used in Linux drivers.
+
+The driver will also need to provide configuration mechanism to allow
+user space programs to configure TKIP and CCMP. Linux Wireless Extensions
+v18 added support for configuring these algorithms and
+individual/non-default keys. If the target kernel does not include WE-18,
+private ioctls can be used to provide similar functionality.
+
+\subsection driver_roaming Roaming control and scanning support
+
+%wpa_supplicant can optionally control AP selection based on the
+information received from Beacon and/or Probe Response frames
+(ap_scan=1 mode in configuration). This means that the driver should
+support external control for scan process. In case of Linux, use of
+new Wireless Extensions scan support (i.e., 'iwlist wlan0 scan') is
+recommended. The current driver wrapper (driver_wext.c) uses this for
+scan results.
+
+Scan results must also include the WPA information element. Support for
+this was added in WE-18. With older versions, a custom event can be used
+to provide the full WPA IE (including element id and length) as a hex
+string that is included in the scan results.
+
+%wpa_supplicant needs to also be able to request the driver to
+associate with a specific BSS. Current Host AP driver and matching
+driver_hostap.c wrapper uses following sequence for this
+request. Similar/identical mechanism should be usable also with other
+drivers.
+
+- set WPA IE for AssocReq with private ioctl
+- set SSID with SIOCSIWESSID
+- set channel/frequency with SIOCSIWFREQ
+- set BSSID with SIOCSIWAP
+ (this last ioctl will trigger the driver to request association)
+
+\subsection driver_wpa_ie WPA IE generation
+
+%wpa_supplicant selects which cipher suites and key management suites
+are used. Based on this information, it generates a WPA IE. This is
+provided to the driver interface in the associate call. This does not
+match with Windows NDIS drivers which generate the WPA IE
+themselves.
+
+%wpa_supplicant allows Windows NDIS-like behavior by providing the
+selected cipher and key management suites in the associate call. If
+the driver generates its own WPA IE and that differs from the one
+generated by %wpa_supplicant, the driver has to inform %wpa_supplicant
+about the used WPA IE (i.e., the one it used in (Re)Associate
+Request). This notification is done using EVENT_ASSOCINFO event (see
+wpa_supplicant.h). %wpa_supplicant is normally configured to use
+ap_scan=2 mode with drivers that control WPA IE generation and roaming.
+
+\subsection driver_events Driver events
+
+%wpa_supplicant needs to receive event callbacks when certain events
+occur (association, disassociation, Michael MIC failure, scan results
+available, PMKSA caching candidate). These events and the callback
+details are defined in wpa_supplicant.h (wpa_supplicant_event() function
+and enum wpa_event_type).
+
+On Linux, association and disassociation can use existing Wireless
+Extensions event that is reporting new AP with SIOCGIWAP
+event. Similarly, completion of a scan can be reported with SIOCGIWSCAN
+event.
+
+Michael MIC failure event was added in WE-18. Older versions of Wireless
+Extensions will need to use a custom event. Host AP driver used a custom
+event with following contents: MLME-MICHAELMICFAILURE.indication(keyid=#
+broadcast/unicast addr=addr2). This is the recommended format until
+the driver can be moved to use WE-18 mechanism.
+
+\subsection driver_wext_summary Summary of Linux Wireless Extensions use
+
+AP selection depends on ap_scan configuration:
+
+ap_scan=1:
+
+- %wpa_supplicant requests scan with SIOCSIWSCAN
+- driver reports scan complete with wireless event SIOCGIWSCAN
+- %wpa_supplicant reads scan results with SIOCGIWSCAN (multiple call if
+ a larget buffer is needed)
+- %wpa_supplicant decides which AP to use based on scan results
+- %wpa_supplicant configures driver to associate with the selected BSS
+ (SIOCSIWMODE, SIOCSIWGENIE, SIOCSIWAUTH, SIOCSIWFREQ,
+ SIOCSIWESSID, SIOCSIWAP)
+
+ap_scan=2:
+
+- %wpa_supplicant configures driver to associate with an SSID
+ (SIOCSIWMODE, SIOCSIWGENIE, SIOCSIWAUTH, SIOCSIWESSID)
+
+
+After this, both modes use similar steps:
+
+- optionally (or required for drivers that generate WPA/RSN IE for
+ (Re)AssocReq), driver reports association parameters (AssocReq IEs)
+ with wireless event IWEVASSOCREQIE (and optionally IWEVASSOCRESPIE)
+- driver reports association with wireless event SIOCGIWAP
+- %wpa_supplicant takes care of EAPOL frame handling (validating
+ information from associnfo and if needed, from scan results if WPA/RSN
+ IE from the Beacon frame is not reported through associnfo)
+*/
--- /dev/null
+/**
+\page eap_module EAP peer implementation
+
+Extensible Authentication Protocol (EAP) is an authentication framework
+defined in RFC 3748. %wpa_supplicant uses a separate code module for EAP
+peer implementation. This module was designed to use only a minimal set
+of direct function calls (mainly, to debug/event functions) in order for
+it to be usable in other programs. The design of the EAP
+implementation is based loosely on RFC 4137. The state machine is
+defined in this RFC and so is the interface between the peer state
+machine and methods. As such, this RFC provides useful information for
+understanding the EAP peer implementation in %wpa_supplicant.
+
+Some of the terminology used in EAP state machine is referring to
+EAPOL (IEEE 802.1X), but there is no strict requirement on the lower
+layer being IEEE 802.1X if EAP module is built for other programs than
+%wpa_supplicant. These terms should be understood to refer to the
+lower layer as defined in RFC 4137.
+
+
+\section adding_eap_methods Adding EAP methods
+
+Each EAP method is implemented as a separate module, usually as one C
+file named eap_<name of the method>.c, e.g., eap_md5.c. All EAP
+methods use the same interface between the peer state machine and
+method specific functions. This allows new EAP methods to be added
+without modifying the core EAP state machine implementation.
+
+New EAP methods need to be registered by adding them into the build
+(Makefile) and the EAP method registration list in the
+eap_peer_register_methods() function of eap_methods.c. Each EAP
+method should use a build-time configuration option, e.g., EAP_TLS, in
+order to make it possible to select which of the methods are included
+in the build.
+
+EAP methods must implement the interface defined in eap_i.h. struct
+eap_method defines the needed function pointers that each EAP method
+must provide. In addition, the EAP type and name are registered using
+this structure. This interface is based on section 4.4 of RFC 4137.
+
+It is recommended that the EAP methods would use generic helper
+functions, eap_msg_alloc() and eap_hdr_validate() when processing
+messages. This allows code sharing and can avoid missing some of the
+needed validation steps for received packets. In addition, these
+functions make it easier to change between expanded and legacy EAP
+header, if needed.
+
+When adding an EAP method that uses a vendor specific EAP type
+(Expanded Type as defined in RFC 3748, Chapter 5.7), the new method
+must be registered by passing vendor id instead of EAP_VENDOR_IETF to
+eap_peer_method_alloc(). These methods must not try to emulate
+expanded types by registering a legacy EAP method for type 254. See
+eap_vendor_test.c for an example of an EAP method implementation that
+is implemented as an expanded type.
+
+*/
--- /dev/null
+#!/usr/bin/perl -w
+#
+##########################################################################
+# Convert kernel-doc style comments to Doxygen comments.
+##########################################################################
+#
+# This script reads a C source file from stdin, and writes
+# to stdout. Normal usage:
+#
+# $ mv file.c file.c.gtkdoc
+# $ kerneldoc2doxygen.pl <file.c.gtkdoc >file.c
+#
+# Or to do the same thing with multiple files:
+# $ perl -i.gtkdoc kerneldoc2doxygen.pl *.c *.h
+#
+# This script may also be suitable for use as a Doxygen input filter,
+# but that has not been tested.
+#
+# Back up your source files before using this script!!
+#
+##########################################################################
+# Copyright (C) 2003 Jonathan Foster <jon@jon-foster.co.uk>
+# Copyright (C) 2005 Jouni Malinen <j@w1.fi>
+# (modified for kerneldoc format used in wpa_supplicant)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+# or look at http://www.gnu.org/licenses/gpl.html
+##########################################################################
+
+
+##########################################################################
+#
+# This function converts a single comment from gtk-doc to Doxygen format.
+# The parameter does not include the opening or closing lines
+# (i.e. given a comment like this:
+# "/**\n"
+# " * FunctionName:\n"
+# " * @foo: This describes the foo parameter\n"
+# " * @bar: This describes the bar parameter\n"
+# " * @Returns: This describes the return value\n"
+# " *\n"
+# " * This describes the function.\n"
+# " */\n"
+# This function gets:
+# " * FunctionName:\n"
+# " * @foo: This describes the foo parameter\n"
+# " * @bar: This describes the bar parameter\n"
+# " * @Returns: This describes the return value\n"
+# " *\n"
+# " * This describes the function.\n"
+# And it returns:
+# " * This describes the function.\n"
+# " *\n"
+# " * @param foo This describes the foo parameter\n"
+# " * @param bar This describes the bar parameter\n"
+# " * @return This describes the return value\n"
+# )
+#
+sub fixcomment {
+ $t = $_[0];
+
+ # " * func: foo" --> "\brief foo\n"
+ # " * struct bar: foo" --> "\brief foo\n"
+ # If this fails, not a kernel-doc comment ==> return unmodified.
+ ($t =~ s/^[\t ]*\*[\t ]*(struct )?([^ \t\n]*) - ([^\n]*)/\\brief $3\n/s)
+ or return $t;
+
+ # " * Returns: foo" --> "\return foo"
+ $t =~ s/\n[\t ]*\*[\t ]*Returns:/\n\\return/sig;
+
+ # " * @foo: bar" --> "\param foo bar"
+ # Handle two common typos: No ":", or "," instead of ":".
+ $t =~ s/\n[\t ]*\*[\t ]*\@([^ :,]*)[:,]?[\t ]*/\n\\param $1 /sg;
+
+ return $t;
+}
+
+##########################################################################
+# Start of main code
+
+# Read entire stdin into memory - one multi-line string.
+$_ = do { local $/; <> };
+
+s{^/\*\n \*}{/\*\* \\file\n\\brief};
+s{ \* Copyright}{\\par Copyright\nCopyright};
+
+# Fix any comments like "/*************" so they don't match.
+# "/***" ===> "/* *"
+s{/\*\*\*}{/\* \*}gs;
+
+# The main comment-detection code.
+s{
+ ( # $1 = Open comment
+ /\*\* # Open comment
+ (?!\*) # Do not match /*** (redundant due to fixup above).
+ [\t ]*\n? # If 1st line is whitespace, match the lot (including the newline).
+ )
+ (.*?) # $2 = Body of comment (multi-line)
+ ( # $3 = Close comment
+ ( # If possible, match the whitespace before the close-comment
+ (?<=\n) # This part only matches after a newline
+ [\t ]* # Eat whitespace
+ )?
+ \*/ # Close comment
+ )
+ }
+ {
+ $1 . fixcomment($2) . $3
+ }gesx;
+# ^^^^ Modes: g - Global, match all occurances.
+# e - Evaluate the replacement as an expression.
+# s - Single-line - allows the pattern to match across newlines.
+# x - eXtended pattern, ignore embedded whitespace
+# and allow comments.
+
+# Write results to stdout
+print $_;
+
--- /dev/null
+/**
+\mainpage Developers' documentation for %wpa_supplicant
+
+%wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with
+support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE
+802.1X/WPA component that is used in the client stations. It
+implements key negotiation with a WPA Authenticator and it can optionally
+control roaming and IEEE 802.11 authentication/association of the wlan
+driver.
+
+The goal of this documentation and comments in the source code is to
+give enough information for other developers to understand how
+%wpa_supplicant has been implemented, how it can be modified, how new
+drivers can be supported, and how %wpa_supplicant can be ported to
+other operating systems. If any information is missing, feel free to
+contact Jouni Malinen <j@w1.fi> for more
+information. Contributions as patch files are also very welcome at the
+same address. Please note that %wpa_supplicant is licensed under dual
+license, GPLv2 or BSD at user's choice. All contributions to
+%wpa_supplicant are expected to use compatible licensing terms.
+
+The source code and read-only access to %wpa_supplicant CVS repository
+is available from the project home page at
+http://hostap.epitest.fi/wpa_supplicant/. This developers' documentation
+is also available as a PDF file from
+http://hostap.epitest.fi/wpa_supplicant/wpa_supplicant-devel.pdf .
+
+The design goal for %wpa_supplicant was to use hardware, driver, and
+OS independent, portable C code for all WPA functionality. The source
+code is divided into separate C files as shown on the \ref
+code_structure "code structure page". All hardware/driver specific
+functionality is in separate files that implement a \ref
+driver_wrapper "well-defined driver API". Information about porting
+to different target boards and operating systems is available on
+the \ref porting "porting page".
+
+EAPOL (IEEE 802.1X) state machines are implemented as a separate
+module that interacts with \ref eap_module "EAP peer implementation".
+In addition to programs aimed at normal production use,
+%wpa_supplicant source tree includes number of \ref testing_tools
+"testing and development tools" that make it easier to test the
+programs without having to setup a full test setup with wireless
+cards. These tools can also be used to implement automatic test
+suites.
+
+%wpa_supplicant implements a
+\ref ctrl_iface_page "control interface" that can be used by
+external programs to control the operations of the %wpa_supplicant
+daemon and to get status information and event notifications. There is
+a small C library that provides helper functions to facilitate the use of the
+control interface. This library can also be used with C++.
+
+\image html wpa_supplicant.png "wpa_supplicant modules"
+\image latex wpa_supplicant.eps "wpa_supplicant modules" width=15cm
+
+*/
--- /dev/null
+/**
+\page porting Porting to different target boards and operating systems
+
+%wpa_supplicant was designed to be easily portable to different
+hardware (board, CPU) and software (OS, drivers) targets. It is
+already used with number of operating systems and numerous wireless
+card models and drivers. The main %wpa_supplicant repository includes
+support for Linux, FreeBSD, and Windows. In addition, at least VxWorks,
+PalmOS, Windows CE, and Windows Mobile are supported in separate
+repositories. On the hardware
+side, %wpa_supplicant is used on various systems: desktops, laptops,
+PDAs, and embedded devices with CPUs including x86, PowerPC,
+arm/xscale, and MIPS. Both big and little endian configurations are
+supported.
+
+
+\section ansi_c_extra Extra functions on top of ANSI C
+
+%wpa_supplicant is mostly using ANSI C functions that are available on
+most targets. However, couple of additional functions that are common
+on modern UNIX systems are used. Number of these are listed with
+prototypes in common.h (the #ifdef CONFIG_ANSI_C_EXTRA block). These
+functions may need to be implemented or at least defined as macros to
+native functions in the target OS or C library.
+
+Many of the common ANSI C functions are used through a wrapper
+definitions in os.h to allow these to be replaced easily with a
+platform specific version in case standard C libraries are not
+available. In addition, os.h defines couple of common platform
+specific functions that are implemented in os_unix.c for UNIX like
+targets and in os_win32.c for Win32 API. If the target platform does
+not support either of these examples, a new os_*.c file may need to be
+added.
+
+Unless OS_NO_C_LIB_DEFINES is defined, the standard ANSI C and POSIX
+functions are used by defining the os_*() wrappers to use them
+directly in order to avoid extra cost in size and speed. If the target
+platform needs different versions of the functions, os.h can be
+modified to define the suitable macros or alternatively,
+OS_NO_C_LIB_DEFINES may be defined for the build and the wrapper
+functions can then be implemented in a new os_*.c wrapper file.
+
+common.h defines number of helper macros for handling integers of
+different size and byte order. Suitable version of these definitions
+may need to be added for the target platform.
+
+
+\section configuration_backend Configuration backend
+
+%wpa_supplicant implements a configuration interface that allows the
+backend to be easily replaced in order to read configuration data from
+a suitable source depending on the target platform. config.c
+implements the generic code that can be shared with all configuration
+backends. Each backend is implemented in its own config_*.c file.
+
+The included config_file.c backend uses a text file for configuration
+and config_winreg.c uses Windows registry. These files can be used as
+an example for a new configuration backend if the target platform uses
+different mechanism for configuration parameters. In addition,
+config_none.c can be used as an empty starting point for building a
+new configuration backend.
+
+
+\section driver_iface_porting Driver interface
+
+Unless the target OS and driver is already supported, most porting
+projects have to implement a driver wrapper. This may be done by
+adding a new driver interface module or modifying an existing module
+(driver_*.c) if the new target is similar to one of them. \ref
+driver_wrapper "Driver wrapper implementation" describes the details
+of the driver interface and discusses the tasks involved in porting
+this part of %wpa_supplicant.
+
+
+\section l2_packet_porting l2_packet (link layer access)
+
+%wpa_supplicant needs to have access to sending and receiving layer 2
+(link layer) packets with two Ethertypes: EAP-over-LAN (EAPOL) 0x888e
+and RSN pre-authentication 0x88c7. l2_packet.h defines the interfaces
+used for this in the core %wpa_supplicant implementation.
+
+If the target operating system supports a generic mechanism for link
+layer access, that is likely the best mechanism for providing the
+needed functionality for %wpa_supplicant. Linux packet socket is an
+example of such a generic mechanism. If this is not available, a
+separate interface may need to be implemented to the network stack or
+driver. This is usually an intermediate or protocol driver that is
+operating between the device driver and the OS network stack. If such
+a mechanism is not feasible, the interface can also be implemented
+directly in the device driver.
+
+The main %wpa_supplicant repository includes l2_packet implementations
+for Linux using packet sockets (l2_packet_linux.c), more portable
+version using libpcap/libdnet libraries (l2_packet_pcap.c; this
+supports WinPcap, too), and FreeBSD specific version of libpcap
+interface (l2_packet_freebsd.c).
+
+If the target operating system is supported by libpcap (receiving) and
+libdnet (sending), l2_packet_pcap.c can likely be used with minimal or
+no changes. If this is not a case or a proprietary interface for link
+layer is required, a new l2_packet module may need to be
+added. Alternatively, struct wpa_driver_ops::send_eapol() handler can
+be used to override the l2_packet library if the link layer access is
+integrated with the driver interface implementation.
+
+
+\section eloop_porting Event loop
+
+%wpa_supplicant uses a single process/thread model and an event loop
+to provide callbacks on events (registered timeout, received packet,
+signal). eloop.h defines the event loop interface. eloop.c is an
+implementation of such an event loop using select() and sockets. This
+is suitable for most UNIX/POSIX systems. When porting to other
+operating systems, it may be necessary to replace that implementation
+with OS specific mechanisms that provide similar functionality.
+
+
+\section ctrl_iface_porting Control interface
+
+%wpa_supplicant uses a \ref ctrl_iface_page "control interface"
+to allow external processed
+to get status information and to control the operations. Currently,
+this is implemented with socket based communication; both UNIX domain
+sockets and UDP sockets are supported. If the target OS does not
+support sockets, this interface will likely need to be modified to use
+another mechanism like message queues. The control interface is
+optional component, so it is also possible to run %wpa_supplicant
+without porting this part.
+
+The %wpa_supplicant side of the control interface is implemented in
+ctrl_iface.c. Matching client side is implemented as a control
+interface library in wpa_ctrl.c.
+
+
+\section entry_point Program entry point
+
+%wpa_supplicant defines a set of functions that can be used to
+initialize main supplicant processing. Each operating system has a
+mechanism for starting new processing or threads. This is usually a
+function with a specific set of arguments and calling convention. This
+function is responsible on initializing %wpa_supplicant.
+
+main.c includes an entry point for UNIX-like operating system, i.e.,
+main() function that uses command line arguments for setting
+parameters for %wpa_supplicant. When porting to other operating
+systems, similar OS-specific entry point implementation is needed. It
+can be implemented in a new file that is then linked with
+%wpa_supplicant instead of main.o. main.c is also a good example on
+how the initialization process should be done.
+
+The supplicant initialization functions are defined in
+wpa_supplicant_i.h. In most cases, the entry point function should
+start by fetching configuration parameters. After this, a global
+%wpa_supplicant context is initialized with a call to
+wpa_supplicant_init(). After this, existing network interfaces can be
+added with wpa_supplicant_add_iface(). wpa_supplicant_run() is then
+used to start the main event loop. Once this returns at program
+termination time, wpa_supplicant_deinit() is used to release global
+context data.
+
+wpa_supplicant_add_iface() and wpa_supplicant_remove_iface() can be
+used dynamically to add and remove interfaces based on when
+%wpa_supplicant processing is needed for them. This can be done, e.g.,
+when hotplug network adapters are being inserted and ejected. It is
+also possible to do this when a network interface is being
+enabled/disabled if it is desirable that %wpa_supplicant processing
+for the interface is fully enabled/disabled at the same time.
+
+
+\section simple_build Simple build example
+
+One way to start a porting project is to begin with a very simple
+build of %wpa_supplicant with WPA-PSK support and once that is
+building correctly, start adding features.
+
+Following command can be used to build very simple version of
+%wpa_supplicant:
+
+\verbatim
+cc -o wpa_supplicant config.c eloop.c common.c md5.c rc4.c sha1.c \
+ config_none.c l2_packet_none.c tls_none.c wpa.c preauth.c \
+ aes_wrap.c wpa_supplicant.c events.c main_none.c drivers.c
+\endverbatim
+
+The end result is not really very useful since it uses empty functions
+for configuration parsing and layer 2 packet access and does not
+include a driver interface. However, this is a good starting point
+since the build is complete in the sense that all functions are
+present and this is easy to configure to a build system by just
+including the listed C files.
+
+Once this version can be build successfully, the end result can be
+made functional by adding a proper program entry point (main*.c),
+driver interface (driver_*.c and matching CONFIG_DRIVER_* define for
+registration in drivers.c), configuration parser/writer (config_*.c),
+and layer 2 packet access implementation (l2_packet_*.c). After these
+components have been added, the end result should be a working
+WPA/WPA2-PSK enabled supplicant.
+
+After the basic functionality has been verified to work, more features
+can be added by linking in more files and defining C pre-processor
+defines. Currently, the best source of information for what options
+are available and which files needs to be included is in the Makefile
+used for building the supplicant with make. Similar configuration will
+be needed for build systems that either use different type of make
+tool or a GUI-based project configuration.
+
+*/
--- /dev/null
+/**
+\page testing_tools Testing and development tools
+
+[ \ref eapol_test "eapol_test" |
+\ref preauth_test "preauth_test" |
+\ref driver_test "driver_test" |
+\ref unit_tests "Unit tests" ]
+
+%wpa_supplicant source tree includes number of testing and development
+tools that make it easier to test the programs without having to setup
+a full test setup with wireless cards. In addition, these tools can be
+used to implement automatic tests suites.
+
+\section eapol_test eapol_test - EAP peer and RADIUS client testing
+
+eapol_test is a program that links together the same EAP peer
+implementation that %wpa_supplicant is using and the RADIUS
+authentication client code from hostapd. In addition, it has minimal
+glue code to combine these two components in similar ways to IEEE
+802.1X/EAPOL Authenticator state machines. In other words, it
+integrates IEEE 802.1X Authenticator (normally, an access point) and
+IEEE 802.1X Supplicant (normally, a wireless client) together to
+generate a single program that can be used to test EAP methods without
+having to setup an access point and a wireless client.
+
+The main uses for eapol_test are in interoperability testing of EAP
+methods against RADIUS servers and in development testing for new EAP
+methods. It can be easily used to automate EAP testing for
+interoperability and regression since the program can be run from
+shell scripts without require additional test components apart from a
+RADIUS server. For example, the automated EAP tests described in
+eap_testing.txt are implemented with eapol_test. Similarly, eapol_test
+could be used to implement an automated regression test suite for a
+RADIUS authentication server.
+
+eapol_test uses the same build time configuration file, .config, as
+%wpa_supplicant. This file is used to select which EAP methods are
+included in eapol_test. This program is not built with the default
+Makefile target, so a separate make command needs to be used to
+compile the tool:
+
+\verbatim
+make eapol_test
+\endverbatim
+
+The resulting eapol_test binary has following command like options:
+
+\verbatim
+usage:
+eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] [-s<AS secret>] \
+ [-r<count>] [-t<timeout>] [-C<Connect-Info>] \
+ [-M<client MAC address>]
+eapol_test scard
+eapol_test sim <PIN> <num triplets> [debug]
+
+options:
+ -c<conf> = configuration file
+ -a<AS IP> = IP address of the authentication server, default 127.0.0.1
+ -p<AS port> = UDP port of the authentication server, default 1812
+ -s<AS secret> = shared secret with the authentication server, default 'radius'
+ -r<count> = number of re-authentications
+ -W = wait for a control interface monitor before starting
+ -S = save configuration after authentiation
+ -n = no MPPE keys expected
+ -t<timeout> = sets timeout in seconds (default: 30 s)
+ -C<Connect-Info> = RADIUS Connect-Info (default: CONNECT 11Mbps 802.11b)
+ -M<client MAC address> = Set own MAC address (Calling-Station-Id,
+ default: 02:00:00:00:00:01)
+\endverbatim
+
+
+As an example,
+\verbatim
+eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
+\endverbatim
+tries to complete EAP authentication based on the network
+configuration from test.conf against the RADIUS server running on the
+local host. A re-authentication is triggered to test fast
+re-authentication. The configuration file uses the same format for
+network blocks as %wpa_supplicant.
+
+
+\section preauth_test preauth_test - WPA2 pre-authentication and EAP peer testing
+
+preauth_test is similar to eapol_test in the sense that in combines
+EAP peer implementation with something else, in this case, with WPA2
+pre-authentication. This tool can be used to test pre-authentication
+based on the code that %wpa_supplicant is using. As such, it tests
+both the %wpa_supplicant implementation and the functionality of an
+access point.
+
+preauth_test is built with:
+
+\verbatim
+make preauth_test
+\endverbatim
+
+and it uses following command line arguments:
+
+\verbatim
+usage: preauth_test <conf> <target MAC address> <ifname>
+\endverbatim
+
+For example,
+\verbatim
+preauth_test test.conf 02:11:22:33:44:55 eth0
+\endverbatim
+would use network configuration from test.conf to try to complete
+pre-authentication with AP using BSSID 02:11:22:33:44:55. The
+pre-authentication packets would be sent using the eth0 interface.
+
+
+\section driver_test driver_test - driver interface for testing wpa_supplicant
+
+%wpa_supplicant was designed to support number of different ways to
+communicate with a network device driver. This design uses \ref
+driver_wrapper "driver interface API" and number of driver interface
+implementations. One of these is driver_test.c, i.e., a test driver
+interface that is actually not using any drivers. Instead, it provides
+a mechanism for running %wpa_supplicant without having to have a
+device driver or wireless LAN hardware for that matter.
+
+driver_test can be used to talk directly with hostapd's driver_test
+component to create a test setup where one or more clients and access
+points can be tested within one test host and without having to have
+multiple wireless cards. This makes it easier to test the core code in
+%wpa_supplicant, and hostapd for that matter. Since driver_test uses
+the same driver API than any other driver interface implementation,
+the core code of %wpa_supplicant and hostapd can be tested with the
+same coverage as one would get when using real wireless cards. The
+only area that is not tested is the driver interface implementation
+(driver_*.c).
+
+Having the possibility to use simulated network components makes it
+much easier to do development testing while adding new features and to
+reproduce reported bugs. As such, it is often easiest to just do most
+of the development and bug fixing without using real hardware. Once
+the driver_test setup has been used to implement a new feature or fix
+a bug, the end result can be verified with wireless LAN cards. In many
+cases, this may even be unnecessary, depending on what area the
+feature/bug is relating to. Of course, changes to driver interfaces
+will still require use of real hardware.
+
+Since multiple components can be run within a single host, testing of
+complex network configuration, e.g., large number of clients
+association with an access point, becomes quite easy. All the tests
+can also be automated without having to resort to complex test setup
+using remote access to multiple computers.
+
+driver_test can be included in the %wpa_supplicant build in the same
+way as any other driver interface, i.e., by adding the following line
+into .config:
+
+\verbatim
+CONFIG_DRIVER_TEST=y
+\endverbatim
+
+When running %wpa_supplicant, the test interface is selected by using
+\a -Dtest command line argument. The interface name (\a -i argument)
+can be selected arbitrarily, i.e., it does not need to match with any
+existing network interface. The interface name is used to generate a
+MAC address, so when using multiple clients, each should use a
+different interface, e.g., \a sta1, \a sta2, and so on.
+
+%wpa_supplicant and hostapd are configured in the same way as they
+would be for normal use. Following example shows a simple test setup
+for WPA-PSK.
+
+hostapd is configured with following psk-test.conf configuration file:
+
+\verbatim
+driver=test
+
+interface=ap1
+logger_stdout=-1
+logger_stdout_level=0
+debug=2
+dump_file=/tmp/hostapd.dump
+
+test_socket=/tmp/Test/ap1
+
+ssid=jkm-test-psk
+
+wpa=1
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+wpa_passphrase=12345678
+\endverbatim
+
+and started with following command:
+
+\verbatim
+hostapd psk-test.conf
+\endverbatim
+
+%wpa_supplicant uses following configuration file:
+
+\verbatim
+driver_param=test_socket=/tmp/Test/ap1
+
+network={
+ ssid="jkm-test-psk"
+ key_mgmt=WPA-PSK
+ psk="12345678"
+}
+\endverbatim
+
+%wpa_supplicant can then be started with following command:
+
+\verbatim
+wpa_supplicant -Dtest -cpsk-test.conf -ista1 -ddK
+\endverbatim
+
+If run without debug information, i.e., with
+
+\verbatim
+wpa_supplicant -Dtest -cpsk-test.conf -ista1
+\endverbatim
+
+%wpa_supplicant completes authentication and prints following events:
+
+\verbatim
+Trying to associate with 02:b8:a6:62:08:5a (SSID='jkm-test-psk' freq=0 MHz)
+Associated with 02:b8:a6:62:08:5a
+WPA: Key negotiation completed with 02:b8:a6:62:08:5a [PTK=TKIP GTK=TKIP]
+CTRL-EVENT-CONNECTED - Connection to 02:b8:a6:62:08:5a completed (auth)
+\endverbatim
+
+If test setup is using multiple clients, it is possible to run
+multiple %wpa_supplicant processes. Alternatively, the support for
+multiple interfaces can be used with just one process to save some
+resources on single-CPU systems. For example, following command runs
+two clients:
+
+\verbatim
+./wpa_supplicant -Dtest -cpsk-test.conf -ista1 \
+ -N -Dtest -cpsk-test.conf -ista2
+\endverbatim
+
+This shows following event log:
+
+\verbatim
+Trying to associate with 02:b8:a6:62:08:5a (SSID='jkm-test-psk' freq=0 MHz)
+Associated with 02:b8:a6:62:08:5a
+WPA: Key negotiation completed with 02:b8:a6:62:08:5a [PTK=TKIP GTK=TKIP]
+CTRL-EVENT-CONNECTED - Connection to 02:b8:a6:62:08:5a completed (auth)
+Trying to associate with 02:b8:a6:62:08:5a (SSID='jkm-test-psk' freq=0 MHz)
+Associated with 02:b8:a6:62:08:5a
+WPA: Key negotiation completed with 02:b8:a6:62:08:5a [PTK=TKIP GTK=TKIP]
+CTRL-EVENT-CONNECTED - Connection to 02:b8:a6:62:08:5a completed (auth)
+\endverbatim
+
+hostapd shows this with following events:
+
+\verbatim
+ap1: STA 02:b5:64:63:30:63 IEEE 802.11: associated
+ap1: STA 02:b5:64:63:30:63 WPA: pairwise key handshake completed (WPA)
+ap1: STA 02:b5:64:63:30:63 WPA: group key handshake completed (WPA)
+ap1: STA 02:2a:c4:18:5b:f3 IEEE 802.11: associated
+ap1: STA 02:2a:c4:18:5b:f3 WPA: pairwise key handshake completed (WPA)
+ap1: STA 02:2a:c4:18:5b:f3 WPA: group key handshake completed (WPA)
+\endverbatim
+
+By default, driver_param is simulating a driver that uses the WPA/RSN
+IE generated by %wpa_supplicant. Driver-generated IE and AssocInfo
+events can be tested by adding \a use_associnfo=1 to the \a driver_param
+line in the configuration file. For example:
+
+\verbatim
+driver_param=test_socket=/tmp/Test/ap1 use_associnfo=1
+\endverbatim
+
+
+\section unit_tests Unit tests
+
+Number of the components (.c files) used in %wpa_supplicant define
+their own unit tests for automated validation of the basic
+functionality. Most of the tests for cryptographic algorithms are
+using standard test vectors to validate functionality. These tests can
+be useful especially when verifying port to a new CPU target.
+
+In most cases, these tests are implemented in the end of the same file
+with functions that are normally commented out, but ca be included by
+defining a pre-processor variable when building the file separately.
+The details of the needed build options are included in the Makefile
+(test-* targets). All automated unit tests can be run with
+
+\verbatim
+make tests
+\endverbatim
+
+This make target builds and runs each test and terminates with zero
+exit code if all tests were completed successfully.
+
+*/
--- /dev/null
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+6 1875 4050 2925 4350
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 1875 4050 2925 4050 2925 4350 1875 4350 1875 4050
+4 0 0 50 -1 0 12 0.0000 4 180 735 2025 4275 l2_packet\001
+-6
+6 3450 1200 4275 1500
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 3450 1200 4275 1200 4275 1500 3450 1500 3450 1200
+4 0 0 50 -1 0 12 0.0000 4 180 585 3600 1425 wpa_cli\001
+-6
+6 4725 1200 5925 1500
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 4725 1200 5925 1200 5925 1500 4725 1500 4725 1200
+4 0 0 50 -1 0 12 0.0000 4 135 1005 4800 1425 GUI frontend\001
+-6
+6 6000 2700 7200 3225
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 6000 2700 7200 2700 7200 3225 6000 3225 6000 2700
+4 0 0 50 -1 0 12 0.0000 4 135 975 6075 2925 WPA/WPA2\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 3150 state machine\001
+-6
+6 6000 4950 7200 5475
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 6000 4950 7200 4950 7200 5475 6000 5475 6000 4950
+4 0 0 50 -1 0 12 0.0000 4 135 360 6075 5175 EAP\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 5400 state machine\001
+-6
+6 8700 3000 9375 3300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8700 3000 9375 3000 9375 3300 8700 3300 8700 3000
+4 0 0 50 -1 0 12 0.0000 4 150 480 8775 3225 crypto\001
+-6
+6 4350 3900 5025 4425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 4350 3900 5025 3900 5025 4425 4350 4425 4350 3900
+4 0 0 50 -1 0 12 0.0000 4 105 420 4500 4125 event\001
+4 0 0 50 -1 0 12 0.0000 4 180 315 4500 4350 loop\001
+-6
+6 4275 2550 5100 2850
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 4275 2550 5100 2550 5100 2850 4275 2850 4275 2550
+4 0 0 50 -1 0 12 0.0000 4 135 450 4425 2775 ctrl i/f\001
+-6
+6 6000 3900 7200 4425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 6000 3900 7200 3900 7200 4425 6000 4425 6000 3900
+4 0 0 50 -1 0 12 0.0000 4 135 600 6075 4125 EAPOL\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 4350 state machine\001
+-6
+6 1800 6000 7800 8100
+6 1800 6000 7800 7200
+6 1800 6900 2700 7200
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 1800 6900 2700 6900 2700 7200 1800 7200 1800 6900
+4 0 0 50 -1 0 12 0.0000 4 105 375 1875 7125 wext\001
+-6
+6 4725 6900 5625 7200
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 4725 6900 5625 6900 5625 7200 4725 7200 4725 6900
+4 0 0 50 -1 0 12 0.0000 4 135 555 4800 7125 hermes\001
+-6
+6 6675 6900 7800 7200
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 6675 6900 7800 6900 7800 7200 6675 7200 6675 6900
+4 0 0 50 -1 0 12 0.0000 4 180 930 6750 7125 ndiswrapper\001
+-6
+6 5700 6900 6600 7200
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 5700 6900 6600 6900 6600 7200 5700 7200 5700 6900
+4 0 0 50 -1 0 12 0.0000 4 135 420 5775 7125 atmel\001
+-6
+6 4275 6000 5100 6300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 4275 6000 5100 6000 5100 6300 4275 6300 4275 6000
+4 0 0 50 -1 0 12 0.0000 4 135 630 4350 6225 driver i/f\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 2775 6900 3675 6900 3675 7200 2775 7200 2775 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 3750 6900 4650 6900 4650 7200 3750 7200 3750 6900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+ 2250 6900 2250 6600 7200 6600 7200 6900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 3225 6900 3225 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4200 6900 4200 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 5175 6900 5175 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 6150 6900 6150 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4650 6600 4650 6300
+4 0 0 50 -1 0 12 0.0000 4 180 510 2850 7125 hostap\001
+4 0 0 50 -1 0 12 0.0000 4 135 600 3825 7125 madwifi\001
+-6
+6 3525 7800 5775 8100
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 3525 7800 5775 7800 5775 8100 3525 8100 3525 7800
+4 0 0 50 -1 0 12 0.0000 4 135 2145 3600 8025 kernel network device driver\001
+-6
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+ 2250 7200 4200 7800
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+ 7200 7200 5100 7800
+-6
+6 9600 3000 10275 3300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9600 3000 10275 3000 10275 3300 9600 3300 9600 3000
+4 0 0 50 -1 0 12 0.0000 4 135 315 9750 3225 TLS\001
+-6
+6 8100 4425 10425 7350
+6 8175 4725 9225 5025
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 4725 9225 4725 9225 5025 8175 5025 8175 4725
+4 0 0 50 -1 0 12 0.0000 4 135 735 8250 4950 EAP-TLS\001
+-6
+6 9300 4725 10350 5025
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 4725 10350 4725 10350 5025 9300 5025 9300 4725
+4 0 0 50 -1 0 12 0.0000 4 135 810 9375 4950 EAP-MD5\001
+-6
+6 8175 5100 9225 5400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 5100 9225 5100 9225 5400 8175 5400 8175 5100
+4 0 0 50 -1 0 12 0.0000 4 135 885 8250 5325 EAP-PEAP\001
+-6
+6 9300 5100 10350 5400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 5100 10350 5100 10350 5400 9300 5400 9300 5100
+4 0 0 50 -1 0 12 0.0000 4 135 840 9375 5325 EAP-TTLS\001
+-6
+6 8175 5475 9225 5775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 5475 9225 5475 9225 5775 8175 5775 8175 5475
+4 0 0 50 -1 0 12 0.0000 4 135 780 8250 5700 EAP-GTC\001
+-6
+6 9300 5475 10350 5775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 5475 10350 5475 10350 5775 9300 5775 9300 5475
+4 0 0 50 -1 0 12 0.0000 4 135 765 9375 5700 EAP-OTP\001
+-6
+6 8175 5850 9225 6150
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 5850 9225 5850 9225 6150 8175 6150 8175 5850
+4 0 0 50 -1 0 12 0.0000 4 135 750 8250 6075 EAP-SIM\001
+-6
+6 9300 6225 10350 6525
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 6225 10350 6225 10350 6525 9300 6525 9300 6225
+4 0 0 50 -1 0 12 0.0000 4 135 465 9375 6450 LEAP\001
+-6
+6 8175 6225 9225 6525
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 6225 9225 6225 9225 6525 8175 6525 8175 6225
+4 0 0 50 -1 0 12 0.0000 4 135 765 8250 6450 EAP-PSK\001
+-6
+6 9300 5850 10350 6150
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 5850 10350 5850 10350 6150 9300 6150 9300 5850
+4 0 0 50 -1 0 12 0.0000 4 135 825 9375 6075 EAP-AKA\001
+-6
+6 8175 6975 9675 7275
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 6975 9675 6975 9675 7275 8175 7275 8175 6975
+4 0 0 50 -1 0 12 0.0000 4 135 1365 8250 7200 EAP-MSCHAPv2\001
+-6
+6 9300 6600 10350 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 9300 6600 10350 6600 10350 6900 9300 6900 9300 6600
+4 0 0 50 -1 0 12 0.0000 4 135 870 9375 6825 EAP-FAST\001
+-6
+6 8175 6600 9225 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8175 6600 9225 6600 9225 6900 8175 6900 8175 6600
+4 0 0 50 -1 0 12 0.0000 4 135 795 8250 6825 EAP-PAX\001
+-6
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 8100 7350 10425 7350 10425 4425 8100 4425 8100 7350
+4 0 0 50 -1 0 12 0.0000 4 135 1050 8700 4650 EAP methods\001
+-6
+6 2775 5025 4050 5325
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 2775 5025 4050 5025 4050 5325 2775 5325 2775 5025
+4 0 0 50 -1 0 12 0.0000 4 135 990 2925 5250 driver events\001
+-6
+6 2775 3150 4050 3450
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 2775 3150 4050 3150 4050 3450 2775 3450 2775 3150
+4 0 0 50 -1 0 12 0.0000 4 180 990 2925 3375 configuration\001
+-6
+2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+ 1275 4200 1875 4200
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+ 4500 2550 3900 1500
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+ 4800 2550 5400 1500
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 2925 4200 4350 4200
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 5025 3900 6000 3000
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 5025 4200 6000 4200
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4650 6000 4650 4425
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 6600 4425 6600 4950
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 6600 3225 6600 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 7200 5250 8100 5250
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 9075 4425 9075 3300
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 7200 3000 8700 3150
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4650 3900 4650 2850
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 7200 4125 8700 3300
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 6000 4350 5025 6000
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 6000 3150 4875 6000
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+ 1500 2100 10800 2100 10800 7500 1500 7500 1500 2100
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 9900 4425 9900 3300
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 1
+ 4350 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4350 3900 4050 3450
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+ 4350 4425 4050 5025
+4 0 0 50 -1 0 12 0.0000 4 135 915 375 3975 EAPOL and\001
+4 0 0 50 -1 0 12 0.0000 4 180 630 375 4200 pre-auth\001
+4 0 0 50 -1 0 12 0.0000 4 180 810 375 4425 ethertypes\001
+4 0 0 50 -1 0 12 0.0000 4 135 1050 375 4650 from/to kernel\001
+4 0 0 50 -1 0 12 0.0000 4 135 1920 3675 1875 frontend control interface\001
+4 0 0 50 -1 2 14 0.0000 4 210 1440 1637 2371 wpa_supplicant\001
--- /dev/null
+/*
+ * WPA Supplicant - driver interface definition
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DRIVER_H
+#define DRIVER_H
+
+#define WPA_SUPPLICANT_DRIVER_VERSION 2
+
+#include "defs.h"
+
+#define AUTH_ALG_OPEN_SYSTEM 0x01
+#define AUTH_ALG_SHARED_KEY 0x02
+#define AUTH_ALG_LEAP 0x04
+
+#define IEEE80211_MODE_INFRA 0
+#define IEEE80211_MODE_IBSS 1
+
+#define IEEE80211_CAP_ESS 0x0001
+#define IEEE80211_CAP_IBSS 0x0002
+#define IEEE80211_CAP_PRIVACY 0x0010
+
+#define SSID_MAX_WPA_IE_LEN 40
+/**
+ * struct wpa_scan_result - Scan results
+ * @bssid: BSSID
+ * @ssid: SSID
+ * @ssid_len: length of the ssid
+ * @wpa_ie: WPA IE
+ * @wpa_ie_len: length of the wpa_ie
+ * @rsn_ie: RSN IE
+ * @rsn_ie_len: length of the RSN IE
+ * @freq: frequency of the channel in MHz (e.g., 2412 = channel 1)
+ * @caps: capability information field in host byte order
+ * @qual: signal quality
+ * @noise: noise level
+ * @level: signal level
+ * @maxrate: maximum supported rate
+ *
+ * This structure is used as a generic format for scan results from the
+ * driver. Each driver interface implementation is responsible for converting
+ * the driver or OS specific scan results into this format.
+ */
+struct wpa_scan_result {
+ u8 bssid[ETH_ALEN];
+ u8 ssid[32];
+ size_t ssid_len;
+ u8 wpa_ie[SSID_MAX_WPA_IE_LEN];
+ size_t wpa_ie_len;
+ u8 rsn_ie[SSID_MAX_WPA_IE_LEN];
+ size_t rsn_ie_len;
+ int freq;
+ u16 caps;
+ int qual;
+ int noise;
+ int level;
+ int maxrate;
+};
+
+/**
+ * struct wpa_driver_associate_params - Association parameters
+ * Data for struct wpa_driver_ops::associate().
+ */
+struct wpa_driver_associate_params {
+ /**
+ * bssid - BSSID of the selected AP
+ * This can be %NULL, if ap_scan=2 mode is used and the driver is
+ * responsible for selecting with which BSS to associate. */
+ const u8 *bssid;
+
+ /**
+ * ssid - The selected SSID
+ */
+ const u8 *ssid;
+ size_t ssid_len;
+
+ /**
+ * freq - Frequency of the channel the selected AP is using
+ * Frequency that the selected AP is using (in MHz as
+ * reported in the scan results)
+ */
+ int freq;
+
+ /**
+ * wpa_ie - WPA information element for (Re)Association Request
+ * WPA information element to be included in (Re)Association
+ * Request (including information element id and length). Use
+ * of this WPA IE is optional. If the driver generates the WPA
+ * IE, it can use pairwise_suite, group_suite, and
+ * key_mgmt_suite to select proper algorithms. In this case,
+ * the driver has to notify wpa_supplicant about the used WPA
+ * IE by generating an event that the interface code will
+ * convert into EVENT_ASSOCINFO data (see wpa_supplicant.h).
+ * When using WPA2/IEEE 802.11i, wpa_ie is used for RSN IE
+ * instead. The driver can determine which version is used by
+ * looking at the first byte of the IE (0xdd for WPA, 0x30 for
+ * WPA2/RSN).
+ */
+ const u8 *wpa_ie;
+ /**
+ * wpa_ie_len - length of the wpa_ie
+ */
+ size_t wpa_ie_len;
+
+ /* The selected pairwise/group cipher and key management
+ * suites. These are usually ignored if @wpa_ie is used. */
+ wpa_cipher pairwise_suite;
+ wpa_cipher group_suite;
+ wpa_key_mgmt key_mgmt_suite;
+
+ /**
+ * auth_alg - Allowed authentication algorithms
+ * Bit field of AUTH_ALG_*
+ */
+ int auth_alg;
+
+ /**
+ * mode - Operation mode (infra/ibss) IEEE80211_MODE_*
+ */
+ int mode;
+
+ /**
+ * wep_key - WEP keys for static WEP configuration
+ */
+ const u8 *wep_key[4];
+
+ /**
+ * wep_key_len - WEP key length for static WEP configuration
+ */
+ size_t wep_key_len[4];
+
+ /**
+ * wep_tx_keyidx - WEP TX key index for static WEP configuration
+ */
+ int wep_tx_keyidx;
+
+ /**
+ * mgmt_frame_protection - IEEE 802.11w management frame protection
+ */
+ enum {
+ NO_MGMT_FRAME_PROTECTION,
+ MGMT_FRAME_PROTECTION_OPTIONAL,
+ MGMT_FRAME_PROTECTION_REQUIRED
+ } mgmt_frame_protection;
+};
+
+/**
+ * struct wpa_driver_capa - Driver capability information
+ */
+struct wpa_driver_capa {
+#define WPA_DRIVER_CAPA_KEY_MGMT_WPA 0x00000001
+#define WPA_DRIVER_CAPA_KEY_MGMT_WPA2 0x00000002
+#define WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK 0x00000004
+#define WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK 0x00000008
+#define WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE 0x00000010
+ unsigned int key_mgmt;
+
+#define WPA_DRIVER_CAPA_ENC_WEP40 0x00000001
+#define WPA_DRIVER_CAPA_ENC_WEP104 0x00000002
+#define WPA_DRIVER_CAPA_ENC_TKIP 0x00000004
+#define WPA_DRIVER_CAPA_ENC_CCMP 0x00000008
+ unsigned int enc;
+
+#define WPA_DRIVER_AUTH_OPEN 0x00000001
+#define WPA_DRIVER_AUTH_SHARED 0x00000002
+#define WPA_DRIVER_AUTH_LEAP 0x00000004
+ unsigned int auth;
+
+/* Driver generated WPA/RSN IE */
+#define WPA_DRIVER_FLAGS_DRIVER_IE 0x00000001
+#define WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC 0x00000002
+#define WPA_DRIVER_FLAGS_USER_SPACE_MLME 0x00000004
+ unsigned int flags;
+};
+
+
+#define WPA_CHAN_W_SCAN 0x00000001
+#define WPA_CHAN_W_ACTIVE_SCAN 0x00000002
+#define WPA_CHAN_W_IBSS 0x00000004
+
+struct wpa_channel_data {
+ short chan; /* channel number (IEEE 802.11) */
+ short freq; /* frequency in MHz */
+ int flag; /* flag for user space use (WPA_CHAN_*) */
+};
+
+#define WPA_RATE_ERP 0x00000001
+#define WPA_RATE_BASIC 0x00000002
+#define WPA_RATE_PREAMBLE2 0x00000004
+#define WPA_RATE_SUPPORTED 0x00000010
+#define WPA_RATE_OFDM 0x00000020
+#define WPA_RATE_CCK 0x00000040
+#define WPA_RATE_MANDATORY 0x00000100
+
+struct wpa_rate_data {
+ int rate; /* rate in 100 kbps */
+ int flags; /* WPA_RATE_ flags */
+};
+
+typedef enum {
+ WPA_MODE_IEEE80211B,
+ WPA_MODE_IEEE80211G,
+ WPA_MODE_IEEE80211A,
+ NUM_WPA_MODES
+} wpa_hw_mode;
+
+struct wpa_hw_modes {
+ wpa_hw_mode mode;
+ int num_channels;
+ struct wpa_channel_data *channels;
+ int num_rates;
+ struct wpa_rate_data *rates;
+};
+
+
+struct ieee80211_rx_status {
+ int channel;
+ int ssi;
+};
+
+
+/**
+ * struct wpa_driver_ops - Driver interface API definition
+ *
+ * This structure defines the API that each driver interface needs to implement
+ * for core wpa_supplicant code. All driver specific functionality is captured
+ * in this wrapper.
+ */
+struct wpa_driver_ops {
+ /** Name of the driver interface */
+ const char *name;
+ /** One line description of the driver interface */
+ const char *desc;
+
+ /**
+ * get_bssid - Get the current BSSID
+ * @priv: private driver interface data
+ * @bssid: buffer for BSSID (ETH_ALEN = 6 bytes)
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Query kernel driver for the current BSSID and copy it to bssid.
+ * Setting bssid to 00:00:00:00:00:00 is recommended if the STA is not
+ * associated.
+ */
+ int (*get_bssid)(void *priv, u8 *bssid);
+
+ /**
+ * get_ssid - Get the current SSID
+ * @priv: private driver interface data
+ * @ssid: buffer for SSID (at least 32 bytes)
+ *
+ * Returns: Length of the SSID on success, -1 on failure
+ *
+ * Query kernel driver for the current SSID and copy it to ssid.
+ * Returning zero is recommended if the STA is not associated.
+ *
+ * Note: SSID is an array of octets, i.e., it is not nul terminated and
+ * can, at least in theory, contain control characters (including nul)
+ * and as such, should be processed as binary data, not a printable
+ * string.
+ */
+ int (*get_ssid)(void *priv, u8 *ssid);
+
+ /**
+ * set_wpa - Enable/disable WPA support (OBSOLETE)
+ * @priv: private driver interface data
+ * @enabled: 1 = enable, 0 = disable
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Note: This function is included for backwards compatibility. This is
+ * called only just after init and just before deinit, so these
+ * functions can be used to implement same functionality and the driver
+ * interface need not define this function.
+ *
+ * Configure the kernel driver to enable/disable WPA support. This may
+ * be empty function, if WPA support is always enabled. Common
+ * configuration items are WPA IE (clearing it when WPA support is
+ * disabled), Privacy flag configuration for capability field (note:
+ * this the value need to set in associate handler to allow plaintext
+ * mode to be used) when trying to associate with, roaming mode (can
+ * allow wpa_supplicant to control roaming if ap_scan=1 is used;
+ * however, drivers can also implement roaming if desired, especially
+ * ap_scan=2 mode is used for this).
+ */
+ int (*set_wpa)(void *priv, int enabled);
+
+ /**
+ * set_key - Configure encryption key
+ * @priv: private driver interface data
+ * @alg: encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
+ * %WPA_ALG_TKIP, %WPA_ALG_CCMP, %WPA_ALG_IGTK, %WPA_ALG_DHV);
+ * %WPA_ALG_NONE clears the key.
+ * @addr: address of the peer STA or ff:ff:ff:ff:ff:ff for
+ * broadcast/default keys
+ * @key_idx: key index (0..3), usually 0 for unicast keys; 0..4095 for
+ * IGTK
+ * @set_tx: configure this key as the default Tx key (only used when
+ * driver does not support separate unicast/individual key
+ * @seq: sequence number/packet number, seq_len octets, the next
+ * packet number to be used for in replay protection; configured
+ * for Rx keys (in most cases, this is only used with broadcast
+ * keys and set to zero for unicast keys)
+ * @seq_len: length of the seq, depends on the algorithm:
+ * TKIP: 6 octets, CCMP: 6 octets, IGTK: 6 octets
+ * @key: key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
+ * 8-byte Rx Mic Key
+ * @key_len: length of the key buffer in octets (WEP: 5 or 13,
+ * TKIP: 32, CCMP: 16, IGTK: 16, DHV: 16)
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Configure the given key for the kernel driver. If the driver
+ * supports separate individual keys (4 default keys + 1 individual),
+ * addr can be used to determine whether the key is default or
+ * individual. If only 4 keys are supported, the default key with key
+ * index 0 is used as the individual key. STA must be configured to use
+ * it as the default Tx key (set_tx is set) and accept Rx for all the
+ * key indexes. In most cases, WPA uses only key indexes 1 and 2 for
+ * broadcast keys, so key index 0 is available for this kind of
+ * configuration.
+ *
+ * Please note that TKIP keys include separate TX and RX MIC keys and
+ * some drivers may expect them in different order than wpa_supplicant
+ * is using. If the TX/RX keys are swapped, all TKIP encrypted packets
+ * will tricker Michael MIC errors. This can be fixed by changing the
+ * order of MIC keys by swapping te bytes 16..23 and 24..31 of the key
+ * in driver_*.c set_key() implementation, see driver_ndis.c for an
+ * example on how this can be done.
+ */
+ int (*set_key)(void *priv, wpa_alg alg, const u8 *addr,
+ int key_idx, int set_tx, const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len);
+
+ /**
+ * init - Initialize driver interface
+ * @ctx: context to be used when calling wpa_supplicant functions,
+ * e.g., wpa_supplicant_event()
+ * @ifname: interface name, e.g., wlan0
+ *
+ * Returns: Pointer to private data, %NULL on failure
+ *
+ * Initialize driver interface, including event processing for kernel
+ * driver events (e.g., associated, scan results, Michael MIC failure).
+ * This function can allocate a private configuration data area for
+ * @ctx, file descriptor, interface name, etc. information that may be
+ * needed in future driver operations. If this is not used, non-NULL
+ * value will need to be returned because %NULL is used to indicate
+ * failure. The returned value will be used as 'void *priv' data for
+ * all other driver_ops functions.
+ *
+ * The main event loop (eloop.c) of wpa_supplicant can be used to
+ * register callback for read sockets (eloop_register_read_sock()).
+ *
+ * See wpa_supplicant.h for more information about events and
+ * wpa_supplicant_event() function.
+ */
+ void * (*init)(void *ctx, const char *ifname);
+
+ /**
+ * deinit - Deinitialize driver interface
+ * @priv: private driver interface data from init()
+ *
+ * Shut down driver interface and processing of driver events. Free
+ * private data buffer if one was allocated in init() handler.
+ */
+ void (*deinit)(void *priv);
+
+ /**
+ * set_param - Set driver configuration parameters
+ * @priv: private driver interface data from init()
+ * @param: driver specific configuration parameters
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Optional handler for notifying driver interface about configuration
+ * parameters (driver_param).
+ */
+ int (*set_param)(void *priv, const char *param);
+
+ /**
+ * set_countermeasures - Enable/disable TKIP countermeasures
+ * @priv: private driver interface data
+ * @enabled: 1 = countermeasures enabled, 0 = disabled
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Configure TKIP countermeasures. When these are enabled, the driver
+ * should drop all received and queued frames that are using TKIP.
+ */
+ int (*set_countermeasures)(void *priv, int enabled);
+
+ /**
+ * set_drop_unencrypted - Enable/disable unencrypted frame filtering
+ * @priv: private driver interface data
+ * @enabled: 1 = unencrypted Tx/Rx frames will be dropped, 0 = disabled
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Configure the driver to drop all non-EAPOL frames (both receive and
+ * transmit paths). Unencrypted EAPOL frames (ethertype 0x888e) must
+ * still be allowed for key negotiation.
+ */
+ int (*set_drop_unencrypted)(void *priv, int enabled);
+
+ /**
+ * scan - Request the driver to initiate scan
+ * @priv: private driver interface data
+ * @ssid: specific SSID to scan for (ProbeReq) or %NULL to scan for
+ * all SSIDs (either active scan with broadcast SSID or passive
+ * scan
+ * @ssid_len: length of the SSID
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Once the scan results are ready, the driver should report scan
+ * results event for wpa_supplicant which will eventually request the
+ * results with wpa_driver_get_scan_results().
+ */
+ int (*scan)(void *priv, const u8 *ssid, size_t ssid_len);
+
+ /**
+ * get_scan_results - Fetch the latest scan results
+ * @priv: private driver interface data
+ * @results: pointer to buffer for scan results
+ * @max_size: maximum number of entries (buffer size)
+ *
+ * Returns: Number of scan result entries used on success, -1 on
+ * failure
+ *
+ * If scan results include more than max_size BSSes, max_size will be
+ * returned and the remaining entries will not be included in the
+ * buffer.
+ */
+ int (*get_scan_results)(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size);
+
+ /**
+ * deauthenticate - Request driver to deauthenticate
+ * @priv: private driver interface data
+ * @addr: peer address (BSSID of the AP)
+ * @reason_code: 16-bit reason code to be sent in the deauthentication
+ * frame
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*deauthenticate)(void *priv, const u8 *addr, int reason_code);
+
+ /**
+ * disassociate - Request driver to disassociate
+ * @priv: private driver interface data
+ * @addr: peer address (BSSID of the AP)
+ * @reason_code: 16-bit reason code to be sent in the disassociation
+ * frame
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*disassociate)(void *priv, const u8 *addr, int reason_code);
+
+ /**
+ * associate - Request driver to associate
+ * @priv: private driver interface data
+ * @params: association parameters
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*associate)(void *priv,
+ struct wpa_driver_associate_params *params);
+
+ /**
+ * set_auth_alg - Set IEEE 802.11 authentication algorithm
+ * @priv: private driver interface data
+ * @auth_alg: bit field of AUTH_ALG_*
+ *
+ * If the driver supports more than one authentication algorithm at the
+ * same time, it should configure all supported algorithms. If not, one
+ * algorithm needs to be selected arbitrarily. Open System
+ * authentication should be ok for most cases and it is recommended to
+ * be used if other options are not supported. Static WEP configuration
+ * may also use Shared Key authentication and LEAP requires its own
+ * algorithm number. For LEAP, user can make sure that only one
+ * algorithm is used at a time by configuring LEAP as the only
+ * supported EAP method. This information is also available in
+ * associate() params, so set_auth_alg may not be needed in case of
+ * most drivers.
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*set_auth_alg)(void *priv, int auth_alg);
+
+ /**
+ * add_pmkid - Add PMKSA cache entry to the driver
+ * @priv: private driver interface data
+ * @bssid: BSSID for the PMKSA cache entry
+ * @pmkid: PMKID for the PMKSA cache entry
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called when a new PMK is received, as a result of
+ * either normal authentication or RSN pre-authentication.
+ *
+ * If the driver generates RSN IE, i.e., it does not use wpa_ie in
+ * associate(), add_pmkid() can be used to add new PMKSA cache entries
+ * in the driver. If the driver uses wpa_ie from wpa_supplicant, this
+ * driver_ops function does not need to be implemented. Likewise, if
+ * the driver does not support WPA, this function is not needed.
+ */
+ int (*add_pmkid)(void *priv, const u8 *bssid, const u8 *pmkid);
+
+ /**
+ * remove_pmkid - Remove PMKSA cache entry to the driver
+ * @priv: private driver interface data
+ * @bssid: BSSID for the PMKSA cache entry
+ * @pmkid: PMKID for the PMKSA cache entry
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called when the supplicant drops a PMKSA cache
+ * entry for any reason.
+ *
+ * If the driver generates RSN IE, i.e., it does not use wpa_ie in
+ * associate(), remove_pmkid() can be used to synchronize PMKSA caches
+ * between the driver and wpa_supplicant. If the driver uses wpa_ie
+ * from wpa_supplicant, this driver_ops function does not need to be
+ * implemented. Likewise, if the driver does not support WPA, this
+ * function is not needed.
+ */
+ int (*remove_pmkid)(void *priv, const u8 *bssid, const u8 *pmkid);
+
+ /**
+ * flush_pmkid - Flush PMKSA cache
+ * @priv: private driver interface data
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called when the supplicant drops all PMKSA cache
+ * entries for any reason.
+ *
+ * If the driver generates RSN IE, i.e., it does not use wpa_ie in
+ * associate(), remove_pmkid() can be used to synchronize PMKSA caches
+ * between the driver and wpa_supplicant. If the driver uses wpa_ie
+ * from wpa_supplicant, this driver_ops function does not need to be
+ * implemented. Likewise, if the driver does not support WPA, this
+ * function is not needed.
+ */
+ int (*flush_pmkid)(void *priv);
+
+ /**
+ * flush_pmkid - Flush PMKSA cache
+ * @priv: private driver interface data
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Get driver/firmware/hardware capabilities.
+ */
+ int (*get_capa)(void *priv, struct wpa_driver_capa *capa);
+
+ /**
+ * poll - Poll driver for association information
+ * @priv: private driver interface data
+ *
+ * This is an option callback that can be used when the driver does not
+ * provide event mechanism for association events. This is called when
+ * receiving WPA EAPOL-Key messages that require association
+ * information. The driver interface is supposed to generate associnfo
+ * event before returning from this callback function. In addition, the
+ * driver interface should generate an association event after having
+ * sent out associnfo.
+ */
+ void (*poll)(void *priv);
+
+ /**
+ * get_ifname - Get interface name
+ * @priv: private driver interface data
+ *
+ * Returns: Pointer to the interface name. This can differ from the
+ * interface name used in init() call.
+ *
+ * This optional function can be used to allow the driver interface to
+ * replace the interface name with something else, e.g., based on an
+ * interface mapping from a more descriptive name.
+ */
+ const char * (*get_ifname)(void *priv);
+
+ /**
+ * get_mac_addr - Get own MAC address
+ * @priv: private driver interface data
+ *
+ * Returns: Pointer to own MAC address or %NULL on failure
+ *
+ * This optional function can be used to get the own MAC address of the
+ * device from the driver interface code. This is only needed if the
+ * l2_packet implementation for the OS does not provide easy access to
+ * a MAC address. */
+ const u8 * (*get_mac_addr)(void *priv);
+
+ /**
+ * send_eapol - Optional function for sending EAPOL packets
+ * @priv: private driver interface data
+ * @dest: Destination MAC address
+ * @proto: Ethertype
+ * @data: EAPOL packet starting with IEEE 802.1X header
+ * @data_len: Size of the EAPOL packet
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * This optional function can be used to override l2_packet operations
+ * with driver specific functionality. If this function pointer is set,
+ * l2_packet module is not used at all and the driver interface code is
+ * responsible for receiving and sending all EAPOL packets. The
+ * received EAPOL packets are sent to core code by calling
+ * wpa_supplicant_rx_eapol(). The driver interface is required to
+ * implement get_mac_addr() handler if send_eapol() is used.
+ */
+ int (*send_eapol)(void *priv, const u8 *dest, u16 proto,
+ const u8 *data, size_t data_len);
+
+ /**
+ * set_operstate - Sets device operating state to DORMANT or UP
+ * @priv: private driver interface data
+ * @state: 0 = dormant, 1 = up
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is an optional function that can be used on operating systems
+ * that support a concept of controlling network device state from user
+ * space applications. This function, if set, gets called with
+ * state = 1 when authentication has been completed and with state = 0
+ * when connection is lost.
+ */
+ int (*set_operstate)(void *priv, int state);
+
+ /**
+ * mlme_setprotection - MLME-SETPROTECTION.request primitive
+ * @priv: Private driver interface data
+ * @addr: Address of the station for which to set protection (may be
+ * %NULL for group keys)
+ * @protect_type: MLME_SETPROTECTION_PROTECT_TYPE_*
+ * @key_type: MLME_SETPROTECTION_KEY_TYPE_*
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is an optional function that can be used to set the driver to
+ * require protection for Tx and/or Rx frames. This uses the layer
+ * interface defined in IEEE 802.11i-2004 clause 10.3.22.1
+ * (MLME-SETPROTECTION.request). Many drivers do not use explicit
+ * set protection operation; instead, they set protection implicitly
+ * based on configured keys.
+ */
+ int (*mlme_setprotection)(void *priv, const u8 *addr, int protect_type,
+ int key_type);
+
+ /**
+ * get_hw_feature_data - Get hardware support data (channels and rates)
+ * @priv: Private driver interface data
+ * @num_modes: Variable for returning the number of returned modes
+ * flags: Variable for returning hardware feature flags
+ * Returns: Pointer to allocated hardware data on success or %NULL on
+ * failure. Caller is responsible for freeing this.
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ struct wpa_hw_modes * (*get_hw_feature_data)(void *priv,
+ u16 *num_modes,
+ u16 *flags);
+
+ /**
+ * set_channel - Set channel
+ * @priv: Private driver interface data
+ * @phymode: WPA_MODE_IEEE80211B, ..
+ * @chan: IEEE 802.11 channel number
+ * @freq: Frequency of the channel in MHz
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ int (*set_channel)(void *priv, wpa_hw_mode phymode, int chan,
+ int freq);
+
+ /**
+ * set_ssid - Set SSID
+ * @priv: Private driver interface data
+ * @ssid: SSID
+ * @ssid_len: SSID length
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ int (*set_ssid)(void *priv, const u8 *ssid, size_t ssid_len);
+
+ /**
+ * set_bssid - Set BSSID
+ * @priv: Private driver interface data
+ * @bssid: BSSID
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ int (*set_bssid)(void *priv, const u8 *bssid);
+
+ /**
+ * send_mlme - Send management frame from MLME
+ * @priv: Private driver interface data
+ * @data: IEEE 802.11 management frame with IEEE 802.11 header
+ * @data_len: Size of the management frame
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ int (*send_mlme)(void *priv, const u8 *data, size_t data_len);
+
+ /**
+ * mlme_add_sta - Add a STA entry into the driver/netstack
+ * @priv: Private driver interface data
+ * @addr: MAC address of the STA (e.g., BSSID of the AP)
+ * @supp_rates: Supported rate set (from (Re)AssocResp); in IEEE 802.11
+ * format (one octet per rate, 1 = 0.5 Mbps)
+ * @supp_rates_len: Number of entries in supp_rates
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant. When the MLME code
+ * completes association with an AP, this function is called to
+ * configure the driver/netstack with a STA entry for data frame
+ * processing (TX rate control, encryption/decryption).
+ */
+ int (*mlme_add_sta)(void *priv, const u8 *addr, const u8 *supp_rates,
+ size_t supp_rates_len);
+
+ /**
+ * mlme_remove_sta - Remove a STA entry from the driver/netstack
+ * @priv: Private driver interface data
+ * @addr: MAC address of the STA (e.g., BSSID of the AP)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is only needed for drivers that export MLME
+ * (management frame processing) to wpa_supplicant.
+ */
+ int (*mlme_remove_sta)(void *priv, const u8 *addr);
+};
+
+#endif /* DRIVER_H */
--- /dev/null
+/*
+ * WPA Supplicant - Driver interaction with Atmel Wireless LAN drivers
+ * Copyright (c) 2000-2005, ATMEL Corporation
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+/******************************************************************************
+ Copyright 2000-2001 ATMEL Corporation.
+
+ WPA Supplicant - driver interaction with Atmel Wireless lan drivers.
+
+ This is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Atmel wireless lan drivers; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+******************************************************************************/
+
+/*
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "driver_wext.h"
+#include "wpa_supplicant.h"
+
+struct wpa_driver_atmel_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+};
+
+
+#define ATMEL_WPA_IOCTL (SIOCIWFIRSTPRIV + 2)
+#define ATMEL_WPA_IOCTL_PARAM (SIOCIWFIRSTPRIV + 3)
+#define ATMEL_WPA_IOCTL_GET_PARAM (SIOCIWFIRSTPRIV + 4)
+
+
+/* ATMEL_WPA_IOCTL ioctl() cmd: */
+enum {
+ SET_WPA_ENCRYPTION = 1,
+ SET_CIPHER_SUITES = 2,
+ MLME_STA_DEAUTH = 3,
+ MLME_STA_DISASSOC = 4
+};
+
+/* ATMEL_WPA_IOCTL_PARAM ioctl() cmd: */
+enum {
+ ATMEL_PARAM_WPA = 1,
+ ATMEL_PARAM_PRIVACY_INVOKED = 2,
+ ATMEL_PARAM_WPA_TYPE = 3
+};
+
+#define MAX_KEY_LENGTH 40
+
+struct atmel_param{
+ unsigned char sta_addr[6];
+ int cmd;
+ u8 alg;
+ u8 key_idx;
+ u8 set_tx;
+ u8 seq[8];
+ u8 seq_len;
+ u16 key_len;
+ u8 key[MAX_KEY_LENGTH];
+ struct{
+ int reason_code;
+ u8 state;
+ }mlme;
+ u8 pairwise_suite;
+ u8 group_suite;
+ u8 key_mgmt_suite;
+};
+
+
+
+static int atmel_ioctl(struct wpa_driver_atmel_data *drv,
+ struct atmel_param *param,
+ int len, int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) param;
+ iwr.u.data.length = len;
+
+ if (ioctl(drv->sock, ATMEL_WPA_IOCTL, &iwr) < 0) {
+ int ret;
+ ret = errno;
+ if (show_err)
+ perror("ioctl[ATMEL_WPA_IOCTL]");
+ return ret;
+ }
+
+ return 0;
+}
+
+
+static int atmel2param(struct wpa_driver_atmel_data *drv, int param, int value)
+{
+ struct iwreq iwr;
+ int *i, ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ i = (int *) iwr.u.name;
+ *i++ = param;
+ *i++ = value;
+
+ if (ioctl(drv->sock, ATMEL_WPA_IOCTL_PARAM, &iwr) < 0) {
+ perror("ioctl[ATMEL_WPA_IOCTL_PARAM]");
+ ret = -1;
+ }
+ return ret;
+}
+
+
+#if 0
+static int wpa_driver_atmel_set_wpa_ie(struct wpa_driver_atmel_data *drv,
+ const char *wpa_ie, size_t wpa_ie_len)
+{
+ struct atmel_param *param;
+ int res;
+ size_t blen = ATMEL_GENERIC_ELEMENT_HDR_LEN + wpa_ie_len;
+ if (blen < sizeof(*param))
+ blen = sizeof(*param);
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = ATMEL_SET_GENERIC_ELEMENT;
+ param->u.generic_elem.len = wpa_ie_len;
+ os_memcpy(param->u.generic_elem.data, wpa_ie, wpa_ie_len);
+ res = atmel_ioctl(drv, param, blen, 1);
+
+ os_free(param);
+
+ return res;
+}
+#endif
+
+
+static int wpa_driver_atmel_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ int ret = 0;
+
+ printf("wpa_driver_atmel_set_wpa %s\n", drv->ifname);
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+
+#if 0
+ if (!enabled && wpa_driver_atmel_set_wpa_ie(drv, NULL, 0) < 0)
+ ret = -1;
+#endif
+ if (atmel2param(drv, ATMEL_PARAM_PRIVACY_INVOKED, enabled) < 0)
+ ret = -1;
+ if (atmel2param(drv, ATMEL_PARAM_WPA, enabled) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+
+static int wpa_driver_atmel_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx,
+ int set_tx, const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ int ret = 0;
+ struct atmel_param *param;
+ u8 *buf;
+ u8 alg_type;
+
+ size_t blen;
+ char *alg_name;
+
+ switch (alg) {
+ case WPA_ALG_NONE:
+ alg_name = "none";
+ alg_type = 0;
+ break;
+ case WPA_ALG_WEP:
+ alg_name = "WEP";
+ alg_type = 1;
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ alg_type = 2;
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ alg_type = 3;
+ break;
+ default:
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ if (seq_len > 8)
+ return -2;
+
+ blen = sizeof(*param) + key_len;
+ buf = os_zalloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ param = (struct atmel_param *) buf;
+
+ param->cmd = SET_WPA_ENCRYPTION;
+
+ if (addr == NULL)
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+ else
+ os_memcpy(param->sta_addr, addr, ETH_ALEN);
+
+ param->alg = alg_type;
+ param->key_idx = key_idx;
+ param->set_tx = set_tx;
+ os_memcpy(param->seq, seq, seq_len);
+ param->seq_len = seq_len;
+ param->key_len = key_len;
+ os_memcpy((u8 *)param->key, key, key_len);
+
+ if (atmel_ioctl(drv, param, blen, 1)) {
+ wpa_printf(MSG_WARNING, "Failed to set encryption.");
+ /* TODO: show key error*/
+ ret = -1;
+ }
+ os_free(buf);
+
+ return ret;
+}
+
+
+static int wpa_driver_atmel_set_countermeasures(void *priv,
+ int enabled)
+{
+ /* FIX */
+ printf("wpa_driver_atmel_set_countermeasures - not yet "
+ "implemented\n");
+ return 0;
+}
+
+
+static int wpa_driver_atmel_set_drop_unencrypted(void *priv,
+ int enabled)
+{
+ /* FIX */
+ printf("wpa_driver_atmel_set_drop_unencrypted - not yet "
+ "implemented\n");
+ return 0;
+}
+
+
+static int wpa_driver_atmel_mlme(void *priv, const u8 *addr, int cmd,
+ int reason_code)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ struct atmel_param param;
+ int ret;
+ int mgmt_error = 0xaa;
+
+ os_memset(¶m, 0, sizeof(param));
+ os_memcpy(param.sta_addr, addr, ETH_ALEN);
+ param.cmd = cmd;
+ param.mlme.reason_code = reason_code;
+ param.mlme.state = mgmt_error;
+ ret = atmel_ioctl(drv, ¶m, sizeof(param), 1);
+ return ret;
+}
+
+
+#if 0
+static int wpa_driver_atmel_set_suites(struct wpa_driver_atmel_data *drv,
+ u8 pairwise_suite, u8 group_suite,
+ u8 key_mgmt_suite)
+{
+ struct atmel_param param;
+ int ret;
+
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = SET_CIPHER_SUITES;
+ param.pairwise_suite = pairwise_suite;
+ param.group_suite = group_suite;
+ param.key_mgmt_suite = key_mgmt_suite;
+
+ ret = atmel_ioctl(drv, ¶m, sizeof(param), 1);
+ return ret;
+}
+#endif
+
+
+static int wpa_driver_atmel_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ printf("wpa_driver_atmel_deauthenticate\n");
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_atmel_mlme(drv, addr, MLME_STA_DEAUTH,
+ reason_code);
+
+}
+
+
+static int wpa_driver_atmel_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ printf("wpa_driver_atmel_disassociate\n");
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_atmel_mlme(drv, addr, MLME_STA_DISASSOC,
+ reason_code);
+
+}
+
+
+#if 0
+/* Atmel driver uses specific values for each cipher suite */
+static int convertSuiteToDriver(wpa_cipher suite)
+{
+ u8 suite_type;
+
+ switch(suite) {
+ case CIPHER_NONE:
+ suite_type = 0;
+ break;
+ case CIPHER_WEP40:
+ suite_type = 1;
+ break;
+ case CIPHER_TKIP:
+ suite_type = 2;
+ break;
+ case CIPHER_WEP104:
+ suite_type = 5;
+ break;
+ case CIPHER_CCMP:
+ suite_type = 3;
+ break;
+ default:
+ suite_type = 2;
+ }
+
+ return suite_type;
+
+}
+#endif
+
+static int
+wpa_driver_atmel_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ int ret = 0;
+#if 0
+ u8 pairwise_suite_driver;
+ u8 group_suite_driver;
+ u8 key_mgmt_suite_driver;
+
+ pairwise_suite_driver = convertSuiteToDriver(params->pairwise_suite);
+ group_suite_driver = convertSuiteToDriver(params->group_suite);
+ key_mgmt_suite_driver = convertSuiteToDriver(params->key_mgmt_suite);
+
+ if (wpa_driver_atmel_set_suites(drv, pairwise_suite_driver,
+ group_suite_driver,
+ key_mgmt_suite_driver) < 0){
+ printf("wpa_driver_atmel_set_suites.\n");
+ ret = -1;
+ }
+ if (wpa_driver_wext_set_freq(drv->wext, params->freq) < 0) {
+ printf("wpa_driver_atmel_set_freq.\n");
+ ret = -1;
+ }
+#endif
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid, params->ssid_len)
+ < 0) {
+ printf("FAILED : wpa_driver_atmel_set_ssid.\n");
+ ret = -1;
+ }
+ if (wpa_driver_wext_set_bssid(drv->wext, params->bssid) < 0) {
+ printf("FAILED : wpa_driver_atmel_set_bssid.\n");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_atmel_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_driver_atmel_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_driver_atmel_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ return wpa_driver_wext_scan(drv->wext, ssid, ssid_len);
+}
+
+
+static int wpa_driver_atmel_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_driver_atmel_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_driver_atmel_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_atmel_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL) {
+ os_free(drv);
+ return NULL;
+ }
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0) {
+ wpa_driver_wext_deinit(drv->wext);
+ os_free(drv);
+ return NULL;
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_atmel_deinit(void *priv)
+{
+ struct wpa_driver_atmel_data *drv = priv;
+ wpa_driver_wext_deinit(drv->wext);
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_atmel_ops = {
+ .name = "atmel",
+ .desc = "ATMEL AT76C5XXx (USB, PCMCIA)",
+ .get_bssid = wpa_driver_atmel_get_bssid,
+ .get_ssid = wpa_driver_atmel_get_ssid,
+ .set_wpa = wpa_driver_atmel_set_wpa,
+ .set_key = wpa_driver_atmel_set_key,
+ .init = wpa_driver_atmel_init,
+ .deinit = wpa_driver_atmel_deinit,
+ .set_countermeasures = wpa_driver_atmel_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_atmel_set_drop_unencrypted,
+ .scan = wpa_driver_atmel_scan,
+ .get_scan_results = wpa_driver_atmel_get_scan_results,
+ .deauthenticate = wpa_driver_atmel_deauthenticate,
+ .disassociate = wpa_driver_atmel_disassociate,
+ .associate = wpa_driver_atmel_associate,
+ .set_operstate = wpa_driver_atmel_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Broadcom wl.o driver
+ * Copyright (c) 2004, Nikki Chumkov <nikki@gattaca.ru>
+ * Copyright (c) 2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#if 0
+#include <netpacket/packet.h>
+#include <net/ethernet.h> /* the L2 protocols */
+#else
+#include <linux/if_packet.h>
+#include <linux/if_ether.h> /* The L2 protocols */
+#endif
+#include <net/if.h>
+#include <typedefs.h>
+
+/* wlioctl.h is a Broadcom header file and it is available, e.g., from Linksys
+ * WRT54G GPL tarball. */
+#include <wlioctl.h>
+
+#include "common.h"
+#include "driver.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "wpa.h"
+
+struct wpa_driver_broadcom_data {
+ void *ctx;
+ int ioctl_sock;
+ int event_sock;
+ char ifname[IFNAMSIZ + 1];
+};
+
+
+#ifndef WLC_DEAUTHENTICATE
+#define WLC_DEAUTHENTICATE 143
+#endif
+#ifndef WLC_DEAUTHENTICATE_WITH_REASON
+#define WLC_DEAUTHENTICATE_WITH_REASON 201
+#endif
+#ifndef WLC_SET_TKIP_COUNTERMEASURES
+#define WLC_SET_TKIP_COUNTERMEASURES 202
+#endif
+
+#if !defined(PSK_ENABLED) /* NEW driver interface */
+#define WL_VERSION 360130
+/* wireless authentication bit vector */
+#define WPA_ENABLED 1
+#define PSK_ENABLED 2
+
+#define WAUTH_WPA_ENABLED(wauth) ((wauth) & WPA_ENABLED)
+#define WAUTH_PSK_ENABLED(wauth) ((wauth) & PSK_ENABLED)
+#define WAUTH_ENABLED(wauth) ((wauth) & (WPA_ENABLED | PSK_ENABLED))
+
+#define WSEC_PRIMARY_KEY WL_PRIMARY_KEY
+
+typedef wl_wsec_key_t wsec_key_t;
+#endif
+
+typedef struct {
+ uint32 val;
+ struct ether_addr ea;
+ uint16 res;
+} wlc_deauth_t;
+
+
+static void wpa_driver_broadcom_scan_timeout(void *eloop_ctx,
+ void *timeout_ctx);
+
+static int broadcom_ioctl(struct wpa_driver_broadcom_data *drv, int cmd,
+ void *buf, int len)
+{
+ struct ifreq ifr;
+ wl_ioctl_t ioc;
+ int ret = 0;
+
+ wpa_printf(MSG_MSGDUMP, "BROADCOM: wlioctl(%s,%d,len=%d,val=%p)",
+ drv->ifname, cmd, len, buf);
+ /* wpa_hexdump(MSG_MSGDUMP, "BROADCOM: wlioctl buf", buf, len); */
+
+ ioc.cmd = cmd;
+ ioc.buf = buf;
+ ioc.len = len;
+ os_strncpy(ifr.ifr_name, drv->ifname, IFNAMSIZ);
+ ifr.ifr_data = (caddr_t) &ioc;
+ if ((ret = ioctl(drv->ioctl_sock, SIOCDEVPRIVATE, &ifr)) < 0) {
+ if (cmd != WLC_GET_MAGIC)
+ perror(ifr.ifr_name);
+ wpa_printf(MSG_MSGDUMP, "BROADCOM: wlioctl cmd=%d res=%d",
+ cmd, ret);
+ }
+
+ return ret;
+}
+
+static int wpa_driver_broadcom_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ if (broadcom_ioctl(drv, WLC_GET_BSSID, bssid, ETH_ALEN) == 0)
+ return 0;
+
+ os_memset(bssid, 0, ETH_ALEN);
+ return -1;
+}
+
+static int wpa_driver_broadcom_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ wlc_ssid_t s;
+
+ if (broadcom_ioctl(drv, WLC_GET_SSID, &s, sizeof(s)) == -1)
+ return -1;
+
+ os_memcpy(ssid, s.SSID, s.SSID_len);
+ return s.SSID_len;
+}
+
+static int wpa_driver_broadcom_set_wpa(void *priv, int enable)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ unsigned int wauth, wsec;
+ struct ether_addr ea;
+
+ os_memset(&ea, enable ? 0xff : 0, sizeof(ea));
+ if (broadcom_ioctl(drv, WLC_GET_WPA_AUTH, &wauth, sizeof(wauth)) ==
+ -1 ||
+ broadcom_ioctl(drv, WLC_GET_WSEC, &wsec, sizeof(wsec)) == -1)
+ return -1;
+
+ if (enable) {
+ wauth = PSK_ENABLED;
+ wsec = TKIP_ENABLED;
+ } else {
+ wauth = 255;
+ wsec &= ~(TKIP_ENABLED | AES_ENABLED);
+ }
+
+ if (broadcom_ioctl(drv, WLC_SET_WPA_AUTH, &wauth, sizeof(wauth)) ==
+ -1 ||
+ broadcom_ioctl(drv, WLC_SET_WSEC, &wsec, sizeof(wsec)) == -1)
+ return -1;
+
+ /* FIX: magic number / error handling? */
+ broadcom_ioctl(drv, 122, &ea, sizeof(ea));
+
+ return 0;
+}
+
+static int wpa_driver_broadcom_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ int ret;
+ wsec_key_t wkt;
+
+ os_memset(&wkt, 0, sizeof wkt);
+ wpa_printf(MSG_MSGDUMP, "BROADCOM: SET %sKEY[%d] alg=%d",
+ set_tx ? "PRIMARY " : "", key_idx, alg);
+ if (key && key_len > 0)
+ wpa_hexdump_key(MSG_MSGDUMP, "BROADCOM: key", key, key_len);
+
+ switch (alg) {
+ case WPA_ALG_NONE:
+ wkt.algo = CRYPTO_ALGO_OFF;
+ break;
+ case WPA_ALG_WEP:
+ wkt.algo = CRYPTO_ALGO_WEP128; /* CRYPTO_ALGO_WEP1? */
+ break;
+ case WPA_ALG_TKIP:
+ wkt.algo = 0; /* CRYPTO_ALGO_TKIP? */
+ break;
+ case WPA_ALG_CCMP:
+ wkt.algo = 0; /* CRYPTO_ALGO_AES_CCM;
+ * AES_OCB_MSDU, AES_OCB_MPDU? */
+ break;
+ default:
+ wkt.algo = CRYPTO_ALGO_NALG;
+ break;
+ }
+
+ if (seq && seq_len > 0)
+ wpa_hexdump(MSG_MSGDUMP, "BROADCOM: SEQ", seq, seq_len);
+
+ if (addr)
+ wpa_hexdump(MSG_MSGDUMP, "BROADCOM: addr", addr, ETH_ALEN);
+
+ wkt.index = key_idx;
+ wkt.len = key_len;
+ if (key && key_len > 0) {
+ os_memcpy(wkt.data, key, key_len);
+ if (key_len == 32) {
+ /* hack hack hack XXX */
+ os_memcpy(&wkt.data[16], &key[24], 8);
+ os_memcpy(&wkt.data[24], &key[16], 8);
+ }
+ }
+ /* wkt.algo = CRYPTO_ALGO_...; */
+ wkt.flags = set_tx ? 0 : WSEC_PRIMARY_KEY;
+ if (addr && set_tx)
+ os_memcpy(&wkt.ea, addr, sizeof(wkt.ea));
+ ret = broadcom_ioctl(drv, WLC_SET_KEY, &wkt, sizeof(wkt));
+ if (addr && set_tx) {
+ /* FIX: magic number / error handling? */
+ broadcom_ioctl(drv, 121, &wkt.ea, sizeof(wkt.ea));
+ }
+ return ret;
+}
+
+
+static void wpa_driver_broadcom_event_receive(int sock, void *ctx,
+ void *sock_ctx)
+{
+ char buf[8192];
+ int left;
+ wl_wpa_header_t *wwh;
+ union wpa_event_data data;
+
+ if ((left = recv(sock, buf, sizeof buf, 0)) < 0)
+ return;
+
+ wpa_hexdump(MSG_DEBUG, "RECEIVE EVENT", buf, left);
+
+ if ((size_t) left < sizeof(wl_wpa_header_t))
+ return;
+
+ wwh = (wl_wpa_header_t *) buf;
+
+ if (wwh->snap.type != WL_WPA_ETHER_TYPE)
+ return;
+ if (os_memcmp(&wwh->snap, wl_wpa_snap_template, 6) != 0)
+ return;
+
+ os_memset(&data, 0, sizeof(data));
+
+ switch (wwh->type) {
+ case WLC_ASSOC_MSG:
+ left -= WL_WPA_HEADER_LEN;
+ wpa_printf(MSG_DEBUG, "BROADCOM: ASSOC MESSAGE (left: %d)",
+ left);
+ if (left > 0) {
+ data.assoc_info.resp_ies = os_malloc(left);
+ if (data.assoc_info.resp_ies == NULL)
+ return;
+ os_memcpy(data.assoc_info.resp_ies,
+ buf + WL_WPA_HEADER_LEN, left);
+ data.assoc_info.resp_ies_len = left;
+ wpa_hexdump(MSG_MSGDUMP, "BROADCOM: copying %d bytes "
+ "into resp_ies",
+ data.assoc_info.resp_ies, left);
+ }
+ /* data.assoc_info.req_ies = NULL; */
+ /* data.assoc_info.req_ies_len = 0; */
+
+ wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
+ wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
+ break;
+ case WLC_DISASSOC_MSG:
+ wpa_printf(MSG_DEBUG, "BROADCOM: DISASSOC MESSAGE");
+ wpa_supplicant_event(ctx, EVENT_DISASSOC, NULL);
+ break;
+ case WLC_PTK_MIC_MSG:
+ wpa_printf(MSG_DEBUG, "BROADCOM: PTK MIC MSG MESSAGE");
+ data.michael_mic_failure.unicast = 1;
+ wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
+ break;
+ case WLC_GTK_MIC_MSG:
+ wpa_printf(MSG_DEBUG, "BROADCOM: GTK MIC MSG MESSAGE");
+ data.michael_mic_failure.unicast = 0;
+ wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "BROADCOM: UNKNOWN MESSAGE (%d)",
+ wwh->type);
+ break;
+ }
+ os_free(data.assoc_info.resp_ies);
+}
+
+static void * wpa_driver_broadcom_init(void *ctx, const char *ifname)
+{
+ int s;
+ struct sockaddr_ll ll;
+ struct wpa_driver_broadcom_data *drv;
+ struct ifreq ifr;
+
+ /* open socket to kernel */
+ if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ perror("socket");
+ return NULL;
+ }
+ /* do it */
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
+ perror(ifr.ifr_name);
+ return NULL;
+ }
+
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->ioctl_sock = s;
+
+ s = socket(PF_PACKET, SOCK_RAW, ntohs(ETH_P_802_2));
+ if (s < 0) {
+ perror("socket(PF_PACKET, SOCK_RAW, ntohs(ETH_P_802_2))");
+ close(drv->ioctl_sock);
+ os_free(drv);
+ return NULL;
+ }
+
+ os_memset(&ll, 0, sizeof(ll));
+ ll.sll_family = AF_PACKET;
+ ll.sll_protocol = ntohs(ETH_P_802_2);
+ ll.sll_ifindex = ifr.ifr_ifindex;
+ ll.sll_hatype = 0;
+ ll.sll_pkttype = PACKET_HOST;
+ ll.sll_halen = 0;
+
+ if (bind(s, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
+ perror("bind(netlink)");
+ close(s);
+ close(drv->ioctl_sock);
+ os_free(drv);
+ return NULL;
+ }
+
+ eloop_register_read_sock(s, wpa_driver_broadcom_event_receive, ctx,
+ NULL);
+ drv->event_sock = s;
+
+ return drv;
+}
+
+static void wpa_driver_broadcom_deinit(void *priv)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ eloop_cancel_timeout(wpa_driver_broadcom_scan_timeout, drv, drv->ctx);
+ eloop_unregister_read_sock(drv->event_sock);
+ close(drv->event_sock);
+ close(drv->ioctl_sock);
+ os_free(drv);
+}
+
+static int wpa_driver_broadcom_set_countermeasures(void *priv,
+ int enabled)
+{
+#if 0
+ struct wpa_driver_broadcom_data *drv = priv;
+ /* FIX: ? */
+ return broadcom_ioctl(drv, WLC_SET_TKIP_COUNTERMEASURES, &enabled,
+ sizeof(enabled));
+#else
+ return 0;
+#endif
+}
+
+static int wpa_driver_broadcom_set_drop_unencrypted(void *priv, int enabled)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ /* SET_EAP_RESTRICT, SET_WEP_RESTRICT */
+ int restrict = (enabled ? 1 : 0);
+
+ if (broadcom_ioctl(drv, WLC_SET_WEP_RESTRICT,
+ &restrict, sizeof(restrict)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_EAP_RESTRICT,
+ &restrict, sizeof(restrict)) < 0)
+ return -1;
+
+ return 0;
+}
+
+static void wpa_driver_broadcom_scan_timeout(void *eloop_ctx,
+ void *timeout_ctx)
+{
+ wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
+ wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
+}
+
+static int wpa_driver_broadcom_scan(void *priv, const u8 *ssid,
+ size_t ssid_len)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ wlc_ssid_t wst = { 0, "" };
+
+ if (ssid && ssid_len > 0 && ssid_len <= sizeof(wst.SSID)) {
+ wst.SSID_len = ssid_len;
+ os_memcpy(wst.SSID, ssid, ssid_len);
+ }
+
+ if (broadcom_ioctl(drv, WLC_SCAN, &wst, sizeof(wst)) < 0)
+ return -1;
+
+ eloop_cancel_timeout(wpa_driver_broadcom_scan_timeout, drv, drv->ctx);
+ eloop_register_timeout(3, 0, wpa_driver_broadcom_scan_timeout, drv,
+ drv->ctx);
+ return 0;
+}
+
+
+static const int frequency_list[] = {
+ 2412, 2417, 2422, 2427, 2432, 2437, 2442,
+ 2447, 2452, 2457, 2462, 2467, 2472, 2484
+};
+
+struct bss_ie_hdr {
+ u8 elem_id;
+ u8 len;
+ u8 oui[3];
+ /* u8 oui_type; */
+ /* u16 version; */
+} __attribute__ ((packed));
+
+static int
+wpa_driver_broadcom_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ char *buf;
+ wl_scan_results_t *wsr = (wl_scan_results_t *) buf;
+ wl_bss_info_t *wbi;
+ size_t ap_num;
+
+ buf = os_malloc(WLC_IOCTL_MAXLEN);
+ if (buf == NULL)
+ return -1;
+
+ wsr = (wl_scan_results_t *) buf;
+
+ wsr->buflen = WLC_IOCTL_MAXLEN - sizeof(wsr);
+ wsr->version = 107;
+ wsr->count = 0;
+
+ if (broadcom_ioctl(drv, WLC_SCAN_RESULTS, buf, WLC_IOCTL_MAXLEN) < 0) {
+ os_free(buf);
+ return -1;
+ }
+
+ os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
+
+ for (ap_num = 0, wbi = wsr->bss_info; ap_num < wsr->count; ++ap_num) {
+ int left;
+ struct bss_ie_hdr *ie;
+
+ os_memcpy(results[ap_num].bssid, &wbi->BSSID, ETH_ALEN);
+ os_memcpy(results[ap_num].ssid, wbi->SSID, wbi->SSID_len);
+ results[ap_num].ssid_len = wbi->SSID_len;
+ results[ap_num].freq = frequency_list[wbi->channel - 1];
+ /* get ie's */
+ wpa_hexdump(MSG_MSGDUMP, "BROADCOM: AP IEs",
+ (u8 *) wbi + sizeof(*wbi), wbi->ie_length);
+ ie = (struct bss_ie_hdr *) ((u8 *) wbi + sizeof(*wbi));
+ for (left = wbi->ie_length; left > 0;
+ left -= (ie->len + 2), ie = (struct bss_ie_hdr *)
+ ((u8 *) ie + 2 + ie->len)) {
+ wpa_printf(MSG_MSGDUMP, "BROADCOM: IE: id:%x, len:%d",
+ ie->elem_id, ie->len);
+ if (ie->len >= 3)
+ wpa_printf(MSG_MSGDUMP,
+ "BROADCOM: oui:%02x%02x%02x",
+ ie->oui[0], ie->oui[1], ie->oui[2]);
+ if (ie->elem_id != 0xdd ||
+ ie->len < 6 ||
+ os_memcmp(ie->oui, WPA_OUI, 3) != 0)
+ continue;
+ os_memcpy(results[ap_num].wpa_ie, ie, ie->len + 2);
+ results[ap_num].wpa_ie_len = ie->len + 2;
+ break;
+ }
+
+ wbi = (wl_bss_info_t *) ((u8 *) wbi + wbi->length);
+ }
+
+ wpa_printf(MSG_MSGDUMP, "Received %d bytes of scan results (%d BSSes)",
+ wsr->buflen, ap_num);
+
+ os_free(buf);
+ return ap_num;
+}
+
+static int wpa_driver_broadcom_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ wlc_deauth_t wdt;
+ wdt.val = reason_code;
+ os_memcpy(&wdt.ea, addr, sizeof wdt.ea);
+ wdt.res = 0x7fff;
+ return broadcom_ioctl(drv, WLC_DEAUTHENTICATE_WITH_REASON, &wdt,
+ sizeof(wdt));
+}
+
+static int wpa_driver_broadcom_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ return broadcom_ioctl(drv, WLC_DISASSOC, 0, 0);
+}
+
+static int
+wpa_driver_broadcom_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_broadcom_data *drv = priv;
+ wlc_ssid_t s;
+ int infra = 1;
+ int auth = 0;
+ int wsec = 4;
+ int dummy;
+ int wpa_auth;
+
+ s.SSID_len = params->ssid_len;
+ os_memcpy(s.SSID, params->ssid, params->ssid_len);
+
+ switch (params->pairwise_suite) {
+ case CIPHER_WEP40:
+ case CIPHER_WEP104:
+ wsec = 1;
+ break;
+
+ case CIPHER_TKIP:
+ wsec = 2;
+ break;
+
+ case CIPHER_CCMP:
+ wsec = 4;
+ break;
+
+ default:
+ wsec = 0;
+ break;
+ }
+
+ switch (params->key_mgmt_suite) {
+ case KEY_MGMT_802_1X:
+ wpa_auth = 1;
+ break;
+
+ case KEY_MGMT_PSK:
+ wpa_auth = 2;
+ break;
+
+ default:
+ wpa_auth = 255;
+ break;
+ }
+
+ /* printf("broadcom_associate: %u %u %u\n", pairwise_suite,
+ * group_suite, key_mgmt_suite);
+ * broadcom_ioctl(ifname, WLC_GET_WSEC, &wsec, sizeof(wsec));
+ * wl join uses wlc_sec_wep here, not wlc_set_wsec */
+
+ if (broadcom_ioctl(drv, WLC_SET_WSEC, &wsec, sizeof(wsec)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_WPA_AUTH, &wpa_auth,
+ sizeof(wpa_auth)) < 0 ||
+ broadcom_ioctl(drv, WLC_GET_WEP, &dummy, sizeof(dummy)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_INFRA, &infra, sizeof(infra)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_AUTH, &auth, sizeof(auth)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_WEP, &wsec, sizeof(wsec)) < 0 ||
+ broadcom_ioctl(drv, WLC_SET_SSID, &s, sizeof(s)) < 0)
+ return -1;
+
+ return 0;
+}
+
+const struct wpa_driver_ops wpa_driver_broadcom_ops = {
+ .name = "broadcom",
+ .desc = "Broadcom wl.o driver",
+ .get_bssid = wpa_driver_broadcom_get_bssid,
+ .get_ssid = wpa_driver_broadcom_get_ssid,
+ .set_wpa = wpa_driver_broadcom_set_wpa,
+ .set_key = wpa_driver_broadcom_set_key,
+ .init = wpa_driver_broadcom_init,
+ .deinit = wpa_driver_broadcom_deinit,
+ .set_countermeasures = wpa_driver_broadcom_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_broadcom_set_drop_unencrypted,
+ .scan = wpa_driver_broadcom_scan,
+ .get_scan_results = wpa_driver_broadcom_get_scan_results,
+ .deauthenticate = wpa_driver_broadcom_deauthenticate,
+ .disassociate = wpa_driver_broadcom_disassociate,
+ .associate = wpa_driver_broadcom_associate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with BSD net80211 layer
+ * Copyright (c) 2004, Sam Leffler <sam@errno.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "common.h"
+#include "driver.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "l2_packet.h"
+#include "wpa.h" /* XXX for RSN_INFO_ELEM */
+
+#include <net/if.h>
+#include <net/ethernet.h>
+
+#include <net80211/ieee80211.h>
+#include <net80211/ieee80211_crypto.h>
+#include <net80211/ieee80211_ioctl.h>
+
+struct wpa_driver_bsd_data {
+ int sock; /* open socket for 802.11 ioctls */
+ int route; /* routing socket for events */
+ char ifname[IFNAMSIZ+1]; /* interface name */
+ unsigned int ifindex; /* interface index */
+ void *ctx;
+ int prev_roaming; /* roaming state to restore on deinit */
+ int prev_privacy; /* privacy state to restore on deinit */
+ int prev_wpa; /* wpa state to restore on deinit */
+};
+
+static int
+set80211var(struct wpa_driver_bsd_data *drv, int op, const void *arg, int arg_len)
+{
+ struct ieee80211req ireq;
+
+ os_memset(&ireq, 0, sizeof(ireq));
+ os_strncpy(ireq.i_name, drv->ifname, IFNAMSIZ);
+ ireq.i_type = op;
+ ireq.i_len = arg_len;
+ ireq.i_data = (void *) arg;
+
+ if (ioctl(drv->sock, SIOCS80211, &ireq) < 0) {
+ fprintf(stderr, "ioctl[SIOCS80211, op %u, len %u]: %s\n",
+ op, arg_len, strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+static int
+get80211var(struct wpa_driver_bsd_data *drv, int op, void *arg, int arg_len)
+{
+ struct ieee80211req ireq;
+
+ os_memset(&ireq, 0, sizeof(ireq));
+ os_strncpy(ireq.i_name, drv->ifname, IFNAMSIZ);
+ ireq.i_type = op;
+ ireq.i_len = arg_len;
+ ireq.i_data = arg;
+
+ if (ioctl(drv->sock, SIOCG80211, &ireq) < 0) {
+ fprintf(stderr, "ioctl[SIOCG80211, op %u, len %u]: %s\n",
+ op, arg_len, strerror(errno));
+ return -1;
+ }
+ return ireq.i_len;
+}
+
+static int
+set80211param(struct wpa_driver_bsd_data *drv, int op, int arg)
+{
+ struct ieee80211req ireq;
+
+ os_memset(&ireq, 0, sizeof(ireq));
+ os_strncpy(ireq.i_name, drv->ifname, IFNAMSIZ);
+ ireq.i_type = op;
+ ireq.i_val = arg;
+
+ if (ioctl(drv->sock, SIOCS80211, &ireq) < 0) {
+ fprintf(stderr, "ioctl[SIOCS80211, op %u, arg 0x%x]: %s\n",
+ op, arg, strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+static int
+get80211param(struct wpa_driver_bsd_data *drv, int op)
+{
+ struct ieee80211req ireq;
+
+ os_memset(&ireq, 0, sizeof(ireq));
+ os_strncpy(ireq.i_name, drv->ifname, IFNAMSIZ);
+ ireq.i_type = op;
+
+ if (ioctl(drv->sock, SIOCG80211, &ireq) < 0) {
+ fprintf(stderr, "ioctl[SIOCG80211, op %u]: %s\n",
+ op, strerror(errno));
+ return -1;
+ }
+ return ireq.i_val;
+}
+
+static int
+getifflags(struct wpa_driver_bsd_data *drv, int *flags)
+{
+ struct ifreq ifr;
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, drv->ifname, sizeof (ifr.ifr_name));
+ if (ioctl(drv->sock, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
+ perror("SIOCGIFFLAGS");
+ return errno;
+ }
+ *flags = ifr.ifr_flags & 0xffff;
+ return 0;
+}
+
+static int
+setifflags(struct wpa_driver_bsd_data *drv, int flags)
+{
+ struct ifreq ifr;
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, drv->ifname, sizeof (ifr.ifr_name));
+ ifr.ifr_flags = flags & 0xffff;
+ if (ioctl(drv->sock, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+ perror("SIOCSIFFLAGS");
+ return errno;
+ }
+ return 0;
+}
+
+static int
+wpa_driver_bsd_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ return get80211var(drv, IEEE80211_IOC_BSSID,
+ bssid, IEEE80211_ADDR_LEN) < 0 ? -1 : 0;
+}
+
+#if 0
+static int
+wpa_driver_bsd_set_bssid(void *priv, const char *bssid)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ return set80211var(drv, IEEE80211_IOC_BSSID,
+ bssid, IEEE80211_ADDR_LEN);
+}
+#endif
+
+static int
+wpa_driver_bsd_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ return get80211var(drv, IEEE80211_IOC_SSID,
+ ssid, IEEE80211_NWID_LEN);
+}
+
+static int
+wpa_driver_bsd_set_ssid(void *priv, const char *ssid,
+ size_t ssid_len)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ return set80211var(drv, IEEE80211_IOC_SSID, ssid, ssid_len);
+}
+
+static int
+wpa_driver_bsd_set_wpa_ie(struct wpa_driver_bsd_data *drv,
+ const char *wpa_ie, size_t wpa_ie_len)
+{
+ return set80211var(drv, IEEE80211_IOC_OPTIE, wpa_ie, wpa_ie_len);
+}
+
+static int
+wpa_driver_bsd_set_wpa_internal(void *priv, int wpa, int privacy)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: wpa=%d privacy=%d",
+ __FUNCTION__, wpa, privacy);
+
+ if (!wpa && wpa_driver_bsd_set_wpa_ie(drv, NULL, 0) < 0)
+ ret = -1;
+ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ ret = -1;
+ if (set80211param(drv, IEEE80211_IOC_WPA, wpa) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+static int
+wpa_driver_bsd_set_wpa(void *priv, int enabled)
+{
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+
+ return wpa_driver_bsd_set_wpa_internal(priv, enabled ? 3 : 0, enabled);
+}
+
+static int
+wpa_driver_bsd_del_key(struct wpa_driver_bsd_data *drv, int key_idx,
+ const unsigned char *addr)
+{
+ struct ieee80211req_del_key wk;
+
+ os_memset(&wk, 0, sizeof(wk));
+ if (addr != NULL &&
+ bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) != 0) {
+ struct ether_addr ea;
+
+ os_memcpy(&ea, addr, IEEE80211_ADDR_LEN);
+ wpa_printf(MSG_DEBUG, "%s: addr=%s keyidx=%d",
+ __func__, ether_ntoa(&ea), key_idx);
+ os_memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
+ wk.idk_keyix = (uint8_t) IEEE80211_KEYIX_NONE;
+ } else {
+ wpa_printf(MSG_DEBUG, "%s: keyidx=%d", __func__, key_idx);
+ wk.idk_keyix = key_idx;
+ }
+ return set80211var(drv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk));
+}
+
+static int
+wpa_driver_bsd_set_key(void *priv, wpa_alg alg,
+ const unsigned char *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ struct ieee80211req_key wk;
+ struct ether_addr ea;
+ char *alg_name;
+ u_int8_t cipher;
+
+ if (alg == WPA_ALG_NONE)
+ return wpa_driver_bsd_del_key(drv, key_idx, addr);
+
+ switch (alg) {
+ case WPA_ALG_WEP:
+ alg_name = "WEP";
+ cipher = IEEE80211_CIPHER_WEP;
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ cipher = IEEE80211_CIPHER_TKIP;
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ cipher = IEEE80211_CIPHER_AES_CCM;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "%s: unknown/unsupported algorithm %d",
+ __func__, alg);
+ return -1;
+ }
+
+ os_memcpy(&ea, addr, IEEE80211_ADDR_LEN);
+ wpa_printf(MSG_DEBUG,
+ "%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%zu key_len=%zu",
+ __func__, alg_name, ether_ntoa(&ea), key_idx, set_tx,
+ seq_len, key_len);
+
+ if (seq_len > sizeof(u_int64_t)) {
+ wpa_printf(MSG_DEBUG, "%s: seq_len %zu too big",
+ __func__, seq_len);
+ return -2;
+ }
+ if (key_len > sizeof(wk.ik_keydata)) {
+ wpa_printf(MSG_DEBUG, "%s: key length %zu too big",
+ __func__, key_len);
+ return -3;
+ }
+
+ os_memset(&wk, 0, sizeof(wk));
+ wk.ik_type = cipher;
+ wk.ik_flags = IEEE80211_KEY_RECV;
+ if (set_tx)
+ wk.ik_flags |= IEEE80211_KEY_XMIT;
+ os_memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+ /*
+ * Deduce whether group/global or unicast key by checking
+ * the address (yech). Note also that we can only mark global
+ * keys default; doing this for a unicast key is an error.
+ */
+ if (bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) == 0) {
+ wk.ik_flags |= IEEE80211_KEY_GROUP;
+ wk.ik_keyix = key_idx;
+ } else {
+ wk.ik_keyix = (key_idx == 0 ? IEEE80211_KEYIX_NONE : key_idx);
+ }
+ if (wk.ik_keyix != IEEE80211_KEYIX_NONE && set_tx)
+ wk.ik_flags |= IEEE80211_KEY_DEFAULT;
+ wk.ik_keylen = key_len;
+ os_memcpy(&wk.ik_keyrsc, seq, seq_len);
+ os_memcpy(wk.ik_keydata, key, key_len);
+
+ return set80211var(drv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk));
+}
+
+static int
+wpa_driver_bsd_set_countermeasures(void *priv, int enabled)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+ return set80211param(drv, IEEE80211_IOC_COUNTERMEASURES, enabled);
+}
+
+
+static int
+wpa_driver_bsd_set_drop_unencrypted(void *priv, int enabled)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+ return set80211param(drv, IEEE80211_IOC_DROPUNENCRYPTED, enabled);
+}
+
+static int
+wpa_driver_bsd_deauthenticate(void *priv, const u8 *addr, int reason_code)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+ os_memset(&mlme, 0, sizeof(mlme));
+ mlme.im_op = IEEE80211_MLME_DEAUTH;
+ mlme.im_reason = reason_code;
+ os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+ return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
+static int
+wpa_driver_bsd_disassociate(void *priv, const u8 *addr, int reason_code)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+ os_memset(&mlme, 0, sizeof(mlme));
+ mlme.im_op = IEEE80211_MLME_DISASSOC;
+ mlme.im_reason = reason_code;
+ os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+ return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
+static int
+wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ int privacy;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+ , __func__
+ , params->ssid_len, params->ssid
+ , params->wpa_ie_len
+ , params->pairwise_suite
+ , params->group_suite
+ , params->key_mgmt_suite
+ );
+
+ /* XXX error handling is wrong but unclear what to do... */
+ if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+ return -1;
+#ifndef NEW_FREEBSD_MLME_ASSOC
+ if (wpa_driver_bsd_set_ssid(drv, params->ssid, params->ssid_len) < 0)
+ return -1;
+#endif
+
+ privacy = !(params->pairwise_suite == CIPHER_NONE &&
+ params->group_suite == CIPHER_NONE &&
+ params->key_mgmt_suite == KEY_MGMT_NONE &&
+ params->wpa_ie_len == 0);
+ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
+
+ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ return -1;
+
+ if (params->wpa_ie_len &&
+ set80211param(drv, IEEE80211_IOC_WPA,
+ params->wpa_ie[0] == RSN_INFO_ELEM ? 2 : 1) < 0)
+ return -1;
+
+ os_memset(&mlme, 0, sizeof(mlme));
+ mlme.im_op = IEEE80211_MLME_ASSOC;
+#ifdef NEW_FREEBSD_MLME_ASSOC
+ if (params->ssid != NULL)
+ os_memcpy(mlme.im_ssid, params->ssid, params->ssid_len);
+ mlme.im_ssid_len = params->ssid_len;
+#endif
+ if (params->bssid != NULL)
+ os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
+ if (set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)) < 0)
+ return -1;
+ return 0;
+}
+
+static int
+wpa_driver_bsd_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ int authmode;
+
+ if ((auth_alg & AUTH_ALG_OPEN_SYSTEM) &&
+ (auth_alg & AUTH_ALG_SHARED_KEY))
+ authmode = IEEE80211_AUTH_AUTO;
+ else if (auth_alg & AUTH_ALG_SHARED_KEY)
+ authmode = IEEE80211_AUTH_SHARED;
+ else
+ authmode = IEEE80211_AUTH_OPEN;
+
+ return set80211param(drv, IEEE80211_IOC_AUTHMODE, authmode);
+}
+
+static int
+wpa_driver_bsd_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ int flags;
+
+ /* NB: interface must be marked UP to do a scan */
+ if (getifflags(drv, &flags) != 0 || setifflags(drv, flags | IFF_UP) != 0)
+ return -1;
+
+ /* set desired ssid before scan */
+ if (wpa_driver_bsd_set_ssid(drv, ssid, ssid_len) < 0)
+ return -1;
+
+ /* NB: net80211 delivers a scan complete event so no need to poll */
+ return set80211param(drv, IEEE80211_IOC_SCAN_REQ, 0);
+}
+
+#include <net/route.h>
+#include <net80211/ieee80211_freebsd.h>
+
+static void
+wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
+{
+ struct wpa_driver_bsd_data *drv = sock_ctx;
+ char buf[2048];
+ struct if_announcemsghdr *ifan;
+ struct if_msghdr *ifm;
+ struct rt_msghdr *rtm;
+ union wpa_event_data event;
+ struct ieee80211_michael_event *mic;
+ int n;
+
+ n = read(sock, buf, sizeof(buf));
+ if (n < 0) {
+ if (errno != EINTR && errno != EAGAIN)
+ perror("read(PF_ROUTE)");
+ return;
+ }
+
+ rtm = (struct rt_msghdr *) buf;
+ if (rtm->rtm_version != RTM_VERSION) {
+ wpa_printf(MSG_DEBUG, "Routing message version %d not "
+ "understood\n", rtm->rtm_version);
+ return;
+ }
+ os_memset(&event, 0, sizeof(event));
+ switch (rtm->rtm_type) {
+ case RTM_IFANNOUNCE:
+ ifan = (struct if_announcemsghdr *) rtm;
+ if (ifan->ifan_index != drv->ifindex)
+ break;
+ strlcpy(event.interface_status.ifname, drv->ifname,
+ sizeof(event.interface_status.ifname));
+ switch (ifan->ifan_what) {
+ case IFAN_DEPARTURE:
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ default:
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s",
+ event.interface_status.ifname,
+ ifan->ifan_what == IFAN_DEPARTURE ?
+ "removed" : "added");
+ wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
+ break;
+ case RTM_IEEE80211:
+ ifan = (struct if_announcemsghdr *) rtm;
+ if (ifan->ifan_index != drv->ifindex)
+ break;
+ switch (ifan->ifan_what) {
+ case RTM_IEEE80211_ASSOC:
+ case RTM_IEEE80211_REASSOC:
+ wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
+ break;
+ case RTM_IEEE80211_DISASSOC:
+ wpa_supplicant_event(ctx, EVENT_DISASSOC, NULL);
+ break;
+ case RTM_IEEE80211_SCAN:
+ wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
+ break;
+ case RTM_IEEE80211_REPLAY:
+ /* ignore */
+ break;
+ case RTM_IEEE80211_MICHAEL:
+ mic = (struct ieee80211_michael_event *) &ifan[1];
+ wpa_printf(MSG_DEBUG,
+ "Michael MIC failure wireless event: "
+ "keyix=%u src_addr=" MACSTR, mic->iev_keyix,
+ MAC2STR(mic->iev_src));
+
+ os_memset(&event, 0, sizeof(event));
+ event.michael_mic_failure.unicast =
+ !IEEE80211_IS_MULTICAST(mic->iev_dst);
+ wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE,
+ &event);
+ break;
+ }
+ break;
+ case RTM_IFINFO:
+ ifm = (struct if_msghdr *) rtm;
+ if (ifm->ifm_index != drv->ifindex)
+ break;
+ if ((rtm->rtm_flags & RTF_UP) == 0) {
+ strlcpy(event.interface_status.ifname, drv->ifname,
+ sizeof(event.interface_status.ifname));
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ event.interface_status.ifname);
+ wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
+ }
+ break;
+ }
+}
+
+/* Compare function for sorting scan results. Return >0 if @b is consider
+ * better. */
+static int
+wpa_scan_result_compar(const void *a, const void *b)
+{
+ const struct wpa_scan_result *wa = a;
+ const struct wpa_scan_result *wb = b;
+
+ /* WPA/WPA2 support preferred */
+ if ((wb->wpa_ie_len || wb->rsn_ie_len) &&
+ !(wa->wpa_ie_len || wa->rsn_ie_len))
+ return 1;
+ if (!(wb->wpa_ie_len || wb->rsn_ie_len) &&
+ (wa->wpa_ie_len || wa->rsn_ie_len))
+ return -1;
+
+ /* privacy support preferred */
+ if ((wa->caps & IEEE80211_CAPINFO_PRIVACY) &&
+ (wb->caps & IEEE80211_CAPINFO_PRIVACY) == 0)
+ return 1;
+ if ((wa->caps & IEEE80211_CAPINFO_PRIVACY) == 0 &&
+ (wb->caps & IEEE80211_CAPINFO_PRIVACY))
+ return -1;
+
+ /* best/max rate preferred if signal level close enough XXX */
+ if (wa->maxrate != wb->maxrate && abs(wb->level - wa->level) < 5)
+ return wb->maxrate - wa->maxrate;
+
+ /* use freq for channel preference */
+
+ /* all things being equal, use signal level */
+ return wb->level - wa->level;
+}
+
+static int
+getmaxrate(uint8_t rates[15], uint8_t nrates)
+{
+ int i, maxrate = -1;
+
+ for (i = 0; i < nrates; i++) {
+ int rate = rates[i] & IEEE80211_RATE_VAL;
+ if (rate > maxrate)
+ rate = maxrate;
+ }
+ return maxrate;
+}
+
+/* unalligned little endian access */
+#define LE_READ_4(p) \
+ ((u_int32_t) \
+ ((((const u_int8_t *)(p))[0] ) | \
+ (((const u_int8_t *)(p))[1] << 8) | \
+ (((const u_int8_t *)(p))[2] << 16) | \
+ (((const u_int8_t *)(p))[3] << 24)))
+
+static int __inline
+iswpaoui(const u_int8_t *frm)
+{
+ return frm[1] > 3 && LE_READ_4(frm+2) == ((WPA_OUI_TYPE<<24)|WPA_OUI);
+}
+
+static int
+wpa_driver_bsd_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+#define min(a,b) ((a)>(b)?(b):(a))
+ struct wpa_driver_bsd_data *drv = priv;
+ uint8_t buf[24*1024];
+ uint8_t *cp, *vp;
+ struct ieee80211req_scan_result *sr;
+ struct wpa_scan_result *wsr;
+ int len, ielen;
+
+ os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
+
+ len = get80211var(drv, IEEE80211_IOC_SCAN_RESULTS, buf, sizeof(buf));
+ if (len < 0)
+ return -1;
+ cp = buf;
+ wsr = results;
+ while (len >= sizeof(struct ieee80211req_scan_result)) {
+ sr = (struct ieee80211req_scan_result *) cp;
+ os_memcpy(wsr->bssid, sr->isr_bssid, IEEE80211_ADDR_LEN);
+ wsr->ssid_len = sr->isr_ssid_len;
+ wsr->freq = sr->isr_freq;
+ wsr->noise = sr->isr_noise;
+ wsr->qual = sr->isr_rssi;
+ wsr->level = 0; /* XXX? */
+ wsr->caps = sr->isr_capinfo;
+ wsr->maxrate = getmaxrate(sr->isr_rates, sr->isr_nrates);
+ vp = (u_int8_t *)(sr+1);
+ os_memcpy(wsr->ssid, vp, sr->isr_ssid_len);
+ if (sr->isr_ie_len > 0) {
+ vp += sr->isr_ssid_len;
+ ielen = sr->isr_ie_len;
+ while (ielen > 0) {
+ switch (vp[0]) {
+ case IEEE80211_ELEMID_VENDOR:
+ if (!iswpaoui(vp))
+ break;
+ wsr->wpa_ie_len =
+ min(2+vp[1], SSID_MAX_WPA_IE_LEN);
+ os_memcpy(wsr->wpa_ie, vp,
+ wsr->wpa_ie_len);
+ break;
+ case IEEE80211_ELEMID_RSN:
+ wsr->rsn_ie_len =
+ min(2+vp[1], SSID_MAX_WPA_IE_LEN);
+ os_memcpy(wsr->rsn_ie, vp,
+ wsr->rsn_ie_len);
+ break;
+ }
+ ielen -= 2+vp[1];
+ vp += 2+vp[1];
+ }
+ }
+
+ cp += sr->isr_len, len -= sr->isr_len;
+ wsr++;
+ }
+ qsort(results, wsr - results, sizeof(struct wpa_scan_result),
+ wpa_scan_result_compar);
+
+ wpa_printf(MSG_DEBUG, "Received %d bytes of scan results (%d BSSes)",
+ len, wsr - results);
+
+ return wsr - results;
+#undef min
+}
+
+static void *
+wpa_driver_bsd_init(void *ctx, const char *ifname)
+{
+#define GETPARAM(drv, param, v) \
+ (((v) = get80211param(drv, param)) != -1)
+ struct wpa_driver_bsd_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ /*
+ * NB: We require the interface name be mappable to an index.
+ * This implies we do not support having wpa_supplicant
+ * wait for an interface to appear. This seems ok; that
+ * doesn't belong here; it's really the job of devd.
+ */
+ drv->ifindex = if_nametoindex(ifname);
+ if (drv->ifindex == 0) {
+ wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
+ __func__, ifname);
+ goto fail1;
+ }
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0)
+ goto fail1;
+ drv->route = socket(PF_ROUTE, SOCK_RAW, 0);
+ if (drv->route < 0)
+ goto fail;
+ eloop_register_read_sock(drv->route,
+ wpa_driver_bsd_event_receive, ctx, drv);
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+
+ if (!GETPARAM(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)) {
+ wpa_printf(MSG_DEBUG, "%s: failed to get roaming state: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if (!GETPARAM(drv, IEEE80211_IOC_PRIVACY, drv->prev_privacy)) {
+ wpa_printf(MSG_DEBUG, "%s: failed to get privacy state: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if (!GETPARAM(drv, IEEE80211_IOC_WPA, drv->prev_wpa)) {
+ wpa_printf(MSG_DEBUG, "%s: failed to get wpa state: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if (set80211param(drv, IEEE80211_IOC_ROAMING, IEEE80211_ROAMING_MANUAL) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to set wpa_supplicant-based "
+ "roaming: %s", __func__, strerror(errno));
+ goto fail;
+ }
+
+ if (set80211param(drv, IEEE80211_IOC_WPA, 1+2) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to enable WPA support %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+
+ return drv;
+fail:
+ close(drv->sock);
+fail1:
+ os_free(drv);
+ return NULL;
+#undef GETPARAM
+}
+
+static void
+wpa_driver_bsd_deinit(void *priv)
+{
+ struct wpa_driver_bsd_data *drv = priv;
+ int flags;
+
+ eloop_unregister_read_sock(drv->route);
+
+ /* NB: mark interface down */
+ if (getifflags(drv, &flags) == 0)
+ (void) setifflags(drv, flags &~ IFF_UP);
+
+ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy);
+ if (set80211param(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming) < 0)
+ wpa_printf(MSG_DEBUG, "%s: failed to restore roaming state",
+ __func__);
+
+ (void) close(drv->route); /* ioctl socket */
+ (void) close(drv->sock); /* event socket */
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_bsd_ops = {
+ .name = "bsd",
+ .desc = "BSD 802.11 support (Atheros, etc.)",
+ .init = wpa_driver_bsd_init,
+ .deinit = wpa_driver_bsd_deinit,
+ .get_bssid = wpa_driver_bsd_get_bssid,
+ .get_ssid = wpa_driver_bsd_get_ssid,
+ .set_wpa = wpa_driver_bsd_set_wpa,
+ .set_key = wpa_driver_bsd_set_key,
+ .set_countermeasures = wpa_driver_bsd_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_bsd_set_drop_unencrypted,
+ .scan = wpa_driver_bsd_scan,
+ .get_scan_results = wpa_driver_bsd_get_scan_results,
+ .deauthenticate = wpa_driver_bsd_deauthenticate,
+ .disassociate = wpa_driver_bsd_disassociate,
+ .associate = wpa_driver_bsd_associate,
+ .set_auth_alg = wpa_driver_bsd_set_auth_alg,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Linux Host AP driver
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "driver_wext.h"
+#include "eloop.h"
+#include "driver_hostap.h"
+#include "l2_packet.h"
+#include "wpa_supplicant.h"
+
+
+struct wpa_driver_hostap_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+ int current_mode; /* infra/adhoc */
+};
+
+
+static int hostapd_ioctl(struct wpa_driver_hostap_data *drv,
+ struct prism2_hostapd_param *param,
+ int len, int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) param;
+ iwr.u.data.length = len;
+
+ if (ioctl(drv->sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
+ int ret = errno;
+ if (show_err)
+ perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
+ return ret;
+ }
+
+ return 0;
+}
+
+
+static int wpa_driver_hostap_set_wpa_ie(struct wpa_driver_hostap_data *drv,
+ const u8 *wpa_ie, size_t wpa_ie_len)
+{
+ struct prism2_hostapd_param *param;
+ int res;
+ size_t blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN + wpa_ie_len;
+ if (blen < sizeof(*param))
+ blen = sizeof(*param);
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = PRISM2_HOSTAPD_SET_GENERIC_ELEMENT;
+ param->u.generic_elem.len = wpa_ie_len;
+ os_memcpy(param->u.generic_elem.data, wpa_ie, wpa_ie_len);
+ res = hostapd_ioctl(drv, param, blen, 1);
+
+ os_free(param);
+
+ return res;
+}
+
+
+static int prism2param(struct wpa_driver_hostap_data *drv, int param,
+ int value)
+{
+ struct iwreq iwr;
+ int *i, ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ i = (int *) iwr.u.name;
+ *i++ = param;
+ *i++ = value;
+
+ if (ioctl(drv->sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr) < 0) {
+ perror("ioctl[PRISM2_IOCTL_PRISM2_PARAM]");
+ ret = -1;
+ }
+ return ret;
+}
+
+
+static int wpa_driver_hostap_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+
+ if (!enabled && wpa_driver_hostap_set_wpa_ie(drv, NULL, 0) < 0)
+ ret = -1;
+ if (prism2param(drv, PRISM2_PARAM_HOST_ROAMING, enabled ? 2 : 0) < 0)
+ ret = -1;
+ if (prism2param(drv, PRISM2_PARAM_WPA, enabled) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+
+static void show_set_key_error(struct prism2_hostapd_param *param)
+{
+ switch (param->u.crypt.err) {
+ case HOSTAP_CRYPT_ERR_UNKNOWN_ALG:
+ wpa_printf(MSG_INFO, "Unknown algorithm '%s'.",
+ param->u.crypt.alg);
+ wpa_printf(MSG_INFO, "You may need to load kernel module to "
+ "register that algorithm.");
+ wpa_printf(MSG_INFO, "E.g., 'modprobe hostap_crypt_wep' for "
+ "WEP.");
+ break;
+ case HOSTAP_CRYPT_ERR_UNKNOWN_ADDR:
+ wpa_printf(MSG_INFO, "Unknown address " MACSTR ".",
+ MAC2STR(param->sta_addr));
+ break;
+ case HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED:
+ wpa_printf(MSG_INFO, "Crypt algorithm initialization failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "Key setting failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "TX key index setting failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_CARD_CONF_FAILED:
+ wpa_printf(MSG_INFO, "Card configuration failed.");
+ break;
+ }
+}
+
+
+static int wpa_driver_hostap_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx,
+ int set_tx, const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ struct prism2_hostapd_param *param;
+ u8 *buf;
+ size_t blen;
+ int ret = 0;
+ char *alg_name;
+
+ switch (alg) {
+ case WPA_ALG_NONE:
+ alg_name = "none";
+ break;
+ case WPA_ALG_WEP:
+ alg_name = "WEP";
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ break;
+ default:
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ if (seq_len > 8)
+ return -2;
+
+ blen = sizeof(*param) + key_len;
+ buf = os_zalloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ param = (struct prism2_hostapd_param *) buf;
+ param->cmd = PRISM2_SET_ENCRYPTION;
+ /* TODO: In theory, STA in client mode can use five keys; four default
+ * keys for receiving (with keyidx 0..3) and one individual key for
+ * both transmitting and receiving (keyidx 0) _unicast_ packets. Now,
+ * keyidx 0 is reserved for this unicast use and default keys can only
+ * use keyidx 1..3 (i.e., default key with keyidx 0 is not supported).
+ * This should be fine for more or less all cases, but for completeness
+ * sake, the driver could be enhanced to support the missing key. */
+#if 0
+ if (addr == NULL)
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+ else
+ os_memcpy(param->sta_addr, addr, ETH_ALEN);
+#else
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+#endif
+ os_strncpy((char *) param->u.crypt.alg, alg_name,
+ HOSTAP_CRYPT_ALG_NAME_LEN);
+ param->u.crypt.flags = set_tx ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
+ param->u.crypt.idx = key_idx;
+ os_memcpy(param->u.crypt.seq, seq, seq_len);
+ param->u.crypt.key_len = key_len;
+ os_memcpy((u8 *) (param + 1), key, key_len);
+
+ if (hostapd_ioctl(drv, param, blen, 1)) {
+ wpa_printf(MSG_WARNING, "Failed to set encryption.");
+ show_set_key_error(param);
+ ret = -1;
+ }
+ os_free(buf);
+
+ return ret;
+}
+
+
+static int wpa_driver_hostap_set_countermeasures(void *priv, int enabled)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return prism2param(drv, PRISM2_PARAM_TKIP_COUNTERMEASURES, enabled);
+}
+
+
+static int wpa_driver_hostap_set_drop_unencrypted(void *priv, int enabled)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return prism2param(drv, PRISM2_PARAM_DROP_UNENCRYPTED, enabled);
+}
+
+
+static int wpa_driver_hostap_reset(struct wpa_driver_hostap_data *drv,
+ int type)
+{
+ struct iwreq iwr;
+ int *i, ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: type=%d", __FUNCTION__, type);
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ i = (int *) iwr.u.name;
+ *i++ = type;
+
+ if (ioctl(drv->sock, PRISM2_IOCTL_RESET, &iwr) < 0) {
+ perror("ioctl[PRISM2_IOCTL_RESET]");
+ ret = -1;
+ }
+ return ret;
+}
+
+
+static int wpa_driver_hostap_mlme(struct wpa_driver_hostap_data *drv,
+ const u8 *addr, int cmd, int reason_code)
+{
+ struct prism2_hostapd_param param;
+ int ret;
+
+ /* There does not seem to be a better way of deauthenticating or
+ * disassociating with Prism2/2.5/3 than sending the management frame
+ * and then resetting the Port0 to make sure both the AP and the STA
+ * end up in disconnected state. */
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = PRISM2_HOSTAPD_MLME;
+ os_memcpy(param.sta_addr, addr, ETH_ALEN);
+ param.u.mlme.cmd = cmd;
+ param.u.mlme.reason_code = reason_code;
+ ret = hostapd_ioctl(drv, ¶m, sizeof(param), 1);
+ if (ret == 0) {
+ os_sleep(0, 100000);
+ ret = wpa_driver_hostap_reset(drv, 2);
+ }
+ return ret;
+}
+
+
+static int wpa_driver_hostap_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_hostap_mlme(drv, addr, MLME_STA_DEAUTH,
+ reason_code);
+}
+
+
+static int wpa_driver_hostap_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_hostap_mlme(drv, addr, MLME_STA_DISASSOC,
+ reason_code);
+}
+
+
+static int
+wpa_driver_hostap_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ int ret = 0;
+ int allow_unencrypted_eapol;
+
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+
+ if (params->mode != drv->current_mode) {
+ /* At the moment, Host AP driver requires host_roaming=2 for
+ * infrastructure mode and host_roaming=0 for adhoc. */
+ if (prism2param(drv, PRISM2_PARAM_HOST_ROAMING,
+ params->mode == IEEE80211_MODE_IBSS ? 0 : 2) <
+ 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to set host_roaming",
+ __func__);
+ }
+ drv->current_mode = params->mode;
+ }
+
+ if (prism2param(drv, PRISM2_PARAM_PRIVACY_INVOKED,
+ params->key_mgmt_suite != KEY_MGMT_NONE) < 0)
+ ret = -1;
+ if (wpa_driver_hostap_set_wpa_ie(drv, params->wpa_ie,
+ params->wpa_ie_len) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_mode(drv->wext, params->mode) < 0)
+ ret = -1;
+ if (params->freq &&
+ wpa_driver_wext_set_freq(drv->wext, params->freq) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid, params->ssid_len)
+ < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_bssid(drv->wext, params->bssid) < 0)
+ ret = -1;
+
+ /* Allow unencrypted EAPOL messages even if pairwise keys are set when
+ * not using WPA. IEEE 802.1X specifies that these frames are not
+ * encrypted, but WPA encrypts them when pairwise keys are in use. */
+ if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
+ params->key_mgmt_suite == KEY_MGMT_PSK)
+ allow_unencrypted_eapol = 0;
+ else
+ allow_unencrypted_eapol = 1;
+
+ if (prism2param(drv, PRISM2_PARAM_IEEE_802_1X,
+ allow_unencrypted_eapol) < 0) {
+ wpa_printf(MSG_DEBUG, "hostap: Failed to configure "
+ "ieee_802_1x param");
+ /* Ignore this error.. driver_hostap.c can also be used with
+ * other drivers that do not support this prism2_param. */
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_hostap_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ struct prism2_hostapd_param param;
+ int ret;
+
+ if (ssid == NULL) {
+ /* Use standard Linux Wireless Extensions ioctl if possible
+ * because some drivers using hostap code in wpa_supplicant
+ * might not support Host AP specific scan request (with SSID
+ * info). */
+ return wpa_driver_wext_scan(drv->wext, ssid, ssid_len);
+ }
+
+ if (ssid_len > 32)
+ ssid_len = 32;
+
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = PRISM2_HOSTAPD_SCAN_REQ;
+ param.u.scan_req.ssid_len = ssid_len;
+ os_memcpy(param.u.scan_req.ssid, ssid, ssid_len);
+ ret = hostapd_ioctl(drv, ¶m, sizeof(param), 1);
+
+ /* Not all drivers generate "scan completed" wireless event, so try to
+ * read results after a timeout. */
+ eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv->wext,
+ drv->ctx);
+ eloop_register_timeout(3, 0, wpa_driver_wext_scan_timeout, drv->wext,
+ drv->ctx);
+
+ return ret;
+}
+
+
+static int wpa_driver_hostap_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ int algs = 0;
+
+ if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
+ algs |= 1;
+ if (auth_alg & AUTH_ALG_SHARED_KEY)
+ algs |= 2;
+ if (auth_alg & AUTH_ALG_LEAP)
+ algs |= 4;
+ if (algs == 0)
+ algs = 1; /* at least one algorithm should be set */
+
+ return prism2param(drv, PRISM2_PARAM_AP_AUTH_ALGS, algs);
+}
+
+
+static int wpa_driver_hostap_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_driver_hostap_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_driver_hostap_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_driver_hostap_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_driver_hostap_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_hostap_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL) {
+ os_free(drv);
+ return NULL;
+ }
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0) {
+ perror("socket");
+ wpa_driver_wext_deinit(drv->wext);
+ os_free(drv);
+ return NULL;
+ }
+
+ if (os_strncmp(ifname, "wlan", 4) == 0) {
+ /*
+ * Host AP driver may use both wlan# and wifi# interface in
+ * wireless events.
+ */
+ char ifname2[IFNAMSIZ + 1];
+ os_strncpy(ifname2, ifname, sizeof(ifname2));
+ os_memcpy(ifname2, "wifi", 4);
+ wpa_driver_wext_alternative_ifindex(drv->wext, ifname2);
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_hostap_deinit(void *priv)
+{
+ struct wpa_driver_hostap_data *drv = priv;
+ wpa_driver_wext_deinit(drv->wext);
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_hostap_ops = {
+ .name = "hostap",
+ .desc = "Host AP driver (Intersil Prism2/2.5/3)",
+ .get_bssid = wpa_driver_hostap_get_bssid,
+ .get_ssid = wpa_driver_hostap_get_ssid,
+ .set_wpa = wpa_driver_hostap_set_wpa,
+ .set_key = wpa_driver_hostap_set_key,
+ .set_countermeasures = wpa_driver_hostap_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_hostap_set_drop_unencrypted,
+ .scan = wpa_driver_hostap_scan,
+ .get_scan_results = wpa_driver_hostap_get_scan_results,
+ .deauthenticate = wpa_driver_hostap_deauthenticate,
+ .disassociate = wpa_driver_hostap_disassociate,
+ .associate = wpa_driver_hostap_associate,
+ .set_auth_alg = wpa_driver_hostap_set_auth_alg,
+ .init = wpa_driver_hostap_init,
+ .deinit = wpa_driver_hostap_deinit,
+ .set_operstate = wpa_driver_hostap_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Linux Host AP driver
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef HOSTAP_DRIVER_H
+#define HOSTAP_DRIVER_H
+
+#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
+#define PRISM2_IOCTL_RESET (SIOCIWFIRSTPRIV + 6)
+#define PRISM2_IOCTL_HOSTAPD (SIOCDEVPRIVATE + 14)
+
+/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes: */
+enum {
+ /* PRISM2_PARAM_PTYPE = 1, */ /* REMOVED 2003-10-22 */
+ PRISM2_PARAM_TXRATECTRL = 2,
+ PRISM2_PARAM_BEACON_INT = 3,
+ PRISM2_PARAM_PSEUDO_IBSS = 4,
+ PRISM2_PARAM_ALC = 5,
+ /* PRISM2_PARAM_TXPOWER = 6, */ /* REMOVED 2003-10-22 */
+ PRISM2_PARAM_DUMP = 7,
+ PRISM2_PARAM_OTHER_AP_POLICY = 8,
+ PRISM2_PARAM_AP_MAX_INACTIVITY = 9,
+ PRISM2_PARAM_AP_BRIDGE_PACKETS = 10,
+ PRISM2_PARAM_DTIM_PERIOD = 11,
+ PRISM2_PARAM_AP_NULLFUNC_ACK = 12,
+ PRISM2_PARAM_MAX_WDS = 13,
+ PRISM2_PARAM_AP_AUTOM_AP_WDS = 14,
+ PRISM2_PARAM_AP_AUTH_ALGS = 15,
+ PRISM2_PARAM_MONITOR_ALLOW_FCSERR = 16,
+ PRISM2_PARAM_HOST_ENCRYPT = 17,
+ PRISM2_PARAM_HOST_DECRYPT = 18,
+ PRISM2_PARAM_BUS_MASTER_THRESHOLD_RX = 19,
+ PRISM2_PARAM_BUS_MASTER_THRESHOLD_TX = 20,
+ PRISM2_PARAM_HOST_ROAMING = 21,
+ PRISM2_PARAM_BCRX_STA_KEY = 22,
+ PRISM2_PARAM_IEEE_802_1X = 23,
+ PRISM2_PARAM_ANTSEL_TX = 24,
+ PRISM2_PARAM_ANTSEL_RX = 25,
+ PRISM2_PARAM_MONITOR_TYPE = 26,
+ PRISM2_PARAM_WDS_TYPE = 27,
+ PRISM2_PARAM_HOSTSCAN = 28,
+ PRISM2_PARAM_AP_SCAN = 29,
+ PRISM2_PARAM_ENH_SEC = 30,
+ PRISM2_PARAM_IO_DEBUG = 31,
+ PRISM2_PARAM_BASIC_RATES = 32,
+ PRISM2_PARAM_OPER_RATES = 33,
+ PRISM2_PARAM_HOSTAPD = 34,
+ PRISM2_PARAM_HOSTAPD_STA = 35,
+ PRISM2_PARAM_WPA = 36,
+ PRISM2_PARAM_PRIVACY_INVOKED = 37,
+ PRISM2_PARAM_TKIP_COUNTERMEASURES = 38,
+ PRISM2_PARAM_DROP_UNENCRYPTED = 39,
+ PRISM2_PARAM_SCAN_CHANNEL_MASK = 40,
+};
+
+/* PRISM2_IOCTL_HOSTAPD ioctl() cmd: */
+enum {
+ PRISM2_HOSTAPD_FLUSH = 1,
+ PRISM2_HOSTAPD_ADD_STA = 2,
+ PRISM2_HOSTAPD_REMOVE_STA = 3,
+ PRISM2_HOSTAPD_GET_INFO_STA = 4,
+ /* REMOVED: PRISM2_HOSTAPD_RESET_TXEXC_STA = 5, */
+ PRISM2_SET_ENCRYPTION = 6,
+ PRISM2_GET_ENCRYPTION = 7,
+ PRISM2_HOSTAPD_SET_FLAGS_STA = 8,
+ PRISM2_HOSTAPD_GET_RID = 9,
+ PRISM2_HOSTAPD_SET_RID = 10,
+ PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR = 11,
+ PRISM2_HOSTAPD_SET_GENERIC_ELEMENT = 12,
+ PRISM2_HOSTAPD_MLME = 13,
+ PRISM2_HOSTAPD_SCAN_REQ = 14,
+ PRISM2_HOSTAPD_STA_CLEAR_STATS = 15,
+};
+
+#define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024
+#define PRISM2_HOSTAPD_RID_HDR_LEN \
+((int) (&((struct prism2_hostapd_param *) 0)->u.rid.data))
+#define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \
+((int) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data))
+
+/* Maximum length for algorithm names (-1 for nul termination) used in ioctl()
+ */
+#define HOSTAP_CRYPT_ALG_NAME_LEN 16
+
+
+struct prism2_hostapd_param {
+ u32 cmd;
+ u8 sta_addr[ETH_ALEN];
+ union {
+ struct {
+ u16 aid;
+ u16 capability;
+ u8 tx_supp_rates;
+ } add_sta;
+ struct {
+ u32 inactive_sec;
+ } get_info_sta;
+ struct {
+ u8 alg[HOSTAP_CRYPT_ALG_NAME_LEN];
+ u32 flags;
+ u32 err;
+ u8 idx;
+ u8 seq[8]; /* sequence counter (set: RX, get: TX) */
+ u16 key_len;
+ u8 key[0];
+ } crypt;
+ struct {
+ u32 flags_and;
+ u32 flags_or;
+ } set_flags_sta;
+ struct {
+ u16 rid;
+ u16 len;
+ u8 data[0];
+ } rid;
+ struct {
+ u8 len;
+ u8 data[0];
+ } generic_elem;
+ struct {
+#define MLME_STA_DEAUTH 0
+#define MLME_STA_DISASSOC 1
+ u16 cmd;
+ u16 reason_code;
+ } mlme;
+ struct {
+ u8 ssid_len;
+ u8 ssid[32];
+ } scan_req;
+ } u;
+};
+
+#define HOSTAP_CRYPT_FLAG_SET_TX_KEY 0x01
+#define HOSTAP_CRYPT_FLAG_PERMANENT 0x02
+
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ALG 2
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ADDR 3
+#define HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED 4
+#define HOSTAP_CRYPT_ERR_KEY_SET_FAILED 5
+#define HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED 6
+#define HOSTAP_CRYPT_ERR_CARD_CONF_FAILED 7
+
+#endif /* HOSTAP_DRIVER_H */
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Linux ipw2100/2200 drivers
+ * Copyright (c) 2005 Zhu Yi <yi.zhu@intel.com>
+ * Copyright (c) 2004 Lubomir Gelo <lgelo@cnc.sk>
+ * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * Please note that ipw2100/2200 drivers change to use generic Linux wireless
+ * extensions if the kernel includes support for WE-18 or newer (Linux 2.6.13
+ * or newer). driver_wext.c should be used in those cases.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "l2_packet.h"
+#include "driver_wext.h"
+#include "wpa_supplicant.h"
+
+struct wpa_driver_ipw_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+};
+
+/* following definitions must be kept in sync with ipw2100.c and ipw2200.c */
+
+#define IPW_IOCTL_WPA_SUPPLICANT SIOCIWFIRSTPRIV+30
+
+#define IPW_CMD_SET_WPA_PARAM 1
+#define IPW_CMD_SET_WPA_IE 2
+#define IPW_CMD_SET_ENCRYPTION 3
+#define IPW_CMD_MLME 4
+
+#define IPW_PARAM_WPA_ENABLED 1
+#define IPW_PARAM_TKIP_COUNTERMEASURES 2
+#define IPW_PARAM_DROP_UNENCRYPTED 3
+#define IPW_PARAM_PRIVACY_INVOKED 4
+#define IPW_PARAM_AUTH_ALGS 5
+#define IPW_PARAM_IEEE_802_1X 6
+
+#define IPW_MLME_STA_DEAUTH 1
+#define IPW_MLME_STA_DISASSOC 2
+
+#define IPW_CRYPT_ERR_UNKNOWN_ALG 2
+#define IPW_CRYPT_ERR_UNKNOWN_ADDR 3
+#define IPW_CRYPT_ERR_CRYPT_INIT_FAILED 4
+#define IPW_CRYPT_ERR_KEY_SET_FAILED 5
+#define IPW_CRYPT_ERR_TX_KEY_SET_FAILED 6
+#define IPW_CRYPT_ERR_CARD_CONF_FAILED 7
+
+#define IPW_CRYPT_ALG_NAME_LEN 16
+
+struct ipw_param {
+ u32 cmd;
+ u8 sta_addr[ETH_ALEN];
+ union {
+ struct {
+ u8 name;
+ u32 value;
+ } wpa_param;
+ struct {
+ u32 len;
+ u8 reserved[32];
+ u8 data[0];
+ } wpa_ie;
+ struct{
+ u32 command;
+ u32 reason_code;
+ } mlme;
+ struct {
+ u8 alg[IPW_CRYPT_ALG_NAME_LEN];
+ u8 set_tx;
+ u32 err;
+ u8 idx;
+ u8 seq[8];
+ u16 key_len;
+ u8 key[0];
+ } crypt;
+
+ } u;
+};
+
+/* end of ipw2100.c and ipw2200.c code */
+
+static int ipw_ioctl(struct wpa_driver_ipw_data *drv,
+ struct ipw_param *param, int len, int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) param;
+ iwr.u.data.length = len;
+
+ if (ioctl(drv->sock, IPW_IOCTL_WPA_SUPPLICANT, &iwr) < 0) {
+ int ret = errno;
+ if (show_err)
+ perror("ioctl[IPW_IOCTL_WPA_SUPPLICANT]");
+ return ret;
+ }
+
+ return 0;
+}
+
+
+static void ipw_show_set_key_error(struct ipw_param *param)
+{
+ switch (param->u.crypt.err) {
+ case IPW_CRYPT_ERR_UNKNOWN_ALG:
+ wpa_printf(MSG_INFO, "Unknown algorithm '%s'.",
+ param->u.crypt.alg);
+ wpa_printf(MSG_INFO, "You may need to load kernel module to "
+ "register that algorithm.");
+ wpa_printf(MSG_INFO, "E.g., 'modprobe ieee80211_crypt_wep' for"
+ " WEP.");
+ break;
+ case IPW_CRYPT_ERR_UNKNOWN_ADDR:
+ wpa_printf(MSG_INFO, "Unknown address " MACSTR ".",
+ MAC2STR(param->sta_addr));
+ break;
+ case IPW_CRYPT_ERR_CRYPT_INIT_FAILED:
+ wpa_printf(MSG_INFO, "Crypt algorithm initialization failed.");
+ break;
+ case IPW_CRYPT_ERR_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "Key setting failed.");
+ break;
+ case IPW_CRYPT_ERR_TX_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "TX key index setting failed.");
+ break;
+ case IPW_CRYPT_ERR_CARD_CONF_FAILED:
+ wpa_printf(MSG_INFO, "Card configuration failed.");
+ break;
+ }
+}
+
+
+static int ipw_set_wpa_ie(struct wpa_driver_ipw_data *drv,
+ const u8 *wpa_ie, size_t wpa_ie_len)
+{
+ struct ipw_param *param;
+ int ret;
+ size_t blen = sizeof(*param) + wpa_ie_len;
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = IPW_CMD_SET_WPA_IE;
+ param->u.wpa_ie.len = wpa_ie_len;
+ os_memcpy(param->u.wpa_ie.data, wpa_ie, wpa_ie_len);
+
+ ret = ipw_ioctl(drv, param, blen, 1);
+
+ os_free(param);
+ return ret;
+}
+
+
+static int ipw_set_wpa_param(struct wpa_driver_ipw_data *drv, u8 name,
+ u32 value)
+{
+ struct ipw_param param;
+
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = IPW_CMD_SET_WPA_PARAM;
+ param.u.wpa_param.name = name;
+ param.u.wpa_param.value = value;
+
+ return ipw_ioctl(drv, ¶m, sizeof(param), 1);
+}
+
+
+static int ipw_mlme(struct wpa_driver_ipw_data *drv, const u8 *addr,
+ int cmd, int reason)
+{
+ struct ipw_param param;
+
+ os_memset(¶m, 0, sizeof(param));
+ os_memcpy(param.sta_addr, addr, ETH_ALEN);
+ param.cmd = IPW_CMD_MLME;
+ param.u.mlme.command = cmd;
+ param.u.mlme.reason_code = reason;
+
+ return ipw_ioctl(drv, ¶m, sizeof(param), 1);
+}
+
+
+static int wpa_driver_ipw_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+
+ if (!enabled && ipw_set_wpa_ie(drv, NULL, 0) < 0)
+ ret = -1;
+
+ if (ipw_set_wpa_param(drv, IPW_PARAM_WPA_ENABLED, enabled) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+
+static int wpa_driver_ipw_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ struct ipw_param *param;
+ u8 *buf;
+ size_t blen;
+ int ret = 0;
+ char *alg_name;
+
+ switch (alg) {
+ case WPA_ALG_NONE:
+ alg_name = "none";
+ break;
+ case WPA_ALG_WEP:
+ alg_name = "WEP";
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ break;
+ default:
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ if (seq_len > 8)
+ return -2;
+
+ blen = sizeof(*param) + key_len;
+ buf = os_zalloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ param = (struct ipw_param *) buf;
+ param->cmd = IPW_CMD_SET_ENCRYPTION;
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+ os_strncpy((char *) param->u.crypt.alg, alg_name,
+ IPW_CRYPT_ALG_NAME_LEN);
+ param->u.crypt.set_tx = set_tx ? 1 : 0;
+ param->u.crypt.idx = key_idx;
+ os_memcpy(param->u.crypt.seq, seq, seq_len);
+ param->u.crypt.key_len = key_len;
+ os_memcpy((u8 *) (param + 1), key, key_len);
+
+ if (ipw_ioctl(drv, param, blen, 1)) {
+ wpa_printf(MSG_WARNING, "Failed to set encryption.");
+ ipw_show_set_key_error(param);
+ ret = -1;
+ }
+ os_free(buf);
+
+ return ret;
+}
+
+
+static int wpa_driver_ipw_set_countermeasures(void *priv, int enabled)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return ipw_set_wpa_param(drv, IPW_PARAM_TKIP_COUNTERMEASURES,
+ enabled);
+
+}
+
+
+static int wpa_driver_ipw_set_drop_unencrypted(void *priv, int enabled)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return ipw_set_wpa_param(drv, IPW_PARAM_DROP_UNENCRYPTED,
+ enabled);
+}
+
+
+static int wpa_driver_ipw_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return ipw_mlme(drv, addr, IPW_MLME_STA_DEAUTH, reason_code);
+}
+
+
+static int wpa_driver_ipw_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return ipw_mlme(drv, addr, IPW_MLME_STA_DISASSOC, reason_code);
+}
+
+
+static int
+wpa_driver_ipw_associate(void *priv, struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ int ret = 0;
+ int unencrypted_eapol;
+
+ if (ipw_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
+ params->ssid_len) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_bssid(drv->wext, params->bssid) < 0)
+ ret = -1;
+
+ if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
+ params->key_mgmt_suite == KEY_MGMT_PSK)
+ unencrypted_eapol = 0;
+ else
+ unencrypted_eapol = 1;
+
+ if (ipw_set_wpa_param(drv, IPW_PARAM_IEEE_802_1X,
+ unencrypted_eapol) < 0) {
+ wpa_printf(MSG_DEBUG, "ipw: Failed to configure "
+ "ieee_802_1x param");
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_ipw_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ int algs = 0;
+
+ if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
+ algs |= 1;
+ if (auth_alg & AUTH_ALG_SHARED_KEY)
+ algs |= 2;
+ if (auth_alg & AUTH_ALG_LEAP)
+ algs |= 4;
+ if (algs == 0)
+ algs = 1; /* at least one algorithm should be set */
+
+ wpa_printf(MSG_DEBUG, "%s: auth_alg=0x%x", __FUNCTION__, algs);
+ return ipw_set_wpa_param(drv, IPW_PARAM_AUTH_ALGS, algs);
+}
+
+
+static int wpa_driver_ipw_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_driver_ipw_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_driver_ipw_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return wpa_driver_wext_scan(drv->wext, ssid, ssid_len);
+}
+
+
+static int wpa_driver_ipw_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_driver_ipw_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_driver_ipw_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_ipw_data *drv;
+ int ver;
+
+ wpa_printf(MSG_DEBUG, "%s is called", __FUNCTION__);
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL) {
+ os_free(drv);
+ return NULL;
+ }
+
+ ver = wpa_driver_wext_get_version(drv->wext);
+ if (ver >= 18) {
+ wpa_printf(MSG_WARNING, "Linux wireless extensions version %d "
+ "detected.", ver);
+ wpa_printf(MSG_WARNING, "ipw2x00 driver uses driver_wext "
+ "(-Dwext) instead of driver_ipw.");
+ }
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0) {
+ wpa_driver_wext_deinit(drv->wext);
+ os_free(drv);
+ return NULL;
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_ipw_deinit(void *priv)
+{
+ struct wpa_driver_ipw_data *drv = priv;
+ wpa_driver_wext_deinit(drv->wext);
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_ipw_ops = {
+ .name = "ipw",
+ .desc = "Intel ipw2100/2200 driver (old; use wext with Linux 2.6.13 "
+ "or newer)",
+ .get_bssid = wpa_driver_ipw_get_bssid,
+ .get_ssid = wpa_driver_ipw_get_ssid,
+ .set_wpa = wpa_driver_ipw_set_wpa,
+ .set_key = wpa_driver_ipw_set_key,
+ .set_countermeasures = wpa_driver_ipw_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_ipw_set_drop_unencrypted,
+ .scan = wpa_driver_ipw_scan,
+ .get_scan_results = wpa_driver_ipw_get_scan_results,
+ .deauthenticate = wpa_driver_ipw_deauthenticate,
+ .disassociate = wpa_driver_ipw_disassociate,
+ .associate = wpa_driver_ipw_associate,
+ .set_auth_alg = wpa_driver_ipw_set_auth_alg,
+ .init = wpa_driver_ipw_init,
+ .deinit = wpa_driver_ipw_deinit,
+ .set_operstate = wpa_driver_ipw_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with MADWIFI 802.11 driver
+ * Copyright (c) 2004, Sam Leffler <sam@errno.com>
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "common.h"
+#include "driver.h"
+#include "driver_wext.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "wpa.h"
+#include "wireless_copy.h"
+
+#include <include/compat.h>
+#include <net80211/ieee80211.h>
+#ifdef WME_NUM_AC
+/* Assume this is built against BSD branch of madwifi driver. */
+#define MADWIFI_BSD
+#include <net80211/_ieee80211.h>
+#endif /* WME_NUM_AC */
+#include <net80211/ieee80211_crypto.h>
+#include <net80211/ieee80211_ioctl.h>
+
+#ifdef IEEE80211_IOCTL_SETWMMPARAMS
+/* Assume this is built against madwifi-ng */
+#define MADWIFI_NG
+#endif /* IEEE80211_IOCTL_SETWMMPARAMS */
+
+struct wpa_driver_madwifi_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+};
+
+static int
+set80211priv(struct wpa_driver_madwifi_data *drv, int op, void *data, int len,
+ int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ if (len < IFNAMSIZ) {
+ /*
+ * Argument data fits inline; put it there.
+ */
+ os_memcpy(iwr.u.name, data, len);
+ } else {
+ /*
+ * Argument data too big for inline transfer; setup a
+ * parameter block instead; the kernel will transfer
+ * the data for the driver.
+ */
+ iwr.u.data.pointer = data;
+ iwr.u.data.length = len;
+ }
+
+ if (ioctl(drv->sock, op, &iwr) < 0) {
+ if (show_err) {
+#ifdef MADWIFI_NG
+ int first = IEEE80211_IOCTL_SETPARAM;
+ int last = IEEE80211_IOCTL_KICKMAC;
+ static const char *opnames[] = {
+ "ioctl[IEEE80211_IOCTL_SETPARAM]",
+ "ioctl[IEEE80211_IOCTL_GETPARAM]",
+ "ioctl[IEEE80211_IOCTL_SETMODE]",
+ "ioctl[IEEE80211_IOCTL_GETMODE]",
+ "ioctl[IEEE80211_IOCTL_SETWMMPARAMS]",
+ "ioctl[IEEE80211_IOCTL_GETWMMPARAMS]",
+ "ioctl[IEEE80211_IOCTL_SETCHANLIST]",
+ "ioctl[IEEE80211_IOCTL_GETCHANLIST]",
+ "ioctl[IEEE80211_IOCTL_CHANSWITCH]",
+ NULL,
+ NULL,
+ "ioctl[IEEE80211_IOCTL_GETSCANRESULTS]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_GETCHANINFO]",
+ "ioctl[IEEE80211_IOCTL_SETOPTIE]",
+ "ioctl[IEEE80211_IOCTL_GETOPTIE]",
+ "ioctl[IEEE80211_IOCTL_SETMLME]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_SETKEY]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_DELKEY]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_ADDMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_DELMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_WDSMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_WDSDELMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_KICKMAC]",
+ };
+#else /* MADWIFI_NG */
+ int first = IEEE80211_IOCTL_SETPARAM;
+ int last = IEEE80211_IOCTL_CHANLIST;
+ static const char *opnames[] = {
+ "ioctl[IEEE80211_IOCTL_SETPARAM]",
+ "ioctl[IEEE80211_IOCTL_GETPARAM]",
+ "ioctl[IEEE80211_IOCTL_SETKEY]",
+ "ioctl[IEEE80211_IOCTL_GETKEY]",
+ "ioctl[IEEE80211_IOCTL_DELKEY]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_SETMLME]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_SETOPTIE]",
+ "ioctl[IEEE80211_IOCTL_GETOPTIE]",
+ "ioctl[IEEE80211_IOCTL_ADDMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_DELMAC]",
+ NULL,
+ "ioctl[IEEE80211_IOCTL_CHANLIST]",
+ };
+#endif /* MADWIFI_NG */
+ int idx = op - first;
+ if (first <= op && op <= last &&
+ idx < (int) (sizeof(opnames) / sizeof(opnames[0]))
+ && opnames[idx])
+ perror(opnames[idx]);
+ else
+ perror("ioctl[unknown???]");
+ }
+ return -1;
+ }
+ return 0;
+}
+
+static int
+set80211param(struct wpa_driver_madwifi_data *drv, int op, int arg,
+ int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.mode = op;
+ os_memcpy(iwr.u.name+sizeof(__u32), &arg, sizeof(arg));
+
+ if (ioctl(drv->sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) {
+ if (show_err)
+ perror("ioctl[IEEE80211_IOCTL_SETPARAM]");
+ return -1;
+ }
+ return 0;
+}
+
+static int
+wpa_driver_madwifi_set_wpa_ie(struct wpa_driver_madwifi_data *drv,
+ const u8 *wpa_ie, size_t wpa_ie_len)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ /* NB: SETOPTIE is not fixed-size so must not be inlined */
+ iwr.u.data.pointer = (void *) wpa_ie;
+ iwr.u.data.length = wpa_ie_len;
+
+ if (ioctl(drv->sock, IEEE80211_IOCTL_SETOPTIE, &iwr) < 0) {
+ perror("ioctl[IEEE80211_IOCTL_SETOPTIE]");
+ return -1;
+ }
+ return 0;
+}
+
+static int
+wpa_driver_madwifi_del_key(struct wpa_driver_madwifi_data *drv, int key_idx,
+ const u8 *addr)
+{
+ struct ieee80211req_del_key wk;
+
+ wpa_printf(MSG_DEBUG, "%s: keyidx=%d", __FUNCTION__, key_idx);
+ os_memset(&wk, 0, sizeof(wk));
+ wk.idk_keyix = key_idx;
+ if (addr != NULL)
+ os_memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
+
+ return set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk), 1);
+}
+
+static int
+wpa_driver_madwifi_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ struct ieee80211req_key wk;
+ char *alg_name;
+ u_int8_t cipher;
+
+ if (alg == WPA_ALG_NONE)
+ return wpa_driver_madwifi_del_key(drv, key_idx, addr);
+
+ switch (alg) {
+ case WPA_ALG_WEP:
+ if (addr == NULL || os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
+ ETH_ALEN) == 0) {
+ /*
+ * madwifi did not seem to like static WEP key
+ * configuration with IEEE80211_IOCTL_SETKEY, so use
+ * Linux wireless extensions ioctl for this.
+ */
+ return wpa_driver_wext_set_key(drv->wext, alg, addr,
+ key_idx, set_tx,
+ seq, seq_len,
+ key, key_len);
+ }
+ alg_name = "WEP";
+ cipher = IEEE80211_CIPHER_WEP;
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ cipher = IEEE80211_CIPHER_TKIP;
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ cipher = IEEE80211_CIPHER_AES_CCM;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "%s: unknown/unsupported algorithm %d",
+ __FUNCTION__, alg);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ if (seq_len > sizeof(u_int64_t)) {
+ wpa_printf(MSG_DEBUG, "%s: seq_len %lu too big",
+ __FUNCTION__, (unsigned long) seq_len);
+ return -2;
+ }
+ if (key_len > sizeof(wk.ik_keydata)) {
+ wpa_printf(MSG_DEBUG, "%s: key length %lu too big",
+ __FUNCTION__, (unsigned long) key_len);
+ return -3;
+ }
+
+ os_memset(&wk, 0, sizeof(wk));
+ wk.ik_type = cipher;
+ wk.ik_flags = IEEE80211_KEY_RECV;
+ if (addr == NULL ||
+ os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
+ wk.ik_flags |= IEEE80211_KEY_GROUP;
+ if (set_tx) {
+ wk.ik_flags |= IEEE80211_KEY_XMIT | IEEE80211_KEY_DEFAULT;
+ os_memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+ } else
+ os_memset(wk.ik_macaddr, 0, IEEE80211_ADDR_LEN);
+ wk.ik_keyix = key_idx;
+ wk.ik_keylen = key_len;
+#ifdef WORDS_BIGENDIAN
+#define WPA_KEY_RSC_LEN 8
+ {
+ size_t i;
+ u8 tmp[WPA_KEY_RSC_LEN];
+ os_memset(tmp, 0, sizeof(tmp));
+ for (i = 0; i < seq_len; i++)
+ tmp[WPA_KEY_RSC_LEN - i - 1] = seq[i];
+ os_memcpy(&wk.ik_keyrsc, tmp, WPA_KEY_RSC_LEN);
+ }
+#else /* WORDS_BIGENDIAN */
+ os_memcpy(&wk.ik_keyrsc, seq, seq_len);
+#endif /* WORDS_BIGENDIAN */
+ os_memcpy(wk.ik_keydata, key, key_len);
+
+ return set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk), 1);
+}
+
+static int
+wpa_driver_madwifi_set_countermeasures(void *priv, int enabled)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled, 1);
+}
+
+
+static int
+wpa_driver_madwifi_set_drop_unencrypted(void *priv, int enabled)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+ return set80211param(drv, IEEE80211_PARAM_DROPUNENCRYPTED, enabled, 1);
+}
+
+static int
+wpa_driver_madwifi_deauthenticate(void *priv, const u8 *addr, int reason_code)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ mlme.im_op = IEEE80211_MLME_DEAUTH;
+ mlme.im_reason = reason_code;
+ os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+ return set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme), 1);
+}
+
+static int
+wpa_driver_madwifi_disassociate(void *priv, const u8 *addr, int reason_code)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ mlme.im_op = IEEE80211_MLME_DISASSOC;
+ mlme.im_reason = reason_code;
+ os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+ return set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme), 1);
+}
+
+static int
+wpa_driver_madwifi_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ int ret = 0, privacy = 1;
+
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+
+ /*
+ * NB: Don't need to set the freq or cipher-related state as
+ * this is implied by the bssid which is used to locate
+ * the scanned node state which holds it. The ssid is
+ * needed to disambiguate an AP that broadcasts multiple
+ * ssid's but uses the same bssid.
+ */
+ /* XXX error handling is wrong but unclear what to do... */
+ if (wpa_driver_madwifi_set_wpa_ie(drv, params->wpa_ie,
+ params->wpa_ie_len) < 0)
+ ret = -1;
+
+ if (params->pairwise_suite == CIPHER_NONE &&
+ params->group_suite == CIPHER_NONE &&
+ params->key_mgmt_suite == KEY_MGMT_NONE &&
+ params->wpa_ie_len == 0)
+ privacy = 0;
+
+ if (set80211param(drv, IEEE80211_PARAM_PRIVACY, privacy, 1) < 0)
+ ret = -1;
+
+ if (params->wpa_ie_len &&
+ set80211param(drv, IEEE80211_PARAM_WPA,
+ params->wpa_ie[0] == RSN_INFO_ELEM ? 2 : 1, 1) < 0)
+ ret = -1;
+
+ if (params->bssid == NULL) {
+ /* ap_scan=2 mode - driver takes care of AP selection and
+ * roaming */
+ /* FIX: this does not seem to work; would probably need to
+ * change something in the driver */
+ if (set80211param(drv, IEEE80211_PARAM_ROAMING, 0, 1) < 0)
+ ret = -1;
+
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
+ params->ssid_len) < 0)
+ ret = -1;
+ } else {
+ if (set80211param(drv, IEEE80211_PARAM_ROAMING, 2, 1) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
+ params->ssid_len) < 0)
+ ret = -1;
+ os_memset(&mlme, 0, sizeof(mlme));
+ mlme.im_op = IEEE80211_MLME_ASSOC;
+ os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
+ if (set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme,
+ sizeof(mlme), 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: SETMLME[ASSOC] failed",
+ __func__);
+ ret = -1;
+ }
+ }
+
+ return ret;
+}
+
+static int
+wpa_driver_madwifi_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ int authmode;
+
+ if ((auth_alg & AUTH_ALG_OPEN_SYSTEM) &&
+ (auth_alg & AUTH_ALG_SHARED_KEY))
+ authmode = IEEE80211_AUTH_AUTO;
+ else if (auth_alg & AUTH_ALG_SHARED_KEY)
+ authmode = IEEE80211_AUTH_SHARED;
+ else
+ authmode = IEEE80211_AUTH_OPEN;
+
+ return set80211param(drv, IEEE80211_PARAM_AUTHMODE, authmode, 1);
+}
+
+static int
+wpa_driver_madwifi_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+
+ /* set desired ssid before scan */
+ /* FIX: scan should not break the current association, so using
+ * set_ssid may not be the best way of doing this.. */
+ if (wpa_driver_wext_set_ssid(drv->wext, ssid, ssid_len) < 0)
+ ret = -1;
+
+ if (ioctl(drv->sock, SIOCSIWSCAN, &iwr) < 0) {
+ perror("ioctl[SIOCSIWSCAN]");
+ ret = -1;
+ }
+
+ /*
+ * madwifi delivers a scan complete event so no need to poll, but
+ * register a backup timeout anyway to make sure that we recover even
+ * if the driver does not send this event for any reason. This timeout
+ * will only be used if the event is not delivered (event handler will
+ * cancel the timeout).
+ */
+ eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv->wext,
+ drv->ctx);
+ eloop_register_timeout(30, 0, wpa_driver_wext_scan_timeout, drv->wext,
+ drv->ctx);
+
+ return ret;
+}
+
+static int wpa_driver_madwifi_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_driver_madwifi_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_driver_madwifi_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_driver_madwifi_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_driver_madwifi_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_madwifi_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL)
+ goto fail;
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0)
+ goto fail2;
+
+ if (set80211param(drv, IEEE80211_PARAM_ROAMING, 2, 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to set wpa_supplicant-based "
+ "roaming", __FUNCTION__);
+ goto fail3;
+ }
+
+ if (set80211param(drv, IEEE80211_PARAM_WPA, 3, 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to enable WPA support",
+ __FUNCTION__);
+ goto fail3;
+ }
+
+ return drv;
+
+fail3:
+ close(drv->sock);
+fail2:
+ wpa_driver_wext_deinit(drv->wext);
+fail:
+ os_free(drv);
+ return NULL;
+}
+
+
+static void wpa_driver_madwifi_deinit(void *priv)
+{
+ struct wpa_driver_madwifi_data *drv = priv;
+
+ if (wpa_driver_madwifi_set_wpa_ie(drv, NULL, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to clear WPA IE",
+ __FUNCTION__);
+ }
+ if (set80211param(drv, IEEE80211_PARAM_ROAMING, 0, 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to enable driver-based "
+ "roaming", __FUNCTION__);
+ }
+ if (set80211param(drv, IEEE80211_PARAM_PRIVACY, 0, 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to disable forced Privacy "
+ "flag", __FUNCTION__);
+ }
+ if (set80211param(drv, IEEE80211_PARAM_WPA, 0, 1) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: failed to disable WPA",
+ __FUNCTION__);
+ }
+
+ wpa_driver_wext_deinit(drv->wext);
+
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_madwifi_ops = {
+ .name = "madwifi",
+ .desc = "MADWIFI 802.11 support (Atheros, etc.)",
+ .get_bssid = wpa_driver_madwifi_get_bssid,
+ .get_ssid = wpa_driver_madwifi_get_ssid,
+ .set_key = wpa_driver_madwifi_set_key,
+ .init = wpa_driver_madwifi_init,
+ .deinit = wpa_driver_madwifi_deinit,
+ .set_countermeasures = wpa_driver_madwifi_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_madwifi_set_drop_unencrypted,
+ .scan = wpa_driver_madwifi_scan,
+ .get_scan_results = wpa_driver_madwifi_get_scan_results,
+ .deauthenticate = wpa_driver_madwifi_deauthenticate,
+ .disassociate = wpa_driver_madwifi_disassociate,
+ .associate = wpa_driver_madwifi_associate,
+ .set_auth_alg = wpa_driver_madwifi_set_auth_alg,
+ .set_operstate = wpa_driver_madwifi_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - Windows/NDIS driver interface
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifdef __CYGWIN__
+/* Avoid some header file conflicts by not including standard headers for
+ * cygwin builds when Packet32.h is included. */
+#include "build_config.h"
+int close(int fd);
+#else /* __CYGWIN__ */
+#include "includes.h"
+#endif /* __CYGWIN__ */
+#ifdef CONFIG_USE_NDISUIO
+#include <winsock2.h>
+#else /* CONFIG_USE_NDISUIO */
+#include <Packet32.h>
+#endif /* CONFIG_USE_NDISUIO */
+#include <ntddndis.h>
+
+#ifdef _WIN32_WCE
+#include <winioctl.h>
+#include <nuiouser.h>
+#include <devload.h>
+#endif /* _WIN32_WCE */
+
+#include "common.h"
+#include "driver.h"
+#include "wpa_supplicant.h"
+#include "l2_packet.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "driver_ndis.h"
+
+int wpa_driver_register_event_cb(struct wpa_driver_ndis_data *drv);
+void wpa_driver_ndis_event_pipe_cb(void *eloop_data, void *user_data);
+
+static void wpa_driver_ndis_deinit(void *priv);
+static void wpa_driver_ndis_poll(void *drv);
+static void wpa_driver_ndis_poll_timeout(void *eloop_ctx, void *timeout_ctx);
+static int wpa_driver_ndis_adapter_init(struct wpa_driver_ndis_data *drv);
+static int wpa_driver_ndis_adapter_open(struct wpa_driver_ndis_data *drv);
+static void wpa_driver_ndis_adapter_close(struct wpa_driver_ndis_data *drv);
+
+
+/* FIX: to be removed once this can be compiled with the complete NDIS
+ * header files */
+#ifndef OID_802_11_BSSID
+#define OID_802_11_BSSID 0x0d010101
+#define OID_802_11_SSID 0x0d010102
+#define OID_802_11_INFRASTRUCTURE_MODE 0x0d010108
+#define OID_802_11_ADD_WEP 0x0D010113
+#define OID_802_11_REMOVE_WEP 0x0D010114
+#define OID_802_11_DISASSOCIATE 0x0D010115
+#define OID_802_11_BSSID_LIST 0x0d010217
+#define OID_802_11_AUTHENTICATION_MODE 0x0d010118
+#define OID_802_11_PRIVACY_FILTER 0x0d010119
+#define OID_802_11_BSSID_LIST_SCAN 0x0d01011A
+#define OID_802_11_WEP_STATUS 0x0d01011B
+#define OID_802_11_ENCRYPTION_STATUS OID_802_11_WEP_STATUS
+#define OID_802_11_ADD_KEY 0x0d01011D
+#define OID_802_11_REMOVE_KEY 0x0d01011E
+#define OID_802_11_ASSOCIATION_INFORMATION 0x0d01011F
+#define OID_802_11_TEST 0x0d010120
+#define OID_802_11_CAPABILITY 0x0d010122
+#define OID_802_11_PMKID 0x0d010123
+
+#define NDIS_802_11_LENGTH_SSID 32
+#define NDIS_802_11_LENGTH_RATES 8
+#define NDIS_802_11_LENGTH_RATES_EX 16
+
+typedef UCHAR NDIS_802_11_MAC_ADDRESS[6];
+
+typedef struct NDIS_802_11_SSID {
+ ULONG SsidLength;
+ UCHAR Ssid[NDIS_802_11_LENGTH_SSID];
+} NDIS_802_11_SSID;
+
+typedef LONG NDIS_802_11_RSSI;
+
+typedef enum NDIS_802_11_NETWORK_TYPE {
+ Ndis802_11FH,
+ Ndis802_11DS,
+ Ndis802_11OFDM5,
+ Ndis802_11OFDM24,
+ Ndis802_11NetworkTypeMax
+} NDIS_802_11_NETWORK_TYPE;
+
+typedef struct NDIS_802_11_CONFIGURATION_FH {
+ ULONG Length;
+ ULONG HopPattern;
+ ULONG HopSet;
+ ULONG DwellTime;
+} NDIS_802_11_CONFIGURATION_FH;
+
+typedef struct NDIS_802_11_CONFIGURATION {
+ ULONG Length;
+ ULONG BeaconPeriod;
+ ULONG ATIMWindow;
+ ULONG DSConfig;
+ NDIS_802_11_CONFIGURATION_FH FHConfig;
+} NDIS_802_11_CONFIGURATION;
+
+typedef enum NDIS_802_11_NETWORK_INFRASTRUCTURE {
+ Ndis802_11IBSS,
+ Ndis802_11Infrastructure,
+ Ndis802_11AutoUnknown,
+ Ndis802_11InfrastructureMax
+} NDIS_802_11_NETWORK_INFRASTRUCTURE;
+
+typedef enum NDIS_802_11_AUTHENTICATION_MODE {
+ Ndis802_11AuthModeOpen,
+ Ndis802_11AuthModeShared,
+ Ndis802_11AuthModeAutoSwitch,
+ Ndis802_11AuthModeWPA,
+ Ndis802_11AuthModeWPAPSK,
+ Ndis802_11AuthModeWPANone,
+ Ndis802_11AuthModeWPA2,
+ Ndis802_11AuthModeWPA2PSK,
+ Ndis802_11AuthModeMax
+} NDIS_802_11_AUTHENTICATION_MODE;
+
+typedef enum NDIS_802_11_WEP_STATUS {
+ Ndis802_11WEPEnabled,
+ Ndis802_11Encryption1Enabled = Ndis802_11WEPEnabled,
+ Ndis802_11WEPDisabled,
+ Ndis802_11EncryptionDisabled = Ndis802_11WEPDisabled,
+ Ndis802_11WEPKeyAbsent,
+ Ndis802_11Encryption1KeyAbsent = Ndis802_11WEPKeyAbsent,
+ Ndis802_11WEPNotSupported,
+ Ndis802_11EncryptionNotSupported = Ndis802_11WEPNotSupported,
+ Ndis802_11Encryption2Enabled,
+ Ndis802_11Encryption2KeyAbsent,
+ Ndis802_11Encryption3Enabled,
+ Ndis802_11Encryption3KeyAbsent
+} NDIS_802_11_WEP_STATUS, NDIS_802_11_ENCRYPTION_STATUS;
+
+typedef enum NDIS_802_11_PRIVACY_FILTER {
+ Ndis802_11PrivFilterAcceptAll,
+ Ndis802_11PrivFilter8021xWEP
+} NDIS_802_11_PRIVACY_FILTER;
+
+typedef UCHAR NDIS_802_11_RATES[NDIS_802_11_LENGTH_RATES];
+typedef UCHAR NDIS_802_11_RATES_EX[NDIS_802_11_LENGTH_RATES_EX];
+
+typedef struct NDIS_WLAN_BSSID_EX {
+ ULONG Length;
+ NDIS_802_11_MAC_ADDRESS MacAddress; /* BSSID */
+ UCHAR Reserved[2];
+ NDIS_802_11_SSID Ssid;
+ ULONG Privacy;
+ NDIS_802_11_RSSI Rssi;
+ NDIS_802_11_NETWORK_TYPE NetworkTypeInUse;
+ NDIS_802_11_CONFIGURATION Configuration;
+ NDIS_802_11_NETWORK_INFRASTRUCTURE InfrastructureMode;
+ NDIS_802_11_RATES_EX SupportedRates;
+ ULONG IELength;
+ UCHAR IEs[1];
+} NDIS_WLAN_BSSID_EX;
+
+typedef struct NDIS_802_11_BSSID_LIST_EX {
+ ULONG NumberOfItems;
+ NDIS_WLAN_BSSID_EX Bssid[1];
+} NDIS_802_11_BSSID_LIST_EX;
+
+typedef struct NDIS_802_11_FIXED_IEs {
+ UCHAR Timestamp[8];
+ USHORT BeaconInterval;
+ USHORT Capabilities;
+} NDIS_802_11_FIXED_IEs;
+
+typedef struct NDIS_802_11_WEP {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ UCHAR KeyMaterial[1];
+} NDIS_802_11_WEP;
+
+typedef ULONG NDIS_802_11_KEY_INDEX;
+typedef ULONGLONG NDIS_802_11_KEY_RSC;
+
+typedef struct NDIS_802_11_KEY {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ NDIS_802_11_KEY_RSC KeyRSC;
+ UCHAR KeyMaterial[1];
+} NDIS_802_11_KEY;
+
+typedef struct NDIS_802_11_REMOVE_KEY {
+ ULONG Length;
+ ULONG KeyIndex;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+} NDIS_802_11_REMOVE_KEY;
+
+typedef struct NDIS_802_11_AI_REQFI {
+ USHORT Capabilities;
+ USHORT ListenInterval;
+ NDIS_802_11_MAC_ADDRESS CurrentAPAddress;
+} NDIS_802_11_AI_REQFI;
+
+typedef struct NDIS_802_11_AI_RESFI {
+ USHORT Capabilities;
+ USHORT StatusCode;
+ USHORT AssociationId;
+} NDIS_802_11_AI_RESFI;
+
+typedef struct NDIS_802_11_ASSOCIATION_INFORMATION {
+ ULONG Length;
+ USHORT AvailableRequestFixedIEs;
+ NDIS_802_11_AI_REQFI RequestFixedIEs;
+ ULONG RequestIELength;
+ ULONG OffsetRequestIEs;
+ USHORT AvailableResponseFixedIEs;
+ NDIS_802_11_AI_RESFI ResponseFixedIEs;
+ ULONG ResponseIELength;
+ ULONG OffsetResponseIEs;
+} NDIS_802_11_ASSOCIATION_INFORMATION;
+
+typedef struct NDIS_802_11_AUTHENTICATION_ENCRYPTION {
+ NDIS_802_11_AUTHENTICATION_MODE AuthModeSupported;
+ NDIS_802_11_ENCRYPTION_STATUS EncryptStatusSupported;
+} NDIS_802_11_AUTHENTICATION_ENCRYPTION;
+
+typedef struct NDIS_802_11_CAPABILITY {
+ ULONG Length;
+ ULONG Version;
+ ULONG NoOfPMKIDs;
+ ULONG NoOfAuthEncryptPairsSupported;
+ NDIS_802_11_AUTHENTICATION_ENCRYPTION
+ AuthenticationEncryptionSupported[1];
+} NDIS_802_11_CAPABILITY;
+
+typedef UCHAR NDIS_802_11_PMKID_VALUE[16];
+
+typedef struct BSSID_INFO {
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ NDIS_802_11_PMKID_VALUE PMKID;
+} BSSID_INFO;
+
+typedef struct NDIS_802_11_PMKID {
+ ULONG Length;
+ ULONG BSSIDInfoCount;
+ BSSID_INFO BSSIDInfo[1];
+} NDIS_802_11_PMKID;
+
+typedef enum NDIS_802_11_STATUS_TYPE {
+ Ndis802_11StatusType_Authentication,
+ Ndis802_11StatusType_PMKID_CandidateList = 2,
+ Ndis802_11StatusTypeMax
+} NDIS_802_11_STATUS_TYPE;
+
+typedef struct NDIS_802_11_STATUS_INDICATION {
+ NDIS_802_11_STATUS_TYPE StatusType;
+} NDIS_802_11_STATUS_INDICATION;
+
+typedef struct PMKID_CANDIDATE {
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ ULONG Flags;
+} PMKID_CANDIDATE;
+
+#define NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED 0x01
+
+typedef struct NDIS_802_11_PMKID_CANDIDATE_LIST {
+ ULONG Version;
+ ULONG NumCandidates;
+ PMKID_CANDIDATE CandidateList[1];
+} NDIS_802_11_PMKID_CANDIDATE_LIST;
+
+typedef struct NDIS_802_11_AUTHENTICATION_REQUEST {
+ ULONG Length;
+ NDIS_802_11_MAC_ADDRESS Bssid;
+ ULONG Flags;
+} NDIS_802_11_AUTHENTICATION_REQUEST;
+
+#define NDIS_802_11_AUTH_REQUEST_REAUTH 0x01
+#define NDIS_802_11_AUTH_REQUEST_KEYUPDATE 0x02
+#define NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR 0x06
+#define NDIS_802_11_AUTH_REQUEST_GROUP_ERROR 0x0E
+
+#endif /* OID_802_11_BSSID */
+
+
+#ifndef OID_802_11_PMKID
+/* Platform SDK for XP did not include WPA2, so add needed definitions */
+
+#define OID_802_11_CAPABILITY 0x0d010122
+#define OID_802_11_PMKID 0x0d010123
+
+#define Ndis802_11AuthModeWPA2 6
+#define Ndis802_11AuthModeWPA2PSK 7
+
+#define Ndis802_11StatusType_PMKID_CandidateList 2
+
+typedef struct NDIS_802_11_AUTHENTICATION_ENCRYPTION {
+ NDIS_802_11_AUTHENTICATION_MODE AuthModeSupported;
+ NDIS_802_11_ENCRYPTION_STATUS EncryptStatusSupported;
+} NDIS_802_11_AUTHENTICATION_ENCRYPTION;
+
+typedef struct NDIS_802_11_CAPABILITY {
+ ULONG Length;
+ ULONG Version;
+ ULONG NoOfPMKIDs;
+ ULONG NoOfAuthEncryptPairsSupported;
+ NDIS_802_11_AUTHENTICATION_ENCRYPTION
+ AuthenticationEncryptionSupported[1];
+} NDIS_802_11_CAPABILITY;
+
+typedef UCHAR NDIS_802_11_PMKID_VALUE[16];
+
+typedef struct BSSID_INFO {
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ NDIS_802_11_PMKID_VALUE PMKID;
+} BSSID_INFO;
+
+typedef struct NDIS_802_11_PMKID {
+ ULONG Length;
+ ULONG BSSIDInfoCount;
+ BSSID_INFO BSSIDInfo[1];
+} NDIS_802_11_PMKID;
+
+typedef struct PMKID_CANDIDATE {
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ ULONG Flags;
+} PMKID_CANDIDATE;
+
+#define NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED 0x01
+
+typedef struct NDIS_802_11_PMKID_CANDIDATE_LIST {
+ ULONG Version;
+ ULONG NumCandidates;
+ PMKID_CANDIDATE CandidateList[1];
+} NDIS_802_11_PMKID_CANDIDATE_LIST;
+
+#endif /* OID_802_11_CAPABILITY */
+
+
+#ifdef CONFIG_USE_NDISUIO
+#ifndef _WIN32_WCE
+#ifdef __MINGW32_VERSION
+typedef ULONG NDIS_OID;
+#endif /* __MINGW32_VERSION */
+/* from nuiouser.h */
+#define FSCTL_NDISUIO_BASE FILE_DEVICE_NETWORK
+
+#define _NDISUIO_CTL_CODE(_Function, _Method, _Access) \
+ CTL_CODE(FSCTL_NDISUIO_BASE, _Function, _Method, _Access)
+
+#define IOCTL_NDISUIO_OPEN_DEVICE \
+ _NDISUIO_CTL_CODE(0x200, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_QUERY_OID_VALUE \
+ _NDISUIO_CTL_CODE(0x201, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_SET_OID_VALUE \
+ _NDISUIO_CTL_CODE(0x205, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_SET_ETHER_TYPE \
+ _NDISUIO_CTL_CODE(0x202, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_QUERY_BINDING \
+ _NDISUIO_CTL_CODE(0x203, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_BIND_WAIT \
+ _NDISUIO_CTL_CODE(0x204, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+typedef struct _NDISUIO_QUERY_OID
+{
+ NDIS_OID Oid;
+ UCHAR Data[sizeof(ULONG)];
+} NDISUIO_QUERY_OID, *PNDISUIO_QUERY_OID;
+
+typedef struct _NDISUIO_SET_OID
+{
+ NDIS_OID Oid;
+ UCHAR Data[sizeof(ULONG)];
+} NDISUIO_SET_OID, *PNDISUIO_SET_OID;
+
+typedef struct _NDISUIO_QUERY_BINDING
+{
+ ULONG BindingIndex;
+ ULONG DeviceNameOffset;
+ ULONG DeviceNameLength;
+ ULONG DeviceDescrOffset;
+ ULONG DeviceDescrLength;
+} NDISUIO_QUERY_BINDING, *PNDISUIO_QUERY_BINDING;
+#endif /* _WIN32_WCE */
+#endif /* CONFIG_USE_NDISUIO */
+
+
+static int ndis_get_oid(struct wpa_driver_ndis_data *drv, unsigned int oid,
+ char *data, size_t len)
+{
+#ifdef CONFIG_USE_NDISUIO
+ NDISUIO_QUERY_OID *o;
+ size_t buflen = sizeof(*o) + len;
+ DWORD written;
+ int ret;
+ size_t hdrlen;
+
+ o = os_zalloc(buflen);
+ if (o == NULL)
+ return -1;
+ o->Oid = oid;
+#ifdef _WIN32_WCE
+ o->ptcDeviceName = drv->adapter_name;
+#endif /* _WIN32_WCE */
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_QUERY_OID_VALUE,
+ o, sizeof(NDISUIO_QUERY_OID), o, buflen, &written,
+ NULL)) {
+ wpa_printf(MSG_DEBUG, "NDIS: IOCTL_NDISUIO_QUERY_OID_VALUE "
+ "failed (oid=%08x): %d", oid, (int) GetLastError());
+ os_free(o);
+ return -1;
+ }
+ hdrlen = sizeof(NDISUIO_QUERY_OID) - sizeof(o->Data);
+ if (written < hdrlen) {
+ wpa_printf(MSG_DEBUG, "NDIS: query oid=%08x written (%d); "
+ "too short", oid, (unsigned int) written);
+ os_free(o);
+ return -1;
+ }
+ written -= hdrlen;
+ if (written > len) {
+ wpa_printf(MSG_DEBUG, "NDIS: query oid=%08x written (%d) > "
+ "len (%d)",oid, (unsigned int) written, len);
+ os_free(o);
+ return -1;
+ }
+ os_memcpy(data, o->Data, written);
+ ret = written;
+ os_free(o);
+ return ret;
+#else /* CONFIG_USE_NDISUIO */
+ char *buf;
+ PACKET_OID_DATA *o;
+ int ret;
+
+ buf = os_zalloc(sizeof(*o) + len);
+ if (buf == NULL)
+ return -1;
+ o = (PACKET_OID_DATA *) buf;
+ o->Oid = oid;
+ o->Length = len;
+
+ if (!PacketRequest(drv->adapter, FALSE, o)) {
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
+ __func__, oid, len);
+ os_free(buf);
+ return -1;
+ }
+ if (o->Length > len) {
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)",
+ __func__, oid, (unsigned int) o->Length, len);
+ os_free(buf);
+ return -1;
+ }
+ os_memcpy(data, o->Data, o->Length);
+ ret = o->Length;
+ os_free(buf);
+ return ret;
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+static int ndis_set_oid(struct wpa_driver_ndis_data *drv, unsigned int oid,
+ const char *data, size_t len)
+{
+#ifdef CONFIG_USE_NDISUIO
+ NDISUIO_SET_OID *o;
+ size_t buflen, reallen;
+ DWORD written;
+ char txt[50];
+
+ os_snprintf(txt, sizeof(txt), "NDIS: Set OID %08x", oid);
+ wpa_hexdump_key(MSG_MSGDUMP, txt, data, len);
+
+ buflen = sizeof(*o) + len;
+ reallen = buflen - sizeof(o->Data);
+ o = os_zalloc(buflen);
+ if (o == NULL)
+ return -1;
+ o->Oid = oid;
+#ifdef _WIN32_WCE
+ o->ptcDeviceName = drv->adapter_name;
+#endif /* _WIN32_WCE */
+ if (data)
+ os_memcpy(o->Data, data, len);
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_SET_OID_VALUE,
+ o, reallen, NULL, 0, &written, NULL)) {
+ wpa_printf(MSG_DEBUG, "NDIS: IOCTL_NDISUIO_SET_OID_VALUE "
+ "(oid=%08x) failed: %d", oid, (int) GetLastError());
+ os_free(o);
+ return -1;
+ }
+ os_free(o);
+ return 0;
+#else /* CONFIG_USE_NDISUIO */
+ char *buf;
+ PACKET_OID_DATA *o;
+ char txt[50];
+
+ os_snprintf(txt, sizeof(txt), "NDIS: Set OID %08x", oid);
+ wpa_hexdump_key(MSG_MSGDUMP, txt, data, len);
+
+ buf = os_zalloc(sizeof(*o) + len);
+ if (buf == NULL)
+ return -1;
+ o = (PACKET_OID_DATA *) buf;
+ o->Oid = oid;
+ o->Length = len;
+ if (data)
+ os_memcpy(o->Data, data, len);
+
+ if (!PacketRequest(drv->adapter, TRUE, o)) {
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
+ __func__, oid, len);
+ os_free(buf);
+ return -1;
+ }
+ os_free(buf);
+ return 0;
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+static int ndis_set_auth_mode(struct wpa_driver_ndis_data *drv, int mode)
+{
+ u32 auth_mode = mode;
+ if (ndis_set_oid(drv, OID_802_11_AUTHENTICATION_MODE,
+ (char *) &auth_mode, sizeof(auth_mode)) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to set "
+ "OID_802_11_AUTHENTICATION_MODE (%d)",
+ (int) auth_mode);
+ return -1;
+ }
+ return 0;
+}
+
+
+static int ndis_get_auth_mode(struct wpa_driver_ndis_data *drv)
+{
+ u32 auth_mode;
+ int res;
+ res = ndis_get_oid(drv, OID_802_11_AUTHENTICATION_MODE,
+ (char *) &auth_mode, sizeof(auth_mode));
+ if (res != sizeof(auth_mode)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to get "
+ "OID_802_11_AUTHENTICATION_MODE");
+ return -1;
+ }
+ return auth_mode;
+}
+
+
+static int ndis_set_encr_status(struct wpa_driver_ndis_data *drv, int encr)
+{
+ u32 encr_status = encr;
+ if (ndis_set_oid(drv, OID_802_11_ENCRYPTION_STATUS,
+ (char *) &encr_status, sizeof(encr_status)) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to set "
+ "OID_802_11_ENCRYPTION_STATUS (%d)", encr);
+ return -1;
+ }
+ return 0;
+}
+
+
+static int ndis_get_encr_status(struct wpa_driver_ndis_data *drv)
+{
+ u32 encr;
+ int res;
+ res = ndis_get_oid(drv, OID_802_11_ENCRYPTION_STATUS,
+ (char *) &encr, sizeof(encr));
+ if (res != sizeof(encr)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to get "
+ "OID_802_11_ENCRYPTION_STATUS");
+ return -1;
+ }
+ return encr;
+}
+
+
+static int wpa_driver_ndis_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+
+ if (drv->wired) {
+ /*
+ * Report PAE group address as the "BSSID" for wired
+ * connection.
+ */
+ bssid[0] = 0x01;
+ bssid[1] = 0x80;
+ bssid[2] = 0xc2;
+ bssid[3] = 0x00;
+ bssid[4] = 0x00;
+ bssid[5] = 0x03;
+ return 0;
+ }
+
+ return ndis_get_oid(drv, OID_802_11_BSSID, bssid, ETH_ALEN) < 0 ?
+ -1 : 0;
+}
+
+
+
+static int wpa_driver_ndis_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ NDIS_802_11_SSID buf;
+ int res;
+
+ res = ndis_get_oid(drv, OID_802_11_SSID, (char *) &buf, sizeof(buf));
+ if (res < 4) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to get SSID");
+ if (drv->wired) {
+ wpa_printf(MSG_DEBUG, "NDIS: Allow get_ssid failure "
+ "with a wired interface");
+ return 0;
+ }
+ return -1;
+ }
+ os_memcpy(ssid, buf.Ssid, buf.SsidLength);
+ return buf.SsidLength;
+}
+
+
+static int wpa_driver_ndis_set_ssid(struct wpa_driver_ndis_data *drv,
+ const u8 *ssid, size_t ssid_len)
+{
+ NDIS_802_11_SSID buf;
+
+ os_memset(&buf, 0, sizeof(buf));
+ buf.SsidLength = ssid_len;
+ os_memcpy(buf.Ssid, ssid, ssid_len);
+ /*
+ * Make sure radio is marked enabled here so that scan request will not
+ * force SSID to be changed to a random one in order to enable radio at
+ * that point.
+ */
+ drv->radio_enabled = 1;
+ return ndis_set_oid(drv, OID_802_11_SSID, (char *) &buf, sizeof(buf));
+}
+
+
+/* Disconnect using OID_802_11_DISASSOCIATE. This will also turn the radio off.
+ */
+static int wpa_driver_ndis_radio_off(struct wpa_driver_ndis_data *drv)
+{
+ drv->radio_enabled = 0;
+ return ndis_set_oid(drv, OID_802_11_DISASSOCIATE, " ", 4);
+}
+
+
+/* Disconnect by setting SSID to random (i.e., likely not used). */
+static int wpa_driver_ndis_disconnect(struct wpa_driver_ndis_data *drv)
+{
+ char ssid[32];
+ int i;
+ for (i = 0; i < 32; i++)
+ ssid[i] = rand() & 0xff;
+ return wpa_driver_ndis_set_ssid(drv, ssid, 32);
+}
+
+
+static int wpa_driver_ndis_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ return wpa_driver_ndis_disconnect(drv);
+}
+
+
+static int wpa_driver_ndis_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ return wpa_driver_ndis_disconnect(drv);
+}
+
+
+static int wpa_driver_ndis_set_wpa(void *priv, int enabled)
+{
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+ return 0;
+}
+
+
+static void wpa_driver_ndis_scan_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
+ wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
+}
+
+
+static int wpa_driver_ndis_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ int res;
+
+ if (!drv->radio_enabled) {
+ wpa_printf(MSG_DEBUG, "NDIS: turning radio on before the first"
+ " scan");
+ if (wpa_driver_ndis_disconnect(drv) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: failed to enable radio");
+ }
+ drv->radio_enabled = 1;
+ }
+
+ res = ndis_set_oid(drv, OID_802_11_BSSID_LIST_SCAN, " ", 4);
+ eloop_cancel_timeout(wpa_driver_ndis_scan_timeout, drv, drv->ctx);
+ eloop_register_timeout(7, 0, wpa_driver_ndis_scan_timeout, drv,
+ drv->ctx);
+ return res;
+}
+
+
+static void wpa_driver_ndis_get_ies(struct wpa_scan_result *res, u8 *ie,
+ size_t ie_len)
+{
+ u8 *pos = ie;
+ u8 *end = ie + ie_len;
+
+ if (ie_len < sizeof(NDIS_802_11_FIXED_IEs))
+ return;
+
+ pos += sizeof(NDIS_802_11_FIXED_IEs);
+ /* wpa_hexdump(MSG_MSGDUMP, "IEs", pos, end - pos); */
+ while (pos + 1 < end && pos + 2 + pos[1] <= end) {
+ u8 ielen = 2 + pos[1];
+ if (ielen > SSID_MAX_WPA_IE_LEN) {
+ pos += ielen;
+ continue;
+ }
+ if (pos[0] == GENERIC_INFO_ELEM && pos[1] >= 4 &&
+ os_memcmp(pos + 2, "\x00\x50\xf2\x01", 4) == 0) {
+ os_memcpy(res->wpa_ie, pos, ielen);
+ res->wpa_ie_len = ielen;
+ } else if (pos[0] == RSN_INFO_ELEM) {
+ os_memcpy(res->rsn_ie, pos, ielen);
+ res->rsn_ie_len = ielen;
+ }
+ pos += ielen;
+ }
+}
+
+
+static int wpa_driver_ndis_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ NDIS_802_11_BSSID_LIST_EX *b;
+ size_t blen, count, i;
+ int len, j;
+ char *pos;
+
+ blen = 65535;
+ b = os_zalloc(blen);
+ if (b == NULL)
+ return -1;
+ len = ndis_get_oid(drv, OID_802_11_BSSID_LIST, (char *) b, blen);
+ if (len < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: failed to get scan results");
+ os_free(b);
+ return -1;
+ }
+ count = b->NumberOfItems;
+
+ if (count > max_size)
+ count = max_size;
+
+ os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
+ pos = (char *) &b->Bssid[0];
+ for (i = 0; i < count; i++) {
+ NDIS_WLAN_BSSID_EX *bss = (NDIS_WLAN_BSSID_EX *) pos;
+ os_memcpy(results[i].bssid, bss->MacAddress, ETH_ALEN);
+ os_memcpy(results[i].ssid, bss->Ssid.Ssid,
+ bss->Ssid.SsidLength);
+ results[i].ssid_len = bss->Ssid.SsidLength;
+ if (bss->Privacy)
+ results[i].caps |= IEEE80211_CAP_PRIVACY;
+ if (bss->InfrastructureMode == Ndis802_11IBSS)
+ results[i].caps |= IEEE80211_CAP_IBSS;
+ else if (bss->InfrastructureMode == Ndis802_11Infrastructure)
+ results[i].caps |= IEEE80211_CAP_ESS;
+ results[i].level = (int) bss->Rssi;
+ results[i].freq = bss->Configuration.DSConfig / 1000;
+ for (j = 0; j < sizeof(bss->SupportedRates); j++) {
+ if ((bss->SupportedRates[j] & 0x7f) >
+ results[i].maxrate) {
+ results[i].maxrate =
+ bss->SupportedRates[j] & 0x7f;
+ }
+ }
+ if (((char *) bss->IEs) + bss->IELength > (char *) b + blen) {
+ /*
+ * Some NDIS drivers have been reported to include an
+ * entry with an invalid IELength in scan results and
+ * this has crashed wpa_supplicant, so validate the
+ * returned value before using it.
+ */
+ wpa_printf(MSG_DEBUG, "NDIS: skipped invalid scan "
+ "result IE (BSSID=" MACSTR ") IELength=%d",
+ MAC2STR(results[i].bssid),
+ (int) bss->IELength);
+ break;
+ }
+ wpa_driver_ndis_get_ies(&results[i], bss->IEs, bss->IELength);
+ pos += bss->Length;
+ if (pos > (char *) b + blen)
+ break;
+ }
+
+ os_free(b);
+ return (int) count;
+}
+
+
+static int wpa_driver_ndis_remove_key(struct wpa_driver_ndis_data *drv,
+ int key_idx, const u8 *addr,
+ const u8 *bssid, int pairwise)
+{
+ NDIS_802_11_REMOVE_KEY rkey;
+ NDIS_802_11_KEY_INDEX index;
+ int res, res2;
+
+ os_memset(&rkey, 0, sizeof(rkey));
+
+ rkey.Length = sizeof(rkey);
+ rkey.KeyIndex = key_idx;
+ if (pairwise)
+ rkey.KeyIndex |= 1 << 30;
+ os_memcpy(rkey.BSSID, bssid, ETH_ALEN);
+
+ res = ndis_set_oid(drv, OID_802_11_REMOVE_KEY, (char *) &rkey,
+ sizeof(rkey));
+ if (!pairwise) {
+ index = key_idx;
+ res2 = ndis_set_oid(drv, OID_802_11_REMOVE_WEP,
+ (char *) &index, sizeof(index));
+ } else
+ res2 = 0;
+
+ if (res < 0 && res2 < 0)
+ return -1;
+ return 0;
+}
+
+
+static int wpa_driver_ndis_add_wep(struct wpa_driver_ndis_data *drv,
+ int pairwise, int key_idx, int set_tx,
+ const u8 *key, size_t key_len)
+{
+ NDIS_802_11_WEP *wep;
+ size_t len;
+ int res;
+
+ len = 12 + key_len;
+ wep = os_zalloc(len);
+ if (wep == NULL)
+ return -1;
+ wep->Length = len;
+ wep->KeyIndex = key_idx;
+ if (set_tx)
+ wep->KeyIndex |= 1 << 31;
+#if 0 /* Setting bit30 does not seem to work with some NDIS drivers */
+ if (pairwise)
+ wep->KeyIndex |= 1 << 30;
+#endif
+ wep->KeyLength = key_len;
+ os_memcpy(wep->KeyMaterial, key, key_len);
+
+ wpa_hexdump_key(MSG_MSGDUMP, "NDIS: OID_802_11_ADD_WEP",
+ (char *) wep, len);
+ res = ndis_set_oid(drv, OID_802_11_ADD_WEP, (char *) wep, len);
+
+ os_free(wep);
+
+ return res;
+}
+
+static int wpa_driver_ndis_set_key(void *priv, wpa_alg alg, const u8 *addr,
+ int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ size_t len, i;
+ NDIS_802_11_KEY *nkey;
+ int res, pairwise;
+ u8 bssid[ETH_ALEN];
+
+ if (addr == NULL || os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
+ ETH_ALEN) == 0) {
+ /* Group Key */
+ pairwise = 0;
+ if (wpa_driver_ndis_get_bssid(drv, bssid) < 0)
+ os_memset(bssid, 0xff, ETH_ALEN);
+ } else {
+ /* Pairwise Key */
+ pairwise = 1;
+ os_memcpy(bssid, addr, ETH_ALEN);
+ }
+
+ if (alg == WPA_ALG_NONE || key_len == 0) {
+ return wpa_driver_ndis_remove_key(drv, key_idx, addr, bssid,
+ pairwise);
+ }
+
+ if (alg == WPA_ALG_WEP) {
+ return wpa_driver_ndis_add_wep(drv, pairwise, key_idx, set_tx,
+ key, key_len);
+ }
+
+ len = 12 + 6 + 6 + 8 + key_len;
+
+ nkey = os_zalloc(len);
+ if (nkey == NULL)
+ return -1;
+
+ nkey->Length = len;
+ nkey->KeyIndex = key_idx;
+ if (set_tx)
+ nkey->KeyIndex |= 1 << 31;
+ if (pairwise)
+ nkey->KeyIndex |= 1 << 30;
+ if (seq && seq_len)
+ nkey->KeyIndex |= 1 << 29;
+ nkey->KeyLength = key_len;
+ os_memcpy(nkey->BSSID, bssid, ETH_ALEN);
+ if (seq && seq_len) {
+ for (i = 0; i < seq_len; i++)
+ nkey->KeyRSC |= (ULONGLONG) seq[i] << (i * 8);
+ }
+ if (alg == WPA_ALG_TKIP && key_len == 32) {
+ os_memcpy(nkey->KeyMaterial, key, 16);
+ os_memcpy(nkey->KeyMaterial + 16, key + 24, 8);
+ os_memcpy(nkey->KeyMaterial + 24, key + 16, 8);
+ } else {
+ os_memcpy(nkey->KeyMaterial, key, key_len);
+ }
+
+ wpa_hexdump_key(MSG_MSGDUMP, "NDIS: OID_802_11_ADD_KEY",
+ (char *) nkey, len);
+ res = ndis_set_oid(drv, OID_802_11_ADD_KEY, (char *) nkey, len);
+ os_free(nkey);
+
+ return res;
+}
+
+
+static int
+wpa_driver_ndis_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ u32 auth_mode, encr, priv_mode, mode;
+
+ drv->mode = params->mode;
+
+ /* Note: Setting OID_802_11_INFRASTRUCTURE_MODE clears current keys,
+ * so static WEP keys needs to be set again after this. */
+ if (params->mode == IEEE80211_MODE_IBSS) {
+ mode = Ndis802_11IBSS;
+ /* Need to make sure that BSSID polling is enabled for
+ * IBSS mode. */
+ eloop_cancel_timeout(wpa_driver_ndis_poll_timeout, drv, NULL);
+ eloop_register_timeout(1, 0, wpa_driver_ndis_poll_timeout,
+ drv, NULL);
+ } else
+ mode = Ndis802_11Infrastructure;
+ if (ndis_set_oid(drv, OID_802_11_INFRASTRUCTURE_MODE,
+ (char *) &mode, sizeof(mode)) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to set "
+ "OID_802_11_INFRASTRUCTURE_MODE (%d)",
+ (int) mode);
+ /* Try to continue anyway */
+ }
+
+ if (params->key_mgmt_suite == KEY_MGMT_NONE ||
+ params->key_mgmt_suite == KEY_MGMT_802_1X_NO_WPA) {
+ /* Re-set WEP keys if static WEP configuration is used. */
+ u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ int i;
+ for (i = 0; i < 4; i++) {
+ if (!params->wep_key[i])
+ continue;
+ wpa_printf(MSG_DEBUG, "NDIS: Re-setting static WEP "
+ "key %d", i);
+ wpa_driver_ndis_set_key(drv, WPA_ALG_WEP, bcast, i,
+ i == params->wep_tx_keyidx,
+ NULL, 0, params->wep_key[i],
+ params->wep_key_len[i]);
+ }
+ }
+
+ if (params->wpa_ie == NULL || params->wpa_ie_len == 0) {
+ if (params->auth_alg & AUTH_ALG_SHARED_KEY) {
+ if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
+ auth_mode = Ndis802_11AuthModeAutoSwitch;
+ else
+ auth_mode = Ndis802_11AuthModeShared;
+ } else
+ auth_mode = Ndis802_11AuthModeOpen;
+ priv_mode = Ndis802_11PrivFilterAcceptAll;
+ } else if (params->wpa_ie[0] == RSN_INFO_ELEM) {
+ priv_mode = Ndis802_11PrivFilter8021xWEP;
+ if (params->key_mgmt_suite == KEY_MGMT_PSK)
+ auth_mode = Ndis802_11AuthModeWPA2PSK;
+ else
+ auth_mode = Ndis802_11AuthModeWPA2;
+ } else {
+ priv_mode = Ndis802_11PrivFilter8021xWEP;
+ if (params->key_mgmt_suite == KEY_MGMT_WPA_NONE)
+ auth_mode = Ndis802_11AuthModeWPANone;
+ else if (params->key_mgmt_suite == KEY_MGMT_PSK)
+ auth_mode = Ndis802_11AuthModeWPAPSK;
+ else
+ auth_mode = Ndis802_11AuthModeWPA;
+ }
+
+ switch (params->pairwise_suite) {
+ case CIPHER_CCMP:
+ encr = Ndis802_11Encryption3Enabled;
+ break;
+ case CIPHER_TKIP:
+ encr = Ndis802_11Encryption2Enabled;
+ break;
+ case CIPHER_WEP40:
+ case CIPHER_WEP104:
+ encr = Ndis802_11Encryption1Enabled;
+ break;
+ case CIPHER_NONE:
+ if (params->group_suite == CIPHER_CCMP)
+ encr = Ndis802_11Encryption3Enabled;
+ else if (params->group_suite == CIPHER_TKIP)
+ encr = Ndis802_11Encryption2Enabled;
+ else
+ encr = Ndis802_11EncryptionDisabled;
+ break;
+ default:
+ encr = Ndis802_11EncryptionDisabled;
+ };
+
+ if (ndis_set_oid(drv, OID_802_11_PRIVACY_FILTER,
+ (char *) &priv_mode, sizeof(priv_mode)) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to set "
+ "OID_802_11_PRIVACY_FILTER (%d)",
+ (int) priv_mode);
+ /* Try to continue anyway */
+ }
+
+ ndis_set_auth_mode(drv, auth_mode);
+ ndis_set_encr_status(drv, encr);
+
+ if (params->bssid) {
+ ndis_set_oid(drv, OID_802_11_BSSID, params->bssid, ETH_ALEN);
+ drv->oid_bssid_set = 1;
+ } else if (drv->oid_bssid_set) {
+ ndis_set_oid(drv, OID_802_11_BSSID, "\xff\xff\xff\xff\xff\xff",
+ ETH_ALEN);
+ drv->oid_bssid_set = 0;
+ }
+
+ return wpa_driver_ndis_set_ssid(drv, params->ssid, params->ssid_len);
+}
+
+
+static int wpa_driver_ndis_set_pmkid(struct wpa_driver_ndis_data *drv)
+{
+ int len, count, i, ret;
+ struct ndis_pmkid_entry *entry;
+ NDIS_802_11_PMKID *p;
+
+ count = 0;
+ entry = drv->pmkid;
+ while (entry) {
+ count++;
+ if (count >= drv->no_of_pmkid)
+ break;
+ entry = entry->next;
+ }
+ len = 8 + count * sizeof(BSSID_INFO);
+ p = os_zalloc(len);
+ if (p == NULL)
+ return -1;
+
+ p->Length = len;
+ p->BSSIDInfoCount = count;
+ entry = drv->pmkid;
+ for (i = 0; i < count; i++) {
+ os_memcpy(&p->BSSIDInfo[i].BSSID, entry->bssid, ETH_ALEN);
+ os_memcpy(&p->BSSIDInfo[i].PMKID, entry->pmkid, 16);
+ entry = entry->next;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: OID_802_11_PMKID", (char *) p, len);
+ ret = ndis_set_oid(drv, OID_802_11_PMKID, (char *) p, len);
+ os_free(p);
+ return ret;
+}
+
+
+static int wpa_driver_ndis_add_pmkid(void *priv, const u8 *bssid,
+ const u8 *pmkid)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ struct ndis_pmkid_entry *entry, *prev;
+
+ if (drv->no_of_pmkid == 0)
+ return 0;
+
+ prev = NULL;
+ entry = drv->pmkid;
+ while (entry) {
+ if (os_memcmp(entry->bssid, bssid, ETH_ALEN) == 0)
+ break;
+ prev = entry;
+ entry = entry->next;
+ }
+
+ if (entry) {
+ /* Replace existing entry for this BSSID and move it into the
+ * beginning of the list. */
+ os_memcpy(entry->pmkid, pmkid, 16);
+ if (prev) {
+ prev->next = entry->next;
+ entry->next = drv->pmkid;
+ drv->pmkid = entry;
+ }
+ } else {
+ entry = os_malloc(sizeof(*entry));
+ if (entry) {
+ os_memcpy(entry->bssid, bssid, ETH_ALEN);
+ os_memcpy(entry->pmkid, pmkid, 16);
+ entry->next = drv->pmkid;
+ drv->pmkid = entry;
+ }
+ }
+
+ return wpa_driver_ndis_set_pmkid(drv);
+}
+
+
+static int wpa_driver_ndis_remove_pmkid(void *priv, const u8 *bssid,
+ const u8 *pmkid)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ struct ndis_pmkid_entry *entry, *prev;
+
+ if (drv->no_of_pmkid == 0)
+ return 0;
+
+ entry = drv->pmkid;
+ prev = NULL;
+ while (entry) {
+ if (os_memcmp(entry->bssid, bssid, ETH_ALEN) == 0 &&
+ os_memcmp(entry->pmkid, pmkid, 16) == 0) {
+ if (prev)
+ prev->next = entry->next;
+ else
+ drv->pmkid = entry->next;
+ os_free(entry);
+ break;
+ }
+ prev = entry;
+ entry = entry->next;
+ }
+ return wpa_driver_ndis_set_pmkid(drv);
+}
+
+
+static int wpa_driver_ndis_flush_pmkid(void *priv)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ NDIS_802_11_PMKID p;
+ struct ndis_pmkid_entry *pmkid, *prev;
+
+ if (drv->no_of_pmkid == 0)
+ return 0;
+
+ pmkid = drv->pmkid;
+ drv->pmkid = NULL;
+ while (pmkid) {
+ prev = pmkid;
+ pmkid = pmkid->next;
+ os_free(prev);
+ }
+
+ os_memset(&p, 0, sizeof(p));
+ p.Length = 8;
+ p.BSSIDInfoCount = 0;
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: OID_802_11_PMKID (flush)",
+ (char *) &p, 8);
+ return ndis_set_oid(drv, OID_802_11_PMKID, (char *) &p, 8);
+}
+
+
+static int wpa_driver_ndis_get_associnfo(struct wpa_driver_ndis_data *drv)
+{
+ char buf[512], *pos;
+ NDIS_802_11_ASSOCIATION_INFORMATION *ai;
+ int len;
+ union wpa_event_data data;
+ NDIS_802_11_BSSID_LIST_EX *b;
+ size_t blen, i;
+
+ len = ndis_get_oid(drv, OID_802_11_ASSOCIATION_INFORMATION, buf,
+ sizeof(buf));
+ if (len < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: failed to get association "
+ "information");
+ return -1;
+ }
+ if (len > sizeof(buf)) {
+ /* Some drivers seem to be producing incorrect length for this
+ * data. Limit the length to the current buffer size to avoid
+ * crashing in hexdump. The data seems to be otherwise valid,
+ * so better try to use it. */
+ wpa_printf(MSG_DEBUG, "NDIS: ignored bogus association "
+ "information length %d", len);
+ len = ndis_get_oid(drv, OID_802_11_ASSOCIATION_INFORMATION,
+ buf, sizeof(buf));
+ if (len < -1) {
+ wpa_printf(MSG_DEBUG, "NDIS: re-reading association "
+ "information failed");
+ return -1;
+ }
+ if (len > sizeof(buf)) {
+ wpa_printf(MSG_DEBUG, "NDIS: ignored bogus association"
+ " information length %d (re-read)", len);
+ len = sizeof(buf);
+ }
+ }
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: association information", buf, len);
+ if (len < sizeof(*ai)) {
+ wpa_printf(MSG_DEBUG, "NDIS: too short association "
+ "information");
+ return -1;
+ }
+ ai = (NDIS_802_11_ASSOCIATION_INFORMATION *) buf;
+ wpa_printf(MSG_DEBUG, "NDIS: ReqFixed=0x%x RespFixed=0x%x off_req=%d "
+ "off_resp=%d len_req=%d len_resp=%d",
+ ai->AvailableRequestFixedIEs, ai->AvailableResponseFixedIEs,
+ (int) ai->OffsetRequestIEs, (int) ai->OffsetResponseIEs,
+ (int) ai->RequestIELength, (int) ai->ResponseIELength);
+
+ if (ai->OffsetRequestIEs + ai->RequestIELength > (unsigned) len ||
+ ai->OffsetResponseIEs + ai->ResponseIELength > (unsigned) len) {
+ wpa_printf(MSG_DEBUG, "NDIS: association information - "
+ "IE overflow");
+ return -1;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: Request IEs",
+ buf + ai->OffsetRequestIEs, ai->RequestIELength);
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: Response IEs",
+ buf + ai->OffsetResponseIEs, ai->ResponseIELength);
+
+ os_memset(&data, 0, sizeof(data));
+ data.assoc_info.req_ies = buf + ai->OffsetRequestIEs;
+ data.assoc_info.req_ies_len = ai->RequestIELength;
+ data.assoc_info.resp_ies = buf + ai->OffsetResponseIEs;
+ data.assoc_info.resp_ies_len = ai->ResponseIELength;
+
+ blen = 65535;
+ b = os_zalloc(blen);
+ if (b == NULL)
+ goto skip_scan_results;
+ len = ndis_get_oid(drv, OID_802_11_BSSID_LIST, (char *) b, blen);
+ if (len < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: failed to get scan results");
+ os_free(b);
+ b = NULL;
+ goto skip_scan_results;
+ }
+ wpa_printf(MSG_DEBUG, "NDIS: %d BSSID items to process for AssocInfo",
+ (unsigned int) b->NumberOfItems);
+
+ pos = (char *) &b->Bssid[0];
+ for (i = 0; i < b->NumberOfItems; i++) {
+ NDIS_WLAN_BSSID_EX *bss = (NDIS_WLAN_BSSID_EX *) pos;
+ if (os_memcmp(drv->bssid, bss->MacAddress, ETH_ALEN) == 0 &&
+ bss->IELength > sizeof(NDIS_802_11_FIXED_IEs)) {
+ data.assoc_info.beacon_ies =
+ ((u8 *) bss->IEs) +
+ sizeof(NDIS_802_11_FIXED_IEs);
+ data.assoc_info.beacon_ies_len =
+ bss->IELength - sizeof(NDIS_802_11_FIXED_IEs);
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: Beacon IEs",
+ data.assoc_info.beacon_ies,
+ data.assoc_info.beacon_ies_len);
+ break;
+ }
+ pos += bss->Length;
+ if (pos > (char *) b + blen)
+ break;
+ }
+
+skip_scan_results:
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
+
+ os_free(b);
+
+ return 0;
+}
+
+
+static void wpa_driver_ndis_poll_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_driver_ndis_data *drv = eloop_ctx;
+ u8 bssid[ETH_ALEN];
+ int poll;
+
+ if (drv->wired)
+ return;
+
+ if (wpa_driver_ndis_get_bssid(drv, bssid)) {
+ /* Disconnected */
+ if (os_memcmp(drv->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN)
+ != 0) {
+ os_memset(drv->bssid, 0, ETH_ALEN);
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+ }
+ } else {
+ /* Connected */
+ if (os_memcmp(drv->bssid, bssid, ETH_ALEN) != 0) {
+ os_memcpy(drv->bssid, bssid, ETH_ALEN);
+ wpa_driver_ndis_get_associnfo(drv);
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
+ }
+ }
+
+ /* When using integrated NDIS event receiver, we can skip BSSID
+ * polling when using infrastructure network. However, when using
+ * IBSS mode, many driver do not seem to generate connection event,
+ * so we need to enable BSSID polling to figure out when IBSS network
+ * has been formed.
+ */
+ poll = drv->mode == IEEE80211_MODE_IBSS;
+#ifndef CONFIG_NDIS_EVENTS_INTEGRATED
+#ifndef _WIN32_WCE
+ poll = 1;
+#endif /* _WIN32_WCE */
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
+
+ if (poll) {
+ eloop_register_timeout(1, 0, wpa_driver_ndis_poll_timeout,
+ drv, NULL);
+ }
+}
+
+
+static void wpa_driver_ndis_poll(void *priv)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ eloop_cancel_timeout(wpa_driver_ndis_poll_timeout, drv, NULL);
+ wpa_driver_ndis_poll_timeout(drv, NULL);
+}
+
+
+/* Called when driver generates Media Connect Event by calling
+ * NdisMIndicateStatus() with NDIS_STATUS_MEDIA_CONNECT */
+void wpa_driver_ndis_event_connect(struct wpa_driver_ndis_data *drv)
+{
+ wpa_printf(MSG_DEBUG, "NDIS: Media Connect Event");
+ if (wpa_driver_ndis_get_bssid(drv, drv->bssid) == 0) {
+ wpa_driver_ndis_get_associnfo(drv);
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
+ }
+}
+
+
+/* Called when driver generates Media Disconnect Event by calling
+ * NdisMIndicateStatus() with NDIS_STATUS_MEDIA_DISCONNECT */
+void wpa_driver_ndis_event_disconnect(struct wpa_driver_ndis_data *drv)
+{
+ wpa_printf(MSG_DEBUG, "NDIS: Media Disconnect Event");
+ os_memset(drv->bssid, 0, ETH_ALEN);
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+}
+
+
+static void wpa_driver_ndis_event_auth(struct wpa_driver_ndis_data *drv,
+ const u8 *data, size_t data_len)
+{
+ NDIS_802_11_AUTHENTICATION_REQUEST *req;
+ int pairwise = 0, group = 0;
+ union wpa_event_data event;
+
+ if (data_len < sizeof(*req)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request "
+ "Event (len=%d)", data_len);
+ return;
+ }
+ req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Authentication Request Event: "
+ "Bssid " MACSTR " Flags 0x%x",
+ MAC2STR(req->Bssid), (int) req->Flags);
+
+ if ((req->Flags & NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR) ==
+ NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR)
+ pairwise = 1;
+ else if ((req->Flags & NDIS_802_11_AUTH_REQUEST_GROUP_ERROR) ==
+ NDIS_802_11_AUTH_REQUEST_GROUP_ERROR)
+ group = 1;
+
+ if (pairwise || group) {
+ os_memset(&event, 0, sizeof(event));
+ event.michael_mic_failure.unicast = pairwise;
+ wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE,
+ &event);
+ }
+}
+
+
+static void wpa_driver_ndis_event_pmkid(struct wpa_driver_ndis_data *drv,
+ const u8 *data, size_t data_len)
+{
+ NDIS_802_11_PMKID_CANDIDATE_LIST *pmkid;
+ size_t i;
+ union wpa_event_data event;
+
+ if (data_len < 8) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List "
+ "Event (len=%d)", data_len);
+ return;
+ }
+ pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data;
+ wpa_printf(MSG_DEBUG, "NDIS: PMKID Candidate List Event - Version %d "
+ "NumCandidates %d",
+ (int) pmkid->Version, (int) pmkid->NumCandidates);
+
+ if (pmkid->Version != 1) {
+ wpa_printf(MSG_DEBUG, "NDIS: Unsupported PMKID Candidate List "
+ "Version %d", (int) pmkid->Version);
+ return;
+ }
+
+ if (data_len < 8 + pmkid->NumCandidates * sizeof(PMKID_CANDIDATE)) {
+ wpa_printf(MSG_DEBUG, "NDIS: PMKID Candidate List underflow");
+ return;
+ }
+
+ os_memset(&event, 0, sizeof(event));
+ for (i = 0; i < pmkid->NumCandidates; i++) {
+ PMKID_CANDIDATE *p = &pmkid->CandidateList[i];
+ wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x",
+ i, MAC2STR(p->BSSID), (int) p->Flags);
+ os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN);
+ event.pmkid_candidate.index = i;
+ event.pmkid_candidate.preauth =
+ p->Flags & NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
+ wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE,
+ &event);
+ }
+}
+
+
+/* Called when driver calls NdisMIndicateStatus() with
+ * NDIS_STATUS_MEDIA_SPECIFIC_INDICATION */
+void wpa_driver_ndis_event_media_specific(struct wpa_driver_ndis_data *drv,
+ const u8 *data, size_t data_len)
+{
+ NDIS_802_11_STATUS_INDICATION *status;
+
+ if (data == NULL || data_len < sizeof(*status))
+ return;
+
+ wpa_hexdump(MSG_DEBUG, "NDIS: Media Specific Indication",
+ data, data_len);
+
+ status = (NDIS_802_11_STATUS_INDICATION *) data;
+ data += sizeof(status);
+ data_len -= sizeof(status);
+
+ switch (status->StatusType) {
+ case Ndis802_11StatusType_Authentication:
+ wpa_driver_ndis_event_auth(drv, data, data_len);
+ break;
+ case Ndis802_11StatusType_PMKID_CandidateList:
+ wpa_driver_ndis_event_pmkid(drv, data, data_len);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "NDIS: Unknown StatusType %d",
+ (int) status->StatusType);
+ break;
+ }
+}
+
+
+/* Called when an adapter is added */
+void wpa_driver_ndis_event_adapter_arrival(struct wpa_driver_ndis_data *drv)
+{
+ union wpa_event_data event;
+ int i;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Notify Adapter Arrival");
+
+ for (i = 0; i < 30; i++) {
+ /* Re-open Packet32/NDISUIO connection */
+ wpa_driver_ndis_adapter_close(drv);
+ if (wpa_driver_ndis_adapter_init(drv) < 0 ||
+ wpa_driver_ndis_adapter_open(drv) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Driver re-initialization "
+ "(%d) failed", i);
+ os_sleep(1, 0);
+ } else {
+ wpa_printf(MSG_DEBUG, "NDIS: Driver re-initialized");
+ break;
+ }
+ }
+
+ os_memset(&event, 0, sizeof(event));
+ os_snprintf(event.interface_status.ifname,
+ sizeof(event.interface_status.ifname), "%s", drv->ifname);
+ event.interface_status.ievent = EVENT_INTERFACE_ADDED;
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
+}
+
+
+/* Called when an adapter is removed */
+void wpa_driver_ndis_event_adapter_removal(struct wpa_driver_ndis_data *drv)
+{
+ union wpa_event_data event;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Notify Adapter Removal");
+ os_memset(&event, 0, sizeof(event));
+ os_snprintf(event.interface_status.ifname,
+ sizeof(event.interface_status.ifname), "%s", drv->ifname);
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
+}
+
+
+static void
+wpa_driver_ndis_get_wpa_capability(struct wpa_driver_ndis_data *drv)
+{
+ wpa_printf(MSG_DEBUG, "NDIS: verifying driver WPA capability");
+
+ if (ndis_set_auth_mode(drv, Ndis802_11AuthModeWPA) == 0 &&
+ ndis_get_auth_mode(drv) == Ndis802_11AuthModeWPA) {
+ wpa_printf(MSG_DEBUG, "NDIS: WPA key management supported");
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA;
+ }
+
+ if (ndis_set_auth_mode(drv, Ndis802_11AuthModeWPAPSK) == 0 &&
+ ndis_get_auth_mode(drv) == Ndis802_11AuthModeWPAPSK) {
+ wpa_printf(MSG_DEBUG, "NDIS: WPA-PSK key management "
+ "supported");
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
+ }
+
+ if (ndis_set_encr_status(drv, Ndis802_11Encryption3Enabled) == 0 &&
+ ndis_get_encr_status(drv) == Ndis802_11Encryption3KeyAbsent) {
+ wpa_printf(MSG_DEBUG, "NDIS: CCMP encryption supported");
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
+ }
+
+ if (ndis_set_encr_status(drv, Ndis802_11Encryption2Enabled) == 0 &&
+ ndis_get_encr_status(drv) == Ndis802_11Encryption2KeyAbsent) {
+ wpa_printf(MSG_DEBUG, "NDIS: TKIP encryption supported");
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ }
+
+ if (ndis_set_encr_status(drv, Ndis802_11Encryption1Enabled) == 0 &&
+ ndis_get_encr_status(drv) == Ndis802_11Encryption1KeyAbsent) {
+ wpa_printf(MSG_DEBUG, "NDIS: WEP encryption supported");
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
+ WPA_DRIVER_CAPA_ENC_WEP104;
+ }
+
+ if (ndis_set_auth_mode(drv, Ndis802_11AuthModeShared) == 0 &&
+ ndis_get_auth_mode(drv) == Ndis802_11AuthModeShared) {
+ drv->capa.auth |= WPA_DRIVER_AUTH_SHARED;
+ }
+
+ if (ndis_set_auth_mode(drv, Ndis802_11AuthModeOpen) == 0 &&
+ ndis_get_auth_mode(drv) == Ndis802_11AuthModeOpen) {
+ drv->capa.auth |= WPA_DRIVER_AUTH_OPEN;
+ }
+
+ ndis_set_encr_status(drv, Ndis802_11EncryptionDisabled);
+
+ /* Could also verify OID_802_11_ADD_KEY error reporting and
+ * support for OID_802_11_ASSOCIATION_INFORMATION. */
+
+ if (drv->capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA &&
+ drv->capa.enc & (WPA_DRIVER_CAPA_ENC_TKIP |
+ WPA_DRIVER_CAPA_ENC_CCMP)) {
+ wpa_printf(MSG_DEBUG, "NDIS: driver supports WPA");
+ drv->has_capability = 1;
+ } else {
+ wpa_printf(MSG_DEBUG, "NDIS: no WPA support found");
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: driver capabilities: key_mgmt 0x%x "
+ "enc 0x%x auth 0x%x",
+ drv->capa.key_mgmt, drv->capa.enc, drv->capa.auth);
+}
+
+
+static void wpa_driver_ndis_get_capability(struct wpa_driver_ndis_data *drv)
+{
+ char buf[512];
+ int len;
+ size_t i;
+ NDIS_802_11_CAPABILITY *c;
+
+ drv->capa.flags = WPA_DRIVER_FLAGS_DRIVER_IE;
+
+ len = ndis_get_oid(drv, OID_802_11_CAPABILITY, buf, sizeof(buf));
+ if (len < 0) {
+ wpa_driver_ndis_get_wpa_capability(drv);
+ return;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP, "OID_802_11_CAPABILITY", buf, len);
+ c = (NDIS_802_11_CAPABILITY *) buf;
+ if (len < sizeof(*c) || c->Version != 2) {
+ wpa_printf(MSG_DEBUG, "NDIS: unsupported "
+ "OID_802_11_CAPABILITY data");
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "NDIS: Driver supports OID_802_11_CAPABILITY - "
+ "NoOfPMKIDs %d NoOfAuthEncrPairs %d",
+ (int) c->NoOfPMKIDs,
+ (int) c->NoOfAuthEncryptPairsSupported);
+ drv->has_capability = 1;
+ drv->no_of_pmkid = c->NoOfPMKIDs;
+ for (i = 0; i < c->NoOfAuthEncryptPairsSupported; i++) {
+ NDIS_802_11_AUTHENTICATION_ENCRYPTION *ae;
+ ae = &c->AuthenticationEncryptionSupported[i];
+ if ((char *) (ae + 1) > buf + len) {
+ wpa_printf(MSG_DEBUG, "NDIS: auth/encr pair list "
+ "overflow");
+ break;
+ }
+ wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d",
+ i, (int) ae->AuthModeSupported,
+ (int) ae->EncryptStatusSupported);
+ switch (ae->AuthModeSupported) {
+ case Ndis802_11AuthModeOpen:
+ drv->capa.auth |= WPA_DRIVER_AUTH_OPEN;
+ break;
+ case Ndis802_11AuthModeShared:
+ drv->capa.auth |= WPA_DRIVER_AUTH_SHARED;
+ break;
+ case Ndis802_11AuthModeWPA:
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA;
+ break;
+ case Ndis802_11AuthModeWPAPSK:
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
+ break;
+ case Ndis802_11AuthModeWPA2:
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2;
+ break;
+ case Ndis802_11AuthModeWPA2PSK:
+ drv->capa.key_mgmt |=
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
+ break;
+ case Ndis802_11AuthModeWPANone:
+ drv->capa.key_mgmt |=
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE;
+ break;
+ default:
+ break;
+ }
+ switch (ae->EncryptStatusSupported) {
+ case Ndis802_11Encryption1Enabled:
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40;
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP104;
+ break;
+ case Ndis802_11Encryption2Enabled:
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ break;
+ case Ndis802_11Encryption3Enabled:
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
+ break;
+ default:
+ break;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: driver capabilities: key_mgmt 0x%x "
+ "enc 0x%x auth 0x%x",
+ drv->capa.key_mgmt, drv->capa.enc, drv->capa.auth);
+}
+
+
+static int wpa_driver_ndis_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ if (!drv->has_capability)
+ return -1;
+ os_memcpy(capa, &drv->capa, sizeof(*capa));
+ return 0;
+}
+
+
+static const char * wpa_driver_ndis_get_ifname(void *priv)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ return drv->ifname;
+}
+
+
+static const u8 * wpa_driver_ndis_get_mac_addr(void *priv)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+ return drv->own_addr;
+}
+
+
+#ifdef _WIN32_WCE
+
+#define NDISUIO_MSG_SIZE (sizeof(NDISUIO_DEVICE_NOTIFICATION) + 512)
+
+static void ndisuio_notification_receive(void *eloop_data, void *user_ctx)
+{
+ struct wpa_driver_ndis_data *drv = eloop_data;
+ NDISUIO_DEVICE_NOTIFICATION *hdr;
+ u8 buf[NDISUIO_MSG_SIZE];
+ DWORD len, flags;
+
+ if (!ReadMsgQueue(drv->event_queue, buf, NDISUIO_MSG_SIZE, &len, 0,
+ &flags)) {
+ wpa_printf(MSG_DEBUG, "ndisuio_notification_receive: "
+ "ReadMsgQueue failed: %d", (int) GetLastError());
+ return;
+ }
+
+ if (len < sizeof(NDISUIO_DEVICE_NOTIFICATION)) {
+ wpa_printf(MSG_DEBUG, "ndisuio_notification_receive: "
+ "Too short message (len=%d)", (int) len);
+ return;
+ }
+
+ hdr = (NDISUIO_DEVICE_NOTIFICATION *) buf;
+ wpa_printf(MSG_DEBUG, "NDIS: Notification received: len=%d type=0x%x",
+ (int) len, hdr->dwNotificationType);
+
+ switch (hdr->dwNotificationType) {
+#ifdef NDISUIO_NOTIFICATION_ADAPTER_ARRIVAL
+ case NDISUIO_NOTIFICATION_ADAPTER_ARRIVAL:
+ wpa_printf(MSG_DEBUG, "NDIS: ADAPTER_ARRIVAL");
+ wpa_driver_ndis_event_adapter_arrival(drv);
+ break;
+#endif
+#ifdef NDISUIO_NOTIFICATION_ADAPTER_REMOVAL
+ case NDISUIO_NOTIFICATION_ADAPTER_REMOVAL:
+ wpa_printf(MSG_DEBUG, "NDIS: ADAPTER_REMOVAL");
+ wpa_driver_ndis_event_adapter_removal(drv);
+ break;
+#endif
+ case NDISUIO_NOTIFICATION_MEDIA_CONNECT:
+ wpa_printf(MSG_DEBUG, "NDIS: MEDIA_CONNECT");
+ SetEvent(drv->connected_event);
+ wpa_driver_ndis_event_connect(drv);
+ break;
+ case NDISUIO_NOTIFICATION_MEDIA_DISCONNECT:
+ ResetEvent(drv->connected_event);
+ wpa_printf(MSG_DEBUG, "NDIS: MEDIA_DISCONNECT");
+ wpa_driver_ndis_event_disconnect(drv);
+ break;
+ case NDISUIO_NOTIFICATION_MEDIA_SPECIFIC_NOTIFICATION:
+ wpa_printf(MSG_DEBUG, "NDIS: MEDIA_SPECIFIC_NOTIFICATION");
+#if _WIN32_WCE == 420 || _WIN32_WCE == 0x420
+ wpa_driver_ndis_event_media_specific(
+ drv, hdr->pvStatusBuffer, hdr->uiStatusBufferSize);
+#else
+ wpa_driver_ndis_event_media_specific(
+ drv, ((const u8 *) hdr) + hdr->uiOffsetToStatusBuffer,
+ (size_t) hdr->uiStatusBufferSize);
+#endif
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "NDIS: Unknown notification type 0x%x",
+ hdr->dwNotificationType);
+ break;
+ }
+}
+
+
+static void ndisuio_notification_deinit(struct wpa_driver_ndis_data *drv)
+{
+ NDISUIO_REQUEST_NOTIFICATION req;
+
+ memset(&req, 0, sizeof(req));
+ req.hMsgQueue = drv->event_queue;
+ req.dwNotificationTypes = 0;
+
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_REQUEST_NOTIFICATION,
+ &req, sizeof(req), NULL, 0, NULL, NULL)) {
+ wpa_printf(MSG_INFO, "ndisuio_notification_deinit: "
+ "IOCTL_NDISUIO_REQUEST_NOTIFICATION failed: %d",
+ (int) GetLastError());
+ }
+
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_CANCEL_NOTIFICATION,
+ NULL, 0, NULL, 0, NULL, NULL)) {
+ wpa_printf(MSG_INFO, "ndisuio_notification_deinit: "
+ "IOCTL_NDISUIO_CANCEL_NOTIFICATION failed: %d",
+ (int) GetLastError());
+ }
+
+ if (drv->event_queue) {
+ eloop_unregister_event(drv->event_queue,
+ sizeof(drv->event_queue));
+ CloseHandle(drv->event_queue);
+ drv->event_queue = NULL;
+ }
+
+ if (drv->connected_event) {
+ CloseHandle(drv->connected_event);
+ drv->connected_event = NULL;
+ }
+}
+
+
+static int ndisuio_notification_init(struct wpa_driver_ndis_data *drv)
+{
+ MSGQUEUEOPTIONS opt;
+ NDISUIO_REQUEST_NOTIFICATION req;
+
+ drv->connected_event =
+ CreateEvent(NULL, TRUE, FALSE, TEXT("WpaSupplicantConnected"));
+ if (drv->connected_event == NULL) {
+ wpa_printf(MSG_INFO, "ndisuio_notification_init: "
+ "CreateEvent failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+
+ memset(&opt, 0, sizeof(opt));
+ opt.dwSize = sizeof(opt);
+ opt.dwMaxMessages = 5;
+ opt.cbMaxMessage = NDISUIO_MSG_SIZE;
+ opt.bReadAccess = TRUE;
+
+ drv->event_queue = CreateMsgQueue(NULL, &opt);
+ if (drv->event_queue == NULL) {
+ wpa_printf(MSG_INFO, "ndisuio_notification_init: "
+ "CreateMsgQueue failed: %d",
+ (int) GetLastError());
+ ndisuio_notification_deinit(drv);
+ return -1;
+ }
+
+ memset(&req, 0, sizeof(req));
+ req.hMsgQueue = drv->event_queue;
+ req.dwNotificationTypes =
+#ifdef NDISUIO_NOTIFICATION_ADAPTER_ARRIVAL
+ NDISUIO_NOTIFICATION_ADAPTER_ARRIVAL |
+#endif
+#ifdef NDISUIO_NOTIFICATION_ADAPTER_REMOVAL
+ NDISUIO_NOTIFICATION_ADAPTER_REMOVAL |
+#endif
+ NDISUIO_NOTIFICATION_MEDIA_CONNECT |
+ NDISUIO_NOTIFICATION_MEDIA_DISCONNECT |
+ NDISUIO_NOTIFICATION_MEDIA_SPECIFIC_NOTIFICATION;
+
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_REQUEST_NOTIFICATION,
+ &req, sizeof(req), NULL, 0, NULL, NULL)) {
+ wpa_printf(MSG_INFO, "ndisuio_notification_init: "
+ "IOCTL_NDISUIO_REQUEST_NOTIFICATION failed: %d",
+ (int) GetLastError());
+ ndisuio_notification_deinit(drv);
+ return -1;
+ }
+
+ eloop_register_event(drv->event_queue, sizeof(drv->event_queue),
+ ndisuio_notification_receive, drv, NULL);
+
+ return 0;
+}
+#endif /* _WIN32_WCE */
+
+
+static int wpa_driver_ndis_get_names(struct wpa_driver_ndis_data *drv)
+{
+#ifdef CONFIG_USE_NDISUIO
+ NDISUIO_QUERY_BINDING *b;
+ size_t blen = sizeof(*b) + 1024;
+ int i, error, found = 0;
+ DWORD written;
+ char name[256], desc[256], *dpos;
+ WCHAR *pos;
+ size_t j, len, dlen;
+
+ b = os_malloc(blen);
+ if (b == NULL)
+ return -1;
+
+ for (i = 0; ; i++) {
+ os_memset(b, 0, blen);
+ b->BindingIndex = i;
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_QUERY_BINDING,
+ b, sizeof(NDISUIO_QUERY_BINDING), b, blen,
+ &written, NULL)) {
+ error = (int) GetLastError();
+ if (error == ERROR_NO_MORE_ITEMS)
+ break;
+ wpa_printf(MSG_DEBUG, "IOCTL_NDISUIO_QUERY_BINDING "
+ "failed: %d", error);
+ break;
+ }
+
+ pos = (WCHAR *) ((char *) b + b->DeviceNameOffset);
+ len = b->DeviceNameLength;
+ if (len >= sizeof(name))
+ len = sizeof(name) - 1;
+ for (j = 0; j < len; j++)
+ name[j] = (char) pos[j];
+ name[len] = '\0';
+
+ pos = (WCHAR *) ((char *) b + b->DeviceDescrOffset);
+ len = b->DeviceDescrLength;
+ if (len >= sizeof(desc))
+ len = sizeof(desc) - 1;
+ for (j = 0; j < len; j++)
+ desc[j] = (char) pos[j];
+ desc[len] = '\0';
+
+ wpa_printf(MSG_DEBUG, "NDIS: %d - %s - %s", i, name, desc);
+
+ if (os_strstr(name, drv->ifname)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Interface name match");
+ found = 1;
+ break;
+ }
+
+ if (os_strncmp(desc, drv->ifname, os_strlen(drv->ifname)) == 0)
+ {
+ wpa_printf(MSG_DEBUG, "NDIS: Interface description "
+ "match");
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ wpa_printf(MSG_DEBUG, "NDIS: Could not find interface '%s'",
+ drv->ifname);
+ os_free(b);
+ return -1;
+ }
+
+ os_strncpy(drv->ifname,
+ os_strncmp(name, "\\DEVICE\\", 8) == 0 ? name + 8 : name,
+ sizeof(drv->ifname));
+#ifdef _WIN32_WCE
+ drv->adapter_name = wpa_strdup_tchar(drv->ifname);
+ if (drv->adapter_name == NULL) {
+ wpa_printf(MSG_ERROR, "NDIS: Failed to allocate memory for "
+ "adapter name");
+ os_free(b);
+ return -1;
+ }
+#endif /* _WIN32_WCE */
+
+ dpos = os_strstr(desc, " - ");
+ if (dpos)
+ dlen = dpos - desc;
+ else
+ dlen = os_strlen(desc);
+ drv->adapter_desc = os_malloc(dlen + 1);
+ if (drv->adapter_desc) {
+ os_memcpy(drv->adapter_desc, desc, dlen);
+ drv->adapter_desc[dlen] = '\0';
+ }
+
+ os_free(b);
+
+ if (drv->adapter_desc == NULL)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Adapter description prefix '%s'",
+ drv->adapter_desc);
+
+ return 0;
+#else /* CONFIG_USE_NDISUIO */
+ PTSTR _names;
+ char *names, *pos, *pos2;
+ ULONG len;
+ BOOLEAN res;
+#define MAX_ADAPTERS 32
+ char *name[MAX_ADAPTERS];
+ char *desc[MAX_ADAPTERS];
+ int num_name, num_desc, i, found_name, found_desc;
+ size_t dlen;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Packet.dll version: %s",
+ PacketGetVersion());
+
+ len = 8192;
+ _names = os_zalloc(len);
+ if (_names == NULL)
+ return -1;
+
+ res = PacketGetAdapterNames(_names, &len);
+ if (!res && len > 8192) {
+ os_free(_names);
+ _names = os_zalloc(len);
+ if (_names == NULL)
+ return -1;
+ res = PacketGetAdapterNames(_names, &len);
+ }
+
+ if (!res) {
+ wpa_printf(MSG_ERROR, "NDIS: Failed to get adapter list "
+ "(PacketGetAdapterNames)");
+ os_free(_names);
+ return -1;
+ }
+
+ names = (char *) _names;
+ if (names[0] && names[1] == '\0' && names[2] && names[3] == '\0') {
+ wpa_printf(MSG_DEBUG, "NDIS: Looks like adapter names are in "
+ "UNICODE");
+ /* Convert to ASCII */
+ pos2 = pos = names;
+ while (pos2 < names + len) {
+ if (pos2[0] == '\0' && pos2[1] == '\0' &&
+ pos2[2] == '\0' && pos2[3] == '\0') {
+ pos2 += 4;
+ break;
+ }
+ *pos++ = pos2[0];
+ pos2 += 2;
+ }
+ os_memcpy(pos + 2, names, pos - names);
+ pos += 2;
+ } else
+ pos = names;
+
+ num_name = 0;
+ while (pos < names + len) {
+ name[num_name] = pos;
+ while (*pos && pos < names + len)
+ pos++;
+ if (pos + 1 >= names + len) {
+ os_free(names);
+ return -1;
+ }
+ pos++;
+ num_name++;
+ if (num_name >= MAX_ADAPTERS) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too many adapters");
+ os_free(names);
+ return -1;
+ }
+ if (*pos == '\0') {
+ wpa_printf(MSG_DEBUG, "NDIS: %d adapter names found",
+ num_name);
+ pos++;
+ break;
+ }
+ }
+
+ num_desc = 0;
+ while (pos < names + len) {
+ desc[num_desc] = pos;
+ while (*pos && pos < names + len)
+ pos++;
+ if (pos + 1 >= names + len) {
+ os_free(names);
+ return -1;
+ }
+ pos++;
+ num_desc++;
+ if (num_desc >= MAX_ADAPTERS) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too many adapter "
+ "descriptions");
+ os_free(names);
+ return -1;
+ }
+ if (*pos == '\0') {
+ wpa_printf(MSG_DEBUG, "NDIS: %d adapter descriptions "
+ "found", num_name);
+ pos++;
+ break;
+ }
+ }
+
+ /*
+ * Windows 98 with Packet.dll 3.0 alpha3 does not include adapter
+ * descriptions. Fill in dummy descriptors to work around this.
+ */
+ while (num_desc < num_name)
+ desc[num_desc++] = "dummy description";
+
+ if (num_name != num_desc) {
+ wpa_printf(MSG_DEBUG, "NDIS: mismatch in adapter name and "
+ "description counts (%d != %d)",
+ num_name, num_desc);
+ os_free(names);
+ return -1;
+ }
+
+ found_name = found_desc = -1;
+ for (i = 0; i < num_name; i++) {
+ wpa_printf(MSG_DEBUG, "NDIS: %d - %s - %s",
+ i, name[i], desc[i]);
+ if (found_name == -1 && os_strstr(name[i], drv->ifname))
+ found_name = i;
+ if (found_desc == -1 &&
+ os_strncmp(desc[i], drv->ifname, os_strlen(drv->ifname)) ==
+ 0)
+ found_desc = i;
+ }
+
+ if (found_name < 0 && found_desc >= 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Matched interface '%s' based on "
+ "description '%s'",
+ name[found_desc], desc[found_desc]);
+ found_name = found_desc;
+ os_strncpy(drv->ifname,
+ os_strncmp(name[found_desc], "\\Device\\NPF_", 12)
+ == 0 ? name[found_desc] + 12 : name[found_desc],
+ sizeof(drv->ifname));
+ }
+
+ if (found_name < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Could not find interface '%s'",
+ drv->ifname);
+ os_free(names);
+ return -1;
+ }
+
+ i = found_name;
+ pos = os_strrchr(desc[i], '(');
+ if (pos) {
+ dlen = pos - desc[i];
+ pos--;
+ if (pos > desc[i] && *pos == ' ')
+ dlen--;
+ } else {
+ dlen = os_strlen(desc[i]);
+ }
+ drv->adapter_desc = os_malloc(dlen + 1);
+ if (drv->adapter_desc) {
+ os_memcpy(drv->adapter_desc, desc[i], dlen);
+ drv->adapter_desc[dlen] = '\0';
+ }
+
+ os_free(names);
+
+ if (drv->adapter_desc == NULL)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Adapter description prefix '%s'",
+ drv->adapter_desc);
+
+ return 0;
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+#if defined(CONFIG_NATIVE_WINDOWS) || defined(__CYGWIN__)
+#ifndef _WIN32_WCE
+/*
+ * These structures are undocumented for WinXP; only WinCE version is
+ * documented. These would be included wzcsapi.h if it were available. Some
+ * changes here have been needed to make the structures match with WinXP SP2.
+ * It is unclear whether these work with any other version.
+ */
+
+typedef struct {
+ LPWSTR wszGuid;
+} INTF_KEY_ENTRY, *PINTF_KEY_ENTRY;
+
+typedef struct {
+ DWORD dwNumIntfs;
+ PINTF_KEY_ENTRY pIntfs;
+} INTFS_KEY_TABLE, *PINTFS_KEY_TABLE;
+
+typedef struct {
+ DWORD dwDataLen;
+ LPBYTE pData;
+} RAW_DATA, *PRAW_DATA;
+
+typedef struct {
+ LPWSTR wszGuid;
+ LPWSTR wszDescr;
+ ULONG ulMediaState;
+ ULONG ulMediaType;
+ ULONG ulPhysicalMediaType;
+ INT nInfraMode;
+ INT nAuthMode;
+ INT nWepStatus;
+#ifndef _WIN32_WCE
+ u8 pad[2]; /* why is this needed? */
+#endif /* _WIN32_WCE */
+ DWORD dwCtlFlags;
+ DWORD dwCapabilities; /* something added for WinXP SP2(?) */
+ RAW_DATA rdSSID;
+ RAW_DATA rdBSSID;
+ RAW_DATA rdBSSIDList;
+ RAW_DATA rdStSSIDList;
+ RAW_DATA rdCtrlData;
+#ifdef UNDER_CE
+ BOOL bInitialized;
+#endif
+ DWORD nWPAMCastCipher;
+ /* add some extra buffer for later additions since this interface is
+ * far from stable */
+ u8 later_additions[100];
+} INTF_ENTRY, *PINTF_ENTRY;
+
+#define INTF_ALL 0xffffffff
+#define INTF_ALL_FLAGS 0x0000ffff
+#define INTF_CTLFLAGS 0x00000010
+#define INTFCTL_ENABLED 0x8000
+#endif /* _WIN32_WCE */
+
+
+#ifdef _WIN32_WCE
+static int wpa_driver_ndis_rebind_adapter(struct wpa_driver_ndis_data *drv)
+{
+ HANDLE ndis;
+ TCHAR multi[100];
+ int len;
+
+ len = _tcslen(drv->adapter_name);
+ if (len > 80)
+ return -1;
+
+ ndis = CreateFile(DD_NDIS_DEVICE_NAME, GENERIC_READ | GENERIC_WRITE,
+ 0, NULL, OPEN_EXISTING, 0, NULL);
+ if (ndis == INVALID_HANDLE_VALUE) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to open file to NDIS "
+ "device: %d", (int) GetLastError());
+ return -1;
+ }
+
+ len++;
+ memcpy(multi, drv->adapter_name, len * sizeof(TCHAR));
+ memcpy(&multi[len], TEXT("NDISUIO\0"), 9 * sizeof(TCHAR));
+ len += 9;
+
+ if (!DeviceIoControl(ndis, IOCTL_NDIS_REBIND_ADAPTER,
+ multi, len * sizeof(TCHAR), NULL, 0, NULL, NULL))
+ {
+ wpa_printf(MSG_DEBUG, "NDIS: IOCTL_NDIS_REBIND_ADAPTER "
+ "failed: 0x%x", (int) GetLastError());
+ wpa_hexdump_ascii(MSG_DEBUG, "NDIS: rebind multi_sz",
+ (u8 *) multi, len * sizeof(TCHAR));
+ CloseHandle(ndis);
+ return -1;
+ }
+
+ CloseHandle(ndis);
+
+ wpa_printf(MSG_DEBUG, "NDIS: Requested NDIS rebind of NDISUIO "
+ "protocol");
+
+ return 0;
+}
+#endif /* _WIN32_WCE */
+
+
+static int wpa_driver_ndis_set_wzc(struct wpa_driver_ndis_data *drv,
+ int enable)
+{
+#ifdef _WIN32_WCE
+ HKEY hk, hk2;
+ LONG ret;
+ DWORD i, hnd, len;
+ TCHAR keyname[256], devname[256];
+
+#define WZC_DRIVER TEXT("Drivers\\BuiltIn\\ZeroConfig")
+
+ if (enable) {
+ HANDLE h;
+ h = ActivateDeviceEx(WZC_DRIVER, NULL, 0, NULL);
+ if (h == INVALID_HANDLE_VALUE || h == 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to re-enable WZC "
+ "- ActivateDeviceEx failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: WZC re-enabled");
+ return wpa_driver_ndis_rebind_adapter(drv);
+ }
+
+ /*
+ * Unfortunately, just disabling the WZC for an interface is not enough
+ * to free NDISUIO for us, so need to disable and unload WZC completely
+ * for now when using WinCE with NDISUIO. In addition, must request
+ * NDISUIO protocol to be rebound to the adapter in order to free the
+ * NDISUIO binding that WZC hold before us.
+ */
+
+ /* Enumerate HKLM\Drivers\Active\* to find a handle to WZC. */
+ ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, DEVLOAD_ACTIVE_KEY, 0, 0, &hk);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "NDIS: RegOpenKeyEx(DEVLOAD_ACTIVE_KEY) "
+ "failed: %d %d", (int) ret, (int) GetLastError());
+ return -1;
+ }
+
+ for (i = 0; ; i++) {
+ len = sizeof(keyname);
+ ret = RegEnumKeyEx(hk, i, keyname, &len, NULL, NULL, NULL,
+ NULL);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "NDIS: Could not find active "
+ "WZC - assuming it is not running.");
+ RegCloseKey(hk);
+ return -1;
+ }
+
+ ret = RegOpenKeyEx(hk, keyname, 0, 0, &hk2);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "NDIS: RegOpenKeyEx(active dev) "
+ "failed: %d %d",
+ (int) ret, (int) GetLastError());
+ continue;
+ }
+
+ len = sizeof(devname);
+ ret = RegQueryValueEx(hk2, DEVLOAD_DEVKEY_VALNAME, NULL, NULL,
+ (LPBYTE) devname, &len);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "NDIS: RegQueryValueEx("
+ "DEVKEY_VALNAME) failed: %d %d",
+ (int) ret, (int) GetLastError());
+ RegCloseKey(hk2);
+ continue;
+ }
+
+ if (_tcscmp(devname, WZC_DRIVER) == 0)
+ break;
+
+ RegCloseKey(hk2);
+ }
+
+ RegCloseKey(hk);
+
+ /* Found WZC - get handle to it. */
+ len = sizeof(hnd);
+ ret = RegQueryValueEx(hk2, DEVLOAD_HANDLE_VALNAME, NULL, NULL,
+ (PUCHAR) &hnd, &len);
+ if (ret != ERROR_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "NDIS: RegQueryValueEx(HANDLE_VALNAME) "
+ "failed: %d %d", (int) ret, (int) GetLastError());
+ RegCloseKey(hk2);
+ return -1;
+ }
+
+ RegCloseKey(hk2);
+
+ /* Deactivate WZC */
+ if (!DeactivateDevice((HANDLE) hnd)) {
+ wpa_printf(MSG_DEBUG, "NDIS: DeactivateDevice failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: Disabled WZC temporarily");
+ drv->wzc_disabled = 1;
+ return wpa_driver_ndis_rebind_adapter(drv);
+
+#else /* _WIN32_WCE */
+
+ HMODULE hm;
+ DWORD (WINAPI *wzc_enum_interf)(LPWSTR pSrvAddr,
+ PINTFS_KEY_TABLE pIntfs);
+ DWORD (WINAPI *wzc_query_interf)(LPWSTR pSrvAddr, DWORD dwInFlags,
+ PINTF_ENTRY pIntf,
+ LPDWORD pdwOutFlags);
+ DWORD (WINAPI *wzc_set_interf)(LPWSTR pSrvAddr, DWORD dwInFlags,
+ PINTF_ENTRY pIntf, LPDWORD pdwOutFlags);
+ int ret = -1, j;
+ DWORD res;
+ INTFS_KEY_TABLE guids;
+ INTF_ENTRY intf;
+ char guid[128];
+ WCHAR *pos;
+ DWORD flags, i;
+
+ hm = LoadLibrary(TEXT("wzcsapi.dll"));
+ if (hm == NULL) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to load wzcsapi.dll (%u) "
+ "- WZC probably not running",
+ (unsigned int) GetLastError());
+ return -1;
+ }
+
+#ifdef _WIN32_WCE
+ wzc_enum_interf = (void *) GetProcAddressA(hm, "WZCEnumInterfaces");
+ wzc_query_interf = (void *) GetProcAddressA(hm, "WZCQueryInterface");
+ wzc_set_interf = (void *) GetProcAddressA(hm, "WZCSetInterface");
+#else /* _WIN32_WCE */
+ wzc_enum_interf = (void *) GetProcAddress(hm, "WZCEnumInterfaces");
+ wzc_query_interf = (void *) GetProcAddress(hm, "WZCQueryInterface");
+ wzc_set_interf = (void *) GetProcAddress(hm, "WZCSetInterface");
+#endif /* _WIN32_WCE */
+
+ if (wzc_enum_interf == NULL || wzc_query_interf == NULL ||
+ wzc_set_interf == NULL) {
+ wpa_printf(MSG_DEBUG, "NDIS: WZCEnumInterfaces, "
+ "WZCQueryInterface, or WZCSetInterface not found "
+ "in wzcsapi.dll");
+ goto fail;
+ }
+
+ os_memset(&guids, 0, sizeof(guids));
+ res = wzc_enum_interf(NULL, &guids);
+ if (res != 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: WZCEnumInterfaces failed: %d; "
+ "WZC service is apparently not running",
+ (int) res);
+ goto fail;
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: WZCEnumInterfaces: %d interfaces",
+ (int) guids.dwNumIntfs);
+
+ for (i = 0; i < guids.dwNumIntfs; i++) {
+ pos = guids.pIntfs[i].wszGuid;
+ for (j = 0; j < sizeof(guid); j++) {
+ guid[j] = (char) *pos;
+ if (*pos == 0)
+ break;
+ pos++;
+ }
+ guid[sizeof(guid) - 1] = '\0';
+ wpa_printf(MSG_DEBUG, "NDIS: intfs %d GUID '%s'",
+ (int) i, guid);
+ if (os_strstr(drv->ifname, guid) == NULL)
+ continue;
+
+ wpa_printf(MSG_DEBUG, "NDIS: Current interface found from "
+ "WZC");
+ break;
+ }
+
+ if (i >= guids.dwNumIntfs) {
+ wpa_printf(MSG_DEBUG, "NDIS: Current interface not found from "
+ "WZC");
+ goto fail;
+ }
+
+ os_memset(&intf, 0, sizeof(intf));
+ intf.wszGuid = guids.pIntfs[i].wszGuid;
+ /* Set flags to verify that the structure has not changed. */
+ intf.dwCtlFlags = -1;
+ flags = 0;
+ res = wzc_query_interf(NULL, INTFCTL_ENABLED, &intf, &flags);
+ if (res != 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Could not query flags for the "
+ "WZC interface: %d (0x%x)",
+ (int) res, (int) res);
+ wpa_printf(MSG_DEBUG, "NDIS: GetLastError: %u",
+ (unsigned int) GetLastError());
+ goto fail;
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: WZC interface flags 0x%x dwCtlFlags 0x%x",
+ (int) flags, (int) intf.dwCtlFlags);
+
+ if (intf.dwCtlFlags == -1) {
+ wpa_printf(MSG_DEBUG, "NDIS: Looks like wzcsapi has changed "
+ "again - could not disable WZC");
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: intf",
+ (u8 *) &intf, sizeof(intf));
+ goto fail;
+ }
+
+ if (enable) {
+ if (!(intf.dwCtlFlags & INTFCTL_ENABLED)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Enabling WZC for this "
+ "interface");
+ intf.dwCtlFlags |= INTFCTL_ENABLED;
+ res = wzc_set_interf(NULL, INTFCTL_ENABLED, &intf,
+ &flags);
+ if (res != 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to enable "
+ "WZC: %d (0x%x)",
+ (int) res, (int) res);
+ wpa_printf(MSG_DEBUG, "NDIS: GetLastError: %u",
+ (unsigned int) GetLastError());
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "NDIS: Re-enabled WZC for this "
+ "interface");
+ drv->wzc_disabled = 0;
+ }
+ } else {
+ if (intf.dwCtlFlags & INTFCTL_ENABLED) {
+ wpa_printf(MSG_DEBUG, "NDIS: Disabling WZC for this "
+ "interface");
+ intf.dwCtlFlags &= ~INTFCTL_ENABLED;
+ res = wzc_set_interf(NULL, INTFCTL_ENABLED, &intf,
+ &flags);
+ if (res != 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to "
+ "disable WZC: %d (0x%x)",
+ (int) res, (int) res);
+ wpa_printf(MSG_DEBUG, "NDIS: GetLastError: %u",
+ (unsigned int) GetLastError());
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "NDIS: Disabled WZC temporarily "
+ "for this interface");
+ drv->wzc_disabled = 1;
+ } else {
+ wpa_printf(MSG_DEBUG, "NDIS: WZC was not enabled for "
+ "this interface");
+ }
+ }
+
+ ret = 0;
+
+fail:
+ FreeLibrary(hm);
+
+ return ret;
+#endif /* _WIN32_WCE */
+}
+
+#else /* CONFIG_NATIVE_WINDOWS || __CYGWIN__ */
+
+static int wpa_driver_ndis_set_wzc(struct wpa_driver_ndis_data *drv,
+ int enable)
+{
+ return 0;
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS || __CYGWIN__ */
+
+
+#ifdef CONFIG_USE_NDISUIO
+/*
+ * l2_packet_ndis.c is sharing the same handle to NDISUIO, so we must be able
+ * to export this handle. This is somewhat ugly, but there is no better
+ * mechanism available to pass data from driver interface to l2_packet wrapper.
+ */
+static HANDLE driver_ndis_ndisuio_handle = INVALID_HANDLE_VALUE;
+
+HANDLE driver_ndis_get_ndisuio_handle(void)
+{
+ return driver_ndis_ndisuio_handle;
+}
+#endif /* CONFIG_USE_NDISUIO */
+
+
+static int wpa_driver_ndis_adapter_init(struct wpa_driver_ndis_data *drv)
+{
+#ifdef CONFIG_USE_NDISUIO
+#ifndef _WIN32_WCE
+#define NDISUIO_DEVICE_NAME TEXT("\\\\.\\\\Ndisuio")
+ DWORD written;
+#endif /* _WIN32_WCE */
+ drv->ndisuio = CreateFile(NDISUIO_DEVICE_NAME,
+ GENERIC_READ | GENERIC_WRITE, 0, NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED,
+ INVALID_HANDLE_VALUE);
+ if (drv->ndisuio == INVALID_HANDLE_VALUE) {
+ wpa_printf(MSG_ERROR, "NDIS: Failed to open connection to "
+ "NDISUIO: %d", (int) GetLastError());
+ return -1;
+ }
+ driver_ndis_ndisuio_handle = drv->ndisuio;
+
+#ifndef _WIN32_WCE
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_BIND_WAIT, NULL, 0,
+ NULL, 0, &written, NULL)) {
+ wpa_printf(MSG_ERROR, "NDIS: IOCTL_NDISUIO_BIND_WAIT failed: "
+ "%d", (int) GetLastError());
+ CloseHandle(drv->ndisuio);
+ drv->ndisuio = INVALID_HANDLE_VALUE;
+ return -1;
+ }
+#endif /* _WIN32_WCE */
+
+ return 0;
+#else /* CONFIG_USE_NDISUIO */
+ return 0;
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+static int wpa_driver_ndis_adapter_open(struct wpa_driver_ndis_data *drv)
+{
+#ifdef CONFIG_USE_NDISUIO
+ DWORD written;
+#define MAX_NDIS_DEVICE_NAME_LEN 256
+ WCHAR ifname[MAX_NDIS_DEVICE_NAME_LEN];
+ size_t len, i, pos;
+ const char *prefix = "\\DEVICE\\";
+
+#ifdef _WIN32_WCE
+ pos = 0;
+#else /* _WIN32_WCE */
+ pos = 8;
+#endif /* _WIN32_WCE */
+ len = pos + os_strlen(drv->ifname);
+ if (len >= MAX_NDIS_DEVICE_NAME_LEN)
+ return -1;
+ for (i = 0; i < pos; i++)
+ ifname[i] = (WCHAR) prefix[i];
+ for (i = pos; i < len; i++)
+ ifname[i] = (WCHAR) drv->ifname[i - pos];
+ ifname[i] = L'\0';
+
+ if (!DeviceIoControl(drv->ndisuio, IOCTL_NDISUIO_OPEN_DEVICE,
+ ifname, len * sizeof(WCHAR), NULL, 0, &written,
+ NULL)) {
+ wpa_printf(MSG_ERROR, "NDIS: IOCTL_NDISUIO_OPEN_DEVICE "
+ "failed: %d", (int) GetLastError());
+ wpa_hexdump_ascii(MSG_DEBUG, "NDIS: ifname",
+ (const u8 *) ifname, len * sizeof(WCHAR));
+ CloseHandle(drv->ndisuio);
+ drv->ndisuio = INVALID_HANDLE_VALUE;
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "NDIS: Opened NDISUIO device successfully");
+
+ return 0;
+#else /* CONFIG_USE_NDISUIO */
+ char ifname[128];
+ os_snprintf(ifname, sizeof(ifname), "\\Device\\NPF_%s", drv->ifname);
+ drv->adapter = PacketOpenAdapter(ifname);
+ if (drv->adapter == NULL) {
+ wpa_printf(MSG_DEBUG, "NDIS: PacketOpenAdapter failed for "
+ "'%s'", ifname);
+ return -1;
+ }
+ return 0;
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+static void wpa_driver_ndis_adapter_close(struct wpa_driver_ndis_data *drv)
+{
+#ifdef CONFIG_USE_NDISUIO
+ driver_ndis_ndisuio_handle = INVALID_HANDLE_VALUE;
+ if (drv->ndisuio != INVALID_HANDLE_VALUE)
+ CloseHandle(drv->ndisuio);
+#else /* CONFIG_USE_NDISUIO */
+ if (drv->adapter)
+ PacketCloseAdapter(drv->adapter);
+#endif /* CONFIG_USE_NDISUIO */
+}
+
+
+static void * wpa_driver_ndis_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_ndis_data *drv;
+ u32 mode;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->ctx = ctx;
+ /*
+ * Compatibility code to strip possible prefix from the GUID. Previous
+ * versions include \Device\NPF_ prefix for all names, but the internal
+ * interface name is now only the GUI. Both Packet32 and NDISUIO
+ * prefixes are supported.
+ */
+ if (os_strncmp(ifname, "\\Device\\NPF_", 12) == 0)
+ ifname += 12;
+ else if (os_strncmp(ifname, "\\DEVICE\\", 8) == 0)
+ ifname += 8;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+
+ if (wpa_driver_ndis_adapter_init(drv) < 0) {
+ os_free(drv);
+ return NULL;
+ }
+
+ if (wpa_driver_ndis_get_names(drv) < 0) {
+ wpa_driver_ndis_adapter_close(drv);
+ os_free(drv);
+ return NULL;
+ }
+
+ wpa_driver_ndis_set_wzc(drv, 0);
+
+ if (wpa_driver_ndis_adapter_open(drv) < 0) {
+ wpa_driver_ndis_adapter_close(drv);
+ os_free(drv);
+ return NULL;
+ }
+
+ if (ndis_get_oid(drv, OID_802_3_CURRENT_ADDRESS,
+ drv->own_addr, ETH_ALEN) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Get OID_802_3_CURRENT_ADDRESS "
+ "failed");
+ wpa_driver_ndis_adapter_close(drv);
+ os_free(drv);
+ return NULL;
+ }
+ wpa_driver_ndis_get_capability(drv);
+
+ /* Make sure that the driver does not have any obsolete PMKID entries.
+ */
+ wpa_driver_ndis_flush_pmkid(drv);
+
+ eloop_register_timeout(1, 0, wpa_driver_ndis_poll_timeout, drv, NULL);
+
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+ drv->events = ndis_events_init(&drv->events_pipe, &drv->event_avail,
+ drv->ifname, drv->adapter_desc);
+ if (drv->events == NULL) {
+ wpa_driver_ndis_deinit(drv);
+ return NULL;
+ }
+ eloop_register_event(drv->event_avail, sizeof(drv->event_avail),
+ wpa_driver_ndis_event_pipe_cb, drv, NULL);
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
+
+#ifdef _WIN32_WCE
+ if (ndisuio_notification_init(drv) < 0) {
+ wpa_driver_ndis_deinit(drv);
+ return NULL;
+ }
+#endif /* _WIN32_WCE */
+
+ /* Set mode here in case card was configured for ad-hoc mode
+ * previously. */
+ mode = Ndis802_11Infrastructure;
+ if (ndis_set_oid(drv, OID_802_11_INFRASTRUCTURE_MODE,
+ (char *) &mode, sizeof(mode)) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to set "
+ "OID_802_11_INFRASTRUCTURE_MODE (%d)",
+ (int) mode);
+ /* Try to continue anyway */
+
+ if (!drv->has_capability && drv->capa.enc == 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Driver did not provide "
+ "any wireless capabilities - assume it is "
+ "a wired interface");
+ drv->wired = 1;
+ }
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_ndis_deinit(void *priv)
+{
+ struct wpa_driver_ndis_data *drv = priv;
+
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+ if (drv->events) {
+ eloop_unregister_event(drv->event_avail,
+ sizeof(drv->event_avail));
+ ndis_events_deinit(drv->events);
+ }
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
+
+#ifdef _WIN32_WCE
+ ndisuio_notification_deinit(drv);
+#endif /* _WIN32_WCE */
+
+ eloop_cancel_timeout(wpa_driver_ndis_scan_timeout, drv, drv->ctx);
+ eloop_cancel_timeout(wpa_driver_ndis_poll_timeout, drv, NULL);
+ wpa_driver_ndis_flush_pmkid(drv);
+ wpa_driver_ndis_disconnect(drv);
+ if (wpa_driver_ndis_radio_off(drv) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: failed to disassociate and turn "
+ "radio off");
+ }
+
+ wpa_driver_ndis_adapter_close(drv);
+
+ if (drv->wzc_disabled)
+ wpa_driver_ndis_set_wzc(drv, 1);
+
+#ifdef _WIN32_WCE
+ os_free(drv->adapter_name);
+#endif /* _WIN32_WCE */
+ os_free(drv->adapter_desc);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_ndis_ops = {
+ "ndis",
+ "Windows NDIS driver",
+ wpa_driver_ndis_get_bssid,
+ wpa_driver_ndis_get_ssid,
+ wpa_driver_ndis_set_wpa,
+ wpa_driver_ndis_set_key,
+ wpa_driver_ndis_init,
+ wpa_driver_ndis_deinit,
+ NULL /* set_param */,
+ NULL /* set_countermeasures */,
+ NULL /* set_drop_unencrypted */,
+ wpa_driver_ndis_scan,
+ wpa_driver_ndis_get_scan_results,
+ wpa_driver_ndis_deauthenticate,
+ wpa_driver_ndis_disassociate,
+ wpa_driver_ndis_associate,
+ NULL /* set_auth_alg */,
+ wpa_driver_ndis_add_pmkid,
+ wpa_driver_ndis_remove_pmkid,
+ wpa_driver_ndis_flush_pmkid,
+ wpa_driver_ndis_get_capa,
+ wpa_driver_ndis_poll,
+ wpa_driver_ndis_get_ifname,
+ wpa_driver_ndis_get_mac_addr,
+ NULL /* send_eapol */,
+ NULL /* set_operstate */,
+ NULL /* mlme_setprotection */,
+ NULL /* get_hw_feature_data */,
+ NULL /* set_channel */,
+ NULL /* set_ssid */,
+ NULL /* set_bssid */,
+ NULL /* send_mlme */,
+ NULL /* mlme_add_sta */,
+ NULL /* mlme_remove_sta */
+};
--- /dev/null
+/*
+ * WPA Supplicant - Windows/NDIS driver interface
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DRIVER_NDIS_H
+#define DRIVER_NDIS_H
+
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+struct ndis_events_data;
+struct ndis_events_data * ndis_events_init(HANDLE *read_pipe, HANDLE *event,
+ const char *ifname,
+ const char *desc);
+void ndis_events_deinit(struct ndis_events_data *events);
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
+
+struct ndis_pmkid_entry {
+ struct ndis_pmkid_entry *next;
+ u8 bssid[ETH_ALEN];
+ u8 pmkid[16];
+};
+
+struct wpa_driver_ndis_data {
+ void *ctx;
+ char ifname[100]; /* GUID: {7EE3EFE5-C165-472F-986D-F6FBEDFE8C8D} */
+#ifdef _WIN32_WCE
+ TCHAR *adapter_name;
+ HANDLE event_queue; /* NDISUIO notifier MsgQueue */
+ HANDLE connected_event; /* WpaSupplicantConnected event */
+#endif /* _WIN32_WCE */
+ u8 own_addr[ETH_ALEN];
+#ifdef CONFIG_USE_NDISUIO
+ HANDLE ndisuio;
+#else /* CONFIG_USE_NDISUIO */
+ LPADAPTER adapter;
+#endif /* CONFIG_USE_NDISUIO */
+ u8 bssid[ETH_ALEN];
+
+ int has_capability;
+ int no_of_pmkid;
+ int radio_enabled;
+ struct wpa_driver_capa capa;
+ struct ndis_pmkid_entry *pmkid;
+ char *adapter_desc;
+ int wired;
+ int mode;
+ int wzc_disabled;
+ int oid_bssid_set;
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+ HANDLE events_pipe, event_avail;
+ struct ndis_events_data *events;
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
+};
+
+#endif /* DRIVER_NDIS_H */
--- /dev/null
+/*
+ * WPA Supplicant - Windows/NDIS driver interface - event processing
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "driver.h"
+#include "wpa_supplicant.h"
+#include "l2_packet.h"
+#include "eloop.h"
+#include "wpa.h"
+
+/* Keep this event processing in a separate file and without WinPcap headers to
+ * avoid conflicts with some of the header files. */
+struct _ADAPTER;
+typedef struct _ADAPTER * LPADAPTER;
+#include "driver_ndis.h"
+
+
+void wpa_driver_ndis_event_connect(struct wpa_driver_ndis_data *drv);
+void wpa_driver_ndis_event_disconnect(struct wpa_driver_ndis_data *drv);
+void wpa_driver_ndis_event_media_specific(struct wpa_driver_ndis_data *drv,
+ const u8 *data, size_t data_len);
+void wpa_driver_ndis_event_adapter_arrival(struct wpa_driver_ndis_data *drv);
+void wpa_driver_ndis_event_adapter_removal(struct wpa_driver_ndis_data *drv);
+
+
+enum event_types { EVENT_CONNECT, EVENT_DISCONNECT,
+ EVENT_MEDIA_SPECIFIC, EVENT_ADAPTER_ARRIVAL,
+ EVENT_ADAPTER_REMOVAL };
+
+/* Event data:
+ * enum event_types (as int, i.e., 4 octets)
+ * data length (2 octets (big endian), optional)
+ * data (variable len, optional)
+ */
+
+
+static void wpa_driver_ndis_event_process(struct wpa_driver_ndis_data *drv,
+ u8 *buf, size_t len)
+{
+ u8 *pos, *data = NULL;
+ enum event_types type;
+ size_t data_len = 0;
+
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: received event data", buf, len);
+ if (len < sizeof(int))
+ return;
+ type = *((int *) buf);
+ pos = buf + sizeof(int);
+ wpa_printf(MSG_DEBUG, "NDIS: event - type %d", type);
+
+ if (buf + len - pos > 2) {
+ data_len = (int) *pos++ << 8;
+ data_len += *pos++;
+ if (data_len > (size_t) (buf + len - pos)) {
+ wpa_printf(MSG_DEBUG, "NDIS: event data overflow");
+ return;
+ }
+ data = pos;
+ wpa_hexdump(MSG_MSGDUMP, "NDIS: event data", data, data_len);
+ }
+
+ switch (type) {
+ case EVENT_CONNECT:
+ wpa_driver_ndis_event_connect(drv);
+ break;
+ case EVENT_DISCONNECT:
+ wpa_driver_ndis_event_disconnect(drv);
+ break;
+ case EVENT_MEDIA_SPECIFIC:
+ wpa_driver_ndis_event_media_specific(drv, data, data_len);
+ break;
+ case EVENT_ADAPTER_ARRIVAL:
+ wpa_driver_ndis_event_adapter_arrival(drv);
+ break;
+ case EVENT_ADAPTER_REMOVAL:
+ wpa_driver_ndis_event_adapter_removal(drv);
+ break;
+ }
+}
+
+
+void wpa_driver_ndis_event_pipe_cb(void *eloop_data, void *user_data)
+{
+ struct wpa_driver_ndis_data *drv = eloop_data;
+ u8 buf[512];
+ DWORD len;
+
+ ResetEvent(drv->event_avail);
+ if (ReadFile(drv->events_pipe, buf, sizeof(buf), &len, NULL))
+ wpa_driver_ndis_event_process(drv, buf, len);
+ else {
+ wpa_printf(MSG_DEBUG, "%s: ReadFile() failed: %d", __func__,
+ (int) GetLastError());
+ }
+}
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Linux ndiswrapper
+ * Copyright (c) 2004-2006, Giridhar Pemmasani <giri@lmc.cs.sunysb.edu>
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <net/if_arp.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "l2_packet.h"
+#include "eloop.h"
+#include "priv_netlink.h"
+#include "driver_wext.h"
+
+struct wpa_driver_ndiswrapper_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+};
+
+
+struct wpa_key
+{
+ wpa_alg alg;
+ const u8 *addr;
+ int key_index;
+ int set_tx;
+ const u8 *seq;
+ size_t seq_len;
+ const u8 *key;
+ size_t key_len;
+};
+
+struct wpa_assoc_info
+{
+ const u8 *bssid;
+ const u8 *ssid;
+ size_t ssid_len;
+ int freq;
+ const u8 *wpa_ie;
+ size_t wpa_ie_len;
+ wpa_cipher pairwise_suite;
+ wpa_cipher group_suite;
+ wpa_key_mgmt key_mgmt_suite;
+ int auth_alg;
+ int mode;
+};
+
+#define PRIV_RESET SIOCIWFIRSTPRIV+0
+#define WPA_SET_WPA SIOCIWFIRSTPRIV+1
+#define WPA_SET_KEY SIOCIWFIRSTPRIV+2
+#define WPA_ASSOCIATE SIOCIWFIRSTPRIV+3
+#define WPA_DISASSOCIATE SIOCIWFIRSTPRIV+4
+#define WPA_DROP_UNENCRYPTED SIOCIWFIRSTPRIV+5
+#define WPA_SET_COUNTERMEASURES SIOCIWFIRSTPRIV+6
+#define WPA_DEAUTHENTICATE SIOCIWFIRSTPRIV+7
+#define WPA_SET_AUTH_ALG SIOCIWFIRSTPRIV+8
+#define WPA_INIT SIOCIWFIRSTPRIV+9
+#define WPA_DEINIT SIOCIWFIRSTPRIV+10
+#define WPA_GET_CAPA SIOCIWFIRSTPRIV+11
+
+static int get_socket(void)
+{
+ static const int families[] = {
+ AF_INET, AF_IPX, AF_AX25, AF_APPLETALK
+ };
+ unsigned int i;
+ int sock;
+
+ for (i = 0; i < sizeof(families) / sizeof(int); ++i) {
+ sock = socket(families[i], SOCK_DGRAM, 0);
+ if (sock >= 0)
+ return sock;
+ }
+
+ return -1;
+}
+
+static int iw_set_ext(struct wpa_driver_ndiswrapper_data *drv, int request,
+ struct iwreq *pwrq)
+{
+ os_strncpy(pwrq->ifr_name, drv->ifname, IFNAMSIZ);
+ return ioctl(drv->sock, request, pwrq);
+}
+
+static int wpa_ndiswrapper_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ struct iwreq priv_req;
+ int ret = 0;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.data.flags = enabled;
+ if (iw_set_ext(drv, WPA_SET_WPA, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int wpa_ndiswrapper_set_key(void *priv, wpa_alg alg, const u8 *addr,
+ int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ struct wpa_key wpa_key;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ wpa_key.alg = alg;
+ wpa_key.addr = addr;
+ wpa_key.key_index = key_idx;
+ wpa_key.set_tx = set_tx;
+ wpa_key.seq = seq;
+ wpa_key.seq_len = seq_len;
+ wpa_key.key = key;
+ wpa_key.key_len = key_len;
+
+ priv_req.u.data.pointer = (void *)&wpa_key;
+ priv_req.u.data.length = sizeof(wpa_key);
+
+ if (iw_set_ext(drv, WPA_SET_KEY, &priv_req) < 0)
+ ret = -1;
+
+ if (alg == WPA_ALG_NONE) {
+ /*
+ * ndiswrapper did not seem to be clearing keys properly in
+ * some cases with WPA_SET_KEY. For example, roaming from WPA
+ * enabled AP to plaintext one seemed to fail since the driver
+ * did not associate. Try to make sure the keys are cleared so
+ * that plaintext APs can be used in all cases.
+ */
+ wpa_driver_wext_set_key(drv->wext, alg, addr, key_idx, set_tx,
+ seq, seq_len, key, key_len);
+ }
+
+ return ret;
+}
+
+static int wpa_ndiswrapper_set_countermeasures(void *priv, int enabled)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.param.value = enabled;
+ if (iw_set_ext(drv, WPA_SET_COUNTERMEASURES, &priv_req) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+static int wpa_ndiswrapper_set_drop_unencrypted(void *priv,
+ int enabled)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.param.value = enabled;
+ if (iw_set_ext(drv, WPA_DROP_UNENCRYPTED, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int wpa_ndiswrapper_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.param.value = reason_code;
+ os_memcpy(&priv_req.u.ap_addr.sa_data, addr, ETH_ALEN);
+ if (iw_set_ext(drv, WPA_DEAUTHENTICATE, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int wpa_ndiswrapper_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ os_memcpy(&priv_req.u.ap_addr.sa_data, addr, ETH_ALEN);
+ if (iw_set_ext(drv, WPA_DISASSOCIATE, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int
+wpa_ndiswrapper_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct wpa_assoc_info wpa_assoc_info;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+ os_memset(&wpa_assoc_info, 0, sizeof(wpa_assoc_info));
+
+ wpa_assoc_info.bssid = params->bssid;
+ wpa_assoc_info.ssid = params->ssid;
+ wpa_assoc_info.ssid_len = params->ssid_len;
+ wpa_assoc_info.freq = params->freq;
+ wpa_assoc_info.wpa_ie = params->wpa_ie;
+ wpa_assoc_info.wpa_ie_len = params->wpa_ie_len;
+ wpa_assoc_info.pairwise_suite = params->pairwise_suite;
+ wpa_assoc_info.group_suite = params->group_suite;
+ wpa_assoc_info.key_mgmt_suite = params->key_mgmt_suite;
+ wpa_assoc_info.auth_alg = params->auth_alg;
+ wpa_assoc_info.mode = params->mode;
+
+ priv_req.u.data.pointer = (void *)&wpa_assoc_info;
+ priv_req.u.data.length = sizeof(wpa_assoc_info);
+
+ if (iw_set_ext(drv, WPA_ASSOCIATE, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int wpa_ndiswrapper_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.param.value = auth_alg;
+ if (iw_set_ext(drv, WPA_SET_AUTH_ALG, &priv_req) < 0)
+ ret = -1;
+ return ret;
+}
+
+static int wpa_ndiswrapper_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_ndiswrapper_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_ndiswrapper_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ return wpa_driver_wext_scan(drv->wext, ssid, ssid_len);
+}
+
+
+static int wpa_ndiswrapper_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_ndiswrapper_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ int ret = 0;
+ struct iwreq priv_req;
+
+ os_memset(&priv_req, 0, sizeof(priv_req));
+
+ priv_req.u.data.pointer = (void *) capa;
+ priv_req.u.data.length = sizeof(*capa);
+ if (iw_set_ext(drv, WPA_GET_CAPA, &priv_req) < 0)
+ ret = -1;
+ return ret;
+
+}
+
+
+static int wpa_ndiswrapper_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_ndiswrapper_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_ndiswrapper_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL) {
+ os_free(drv);
+ return NULL;
+ }
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = get_socket();
+ if (drv->sock < 0) {
+ wpa_driver_wext_deinit(drv->wext);
+ os_free(drv);
+ return NULL;
+ }
+
+ return drv;
+}
+
+
+static void wpa_ndiswrapper_deinit(void *priv)
+{
+ struct wpa_driver_ndiswrapper_data *drv = priv;
+ wpa_driver_wext_deinit(drv->wext);
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_ndiswrapper_ops = {
+ .name = "ndiswrapper",
+ .desc = "Linux ndiswrapper",
+ .set_wpa = wpa_ndiswrapper_set_wpa,
+ .set_key = wpa_ndiswrapper_set_key,
+ .set_countermeasures = wpa_ndiswrapper_set_countermeasures,
+ .set_drop_unencrypted = wpa_ndiswrapper_set_drop_unencrypted,
+ .deauthenticate = wpa_ndiswrapper_deauthenticate,
+ .disassociate = wpa_ndiswrapper_disassociate,
+ .associate = wpa_ndiswrapper_associate,
+ .set_auth_alg = wpa_ndiswrapper_set_auth_alg,
+
+ .get_bssid = wpa_ndiswrapper_get_bssid,
+ .get_ssid = wpa_ndiswrapper_get_ssid,
+ .scan = wpa_ndiswrapper_scan,
+ .get_scan_results = wpa_ndiswrapper_get_scan_results,
+ .init = wpa_ndiswrapper_init,
+ .deinit = wpa_ndiswrapper_deinit,
+ .get_capa = wpa_ndiswrapper_get_capa,
+ .set_operstate = wpa_ndiswrapper_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with Linux Prism54.org driver
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Luis R. Rodriguez <mcgrof@ruslug.rutgers.edu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "driver_wext.h"
+#include "driver_hostap.h"
+#include "l2_packet.h"
+#include "wpa_supplicant.h"
+
+struct wpa_driver_prism54_data {
+ void *wext; /* private data for driver_wext */
+ void *ctx;
+ char ifname[IFNAMSIZ + 1];
+ int sock;
+};
+
+#define PRISM54_SET_WPA SIOCIWFIRSTPRIV+12
+#define PRISM54_HOSTAPD SIOCIWFIRSTPRIV+25
+#define PRISM54_DROP_UNENCRYPTED SIOCIWFIRSTPRIV+26
+
+static void show_set_key_error(struct prism2_hostapd_param *);
+
+static int hostapd_ioctl_prism54(struct wpa_driver_prism54_data *drv,
+ struct prism2_hostapd_param *param,
+ int len, int show_err)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) param;
+ iwr.u.data.length = len;
+
+ if (ioctl(drv->sock, PRISM54_HOSTAPD, &iwr) < 0) {
+ int ret = errno;
+ if (show_err)
+ perror("ioctl[PRISM54_HOSTAPD]");
+ return ret;
+ }
+
+ return 0;
+}
+
+
+static int wpa_driver_prism54_set_wpa_ie(struct wpa_driver_prism54_data *drv,
+ const u8 *wpa_ie,
+ size_t wpa_ie_len)
+{
+ struct prism2_hostapd_param *param;
+ int res;
+ size_t blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN + wpa_ie_len;
+ if (blen < sizeof(*param))
+ blen = sizeof(*param);
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = PRISM2_HOSTAPD_SET_GENERIC_ELEMENT;
+ param->u.generic_elem.len = wpa_ie_len;
+ os_memcpy(param->u.generic_elem.data, wpa_ie, wpa_ie_len);
+ res = hostapd_ioctl_prism54(drv, param, blen, 1);
+
+ os_free(param);
+
+ return res;
+}
+
+
+/* This is called at wpa_supplicant daemon init time */
+static int wpa_driver_prism54_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ struct prism2_hostapd_param *param;
+ int res;
+ size_t blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN;
+ if (blen < sizeof(*param))
+ blen = sizeof(*param);
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = PRISM54_SET_WPA;
+ param->u.generic_elem.len = 0;
+ res = hostapd_ioctl_prism54(drv, param, blen, 1);
+
+ os_free(param);
+
+ return res;
+}
+
+
+static int wpa_driver_prism54_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ struct prism2_hostapd_param *param;
+ u8 *buf;
+ size_t blen;
+ int ret = 0;
+ char *alg_name;
+
+ switch (alg) {
+ case WPA_ALG_NONE:
+ alg_name = "none";
+ return -1;
+ break;
+ case WPA_ALG_WEP:
+ alg_name = "WEP";
+ return -1;
+ break;
+ case WPA_ALG_TKIP:
+ alg_name = "TKIP";
+ break;
+ case WPA_ALG_CCMP:
+ alg_name = "CCMP";
+ return -1;
+ break;
+ default:
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ if (seq_len > 8)
+ return -2;
+
+ blen = sizeof(*param) + key_len;
+ buf = os_zalloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ param = (struct prism2_hostapd_param *) buf;
+ param->cmd = PRISM2_SET_ENCRYPTION;
+ /* TODO: In theory, STA in client mode can use five keys; four default
+ * keys for receiving (with keyidx 0..3) and one individual key for
+ * both transmitting and receiving (keyidx 0) _unicast_ packets. Now,
+ * keyidx 0 is reserved for this unicast use and default keys can only
+ * use keyidx 1..3 (i.e., default key with keyidx 0 is not supported).
+ * This should be fine for more or less all cases, but for completeness
+ * sake, the driver could be enhanced to support the missing key. */
+#if 0
+ if (addr == NULL)
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+ else
+ os_memcpy(param->sta_addr, addr, ETH_ALEN);
+#else
+ os_memset(param->sta_addr, 0xff, ETH_ALEN);
+#endif
+ os_strncpy((char *) param->u.crypt.alg, alg_name,
+ HOSTAP_CRYPT_ALG_NAME_LEN);
+ param->u.crypt.flags = set_tx ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
+ param->u.crypt.idx = key_idx;
+ os_memcpy(param->u.crypt.seq, seq, seq_len);
+ param->u.crypt.key_len = key_len;
+ os_memcpy((u8 *) (param + 1), key, key_len);
+
+ if (hostapd_ioctl_prism54(drv, param, blen, 1)) {
+ wpa_printf(MSG_WARNING, "Failed to set encryption.");
+ show_set_key_error(param);
+ ret = -1;
+ }
+ os_free(buf);
+
+ return ret;
+}
+
+
+static int wpa_driver_prism54_set_countermeasures(void *priv,
+ int enabled)
+{
+ /* FIX */
+ printf("wpa_driver_prism54_set_countermeasures - not yet "
+ "implemented\n");
+ return 0;
+}
+
+
+static int wpa_driver_prism54_set_drop_unencrypted(void *priv,
+ int enabled)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ struct prism2_hostapd_param *param;
+ int res;
+ size_t blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN;
+ if (blen < sizeof(*param))
+ blen = sizeof(*param);
+
+ param = os_zalloc(blen);
+ if (param == NULL)
+ return -1;
+
+ param->cmd = PRISM54_DROP_UNENCRYPTED;
+ param->u.generic_elem.len = 0;
+ res = hostapd_ioctl_prism54(drv, param, blen, 1);
+
+ os_free(param);
+
+ return res;
+}
+
+
+static int wpa_driver_prism54_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ /* FIX */
+ printf("wpa_driver_prism54_deauthenticate - not yet implemented\n");
+ return 0;
+}
+
+
+static int wpa_driver_prism54_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ /* FIX */
+ printf("wpa_driver_prism54_disassociate - not yet implemented\n");
+ return 0;
+}
+
+
+static int
+wpa_driver_prism54_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ int ret = 0;
+
+ if (wpa_driver_prism54_set_wpa_ie(drv, params->wpa_ie,
+ params->wpa_ie_len) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_freq(drv->wext, params->freq) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
+ params->ssid_len) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_bssid(drv->wext, params->bssid) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+static void show_set_key_error(struct prism2_hostapd_param *param)
+{
+ switch (param->u.crypt.err) {
+ case HOSTAP_CRYPT_ERR_UNKNOWN_ALG:
+ wpa_printf(MSG_INFO, "Unknown algorithm '%s'.",
+ param->u.crypt.alg);
+ wpa_printf(MSG_INFO, "You may need to load kernel module to "
+ "register that algorithm.");
+ wpa_printf(MSG_INFO, "E.g., 'modprobe hostap_crypt_wep' for "
+ "WEP.");
+ break;
+ case HOSTAP_CRYPT_ERR_UNKNOWN_ADDR:
+ wpa_printf(MSG_INFO, "Unknown address " MACSTR ".",
+ MAC2STR(param->sta_addr));
+ break;
+ case HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED:
+ wpa_printf(MSG_INFO, "Crypt algorithm initialization failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "Key setting failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED:
+ wpa_printf(MSG_INFO, "TX key index setting failed.");
+ break;
+ case HOSTAP_CRYPT_ERR_CARD_CONF_FAILED:
+ wpa_printf(MSG_INFO, "Card configuration failed.");
+ break;
+ }
+}
+
+
+static int wpa_driver_prism54_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ return wpa_driver_wext_get_bssid(drv->wext, bssid);
+}
+
+
+static int wpa_driver_prism54_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ return wpa_driver_wext_get_ssid(drv->wext, ssid);
+}
+
+
+static int wpa_driver_prism54_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ return wpa_driver_wext_scan(drv->wext, ssid, ssid_len);
+}
+
+
+static int wpa_driver_prism54_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ return wpa_driver_wext_get_scan_results(drv->wext, results, max_size);
+}
+
+
+static int wpa_driver_prism54_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ return wpa_driver_wext_set_operstate(drv->wext, state);
+}
+
+
+static void * wpa_driver_prism54_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_prism54_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->wext = wpa_driver_wext_init(ctx, ifname);
+ if (drv->wext == NULL) {
+ os_free(drv);
+ return NULL;
+ }
+
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->sock < 0) {
+ wpa_driver_wext_deinit(drv->wext);
+ os_free(drv);
+ return NULL;
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_prism54_deinit(void *priv)
+{
+ struct wpa_driver_prism54_data *drv = priv;
+ wpa_driver_wext_deinit(drv->wext);
+ close(drv->sock);
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_prism54_ops = {
+ .name = "prism54",
+ .desc = "Prism54.org driver (Intersil Prism GT/Duette/Indigo)",
+ .get_bssid = wpa_driver_prism54_get_bssid,
+ .get_ssid = wpa_driver_prism54_get_ssid,
+ .set_wpa = wpa_driver_prism54_set_wpa,
+ .set_key = wpa_driver_prism54_set_key,
+ .set_countermeasures = wpa_driver_prism54_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_prism54_set_drop_unencrypted,
+ .scan = wpa_driver_prism54_scan,
+ .get_scan_results = wpa_driver_prism54_get_scan_results,
+ .deauthenticate = wpa_driver_prism54_deauthenticate,
+ .disassociate = wpa_driver_prism54_disassociate,
+ .associate = wpa_driver_prism54_associate,
+ .init = wpa_driver_prism54_init,
+ .deinit = wpa_driver_prism54_deinit,
+ .set_operstate = wpa_driver_prism54_set_operstate,
+};
--- /dev/null
+/*
+ * WPA Supplicant - testing driver interface
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/un.h>
+#include <dirent.h>
+#include <sys/stat.h>
+
+#include "common.h"
+#include "driver.h"
+#include "wpa_supplicant.h"
+#include "l2_packet.h"
+#include "eloop.h"
+#include "sha1.h"
+#include "wpa.h"
+#include "mlme.h"
+
+
+struct wpa_driver_test_data {
+ void *ctx;
+ u8 own_addr[ETH_ALEN];
+ int test_socket;
+ struct sockaddr_un hostapd_addr;
+ int hostapd_addr_set;
+ char *own_socket_path;
+ char *test_dir;
+ u8 bssid[ETH_ALEN];
+ u8 ssid[32];
+ size_t ssid_len;
+#define MAX_SCAN_RESULTS 30
+ struct wpa_scan_result scanres[MAX_SCAN_RESULTS];
+ size_t num_scanres;
+ int use_associnfo;
+ u8 assoc_wpa_ie[80];
+ size_t assoc_wpa_ie_len;
+ int use_mlme;
+};
+
+
+static int wpa_driver_test_set_wpa(void *priv, int enabled)
+{
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+ return 0;
+}
+
+
+static void wpa_driver_test_scan_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
+ wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
+}
+
+
+static void wpa_driver_scan_dir(struct wpa_driver_test_data *drv,
+ const char *path)
+{
+ struct dirent *dent;
+ DIR *dir;
+ struct sockaddr_un addr;
+
+ dir = opendir(path);
+ if (dir == NULL)
+ return;
+
+ while ((dent = readdir(dir))) {
+ if (os_strncmp(dent->d_name, "AP-", 3) != 0)
+ continue;
+ wpa_printf(MSG_DEBUG, "%s: SCAN %s", __func__, dent->d_name);
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
+ path, dent->d_name);
+
+ if (sendto(drv->test_socket, "SCAN", 4, 0,
+ (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ perror("sendto(test_socket)");
+ }
+ }
+ closedir(dir);
+}
+
+
+static int wpa_driver_test_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: priv=%p", __func__, priv);
+
+ drv->num_scanres = 0;
+
+ if (drv->test_socket >= 0 && drv->test_dir)
+ wpa_driver_scan_dir(drv, drv->test_dir);
+
+ if (drv->test_socket >= 0 && drv->hostapd_addr_set &&
+ sendto(drv->test_socket, "SCAN", 4, 0,
+ (struct sockaddr *) &drv->hostapd_addr,
+ sizeof(drv->hostapd_addr)) < 0) {
+ perror("sendto(test_socket)");
+ }
+
+ eloop_cancel_timeout(wpa_driver_test_scan_timeout, drv, drv->ctx);
+ eloop_register_timeout(1, 0, wpa_driver_test_scan_timeout, drv,
+ drv->ctx);
+ return 0;
+}
+
+
+static int wpa_driver_test_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_test_data *drv = priv;
+ size_t num = drv->num_scanres;
+ if (num > max_size)
+ num = max_size;
+ os_memcpy(results, &drv->scanres,
+ num * sizeof(struct wpa_scan_result));
+ return num;
+}
+
+
+static int wpa_driver_test_set_key(void *priv, wpa_alg alg, const u8 *addr,
+ int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ wpa_printf(MSG_DEBUG, "%s: priv=%p alg=%d key_idx=%d set_tx=%d",
+ __func__, priv, alg, key_idx, set_tx);
+ if (addr) {
+ wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
+ }
+ if (seq) {
+ wpa_hexdump(MSG_DEBUG, " seq", seq, seq_len);
+ }
+ if (key) {
+ wpa_hexdump(MSG_DEBUG, " key", key, key_len);
+ }
+ return 0;
+}
+
+
+static int wpa_driver_test_associate(
+ void *priv, struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d "
+ "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d",
+ __func__, priv, params->freq, params->pairwise_suite,
+ params->group_suite, params->key_mgmt_suite,
+ params->auth_alg, params->mode);
+ if (params->bssid) {
+ wpa_printf(MSG_DEBUG, " bssid=" MACSTR,
+ MAC2STR(params->bssid));
+ }
+ if (params->ssid) {
+ wpa_hexdump_ascii(MSG_DEBUG, " ssid",
+ params->ssid, params->ssid_len);
+ }
+ if (params->wpa_ie) {
+ wpa_hexdump(MSG_DEBUG, " wpa_ie",
+ params->wpa_ie, params->wpa_ie_len);
+ drv->assoc_wpa_ie_len = params->wpa_ie_len;
+ if (drv->assoc_wpa_ie_len > sizeof(drv->assoc_wpa_ie))
+ drv->assoc_wpa_ie_len = sizeof(drv->assoc_wpa_ie);
+ os_memcpy(drv->assoc_wpa_ie, params->wpa_ie,
+ drv->assoc_wpa_ie_len);
+ } else
+ drv->assoc_wpa_ie_len = 0;
+
+ if (drv->test_dir && params->bssid) {
+ os_memset(&drv->hostapd_addr, 0, sizeof(drv->hostapd_addr));
+ drv->hostapd_addr.sun_family = AF_UNIX;
+ os_snprintf(drv->hostapd_addr.sun_path,
+ sizeof(drv->hostapd_addr.sun_path),
+ "%s/AP-" MACSTR,
+ drv->test_dir, MAC2STR(params->bssid));
+ drv->hostapd_addr_set = 1;
+ }
+
+ if (drv->test_socket >= 0 && drv->hostapd_addr_set) {
+ char cmd[200], *pos, *end;
+ int ret;
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, "ASSOC " MACSTR " ",
+ MAC2STR(drv->own_addr));
+ if (ret >= 0 && ret < end - pos)
+ pos += ret;
+ pos += wpa_snprintf_hex(pos, end - pos, params->ssid,
+ params->ssid_len);
+ ret = os_snprintf(pos, end - pos, " ");
+ if (ret >= 0 && ret < end - pos)
+ pos += ret;
+ pos += wpa_snprintf_hex(pos, end - pos, params->wpa_ie,
+ params->wpa_ie_len);
+ end[-1] = '\0';
+ if (sendto(drv->test_socket, cmd, os_strlen(cmd), 0,
+ (struct sockaddr *) &drv->hostapd_addr,
+ sizeof(drv->hostapd_addr)) < 0) {
+ perror("sendto(test_socket)");
+ return -1;
+ }
+
+ os_memcpy(drv->ssid, params->ssid, params->ssid_len);
+ drv->ssid_len = params->ssid_len;
+ } else
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
+
+ return 0;
+}
+
+
+static int wpa_driver_test_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_test_data *drv = priv;
+ os_memcpy(bssid, drv->bssid, ETH_ALEN);
+ return 0;
+}
+
+
+static int wpa_driver_test_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_test_data *drv = priv;
+ os_memcpy(ssid, drv->ssid, 32);
+ return drv->ssid_len;
+}
+
+
+static int wpa_driver_test_send_disassoc(struct wpa_driver_test_data *drv)
+{
+ if (drv->test_socket >= 0 &&
+ sendto(drv->test_socket, "DISASSOC", 8, 0,
+ (struct sockaddr *) &drv->hostapd_addr,
+ sizeof(drv->hostapd_addr)) < 0) {
+ perror("sendto(test_socket)");
+ return -1;
+ }
+ return 0;
+}
+
+
+static int wpa_driver_test_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
+ __func__, MAC2STR(addr), reason_code);
+ os_memset(drv->bssid, 0, ETH_ALEN);
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+ return wpa_driver_test_send_disassoc(drv);
+}
+
+
+static int wpa_driver_test_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
+ __func__, MAC2STR(addr), reason_code);
+ os_memset(drv->bssid, 0, ETH_ALEN);
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+ return wpa_driver_test_send_disassoc(drv);
+}
+
+
+static void wpa_driver_test_scanresp(struct wpa_driver_test_data *drv,
+ struct sockaddr_un *from,
+ socklen_t fromlen,
+ const char *data)
+{
+ struct wpa_scan_result *res;
+ const char *pos, *pos2;
+ size_t len;
+ u8 ie[200], *ipos, *end;
+
+ wpa_printf(MSG_DEBUG, "test_driver: SCANRESP %s", data);
+ if (drv->num_scanres >= MAX_SCAN_RESULTS) {
+ wpa_printf(MSG_DEBUG, "test_driver: No room for the new scan "
+ "result");
+ return;
+ }
+
+ /* SCANRESP BSSID SSID IEs */
+ res = &drv->scanres[drv->num_scanres];
+
+ os_memset(res, 0, sizeof(*res));
+ if (hwaddr_aton(data, res->bssid)) {
+ wpa_printf(MSG_DEBUG, "test_driver: invalid BSSID in scanres");
+ return;
+ }
+
+ pos = data + 17;
+ while (*pos == ' ')
+ pos++;
+ pos2 = os_strchr(pos, ' ');
+ if (pos2 == NULL) {
+ wpa_printf(MSG_DEBUG, "test_driver: invalid SSID termination "
+ "in scanres");
+ return;
+ }
+ len = (pos2 - pos) / 2;
+ if (len > sizeof(res->ssid))
+ len = sizeof(res->ssid);
+ if (hexstr2bin(pos, res->ssid, len) < 0) {
+ wpa_printf(MSG_DEBUG, "test_driver: invalid SSID in scanres");
+ return;
+ }
+ res->ssid_len = len;
+
+ pos = pos2 + 1;
+ pos2 = os_strchr(pos, ' ');
+ if (pos2 == NULL)
+ len = os_strlen(pos) / 2;
+ else
+ len = (pos2 - pos) / 2;
+ if (len > sizeof(ie))
+ len = sizeof(ie);
+ if (hexstr2bin(pos, ie, len) < 0) {
+ wpa_printf(MSG_DEBUG, "test_driver: invalid IEs in scanres");
+ return;
+ }
+
+ ipos = ie;
+ end = ipos + len;
+ while (ipos + 1 < end && ipos + 2 + ipos[1] <= end) {
+ len = 2 + ipos[1];
+ if (len > SSID_MAX_WPA_IE_LEN)
+ len = SSID_MAX_WPA_IE_LEN;
+ if (ipos[0] == RSN_INFO_ELEM) {
+ os_memcpy(res->rsn_ie, ipos, len);
+ res->rsn_ie_len = len;
+ } else if (ipos[0] == GENERIC_INFO_ELEM) {
+ os_memcpy(res->wpa_ie, ipos, len);
+ res->wpa_ie_len = len;
+ }
+
+ ipos += 2 + ipos[1];
+ }
+
+ if (pos2) {
+ pos = pos2 + 1;
+ while (*pos == ' ')
+ pos++;
+ if (os_strncmp(pos, "PRIVACY", 7) == 0)
+ res->caps |= IEEE80211_CAP_PRIVACY;
+ }
+
+ drv->num_scanres++;
+}
+
+
+static void wpa_driver_test_assocresp(struct wpa_driver_test_data *drv,
+ struct sockaddr_un *from,
+ socklen_t fromlen,
+ const char *data)
+{
+ /* ASSOCRESP BSSID <res> */
+ if (hwaddr_aton(data, drv->bssid)) {
+ wpa_printf(MSG_DEBUG, "test_driver: invalid BSSID in "
+ "assocresp");
+ }
+ if (drv->use_associnfo) {
+ union wpa_event_data event;
+ os_memset(&event, 0, sizeof(event));
+ event.assoc_info.req_ies = drv->assoc_wpa_ie;
+ event.assoc_info.req_ies_len = drv->assoc_wpa_ie_len;
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &event);
+ }
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
+}
+
+
+static void wpa_driver_test_disassoc(struct wpa_driver_test_data *drv,
+ struct sockaddr_un *from,
+ socklen_t fromlen)
+{
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+}
+
+
+static void wpa_driver_test_eapol(struct wpa_driver_test_data *drv,
+ struct sockaddr_un *from,
+ socklen_t fromlen,
+ const u8 *data, size_t data_len)
+{
+ const u8 *src = drv->bssid;
+
+ if (data_len > 14) {
+ /* Skip Ethernet header */
+ src = data + ETH_ALEN;
+ data += 14;
+ data_len -= 14;
+ }
+ wpa_supplicant_rx_eapol(drv->ctx, src, data, data_len);
+}
+
+
+static void wpa_driver_test_mlme(struct wpa_driver_test_data *drv,
+ struct sockaddr_un *from,
+ socklen_t fromlen,
+ const u8 *data, size_t data_len)
+{
+ struct ieee80211_rx_status rx_status;
+ os_memset(&rx_status, 0, sizeof(rx_status));
+ ieee80211_sta_rx(drv->ctx, data, data_len, &rx_status);
+}
+
+
+static void wpa_driver_test_receive_unix(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_driver_test_data *drv = eloop_ctx;
+ char *buf;
+ int res;
+ struct sockaddr_un from;
+ socklen_t fromlen = sizeof(from);
+ const size_t buflen = 2000;
+
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return;
+ res = recvfrom(sock, buf, buflen - 1, 0,
+ (struct sockaddr *) &from, &fromlen);
+ if (res < 0) {
+ perror("recvfrom(test_socket)");
+ os_free(buf);
+ return;
+ }
+ buf[res] = '\0';
+
+ wpa_printf(MSG_DEBUG, "test_driver: received %u bytes", res);
+
+ if (os_strncmp(buf, "SCANRESP ", 9) == 0) {
+ wpa_driver_test_scanresp(drv, &from, fromlen, buf + 9);
+ } else if (os_strncmp(buf, "ASSOCRESP ", 10) == 0) {
+ wpa_driver_test_assocresp(drv, &from, fromlen, buf + 10);
+ } else if (os_strcmp(buf, "DISASSOC") == 0) {
+ wpa_driver_test_disassoc(drv, &from, fromlen);
+ } else if (os_strcmp(buf, "DEAUTH") == 0) {
+ wpa_driver_test_disassoc(drv, &from, fromlen);
+ } else if (os_strncmp(buf, "EAPOL ", 6) == 0) {
+ wpa_driver_test_eapol(drv, &from, fromlen,
+ (const u8 *) buf + 6, res - 6);
+ } else if (os_strncmp(buf, "MLME ", 5) == 0) {
+ wpa_driver_test_mlme(drv, &from, fromlen,
+ (const u8 *) buf + 5, res - 5);
+ } else {
+ wpa_hexdump_ascii(MSG_DEBUG, "Unknown test_socket command",
+ (u8 *) buf, res);
+ }
+ os_free(buf);
+}
+
+
+static void * wpa_driver_test_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_test_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->ctx = ctx;
+ drv->test_socket = -1;
+
+ /* Set dummy BSSID and SSID for testing. */
+ drv->bssid[0] = 0x02;
+ drv->bssid[1] = 0x00;
+ drv->bssid[2] = 0x00;
+ drv->bssid[3] = 0x00;
+ drv->bssid[4] = 0x00;
+ drv->bssid[5] = 0x01;
+ os_memcpy(drv->ssid, "test", 5);
+ drv->ssid_len = 4;
+
+ /* Generate a MAC address to help testing with multiple STAs */
+ drv->own_addr[0] = 0x02; /* locally administered */
+ sha1_prf((const u8 *) ifname, os_strlen(ifname),
+ "wpa_supplicant test mac addr generation",
+ NULL, 0, drv->own_addr + 1, ETH_ALEN - 1);
+
+ return drv;
+}
+
+
+static void wpa_driver_test_close_test_socket(struct wpa_driver_test_data *drv)
+{
+ if (drv->test_socket >= 0) {
+ eloop_unregister_read_sock(drv->test_socket);
+ close(drv->test_socket);
+ drv->test_socket = -1;
+ }
+
+ if (drv->own_socket_path) {
+ unlink(drv->own_socket_path);
+ os_free(drv->own_socket_path);
+ drv->own_socket_path = NULL;
+ }
+}
+
+
+static void wpa_driver_test_deinit(void *priv)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_driver_test_close_test_socket(drv);
+ eloop_cancel_timeout(wpa_driver_test_scan_timeout, drv, drv->ctx);
+ os_free(drv->test_dir);
+ os_free(drv);
+}
+
+
+static int wpa_driver_test_attach(struct wpa_driver_test_data *drv,
+ const char *dir)
+{
+ static unsigned int counter = 0;
+ struct sockaddr_un addr;
+ size_t len;
+
+ os_free(drv->own_socket_path);
+ if (dir) {
+ len = os_strlen(dir) + 30;
+ drv->own_socket_path = os_malloc(len);
+ if (drv->own_socket_path == NULL)
+ return -1;
+ os_snprintf(drv->own_socket_path, len, "%s/STA-" MACSTR,
+ dir, MAC2STR(drv->own_addr));
+ } else {
+ drv->own_socket_path = os_malloc(100);
+ if (drv->own_socket_path == NULL)
+ return -1;
+ os_snprintf(drv->own_socket_path, 100,
+ "/tmp/wpa_supplicant_test-%d-%d",
+ getpid(), counter++);
+ }
+
+ drv->test_socket = socket(PF_UNIX, SOCK_DGRAM, 0);
+ if (drv->test_socket < 0) {
+ perror("socket(PF_UNIX)");
+ os_free(drv->own_socket_path);
+ drv->own_socket_path = NULL;
+ return -1;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_strncpy(addr.sun_path, drv->own_socket_path, sizeof(addr.sun_path));
+ if (bind(drv->test_socket, (struct sockaddr *) &addr,
+ sizeof(addr)) < 0) {
+ perror("bind(PF_UNIX)");
+ close(drv->test_socket);
+ unlink(drv->own_socket_path);
+ os_free(drv->own_socket_path);
+ drv->own_socket_path = NULL;
+ return -1;
+ }
+
+ eloop_register_read_sock(drv->test_socket,
+ wpa_driver_test_receive_unix, drv, NULL);
+
+ return 0;
+}
+
+
+static int wpa_driver_test_set_param(void *priv, const char *param)
+{
+ struct wpa_driver_test_data *drv = priv;
+ const char *pos, *pos2;
+ size_t len;
+
+ wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
+ if (param == NULL)
+ return 0;
+
+ wpa_driver_test_close_test_socket(drv);
+ pos = os_strstr(param, "test_socket=");
+ if (pos) {
+ pos += 12;
+ pos2 = os_strchr(pos, ' ');
+ if (pos2)
+ len = pos2 - pos;
+ else
+ len = os_strlen(pos);
+ if (len > sizeof(drv->hostapd_addr.sun_path))
+ return -1;
+ os_memset(&drv->hostapd_addr, 0, sizeof(drv->hostapd_addr));
+ drv->hostapd_addr.sun_family = AF_UNIX;
+ os_memcpy(drv->hostapd_addr.sun_path, pos, len);
+ drv->hostapd_addr_set = 1;
+ }
+
+ pos = os_strstr(param, "test_dir=");
+ if (pos) {
+ char *end;
+ os_free(drv->test_dir);
+ drv->test_dir = os_strdup(pos + 9);
+ if (drv->test_dir == NULL)
+ return -1;
+ end = os_strchr(drv->test_dir, ' ');
+ if (end)
+ *end = '\0';
+ wpa_driver_test_attach(drv, drv->test_dir);
+ } else
+ wpa_driver_test_attach(drv, NULL);
+
+ if (os_strstr(param, "use_associnfo=1")) {
+ wpa_printf(MSG_DEBUG, "test_driver: Use AssocInfo events");
+ drv->use_associnfo = 1;
+ }
+
+#ifdef CONFIG_CLIENT_MLME
+ if (os_strstr(param, "use_mlme=1")) {
+ wpa_printf(MSG_DEBUG, "test_driver: Use internal MLME");
+ drv->use_mlme = 1;
+ }
+#endif /* CONFIG_CLIENT_MLME */
+
+ return 0;
+}
+
+
+static const u8 * wpa_driver_test_get_mac_addr(void *priv)
+{
+ struct wpa_driver_test_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+ return drv->own_addr;
+}
+
+
+static int wpa_driver_test_send_eapol(void *priv, const u8 *dest, u16 proto,
+ const u8 *data, size_t data_len)
+{
+ struct wpa_driver_test_data *drv = priv;
+ struct msghdr msg;
+ struct iovec io[3];
+ struct l2_ethhdr eth;
+ struct sockaddr_un addr;
+
+ wpa_hexdump(MSG_MSGDUMP, "test_send_eapol TX frame", data, data_len);
+
+ os_memset(ð, 0, sizeof(eth));
+ os_memcpy(eth.h_dest, dest, ETH_ALEN);
+ os_memcpy(eth.h_source, drv->own_addr, ETH_ALEN);
+ eth.h_proto = host_to_be16(proto);
+
+ io[0].iov_base = "EAPOL ";
+ io[0].iov_len = 6;
+ io[1].iov_base = (u8 *) ð
+ io[1].iov_len = sizeof(eth);
+ io[2].iov_base = (u8 *) data;
+ io[2].iov_len = data_len;
+
+ os_memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 3;
+ if (os_memcmp(dest, drv->bssid, ETH_ALEN) == 0 ||
+ drv->test_dir == NULL) {
+ msg.msg_name = &drv->hostapd_addr;
+ msg.msg_namelen = sizeof(drv->hostapd_addr);
+ } else {
+ struct stat st;
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path),
+ "%s/STA-" MACSTR, drv->test_dir, MAC2STR(dest));
+ if (stat(addr.sun_path, &st) < 0) {
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path),
+ "%s/AP-" MACSTR,
+ drv->test_dir, MAC2STR(dest));
+ }
+ msg.msg_name = &addr;
+ msg.msg_namelen = sizeof(addr);
+ }
+
+ if (sendmsg(drv->test_socket, &msg, 0) < 0) {
+ perror("sendmsg(test_socket)");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_driver_test_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ struct wpa_driver_test_data *drv = priv;
+ os_memset(capa, 0, sizeof(*capa));
+ capa->key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE;
+ capa->enc = WPA_DRIVER_CAPA_ENC_WEP40 |
+ WPA_DRIVER_CAPA_ENC_WEP104 |
+ WPA_DRIVER_CAPA_ENC_TKIP |
+ WPA_DRIVER_CAPA_ENC_CCMP;
+ capa->auth = WPA_DRIVER_AUTH_OPEN |
+ WPA_DRIVER_AUTH_SHARED |
+ WPA_DRIVER_AUTH_LEAP;
+ if (drv->use_mlme)
+ capa->flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
+
+ return 0;
+}
+
+
+static int wpa_driver_test_mlme_setprotection(void *priv, const u8 *addr,
+ int protect_type,
+ int key_type)
+{
+ wpa_printf(MSG_DEBUG, "%s: protect_type=%d key_type=%d",
+ __func__, protect_type, key_type);
+
+ if (addr) {
+ wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR,
+ __func__, MAC2STR(addr));
+ }
+
+ return 0;
+}
+
+
+#ifdef CONFIG_CLIENT_MLME
+static struct wpa_hw_modes *
+wpa_driver_test_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
+{
+ struct wpa_hw_modes *modes;
+
+ *num_modes = 1;
+ *flags = 0;
+ modes = os_zalloc(*num_modes * sizeof(struct wpa_hw_modes));
+ if (modes == NULL)
+ return NULL;
+ modes[0].mode = WPA_MODE_IEEE80211G;
+ modes[0].num_channels = 1;
+ modes[0].num_rates = 1;
+ modes[0].channels = os_zalloc(sizeof(struct wpa_channel_data));
+ modes[0].rates = os_zalloc(sizeof(struct wpa_rate_data));
+ if (modes[0].channels == NULL || modes[0].rates == NULL) {
+ ieee80211_sta_free_hw_features(modes, *num_modes);
+ return NULL;
+ }
+ modes[0].channels[0].chan = 1;
+ modes[0].channels[0].freq = 2412;
+ modes[0].channels[0].flag = WPA_CHAN_W_SCAN | WPA_CHAN_W_ACTIVE_SCAN;
+ modes[0].rates[0].rate = 10;
+ modes[0].rates[0].flags = WPA_RATE_BASIC | WPA_RATE_SUPPORTED |
+ WPA_RATE_CCK | WPA_RATE_MANDATORY;
+
+ return modes;
+}
+
+
+int wpa_driver_test_set_channel(void *priv, wpa_hw_mode phymode, int chan,
+ int freq)
+{
+ wpa_printf(MSG_DEBUG, "%s: phymode=%d chan=%d freq=%d",
+ __func__, phymode, chan, freq);
+ return 0;
+}
+
+
+static int wpa_driver_test_send_mlme(void *priv, const u8 *data,
+ size_t data_len)
+{
+ struct wpa_driver_test_data *drv = priv;
+ struct msghdr msg;
+ struct iovec io[2];
+ struct sockaddr_un addr;
+ const u8 *dest;
+ struct dirent *dent;
+ DIR *dir;
+
+ wpa_hexdump(MSG_MSGDUMP, "test_send_mlme", data, data_len);
+ if (data_len < 10)
+ return -1;
+ dest = data + 4;
+
+ io[0].iov_base = "MLME ";
+ io[0].iov_len = 5;
+ io[1].iov_base = (u8 *) data;
+ io[1].iov_len = data_len;
+
+ os_memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 2;
+ if (os_memcmp(dest, drv->bssid, ETH_ALEN) == 0 ||
+ drv->test_dir == NULL) {
+ msg.msg_name = &drv->hostapd_addr;
+ msg.msg_namelen = sizeof(drv->hostapd_addr);
+ } else if (os_memcmp(dest, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
+ {
+ dir = opendir(drv->test_dir);
+ if (dir == NULL)
+ return -1;
+ while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+ /* Skip the file if it is not a socket.
+ * Also accept DT_UNKNOWN (0) in case
+ * the C library or underlying file
+ * system does not support d_type. */
+ if (dent->d_type != DT_SOCK &&
+ dent->d_type != DT_UNKNOWN)
+ continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+ if (os_strcmp(dent->d_name, ".") == 0 ||
+ os_strcmp(dent->d_name, "..") == 0)
+ continue;
+ wpa_printf(MSG_DEBUG, "%s: Send broadcast MLME to %s",
+ __func__, dent->d_name);
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path),
+ "%s/%s", drv->test_dir, dent->d_name);
+
+ msg.msg_name = &addr;
+ msg.msg_namelen = sizeof(addr);
+
+ if (sendmsg(drv->test_socket, &msg, 0) < 0)
+ perror("sendmsg(test_socket)");
+ }
+ closedir(dir);
+ return 0;
+ } else {
+ struct stat st;
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path),
+ "%s/AP-" MACSTR, drv->test_dir, MAC2STR(dest));
+ if (stat(addr.sun_path, &st) < 0) {
+ os_snprintf(addr.sun_path, sizeof(addr.sun_path),
+ "%s/STA-" MACSTR,
+ drv->test_dir, MAC2STR(dest));
+ }
+ msg.msg_name = &addr;
+ msg.msg_namelen = sizeof(addr);
+ }
+
+ if (sendmsg(drv->test_socket, &msg, 0) < 0) {
+ perror("sendmsg(test_socket)");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_driver_test_mlme_add_sta(void *priv, const u8 *addr,
+ const u8 *supp_rates,
+ size_t supp_rates_len)
+{
+ wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR, __func__, MAC2STR(addr));
+ return 0;
+}
+
+
+static int wpa_driver_test_mlme_remove_sta(void *priv, const u8 *addr)
+{
+ wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR, __func__, MAC2STR(addr));
+ return 0;
+}
+
+
+int wpa_driver_test_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+ return 0;
+}
+
+
+int wpa_driver_test_set_bssid(void *priv, const u8 *bssid)
+{
+ wpa_printf(MSG_DEBUG, "%s: bssid=" MACSTR, __func__, MAC2STR(bssid));
+ return 0;
+}
+#endif /* CONFIG_CLIENT_MLME */
+
+
+const struct wpa_driver_ops wpa_driver_test_ops = {
+ "test",
+ "wpa_supplicant test driver",
+ wpa_driver_test_get_bssid,
+ wpa_driver_test_get_ssid,
+ wpa_driver_test_set_wpa,
+ wpa_driver_test_set_key,
+ wpa_driver_test_init,
+ wpa_driver_test_deinit,
+ wpa_driver_test_set_param,
+ NULL /* set_countermeasures */,
+ NULL /* set_drop_unencrypted */,
+ wpa_driver_test_scan,
+ wpa_driver_test_get_scan_results,
+ wpa_driver_test_deauthenticate,
+ wpa_driver_test_disassociate,
+ wpa_driver_test_associate,
+ NULL /* set_auth_alg */,
+ NULL /* add_pmkid */,
+ NULL /* remove_pmkid */,
+ NULL /* flush_pmkid */,
+ wpa_driver_test_get_capa,
+ NULL /* poll */,
+ NULL /* get_ifname */,
+ wpa_driver_test_get_mac_addr,
+ wpa_driver_test_send_eapol,
+ NULL /* set_operstate */,
+ wpa_driver_test_mlme_setprotection,
+#ifdef CONFIG_CLIENT_MLME
+ wpa_driver_test_get_hw_feature_data,
+ wpa_driver_test_set_channel,
+ wpa_driver_test_set_ssid,
+ wpa_driver_test_set_bssid,
+ wpa_driver_test_send_mlme,
+ wpa_driver_test_mlme_add_sta,
+ wpa_driver_test_mlme_remove_sta
+#else /* CONFIG_CLIENT_MLME */
+ NULL /* get_hw_feature_data */,
+ NULL /* set_channel */,
+ NULL /* set_ssid */,
+ NULL /* set_bssid */,
+ NULL /* send_mlme */,
+ NULL /* mlme_add_sta */,
+ NULL /* mlme_remove_sta */
+#endif /* CONFIG_CLIENT_MLME */
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements a driver interface for the Linux Wireless Extensions.
+ * When used with WE-18 or newer, this interface can be used as-is with number
+ * of drivers. In addition to this, some of the common functions in this file
+ * can be used by other driver interface implementations that use generic WE
+ * ioctls, but require private ioctls for some of the functionality.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <net/if_arp.h>
+
+#include "wireless_copy.h"
+#include "common.h"
+#include "driver.h"
+#include "l2_packet.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "priv_netlink.h"
+#include "driver_wext.h"
+#include "wpa.h"
+
+#ifdef CONFIG_CLIENT_MLME
+#include <netpacket/packet.h>
+#include <hostapd_ioctl.h>
+#include <ieee80211_common.h>
+/* from net/mac80211.h */
+enum {
+ MODE_IEEE80211A = 0 /* IEEE 802.11a */,
+ MODE_IEEE80211B = 1 /* IEEE 802.11b only */,
+ MODE_ATHEROS_TURBO = 2 /* Atheros Turbo mode (2x.11a at 5 GHz) */,
+ MODE_IEEE80211G = 3 /* IEEE 802.11g (and 802.11b compatibility) */,
+ MODE_ATHEROS_TURBOG = 4 /* Atheros Turbo mode (2x.11g at 2.4 GHz) */,
+ NUM_IEEE80211_MODES = 5
+};
+
+#include "mlme.h"
+
+#ifndef ETH_P_ALL
+#define ETH_P_ALL 0x0003
+#endif
+#endif /* CONFIG_CLIENT_MLME */
+
+
+struct wpa_driver_wext_data {
+ void *ctx;
+ int event_sock;
+ int ioctl_sock;
+ int mlme_sock;
+ char ifname[IFNAMSIZ + 1];
+ int ifindex;
+ int ifindex2;
+ u8 *assoc_req_ies;
+ size_t assoc_req_ies_len;
+ u8 *assoc_resp_ies;
+ size_t assoc_resp_ies_len;
+ struct wpa_driver_capa capa;
+ int has_capability;
+ int we_version_compiled;
+
+ /* for set_auth_alg fallback */
+ int use_crypt;
+ int auth_alg_fallback;
+
+ int operstate;
+
+ char mlmedev[IFNAMSIZ + 1];
+
+ int scan_complete_events;
+};
+
+
+static int wpa_driver_wext_flush_pmkid(void *priv);
+static int wpa_driver_wext_get_range(void *priv);
+
+static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
+ int linkmode, int operstate)
+{
+ struct {
+ struct nlmsghdr hdr;
+ struct ifinfomsg ifinfo;
+ char opts[16];
+ } req;
+ struct rtattr *rta;
+ static int nl_seq;
+ ssize_t ret;
+
+ req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
+ req.hdr.nlmsg_type = RTM_SETLINK;
+ req.hdr.nlmsg_flags = NLM_F_REQUEST;
+ req.hdr.nlmsg_seq = ++nl_seq;
+ req.hdr.nlmsg_pid = 0;
+
+ req.ifinfo.ifi_family = AF_UNSPEC;
+ req.ifinfo.ifi_type = 0;
+ req.ifinfo.ifi_index = drv->ifindex;
+ req.ifinfo.ifi_flags = 0;
+ req.ifinfo.ifi_change = 0;
+
+ if (linkmode != -1) {
+ rta = (struct rtattr *)
+ ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
+ rta->rta_type = IFLA_LINKMODE;
+ rta->rta_len = RTA_LENGTH(sizeof(char));
+ *((char *) RTA_DATA(rta)) = linkmode;
+ req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
+ RTA_LENGTH(sizeof(char));
+ }
+ if (operstate != -1) {
+ rta = (struct rtattr *)
+ ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
+ rta->rta_type = IFLA_OPERSTATE;
+ rta->rta_len = RTA_LENGTH(sizeof(char));
+ *((char *) RTA_DATA(rta)) = operstate;
+ req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
+ RTA_LENGTH(sizeof(char));
+ }
+
+ wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
+ linkmode, operstate);
+
+ ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
+ "%s (assume operstate is not supported)",
+ strerror(errno));
+ }
+
+ return ret < 0 ? -1 : 0;
+}
+
+
+static int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
+ int idx, u32 value)
+{
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.param.flags = idx & IW_AUTH_INDEX;
+ iwr.u.param.value = value;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
+ perror("ioctl[SIOCSIWAUTH]");
+ fprintf(stderr, "WEXT auth param %d value 0x%x - ",
+ idx, value);
+ ret = errno == EOPNOTSUPP ? -2 : -1;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @bssid: Buffer for BSSID
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+
+ if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
+ perror("ioctl[SIOCGIWAP]");
+ ret = -1;
+ }
+ os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
+
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @bssid: BSSID
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
+ if (bssid)
+ os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
+ else
+ os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
+ perror("ioctl[SIOCSIWAP]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @ssid: Buffer for the SSID; must be at least 32 bytes long
+ * Returns: SSID length on success, -1 on failure
+ */
+int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.essid.pointer = (caddr_t) ssid;
+ iwr.u.essid.length = 32;
+
+ if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
+ perror("ioctl[SIOCGIWESSID]");
+ ret = -1;
+ } else {
+ ret = iwr.u.essid.length;
+ if (ret > 32)
+ ret = 32;
+ /* Some drivers include nul termination in the SSID, so let's
+ * remove it here before further processing. WE-21 changes this
+ * to explicitly require the length _not_ to include nul
+ * termination. */
+ if (ret > 0 && ssid[ret - 1] == '\0' &&
+ drv->we_version_compiled < 21)
+ ret--;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @ssid: SSID
+ * @ssid_len: Length of SSID (0..32)
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+ char buf[33];
+
+ if (ssid_len > 32)
+ return -1;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
+ iwr.u.essid.flags = (ssid_len != 0);
+ os_memset(buf, 0, sizeof(buf));
+ os_memcpy(buf, ssid, ssid_len);
+ iwr.u.essid.pointer = (caddr_t) buf;
+ if (drv->we_version_compiled < 21) {
+ /* For historic reasons, set SSID length to include one extra
+ * character, C string nul termination, even though SSID is
+ * really an octet string that should not be presented as a C
+ * string. Some Linux drivers decrement the length by one and
+ * can thus end up missing the last octet of the SSID if the
+ * length is not incremented here. WE-21 changes this to
+ * explicitly require the length _not_ to include nul
+ * termination. */
+ if (ssid_len)
+ ssid_len++;
+ }
+ iwr.u.essid.length = ssid_len;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
+ perror("ioctl[SIOCSIWESSID]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @freq: Frequency in MHz
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_set_freq(void *priv, int freq)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.freq.m = freq * 100000;
+ iwr.u.freq.e = 1;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
+ perror("ioctl[SIOCSIWFREQ]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static void
+wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
+{
+ union wpa_event_data data;
+
+ wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
+ custom);
+
+ os_memset(&data, 0, sizeof(data));
+ /* Host AP driver */
+ if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
+ data.michael_mic_failure.unicast =
+ os_strstr(custom, " unicast ") != NULL;
+ /* TODO: parse parameters(?) */
+ wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
+ } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
+ char *spos;
+ int bytes;
+
+ spos = custom + 17;
+
+ bytes = strspn(spos, "0123456789abcdefABCDEF");
+ if (!bytes || (bytes & 1))
+ return;
+ bytes /= 2;
+
+ data.assoc_info.req_ies = os_malloc(bytes);
+ if (data.assoc_info.req_ies == NULL)
+ return;
+
+ data.assoc_info.req_ies_len = bytes;
+ hexstr2bin(spos, data.assoc_info.req_ies, bytes);
+
+ spos += bytes * 2;
+
+ data.assoc_info.resp_ies = NULL;
+ data.assoc_info.resp_ies_len = 0;
+
+ if (os_strncmp(spos, " RespIEs=", 9) == 0) {
+ spos += 9;
+
+ bytes = strspn(spos, "0123456789abcdefABCDEF");
+ if (!bytes || (bytes & 1))
+ goto done;
+ bytes /= 2;
+
+ data.assoc_info.resp_ies = os_malloc(bytes);
+ if (data.assoc_info.resp_ies == NULL)
+ goto done;
+
+ data.assoc_info.resp_ies_len = bytes;
+ hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
+ }
+
+ wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
+
+ done:
+ os_free(data.assoc_info.resp_ies);
+ os_free(data.assoc_info.req_ies);
+#ifdef CONFIG_PEERKEY
+ } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
+ if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
+ wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
+ "STKSTART.request '%s'", custom + 17);
+ return;
+ }
+ wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
+#endif /* CONFIG_PEERKEY */
+ }
+}
+
+
+static int wpa_driver_wext_event_wireless_michaelmicfailure(
+ void *ctx, const char *ev, size_t len)
+{
+ const struct iw_michaelmicfailure *mic;
+ union wpa_event_data data;
+
+ if (len < sizeof(*mic))
+ return -1;
+
+ mic = (const struct iw_michaelmicfailure *) ev;
+
+ wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
+ "flags=0x%x src_addr=" MACSTR, mic->flags,
+ MAC2STR(mic->src_addr.sa_data));
+
+ os_memset(&data, 0, sizeof(data));
+ data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
+ wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
+
+ return 0;
+}
+
+
+static int wpa_driver_wext_event_wireless_pmkidcand(
+ struct wpa_driver_wext_data *drv, const char *ev, size_t len)
+{
+ const struct iw_pmkid_cand *cand;
+ union wpa_event_data data;
+ const u8 *addr;
+
+ if (len < sizeof(*cand))
+ return -1;
+
+ cand = (const struct iw_pmkid_cand *) ev;
+ addr = (const u8 *) cand->bssid.sa_data;
+
+ wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
+ "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
+ cand->index, MAC2STR(addr));
+
+ os_memset(&data, 0, sizeof(data));
+ os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
+ data.pmkid_candidate.index = cand->index;
+ data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
+ wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
+
+ return 0;
+}
+
+
+static int wpa_driver_wext_event_wireless_assocreqie(
+ struct wpa_driver_wext_data *drv, const char *ev, int len)
+{
+ if (len < 0)
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
+ len);
+ os_free(drv->assoc_req_ies);
+ drv->assoc_req_ies = os_malloc(len);
+ if (drv->assoc_req_ies == NULL) {
+ drv->assoc_req_ies_len = 0;
+ return -1;
+ }
+ os_memcpy(drv->assoc_req_ies, ev, len);
+ drv->assoc_req_ies_len = len;
+
+ return 0;
+}
+
+
+static int wpa_driver_wext_event_wireless_assocrespie(
+ struct wpa_driver_wext_data *drv, const char *ev, int len)
+{
+ if (len < 0)
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
+ len);
+ os_free(drv->assoc_resp_ies);
+ drv->assoc_resp_ies = os_malloc(len);
+ if (drv->assoc_resp_ies == NULL) {
+ drv->assoc_resp_ies_len = 0;
+ return -1;
+ }
+ os_memcpy(drv->assoc_resp_ies, ev, len);
+ drv->assoc_resp_ies_len = len;
+
+ return 0;
+}
+
+
+static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
+{
+ union wpa_event_data data;
+
+ if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
+ return;
+
+ os_memset(&data, 0, sizeof(data));
+ if (drv->assoc_req_ies) {
+ data.assoc_info.req_ies = drv->assoc_req_ies;
+ drv->assoc_req_ies = NULL;
+ data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
+ }
+ if (drv->assoc_resp_ies) {
+ data.assoc_info.resp_ies = drv->assoc_resp_ies;
+ drv->assoc_resp_ies = NULL;
+ data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
+ }
+
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
+
+ os_free(data.assoc_info.req_ies);
+ os_free(data.assoc_info.resp_ies);
+}
+
+
+static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
+ void *ctx, char *data, int len)
+{
+ struct iw_event iwe_buf, *iwe = &iwe_buf;
+ char *pos, *end, *custom, *buf;
+
+ pos = data;
+ end = data + len;
+
+ while (pos + IW_EV_LCP_LEN <= end) {
+ /* Event data may be unaligned, so make a local, aligned copy
+ * before processing. */
+ os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+ wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
+ iwe->cmd, iwe->len);
+ if (iwe->len <= IW_EV_LCP_LEN)
+ return;
+
+ custom = pos + IW_EV_POINT_LEN;
+ if (drv->we_version_compiled > 18 &&
+ (iwe->cmd == IWEVMICHAELMICFAILURE ||
+ iwe->cmd == IWEVCUSTOM ||
+ iwe->cmd == IWEVASSOCREQIE ||
+ iwe->cmd == IWEVASSOCRESPIE ||
+ iwe->cmd == IWEVPMKIDCAND)) {
+ /* WE-19 removed the pointer from struct iw_point */
+ char *dpos = (char *) &iwe_buf.u.data.length;
+ int dlen = dpos - (char *) &iwe_buf;
+ os_memcpy(dpos, pos + IW_EV_LCP_LEN,
+ sizeof(struct iw_event) - dlen);
+ } else {
+ os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
+ custom += IW_EV_POINT_OFF;
+ }
+
+ switch (iwe->cmd) {
+ case SIOCGIWAP:
+ wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
+ MACSTR,
+ MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
+ if (os_memcmp(iwe->u.ap_addr.sa_data,
+ "\x00\x00\x00\x00\x00\x00", ETH_ALEN) ==
+ 0 ||
+ os_memcmp(iwe->u.ap_addr.sa_data,
+ "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
+ 0) {
+ os_free(drv->assoc_req_ies);
+ drv->assoc_req_ies = NULL;
+ os_free(drv->assoc_resp_ies);
+ drv->assoc_resp_ies = NULL;
+ wpa_supplicant_event(ctx, EVENT_DISASSOC,
+ NULL);
+
+ } else {
+ wpa_driver_wext_event_assoc_ies(drv);
+ wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
+ }
+ break;
+ case IWEVMICHAELMICFAILURE:
+ wpa_driver_wext_event_wireless_michaelmicfailure(
+ ctx, custom, iwe->u.data.length);
+ break;
+ case IWEVCUSTOM:
+ if (custom + iwe->u.data.length > end)
+ return;
+ buf = os_malloc(iwe->u.data.length + 1);
+ if (buf == NULL)
+ return;
+ os_memcpy(buf, custom, iwe->u.data.length);
+ buf[iwe->u.data.length] = '\0';
+ wpa_driver_wext_event_wireless_custom(ctx, buf);
+ os_free(buf);
+ break;
+ case SIOCGIWSCAN:
+ drv->scan_complete_events = 1;
+ eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
+ drv, ctx);
+ wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
+ break;
+ case IWEVASSOCREQIE:
+ wpa_driver_wext_event_wireless_assocreqie(
+ drv, custom, iwe->u.data.length);
+ break;
+ case IWEVASSOCRESPIE:
+ wpa_driver_wext_event_wireless_assocrespie(
+ drv, custom, iwe->u.data.length);
+ break;
+ case IWEVPMKIDCAND:
+ wpa_driver_wext_event_wireless_pmkidcand(
+ drv, custom, iwe->u.data.length);
+ break;
+ }
+
+ pos += iwe->len;
+ }
+}
+
+
+static void wpa_driver_wext_event_link(void *ctx, char *buf, size_t len,
+ int del)
+{
+ union wpa_event_data event;
+
+ os_memset(&event, 0, sizeof(event));
+ if (len > sizeof(event.interface_status.ifname))
+ len = sizeof(event.interface_status.ifname) - 1;
+ os_memcpy(event.interface_status.ifname, buf, len);
+ event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
+ EVENT_INTERFACE_ADDED;
+
+ wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
+ del ? "DEL" : "NEW",
+ event.interface_status.ifname,
+ del ? "removed" : "added");
+
+ wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
+}
+
+
+static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
+ void *ctx, struct nlmsghdr *h,
+ size_t len)
+{
+ struct ifinfomsg *ifi;
+ int attrlen, nlmsg_len, rta_len;
+ struct rtattr * attr;
+
+ if (len < sizeof(*ifi))
+ return;
+
+ ifi = NLMSG_DATA(h);
+
+ if (drv->ifindex != ifi->ifi_index && drv->ifindex2 != ifi->ifi_index)
+ {
+ wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
+ ifi->ifi_index);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
+ "(%s%s%s%s)",
+ drv->operstate, ifi->ifi_flags,
+ (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
+ (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
+ (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
+ (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT" : "");
+ /*
+ * Some drivers send the association event before the operup event--in
+ * this case, lifting operstate in wpa_driver_wext_set_operstate()
+ * fails. This will hit us when wpa_supplicant does not need to do
+ * IEEE 802.1X authentication
+ */
+ if (drv->operstate == 1 &&
+ (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
+ !(ifi->ifi_flags & IFF_RUNNING))
+ wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
+
+ nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+ attrlen = h->nlmsg_len - nlmsg_len;
+ if (attrlen < 0)
+ return;
+
+ attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+ rta_len = RTA_ALIGN(sizeof(struct rtattr));
+ while (RTA_OK(attr, attrlen)) {
+ if (attr->rta_type == IFLA_WIRELESS) {
+ wpa_driver_wext_event_wireless(
+ drv, ctx, ((char *) attr) + rta_len,
+ attr->rta_len - rta_len);
+ } else if (attr->rta_type == IFLA_IFNAME) {
+ wpa_driver_wext_event_link(ctx,
+ ((char *) attr) + rta_len,
+ attr->rta_len - rta_len, 0);
+ }
+ attr = RTA_NEXT(attr, attrlen);
+ }
+}
+
+
+static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
+ void *ctx, struct nlmsghdr *h,
+ size_t len)
+{
+ struct ifinfomsg *ifi;
+ int attrlen, nlmsg_len, rta_len;
+ struct rtattr * attr;
+
+ if (len < sizeof(*ifi))
+ return;
+
+ ifi = NLMSG_DATA(h);
+
+ nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+ attrlen = h->nlmsg_len - nlmsg_len;
+ if (attrlen < 0)
+ return;
+
+ attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+ rta_len = RTA_ALIGN(sizeof(struct rtattr));
+ while (RTA_OK(attr, attrlen)) {
+ if (attr->rta_type == IFLA_IFNAME) {
+ wpa_driver_wext_event_link(ctx,
+ ((char *) attr) + rta_len,
+ attr->rta_len - rta_len, 1);
+ }
+ attr = RTA_NEXT(attr, attrlen);
+ }
+}
+
+
+static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ char buf[8192];
+ int left;
+ struct sockaddr_nl from;
+ socklen_t fromlen;
+ struct nlmsghdr *h;
+ int max_events = 10;
+
+try_again:
+ fromlen = sizeof(from);
+ left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
+ (struct sockaddr *) &from, &fromlen);
+ if (left < 0) {
+ if (errno != EINTR && errno != EAGAIN)
+ perror("recvfrom(netlink)");
+ return;
+ }
+
+ h = (struct nlmsghdr *) buf;
+ while (left >= (int) sizeof(*h)) {
+ int len, plen;
+
+ len = h->nlmsg_len;
+ plen = len - sizeof(*h);
+ if (len > left || plen < 0) {
+ wpa_printf(MSG_DEBUG, "Malformed netlink message: "
+ "len=%d left=%d plen=%d",
+ len, left, plen);
+ break;
+ }
+
+ switch (h->nlmsg_type) {
+ case RTM_NEWLINK:
+ wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
+ h, plen);
+ break;
+ case RTM_DELLINK:
+ wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
+ h, plen);
+ break;
+ }
+
+ len = NLMSG_ALIGN(len);
+ left -= len;
+ h = (struct nlmsghdr *) ((char *) h + len);
+ }
+
+ if (left > 0) {
+ wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
+ "message", left);
+ }
+
+ if (--max_events > 0) {
+ /*
+ * Try to receive all events in one eloop call in order to
+ * limit race condition on cases where AssocInfo event, Assoc
+ * event, and EAPOL frames are received more or less at the
+ * same time. We want to process the event messages first
+ * before starting EAPOL processing.
+ */
+ goto try_again;
+ }
+}
+
+
+static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
+ const char *ifname, int *flags)
+{
+ struct ifreq ifr;
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCGIFFLAGS]");
+ return -1;
+ }
+ *flags = ifr.ifr_flags & 0xffff;
+ return 0;
+}
+
+
+/**
+ * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
+ * @drv: driver_wext private data
+ * @flags: Pointer to returned flags value
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
+{
+ return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
+}
+
+
+static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
+ const char *ifname, int flags)
+{
+ struct ifreq ifr;
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_flags = flags & 0xffff;
+ if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("SIOCSIFFLAGS");
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
+ * @drv: driver_wext private data
+ * @flags: New value for flags
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
+{
+ return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
+}
+
+
+/**
+ * wpa_driver_wext_init - Initialize WE driver interface
+ * @ctx: context to be used when calling wpa_supplicant functions,
+ * e.g., wpa_supplicant_event()
+ * @ifname: interface name, e.g., wlan0
+ * Returns: Pointer to private data, %NULL on failure
+ */
+void * wpa_driver_wext_init(void *ctx, const char *ifname)
+{
+ int s, flags;
+ struct sockaddr_nl local;
+ struct wpa_driver_wext_data *drv;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ drv->ctx = ctx;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+
+ drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (drv->ioctl_sock < 0) {
+ perror("socket(PF_INET,SOCK_DGRAM)");
+ os_free(drv);
+ return NULL;
+ }
+
+ s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (s < 0) {
+ perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
+ close(drv->ioctl_sock);
+ os_free(drv);
+ return NULL;
+ }
+
+ os_memset(&local, 0, sizeof(local));
+ local.nl_family = AF_NETLINK;
+ local.nl_groups = RTMGRP_LINK;
+ if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
+ perror("bind(netlink)");
+ close(s);
+ close(drv->ioctl_sock);
+ os_free(drv);
+ return NULL;
+ }
+
+ eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
+ drv->event_sock = s;
+
+ drv->mlme_sock = -1;
+
+ /*
+ * Make sure that the driver does not have any obsolete PMKID entries.
+ */
+ wpa_driver_wext_flush_pmkid(drv);
+
+ if (wpa_driver_wext_set_mode(drv, 0) < 0) {
+ printf("Could not configure driver to use managed mode\n");
+ }
+
+ if (wpa_driver_wext_get_ifflags(drv, &flags) != 0 ||
+ wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
+ printf("Could not set interface '%s' UP\n", drv->ifname);
+ }
+
+ wpa_driver_wext_get_range(drv);
+
+ drv->ifindex = if_nametoindex(drv->ifname);
+
+ if (os_strncmp(ifname, "wlan", 4) == 0) {
+ /*
+ * Host AP driver may use both wlan# and wifi# interface in
+ * wireless events. Since some of the versions included WE-18
+ * support, let's add the alternative ifindex also from
+ * driver_wext.c for the time being. This may be removed at
+ * some point once it is believed that old versions of the
+ * driver are not in use anymore.
+ */
+ char ifname2[IFNAMSIZ + 1];
+ os_strncpy(ifname2, ifname, sizeof(ifname2));
+ os_memcpy(ifname2, "wifi", 4);
+ wpa_driver_wext_alternative_ifindex(drv, ifname2);
+ }
+
+ wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
+
+ return drv;
+}
+
+
+/**
+ * wpa_driver_wext_deinit - Deinitialize WE driver interface
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ *
+ * Shut down driver interface and processing of driver events. Free
+ * private data buffer if one was allocated in wpa_driver_wext_init().
+ */
+void wpa_driver_wext_deinit(void *priv)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ int flags;
+
+ eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
+
+ /*
+ * Clear possibly configured driver parameters in order to make it
+ * easier to use the driver after wpa_supplicant has been terminated.
+ */
+ wpa_driver_wext_set_bssid(drv, (u8 *) "\x00\x00\x00\x00\x00\x00");
+
+ wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
+
+ eloop_unregister_read_sock(drv->event_sock);
+ if (drv->mlme_sock >= 0)
+ eloop_unregister_read_sock(drv->mlme_sock);
+
+ if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
+ (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
+
+#ifdef CONFIG_CLIENT_MLME
+ if (drv->mlmedev[0] &&
+ wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) == 0)
+ (void) wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
+ flags & ~IFF_UP);
+#endif /* CONFIG_CLIENT_MLME */
+
+ close(drv->event_sock);
+ close(drv->ioctl_sock);
+ if (drv->mlme_sock >= 0)
+ close(drv->mlme_sock);
+ os_free(drv->assoc_req_ies);
+ os_free(drv->assoc_resp_ies);
+ os_free(drv);
+}
+
+
+/**
+ * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
+ * @eloop_ctx: Unused
+ * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
+ *
+ * This function can be used as registered timeout when starting a scan to
+ * generate a scan completed event if the driver does not report this.
+ */
+void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
+ wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
+}
+
+
+/**
+ * wpa_driver_wext_scan - Request the driver to initiate scan
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
+ * all SSIDs (either active scan with broadcast SSID or passive
+ * scan
+ * @ssid_len: Length of the SSID
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0, timeout;
+ struct iw_scan_req req;
+
+ if (ssid_len > IW_ESSID_MAX_SIZE) {
+ wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
+ __FUNCTION__, (unsigned long) ssid_len);
+ return -1;
+ }
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+
+ if (ssid && ssid_len) {
+ os_memset(&req, 0, sizeof(req));
+ req.essid_len = ssid_len;
+ req.bssid.sa_family = ARPHRD_ETHER;
+ os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
+ os_memcpy(req.essid, ssid, ssid_len);
+ iwr.u.data.pointer = (caddr_t) &req;
+ iwr.u.data.length = sizeof(req);
+ iwr.u.data.flags = IW_SCAN_THIS_ESSID;
+ }
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
+ perror("ioctl[SIOCSIWSCAN]");
+ ret = -1;
+ }
+
+ /* Not all drivers generate "scan completed" wireless event, so try to
+ * read results after a timeout. */
+ timeout = 5;
+ if (drv->scan_complete_events) {
+ /*
+ * The driver seems to deliver SIOCGIWSCAN events to notify
+ * when scan is complete, so use longer timeout to avoid race
+ * conditions with scanning and following association request.
+ */
+ timeout = 30;
+ }
+ wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
+ "seconds", ret, timeout);
+ eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
+ eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
+ drv->ctx);
+
+ return ret;
+}
+
+
+/* Compare function for sorting scan results. Return >0 if @b is considered
+ * better. */
+static int wpa_scan_result_compar(const void *a, const void *b)
+{
+ const struct wpa_scan_result *wa = a;
+ const struct wpa_scan_result *wb = b;
+
+ /* WPA/WPA2 support preferred */
+ if ((wb->wpa_ie_len || wb->rsn_ie_len) &&
+ !(wa->wpa_ie_len || wa->rsn_ie_len))
+ return 1;
+ if (!(wb->wpa_ie_len || wb->rsn_ie_len) &&
+ (wa->wpa_ie_len || wa->rsn_ie_len))
+ return -1;
+
+ /* privacy support preferred */
+ if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
+ (wb->caps & IEEE80211_CAP_PRIVACY))
+ return 1;
+ if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
+ (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
+ return -1;
+
+ /* best/max rate preferred if signal level close enough XXX */
+ if (wa->maxrate != wb->maxrate && abs(wb->level - wa->level) < 5)
+ return wb->maxrate - wa->maxrate;
+
+ /* use freq for channel preference */
+
+ /* all things being equal, use signal level; if signal levels are
+ * identical, use quality values since some drivers may only report
+ * that value and leave the signal level zero */
+ if (wb->level == wa->level)
+ return wb->qual - wa->qual;
+ return wb->level - wa->level;
+}
+
+
+/**
+ * wpa_driver_wext_get_scan_results - Fetch the latest scan results
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @results: Pointer to buffer for scan results
+ * @max_size: Maximum number of entries (buffer size)
+ * Returns: Number of scan result entries used on success, -1 on
+ * failure
+ *
+ * If scan results include more than max_size BSSes, max_size will be
+ * returned and the remaining entries will not be included in the
+ * buffer.
+ */
+int wpa_driver_wext_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ size_t ap_num = 0;
+ int first, maxrate;
+ u8 *res_buf;
+ struct iw_event iwe_buf, *iwe = &iwe_buf;
+ char *pos, *end, *custom, *genie, *gpos, *gend;
+ struct iw_param p;
+ size_t len, clen, res_buf_len;
+
+ os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
+
+ res_buf_len = IW_SCAN_MAX_DATA;
+ for (;;) {
+ res_buf = os_malloc(res_buf_len);
+ if (res_buf == NULL)
+ return -1;
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = res_buf;
+ iwr.u.data.length = res_buf_len;
+
+ if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
+ break;
+
+ if (errno == E2BIG && res_buf_len < 100000) {
+ os_free(res_buf);
+ res_buf = NULL;
+ res_buf_len *= 2;
+ wpa_printf(MSG_DEBUG, "Scan results did not fit - "
+ "trying larger buffer (%lu bytes)",
+ (unsigned long) res_buf_len);
+ } else {
+ perror("ioctl[SIOCGIWSCAN]");
+ os_free(res_buf);
+ return -1;
+ }
+ }
+
+ len = iwr.u.data.length;
+ ap_num = 0;
+ first = 1;
+
+ pos = (char *) res_buf;
+ end = (char *) res_buf + len;
+
+ while (pos + IW_EV_LCP_LEN <= end) {
+ int ssid_len;
+ /* Event data may be unaligned, so make a local, aligned copy
+ * before processing. */
+ os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+ if (iwe->len <= IW_EV_LCP_LEN)
+ break;
+
+ custom = pos + IW_EV_POINT_LEN;
+ if (drv->we_version_compiled > 18 &&
+ (iwe->cmd == SIOCGIWESSID ||
+ iwe->cmd == SIOCGIWENCODE ||
+ iwe->cmd == IWEVGENIE ||
+ iwe->cmd == IWEVCUSTOM)) {
+ /* WE-19 removed the pointer from struct iw_point */
+ char *dpos = (char *) &iwe_buf.u.data.length;
+ int dlen = dpos - (char *) &iwe_buf;
+ os_memcpy(dpos, pos + IW_EV_LCP_LEN,
+ sizeof(struct iw_event) - dlen);
+ } else {
+ os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
+ custom += IW_EV_POINT_OFF;
+ }
+
+ switch (iwe->cmd) {
+ case SIOCGIWAP:
+ if (!first)
+ ap_num++;
+ first = 0;
+ if (ap_num < max_size) {
+ os_memcpy(results[ap_num].bssid,
+ iwe->u.ap_addr.sa_data, ETH_ALEN);
+ }
+ break;
+ case SIOCGIWMODE:
+ if (ap_num >= max_size)
+ break;
+ if (iwe->u.mode == IW_MODE_ADHOC)
+ results[ap_num].caps |= IEEE80211_CAP_IBSS;
+ else if (iwe->u.mode == IW_MODE_MASTER ||
+ iwe->u.mode == IW_MODE_INFRA)
+ results[ap_num].caps |= IEEE80211_CAP_ESS;
+ break;
+ case SIOCGIWESSID:
+ ssid_len = iwe->u.essid.length;
+ if (custom + ssid_len > end)
+ break;
+ if (iwe->u.essid.flags &&
+ ssid_len > 0 &&
+ ssid_len <= IW_ESSID_MAX_SIZE) {
+ if (ap_num < max_size) {
+ os_memcpy(results[ap_num].ssid, custom,
+ ssid_len);
+ results[ap_num].ssid_len = ssid_len;
+ }
+ }
+ break;
+ case SIOCGIWFREQ:
+ if (ap_num < max_size) {
+ int divi = 1000000, i;
+ if (iwe->u.freq.e == 0) {
+ /*
+ * Some drivers do not report
+ * frequency, but a channel. Try to map
+ * this to frequency by assuming they
+ * are using IEEE 802.11b/g.
+ */
+ if (iwe->u.freq.m >= 1 &&
+ iwe->u.freq.m <= 13) {
+ results[ap_num].freq =
+ 2407 +
+ 5 * iwe->u.freq.m;
+ break;
+ } else if (iwe->u.freq.m == 14) {
+ results[ap_num].freq = 2484;
+ break;
+ }
+ }
+ if (iwe->u.freq.e > 6) {
+ wpa_printf(
+ MSG_DEBUG, "Invalid freq "
+ "in scan results (BSSID="
+ MACSTR ": m=%d e=%d\n",
+ MAC2STR(results[ap_num].bssid),
+ iwe->u.freq.m, iwe->u.freq.e);
+ break;
+ }
+ for (i = 0; i < iwe->u.freq.e; i++)
+ divi /= 10;
+ results[ap_num].freq = iwe->u.freq.m / divi;
+ }
+ break;
+ case IWEVQUAL:
+ if (ap_num < max_size) {
+ results[ap_num].qual = iwe->u.qual.qual;
+ results[ap_num].noise = iwe->u.qual.noise;
+ results[ap_num].level = iwe->u.qual.level;
+ }
+ break;
+ case SIOCGIWENCODE:
+ if (ap_num < max_size &&
+ !(iwe->u.data.flags & IW_ENCODE_DISABLED))
+ results[ap_num].caps |= IEEE80211_CAP_PRIVACY;
+ break;
+ case SIOCGIWRATE:
+ custom = pos + IW_EV_LCP_LEN;
+ clen = iwe->len;
+ if (custom + clen > end)
+ break;
+ maxrate = 0;
+ while (((ssize_t) clen) >=
+ (ssize_t) sizeof(struct iw_param)) {
+ /* Note: may be misaligned, make a local,
+ * aligned copy */
+ os_memcpy(&p, custom, sizeof(struct iw_param));
+ if (p.value > maxrate)
+ maxrate = p.value;
+ clen -= sizeof(struct iw_param);
+ custom += sizeof(struct iw_param);
+ }
+ if (ap_num < max_size)
+ results[ap_num].maxrate = maxrate;
+ break;
+ case IWEVGENIE:
+ if (ap_num >= max_size)
+ break;
+ gpos = genie = custom;
+ gend = genie + iwe->u.data.length;
+ if (gend > end) {
+ wpa_printf(MSG_INFO, "IWEVGENIE overflow");
+ break;
+ }
+ while (gpos + 1 < gend &&
+ gpos + 2 + (u8) gpos[1] <= gend) {
+ u8 ie = gpos[0], ielen = gpos[1] + 2;
+ if (ielen > SSID_MAX_WPA_IE_LEN) {
+ gpos += ielen;
+ continue;
+ }
+ switch (ie) {
+ case GENERIC_INFO_ELEM:
+ if (ielen < 2 + 4 ||
+ os_memcmp(&gpos[2],
+ "\x00\x50\xf2\x01", 4) !=
+ 0)
+ break;
+ os_memcpy(results[ap_num].wpa_ie, gpos,
+ ielen);
+ results[ap_num].wpa_ie_len = ielen;
+ break;
+ case RSN_INFO_ELEM:
+ os_memcpy(results[ap_num].rsn_ie, gpos,
+ ielen);
+ results[ap_num].rsn_ie_len = ielen;
+ break;
+ }
+ gpos += ielen;
+ }
+ break;
+ case IWEVCUSTOM:
+ clen = iwe->u.data.length;
+ if (custom + clen > end)
+ break;
+ if (clen > 7 &&
+ os_strncmp(custom, "wpa_ie=", 7) == 0 &&
+ ap_num < max_size) {
+ char *spos;
+ int bytes;
+ spos = custom + 7;
+ bytes = custom + clen - spos;
+ if (bytes & 1)
+ break;
+ bytes /= 2;
+ if (bytes > SSID_MAX_WPA_IE_LEN) {
+ wpa_printf(MSG_INFO, "Too long WPA IE "
+ "(%d)", bytes);
+ break;
+ }
+ hexstr2bin(spos, results[ap_num].wpa_ie,
+ bytes);
+ results[ap_num].wpa_ie_len = bytes;
+ } else if (clen > 7 &&
+ os_strncmp(custom, "rsn_ie=", 7) == 0 &&
+ ap_num < max_size) {
+ char *spos;
+ int bytes;
+ spos = custom + 7;
+ bytes = custom + clen - spos;
+ if (bytes & 1)
+ break;
+ bytes /= 2;
+ if (bytes > SSID_MAX_WPA_IE_LEN) {
+ wpa_printf(MSG_INFO, "Too long RSN IE "
+ "(%d)", bytes);
+ break;
+ }
+ hexstr2bin(spos, results[ap_num].rsn_ie,
+ bytes);
+ results[ap_num].rsn_ie_len = bytes;
+ }
+ break;
+ }
+
+ pos += iwe->len;
+ }
+ os_free(res_buf);
+ res_buf = NULL;
+ if (!first)
+ ap_num++;
+ if (ap_num > max_size) {
+ wpa_printf(MSG_DEBUG, "Too small scan result buffer - "
+ "%lu BSSes but room only for %lu",
+ (unsigned long) ap_num,
+ (unsigned long) max_size);
+ ap_num = max_size;
+ }
+ qsort(results, ap_num, sizeof(struct wpa_scan_result),
+ wpa_scan_result_compar);
+
+ wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
+ (unsigned long) len, (unsigned long) ap_num);
+
+ return ap_num;
+}
+
+
+static int wpa_driver_wext_get_range(void *priv)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iw_range *range;
+ struct iwreq iwr;
+ int minlen;
+ size_t buflen;
+
+ /*
+ * Use larger buffer than struct iw_range in order to allow the
+ * structure to grow in the future.
+ */
+ buflen = sizeof(struct iw_range) + 500;
+ range = os_zalloc(buflen);
+ if (range == NULL)
+ return -1;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) range;
+ iwr.u.data.length = buflen;
+
+ minlen = ((char *) &range->enc_capa) - (char *) range +
+ sizeof(range->enc_capa);
+
+ if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
+ perror("ioctl[SIOCGIWRANGE]");
+ os_free(range);
+ return -1;
+ } else if (iwr.u.data.length >= minlen &&
+ range->we_version_compiled >= 18) {
+ wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
+ "WE(source)=%d enc_capa=0x%x",
+ range->we_version_compiled,
+ range->we_version_source,
+ range->enc_capa);
+ drv->has_capability = 1;
+ drv->we_version_compiled = range->we_version_compiled;
+ if (range->enc_capa & IW_ENC_CAPA_WPA) {
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
+ }
+ if (range->enc_capa & IW_ENC_CAPA_WPA2) {
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
+ }
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
+ WPA_DRIVER_CAPA_ENC_WEP104;
+ if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
+ wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
+ drv->capa.key_mgmt, drv->capa.enc);
+ } else {
+ wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
+ "assuming WPA is not supported");
+ }
+
+ os_free(range);
+ return 0;
+}
+
+
+static int wpa_driver_wext_set_wpa(void *priv, int enabled)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+
+ return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
+ enabled);
+}
+
+
+static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx,
+ int set_tx, const u8 *seq,
+ size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+ struct iw_encode_ext *ext;
+
+ if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
+ wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
+ __FUNCTION__, (unsigned long) seq_len);
+ return -1;
+ }
+
+ ext = os_zalloc(sizeof(*ext) + key_len);
+ if (ext == NULL)
+ return -1;
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.encoding.flags = key_idx + 1;
+ if (alg == WPA_ALG_NONE)
+ iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
+ iwr.u.encoding.pointer = (caddr_t) ext;
+ iwr.u.encoding.length = sizeof(*ext) + key_len;
+
+ if (addr == NULL ||
+ os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
+ ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
+ if (set_tx)
+ ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
+
+ ext->addr.sa_family = ARPHRD_ETHER;
+ if (addr)
+ os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
+ else
+ os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
+ if (key && key_len) {
+ os_memcpy(ext + 1, key, key_len);
+ ext->key_len = key_len;
+ }
+ switch (alg) {
+ case WPA_ALG_NONE:
+ ext->alg = IW_ENCODE_ALG_NONE;
+ break;
+ case WPA_ALG_WEP:
+ ext->alg = IW_ENCODE_ALG_WEP;
+ break;
+ case WPA_ALG_TKIP:
+ ext->alg = IW_ENCODE_ALG_TKIP;
+ break;
+ case WPA_ALG_CCMP:
+ ext->alg = IW_ENCODE_ALG_CCMP;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
+ __FUNCTION__, alg);
+ os_free(ext);
+ return -1;
+ }
+
+ if (seq && seq_len) {
+ ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
+ os_memcpy(ext->rx_seq, seq, seq_len);
+ }
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
+ ret = errno == EOPNOTSUPP ? -2 : -1;
+ if (errno == ENODEV) {
+ /*
+ * ndiswrapper seems to be returning incorrect error
+ * code.. */
+ ret = -2;
+ }
+
+ perror("ioctl[SIOCSIWENCODEEXT]");
+ }
+
+ os_free(ext);
+ return ret;
+}
+
+
+/**
+ * wpa_driver_wext_set_key - Configure encryption key
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @priv: Private driver interface data
+ * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
+ * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
+ * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
+ * broadcast/default keys
+ * @key_idx: key index (0..3), usually 0 for unicast keys
+ * @set_tx: Configure this key as the default Tx key (only used when
+ * driver does not support separate unicast/individual key
+ * @seq: Sequence number/packet number, seq_len octets, the next
+ * packet number to be used for in replay protection; configured
+ * for Rx keys (in most cases, this is only used with broadcast
+ * keys and set to zero for unicast keys)
+ * @seq_len: Length of the seq, depends on the algorithm:
+ * TKIP: 6 octets, CCMP: 6 octets
+ * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
+ * 8-byte Rx Mic Key
+ * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
+ * TKIP: 32, CCMP: 16)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function uses SIOCSIWENCODEEXT by default, but tries to use
+ * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
+ */
+int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx,
+ int set_tx, const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
+ "key_len=%lu",
+ __FUNCTION__, alg, key_idx, set_tx,
+ (unsigned long) seq_len, (unsigned long) key_len);
+
+ ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
+ seq, seq_len, key, key_len);
+ if (ret == 0)
+ return 0;
+
+ if (ret == -2 &&
+ (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
+ wpa_printf(MSG_DEBUG, "Driver did not support "
+ "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
+ ret = 0;
+ } else {
+ wpa_printf(MSG_DEBUG, "Driver did not support "
+ "SIOCSIWENCODEEXT");
+ return ret;
+ }
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.encoding.flags = key_idx + 1;
+ if (alg == WPA_ALG_NONE)
+ iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
+ iwr.u.encoding.pointer = (caddr_t) key;
+ iwr.u.encoding.length = key_len;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
+ perror("ioctl[SIOCSIWENCODE]");
+ ret = -1;
+ }
+
+ if (set_tx && alg != WPA_ALG_NONE) {
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.pointer = (caddr_t) NULL;
+ iwr.u.encoding.length = 0;
+ if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
+ perror("ioctl[SIOCSIWENCODE] (set_tx)");
+ ret = -1;
+ }
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_set_countermeasures(void *priv,
+ int enabled)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_TKIP_COUNTERMEASURES,
+ enabled);
+}
+
+
+static int wpa_driver_wext_set_drop_unencrypted(void *priv,
+ int enabled)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ drv->use_crypt = enabled;
+ return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
+ enabled);
+}
+
+
+static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
+ const u8 *addr, int cmd, int reason_code)
+{
+ struct iwreq iwr;
+ struct iw_mlme mlme;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ os_memset(&mlme, 0, sizeof(mlme));
+ mlme.cmd = cmd;
+ mlme.reason_code = reason_code;
+ mlme.addr.sa_family = ARPHRD_ETHER;
+ os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
+ iwr.u.data.pointer = (caddr_t) &mlme;
+ iwr.u.data.length = sizeof(mlme);
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
+ perror("ioctl[SIOCSIWMLME]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
+}
+
+
+static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
+ int reason_code)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ return wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC,
+ reason_code);
+}
+
+
+static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
+ size_t ie_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) ie;
+ iwr.u.data.length = ie_len;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
+ perror("ioctl[SIOCSIWGENIE]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_cipher2wext(int cipher)
+{
+ switch (cipher) {
+ case CIPHER_NONE:
+ return IW_AUTH_CIPHER_NONE;
+ case CIPHER_WEP40:
+ return IW_AUTH_CIPHER_WEP40;
+ case CIPHER_TKIP:
+ return IW_AUTH_CIPHER_TKIP;
+ case CIPHER_CCMP:
+ return IW_AUTH_CIPHER_CCMP;
+ case CIPHER_WEP104:
+ return IW_AUTH_CIPHER_WEP104;
+ default:
+ return 0;
+ }
+}
+
+
+static int wpa_driver_wext_keymgmt2wext(int keymgmt)
+{
+ switch (keymgmt) {
+ case KEY_MGMT_802_1X:
+ case KEY_MGMT_802_1X_NO_WPA:
+ return IW_AUTH_KEY_MGMT_802_1X;
+ case KEY_MGMT_PSK:
+ return IW_AUTH_KEY_MGMT_PSK;
+ default:
+ return 0;
+ }
+}
+
+
+static int
+wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
+ struct wpa_driver_associate_params *params)
+{
+ struct iwreq iwr;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
+ "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ /* Just changing mode, not actual keys */
+ iwr.u.encoding.flags = 0;
+ iwr.u.encoding.pointer = (caddr_t) NULL;
+ iwr.u.encoding.length = 0;
+
+ /*
+ * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
+ * different things. Here they are used to indicate Open System vs.
+ * Shared Key authentication algorithm. However, some drivers may use
+ * them to select between open/restricted WEP encrypted (open = allow
+ * both unencrypted and encrypted frames; restricted = only allow
+ * encrypted frames).
+ */
+
+ if (!drv->use_crypt) {
+ iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
+ } else {
+ if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
+ iwr.u.encoding.flags |= IW_ENCODE_OPEN;
+ if (params->auth_alg & AUTH_ALG_SHARED_KEY)
+ iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
+ }
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
+ perror("ioctl[SIOCSIWENCODE]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int
+wpa_driver_wext_associate(void *priv,
+ struct wpa_driver_associate_params *params)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ int ret = 0;
+ int allow_unencrypted_eapol;
+ int value;
+
+ wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+
+ /*
+ * If the driver did not support SIOCSIWAUTH, fallback to
+ * SIOCSIWENCODE here.
+ */
+ if (drv->auth_alg_fallback &&
+ wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
+ ret = -1;
+
+ if (!params->bssid &&
+ wpa_driver_wext_set_bssid(drv, NULL) < 0)
+ ret = -1;
+
+ if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
+ ret = -1;
+ /* TODO: should consider getting wpa version and cipher/key_mgmt suites
+ * from configuration, not from here, where only the selected suite is
+ * available */
+ if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
+ < 0)
+ ret = -1;
+ if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
+ value = IW_AUTH_WPA_VERSION_DISABLED;
+ else if (params->wpa_ie[0] == RSN_INFO_ELEM)
+ value = IW_AUTH_WPA_VERSION_WPA2;
+ else
+ value = IW_AUTH_WPA_VERSION_WPA;
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_WPA_VERSION, value) < 0)
+ ret = -1;
+ value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_CIPHER_PAIRWISE, value) < 0)
+ ret = -1;
+ value = wpa_driver_wext_cipher2wext(params->group_suite);
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_CIPHER_GROUP, value) < 0)
+ ret = -1;
+ value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_KEY_MGMT, value) < 0)
+ ret = -1;
+ value = params->key_mgmt_suite != KEY_MGMT_NONE ||
+ params->pairwise_suite != CIPHER_NONE ||
+ params->group_suite != CIPHER_NONE ||
+ params->wpa_ie_len;
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_PRIVACY_INVOKED, value) < 0)
+ ret = -1;
+
+ /* Allow unencrypted EAPOL messages even if pairwise keys are set when
+ * not using WPA. IEEE 802.1X specifies that these frames are not
+ * encrypted, but WPA encrypts them when pairwise keys are in use. */
+ if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
+ params->key_mgmt_suite == KEY_MGMT_PSK)
+ allow_unencrypted_eapol = 0;
+ else
+ allow_unencrypted_eapol = 1;
+
+ if (wpa_driver_wext_set_auth_param(drv,
+ IW_AUTH_RX_UNENCRYPTED_EAPOL,
+ allow_unencrypted_eapol) < 0)
+ ret = -1;
+ if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
+ ret = -1;
+ if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
+ ret = -1;
+ if (params->bssid &&
+ wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
+ ret = -1;
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ int algs = 0, res;
+
+ if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
+ algs |= IW_AUTH_ALG_OPEN_SYSTEM;
+ if (auth_alg & AUTH_ALG_SHARED_KEY)
+ algs |= IW_AUTH_ALG_SHARED_KEY;
+ if (auth_alg & AUTH_ALG_LEAP)
+ algs |= IW_AUTH_ALG_LEAP;
+ if (algs == 0) {
+ /* at least one algorithm should be set */
+ algs = IW_AUTH_ALG_OPEN_SYSTEM;
+ }
+
+ res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
+ algs);
+ drv->auth_alg_fallback = res == -2;
+ return res;
+}
+
+
+/**
+ * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
+ * @priv: Pointer to private wext data from wpa_driver_wext_init()
+ * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_wext_set_mode(void *priv, int mode)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct iwreq iwr;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) {
+ perror("ioctl[SIOCSIWMODE]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
+ u32 cmd, const u8 *bssid, const u8 *pmkid)
+{
+ struct iwreq iwr;
+ struct iw_pmksa pmksa;
+ int ret = 0;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ os_memset(&pmksa, 0, sizeof(pmksa));
+ pmksa.cmd = cmd;
+ pmksa.bssid.sa_family = ARPHRD_ETHER;
+ if (bssid)
+ os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
+ if (pmkid)
+ os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
+ iwr.u.data.pointer = (caddr_t) &pmksa;
+ iwr.u.data.length = sizeof(pmksa);
+
+ if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
+ if (errno != EOPNOTSUPP)
+ perror("ioctl[SIOCSIWPMKSA]");
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
+ const u8 *pmkid)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
+}
+
+
+static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
+ const u8 *pmkid)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
+}
+
+
+static int wpa_driver_wext_flush_pmkid(void *priv)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
+}
+
+
+static int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ if (!drv->has_capability)
+ return -1;
+ os_memcpy(capa, &drv->capa, sizeof(*capa));
+ return 0;
+}
+
+
+int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
+ const char *ifname)
+{
+ if (ifname == NULL) {
+ drv->ifindex2 = -1;
+ return 0;
+ }
+
+ drv->ifindex2 = if_nametoindex(ifname);
+ if (drv->ifindex2 <= 0)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
+ "wireless events", drv->ifindex2, ifname);
+
+ return 0;
+}
+
+
+int wpa_driver_wext_set_operstate(void *priv, int state)
+{
+ struct wpa_driver_wext_data *drv = priv;
+
+ wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
+ __func__, drv->operstate, state, state ? "UP" : "DORMANT");
+ drv->operstate = state;
+ return wpa_driver_wext_send_oper_ifla(
+ drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
+}
+
+
+#ifdef CONFIG_CLIENT_MLME
+static int hostapd_ioctl(struct wpa_driver_wext_data *drv,
+ struct prism2_hostapd_param *param, int len)
+{
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ iwr.u.data.pointer = (caddr_t) param;
+ iwr.u.data.length = len;
+
+ if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
+ perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static struct wpa_hw_modes *
+wpa_driver_wext_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct prism2_hostapd_param *param;
+ u8 *pos, *end;
+ struct wpa_hw_modes *modes = NULL;
+ int i;
+
+ param = os_zalloc(PRISM2_HOSTAPD_MAX_BUF_SIZE);
+ if (param == NULL)
+ return NULL;
+ param->cmd = PRISM2_HOSTAPD_GET_HW_FEATURES;
+
+ if (hostapd_ioctl(drv, param, PRISM2_HOSTAPD_MAX_BUF_SIZE) < 0) {
+ perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
+ goto out;
+ }
+
+ *num_modes = param->u.hw_features.num_modes;
+ *flags = param->u.hw_features.flags;
+
+ pos = param->u.hw_features.data;
+ end = pos + PRISM2_HOSTAPD_MAX_BUF_SIZE -
+ (param->u.hw_features.data - (u8 *) param);
+
+ modes = os_zalloc(*num_modes * sizeof(struct wpa_hw_modes));
+ if (modes == NULL)
+ goto out;
+
+ for (i = 0; i < *num_modes; i++) {
+ struct hostapd_ioctl_hw_modes_hdr *hdr;
+ struct wpa_hw_modes *feature;
+ int clen, rlen;
+
+ hdr = (struct hostapd_ioctl_hw_modes_hdr *) pos;
+ pos = (u8 *) (hdr + 1);
+ clen = hdr->num_channels * sizeof(struct wpa_channel_data);
+ rlen = hdr->num_rates * sizeof(struct wpa_rate_data);
+
+ feature = &modes[i];
+ switch (hdr->mode) {
+ case MODE_IEEE80211A:
+ feature->mode = WPA_MODE_IEEE80211A;
+ break;
+ case MODE_IEEE80211B:
+ feature->mode = WPA_MODE_IEEE80211B;
+ break;
+ case MODE_IEEE80211G:
+ feature->mode = WPA_MODE_IEEE80211G;
+ break;
+ case MODE_ATHEROS_TURBO:
+ case MODE_ATHEROS_TURBOG:
+ wpa_printf(MSG_ERROR, "Skip unsupported hw_mode=%d in "
+ "get_hw_features data", hdr->mode);
+ pos += clen + rlen;
+ continue;
+ default:
+ wpa_printf(MSG_ERROR, "Unknown hw_mode=%d in "
+ "get_hw_features data", hdr->mode);
+ ieee80211_sta_free_hw_features(modes, *num_modes);
+ modes = NULL;
+ break;
+ }
+ feature->num_channels = hdr->num_channels;
+ feature->num_rates = hdr->num_rates;
+
+ feature->channels = os_malloc(clen);
+ feature->rates = os_malloc(rlen);
+ if (!feature->channels || !feature->rates ||
+ pos + clen + rlen > end) {
+ ieee80211_sta_free_hw_features(modes, *num_modes);
+ modes = NULL;
+ break;
+ }
+
+ os_memcpy(feature->channels, pos, clen);
+ pos += clen;
+ os_memcpy(feature->rates, pos, rlen);
+ pos += rlen;
+ }
+
+out:
+ os_free(param);
+ return modes;
+}
+
+
+int wpa_driver_wext_set_channel(void *priv, wpa_hw_mode phymode, int chan,
+ int freq)
+{
+ return wpa_driver_wext_set_freq(priv, freq);
+}
+
+
+static void wpa_driver_wext_mlme_read(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_driver_wext_data *drv = eloop_ctx;
+ int len;
+ unsigned char buf[3000];
+ struct ieee80211_frame_info *fi;
+ struct ieee80211_rx_status rx_status;
+
+ len = recv(sock, buf, sizeof(buf), 0);
+ if (len < 0) {
+ perror("recv[MLME]");
+ return;
+ }
+
+ if (len < (int) sizeof(struct ieee80211_frame_info)) {
+ wpa_printf(MSG_DEBUG, "WEXT: Too short MLME frame (len=%d)",
+ len);
+ return;
+ }
+
+ fi = (struct ieee80211_frame_info *) buf;
+ if (ntohl(fi->version) != IEEE80211_FI_VERSION) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid MLME frame info version "
+ "0x%x", ntohl(fi->version));
+ return;
+ }
+
+ os_memset(&rx_status, 0, sizeof(rx_status));
+ rx_status.ssi = ntohl(fi->ssi_signal);
+ rx_status.channel = ntohl(fi->channel);
+
+ ieee80211_sta_rx(drv->ctx, buf + sizeof(struct ieee80211_frame_info),
+ len - sizeof(struct ieee80211_frame_info),
+ &rx_status);
+}
+
+
+static int wpa_driver_wext_open_mlme(struct wpa_driver_wext_data *drv)
+{
+ int flags, ifindex, s, *i;
+ struct sockaddr_ll addr;
+ struct iwreq iwr;
+
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ i = (int *) iwr.u.name;
+ *i++ = PRISM2_PARAM_USER_SPACE_MLME;
+ *i++ = 1;
+
+ if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr) < 0) {
+ wpa_printf(MSG_ERROR, "WEXT: Failed to configure driver to "
+ "use user space MLME");
+ return -1;
+ }
+
+ ifindex = if_nametoindex(drv->mlmedev);
+ if (ifindex == 0) {
+ wpa_printf(MSG_ERROR, "WEXT: mlmedev='%s' not found",
+ drv->mlmedev);
+ return -1;
+ }
+
+ if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) != 0
+ || wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
+ flags | IFF_UP) != 0) {
+ wpa_printf(MSG_ERROR, "WEXT: Could not set interface "
+ "'%s' UP", drv->mlmedev);
+ return -1;
+ }
+
+ s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+ if (s < 0) {
+ perror("socket[PF_PACKET,SOCK_RAW]");
+ return -1;
+ }
+
+ os_memset(&addr, 0, sizeof(addr));
+ addr.sll_family = AF_PACKET;
+ addr.sll_ifindex = ifindex;
+
+ if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ perror("bind(MLME)");
+ return -1;
+ }
+
+ if (eloop_register_read_sock(s, wpa_driver_wext_mlme_read, drv, NULL))
+ {
+ wpa_printf(MSG_ERROR, "WEXT: Could not register MLME read "
+ "socket");
+ close(s);
+ return -1;
+ }
+
+ return s;
+}
+
+
+static int wpa_driver_wext_send_mlme(void *priv, const u8 *data,
+ size_t data_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ int ret;
+
+ ret = send(drv->mlme_sock, data, data_len, 0);
+ if (ret < 0) {
+ perror("send[MLME]");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_driver_wext_mlme_add_sta(void *priv, const u8 *addr,
+ const u8 *supp_rates,
+ size_t supp_rates_len)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct prism2_hostapd_param param;
+ size_t len;
+
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = PRISM2_HOSTAPD_ADD_STA;
+ os_memcpy(param.sta_addr, addr, ETH_ALEN);
+ len = supp_rates_len;
+ if (len > sizeof(param.u.add_sta.supp_rates))
+ len = sizeof(param.u.add_sta.supp_rates);
+ os_memcpy(param.u.add_sta.supp_rates, supp_rates, len);
+ return hostapd_ioctl(drv, ¶m, sizeof(param));
+}
+
+
+static int wpa_driver_wext_mlme_remove_sta(void *priv, const u8 *addr)
+{
+ struct wpa_driver_wext_data *drv = priv;
+ struct prism2_hostapd_param param;
+
+ os_memset(¶m, 0, sizeof(param));
+ param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
+ os_memcpy(param.sta_addr, addr, ETH_ALEN);
+ return hostapd_ioctl(drv, ¶m, sizeof(param));
+}
+
+#endif /* CONFIG_CLIENT_MLME */
+
+
+static int wpa_driver_wext_set_param(void *priv, const char *param)
+{
+#ifdef CONFIG_CLIENT_MLME
+ struct wpa_driver_wext_data *drv = priv;
+ const char *pos, *pos2;
+ size_t len;
+
+ if (param == NULL)
+ return 0;
+
+ wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
+
+ pos = os_strstr(param, "mlmedev=");
+ if (pos) {
+ pos += 8;
+ pos2 = os_strchr(pos, ' ');
+ if (pos2)
+ len = pos2 - pos;
+ else
+ len = os_strlen(pos);
+ if (len + 1 > sizeof(drv->mlmedev))
+ return -1;
+ os_memcpy(drv->mlmedev, pos, len);
+ drv->mlmedev[len] = '\0';
+ wpa_printf(MSG_DEBUG, "WEXT: Using user space MLME with "
+ "mlmedev='%s'", drv->mlmedev);
+ drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
+
+ drv->mlme_sock = wpa_driver_wext_open_mlme(drv);
+ if (drv->mlme_sock < 0)
+ return -1;
+ }
+#endif /* CONFIG_CLIENT_MLME */
+
+ return 0;
+}
+
+
+int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
+{
+ return drv->we_version_compiled;
+}
+
+
+const struct wpa_driver_ops wpa_driver_wext_ops = {
+ .name = "wext",
+ .desc = "Linux wireless extensions (generic)",
+ .get_bssid = wpa_driver_wext_get_bssid,
+ .get_ssid = wpa_driver_wext_get_ssid,
+ .set_wpa = wpa_driver_wext_set_wpa,
+ .set_key = wpa_driver_wext_set_key,
+ .set_countermeasures = wpa_driver_wext_set_countermeasures,
+ .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
+ .scan = wpa_driver_wext_scan,
+ .get_scan_results = wpa_driver_wext_get_scan_results,
+ .deauthenticate = wpa_driver_wext_deauthenticate,
+ .disassociate = wpa_driver_wext_disassociate,
+ .associate = wpa_driver_wext_associate,
+ .set_auth_alg = wpa_driver_wext_set_auth_alg,
+ .init = wpa_driver_wext_init,
+ .deinit = wpa_driver_wext_deinit,
+ .set_param = wpa_driver_wext_set_param,
+ .add_pmkid = wpa_driver_wext_add_pmkid,
+ .remove_pmkid = wpa_driver_wext_remove_pmkid,
+ .flush_pmkid = wpa_driver_wext_flush_pmkid,
+ .get_capa = wpa_driver_wext_get_capa,
+ .set_operstate = wpa_driver_wext_set_operstate,
+#ifdef CONFIG_CLIENT_MLME
+ .get_hw_feature_data = wpa_driver_wext_get_hw_feature_data,
+ .set_channel = wpa_driver_wext_set_channel,
+ .set_ssid = wpa_driver_wext_set_ssid,
+ .set_bssid = wpa_driver_wext_set_bssid,
+ .send_mlme = wpa_driver_wext_send_mlme,
+ .mlme_add_sta = wpa_driver_wext_mlme_add_sta,
+ .mlme_remove_sta = wpa_driver_wext_mlme_remove_sta,
+#endif /* CONFIG_CLIENT_MLME */
+};
--- /dev/null
+/*
+ * WPA Supplicant - driver_wext exported functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DRIVER_WEXT_H
+#define DRIVER_WEXT_H
+
+struct wpa_driver_wext_data;
+
+int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags);
+int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags);
+int wpa_driver_wext_get_bssid(void *priv, u8 *bssid);
+int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid);
+int wpa_driver_wext_get_ssid(void *priv, u8 *ssid);
+int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len);
+int wpa_driver_wext_set_freq(void *priv, int freq);
+int wpa_driver_wext_set_mode(void *priv, int mode);
+int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
+ const u8 *addr, int key_idx,
+ int set_tx, const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len);
+int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len);
+int wpa_driver_wext_get_scan_results(void *priv,
+ struct wpa_scan_result *results,
+ size_t max_size);
+
+void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx);
+
+int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
+ const char *ifname);
+
+void * wpa_driver_wext_init(void *ctx, const char *ifname);
+void wpa_driver_wext_deinit(void *priv);
+
+int wpa_driver_wext_set_operstate(void *priv, int state);
+int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv);
+
+#endif /* DRIVER_WEXT_H */
--- /dev/null
+/*
+ * WPA Supplicant - wired Ethernet driver interface
+ * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <net/if.h>
+#ifdef __linux__
+#include <netpacket/packet.h>
+#endif /* __linux__ */
+#ifdef __FreeBSD__
+#include <net/if_dl.h>
+#endif /* __FreeBSD__ */
+
+#include "common.h"
+#include "driver.h"
+#include "wpa_supplicant.h"
+
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+
+struct wpa_driver_wired_data {
+ void *ctx;
+ int pf_sock;
+ char ifname[IFNAMSIZ + 1];
+ int membership, multi, iff_allmulti, iff_up;
+};
+
+
+static int wpa_driver_wired_get_ssid(void *priv, u8 *ssid)
+{
+ ssid[0] = 0;
+ return 0;
+}
+
+
+static int wpa_driver_wired_get_bssid(void *priv, u8 *bssid)
+{
+ /* Report PAE group address as the "BSSID" for wired connection. */
+ os_memcpy(bssid, pae_group_addr, ETH_ALEN);
+ return 0;
+}
+
+
+static int wpa_driver_wired_get_ifflags(const char *ifname, int *flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCGIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ *flags = ifr.ifr_flags & 0xffff;
+ return 0;
+}
+
+
+static int wpa_driver_wired_set_ifflags(const char *ifname, int flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_flags = flags & 0xffff;
+ if (ioctl(s, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCSIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+static int wpa_driver_wired_multi(const char *ifname, const u8 *addr, int add)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+#ifdef __linux__
+ ifr.ifr_hwaddr.sa_family = AF_UNSPEC;
+ os_memcpy(ifr.ifr_hwaddr.sa_data, addr, ETH_ALEN);
+#endif /* __linux__ */
+#ifdef __FreeBSD__
+ {
+ struct sockaddr_dl *dlp;
+ dlp = (struct sockaddr_dl *) &ifr.ifr_addr;
+ dlp->sdl_len = sizeof(struct sockaddr_dl);
+ dlp->sdl_family = AF_LINK;
+ dlp->sdl_index = 0;
+ dlp->sdl_nlen = 0;
+ dlp->sdl_alen = ETH_ALEN;
+ dlp->sdl_slen = 0;
+ os_memcpy(LLADDR(dlp), addr, ETH_ALEN);
+ }
+#endif /* __FreeBSD__ */
+
+ if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOC{ADD/DEL}MULTI]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+static int wpa_driver_wired_membership(struct wpa_driver_wired_data *drv,
+ const u8 *addr, int add)
+{
+#ifdef __linux__
+ struct packet_mreq mreq;
+
+ if (drv->pf_sock == -1)
+ return -1;
+
+ os_memset(&mreq, 0, sizeof(mreq));
+ mreq.mr_ifindex = if_nametoindex(drv->ifname);
+ mreq.mr_type = PACKET_MR_MULTICAST;
+ mreq.mr_alen = ETH_ALEN;
+ os_memcpy(mreq.mr_address, addr, ETH_ALEN);
+
+ if (setsockopt(drv->pf_sock, SOL_PACKET,
+ add ? PACKET_ADD_MEMBERSHIP : PACKET_DROP_MEMBERSHIP,
+ &mreq, sizeof(mreq)) < 0) {
+ perror("setsockopt");
+ return -1;
+ }
+ return 0;
+#else /* __linux__ */
+ return -1;
+#endif /* __linux__ */
+}
+
+
+static void * wpa_driver_wired_init(void *ctx, const char *ifname)
+{
+ struct wpa_driver_wired_data *drv;
+ int flags;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->ctx = ctx;
+
+#ifdef __linux__
+ drv->pf_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
+ if (drv->pf_sock < 0)
+ perror("socket(PF_PACKET)");
+#else /* __linux__ */
+ drv->pf_sock = -1;
+#endif /* __linux__ */
+
+ if (wpa_driver_wired_get_ifflags(ifname, &flags) == 0 &&
+ !(flags & IFF_UP) &&
+ wpa_driver_wired_set_ifflags(ifname, flags | IFF_UP) == 0) {
+ drv->iff_up = 1;
+ }
+
+ if (wpa_driver_wired_membership(drv, pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Added multicast membership with "
+ "packet socket", __func__);
+ drv->membership = 1;
+ } else if (wpa_driver_wired_multi(ifname, pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Added multicast membership with "
+ "SIOCADDMULTI", __func__);
+ drv->multi = 1;
+ } else if (wpa_driver_wired_get_ifflags(ifname, &flags) < 0) {
+ wpa_printf(MSG_INFO, "%s: Could not get interface "
+ "flags", __func__);
+ os_free(drv);
+ return NULL;
+ } else if (flags & IFF_ALLMULTI) {
+ wpa_printf(MSG_DEBUG, "%s: Interface is already configured "
+ "for multicast", __func__);
+ } else if (wpa_driver_wired_set_ifflags(ifname,
+ flags | IFF_ALLMULTI) < 0) {
+ wpa_printf(MSG_INFO, "%s: Failed to enable allmulti",
+ __func__);
+ os_free(drv);
+ return NULL;
+ } else {
+ wpa_printf(MSG_DEBUG, "%s: Enabled allmulti mode",
+ __func__);
+ drv->iff_allmulti = 1;
+ }
+
+ return drv;
+}
+
+
+static void wpa_driver_wired_deinit(void *priv)
+{
+ struct wpa_driver_wired_data *drv = priv;
+ int flags;
+
+ if (drv->membership &&
+ wpa_driver_wired_membership(drv, pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to remove PAE multicast "
+ "group (PACKET)", __func__);
+ }
+
+ if (drv->multi &&
+ wpa_driver_wired_multi(drv->ifname, pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to remove PAE multicast "
+ "group (SIOCDELMULTI)", __func__);
+ }
+
+ if (drv->iff_allmulti &&
+ (wpa_driver_wired_get_ifflags(drv->ifname, &flags) < 0 ||
+ wpa_driver_wired_set_ifflags(drv->ifname,
+ flags & ~IFF_ALLMULTI) < 0)) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to disable allmulti mode",
+ __func__);
+ }
+
+ if (drv->iff_up &&
+ wpa_driver_wired_get_ifflags(drv->ifname, &flags) == 0 &&
+ (flags & IFF_UP) &&
+ wpa_driver_wired_set_ifflags(drv->ifname, flags & ~IFF_UP) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to set the interface down",
+ __func__);
+ }
+
+ if (drv->pf_sock != -1)
+ close(drv->pf_sock);
+
+ os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_wired_ops = {
+ .name = "wired",
+ .desc = "wpa_supplicant wired Ethernet driver",
+ .get_ssid = wpa_driver_wired_get_ssid,
+ .get_bssid = wpa_driver_wired_get_bssid,
+ .init = wpa_driver_wired_init,
+ .deinit = wpa_driver_wired_deinit,
+};
--- /dev/null
+/*
+ * WPA Supplicant / driver interface list
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+
+#ifdef CONFIG_DRIVER_WEXT
+extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */
+#endif /* CONFIG_DRIVER_WEXT */
+#ifdef CONFIG_DRIVER_HOSTAP
+extern struct wpa_driver_ops wpa_driver_hostap_ops; /* driver_hostap.c */
+#endif /* CONFIG_DRIVER_HOSTAP */
+#ifdef CONFIG_DRIVER_PRISM54
+extern struct wpa_driver_ops wpa_driver_prism54_ops; /* driver_prism54.c */
+#endif /* CONFIG_DRIVER_PRISM54 */
+#ifdef CONFIG_DRIVER_HERMES
+extern struct wpa_driver_ops wpa_driver_hermes_ops; /* driver_hermes.c */
+#endif /* CONFIG_DRIVER_HERMES */
+#ifdef CONFIG_DRIVER_MADWIFI
+extern struct wpa_driver_ops wpa_driver_madwifi_ops; /* driver_madwifi.c */
+#endif /* CONFIG_DRIVER_MADWIFI */
+#ifdef CONFIG_DRIVER_ATMEL
+extern struct wpa_driver_ops wpa_driver_atmel_ops; /* driver_atmel.c */
+#endif /* CONFIG_DRIVER_ATMEL */
+#ifdef CONFIG_DRIVER_NDISWRAPPER
+/* driver_ndiswrapper.c */
+extern struct wpa_driver_ops wpa_driver_ndiswrapper_ops;
+#endif /* CONFIG_DRIVER_NDISWRAPPER */
+#ifdef CONFIG_DRIVER_BROADCOM
+extern struct wpa_driver_ops wpa_driver_broadcom_ops; /* driver_broadcom.c */
+#endif /* CONFIG_DRIVER_BROADCOM */
+#ifdef CONFIG_DRIVER_IPW
+extern struct wpa_driver_ops wpa_driver_ipw_ops; /* driver_ipw.c */
+#endif /* CONFIG_DRIVER_IPW */
+#ifdef CONFIG_DRIVER_BSD
+extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */
+#endif /* CONFIG_DRIVER_BSD */
+#ifdef CONFIG_DRIVER_NDIS
+extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */
+#endif /* CONFIG_DRIVER_NDIS */
+#ifdef CONFIG_DRIVER_WIRED
+extern struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */
+#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_TEST
+extern struct wpa_driver_ops wpa_driver_test_ops; /* driver_test.c */
+#endif /* CONFIG_DRIVER_TEST */
+
+
+struct wpa_driver_ops *wpa_supplicant_drivers[] =
+{
+#ifdef CONFIG_DRIVER_WEXT
+ &wpa_driver_wext_ops,
+#endif /* CONFIG_DRIVER_WEXT */
+#ifdef CONFIG_DRIVER_HOSTAP
+ &wpa_driver_hostap_ops,
+#endif /* CONFIG_DRIVER_HOSTAP */
+#ifdef CONFIG_DRIVER_PRISM54
+ &wpa_driver_prism54_ops,
+#endif /* CONFIG_DRIVER_PRISM54 */
+#ifdef CONFIG_DRIVER_HERMES
+ &wpa_driver_hermes_ops,
+#endif /* CONFIG_DRIVER_HERMES */
+#ifdef CONFIG_DRIVER_MADWIFI
+ &wpa_driver_madwifi_ops,
+#endif /* CONFIG_DRIVER_MADWIFI */
+#ifdef CONFIG_DRIVER_ATMEL
+ &wpa_driver_atmel_ops,
+#endif /* CONFIG_DRIVER_ATMEL */
+#ifdef CONFIG_DRIVER_NDISWRAPPER
+ &wpa_driver_ndiswrapper_ops,
+#endif /* CONFIG_DRIVER_NDISWRAPPER */
+#ifdef CONFIG_DRIVER_BROADCOM
+ &wpa_driver_broadcom_ops,
+#endif /* CONFIG_DRIVER_BROADCOM */
+#ifdef CONFIG_DRIVER_IPW
+ &wpa_driver_ipw_ops,
+#endif /* CONFIG_DRIVER_IPW */
+#ifdef CONFIG_DRIVER_BSD
+ &wpa_driver_bsd_ops,
+#endif /* CONFIG_DRIVER_BSD */
+#ifdef CONFIG_DRIVER_NDIS
+ &wpa_driver_ndis_ops,
+#endif /* CONFIG_DRIVER_NDIS */
+#ifdef CONFIG_DRIVER_WIRED
+ &wpa_driver_wired_ops,
+#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_TEST
+ &wpa_driver_test_ops,
+#endif /* CONFIG_DRIVER_TEST */
+ NULL
+};
--- /dev/null
+/*
+ * EAP peer state machines (RFC 4137)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements the Peer State Machine as defined in RFC 4137. The used
+ * states and state transitions match mostly with the RFC. However, there are
+ * couple of additional transitions for working around small issues noticed
+ * during testing. These exceptions are explained in comments within the
+ * functions in this file. The method functions, m.func(), are similar to the
+ * ones used in RFC 4137, but some small changes have used here to optimize
+ * operations and to add functionality needed for fast re-authentication
+ * (session resumption).
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "tls.h"
+#include "crypto.h"
+#include "pcsc_funcs.h"
+#include "wpa_ctrl.h"
+#include "state_machine.h"
+
+#define STATE_MACHINE_DATA struct eap_sm
+#define STATE_MACHINE_DEBUG_PREFIX "EAP"
+
+#define EAP_MAX_AUTH_ROUNDS 50
+
+
+static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor,
+ EapType method);
+static u8 * eap_sm_buildNak(struct eap_sm *sm, int id, size_t *len);
+static void eap_sm_processIdentity(struct eap_sm *sm, const u8 *req);
+static void eap_sm_processNotify(struct eap_sm *sm, const u8 *req);
+static u8 * eap_sm_buildNotify(int id, size_t *len);
+static void eap_sm_parseEapReq(struct eap_sm *sm, const u8 *req, size_t len);
+#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
+static const char * eap_sm_method_state_txt(EapMethodState state);
+static const char * eap_sm_decision_txt(EapDecision decision);
+#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+
+
+
+static Boolean eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var)
+{
+ return sm->eapol_cb->get_bool(sm->eapol_ctx, var);
+}
+
+
+static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var,
+ Boolean value)
+{
+ sm->eapol_cb->set_bool(sm->eapol_ctx, var, value);
+}
+
+
+static unsigned int eapol_get_int(struct eap_sm *sm, enum eapol_int_var var)
+{
+ return sm->eapol_cb->get_int(sm->eapol_ctx, var);
+}
+
+
+static void eapol_set_int(struct eap_sm *sm, enum eapol_int_var var,
+ unsigned int value)
+{
+ sm->eapol_cb->set_int(sm->eapol_ctx, var, value);
+}
+
+
+static u8 * eapol_get_eapReqData(struct eap_sm *sm, size_t *len)
+{
+ return sm->eapol_cb->get_eapReqData(sm->eapol_ctx, len);
+}
+
+
+static void eap_deinit_prev_method(struct eap_sm *sm, const char *txt)
+{
+ if (sm->m == NULL || sm->eap_method_priv == NULL)
+ return;
+
+ wpa_printf(MSG_DEBUG, "EAP: deinitialize previously used EAP method "
+ "(%d, %s) at %s", sm->selectedMethod, sm->m->name, txt);
+ sm->m->deinit(sm, sm->eap_method_priv);
+ sm->eap_method_priv = NULL;
+ sm->m = NULL;
+}
+
+
+/*
+ * This state initializes state machine variables when the machine is
+ * activated (portEnabled = TRUE). This is also used when re-starting
+ * authentication (eapRestart == TRUE).
+ */
+SM_STATE(EAP, INITIALIZE)
+{
+ SM_ENTRY(EAP, INITIALIZE);
+ if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
+ sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
+ wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
+ "fast reauthentication");
+ sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
+ } else {
+ eap_deinit_prev_method(sm, "INITIALIZE");
+ }
+ sm->selectedMethod = EAP_TYPE_NONE;
+ sm->methodState = METHOD_NONE;
+ sm->allowNotifications = TRUE;
+ sm->decision = DECISION_FAIL;
+ eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout);
+ eapol_set_bool(sm, EAPOL_eapSuccess, FALSE);
+ eapol_set_bool(sm, EAPOL_eapFail, FALSE);
+ os_free(sm->eapKeyData);
+ sm->eapKeyData = NULL;
+ sm->eapKeyAvailable = FALSE;
+ eapol_set_bool(sm, EAPOL_eapRestart, FALSE);
+ sm->lastId = -1; /* new session - make sure this does not match with
+ * the first EAP-Packet */
+ /*
+ * RFC 4137 does not reset eapResp and eapNoResp here. However, this
+ * seemed to be able to trigger cases where both were set and if EAPOL
+ * state machine uses eapNoResp first, it may end up not sending a real
+ * reply correctly. This occurred when the workaround in FAIL state set
+ * eapNoResp = TRUE.. Maybe that workaround needs to be fixed to do
+ * something else(?)
+ */
+ eapol_set_bool(sm, EAPOL_eapResp, FALSE);
+ eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
+ sm->num_rounds = 0;
+}
+
+
+/*
+ * This state is reached whenever service from the lower layer is interrupted
+ * or unavailable (portEnabled == FALSE). Immediate transition to INITIALIZE
+ * occurs when the port becomes enabled.
+ */
+SM_STATE(EAP, DISABLED)
+{
+ SM_ENTRY(EAP, DISABLED);
+ sm->num_rounds = 0;
+}
+
+
+/*
+ * The state machine spends most of its time here, waiting for something to
+ * happen. This state is entered unconditionally from INITIALIZE, DISCARD, and
+ * SEND_RESPONSE states.
+ */
+SM_STATE(EAP, IDLE)
+{
+ SM_ENTRY(EAP, IDLE);
+}
+
+
+/*
+ * This state is entered when an EAP packet is received (eapReq == TRUE) to
+ * parse the packet header.
+ */
+SM_STATE(EAP, RECEIVED)
+{
+ const u8 *eapReqData;
+ size_t eapReqDataLen;
+
+ SM_ENTRY(EAP, RECEIVED);
+ eapReqData = eapol_get_eapReqData(sm, &eapReqDataLen);
+ /* parse rxReq, rxSuccess, rxFailure, reqId, reqMethod */
+ eap_sm_parseEapReq(sm, eapReqData, eapReqDataLen);
+ sm->num_rounds++;
+}
+
+
+/*
+ * This state is entered when a request for a new type comes in. Either the
+ * correct method is started, or a Nak response is built.
+ */
+SM_STATE(EAP, GET_METHOD)
+{
+ int reinit;
+ EapType method;
+
+ SM_ENTRY(EAP, GET_METHOD);
+
+ if (sm->reqMethod == EAP_TYPE_EXPANDED)
+ method = sm->reqVendorMethod;
+ else
+ method = sm->reqMethod;
+
+ if (!eap_sm_allowMethod(sm, sm->reqVendor, method)) {
+ wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed",
+ sm->reqVendor, method);
+ goto nak;
+ }
+
+ /*
+ * RFC 4137 does not define specific operation for fast
+ * re-authentication (session resumption). The design here is to allow
+ * the previously used method data to be maintained for
+ * re-authentication if the method support session resumption.
+ * Otherwise, the previously used method data is freed and a new method
+ * is allocated here.
+ */
+ if (sm->fast_reauth &&
+ sm->m && sm->m->vendor == sm->reqVendor &&
+ sm->m->method == method &&
+ sm->m->has_reauth_data &&
+ sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
+ wpa_printf(MSG_DEBUG, "EAP: Using previous method data"
+ " for fast re-authentication");
+ reinit = 1;
+ } else {
+ eap_deinit_prev_method(sm, "GET_METHOD");
+ reinit = 0;
+ }
+
+ sm->selectedMethod = sm->reqMethod;
+ if (sm->m == NULL)
+ sm->m = eap_sm_get_eap_methods(sm->reqVendor, method);
+ if (!sm->m) {
+ wpa_printf(MSG_DEBUG, "EAP: Could not find selected method: "
+ "vendor %d method %d",
+ sm->reqVendor, method);
+ goto nak;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP: Initialize selected EAP method: "
+ "vendor %u method %u (%s)",
+ sm->reqVendor, method, sm->m->name);
+ if (reinit)
+ sm->eap_method_priv = sm->m->init_for_reauth(
+ sm, sm->eap_method_priv);
+ else
+ sm->eap_method_priv = sm->m->init(sm);
+
+ if (sm->eap_method_priv == NULL) {
+ struct wpa_ssid *config = eap_get_config(sm);
+ wpa_msg(sm->msg_ctx, MSG_INFO,
+ "EAP: Failed to initialize EAP method: vendor %u "
+ "method %u (%s)",
+ sm->reqVendor, method, sm->m->name);
+ sm->m = NULL;
+ sm->methodState = METHOD_NONE;
+ sm->selectedMethod = EAP_TYPE_NONE;
+ if (sm->reqMethod == EAP_TYPE_TLS && config &&
+ (config->pending_req_pin ||
+ config->pending_req_passphrase)) {
+ /*
+ * Return without generating Nak in order to allow
+ * entering of PIN code or passphrase to retry the
+ * current EAP packet.
+ */
+ wpa_printf(MSG_DEBUG, "EAP: Pending PIN/passphrase "
+ "request - skip Nak");
+ return;
+ }
+
+ goto nak;
+ }
+
+ sm->methodState = METHOD_INIT;
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_METHOD
+ "EAP vendor %u method %u (%s) selected",
+ sm->reqVendor, method, sm->m->name);
+ return;
+
+nak:
+ os_free(sm->eapRespData);
+ sm->eapRespData = NULL;
+ sm->eapRespData = eap_sm_buildNak(sm, sm->reqId, &sm->eapRespDataLen);
+}
+
+
+/*
+ * The method processing happens here. The request from the authenticator is
+ * processed, and an appropriate response packet is built.
+ */
+SM_STATE(EAP, METHOD)
+{
+ u8 *eapReqData;
+ size_t eapReqDataLen;
+ struct eap_method_ret ret;
+
+ SM_ENTRY(EAP, METHOD);
+ if (sm->m == NULL) {
+ wpa_printf(MSG_WARNING, "EAP::METHOD - method not selected");
+ return;
+ }
+
+ eapReqData = eapol_get_eapReqData(sm, &eapReqDataLen);
+
+ /*
+ * Get ignore, methodState, decision, allowNotifications, and
+ * eapRespData. RFC 4137 uses three separate method procedure (check,
+ * process, and buildResp) in this state. These have been combined into
+ * a single function call to m->process() in order to optimize EAP
+ * method implementation interface a bit. These procedures are only
+ * used from within this METHOD state, so there is no need to keep
+ * these as separate C functions.
+ *
+ * The RFC 4137 procedures return values as follows:
+ * ignore = m.check(eapReqData)
+ * (methodState, decision, allowNotifications) = m.process(eapReqData)
+ * eapRespData = m.buildResp(reqId)
+ */
+ os_memset(&ret, 0, sizeof(ret));
+ ret.ignore = sm->ignore;
+ ret.methodState = sm->methodState;
+ ret.decision = sm->decision;
+ ret.allowNotifications = sm->allowNotifications;
+ os_free(sm->eapRespData);
+ sm->eapRespData = NULL;
+ sm->eapRespData = sm->m->process(sm, sm->eap_method_priv, &ret,
+ eapReqData, eapReqDataLen,
+ &sm->eapRespDataLen);
+ wpa_printf(MSG_DEBUG, "EAP: method process -> ignore=%s "
+ "methodState=%s decision=%s",
+ ret.ignore ? "TRUE" : "FALSE",
+ eap_sm_method_state_txt(ret.methodState),
+ eap_sm_decision_txt(ret.decision));
+
+ sm->ignore = ret.ignore;
+ if (sm->ignore)
+ return;
+ sm->methodState = ret.methodState;
+ sm->decision = ret.decision;
+ sm->allowNotifications = ret.allowNotifications;
+
+ if (sm->m->isKeyAvailable && sm->m->getKey &&
+ sm->m->isKeyAvailable(sm, sm->eap_method_priv)) {
+ os_free(sm->eapKeyData);
+ sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv,
+ &sm->eapKeyDataLen);
+ }
+}
+
+
+/*
+ * This state signals the lower layer that a response packet is ready to be
+ * sent.
+ */
+SM_STATE(EAP, SEND_RESPONSE)
+{
+ SM_ENTRY(EAP, SEND_RESPONSE);
+ os_free(sm->lastRespData);
+ if (sm->eapRespData) {
+ if (sm->workaround)
+ os_memcpy(sm->last_md5, sm->req_md5, 16);
+ sm->lastId = sm->reqId;
+ sm->lastRespData = os_malloc(sm->eapRespDataLen);
+ if (sm->lastRespData) {
+ os_memcpy(sm->lastRespData, sm->eapRespData,
+ sm->eapRespDataLen);
+ sm->lastRespDataLen = sm->eapRespDataLen;
+ }
+ eapol_set_bool(sm, EAPOL_eapResp, TRUE);
+ } else
+ sm->lastRespData = NULL;
+ eapol_set_bool(sm, EAPOL_eapReq, FALSE);
+ eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout);
+}
+
+
+/*
+ * This state signals the lower layer that the request was discarded, and no
+ * response packet will be sent at this time.
+ */
+SM_STATE(EAP, DISCARD)
+{
+ SM_ENTRY(EAP, DISCARD);
+ eapol_set_bool(sm, EAPOL_eapReq, FALSE);
+ eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
+}
+
+
+/*
+ * Handles requests for Identity method and builds a response.
+ */
+SM_STATE(EAP, IDENTITY)
+{
+ const u8 *eapReqData;
+ size_t eapReqDataLen;
+
+ SM_ENTRY(EAP, IDENTITY);
+ eapReqData = eapol_get_eapReqData(sm, &eapReqDataLen);
+ eap_sm_processIdentity(sm, eapReqData);
+ os_free(sm->eapRespData);
+ sm->eapRespData = NULL;
+ sm->eapRespData = eap_sm_buildIdentity(sm, sm->reqId,
+ &sm->eapRespDataLen, 0);
+}
+
+
+/*
+ * Handles requests for Notification method and builds a response.
+ */
+SM_STATE(EAP, NOTIFICATION)
+{
+ const u8 *eapReqData;
+ size_t eapReqDataLen;
+
+ SM_ENTRY(EAP, NOTIFICATION);
+ eapReqData = eapol_get_eapReqData(sm, &eapReqDataLen);
+ eap_sm_processNotify(sm, eapReqData);
+ os_free(sm->eapRespData);
+ sm->eapRespData = NULL;
+ sm->eapRespData = eap_sm_buildNotify(sm->reqId, &sm->eapRespDataLen);
+}
+
+
+/*
+ * This state retransmits the previous response packet.
+ */
+SM_STATE(EAP, RETRANSMIT)
+{
+ SM_ENTRY(EAP, RETRANSMIT);
+ os_free(sm->eapRespData);
+ if (sm->lastRespData) {
+ sm->eapRespData = os_malloc(sm->lastRespDataLen);
+ if (sm->eapRespData) {
+ os_memcpy(sm->eapRespData, sm->lastRespData,
+ sm->lastRespDataLen);
+ sm->eapRespDataLen = sm->lastRespDataLen;
+ }
+ } else
+ sm->eapRespData = NULL;
+}
+
+
+/*
+ * This state is entered in case of a successful completion of authentication
+ * and state machine waits here until port is disabled or EAP authentication is
+ * restarted.
+ */
+SM_STATE(EAP, SUCCESS)
+{
+ SM_ENTRY(EAP, SUCCESS);
+ if (sm->eapKeyData != NULL)
+ sm->eapKeyAvailable = TRUE;
+ eapol_set_bool(sm, EAPOL_eapSuccess, TRUE);
+
+ /*
+ * RFC 4137 does not clear eapReq here, but this seems to be required
+ * to avoid processing the same request twice when state machine is
+ * initialized.
+ */
+ eapol_set_bool(sm, EAPOL_eapReq, FALSE);
+
+ /*
+ * RFC 4137 does not set eapNoResp here, but this seems to be required
+ * to get EAPOL Supplicant backend state machine into SUCCESS state. In
+ * addition, either eapResp or eapNoResp is required to be set after
+ * processing the received EAP frame.
+ */
+ eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
+
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
+ "EAP authentication completed successfully");
+}
+
+
+/*
+ * This state is entered in case of a failure and state machine waits here
+ * until port is disabled or EAP authentication is restarted.
+ */
+SM_STATE(EAP, FAILURE)
+{
+ SM_ENTRY(EAP, FAILURE);
+ eapol_set_bool(sm, EAPOL_eapFail, TRUE);
+
+ /*
+ * RFC 4137 does not clear eapReq here, but this seems to be required
+ * to avoid processing the same request twice when state machine is
+ * initialized.
+ */
+ eapol_set_bool(sm, EAPOL_eapReq, FALSE);
+
+ /*
+ * RFC 4137 does not set eapNoResp here. However, either eapResp or
+ * eapNoResp is required to be set after processing the received EAP
+ * frame.
+ */
+ eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
+
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
+ "EAP authentication failed");
+}
+
+
+static int eap_success_workaround(struct eap_sm *sm, int reqId, int lastId)
+{
+ /*
+ * At least Microsoft IAS and Meetinghouse Aegis seem to be sending
+ * EAP-Success/Failure with lastId + 1 even though RFC 3748 and
+ * RFC 4137 require that reqId == lastId. In addition, it looks like
+ * Ringmaster v2.1.2.0 would be using lastId + 2 in EAP-Success.
+ *
+ * Accept this kind of Id if EAP workarounds are enabled. These are
+ * unauthenticated plaintext messages, so this should have minimal
+ * security implications (bit easier to fake EAP-Success/Failure).
+ */
+ if (sm->workaround && (reqId == ((lastId + 1) & 0xff) ||
+ reqId == ((lastId + 2) & 0xff))) {
+ wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected "
+ "identifier field in EAP Success: "
+ "reqId=%d lastId=%d (these are supposed to be "
+ "same)", reqId, lastId);
+ return 1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d "
+ "lastId=%d", reqId, lastId);
+ return 0;
+}
+
+
+/*
+ * RFC 4137 - Appendix A.1: EAP Peer State Machine - State transitions
+ */
+SM_STEP(EAP)
+{
+ int duplicate;
+
+ if (eapol_get_bool(sm, EAPOL_eapRestart) &&
+ eapol_get_bool(sm, EAPOL_portEnabled))
+ SM_ENTER_GLOBAL(EAP, INITIALIZE);
+ else if (!eapol_get_bool(sm, EAPOL_portEnabled) || sm->force_disabled)
+ SM_ENTER_GLOBAL(EAP, DISABLED);
+ else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
+ /* RFC 4137 does not place any limit on number of EAP messages
+ * in an authentication session. However, some error cases have
+ * ended up in a state were EAP messages were sent between the
+ * peer and server in a loop (e.g., TLS ACK frame in both
+ * direction). Since this is quite undesired outcome, limit the
+ * total number of EAP round-trips and abort authentication if
+ * this limit is exceeded.
+ */
+ if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
+ wpa_msg(sm->msg_ctx, MSG_INFO, "EAP: more than %d "
+ "authentication rounds - abort",
+ EAP_MAX_AUTH_ROUNDS);
+ sm->num_rounds++;
+ SM_ENTER_GLOBAL(EAP, FAILURE);
+ }
+ } else switch (sm->EAP_state) {
+ case EAP_INITIALIZE:
+ SM_ENTER(EAP, IDLE);
+ break;
+ case EAP_DISABLED:
+ if (eapol_get_bool(sm, EAPOL_portEnabled) &&
+ !sm->force_disabled)
+ SM_ENTER(EAP, INITIALIZE);
+ break;
+ case EAP_IDLE:
+ /*
+ * The first three transitions are from RFC 4137. The last two
+ * are local additions to handle special cases with LEAP and
+ * PEAP server not sending EAP-Success in some cases.
+ */
+ if (eapol_get_bool(sm, EAPOL_eapReq))
+ SM_ENTER(EAP, RECEIVED);
+ else if ((eapol_get_bool(sm, EAPOL_altAccept) &&
+ sm->decision != DECISION_FAIL) ||
+ (eapol_get_int(sm, EAPOL_idleWhile) == 0 &&
+ sm->decision == DECISION_UNCOND_SUCC))
+ SM_ENTER(EAP, SUCCESS);
+ else if (eapol_get_bool(sm, EAPOL_altReject) ||
+ (eapol_get_int(sm, EAPOL_idleWhile) == 0 &&
+ sm->decision != DECISION_UNCOND_SUCC) ||
+ (eapol_get_bool(sm, EAPOL_altAccept) &&
+ sm->methodState != METHOD_CONT &&
+ sm->decision == DECISION_FAIL))
+ SM_ENTER(EAP, FAILURE);
+ else if (sm->selectedMethod == EAP_TYPE_LEAP &&
+ sm->leap_done && sm->decision != DECISION_FAIL &&
+ sm->methodState == METHOD_DONE)
+ SM_ENTER(EAP, SUCCESS);
+ else if (sm->selectedMethod == EAP_TYPE_PEAP &&
+ sm->peap_done && sm->decision != DECISION_FAIL &&
+ sm->methodState == METHOD_DONE)
+ SM_ENTER(EAP, SUCCESS);
+ break;
+ case EAP_RECEIVED:
+ duplicate = (sm->reqId == sm->lastId) && sm->rxReq;
+ if (sm->workaround && duplicate &&
+ os_memcmp(sm->req_md5, sm->last_md5, 16) != 0) {
+ /*
+ * RFC 4137 uses (reqId == lastId) as the only
+ * verification for duplicate EAP requests. However,
+ * this misses cases where the AS is incorrectly using
+ * the same id again; and unfortunately, such
+ * implementations exist. Use MD5 hash as an extra
+ * verification for the packets being duplicate to
+ * workaround these issues.
+ */
+ wpa_printf(MSG_DEBUG, "EAP: AS used the same Id again,"
+ " but EAP packets were not identical");
+ wpa_printf(MSG_DEBUG, "EAP: workaround - assume this "
+ "is not a duplicate packet");
+ duplicate = 0;
+ }
+
+ /*
+ * Two special cases below for LEAP are local additions to work
+ * around odd LEAP behavior (EAP-Success in the middle of
+ * authentication and then swapped roles). Other transitions
+ * are based on RFC 4137.
+ */
+ if (sm->rxSuccess && sm->decision != DECISION_FAIL &&
+ (sm->reqId == sm->lastId ||
+ eap_success_workaround(sm, sm->reqId, sm->lastId)))
+ SM_ENTER(EAP, SUCCESS);
+ else if (sm->methodState != METHOD_CONT &&
+ ((sm->rxFailure &&
+ sm->decision != DECISION_UNCOND_SUCC) ||
+ (sm->rxSuccess && sm->decision == DECISION_FAIL &&
+ (sm->selectedMethod != EAP_TYPE_LEAP ||
+ sm->methodState != METHOD_MAY_CONT))) &&
+ (sm->reqId == sm->lastId ||
+ eap_success_workaround(sm, sm->reqId, sm->lastId)))
+ SM_ENTER(EAP, FAILURE);
+ else if (sm->rxReq && duplicate)
+ SM_ENTER(EAP, RETRANSMIT);
+ else if (sm->rxReq && !duplicate &&
+ sm->reqMethod == EAP_TYPE_NOTIFICATION &&
+ sm->allowNotifications)
+ SM_ENTER(EAP, NOTIFICATION);
+ else if (sm->rxReq && !duplicate &&
+ sm->selectedMethod == EAP_TYPE_NONE &&
+ sm->reqMethod == EAP_TYPE_IDENTITY)
+ SM_ENTER(EAP, IDENTITY);
+ else if (sm->rxReq && !duplicate &&
+ sm->selectedMethod == EAP_TYPE_NONE &&
+ sm->reqMethod != EAP_TYPE_IDENTITY &&
+ sm->reqMethod != EAP_TYPE_NOTIFICATION)
+ SM_ENTER(EAP, GET_METHOD);
+ else if (sm->rxReq && !duplicate &&
+ sm->reqMethod == sm->selectedMethod &&
+ sm->methodState != METHOD_DONE)
+ SM_ENTER(EAP, METHOD);
+ else if (sm->selectedMethod == EAP_TYPE_LEAP &&
+ (sm->rxSuccess || sm->rxResp))
+ SM_ENTER(EAP, METHOD);
+ else
+ SM_ENTER(EAP, DISCARD);
+ break;
+ case EAP_GET_METHOD:
+ if (sm->selectedMethod == sm->reqMethod)
+ SM_ENTER(EAP, METHOD);
+ else
+ SM_ENTER(EAP, SEND_RESPONSE);
+ break;
+ case EAP_METHOD:
+ if (sm->ignore)
+ SM_ENTER(EAP, DISCARD);
+ else
+ SM_ENTER(EAP, SEND_RESPONSE);
+ break;
+ case EAP_SEND_RESPONSE:
+ SM_ENTER(EAP, IDLE);
+ break;
+ case EAP_DISCARD:
+ SM_ENTER(EAP, IDLE);
+ break;
+ case EAP_IDENTITY:
+ SM_ENTER(EAP, SEND_RESPONSE);
+ break;
+ case EAP_NOTIFICATION:
+ SM_ENTER(EAP, SEND_RESPONSE);
+ break;
+ case EAP_RETRANSMIT:
+ SM_ENTER(EAP, SEND_RESPONSE);
+ break;
+ case EAP_SUCCESS:
+ break;
+ case EAP_FAILURE:
+ break;
+ }
+}
+
+
+static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor,
+ EapType method)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ if (!wpa_config_allowed_eap_method(config, vendor, method)) {
+ wpa_printf(MSG_DEBUG, "EAP: configuration does not allow: "
+ "vendor %u method %u", vendor, method);
+ return FALSE;
+ }
+ if (eap_sm_get_eap_methods(vendor, method))
+ return TRUE;
+ wpa_printf(MSG_DEBUG, "EAP: not included in build: "
+ "vendor %u method %u", vendor, method);
+ return FALSE;
+}
+
+
+static u8 * eap_sm_build_expanded_nak(struct eap_sm *sm, int id, size_t *len,
+ const struct eap_method *methods,
+ size_t count)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_hdr *resp;
+ u8 *pos;
+ int found = 0;
+ const struct eap_method *m;
+
+ wpa_printf(MSG_DEBUG, "EAP: Building expanded EAP-Nak");
+
+ /* RFC 3748 - 5.3.2: Expanded Nak */
+ *len = sizeof(struct eap_hdr) + 8;
+ resp = os_malloc(*len + 8 * (count + 1));
+ if (resp == NULL)
+ return NULL;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_EXPANDED;
+ WPA_PUT_BE24(pos, EAP_VENDOR_IETF);
+ pos += 3;
+ WPA_PUT_BE32(pos, EAP_TYPE_NAK);
+ pos += 4;
+
+ for (m = methods; m; m = m->next) {
+ if (sm->reqVendor == m->vendor &&
+ sm->reqVendorMethod == m->method)
+ continue; /* do not allow the current method again */
+ if (wpa_config_allowed_eap_method(config, m->vendor,
+ m->method)) {
+ wpa_printf(MSG_DEBUG, "EAP: allowed type: "
+ "vendor=%u method=%u",
+ m->vendor, m->method);
+ *pos++ = EAP_TYPE_EXPANDED;
+ WPA_PUT_BE24(pos, m->vendor);
+ pos += 3;
+ WPA_PUT_BE32(pos, m->method);
+ pos += 4;
+
+ (*len) += 8;
+ found++;
+ }
+ }
+ if (!found) {
+ wpa_printf(MSG_DEBUG, "EAP: no more allowed methods");
+ *pos++ = EAP_TYPE_EXPANDED;
+ WPA_PUT_BE24(pos, EAP_VENDOR_IETF);
+ pos += 3;
+ WPA_PUT_BE32(pos, EAP_TYPE_NONE);
+ pos += 4;
+
+ (*len) += 8;
+ }
+
+ resp->length = host_to_be16(*len);
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_sm_buildNak(struct eap_sm *sm, int id, size_t *len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_hdr *resp;
+ u8 *pos;
+ int found = 0, expanded_found = 0;
+ size_t count;
+ const struct eap_method *methods, *m;
+
+ wpa_printf(MSG_DEBUG, "EAP: Building EAP-Nak (requested type %u "
+ "vendor=%u method=%u not allowed)", sm->reqMethod,
+ sm->reqVendor, sm->reqVendorMethod);
+ methods = eap_peer_get_methods(&count);
+ if (methods == NULL)
+ return NULL;
+ if (sm->reqMethod == EAP_TYPE_EXPANDED)
+ return eap_sm_build_expanded_nak(sm, id, len, methods, count);
+
+ /* RFC 3748 - 5.3.1: Legacy Nak */
+ *len = sizeof(struct eap_hdr) + 1;
+ resp = os_malloc(*len + count + 1);
+ if (resp == NULL)
+ return NULL;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_NAK;
+
+ for (m = methods; m; m = m->next) {
+ if (m->vendor == EAP_VENDOR_IETF && m->method == sm->reqMethod)
+ continue; /* do not allow the current method again */
+ if (wpa_config_allowed_eap_method(config, m->vendor,
+ m->method)) {
+ if (m->vendor != EAP_VENDOR_IETF) {
+ if (expanded_found)
+ continue;
+ expanded_found = 1;
+ *pos++ = EAP_TYPE_EXPANDED;
+ } else
+ *pos++ = m->method;
+ (*len)++;
+ found++;
+ }
+ }
+ if (!found) {
+ *pos = EAP_TYPE_NONE;
+ (*len)++;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP: allowed methods",
+ ((u8 *) (resp + 1)) + 1, found);
+
+ resp->length = host_to_be16(*len);
+
+ return (u8 *) resp;
+}
+
+
+static void eap_sm_processIdentity(struct eap_sm *sm, const u8 *req)
+{
+ const struct eap_hdr *hdr = (const struct eap_hdr *) req;
+ const u8 *pos = (const u8 *) (hdr + 1);
+ pos++;
+
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
+ "EAP authentication started");
+
+ /*
+ * RFC 3748 - 5.1: Identity
+ * Data field may contain a displayable message in UTF-8. If this
+ * includes NUL-character, only the data before that should be
+ * displayed. Some EAP implementasitons may piggy-back additional
+ * options after the NUL.
+ */
+ /* TODO: could save displayable message so that it can be shown to the
+ * user in case of interaction is required */
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Identity data",
+ pos, be_to_host16(hdr->length) - 5);
+}
+
+
+#ifdef PCSC_FUNCS
+static int eap_sm_imsi_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
+{
+ int aka = 0;
+ char imsi[100];
+ size_t imsi_len;
+ struct eap_method_type *m = ssid->eap_methods;
+ int i;
+
+ imsi_len = sizeof(imsi);
+ if (scard_get_imsi(sm->scard_ctx, imsi, &imsi_len)) {
+ wpa_printf(MSG_WARNING, "Failed to get IMSI from SIM");
+ return -1;
+ }
+
+ wpa_hexdump_ascii(MSG_DEBUG, "IMSI", (u8 *) imsi, imsi_len);
+
+ for (i = 0; m && (m[i].vendor != EAP_VENDOR_IETF ||
+ m[i].method != EAP_TYPE_NONE); i++) {
+ if (m[i].vendor == EAP_VENDOR_IETF &&
+ m[i].method == EAP_TYPE_AKA) {
+ aka = 1;
+ break;
+ }
+ }
+
+ os_free(ssid->identity);
+ ssid->identity = os_malloc(1 + imsi_len);
+ if (ssid->identity == NULL) {
+ wpa_printf(MSG_WARNING, "Failed to allocate buffer for "
+ "IMSI-based identity");
+ return -1;
+ }
+
+ ssid->identity[0] = aka ? '0' : '1';
+ os_memcpy(ssid->identity + 1, imsi, imsi_len);
+ ssid->identity_len = 1 + imsi_len;
+
+ return 0;
+}
+#endif /* PCSC_FUNCS */
+
+
+static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
+{
+#ifdef PCSC_FUNCS
+ if (scard_set_pin(sm->scard_ctx, ssid->pin)) {
+ /*
+ * Make sure the same PIN is not tried again in order to avoid
+ * blocking SIM.
+ */
+ os_free(ssid->pin);
+ ssid->pin = NULL;
+
+ wpa_printf(MSG_WARNING, "PIN validation failed");
+ eap_sm_request_pin(sm);
+ return -1;
+ }
+
+ return eap_sm_imsi_identity(sm, ssid);
+#else /* PCSC_FUNCS */
+ return -1;
+#endif /* PCSC_FUNCS */
+}
+
+
+/**
+ * eap_sm_buildIdentity - Build EAP-Identity/Response for the current network
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @id: EAP identifier for the packet
+ * @len: Pointer to a variable that will be set to the length of the response
+ * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2)
+ * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on
+ * failure
+ *
+ * This function allocates and builds an EAP-Identity/Response packet for the
+ * current network. The caller is responsible for freeing the returned data.
+ */
+u8 * eap_sm_buildIdentity(struct eap_sm *sm, int id, size_t *len,
+ int encrypted)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_hdr *resp;
+ u8 *pos;
+ const u8 *identity;
+ size_t identity_len;
+
+ if (config == NULL) {
+ wpa_printf(MSG_WARNING, "EAP: buildIdentity: configuration "
+ "was not available");
+ return NULL;
+ }
+
+ if (sm->m && sm->m->get_identity &&
+ (identity = sm->m->get_identity(sm, sm->eap_method_priv,
+ &identity_len)) != NULL) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP: using method re-auth "
+ "identity", identity, identity_len);
+ } else if (!encrypted && config->anonymous_identity) {
+ identity = config->anonymous_identity;
+ identity_len = config->anonymous_identity_len;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity",
+ identity, identity_len);
+ } else {
+ identity = config->identity;
+ identity_len = config->identity_len;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP: using real identity",
+ identity, identity_len);
+ }
+
+ if (identity == NULL) {
+ wpa_printf(MSG_WARNING, "EAP: buildIdentity: identity "
+ "configuration was not available");
+ if (config->pcsc) {
+ if (eap_sm_get_scard_identity(sm, config) < 0)
+ return NULL;
+ identity = config->identity;
+ identity_len = config->identity_len;
+ wpa_hexdump_ascii(MSG_DEBUG, "permanent identity from "
+ "IMSI", identity, identity_len);
+ } else {
+ eap_sm_request_identity(sm);
+ return NULL;
+ }
+ }
+
+ *len = sizeof(struct eap_hdr) + 1 + identity_len;
+ resp = os_malloc(*len);
+ if (resp == NULL)
+ return NULL;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+ resp->length = host_to_be16(*len);
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_IDENTITY;
+ os_memcpy(pos, identity, identity_len);
+
+ return (u8 *) resp;
+}
+
+
+static void eap_sm_processNotify(struct eap_sm *sm, const u8 *req)
+{
+ const struct eap_hdr *hdr = (const struct eap_hdr *) req;
+ const u8 *pos;
+ char *msg;
+ size_t i, msg_len;
+
+ pos = (const u8 *) (hdr + 1);
+ pos++;
+
+ msg_len = be_to_host16(hdr->length);
+ if (msg_len < 5)
+ return;
+ msg_len -= 5;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Notification data",
+ pos, msg_len);
+
+ msg = os_malloc(msg_len + 1);
+ if (msg == NULL)
+ return;
+ for (i = 0; i < msg_len; i++)
+ msg[i] = isprint(pos[i]) ? (char) pos[i] : '_';
+ msg[msg_len] = '\0';
+ wpa_msg(sm->msg_ctx, MSG_INFO, "%s%s",
+ WPA_EVENT_EAP_NOTIFICATION, msg);
+ os_free(msg);
+}
+
+
+static u8 * eap_sm_buildNotify(int id, size_t *len)
+{
+ struct eap_hdr *resp;
+ u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "EAP: Generating EAP-Response Notification");
+ *len = sizeof(struct eap_hdr) + 1;
+ resp = os_malloc(*len);
+ if (resp == NULL)
+ return NULL;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+ resp->length = host_to_be16(*len);
+ pos = (u8 *) (resp + 1);
+ *pos = EAP_TYPE_NOTIFICATION;
+
+ return (u8 *) resp;
+}
+
+
+static void eap_sm_parseEapReq(struct eap_sm *sm, const u8 *req, size_t len)
+{
+ const struct eap_hdr *hdr;
+ size_t plen;
+ const u8 *pos;
+
+ sm->rxReq = sm->rxResp = sm->rxSuccess = sm->rxFailure = FALSE;
+ sm->reqId = 0;
+ sm->reqMethod = EAP_TYPE_NONE;
+ sm->reqVendor = EAP_VENDOR_IETF;
+ sm->reqVendorMethod = EAP_TYPE_NONE;
+
+ if (req == NULL || len < sizeof(*hdr))
+ return;
+
+ hdr = (const struct eap_hdr *) req;
+ plen = be_to_host16(hdr->length);
+ if (plen > len) {
+ wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
+ "(len=%lu plen=%lu)",
+ (unsigned long) len, (unsigned long) plen);
+ return;
+ }
+
+ sm->reqId = hdr->identifier;
+
+ if (sm->workaround) {
+ md5_vector(1, (const u8 **) &req, &plen, sm->req_md5);
+ }
+
+ switch (hdr->code) {
+ case EAP_CODE_REQUEST:
+ if (plen < sizeof(*hdr) + 1) {
+ wpa_printf(MSG_DEBUG, "EAP: Too short EAP-Request - "
+ "no Type field");
+ return;
+ }
+ sm->rxReq = TRUE;
+ pos = (const u8 *) (hdr + 1);
+ sm->reqMethod = *pos++;
+ if (sm->reqMethod == EAP_TYPE_EXPANDED) {
+ if (plen < sizeof(*hdr) + 8) {
+ wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
+ "expanded EAP-Packet (plen=%lu)",
+ (unsigned long) plen);
+ return;
+ }
+ sm->reqVendor = WPA_GET_BE24(pos);
+ pos += 3;
+ sm->reqVendorMethod = WPA_GET_BE32(pos);
+ }
+ wpa_printf(MSG_DEBUG, "EAP: Received EAP-Request id=%d "
+ "method=%u vendor=%u vendorMethod=%u",
+ sm->reqId, sm->reqMethod, sm->reqVendor,
+ sm->reqVendorMethod);
+ break;
+ case EAP_CODE_RESPONSE:
+ if (sm->selectedMethod == EAP_TYPE_LEAP) {
+ /*
+ * LEAP differs from RFC 4137 by using reversed roles
+ * for mutual authentication and because of this, we
+ * need to accept EAP-Response frames if LEAP is used.
+ */
+ if (plen < sizeof(*hdr) + 1) {
+ wpa_printf(MSG_DEBUG, "EAP: Too short "
+ "EAP-Response - no Type field");
+ return;
+ }
+ sm->rxResp = TRUE;
+ pos = (const u8 *) (hdr + 1);
+ sm->reqMethod = *pos;
+ wpa_printf(MSG_DEBUG, "EAP: Received EAP-Response for "
+ "LEAP method=%d id=%d",
+ sm->reqMethod, sm->reqId);
+ break;
+ }
+ wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Response");
+ break;
+ case EAP_CODE_SUCCESS:
+ wpa_printf(MSG_DEBUG, "EAP: Received EAP-Success");
+ sm->rxSuccess = TRUE;
+ break;
+ case EAP_CODE_FAILURE:
+ wpa_printf(MSG_DEBUG, "EAP: Received EAP-Failure");
+ sm->rxFailure = TRUE;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Packet with unknown "
+ "code %d", hdr->code);
+ break;
+ }
+}
+
+
+/**
+ * eap_sm_init - Allocate and initialize EAP state machine
+ * @eapol_ctx: Context data to be used with eapol_cb calls
+ * @eapol_cb: Pointer to EAPOL callback functions
+ * @msg_ctx: Context data for wpa_msg() calls
+ * @conf: EAP configuration
+ * Returns: Pointer to the allocated EAP state machine or %NULL on failure
+ *
+ * This function allocates and initializes an EAP state machine. In addition,
+ * this initializes TLS library for the new EAP state machine. eapol_cb pointer
+ * will be in use until eap_sm_deinit() is used to deinitialize this EAP state
+ * machine. Consequently, the caller must make sure that this data structure
+ * remains alive while the EAP state machine is active.
+ */
+struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
+ void *msg_ctx, struct eap_config *conf)
+{
+ struct eap_sm *sm;
+ struct tls_config tlsconf;
+
+ sm = os_zalloc(sizeof(*sm));
+ if (sm == NULL)
+ return NULL;
+ sm->eapol_ctx = eapol_ctx;
+ sm->eapol_cb = eapol_cb;
+ sm->msg_ctx = msg_ctx;
+ sm->ClientTimeout = 60;
+
+ os_memset(&tlsconf, 0, sizeof(tlsconf));
+ tlsconf.opensc_engine_path = conf->opensc_engine_path;
+ tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
+ tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
+ sm->ssl_ctx = tls_init(&tlsconf);
+ if (sm->ssl_ctx == NULL) {
+ wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
+ "context.");
+ os_free(sm);
+ return NULL;
+ }
+
+ return sm;
+}
+
+
+/**
+ * eap_sm_deinit - Deinitialize and free an EAP state machine
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * This function deinitializes EAP state machine and frees all allocated
+ * resources.
+ */
+void eap_sm_deinit(struct eap_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ eap_deinit_prev_method(sm, "EAP deinit");
+ eap_sm_abort(sm);
+ tls_deinit(sm->ssl_ctx);
+ os_free(sm);
+}
+
+
+/**
+ * eap_sm_step - Step EAP state machine
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * Returns: 1 if EAP state was changed or 0 if not
+ *
+ * This function advances EAP state machine to a new state to match with the
+ * current variables. This should be called whenever variables used by the EAP
+ * state machine have changed.
+ */
+int eap_sm_step(struct eap_sm *sm)
+{
+ int res = 0;
+ do {
+ sm->changed = FALSE;
+ SM_STEP_RUN(EAP);
+ if (sm->changed)
+ res = 1;
+ } while (sm->changed);
+ return res;
+}
+
+
+/**
+ * eap_sm_abort - Abort EAP authentication
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * Release system resources that have been allocated for the authentication
+ * session without fully deinitializing the EAP state machine.
+ */
+void eap_sm_abort(struct eap_sm *sm)
+{
+ os_free(sm->lastRespData);
+ sm->lastRespData = NULL;
+ os_free(sm->eapRespData);
+ sm->eapRespData = NULL;
+ os_free(sm->eapKeyData);
+ sm->eapKeyData = NULL;
+
+ /* This is not clearly specified in the EAP statemachines draft, but
+ * it seems necessary to make sure that some of the EAPOL variables get
+ * cleared for the next authentication. */
+ eapol_set_bool(sm, EAPOL_eapSuccess, FALSE);
+}
+
+
+#ifdef CONFIG_CTRL_IFACE
+static const char * eap_sm_state_txt(int state)
+{
+ switch (state) {
+ case EAP_INITIALIZE:
+ return "INITIALIZE";
+ case EAP_DISABLED:
+ return "DISABLED";
+ case EAP_IDLE:
+ return "IDLE";
+ case EAP_RECEIVED:
+ return "RECEIVED";
+ case EAP_GET_METHOD:
+ return "GET_METHOD";
+ case EAP_METHOD:
+ return "METHOD";
+ case EAP_SEND_RESPONSE:
+ return "SEND_RESPONSE";
+ case EAP_DISCARD:
+ return "DISCARD";
+ case EAP_IDENTITY:
+ return "IDENTITY";
+ case EAP_NOTIFICATION:
+ return "NOTIFICATION";
+ case EAP_RETRANSMIT:
+ return "RETRANSMIT";
+ case EAP_SUCCESS:
+ return "SUCCESS";
+ case EAP_FAILURE:
+ return "FAILURE";
+ default:
+ return "UNKNOWN";
+ }
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
+static const char * eap_sm_method_state_txt(EapMethodState state)
+{
+ switch (state) {
+ case METHOD_NONE:
+ return "NONE";
+ case METHOD_INIT:
+ return "INIT";
+ case METHOD_CONT:
+ return "CONT";
+ case METHOD_MAY_CONT:
+ return "MAY_CONT";
+ case METHOD_DONE:
+ return "DONE";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+static const char * eap_sm_decision_txt(EapDecision decision)
+{
+ switch (decision) {
+ case DECISION_FAIL:
+ return "FAIL";
+ case DECISION_COND_SUCC:
+ return "COND_SUCC";
+ case DECISION_UNCOND_SUCC:
+ return "UNCOND_SUCC";
+ default:
+ return "UNKNOWN";
+ }
+}
+#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef CONFIG_CTRL_IFACE
+
+/**
+ * eap_sm_get_status - Get EAP state machine status
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf.
+ *
+ * Query EAP state machine for status information. This function fills in a
+ * text area with current status information from the EAPOL state machine. If
+ * the buffer (buf) is not large enough, status information will be truncated
+ * to fit the buffer.
+ */
+int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen, int verbose)
+{
+ int len, ret;
+
+ if (sm == NULL)
+ return 0;
+
+ len = os_snprintf(buf, buflen,
+ "EAP state=%s\n",
+ eap_sm_state_txt(sm->EAP_state));
+ if (len < 0 || (size_t) len >= buflen)
+ return 0;
+
+ if (sm->selectedMethod != EAP_TYPE_NONE) {
+ const char *name;
+ if (sm->m) {
+ name = sm->m->name;
+ } else {
+ const struct eap_method *m =
+ eap_sm_get_eap_methods(EAP_VENDOR_IETF,
+ sm->selectedMethod);
+ if (m)
+ name = m->name;
+ else
+ name = "?";
+ }
+ ret = os_snprintf(buf + len, buflen - len,
+ "selectedMethod=%d (EAP-%s)\n",
+ sm->selectedMethod, name);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+
+ if (sm->m && sm->m->get_status) {
+ len += sm->m->get_status(sm, sm->eap_method_priv,
+ buf + len, buflen - len,
+ verbose);
+ }
+ }
+
+ if (verbose) {
+ ret = os_snprintf(buf + len, buflen - len,
+ "reqMethod=%d\n"
+ "methodState=%s\n"
+ "decision=%s\n"
+ "ClientTimeout=%d\n",
+ sm->reqMethod,
+ eap_sm_method_state_txt(sm->methodState),
+ eap_sm_decision_txt(sm->decision),
+ sm->ClientTimeout);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ }
+
+ return len;
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
+typedef enum {
+ TYPE_IDENTITY, TYPE_PASSWORD, TYPE_OTP, TYPE_PIN, TYPE_NEW_PASSWORD,
+ TYPE_PASSPHRASE
+} eap_ctrl_req_type;
+
+static void eap_sm_request(struct eap_sm *sm, eap_ctrl_req_type type,
+ const char *msg, size_t msglen)
+{
+ struct wpa_ssid *config;
+ char *buf;
+ size_t buflen;
+ int len;
+ char *field;
+ char *txt, *tmp;
+
+ if (sm == NULL)
+ return;
+ config = eap_get_config(sm);
+ if (config == NULL)
+ return;
+
+ switch (type) {
+ case TYPE_IDENTITY:
+ field = "IDENTITY";
+ txt = "Identity";
+ config->pending_req_identity++;
+ break;
+ case TYPE_PASSWORD:
+ field = "PASSWORD";
+ txt = "Password";
+ config->pending_req_password++;
+ break;
+ case TYPE_NEW_PASSWORD:
+ field = "NEW_PASSWORD";
+ txt = "New Password";
+ config->pending_req_new_password++;
+ break;
+ case TYPE_PIN:
+ field = "PIN";
+ txt = "PIN";
+ config->pending_req_pin++;
+ break;
+ case TYPE_OTP:
+ field = "OTP";
+ if (msg) {
+ tmp = os_malloc(msglen + 3);
+ if (tmp == NULL)
+ return;
+ tmp[0] = '[';
+ os_memcpy(tmp + 1, msg, msglen);
+ tmp[msglen + 1] = ']';
+ tmp[msglen + 2] = '\0';
+ txt = tmp;
+ os_free(config->pending_req_otp);
+ config->pending_req_otp = tmp;
+ config->pending_req_otp_len = msglen + 3;
+ } else {
+ if (config->pending_req_otp == NULL)
+ return;
+ txt = config->pending_req_otp;
+ }
+ break;
+ case TYPE_PASSPHRASE:
+ field = "PASSPHRASE";
+ txt = "Private key passphrase";
+ config->pending_req_passphrase++;
+ break;
+ default:
+ return;
+ }
+
+ buflen = 100 + os_strlen(txt) + config->ssid_len;
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return;
+ len = os_snprintf(buf, buflen,
+ WPA_CTRL_REQ "%s-%d:%s needed for SSID ",
+ field, config->id, txt);
+ if (len < 0 || (size_t) len >= buflen) {
+ os_free(buf);
+ return;
+ }
+ if (config->ssid && buflen > len + config->ssid_len) {
+ os_memcpy(buf + len, config->ssid, config->ssid_len);
+ len += config->ssid_len;
+ buf[len] = '\0';
+ }
+ buf[buflen - 1] = '\0';
+ wpa_msg(sm->msg_ctx, MSG_INFO, "%s", buf);
+ os_free(buf);
+}
+#else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+#define eap_sm_request(sm, type, msg, msglen) do { } while (0)
+#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+
+
+/**
+ * eap_sm_request_identity - Request identity from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * EAP methods can call this function to request identity information for the
+ * current network. This is normally called when the identity is not included
+ * in the network configuration. The request will be sent to monitor programs
+ * through the control interface.
+ */
+void eap_sm_request_identity(struct eap_sm *sm)
+{
+ eap_sm_request(sm, TYPE_IDENTITY, NULL, 0);
+}
+
+
+/**
+ * eap_sm_request_password - Request password from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * EAP methods can call this function to request password information for the
+ * current network. This is normally called when the password is not included
+ * in the network configuration. The request will be sent to monitor programs
+ * through the control interface.
+ */
+void eap_sm_request_password(struct eap_sm *sm)
+{
+ eap_sm_request(sm, TYPE_PASSWORD, NULL, 0);
+}
+
+
+/**
+ * eap_sm_request_new_password - Request new password from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * EAP methods can call this function to request new password information for
+ * the current network. This is normally called when the EAP method indicates
+ * that the current password has expired and password change is required. The
+ * request will be sent to monitor programs through the control interface.
+ */
+void eap_sm_request_new_password(struct eap_sm *sm)
+{
+ eap_sm_request(sm, TYPE_NEW_PASSWORD, NULL, 0);
+}
+
+
+/**
+ * eap_sm_request_pin - Request SIM or smart card PIN from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * EAP methods can call this function to request SIM or smart card PIN
+ * information for the current network. This is normally called when the PIN is
+ * not included in the network configuration. The request will be sent to
+ * monitor programs through the control interface.
+ */
+void eap_sm_request_pin(struct eap_sm *sm)
+{
+ eap_sm_request(sm, TYPE_PIN, NULL, 0);
+}
+
+
+/**
+ * eap_sm_request_otp - Request one time password from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @msg: Message to be displayed to the user when asking for OTP
+ * @msg_len: Length of the user displayable message
+ *
+ * EAP methods can call this function to request open time password (OTP) for
+ * the current network. The request will be sent to monitor programs through
+ * the control interface.
+ */
+void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len)
+{
+ eap_sm_request(sm, TYPE_OTP, msg, msg_len);
+}
+
+
+/**
+ * eap_sm_request_passphrase - Request passphrase from user (ctrl_iface)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * EAP methods can call this function to request passphrase for a private key
+ * for the current network. This is normally called when the passphrase is not
+ * included in the network configuration. The request will be sent to monitor
+ * programs through the control interface.
+ */
+void eap_sm_request_passphrase(struct eap_sm *sm)
+{
+ eap_sm_request(sm, TYPE_PASSPHRASE, NULL, 0);
+}
+
+
+/**
+ * eap_sm_notify_ctrl_attached - Notification of attached monitor
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * Notify EAP state machines that a monitor was attached to the control
+ * interface to trigger re-sending of pending requests for user input.
+ */
+void eap_sm_notify_ctrl_attached(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ if (config == NULL)
+ return;
+
+ /* Re-send any pending requests for user data since a new control
+ * interface was added. This handles cases where the EAP authentication
+ * starts immediately after system startup when the user interface is
+ * not yet running. */
+ if (config->pending_req_identity)
+ eap_sm_request_identity(sm);
+ if (config->pending_req_password)
+ eap_sm_request_password(sm);
+ if (config->pending_req_new_password)
+ eap_sm_request_new_password(sm);
+ if (config->pending_req_otp)
+ eap_sm_request_otp(sm, NULL, 0);
+ if (config->pending_req_pin)
+ eap_sm_request_pin(sm);
+ if (config->pending_req_passphrase)
+ eap_sm_request_passphrase(sm);
+}
+
+
+static int eap_allowed_phase2_type(int vendor, int type)
+{
+ if (vendor != EAP_VENDOR_IETF)
+ return 0;
+ return type != EAP_TYPE_PEAP && type != EAP_TYPE_TTLS &&
+ type != EAP_TYPE_FAST;
+}
+
+
+/**
+ * eap_get_phase2_type - Get EAP type for the given EAP phase 2 method name
+ * @name: EAP method name, e.g., MD5
+ * @vendor: Buffer for returning EAP Vendor-Id
+ * Returns: EAP method type or %EAP_TYPE_NONE if not found
+ *
+ * This function maps EAP type names into EAP type numbers that are allowed for
+ * Phase 2, i.e., for tunneled authentication. Phase 2 is used, e.g., with
+ * EAP-PEAP, EAP-TTLS, and EAP-FAST.
+ */
+u32 eap_get_phase2_type(const char *name, int *vendor)
+{
+ int v;
+ u8 type = eap_get_type(name, &v);
+ if (eap_allowed_phase2_type(v, type)) {
+ *vendor = v;
+ return type;
+ }
+ *vendor = EAP_VENDOR_IETF;
+ return EAP_TYPE_NONE;
+}
+
+
+/**
+ * eap_get_phase2_types - Get list of allowed EAP phase 2 types
+ * @config: Pointer to a network configuration
+ * @count: Pointer to a variable to be filled with number of returned EAP types
+ * Returns: Pointer to allocated type list or %NULL on failure
+ *
+ * This function generates an array of allowed EAP phase 2 (tunneled) types for
+ * the given network configuration.
+ */
+struct eap_method_type * eap_get_phase2_types(struct wpa_ssid *config,
+ size_t *count)
+{
+ struct eap_method_type *buf;
+ u32 method;
+ int vendor;
+ size_t mcount;
+ const struct eap_method *methods, *m;
+
+ methods = eap_peer_get_methods(&mcount);
+ if (methods == NULL)
+ return NULL;
+ *count = 0;
+ buf = os_malloc(mcount * sizeof(struct eap_method_type));
+ if (buf == NULL)
+ return NULL;
+
+ for (m = methods; m; m = m->next) {
+ vendor = m->vendor;
+ method = m->method;
+ if (eap_allowed_phase2_type(vendor, method)) {
+ if (vendor == EAP_VENDOR_IETF &&
+ method == EAP_TYPE_TLS && config &&
+ config->private_key2 == NULL)
+ continue;
+ buf[*count].vendor = vendor;
+ buf[*count].method = method;
+ (*count)++;
+ }
+ }
+
+ return buf;
+}
+
+
+/**
+ * eap_set_fast_reauth - Update fast_reauth setting
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @enabled: 1 = Fast reauthentication is enabled, 0 = Disabled
+ */
+void eap_set_fast_reauth(struct eap_sm *sm, int enabled)
+{
+ sm->fast_reauth = enabled;
+}
+
+
+/**
+ * eap_set_workaround - Update EAP workarounds setting
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @workaround: 1 = Enable EAP workarounds, 0 = Disable EAP workarounds
+ */
+void eap_set_workaround(struct eap_sm *sm, unsigned int workaround)
+{
+ sm->workaround = workaround;
+}
+
+
+/**
+ * eap_get_config - Get current network configuration
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * Returns: Pointer to the current network configuration or %NULL if not found
+ *
+ * EAP peer methods should avoid using this function if they can use other
+ * access functions, like eap_get_config_identity() and
+ * eap_get_config_password(), that do not require direct access to
+ * struct wpa_ssid.
+ */
+struct wpa_ssid * eap_get_config(struct eap_sm *sm)
+{
+ return sm->eapol_cb->get_config(sm->eapol_ctx);
+}
+
+
+/**
+ * eap_get_config_password - Get identity from the network configuration
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Buffer for the length of the identity
+ * Returns: Pointer to the identity or %NULL if not found
+ */
+const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL)
+ return NULL;
+ *len = config->identity_len;
+ return config->identity;
+}
+
+
+/**
+ * eap_get_config_password - Get password from the network configuration
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Buffer for the length of the password
+ * Returns: Pointer to the password or %NULL if not found
+ */
+const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL)
+ return NULL;
+ *len = config->password_len;
+ return config->password;
+}
+
+
+/**
+ * eap_get_config_new_password - Get new password from network configuration
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Buffer for the length of the new password
+ * Returns: Pointer to the new password or %NULL if not found
+ */
+const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL)
+ return NULL;
+ *len = config->new_password_len;
+ return config->new_password;
+}
+
+
+/**
+ * eap_get_config_otp - Get one-time password from the network configuration
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Buffer for the length of the one-time password
+ * Returns: Pointer to the one-time password or %NULL if not found
+ */
+const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL)
+ return NULL;
+ *len = config->otp_len;
+ return config->otp;
+}
+
+
+/**
+ * eap_clear_config_otp - Clear used one-time password
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * This function clears a used one-time password (OTP) from the current network
+ * configuration. This should be called when the OTP has been used and is not
+ * needed anymore.
+ */
+void eap_clear_config_otp(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL)
+ return;
+ os_memset(config->otp, 0, config->otp_len);
+ os_free(config->otp);
+ config->otp = NULL;
+ config->otp_len = 0;
+}
+
+
+/**
+ * eap_key_available - Get key availability (eapKeyAvailable variable)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * Returns: 1 if EAP keying material is available, 0 if not
+ */
+int eap_key_available(struct eap_sm *sm)
+{
+ return sm ? sm->eapKeyAvailable : 0;
+}
+
+
+/**
+ * eap_notify_success - Notify EAP state machine about external success trigger
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * This function is called when external event, e.g., successful completion of
+ * WPA-PSK key handshake, is indicating that EAP state machine should move to
+ * success state. This is mainly used with security modes that do not use EAP
+ * state machine (e.g., WPA-PSK).
+ */
+void eap_notify_success(struct eap_sm *sm)
+{
+ if (sm) {
+ sm->decision = DECISION_COND_SUCC;
+ sm->EAP_state = EAP_SUCCESS;
+ }
+}
+
+
+/**
+ * eap_notify_lower_layer_success - Notification of lower layer success
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * Notify EAP state machines that a lower layer has detected a successful
+ * authentication. This is used to recover from dropped EAP-Success messages.
+ */
+void eap_notify_lower_layer_success(struct eap_sm *sm)
+{
+ if (sm == NULL)
+ return;
+
+ if (eapol_get_bool(sm, EAPOL_eapSuccess) ||
+ sm->decision == DECISION_FAIL ||
+ (sm->methodState != METHOD_MAY_CONT &&
+ sm->methodState != METHOD_DONE))
+ return;
+
+ if (sm->eapKeyData != NULL)
+ sm->eapKeyAvailable = TRUE;
+ eapol_set_bool(sm, EAPOL_eapSuccess, TRUE);
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
+ "EAP authentication completed successfully (based on lower "
+ "layer success)");
+}
+
+
+/**
+ * eap_get_eapKeyData - Get master session key (MSK) from EAP state machine
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Pointer to variable that will be set to number of bytes in the key
+ * Returns: Pointer to the EAP keying data or %NULL on failure
+ *
+ * Fetch EAP keying material (MSK, eapKeyData) from the EAP state machine. The
+ * key is available only after a successful authentication. EAP state machine
+ * continues to manage the key data and the caller must not change or free the
+ * returned data.
+ */
+const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len)
+{
+ if (sm == NULL || sm->eapKeyData == NULL) {
+ *len = 0;
+ return NULL;
+ }
+
+ *len = sm->eapKeyDataLen;
+ return sm->eapKeyData;
+}
+
+
+/**
+ * eap_get_eapKeyData - Get EAP response data
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @len: Pointer to variable that will be set to the length of the response
+ * Returns: Pointer to the EAP response (eapRespData) or %NULL on failure
+ *
+ * Fetch EAP response (eapRespData) from the EAP state machine. This data is
+ * available when EAP state machine has processed an incoming EAP request. The
+ * EAP state machine does not maintain a reference to the response after this
+ * function is called and the caller is responsible for freeing the data.
+ */
+u8 * eap_get_eapRespData(struct eap_sm *sm, size_t *len)
+{
+ u8 *resp;
+
+ if (sm == NULL || sm->eapRespData == NULL) {
+ *len = 0;
+ return NULL;
+ }
+
+ resp = sm->eapRespData;
+ *len = sm->eapRespDataLen;
+ sm->eapRespData = NULL;
+ sm->eapRespDataLen = 0;
+
+ return resp;
+}
+
+
+/**
+ * eap_sm_register_scard_ctx - Notification of smart card context
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @ctx: Context data for smart card operations
+ *
+ * Notify EAP state machines of context data for smart card operations. This
+ * context data will be used as a parameter for scard_*() functions.
+ */
+void eap_register_scard_ctx(struct eap_sm *sm, void *ctx)
+{
+ if (sm)
+ sm->scard_ctx = ctx;
+}
+
+
+/**
+ * eap_hdr_validate - Validate EAP header
+ * @vendor: Expected EAP Vendor-Id (0 = IETF)
+ * @eap_type: Expected EAP type number
+ * @msg: EAP frame (starting with EAP header)
+ * @msglen: Length of msg
+ * @plen: Pointer to variable to contain the returned payload length
+ * Returns: Pointer to EAP payload (after type field), or %NULL on failure
+ *
+ * This is a helper function for EAP method implementations. This is usually
+ * called in the beginning of struct eap_method::process() function to verify
+ * that the received EAP request packet has a valid header. This function is
+ * able to process both legacy and expanded EAP headers and in most cases, the
+ * caller can just use the returned payload pointer (into *plen) for processing
+ * the payload regardless of whether the packet used the expanded EAP header or
+ * not.
+ */
+const u8 * eap_hdr_validate(int vendor, EapType eap_type,
+ const u8 *msg, size_t msglen, size_t *plen)
+{
+ const struct eap_hdr *hdr;
+ const u8 *pos;
+ size_t len;
+
+ hdr = (const struct eap_hdr *) msg;
+
+ if (msglen < sizeof(*hdr)) {
+ wpa_printf(MSG_INFO, "EAP: Too short EAP frame");
+ return NULL;
+ }
+
+ len = be_to_host16(hdr->length);
+ if (len < sizeof(*hdr) + 1 || len > msglen) {
+ wpa_printf(MSG_INFO, "EAP: Invalid EAP length");
+ return NULL;
+ }
+
+ pos = (const u8 *) (hdr + 1);
+
+ if (*pos == EAP_TYPE_EXPANDED) {
+ int exp_vendor;
+ u32 exp_type;
+ if (len < sizeof(*hdr) + 8) {
+ wpa_printf(MSG_INFO, "EAP: Invalid expanded EAP "
+ "length");
+ return NULL;
+ }
+ pos++;
+ exp_vendor = WPA_GET_BE24(pos);
+ pos += 3;
+ exp_type = WPA_GET_BE32(pos);
+ pos += 4;
+ if (exp_vendor != vendor || exp_type != (u32) eap_type) {
+ wpa_printf(MSG_INFO, "EAP: Invalid expanded frame "
+ "type");
+ return NULL;
+ }
+
+ *plen = len - sizeof(*hdr) - 8;
+ return pos;
+ } else {
+ if (vendor != EAP_VENDOR_IETF || *pos != eap_type) {
+ wpa_printf(MSG_INFO, "EAP: Invalid frame type");
+ return NULL;
+ }
+ *plen = len - sizeof(*hdr) - 1;
+ return pos + 1;
+ }
+}
+
+
+/**
+ * eap_set_config_blob - Set or add a named configuration blob
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @blob: New value for the blob
+ *
+ * Adds a new configuration blob or replaces the current value of an existing
+ * blob.
+ */
+void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob)
+{
+ sm->eapol_cb->set_config_blob(sm->eapol_ctx, blob);
+}
+
+
+/**
+ * eap_get_config_blob - Get a named configuration blob
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @name: Name of the blob
+ * Returns: Pointer to blob data or %NULL if not found
+ */
+const struct wpa_config_blob * eap_get_config_blob(struct eap_sm *sm,
+ const char *name)
+{
+ return sm->eapol_cb->get_config_blob(sm->eapol_ctx, name);
+}
+
+
+/**
+ * eap_set_force_disabled - Set force_disabled flag
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @disabled: 1 = EAP disabled, 0 = EAP enabled
+ *
+ * This function is used to force EAP state machine to be disabled when it is
+ * not in use (e.g., with WPA-PSK or plaintext connections).
+ */
+void eap_set_force_disabled(struct eap_sm *sm, int disabled)
+{
+ sm->force_disabled = disabled;
+}
+
+
+/**
+ * eap_msg_alloc - Allocate a buffer for an EAP message
+ * @vendor: Vendor-Id (0 = IETF)
+ * @type: EAP type
+ * @len: Buffer for returning message length
+ * @payload_len: Payload length in bytes (data after Type)
+ * @code: Message Code (EAP_CODE_*)
+ * @identifier: Identifier
+ * @payload: Pointer to payload pointer that will be set to point to the
+ * beginning of the payload or %NULL if payload pointer is not needed
+ * Returns: Pointer to the allocated message buffer or %NULL on error
+ *
+ * This function can be used to allocate a buffer for an EAP message and fill
+ * in the EAP header. This function is automatically using expanded EAP header
+ * if the selected Vendor-Id is not IETF. In other words, most EAP methods do
+ * not need to separately select which header type to use when using this
+ * function to allocate the message buffers.
+ */
+struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len,
+ size_t payload_len, u8 code, u8 identifier,
+ u8 **payload)
+{
+ struct eap_hdr *hdr;
+ u8 *pos;
+
+ *len = sizeof(struct eap_hdr) + (vendor == EAP_VENDOR_IETF ? 1 : 8) +
+ payload_len;
+ hdr = os_malloc(*len);
+ if (hdr) {
+ hdr->code = code;
+ hdr->identifier = identifier;
+ hdr->length = host_to_be16(*len);
+ pos = (u8 *) (hdr + 1);
+ if (vendor == EAP_VENDOR_IETF) {
+ *pos++ = type;
+ } else {
+ *pos++ = EAP_TYPE_EXPANDED;
+ WPA_PUT_BE24(pos, vendor);
+ pos += 3;
+ WPA_PUT_BE32(pos, type);
+ pos += 4;
+ }
+ if (payload)
+ *payload = pos;
+ }
+
+ return hdr;
+}
+
+
+ /**
+ * eap_notify_pending - Notify that EAP method is ready to re-process a request
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ *
+ * An EAP method can perform a pending operation (e.g., to get a response from
+ * an external process). Once the response is available, this function can be
+ * used to request EAPOL state machine to retry delivering the previously
+ * received (and still unanswered) EAP request to EAP state machine.
+ */
+void eap_notify_pending(struct eap_sm *sm)
+{
+ sm->eapol_cb->notify_pending(sm->eapol_ctx);
+}
+
+
+/**
+ * eap_invalidate_cached_session - Mark cached session data invalid
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ */
+void eap_invalidate_cached_session(struct eap_sm *sm)
+{
+ if (sm)
+ eap_deinit_prev_method(sm, "invalidate");
+}
--- /dev/null
+/*
+ * EAP peer state machine functions (RFC 4137)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_H
+#define EAP_H
+
+#include "defs.h"
+#include "eap_defs.h"
+#include "eap_methods.h"
+
+struct eap_sm;
+struct wpa_ssid;
+struct wpa_config_blob;
+
+struct eap_method_type {
+ int vendor;
+ u32 method;
+};
+
+#ifdef IEEE8021X_EAPOL
+
+/**
+ * enum eapol_bool_var - EAPOL boolean state variables for EAP state machine
+ *
+ * These variables are used in the interface between EAP peer state machine and
+ * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
+ * expected to maintain these variables and register a callback functions for
+ * EAP state machine to get and set the variables.
+ */
+enum eapol_bool_var {
+ /**
+ * EAPOL_eapSuccess - EAP SUCCESS state reached
+ *
+ * EAP state machine reads and writes this value.
+ */
+ EAPOL_eapSuccess,
+
+ /**
+ * EAPOL_eapRestart - Lower layer request to restart authentication
+ *
+ * Set to TRUE in lower layer, FALSE in EAP state machine.
+ */
+ EAPOL_eapRestart,
+
+ /**
+ * EAPOL_eapFail - EAP FAILURE state reached
+ *
+ * EAP state machine writes this value.
+ */
+ EAPOL_eapFail,
+
+ /**
+ * EAPOL_eapResp - Response to send
+ *
+ * Set to TRUE in EAP state machine, FALSE in lower layer.
+ */
+ EAPOL_eapResp,
+
+ /**
+ * EAPOL_eapNoResp - Request has been process; no response to send
+ *
+ * Set to TRUE in EAP state machine, FALSE in lower layer.
+ */
+ EAPOL_eapNoResp,
+
+ /**
+ * EAPOL_eapReq - EAP request available from lower layer
+ *
+ * Set to TRUE in lower layer, FALSE in EAP state machine.
+ */
+ EAPOL_eapReq,
+
+ /**
+ * EAPOL_portEnabled - Lower layer is ready for communication
+ *
+ * EAP state machines reads this value.
+ */
+ EAPOL_portEnabled,
+
+ /**
+ * EAPOL_altAccept - Alternate indication of success (RFC3748)
+ *
+ * EAP state machines reads this value.
+ */
+ EAPOL_altAccept,
+
+ /**
+ * EAPOL_altReject - Alternate indication of failure (RFC3748)
+ *
+ * EAP state machines reads this value.
+ */
+ EAPOL_altReject
+};
+
+/**
+ * enum eapol_int_var - EAPOL integer state variables for EAP state machine
+ *
+ * These variables are used in the interface between EAP peer state machine and
+ * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
+ * expected to maintain these variables and register a callback functions for
+ * EAP state machine to get and set the variables.
+ */
+enum eapol_int_var {
+ /**
+ * EAPOL_idleWhile - Outside time for EAP peer timeout
+ *
+ * This integer variable is used to provide an outside timer that the
+ * external (to EAP state machine) code must decrement by one every
+ * second until the value reaches zero. This is used in the same way as
+ * EAPOL state machine timers. EAP state machine reads and writes this
+ * value.
+ */
+ EAPOL_idleWhile
+};
+
+/**
+ * struct eapol_callbacks - Callback functions from EAP to lower layer
+ *
+ * This structure defines the callback functions that EAP state machine
+ * requires from the lower layer (usually EAPOL state machine) for updating
+ * state variables and requesting information. eapol_ctx from eap_sm_init()
+ * call will be used as the ctx parameter for these callback functions.
+ */
+struct eapol_callbacks {
+ /**
+ * get_config - Get pointer to the current network configuration
+ * @ctx: eapol_ctx from eap_sm_init() call
+ */
+ struct wpa_ssid * (*get_config)(void *ctx);
+
+ /**
+ * get_bool - Get a boolean EAPOL state variable
+ * @variable: EAPOL boolean variable to get
+ * Returns: Value of the EAPOL variable
+ */
+ Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable);
+
+ /**
+ * set_bool - Set a boolean EAPOL state variable
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @variable: EAPOL boolean variable to set
+ * @value: Value for the EAPOL variable
+ */
+ void (*set_bool)(void *ctx, enum eapol_bool_var variable,
+ Boolean value);
+
+ /**
+ * get_int - Get an integer EAPOL state variable
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @variable: EAPOL integer variable to get
+ * Returns: Value of the EAPOL variable
+ */
+ unsigned int (*get_int)(void *ctx, enum eapol_int_var variable);
+
+ /**
+ * set_int - Set an integer EAPOL state variable
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @variable: EAPOL integer variable to set
+ * @value: Value for the EAPOL variable
+ */
+ void (*set_int)(void *ctx, enum eapol_int_var variable,
+ unsigned int value);
+
+ /**
+ * get_eapReqData - Get EAP-Request data
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @len: Pointer to variable that will be set to eapReqDataLen
+ * Returns: Reference to eapReqData (EAP state machine will not free
+ * this) or %NULL if eapReqData not available.
+ */
+ u8 * (*get_eapReqData)(void *ctx, size_t *len);
+
+ /**
+ * set_config_blob - Set named configuration blob
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @blob: New value for the blob
+ *
+ * Adds a new configuration blob or replaces the current value of an
+ * existing blob.
+ */
+ void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
+
+ /**
+ * get_config_blob - Get a named configuration blob
+ * @ctx: eapol_ctx from eap_sm_init() call
+ * @name: Name of the blob
+ * Returns: Pointer to blob data or %NULL if not found
+ */
+ const struct wpa_config_blob * (*get_config_blob)(void *ctx,
+ const char *name);
+
+ /**
+ * notify_pending - Notify that a pending request can be retried
+ * @ctx: eapol_ctx from eap_sm_init() call
+ *
+ * An EAP method can perform a pending operation (e.g., to get a
+ * response from an external process). Once the response is available,
+ * this callback function can be used to request EAPOL state machine to
+ * retry delivering the previously received (and still unanswered) EAP
+ * request to EAP state machine.
+ */
+ void (*notify_pending)(void *ctx);
+};
+
+/**
+ * struct eap_config - Configuration for EAP state machine
+ */
+struct eap_config {
+ /**
+ * opensc_engine_path - OpenSC engine for OpenSSL engine support
+ *
+ * Usually, path to engine_opensc.so.
+ */
+ const char *opensc_engine_path;
+ /**
+ * pkcs11_engine_path - PKCS#11 engine for OpenSSL engine support
+ *
+ * Usually, path to engine_pkcs11.so.
+ */
+ const char *pkcs11_engine_path;
+ /**
+ * pkcs11_module_path - OpenSC PKCS#11 module for OpenSSL engine
+ *
+ * Usually, path to opensc-pkcs11.so.
+ */
+ const char *pkcs11_module_path;
+};
+
+struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
+ void *msg_ctx, struct eap_config *conf);
+void eap_sm_deinit(struct eap_sm *sm);
+int eap_sm_step(struct eap_sm *sm);
+void eap_sm_abort(struct eap_sm *sm);
+int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen,
+ int verbose);
+u8 * eap_sm_buildIdentity(struct eap_sm *sm, int id, size_t *len,
+ int encrypted);
+void eap_sm_request_identity(struct eap_sm *sm);
+void eap_sm_request_password(struct eap_sm *sm);
+void eap_sm_request_new_password(struct eap_sm *sm);
+void eap_sm_request_pin(struct eap_sm *sm);
+void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len);
+void eap_sm_request_passphrase(struct eap_sm *sm);
+void eap_sm_notify_ctrl_attached(struct eap_sm *sm);
+u32 eap_get_phase2_type(const char *name, int *vendor);
+struct eap_method_type * eap_get_phase2_types(struct wpa_ssid *config,
+ size_t *count);
+void eap_set_fast_reauth(struct eap_sm *sm, int enabled);
+void eap_set_workaround(struct eap_sm *sm, unsigned int workaround);
+void eap_set_force_disabled(struct eap_sm *sm, int disabled);
+int eap_key_available(struct eap_sm *sm);
+void eap_notify_success(struct eap_sm *sm);
+void eap_notify_lower_layer_success(struct eap_sm *sm);
+const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len);
+u8 * eap_get_eapRespData(struct eap_sm *sm, size_t *len);
+void eap_register_scard_ctx(struct eap_sm *sm, void *ctx);
+void eap_invalidate_cached_session(struct eap_sm *sm);
+
+#endif /* IEEE8021X_EAPOL */
+
+#endif /* EAP_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-AKA (RFC 4187)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "crypto.h"
+#include "pcsc_funcs.h"
+#include "eap_sim_common.h"
+
+
+struct eap_aka_data {
+ u8 ik[EAP_AKA_IK_LEN], ck[EAP_AKA_CK_LEN], res[EAP_AKA_RES_MAX_LEN];
+ size_t res_len;
+ u8 nonce_s[EAP_SIM_NONCE_S_LEN];
+ u8 mk[EAP_SIM_MK_LEN];
+ u8 k_aut[EAP_SIM_K_AUT_LEN];
+ u8 k_encr[EAP_SIM_K_ENCR_LEN];
+ u8 msk[EAP_SIM_KEYING_DATA_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+ u8 rand[EAP_AKA_RAND_LEN], autn[EAP_AKA_AUTN_LEN];
+ u8 auts[EAP_AKA_AUTS_LEN];
+
+ int num_id_req, num_notification;
+ u8 *pseudonym;
+ size_t pseudonym_len;
+ u8 *reauth_id;
+ size_t reauth_id_len;
+ int reauth;
+ unsigned int counter, counter_too_small;
+ u8 *last_eap_identity;
+ size_t last_eap_identity_len;
+ enum { CONTINUE, SUCCESS, FAILURE } state;
+};
+
+
+static void * eap_aka_init(struct eap_sm *sm)
+{
+ struct eap_aka_data *data;
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+
+ data->state = CONTINUE;
+
+ return data;
+}
+
+
+static void eap_aka_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_aka_data *data = priv;
+ if (data) {
+ os_free(data->pseudonym);
+ os_free(data->reauth_id);
+ os_free(data->last_eap_identity);
+ os_free(data);
+ }
+}
+
+
+static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
+{
+ wpa_printf(MSG_DEBUG, "EAP-AKA: UMTS authentication algorithm");
+#ifdef PCSC_FUNCS
+ return scard_umts_auth(sm->scard_ctx, data->rand,
+ data->autn, data->res, &data->res_len,
+ data->ik, data->ck, data->auts);
+#else /* PCSC_FUNCS */
+ /* These hardcoded Kc and SRES values are used for testing.
+ * Could consider making them configurable. */
+ os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN);
+ data->res_len = EAP_AKA_RES_MAX_LEN;
+ os_memset(data->ik, '3', EAP_AKA_IK_LEN);
+ os_memset(data->ck, '4', EAP_AKA_CK_LEN);
+ {
+ u8 autn[EAP_AKA_AUTN_LEN];
+ os_memset(autn, '1', EAP_AKA_AUTN_LEN);
+ if (os_memcmp(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: AUTN did not match "
+ "with expected value");
+ return -1;
+ }
+ }
+#if 0
+ {
+ static int test_resync = 1;
+ if (test_resync) {
+ /* Test Resynchronization */
+ test_resync = 0;
+ return -2;
+ }
+ }
+#endif
+ return 0;
+#endif /* PCSC_FUNCS */
+}
+
+
+#define CLEAR_PSEUDONYM 0x01
+#define CLEAR_REAUTH_ID 0x02
+#define CLEAR_EAP_ID 0x04
+
+static void eap_aka_clear_identities(struct eap_aka_data *data, int id)
+{
+ wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old%s%s%s",
+ id & CLEAR_PSEUDONYM ? " pseudonym" : "",
+ id & CLEAR_REAUTH_ID ? " reauth_id" : "",
+ id & CLEAR_EAP_ID ? " eap_id" : "");
+ if (id & CLEAR_PSEUDONYM) {
+ os_free(data->pseudonym);
+ data->pseudonym = NULL;
+ data->pseudonym_len = 0;
+ }
+ if (id & CLEAR_REAUTH_ID) {
+ os_free(data->reauth_id);
+ data->reauth_id = NULL;
+ data->reauth_id_len = 0;
+ }
+ if (id & CLEAR_EAP_ID) {
+ os_free(data->last_eap_identity);
+ data->last_eap_identity = NULL;
+ data->last_eap_identity_len = 0;
+ }
+}
+
+
+static int eap_aka_learn_ids(struct eap_aka_data *data,
+ struct eap_sim_attrs *attr)
+{
+ if (attr->next_pseudonym) {
+ os_free(data->pseudonym);
+ data->pseudonym = os_malloc(attr->next_pseudonym_len);
+ if (data->pseudonym == NULL) {
+ wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for "
+ "next pseudonym");
+ return -1;
+ }
+ os_memcpy(data->pseudonym, attr->next_pseudonym,
+ attr->next_pseudonym_len);
+ data->pseudonym_len = attr->next_pseudonym_len;
+ wpa_hexdump_ascii(MSG_DEBUG,
+ "EAP-AKA: (encr) AT_NEXT_PSEUDONYM",
+ data->pseudonym,
+ data->pseudonym_len);
+ }
+
+ if (attr->next_reauth_id) {
+ os_free(data->reauth_id);
+ data->reauth_id = os_malloc(attr->next_reauth_id_len);
+ if (data->reauth_id == NULL) {
+ wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for "
+ "next reauth_id");
+ return -1;
+ }
+ os_memcpy(data->reauth_id, attr->next_reauth_id,
+ attr->next_reauth_id_len);
+ data->reauth_id_len = attr->next_reauth_id_len;
+ wpa_hexdump_ascii(MSG_DEBUG,
+ "EAP-AKA: (encr) AT_NEXT_REAUTH_ID",
+ data->reauth_id,
+ data->reauth_id_len);
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_aka_client_error(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen, int err)
+{
+ struct eap_sim_msg *msg;
+
+ data->state = FAILURE;
+ data->num_id_req = 0;
+ data->num_notification = 0;
+
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CLIENT_ERROR);
+ eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_aka_authentication_reject(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen)
+{
+ struct eap_sim_msg *msg;
+
+ data->state = FAILURE;
+ data->num_id_req = 0;
+ data->num_notification = 0;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject "
+ "(id=%d)", req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA,
+ EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT);
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_aka_synchronization_failure(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen)
+{
+ struct eap_sim_msg *msg;
+
+ data->num_id_req = 0;
+ data->num_notification = 0;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Synchronization-Failure "
+ "(id=%d)", req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA,
+ EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE);
+ wpa_printf(MSG_DEBUG, " AT_AUTS");
+ eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts,
+ EAP_AKA_AUTS_LEN);
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_aka_response_identity(struct eap_sm *sm,
+ struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ enum eap_sim_id_req id_req)
+{
+ const u8 *identity = NULL;
+ size_t identity_len = 0;
+ struct eap_sim_msg *msg;
+
+ data->reauth = 0;
+ if (id_req == ANY_ID && data->reauth_id) {
+ identity = data->reauth_id;
+ identity_len = data->reauth_id_len;
+ data->reauth = 1;
+ } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
+ data->pseudonym) {
+ identity = data->pseudonym;
+ identity_len = data->pseudonym_len;
+ eap_aka_clear_identities(data, CLEAR_REAUTH_ID);
+ } else if (id_req != NO_ID_REQ) {
+ identity = eap_get_config_identity(sm, &identity_len);
+ if (identity) {
+ eap_aka_clear_identities(data, CLEAR_PSEUDONYM |
+ CLEAR_REAUTH_ID);
+ }
+ }
+ if (id_req != NO_ID_REQ)
+ eap_aka_clear_identities(data, CLEAR_EAP_ID);
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Identity (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY);
+
+ if (identity) {
+ wpa_hexdump_ascii(MSG_DEBUG, " AT_IDENTITY",
+ identity, identity_len);
+ eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
+ identity, identity_len);
+ }
+
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_aka_response_challenge(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen)
+{
+ struct eap_sim_msg *msg;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE);
+ wpa_printf(MSG_DEBUG, " AT_RES");
+ eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len,
+ data->res, data->res_len);
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ return eap_sim_msg_finish(msg, respDataLen, data->k_aut, (u8 *) "", 0);
+}
+
+
+static u8 * eap_aka_response_reauth(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen, int counter_too_small,
+ const u8 *nonce_s)
+{
+ struct eap_sim_msg *msg;
+ unsigned int counter;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA,
+ EAP_AKA_SUBTYPE_REAUTHENTICATION);
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
+
+ if (counter_too_small) {
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER_TOO_SMALL");
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
+ counter = data->counter_too_small;
+ } else
+ counter = data->counter;
+
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
+
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
+ "AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ return eap_sim_msg_finish(msg, respDataLen, data->k_aut, nonce_s,
+ EAP_SIM_NONCE_S_LEN);
+}
+
+
+static u8 * eap_aka_response_notification(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ u16 notification)
+{
+ struct eap_sim_msg *msg;
+ u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION);
+ if (k_aut && data->reauth) {
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
+ EAP_SIM_AT_ENCR_DATA);
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
+ NULL, 0);
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr,
+ EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
+ "AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
+ }
+ if (k_aut) {
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ }
+ return eap_sim_msg_finish(msg, respDataLen, k_aut, (u8 *) "", 0);
+}
+
+
+static u8 * eap_aka_process_identity(struct eap_sm *sm,
+ struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ int id_error;
+
+ wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Identity");
+
+ id_error = 0;
+ switch (attr->id_req) {
+ case NO_ID_REQ:
+ break;
+ case ANY_ID:
+ if (data->num_id_req > 0)
+ id_error++;
+ data->num_id_req++;
+ break;
+ case FULLAUTH_ID:
+ if (data->num_id_req > 1)
+ id_error++;
+ data->num_id_req++;
+ break;
+ case PERMANENT_ID:
+ if (data->num_id_req > 2)
+ id_error++;
+ data->num_id_req++;
+ break;
+ }
+ if (id_error) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Too many ID requests "
+ "used within one authentication");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ return eap_aka_response_identity(sm, data, req, respDataLen,
+ attr->id_req);
+}
+
+
+static u8 * eap_aka_process_challenge(struct eap_sm *sm,
+ struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ const u8 *identity;
+ size_t identity_len;
+ int res;
+ struct eap_sim_attrs eattr;
+
+ wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
+ data->reauth = 0;
+ if (!attr->mac || !attr->rand || !attr->autn) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
+ "did not include%s%s%s",
+ !attr->mac ? " AT_MAC" : "",
+ !attr->rand ? " AT_RAND" : "",
+ !attr->autn ? " AT_AUTN" : "");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+ os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
+ os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
+
+ res = eap_aka_umts_auth(sm, data);
+ if (res == -1) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
+ "failed (AUTN)");
+ return eap_aka_authentication_reject(data, req, respDataLen);
+ } else if (res == -2) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
+ "failed (AUTN seq# -> AUTS)");
+ return eap_aka_synchronization_failure(data, req, respDataLen);
+ } else if (res) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+ if (data->last_eap_identity) {
+ identity = data->last_eap_identity;
+ identity_len = data->last_eap_identity_len;
+ } else if (data->pseudonym) {
+ identity = data->pseudonym;
+ identity_len = data->pseudonym_len;
+ } else
+ identity = eap_get_config_identity(sm, &identity_len);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
+ "derivation", identity, identity_len);
+ eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
+ data->mk);
+ eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
+ data->emsk);
+ if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
+ attr->mac, (u8 *) "", 0)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
+ "used invalid AT_MAC");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ /* Old reauthentication and pseudonym identities must not be used
+ * anymore. In other words, if no new identities are received, full
+ * authentication will be used on next reauthentication. */
+ eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
+ CLEAR_EAP_ID);
+
+ if (attr->encr_data) {
+ u8 *decrypted;
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv,
+ &eattr, 0);
+ if (decrypted == NULL) {
+ return eap_aka_client_error(
+ data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+ eap_aka_learn_ids(data, &eattr);
+ os_free(decrypted);
+ }
+
+ if (data->state != FAILURE)
+ data->state = SUCCESS;
+
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ /* RFC 4187 specifies that counter is initialized to one after
+ * fullauth, but initializing it to zero makes it easier to implement
+ * reauth verification. */
+ data->counter = 0;
+ return eap_aka_response_challenge(data, req, respDataLen);
+}
+
+
+static int eap_aka_process_notification_reauth(struct eap_aka_data *data,
+ struct eap_sim_attrs *attr)
+{
+ struct eap_sim_attrs eattr;
+ u8 *decrypted;
+
+ if (attr->encr_data == NULL || attr->iv == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Notification message after "
+ "reauth did not include encrypted data");
+ return -1;
+ }
+
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv, &eattr,
+ 0);
+ if (decrypted == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
+ "data from notification message");
+ return -1;
+ }
+
+ if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Counter in notification "
+ "message does not match with counter in reauth "
+ "message");
+ os_free(decrypted);
+ return -1;
+ }
+
+ os_free(decrypted);
+ return 0;
+}
+
+
+static int eap_aka_process_notification_auth(struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ struct eap_sim_attrs *attr)
+{
+ if (attr->mac == NULL) {
+ wpa_printf(MSG_INFO, "EAP-AKA: no AT_MAC in after_auth "
+ "Notification message");
+ return -1;
+ }
+
+ if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
+ attr->mac, (u8 *) "", 0)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Notification message "
+ "used invalid AT_MAC");
+ return -1;
+ }
+
+ if (data->reauth &&
+ eap_aka_process_notification_reauth(data, attr)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Invalid notification "
+ "message after reauth");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_aka_process_notification(struct eap_sm *sm,
+ struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Notification");
+ if (data->num_notification > 0) {
+ wpa_printf(MSG_INFO, "EAP-AKA: too many notification "
+ "rounds (only one allowed)");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+ data->num_notification++;
+ if (attr->notification == -1) {
+ wpa_printf(MSG_INFO, "EAP-AKA: no AT_NOTIFICATION in "
+ "Notification message");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if ((attr->notification & 0x4000) == 0 &&
+ eap_aka_process_notification_auth(data, req, reqDataLen, attr)) {
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ eap_sim_report_notification(sm->msg_ctx, attr->notification, 1);
+ if (attr->notification >= 0 && attr->notification < 32768) {
+ data->state = FAILURE;
+ }
+ return eap_aka_response_notification(data, req, respDataLen,
+ attr->notification);
+}
+
+
+static u8 * eap_aka_process_reauthentication(struct eap_sm *sm,
+ struct eap_aka_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ struct eap_sim_attrs eattr;
+ u8 *decrypted;
+
+ wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Reauthentication");
+
+ if (data->reauth_id == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Server is trying "
+ "reauthentication, but no reauth_id available");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ data->reauth = 1;
+ if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
+ attr->mac, (u8 *) "", 0)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
+ "did not have valid AT_MAC");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (attr->encr_data == NULL || attr->iv == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
+ "message did not include encrypted data");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv, &eattr,
+ 0);
+ if (decrypted == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
+ "data from reauthentication message");
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (eattr.nonce_s == NULL || eattr.counter < 0) {
+ wpa_printf(MSG_INFO, "EAP-AKA: (encr) No%s%s in reauth packet",
+ !eattr.nonce_s ? " AT_NONCE_S" : "",
+ eattr.counter < 0 ? " AT_COUNTER" : "");
+ os_free(decrypted);
+ return eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
+ u8 *res;
+ wpa_printf(MSG_INFO, "EAP-AKA: (encr) Invalid counter "
+ "(%d <= %d)", eattr.counter, data->counter);
+ data->counter_too_small = eattr.counter;
+
+ eap_sim_derive_keys_reauth(eattr.counter, data->reauth_id,
+ data->reauth_id_len, eattr.nonce_s,
+ data->mk, NULL, NULL);
+
+ /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
+ * reauth_id must not be used to start a new reauthentication.
+ * However, since it was used in the last EAP-Response-Identity
+ * packet, it has to saved for the following fullauth to be
+ * used in MK derivation. */
+ os_free(data->last_eap_identity);
+ data->last_eap_identity = data->reauth_id;
+ data->last_eap_identity_len = data->reauth_id_len;
+ data->reauth_id = NULL;
+ data->reauth_id_len = 0;
+
+ res = eap_aka_response_reauth(data, req, respDataLen, 1,
+ eattr.nonce_s);
+ os_free(decrypted);
+
+ return res;
+ }
+ data->counter = eattr.counter;
+
+ os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-AKA: (encr) AT_NONCE_S",
+ data->nonce_s, EAP_SIM_NONCE_S_LEN);
+
+ eap_sim_derive_keys_reauth(data->counter,
+ data->reauth_id, data->reauth_id_len,
+ data->nonce_s, data->mk, data->msk,
+ data->emsk);
+ eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
+ eap_aka_learn_ids(data, &eattr);
+
+ if (data->state != FAILURE)
+ data->state = SUCCESS;
+
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Maximum number of "
+ "fast reauths performed - force fullauth");
+ eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
+ }
+ os_free(decrypted);
+ return eap_aka_response_reauth(data, req, respDataLen, 0,
+ data->nonce_s);
+}
+
+
+static u8 * eap_aka_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_aka_data *data = priv;
+ const struct eap_hdr *req;
+ u8 subtype, *res;
+ const u8 *pos;
+ struct eap_sim_attrs attr;
+ size_t len;
+
+ wpa_hexdump(MSG_DEBUG, "EAP-AKA: EAP data", reqData, reqDataLen);
+ if (eap_get_config_identity(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Identity not configured");
+ eap_sm_request_identity(sm);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < 1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ req = (const struct eap_hdr *) reqData;
+ len = be_to_host16(req->length);
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ subtype = *pos++;
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Subtype=%d", subtype);
+ pos += 2; /* Reserved */
+
+ if (eap_sim_parse_attr(pos, reqData + len, &attr, 1, 0)) {
+ res = eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ goto done;
+ }
+
+ switch (subtype) {
+ case EAP_AKA_SUBTYPE_IDENTITY:
+ res = eap_aka_process_identity(sm, data, req,
+ respDataLen, &attr);
+ break;
+ case EAP_AKA_SUBTYPE_CHALLENGE:
+ res = eap_aka_process_challenge(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_AKA_SUBTYPE_NOTIFICATION:
+ res = eap_aka_process_notification(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_AKA_SUBTYPE_REAUTHENTICATION:
+ res = eap_aka_process_reauthentication(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_AKA_SUBTYPE_CLIENT_ERROR:
+ wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Client-Error");
+ res = eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown subtype=%d", subtype);
+ res = eap_aka_client_error(data, req, respDataLen,
+ EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+ break;
+ }
+
+done:
+ if (data->state == FAILURE) {
+ ret->decision = DECISION_FAIL;
+ ret->methodState = METHOD_DONE;
+ } else if (data->state == SUCCESS) {
+ ret->decision = DECISION_COND_SUCC;
+ /*
+ * It is possible for the server to reply with AKA
+ * Notification, so we must allow the method to continue and
+ * not only accept EAP-Success at this point.
+ */
+ ret->methodState = METHOD_MAY_CONT;
+ }
+
+ if (ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ }
+
+ return res;
+}
+
+
+static Boolean eap_aka_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_aka_data *data = priv;
+ return data->pseudonym || data->reauth_id;
+}
+
+
+static void eap_aka_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_aka_data *data = priv;
+ eap_aka_clear_identities(data, CLEAR_EAP_ID);
+}
+
+
+static void * eap_aka_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_aka_data *data = priv;
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ data->state = CONTINUE;
+ return priv;
+}
+
+
+static const u8 * eap_aka_get_identity(struct eap_sm *sm, void *priv,
+ size_t *len)
+{
+ struct eap_aka_data *data = priv;
+
+ if (data->reauth_id) {
+ *len = data->reauth_id_len;
+ return data->reauth_id;
+ }
+
+ if (data->pseudonym) {
+ *len = data->pseudonym_len;
+ return data->pseudonym;
+ }
+
+ return NULL;
+}
+
+
+static Boolean eap_aka_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_aka_data *data = priv;
+ return data->state == SUCCESS;
+}
+
+
+static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_aka_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_SIM_KEYING_DATA_LEN;
+ os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
+
+ return key;
+}
+
+
+static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_aka_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+
+ return key;
+}
+
+
+int eap_peer_aka_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_aka_init;
+ eap->deinit = eap_aka_deinit;
+ eap->process = eap_aka_process;
+ eap->isKeyAvailable = eap_aka_isKeyAvailable;
+ eap->getKey = eap_aka_getKey;
+ eap->has_reauth_data = eap_aka_has_reauth_data;
+ eap->deinit_for_reauth = eap_aka_deinit_for_reauth;
+ eap->init_for_reauth = eap_aka_init_for_reauth;
+ eap->get_identity = eap_aka_get_identity;
+ eap->get_emsk = eap_aka_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: Shared EAP definitions
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_DEFS_H
+#define EAP_DEFS_H
+
+/* RFC 3748 - Extensible Authentication Protocol (EAP) */
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_hdr {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code and identifier; network byte order */
+ /* followed by length-4 octets of data */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+enum { EAP_CODE_REQUEST = 1, EAP_CODE_RESPONSE = 2, EAP_CODE_SUCCESS = 3,
+ EAP_CODE_FAILURE = 4 };
+
+/* EAP Request and Response data begins with one octet Type. Success and
+ * Failure do not have additional data. */
+
+typedef enum {
+ EAP_TYPE_NONE = 0,
+ EAP_TYPE_IDENTITY = 1 /* RFC 3748 */,
+ EAP_TYPE_NOTIFICATION = 2 /* RFC 3748 */,
+ EAP_TYPE_NAK = 3 /* Response only, RFC 3748 */,
+ EAP_TYPE_MD5 = 4, /* RFC 3748 */
+ EAP_TYPE_OTP = 5 /* RFC 3748 */,
+ EAP_TYPE_GTC = 6, /* RFC 3748 */
+ EAP_TYPE_TLS = 13 /* RFC 2716 */,
+ EAP_TYPE_LEAP = 17 /* Cisco proprietary */,
+ EAP_TYPE_SIM = 18 /* RFC 4186 */,
+ EAP_TYPE_TTLS = 21 /* draft-ietf-pppext-eap-ttls-02.txt */,
+ EAP_TYPE_AKA = 23 /* RFC 4187 */,
+ EAP_TYPE_PEAP = 25 /* draft-josefsson-pppext-eap-tls-eap-06.txt */,
+ EAP_TYPE_MSCHAPV2 = 26 /* draft-kamath-pppext-eap-mschapv2-00.txt */,
+ EAP_TYPE_TLV = 33 /* draft-josefsson-pppext-eap-tls-eap-07.txt */,
+ EAP_TYPE_FAST = 43 /* draft-cam-winget-eap-fast-05.txt */,
+ EAP_TYPE_PAX = 46 /* RFC 4746 */,
+ EAP_TYPE_PSK = 47 /* RFC 4764 */,
+ EAP_TYPE_SAKE = 48 /* RFC 4763 */,
+ EAP_TYPE_EXPANDED = 254 /* RFC 3748 */,
+ EAP_TYPE_GPSK = 255 /* EXPERIMENTAL - type not yet allocated
+ * draft-ietf-emu-eap-gpsk-01.txt */
+} EapType;
+
+
+/* SMI Network Management Private Enterprise Code for vendor specific types */
+enum {
+ EAP_VENDOR_IETF = 0
+};
+
+#define EAP_MSK_LEN 64
+#define EAP_EMSK_LEN 64
+
+#endif /* EAP_DEFS_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-FAST (draft-cam-winget-eap-fast-03.txt)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tls_common.h"
+#include "config_ssid.h"
+#include "tls.h"
+#include "eap_tlv.h"
+#include "sha1.h"
+#include "config.h"
+
+/* TODO:
+ * - encrypt PAC-Key in the PAC file
+ * - test session resumption and enable it if it interoperates
+ * - password change (pending mschapv2 packet; replay decrypted packet)
+ */
+
+#define EAP_FAST_VERSION 1
+#define EAP_FAST_KEY_LEN 64
+#define EAP_FAST_PAC_KEY_LEN 32
+#define EAP_FAST_SIMCK_LEN 40
+#define EAP_FAST_SKS_LEN 40
+
+#define TLS_EXT_PAC_OPAQUE 35
+
+static const char *pac_file_hdr =
+ "wpa_supplicant EAP-FAST PAC file - version 1";
+
+
+static void eap_fast_deinit(struct eap_sm *sm, void *priv);
+
+
+#define PAC_TYPE_PAC_KEY 1
+#define PAC_TYPE_PAC_OPAQUE 2
+#define PAC_TYPE_CRED_LIFETIME 3
+#define PAC_TYPE_A_ID 4
+#define PAC_TYPE_I_ID 5
+#define PAC_TYPE_SERVER_PROTECTED_DATA 6
+#define PAC_TYPE_A_ID_INFO 7
+#define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8
+#define PAC_TYPE_PAC_INFO 9
+
+struct pac_tlv_hdr {
+ u16 type;
+ u16 len;
+};
+
+
+/* draft-cam-winget-eap-fast-provisioning-01.txt:
+ * 3.4 Key Derivations Used in the EAP-FAST Provisioning Exchange */
+struct eap_fast_key_block_provisioning {
+ /* Extra key material after TLS key_block */
+ u8 session_key_seed[EAP_FAST_SKS_LEN];
+ u8 server_challenge[16];
+ u8 client_challenge[16];
+};
+
+
+struct eap_fast_pac {
+ struct eap_fast_pac *next;
+
+ u8 pac_key[EAP_FAST_PAC_KEY_LEN];
+ u8 *pac_opaque;
+ size_t pac_opaque_len;
+ u8 *pac_info;
+ size_t pac_info_len;
+ u8 *a_id;
+ size_t a_id_len;
+ u8 *i_id;
+ size_t i_id_len;
+ u8 *a_id_info;
+ size_t a_id_info_len;
+};
+
+
+struct eap_fast_data {
+ struct eap_ssl_data ssl;
+
+ int fast_version;
+
+ const struct eap_method *phase2_method;
+ void *phase2_priv;
+ int phase2_success;
+
+ struct eap_method_type phase2_type;
+ struct eap_method_type *phase2_types;
+ size_t num_phase2_types;
+ int resuming; /* starting a resumed session */
+ struct eap_fast_key_block_provisioning *key_block_p;
+ int provisioning_allowed; /* is PAC provisioning allowed */
+ int provisioning; /* doing PAC provisioning (not the normal auth) */
+
+ u8 key_data[EAP_FAST_KEY_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+ int success;
+
+ struct eap_fast_pac *pac;
+ struct eap_fast_pac *current_pac;
+
+ int tls_master_secret_set;
+
+ u8 simck[EAP_FAST_SIMCK_LEN];
+ int simck_idx;
+};
+
+
+static void eap_fast_free_pac(struct eap_fast_pac *pac)
+{
+ os_free(pac->pac_opaque);
+ os_free(pac->pac_info);
+ os_free(pac->a_id);
+ os_free(pac->i_id);
+ os_free(pac->a_id_info);
+ os_free(pac);
+}
+
+
+static struct eap_fast_pac * eap_fast_get_pac(struct eap_fast_data *data,
+ const u8 *a_id, size_t a_id_len)
+{
+ struct eap_fast_pac *pac = data->pac;
+
+ while (pac) {
+ if (pac->a_id_len == a_id_len &&
+ os_memcmp(pac->a_id, a_id, a_id_len) == 0) {
+ return pac;
+ }
+ pac = pac->next;
+ }
+ return NULL;
+}
+
+
+static int eap_fast_add_pac(struct eap_fast_data *data,
+ struct eap_fast_pac *entry)
+{
+ struct eap_fast_pac *pac, *prev;
+
+ if (entry == NULL || entry->a_id == NULL)
+ return -1;
+
+ /* Remove a possible old entry for the matching A-ID. */
+ pac = data->pac;
+ prev = NULL;
+ while (pac) {
+ if (pac->a_id_len == entry->a_id_len &&
+ os_memcmp(pac->a_id, entry->a_id, pac->a_id_len) == 0) {
+ if (prev == NULL) {
+ data->pac = pac->next;
+ } else {
+ prev->next = pac->next;
+ }
+ if (data->current_pac == pac)
+ data->current_pac = NULL;
+ eap_fast_free_pac(pac);
+ break;
+ }
+ prev = pac;
+ pac = pac->next;
+ }
+
+ /* Allocate a new entry and add it to the list of PACs. */
+ pac = os_zalloc(sizeof(*pac));
+ if (pac == NULL)
+ return -1;
+
+ os_memcpy(pac->pac_key, entry->pac_key, EAP_FAST_PAC_KEY_LEN);
+ if (entry->pac_opaque) {
+ pac->pac_opaque = os_malloc(entry->pac_opaque_len);
+ if (pac->pac_opaque == NULL) {
+ eap_fast_free_pac(pac);
+ return -1;
+ }
+ os_memcpy(pac->pac_opaque, entry->pac_opaque,
+ entry->pac_opaque_len);
+ pac->pac_opaque_len = entry->pac_opaque_len;
+ }
+ if (entry->pac_info) {
+ pac->pac_info = os_malloc(entry->pac_info_len);
+ if (pac->pac_info == NULL) {
+ eap_fast_free_pac(pac);
+ return -1;
+ }
+ os_memcpy(pac->pac_info, entry->pac_info,
+ entry->pac_info_len);
+ pac->pac_info_len = entry->pac_info_len;
+ }
+ if (entry->a_id) {
+ pac->a_id = os_malloc(entry->a_id_len);
+ if (pac->a_id == NULL) {
+ eap_fast_free_pac(pac);
+ return -1;
+ }
+ os_memcpy(pac->a_id, entry->a_id,
+ entry->a_id_len);
+ pac->a_id_len = entry->a_id_len;
+ }
+ if (entry->i_id) {
+ pac->i_id = os_malloc(entry->i_id_len);
+ if (pac->i_id == NULL) {
+ eap_fast_free_pac(pac);
+ return -1;
+ }
+ os_memcpy(pac->i_id, entry->i_id,
+ entry->i_id_len);
+ pac->i_id_len = entry->i_id_len;
+ }
+ if (entry->a_id_info) {
+ pac->a_id_info = os_malloc(entry->a_id_info_len);
+ if (pac->a_id_info == NULL) {
+ eap_fast_free_pac(pac);
+ return -1;
+ }
+ os_memcpy(pac->a_id_info, entry->a_id_info,
+ entry->a_id_info_len);
+ pac->a_id_info_len = entry->a_id_info_len;
+ }
+ pac->next = data->pac;
+ data->pac = pac;
+ return 0;
+}
+
+
+struct eap_fast_read_ctx {
+ FILE *f;
+ const char *pos;
+ const char *end;
+};
+
+static int eap_fast_read_line(struct eap_fast_read_ctx *rc, char *buf,
+ size_t buf_len)
+{
+ char *pos;
+
+ if (rc->f) {
+ if (fgets(buf, buf_len, rc->f) == NULL)
+ return -1;
+ } else {
+ const char *l_end;
+ size_t len;
+ if (rc->pos >= rc->end)
+ return -1;
+ l_end = rc->pos;
+ while (l_end < rc->end && *l_end != '\n')
+ l_end++;
+ len = l_end - rc->pos;
+ if (len >= buf_len)
+ len = buf_len - 1;
+ os_memcpy(buf, rc->pos, len);
+ buf[len] = '\0';
+ rc->pos = l_end + 1;
+ }
+
+ buf[buf_len - 1] = '\0';
+ pos = buf;
+ while (*pos != '\0') {
+ if (*pos == '\n' || *pos == '\r') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_fast_parse_hex(const char *value, size_t *len)
+{
+ int hlen;
+ u8 *buf;
+
+ if (value == NULL)
+ return NULL;
+ hlen = os_strlen(value);
+ if (hlen & 1)
+ return NULL;
+ *len = hlen / 2;
+ buf = os_malloc(*len);
+ if (buf == NULL)
+ return NULL;
+ if (hexstr2bin(value, buf, *len)) {
+ os_free(buf);
+ return NULL;
+ }
+ return buf;
+}
+
+
+static int eap_fast_load_pac(struct eap_sm *sm, struct eap_fast_data *data,
+ const char *pac_file)
+{
+ struct eap_fast_read_ctx rc;
+ struct eap_fast_pac *pac = NULL;
+ int count = 0;
+ char *buf, *pos;
+ const int buf_len = 2048;
+ int ret = 0, line = 0;
+
+ if (pac_file == NULL)
+ return -1;
+
+ os_memset(&rc, 0, sizeof(rc));
+
+ if (os_strncmp(pac_file, "blob://", 7) == 0) {
+ const struct wpa_config_blob *blob;
+ blob = eap_get_config_blob(sm, pac_file + 7);
+ if (blob == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: No PAC blob '%s' - "
+ "assume no PAC entries have been "
+ "provisioned", pac_file + 7);
+ return 0;
+ }
+ rc.pos = (char *) blob->data;
+ rc.end = (char *) blob->data + blob->len;
+ } else {
+ rc.f = fopen(pac_file, "r");
+ if (rc.f == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: No PAC file '%s' - "
+ "assume no PAC entries have been "
+ "provisioned", pac_file);
+ return 0;
+ }
+ }
+
+ buf = os_malloc(buf_len);
+ if (buf == NULL) {
+ return -1;
+ }
+
+ line++;
+ if (eap_fast_read_line(&rc, buf, buf_len) < 0 ||
+ os_strcmp(pac_file_hdr, buf) != 0) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Unrecognized header line in "
+ "PAC file '%s'", pac_file);
+ os_free(buf);
+ if (rc.f)
+ fclose(rc.f);
+ return -1;
+ }
+
+ while (eap_fast_read_line(&rc, buf, buf_len) == 0) {
+ line++;
+ pos = os_strchr(buf, '=');
+ if (pos) {
+ *pos++ = '\0';
+ }
+
+ if (os_strcmp(buf, "START") == 0) {
+ if (pac) {
+ wpa_printf(MSG_INFO, "EAP-FAST: START line "
+ "without END in '%s:%d'",
+ pac_file, line);
+ ret = -1;
+ break;
+ }
+ pac = os_zalloc(sizeof(*pac));
+ if (pac == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: No memory for "
+ "PAC entry");
+ ret = -1;
+ break;
+ }
+ } else if (os_strcmp(buf, "END") == 0) {
+ if (pac == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: END line "
+ "without START in '%s:%d'",
+ pac_file, line);
+ ret = -1;
+ break;
+ }
+ pac->next = data->pac;
+ data->pac = pac;
+ pac = NULL;
+ count++;
+ } else if (pac && os_strcmp(buf, "PAC-Key") == 0) {
+ u8 *key;
+ size_t key_len;
+ key = eap_fast_parse_hex(pos, &key_len);
+ if (key == NULL || key_len != EAP_FAST_PAC_KEY_LEN) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid "
+ "PAC-Key '%s:%d'", pac_file, line);
+ ret = -1;
+ os_free(key);
+ break;
+ }
+
+ os_memcpy(pac->pac_key, key, EAP_FAST_PAC_KEY_LEN);
+ os_free(key);
+ } else if (pac && os_strcmp(buf, "PAC-Opaque") == 0) {
+ os_free(pac->pac_opaque);
+ pac->pac_opaque =
+ eap_fast_parse_hex(pos, &pac->pac_opaque_len);
+ if (pac->pac_opaque == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid "
+ "PAC-Opaque '%s:%d'",
+ pac_file, line);
+ ret = -1;
+ break;
+ }
+ } else if (pac && os_strcmp(buf, "A-ID") == 0) {
+ os_free(pac->a_id);
+ pac->a_id = eap_fast_parse_hex(pos, &pac->a_id_len);
+ if (pac->a_id == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid "
+ "A-ID '%s:%d'", pac_file, line);
+ ret = -1;
+ break;
+ }
+ } else if (pac && os_strcmp(buf, "I-ID") == 0) {
+ os_free(pac->i_id);
+ pac->i_id = eap_fast_parse_hex(pos, &pac->i_id_len);
+ if (pac->i_id == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid "
+ "I-ID '%s:%d'", pac_file, line);
+ ret = -1;
+ break;
+ }
+ } else if (pac && os_strcmp(buf, "A-ID-Info") == 0) {
+ os_free(pac->a_id_info);
+ pac->a_id_info =
+ eap_fast_parse_hex(pos, &pac->a_id_info_len);
+ if (pac->a_id_info == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid "
+ "A-ID-Info '%s:%d'",
+ pac_file, line);
+ ret = -1;
+ break;
+ }
+ }
+ }
+
+ if (pac) {
+ wpa_printf(MSG_INFO, "EAP-FAST: PAC block not terminated with "
+ "END in '%s'", pac_file);
+ eap_fast_free_pac(pac);
+ ret = -1;
+ }
+
+ os_free(buf);
+ if (rc.f)
+ fclose(rc.f);
+
+ if (ret == 0) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: read %d PAC entries from "
+ "'%s'", count, pac_file);
+ }
+
+ return ret;
+}
+
+
+static void eap_fast_write(char **buf, char **pos, size_t *buf_len,
+ const char *field, const u8 *data,
+ size_t len, int txt)
+{
+ size_t i, need;
+ int ret;
+
+ if (data == NULL || *buf == NULL)
+ return;
+
+ need = os_strlen(field) + len * 2 + 30;
+ if (txt)
+ need += os_strlen(field) + len + 20;
+
+ if (*pos - *buf + need > *buf_len) {
+ char *nbuf = os_realloc(*buf, *buf_len + need);
+ if (nbuf == NULL) {
+ os_free(*buf);
+ *buf = NULL;
+ return;
+ }
+ *buf = nbuf;
+ *buf_len += need;
+ }
+
+ ret = os_snprintf(*pos, *buf + *buf_len - *pos, "%s=", field);
+ if (ret < 0 || ret >= *buf + *buf_len - *pos)
+ return;
+ *pos += ret;
+ *pos += wpa_snprintf_hex(*pos, *buf + *buf_len - *pos, data, len);
+ ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n");
+ if (ret < 0 || ret >= *buf + *buf_len - *pos)
+ return;
+ *pos += ret;
+
+ if (txt) {
+ ret = os_snprintf(*pos, *buf + *buf_len - *pos,
+ "%s-txt=", field);
+ if (ret < 0 || ret >= *buf + *buf_len - *pos)
+ return;
+ *pos += ret;
+ for (i = 0; i < len; i++) {
+ ret = os_snprintf(*pos, *buf + *buf_len - *pos,
+ "%c", data[i]);
+ if (ret < 0 || ret >= *buf + *buf_len - *pos)
+ return;
+ *pos += ret;
+ }
+ ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n");
+ if (ret < 0 || ret >= *buf + *buf_len - *pos)
+ return;
+ *pos += ret;
+ }
+}
+
+
+static int eap_fast_save_pac(struct eap_sm *sm, struct eap_fast_data *data,
+ const char *pac_file)
+{
+ FILE *f;
+ struct eap_fast_pac *pac;
+ int count = 0, ret;
+ char *buf, *pos;
+ size_t buf_len;
+
+ if (pac_file == NULL)
+ return -1;
+
+ buf_len = 1024;
+ pos = buf = os_malloc(buf_len);
+ if (buf == NULL)
+ return -1;
+
+ ret = os_snprintf(pos, buf + buf_len - pos, "%s\n", pac_file_hdr);
+ if (ret < 0 || ret >= buf + buf_len - pos) {
+ os_free(buf);
+ return -1;
+ }
+ pos += ret;
+
+ pac = data->pac;
+ while (pac) {
+ ret = os_snprintf(pos, buf + buf_len - pos, "START\n");
+ if (ret < 0 || ret >= buf + buf_len - pos) {
+ os_free(buf);
+ return -1;
+ }
+ pos += ret;
+ eap_fast_write(&buf, &pos, &buf_len, "PAC-Key", pac->pac_key,
+ EAP_FAST_PAC_KEY_LEN, 0);
+ eap_fast_write(&buf, &pos, &buf_len, "PAC-Opaque",
+ pac->pac_opaque, pac->pac_opaque_len, 0);
+ eap_fast_write(&buf, &pos, &buf_len, "PAC-Info", pac->pac_info,
+ pac->pac_info_len, 0);
+ eap_fast_write(&buf, &pos, &buf_len, "A-ID", pac->a_id,
+ pac->a_id_len, 0);
+ eap_fast_write(&buf, &pos, &buf_len, "I-ID", pac->i_id,
+ pac->i_id_len, 1);
+ eap_fast_write(&buf, &pos, &buf_len, "A-ID-Info",
+ pac->a_id_info, pac->a_id_info_len, 1);
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: No memory for PAC "
+ "data");
+ return -1;
+ }
+ ret = os_snprintf(pos, buf + buf_len - pos, "END\n");
+ if (ret < 0 || ret >= buf + buf_len - pos) {
+ os_free(buf);
+ return -1;
+ }
+ pos += ret;
+ count++;
+ pac = pac->next;
+ }
+
+ if (os_strncmp(pac_file, "blob://", 7) == 0) {
+ struct wpa_config_blob *blob;
+ blob = os_zalloc(sizeof(*blob));
+ if (blob == NULL) {
+ os_free(buf);
+ return -1;
+ }
+ blob->data = (u8 *) buf;
+ blob->len = pos - buf;
+ buf = NULL;
+ blob->name = os_strdup(pac_file + 7);
+ if (blob->name == NULL) {
+ os_free(blob->data);
+ os_free(blob);
+ return -1;
+ }
+ eap_set_config_blob(sm, blob);
+ } else {
+ f = fopen(pac_file, "w");
+ if (f == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to open PAC "
+ "file '%s' for writing", pac_file);
+ os_free(buf);
+ return -1;
+ }
+ fprintf(f, "%s", buf);
+ os_free(buf);
+ fclose(f);
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: wrote %d PAC entries into '%s'",
+ count, pac_file);
+
+ return 0;
+}
+
+
+static void * eap_fast_init(struct eap_sm *sm)
+{
+ struct eap_fast_data *data;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->fast_version = EAP_FAST_VERSION;
+
+ if (config && config->phase1) {
+ if (os_strstr(config->phase1, "fast_provisioning=1")) {
+ data->provisioning_allowed = 1;
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Automatic PAC "
+ "provisioning is allowed");
+ }
+ }
+
+ if (config && config->phase2) {
+ char *start, *pos, *buf;
+ struct eap_method_type *methods = NULL, *_methods;
+ u8 method;
+ size_t num_methods = 0;
+ start = buf = os_strdup(config->phase2);
+ if (buf == NULL) {
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+ while (start && *start != '\0') {
+ int vendor;
+ pos = os_strstr(start, "auth=");
+ if (pos == NULL)
+ break;
+ if (start != pos && *(pos - 1) != ' ') {
+ start = pos + 5;
+ continue;
+ }
+
+ start = pos + 5;
+ pos = os_strchr(start, ' ');
+ if (pos)
+ *pos++ = '\0';
+ method = eap_get_phase2_type(start, &vendor);
+ if (vendor == EAP_VENDOR_IETF &&
+ method == EAP_TYPE_NONE) {
+ wpa_printf(MSG_ERROR, "EAP-FAST: Unsupported "
+ "Phase2 method '%s'", start);
+ } else {
+ num_methods++;
+ _methods = os_realloc(
+ methods,
+ num_methods * sizeof(*methods));
+ if (_methods == NULL) {
+ os_free(methods);
+ os_free(buf);
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+ methods = _methods;
+ methods[num_methods - 1].vendor = vendor;
+ methods[num_methods - 1].method = method;
+ }
+
+ start = pos;
+ }
+ os_free(buf);
+ data->phase2_types = methods;
+ data->num_phase2_types = num_methods;
+ }
+ if (data->phase2_types == NULL) {
+ data->phase2_types =
+ eap_get_phase2_types(config, &data->num_phase2_types);
+ }
+ if (data->phase2_types == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-FAST: No Phase2 method available");
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: Phase2 EAP types",
+ (u8 *) data->phase2_types,
+ data->num_phase2_types * sizeof(struct eap_method_type));
+ data->phase2_type.vendor = EAP_VENDOR_IETF;
+ data->phase2_type.method = EAP_TYPE_NONE;
+
+ if (eap_tls_ssl_init(sm, &data->ssl, config)) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+
+ /* The local RADIUS server in a Cisco AP does not seem to like empty
+ * fragments before data, so disable that workaround for CBC.
+ * TODO: consider making this configurable */
+ tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn);
+
+ if (eap_fast_load_pac(sm, data, config->pac_file) < 0) {
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+
+ if (data->pac == NULL && !data->provisioning_allowed) {
+ wpa_printf(MSG_INFO, "EAP-FAST: No PAC configured and "
+ "provisioning disabled");
+ eap_fast_deinit(sm, data);
+ return NULL;
+ }
+
+ return data;
+}
+
+
+static void eap_fast_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_fast_data *data = priv;
+ struct eap_fast_pac *pac, *prev;
+
+ if (data == NULL)
+ return;
+ if (data->phase2_priv && data->phase2_method)
+ data->phase2_method->deinit(sm, data->phase2_priv);
+ os_free(data->phase2_types);
+ os_free(data->key_block_p);
+ eap_tls_ssl_deinit(sm, &data->ssl);
+
+ pac = data->pac;
+ prev = NULL;
+ while (pac) {
+ prev = pac;
+ pac = pac->next;
+ eap_fast_free_pac(prev);
+ }
+ os_free(data);
+}
+
+
+static int eap_fast_encrypt(struct eap_sm *sm, struct eap_fast_data *data,
+ int id, const u8 *plain, size_t plain_len,
+ u8 **out_data, size_t *out_len)
+{
+ int res;
+ u8 *pos;
+ struct eap_hdr *resp;
+
+ /* TODO: add support for fragmentation, if needed. This will need to
+ * add TLS Message Length field, if the frame is fragmented. */
+ resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
+ if (resp == NULL)
+ return 0;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_FAST;
+ *pos++ = data->fast_version;
+
+ res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
+ plain, plain_len,
+ pos, data->ssl.tls_out_limit);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to encrypt Phase 2 "
+ "data");
+ os_free(resp);
+ return 0;
+ }
+
+ *out_len = sizeof(struct eap_hdr) + 2 + res;
+ resp->length = host_to_be16(*out_len);
+ *out_data = (u8 *) resp;
+ return 0;
+}
+
+
+static int eap_fast_phase2_nak(struct eap_fast_data *data,
+ struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ struct eap_hdr *resp_hdr;
+ u8 *pos = (u8 *) (hdr + 1);
+ size_t i;
+
+ /* TODO: add support for expanded Nak */
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 Request: Nak type=%d", *pos);
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: Allowed Phase2 EAP types",
+ (u8 *) data->phase2_types,
+ data->num_phase2_types * sizeof(struct eap_method_type));
+ *resp_len = sizeof(struct eap_hdr) + 1;
+ *resp = os_malloc(*resp_len + data->num_phase2_types);
+ if (*resp == NULL)
+ return -1;
+
+ resp_hdr = (struct eap_hdr *) (*resp);
+ resp_hdr->code = EAP_CODE_RESPONSE;
+ resp_hdr->identifier = hdr->identifier;
+ pos = (u8 *) (resp_hdr + 1);
+ *pos++ = EAP_TYPE_NAK;
+ for (i = 0; i < data->num_phase2_types; i++) {
+ if (data->phase2_types[i].vendor == EAP_VENDOR_IETF &&
+ data->phase2_types[i].method < 256) {
+ (*resp_len)++;
+ *pos++ = data->phase2_types[i].method;
+ }
+ }
+ resp_hdr->length = host_to_be16(*resp_len);
+
+ return 0;
+}
+
+
+static int eap_fast_derive_msk(struct eap_fast_data *data)
+{
+ /* Derive EAP Master Session Keys (section 5.4) */
+ sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
+ "Session Key Generating Function", (u8 *) "", 0,
+ data->key_data, EAP_FAST_KEY_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
+ data->key_data, EAP_FAST_KEY_LEN);
+
+ sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
+ "Extended Session Key Generating Function",
+ (u8 *) "", 0, data->emsk, EAP_EMSK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
+ data->emsk, EAP_EMSK_LEN);
+
+ data->success = 1;
+
+ return 0;
+}
+
+
+static int eap_fast_set_tls_master_secret(struct eap_sm *sm,
+ struct eap_fast_data *data,
+ const u8 *tls, size_t tls_len)
+{
+ struct tls_keys keys;
+ u8 master_secret[48], *seed;
+ const u8 *server_random;
+ size_t seed_len, server_random_len;
+
+ if (data->tls_master_secret_set || !data->current_pac ||
+ tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
+ keys.client_random == NULL) {
+ return 0;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: client_random",
+ keys.client_random, keys.client_random_len);
+
+ /* TLS master secret is needed before TLS library has processed this
+ * message which includes both ServerHello and an encrypted handshake
+ * message, so we need to parse server_random from this message before
+ * passing it to TLS library.
+ *
+ * Example TLS packet header:
+ * (16 03 01 00 2a 02 00 00 26 03 01 <32 bytes server_random>)
+ * Content Type: Handshake: 0x16
+ * Version: TLS 1.0 (0x0301)
+ * Lenghth: 42 (0x002a)
+ * Handshake Type: Server Hello: 0x02
+ * Length: 38 (0x000026)
+ * Version TLS 1.0 (0x0301)
+ * Random: 32 bytes
+ */
+ if (tls_len < 43 || tls[0] != 0x16 ||
+ tls[1] != 0x03 || tls[2] != 0x01 ||
+ tls[5] != 0x02 || tls[9] != 0x03 || tls[10] != 0x01) {
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: unrecognized TLS "
+ "ServerHello", tls, tls_len);
+ return -1;
+ }
+ server_random = tls + 11;
+ server_random_len = 32;
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: server_random",
+ server_random, server_random_len);
+
+ seed_len = keys.client_random_len + server_random_len;
+ seed = os_malloc(seed_len);
+ if (seed == NULL)
+ return -1;
+ os_memcpy(seed, server_random, server_random_len);
+ os_memcpy(seed + server_random_len,
+ keys.client_random, keys.client_random_len);
+
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: T-PRF seed", seed, seed_len);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: PAC-Key",
+ data->current_pac->pac_key, EAP_FAST_PAC_KEY_LEN);
+ /* master_secret = T-PRF(PAC-Key, "PAC to master secret label hash",
+ * server_random + client_random, 48) */
+ sha1_t_prf(data->current_pac->pac_key, EAP_FAST_PAC_KEY_LEN,
+ "PAC to master secret label hash",
+ seed, seed_len, master_secret, sizeof(master_secret));
+ os_free(seed);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: TLS pre-master-secret",
+ master_secret, sizeof(master_secret));
+
+ data->tls_master_secret_set = 1;
+
+ return tls_connection_set_master_key(sm->ssl_ctx, data->ssl.conn,
+ master_secret,
+ sizeof(master_secret));
+}
+
+
+static u8 * eap_fast_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
+ char *label, size_t len)
+{
+ struct tls_keys keys;
+ u8 *rnd = NULL, *out;
+ int block_size;
+
+ block_size = tls_connection_get_keyblock_size(sm->ssl_ctx, data->conn);
+ if (block_size < 0)
+ return NULL;
+
+ out = os_malloc(block_size + len);
+ if (out == NULL)
+ return NULL;
+
+ if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 1, out,
+ block_size + len) == 0) {
+ os_memmove(out, out + block_size, len);
+ return out;
+ }
+
+ if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
+ goto fail;
+
+ rnd = os_malloc(keys.client_random_len + keys.server_random_len);
+ if (rnd == NULL)
+ goto fail;
+
+ os_memcpy(rnd, keys.server_random, keys.server_random_len);
+ os_memcpy(rnd + keys.server_random_len, keys.client_random,
+ keys.client_random_len);
+
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: master_secret for key "
+ "expansion", keys.master_key, keys.master_key_len);
+ if (tls_prf(keys.master_key, keys.master_key_len,
+ label, rnd, keys.client_random_len +
+ keys.server_random_len, out, block_size + len))
+ goto fail;
+ os_free(rnd);
+ os_memmove(out, out + block_size, len);
+ return out;
+
+fail:
+ os_free(rnd);
+ os_free(out);
+ return NULL;
+}
+
+
+static void eap_fast_derive_key_auth(struct eap_sm *sm,
+ struct eap_fast_data *data)
+{
+ u8 *sks;
+
+ /* draft-cam-winget-eap-fast-05.txt:
+ * 5.1 EAP-FAST Authentication Phase 1: Key Derivations
+ * Extra key material after TLS key_block: session_ket_seed[40]
+ */
+
+ sks = eap_fast_derive_key(sm, &data->ssl, "key expansion",
+ EAP_FAST_SKS_LEN);
+ if (sks == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive "
+ "session_key_seed");
+ return;
+ }
+
+ /*
+ * draft-cam-winget-eap-fast-05.txt, 5.2:
+ * S-IMCK[0] = session_key_seed
+ */
+ wpa_hexdump_key(MSG_DEBUG,
+ "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
+ sks, EAP_FAST_SKS_LEN);
+ data->simck_idx = 0;
+ os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN);
+ os_free(sks);
+}
+
+
+static void eap_fast_derive_key_provisioning(struct eap_sm *sm,
+ struct eap_fast_data *data)
+{
+ os_free(data->key_block_p);
+ data->key_block_p = (struct eap_fast_key_block_provisioning *)
+ eap_fast_derive_key(sm, &data->ssl, "key expansion",
+ sizeof(*data->key_block_p));
+ if (data->key_block_p == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive key block");
+ return;
+ }
+ /*
+ * draft-cam-winget-eap-fast-05.txt, 5.2:
+ * S-IMCK[0] = session_key_seed
+ */
+ wpa_hexdump_key(MSG_DEBUG,
+ "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
+ data->key_block_p->session_key_seed,
+ sizeof(data->key_block_p->session_key_seed));
+ data->simck_idx = 0;
+ os_memcpy(data->simck, data->key_block_p->session_key_seed,
+ EAP_FAST_SIMCK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: server_challenge",
+ data->key_block_p->server_challenge,
+ sizeof(data->key_block_p->server_challenge));
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: client_challenge",
+ data->key_block_p->client_challenge,
+ sizeof(data->key_block_p->client_challenge));
+}
+
+
+static void eap_fast_derive_keys(struct eap_sm *sm, struct eap_fast_data *data)
+{
+ if (data->current_pac) {
+ eap_fast_derive_key_auth(sm, data);
+ } else {
+ eap_fast_derive_key_provisioning(sm, data);
+ }
+}
+
+
+static int eap_fast_phase2_request(struct eap_sm *sm,
+ struct eap_fast_data *data,
+ struct eap_method_ret *ret,
+ struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ size_t len = be_to_host16(hdr->length);
+ u8 *pos;
+ struct eap_method_ret iret;
+
+ if (len <= sizeof(struct eap_hdr)) {
+ wpa_printf(MSG_INFO, "EAP-FAST: too short "
+ "Phase 2 request (len=%lu)", (unsigned long) len);
+ return -1;
+ }
+ pos = (u8 *) (hdr + 1);
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 Request: type=%d", *pos);
+ switch (*pos) {
+ case EAP_TYPE_IDENTITY:
+ *resp = eap_sm_buildIdentity(sm, hdr->identifier, resp_len, 1);
+ break;
+ default:
+ if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
+ data->phase2_type.method == EAP_TYPE_NONE) {
+ size_t i;
+ for (i = 0; i < data->num_phase2_types; i++) {
+ if (data->phase2_types[i].vendor !=
+ EAP_VENDOR_IETF ||
+ data->phase2_types[i].method != *pos)
+ continue;
+
+ data->phase2_type.vendor =
+ data->phase2_types[i].vendor;
+ data->phase2_type.method =
+ data->phase2_types[i].method;
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Selected "
+ "Phase 2 EAP vendor %d method %d",
+ data->phase2_type.vendor,
+ data->phase2_type.method);
+ break;
+ }
+ }
+ if (*pos != data->phase2_type.method ||
+ *pos == EAP_TYPE_NONE) {
+ if (eap_fast_phase2_nak(data, hdr, resp, resp_len))
+ return -1;
+ return 0;
+ }
+
+ if (data->phase2_priv == NULL) {
+ data->phase2_method = eap_sm_get_eap_methods(
+ data->phase2_type.vendor,
+ data->phase2_type.method);
+ if (data->phase2_method) {
+ if (data->key_block_p) {
+ sm->auth_challenge =
+ data->key_block_p->
+ server_challenge;
+ sm->peer_challenge =
+ data->key_block_p->
+ client_challenge;
+ }
+ sm->init_phase2 = 1;
+ sm->mschapv2_full_key = 1;
+ data->phase2_priv =
+ data->phase2_method->init(sm);
+ sm->init_phase2 = 0;
+ sm->mschapv2_full_key = 0;
+ sm->auth_challenge = NULL;
+ sm->peer_challenge = NULL;
+ }
+ }
+ if (data->phase2_priv == NULL || data->phase2_method == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: failed to initialize "
+ "Phase 2 EAP method %d", *pos);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return -1;
+ }
+ os_memset(&iret, 0, sizeof(iret));
+ *resp = data->phase2_method->process(sm, data->phase2_priv,
+ &iret, (u8 *) hdr, len,
+ resp_len);
+ if (*resp == NULL ||
+ (iret.methodState == METHOD_DONE &&
+ iret.decision == DECISION_FAIL)) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ } else if ((iret.methodState == METHOD_DONE ||
+ iret.methodState == METHOD_MAY_CONT) &&
+ (iret.decision == DECISION_UNCOND_SUCC ||
+ iret.decision == DECISION_COND_SUCC)) {
+ data->phase2_success = 1;
+ }
+ if (*resp == NULL)
+ return -1;
+ break;
+ }
+ return 0;
+}
+
+
+static u8 * eap_fast_tlv_nak(int vendor_id, int tlv_type, size_t *len)
+{
+ struct eap_tlv_nak_tlv *nak;
+ *len = sizeof(*nak);
+ nak = os_malloc(*len);
+ if (nak == NULL)
+ return NULL;
+ nak->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | EAP_TLV_NAK_TLV);
+ nak->length = host_to_be16(6);
+ nak->vendor_id = host_to_be32(vendor_id);
+ nak->nak_type = host_to_be16(tlv_type);
+ return (u8 *) nak;
+}
+
+
+static u8 * eap_fast_tlv_result(int status, int intermediate, size_t *len)
+{
+ struct eap_tlv_intermediate_result_tlv *result;
+ *len = sizeof(*result);
+ result = os_malloc(*len);
+ if (result == NULL)
+ return NULL;
+ result->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ (intermediate ?
+ EAP_TLV_INTERMEDIATE_RESULT_TLV :
+ EAP_TLV_RESULT_TLV));
+ result->length = host_to_be16(2);
+ result->status = host_to_be16(status);
+ return (u8 *) result;
+}
+
+
+static u8 * eap_fast_tlv_pac_ack(size_t *len)
+{
+ struct eap_tlv_result_tlv *res;
+ struct eap_tlv_pac_ack_tlv *ack;
+
+ *len = sizeof(*res) + sizeof(*ack);
+ res = os_zalloc(*len);
+ if (res == NULL)
+ return NULL;
+
+ res->tlv_type = host_to_be16(EAP_TLV_RESULT_TLV |
+ EAP_TLV_TYPE_MANDATORY);
+ res->length = host_to_be16(sizeof(*res) - sizeof(struct eap_tlv_hdr));
+ res->status = host_to_be16(EAP_TLV_RESULT_SUCCESS);
+
+ ack = (struct eap_tlv_pac_ack_tlv *) (res + 1);
+ ack->tlv_type = host_to_be16(EAP_TLV_PAC_TLV |
+ EAP_TLV_TYPE_MANDATORY);
+ ack->length = host_to_be16(sizeof(*ack) - sizeof(struct eap_tlv_hdr));
+ ack->pac_type = host_to_be16(PAC_TYPE_PAC_ACKNOWLEDGEMENT);
+ ack->pac_len = host_to_be16(2);
+ ack->result = host_to_be16(EAP_TLV_RESULT_SUCCESS);
+
+ return (u8 *) res;
+}
+
+
+static u8 * eap_fast_tlv_eap_payload(u8 *buf, size_t *len)
+{
+ struct eap_tlv_hdr *tlv;
+
+ /* Encapsulate EAP packet in EAP Payload TLV */
+ tlv = os_malloc(sizeof(*tlv) + *len);
+ if (tlv == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to "
+ "allocate memory for TLV "
+ "encapsulation");
+ os_free(buf);
+ return NULL;
+ }
+ tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ EAP_TLV_EAP_PAYLOAD_TLV);
+ tlv->length = host_to_be16(*len);
+ os_memcpy(tlv + 1, buf, *len);
+ os_free(buf);
+ *len += sizeof(*tlv);
+ return (u8 *) tlv;
+}
+
+
+static u8 * eap_fast_process_crypto_binding(
+ struct eap_sm *sm, struct eap_fast_data *data,
+ struct eap_method_ret *ret,
+ struct eap_tlv_crypto_binding__tlv *_bind, size_t bind_len,
+ size_t *resp_len, int final)
+{
+ u8 *resp;
+ struct eap_tlv_intermediate_result_tlv *rresult;
+ struct eap_tlv_crypto_binding__tlv *rbind;
+ u8 isk[32], imck[60], *cmk, cmac[20], *key;
+ size_t key_len;
+ int res;
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Crypto-Binding TLV: Version %d "
+ "Received Version %d SubType %d",
+ _bind->version, _bind->received_version, _bind->subtype);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
+ _bind->nonce, sizeof(_bind->nonce));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
+ _bind->compound_mac, sizeof(_bind->compound_mac));
+
+ if (_bind->version != EAP_FAST_VERSION ||
+ _bind->received_version != EAP_FAST_VERSION ||
+ _bind->subtype != EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Invalid version/subtype in "
+ "Crypto-Binding TLV: Version %d "
+ "Received Version %d SubType %d",
+ _bind->version, _bind->received_version,
+ _bind->subtype);
+ resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 1,
+ resp_len);
+ return resp;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Determining CMK[%d] for Compound MIC "
+ "calculation", data->simck_idx + 1);
+
+ /*
+ * draft-cam-winget-eap-fast-05.txt, 5.2:
+ * IMCK[j] = T-PRF(S-IMCK[j-1], "Inner Methods Compound Keys",
+ * MSK[j], 60)
+ * S-IMCK[j] = first 40 octets of IMCK[j]
+ * CMK[j] = last 20 octets of IMCK[j]
+ */
+
+ os_memset(isk, 0, sizeof(isk));
+ if (data->phase2_method == NULL || data->phase2_priv == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 method not "
+ "available");
+ return NULL;
+ }
+ if (data->phase2_method->isKeyAvailable && data->phase2_method->getKey)
+ {
+ if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv)
+ ||
+ (key = data->phase2_method->getKey(sm, data->phase2_priv,
+ &key_len)) == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Could not get key "
+ "material from Phase 2");
+ return NULL;
+ }
+ if (key_len > sizeof(isk))
+ key_len = sizeof(isk);
+ os_memcpy(isk, key, key_len);
+ os_free(key);
+ }
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: ISK[j]", isk, sizeof(isk));
+ sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
+ "Inner Methods Compound Keys",
+ isk, sizeof(isk), imck, sizeof(imck));
+ data->simck_idx++;
+ os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",
+ data->simck, EAP_FAST_SIMCK_LEN);
+ cmk = imck + EAP_FAST_SIMCK_LEN;
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]", cmk, 20);
+
+ os_memcpy(cmac, _bind->compound_mac, sizeof(cmac));
+ os_memset(_bind->compound_mac, 0, sizeof(cmac));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for Compound "
+ "MAC calculation", (u8 *) _bind, bind_len);
+ hmac_sha1(cmk, 20, (u8 *) _bind, bind_len, _bind->compound_mac);
+ res = os_memcmp(cmac, _bind->compound_mac, sizeof(cmac));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Received Compound MAC",
+ cmac, sizeof(cmac));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Calculated Compound MAC",
+ _bind->compound_mac, sizeof(cmac));
+ if (res != 0) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Compound MAC did not match");
+ resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 1,
+ resp_len);
+ os_memcpy(_bind->compound_mac, cmac, sizeof(cmac));
+ return resp;
+ }
+
+ *resp_len = sizeof(*rresult) + sizeof(*rbind);
+ resp = os_zalloc(*resp_len);
+ if (resp == NULL)
+ return NULL;
+
+ /* Both intermediate and final Result TLVs are identical, so ok to use
+ * the same structure definition for them. */
+ rresult = (struct eap_tlv_intermediate_result_tlv *) resp;
+ rresult->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ (final ? EAP_TLV_RESULT_TLV :
+ EAP_TLV_INTERMEDIATE_RESULT_TLV));
+ rresult->length = host_to_be16(2);
+ rresult->status = host_to_be16(EAP_TLV_RESULT_SUCCESS);
+
+ if (!data->provisioning && data->phase2_success &&
+ eap_fast_derive_msk(data) < 0) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to generate MSK");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ rresult->status = host_to_be16(EAP_TLV_RESULT_FAILURE);
+ data->phase2_success = 0;
+ }
+
+ rbind = (struct eap_tlv_crypto_binding__tlv *) (rresult + 1);
+ rbind->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ EAP_TLV_CRYPTO_BINDING_TLV_);
+ rbind->length = host_to_be16(sizeof(*rbind) -
+ sizeof(struct eap_tlv_hdr));
+ rbind->version = EAP_FAST_VERSION;
+ rbind->received_version = _bind->version;
+ rbind->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE;
+ os_memcpy(rbind->nonce, _bind->nonce, sizeof(_bind->nonce));
+ inc_byte_array(rbind->nonce, sizeof(rbind->nonce));
+ hmac_sha1(cmk, 20, (u8 *) rbind, sizeof(*rbind), rbind->compound_mac);
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: Version %d "
+ "Received Version %d SubType %d",
+ rbind->version, rbind->received_version, rbind->subtype);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
+ rbind->nonce, sizeof(rbind->nonce));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
+ rbind->compound_mac, sizeof(rbind->compound_mac));
+
+ if (final && data->phase2_success) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication completed "
+ "successfully.");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ }
+
+ return resp;
+}
+
+
+static u8 * eap_fast_process_pac(struct eap_sm *sm, struct eap_fast_data *data,
+ struct eap_method_ret *ret,
+ u8 *pac, size_t pac_len, size_t *resp_len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct pac_tlv_hdr *hdr;
+ u8 *pos;
+ size_t left, len;
+ int type, pac_key_found = 0;
+ struct eap_fast_pac entry;
+
+ os_memset(&entry, 0, sizeof(entry));
+ pos = pac;
+ left = pac_len;
+ while (left > sizeof(*hdr)) {
+ hdr = (struct pac_tlv_hdr *) pos;
+ type = be_to_host16(hdr->type);
+ len = be_to_host16(hdr->len);
+ pos += sizeof(*hdr);
+ left -= sizeof(*hdr);
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV overrun "
+ "(type=%d len=%lu left=%lu)",
+ type, (unsigned long) len,
+ (unsigned long) left);
+ return eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ resp_len);
+ }
+ switch (type) {
+ case PAC_TYPE_PAC_KEY:
+ wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key",
+ pos, len);
+ if (len != EAP_FAST_PAC_KEY_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "
+ "PAC-Key length %lu",
+ (unsigned long) len);
+ break;
+ }
+ pac_key_found = 1;
+ os_memcpy(entry.pac_key, pos, len);
+ break;
+ case PAC_TYPE_PAC_OPAQUE:
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Opaque",
+ pos, len);
+ entry.pac_opaque = pos;
+ entry.pac_opaque_len = len;
+ break;
+ case PAC_TYPE_PAC_INFO:
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Info",
+ pos, len);
+ entry.pac_info = pos;
+ entry.pac_info_len = len;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown PAC "
+ "type %d", type);
+ break;
+ }
+
+ pos += len;
+ left -= len;
+ }
+
+ if (!pac_key_found || !entry.pac_opaque || !entry.pac_info) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV does not include "
+ "all the required fields");
+ return eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ resp_len);
+ }
+
+ pos = entry.pac_info;
+ left = entry.pac_info_len;
+ while (left > sizeof(*hdr)) {
+ hdr = (struct pac_tlv_hdr *) pos;
+ type = be_to_host16(hdr->type);
+ len = be_to_host16(hdr->len);
+ pos += sizeof(*hdr);
+ left -= sizeof(*hdr);
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info overrun "
+ "(type=%d len=%lu left=%lu)",
+ type, (unsigned long) len,
+ (unsigned long) left);
+ return eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ resp_len);
+ }
+ switch (type) {
+ case PAC_TYPE_A_ID:
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - "
+ "A-ID", pos, len);
+ entry.a_id = pos;
+ entry.a_id_len = len;
+ break;
+ case PAC_TYPE_I_ID:
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - "
+ "I-ID", pos, len);
+ entry.i_id = pos;
+ entry.i_id_len = len;
+ break;
+ case PAC_TYPE_A_ID_INFO:
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - "
+ "A-ID-Info", pos, len);
+ entry.a_id_info = pos;
+ entry.a_id_info_len = len;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown "
+ "PAC-Info type %d", type);
+ break;
+ }
+
+ pos += len;
+ left -= len;
+ }
+
+ if (entry.a_id == NULL || entry.a_id_info == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info does not include "
+ "all the required fields");
+ return eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ resp_len);
+ }
+
+ eap_fast_add_pac(data, &entry);
+ eap_fast_save_pac(sm, data, config->pac_file);
+
+ if (data->provisioning) {
+ /* EAP-FAST provisioning does not provide keying material and
+ * must end with an EAP-Failure. Authentication will be done
+ * separately after this. */
+ data->success = 0;
+ ret->decision = DECISION_FAIL;
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
+ "- Provisioning completed successfully");
+ } else {
+ /* This is PAC refreshing, i.e., normal authentication that is
+ * expected to be completed with an EAP-Success. */
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
+ "- PAC refreshing completed successfully");
+ ret->decision = DECISION_UNCOND_SUCC;
+ }
+ ret->methodState = METHOD_DONE;
+ return eap_fast_tlv_pac_ack(resp_len);
+}
+
+
+static int eap_fast_decrypt(struct eap_sm *sm, struct eap_fast_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_hdr *req,
+ const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len)
+{
+ u8 *in_decrypted, *pos, *end;
+ int len_decrypted, len;
+ struct eap_hdr *hdr;
+ u8 *resp = NULL;
+ size_t buf_len, resp_len;
+ int mandatory, tlv_type;
+ u8 *eap_payload_tlv = NULL, *pac = NULL;
+ size_t eap_payload_tlv_len = 0, pac_len = 0;
+ int iresult = 0, result = 0;
+ struct eap_tlv_crypto_binding__tlv *crypto_binding = NULL;
+ size_t crypto_binding_len = 0;
+ const u8 *msg;
+ size_t msg_len;
+ int need_more_input, stop;
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: received %lu bytes encrypted data for"
+ " Phase 2", (unsigned long) in_len);
+
+ msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,
+ &msg_len, &need_more_input);
+ if (msg == NULL)
+ return need_more_input ? 1 : -1;
+
+ buf_len = in_len;
+ if (data->ssl.tls_in_total > buf_len)
+ buf_len = data->ssl.tls_in_total;
+ in_decrypted = os_malloc(buf_len);
+ if (in_decrypted == NULL) {
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ wpa_printf(MSG_WARNING, "EAP-FAST: failed to allocate memory "
+ "for decryption");
+ return -1;
+ }
+
+ len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
+ msg, msg_len,
+ in_decrypted, buf_len);
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ if (len_decrypted < 0) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to decrypt Phase 2 "
+ "data");
+ os_free(in_decrypted);
+ return -1;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Decrypted Phase 2 TLV(s)",
+ in_decrypted, len_decrypted);
+
+ if (len_decrypted < 4) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
+ "TLV frame (len=%d)", len_decrypted);
+ return -1;
+ }
+
+ pos = in_decrypted;
+ end = in_decrypted + len_decrypted;
+ stop = 0;
+ while (pos + 4 < end && !stop) {
+ mandatory = pos[0] & 0x80;
+ tlv_type = WPA_GET_BE16(pos) & 0x3fff;
+ pos += 2;
+ len = WPA_GET_BE16(pos);
+ pos += 2;
+ if (pos + len > end) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-FAST: TLV overflow");
+ return 0;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-FAST: received Phase 2: "
+ "TLV type %d length %d%s",
+ tlv_type, len, mandatory ? " (mandatory)" : "");
+
+ switch (tlv_type) {
+ case EAP_TLV_EAP_PAYLOAD_TLV:
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: EAP Payload TLV",
+ pos, len);
+ eap_payload_tlv = pos;
+ eap_payload_tlv_len = len;
+ break;
+ case EAP_TLV_RESULT_TLV:
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Result TLV",
+ pos, len);
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
+ "Result TLV");
+ result = EAP_TLV_RESULT_FAILURE;
+ break;
+ }
+ result = WPA_GET_BE16(pos);
+ if (result != EAP_TLV_RESULT_SUCCESS &&
+ result != EAP_TLV_RESULT_FAILURE) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown "
+ "Result %d", result);
+ result = EAP_TLV_RESULT_FAILURE;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Result: %s",
+ result == EAP_TLV_RESULT_SUCCESS ?
+ "Success" : "Failure");
+ break;
+ case EAP_TLV_INTERMEDIATE_RESULT_TLV:
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Intermediate "
+ "Result TLV", pos, len);
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
+ "Intermediate Result TLV");
+ iresult = EAP_TLV_RESULT_FAILURE;
+ break;
+ }
+ iresult = WPA_GET_BE16(pos);
+ if (iresult != EAP_TLV_RESULT_SUCCESS &&
+ iresult != EAP_TLV_RESULT_FAILURE) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown "
+ "Intermediate Result %d", iresult);
+ iresult = EAP_TLV_RESULT_FAILURE;
+ }
+ wpa_printf(MSG_DEBUG,
+ "EAP-FAST: Intermediate Result: %s",
+ iresult == EAP_TLV_RESULT_SUCCESS ?
+ "Success" : "Failure");
+ break;
+ case EAP_TLV_CRYPTO_BINDING_TLV_:
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding "
+ "TLV", pos, len);
+ crypto_binding_len = sizeof(struct eap_tlv_hdr) + len;
+ if (crypto_binding_len < sizeof(*crypto_binding)) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
+ "Crypto-Binding TLV");
+ iresult = EAP_TLV_RESULT_FAILURE;
+ pos = end;
+ break;
+ }
+ crypto_binding =
+ (struct eap_tlv_crypto_binding__tlv *)
+ (pos - sizeof(struct eap_tlv_hdr));
+ break;
+ case EAP_TLV_PAC_TLV:
+ wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: PAC TLV",
+ pos, len);
+ pac = pos;
+ pac_len = len;
+ break;
+ default:
+ if (mandatory) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Nak unknown "
+ "mandatory TLV type %d", tlv_type);
+ resp = eap_fast_tlv_nak(0, tlv_type,
+ &resp_len);
+ stop = 1;
+ } else {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: ignored "
+ "unknown optional TLV type %d",
+ tlv_type);
+ }
+ break;
+ }
+
+ pos += len;
+ }
+
+ if (!resp && result == EAP_TLV_RESULT_FAILURE) {
+ resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ &resp_len);
+ if (!resp) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ if (!resp && iresult == EAP_TLV_RESULT_FAILURE) {
+ resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 1,
+ &resp_len);
+ if (!resp) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ if (!resp && eap_payload_tlv) {
+ if (eap_payload_tlv_len < sizeof(*hdr)) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: too short EAP "
+ "Payload TLV (len=%lu)",
+ (unsigned long) eap_payload_tlv_len);
+ os_free(in_decrypted);
+ return 0;
+ }
+ hdr = (struct eap_hdr *) eap_payload_tlv;
+ if (be_to_host16(hdr->length) > eap_payload_tlv_len) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: EAP packet overflow "
+ "in EAP Payload TLV");
+ os_free(in_decrypted);
+ return 0;
+ }
+ if (hdr->code == EAP_CODE_REQUEST) {
+ if (eap_fast_phase2_request(sm, data, ret, hdr,
+ &resp, &resp_len)) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-FAST: Phase2 "
+ "Request processing failed");
+ return 0;
+ }
+ resp = eap_fast_tlv_eap_payload(resp, &resp_len);
+ if (resp == NULL) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ } else {
+ wpa_printf(MSG_INFO, "EAP-FAST: Unexpected code=%d in "
+ "Phase 2 EAP header", hdr->code);
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ if (!resp && crypto_binding) {
+ int final = result == EAP_TLV_RESULT_SUCCESS;
+ resp = eap_fast_process_crypto_binding(sm, data, ret,
+ crypto_binding,
+ crypto_binding_len,
+ &resp_len, final);
+ if (!resp) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ if (!resp && pac && result != EAP_TLV_RESULT_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV without Result TLV "
+ "acknowledging success");
+ resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0,
+ &resp_len);
+ if (!resp) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ if (!resp && pac && result == EAP_TLV_RESULT_SUCCESS) {
+ resp = eap_fast_process_pac(sm, data, ret, pac, pac_len,
+ &resp_len);
+ if (!resp) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ }
+
+ os_free(in_decrypted);
+
+ if (resp == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: No recognized TLVs - send "
+ "empty response packet");
+ resp = os_malloc(1);
+ if (resp == NULL)
+ return 0;
+ resp_len = 0;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 data",
+ resp, resp_len);
+ if (eap_fast_encrypt(sm, data, req->identifier, resp, resp_len,
+ out_data, out_len)) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to encrypt a Phase 2 "
+ "frame");
+ }
+ os_free(resp);
+
+ return 0;
+}
+
+
+static u8 * eap_fast_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ size_t left;
+ int res;
+ u8 flags, *resp, id;
+ const u8 *pos;
+ struct eap_fast_data *data = priv;
+
+ pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
+ reqData, reqDataLen, &left, &flags);
+ if (pos == NULL)
+ return NULL;
+ req = (const struct eap_hdr *) reqData;
+ id = req->identifier;
+
+ if (flags & EAP_TLS_FLAGS_START) {
+ const u8 *a_id;
+ size_t a_id_len;
+ struct pac_tlv_hdr *hdr;
+
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Start (server ver=%d, own "
+ "ver=%d)", flags & EAP_PEAP_VERSION_MASK,
+ data->fast_version);
+ if ((flags & EAP_PEAP_VERSION_MASK) < data->fast_version)
+ data->fast_version = flags & EAP_PEAP_VERSION_MASK;
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Using FAST version %d",
+ data->fast_version);
+
+ a_id = pos;
+ a_id_len = left;
+ if (left > sizeof(*hdr)) {
+ int tlen;
+ hdr = (struct pac_tlv_hdr *) pos;
+ tlen = be_to_host16(hdr->len);
+ if (be_to_host16(hdr->type) == PAC_TYPE_A_ID &&
+ sizeof(*hdr) + tlen <= left) {
+ a_id = (u8 *) (hdr + 1);
+ a_id_len = tlen;
+ }
+ }
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: A-ID", a_id, a_id_len);
+
+ data->current_pac = eap_fast_get_pac(data, a_id, a_id_len);
+ if (data->current_pac) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: PAC found for this "
+ "A-ID");
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-FAST: A-ID-Info",
+ data->current_pac->a_id_info,
+ data->current_pac->a_id_info_len);
+ }
+
+ if (data->resuming && data->current_pac) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Trying to resume "
+ "session - do not add PAC-Opaque to TLS "
+ "ClientHello");
+ if (tls_connection_client_hello_ext(
+ sm->ssl_ctx, data->ssl.conn,
+ TLS_EXT_PAC_OPAQUE, NULL, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to "
+ "remove PAC-Opaque TLS extension");
+ return NULL;
+ }
+
+ } else if (data->current_pac) {
+ u8 *tlv;
+ size_t tlv_len, olen;
+ struct eap_tlv_hdr *ehdr;
+ olen = data->current_pac->pac_opaque_len;
+ tlv_len = sizeof(*ehdr) + olen;
+ tlv = os_malloc(tlv_len);
+ if (tlv) {
+ ehdr = (struct eap_tlv_hdr *) tlv;
+ ehdr->tlv_type =
+ host_to_be16(PAC_TYPE_PAC_OPAQUE);
+ ehdr->length = host_to_be16(olen);
+ os_memcpy(ehdr + 1,
+ data->current_pac->pac_opaque, olen);
+ }
+ if (tlv == NULL ||
+ tls_connection_client_hello_ext(
+ sm->ssl_ctx, data->ssl.conn,
+ TLS_EXT_PAC_OPAQUE, tlv, tlv_len) < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to "
+ "add PAC-Opaque TLS extension");
+ os_free(tlv);
+ return NULL;
+ }
+ os_free(tlv);
+ } else {
+ u8 ciphers[2];
+ if (!data->provisioning_allowed) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found "
+ "and provisioning disabled");
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found - "
+ "starting provisioning");
+ ciphers[0] = TLS_CIPHER_ANON_DH_AES128_SHA;
+ ciphers[1] = TLS_CIPHER_NONE;
+ if (tls_connection_set_cipher_list(sm->ssl_ctx,
+ data->ssl.conn,
+ ciphers)) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Could not "
+ "configure anonymous DH for TLS "
+ "connection");
+ return NULL;
+ }
+ if (tls_connection_client_hello_ext(
+ sm->ssl_ctx, data->ssl.conn,
+ TLS_EXT_PAC_OPAQUE, NULL, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to "
+ "remove PAC-Opaque TLS extension");
+ return NULL;
+ }
+ data->provisioning = 1;
+ }
+
+ left = 0; /* A-ID is not used in further packet processing */
+ }
+
+ resp = NULL;
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+ !data->resuming) {
+ res = eap_fast_decrypt(sm, data, ret, req, pos, left,
+ &resp, respDataLen);
+ if (res < 0) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ /* Ack possible Alert that may have caused failure in
+ * decryption */
+ res = 1;
+ }
+ } else {
+ if (eap_fast_set_tls_master_secret(sm, data, pos, left) < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to configure "
+ "TLS master secret");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+
+ res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_FAST,
+ data->fast_version, id, pos, left,
+ &resp, respDataLen);
+
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-FAST: TLS done, proceed to Phase 2");
+ data->resuming = 0;
+ eap_fast_derive_keys(sm, data);
+ }
+ }
+
+ if (res == 1)
+ return eap_tls_build_ack(&data->ssl, respDataLen, id,
+ EAP_TYPE_FAST, data->fast_version);
+ return resp;
+}
+
+
+#if 0 /* FIX */
+static Boolean eap_fast_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_fast_data *data = priv;
+ return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
+}
+
+
+static void eap_fast_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_fast_data *data = priv;
+ os_free(data->key_block_p);
+ data->key_block_p = NULL;
+}
+
+
+static void * eap_fast_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_fast_data *data = priv;
+ if (eap_tls_reauth_init(sm, &data->ssl)) {
+ os_free(data);
+ return NULL;
+ }
+ if (data->phase2_priv && data->phase2_method &&
+ data->phase2_method->init_for_reauth)
+ data->phase2_method->init_for_reauth(sm, data->phase2_priv);
+ data->phase2_success = 0;
+ data->resuming = 1;
+ data->provisioning = 0;
+ data->simck_idx = 0;
+ return priv;
+}
+#endif
+
+
+static int eap_fast_get_status(struct eap_sm *sm, void *priv, char *buf,
+ size_t buflen, int verbose)
+{
+ struct eap_fast_data *data = priv;
+ int len, ret;
+
+ len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
+ if (data->phase2_method) {
+ ret = os_snprintf(buf + len, buflen - len,
+ "EAP-FAST Phase2 method=%s\n",
+ data->phase2_method->name);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ }
+ return len;
+}
+
+
+static Boolean eap_fast_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_fast_data *data = priv;
+ return data->success;
+}
+
+
+static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_fast_data *data = priv;
+ u8 *key;
+
+ if (!data->success)
+ return NULL;
+
+ key = os_malloc(EAP_FAST_KEY_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_FAST_KEY_LEN;
+ os_memcpy(key, data->key_data, EAP_FAST_KEY_LEN);
+
+ return key;
+}
+
+
+static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_fast_data *data = priv;
+ u8 *key;
+
+ if (!data->success)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+
+ return key;
+}
+
+
+int eap_peer_fast_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_FAST, "FAST");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_fast_init;
+ eap->deinit = eap_fast_deinit;
+ eap->process = eap_fast_process;
+ eap->isKeyAvailable = eap_fast_isKeyAvailable;
+ eap->getKey = eap_fast_getKey;
+ eap->get_status = eap_fast_get_status;
+#if 0
+ eap->has_reauth_data = eap_fast_has_reauth_data;
+ eap->deinit_for_reauth = eap_fast_deinit_for_reauth;
+ eap->init_for_reauth = eap_fast_init_for_reauth;
+#endif
+ eap->get_emsk = eap_fast_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt)
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "eap_gpsk_common.h"
+
+struct eap_gpsk_data {
+ enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
+ u8 rand_server[EAP_GPSK_RAND_LEN];
+ u8 rand_peer[EAP_GPSK_RAND_LEN];
+ u8 msk[EAP_MSK_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+ u8 sk[EAP_GPSK_MAX_SK_LEN];
+ size_t sk_len;
+ u8 pk[EAP_GPSK_MAX_PK_LEN];
+ size_t pk_len;
+ u8 session_id;
+ int session_id_set;
+ u8 *id_peer;
+ size_t id_peer_len;
+ u8 *id_server;
+ size_t id_server_len;
+ int vendor; /* CSuite/Specifier */
+ int specifier; /* CSuite/Specifier */
+ u8 *psk;
+ size_t psk_len;
+};
+
+
+static u8 * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data, u8 identifier,
+ const u8 *csuite_list, size_t csuite_list_len,
+ size_t *respDataLen);
+static u8 * eap_gpsk_send_gpsk_4(struct eap_gpsk_data *data, u8 identifier,
+ size_t *respDataLen);
+
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+static const char * eap_gpsk_state_txt(int state)
+{
+ switch (state) {
+ case GPSK_1:
+ return "GPSK-1";
+ case GPSK_3:
+ return "GPSK-3";
+ case SUCCESS:
+ return "SUCCESS";
+ case FAILURE:
+ return "FAILURE";
+ default:
+ return "?";
+ }
+}
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+static void eap_gpsk_state(struct eap_gpsk_data *data, int state)
+{
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: %s -> %s",
+ eap_gpsk_state_txt(data->state),
+ eap_gpsk_state_txt(state));
+ data->state = state;
+}
+
+
+static void eap_gpsk_deinit(struct eap_sm *sm, void *priv);
+
+
+static void * eap_gpsk_init(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_gpsk_data *data;
+
+ if (config == NULL) {
+ wpa_printf(MSG_INFO, "EAP-GPSK: No configuration found");
+ return NULL;
+ }
+
+ if (config->eappsk == NULL) {
+ wpa_printf(MSG_INFO, "EAP-GPSK: No key (eappsk) configured");
+ return NULL;
+ }
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->state = GPSK_1;
+
+ if (config->nai) {
+ data->id_peer = os_malloc(config->nai_len);
+ if (data->id_peer == NULL) {
+ eap_gpsk_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->id_peer, config->nai, config->nai_len);
+ data->id_peer_len = config->nai_len;
+ }
+
+ data->psk = os_malloc(config->eappsk_len);
+ if (data->psk == NULL) {
+ eap_gpsk_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->psk, config->eappsk, config->eappsk_len);
+ data->psk_len = config->eappsk_len;
+
+ return data;
+}
+
+
+static void eap_gpsk_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_gpsk_data *data = priv;
+ os_free(data->id_server);
+ os_free(data->id_peer);
+ os_free(data->psk);
+ os_free(data);
+}
+
+
+const u8 * eap_gpsk_process_id_server(struct eap_gpsk_data *data,
+ const u8 *pos, const u8 *end)
+{
+ u16 alen;
+
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short GPSK-1 packet");
+ return NULL;
+ }
+ alen = WPA_GET_BE16(pos);
+ pos += 2;
+ if (end - pos < alen) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server overflow");
+ return NULL;
+ }
+ os_free(data->id_server);
+ data->id_server = os_malloc(alen);
+ if (data->id_server == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: No memory for ID_Server");
+ return NULL;
+ }
+ os_memcpy(data->id_server, pos, alen);
+ data->id_server_len = alen;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server",
+ data->id_server, data->id_server_len);
+ pos += alen;
+
+ return pos;
+}
+
+
+const u8 * eap_gpsk_process_rand_server(struct eap_gpsk_data *data,
+ const u8 *pos, const u8 *end)
+{
+ if (pos == NULL)
+ return NULL;
+
+ if (end - pos < EAP_GPSK_RAND_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server overflow");
+ return NULL;
+ }
+ os_memcpy(data->rand_server, pos, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server",
+ data->rand_server, EAP_GPSK_RAND_LEN);
+ pos += EAP_GPSK_RAND_LEN;
+
+ return pos;
+}
+
+
+static int eap_gpsk_select_csuite(struct eap_sm *sm,
+ struct eap_gpsk_data *data,
+ const u8 *csuite_list,
+ size_t csuite_list_len)
+{
+ struct eap_gpsk_csuite *csuite;
+ int i, count;
+
+ count = csuite_list_len / sizeof(struct eap_gpsk_csuite);
+ data->vendor = EAP_GPSK_VENDOR_IETF;
+ data->specifier = EAP_GPSK_CIPHER_RESERVED;
+ csuite = (struct eap_gpsk_csuite *) csuite_list;
+ for (i = 0; i < count; i++) {
+ int vendor, specifier;
+ vendor = WPA_GET_BE32(csuite->vendor);
+ specifier = WPA_GET_BE16(csuite->specifier);
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite[%d]: %d:%d",
+ i, vendor, specifier);
+ if (data->vendor == EAP_GPSK_VENDOR_IETF &&
+ data->specifier == EAP_GPSK_CIPHER_RESERVED &&
+ eap_gpsk_supported_ciphersuite(vendor, specifier)) {
+ data->vendor = vendor;
+ data->specifier = specifier;
+ }
+ csuite++;
+ }
+ if (data->vendor == EAP_GPSK_VENDOR_IETF &&
+ data->specifier == EAP_GPSK_CIPHER_RESERVED) {
+ wpa_msg(sm->msg_ctx, MSG_INFO, "EAP-GPSK: No supported "
+ "ciphersuite found");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Selected ciphersuite %d:%d",
+ data->vendor, data->specifier);
+
+ return 0;
+}
+
+
+const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm,
+ struct eap_gpsk_data *data,
+ const u8 **list, size_t *list_len,
+ const u8 *pos, const u8 *end)
+{
+ if (pos == NULL)
+ return NULL;
+
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short GPSK-1 packet");
+ return NULL;
+ }
+ *list_len = WPA_GET_BE16(pos);
+ pos += 2;
+ if (end - pos < (int) *list_len) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List overflow");
+ return NULL;
+ }
+ if (*list_len == 0 || (*list_len % sizeof(struct eap_gpsk_csuite))) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %d",
+ *list_len);
+ return NULL;
+ }
+ *list = pos;
+ pos += *list_len;
+
+ if (eap_gpsk_select_csuite(sm, data, *list, *list_len) < 0)
+ return NULL;
+
+ return pos;
+}
+
+
+static u8 * eap_gpsk_process_gpsk_1(struct eap_sm *sm,
+ struct eap_gpsk_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ const u8 *payload, size_t payload_len,
+ size_t *respDataLen)
+{
+ size_t csuite_list_len;
+ const u8 *csuite_list, *pos, *end;
+ const struct eap_hdr *req;
+ u8 *resp;
+
+ if (data->state != GPSK_1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Request/GPSK-1");
+
+ end = payload + payload_len;
+
+ pos = eap_gpsk_process_id_server(data, payload, end);
+ pos = eap_gpsk_process_rand_server(data, pos, end);
+ pos = eap_gpsk_process_csuite_list(sm, data, &csuite_list,
+ &csuite_list_len, pos, end);
+ if (pos == NULL) {
+ eap_gpsk_state(data, FAILURE);
+ return NULL;
+ }
+
+ req = (const struct eap_hdr *) reqData;
+ resp = eap_gpsk_send_gpsk_2(data, req->identifier,
+ csuite_list, csuite_list_len,
+ respDataLen);
+ if (resp == NULL)
+ return NULL;
+
+ eap_gpsk_state(data, GPSK_3);
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data, u8 identifier,
+ const u8 *csuite_list, size_t csuite_list_len,
+ size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ size_t len, miclen;
+ u8 *rpos, *start;
+ struct eap_gpsk_csuite *csuite;
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Sending Response/GPSK-2");
+
+ miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
+ len = 1 + 2 + data->id_peer_len + 2 + data->id_server_len +
+ 2 * EAP_GPSK_RAND_LEN + 2 + csuite_list_len +
+ sizeof(struct eap_gpsk_csuite) + 2 + miclen;
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respDataLen, len,
+ EAP_CODE_RESPONSE, identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+
+ *rpos++ = EAP_GPSK_OPCODE_GPSK_2;
+ start = rpos;
+
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
+ data->id_peer, data->id_peer_len);
+ WPA_PUT_BE16(rpos, data->id_peer_len);
+ rpos += 2;
+ if (data->id_peer)
+ os_memcpy(rpos, data->id_peer, data->id_peer_len);
+ rpos += data->id_peer_len;
+
+ WPA_PUT_BE16(rpos, data->id_server_len);
+ rpos += 2;
+ if (data->id_server)
+ os_memcpy(rpos, data->id_server, data->id_server_len);
+ rpos += data->id_server_len;
+
+ if (os_get_random(data->rand_peer, EAP_GPSK_RAND_LEN)) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data "
+ "for RAND_Peer");
+ eap_gpsk_state(data, FAILURE);
+ os_free(resp);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
+ data->rand_peer, EAP_GPSK_RAND_LEN);
+ os_memcpy(rpos, data->rand_peer, EAP_GPSK_RAND_LEN);
+ rpos += EAP_GPSK_RAND_LEN;
+
+ os_memcpy(rpos, data->rand_server, EAP_GPSK_RAND_LEN);
+ rpos += EAP_GPSK_RAND_LEN;
+
+ WPA_PUT_BE16(rpos, csuite_list_len);
+ rpos += 2;
+ os_memcpy(rpos, csuite_list, csuite_list_len);
+ rpos += csuite_list_len;
+
+ csuite = (struct eap_gpsk_csuite *) rpos;
+ WPA_PUT_BE32(csuite->vendor, data->vendor);
+ WPA_PUT_BE16(csuite->specifier, data->specifier);
+ rpos = (u8 *) (csuite + 1);
+
+ if (eap_gpsk_derive_keys(data->psk, data->psk_len,
+ data->vendor, data->specifier,
+ data->rand_peer, data->rand_server,
+ data->id_peer, data->id_peer_len,
+ data->id_server, data->id_server_len,
+ data->msk, data->emsk,
+ data->sk, &data->sk_len,
+ data->pk, &data->pk_len) < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive keys");
+ eap_gpsk_state(data, FAILURE);
+ os_free(resp);
+ return NULL;
+ }
+
+ /* No PD_Payload_1 */
+ WPA_PUT_BE16(rpos, 0);
+ rpos += 2;
+
+ if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
+ data->specifier, start, rpos - start, rpos) <
+ 0) {
+ eap_gpsk_state(data, FAILURE);
+ os_free(resp);
+ return NULL;
+ }
+
+ return (u8 *) resp;
+}
+
+
+const u8 * eap_gpsk_validate_rand(struct eap_gpsk_data *data, const u8 *pos,
+ const u8 *end)
+{
+ if (end - pos < EAP_GPSK_RAND_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "RAND_Peer");
+ return NULL;
+ }
+ if (os_memcmp(pos, data->rand_peer, EAP_GPSK_RAND_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-2 and "
+ "GPSK-3 did not match");
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-2",
+ data->rand_peer, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-3",
+ pos, EAP_GPSK_RAND_LEN);
+ return NULL;
+ }
+ pos += EAP_GPSK_RAND_LEN;
+
+ if (end - pos < EAP_GPSK_RAND_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "RAND_Server");
+ return NULL;
+ }
+ if (os_memcmp(pos, data->rand_server, EAP_GPSK_RAND_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1 and "
+ "GPSK-3 did not match");
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1",
+ data->rand_server, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-3",
+ pos, EAP_GPSK_RAND_LEN);
+ return NULL;
+ }
+ pos += EAP_GPSK_RAND_LEN;
+
+ return pos;
+}
+
+
+const u8 * eap_gpsk_validate_id_server(struct eap_gpsk_data *data,
+ const u8 *pos, const u8 *end)
+{
+ size_t len;
+
+ if (pos == NULL)
+ return NULL;
+
+ if (end - pos < (int) 2) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "length(ID_Server)");
+ return NULL;
+ }
+
+ len = WPA_GET_BE16(pos);
+ pos += 2;
+
+ if (end - pos < (int) len) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "ID_Server");
+ return NULL;
+ }
+
+ if (len != data->id_server_len ||
+ os_memcmp(pos, data->id_server, len) != 0) {
+ wpa_printf(MSG_INFO, "EAP-GPSK: ID_Server did not match with "
+ "the one used in GPSK-1");
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1",
+ data->id_server, data->id_server_len);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-3",
+ pos, len);
+ }
+
+ pos += len;
+
+ return pos;
+}
+
+
+const u8 * eap_gpsk_validate_csuite(struct eap_gpsk_data *data, const u8 *pos,
+ const u8 *end)
+{
+ int vendor, specifier;
+ const struct eap_gpsk_csuite *csuite;
+
+ if (pos == NULL)
+ return NULL;
+
+ if (end - pos < (int) sizeof(*csuite)) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "CSuite_Sel");
+ return NULL;
+ }
+ csuite = (const struct eap_gpsk_csuite *) pos;
+ vendor = WPA_GET_BE32(csuite->vendor);
+ specifier = WPA_GET_BE16(csuite->specifier);
+ pos += sizeof(*csuite);
+ if (vendor != data->vendor || specifier != data->specifier) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel (%d:%d) does not "
+ "match with the one sent in GPSK-2 (%d:%d)",
+ vendor, specifier, data->vendor, data->specifier);
+ return NULL;
+ }
+
+ return pos;
+}
+
+
+const u8 * eap_gpsk_validate_pd_payload_2(struct eap_gpsk_data *data,
+ const u8 *pos, const u8 *end)
+{
+ u16 alen;
+
+ if (pos == NULL)
+ return NULL;
+
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "PD_Payload_2 length");
+ return NULL;
+ }
+ alen = WPA_GET_BE16(pos);
+ pos += 2;
+ if (end - pos < alen) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
+ "%d-octet PD_Payload_2", alen);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_2", pos, alen);
+ pos += alen;
+
+ return pos;
+}
+
+
+const u8 * eap_gpsk_validate_gpsk_3_mic(struct eap_gpsk_data *data,
+ const u8 *payload,
+ const u8 *pos, const u8 *end)
+{
+ size_t miclen;
+ u8 mic[EAP_GPSK_MAX_MIC_LEN];
+
+ if (pos == NULL)
+ return NULL;
+
+ miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
+ if (end - pos < (int) miclen) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
+ "(left=%d miclen=%d)", end - pos, miclen);
+ return NULL;
+ }
+ if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
+ data->specifier, payload, pos - payload, mic)
+ < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
+ return NULL;
+ }
+ if (os_memcmp(mic, pos, miclen) != 0) {
+ wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-3");
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
+ return NULL;
+ }
+ pos += miclen;
+
+ return pos;
+}
+
+
+static u8 * eap_gpsk_process_gpsk_3(struct eap_sm *sm,
+ struct eap_gpsk_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ const u8 *payload, size_t payload_len,
+ size_t *respDataLen)
+{
+ u8 *resp;
+ const struct eap_hdr *req;
+ const u8 *pos, *end;
+
+ if (data->state != GPSK_3) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Request/GPSK-3");
+
+ end = payload + payload_len;
+
+ pos = eap_gpsk_validate_rand(data, payload, end);
+ pos = eap_gpsk_validate_id_server(data, pos, end);
+ pos = eap_gpsk_validate_csuite(data, pos, end);
+ pos = eap_gpsk_validate_pd_payload_2(data, pos, end);
+ pos = eap_gpsk_validate_gpsk_3_mic(data, payload, pos, end);
+
+ if (pos == NULL) {
+ eap_gpsk_state(data, FAILURE);
+ return NULL;
+ }
+ if (pos != end) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra "
+ "data in the end of GPSK-2", end - pos);
+ }
+
+ req = (const struct eap_hdr *) reqData;
+ resp = eap_gpsk_send_gpsk_4(data, req->identifier, respDataLen);
+ if (resp == NULL)
+ return NULL;
+
+ eap_gpsk_state(data, SUCCESS);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_gpsk_send_gpsk_4(struct eap_gpsk_data *data, u8 identifier,
+ size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ u8 *rpos, *start;
+ size_t len;
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Sending Response/GPSK-4");
+
+ len = 1 + 2 + eap_gpsk_mic_len(data->vendor, data->specifier);
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respDataLen, len,
+ EAP_CODE_RESPONSE, identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+
+ *rpos++ = EAP_GPSK_OPCODE_GPSK_4;
+ start = rpos;
+
+ /* No PD_Payload_3 */
+ WPA_PUT_BE16(rpos, 0);
+ rpos += 2;
+
+ if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
+ data->specifier, start, rpos - start, rpos) <
+ 0) {
+ eap_gpsk_state(data, FAILURE);
+ os_free(resp);
+ return NULL;
+ }
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_gpsk_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_gpsk_data *data = priv;
+ u8 *resp;
+ const u8 *pos;
+ size_t len;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < 1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode %d", *pos);
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+
+ switch (*pos) {
+ case EAP_GPSK_OPCODE_GPSK_1:
+ resp = eap_gpsk_process_gpsk_1(sm, data, ret, reqData,
+ reqDataLen, pos + 1, len - 1,
+ respDataLen);
+ break;
+ case EAP_GPSK_OPCODE_GPSK_3:
+ resp = eap_gpsk_process_gpsk_3(sm, data, ret, reqData,
+ reqDataLen, pos + 1, len - 1,
+ respDataLen);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignoring message with "
+ "unknown opcode %d", *pos);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ return resp;
+}
+
+
+static Boolean eap_gpsk_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_gpsk_data *data = priv;
+ return data->state == SUCCESS;
+}
+
+
+static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_gpsk_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_MSK_LEN);
+ if (key == NULL)
+ return NULL;
+ os_memcpy(key, data->msk, EAP_MSK_LEN);
+ *len = EAP_MSK_LEN;
+
+ return key;
+}
+
+
+static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_gpsk_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+ *len = EAP_EMSK_LEN;
+
+ return key;
+}
+
+
+int eap_peer_gpsk_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_GPSK, "GPSK");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_gpsk_init;
+ eap->deinit = eap_gpsk_deinit;
+ eap->process = eap_gpsk_process;
+ eap->isKeyAvailable = eap_gpsk_isKeyAvailable;
+ eap->getKey = eap_gpsk_getKey;
+ eap->get_emsk = eap_gpsk_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-GPSK shared routines
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_defs.h"
+#include "aes_wrap.h"
+#include "crypto.h"
+#ifdef EAP_GPSK_SHA256
+#include "sha256.h"
+#endif /* EAP_GPSK_SHA256 */
+#include "eap_gpsk_common.h"
+
+
+/**
+ * eap_gpsk_supported_ciphersuite - Check whether ciphersuite is supported
+ * @vendor: CSuite/Vendor
+ * @specifier: CSuite/Specifier
+ * Returns: 1 if ciphersuite is support, or 0 if not
+ */
+int eap_gpsk_supported_ciphersuite(int vendor, int specifier)
+{
+ if (vendor == EAP_GPSK_VENDOR_IETF &&
+ specifier == EAP_GPSK_CIPHER_AES)
+ return 1;
+#ifdef EAP_GPSK_SHA256
+ if (vendor == EAP_GPSK_VENDOR_IETF &&
+ specifier == EAP_GPSK_CIPHER_SHA256)
+ return 1;
+#endif /* EAP_GPSK_SHA256 */
+ return 0;
+}
+
+
+static int eap_gpsk_gkdf_cmac(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
+{
+ u8 *opos;
+ size_t i, n, hashlen, left, clen;
+ u8 ibuf[2], hash[16];
+ const u8 *addr[2];
+ size_t vlen[2];
+
+ hashlen = sizeof(hash);
+ /* M_i = MAC_Y (i || Z); (MAC = AES-CMAC-128) */
+ addr[0] = ibuf;
+ vlen[0] = sizeof(ibuf);
+ addr[1] = data;
+ vlen[1] = data_len;
+
+ opos = buf;
+ left = len;
+ n = (len + hashlen - 1) / hashlen;
+ for (i = 1; i <= n; i++) {
+ WPA_PUT_BE16(ibuf, i);
+ omac1_aes_128_vector(psk, 2, addr, vlen, hash);
+ clen = left > hashlen ? hashlen : left;
+ os_memcpy(opos, hash, clen);
+ opos += clen;
+ left -= clen;
+ }
+
+ return 0;
+}
+
+
+#ifdef EAP_GPSK_SHA256
+static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
+{
+ u8 *opos;
+ size_t i, n, hashlen, left, clen;
+ u8 ibuf[2], hash[SHA256_MAC_LEN];
+ const u8 *addr[2];
+ size_t vlen[2];
+
+ hashlen = SHA256_MAC_LEN;
+ /* M_i = MAC_Y (i || Z); (MAC = HMAC-SHA256) */
+ addr[0] = ibuf;
+ vlen[0] = sizeof(ibuf);
+ addr[1] = data;
+ vlen[1] = data_len;
+
+ opos = buf;
+ left = len;
+ n = (len + hashlen - 1) / hashlen;
+ for (i = 1; i <= n; i++) {
+ WPA_PUT_BE16(ibuf, i);
+ hmac_sha256_vector(psk, 32, 2, addr, vlen, hash);
+ clen = left > hashlen ? hashlen : left;
+ os_memcpy(opos, hash, clen);
+ opos += clen;
+ left -= clen;
+ }
+
+ return 0;
+}
+#endif /* EAP_GPSK_SHA256 */
+
+
+static int eap_gpsk_derive_keys_helper(u32 csuite_specifier,
+ u8 *kdf_out, size_t kdf_out_len,
+ const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk,
+ u8 *sk, size_t sk_len,
+ u8 *pk, size_t pk_len)
+{
+ u8 mk[32], *pos, *data;
+ size_t data_len, mk_len;
+ int (*gkdf)(const u8 *psk, const u8 *data, size_t data_len,
+ u8 *buf, size_t len);
+
+ gkdf = NULL;
+ switch (csuite_specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ gkdf = eap_gpsk_gkdf_cmac;
+ mk_len = 16;
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ gkdf = eap_gpsk_gkdf_sha256;
+ mk_len = SHA256_MAC_LEN;
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ return -1;
+ }
+
+ if (psk_len < mk_len)
+ return -1;
+
+ data_len = 2 + psk_len + 6 + seed_len;
+ data = os_malloc(data_len);
+ if (data == NULL)
+ return -1;
+ pos = data;
+ WPA_PUT_BE16(pos, psk_len);
+ pos += 2;
+ os_memcpy(pos, psk, psk_len);
+ pos += psk_len;
+ WPA_PUT_BE32(pos, EAP_GPSK_VENDOR_IETF); /* CSuite/Vendor = IETF */
+ pos += 4;
+ WPA_PUT_BE16(pos, csuite_specifier); /* CSuite/Specifier */
+ pos += 2;
+ os_memcpy(pos, seed, seed_len); /* inputString */
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation",
+ data, data_len);
+
+ if (gkdf(psk, data, data_len, mk, mk_len) < 0) {
+ os_free(data);
+ return -1;
+ }
+ os_free(data);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, mk_len);
+
+ if (gkdf(mk, seed, seed_len, kdf_out, kdf_out_len) < 0)
+ return -1;
+
+ pos = kdf_out;
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN);
+ os_memcpy(msk, pos, EAP_MSK_LEN);
+ pos += EAP_MSK_LEN;
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN);
+ os_memcpy(emsk, pos, EAP_EMSK_LEN);
+ pos += EAP_EMSK_LEN;
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, sk_len);
+ os_memcpy(sk, pos, sk_len);
+ pos += sk_len;
+
+ if (pk) {
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, pk_len);
+ os_memcpy(pk, pos, pk_len);
+ }
+
+ return 0;
+}
+
+
+static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
+ u8 *pk, size_t *pk_len)
+{
+#define EAP_GPSK_SK_LEN_AES 16
+#define EAP_GPSK_PK_LEN_AES 16
+ u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
+ EAP_GPSK_PK_LEN_AES];
+
+ /*
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
+ * (= seed)
+ * KS = 16, PL = psk_len, CSuite_Sel = 0x00000000 0x0001
+ * MK = GKDF-16 (PSK[0..15], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..143]
+ * PK = GKDF-160 (MK, inputString)[144..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (16 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
+ */
+
+ *sk_len = EAP_GPSK_SK_LEN_AES;
+ *pk_len = EAP_GPSK_PK_LEN_AES;
+
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_AES,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ pk, *pk_len);
+}
+
+
+#ifdef EAP_GPSK_SHA256
+static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk,
+ u8 *sk, size_t *sk_len)
+{
+#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
+#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
+ u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
+ EAP_GPSK_PK_LEN_SHA256];
+
+ /*
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
+ * (= seed)
+ * KS = 32, PL = psk_len, CSuite_Sel = 0x00000000 0x0002
+ * MK = GKDF-32 (PSK[0..31], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (32 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
+ */
+
+ *sk_len = EAP_GPSK_SK_LEN_SHA256;
+
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_SHA256,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ NULL, 0);
+}
+#endif /* EAP_GPSK_SHA256 */
+
+
+/**
+ * eap_gpsk_derive_keys - Derive EAP-GPSK keys
+ * @psk: Pre-shared key
+ * @psk_len: Length of psk in bytes
+ * @vendor: CSuite/Vendor
+ * @specifier: CSuite/Specifier
+ * @rand_peer: 32-byte RAND_Peer
+ * @rand_server: 32-byte RAND_Server
+ * @id_peer: ID_Peer
+ * @id_peer_len: Length of ID_Peer
+ * @id_server: ID_Server
+ * @id_server_len: Length of ID_Server
+ * @msk: Buffer for 64-byte MSK
+ * @emsk: Buffer for 64-byte EMSK
+ * @sk: Buffer for SK (at least EAP_GPSK_MAX_SK_LEN bytes)
+ * @sk_len: Buffer for returning length of SK
+ * @pk: Buffer for PK (at least EAP_GPSK_MAX_PK_LEN bytes)
+ * @pk_len: Buffer for returning length of PK
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
+ int specifier,
+ const u8 *rand_peer, const u8 *rand_server,
+ const u8 *id_peer, size_t id_peer_len,
+ const u8 *id_server, size_t id_server_len,
+ u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
+ u8 *pk, size_t *pk_len)
+{
+ u8 *seed, *pos;
+ size_t seed_len;
+ int ret;
+
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving keys (%d:%d)",
+ vendor, specifier);
+
+ if (vendor != EAP_GPSK_VENDOR_IETF)
+ return -1;
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len);
+
+ /* Seed = RAND_Peer || ID_Peer || RAND_Server || ID_Server */
+ seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
+ seed = os_malloc(seed_len);
+ if (seed == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
+ "for key derivation");
+ return -1;
+ }
+
+ pos = seed;
+ os_memcpy(pos, rand_peer, EAP_GPSK_RAND_LEN);
+ pos += EAP_GPSK_RAND_LEN;
+ os_memcpy(pos, id_peer, id_peer_len);
+ pos += id_peer_len;
+ os_memcpy(pos, rand_server, EAP_GPSK_RAND_LEN);
+ pos += EAP_GPSK_RAND_LEN;
+ os_memcpy(pos, id_server, id_server_len);
+ pos += id_server_len;
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len);
+
+ switch (specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, seed_len,
+ msk, emsk, sk, sk_len,
+ pk, pk_len);
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed, seed_len,
+ msk, emsk, sk, sk_len);
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown cipher %d:%d used in "
+ "key derivation", vendor, specifier);
+ ret = -1;
+ break;
+ }
+
+ os_free(seed);
+
+ return ret;
+}
+
+
+/**
+ * eap_gpsk_mic_len - Get the length of the MIC
+ * @vendor: CSuite/Vendor
+ * @specifier: CSuite/Specifier
+ * Returns: MIC length in bytes
+ */
+size_t eap_gpsk_mic_len(int vendor, int specifier)
+{
+ if (vendor != EAP_GPSK_VENDOR_IETF)
+ return 0;
+
+ switch (specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ return 16;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ return 32;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ return 0;
+ }
+}
+
+
+static int eap_gpsk_compute_mic_aes(const u8 *sk, size_t sk_len,
+ const u8 *data, size_t len, u8 *mic)
+{
+ if (sk_len != 16) {
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %d for "
+ "AES-CMAC MIC", sk_len);
+ return -1;
+ }
+
+ return omac1_aes_128(sk, data, len, mic);
+}
+
+
+/**
+ * eap_gpsk_compute_mic - Compute EAP-GPSK MIC for an EAP packet
+ * @sk: Session key SK from eap_gpsk_derive_keys()
+ * @sk_len: SK length in bytes from eap_gpsk_derive_keys()
+ * @vendor: CSuite/Vendor
+ * @specifier: CSuite/Specifier
+ * @data: Input data to MIC
+ * @len: Input data length in bytes
+ * @mic: Buffer for the computed MIC, eap_gpsk_mic_len(cipher) bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_gpsk_compute_mic(const u8 *sk, size_t sk_len, int vendor,
+ int specifier, const u8 *data, size_t len, u8 *mic)
+{
+ int ret;
+
+ if (vendor != EAP_GPSK_VENDOR_IETF)
+ return -1;
+
+ switch (specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ ret = eap_gpsk_compute_mic_aes(sk, sk_len, data, len, mic);
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ hmac_sha256(sk, sk_len, data, len, mic);
+ ret = 0;
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown cipher %d:%d used in "
+ "MIC computation", vendor, specifier);
+ ret = -1;
+ break;
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-GPSK shared routines
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_GPSK_COMMON_H
+#define EAP_GPSK_COMMON_H
+
+#define EAP_GPSK_OPCODE_GPSK_1 1
+#define EAP_GPSK_OPCODE_GPSK_2 2
+#define EAP_GPSK_OPCODE_GPSK_3 3
+#define EAP_GPSK_OPCODE_GPSK_4 4
+#define EAP_GPSK_OPCODE_FAIL 5
+#define EAP_GPSK_OPCODE_PROTECTED_FAIL 6
+
+/* Failure-Code in GPSK-Fail and GPSK-Protected-Fail */
+#define EAP_GPSK_FAIL_PSK_NOT_FOUND 0x00000001
+#define EAP_GPSK_FAIL_AUTHENTICATION_FAILURE 0x00000002
+#define EAP_GPSK_FAIL_AUTHORIZATION_FAILURE 0x00000003
+
+#define EAP_GPSK_RAND_LEN 32
+#define EAP_GPSK_MAX_SK_LEN 32
+#define EAP_GPSK_MAX_PK_LEN 32
+#define EAP_GPSK_MAX_MIC_LEN 32
+
+#define EAP_GPSK_VENDOR_IETF 0x00000000
+#define EAP_GPSK_CIPHER_RESERVED 0x000000
+#define EAP_GPSK_CIPHER_AES 0x000001
+#define EAP_GPSK_CIPHER_SHA256 0x000002
+
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_gpsk_csuite {
+ u8 vendor[4];
+ u8 specifier[2];
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+int eap_gpsk_supported_ciphersuite(int vendor, int specifier);
+int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
+ int specifier,
+ const u8 *rand_client, const u8 *rand_server,
+ const u8 *id_client, size_t id_client_len,
+ const u8 *id_server, size_t id_server_len,
+ u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
+ u8 *pk, size_t *pk_len);
+size_t eap_gpsk_mic_len(int vendor, int specifier);
+int eap_gpsk_compute_mic(const u8 *sk, size_t sk_len, int vendor,
+ int specifier, const u8 *data, size_t len, u8 *mic);
+
+#endif /* EAP_GPSK_COMMON_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-GTC (RFC 3748)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+
+
+struct eap_gtc_data {
+ int prefix;
+};
+
+
+static void * eap_gtc_init(struct eap_sm *sm)
+{
+ struct eap_gtc_data *data;
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+
+ if (sm->m && sm->m->method == EAP_TYPE_FAST) {
+ wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix "
+ "with challenge/response");
+ data->prefix = 1;
+ }
+ return data;
+}
+
+
+static void eap_gtc_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_gtc_data *data = priv;
+ os_free(data);
+}
+
+
+static u8 * eap_gtc_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_gtc_data *data = priv;
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ const u8 *pos, *password, *identity;
+ u8 *rpos;
+ size_t password_len, identity_len, len, plen;
+ int otp;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC,
+ reqData, reqDataLen, &len);
+ if (pos == NULL) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ req = (const struct eap_hdr *) reqData;
+
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len);
+ if (data->prefix &&
+ (len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) {
+ wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with "
+ "expected prefix");
+
+ /* Send an empty response in order to allow tunneled
+ * acknowledgement of the failure. This will also cover the
+ * error case which seems to use EAP-MSCHAPv2 like error
+ * reporting with EAP-GTC inside EAP-FAST tunnel. */
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC,
+ respDataLen, 0, EAP_CODE_RESPONSE,
+ req->identifier, NULL);
+ return (u8 *) resp;
+ }
+
+ password = eap_get_config_otp(sm, &password_len);
+ if (password)
+ otp = 1;
+ else {
+ password = eap_get_config_password(sm, &password_len);
+ otp = 0;
+ }
+
+ if (password == NULL) {
+ wpa_printf(MSG_INFO, "EAP-GTC: Password not configured");
+ eap_sm_request_otp(sm, (const char *) pos, len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ret->ignore = FALSE;
+
+ ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE;
+ ret->decision = DECISION_COND_SUCC;
+ ret->allowNotifications = FALSE;
+
+ plen = password_len;
+ identity = eap_get_config_identity(sm, &identity_len);
+ if (identity == NULL)
+ return NULL;
+ if (data->prefix)
+ plen += 9 + identity_len + 1;
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, respDataLen,
+ plen, EAP_CODE_RESPONSE, req->identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+ if (data->prefix) {
+ os_memcpy(rpos, "RESPONSE=", 9);
+ rpos += 9;
+ os_memcpy(rpos, identity, identity_len);
+ rpos += identity_len;
+ *rpos++ = '\0';
+ }
+ os_memcpy(rpos, password, password_len);
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response",
+ (u8 *) (resp + 1) + 1, plen);
+
+ if (otp) {
+ wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password");
+ eap_clear_config_otp(sm);
+ }
+
+ return (u8 *) resp;
+}
+
+
+int eap_peer_gtc_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_gtc_init;
+ eap->deinit = eap_gtc_deinit;
+ eap->process = eap_gtc_process;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer state machines internal structures (RFC 4137)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_I_H
+#define EAP_I_H
+
+#include "eap.h"
+
+/* RFC 4137 - EAP Peer state machine */
+
+typedef enum {
+ DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC
+} EapDecision;
+
+typedef enum {
+ METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE
+} EapMethodState;
+
+/**
+ * struct eap_method_ret - EAP return values from struct eap_method::process()
+ *
+ * These structure contains OUT variables for the interface between peer state
+ * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as
+ * the return value of struct eap_method::process() so it is not included in
+ * this structure.
+ */
+struct eap_method_ret {
+ /**
+ * ignore - Whether method decided to drop the current packed (OUT)
+ */
+ Boolean ignore;
+
+ /**
+ * methodState - Method-specific state (IN/OUT)
+ */
+ EapMethodState methodState;
+
+ /**
+ * decision - Authentication decision (OUT)
+ */
+ EapDecision decision;
+
+ /**
+ * allowNotifications - Whether method allows notifications (OUT)
+ */
+ Boolean allowNotifications;
+};
+
+
+/**
+ * struct eap_method - EAP method interface
+ * This structure defines the EAP method interface. Each method will need to
+ * register its own EAP type, EAP name, and set of function pointers for method
+ * specific operations. This interface is based on section 4.4 of RFC 4137.
+ */
+struct eap_method {
+ /**
+ * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF)
+ */
+ int vendor;
+
+ /**
+ * method - EAP type number (EAP_TYPE_*)
+ */
+ EapType method;
+
+ /**
+ * name - Name of the method (e.g., "TLS")
+ */
+ const char *name;
+
+ /**
+ * init - Initialize an EAP method
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * Returns: Pointer to allocated private data, or %NULL on failure
+ *
+ * This function is used to initialize the EAP method explicitly
+ * instead of using METHOD_INIT state as specific in RFC 4137. The
+ * method is expected to initialize it method-specific state and return
+ * a pointer that will be used as the priv argument to other calls.
+ */
+ void * (*init)(struct eap_sm *sm);
+
+ /**
+ * deinit - Deinitialize an EAP method
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ *
+ * Deinitialize the EAP method and free any allocated private data.
+ */
+ void (*deinit)(struct eap_sm *sm, void *priv);
+
+ /**
+ * process - Process an EAP request
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @ret: Return values from EAP request validation and processing
+ * @reqData: EAP request to be processed (eapReqData)
+ * @reqDataLen: Length of the EAP request
+ * @respDataLen: Length of the returned EAP response
+ * Returns: Pointer to allocated EAP response packet (eapRespData)
+ *
+ * This function is a combination of m.check(), m.process(), and
+ * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other
+ * words, this function validates the incoming request, processes it,
+ * and build a response packet. m.check() and m.process() return values
+ * are returned through struct eap_method_ret *ret variable. Caller is
+ * responsible for freeing the returned EAP response packet.
+ */
+ u8 * (*process)(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen);
+
+ /**
+ * isKeyAvailable - Find out whether EAP method has keying material
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * Returns: %TRUE if key material (eapKeyData) is available
+ */
+ Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv);
+
+ /**
+ * getKey - Get EAP method specific keying material (eapKeyData)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @len: Pointer to variable to store key length (eapKeyDataLen)
+ * Returns: Keying material (eapKeyData) or %NULL if not available
+ *
+ * This function can be used to get the keying material from the EAP
+ * method. The key may already be stored in the method-specific private
+ * data or this function may derive the key.
+ */
+ u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
+
+ /**
+ * get_status - Get EAP method status
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf
+ *
+ * Query EAP method for status information. This function fills in a
+ * text area with current status information from the EAP method. If
+ * the buffer (buf) is not large enough, status information will be
+ * truncated to fit the buffer.
+ */
+ int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
+ size_t buflen, int verbose);
+
+ /**
+ * has_reauth_data - Whether method is ready for fast reauthentication
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * Returns: %TRUE or %FALSE based on whether fast reauthentication is
+ * possible
+ *
+ * This function is an optional handler that only EAP methods
+ * supporting fast re-authentication need to implement.
+ */
+ Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv);
+
+ /**
+ * deinit_for_reauth - Release data that is not needed for fast re-auth
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ *
+ * This function is an optional handler that only EAP methods
+ * supporting fast re-authentication need to implement. This is called
+ * when authentication has been completed and EAP state machine is
+ * requesting that enough state information is maintained for fast
+ * re-authentication
+ */
+ void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
+
+ /**
+ * init_for_reauth - Prepare for start of fast re-authentication
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ *
+ * This function is an optional handler that only EAP methods
+ * supporting fast re-authentication need to implement. This is called
+ * when EAP authentication is started and EAP state machine is
+ * requesting fast re-authentication to be used.
+ */
+ void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
+
+ /**
+ * get_identity - Get method specific identity for re-authentication
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @len: Length of the returned identity
+ * Returns: Pointer to the method specific identity or %NULL if default
+ * identity is to be used
+ *
+ * This function is an optional handler that only EAP methods
+ * that use method specific identity need to implement.
+ */
+ const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
+
+ /**
+ * free - Free EAP method data
+ * @method: Pointer to the method data registered with
+ * eap_peer_method_register().
+ *
+ * This function will be called when the EAP method is being
+ * unregistered. If the EAP method allocated resources during
+ * registration (e.g., allocated struct eap_method), they should be
+ * freed in this function. No other method functions will be called
+ * after this call. If this function is not defined (i.e., function
+ * pointer is %NULL), a default handler is used to release the method
+ * data with free(method). This is suitable for most cases.
+ */
+ void (*free)(struct eap_method *method);
+
+#define EAP_PEER_METHOD_INTERFACE_VERSION 1
+ /**
+ * version - Version of the EAP peer method interface
+ *
+ * The EAP peer method implementation should set this variable to
+ * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the
+ * EAP method is using supported API version when using dynamically
+ * loadable EAP methods.
+ */
+ int version;
+
+ /**
+ * next - Pointer to the next EAP method
+ *
+ * This variable is used internally in the EAP method registration code
+ * to create a linked list of registered EAP methods.
+ */
+ struct eap_method *next;
+
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+ /**
+ * dl_handle - Handle for the dynamic library
+ *
+ * This variable is used internally in the EAP method registration code
+ * to store a handle for the dynamic library. If the method is linked
+ * in statically, this is %NULL.
+ */
+ void *dl_handle;
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+ /**
+ * get_emsk - Get EAP method specific keying extended material (EMSK)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @len: Pointer to a variable to store EMSK length
+ * Returns: EMSK or %NULL if not available
+ *
+ * This function can be used to get the extended keying material from
+ * the EAP method. The key may already be stored in the method-specific
+ * private data or this function may derive the key.
+ */
+ u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
+};
+
+
+/**
+ * struct eap_sm - EAP state machine data
+ */
+struct eap_sm {
+ enum {
+ EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED,
+ EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD,
+ EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS,
+ EAP_FAILURE
+ } EAP_state;
+ /* Long-term local variables */
+ EapType selectedMethod;
+ EapMethodState methodState;
+ int lastId;
+ u8 *lastRespData;
+ size_t lastRespDataLen;
+ EapDecision decision;
+ /* Short-term local variables */
+ Boolean rxReq;
+ Boolean rxSuccess;
+ Boolean rxFailure;
+ int reqId;
+ EapType reqMethod;
+ int reqVendor;
+ u32 reqVendorMethod;
+ Boolean ignore;
+ /* Constants */
+ int ClientTimeout;
+
+ /* Miscellaneous variables */
+ Boolean allowNotifications; /* peer state machine <-> methods */
+ u8 *eapRespData; /* peer to lower layer */
+ size_t eapRespDataLen; /* peer to lower layer */
+ Boolean eapKeyAvailable; /* peer to lower layer */
+ u8 *eapKeyData; /* peer to lower layer */
+ size_t eapKeyDataLen; /* peer to lower layer */
+ const struct eap_method *m; /* selected EAP method */
+ /* not defined in RFC 4137 */
+ Boolean changed;
+ void *eapol_ctx;
+ struct eapol_callbacks *eapol_cb;
+ void *eap_method_priv;
+ int init_phase2;
+ int fast_reauth;
+
+ Boolean rxResp /* LEAP only */;
+ Boolean leap_done;
+ Boolean peap_done;
+ u8 req_md5[16]; /* MD5() of the current EAP packet */
+ u8 last_md5[16]; /* MD5() of the previously received EAP packet; used
+ * in duplicate request detection. */
+
+ void *msg_ctx;
+ void *scard_ctx;
+ void *ssl_ctx;
+
+ unsigned int workaround;
+
+ /* Optional challenges generated in Phase 1 (EAP-FAST) */
+ u8 *peer_challenge, *auth_challenge;
+ int mschapv2_full_key; /* Request full MSCHAPv2 key */
+
+ int num_rounds;
+ int force_disabled;
+};
+
+const u8 * eap_hdr_validate(int vendor, EapType eap_type,
+ const u8 *msg, size_t msglen, size_t *plen);
+const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
+const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);
+const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len);
+const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len);
+void eap_clear_config_otp(struct eap_sm *sm);
+struct wpa_ssid * eap_get_config(struct eap_sm *sm);
+void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob);
+const struct wpa_config_blob *
+eap_get_config_blob(struct eap_sm *sm, const char *name);
+struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len,
+ size_t payload_len, u8 code, u8 identifier,
+ u8 **payload);
+void eap_notify_pending(struct eap_sm *sm);
+
+#endif /* EAP_I_H */
--- /dev/null
+/*
+ * EAP peer method: LEAP
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "ms_funcs.h"
+#include "crypto.h"
+
+#define LEAP_VERSION 1
+#define LEAP_CHALLENGE_LEN 8
+#define LEAP_RESPONSE_LEN 24
+#define LEAP_KEY_LEN 16
+
+
+struct eap_leap_data {
+ enum {
+ LEAP_WAIT_CHALLENGE,
+ LEAP_WAIT_SUCCESS,
+ LEAP_WAIT_RESPONSE,
+ LEAP_DONE
+ } state;
+
+ u8 peer_challenge[LEAP_CHALLENGE_LEN];
+ u8 peer_response[LEAP_RESPONSE_LEN];
+
+ u8 ap_challenge[LEAP_CHALLENGE_LEN];
+ u8 ap_response[LEAP_RESPONSE_LEN];
+};
+
+
+static void * eap_leap_init(struct eap_sm *sm)
+{
+ struct eap_leap_data *data;
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->state = LEAP_WAIT_CHALLENGE;
+
+ sm->leap_done = FALSE;
+ return data;
+}
+
+
+static void eap_leap_deinit(struct eap_sm *sm, void *priv)
+{
+ os_free(priv);
+}
+
+
+static u8 * eap_leap_process_request(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_leap_data *data = priv;
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ const u8 *pos, *challenge, *identity, *password;
+ u8 challenge_len, *rpos;
+ size_t identity_len, password_len;
+
+ wpa_printf(MSG_DEBUG, "EAP-LEAP: Processing EAP-Request");
+
+ identity = eap_get_config_identity(sm, &identity_len);
+ password = eap_get_config_password(sm, &password_len);
+ if (identity == NULL || password == NULL)
+ return NULL;
+
+ req = (const struct eap_hdr *) reqData;
+ pos = (const u8 *) (req + 1);
+ if (reqDataLen < sizeof(*req) + 4 || *pos != EAP_TYPE_LEAP) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Invalid EAP-Request frame");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos++;
+
+ if (*pos != LEAP_VERSION) {
+ wpa_printf(MSG_WARNING, "EAP-LEAP: Unsupported LEAP version "
+ "%d", *pos);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos++;
+
+ pos++; /* skip unused byte */
+
+ challenge_len = *pos++;
+ if (challenge_len != LEAP_CHALLENGE_LEN ||
+ challenge_len > reqDataLen - sizeof(*req) - 4) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Invalid challenge "
+ "(challenge_len=%d reqDataLen=%lu)",
+ challenge_len, (unsigned long) reqDataLen);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ challenge = pos;
+ os_memcpy(data->peer_challenge, challenge, LEAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Challenge from AP",
+ challenge, LEAP_CHALLENGE_LEN);
+
+ wpa_printf(MSG_DEBUG, "EAP-LEAP: Generating Challenge Response");
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_LEAP, respDataLen,
+ 3 + LEAP_RESPONSE_LEN + identity_len,
+ EAP_CODE_RESPONSE, req->identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+ *rpos++ = LEAP_VERSION;
+ *rpos++ = 0; /* unused */
+ *rpos++ = LEAP_RESPONSE_LEN;
+ nt_challenge_response(challenge, password, password_len, rpos);
+ os_memcpy(data->peer_response, rpos, LEAP_RESPONSE_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Response",
+ rpos, LEAP_RESPONSE_LEN);
+ rpos += LEAP_RESPONSE_LEN;
+ os_memcpy(rpos, identity, identity_len);
+
+ data->state = LEAP_WAIT_SUCCESS;
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_leap_process_success(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t *respDataLen)
+{
+ struct eap_leap_data *data = priv;
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ u8 *pos;
+ const u8 *identity;
+ size_t identity_len;
+
+ wpa_printf(MSG_DEBUG, "EAP-LEAP: Processing EAP-Success");
+
+ identity = eap_get_config_identity(sm, &identity_len);
+ if (identity == NULL)
+ return NULL;
+
+ if (data->state != LEAP_WAIT_SUCCESS) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: EAP-Success received in "
+ "unexpected state (%d) - ignored", data->state);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ req = (const struct eap_hdr *) reqData;
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_LEAP, respDataLen,
+ 3 + LEAP_CHALLENGE_LEN + identity_len,
+ EAP_CODE_REQUEST, req->identifier, &pos);
+ if (resp == NULL)
+ return NULL;
+ *pos++ = LEAP_VERSION;
+ *pos++ = 0; /* unused */
+ *pos++ = LEAP_CHALLENGE_LEN;
+ if (hostapd_get_rand(pos, LEAP_CHALLENGE_LEN)) {
+ wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data "
+ "for challenge");
+ os_free(resp);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ os_memcpy(data->ap_challenge, pos, LEAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Challenge to AP/AS", pos,
+ LEAP_CHALLENGE_LEN);
+ pos += LEAP_CHALLENGE_LEN;
+ os_memcpy(pos, identity, identity_len);
+
+ data->state = LEAP_WAIT_RESPONSE;
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_leap_process_response(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen)
+{
+ struct eap_leap_data *data = priv;
+ const struct eap_hdr *resp;
+ const u8 *pos, *password;
+ u8 response_len, pw_hash[16], pw_hash_hash[16],
+ expected[LEAP_RESPONSE_LEN];
+ size_t password_len;
+
+ wpa_printf(MSG_DEBUG, "EAP-LEAP: Processing EAP-Response");
+
+ password = eap_get_config_password(sm, &password_len);
+ if (password == NULL)
+ return NULL;
+
+ resp = (const struct eap_hdr *) reqData;
+ pos = (const u8 *) (resp + 1);
+ if (reqDataLen < sizeof(*resp) + 4 || *pos != EAP_TYPE_LEAP) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Invalid EAP-Response frame");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos++;
+
+ if (*pos != LEAP_VERSION) {
+ wpa_printf(MSG_WARNING, "EAP-LEAP: Unsupported LEAP version "
+ "%d", *pos);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos++;
+
+ pos++; /* skip unused byte */
+
+ response_len = *pos++;
+ if (response_len != LEAP_RESPONSE_LEN ||
+ response_len > reqDataLen - sizeof(*resp) - 4) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Invalid response "
+ "(response_len=%d reqDataLen=%lu)",
+ response_len, (unsigned long) reqDataLen);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: Response from AP",
+ pos, LEAP_RESPONSE_LEN);
+ os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN);
+
+ nt_password_hash(password, password_len, pw_hash);
+ hash_nt_password_hash(pw_hash, pw_hash_hash);
+ challenge_response(data->ap_challenge, pw_hash_hash, expected);
+
+ ret->methodState = METHOD_DONE;
+ ret->allowNotifications = FALSE;
+
+ if (os_memcmp(pos, expected, LEAP_RESPONSE_LEN) != 0) {
+ wpa_printf(MSG_WARNING, "EAP-LEAP: AP sent an invalid "
+ "response - authentication failed");
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: Expected response from AP",
+ expected, LEAP_RESPONSE_LEN);
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+
+ ret->decision = DECISION_UNCOND_SUCC;
+
+ /* LEAP is somewhat odd method since it sends EAP-Success in the middle
+ * of the authentication. Use special variable to transit EAP state
+ * machine to SUCCESS state. */
+ sm->leap_done = TRUE;
+ data->state = LEAP_DONE;
+
+ /* No more authentication messages expected; AP will send EAPOL-Key
+ * frames if encryption is enabled. */
+ return NULL;
+}
+
+
+static u8 * eap_leap_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *eap;
+ size_t len, password_len;
+ const u8 *password;
+
+ password = eap_get_config_password(sm, &password_len);
+ if (password == NULL) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Password not configured");
+ eap_sm_request_password(sm);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ eap = (const struct eap_hdr *) reqData;
+
+ if (reqDataLen < sizeof(*eap) ||
+ (len = be_to_host16(eap->length)) > reqDataLen) {
+ wpa_printf(MSG_INFO, "EAP-LEAP: Invalid frame");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ret->ignore = FALSE;
+ ret->allowNotifications = TRUE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+
+ sm->leap_done = FALSE;
+
+ switch (eap->code) {
+ case EAP_CODE_REQUEST:
+ return eap_leap_process_request(sm, priv, ret, reqData, len,
+ respDataLen);
+ case EAP_CODE_SUCCESS:
+ return eap_leap_process_success(sm, priv, ret, reqData,
+ respDataLen);
+ case EAP_CODE_RESPONSE:
+ return eap_leap_process_response(sm, priv, ret, reqData, len);
+ default:
+ wpa_printf(MSG_INFO, "EAP-LEAP: Unexpected EAP code (%d) - "
+ "ignored", eap->code);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+}
+
+
+static Boolean eap_leap_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_leap_data *data = priv;
+ return data->state == LEAP_DONE;
+}
+
+
+static u8 * eap_leap_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_leap_data *data = priv;
+ u8 *key, pw_hash_hash[16], pw_hash[16];
+ const u8 *addr[5], *password;
+ size_t elen[5], password_len;
+
+ if (data->state != LEAP_DONE)
+ return NULL;
+
+ password = eap_get_config_password(sm, &password_len);
+ if (password == NULL)
+ return NULL;
+
+ key = os_malloc(LEAP_KEY_LEN);
+ if (key == NULL)
+ return NULL;
+
+ nt_password_hash(password, password_len, pw_hash);
+ hash_nt_password_hash(pw_hash, pw_hash_hash);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash",
+ pw_hash_hash, 16);
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: peer_challenge",
+ data->peer_challenge, LEAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: peer_response",
+ data->peer_response, LEAP_RESPONSE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: ap_challenge",
+ data->ap_challenge, LEAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-LEAP: ap_response",
+ data->ap_response, LEAP_RESPONSE_LEN);
+
+ addr[0] = pw_hash_hash;
+ elen[0] = 16;
+ addr[1] = data->ap_challenge;
+ elen[1] = LEAP_CHALLENGE_LEN;
+ addr[2] = data->ap_response;
+ elen[2] = LEAP_RESPONSE_LEN;
+ addr[3] = data->peer_challenge;
+ elen[3] = LEAP_CHALLENGE_LEN;
+ addr[4] = data->peer_response;
+ elen[4] = LEAP_RESPONSE_LEN;
+ md5_vector(5, addr, elen, key);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: master key", key, LEAP_KEY_LEN);
+ *len = LEAP_KEY_LEN;
+
+ return key;
+}
+
+
+int eap_peer_leap_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_LEAP, "LEAP");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_leap_init;
+ eap->deinit = eap_leap_deinit;
+ eap->process = eap_leap_process;
+ eap->isKeyAvailable = eap_leap_isKeyAvailable;
+ eap->getKey = eap_leap_getKey;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-MD5 (RFC 3748 and RFC 1994)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "md5.h"
+#include "crypto.h"
+
+
+static void * eap_md5_init(struct eap_sm *sm)
+{
+ /* No need for private data. However, must return non-NULL to indicate
+ * success. */
+ return (void *) 1;
+}
+
+
+static void eap_md5_deinit(struct eap_sm *sm, void *priv)
+{
+}
+
+
+static u8 * eap_md5_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ const u8 *pos, *challenge, *password;
+ u8 *rpos;
+ size_t len, challenge_len, password_len;
+ const u8 *addr[3];
+ size_t elen[3];
+
+ password = eap_get_config_password(sm, &password_len);
+ if (password == NULL) {
+ wpa_printf(MSG_INFO, "EAP-MD5: Password not configured");
+ eap_sm_request_password(sm);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len == 0) {
+ wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame (pos=%p len=%lu)",
+ pos, (unsigned long) len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ /*
+ * CHAP Challenge:
+ * Value-Size (1 octet) | Value(Challenge) | Name(optional)
+ */
+ req = (const struct eap_hdr *) reqData;
+ challenge_len = *pos++;
+ if (challenge_len == 0 || challenge_len > len - 1) {
+ wpa_printf(MSG_INFO, "EAP-MD5: Invalid challenge "
+ "(challenge_len=%lu len=%lu)",
+ (unsigned long) challenge_len, (unsigned long) len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ ret->ignore = FALSE;
+ challenge = pos;
+ wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Challenge",
+ challenge, challenge_len);
+
+ wpa_printf(MSG_DEBUG, "EAP-MD5: Generating Challenge Response");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ ret->allowNotifications = TRUE;
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MD5, respDataLen,
+ 1 + MD5_MAC_LEN, EAP_CODE_RESPONSE,
+ req->identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+
+ /*
+ * CHAP Response:
+ * Value-Size (1 octet) | Value(Response) | Name(optional)
+ */
+ *rpos++ = MD5_MAC_LEN;
+
+ addr[0] = &resp->identifier;
+ elen[0] = 1;
+ addr[1] = password;
+ elen[1] = password_len;
+ addr[2] = challenge;
+ elen[2] = challenge_len;
+ md5_vector(3, addr, elen, rpos);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, MD5_MAC_LEN);
+
+ return (u8 *) resp;
+}
+
+
+int eap_peer_md5_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_MD5, "MD5");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_md5_init;
+ eap->deinit = eap_md5_deinit;
+ eap->process = eap_md5_process;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer: Method registration
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+#include <dlfcn.h>
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_methods.h"
+
+
+static struct eap_method *eap_methods = NULL;
+
+
+/**
+ * eap_sm_get_eap_methods - Get EAP method based on type number
+ * @vendor: EAP Vendor-Id (0 = IETF)
+ * @method: EAP type number
+ * Returns: Pointer to EAP method or %NULL if not found
+ */
+const struct eap_method * eap_sm_get_eap_methods(int vendor, EapType method)
+{
+ struct eap_method *m;
+ for (m = eap_methods; m; m = m->next) {
+ if (m->vendor == vendor && m->method == method)
+ return m;
+ }
+ return NULL;
+}
+
+
+/**
+ * eap_get_type - Get EAP type for the given EAP method name
+ * @name: EAP method name, e.g., TLS
+ * @vendor: Buffer for returning EAP Vendor-Id
+ * Returns: EAP method type or %EAP_TYPE_NONE if not found
+ *
+ * This function maps EAP type names into EAP type numbers based on the list of
+ * EAP methods included in the build.
+ */
+EapType eap_get_type(const char *name, int *vendor)
+{
+ struct eap_method *m;
+ for (m = eap_methods; m; m = m->next) {
+ if (os_strcmp(m->name, name) == 0) {
+ *vendor = m->vendor;
+ return m->method;
+ }
+ }
+ *vendor = EAP_VENDOR_IETF;
+ return EAP_TYPE_NONE;
+}
+
+
+/**
+ * eap_get_name - Get EAP method name for the given EAP type
+ * @vendor: EAP Vendor-Id (0 = IETF)
+ * @type: EAP method type
+ * Returns: EAP method name, e.g., TLS, or %NULL if not found
+ *
+ * This function maps EAP type numbers into EAP type names based on the list of
+ * EAP methods included in the build.
+ */
+const char * eap_get_name(int vendor, EapType type)
+{
+ struct eap_method *m;
+ for (m = eap_methods; m; m = m->next) {
+ if (m->vendor == vendor && m->method == type)
+ return m->name;
+ }
+ return NULL;
+}
+
+
+/**
+ * eap_get_names - Get space separated list of names for supported EAP methods
+ * @buf: Buffer for names
+ * @buflen: Buffer length
+ * Returns: Number of characters written into buf (not including nul
+ * termination)
+ */
+size_t eap_get_names(char *buf, size_t buflen)
+{
+ char *pos, *end;
+ struct eap_method *m;
+ int ret;
+
+ if (buflen == 0)
+ return 0;
+
+ pos = buf;
+ end = pos + buflen;
+
+ for (m = eap_methods; m; m = m->next) {
+ ret = os_snprintf(pos, end - pos, "%s%s",
+ m == eap_methods ? "" : " ", m->name);
+ if (ret < 0 || ret >= end - pos)
+ break;
+ pos += ret;
+ }
+ buf[buflen - 1] = '\0';
+
+ return pos - buf;
+}
+
+
+/**
+ * eap_get_names_as_string_array - Get supported EAP methods as string array
+ * @num: Buffer for returning the number of items in array, not including %NULL
+ * terminator. This parameter can be %NULL if the length is not needed.
+ * Returns: A %NULL-terminated array of strings, or %NULL on error.
+ *
+ * This function returns the list of names for all supported EAP methods as an
+ * array of strings. The caller must free the returned array items and the
+ * array.
+ */
+char ** eap_get_names_as_string_array(size_t *num)
+{
+ struct eap_method *m;
+ size_t array_len = 0;
+ char **array;
+ int i = 0, j;
+
+ for (m = eap_methods; m; m = m->next)
+ array_len++;
+
+ array = os_zalloc(sizeof(char *) * (array_len + 1));
+ if (array == NULL)
+ return NULL;
+
+ for (m = eap_methods; m; m = m->next) {
+ array[i++] = os_strdup(m->name);
+ if (array[i - 1] == NULL) {
+ for (j = 0; j < i; j++)
+ os_free(array[j]);
+ os_free(array);
+ return NULL;
+ }
+ }
+ array[i] = NULL;
+
+ if (num)
+ *num = array_len;
+
+ return array;
+}
+
+
+/**
+ * eap_peer_get_methods - Get a list of enabled EAP peer methods
+ * @count: Set to number of available methods
+ * Returns: List of enabled EAP peer methods
+ */
+const struct eap_method * eap_peer_get_methods(size_t *count)
+{
+ int c = 0;
+ struct eap_method *m;
+
+ for (m = eap_methods; m; m = m->next)
+ c++;
+
+ *count = c;
+ return eap_methods;
+}
+
+
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+/**
+ * eap_peer_method_load - Load a dynamic EAP method library (shared object)
+ * @so: File path for the shared object file to load
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_peer_method_load(const char *so)
+{
+ void *handle;
+ int (*dyn_init)(void);
+ int ret;
+
+ handle = dlopen(so, RTLD_LAZY);
+ if (handle == NULL) {
+ wpa_printf(MSG_ERROR, "EAP: Failed to open dynamic EAP method "
+ "'%s': %s", so, dlerror());
+ return -1;
+ }
+
+ dyn_init = dlsym(handle, "eap_peer_method_dynamic_init");
+ if (dyn_init == NULL) {
+ dlclose(handle);
+ wpa_printf(MSG_ERROR, "EAP: Invalid EAP method '%s' - no "
+ "eap_peer_method_dynamic_init()", so);
+ return -1;
+ }
+
+ ret = dyn_init();
+ if (ret) {
+ dlclose(handle);
+ wpa_printf(MSG_ERROR, "EAP: Failed to add EAP method '%s' - "
+ "ret %d", so, ret);
+ return ret;
+ }
+
+ /* Store the handle for this shared object. It will be freed with
+ * dlclose() when the EAP method is unregistered. */
+ eap_methods->dl_handle = handle;
+
+ wpa_printf(MSG_DEBUG, "EAP: Loaded dynamic EAP method: '%s'", so);
+
+ return 0;
+}
+
+
+/**
+ * eap_peer_method_unload - Unload a dynamic EAP method library (shared object)
+ * @method: Pointer to the dynamically loaded EAP method
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function can be used to unload EAP methods that have been previously
+ * loaded with eap_peer_method_load(). Before unloading the method, all
+ * references to the method must be removed to make sure that no dereferences
+ * of freed memory will occur after unloading.
+ */
+int eap_peer_method_unload(struct eap_method *method)
+{
+ struct eap_method *m, *prev;
+ void *handle;
+
+ m = eap_methods;
+ prev = NULL;
+ while (m) {
+ if (m == method)
+ break;
+ prev = m;
+ m = m->next;
+ }
+
+ if (m == NULL || m->dl_handle == NULL)
+ return -1;
+
+ if (prev)
+ prev->next = m->next;
+ else
+ eap_methods = m->next;
+
+ handle = m->dl_handle;
+
+ if (m->free)
+ m->free(m);
+ else
+ eap_peer_method_free(m);
+
+ dlclose(handle);
+
+ return 0;
+}
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+
+/**
+ * eap_peer_method_alloc - Allocate EAP peer method structure
+ * @version: Version of the EAP peer method interface (set to
+ * EAP_PEER_METHOD_INTERFACE_VERSION)
+ * @vendor: EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF)
+ * @method: EAP type number (EAP_TYPE_*)
+ * @name: Name of the method (e.g., "TLS")
+ * Returns: Allocated EAP method structure or %NULL on failure
+ *
+ * The returned structure should be freed with eap_peer_method_free() when it
+ * is not needed anymore.
+ */
+struct eap_method * eap_peer_method_alloc(int version, int vendor,
+ EapType method, const char *name)
+{
+ struct eap_method *eap;
+ eap = os_zalloc(sizeof(*eap));
+ if (eap == NULL)
+ return NULL;
+ eap->version = version;
+ eap->vendor = vendor;
+ eap->method = method;
+ eap->name = name;
+ return eap;
+}
+
+
+/**
+ * eap_peer_method_free - Free EAP peer method structure
+ * @method: Method structure allocated with eap_peer_method_alloc()
+ */
+void eap_peer_method_free(struct eap_method *method)
+{
+ os_free(method);
+}
+
+
+/**
+ * eap_peer_method_register - Register an EAP peer method
+ * @method: EAP method to register
+ * Returns: 0 on success, -1 on invalid method, or -2 if a matching EAP method
+ * has already been registered
+ *
+ * Each EAP peer method needs to call this function to register itself as a
+ * supported EAP method.
+ */
+int eap_peer_method_register(struct eap_method *method)
+{
+ struct eap_method *m, *last = NULL;
+
+ if (method == NULL || method->name == NULL ||
+ method->version != EAP_PEER_METHOD_INTERFACE_VERSION)
+ return -1;
+
+ for (m = eap_methods; m; m = m->next) {
+ if ((m->vendor == method->vendor &&
+ m->method == method->method) ||
+ os_strcmp(m->name, method->name) == 0)
+ return -2;
+ last = m;
+ }
+
+ if (last)
+ last->next = method;
+ else
+ eap_methods = method;
+
+ return 0;
+}
+
+
+/**
+ * eap_peer_register_methods - Register statically linked EAP peer methods
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called at program initialization to register all EAP peer
+ * methods that were linked in statically.
+ */
+int eap_peer_register_methods(void)
+{
+ int ret = 0;
+
+#ifdef EAP_MD5
+ if (ret == 0) {
+ int eap_peer_md5_register(void);
+ ret = eap_peer_md5_register();
+ }
+#endif /* EAP_MD5 */
+
+#ifdef EAP_TLS
+ if (ret == 0) {
+ int eap_peer_tls_register(void);
+ ret = eap_peer_tls_register();
+ }
+#endif /* EAP_TLS */
+
+#ifdef EAP_MSCHAPv2
+ if (ret == 0) {
+ int eap_peer_mschapv2_register(void);
+ ret = eap_peer_mschapv2_register();
+ }
+#endif /* EAP_MSCHAPv2 */
+
+#ifdef EAP_PEAP
+ if (ret == 0) {
+ int eap_peer_peap_register(void);
+ ret = eap_peer_peap_register();
+ }
+#endif /* EAP_PEAP */
+
+#ifdef EAP_TTLS
+ if (ret == 0) {
+ int eap_peer_ttls_register(void);
+ ret = eap_peer_ttls_register();
+ }
+#endif /* EAP_TTLS */
+
+#ifdef EAP_GTC
+ if (ret == 0) {
+ int eap_peer_gtc_register(void);
+ ret = eap_peer_gtc_register();
+ }
+#endif /* EAP_GTC */
+
+#ifdef EAP_OTP
+ if (ret == 0) {
+ int eap_peer_otp_register(void);
+ ret = eap_peer_otp_register();
+ }
+#endif /* EAP_OTP */
+
+#ifdef EAP_SIM
+ if (ret == 0) {
+ int eap_peer_sim_register(void);
+ ret = eap_peer_sim_register();
+ }
+#endif /* EAP_SIM */
+
+#ifdef EAP_LEAP
+ if (ret == 0) {
+ int eap_peer_leap_register(void);
+ ret = eap_peer_leap_register();
+ }
+#endif /* EAP_LEAP */
+
+#ifdef EAP_PSK
+ if (ret == 0) {
+ int eap_peer_psk_register(void);
+ ret = eap_peer_psk_register();
+ }
+#endif /* EAP_PSK */
+
+#ifdef EAP_AKA
+ if (ret == 0) {
+ int eap_peer_aka_register(void);
+ ret = eap_peer_aka_register();
+ }
+#endif /* EAP_AKA */
+
+#ifdef EAP_FAST
+ if (ret == 0) {
+ int eap_peer_fast_register(void);
+ ret = eap_peer_fast_register();
+ }
+#endif /* EAP_FAST */
+
+#ifdef EAP_PAX
+ if (ret == 0) {
+ int eap_peer_pax_register(void);
+ ret = eap_peer_pax_register();
+ }
+#endif /* EAP_PAX */
+
+#ifdef EAP_SAKE
+ if (ret == 0) {
+ int eap_peer_sake_register(void);
+ ret = eap_peer_sake_register();
+ }
+#endif /* EAP_SAKE */
+
+#ifdef EAP_GPSK
+ if (ret == 0) {
+ int eap_peer_gpsk_register(void);
+ ret = eap_peer_gpsk_register();
+ }
+#endif /* EAP_GPSK */
+
+#ifdef EAP_VENDOR_TEST
+ if (ret == 0) {
+ int eap_peer_vendor_test_register(void);
+ ret = eap_peer_vendor_test_register();
+ }
+#endif /* EAP_VENDOR_TEST */
+
+ return ret;
+}
+
+
+/**
+ * eap_peer_unregister_methods - Unregister EAP peer methods
+ *
+ * This function is called at program termination to unregister all EAP peer
+ * methods.
+ */
+void eap_peer_unregister_methods(void)
+{
+ struct eap_method *m;
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+ void *handle;
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+ while (eap_methods) {
+ m = eap_methods;
+ eap_methods = eap_methods->next;
+
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+ handle = m->dl_handle;
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+ if (m->free)
+ m->free(m);
+ else
+ eap_peer_method_free(m);
+
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+ if (handle)
+ dlclose(handle);
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+ }
+}
--- /dev/null
+/*
+ * EAP peer: Method registration
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_METHODS_H
+#define EAP_METHODS_H
+
+#include "eap_defs.h"
+
+const struct eap_method * eap_sm_get_eap_methods(int vendor, EapType method);
+const struct eap_method * eap_peer_get_methods(size_t *count);
+
+struct eap_method * eap_peer_method_alloc(int version, int vendor,
+ EapType method, const char *name);
+void eap_peer_method_free(struct eap_method *method);
+int eap_peer_method_register(struct eap_method *method);
+
+
+#ifdef IEEE8021X_EAPOL
+
+EapType eap_get_type(const char *name, int *vendor);
+const char * eap_get_name(int vendor, EapType type);
+size_t eap_get_names(char *buf, size_t buflen);
+char ** eap_get_names_as_string_array(size_t *num);
+int eap_peer_register_methods(void);
+void eap_peer_unregister_methods(void);
+
+#else /* IEEE8021X_EAPOL */
+
+static inline EapType eap_get_type(const char *name, int *vendor)
+{
+ *vendor = EAP_VENDOR_IETF;
+ return EAP_TYPE_NONE;
+}
+
+static inline const char * eap_get_name(int vendor, EapType type)
+{
+ return NULL;
+}
+
+static inline size_t eap_get_names(char *buf, size_t buflen)
+{
+ return 0;
+}
+
+static inline int eap_peer_register_methods(void)
+{
+ return 0;
+}
+
+static inline void eap_peer_unregister_methods(void)
+{
+}
+
+#endif /* IEEE8021X_EAPOL */
+
+
+#ifdef CONFIG_DYNAMIC_EAP_METHODS
+
+int eap_peer_method_load(const char *so);
+int eap_peer_method_unload(struct eap_method *method);
+
+#else /* CONFIG_DYNAMIC_EAP_METHODS */
+
+static inline int eap_peer_method_load(const char *so)
+{
+ return 0;
+}
+
+static inline int eap_peer_method_unload(struct eap_method *method)
+{
+ return 0;
+}
+
+#endif /* CONFIG_DYNAMIC_EAP_METHODS */
+
+#endif /* EAP_METHODS_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-MSCHAPV2 (draft-kamath-pppext-eap-mschapv2-00.txt)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements EAP peer part of EAP-MSCHAPV2 method (EAP type 26).
+ * draft-kamath-pppext-eap-mschapv2-00.txt defines the Microsoft EAP CHAP
+ * Extensions Protocol, Version 2, for mutual authentication and key
+ * derivation. This encapsulates MS-CHAP-v2 protocol which is defined in
+ * RFC 2759. Use of EAP-MSCHAPV2 derived keys with MPPE cipher is described in
+ * RFC 3079.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "ms_funcs.h"
+#include "wpa_ctrl.h"
+
+
+#define MSCHAPV2_CHAL_LEN 16
+#define MSCHAPV2_NT_RESPONSE_LEN 24
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_mschapv2_hdr {
+ u8 op_code; /* MSCHAPV2_OP_* */
+ u8 mschapv2_id; /* usually same as EAP identifier; must be changed
+ * for challenges, but not for success/failure */
+ u8 ms_length[2]; /* Note: misaligned; length - 5 */
+ /* followed by data */
+} STRUCT_PACKED;
+
+/* Response Data field */
+struct ms_response {
+ u8 peer_challenge[MSCHAPV2_CHAL_LEN];
+ u8 reserved[8];
+ u8 nt_response[MSCHAPV2_NT_RESPONSE_LEN];
+ u8 flags;
+} STRUCT_PACKED;
+
+/* Change-Password Data field */
+struct ms_change_password {
+ u8 encr_password[516];
+ u8 encr_hash[16];
+ u8 peer_challenge[MSCHAPV2_CHAL_LEN];
+ u8 reserved[8];
+ u8 nt_response[MSCHAPV2_NT_RESPONSE_LEN];
+ u8 flags[2];
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define MSCHAPV2_OP_CHALLENGE 1
+#define MSCHAPV2_OP_RESPONSE 2
+#define MSCHAPV2_OP_SUCCESS 3
+#define MSCHAPV2_OP_FAILURE 4
+#define MSCHAPV2_OP_CHANGE_PASSWORD 7
+
+#define ERROR_RESTRICTED_LOGON_HOURS 646
+#define ERROR_ACCT_DISABLED 647
+#define ERROR_PASSWD_EXPIRED 648
+#define ERROR_NO_DIALIN_PERMISSION 649
+#define ERROR_AUTHENTICATION_FAILURE 691
+#define ERROR_CHANGING_PASSWORD 709
+
+#define PASSWD_CHANGE_CHAL_LEN 16
+#define MSCHAPV2_KEY_LEN 16
+
+
+struct eap_mschapv2_data {
+ u8 auth_response[20];
+ int auth_response_valid;
+
+ int prev_error;
+ u8 passwd_change_challenge[PASSWD_CHANGE_CHAL_LEN];
+ int passwd_change_challenge_valid;
+ int passwd_change_version;
+
+ /* Optional challenge values generated in EAP-FAST Phase 1 negotiation
+ */
+ u8 *peer_challenge;
+ u8 *auth_challenge;
+ int full_key;
+
+ int phase2;
+ u8 master_key[16];
+ int master_key_valid;
+ int success;
+
+ u8 *prev_challenge;
+ size_t prev_challenge_len;
+};
+
+
+static void eap_mschapv2_deinit(struct eap_sm *sm, void *priv);
+
+
+static void * eap_mschapv2_init(struct eap_sm *sm)
+{
+ struct eap_mschapv2_data *data;
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+
+ data->full_key = sm->mschapv2_full_key;
+
+ if (sm->peer_challenge) {
+ data->full_key = 1;
+ data->peer_challenge = os_malloc(MSCHAPV2_CHAL_LEN);
+ if (data->peer_challenge == NULL) {
+ eap_mschapv2_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->peer_challenge, sm->peer_challenge,
+ MSCHAPV2_CHAL_LEN);
+ }
+
+ if (sm->auth_challenge) {
+ data->auth_challenge = os_malloc(MSCHAPV2_CHAL_LEN);
+ if (data->auth_challenge == NULL) {
+ eap_mschapv2_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->auth_challenge, sm->auth_challenge,
+ MSCHAPV2_CHAL_LEN);
+ }
+
+ data->phase2 = sm->init_phase2;
+
+ return data;
+}
+
+
+static void eap_mschapv2_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_mschapv2_data *data = priv;
+ os_free(data->peer_challenge);
+ os_free(data->auth_challenge);
+ os_free(data->prev_challenge);
+ os_free(data);
+}
+
+
+static const u8 * eap_mschapv2_remove_domain(const u8 *username, size_t *len)
+{
+ size_t i;
+
+ /*
+ * MSCHAPv2 does not include optional domain name in the
+ * challenge-response calculation, so remove domain prefix
+ * (if present).
+ */
+
+ for (i = 0; i < *len; i++) {
+ if (username[i] == '\\') {
+ *len -= i + 1;
+ return username + i + 1;
+ }
+ }
+
+ return username;
+}
+
+
+static void eap_mschapv2_derive_response(
+ struct eap_mschapv2_data *data,
+ const u8 *username, size_t username_len,
+ const u8 *password, size_t password_len,
+ const u8 *auth_challenge, const u8 *peer_challenge,
+ u8 *nt_response)
+{
+ u8 password_hash[16], password_hash_hash[16];
+
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: auth_challenge",
+ auth_challenge, MSCHAPV2_CHAL_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: peer_challenge",
+ peer_challenge, MSCHAPV2_CHAL_LEN);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: username",
+ username, username_len);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-MSCHAPV2: password",
+ password, password_len);
+ generate_nt_response(auth_challenge, peer_challenge,
+ username, username_len,
+ password, password_len, nt_response);
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: response", nt_response,
+ MSCHAPV2_NT_RESPONSE_LEN);
+ /* Authenticator response is not really needed yet, but calculate it
+ * here so that challenges need not be saved. */
+ generate_authenticator_response(password, password_len,
+ peer_challenge, auth_challenge,
+ username, username_len, nt_response,
+ data->auth_response);
+ data->auth_response_valid = 1;
+
+ /* Likewise, generate master_key here since we have the needed data
+ * available. */
+ nt_password_hash(password, password_len, password_hash);
+ hash_nt_password_hash(password_hash, password_hash_hash);
+ get_master_key(password_hash_hash, nt_response, data->master_key);
+ data->master_key_valid = 1;
+}
+
+
+static u8 * eap_mschapv2_challenge_reply(struct eap_sm *sm,
+ struct eap_mschapv2_data *data, u8 id,
+ u8 mschapv2_id,
+ const u8 *auth_challenge,
+ size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ struct eap_mschapv2_hdr *ms;
+ u8 *rpos, *peer_challenge;
+ int ms_len;
+ struct ms_response *r;
+ size_t username_len, identity_len, password_len;
+ const u8 *username, *identity, *password;
+
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Generating Challenge Response");
+
+ identity = eap_get_config_identity(sm, &identity_len);
+ password = eap_get_config_password(sm, &password_len);
+ if (identity == NULL || password == NULL)
+ return NULL;
+
+ username_len = identity_len;
+ username = eap_mschapv2_remove_domain(identity, &username_len);
+
+ ms_len = sizeof(*ms) + 1 + sizeof(*r) + identity_len;
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respDataLen,
+ ms_len, EAP_CODE_RESPONSE, id, &rpos);
+ if (resp == NULL)
+ return NULL;
+
+ ms = (struct eap_mschapv2_hdr *) rpos;
+ ms->op_code = MSCHAPV2_OP_RESPONSE;
+ ms->mschapv2_id = mschapv2_id;
+ if (data->prev_error) {
+ /*
+ * TODO: this does not seem to be enough when processing two
+ * or more failure messages. IAS did not increment mschapv2_id
+ * in its own packets, but it seemed to expect the peer to
+ * increment this for all packets(?).
+ */
+ ms->mschapv2_id++;
+ }
+ WPA_PUT_BE16(ms->ms_length, ms_len);
+ rpos = (u8 *) (ms + 1);
+ *rpos++ = sizeof(*r); /* Value-Size */
+
+ /* Response */
+ r = (struct ms_response *) rpos;
+ peer_challenge = r->peer_challenge;
+ if (data->peer_challenge) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: peer_challenge generated "
+ "in Phase 1");
+ peer_challenge = data->peer_challenge;
+ os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN);
+ } else if (os_get_random(peer_challenge, MSCHAPV2_CHAL_LEN)) {
+ os_free(resp);
+ return NULL;
+ }
+ os_memset(r->reserved, 0, 8);
+ if (data->auth_challenge) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: auth_challenge generated "
+ "in Phase 1");
+ auth_challenge = data->auth_challenge;
+ }
+ eap_mschapv2_derive_response(data, username, username_len,
+ password, password_len,
+ auth_challenge, peer_challenge,
+ r->nt_response);
+
+ r->flags = 0; /* reserved, must be zero */
+
+ os_memcpy((u8 *) (r + 1), identity, identity_len);
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: TX identifier %d mschapv2_id %d "
+ "(response)", resp->identifier, ms->mschapv2_id);
+ return (u8 *) resp;
+}
+
+
+/**
+ * eap_mschapv2_process - Process an EAP-MSCHAPv2 challenge message
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Pointer to private EAP method data from eap_mschapv2_init()
+ * @ret: Return values from EAP request validation and processing
+ * @req: Pointer to EAP-MSCHAPv2 header from the request
+ * @req_len: Length of the EAP-MSCHAPv2 data
+ * @id: EAP identifier used in th erequest
+ * @respDataLen: Length of the returned EAP response
+ * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if
+ * no reply available
+ */
+static u8 * eap_mschapv2_challenge(struct eap_sm *sm,
+ struct eap_mschapv2_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_mschapv2_hdr *req,
+ size_t req_len, u8 id, size_t *respDataLen)
+{
+ size_t len, challenge_len;
+ const u8 *pos, *challenge;
+
+ if (eap_get_config_identity(sm, &len) == NULL ||
+ eap_get_config_password(sm, &len) == NULL)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received challenge");
+ if (req_len < sizeof(*req) + 1) {
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Too short challenge data "
+ "(len %lu)", (unsigned long) req_len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos = (const u8 *) (req + 1);
+ challenge_len = *pos++;
+ len = req_len - sizeof(*req) - 1;
+ if (challenge_len != MSCHAPV2_CHAL_LEN) {
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid challenge length "
+ "%lu", (unsigned long) challenge_len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (len < challenge_len) {
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Too short challenge"
+ " packet: len=%lu challenge_len=%lu",
+ (unsigned long) len, (unsigned long) challenge_len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->passwd_change_challenge_valid) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Using challenge from the "
+ "failure message");
+ challenge = data->passwd_change_challenge;
+ } else
+ challenge = pos;
+ pos += challenge_len;
+ len -= challenge_len;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Authentication Servername",
+ pos, len);
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ return eap_mschapv2_challenge_reply(sm, data, id, req->mschapv2_id,
+ challenge, respDataLen);
+}
+
+
+static void eap_mschapv2_password_changed(struct eap_sm *sm,
+ struct eap_mschapv2_data *data)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config && config->new_password) {
+ wpa_msg(sm->msg_ctx, MSG_INFO,
+ WPA_EVENT_PASSWORD_CHANGED
+ "EAP-MSCHAPV2: Password changed successfully");
+ data->prev_error = 0;
+ os_free(config->password);
+ config->password = config->new_password;
+ config->new_password = NULL;
+ config->password_len = config->new_password_len;
+ config->new_password_len = 0;
+ }
+}
+
+
+/**
+ * eap_mschapv2_process - Process an EAP-MSCHAPv2 success message
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Pointer to private EAP method data from eap_mschapv2_init()
+ * @ret: Return values from EAP request validation and processing
+ * @req: Pointer to EAP-MSCHAPv2 header from the request
+ * @req_len: Length of the EAP-MSCHAPv2 data
+ * @id: EAP identifier used in th erequest
+ * @respDataLen: Length of the returned EAP response
+ * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if
+ * no reply available
+ */
+static u8 * eap_mschapv2_success(struct eap_sm *sm,
+ struct eap_mschapv2_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_mschapv2_hdr *req,
+ size_t req_len, u8 id, size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ struct eap_mschapv2_hdr *ms;
+ const u8 *pos;
+ u8 recv_response[20];
+ size_t len;
+ u8 *rpos;
+
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received success");
+ len = req_len - sizeof(*req);
+ pos = (const u8 *) (req + 1);
+ if (!data->auth_response_valid || len < 42 ||
+ pos[0] != 'S' || pos[1] != '=' ||
+ hexstr2bin((char *) (pos + 2), recv_response, 20) ||
+ os_memcmp(data->auth_response, recv_response, 20) != 0) {
+ wpa_printf(MSG_WARNING, "EAP-MSCHAPV2: Invalid authenticator "
+ "response in success request");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+ pos += 42;
+ len -= 42;
+ while (len > 0 && *pos == ' ') {
+ pos++;
+ len--;
+ }
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Success message",
+ pos, len);
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Authentication succeeded");
+
+ /* Note: Only op_code of the EAP-MSCHAPV2 header is included in success
+ * message. */
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respDataLen,
+ 1, EAP_CODE_RESPONSE, id, &rpos);
+ if (resp == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Failed to allocate "
+ "buffer for success response");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ms = (struct eap_mschapv2_hdr *) rpos;
+ ms->op_code = MSCHAPV2_OP_SUCCESS;
+
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ ret->allowNotifications = FALSE;
+ data->success = 1;
+
+ if (data->prev_error == ERROR_PASSWD_EXPIRED)
+ eap_mschapv2_password_changed(sm, data);
+
+ return (u8 *) resp;
+}
+
+
+static int eap_mschapv2_failure_txt(struct eap_sm *sm,
+ struct eap_mschapv2_data *data, char *txt)
+{
+ char *pos, *msg = "";
+ int retry = 1;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ /* For example:
+ * E=691 R=1 C=<32 octets hex challenge> V=3 M=Authentication Failure
+ */
+
+ pos = txt;
+
+ if (pos && os_strncmp(pos, "E=", 2) == 0) {
+ pos += 2;
+ data->prev_error = atoi(pos);
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: error %d",
+ data->prev_error);
+ pos = os_strchr(pos, ' ');
+ if (pos)
+ pos++;
+ }
+
+ if (pos && os_strncmp(pos, "R=", 2) == 0) {
+ pos += 2;
+ retry = atoi(pos);
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: retry is %sallowed",
+ retry == 1 ? "" : "not ");
+ pos = os_strchr(pos, ' ');
+ if (pos)
+ pos++;
+ }
+
+ if (pos && os_strncmp(pos, "C=", 2) == 0) {
+ int hex_len;
+ pos += 2;
+ hex_len = os_strchr(pos, ' ') - (char *) pos;
+ if (hex_len == PASSWD_CHANGE_CHAL_LEN * 2) {
+ if (hexstr2bin(pos, data->passwd_change_challenge,
+ PASSWD_CHANGE_CHAL_LEN)) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: invalid "
+ "failure challenge");
+ } else {
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: failure "
+ "challenge",
+ data->passwd_change_challenge,
+ PASSWD_CHANGE_CHAL_LEN);
+ data->passwd_change_challenge_valid = 1;
+ }
+ } else {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: invalid failure "
+ "challenge len %d", hex_len);
+ }
+ pos = os_strchr(pos, ' ');
+ if (pos)
+ pos++;
+ } else {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: required challenge field "
+ "was not present in failure message");
+ }
+
+ if (pos && os_strncmp(pos, "V=", 2) == 0) {
+ pos += 2;
+ data->passwd_change_version = atoi(pos);
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: password changing "
+ "protocol version %d", data->passwd_change_version);
+ pos = os_strchr(pos, ' ');
+ if (pos)
+ pos++;
+ }
+
+ if (pos && os_strncmp(pos, "M=", 2) == 0) {
+ pos += 2;
+ msg = pos;
+ }
+ wpa_msg(sm->msg_ctx, MSG_WARNING,
+ "EAP-MSCHAPV2: failure message: '%s' (retry %sallowed, error "
+ "%d)",
+ msg, retry == 1 ? "" : "not ", data->prev_error);
+ if (data->prev_error == ERROR_PASSWD_EXPIRED &&
+ data->passwd_change_version == 3 && config) {
+ if (config->new_password == NULL) {
+ wpa_msg(sm->msg_ctx, MSG_INFO,
+ "EAP-MSCHAPV2: Password expired - password "
+ "change required");
+ eap_sm_request_new_password(sm);
+ }
+ } else if (retry == 1 && config) {
+ /* TODO: could prevent the current password from being used
+ * again at least for some period of time */
+ if (!config->mschapv2_retry)
+ eap_sm_request_identity(sm);
+ eap_sm_request_password(sm);
+ config->mschapv2_retry = 1;
+ } else if (config) {
+ /* TODO: prevent retries using same username/password */
+ config->mschapv2_retry = 0;
+ }
+
+ return retry == 1;
+}
+
+
+static u8 * eap_mschapv2_change_password(struct eap_sm *sm,
+ struct eap_mschapv2_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_mschapv2_hdr *req,
+ u8 id, size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ int ms_len;
+ const u8 *username, *password, *new_password;
+ u8 *pos;
+ size_t username_len, password_len, new_password_len;
+ struct eap_mschapv2_hdr *ms;
+ struct ms_change_password *cp;
+
+ username = eap_get_config_identity(sm, &username_len);
+ password = eap_get_config_password(sm, &password_len);
+ new_password = eap_get_config_new_password(sm, &new_password_len);
+ if (username == NULL || password == NULL || new_password == NULL)
+ return NULL;
+
+ username = eap_mschapv2_remove_domain(username, &username_len);
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ ret->allowNotifications = TRUE;
+
+ ms_len = sizeof(*ms) + sizeof(*cp);
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respDataLen,
+ ms_len, EAP_CODE_RESPONSE, id, &pos);
+ if (resp == NULL)
+ return NULL;
+
+ ms = (struct eap_mschapv2_hdr *) pos;
+ ms->op_code = MSCHAPV2_OP_CHANGE_PASSWORD;
+ ms->mschapv2_id = req->mschapv2_id + 1;
+ WPA_PUT_BE16(ms->ms_length, ms_len);
+ cp = (struct ms_change_password *) (ms + 1);
+
+ /* Encrypted-Password */
+ new_password_encrypted_with_old_nt_password_hash(
+ new_password, new_password_len,
+ password, password_len, cp->encr_password);
+
+ /* Encrypted-Hash */
+ old_nt_password_hash_encrypted_with_new_nt_password_hash(
+ new_password, new_password_len,
+ password, password_len, cp->encr_hash);
+
+ /* Peer-Challenge */
+ if (os_get_random(cp->peer_challenge, MSCHAPV2_CHAL_LEN)) {
+ os_free(resp);
+ return NULL;
+ }
+
+ /* Reserved, must be zero */
+ os_memset(cp->reserved, 0, 8);
+
+ /* NT-Response */
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: auth_challenge",
+ data->passwd_change_challenge, PASSWD_CHANGE_CHAL_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: peer_challenge",
+ cp->peer_challenge, MSCHAPV2_CHAL_LEN);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: username",
+ username, username_len);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-MSCHAPV2: new password",
+ new_password, new_password_len);
+ generate_nt_response(data->passwd_change_challenge, cp->peer_challenge,
+ username, username_len,
+ new_password, new_password_len,
+ cp->nt_response);
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: NT-Response",
+ cp->nt_response, MSCHAPV2_NT_RESPONSE_LEN);
+
+ /* Authenticator response is not really needed yet, but calculate it
+ * here so that challenges need not be saved. */
+ generate_authenticator_response(new_password, new_password_len,
+ cp->peer_challenge,
+ data->passwd_change_challenge,
+ username, username_len,
+ cp->nt_response, data->auth_response);
+ data->auth_response_valid = 1;
+
+ /* Flags */
+ os_memset(cp->flags, 0, 2);
+
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: TX identifier %d mschapv2_id %d "
+ "(change pw)", resp->identifier, ms->mschapv2_id);
+
+ return (u8 *) resp;
+}
+
+
+/**
+ * eap_mschapv2_process - Process an EAP-MSCHAPv2 failure message
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Pointer to private EAP method data from eap_mschapv2_init()
+ * @ret: Return values from EAP request validation and processing
+ * @req: Pointer to EAP-MSCHAPv2 header from the request
+ * @req_len: Length of the EAP-MSCHAPv2 data
+ * @id: EAP identifier used in th erequest
+ * @respDataLen: Length of the returned EAP response
+ * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if
+ * no reply available
+ */
+static u8 * eap_mschapv2_failure(struct eap_sm *sm,
+ struct eap_mschapv2_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_mschapv2_hdr *req,
+ size_t req_len, u8 id, size_t *respDataLen)
+{
+ struct eap_hdr *resp;
+ const u8 *msdata = (const u8 *) (req + 1);
+ char *buf;
+ size_t len = req_len - sizeof(*req);
+ int retry = 0;
+ struct eap_mschapv2_hdr *ms;
+ u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received failure");
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Failure data",
+ msdata, len);
+ /*
+ * eap_mschapv2_failure_txt() expects a nul terminated string, so we
+ * must allocate a large enough temporary buffer to create that since
+ * the received message does not include nul termination.
+ */
+ buf = os_malloc(len + 1);
+ if (buf) {
+ os_memcpy(buf, msdata, len);
+ buf[len] = '\0';
+ retry = eap_mschapv2_failure_txt(sm, data, buf);
+ os_free(buf);
+ }
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+
+ if (data->prev_error == ERROR_PASSWD_EXPIRED &&
+ data->passwd_change_version == 3) {
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config && config->new_password)
+ return eap_mschapv2_change_password(sm, data, ret, req,
+ id, respDataLen);
+ if (config && config->pending_req_new_password)
+ return NULL;
+ } else if (retry && data->prev_error == ERROR_AUTHENTICATION_FAILURE) {
+ /* TODO: could try to retry authentication, e.g, after having
+ * changed the username/password. In this case, EAP MS-CHAP-v2
+ * Failure Response would not be sent here. */
+ return NULL;
+ }
+
+ /* Note: Only op_code of the EAP-MSCHAPV2 header is included in failure
+ * message. */
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respDataLen,
+ 1, EAP_CODE_RESPONSE, id, &pos);
+ if (resp == NULL)
+ return NULL;
+
+ ms = (struct eap_mschapv2_hdr *) pos;
+ ms->op_code = MSCHAPV2_OP_FAILURE;
+
+ return (u8 *) resp;
+}
+
+
+static int eap_mschapv2_check_config(struct eap_sm *sm)
+{
+ size_t len;
+
+ if (eap_get_config_identity(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Identity not configured");
+ eap_sm_request_identity(sm);
+ return -1;
+ }
+
+ if (eap_get_config_password(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
+ eap_sm_request_password(sm);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int eap_mschapv2_check_mslen(struct eap_sm *sm, size_t len,
+ const struct eap_mschapv2_hdr *ms)
+{
+ size_t ms_len = WPA_GET_BE16(ms->ms_length);
+
+ if (ms_len == len)
+ return 0;
+
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid header: len=%lu "
+ "ms_len=%lu", (unsigned long) len, (unsigned long) ms_len);
+ if (sm->workaround) {
+ /* Some authentication servers use invalid ms_len,
+ * ignore it for interoperability. */
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: workaround, ignore"
+ " invalid ms_len %lu (len %lu)",
+ (unsigned long) ms_len,
+ (unsigned long) len);
+ return 0;
+ }
+
+ return -1;
+}
+
+
+static void eap_mschapv2_copy_challenge(struct eap_mschapv2_data *data,
+ const u8 *reqData, size_t reqDataLen)
+{
+ /*
+ * Store a copy of the challenge message, so that it can be processed
+ * again in case retry is allowed after a possible failure.
+ */
+ os_free(data->prev_challenge);
+ data->prev_challenge = os_malloc(reqDataLen);
+ if (data->prev_challenge) {
+ data->prev_challenge_len = reqDataLen;
+ os_memcpy(data->prev_challenge, reqData, reqDataLen);
+ }
+}
+
+
+/**
+ * eap_mschapv2_process - Process an EAP-MSCHAPv2 request
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_mschapv2_init()
+ * @ret: Return values from EAP request validation and processing
+ * @reqData: EAP request to be processed (eapReqData)
+ * @reqDataLen: Length of the EAP request
+ * @respDataLen: Length of the returned EAP response
+ * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if
+ * no reply available
+ */
+static u8 * eap_mschapv2_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_mschapv2_data *data = priv;
+ struct wpa_ssid *config = eap_get_config(sm);
+ const struct eap_hdr *req;
+ const struct eap_mschapv2_hdr *ms;
+ int using_prev_challenge = 0;
+ const u8 *pos;
+ size_t len;
+
+ if (eap_mschapv2_check_config(sm)) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (config->mschapv2_retry && data->prev_challenge &&
+ data->prev_error == ERROR_AUTHENTICATION_FAILURE) {
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Replacing pending packet "
+ "with the previous challenge");
+
+ reqData = data->prev_challenge;
+ reqDataLen = data->prev_challenge_len;
+ using_prev_challenge = 1;
+ config->mschapv2_retry = 0;
+ }
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < sizeof(*ms) + 1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ms = (const struct eap_mschapv2_hdr *) pos;
+ if (eap_mschapv2_check_mslen(sm, len, ms)) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ req = (const struct eap_hdr *) reqData;
+ wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: RX identifier %d mschapv2_id %d",
+ req->identifier, ms->mschapv2_id);
+
+ switch (ms->op_code) {
+ case MSCHAPV2_OP_CHALLENGE:
+ if (!using_prev_challenge)
+ eap_mschapv2_copy_challenge(data, reqData, reqDataLen);
+ return eap_mschapv2_challenge(sm, data, ret, ms, len,
+ req->identifier, respDataLen);
+ case MSCHAPV2_OP_SUCCESS:
+ return eap_mschapv2_success(sm, data, ret, ms, len,
+ req->identifier, respDataLen);
+ case MSCHAPV2_OP_FAILURE:
+ return eap_mschapv2_failure(sm, data, ret, ms, len,
+ req->identifier, respDataLen);
+ default:
+ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Unknown op %d - ignored",
+ ms->op_code);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+}
+
+
+static Boolean eap_mschapv2_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_mschapv2_data *data = priv;
+ return data->success && data->master_key_valid;
+}
+
+
+static u8 * eap_mschapv2_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_mschapv2_data *data = priv;
+ u8 *key;
+ int key_len;
+
+ if (!data->master_key_valid || !data->success)
+ return NULL;
+
+ if (data->full_key) {
+ /* EAP-FAST needs both send and receive keys */
+ key_len = 2 * MSCHAPV2_KEY_LEN;
+ } else {
+ key_len = MSCHAPV2_KEY_LEN;
+ }
+
+ key = os_malloc(key_len);
+ if (key == NULL)
+ return NULL;
+
+ if (data->full_key) {
+ get_asymetric_start_key(data->master_key, key,
+ MSCHAPV2_KEY_LEN, 0, 0);
+ get_asymetric_start_key(data->master_key,
+ key + MSCHAPV2_KEY_LEN,
+ MSCHAPV2_KEY_LEN, 1, 0);
+ } else {
+ get_asymetric_start_key(data->master_key, key,
+ MSCHAPV2_KEY_LEN, 1, 0);
+ }
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-MSCHAPV2: Derived key",
+ key, key_len);
+
+ *len = key_len;
+ return key;
+}
+
+
+/**
+ * eap_peer_mschapv2_register - Register EAP-MSCHAPv2 peer method
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to register EAP-MSCHAPv2 peer method into the EAP
+ * method list.
+ */
+int eap_peer_mschapv2_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2,
+ "MSCHAPV2");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_mschapv2_init;
+ eap->deinit = eap_mschapv2_deinit;
+ eap->process = eap_mschapv2_process;
+ eap->isKeyAvailable = eap_mschapv2_isKeyAvailable;
+ eap->getKey = eap_mschapv2_getKey;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-OTP (RFC 3748)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+
+
+static void * eap_otp_init(struct eap_sm *sm)
+{
+ /* No need for private data. However, must return non-NULL to indicate
+ * success. */
+ return (void *) 1;
+}
+
+
+static void eap_otp_deinit(struct eap_sm *sm, void *priv)
+{
+}
+
+
+static u8 * eap_otp_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ const u8 *pos, *password;
+ u8 *rpos;
+ size_t password_len, len;
+ int otp;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_OTP,
+ reqData, reqDataLen, &len);
+ if (pos == NULL) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ req = (const struct eap_hdr *) reqData;
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-OTP: Request message",
+ pos, len);
+
+ password = eap_get_config_otp(sm, &password_len);
+ if (password)
+ otp = 1;
+ else {
+ password = eap_get_config_password(sm, &password_len);
+ otp = 0;
+ }
+
+ if (password == NULL) {
+ wpa_printf(MSG_INFO, "EAP-OTP: Password not configured");
+ eap_sm_request_otp(sm, (const char *) pos, len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ret->ignore = FALSE;
+
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_COND_SUCC;
+ ret->allowNotifications = FALSE;
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_OTP, respDataLen,
+ password_len, EAP_CODE_RESPONSE, req->identifier,
+ &rpos);
+ if (resp == NULL)
+ return NULL;
+ os_memcpy(rpos, password, password_len);
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-OTP: Response",
+ password, password_len);
+
+ if (otp) {
+ wpa_printf(MSG_DEBUG, "EAP-OTP: Forgetting used password");
+ eap_clear_config_otp(sm);
+ }
+
+ return (u8 *) resp;
+}
+
+
+int eap_peer_otp_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_OTP, "OTP");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_otp_init;
+ eap->deinit = eap_otp_deinit;
+ eap->process = eap_otp_process;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-PAX (RFC 4746)
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "eap_pax_common.h"
+#include "sha1.h"
+#include "crypto.h"
+
+/*
+ * Note: only PAX_STD subprotocol is currently supported
+ *
+ * TODO: Add support with PAX_SEC with the mandatory to implement ciphersuite
+ * (HMAC_SHA1_128, IANA DH Group 14 (2048 bits), RSA-PKCS1-V1_5) and
+ * recommended ciphersuite (HMAC_SHA256_128, IANA DH Group 15 (3072 bits),
+ * RSAES-OAEP).
+ */
+
+struct eap_pax_data {
+ enum { PAX_INIT, PAX_STD_2_SENT, PAX_DONE } state;
+ u8 mac_id, dh_group_id, public_key_id;
+ union {
+ u8 e[2 * EAP_PAX_RAND_LEN];
+ struct {
+ u8 x[EAP_PAX_RAND_LEN]; /* server rand */
+ u8 y[EAP_PAX_RAND_LEN]; /* client rand */
+ } r;
+ } rand;
+ char *cid;
+ size_t cid_len;
+ u8 ak[EAP_PAX_AK_LEN];
+ u8 mk[EAP_PAX_MK_LEN];
+ u8 ck[EAP_PAX_CK_LEN];
+ u8 ick[EAP_PAX_ICK_LEN];
+};
+
+
+static void eap_pax_deinit(struct eap_sm *sm, void *priv);
+
+
+static void * eap_pax_init(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_pax_data *data;
+
+ if (config == NULL || !config->nai ||
+ (!config->eappsk && !config->password)) {
+ wpa_printf(MSG_INFO, "EAP-PAX: CID (nai) or key "
+ "(eappsk/password) not configured");
+ return NULL;
+ }
+
+ if (config->eappsk && config->eappsk_len != EAP_PAX_AK_LEN) {
+ wpa_printf(MSG_INFO, "EAP-PAX: incorrect key length (eappsk); "
+ "expected %d", EAP_PAX_AK_LEN);
+ return NULL;
+ }
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->state = PAX_INIT;
+
+ data->cid = os_malloc(config->nai_len);
+ if (data->cid == NULL) {
+ eap_pax_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->cid, config->nai, config->nai_len);
+ data->cid_len = config->nai_len;
+
+ if (config->eappsk) {
+ os_memcpy(data->ak, config->eappsk, EAP_PAX_AK_LEN);
+ } else {
+ u8 hash[SHA1_MAC_LEN];
+ const unsigned char *addr[1];
+ size_t len[1];
+ addr[0] = config->password;
+ len[0] = config->password_len;
+ sha1_vector(1, addr, len, hash);
+ os_memcpy(data->ak, hash, EAP_PAX_AK_LEN);
+ }
+
+ return data;
+}
+
+
+static void eap_pax_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_pax_data *data = priv;
+ os_free(data->cid);
+ os_free(data);
+}
+
+
+static struct eap_pax_hdr * eap_pax_alloc_resp(const struct eap_pax_hdr *req,
+ u16 resp_len, u8 op_code)
+{
+ struct eap_pax_hdr *resp;
+
+ resp = os_malloc(resp_len);
+ if (resp == NULL)
+ return NULL;
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = req->identifier;
+ resp->length = host_to_be16(resp_len);
+ resp->type = EAP_TYPE_PAX;
+ resp->op_code = op_code;
+ resp->flags = 0;
+ resp->mac_id = req->mac_id;
+ resp->dh_group_id = req->dh_group_id;
+ resp->public_key_id = req->public_key_id;
+ return resp;
+}
+
+
+static u8 * eap_pax_process_std_1(struct eap_pax_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_pax_hdr *req;
+ struct eap_pax_hdr *resp;
+ const u8 *pos;
+ u8 *rpos;
+ size_t left;
+
+ wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (received)");
+ req = (const struct eap_pax_hdr *) reqData;
+
+ if (data->state != PAX_INIT) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 received in "
+ "unexpected state (%d) - ignored", data->state);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (req->flags & EAP_PAX_FLAGS_CE) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with CE flag set - "
+ "ignored");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ left = reqDataLen - sizeof(*req);
+
+ if (left < 2 + EAP_PAX_RAND_LEN) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with too short "
+ "payload");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = (const u8 *) (req + 1);
+ if (WPA_GET_BE16(pos) != EAP_PAX_RAND_LEN) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with incorrect A "
+ "length %d (expected %d)",
+ WPA_GET_BE16(pos), EAP_PAX_RAND_LEN);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos += 2;
+ left -= 2;
+ os_memcpy(data->rand.r.x, pos, EAP_PAX_RAND_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: X (server rand)",
+ data->rand.r.x, EAP_PAX_RAND_LEN);
+ pos += EAP_PAX_RAND_LEN;
+ left -= EAP_PAX_RAND_LEN;
+
+ if (left > 0) {
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ignored extra payload",
+ pos, left);
+ }
+
+ if (hostapd_get_rand(data->rand.r.y, EAP_PAX_RAND_LEN)) {
+ wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Y (client rand)",
+ data->rand.r.y, EAP_PAX_RAND_LEN);
+
+ if (eap_pax_initial_key_derivation(req->mac_id, data->ak, data->rand.e,
+ data->mk, data->ck, data->ick) < 0)
+ {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-2 (sending)");
+
+ *respDataLen = sizeof(*resp) + 2 + EAP_PAX_RAND_LEN +
+ 2 + data->cid_len + 2 + EAP_PAX_MAC_LEN + EAP_PAX_ICV_LEN;
+ resp = eap_pax_alloc_resp(req, *respDataLen, EAP_PAX_OP_STD_2);
+ if (resp == NULL)
+ return NULL;
+
+ rpos = (u8 *) (resp + 1);
+ *rpos++ = 0;
+ *rpos++ = EAP_PAX_RAND_LEN;
+ os_memcpy(rpos, data->rand.r.y, EAP_PAX_RAND_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: B = Y (client rand)",
+ rpos, EAP_PAX_RAND_LEN);
+ rpos += EAP_PAX_RAND_LEN;
+
+ WPA_PUT_BE16(rpos, data->cid_len);
+ rpos += 2;
+ os_memcpy(rpos, data->cid, data->cid_len);
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PAX: CID", rpos, data->cid_len);
+ rpos += data->cid_len;
+
+ *rpos++ = 0;
+ *rpos++ = EAP_PAX_MAC_LEN;
+ eap_pax_mac(req->mac_id, data->ck, EAP_PAX_CK_LEN,
+ data->rand.r.x, EAP_PAX_RAND_LEN,
+ data->rand.r.y, EAP_PAX_RAND_LEN,
+ (u8 *) data->cid, data->cid_len, rpos);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(A, B, CID)",
+ rpos, EAP_PAX_MAC_LEN);
+ rpos += EAP_PAX_MAC_LEN;
+
+ /* Optional ADE could be added here, if needed */
+
+ eap_pax_mac(req->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ (u8 *) resp, *respDataLen - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, rpos);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
+ rpos += EAP_PAX_ICV_LEN;
+
+ data->state = PAX_STD_2_SENT;
+ data->mac_id = req->mac_id;
+ data->dh_group_id = req->dh_group_id;
+ data->public_key_id = req->public_key_id;
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_pax_process_std_3(struct eap_pax_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_pax_hdr *req;
+ struct eap_pax_hdr *resp;
+ u8 *rpos, mac[EAP_PAX_MAC_LEN];
+ const u8 *pos;
+ size_t left;
+
+ wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-3 (received)");
+ req = (const struct eap_pax_hdr *) reqData;
+
+ if (data->state != PAX_STD_2_SENT) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 received in "
+ "unexpected state (%d) - ignored", data->state);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (req->flags & EAP_PAX_FLAGS_CE) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with CE flag set - "
+ "ignored");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ left = reqDataLen - sizeof(*req);
+
+ if (left < 2 + EAP_PAX_MAC_LEN) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with too short "
+ "payload");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = (const u8 *) (req + 1);
+ if (WPA_GET_BE16(pos) != EAP_PAX_MAC_LEN) {
+ wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with incorrect "
+ "MAC_CK length %d (expected %d)",
+ WPA_GET_BE16(pos), EAP_PAX_MAC_LEN);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ pos += 2;
+ left -= 2;
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
+ pos, EAP_PAX_MAC_LEN);
+ eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
+ data->rand.r.y, EAP_PAX_RAND_LEN,
+ (u8 *) data->cid, data->cid_len, NULL, 0, mac);
+ if (os_memcmp(pos, mac, EAP_PAX_MAC_LEN) != 0) {
+ wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(B, CID) "
+ "received");
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected MAC_CK(B, CID)",
+ mac, EAP_PAX_MAC_LEN);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+
+ pos += EAP_PAX_MAC_LEN;
+ left -= EAP_PAX_MAC_LEN;
+
+ if (left > 0) {
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ignored extra payload",
+ pos, left);
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-PAX: PAX-ACK (sending)");
+
+ *respDataLen = sizeof(*resp) + EAP_PAX_ICV_LEN;
+ resp = eap_pax_alloc_resp(req, *respDataLen, EAP_PAX_OP_ACK);
+ if (resp == NULL)
+ return NULL;
+
+ rpos = (u8 *) (resp + 1);
+
+ /* Optional ADE could be added here, if needed */
+
+ eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ (u8 *) resp, *respDataLen - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, rpos);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
+
+ data->state = PAX_DONE;
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ ret->allowNotifications = FALSE;
+
+ return (u8 *) resp;
+}
+
+
+static u8 * eap_pax_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_pax_data *data = priv;
+ const struct eap_pax_hdr *req;
+ u8 *resp, icvbuf[EAP_PAX_ICV_LEN];
+ const u8 *icv, *pos;
+ size_t len;
+ u16 flen;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < EAP_PAX_ICV_LEN) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ req = (const struct eap_pax_hdr *) reqData;
+ flen = be_to_host16(req->length) - EAP_PAX_ICV_LEN;
+
+ wpa_printf(MSG_DEBUG, "EAP-PAX: received frame: op_code 0x%x "
+ "flags 0x%x mac_id 0x%x dh_group_id 0x%x "
+ "public_key_id 0x%x",
+ req->op_code, req->flags, req->mac_id, req->dh_group_id,
+ req->public_key_id);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: received payload",
+ pos, len - EAP_PAX_ICV_LEN);
+
+ if (data->state != PAX_INIT && data->mac_id != req->mac_id) {
+ wpa_printf(MSG_INFO, "EAP-PAX: MAC ID changed during "
+ "authentication (was 0x%d, is 0x%d)",
+ data->mac_id, req->mac_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state != PAX_INIT && data->dh_group_id != req->dh_group_id) {
+ wpa_printf(MSG_INFO, "EAP-PAX: DH Group ID changed during "
+ "authentication (was 0x%d, is 0x%d)",
+ data->dh_group_id, req->dh_group_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state != PAX_INIT &&
+ data->public_key_id != req->public_key_id) {
+ wpa_printf(MSG_INFO, "EAP-PAX: Public Key ID changed during "
+ "authentication (was 0x%d, is 0x%d)",
+ data->public_key_id, req->public_key_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ /* TODO: add support EAP_PAX_HMAC_SHA256_128 */
+ if (req->mac_id != EAP_PAX_MAC_HMAC_SHA1_128) {
+ wpa_printf(MSG_INFO, "EAP-PAX: Unsupported MAC ID 0x%x",
+ req->mac_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (req->dh_group_id != EAP_PAX_DH_GROUP_NONE) {
+ wpa_printf(MSG_INFO, "EAP-PAX: Unsupported DH Group ID 0x%x",
+ req->dh_group_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (req->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) {
+ wpa_printf(MSG_INFO, "EAP-PAX: Unsupported Public Key ID 0x%x",
+ req->public_key_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (req->flags & EAP_PAX_FLAGS_MF) {
+ /* TODO: add support for reassembling fragments */
+ wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported - "
+ "ignored packet");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ icv = pos + len - EAP_PAX_ICV_LEN;
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN);
+ if (req->op_code == EAP_PAX_OP_STD_1) {
+ eap_pax_mac(req->mac_id, (u8 *) "", 0,
+ reqData, flen, NULL, 0, NULL, 0, icvbuf);
+ } else {
+ eap_pax_mac(req->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ reqData, flen, NULL, 0, NULL, 0, icvbuf);
+ }
+ if (os_memcmp(icv, icvbuf, EAP_PAX_ICV_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "EAP-PAX: invalid ICV - ignoring the "
+ "message");
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected ICV",
+ icvbuf, EAP_PAX_ICV_LEN);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ switch (req->op_code) {
+ case EAP_PAX_OP_STD_1:
+ resp = eap_pax_process_std_1(data, ret, reqData, flen,
+ respDataLen);
+ break;
+ case EAP_PAX_OP_STD_3:
+ resp = eap_pax_process_std_3(data, ret, reqData, flen,
+ respDataLen);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-PAX: ignoring message with unknown "
+ "op_code %d", req->op_code);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ }
+
+ return resp;
+}
+
+
+static Boolean eap_pax_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_pax_data *data = priv;
+ return data->state == PAX_DONE;
+}
+
+
+static u8 * eap_pax_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_pax_data *data = priv;
+ u8 *key;
+
+ if (data->state != PAX_DONE)
+ return NULL;
+
+ key = os_malloc(EAP_MSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_MSK_LEN;
+ eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
+ "Master Session Key", data->rand.e, 2 * EAP_PAX_RAND_LEN,
+ EAP_MSK_LEN, key);
+
+ return key;
+}
+
+
+static u8 * eap_pax_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_pax_data *data = priv;
+ u8 *key;
+
+ if (data->state != PAX_DONE)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
+ "Extended Master Session Key",
+ data->rand.e, 2 * EAP_PAX_RAND_LEN,
+ EAP_EMSK_LEN, key);
+
+ return key;
+}
+
+
+int eap_peer_pax_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_PAX, "PAX");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_pax_init;
+ eap->deinit = eap_pax_deinit;
+ eap->process = eap_pax_process;
+ eap->isKeyAvailable = eap_pax_isKeyAvailable;
+ eap->getKey = eap_pax_getKey;
+ eap->get_emsk = eap_pax_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-PAX shared routines
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "eap_pax_common.h"
+
+
+/**
+ * eap_pax_kdf - PAX Key Derivation Function
+ * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
+ * @key: Secret key (X)
+ * @key_len: Length of the secret key in bytes
+ * @identifier: Public identifier for the key (Y)
+ * @entropy: Exchanged entropy to seed the KDF (Z)
+ * @entropy_len: Length of the entropy in bytes
+ * @output_len: Output len in bytes (W)
+ * @output: Buffer for the derived key
+ * Returns: 0 on success, -1 failed
+ *
+ * RFC 4746, Section 2.6: PAX-KDF-W(X, Y, Z)
+ */
+int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
+ const char *identifier,
+ const u8 *entropy, size_t entropy_len,
+ size_t output_len, u8 *output)
+{
+ u8 mac[SHA1_MAC_LEN];
+ u8 counter, *pos;
+ const u8 *addr[3];
+ size_t len[3];
+ size_t num_blocks, left;
+
+ num_blocks = (output_len + EAP_PAX_MAC_LEN - 1) / EAP_PAX_MAC_LEN;
+ if (identifier == NULL || num_blocks >= 255)
+ return -1;
+
+ /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
+ if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
+ return -1;
+
+ addr[0] = (const u8 *) identifier;
+ len[0] = os_strlen(identifier);
+ addr[1] = entropy;
+ len[1] = entropy_len;
+ addr[2] = &counter;
+ len[2] = 1;
+
+ pos = output;
+ left = output_len;
+ for (counter = 1; counter <= (u8) num_blocks; counter++) {
+ size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
+ hmac_sha1_vector(key, key_len, 3, addr, len, mac);
+ os_memcpy(pos, mac, clen);
+ pos += clen;
+ left -= clen;
+ }
+
+ return 0;
+}
+
+
+/**
+ * eap_pax_mac - EAP-PAX MAC
+ * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
+ * @key: Secret key
+ * @key_len: Length of the secret key in bytes
+ * @data1: Optional data, first block; %NULL if not used
+ * @data1_len: Length of data1 in bytes
+ * @data2: Optional data, second block; %NULL if not used
+ * @data2_len: Length of data2 in bytes
+ * @data3: Optional data, third block; %NULL if not used
+ * @data3_len: Length of data3 in bytes
+ * @mac: Buffer for the MAC value (EAP_PAX_MAC_LEN = 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Wrapper function to calculate EAP-PAX MAC.
+ */
+int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
+ const u8 *data1, size_t data1_len,
+ const u8 *data2, size_t data2_len,
+ const u8 *data3, size_t data3_len,
+ u8 *mac)
+{
+ u8 hash[SHA1_MAC_LEN];
+ const u8 *addr[3];
+ size_t len[3];
+ size_t count;
+
+ /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
+ if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
+ return -1;
+
+ addr[0] = data1;
+ len[0] = data1_len;
+ addr[1] = data2;
+ len[1] = data2_len;
+ addr[2] = data3;
+ len[2] = data3_len;
+
+ count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
+ hmac_sha1_vector(key, key_len, count, addr, len, hash);
+ os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
+
+ return 0;
+}
+
+
+/**
+ * eap_pax_initial_key_derivation - EAP-PAX initial key derivation
+ * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
+ * @ak: Authentication Key
+ * @e: Entropy
+ * @mk: Buffer for the derived Master Key
+ * @ck: Buffer for the derived Confirmation Key
+ * @ick: Buffer for the derived Integrity Check Key
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
+ u8 *mk, u8 *ck, u8 *ick)
+{
+ wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation");
+ if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key",
+ e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MK_LEN, mk) ||
+ eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key",
+ e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) ||
+ eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key",
+ e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick))
+ return -1;
+
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN);
+
+ return 0;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-PAX shared routines
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_PAX_COMMON_H
+#define EAP_PAX_COMMON_H
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_pax_hdr {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PAX */
+ u8 op_code;
+ u8 flags;
+ u8 mac_id;
+ u8 dh_group_id;
+ u8 public_key_id;
+ /* Followed by variable length payload and ICV */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+/* op_code: */
+enum {
+ EAP_PAX_OP_STD_1 = 0x01,
+ EAP_PAX_OP_STD_2 = 0x02,
+ EAP_PAX_OP_STD_3 = 0x03,
+ EAP_PAX_OP_SEC_1 = 0x11,
+ EAP_PAX_OP_SEC_2 = 0x12,
+ EAP_PAX_OP_SEC_3 = 0x13,
+ EAP_PAX_OP_SEC_4 = 0x14,
+ EAP_PAX_OP_SEC_5 = 0x15,
+ EAP_PAX_OP_ACK = 0x21
+};
+
+/* flags: */
+#define EAP_PAX_FLAGS_MF 0x01
+#define EAP_PAX_FLAGS_CE 0x02
+#define EAP_PAX_FLAGS_AI 0x04
+
+/* mac_id: */
+#define EAP_PAX_MAC_HMAC_SHA1_128 0x01
+#define EAP_PAX_HMAC_SHA256_128 0x02
+
+/* dh_group_id: */
+#define EAP_PAX_DH_GROUP_NONE 0x00
+#define EAP_PAX_DH_GROUP_2048_MODP 0x01
+#define EAP_PAX_DH_GROUP_3072_MODP 0x02
+#define EAP_PAX_DH_GROUP_NIST_ECC_P_256 0x03
+
+/* public_key_id: */
+#define EAP_PAX_PUBLIC_KEY_NONE 0x00
+#define EAP_PAX_PUBLIC_KEY_RSAES_OAEP 0x01
+#define EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5 0x02
+#define EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC 0x03
+
+/* ADE type: */
+#define EAP_PAX_ADE_VENDOR_SPECIFIC 0x01
+#define EAP_PAX_ADE_CLIENT_CHANNEL_BINDING 0x02
+#define EAP_PAX_ADE_SERVER_CHANNEL_BINDING 0x03
+
+
+#define EAP_PAX_RAND_LEN 32
+#define EAP_PAX_MAC_LEN 16
+#define EAP_PAX_ICV_LEN 16
+#define EAP_PAX_AK_LEN 16
+#define EAP_PAX_MK_LEN 16
+#define EAP_PAX_CK_LEN 16
+#define EAP_PAX_ICK_LEN 16
+
+
+int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
+ const char *identifier,
+ const u8 *entropy, size_t entropy_len,
+ size_t output_len, u8 *output);
+int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
+ const u8 *data1, size_t data1_len,
+ const u8 *data2, size_t data2_len,
+ const u8 *data3, size_t data3_len,
+ u8 *mac);
+int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
+ u8 *mk, u8 *ck, u8 *ick);
+
+#endif /* EAP_PAX_COMMON_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-07.txt)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tls_common.h"
+#include "config_ssid.h"
+#include "tls.h"
+#include "eap_tlv.h"
+
+
+/* Maximum supported PEAP version
+ * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
+ * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
+ * 2 = draft-josefsson-ppext-eap-tls-eap-07.txt
+ */
+#define EAP_PEAP_VERSION 1
+
+
+static void eap_peap_deinit(struct eap_sm *sm, void *priv);
+
+
+struct eap_peap_data {
+ struct eap_ssl_data ssl;
+
+ int peap_version, force_peap_version, force_new_label;
+
+ const struct eap_method *phase2_method;
+ void *phase2_priv;
+ int phase2_success;
+ int phase2_eap_success;
+ int phase2_eap_started;
+
+ struct eap_method_type phase2_type;
+ struct eap_method_type *phase2_types;
+ size_t num_phase2_types;
+
+ int peap_outer_success; /* 0 = PEAP terminated on Phase 2 inner
+ * EAP-Success
+ * 1 = reply with tunneled EAP-Success to inner
+ * EAP-Success and expect AS to send outer
+ * (unencrypted) EAP-Success after this
+ * 2 = reply with PEAP/TLS ACK to inner
+ * EAP-Success and expect AS to send outer
+ * (unencrypted) EAP-Success after this */
+ int resuming; /* starting a resumed session */
+ u8 *key_data;
+
+ u8 *pending_phase2_req;
+ size_t pending_phase2_req_len;
+};
+
+
+static void * eap_peap_init(struct eap_sm *sm)
+{
+ struct eap_peap_data *data;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ sm->peap_done = FALSE;
+ data->peap_version = EAP_PEAP_VERSION;
+ data->force_peap_version = -1;
+ data->peap_outer_success = 2;
+
+ if (config && config->phase1) {
+ char *pos = os_strstr(config->phase1, "peapver=");
+ if (pos) {
+ data->force_peap_version = atoi(pos + 8);
+ data->peap_version = data->force_peap_version;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Forced PEAP version "
+ "%d", data->force_peap_version);
+ }
+
+ if (os_strstr(config->phase1, "peaplabel=1")) {
+ data->force_new_label = 1;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Force new label for "
+ "key derivation");
+ }
+
+ if (os_strstr(config->phase1, "peap_outer_success=0")) {
+ data->peap_outer_success = 0;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: terminate "
+ "authentication on tunneled EAP-Success");
+ } else if (os_strstr(config->phase1, "peap_outer_success=1")) {
+ data->peap_outer_success = 1;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: send tunneled "
+ "EAP-Success after receiving tunneled "
+ "EAP-Success");
+ } else if (os_strstr(config->phase1, "peap_outer_success=2")) {
+ data->peap_outer_success = 2;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: send PEAP/TLS ACK "
+ "after receiving tunneled EAP-Success");
+ }
+ }
+
+ if (config && config->phase2) {
+ char *start, *pos, *buf;
+ struct eap_method_type *methods = NULL, *_methods;
+ u8 method;
+ size_t num_methods = 0;
+ start = buf = os_strdup(config->phase2);
+ if (buf == NULL) {
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+ while (start && *start != '\0') {
+ int vendor;
+ pos = os_strstr(start, "auth=");
+ if (pos == NULL)
+ break;
+ if (start != pos && *(pos - 1) != ' ') {
+ start = pos + 5;
+ continue;
+ }
+
+ start = pos + 5;
+ pos = os_strchr(start, ' ');
+ if (pos)
+ *pos++ = '\0';
+ method = eap_get_phase2_type(start, &vendor);
+ if (vendor == EAP_VENDOR_IETF &&
+ method == EAP_TYPE_NONE) {
+ wpa_printf(MSG_ERROR, "EAP-PEAP: Unsupported "
+ "Phase2 method '%s'", start);
+ } else {
+ num_methods++;
+ _methods = os_realloc(
+ methods,
+ num_methods * sizeof(*methods));
+ if (_methods == NULL) {
+ os_free(methods);
+ os_free(buf);
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+ methods = _methods;
+ methods[num_methods - 1].vendor = vendor;
+ methods[num_methods - 1].method = method;
+ }
+
+ start = pos;
+ }
+ os_free(buf);
+ data->phase2_types = methods;
+ data->num_phase2_types = num_methods;
+ }
+ if (data->phase2_types == NULL) {
+ data->phase2_types =
+ eap_get_phase2_types(config, &data->num_phase2_types);
+ }
+ if (data->phase2_types == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-PEAP: No Phase2 method available");
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Phase2 EAP types",
+ (u8 *) data->phase2_types,
+ data->num_phase2_types * sizeof(struct eap_method_type));
+ data->phase2_type.vendor = EAP_VENDOR_IETF;
+ data->phase2_type.method = EAP_TYPE_NONE;
+
+ if (eap_tls_ssl_init(sm, &data->ssl, config)) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
+ eap_peap_deinit(sm, data);
+ return NULL;
+ }
+
+ return data;
+}
+
+
+static void eap_peap_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_peap_data *data = priv;
+ if (data == NULL)
+ return;
+ if (data->phase2_priv && data->phase2_method)
+ data->phase2_method->deinit(sm, data->phase2_priv);
+ os_free(data->phase2_types);
+ eap_tls_ssl_deinit(sm, &data->ssl);
+ os_free(data->key_data);
+ os_free(data->pending_phase2_req);
+ os_free(data);
+}
+
+
+static int eap_peap_encrypt(struct eap_sm *sm, struct eap_peap_data *data,
+ int id, const u8 *plain, size_t plain_len,
+ u8 **out_data, size_t *out_len)
+{
+ int res;
+ u8 *pos;
+ struct eap_hdr *resp;
+
+ /* TODO: add support for fragmentation, if needed. This will need to
+ * add TLS Message Length field, if the frame is fragmented.
+ * Note: Microsoft IAS did not seem to like TLS Message Length with
+ * PEAP/MSCHAPv2. */
+ resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
+ if (resp == NULL)
+ return -1;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_PEAP;
+ *pos++ = data->peap_version;
+
+ res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
+ plain, plain_len,
+ pos, data->ssl.tls_out_limit);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt Phase 2 "
+ "data");
+ os_free(resp);
+ return -1;
+ }
+
+ *out_len = sizeof(struct eap_hdr) + 2 + res;
+ resp->length = host_to_be16(*out_len);
+ *out_data = (u8 *) resp;
+ return 0;
+}
+
+
+static int eap_peap_phase2_nak(struct eap_peap_data *data, struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ struct eap_hdr *resp_hdr;
+ u8 *pos = (u8 *) (hdr + 1);
+ size_t i;
+
+ /* TODO: add support for expanded Nak */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: Nak type=%d", *pos);
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Allowed Phase2 EAP types",
+ (u8 *) data->phase2_types,
+ data->num_phase2_types * sizeof(struct eap_method_type));
+ *resp_len = sizeof(struct eap_hdr) + 1;
+ *resp = os_malloc(*resp_len + data->num_phase2_types);
+ if (*resp == NULL)
+ return -1;
+
+ resp_hdr = (struct eap_hdr *) (*resp);
+ resp_hdr->code = EAP_CODE_RESPONSE;
+ resp_hdr->identifier = hdr->identifier;
+ pos = (u8 *) (resp_hdr + 1);
+ *pos++ = EAP_TYPE_NAK;
+ for (i = 0; i < data->num_phase2_types; i++) {
+ if (data->phase2_types[i].vendor == EAP_VENDOR_IETF &&
+ data->phase2_types[i].method < 256) {
+ (*resp_len)++;
+ *pos++ = data->phase2_types[i].method;
+ }
+ }
+ resp_hdr->length = host_to_be16(*resp_len);
+
+ return 0;
+}
+
+
+static int eap_peap_phase2_request(struct eap_sm *sm,
+ struct eap_peap_data *data,
+ struct eap_method_ret *ret,
+ struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ size_t len = be_to_host16(hdr->length);
+ u8 *pos;
+ struct eap_method_ret iret;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ if (len <= sizeof(struct eap_hdr)) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: too short "
+ "Phase 2 request (len=%lu)", (unsigned long) len);
+ return -1;
+ }
+ pos = (u8 *) (hdr + 1);
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: type=%d", *pos);
+ switch (*pos) {
+ case EAP_TYPE_IDENTITY:
+ *resp = eap_sm_buildIdentity(sm, hdr->identifier, resp_len, 1);
+ break;
+ case EAP_TYPE_TLV:
+ os_memset(&iret, 0, sizeof(iret));
+ if (eap_tlv_process(sm, &iret, hdr, resp, resp_len,
+ data->phase2_eap_started &&
+ !data->phase2_eap_success)) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return -1;
+ }
+ if (iret.methodState == METHOD_DONE ||
+ iret.methodState == METHOD_MAY_CONT) {
+ ret->methodState = iret.methodState;
+ ret->decision = iret.decision;
+ data->phase2_success = 1;
+ }
+ break;
+ default:
+ if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
+ data->phase2_type.method == EAP_TYPE_NONE) {
+ size_t i;
+ for (i = 0; i < data->num_phase2_types; i++) {
+ if (data->phase2_types[i].vendor !=
+ EAP_VENDOR_IETF ||
+ data->phase2_types[i].method != *pos)
+ continue;
+
+ data->phase2_type.vendor =
+ data->phase2_types[i].vendor;
+ data->phase2_type.method =
+ data->phase2_types[i].method;
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Selected "
+ "Phase 2 EAP vendor %d method %d",
+ data->phase2_type.vendor,
+ data->phase2_type.method);
+ break;
+ }
+ }
+ if (*pos != data->phase2_type.method ||
+ *pos == EAP_TYPE_NONE) {
+ if (eap_peap_phase2_nak(data, hdr, resp, resp_len))
+ return -1;
+ return 0;
+ }
+
+ if (data->phase2_priv == NULL) {
+ data->phase2_method = eap_sm_get_eap_methods(
+ data->phase2_type.vendor,
+ data->phase2_type.method);
+ if (data->phase2_method) {
+ sm->init_phase2 = 1;
+ data->phase2_priv =
+ data->phase2_method->init(sm);
+ sm->init_phase2 = 0;
+ }
+ }
+ if (data->phase2_priv == NULL || data->phase2_method == NULL) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: failed to initialize "
+ "Phase 2 EAP method %d", *pos);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return -1;
+ }
+ data->phase2_eap_started = 1;
+ os_memset(&iret, 0, sizeof(iret));
+ *resp = data->phase2_method->process(sm, data->phase2_priv,
+ &iret, (u8 *) hdr, len,
+ resp_len);
+ if ((iret.methodState == METHOD_DONE ||
+ iret.methodState == METHOD_MAY_CONT) &&
+ (iret.decision == DECISION_UNCOND_SUCC ||
+ iret.decision == DECISION_COND_SUCC)) {
+ data->phase2_eap_success = 1;
+ data->phase2_success = 1;
+ }
+ break;
+ }
+
+ if (*resp == NULL &&
+ (config->pending_req_identity || config->pending_req_password ||
+ config->pending_req_otp || config->pending_req_new_password)) {
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = os_malloc(len);
+ if (data->pending_phase2_req) {
+ os_memcpy(data->pending_phase2_req, hdr, len);
+ data->pending_phase2_req_len = len;
+ }
+ }
+
+ return 0;
+}
+
+
+static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_hdr *req,
+ const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len)
+{
+ u8 *in_decrypted;
+ int res, skip_change = 0;
+ struct eap_hdr *hdr, *rhdr;
+ u8 *resp = NULL;
+ size_t resp_len, len_decrypted, len, buf_len;
+ const u8 *msg;
+ size_t msg_len;
+ int need_more_input;
+
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
+ " Phase 2", (unsigned long) in_len);
+
+ if (data->pending_phase2_req) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
+ "skip decryption and use old data");
+ /* Clear TLS reassembly state. */
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ data->ssl.tls_in_left = 0;
+ data->ssl.tls_in_total = 0;
+ in_decrypted = data->pending_phase2_req;
+ data->pending_phase2_req = NULL;
+ len_decrypted = data->pending_phase2_req_len;
+ skip_change = 1;
+ goto continue_req;
+ }
+
+ msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,
+ &msg_len, &need_more_input);
+ if (msg == NULL)
+ return need_more_input ? 1 : -1;
+
+ if (in_len == 0 && sm->workaround && data->phase2_success) {
+ /*
+ * Cisco ACS seems to be using TLS ACK to terminate
+ * EAP-PEAPv0/GTC. Try to reply with TLS ACK.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Received TLS ACK, but "
+ "expected data - acknowledge with TLS ACK since "
+ "Phase 2 has been completed");
+ ret->decision = DECISION_COND_SUCC;
+ ret->methodState = METHOD_DONE;
+ return 1;
+ }
+
+ buf_len = in_len;
+ if (data->ssl.tls_in_total > buf_len)
+ buf_len = data->ssl.tls_in_total;
+ in_decrypted = os_malloc(buf_len);
+ if (in_decrypted == NULL) {
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ wpa_printf(MSG_WARNING, "EAP-PEAP: failed to allocate memory "
+ "for decryption");
+ return -1;
+ }
+
+ res = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
+ msg, msg_len, in_decrypted, buf_len);
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 "
+ "data");
+ os_free(in_decrypted);
+ return 0;
+ }
+ len_decrypted = res;
+
+continue_req:
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP", in_decrypted,
+ len_decrypted);
+
+ hdr = (struct eap_hdr *) in_decrypted;
+ if (len_decrypted == 5 && hdr->code == EAP_CODE_REQUEST &&
+ be_to_host16(hdr->length) == 5 &&
+ in_decrypted[4] == EAP_TYPE_IDENTITY) {
+ /* At least FreeRADIUS seems to send full EAP header with
+ * EAP Request Identity */
+ skip_change = 1;
+ }
+ if (len_decrypted >= 5 && hdr->code == EAP_CODE_REQUEST &&
+ in_decrypted[4] == EAP_TYPE_TLV) {
+ skip_change = 1;
+ }
+
+ if (data->peap_version == 0 && !skip_change) {
+ struct eap_hdr *nhdr = os_malloc(sizeof(struct eap_hdr) +
+ len_decrypted);
+ if (nhdr == NULL) {
+ os_free(in_decrypted);
+ return 0;
+ }
+ os_memcpy((u8 *) (nhdr + 1), in_decrypted, len_decrypted);
+ os_free(in_decrypted);
+ nhdr->code = req->code;
+ nhdr->identifier = req->identifier;
+ nhdr->length = host_to_be16(sizeof(struct eap_hdr) +
+ len_decrypted);
+
+ len_decrypted += sizeof(struct eap_hdr);
+ in_decrypted = (u8 *) nhdr;
+ }
+ hdr = (struct eap_hdr *) in_decrypted;
+ if (len_decrypted < sizeof(*hdr)) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
+ "EAP frame (len=%lu)",
+ (unsigned long) len_decrypted);
+ return 0;
+ }
+ len = be_to_host16(hdr->length);
+ if (len > len_decrypted) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in "
+ "Phase 2 EAP frame (len=%lu hdr->length=%lu)",
+ (unsigned long) len_decrypted, (unsigned long) len);
+ return 0;
+ }
+ if (len < len_decrypted) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: Odd.. Phase 2 EAP header has "
+ "shorter length than full decrypted data "
+ "(%lu < %lu)",
+ (unsigned long) len, (unsigned long) len_decrypted);
+ if (sm->workaround && len == 4 && len_decrypted == 5 &&
+ in_decrypted[4] == EAP_TYPE_IDENTITY) {
+ /* Radiator 3.9 seems to set Phase 2 EAP header to use
+ * incorrect length for the EAP-Request Identity
+ * packet, so fix the inner header to interoperate..
+ * This was fixed in 2004-06-23 patch for Radiator and
+ * this workaround can be removed at some point. */
+ wpa_printf(MSG_INFO, "EAP-PEAP: workaround -> replace "
+ "Phase 2 EAP header len (%lu) with real "
+ "decrypted len (%lu)",
+ (unsigned long) len,
+ (unsigned long) len_decrypted);
+ len = len_decrypted;
+ hdr->length = host_to_be16(len);
+ }
+ }
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d "
+ "identifier=%d length=%lu", hdr->code, hdr->identifier,
+ (unsigned long) len);
+ switch (hdr->code) {
+ case EAP_CODE_REQUEST:
+ if (eap_peap_phase2_request(sm, data, ret, hdr,
+ &resp, &resp_len)) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_INFO, "EAP-PEAP: Phase2 Request "
+ "processing failed");
+ return 0;
+ }
+ break;
+ case EAP_CODE_SUCCESS:
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
+ if (data->peap_version == 1) {
+ /* EAP-Success within TLS tunnel is used to indicate
+ * shutdown of the TLS channel. The authentication has
+ * been completed. */
+ if (data->phase2_eap_started &&
+ !data->phase2_eap_success) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ "Success used to indicate success, "
+ "but Phase 2 EAP was not yet "
+ "completed successfully");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ os_free(in_decrypted);
+ return 0;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
+ "EAP-Success within TLS tunnel - "
+ "authentication completed");
+ ret->decision = DECISION_UNCOND_SUCC;
+ ret->methodState = METHOD_DONE;
+ data->phase2_success = 1;
+ if (data->peap_outer_success == 2) {
+ os_free(in_decrypted);
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Use TLS ACK "
+ "to finish authentication");
+ return 1;
+ } else if (data->peap_outer_success == 1) {
+ /* Reply with EAP-Success within the TLS
+ * channel to complete the authentication. */
+ resp_len = sizeof(struct eap_hdr);
+ resp = os_zalloc(resp_len);
+ if (resp) {
+ rhdr = (struct eap_hdr *) resp;
+ rhdr->code = EAP_CODE_SUCCESS;
+ rhdr->identifier = hdr->identifier;
+ rhdr->length = host_to_be16(resp_len);
+ }
+ } else {
+ /* No EAP-Success expected for Phase 1 (outer,
+ * unencrypted auth), so force EAP state
+ * machine to SUCCESS state. */
+ sm->peap_done = TRUE;
+ }
+ } else {
+ /* FIX: ? */
+ }
+ break;
+ case EAP_CODE_FAILURE:
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure");
+ ret->decision = DECISION_FAIL;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->allowNotifications = FALSE;
+ /* Reply with EAP-Failure within the TLS channel to complete
+ * failure reporting. */
+ resp_len = sizeof(struct eap_hdr);
+ resp = os_zalloc(resp_len);
+ if (resp) {
+ rhdr = (struct eap_hdr *) resp;
+ rhdr->code = EAP_CODE_FAILURE;
+ rhdr->identifier = hdr->identifier;
+ rhdr->length = host_to_be16(resp_len);
+ }
+ break;
+ default:
+ wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in "
+ "Phase 2 EAP header", hdr->code);
+ break;
+ }
+
+ os_free(in_decrypted);
+
+ if (resp) {
+ u8 *resp_pos;
+ size_t resp_send_len;
+ int skip_change2 = 0;
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data",
+ resp, resp_len);
+ /* PEAP version changes */
+ if (resp_len >= 5 && resp[0] == EAP_CODE_RESPONSE &&
+ resp[4] == EAP_TYPE_TLV)
+ skip_change2 = 1;
+ if (data->peap_version == 0 && !skip_change2) {
+ resp_pos = resp + sizeof(struct eap_hdr);
+ resp_send_len = resp_len - sizeof(struct eap_hdr);
+ } else {
+ resp_pos = resp;
+ resp_send_len = resp_len;
+ }
+
+ if (eap_peap_encrypt(sm, data, req->identifier,
+ resp_pos, resp_send_len,
+ out_data, out_len)) {
+ wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt "
+ "a Phase 2 frame");
+ }
+ os_free(resp);
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_peap_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ size_t left;
+ int res;
+ u8 flags, *resp, id;
+ const u8 *pos;
+ struct eap_peap_data *data = priv;
+
+ pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
+ reqData, reqDataLen, &left, &flags);
+ if (pos == NULL)
+ return NULL;
+ req = (const struct eap_hdr *) reqData;
+ id = req->identifier;
+
+ if (flags & EAP_TLS_FLAGS_START) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own "
+ "ver=%d)", flags & EAP_PEAP_VERSION_MASK,
+ data->peap_version);
+ if ((flags & EAP_PEAP_VERSION_MASK) < data->peap_version)
+ data->peap_version = flags & EAP_PEAP_VERSION_MASK;
+ if (data->force_peap_version >= 0 &&
+ data->force_peap_version != data->peap_version) {
+ wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select "
+ "forced PEAP version %d",
+ data->force_peap_version);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Using PEAP version %d",
+ data->peap_version);
+ left = 0; /* make sure that this frame is empty, even though it
+ * should always be, anyway */
+ }
+
+ resp = NULL;
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+ !data->resuming) {
+ res = eap_peap_decrypt(sm, data, ret, req, pos, left,
+ &resp, respDataLen);
+ } else {
+ res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_PEAP,
+ data->peap_version, id, pos, left,
+ &resp, respDataLen);
+
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+ char *label;
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: TLS done, proceed to Phase 2");
+ os_free(data->key_data);
+ /* draft-josefsson-ppext-eap-tls-eap-05.txt
+ * specifies that PEAPv1 would use "client PEAP
+ * encryption" as the label. However, most existing
+ * PEAPv1 implementations seem to be using the old
+ * label, "client EAP encryption", instead. Use the old
+ * label by default, but allow it to be configured with
+ * phase1 parameter peaplabel=1. */
+ if (data->peap_version > 1 || data->force_new_label)
+ label = "client PEAP encryption";
+ else
+ label = "client EAP encryption";
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
+ "key derivation", label);
+ data->key_data =
+ eap_tls_derive_key(sm, &data->ssl, label,
+ EAP_TLS_KEY_LEN);
+ if (data->key_data) {
+ wpa_hexdump_key(MSG_DEBUG,
+ "EAP-PEAP: Derived key",
+ data->key_data,
+ EAP_TLS_KEY_LEN);
+ } else {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
+ "derive key");
+ }
+
+ if (sm->workaround && data->resuming) {
+ /*
+ * At least few RADIUS servers (Aegis v1.1.6;
+ * but not v1.1.4; and Cisco ACS) seem to be
+ * terminating PEAPv1 (Aegis) or PEAPv0 (Cisco
+ * ACS) session resumption with outer
+ * EAP-Success. This does not seem to follow
+ * draft-josefsson-pppext-eap-tls-eap-05.txt
+ * section 4.2, so only allow this if EAP
+ * workarounds are enabled.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
+ "allow outer EAP-Success to "
+ "terminate PEAP resumption");
+ ret->decision = DECISION_COND_SUCC;
+ data->phase2_success = 1;
+ }
+
+ data->resuming = 0;
+ }
+
+ if (res == 2) {
+ /*
+ * Application data included in the handshake message.
+ */
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = resp;
+ data->pending_phase2_req_len = *respDataLen;
+ resp = NULL;
+ *respDataLen = 0;
+ res = eap_peap_decrypt(sm, data, ret, req, pos, left,
+ &resp, respDataLen);
+ }
+ }
+
+ if (ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ }
+
+ if (res == 1) {
+ return eap_tls_build_ack(&data->ssl, respDataLen, id,
+ EAP_TYPE_PEAP, data->peap_version);
+ }
+
+ return resp;
+}
+
+
+static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_peap_data *data = priv;
+ return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+ data->phase2_success;
+}
+
+
+static void eap_peap_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_peap_data *data = priv;
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = NULL;
+}
+
+
+static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_peap_data *data = priv;
+ os_free(data->key_data);
+ data->key_data = NULL;
+ if (eap_tls_reauth_init(sm, &data->ssl)) {
+ os_free(data);
+ return NULL;
+ }
+ if (data->phase2_priv && data->phase2_method &&
+ data->phase2_method->init_for_reauth)
+ data->phase2_method->init_for_reauth(sm, data->phase2_priv);
+ data->phase2_success = 0;
+ data->phase2_eap_success = 0;
+ data->phase2_eap_started = 0;
+ data->resuming = 1;
+ sm->peap_done = FALSE;
+ return priv;
+}
+
+
+static int eap_peap_get_status(struct eap_sm *sm, void *priv, char *buf,
+ size_t buflen, int verbose)
+{
+ struct eap_peap_data *data = priv;
+ int len, ret;
+
+ len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
+ if (data->phase2_method) {
+ ret = os_snprintf(buf + len, buflen - len,
+ "EAP-PEAPv%d Phase2 method=%s\n",
+ data->peap_version,
+ data->phase2_method->name);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ }
+ return len;
+}
+
+
+static Boolean eap_peap_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_peap_data *data = priv;
+ return data->key_data != NULL && data->phase2_success;
+}
+
+
+static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_peap_data *data = priv;
+ u8 *key;
+
+ if (data->key_data == NULL || !data->phase2_success)
+ return NULL;
+
+ key = os_malloc(EAP_TLS_KEY_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_TLS_KEY_LEN;
+ os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
+
+ return key;
+}
+
+
+int eap_peer_peap_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_peap_init;
+ eap->deinit = eap_peap_deinit;
+ eap->process = eap_peap_process;
+ eap->isKeyAvailable = eap_peap_isKeyAvailable;
+ eap->getKey = eap_peap_getKey;
+ eap->get_status = eap_peap_get_status;
+ eap->has_reauth_data = eap_peap_has_reauth_data;
+ eap->deinit_for_reauth = eap_peap_deinit_for_reauth;
+ eap->init_for_reauth = eap_peap_init_for_reauth;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-PSK (RFC 4764)
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * Note: EAP-PSK is an EAP authentication method and as such, completely
+ * different from WPA-PSK. This file is not needed for WPA-PSK functionality.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "md5.h"
+#include "aes_wrap.h"
+#include "eap_psk_common.h"
+
+
+struct eap_psk_data {
+ enum { PSK_INIT, PSK_MAC_SENT, PSK_DONE } state;
+ u8 rand_p[EAP_PSK_RAND_LEN];
+ u8 ak[EAP_PSK_AK_LEN], kdk[EAP_PSK_KDK_LEN], tek[EAP_PSK_TEK_LEN];
+ u8 *id_s, *id_p;
+ size_t id_s_len, id_p_len;
+ u8 msk[EAP_MSK_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+};
+
+
+static void * eap_psk_init(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_psk_data *data;
+
+ if (config == NULL || !config->eappsk) {
+ wpa_printf(MSG_INFO, "EAP-PSK: pre-shared key not configured");
+ return NULL;
+ }
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ eap_psk_key_setup(config->eappsk, data->ak, data->kdk);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: AK", data->ak, EAP_PSK_AK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: KDK", data->kdk, EAP_PSK_KDK_LEN);
+ data->state = PSK_INIT;
+
+ if (config->nai) {
+ data->id_p = os_malloc(config->nai_len);
+ if (data->id_p)
+ os_memcpy(data->id_p, config->nai, config->nai_len);
+ data->id_p_len = config->nai_len;
+ }
+ if (data->id_p == NULL) {
+ wpa_printf(MSG_INFO, "EAP-PSK: could not get own identity");
+ os_free(data);
+ return NULL;
+ }
+
+ return data;
+}
+
+
+static void eap_psk_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_psk_data *data = priv;
+ os_free(data->id_s);
+ os_free(data->id_p);
+ os_free(data);
+}
+
+
+static u8 * eap_psk_process_1(struct eap_psk_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_psk_hdr_1 *hdr1;
+ struct eap_psk_hdr_2 *hdr2;
+ u8 *resp, *buf, *pos;
+ size_t buflen;
+
+ wpa_printf(MSG_DEBUG, "EAP-PSK: in INIT state");
+
+ hdr1 = (const struct eap_psk_hdr_1 *) reqData;
+ if (reqDataLen < sizeof(*hdr1) ||
+ be_to_host16(hdr1->length) < sizeof(*hdr1) ||
+ be_to_host16(hdr1->length) > reqDataLen) {
+ wpa_printf(MSG_INFO, "EAP-PSK: Invalid first message "
+ "length (%lu %d; expected %lu or more)",
+ (unsigned long) reqDataLen,
+ be_to_host16(hdr1->length),
+ (unsigned long) sizeof(*hdr1));
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-PSK: Flags=0x%x", hdr1->flags);
+ if (EAP_PSK_FLAGS_GET_T(hdr1->flags) != 0) {
+ wpa_printf(MSG_INFO, "EAP-PSK: Unexpected T=%d (expected 0)",
+ EAP_PSK_FLAGS_GET_T(hdr1->flags));
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: RAND_S", hdr1->rand_s,
+ EAP_PSK_RAND_LEN);
+ os_free(data->id_s);
+ data->id_s_len = be_to_host16(hdr1->length) - sizeof(*hdr1);
+ data->id_s = os_malloc(data->id_s_len);
+ if (data->id_s == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-PSK: Failed to allocate memory for "
+ "ID_S (len=%lu)", (unsigned long) data->id_s_len);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ os_memcpy(data->id_s, (u8 *) (hdr1 + 1), data->id_s_len);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S",
+ data->id_s, data->id_s_len);
+
+ if (hostapd_get_rand(data->rand_p, EAP_PSK_RAND_LEN)) {
+ wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ *respDataLen = sizeof(*hdr2) + data->id_p_len;
+ resp = os_malloc(*respDataLen);
+ if (resp == NULL)
+ return NULL;
+ hdr2 = (struct eap_psk_hdr_2 *) resp;
+ hdr2->code = EAP_CODE_RESPONSE;
+ hdr2->identifier = hdr1->identifier;
+ hdr2->length = host_to_be16(*respDataLen);
+ hdr2->type = EAP_TYPE_PSK;
+ hdr2->flags = EAP_PSK_FLAGS_SET_T(1); /* T=1 */
+ os_memcpy(hdr2->rand_s, hdr1->rand_s, EAP_PSK_RAND_LEN);
+ os_memcpy(hdr2->rand_p, data->rand_p, EAP_PSK_RAND_LEN);
+ os_memcpy((u8 *) (hdr2 + 1), data->id_p, data->id_p_len);
+ /* MAC_P = OMAC1-AES-128(AK, ID_P||ID_S||RAND_S||RAND_P) */
+ buflen = data->id_p_len + data->id_s_len + 2 * EAP_PSK_RAND_LEN;
+ buf = os_malloc(buflen);
+ if (buf == NULL) {
+ os_free(resp);
+ return NULL;
+ }
+ os_memcpy(buf, data->id_p, data->id_p_len);
+ pos = buf + data->id_p_len;
+ os_memcpy(pos, data->id_s, data->id_s_len);
+ pos += data->id_s_len;
+ os_memcpy(pos, hdr1->rand_s, EAP_PSK_RAND_LEN);
+ pos += EAP_PSK_RAND_LEN;
+ os_memcpy(pos, data->rand_p, EAP_PSK_RAND_LEN);
+ omac1_aes_128(data->ak, buf, buflen, hdr2->mac_p);
+ os_free(buf);
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: RAND_P", hdr2->rand_p,
+ EAP_PSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: MAC_P", hdr2->mac_p, EAP_PSK_MAC_LEN);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_P",
+ (u8 *) (hdr2 + 1), data->id_p_len);
+
+ data->state = PSK_MAC_SENT;
+
+ return resp;
+}
+
+
+static u8 * eap_psk_process_3(struct eap_psk_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_psk_hdr_3 *hdr3;
+ struct eap_psk_hdr_4 *hdr4;
+ u8 *resp, *buf, *rpchannel, nonce[16], *decrypted;
+ const u8 *pchannel, *tag, *msg;
+ u8 mac[EAP_PSK_MAC_LEN];
+ size_t buflen, left, data_len;
+ int failed = 0;
+
+ wpa_printf(MSG_DEBUG, "EAP-PSK: in MAC_SENT state");
+
+ hdr3 = (const struct eap_psk_hdr_3 *) reqData;
+ left = be_to_host16(hdr3->length);
+ if (left < sizeof(*hdr3) || reqDataLen < left) {
+ wpa_printf(MSG_INFO, "EAP-PSK: Invalid third message "
+ "length (%lu %d; expected %lu)",
+ (unsigned long) reqDataLen,
+ be_to_host16(hdr3->length),
+ (unsigned long) sizeof(*hdr3));
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ left -= sizeof(*hdr3);
+ pchannel = (const u8 *) (hdr3 + 1);
+ wpa_printf(MSG_DEBUG, "EAP-PSK: Flags=0x%x", hdr3->flags);
+ if (EAP_PSK_FLAGS_GET_T(hdr3->flags) != 2) {
+ wpa_printf(MSG_INFO, "EAP-PSK: Unexpected T=%d (expected 2)",
+ EAP_PSK_FLAGS_GET_T(hdr3->flags));
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: RAND_S", hdr3->rand_s,
+ EAP_PSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: MAC_S", hdr3->mac_s, EAP_PSK_MAC_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: PCHANNEL", pchannel, left);
+
+ if (left < 4 + 16 + 1) {
+ wpa_printf(MSG_INFO, "EAP-PSK: Too short PCHANNEL data in "
+ "third message (len=%lu, expected 21)",
+ (unsigned long) left);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ /* MAC_S = OMAC1-AES-128(AK, ID_S||RAND_P) */
+ buflen = data->id_s_len + EAP_PSK_RAND_LEN;
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return NULL;
+ os_memcpy(buf, data->id_s, data->id_s_len);
+ os_memcpy(buf + data->id_s_len, data->rand_p, EAP_PSK_RAND_LEN);
+ omac1_aes_128(data->ak, buf, buflen, mac);
+ os_free(buf);
+ if (os_memcmp(mac, hdr3->mac_s, EAP_PSK_MAC_LEN) != 0) {
+ wpa_printf(MSG_WARNING, "EAP-PSK: Invalid MAC_S in third "
+ "message");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-PSK: MAC_S verified successfully");
+
+ eap_psk_derive_keys(data->kdk, data->rand_p, data->tek,
+ data->msk, data->emsk);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: TEK", data->tek, EAP_PSK_TEK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: MSK", data->msk, EAP_MSK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: EMSK", data->emsk, EAP_EMSK_LEN);
+
+ os_memset(nonce, 0, 12);
+ os_memcpy(nonce + 12, pchannel, 4);
+ pchannel += 4;
+ left -= 4;
+
+ tag = pchannel;
+ pchannel += 16;
+ left -= 16;
+
+ msg = pchannel;
+
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: PCHANNEL - nonce",
+ nonce, sizeof(nonce));
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: PCHANNEL - hdr", reqData, 5);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: PCHANNEL - cipher msg", msg, left);
+
+ decrypted = os_malloc(left);
+ if (decrypted == NULL) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return NULL;
+ }
+ os_memcpy(decrypted, msg, left);
+
+ if (aes_128_eax_decrypt(data->tek, nonce, sizeof(nonce),
+ reqData, 22, decrypted, left, tag)) {
+ wpa_printf(MSG_WARNING, "EAP-PSK: PCHANNEL decryption failed");
+ os_free(decrypted);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: Decrypted PCHANNEL message",
+ decrypted, left);
+
+ /* Verify R flag */
+ switch (decrypted[0] >> 6) {
+ case EAP_PSK_R_FLAG_CONT:
+ wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - CONT - unsupported");
+ failed = 1;
+ break;
+ case EAP_PSK_R_FLAG_DONE_SUCCESS:
+ wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - DONE_SUCCESS");
+ break;
+ case EAP_PSK_R_FLAG_DONE_FAILURE:
+ wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - DONE_FAILURE");
+ wpa_printf(MSG_INFO, "EAP-PSK: Authentication server rejected "
+ "authentication");
+ failed = 1;
+ break;
+ }
+
+ *respDataLen = sizeof(*hdr4) + 4 + 16 + 1;
+ resp = os_malloc(*respDataLen + 1);
+ if (resp == NULL) {
+ os_free(decrypted);
+ return NULL;
+ }
+ hdr4 = (struct eap_psk_hdr_4 *) resp;
+ hdr4->code = EAP_CODE_RESPONSE;
+ hdr4->identifier = hdr3->identifier;
+ hdr4->length = host_to_be16(*respDataLen);
+ hdr4->type = EAP_TYPE_PSK;
+ hdr4->flags = EAP_PSK_FLAGS_SET_T(3); /* T=3 */
+ os_memcpy(hdr4->rand_s, hdr3->rand_s, EAP_PSK_RAND_LEN);
+ rpchannel = (u8 *) (hdr4 + 1);
+
+ /* nonce++ */
+ inc_byte_array(nonce, sizeof(nonce));
+ os_memcpy(rpchannel, nonce + 12, 4);
+
+ data_len = 1;
+ if (decrypted[0] & EAP_PSK_E_FLAG) {
+ wpa_printf(MSG_DEBUG, "EAP-PSK: Unsupported E (Ext) flag");
+ failed = 1;
+ rpchannel[4 + 16] = (EAP_PSK_R_FLAG_DONE_FAILURE << 6) |
+ EAP_PSK_E_FLAG;
+ if (left > 1) {
+ /* Add empty EXT_Payload with same EXT_Type */
+ (*respDataLen)++;
+ hdr4->length = host_to_be16(*respDataLen);
+ rpchannel[4 + 16 + 1] = decrypted[1];
+ data_len++;
+ }
+ } else if (failed)
+ rpchannel[4 + 16] = EAP_PSK_R_FLAG_DONE_FAILURE << 6;
+ else
+ rpchannel[4 + 16] = EAP_PSK_R_FLAG_DONE_SUCCESS << 6;
+
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: reply message (plaintext)",
+ rpchannel + 4 + 16, data_len);
+ aes_128_eax_encrypt(data->tek, nonce, sizeof(nonce), resp, 22,
+ rpchannel + 4 + 16, data_len, rpchannel + 4);
+ wpa_hexdump(MSG_DEBUG, "EAP-PSK: reply message (PCHANNEL)",
+ rpchannel, 4 + 16 + data_len);
+
+ wpa_printf(MSG_DEBUG, "EAP-PSK: Completed %ssuccessfully",
+ failed ? "un" : "");
+ data->state = PSK_DONE;
+ ret->methodState = METHOD_DONE;
+ ret->decision = failed ? DECISION_FAIL : DECISION_UNCOND_SUCC;
+
+ os_free(decrypted);
+
+ return resp;
+}
+
+
+static u8 * eap_psk_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_psk_data *data = priv;
+ const u8 *pos;
+ u8 *resp = NULL;
+ size_t len;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PSK,
+ reqData, reqDataLen, &len);
+ if (pos == NULL) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ len += sizeof(struct eap_hdr) + 1;
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ switch (data->state) {
+ case PSK_INIT:
+ resp = eap_psk_process_1(data, ret, reqData, len,
+ respDataLen);
+ break;
+ case PSK_MAC_SENT:
+ resp = eap_psk_process_3(data, ret, reqData, len,
+ respDataLen);
+ break;
+ case PSK_DONE:
+ wpa_printf(MSG_DEBUG, "EAP-PSK: in DONE state - ignore "
+ "unexpected message");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ }
+
+ return resp;
+}
+
+
+static Boolean eap_psk_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_psk_data *data = priv;
+ return data->state == PSK_DONE;
+}
+
+
+static u8 * eap_psk_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_psk_data *data = priv;
+ u8 *key;
+
+ if (data->state != PSK_DONE)
+ return NULL;
+
+ key = os_malloc(EAP_MSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_MSK_LEN;
+ os_memcpy(key, data->msk, EAP_MSK_LEN);
+
+ return key;
+}
+
+
+static u8 * eap_psk_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_psk_data *data = priv;
+ u8 *key;
+
+ if (data->state != PSK_DONE)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+
+ return key;
+}
+
+
+int eap_peer_psk_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_PSK, "PSK");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_psk_init;
+ eap->deinit = eap_psk_deinit;
+ eap->process = eap_psk_process;
+ eap->isKeyAvailable = eap_psk_isKeyAvailable;
+ eap->getKey = eap_psk_getKey;
+ eap->get_emsk = eap_psk_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-PSK shared routines
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "aes_wrap.h"
+#include "eap_defs.h"
+#include "eap_psk_common.h"
+
+#define aes_block_size 16
+
+
+void eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk)
+{
+ os_memset(ak, 0, aes_block_size);
+ aes_128_encrypt_block(psk, ak, ak);
+ os_memcpy(kdk, ak, aes_block_size);
+ ak[aes_block_size - 1] ^= 0x01;
+ kdk[aes_block_size - 1] ^= 0x02;
+ aes_128_encrypt_block(psk, ak, ak);
+ aes_128_encrypt_block(psk, kdk, kdk);
+}
+
+
+void eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk,
+ u8 *emsk)
+{
+ u8 hash[aes_block_size];
+ u8 counter = 1;
+ int i;
+
+ aes_128_encrypt_block(kdk, rand_p, hash);
+
+ hash[aes_block_size - 1] ^= counter;
+ aes_128_encrypt_block(kdk, hash, tek);
+ hash[aes_block_size - 1] ^= counter;
+ counter++;
+
+ for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) {
+ hash[aes_block_size - 1] ^= counter;
+ aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size]);
+ hash[aes_block_size - 1] ^= counter;
+ counter++;
+ }
+
+ for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) {
+ hash[aes_block_size - 1] ^= counter;
+ aes_128_encrypt_block(kdk, hash, &emsk[i * aes_block_size]);
+ hash[aes_block_size - 1] ^= counter;
+ counter++;
+ }
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-PSK shared routines
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_PSK_COMMON_H
+#define EAP_PSK_COMMON_H
+
+
+#define EAP_PSK_RAND_LEN 16
+#define EAP_PSK_MAC_LEN 16
+#define EAP_PSK_TEK_LEN 16
+#define EAP_PSK_PSK_LEN 16
+#define EAP_PSK_AK_LEN 16
+#define EAP_PSK_KDK_LEN 16
+
+#define EAP_PSK_R_FLAG_CONT 1
+#define EAP_PSK_R_FLAG_DONE_SUCCESS 2
+#define EAP_PSK_R_FLAG_DONE_FAILURE 3
+#define EAP_PSK_E_FLAG 0x20
+
+#define EAP_PSK_FLAGS_GET_T(flags) (((flags) & 0xc0) >> 6)
+#define EAP_PSK_FLAGS_SET_T(t) ((u8) (t) << 6)
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+/* Shared prefix for all EAP-PSK frames */
+struct eap_psk_hdr {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PSK */
+ u8 flags;
+} STRUCT_PACKED;
+
+/* EAP-PSK First Message (AS -> Supplicant) */
+struct eap_psk_hdr_1 {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PSK */
+ u8 flags;
+ u8 rand_s[EAP_PSK_RAND_LEN];
+ /* Followed by variable length ID_S */
+} STRUCT_PACKED;
+
+/* EAP-PSK Second Message (Supplicant -> AS) */
+struct eap_psk_hdr_2 {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PSK */
+ u8 flags;
+ u8 rand_s[EAP_PSK_RAND_LEN];
+ u8 rand_p[EAP_PSK_RAND_LEN];
+ u8 mac_p[EAP_PSK_MAC_LEN];
+ /* Followed by variable length ID_P */
+} STRUCT_PACKED;
+
+/* EAP-PSK Third Message (AS -> Supplicant) */
+struct eap_psk_hdr_3 {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PSK */
+ u8 flags;
+ u8 rand_s[EAP_PSK_RAND_LEN];
+ u8 mac_s[EAP_PSK_MAC_LEN];
+ /* Followed by variable length PCHANNEL */
+} STRUCT_PACKED;
+
+/* EAP-PSK Fourth Message (Supplicant -> AS) */
+struct eap_psk_hdr_4 {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including code, identifier, and length */
+ u8 type; /* EAP_TYPE_PSK */
+ u8 flags;
+ u8 rand_s[EAP_PSK_RAND_LEN];
+ /* Followed by variable length PCHANNEL */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+void eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk);
+void eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk,
+ u8 *emsk);
+
+#endif /* EAP_PSK_COMMON_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-SAKE (RFC 4763)
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "eap_sake_common.h"
+
+struct eap_sake_data {
+ enum { IDENTITY, CHALLENGE, CONFIRM, SUCCESS, FAILURE } state;
+ u8 root_secret_a[EAP_SAKE_ROOT_SECRET_LEN];
+ u8 root_secret_b[EAP_SAKE_ROOT_SECRET_LEN];
+ u8 rand_s[EAP_SAKE_RAND_LEN];
+ u8 rand_p[EAP_SAKE_RAND_LEN];
+ struct {
+ u8 auth[EAP_SAKE_TEK_AUTH_LEN];
+ u8 cipher[EAP_SAKE_TEK_CIPHER_LEN];
+ } tek;
+ u8 msk[EAP_MSK_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+ u8 session_id;
+ int session_id_set;
+ u8 *peerid;
+ size_t peerid_len;
+ u8 *serverid;
+ size_t serverid_len;
+};
+
+
+static const char * eap_sake_state_txt(int state)
+{
+ switch (state) {
+ case IDENTITY:
+ return "IDENTITY";
+ case CHALLENGE:
+ return "CHALLENGE";
+ case CONFIRM:
+ return "CONFIRM";
+ case SUCCESS:
+ return "SUCCESS";
+ case FAILURE:
+ return "FAILURE";
+ default:
+ return "?";
+ }
+}
+
+
+static void eap_sake_state(struct eap_sake_data *data, int state)
+{
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: %s -> %s",
+ eap_sake_state_txt(data->state),
+ eap_sake_state_txt(state));
+ data->state = state;
+}
+
+
+static void eap_sake_deinit(struct eap_sm *sm, void *priv);
+
+
+static void * eap_sake_init(struct eap_sm *sm)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ struct eap_sake_data *data;
+
+ if (config == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: No configuration found");
+ return NULL;
+ }
+
+ if (!config->eappsk ||
+ config->eappsk_len != 2 * EAP_SAKE_ROOT_SECRET_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: No key (eappsk) of correct "
+ "length configured");
+ return NULL;
+ }
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->state = IDENTITY;
+
+ if (config->nai) {
+ data->peerid = os_malloc(config->nai_len);
+ if (data->peerid == NULL) {
+ eap_sake_deinit(sm, data);
+ return NULL;
+ }
+ os_memcpy(data->peerid, config->nai, config->nai_len);
+ data->peerid_len = config->nai_len;
+ }
+
+ os_memcpy(data->root_secret_a, config->eappsk,
+ EAP_SAKE_ROOT_SECRET_LEN);
+ os_memcpy(data->root_secret_b,
+ config->eappsk + EAP_SAKE_ROOT_SECRET_LEN,
+ EAP_SAKE_ROOT_SECRET_LEN);
+
+ return data;
+}
+
+
+static void eap_sake_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_sake_data *data = priv;
+ os_free(data->serverid);
+ os_free(data->peerid);
+ os_free(data);
+}
+
+
+static u8 * eap_sake_build_msg(struct eap_sake_data *data, u8 **payload,
+ int id, size_t *length, u8 subtype)
+{
+ struct eap_sake_hdr *req;
+ u8 *msg;
+
+ *length += sizeof(struct eap_sake_hdr);
+
+ msg = os_zalloc(*length);
+ if (msg == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to allocate memory "
+ "request");
+ return NULL;
+ }
+
+ req = (struct eap_sake_hdr *) msg;
+ req->code = EAP_CODE_RESPONSE;
+ req->identifier = id;
+ req->length = htons((u16) *length);
+ req->type = EAP_TYPE_SAKE;
+ req->version = EAP_SAKE_VERSION;
+ req->session_id = data->session_id;
+ req->subtype = subtype;
+ *payload = (u8 *) (req + 1);
+
+ return msg;
+}
+
+
+static u8 * eap_sake_process_identity(struct eap_sm *sm,
+ struct eap_sake_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ const u8 *payload, size_t payload_len,
+ size_t *respDataLen)
+{
+ struct eap_sake_parse_attr attr;
+ u8 *resp, *rpos;
+ const struct eap_hdr *hdr = (const struct eap_hdr *) reqData;
+
+ if (data->state != IDENTITY) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Identity");
+
+ if (eap_sake_parse_attributes(payload, payload_len, &attr))
+ return NULL;
+
+ if (!attr.perm_id_req && !attr.any_id_req) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: No AT_PERM_ID_REQ or "
+ "AT_ANY_ID_REQ in Request/Identity");
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity");
+
+ *respDataLen = 2 + data->peerid_len;
+ resp = eap_sake_build_msg(data, &rpos, hdr->identifier, respDataLen,
+ EAP_SAKE_SUBTYPE_IDENTITY);
+ if (resp == NULL)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
+ *rpos++ = EAP_SAKE_AT_PEERID;
+ *rpos++ = 2 + data->peerid_len;
+ if (data->peerid)
+ os_memcpy(rpos, data->peerid, data->peerid_len);
+
+ eap_sake_state(data, CHALLENGE);
+
+ return resp;
+}
+
+
+static u8 * eap_sake_process_challenge(struct eap_sm *sm,
+ struct eap_sake_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ const u8 *payload, size_t payload_len,
+ size_t *respDataLen)
+{
+ struct eap_sake_parse_attr attr;
+ u8 *resp, *rpos;
+ const struct eap_hdr *hdr = (const struct eap_hdr *) reqData;
+
+ if (data->state != IDENTITY && data->state != CHALLENGE) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge received "
+ "in unexpected state (%d)", data->state);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ if (data->state == IDENTITY)
+ eap_sake_state(data, CHALLENGE);
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Challenge");
+
+ if (eap_sake_parse_attributes(payload, payload_len, &attr))
+ return NULL;
+
+ if (!attr.rand_s) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Request/Challenge did not "
+ "include AT_RAND_S");
+ return NULL;
+ }
+
+ os_memcpy(data->rand_s, attr.rand_s, EAP_SAKE_RAND_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
+ data->rand_s, EAP_SAKE_RAND_LEN);
+
+ if (hostapd_get_rand(data->rand_p, EAP_SAKE_RAND_LEN)) {
+ wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
+ return NULL;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_P (peer rand)",
+ data->rand_p, EAP_SAKE_RAND_LEN);
+
+ os_free(data->serverid);
+ data->serverid = NULL;
+ data->serverid_len = 0;
+ if (attr.serverid) {
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-SAKE: SERVERID",
+ attr.serverid, attr.serverid_len);
+ data->serverid = os_malloc(attr.serverid_len);
+ if (data->serverid == NULL)
+ return NULL;
+ os_memcpy(data->serverid, attr.serverid, attr.serverid_len);
+ data->serverid_len = attr.serverid_len;
+ }
+
+ eap_sake_derive_keys(data->root_secret_a, data->root_secret_b,
+ data->rand_s, data->rand_p,
+ (u8 *) &data->tek, data->msk, data->emsk);
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Challenge");
+
+ *respDataLen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN;
+ if (data->peerid)
+ *respDataLen += 2 + data->peerid_len;
+ resp = eap_sake_build_msg(data, &rpos, hdr->identifier, respDataLen,
+ EAP_SAKE_SUBTYPE_CHALLENGE);
+ if (resp == NULL)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_P");
+ *rpos++ = EAP_SAKE_AT_RAND_P;
+ *rpos++ = 2 + EAP_SAKE_RAND_LEN;
+ os_memcpy(rpos, data->rand_p, EAP_SAKE_RAND_LEN);
+ rpos += EAP_SAKE_RAND_LEN;
+
+ if (data->peerid) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
+ *rpos++ = EAP_SAKE_AT_PEERID;
+ *rpos++ = 2 + data->peerid_len;
+ os_memcpy(rpos, data->peerid, data->peerid_len);
+ rpos += data->peerid_len;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P");
+ *rpos++ = EAP_SAKE_AT_MIC_P;
+ *rpos++ = 2 + EAP_SAKE_MIC_LEN;
+ if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+ data->serverid, data->serverid_len,
+ data->peerid, data->peerid_len, 1,
+ resp, *respDataLen, rpos, rpos)) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
+ os_free(resp);
+ return NULL;
+ }
+
+ eap_sake_state(data, CONFIRM);
+
+ return resp;
+}
+
+
+static u8 * eap_sake_process_confirm(struct eap_sm *sm,
+ struct eap_sake_data *data,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ const u8 *payload, size_t payload_len,
+ size_t *respDataLen)
+{
+ struct eap_sake_parse_attr attr;
+ u8 mic_s[EAP_SAKE_MIC_LEN];
+ u8 *resp, *rpos;
+ const struct eap_hdr *hdr = (const struct eap_hdr *) reqData;
+
+ if (data->state != CONFIRM) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Confirm");
+
+ if (eap_sake_parse_attributes(payload, payload_len, &attr))
+ return NULL;
+
+ if (!attr.mic_s) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Request/Confirm did not "
+ "include AT_MIC_S");
+ return NULL;
+ }
+
+ eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+ data->serverid, data->serverid_len,
+ data->peerid, data->peerid_len, 0,
+ reqData, reqDataLen, attr.mic_s, mic_s);
+ if (os_memcmp(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S");
+ eap_sake_state(data, FAILURE);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+ *respDataLen = 0;
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending "
+ "Response/Auth-Reject");
+ return eap_sake_build_msg(data, &rpos, hdr->identifier,
+ respDataLen,
+ EAP_SAKE_SUBTYPE_AUTH_REJECT);
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Confirm");
+
+ *respDataLen = 2 + EAP_SAKE_MIC_LEN;
+ resp = eap_sake_build_msg(data, &rpos, hdr->identifier, respDataLen,
+ EAP_SAKE_SUBTYPE_CONFIRM);
+ if (resp == NULL)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P");
+ *rpos++ = EAP_SAKE_AT_MIC_P;
+ *rpos++ = 2 + EAP_SAKE_MIC_LEN;
+ if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+ data->serverid, data->serverid_len,
+ data->peerid, data->peerid_len, 1,
+ resp, *respDataLen, rpos, rpos)) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
+ os_free(resp);
+ return NULL;
+ }
+
+ eap_sake_state(data, SUCCESS);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ ret->allowNotifications = FALSE;
+
+ return resp;
+}
+
+
+static u8 * eap_sake_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_sake_data *data = priv;
+ const struct eap_sake_hdr *req;
+ u8 *resp;
+ const u8 *pos, *end;
+ size_t len;
+ u8 subtype, session_id;
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < 3) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ req = (const struct eap_sake_hdr *) reqData;
+ subtype = req->subtype;
+ session_id = req->session_id;
+ pos = (const u8 *) (req + 1);
+ end = reqData + be_to_host16(req->length);
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype %d "
+ "session_id %d", subtype, session_id);
+ wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Received attributes",
+ pos, end - pos);
+
+ if (data->session_id_set && data->session_id != session_id) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)",
+ session_id, data->session_id);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ data->session_id = session_id;
+ data->session_id_set = 1;
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ switch (subtype) {
+ case EAP_SAKE_SUBTYPE_IDENTITY:
+ resp = eap_sake_process_identity(sm, data, ret, reqData,
+ reqDataLen, pos, end - pos,
+ respDataLen);
+ break;
+ case EAP_SAKE_SUBTYPE_CHALLENGE:
+ resp = eap_sake_process_challenge(sm, data, ret, reqData,
+ reqDataLen, pos, end - pos,
+ respDataLen);
+ break;
+ case EAP_SAKE_SUBTYPE_CONFIRM:
+ resp = eap_sake_process_confirm(sm, data, ret, reqData,
+ reqDataLen, pos, end - pos,
+ respDataLen);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring message with "
+ "unknown subtype %d", subtype);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (ret->methodState == METHOD_DONE)
+ ret->allowNotifications = FALSE;
+
+ return resp;
+}
+
+
+static Boolean eap_sake_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_sake_data *data = priv;
+ return data->state == SUCCESS;
+}
+
+
+static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_sake_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_MSK_LEN);
+ if (key == NULL)
+ return NULL;
+ os_memcpy(key, data->msk, EAP_MSK_LEN);
+ *len = EAP_MSK_LEN;
+
+ return key;
+}
+
+
+static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_sake_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+ *len = EAP_EMSK_LEN;
+
+ return key;
+}
+
+
+int eap_peer_sake_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_SAKE, "SAKE");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_sake_init;
+ eap->deinit = eap_sake_deinit;
+ eap->process = eap_sake_process;
+ eap->isKeyAvailable = eap_sake_isKeyAvailable;
+ eap->getKey = eap_sake_getKey;
+ eap->get_emsk = eap_sake_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-SAKE shared routines
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "eap_defs.h"
+#include "eap_sake_common.h"
+
+
+static int eap_sake_parse_add_attr(struct eap_sake_parse_attr *attr,
+ const u8 *pos)
+{
+ size_t i;
+
+ switch (pos[0]) {
+ case EAP_SAKE_AT_RAND_S:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_S");
+ if (pos[1] != 2 + EAP_SAKE_RAND_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_S with "
+ "invalid length %d", pos[1]);
+ return -1;
+ }
+ attr->rand_s = pos + 2;
+ break;
+ case EAP_SAKE_AT_RAND_P:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_P");
+ if (pos[1] != 2 + EAP_SAKE_RAND_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_P with "
+ "invalid length %d", pos[1]);
+ return -1;
+ }
+ attr->rand_p = pos + 2;
+ break;
+ case EAP_SAKE_AT_MIC_S:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_S");
+ if (pos[1] != 2 + EAP_SAKE_MIC_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_S with "
+ "invalid length %d", pos[1]);
+ return -1;
+ }
+ attr->mic_s = pos + 2;
+ break;
+ case EAP_SAKE_AT_MIC_P:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_P");
+ if (pos[1] != 2 + EAP_SAKE_MIC_LEN) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_P with "
+ "invalid length %d", pos[1]);
+ return -1;
+ }
+ attr->mic_p = pos + 2;
+ break;
+ case EAP_SAKE_AT_SERVERID:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SERVERID");
+ attr->serverid = pos + 2;
+ attr->serverid_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_PEERID:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PEERID");
+ attr->peerid = pos + 2;
+ attr->peerid_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_SPI_S:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_S");
+ attr->spi_s = pos + 2;
+ attr->spi_s_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_SPI_P:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_P");
+ attr->spi_p = pos + 2;
+ attr->spi_p_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_ANY_ID_REQ:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ANY_ID_REQ");
+ if (pos[1] != 4) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid AT_ANY_ID_REQ"
+ " length %d", pos[1]);
+ return -1;
+ }
+ attr->any_id_req = pos + 2;
+ break;
+ case EAP_SAKE_AT_PERM_ID_REQ:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PERM_ID_REQ");
+ if (pos[1] != 4) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid "
+ "AT_PERM_ID_REQ length %d", pos[1]);
+ return -1;
+ }
+ attr->perm_id_req = pos + 2;
+ break;
+ case EAP_SAKE_AT_ENCR_DATA:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ENCR_DATA");
+ attr->encr_data = pos + 2;
+ attr->encr_data_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_IV:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV");
+ attr->iv = pos + 2;
+ attr->iv_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_PADDING:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PADDING");
+ for (i = 2; i < pos[1]; i++) {
+ if (pos[i]) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_PADDING "
+ "with non-zero pad byte");
+ return -1;
+ }
+ }
+ break;
+ case EAP_SAKE_AT_NEXT_TMPID:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_NEXT_TMPID");
+ attr->next_tmpid = pos + 2;
+ attr->next_tmpid_len = pos[1] - 2;
+ break;
+ case EAP_SAKE_AT_MSK_LIFE:
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV");
+ if (pos[1] != 6) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid "
+ "AT_MSK_LIFE length %d", pos[1]);
+ return -1;
+ }
+ attr->msk_life = pos + 2;
+ break;
+ default:
+ if (pos[0] < 128) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Unknown non-skippable"
+ " attribute %d", pos[0]);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring unknown skippable "
+ "attribute %d", pos[0]);
+ break;
+ }
+
+ if (attr->iv && !attr->encr_data) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_IV included without "
+ "AT_ENCR_DATA");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * eap_sake_parse_attributes - Parse EAP-SAKE attributes
+ * @buf: Packet payload (starting with the first attribute)
+ * @len: Payload length
+ * @attr: Structure to be filled with found attributes
+ * Returns: 0 on success or -1 on failure
+ */
+int eap_sake_parse_attributes(const u8 *buf, size_t len,
+ struct eap_sake_parse_attr *attr)
+{
+ const u8 *pos = buf, *end = buf + len;
+
+ os_memset(attr, 0, sizeof(*attr));
+ while (pos < end) {
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Too short attribute");
+ return -1;
+ }
+
+ if (pos[1] < 2) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid attribute "
+ "length (%d)", pos[1]);
+ return -1;
+ }
+
+ if (pos + pos[1] > end) {
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Attribute underflow");
+ return -1;
+ }
+
+ if (eap_sake_parse_add_attr(attr, pos))
+ return -1;
+
+ pos += pos[1];
+ }
+
+ return 0;
+}
+
+
+/**
+ * eap_sake_kdf - EAP-SAKE Key Derivation Function (KDF)
+ * @key: Key for KDF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the KDF
+ * @data: Extra data (start) to bind into the key
+ * @data_len: Length of the data
+ * @data2: Extra data (end) to bind into the key
+ * @data2_len: Length of the data2
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key (e.g., SMS). This is identical to the PRF used in IEEE 802.11i.
+ */
+static void eap_sake_kdf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len,
+ const u8 *data2, size_t data2_len,
+ u8 *buf, size_t buf_len)
+{
+ u8 counter = 0;
+ size_t pos, plen;
+ u8 hash[SHA1_MAC_LEN];
+ size_t label_len = os_strlen(label) + 1;
+ const unsigned char *addr[4];
+ size_t len[4];
+
+ addr[0] = (u8 *) label; /* Label | Y */
+ len[0] = label_len;
+ addr[1] = data; /* Msg[start] */
+ len[1] = data_len;
+ addr[2] = data2; /* Msg[end] */
+ len[2] = data2_len;
+ addr[3] = &counter; /* Length */
+ len[3] = 1;
+
+ pos = 0;
+ while (pos < buf_len) {
+ plen = buf_len - pos;
+ if (plen >= SHA1_MAC_LEN) {
+ hmac_sha1_vector(key, key_len, 4, addr, len,
+ &buf[pos]);
+ pos += SHA1_MAC_LEN;
+ } else {
+ hmac_sha1_vector(key, key_len, 4, addr, len,
+ hash);
+ os_memcpy(&buf[pos], hash, plen);
+ break;
+ }
+ counter++;
+ }
+}
+
+
+/**
+ * eap_sake_derive_keys - Derive EAP-SAKE keys
+ * @root_secret_a: 16-byte Root-Secret-A
+ * @root_secret_b: 16-byte Root-Secret-B
+ * @rand_s: 16-byte RAND_S
+ * @rand_p: 16-byte RAND_P
+ * @tek: Buffer for Temporary EAK Keys (TEK-Auth[16] | TEK-Cipher[16])
+ * @msk: Buffer for 64-byte MSK
+ * @emsk: Buffer for 64-byte EMSK
+ *
+ * This function derives EAP-SAKE keys as defined in RFC 4763, section 3.2.6.
+ */
+void eap_sake_derive_keys(const u8 *root_secret_a, const u8 *root_secret_b,
+ const u8 *rand_s, const u8 *rand_p, u8 *tek, u8 *msk,
+ u8 *emsk)
+{
+ u8 sms_a[EAP_SAKE_SMS_LEN];
+ u8 sms_b[EAP_SAKE_SMS_LEN];
+ u8 key_buf[EAP_MSK_LEN + EAP_EMSK_LEN];
+
+ wpa_printf(MSG_DEBUG, "EAP-SAKE: Deriving keys");
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: Root-Secret-A",
+ root_secret_a, EAP_SAKE_ROOT_SECRET_LEN);
+ eap_sake_kdf(root_secret_a, EAP_SAKE_ROOT_SECRET_LEN,
+ "SAKE Master Secret A",
+ rand_p, EAP_SAKE_RAND_LEN, rand_s, EAP_SAKE_RAND_LEN,
+ sms_a, EAP_SAKE_SMS_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: SMS-A", sms_a, EAP_SAKE_SMS_LEN);
+ eap_sake_kdf(sms_a, EAP_SAKE_SMS_LEN, "Transient EAP Key",
+ rand_s, EAP_SAKE_RAND_LEN, rand_p, EAP_SAKE_RAND_LEN,
+ tek, EAP_SAKE_TEK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: TEK-Auth",
+ tek, EAP_SAKE_TEK_AUTH_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: TEK-Cipher",
+ tek + EAP_SAKE_TEK_AUTH_LEN, EAP_SAKE_TEK_CIPHER_LEN);
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: Root-Secret-B",
+ root_secret_b, EAP_SAKE_ROOT_SECRET_LEN);
+ eap_sake_kdf(root_secret_b, EAP_SAKE_ROOT_SECRET_LEN,
+ "SAKE Master Secret B",
+ rand_p, EAP_SAKE_RAND_LEN, rand_s, EAP_SAKE_RAND_LEN,
+ sms_b, EAP_SAKE_SMS_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: SMS-B", sms_b, EAP_SAKE_SMS_LEN);
+ eap_sake_kdf(sms_b, EAP_SAKE_SMS_LEN, "Master Session Key",
+ rand_s, EAP_SAKE_RAND_LEN, rand_p, EAP_SAKE_RAND_LEN,
+ key_buf, sizeof(key_buf));
+ os_memcpy(msk, key_buf, EAP_MSK_LEN);
+ os_memcpy(emsk, key_buf + EAP_MSK_LEN, EAP_EMSK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: MSK", msk, EAP_MSK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: EMSK", emsk, EAP_EMSK_LEN);
+}
+
+
+/**
+ * eap_sake_compute_mic - Compute EAP-SAKE MIC for an EAP packet
+ * @tek_auth: 16-byte TEK-Auth
+ * @rand_s: 16-byte RAND_S
+ * @rand_p: 16-byte RAND_P
+ * @serverid: SERVERID
+ * @serverid_len: SERVERID length
+ * @peerid: PEERID
+ * @peerid_len: PEERID length
+ * @peer: MIC calculation for 0 = Server, 1 = Peer message
+ * @eap: EAP packet
+ * @eap_len: EAP packet length
+ * @mic_pos: MIC position in the EAP packet (must be [eap .. eap + eap_len])
+ * @mic: Buffer for the computed 16-byte MIC
+ */
+int eap_sake_compute_mic(const u8 *tek_auth,
+ const u8 *rand_s, const u8 *rand_p,
+ const u8 *serverid, size_t serverid_len,
+ const u8 *peerid, size_t peerid_len,
+ int peer, const u8 *eap, size_t eap_len,
+ const u8 *mic_pos, u8 *mic)
+{
+ u8 _rand[2 * EAP_SAKE_RAND_LEN];
+ u8 *tmp, *pos;
+ size_t tmplen;
+
+ tmplen = serverid_len + 1 + peerid_len + 1 + eap_len;
+ tmp = os_malloc(tmplen);
+ if (tmp == NULL)
+ return -1;
+ pos = tmp;
+ if (peer) {
+ if (peerid) {
+ os_memcpy(pos, peerid, peerid_len);
+ pos += peerid_len;
+ }
+ *pos++ = 0x00;
+ if (serverid) {
+ os_memcpy(pos, serverid, serverid_len);
+ pos += serverid_len;
+ }
+ *pos++ = 0x00;
+
+ os_memcpy(_rand, rand_s, EAP_SAKE_RAND_LEN);
+ os_memcpy(_rand + EAP_SAKE_RAND_LEN, rand_p,
+ EAP_SAKE_RAND_LEN);
+ } else {
+ if (serverid) {
+ os_memcpy(pos, serverid, serverid_len);
+ pos += serverid_len;
+ }
+ *pos++ = 0x00;
+ if (peerid) {
+ os_memcpy(pos, peerid, peerid_len);
+ pos += peerid_len;
+ }
+ *pos++ = 0x00;
+
+ os_memcpy(_rand, rand_p, EAP_SAKE_RAND_LEN);
+ os_memcpy(_rand + EAP_SAKE_RAND_LEN, rand_s,
+ EAP_SAKE_RAND_LEN);
+ }
+
+ os_memcpy(pos, eap, eap_len);
+ os_memset(pos + (mic_pos - eap), 0, EAP_SAKE_MIC_LEN);
+
+ eap_sake_kdf(tek_auth, EAP_SAKE_TEK_AUTH_LEN,
+ peer ? "Peer MIC" : "Server MIC",
+ _rand, 2 * EAP_SAKE_RAND_LEN, tmp, tmplen,
+ mic, EAP_SAKE_MIC_LEN);
+
+ os_free(tmp);
+
+ return 0;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-SAKE shared routines
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_SAKE_COMMON_H
+#define EAP_SAKE_COMMON_H
+
+#define EAP_SAKE_VERSION 2
+
+#define EAP_SAKE_SUBTYPE_CHALLENGE 1
+#define EAP_SAKE_SUBTYPE_CONFIRM 2
+#define EAP_SAKE_SUBTYPE_AUTH_REJECT 3
+#define EAP_SAKE_SUBTYPE_IDENTITY 4
+
+#define EAP_SAKE_AT_RAND_S 1
+#define EAP_SAKE_AT_RAND_P 2
+#define EAP_SAKE_AT_MIC_S 3
+#define EAP_SAKE_AT_MIC_P 4
+#define EAP_SAKE_AT_SERVERID 5
+#define EAP_SAKE_AT_PEERID 6
+#define EAP_SAKE_AT_SPI_S 7
+#define EAP_SAKE_AT_SPI_P 8
+#define EAP_SAKE_AT_ANY_ID_REQ 9
+#define EAP_SAKE_AT_PERM_ID_REQ 10
+#define EAP_SAKE_AT_ENCR_DATA 128
+#define EAP_SAKE_AT_IV 129
+#define EAP_SAKE_AT_PADDING 130
+#define EAP_SAKE_AT_NEXT_TMPID 131
+#define EAP_SAKE_AT_MSK_LIFE 132
+
+#define EAP_SAKE_RAND_LEN 16
+#define EAP_SAKE_MIC_LEN 16
+#define EAP_SAKE_ROOT_SECRET_LEN 16
+#define EAP_SAKE_SMS_LEN 16
+#define EAP_SAKE_TEK_AUTH_LEN 16
+#define EAP_SAKE_TEK_CIPHER_LEN 16
+#define EAP_SAKE_TEK_LEN (EAP_SAKE_TEK_AUTH_LEN + EAP_SAKE_TEK_CIPHER_LEN)
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_sake_hdr {
+ u8 code;
+ u8 identifier;
+ u16 length;
+ u8 type; /* EAP_TYPE_SAKE */
+ u8 version; /* EAP_SAKE_VERSION */
+ u8 session_id;
+ u8 subtype;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+struct eap_sake_parse_attr {
+ const u8 *rand_s;
+ const u8 *rand_p;
+ const u8 *mic_s;
+ const u8 *mic_p;
+ const u8 *serverid;
+ size_t serverid_len;
+ const u8 *peerid;
+ size_t peerid_len;
+ const u8 *spi_s;
+ size_t spi_s_len;
+ const u8 *spi_p;
+ size_t spi_p_len;
+ const u8 *any_id_req;
+ const u8 *perm_id_req;
+ const u8 *encr_data;
+ size_t encr_data_len;
+ const u8 *iv;
+ size_t iv_len;
+ const u8 *next_tmpid;
+ size_t next_tmpid_len;
+ const u8 *msk_life;
+};
+
+int eap_sake_parse_attributes(const u8 *buf, size_t len,
+ struct eap_sake_parse_attr *attr);
+void eap_sake_derive_keys(const u8 *root_secret_a, const u8 *root_secret_b,
+ const u8 *rand_s, const u8 *rand_p,
+ u8 *tek, u8 *msk, u8 *emsk);
+int eap_sake_compute_mic(const u8 *tek_auth,
+ const u8 *rand_s, const u8 *rand_p,
+ const u8 *serverid, size_t serverid_len,
+ const u8 *peerid, size_t peerid_len,
+ int peer, const u8 *eap, size_t eap_len,
+ const u8 *mic_pos, u8 *mic);
+
+#endif /* EAP_SAKE_COMMON_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-SIM (RFC 4186)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "config_ssid.h"
+#include "crypto.h"
+#include "pcsc_funcs.h"
+#include "eap_sim_common.h"
+
+
+struct eap_sim_data {
+ u8 *ver_list;
+ size_t ver_list_len;
+ int selected_version;
+ size_t min_num_chal, num_chal;
+
+ u8 kc[3][EAP_SIM_KC_LEN];
+ u8 sres[3][EAP_SIM_SRES_LEN];
+ u8 nonce_mt[EAP_SIM_NONCE_MT_LEN], nonce_s[EAP_SIM_NONCE_S_LEN];
+ u8 mk[EAP_SIM_MK_LEN];
+ u8 k_aut[EAP_SIM_K_AUT_LEN];
+ u8 k_encr[EAP_SIM_K_ENCR_LEN];
+ u8 msk[EAP_SIM_KEYING_DATA_LEN];
+ u8 emsk[EAP_EMSK_LEN];
+ u8 rand[3][GSM_RAND_LEN];
+
+ int num_id_req, num_notification;
+ u8 *pseudonym;
+ size_t pseudonym_len;
+ u8 *reauth_id;
+ size_t reauth_id_len;
+ int reauth;
+ unsigned int counter, counter_too_small;
+ u8 *last_eap_identity;
+ size_t last_eap_identity_len;
+ enum { CONTINUE, SUCCESS, FAILURE } state;
+};
+
+
+static void * eap_sim_init(struct eap_sm *sm)
+{
+ struct eap_sim_data *data;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+
+ if (hostapd_get_rand(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
+ "for NONCE_MT");
+ os_free(data);
+ return NULL;
+ }
+
+ data->min_num_chal = 2;
+ if (config && config->phase1) {
+ char *pos = os_strstr(config->phase1, "sim_min_num_chal=");
+ if (pos) {
+ data->min_num_chal = atoi(pos + 17);
+ if (data->min_num_chal < 2 || data->min_num_chal > 3) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
+ "sim_min_num_chal configuration "
+ "(%lu, expected 2 or 3)",
+ (unsigned long) data->min_num_chal);
+ os_free(data);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Set minimum number of "
+ "challenges to %lu",
+ (unsigned long) data->min_num_chal);
+ }
+ }
+
+ data->state = CONTINUE;
+
+ return data;
+}
+
+
+static void eap_sim_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_sim_data *data = priv;
+ if (data) {
+ os_free(data->ver_list);
+ os_free(data->pseudonym);
+ os_free(data->reauth_id);
+ os_free(data->last_eap_identity);
+ os_free(data);
+ }
+}
+
+
+static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
+{
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
+#ifdef PCSC_FUNCS
+ if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
+ data->sres[0], data->kc[0]) ||
+ scard_gsm_auth(sm->scard_ctx, data->rand[1],
+ data->sres[1], data->kc[1]) ||
+ (data->num_chal > 2 &&
+ scard_gsm_auth(sm->scard_ctx, data->rand[2],
+ data->sres[2], data->kc[2]))) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could "
+ "not be completed");
+ return -1;
+ }
+#else /* PCSC_FUNCS */
+ /* These hardcoded Kc and SRES values are used for testing. RAND to
+ * KC/SREC mapping is very bogus as far as real authentication is
+ * concerned, but it is quite useful for cases where the AS is rotating
+ * the order of pre-configured values. */
+ {
+ size_t i;
+ for (i = 0; i < data->num_chal; i++) {
+ if (data->rand[i][0] == 0xaa) {
+ os_memcpy(data->kc[i],
+ "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
+ EAP_SIM_KC_LEN);
+ os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
+ EAP_SIM_SRES_LEN);
+ } else if (data->rand[i][0] == 0xbb) {
+ os_memcpy(data->kc[i],
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
+ EAP_SIM_KC_LEN);
+ os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
+ EAP_SIM_SRES_LEN);
+ } else {
+ os_memcpy(data->kc[i],
+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
+ EAP_SIM_KC_LEN);
+ os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
+ EAP_SIM_SRES_LEN);
+ }
+ }
+ }
+#endif /* PCSC_FUNCS */
+ return 0;
+}
+
+
+static int eap_sim_supported_ver(int version)
+{
+ return version == EAP_SIM_VERSION;
+}
+
+
+#define CLEAR_PSEUDONYM 0x01
+#define CLEAR_REAUTH_ID 0x02
+#define CLEAR_EAP_ID 0x04
+
+static void eap_sim_clear_identities(struct eap_sim_data *data, int id)
+{
+ wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old%s%s%s",
+ id & CLEAR_PSEUDONYM ? " pseudonym" : "",
+ id & CLEAR_REAUTH_ID ? " reauth_id" : "",
+ id & CLEAR_EAP_ID ? " eap_id" : "");
+ if (id & CLEAR_PSEUDONYM) {
+ os_free(data->pseudonym);
+ data->pseudonym = NULL;
+ data->pseudonym_len = 0;
+ }
+ if (id & CLEAR_REAUTH_ID) {
+ os_free(data->reauth_id);
+ data->reauth_id = NULL;
+ data->reauth_id_len = 0;
+ }
+ if (id & CLEAR_EAP_ID) {
+ os_free(data->last_eap_identity);
+ data->last_eap_identity = NULL;
+ data->last_eap_identity_len = 0;
+ }
+}
+
+
+static int eap_sim_learn_ids(struct eap_sim_data *data,
+ struct eap_sim_attrs *attr)
+{
+ if (attr->next_pseudonym) {
+ os_free(data->pseudonym);
+ data->pseudonym = os_malloc(attr->next_pseudonym_len);
+ if (data->pseudonym == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
+ "next pseudonym");
+ return -1;
+ }
+ os_memcpy(data->pseudonym, attr->next_pseudonym,
+ attr->next_pseudonym_len);
+ data->pseudonym_len = attr->next_pseudonym_len;
+ wpa_hexdump_ascii(MSG_DEBUG,
+ "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
+ data->pseudonym,
+ data->pseudonym_len);
+ }
+
+ if (attr->next_reauth_id) {
+ os_free(data->reauth_id);
+ data->reauth_id = os_malloc(attr->next_reauth_id_len);
+ if (data->reauth_id == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
+ "next reauth_id");
+ return -1;
+ }
+ os_memcpy(data->reauth_id, attr->next_reauth_id,
+ attr->next_reauth_id_len);
+ data->reauth_id_len = attr->next_reauth_id_len;
+ wpa_hexdump_ascii(MSG_DEBUG,
+ "EAP-SIM: (encr) AT_NEXT_REAUTH_ID",
+ data->reauth_id,
+ data->reauth_id_len);
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_sim_client_error(struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen, int err)
+{
+ struct eap_sim_msg *msg;
+
+ data->state = FAILURE;
+ data->num_id_req = 0;
+ data->num_notification = 0;
+
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CLIENT_ERROR);
+ eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_sim_response_start(struct eap_sm *sm,
+ struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ enum eap_sim_id_req id_req)
+{
+ const u8 *identity = NULL;
+ size_t identity_len = 0;
+ struct eap_sim_msg *msg;
+
+ data->reauth = 0;
+ if (id_req == ANY_ID && data->reauth_id) {
+ identity = data->reauth_id;
+ identity_len = data->reauth_id_len;
+ data->reauth = 1;
+ } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
+ data->pseudonym) {
+ identity = data->pseudonym;
+ identity_len = data->pseudonym_len;
+ eap_sim_clear_identities(data, CLEAR_REAUTH_ID);
+ } else if (id_req != NO_ID_REQ) {
+ identity = eap_get_config_identity(sm, &identity_len);
+ if (identity) {
+ eap_sim_clear_identities(data, CLEAR_PSEUDONYM |
+ CLEAR_REAUTH_ID);
+ }
+ }
+ if (id_req != NO_ID_REQ)
+ eap_sim_clear_identities(data, CLEAR_EAP_ID);
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
+ if (!data->reauth) {
+ wpa_hexdump(MSG_DEBUG, " AT_NONCE_MT",
+ data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
+ eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_MT, 0,
+ data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
+ wpa_printf(MSG_DEBUG, " AT_SELECTED_VERSION %d",
+ data->selected_version);
+ eap_sim_msg_add(msg, EAP_SIM_AT_SELECTED_VERSION,
+ data->selected_version, NULL, 0);
+ }
+
+ if (identity) {
+ wpa_hexdump_ascii(MSG_DEBUG, " AT_IDENTITY",
+ identity, identity_len);
+ eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
+ identity, identity_len);
+ }
+
+ return eap_sim_msg_finish(msg, respDataLen, NULL, NULL, 0);
+}
+
+
+static u8 * eap_sim_response_challenge(struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen)
+{
+ struct eap_sim_msg *msg;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-SIM Challenge (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE);
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ return eap_sim_msg_finish(msg, respDataLen, data->k_aut,
+ (u8 *) data->sres,
+ data->num_chal * EAP_SIM_SRES_LEN);
+}
+
+
+static u8 * eap_sim_response_reauth(struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen, int counter_too_small)
+{
+ struct eap_sim_msg *msg;
+ unsigned int counter;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-SIM Reauthentication (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_SIM,
+ EAP_SIM_SUBTYPE_REAUTHENTICATION);
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
+
+ if (counter_too_small) {
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER_TOO_SMALL");
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
+ counter = data->counter_too_small;
+ } else
+ counter = data->counter;
+
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
+
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
+ "AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ return eap_sim_msg_finish(msg, respDataLen, data->k_aut, data->nonce_s,
+ EAP_SIM_NONCE_S_LEN);
+}
+
+
+static u8 * eap_sim_response_notification(struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ u16 notification)
+{
+ struct eap_sim_msg *msg;
+ u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
+
+ wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)",
+ req->identifier);
+ msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
+ EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
+ wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
+ eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, notification, NULL, 0);
+ if (k_aut && data->reauth) {
+ wpa_printf(MSG_DEBUG, " AT_IV");
+ wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
+ eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
+ EAP_SIM_AT_ENCR_DATA);
+ wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
+ eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
+ NULL, 0);
+ if (eap_sim_msg_add_encr_end(msg, data->k_encr,
+ EAP_SIM_AT_PADDING)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
+ "AT_ENCR_DATA");
+ eap_sim_msg_free(msg);
+ return NULL;
+ }
+ }
+ if (k_aut) {
+ wpa_printf(MSG_DEBUG, " AT_MAC");
+ eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
+ }
+ return eap_sim_msg_finish(msg, respDataLen, k_aut, (u8 *) "", 0);
+}
+
+
+static u8 * eap_sim_process_start(struct eap_sm *sm, struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ int selected_version = -1, id_error;
+ size_t i;
+ u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Start");
+ if (attr->version_list == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SIM: No AT_VERSION_LIST in "
+ "SIM/Start");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNSUPPORTED_VERSION);
+ }
+
+ os_free(data->ver_list);
+ data->ver_list = os_malloc(attr->version_list_len);
+ if (data->ver_list == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to allocate "
+ "memory for version list");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+ os_memcpy(data->ver_list, attr->version_list, attr->version_list_len);
+ data->ver_list_len = attr->version_list_len;
+ pos = data->ver_list;
+ for (i = 0; i < data->ver_list_len / 2; i++) {
+ int ver = pos[0] * 256 + pos[1];
+ pos += 2;
+ if (eap_sim_supported_ver(ver)) {
+ selected_version = ver;
+ break;
+ }
+ }
+ if (selected_version < 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Could not find a supported "
+ "version");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNSUPPORTED_VERSION);
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Selected Version %d",
+ selected_version);
+ data->selected_version = selected_version;
+
+ id_error = 0;
+ switch (attr->id_req) {
+ case NO_ID_REQ:
+ break;
+ case ANY_ID:
+ if (data->num_id_req > 0)
+ id_error++;
+ data->num_id_req++;
+ break;
+ case FULLAUTH_ID:
+ if (data->num_id_req > 1)
+ id_error++;
+ data->num_id_req++;
+ break;
+ case PERMANENT_ID:
+ if (data->num_id_req > 2)
+ id_error++;
+ data->num_id_req++;
+ break;
+ }
+ if (id_error) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Too many ID requests "
+ "used within one authentication");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ return eap_sim_response_start(sm, data, req, respDataLen,
+ attr->id_req);
+}
+
+
+static u8 * eap_sim_process_challenge(struct eap_sm *sm,
+ struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ const u8 *identity;
+ size_t identity_len;
+ struct eap_sim_attrs eattr;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Challenge");
+ data->reauth = 0;
+ if (!attr->mac || !attr->rand) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
+ "did not include%s%s",
+ !attr->mac ? " AT_MAC" : "",
+ !attr->rand ? " AT_RAND" : "");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: %lu challenges",
+ (unsigned long) attr->num_chal);
+ if (attr->num_chal < data->min_num_chal) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Insufficient number of "
+ "challenges (%lu)", (unsigned long) attr->num_chal);
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_INSUFFICIENT_NUM_OF_CHAL);
+ }
+ if (attr->num_chal > 3) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Too many challenges "
+ "(%lu)", (unsigned long) attr->num_chal);
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ /* Verify that RANDs are different */
+ if (os_memcmp(attr->rand, attr->rand + GSM_RAND_LEN,
+ GSM_RAND_LEN) == 0 ||
+ (attr->num_chal > 2 &&
+ (os_memcmp(attr->rand, attr->rand + 2 * GSM_RAND_LEN,
+ GSM_RAND_LEN) == 0 ||
+ os_memcmp(attr->rand + GSM_RAND_LEN,
+ attr->rand + 2 * GSM_RAND_LEN,
+ GSM_RAND_LEN) == 0))) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Same RAND used multiple times");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_RAND_NOT_FRESH);
+ }
+
+ os_memcpy(data->rand, attr->rand, attr->num_chal * GSM_RAND_LEN);
+ data->num_chal = attr->num_chal;
+
+ if (eap_sim_gsm_auth(sm, data)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: GSM authentication failed");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+ if (data->last_eap_identity) {
+ identity = data->last_eap_identity;
+ identity_len = data->last_eap_identity_len;
+ } else if (data->pseudonym) {
+ identity = data->pseudonym;
+ identity_len = data->pseudonym_len;
+ } else
+ identity = eap_get_config_identity(sm, &identity_len);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Selected identity for MK "
+ "derivation", identity, identity_len);
+ eap_sim_derive_mk(identity, identity_len, data->nonce_mt,
+ data->selected_version, data->ver_list,
+ data->ver_list_len, data->num_chal,
+ (const u8 *) data->kc, data->mk);
+ eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
+ data->emsk);
+ if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
+ attr->mac, data->nonce_mt,
+ EAP_SIM_NONCE_MT_LEN)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
+ "used invalid AT_MAC");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ /* Old reauthentication and pseudonym identities must not be used
+ * anymore. In other words, if no new identities are received, full
+ * authentication will be used on next reauthentication. */
+ eap_sim_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
+ CLEAR_EAP_ID);
+
+ if (attr->encr_data) {
+ u8 *decrypted;
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv,
+ &eattr, 0);
+ if (decrypted == NULL) {
+ return eap_sim_client_error(
+ data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+ eap_sim_learn_ids(data, &eattr);
+ os_free(decrypted);
+ }
+
+ if (data->state != FAILURE)
+ data->state = SUCCESS;
+
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ /* RFC 4186 specifies that counter is initialized to one after
+ * fullauth, but initializing it to zero makes it easier to implement
+ * reauth verification. */
+ data->counter = 0;
+ return eap_sim_response_challenge(data, req, respDataLen);
+}
+
+
+static int eap_sim_process_notification_reauth(struct eap_sim_data *data,
+ struct eap_sim_attrs *attr)
+{
+ struct eap_sim_attrs eattr;
+ u8 *decrypted;
+
+ if (attr->encr_data == NULL || attr->iv == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Notification message after "
+ "reauth did not include encrypted data");
+ return -1;
+ }
+
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv, &eattr,
+ 0);
+ if (decrypted == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
+ "data from notification message");
+ return -1;
+ }
+
+ if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Counter in notification "
+ "message does not match with counter in reauth "
+ "message");
+ os_free(decrypted);
+ return -1;
+ }
+
+ os_free(decrypted);
+ return 0;
+}
+
+
+static int eap_sim_process_notification_auth(struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ struct eap_sim_attrs *attr)
+{
+ if (attr->mac == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SIM: no AT_MAC in after_auth "
+ "Notification message");
+ return -1;
+ }
+
+ if (eap_sim_verify_mac(data->k_aut, (u8 *) req, reqDataLen, attr->mac,
+ (u8 *) "", 0)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Notification message "
+ "used invalid AT_MAC");
+ return -1;
+ }
+
+ if (data->reauth &&
+ eap_sim_process_notification_reauth(data, attr)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Invalid notification "
+ "message after reauth");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static u8 * eap_sim_process_notification(struct eap_sm *sm,
+ struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Notification");
+ if (data->num_notification > 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: too many notification "
+ "rounds (only one allowed)");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+ data->num_notification++;
+ if (attr->notification == -1) {
+ wpa_printf(MSG_INFO, "EAP-SIM: no AT_NOTIFICATION in "
+ "Notification message");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if ((attr->notification & 0x4000) == 0 &&
+ eap_sim_process_notification_auth(data, req, reqDataLen, attr)) {
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ eap_sim_report_notification(sm->msg_ctx, attr->notification, 0);
+ if (attr->notification >= 0 && attr->notification < 32768) {
+ data->state = FAILURE;
+ }
+ return eap_sim_response_notification(data, req, respDataLen,
+ attr->notification);
+}
+
+
+static u8 * eap_sim_process_reauthentication(struct eap_sm *sm,
+ struct eap_sim_data *data,
+ const struct eap_hdr *req,
+ size_t reqDataLen,
+ size_t *respDataLen,
+ struct eap_sim_attrs *attr)
+{
+ struct eap_sim_attrs eattr;
+ u8 *decrypted;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Reauthentication");
+
+ if (data->reauth_id == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Server is trying "
+ "reauthentication, but no reauth_id available");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ data->reauth = 1;
+ if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
+ attr->mac, (u8 *) "", 0)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
+ "did not have valid AT_MAC");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (attr->encr_data == NULL || attr->iv == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
+ "message did not include encrypted data");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
+ attr->encr_data_len, attr->iv, &eattr,
+ 0);
+ if (decrypted == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
+ "data from reauthentication message");
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (eattr.nonce_s == NULL || eattr.counter < 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) No%s%s in reauth packet",
+ !eattr.nonce_s ? " AT_NONCE_S" : "",
+ eattr.counter < 0 ? " AT_COUNTER" : "");
+ os_free(decrypted);
+ return eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ }
+
+ if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid counter "
+ "(%d <= %d)", eattr.counter, data->counter);
+ data->counter_too_small = eattr.counter;
+ /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
+ * reauth_id must not be used to start a new reauthentication.
+ * However, since it was used in the last EAP-Response-Identity
+ * packet, it has to saved for the following fullauth to be
+ * used in MK derivation. */
+ os_free(data->last_eap_identity);
+ data->last_eap_identity = data->reauth_id;
+ data->last_eap_identity_len = data->reauth_id_len;
+ data->reauth_id = NULL;
+ data->reauth_id_len = 0;
+ os_free(decrypted);
+ return eap_sim_response_reauth(data, req, respDataLen, 1);
+ }
+ data->counter = eattr.counter;
+
+ os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: (encr) AT_NONCE_S",
+ data->nonce_s, EAP_SIM_NONCE_S_LEN);
+
+ eap_sim_derive_keys_reauth(data->counter,
+ data->reauth_id, data->reauth_id_len,
+ data->nonce_s, data->mk, data->msk,
+ data->emsk);
+ eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
+ eap_sim_learn_ids(data, &eattr);
+
+ if (data->state != FAILURE)
+ data->state = SUCCESS;
+
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ if (data->counter > EAP_SIM_MAX_FAST_REAUTHS) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Maximum number of "
+ "fast reauths performed - force fullauth");
+ eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
+ }
+ os_free(decrypted);
+ return eap_sim_response_reauth(data, req, respDataLen, 0);
+}
+
+
+static u8 * eap_sim_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_sim_data *data = priv;
+ const struct eap_hdr *req;
+ u8 subtype, *res;
+ const u8 *pos;
+ struct eap_sim_attrs attr;
+ size_t len;
+
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: EAP data", reqData, reqDataLen);
+ if (eap_get_config_identity(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Identity not configured");
+ eap_sm_request_identity(sm);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < 1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ req = (const struct eap_hdr *) reqData;
+ len = be_to_host16(req->length);
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ subtype = *pos++;
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Subtype=%d", subtype);
+ pos += 2; /* Reserved */
+
+ if (eap_sim_parse_attr(pos, reqData + len, &attr, 0, 0)) {
+ res = eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ goto done;
+ }
+
+ switch (subtype) {
+ case EAP_SIM_SUBTYPE_START:
+ res = eap_sim_process_start(sm, data, req,
+ respDataLen, &attr);
+ break;
+ case EAP_SIM_SUBTYPE_CHALLENGE:
+ res = eap_sim_process_challenge(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_SIM_SUBTYPE_NOTIFICATION:
+ res = eap_sim_process_notification(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_SIM_SUBTYPE_REAUTHENTICATION:
+ res = eap_sim_process_reauthentication(sm, data, req, len,
+ respDataLen, &attr);
+ break;
+ case EAP_SIM_SUBTYPE_CLIENT_ERROR:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Client-Error");
+ res = eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown subtype=%d", subtype);
+ res = eap_sim_client_error(data, req, respDataLen,
+ EAP_SIM_UNABLE_TO_PROCESS_PACKET);
+ break;
+ }
+
+done:
+ if (data->state == FAILURE) {
+ ret->decision = DECISION_FAIL;
+ ret->methodState = METHOD_DONE;
+ } else if (data->state == SUCCESS) {
+ ret->decision = DECISION_COND_SUCC;
+ ret->methodState = METHOD_DONE;
+ }
+
+ if (ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ }
+
+ return res;
+}
+
+
+static Boolean eap_sim_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_sim_data *data = priv;
+ return data->pseudonym || data->reauth_id;
+}
+
+
+static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_sim_data *data = priv;
+ eap_sim_clear_identities(data, CLEAR_EAP_ID);
+}
+
+
+static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_sim_data *data = priv;
+ if (hostapd_get_rand(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
+ "for NONCE_MT");
+ os_free(data);
+ return NULL;
+ }
+ data->num_id_req = 0;
+ data->num_notification = 0;
+ data->state = CONTINUE;
+ return priv;
+}
+
+
+static const u8 * eap_sim_get_identity(struct eap_sm *sm, void *priv,
+ size_t *len)
+{
+ struct eap_sim_data *data = priv;
+
+ if (data->reauth_id) {
+ *len = data->reauth_id_len;
+ return data->reauth_id;
+ }
+
+ if (data->pseudonym) {
+ *len = data->pseudonym_len;
+ return data->pseudonym;
+ }
+
+ return NULL;
+}
+
+
+static Boolean eap_sim_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_sim_data *data = priv;
+ return data->state == SUCCESS;
+}
+
+
+static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_sim_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_SIM_KEYING_DATA_LEN;
+ os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
+
+ return key;
+}
+
+
+static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_sim_data *data = priv;
+ u8 *key;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ os_memcpy(key, data->emsk, EAP_EMSK_LEN);
+
+ return key;
+}
+
+
+int eap_peer_sim_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_sim_init;
+ eap->deinit = eap_sim_deinit;
+ eap->process = eap_sim_process;
+ eap->isKeyAvailable = eap_sim_isKeyAvailable;
+ eap->getKey = eap_sim_getKey;
+ eap->has_reauth_data = eap_sim_has_reauth_data;
+ eap->deinit_for_reauth = eap_sim_deinit_for_reauth;
+ eap->init_for_reauth = eap_sim_init_for_reauth;
+ eap->get_identity = eap_sim_get_identity;
+ eap->get_emsk = eap_sim_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer: EAP-SIM/AKA shared routines
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "sha1.h"
+#include "crypto.h"
+#include "aes_wrap.h"
+#include "eap_sim_common.h"
+
+
+static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
+{
+ return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
+}
+
+
+void eap_sim_derive_mk(const u8 *identity, size_t identity_len,
+ const u8 *nonce_mt, u16 selected_version,
+ const u8 *ver_list, size_t ver_list_len,
+ int num_chal, const u8 *kc, u8 *mk)
+{
+ u8 sel_ver[2];
+ const unsigned char *addr[5];
+ size_t len[5];
+
+ addr[0] = identity;
+ len[0] = identity_len;
+ addr[1] = kc;
+ len[1] = num_chal * EAP_SIM_KC_LEN;
+ addr[2] = nonce_mt;
+ len[2] = EAP_SIM_NONCE_MT_LEN;
+ addr[3] = ver_list;
+ len[3] = ver_list_len;
+ addr[4] = sel_ver;
+ len[4] = 2;
+
+ WPA_PUT_BE16(sel_ver, selected_version);
+
+ /* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
+ sha1_vector(5, addr, len, mk);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN);
+}
+
+
+void eap_aka_derive_mk(const u8 *identity, size_t identity_len,
+ const u8 *ik, const u8 *ck, u8 *mk)
+{
+ const u8 *addr[3];
+ size_t len[3];
+
+ addr[0] = identity;
+ len[0] = identity_len;
+ addr[1] = ik;
+ len[1] = EAP_AKA_IK_LEN;
+ addr[2] = ck;
+ len[2] = EAP_AKA_CK_LEN;
+
+ /* MK = SHA1(Identity|IK|CK) */
+ sha1_vector(3, addr, len, mk);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", ik, EAP_AKA_IK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", ck, EAP_AKA_CK_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: MK", mk, EAP_SIM_MK_LEN);
+}
+
+
+int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, u8 *emsk)
+{
+ u8 buf[EAP_SIM_K_ENCR_LEN + EAP_SIM_K_AUT_LEN +
+ EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN], *pos;
+ if (eap_sim_prf(mk, buf, sizeof(buf)) < 0) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys");
+ return -1;
+ }
+ pos = buf;
+ os_memcpy(k_encr, pos, EAP_SIM_K_ENCR_LEN);
+ pos += EAP_SIM_K_ENCR_LEN;
+ os_memcpy(k_aut, pos, EAP_SIM_K_AUT_LEN);
+ pos += EAP_SIM_K_AUT_LEN;
+ os_memcpy(msk, pos, EAP_SIM_KEYING_DATA_LEN);
+ pos += EAP_SIM_KEYING_DATA_LEN;
+ os_memcpy(emsk, pos, EAP_EMSK_LEN);
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_encr",
+ k_encr, EAP_SIM_K_ENCR_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_aut",
+ k_aut, EAP_SIM_K_AUT_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: keying material (MSK)",
+ msk, EAP_SIM_KEYING_DATA_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN);
+ os_memset(buf, 0, sizeof(buf));
+
+ return 0;
+}
+
+
+int eap_sim_derive_keys_reauth(u16 _counter,
+ const u8 *identity, size_t identity_len,
+ const u8 *nonce_s, const u8 *mk, u8 *msk,
+ u8 *emsk)
+{
+ u8 xkey[SHA1_MAC_LEN];
+ u8 buf[EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN + 32];
+ u8 counter[2];
+ const u8 *addr[4];
+ size_t len[4];
+
+ while (identity_len > 0 && identity[identity_len - 1] == 0) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop null "
+ "character from the end of identity");
+ identity_len--;
+ }
+ addr[0] = identity;
+ len[0] = identity_len;
+ addr[1] = counter;
+ len[1] = 2;
+ addr[2] = nonce_s;
+ len[2] = EAP_SIM_NONCE_S_LEN;
+ addr[3] = mk;
+ len[3] = EAP_SIM_MK_LEN;
+
+ WPA_PUT_BE16(counter, _counter);
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Deriving keying data from reauth");
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity",
+ identity, identity_len);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: counter", counter, 2);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: NONCE_S", nonce_s,
+ EAP_SIM_NONCE_S_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN);
+
+ /* XKEY' = SHA1(Identity|counter|NONCE_S|MK) */
+ sha1_vector(4, addr, len, xkey);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: XKEY'", xkey, SHA1_MAC_LEN);
+
+ if (eap_sim_prf(xkey, buf, sizeof(buf)) < 0) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys");
+ return -1;
+ }
+ if (msk) {
+ os_memcpy(msk, buf, EAP_SIM_KEYING_DATA_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: keying material (MSK)",
+ msk, EAP_SIM_KEYING_DATA_LEN);
+ }
+ if (emsk) {
+ os_memcpy(emsk, buf + EAP_SIM_KEYING_DATA_LEN, EAP_EMSK_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN);
+ }
+ os_memset(buf, 0, sizeof(buf));
+
+ return 0;
+}
+
+
+int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len,
+ const u8 *mac, const u8 *extra, size_t extra_len)
+{
+ unsigned char hmac[SHA1_MAC_LEN];
+ const u8 *addr[2];
+ size_t len[2];
+ u8 *tmp;
+
+ if (mac == NULL || req_len < EAP_SIM_MAC_LEN || mac < req ||
+ mac > req + req_len - EAP_SIM_MAC_LEN)
+ return -1;
+
+ tmp = os_malloc(req_len);
+ if (tmp == NULL)
+ return -1;
+
+ addr[0] = tmp;
+ len[0] = req_len;
+ addr[1] = extra;
+ len[1] = extra_len;
+
+ /* HMAC-SHA1-128 */
+ os_memcpy(tmp, req, req_len);
+ os_memset(tmp + (mac - req), 0, EAP_SIM_MAC_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - msg", tmp, req_len);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - extra data",
+ extra, extra_len);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Verify MAC - K_aut",
+ k_aut, EAP_SIM_K_AUT_LEN);
+ hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC: MAC",
+ hmac, EAP_SIM_MAC_LEN);
+ os_free(tmp);
+
+ return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
+}
+
+
+void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac,
+ const u8 *extra, size_t extra_len)
+{
+ unsigned char hmac[SHA1_MAC_LEN];
+ const u8 *addr[2];
+ size_t len[2];
+
+ addr[0] = msg;
+ len[0] = msg_len;
+ addr[1] = extra;
+ len[1] = extra_len;
+
+ /* HMAC-SHA1-128 */
+ os_memset(mac, 0, EAP_SIM_MAC_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - msg", msg, msg_len);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - extra data",
+ extra, extra_len);
+ wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Add MAC - K_aut",
+ k_aut, EAP_SIM_K_AUT_LEN);
+ hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac);
+ os_memcpy(mac, hmac, EAP_SIM_MAC_LEN);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC: MAC",
+ mac, EAP_SIM_MAC_LEN);
+}
+
+
+int eap_sim_parse_attr(const u8 *start, const u8 *end,
+ struct eap_sim_attrs *attr, int aka, int encr)
+{
+ const u8 *pos = start, *apos;
+ size_t alen, plen, i, list_len;
+
+ os_memset(attr, 0, sizeof(*attr));
+ attr->id_req = NO_ID_REQ;
+ attr->notification = -1;
+ attr->counter = -1;
+ attr->selected_version = -1;
+ attr->client_error_code = -1;
+
+ while (pos < end) {
+ if (pos + 2 > end) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow(1)");
+ return -1;
+ }
+ wpa_printf(MSG_MSGDUMP, "EAP-SIM: Attribute: Type=%d Len=%d",
+ pos[0], pos[1] * 4);
+ if (pos + pos[1] * 4 > end) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow "
+ "(pos=%p len=%d end=%p)",
+ pos, pos[1] * 4, end);
+ return -1;
+ }
+ if (pos[1] == 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Attribute underflow");
+ return -1;
+ }
+ apos = pos + 2;
+ alen = pos[1] * 4 - 2;
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Attribute data",
+ apos, alen);
+
+ switch (pos[0]) {
+ case EAP_SIM_AT_RAND:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RAND");
+ apos += 2;
+ alen -= 2;
+ if ((!aka && (alen % GSM_RAND_LEN)) ||
+ (aka && alen != EAP_AKA_RAND_LEN)) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RAND"
+ " (len %lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->rand = apos;
+ attr->num_chal = alen / GSM_RAND_LEN;
+ break;
+ case EAP_SIM_AT_AUTN:
+ wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTN");
+ if (!aka) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: "
+ "Unexpected AT_AUTN");
+ return -1;
+ }
+ apos += 2;
+ alen -= 2;
+ if (alen != EAP_AKA_AUTN_LEN) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTN"
+ " (len %lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->autn = apos;
+ break;
+ case EAP_SIM_AT_PADDING:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_PADDING");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_PADDING");
+ for (i = 2; i < alen; i++) {
+ if (apos[i] != 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) "
+ "AT_PADDING used a non-zero"
+ " padding byte");
+ wpa_hexdump(MSG_DEBUG, "EAP-SIM: "
+ "(encr) padding bytes",
+ apos + 2, alen - 2);
+ return -1;
+ }
+ }
+ break;
+ case EAP_SIM_AT_NONCE_MT:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NONCE_MT");
+ if (alen != 2 + EAP_SIM_NONCE_MT_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_NONCE_MT length");
+ return -1;
+ }
+ attr->nonce_mt = apos + 2;
+ break;
+ case EAP_SIM_AT_PERMANENT_ID_REQ:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_PERMANENT_ID_REQ");
+ attr->id_req = PERMANENT_ID;
+ break;
+ case EAP_SIM_AT_MAC:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_MAC");
+ if (alen != 2 + EAP_SIM_MAC_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_MAC "
+ "length");
+ return -1;
+ }
+ attr->mac = apos + 2;
+ break;
+ case EAP_SIM_AT_NOTIFICATION:
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_NOTIFICATION length %lu",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->notification = apos[0] * 256 + apos[1];
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NOTIFICATION %d",
+ attr->notification);
+ break;
+ case EAP_SIM_AT_ANY_ID_REQ:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ANY_ID_REQ");
+ attr->id_req = ANY_ID;
+ break;
+ case EAP_SIM_AT_IDENTITY:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
+ attr->identity = apos + 2;
+ attr->identity_len = alen - 2;
+ break;
+ case EAP_SIM_AT_VERSION_LIST:
+ if (aka) {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: "
+ "Unexpected AT_VERSION_LIST");
+ return -1;
+ }
+ list_len = apos[0] * 256 + apos[1];
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_VERSION_LIST");
+ if (list_len < 2 || list_len > alen - 2) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
+ "AT_VERSION_LIST (list_len=%lu "
+ "attr_len=%lu)",
+ (unsigned long) list_len,
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->version_list = apos + 2;
+ attr->version_list_len = list_len;
+ break;
+ case EAP_SIM_AT_SELECTED_VERSION:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION");
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_SELECTED_VERSION length %lu",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->selected_version = apos[0] * 256 + apos[1];
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION "
+ "%d", attr->selected_version);
+ break;
+ case EAP_SIM_AT_FULLAUTH_ID_REQ:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_FULLAUTH_ID_REQ");
+ attr->id_req = FULLAUTH_ID;
+ break;
+ case EAP_SIM_AT_COUNTER:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_COUNTER");
+ return -1;
+ }
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
+ "AT_COUNTER (alen=%lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->counter = apos[0] * 256 + apos[1];
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_COUNTER %d",
+ attr->counter);
+ break;
+ case EAP_SIM_AT_COUNTER_TOO_SMALL:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_COUNTER_TOO_SMALL");
+ return -1;
+ }
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
+ "AT_COUNTER_TOO_SMALL (alen=%lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
+ "AT_COUNTER_TOO_SMALL");
+ attr->counter_too_small = 1;
+ break;
+ case EAP_SIM_AT_NONCE_S:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_NONCE_S");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
+ "AT_NONCE_S");
+ if (alen != 2 + EAP_SIM_NONCE_S_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
+ "AT_NONCE_S (alen=%lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->nonce_s = apos + 2;
+ break;
+ case EAP_SIM_AT_CLIENT_ERROR_CODE:
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_CLIENT_ERROR_CODE length %lu",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->client_error_code = apos[0] * 256 + apos[1];
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_CLIENT_ERROR_CODE "
+ "%d", attr->client_error_code);
+ break;
+ case EAP_SIM_AT_IV:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IV");
+ if (alen != 2 + EAP_SIM_MAC_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_IV "
+ "length %lu", (unsigned long) alen);
+ return -1;
+ }
+ attr->iv = apos + 2;
+ break;
+ case EAP_SIM_AT_ENCR_DATA:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ENCR_DATA");
+ attr->encr_data = apos + 2;
+ attr->encr_data_len = alen - 2;
+ if (attr->encr_data_len % 16) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_ENCR_DATA length %lu",
+ (unsigned long)
+ attr->encr_data_len);
+ return -1;
+ }
+ break;
+ case EAP_SIM_AT_NEXT_PSEUDONYM:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_NEXT_PSEUDONYM");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
+ "AT_NEXT_PSEUDONYM");
+ plen = apos[0] * 256 + apos[1];
+ if (plen > alen - 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid"
+ " AT_NEXT_PSEUDONYM (actual"
+ " len %lu, attr len %lu)",
+ (unsigned long) plen,
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->next_pseudonym = pos + 4;
+ attr->next_pseudonym_len = plen;
+ break;
+ case EAP_SIM_AT_NEXT_REAUTH_ID:
+ if (!encr) {
+ wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
+ "AT_NEXT_REAUTH_ID");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
+ "AT_NEXT_REAUTH_ID");
+ plen = apos[0] * 256 + apos[1];
+ if (plen > alen - 2) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid"
+ " AT_NEXT_REAUTH_ID (actual"
+ " len %lu, attr len %lu)",
+ (unsigned long) plen,
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->next_reauth_id = pos + 4;
+ attr->next_reauth_id_len = plen;
+ break;
+ case EAP_SIM_AT_RES:
+ wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RES");
+ apos += 2;
+ alen -= 2;
+ if (!aka || alen < EAP_AKA_MIN_RES_LEN ||
+ alen > EAP_AKA_MAX_RES_LEN) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RES "
+ "(len %lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->res = apos;
+ attr->res_len = alen;
+ break;
+ case EAP_SIM_AT_AUTS:
+ wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTS");
+ if (!aka) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: "
+ "Unexpected AT_AUTS");
+ return -1;
+ }
+ if (alen != EAP_AKA_AUTS_LEN) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTS"
+ " (len %lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->auts = apos;
+ break;
+ default:
+ if (pos[0] < 128) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Unrecognized "
+ "non-skippable attribute %d",
+ pos[0]);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Unrecognized skippable"
+ " attribute %d ignored", pos[0]);
+ break;
+ }
+
+ pos += pos[1] * 4;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Attributes parsed successfully "
+ "(aka=%d encr=%d)", aka, encr);
+
+ return 0;
+}
+
+
+u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data,
+ size_t encr_data_len, const u8 *iv,
+ struct eap_sim_attrs *attr, int aka)
+{
+ u8 *decrypted;
+
+ if (!iv) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Encrypted data, but no IV");
+ return NULL;
+ }
+
+ decrypted = os_malloc(encr_data_len);
+ if (decrypted == NULL)
+ return NULL;
+ os_memcpy(decrypted, encr_data, encr_data_len);
+
+ aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len);
+ wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Decrypted AT_ENCR_DATA",
+ decrypted, encr_data_len);
+
+ if (eap_sim_parse_attr(decrypted, decrypted + encr_data_len, attr,
+ aka, 1)) {
+ wpa_printf(MSG_INFO, "EAP-SIM: (encr) Failed to parse "
+ "decrypted AT_ENCR_DATA");
+ os_free(decrypted);
+ return NULL;
+ }
+
+ return decrypted;
+}
+
+
+#define EAP_SIM_INIT_LEN 128
+
+struct eap_sim_msg {
+ u8 *buf;
+ size_t buf_len, used;
+ size_t mac, iv, encr; /* index from buf */
+};
+
+
+struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype)
+{
+ struct eap_sim_msg *msg;
+ struct eap_hdr *eap;
+ u8 *pos;
+
+ msg = os_zalloc(sizeof(*msg));
+ if (msg == NULL)
+ return NULL;
+
+ msg->buf = os_zalloc(EAP_SIM_INIT_LEN);
+ if (msg->buf == NULL) {
+ os_free(msg);
+ return NULL;
+ }
+ msg->buf_len = EAP_SIM_INIT_LEN;
+ eap = (struct eap_hdr *) msg->buf;
+ eap->code = code;
+ eap->identifier = id;
+ msg->used = sizeof(*eap);
+
+ pos = (u8 *) (eap + 1);
+ *pos++ = type;
+ *pos++ = subtype;
+ *pos++ = 0; /* Reserved */
+ *pos++ = 0; /* Reserved */
+ msg->used += 4;
+
+ return msg;
+}
+
+
+u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut,
+ const u8 *extra, size_t extra_len)
+{
+ struct eap_hdr *eap;
+ u8 *buf;
+
+ if (msg == NULL)
+ return NULL;
+
+ eap = (struct eap_hdr *) msg->buf;
+ eap->length = host_to_be16(msg->used);
+
+ if (k_aut && msg->mac) {
+ eap_sim_add_mac(k_aut, msg->buf, msg->used,
+ msg->buf + msg->mac, extra, extra_len);
+ }
+
+ *len = msg->used;
+ buf = msg->buf;
+ os_free(msg);
+ return buf;
+}
+
+
+void eap_sim_msg_free(struct eap_sim_msg *msg)
+{
+ if (msg) {
+ os_free(msg->buf);
+ os_free(msg);
+ }
+}
+
+
+static int eap_sim_msg_resize(struct eap_sim_msg *msg, size_t add_len)
+{
+ if (msg->used + add_len > msg->buf_len) {
+ u8 *nbuf = os_realloc(msg->buf, msg->used + add_len);
+ if (nbuf == NULL)
+ return -1;
+ msg->buf = nbuf;
+ msg->buf_len = msg->used + add_len;
+ }
+ return 0;
+}
+
+
+u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr,
+ const u8 *data, size_t len)
+{
+ int attr_len = 2 + len;
+ int pad_len;
+ u8 *start, *pos;
+
+ if (msg == NULL)
+ return NULL;
+
+ pad_len = (4 - attr_len % 4) % 4;
+ attr_len += pad_len;
+ if (eap_sim_msg_resize(msg, attr_len))
+ return NULL;
+ start = pos = msg->buf + msg->used;
+ *pos++ = attr;
+ *pos++ = attr_len / 4;
+ os_memcpy(pos, data, len);
+ if (pad_len) {
+ pos += len;
+ os_memset(pos, 0, pad_len);
+ }
+ msg->used += attr_len;
+ return start;
+}
+
+
+u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, u16 value,
+ const u8 *data, size_t len)
+{
+ int attr_len = 4 + len;
+ int pad_len;
+ u8 *start, *pos;
+
+ if (msg == NULL)
+ return NULL;
+
+ pad_len = (4 - attr_len % 4) % 4;
+ attr_len += pad_len;
+ if (eap_sim_msg_resize(msg, attr_len))
+ return NULL;
+ start = pos = msg->buf + msg->used;
+ *pos++ = attr;
+ *pos++ = attr_len / 4;
+ WPA_PUT_BE16(pos, value);
+ pos += 2;
+ if (data)
+ os_memcpy(pos, data, len);
+ if (pad_len) {
+ pos += len;
+ os_memset(pos, 0, pad_len);
+ }
+ msg->used += attr_len;
+ return start;
+}
+
+
+u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr)
+{
+ u8 *pos = eap_sim_msg_add(msg, attr, 0, NULL, EAP_SIM_MAC_LEN);
+ if (pos)
+ msg->mac = (pos - msg->buf) + 4;
+ return pos;
+}
+
+
+int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
+ u8 attr_encr)
+{
+ u8 *pos = eap_sim_msg_add(msg, attr_iv, 0, NULL, EAP_SIM_IV_LEN);
+ if (pos == NULL)
+ return -1;
+ msg->iv = (pos - msg->buf) + 4;
+ if (hostapd_get_rand(msg->buf + msg->iv, EAP_SIM_IV_LEN)) {
+ msg->iv = 0;
+ return -1;
+ }
+
+ pos = eap_sim_msg_add(msg, attr_encr, 0, NULL, 0);
+ if (pos == NULL) {
+ msg->iv = 0;
+ return -1;
+ }
+ msg->encr = pos - msg->buf;
+
+ return 0;
+}
+
+
+int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, int attr_pad)
+{
+ size_t encr_len;
+
+ if (msg == NULL || k_encr == NULL || msg->iv == 0 || msg->encr == 0)
+ return -1;
+
+ encr_len = msg->used - msg->encr - 4;
+ if (encr_len % 16) {
+ u8 *pos;
+ int pad_len = 16 - (encr_len % 16);
+ if (pad_len < 4) {
+ wpa_printf(MSG_WARNING, "EAP-SIM: "
+ "eap_sim_msg_add_encr_end - invalid pad_len"
+ " %d", pad_len);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, " *AT_PADDING");
+ pos = eap_sim_msg_add(msg, attr_pad, 0, NULL, pad_len - 4);
+ if (pos == NULL)
+ return -1;
+ os_memset(pos + 4, 0, pad_len - 4);
+ encr_len += pad_len;
+ }
+ wpa_printf(MSG_DEBUG, " (AT_ENCR_DATA data len %lu)",
+ (unsigned long) encr_len);
+ msg->buf[msg->encr + 1] = encr_len / 4 + 1;
+ aes_128_cbc_encrypt(k_encr, msg->buf + msg->iv,
+ msg->buf + msg->encr + 4, encr_len);
+
+ return 0;
+}
+
+
+void eap_sim_report_notification(void *msg_ctx, int notification, int aka)
+{
+#ifndef CONFIG_NO_STDOUT_DEBUG
+ const char *type = aka ? "AKA" : "SIM";
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+ switch (notification) {
+ case EAP_SIM_GENERAL_FAILURE_AFTER_AUTH:
+ wpa_printf(MSG_WARNING, "EAP-%s: General failure "
+ "notification (after authentication)", type);
+ break;
+ case EAP_SIM_TEMPORARILY_DENIED:
+ wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: "
+ "User has been temporarily denied access to the "
+ "requested service", type);
+ break;
+ case EAP_SIM_NOT_SUBSCRIBED:
+ wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: "
+ "User has not subscribed to the requested service",
+ type);
+ break;
+ case EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH:
+ wpa_printf(MSG_WARNING, "EAP-%s: General failure "
+ "notification (before authentication)", type);
+ break;
+ case EAP_SIM_SUCCESS:
+ wpa_printf(MSG_INFO, "EAP-%s: Successful authentication "
+ "notification", type);
+ break;
+ default:
+ if (notification >= 32768) {
+ wpa_printf(MSG_INFO, "EAP-%s: Unrecognized "
+ "non-failure notification %d",
+ type, notification);
+ } else {
+ wpa_printf(MSG_WARNING, "EAP-%s: Unrecognized "
+ "failure notification %d",
+ type, notification);
+ }
+ }
+}
--- /dev/null
+/*
+ * EAP peer: EAP-SIM/AKA shared routines
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_SIM_COMMON_H
+#define EAP_SIM_COMMON_H
+
+#define EAP_SIM_NONCE_S_LEN 16
+#define EAP_SIM_NONCE_MT_LEN 16
+#define EAP_SIM_MAC_LEN 16
+#define EAP_SIM_MK_LEN 20
+#define EAP_SIM_K_AUT_LEN 16
+#define EAP_SIM_K_ENCR_LEN 16
+#define EAP_SIM_KEYING_DATA_LEN 64
+#define EAP_SIM_IV_LEN 16
+#define EAP_SIM_KC_LEN 8
+#define EAP_SIM_SRES_LEN 4
+
+#define GSM_RAND_LEN 16
+
+#define EAP_SIM_VERSION 1
+
+/* EAP-SIM Subtypes */
+#define EAP_SIM_SUBTYPE_START 10
+#define EAP_SIM_SUBTYPE_CHALLENGE 11
+#define EAP_SIM_SUBTYPE_NOTIFICATION 12
+#define EAP_SIM_SUBTYPE_REAUTHENTICATION 13
+#define EAP_SIM_SUBTYPE_CLIENT_ERROR 14
+
+/* AT_CLIENT_ERROR_CODE error codes */
+#define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0
+#define EAP_SIM_UNSUPPORTED_VERSION 1
+#define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2
+#define EAP_SIM_RAND_NOT_FRESH 3
+
+#define EAP_SIM_MAX_FAST_REAUTHS 1000
+
+#define EAP_SIM_MAX_CHAL 3
+
+
+/* EAP-AKA Subtypes */
+#define EAP_AKA_SUBTYPE_CHALLENGE 1
+#define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2
+#define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4
+#define EAP_AKA_SUBTYPE_IDENTITY 5
+#define EAP_AKA_SUBTYPE_NOTIFICATION 12
+#define EAP_AKA_SUBTYPE_REAUTHENTICATION 13
+#define EAP_AKA_SUBTYPE_CLIENT_ERROR 14
+
+/* AT_CLIENT_ERROR_CODE error codes */
+#define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0
+
+#define EAP_AKA_RAND_LEN 16
+#define EAP_AKA_AUTN_LEN 16
+#define EAP_AKA_AUTS_LEN 14
+#define EAP_AKA_RES_MAX_LEN 16
+#define EAP_AKA_IK_LEN 16
+#define EAP_AKA_CK_LEN 16
+#define EAP_AKA_MAX_FAST_REAUTHS 1000
+#define EAP_AKA_MIN_RES_LEN 4
+#define EAP_AKA_MAX_RES_LEN 16
+
+void eap_sim_derive_mk(const u8 *identity, size_t identity_len,
+ const u8 *nonce_mt, u16 selected_version,
+ const u8 *ver_list, size_t ver_list_len,
+ int num_chal, const u8 *kc, u8 *mk);
+void eap_aka_derive_mk(const u8 *identity, size_t identity_len,
+ const u8 *ik, const u8 *ck, u8 *mk);
+int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk,
+ u8 *emsk);
+int eap_sim_derive_keys_reauth(u16 _counter,
+ const u8 *identity, size_t identity_len,
+ const u8 *nonce_s, const u8 *mk, u8 *msk,
+ u8 *emsk);
+int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len,
+ const u8 *mac, const u8 *extra, size_t extra_len);
+void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac,
+ const u8 *extra, size_t extra_len);
+
+
+/* EAP-SIM/AKA Attributes (0..127 non-skippable) */
+#define EAP_SIM_AT_RAND 1
+#define EAP_SIM_AT_AUTN 2 /* only AKA */
+#define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */
+#define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */
+#define EAP_SIM_AT_PADDING 6 /* only encrypted */
+#define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */
+#define EAP_SIM_AT_PERMANENT_ID_REQ 10
+#define EAP_SIM_AT_MAC 11
+#define EAP_SIM_AT_NOTIFICATION 12
+#define EAP_SIM_AT_ANY_ID_REQ 13
+#define EAP_SIM_AT_IDENTITY 14 /* only send */
+#define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */
+#define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */
+#define EAP_SIM_AT_FULLAUTH_ID_REQ 17
+#define EAP_SIM_AT_COUNTER 19 /* only encrypted */
+#define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */
+#define EAP_SIM_AT_NONCE_S 21 /* only encrypted */
+#define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */
+#define EAP_SIM_AT_IV 129
+#define EAP_SIM_AT_ENCR_DATA 130
+#define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */
+#define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */
+#define EAP_SIM_AT_CHECKCODE 134 /* only AKA */
+#define EAP_SIM_AT_RESULT_IND 135
+
+/* AT_NOTIFICATION notification code values */
+#define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0
+#define EAP_SIM_TEMPORARILY_DENIED 1026
+#define EAP_SIM_NOT_SUBSCRIBED 1031
+#define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384
+#define EAP_SIM_SUCCESS 32768
+
+
+enum eap_sim_id_req {
+ NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID
+};
+
+
+struct eap_sim_attrs {
+ const u8 *rand, *autn, *mac, *iv, *encr_data, *version_list, *nonce_s;
+ const u8 *next_pseudonym, *next_reauth_id;
+ const u8 *nonce_mt, *identity, *res, *auts;
+ size_t num_chal, version_list_len, encr_data_len;
+ size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len;
+ enum eap_sim_id_req id_req;
+ int notification, counter, selected_version, client_error_code;
+ int counter_too_small;
+};
+
+int eap_sim_parse_attr(const u8 *start, const u8 *end,
+ struct eap_sim_attrs *attr, int aka, int encr);
+u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data,
+ size_t encr_data_len, const u8 *iv,
+ struct eap_sim_attrs *attr, int aka);
+
+
+struct eap_sim_msg;
+
+struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype);
+u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut,
+ const u8 *extra, size_t extra_len);
+void eap_sim_msg_free(struct eap_sim_msg *msg);
+u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr,
+ const u8 *data, size_t len);
+u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr,
+ u16 value, const u8 *data, size_t len);
+u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr);
+int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
+ u8 attr_encr);
+int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr,
+ int attr_pad);
+
+void eap_sim_report_notification(void *msg_ctx, int notification, int aka);
+
+#endif /* EAP_SIM_COMMON_H */
--- /dev/null
+Automatic regression and interoperability testing of wpa_supplicant's
+IEEE 802.1X/EAPOL authentication
+
+Test program:
+- Linked some parts of IEEE 802.1X Authenticator implementation from
+ hostapd (RADIUS client and RADIUS processing, EAP<->RADIUS
+ encapsulation/decapsulation) into wpa_supplicant.
+- Replaced wpa_supplicant.c and wpa.c with test code that trigger
+ IEEE 802.1X authentication automatically without need for wireless
+ client card or AP.
+- For EAP methods that generate keying material, the key derived by the
+ Supplicant is verified to match with the one received by the (now
+ integrated) Authenticator.
+
+The full automated test suite can now be run in couple of seconds, but
+I'm more than willing to add new RADIUS authentication servers to make
+this take a bit more time.. ;-) As an extra bonus, this can also be
+seen as automatic regression/interoperability testing for the RADIUS
+server, too.
+
+In order for me to be able to use a new authentication server, the
+server need to be available from Internet (at least from one static IP
+address) and I will need to get suitable user name/password pairs,
+certificates, and private keys for testing use. Other alternative
+would be to get an evaluation version of the server so that I can
+install it on my own test setup. If you are interested in providing
+either server access or evaluation version, please contact me
+(j@w1.fi).
+
+
+Test matrix
+
++) tested successfully
+F) failed
+-) server did not support
+?) not tested
+
+Cisco ACS ----------------------------------------------------------.
+hostapd --------------------------------------------------------. |
+Cisco Aironet 1200 AP (local RADIUS server) ----------------. | |
+Periodik Labs Elektron ---------------------------------. | | |
+Lucent NavisRadius ---------------------------------. | | | |
+Interlink RAD-Series ---------------------------. | | | | |
+Radiator -----------------------------------. | | | | | |
+Meetinghouse Aegis ---------------------. | | | | | | |
+Funk Steel-Belted ------------------. | | | | | | | |
+Funk Odyssey -------------------. | | | | | | | | |
+Microsoft IAS --------------. | | | | | | | | | |
+FreeRADIUS -------------. | | | | | | | | | | |
+ | | | | | | | | | | | |
+
+EAP-MD5 + - - + + + + + - - + +
+EAP-GTC + - - ? + + + + - - + -
+EAP-OTP - - - - - + - - - - - -
+EAP-MSCHAPv2 + - - + + + + + - - + -
+EAP-TLS + + + + + + + + - - + +
+EAP-PEAPv0/MSCHAPv2 + + + + + + + + + - + +
+EAP-PEAPv0/GTC + - + - + + + + - - + +
+EAP-PEAPv0/OTP - - - - - + - - - - - -
+EAP-PEAPv0/MD5 + - - + + + + + - - + -
+EAP-PEAPv0/TLS - + - + + + F + - - - -
+EAP-PEAPv1/MSCHAPv2 - - + + + +1 + +5 +8 - + +
+EAP-PEAPv1/GTC - - + + + +1 + +5 +8 - + +
+EAP-PEAPv1/OTP - - - - - +1 - - - - - -
+EAP-PEAPv1/MD5 - - - + + +1 + +5 - - + -
+EAP-PEAPv1/TLS - - - + + +1 F +5 - - - -
+EAP-TTLS/CHAP + - +2 + + + + + + - + -
+EAP-TTLS/MSCHAP + - + + + + + + + - + -
+EAP-TTLS/MSCHAPv2 + - + + + + + + + - + -
+EAP-TTLS/PAP + - + + + + + + + - + -
+EAP-TTLS/EAP-MD5 + - +2 + + + + + + - + -
+EAP-TTLS/EAP-GTC + - +2 ? + + + + - - + -
+EAP-TTLS/EAP-OTP - - - - - + - - - - - -
+EAP-TTLS/EAP-MSCHAPv2 + - +2 + + + + + + - + -
+EAP-TTLS/EAP-TLS - - +2 + F + + + - - - -
+EAP-SIM +3 - - ? - + - ? - - + -
+EAP-AKA - - - - - + - - - - + -
+EAP-PSK +7 - - - - - - - - - + -
+EAP-PAX - - - - - - - - - - + -
+EAP-SAKE - - - - - - - - - - + -
+EAP-GPSK - - - - - - - - - - + -
+EAP-FAST - - - + - - - - - + - +
+LEAP + - + + + + F +6 - + - +
+
+1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP
+ encryption", during key derivation (requires phase1="peaplabel=1" in the
+ network configuration in wpa_supplicant.conf)
+2) used FreeRADIUS as inner auth server
+3) required a patch to FreeRADIUS to fix EAP-SIM
+5) PEAPv1 required termination of negotiation on tunneled EAP-Success and new
+ label in key deriviation
+ (phase1="peap_outer_success=0 peaplabel=1") (in "IETF Draft 5" mode)
+6) Authenticator simulator required patching for handling Access-Accept within
+ negotiation (for the first EAP-Success of LEAP)
+7) EAP-PSK is not included in FreeRADIUS distribution; used external
+ rlm_eap_psk implementation from
+ http://perso.rd.francetelecom.fr/bersani/EAP_PSK/
+ EAP-PSKWindowsimplementations.html
+8) PEAPv1 used non-standard version negotiation (client had to force v1 even
+ though server reported v0 as the highest supported version)
+
+
+Automated tests:
+
+FreeRADIUS (1.0pre and CVS snapshot)
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-TTLS / CHAP
+- EAP-TTLS / PAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-SIM
+* not supported in FreeRADIUS
+ - EAP-PEAP / TLS (Unable to tunnel TLS inside of TLS)
+ - EAP-TTLS / EAP-TLS (Unable to tunnel TLS inside of TLS)
+
+Microsoft Windows Server 2003 / IAS
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / TLS
+- EAP-MD5
+* IAS does not seem to support other EAP methods
+
+Funk Odyssey 2.01.00.653
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / GTC
+ Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
+- EAP-TTLS / CHAP (using FreeRADIUS as inner auth srv)
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge (using FreeRADIUS as inner auth srv)
+- EAP-TTLS / EAP-GTC (using FreeRADIUS as inner auth srv)
+- EAP-TTLS / EAP-MSCHAPv2 (using FreeRADIUS as inner auth srv)
+- EAP-TTLS / EAP-TLS (using FreeRADIUS as inner auth srv)
+* not supported in Odyssey:
+ - EAP-MD5-Challenge
+ - EAP-GTC
+ - EAP-MSCHAPv2
+ - EAP-PEAP / MD5-Challenge
+ - EAP-PEAP / TLS
+
+Funk Steel-Belted Radius Enterprise Edition v4.71.739
+- EAP-MD5-Challenge
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / MD5
+- EAP-PEAPv0 / TLS
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / MD5
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / TLS
+ Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-TTLS / EAP-TLS
+
+Meetinghouse Aegis 1.1.4
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / TLS
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / TLS
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / MD5-Challenge
+ Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-MSCHAPv2
+* did not work
+ - EAP-TTLS / EAP-TLS
+ (Server rejects authentication without any reason in debug log. It
+ looks like the inner TLS negotiation starts properly and the last
+ packet from Supplicant looks like the one sent in the Phase 1. The
+ server generates a valid looking reply in the same way as in Phase
+ 1, but then ends up sending Access-Reject. Maybe an issue with TTLS
+ fragmentation in the Aegis server(?) The packet seems to include
+ 1328 bytes of EAP-Message and this may go beyond the fragmentation
+ limit with AVP encapsulation and TLS tunneling. Note: EAP-PEAP/TLS
+ did work, so this issue seems to be with something TTLS specific.)
+
+Radiator 3.9 (eval, with all patches up to and including 2004-08-30)
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-OTP
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / OTP
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-PEAPv0 / TLS
+ Note: Needed to use unknown identity in outer auth and some times the server
+ seems to get confused and fails to send proper Phase 2 data.
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / OTP
+- EAP-PEAPv1 / MD5-Challenge
+- EAP-PEAPv1 / TLS
+ Note: This has some additional requirements for EAPTLS_MaxFragmentSize.
+ Using 1300 for outer auth and 500 for inner auth seemed to work.
+ Note: Needed to use unknown identity in outer auth and some times the server
+ seems to get confused and fails to send proper Phase 2 data.
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-OTP
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-TTLS / EAP-TLS
+ Note: This has some additional requirements for EAPTLS_MaxFragmentSize.
+ Using 1300 for outer auth and 500 for inner auth seemed to work.
+- EAP-SIM
+- EAP-AKA
+
+Interlink Networks RAD-Series 6.1.2.7
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / MD5-Challenge
+ Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-TTLS / EAP-TLS
+* did not work
+ - EAP-PEAPv0 / TLS
+ - EAP-PEAPv1 / TLS
+ (Failed to decrypt Phase 2 data)
+
+Lucent NavisRadius 4.4.0
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / TLS
+- EAP-PEAPv1 / MD5-Challenge
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / TLS
+ "IETF Draft 5" mode requires phase1="peap_outer_success=0 peaplabel=1"
+ 'Cisco ACU 5.05' mode works without phase1 configuration
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-TLS
+
+Note: user certificate from NavisRadius had private key in a format
+that wpa_supplicant could not use. Converting this to PKCS#12 and then
+back to PEM allowed wpa_supplicant to use the key.
+
+
+hostapd v0.3.3
+- EAP-MD5-Challenge
+- EAP-GTC
+- EAP-MSCHAPv2
+- EAP-TLS
+- EAP-PEAPv0 / MSCHAPv2
+- EAP-PEAPv0 / GTC
+- EAP-PEAPv0 / MD5-Challenge
+- EAP-PEAPv1 / MSCHAPv2
+- EAP-PEAPv1 / GTC
+- EAP-PEAPv1 / MD5-Challenge
+- EAP-TTLS / CHAP
+- EAP-TTLS / MSCHAP
+- EAP-TTLS / MSCHAPv2
+- EAP-TTLS / PAP
+- EAP-TTLS / EAP-MD5-Challenge
+- EAP-TTLS / EAP-GTC
+- EAP-TTLS / EAP-MSCHAPv2
+- EAP-SIM
+- EAP-PAX
+
+Cisco Secure ACS 3.3(1) for Windows Server
+- PEAPv1/GTC worked, but PEAPv0/GTC failed in the end after password was
+ sent successfully; ACS is replying with empty PEAP packet (TLS ACK);
+ wpa_supplicant tries to decrypt this.. Replying with TLS ACK and and
+ marking the connection completed was enough to make this work.
+
+
+PEAPv1:
+
+Funk Odyssey 2.01.00.653:
+- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
+ keys with outer EAP-Success message after this
+- uses label "client EAP encryption"
+- (peap_outer_success 1 and 2 work)
+
+Funk Steel-Belted Radius Enterprise Edition v4.71.739
+- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
+ keys with outer EAP-Success message after this
+- uses label "client EAP encryption"
+- (peap_outer_success 1 and 2 work)
+
+Radiator 3.9:
+- uses TLV Success and Reply, sends MPPE keys with outer EAP-Success message
+ after this
+- uses label "client PEAP encryption"
+
+Lucent NavisRadius 4.4.0 (in "IETF Draft 5" mode):
+- sends tunneled EAP-Success with MPPE keys and expects the authentication to
+ terminate at this point (gets somewhat confused with reply to this)
+- uses label "client PEAP encryption"
+- phase1="peap_outer_success=0 peaplabel=1"
+
+Lucent NavisRadius 4.4.0 (in "Cisco ACU 5.05" mode):
+- sends tunneled EAP-Success with MPPE keys and expects to receive TLS ACK
+ as a reply
+- uses label "client EAP encryption"
+
+Meetinghouse Aegis 1.1.4
+- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
+ keys with outer EAP-Success message after this
+- uses label "client EAP encryption"
+- peap_outer_success 1 and 2 work
--- /dev/null
+/*
+ * EAP peer method: EAP-TLS (RFC 2716)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tls_common.h"
+#include "config_ssid.h"
+#include "tls.h"
+
+
+static void eap_tls_deinit(struct eap_sm *sm, void *priv);
+
+
+struct eap_tls_data {
+ struct eap_ssl_data ssl;
+ u8 *key_data;
+};
+
+
+static void * eap_tls_init(struct eap_sm *sm)
+{
+ struct eap_tls_data *data;
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config == NULL ||
+ ((sm->init_phase2 ? config->private_key2 : config->private_key)
+ == NULL && config->engine == 0)) {
+ wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
+ return NULL;
+ }
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+
+ if (eap_tls_ssl_init(sm, &data->ssl, config)) {
+ wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
+ eap_tls_deinit(sm, data);
+ if (config->engine) {
+ wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting Smartcard "
+ "PIN");
+ eap_sm_request_pin(sm);
+ sm->ignore = TRUE;
+ } else if (config->private_key && !config->private_key_passwd)
+ {
+ wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting private "
+ "key passphrase");
+ eap_sm_request_passphrase(sm);
+ sm->ignore = TRUE;
+ }
+ return NULL;
+ }
+
+ return data;
+}
+
+
+static void eap_tls_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_tls_data *data = priv;
+ if (data == NULL)
+ return;
+ eap_tls_ssl_deinit(sm, &data->ssl);
+ os_free(data->key_data);
+ os_free(data);
+}
+
+
+static u8 * eap_tls_failure(struct eap_sm *sm, struct eap_tls_data *data,
+ struct eap_method_ret *ret, int res, u8 *resp,
+ u8 id, size_t *respDataLen)
+{
+ wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
+
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+
+ if (res == -1) {
+ struct wpa_ssid *config = eap_get_config(sm);
+ if (config) {
+ /*
+ * The TLS handshake failed. So better forget the old
+ * PIN. It may be wrong, we cannot be sure but trying
+ * the wrong one again might block it on the card--so
+ * better ask the user again.
+ */
+ os_free(config->pin);
+ config->pin = NULL;
+ }
+ }
+
+ if (resp) {
+ /*
+ * This is likely an alert message, so send it instead of just
+ * ACKing the error.
+ */
+ return resp;
+ }
+
+ return eap_tls_build_ack(&data->ssl, respDataLen, id, EAP_TYPE_TLS, 0);
+}
+
+
+static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
+ struct eap_method_ret *ret)
+{
+ wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
+
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+
+ os_free(data->key_data);
+ data->key_data = eap_tls_derive_key(sm, &data->ssl,
+ "client EAP encryption",
+ EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
+ if (data->key_data) {
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
+ data->key_data, EAP_TLS_KEY_LEN);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived EMSK",
+ data->key_data + EAP_TLS_KEY_LEN,
+ EAP_EMSK_LEN);
+ } else {
+ wpa_printf(MSG_INFO, "EAP-TLS: Failed to derive key");
+ }
+}
+
+
+static u8 * eap_tls_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ size_t left;
+ int res;
+ u8 flags, *resp, id;
+ const u8 *pos;
+ struct eap_tls_data *data = priv;
+
+ pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret,
+ reqData, reqDataLen, &left, &flags);
+ if (pos == NULL)
+ return NULL;
+ req = (const struct eap_hdr *) reqData;
+ id = req->identifier;
+
+ if (flags & EAP_TLS_FLAGS_START) {
+ wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
+ left = 0; /* make sure that this frame is empty, even though it
+ * should always be, anyway */
+ }
+
+ resp = NULL;
+ res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos,
+ left, &resp, respDataLen);
+
+ if (res < 0) {
+ return eap_tls_failure(sm, data, ret, res, resp, id,
+ respDataLen);
+ }
+
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
+ eap_tls_success(sm, data, ret);
+
+ if (res == 1) {
+ return eap_tls_build_ack(&data->ssl, respDataLen, id,
+ EAP_TYPE_TLS, 0);
+ }
+
+ return resp;
+}
+
+
+static Boolean eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_tls_data *data = priv;
+ return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
+}
+
+
+static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+}
+
+
+static void * eap_tls_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_tls_data *data = priv;
+ os_free(data->key_data);
+ data->key_data = NULL;
+ if (eap_tls_reauth_init(sm, &data->ssl)) {
+ os_free(data);
+ return NULL;
+ }
+ return priv;
+}
+
+
+static int eap_tls_get_status(struct eap_sm *sm, void *priv, char *buf,
+ size_t buflen, int verbose)
+{
+ struct eap_tls_data *data = priv;
+ return eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
+}
+
+
+static Boolean eap_tls_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_tls_data *data = priv;
+ return data->key_data != NULL;
+}
+
+
+static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_tls_data *data = priv;
+ u8 *key;
+
+ if (data->key_data == NULL)
+ return NULL;
+
+ key = os_malloc(EAP_TLS_KEY_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_TLS_KEY_LEN;
+ os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
+
+ return key;
+}
+
+
+static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_tls_data *data = priv;
+ u8 *key;
+
+ if (data->key_data == NULL)
+ return NULL;
+
+ key = os_malloc(EAP_EMSK_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_EMSK_LEN;
+ os_memcpy(key, data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
+
+ return key;
+}
+
+
+int eap_peer_tls_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_tls_init;
+ eap->deinit = eap_tls_deinit;
+ eap->process = eap_tls_process;
+ eap->isKeyAvailable = eap_tls_isKeyAvailable;
+ eap->getKey = eap_tls_getKey;
+ eap->get_status = eap_tls_get_status;
+ eap->has_reauth_data = eap_tls_has_reauth_data;
+ eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
+ eap->init_for_reauth = eap_tls_init_for_reauth;
+ eap->get_emsk = eap_tls_get_emsk;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tls_common.h"
+#include "config_ssid.h"
+#include "md5.h"
+#include "sha1.h"
+#include "tls.h"
+#include "config.h"
+
+
+static int eap_tls_check_blob(struct eap_sm *sm, const char **name,
+ const u8 **data, size_t *data_len)
+{
+ const struct wpa_config_blob *blob;
+
+ if (*name == NULL || os_strncmp(*name, "blob://", 7) != 0)
+ return 0;
+
+ blob = eap_get_config_blob(sm, *name + 7);
+ if (blob == NULL) {
+ wpa_printf(MSG_ERROR, "%s: Named configuration blob '%s' not "
+ "found", __func__, *name + 7);
+ return -1;
+ }
+
+ *name = NULL;
+ *data = blob->data;
+ *data_len = blob->len;
+
+ return 0;
+}
+
+
+static void eap_tls_params_from_conf1(struct tls_connection_params *params,
+ struct wpa_ssid *config)
+{
+ params->ca_cert = (char *) config->ca_cert;
+ params->ca_path = (char *) config->ca_path;
+ params->client_cert = (char *) config->client_cert;
+ params->private_key = (char *) config->private_key;
+ params->private_key_passwd = (char *) config->private_key_passwd;
+ params->dh_file = (char *) config->dh_file;
+ params->subject_match = (char *) config->subject_match;
+ params->altsubject_match = (char *) config->altsubject_match;
+ params->engine_id = config->engine_id;
+ params->pin = config->pin;
+ params->key_id = config->key_id;
+}
+
+
+static void eap_tls_params_from_conf2(struct tls_connection_params *params,
+ struct wpa_ssid *config)
+{
+ params->ca_cert = (char *) config->ca_cert2;
+ params->ca_path = (char *) config->ca_path2;
+ params->client_cert = (char *) config->client_cert2;
+ params->private_key = (char *) config->private_key2;
+ params->private_key_passwd = (char *) config->private_key2_passwd;
+ params->dh_file = (char *) config->dh_file2;
+ params->subject_match = (char *) config->subject_match2;
+ params->altsubject_match = (char *) config->altsubject_match2;
+}
+
+
+static int eap_tls_params_from_conf(struct eap_sm *sm,
+ struct eap_ssl_data *data,
+ struct tls_connection_params *params,
+ struct wpa_ssid *config, int phase2)
+{
+ os_memset(params, 0, sizeof(*params));
+ params->engine = config->engine;
+ if (phase2)
+ eap_tls_params_from_conf2(params, config);
+ else
+ eap_tls_params_from_conf1(params, config);
+ params->tls_ia = data->tls_ia;
+
+
+ if (eap_tls_check_blob(sm, ¶ms->ca_cert, ¶ms->ca_cert_blob,
+ ¶ms->ca_cert_blob_len) ||
+ eap_tls_check_blob(sm, ¶ms->client_cert,
+ ¶ms->client_cert_blob,
+ ¶ms->client_cert_blob_len) ||
+ eap_tls_check_blob(sm, ¶ms->private_key,
+ ¶ms->private_key_blob,
+ ¶ms->private_key_blob_len) ||
+ eap_tls_check_blob(sm, ¶ms->dh_file, ¶ms->dh_blob,
+ ¶ms->dh_blob_len)) {
+ wpa_printf(MSG_INFO, "SSL: Failed to get configuration blobs");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int eap_tls_init_connection(struct eap_sm *sm,
+ struct eap_ssl_data *data,
+ struct wpa_ssid *config,
+ struct tls_connection_params *params)
+{
+ int res;
+
+ data->conn = tls_connection_init(sm->ssl_ctx);
+ if (data->conn == NULL) {
+ wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
+ "connection");
+ return -1;
+ }
+
+ res = tls_connection_set_params(sm->ssl_ctx, data->conn, params);
+ if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) {
+ /* At this point with the pkcs11 engine the PIN might be wrong.
+ * We reset the PIN in the configuration to be sure to not use
+ * it again and the calling function must request a new one */
+ os_free(config->pin);
+ config->pin = NULL;
+ } else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) {
+ wpa_printf(MSG_INFO, "TLS: Failed to load private key");
+ /* We don't know exactly but maybe the PIN was wrong,
+ * so ask for a new one. */
+ os_free(config->pin);
+ config->pin = NULL;
+ eap_sm_request_pin(sm);
+ sm->ignore = TRUE;
+ return -1;
+ } else if (res) {
+ wpa_printf(MSG_INFO, "TLS: Failed to set TLS connection "
+ "parameters");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * eap_tls_ssl_init - Initialize shared TLS functionality
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @config: Pointer to the network configuration
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to initialize shared TLS functionality for EAP-TLS,
+ * EAP-PEAP, EAP-TTLS, and EAP-FAST.
+ */
+int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
+ struct wpa_ssid *config)
+{
+ int ret = -1;
+ struct tls_connection_params params;
+
+ if (config == NULL)
+ return -1;
+
+ data->eap = sm;
+ data->phase2 = sm->init_phase2;
+ if (eap_tls_params_from_conf(sm, data, ¶ms, config, data->phase2) <
+ 0)
+ goto done;
+
+ if (eap_tls_init_connection(sm, data, config, ¶ms) < 0)
+ goto done;
+
+ data->tls_out_limit = config->fragment_size;
+ if (data->phase2) {
+ /* Limit the fragment size in the inner TLS authentication
+ * since the outer authentication with EAP-PEAP does not yet
+ * support fragmentation */
+ if (data->tls_out_limit > 100)
+ data->tls_out_limit -= 100;
+ }
+
+ if (config->phase1 &&
+ os_strstr(config->phase1, "include_tls_length=1")) {
+ wpa_printf(MSG_DEBUG, "TLS: Include TLS Message Length in "
+ "unfragmented packets");
+ data->include_tls_length = 1;
+ }
+
+ ret = 0;
+
+done:
+ return ret;
+}
+
+
+/**
+ * eap_tls_ssl_deinit - Deinitialize shared TLS functionality
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ *
+ * This function deinitializes shared TLS functionality that was initialized
+ * with eap_tls_ssl_init().
+ */
+void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
+{
+ tls_connection_deinit(sm->ssl_ctx, data->conn);
+ os_free(data->tls_in);
+ os_free(data->tls_out);
+}
+
+
+/**
+ * eap_tls_derive_key - Derive a key based on TLS session data
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @label: Label string for deriving the keys, e.g., "client EAP encryption"
+ * @len: Length of the key material to generate (usually 64 for MSK)
+ * Returns: Pointer to allocated key on success or %NULL on failure
+ *
+ * This function uses TLS-PRF to generate pseudo-random data based on the TLS
+ * session data (client/server random and master key). Each key type may use a
+ * different label to bind the key usage into the generated material.
+ *
+ * The caller is responsible for freeing the returned buffer.
+ */
+u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
+ const char *label, size_t len)
+{
+ struct tls_keys keys;
+ u8 *rnd = NULL, *out;
+
+ out = os_malloc(len);
+ if (out == NULL)
+ return NULL;
+
+ /* First, try to use TLS library function for PRF, if available. */
+ if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
+ 0)
+ return out;
+
+ /*
+ * TLS library did not support key generation, so get the needed TLS
+ * session parameters and use an internal implementation of TLS PRF to
+ * derive the key.
+ */
+ if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
+ goto fail;
+
+ if (keys.client_random == NULL || keys.server_random == NULL ||
+ keys.master_key == NULL)
+ goto fail;
+
+ rnd = os_malloc(keys.client_random_len + keys.server_random_len);
+ if (rnd == NULL)
+ goto fail;
+ os_memcpy(rnd, keys.client_random, keys.client_random_len);
+ os_memcpy(rnd + keys.client_random_len, keys.server_random,
+ keys.server_random_len);
+
+ if (tls_prf(keys.master_key, keys.master_key_len,
+ label, rnd, keys.client_random_len +
+ keys.server_random_len, out, len))
+ goto fail;
+
+ os_free(rnd);
+ return out;
+
+fail:
+ os_free(out);
+ os_free(rnd);
+ return NULL;
+}
+
+
+/**
+ * eap_tls_data_reassemble - Reassemble TLS data
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @in_data: Next incoming TLS segment
+ * @in_len: Length of in_data
+ * @out_len: Variable for returning output data length
+ * @need_more_input: Variable for returning whether more input data is needed
+ * to reassemble this TLS packet
+ * Returns: Pointer to output data, %NULL on error or when more data is needed
+ * for the full message (in which case, *need_more_input is also set to 1).
+ *
+ * This function reassembles TLS fragments. Caller must not free the returned
+ * data buffer since an internal pointer to it is maintained.
+ */
+const u8 * eap_tls_data_reassemble(
+ struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data,
+ size_t in_len, size_t *out_len, int *need_more_input)
+{
+ u8 *buf;
+
+ *need_more_input = 0;
+
+ if (data->tls_in_left > in_len || data->tls_in) {
+ if (data->tls_in_len + in_len == 0) {
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = 0;
+ wpa_printf(MSG_WARNING, "SSL: Invalid reassembly "
+ "state: tls_in_left=%lu tls_in_len=%lu "
+ "in_len=%lu",
+ (unsigned long) data->tls_in_left,
+ (unsigned long) data->tls_in_len,
+ (unsigned long) in_len);
+ return NULL;
+ }
+ if (data->tls_in_len + in_len > 65536) {
+ /* Limit length to avoid rogue servers from causing
+ * large memory allocations. */
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = 0;
+ wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
+ " over 64 kB)");
+ return NULL;
+ }
+ buf = os_realloc(data->tls_in, data->tls_in_len + in_len);
+ if (buf == NULL) {
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = 0;
+ wpa_printf(MSG_INFO, "SSL: Could not allocate memory "
+ "for TLS data");
+ return NULL;
+ }
+ os_memcpy(buf + data->tls_in_len, in_data, in_len);
+ data->tls_in = buf;
+ data->tls_in_len += in_len;
+ if (in_len > data->tls_in_left) {
+ wpa_printf(MSG_INFO, "SSL: more data than TLS message "
+ "length indicated");
+ data->tls_in_left = 0;
+ return NULL;
+ }
+ data->tls_in_left -= in_len;
+ if (data->tls_in_left > 0) {
+ wpa_printf(MSG_DEBUG, "SSL: Need %lu bytes more input "
+ "data", (unsigned long) data->tls_in_left);
+ *need_more_input = 1;
+ return NULL;
+ }
+ } else {
+ data->tls_in_left = 0;
+ data->tls_in = os_malloc(in_len ? in_len : 1);
+ if (data->tls_in == NULL)
+ return NULL;
+ os_memcpy(data->tls_in, in_data, in_len);
+ data->tls_in_len = in_len;
+ }
+
+ *out_len = data->tls_in_len;
+ return data->tls_in;
+}
+
+
+static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
+ const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len)
+{
+ const u8 *msg;
+ size_t msg_len;
+ int need_more_input;
+ u8 *appl_data;
+ size_t appl_data_len;
+
+ msg = eap_tls_data_reassemble(sm, data, in_data, in_len,
+ &msg_len, &need_more_input);
+ if (msg == NULL)
+ return need_more_input ? 1 : -1;
+
+ /* Full TLS message reassembled - continue handshake processing */
+ if (data->tls_out) {
+ /* This should not happen.. */
+ wpa_printf(MSG_INFO, "SSL: eap_tls_process_helper - pending "
+ "tls_out data even though tls_out_len = 0");
+ os_free(data->tls_out);
+ WPA_ASSERT(data->tls_out == NULL);
+ }
+ appl_data = NULL;
+ data->tls_out = tls_connection_handshake(sm->ssl_ctx, data->conn,
+ msg, msg_len,
+ &data->tls_out_len,
+ &appl_data, &appl_data_len);
+
+ /* Clear reassembled input data (if the buffer was needed). */
+ data->tls_in_left = data->tls_in_total = data->tls_in_len = 0;
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+
+ if (appl_data &&
+ tls_connection_established(sm->ssl_ctx, data->conn) &&
+ !tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+ wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application data",
+ appl_data, appl_data_len);
+ *out_data = appl_data;
+ *out_len = appl_data_len;
+ return 2;
+ }
+
+ os_free(appl_data);
+
+ return 0;
+}
+
+
+static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
+ int peap_version, u8 id, int ret,
+ u8 **out_data, size_t *out_len)
+{
+ size_t len;
+ u8 *pos, *flags;
+ int more_fragments, length_included;
+
+ wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total "
+ "%lu bytes)",
+ (unsigned long) data->tls_out_len - data->tls_out_pos,
+ (unsigned long) data->tls_out_len);
+
+ len = data->tls_out_len - data->tls_out_pos;
+ if (len > data->tls_out_limit) {
+ more_fragments = 1;
+ len = data->tls_out_limit;
+ wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments "
+ "will follow", (unsigned long) len);
+ } else
+ more_fragments = 0;
+
+ length_included = data->tls_out_pos == 0 &&
+ (data->tls_out_len > data->tls_out_limit ||
+ data->include_tls_length);
+
+ *out_data = (u8 *)
+ eap_msg_alloc(EAP_VENDOR_IETF, eap_type, out_len,
+ 1 + length_included * 4 + len, EAP_CODE_RESPONSE,
+ id, &pos);
+ if (*out_data == NULL)
+ return -1;
+
+ flags = pos++;
+ *flags = peap_version;
+ if (more_fragments)
+ *flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
+ if (length_included) {
+ *flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
+ WPA_PUT_BE32(pos, data->tls_out_len);
+ pos += 4;
+ }
+
+ os_memcpy(pos, &data->tls_out[data->tls_out_pos], len);
+ data->tls_out_pos += len;
+
+ if (!more_fragments) {
+ data->tls_out_len = 0;
+ data->tls_out_pos = 0;
+ os_free(data->tls_out);
+ data->tls_out = NULL;
+ }
+
+ return ret;
+}
+
+
+/**
+ * eap_tls_process_helper - Process TLS handshake message
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)
+ * @peap_version: Version number for EAP-PEAP/TTLS
+ * @id: EAP identifier for the response
+ * @in_data: Message received from the server
+ * @in_len: Length of in_data
+ * @out_data: Buffer for returning a pointer to the response message
+ * @out_len: Buffer for returning the length of the response message
+ * Returns: 0 on success, 1 if more input data is needed, or -1 on failure
+ *
+ * This function can be used to process TLS handshake messages. It reassembles
+ * the received fragments and uses a TLS library to process the messages. The
+ * response data from the TLS library is fragmented to suitable output messages
+ * that the caller can send out.
+ *
+ * out_data is used to return the response message if the return value of this
+ * function is 0 or -1. In case of failure, the message is likely a TLS alarm
+ * message. The caller is responsible for freeing the allocated buffer if
+ * *out_data is not %NULL.
+ */
+int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
+ EapType eap_type, int peap_version,
+ u8 id, const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len)
+{
+ int ret = 0;
+
+ WPA_ASSERT(data->tls_out_len == 0 || in_len == 0);
+ *out_len = 0;
+ *out_data = NULL;
+
+ if (data->tls_out_len == 0) {
+ /* No more data to send out - expect to receive more data from
+ * the AS. */
+ int res = eap_tls_process_input(sm, data, in_data, in_len,
+ out_data, out_len);
+ if (res)
+ return res;
+ }
+
+ if (data->tls_out == NULL) {
+ data->tls_out_len = 0;
+ return -1;
+ }
+
+ if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
+ wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
+ "report error");
+ ret = -1;
+ /* TODO: clean pin if engine used? */
+ }
+
+ if (data->tls_out_len == 0) {
+ /* TLS negotiation should now be complete since all other cases
+ * needing more data should have been caught above based on
+ * the TLS Message Length field. */
+ wpa_printf(MSG_DEBUG, "SSL: No data to be sent out");
+ os_free(data->tls_out);
+ data->tls_out = NULL;
+ return 1;
+ }
+
+ return eap_tls_process_output(data, eap_type, peap_version, id, ret,
+ out_data, out_len);
+}
+
+
+/**
+ * eap_tls_build_ack - Build a TLS ACK frames
+ * @data: Data for TLS processing
+ * @respDataLen: Buffer for returning the length of the response message
+ * @id: EAP identifier for the response
+ * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)
+ * @peap_version: Version number for EAP-PEAP/TTLS
+ * Returns: Pointer to allocated ACK frames or %NULL on failure
+ */
+u8 * eap_tls_build_ack(struct eap_ssl_data *data, size_t *respDataLen, u8 id,
+ EapType eap_type, int peap_version)
+{
+ struct eap_hdr *resp;
+ u8 *pos;
+
+ resp = eap_msg_alloc(EAP_VENDOR_IETF, eap_type, respDataLen,
+ 1, EAP_CODE_RESPONSE, id, &pos);
+ if (resp == NULL)
+ return NULL;
+ wpa_printf(MSG_DEBUG, "SSL: Building ACK");
+ *pos = peap_version; /* Flags */
+ return (u8 *) resp;
+}
+
+
+/**
+ * eap_tls_reauth_init - Re-initialize shared TLS for session resumption
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data)
+{
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = data->tls_in_left = data->tls_in_total = 0;
+ os_free(data->tls_out);
+ data->tls_out = NULL;
+ data->tls_out_len = data->tls_out_pos = 0;
+
+ return tls_connection_shutdown(sm->ssl_ctx, data->conn);
+}
+
+
+/**
+ * eap_tls_status - Get TLS status
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf.
+ */
+int eap_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, char *buf,
+ size_t buflen, int verbose)
+{
+ char name[128];
+ int len = 0, ret;
+
+ if (tls_get_cipher(sm->ssl_ctx, data->conn, name, sizeof(name)) == 0) {
+ ret = os_snprintf(buf + len, buflen - len,
+ "EAP TLS cipher=%s\n", name);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ }
+
+ return len;
+}
+
+
+/**
+ * eap_tls_process_init - Initial validation and processing of EAP requests
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @data: Data for TLS processing
+ * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)
+ * @ret: Return values from EAP request validation and processing
+ * @reqData: EAP request to be processed (eapReqData)
+ * @reqDataLen: Length of the EAP request
+ * @len: Buffer for returning length of the remaining payload
+ * @flags: Buffer for returning TLS flags
+ * Returns: Buffer to payload after TLS flags and length or %NULL on failure
+ */
+const u8 * eap_tls_process_init(struct eap_sm *sm, struct eap_ssl_data *data,
+ EapType eap_type, struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *len, u8 *flags)
+{
+ const u8 *pos;
+ size_t left;
+ unsigned int tls_msg_len;
+
+ if (tls_get_errors(sm->ssl_ctx)) {
+ wpa_printf(MSG_INFO, "SSL: TLS errors detected");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData, reqDataLen,
+ &left);
+ if (pos == NULL) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ *flags = *pos++;
+ left--;
+ wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - "
+ "Flags 0x%02x", (unsigned long) reqDataLen, *flags);
+ if (*flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) {
+ if (left < 4) {
+ wpa_printf(MSG_INFO, "SSL: Short frame with TLS "
+ "length");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+ tls_msg_len = WPA_GET_BE32(pos);
+ wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d",
+ tls_msg_len);
+ if (data->tls_in_left == 0) {
+ data->tls_in_total = tls_msg_len;
+ data->tls_in_left = tls_msg_len;
+ os_free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = 0;
+ }
+ pos += 4;
+ left -= 4;
+ }
+
+ ret->ignore = FALSE;
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = TRUE;
+
+ *len = (size_t) left;
+ return pos;
+}
--- /dev/null
+/*
+ * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_TLS_COMMON_H
+#define EAP_TLS_COMMON_H
+
+struct eap_ssl_data {
+ struct tls_connection *conn;
+
+ u8 *tls_out;
+ size_t tls_out_len;
+ size_t tls_out_pos;
+ size_t tls_out_limit;
+ u8 *tls_in;
+ size_t tls_in_len;
+ size_t tls_in_left;
+ size_t tls_in_total;
+
+ int phase2;
+ int include_tls_length; /* include TLS length field even if the TLS
+ * data is not fragmented */
+ int tls_ia; /* Enable TLS/IA */
+
+ struct eap_sm *eap;
+};
+
+
+/* EAP TLS Flags */
+#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
+#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
+#define EAP_TLS_FLAGS_START 0x20
+#define EAP_PEAP_VERSION_MASK 0x07
+
+ /* could be up to 128 bytes, but only the first 64 bytes are used */
+#define EAP_TLS_KEY_LEN 64
+
+
+int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
+ struct wpa_ssid *config);
+void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
+u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
+ const char *label, size_t len);
+const u8 * eap_tls_data_reassemble(
+ struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data,
+ size_t in_len, size_t *out_len, int *need_more_input);
+int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
+ EapType eap_type, int peap_version,
+ u8 id, const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len);
+u8 * eap_tls_build_ack(struct eap_ssl_data *data, size_t *respDataLen, u8 id,
+ EapType eap_type, int peap_version);
+int eap_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
+int eap_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, char *buf,
+ size_t buflen, int verbose);
+const u8 * eap_tls_process_init(struct eap_sm *sm, struct eap_ssl_data *data,
+ EapType eap_type, struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *len, u8 *flags);
+
+#endif /* EAP_TLS_COMMON_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tlv.h"
+
+
+/**
+ * eap_tlv_build_nak - Build EAP-TLV NAK message
+ * @id: EAP identifier for the header
+ * @nak_type: TLV type (EAP_TLV_*)
+ * @resp_len: Buffer for returning the response length
+ * Returns: Buffer to the allocated EAP-TLV NAK message or %NULL on failure
+ *
+ * This funtion builds an EAP-TLV NAK message. The caller is responsible for
+ * freeing the returned buffer.
+ */
+u8 * eap_tlv_build_nak(int id, u16 nak_type, size_t *resp_len)
+{
+ struct eap_hdr *hdr;
+ u8 *pos;
+
+ hdr = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, resp_len,
+ 10, EAP_CODE_RESPONSE, id, &pos);
+ if (hdr == NULL)
+ return NULL;
+
+ *pos++ = 0x80; /* Mandatory */
+ *pos++ = EAP_TLV_NAK_TLV;
+ /* Length */
+ *pos++ = 0;
+ *pos++ = 6;
+ /* Vendor-Id */
+ *pos++ = 0;
+ *pos++ = 0;
+ *pos++ = 0;
+ *pos++ = 0;
+ /* NAK-Type */
+ WPA_PUT_BE16(pos, nak_type);
+
+ return (u8 *) hdr;
+}
+
+
+/**
+ * eap_tlv_build_result - Build EAP-TLV Result message
+ * @id: EAP identifier for the header
+ * @status: Status (EAP_TLV_RESULT_SUCCESS or EAP_TLV_RESULT_FAILURE)
+ * @resp_len: Buffer for returning the response length
+ * Returns: Buffer to the allocated EAP-TLV Result message or %NULL on failure
+ *
+ * This funtion builds an EAP-TLV Result message. The caller is responsible for
+ * freeing the returned buffer.
+ */
+u8 * eap_tlv_build_result(int id, u16 status, size_t *resp_len)
+{
+ struct eap_hdr *hdr;
+ u8 *pos;
+
+ hdr = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, resp_len,
+ 6, EAP_CODE_RESPONSE, id, &pos);
+ if (hdr == NULL)
+ return NULL;
+
+ *pos++ = 0x80; /* Mandatory */
+ *pos++ = EAP_TLV_RESULT_TLV;
+ /* Length */
+ *pos++ = 0;
+ *pos++ = 2;
+ /* Status */
+ WPA_PUT_BE16(pos, status);
+
+ return (u8 *) hdr;
+}
+
+
+/**
+ * eap_tlv_process - Process a received EAP-TLV message and generate a response
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @ret: Return values from EAP request validation and processing
+ * @hdr: EAP-TLV request to be processed. The caller must have validated that
+ * the buffer is large enough to contain full request (hdr->length bytes) and
+ * that the EAP type is EAP_TYPE_TLV.
+ * @resp: Buffer to return a pointer to the allocated response message. This
+ * field should be initialized to %NULL before the call. The value will be
+ * updated if a response message is generated. The caller is responsible for
+ * freeing the allocated message.
+ * @resp_len: Buffer for returning the response length
+ * Returns: 0 on success, -1 on failure
+ */
+int eap_tlv_process(struct eap_sm *sm, struct eap_method_ret *ret,
+ const struct eap_hdr *hdr, u8 **resp, size_t *resp_len,
+ int force_failure)
+{
+ size_t left, tlv_len;
+ const u8 *pos;
+ const u8 *result_tlv = NULL;
+ size_t result_tlv_len = 0;
+ int tlv_type, mandatory;
+
+ /* Parse TLVs */
+ left = be_to_host16(hdr->length) - sizeof(struct eap_hdr) - 1;
+ pos = (const u8 *) (hdr + 1);
+ pos++;
+ wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left);
+ while (left >= 4) {
+ mandatory = !!(pos[0] & 0x80);
+ tlv_type = WPA_GET_BE16(pos) & 0x3fff;
+ pos += 2;
+ tlv_len = WPA_GET_BE16(pos);
+ pos += 2;
+ left -= 4;
+ if (tlv_len > left) {
+ wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun "
+ "(tlv_len=%lu left=%lu)",
+ (unsigned long) tlv_len,
+ (unsigned long) left);
+ return -1;
+ }
+ switch (tlv_type) {
+ case EAP_TLV_RESULT_TLV:
+ result_tlv = pos;
+ result_tlv_len = tlv_len;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type "
+ "%d%s", tlv_type,
+ mandatory ? " (mandatory)" : "");
+ if (mandatory) {
+ /* NAK TLV and ignore all TLVs in this packet.
+ */
+ *resp = eap_tlv_build_nak(hdr->identifier,
+ tlv_type, resp_len);
+ return *resp == NULL ? -1 : 0;
+ }
+ /* Ignore this TLV, but process other TLVs */
+ break;
+ }
+
+ pos += tlv_len;
+ left -= tlv_len;
+ }
+ if (left) {
+ wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in "
+ "Request (left=%lu)", (unsigned long) left);
+ return -1;
+ }
+
+ /* Process supported TLVs */
+ if (result_tlv) {
+ int status, resp_status;
+ wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV",
+ result_tlv, result_tlv_len);
+ if (result_tlv_len < 2) {
+ wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV "
+ "(len=%lu)",
+ (unsigned long) result_tlv_len);
+ return -1;
+ }
+ status = WPA_GET_BE16(result_tlv);
+ if (status == EAP_TLV_RESULT_SUCCESS) {
+ wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
+ "- EAP-TLV/Phase2 Completed");
+ if (force_failure) {
+ wpa_printf(MSG_INFO, "EAP-TLV: Earlier failure"
+ " - force failed Phase 2");
+ resp_status = EAP_TLV_RESULT_FAILURE;
+ ret->decision = DECISION_FAIL;
+ } else {
+ resp_status = EAP_TLV_RESULT_SUCCESS;
+ ret->decision = DECISION_UNCOND_SUCC;
+ }
+ } else if (status == EAP_TLV_RESULT_FAILURE) {
+ wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure");
+ resp_status = EAP_TLV_RESULT_FAILURE;
+ ret->decision = DECISION_FAIL;
+ } else {
+ wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result "
+ "Status %d", status);
+ resp_status = EAP_TLV_RESULT_FAILURE;
+ ret->decision = DECISION_FAIL;
+ }
+ ret->methodState = METHOD_DONE;
+
+ *resp = eap_tlv_build_result(hdr->identifier, resp_status,
+ resp_len);
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * EAP peer method: EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_TLV_H
+#define EAP_TLV_H
+
+/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-07.txt) */
+#define EAP_TLV_RESULT_TLV 3 /* Acknowledged Result */
+#define EAP_TLV_NAK_TLV 4
+#define EAP_TLV_CRYPTO_BINDING_TLV 5
+#define EAP_TLV_CONNECTION_BINDING_TLV 6
+#define EAP_TLV_VENDOR_SPECIFIC_TLV 7
+#define EAP_TLV_URI_TLV 8
+#define EAP_TLV_EAP_PAYLOAD_TLV 9
+#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10
+#define EAP_TLV_PAC_TLV 11 /* draft-cam-winget-eap-fast-01.txt */
+#define EAP_TLV_CRYPTO_BINDING_TLV_ 12 /* draft-cam-winget-eap-fast-01.txt */
+
+#define EAP_TLV_RESULT_SUCCESS 1
+#define EAP_TLV_RESULT_FAILURE 2
+
+#define EAP_TLV_TYPE_MANDATORY 0x8000
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_tlv_hdr {
+ u16 tlv_type;
+ u16 length;
+} STRUCT_PACKED;
+
+struct eap_tlv_nak_tlv {
+ u16 tlv_type;
+ u16 length;
+ u32 vendor_id;
+ u16 nak_type;
+} STRUCT_PACKED;
+
+struct eap_tlv_result_tlv {
+ u16 tlv_type;
+ u16 length;
+ u16 status;
+} STRUCT_PACKED;
+
+struct eap_tlv_intermediate_result_tlv {
+ u16 tlv_type;
+ u16 length;
+ u16 status;
+} STRUCT_PACKED;
+
+struct eap_tlv_crypto_binding__tlv {
+ u16 tlv_type;
+ u16 length;
+ u8 reserved;
+ u8 version;
+ u8 received_version;
+ u8 subtype;
+ u8 nonce[32];
+ u8 compound_mac[20];
+} STRUCT_PACKED;
+
+struct eap_tlv_pac_ack_tlv {
+ u16 tlv_type;
+ u16 length;
+ u16 pac_type;
+ u16 pac_len;
+ u16 result;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST 0
+#define EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE 1
+
+
+u8 * eap_tlv_build_nak(int id, u16 nak_type, size_t *resp_len);
+u8 * eap_tlv_build_result(int id, u16 status, size_t *resp_len);
+int eap_tlv_process(struct eap_sm *sm, struct eap_method_ret *ret,
+ const struct eap_hdr *hdr, u8 **resp, size_t *resp_len,
+ int force_failure);
+
+#endif /* EAP_TLV_H */
--- /dev/null
+/*
+ * EAP peer method: EAP-TTLS (draft-ietf-pppext-eap-ttls-03.txt)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eap_tls_common.h"
+#include "config_ssid.h"
+#include "ms_funcs.h"
+#include "sha1.h"
+#include "crypto.h"
+#include "tls.h"
+#include "eap_ttls.h"
+
+
+/* Maximum supported PEAP version
+ * 0 = draft-ietf-pppext-eap-ttls-03.txt / draft-funk-eap-ttls-v0-00.txt
+ * 1 = draft-funk-eap-ttls-v1-00.txt
+ */
+#define EAP_TTLS_VERSION 0 /* TTLSv1 implementation is not yet complete */
+
+
+#define MSCHAPV2_KEY_LEN 16
+
+
+static void eap_ttls_deinit(struct eap_sm *sm, void *priv);
+
+
+struct eap_ttls_data {
+ struct eap_ssl_data ssl;
+ int ssl_initialized;
+
+ int ttls_version, force_ttls_version;
+
+ const struct eap_method *phase2_method;
+ void *phase2_priv;
+ int phase2_success;
+ int phase2_start;
+
+ enum {
+ EAP_TTLS_PHASE2_EAP,
+ EAP_TTLS_PHASE2_MSCHAPV2,
+ EAP_TTLS_PHASE2_MSCHAP,
+ EAP_TTLS_PHASE2_PAP,
+ EAP_TTLS_PHASE2_CHAP
+ } phase2_type;
+ struct eap_method_type phase2_eap_type;
+ struct eap_method_type *phase2_eap_types;
+ size_t num_phase2_eap_types;
+
+ u8 auth_response[20];
+ int auth_response_valid;
+ u8 ident;
+ int resuming; /* starting a resumed session */
+ int reauth; /* reauthentication */
+ u8 *key_data;
+
+ u8 *pending_phase2_req;
+ size_t pending_phase2_req_len;
+};
+
+
+static void * eap_ttls_init(struct eap_sm *sm)
+{
+ struct eap_ttls_data *data;
+ struct wpa_ssid *config = eap_get_config(sm);
+ char *selected;
+
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->ttls_version = EAP_TTLS_VERSION;
+ data->force_ttls_version = -1;
+ selected = "EAP";
+ data->phase2_type = EAP_TTLS_PHASE2_EAP;
+
+ if (config && config->phase1) {
+ char *pos = os_strstr(config->phase1, "ttlsver=");
+ if (pos) {
+ data->force_ttls_version = atoi(pos + 8);
+ data->ttls_version = data->force_ttls_version;
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Forced TTLS version "
+ "%d", data->force_ttls_version);
+ }
+ }
+
+ if (config && config->phase2) {
+ if (os_strstr(config->phase2, "autheap=")) {
+ selected = "EAP";
+ data->phase2_type = EAP_TTLS_PHASE2_EAP;
+ } else if (os_strstr(config->phase2, "auth=MSCHAPV2")) {
+ selected = "MSCHAPV2";
+ data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
+ } else if (os_strstr(config->phase2, "auth=MSCHAP")) {
+ selected = "MSCHAP";
+ data->phase2_type = EAP_TTLS_PHASE2_MSCHAP;
+ } else if (os_strstr(config->phase2, "auth=PAP")) {
+ selected = "PAP";
+ data->phase2_type = EAP_TTLS_PHASE2_PAP;
+ } else if (os_strstr(config->phase2, "auth=CHAP")) {
+ selected = "CHAP";
+ data->phase2_type = EAP_TTLS_PHASE2_CHAP;
+ }
+ }
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected);
+
+ if (data->phase2_type == EAP_TTLS_PHASE2_EAP) {
+ if (config && config->phase2) {
+ char *start, *pos, *buf;
+ struct eap_method_type *methods = NULL, *_methods;
+ u8 method;
+ size_t num_methods = 0;
+ start = buf = os_strdup(config->phase2);
+ if (buf == NULL) {
+ eap_ttls_deinit(sm, data);
+ return NULL;
+ }
+ while (start && *start != '\0') {
+ int vendor;
+ pos = os_strstr(start, "autheap=");
+ if (pos == NULL)
+ break;
+ if (start != pos && *(pos - 1) != ' ') {
+ start = pos + 8;
+ continue;
+ }
+
+ start = pos + 8;
+ pos = os_strchr(start, ' ');
+ if (pos)
+ *pos++ = '\0';
+ method = eap_get_phase2_type(start, &vendor);
+ if (vendor == EAP_VENDOR_IETF &&
+ method == EAP_TYPE_NONE) {
+ wpa_printf(MSG_ERROR, "EAP-TTLS: "
+ "Unsupported Phase2 EAP "
+ "method '%s'", start);
+ } else {
+ num_methods++;
+ _methods = os_realloc(
+ methods, num_methods *
+ sizeof(*methods));
+ if (_methods == NULL) {
+ os_free(methods);
+ os_free(buf);
+ eap_ttls_deinit(sm, data);
+ return NULL;
+ }
+ methods = _methods;
+ methods[num_methods - 1].vendor =
+ vendor;
+ methods[num_methods - 1].method =
+ method;
+ }
+
+ start = pos;
+ }
+ os_free(buf);
+ data->phase2_eap_types = methods;
+ data->num_phase2_eap_types = num_methods;
+ }
+ if (data->phase2_eap_types == NULL) {
+ data->phase2_eap_types = eap_get_phase2_types(
+ config, &data->num_phase2_eap_types);
+ }
+ if (data->phase2_eap_types == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-TTLS: No Phase2 EAP method "
+ "available");
+ eap_ttls_deinit(sm, data);
+ return NULL;
+ }
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase2 EAP types",
+ (u8 *) data->phase2_eap_types,
+ data->num_phase2_eap_types *
+ sizeof(struct eap_method_type));
+ data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
+ data->phase2_eap_type.method = EAP_TYPE_NONE;
+ }
+
+ if (!(tls_capabilities(sm->ssl_ctx) & TLS_CAPABILITY_IA) &&
+ data->ttls_version > 0) {
+ if (data->force_ttls_version > 0) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Forced TTLSv%d and "
+ "TLS library does not support TLS/IA.",
+ data->force_ttls_version);
+ eap_ttls_deinit(sm, data);
+ return NULL;
+ }
+ data->ttls_version = 0;
+ }
+
+ return data;
+}
+
+
+static void eap_ttls_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_ttls_data *data = priv;
+ if (data == NULL)
+ return;
+ if (data->phase2_priv && data->phase2_method)
+ data->phase2_method->deinit(sm, data->phase2_priv);
+ os_free(data->phase2_eap_types);
+ if (data->ssl_initialized)
+ eap_tls_ssl_deinit(sm, &data->ssl);
+ os_free(data->key_data);
+ os_free(data->pending_phase2_req);
+ os_free(data);
+}
+
+
+static int eap_ttls_encrypt(struct eap_sm *sm, struct eap_ttls_data *data,
+ int id, const u8 *plain, size_t plain_len,
+ u8 **out_data, size_t *out_len)
+{
+ int res;
+ u8 *pos;
+ struct eap_hdr *resp;
+
+ /* TODO: add support for fragmentation, if needed. This will need to
+ * add TLS Message Length field, if the frame is fragmented. */
+ resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
+ if (resp == NULL)
+ return -1;
+
+ resp->code = EAP_CODE_RESPONSE;
+ resp->identifier = id;
+
+ pos = (u8 *) (resp + 1);
+ *pos++ = EAP_TYPE_TTLS;
+ *pos++ = data->ttls_version;
+
+ res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
+ plain, plain_len,
+ pos, data->ssl.tls_out_limit);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt Phase 2 "
+ "data");
+ os_free(resp);
+ return -1;
+ }
+
+ *out_len = sizeof(struct eap_hdr) + 2 + res;
+ resp->length = host_to_be16(*out_len);
+ *out_data = (u8 *) resp;
+ return 0;
+}
+
+
+static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
+ int mandatory, size_t len)
+{
+ struct ttls_avp_vendor *avp;
+ u8 flags;
+ size_t hdrlen;
+
+ avp = (struct ttls_avp_vendor *) avphdr;
+ flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
+ if (vendor_id) {
+ flags |= AVP_FLAGS_VENDOR;
+ hdrlen = sizeof(*avp);
+ avp->vendor_id = host_to_be32(vendor_id);
+ } else {
+ hdrlen = sizeof(struct ttls_avp);
+ }
+
+ avp->avp_code = host_to_be32(avp_code);
+ avp->avp_length = host_to_be32((flags << 24) | (hdrlen + len));
+
+ return avphdr + hdrlen;
+}
+
+
+static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code,
+ u32 vendor_id, int mandatory,
+ u8 *data, size_t len)
+{
+ u8 *pos;
+ pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len);
+ os_memcpy(pos, data, len);
+ pos += len;
+ AVP_PAD(start, pos);
+ return pos;
+}
+
+
+static int eap_ttls_avp_encapsulate(u8 **resp, size_t *resp_len, u32 avp_code,
+ int mandatory)
+{
+ u8 *avp, *pos;
+
+ avp = os_malloc(sizeof(struct ttls_avp) + *resp_len + 4);
+ if (avp == NULL) {
+ os_free(*resp);
+ *resp = NULL;
+ *resp_len = 0;
+ return -1;
+ }
+
+ pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, *resp_len);
+ os_memcpy(pos, *resp, *resp_len);
+ pos += *resp_len;
+ AVP_PAD(avp, pos);
+ os_free(*resp);
+ *resp = avp;
+ *resp_len = pos - avp;
+ return 0;
+}
+
+
+static int eap_ttls_ia_permute_inner_secret(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ const u8 *key, size_t key_len)
+{
+ u8 *buf;
+ size_t buf_len;
+ int ret;
+
+ if (key) {
+ buf_len = 2 + key_len;
+ buf = os_malloc(buf_len);
+ if (buf == NULL)
+ return -1;
+ WPA_PUT_BE16(buf, key_len);
+ os_memcpy(buf + 2, key, key_len);
+ } else {
+ buf = NULL;
+ buf_len = 0;
+ }
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Session keys for TLS/IA inner "
+ "secret permutation", buf, buf_len);
+ ret = tls_connection_ia_permute_inner_secret(sm->ssl_ctx,
+ data->ssl.conn,
+ buf, buf_len);
+ os_free(buf);
+
+ return ret;
+}
+
+
+static int eap_ttls_v0_derive_key(struct eap_sm *sm,
+ struct eap_ttls_data *data)
+{
+ os_free(data->key_data);
+ data->key_data = eap_tls_derive_key(sm, &data->ssl,
+ "ttls keying material",
+ EAP_TLS_KEY_LEN);
+ if (!data->key_data) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key");
+ return -1;
+ }
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
+ data->key_data, EAP_TLS_KEY_LEN);
+
+ return 0;
+}
+
+
+static int eap_ttls_v1_derive_key(struct eap_sm *sm,
+ struct eap_ttls_data *data)
+{
+ struct tls_keys keys;
+ u8 *rnd;
+
+ os_free(data->key_data);
+ data->key_data = NULL;
+
+ os_memset(&keys, 0, sizeof(keys));
+ if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
+ keys.client_random == NULL || keys.server_random == NULL ||
+ keys.inner_secret == NULL) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, "
+ "client random, or server random to derive keying "
+ "material");
+ return -1;
+ }
+
+ rnd = os_malloc(keys.client_random_len + keys.server_random_len);
+ data->key_data = os_malloc(EAP_TLS_KEY_LEN);
+ if (rnd == NULL || data->key_data == NULL) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: No memory for key derivation");
+ os_free(rnd);
+ os_free(data->key_data);
+ data->key_data = NULL;
+ return -1;
+ }
+ os_memcpy(rnd, keys.client_random, keys.client_random_len);
+ os_memcpy(rnd + keys.client_random_len, keys.server_random,
+ keys.server_random_len);
+
+ if (tls_prf(keys.inner_secret, keys.inner_secret_len,
+ "ttls v1 keying material", rnd, keys.client_random_len +
+ keys.server_random_len, data->key_data, EAP_TLS_KEY_LEN)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
+ os_free(rnd);
+ os_free(data->key_data);
+ data->key_data = NULL;
+ return -1;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: client/server random",
+ rnd, keys.client_random_len + keys.server_random_len);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: TLS/IA inner secret",
+ keys.inner_secret, keys.inner_secret_len);
+
+ os_free(rnd);
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
+ data->key_data, EAP_TLS_KEY_LEN);
+
+ return 0;
+}
+
+
+static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
+ struct eap_ttls_data *data, size_t len)
+{
+ struct tls_keys keys;
+ u8 *challenge, *rnd;
+
+ if (data->ttls_version == 0) {
+ return eap_tls_derive_key(sm, &data->ssl, "ttls challenge",
+ len);
+ }
+
+ os_memset(&keys, 0, sizeof(keys));
+ if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
+ keys.client_random == NULL || keys.server_random == NULL ||
+ keys.inner_secret == NULL) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, "
+ "client random, or server random to derive "
+ "implicit challenge");
+ return NULL;
+ }
+
+ rnd = os_malloc(keys.client_random_len + keys.server_random_len);
+ challenge = os_malloc(len);
+ if (rnd == NULL || challenge == NULL) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: No memory for implicit "
+ "challenge derivation");
+ os_free(rnd);
+ os_free(challenge);
+ return NULL;
+ }
+ os_memcpy(rnd, keys.server_random, keys.server_random_len);
+ os_memcpy(rnd + keys.server_random_len, keys.client_random,
+ keys.client_random_len);
+
+ if (tls_prf(keys.inner_secret, keys.inner_secret_len,
+ "inner application challenge", rnd,
+ keys.client_random_len + keys.server_random_len,
+ challenge, len)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive implicit "
+ "challenge");
+ os_free(rnd);
+ os_free(challenge);
+ return NULL;
+ }
+
+ os_free(rnd);
+
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived implicit challenge",
+ challenge, len);
+
+ return challenge;
+}
+
+
+static int eap_ttls_phase2_nak(struct eap_ttls_data *data, struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ struct eap_hdr *resp_hdr;
+ u8 *pos = (u8 *) (hdr + 1);
+ size_t i;
+
+ /* TODO: add support for expanded Nak */
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 Request: Nak type=%d", *pos);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Allowed Phase2 EAP types",
+ (u8 *) data->phase2_eap_types, data->num_phase2_eap_types *
+ sizeof(struct eap_method_type));
+ *resp_len = sizeof(struct eap_hdr) + 1;
+ *resp = os_malloc(*resp_len + data->num_phase2_eap_types);
+ if (*resp == NULL)
+ return -1;
+
+ resp_hdr = (struct eap_hdr *) (*resp);
+ resp_hdr->code = EAP_CODE_RESPONSE;
+ resp_hdr->identifier = hdr->identifier;
+ pos = (u8 *) (resp_hdr + 1);
+ *pos++ = EAP_TYPE_NAK;
+ for (i = 0; i < data->num_phase2_eap_types; i++) {
+ if (data->phase2_eap_types[i].vendor == EAP_VENDOR_IETF &&
+ data->phase2_eap_types[i].method < 256) {
+ (*resp_len)++;
+ *pos++ = data->phase2_eap_types[i].method;
+ }
+ }
+ resp_hdr->length = host_to_be16(*resp_len);
+
+ return 0;
+}
+
+
+static int eap_ttls_phase2_request_eap(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ size_t len = be_to_host16(hdr->length);
+ u8 *pos;
+ struct eap_method_ret iret;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ if (len <= sizeof(struct eap_hdr)) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: too short "
+ "Phase 2 request (len=%lu)", (unsigned long) len);
+ return -1;
+ }
+ pos = (u8 *) (hdr + 1);
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos);
+ switch (*pos) {
+ case EAP_TYPE_IDENTITY:
+ *resp = eap_sm_buildIdentity(sm, hdr->identifier, resp_len, 1);
+ break;
+ default:
+ if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF &&
+ data->phase2_eap_type.method == EAP_TYPE_NONE) {
+ size_t i;
+ for (i = 0; i < data->num_phase2_eap_types; i++) {
+ if (data->phase2_eap_types[i].vendor !=
+ EAP_VENDOR_IETF ||
+ data->phase2_eap_types[i].method != *pos)
+ continue;
+
+ data->phase2_eap_type.vendor =
+ data->phase2_eap_types[i].vendor;
+ data->phase2_eap_type.method =
+ data->phase2_eap_types[i].method;
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
+ "Phase 2 EAP vendor %d method %d",
+ data->phase2_eap_type.vendor,
+ data->phase2_eap_type.method);
+ break;
+ }
+ }
+ if (*pos != data->phase2_eap_type.method ||
+ *pos == EAP_TYPE_NONE) {
+ if (eap_ttls_phase2_nak(data, hdr, resp, resp_len))
+ return -1;
+ break;
+ }
+
+ if (data->phase2_priv == NULL) {
+ data->phase2_method = eap_sm_get_eap_methods(
+ EAP_VENDOR_IETF, *pos);
+ if (data->phase2_method) {
+ sm->init_phase2 = 1;
+ sm->mschapv2_full_key = 1;
+ data->phase2_priv =
+ data->phase2_method->init(sm);
+ sm->init_phase2 = 0;
+ sm->mschapv2_full_key = 0;
+ }
+ }
+ if (data->phase2_priv == NULL || data->phase2_method == NULL) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: failed to initialize "
+ "Phase 2 EAP method %d", *pos);
+ return -1;
+ }
+ os_memset(&iret, 0, sizeof(iret));
+ *resp = data->phase2_method->process(sm, data->phase2_priv,
+ &iret, (u8 *) hdr, len,
+ resp_len);
+ if ((iret.methodState == METHOD_DONE ||
+ iret.methodState == METHOD_MAY_CONT) &&
+ (iret.decision == DECISION_UNCOND_SUCC ||
+ iret.decision == DECISION_COND_SUCC ||
+ iret.decision == DECISION_FAIL)) {
+ ret->methodState = iret.methodState;
+ ret->decision = iret.decision;
+ }
+ if (data->ttls_version > 0) {
+ const struct eap_method *m = data->phase2_method;
+ void *priv = data->phase2_priv;
+
+ /* TTLSv1 requires TLS/IA FinalPhaseFinished */
+ if (ret->decision == DECISION_UNCOND_SUCC)
+ ret->decision = DECISION_COND_SUCC;
+ ret->methodState = METHOD_CONT;
+
+ if (ret->decision == DECISION_COND_SUCC &&
+ m->isKeyAvailable && m->getKey &&
+ m->isKeyAvailable(sm, priv)) {
+ u8 *key;
+ size_t key_len;
+ key = m->getKey(sm, priv, &key_len);
+ if (key) {
+ eap_ttls_ia_permute_inner_secret(
+ sm, data, key, key_len);
+ os_free(key);
+ }
+ }
+ }
+ break;
+ }
+
+ if (*resp == NULL &&
+ (config->pending_req_identity || config->pending_req_password ||
+ config->pending_req_otp)) {
+ return 0;
+ }
+
+ if (*resp == NULL)
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response",
+ *resp, *resp_len);
+ return eap_ttls_avp_encapsulate(resp, resp_len,
+ RADIUS_ATTR_EAP_MESSAGE, 1);
+}
+
+
+static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ u8 **resp, size_t *resp_len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ u8 *buf, *pos, *challenge, *username, *peer_challenge;
+ size_t username_len, i;
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request");
+
+ /* MSCHAPv2 does not include optional domain name in the
+ * challenge-response calculation, so remove domain prefix
+ * (if present). */
+ username = config->identity;
+ username_len = config->identity_len;
+ pos = username;
+ for (i = 0; i < username_len; i++) {
+ if (username[i] == '\\') {
+ username_len -= i + 1;
+ username += i + 1;
+ break;
+ }
+ }
+
+ pos = buf = os_malloc(config->identity_len + 1000);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR,
+ "EAP-TTLS/MSCHAPV2: Failed to allocate memory");
+ return -1;
+ }
+
+ /* User-Name */
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
+ config->identity, config->identity_len);
+
+ /* MS-CHAP-Challenge */
+ challenge = eap_ttls_implicit_challenge(
+ sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1);
+ if (challenge == NULL) {
+ os_free(buf);
+ wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
+ "implicit challenge");
+ return -1;
+ }
+ peer_challenge = challenge + 1 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
+
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
+ RADIUS_VENDOR_ID_MICROSOFT, 1,
+ challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
+
+ /* MS-CHAP2-Response */
+ pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE,
+ RADIUS_VENDOR_ID_MICROSOFT, 1,
+ EAP_TTLS_MSCHAPV2_RESPONSE_LEN);
+ data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN];
+ *pos++ = data->ident;
+ *pos++ = 0; /* Flags */
+ os_memcpy(pos, peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
+ pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
+ os_memset(pos, 0, 8); /* Reserved, must be zero */
+ pos += 8;
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAPV2: implicit auth_challenge",
+ challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAPV2: peer_challenge",
+ peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MSCHAPV2 username",
+ username, username_len);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAPV2 password",
+ config->password, config->password_len);
+ generate_nt_response(challenge, peer_challenge,
+ username, username_len,
+ config->password, config->password_len,
+ pos);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAPV2 response", pos, 24);
+ generate_authenticator_response(config->password, config->password_len,
+ peer_challenge, challenge,
+ username, username_len,
+ pos, data->auth_response);
+ data->auth_response_valid = 1;
+
+ if (data->ttls_version > 0) {
+ u8 pw_hash[16], pw_hash_hash[16], master_key[16];
+ u8 session_key[2 * MSCHAPV2_KEY_LEN];
+ nt_password_hash(config->password, config->password_len,
+ pw_hash);
+ hash_nt_password_hash(pw_hash, pw_hash_hash);
+ get_master_key(pw_hash_hash, pos /* nt_response */,
+ master_key);
+ get_asymetric_start_key(master_key, session_key,
+ MSCHAPV2_KEY_LEN, 0, 0);
+ get_asymetric_start_key(master_key,
+ session_key + MSCHAPV2_KEY_LEN,
+ MSCHAPV2_KEY_LEN, 1, 0);
+ eap_ttls_ia_permute_inner_secret(sm, data,
+ session_key,
+ sizeof(session_key));
+ }
+
+ pos += 24;
+ os_free(challenge);
+ AVP_PAD(buf, pos);
+
+ *resp = buf;
+ *resp_len = pos - buf;
+
+ if (sm->workaround && data->ttls_version == 0) {
+ /* At least FreeRADIUS seems to be terminating
+ * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
+ * packet. */
+ wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: EAP workaround - "
+ "allow success without tunneled response");
+ ret->methodState = METHOD_MAY_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ }
+
+ return 0;
+}
+
+
+static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ u8 **resp, size_t *resp_len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ u8 *buf, *pos, *challenge;
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request");
+
+ pos = buf = os_malloc(config->identity_len + 1000);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR,
+ "EAP-TTLS/MSCHAP: Failed to allocate memory");
+ return -1;
+ }
+
+ /* User-Name */
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
+ config->identity, config->identity_len);
+
+ /* MS-CHAP-Challenge */
+ challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+ if (challenge == NULL) {
+ os_free(buf);
+ wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
+ "implicit challenge");
+ return -1;
+ }
+
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
+ RADIUS_VENDOR_ID_MICROSOFT, 1,
+ challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
+
+ /* MS-CHAP-Response */
+ pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE,
+ RADIUS_VENDOR_ID_MICROSOFT, 1,
+ EAP_TTLS_MSCHAP_RESPONSE_LEN);
+ data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN];
+ *pos++ = data->ident;
+ *pos++ = 1; /* Flags: Use NT style passwords */
+ os_memset(pos, 0, 24); /* LM-Response */
+ pos += 24;
+ nt_challenge_response(challenge,
+ config->password, config->password_len,
+ pos); /* NT-Response */
+ wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
+ config->password, config->password_len);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge",
+ challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24);
+ pos += 24;
+ os_free(challenge);
+ AVP_PAD(buf, pos);
+
+ *resp = buf;
+ *resp_len = pos - buf;
+
+ if (data->ttls_version > 0) {
+ /* EAP-TTLSv1 uses TLS/IA FinalPhaseFinished to report success,
+ * so do not allow connection to be terminated yet. */
+ ret->methodState = METHOD_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ } else {
+ /* EAP-TTLS/MSCHAP does not provide tunneled success
+ * notification, so assume that Phase2 succeeds. */
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_COND_SUCC;
+ }
+
+ return 0;
+}
+
+
+static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ u8 **resp, size_t *resp_len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ u8 *buf, *pos;
+ size_t pad;
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request");
+
+ pos = buf = os_malloc(config->identity_len + config->password_len +
+ 100);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR,
+ "EAP-TTLS/PAP: Failed to allocate memory");
+ return -1;
+ }
+
+ /* User-Name */
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
+ config->identity, config->identity_len);
+
+ /* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
+ * the data, so no separate encryption is used in the AVP itself.
+ * However, the password is padded to obfuscate its length. */
+ pad = (16 - (config->password_len & 15)) & 15;
+ pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
+ config->password_len + pad);
+ os_memcpy(pos, config->password, config->password_len);
+ pos += config->password_len;
+ os_memset(pos, 0, pad);
+ pos += pad;
+ AVP_PAD(buf, pos);
+
+ *resp = buf;
+ *resp_len = pos - buf;
+
+ if (data->ttls_version > 0) {
+ /* EAP-TTLSv1 uses TLS/IA FinalPhaseFinished to report success,
+ * so do not allow connection to be terminated yet. */
+ ret->methodState = METHOD_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ } else {
+ /* EAP-TTLS/PAP does not provide tunneled success notification,
+ * so assume that Phase2 succeeds. */
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_COND_SUCC;
+ }
+
+ return 0;
+}
+
+
+static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ u8 **resp, size_t *resp_len)
+{
+ struct wpa_ssid *config = eap_get_config(sm);
+ u8 *buf, *pos, *challenge;
+ const u8 *addr[3];
+ size_t len[3];
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request");
+
+ pos = buf = os_malloc(config->identity_len + 1000);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR,
+ "EAP-TTLS/CHAP: Failed to allocate memory");
+ return -1;
+ }
+
+ /* User-Name */
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
+ config->identity, config->identity_len);
+
+ /* CHAP-Challenge */
+ challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+ if (challenge == NULL) {
+ os_free(buf);
+ wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
+ "implicit challenge");
+ return -1;
+ }
+
+ pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1,
+ challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
+
+ /* CHAP-Password */
+ pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1,
+ 1 + EAP_TTLS_CHAP_PASSWORD_LEN);
+ data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN];
+ *pos++ = data->ident;
+
+ /* MD5(Ident + Password + Challenge) */
+ addr[0] = &data->ident;
+ len[0] = 1;
+ addr[1] = config->password;
+ len[1] = config->password_len;
+ addr[2] = challenge;
+ len[2] = EAP_TTLS_CHAP_CHALLENGE_LEN;
+ md5_vector(3, addr, len, pos);
+
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username",
+ config->identity, config->identity_len);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password",
+ config->password, config->password_len);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge",
+ challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password",
+ pos, EAP_TTLS_CHAP_PASSWORD_LEN);
+ pos += EAP_TTLS_CHAP_PASSWORD_LEN;
+ os_free(challenge);
+ AVP_PAD(buf, pos);
+
+ *resp = buf;
+ *resp_len = pos - buf;
+
+ if (data->ttls_version > 0) {
+ /* EAP-TTLSv1 uses TLS/IA FinalPhaseFinished to report success,
+ * so do not allow connection to be terminated yet. */
+ ret->methodState = METHOD_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ } else {
+ /* EAP-TTLS/CHAP does not provide tunneled success
+ * notification, so assume that Phase2 succeeds. */
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_COND_SUCC;
+ }
+
+ return 0;
+}
+
+
+static int eap_ttls_phase2_request(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_hdr *req,
+ struct eap_hdr *hdr,
+ u8 **resp, size_t *resp_len)
+{
+ int res = 0;
+ size_t len;
+
+ if (data->phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 ||
+ data->phase2_type == EAP_TTLS_PHASE2_MSCHAP ||
+ data->phase2_type == EAP_TTLS_PHASE2_PAP ||
+ data->phase2_type == EAP_TTLS_PHASE2_CHAP) {
+ if (eap_get_config_identity(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO,
+ "EAP-TTLS: Identity not configured");
+ eap_sm_request_identity(sm);
+ if (eap_get_config_password(sm, &len) == NULL)
+ eap_sm_request_password(sm);
+ return 0;
+ }
+
+ if (eap_get_config_password(sm, &len) == NULL) {
+ wpa_printf(MSG_INFO,
+ "EAP-TTLS: Password not configured");
+ eap_sm_request_password(sm);
+ return 0;
+ }
+ }
+
+ switch (data->phase2_type) {
+ case EAP_TTLS_PHASE2_EAP:
+ res = eap_ttls_phase2_request_eap(sm, data, ret, hdr,
+ resp, resp_len);
+ break;
+ case EAP_TTLS_PHASE2_MSCHAPV2:
+ res = eap_ttls_phase2_request_mschapv2(sm, data, ret,
+ resp, resp_len);
+ break;
+ case EAP_TTLS_PHASE2_MSCHAP:
+ res = eap_ttls_phase2_request_mschap(sm, data, ret,
+ resp, resp_len);
+ break;
+ case EAP_TTLS_PHASE2_PAP:
+ res = eap_ttls_phase2_request_pap(sm, data, ret,
+ resp, resp_len);
+ break;
+ case EAP_TTLS_PHASE2_CHAP:
+ res = eap_ttls_phase2_request_chap(sm, data, ret,
+ resp, resp_len);
+ break;
+ default:
+ wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown");
+ res = -1;
+ break;
+ }
+
+ if (res < 0) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ }
+
+ return res;
+}
+
+
+static u8 * eap_ttls_build_phase_finished(struct eap_sm *sm,
+ struct eap_ttls_data *data,
+ int id, int final,
+ size_t *reqDataLen)
+{
+ int len;
+ struct eap_hdr *req;
+ u8 *pos;
+ const int max_len = 300;
+
+ len = sizeof(struct eap_hdr) + 2 + max_len;
+ req = os_malloc(len);
+ if (req == NULL)
+ return NULL;
+
+ req->code = EAP_CODE_RESPONSE;
+ req->identifier = id;
+
+ pos = (u8 *) (req + 1);
+ *pos++ = EAP_TYPE_TTLS;
+ *pos++ = data->ttls_version;
+
+ len = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
+ data->ssl.conn,
+ final, pos, max_len);
+ if (len < 0) {
+ os_free(req);
+ return NULL;
+ }
+
+ *reqDataLen = sizeof(struct eap_hdr) + 2 + len;
+ req->length = host_to_be16(*reqDataLen);
+
+ return (u8 *) req;
+}
+
+
+static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
+ struct eap_method_ret *ret,
+ const struct eap_hdr *req,
+ const u8 *in_data, size_t in_len,
+ u8 **out_data, size_t *out_len)
+{
+ u8 *in_decrypted = NULL, *pos;
+ int res, retval = 0;
+ struct eap_hdr *hdr = NULL;
+ u8 *resp = NULL, *mschapv2 = NULL, *eapdata = NULL;
+ size_t resp_len, eap_len = 0, len_decrypted = 0, len, buf_len, left;
+ struct ttls_avp *avp;
+ u8 recv_response[20];
+ int mschapv2_error = 0;
+ struct wpa_ssid *config = eap_get_config(sm);
+ const u8 *msg;
+ size_t msg_len;
+ int need_more_input;
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
+ " Phase 2", (unsigned long) in_len);
+
+ if (data->pending_phase2_req) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
+ "skip decryption and use old data");
+ /* Clear TLS reassembly state. */
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ data->ssl.tls_in_left = 0;
+ data->ssl.tls_in_total = 0;
+
+ in_decrypted = data->pending_phase2_req;
+ data->pending_phase2_req = NULL;
+ len_decrypted = data->pending_phase2_req_len;
+ if (data->pending_phase2_req_len == 0) {
+ os_free(in_decrypted);
+ in_decrypted = NULL;
+ goto fake_req_identity;
+ }
+ goto continue_req;
+ }
+
+ if (in_len == 0 && data->phase2_start) {
+ data->phase2_start = 0;
+ /* EAP-TTLS does not use Phase2 on fast re-auth; this must be
+ * done only if TLS part was indeed resuming a previous
+ * session. Most Authentication Servers terminate EAP-TTLS
+ * before reaching this point, but some do not. Make
+ * wpa_supplicant stop phase 2 here, if needed. */
+ if (data->reauth &&
+ tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - "
+ "skip phase 2");
+ *out_data = eap_tls_build_ack(&data->ssl, out_len,
+ req->identifier,
+ EAP_TYPE_TTLS, 0);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ data->phase2_success = 1;
+ return 0;
+ }
+ fake_req_identity:
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
+ "Phase 2 - use fake EAP-Request Identity");
+ buf_len = sizeof(*hdr) + 1;
+ in_decrypted = os_malloc(buf_len);
+ if (in_decrypted == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate "
+ "memory for fake EAP-Identity Request");
+ retval = -1;
+ goto done;
+ }
+ hdr = (struct eap_hdr *) in_decrypted;
+ hdr->code = EAP_CODE_REQUEST;
+ hdr->identifier = 0;
+ hdr->length = host_to_be16(sizeof(*hdr) + 1);
+ in_decrypted[sizeof(*hdr)] = EAP_TYPE_IDENTITY;
+ goto process_eap;
+ }
+
+ msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,
+ &msg_len, &need_more_input);
+ if (msg == NULL)
+ return need_more_input ? 1 : -1;
+
+ buf_len = in_len;
+ if (data->ssl.tls_in_total > buf_len)
+ buf_len = data->ssl.tls_in_total;
+ in_decrypted = os_malloc(buf_len);
+ if (in_decrypted == NULL) {
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate memory "
+ "for decryption");
+ retval = -1;
+ goto done;
+ }
+
+ res = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
+ msg, msg_len, in_decrypted, buf_len);
+ os_free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
+ "data");
+ retval = -1;
+ goto done;
+ }
+ len_decrypted = res;
+
+ if (data->ttls_version > 0 && len_decrypted == 0 &&
+ tls_connection_ia_final_phase_finished(sm->ssl_ctx,
+ data->ssl.conn)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: FinalPhaseFinished received");
+ wpa_printf(MSG_INFO, "EAP-TTLS: TLS/IA authentication "
+ "succeeded");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ data->phase2_success = 1;
+ *out_data = eap_ttls_build_phase_finished(sm, data,
+ req->identifier, 1,
+ out_len);
+ eap_ttls_v1_derive_key(sm, data);
+ goto done;
+ }
+
+continue_req:
+ data->phase2_start = 0;
+
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs",
+ in_decrypted, len_decrypted);
+ if (len_decrypted < sizeof(struct ttls_avp)) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame"
+ " len=%lu expected %lu or more - dropped",
+ (unsigned long) len_decrypted,
+ (unsigned long) sizeof(struct ttls_avp));
+ retval = -1;
+ goto done;
+ }
+
+ /* Parse AVPs */
+ pos = in_decrypted;
+ left = len_decrypted;
+ mschapv2 = NULL;
+
+ while (left > 0) {
+ u32 avp_code, avp_length, vendor_id = 0;
+ u8 avp_flags, *dpos;
+ size_t pad, dlen;
+ avp = (struct ttls_avp *) pos;
+ avp_code = be_to_host32(avp->avp_code);
+ avp_length = be_to_host32(avp->avp_length);
+ avp_flags = (avp_length >> 24) & 0xff;
+ avp_length &= 0xffffff;
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
+ "length=%d", (int) avp_code, avp_flags,
+ (int) avp_length);
+ if (avp_length > left) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
+ "(len=%d, left=%lu) - dropped",
+ (int) avp_length, (unsigned long) left);
+ retval = -1;
+ goto done;
+ }
+ if (avp_length < sizeof(*avp)) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
+ "%d", avp_length);
+ retval = -1;
+ goto done;
+ }
+ dpos = (u8 *) (avp + 1);
+ dlen = avp_length - sizeof(*avp);
+ if (avp_flags & AVP_FLAGS_VENDOR) {
+ if (dlen < 4) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
+ "underflow");
+ retval = -1;
+ goto done;
+ }
+ vendor_id = be_to_host32(* (u32 *) dpos);
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
+ (int) vendor_id);
+ dpos += 4;
+ dlen -= 4;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
+
+ if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
+ if (eapdata == NULL) {
+ eapdata = os_malloc(dlen);
+ if (eapdata == NULL) {
+ retval = -1;
+ wpa_printf(MSG_WARNING, "EAP-TTLS: "
+ "failed to allocate memory "
+ "for Phase 2 EAP data");
+ goto done;
+ }
+ os_memcpy(eapdata, dpos, dlen);
+ eap_len = dlen;
+ } else {
+ u8 *neweap = os_realloc(eapdata,
+ eap_len + dlen);
+ if (neweap == NULL) {
+ retval = -1;
+ wpa_printf(MSG_WARNING, "EAP-TTLS: "
+ "failed to allocate memory "
+ "for Phase 2 EAP data");
+ goto done;
+ }
+ os_memcpy(neweap + eap_len, dpos, dlen);
+ eapdata = neweap;
+ eap_len += dlen;
+ }
+ } else if (vendor_id == 0 &&
+ avp_code == RADIUS_ATTR_REPLY_MESSAGE) {
+ /* This is an optional message that can be displayed to
+ * the user. */
+ wpa_hexdump_ascii(MSG_DEBUG,
+ "EAP-TTLS: AVP - Reply-Message",
+ dpos, dlen);
+ } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
+ avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: "
+ "MS-CHAP2-Success", dpos, dlen);
+ if (dlen != 43) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected "
+ "MS-CHAP2-Success length "
+ "(len=%lu, expected 43)",
+ (unsigned long) dlen);
+ retval = -1;
+ break;
+ }
+ mschapv2 = dpos;
+ } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
+ avp_code == RADIUS_ATTR_MS_CHAP_ERROR) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: "
+ "MS-CHAP-Error", dpos, dlen);
+ mschapv2_error = 1;
+ } else if (avp_flags & AVP_FLAGS_MANDATORY) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
+ "mandatory AVP code %d vendor_id %d - "
+ "dropped", (int) avp_code, (int) vendor_id);
+ retval = -1;
+ goto done;
+ } else {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
+ "AVP code %d vendor_id %d",
+ (int) avp_code, (int) vendor_id);
+ }
+
+ pad = (4 - (avp_length & 3)) & 3;
+ pos += avp_length + pad;
+ if (left < avp_length + pad)
+ left = 0;
+ else
+ left -= avp_length + pad;
+ }
+
+ switch (data->phase2_type) {
+ case EAP_TTLS_PHASE2_EAP:
+ if (eapdata == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in "
+ "the packet - dropped");
+ retval = -1;
+ goto done;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP",
+ eapdata, eap_len);
+ hdr = (struct eap_hdr *) eapdata;
+
+ if (eap_len < sizeof(*hdr)) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 "
+ "EAP frame (len=%lu, expected %lu or more) "
+ "- dropped", (unsigned long) eap_len,
+ (unsigned long) sizeof(*hdr));
+ retval = -1;
+ goto done;
+ }
+ len = be_to_host16(hdr->length);
+ if (len > eap_len) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in "
+ "Phase 2 EAP frame (EAP hdr len=%lu, EAP "
+ "data len in AVP=%lu)",
+ (unsigned long) len,
+ (unsigned long) eap_len);
+ retval = -1;
+ goto done;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d "
+ "identifier=%d length=%lu",
+ hdr->code, hdr->identifier, (unsigned long) len);
+ process_eap:
+ switch (hdr->code) {
+ case EAP_CODE_REQUEST:
+ if (eap_ttls_phase2_request(sm, data, ret, req, hdr,
+ &resp, &resp_len)) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 "
+ "Request processing failed");
+ retval = -1;
+ goto done;
+ }
+ break;
+ default:
+ wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in "
+ "Phase 2 EAP header", hdr->code);
+ retval = -1;
+ break;
+ }
+ break;
+ case EAP_TTLS_PHASE2_MSCHAPV2:
+ if (mschapv2_error) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received "
+ "MS-CHAP-Error - failed");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ *out_data = eap_tls_build_ack(&data->ssl, out_len,
+ req->identifier,
+ EAP_TYPE_TTLS, 0);
+ break;
+ }
+
+ if (mschapv2 == NULL) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success"
+ " AVP received for Phase2 MSCHAPV2");
+ retval = -1;
+ break;
+ }
+ if (mschapv2[0] != data->ident) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch "
+ "for Phase 2 MSCHAPV2 (received Ident "
+ "0x%02x, expected 0x%02x)",
+ mschapv2[0], data->ident);
+ retval = -1;
+ break;
+ }
+ if (!data->auth_response_valid ||
+ mschapv2[1] != 'S' || mschapv2[2] != '=' ||
+ hexstr2bin((char *) (mschapv2 + 3), recv_response, 20) ||
+ os_memcmp(data->auth_response, recv_response, 20) != 0) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid "
+ "authenticator response in Phase 2 "
+ "MSCHAPV2 success request");
+ retval = -1;
+ break;
+ }
+
+ wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 "
+ "authentication succeeded");
+ if (data->ttls_version > 0) {
+ /* EAP-TTLSv1 uses TLS/IA FinalPhaseFinished to report
+ * success, so do not allow connection to be terminated
+ * yet. */
+ ret->methodState = METHOD_CONT;
+ ret->decision = DECISION_COND_SUCC;
+ } else {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ data->phase2_success = 1;
+ }
+
+ /* Reply with empty data; authentication server will reply
+ * with EAP-Success after this. */
+ retval = 1;
+ goto done;
+ case EAP_TTLS_PHASE2_MSCHAP:
+ case EAP_TTLS_PHASE2_PAP:
+ case EAP_TTLS_PHASE2_CHAP:
+ /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled
+ * requests to the supplicant */
+ wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected "
+ "tunneled data");
+ retval = -1;
+ break;
+ }
+
+ if (resp) {
+ wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data",
+ resp, resp_len);
+
+ if (eap_ttls_encrypt(sm, data, req->identifier,
+ resp, resp_len, out_data, out_len)) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt "
+ "a Phase 2 frame");
+ }
+ os_free(resp);
+ } else if (config->pending_req_identity ||
+ config->pending_req_password ||
+ config->pending_req_otp ||
+ config->pending_req_new_password) {
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = os_malloc(len_decrypted);
+ if (data->pending_phase2_req) {
+ os_memcpy(data->pending_phase2_req, in_decrypted,
+ len_decrypted);
+ data->pending_phase2_req_len = len_decrypted;
+ }
+ }
+
+done:
+ os_free(in_decrypted);
+ os_free(eapdata);
+
+ if (retval < 0) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ }
+
+ return retval;
+}
+
+
+static u8 * eap_ttls_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ const struct eap_hdr *req;
+ size_t left;
+ int res;
+ u8 flags, *resp, id;
+ const u8 *pos;
+ struct eap_ttls_data *data = priv;
+ struct wpa_ssid *config = eap_get_config(sm);
+
+ pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
+ reqData, reqDataLen, &left, &flags);
+ if (pos == NULL)
+ return NULL;
+ req = (const struct eap_hdr *) reqData;
+ id = req->identifier;
+
+ if (flags & EAP_TLS_FLAGS_START) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own "
+ "ver=%d)", flags & EAP_PEAP_VERSION_MASK,
+ data->ttls_version);
+ if ((flags & EAP_PEAP_VERSION_MASK) < data->ttls_version)
+ data->ttls_version = flags & EAP_PEAP_VERSION_MASK;
+ if (data->force_ttls_version >= 0 &&
+ data->force_ttls_version != data->ttls_version) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to select "
+ "forced TTLS version %d",
+ data->force_ttls_version);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Using TTLS version %d",
+ data->ttls_version);
+
+ if (data->ttls_version > 0)
+ data->ssl.tls_ia = 1;
+ if (!data->ssl_initialized &&
+ eap_tls_ssl_init(sm, &data->ssl, config)) {
+ wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize "
+ "SSL.");
+ return NULL;
+ }
+ data->ssl_initialized = 1;
+
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Start");
+ /* draft-ietf-pppext-eap-ttls-03.txt, Ch. 8.1:
+ * EAP-TTLS Start packet may, in a future specification, be
+ * allowed to contain data. Client based on this draft version
+ * must ignore such data but must not reject the Start packet.
+ */
+ left = 0;
+ } else if (!data->ssl_initialized) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: First message did not "
+ "include Start flag");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ ret->allowNotifications = FALSE;
+ return NULL;
+ }
+
+ resp = NULL;
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+ !data->resuming) {
+ res = eap_ttls_decrypt(sm, data, ret, req, pos, left,
+ &resp, respDataLen);
+ } else {
+ res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
+ data->ttls_version, id, pos, left,
+ &resp, respDataLen);
+
+ if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: TLS done, proceed to Phase 2");
+ if (data->resuming) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth -"
+ " may skip Phase 2");
+ ret->decision = DECISION_COND_SUCC;
+ ret->methodState = METHOD_MAY_CONT;
+ }
+ data->phase2_start = 1;
+ if (data->ttls_version == 0)
+ eap_ttls_v0_derive_key(sm, data);
+
+ if (*respDataLen == 0) {
+ if (eap_ttls_decrypt(sm, data, ret, req, NULL,
+ 0, &resp, respDataLen)) {
+ wpa_printf(MSG_WARNING, "EAP-TTLS: "
+ "failed to process early "
+ "start for Phase 2");
+ }
+ res = 0;
+ }
+ data->resuming = 0;
+ }
+
+ if (res == 2) {
+ /*
+ * Application data included in the handshake message.
+ */
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = resp;
+ data->pending_phase2_req_len = *respDataLen;
+ resp = NULL;
+ *respDataLen = 0;
+ res = eap_ttls_decrypt(sm, data, ret, req, pos, left,
+ &resp, respDataLen);
+ }
+ }
+
+ if (data->ttls_version == 0 && ret->methodState == METHOD_DONE) {
+ ret->allowNotifications = FALSE;
+ if (ret->decision == DECISION_UNCOND_SUCC ||
+ ret->decision == DECISION_COND_SUCC) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
+ "completed successfully");
+ data->phase2_success = 1;
+ }
+ } else if (data->ttls_version == 0 && sm->workaround &&
+ ret->methodState == METHOD_MAY_CONT &&
+ (ret->decision == DECISION_UNCOND_SUCC ||
+ ret->decision == DECISION_COND_SUCC)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
+ "completed successfully (EAP workaround)");
+ data->phase2_success = 1;
+ }
+
+ if (res == 1) {
+ return eap_tls_build_ack(&data->ssl, respDataLen, id,
+ EAP_TYPE_TTLS, data->ttls_version);
+ }
+ return resp;
+}
+
+
+static Boolean eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv)
+{
+ struct eap_ttls_data *data = priv;
+ return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+ data->phase2_success;
+}
+
+
+static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_ttls_data *data = priv;
+ os_free(data->pending_phase2_req);
+ data->pending_phase2_req = NULL;
+}
+
+
+static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv)
+{
+ struct eap_ttls_data *data = priv;
+ os_free(data->key_data);
+ data->key_data = NULL;
+ if (eap_tls_reauth_init(sm, &data->ssl)) {
+ os_free(data);
+ return NULL;
+ }
+ if (data->phase2_priv && data->phase2_method &&
+ data->phase2_method->init_for_reauth)
+ data->phase2_method->init_for_reauth(sm, data->phase2_priv);
+ data->phase2_start = 0;
+ data->phase2_success = 0;
+ data->resuming = 1;
+ data->reauth = 1;
+ return priv;
+}
+
+
+static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf,
+ size_t buflen, int verbose)
+{
+ struct eap_ttls_data *data = priv;
+ int len, ret;
+
+ len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
+ ret = os_snprintf(buf + len, buflen - len,
+ "EAP-TTLSv%d Phase2 method=",
+ data->ttls_version);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ switch (data->phase2_type) {
+ case EAP_TTLS_PHASE2_EAP:
+ ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n",
+ data->phase2_method ?
+ data->phase2_method->name : "?");
+ break;
+ case EAP_TTLS_PHASE2_MSCHAPV2:
+ ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n");
+ break;
+ case EAP_TTLS_PHASE2_MSCHAP:
+ ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n");
+ break;
+ case EAP_TTLS_PHASE2_PAP:
+ ret = os_snprintf(buf + len, buflen - len, "PAP\n");
+ break;
+ case EAP_TTLS_PHASE2_CHAP:
+ ret = os_snprintf(buf + len, buflen - len, "CHAP\n");
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+
+ return len;
+}
+
+
+static Boolean eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_ttls_data *data = priv;
+ return data->key_data != NULL && data->phase2_success;
+}
+
+
+static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_ttls_data *data = priv;
+ u8 *key;
+
+ if (data->key_data == NULL || !data->phase2_success)
+ return NULL;
+
+ key = os_malloc(EAP_TLS_KEY_LEN);
+ if (key == NULL)
+ return NULL;
+
+ *len = EAP_TLS_KEY_LEN;
+ os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
+
+ return key;
+}
+
+
+int eap_peer_ttls_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_ttls_init;
+ eap->deinit = eap_ttls_deinit;
+ eap->process = eap_ttls_process;
+ eap->isKeyAvailable = eap_ttls_isKeyAvailable;
+ eap->getKey = eap_ttls_getKey;
+ eap->get_status = eap_ttls_get_status;
+ eap->has_reauth_data = eap_ttls_has_reauth_data;
+ eap->deinit_for_reauth = eap_ttls_deinit_for_reauth;
+ eap->init_for_reauth = eap_ttls_init_for_reauth;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * EAP server/peer: EAP-TTLS (draft-ietf-pppext-eap-ttls-03.txt)
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_TTLS_H
+#define EAP_TTLS_H
+
+struct ttls_avp {
+ u32 avp_code;
+ u32 avp_length; /* 8-bit flags, 24-bit length;
+ * length includes AVP header */
+ /* optional 32-bit Vendor-ID */
+ /* Data */
+};
+
+struct ttls_avp_vendor {
+ u32 avp_code;
+ u32 avp_length; /* 8-bit flags, 24-bit length;
+ * length includes AVP header */
+ u32 vendor_id;
+ /* Data */
+};
+
+#define AVP_FLAGS_VENDOR 0x80
+#define AVP_FLAGS_MANDATORY 0x40
+
+#define AVP_PAD(start, pos) \
+do { \
+ int __pad; \
+ __pad = (4 - (((pos) - (start)) & 3)) & 3; \
+ os_memset((pos), 0, __pad); \
+ pos += __pad; \
+} while (0)
+
+
+/* RFC 2865 */
+#define RADIUS_ATTR_USER_NAME 1
+#define RADIUS_ATTR_USER_PASSWORD 2
+#define RADIUS_ATTR_CHAP_PASSWORD 3
+#define RADIUS_ATTR_REPLY_MESSAGE 18
+#define RADIUS_ATTR_CHAP_CHALLENGE 60
+#define RADIUS_ATTR_EAP_MESSAGE 79
+
+/* RFC 2548 */
+#define RADIUS_VENDOR_ID_MICROSOFT 311
+#define RADIUS_ATTR_MS_CHAP_RESPONSE 1
+#define RADIUS_ATTR_MS_CHAP_ERROR 2
+#define RADIUS_ATTR_MS_CHAP_NT_ENC_PW 6
+#define RADIUS_ATTR_MS_CHAP_CHALLENGE 11
+#define RADIUS_ATTR_MS_CHAP2_RESPONSE 25
+#define RADIUS_ATTR_MS_CHAP2_SUCCESS 26
+#define RADIUS_ATTR_MS_CHAP2_CPW 27
+
+#define EAP_TTLS_MSCHAPV2_CHALLENGE_LEN 16
+#define EAP_TTLS_MSCHAPV2_RESPONSE_LEN 50
+#define EAP_TTLS_MSCHAP_CHALLENGE_LEN 8
+#define EAP_TTLS_MSCHAP_RESPONSE_LEN 50
+#define EAP_TTLS_CHAP_CHALLENGE_LEN 16
+#define EAP_TTLS_CHAP_PASSWORD_LEN 16
+
+#endif /* EAP_TTLS_H */
--- /dev/null
+/*
+ * EAP peer method: Test method for vendor specific (expanded) EAP type
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements a vendor specific test method using EAP expanded types.
+ * This is only for test use and must not be used for authentication since no
+ * security is provided.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_i.h"
+#include "eloop.h"
+
+
+#define EAP_VENDOR_ID 0xfffefd
+#define EAP_VENDOR_TYPE 0xfcfbfaf9
+
+
+/* #define TEST_PENDING_REQUEST */
+
+struct eap_vendor_test_data {
+ enum { INIT, CONFIRM, SUCCESS } state;
+ int first_try;
+};
+
+
+static void * eap_vendor_test_init(struct eap_sm *sm)
+{
+ struct eap_vendor_test_data *data;
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
+ data->state = INIT;
+ data->first_try = 1;
+ return data;
+}
+
+
+static void eap_vendor_test_deinit(struct eap_sm *sm, void *priv)
+{
+ struct eap_vendor_test_data *data = priv;
+ os_free(data);
+}
+
+
+#ifdef TEST_PENDING_REQUEST
+static void eap_vendor_ready(void *eloop_ctx, void *timeout_ctx)
+{
+ struct eap_sm *sm = eloop_ctx;
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Ready to re-process pending "
+ "request");
+ eap_notify_pending(sm);
+}
+#endif /* TEST_PENDING_REQUEST */
+
+
+static u8 * eap_vendor_test_process(struct eap_sm *sm, void *priv,
+ struct eap_method_ret *ret,
+ const u8 *reqData, size_t reqDataLen,
+ size_t *respDataLen)
+{
+ struct eap_vendor_test_data *data = priv;
+ const struct eap_hdr *req;
+ struct eap_hdr *resp;
+ const u8 *pos;
+ u8 *rpos;
+ size_t len;
+
+ pos = eap_hdr_validate(EAP_VENDOR_ID, EAP_VENDOR_TYPE,
+ reqData, reqDataLen, &len);
+ if (pos == NULL || len < 1) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state == INIT && *pos != 1) {
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Unexpected message "
+ "%d in INIT state", *pos);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state == CONFIRM && *pos != 3) {
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Unexpected message "
+ "%d in CONFIRM state", *pos);
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state == SUCCESS) {
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Unexpected message "
+ "in SUCCESS state");
+ ret->ignore = TRUE;
+ return NULL;
+ }
+
+ if (data->state == CONFIRM) {
+#ifdef TEST_PENDING_REQUEST
+ if (data->first_try) {
+ data->first_try = 0;
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Testing "
+ "pending request");
+ ret->ignore = TRUE;
+ eloop_register_timeout(1, 0, eap_vendor_ready, sm,
+ NULL);
+ return NULL;
+ }
+#endif /* TEST_PENDING_REQUEST */
+ }
+
+ ret->ignore = FALSE;
+ req = (const struct eap_hdr *) reqData;
+
+ wpa_printf(MSG_DEBUG, "EAP-VENDOR-TEST: Generating Response");
+ ret->allowNotifications = TRUE;
+
+ resp = eap_msg_alloc(EAP_VENDOR_ID, EAP_VENDOR_TYPE, respDataLen, 1,
+ EAP_CODE_RESPONSE, req->identifier, &rpos);
+ if (resp == NULL)
+ return NULL;
+
+ if (data->state == INIT) {
+ *rpos = 2;
+ data->state = CONFIRM;
+ ret->methodState = METHOD_CONT;
+ ret->decision = DECISION_FAIL;
+ } else {
+ *rpos = 4;
+ data->state = SUCCESS;
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_UNCOND_SUCC;
+ }
+
+ return (u8 *) resp;
+}
+
+
+static Boolean eap_vendor_test_isKeyAvailable(struct eap_sm *sm, void *priv)
+{
+ struct eap_vendor_test_data *data = priv;
+ return data->state == SUCCESS;
+}
+
+
+static u8 * eap_vendor_test_getKey(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_vendor_test_data *data = priv;
+ u8 *key;
+ const int key_len = 64;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ key = os_malloc(key_len);
+ if (key == NULL)
+ return NULL;
+
+ os_memset(key, 0x11, key_len / 2);
+ os_memset(key + key_len / 2, 0x22, key_len / 2);
+ *len = key_len;
+
+ return key;
+}
+
+
+int eap_peer_vendor_test_register(void)
+{
+ struct eap_method *eap;
+ int ret;
+
+ eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
+ EAP_VENDOR_ID, EAP_VENDOR_TYPE,
+ "VENDOR-TEST");
+ if (eap == NULL)
+ return -1;
+
+ eap->init = eap_vendor_test_init;
+ eap->deinit = eap_vendor_test_deinit;
+ eap->process = eap_vendor_test_process;
+ eap->isKeyAvailable = eap_vendor_test_isKeyAvailable;
+ eap->getKey = eap_vendor_test_getKey;
+
+ ret = eap_peer_method_register(eap);
+ if (ret)
+ eap_peer_method_free(eap);
+ return ret;
+}
--- /dev/null
+/*
+ * WPA Supplicant / EAPOL state machines
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eapol_sm.h"
+#include "eap.h"
+#include "eloop.h"
+#include "l2_packet.h"
+#include "wpa.h"
+#include "md5.h"
+#include "rc4.h"
+#include "state_machine.h"
+
+#define STATE_MACHINE_DATA struct eapol_sm
+#define STATE_MACHINE_DEBUG_PREFIX "EAPOL"
+
+
+/* IEEE 802.1X-2004 - Supplicant - EAPOL state machines */
+
+/**
+ * struct eapol_sm - Internal data for EAPOL state machines
+ */
+struct eapol_sm {
+ /* Timers */
+ unsigned int authWhile;
+ unsigned int heldWhile;
+ unsigned int startWhen;
+ unsigned int idleWhile; /* for EAP state machine */
+
+ /* Global variables */
+ Boolean eapFail;
+ Boolean eapolEap;
+ Boolean eapSuccess;
+ Boolean initialize;
+ Boolean keyDone;
+ Boolean keyRun;
+ PortControl portControl;
+ Boolean portEnabled;
+ PortStatus suppPortStatus; /* dot1xSuppControlledPortStatus */
+ Boolean portValid;
+ Boolean suppAbort;
+ Boolean suppFail;
+ Boolean suppStart;
+ Boolean suppSuccess;
+ Boolean suppTimeout;
+
+ /* Supplicant PAE state machine */
+ enum {
+ SUPP_PAE_UNKNOWN = 0,
+ SUPP_PAE_DISCONNECTED = 1,
+ SUPP_PAE_LOGOFF = 2,
+ SUPP_PAE_CONNECTING = 3,
+ SUPP_PAE_AUTHENTICATING = 4,
+ SUPP_PAE_AUTHENTICATED = 5,
+ /* unused(6) */
+ SUPP_PAE_HELD = 7,
+ SUPP_PAE_RESTART = 8,
+ SUPP_PAE_S_FORCE_AUTH = 9,
+ SUPP_PAE_S_FORCE_UNAUTH = 10
+ } SUPP_PAE_state; /* dot1xSuppPaeState */
+ /* Variables */
+ Boolean userLogoff;
+ Boolean logoffSent;
+ unsigned int startCount;
+ Boolean eapRestart;
+ PortControl sPortMode;
+ /* Constants */
+ unsigned int heldPeriod; /* dot1xSuppHeldPeriod */
+ unsigned int startPeriod; /* dot1xSuppStartPeriod */
+ unsigned int maxStart; /* dot1xSuppMaxStart */
+
+ /* Key Receive state machine */
+ enum {
+ KEY_RX_UNKNOWN = 0,
+ KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE
+ } KEY_RX_state;
+ /* Variables */
+ Boolean rxKey;
+
+ /* Supplicant Backend state machine */
+ enum {
+ SUPP_BE_UNKNOWN = 0,
+ SUPP_BE_INITIALIZE = 1,
+ SUPP_BE_IDLE = 2,
+ SUPP_BE_REQUEST = 3,
+ SUPP_BE_RECEIVE = 4,
+ SUPP_BE_RESPONSE = 5,
+ SUPP_BE_FAIL = 6,
+ SUPP_BE_TIMEOUT = 7,
+ SUPP_BE_SUCCESS = 8
+ } SUPP_BE_state; /* dot1xSuppBackendPaeState */
+ /* Variables */
+ Boolean eapNoResp;
+ Boolean eapReq;
+ Boolean eapResp;
+ /* Constants */
+ unsigned int authPeriod; /* dot1xSuppAuthPeriod */
+
+ /* Statistics */
+ unsigned int dot1xSuppEapolFramesRx;
+ unsigned int dot1xSuppEapolFramesTx;
+ unsigned int dot1xSuppEapolStartFramesTx;
+ unsigned int dot1xSuppEapolLogoffFramesTx;
+ unsigned int dot1xSuppEapolRespFramesTx;
+ unsigned int dot1xSuppEapolReqIdFramesRx;
+ unsigned int dot1xSuppEapolReqFramesRx;
+ unsigned int dot1xSuppInvalidEapolFramesRx;
+ unsigned int dot1xSuppEapLengthErrorFramesRx;
+ unsigned int dot1xSuppLastEapolFrameVersion;
+ unsigned char dot1xSuppLastEapolFrameSource[6];
+
+ /* Miscellaneous variables (not defined in IEEE 802.1X-2004) */
+ Boolean changed;
+ struct eap_sm *eap;
+ struct wpa_ssid *config;
+ Boolean initial_req;
+ u8 *last_rx_key;
+ size_t last_rx_key_len;
+ u8 *eapReqData; /* for EAP */
+ size_t eapReqDataLen; /* for EAP */
+ Boolean altAccept; /* for EAP */
+ Boolean altReject; /* for EAP */
+ Boolean replay_counter_valid;
+ u8 last_replay_counter[16];
+ struct eapol_config conf;
+ struct eapol_ctx *ctx;
+ enum { EAPOL_CB_IN_PROGRESS = 0, EAPOL_CB_SUCCESS, EAPOL_CB_FAILURE }
+ cb_status;
+ Boolean cached_pmk;
+
+ Boolean unicast_key_received, broadcast_key_received;
+};
+
+
+#define IEEE8021X_REPLAY_COUNTER_LEN 8
+#define IEEE8021X_KEY_SIGN_LEN 16
+#define IEEE8021X_KEY_IV_LEN 16
+
+#define IEEE8021X_KEY_INDEX_FLAG 0x80
+#define IEEE8021X_KEY_INDEX_MASK 0x03
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct ieee802_1x_eapol_key {
+ u8 type;
+ /* Note: key_length is unaligned */
+ u8 key_length[2];
+ /* does not repeat within the life of the keying material used to
+ * encrypt the Key field; 64-bit NTP timestamp MAY be used here */
+ u8 replay_counter[IEEE8021X_REPLAY_COUNTER_LEN];
+ u8 key_iv[IEEE8021X_KEY_IV_LEN]; /* cryptographically random number */
+ u8 key_index; /* key flag in the most significant bit:
+ * 0 = broadcast (default key),
+ * 1 = unicast (key mapping key); key index is in the
+ * 7 least significant bits */
+ /* HMAC-MD5 message integrity check computed with MS-MPPE-Send-Key as
+ * the key */
+ u8 key_signature[IEEE8021X_KEY_SIGN_LEN];
+
+ /* followed by key: if packet body length = 44 + key length, then the
+ * key field (of key_length bytes) contains the key in encrypted form;
+ * if packet body length = 44, key field is absent and key_length
+ * represents the number of least significant octets from
+ * MS-MPPE-Send-Key attribute to be used as the keying material;
+ * RC4 key used in encryption = Key-IV + MS-MPPE-Recv-Key */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+static void eapol_sm_txLogoff(struct eapol_sm *sm);
+static void eapol_sm_txStart(struct eapol_sm *sm);
+static void eapol_sm_processKey(struct eapol_sm *sm);
+static void eapol_sm_getSuppRsp(struct eapol_sm *sm);
+static void eapol_sm_txSuppRsp(struct eapol_sm *sm);
+static void eapol_sm_abortSupp(struct eapol_sm *sm);
+static void eapol_sm_abort_cached(struct eapol_sm *sm);
+static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx);
+
+
+/* Port Timers state machine - implemented as a function that will be called
+ * once a second as a registered event loop timeout */
+static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
+{
+ struct eapol_sm *sm = timeout_ctx;
+
+ if (sm->authWhile > 0) {
+ sm->authWhile--;
+ if (sm->authWhile == 0)
+ wpa_printf(MSG_DEBUG, "EAPOL: authWhile --> 0");
+ }
+ if (sm->heldWhile > 0) {
+ sm->heldWhile--;
+ if (sm->heldWhile == 0)
+ wpa_printf(MSG_DEBUG, "EAPOL: heldWhile --> 0");
+ }
+ if (sm->startWhen > 0) {
+ sm->startWhen--;
+ if (sm->startWhen == 0)
+ wpa_printf(MSG_DEBUG, "EAPOL: startWhen --> 0");
+ }
+ if (sm->idleWhile > 0) {
+ sm->idleWhile--;
+ if (sm->idleWhile == 0)
+ wpa_printf(MSG_DEBUG, "EAPOL: idleWhile --> 0");
+ }
+
+ eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, sm);
+ eapol_sm_step(sm);
+}
+
+
+SM_STATE(SUPP_PAE, LOGOFF)
+{
+ SM_ENTRY(SUPP_PAE, LOGOFF);
+ eapol_sm_txLogoff(sm);
+ sm->logoffSent = TRUE;
+ sm->suppPortStatus = Unauthorized;
+}
+
+
+SM_STATE(SUPP_PAE, DISCONNECTED)
+{
+ SM_ENTRY(SUPP_PAE, DISCONNECTED);
+ sm->sPortMode = Auto;
+ sm->startCount = 0;
+ sm->logoffSent = FALSE;
+ sm->suppPortStatus = Unauthorized;
+ sm->suppAbort = TRUE;
+
+ sm->unicast_key_received = FALSE;
+ sm->broadcast_key_received = FALSE;
+}
+
+
+SM_STATE(SUPP_PAE, CONNECTING)
+{
+ int send_start = sm->SUPP_PAE_state == SUPP_PAE_CONNECTING;
+ SM_ENTRY(SUPP_PAE, CONNECTING);
+ if (send_start) {
+ sm->startWhen = sm->startPeriod;
+ sm->startCount++;
+ } else {
+ /*
+ * Do not send EAPOL-Start immediately since in most cases,
+ * Authenticator is going to start authentication immediately
+ * after association and an extra EAPOL-Start is just going to
+ * delay authentication. Use a short timeout to send the first
+ * EAPOL-Start if Authenticator does not start authentication.
+ */
+ sm->startWhen = 3;
+ }
+ sm->eapolEap = FALSE;
+ if (send_start)
+ eapol_sm_txStart(sm);
+}
+
+
+SM_STATE(SUPP_PAE, AUTHENTICATING)
+{
+ SM_ENTRY(SUPP_PAE, AUTHENTICATING);
+ sm->startCount = 0;
+ sm->suppSuccess = FALSE;
+ sm->suppFail = FALSE;
+ sm->suppTimeout = FALSE;
+ sm->keyRun = FALSE;
+ sm->keyDone = FALSE;
+ sm->suppStart = TRUE;
+}
+
+
+SM_STATE(SUPP_PAE, HELD)
+{
+ SM_ENTRY(SUPP_PAE, HELD);
+ sm->heldWhile = sm->heldPeriod;
+ sm->suppPortStatus = Unauthorized;
+ sm->cb_status = EAPOL_CB_FAILURE;
+}
+
+
+SM_STATE(SUPP_PAE, AUTHENTICATED)
+{
+ SM_ENTRY(SUPP_PAE, AUTHENTICATED);
+ sm->suppPortStatus = Authorized;
+ sm->cb_status = EAPOL_CB_SUCCESS;
+}
+
+
+SM_STATE(SUPP_PAE, RESTART)
+{
+ SM_ENTRY(SUPP_PAE, RESTART);
+ sm->eapRestart = TRUE;
+}
+
+
+SM_STATE(SUPP_PAE, S_FORCE_AUTH)
+{
+ SM_ENTRY(SUPP_PAE, S_FORCE_AUTH);
+ sm->suppPortStatus = Authorized;
+ sm->sPortMode = ForceAuthorized;
+}
+
+
+SM_STATE(SUPP_PAE, S_FORCE_UNAUTH)
+{
+ SM_ENTRY(SUPP_PAE, S_FORCE_UNAUTH);
+ sm->suppPortStatus = Unauthorized;
+ sm->sPortMode = ForceUnauthorized;
+ eapol_sm_txLogoff(sm);
+}
+
+
+SM_STEP(SUPP_PAE)
+{
+ if ((sm->userLogoff && !sm->logoffSent) &&
+ !(sm->initialize || !sm->portEnabled))
+ SM_ENTER_GLOBAL(SUPP_PAE, LOGOFF);
+ else if (((sm->portControl == Auto) &&
+ (sm->sPortMode != sm->portControl)) ||
+ sm->initialize || !sm->portEnabled)
+ SM_ENTER_GLOBAL(SUPP_PAE, DISCONNECTED);
+ else if ((sm->portControl == ForceAuthorized) &&
+ (sm->sPortMode != sm->portControl) &&
+ !(sm->initialize || !sm->portEnabled))
+ SM_ENTER_GLOBAL(SUPP_PAE, S_FORCE_AUTH);
+ else if ((sm->portControl == ForceUnauthorized) &&
+ (sm->sPortMode != sm->portControl) &&
+ !(sm->initialize || !sm->portEnabled))
+ SM_ENTER_GLOBAL(SUPP_PAE, S_FORCE_UNAUTH);
+ else switch (sm->SUPP_PAE_state) {
+ case SUPP_PAE_UNKNOWN:
+ break;
+ case SUPP_PAE_LOGOFF:
+ if (!sm->userLogoff)
+ SM_ENTER(SUPP_PAE, DISCONNECTED);
+ break;
+ case SUPP_PAE_DISCONNECTED:
+ SM_ENTER(SUPP_PAE, CONNECTING);
+ break;
+ case SUPP_PAE_CONNECTING:
+ if (sm->startWhen == 0 && sm->startCount < sm->maxStart)
+ SM_ENTER(SUPP_PAE, CONNECTING);
+ else if (sm->startWhen == 0 &&
+ sm->startCount >= sm->maxStart &&
+ sm->portValid)
+ SM_ENTER(SUPP_PAE, AUTHENTICATED);
+ else if (sm->eapSuccess || sm->eapFail)
+ SM_ENTER(SUPP_PAE, AUTHENTICATING);
+ else if (sm->eapolEap)
+ SM_ENTER(SUPP_PAE, RESTART);
+ else if (sm->startWhen == 0 &&
+ sm->startCount >= sm->maxStart &&
+ !sm->portValid)
+ SM_ENTER(SUPP_PAE, HELD);
+ break;
+ case SUPP_PAE_AUTHENTICATING:
+ if (sm->eapSuccess && !sm->portValid &&
+ sm->conf.accept_802_1x_keys &&
+ sm->conf.required_keys == 0) {
+ wpa_printf(MSG_DEBUG, "EAPOL: IEEE 802.1X for "
+ "plaintext connection; no EAPOL-Key frames "
+ "required");
+ sm->portValid = TRUE;
+ if (sm->ctx->eapol_done_cb)
+ sm->ctx->eapol_done_cb(sm->ctx->ctx);
+ }
+ if (sm->eapSuccess && sm->portValid)
+ SM_ENTER(SUPP_PAE, AUTHENTICATED);
+ else if (sm->eapFail || (sm->keyDone && !sm->portValid))
+ SM_ENTER(SUPP_PAE, HELD);
+ else if (sm->suppTimeout)
+ SM_ENTER(SUPP_PAE, CONNECTING);
+ break;
+ case SUPP_PAE_HELD:
+ if (sm->heldWhile == 0)
+ SM_ENTER(SUPP_PAE, CONNECTING);
+ else if (sm->eapolEap)
+ SM_ENTER(SUPP_PAE, RESTART);
+ break;
+ case SUPP_PAE_AUTHENTICATED:
+ if (sm->eapolEap && sm->portValid)
+ SM_ENTER(SUPP_PAE, RESTART);
+ else if (!sm->portValid)
+ SM_ENTER(SUPP_PAE, DISCONNECTED);
+ break;
+ case SUPP_PAE_RESTART:
+ if (!sm->eapRestart)
+ SM_ENTER(SUPP_PAE, AUTHENTICATING);
+ break;
+ case SUPP_PAE_S_FORCE_AUTH:
+ break;
+ case SUPP_PAE_S_FORCE_UNAUTH:
+ break;
+ }
+}
+
+
+SM_STATE(KEY_RX, NO_KEY_RECEIVE)
+{
+ SM_ENTRY(KEY_RX, NO_KEY_RECEIVE);
+}
+
+
+SM_STATE(KEY_RX, KEY_RECEIVE)
+{
+ SM_ENTRY(KEY_RX, KEY_RECEIVE);
+ eapol_sm_processKey(sm);
+ sm->rxKey = FALSE;
+}
+
+
+SM_STEP(KEY_RX)
+{
+ if (sm->initialize || !sm->portEnabled)
+ SM_ENTER_GLOBAL(KEY_RX, NO_KEY_RECEIVE);
+ switch (sm->KEY_RX_state) {
+ case KEY_RX_UNKNOWN:
+ break;
+ case KEY_RX_NO_KEY_RECEIVE:
+ if (sm->rxKey)
+ SM_ENTER(KEY_RX, KEY_RECEIVE);
+ break;
+ case KEY_RX_KEY_RECEIVE:
+ if (sm->rxKey)
+ SM_ENTER(KEY_RX, KEY_RECEIVE);
+ break;
+ }
+}
+
+
+SM_STATE(SUPP_BE, REQUEST)
+{
+ SM_ENTRY(SUPP_BE, REQUEST);
+ sm->authWhile = 0;
+ sm->eapReq = TRUE;
+ eapol_sm_getSuppRsp(sm);
+}
+
+
+SM_STATE(SUPP_BE, RESPONSE)
+{
+ SM_ENTRY(SUPP_BE, RESPONSE);
+ eapol_sm_txSuppRsp(sm);
+ sm->eapResp = FALSE;
+}
+
+
+SM_STATE(SUPP_BE, SUCCESS)
+{
+ SM_ENTRY(SUPP_BE, SUCCESS);
+ sm->keyRun = TRUE;
+ sm->suppSuccess = TRUE;
+
+ if (eap_key_available(sm->eap)) {
+ /* New key received - clear IEEE 802.1X EAPOL-Key replay
+ * counter */
+ sm->replay_counter_valid = FALSE;
+ }
+}
+
+
+SM_STATE(SUPP_BE, FAIL)
+{
+ SM_ENTRY(SUPP_BE, FAIL);
+ sm->suppFail = TRUE;
+}
+
+
+SM_STATE(SUPP_BE, TIMEOUT)
+{
+ SM_ENTRY(SUPP_BE, TIMEOUT);
+ sm->suppTimeout = TRUE;
+}
+
+
+SM_STATE(SUPP_BE, IDLE)
+{
+ SM_ENTRY(SUPP_BE, IDLE);
+ sm->suppStart = FALSE;
+ sm->initial_req = TRUE;
+}
+
+
+SM_STATE(SUPP_BE, INITIALIZE)
+{
+ SM_ENTRY(SUPP_BE, INITIALIZE);
+ eapol_sm_abortSupp(sm);
+ sm->suppAbort = FALSE;
+}
+
+
+SM_STATE(SUPP_BE, RECEIVE)
+{
+ SM_ENTRY(SUPP_BE, RECEIVE);
+ sm->authWhile = sm->authPeriod;
+ sm->eapolEap = FALSE;
+ sm->eapNoResp = FALSE;
+ sm->initial_req = FALSE;
+}
+
+
+SM_STEP(SUPP_BE)
+{
+ if (sm->initialize || sm->suppAbort)
+ SM_ENTER_GLOBAL(SUPP_BE, INITIALIZE);
+ else switch (sm->SUPP_BE_state) {
+ case SUPP_BE_UNKNOWN:
+ break;
+ case SUPP_BE_REQUEST:
+ /*
+ * IEEE Std 802.1X-2004 has transitions from REQUEST to FAIL
+ * and SUCCESS based on eapFail and eapSuccess, respectively.
+ * However, IEEE Std 802.1X-2004 is also specifying that
+ * eapNoResp should be set in conjuction with eapSuccess and
+ * eapFail which would mean that more than one of the
+ * transitions here would be activated at the same time.
+ * Skipping RESPONSE and/or RECEIVE states in these cases can
+ * cause problems and the direct transitions to do not seem
+ * correct. Because of this, the conditions for these
+ * transitions are verified only after eapNoResp. They are
+ * unlikely to be used since eapNoResp should always be set if
+ * either of eapSuccess or eapFail is set.
+ */
+ if (sm->eapResp && sm->eapNoResp) {
+ wpa_printf(MSG_DEBUG, "EAPOL: SUPP_BE REQUEST: both "
+ "eapResp and eapNoResp set?!");
+ }
+ if (sm->eapResp)
+ SM_ENTER(SUPP_BE, RESPONSE);
+ else if (sm->eapNoResp)
+ SM_ENTER(SUPP_BE, RECEIVE);
+ else if (sm->eapFail)
+ SM_ENTER(SUPP_BE, FAIL);
+ else if (sm->eapSuccess)
+ SM_ENTER(SUPP_BE, SUCCESS);
+ break;
+ case SUPP_BE_RESPONSE:
+ SM_ENTER(SUPP_BE, RECEIVE);
+ break;
+ case SUPP_BE_SUCCESS:
+ SM_ENTER(SUPP_BE, IDLE);
+ break;
+ case SUPP_BE_FAIL:
+ SM_ENTER(SUPP_BE, IDLE);
+ break;
+ case SUPP_BE_TIMEOUT:
+ SM_ENTER(SUPP_BE, IDLE);
+ break;
+ case SUPP_BE_IDLE:
+ if (sm->eapFail && sm->suppStart)
+ SM_ENTER(SUPP_BE, FAIL);
+ else if (sm->eapolEap && sm->suppStart)
+ SM_ENTER(SUPP_BE, REQUEST);
+ else if (sm->eapSuccess && sm->suppStart)
+ SM_ENTER(SUPP_BE, SUCCESS);
+ break;
+ case SUPP_BE_INITIALIZE:
+ SM_ENTER(SUPP_BE, IDLE);
+ break;
+ case SUPP_BE_RECEIVE:
+ if (sm->eapolEap)
+ SM_ENTER(SUPP_BE, REQUEST);
+ else if (sm->eapFail)
+ SM_ENTER(SUPP_BE, FAIL);
+ else if (sm->authWhile == 0)
+ SM_ENTER(SUPP_BE, TIMEOUT);
+ else if (sm->eapSuccess)
+ SM_ENTER(SUPP_BE, SUCCESS);
+ break;
+ }
+}
+
+
+static void eapol_sm_txLogoff(struct eapol_sm *sm)
+{
+ wpa_printf(MSG_DEBUG, "EAPOL: txLogoff");
+ sm->ctx->eapol_send(sm->ctx->eapol_send_ctx,
+ IEEE802_1X_TYPE_EAPOL_LOGOFF, (u8 *) "", 0);
+ sm->dot1xSuppEapolLogoffFramesTx++;
+ sm->dot1xSuppEapolFramesTx++;
+}
+
+
+static void eapol_sm_txStart(struct eapol_sm *sm)
+{
+ wpa_printf(MSG_DEBUG, "EAPOL: txStart");
+ sm->ctx->eapol_send(sm->ctx->eapol_send_ctx,
+ IEEE802_1X_TYPE_EAPOL_START, (u8 *) "", 0);
+ sm->dot1xSuppEapolStartFramesTx++;
+ sm->dot1xSuppEapolFramesTx++;
+}
+
+
+#define IEEE8021X_ENCR_KEY_LEN 32
+#define IEEE8021X_SIGN_KEY_LEN 32
+
+struct eap_key_data {
+ u8 encr_key[IEEE8021X_ENCR_KEY_LEN];
+ u8 sign_key[IEEE8021X_SIGN_KEY_LEN];
+};
+
+
+static void eapol_sm_processKey(struct eapol_sm *sm)
+{
+ struct ieee802_1x_hdr *hdr;
+ struct ieee802_1x_eapol_key *key;
+ struct eap_key_data keydata;
+ u8 orig_key_sign[IEEE8021X_KEY_SIGN_LEN], datakey[32];
+ u8 ekey[IEEE8021X_KEY_IV_LEN + IEEE8021X_ENCR_KEY_LEN];
+ int key_len, res, sign_key_len, encr_key_len;
+ u16 rx_key_length;
+
+ wpa_printf(MSG_DEBUG, "EAPOL: processKey");
+ if (sm->last_rx_key == NULL)
+ return;
+
+ if (!sm->conf.accept_802_1x_keys) {
+ wpa_printf(MSG_WARNING, "EAPOL: Received IEEE 802.1X EAPOL-Key"
+ " even though this was not accepted - "
+ "ignoring this packet");
+ return;
+ }
+
+ hdr = (struct ieee802_1x_hdr *) sm->last_rx_key;
+ key = (struct ieee802_1x_eapol_key *) (hdr + 1);
+ if (sizeof(*hdr) + be_to_host16(hdr->length) > sm->last_rx_key_len) {
+ wpa_printf(MSG_WARNING, "EAPOL: Too short EAPOL-Key frame");
+ return;
+ }
+ rx_key_length = WPA_GET_BE16(key->key_length);
+ wpa_printf(MSG_DEBUG, "EAPOL: RX IEEE 802.1X ver=%d type=%d len=%d "
+ "EAPOL-Key: type=%d key_length=%d key_index=0x%x",
+ hdr->version, hdr->type, be_to_host16(hdr->length),
+ key->type, rx_key_length, key->key_index);
+
+ eapol_sm_notify_lower_layer_success(sm);
+ sign_key_len = IEEE8021X_SIGN_KEY_LEN;
+ encr_key_len = IEEE8021X_ENCR_KEY_LEN;
+ res = eapol_sm_get_key(sm, (u8 *) &keydata, sizeof(keydata));
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Could not get master key for "
+ "decrypting EAPOL-Key keys");
+ return;
+ }
+ if (res == 16) {
+ /* LEAP derives only 16 bytes of keying material. */
+ res = eapol_sm_get_key(sm, (u8 *) &keydata, 16);
+ if (res) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Could not get LEAP "
+ "master key for decrypting EAPOL-Key keys");
+ return;
+ }
+ sign_key_len = 16;
+ encr_key_len = 16;
+ os_memcpy(keydata.sign_key, keydata.encr_key, 16);
+ } else if (res) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Could not get enough master key "
+ "data for decrypting EAPOL-Key keys (res=%d)", res);
+ return;
+ }
+
+ /* The key replay_counter must increase when same master key */
+ if (sm->replay_counter_valid &&
+ os_memcmp(sm->last_replay_counter, key->replay_counter,
+ IEEE8021X_REPLAY_COUNTER_LEN) >= 0) {
+ wpa_printf(MSG_WARNING, "EAPOL: EAPOL-Key replay counter did "
+ "not increase - ignoring key");
+ wpa_hexdump(MSG_DEBUG, "EAPOL: last replay counter",
+ sm->last_replay_counter,
+ IEEE8021X_REPLAY_COUNTER_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAPOL: received replay counter",
+ key->replay_counter, IEEE8021X_REPLAY_COUNTER_LEN);
+ return;
+ }
+
+ /* Verify key signature (HMAC-MD5) */
+ os_memcpy(orig_key_sign, key->key_signature, IEEE8021X_KEY_SIGN_LEN);
+ os_memset(key->key_signature, 0, IEEE8021X_KEY_SIGN_LEN);
+ hmac_md5(keydata.sign_key, sign_key_len,
+ sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length),
+ key->key_signature);
+ if (os_memcmp(orig_key_sign, key->key_signature,
+ IEEE8021X_KEY_SIGN_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in "
+ "EAPOL-Key packet");
+ os_memcpy(key->key_signature, orig_key_sign,
+ IEEE8021X_KEY_SIGN_LEN);
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "EAPOL: EAPOL-Key key signature verified");
+
+ key_len = be_to_host16(hdr->length) - sizeof(*key);
+ if (key_len > 32 || rx_key_length > 32) {
+ wpa_printf(MSG_WARNING, "EAPOL: Too long key data length %d",
+ key_len ? key_len : rx_key_length);
+ return;
+ }
+ if (key_len == rx_key_length) {
+ os_memcpy(ekey, key->key_iv, IEEE8021X_KEY_IV_LEN);
+ os_memcpy(ekey + IEEE8021X_KEY_IV_LEN, keydata.encr_key,
+ encr_key_len);
+ os_memcpy(datakey, key + 1, key_len);
+ rc4(datakey, key_len, ekey,
+ IEEE8021X_KEY_IV_LEN + encr_key_len);
+ wpa_hexdump_key(MSG_DEBUG, "EAPOL: Decrypted(RC4) key",
+ datakey, key_len);
+ } else if (key_len == 0) {
+ /*
+ * IEEE 802.1X-2004 specifies that least significant Key Length
+ * octets from MS-MPPE-Send-Key are used as the key if the key
+ * data is not present. This seems to be meaning the beginning
+ * of the MS-MPPE-Send-Key. In addition, MS-MPPE-Send-Key in
+ * Supplicant corresponds to MS-MPPE-Recv-Key in Authenticator.
+ * Anyway, taking the beginning of the keying material from EAP
+ * seems to interoperate with Authenticators.
+ */
+ key_len = rx_key_length;
+ os_memcpy(datakey, keydata.encr_key, key_len);
+ wpa_hexdump_key(MSG_DEBUG, "EAPOL: using part of EAP keying "
+ "material data encryption key",
+ datakey, key_len);
+ } else {
+ wpa_printf(MSG_DEBUG, "EAPOL: Invalid key data length %d "
+ "(key_length=%d)", key_len, rx_key_length);
+ return;
+ }
+
+ sm->replay_counter_valid = TRUE;
+ os_memcpy(sm->last_replay_counter, key->replay_counter,
+ IEEE8021X_REPLAY_COUNTER_LEN);
+
+ wpa_printf(MSG_DEBUG, "EAPOL: Setting dynamic WEP key: %s keyidx %d "
+ "len %d",
+ key->key_index & IEEE8021X_KEY_INDEX_FLAG ?
+ "unicast" : "broadcast",
+ key->key_index & IEEE8021X_KEY_INDEX_MASK, key_len);
+
+ if (sm->ctx->set_wep_key &&
+ sm->ctx->set_wep_key(sm->ctx->ctx,
+ key->key_index & IEEE8021X_KEY_INDEX_FLAG,
+ key->key_index & IEEE8021X_KEY_INDEX_MASK,
+ datakey, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "EAPOL: Failed to set WEP key to the "
+ " driver.");
+ } else {
+ if (key->key_index & IEEE8021X_KEY_INDEX_FLAG)
+ sm->unicast_key_received = TRUE;
+ else
+ sm->broadcast_key_received = TRUE;
+
+ if ((sm->unicast_key_received ||
+ !(sm->conf.required_keys & EAPOL_REQUIRE_KEY_UNICAST)) &&
+ (sm->broadcast_key_received ||
+ !(sm->conf.required_keys & EAPOL_REQUIRE_KEY_BROADCAST)))
+ {
+ wpa_printf(MSG_DEBUG, "EAPOL: all required EAPOL-Key "
+ "frames received");
+ sm->portValid = TRUE;
+ if (sm->ctx->eapol_done_cb)
+ sm->ctx->eapol_done_cb(sm->ctx->ctx);
+ }
+ }
+}
+
+
+static void eapol_sm_getSuppRsp(struct eapol_sm *sm)
+{
+ wpa_printf(MSG_DEBUG, "EAPOL: getSuppRsp");
+ /* EAP layer processing; no special code is needed, since Supplicant
+ * Backend state machine is waiting for eapNoResp or eapResp to be set
+ * and these are only set in the EAP state machine when the processing
+ * has finished. */
+}
+
+
+static void eapol_sm_txSuppRsp(struct eapol_sm *sm)
+{
+ u8 *resp;
+ size_t resp_len;
+
+ wpa_printf(MSG_DEBUG, "EAPOL: txSuppRsp");
+ resp = eap_get_eapRespData(sm->eap, &resp_len);
+ if (resp == NULL) {
+ wpa_printf(MSG_WARNING, "EAPOL: txSuppRsp - EAP response data "
+ "not available");
+ return;
+ }
+
+ /* Send EAP-Packet from the EAP layer to the Authenticator */
+ sm->ctx->eapol_send(sm->ctx->eapol_send_ctx,
+ IEEE802_1X_TYPE_EAP_PACKET, resp, resp_len);
+
+ /* eapRespData is not used anymore, so free it here */
+ os_free(resp);
+
+ if (sm->initial_req)
+ sm->dot1xSuppEapolReqIdFramesRx++;
+ else
+ sm->dot1xSuppEapolReqFramesRx++;
+ sm->dot1xSuppEapolRespFramesTx++;
+ sm->dot1xSuppEapolFramesTx++;
+}
+
+
+static void eapol_sm_abortSupp(struct eapol_sm *sm)
+{
+ /* release system resources that may have been allocated for the
+ * authentication session */
+ os_free(sm->last_rx_key);
+ sm->last_rx_key = NULL;
+ os_free(sm->eapReqData);
+ sm->eapReqData = NULL;
+ eap_sm_abort(sm->eap);
+}
+
+
+static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ eapol_sm_step(timeout_ctx);
+}
+
+
+/**
+ * eapol_sm_step - EAPOL state machine step function
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * This function is called to notify the state machine about changed external
+ * variables. It will step through the EAPOL state machines in loop to process
+ * all triggered state changes.
+ */
+void eapol_sm_step(struct eapol_sm *sm)
+{
+ int i;
+
+ /* In theory, it should be ok to run this in loop until !changed.
+ * However, it is better to use a limit on number of iterations to
+ * allow events (e.g., SIGTERM) to stop the program cleanly if the
+ * state machine were to generate a busy loop. */
+ for (i = 0; i < 100; i++) {
+ sm->changed = FALSE;
+ SM_STEP_RUN(SUPP_PAE);
+ SM_STEP_RUN(KEY_RX);
+ SM_STEP_RUN(SUPP_BE);
+ if (eap_sm_step(sm->eap))
+ sm->changed = TRUE;
+ if (!sm->changed)
+ break;
+ }
+
+ if (sm->changed) {
+ /* restart EAPOL state machine step from timeout call in order
+ * to allow other events to be processed. */
+ eloop_cancel_timeout(eapol_sm_step_timeout, NULL, sm);
+ eloop_register_timeout(0, 0, eapol_sm_step_timeout, NULL, sm);
+ }
+
+ if (sm->ctx->cb && sm->cb_status != EAPOL_CB_IN_PROGRESS) {
+ int success = sm->cb_status == EAPOL_CB_SUCCESS ? 1 : 0;
+ sm->cb_status = EAPOL_CB_IN_PROGRESS;
+ sm->ctx->cb(sm, success, sm->ctx->cb_ctx);
+ }
+}
+
+
+#ifdef CONFIG_CTRL_IFACE
+static const char *eapol_supp_pae_state(int state)
+{
+ switch (state) {
+ case SUPP_PAE_LOGOFF:
+ return "LOGOFF";
+ case SUPP_PAE_DISCONNECTED:
+ return "DISCONNECTED";
+ case SUPP_PAE_CONNECTING:
+ return "CONNECTING";
+ case SUPP_PAE_AUTHENTICATING:
+ return "AUTHENTICATING";
+ case SUPP_PAE_HELD:
+ return "HELD";
+ case SUPP_PAE_AUTHENTICATED:
+ return "AUTHENTICATED";
+ case SUPP_PAE_RESTART:
+ return "RESTART";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+static const char *eapol_supp_be_state(int state)
+{
+ switch (state) {
+ case SUPP_BE_REQUEST:
+ return "REQUEST";
+ case SUPP_BE_RESPONSE:
+ return "RESPONSE";
+ case SUPP_BE_SUCCESS:
+ return "SUCCESS";
+ case SUPP_BE_FAIL:
+ return "FAIL";
+ case SUPP_BE_TIMEOUT:
+ return "TIMEOUT";
+ case SUPP_BE_IDLE:
+ return "IDLE";
+ case SUPP_BE_INITIALIZE:
+ return "INITIALIZE";
+ case SUPP_BE_RECEIVE:
+ return "RECEIVE";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+static const char * eapol_port_status(PortStatus status)
+{
+ if (status == Authorized)
+ return "Authorized";
+ else
+ return "Unauthorized";
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
+static const char * eapol_port_control(PortControl ctrl)
+{
+ switch (ctrl) {
+ case Auto:
+ return "Auto";
+ case ForceUnauthorized:
+ return "ForceUnauthorized";
+ case ForceAuthorized:
+ return "ForceAuthorized";
+ default:
+ return "Unknown";
+ }
+}
+#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+
+
+/**
+ * eapol_sm_configure - Set EAPOL variables
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @heldPeriod: dot1xSuppHeldPeriod
+ * @authPeriod: dot1xSuppAuthPeriod
+ * @startPeriod: dot1xSuppStartPeriod
+ * @maxStart: dot1xSuppMaxStart
+ *
+ * Set configurable EAPOL state machine variables. Each variable can be set to
+ * the given value or ignored if set to -1 (to set only some of the variables).
+ */
+void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod,
+ int startPeriod, int maxStart)
+{
+ if (sm == NULL)
+ return;
+ if (heldPeriod >= 0)
+ sm->heldPeriod = heldPeriod;
+ if (authPeriod >= 0)
+ sm->authPeriod = authPeriod;
+ if (startPeriod >= 0)
+ sm->startPeriod = startPeriod;
+ if (maxStart >= 0)
+ sm->maxStart = maxStart;
+}
+
+
+#ifdef CONFIG_CTRL_IFACE
+/**
+ * eapol_sm_get_status - Get EAPOL state machine status
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf.
+ *
+ * Query EAPOL state machine for status information. This function fills in a
+ * text area with current status information from the EAPOL state machine. If
+ * the buffer (buf) is not large enough, status information will be truncated
+ * to fit the buffer.
+ */
+int eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen,
+ int verbose)
+{
+ int len, ret;
+ if (sm == NULL)
+ return 0;
+
+ len = os_snprintf(buf, buflen,
+ "Supplicant PAE state=%s\n"
+ "suppPortStatus=%s\n",
+ eapol_supp_pae_state(sm->SUPP_PAE_state),
+ eapol_port_status(sm->suppPortStatus));
+ if (len < 0 || (size_t) len >= buflen)
+ return 0;
+
+ if (verbose) {
+ ret = os_snprintf(buf + len, buflen - len,
+ "heldPeriod=%u\n"
+ "authPeriod=%u\n"
+ "startPeriod=%u\n"
+ "maxStart=%u\n"
+ "portControl=%s\n"
+ "Supplicant Backend state=%s\n",
+ sm->heldPeriod,
+ sm->authPeriod,
+ sm->startPeriod,
+ sm->maxStart,
+ eapol_port_control(sm->portControl),
+ eapol_supp_be_state(sm->SUPP_BE_state));
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+ }
+
+ len += eap_sm_get_status(sm->eap, buf + len, buflen - len, verbose);
+
+ return len;
+}
+
+
+/**
+ * eapol_sm_get_mib - Get EAPOL state machine MIBs
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @buf: Buffer for MIB information
+ * @buflen: Maximum buffer length
+ * Returns: Number of bytes written to buf.
+ *
+ * Query EAPOL state machine for MIB information. This function fills in a
+ * text area with current MIB information from the EAPOL state machine. If
+ * the buffer (buf) is not large enough, MIB information will be truncated to
+ * fit the buffer.
+ */
+int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen)
+{
+ size_t len;
+ int ret;
+
+ if (sm == NULL)
+ return 0;
+ ret = os_snprintf(buf, buflen,
+ "dot1xSuppPaeState=%d\n"
+ "dot1xSuppHeldPeriod=%u\n"
+ "dot1xSuppAuthPeriod=%u\n"
+ "dot1xSuppStartPeriod=%u\n"
+ "dot1xSuppMaxStart=%u\n"
+ "dot1xSuppSuppControlledPortStatus=%s\n"
+ "dot1xSuppBackendPaeState=%d\n",
+ sm->SUPP_PAE_state,
+ sm->heldPeriod,
+ sm->authPeriod,
+ sm->startPeriod,
+ sm->maxStart,
+ sm->suppPortStatus == Authorized ?
+ "Authorized" : "Unauthorized",
+ sm->SUPP_BE_state);
+
+ if (ret < 0 || (size_t) ret >= buflen)
+ return 0;
+ len = ret;
+
+ ret = os_snprintf(buf + len, buflen - len,
+ "dot1xSuppEapolFramesRx=%u\n"
+ "dot1xSuppEapolFramesTx=%u\n"
+ "dot1xSuppEapolStartFramesTx=%u\n"
+ "dot1xSuppEapolLogoffFramesTx=%u\n"
+ "dot1xSuppEapolRespFramesTx=%u\n"
+ "dot1xSuppEapolReqIdFramesRx=%u\n"
+ "dot1xSuppEapolReqFramesRx=%u\n"
+ "dot1xSuppInvalidEapolFramesRx=%u\n"
+ "dot1xSuppEapLengthErrorFramesRx=%u\n"
+ "dot1xSuppLastEapolFrameVersion=%u\n"
+ "dot1xSuppLastEapolFrameSource=" MACSTR "\n",
+ sm->dot1xSuppEapolFramesRx,
+ sm->dot1xSuppEapolFramesTx,
+ sm->dot1xSuppEapolStartFramesTx,
+ sm->dot1xSuppEapolLogoffFramesTx,
+ sm->dot1xSuppEapolRespFramesTx,
+ sm->dot1xSuppEapolReqIdFramesRx,
+ sm->dot1xSuppEapolReqFramesRx,
+ sm->dot1xSuppInvalidEapolFramesRx,
+ sm->dot1xSuppEapLengthErrorFramesRx,
+ sm->dot1xSuppLastEapolFrameVersion,
+ MAC2STR(sm->dot1xSuppLastEapolFrameSource));
+
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+
+ return len;
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+/**
+ * eapol_sm_rx_eapol - Process received EAPOL frames
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @src: Source MAC address of the EAPOL packet
+ * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
+ * @len: Length of the EAPOL frame
+ * Returns: 1 = EAPOL frame processed, 0 = not for EAPOL state machine,
+ * -1 failure
+ */
+int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
+ size_t len)
+{
+ const struct ieee802_1x_hdr *hdr;
+ const struct ieee802_1x_eapol_key *key;
+ int data_len;
+ int res = 1;
+ size_t plen;
+
+ if (sm == NULL)
+ return 0;
+ sm->dot1xSuppEapolFramesRx++;
+ if (len < sizeof(*hdr)) {
+ sm->dot1xSuppInvalidEapolFramesRx++;
+ return 0;
+ }
+ hdr = (const struct ieee802_1x_hdr *) buf;
+ sm->dot1xSuppLastEapolFrameVersion = hdr->version;
+ os_memcpy(sm->dot1xSuppLastEapolFrameSource, src, ETH_ALEN);
+ if (hdr->version < EAPOL_VERSION) {
+ /* TODO: backwards compatibility */
+ }
+ plen = be_to_host16(hdr->length);
+ if (plen > len - sizeof(*hdr)) {
+ sm->dot1xSuppEapLengthErrorFramesRx++;
+ return 0;
+ }
+ data_len = plen + sizeof(*hdr);
+
+ switch (hdr->type) {
+ case IEEE802_1X_TYPE_EAP_PACKET:
+ if (sm->cached_pmk) {
+ /* Trying to use PMKSA caching, but Authenticator did
+ * not seem to have a matching entry. Need to restart
+ * EAPOL state machines.
+ */
+ eapol_sm_abort_cached(sm);
+ }
+ os_free(sm->eapReqData);
+ sm->eapReqDataLen = plen;
+ sm->eapReqData = os_malloc(sm->eapReqDataLen);
+ if (sm->eapReqData) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Received EAP-Packet "
+ "frame");
+ os_memcpy(sm->eapReqData, (u8 *) (hdr + 1),
+ sm->eapReqDataLen);
+ sm->eapolEap = TRUE;
+ eapol_sm_step(sm);
+ }
+ break;
+ case IEEE802_1X_TYPE_EAPOL_KEY:
+ if (plen < sizeof(*key)) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Too short EAPOL-Key "
+ "frame received");
+ break;
+ }
+ key = (const struct ieee802_1x_eapol_key *) (hdr + 1);
+ if (key->type == EAPOL_KEY_TYPE_WPA ||
+ key->type == EAPOL_KEY_TYPE_RSN) {
+ /* WPA Supplicant takes care of this frame. */
+ wpa_printf(MSG_DEBUG, "EAPOL: Ignoring WPA EAPOL-Key "
+ "frame in EAPOL state machines");
+ res = 0;
+ break;
+ }
+ if (key->type != EAPOL_KEY_TYPE_RC4) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Ignored unknown "
+ "EAPOL-Key type %d", key->type);
+ break;
+ }
+ os_free(sm->last_rx_key);
+ sm->last_rx_key = os_malloc(data_len);
+ if (sm->last_rx_key) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Received EAPOL-Key "
+ "frame");
+ os_memcpy(sm->last_rx_key, buf, data_len);
+ sm->last_rx_key_len = data_len;
+ sm->rxKey = TRUE;
+ eapol_sm_step(sm);
+ }
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "EAPOL: Received unknown EAPOL type %d",
+ hdr->type);
+ sm->dot1xSuppInvalidEapolFramesRx++;
+ break;
+ }
+
+ return res;
+}
+
+
+/**
+ * eapol_sm_notify_tx_eapol_key - Notification about transmitted EAPOL packet
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Notify EAPOL state machine about transmitted EAPOL packet from an external
+ * component, e.g., WPA. This will update the statistics.
+ */
+void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm)
+{
+ if (sm)
+ sm->dot1xSuppEapolFramesTx++;
+}
+
+
+/**
+ * eapol_sm_notify_portEnabled - Notification about portEnabled change
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @enabled: New portEnabled value
+ *
+ * Notify EAPOL state machine about new portEnabled value.
+ */
+void eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled)
+{
+ if (sm == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "EAPOL: External notification - "
+ "portEnabled=%d", enabled);
+ sm->portEnabled = enabled;
+ eapol_sm_step(sm);
+}
+
+
+/**
+ * eapol_sm_notify_portValid - Notification about portValid change
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @valid: New portValid value
+ *
+ * Notify EAPOL state machine about new portValid value.
+ */
+void eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid)
+{
+ if (sm == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "EAPOL: External notification - "
+ "portValid=%d", valid);
+ sm->portValid = valid;
+ eapol_sm_step(sm);
+}
+
+
+/**
+ * eapol_sm_notify_eap_success - Notification of external EAP success trigger
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @success: %TRUE = set success, %FALSE = clear success
+ *
+ * Notify the EAPOL state machine that external event has forced EAP state to
+ * success (success = %TRUE). This can be cleared by setting success = %FALSE.
+ *
+ * This function is called to update EAP state when WPA-PSK key handshake has
+ * been completed successfully since WPA-PSK does not use EAP state machine.
+ */
+void eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success)
+{
+ if (sm == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "EAPOL: External notification - "
+ "EAP success=%d", success);
+ sm->eapSuccess = success;
+ sm->altAccept = success;
+ if (success)
+ eap_notify_success(sm->eap);
+ eapol_sm_step(sm);
+}
+
+
+/**
+ * eapol_sm_notify_eap_fail - Notification of external EAP failure trigger
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @fail: %TRUE = set failure, %FALSE = clear failure
+ *
+ * Notify EAPOL state machine that external event has forced EAP state to
+ * failure (fail = %TRUE). This can be cleared by setting fail = %FALSE.
+ */
+void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail)
+{
+ if (sm == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "EAPOL: External notification - "
+ "EAP fail=%d", fail);
+ sm->eapFail = fail;
+ sm->altReject = fail;
+ eapol_sm_step(sm);
+}
+
+
+/**
+ * eapol_sm_notify_config - Notification of EAPOL configuration change
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @config: Pointer to current network configuration
+ * @conf: Pointer to EAPOL configuration data
+ *
+ * Notify EAPOL state machine that configuration has changed. config will be
+ * stored as a backpointer to network configuration. This can be %NULL to clear
+ * the stored pointed. conf will be copied to local EAPOL/EAP configuration
+ * data. If conf is %NULL, this part of the configuration change will be
+ * skipped.
+ */
+void eapol_sm_notify_config(struct eapol_sm *sm, struct wpa_ssid *config,
+ const struct eapol_config *conf)
+{
+ if (sm == NULL)
+ return;
+
+ sm->config = config;
+
+ if (conf == NULL)
+ return;
+
+ sm->conf.accept_802_1x_keys = conf->accept_802_1x_keys;
+ sm->conf.required_keys = conf->required_keys;
+ sm->conf.fast_reauth = conf->fast_reauth;
+ if (sm->eap) {
+ eap_set_fast_reauth(sm->eap, conf->fast_reauth);
+ eap_set_workaround(sm->eap, conf->workaround);
+ eap_set_force_disabled(sm->eap, conf->eap_disabled);
+ }
+}
+
+
+/**
+ * eapol_sm_get_key - Get master session key (MSK) from EAP
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @key: Pointer for key buffer
+ * @len: Number of bytes to copy to key
+ * Returns: 0 on success (len of key available), maximum available key len
+ * (>0) if key is available but it is shorter than len, or -1 on failure.
+ *
+ * Fetch EAP keying material (MSK, eapKeyData) from EAP state machine. The key
+ * is available only after a successful authentication.
+ */
+int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len)
+{
+ const u8 *eap_key;
+ size_t eap_len;
+
+ if (sm == NULL || !eap_key_available(sm->eap))
+ return -1;
+ eap_key = eap_get_eapKeyData(sm->eap, &eap_len);
+ if (eap_key == NULL)
+ return -1;
+ if (len > eap_len)
+ return eap_len;
+ os_memcpy(key, eap_key, len);
+ return 0;
+}
+
+
+/**
+ * eapol_sm_notify_logoff - Notification of logon/logoff commands
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @logoff: Whether command was logoff
+ *
+ * Notify EAPOL state machines that user requested logon/logoff.
+ */
+void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff)
+{
+ if (sm) {
+ sm->userLogoff = logoff;
+ eapol_sm_step(sm);
+ }
+}
+
+
+/**
+ * eapol_sm_notify_pmkid_attempt - Notification of successful PMKSA caching
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Notify EAPOL state machines that PMKSA caching was successful. This is used
+ * to move EAPOL and EAP state machines into authenticated/successful state.
+ */
+void eapol_sm_notify_cached(struct eapol_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
+ sm->suppPortStatus = Authorized;
+ eap_notify_success(sm->eap);
+}
+
+
+/**
+ * eapol_sm_notify_pmkid_attempt - Notification of PMKSA caching
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @attempt: Whether PMKSA caching is tried
+ *
+ * Notify EAPOL state machines whether PMKSA caching is used.
+ */
+void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt)
+{
+ if (sm == NULL)
+ return;
+ if (attempt) {
+ wpa_printf(MSG_DEBUG, "RSN: Trying to use cached PMKSA");
+ sm->cached_pmk = TRUE;
+ } else {
+ wpa_printf(MSG_DEBUG, "RSN: Do not try to use cached PMKSA");
+ sm->cached_pmk = FALSE;
+ }
+}
+
+
+static void eapol_sm_abort_cached(struct eapol_sm *sm)
+{
+ wpa_printf(MSG_DEBUG, "RSN: Authenticator did not accept PMKID, "
+ "doing full EAP authentication");
+ if (sm == NULL)
+ return;
+ sm->cached_pmk = FALSE;
+ sm->SUPP_PAE_state = SUPP_PAE_CONNECTING;
+ sm->suppPortStatus = Unauthorized;
+
+ /* Make sure we do not start sending EAPOL-Start frames first, but
+ * instead move to RESTART state to start EAPOL authentication. */
+ sm->startWhen = 3;
+
+ if (sm->ctx->aborted_cached)
+ sm->ctx->aborted_cached(sm->ctx->ctx);
+}
+
+
+/**
+ * eapol_sm_register_scard_ctx - Notification of smart card context
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @ctx: Context data for smart card operations
+ *
+ * Notify EAPOL state machines of context data for smart card operations. This
+ * context data will be used as a parameter for scard_*() functions.
+ */
+void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx)
+{
+ if (sm) {
+ sm->ctx->scard_ctx = ctx;
+ eap_register_scard_ctx(sm->eap, ctx);
+ }
+}
+
+
+/**
+ * eapol_sm_notify_portControl - Notification of portControl changes
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @portControl: New value for portControl variable
+ *
+ * Notify EAPOL state machines that portControl variable has changed.
+ */
+void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl)
+{
+ if (sm == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "EAPOL: External notification - "
+ "portControl=%s", eapol_port_control(portControl));
+ sm->portControl = portControl;
+ eapol_sm_step(sm);
+}
+
+
+/**
+ * eapol_sm_notify_ctrl_attached - Notification of attached monitor
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Notify EAPOL state machines that a monitor was attached to the control
+ * interface to trigger re-sending of pending requests for user input.
+ */
+void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ eap_sm_notify_ctrl_attached(sm->eap);
+}
+
+
+/**
+ * eapol_sm_notify_ctrl_response - Notification of received user input
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Notify EAPOL state machines that a control response, i.e., user
+ * input, was received in order to trigger retrying of a pending EAP request.
+ */
+void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ if (sm->eapReqData && !sm->eapReq) {
+ wpa_printf(MSG_DEBUG, "EAPOL: received control response (user "
+ "input) notification - retrying pending EAP "
+ "Request");
+ sm->eapolEap = TRUE;
+ sm->eapReq = TRUE;
+ eapol_sm_step(sm);
+ }
+}
+
+
+/**
+ * eapol_sm_request_reauth - Request reauthentication
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * This function can be used to request EAPOL reauthentication, e.g., when the
+ * current PMKSA entry is nearing expiration.
+ */
+void eapol_sm_request_reauth(struct eapol_sm *sm)
+{
+ if (sm == NULL || sm->SUPP_PAE_state != SUPP_PAE_AUTHENTICATED)
+ return;
+ eapol_sm_txStart(sm);
+}
+
+
+/**
+ * eapol_sm_notify_lower_layer_success - Notification of lower layer success
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Notify EAPOL (and EAP) state machines that a lower layer has detected a
+ * successful authentication. This is used to recover from dropped EAP-Success
+ * messages.
+ */
+void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ eap_notify_lower_layer_success(sm->eap);
+}
+
+
+/**
+ * eapol_sm_invalidate_cached_session - Mark cached EAP session data invalid
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ */
+void eapol_sm_invalidate_cached_session(struct eapol_sm *sm)
+{
+ if (sm)
+ eap_invalidate_cached_session(sm->eap);
+}
+
+
+static struct wpa_ssid * eapol_sm_get_config(void *ctx)
+{
+ struct eapol_sm *sm = ctx;
+ return sm ? sm->config : NULL;
+}
+
+
+static u8 * eapol_sm_get_eapReqData(void *ctx, size_t *len)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL || sm->eapReqData == NULL) {
+ *len = 0;
+ return NULL;
+ }
+
+ *len = sm->eapReqDataLen;
+ return sm->eapReqData;
+}
+
+
+static Boolean eapol_sm_get_bool(void *ctx, enum eapol_bool_var variable)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL)
+ return FALSE;
+ switch (variable) {
+ case EAPOL_eapSuccess:
+ return sm->eapSuccess;
+ case EAPOL_eapRestart:
+ return sm->eapRestart;
+ case EAPOL_eapFail:
+ return sm->eapFail;
+ case EAPOL_eapResp:
+ return sm->eapResp;
+ case EAPOL_eapNoResp:
+ return sm->eapNoResp;
+ case EAPOL_eapReq:
+ return sm->eapReq;
+ case EAPOL_portEnabled:
+ return sm->portEnabled;
+ case EAPOL_altAccept:
+ return sm->altAccept;
+ case EAPOL_altReject:
+ return sm->altReject;
+ }
+ return FALSE;
+}
+
+
+static void eapol_sm_set_bool(void *ctx, enum eapol_bool_var variable,
+ Boolean value)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL)
+ return;
+ switch (variable) {
+ case EAPOL_eapSuccess:
+ sm->eapSuccess = value;
+ break;
+ case EAPOL_eapRestart:
+ sm->eapRestart = value;
+ break;
+ case EAPOL_eapFail:
+ sm->eapFail = value;
+ break;
+ case EAPOL_eapResp:
+ sm->eapResp = value;
+ break;
+ case EAPOL_eapNoResp:
+ sm->eapNoResp = value;
+ break;
+ case EAPOL_eapReq:
+ sm->eapReq = value;
+ break;
+ case EAPOL_portEnabled:
+ sm->portEnabled = value;
+ break;
+ case EAPOL_altAccept:
+ sm->altAccept = value;
+ break;
+ case EAPOL_altReject:
+ sm->altReject = value;
+ break;
+ }
+}
+
+
+static unsigned int eapol_sm_get_int(void *ctx, enum eapol_int_var variable)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL)
+ return 0;
+ switch (variable) {
+ case EAPOL_idleWhile:
+ return sm->idleWhile;
+ }
+ return 0;
+}
+
+
+static void eapol_sm_set_int(void *ctx, enum eapol_int_var variable,
+ unsigned int value)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL)
+ return;
+ switch (variable) {
+ case EAPOL_idleWhile:
+ sm->idleWhile = value;
+ break;
+ }
+}
+
+
+static void eapol_sm_set_config_blob(void *ctx, struct wpa_config_blob *blob)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm && sm->ctx && sm->ctx->set_config_blob)
+ sm->ctx->set_config_blob(sm->ctx->ctx, blob);
+}
+
+
+static const struct wpa_config_blob *
+eapol_sm_get_config_blob(void *ctx, const char *name)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm && sm->ctx && sm->ctx->get_config_blob)
+ return sm->ctx->get_config_blob(sm->ctx->ctx, name);
+ else
+ return NULL;
+}
+
+
+static void eapol_sm_notify_pending(void *ctx)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm == NULL)
+ return;
+ if (sm->eapReqData && !sm->eapReq) {
+ wpa_printf(MSG_DEBUG, "EAPOL: received notification from EAP "
+ "state machine - retrying pending EAP Request");
+ sm->eapolEap = TRUE;
+ sm->eapReq = TRUE;
+ eapol_sm_step(sm);
+ }
+}
+
+
+static struct eapol_callbacks eapol_cb =
+{
+ eapol_sm_get_config,
+ eapol_sm_get_bool,
+ eapol_sm_set_bool,
+ eapol_sm_get_int,
+ eapol_sm_set_int,
+ eapol_sm_get_eapReqData,
+ eapol_sm_set_config_blob,
+ eapol_sm_get_config_blob,
+ eapol_sm_notify_pending
+};
+
+
+/**
+ * eapol_sm_init - Initialize EAPOL state machine
+ * @ctx: Pointer to EAPOL context data; this needs to be an allocated buffer
+ * and EAPOL state machine will free it in eapol_sm_deinit()
+ * Returns: Pointer to the allocated EAPOL state machine or %NULL on failure
+ *
+ * Allocate and initialize an EAPOL state machine.
+ */
+struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
+{
+ struct eapol_sm *sm;
+ struct eap_config conf;
+ sm = os_zalloc(sizeof(*sm));
+ if (sm == NULL)
+ return NULL;
+ sm->ctx = ctx;
+
+ sm->portControl = Auto;
+
+ /* Supplicant PAE state machine */
+ sm->heldPeriod = 60;
+ sm->startPeriod = 30;
+ sm->maxStart = 3;
+
+ /* Supplicant Backend state machine */
+ sm->authPeriod = 30;
+
+ os_memset(&conf, 0, sizeof(conf));
+ conf.opensc_engine_path = ctx->opensc_engine_path;
+ conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
+ conf.pkcs11_module_path = ctx->pkcs11_module_path;
+
+ sm->eap = eap_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf);
+ if (sm->eap == NULL) {
+ os_free(sm);
+ return NULL;
+ }
+
+ /* Initialize EAPOL state machines */
+ sm->initialize = TRUE;
+ eapol_sm_step(sm);
+ sm->initialize = FALSE;
+ eapol_sm_step(sm);
+
+ eloop_register_timeout(1, 0, eapol_port_timers_tick, NULL, sm);
+
+ return sm;
+}
+
+
+/**
+ * eapol_sm_deinit - Deinitialize EAPOL state machine
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * Deinitialize and free EAPOL state machine.
+ */
+void eapol_sm_deinit(struct eapol_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ eloop_cancel_timeout(eapol_sm_step_timeout, NULL, sm);
+ eloop_cancel_timeout(eapol_port_timers_tick, NULL, sm);
+ eap_sm_deinit(sm->eap);
+ os_free(sm->last_rx_key);
+ os_free(sm->eapReqData);
+ os_free(sm->ctx);
+ os_free(sm);
+}
--- /dev/null
+/*
+ * WPA Supplicant / EAPOL state machines
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAPOL_SM_H
+#define EAPOL_SM_H
+
+#include "defs.h"
+
+typedef enum { Unauthorized, Authorized } PortStatus;
+typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl;
+
+/**
+ * struct eapol_config - Per network configuration for EAPOL state machines
+ */
+struct eapol_config {
+ /**
+ * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames
+ *
+ * This variable should be set to 1 when using EAPOL state machines
+ * with non-WPA security policy to generate dynamic WEP keys. When
+ * using WPA, this should be set to 0 so that WPA state machine can
+ * process the EAPOL-Key frames.
+ */
+ int accept_802_1x_keys;
+
+#define EAPOL_REQUIRE_KEY_UNICAST BIT(0)
+#define EAPOL_REQUIRE_KEY_BROADCAST BIT(1)
+ /**
+ * required_keys - Which EAPOL-Key packets are required
+ *
+ * This variable determines which EAPOL-Key packets are required before
+ * marking connection authenticated. This is a bit field of
+ * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags.
+ */
+ int required_keys;
+
+ /**
+ * fast_reauth - Whether fast EAP reauthentication is enabled
+ */
+ int fast_reauth;
+
+ /**
+ * workaround - Whether EAP workarounds are enabled
+ */
+ unsigned int workaround;
+
+ /**
+ * eap_disabled - Whether EAP is disabled
+ */
+ int eap_disabled;
+};
+
+struct eapol_sm;
+struct wpa_config_blob;
+
+/**
+ * struct eapol_ctx - Global (for all networks) EAPOL state machine context
+ */
+struct eapol_ctx {
+ /**
+ * ctx - Pointer to arbitrary upper level context
+ */
+ void *ctx;
+
+ /**
+ * preauth - IEEE 802.11i/RSN pre-authentication
+ *
+ * This EAPOL state machine is used for IEEE 802.11i/RSN
+ * pre-authentication
+ */
+ int preauth;
+
+ /**
+ * cb - Function to be called when EAPOL negotiation has been completed
+ * @eapol: Pointer to EAPOL state machine data
+ * @success: Whether the authentication was completed successfully
+ * @ctx: Pointer to context data (cb_ctx)
+ *
+ * This optional callback function will be called when the EAPOL
+ * authentication has been completed. This allows the owner of the
+ * EAPOL state machine to process the key and terminate the EAPOL state
+ * machine. Currently, this is used only in RSN pre-authentication.
+ */
+ void (*cb)(struct eapol_sm *eapol, int success, void *ctx);
+
+ /**
+ * cb_ctx - Callback context for cb()
+ */
+ void *cb_ctx;
+
+ /**
+ * msg_ctx - Callback context for wpa_msg() calls
+ */
+ void *msg_ctx;
+
+ /**
+ * scard_ctx - Callback context for PC/SC scard_*() function calls
+ *
+ * This context can be updated with eapol_sm_register_scard_ctx().
+ */
+ void *scard_ctx;
+
+ /**
+ * eapol_send_ctx - Callback context for eapol_send() calls
+ */
+ void *eapol_send_ctx;
+
+ /**
+ * eapol_done_cb - Function to be called at successful completion
+ * @ctx: Callback context (ctx)
+ *
+ * This function is called at the successful completion of EAPOL
+ * authentication. If dynamic WEP keys are used, this is called only
+ * after all the expected keys have been received.
+ */
+ void (*eapol_done_cb)(void *ctx);
+
+ /**
+ * eapol_send - Send EAPOL packets
+ * @ctx: Callback context (eapol_send_ctx)
+ * @type: EAPOL type (IEEE802_1X_TYPE_*)
+ * @buf: Pointer to EAPOL payload
+ * @len: Length of the EAPOL payload
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len);
+
+ /**
+ * set_wep_key - Configure WEP keys
+ * @ctx: Callback context (ctx)
+ * @unicast: Non-zero = unicast, 0 = multicast/broadcast key
+ * @keyidx: Key index (0..3)
+ * @key: WEP key
+ * @keylen: Length of the WEP key
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*set_wep_key)(void *ctx, int unicast, int keyidx,
+ const u8 *key, size_t keylen);
+
+ /**
+ * set_config_blob - Set or add a named configuration blob
+ * @ctx: Callback context (ctx)
+ * @blob: New value for the blob
+ *
+ * Adds a new configuration blob or replaces the current value of an
+ * existing blob.
+ */
+ void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
+
+ /**
+ * get_config_blob - Get a named configuration blob
+ * @ctx: Callback context (ctx)
+ * @name: Name of the blob
+ * Returns: Pointer to blob data or %NULL if not found
+ */
+ const struct wpa_config_blob * (*get_config_blob)(void *ctx,
+ const char *name);
+
+ /**
+ * aborted_cached - Notify that cached PMK attempt was aborted
+ * @ctx: Callback context (ctx)
+ */
+ void (*aborted_cached)(void *ctx);
+
+ /**
+ * opensc_engine_path - Path to the OpenSSL engine for opensc
+ *
+ * This is an OpenSSL specific configuration option for loading OpenSC
+ * engine (engine_opensc.so); if %NULL, this engine is not loaded.
+ */
+ const char *opensc_engine_path;
+
+ /**
+ * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11
+ *
+ * This is an OpenSSL specific configuration option for loading PKCS#11
+ * engine (engine_pkcs11.so); if %NULL, this engine is not loaded.
+ */
+ const char *pkcs11_engine_path;
+
+ /**
+ * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module
+ *
+ * This is an OpenSSL specific configuration option for configuring
+ * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this
+ * module is not loaded.
+ */
+ const char *pkcs11_module_path;
+};
+
+
+struct wpa_ssid;
+
+#ifdef IEEE8021X_EAPOL
+struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx);
+void eapol_sm_deinit(struct eapol_sm *sm);
+void eapol_sm_step(struct eapol_sm *sm);
+int eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen,
+ int verbose);
+int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen);
+void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod,
+ int startPeriod, int maxStart);
+int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
+ size_t len);
+void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm);
+void eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled);
+void eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid);
+void eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success);
+void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail);
+void eapol_sm_notify_config(struct eapol_sm *sm, struct wpa_ssid *config,
+ const struct eapol_config *conf);
+int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len);
+void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff);
+void eapol_sm_notify_cached(struct eapol_sm *sm);
+void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt);
+void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx);
+void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl);
+void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm);
+void eapol_sm_notify_ctrl_response(struct eapol_sm *sm);
+void eapol_sm_request_reauth(struct eapol_sm *sm);
+void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm);
+void eapol_sm_invalidate_cached_session(struct eapol_sm *sm);
+#else /* IEEE8021X_EAPOL */
+static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
+{
+ free(ctx);
+ return (struct eapol_sm *) 1;
+}
+static inline void eapol_sm_deinit(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_step(struct eapol_sm *sm)
+{
+}
+static inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf,
+ size_t buflen, int verbose)
+{
+ return 0;
+}
+static inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf,
+ size_t buflen)
+{
+ return 0;
+}
+static inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod,
+ int authPeriod, int startPeriod,
+ int maxStart)
+{
+}
+static inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src,
+ const u8 *buf, size_t len)
+{
+ return 0;
+}
+static inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm,
+ Boolean enabled)
+{
+}
+static inline void eapol_sm_notify_portValid(struct eapol_sm *sm,
+ Boolean valid)
+{
+}
+static inline void eapol_sm_notify_eap_success(struct eapol_sm *sm,
+ Boolean success)
+{
+}
+static inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail)
+{
+}
+static inline void eapol_sm_notify_config(struct eapol_sm *sm,
+ struct wpa_ssid *config,
+ struct eapol_config *conf)
+{
+}
+static inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len)
+{
+ return -1;
+}
+static inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff)
+{
+}
+static inline void eapol_sm_notify_cached(struct eapol_sm *sm)
+{
+}
+#define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0)
+#define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0)
+static inline void eapol_sm_notify_portControl(struct eapol_sm *sm,
+ PortControl portControl)
+{
+}
+static inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_request_reauth(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm)
+{
+}
+static inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm)
+{
+}
+#endif /* IEEE8021X_EAPOL */
+
+#endif /* EAPOL_SM_H */
--- /dev/null
+/*
+ * WPA Supplicant - test code
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
+ * Not used in production version.
+ */
+
+#include "includes.h"
+#include <assert.h>
+
+#include "common.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "eap.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "eap_i.h"
+#include "wpa_supplicant.h"
+#include "wpa_supplicant_i.h"
+#include "radius.h"
+#include "radius_client.h"
+#include "l2_packet.h"
+#include "ctrl_iface.h"
+#include "pcsc_funcs.h"
+
+
+extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
+
+struct wpa_driver_ops *wpa_supplicant_drivers[] = { NULL };
+
+
+struct eapol_test_data {
+ struct wpa_supplicant *wpa_s;
+
+ int eapol_test_num_reauths;
+ int no_mppe_keys;
+ int num_mppe_ok, num_mppe_mismatch;
+
+ u8 radius_identifier;
+ struct radius_msg *last_recv_radius;
+ struct in_addr own_ip_addr;
+ struct radius_client_data *radius;
+ struct hostapd_radius_servers *radius_conf;
+
+ u8 *last_eap_radius; /* last received EAP Response from Authentication
+ * Server */
+ size_t last_eap_radius_len;
+
+ u8 authenticator_pmk[PMK_LEN];
+ size_t authenticator_pmk_len;
+ int radius_access_accept_received;
+ int radius_access_reject_received;
+ int auth_timed_out;
+
+ u8 *eap_identity;
+ size_t eap_identity_len;
+
+ char *connect_info;
+ u8 own_addr[ETH_ALEN];
+};
+
+static struct eapol_test_data eapol_test;
+
+
+static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
+
+
+void hostapd_logger(void *ctx, const u8 *addr, unsigned int module, int level,
+ char *fmt, ...)
+{
+ char *format;
+ int maxlen;
+ va_list ap;
+
+ maxlen = os_strlen(fmt) + 100;
+ format = os_malloc(maxlen);
+ if (!format)
+ return;
+
+ va_start(ap, fmt);
+
+
+ if (addr)
+ os_snprintf(format, maxlen, "STA " MACSTR ": %s",
+ MAC2STR(addr), fmt);
+ else
+ os_snprintf(format, maxlen, "%s", fmt);
+
+ vprintf(format, ap);
+ printf("\n");
+
+ os_free(format);
+
+ va_end(ap);
+}
+
+
+const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf,
+ size_t buflen)
+{
+ if (buflen == 0 || addr == NULL)
+ return NULL;
+
+ if (addr->af == AF_INET) {
+ os_snprintf(buf, buflen, "%s", inet_ntoa(addr->u.v4));
+ } else {
+ buf[0] = '\0';
+ }
+#ifdef CONFIG_IPV6
+ if (addr->af == AF_INET6) {
+ if (inet_ntop(AF_INET6, &addr->u.v6, buf, buflen) == NULL)
+ buf[0] = '\0';
+ }
+#endif /* CONFIG_IPV6 */
+
+ return buf;
+}
+
+
+int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b)
+{
+ return 0;
+}
+
+
+static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
+ const u8 *eap, size_t len)
+{
+ struct radius_msg *msg;
+ char buf[128];
+ const struct eap_hdr *hdr;
+ const u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
+ "packet");
+
+ e->radius_identifier = radius_client_get_id(e->radius);
+ msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
+ e->radius_identifier);
+ if (msg == NULL) {
+ printf("Could not create net RADIUS packet\n");
+ return;
+ }
+
+ radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e));
+
+ hdr = (const struct eap_hdr *) eap;
+ pos = (const u8 *) (hdr + 1);
+ if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
+ pos[0] == EAP_TYPE_IDENTITY) {
+ pos++;
+ os_free(e->eap_identity);
+ e->eap_identity_len = len - sizeof(*hdr) - 1;
+ e->eap_identity = os_malloc(e->eap_identity_len);
+ if (e->eap_identity) {
+ os_memcpy(e->eap_identity, pos, e->eap_identity_len);
+ wpa_hexdump(MSG_DEBUG, "Learned identity from "
+ "EAP-Response-Identity",
+ e->eap_identity, e->eap_identity_len);
+ }
+ }
+
+ if (e->eap_identity &&
+ !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
+ e->eap_identity, e->eap_identity_len)) {
+ printf("Could not add User-Name\n");
+ goto fail;
+ }
+
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+ (u8 *) &e->own_ip_addr, 4)) {
+ printf("Could not add NAS-IP-Address\n");
+ goto fail;
+ }
+
+ os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+ MAC2STR(e->wpa_s->own_addr));
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+ (u8 *) buf, os_strlen(buf))) {
+ printf("Could not add Calling-Station-Id\n");
+ goto fail;
+ }
+
+ /* TODO: should probably check MTU from driver config; 2304 is max for
+ * IEEE 802.11, but use 1400 to avoid problems with too large packets
+ */
+ if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
+ printf("Could not add Framed-MTU\n");
+ goto fail;
+ }
+
+ if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
+ RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+ printf("Could not add NAS-Port-Type\n");
+ goto fail;
+ }
+
+ os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+ (u8 *) buf, os_strlen(buf))) {
+ printf("Could not add Connect-Info\n");
+ goto fail;
+ }
+
+ if (eap && !radius_msg_add_eap(msg, eap, len)) {
+ printf("Could not add EAP-Message\n");
+ goto fail;
+ }
+
+ /* State attribute must be copied if and only if this packet is
+ * Access-Request reply to the previous Access-Challenge */
+ if (e->last_recv_radius && e->last_recv_radius->hdr->code ==
+ RADIUS_CODE_ACCESS_CHALLENGE) {
+ int res = radius_msg_copy_attr(msg, e->last_recv_radius,
+ RADIUS_ATTR_STATE);
+ if (res < 0) {
+ printf("Could not copy State attribute from previous "
+ "Access-Challenge\n");
+ goto fail;
+ }
+ if (res > 0) {
+ wpa_printf(MSG_DEBUG, " Copied RADIUS State "
+ "Attribute");
+ }
+ }
+
+ radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr);
+ return;
+
+ fail:
+ radius_msg_free(msg);
+ os_free(msg);
+}
+
+
+static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
+ size_t len)
+{
+ /* struct wpa_supplicant *wpa_s = ctx; */
+ printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
+ type, (unsigned long) len);
+ if (type == IEEE802_1X_TYPE_EAP_PACKET) {
+ wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
+ ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
+ }
+ return 0;
+}
+
+
+static void eapol_test_set_config_blob(void *ctx,
+ struct wpa_config_blob *blob)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_config_set_blob(wpa_s->conf, blob);
+}
+
+
+static const struct wpa_config_blob *
+eapol_test_get_config_blob(void *ctx, const char *name)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_config_get_blob(wpa_s->conf, name);
+}
+
+
+static void eapol_test_eapol_done_cb(void *ctx)
+{
+ printf("WPA: EAPOL processing complete\n");
+}
+
+
+static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
+{
+ struct eapol_test_data *e = eloop_ctx;
+ printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
+ e->radius_access_accept_received = 0;
+ send_eap_request_identity(e->wpa_s, NULL);
+}
+
+
+static int eapol_test_compare_pmk(struct eapol_test_data *e)
+{
+ u8 pmk[PMK_LEN];
+ int ret = 1;
+
+ if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
+ wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
+ if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
+ printf("WARNING: PMK mismatch\n");
+ wpa_hexdump(MSG_DEBUG, "PMK from AS",
+ e->authenticator_pmk, PMK_LEN);
+ } else if (e->radius_access_accept_received)
+ ret = 0;
+ } else if (e->authenticator_pmk_len == 16 &&
+ eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
+ wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
+ if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
+ printf("WARNING: PMK mismatch\n");
+ wpa_hexdump(MSG_DEBUG, "PMK from AS",
+ e->authenticator_pmk, 16);
+ } else if (e->radius_access_accept_received)
+ ret = 0;
+ } else if (e->radius_access_accept_received && e->no_mppe_keys) {
+ /* No keying material expected */
+ ret = 0;
+ }
+
+ if (ret && !e->no_mppe_keys)
+ e->num_mppe_mismatch++;
+ else if (!e->no_mppe_keys)
+ e->num_mppe_ok++;
+
+ return ret;
+}
+
+
+static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
+{
+ struct eapol_test_data *e = ctx;
+ printf("eapol_sm_cb: success=%d\n", success);
+ e->eapol_test_num_reauths--;
+ if (e->eapol_test_num_reauths < 0)
+ eloop_terminate();
+ else {
+ eapol_test_compare_pmk(e);
+ eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
+ }
+}
+
+
+static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ struct eapol_config eapol_conf;
+ struct eapol_ctx *ctx;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL) {
+ printf("Failed to allocate EAPOL context.\n");
+ return -1;
+ }
+ ctx->ctx = wpa_s;
+ ctx->msg_ctx = wpa_s;
+ ctx->scard_ctx = wpa_s->scard;
+ ctx->cb = eapol_sm_cb;
+ ctx->cb_ctx = e;
+ ctx->eapol_send_ctx = wpa_s;
+ ctx->preauth = 0;
+ ctx->eapol_done_cb = eapol_test_eapol_done_cb;
+ ctx->eapol_send = eapol_test_eapol_send;
+ ctx->set_config_blob = eapol_test_set_config_blob;
+ ctx->get_config_blob = eapol_test_get_config_blob;
+ ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
+ ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
+ ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
+
+ wpa_s->eapol = eapol_sm_init(ctx);
+ if (wpa_s->eapol == NULL) {
+ os_free(ctx);
+ printf("Failed to initialize EAPOL state machines.\n");
+ return -1;
+ }
+
+ wpa_s->current_ssid = ssid;
+ os_memset(&eapol_conf, 0, sizeof(eapol_conf));
+ eapol_conf.accept_802_1x_keys = 1;
+ eapol_conf.required_keys = 0;
+ eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
+ eapol_conf.workaround = ssid->eap_workaround;
+ eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
+ eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
+
+
+ eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+ /* 802.1X::portControl = Auto */
+ eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
+
+ return 0;
+}
+
+
+static void test_eapol_clean(struct eapol_test_data *e,
+ struct wpa_supplicant *wpa_s)
+{
+ radius_client_deinit(e->radius);
+ os_free(e->last_eap_radius);
+ if (e->last_recv_radius) {
+ radius_msg_free(e->last_recv_radius);
+ os_free(e->last_recv_radius);
+ }
+ os_free(e->eap_identity);
+ e->eap_identity = NULL;
+ eapol_sm_deinit(wpa_s->eapol);
+ wpa_s->eapol = NULL;
+ if (e->radius_conf && e->radius_conf->auth_server) {
+ os_free(e->radius_conf->auth_server->shared_secret);
+ os_free(e->radius_conf->auth_server);
+ }
+ os_free(e->radius_conf);
+ e->radius_conf = NULL;
+ scard_deinit(wpa_s->scard);
+ if (wpa_s->ctrl_iface) {
+ wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
+ }
+ wpa_config_free(wpa_s->conf);
+}
+
+
+static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ u8 buf[100], *pos;
+ struct ieee802_1x_hdr *hdr;
+ struct eap_hdr *eap;
+
+ hdr = (struct ieee802_1x_hdr *) buf;
+ hdr->version = EAPOL_VERSION;
+ hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
+ hdr->length = htons(5);
+
+ eap = (struct eap_hdr *) (hdr + 1);
+ eap->code = EAP_CODE_REQUEST;
+ eap->identifier = 0;
+ eap->length = htons(5);
+ pos = (u8 *) (eap + 1);
+ *pos = EAP_TYPE_IDENTITY;
+
+ printf("Sending fake EAP-Request-Identity\n");
+ eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
+ sizeof(*hdr) + 5);
+}
+
+
+static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct eapol_test_data *e = eloop_ctx;
+ printf("EAPOL test timed out\n");
+ e->auth_timed_out = 1;
+ eloop_terminate();
+}
+
+
+static char *eap_type_text(u8 type)
+{
+ switch (type) {
+ case EAP_TYPE_IDENTITY: return "Identity";
+ case EAP_TYPE_NOTIFICATION: return "Notification";
+ case EAP_TYPE_NAK: return "Nak";
+ case EAP_TYPE_TLS: return "TLS";
+ case EAP_TYPE_TTLS: return "TTLS";
+ case EAP_TYPE_PEAP: return "PEAP";
+ case EAP_TYPE_SIM: return "SIM";
+ case EAP_TYPE_GTC: return "GTC";
+ case EAP_TYPE_MD5: return "MD5";
+ case EAP_TYPE_OTP: return "OTP";
+ case EAP_TYPE_FAST: return "FAST";
+ case EAP_TYPE_SAKE: return "SAKE";
+ case EAP_TYPE_PSK: return "PSK";
+ default: return "Unknown";
+ }
+}
+
+
+static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
+{
+ u8 *eap;
+ size_t len;
+ struct eap_hdr *hdr;
+ int eap_type = -1;
+ char buf[64];
+ struct radius_msg *msg;
+
+ if (e->last_recv_radius == NULL)
+ return;
+
+ msg = e->last_recv_radius;
+
+ eap = radius_msg_get_eap(msg, &len);
+ if (eap == NULL) {
+ /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
+ * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
+ * attribute */
+ wpa_printf(MSG_DEBUG, "could not extract "
+ "EAP-Message from RADIUS message");
+ os_free(e->last_eap_radius);
+ e->last_eap_radius = NULL;
+ e->last_eap_radius_len = 0;
+ return;
+ }
+
+ if (len < sizeof(*hdr)) {
+ wpa_printf(MSG_DEBUG, "too short EAP packet "
+ "received from authentication server");
+ os_free(eap);
+ return;
+ }
+
+ if (len > sizeof(*hdr))
+ eap_type = eap[sizeof(*hdr)];
+
+ hdr = (struct eap_hdr *) eap;
+ switch (hdr->code) {
+ case EAP_CODE_REQUEST:
+ os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
+ eap_type >= 0 ? eap_type_text(eap_type) : "??",
+ eap_type);
+ break;
+ case EAP_CODE_RESPONSE:
+ os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
+ eap_type >= 0 ? eap_type_text(eap_type) : "??",
+ eap_type);
+ break;
+ case EAP_CODE_SUCCESS:
+ os_snprintf(buf, sizeof(buf), "EAP Success");
+ /* LEAP uses EAP Success within an authentication, so must not
+ * stop here with eloop_terminate(); */
+ break;
+ case EAP_CODE_FAILURE:
+ os_snprintf(buf, sizeof(buf), "EAP Failure");
+ eloop_terminate();
+ break;
+ default:
+ os_snprintf(buf, sizeof(buf), "unknown EAP code");
+ wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);
+ break;
+ }
+ wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
+ "id=%d len=%d) from RADIUS server: %s",
+ hdr->code, hdr->identifier, ntohs(hdr->length), buf);
+
+ /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
+
+ os_free(e->last_eap_radius);
+ e->last_eap_radius = eap;
+ e->last_eap_radius_len = len;
+
+ {
+ struct ieee802_1x_hdr *dot1x;
+ dot1x = os_malloc(sizeof(*dot1x) + len);
+ assert(dot1x != NULL);
+ dot1x->version = EAPOL_VERSION;
+ dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
+ dot1x->length = htons(len);
+ os_memcpy((u8 *) (dot1x + 1), eap, len);
+ eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
+ (u8 *) dot1x, sizeof(*dot1x) + len);
+ os_free(dot1x);
+ }
+}
+
+
+static void ieee802_1x_get_keys(struct eapol_test_data *e,
+ struct radius_msg *msg, struct radius_msg *req,
+ u8 *shared_secret, size_t shared_secret_len)
+{
+ struct radius_ms_mppe_keys *keys;
+
+ keys = radius_msg_get_ms_keys(msg, req, shared_secret,
+ shared_secret_len);
+ if (keys && keys->send == NULL && keys->recv == NULL) {
+ os_free(keys);
+ keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
+ shared_secret_len);
+ }
+
+ if (keys) {
+ if (keys->send) {
+ wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
+ keys->send, keys->send_len);
+ }
+ if (keys->recv) {
+ wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
+ keys->recv, keys->recv_len);
+ e->authenticator_pmk_len =
+ keys->recv_len > PMK_LEN ? PMK_LEN :
+ keys->recv_len;
+ os_memcpy(e->authenticator_pmk, keys->recv,
+ e->authenticator_pmk_len);
+ }
+
+ os_free(keys->send);
+ os_free(keys->recv);
+ os_free(keys);
+ }
+}
+
+
+/* Process the RADIUS frames from Authentication Server */
+static RadiusRxResult
+ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
+ u8 *shared_secret, size_t shared_secret_len,
+ void *data)
+{
+ struct eapol_test_data *e = data;
+
+ /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
+ * present when packet contains an EAP-Message attribute */
+ if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+ radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
+ 0) < 0 &&
+ radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
+ wpa_printf(MSG_DEBUG, "Allowing RADIUS "
+ "Access-Reject without Message-Authenticator "
+ "since it does not include EAP-Message\n");
+ } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
+ req, 1)) {
+ printf("Incoming RADIUS packet did not have correct "
+ "Message-Authenticator - dropped\n");
+ return RADIUS_RX_UNKNOWN;
+ }
+
+ if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+ msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&
+ msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
+ printf("Unknown RADIUS message code\n");
+ return RADIUS_RX_UNKNOWN;
+ }
+
+ e->radius_identifier = -1;
+ wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
+
+ if (e->last_recv_radius) {
+ radius_msg_free(e->last_recv_radius);
+ os_free(e->last_recv_radius);
+ }
+
+ e->last_recv_radius = msg;
+
+ switch (msg->hdr->code) {
+ case RADIUS_CODE_ACCESS_ACCEPT:
+ e->radius_access_accept_received = 1;
+ ieee802_1x_get_keys(e, msg, req, shared_secret,
+ shared_secret_len);
+ break;
+ case RADIUS_CODE_ACCESS_REJECT:
+ e->radius_access_reject_received = 1;
+ break;
+ }
+
+ ieee802_1x_decapsulate_radius(e);
+
+ if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
+ e->eapol_test_num_reauths < 0) ||
+ msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) {
+ eloop_terminate();
+ }
+
+ return RADIUS_RX_QUEUED;
+}
+
+
+static void wpa_init_conf(struct eapol_test_data *e,
+ struct wpa_supplicant *wpa_s, const char *authsrv,
+ int port, const char *secret)
+{
+ struct hostapd_radius_server *as;
+ int res;
+
+ wpa_s->bssid[5] = 1;
+ os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
+ e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
+ os_strncpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
+
+ e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
+ assert(e->radius_conf != NULL);
+ e->radius_conf->num_auth_servers = 1;
+ as = os_zalloc(sizeof(struct hostapd_radius_server));
+ assert(as != NULL);
+#if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
+ {
+ int a[4];
+ u8 *pos;
+ sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
+ pos = (u8 *) &as->addr.u.v4;
+ *pos++ = a[0];
+ *pos++ = a[1];
+ *pos++ = a[2];
+ *pos++ = a[3];
+ }
+#else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
+ inet_aton(authsrv, &as->addr.u.v4);
+#endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
+ as->addr.af = AF_INET;
+ as->port = port;
+ as->shared_secret = (u8 *) os_strdup(secret);
+ as->shared_secret_len = os_strlen(secret);
+ e->radius_conf->auth_server = as;
+ e->radius_conf->auth_servers = as;
+ e->radius_conf->msg_dumps = 1;
+
+ e->radius = radius_client_init(wpa_s, e->radius_conf);
+ assert(e->radius != NULL);
+
+ res = radius_client_register(e->radius, RADIUS_AUTH,
+ ieee802_1x_receive_auth, e);
+ assert(res == 0);
+}
+
+
+static int scard_test(void)
+{
+ struct scard_data *scard;
+ size_t len;
+ char imsi[20];
+ unsigned char _rand[16];
+#ifdef PCSC_FUNCS
+ unsigned char sres[4];
+ unsigned char kc[8];
+#endif /* PCSC_FUNCS */
+#define num_triplets 5
+ unsigned char rand_[num_triplets][16];
+ unsigned char sres_[num_triplets][4];
+ unsigned char kc_[num_triplets][8];
+ int i, res;
+ size_t j;
+
+#define AKA_RAND_LEN 16
+#define AKA_AUTN_LEN 16
+#define AKA_AUTS_LEN 14
+#define RES_MAX_LEN 16
+#define IK_LEN 16
+#define CK_LEN 16
+ unsigned char aka_rand[AKA_RAND_LEN];
+ unsigned char aka_autn[AKA_AUTN_LEN];
+ unsigned char aka_auts[AKA_AUTS_LEN];
+ unsigned char aka_res[RES_MAX_LEN];
+ size_t aka_res_len;
+ unsigned char aka_ik[IK_LEN];
+ unsigned char aka_ck[CK_LEN];
+
+ scard = scard_init(SCARD_TRY_BOTH);
+ if (scard == NULL)
+ return -1;
+ if (scard_set_pin(scard, "1234")) {
+ wpa_printf(MSG_WARNING, "PIN validation failed");
+ scard_deinit(scard);
+ return -1;
+ }
+
+ len = sizeof(imsi);
+ if (scard_get_imsi(scard, imsi, &len))
+ goto failed;
+ wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
+ /* NOTE: Permanent Username: 1 | IMSI */
+
+ os_memset(_rand, 0, sizeof(_rand));
+ if (scard_gsm_auth(scard, _rand, sres, kc))
+ goto failed;
+
+ os_memset(_rand, 0xff, sizeof(_rand));
+ if (scard_gsm_auth(scard, _rand, sres, kc))
+ goto failed;
+
+ for (i = 0; i < num_triplets; i++) {
+ os_memset(rand_[i], i, sizeof(rand_[i]));
+ if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
+ goto failed;
+ }
+
+ for (i = 0; i < num_triplets; i++) {
+ printf("1");
+ for (j = 0; j < len; j++)
+ printf("%c", imsi[j]);
+ printf(",");
+ for (j = 0; j < 16; j++)
+ printf("%02X", rand_[i][j]);
+ printf(",");
+ for (j = 0; j < 4; j++)
+ printf("%02X", sres_[i][j]);
+ printf(",");
+ for (j = 0; j < 8; j++)
+ printf("%02X", kc_[i][j]);
+ printf("\n");
+ }
+
+ wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
+
+ /* seq 39 (0x28) */
+ os_memset(aka_rand, 0xaa, 16);
+ os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
+ "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
+
+ res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
+ aka_ik, aka_ck, aka_auts);
+ if (res == 0) {
+ wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
+ wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
+ wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
+ wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
+ } else if (res == -2) {
+ wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
+ "failure");
+ wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
+ } else {
+ wpa_printf(MSG_DEBUG, "UMTS auth failed");
+ }
+
+failed:
+ scard_deinit(scard);
+
+ return 0;
+#undef num_triplets
+}
+
+
+static int scard_get_triplets(int argc, char *argv[])
+{
+ struct scard_data *scard;
+ size_t len;
+ char imsi[20];
+ unsigned char _rand[16];
+ unsigned char sres[4];
+ unsigned char kc[8];
+ int num_triplets;
+ int i;
+ size_t j;
+
+ if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
+ printf("invalid parameters for sim command\n");
+ return -1;
+ }
+
+ if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
+ /* disable debug output */
+ wpa_debug_level = 99;
+ }
+
+ scard = scard_init(SCARD_GSM_SIM_ONLY);
+ if (scard == NULL) {
+ printf("Failed to open smartcard connection\n");
+ return -1;
+ }
+ if (scard_set_pin(scard, argv[0])) {
+ wpa_printf(MSG_WARNING, "PIN validation failed");
+ scard_deinit(scard);
+ return -1;
+ }
+
+ len = sizeof(imsi);
+ if (scard_get_imsi(scard, imsi, &len)) {
+ scard_deinit(scard);
+ return -1;
+ }
+
+ for (i = 0; i < num_triplets; i++) {
+ os_memset(_rand, i, sizeof(_rand));
+ if (scard_gsm_auth(scard, _rand, sres, kc))
+ break;
+
+ /* IMSI:Kc:SRES:RAND */
+ for (j = 0; j < len; j++)
+ printf("%c", imsi[j]);
+ printf(":");
+ for (j = 0; j < 8; j++)
+ printf("%02X", kc[j]);
+ printf(":");
+ for (j = 0; j < 4; j++)
+ printf("%02X", sres[j]);
+ printf(":");
+ for (j = 0; j < 16; j++)
+ printf("%02X", _rand[j]);
+ printf("\n");
+ }
+
+ scard_deinit(scard);
+
+ return 0;
+}
+
+
+static void eapol_test_terminate(int sig, void *eloop_ctx,
+ void *signal_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
+ eloop_terminate();
+}
+
+
+static void usage(void)
+{
+ printf("usage:\n"
+ "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
+ "[-s<AS secret>] \\\n"
+ " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
+ " [-M<client MAC address>]\n"
+ "eapol_test scard\n"
+ "eapol_test sim <PIN> <num triplets> [debug]\n"
+ "\n");
+ printf("options:\n"
+ " -c<conf> = configuration file\n"
+ " -a<AS IP> = IP address of the authentication server, "
+ "default 127.0.0.1\n"
+ " -p<AS port> = UDP port of the authentication server, "
+ "default 1812\n"
+ " -s<AS secret> = shared secret with the authentication "
+ "server, default 'radius'\n"
+ " -r<count> = number of re-authentications\n"
+ " -W = wait for a control interface monitor before starting\n"
+ " -S = save configuration after authentiation\n"
+ " -n = no MPPE keys expected\n"
+ " -t<timeout> = sets timeout in seconds (default: 30 s)\n"
+ " -C<Connect-Info> = RADIUS Connect-Info (default: "
+ "CONNECT 11Mbps 802.11b)\n"
+ " -M<client MAC address> = Set own MAC address "
+ "(Calling-Station-Id,\n"
+ " default: 02:00:00:00:00:01)\n");
+}
+
+
+int main(int argc, char *argv[])
+{
+ struct wpa_supplicant wpa_s;
+ int c, ret = 1, wait_for_monitor = 0, save_config = 0;
+ char *as_addr = "127.0.0.1";
+ int as_port = 1812;
+ char *as_secret = "radius";
+ char *conf = NULL;
+ int timeout = 30;
+
+ if (os_program_init())
+ return -1;
+
+ os_memset(&eapol_test, 0, sizeof(eapol_test));
+ eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
+ os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
+
+ wpa_debug_level = 0;
+ wpa_debug_show_keys = 1;
+
+ for (;;) {
+ c = getopt(argc, argv, "a:c:C:M:np:r:s:St:W");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'a':
+ as_addr = optarg;
+ break;
+ case 'c':
+ conf = optarg;
+ break;
+ case 'C':
+ eapol_test.connect_info = optarg;
+ break;
+ case 'M':
+ if (hwaddr_aton(optarg, eapol_test.own_addr)) {
+ usage();
+ return -1;
+ }
+ break;
+ case 'n':
+ eapol_test.no_mppe_keys++;
+ break;
+ case 'p':
+ as_port = atoi(optarg);
+ break;
+ case 'r':
+ eapol_test.eapol_test_num_reauths = atoi(optarg);
+ break;
+ case 's':
+ as_secret = optarg;
+ break;
+ case 'S':
+ save_config++;
+ break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
+ case 'W':
+ wait_for_monitor++;
+ break;
+ default:
+ usage();
+ return -1;
+ }
+ }
+
+ if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
+ return scard_test();
+ }
+
+ if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
+ return scard_get_triplets(argc - optind - 1,
+ &argv[optind + 1]);
+ }
+
+ if (conf == NULL) {
+ usage();
+ printf("Configuration file is required.\n");
+ return -1;
+ }
+
+ if (eap_peer_register_methods()) {
+ wpa_printf(MSG_ERROR, "Failed to register EAP methods");
+ return -1;
+ }
+
+ if (eloop_init(&wpa_s)) {
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ return -1;
+ }
+
+ os_memset(&wpa_s, 0, sizeof(wpa_s));
+ eapol_test.wpa_s = &wpa_s;
+ wpa_s.conf = wpa_config_read(conf);
+ if (wpa_s.conf == NULL) {
+ printf("Failed to parse configuration file '%s'.\n", conf);
+ return -1;
+ }
+ if (wpa_s.conf->ssid == NULL) {
+ printf("No networks defined.\n");
+ return -1;
+ }
+
+ wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret);
+ wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
+ if (wpa_s.ctrl_iface == NULL) {
+ printf("Failed to initialize control interface '%s'.\n"
+ "You may have another eapol_test process already "
+ "running or the file was\n"
+ "left by an unclean termination of eapol_test in "
+ "which case you will need\n"
+ "to manually remove this file before starting "
+ "eapol_test again.\n",
+ wpa_s.conf->ctrl_interface);
+ return -1;
+ }
+ if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
+ return -1;
+
+ if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
+ return -1;
+
+ if (wait_for_monitor)
+ wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
+
+ eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
+ NULL);
+ eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
+ eloop_register_signal_terminate(eapol_test_terminate, NULL);
+ eloop_register_signal_reconfig(eapol_test_terminate, NULL);
+ eloop_run();
+
+ eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
+ eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
+
+ if (eapol_test_compare_pmk(&eapol_test) == 0 ||
+ eapol_test.no_mppe_keys)
+ ret = 0;
+ if (eapol_test.auth_timed_out)
+ ret = -2;
+ if (eapol_test.radius_access_reject_received)
+ ret = -3;
+
+ if (save_config)
+ wpa_config_write(conf, wpa_s.conf);
+
+ test_eapol_clean(&eapol_test, &wpa_s);
+
+ eap_peer_unregister_methods();
+
+ eloop_destroy();
+
+ printf("MPPE keys OK: %d mismatch: %d\n",
+ eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
+ if (eapol_test.num_mppe_mismatch)
+ ret = -4;
+ if (ret)
+ printf("FAILURE\n");
+ else
+ printf("SUCCESS\n");
+
+ os_program_deinit();
+
+ return ret;
+}
--- /dev/null
+/*
+ * Event loop based on select() loop
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+
+
+struct eloop_sock {
+ int sock;
+ void *eloop_data;
+ void *user_data;
+ eloop_sock_handler handler;
+};
+
+struct eloop_timeout {
+ struct os_time time;
+ void *eloop_data;
+ void *user_data;
+ eloop_timeout_handler handler;
+ struct eloop_timeout *next;
+};
+
+struct eloop_signal {
+ int sig;
+ void *user_data;
+ eloop_signal_handler handler;
+ int signaled;
+};
+
+struct eloop_sock_table {
+ int count;
+ struct eloop_sock *table;
+ int changed;
+};
+
+struct eloop_data {
+ void *user_data;
+
+ int max_sock;
+
+ struct eloop_sock_table readers;
+ struct eloop_sock_table writers;
+ struct eloop_sock_table exceptions;
+
+ struct eloop_timeout *timeout;
+
+ int signal_count;
+ struct eloop_signal *signals;
+ int signaled;
+ int pending_terminate;
+
+ int terminate;
+ int reader_table_changed;
+};
+
+static struct eloop_data eloop;
+
+
+int eloop_init(void *user_data)
+{
+ os_memset(&eloop, 0, sizeof(eloop));
+ eloop.user_data = user_data;
+ return 0;
+}
+
+
+static int eloop_sock_table_add_sock(struct eloop_sock_table *table,
+ int sock, eloop_sock_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_sock *tmp;
+
+ if (table == NULL)
+ return -1;
+
+ tmp = (struct eloop_sock *)
+ os_realloc(table->table,
+ (table->count + 1) * sizeof(struct eloop_sock));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[table->count].sock = sock;
+ tmp[table->count].eloop_data = eloop_data;
+ tmp[table->count].user_data = user_data;
+ tmp[table->count].handler = handler;
+ table->count++;
+ table->table = tmp;
+ if (sock > eloop.max_sock)
+ eloop.max_sock = sock;
+ table->changed = 1;
+
+ return 0;
+}
+
+
+static void eloop_sock_table_remove_sock(struct eloop_sock_table *table,
+ int sock)
+{
+ int i;
+
+ if (table == NULL || table->table == NULL || table->count == 0)
+ return;
+
+ for (i = 0; i < table->count; i++) {
+ if (table->table[i].sock == sock)
+ break;
+ }
+ if (i == table->count)
+ return;
+ if (i != table->count - 1) {
+ os_memmove(&table->table[i], &table->table[i + 1],
+ (table->count - i - 1) *
+ sizeof(struct eloop_sock));
+ }
+ table->count--;
+ table->changed = 1;
+}
+
+
+static void eloop_sock_table_set_fds(struct eloop_sock_table *table,
+ fd_set *fds)
+{
+ int i;
+
+ FD_ZERO(fds);
+
+ if (table->table == NULL)
+ return;
+
+ for (i = 0; i < table->count; i++)
+ FD_SET(table->table[i].sock, fds);
+}
+
+
+static void eloop_sock_table_dispatch(struct eloop_sock_table *table,
+ fd_set *fds)
+{
+ int i;
+
+ if (table == NULL || table->table == NULL)
+ return;
+
+ table->changed = 0;
+ for (i = 0; i < table->count; i++) {
+ if (FD_ISSET(table->table[i].sock, fds)) {
+ table->table[i].handler(table->table[i].sock,
+ table->table[i].eloop_data,
+ table->table[i].user_data);
+ if (table->changed)
+ break;
+ }
+ }
+}
+
+
+static void eloop_sock_table_destroy(struct eloop_sock_table *table)
+{
+ if (table)
+ os_free(table->table);
+}
+
+
+int eloop_register_read_sock(int sock, eloop_sock_handler handler,
+ void *eloop_data, void *user_data)
+{
+ return eloop_register_sock(sock, EVENT_TYPE_READ, handler,
+ eloop_data, user_data);
+}
+
+
+void eloop_unregister_read_sock(int sock)
+{
+ eloop_unregister_sock(sock, EVENT_TYPE_READ);
+}
+
+
+static struct eloop_sock_table *eloop_get_sock_table(eloop_event_type type)
+{
+ switch (type) {
+ case EVENT_TYPE_READ:
+ return &eloop.readers;
+ case EVENT_TYPE_WRITE:
+ return &eloop.writers;
+ case EVENT_TYPE_EXCEPTION:
+ return &eloop.exceptions;
+ }
+
+ return NULL;
+}
+
+
+int eloop_register_sock(int sock, eloop_event_type type,
+ eloop_sock_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_sock_table *table;
+
+ table = eloop_get_sock_table(type);
+ return eloop_sock_table_add_sock(table, sock, handler,
+ eloop_data, user_data);
+}
+
+
+void eloop_unregister_sock(int sock, eloop_event_type type)
+{
+ struct eloop_sock_table *table;
+
+ table = eloop_get_sock_table(type);
+ eloop_sock_table_remove_sock(table, sock);
+}
+
+
+int eloop_register_timeout(unsigned int secs, unsigned int usecs,
+ eloop_timeout_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *tmp, *prev;
+
+ timeout = os_malloc(sizeof(*timeout));
+ if (timeout == NULL)
+ return -1;
+ os_get_time(&timeout->time);
+ timeout->time.sec += secs;
+ timeout->time.usec += usecs;
+ while (timeout->time.usec >= 1000000) {
+ timeout->time.sec++;
+ timeout->time.usec -= 1000000;
+ }
+ timeout->eloop_data = eloop_data;
+ timeout->user_data = user_data;
+ timeout->handler = handler;
+ timeout->next = NULL;
+
+ if (eloop.timeout == NULL) {
+ eloop.timeout = timeout;
+ return 0;
+ }
+
+ prev = NULL;
+ tmp = eloop.timeout;
+ while (tmp != NULL) {
+ if (os_time_before(&timeout->time, &tmp->time))
+ break;
+ prev = tmp;
+ tmp = tmp->next;
+ }
+
+ if (prev == NULL) {
+ timeout->next = eloop.timeout;
+ eloop.timeout = timeout;
+ } else {
+ timeout->next = prev->next;
+ prev->next = timeout;
+ }
+
+ return 0;
+}
+
+
+int eloop_cancel_timeout(eloop_timeout_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *prev, *next;
+ int removed = 0;
+
+ prev = NULL;
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ next = timeout->next;
+
+ if (timeout->handler == handler &&
+ (timeout->eloop_data == eloop_data ||
+ eloop_data == ELOOP_ALL_CTX) &&
+ (timeout->user_data == user_data ||
+ user_data == ELOOP_ALL_CTX)) {
+ if (prev == NULL)
+ eloop.timeout = next;
+ else
+ prev->next = next;
+ os_free(timeout);
+ removed++;
+ } else
+ prev = timeout;
+
+ timeout = next;
+ }
+
+ return removed;
+}
+
+
+#ifndef CONFIG_NATIVE_WINDOWS
+static void eloop_handle_alarm(int sig)
+{
+ fprintf(stderr, "eloop: could not process SIGINT or SIGTERM in two "
+ "seconds. Looks like there\n"
+ "is a bug that ends up in a busy loop that "
+ "prevents clean shutdown.\n"
+ "Killing program forcefully.\n");
+ exit(1);
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+
+static void eloop_handle_signal(int sig)
+{
+ int i;
+
+#ifndef CONFIG_NATIVE_WINDOWS
+ if ((sig == SIGINT || sig == SIGTERM) && !eloop.pending_terminate) {
+ /* Use SIGALRM to break out from potential busy loops that
+ * would not allow the program to be killed. */
+ eloop.pending_terminate = 1;
+ signal(SIGALRM, eloop_handle_alarm);
+ alarm(2);
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ eloop.signaled++;
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].sig == sig) {
+ eloop.signals[i].signaled++;
+ break;
+ }
+ }
+}
+
+
+static void eloop_process_pending_signals(void)
+{
+ int i;
+
+ if (eloop.signaled == 0)
+ return;
+ eloop.signaled = 0;
+
+ if (eloop.pending_terminate) {
+#ifndef CONFIG_NATIVE_WINDOWS
+ alarm(0);
+#endif /* CONFIG_NATIVE_WINDOWS */
+ eloop.pending_terminate = 0;
+ }
+
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].signaled) {
+ eloop.signals[i].signaled = 0;
+ eloop.signals[i].handler(eloop.signals[i].sig,
+ eloop.user_data,
+ eloop.signals[i].user_data);
+ }
+ }
+}
+
+
+int eloop_register_signal(int sig, eloop_signal_handler handler,
+ void *user_data)
+{
+ struct eloop_signal *tmp;
+
+ tmp = (struct eloop_signal *)
+ os_realloc(eloop.signals,
+ (eloop.signal_count + 1) *
+ sizeof(struct eloop_signal));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[eloop.signal_count].sig = sig;
+ tmp[eloop.signal_count].user_data = user_data;
+ tmp[eloop.signal_count].handler = handler;
+ tmp[eloop.signal_count].signaled = 0;
+ eloop.signal_count++;
+ eloop.signals = tmp;
+ signal(sig, eloop_handle_signal);
+
+ return 0;
+}
+
+
+int eloop_register_signal_terminate(eloop_signal_handler handler,
+ void *user_data)
+{
+ int ret = eloop_register_signal(SIGINT, handler, user_data);
+ if (ret == 0)
+ ret = eloop_register_signal(SIGTERM, handler, user_data);
+ return ret;
+}
+
+
+int eloop_register_signal_reconfig(eloop_signal_handler handler,
+ void *user_data)
+{
+#ifdef CONFIG_NATIVE_WINDOWS
+ return 0;
+#else /* CONFIG_NATIVE_WINDOWS */
+ return eloop_register_signal(SIGHUP, handler, user_data);
+#endif /* CONFIG_NATIVE_WINDOWS */
+}
+
+
+void eloop_run(void)
+{
+ fd_set *rfds, *wfds, *efds;
+ int res;
+ struct timeval _tv;
+ struct os_time tv, now;
+
+ rfds = os_malloc(sizeof(*rfds));
+ wfds = os_malloc(sizeof(*wfds));
+ efds = os_malloc(sizeof(*efds));
+ if (rfds == NULL || wfds == NULL || efds == NULL) {
+ printf("eloop_run - malloc failed\n");
+ goto out;
+ }
+
+ while (!eloop.terminate &&
+ (eloop.timeout || eloop.readers.count > 0 ||
+ eloop.writers.count > 0 || eloop.exceptions.count > 0)) {
+ if (eloop.timeout) {
+ os_get_time(&now);
+ if (os_time_before(&now, &eloop.timeout->time))
+ os_time_sub(&eloop.timeout->time, &now, &tv);
+ else
+ tv.sec = tv.usec = 0;
+#if 0
+ printf("next timeout in %lu.%06lu sec\n",
+ tv.sec, tv.usec);
+#endif
+ _tv.tv_sec = tv.sec;
+ _tv.tv_usec = tv.usec;
+ }
+
+ eloop_sock_table_set_fds(&eloop.readers, rfds);
+ eloop_sock_table_set_fds(&eloop.writers, wfds);
+ eloop_sock_table_set_fds(&eloop.exceptions, efds);
+ res = select(eloop.max_sock + 1, rfds, wfds, efds,
+ eloop.timeout ? &_tv : NULL);
+ if (res < 0 && errno != EINTR && errno != 0) {
+ perror("select");
+ goto out;
+ }
+ eloop_process_pending_signals();
+
+ /* check if some registered timeouts have occurred */
+ if (eloop.timeout) {
+ struct eloop_timeout *tmp;
+
+ os_get_time(&now);
+ if (!os_time_before(&now, &eloop.timeout->time)) {
+ tmp = eloop.timeout;
+ eloop.timeout = eloop.timeout->next;
+ tmp->handler(tmp->eloop_data,
+ tmp->user_data);
+ os_free(tmp);
+ }
+
+ }
+
+ if (res <= 0)
+ continue;
+
+ eloop_sock_table_dispatch(&eloop.readers, rfds);
+ eloop_sock_table_dispatch(&eloop.writers, wfds);
+ eloop_sock_table_dispatch(&eloop.exceptions, efds);
+ }
+
+out:
+ os_free(rfds);
+ os_free(wfds);
+ os_free(efds);
+}
+
+
+void eloop_terminate(void)
+{
+ eloop.terminate = 1;
+}
+
+
+void eloop_destroy(void)
+{
+ struct eloop_timeout *timeout, *prev;
+
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ prev = timeout;
+ timeout = timeout->next;
+ os_free(prev);
+ }
+ eloop_sock_table_destroy(&eloop.readers);
+ eloop_sock_table_destroy(&eloop.writers);
+ eloop_sock_table_destroy(&eloop.exceptions);
+ os_free(eloop.signals);
+}
+
+
+int eloop_terminated(void)
+{
+ return eloop.terminate;
+}
+
+
+void eloop_wait_for_read_sock(int sock)
+{
+ fd_set rfds;
+
+ if (sock < 0)
+ return;
+
+ FD_ZERO(&rfds);
+ FD_SET(sock, &rfds);
+ select(sock + 1, &rfds, NULL, NULL, NULL);
+}
+
+
+void * eloop_get_user_data(void)
+{
+ return eloop.user_data;
+}
--- /dev/null
+/*
+ * Event loop
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file defines an event loop interface that supports processing events
+ * from registered timeouts (i.e., do something after N seconds), sockets
+ * (e.g., a new packet available for reading), and signals. eloop.c is an
+ * implementation of this interface using select() and sockets. This is
+ * suitable for most UNIX/POSIX systems. When porting to other operating
+ * systems, it may be necessary to replace that implementation with OS specific
+ * mechanisms.
+ */
+
+#ifndef ELOOP_H
+#define ELOOP_H
+
+/**
+ * ELOOP_ALL_CTX - eloop_cancel_timeout() magic number to match all timeouts
+ */
+#define ELOOP_ALL_CTX (void *) -1
+
+/**
+ * eloop_event_type - eloop socket event type for eloop_register_sock()
+ * @EVENT_TYPE_READ: Socket has data available for reading
+ * @EVENT_TYPE_WRITE: Socket has room for new data to be written
+ * @EVENT_TYPE_EXCEPTION: An exception has been reported
+ */
+typedef enum {
+ EVENT_TYPE_READ = 0,
+ EVENT_TYPE_WRITE,
+ EVENT_TYPE_EXCEPTION
+} eloop_event_type;
+
+/**
+ * eloop_sock_handler - eloop socket event callback type
+ * @sock: File descriptor number for the socket
+ * @eloop_ctx: Registered callback context data (eloop_data)
+ * @sock_ctx: Registered callback context data (user_data)
+ */
+typedef void (*eloop_sock_handler)(int sock, void *eloop_ctx, void *sock_ctx);
+
+/**
+ * eloop_event_handler - eloop generic event callback type
+ * @eloop_ctx: Registered callback context data (eloop_data)
+ * @sock_ctx: Registered callback context data (user_data)
+ */
+typedef void (*eloop_event_handler)(void *eloop_data, void *user_ctx);
+
+/**
+ * eloop_timeout_handler - eloop timeout event callback type
+ * @eloop_ctx: Registered callback context data (eloop_data)
+ * @sock_ctx: Registered callback context data (user_data)
+ */
+typedef void (*eloop_timeout_handler)(void *eloop_data, void *user_ctx);
+
+/**
+ * eloop_signal_handler - eloop signal event callback type
+ * @sig: Signal number
+ * @eloop_ctx: Registered callback context data (global user_data from
+ * eloop_init() call)
+ * @signal_ctx: Registered callback context data (user_data from
+ * eloop_register_signal(), eloop_register_signal_terminate(), or
+ * eloop_register_signal_reconfig() call)
+ */
+typedef void (*eloop_signal_handler)(int sig, void *eloop_ctx,
+ void *signal_ctx);
+
+/**
+ * eloop_init() - Initialize global event loop data
+ * @user_data: Pointer to global data passed as eloop_ctx to signal handlers
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function must be called before any other eloop_* function. user_data
+ * can be used to configure a global (to the process) pointer that will be
+ * passed as eloop_ctx parameter to signal handlers.
+ */
+int eloop_init(void *user_data);
+
+/**
+ * eloop_register_read_sock - Register handler for read events
+ * @sock: File descriptor number for the socket
+ * @handler: Callback function to be called when data is available for reading
+ * @eloop_data: Callback context data (eloop_ctx)
+ * @user_data: Callback context data (sock_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register a read socket notifier for the given file descriptor. The handler
+ * function will be called whenever data is available for reading from the
+ * socket. The handler function is responsible for clearing the event after
+ * having processed it in order to avoid eloop from calling the handler again
+ * for the same event.
+ */
+int eloop_register_read_sock(int sock, eloop_sock_handler handler,
+ void *eloop_data, void *user_data);
+
+/**
+ * eloop_unregister_read_sock - Unregister handler for read events
+ * @sock: File descriptor number for the socket
+ *
+ * Unregister a read socket notifier that was previously registered with
+ * eloop_register_read_sock().
+ */
+void eloop_unregister_read_sock(int sock);
+
+/**
+ * eloop_register_sock - Register handler for socket events
+ * @sock: File descriptor number for the socket
+ * @type: Type of event to wait for
+ * @handler: Callback function to be called when the event is triggered
+ * @eloop_data: Callback context data (eloop_ctx)
+ * @user_data: Callback context data (sock_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register an event notifier for the given socket's file descriptor. The
+ * handler function will be called whenever the that event is triggered for the
+ * socket. The handler function is responsible for clearing the event after
+ * having processed it in order to avoid eloop from calling the handler again
+ * for the same event.
+ */
+int eloop_register_sock(int sock, eloop_event_type type,
+ eloop_sock_handler handler,
+ void *eloop_data, void *user_data);
+
+/**
+ * eloop_unregister_sock - Unregister handler for socket events
+ * @sock: File descriptor number for the socket
+ * @type: Type of event for which sock was registered
+ *
+ * Unregister a socket event notifier that was previously registered with
+ * eloop_register_sock().
+ */
+void eloop_unregister_sock(int sock, eloop_event_type type);
+
+/**
+ * eloop_register_event - Register handler for generic events
+ * @event: Event to wait (eloop implementation specific)
+ * @event_size: Size of event data
+ * @handler: Callback function to be called when event is triggered
+ * @eloop_data: Callback context data (eloop_data)
+ * @user_data: Callback context data (user_data)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register an event handler for the given event. This function is used to
+ * register eloop implementation specific events which are mainly targetted for
+ * operating system specific code (driver interface and l2_packet) since the
+ * portable code will not be able to use such an OS-specific call. The handler
+ * function will be called whenever the event is triggered. The handler
+ * function is responsible for clearing the event after having processed it in
+ * order to avoid eloop from calling the handler again for the same event.
+ *
+ * In case of Windows implementation (eloop_win.c), event pointer is of HANDLE
+ * type, i.e., void*. The callers are likely to have 'HANDLE h' type variable,
+ * and they would call this function with eloop_register_event(h, sizeof(h),
+ * ...).
+ */
+int eloop_register_event(void *event, size_t event_size,
+ eloop_event_handler handler,
+ void *eloop_data, void *user_data);
+
+/**
+ * eloop_unregister_event - Unregister handler for a generic event
+ * @event: Event to cancel (eloop implementation specific)
+ * @event_size: Size of event data
+ *
+ * Unregister a generic event notifier that was previously registered with
+ * eloop_register_event().
+ */
+void eloop_unregister_event(void *event, size_t event_size);
+
+/**
+ * eloop_register_timeout - Register timeout
+ * @secs: Number of seconds to the timeout
+ * @usecs: Number of microseconds to the timeout
+ * @handler: Callback function to be called when timeout occurs
+ * @eloop_data: Callback context data (eloop_ctx)
+ * @user_data: Callback context data (sock_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register a timeout that will cause the handler function to be called after
+ * given time.
+ */
+int eloop_register_timeout(unsigned int secs, unsigned int usecs,
+ eloop_timeout_handler handler,
+ void *eloop_data, void *user_data);
+
+/**
+ * eloop_cancel_timeout - Cancel timeouts
+ * @handler: Matching callback function
+ * @eloop_data: Matching eloop_data or %ELOOP_ALL_CTX to match all
+ * @user_data: Matching user_data or %ELOOP_ALL_CTX to match all
+ * Returns: Number of cancelled timeouts
+ *
+ * Cancel matching <handler,eloop_data,user_data> timeouts registered with
+ * eloop_register_timeout(). ELOOP_ALL_CTX can be used as a wildcard for
+ * cancelling all timeouts regardless of eloop_data/user_data.
+ */
+int eloop_cancel_timeout(eloop_timeout_handler handler,
+ void *eloop_data, void *user_data);
+
+/**
+ * eloop_register_signal - Register handler for signals
+ * @sig: Signal number (e.g., SIGHUP)
+ * @handler: Callback function to be called when the signal is received
+ * @user_data: Callback context data (signal_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register a callback function that will be called when a signal is received.
+ * The callback function is actually called only after the system signal
+ * handler has returned. This means that the normal limits for sighandlers
+ * (i.e., only "safe functions" allowed) do not apply for the registered
+ * callback.
+ *
+ * Signals are 'global' events and there is no local eloop_data pointer like
+ * with other handlers. The global user_data pointer registered with
+ * eloop_init() will be used as eloop_ctx for signal handlers.
+ */
+int eloop_register_signal(int sig, eloop_signal_handler handler,
+ void *user_data);
+
+/**
+ * eloop_register_signal_terminate - Register handler for terminate signals
+ * @handler: Callback function to be called when the signal is received
+ * @user_data: Callback context data (signal_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register a callback function that will be called when a process termination
+ * signal is received. The callback function is actually called only after the
+ * system signal handler has returned. This means that the normal limits for
+ * sighandlers (i.e., only "safe functions" allowed) do not apply for the
+ * registered callback.
+ *
+ * Signals are 'global' events and there is no local eloop_data pointer like
+ * with other handlers. The global user_data pointer registered with
+ * eloop_init() will be used as eloop_ctx for signal handlers.
+ *
+ * This function is a more portable version of eloop_register_signal() since
+ * the knowledge of exact details of the signals is hidden in eloop
+ * implementation. In case of operating systems using signal(), this function
+ * registers handlers for SIGINT and SIGTERM.
+ */
+int eloop_register_signal_terminate(eloop_signal_handler handler,
+ void *user_data);
+
+/**
+ * eloop_register_signal_reconfig - Register handler for reconfig signals
+ * @handler: Callback function to be called when the signal is received
+ * @user_data: Callback context data (signal_ctx)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Register a callback function that will be called when a reconfiguration /
+ * hangup signal is received. The callback function is actually called only
+ * after the system signal handler has returned. This means that the normal
+ * limits for sighandlers (i.e., only "safe functions" allowed) do not apply
+ * for the registered callback.
+ *
+ * Signals are 'global' events and there is no local eloop_data pointer like
+ * with other handlers. The global user_data pointer registered with
+ * eloop_init() will be used as eloop_ctx for signal handlers.
+ *
+ * This function is a more portable version of eloop_register_signal() since
+ * the knowledge of exact details of the signals is hidden in eloop
+ * implementation. In case of operating systems using signal(), this function
+ * registers a handler for SIGHUP.
+ */
+int eloop_register_signal_reconfig(eloop_signal_handler handler,
+ void *user_data);
+
+/**
+ * eloop_run - Start the event loop
+ *
+ * Start the event loop and continue running as long as there are any
+ * registered event handlers. This function is run after event loop has been
+ * initialized with event_init() and one or more events have been registered.
+ */
+void eloop_run(void);
+
+/**
+ * eloop_terminate - Terminate event loop
+ *
+ * Terminate event loop even if there are registered events. This can be used
+ * to request the program to be terminated cleanly.
+ */
+void eloop_terminate(void);
+
+/**
+ * eloop_destroy - Free any resources allocated for the event loop
+ *
+ * After calling eloop_destroy(), other eloop_* functions must not be called
+ * before re-running eloop_init().
+ */
+void eloop_destroy(void);
+
+/**
+ * eloop_terminated - Check whether event loop has been terminated
+ * Returns: 1 = event loop terminate, 0 = event loop still running
+ *
+ * This function can be used to check whether eloop_terminate() has been called
+ * to request termination of the event loop. This is normally used to abort
+ * operations that may still be queued to be run when eloop_terminate() was
+ * called.
+ */
+int eloop_terminated(void);
+
+/**
+ * eloop_wait_for_read_sock - Wait for a single reader
+ * @sock: File descriptor number for the socket
+ *
+ * Do a blocking wait for a single read socket.
+ */
+void eloop_wait_for_read_sock(int sock);
+
+/**
+ * eloop_get_user_data - Get global user data
+ * Returns: user_data pointer that was registered with eloop_init()
+ */
+void * eloop_get_user_data(void);
+
+#endif /* ELOOP_H */
--- /dev/null
+/*
+ * Event loop - empty template (basic structure, but no OS specific operations)
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+
+
+struct eloop_sock {
+ int sock;
+ void *eloop_data;
+ void *user_data;
+ void (*handler)(int sock, void *eloop_ctx, void *sock_ctx);
+};
+
+struct eloop_timeout {
+ struct os_time time;
+ void *eloop_data;
+ void *user_data;
+ void (*handler)(void *eloop_ctx, void *sock_ctx);
+ struct eloop_timeout *next;
+};
+
+struct eloop_signal {
+ int sig;
+ void *user_data;
+ void (*handler)(int sig, void *eloop_ctx, void *signal_ctx);
+ int signaled;
+};
+
+struct eloop_data {
+ void *user_data;
+
+ int max_sock, reader_count;
+ struct eloop_sock *readers;
+
+ struct eloop_timeout *timeout;
+
+ int signal_count;
+ struct eloop_signal *signals;
+ int signaled;
+ int pending_terminate;
+
+ int terminate;
+ int reader_table_changed;
+};
+
+static struct eloop_data eloop;
+
+
+int eloop_init(void *user_data)
+{
+ memset(&eloop, 0, sizeof(eloop));
+ eloop.user_data = user_data;
+ return 0;
+}
+
+
+int eloop_register_read_sock(int sock,
+ void (*handler)(int sock, void *eloop_ctx,
+ void *sock_ctx),
+ void *eloop_data, void *user_data)
+{
+ struct eloop_sock *tmp;
+
+ tmp = (struct eloop_sock *)
+ realloc(eloop.readers,
+ (eloop.reader_count + 1) * sizeof(struct eloop_sock));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[eloop.reader_count].sock = sock;
+ tmp[eloop.reader_count].eloop_data = eloop_data;
+ tmp[eloop.reader_count].user_data = user_data;
+ tmp[eloop.reader_count].handler = handler;
+ eloop.reader_count++;
+ eloop.readers = tmp;
+ if (sock > eloop.max_sock)
+ eloop.max_sock = sock;
+ eloop.reader_table_changed = 1;
+
+ return 0;
+}
+
+
+void eloop_unregister_read_sock(int sock)
+{
+ int i;
+
+ if (eloop.readers == NULL || eloop.reader_count == 0)
+ return;
+
+ for (i = 0; i < eloop.reader_count; i++) {
+ if (eloop.readers[i].sock == sock)
+ break;
+ }
+ if (i == eloop.reader_count)
+ return;
+ if (i != eloop.reader_count - 1) {
+ memmove(&eloop.readers[i], &eloop.readers[i + 1],
+ (eloop.reader_count - i - 1) *
+ sizeof(struct eloop_sock));
+ }
+ eloop.reader_count--;
+ eloop.reader_table_changed = 1;
+}
+
+
+int eloop_register_timeout(unsigned int secs, unsigned int usecs,
+ void (*handler)(void *eloop_ctx, void *timeout_ctx),
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *tmp, *prev;
+
+ timeout = (struct eloop_timeout *) malloc(sizeof(*timeout));
+ if (timeout == NULL)
+ return -1;
+ os_get_time(&timeout->time);
+ timeout->time.sec += secs;
+ timeout->time.usec += usecs;
+ while (timeout->time.usec >= 1000000) {
+ timeout->time.sec++;
+ timeout->time.usec -= 1000000;
+ }
+ timeout->eloop_data = eloop_data;
+ timeout->user_data = user_data;
+ timeout->handler = handler;
+ timeout->next = NULL;
+
+ if (eloop.timeout == NULL) {
+ eloop.timeout = timeout;
+ return 0;
+ }
+
+ prev = NULL;
+ tmp = eloop.timeout;
+ while (tmp != NULL) {
+ if (os_time_before(&timeout->time, &tmp->time))
+ break;
+ prev = tmp;
+ tmp = tmp->next;
+ }
+
+ if (prev == NULL) {
+ timeout->next = eloop.timeout;
+ eloop.timeout = timeout;
+ } else {
+ timeout->next = prev->next;
+ prev->next = timeout;
+ }
+
+ return 0;
+}
+
+
+int eloop_cancel_timeout(void (*handler)(void *eloop_ctx, void *sock_ctx),
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *prev, *next;
+ int removed = 0;
+
+ prev = NULL;
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ next = timeout->next;
+
+ if (timeout->handler == handler &&
+ (timeout->eloop_data == eloop_data ||
+ eloop_data == ELOOP_ALL_CTX) &&
+ (timeout->user_data == user_data ||
+ user_data == ELOOP_ALL_CTX)) {
+ if (prev == NULL)
+ eloop.timeout = next;
+ else
+ prev->next = next;
+ free(timeout);
+ removed++;
+ } else
+ prev = timeout;
+
+ timeout = next;
+ }
+
+ return removed;
+}
+
+
+/* TODO: replace with suitable signal handler */
+#if 0
+static void eloop_handle_signal(int sig)
+{
+ int i;
+
+ eloop.signaled++;
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].sig == sig) {
+ eloop.signals[i].signaled++;
+ break;
+ }
+ }
+}
+#endif
+
+
+static void eloop_process_pending_signals(void)
+{
+ int i;
+
+ if (eloop.signaled == 0)
+ return;
+ eloop.signaled = 0;
+
+ if (eloop.pending_terminate) {
+ eloop.pending_terminate = 0;
+ }
+
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].signaled) {
+ eloop.signals[i].signaled = 0;
+ eloop.signals[i].handler(eloop.signals[i].sig,
+ eloop.user_data,
+ eloop.signals[i].user_data);
+ }
+ }
+}
+
+
+int eloop_register_signal(int sig,
+ void (*handler)(int sig, void *eloop_ctx,
+ void *signal_ctx),
+ void *user_data)
+{
+ struct eloop_signal *tmp;
+
+ tmp = (struct eloop_signal *)
+ realloc(eloop.signals,
+ (eloop.signal_count + 1) *
+ sizeof(struct eloop_signal));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[eloop.signal_count].sig = sig;
+ tmp[eloop.signal_count].user_data = user_data;
+ tmp[eloop.signal_count].handler = handler;
+ tmp[eloop.signal_count].signaled = 0;
+ eloop.signal_count++;
+ eloop.signals = tmp;
+
+ /* TODO: register signal handler */
+
+ return 0;
+}
+
+
+int eloop_register_signal_terminate(void (*handler)(int sig, void *eloop_ctx,
+ void *signal_ctx),
+ void *user_data)
+{
+#if 0
+ /* TODO: for example */
+ int ret = eloop_register_signal(SIGINT, handler, user_data);
+ if (ret == 0)
+ ret = eloop_register_signal(SIGTERM, handler, user_data);
+ return ret;
+#endif
+ return 0;
+}
+
+
+int eloop_register_signal_reconfig(void (*handler)(int sig, void *eloop_ctx,
+ void *signal_ctx),
+ void *user_data)
+{
+#if 0
+ /* TODO: for example */
+ return eloop_register_signal(SIGHUP, handler, user_data);
+#endif
+ return 0;
+}
+
+
+void eloop_run(void)
+{
+ int i;
+ struct os_time tv, now;
+
+ while (!eloop.terminate &&
+ (eloop.timeout || eloop.reader_count > 0)) {
+ if (eloop.timeout) {
+ os_get_time(&now);
+ if (os_time_before(&now, &eloop.timeout->time))
+ os_time_sub(&eloop.timeout->time, &now, &tv);
+ else
+ tv.sec = tv.usec = 0;
+ }
+
+ /*
+ * TODO: wait for any event (read socket ready, timeout (tv),
+ * signal
+ */
+ os_sleep(1, 0); /* just a dummy wait for testing */
+
+ eloop_process_pending_signals();
+
+ /* check if some registered timeouts have occurred */
+ if (eloop.timeout) {
+ struct eloop_timeout *tmp;
+
+ os_get_time(&now);
+ if (!os_time_before(&now, &eloop.timeout->time)) {
+ tmp = eloop.timeout;
+ eloop.timeout = eloop.timeout->next;
+ tmp->handler(tmp->eloop_data,
+ tmp->user_data);
+ free(tmp);
+ }
+
+ }
+
+ eloop.reader_table_changed = 0;
+ for (i = 0; i < eloop.reader_count; i++) {
+ /*
+ * TODO: call each handler that has pending data to
+ * read
+ */
+ if (0 /* TODO: eloop.readers[i].sock ready */) {
+ eloop.readers[i].handler(
+ eloop.readers[i].sock,
+ eloop.readers[i].eloop_data,
+ eloop.readers[i].user_data);
+ if (eloop.reader_table_changed)
+ break;
+ }
+ }
+ }
+}
+
+
+void eloop_terminate(void)
+{
+ eloop.terminate = 1;
+}
+
+
+void eloop_destroy(void)
+{
+ struct eloop_timeout *timeout, *prev;
+
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ prev = timeout;
+ timeout = timeout->next;
+ free(prev);
+ }
+ free(eloop.readers);
+ free(eloop.signals);
+}
+
+
+int eloop_terminated(void)
+{
+ return eloop.terminate;
+}
+
+
+void eloop_wait_for_read_sock(int sock)
+{
+ /*
+ * TODO: wait for the file descriptor to have something available for
+ * reading
+ */
+}
+
+
+void * eloop_get_user_data(void)
+{
+ return eloop.user_data;
+}
--- /dev/null
+/*
+ * Event loop based on Windows events and WaitForMultipleObjects
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <winsock2.h>
+
+#include "common.h"
+#include "eloop.h"
+
+
+struct eloop_sock {
+ int sock;
+ void *eloop_data;
+ void *user_data;
+ eloop_sock_handler handler;
+ WSAEVENT event;
+};
+
+struct eloop_event {
+ void *eloop_data;
+ void *user_data;
+ eloop_event_handler handler;
+ HANDLE event;
+};
+
+struct eloop_timeout {
+ struct os_time time;
+ void *eloop_data;
+ void *user_data;
+ eloop_timeout_handler handler;
+ struct eloop_timeout *next;
+};
+
+struct eloop_signal {
+ int sig;
+ void *user_data;
+ eloop_signal_handler handler;
+ int signaled;
+};
+
+struct eloop_data {
+ void *user_data;
+
+ int max_sock;
+ size_t reader_count;
+ struct eloop_sock *readers;
+
+ size_t event_count;
+ struct eloop_event *events;
+
+ struct eloop_timeout *timeout;
+
+ int signal_count;
+ struct eloop_signal *signals;
+ int signaled;
+ int pending_terminate;
+
+ int terminate;
+ int reader_table_changed;
+
+ struct eloop_signal term_signal;
+ HANDLE term_event;
+
+ HANDLE *handles;
+ size_t num_handles;
+};
+
+static struct eloop_data eloop;
+
+
+int eloop_init(void *user_data)
+{
+ os_memset(&eloop, 0, sizeof(eloop));
+ eloop.user_data = user_data;
+ eloop.num_handles = 1;
+ eloop.handles = os_malloc(eloop.num_handles *
+ sizeof(eloop.handles[0]));
+ if (eloop.handles == NULL)
+ return -1;
+
+ eloop.term_event = CreateEvent(NULL, FALSE, FALSE, NULL);
+ if (eloop.term_event == NULL) {
+ printf("CreateEvent() failed: %d\n",
+ (int) GetLastError());
+ os_free(eloop.handles);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int eloop_prepare_handles(void)
+{
+ HANDLE *n;
+
+ if (eloop.num_handles > eloop.reader_count + eloop.event_count + 8)
+ return 0;
+ n = os_realloc(eloop.handles,
+ eloop.num_handles * 2 * sizeof(eloop.handles[0]));
+ if (n == NULL)
+ return -1;
+ eloop.handles = n;
+ eloop.num_handles *= 2;
+ return 0;
+}
+
+
+int eloop_register_read_sock(int sock, eloop_sock_handler handler,
+ void *eloop_data, void *user_data)
+{
+ WSAEVENT event;
+ struct eloop_sock *tmp;
+
+ if (eloop_prepare_handles())
+ return -1;
+
+ event = WSACreateEvent();
+ if (event == WSA_INVALID_EVENT) {
+ printf("WSACreateEvent() failed: %d\n", WSAGetLastError());
+ return -1;
+ }
+
+ if (WSAEventSelect(sock, event, FD_READ)) {
+ printf("WSAEventSelect() failed: %d\n", WSAGetLastError());
+ WSACloseEvent(event);
+ return -1;
+ }
+ tmp = os_realloc(eloop.readers,
+ (eloop.reader_count + 1) * sizeof(struct eloop_sock));
+ if (tmp == NULL) {
+ WSAEventSelect(sock, event, 0);
+ WSACloseEvent(event);
+ return -1;
+ }
+
+ tmp[eloop.reader_count].sock = sock;
+ tmp[eloop.reader_count].eloop_data = eloop_data;
+ tmp[eloop.reader_count].user_data = user_data;
+ tmp[eloop.reader_count].handler = handler;
+ tmp[eloop.reader_count].event = event;
+ eloop.reader_count++;
+ eloop.readers = tmp;
+ if (sock > eloop.max_sock)
+ eloop.max_sock = sock;
+ eloop.reader_table_changed = 1;
+
+ return 0;
+}
+
+
+void eloop_unregister_read_sock(int sock)
+{
+ size_t i;
+
+ if (eloop.readers == NULL || eloop.reader_count == 0)
+ return;
+
+ for (i = 0; i < eloop.reader_count; i++) {
+ if (eloop.readers[i].sock == sock)
+ break;
+ }
+ if (i == eloop.reader_count)
+ return;
+
+ WSAEventSelect(eloop.readers[i].sock, eloop.readers[i].event, 0);
+ WSACloseEvent(eloop.readers[i].event);
+
+ if (i != eloop.reader_count - 1) {
+ os_memmove(&eloop.readers[i], &eloop.readers[i + 1],
+ (eloop.reader_count - i - 1) *
+ sizeof(struct eloop_sock));
+ }
+ eloop.reader_count--;
+ eloop.reader_table_changed = 1;
+}
+
+
+int eloop_register_event(void *event, size_t event_size,
+ eloop_event_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_event *tmp;
+ HANDLE h = event;
+
+ if (event_size != sizeof(HANDLE) || h == INVALID_HANDLE_VALUE)
+ return -1;
+
+ if (eloop_prepare_handles())
+ return -1;
+
+ tmp = os_realloc(eloop.events,
+ (eloop.event_count + 1) * sizeof(struct eloop_event));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[eloop.event_count].eloop_data = eloop_data;
+ tmp[eloop.event_count].user_data = user_data;
+ tmp[eloop.event_count].handler = handler;
+ tmp[eloop.event_count].event = h;
+ eloop.event_count++;
+ eloop.events = tmp;
+
+ return 0;
+}
+
+
+void eloop_unregister_event(void *event, size_t event_size)
+{
+ size_t i;
+ HANDLE h = event;
+
+ if (eloop.events == NULL || eloop.event_count == 0 ||
+ event_size != sizeof(HANDLE))
+ return;
+
+ for (i = 0; i < eloop.event_count; i++) {
+ if (eloop.events[i].event == h)
+ break;
+ }
+ if (i == eloop.event_count)
+ return;
+
+ if (i != eloop.event_count - 1) {
+ os_memmove(&eloop.events[i], &eloop.events[i + 1],
+ (eloop.event_count - i - 1) *
+ sizeof(struct eloop_event));
+ }
+ eloop.event_count--;
+}
+
+
+int eloop_register_timeout(unsigned int secs, unsigned int usecs,
+ eloop_timeout_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *tmp, *prev;
+
+ timeout = os_malloc(sizeof(*timeout));
+ if (timeout == NULL)
+ return -1;
+ os_get_time(&timeout->time);
+ timeout->time.sec += secs;
+ timeout->time.usec += usecs;
+ while (timeout->time.usec >= 1000000) {
+ timeout->time.sec++;
+ timeout->time.usec -= 1000000;
+ }
+ timeout->eloop_data = eloop_data;
+ timeout->user_data = user_data;
+ timeout->handler = handler;
+ timeout->next = NULL;
+
+ if (eloop.timeout == NULL) {
+ eloop.timeout = timeout;
+ return 0;
+ }
+
+ prev = NULL;
+ tmp = eloop.timeout;
+ while (tmp != NULL) {
+ if (os_time_before(&timeout->time, &tmp->time))
+ break;
+ prev = tmp;
+ tmp = tmp->next;
+ }
+
+ if (prev == NULL) {
+ timeout->next = eloop.timeout;
+ eloop.timeout = timeout;
+ } else {
+ timeout->next = prev->next;
+ prev->next = timeout;
+ }
+
+ return 0;
+}
+
+
+int eloop_cancel_timeout(eloop_timeout_handler handler,
+ void *eloop_data, void *user_data)
+{
+ struct eloop_timeout *timeout, *prev, *next;
+ int removed = 0;
+
+ prev = NULL;
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ next = timeout->next;
+
+ if (timeout->handler == handler &&
+ (timeout->eloop_data == eloop_data ||
+ eloop_data == ELOOP_ALL_CTX) &&
+ (timeout->user_data == user_data ||
+ user_data == ELOOP_ALL_CTX)) {
+ if (prev == NULL)
+ eloop.timeout = next;
+ else
+ prev->next = next;
+ os_free(timeout);
+ removed++;
+ } else
+ prev = timeout;
+
+ timeout = next;
+ }
+
+ return removed;
+}
+
+
+/* TODO: replace with suitable signal handler */
+#if 0
+static void eloop_handle_signal(int sig)
+{
+ int i;
+
+ eloop.signaled++;
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].sig == sig) {
+ eloop.signals[i].signaled++;
+ break;
+ }
+ }
+}
+#endif
+
+
+static void eloop_process_pending_signals(void)
+{
+ int i;
+
+ if (eloop.signaled == 0)
+ return;
+ eloop.signaled = 0;
+
+ if (eloop.pending_terminate) {
+ eloop.pending_terminate = 0;
+ }
+
+ for (i = 0; i < eloop.signal_count; i++) {
+ if (eloop.signals[i].signaled) {
+ eloop.signals[i].signaled = 0;
+ eloop.signals[i].handler(eloop.signals[i].sig,
+ eloop.user_data,
+ eloop.signals[i].user_data);
+ }
+ }
+
+ if (eloop.term_signal.signaled) {
+ eloop.term_signal.signaled = 0;
+ eloop.term_signal.handler(eloop.term_signal.sig,
+ eloop.user_data,
+ eloop.term_signal.user_data);
+ }
+}
+
+
+int eloop_register_signal(int sig, eloop_signal_handler handler,
+ void *user_data)
+{
+ struct eloop_signal *tmp;
+
+ tmp = os_realloc(eloop.signals,
+ (eloop.signal_count + 1) *
+ sizeof(struct eloop_signal));
+ if (tmp == NULL)
+ return -1;
+
+ tmp[eloop.signal_count].sig = sig;
+ tmp[eloop.signal_count].user_data = user_data;
+ tmp[eloop.signal_count].handler = handler;
+ tmp[eloop.signal_count].signaled = 0;
+ eloop.signal_count++;
+ eloop.signals = tmp;
+
+ /* TODO: register signal handler */
+
+ return 0;
+}
+
+
+#ifndef _WIN32_WCE
+static BOOL eloop_handle_console_ctrl(DWORD type)
+{
+ switch (type) {
+ case CTRL_C_EVENT:
+ case CTRL_BREAK_EVENT:
+ eloop.signaled++;
+ eloop.term_signal.signaled++;
+ SetEvent(eloop.term_event);
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+#endif /* _WIN32_WCE */
+
+
+int eloop_register_signal_terminate(eloop_signal_handler handler,
+ void *user_data)
+{
+#ifndef _WIN32_WCE
+ if (SetConsoleCtrlHandler((PHANDLER_ROUTINE) eloop_handle_console_ctrl,
+ TRUE) == 0) {
+ printf("SetConsoleCtrlHandler() failed: %d\n",
+ (int) GetLastError());
+ return -1;
+ }
+#endif /* _WIN32_WCE */
+
+ eloop.term_signal.handler = handler;
+ eloop.term_signal.user_data = user_data;
+
+ return 0;
+}
+
+
+int eloop_register_signal_reconfig(eloop_signal_handler handler,
+ void *user_data)
+{
+ /* TODO */
+ return 0;
+}
+
+
+void eloop_run(void)
+{
+ struct os_time tv, now;
+ DWORD count, ret, timeout, err;
+ size_t i;
+
+ while (!eloop.terminate &&
+ (eloop.timeout || eloop.reader_count > 0 ||
+ eloop.event_count > 0)) {
+ if (eloop.timeout) {
+ os_get_time(&now);
+ if (os_time_before(&now, &eloop.timeout->time))
+ os_time_sub(&eloop.timeout->time, &now, &tv);
+ else
+ tv.sec = tv.usec = 0;
+ }
+
+ count = 0;
+ for (i = 0; i < eloop.event_count; i++)
+ eloop.handles[count++] = eloop.events[i].event;
+
+ for (i = 0; i < eloop.reader_count; i++)
+ eloop.handles[count++] = eloop.readers[i].event;
+
+ if (eloop.term_event)
+ eloop.handles[count++] = eloop.term_event;
+
+ if (eloop.timeout)
+ timeout = tv.sec * 1000 + tv.usec / 1000;
+ else
+ timeout = INFINITE;
+
+ if (count > MAXIMUM_WAIT_OBJECTS) {
+ printf("WaitForMultipleObjects: Too many events: "
+ "%d > %d (ignoring extra events)\n",
+ (int) count, MAXIMUM_WAIT_OBJECTS);
+ count = MAXIMUM_WAIT_OBJECTS;
+ }
+#ifdef _WIN32_WCE
+ ret = WaitForMultipleObjects(count, eloop.handles, FALSE,
+ timeout);
+#else /* _WIN32_WCE */
+ ret = WaitForMultipleObjectsEx(count, eloop.handles, FALSE,
+ timeout, TRUE);
+#endif /* _WIN32_WCE */
+ err = GetLastError();
+
+ eloop_process_pending_signals();
+
+ /* check if some registered timeouts have occurred */
+ if (eloop.timeout) {
+ struct eloop_timeout *tmp;
+
+ os_get_time(&now);
+ if (!os_time_before(&now, &eloop.timeout->time)) {
+ tmp = eloop.timeout;
+ eloop.timeout = eloop.timeout->next;
+ tmp->handler(tmp->eloop_data,
+ tmp->user_data);
+ os_free(tmp);
+ }
+
+ }
+
+ if (ret == WAIT_FAILED) {
+ printf("WaitForMultipleObjects(count=%d) failed: %d\n",
+ (int) count, (int) err);
+ os_sleep(1, 0);
+ continue;
+ }
+
+#ifndef _WIN32_WCE
+ if (ret == WAIT_IO_COMPLETION)
+ continue;
+#endif /* _WIN32_WCE */
+
+ if (ret == WAIT_TIMEOUT)
+ continue;
+
+ while (ret >= WAIT_OBJECT_0 &&
+ ret < WAIT_OBJECT_0 + eloop.event_count) {
+ eloop.events[ret].handler(
+ eloop.events[ret].eloop_data,
+ eloop.events[ret].user_data);
+ ret = WaitForMultipleObjects(eloop.event_count,
+ eloop.handles, FALSE, 0);
+ }
+
+ eloop.reader_table_changed = 0;
+ for (i = 0; i < eloop.reader_count; i++) {
+ WSANETWORKEVENTS events;
+ if (WSAEnumNetworkEvents(eloop.readers[i].sock,
+ eloop.readers[i].event,
+ &events) == 0 &&
+ (events.lNetworkEvents & FD_READ)) {
+ eloop.readers[i].handler(
+ eloop.readers[i].sock,
+ eloop.readers[i].eloop_data,
+ eloop.readers[i].user_data);
+ if (eloop.reader_table_changed)
+ break;
+ }
+ }
+ }
+}
+
+
+void eloop_terminate(void)
+{
+ eloop.terminate = 1;
+ SetEvent(eloop.term_event);
+}
+
+
+void eloop_destroy(void)
+{
+ struct eloop_timeout *timeout, *prev;
+
+ timeout = eloop.timeout;
+ while (timeout != NULL) {
+ prev = timeout;
+ timeout = timeout->next;
+ os_free(prev);
+ }
+ os_free(eloop.readers);
+ os_free(eloop.signals);
+ if (eloop.term_event)
+ CloseHandle(eloop.term_event);
+ os_free(eloop.handles);
+ eloop.handles = NULL;
+ os_free(eloop.events);
+ eloop.events = NULL;
+}
+
+
+int eloop_terminated(void)
+{
+ return eloop.terminate;
+}
+
+
+void eloop_wait_for_read_sock(int sock)
+{
+ WSAEVENT event;
+
+ event = WSACreateEvent();
+ if (event == WSA_INVALID_EVENT) {
+ printf("WSACreateEvent() failed: %d\n", WSAGetLastError());
+ return;
+ }
+
+ if (WSAEventSelect(sock, event, FD_READ)) {
+ printf("WSAEventSelect() failed: %d\n", WSAGetLastError());
+ WSACloseEvent(event);
+ return ;
+ }
+
+ WaitForSingleObject(event, INFINITE);
+ WSAEventSelect(sock, event, 0);
+ WSACloseEvent(event);
+}
+
+
+void * eloop_get_user_data(void)
+{
+ return eloop.user_data;
+}
--- /dev/null
+/*
+ * WPA Supplicant - Driver event processing
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eapol_sm.h"
+#include "wpa.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "config.h"
+#include "l2_packet.h"
+#include "wpa_supplicant_i.h"
+#include "pcsc_funcs.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "wpa_ctrl.h"
+#include "eap.h"
+#include "ctrl_iface_dbus.h"
+
+
+static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_ssid *ssid;
+
+ if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid)
+ return 0;
+
+ ssid = wpa_supplicant_get_ssid(wpa_s);
+ if (ssid == NULL) {
+ wpa_printf(MSG_INFO, "No network configuration found for the "
+ "current AP");
+ return -1;
+ }
+
+ if (ssid->disabled) {
+ wpa_printf(MSG_DEBUG, "Selected network is disabled");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "Network configuration found for the current "
+ "AP");
+ if (ssid->key_mgmt & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
+ WPA_KEY_MGMT_WPA_NONE)) {
+ u8 wpa_ie[80];
+ size_t wpa_ie_len = sizeof(wpa_ie);
+ wpa_supplicant_set_suites(wpa_s, NULL, ssid,
+ wpa_ie, &wpa_ie_len);
+ } else {
+ wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
+ }
+
+ if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+ wpa_s->current_ssid = ssid;
+ wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
+ wpa_supplicant_initiate_eapol(wpa_s);
+
+ return 0;
+}
+
+
+static void wpa_supplicant_stop_countermeasures(void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+
+ if (wpa_s->countermeasures) {
+ wpa_s->countermeasures = 0;
+ wpa_drv_set_countermeasures(wpa_s, 0);
+ wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
+}
+
+
+void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
+{
+ wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ os_memset(wpa_s->bssid, 0, ETH_ALEN);
+ os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
+ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
+ eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK)
+ eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+}
+
+
+static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_ie_data ie;
+ int i, pmksa_set = -1;
+
+ if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
+ ie.pmkid == NULL)
+ return;
+
+ for (i = 0; i < ie.num_pmkid; i++) {
+ pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
+ ie.pmkid + i * PMKID_LEN,
+ NULL, NULL, 0);
+ if (pmksa_set == 0) {
+ eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
+ break;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from PMKSA "
+ "cache", pmksa_set == 0 ? "" : "not ");
+}
+
+
+static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ if (data == NULL) {
+ wpa_printf(MSG_DEBUG, "RSN: No data in PMKID candidate event");
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
+ " index=%d preauth=%d",
+ MAC2STR(data->pmkid_candidate.bssid),
+ data->pmkid_candidate.index,
+ data->pmkid_candidate.preauth);
+
+ pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
+ data->pmkid_candidate.index,
+ data->pmkid_candidate.preauth);
+}
+
+
+static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
+ return 0;
+
+#ifdef IEEE8021X_EAPOL
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
+ wpa_s->current_ssid &&
+ !(wpa_s->current_ssid->eapol_flags &
+ (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
+ EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
+ /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
+ * plaintext or static WEP keys). */
+ return 0;
+ }
+#endif /* IEEE8021X_EAPOL */
+
+ return 1;
+}
+
+
+/**
+ * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
+ * @wpa_s: pointer to wpa_supplicant data
+ * @ssid: Configuration data for the network
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called when starting authentication with a network that is
+ * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
+ */
+int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+#ifdef IEEE8021X_EAPOL
+ int aka = 0, sim = 0, type;
+
+ if (ssid->pcsc == NULL || wpa_s->scard != NULL)
+ return 0;
+
+ if (ssid->eap_methods == NULL) {
+ sim = 1;
+ aka = 1;
+ } else {
+ struct eap_method_type *eap = ssid->eap_methods;
+ while (eap->vendor != EAP_VENDOR_IETF ||
+ eap->method != EAP_TYPE_NONE) {
+ if (eap->vendor == EAP_VENDOR_IETF) {
+ if (eap->method == EAP_TYPE_SIM)
+ sim = 1;
+ else if (eap->method == EAP_TYPE_AKA)
+ aka = 1;
+ }
+ eap++;
+ }
+ }
+
+ if (eap_sm_get_eap_methods(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
+ sim = 0;
+ if (eap_sm_get_eap_methods(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL)
+ aka = 0;
+
+ if (!sim && !aka) {
+ wpa_printf(MSG_DEBUG, "Selected network is configured to use "
+ "SIM, but neither EAP-SIM nor EAP-AKA are enabled");
+ return 0;
+ }
+
+ wpa_printf(MSG_DEBUG, "Selected network is configured to use SIM "
+ "(sim=%d aka=%d) - initialize PCSC", sim, aka);
+ if (sim && aka)
+ type = SCARD_TRY_BOTH;
+ else if (aka)
+ type = SCARD_USIM_ONLY;
+ else
+ type = SCARD_GSM_SIM_ONLY;
+
+ wpa_s->scard = scard_init(type);
+ if (wpa_s->scard == NULL) {
+ wpa_printf(MSG_WARNING, "Failed to initialize SIM "
+ "(pcsc-lite)");
+ return -1;
+ }
+ wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
+ eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
+#endif /* IEEE8021X_EAPOL */
+
+ return 0;
+}
+
+
+static int wpa_supplicant_match_privacy(struct wpa_scan_result *bss,
+ struct wpa_ssid *ssid)
+{
+ int i, privacy = 0;
+
+ if (ssid->mixed_cell)
+ return 1;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i]) {
+ privacy = 1;
+ break;
+ }
+ }
+#ifdef IEEE8021X_EAPOL
+ if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
+ ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
+ EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
+ privacy = 1;
+#endif /* IEEE8021X_EAPOL */
+
+ if (bss->caps & IEEE80211_CAP_PRIVACY)
+ return privacy;
+ return !privacy;
+}
+
+
+static int wpa_supplicant_ssid_bss_match(struct wpa_ssid *ssid,
+ struct wpa_scan_result *bss)
+{
+ struct wpa_ie_data ie;
+ int proto_match = 0;
+
+ while ((ssid->proto & WPA_PROTO_RSN) && bss->rsn_ie_len > 0) {
+ proto_match++;
+
+ if (wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie)) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - parse failed");
+ break;
+ }
+ if (!(ie.proto & ssid->proto)) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - proto "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - PTK cipher "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.group_cipher & ssid->group_cipher)) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - GTK cipher "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.key_mgmt & ssid->key_mgmt)) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - key mgmt "
+ "mismatch");
+ break;
+ }
+
+#ifdef CONFIG_IEEE80211W
+ if (!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)
+ && ssid->ieee80211w == IEEE80211W_REQUIRED) {
+ wpa_printf(MSG_DEBUG, " skip RSN IE - no mgmt frame "
+ "protection");
+ break;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ wpa_printf(MSG_DEBUG, " selected based on RSN IE");
+ return 1;
+ }
+
+ while ((ssid->proto & WPA_PROTO_WPA) && bss->wpa_ie_len > 0) {
+ proto_match++;
+
+ if (wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie)) {
+ wpa_printf(MSG_DEBUG, " skip WPA IE - parse failed");
+ break;
+ }
+ if (!(ie.proto & ssid->proto)) {
+ wpa_printf(MSG_DEBUG, " skip WPA IE - proto "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
+ wpa_printf(MSG_DEBUG, " skip WPA IE - PTK cipher "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.group_cipher & ssid->group_cipher)) {
+ wpa_printf(MSG_DEBUG, " skip WPA IE - GTK cipher "
+ "mismatch");
+ break;
+ }
+
+ if (!(ie.key_mgmt & ssid->key_mgmt)) {
+ wpa_printf(MSG_DEBUG, " skip WPA IE - key mgmt "
+ "mismatch");
+ break;
+ }
+
+ wpa_printf(MSG_DEBUG, " selected based on WPA IE");
+ return 1;
+ }
+
+ if (proto_match == 0)
+ wpa_printf(MSG_DEBUG, " skip - no WPA/RSN proto match");
+
+ return 0;
+}
+
+
+static struct wpa_scan_result *
+wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, struct wpa_ssid *group,
+ struct wpa_scan_result *results, int num,
+ struct wpa_ssid **selected_ssid)
+{
+ struct wpa_ssid *ssid;
+ struct wpa_scan_result *bss, *selected = NULL;
+ int i;
+ struct wpa_blacklist *e;
+
+ wpa_printf(MSG_DEBUG, "Selecting BSS from priority group %d",
+ group->priority);
+
+ bss = NULL;
+ ssid = NULL;
+ /* First, try to find WPA-enabled AP */
+ wpa_printf(MSG_DEBUG, "Try to find WPA-enabled AP");
+ for (i = 0; i < num && !selected; i++) {
+ bss = &results[i];
+ wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' "
+ "wpa_ie_len=%lu rsn_ie_len=%lu caps=0x%x",
+ i, MAC2STR(bss->bssid),
+ wpa_ssid_txt(bss->ssid, bss->ssid_len),
+ (unsigned long) bss->wpa_ie_len,
+ (unsigned long) bss->rsn_ie_len, bss->caps);
+ e = wpa_blacklist_get(wpa_s, bss->bssid);
+ if (e && e->count > 1) {
+ wpa_printf(MSG_DEBUG, " skip - blacklisted");
+ continue;
+ }
+
+ if (bss->wpa_ie_len == 0 && bss->rsn_ie_len == 0) {
+ wpa_printf(MSG_DEBUG, " skip - no WPA/RSN IE");
+ continue;
+ }
+
+ for (ssid = group; ssid; ssid = ssid->pnext) {
+ if (ssid->disabled) {
+ wpa_printf(MSG_DEBUG, " skip - disabled");
+ continue;
+ }
+ if (bss->ssid_len != ssid->ssid_len ||
+ os_memcmp(bss->ssid, ssid->ssid,
+ bss->ssid_len) != 0) {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "SSID mismatch");
+ continue;
+ }
+ if (ssid->bssid_set &&
+ os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0)
+ {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "BSSID mismatch");
+ continue;
+ }
+ if (wpa_supplicant_ssid_bss_match(ssid, bss)) {
+ selected = bss;
+ *selected_ssid = ssid;
+ wpa_printf(MSG_DEBUG, " selected WPA AP "
+ MACSTR " ssid='%s'",
+ MAC2STR(bss->bssid),
+ wpa_ssid_txt(bss->ssid,
+ bss->ssid_len));
+ break;
+ }
+ }
+ }
+
+ /* If no WPA-enabled AP found, try to find non-WPA AP, if configuration
+ * allows this. */
+ wpa_printf(MSG_DEBUG, "Try to find non-WPA AP");
+ for (i = 0; i < num && !selected; i++) {
+ bss = &results[i];
+ wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' "
+ "wpa_ie_len=%lu rsn_ie_len=%lu caps=0x%x",
+ i, MAC2STR(bss->bssid),
+ wpa_ssid_txt(bss->ssid, bss->ssid_len),
+ (unsigned long) bss->wpa_ie_len,
+ (unsigned long) bss->rsn_ie_len, bss->caps);
+ e = wpa_blacklist_get(wpa_s, bss->bssid);
+ if (e && e->count > 1) {
+ wpa_printf(MSG_DEBUG, " skip - blacklisted");
+ continue;
+ }
+ for (ssid = group; ssid; ssid = ssid->pnext) {
+ if (ssid->disabled) {
+ wpa_printf(MSG_DEBUG, " skip - disabled");
+ continue;
+ }
+ if (ssid->ssid_len != 0 &&
+ (bss->ssid_len != ssid->ssid_len ||
+ os_memcmp(bss->ssid, ssid->ssid,
+ bss->ssid_len) != 0)) {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "SSID mismatch");
+ continue;
+ }
+
+ if (ssid->bssid_set &&
+ os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0)
+ {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "BSSID mismatch");
+ continue;
+ }
+
+ if (!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
+ !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA))
+ {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "non-WPA network not allowed");
+ continue;
+ }
+
+ if ((ssid->key_mgmt &
+ (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK)) &&
+ (bss->wpa_ie_len != 0 || bss->rsn_ie_len != 0)) {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "WPA network");
+ continue;
+ }
+
+ if (!wpa_supplicant_match_privacy(bss, ssid)) {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "privacy mismatch");
+ continue;
+ }
+
+ if (bss->caps & IEEE80211_CAP_IBSS) {
+ wpa_printf(MSG_DEBUG, " skip - "
+ "IBSS (adhoc) network");
+ continue;
+ }
+
+ selected = bss;
+ *selected_ssid = ssid;
+ wpa_printf(MSG_DEBUG, " selected non-WPA AP "
+ MACSTR " ssid='%s'",
+ MAC2STR(bss->bssid),
+ wpa_ssid_txt(bss->ssid, bss->ssid_len));
+ break;
+ }
+ }
+
+ return selected;
+}
+
+
+static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
+{
+ int num, prio, timeout;
+ struct wpa_scan_result *selected = NULL;
+ struct wpa_ssid *ssid = NULL;
+ struct wpa_scan_result *results;
+
+ if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
+ if (wpa_s->conf->ap_scan == 2)
+ return;
+ wpa_printf(MSG_DEBUG, "Failed to get scan results - try "
+ "scanning again");
+ timeout = 1;
+ goto req_scan;
+ }
+
+ wpa_supplicant_dbus_notify_scan_results(wpa_s);
+
+ if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
+ return;
+ results = wpa_s->scan_results;
+ num = wpa_s->num_scan_results;
+
+ while (selected == NULL) {
+ for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
+ selected = wpa_supplicant_select_bss(
+ wpa_s, wpa_s->conf->pssid[prio], results, num,
+ &ssid);
+ if (selected)
+ break;
+ }
+
+ if (selected == NULL && wpa_s->blacklist) {
+ wpa_printf(MSG_DEBUG, "No APs found - clear blacklist "
+ "and try again");
+ wpa_blacklist_clear(wpa_s);
+ } else if (selected == NULL) {
+ break;
+ }
+ }
+
+ if (selected) {
+ /* Do not trigger new association unless the BSSID has changed
+ * or if reassociation is requested. If we are in process of
+ * associating with the selected BSSID, do not trigger new
+ * attempt. */
+ if (wpa_s->reassociate ||
+ (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
+ (wpa_s->wpa_state != WPA_ASSOCIATING ||
+ os_memcmp(selected->bssid, wpa_s->pending_bssid,
+ ETH_ALEN) != 0))) {
+ if (wpa_supplicant_scard_init(wpa_s, ssid)) {
+ wpa_supplicant_req_scan(wpa_s, 10, 0);
+ return;
+ }
+ wpa_supplicant_associate(wpa_s, selected, ssid);
+ } else {
+ wpa_printf(MSG_DEBUG, "Already associated with the "
+ "selected AP.");
+ }
+ rsn_preauth_scan_results(wpa_s->wpa, results, num);
+ } else {
+ wpa_printf(MSG_DEBUG, "No suitable AP found.");
+ timeout = 5;
+ goto req_scan;
+ }
+
+ return;
+
+req_scan:
+ if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1) {
+ /*
+ * Quick recovery if the initial scan results were not
+ * complete when fetched before the first scan request.
+ */
+ wpa_s->scan_res_tried++;
+ timeout = 0;
+ }
+ wpa_supplicant_req_scan(wpa_s, timeout, 0);
+}
+
+
+static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ int l, len, found = 0, wpa_found, rsn_found;
+ u8 *p;
+
+ wpa_printf(MSG_DEBUG, "Association info event");
+ if (data->assoc_info.req_ies)
+ wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
+ data->assoc_info.req_ies_len);
+ if (data->assoc_info.resp_ies)
+ wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
+ data->assoc_info.resp_ies_len);
+ if (data->assoc_info.beacon_ies)
+ wpa_hexdump(MSG_DEBUG, "beacon_ies",
+ data->assoc_info.beacon_ies,
+ data->assoc_info.beacon_ies_len);
+
+ p = data->assoc_info.req_ies;
+ l = data->assoc_info.req_ies_len;
+
+ /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
+ while (p && l >= 2) {
+ len = p[1] + 2;
+ if (len > l) {
+ wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
+ p, l);
+ break;
+ }
+ if ((p[0] == GENERIC_INFO_ELEM && p[1] >= 6 &&
+ (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
+ (p[0] == RSN_INFO_ELEM && p[1] >= 2)) {
+ if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
+ break;
+ found = 1;
+ wpa_find_assoc_pmkid(wpa_s);
+ break;
+ }
+ l -= len;
+ p += len;
+ }
+ if (!found && data->assoc_info.req_ies)
+ wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
+
+ /* WPA/RSN IE from Beacon/ProbeResp */
+ p = data->assoc_info.beacon_ies;
+ l = data->assoc_info.beacon_ies_len;
+
+ /* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
+ */
+ wpa_found = rsn_found = 0;
+ while (p && l >= 2) {
+ len = p[1] + 2;
+ if (len > l) {
+ wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
+ p, l);
+ break;
+ }
+ if (!wpa_found &&
+ p[0] == GENERIC_INFO_ELEM && p[1] >= 6 &&
+ os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
+ wpa_found = 1;
+ wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
+ }
+
+ if (!rsn_found &&
+ p[0] == RSN_INFO_ELEM && p[1] >= 2) {
+ rsn_found = 1;
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
+ }
+
+ l -= len;
+ p += len;
+ }
+
+ if (!wpa_found && data->assoc_info.beacon_ies)
+ wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
+ if (!rsn_found && data->assoc_info.beacon_ies)
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
+}
+
+
+static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ u8 bssid[ETH_ALEN];
+
+ if (data)
+ wpa_supplicant_event_associnfo(wpa_s, data);
+
+ wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
+ if (wpa_s->use_client_mlme)
+ os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
+ if (wpa_s->use_client_mlme ||
+ (wpa_drv_get_bssid(wpa_s, bssid) >= 0 &&
+ os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)) {
+ wpa_msg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
+ MACSTR, MAC2STR(bssid));
+ os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
+ os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
+ if (wpa_supplicant_dynamic_keys(wpa_s)) {
+ wpa_clear_keys(wpa_s, bssid);
+ }
+ if (wpa_supplicant_select_config(wpa_s) < 0) {
+ wpa_supplicant_disassociate(wpa_s,
+ REASON_DEAUTH_LEAVING);
+ return;
+ }
+ }
+
+ wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
+ if (wpa_s->current_ssid) {
+ /* When using scanning (ap_scan=1), SIM PC/SC interface can be
+ * initialized before association, but for other modes,
+ * initialize PC/SC here, if the current configuration needs
+ * smartcard or SIM/USIM. */
+ wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
+ }
+ wpa_sm_notify_assoc(wpa_s->wpa, bssid);
+ l2_packet_notify_auth_start(wpa_s->l2);
+
+ /*
+ * Set portEnabled first to FALSE in order to get EAP state machine out
+ * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
+ * state machine may transit to AUTHENTICATING state based on obsolete
+ * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
+ * AUTHENTICATED without ever giving chance to EAP state machine to
+ * reset the state.
+ */
+ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
+ eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK)
+ eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+ /* 802.1X::portControl = Auto */
+ eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
+ wpa_s->eapol_received = 0;
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+ wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+ } else {
+ /* Timeout for receiving the first EAPOL packet */
+ wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
+ }
+ wpa_supplicant_cancel_scan(wpa_s);
+}
+
+
+static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s)
+{
+ const u8 *bssid;
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
+ /*
+ * At least Host AP driver and a Prism3 card seemed to be
+ * generating streams of disconnected events when configuring
+ * IBSS for WPA-None. Ignore them for now.
+ */
+ wpa_printf(MSG_DEBUG, "Disconnect event - ignore in "
+ "IBSS/WPA-None mode");
+ return;
+ }
+
+ if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE &&
+ wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
+ "pre-shared key may be incorrect");
+ }
+ if (wpa_s->wpa_state >= WPA_ASSOCIATED)
+ wpa_supplicant_req_scan(wpa_s, 0, 100000);
+ bssid = wpa_s->bssid;
+ if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+ bssid = wpa_s->pending_bssid;
+ wpa_blacklist_add(wpa_s, bssid);
+ wpa_sm_notify_disassoc(wpa_s->wpa);
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "- Disconnect event - "
+ "remove keys");
+ if (wpa_supplicant_dynamic_keys(wpa_s)) {
+ wpa_s->keys_cleared = 0;
+ wpa_clear_keys(wpa_s, wpa_s->bssid);
+ }
+ wpa_supplicant_mark_disassoc(wpa_s);
+}
+
+
+static void
+wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ int pairwise;
+ struct os_time t;
+
+ wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
+ pairwise = (data && data->michael_mic_failure.unicast);
+ wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
+ os_get_time(&t);
+ if (wpa_s->last_michael_mic_error &&
+ t.sec - wpa_s->last_michael_mic_error <= 60) {
+ /* initialize countermeasures */
+ wpa_s->countermeasures = 1;
+ wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
+
+ /*
+ * Need to wait for completion of request frame. We do not get
+ * any callback for the message completion, so just wait a
+ * short while and hope for the best. */
+ os_sleep(0, 10000);
+
+ wpa_drv_set_countermeasures(wpa_s, 1);
+ wpa_supplicant_deauthenticate(wpa_s,
+ REASON_MICHAEL_MIC_FAILURE);
+ eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
+ wpa_s, NULL);
+ eloop_register_timeout(60, 0,
+ wpa_supplicant_stop_countermeasures,
+ wpa_s, NULL);
+ /* TODO: mark the AP rejected for 60 second. STA is
+ * allowed to associate with another AP.. */
+ }
+ wpa_s->last_michael_mic_error = t.sec;
+}
+
+
+static void
+wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
+ return;
+
+ switch (data->interface_status.ievent) {
+ case EVENT_INTERFACE_ADDED:
+ if (!wpa_s->interface_removed)
+ break;
+ wpa_s->interface_removed = 0;
+ wpa_printf(MSG_DEBUG, "Configured interface was added.");
+ if (wpa_supplicant_driver_init(wpa_s, 1) < 0) {
+ wpa_printf(MSG_INFO, "Failed to initialize the driver "
+ "after interface was added.");
+ }
+ break;
+ case EVENT_INTERFACE_REMOVED:
+ wpa_printf(MSG_DEBUG, "Configured interface was removed.");
+ wpa_s->interface_removed = 1;
+ wpa_supplicant_mark_disassoc(wpa_s);
+ l2_packet_deinit(wpa_s->l2);
+ wpa_s->l2 = NULL;
+ break;
+ }
+}
+
+
+#ifdef CONFIG_PEERKEY
+static void
+wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
+{
+ if (data == NULL)
+ return;
+ wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer);
+}
+#endif /* CONFIG_PEERKEY */
+
+
+void wpa_supplicant_event(struct wpa_supplicant *wpa_s, wpa_event_type event,
+ union wpa_event_data *data)
+{
+ switch (event) {
+ case EVENT_ASSOC:
+ wpa_supplicant_event_assoc(wpa_s, data);
+ break;
+ case EVENT_DISASSOC:
+ wpa_supplicant_event_disassoc(wpa_s);
+ break;
+ case EVENT_MICHAEL_MIC_FAILURE:
+ wpa_supplicant_event_michael_mic_failure(wpa_s, data);
+ break;
+ case EVENT_SCAN_RESULTS:
+ wpa_supplicant_event_scan_results(wpa_s);
+ break;
+ case EVENT_ASSOCINFO:
+ wpa_supplicant_event_associnfo(wpa_s, data);
+ break;
+ case EVENT_INTERFACE_STATUS:
+ wpa_supplicant_event_interface_status(wpa_s, data);
+ break;
+ case EVENT_PMKID_CANDIDATE:
+ wpa_supplicant_event_pmkid_candidate(wpa_s, data);
+ break;
+#ifdef CONFIG_PEERKEY
+ case EVENT_STKSTART:
+ wpa_supplicant_event_stkstart(wpa_s, data);
+ break;
+#endif /* CONFIG_PEERKEY */
+ default:
+ wpa_printf(MSG_INFO, "Unknown event %d", event);
+ break;
+ }
+}
--- /dev/null
+# IEEE 802.1X with dynamic WEP keys using EAP-PEAP/MSCHAPv2
+
+ctrl_interface=/var/run/wpa_supplicant
+
+network={
+ ssid="example 802.1x network"
+ key_mgmt=IEEE8021X
+ eap=PEAP
+ phase2="auth=MSCHAPV2"
+ identity="user name"
+ password="password"
+ ca_cert="/etc/cert/ca.pem"
+}
--- /dev/null
+# Plaintext (no encryption) network
+
+ctrl_interface=/var/run/wpa_supplicant
+
+network={
+ ssid="example open network"
+ key_mgmt=NONE
+}
--- /dev/null
+# Static WEP keys
+
+ctrl_interface=/var/run/wpa_supplicant
+
+network={
+ ssid="example wep network"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_tx_keyidx=0
+}
--- /dev/null
+# WPA-PSK/TKIP
+
+ctrl_interface=/var/run/wpa_supplicant
+
+network={
+ ssid="example wpa-psk network"
+ key_mgmt=WPA-PSK
+ proto=WPA
+ pairwise=TKIP
+ group=TKIP
+ psk="secret passphrase"
+}
--- /dev/null
+# WPA2-EAP/CCMP using EAP-TLS
+
+ctrl_interface=/var/run/wpa_supplicant
+
+network={
+ ssid="example wpa2-eap network"
+ key_mgmt=WPA-EAP
+ proto=WPA2
+ pairwise=CCMP
+ group=CCMP
+ eap=TLS
+ ca_cert="/etc/cert/ca.pem"
+ private_key="/etc/cert/user.p12"
+ private_key_passwd="PKCS#12 passhrase"
+}
--- /dev/null
+#ifndef HOSTAPD_H
+#define HOSTAPD_H
+
+/*
+ * Minimal version of hostapd header files for eapol_test to build
+ * radius_client.c.
+ */
+
+#include "common.h"
+
+void hostapd_logger(void *ctx, const u8 *addr, unsigned int module, int level,
+ char *fmt, ...) PRINTF_FORMAT(5, 6);
+
+struct hostapd_ip_addr;
+
+const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf,
+ size_t buflen);
+int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b);
+
+enum {
+ HOSTAPD_LEVEL_DEBUG_VERBOSE = 0,
+ HOSTAPD_LEVEL_DEBUG = 1,
+ HOSTAPD_LEVEL_INFO = 2,
+ HOSTAPD_LEVEL_NOTICE = 3,
+ HOSTAPD_LEVEL_WARNING = 4
+};
+
+#ifndef BIT
+#define BIT(n) (1 << (n))
+#endif
+
+#define HOSTAPD_MODULE_IEEE80211 BIT(0)
+#define HOSTAPD_MODULE_IEEE8021X BIT(1)
+#define HOSTAPD_MODULE_RADIUS BIT(2)
+#define HOSTAPD_MODULE_WPA BIT(3)
+#define HOSTAPD_MODULE_DRIVER BIT(4)
+#define HOSTAPD_MODULE_IAPP BIT(5)
+
+#endif /* HOSTAPD_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd - Default include files
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This header file is included into all C files so that commonly used header
+ * files can be selected with OS specific #ifdefs in one place instead of
+ * having to have OS/C library specific selection in many files.
+ */
+
+#ifndef INCLUDES_H
+#define INCLUDES_H
+
+/* Include possible build time configuration before including anything else */
+#include "build_config.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#ifndef _WIN32_WCE
+#ifndef CONFIG_TI_COMPILER
+#include <signal.h>
+#include <sys/types.h>
+#endif /* CONFIG_TI_COMPILER */
+#include <errno.h>
+#endif /* _WIN32_WCE */
+#include <ctype.h>
+#include <time.h>
+
+#ifndef CONFIG_TI_COMPILER
+#ifndef _MSC_VER
+#include <unistd.h>
+#endif /* _MSC_VER */
+#endif /* CONFIG_TI_COMPILER */
+
+#ifndef CONFIG_NATIVE_WINDOWS
+#ifndef CONFIG_TI_COMPILER
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#ifndef __vxworks
+#include <sys/uio.h>
+#include <sys/time.h>
+#endif /* __vxworks */
+#endif /* CONFIG_TI_COMPILER */
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#endif /* INCLUDES_H */
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet interface definition
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file defines an interface for layer 2 (link layer) packet sending and
+ * receiving. l2_packet_linux.c is one implementation for such a layer 2
+ * implementation using Linux packet sockets and l2_packet_pcap.c another one
+ * using libpcap and libdnet. When porting %wpa_supplicant to other operating
+ * systems, a new l2_packet implementation may need to be added.
+ */
+
+#ifndef L2_PACKET_H
+#define L2_PACKET_H
+
+#define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5]
+#define MACSTR "%02x:%02x:%02x:%02x:%02x:%02x"
+
+#ifndef ETH_P_EAPOL
+#define ETH_P_EAPOL 0x888e
+#endif
+
+#ifndef ETH_P_RSN_PREAUTH
+#define ETH_P_RSN_PREAUTH 0x88c7
+#endif
+
+/**
+ * struct l2_packet_data - Internal l2_packet data structure
+ *
+ * This structure is used by the l2_packet implementation to store its private
+ * data. Other files use a pointer to this data when calling the l2_packet
+ * functions, but the contents of this structure should not be used directly
+ * outside l2_packet implementation.
+ */
+struct l2_packet_data;
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct l2_ethhdr {
+ u8 h_dest[ETH_ALEN];
+ u8 h_source[ETH_ALEN];
+ u16 h_proto;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+/**
+ * l2_packet_init - Initialize l2_packet interface
+ * @ifname: Interface name
+ * @own_addr: Optional own MAC address if available from driver interface or
+ * %NULL if not available
+ * @protocol: Ethernet protocol number in host byte order
+ * @rx_callback: Callback function that will be called for each received packet
+ * @rx_callback_ctx: Callback data (ctx) for calls to rx_callback()
+ * @l2_hdr: 1 = include layer 2 header, 0 = do not include header
+ * Returns: Pointer to internal data or %NULL on failure
+ *
+ * rx_callback function will be called with src_addr pointing to the source
+ * address (MAC address) of the the packet. If l2_hdr is set to 0, buf
+ * points to len bytes of the payload after the layer 2 header and similarly,
+ * TX buffers start with payload. This behavior can be changed by setting
+ * l2_hdr=1 to include the layer 2 header in the data buffer.
+ */
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr);
+
+/**
+ * l2_packet_deinit - Deinitialize l2_packet interface
+ * @l2: Pointer to internal l2_packet data from l2_packet_init()
+ */
+void l2_packet_deinit(struct l2_packet_data *l2);
+
+/**
+ * l2_packet_get_own_addr - Get own layer 2 address
+ * @l2: Pointer to internal l2_packet data from l2_packet_init()
+ * @addr: Buffer for the own address (6 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr);
+
+/**
+ * l2_packet_send - Send a packet
+ * @l2: Pointer to internal l2_packet data from l2_packet_init()
+ * @dst_addr: Destination address for the packet (only used if l2_hdr == 0)
+ * @proto: Protocol/ethertype for the packet in host byte order (only used if
+ * l2_hdr == 0)
+ * @buf: Packet contents to be sent; including layer 2 header if l2_hdr was
+ * set to 1 in l2_packet_init() call. Otherwise, only the payload of the packet
+ * is included.
+ * @len: Length of the buffer (including l2 header only if l2_hdr == 1)
+ * Returns: >=0 on success, <0 on failure
+ */
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len);
+
+/**
+ * l2_packet_get_ip_addr - Get the current IP address from the interface
+ * @l2: Pointer to internal l2_packet data from l2_packet_init()
+ * @buf: Buffer for the IP address in text format
+ * @len: Maximum buffer length
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function can be used to get the current IP address from the interface
+ * bound to the l2_packet. This is mainly for status information and the IP
+ * address will be stored as an ASCII string. This function is not essential
+ * for %wpa_supplicant operation, so full implementation is not required.
+ * l2_packet implementation will need to define the function, but it can return
+ * -1 if the IP address information is not available.
+ */
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len);
+
+
+/**
+ * l2_packet_notify_auth_start - Notify l2_packet about start of authentication
+ * @l2: Pointer to internal l2_packet data from l2_packet_init()
+ *
+ * This function is called when authentication is expected to start, e.g., when
+ * association has been completed, in order to prepare l2_packet implementation
+ * for EAPOL frames. This function is used mainly if the l2_packet code needs
+ * to do polling in which case it can increasing polling frequency. This can
+ * also be an empty function if the l2_packet implementation does not benefit
+ * from knowing about the starting authentication.
+ */
+void l2_packet_notify_auth_start(struct l2_packet_data *l2);
+
+#endif /* L2_PACKET_H */
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling with FreeBSD
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005, Sam Leffler <sam@errno.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <pcap.h>
+
+#include <sys/ioctl.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/route.h>
+#include <netinet/in.h>
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+struct l2_packet_data {
+ pcap_t *pcap;
+ char ifname[100];
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header data
+ * buffers */
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ if (!l2->l2_hdr) {
+ int ret;
+ struct l2_ethhdr *eth = os_malloc(sizeof(*eth) + len);
+ if (eth == NULL)
+ return -1;
+ os_memcpy(eth->h_dest, dst_addr, ETH_ALEN);
+ os_memcpy(eth->h_source, l2->own_addr, ETH_ALEN);
+ eth->h_proto = htons(proto);
+ os_memcpy(eth + 1, buf, len);
+ ret = pcap_inject(l2->pcap, (u8 *) eth, len + sizeof(*eth));
+ os_free(eth);
+ return ret;
+ } else
+ return pcap_inject(l2->pcap, buf, len);
+}
+
+
+static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+ pcap_t *pcap = sock_ctx;
+ struct pcap_pkthdr hdr;
+ const u_char *packet;
+ struct l2_ethhdr *ethhdr;
+ unsigned char *buf;
+ size_t len;
+
+ packet = pcap_next(pcap, &hdr);
+
+ if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ return;
+
+ ethhdr = (struct l2_ethhdr *) packet;
+ if (l2->l2_hdr) {
+ buf = (unsigned char *) ethhdr;
+ len = hdr.caplen;
+ } else {
+ buf = (unsigned char *) (ethhdr + 1);
+ len = hdr.caplen - sizeof(*ethhdr);
+ }
+ l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
+}
+
+
+static int l2_packet_init_libpcap(struct l2_packet_data *l2,
+ unsigned short protocol)
+{
+ bpf_u_int32 pcap_maskp, pcap_netp;
+ char pcap_filter[200], pcap_err[PCAP_ERRBUF_SIZE];
+ struct bpf_program pcap_fp;
+
+ pcap_lookupnet(l2->ifname, &pcap_netp, &pcap_maskp, pcap_err);
+ l2->pcap = pcap_open_live(l2->ifname, 2500, 0, 10, pcap_err);
+ if (l2->pcap == NULL) {
+ fprintf(stderr, "pcap_open_live: %s\n", pcap_err);
+ fprintf(stderr, "ifname='%s'\n", l2->ifname);
+ return -1;
+ }
+ if (pcap_datalink(l2->pcap) != DLT_EN10MB &&
+ pcap_set_datalink(l2->pcap, DLT_EN10MB) < 0) {
+ fprintf(stderr, "pcap_set_datalink(DLT_EN10MB): %s\n",
+ pcap_geterr(l2->pcap));
+ return -1;
+ }
+ os_snprintf(pcap_filter, sizeof(pcap_filter),
+ "not ether src " MACSTR " and "
+ "( ether dst " MACSTR " or ether dst " MACSTR " ) and "
+ "ether proto 0x%x",
+ MAC2STR(l2->own_addr), /* do not receive own packets */
+ MAC2STR(l2->own_addr), MAC2STR(pae_group_addr),
+ protocol);
+ if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) {
+ fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ if (pcap_setfilter(l2->pcap, &pcap_fp) < 0) {
+ fprintf(stderr, "pcap_setfilter: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ pcap_freecode(&pcap_fp);
+ /*
+ * When libpcap uses BPF we must enable "immediate mode" to
+ * receive frames right away; otherwise the system may
+ * buffer them for us.
+ */
+ {
+ unsigned int on = 1;
+ if (ioctl(pcap_fileno(l2->pcap), BIOCIMMEDIATE, &on) < 0) {
+ fprintf(stderr, "%s: cannot enable immediate mode on "
+ "interface %s: %s\n",
+ __func__, l2->ifname, strerror(errno));
+ /* XXX should we fail? */
+ }
+ }
+
+ eloop_register_read_sock(pcap_get_selectable_fd(l2->pcap),
+ l2_packet_receive, l2, l2->pcap);
+
+ return 0;
+}
+
+
+static int eth_get(const char *device, u8 ea[ETH_ALEN])
+{
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+ u_char *p, *buf;
+ size_t len;
+ int mib[] = { CTL_NET, AF_ROUTE, 0, AF_LINK, NET_RT_IFLIST, 0 };
+
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
+ return -1;
+ if ((buf = os_malloc(len)) == NULL)
+ return -1;
+ if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) {
+ os_free(buf);
+ return -1;
+ }
+ for (p = buf; p < buf + len; p += ifm->ifm_msglen) {
+ ifm = (struct if_msghdr *)p;
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (ifm->ifm_type != RTM_IFINFO ||
+ (ifm->ifm_addrs & RTA_IFP) == 0)
+ continue;
+ if (sdl->sdl_family != AF_LINK || sdl->sdl_nlen == 0 ||
+ os_memcmp(sdl->sdl_data, device, sdl->sdl_nlen) != 0)
+ continue;
+ os_memcpy(ea, LLADDR(sdl), sdl->sdl_alen);
+ break;
+ }
+ os_free(buf);
+
+ if (p >= buf + len) {
+ errno = ESRCH;
+ return -1;
+ }
+ return 0;
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+ if (eth_get(l2->ifname, l2->own_addr) < 0) {
+ fprintf(stderr, "Failed to get link-level address for "
+ "interface '%s'.\n", l2->ifname);
+ os_free(l2);
+ return NULL;
+ }
+
+ if (l2_packet_init_libpcap(l2, protocol)) {
+ os_free(l2);
+ return NULL;
+ }
+
+ return l2;
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 != NULL) {
+ if (l2->pcap) {
+ eloop_unregister_read_sock(
+ pcap_get_selectable_fd(l2->pcap));
+ pcap_close(l2->pcap);
+ }
+ os_free(l2);
+ }
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ pcap_if_t *devs, *dev;
+ struct pcap_addr *addr;
+ struct sockaddr_in *saddr;
+ int found = 0;
+ char err[PCAP_ERRBUF_SIZE + 1];
+
+ if (pcap_findalldevs(&devs, err) < 0) {
+ wpa_printf(MSG_DEBUG, "pcap_findalldevs: %s\n", err);
+ return -1;
+ }
+
+ for (dev = devs; dev && !found; dev = dev->next) {
+ if (os_strcmp(dev->name, l2->ifname) != 0)
+ continue;
+
+ addr = dev->addresses;
+ while (addr) {
+ saddr = (struct sockaddr_in *) addr->addr;
+ if (saddr && saddr->sin_family == AF_INET) {
+ os_snprintf(buf, len, "%s",
+ inet_ntoa(saddr->sin_addr));
+ found = 1;
+ break;
+ }
+ addr = addr->next;
+ }
+ }
+
+ pcap_freealldevs(devs);
+
+ return found ? 0 : -1;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+}
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling with Linux packet sockets
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <netpacket/packet.h>
+#include <net/if.h>
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+
+struct l2_packet_data {
+ int fd; /* packet socket for EAPOL frames */
+ char ifname[IFNAMSIZ + 1];
+ int ifindex;
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header data
+ * buffers */
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ int ret;
+ if (l2 == NULL)
+ return -1;
+ if (l2->l2_hdr) {
+ ret = send(l2->fd, buf, len, 0);
+ if (ret < 0)
+ perror("l2_packet_send - send");
+ } else {
+ struct sockaddr_ll ll;
+ os_memset(&ll, 0, sizeof(ll));
+ ll.sll_family = AF_PACKET;
+ ll.sll_ifindex = l2->ifindex;
+ ll.sll_protocol = htons(proto);
+ ll.sll_halen = ETH_ALEN;
+ os_memcpy(ll.sll_addr, dst_addr, ETH_ALEN);
+ ret = sendto(l2->fd, buf, len, 0, (struct sockaddr *) &ll,
+ sizeof(ll));
+ if (ret < 0)
+ perror("l2_packet_send - sendto");
+ }
+ return ret;
+}
+
+
+static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+ u8 buf[2300];
+ int res;
+ struct sockaddr_ll ll;
+ socklen_t fromlen;
+
+ os_memset(&ll, 0, sizeof(ll));
+ fromlen = sizeof(ll);
+ res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &ll,
+ &fromlen);
+ if (res < 0) {
+ perror("l2_packet_receive - recvfrom");
+ return;
+ }
+
+ l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+ struct ifreq ifr;
+ struct sockaddr_ll ll;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+ l2->fd = socket(PF_PACKET, l2_hdr ? SOCK_RAW : SOCK_DGRAM,
+ htons(protocol));
+ if (l2->fd < 0) {
+ perror("socket(PF_PACKET)");
+ os_free(l2);
+ return NULL;
+ }
+ os_strncpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
+ if (ioctl(l2->fd, SIOCGIFINDEX, &ifr) < 0) {
+ perror("ioctl[SIOCGIFINDEX]");
+ close(l2->fd);
+ os_free(l2);
+ return NULL;
+ }
+ l2->ifindex = ifr.ifr_ifindex;
+
+ os_memset(&ll, 0, sizeof(ll));
+ ll.sll_family = PF_PACKET;
+ ll.sll_ifindex = ifr.ifr_ifindex;
+ ll.sll_protocol = htons(protocol);
+ if (bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
+ perror("bind[PF_PACKET]");
+ close(l2->fd);
+ os_free(l2);
+ return NULL;
+ }
+
+ if (ioctl(l2->fd, SIOCGIFHWADDR, &ifr) < 0) {
+ perror("ioctl[SIOCGIFHWADDR]");
+ close(l2->fd);
+ os_free(l2);
+ return NULL;
+ }
+ os_memcpy(l2->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+
+ return l2;
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 == NULL)
+ return;
+
+ if (l2->fd >= 0) {
+ eloop_unregister_read_sock(l2->fd);
+ close(l2->fd);
+ }
+
+ os_free(l2);
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ int s;
+ struct ifreq ifr;
+ struct sockaddr_in *saddr;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strncpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
+ if (ioctl(s, SIOCGIFADDR, &ifr) < 0) {
+ if (errno != EADDRNOTAVAIL)
+ perror("ioctl[SIOCGIFADDR]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ saddr = (struct sockaddr_in *) &ifr.ifr_addr;
+ if (saddr->sin_family != AF_INET)
+ return -1;
+ os_snprintf(buf, len, "%s", inet_ntoa(saddr->sin_addr));
+ return 0;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+}
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling with Microsoft NDISUIO
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This implementation requires Windows specific event loop implementation,
+ * i.e., eloop_win.c. In addition, the NDISUIO connection is shared with
+ * driver_ndis.c, so only that driver interface can be used and
+ * CONFIG_USE_NDISUIO must be defined.
+ *
+ * WinXP version of the code uses overlapped I/O and a single threaded design
+ * with callback functions from I/O code. WinCE version uses a separate RX
+ * thread that blocks on ReadFile() whenever the media status is connected.
+ */
+
+#include "includes.h"
+#include <winsock2.h>
+#include <ntddndis.h>
+
+#ifdef _WIN32_WCE
+#include <winioctl.h>
+#include <nuiouser.h>
+#endif /* _WIN32_WCE */
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+#ifndef _WIN32_WCE
+/* from nuiouser.h */
+#define FSCTL_NDISUIO_BASE FILE_DEVICE_NETWORK
+#define _NDISUIO_CTL_CODE(_Function, _Method, _Access) \
+ CTL_CODE(FSCTL_NDISUIO_BASE, _Function, _Method, _Access)
+#define IOCTL_NDISUIO_SET_ETHER_TYPE \
+ _NDISUIO_CTL_CODE(0x202, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+#endif /* _WIN32_WCE */
+
+/* From driver_ndis.c to shared the handle to NDISUIO */
+HANDLE driver_ndis_get_ndisuio_handle(void);
+
+/*
+ * NDISUIO supports filtering of only one ethertype at the time, so we must
+ * fake support for two (EAPOL and RSN pre-auth) by switching to pre-auth
+ * whenever wpa_supplicant is trying to pre-authenticate and then switching
+ * back to EAPOL when pre-authentication has been completed.
+ */
+
+struct l2_packet_data;
+
+struct l2_packet_ndisuio_global {
+ int refcount;
+ unsigned short first_proto;
+ struct l2_packet_data *l2[2];
+#ifdef _WIN32_WCE
+ HANDLE rx_thread;
+ HANDLE stop_request;
+ HANDLE ready_for_read;
+ HANDLE rx_processed;
+#endif /* _WIN32_WCE */
+};
+
+static struct l2_packet_ndisuio_global *l2_ndisuio_global = NULL;
+
+struct l2_packet_data {
+ char ifname[100];
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header in calls to
+ * rx_callback and l2_packet_send() */
+ HANDLE rx_avail;
+#ifndef _WIN32_WCE
+ OVERLAPPED rx_overlapped;
+#endif /* _WIN32_WCE */
+ u8 rx_buf[1514];
+ DWORD rx_written;
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ BOOL res;
+ DWORD written;
+ struct l2_ethhdr *eth;
+#ifndef _WIN32_WCE
+ OVERLAPPED overlapped;
+#endif /* _WIN32_WCE */
+ OVERLAPPED *o;
+
+ if (l2 == NULL)
+ return -1;
+
+#ifdef _WIN32_WCE
+ o = NULL;
+#else /* _WIN32_WCE */
+ os_memset(&overlapped, 0, sizeof(overlapped));
+ o = &overlapped;
+#endif /* _WIN32_WCE */
+
+ if (l2->l2_hdr) {
+ res = WriteFile(driver_ndis_get_ndisuio_handle(), buf, len,
+ &written, o);
+ } else {
+ size_t mlen = sizeof(*eth) + len;
+ eth = os_malloc(mlen);
+ if (eth == NULL)
+ return -1;
+
+ os_memcpy(eth->h_dest, dst_addr, ETH_ALEN);
+ os_memcpy(eth->h_source, l2->own_addr, ETH_ALEN);
+ eth->h_proto = htons(proto);
+ os_memcpy(eth + 1, buf, len);
+ res = WriteFile(driver_ndis_get_ndisuio_handle(), eth, mlen,
+ &written, o);
+ os_free(eth);
+ }
+
+ if (!res) {
+ DWORD err = GetLastError();
+#ifndef _WIN32_WCE
+ if (err == ERROR_IO_PENDING) {
+ /* For now, just assume that the packet will be sent in
+ * time before the next write happens. This could be
+ * cleaned up at some point to actually wait for
+ * completion before starting new writes.
+ */
+ return 0;
+ }
+#endif /* _WIN32_WCE */
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): WriteFile failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static void l2_packet_callback(struct l2_packet_data *l2);
+
+#ifdef _WIN32_WCE
+static void l2_packet_rx_thread_try_read(struct l2_packet_data *l2)
+{
+ HANDLE handles[2];
+
+ wpa_printf(MSG_MSGDUMP, "l2_packet_rx_thread: -> ReadFile");
+ if (!ReadFile(driver_ndis_get_ndisuio_handle(), l2->rx_buf,
+ sizeof(l2->rx_buf), &l2->rx_written, NULL)) {
+ DWORD err = GetLastError();
+ wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: ReadFile failed: "
+ "%d", (int) err);
+ /*
+ * ReadFile on NDISUIO/WinCE returns ERROR_DEVICE_NOT_CONNECTED
+ * error whenever the connection is not up. Yield the thread to
+ * avoid triggering a busy loop. Connection event should stop
+ * us from looping for long, but we need to allow enough CPU
+ * for the main thread to process the media disconnection.
+ */
+ Sleep(100);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: Read %d byte packet",
+ (int) l2->rx_written);
+
+ /*
+ * Notify the main thread about the availability of a frame and wait
+ * for the frame to be processed.
+ */
+ SetEvent(l2->rx_avail);
+ handles[0] = l2_ndisuio_global->stop_request;
+ handles[1] = l2_ndisuio_global->rx_processed;
+ WaitForMultipleObjects(2, handles, FALSE, INFINITE);
+ ResetEvent(l2_ndisuio_global->rx_processed);
+}
+
+
+static DWORD WINAPI l2_packet_rx_thread(LPVOID arg)
+{
+ struct l2_packet_data *l2 = arg;
+ DWORD res;
+ HANDLE handles[2];
+ int run = 1;
+
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread started");
+ handles[0] = l2_ndisuio_global->stop_request;
+ handles[1] = l2_ndisuio_global->ready_for_read;
+
+ /*
+ * Unfortunately, NDISUIO on WinCE does not seem to support waiting
+ * on the handle. There do not seem to be anything else that we could
+ * wait for either. If one were to modify NDISUIO to set a named event
+ * whenever packets are available, this event could be used here to
+ * avoid having to poll for new packets or we could even move to use a
+ * single threaded design.
+ *
+ * In addition, NDISUIO on WinCE is returning
+ * ERROR_DEVICE_NOT_CONNECTED whenever ReadFile() is attempted while
+ * the adapter is not in connected state. For now, we are just using a
+ * local event to allow ReadFile calls only after having received NDIS
+ * media connect event. This event could be easily converted to handle
+ * another event if the protocol driver is replaced with somewhat more
+ * useful design.
+ */
+
+ while (l2_ndisuio_global && run) {
+ res = WaitForMultipleObjects(2, handles, FALSE, INFINITE);
+ switch (res) {
+ case WAIT_OBJECT_0:
+ wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: Received "
+ "request to stop RX thread");
+ run = 0;
+ break;
+ case WAIT_OBJECT_0 + 1:
+ l2_packet_rx_thread_try_read(l2);
+ break;
+ case WAIT_FAILED:
+ default:
+ wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: "
+ "WaitForMultipleObjects failed: %d",
+ (int) GetLastError());
+ run = 0;
+ break;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread stopped");
+
+ return 0;
+}
+#else /* _WIN32_WCE */
+static int l2_ndisuio_start_read(struct l2_packet_data *l2, int recursive)
+{
+ os_memset(&l2->rx_overlapped, 0, sizeof(l2->rx_overlapped));
+ l2->rx_overlapped.hEvent = l2->rx_avail;
+ if (!ReadFile(driver_ndis_get_ndisuio_handle(), l2->rx_buf,
+ sizeof(l2->rx_buf), &l2->rx_written, &l2->rx_overlapped))
+ {
+ DWORD err = GetLastError();
+ if (err != ERROR_IO_PENDING) {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): ReadFile failed: "
+ "%d", (int) err);
+ return -1;
+ }
+ /*
+ * Once read is completed, l2_packet_rx_event() will be
+ * called.
+ */
+ } else {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): ReadFile returned data "
+ "without wait for completion");
+ if (!recursive)
+ l2_packet_callback(l2);
+ }
+
+ return 0;
+}
+#endif /* _WIN32_WCE */
+
+
+static void l2_packet_callback(struct l2_packet_data *l2)
+{
+ const u8 *rx_buf, *rx_src;
+ size_t rx_len;
+ struct l2_ethhdr *ethhdr = (struct l2_ethhdr *) l2->rx_buf;
+
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): Read %d bytes",
+ (int) l2->rx_written);
+
+ if (l2->l2_hdr || l2->rx_written < sizeof(*ethhdr)) {
+ rx_buf = (u8 *) ethhdr;
+ rx_len = l2->rx_written;
+ } else {
+ rx_buf = (u8 *) (ethhdr + 1);
+ rx_len = l2->rx_written - sizeof(*ethhdr);
+ }
+ rx_src = ethhdr->h_source;
+
+ l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len);
+#ifndef _WIN32_WCE
+ l2_ndisuio_start_read(l2, 1);
+#endif /* _WIN32_WCE */
+}
+
+
+static void l2_packet_rx_event(void *eloop_data, void *user_data)
+{
+ struct l2_packet_data *l2 = eloop_data;
+
+ if (l2_ndisuio_global)
+ l2 = l2_ndisuio_global->l2[l2_ndisuio_global->refcount - 1];
+
+ ResetEvent(l2->rx_avail);
+
+#ifndef _WIN32_WCE
+ if (!GetOverlappedResult(driver_ndis_get_ndisuio_handle(),
+ &l2->rx_overlapped, &l2->rx_written, FALSE)) {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): GetOverlappedResult "
+ "failed: %d", (int) GetLastError());
+ return;
+ }
+#endif /* _WIN32_WCE */
+
+ l2_packet_callback(l2);
+
+#ifdef _WIN32_WCE
+ SetEvent(l2_ndisuio_global->rx_processed);
+#endif /* _WIN32_WCE */
+}
+
+
+static int l2_ndisuio_set_ether_type(unsigned short protocol)
+{
+ USHORT proto = htons(protocol);
+ DWORD written;
+
+ if (!DeviceIoControl(driver_ndis_get_ndisuio_handle(),
+ IOCTL_NDISUIO_SET_ETHER_TYPE, &proto,
+ sizeof(proto), NULL, 0, &written, NULL)) {
+ wpa_printf(MSG_ERROR, "L2(NDISUIO): "
+ "IOCTL_NDISUIO_SET_ETHER_TYPE failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+
+ return 0;
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+
+ if (l2_ndisuio_global == NULL) {
+ l2_ndisuio_global = os_zalloc(sizeof(*l2_ndisuio_global));
+ if (l2_ndisuio_global == NULL)
+ return NULL;
+ l2_ndisuio_global->first_proto = protocol;
+ }
+ if (l2_ndisuio_global->refcount >= 2) {
+ wpa_printf(MSG_ERROR, "L2(NDISUIO): Not more than two "
+ "simultaneous connections allowed");
+ return NULL;
+ }
+ l2_ndisuio_global->refcount++;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ l2_ndisuio_global->l2[l2_ndisuio_global->refcount - 1] = l2;
+
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+ if (own_addr)
+ os_memcpy(l2->own_addr, own_addr, ETH_ALEN);
+
+ if (l2_ndisuio_set_ether_type(protocol) < 0) {
+ os_free(l2);
+ return NULL;
+ }
+
+ if (l2_ndisuio_global->refcount > 1) {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): Temporarily setting "
+ "filtering ethertype to %04x", protocol);
+ if (l2_ndisuio_global->l2[0])
+ l2->rx_avail = l2_ndisuio_global->l2[0]->rx_avail;
+ return l2;
+ }
+
+ l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL);
+ if (l2->rx_avail == NULL) {
+ os_free(l2);
+ return NULL;
+ }
+
+ eloop_register_event(l2->rx_avail, sizeof(l2->rx_avail),
+ l2_packet_rx_event, l2, NULL);
+
+#ifdef _WIN32_WCE
+ l2_ndisuio_global->stop_request = CreateEvent(NULL, TRUE, FALSE, NULL);
+ /*
+ * This event is being set based on media connect/disconnect
+ * notifications in driver_ndis.c.
+ */
+ l2_ndisuio_global->ready_for_read =
+ CreateEvent(NULL, TRUE, FALSE, TEXT("WpaSupplicantConnected"));
+ l2_ndisuio_global->rx_processed = CreateEvent(NULL, TRUE, FALSE, NULL);
+ if (l2_ndisuio_global->stop_request == NULL ||
+ l2_ndisuio_global->ready_for_read == NULL ||
+ l2_ndisuio_global->rx_processed == NULL) {
+ if (l2_ndisuio_global->stop_request) {
+ CloseHandle(l2_ndisuio_global->stop_request);
+ l2_ndisuio_global->stop_request = NULL;
+ }
+ if (l2_ndisuio_global->ready_for_read) {
+ CloseHandle(l2_ndisuio_global->ready_for_read);
+ l2_ndisuio_global->ready_for_read = NULL;
+ }
+ if (l2_ndisuio_global->rx_processed) {
+ CloseHandle(l2_ndisuio_global->rx_processed);
+ l2_ndisuio_global->rx_processed = NULL;
+ }
+ eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail));
+ os_free(l2);
+ return NULL;
+ }
+
+ l2_ndisuio_global->rx_thread = CreateThread(NULL, 0,
+ l2_packet_rx_thread, l2, 0,
+ NULL);
+ if (l2_ndisuio_global->rx_thread == NULL) {
+ wpa_printf(MSG_INFO, "L2(NDISUIO): Failed to create RX "
+ "thread: %d", (int) GetLastError());
+ eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail));
+ CloseHandle(l2_ndisuio_global->stop_request);
+ l2_ndisuio_global->stop_request = NULL;
+ os_free(l2);
+ return NULL;
+ }
+#else /* _WIN32_WCE */
+ l2_ndisuio_start_read(l2, 0);
+#endif /* _WIN32_WCE */
+
+ return l2;
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 == NULL)
+ return;
+
+ if (l2_ndisuio_global) {
+ l2_ndisuio_global->refcount--;
+ l2_ndisuio_global->l2[l2_ndisuio_global->refcount] = NULL;
+ if (l2_ndisuio_global->refcount) {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): restore filtering "
+ "ethertype to %04x",
+ l2_ndisuio_global->first_proto);
+ l2_ndisuio_set_ether_type(
+ l2_ndisuio_global->first_proto);
+ return;
+ }
+
+#ifdef _WIN32_WCE
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): Waiting for RX thread to "
+ "stop");
+ SetEvent(l2_ndisuio_global->stop_request);
+ /*
+ * Cancel pending ReadFile() in the RX thread (if we were still
+ * connected at this point).
+ */
+ if (!DeviceIoControl(driver_ndis_get_ndisuio_handle(),
+ IOCTL_CANCEL_READ, NULL, 0, NULL, 0, NULL,
+ NULL)) {
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): IOCTL_CANCEL_READ "
+ "failed: %d", (int) GetLastError());
+ /* RX thread will exit blocking ReadFile once NDISUIO
+ * notices that the adapter is disconnected. */
+ }
+ WaitForSingleObject(l2_ndisuio_global->rx_thread, INFINITE);
+ wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread exited");
+ CloseHandle(l2_ndisuio_global->rx_thread);
+ CloseHandle(l2_ndisuio_global->stop_request);
+ CloseHandle(l2_ndisuio_global->ready_for_read);
+ CloseHandle(l2_ndisuio_global->rx_processed);
+#endif /* _WIN32_WCE */
+
+ os_free(l2_ndisuio_global);
+ l2_ndisuio_global = NULL;
+ }
+
+#ifndef _WIN32_WCE
+ CancelIo(driver_ndis_get_ndisuio_handle());
+#endif /* _WIN32_WCE */
+
+ eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail));
+ CloseHandle(l2->rx_avail);
+ os_free(l2);
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ return -1;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+}
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling example with dummy functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file can be used as a starting point for layer2 packet implementation.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+
+struct l2_packet_data {
+ char ifname[17];
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header data
+ * buffers */
+ int fd;
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ if (l2 == NULL)
+ return -1;
+
+ /*
+ * TODO: Send frame (may need different implementation depending on
+ * whether l2->l2_hdr is set).
+ */
+
+ return 0;
+}
+
+
+static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+ u8 buf[2300];
+ int res;
+
+ /* TODO: receive frame (e.g., recv() using sock */
+ buf[0] = 0;
+ res = 0;
+
+ l2->rx_callback(l2->rx_callback_ctx, NULL /* TODO: src addr */,
+ buf, res);
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+ /*
+ * TODO: open connection for receiving frames
+ */
+ l2->fd = -1;
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+
+ return l2;
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 == NULL)
+ return;
+
+ if (l2->fd >= 0) {
+ eloop_unregister_read_sock(l2->fd);
+ /* TODO: close connection */
+ }
+
+ os_free(l2);
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ /* TODO: get interface IP address */
+ return -1;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+ /* This function can be left empty */
+}
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling with libpcap/libdnet and WinPcap
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifndef CONFIG_NATIVE_WINDOWS
+#include <sys/ioctl.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+#include <pcap.h>
+#ifndef CONFIG_WINPCAP
+#include <dnet.h>
+#endif /* CONFIG_WINPCAP */
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+struct l2_packet_data {
+ pcap_t *pcap;
+#ifdef CONFIG_WINPCAP
+ unsigned int num_fast_poll;
+#else /* CONFIG_WINPCAP */
+ eth_t *eth;
+#endif /* CONFIG_WINPCAP */
+ char ifname[100];
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header in calls
+ * to rx_callback */
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+#ifndef CONFIG_WINPCAP
+static int l2_packet_init_libdnet(struct l2_packet_data *l2)
+{
+ eth_addr_t own_addr;
+
+ l2->eth = eth_open(l2->ifname);
+ if (!l2->eth) {
+ printf("Failed to open interface '%s'.\n", l2->ifname);
+ perror("eth_open");
+ return -1;
+ }
+
+ if (eth_get(l2->eth, &own_addr) < 0) {
+ printf("Failed to get own hw address from interface '%s'.\n",
+ l2->ifname);
+ perror("eth_get");
+ eth_close(l2->eth);
+ l2->eth = NULL;
+ return -1;
+ }
+ os_memcpy(l2->own_addr, own_addr.data, ETH_ALEN);
+
+ return 0;
+}
+#endif /* CONFIG_WINPCAP */
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ int ret;
+ struct l2_ethhdr *eth;
+
+ if (l2 == NULL)
+ return -1;
+
+ if (l2->l2_hdr) {
+#ifdef CONFIG_WINPCAP
+ ret = pcap_sendpacket(l2->pcap, buf, len);
+#else /* CONFIG_WINPCAP */
+ ret = eth_send(l2->eth, buf, len);
+#endif /* CONFIG_WINPCAP */
+ } else {
+ size_t mlen = sizeof(*eth) + len;
+ eth = os_malloc(mlen);
+ if (eth == NULL)
+ return -1;
+
+ os_memcpy(eth->h_dest, dst_addr, ETH_ALEN);
+ os_memcpy(eth->h_source, l2->own_addr, ETH_ALEN);
+ eth->h_proto = htons(proto);
+ os_memcpy(eth + 1, buf, len);
+
+#ifdef CONFIG_WINPCAP
+ ret = pcap_sendpacket(l2->pcap, (u8 *) eth, mlen);
+#else /* CONFIG_WINPCAP */
+ ret = eth_send(l2->eth, (u8 *) eth, mlen);
+#endif /* CONFIG_WINPCAP */
+
+ os_free(eth);
+ }
+
+ return ret;
+}
+
+
+#ifndef CONFIG_WINPCAP
+static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+ pcap_t *pcap = sock_ctx;
+ struct pcap_pkthdr hdr;
+ const u_char *packet;
+ struct l2_ethhdr *ethhdr;
+ unsigned char *buf;
+ size_t len;
+
+ packet = pcap_next(pcap, &hdr);
+
+ if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ return;
+
+ ethhdr = (struct l2_ethhdr *) packet;
+ if (l2->l2_hdr) {
+ buf = (unsigned char *) ethhdr;
+ len = hdr.caplen;
+ } else {
+ buf = (unsigned char *) (ethhdr + 1);
+ len = hdr.caplen - sizeof(*ethhdr);
+ }
+ l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
+}
+#endif /* CONFIG_WINPCAP */
+
+
+#ifdef CONFIG_WINPCAP
+static void l2_packet_receive_cb(u_char *user, const struct pcap_pkthdr *hdr,
+ const u_char *pkt_data)
+{
+ struct l2_packet_data *l2 = (struct l2_packet_data *) user;
+ struct l2_ethhdr *ethhdr;
+ unsigned char *buf;
+ size_t len;
+
+ if (pkt_data == NULL || hdr->caplen < sizeof(*ethhdr))
+ return;
+
+ ethhdr = (struct l2_ethhdr *) pkt_data;
+ if (l2->l2_hdr) {
+ buf = (unsigned char *) ethhdr;
+ len = hdr->caplen;
+ } else {
+ buf = (unsigned char *) (ethhdr + 1);
+ len = hdr->caplen - sizeof(*ethhdr);
+ }
+ l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
+ /*
+ * Use shorter poll interval for 3 seconds to reduce latency during key
+ * handshake.
+ */
+ l2->num_fast_poll = 3 * 50;
+}
+
+
+static void l2_packet_receive_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+ pcap_t *pcap = timeout_ctx;
+ int timeout;
+
+ if (l2->num_fast_poll > 0) {
+ timeout = 20000;
+ l2->num_fast_poll--;
+ } else
+ timeout = 100000;
+
+ /* Register new timeout before calling l2_packet_receive() since
+ * receive handler may free this l2_packet instance (which will
+ * cancel this timeout). */
+ eloop_register_timeout(0, timeout, l2_packet_receive_timeout,
+ l2, pcap);
+ pcap_dispatch(pcap, 10, l2_packet_receive_cb, (u_char *) l2);
+}
+#endif /* CONFIG_WINPCAP */
+
+
+static int l2_packet_init_libpcap(struct l2_packet_data *l2,
+ unsigned short protocol)
+{
+ bpf_u_int32 pcap_maskp, pcap_netp;
+ char pcap_filter[200], pcap_err[PCAP_ERRBUF_SIZE];
+ struct bpf_program pcap_fp;
+
+#ifdef CONFIG_WINPCAP
+ char ifname[128];
+ os_snprintf(ifname, sizeof(ifname), "\\Device\\NPF_%s", l2->ifname);
+ pcap_lookupnet(ifname, &pcap_netp, &pcap_maskp, pcap_err);
+ l2->pcap = pcap_open_live(ifname, 2500, 0, 10, pcap_err);
+ if (l2->pcap == NULL) {
+ fprintf(stderr, "pcap_open_live: %s\n", pcap_err);
+ fprintf(stderr, "ifname='%s'\n", ifname);
+ return -1;
+ }
+ if (pcap_setnonblock(l2->pcap, 1, pcap_err) < 0)
+ fprintf(stderr, "pcap_setnonblock: %s\n",
+ pcap_geterr(l2->pcap));
+#else /* CONFIG_WINPCAP */
+ pcap_lookupnet(l2->ifname, &pcap_netp, &pcap_maskp, pcap_err);
+ l2->pcap = pcap_open_live(l2->ifname, 2500, 0, 10, pcap_err);
+ if (l2->pcap == NULL) {
+ fprintf(stderr, "pcap_open_live: %s\n", pcap_err);
+ fprintf(stderr, "ifname='%s'\n", l2->ifname);
+ return -1;
+ }
+ if (pcap_datalink(l2->pcap) != DLT_EN10MB &&
+ pcap_set_datalink(l2->pcap, DLT_EN10MB) < 0) {
+ fprintf(stderr, "pcap_set_datalink(DLT_EN10MB): %s\n",
+ pcap_geterr(l2->pcap));
+ return -1;
+ }
+#endif /* CONFIG_WINPCAP */
+ os_snprintf(pcap_filter, sizeof(pcap_filter),
+ "not ether src " MACSTR " and "
+ "( ether dst " MACSTR " or ether dst " MACSTR " ) and "
+ "ether proto 0x%x",
+ MAC2STR(l2->own_addr), /* do not receive own packets */
+ MAC2STR(l2->own_addr), MAC2STR(pae_group_addr),
+ protocol);
+ if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) {
+ fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ if (pcap_setfilter(l2->pcap, &pcap_fp) < 0) {
+ fprintf(stderr, "pcap_setfilter: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ pcap_freecode(&pcap_fp);
+#ifdef BIOCIMMEDIATE
+ /*
+ * When libpcap uses BPF we must enable "immediate mode" to
+ * receive frames right away; otherwise the system may
+ * buffer them for us.
+ */
+ {
+ unsigned int on = 1;
+ if (ioctl(pcap_fileno(l2->pcap), BIOCIMMEDIATE, &on) < 0) {
+ fprintf(stderr, "%s: cannot enable immediate mode on "
+ "interface %s: %s\n",
+ __func__, l2->ifname, strerror(errno));
+ /* XXX should we fail? */
+ }
+ }
+#endif /* BIOCIMMEDIATE */
+
+#ifdef CONFIG_WINPCAP
+ eloop_register_timeout(0, 100000, l2_packet_receive_timeout,
+ l2, l2->pcap);
+#else /* CONFIG_WINPCAP */
+ eloop_register_read_sock(pcap_get_selectable_fd(l2->pcap),
+ l2_packet_receive, l2, l2->pcap);
+#endif /* CONFIG_WINPCAP */
+
+ return 0;
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+#ifdef CONFIG_WINPCAP
+ if (own_addr)
+ os_memcpy(l2->own_addr, own_addr, ETH_ALEN);
+#else /* CONFIG_WINPCAP */
+ if (l2_packet_init_libdnet(l2))
+ return NULL;
+#endif /* CONFIG_WINPCAP */
+
+ if (l2_packet_init_libpcap(l2, protocol)) {
+#ifndef CONFIG_WINPCAP
+ eth_close(l2->eth);
+#endif /* CONFIG_WINPCAP */
+ os_free(l2);
+ return NULL;
+ }
+
+ return l2;
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 == NULL)
+ return;
+
+#ifdef CONFIG_WINPCAP
+ eloop_cancel_timeout(l2_packet_receive_timeout, l2, l2->pcap);
+#else /* CONFIG_WINPCAP */
+ if (l2->eth)
+ eth_close(l2->eth);
+ eloop_unregister_read_sock(pcap_get_selectable_fd(l2->pcap));
+#endif /* CONFIG_WINPCAP */
+ if (l2->pcap)
+ pcap_close(l2->pcap);
+ os_free(l2);
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ pcap_if_t *devs, *dev;
+ struct pcap_addr *addr;
+ struct sockaddr_in *saddr;
+ int found = 0;
+ char err[PCAP_ERRBUF_SIZE + 1];
+
+ if (pcap_findalldevs(&devs, err) < 0) {
+ wpa_printf(MSG_DEBUG, "pcap_findalldevs: %s\n", err);
+ return -1;
+ }
+
+ for (dev = devs; dev && !found; dev = dev->next) {
+ if (os_strcmp(dev->name, l2->ifname) != 0)
+ continue;
+
+ addr = dev->addresses;
+ while (addr) {
+ saddr = (struct sockaddr_in *) addr->addr;
+ if (saddr && saddr->sin_family == AF_INET) {
+ os_snprintf(buf, len, "%s",
+ inet_ntoa(saddr->sin_addr));
+ found = 1;
+ break;
+ }
+ addr = addr->next;
+ }
+ }
+
+ pcap_freealldevs(devs);
+
+ return found ? 0 : -1;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+#ifdef CONFIG_WINPCAP
+ /*
+ * Use shorter poll interval for 3 seconds to reduce latency during key
+ * handshake.
+ */
+ l2->num_fast_poll = 3 * 50;
+ eloop_cancel_timeout(l2_packet_receive_timeout, l2, l2->pcap);
+ eloop_register_timeout(0, 10000, l2_packet_receive_timeout,
+ l2, l2->pcap);
+#endif /* CONFIG_WINPCAP */
+}
--- /dev/null
+/*
+ * WPA Supplicant - Layer2 packet handling with WinPcap RX thread
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This l2_packet implementation is explicitly for WinPcap and Windows events.
+ * l2_packet_pcap.c has support for WinPcap, but it requires polling to receive
+ * frames which means relatively long latency for EAPOL RX processing. The
+ * implementation here uses a separate thread to allow WinPcap to be receiving
+ * all the time to reduce latency for EAPOL receiving from about 100 ms to 3 ms
+ * when comparing l2_packet_pcap.c to l2_packet_winpcap.c. Extra sleep of 50 ms
+ * is added in to receive thread whenever no EAPOL frames has been received for
+ * a while. Whenever an EAPOL handshake is expected, this sleep is removed.
+ *
+ * The RX thread receives a frame and signals main thread through Windows event
+ * about the availability of a new frame. Processing the received frame is
+ * synchronized with pair of Windows events so that no extra buffer or queuing
+ * mechanism is needed. This implementation requires Windows specific event
+ * loop implementation, i.e., eloop_win.c.
+ *
+ * WinPcap has pcap_getevent() that could, in theory at least, be used to
+ * implement this kind of waiting with a simpler single-thread design. However,
+ * that event handle is not really signaled immediately when receiving each
+ * frame, so it does not really work for this kind of use.
+ */
+
+#include "includes.h"
+#include <pcap.h>
+
+#include "common.h"
+#include "eloop.h"
+#include "l2_packet.h"
+
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+/*
+ * Number of pcap_dispatch() iterations to do without extra wait after each
+ * received EAPOL packet or authentication notification. This is used to reduce
+ * latency for EAPOL receive.
+ */
+static const size_t no_wait_count = 750;
+
+struct l2_packet_data {
+ pcap_t *pcap;
+ unsigned int num_fast_poll;
+ char ifname[100];
+ u8 own_addr[ETH_ALEN];
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+ void *rx_callback_ctx;
+ int l2_hdr; /* whether to include layer 2 (Ethernet) header in calls to
+ * rx_callback and l2_packet_send() */
+ int running;
+ HANDLE rx_avail, rx_done, rx_thread, rx_thread_done, rx_notify;
+ u8 *rx_buf, *rx_src;
+ size_t rx_len;
+ size_t rx_no_wait;
+};
+
+
+int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
+{
+ os_memcpy(addr, l2->own_addr, ETH_ALEN);
+ return 0;
+}
+
+
+int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
+ const u8 *buf, size_t len)
+{
+ int ret;
+ struct l2_ethhdr *eth;
+
+ if (l2 == NULL)
+ return -1;
+
+ if (l2->l2_hdr) {
+ ret = pcap_sendpacket(l2->pcap, buf, len);
+ } else {
+ size_t mlen = sizeof(*eth) + len;
+ eth = os_malloc(mlen);
+ if (eth == NULL)
+ return -1;
+
+ os_memcpy(eth->h_dest, dst_addr, ETH_ALEN);
+ os_memcpy(eth->h_source, l2->own_addr, ETH_ALEN);
+ eth->h_proto = htons(proto);
+ os_memcpy(eth + 1, buf, len);
+ ret = pcap_sendpacket(l2->pcap, (u8 *) eth, mlen);
+ os_free(eth);
+ }
+
+ return ret;
+}
+
+
+/* pcap_dispatch() callback for the RX thread */
+static void l2_packet_receive_cb(u_char *user, const struct pcap_pkthdr *hdr,
+ const u_char *pkt_data)
+{
+ struct l2_packet_data *l2 = (struct l2_packet_data *) user;
+ struct l2_ethhdr *ethhdr;
+
+ if (pkt_data == NULL || hdr->caplen < sizeof(*ethhdr))
+ return;
+
+ ethhdr = (struct l2_ethhdr *) pkt_data;
+ if (l2->l2_hdr) {
+ l2->rx_buf = (u8 *) ethhdr;
+ l2->rx_len = hdr->caplen;
+ } else {
+ l2->rx_buf = (u8 *) (ethhdr + 1);
+ l2->rx_len = hdr->caplen - sizeof(*ethhdr);
+ }
+ l2->rx_src = ethhdr->h_source;
+ SetEvent(l2->rx_avail);
+ WaitForSingleObject(l2->rx_done, INFINITE);
+ ResetEvent(l2->rx_done);
+ l2->rx_no_wait = no_wait_count;
+}
+
+
+/* main RX loop that is running in a separate thread */
+static DWORD WINAPI l2_packet_receive_thread(LPVOID arg)
+{
+ struct l2_packet_data *l2 = arg;
+
+ while (l2->running) {
+ pcap_dispatch(l2->pcap, 1, l2_packet_receive_cb,
+ (u_char *) l2);
+ if (l2->rx_no_wait > 0)
+ l2->rx_no_wait--;
+ if (WaitForSingleObject(l2->rx_notify,
+ l2->rx_no_wait ? 0 : 50) ==
+ WAIT_OBJECT_0) {
+ l2->rx_no_wait = no_wait_count;
+ ResetEvent(l2->rx_notify);
+ }
+ }
+ SetEvent(l2->rx_thread_done);
+ ExitThread(0);
+ return 0;
+}
+
+
+/* main thread RX event handler */
+static void l2_packet_rx_event(void *eloop_data, void *user_data)
+{
+ struct l2_packet_data *l2 = eloop_data;
+ l2->rx_callback(l2->rx_callback_ctx, l2->rx_src, l2->rx_buf,
+ l2->rx_len);
+ ResetEvent(l2->rx_avail);
+ SetEvent(l2->rx_done);
+}
+
+
+static int l2_packet_init_libpcap(struct l2_packet_data *l2,
+ unsigned short protocol)
+{
+ bpf_u_int32 pcap_maskp, pcap_netp;
+ char pcap_filter[200], pcap_err[PCAP_ERRBUF_SIZE];
+ struct bpf_program pcap_fp;
+
+ pcap_lookupnet(l2->ifname, &pcap_netp, &pcap_maskp, pcap_err);
+ l2->pcap = pcap_open_live(l2->ifname, 2500, 0, 1, pcap_err);
+ if (l2->pcap == NULL) {
+ fprintf(stderr, "pcap_open_live: %s\n", pcap_err);
+ fprintf(stderr, "ifname='%s'\n", l2->ifname);
+ return -1;
+ }
+ os_snprintf(pcap_filter, sizeof(pcap_filter),
+ "not ether src " MACSTR " and "
+ "( ether dst " MACSTR " or ether dst " MACSTR " ) and "
+ "ether proto 0x%x",
+ MAC2STR(l2->own_addr), /* do not receive own packets */
+ MAC2STR(l2->own_addr), MAC2STR(pae_group_addr),
+ protocol);
+ if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) {
+ fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ if (pcap_setfilter(l2->pcap, &pcap_fp) < 0) {
+ fprintf(stderr, "pcap_setfilter: %s\n", pcap_geterr(l2->pcap));
+ return -1;
+ }
+
+ pcap_freecode(&pcap_fp);
+
+ return 0;
+}
+
+
+struct l2_packet_data * l2_packet_init(
+ const char *ifname, const u8 *own_addr, unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ struct l2_packet_data *l2;
+ DWORD thread_id;
+
+ l2 = os_zalloc(sizeof(struct l2_packet_data));
+ if (l2 == NULL)
+ return NULL;
+ if (os_strncmp(ifname, "\\Device\\NPF_", 12) == 0)
+ os_strncpy(l2->ifname, ifname, sizeof(l2->ifname));
+ else
+ os_snprintf(l2->ifname, sizeof(l2->ifname), "\\Device\\NPF_%s",
+ ifname);
+ l2->rx_callback = rx_callback;
+ l2->rx_callback_ctx = rx_callback_ctx;
+ l2->l2_hdr = l2_hdr;
+
+ if (own_addr)
+ os_memcpy(l2->own_addr, own_addr, ETH_ALEN);
+
+ if (l2_packet_init_libpcap(l2, protocol)) {
+ os_free(l2);
+ return NULL;
+ }
+
+ l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL);
+ l2->rx_done = CreateEvent(NULL, TRUE, FALSE, NULL);
+ l2->rx_notify = CreateEvent(NULL, TRUE, FALSE, NULL);
+ if (l2->rx_avail == NULL || l2->rx_done == NULL ||
+ l2->rx_notify == NULL) {
+ CloseHandle(l2->rx_avail);
+ CloseHandle(l2->rx_done);
+ CloseHandle(l2->rx_notify);
+ pcap_close(l2->pcap);
+ os_free(l2);
+ return NULL;
+ }
+
+ eloop_register_event(l2->rx_avail, sizeof(l2->rx_avail),
+ l2_packet_rx_event, l2, NULL);
+
+ l2->running = 1;
+ l2->rx_thread = CreateThread(NULL, 0, l2_packet_receive_thread, l2, 0,
+ &thread_id);
+
+ return l2;
+}
+
+
+static void l2_packet_deinit_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct l2_packet_data *l2 = eloop_ctx;
+
+ if (l2->rx_thread_done &&
+ WaitForSingleObject(l2->rx_thread_done, 2000) != WAIT_OBJECT_0) {
+ wpa_printf(MSG_DEBUG, "l2_packet_winpcap: RX thread did not "
+ "exit - kill it\n");
+ TerminateThread(l2->rx_thread, 0);
+ }
+ CloseHandle(l2->rx_thread_done);
+ CloseHandle(l2->rx_thread);
+ if (l2->pcap)
+ pcap_close(l2->pcap);
+ eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail));
+ CloseHandle(l2->rx_avail);
+ CloseHandle(l2->rx_done);
+ CloseHandle(l2->rx_notify);
+ os_free(l2);
+}
+
+
+void l2_packet_deinit(struct l2_packet_data *l2)
+{
+ if (l2 == NULL)
+ return;
+
+ l2->rx_thread_done = CreateEvent(NULL, TRUE, FALSE, NULL);
+
+ l2->running = 0;
+ pcap_breakloop(l2->pcap);
+
+ /*
+ * RX thread may be waiting in l2_packet_receive_cb() for l2->rx_done
+ * event and this event is set in l2_packet_rx_event(). However,
+ * l2_packet_deinit() may end up being called from l2->rx_callback(),
+ * so we need to return from here and complete deinitialization in
+ * a registered timeout to avoid having to forcefully kill the RX
+ * thread.
+ */
+ eloop_register_timeout(0, 0, l2_packet_deinit_timeout, l2, NULL);
+}
+
+
+int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
+{
+ pcap_if_t *devs, *dev;
+ struct pcap_addr *addr;
+ struct sockaddr_in *saddr;
+ int found = 0;
+ char err[PCAP_ERRBUF_SIZE + 1];
+
+ if (pcap_findalldevs(&devs, err) < 0) {
+ wpa_printf(MSG_DEBUG, "pcap_findalldevs: %s\n", err);
+ return -1;
+ }
+
+ for (dev = devs; dev && !found; dev = dev->next) {
+ if (os_strcmp(dev->name, l2->ifname) != 0)
+ continue;
+
+ addr = dev->addresses;
+ while (addr) {
+ saddr = (struct sockaddr_in *) addr->addr;
+ if (saddr && saddr->sin_family == AF_INET) {
+ os_snprintf(buf, len, "%s",
+ inet_ntoa(saddr->sin_addr));
+ found = 1;
+ break;
+ }
+ addr = addr->next;
+ }
+ }
+
+ pcap_freealldevs(devs);
+
+ return found ? 0 : -1;
+}
+
+
+void l2_packet_notify_auth_start(struct l2_packet_data *l2)
+{
+ SetEvent(l2->rx_notify);
+}
--- /dev/null
+/*
+ * Minimal code for RSA support from LibTomMath 0.3.9
+ * http://math.libtomcrypt.com/
+ * http://math.libtomcrypt.com/files/ltm-0.39.tar.bz2
+ * This library was released in public domain by Tom St Denis.
+ *
+ * The combination in this file is not using many of the optimized algorithms
+ * (e.g., Montgomery reduction) and is considerable slower than the LibTomMath
+ * with its default of SC_RSA_1 settins. The main purpose of having this
+ * version here is to make it easier to build bignum.c wrapper without having
+ * to install and build an external library. However, it is likely worth the
+ * effort to use the full library with SC_RSA_1 instead of this minimized copy.
+ * Including the optimized algorithms may increase the size requirements by
+ * 15 kB or so (measured with x86 build).
+ *
+ * If CONFIG_INTERNAL_LIBTOMMATH is defined, bignum.c includes this
+ * libtommath.c file instead of using the external LibTomMath library.
+ */
+
+#ifndef CHAR_BIT
+#define CHAR_BIT 8
+#endif
+
+#define BN_MP_INVMOD_C
+#define BN_S_MP_EXPTMOD_C /* Note: #undef in tommath_superclass.h; this would
+ * require BN_MP_EXPTMOD_FAST_C instead */
+#define BN_S_MP_MUL_DIGS_C
+#define BN_MP_INVMOD_SLOW_C
+#define BN_S_MP_SQR_C
+#define BN_S_MP_MUL_HIGH_DIGS_C /* Note: #undef in tommath_superclass.h; this
+ * would require other than mp_reduce */
+
+
+/* from tommath.h */
+
+#ifndef MIN
+ #define MIN(x,y) ((x)<(y)?(x):(y))
+#endif
+
+#ifndef MAX
+ #define MAX(x,y) ((x)>(y)?(x):(y))
+#endif
+
+#define OPT_CAST(x)
+
+typedef unsigned long mp_digit;
+typedef u64 mp_word;
+
+#define DIGIT_BIT 28
+#define MP_28BIT
+
+
+#define XMALLOC os_malloc
+#define XFREE os_free
+#define XREALLOC os_realloc
+
+
+#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
+
+#define MP_LT -1 /* less than */
+#define MP_EQ 0 /* equal to */
+#define MP_GT 1 /* greater than */
+
+#define MP_ZPOS 0 /* positive integer */
+#define MP_NEG 1 /* negative */
+
+#define MP_OKAY 0 /* ok result */
+#define MP_MEM -2 /* out of mem */
+#define MP_VAL -3 /* invalid input */
+
+#define MP_YES 1 /* yes response */
+#define MP_NO 0 /* no response */
+
+typedef int mp_err;
+
+/* define this to use lower memory usage routines (exptmods mostly) */
+#define MP_LOW_MEM
+
+/* default precision */
+#ifndef MP_PREC
+ #ifndef MP_LOW_MEM
+ #define MP_PREC 32 /* default digits of precision */
+ #else
+ #define MP_PREC 8 /* default digits of precision */
+ #endif
+#endif
+
+/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
+#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
+
+/* the infamous mp_int structure */
+typedef struct {
+ int used, alloc, sign;
+ mp_digit *dp;
+} mp_int;
+
+
+/* ---> Basic Manipulations <--- */
+#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
+#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
+#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
+
+
+/* prototypes for copied functions */
+#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
+static int s_mp_exptmod(mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode);
+static int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+static int s_mp_sqr(mp_int * a, mp_int * b);
+static int s_mp_mul_high_digs(mp_int * a, mp_int * b, mp_int * c, int digs);
+
+static int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+
+static int mp_init_multi(mp_int *mp, ...);
+static void mp_clear_multi(mp_int *mp, ...);
+static int mp_lshd(mp_int * a, int b);
+static void mp_set(mp_int * a, mp_digit b);
+static void mp_clamp(mp_int * a);
+static void mp_exch(mp_int * a, mp_int * b);
+static void mp_rshd(mp_int * a, int b);
+static void mp_zero(mp_int * a);
+static int mp_mod_2d(mp_int * a, int b, mp_int * c);
+static int mp_div_2d(mp_int * a, int b, mp_int * c, mp_int * d);
+static int mp_init_copy(mp_int * a, mp_int * b);
+static int mp_mul_2d(mp_int * a, int b, mp_int * c);
+static int mp_div_2(mp_int * a, mp_int * b);
+static int mp_copy(mp_int * a, mp_int * b);
+static int mp_count_bits(mp_int * a);
+static int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+static int mp_mod(mp_int * a, mp_int * b, mp_int * c);
+static int mp_grow(mp_int * a, int size);
+static int mp_cmp_mag(mp_int * a, mp_int * b);
+static int mp_invmod(mp_int * a, mp_int * b, mp_int * c);
+static int mp_abs(mp_int * a, mp_int * b);
+static int mp_invmod_slow(mp_int * a, mp_int * b, mp_int * c);
+static int mp_sqr(mp_int * a, mp_int * b);
+static int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
+static int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
+static int mp_2expt(mp_int * a, int b);
+static int mp_reduce_setup(mp_int * a, mp_int * b);
+static int mp_reduce(mp_int * x, mp_int * m, mp_int * mu);
+static int mp_init_size(mp_int * a, int size);
+
+
+
+/* functions from bn_<func name>.c */
+
+
+/* reverse an array, used for radix code */
+static void bn_reverse (unsigned char *s, int len)
+{
+ int ix, iy;
+ unsigned char t;
+
+ ix = 0;
+ iy = len - 1;
+ while (ix < iy) {
+ t = s[ix];
+ s[ix] = s[iy];
+ s[iy] = t;
+ ++ix;
+ --iy;
+ }
+}
+
+
+/* low level addition, based on HAC pp.594, Algorithm 14.7 */
+static int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
+{
+ mp_int *x;
+ int olduse, res, min, max;
+
+ /* find sizes, we let |a| <= |b| which means we have to sort
+ * them. "x" will point to the input with the most digits
+ */
+ if (a->used > b->used) {
+ min = b->used;
+ max = a->used;
+ x = a;
+ } else {
+ min = a->used;
+ max = b->used;
+ x = b;
+ }
+
+ /* init result */
+ if (c->alloc < max + 1) {
+ if ((res = mp_grow (c, max + 1)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* get old used digit count and set new one */
+ olduse = c->used;
+ c->used = max + 1;
+
+ {
+ register mp_digit u, *tmpa, *tmpb, *tmpc;
+ register int i;
+
+ /* alias for digit pointers */
+
+ /* first input */
+ tmpa = a->dp;
+
+ /* second input */
+ tmpb = b->dp;
+
+ /* destination */
+ tmpc = c->dp;
+
+ /* zero the carry */
+ u = 0;
+ for (i = 0; i < min; i++) {
+ /* Compute the sum at one digit, T[i] = A[i] + B[i] + U */
+ *tmpc = *tmpa++ + *tmpb++ + u;
+
+ /* U = carry bit of T[i] */
+ u = *tmpc >> ((mp_digit)DIGIT_BIT);
+
+ /* take away carry bit from T[i] */
+ *tmpc++ &= MP_MASK;
+ }
+
+ /* now copy higher words if any, that is in A+B
+ * if A or B has more digits add those in
+ */
+ if (min != max) {
+ for (; i < max; i++) {
+ /* T[i] = X[i] + U */
+ *tmpc = x->dp[i] + u;
+
+ /* U = carry bit of T[i] */
+ u = *tmpc >> ((mp_digit)DIGIT_BIT);
+
+ /* take away carry bit from T[i] */
+ *tmpc++ &= MP_MASK;
+ }
+ }
+
+ /* add carry */
+ *tmpc++ = u;
+
+ /* clear digits above oldused */
+ for (i = c->used; i < olduse; i++) {
+ *tmpc++ = 0;
+ }
+ }
+
+ mp_clamp (c);
+ return MP_OKAY;
+}
+
+
+/* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */
+static int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
+{
+ int olduse, res, min, max;
+
+ /* find sizes */
+ min = b->used;
+ max = a->used;
+
+ /* init result */
+ if (c->alloc < max) {
+ if ((res = mp_grow (c, max)) != MP_OKAY) {
+ return res;
+ }
+ }
+ olduse = c->used;
+ c->used = max;
+
+ {
+ register mp_digit u, *tmpa, *tmpb, *tmpc;
+ register int i;
+
+ /* alias for digit pointers */
+ tmpa = a->dp;
+ tmpb = b->dp;
+ tmpc = c->dp;
+
+ /* set carry to zero */
+ u = 0;
+ for (i = 0; i < min; i++) {
+ /* T[i] = A[i] - B[i] - U */
+ *tmpc = *tmpa++ - *tmpb++ - u;
+
+ /* U = carry bit of T[i]
+ * Note this saves performing an AND operation since
+ * if a carry does occur it will propagate all the way to the
+ * MSB. As a result a single shift is enough to get the carry
+ */
+ u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1));
+
+ /* Clear carry from T[i] */
+ *tmpc++ &= MP_MASK;
+ }
+
+ /* now copy higher words if any, e.g. if A has more digits than B */
+ for (; i < max; i++) {
+ /* T[i] = A[i] - U */
+ *tmpc = *tmpa++ - u;
+
+ /* U = carry bit of T[i] */
+ u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1));
+
+ /* Clear carry from T[i] */
+ *tmpc++ &= MP_MASK;
+ }
+
+ /* clear digits above used (since we may not have grown result above) */
+ for (i = c->used; i < olduse; i++) {
+ *tmpc++ = 0;
+ }
+ }
+
+ mp_clamp (c);
+ return MP_OKAY;
+}
+
+
+/* init a new mp_int */
+static int mp_init (mp_int * a)
+{
+ int i;
+
+ /* allocate memory required and clear it */
+ a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * MP_PREC);
+ if (a->dp == NULL) {
+ return MP_MEM;
+ }
+
+ /* set the digits to zero */
+ for (i = 0; i < MP_PREC; i++) {
+ a->dp[i] = 0;
+ }
+
+ /* set the used to zero, allocated digits to the default precision
+ * and sign to positive */
+ a->used = 0;
+ a->alloc = MP_PREC;
+ a->sign = MP_ZPOS;
+
+ return MP_OKAY;
+}
+
+
+/* clear one (frees) */
+static void mp_clear (mp_int * a)
+{
+ int i;
+
+ /* only do anything if a hasn't been freed previously */
+ if (a->dp != NULL) {
+ /* first zero the digits */
+ for (i = 0; i < a->used; i++) {
+ a->dp[i] = 0;
+ }
+
+ /* free ram */
+ XFREE(a->dp);
+
+ /* reset members to make debugging easier */
+ a->dp = NULL;
+ a->alloc = a->used = 0;
+ a->sign = MP_ZPOS;
+ }
+}
+
+
+/* high level addition (handles signs) */
+static int mp_add (mp_int * a, mp_int * b, mp_int * c)
+{
+ int sa, sb, res;
+
+ /* get sign of both inputs */
+ sa = a->sign;
+ sb = b->sign;
+
+ /* handle two cases, not four */
+ if (sa == sb) {
+ /* both positive or both negative */
+ /* add their magnitudes, copy the sign */
+ c->sign = sa;
+ res = s_mp_add (a, b, c);
+ } else {
+ /* one positive, the other negative */
+ /* subtract the one with the greater magnitude from */
+ /* the one of the lesser magnitude. The result gets */
+ /* the sign of the one with the greater magnitude. */
+ if (mp_cmp_mag (a, b) == MP_LT) {
+ c->sign = sb;
+ res = s_mp_sub (b, a, c);
+ } else {
+ c->sign = sa;
+ res = s_mp_sub (a, b, c);
+ }
+ }
+ return res;
+}
+
+
+/* high level subtraction (handles signs) */
+static int mp_sub (mp_int * a, mp_int * b, mp_int * c)
+{
+ int sa, sb, res;
+
+ sa = a->sign;
+ sb = b->sign;
+
+ if (sa != sb) {
+ /* subtract a negative from a positive, OR */
+ /* subtract a positive from a negative. */
+ /* In either case, ADD their magnitudes, */
+ /* and use the sign of the first number. */
+ c->sign = sa;
+ res = s_mp_add (a, b, c);
+ } else {
+ /* subtract a positive from a positive, OR */
+ /* subtract a negative from a negative. */
+ /* First, take the difference between their */
+ /* magnitudes, then... */
+ if (mp_cmp_mag (a, b) != MP_LT) {
+ /* Copy the sign from the first */
+ c->sign = sa;
+ /* The first has a larger or equal magnitude */
+ res = s_mp_sub (a, b, c);
+ } else {
+ /* The result has the *opposite* sign from */
+ /* the first number. */
+ c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS;
+ /* The second has a larger magnitude */
+ res = s_mp_sub (b, a, c);
+ }
+ }
+ return res;
+}
+
+
+/* high level multiplication (handles sign) */
+static int mp_mul (mp_int * a, mp_int * b, mp_int * c)
+{
+ int res, neg;
+ neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
+
+ /* use Toom-Cook? */
+#ifdef BN_MP_TOOM_MUL_C
+ if (MIN (a->used, b->used) >= TOOM_MUL_CUTOFF) {
+ res = mp_toom_mul(a, b, c);
+ } else
+#endif
+#ifdef BN_MP_KARATSUBA_MUL_C
+ /* use Karatsuba? */
+ if (MIN (a->used, b->used) >= KARATSUBA_MUL_CUTOFF) {
+ res = mp_karatsuba_mul (a, b, c);
+ } else
+#endif
+ {
+ /* can we use the fast multiplier?
+ *
+ * The fast multiplier can be used if the output will
+ * have less than MP_WARRAY digits and the number of
+ * digits won't affect carry propagation
+ */
+#ifdef BN_FAST_S_MP_MUL_DIGS_C
+ int digs = a->used + b->used + 1;
+
+ if ((digs < MP_WARRAY) &&
+ MIN(a->used, b->used) <=
+ (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+ res = fast_s_mp_mul_digs (a, b, c, digs);
+ } else
+#endif
+#ifdef BN_S_MP_MUL_DIGS_C
+ res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
+#else
+#error mp_mul could fail
+ res = MP_VAL;
+#endif
+
+ }
+ c->sign = (c->used > 0) ? neg : MP_ZPOS;
+ return res;
+}
+
+
+/* d = a * b (mod c) */
+static int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
+{
+ int res;
+ mp_int t;
+
+ if ((res = mp_init (&t)) != MP_OKAY) {
+ return res;
+ }
+
+ if ((res = mp_mul (a, b, &t)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ res = mp_mod (&t, c, d);
+ mp_clear (&t);
+ return res;
+}
+
+
+/* c = a mod b, 0 <= c < b */
+static int mp_mod (mp_int * a, mp_int * b, mp_int * c)
+{
+ mp_int t;
+ int res;
+
+ if ((res = mp_init (&t)) != MP_OKAY) {
+ return res;
+ }
+
+ if ((res = mp_div (a, b, NULL, &t)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+
+ if (t.sign != b->sign) {
+ res = mp_add (b, &t, c);
+ } else {
+ res = MP_OKAY;
+ mp_exch (&t, c);
+ }
+
+ mp_clear (&t);
+ return res;
+}
+
+
+/* this is a shell function that calls either the normal or Montgomery
+ * exptmod functions. Originally the call to the montgomery code was
+ * embedded in the normal function but that wasted alot of stack space
+ * for nothing (since 99% of the time the Montgomery code would be called)
+ */
+static int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
+{
+ int dr;
+
+ /* modulus P must be positive */
+ if (P->sign == MP_NEG) {
+ return MP_VAL;
+ }
+
+ /* if exponent X is negative we have to recurse */
+ if (X->sign == MP_NEG) {
+#ifdef BN_MP_INVMOD_C
+ mp_int tmpG, tmpX;
+ int err;
+
+ /* first compute 1/G mod P */
+ if ((err = mp_init(&tmpG)) != MP_OKAY) {
+ return err;
+ }
+ if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) {
+ mp_clear(&tmpG);
+ return err;
+ }
+
+ /* now get |X| */
+ if ((err = mp_init(&tmpX)) != MP_OKAY) {
+ mp_clear(&tmpG);
+ return err;
+ }
+ if ((err = mp_abs(X, &tmpX)) != MP_OKAY) {
+ mp_clear_multi(&tmpG, &tmpX, NULL);
+ return err;
+ }
+
+ /* and now compute (1/G)**|X| instead of G**X [X < 0] */
+ err = mp_exptmod(&tmpG, &tmpX, P, Y);
+ mp_clear_multi(&tmpG, &tmpX, NULL);
+ return err;
+#else
+#error mp_exptmod would always fail
+ /* no invmod */
+ return MP_VAL;
+#endif
+ }
+
+/* modified diminished radix reduction */
+#if defined(BN_MP_REDUCE_IS_2K_L_C) && defined(BN_MP_REDUCE_2K_L_C) && defined(BN_S_MP_EXPTMOD_C)
+ if (mp_reduce_is_2k_l(P) == MP_YES) {
+ return s_mp_exptmod(G, X, P, Y, 1);
+ }
+#endif
+
+#ifdef BN_MP_DR_IS_MODULUS_C
+ /* is it a DR modulus? */
+ dr = mp_dr_is_modulus(P);
+#else
+ /* default to no */
+ dr = 0;
+#endif
+
+#ifdef BN_MP_REDUCE_IS_2K_C
+ /* if not, is it a unrestricted DR modulus? */
+ if (dr == 0) {
+ dr = mp_reduce_is_2k(P) << 1;
+ }
+#endif
+
+ /* if the modulus is odd or dr != 0 use the montgomery method */
+#ifdef BN_MP_EXPTMOD_FAST_C
+ if (mp_isodd (P) == 1 || dr != 0) {
+ return mp_exptmod_fast (G, X, P, Y, dr);
+ } else {
+#endif
+#ifdef BN_S_MP_EXPTMOD_C
+ /* otherwise use the generic Barrett reduction technique */
+ return s_mp_exptmod (G, X, P, Y, 0);
+#else
+#error mp_exptmod could fail
+ /* no exptmod for evens */
+ return MP_VAL;
+#endif
+#ifdef BN_MP_EXPTMOD_FAST_C
+ }
+#endif
+}
+
+
+/* compare two ints (signed)*/
+static int mp_cmp (mp_int * a, mp_int * b)
+{
+ /* compare based on sign */
+ if (a->sign != b->sign) {
+ if (a->sign == MP_NEG) {
+ return MP_LT;
+ } else {
+ return MP_GT;
+ }
+ }
+
+ /* compare digits */
+ if (a->sign == MP_NEG) {
+ /* if negative compare opposite direction */
+ return mp_cmp_mag(b, a);
+ } else {
+ return mp_cmp_mag(a, b);
+ }
+}
+
+
+/* compare a digit */
+static int mp_cmp_d(mp_int * a, mp_digit b)
+{
+ /* compare based on sign */
+ if (a->sign == MP_NEG) {
+ return MP_LT;
+ }
+
+ /* compare based on magnitude */
+ if (a->used > 1) {
+ return MP_GT;
+ }
+
+ /* compare the only digit of a to b */
+ if (a->dp[0] > b) {
+ return MP_GT;
+ } else if (a->dp[0] < b) {
+ return MP_LT;
+ } else {
+ return MP_EQ;
+ }
+}
+
+
+/* hac 14.61, pp608 */
+static int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
+{
+ /* b cannot be negative */
+ if (b->sign == MP_NEG || mp_iszero(b) == 1) {
+ return MP_VAL;
+ }
+
+#ifdef BN_FAST_MP_INVMOD_C
+ /* if the modulus is odd we can use a faster routine instead */
+ if (mp_isodd (b) == 1) {
+ return fast_mp_invmod (a, b, c);
+ }
+#endif
+
+#ifdef BN_MP_INVMOD_SLOW_C
+ return mp_invmod_slow(a, b, c);
+#endif
+
+#ifndef BN_FAST_MP_INVMOD_C
+#ifndef BN_MP_INVMOD_SLOW_C
+#error mp_invmod would always fail
+#endif
+#endif
+ return MP_VAL;
+}
+
+
+/* get the size for an unsigned equivalent */
+static int mp_unsigned_bin_size (mp_int * a)
+{
+ int size = mp_count_bits (a);
+ return (size / 8 + ((size & 7) != 0 ? 1 : 0));
+}
+
+
+/* hac 14.61, pp608 */
+static int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
+{
+ mp_int x, y, u, v, A, B, C, D;
+ int res;
+
+ /* b cannot be negative */
+ if (b->sign == MP_NEG || mp_iszero(b) == 1) {
+ return MP_VAL;
+ }
+
+ /* init temps */
+ if ((res = mp_init_multi(&x, &y, &u, &v,
+ &A, &B, &C, &D, NULL)) != MP_OKAY) {
+ return res;
+ }
+
+ /* x = a, y = b */
+ if ((res = mp_mod(a, b, &x)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_copy (b, &y)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+
+ /* 2. [modified] if x,y are both even then return an error! */
+ if (mp_iseven (&x) == 1 && mp_iseven (&y) == 1) {
+ res = MP_VAL;
+ goto LBL_ERR;
+ }
+
+ /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
+ if ((res = mp_copy (&x, &u)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_copy (&y, &v)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ mp_set (&A, 1);
+ mp_set (&D, 1);
+
+top:
+ /* 4. while u is even do */
+ while (mp_iseven (&u) == 1) {
+ /* 4.1 u = u/2 */
+ if ((res = mp_div_2 (&u, &u)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ /* 4.2 if A or B is odd then */
+ if (mp_isodd (&A) == 1 || mp_isodd (&B) == 1) {
+ /* A = (A+y)/2, B = (B-x)/2 */
+ if ((res = mp_add (&A, &y, &A)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_sub (&B, &x, &B)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+ /* A = A/2, B = B/2 */
+ if ((res = mp_div_2 (&A, &A)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_div_2 (&B, &B)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* 5. while v is even do */
+ while (mp_iseven (&v) == 1) {
+ /* 5.1 v = v/2 */
+ if ((res = mp_div_2 (&v, &v)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ /* 5.2 if C or D is odd then */
+ if (mp_isodd (&C) == 1 || mp_isodd (&D) == 1) {
+ /* C = (C+y)/2, D = (D-x)/2 */
+ if ((res = mp_add (&C, &y, &C)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_sub (&D, &x, &D)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+ /* C = C/2, D = D/2 */
+ if ((res = mp_div_2 (&C, &C)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ if ((res = mp_div_2 (&D, &D)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* 6. if u >= v then */
+ if (mp_cmp (&u, &v) != MP_LT) {
+ /* u = u - v, A = A - C, B = B - D */
+ if ((res = mp_sub (&u, &v, &u)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+
+ if ((res = mp_sub (&A, &C, &A)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+
+ if ((res = mp_sub (&B, &D, &B)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ } else {
+ /* v - v - u, C = C - A, D = D - B */
+ if ((res = mp_sub (&v, &u, &v)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+
+ if ((res = mp_sub (&C, &A, &C)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+
+ if ((res = mp_sub (&D, &B, &D)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* if not zero goto step 4 */
+ if (mp_iszero (&u) == 0)
+ goto top;
+
+ /* now a = C, b = D, gcd == g*v */
+
+ /* if v != 1 then there is no inverse */
+ if (mp_cmp_d (&v, 1) != MP_EQ) {
+ res = MP_VAL;
+ goto LBL_ERR;
+ }
+
+ /* if its too low */
+ while (mp_cmp_d(&C, 0) == MP_LT) {
+ if ((res = mp_add(&C, b, &C)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* too big */
+ while (mp_cmp_mag(&C, b) != MP_LT) {
+ if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* C is now the inverse */
+ mp_exch (&C, c);
+ res = MP_OKAY;
+LBL_ERR:mp_clear_multi (&x, &y, &u, &v, &A, &B, &C, &D, NULL);
+ return res;
+}
+
+
+/* compare maginitude of two ints (unsigned) */
+static int mp_cmp_mag (mp_int * a, mp_int * b)
+{
+ int n;
+ mp_digit *tmpa, *tmpb;
+
+ /* compare based on # of non-zero digits */
+ if (a->used > b->used) {
+ return MP_GT;
+ }
+
+ if (a->used < b->used) {
+ return MP_LT;
+ }
+
+ /* alias for a */
+ tmpa = a->dp + (a->used - 1);
+
+ /* alias for b */
+ tmpb = b->dp + (a->used - 1);
+
+ /* compare based on digits */
+ for (n = 0; n < a->used; ++n, --tmpa, --tmpb) {
+ if (*tmpa > *tmpb) {
+ return MP_GT;
+ }
+
+ if (*tmpa < *tmpb) {
+ return MP_LT;
+ }
+ }
+ return MP_EQ;
+}
+
+
+/* reads a unsigned char array, assumes the msb is stored first [big endian] */
+static int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c)
+{
+ int res;
+
+ /* make sure there are at least two digits */
+ if (a->alloc < 2) {
+ if ((res = mp_grow(a, 2)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* zero the int */
+ mp_zero (a);
+
+ /* read the bytes in */
+ while (c-- > 0) {
+ if ((res = mp_mul_2d (a, 8, a)) != MP_OKAY) {
+ return res;
+ }
+
+#ifndef MP_8BIT
+ a->dp[0] |= *b++;
+ a->used += 1;
+#else
+ a->dp[0] = (*b & MP_MASK);
+ a->dp[1] |= ((*b++ >> 7U) & 1);
+ a->used += 2;
+#endif
+ }
+ mp_clamp (a);
+ return MP_OKAY;
+}
+
+
+/* store in unsigned [big endian] format */
+static int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
+{
+ int x, res;
+ mp_int t;
+
+ if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+ return res;
+ }
+
+ x = 0;
+ while (mp_iszero (&t) == 0) {
+#ifndef MP_8BIT
+ b[x++] = (unsigned char) (t.dp[0] & 255);
+#else
+ b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7));
+#endif
+ if ((res = mp_div_2d (&t, 8, &t, NULL)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ }
+ bn_reverse (b, x);
+ mp_clear (&t);
+ return MP_OKAY;
+}
+
+
+/* shift right by a certain bit count (store quotient in c, optional remainder in d) */
+static int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d)
+{
+ mp_digit D, r, rr;
+ int x, res;
+ mp_int t;
+
+
+ /* if the shift count is <= 0 then we do no work */
+ if (b <= 0) {
+ res = mp_copy (a, c);
+ if (d != NULL) {
+ mp_zero (d);
+ }
+ return res;
+ }
+
+ if ((res = mp_init (&t)) != MP_OKAY) {
+ return res;
+ }
+
+ /* get the remainder */
+ if (d != NULL) {
+ if ((res = mp_mod_2d (a, b, &t)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ }
+
+ /* copy */
+ if ((res = mp_copy (a, c)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+
+ /* shift by as many digits in the bit count */
+ if (b >= (int)DIGIT_BIT) {
+ mp_rshd (c, b / DIGIT_BIT);
+ }
+
+ /* shift any bit count < DIGIT_BIT */
+ D = (mp_digit) (b % DIGIT_BIT);
+ if (D != 0) {
+ register mp_digit *tmpc, mask, shift;
+
+ /* mask */
+ mask = (((mp_digit)1) << D) - 1;
+
+ /* shift for lsb */
+ shift = DIGIT_BIT - D;
+
+ /* alias */
+ tmpc = c->dp + (c->used - 1);
+
+ /* carry */
+ r = 0;
+ for (x = c->used - 1; x >= 0; x--) {
+ /* get the lower bits of this word in a temp */
+ rr = *tmpc & mask;
+
+ /* shift the current word and mix in the carry bits from the previous word */
+ *tmpc = (*tmpc >> D) | (r << shift);
+ --tmpc;
+
+ /* set the carry to the carry bits of the current word found above */
+ r = rr;
+ }
+ }
+ mp_clamp (c);
+ if (d != NULL) {
+ mp_exch (&t, d);
+ }
+ mp_clear (&t);
+ return MP_OKAY;
+}
+
+
+static int mp_init_copy (mp_int * a, mp_int * b)
+{
+ int res;
+
+ if ((res = mp_init (a)) != MP_OKAY) {
+ return res;
+ }
+ return mp_copy (b, a);
+}
+
+
+/* set to zero */
+static void mp_zero (mp_int * a)
+{
+ int n;
+ mp_digit *tmp;
+
+ a->sign = MP_ZPOS;
+ a->used = 0;
+
+ tmp = a->dp;
+ for (n = 0; n < a->alloc; n++) {
+ *tmp++ = 0;
+ }
+}
+
+
+/* copy, b = a */
+static int mp_copy (mp_int * a, mp_int * b)
+{
+ int res, n;
+
+ /* if dst == src do nothing */
+ if (a == b) {
+ return MP_OKAY;
+ }
+
+ /* grow dest */
+ if (b->alloc < a->used) {
+ if ((res = mp_grow (b, a->used)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* zero b and copy the parameters over */
+ {
+ register mp_digit *tmpa, *tmpb;
+
+ /* pointer aliases */
+
+ /* source */
+ tmpa = a->dp;
+
+ /* destination */
+ tmpb = b->dp;
+
+ /* copy all the digits */
+ for (n = 0; n < a->used; n++) {
+ *tmpb++ = *tmpa++;
+ }
+
+ /* clear high digits */
+ for (; n < b->used; n++) {
+ *tmpb++ = 0;
+ }
+ }
+
+ /* copy used count and sign */
+ b->used = a->used;
+ b->sign = a->sign;
+ return MP_OKAY;
+}
+
+
+/* shift right a certain amount of digits */
+static void mp_rshd (mp_int * a, int b)
+{
+ int x;
+
+ /* if b <= 0 then ignore it */
+ if (b <= 0) {
+ return;
+ }
+
+ /* if b > used then simply zero it and return */
+ if (a->used <= b) {
+ mp_zero (a);
+ return;
+ }
+
+ {
+ register mp_digit *bottom, *top;
+
+ /* shift the digits down */
+
+ /* bottom */
+ bottom = a->dp;
+
+ /* top [offset into digits] */
+ top = a->dp + b;
+
+ /* this is implemented as a sliding window where
+ * the window is b-digits long and digits from
+ * the top of the window are copied to the bottom
+ *
+ * e.g.
+
+ b-2 | b-1 | b0 | b1 | b2 | ... | bb | ---->
+ /\ | ---->
+ \-------------------/ ---->
+ */
+ for (x = 0; x < (a->used - b); x++) {
+ *bottom++ = *top++;
+ }
+
+ /* zero the top digits */
+ for (; x < a->used; x++) {
+ *bottom++ = 0;
+ }
+ }
+
+ /* remove excess digits */
+ a->used -= b;
+}
+
+
+/* swap the elements of two integers, for cases where you can't simply swap the
+ * mp_int pointers around
+ */
+static void mp_exch (mp_int * a, mp_int * b)
+{
+ mp_int t;
+
+ t = *a;
+ *a = *b;
+ *b = t;
+}
+
+
+/* trim unused digits
+ *
+ * This is used to ensure that leading zero digits are
+ * trimed and the leading "used" digit will be non-zero
+ * Typically very fast. Also fixes the sign if there
+ * are no more leading digits
+ */
+static void mp_clamp (mp_int * a)
+{
+ /* decrease used while the most significant digit is
+ * zero.
+ */
+ while (a->used > 0 && a->dp[a->used - 1] == 0) {
+ --(a->used);
+ }
+
+ /* reset the sign flag if used == 0 */
+ if (a->used == 0) {
+ a->sign = MP_ZPOS;
+ }
+}
+
+
+/* grow as required */
+static int mp_grow (mp_int * a, int size)
+{
+ int i;
+ mp_digit *tmp;
+
+ /* if the alloc size is smaller alloc more ram */
+ if (a->alloc < size) {
+ /* ensure there are always at least MP_PREC digits extra on top */
+ size += (MP_PREC * 2) - (size % MP_PREC);
+
+ /* reallocate the array a->dp
+ *
+ * We store the return in a temporary variable
+ * in case the operation failed we don't want
+ * to overwrite the dp member of a.
+ */
+ tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size);
+ if (tmp == NULL) {
+ /* reallocation failed but "a" is still valid [can be freed] */
+ return MP_MEM;
+ }
+
+ /* reallocation succeeded so set a->dp */
+ a->dp = tmp;
+
+ /* zero excess digits */
+ i = a->alloc;
+ a->alloc = size;
+ for (; i < a->alloc; i++) {
+ a->dp[i] = 0;
+ }
+ }
+ return MP_OKAY;
+}
+
+
+/* b = |a|
+ *
+ * Simple function copies the input and fixes the sign to positive
+ */
+static int mp_abs (mp_int * a, mp_int * b)
+{
+ int res;
+
+ /* copy a to b */
+ if (a != b) {
+ if ((res = mp_copy (a, b)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* force the sign of b to positive */
+ b->sign = MP_ZPOS;
+
+ return MP_OKAY;
+}
+
+
+/* set to a digit */
+static void mp_set (mp_int * a, mp_digit b)
+{
+ mp_zero (a);
+ a->dp[0] = b & MP_MASK;
+ a->used = (a->dp[0] != 0) ? 1 : 0;
+}
+
+
+/* b = a/2 */
+static int mp_div_2(mp_int * a, mp_int * b)
+{
+ int x, res, oldused;
+
+ /* copy */
+ if (b->alloc < a->used) {
+ if ((res = mp_grow (b, a->used)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ oldused = b->used;
+ b->used = a->used;
+ {
+ register mp_digit r, rr, *tmpa, *tmpb;
+
+ /* source alias */
+ tmpa = a->dp + b->used - 1;
+
+ /* dest alias */
+ tmpb = b->dp + b->used - 1;
+
+ /* carry */
+ r = 0;
+ for (x = b->used - 1; x >= 0; x--) {
+ /* get the carry for the next iteration */
+ rr = *tmpa & 1;
+
+ /* shift the current digit, add in carry and store */
+ *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1));
+
+ /* forward carry to next iteration */
+ r = rr;
+ }
+
+ /* zero excess digits */
+ tmpb = b->dp + b->used;
+ for (x = b->used; x < oldused; x++) {
+ *tmpb++ = 0;
+ }
+ }
+ b->sign = a->sign;
+ mp_clamp (b);
+ return MP_OKAY;
+}
+
+
+/* shift left by a certain bit count */
+static int mp_mul_2d (mp_int * a, int b, mp_int * c)
+{
+ mp_digit d;
+ int res;
+
+ /* copy */
+ if (a != c) {
+ if ((res = mp_copy (a, c)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ if (c->alloc < (int)(c->used + b/DIGIT_BIT + 1)) {
+ if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* shift by as many digits in the bit count */
+ if (b >= (int)DIGIT_BIT) {
+ if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* shift any bit count < DIGIT_BIT */
+ d = (mp_digit) (b % DIGIT_BIT);
+ if (d != 0) {
+ register mp_digit *tmpc, shift, mask, r, rr;
+ register int x;
+
+ /* bitmask for carries */
+ mask = (((mp_digit)1) << d) - 1;
+
+ /* shift for msbs */
+ shift = DIGIT_BIT - d;
+
+ /* alias */
+ tmpc = c->dp;
+
+ /* carry */
+ r = 0;
+ for (x = 0; x < c->used; x++) {
+ /* get the higher bits of the current word */
+ rr = (*tmpc >> shift) & mask;
+
+ /* shift the current word and OR in the carry */
+ *tmpc = ((*tmpc << d) | r) & MP_MASK;
+ ++tmpc;
+
+ /* set the carry to the carry bits of the current word */
+ r = rr;
+ }
+
+ /* set final carry */
+ if (r != 0) {
+ c->dp[(c->used)++] = r;
+ }
+ }
+ mp_clamp (c);
+ return MP_OKAY;
+}
+
+
+static int mp_init_multi(mp_int *mp, ...)
+{
+ mp_err res = MP_OKAY; /* Assume ok until proven otherwise */
+ int n = 0; /* Number of ok inits */
+ mp_int* cur_arg = mp;
+ va_list args;
+
+ va_start(args, mp); /* init args to next argument from caller */
+ while (cur_arg != NULL) {
+ if (mp_init(cur_arg) != MP_OKAY) {
+ /* Oops - error! Back-track and mp_clear what we already
+ succeeded in init-ing, then return error.
+ */
+ va_list clean_args;
+
+ /* end the current list */
+ va_end(args);
+
+ /* now start cleaning up */
+ cur_arg = mp;
+ va_start(clean_args, mp);
+ while (n--) {
+ mp_clear(cur_arg);
+ cur_arg = va_arg(clean_args, mp_int*);
+ }
+ va_end(clean_args);
+ res = MP_MEM;
+ break;
+ }
+ n++;
+ cur_arg = va_arg(args, mp_int*);
+ }
+ va_end(args);
+ return res; /* Assumed ok, if error flagged above. */
+}
+
+
+static void mp_clear_multi(mp_int *mp, ...)
+{
+ mp_int* next_mp = mp;
+ va_list args;
+ va_start(args, mp);
+ while (next_mp != NULL) {
+ mp_clear(next_mp);
+ next_mp = va_arg(args, mp_int*);
+ }
+ va_end(args);
+}
+
+
+/* shift left a certain amount of digits */
+static int mp_lshd (mp_int * a, int b)
+{
+ int x, res;
+
+ /* if its less than zero return */
+ if (b <= 0) {
+ return MP_OKAY;
+ }
+
+ /* grow to fit the new digits */
+ if (a->alloc < a->used + b) {
+ if ((res = mp_grow (a, a->used + b)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ {
+ register mp_digit *top, *bottom;
+
+ /* increment the used by the shift amount then copy upwards */
+ a->used += b;
+
+ /* top */
+ top = a->dp + a->used - 1;
+
+ /* base */
+ bottom = a->dp + a->used - 1 - b;
+
+ /* much like mp_rshd this is implemented using a sliding window
+ * except the window goes the otherway around. Copying from
+ * the bottom to the top. see bn_mp_rshd.c for more info.
+ */
+ for (x = a->used - 1; x >= b; x--) {
+ *top-- = *bottom--;
+ }
+
+ /* zero the lower digits */
+ top = a->dp;
+ for (x = 0; x < b; x++) {
+ *top++ = 0;
+ }
+ }
+ return MP_OKAY;
+}
+
+
+/* returns the number of bits in an int */
+static int mp_count_bits (mp_int * a)
+{
+ int r;
+ mp_digit q;
+
+ /* shortcut */
+ if (a->used == 0) {
+ return 0;
+ }
+
+ /* get number of digits and add that */
+ r = (a->used - 1) * DIGIT_BIT;
+
+ /* take the last digit and count the bits in it */
+ q = a->dp[a->used - 1];
+ while (q > ((mp_digit) 0)) {
+ ++r;
+ q >>= ((mp_digit) 1);
+ }
+ return r;
+}
+
+
+/* calc a value mod 2**b */
+static int mp_mod_2d (mp_int * a, int b, mp_int * c)
+{
+ int x, res;
+
+ /* if b is <= 0 then zero the int */
+ if (b <= 0) {
+ mp_zero (c);
+ return MP_OKAY;
+ }
+
+ /* if the modulus is larger than the value than return */
+ if (b >= (int) (a->used * DIGIT_BIT)) {
+ res = mp_copy (a, c);
+ return res;
+ }
+
+ /* copy */
+ if ((res = mp_copy (a, c)) != MP_OKAY) {
+ return res;
+ }
+
+ /* zero digits above the last digit of the modulus */
+ for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) {
+ c->dp[x] = 0;
+ }
+ /* clear the digit that is not completely outside/inside the modulus */
+ c->dp[b / DIGIT_BIT] &=
+ (mp_digit) ((((mp_digit) 1) << (((mp_digit) b) % DIGIT_BIT)) - ((mp_digit) 1));
+ mp_clamp (c);
+ return MP_OKAY;
+}
+
+
+/* slower bit-bang division... also smaller */
+static int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
+{
+ mp_int ta, tb, tq, q;
+ int res, n, n2;
+
+ /* is divisor zero ? */
+ if (mp_iszero (b) == 1) {
+ return MP_VAL;
+ }
+
+ /* if a < b then q=0, r = a */
+ if (mp_cmp_mag (a, b) == MP_LT) {
+ if (d != NULL) {
+ res = mp_copy (a, d);
+ } else {
+ res = MP_OKAY;
+ }
+ if (c != NULL) {
+ mp_zero (c);
+ }
+ return res;
+ }
+
+ /* init our temps */
+ if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
+ return res;
+ }
+
+
+ mp_set(&tq, 1);
+ n = mp_count_bits(a) - mp_count_bits(b);
+ if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
+ ((res = mp_abs(b, &tb)) != MP_OKAY) ||
+ ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
+ ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
+ goto LBL_ERR;
+ }
+
+ while (n-- >= 0) {
+ if (mp_cmp(&tb, &ta) != MP_GT) {
+ if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) ||
+ ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) {
+ goto LBL_ERR;
+ }
+ }
+ if (((res = mp_div_2d(&tb, 1, &tb, NULL)) != MP_OKAY) ||
+ ((res = mp_div_2d(&tq, 1, &tq, NULL)) != MP_OKAY)) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* now q == quotient and ta == remainder */
+ n = a->sign;
+ n2 = (a->sign == b->sign ? MP_ZPOS : MP_NEG);
+ if (c != NULL) {
+ mp_exch(c, &q);
+ c->sign = (mp_iszero(c) == MP_YES) ? MP_ZPOS : n2;
+ }
+ if (d != NULL) {
+ mp_exch(d, &ta);
+ d->sign = (mp_iszero(d) == MP_YES) ? MP_ZPOS : n;
+ }
+LBL_ERR:
+ mp_clear_multi(&ta, &tb, &tq, &q, NULL);
+ return res;
+}
+
+
+#ifdef MP_LOW_MEM
+ #define TAB_SIZE 32
+#else
+ #define TAB_SIZE 256
+#endif
+
+static int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
+{
+ mp_int M[TAB_SIZE], res, mu;
+ mp_digit buf;
+ int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
+ int (*redux)(mp_int*,mp_int*,mp_int*);
+
+ /* find window size */
+ x = mp_count_bits (X);
+ if (x <= 7) {
+ winsize = 2;
+ } else if (x <= 36) {
+ winsize = 3;
+ } else if (x <= 140) {
+ winsize = 4;
+ } else if (x <= 450) {
+ winsize = 5;
+ } else if (x <= 1303) {
+ winsize = 6;
+ } else if (x <= 3529) {
+ winsize = 7;
+ } else {
+ winsize = 8;
+ }
+
+#ifdef MP_LOW_MEM
+ if (winsize > 5) {
+ winsize = 5;
+ }
+#endif
+
+ /* init M array */
+ /* init first cell */
+ if ((err = mp_init(&M[1])) != MP_OKAY) {
+ return err;
+ }
+
+ /* now init the second half of the array */
+ for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
+ if ((err = mp_init(&M[x])) != MP_OKAY) {
+ for (y = 1<<(winsize-1); y < x; y++) {
+ mp_clear (&M[y]);
+ }
+ mp_clear(&M[1]);
+ return err;
+ }
+ }
+
+ /* create mu, used for Barrett reduction */
+ if ((err = mp_init (&mu)) != MP_OKAY) {
+ goto LBL_M;
+ }
+
+ if (redmode == 0) {
+ if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ redux = mp_reduce;
+ } else {
+ if ((err = mp_reduce_2k_setup_l (P, &mu)) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ redux = mp_reduce_2k_l;
+ }
+
+ /* create M table
+ *
+ * The M table contains powers of the base,
+ * e.g. M[x] = G**x mod P
+ *
+ * The first half of the table is not
+ * computed though accept for M[0] and M[1]
+ */
+ if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
+ goto LBL_MU;
+ }
+
+ /* compute the value at M[1<<(winsize-1)] by squaring
+ * M[1] (winsize-1) times
+ */
+ if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
+ goto LBL_MU;
+ }
+
+ for (x = 0; x < (winsize - 1); x++) {
+ /* square it */
+ if ((err = mp_sqr (&M[1 << (winsize - 1)],
+ &M[1 << (winsize - 1)])) != MP_OKAY) {
+ goto LBL_MU;
+ }
+
+ /* reduce modulo P */
+ if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ }
+
+ /* create upper table, that is M[x] = M[x-1] * M[1] (mod P)
+ * for x = (2**(winsize - 1) + 1) to (2**winsize - 1)
+ */
+ for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
+ if ((err = mp_mul (&M[x - 1], &M[1], &M[x])) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ if ((err = redux (&M[x], P, &mu)) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ }
+
+ /* setup result */
+ if ((err = mp_init (&res)) != MP_OKAY) {
+ goto LBL_MU;
+ }
+ mp_set (&res, 1);
+
+ /* set initial mode and bit cnt */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = X->used - 1;
+ bitcpy = 0;
+ bitbuf = 0;
+
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ /* if digidx == -1 we are out of digits */
+ if (digidx == -1) {
+ break;
+ }
+ /* read next digit and reset the bitcnt */
+ buf = X->dp[digidx--];
+ bitcnt = (int) DIGIT_BIT;
+ }
+
+ /* grab the next msb from the exponent */
+ y = (buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
+ buf <<= (mp_digit)1;
+
+ /* if the bit is zero and mode == 0 then we ignore it
+ * These represent the leading zero bits before the first 1 bit
+ * in the exponent. Technically this opt is not required but it
+ * does lower the # of trivial squaring/reductions used
+ */
+ if (mode == 0 && y == 0) {
+ continue;
+ }
+
+ /* if the bit is zero and mode == 1 then we square */
+ if (mode == 1 && y == 0) {
+ if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ if ((err = redux (&res, P, &mu)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ continue;
+ }
+
+ /* else we add it to the window */
+ bitbuf |= (y << (winsize - ++bitcpy));
+ mode = 2;
+
+ if (bitcpy == winsize) {
+ /* ok window is filled so square as required and multiply */
+ /* square first */
+ for (x = 0; x < winsize; x++) {
+ if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ if ((err = redux (&res, P, &mu)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ }
+
+ /* then multiply */
+ if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ if ((err = redux (&res, P, &mu)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+
+ /* empty window and reset */
+ bitcpy = 0;
+ bitbuf = 0;
+ mode = 1;
+ }
+ }
+
+ /* if bits remain then square/multiply */
+ if (mode == 2 && bitcpy > 0) {
+ /* square then multiply if the bit is set */
+ for (x = 0; x < bitcpy; x++) {
+ if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ if ((err = redux (&res, P, &mu)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+
+ bitbuf <<= 1;
+ if ((bitbuf & (1 << winsize)) != 0) {
+ /* then multiply */
+ if ((err = mp_mul (&res, &M[1], &res)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ if ((err = redux (&res, P, &mu)) != MP_OKAY) {
+ goto LBL_RES;
+ }
+ }
+ }
+ }
+
+ mp_exch (&res, Y);
+ err = MP_OKAY;
+LBL_RES:mp_clear (&res);
+LBL_MU:mp_clear (&mu);
+LBL_M:
+ mp_clear(&M[1]);
+ for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
+ mp_clear (&M[x]);
+ }
+ return err;
+}
+
+
+/* computes b = a*a */
+static int mp_sqr (mp_int * a, mp_int * b)
+{
+ int res;
+
+#ifdef BN_MP_TOOM_SQR_C
+ /* use Toom-Cook? */
+ if (a->used >= TOOM_SQR_CUTOFF) {
+ res = mp_toom_sqr(a, b);
+ /* Karatsuba? */
+ } else
+#endif
+#ifdef BN_MP_KARATSUBA_SQR_C
+if (a->used >= KARATSUBA_SQR_CUTOFF) {
+ res = mp_karatsuba_sqr (a, b);
+ } else
+#endif
+ {
+#ifdef BN_FAST_S_MP_SQR_C
+ /* can we use the fast comba multiplier? */
+ if ((a->used * 2 + 1) < MP_WARRAY &&
+ a->used <
+ (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
+ res = fast_s_mp_sqr (a, b);
+ } else
+#endif
+#ifdef BN_S_MP_SQR_C
+ res = s_mp_sqr (a, b);
+#else
+#error mp_sqr could fail
+ res = MP_VAL;
+#endif
+ }
+ b->sign = MP_ZPOS;
+ return res;
+}
+
+
+/* reduces a modulo n where n is of the form 2**p - d
+ This differs from reduce_2k since "d" can be larger
+ than a single digit.
+*/
+static int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
+{
+ mp_int q;
+ int p, res;
+
+ if ((res = mp_init(&q)) != MP_OKAY) {
+ return res;
+ }
+
+ p = mp_count_bits(n);
+top:
+ /* q = a/2**p, a = a mod 2**p */
+ if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
+ goto ERR;
+ }
+
+ /* q = q * d */
+ if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
+ goto ERR;
+ }
+
+ /* a = a + q */
+ if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
+ goto ERR;
+ }
+
+ if (mp_cmp_mag(a, n) != MP_LT) {
+ s_mp_sub(a, n, a);
+ goto top;
+ }
+
+ERR:
+ mp_clear(&q);
+ return res;
+}
+
+
+/* determines the setup value */
+static int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
+{
+ int res;
+ mp_int tmp;
+
+ if ((res = mp_init(&tmp)) != MP_OKAY) {
+ return res;
+ }
+
+ if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
+ goto ERR;
+ }
+
+ if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
+ goto ERR;
+ }
+
+ERR:
+ mp_clear(&tmp);
+ return res;
+}
+
+
+/* computes a = 2**b
+ *
+ * Simple algorithm which zeroes the int, grows it then just sets one bit
+ * as required.
+ */
+static int mp_2expt (mp_int * a, int b)
+{
+ int res;
+
+ /* zero a as per default */
+ mp_zero (a);
+
+ /* grow a to accomodate the single bit */
+ if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) {
+ return res;
+ }
+
+ /* set the used count of where the bit will go */
+ a->used = b / DIGIT_BIT + 1;
+
+ /* put the single bit in its place */
+ a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT);
+
+ return MP_OKAY;
+}
+
+
+/* pre-calculate the value required for Barrett reduction
+ * For a given modulus "b" it calulates the value required in "a"
+ */
+static int mp_reduce_setup (mp_int * a, mp_int * b)
+{
+ int res;
+
+ if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
+ return res;
+ }
+ return mp_div (a, b, a, NULL);
+}
+
+
+/* reduces x mod m, assumes 0 < x < m**2, mu is
+ * precomputed via mp_reduce_setup.
+ * From HAC pp.604 Algorithm 14.42
+ */
+static int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
+{
+ mp_int q;
+ int res, um = m->used;
+
+ /* q = x */
+ if ((res = mp_init_copy (&q, x)) != MP_OKAY) {
+ return res;
+ }
+
+ /* q1 = x / b**(k-1) */
+ mp_rshd (&q, um - 1);
+
+ /* according to HAC this optimization is ok */
+ if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
+ if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+ } else {
+#ifdef BN_S_MP_MUL_HIGH_DIGS_C
+ if ((res = s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+#elif defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C)
+ if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+#else
+ {
+#error mp_reduce would always fail
+ res = MP_VAL;
+ goto CLEANUP;
+ }
+#endif
+ }
+
+ /* q3 = q2 / b**(k+1) */
+ mp_rshd (&q, um + 1);
+
+ /* x = x mod b**(k+1), quick (no division) */
+ if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+
+ /* q = q * m mod b**(k+1), quick (no division) */
+ if ((res = s_mp_mul_digs (&q, m, &q, um + 1)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+
+ /* x = x - q */
+ if ((res = mp_sub (x, &q, x)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+
+ /* If x < 0, add b**(k+1) to it */
+ if (mp_cmp_d (x, 0) == MP_LT) {
+ mp_set (&q, 1);
+ if ((res = mp_lshd (&q, um + 1)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+ if ((res = mp_add (x, &q, x)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+ }
+
+ /* Back off if it's too big */
+ while (mp_cmp (x, m) != MP_LT) {
+ if ((res = s_mp_sub (x, m, x)) != MP_OKAY) {
+ goto CLEANUP;
+ }
+ }
+
+CLEANUP:
+ mp_clear (&q);
+
+ return res;
+}
+
+
+/* multiplies |a| * |b| and only computes upto digs digits of result
+ * HAC pp. 595, Algorithm 14.12 Modified so you can control how
+ * many digits of output are created.
+ */
+static int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
+{
+ mp_int t;
+ int res, pa, pb, ix, iy;
+ mp_digit u;
+ mp_word r;
+ mp_digit tmpx, *tmpt, *tmpy;
+
+ /* can we use the fast multiplier? */
+ if (((digs) < MP_WARRAY) &&
+ MIN (a->used, b->used) <
+ (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+ return fast_s_mp_mul_digs (a, b, c, digs);
+ }
+
+ if ((res = mp_init_size (&t, digs)) != MP_OKAY) {
+ return res;
+ }
+ t.used = digs;
+
+ /* compute the digits of the product directly */
+ pa = a->used;
+ for (ix = 0; ix < pa; ix++) {
+ /* set the carry to zero */
+ u = 0;
+
+ /* limit ourselves to making digs digits of output */
+ pb = MIN (b->used, digs - ix);
+
+ /* setup some aliases */
+ /* copy of the digit from a used within the nested loop */
+ tmpx = a->dp[ix];
+
+ /* an alias for the destination shifted ix places */
+ tmpt = t.dp + ix;
+
+ /* an alias for the digits of b */
+ tmpy = b->dp;
+
+ /* compute the columns of the output and propagate the carry */
+ for (iy = 0; iy < pb; iy++) {
+ /* compute the column as a mp_word */
+ r = ((mp_word)*tmpt) +
+ ((mp_word)tmpx) * ((mp_word)*tmpy++) +
+ ((mp_word) u);
+
+ /* the new column is the lower part of the result */
+ *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
+
+ /* get the carry word from the result */
+ u = (mp_digit) (r >> ((mp_word) DIGIT_BIT));
+ }
+ /* set carry if it is placed below digs */
+ if (ix + iy < digs) {
+ *tmpt = u;
+ }
+ }
+
+ mp_clamp (&t);
+ mp_exch (&t, c);
+
+ mp_clear (&t);
+ return MP_OKAY;
+}
+
+
+/* Fast (comba) multiplier
+ *
+ * This is the fast column-array [comba] multiplier. It is
+ * designed to compute the columns of the product first
+ * then handle the carries afterwards. This has the effect
+ * of making the nested loops that compute the columns very
+ * simple and schedulable on super-scalar processors.
+ *
+ * This has been modified to produce a variable number of
+ * digits of output so if say only a half-product is required
+ * you don't have to compute the upper half (a feature
+ * required for fast Barrett reduction).
+ *
+ * Based on Algorithm 14.12 on pp.595 of HAC.
+ *
+ */
+static int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
+{
+ int olduse, res, pa, ix, iz;
+ mp_digit W[MP_WARRAY];
+ register mp_word _W;
+
+ /* grow the destination as required */
+ if (c->alloc < digs) {
+ if ((res = mp_grow (c, digs)) != MP_OKAY) {
+ return res;
+ }
+ }
+
+ /* number of output digits to produce */
+ pa = MIN(digs, a->used + b->used);
+
+ /* clear the carry */
+ _W = 0;
+ for (ix = 0; ix < pa; ix++) {
+ int tx, ty;
+ int iy;
+ mp_digit *tmpx, *tmpy;
+
+ /* get offsets into the two bignums */
+ ty = MIN(b->used-1, ix);
+ tx = ix - ty;
+
+ /* setup temp aliases */
+ tmpx = a->dp + tx;
+ tmpy = b->dp + ty;
+
+ /* this is the number of times the loop will iterrate, essentially
+ while (tx++ < a->used && ty-- >= 0) { ... }
+ */
+ iy = MIN(a->used-tx, ty+1);
+
+ /* execute loop */
+ for (iz = 0; iz < iy; ++iz) {
+ _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--);
+
+ }
+
+ /* store term */
+ W[ix] = ((mp_digit)_W) & MP_MASK;
+
+ /* make next carry */
+ _W = _W >> ((mp_word)DIGIT_BIT);
+ }
+
+ /* setup dest */
+ olduse = c->used;
+ c->used = pa;
+
+ {
+ register mp_digit *tmpc;
+ tmpc = c->dp;
+ for (ix = 0; ix < pa+1; ix++) {
+ /* now extract the previous digit [below the carry] */
+ *tmpc++ = W[ix];
+ }
+
+ /* clear unused digits [that existed in the old copy of c] */
+ for (; ix < olduse; ix++) {
+ *tmpc++ = 0;
+ }
+ }
+ mp_clamp (c);
+ return MP_OKAY;
+}
+
+
+/* init an mp_init for a given size */
+static int mp_init_size (mp_int * a, int size)
+{
+ int x;
+
+ /* pad size so there are always extra digits */
+ size += (MP_PREC * 2) - (size % MP_PREC);
+
+ /* alloc mem */
+ a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size);
+ if (a->dp == NULL) {
+ return MP_MEM;
+ }
+
+ /* set the members */
+ a->used = 0;
+ a->alloc = size;
+ a->sign = MP_ZPOS;
+
+ /* zero the digits */
+ for (x = 0; x < size; x++) {
+ a->dp[x] = 0;
+ }
+
+ return MP_OKAY;
+}
+
+
+/* low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 */
+static int s_mp_sqr (mp_int * a, mp_int * b)
+{
+ mp_int t;
+ int res, ix, iy, pa;
+ mp_word r;
+ mp_digit u, tmpx, *tmpt;
+
+ pa = a->used;
+ if ((res = mp_init_size (&t, 2*pa + 1)) != MP_OKAY) {
+ return res;
+ }
+
+ /* default used is maximum possible size */
+ t.used = 2*pa + 1;
+
+ for (ix = 0; ix < pa; ix++) {
+ /* first calculate the digit at 2*ix */
+ /* calculate double precision result */
+ r = ((mp_word) t.dp[2*ix]) +
+ ((mp_word)a->dp[ix])*((mp_word)a->dp[ix]);
+
+ /* store lower part in result */
+ t.dp[ix+ix] = (mp_digit) (r & ((mp_word) MP_MASK));
+
+ /* get the carry */
+ u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
+
+ /* left hand side of A[ix] * A[iy] */
+ tmpx = a->dp[ix];
+
+ /* alias for where to store the results */
+ tmpt = t.dp + (2*ix + 1);
+
+ for (iy = ix + 1; iy < pa; iy++) {
+ /* first calculate the product */
+ r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
+
+ /* now calculate the double precision result, note we use
+ * addition instead of *2 since it's easier to optimize
+ */
+ r = ((mp_word) *tmpt) + r + r + ((mp_word) u);
+
+ /* store lower part */
+ *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
+
+ /* get carry */
+ u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
+ }
+ /* propagate upwards */
+ while (u != ((mp_digit) 0)) {
+ r = ((mp_word) *tmpt) + ((mp_word) u);
+ *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
+ u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
+ }
+ }
+
+ mp_clamp (&t);
+ mp_exch (&t, b);
+ mp_clear (&t);
+ return MP_OKAY;
+}
+
+
+/* multiplies |a| * |b| and does not compute the lower digs digits
+ * [meant to get the higher part of the product]
+ */
+static int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
+{
+ mp_int t;
+ int res, pa, pb, ix, iy;
+ mp_digit u;
+ mp_word r;
+ mp_digit tmpx, *tmpt, *tmpy;
+
+ /* can we use the fast multiplier? */
+#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
+ if (((a->used + b->used + 1) < MP_WARRAY)
+ && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+ return fast_s_mp_mul_high_digs (a, b, c, digs);
+ }
+#endif
+
+ if ((res = mp_init_size (&t, a->used + b->used + 1)) != MP_OKAY) {
+ return res;
+ }
+ t.used = a->used + b->used + 1;
+
+ pa = a->used;
+ pb = b->used;
+ for (ix = 0; ix < pa; ix++) {
+ /* clear the carry */
+ u = 0;
+
+ /* left hand side of A[ix] * B[iy] */
+ tmpx = a->dp[ix];
+
+ /* alias to the address of where the digits will be stored */
+ tmpt = &(t.dp[digs]);
+
+ /* alias for where to read the right hand side from */
+ tmpy = b->dp + (digs - ix);
+
+ for (iy = digs - ix; iy < pb; iy++) {
+ /* calculate the double precision result */
+ r = ((mp_word)*tmpt) +
+ ((mp_word)tmpx) * ((mp_word)*tmpy++) +
+ ((mp_word) u);
+
+ /* get the lower part */
+ *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
+
+ /* carry the carry */
+ u = (mp_digit) (r >> ((mp_word) DIGIT_BIT));
+ }
+ *tmpt = u;
+ }
+ mp_clamp (&t);
+ mp_exch (&t, c);
+ mp_clear (&t);
+ return MP_OKAY;
+}
--- /dev/null
+/*
+ * WPA Supplicant / main() function for UNIX like OSes and MinGW
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifdef __linux__
+#include <fcntl.h>
+#endif /* __linux__ */
+
+#include "common.h"
+#include "wpa_supplicant_i.h"
+
+
+extern const char *wpa_supplicant_version;
+extern const char *wpa_supplicant_license;
+#ifndef CONFIG_NO_STDOUT_DEBUG
+extern const char *wpa_supplicant_full_license1;
+extern const char *wpa_supplicant_full_license2;
+extern const char *wpa_supplicant_full_license3;
+extern const char *wpa_supplicant_full_license4;
+extern const char *wpa_supplicant_full_license5;
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+extern struct wpa_driver_ops *wpa_supplicant_drivers[];
+
+
+static void usage(void)
+{
+ int i;
+ printf("%s\n\n%s\n"
+ "usage:\n"
+ " wpa_supplicant [-BddhKLqqtuvwW] [-P<pid file>] "
+ "[-g<global ctrl>] \\\n"
+ " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
+ "[-p<driver_param>] \\\n"
+ " [-b<br_ifname>] [-f<debug file>] \\\n"
+ " [-N -i<ifname> -c<conf> [-C<ctrl>] "
+ "[-D<driver>] \\\n"
+ " [-p<driver_param>] [-b<br_ifname>] ...]\n"
+ "\n"
+ "drivers:\n",
+ wpa_supplicant_version, wpa_supplicant_license);
+
+ for (i = 0; wpa_supplicant_drivers[i]; i++) {
+ printf(" %s = %s\n",
+ wpa_supplicant_drivers[i]->name,
+ wpa_supplicant_drivers[i]->desc);
+ }
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+ printf("options:\n"
+ " -b = optional bridge interface name\n"
+ " -B = run daemon in the background\n"
+ " -c = Configuration file\n"
+ " -C = ctrl_interface parameter (only used if -c is not)\n"
+ " -i = interface name\n"
+ " -d = increase debugging verbosity (-dd even more)\n"
+ " -D = driver name\n"
+#ifdef CONFIG_DEBUG_FILE
+ " -f = log output to debug file instead of stdout\n"
+#endif /* CONFIG_DEBUG_FILE */
+ " -g = global ctrl_interface\n"
+ " -K = include keys (passwords, etc.) in debug output\n"
+ " -t = include timestamp in debug messages\n"
+ " -h = show this help text\n"
+ " -L = show license (GPL and BSD)\n");
+ printf(" -p = driver parameters\n"
+ " -P = PID file\n"
+ " -q = decrease debugging verbosity (-qq even less)\n"
+#ifdef CONFIG_CTRL_IFACE_DBUS
+ " -u = enable DBus control interface\n"
+#endif /* CONFIG_CTRL_IFACE_DBUS */
+ " -v = show version\n"
+ " -w = wait for interface to be added, if needed\n"
+ " -W = wait for a control interface monitor before starting\n"
+ " -N = start describing new interface\n");
+
+ printf("example:\n"
+ " wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf\n");
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+}
+
+
+static void license(void)
+{
+#ifndef CONFIG_NO_STDOUT_DEBUG
+ printf("%s\n\n%s%s%s%s%s\n",
+ wpa_supplicant_version,
+ wpa_supplicant_full_license1,
+ wpa_supplicant_full_license2,
+ wpa_supplicant_full_license3,
+ wpa_supplicant_full_license4,
+ wpa_supplicant_full_license5);
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+}
+
+
+static void wpa_supplicant_fd_workaround(void)
+{
+#ifdef __linux__
+ int s, i;
+ /* When started from pcmcia-cs scripts, wpa_supplicant might start with
+ * fd 0, 1, and 2 closed. This will cause some issues because many
+ * places in wpa_supplicant are still printing out to stdout. As a
+ * workaround, make sure that fd's 0, 1, and 2 are not used for other
+ * sockets. */
+ for (i = 0; i < 3; i++) {
+ s = open("/dev/null", O_RDWR);
+ if (s > 2) {
+ close(s);
+ break;
+ }
+ }
+#endif /* __linux__ */
+}
+
+
+int main(int argc, char *argv[])
+{
+ int c, i;
+ struct wpa_interface *ifaces, *iface;
+ int iface_count, exitcode = -1;
+ struct wpa_params params;
+ struct wpa_global *global;
+
+ if (os_program_init())
+ return -1;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.wpa_debug_level = MSG_INFO;
+
+ iface = ifaces = os_zalloc(sizeof(struct wpa_interface));
+ if (ifaces == NULL)
+ return -1;
+ iface_count = 1;
+
+ wpa_supplicant_fd_workaround();
+
+ for (;;) {
+ c = getopt(argc, argv, "b:Bc:C:D:df:g:hi:KLNp:P:qtuvwW");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'b':
+ iface->bridge_ifname = optarg;
+ break;
+ case 'B':
+ params.daemonize++;
+ break;
+ case 'c':
+ iface->confname = optarg;
+ break;
+ case 'C':
+ iface->ctrl_interface = optarg;
+ break;
+ case 'D':
+ iface->driver = optarg;
+ break;
+ case 'd':
+#ifdef CONFIG_NO_STDOUT_DEBUG
+ printf("Debugging disabled with "
+ "CONFIG_NO_STDOUT_DEBUG=y build time "
+ "option.\n");
+ goto out;
+#else /* CONFIG_NO_STDOUT_DEBUG */
+ params.wpa_debug_level--;
+ break;
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+#ifdef CONFIG_DEBUG_FILE
+ case 'f':
+ params.wpa_debug_file_path = optarg;
+ break;
+#endif /* CONFIG_DEBUG_FILE */
+ case 'g':
+ params.ctrl_interface = optarg;
+ break;
+ case 'h':
+ usage();
+ exitcode = 0;
+ goto out;
+ case 'i':
+ iface->ifname = optarg;
+ break;
+ case 'K':
+ params.wpa_debug_show_keys++;
+ break;
+ case 'L':
+ license();
+ exitcode = 0;
+ goto out;
+ case 'p':
+ iface->driver_param = optarg;
+ break;
+ case 'P':
+ os_free(params.pid_file);
+ params.pid_file = os_rel2abs_path(optarg);
+ break;
+ case 'q':
+ params.wpa_debug_level++;
+ break;
+ case 't':
+ params.wpa_debug_timestamp++;
+ break;
+#ifdef CONFIG_CTRL_IFACE_DBUS
+ case 'u':
+ params.dbus_ctrl_interface = 1;
+ break;
+#endif /* CONFIG_CTRL_IFACE_DBUS */
+ case 'v':
+ printf("%s\n", wpa_supplicant_version);
+ exitcode = 0;
+ goto out;
+ case 'w':
+ params.wait_for_interface++;
+ break;
+ case 'W':
+ params.wait_for_monitor++;
+ break;
+ case 'N':
+ iface_count++;
+ iface = os_realloc(ifaces, iface_count *
+ sizeof(struct wpa_interface));
+ if (iface == NULL)
+ goto out;
+ ifaces = iface;
+ iface = &ifaces[iface_count - 1];
+ os_memset(iface, 0, sizeof(*iface));
+ break;
+ default:
+ usage();
+ exitcode = 0;
+ goto out;
+ }
+ }
+
+ exitcode = 0;
+ global = wpa_supplicant_init(¶ms);
+ if (global == NULL) {
+ printf("Failed to initialize wpa_supplicant\n");
+ exitcode = -1;
+ goto out;
+ }
+
+ for (i = 0; exitcode == 0 && i < iface_count; i++) {
+ if ((ifaces[i].confname == NULL &&
+ ifaces[i].ctrl_interface == NULL) ||
+ ifaces[i].ifname == NULL) {
+ if (iface_count == 1 && (params.ctrl_interface ||
+ params.dbus_ctrl_interface))
+ break;
+ usage();
+ exitcode = -1;
+ break;
+ }
+ if (wpa_supplicant_add_iface(global, &ifaces[i]) == NULL)
+ exitcode = -1;
+ }
+
+ if (exitcode == 0)
+ exitcode = wpa_supplicant_run(global);
+
+ wpa_supplicant_deinit(global);
+
+out:
+ os_free(ifaces);
+ os_free(params.pid_file);
+
+ os_program_deinit();
+
+ return exitcode;
+}
--- /dev/null
+/*
+ * WPA Supplicant / Example program entrypoint
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa_supplicant_i.h"
+
+int main(int argc, char *argv[])
+{
+ struct wpa_interface iface;
+ int exitcode = 0;
+ struct wpa_params params;
+ struct wpa_global *global;
+
+ memset(¶ms, 0, sizeof(params));
+ params.wpa_debug_level = MSG_INFO;
+
+ global = wpa_supplicant_init(¶ms);
+ if (global == NULL)
+ return -1;
+
+ memset(&iface, 0, sizeof(iface));
+ /* TODO: set interface parameters */
+
+ if (wpa_supplicant_add_iface(global, &iface) == NULL)
+ exitcode = -1;
+
+ if (exitcode == 0)
+ exitcode = wpa_supplicant_run(global);
+
+ wpa_supplicant_deinit(global);
+
+ return exitcode;
+}
--- /dev/null
+/*
+ * WPA Supplicant / WinMain() function for Windows-based applications
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa_supplicant_i.h"
+
+#ifdef _WIN32_WCE
+#define CMDLINE LPWSTR
+#else /* _WIN32_WCE */
+#define CMDLINE LPSTR
+#endif /* _WIN32_WCE */
+
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+ CMDLINE lpCmdLine, int nShowCmd)
+{
+ int i;
+ struct wpa_interface *ifaces, *iface;
+ int iface_count, exitcode = -1;
+ struct wpa_params params;
+ struct wpa_global *global;
+
+ if (os_program_init())
+ return -1;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.wpa_debug_level = MSG_MSGDUMP;
+ params.wpa_debug_file_path = "\\Temp\\wpa_supplicant-log.txt";
+ params.wpa_debug_show_keys = 1;
+
+ iface = ifaces = os_zalloc(sizeof(struct wpa_interface));
+ if (ifaces == NULL)
+ return -1;
+ iface_count = 1;
+
+ iface->confname = "default";
+ iface->driver = "ndis";
+ iface->ifname = "";
+
+ exitcode = 0;
+ global = wpa_supplicant_init(¶ms);
+ if (global == NULL) {
+ printf("Failed to initialize wpa_supplicant\n");
+ exitcode = -1;
+ }
+
+ for (i = 0; exitcode == 0 && i < iface_count; i++) {
+ if ((ifaces[i].confname == NULL &&
+ ifaces[i].ctrl_interface == NULL) ||
+ ifaces[i].ifname == NULL) {
+ if (iface_count == 1 && (params.ctrl_interface ||
+ params.dbus_ctrl_interface))
+ break;
+ exitcode = -1;
+ break;
+ }
+ if (wpa_supplicant_add_iface(global, &ifaces[i]) == NULL)
+ exitcode = -1;
+ }
+
+ if (exitcode == 0)
+ exitcode = wpa_supplicant_run(global);
+
+ wpa_supplicant_deinit(global);
+
+ os_free(ifaces);
+
+ os_program_deinit();
+
+ return exitcode;
+}
--- /dev/null
+/*
+ * WPA Supplicant / main() function for Win32 service
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * The root of wpa_supplicant configuration in registry is
+ * HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
+ * parameters and a 'interfaces' subkey with all the interface configuration
+ * (adapter to confname mapping). Each such mapping is a subkey that has
+ * 'adapter' and 'config' values.
+ *
+ * This program can be run either as a normal command line application, e.g.,
+ * for debugging, with 'wpasvc.exe app' or as a Windows service. Service need
+ * to be registered with 'wpasvc.exe reg <full path to wpasvc.exe>'. After
+ * this, it can be started like any other Windows service (e.g., 'net start
+ * wpasvc') or it can be configured to start automatically through the Services
+ * tool in administrative tasks. The service can be unregistered with
+ * 'wpasvc.exe unreg'.
+ */
+
+#include "includes.h"
+#include <windows.h>
+
+#include "common.h"
+#include "wpa_supplicant_i.h"
+#include "eloop.h"
+
+#ifndef WPASVC_NAME
+#define WPASVC_NAME TEXT("wpasvc")
+#endif
+#ifndef WPASVC_DISPLAY_NAME
+#define WPASVC_DISPLAY_NAME TEXT("wpa_supplicant service")
+#endif
+#ifndef WPASVC_DESCRIPTION
+#define WPASVC_DESCRIPTION \
+TEXT("Provides IEEE 802.1X and WPA/WPA2 supplicant functionality")
+#endif
+
+static HANDLE kill_svc;
+
+static SERVICE_STATUS_HANDLE svc_status_handle;
+static SERVICE_STATUS svc_status;
+
+
+#ifndef WPA_KEY_ROOT
+#define WPA_KEY_ROOT HKEY_LOCAL_MACHINE
+#endif
+#ifndef WPA_KEY_PREFIX
+#define WPA_KEY_PREFIX TEXT("SOFTWARE\\wpa_supplicant")
+#endif
+
+#ifdef UNICODE
+#define TSTR "%S"
+#else /* UNICODE */
+#define TSTR "%s"
+#endif /* UNICODE */
+
+
+static int read_interface(struct wpa_global *global, HKEY _hk,
+ const TCHAR *name)
+{
+ HKEY hk;
+#define TBUFLEN 255
+ TCHAR adapter[TBUFLEN], config[TBUFLEN], ctrl_interface[TBUFLEN];
+ DWORD buflen;
+ LONG ret;
+ struct wpa_interface iface;
+
+ ret = RegOpenKeyEx(_hk, name, 0, KEY_QUERY_VALUE, &hk);
+ if (ret != ERROR_SUCCESS) {
+ printf("Could not open wpa_supplicant interface key\n");
+ return -1;
+ }
+
+ os_memset(&iface, 0, sizeof(iface));
+ iface.driver = "ndis";
+
+ buflen = sizeof(ctrl_interface);
+ ret = RegQueryValueEx(hk, TEXT("ctrl_interface"), NULL, NULL,
+ (LPBYTE) ctrl_interface, &buflen);
+ if (ret == ERROR_SUCCESS) {
+ ctrl_interface[TBUFLEN - 1] = TEXT('\0');
+ wpa_unicode2ascii_inplace(ctrl_interface);
+ printf("ctrl_interface[len=%d] '%s'\n",
+ (int) buflen, (char *) ctrl_interface);
+ iface.ctrl_interface = (char *) ctrl_interface;
+ }
+
+ buflen = sizeof(adapter);
+ ret = RegQueryValueEx(hk, TEXT("adapter"), NULL, NULL,
+ (LPBYTE) adapter, &buflen);
+ if (ret == ERROR_SUCCESS) {
+ adapter[TBUFLEN - 1] = TEXT('\0');
+ wpa_unicode2ascii_inplace(adapter);
+ printf("adapter[len=%d] '%s'\n",
+ (int) buflen, (char *) adapter);
+ iface.ifname = (char *) adapter;
+ }
+
+ buflen = sizeof(config);
+ ret = RegQueryValueEx(hk, TEXT("config"), NULL, NULL,
+ (LPBYTE) config, &buflen);
+ if (ret == ERROR_SUCCESS) {
+ config[sizeof(config) - 1] = '\0';
+ wpa_unicode2ascii_inplace(config);
+ printf("config[len=%d] '%s'\n",
+ (int) buflen, (char *) config);
+ iface.confname = (char *) config;
+ }
+
+ RegCloseKey(hk);
+
+ if (wpa_supplicant_add_iface(global, &iface) == NULL)
+ return -1;
+
+ return 0;
+}
+
+
+static int wpa_supplicant_thread(void)
+{
+ int exitcode;
+ struct wpa_params params;
+ struct wpa_global *global;
+ HKEY hk, ihk;
+ DWORD val, buflen, i;
+ LONG ret;
+
+ if (os_program_init())
+ return -1;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.wpa_debug_level = MSG_INFO;
+
+ ret = RegOpenKeyEx(WPA_KEY_ROOT, WPA_KEY_PREFIX,
+ 0, KEY_QUERY_VALUE, &hk);
+ if (ret != ERROR_SUCCESS) {
+ printf("Could not open wpa_supplicant registry key\n");
+ return -1;
+ }
+
+ buflen = sizeof(val);
+ ret = RegQueryValueEx(hk, TEXT("debug_level"), NULL, NULL,
+ (LPBYTE) &val, &buflen);
+ if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
+ params.wpa_debug_level = val;
+ }
+
+ buflen = sizeof(val);
+ ret = RegQueryValueEx(hk, TEXT("debug_show_keys"), NULL, NULL,
+ (LPBYTE) &val, &buflen);
+ if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
+ params.wpa_debug_show_keys = val;
+ }
+
+ buflen = sizeof(val);
+ ret = RegQueryValueEx(hk, TEXT("debug_use_file"), NULL, NULL,
+ (LPBYTE) &val, &buflen);
+ if (ret == ERROR_SUCCESS && buflen == sizeof(val) && val) {
+ params.wpa_debug_file_path = "\\Temp\\wpa_supplicant-log.txt";
+ }
+
+ exitcode = 0;
+ global = wpa_supplicant_init(¶ms);
+ if (global == NULL) {
+ printf("Failed to initialize wpa_supplicant\n");
+ exitcode = -1;
+ }
+
+ ret = RegOpenKeyEx(hk, TEXT("interfaces"), 0, KEY_ENUMERATE_SUB_KEYS,
+ &ihk);
+ RegCloseKey(hk);
+ if (ret != ERROR_SUCCESS) {
+ printf("Could not open wpa_supplicant interfaces registry "
+ "key\n");
+ return -1;
+ }
+
+ for (i = 0; ; i++) {
+ TCHAR name[255];
+ DWORD namelen;
+
+ namelen = 255;
+ ret = RegEnumKeyEx(ihk, i, name, &namelen, NULL, NULL, NULL,
+ NULL);
+
+ if (ret == ERROR_NO_MORE_ITEMS)
+ break;
+
+ if (ret != ERROR_SUCCESS) {
+ printf("RegEnumKeyEx failed: 0x%x\n",
+ (unsigned int) ret);
+ break;
+ }
+
+ if (namelen >= 255)
+ namelen = 255 - 1;
+ name[namelen] = '\0';
+
+ wpa_printf(MSG_DEBUG, "interface %d: %s\n", (int) i, name);
+ if (read_interface(global, ihk, name) < 0)
+ exitcode = -1;
+ }
+
+ RegCloseKey(ihk);
+
+ if (exitcode == 0)
+ exitcode = wpa_supplicant_run(global);
+
+ wpa_supplicant_deinit(global);
+
+ os_program_deinit();
+
+ return exitcode;
+}
+
+
+static DWORD svc_thread(LPDWORD param)
+{
+ int ret = wpa_supplicant_thread();
+
+ svc_status.dwCurrentState = SERVICE_STOPPED;
+ svc_status.dwWaitHint = 0;
+ if (!SetServiceStatus(svc_status_handle, &svc_status)) {
+ printf("SetServiceStatus() failed: %d\n",
+ (int) GetLastError());
+ }
+
+ return ret;
+}
+
+
+static int register_service(const TCHAR *exe)
+{
+ SC_HANDLE svc, scm;
+ SERVICE_DESCRIPTION sd;
+
+ printf("Registering service: " TSTR "\n", WPASVC_NAME);
+
+ scm = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
+ if (!scm) {
+ printf("OpenSCManager failed: %d\n", (int) GetLastError());
+ return -1;
+ }
+
+ svc = CreateService(scm, WPASVC_NAME, WPASVC_DISPLAY_NAME,
+ SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
+ SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL,
+ exe, NULL, NULL, NULL, NULL, NULL);
+
+ if (!svc) {
+ printf("CreateService failed: %d\n\n", (int) GetLastError());
+ CloseServiceHandle(scm);
+ return -1;
+ }
+
+ os_memset(&sd, 0, sizeof(sd));
+ sd.lpDescription = WPASVC_DESCRIPTION;
+ if (!ChangeServiceConfig2(svc, SERVICE_CONFIG_DESCRIPTION, &sd)) {
+ printf("ChangeServiceConfig2 failed: %d\n",
+ (int) GetLastError());
+ /* This is not a fatal error, so continue anyway. */
+ }
+
+ CloseServiceHandle(svc);
+ CloseServiceHandle(scm);
+
+ printf("Service registered successfully.\n");
+
+ return 0;
+}
+
+
+static int unregister_service(void)
+{
+ SC_HANDLE svc, scm;
+ SERVICE_STATUS status;
+
+ printf("Unregistering service: " TSTR "\n", WPASVC_NAME);
+
+ scm = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
+ if (!scm) {
+ printf("OpenSCManager failed: %d\n", (int) GetLastError());
+ return -1;
+ }
+
+ svc = OpenService(scm, WPASVC_NAME, SERVICE_ALL_ACCESS | DELETE);
+ if (!svc) {
+ printf("OpenService failed: %d\n\n", (int) GetLastError());
+ CloseServiceHandle(scm);
+ return -1;
+ }
+
+ if (QueryServiceStatus(svc, &status)) {
+ if (status.dwCurrentState != SERVICE_STOPPED) {
+ printf("Service currently active - stopping "
+ "service...\n");
+ if (!ControlService(svc, SERVICE_CONTROL_STOP,
+ &status)) {
+ printf("ControlService failed: %d\n",
+ (int) GetLastError());
+ }
+ Sleep(500);
+ }
+ }
+
+ if (DeleteService(svc)) {
+ printf("Service unregistered successfully.\n");
+ } else {
+ printf("DeleteService failed: %d\n", (int) GetLastError());
+ }
+
+ CloseServiceHandle(svc);
+ CloseServiceHandle(scm);
+
+ return 0;
+}
+
+
+static void WINAPI service_ctrl_handler(DWORD control_code)
+{
+ switch (control_code) {
+ case SERVICE_CONTROL_INTERROGATE:
+ break;
+ case SERVICE_CONTROL_SHUTDOWN:
+ case SERVICE_CONTROL_STOP:
+ svc_status.dwCurrentState = SERVICE_STOP_PENDING;
+ svc_status.dwWaitHint = 2000;
+ eloop_terminate();
+ SetEvent(kill_svc);
+ break;
+ }
+
+ if (!SetServiceStatus(svc_status_handle, &svc_status)) {
+ printf("SetServiceStatus() failed: %d\n",
+ (int) GetLastError());
+ }
+}
+
+
+static void WINAPI service_start(DWORD argc, LPTSTR *argv)
+{
+ DWORD id;
+
+ svc_status_handle = RegisterServiceCtrlHandler(WPASVC_NAME,
+ service_ctrl_handler);
+ if (svc_status_handle == (SERVICE_STATUS_HANDLE) 0) {
+ printf("RegisterServiceCtrlHandler failed: %d\n",
+ (int) GetLastError());
+ return;
+ }
+
+ os_memset(&svc_status, 0, sizeof(svc_status));
+ svc_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+ svc_status.dwCurrentState = SERVICE_START_PENDING;
+ svc_status.dwWaitHint = 1000;
+
+ if (!SetServiceStatus(svc_status_handle, &svc_status)) {
+ printf("SetServiceStatus() failed: %d\n",
+ (int) GetLastError());
+ return;
+ }
+
+ kill_svc = CreateEvent(0, TRUE, FALSE, 0);
+ if (!kill_svc) {
+ printf("CreateEvent failed: %d\n", (int) GetLastError());
+ return;
+ }
+
+ if (CreateThread(0, 0, (LPTHREAD_START_ROUTINE) svc_thread, 0, 0, &id)
+ == 0) {
+ printf("CreateThread failed: %d\n", (int) GetLastError());
+ return;
+ }
+
+ if (svc_status.dwCurrentState == SERVICE_START_PENDING) {
+ svc_status.dwCurrentState = SERVICE_RUNNING;
+ svc_status.dwWaitHint = 0;
+ svc_status.dwControlsAccepted = SERVICE_ACCEPT_STOP |
+ SERVICE_ACCEPT_SHUTDOWN;
+ }
+
+ if (!SetServiceStatus(svc_status_handle, &svc_status)) {
+ printf("SetServiceStatus() failed: %d\n",
+ (int) GetLastError());
+ return;
+ }
+
+ /* wait until service gets killed */
+ WaitForSingleObject(kill_svc, INFINITE);
+}
+
+
+int main(int argc, char *argv[])
+{
+ SERVICE_TABLE_ENTRY dt[] = {
+ { WPASVC_NAME, service_start },
+ { NULL, NULL }
+ };
+
+ if (argc > 1) {
+ if (os_strcmp(argv[1], "reg") == 0) {
+ TCHAR *path;
+ int ret;
+
+ if (argc < 3) {
+ path = os_malloc(MAX_PATH * sizeof(TCHAR));
+ if (path == NULL)
+ return -1;
+ if (!GetModuleFileName(NULL, path, MAX_PATH)) {
+ printf("GetModuleFileName failed: "
+ "%d\n", (int) GetLastError());
+ os_free(path);
+ return -1;
+ }
+ } else {
+ path = wpa_strdup_tchar(argv[2]);
+ if (path == NULL)
+ return -1;
+ }
+ ret = register_service(path);
+ os_free(path);
+ return ret;
+ } else if (os_strcmp(argv[1], "unreg") == 0) {
+ return unregister_service();
+ } else if (os_strcmp(argv[1], "app") == 0) {
+ return wpa_supplicant_thread();
+ }
+ }
+
+ if (!StartServiceCtrlDispatcher(dt)) {
+ printf("StartServiceCtrlDispatcher failed: %d\n",
+ (int) GetLastError());
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * MD4 hash implementation
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+
+
+#ifdef INTERNAL_MD4
+
+#define MD4_BLOCK_LENGTH 64
+#define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4Context {
+ u32 state[4]; /* state */
+ u64 count; /* number of bits, mod 2^64 */
+ u8 buffer[MD4_BLOCK_LENGTH]; /* input buffer */
+} MD4_CTX;
+
+
+static void MD4Init(MD4_CTX *ctx);
+static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len);
+static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx);
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ MD4_CTX ctx;
+ size_t i;
+
+ MD4Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ MD4Update(&ctx, addr[i], len[i]);
+ MD4Final(mac, &ctx);
+}
+
+
+/* ===== start - public domain MD4 implementation ===== */
+/* $OpenBSD: md4.c,v 1.7 2005/08/08 08:05:35 espie Exp $ */
+
+/*
+ * This code implements the MD4 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ * Todd C. Miller modified the MD5 code to do MD4 based on RFC 1186.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD4Context structure, pass it to MD4Init, call MD4Update as
+ * needed on buffers full of bytes, and then call MD4Final, which
+ * will fill a supplied 16-byte array with the digest.
+ */
+
+#define MD4_DIGEST_STRING_LENGTH (MD4_DIGEST_LENGTH * 2 + 1)
+
+
+static void
+MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH]);
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+static u8 PADDING[MD4_BLOCK_LENGTH] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * Start MD4 accumulation.
+ * Set bit count to 0 and buffer to mysterious initialization constants.
+ */
+static void MD4Init(MD4_CTX *ctx)
+{
+ ctx->count = 0;
+ ctx->state[0] = 0x67452301;
+ ctx->state[1] = 0xefcdab89;
+ ctx->state[2] = 0x98badcfe;
+ ctx->state[3] = 0x10325476;
+}
+
+/*
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len)
+{
+ size_t have, need;
+
+ /* Check how many bytes we already have and how many more we need. */
+ have = (size_t)((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1));
+ need = MD4_BLOCK_LENGTH - have;
+
+ /* Update bitcount */
+ ctx->count += (u64)len << 3;
+
+ if (len >= need) {
+ if (have != 0) {
+ os_memcpy(ctx->buffer + have, input, need);
+ MD4Transform(ctx->state, ctx->buffer);
+ input += need;
+ len -= need;
+ have = 0;
+ }
+
+ /* Process data in MD4_BLOCK_LENGTH-byte chunks. */
+ while (len >= MD4_BLOCK_LENGTH) {
+ MD4Transform(ctx->state, input);
+ input += MD4_BLOCK_LENGTH;
+ len -= MD4_BLOCK_LENGTH;
+ }
+ }
+
+ /* Handle any remaining bytes of data. */
+ if (len != 0)
+ os_memcpy(ctx->buffer + have, input, len);
+}
+
+/*
+ * Pad pad to 64-byte boundary with the bit pattern
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+static void MD4Pad(MD4_CTX *ctx)
+{
+ u8 count[8];
+ size_t padlen;
+
+ /* Convert count to 8 bytes in little endian order. */
+ PUT_64BIT_LE(count, ctx->count);
+
+ /* Pad out to 56 mod 64. */
+ padlen = MD4_BLOCK_LENGTH -
+ ((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1));
+ if (padlen < 1 + 8)
+ padlen += MD4_BLOCK_LENGTH;
+ MD4Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
+ MD4Update(ctx, count, 8);
+}
+
+/*
+ * Final wrapup--call MD4Pad, fill in digest and zero out ctx.
+ */
+static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx)
+{
+ int i;
+
+ MD4Pad(ctx);
+ if (digest != NULL) {
+ for (i = 0; i < 4; i++)
+ PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+ os_memset(ctx, 0, sizeof(*ctx));
+ }
+}
+
+
+/* The three core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) ((x & y) | (x & z) | (y & z))
+#define F3(x, y, z) (x ^ y ^ z)
+
+/* This is the central step in the MD4 algorithm. */
+#define MD4STEP(f, w, x, y, z, data, s) \
+ ( w += f(x, y, z) + data, w = w<<s | w>>(32-s) )
+
+/*
+ * The core of the MD4 algorithm, this alters an existing MD4 hash to
+ * reflect the addition of 16 longwords of new data. MD4Update blocks
+ * the data and converts bytes into longwords for this routine.
+ */
+static void
+MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH])
+{
+ u32 a, b, c, d, in[MD4_BLOCK_LENGTH / 4];
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ os_memcpy(in, block, sizeof(in));
+#else
+ for (a = 0; a < MD4_BLOCK_LENGTH / 4; a++) {
+ in[a] = (u32)(
+ (u32)(block[a * 4 + 0]) |
+ (u32)(block[a * 4 + 1]) << 8 |
+ (u32)(block[a * 4 + 2]) << 16 |
+ (u32)(block[a * 4 + 3]) << 24);
+ }
+#endif
+
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+
+ MD4STEP(F1, a, b, c, d, in[ 0], 3);
+ MD4STEP(F1, d, a, b, c, in[ 1], 7);
+ MD4STEP(F1, c, d, a, b, in[ 2], 11);
+ MD4STEP(F1, b, c, d, a, in[ 3], 19);
+ MD4STEP(F1, a, b, c, d, in[ 4], 3);
+ MD4STEP(F1, d, a, b, c, in[ 5], 7);
+ MD4STEP(F1, c, d, a, b, in[ 6], 11);
+ MD4STEP(F1, b, c, d, a, in[ 7], 19);
+ MD4STEP(F1, a, b, c, d, in[ 8], 3);
+ MD4STEP(F1, d, a, b, c, in[ 9], 7);
+ MD4STEP(F1, c, d, a, b, in[10], 11);
+ MD4STEP(F1, b, c, d, a, in[11], 19);
+ MD4STEP(F1, a, b, c, d, in[12], 3);
+ MD4STEP(F1, d, a, b, c, in[13], 7);
+ MD4STEP(F1, c, d, a, b, in[14], 11);
+ MD4STEP(F1, b, c, d, a, in[15], 19);
+
+ MD4STEP(F2, a, b, c, d, in[ 0] + 0x5a827999, 3);
+ MD4STEP(F2, d, a, b, c, in[ 4] + 0x5a827999, 5);
+ MD4STEP(F2, c, d, a, b, in[ 8] + 0x5a827999, 9);
+ MD4STEP(F2, b, c, d, a, in[12] + 0x5a827999, 13);
+ MD4STEP(F2, a, b, c, d, in[ 1] + 0x5a827999, 3);
+ MD4STEP(F2, d, a, b, c, in[ 5] + 0x5a827999, 5);
+ MD4STEP(F2, c, d, a, b, in[ 9] + 0x5a827999, 9);
+ MD4STEP(F2, b, c, d, a, in[13] + 0x5a827999, 13);
+ MD4STEP(F2, a, b, c, d, in[ 2] + 0x5a827999, 3);
+ MD4STEP(F2, d, a, b, c, in[ 6] + 0x5a827999, 5);
+ MD4STEP(F2, c, d, a, b, in[10] + 0x5a827999, 9);
+ MD4STEP(F2, b, c, d, a, in[14] + 0x5a827999, 13);
+ MD4STEP(F2, a, b, c, d, in[ 3] + 0x5a827999, 3);
+ MD4STEP(F2, d, a, b, c, in[ 7] + 0x5a827999, 5);
+ MD4STEP(F2, c, d, a, b, in[11] + 0x5a827999, 9);
+ MD4STEP(F2, b, c, d, a, in[15] + 0x5a827999, 13);
+
+ MD4STEP(F3, a, b, c, d, in[ 0] + 0x6ed9eba1, 3);
+ MD4STEP(F3, d, a, b, c, in[ 8] + 0x6ed9eba1, 9);
+ MD4STEP(F3, c, d, a, b, in[ 4] + 0x6ed9eba1, 11);
+ MD4STEP(F3, b, c, d, a, in[12] + 0x6ed9eba1, 15);
+ MD4STEP(F3, a, b, c, d, in[ 2] + 0x6ed9eba1, 3);
+ MD4STEP(F3, d, a, b, c, in[10] + 0x6ed9eba1, 9);
+ MD4STEP(F3, c, d, a, b, in[ 6] + 0x6ed9eba1, 11);
+ MD4STEP(F3, b, c, d, a, in[14] + 0x6ed9eba1, 15);
+ MD4STEP(F3, a, b, c, d, in[ 1] + 0x6ed9eba1, 3);
+ MD4STEP(F3, d, a, b, c, in[ 9] + 0x6ed9eba1, 9);
+ MD4STEP(F3, c, d, a, b, in[ 5] + 0x6ed9eba1, 11);
+ MD4STEP(F3, b, c, d, a, in[13] + 0x6ed9eba1, 15);
+ MD4STEP(F3, a, b, c, d, in[ 3] + 0x6ed9eba1, 3);
+ MD4STEP(F3, d, a, b, c, in[11] + 0x6ed9eba1, 9);
+ MD4STEP(F3, c, d, a, b, in[ 7] + 0x6ed9eba1, 11);
+ MD4STEP(F3, b, c, d, a, in[15] + 0x6ed9eba1, 15);
+
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+}
+/* ===== end - public domain MD4 implementation ===== */
+
+#endif /* INTERNAL_MD4 */
--- /dev/null
+/*
+ * MD5 hash implementation and interface functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "md5.h"
+#include "crypto.h"
+
+
+/**
+ * hmac_md5_vector - HMAC-MD5 over data vector (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash (16 bytes)
+ */
+void hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ u8 k_pad[64]; /* padding - key XORd with ipad/opad */
+ u8 tk[16];
+ const u8 *_addr[6];
+ size_t i, _len[6];
+
+ if (num_elem > 5) {
+ /*
+ * Fixed limit on the number of fragments to avoid having to
+ * allocate memory (which could fail).
+ */
+ return;
+ }
+
+ /* if key is longer than 64 bytes reset it to key = MD5(key) */
+ if (key_len > 64) {
+ md5_vector(1, &key, &key_len, tk);
+ key = tk;
+ key_len = 16;
+ }
+
+ /* the HMAC_MD5 transform looks like:
+ *
+ * MD5(K XOR opad, MD5(K XOR ipad, text))
+ *
+ * where K is an n byte key
+ * ipad is the byte 0x36 repeated 64 times
+ * opad is the byte 0x5c repeated 64 times
+ * and text is the data being protected */
+
+ /* start out by storing key in ipad */
+ os_memset(k_pad, 0, sizeof(k_pad));
+ os_memcpy(k_pad, key, key_len);
+
+ /* XOR key with ipad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x36;
+
+ /* perform inner MD5 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ for (i = 0; i < num_elem; i++) {
+ _addr[i + 1] = addr[i];
+ _len[i + 1] = len[i];
+ }
+ md5_vector(1 + num_elem, _addr, _len, mac);
+
+ os_memset(k_pad, 0, sizeof(k_pad));
+ os_memcpy(k_pad, key, key_len);
+ /* XOR key with opad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x5c;
+
+ /* perform outer MD5 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ _addr[1] = mac;
+ _len[1] = MD5_MAC_LEN;
+ md5_vector(2, _addr, _len, mac);
+}
+
+
+/**
+ * hmac_md5 - HMAC-MD5 over data buffer (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @data: Pointers to the data area
+ * @data_len: Length of the data area
+ * @mac: Buffer for the hash (16 bytes)
+ */
+void hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac)
+{
+ hmac_md5_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+#ifdef INTERNAL_MD5
+
+struct MD5Context {
+ u32 buf[4];
+ u32 bits[2];
+ u8 in[64];
+};
+
+#ifndef CONFIG_CRYPTO_INTERNAL
+static void MD5Init(struct MD5Context *context);
+static void MD5Update(struct MD5Context *context, unsigned char const *buf,
+ unsigned len);
+static void MD5Final(unsigned char digest[16], struct MD5Context *context);
+#endif /* CONFIG_CRYPTO_INTERNAL */
+static void MD5Transform(u32 buf[4], u32 const in[16]);
+
+
+typedef struct MD5Context MD5_CTX;
+
+
+/**
+ * md5_vector - MD5 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ MD5_CTX ctx;
+ size_t i;
+
+ MD5Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ MD5Update(&ctx, addr[i], len[i]);
+ MD5Final(mac, &ctx);
+}
+
+
+/* ===== start - public domain MD5 implementation ===== */
+/*
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ */
+
+#ifndef WORDS_BIGENDIAN
+#define byteReverse(buf, len) /* Nothing */
+#else
+/*
+ * Note: this code is harmless on little-endian machines.
+ */
+static void byteReverse(unsigned char *buf, unsigned longs)
+{
+ u32 t;
+ do {
+ t = (u32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
+ ((unsigned) buf[1] << 8 | buf[0]);
+ *(u32 *) buf = t;
+ buf += 4;
+ } while (--longs);
+}
+#endif
+
+/*
+ * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+void MD5Init(struct MD5Context *ctx)
+{
+ ctx->buf[0] = 0x67452301;
+ ctx->buf[1] = 0xefcdab89;
+ ctx->buf[2] = 0x98badcfe;
+ ctx->buf[3] = 0x10325476;
+
+ ctx->bits[0] = 0;
+ ctx->bits[1] = 0;
+}
+
+/*
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
+{
+ u32 t;
+
+ /* Update bitcount */
+
+ t = ctx->bits[0];
+ if ((ctx->bits[0] = t + ((u32) len << 3)) < t)
+ ctx->bits[1]++; /* Carry from low to high */
+ ctx->bits[1] += len >> 29;
+
+ t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
+
+ /* Handle any leading odd-sized chunks */
+
+ if (t) {
+ unsigned char *p = (unsigned char *) ctx->in + t;
+
+ t = 64 - t;
+ if (len < t) {
+ os_memcpy(p, buf, len);
+ return;
+ }
+ os_memcpy(p, buf, t);
+ byteReverse(ctx->in, 16);
+ MD5Transform(ctx->buf, (u32 *) ctx->in);
+ buf += t;
+ len -= t;
+ }
+ /* Process data in 64-byte chunks */
+
+ while (len >= 64) {
+ os_memcpy(ctx->in, buf, 64);
+ byteReverse(ctx->in, 16);
+ MD5Transform(ctx->buf, (u32 *) ctx->in);
+ buf += 64;
+ len -= 64;
+ }
+
+ /* Handle any remaining bytes of data. */
+
+ os_memcpy(ctx->in, buf, len);
+}
+
+/*
+ * Final wrapup - pad to 64-byte boundary with the bit pattern
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
+{
+ unsigned count;
+ unsigned char *p;
+
+ /* Compute number of bytes mod 64 */
+ count = (ctx->bits[0] >> 3) & 0x3F;
+
+ /* Set the first char of padding to 0x80. This is safe since there is
+ always at least one byte free */
+ p = ctx->in + count;
+ *p++ = 0x80;
+
+ /* Bytes of padding needed to make 64 bytes */
+ count = 64 - 1 - count;
+
+ /* Pad out to 56 mod 64 */
+ if (count < 8) {
+ /* Two lots of padding: Pad the first block to 64 bytes */
+ os_memset(p, 0, count);
+ byteReverse(ctx->in, 16);
+ MD5Transform(ctx->buf, (u32 *) ctx->in);
+
+ /* Now fill the next block with 56 bytes */
+ os_memset(ctx->in, 0, 56);
+ } else {
+ /* Pad block to 56 bytes */
+ os_memset(p, 0, count - 8);
+ }
+ byteReverse(ctx->in, 14);
+
+ /* Append length in bits and transform */
+ ((u32 *) ctx->in)[14] = ctx->bits[0];
+ ((u32 *) ctx->in)[15] = ctx->bits[1];
+
+ MD5Transform(ctx->buf, (u32 *) ctx->in);
+ byteReverse((unsigned char *) ctx->buf, 4);
+ os_memcpy(digest, ctx->buf, 16);
+ os_memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+}
+
+/* The four core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+ ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
+
+/*
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data. MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ */
+static void MD5Transform(u32 buf[4], u32 const in[16])
+{
+ register u32 a, b, c, d;
+
+ a = buf[0];
+ b = buf[1];
+ c = buf[2];
+ d = buf[3];
+
+ MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+ MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+ MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
+ MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+ MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+ MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+ MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
+ MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
+ MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
+ MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+ MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+ MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+ MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
+ MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+ MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+ MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+
+ MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+ MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
+ MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+ MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+ MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+ MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
+ MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+ MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+ MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+ MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+ MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+ MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+ MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+ MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+ MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+ MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+
+ MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+ MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
+ MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+ MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+ MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+ MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+ MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+ MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+ MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+ MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+ MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+ MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
+ MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+ MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+ MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+ MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
+
+ MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
+ MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
+ MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+ MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+ MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+ MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+ MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+ MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+ MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+ MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+ MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
+ MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+ MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+ MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+ MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+ MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
+
+ buf[0] += a;
+ buf[1] += b;
+ buf[2] += c;
+ buf[3] += d;
+}
+/* ===== end - public domain MD5 implementation ===== */
+
+#endif /* INTERNAL_MD5 */
--- /dev/null
+/*
+ * MD5 hash implementation and interface functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef MD5_H
+#define MD5_H
+
+#define MD5_MAC_LEN 16
+
+void hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
+void hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac);
+
+#ifdef CONFIG_CRYPTO_INTERNAL
+struct MD5Context;
+
+void MD5Init(struct MD5Context *context);
+void MD5Update(struct MD5Context *context, unsigned char const *buf,
+ unsigned len);
+void MD5Final(unsigned char digest[16], struct MD5Context *context);
+#endif /* CONFIG_CRYPTO_INTERNAL */
+
+#endif /* MD5_H */
--- /dev/null
+/*
+ * WPA Supplicant - Client mode MLME
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "config.h"
+#include "wpa_supplicant.h"
+#include "wpa_supplicant_i.h"
+#include "wpa.h"
+#include "os.h"
+#include "l2_packet.h"
+#include "driver.h"
+#include "mlme.h"
+
+
+/* Timeouts and intervals in milliseconds */
+#define IEEE80211_AUTH_TIMEOUT (200)
+#define IEEE80211_AUTH_MAX_TRIES 3
+#define IEEE80211_ASSOC_TIMEOUT (200)
+#define IEEE80211_ASSOC_MAX_TRIES 3
+#define IEEE80211_MONITORING_INTERVAL (2000)
+#define IEEE80211_PROBE_INTERVAL (60000)
+#define IEEE80211_RETRY_AUTH_INTERVAL (1000)
+#define IEEE80211_SCAN_INTERVAL (2000)
+#define IEEE80211_SCAN_INTERVAL_SLOW (15000)
+#define IEEE80211_IBSS_JOIN_TIMEOUT (20000)
+
+#define IEEE80211_PROBE_DELAY (33)
+#define IEEE80211_CHANNEL_TIME (33)
+#define IEEE80211_PASSIVE_CHANNEL_TIME (200)
+#define IEEE80211_SCAN_RESULT_EXPIRE (10000)
+#define IEEE80211_IBSS_MERGE_INTERVAL (30000)
+#define IEEE80211_IBSS_INACTIVITY_LIMIT (60000)
+
+#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
+
+
+/* Information Element IDs */
+#define WLAN_EID_SSID 0
+#define WLAN_EID_SUPP_RATES 1
+#define WLAN_EID_FH_PARAMS 2
+#define WLAN_EID_DS_PARAMS 3
+#define WLAN_EID_CF_PARAMS 4
+#define WLAN_EID_TIM 5
+#define WLAN_EID_IBSS_PARAMS 6
+#define WLAN_EID_COUNTRY 7
+#define WLAN_EID_CHALLENGE 16
+/* EIDs defined as part fo 11h - starts */
+#define WLAN_EID_PWR_CONSTRAINT 32
+#define WLAN_EID_PWR_CAPABILITY 33
+#define WLAN_EID_TPC_REQUEST 34
+#define WLAN_EID_TPC_REPORT 35
+#define WLAN_EID_SUPPORTED_CHANNELS 36
+#define WLAN_EID_CHANNEL_SWITCH 37
+#define WLAN_EID_MEASURE_REQUEST 38
+#define WLAN_EID_MEASURE_REPORT 39
+#define WLAN_EID_QUITE 40
+#define WLAN_EID_IBSS_DFS 41
+/* EIDs defined as part fo 11h - ends */
+#define WLAN_EID_ERP_INFO 42
+#define WLAN_EID_RSN 48
+#define WLAN_EID_EXT_SUPP_RATES 50
+#define WLAN_EID_VENDOR_SPECIFIC 221
+
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct ieee80211_mgmt {
+ u16 frame_control;
+ u16 duration;
+ u8 da[6];
+ u8 sa[6];
+ u8 bssid[6];
+ u16 seq_ctrl;
+ union {
+ struct {
+ u16 auth_alg;
+ u16 auth_transaction;
+ u16 status_code;
+ /* possibly followed by Challenge text */
+ u8 variable[0];
+ } STRUCT_PACKED auth;
+ struct {
+ u16 reason_code;
+ } STRUCT_PACKED deauth;
+ struct {
+ u16 capab_info;
+ u16 listen_interval;
+ /* followed by SSID and Supported rates */
+ u8 variable[0];
+ } STRUCT_PACKED assoc_req;
+ struct {
+ u16 capab_info;
+ u16 status_code;
+ u16 aid;
+ /* followed by Supported rates */
+ u8 variable[0];
+ } STRUCT_PACKED assoc_resp, reassoc_resp;
+ struct {
+ u16 capab_info;
+ u16 listen_interval;
+ u8 current_ap[6];
+ /* followed by SSID and Supported rates */
+ u8 variable[0];
+ } STRUCT_PACKED reassoc_req;
+ struct {
+ u16 reason_code;
+ } STRUCT_PACKED disassoc;
+ struct {
+ u8 timestamp[8];
+ u16 beacon_int;
+ u16 capab_info;
+ /* followed by some of SSID, Supported rates,
+ * FH Params, DS Params, CF Params, IBSS Params, TIM */
+ u8 variable[0];
+ } STRUCT_PACKED beacon;
+ struct {
+ /* only variable items: SSID, Supported rates */
+ u8 variable[0];
+ } STRUCT_PACKED probe_req;
+ struct {
+ u8 timestamp[8];
+ u16 beacon_int;
+ u16 capab_info;
+ /* followed by some of SSID, Supported rates,
+ * FH Params, DS Params, CF Params, IBSS Params */
+ u8 variable[0];
+ } STRUCT_PACKED probe_resp;
+ struct {
+ u8 category;
+ union {
+ struct {
+ u8 action_code;
+ u8 dialog_token;
+ u8 status_code;
+ u8 variable[0];
+ } STRUCT_PACKED wme_action;
+ struct{
+ u8 action_code;
+ u8 element_id;
+ u8 length;
+ u8 switch_mode;
+ u8 new_chan;
+ u8 switch_count;
+ } __attribute__((packed)) chan_switch;
+ } u;
+ } STRUCT_PACKED action;
+ } u;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+/* Authentication algorithms */
+#define WLAN_AUTH_OPEN 0
+#define WLAN_AUTH_SHARED_KEY 1
+#define WLAN_AUTH_LEAP 128
+
+#define WLAN_AUTH_CHALLENGE_LEN 128
+
+#define WLAN_CAPABILITY_ESS BIT(0)
+#define WLAN_CAPABILITY_IBSS BIT(1)
+#define WLAN_CAPABILITY_CF_POLLABLE BIT(2)
+#define WLAN_CAPABILITY_CF_POLL_REQUEST BIT(3)
+#define WLAN_CAPABILITY_PRIVACY BIT(4)
+#define WLAN_CAPABILITY_SHORT_PREAMBLE BIT(5)
+#define WLAN_CAPABILITY_PBCC BIT(6)
+#define WLAN_CAPABILITY_CHANNEL_AGILITY BIT(7)
+/* 802.11h */
+#define WLAN_CAPABILITY_SPECTRUM_MGMT BIT(8)
+#define WLAN_CAPABILITY_SHORT_SLOT_TIME BIT(10)
+#define WLAN_CAPABILITY_DSSS_OFDM BIT(13)
+
+/* Status codes */
+#define WLAN_STATUS_SUCCESS 0
+#define WLAN_STATUS_UNSPECIFIED_FAILURE 1
+#define WLAN_STATUS_CAPS_UNSUPPORTED 10
+#define WLAN_STATUS_REASSOC_NO_ASSOC 11
+#define WLAN_STATUS_ASSOC_DENIED_UNSPEC 12
+#define WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG 13
+#define WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION 14
+#define WLAN_STATUS_CHALLENGE_FAIL 15
+#define WLAN_STATUS_AUTH_TIMEOUT 16
+#define WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA 17
+#define WLAN_STATUS_ASSOC_DENIED_RATES 18
+/* 802.11b */
+#define WLAN_STATUS_ASSOC_DENIED_NOSHORT 19
+#define WLAN_STATUS_ASSOC_DENIED_NOPBCC 20
+#define WLAN_STATUS_ASSOC_DENIED_NOAGILITY 21
+/* 802.11h */
+#define WLAN_STATUS_SPEC_MGMT_REQUIRED 22
+#define WLAN_STATUS_PWR_CAPABILITY_NOT_VALID 23
+#define WLAN_STATUS_SUPPORTED_CHANNEL_NOT_VALID 24
+/* 802.11g */
+#define WLAN_STATUS_ASSOC_DENOED_NO_SHORT_SLOT_TIME 25
+#define WLAN_STATUS_ASSOC_DENOED_NO_ER_PBCC 26
+#define WLAN_STATUS_ASSOC_DENOED_NO_DSSS_OFDM 27
+
+
+/* Reason codes */
+#define WLAN_REASON_UNSPECIFIED 1
+#define WLAN_REASON_PREV_AUTH_NOT_VALID 2
+#define WLAN_REASON_DEAUTH_LEAVING 3
+#define WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY 4
+#define WLAN_REASON_DISASSOC_AP_BUSY 5
+#define WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA 6
+#define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7
+#define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8
+#define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9
+/* 802.11h */
+#define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10
+#define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11
+
+#define WLAN_REASON_MIC_FAILURE 14
+
+
+#define WLAN_FC_PVER 0x0003
+#define WLAN_FC_TODS 0x0100
+#define WLAN_FC_FROMDS 0x0200
+#define WLAN_FC_MOREFRAG 0x0400
+#define WLAN_FC_RETRY 0x0800
+#define WLAN_FC_PWRMGT 0x1000
+#define WLAN_FC_MOREDATA 0x2000
+#define WLAN_FC_ISWEP 0x4000
+#define WLAN_FC_ORDER 0x8000
+
+#define WLAN_FC_GET_TYPE(fc) (((fc) & 0x000c) >> 2)
+#define WLAN_FC_GET_STYPE(fc) (((fc) & 0x00f0) >> 4)
+
+
+#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4))
+
+#define WLAN_FC_TYPE_MGMT 0
+#define WLAN_FC_TYPE_CTRL 1
+#define WLAN_FC_TYPE_DATA 2
+
+/* management */
+#define WLAN_FC_STYPE_ASSOC_REQ 0
+#define WLAN_FC_STYPE_ASSOC_RESP 1
+#define WLAN_FC_STYPE_REASSOC_REQ 2
+#define WLAN_FC_STYPE_REASSOC_RESP 3
+#define WLAN_FC_STYPE_PROBE_REQ 4
+#define WLAN_FC_STYPE_PROBE_RESP 5
+#define WLAN_FC_STYPE_BEACON 8
+#define WLAN_FC_STYPE_ATIM 9
+#define WLAN_FC_STYPE_DISASSOC 10
+#define WLAN_FC_STYPE_AUTH 11
+#define WLAN_FC_STYPE_DEAUTH 12
+#define WLAN_FC_STYPE_ACTION 13
+
+
+#define ERP_INFO_USE_PROTECTION BIT(1)
+
+
+struct ieee80211_sta_bss {
+ struct ieee80211_sta_bss *next;
+ struct ieee80211_sta_bss *hnext;
+
+ u8 bssid[ETH_ALEN];
+ u8 ssid[MAX_SSID_LEN];
+ size_t ssid_len;
+ u16 capability; /* host byte order */
+ int hw_mode;
+ int channel;
+ int freq;
+ int rssi;
+ u8 *wpa_ie;
+ size_t wpa_ie_len;
+ u8 *rsn_ie;
+ size_t rsn_ie_len;
+ u8 *wmm_ie;
+ size_t wmm_ie_len;
+#define IEEE80211_MAX_SUPP_RATES 32
+ u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
+ size_t supp_rates_len;
+ int beacon_int;
+ u64 timestamp;
+
+ int probe_resp;
+ struct os_time last_update;
+};
+
+
+static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
+ const u8 *dst,
+ const u8 *ssid, size_t ssid_len);
+static struct ieee80211_sta_bss *
+ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid);
+static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s);
+static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s);
+static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx);
+static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx);
+
+
+/* Parsed Information Elements */
+struct ieee802_11_elems {
+ u8 *ssid;
+ u8 ssid_len;
+ u8 *supp_rates;
+ u8 supp_rates_len;
+ u8 *fh_params;
+ u8 fh_params_len;
+ u8 *ds_params;
+ u8 ds_params_len;
+ u8 *cf_params;
+ u8 cf_params_len;
+ u8 *tim;
+ u8 tim_len;
+ u8 *ibss_params;
+ u8 ibss_params_len;
+ u8 *challenge;
+ u8 challenge_len;
+ u8 *wpa;
+ u8 wpa_len;
+ u8 *rsn;
+ u8 rsn_len;
+ u8 *erp_info;
+ u8 erp_info_len;
+ u8 *ext_supp_rates;
+ u8 ext_supp_rates_len;
+ u8 *wmm_info;
+ u8 wmm_info_len;
+ u8 *wmm_param;
+ u8 wmm_param_len;
+};
+
+typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
+
+
+static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+ struct ieee802_11_elems *elems)
+{
+ size_t left = len;
+ u8 *pos = start;
+ int unknown = 0;
+
+ os_memset(elems, 0, sizeof(*elems));
+
+ while (left >= 2) {
+ u8 id, elen;
+
+ id = *pos++;
+ elen = *pos++;
+ left -= 2;
+
+ if (elen > left) {
+#if 0
+ wpa_printf(MSG_MSGDUMP, "MLME: IEEE 802.11 element "
+ "parse failed (id=%d elen=%d left=%d)",
+ id, elen, left);
+#endif
+ return ParseFailed;
+ }
+
+ switch (id) {
+ case WLAN_EID_SSID:
+ elems->ssid = pos;
+ elems->ssid_len = elen;
+ break;
+ case WLAN_EID_SUPP_RATES:
+ elems->supp_rates = pos;
+ elems->supp_rates_len = elen;
+ break;
+ case WLAN_EID_FH_PARAMS:
+ elems->fh_params = pos;
+ elems->fh_params_len = elen;
+ break;
+ case WLAN_EID_DS_PARAMS:
+ elems->ds_params = pos;
+ elems->ds_params_len = elen;
+ break;
+ case WLAN_EID_CF_PARAMS:
+ elems->cf_params = pos;
+ elems->cf_params_len = elen;
+ break;
+ case WLAN_EID_TIM:
+ elems->tim = pos;
+ elems->tim_len = elen;
+ break;
+ case WLAN_EID_IBSS_PARAMS:
+ elems->ibss_params = pos;
+ elems->ibss_params_len = elen;
+ break;
+ case WLAN_EID_CHALLENGE:
+ elems->challenge = pos;
+ elems->challenge_len = elen;
+ break;
+ case WLAN_EID_VENDOR_SPECIFIC:
+ if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
+ pos[2] == 0xf2) {
+ /* Microsoft OUI (00:50:F2) */
+ if (pos[3] == 1) {
+ /* OUI Type 1 - WPA IE */
+ elems->wpa = pos;
+ elems->wpa_len = elen;
+ } else if (elen >= 5 && pos[3] == 2) {
+ if (pos[4] == 0) {
+ elems->wmm_info = pos;
+ elems->wmm_info_len = elen;
+ } else if (pos[4] == 1) {
+ elems->wmm_param = pos;
+ elems->wmm_param_len = elen;
+ }
+ }
+ }
+ break;
+ case WLAN_EID_RSN:
+ elems->rsn = pos;
+ elems->rsn_len = elen;
+ break;
+ case WLAN_EID_ERP_INFO:
+ elems->erp_info = pos;
+ elems->erp_info_len = elen;
+ break;
+ case WLAN_EID_EXT_SUPP_RATES:
+ elems->ext_supp_rates = pos;
+ elems->ext_supp_rates_len = elen;
+ break;
+ default:
+#if 0
+ wpa_printf(MSG_MSGDUMP "MLME: IEEE 802.11 element "
+ "parse ignored unknown element (id=%d "
+ "elen=%d)", id, elen);
+#endif
+ unknown++;
+ break;
+ }
+
+ left -= elen;
+ pos += elen;
+ }
+
+ if (left)
+ return ParseFailed;
+
+ return unknown ? ParseUnknown : ParseOK;
+}
+
+
+static int ieee80211_sta_set_channel(struct wpa_supplicant *wpa_s,
+ wpa_hw_mode phymode, int chan,
+ int freq)
+{
+ size_t i;
+ struct wpa_hw_modes *mode;
+
+ for (i = 0; i < wpa_s->mlme.num_modes; i++) {
+ mode = &wpa_s->mlme.modes[i];
+ if (mode->mode == phymode) {
+ wpa_s->mlme.curr_rates = mode->rates;
+ wpa_s->mlme.num_curr_rates = mode->num_rates;
+ break;
+ }
+ }
+
+ return wpa_drv_set_channel(wpa_s, phymode, chan, freq);
+}
+
+
+
+#if 0 /* FIX */
+static int ecw2cw(int ecw)
+{
+ int cw = 1;
+ while (ecw > 0) {
+ cw <<= 1;
+ ecw--;
+ }
+ return cw - 1;
+}
+#endif
+
+
+static void ieee80211_sta_wmm_params(struct wpa_supplicant *wpa_s,
+ u8 *wmm_param, size_t wmm_param_len)
+{
+ size_t left;
+ int count;
+ u8 *pos;
+
+ if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
+ return;
+ count = wmm_param[6] & 0x0f;
+ if (count == wpa_s->mlme.wmm_last_param_set)
+ return;
+ wpa_s->mlme.wmm_last_param_set = count;
+
+ pos = wmm_param + 8;
+ left = wmm_param_len - 8;
+
+#if 0 /* FIX */
+ wmm_acm = 0;
+ for (; left >= 4; left -= 4, pos += 4) {
+ int aci = (pos[0] >> 5) & 0x03;
+ int acm = (pos[0] >> 4) & 0x01;
+ int queue;
+
+ switch (aci) {
+ case 1:
+ queue = IEEE80211_TX_QUEUE_DATA3;
+ if (acm)
+ wmm_acm |= BIT(1) | BIT(2);
+ break;
+ case 2:
+ queue = IEEE80211_TX_QUEUE_DATA1;
+ if (acm)
+ wmm_acm |= BIT(4) | BIT(5);
+ break;
+ case 3:
+ queue = IEEE80211_TX_QUEUE_DATA0;
+ if (acm)
+ wmm_acm |= BIT(6) | BIT(7);
+ break;
+ case 0:
+ default:
+ queue = IEEE80211_TX_QUEUE_DATA2;
+ if (acm)
+ wpa_s->mlme.wmm_acm |= BIT(0) | BIT(3);
+ break;
+ }
+
+ params.aifs = pos[0] & 0x0f;
+ params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
+ params.cw_min = ecw2cw(pos[1] & 0x0f);
+ /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
+ params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
+ wpa_printf(MSG_DEBUG, "MLME: WMM queue=%d aci=%d acm=%d "
+ "aifs=%d cWmin=%d cWmax=%d burst=%d",
+ queue, aci, acm, params.aifs, params.cw_min,
+ params.cw_max, params.burst_time);
+ /* TODO: handle ACM (block TX, fallback to next lowest allowed
+ * AC for now) */
+ if (local->hw->conf_tx(local->mdev, queue, ¶ms)) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to set TX queue "
+ "parameters for queue %d", queue);
+ }
+ }
+#endif
+}
+
+
+static void ieee80211_set_associated(struct wpa_supplicant *wpa_s, int assoc)
+{
+ if (wpa_s->mlme.associated == assoc)
+ return;
+
+ wpa_s->mlme.associated = assoc;
+
+ if (assoc) {
+ union wpa_event_data data;
+ os_memset(&data, 0, sizeof(data));
+ wpa_s->mlme.prev_bssid_set = 1;
+ os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN);
+ data.assoc_info.req_ies = wpa_s->mlme.assocreq_ies;
+ data.assoc_info.req_ies_len = wpa_s->mlme.assocreq_ies_len;
+ data.assoc_info.resp_ies = wpa_s->mlme.assocresp_ies;
+ data.assoc_info.resp_ies_len = wpa_s->mlme.assocresp_ies_len;
+ wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
+ } else {
+ wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
+ }
+ os_get_time(&wpa_s->mlme.last_probe);
+}
+
+
+static void ieee80211_sta_tx(struct wpa_supplicant *wpa_s, const u8 *buf,
+ size_t len)
+{
+ wpa_drv_send_mlme(wpa_s, buf, len);
+}
+
+
+static void ieee80211_send_auth(struct wpa_supplicant *wpa_s,
+ int transaction, u8 *extra, size_t extra_len,
+ int encrypt)
+{
+ u8 *buf;
+ size_t len;
+ struct ieee80211_mgmt *mgmt;
+
+ buf = os_malloc(sizeof(*mgmt) + 6 + extra_len);
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
+ "auth frame");
+ return;
+ }
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ len = 24 + 6;
+ os_memset(mgmt, 0, 24 + 6);
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_AUTH);
+ if (encrypt)
+ mgmt->frame_control |= host_to_le16(WLAN_FC_ISWEP);
+ os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
+ mgmt->u.auth.auth_alg = host_to_le16(wpa_s->mlme.auth_alg);
+ mgmt->u.auth.auth_transaction = host_to_le16(transaction);
+ wpa_s->mlme.auth_transaction = transaction + 1;
+ mgmt->u.auth.status_code = host_to_le16(0);
+ if (extra) {
+ os_memcpy(buf + len, extra, extra_len);
+ len += extra_len;
+ }
+
+ ieee80211_sta_tx(wpa_s, buf, len);
+ os_free(buf);
+}
+
+
+static void ieee80211_reschedule_timer(struct wpa_supplicant *wpa_s, int ms)
+{
+ eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
+ eloop_register_timeout(ms / 1000, 1000 * (ms % 1000),
+ ieee80211_sta_timer, wpa_s, NULL);
+}
+
+
+static void ieee80211_authenticate(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->mlme.auth_tries++;
+ if (wpa_s->mlme.auth_tries > IEEE80211_AUTH_MAX_TRIES) {
+ wpa_printf(MSG_DEBUG, "MLME: authentication with AP " MACSTR
+ " timed out", MAC2STR(wpa_s->bssid));
+ return;
+ }
+
+ wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
+ wpa_printf(MSG_DEBUG, "MLME: authenticate with AP " MACSTR,
+ MAC2STR(wpa_s->bssid));
+
+ ieee80211_send_auth(wpa_s, 1, NULL, 0, 0);
+
+ ieee80211_reschedule_timer(wpa_s, IEEE80211_AUTH_TIMEOUT);
+}
+
+
+static void ieee80211_send_assoc(struct wpa_supplicant *wpa_s)
+{
+ struct ieee80211_mgmt *mgmt;
+ u8 *pos, *ies, *buf;
+ int i, len;
+ u16 capab;
+ struct ieee80211_sta_bss *bss;
+ int wmm = 0;
+ size_t blen;
+
+ if (wpa_s->mlme.curr_rates == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: curr_rates not set for assoc");
+ return;
+ }
+
+ buf = os_malloc(sizeof(*mgmt) + 200 + wpa_s->mlme.extra_ie_len +
+ wpa_s->mlme.ssid_len);
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
+ "assoc frame");
+ return;
+ }
+ blen = 0;
+
+ capab = wpa_s->mlme.capab;
+ if (wpa_s->mlme.phymode == WPA_MODE_IEEE80211G) {
+ capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
+ WLAN_CAPABILITY_SHORT_PREAMBLE;
+ }
+ bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
+ if (bss) {
+ if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+ capab |= WLAN_CAPABILITY_PRIVACY;
+ if (bss->wmm_ie) {
+ wmm = 1;
+ }
+ }
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ blen += 24;
+ os_memset(mgmt, 0, 24);
+ os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
+
+ if (wpa_s->mlme.prev_bssid_set) {
+ blen += 10;
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_REASSOC_REQ);
+ mgmt->u.reassoc_req.capab_info = host_to_le16(capab);
+ mgmt->u.reassoc_req.listen_interval = host_to_le16(1);
+ os_memcpy(mgmt->u.reassoc_req.current_ap,
+ wpa_s->mlme.prev_bssid,
+ ETH_ALEN);
+ } else {
+ blen += 4;
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_ASSOC_REQ);
+ mgmt->u.assoc_req.capab_info = host_to_le16(capab);
+ mgmt->u.assoc_req.listen_interval = host_to_le16(1);
+ }
+
+ /* SSID */
+ ies = pos = buf + blen;
+ blen += 2 + wpa_s->mlme.ssid_len;
+ *pos++ = WLAN_EID_SSID;
+ *pos++ = wpa_s->mlme.ssid_len;
+ os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
+
+ len = wpa_s->mlme.num_curr_rates;
+ if (len > 8)
+ len = 8;
+ pos = buf + blen;
+ blen += len + 2;
+ *pos++ = WLAN_EID_SUPP_RATES;
+ *pos++ = len;
+ for (i = 0; i < len; i++) {
+ int rate = wpa_s->mlme.curr_rates[i].rate;
+ *pos++ = (u8) (rate / 5);
+ }
+
+ if (wpa_s->mlme.num_curr_rates > len) {
+ pos = buf + blen;
+ blen += wpa_s->mlme.num_curr_rates - len + 2;
+ *pos++ = WLAN_EID_EXT_SUPP_RATES;
+ *pos++ = wpa_s->mlme.num_curr_rates - len;
+ for (i = len; i < wpa_s->mlme.num_curr_rates; i++) {
+ int rate = wpa_s->mlme.curr_rates[i].rate;
+ *pos++ = (u8) (rate / 5);
+ }
+ }
+
+ if (wpa_s->mlme.extra_ie) {
+ pos = buf + blen;
+ blen += wpa_s->mlme.extra_ie_len;
+ os_memcpy(pos, wpa_s->mlme.extra_ie, wpa_s->mlme.extra_ie_len);
+ }
+
+ if (wmm && wpa_s->mlme.wmm_enabled) {
+ pos = buf + blen;
+ blen += 9;
+ *pos++ = WLAN_EID_VENDOR_SPECIFIC;
+ *pos++ = 7; /* len */
+ *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
+ *pos++ = 0x50;
+ *pos++ = 0xf2;
+ *pos++ = 2; /* WME */
+ *pos++ = 0; /* WME info */
+ *pos++ = 1; /* WME ver */
+ *pos++ = 0;
+ }
+
+ os_free(wpa_s->mlme.assocreq_ies);
+ wpa_s->mlme.assocreq_ies_len = (buf + blen) - ies;
+ wpa_s->mlme.assocreq_ies = os_malloc(wpa_s->mlme.assocreq_ies_len);
+ if (wpa_s->mlme.assocreq_ies) {
+ os_memcpy(wpa_s->mlme.assocreq_ies, ies,
+ wpa_s->mlme.assocreq_ies_len);
+ }
+
+ ieee80211_sta_tx(wpa_s, buf, blen);
+ os_free(buf);
+}
+
+
+static void ieee80211_send_deauth(struct wpa_supplicant *wpa_s, u16 reason)
+{
+ u8 *buf;
+ size_t len;
+ struct ieee80211_mgmt *mgmt;
+
+ buf = os_zalloc(sizeof(*mgmt));
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
+ "deauth frame");
+ return;
+ }
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ len = 24;
+ os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_DEAUTH);
+ len += 2;
+ mgmt->u.deauth.reason_code = host_to_le16(reason);
+
+ ieee80211_sta_tx(wpa_s, buf, len);
+ os_free(buf);
+}
+
+
+static void ieee80211_send_disassoc(struct wpa_supplicant *wpa_s, u16 reason)
+{
+ u8 *buf;
+ size_t len;
+ struct ieee80211_mgmt *mgmt;
+
+ buf = os_zalloc(sizeof(*mgmt));
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
+ "disassoc frame");
+ return;
+ }
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ len = 24;
+ os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_DISASSOC);
+ len += 2;
+ mgmt->u.disassoc.reason_code = host_to_le16(reason);
+
+ ieee80211_sta_tx(wpa_s, buf, len);
+ os_free(buf);
+}
+
+
+static int ieee80211_privacy_mismatch(struct wpa_supplicant *wpa_s)
+{
+ struct ieee80211_sta_bss *bss;
+ int res = 0;
+
+ if (wpa_s->mlme.mixed_cell ||
+ wpa_s->mlme.key_mgmt != KEY_MGMT_NONE)
+ return 0;
+
+ bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
+ if (bss == NULL)
+ return 0;
+
+ if (ieee80211_sta_wep_configured(wpa_s) !=
+ !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
+ res = 1;
+
+ return res;
+}
+
+
+static void ieee80211_associate(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->mlme.assoc_tries++;
+ if (wpa_s->mlme.assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
+ wpa_printf(MSG_DEBUG, "MLME: association with AP " MACSTR
+ " timed out", MAC2STR(wpa_s->bssid));
+ return;
+ }
+
+ wpa_s->mlme.state = IEEE80211_ASSOCIATE;
+ wpa_printf(MSG_DEBUG, "MLME: associate with AP " MACSTR,
+ MAC2STR(wpa_s->bssid));
+ if (ieee80211_privacy_mismatch(wpa_s)) {
+ wpa_printf(MSG_DEBUG, "MLME: mismatch in privacy "
+ "configuration and mixed-cell disabled - abort "
+ "association");
+ return;
+ }
+
+ ieee80211_send_assoc(wpa_s);
+
+ ieee80211_reschedule_timer(wpa_s, IEEE80211_ASSOC_TIMEOUT);
+}
+
+
+static void ieee80211_associated(struct wpa_supplicant *wpa_s)
+{
+ int disassoc;
+
+ /* TODO: start monitoring current AP signal quality and number of
+ * missed beacons. Scan other channels every now and then and search
+ * for better APs. */
+ /* TODO: remove expired BSSes */
+
+ wpa_s->mlme.state = IEEE80211_ASSOCIATED;
+
+#if 0 /* FIX */
+ sta = sta_info_get(local, wpa_s->bssid);
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG "MLME: No STA entry for own AP " MACSTR,
+ MAC2STR(wpa_s->bssid));
+ disassoc = 1;
+ } else {
+ disassoc = 0;
+ if (time_after(jiffies,
+ sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
+ if (wpa_s->mlme.probereq_poll) {
+ wpa_printf(MSG_DEBUG "MLME: No ProbeResp from "
+ "current AP " MACSTR " - assume "
+ "out of range",
+ MAC2STR(wpa_s->bssid));
+ disassoc = 1;
+ } else {
+ ieee80211_send_probe_req(
+ wpa_s->bssid,
+ wpa_s->mlme.scan_ssid,
+ wpa_s->mlme.scan_ssid_len);
+ wpa_s->mlme.probereq_poll = 1;
+ }
+ } else {
+ wpa_s->mlme.probereq_poll = 0;
+ if (time_after(jiffies, wpa_s->mlme.last_probe +
+ IEEE80211_PROBE_INTERVAL)) {
+ wpa_s->mlme.last_probe = jiffies;
+ ieee80211_send_probe_req(wpa_s->bssid,
+ wpa_s->mlme.ssid,
+ wpa_s->mlme.ssid_len);
+ }
+ }
+ sta_info_release(local, sta);
+ }
+#else
+ disassoc = 0;
+#endif
+ if (disassoc) {
+ wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
+ ieee80211_reschedule_timer(wpa_s,
+ IEEE80211_MONITORING_INTERVAL +
+ 30000);
+ } else {
+ ieee80211_reschedule_timer(wpa_s,
+ IEEE80211_MONITORING_INTERVAL);
+ }
+}
+
+
+static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
+ const u8 *dst,
+ const u8 *ssid, size_t ssid_len)
+{
+ u8 *buf;
+ size_t len;
+ struct ieee80211_mgmt *mgmt;
+ u8 *pos, *supp_rates;
+ u8 *esupp_rates = NULL;
+ int i;
+
+ buf = os_malloc(sizeof(*mgmt) + 200);
+ if (buf == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
+ "probe request");
+ return;
+ }
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ len = 24;
+ os_memset(mgmt, 0, 24);
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_PROBE_REQ);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ if (dst) {
+ os_memcpy(mgmt->da, dst, ETH_ALEN);
+ os_memcpy(mgmt->bssid, dst, ETH_ALEN);
+ } else {
+ os_memset(mgmt->da, 0xff, ETH_ALEN);
+ os_memset(mgmt->bssid, 0xff, ETH_ALEN);
+ }
+ pos = buf + len;
+ len += 2 + ssid_len;
+ *pos++ = WLAN_EID_SSID;
+ *pos++ = ssid_len;
+ os_memcpy(pos, ssid, ssid_len);
+
+ supp_rates = buf + len;
+ len += 2;
+ supp_rates[0] = WLAN_EID_SUPP_RATES;
+ supp_rates[1] = 0;
+ for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) {
+ struct wpa_rate_data *rate = &wpa_s->mlme.curr_rates[i];
+ if (!(rate->flags & WPA_RATE_SUPPORTED))
+ continue;
+ if (esupp_rates) {
+ pos = buf + len;
+ len++;
+ esupp_rates[1]++;
+ } else if (supp_rates[1] == 8) {
+ esupp_rates = pos;
+ esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
+ esupp_rates[1] = 1;
+ pos = &esupp_rates[2];
+ } else {
+ pos = buf + len;
+ len++;
+ supp_rates[1]++;
+ }
+ *pos = rate->rate / 5;
+ }
+
+ ieee80211_sta_tx(wpa_s, buf, len);
+ os_free(buf);
+}
+
+
+static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s)
+{
+#if 0 /* FIX */
+ if (sdata == NULL || sdata->default_key == NULL ||
+ sdata->default_key->alg != ALG_WEP)
+ return 0;
+ return 1;
+#else
+ return 0;
+#endif
+}
+
+
+static void ieee80211_auth_completed(struct wpa_supplicant *wpa_s)
+{
+ wpa_printf(MSG_DEBUG, "MLME: authenticated");
+ wpa_s->mlme.authenticated = 1;
+ ieee80211_associate(wpa_s);
+}
+
+
+static void ieee80211_auth_challenge(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ u8 *pos;
+ struct ieee802_11_elems elems;
+
+ wpa_printf(MSG_DEBUG, "MLME: replying to auth challenge");
+ pos = mgmt->u.auth.variable;
+ if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+ == ParseFailed) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to parse Auth(challenge)");
+ return;
+ }
+ if (elems.challenge == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: no challenge IE in shared key "
+ "auth frame");
+ return;
+ }
+ ieee80211_send_auth(wpa_s, 3, elems.challenge - 2,
+ elems.challenge_len + 2, 1);
+}
+
+
+static void ieee80211_rx_mgmt_auth(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ u16 auth_alg, auth_transaction, status_code;
+ int adhoc;
+
+ adhoc = ssid && ssid->mode == 1;
+
+ if (wpa_s->mlme.state != IEEE80211_AUTHENTICATE && !adhoc) {
+ wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
+ "from " MACSTR ", but not in authenticate state - "
+ "ignored", MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (len < 24 + 6) {
+ wpa_printf(MSG_DEBUG, "MLME: too short (%lu) authentication "
+ "frame received from " MACSTR " - ignored",
+ (unsigned long) len, MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (!adhoc && os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
+ "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
+ ") - ignored",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+ return;
+ }
+
+ if (adhoc && os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
+ "from unknown BSSID (SA=" MACSTR " BSSID=" MACSTR
+ ") - ignored",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+ return;
+ }
+
+ auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
+ auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
+ status_code = le_to_host16(mgmt->u.auth.status_code);
+
+ wpa_printf(MSG_DEBUG, "MLME: RX authentication from " MACSTR
+ " (alg=%d transaction=%d status=%d)",
+ MAC2STR(mgmt->sa), auth_alg, auth_transaction, status_code);
+
+ if (adhoc) {
+ /* IEEE 802.11 standard does not require authentication in IBSS
+ * networks and most implementations do not seem to use it.
+ * However, try to reply to authentication attempts if someone
+ * has actually implemented this.
+ * TODO: Could implement shared key authentication. */
+ if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
+ wpa_printf(MSG_DEBUG, "MLME: unexpected IBSS "
+ "authentication frame (alg=%d "
+ "transaction=%d)",
+ auth_alg, auth_transaction);
+ return;
+ }
+ ieee80211_send_auth(wpa_s, 2, NULL, 0, 0);
+ }
+
+ if (auth_alg != wpa_s->mlme.auth_alg ||
+ auth_transaction != wpa_s->mlme.auth_transaction) {
+ wpa_printf(MSG_DEBUG, "MLME: unexpected authentication frame "
+ "(alg=%d transaction=%d)",
+ auth_alg, auth_transaction);
+ return;
+ }
+
+ if (status_code != WLAN_STATUS_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "MLME: AP denied authentication "
+ "(auth_alg=%d code=%d)", wpa_s->mlme.auth_alg,
+ status_code);
+ if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
+ const int num_algs = 3;
+ u8 algs[num_algs];
+ int i, pos;
+ algs[0] = algs[1] = algs[2] = 0xff;
+ if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
+ algs[0] = WLAN_AUTH_OPEN;
+ if (wpa_s->mlme.auth_algs &
+ IEEE80211_AUTH_ALG_SHARED_KEY)
+ algs[1] = WLAN_AUTH_SHARED_KEY;
+ if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
+ algs[2] = WLAN_AUTH_LEAP;
+ if (wpa_s->mlme.auth_alg == WLAN_AUTH_OPEN)
+ pos = 0;
+ else if (wpa_s->mlme.auth_alg == WLAN_AUTH_SHARED_KEY)
+ pos = 1;
+ else
+ pos = 2;
+ for (i = 0; i < num_algs; i++) {
+ pos++;
+ if (pos >= num_algs)
+ pos = 0;
+ if (algs[pos] == wpa_s->mlme.auth_alg ||
+ algs[pos] == 0xff)
+ continue;
+ if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
+ !ieee80211_sta_wep_configured(wpa_s))
+ continue;
+ wpa_s->mlme.auth_alg = algs[pos];
+ wpa_printf(MSG_DEBUG, "MLME: set auth_alg=%d "
+ "for next try",
+ wpa_s->mlme.auth_alg);
+ break;
+ }
+ }
+ return;
+ }
+
+ switch (wpa_s->mlme.auth_alg) {
+ case WLAN_AUTH_OPEN:
+ case WLAN_AUTH_LEAP:
+ ieee80211_auth_completed(wpa_s);
+ break;
+ case WLAN_AUTH_SHARED_KEY:
+ if (wpa_s->mlme.auth_transaction == 4)
+ ieee80211_auth_completed(wpa_s);
+ else
+ ieee80211_auth_challenge(wpa_s, mgmt, len,
+ rx_status);
+ break;
+ }
+}
+
+
+static void ieee80211_rx_mgmt_deauth(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ u16 reason_code;
+
+ if (len < 24 + 2) {
+ wpa_printf(MSG_DEBUG, "MLME: too short (%lu) deauthentication "
+ "frame received from " MACSTR " - ignored",
+ (unsigned long) len, MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG, "MLME: deauthentication frame received "
+ "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
+ ") - ignored",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+ return;
+ }
+
+ reason_code = le_to_host16(mgmt->u.deauth.reason_code);
+
+ wpa_printf(MSG_DEBUG, "MLME: RX deauthentication from " MACSTR
+ " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
+
+ if (wpa_s->mlme.authenticated)
+ wpa_printf(MSG_DEBUG, "MLME: deauthenticated");
+
+ if (wpa_s->mlme.state == IEEE80211_AUTHENTICATE ||
+ wpa_s->mlme.state == IEEE80211_ASSOCIATE ||
+ wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
+ wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
+ ieee80211_reschedule_timer(wpa_s,
+ IEEE80211_RETRY_AUTH_INTERVAL);
+ }
+
+ ieee80211_set_associated(wpa_s, 0);
+ wpa_s->mlme.authenticated = 0;
+}
+
+
+static void ieee80211_rx_mgmt_disassoc(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ u16 reason_code;
+
+ if (len < 24 + 2) {
+ wpa_printf(MSG_DEBUG, "MLME: too short (%lu) disassociation "
+ "frame received from " MACSTR " - ignored",
+ (unsigned long) len, MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG, "MLME: disassociation frame received "
+ "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
+ ") - ignored",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+ return;
+ }
+
+ reason_code = le_to_host16(mgmt->u.disassoc.reason_code);
+
+ wpa_printf(MSG_DEBUG, "MLME: RX disassociation from " MACSTR
+ " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
+
+ if (wpa_s->mlme.associated)
+ wpa_printf(MSG_DEBUG, "MLME: disassociated");
+
+ if (wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
+ wpa_s->mlme.state = IEEE80211_ASSOCIATE;
+ ieee80211_reschedule_timer(wpa_s,
+ IEEE80211_RETRY_AUTH_INTERVAL);
+ }
+
+ ieee80211_set_associated(wpa_s, 0);
+}
+
+
+static void ieee80211_rx_mgmt_assoc_resp(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status,
+ int reassoc)
+{
+ u8 rates[32];
+ size_t rates_len;
+ u16 capab_info, status_code, aid;
+ struct ieee802_11_elems elems;
+ u8 *pos;
+
+ /* AssocResp and ReassocResp have identical structure, so process both
+ * of them in this function. */
+
+ if (wpa_s->mlme.state != IEEE80211_ASSOCIATE) {
+ wpa_printf(MSG_DEBUG, "MLME: association frame received from "
+ MACSTR ", but not in associate state - ignored",
+ MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (len < 24 + 6) {
+ wpa_printf(MSG_DEBUG, "MLME: too short (%lu) association "
+ "frame received from " MACSTR " - ignored",
+ (unsigned long) len, MAC2STR(mgmt->sa));
+ return;
+ }
+
+ if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG, "MLME: association frame received from "
+ "unknown AP (SA=" MACSTR " BSSID=" MACSTR ") - "
+ "ignored", MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+ return;
+ }
+
+ capab_info = le_to_host16(mgmt->u.assoc_resp.capab_info);
+ status_code = le_to_host16(mgmt->u.assoc_resp.status_code);
+ aid = le_to_host16(mgmt->u.assoc_resp.aid);
+ if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
+ wpa_printf(MSG_DEBUG, "MLME: invalid aid value %d; bits 15:14 "
+ "not set", aid);
+ aid &= ~(BIT(15) | BIT(14));
+
+ wpa_printf(MSG_DEBUG, "MLME: RX %sssocResp from " MACSTR
+ " (capab=0x%x status=%d aid=%d)",
+ reassoc ? "Rea" : "A", MAC2STR(mgmt->sa),
+ capab_info, status_code, aid);
+
+ if (status_code != WLAN_STATUS_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "MLME: AP denied association (code=%d)",
+ status_code);
+ return;
+ }
+
+ pos = mgmt->u.assoc_resp.variable;
+ if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+ == ParseFailed) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to parse AssocResp");
+ return;
+ }
+
+ if (elems.supp_rates == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: no SuppRates element in "
+ "AssocResp");
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "MLME: associated");
+ wpa_s->mlme.aid = aid;
+ wpa_s->mlme.ap_capab = capab_info;
+
+ os_free(wpa_s->mlme.assocresp_ies);
+ wpa_s->mlme.assocresp_ies_len = len - (pos - (u8 *) mgmt);
+ wpa_s->mlme.assocresp_ies = os_malloc(wpa_s->mlme.assocresp_ies_len);
+ if (wpa_s->mlme.assocresp_ies) {
+ os_memcpy(wpa_s->mlme.assocresp_ies, pos,
+ wpa_s->mlme.assocresp_ies_len);
+ }
+
+ ieee80211_set_associated(wpa_s, 1);
+
+ rates_len = elems.supp_rates_len;
+ if (rates_len > sizeof(rates))
+ rates_len = sizeof(rates);
+ os_memcpy(rates, elems.supp_rates, rates_len);
+ if (elems.ext_supp_rates) {
+ size_t _len = elems.ext_supp_rates_len;
+ if (_len > sizeof(rates) - rates_len)
+ _len = sizeof(rates) - rates_len;
+ os_memcpy(rates + rates_len, elems.ext_supp_rates, _len);
+ rates_len += _len;
+ }
+
+ if (wpa_drv_set_bssid(wpa_s, wpa_s->bssid) < 0) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to set BSSID for the "
+ "netstack");
+ }
+ if (wpa_drv_set_ssid(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) <
+ 0) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to set SSID for the "
+ "netstack");
+ }
+
+ /* Remove STA entry before adding a new one just in case to avoid
+ * problems with existing configuration (e.g., keys). */
+ wpa_drv_mlme_remove_sta(wpa_s, wpa_s->bssid);
+ if (wpa_drv_mlme_add_sta(wpa_s, wpa_s->bssid, rates, rates_len) < 0) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to add STA entry to the "
+ "netstack");
+ }
+
+#if 0 /* FIX? */
+ sta->assoc_ap = 1;
+
+ if (elems.wmm_param && wpa_s->mlme.wmm_enabled) {
+ sta->flags |= WLAN_STA_WME;
+ ieee80211_sta_wmm_params(wpa_s, elems.wmm_param,
+ elems.wmm_param_len);
+ }
+#endif
+
+ ieee80211_associated(wpa_s);
+}
+
+
+/* Caller must hold local->sta_bss_lock */
+static void __ieee80211_bss_hash_add(struct wpa_supplicant *wpa_s,
+ struct ieee80211_sta_bss *bss)
+{
+ bss->hnext = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
+ wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)] = bss;
+}
+
+
+/* Caller must hold local->sta_bss_lock */
+static void __ieee80211_bss_hash_del(struct wpa_supplicant *wpa_s,
+ struct ieee80211_sta_bss *bss)
+{
+ struct ieee80211_sta_bss *b, *prev = NULL;
+ b = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
+ while (b) {
+ if (b == bss) {
+ if (prev == NULL) {
+ wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)]
+ = bss->hnext;
+ } else {
+ prev->hnext = bss->hnext;
+ }
+ break;
+ }
+ prev = b;
+ b = b->hnext;
+ }
+}
+
+
+static struct ieee80211_sta_bss *
+ieee80211_bss_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
+{
+ struct ieee80211_sta_bss *bss;
+
+ bss = os_zalloc(sizeof(*bss));
+ if (bss == NULL)
+ return NULL;
+ os_memcpy(bss->bssid, bssid, ETH_ALEN);
+
+ /* TODO: order by RSSI? */
+ bss->next = wpa_s->mlme.sta_bss_list;
+ wpa_s->mlme.sta_bss_list = bss;
+ __ieee80211_bss_hash_add(wpa_s, bss);
+ return bss;
+}
+
+
+static struct ieee80211_sta_bss *
+ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid)
+{
+ struct ieee80211_sta_bss *bss;
+
+ bss = wpa_s->mlme.sta_bss_hash[STA_HASH(bssid)];
+ while (bss) {
+ if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
+ break;
+ bss = bss->hnext;
+ }
+ return bss;
+}
+
+
+static void ieee80211_bss_free(struct wpa_supplicant *wpa_s,
+ struct ieee80211_sta_bss *bss)
+{
+ __ieee80211_bss_hash_del(wpa_s, bss);
+ os_free(bss->wpa_ie);
+ os_free(bss->rsn_ie);
+ os_free(bss->wmm_ie);
+ os_free(bss);
+}
+
+
+static void ieee80211_bss_list_deinit(struct wpa_supplicant *wpa_s)
+{
+ struct ieee80211_sta_bss *bss, *prev;
+
+ bss = wpa_s->mlme.sta_bss_list;
+ wpa_s->mlme.sta_bss_list = NULL;
+ while (bss) {
+ prev = bss;
+ bss = bss->next;
+ ieee80211_bss_free(wpa_s, prev);
+ }
+}
+
+
+static void ieee80211_bss_info(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status,
+ int beacon)
+{
+ struct ieee802_11_elems elems;
+ size_t baselen;
+ int channel, invalid = 0, clen;
+ struct ieee80211_sta_bss *bss;
+ u64 timestamp;
+ u8 *pos;
+
+ if (!beacon && os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN))
+ return; /* ignore ProbeResp to foreign address */
+
+#if 0
+ wpa_printf(MSG_MSGDUMP, "MLME: RX %s from " MACSTR " to " MACSTR,
+ beacon ? "Beacon" : "Probe Response",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
+#endif
+
+ baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
+ if (baselen > len)
+ return;
+
+ pos = mgmt->u.beacon.timestamp;
+ timestamp = ((u64) pos[7] << 56) | ((u64) pos[6] << 48) |
+ ((u64) pos[5] << 40) | ((u64) pos[4] << 32) |
+ ((u64) pos[3] << 24) | ((u64) pos[2] << 16) |
+ ((u64) pos[1] << 8) | ((u64) pos[0]);
+
+#if 0 /* FIX */
+ if (local->conf.mode == IW_MODE_ADHOC && beacon &&
+ os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0) {
+#ifdef IEEE80211_IBSS_DEBUG
+ static unsigned long last_tsf_debug = 0;
+ u64 tsf;
+ if (local->hw->get_tsf)
+ tsf = local->hw->get_tsf(local->mdev);
+ else
+ tsf = -1LLU;
+ if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
+ wpa_printf(MSG_DEBUG, "RX beacon SA=" MACSTR " BSSID="
+ MACSTR " TSF=0x%llx BCN=0x%llx diff=%lld "
+ "@%ld",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid),
+ tsf, timestamp, tsf - timestamp, jiffies);
+ last_tsf_debug = jiffies;
+ }
+#endif /* IEEE80211_IBSS_DEBUG */
+ }
+#endif
+
+ if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+ &elems) == ParseFailed)
+ invalid = 1;
+
+#if 0 /* FIX */
+ if (local->conf.mode == IW_MODE_ADHOC && elems.supp_rates &&
+ os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0 &&
+ (sta = sta_info_get(local, mgmt->sa))) {
+ struct ieee80211_rate *rates;
+ size_t num_rates;
+ u32 supp_rates, prev_rates;
+ int i, j, oper_mode;
+
+ rates = local->curr_rates;
+ num_rates = local->num_curr_rates;
+ oper_mode = wpa_s->mlme.sta_scanning ?
+ local->scan_oper_phymode : local->conf.phymode;
+ for (i = 0; i < local->hw->num_modes; i++) {
+ struct ieee80211_hw_modes *mode = &local->hw->modes[i];
+ if (oper_mode == mode->mode) {
+ rates = mode->rates;
+ num_rates = mode->num_rates;
+ break;
+ }
+ }
+
+ supp_rates = 0;
+ for (i = 0; i < elems.supp_rates_len +
+ elems.ext_supp_rates_len; i++) {
+ u8 rate = 0;
+ int own_rate;
+ if (i < elems.supp_rates_len)
+ rate = elems.supp_rates[i];
+ else if (elems.ext_supp_rates)
+ rate = elems.ext_supp_rates
+ [i - elems.supp_rates_len];
+ own_rate = 5 * (rate & 0x7f);
+ if (oper_mode == MODE_ATHEROS_TURBO)
+ own_rate *= 2;
+ for (j = 0; j < num_rates; j++)
+ if (rates[j].rate == own_rate)
+ supp_rates |= BIT(j);
+ }
+
+ prev_rates = sta->supp_rates;
+ sta->supp_rates &= supp_rates;
+ if (sta->supp_rates == 0) {
+ /* No matching rates - this should not really happen.
+ * Make sure that at least one rate is marked
+ * supported to avoid issues with TX rate ctrl. */
+ sta->supp_rates = wpa_s->mlme.supp_rates_bits;
+ }
+ if (sta->supp_rates != prev_rates) {
+ wpa_printf(MSG_DEBUG, "MLME: updated supp_rates set "
+ "for " MACSTR " based on beacon info "
+ "(0x%x & 0x%x -> 0x%x)",
+ MAC2STR(sta->addr), prev_rates,
+ supp_rates, sta->supp_rates);
+ }
+ sta_info_release(local, sta);
+ }
+#endif
+
+ if (elems.ssid == NULL)
+ return;
+
+ if (elems.ds_params && elems.ds_params_len == 1)
+ channel = elems.ds_params[0];
+ else
+ channel = rx_status->channel;
+
+ bss = ieee80211_bss_get(wpa_s, mgmt->bssid);
+ if (bss == NULL) {
+ bss = ieee80211_bss_add(wpa_s, mgmt->bssid);
+ if (bss == NULL)
+ return;
+ } else {
+#if 0
+ /* TODO: order by RSSI? */
+ spin_lock_bh(&local->sta_bss_lock);
+ list_move_tail(&bss->list, &local->sta_bss_list);
+ spin_unlock_bh(&local->sta_bss_lock);
+#endif
+ }
+
+ if (bss->probe_resp && beacon) {
+ /* Do not allow beacon to override data from Probe Response. */
+ return;
+ }
+
+ bss->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int);
+ bss->capability = le_to_host16(mgmt->u.beacon.capab_info);
+ if (elems.ssid && elems.ssid_len <= MAX_SSID_LEN) {
+ os_memcpy(bss->ssid, elems.ssid, elems.ssid_len);
+ bss->ssid_len = elems.ssid_len;
+ }
+
+ bss->supp_rates_len = 0;
+ if (elems.supp_rates) {
+ clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
+ if (clen > elems.supp_rates_len)
+ clen = elems.supp_rates_len;
+ os_memcpy(&bss->supp_rates[bss->supp_rates_len],
+ elems.supp_rates, clen);
+ bss->supp_rates_len += clen;
+ }
+ if (elems.ext_supp_rates) {
+ clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
+ if (clen > elems.ext_supp_rates_len)
+ clen = elems.ext_supp_rates_len;
+ os_memcpy(&bss->supp_rates[bss->supp_rates_len],
+ elems.ext_supp_rates, clen);
+ bss->supp_rates_len += clen;
+ }
+
+ if (elems.wpa &&
+ (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_len ||
+ os_memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
+ os_free(bss->wpa_ie);
+ bss->wpa_ie = os_malloc(elems.wpa_len + 2);
+ if (bss->wpa_ie) {
+ os_memcpy(bss->wpa_ie, elems.wpa - 2,
+ elems.wpa_len + 2);
+ bss->wpa_ie_len = elems.wpa_len + 2;
+ } else
+ bss->wpa_ie_len = 0;
+ } else if (!elems.wpa && bss->wpa_ie) {
+ os_free(bss->wpa_ie);
+ bss->wpa_ie = NULL;
+ bss->wpa_ie_len = 0;
+ }
+
+ if (elems.rsn &&
+ (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_len ||
+ os_memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
+ os_free(bss->rsn_ie);
+ bss->rsn_ie = os_malloc(elems.rsn_len + 2);
+ if (bss->rsn_ie) {
+ os_memcpy(bss->rsn_ie, elems.rsn - 2,
+ elems.rsn_len + 2);
+ bss->rsn_ie_len = elems.rsn_len + 2;
+ } else
+ bss->rsn_ie_len = 0;
+ } else if (!elems.rsn && bss->rsn_ie) {
+ os_free(bss->rsn_ie);
+ bss->rsn_ie = NULL;
+ bss->rsn_ie_len = 0;
+ }
+
+ if (elems.wmm_param &&
+ (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_param_len ||
+ os_memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
+ os_free(bss->wmm_ie);
+ bss->wmm_ie = os_malloc(elems.wmm_param_len + 2);
+ if (bss->wmm_ie) {
+ os_memcpy(bss->wmm_ie, elems.wmm_param - 2,
+ elems.wmm_param_len + 2);
+ bss->wmm_ie_len = elems.wmm_param_len + 2;
+ } else
+ bss->wmm_ie_len = 0;
+ } else if (!elems.wmm_param && bss->wmm_ie) {
+ os_free(bss->wmm_ie);
+ bss->wmm_ie = NULL;
+ bss->wmm_ie_len = 0;
+ }
+
+
+ bss->hw_mode = wpa_s->mlme.phymode;
+ bss->channel = channel;
+ bss->freq = wpa_s->mlme.freq;
+ if (channel != wpa_s->mlme.channel &&
+ (wpa_s->mlme.phymode == WPA_MODE_IEEE80211G ||
+ wpa_s->mlme.phymode == WPA_MODE_IEEE80211B) &&
+ channel >= 1 && channel <= 14) {
+ static const int freq_list[] = {
+ 2412, 2417, 2422, 2427, 2432, 2437, 2442,
+ 2447, 2452, 2457, 2462, 2467, 2472, 2484
+ };
+ /* IEEE 802.11g/b mode can receive packets from neighboring
+ * channels, so map the channel into frequency. */
+ bss->freq = freq_list[channel - 1];
+ }
+ bss->timestamp = timestamp;
+ os_get_time(&bss->last_update);
+ bss->rssi = rx_status->ssi;
+ if (!beacon)
+ bss->probe_resp++;
+}
+
+
+static void ieee80211_rx_mgmt_probe_resp(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 0);
+}
+
+
+static void ieee80211_rx_mgmt_beacon(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ int use_protection;
+ size_t baselen;
+ struct ieee802_11_elems elems;
+
+ ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 1);
+
+ if (!wpa_s->mlme.associated ||
+ os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0)
+ return;
+
+ /* Process beacon from the current BSS */
+ baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
+ if (baselen > len)
+ return;
+
+ if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+ &elems) == ParseFailed)
+ return;
+
+ use_protection = 0;
+ if (elems.erp_info && elems.erp_info_len >= 1) {
+ use_protection =
+ (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
+ }
+
+ if (use_protection != !!wpa_s->mlme.use_protection) {
+ wpa_printf(MSG_DEBUG, "MLME: CTS protection %s (BSSID=" MACSTR
+ ")",
+ use_protection ? "enabled" : "disabled",
+ MAC2STR(wpa_s->bssid));
+ wpa_s->mlme.use_protection = use_protection ? 1 : 0;
+ wpa_s->mlme.cts_protect_erp_frames = use_protection;
+ }
+
+ if (elems.wmm_param && wpa_s->mlme.wmm_enabled) {
+ ieee80211_sta_wmm_params(wpa_s, elems.wmm_param,
+ elems.wmm_param_len);
+ }
+}
+
+
+static void ieee80211_rx_mgmt_probe_req(struct wpa_supplicant *wpa_s,
+ struct ieee80211_mgmt *mgmt,
+ size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ int tx_last_beacon, adhoc;
+#if 0 /* FIX */
+ struct ieee80211_mgmt *resp;
+#endif
+ u8 *pos, *end;
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+
+ adhoc = ssid && ssid->mode == 1;
+
+ if (!adhoc || wpa_s->mlme.state != IEEE80211_IBSS_JOINED ||
+ len < 24 + 2 || wpa_s->mlme.probe_resp == NULL)
+ return;
+
+#if 0 /* FIX */
+ if (local->hw->tx_last_beacon)
+ tx_last_beacon = local->hw->tx_last_beacon(local->mdev);
+ else
+#endif
+ tx_last_beacon = 1;
+
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, "MLME: RX ProbeReq SA=" MACSTR " DA=" MACSTR
+ " BSSID=" MACSTR " (tx_last_beacon=%d)",
+ MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
+ MAC2STR(mgmt->bssid), tx_last_beacon);
+#endif /* IEEE80211_IBSS_DEBUG */
+
+ if (!tx_last_beacon)
+ return;
+
+ if (os_memcmp(mgmt->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
+ os_memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
+ return;
+
+ end = ((u8 *) mgmt) + len;
+ pos = mgmt->u.probe_req.variable;
+ if (pos[0] != WLAN_EID_SSID ||
+ pos + 2 + pos[1] > end) {
+ wpa_printf(MSG_DEBUG, "MLME: Invalid SSID IE in ProbeReq from "
+ MACSTR, MAC2STR(mgmt->sa));
+ return;
+ }
+ if (pos[1] != 0 &&
+ (pos[1] != wpa_s->mlme.ssid_len ||
+ os_memcmp(pos + 2, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) != 0))
+ {
+ /* Ignore ProbeReq for foreign SSID */
+ return;
+ }
+
+#if 0 /* FIX */
+ /* Reply with ProbeResp */
+ skb = skb_copy(wpa_s->mlme.probe_resp, GFP_ATOMIC);
+ if (skb == NULL)
+ return;
+
+ resp = (struct ieee80211_mgmt *) skb->data;
+ os_memcpy(resp->da, mgmt->sa, ETH_ALEN);
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, "MLME: Sending ProbeResp to " MACSTR,
+ MAC2STR(resp->da));
+#endif /* IEEE80211_IBSS_DEBUG */
+ ieee80211_sta_tx(wpa_s, skb, 0, 1);
+#endif
+}
+
+
+static void ieee80211_sta_rx_mgmt(struct wpa_supplicant *wpa_s,
+ const u8 *buf, size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ struct ieee80211_mgmt *mgmt;
+ u16 fc;
+
+ if (len < 24)
+ return;
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ fc = le_to_host16(mgmt->frame_control);
+
+ switch (WLAN_FC_GET_STYPE(fc)) {
+ case WLAN_FC_STYPE_PROBE_REQ:
+ ieee80211_rx_mgmt_probe_req(wpa_s, mgmt, len, rx_status);
+ break;
+ case WLAN_FC_STYPE_PROBE_RESP:
+ ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt, len, rx_status);
+ break;
+ case WLAN_FC_STYPE_BEACON:
+ ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
+ break;
+ case WLAN_FC_STYPE_AUTH:
+ ieee80211_rx_mgmt_auth(wpa_s, mgmt, len, rx_status);
+ break;
+ case WLAN_FC_STYPE_ASSOC_RESP:
+ ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 0);
+ break;
+ case WLAN_FC_STYPE_REASSOC_RESP:
+ ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 1);
+ break;
+ case WLAN_FC_STYPE_DEAUTH:
+ ieee80211_rx_mgmt_deauth(wpa_s, mgmt, len, rx_status);
+ break;
+ case WLAN_FC_STYPE_DISASSOC:
+ ieee80211_rx_mgmt_disassoc(wpa_s, mgmt, len, rx_status);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "MLME: received unknown management "
+ "frame - stype=%d", WLAN_FC_GET_STYPE(fc));
+ break;
+ }
+}
+
+
+static void ieee80211_sta_rx_scan(struct wpa_supplicant *wpa_s,
+ const u8 *buf, size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ struct ieee80211_mgmt *mgmt;
+ u16 fc;
+
+ if (len < 24)
+ return;
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ fc = le_to_host16(mgmt->frame_control);
+
+ if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT) {
+ if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
+ ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt,
+ len, rx_status);
+ } else if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) {
+ ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
+ }
+ }
+}
+
+
+static int ieee80211_sta_active_ibss(struct wpa_supplicant *wpa_s)
+{
+ int active = 0;
+
+#if 0 /* FIX */
+ list_for_each(ptr, &local->sta_list) {
+ sta = list_entry(ptr, struct sta_info, list);
+ if (sta->dev == dev &&
+ time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
+ jiffies)) {
+ active++;
+ break;
+ }
+ }
+#endif
+
+ return active;
+}
+
+
+static void ieee80211_sta_expire(struct wpa_supplicant *wpa_s)
+{
+#if 0 /* FIX */
+ list_for_each_safe(ptr, n, &local->sta_list) {
+ sta = list_entry(ptr, struct sta_info, list);
+ if (time_after(jiffies, sta->last_rx +
+ IEEE80211_IBSS_INACTIVITY_LIMIT)) {
+ wpa_printf(MSG_DEBUG, "MLME: expiring inactive STA "
+ MACSTR, MAC2STR(sta->addr));
+ sta_info_free(local, sta, 1);
+ }
+ }
+#endif
+}
+
+
+static void ieee80211_sta_merge_ibss(struct wpa_supplicant *wpa_s)
+{
+ ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
+
+ ieee80211_sta_expire(wpa_s);
+ if (ieee80211_sta_active_ibss(wpa_s))
+ return;
+
+ wpa_printf(MSG_DEBUG, "MLME: No active IBSS STAs - trying to scan for "
+ "other IBSS networks with same SSID (merge)");
+ ieee80211_sta_req_scan(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
+}
+
+
+static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+
+ switch (wpa_s->mlme.state) {
+ case IEEE80211_DISABLED:
+ break;
+ case IEEE80211_AUTHENTICATE:
+ ieee80211_authenticate(wpa_s);
+ break;
+ case IEEE80211_ASSOCIATE:
+ ieee80211_associate(wpa_s);
+ break;
+ case IEEE80211_ASSOCIATED:
+ ieee80211_associated(wpa_s);
+ break;
+ case IEEE80211_IBSS_SEARCH:
+ ieee80211_sta_find_ibss(wpa_s);
+ break;
+ case IEEE80211_IBSS_JOINED:
+ ieee80211_sta_merge_ibss(wpa_s);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "ieee80211_sta_timer: Unknown state %d",
+ wpa_s->mlme.state);
+ break;
+ }
+
+ if (ieee80211_privacy_mismatch(wpa_s)) {
+ wpa_printf(MSG_DEBUG, "MLME: privacy configuration mismatch "
+ "and mixed-cell disabled - disassociate");
+
+ ieee80211_send_disassoc(wpa_s, WLAN_REASON_UNSPECIFIED);
+ ieee80211_set_associated(wpa_s, 0);
+ }
+}
+
+
+static void ieee80211_sta_new_auth(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ if (ssid && ssid->mode != 0)
+ return;
+
+#if 0 /* FIX */
+ if (local->hw->reset_tsf) {
+ /* Reset own TSF to allow time synchronization work. */
+ local->hw->reset_tsf(local->mdev);
+ }
+#endif
+
+ wpa_s->mlme.wmm_last_param_set = -1; /* allow any WMM update */
+
+
+ if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
+ wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
+ else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
+ wpa_s->mlme.auth_alg = WLAN_AUTH_SHARED_KEY;
+ else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
+ wpa_s->mlme.auth_alg = WLAN_AUTH_LEAP;
+ else
+ wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
+ wpa_printf(MSG_DEBUG, "MLME: Initial auth_alg=%d",
+ wpa_s->mlme.auth_alg);
+ wpa_s->mlme.auth_transaction = -1;
+ wpa_s->mlme.auth_tries = wpa_s->mlme.assoc_tries = 0;
+ ieee80211_authenticate(wpa_s);
+}
+
+
+static int ieee80211_ibss_allowed(struct wpa_supplicant *wpa_s)
+{
+#if 0 /* FIX */
+ int m, c;
+
+ for (m = 0; m < local->hw->num_modes; m++) {
+ struct ieee80211_hw_modes *mode = &local->hw->modes[m];
+ if (mode->mode != local->conf.phymode)
+ continue;
+ for (c = 0; c < mode->num_channels; c++) {
+ struct ieee80211_channel *chan = &mode->channels[c];
+ if (chan->flag & IEEE80211_CHAN_W_SCAN &&
+ chan->chan == local->conf.channel) {
+ if (chan->flag & IEEE80211_CHAN_W_IBSS)
+ return 1;
+ break;
+ }
+ }
+ }
+#endif
+
+ return 0;
+}
+
+
+static int ieee80211_sta_join_ibss(struct wpa_supplicant *wpa_s,
+ struct ieee80211_sta_bss *bss)
+{
+ int res = 0, rates, done = 0;
+ struct ieee80211_mgmt *mgmt;
+#if 0 /* FIX */
+ struct ieee80211_tx_control control;
+ struct ieee80211_rate *rate;
+ struct rate_control_extra extra;
+#endif
+ u8 *pos, *buf;
+ size_t len;
+
+ /* Remove possible STA entries from other IBSS networks. */
+#if 0 /* FIX */
+ sta_info_flush(local, NULL);
+
+ if (local->hw->reset_tsf) {
+ /* Reset own TSF to allow time synchronization work. */
+ local->hw->reset_tsf(local->mdev);
+ }
+#endif
+ os_memcpy(wpa_s->bssid, bss->bssid, ETH_ALEN);
+
+#if 0 /* FIX */
+ local->conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
+
+ sdata->drop_unencrypted = bss->capability &
+ host_to_le16(WLAN_CAPABILITY_PRIVACY) ? 1 : 0;
+#endif
+
+#if 0 /* FIX */
+ os_memset(&rq, 0, sizeof(rq));
+ rq.m = bss->freq * 100000;
+ rq.e = 1;
+ res = ieee80211_ioctl_siwfreq(wpa_s, NULL, &rq, NULL);
+#endif
+
+ if (!ieee80211_ibss_allowed(wpa_s)) {
+#if 0 /* FIX */
+ wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed on channel %d "
+ "(%d MHz)", local->conf.channel,
+ local->conf.freq);
+#endif
+ return -1;
+ }
+
+ /* Set beacon template based on scan results */
+ buf = os_malloc(400);
+ len = 0;
+ do {
+ if (buf == NULL)
+ break;
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ len += 24 + sizeof(mgmt->u.beacon);
+ os_memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
+ mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_BEACON);
+ os_memset(mgmt->da, 0xff, ETH_ALEN);
+ os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
+#if 0 /* FIX */
+ mgmt->u.beacon.beacon_int =
+ host_to_le16(local->conf.beacon_int);
+#endif
+ mgmt->u.beacon.capab_info = host_to_le16(bss->capability);
+
+ pos = buf + len;
+ len += 2 + wpa_s->mlme.ssid_len;
+ *pos++ = WLAN_EID_SSID;
+ *pos++ = wpa_s->mlme.ssid_len;
+ os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
+
+ rates = bss->supp_rates_len;
+ if (rates > 8)
+ rates = 8;
+ pos = buf + len;
+ len += 2 + rates;
+ *pos++ = WLAN_EID_SUPP_RATES;
+ *pos++ = rates;
+ os_memcpy(pos, bss->supp_rates, rates);
+
+ pos = buf + len;
+ len += 2 + 1;
+ *pos++ = WLAN_EID_DS_PARAMS;
+ *pos++ = 1;
+ *pos++ = bss->channel;
+
+ pos = buf + len;
+ len += 2 + 2;
+ *pos++ = WLAN_EID_IBSS_PARAMS;
+ *pos++ = 2;
+ /* FIX: set ATIM window based on scan results */
+ *pos++ = 0;
+ *pos++ = 0;
+
+ if (bss->supp_rates_len > 8) {
+ rates = bss->supp_rates_len - 8;
+ pos = buf + len;
+ len += 2 + rates;
+ *pos++ = WLAN_EID_EXT_SUPP_RATES;
+ *pos++ = rates;
+ os_memcpy(pos, &bss->supp_rates[8], rates);
+ }
+
+#if 0 /* FIX */
+ os_memset(&control, 0, sizeof(control));
+ control.pkt_type = PKT_PROBE_RESP;
+ os_memset(&extra, 0, sizeof(extra));
+ extra.endidx = local->num_curr_rates;
+ rate = rate_control_get_rate(wpa_s, skb, &extra);
+ if (rate == NULL) {
+ wpa_printf(MSG_DEBUG, "MLME: Failed to determine TX "
+ "rate for IBSS beacon");
+ break;
+ }
+ control.tx_rate = (wpa_s->mlme.short_preamble &&
+ (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
+ rate->val2 : rate->val;
+ control.antenna_sel = local->conf.antenna_sel;
+ control.power_level = local->conf.power_level;
+ control.no_ack = 1;
+ control.retry_limit = 1;
+ control.rts_cts_duration = 0;
+#endif
+
+#if 0 /* FIX */
+ wpa_s->mlme.probe_resp = skb_copy(skb, GFP_ATOMIC);
+ if (wpa_s->mlme.probe_resp) {
+ mgmt = (struct ieee80211_mgmt *)
+ wpa_s->mlme.probe_resp->data;
+ mgmt->frame_control =
+ IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_PROBE_RESP);
+ } else {
+ wpa_printf(MSG_DEBUG, "MLME: Could not allocate "
+ "ProbeResp template for IBSS");
+ }
+
+ if (local->hw->beacon_update &&
+ local->hw->beacon_update(wpa_s, skb, &control) == 0) {
+ wpa_printf(MSG_DEBUG, "MLME: Configured IBSS beacon "
+ "template based on scan results");
+ skb = NULL;
+ }
+
+ rates = 0;
+ for (i = 0; i < bss->supp_rates_len; i++) {
+ int rate = (bss->supp_rates[i] & 0x7f) * 5;
+ if (local->conf.phymode == MODE_ATHEROS_TURBO)
+ rate *= 2;
+ for (j = 0; j < local->num_curr_rates; j++)
+ if (local->curr_rates[j].rate == rate)
+ rates |= BIT(j);
+ }
+ wpa_s->mlme.supp_rates_bits = rates;
+#endif
+ done = 1;
+ } while (0);
+
+ os_free(buf);
+ if (!done) {
+ wpa_printf(MSG_DEBUG, "MLME: Failed to configure IBSS beacon "
+ "template");
+ }
+
+ wpa_s->mlme.state = IEEE80211_IBSS_JOINED;
+ ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
+
+ return res;
+}
+
+
+#if 0 /* FIX */
+static int ieee80211_sta_create_ibss(struct wpa_supplicant *wpa_s)
+{
+ struct ieee80211_sta_bss *bss;
+ u8 bssid[ETH_ALEN], *pos;
+ int i;
+
+#if 0
+ /* Easier testing, use fixed BSSID. */
+ os_memset(bssid, 0xfe, ETH_ALEN);
+#else
+ /* Generate random, not broadcast, locally administered BSSID. Mix in
+ * own MAC address to make sure that devices that do not have proper
+ * random number generator get different BSSID. */
+ os_get_random(bssid, ETH_ALEN);
+ for (i = 0; i < ETH_ALEN; i++)
+ bssid[i] ^= wpa_s->own_addr[i];
+ bssid[0] &= ~0x01;
+ bssid[0] |= 0x02;
+#endif
+
+ wpa_printf(MSG_DEBUG, "MLME: Creating new IBSS network, BSSID "
+ MACSTR "", MAC2STR(bssid));
+
+ bss = ieee80211_bss_add(wpa_s, bssid);
+ if (bss == NULL)
+ return -ENOMEM;
+
+#if 0 /* FIX */
+ if (local->conf.beacon_int == 0)
+ local->conf.beacon_int = 100;
+ bss->beacon_int = local->conf.beacon_int;
+ bss->hw_mode = local->conf.phymode;
+ bss->channel = local->conf.channel;
+ bss->freq = local->conf.freq;
+#endif
+ os_get_time(&bss->last_update);
+ bss->capability = host_to_le16(WLAN_CAPABILITY_IBSS);
+#if 0 /* FIX */
+ if (sdata->default_key) {
+ bss->capability |= host_to_le16(WLAN_CAPABILITY_PRIVACY);
+ } else
+ sdata->drop_unencrypted = 0;
+ bss->supp_rates_len = local->num_curr_rates;
+#endif
+ pos = bss->supp_rates;
+#if 0 /* FIX */
+ for (i = 0; i < local->num_curr_rates; i++) {
+ int rate = local->curr_rates[i].rate;
+ if (local->conf.phymode == MODE_ATHEROS_TURBO)
+ rate /= 2;
+ *pos++ = (u8) (rate / 5);
+ }
+#endif
+
+ return ieee80211_sta_join_ibss(wpa_s, bss);
+}
+#endif
+
+
+static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s)
+{
+ struct ieee80211_sta_bss *bss;
+ int found = 0;
+ u8 bssid[ETH_ALEN];
+ int active_ibss;
+ struct os_time now;
+
+ if (wpa_s->mlme.ssid_len == 0)
+ return -EINVAL;
+
+ active_ibss = ieee80211_sta_active_ibss(wpa_s);
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, "MLME: sta_find_ibss (active_ibss=%d)",
+ active_ibss);
+#endif /* IEEE80211_IBSS_DEBUG */
+ for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
+ if (wpa_s->mlme.ssid_len != bss->ssid_len ||
+ os_memcmp(wpa_s->mlme.ssid, bss->ssid, bss->ssid_len) != 0
+ || !(bss->capability & WLAN_CAPABILITY_IBSS))
+ continue;
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, " bssid=" MACSTR " found",
+ MAC2STR(bss->bssid));
+#endif /* IEEE80211_IBSS_DEBUG */
+ os_memcpy(bssid, bss->bssid, ETH_ALEN);
+ found = 1;
+ if (active_ibss ||
+ os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)
+ break;
+ }
+
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, " sta_find_ibss: selected " MACSTR " current "
+ MACSTR, MAC2STR(bssid), MAC2STR(wpa_s->bssid));
+#endif /* IEEE80211_IBSS_DEBUG */
+ if (found && os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) != 0 &&
+ (bss = ieee80211_bss_get(wpa_s, bssid))) {
+ wpa_printf(MSG_DEBUG, "MLME: Selected IBSS BSSID " MACSTR
+ " based on configured SSID",
+ MAC2STR(bssid));
+ return ieee80211_sta_join_ibss(wpa_s, bss);
+ }
+#ifdef IEEE80211_IBSS_DEBUG
+ wpa_printf(MSG_DEBUG, " did not try to join ibss");
+#endif /* IEEE80211_IBSS_DEBUG */
+
+ /* Selected IBSS not found in current scan results - try to scan */
+ os_get_time(&now);
+#if 0 /* FIX */
+ if (wpa_s->mlme.state == IEEE80211_IBSS_JOINED &&
+ !ieee80211_sta_active_ibss(wpa_s)) {
+ ieee80211_reschedule_timer(wpa_s,
+ IEEE80211_IBSS_MERGE_INTERVAL);
+ } else if (time_after(jiffies, wpa_s->mlme.last_scan_completed +
+ IEEE80211_SCAN_INTERVAL)) {
+ wpa_printf(MSG_DEBUG, "MLME: Trigger new scan to find an IBSS "
+ "to join");
+ return ieee80211_sta_req_scan(wpa_s->mlme.ssid,
+ wpa_s->mlme.ssid_len);
+ } else if (wpa_s->mlme.state != IEEE80211_IBSS_JOINED) {
+ int interval = IEEE80211_SCAN_INTERVAL;
+
+ if (time_after(jiffies, wpa_s->mlme.ibss_join_req +
+ IEEE80211_IBSS_JOIN_TIMEOUT)) {
+ if (wpa_s->mlme.create_ibss &&
+ ieee80211_ibss_allowed(wpa_s))
+ return ieee80211_sta_create_ibss(wpa_s);
+ if (wpa_s->mlme.create_ibss) {
+ wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed "
+ "on the configured channel %d "
+ "(%d MHz)",
+ local->conf.channel,
+ local->conf.freq);
+ }
+
+ /* No IBSS found - decrease scan interval and continue
+ * scanning. */
+ interval = IEEE80211_SCAN_INTERVAL_SLOW;
+ }
+
+ wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
+ ieee80211_reschedule_timer(wpa_s, interval);
+ return 0;
+ }
+#endif
+
+ return 0;
+}
+
+
+int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid,
+ size_t *len)
+{
+ os_memcpy(ssid, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
+ *len = wpa_s->mlme.ssid_len;
+ return 0;
+}
+
+
+int ieee80211_sta_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_driver_associate_params *params)
+{
+ struct ieee80211_sta_bss *bss;
+
+ wpa_s->mlme.bssid_set = 0;
+ wpa_s->mlme.freq = params->freq;
+ if (params->bssid) {
+ os_memcpy(wpa_s->bssid, params->bssid, ETH_ALEN);
+ if (os_memcmp(params->bssid, "\x00\x00\x00\x00\x00\x00",
+ ETH_ALEN))
+ wpa_s->mlme.bssid_set = 1;
+ bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
+ if (bss) {
+ wpa_s->mlme.phymode = bss->hw_mode;
+ wpa_s->mlme.channel = bss->channel;
+ wpa_s->mlme.freq = bss->freq;
+ }
+ }
+
+#if 0 /* FIX */
+ /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
+ * not defined. */
+ if (local->hw->conf_tx) {
+ struct ieee80211_tx_queue_params qparam;
+ int i;
+
+ os_memset(&qparam, 0, sizeof(qparam));
+ /* TODO: are these ok defaults for all hw_modes? */
+ qparam.aifs = 2;
+ qparam.cw_min =
+ local->conf.phymode == MODE_IEEE80211B ? 31 : 15;
+ qparam.cw_max = 1023;
+ qparam.burst_time = 0;
+ for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
+ {
+ local->hw->conf_tx(wpa_s, i + IEEE80211_TX_QUEUE_DATA0,
+ &qparam);
+ }
+ /* IBSS uses different parameters for Beacon sending */
+ qparam.cw_min++;
+ qparam.cw_min *= 2;
+ qparam.cw_min--;
+ local->hw->conf_tx(wpa_s, IEEE80211_TX_QUEUE_BEACON, &qparam);
+ }
+#endif
+
+ if (wpa_s->mlme.ssid_len != params->ssid_len ||
+ os_memcmp(wpa_s->mlme.ssid, params->ssid, params->ssid_len) != 0)
+ wpa_s->mlme.prev_bssid_set = 0;
+ os_memcpy(wpa_s->mlme.ssid, params->ssid, params->ssid_len);
+ os_memset(wpa_s->mlme.ssid + params->ssid_len, 0,
+ MAX_SSID_LEN - params->ssid_len);
+ wpa_s->mlme.ssid_len = params->ssid_len;
+ wpa_s->mlme.ssid_set = 1;
+
+ os_free(wpa_s->mlme.extra_ie);
+ if (params->wpa_ie == NULL || params->wpa_ie_len == 0) {
+ wpa_s->mlme.extra_ie = NULL;
+ wpa_s->mlme.extra_ie_len = 0;
+ return 0;
+ }
+ wpa_s->mlme.extra_ie = os_malloc(params->wpa_ie_len);
+ if (wpa_s->mlme.extra_ie == NULL) {
+ wpa_s->mlme.extra_ie_len = 0;
+ return -1;
+ }
+ os_memcpy(wpa_s->mlme.extra_ie, params->wpa_ie, params->wpa_ie_len);
+ wpa_s->mlme.extra_ie_len = params->wpa_ie_len;
+
+ wpa_s->mlme.key_mgmt = params->key_mgmt_suite;
+
+ ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
+ wpa_s->mlme.channel, wpa_s->mlme.freq);
+
+ if (params->mode == 1 && !wpa_s->mlme.bssid_set) {
+ os_get_time(&wpa_s->mlme.ibss_join_req);
+ wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
+ return ieee80211_sta_find_ibss(wpa_s);
+ }
+
+ if (wpa_s->mlme.bssid_set)
+ ieee80211_sta_new_auth(wpa_s);
+
+ return 0;
+}
+
+
+static void ieee80211_sta_save_oper_chan(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->mlme.scan_oper_channel = wpa_s->mlme.channel;
+ wpa_s->mlme.scan_oper_freq = wpa_s->mlme.freq;
+ wpa_s->mlme.scan_oper_phymode = wpa_s->mlme.phymode;
+}
+
+
+static int ieee80211_sta_restore_oper_chan(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->mlme.channel = wpa_s->mlme.scan_oper_channel;
+ wpa_s->mlme.freq = wpa_s->mlme.scan_oper_freq;
+ wpa_s->mlme.phymode = wpa_s->mlme.scan_oper_phymode;
+ if (wpa_s->mlme.freq == 0)
+ return 0;
+ return ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
+ wpa_s->mlme.channel,
+ wpa_s->mlme.freq);
+}
+
+
+static int ieee80211_active_scan(struct wpa_supplicant *wpa_s)
+{
+ size_t m;
+ int c;
+
+ for (m = 0; m < wpa_s->mlme.num_modes; m++) {
+ struct wpa_hw_modes *mode = &wpa_s->mlme.modes[m];
+ if ((int) mode->mode != (int) wpa_s->mlme.phymode)
+ continue;
+ for (c = 0; c < mode->num_channels; c++) {
+ struct wpa_channel_data *chan = &mode->channels[c];
+ if (chan->flag & WPA_CHAN_W_SCAN &&
+ chan->chan == wpa_s->mlme.channel) {
+ if (chan->flag & WPA_CHAN_W_ACTIVE_SCAN)
+ return 1;
+ break;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct wpa_hw_modes *mode;
+ struct wpa_channel_data *chan;
+ int skip = 0;
+ int timeout = 0;
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ int adhoc;
+
+ if (!wpa_s->mlme.sta_scanning || wpa_s->mlme.modes == NULL)
+ return;
+
+ adhoc = ssid && ssid->mode == 1;
+
+ switch (wpa_s->mlme.scan_state) {
+ case SCAN_SET_CHANNEL:
+ mode = &wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx];
+ if (wpa_s->mlme.scan_hw_mode_idx >=
+ (int) wpa_s->mlme.num_modes ||
+ (wpa_s->mlme.scan_hw_mode_idx + 1 ==
+ (int) wpa_s->mlme.num_modes
+ && wpa_s->mlme.scan_channel_idx >= mode->num_channels)) {
+ if (ieee80211_sta_restore_oper_chan(wpa_s)) {
+ wpa_printf(MSG_DEBUG, "MLME: failed to "
+ "restore operational channel after "
+ "scan");
+ }
+ wpa_printf(MSG_DEBUG, "MLME: scan completed");
+ wpa_s->mlme.sta_scanning = 0;
+ os_get_time(&wpa_s->mlme.last_scan_completed);
+ wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
+ if (adhoc) {
+ if (!wpa_s->mlme.bssid_set ||
+ (wpa_s->mlme.state ==
+ IEEE80211_IBSS_JOINED &&
+ !ieee80211_sta_active_ibss(wpa_s)))
+ ieee80211_sta_find_ibss(wpa_s);
+ }
+ return;
+ }
+ skip = !(wpa_s->mlme.hw_modes & (1 << mode->mode));
+ chan = &mode->channels[wpa_s->mlme.scan_channel_idx];
+ if (!(chan->flag & WPA_CHAN_W_SCAN) ||
+ (adhoc && !(chan->flag & WPA_CHAN_W_IBSS)) ||
+ (wpa_s->mlme.hw_modes & (1 << WPA_MODE_IEEE80211G) &&
+ mode->mode == WPA_MODE_IEEE80211B &&
+ wpa_s->mlme.scan_skip_11b))
+ skip = 1;
+
+ if (!skip) {
+ wpa_printf(MSG_MSGDUMP,
+ "MLME: scan channel %d (%d MHz)",
+ chan->chan, chan->freq);
+
+ wpa_s->mlme.channel = chan->chan;
+ wpa_s->mlme.freq = chan->freq;
+ wpa_s->mlme.phymode = mode->mode;
+ if (ieee80211_sta_set_channel(wpa_s, mode->mode,
+ chan->chan, chan->freq))
+ {
+ wpa_printf(MSG_DEBUG, "MLME: failed to set "
+ "channel %d (%d MHz) for scan",
+ chan->chan, chan->freq);
+ skip = 1;
+ }
+ }
+
+ wpa_s->mlme.scan_channel_idx++;
+ if (wpa_s->mlme.scan_channel_idx >=
+ wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx].
+ num_channels) {
+ wpa_s->mlme.scan_hw_mode_idx++;
+ wpa_s->mlme.scan_channel_idx = 0;
+ }
+
+ if (skip) {
+ timeout = 0;
+ break;
+ }
+
+ timeout = IEEE80211_PROBE_DELAY;
+ wpa_s->mlme.scan_state = SCAN_SEND_PROBE;
+ break;
+ case SCAN_SEND_PROBE:
+ if (ieee80211_active_scan(wpa_s)) {
+ ieee80211_send_probe_req(wpa_s, NULL,
+ wpa_s->mlme.scan_ssid,
+ wpa_s->mlme.scan_ssid_len);
+ timeout = IEEE80211_CHANNEL_TIME;
+ } else {
+ timeout = IEEE80211_PASSIVE_CHANNEL_TIME;
+ }
+ wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
+ break;
+ }
+
+ eloop_register_timeout(timeout / 1000, 1000 * (timeout % 1000),
+ ieee80211_sta_scan_timer, wpa_s, NULL);
+}
+
+
+int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s, const u8 *ssid,
+ size_t ssid_len)
+{
+ if (ssid_len > MAX_SSID_LEN)
+ return -1;
+
+ /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
+ * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
+ * BSSID: MACAddress
+ * SSID
+ * ScanType: ACTIVE, PASSIVE
+ * ProbeDelay: delay (in microseconds) to be used prior to transmitting
+ * a Probe frame during active scanning
+ * ChannelList
+ * MinChannelTime (>= ProbeDelay), in TU
+ * MaxChannelTime: (>= MinChannelTime), in TU
+ */
+
+ /* MLME-SCAN.confirm
+ * BSSDescriptionSet
+ * ResultCode: SUCCESS, INVALID_PARAMETERS
+ */
+
+ /* TODO: if assoc, move to power save mode for the duration of the
+ * scan */
+
+ if (wpa_s->mlme.sta_scanning)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "MLME: starting scan");
+
+ ieee80211_sta_save_oper_chan(wpa_s);
+
+ wpa_s->mlme.sta_scanning = 1;
+ /* TODO: stop TX queue? */
+
+ if (ssid) {
+ wpa_s->mlme.scan_ssid_len = ssid_len;
+ os_memcpy(wpa_s->mlme.scan_ssid, ssid, ssid_len);
+ } else
+ wpa_s->mlme.scan_ssid_len = 0;
+ wpa_s->mlme.scan_skip_11b = 1; /* FIX: clear this is 11g is not
+ * supported */
+ wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
+ wpa_s->mlme.scan_hw_mode_idx = 0;
+ wpa_s->mlme.scan_channel_idx = 0;
+ eloop_register_timeout(0, 1, ieee80211_sta_scan_timer, wpa_s, NULL);
+
+ return 0;
+}
+
+
+int ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ size_t ap_num = 0;
+ struct wpa_scan_result *r;
+ struct ieee80211_sta_bss *bss;
+
+ os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
+ for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
+ r = &results[ap_num];
+ os_memcpy(r->bssid, bss->bssid, ETH_ALEN);
+ os_memcpy(r->ssid, bss->ssid, bss->ssid_len);
+ r->ssid_len = bss->ssid_len;
+ if (bss->wpa_ie && bss->wpa_ie_len < SSID_MAX_WPA_IE_LEN) {
+ os_memcpy(r->wpa_ie, bss->wpa_ie, bss->wpa_ie_len);
+ r->wpa_ie_len = bss->wpa_ie_len;
+ }
+ if (bss->rsn_ie && bss->rsn_ie_len < SSID_MAX_WPA_IE_LEN) {
+ os_memcpy(r->rsn_ie, bss->rsn_ie, bss->rsn_ie_len);
+ r->rsn_ie_len = bss->rsn_ie_len;
+ }
+ r->freq = bss->freq;
+ r->caps = bss->capability;
+ r->level = bss->rssi;
+
+ ap_num++;
+ if (ap_num >= max_size)
+ break;
+ }
+
+ return ap_num;
+}
+
+
+#if 0 /* FIX */
+struct sta_info * ieee80211_ibss_add_sta(struct wpa_supplicant *wpa_s,
+ struct sk_buff *skb, u8 *bssid,
+ u8 *addr)
+{
+ struct ieee80211_local *local = dev->priv;
+ struct list_head *ptr;
+ struct sta_info *sta;
+ struct wpa_supplicant *sta_dev = NULL;
+
+ /* TODO: Could consider removing the least recently used entry and
+ * allow new one to be added. */
+ if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
+ if (net_ratelimit()) {
+ wpa_printf(MSG_DEBUG, "MLME: No room for a new IBSS "
+ "STA entry " MACSTR, MAC2STR(addr));
+ }
+ return NULL;
+ }
+
+ spin_lock_bh(&local->sub_if_lock);
+ list_for_each(ptr, &local->sub_if_list) {
+ sdata = list_entry(ptr, struct ieee80211_sub_if_data, list);
+ if (sdata->type == IEEE80211_SUB_IF_TYPE_STA &&
+ os_memcmp(bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
+ sta_dev = sdata->dev;
+ break;
+ }
+ }
+ spin_unlock_bh(&local->sub_if_lock);
+
+ if (sta_dev == NULL)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG, "MLME: Adding new IBSS station " MACSTR
+ " (dev=%s)", MAC2STR(addr), sta_dev->name);
+
+ sta = sta_info_add(wpa_s, addr);
+ if (sta == NULL) {
+ return NULL;
+ }
+
+ sta->dev = sta_dev;
+ sta->supp_rates = wpa_s->mlme.supp_rates_bits;
+
+ rate_control_rate_init(local, sta);
+
+ return sta; /* caller will call sta_info_release() */
+}
+#endif
+
+
+int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s, u16 reason)
+{
+ wpa_printf(MSG_DEBUG, "MLME: deauthenticate(reason=%d)", reason);
+
+ ieee80211_send_deauth(wpa_s, reason);
+ ieee80211_set_associated(wpa_s, 0);
+ return 0;
+}
+
+
+int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s, u16 reason)
+{
+ wpa_printf(MSG_DEBUG, "MLME: disassociate(reason=%d)", reason);
+
+ if (!wpa_s->mlme.associated)
+ return -1;
+
+ ieee80211_send_disassoc(wpa_s, reason);
+ ieee80211_set_associated(wpa_s, 0);
+ return 0;
+}
+
+
+void ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+ struct ieee80211_mgmt *mgmt;
+ u16 fc;
+ const u8 *pos;
+
+ /* wpa_hexdump(MSG_MSGDUMP, "MLME: Received frame", buf, len); */
+
+ if (wpa_s->mlme.sta_scanning) {
+ ieee80211_sta_rx_scan(wpa_s, buf, len, rx_status);
+ return;
+ }
+
+ if (len < 24)
+ return;
+
+ mgmt = (struct ieee80211_mgmt *) buf;
+ fc = le_to_host16(mgmt->frame_control);
+
+ if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
+ ieee80211_sta_rx_mgmt(wpa_s, buf, len, rx_status);
+ else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
+ if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) !=
+ WLAN_FC_FROMDS)
+ return;
+ /* mgmt->sa is actually BSSID for FromDS data frames */
+ if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0)
+ return;
+ /* Skip IEEE 802.11 and LLC headers */
+ pos = buf + 24 + 6;
+ if (WPA_GET_BE16(pos) != ETH_P_EAPOL)
+ return;
+ pos += 2;
+ /* mgmt->bssid is actually BSSID for SA data frames */
+ wpa_supplicant_rx_eapol(wpa_s, mgmt->bssid,
+ pos, buf + len - pos);
+ }
+}
+
+
+void ieee80211_sta_free_hw_features(struct wpa_hw_modes *hw_features,
+ size_t num_hw_features)
+{
+ size_t i;
+
+ if (hw_features == NULL)
+ return;
+
+ for (i = 0; i < num_hw_features; i++) {
+ os_free(hw_features[i].channels);
+ os_free(hw_features[i].rates);
+ }
+
+ os_free(hw_features);
+}
+
+
+int ieee80211_sta_init(struct wpa_supplicant *wpa_s)
+{
+ u16 num_modes, flags;
+
+ wpa_s->mlme.modes = wpa_drv_get_hw_feature_data(wpa_s, &num_modes,
+ &flags);
+ if (wpa_s->mlme.modes == NULL) {
+ wpa_printf(MSG_ERROR, "MLME: Failed to read supported "
+ "channels and rates from the driver");
+ return -1;
+ }
+
+ wpa_s->mlme.num_modes = num_modes;
+
+ wpa_s->mlme.hw_modes = 1 << WPA_MODE_IEEE80211A;
+ wpa_s->mlme.hw_modes |= 1 << WPA_MODE_IEEE80211B;
+ wpa_s->mlme.hw_modes |= 1 << WPA_MODE_IEEE80211G;
+
+ return 0;
+}
+
+
+void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s)
+{
+ eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
+ eloop_cancel_timeout(ieee80211_sta_scan_timer, wpa_s, NULL);
+ os_free(wpa_s->mlme.extra_ie);
+ wpa_s->mlme.extra_ie = NULL;
+ os_free(wpa_s->mlme.assocreq_ies);
+ wpa_s->mlme.assocreq_ies = NULL;
+ os_free(wpa_s->mlme.assocresp_ies);
+ wpa_s->mlme.assocresp_ies = NULL;
+ ieee80211_bss_list_deinit(wpa_s);
+ ieee80211_sta_free_hw_features(wpa_s->mlme.modes,
+ wpa_s->mlme.num_modes);
+}
--- /dev/null
+/*
+ * WPA Supplicant - Client mode MLME
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef MLME_H
+#define MLME_H
+
+#ifdef CONFIG_CLIENT_MLME
+
+int ieee80211_sta_init(struct wpa_supplicant *wpa_s);
+void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s);
+int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s, const u8 *ssid,
+ size_t ssid_len);
+int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s, u16 reason);
+int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s, u16 reason);
+int ieee80211_sta_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_driver_associate_params *params);
+int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid,
+ size_t *len);
+void ieee80211_sta_free_hw_features(struct wpa_hw_modes *hw_features,
+ size_t num_hw_features);
+void ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len,
+ struct ieee80211_rx_status *rx_status);
+int ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *results,
+ size_t max_size);
+
+#else /* CONFIG_CLIENT_MLME */
+
+static inline int ieee80211_sta_init(struct wpa_supplicant *wpa_s)
+{
+ return 0;
+}
+
+static inline void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s,
+ const u8 *ssid, size_t ssid_len)
+{
+ return -1;
+}
+
+static inline int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s,
+ u16 reason)
+{
+ return -1;
+}
+
+static inline int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s,
+ u16 reason)
+{
+ return -1;
+}
+
+static inline int
+ieee80211_sta_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_driver_associate_params *params)
+{
+ return -1;
+}
+
+static inline int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s,
+ u8 *ssid, size_t *len)
+{
+ return -1;
+}
+
+static inline void
+ieee80211_sta_free_hw_features(struct wpa_hw_modes *hw_features,
+ size_t num_hw_features)
+{
+}
+
+static inline void
+ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len,
+ struct ieee80211_rx_status *rx_status)
+{
+}
+
+static inline int
+ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ return -1;
+}
+
+#endif /* CONFIG_CLIENT_MLME */
+
+#endif /* MLME_H */
--- /dev/null
+/*
+ * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "ms_funcs.h"
+#include "crypto.h"
+#include "rc4.h"
+
+
+/**
+ * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2
+ * @peer_challenge: 16-octet PeerChallenge (IN)
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+ * @challenge: 8-octet Challenge (OUT)
+ */
+static void challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge)
+{
+ u8 hash[SHA1_MAC_LEN];
+ const unsigned char *addr[3];
+ size_t len[3];
+
+ addr[0] = peer_challenge;
+ len[0] = 16;
+ addr[1] = auth_challenge;
+ len[1] = 16;
+ addr[2] = username;
+ len[2] = username_len;
+
+ sha1_vector(3, addr, len, hash);
+ os_memcpy(challenge, hash, 8);
+}
+
+
+/**
+ * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
+ * @password_len: Length of password
+ * @password_hash: 16-octet PasswordHash (OUT)
+ */
+void nt_password_hash(const u8 *password, size_t password_len,
+ u8 *password_hash)
+{
+ u8 buf[512], *pos;
+ size_t i, len;
+
+ if (password_len > 256)
+ return;
+
+ /* Convert password into unicode */
+ for (i = 0; i < password_len; i++) {
+ buf[2 * i] = password[i];
+ buf[2 * i + 1] = 0;
+ }
+
+ len = password_len * 2;
+ pos = buf;
+ md4_vector(1, (const u8 **) &pos, &len, password_hash);
+}
+
+
+/**
+ * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @password_hash_hash: 16-octet PasswordHashHash (OUT)
+ */
+void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
+{
+ size_t len = 16;
+ md4_vector(1, &password_hash, &len, password_hash_hash);
+}
+
+
+/**
+ * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5
+ * @challenge: 8-octet Challenge (IN)
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @response: 24-octet Response (OUT)
+ */
+void challenge_response(const u8 *challenge, const u8 *password_hash,
+ u8 *response)
+{
+ u8 zpwd[7];
+ des_encrypt(challenge, password_hash, response);
+ des_encrypt(challenge, password_hash + 7, response + 8);
+ zpwd[0] = password_hash[14];
+ zpwd[1] = password_hash[15];
+ os_memset(zpwd + 2, 0, 5);
+ des_encrypt(challenge, zpwd, response + 16);
+}
+
+
+/**
+ * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
+ * @peer_hallenge: 16-octet PeerChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
+ * @password_len: Length of password
+ * @response: 24-octet Response (OUT)
+ */
+void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *password, size_t password_len,
+ u8 *response)
+{
+ u8 challenge[8];
+ u8 password_hash[16];
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len,
+ challenge);
+ nt_password_hash(password, password_len, password_hash);
+ challenge_response(challenge, password_hash, response);
+}
+
+
+/**
+ * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
+ * @peer_hallenge: 16-octet PeerChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @response: 24-octet Response (OUT)
+ */
+void generate_nt_response_pwhash(const u8 *auth_challenge,
+ const u8 *peer_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *password_hash,
+ u8 *response)
+{
+ u8 challenge[8];
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len,
+ challenge);
+ challenge_response(challenge, password_hash, response);
+}
+
+
+/**
+ * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @nt_response: 24-octet NT-Response (IN)
+ * @peer_challenge: 16-octet PeerChallenge (IN)
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+ * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
+ * encoded as a 42-octet ASCII string (S=<hexdump of response>)
+ */
+void generate_authenticator_response_pwhash(
+ const u8 *password_hash,
+ const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *nt_response, u8 *response)
+{
+ static const u8 magic1[39] = {
+ 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
+ 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
+ 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
+ 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
+ };
+ static const u8 magic2[41] = {
+ 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
+ 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
+ 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
+ 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
+ 0x6E
+ };
+
+ u8 password_hash_hash[16], challenge[8];
+ const unsigned char *addr1[3];
+ const size_t len1[3] = { 16, 24, sizeof(magic1) };
+ const unsigned char *addr2[3];
+ const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) };
+
+ addr1[0] = password_hash_hash;
+ addr1[1] = nt_response;
+ addr1[2] = magic1;
+
+ addr2[0] = response;
+ addr2[1] = challenge;
+ addr2[2] = magic2;
+
+ hash_nt_password_hash(password_hash, password_hash_hash);
+ sha1_vector(3, addr1, len1, response);
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len,
+ challenge);
+ sha1_vector(3, addr2, len2, response);
+}
+
+
+/**
+ * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
+ * @password_len: Length of password
+ * @nt_response: 24-octet NT-Response (IN)
+ * @peer_challenge: 16-octet PeerChallenge (IN)
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
+ * @username: 0-to-256-char UserName (IN)
+ * @username_len: Length of username
+ * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
+ * encoded as a 42-octet ASCII string (S=<hexdump of response>)
+ */
+void generate_authenticator_response(const u8 *password, size_t password_len,
+ const u8 *peer_challenge,
+ const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *nt_response, u8 *response)
+{
+ u8 password_hash[16];
+ nt_password_hash(password, password_len, password_hash);
+ generate_authenticator_response_pwhash(password_hash,
+ peer_challenge, auth_challenge,
+ username, username_len,
+ nt_response, response);
+}
+
+
+/**
+ * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5
+ * @challenge: 8-octet Challenge (IN)
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
+ * @password_len: Length of password
+ * @response: 24-octet Response (OUT)
+ */
+void nt_challenge_response(const u8 *challenge, const u8 *password,
+ size_t password_len, u8 *response)
+{
+ u8 password_hash[16];
+ nt_password_hash(password, password_len, password_hash);
+ challenge_response(challenge, password_hash, response);
+}
+
+
+/**
+ * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4
+ * @password_hash_hash: 16-octet PasswordHashHash (IN)
+ * @nt_response: 24-octet NTResponse (IN)
+ * @master_key: 16-octet MasterKey (OUT)
+ */
+void get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
+ u8 *master_key)
+{
+ static const u8 magic1[27] = {
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
+ };
+ const unsigned char *addr[3];
+ const size_t len[3] = { 16, 24, sizeof(magic1) };
+ u8 hash[SHA1_MAC_LEN];
+
+ addr[0] = password_hash_hash;
+ addr[1] = nt_response;
+ addr[2] = magic1;
+
+ sha1_vector(3, addr, len, hash);
+ os_memcpy(master_key, hash, 16);
+}
+
+
+/**
+ * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4
+ * @master_key: 16-octet MasterKey (IN)
+ * @session_key: 8-to-16 octet SessionKey (OUT)
+ * @session_key_len: SessionKeyLength (Length of session_key) (IN)
+ * @is_send: IsSend (IN, BOOLEAN)
+ * @is_server: IsServer (IN, BOOLEAN)
+ */
+void get_asymetric_start_key(const u8 *master_key, u8 *session_key,
+ size_t session_key_len, int is_send,
+ int is_server)
+{
+ static const u8 magic2[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+ static const u8 magic3[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+ static const u8 shs_pad1[40] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+
+ static const u8 shs_pad2[40] = {
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2
+ };
+ u8 digest[SHA1_MAC_LEN];
+ const unsigned char *addr[4];
+ const size_t len[4] = { 16, 40, 84, 40 };
+
+ addr[0] = master_key;
+ addr[1] = shs_pad1;
+ if (is_send) {
+ addr[2] = is_server ? magic3 : magic2;
+ } else {
+ addr[2] = is_server ? magic2 : magic3;
+ }
+ addr[3] = shs_pad2;
+
+ sha1_vector(4, addr, len, digest);
+
+ if (session_key_len > SHA1_MAC_LEN)
+ session_key_len = SHA1_MAC_LEN;
+ os_memcpy(session_key, digest, session_key_len);
+}
+
+
+#define PWBLOCK_LEN 516
+
+/**
+ * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
+ * @password_len: Length of password
+ * @password_hash: 16-octet PasswordHash (IN)
+ * @pw_block: 516-byte PwBlock (OUT)
+ */
+static void encrypt_pw_block_with_password_hash(
+ const u8 *password, size_t password_len,
+ const u8 *password_hash, u8 *pw_block)
+{
+ size_t i, offset;
+ u8 *pos;
+
+ if (password_len > 256)
+ return;
+
+ os_memset(pw_block, 0, PWBLOCK_LEN);
+ offset = (256 - password_len) * 2;
+ os_get_random(pw_block, offset);
+ for (i = 0; i < password_len; i++)
+ pw_block[offset + i * 2] = password[i];
+ /*
+ * PasswordLength is 4 octets, but since the maximum password length is
+ * 256, only first two (in little endian byte order) can be non-zero.
+ */
+ pos = &pw_block[2 * 256];
+ WPA_PUT_LE16(pos, password_len * 2);
+ rc4(pw_block, PWBLOCK_LEN, password_hash, 16);
+}
+
+
+/**
+ * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9
+ * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
+ * @new_password_len: Length of new_password
+ * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
+ * @old_password_len: Length of old_password
+ * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT)
+ */
+void new_password_encrypted_with_old_nt_password_hash(
+ const u8 *new_password, size_t new_password_len,
+ const u8 *old_password, size_t old_password_len,
+ u8 *encrypted_pw_block)
+{
+ u8 password_hash[16];
+
+ nt_password_hash(old_password, old_password_len, password_hash);
+ encrypt_pw_block_with_password_hash(new_password, new_password_len,
+ password_hash, encrypted_pw_block);
+}
+
+
+/**
+ * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13
+ * @password_hash: 16-octer PasswordHash (IN)
+ * @block: 16-octet Block (IN)
+ * @cypher: 16-octer Cypher (OUT)
+ */
+static void nt_password_hash_encrypted_with_block(const u8 *password_hash,
+ const u8 *block,
+ u8 *cypher)
+{
+ des_encrypt(password_hash, block, cypher);
+ des_encrypt(password_hash + 8, block + 7, cypher + 8);
+}
+
+
+/**
+ * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12
+ * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
+ * @new_password_len: Length of new_password
+ * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
+ * @old_password_len: Length of old_password
+ * @encrypted_password_ash: 16-octet EncryptedPasswordHash (OUT)
+ */
+void old_nt_password_hash_encrypted_with_new_nt_password_hash(
+ const u8 *new_password, size_t new_password_len,
+ const u8 *old_password, size_t old_password_len,
+ u8 *encrypted_password_hash)
+{
+ u8 old_password_hash[16], new_password_hash[16];
+
+ nt_password_hash(old_password, old_password_len, old_password_hash);
+ nt_password_hash(new_password, new_password_len, new_password_hash);
+ nt_password_hash_encrypted_with_block(old_password_hash,
+ new_password_hash,
+ encrypted_password_hash);
+}
--- /dev/null
+/*
+ * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef MS_FUNCS_H
+#define MS_FUNCS_H
+
+void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *password, size_t password_len,
+ u8 *response);
+void generate_nt_response_pwhash(const u8 *auth_challenge,
+ const u8 *peer_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *password_hash,
+ u8 *response);
+void generate_authenticator_response(const u8 *password, size_t password_len,
+ const u8 *peer_challenge,
+ const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *nt_response, u8 *response);
+void generate_authenticator_response_pwhash(
+ const u8 *password_hash,
+ const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ const u8 *nt_response, u8 *response);
+void nt_challenge_response(const u8 *challenge, const u8 *password,
+ size_t password_len, u8 *response);
+
+void challenge_response(const u8 *challenge, const u8 *password_hash,
+ u8 *response);
+void nt_password_hash(const u8 *password, size_t password_len,
+ u8 *password_hash);
+void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash);
+void get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
+ u8 *master_key);
+void get_asymetric_start_key(const u8 *master_key, u8 *session_key,
+ size_t session_key_len, int is_send,
+ int is_server);
+void new_password_encrypted_with_old_nt_password_hash(
+ const u8 *new_password, size_t new_password_len,
+ const u8 *old_password, size_t old_password_len,
+ u8 *encrypted_pw_block);
+void old_nt_password_hash_encrypted_with_new_nt_password_hash(
+ const u8 *new_password, size_t new_password_len,
+ const u8 *old_password, size_t old_password_len,
+ u8 *encrypted_password_hash);
+
+#endif /* MS_FUNCS_H */
--- /dev/null
+/*
+ * ndis_events - Receive NdisMIndicateStatus() events using WMI
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#define _WIN32_WINNT 0x0400
+
+#include "includes.h"
+
+#ifndef COBJMACROS
+#define COBJMACROS
+#endif /* COBJMACROS */
+#include <wbemidl.h>
+
+#include "common.h"
+
+
+static int wmi_refcnt = 0;
+static int wmi_first = 1;
+
+struct ndis_events_data {
+ IWbemObjectSink sink;
+ IWbemObjectSinkVtbl sink_vtbl;
+
+ IWbemServices *pSvc;
+ IWbemLocator *pLoc;
+
+ HANDLE read_pipe, write_pipe, event_avail;
+ UINT ref;
+ int terminating;
+ char *ifname; /* {GUID..} */
+ WCHAR *adapter_desc;
+};
+
+#define BstrAlloc(x) (x) ? SysAllocString(x) : NULL
+#define BstrFree(x) if (x) SysFreeString(x)
+
+/* WBEM / WMI wrapper functions, to perform in-place conversion of WCHARs to
+ * BSTRs */
+HRESULT STDMETHODCALLTYPE call_IWbemServices_ExecQuery(
+ IWbemServices *pSvc, LPCWSTR strQueryLanguage, LPCWSTR strQuery,
+ long lFlags, IWbemContext *pCtx, IEnumWbemClassObject **ppEnum)
+{
+ BSTR bsQueryLanguage, bsQuery;
+ HRESULT hr;
+
+ bsQueryLanguage = BstrAlloc(strQueryLanguage);
+ bsQuery = BstrAlloc(strQuery);
+
+ hr = IWbemServices_ExecQuery(pSvc, bsQueryLanguage, bsQuery, lFlags,
+ pCtx, ppEnum);
+
+ BstrFree(bsQueryLanguage);
+ BstrFree(bsQuery);
+
+ return hr;
+}
+
+
+HRESULT STDMETHODCALLTYPE call_IWbemServices_ExecNotificationQueryAsync(
+ IWbemServices *pSvc, LPCWSTR strQueryLanguage, LPCWSTR strQuery,
+ long lFlags, IWbemContext *pCtx, IWbemObjectSink *pResponseHandler)
+{
+ BSTR bsQueryLanguage, bsQuery;
+ HRESULT hr;
+
+ bsQueryLanguage = BstrAlloc(strQueryLanguage);
+ bsQuery = BstrAlloc(strQuery);
+
+ hr = IWbemServices_ExecNotificationQueryAsync(pSvc, bsQueryLanguage,
+ bsQuery, lFlags, pCtx,
+ pResponseHandler);
+
+ BstrFree(bsQueryLanguage);
+ BstrFree(bsQuery);
+
+ return hr;
+}
+
+
+HRESULT STDMETHODCALLTYPE call_IWbemLocator_ConnectServer(
+ IWbemLocator *pLoc, LPCWSTR strNetworkResource, LPCWSTR strUser,
+ LPCWSTR strPassword, LPCWSTR strLocale, long lSecurityFlags,
+ LPCWSTR strAuthority, IWbemContext *pCtx, IWbemServices **ppNamespace)
+{
+ BSTR bsNetworkResource, bsUser, bsPassword, bsLocale, bsAuthority;
+ HRESULT hr;
+
+ bsNetworkResource = BstrAlloc(strNetworkResource);
+ bsUser = BstrAlloc(strUser);
+ bsPassword = BstrAlloc(strPassword);
+ bsLocale = BstrAlloc(strLocale);
+ bsAuthority = BstrAlloc(strAuthority);
+
+ hr = IWbemLocator_ConnectServer(pLoc, bsNetworkResource, bsUser,
+ bsPassword, bsLocale, lSecurityFlags,
+ bsAuthority, pCtx, ppNamespace);
+
+ BstrFree(bsNetworkResource);
+ BstrFree(bsUser);
+ BstrFree(bsPassword);
+ BstrFree(bsLocale);
+ BstrFree(bsAuthority);
+
+ return hr;
+}
+
+
+enum event_types { EVENT_CONNECT, EVENT_DISCONNECT, EVENT_MEDIA_SPECIFIC,
+ EVENT_ADAPTER_ARRIVAL, EVENT_ADAPTER_REMOVAL };
+
+static int ndis_events_get_adapter(struct ndis_events_data *events,
+ const char *ifname, const char *desc);
+
+
+static int ndis_events_constructor(struct ndis_events_data *events)
+{
+ events->ref = 1;
+
+ if (!CreatePipe(&events->read_pipe, &events->write_pipe, NULL, 512)) {
+ wpa_printf(MSG_ERROR, "CreatePipe() failed: %d",
+ (int) GetLastError());
+ return -1;
+ }
+ events->event_avail = CreateEvent(NULL, TRUE, FALSE, NULL);
+ if (events->event_avail == NULL) {
+ wpa_printf(MSG_ERROR, "CreateEvent() failed: %d",
+ (int) GetLastError());
+ CloseHandle(events->read_pipe);
+ CloseHandle(events->write_pipe);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static void ndis_events_destructor(struct ndis_events_data *events)
+{
+ CloseHandle(events->read_pipe);
+ CloseHandle(events->write_pipe);
+ CloseHandle(events->event_avail);
+ IWbemServices_Release(events->pSvc);
+ IWbemLocator_Release(events->pLoc);
+ if (--wmi_refcnt == 0)
+ CoUninitialize();
+}
+
+
+static HRESULT STDMETHODCALLTYPE
+ndis_events_query_interface(IWbemObjectSink *this, REFIID riid, void **obj)
+{
+ *obj = NULL;
+
+ if (IsEqualIID(riid, &IID_IUnknown) ||
+ IsEqualIID(riid, &IID_IWbemObjectSink)) {
+ *obj = this;
+ IWbemObjectSink_AddRef(this);
+ return NOERROR;
+ }
+
+ return E_NOINTERFACE;
+}
+
+
+static ULONG STDMETHODCALLTYPE ndis_events_add_ref(IWbemObjectSink *this)
+{
+ struct ndis_events_data *events = (struct ndis_events_data *) this;
+ return ++events->ref;
+}
+
+
+static ULONG STDMETHODCALLTYPE ndis_events_release(IWbemObjectSink *this)
+{
+ struct ndis_events_data *events = (struct ndis_events_data *) this;
+
+ if (--events->ref != 0)
+ return events->ref;
+
+ ndis_events_destructor(events);
+ wpa_printf(MSG_DEBUG, "ndis_events: terminated");
+ os_free(events->adapter_desc);
+ os_free(events->ifname);
+ os_free(events);
+ return 0;
+}
+
+
+static int ndis_events_send_event(struct ndis_events_data *events,
+ enum event_types type,
+ char *data, size_t data_len)
+{
+ char buf[512], *pos, *end;
+ int _type;
+ DWORD written;
+
+ end = buf + sizeof(buf);
+ _type = (int) type;
+ os_memcpy(buf, &_type, sizeof(_type));
+ pos = buf + sizeof(_type);
+
+ if (data) {
+ if (2 + data_len > (size_t) (end - pos)) {
+ wpa_printf(MSG_DEBUG, "Not enough room for send_event "
+ "data (%d)", data_len);
+ return -1;
+ }
+ *pos++ = data_len >> 8;
+ *pos++ = data_len & 0xff;
+ os_memcpy(pos, data, data_len);
+ pos += data_len;
+ }
+
+ if (WriteFile(events->write_pipe, buf, pos - buf, &written, NULL)) {
+ SetEvent(events->event_avail);
+ return 0;
+ }
+ wpa_printf(MSG_INFO, "WriteFile() failed: %d", (int) GetLastError());
+ return -1;
+}
+
+
+static void ndis_events_media_connect(struct ndis_events_data *events)
+{
+ wpa_printf(MSG_DEBUG, "MSNdis_StatusMediaConnect");
+ ndis_events_send_event(events, EVENT_CONNECT, NULL, 0);
+}
+
+
+static void ndis_events_media_disconnect(struct ndis_events_data *events)
+{
+ wpa_printf(MSG_DEBUG, "MSNdis_StatusMediaDisconnect");
+ ndis_events_send_event(events, EVENT_DISCONNECT, NULL, 0);
+}
+
+
+static void ndis_events_media_specific(struct ndis_events_data *events,
+ IWbemClassObject *pObj)
+{
+ VARIANT vt;
+ HRESULT hr;
+ LONG lower, upper, k;
+ UCHAR ch;
+ char *data, *pos;
+ size_t data_len;
+
+ wpa_printf(MSG_DEBUG, "MSNdis_StatusMediaSpecificIndication");
+
+ /* This is the StatusBuffer from NdisMIndicateStatus() call */
+ hr = IWbemClassObject_Get(pObj, L"NdisStatusMediaSpecificIndication",
+ 0, &vt, NULL, NULL);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_DEBUG, "Could not get "
+ "NdisStatusMediaSpecificIndication from "
+ "the object?!");
+ return;
+ }
+
+ SafeArrayGetLBound(V_ARRAY(&vt), 1, &lower);
+ SafeArrayGetUBound(V_ARRAY(&vt), 1, &upper);
+ data_len = upper - lower + 1;
+ data = os_malloc(data_len);
+ if (data == NULL) {
+ wpa_printf(MSG_DEBUG, "Failed to allocate buffer for event "
+ "data");
+ VariantClear(&vt);
+ return;
+ }
+
+ pos = data;
+ for (k = lower; k <= upper; k++) {
+ SafeArrayGetElement(V_ARRAY(&vt), &k, &ch);
+ *pos++ = ch;
+ }
+ wpa_hexdump(MSG_DEBUG, "MediaSpecificEvent", data, data_len);
+
+ VariantClear(&vt);
+
+ ndis_events_send_event(events, EVENT_MEDIA_SPECIFIC, data, data_len);
+
+ os_free(data);
+}
+
+
+static void ndis_events_adapter_arrival(struct ndis_events_data *events)
+{
+ wpa_printf(MSG_DEBUG, "MSNdis_NotifyAdapterArrival");
+ ndis_events_send_event(events, EVENT_ADAPTER_ARRIVAL, NULL, 0);
+}
+
+
+static void ndis_events_adapter_removal(struct ndis_events_data *events)
+{
+ wpa_printf(MSG_DEBUG, "MSNdis_NotifyAdapterRemoval");
+ ndis_events_send_event(events, EVENT_ADAPTER_REMOVAL, NULL, 0);
+}
+
+
+static HRESULT STDMETHODCALLTYPE
+ndis_events_indicate(IWbemObjectSink *this, long lObjectCount,
+ IWbemClassObject __RPC_FAR *__RPC_FAR *ppObjArray)
+{
+ struct ndis_events_data *events = (struct ndis_events_data *) this;
+ long i;
+
+ if (events->terminating) {
+ wpa_printf(MSG_DEBUG, "ndis_events_indicate: Ignore "
+ "indication - terminating");
+ return WBEM_NO_ERROR;
+ }
+ /* wpa_printf(MSG_DEBUG, "Notification received - %d object(s)",
+ lObjectCount); */
+
+ for (i = 0; i < lObjectCount; i++) {
+ IWbemClassObject *pObj = ppObjArray[i];
+ HRESULT hr;
+ VARIANT vtClass, vt;
+
+ hr = IWbemClassObject_Get(pObj, L"__CLASS", 0, &vtClass, NULL,
+ NULL);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_DEBUG, "Failed to get __CLASS from "
+ "event.");
+ break;
+ }
+ /* wpa_printf(MSG_DEBUG, "CLASS: '%S'", vtClass.bstrVal); */
+
+ hr = IWbemClassObject_Get(pObj, L"InstanceName", 0, &vt, NULL,
+ NULL);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_DEBUG, "Failed to get InstanceName "
+ "from event.");
+ VariantClear(&vtClass);
+ break;
+ }
+
+ if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_NotifyAdapterArrival") == 0) {
+ wpa_printf(MSG_DEBUG, "ndis_events_indicate: Try to "
+ "update adapter description since it may "
+ "have changed with new adapter instance");
+ ndis_events_get_adapter(events, events->ifname, NULL);
+ }
+
+ if (wcscmp(events->adapter_desc, vt.bstrVal) != 0) {
+ wpa_printf(MSG_DEBUG, "ndis_events_indicate: Ignore "
+ "indication for foreign adapter: "
+ "InstanceName: '%S' __CLASS: '%S'",
+ vt.bstrVal, vtClass.bstrVal);
+ VariantClear(&vtClass);
+ VariantClear(&vt);
+ continue;
+ }
+ VariantClear(&vt);
+
+ if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_StatusMediaSpecificIndication") == 0) {
+ ndis_events_media_specific(events, pObj);
+ } else if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_StatusMediaConnect") == 0) {
+ ndis_events_media_connect(events);
+ } else if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_StatusMediaDisconnect") == 0) {
+ ndis_events_media_disconnect(events);
+ } else if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_NotifyAdapterArrival") == 0) {
+ ndis_events_adapter_arrival(events);
+ } else if (wcscmp(vtClass.bstrVal,
+ L"MSNdis_NotifyAdapterRemoval") == 0) {
+ ndis_events_adapter_removal(events);
+ } else {
+ wpa_printf(MSG_DEBUG, "Unepected event - __CLASS: "
+ "'%S'", vtClass.bstrVal);
+ }
+
+ VariantClear(&vtClass);
+ }
+
+ return WBEM_NO_ERROR;
+}
+
+
+static HRESULT STDMETHODCALLTYPE
+ndis_events_set_status(IWbemObjectSink *this, long lFlags, HRESULT hResult,
+ BSTR strParam, IWbemClassObject __RPC_FAR *pObjParam)
+{
+ return WBEM_NO_ERROR;
+}
+
+
+static int notification_query(IWbemObjectSink *pDestSink,
+ IWbemServices *pSvc, const char *class_name)
+{
+ HRESULT hr;
+ WCHAR query[256];
+
+ _snwprintf(query, 256,
+ L"SELECT * FROM %S", class_name);
+ wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
+ hr = call_IWbemServices_ExecNotificationQueryAsync(
+ pSvc, L"WQL", query, 0, 0, pDestSink);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_DEBUG, "ExecNotificationQueryAsync for %s "
+ "failed with hresult of 0x%x",
+ class_name, (int) hr);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int register_async_notification(IWbemObjectSink *pDestSink,
+ IWbemServices *pSvc)
+{
+ int i;
+ const char *class_list[] = {
+ "MSNdis_StatusMediaConnect",
+ "MSNdis_StatusMediaDisconnect",
+ "MSNdis_StatusMediaSpecificIndication",
+ "MSNdis_NotifyAdapterArrival",
+ "MSNdis_NotifyAdapterRemoval",
+ NULL
+ };
+
+ for (i = 0; class_list[i]; i++) {
+ if (notification_query(pDestSink, pSvc, class_list[i]) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void ndis_events_deinit(struct ndis_events_data *events)
+{
+ events->terminating = 1;
+ IWbemServices_CancelAsyncCall(events->pSvc, &events->sink);
+ IWbemObjectSink_Release(&events->sink);
+ /*
+ * Rest of deinitialization is done in ndis_events_destructor() once
+ * all reference count drops to zero.
+ */
+}
+
+
+static int ndis_events_use_desc(struct ndis_events_data *events,
+ const char *desc)
+{
+ char *tmp, *pos;
+ size_t len;
+
+ if (desc == NULL) {
+ if (events->adapter_desc == NULL)
+ return -1;
+ /* Continue using old description */
+ return 0;
+ }
+
+ tmp = os_strdup(desc);
+ if (tmp == NULL)
+ return -1;
+
+ pos = os_strstr(tmp, " (Microsoft's Packet Scheduler)");
+ if (pos)
+ *pos = '\0';
+
+ len = os_strlen(tmp);
+ events->adapter_desc = os_malloc((len + 1) * sizeof(WCHAR));
+ if (events->adapter_desc == NULL) {
+ os_free(tmp);
+ return -1;
+ }
+ _snwprintf(events->adapter_desc, len + 1, L"%S", tmp);
+ os_free(tmp);
+ return 0;
+}
+
+
+static int ndis_events_get_adapter(struct ndis_events_data *events,
+ const char *ifname, const char *desc)
+{
+ HRESULT hr;
+ IWbemServices *pSvc;
+#define MAX_QUERY_LEN 256
+ WCHAR query[MAX_QUERY_LEN];
+ IEnumWbemClassObject *pEnumerator;
+ IWbemClassObject *pObj;
+ ULONG uReturned;
+ VARIANT vt;
+ int len, pos;
+
+ /*
+ * Try to get adapter descriptor through WMI CIMv2 Win32_NetworkAdapter
+ * to have better probability of matching with InstanceName from
+ * MSNdis events. If this fails, use the provided description.
+ */
+
+ os_free(events->adapter_desc);
+ events->adapter_desc = NULL;
+
+ hr = call_IWbemLocator_ConnectServer(
+ events->pLoc, L"ROOT\\CIMV2", NULL, NULL, 0, 0, 0, 0, &pSvc);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_ERROR, "ndis_events: Could not connect to WMI "
+ "server (ROOT\\CIMV2) - error 0x%x", (int) hr);
+ return ndis_events_use_desc(events, desc);
+ }
+ wpa_printf(MSG_DEBUG, "ndis_events: Connected to ROOT\\CIMV2.");
+
+ _snwprintf(query, MAX_QUERY_LEN,
+ L"SELECT Index FROM Win32_NetworkAdapterConfiguration "
+ L"WHERE SettingID='%S'", ifname);
+ wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
+
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
+ "GUID from Win32_NetworkAdapterConfiguration: "
+ "0x%x", (int) hr);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+
+ uReturned = 0;
+ hr = IEnumWbemClassObject_Next(pEnumerator, WBEM_INFINITE, 1,
+ &pObj, &uReturned);
+ if (!SUCCEEDED(hr) || uReturned == 0) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to find interface "
+ "GUID from Win32_NetworkAdapterConfiguration: "
+ "0x%x", (int) hr);
+ IEnumWbemClassObject_Release(pEnumerator);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+ IEnumWbemClassObject_Release(pEnumerator);
+
+ VariantInit(&vt);
+ hr = IWbemClassObject_Get(pObj, L"Index", 0, &vt, NULL, NULL);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to get Index from "
+ "Win32_NetworkAdapterConfiguration: 0x%x",
+ (int) hr);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+
+ _snwprintf(query, MAX_QUERY_LEN,
+ L"SELECT Name,PNPDeviceID FROM Win32_NetworkAdapter WHERE "
+ L"Index=%d",
+ vt.uintVal);
+ wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
+ VariantClear(&vt);
+ IWbemClassObject_Release(pObj);
+
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
+ "from Win32_NetworkAdapter: 0x%x", (int) hr);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+
+ uReturned = 0;
+ hr = IEnumWbemClassObject_Next(pEnumerator, WBEM_INFINITE, 1,
+ &pObj, &uReturned);
+ if (!SUCCEEDED(hr) || uReturned == 0) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to find interface "
+ "from Win32_NetworkAdapter: 0x%x", (int) hr);
+ IEnumWbemClassObject_Release(pEnumerator);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+ IEnumWbemClassObject_Release(pEnumerator);
+
+ hr = IWbemClassObject_Get(pObj, L"Name", 0, &vt, NULL, NULL);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to get Name from "
+ "Win32_NetworkAdapter: 0x%x", (int) hr);
+ IWbemClassObject_Release(pObj);
+ IWbemServices_Release(pSvc);
+ return ndis_events_use_desc(events, desc);
+ }
+
+ wpa_printf(MSG_DEBUG, "ndis_events: Win32_NetworkAdapter::Name='%S'",
+ vt.bstrVal);
+ events->adapter_desc = _wcsdup(vt.bstrVal);
+ VariantClear(&vt);
+
+ /*
+ * Try to get even better candidate for matching with InstanceName
+ * from Win32_PnPEntity. This is needed at least for some USB cards
+ * that can change the InstanceName whenever being unplugged and
+ * plugged again.
+ */
+
+ hr = IWbemClassObject_Get(pObj, L"PNPDeviceID", 0, &vt, NULL, NULL);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to get PNPDeviceID "
+ "from Win32_NetworkAdapter: 0x%x", (int) hr);
+ IWbemClassObject_Release(pObj);
+ IWbemServices_Release(pSvc);
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+ return 0; /* use Win32_NetworkAdapter::Name */
+ }
+
+ wpa_printf(MSG_DEBUG, "ndis_events: Win32_NetworkAdapter::PNPDeviceID="
+ "'%S'", vt.bstrVal);
+
+ len = _snwprintf(query, MAX_QUERY_LEN,
+ L"SELECT Name FROM Win32_PnPEntity WHERE DeviceID='");
+ if (len < 0 || len >= MAX_QUERY_LEN - 1) {
+ VariantClear(&vt);
+ IWbemClassObject_Release(pObj);
+ IWbemServices_Release(pSvc);
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+ return 0; /* use Win32_NetworkAdapter::Name */
+ }
+
+ /* Escape \ as \\ */
+ for (pos = 0; vt.bstrVal[pos] && len < MAX_QUERY_LEN - 2; pos++) {
+ if (vt.bstrVal[pos] == '\\') {
+ if (len >= MAX_QUERY_LEN - 3)
+ break;
+ query[len++] = '\\';
+ }
+ query[len++] = vt.bstrVal[pos];
+ }
+ query[len++] = L'\'';
+ query[len] = L'\0';
+ VariantClear(&vt);
+ IWbemClassObject_Release(pObj);
+ wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
+
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
+ "Name from Win32_PnPEntity: 0x%x", (int) hr);
+ IWbemServices_Release(pSvc);
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+ return 0; /* use Win32_NetworkAdapter::Name */
+ }
+
+ uReturned = 0;
+ hr = IEnumWbemClassObject_Next(pEnumerator, WBEM_INFINITE, 1,
+ &pObj, &uReturned);
+ if (!SUCCEEDED(hr) || uReturned == 0) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to find interface "
+ "from Win32_PnPEntity: 0x%x", (int) hr);
+ IEnumWbemClassObject_Release(pEnumerator);
+ IWbemServices_Release(pSvc);
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+ return 0; /* use Win32_NetworkAdapter::Name */
+ }
+ IEnumWbemClassObject_Release(pEnumerator);
+
+ hr = IWbemClassObject_Get(pObj, L"Name", 0, &vt, NULL, NULL);
+ if (!SUCCEEDED(hr)) {
+ wpa_printf(MSG_DEBUG, "ndis_events: Failed to get Name from "
+ "Win32_PnPEntity: 0x%x", (int) hr);
+ IWbemClassObject_Release(pObj);
+ IWbemServices_Release(pSvc);
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+ return 0; /* use Win32_NetworkAdapter::Name */
+ }
+
+ wpa_printf(MSG_DEBUG, "ndis_events: Win32_PnPEntity::Name='%S'",
+ vt.bstrVal);
+ os_free(events->adapter_desc);
+ events->adapter_desc = _wcsdup(vt.bstrVal);
+ VariantClear(&vt);
+
+ IWbemClassObject_Release(pObj);
+
+ IWbemServices_Release(pSvc);
+
+ if (events->adapter_desc == NULL)
+ return ndis_events_use_desc(events, desc);
+
+ return 0;
+}
+
+
+struct ndis_events_data *
+ndis_events_init(HANDLE *read_pipe, HANDLE *event_avail,
+ const char *ifname, const char *desc)
+{
+ HRESULT hr;
+ IWbemObjectSink *pSink;
+ struct ndis_events_data *events;
+
+ events = os_zalloc(sizeof(*events));
+ if (events == NULL) {
+ wpa_printf(MSG_ERROR, "Could not allocate sink for events.");
+ return NULL;
+ }
+ events->ifname = os_strdup(ifname);
+ if (events->ifname == NULL) {
+ os_free(events);
+ return NULL;
+ }
+
+ if (wmi_refcnt++ == 0) {
+ hr = CoInitializeEx(0, COINIT_MULTITHREADED);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_ERROR, "CoInitializeEx() failed - "
+ "returned 0x%x", (int) hr);
+ os_free(events);
+ return NULL;
+ }
+ }
+
+ if (wmi_first) {
+ /* CoInitializeSecurity() must be called once and only once
+ * per process, so let's use wmi_first flag to protect against
+ * multiple calls. */
+ wmi_first = 0;
+
+ hr = CoInitializeSecurity(NULL, -1, NULL, NULL,
+ RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
+ RPC_C_IMP_LEVEL_IMPERSONATE,
+ NULL, EOAC_SECURE_REFS, NULL);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_ERROR, "CoInitializeSecurity() failed "
+ "- returned 0x%x", (int) hr);
+ os_free(events);
+ return NULL;
+ }
+ }
+
+ hr = CoCreateInstance(&CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER,
+ &IID_IWbemLocator, (LPVOID *) &events->pLoc);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_ERROR, "CoCreateInstance() failed - returned "
+ "0x%x", (int) hr);
+ CoUninitialize();
+ os_free(events);
+ return NULL;
+ }
+
+ if (ndis_events_get_adapter(events, ifname, desc) < 0) {
+ CoUninitialize();
+ os_free(events);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "ndis_events: use adapter descriptor '%S'",
+ events->adapter_desc);
+
+ hr = call_IWbemLocator_ConnectServer(
+ events->pLoc, L"ROOT\\WMI", NULL, NULL,
+ 0, 0, 0, 0, &events->pSvc);
+ if (FAILED(hr)) {
+ wpa_printf(MSG_ERROR, "Could not connect to server - error "
+ "0x%x", (int) hr);
+ CoUninitialize();
+ os_free(events->adapter_desc);
+ os_free(events);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "Connected to ROOT\\WMI.");
+
+ ndis_events_constructor(events);
+ pSink = &events->sink;
+ pSink->lpVtbl = &events->sink_vtbl;
+ events->sink_vtbl.QueryInterface = ndis_events_query_interface;
+ events->sink_vtbl.AddRef = ndis_events_add_ref;
+ events->sink_vtbl.Release = ndis_events_release;
+ events->sink_vtbl.Indicate = ndis_events_indicate;
+ events->sink_vtbl.SetStatus = ndis_events_set_status;
+
+ if (register_async_notification(pSink, events->pSvc) < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to register async "
+ "notifications");
+ ndis_events_destructor(events);
+ os_free(events->adapter_desc);
+ os_free(events);
+ return NULL;
+ }
+
+ *read_pipe = events->read_pipe;
+ *event_avail = events->event_avail;
+
+ return events;
+}
--- /dev/null
+# Makefile for Microsoft nmake to build wpa_supplicant
+
+# This can be run in Visual Studio 2005 Command Prompt
+
+# Note: Make sure that cl.exe is configured to include Platform SDK
+# include and lib directories (vsvars32.bat)
+
+all: wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe wpasvc.exe win_if_list.exe
+
+# Root directory for WinPcap developer's pack
+# (http://www.winpcap.org/install/bin/WpdPack_3_1.zip)
+WINPCAPDIR=C:\dev\WpdPack
+
+# Root directory for OpenSSL
+# (http://www.openssl.org/source/openssl-0.9.8a.tar.gz)
+# Build and installed following instructions in INSTALL.W32
+# Note: If EAP-FAST is included in the build, OpenSSL needs to be patched to
+# support it (openssl-tls-extensions.patch)
+# Alternatively, see README-Windows.txt for information about binary
+# installation package for OpenSSL.
+OPENSSLDIR=C:\dev\openssl
+
+CC = cl
+OBJDIR = objs
+
+CFLAGS = /DCONFIG_NATIVE_WINDOWS
+CFLAGS = $(CFLAGS) /DCONFIG_NDIS_EVENTS_INTEGRATED
+CFLAGS = $(CFLAGS) /DCONFIG_ANSI_C_EXTRA
+CFLAGS = $(CFLAGS) /DCONFIG_WINPCAP
+CFLAGS = $(CFLAGS) /DIEEE8021X_EAPOL
+CFLAGS = $(CFLAGS) /DEAP_TLS_FUNCS
+CFLAGS = $(CFLAGS) /DPKCS12_FUNCS
+CFLAGS = $(CFLAGS) /DEAP_MD5
+CFLAGS = $(CFLAGS) /DEAP_TLS
+CFLAGS = $(CFLAGS) /DEAP_MSCHAPv2
+CFLAGS = $(CFLAGS) /DEAP_PEAP
+CFLAGS = $(CFLAGS) /DEAP_TTLS
+CFLAGS = $(CFLAGS) /DEAP_GTC
+CFLAGS = $(CFLAGS) /DEAP_OTP
+CFLAGS = $(CFLAGS) /DEAP_SIM
+CFLAGS = $(CFLAGS) /DEAP_LEAP
+CFLAGS = $(CFLAGS) /DEAP_PSK
+CFLAGS = $(CFLAGS) /DEAP_AKA
+#CFLAGS = $(CFLAGS) /DEAP_FAST
+CFLAGS = $(CFLAGS) /DEAP_PAX
+CFLAGS = $(CFLAGS) /DPCSC_FUNCS
+CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE
+CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE_NAMED_PIPE
+CFLAGS = $(CFLAGS) /DCONFIG_DRIVER_NDIS
+CFLAGS = $(CFLAGS) /I..\hostapd /I.
+CFLAGS = $(CFLAGS) /DWIN32
+CFLAGS = $(CFLAGS) /Fo$(OBJDIR)\\ /c
+CFLAGS = $(CFLAGS) /W3
+
+#CFLAGS = $(CFLAGS) /WX
+
+# VS 2005 complains about lot of deprecated string functions; let's ignore them
+# at least for now since snprintf and strncpy can be used in a safe way
+CFLAGS = $(CFLAGS) /D_CRT_SECURE_NO_DEPRECATE
+
+OBJS = \
+ $(OBJDIR)\os_win32.obj \
+ $(OBJDIR)\eloop_win.obj \
+ $(OBJDIR)\sha1.obj \
+ $(OBJDIR)\md5.obj \
+ $(OBJDIR)\rc4.obj \
+ $(OBJDIR)\aes_wrap.obj \
+ $(OBJDIR)\common.obj \
+ $(OBJDIR)\wpa_supplicant.obj \
+ $(OBJDIR)\wpa.obj \
+ $(OBJDIR)\preauth.obj \
+ $(OBJDIR)\pmksa_cache.obj \
+ $(OBJDIR)\eapol_sm.obj \
+ $(OBJDIR)\eap.obj \
+ $(OBJDIR)\eap_methods.obj \
+ $(OBJDIR)\eap_tlv.obj \
+ $(OBJDIR)\eap_md5.obj \
+ $(OBJDIR)\eap_tls.obj \
+ $(OBJDIR)\eap_tls_common.obj \
+ $(OBJDIR)\eap_mschapv2.obj \
+ $(OBJDIR)\eap_peap.obj \
+ $(OBJDIR)\eap_ttls.obj \
+ $(OBJDIR)\eap_gtc.obj \
+ $(OBJDIR)\eap_otp.obj \
+ $(OBJDIR)\eap_leap.obj \
+ $(OBJDIR)\eap_sim.obj \
+ $(OBJDIR)\eap_sim_common.obj \
+ $(OBJDIR)\eap_aka.obj \
+ $(OBJDIR)\eap_pax.obj \
+ $(OBJDIR)\eap_pax_common.obj \
+ $(OBJDIR)\eap_psk.obj \
+ $(OBJDIR)\eap_psk_common.obj \
+ $(OBJDIR)\ctrl_iface.obj \
+ $(OBJDIR)\ctrl_iface_named_pipe.obj \
+ $(OBJDIR)\driver_ndis.obj \
+ $(OBJDIR)\driver_ndis_.obj \
+ $(OBJDIR)\events.obj \
+ $(OBJDIR)\config.obj \
+ $(OBJDIR)\l2_packet_winpcap.obj \
+ $(OBJDIR)\tls_openssl.obj \
+ $(OBJDIR)\ms_funcs.obj \
+ $(OBJDIR)\crypto.obj \
+ $(OBJDIR)\pcsc_funcs.obj \
+ $(OBJDIR)\ndis_events.obj
+
+# OBJS = $(OBJS) $(OBJDIR)\eap_fast.obj
+
+OBJS_t = $(OBJS) \
+ $(OBJDIR)\eapol_test.obj \
+ $(OBJDIR)\radius.obj \
+ $(OBJDIR)\radius_client.obj \
+ $(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj
+
+OBJS_t2 = $(OBJS) \
+ $(OBJDIR)\preauth_test.obj \
+ $(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj
+
+OBJS2 = $(OBJDIR)\drivers.obj \
+ $(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj \
+ $(OBJS2) $(OBJDIR)\main.obj
+
+OBJS3 = $(OBJDIR)\drivers.obj \
+ $(OBJDIR)\config_winreg.obj \
+ $(OBJS3) $(OBJDIR)\main_winsvc.obj
+
+OBJS_c = \
+ $(OBJDIR)\os_win32.obj \
+ $(OBJDIR)\wpa_cli.obj \
+ $(OBJDIR)\wpa_ctrl.obj \
+ $(OBJDIR)\common.obj
+
+OBJS_p = \
+ $(OBJDIR)\os_win32.obj \
+ $(OBJDIR)\common.obj \
+ $(OBJDIR)\sha1.obj \
+ $(OBJDIR)\md5.obj \
+ $(OBJDIR)\crypto.obj \
+ $(OBJDIR)\wpa_passphrase.obj
+
+LIBS = wbemuuid.lib libcmt.lib kernel32.lib uuid.lib ole32.lib oleaut32.lib \
+ ws2_32.lib Advapi32.lib Crypt32.lib Winscard.lib \
+ Packet.lib wpcap.lib \
+ libeay32.lib ssleay32.lib
+# If using Win32 OpenSSL binary installation from Shining Light Productions,
+# replace the last line with this for dynamic libraries
+# libeay32MT.lib ssleay32MT.lib
+# and this for static libraries
+# libeay32MT.lib ssleay32MT.lib Gdi32.lib User32.lib
+
+CFLAGS = $(CFLAGS) /I"$(WINPCAPDIR)/Include" /I"$(OPENSSLDIR)\include"
+LFLAGS = /libpath:"$(WINPCAPDIR)\Lib" /libpath:"$(OPENSSLDIR)\lib"
+
+wpa_supplicant.exe: $(OBJDIR) $(OBJS) $(OBJS2)
+ link.exe /out:wpa_supplicant.exe $(LFLAGS) $(OBJS) $(OBJS2) $(LIBS)
+
+wpasvc.exe: $(OBJDIR) $(OBJS) $(OBJS3)
+ link.exe /out:wpasvc.exe $(LFLAGS) $(OBJS) $(OBJS3) $(LIBS)
+
+wpa_cli.exe: $(OBJDIR) $(OBJS_c)
+ link.exe /out:wpa_cli.exe $(LFLAGS) $(OBJS_c) $(LIBS)
+
+wpa_passphrase.exe: $(OBJDIR) $(OBJS_p)
+ link.exe /out:wpa_passphrase.exe $(LFLAGS) $(OBJS_p) $(LIBS)
+
+eapol_test.exe: $(OBJDIR) $(OBJS_t)
+ link.exe /out:eapol_test.exe $(LFLAGS) $(OBJS_t) $(LIBS)
+
+preauth_test.exe: $(OBJDIR) $(OBJS_t2)
+ link.exe /out:preauth_test.exe $(LFLAGS) $(OBJS_t2) $(LIBS)
+
+win_if_list.exe: $(OBJDIR) $(OBJDIR)\win_if_list.obj
+ link.exe /out:win_if_list.exe $(LFLAGS) $(OBJDIR)\win_if_list.obj $(LIBS)
+
+
+{..\hostapd}.c{$(OBJDIR)}.obj::
+ $(CC) $(CFLAGS) $<
+
+{.\}.c{$(OBJDIR)}.obj::
+ $(CC) $(CFLAGS) $<
+
+{.\}.cpp{$(OBJDIR)}.obj::
+ $(CC) $(CFLAGS) $<
+
+$(OBJDIR):
+ if not exist "$(OBJDIR)" mkdir "$(OBJDIR)"
+
+clean:
+ erase $(OBJDIR)\*.obj wpa_supplicant.exe
--- /dev/null
+This patch is adding support for TLS hello extensions and externally
+generated pre-shared key material to OpenSSL 0.9.8d. This is
+based on the patch from Alexey Kobozev <akobozev@cisco.com>
+(sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300).
+
+
+
+diff -uprN openssl-0.9.8d.orig/include/openssl/ssl.h openssl-0.9.8d/include/openssl/ssl.h
+--- openssl-0.9.8d.orig/include/openssl/ssl.h 2006-06-14 06:52:49.000000000 -0700
++++ openssl-0.9.8d/include/openssl/ssl.h 2006-12-10 08:20:02.000000000 -0800
+@@ -345,6 +345,7 @@ extern "C" {
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+ typedef struct ssl_st *ssl_crock_st;
++typedef struct tls_extension_st TLS_EXTENSION;
+
+ /* used to hold info on the particular ciphers used */
+ typedef struct ssl_cipher_st
+@@ -366,6 +367,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
+ typedef struct ssl_st SSL;
+ typedef struct ssl_ctx_st SSL_CTX;
+
++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
++
+ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+ typedef struct ssl_method_st
+ {
+@@ -973,6 +976,15 @@ struct ssl_st
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
++
++ /* TLS externsions */
++ TLS_EXTENSION *tls_extension;
++ int (*tls_extension_cb)(SSL *s, TLS_EXTENSION *tls_ext, void *arg);
++ void *tls_extension_cb_arg;
++
++ /* TLS pre-shared secret session resumption */
++ tls_session_secret_cb_fn tls_session_secret_cb;
++ void *tls_session_secret_cb_arg;
+ };
+
+ #ifdef __cplusplus
+@@ -1538,6 +1550,13 @@ void *SSL_COMP_get_compression_methods(v
+ int SSL_COMP_add_compression_method(int id,void *cm);
+ #endif
+
++/* TLS extensions functions */
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg);
++
++/* Pre-shared secret session resumption functions */
++int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+@@ -1719,6 +1738,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_TLS1_ENC 210
+ #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+ #define SSL_F_WRITE_PENDING 212
++#define SSL_F_SSL_SET_HELLO_EXTENSION 213
+
+ /* Reason codes. */
+ #define SSL_R_APP_DATA_IN_HANDSHAKE 100
+diff -uprN openssl-0.9.8d.orig/include/openssl/tls1.h openssl-0.9.8d/include/openssl/tls1.h
+--- openssl-0.9.8d.orig/include/openssl/tls1.h 2006-06-14 10:52:01.000000000 -0700
++++ openssl-0.9.8d/include/openssl/tls1.h 2006-12-10 08:20:02.000000000 -0800
+@@ -296,6 +296,14 @@ extern "C" {
+ #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
+ #endif
+
++/* TLS extension struct */
++struct tls_extension_st
++{
++ unsigned short type;
++ unsigned short length;
++ void *data;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff -uprN openssl-0.9.8d.orig/ssl/Makefile openssl-0.9.8d/ssl/Makefile
+--- openssl-0.9.8d.orig/ssl/Makefile 2006-02-03 17:49:35.000000000 -0800
++++ openssl-0.9.8d/ssl/Makefile 2006-12-10 08:20:02.000000000 -0800
+@@ -24,7 +24,7 @@ LIBSRC= \
+ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
+ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
+ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
++ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \
+ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+ d1_both.c d1_enc.c \
+ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+@@ -35,7 +35,7 @@ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
+ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
++ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \
+ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
+ d1_both.o d1_enc.o \
+ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+@@ -968,3 +968,4 @@ t1_srvr.o: ../include/openssl/ssl23.h ..
+ t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
++t1_ext.o: t1_ext.c ssl_locl.h
+diff -uprN openssl-0.9.8d.orig/ssl/s3_clnt.c openssl-0.9.8d/ssl/s3_clnt.c
+--- openssl-0.9.8d.orig/ssl/s3_clnt.c 2005-12-12 23:41:46.000000000 -0800
++++ openssl-0.9.8d/ssl/s3_clnt.c 2006-12-10 08:20:02.000000000 -0800
+@@ -601,6 +601,20 @@ int ssl3_client_hello(SSL *s)
+ #endif
+ *(p++)=0; /* Add the NULL method */
+
++ /* send client hello extensions if any */
++ if (s->version >= TLS1_VERSION && s->tls_extension)
++ {
++ // set the total extensions length
++ s2n(s->tls_extension->length + 4, p);
++
++ // put the extensions with type and length
++ s2n(s->tls_extension->type, p);
++ s2n(s->tls_extension->length, p);
++
++ memcpy(p, s->tls_extension->data, s->tls_extension->length);
++ p+=s->tls_extension->length;
++ }
++
+ l=(p-d);
+ d=buf;
+ *(d++)=SSL3_MT_CLIENT_HELLO;
+@@ -623,7 +637,7 @@ int ssl3_get_server_hello(SSL *s)
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ unsigned char *p,*d;
+- int i,al,ok;
++ int i,al,ok,pre_shared;
+ unsigned int j;
+ long n;
+ #ifndef OPENSSL_NO_COMP
+@@ -690,7 +704,24 @@ int ssl3_get_server_hello(SSL *s)
+ goto f_err;
+ }
+
+- if (j != 0 && j == s->session->session_id_length
++ /* check if we want to resume the session based on external pre-shared secret */
++ pre_shared = 0;
++ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ NULL, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j);
++ s->session->session_id_length = j;
++ memcpy(s->session->session_id, p, j);
++ pre_shared = 1;
++ }
++ }
++
++ if ((pre_shared || j != 0) && j == s->session->session_id_length
+ && memcmp(p,s->session->session_id,j) == 0)
+ {
+ if(s->sid_ctx_length != s->session->sid_ctx_length
+diff -uprN openssl-0.9.8d.orig/ssl/s3_srvr.c openssl-0.9.8d/ssl/s3_srvr.c
+--- openssl-0.9.8d.orig/ssl/s3_srvr.c 2006-09-28 04:29:03.000000000 -0700
++++ openssl-0.9.8d/ssl/s3_srvr.c 2006-12-10 08:20:02.000000000 -0800
+@@ -943,6 +943,75 @@ int ssl3_get_client_hello(SSL *s)
+ }
+ #endif
+
++ /* Check for TLS client hello extension here */
++ if (p < (d+n) && s->version >= TLS1_VERSION)
++ {
++ if (s->tls_extension_cb)
++ {
++ TLS_EXTENSION tls_ext;
++ unsigned short ext_total_len;
++
++ n2s(p, ext_total_len);
++ n2s(p, tls_ext.type);
++ n2s(p, tls_ext.length);
++
++ // sanity check in TLS extension len
++ if (tls_ext.length > (d+n) - p)
++ {
++ // just cut the lenth to packet border
++ tls_ext.length = (d+n) - p;
++ }
++
++ tls_ext.data = p;
++
++ // returns an alert code or 0
++ al = s->tls_extension_cb(s, &tls_ext, s->tls_extension_cb_arg);
++ if (al != 0)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
++ goto f_err;
++ }
++ }
++ }
++
++ /* Check if we want to use external pre-shared secret for this handshake */
++ /* for not reused session only */
++ if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->ciphers=ciphers;
++ s->session->verify_result=X509_V_OK;
++
++ ciphers=NULL;
++
++ /* check if some cipher was preferred by call back */
++ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
++ if (pref_cipher == NULL)
++ {
++ al=SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
++ goto f_err;
++ }
++
++ s->session->cipher=pref_cipher;
++
++ if (s->cipher_list)
++ sk_SSL_CIPHER_free(s->cipher_list);
++
++ if (s->cipher_list_by_id)
++ sk_SSL_CIPHER_free(s->cipher_list_by_id);
++
++ s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
++ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
++ }
++ }
++
+ /* Given s->session->ciphers and SSL_get_ciphers, we must
+ * pick a cipher */
+
+diff -uprN openssl-0.9.8d.orig/ssl/ssl.h openssl-0.9.8d/ssl/ssl.h
+--- openssl-0.9.8d.orig/ssl/ssl.h 2006-06-14 06:52:49.000000000 -0700
++++ openssl-0.9.8d/ssl/ssl.h 2006-12-10 08:20:02.000000000 -0800
+@@ -345,6 +345,7 @@ extern "C" {
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+ typedef struct ssl_st *ssl_crock_st;
++typedef struct tls_extension_st TLS_EXTENSION;
+
+ /* used to hold info on the particular ciphers used */
+ typedef struct ssl_cipher_st
+@@ -366,6 +367,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
+ typedef struct ssl_st SSL;
+ typedef struct ssl_ctx_st SSL_CTX;
+
++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
++
+ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+ typedef struct ssl_method_st
+ {
+@@ -973,6 +976,15 @@ struct ssl_st
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
++
++ /* TLS externsions */
++ TLS_EXTENSION *tls_extension;
++ int (*tls_extension_cb)(SSL *s, TLS_EXTENSION *tls_ext, void *arg);
++ void *tls_extension_cb_arg;
++
++ /* TLS pre-shared secret session resumption */
++ tls_session_secret_cb_fn tls_session_secret_cb;
++ void *tls_session_secret_cb_arg;
+ };
+
+ #ifdef __cplusplus
+@@ -1538,6 +1550,13 @@ void *SSL_COMP_get_compression_methods(v
+ int SSL_COMP_add_compression_method(int id,void *cm);
+ #endif
+
++/* TLS extensions functions */
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg);
++
++/* Pre-shared secret session resumption functions */
++int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+@@ -1719,6 +1738,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_TLS1_ENC 210
+ #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+ #define SSL_F_WRITE_PENDING 212
++#define SSL_F_SSL_SET_HELLO_EXTENSION 213
+
+ /* Reason codes. */
+ #define SSL_R_APP_DATA_IN_HANDSHAKE 100
+diff -uprN openssl-0.9.8d.orig/ssl/ssl_err.c openssl-0.9.8d/ssl/ssl_err.c
+--- openssl-0.9.8d.orig/ssl/ssl_err.c 2006-01-08 13:52:46.000000000 -0800
++++ openssl-0.9.8d/ssl/ssl_err.c 2006-12-10 08:20:02.000000000 -0800
+@@ -242,6 +242,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+ {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
++{ERR_FUNC(SSL_F_SSL_SET_HELLO_EXTENSION), "SSL_set_hello_extension"},
+ {0,NULL}
+ };
+
+diff -uprN openssl-0.9.8d.orig/ssl/ssl_sess.c openssl-0.9.8d/ssl/ssl_sess.c
+--- openssl-0.9.8d.orig/ssl/ssl_sess.c 2005-12-30 15:51:57.000000000 -0800
++++ openssl-0.9.8d/ssl/ssl_sess.c 2006-12-10 08:20:02.000000000 -0800
+@@ -656,6 +656,15 @@ long SSL_CTX_get_timeout(const SSL_CTX *
+ return(s->session_timeout);
+ }
+
++int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
++ STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
++{
++ if (s == NULL) return(0);
++ s->tls_session_secret_cb = tls_session_secret_cb;
++ s->tls_session_secret_cb_arg = arg;
++ return(1);
++}
++
+ typedef struct timeout_param_st
+ {
+ SSL_CTX *ctx;
+diff -uprN openssl-0.9.8d.orig/ssl/t1_ext.c openssl-0.9.8d/ssl/t1_ext.c
+--- openssl-0.9.8d.orig/ssl/t1_ext.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl-0.9.8d/ssl/t1_ext.c 2006-12-10 08:20:02.000000000 -0800
+@@ -0,0 +1,48 @@
++
++#include <stdio.h>
++#include "ssl_locl.h"
++
++
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ s->tls_extension = NULL;
++ }
++
++ if(ext_data)
++ {
++ s->tls_extension = OPENSSL_malloc(sizeof(TLS_EXTENSION) + ext_len);
++ if(!s->tls_extension)
++ {
++ SSLerr(SSL_F_SSL_SET_HELLO_EXTENSION, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++
++ s->tls_extension->type = ext_type;
++ s->tls_extension->length = ext_len;
++ s->tls_extension->data = s->tls_extension + 1;
++ memcpy(s->tls_extension->data, ext_data, ext_len);
++ }
++
++ return 1;
++ }
++
++ return 0;
++}
++
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ s->tls_extension_cb = cb;
++ s->tls_extension_cb_arg = arg;
++
++ return 1;
++ }
++
++ return 0;
++}
+diff -uprN openssl-0.9.8d.orig/ssl/t1_lib.c openssl-0.9.8d/ssl/t1_lib.c
+--- openssl-0.9.8d.orig/ssl/t1_lib.c 2005-08-05 16:52:07.000000000 -0700
++++ openssl-0.9.8d/ssl/t1_lib.c 2006-12-10 08:20:02.000000000 -0800
+@@ -97,6 +97,10 @@ int tls1_new(SSL *s)
+
+ void tls1_free(SSL *s)
+ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ }
+ ssl3_free(s);
+ }
+
+diff -uprN openssl-0.9.8d.orig/ssl/tls1.h openssl-0.9.8d/ssl/tls1.h
+--- openssl-0.9.8d.orig/ssl/tls1.h 2006-06-14 10:52:01.000000000 -0700
++++ openssl-0.9.8d/ssl/tls1.h 2006-12-10 08:20:02.000000000 -0800
+@@ -296,6 +296,14 @@ extern "C" {
+ #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
+ #endif
+
++/* TLS extension struct */
++struct tls_extension_st
++{
++ unsigned short type;
++ unsigned short length;
++ void *data;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff -uprN openssl-0.9.8d.orig/util/ssleay.num openssl-0.9.8d/util/ssleay.num
+--- openssl-0.9.8d.orig/util/ssleay.num 2005-05-08 17:22:02.000000000 -0700
++++ openssl-0.9.8d/util/ssleay.num 2006-12-10 08:20:02.000000000 -0800
+@@ -226,3 +226,6 @@ DTLSv1_server_method
+ SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP
+ SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP
+ SSL_SESSION_get_id 277 EXIST::FUNCTION:
++SSL_set_hello_extension 278 EXIST::FUNCTION:
++SSL_set_hello_extension_cb 279 EXIST::FUNCTION:
++SSL_set_session_secret_cb 280 EXIST::FUNCTION:
--- /dev/null
+This patch is adding support for TLS hello extensions and externally
+generated pre-shared key material to OpenSSL 0.9.8e. This is
+based on the patch from Alexey Kobozev <akobozev@cisco.com>
+(sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300).
+
+
+
+diff -uprN openssl-0.9.8e.orig/ssl/Makefile openssl-0.9.8e/ssl/Makefile
+--- openssl-0.9.8e.orig/ssl/Makefile 2006-02-03 17:49:35.000000000 -0800
++++ openssl-0.9.8e/ssl/Makefile 2007-03-22 20:23:19.000000000 -0700
+@@ -24,7 +24,7 @@ LIBSRC= \
+ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
+ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
+ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
++ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \
+ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+ d1_both.c d1_enc.c \
+ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+@@ -35,7 +35,7 @@ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
+ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
++ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \
+ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
+ d1_both.o d1_enc.o \
+ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+@@ -968,3 +968,4 @@ t1_srvr.o: ../include/openssl/ssl23.h ..
+ t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
++t1_ext.o: t1_ext.c ssl_locl.h
+diff -uprN openssl-0.9.8e.orig/ssl/s3_clnt.c openssl-0.9.8e/ssl/s3_clnt.c
+--- openssl-0.9.8e.orig/ssl/s3_clnt.c 2006-09-28 05:23:15.000000000 -0700
++++ openssl-0.9.8e/ssl/s3_clnt.c 2007-03-22 20:23:19.000000000 -0700
+@@ -601,6 +601,20 @@ int ssl3_client_hello(SSL *s)
+ #endif
+ *(p++)=0; /* Add the NULL method */
+
++ /* send client hello extensions if any */
++ if (s->version >= TLS1_VERSION && s->tls_extension)
++ {
++ // set the total extensions length
++ s2n(s->tls_extension->length + 4, p);
++
++ // put the extensions with type and length
++ s2n(s->tls_extension->type, p);
++ s2n(s->tls_extension->length, p);
++
++ memcpy(p, s->tls_extension->data, s->tls_extension->length);
++ p+=s->tls_extension->length;
++ }
++
+ l=(p-d);
+ d=buf;
+ *(d++)=SSL3_MT_CLIENT_HELLO;
+@@ -623,7 +637,7 @@ int ssl3_get_server_hello(SSL *s)
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ unsigned char *p,*d;
+- int i,al,ok;
++ int i,al,ok,pre_shared;
+ unsigned int j;
+ long n;
+ #ifndef OPENSSL_NO_COMP
+@@ -690,7 +704,24 @@ int ssl3_get_server_hello(SSL *s)
+ goto f_err;
+ }
+
+- if (j != 0 && j == s->session->session_id_length
++ /* check if we want to resume the session based on external pre-shared secret */
++ pre_shared = 0;
++ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ NULL, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j);
++ s->session->session_id_length = j;
++ memcpy(s->session->session_id, p, j);
++ pre_shared = 1;
++ }
++ }
++
++ if ((pre_shared || j != 0) && j == s->session->session_id_length
+ && memcmp(p,s->session->session_id,j) == 0)
+ {
+ if(s->sid_ctx_length != s->session->sid_ctx_length
+diff -uprN openssl-0.9.8e.orig/ssl/s3_srvr.c openssl-0.9.8e/ssl/s3_srvr.c
+--- openssl-0.9.8e.orig/ssl/s3_srvr.c 2007-02-07 12:36:40.000000000 -0800
++++ openssl-0.9.8e/ssl/s3_srvr.c 2007-03-22 20:23:19.000000000 -0700
+@@ -945,6 +945,75 @@ int ssl3_get_client_hello(SSL *s)
+ }
+ #endif
+
++ /* Check for TLS client hello extension here */
++ if (p < (d+n) && s->version >= TLS1_VERSION)
++ {
++ if (s->tls_extension_cb)
++ {
++ TLS_EXTENSION tls_ext;
++ unsigned short ext_total_len;
++
++ n2s(p, ext_total_len);
++ n2s(p, tls_ext.type);
++ n2s(p, tls_ext.length);
++
++ // sanity check in TLS extension len
++ if (tls_ext.length > (d+n) - p)
++ {
++ // just cut the lenth to packet border
++ tls_ext.length = (d+n) - p;
++ }
++
++ tls_ext.data = p;
++
++ // returns an alert code or 0
++ al = s->tls_extension_cb(s, &tls_ext, s->tls_extension_cb_arg);
++ if (al != 0)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
++ goto f_err;
++ }
++ }
++ }
++
++ /* Check if we want to use external pre-shared secret for this handshake */
++ /* for not reused session only */
++ if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->ciphers=ciphers;
++ s->session->verify_result=X509_V_OK;
++
++ ciphers=NULL;
++
++ /* check if some cipher was preferred by call back */
++ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
++ if (pref_cipher == NULL)
++ {
++ al=SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
++ goto f_err;
++ }
++
++ s->session->cipher=pref_cipher;
++
++ if (s->cipher_list)
++ sk_SSL_CIPHER_free(s->cipher_list);
++
++ if (s->cipher_list_by_id)
++ sk_SSL_CIPHER_free(s->cipher_list_by_id);
++
++ s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
++ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
++ }
++ }
++
+ /* Given s->session->ciphers and SSL_get_ciphers, we must
+ * pick a cipher */
+
+diff -uprN openssl-0.9.8e.orig/ssl/ssl.h openssl-0.9.8e/ssl/ssl.h
+--- openssl-0.9.8e.orig/ssl/ssl.h 2007-02-19 09:55:07.000000000 -0800
++++ openssl-0.9.8e/ssl/ssl.h 2007-03-22 20:23:19.000000000 -0700
+@@ -345,6 +345,7 @@ extern "C" {
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+ typedef struct ssl_st *ssl_crock_st;
++typedef struct tls_extension_st TLS_EXTENSION;
+
+ /* used to hold info on the particular ciphers used */
+ typedef struct ssl_cipher_st
+@@ -366,6 +367,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
+ typedef struct ssl_st SSL;
+ typedef struct ssl_ctx_st SSL_CTX;
+
++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
++
+ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+ typedef struct ssl_method_st
+ {
+@@ -973,6 +976,15 @@ struct ssl_st
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
++
++ /* TLS externsions */
++ TLS_EXTENSION *tls_extension;
++ int (*tls_extension_cb)(SSL *s, TLS_EXTENSION *tls_ext, void *arg);
++ void *tls_extension_cb_arg;
++
++ /* TLS pre-shared secret session resumption */
++ tls_session_secret_cb_fn tls_session_secret_cb;
++ void *tls_session_secret_cb_arg;
+ };
+
+ #ifdef __cplusplus
+@@ -1538,6 +1550,13 @@ void *SSL_COMP_get_compression_methods(v
+ int SSL_COMP_add_compression_method(int id,void *cm);
+ #endif
+
++/* TLS extensions functions */
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg);
++
++/* Pre-shared secret session resumption functions */
++int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+@@ -1719,6 +1738,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_TLS1_ENC 210
+ #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+ #define SSL_F_WRITE_PENDING 212
++#define SSL_F_SSL_SET_HELLO_EXTENSION 213
+
+ /* Reason codes. */
+ #define SSL_R_APP_DATA_IN_HANDSHAKE 100
+diff -uprN openssl-0.9.8e.orig/ssl/ssl_err.c openssl-0.9.8e/ssl/ssl_err.c
+--- openssl-0.9.8e.orig/ssl/ssl_err.c 2006-11-21 12:14:46.000000000 -0800
++++ openssl-0.9.8e/ssl/ssl_err.c 2007-03-22 20:23:19.000000000 -0700
+@@ -242,6 +242,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+ {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
++{ERR_FUNC(SSL_F_SSL_SET_HELLO_EXTENSION), "SSL_set_hello_extension"},
+ {0,NULL}
+ };
+
+diff -uprN openssl-0.9.8e.orig/ssl/ssl_sess.c openssl-0.9.8e/ssl/ssl_sess.c
+--- openssl-0.9.8e.orig/ssl/ssl_sess.c 2007-02-10 02:40:24.000000000 -0800
++++ openssl-0.9.8e/ssl/ssl_sess.c 2007-03-22 20:23:19.000000000 -0700
+@@ -656,6 +656,15 @@ long SSL_CTX_get_timeout(const SSL_CTX *
+ return(s->session_timeout);
+ }
+
++int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
++ STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
++{
++ if (s == NULL) return(0);
++ s->tls_session_secret_cb = tls_session_secret_cb;
++ s->tls_session_secret_cb_arg = arg;
++ return(1);
++}
++
+ typedef struct timeout_param_st
+ {
+ SSL_CTX *ctx;
+diff -uprN openssl-0.9.8e.orig/ssl/t1_ext.c openssl-0.9.8e/ssl/t1_ext.c
+--- openssl-0.9.8e.orig/ssl/t1_ext.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl-0.9.8e/ssl/t1_ext.c 2007-03-22 20:23:19.000000000 -0700
+@@ -0,0 +1,48 @@
++
++#include <stdio.h>
++#include "ssl_locl.h"
++
++
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ s->tls_extension = NULL;
++ }
++
++ if(ext_data)
++ {
++ s->tls_extension = OPENSSL_malloc(sizeof(TLS_EXTENSION) + ext_len);
++ if(!s->tls_extension)
++ {
++ SSLerr(SSL_F_SSL_SET_HELLO_EXTENSION, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++
++ s->tls_extension->type = ext_type;
++ s->tls_extension->length = ext_len;
++ s->tls_extension->data = s->tls_extension + 1;
++ memcpy(s->tls_extension->data, ext_data, ext_len);
++ }
++
++ return 1;
++ }
++
++ return 0;
++}
++
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ s->tls_extension_cb = cb;
++ s->tls_extension_cb_arg = arg;
++
++ return 1;
++ }
++
++ return 0;
++}
+diff -uprN openssl-0.9.8e.orig/ssl/t1_lib.c openssl-0.9.8e/ssl/t1_lib.c
+--- openssl-0.9.8e.orig/ssl/t1_lib.c 2007-01-21 08:07:25.000000000 -0800
++++ openssl-0.9.8e/ssl/t1_lib.c 2007-03-22 20:23:19.000000000 -0700
+@@ -97,6 +97,10 @@ int tls1_new(SSL *s)
+
+ void tls1_free(SSL *s)
+ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ }
+ ssl3_free(s);
+ }
+
+diff -uprN openssl-0.9.8e.orig/ssl/tls1.h openssl-0.9.8e/ssl/tls1.h
+--- openssl-0.9.8e.orig/ssl/tls1.h 2006-06-14 10:52:01.000000000 -0700
++++ openssl-0.9.8e/ssl/tls1.h 2007-03-22 20:23:19.000000000 -0700
+@@ -296,6 +296,14 @@ extern "C" {
+ #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
+ #endif
+
++/* TLS extension struct */
++struct tls_extension_st
++{
++ unsigned short type;
++ unsigned short length;
++ void *data;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff -uprN openssl-0.9.8e.orig/util/ssleay.num openssl-0.9.8e/util/ssleay.num
+--- openssl-0.9.8e.orig/util/ssleay.num 2006-11-30 05:04:43.000000000 -0800
++++ openssl-0.9.8e/util/ssleay.num 2007-03-22 20:24:07.000000000 -0700
+@@ -238,3 +238,6 @@ SSL_CTX_set_info_callback
+ SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION:
+ SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION:
+ SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION:
++SSL_set_hello_extension 290 EXIST::FUNCTION:
++SSL_set_hello_extension_cb 291 EXIST::FUNCTION:
++SSL_set_session_secret_cb 292 EXIST::FUNCTION:
--- /dev/null
+This patch is adding support for TLS hello extensions and externally
+generated pre-shared key material to OpenSSL 0.9.8. This is
+based on the patch from Alexey Kobozev <akobozev@cisco.com>
+(sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300).
+
+
+
+diff -uprN openssl-0.9.8.orig/include/openssl/ssl.h openssl-0.9.8/include/openssl/ssl.h
+--- openssl-0.9.8.orig/include/openssl/ssl.h 2005-06-10 12:51:16.000000000 -0700
++++ openssl-0.9.8/include/openssl/ssl.h 2005-07-19 20:02:15.000000000 -0700
+@@ -340,6 +340,7 @@ extern "C" {
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+ typedef struct ssl_st *ssl_crock_st;
++typedef struct tls_extension_st TLS_EXTENSION;
+
+ /* used to hold info on the particular ciphers used */
+ typedef struct ssl_cipher_st
+@@ -361,6 +362,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
+ typedef struct ssl_st SSL;
+ typedef struct ssl_ctx_st SSL_CTX;
+
++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
++
+ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+ typedef struct ssl_method_st
+ {
+@@ -968,6 +971,15 @@ struct ssl_st
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
++
++ /* TLS externsions */
++ TLS_EXTENSION *tls_extension;
++ int (*tls_extension_cb)(SSL *s, TLS_EXTENSION *tls_ext, void *arg);
++ void *tls_extension_cb_arg;
++
++ /* TLS pre-shared secret session resumption */
++ tls_session_secret_cb_fn tls_session_secret_cb;
++ void *tls_session_secret_cb_arg;
+ };
+
+ #ifdef __cplusplus
+@@ -1533,6 +1545,13 @@ void *SSL_COMP_get_compression_methods(v
+ int SSL_COMP_add_compression_method(int id,void *cm);
+ #endif
+
++/* TLS extensions functions */
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg);
++
++/* Pre-shared secret session resumption functions */
++int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+@@ -1714,6 +1733,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_TLS1_ENC 210
+ #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+ #define SSL_F_WRITE_PENDING 212
++#define SSL_F_SSL_SET_HELLO_EXTENSION 213
+
+ /* Reason codes. */
+ #define SSL_R_APP_DATA_IN_HANDSHAKE 100
+diff -uprN openssl-0.9.8.orig/include/openssl/tls1.h openssl-0.9.8/include/openssl/tls1.h
+--- openssl-0.9.8.orig/include/openssl/tls1.h 2003-07-22 05:34:21.000000000 -0700
++++ openssl-0.9.8/include/openssl/tls1.h 2005-07-19 20:02:15.000000000 -0700
+@@ -282,6 +282,14 @@ extern "C" {
+ #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
+ #endif
+
++/* TLS extension struct */
++struct tls_extension_st
++{
++ unsigned short type;
++ unsigned short length;
++ void *data;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff -uprN openssl-0.9.8.orig/ssl/Makefile openssl-0.9.8/ssl/Makefile
+--- openssl-0.9.8.orig/ssl/Makefile 2005-05-30 16:20:30.000000000 -0700
++++ openssl-0.9.8/ssl/Makefile 2005-07-19 20:02:15.000000000 -0700
+@@ -24,7 +24,7 @@ LIBSRC= \
+ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
+ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
+ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
++ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \
+ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+ d1_both.c d1_enc.c \
+ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+@@ -35,7 +35,7 @@ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
+ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
++ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \
+ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
+ d1_both.o d1_enc.o \
+ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+@@ -968,3 +968,4 @@ t1_srvr.o: ../include/openssl/ssl23.h ..
+ t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
++t1_ext.o: t1_ext.c ssl_locl.h
+diff -uprN openssl-0.9.8.orig/ssl/s3_clnt.c openssl-0.9.8/ssl/s3_clnt.c
+--- openssl-0.9.8.orig/ssl/s3_clnt.c 2005-05-16 03:11:03.000000000 -0700
++++ openssl-0.9.8/ssl/s3_clnt.c 2005-07-19 20:02:15.000000000 -0700
+@@ -606,6 +606,20 @@ int ssl3_client_hello(SSL *s)
+ }
+ *(p++)=0; /* Add the NULL method */
+
++ /* send client hello extensions if any */
++ if (s->version >= TLS1_VERSION && s->tls_extension)
++ {
++ // set the total extensions length
++ s2n(s->tls_extension->length + 4, p);
++
++ // put the extensions with type and length
++ s2n(s->tls_extension->type, p);
++ s2n(s->tls_extension->length, p);
++
++ memcpy(p, s->tls_extension->data, s->tls_extension->length);
++ p+=s->tls_extension->length;
++ }
++
+ l=(p-d);
+ d=buf;
+ *(d++)=SSL3_MT_CLIENT_HELLO;
+@@ -628,7 +642,7 @@ int ssl3_get_server_hello(SSL *s)
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ unsigned char *p,*d;
+- int i,al,ok;
++ int i,al,ok,pre_shared;
+ unsigned int j;
+ long n;
+ SSL_COMP *comp;
+@@ -693,7 +707,24 @@ int ssl3_get_server_hello(SSL *s)
+ goto f_err;
+ }
+
+- if (j != 0 && j == s->session->session_id_length
++ /* check if we want to resume the session based on external pre-shared secret */
++ pre_shared = 0;
++ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ NULL, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j);
++ s->session->session_id_length = j;
++ memcpy(s->session->session_id, p, j);
++ pre_shared = 1;
++ }
++ }
++
++ if ((pre_shared || j != 0) && j == s->session->session_id_length
+ && memcmp(p,s->session->session_id,j) == 0)
+ {
+ if(s->sid_ctx_length != s->session->sid_ctx_length
+diff -uprN openssl-0.9.8.orig/ssl/s3_srvr.c openssl-0.9.8/ssl/s3_srvr.c
+--- openssl-0.9.8.orig/ssl/s3_srvr.c 2005-05-22 17:32:55.000000000 -0700
++++ openssl-0.9.8/ssl/s3_srvr.c 2005-07-19 20:02:15.000000000 -0700
+@@ -955,6 +955,75 @@ int ssl3_get_client_hello(SSL *s)
+ }
+ #endif
+
++ /* Check for TLS client hello extension here */
++ if (p < (d+n) && s->version >= TLS1_VERSION)
++ {
++ if (s->tls_extension_cb)
++ {
++ TLS_EXTENSION tls_ext;
++ unsigned short ext_total_len;
++
++ n2s(p, ext_total_len);
++ n2s(p, tls_ext.type);
++ n2s(p, tls_ext.length);
++
++ // sanity check in TLS extension len
++ if (tls_ext.length > (d+n) - p)
++ {
++ // just cut the lenth to packet border
++ tls_ext.length = (d+n) - p;
++ }
++
++ tls_ext.data = p;
++
++ // returns an alert code or 0
++ al = s->tls_extension_cb(s, &tls_ext, s->tls_extension_cb_arg);
++ if (al != 0)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
++ goto f_err;
++ }
++ }
++ }
++
++ /* Check if we want to use external pre-shared secret for this handshake */
++ /* for not reused session only */
++ if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
++ {
++ SSL_CIPHER *pref_cipher=NULL;
++
++ s->session->master_key_length=sizeof(s->session->master_key);
++ if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
++ ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
++ {
++ s->hit=1;
++ s->session->ciphers=ciphers;
++ s->session->verify_result=X509_V_OK;
++
++ ciphers=NULL;
++
++ /* check if some cipher was preferred by call back */
++ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
++ if (pref_cipher == NULL)
++ {
++ al=SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
++ goto f_err;
++ }
++
++ s->session->cipher=pref_cipher;
++
++ if (s->cipher_list)
++ sk_SSL_CIPHER_free(s->cipher_list);
++
++ if (s->cipher_list_by_id)
++ sk_SSL_CIPHER_free(s->cipher_list_by_id);
++
++ s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
++ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
++ }
++ }
++
+ /* Given s->session->ciphers and SSL_get_ciphers, we must
+ * pick a cipher */
+
+diff -uprN openssl-0.9.8.orig/ssl/ssl_err.c openssl-0.9.8/ssl/ssl_err.c
+--- openssl-0.9.8.orig/ssl/ssl_err.c 2005-06-10 12:51:16.000000000 -0700
++++ openssl-0.9.8/ssl/ssl_err.c 2005-07-19 20:02:15.000000000 -0700
+@@ -242,6 +242,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+ {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
++{ERR_FUNC(SSL_F_SSL_SET_HELLO_EXTENSION), "SSL_set_hello_extension"},
+ {0,NULL}
+ };
+
+diff -uprN openssl-0.9.8.orig/ssl/ssl.h openssl-0.9.8/ssl/ssl.h
+--- openssl-0.9.8.orig/ssl/ssl.h 2005-06-10 12:51:16.000000000 -0700
++++ openssl-0.9.8/ssl/ssl.h 2005-07-19 20:02:15.000000000 -0700
+@@ -340,6 +340,7 @@ extern "C" {
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+ typedef struct ssl_st *ssl_crock_st;
++typedef struct tls_extension_st TLS_EXTENSION;
+
+ /* used to hold info on the particular ciphers used */
+ typedef struct ssl_cipher_st
+@@ -361,6 +362,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
+ typedef struct ssl_st SSL;
+ typedef struct ssl_ctx_st SSL_CTX;
+
++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
++
+ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+ typedef struct ssl_method_st
+ {
+@@ -968,6 +971,15 @@ struct ssl_st
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
++
++ /* TLS externsions */
++ TLS_EXTENSION *tls_extension;
++ int (*tls_extension_cb)(SSL *s, TLS_EXTENSION *tls_ext, void *arg);
++ void *tls_extension_cb_arg;
++
++ /* TLS pre-shared secret session resumption */
++ tls_session_secret_cb_fn tls_session_secret_cb;
++ void *tls_session_secret_cb_arg;
+ };
+
+ #ifdef __cplusplus
+@@ -1533,6 +1545,13 @@ void *SSL_COMP_get_compression_methods(v
+ int SSL_COMP_add_compression_method(int id,void *cm);
+ #endif
+
++/* TLS extensions functions */
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg);
++
++/* Pre-shared secret session resumption functions */
++int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+@@ -1714,6 +1733,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_TLS1_ENC 210
+ #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+ #define SSL_F_WRITE_PENDING 212
++#define SSL_F_SSL_SET_HELLO_EXTENSION 213
+
+ /* Reason codes. */
+ #define SSL_R_APP_DATA_IN_HANDSHAKE 100
+diff -uprN openssl-0.9.8.orig/ssl/ssl_sess.c openssl-0.9.8/ssl/ssl_sess.c
+--- openssl-0.9.8.orig/ssl/ssl_sess.c 2005-04-29 13:10:06.000000000 -0700
++++ openssl-0.9.8/ssl/ssl_sess.c 2005-07-19 20:02:15.000000000 -0700
+@@ -656,6 +656,15 @@ long SSL_CTX_get_timeout(const SSL_CTX *
+ return(s->session_timeout);
+ }
+
++int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
++ STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
++{
++ if (s == NULL) return(0);
++ s->tls_session_secret_cb = tls_session_secret_cb;
++ s->tls_session_secret_cb_arg = arg;
++ return(1);
++}
++
+ typedef struct timeout_param_st
+ {
+ SSL_CTX *ctx;
+diff -uprN openssl-0.9.8.orig/ssl/t1_ext.c openssl-0.9.8/ssl/t1_ext.c
+--- openssl-0.9.8.orig/ssl/t1_ext.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl-0.9.8/ssl/t1_ext.c 2005-07-19 20:03:29.000000000 -0700
+@@ -0,0 +1,48 @@
++
++#include <stdio.h>
++#include "ssl_locl.h"
++
++
++int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ s->tls_extension = NULL;
++ }
++
++ if(ext_data)
++ {
++ s->tls_extension = OPENSSL_malloc(sizeof(TLS_EXTENSION) + ext_len);
++ if(!s->tls_extension)
++ {
++ SSLerr(SSL_F_SSL_SET_HELLO_EXTENSION, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++
++ s->tls_extension->type = ext_type;
++ s->tls_extension->length = ext_len;
++ s->tls_extension->data = s->tls_extension + 1;
++ memcpy(s->tls_extension->data, ext_data, ext_len);
++ }
++
++ return 1;
++ }
++
++ return 0;
++}
++
++int SSL_set_hello_extension_cb(SSL *s, int (*cb)(SSL *, TLS_EXTENSION *, void *), void *arg)
++{
++ if(s->version >= TLS1_VERSION)
++ {
++ s->tls_extension_cb = cb;
++ s->tls_extension_cb_arg = arg;
++
++ return 1;
++ }
++
++ return 0;
++}
+diff -uprN openssl-0.9.8.orig/ssl/t1_lib.c openssl-0.9.8/ssl/t1_lib.c
+--- openssl-0.9.8.orig/ssl/t1_lib.c 2005-04-26 09:02:40.000000000 -0700
++++ openssl-0.9.8/ssl/t1_lib.c 2005-07-19 20:02:15.000000000 -0700
+@@ -131,6 +131,10 @@ int tls1_new(SSL *s)
+
+ void tls1_free(SSL *s)
+ {
++ if(s->tls_extension)
++ {
++ OPENSSL_free(s->tls_extension);
++ }
+ ssl3_free(s);
+ }
+
+diff -uprN openssl-0.9.8.orig/ssl/tls1.h openssl-0.9.8/ssl/tls1.h
+--- openssl-0.9.8.orig/ssl/tls1.h 2003-07-22 05:34:21.000000000 -0700
++++ openssl-0.9.8/ssl/tls1.h 2005-07-19 20:02:15.000000000 -0700
+@@ -282,6 +282,14 @@ extern "C" {
+ #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
+ #endif
+
++/* TLS extension struct */
++struct tls_extension_st
++{
++ unsigned short type;
++ unsigned short length;
++ void *data;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff -uprN openssl-0.9.8.orig/util/ssleay.num openssl-0.9.8/util/ssleay.num
+--- openssl-0.9.8.orig/util/ssleay.num 2005-05-08 17:22:02.000000000 -0700
++++ openssl-0.9.8/util/ssleay.num 2005-07-19 20:02:15.000000000 -0700
+@@ -226,3 +226,6 @@ DTLSv1_server_method
+ SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP
+ SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP
+ SSL_SESSION_get_id 277 EXIST::FUNCTION:
++SSL_set_hello_extension 278 EXIST::FUNCTION:
++SSL_set_hello_extension_cb 279 EXIST::FUNCTION:
++SSL_set_session_secret_cb 280 EXIST::FUNCTION:
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / OS specific functions
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef OS_H
+#define OS_H
+
+typedef long os_time_t;
+
+/**
+ * os_sleep - Sleep (sec, usec)
+ * @sec: Number of seconds to sleep
+ * @usec: Number of microseconds to sleep
+ */
+void os_sleep(os_time_t sec, os_time_t usec);
+
+struct os_time {
+ os_time_t sec;
+ os_time_t usec;
+};
+
+/**
+ * os_get_time - Get current time (sec, usec)
+ * @t: Pointer to buffer for the time
+ * Returns: 0 on success, -1 on failure
+ */
+int os_get_time(struct os_time *t);
+
+
+/* Helper macros for handling struct os_time */
+
+#define os_time_before(a, b) \
+ ((a)->sec < (b)->sec || \
+ ((a)->sec == (b)->sec && (a)->usec < (b)->usec))
+
+#define os_time_sub(a, b, res) do { \
+ (res)->sec = (a)->sec - (b)->sec; \
+ (res)->usec = (a)->usec - (b)->usec; \
+ if ((res)->usec < 0) { \
+ (res)->sec--; \
+ (res)->usec += 1000000; \
+ } \
+} while (0)
+
+/**
+ * os_mktime - Convert broken-down time into seconds since 1970-01-01
+ * @year: Four digit year
+ * @month: Month (1 .. 12)
+ * @day: Day of month (1 .. 31)
+ * @hour: Hour (0 .. 23)
+ * @min: Minute (0 .. 59)
+ * @sec: Second (0 .. 60)
+ * @t: Buffer for returning calendar time representation (seconds since
+ * 1970-01-01 00:00:00)
+ * Returns: 0 on success, -1 on failure
+ *
+ * Note: The result is in seconds from Epoch, i.e., in UTC, not in local time
+ * which is used by POSIX mktime().
+ */
+int os_mktime(int year, int month, int day, int hour, int min, int sec,
+ os_time_t *t);
+
+
+/**
+ * os_daemonize - Run in the background (detach from the controlling terminal)
+ * @pid_file: File name to write the process ID to or %NULL to skip this
+ * Returns: 0 on success, -1 on failure
+ */
+int os_daemonize(const char *pid_file);
+
+/**
+ * os_daemonize_terminate - Stop running in the background (remove pid file)
+ * @pid_file: File name to write the process ID to or %NULL to skip this
+ */
+void os_daemonize_terminate(const char *pid_file);
+
+/**
+ * os_get_random - Get cryptographically strong pseudo random data
+ * @buf: Buffer for pseudo random data
+ * @len: Length of the buffer
+ * Returns: 0 on success, -1 on failure
+ */
+int os_get_random(unsigned char *buf, size_t len);
+
+/**
+ * os_random - Get pseudo random value (not necessarily very strong)
+ * Returns: Pseudo random value
+ */
+unsigned long os_random(void);
+
+/**
+ * os_rel2abs_path - Get an absolute path for a file
+ * @rel_path: Relative path to a file
+ * Returns: Absolute path for the file or %NULL on failure
+ *
+ * This function tries to convert a relative path of a file to an absolute path
+ * in order for the file to be found even if current working directory has
+ * changed. The returned value is allocated and caller is responsible for
+ * freeing it. It is acceptable to just return the same path in an allocated
+ * buffer, e.g., return strdup(rel_path). This function is only used to find
+ * configuration files when os_daemonize() may have changed the current working
+ * directory and relative path would be pointing to a different location.
+ */
+char * os_rel2abs_path(const char *rel_path);
+
+/**
+ * os_program_init - Program initialization (called at start)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called when a programs starts. If there are any OS specific
+ * processing that is needed, it can be placed here. It is also acceptable to
+ * just return 0 if not special processing is needed.
+ */
+int os_program_init(void);
+
+/**
+ * os_program_deinit - Program deinitialization (called just before exit)
+ *
+ * This function is called just before a program exists. If there are any OS
+ * specific processing, e.g., freeing resourced allocated in os_program_init(),
+ * it should be done here. It is also acceptable for this function to do
+ * nothing.
+ */
+void os_program_deinit(void);
+
+/**
+ * os_setenv - Set environment variable
+ * @name: Name of the variable
+ * @value: Value to set to the variable
+ * @overwrite: Whether existing variable should be overwritten
+ * Returns: 0 on success, -1 on error
+ *
+ * This function is only used for wpa_cli action scripts. OS wrapper does not
+ * need to implement this if such functionality is not needed.
+ */
+int os_setenv(const char *name, const char *value, int overwrite);
+
+/**
+ * os_unsetenv - Delete environent variable
+ * @name: Name of the variable
+ * Returns: 0 on success, -1 on error
+ *
+ * This function is only used for wpa_cli action scripts. OS wrapper does not
+ * need to implement this if such functionality is not needed.
+ */
+int os_unsetenv(const char *name);
+
+/**
+ * os_readfile - Read a file to an allocated memory buffer
+ * @name: Name of the file to read
+ * @len: For returning the length of the allocated buffer
+ * Returns: Pointer to the allocated buffer or %NULL on failure
+ *
+ * This function allocates memory and reads the given file to this buffer. Both
+ * binary and text files can be read with this function. The caller is
+ * responsible for freeing the returned buffer with os_free().
+ */
+char * os_readfile(const char *name, size_t *len);
+
+/**
+ * os_zalloc - Allocate and zero memory
+ * @size: Number of bytes to allocate
+ * Returns: Pointer to allocated and zeroed memory or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer with os_free().
+ */
+void * os_zalloc(size_t size);
+
+
+/*
+ * The following functions are wrapper for standard ANSI C or POSIX functions.
+ * By default, they are just defined to use the standard function name and no
+ * os_*.c implementation is needed for them. This avoids extra function calls
+ * by allowing the C pre-processor take care of the function name mapping.
+ *
+ * If the target system uses a C library that does not provide these functions,
+ * build_config.h can be used to define the wrappers to use a different
+ * function name. This can be done on function-by-function basis since the
+ * defines here are only used if build_config.h does not define the os_* name.
+ * If needed, os_*.c file can be used to implement the functions that are not
+ * included in the C library on the target system. Alternatively,
+ * OS_NO_C_LIB_DEFINES can be defined to skip all defines here in which case
+ * these functions need to be implemented in os_*.c file for the target system.
+ */
+
+#ifdef OS_NO_C_LIB_DEFINES
+
+/**
+ * os_malloc - Allocate dynamic memory
+ * @size: Size of the buffer to allocate
+ * Returns: Allocated buffer or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer with os_free().
+ */
+void * os_malloc(size_t size);
+
+/**
+ * os_realloc - Re-allocate dynamic memory
+ * @ptr: Old buffer from os_malloc() or os_realloc()
+ * @size: Size of the new buffer
+ * Returns: Allocated buffer or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer with os_free().
+ * If re-allocation fails, %NULL is returned and the original buffer (ptr) is
+ * not freed and caller is still responsible for freeing it.
+ */
+void * os_realloc(void *ptr, size_t size);
+
+/**
+ * os_free - Free dynamic memory
+ * @ptr: Old buffer from os_malloc() or os_realloc(); can be %NULL
+ */
+void os_free(void *ptr);
+
+/**
+ * os_memcpy - Copy memory area
+ * @dest: Destination
+ * @src: Source
+ * @n: Number of bytes to copy
+ * Returns: dest
+ *
+ * The memory areas src and dst must not overlap. os_memmove() can be used with
+ * overlapping memory.
+ */
+void * os_memcpy(void *dest, const void *src, size_t n);
+
+/**
+ * os_memmove - Copy memory area
+ * @dest: Destination
+ * @src: Source
+ * @n: Number of bytes to copy
+ * Returns: dest
+ *
+ * The memory areas src and dst may overlap.
+ */
+void * os_memmove(void *dest, const void *src, size_t n);
+
+/**
+ * os_memset - Fill memory with a constant byte
+ * @s: Memory area to be filled
+ * @c: Constant byte
+ * @n: Number of bytes started from s to fill with c
+ * Returns: s
+ */
+void * os_memset(void *s, int c, size_t n);
+
+/**
+ * os_memcmp - Compare memory areas
+ * @s1: First buffer
+ * @s2: Second buffer
+ * @n: Maximum numbers of octets to compare
+ * Returns: An integer less than, equal to, or greater than zero if s1 is
+ * found to be less than, to match, or be greater than s2. Only first n
+ * characters will be compared.
+ */
+int os_memcmp(const void *s1, const void *s2, size_t n);
+
+/**
+ * os_strdup - Duplicate a string
+ * @s: Source string
+ * Returns: Allocated buffer with the string copied into it or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned buffer with os_free().
+ */
+char * os_strdup(const char *s);
+
+/**
+ * os_strlen - Calculate the length of a string
+ * @s: '\0' terminated string
+ * Returns: Number of characters in s (not counting the '\0' terminator)
+ */
+size_t os_strlen(const char *s);
+
+/**
+ * os_strcasecmp - Compare two strings ignoring case
+ * @s1: First string
+ * @s2: Second string
+ * Returns: An integer less than, equal to, or greater than zero if s1 is
+ * found to be less than, to match, or be greatred than s2
+ */
+int os_strcasecmp(const char *s1, const char *s2);
+
+/**
+ * os_strncasecmp - Compare two strings ignoring case
+ * @s1: First string
+ * @s2: Second string
+ * @n: Maximum numbers of characters to compare
+ * Returns: An integer less than, equal to, or greater than zero if s1 is
+ * found to be less than, to match, or be greater than s2. Only first n
+ * characters will be compared.
+ */
+int os_strncasecmp(const char *s1, const char *s2, size_t n);
+
+/**
+ * os_strchr - Locate the first occurrence of a character in string
+ * @s: String
+ * @c: Character to search for
+ * Returns: Pointer to the matched character or %NULL if not found
+ */
+char * os_strchr(const char *s, int c);
+
+/**
+ * os_strrchr - Locate the last occurrence of a character in string
+ * @s: String
+ * @c: Character to search for
+ * Returns: Pointer to the matched character or %NULL if not found
+ */
+char * os_strrchr(const char *s, int c);
+
+/**
+ * os_strcmp - Compare two strings
+ * @s1: First string
+ * @s2: Second string
+ * Returns: An integer less than, equal to, or greater than zero if s1 is
+ * found to be less than, to match, or be greatred than s2
+ */
+int os_strcmp(const char *s1, const char *s2);
+
+/**
+ * os_strncmp - Compare two strings
+ * @s1: First string
+ * @s2: Second string
+ * @n: Maximum numbers of characters to compare
+ * Returns: An integer less than, equal to, or greater than zero if s1 is
+ * found to be less than, to match, or be greater than s2. Only first n
+ * characters will be compared.
+ */
+int os_strncmp(const char *s1, const char *s2, size_t n);
+
+/**
+ * os_strncpy - Copy a string
+ * @dest: Destination
+ * @src: Source
+ * @n: Maximum number of characters to copy
+ * Returns: dest
+ */
+char * os_strncpy(char *dest, const char *src, size_t n);
+
+/**
+ * os_strstr - Locate a substring
+ * @haystack: String (haystack) to search from
+ * @needle: Needle to search from haystack
+ * Returns: Pointer to the beginning of the substring or %NULL if not found
+ */
+char * os_strstr(const char *haystack, const char *needle);
+
+/**
+ * os_snprintf - Print to a memory buffer
+ * @str: Memory buffer to print into
+ * @size: Maximum length of the str buffer
+ * @format: printf format
+ * Returns: Number of characters printed (not including trailing '\0').
+ *
+ * If the output buffer is truncated, number of characters which would have
+ * been written is returned. Since some C libraries return -1 in such a case,
+ * the caller must be prepared on that value, too, to indicate truncation.
+ *
+ * Note: Some C library implementations of snprintf() may not guarantee null
+ * termination in case the output is truncated. The OS wrapper function of
+ * os_snprintf() should provide this guarantee, i.e., to null terminate the
+ * output buffer if a C library version of the function is used and if that
+ * function does not guarantee null termination.
+ *
+ * If the target system does not include snprintf(), see, e.g.,
+ * http://www.ijs.si/software/snprintf/ for an example of a portable
+ * implementation of snprintf.
+ */
+int os_snprintf(char *str, size_t size, const char *format, ...);
+
+#else /* OS_NO_C_LIB_DEFINES */
+
+#ifndef os_malloc
+#define os_malloc(s) malloc((s))
+#endif
+#ifndef os_realloc
+#define os_realloc(p, s) realloc((p), (s))
+#endif
+#ifndef os_free
+#define os_free(p) free((p))
+#endif
+
+#ifndef os_memcpy
+#define os_memcpy(d, s, n) memcpy((d), (s), (n))
+#endif
+#ifndef os_memmove
+#define os_memmove(d, s, n) memmove((d), (s), (n))
+#endif
+#ifndef os_memset
+#define os_memset(s, c, n) memset(s, c, n)
+#endif
+#ifndef os_memcmp
+#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n))
+#endif
+
+#ifndef os_strdup
+#ifdef _MSC_VER
+#define os_strdup(s) _strdup(s)
+#else
+#define os_strdup(s) strdup(s)
+#endif
+#endif
+#ifndef os_strlen
+#define os_strlen(s) strlen(s)
+#endif
+#ifndef os_strcasecmp
+#ifdef _MSC_VER
+#define os_strcasecmp(s1, s2) _stricmp((s1), (s2))
+#else
+#define os_strcasecmp(s1, s2) strcasecmp((s1), (s2))
+#endif
+#endif
+#ifndef os_strncasecmp
+#ifdef _MSC_VER
+#define os_strncasecmp(s1, s2, n) _strnicmp((s1), (s2), (n))
+#else
+#define os_strncasecmp(s1, s2, n) strncasecmp((s1), (s2), (n))
+#endif
+#endif
+#ifndef os_strchr
+#define os_strchr(s, c) strchr((s), (c))
+#endif
+#ifndef os_strcmp
+#define os_strcmp(s1, s2) strcmp((s1), (s2))
+#endif
+#ifndef os_strncmp
+#define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n))
+#endif
+#ifndef os_strncpy
+#define os_strncpy(d, s, n) strncpy((d), (s), (n))
+#endif
+#ifndef os_strrchr
+#define os_strrchr(s, c) strrchr((s), (c))
+#endif
+#ifndef os_strstr
+#define os_strstr(h, n) strstr((h), (n))
+#endif
+
+#ifndef os_snprintf
+#ifdef _MSC_VER
+#define os_snprintf _snprintf
+#else
+#define os_snprintf snprintf
+#endif
+#endif
+
+#endif /* OS_NO_C_LIB_DEFINES */
+
+
+#ifdef OS_REJECT_C_LIB_FUNCTIONS
+#define malloc OS_DO_NOT_USE_malloc
+#define realloc OS_DO_NOT_USE_realloc
+#define free OS_DO_NOT_USE_free
+#define memcpy OS_DO_NOT_USE_memcpy
+#define memmove OS_DO_NOT_USE_memmove
+#define memset OS_DO_NOT_USE_memset
+#define memcmp OS_DO_NOT_USE_memcmp
+#undef strdup
+#define strdup OS_DO_NOT_USE_strdup
+#define strlen OS_DO_NOT_USE_strlen
+#define strcasecmp OS_DO_NOT_USE_strcasecmp
+#define strncasecmp OS_DO_NOT_USE_strncasecmp
+#undef strchr
+#define strchr OS_DO_NOT_USE_strchr
+#undef strcmp
+#define strcmp OS_DO_NOT_USE_strcmp
+#undef strncmp
+#define strncmp OS_DO_NOT_USE_strncmp
+#undef strncpy
+#define strncpy OS_DO_NOT_USE_strncpy
+#define strrchr OS_DO_NOT_USE_strrchr
+#define strstr OS_DO_NOT_USE_strstr
+#undef snprintf
+#define snprintf OS_DO_NOT_USE_snprintf
+
+#define strcpy OS_DO_NOT_USE_strcpy
+#endif /* OS_REJECT_C_LIB_FUNCTIONS */
+
+#endif /* OS_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / Internal implementation of OS specific functions
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file is an example of operating system specific wrapper functions.
+ * This version implements many of the functions internally, so it can be used
+ * to fill in missing functions from the target system C libraries.
+ *
+ * Some of the functions are using standard C library calls in order to keep
+ * this file in working condition to allow the functions to be tested on a
+ * Linux target. Please note that OS_NO_C_LIB_DEFINES needs to be defined for
+ * this file to work correctly. Note that these implementations are only
+ * examples and are not optimized for speed.
+ */
+
+#include "includes.h"
+
+#undef OS_REJECT_C_LIB_FUNCTIONS
+#include "os.h"
+
+void os_sleep(os_time_t sec, os_time_t usec)
+{
+ if (sec)
+ sleep(sec);
+ if (usec)
+ usleep(usec);
+}
+
+
+int os_get_time(struct os_time *t)
+{
+ int res;
+ struct timeval tv;
+ res = gettimeofday(&tv, NULL);
+ t->sec = tv.tv_sec;
+ t->usec = tv.tv_usec;
+ return res;
+}
+
+
+int os_mktime(int year, int month, int day, int hour, int min, int sec,
+ os_time_t *t)
+{
+ struct tm tm;
+
+ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ||
+ hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 ||
+ sec > 60)
+ return -1;
+
+ os_memset(&tm, 0, sizeof(tm));
+ tm.tm_year = year - 1900;
+ tm.tm_mon = month - 1;
+ tm.tm_mday = day;
+ tm.tm_hour = hour;
+ tm.tm_min = min;
+ tm.tm_sec = sec;
+
+ *t = (os_time_t) mktime(&tm);
+ return 0;
+}
+
+
+int os_daemonize(const char *pid_file)
+{
+ if (daemon(0, 0)) {
+ perror("daemon");
+ return -1;
+ }
+
+ if (pid_file) {
+ FILE *f = fopen(pid_file, "w");
+ if (f) {
+ fprintf(f, "%u\n", getpid());
+ fclose(f);
+ }
+ }
+
+ return -0;
+}
+
+
+void os_daemonize_terminate(const char *pid_file)
+{
+ if (pid_file)
+ unlink(pid_file);
+}
+
+
+int os_get_random(unsigned char *buf, size_t len)
+{
+ FILE *f;
+ size_t rc;
+
+ f = fopen("/dev/urandom", "rb");
+ if (f == NULL) {
+ printf("Could not open /dev/urandom.\n");
+ return -1;
+ }
+
+ rc = fread(buf, 1, len, f);
+ fclose(f);
+
+ return rc != len ? -1 : 0;
+}
+
+
+unsigned long os_random(void)
+{
+ return random();
+}
+
+
+char * os_rel2abs_path(const char *rel_path)
+{
+ char *buf = NULL, *cwd, *ret;
+ size_t len = 128, cwd_len, rel_len, ret_len;
+
+ if (rel_path[0] == '/')
+ return os_strdup(rel_path);
+
+ for (;;) {
+ buf = os_malloc(len);
+ if (buf == NULL)
+ return NULL;
+ cwd = getcwd(buf, len);
+ if (cwd == NULL) {
+ os_free(buf);
+ if (errno != ERANGE) {
+ return NULL;
+ }
+ len *= 2;
+ } else {
+ break;
+ }
+ }
+
+ cwd_len = strlen(cwd);
+ rel_len = strlen(rel_path);
+ ret_len = cwd_len + 1 + rel_len + 1;
+ ret = os_malloc(ret_len);
+ if (ret) {
+ os_memcpy(ret, cwd, cwd_len);
+ ret[cwd_len] = '/';
+ os_memcpy(ret + cwd_len + 1, rel_path, rel_len);
+ ret[ret_len - 1] = '\0';
+ }
+ os_free(buf);
+ return ret;
+}
+
+
+int os_program_init(void)
+{
+ return 0;
+}
+
+
+void os_program_deinit(void)
+{
+}
+
+
+int os_setenv(const char *name, const char *value, int overwrite)
+{
+ return setenv(name, value, overwrite);
+}
+
+
+int os_unsetenv(const char *name)
+{
+#if defined(__FreeBSD__) || defined(__NetBSD__)
+ unsetenv(name);
+ return 0;
+#else
+ return unsetenv(name);
+#endif
+}
+
+
+char * os_readfile(const char *name, size_t *len)
+{
+ FILE *f;
+ char *buf;
+
+ f = fopen(name, "rb");
+ if (f == NULL)
+ return NULL;
+
+ fseek(f, 0, SEEK_END);
+ *len = ftell(f);
+ fseek(f, 0, SEEK_SET);
+
+ buf = os_malloc(*len);
+ if (buf == NULL) {
+ fclose(f);
+ return NULL;
+ }
+
+ fread(buf, 1, *len, f);
+ fclose(f);
+
+ return buf;
+}
+
+
+void * os_zalloc(size_t size)
+{
+ void *n = os_malloc(size);
+ if (n)
+ os_memset(n, 0, size);
+ return n;
+}
+
+
+void * os_malloc(size_t size)
+{
+ return malloc(size);
+}
+
+
+void * os_realloc(void *ptr, size_t size)
+{
+ return realloc(ptr, size);
+}
+
+
+void os_free(void *ptr)
+{
+ free(ptr);
+}
+
+
+void * os_memcpy(void *dest, const void *src, size_t n)
+{
+ char *d = dest;
+ const char *s = src;
+ while (n--)
+ *d++ = *s++;
+ return dest;
+}
+
+
+void * os_memmove(void *dest, const void *src, size_t n)
+{
+ if (dest < src)
+ os_memcpy(dest, src, n);
+ else {
+ /* overlapping areas */
+ char *d = (char *) dest + n;
+ const char *s = (const char *) src + n;
+ while (n--)
+ *--d = *--s;
+ }
+ return dest;
+}
+
+
+void * os_memset(void *s, int c, size_t n)
+{
+ char *p = s;
+ while (n--)
+ *p++ = c;
+ return s;
+}
+
+
+int os_memcmp(const void *s1, const void *s2, size_t n)
+{
+ const unsigned char *p1 = s1, *p2 = s2;
+
+ if (n == 0)
+ return 0;
+
+ while (*p1 == *p2) {
+ p1++;
+ p2++;
+ n--;
+ if (n == 0)
+ return 0;
+ }
+
+ return *p1 - *p2;
+}
+
+
+char * os_strdup(const char *s)
+{
+ char *res;
+ size_t len;
+ if (s == NULL)
+ return NULL;
+ len = os_strlen(s);
+ res = os_malloc(len + 1);
+ if (res)
+ os_memcpy(res, s, len + 1);
+ return res;
+}
+
+
+size_t os_strlen(const char *s)
+{
+ const char *p = s;
+ while (*p)
+ p++;
+ return p - s;
+}
+
+
+int os_strcasecmp(const char *s1, const char *s2)
+{
+ /*
+ * Ignoring case is not required for main functionality, so just use
+ * the case sensitive version of the function.
+ */
+ return os_strcmp(s1, s2);
+}
+
+
+int os_strncasecmp(const char *s1, const char *s2, size_t n)
+{
+ /*
+ * Ignoring case is not required for main functionality, so just use
+ * the case sensitive version of the function.
+ */
+ return os_strncmp(s1, s2, n);
+}
+
+
+char * os_strchr(const char *s, int c)
+{
+ while (*s) {
+ if (*s == c)
+ return (char *) s;
+ s++;
+ }
+ return NULL;
+}
+
+
+char * os_strrchr(const char *s, int c)
+{
+ const char *p = s;
+ while (*p)
+ p++;
+ p--;
+ while (p >= s) {
+ if (*p == c)
+ return (char *) p;
+ p--;
+ }
+ return NULL;
+}
+
+
+int os_strcmp(const char *s1, const char *s2)
+{
+ while (*s1 == *s2) {
+ if (*s1 == '\0')
+ break;
+ s1++;
+ s2++;
+ }
+
+ return *s1 - *s2;
+}
+
+
+int os_strncmp(const char *s1, const char *s2, size_t n)
+{
+ if (n == 0)
+ return 0;
+
+ while (*s1 == *s2) {
+ if (*s1 == '\0')
+ break;
+ s1++;
+ s2++;
+ n--;
+ if (n == 0)
+ return 0;
+ }
+
+ return *s1 - *s2;
+}
+
+
+char * os_strncpy(char *dest, const char *src, size_t n)
+{
+ char *d = dest;
+
+ while (n--) {
+ *d = *src;
+ if (*src == '\0')
+ break;
+ d++;
+ src++;
+ }
+
+ return dest;
+}
+
+
+char * os_strstr(const char *haystack, const char *needle)
+{
+ size_t len = os_strlen(needle);
+ while (*haystack) {
+ if (os_strncmp(haystack, needle, len) == 0)
+ return (char *) haystack;
+ haystack++;
+ }
+
+ return NULL;
+}
+
+
+int os_snprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int ret;
+
+ /* See http://www.ijs.si/software/snprintf/ for portable
+ * implementation of snprintf.
+ */
+
+ va_start(ap, format);
+ ret = vsnprintf(str, size, format, ap);
+ va_end(ap);
+ if (size > 0)
+ str[size - 1] = '\0';
+ return ret;
+}
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / Empty OS specific functions
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file can be used as a starting point when adding a new OS target. The
+ * functions here do not really work as-is since they are just empty or only
+ * return an error value. os_internal.c can be used as another starting point
+ * or reference since it has example implementation of many of these functions.
+ */
+
+#include "includes.h"
+
+#include "os.h"
+
+void os_sleep(os_time_t sec, os_time_t usec)
+{
+}
+
+
+int os_get_time(struct os_time *t)
+{
+ return -1;
+}
+
+
+int os_mktime(int year, int month, int day, int hour, int min, int sec,
+ os_time_t *t)
+{
+ return -1;
+}
+
+
+int os_daemonize(const char *pid_file)
+{
+ return -1;
+}
+
+
+void os_daemonize_terminate(const char *pid_file)
+{
+}
+
+
+int os_get_random(unsigned char *buf, size_t len)
+{
+ return -1;
+}
+
+
+unsigned long os_random(void)
+{
+ return 0;
+}
+
+
+char * os_rel2abs_path(const char *rel_path)
+{
+ return NULL; /* strdup(rel_path) can be used here */
+}
+
+
+int os_program_init(void)
+{
+ return 0;
+}
+
+
+void os_program_deinit(void)
+{
+}
+
+
+int os_setenv(const char *name, const char *value, int overwrite)
+{
+ return -1;
+}
+
+
+int os_unsetenv(const char *name)
+{
+ return -1;
+}
+
+
+char * os_readfile(const char *name, size_t *len)
+{
+ return NULL;
+}
+
+
+void * os_zalloc(size_t size)
+{
+ return NULL;
+}
+
+
+#ifdef OS_NO_C_LIB_DEFINES
+void * os_malloc(size_t size)
+{
+ return NULL;
+}
+
+
+void * os_realloc(void *ptr, size_t size)
+{
+ return NULL;
+}
+
+
+void os_free(void *ptr)
+{
+}
+
+
+void * os_memcpy(void *dest, const void *src, size_t n)
+{
+ return dest;
+}
+
+
+void * os_memmove(void *dest, const void *src, size_t n)
+{
+ return dest;
+}
+
+
+void * os_memset(void *s, int c, size_t n)
+{
+ return s;
+}
+
+
+int os_memcmp(const void *s1, const void *s2, size_t n)
+{
+ return 0;
+}
+
+
+char * os_strdup(const char *s)
+{
+ return NULL;
+}
+
+
+size_t os_strlen(const char *s)
+{
+ return 0;
+}
+
+
+int os_strcasecmp(const char *s1, const char *s2)
+{
+ /*
+ * Ignoring case is not required for main functionality, so just use
+ * the case sensitive version of the function.
+ */
+ return os_strcmp(s1, s2);
+}
+
+
+int os_strncasecmp(const char *s1, const char *s2, size_t n)
+{
+ /*
+ * Ignoring case is not required for main functionality, so just use
+ * the case sensitive version of the function.
+ */
+ return os_strncmp(s1, s2, n);
+}
+
+
+char * os_strchr(const char *s, int c)
+{
+ return NULL;
+}
+
+
+char * os_strrchr(const char *s, int c)
+{
+ return NULL;
+}
+
+
+int os_strcmp(const char *s1, const char *s2)
+{
+ return 0;
+}
+
+
+int os_strncmp(const char *s1, const char *s2, size_t n)
+{
+ return 0;
+}
+
+
+char * os_strncpy(char *dest, const char *src, size_t n)
+{
+ return dest;
+}
+
+
+char * os_strstr(const char *haystack, const char *needle)
+{
+ return NULL;
+}
+
+
+int os_snprintf(char *str, size_t size, const char *format, ...)
+{
+ return 0;
+}
+#endif /* OS_NO_C_LIB_DEFINES */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / OS specific functions for UNIX/POSIX systems
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "os.h"
+
+void os_sleep(os_time_t sec, os_time_t usec)
+{
+ if (sec)
+ sleep(sec);
+ if (usec)
+ usleep(usec);
+}
+
+
+int os_get_time(struct os_time *t)
+{
+ int res;
+ struct timeval tv;
+ res = gettimeofday(&tv, NULL);
+ t->sec = tv.tv_sec;
+ t->usec = tv.tv_usec;
+ return res;
+}
+
+
+int os_mktime(int year, int month, int day, int hour, int min, int sec,
+ os_time_t *t)
+{
+ struct tm tm, *tm1;
+ time_t t_local, t1, t2;
+ os_time_t tz_offset;
+
+ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ||
+ hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 ||
+ sec > 60)
+ return -1;
+
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_year = year - 1900;
+ tm.tm_mon = month - 1;
+ tm.tm_mday = day;
+ tm.tm_hour = hour;
+ tm.tm_min = min;
+ tm.tm_sec = sec;
+
+ t_local = mktime(&tm);
+
+ /* figure out offset to UTC */
+ tm1 = localtime(&t_local);
+ if (tm1) {
+ t1 = mktime(tm1);
+ tm1 = gmtime(&t_local);
+ if (tm1) {
+ t2 = mktime(tm1);
+ tz_offset = t2 - t1;
+ } else
+ tz_offset = 0;
+ } else
+ tz_offset = 0;
+
+ *t = (os_time_t) t_local - tz_offset;
+ return 0;
+}
+
+
+int os_daemonize(const char *pid_file)
+{
+ if (daemon(0, 0)) {
+ perror("daemon");
+ return -1;
+ }
+
+ if (pid_file) {
+ FILE *f = fopen(pid_file, "w");
+ if (f) {
+ fprintf(f, "%u\n", getpid());
+ fclose(f);
+ }
+ }
+
+ return -0;
+}
+
+
+void os_daemonize_terminate(const char *pid_file)
+{
+ if (pid_file)
+ unlink(pid_file);
+}
+
+
+int os_get_random(unsigned char *buf, size_t len)
+{
+ FILE *f;
+ size_t rc;
+
+ f = fopen("/dev/urandom", "rb");
+ if (f == NULL) {
+ printf("Could not open /dev/urandom.\n");
+ return -1;
+ }
+
+ rc = fread(buf, 1, len, f);
+ fclose(f);
+
+ return rc != len ? -1 : 0;
+}
+
+
+unsigned long os_random(void)
+{
+ return random();
+}
+
+
+char * os_rel2abs_path(const char *rel_path)
+{
+ char *buf = NULL, *cwd, *ret;
+ size_t len = 128, cwd_len, rel_len, ret_len;
+ int last_errno;
+
+ if (rel_path[0] == '/')
+ return strdup(rel_path);
+
+ for (;;) {
+ buf = malloc(len);
+ if (buf == NULL)
+ return NULL;
+ cwd = getcwd(buf, len);
+ if (cwd == NULL) {
+ last_errno = errno;
+ free(buf);
+ if (last_errno != ERANGE)
+ return NULL;
+ len *= 2;
+ if (len > 2000)
+ return NULL;
+ } else {
+ buf[len - 1] = '\0';
+ break;
+ }
+ }
+
+ cwd_len = strlen(cwd);
+ rel_len = strlen(rel_path);
+ ret_len = cwd_len + 1 + rel_len + 1;
+ ret = malloc(ret_len);
+ if (ret) {
+ memcpy(ret, cwd, cwd_len);
+ ret[cwd_len] = '/';
+ memcpy(ret + cwd_len + 1, rel_path, rel_len);
+ ret[ret_len - 1] = '\0';
+ }
+ free(buf);
+ return ret;
+}
+
+
+int os_program_init(void)
+{
+ return 0;
+}
+
+
+void os_program_deinit(void)
+{
+}
+
+
+int os_setenv(const char *name, const char *value, int overwrite)
+{
+ return setenv(name, value, overwrite);
+}
+
+
+int os_unsetenv(const char *name)
+{
+#if defined(__FreeBSD__) || defined(__NetBSD__)
+ unsetenv(name);
+ return 0;
+#else
+ return unsetenv(name);
+#endif
+}
+
+
+char * os_readfile(const char *name, size_t *len)
+{
+ FILE *f;
+ char *buf;
+
+ f = fopen(name, "rb");
+ if (f == NULL)
+ return NULL;
+
+ fseek(f, 0, SEEK_END);
+ *len = ftell(f);
+ fseek(f, 0, SEEK_SET);
+
+ buf = malloc(*len);
+ if (buf == NULL) {
+ fclose(f);
+ return NULL;
+ }
+
+ fread(buf, 1, *len, f);
+ fclose(f);
+
+ return buf;
+}
+
+
+void * os_zalloc(size_t size)
+{
+ return calloc(1, size);
+}
--- /dev/null
+/*
+ * wpa_supplicant/hostapd / OS specific functions for Win32 systems
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <winsock2.h>
+#include <wincrypt.h>
+
+#include "os.h"
+
+void os_sleep(os_time_t sec, os_time_t usec)
+{
+ if (sec)
+ Sleep(sec * 1000);
+ if (usec)
+ Sleep(usec / 1000);
+}
+
+
+int os_get_time(struct os_time *t)
+{
+#define EPOCHFILETIME (116444736000000000ULL)
+ FILETIME ft;
+ LARGE_INTEGER li;
+ ULONGLONG tt;
+
+#ifdef _WIN32_WCE
+ SYSTEMTIME st;
+
+ GetSystemTime(&st);
+ SystemTimeToFileTime(&st, &ft);
+#else /* _WIN32_WCE */
+ GetSystemTimeAsFileTime(&ft);
+#endif /* _WIN32_WCE */
+ li.LowPart = ft.dwLowDateTime;
+ li.HighPart = ft.dwHighDateTime;
+ tt = (li.QuadPart - EPOCHFILETIME) / 10;
+ t->sec = (os_time_t) (tt / 1000000);
+ t->usec = (os_time_t) (tt % 1000000);
+
+ return 0;
+}
+
+
+int os_mktime(int year, int month, int day, int hour, int min, int sec,
+ os_time_t *t)
+{
+ struct tm tm, *tm1;
+ time_t t_local, t1, t2;
+ os_time_t tz_offset;
+
+ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ||
+ hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 ||
+ sec > 60)
+ return -1;
+
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_year = year - 1900;
+ tm.tm_mon = month - 1;
+ tm.tm_mday = day;
+ tm.tm_hour = hour;
+ tm.tm_min = min;
+ tm.tm_sec = sec;
+
+ t_local = mktime(&tm);
+
+ /* figure out offset to UTC */
+ tm1 = localtime(&t_local);
+ if (tm1) {
+ t1 = mktime(tm1);
+ tm1 = gmtime(&t_local);
+ if (tm1) {
+ t2 = mktime(tm1);
+ tz_offset = t2 - t1;
+ } else
+ tz_offset = 0;
+ } else
+ tz_offset = 0;
+
+ *t = (os_time_t) t_local - tz_offset;
+ return 0;
+}
+
+
+int os_daemonize(const char *pid_file)
+{
+ /* TODO */
+ return -1;
+}
+
+
+void os_daemonize_terminate(const char *pid_file)
+{
+}
+
+
+int os_get_random(unsigned char *buf, size_t len)
+{
+ HCRYPTPROV prov;
+ BOOL ret;
+
+ if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT))
+ return -1;
+
+ ret = CryptGenRandom(prov, len, buf);
+ CryptReleaseContext(prov, 0);
+
+ return ret ? 0 : -1;
+}
+
+
+unsigned long os_random(void)
+{
+ return rand();
+}
+
+
+char * os_rel2abs_path(const char *rel_path)
+{
+ return _strdup(rel_path);
+}
+
+
+int os_program_init(void)
+{
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSADATA wsaData;
+ if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
+ printf("Could not find a usable WinSock.dll\n");
+ return -1;
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+ return 0;
+}
+
+
+void os_program_deinit(void)
+{
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSACleanup();
+#endif /* CONFIG_NATIVE_WINDOWS */
+}
+
+
+int os_setenv(const char *name, const char *value, int overwrite)
+{
+ return -1;
+}
+
+
+int os_unsetenv(const char *name)
+{
+ return -1;
+}
+
+
+char * os_readfile(const char *name, size_t *len)
+{
+ FILE *f;
+ char *buf;
+
+ f = fopen(name, "rb");
+ if (f == NULL)
+ return NULL;
+
+ fseek(f, 0, SEEK_END);
+ *len = ftell(f);
+ fseek(f, 0, SEEK_SET);
+
+ buf = malloc(*len);
+ if (buf == NULL) {
+ fclose(f);
+ return NULL;
+ }
+
+ fread(buf, 1, *len, f);
+ fclose(f);
+
+ return buf;
+}
+
+
+void * os_zalloc(size_t size)
+{
+ return calloc(1, size);
+}
--- /dev/null
+/*
+ * WPA Supplicant / PC/SC smartcard interface for USIM, GSM SIM
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements wrapper functions for accessing GSM SIM and 3GPP USIM
+ * cards through PC/SC smartcard library. These functions are used to implement
+ * authentication routines for EAP-SIM and EAP-AKA.
+ */
+
+#include "includes.h"
+#include <winscard.h>
+
+#include "common.h"
+#include "pcsc_funcs.h"
+
+
+/* See ETSI GSM 11.11 and ETSI TS 102 221 for details.
+ * SIM commands:
+ * Command APDU: CLA INS P1 P2 P3 Data
+ * CLA (class of instruction): A0 for GSM, 00 for USIM
+ * INS (instruction)
+ * P1 P2 P3 (parameters, P3 = length of Data)
+ * Response APDU: Data SW1 SW2
+ * SW1 SW2 (Status words)
+ * Commands (INS P1 P2 P3):
+ * SELECT: A4 00 00 02 <file_id, 2 bytes>
+ * GET RESPONSE: C0 00 00 <len>
+ * RUN GSM ALG: 88 00 00 00 <RAND len = 10>
+ * RUN UMTS ALG: 88 00 81 <len=0x22> data: 0x10 | RAND | 0x10 | AUTN
+ * P1 = ID of alg in card
+ * P2 = ID of secret key
+ * READ BINARY: B0 <offset high> <offset low> <len>
+ * READ RECORD: B2 <record number> <mode> <len>
+ * P2 (mode) = '02' (next record), '03' (previous record),
+ * '04' (absolute mode)
+ * VERIFY CHV: 20 00 <CHV number> 08
+ * CHANGE CHV: 24 00 <CHV number> 10
+ * DISABLE CHV: 26 00 01 08
+ * ENABLE CHV: 28 00 01 08
+ * UNBLOCK CHV: 2C 00 <00=CHV1, 02=CHV2> 10
+ * SLEEP: FA 00 00 00
+ */
+
+/* GSM SIM commands */
+#define SIM_CMD_SELECT 0xa0, 0xa4, 0x00, 0x00, 0x02
+#define SIM_CMD_RUN_GSM_ALG 0xa0, 0x88, 0x00, 0x00, 0x10
+#define SIM_CMD_GET_RESPONSE 0xa0, 0xc0, 0x00, 0x00
+#define SIM_CMD_READ_BIN 0xa0, 0xb0, 0x00, 0x00
+#define SIM_CMD_READ_RECORD 0xa0, 0xb2, 0x00, 0x00
+#define SIM_CMD_VERIFY_CHV1 0xa0, 0x20, 0x00, 0x01, 0x08
+
+/* USIM commands */
+#define USIM_CLA 0x00
+#define USIM_CMD_RUN_UMTS_ALG 0x00, 0x88, 0x00, 0x81, 0x22
+#define USIM_CMD_GET_RESPONSE 0x00, 0xc0, 0x00, 0x00
+
+#define SIM_RECORD_MODE_ABSOLUTE 0x04
+
+#define USIM_FSP_TEMPL_TAG 0x62
+
+#define USIM_TLV_FILE_DESC 0x82
+#define USIM_TLV_FILE_ID 0x83
+#define USIM_TLV_DF_NAME 0x84
+#define USIM_TLV_PROPR_INFO 0xA5
+#define USIM_TLV_LIFE_CYCLE_STATUS 0x8A
+#define USIM_TLV_FILE_SIZE 0x80
+#define USIM_TLV_TOTAL_FILE_SIZE 0x81
+#define USIM_TLV_PIN_STATUS_TEMPLATE 0xC6
+#define USIM_TLV_SHORT_FILE_ID 0x88
+
+#define USIM_PS_DO_TAG 0x90
+
+#define AKA_RAND_LEN 16
+#define AKA_AUTN_LEN 16
+#define AKA_AUTS_LEN 14
+#define RES_MAX_LEN 16
+#define IK_LEN 16
+#define CK_LEN 16
+
+
+typedef enum { SCARD_GSM_SIM, SCARD_USIM } sim_types;
+
+struct scard_data {
+ SCARDCONTEXT ctx;
+ SCARDHANDLE card;
+ DWORD protocol;
+ sim_types sim_type;
+ int pin1_required;
+};
+
+#ifdef __MINGW32_VERSION
+/* MinGW does not yet support WinScard, so load the needed functions
+ * dynamically from winscard.dll for now. */
+
+static HINSTANCE dll = NULL; /* winscard.dll */
+
+static const SCARD_IO_REQUEST *dll_g_rgSCardT0Pci, *dll_g_rgSCardT1Pci;
+#undef SCARD_PCI_T0
+#define SCARD_PCI_T0 (dll_g_rgSCardT0Pci)
+#undef SCARD_PCI_T1
+#define SCARD_PCI_T1 (dll_g_rgSCardT1Pci)
+
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardEstablishContext)(IN DWORD dwScope,
+ IN LPCVOID pvReserved1,
+ IN LPCVOID pvReserved2,
+ OUT LPSCARDCONTEXT phContext);
+#define SCardEstablishContext dll_SCardEstablishContext
+
+static long (*dll_SCardReleaseContext)(long hContext);
+#define SCardReleaseContext dll_SCardReleaseContext
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardListReadersA)(IN SCARDCONTEXT hContext,
+ IN LPCSTR mszGroups,
+ OUT LPSTR mszReaders,
+ IN OUT LPDWORD pcchReaders);
+#undef SCardListReaders
+#define SCardListReaders dll_SCardListReadersA
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardConnectA)(IN SCARDCONTEXT hContext,
+ IN LPCSTR szReader,
+ IN DWORD dwShareMode,
+ IN DWORD dwPreferredProtocols,
+ OUT LPSCARDHANDLE phCard,
+ OUT LPDWORD pdwActiveProtocol);
+#undef SCardConnect
+#define SCardConnect dll_SCardConnectA
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardDisconnect)(IN SCARDHANDLE hCard,
+ IN DWORD dwDisposition);
+#define SCardDisconnect dll_SCardDisconnect
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardTransmit)(IN SCARDHANDLE hCard,
+ IN LPCSCARD_IO_REQUEST pioSendPci,
+ IN LPCBYTE pbSendBuffer,
+ IN DWORD cbSendLength,
+ IN OUT LPSCARD_IO_REQUEST pioRecvPci,
+ OUT LPBYTE pbRecvBuffer,
+ IN OUT LPDWORD pcbRecvLength);
+#define SCardTransmit dll_SCardTransmit
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardBeginTransaction)(IN SCARDHANDLE hCard);
+#define SCardBeginTransaction dll_SCardBeginTransaction
+
+static WINSCARDAPI LONG WINAPI
+(*dll_SCardEndTransaction)(IN SCARDHANDLE hCard, IN DWORD dwDisposition);
+#define SCardEndTransaction dll_SCardEndTransaction
+
+
+static int mingw_load_symbols(void)
+{
+ char *sym;
+
+ if (dll)
+ return 0;
+
+ dll = LoadLibrary("winscard");
+ if (dll == NULL) {
+ wpa_printf(MSG_DEBUG, "WinSCard: Could not load winscard.dll "
+ "library");
+ return -1;
+ }
+
+#define LOADSYM(s) \
+ sym = #s; \
+ dll_ ## s = (void *) GetProcAddress(dll, sym); \
+ if (dll_ ## s == NULL) \
+ goto fail;
+
+ LOADSYM(SCardEstablishContext);
+ LOADSYM(SCardReleaseContext);
+ LOADSYM(SCardListReadersA);
+ LOADSYM(SCardConnectA);
+ LOADSYM(SCardDisconnect);
+ LOADSYM(SCardTransmit);
+ LOADSYM(SCardBeginTransaction);
+ LOADSYM(SCardEndTransaction);
+ LOADSYM(g_rgSCardT0Pci);
+ LOADSYM(g_rgSCardT1Pci);
+
+#undef LOADSYM
+
+ return 0;
+
+fail:
+ wpa_printf(MSG_DEBUG, "WinSCard: Could not get address for %s from "
+ "winscard.dll", sym);
+ FreeLibrary(dll);
+ dll = NULL;
+ return -1;
+}
+
+
+static void mingw_unload_symbols(void)
+{
+ if (dll == NULL)
+ return;
+
+ FreeLibrary(dll);
+ dll = NULL;
+}
+
+#else /* __MINGW32_VERSION */
+
+#define mingw_load_symbols() 0
+#define mingw_unload_symbols() do { } while (0)
+
+#endif /* __MINGW32_VERSION */
+
+
+static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
+ unsigned char *buf, size_t *buf_len,
+ sim_types sim_type, unsigned char *aid,
+ size_t aidlen);
+static int scard_select_file(struct scard_data *scard, unsigned short file_id,
+ unsigned char *buf, size_t *buf_len);
+static int scard_verify_pin(struct scard_data *scard, const char *pin);
+static int scard_get_record_len(struct scard_data *scard,
+ unsigned char recnum, unsigned char mode);
+static int scard_read_record(struct scard_data *scard,
+ unsigned char *data, size_t len,
+ unsigned char recnum, unsigned char mode);
+
+
+static int scard_parse_fsp_templ(unsigned char *buf, size_t buf_len,
+ int *ps_do, int *file_len)
+{
+ unsigned char *pos, *end;
+
+ if (ps_do)
+ *ps_do = -1;
+ if (file_len)
+ *file_len = -1;
+
+ pos = buf;
+ end = pos + buf_len;
+ if (*pos != USIM_FSP_TEMPL_TAG) {
+ wpa_printf(MSG_DEBUG, "SCARD: file header did not "
+ "start with FSP template tag");
+ return -1;
+ }
+ pos++;
+ if (pos >= end)
+ return -1;
+ if ((pos + pos[0]) < end)
+ end = pos + 1 + pos[0];
+ pos++;
+ wpa_hexdump(MSG_DEBUG, "SCARD: file header FSP template",
+ pos, end - pos);
+
+ while (pos + 1 < end) {
+ wpa_printf(MSG_MSGDUMP, "SCARD: file header TLV "
+ "0x%02x len=%d", pos[0], pos[1]);
+ if (pos + 2 + pos[1] > end)
+ break;
+
+ if (pos[0] == USIM_TLV_FILE_SIZE &&
+ (pos[1] == 1 || pos[1] == 2) && file_len) {
+ if (pos[1] == 1)
+ *file_len = (int) pos[2];
+ else
+ *file_len = ((int) pos[2] << 8) |
+ (int) pos[3];
+ wpa_printf(MSG_DEBUG, "SCARD: file_size=%d",
+ *file_len);
+ }
+
+ if (pos[0] == USIM_TLV_PIN_STATUS_TEMPLATE &&
+ pos[1] >= 2 && pos[2] == USIM_PS_DO_TAG &&
+ pos[3] >= 1 && ps_do) {
+ wpa_printf(MSG_DEBUG, "SCARD: PS_DO=0x%02x",
+ pos[4]);
+ *ps_do = (int) pos[4];
+ }
+
+ pos += 2 + pos[1];
+
+ if (pos == end)
+ return 0;
+ }
+ return -1;
+}
+
+
+static int scard_pin_needed(struct scard_data *scard,
+ unsigned char *hdr, size_t hlen)
+{
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ if (hlen > SCARD_CHV1_OFFSET &&
+ !(hdr[SCARD_CHV1_OFFSET] & SCARD_CHV1_FLAG))
+ return 1;
+ return 0;
+ }
+
+ if (scard->sim_type == SCARD_USIM) {
+ int ps_do;
+ if (scard_parse_fsp_templ(hdr, hlen, &ps_do, NULL))
+ return -1;
+ /* TODO: there could be more than one PS_DO entry because of
+ * multiple PINs in key reference.. */
+ if (ps_do > 0 && (ps_do & 0x80))
+ return 1;
+ return 0;
+ }
+
+ return -1;
+}
+
+
+static int scard_get_aid(struct scard_data *scard, unsigned char *aid,
+ size_t maxlen)
+{
+ int rlen, rec;
+ struct efdir {
+ unsigned char appl_template_tag; /* 0x61 */
+ unsigned char appl_template_len;
+ unsigned char appl_id_tag; /* 0x4f */
+ unsigned char aid_len;
+ unsigned char rid[5];
+ unsigned char appl_code[2]; /* 0x1002 for 3G USIM */
+ } *efdir;
+ unsigned char buf[100];
+ size_t blen;
+
+ efdir = (struct efdir *) buf;
+ blen = sizeof(buf);
+ if (scard_select_file(scard, SCARD_FILE_EF_DIR, buf, &blen)) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to read EF_DIR");
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "SCARD: EF_DIR select", buf, blen);
+
+ for (rec = 1; rec < 10; rec++) {
+ rlen = scard_get_record_len(scard, rec,
+ SIM_RECORD_MODE_ABSOLUTE);
+ if (rlen < 0) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to get EF_DIR "
+ "record length");
+ return -1;
+ }
+ blen = sizeof(buf);
+ if (rlen > (int) blen) {
+ wpa_printf(MSG_DEBUG, "SCARD: Too long EF_DIR record");
+ return -1;
+ }
+ if (scard_read_record(scard, buf, rlen, rec,
+ SIM_RECORD_MODE_ABSOLUTE) < 0) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to read "
+ "EF_DIR record %d", rec);
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "SCARD: EF_DIR record", buf, rlen);
+
+ if (efdir->appl_template_tag != 0x61) {
+ wpa_printf(MSG_DEBUG, "SCARD: Unexpected application "
+ "template tag 0x%x",
+ efdir->appl_template_tag);
+ continue;
+ }
+
+ if (efdir->appl_template_len > rlen - 2) {
+ wpa_printf(MSG_DEBUG, "SCARD: Too long application "
+ "template (len=%d rlen=%d)",
+ efdir->appl_template_len, rlen);
+ continue;
+ }
+
+ if (efdir->appl_id_tag != 0x4f) {
+ wpa_printf(MSG_DEBUG, "SCARD: Unexpected application "
+ "identifier tag 0x%x", efdir->appl_id_tag);
+ continue;
+ }
+
+ if (efdir->aid_len < 1 || efdir->aid_len > 16) {
+ wpa_printf(MSG_DEBUG, "SCARD: Invalid AID length %d",
+ efdir->aid_len);
+ continue;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: AID from EF_DIR record",
+ efdir->rid, efdir->aid_len);
+
+ if (efdir->appl_code[0] == 0x10 &&
+ efdir->appl_code[1] == 0x02) {
+ wpa_printf(MSG_DEBUG, "SCARD: 3G USIM app found from "
+ "EF_DIR record %d", rec);
+ break;
+ }
+ }
+
+ if (rec >= 10) {
+ wpa_printf(MSG_DEBUG, "SCARD: 3G USIM app not found "
+ "from EF_DIR records");
+ return -1;
+ }
+
+ if (efdir->aid_len > maxlen) {
+ wpa_printf(MSG_DEBUG, "SCARD: Too long AID");
+ return -1;
+ }
+
+ os_memcpy(aid, efdir->rid, efdir->aid_len);
+
+ return efdir->aid_len;
+}
+
+
+/**
+ * scard_init - Initialize SIM/USIM connection using PC/SC
+ * @sim_type: Allowed SIM types (SIM, USIM, or both)
+ * Returns: Pointer to private data structure, or %NULL on failure
+ *
+ * This function is used to initialize SIM/USIM connection. PC/SC is used to
+ * open connection to the SIM/USIM card and the card is verified to support the
+ * selected sim_type. In addition, local flag is set if a PIN is needed to
+ * access some of the card functions. Once the connection is not needed
+ * anymore, scard_deinit() can be used to close it.
+ */
+struct scard_data * scard_init(scard_sim_type sim_type)
+{
+ long ret;
+ unsigned long len;
+ struct scard_data *scard;
+#ifdef CONFIG_NATIVE_WINDOWS
+ TCHAR *readers = NULL;
+#else /* CONFIG_NATIVE_WINDOWS */
+ char *readers = NULL;
+#endif /* CONFIG_NATIVE_WINDOWS */
+ unsigned char buf[100];
+ size_t blen;
+ int transaction = 0;
+ int pin_needed;
+
+ wpa_printf(MSG_DEBUG, "SCARD: initializing smart card interface");
+ if (mingw_load_symbols())
+ return NULL;
+ scard = os_zalloc(sizeof(*scard));
+ if (scard == NULL)
+ return NULL;
+
+ ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL,
+ &scard->ctx);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: Could not establish smart card "
+ "context (err=%ld)", ret);
+ goto failed;
+ }
+
+ ret = SCardListReaders(scard->ctx, NULL, NULL, &len);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed "
+ "(err=%ld)", ret);
+ goto failed;
+ }
+
+#ifdef UNICODE
+ len *= 2;
+#endif /* UNICODE */
+ readers = os_malloc(len);
+ if (readers == NULL) {
+ wpa_printf(MSG_INFO, "SCARD: malloc failed\n");
+ goto failed;
+ }
+
+ ret = SCardListReaders(scard->ctx, NULL, readers, &len);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed(2) "
+ "(err=%ld)", ret);
+ goto failed;
+ }
+ if (len < 3) {
+ wpa_printf(MSG_WARNING, "SCARD: No smart card readers "
+ "available.");
+ goto failed;
+ }
+ /* readers is a list of available reader. Last entry is terminated with
+ * double NUL.
+ * TODO: add support for selecting the reader; now just use the first
+ * one.. */
+#ifdef UNICODE
+ wpa_printf(MSG_DEBUG, "SCARD: Selected reader='%S'", readers);
+#else /* UNICODE */
+ wpa_printf(MSG_DEBUG, "SCARD: Selected reader='%s'", readers);
+#endif /* UNICODE */
+
+ ret = SCardConnect(scard->ctx, readers, SCARD_SHARE_SHARED,
+ SCARD_PROTOCOL_T0, &scard->card, &scard->protocol);
+ if (ret != SCARD_S_SUCCESS) {
+ if (ret == (long) SCARD_E_NO_SMARTCARD)
+ wpa_printf(MSG_INFO, "No smart card inserted.");
+ else
+ wpa_printf(MSG_WARNING, "SCardConnect err=%lx", ret);
+ goto failed;
+ }
+
+ os_free(readers);
+ readers = NULL;
+
+ wpa_printf(MSG_DEBUG, "SCARD: card=0x%x active_protocol=%lu (%s)",
+ (unsigned int) scard->card, scard->protocol,
+ scard->protocol == SCARD_PROTOCOL_T0 ? "T0" : "T1");
+
+ ret = SCardBeginTransaction(scard->card);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: Could not begin transaction: "
+ "0x%x", (unsigned int) ret);
+ goto failed;
+ }
+ transaction = 1;
+
+ blen = sizeof(buf);
+
+ scard->sim_type = SCARD_GSM_SIM;
+ if (sim_type == SCARD_USIM_ONLY || sim_type == SCARD_TRY_BOTH) {
+ wpa_printf(MSG_DEBUG, "SCARD: verifying USIM support");
+ if (_scard_select_file(scard, SCARD_FILE_MF, buf, &blen,
+ SCARD_USIM, NULL, 0)) {
+ wpa_printf(MSG_DEBUG, "SCARD: USIM is not supported");
+ if (sim_type == SCARD_USIM_ONLY)
+ goto failed;
+ wpa_printf(MSG_DEBUG, "SCARD: Trying to use GSM SIM");
+ scard->sim_type = SCARD_GSM_SIM;
+ } else {
+ wpa_printf(MSG_DEBUG, "SCARD: USIM is supported");
+ scard->sim_type = SCARD_USIM;
+ }
+ }
+
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ blen = sizeof(buf);
+ if (scard_select_file(scard, SCARD_FILE_MF, buf, &blen)) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to read MF");
+ goto failed;
+ }
+
+ blen = sizeof(buf);
+ if (scard_select_file(scard, SCARD_FILE_GSM_DF, buf, &blen)) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to read GSM DF");
+ goto failed;
+ }
+ } else {
+ unsigned char aid[32];
+ int aid_len;
+
+ aid_len = scard_get_aid(scard, aid, sizeof(aid));
+ if (aid_len < 0) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to find AID for "
+ "3G USIM app - try to use standard 3G RID");
+ os_memcpy(aid, "\xa0\x00\x00\x00\x87", 5);
+ aid_len = 5;
+ }
+ wpa_hexdump(MSG_DEBUG, "SCARD: 3G USIM AID", aid, aid_len);
+
+ /* Select based on AID = 3G RID from EF_DIR. This is usually
+ * starting with A0 00 00 00 87. */
+ blen = sizeof(buf);
+ if (_scard_select_file(scard, 0, buf, &blen, scard->sim_type,
+ aid, aid_len)) {
+ wpa_printf(MSG_INFO, "SCARD: Failed to read 3G USIM "
+ "app");
+ wpa_hexdump(MSG_INFO, "SCARD: 3G USIM AID",
+ aid, aid_len);
+ goto failed;
+ }
+ }
+
+ /* Verify whether CHV1 (PIN1) is needed to access the card. */
+ pin_needed = scard_pin_needed(scard, buf, blen);
+ if (pin_needed < 0) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to determine whether PIN "
+ "is needed");
+ goto failed;
+ }
+ if (pin_needed) {
+ scard->pin1_required = 1;
+ wpa_printf(MSG_DEBUG, "PIN1 needed for SIM access");
+ }
+
+ ret = SCardEndTransaction(scard->card, SCARD_LEAVE_CARD);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: Could not end transaction: "
+ "0x%x", (unsigned int) ret);
+ }
+
+ return scard;
+
+failed:
+ if (transaction)
+ SCardEndTransaction(scard->card, SCARD_LEAVE_CARD);
+ os_free(readers);
+ scard_deinit(scard);
+ return NULL;
+}
+
+
+/**
+ * scard_set_pin - Set PIN (CHV1/PIN1) code for accessing SIM/USIM commands
+ * @scard: Pointer to private data from scard_init()
+ * pin: PIN code as an ASCII string (e.g., "1234")
+ * Returns: 0 on success, -1 on failure
+ */
+int scard_set_pin(struct scard_data *scard, const char *pin)
+{
+ if (scard == NULL)
+ return -1;
+
+ /* Verify whether CHV1 (PIN1) is needed to access the card. */
+ if (scard->pin1_required) {
+ if (pin == NULL) {
+ wpa_printf(MSG_DEBUG, "No PIN configured for SIM "
+ "access");
+ return -1;
+ }
+ if (scard_verify_pin(scard, pin)) {
+ wpa_printf(MSG_INFO, "PIN verification failed for "
+ "SIM access");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * scard_deinit - Deinitialize SIM/USIM connection
+ * @scard: Pointer to private data from scard_init()
+ *
+ * This function closes the SIM/USIM connect opened with scard_init().
+ */
+void scard_deinit(struct scard_data *scard)
+{
+ long ret;
+
+ if (scard == NULL)
+ return;
+
+ wpa_printf(MSG_DEBUG, "SCARD: deinitializing smart card interface");
+ if (scard->card) {
+ ret = SCardDisconnect(scard->card, SCARD_UNPOWER_CARD);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: Failed to disconnect "
+ "smart card (err=%ld)", ret);
+ }
+ }
+
+ if (scard->ctx) {
+ ret = SCardReleaseContext(scard->ctx);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "Failed to release smart card "
+ "context (err=%ld)", ret);
+ }
+ }
+ os_free(scard);
+ mingw_unload_symbols();
+}
+
+
+static long scard_transmit(struct scard_data *scard,
+ unsigned char *_send, size_t send_len,
+ unsigned char *_recv, size_t *recv_len)
+{
+ long ret;
+ unsigned long rlen;
+
+ wpa_hexdump_key(MSG_DEBUG, "SCARD: scard_transmit: send",
+ _send, send_len);
+ rlen = *recv_len;
+ ret = SCardTransmit(scard->card,
+ scard->protocol == SCARD_PROTOCOL_T1 ?
+ SCARD_PCI_T1 : SCARD_PCI_T0,
+ _send, (unsigned long) send_len,
+ NULL, _recv, &rlen);
+ *recv_len = rlen;
+ if (ret == SCARD_S_SUCCESS) {
+ wpa_hexdump(MSG_DEBUG, "SCARD: scard_transmit: recv",
+ _recv, rlen);
+ } else {
+ wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
+ "(err=0x%lx)", ret);
+ }
+ return ret;
+}
+
+
+static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
+ unsigned char *buf, size_t *buf_len,
+ sim_types sim_type, unsigned char *aid,
+ size_t aidlen)
+{
+ long ret;
+ unsigned char resp[3];
+ unsigned char cmd[50] = { SIM_CMD_SELECT };
+ int cmdlen;
+ unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
+ size_t len, rlen;
+
+ if (sim_type == SCARD_USIM) {
+ cmd[0] = USIM_CLA;
+ cmd[3] = 0x04;
+ get_resp[0] = USIM_CLA;
+ }
+
+ wpa_printf(MSG_DEBUG, "SCARD: select file %04x", file_id);
+ if (aid) {
+ wpa_hexdump(MSG_DEBUG, "SCARD: select file by AID",
+ aid, aidlen);
+ if (5 + aidlen > sizeof(cmd))
+ return -1;
+ cmd[2] = 0x04; /* Select by AID */
+ cmd[4] = aidlen; /* len */
+ os_memcpy(cmd + 5, aid, aidlen);
+ cmdlen = 5 + aidlen;
+ } else {
+ cmd[5] = file_id >> 8;
+ cmd[6] = file_id & 0xff;
+ cmdlen = 7;
+ }
+ len = sizeof(resp);
+ ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
+ "(err=0x%lx)", ret);
+ return -1;
+ }
+
+ if (len != 2) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected resp len "
+ "%d (expected 2)", (int) len);
+ return -1;
+ }
+
+ if (resp[0] == 0x98 && resp[1] == 0x04) {
+ /* Security status not satisfied (PIN_WLAN) */
+ wpa_printf(MSG_WARNING, "SCARD: Security status not satisfied "
+ "(PIN_WLAN)");
+ return -1;
+ }
+
+ if (resp[0] == 0x6e) {
+ wpa_printf(MSG_DEBUG, "SCARD: used CLA not supported");
+ return -1;
+ }
+
+ if (resp[0] != 0x6c && resp[0] != 0x9f && resp[0] != 0x61) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected response 0x%02x "
+ "(expected 0x61, 0x6c, or 0x9f)", resp[0]);
+ return -1;
+ }
+ /* Normal ending of command; resp[1] bytes available */
+ get_resp[4] = resp[1];
+ wpa_printf(MSG_DEBUG, "SCARD: trying to get response (%d bytes)",
+ resp[1]);
+
+ rlen = *buf_len;
+ ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &rlen);
+ if (ret == SCARD_S_SUCCESS) {
+ *buf_len = resp[1] < rlen ? resp[1] : rlen;
+ return 0;
+ }
+
+ wpa_printf(MSG_WARNING, "SCARD: SCardTransmit err=0x%lx\n", ret);
+ return -1;
+}
+
+
+static int scard_select_file(struct scard_data *scard, unsigned short file_id,
+ unsigned char *buf, size_t *buf_len)
+{
+ return _scard_select_file(scard, file_id, buf, buf_len,
+ scard->sim_type, NULL, 0);
+}
+
+
+static int scard_get_record_len(struct scard_data *scard, unsigned char recnum,
+ unsigned char mode)
+{
+ unsigned char buf[255];
+ unsigned char cmd[5] = { SIM_CMD_READ_RECORD /* , len */ };
+ size_t blen;
+ long ret;
+
+ if (scard->sim_type == SCARD_USIM)
+ cmd[0] = USIM_CLA;
+ cmd[2] = recnum;
+ cmd[3] = mode;
+ cmd[4] = sizeof(buf);
+
+ blen = sizeof(buf);
+ ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
+ if (ret != SCARD_S_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "SCARD: failed to determine file "
+ "length for record %d", recnum);
+ return -1;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: file length determination response",
+ buf, blen);
+
+ if (blen < 2 || buf[0] != 0x6c) {
+ wpa_printf(MSG_DEBUG, "SCARD: unexpected response to file "
+ "length determination");
+ return -1;
+ }
+
+ return buf[1];
+}
+
+
+static int scard_read_record(struct scard_data *scard,
+ unsigned char *data, size_t len,
+ unsigned char recnum, unsigned char mode)
+{
+ unsigned char cmd[5] = { SIM_CMD_READ_RECORD /* , len */ };
+ size_t blen = len + 3;
+ unsigned char *buf;
+ long ret;
+
+ if (scard->sim_type == SCARD_USIM)
+ cmd[0] = USIM_CLA;
+ cmd[2] = recnum;
+ cmd[3] = mode;
+ cmd[4] = len;
+
+ buf = os_malloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
+ if (ret != SCARD_S_SUCCESS) {
+ os_free(buf);
+ return -2;
+ }
+ if (blen != len + 2) {
+ wpa_printf(MSG_DEBUG, "SCARD: record read returned unexpected "
+ "length %ld (expected %ld)",
+ (long) blen, (long) len + 2);
+ os_free(buf);
+ return -3;
+ }
+
+ if (buf[len] != 0x90 || buf[len + 1] != 0x00) {
+ wpa_printf(MSG_DEBUG, "SCARD: record read returned unexpected "
+ "status %02x %02x (expected 90 00)",
+ buf[len], buf[len + 1]);
+ os_free(buf);
+ return -4;
+ }
+
+ os_memcpy(data, buf, len);
+ os_free(buf);
+
+ return 0;
+}
+
+
+static int scard_read_file(struct scard_data *scard,
+ unsigned char *data, size_t len)
+{
+ unsigned char cmd[5] = { SIM_CMD_READ_BIN /* , len */ };
+ size_t blen = len + 3;
+ unsigned char *buf;
+ long ret;
+
+ cmd[4] = len;
+
+ buf = os_malloc(blen);
+ if (buf == NULL)
+ return -1;
+
+ if (scard->sim_type == SCARD_USIM)
+ cmd[0] = USIM_CLA;
+ ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
+ if (ret != SCARD_S_SUCCESS) {
+ os_free(buf);
+ return -2;
+ }
+ if (blen != len + 2) {
+ wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
+ "length %ld (expected %ld)",
+ (long) blen, (long) len + 2);
+ os_free(buf);
+ return -3;
+ }
+
+ if (buf[len] != 0x90 || buf[len + 1] != 0x00) {
+ wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
+ "status %02x %02x (expected 90 00)",
+ buf[len], buf[len + 1]);
+ os_free(buf);
+ return -4;
+ }
+
+ os_memcpy(data, buf, len);
+ os_free(buf);
+
+ return 0;
+}
+
+
+static int scard_verify_pin(struct scard_data *scard, const char *pin)
+{
+ long ret;
+ unsigned char resp[3];
+ unsigned char cmd[5 + 8] = { SIM_CMD_VERIFY_CHV1 };
+ size_t len;
+
+ wpa_printf(MSG_DEBUG, "SCARD: verifying PIN");
+
+ if (pin == NULL || os_strlen(pin) > 8)
+ return -1;
+
+ if (scard->sim_type == SCARD_USIM)
+ cmd[0] = USIM_CLA;
+ os_memcpy(cmd + 5, pin, os_strlen(pin));
+ os_memset(cmd + 5 + os_strlen(pin), 0xff, 8 - os_strlen(pin));
+
+ len = sizeof(resp);
+ ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
+ if (ret != SCARD_S_SUCCESS)
+ return -2;
+
+ if (len != 2 || resp[0] != 0x90 || resp[1] != 0x00) {
+ wpa_printf(MSG_WARNING, "SCARD: PIN verification failed");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "SCARD: PIN verified successfully");
+ return 0;
+}
+
+
+/**
+ * scard_get_imsi - Read IMSI from SIM/USIM card
+ * @scard: Pointer to private data from scard_init()
+ * @imsi: Buffer for IMSI
+ * @len: Length of imsi buffer; set to IMSI length on success
+ * Returns: 0 on success, -1 if IMSI file cannot be selected, -2 if IMSI file
+ * selection returns invalid result code, -3 if parsing FSP template file fails
+ * (USIM only), -4 if IMSI does not fit in the provided imsi buffer (len is set
+ * to needed length), -5 if reading IMSI file fails.
+ *
+ * This function can be used to read IMSI from the SIM/USIM card. If the IMSI
+ * file is PIN protected, scard_set_pin() must have been used to set the
+ * correct PIN code before calling scard_get_imsi().
+ */
+int scard_get_imsi(struct scard_data *scard, char *imsi, size_t *len)
+{
+ unsigned char buf[100];
+ size_t blen, imsilen, i;
+ char *pos;
+
+ wpa_printf(MSG_DEBUG, "SCARD: reading IMSI from (GSM) EF-IMSI");
+ blen = sizeof(buf);
+ if (scard_select_file(scard, SCARD_FILE_GSM_EF_IMSI, buf, &blen))
+ return -1;
+ if (blen < 4) {
+ wpa_printf(MSG_WARNING, "SCARD: too short (GSM) EF-IMSI "
+ "header (len=%ld)", (long) blen);
+ return -2;
+ }
+
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ blen = (buf[2] << 8) | buf[3];
+ } else {
+ int file_size;
+ if (scard_parse_fsp_templ(buf, blen, NULL, &file_size))
+ return -3;
+ blen = file_size;
+ }
+ if (blen < 2 || blen > sizeof(buf)) {
+ wpa_printf(MSG_DEBUG, "SCARD: invalid IMSI file length=%ld",
+ (long) blen);
+ return -3;
+ }
+
+ imsilen = (blen - 2) * 2 + 1;
+ wpa_printf(MSG_DEBUG, "SCARD: IMSI file length=%ld imsilen=%ld",
+ (long) blen, (long) imsilen);
+ if (blen < 2 || imsilen > *len) {
+ *len = imsilen;
+ return -4;
+ }
+
+ if (scard_read_file(scard, buf, blen))
+ return -5;
+
+ pos = imsi;
+ *pos++ = '0' + (buf[1] >> 4 & 0x0f);
+ for (i = 2; i < blen; i++) {
+ unsigned char digit;
+
+ digit = buf[i] & 0x0f;
+ if (digit < 10)
+ *pos++ = '0' + digit;
+ else
+ imsilen--;
+
+ digit = buf[i] >> 4 & 0x0f;
+ if (digit < 10)
+ *pos++ = '0' + digit;
+ else
+ imsilen--;
+ }
+ *len = imsilen;
+
+ return 0;
+}
+
+
+/**
+ * scard_gsm_auth - Run GSM authentication command on SIM card
+ * @scard: Pointer to private data from scard_init()
+ * @_rand: 16-byte RAND value from HLR/AuC
+ * @sres: 4-byte buffer for SRES
+ * @kc: 8-byte buffer for Kc
+ * Returns: 0 on success, -1 if SIM/USIM connection has not been initialized,
+ * -2 if authentication command execution fails, -3 if unknown response code
+ * for authentication command is received, -4 if reading of response fails,
+ * -5 if if response data is of unexpected length
+ *
+ * This function performs GSM authentication using SIM/USIM card and the
+ * provided RAND value from HLR/AuC. If authentication command can be completed
+ * successfully, SRES and Kc values will be written into sres and kc buffers.
+ */
+int scard_gsm_auth(struct scard_data *scard, const unsigned char *_rand,
+ unsigned char *sres, unsigned char *kc)
+{
+ unsigned char cmd[5 + 1 + 16] = { SIM_CMD_RUN_GSM_ALG };
+ int cmdlen;
+ unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
+ unsigned char resp[3], buf[12 + 3 + 2];
+ size_t len;
+ long ret;
+
+ if (scard == NULL)
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - RAND", _rand, 16);
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ cmdlen = 5 + 16;
+ os_memcpy(cmd + 5, _rand, 16);
+ } else {
+ cmdlen = 5 + 1 + 16;
+ cmd[0] = USIM_CLA;
+ cmd[3] = 0x80;
+ cmd[4] = 17;
+ cmd[5] = 16;
+ os_memcpy(cmd + 6, _rand, 16);
+ }
+ len = sizeof(resp);
+ ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
+ if (ret != SCARD_S_SUCCESS)
+ return -2;
+
+ if ((scard->sim_type == SCARD_GSM_SIM &&
+ (len != 2 || resp[0] != 0x9f || resp[1] != 0x0c)) ||
+ (scard->sim_type == SCARD_USIM &&
+ (len != 2 || resp[0] != 0x61 || resp[1] != 0x0e))) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected response for GSM "
+ "auth request (len=%ld resp=%02x %02x)",
+ (long) len, resp[0], resp[1]);
+ return -3;
+ }
+ get_resp[4] = resp[1];
+
+ len = sizeof(buf);
+ ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
+ if (ret != SCARD_S_SUCCESS)
+ return -4;
+
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ if (len != 4 + 8 + 2) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected data "
+ "length for GSM auth (len=%ld, expected 14)",
+ (long) len);
+ return -5;
+ }
+ os_memcpy(sres, buf, 4);
+ os_memcpy(kc, buf + 4, 8);
+ } else {
+ if (len != 1 + 4 + 1 + 8 + 2) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected data "
+ "length for USIM auth (len=%ld, "
+ "expected 16)", (long) len);
+ return -5;
+ }
+ if (buf[0] != 4 || buf[5] != 8) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected SREC/Kc "
+ "length (%d %d, expected 4 8)",
+ buf[0], buf[5]);
+ }
+ os_memcpy(sres, buf + 1, 4);
+ os_memcpy(kc, buf + 6, 8);
+ }
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - SRES", sres, 4);
+ wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - Kc", kc, 8);
+
+ return 0;
+}
+
+
+/**
+ * scard_umts_auth - Run UMTS authentication command on USIM card
+ * @scard: Pointer to private data from scard_init()
+ * @_rand: 16-byte RAND value from HLR/AuC
+ * @autn: 16-byte AUTN value from HLR/AuC
+ * @res: 16-byte buffer for RES
+ * @res_len: Variable that will be set to RES length
+ * @ik: 16-byte buffer for IK
+ * @ck: 16-byte buffer for CK
+ * @auts: 14-byte buffer for AUTS
+ * Returns: 0 on success, -1 on failure, or -2 if USIM reports synchronization
+ * failure
+ *
+ * This function performs AKA authentication using USIM card and the provided
+ * RAND and AUTN values from HLR/AuC. If authentication command can be
+ * completed successfully, RES, IK, and CK values will be written into provided
+ * buffers and res_len is set to length of received RES value. If USIM reports
+ * synchronization failure, the received AUTS value will be written into auts
+ * buffer. In this case, RES, IK, and CK are not valid.
+ */
+int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
+ const unsigned char *autn,
+ unsigned char *res, size_t *res_len,
+ unsigned char *ik, unsigned char *ck, unsigned char *auts)
+{
+ unsigned char cmd[5 + 1 + AKA_RAND_LEN + 1 + AKA_AUTN_LEN] =
+ { USIM_CMD_RUN_UMTS_ALG };
+ unsigned char get_resp[5] = { USIM_CMD_GET_RESPONSE };
+ unsigned char resp[3], buf[64], *pos, *end;
+ size_t len;
+ long ret;
+
+ if (scard == NULL)
+ return -1;
+
+ if (scard->sim_type == SCARD_GSM_SIM) {
+ wpa_printf(MSG_ERROR, "SCARD: Non-USIM card - cannot do UMTS "
+ "auth");
+ return -1;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - RAND", _rand, AKA_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - AUTN", autn, AKA_AUTN_LEN);
+ cmd[5] = AKA_RAND_LEN;
+ os_memcpy(cmd + 6, _rand, AKA_RAND_LEN);
+ cmd[6 + AKA_RAND_LEN] = AKA_AUTN_LEN;
+ os_memcpy(cmd + 6 + AKA_RAND_LEN + 1, autn, AKA_AUTN_LEN);
+
+ len = sizeof(resp);
+ ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
+ if (ret != SCARD_S_SUCCESS)
+ return -1;
+
+ if (len <= sizeof(resp))
+ wpa_hexdump(MSG_DEBUG, "SCARD: UMTS alg response", resp, len);
+
+ if (len == 2 && resp[0] == 0x98 && resp[1] == 0x62) {
+ wpa_printf(MSG_WARNING, "SCARD: UMTS auth failed - "
+ "MAC != XMAC");
+ return -1;
+ } else if (len != 2 || resp[0] != 0x61) {
+ wpa_printf(MSG_WARNING, "SCARD: unexpected response for UMTS "
+ "auth request (len=%ld resp=%02x %02x)",
+ (long) len, resp[0], resp[1]);
+ return -1;
+ }
+ get_resp[4] = resp[1];
+
+ len = sizeof(buf);
+ ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
+ if (ret != SCARD_S_SUCCESS || len > sizeof(buf))
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "SCARD: UMTS get response result", buf, len);
+ if (len >= 2 + AKA_AUTS_LEN && buf[0] == 0xdc &&
+ buf[1] == AKA_AUTS_LEN) {
+ wpa_printf(MSG_DEBUG, "SCARD: UMTS Synchronization-Failure");
+ os_memcpy(auts, buf + 2, AKA_AUTS_LEN);
+ wpa_hexdump(MSG_DEBUG, "SCARD: AUTS", auts, AKA_AUTS_LEN);
+ return -2;
+ } else if (len >= 6 + IK_LEN + CK_LEN && buf[0] == 0xdb) {
+ pos = buf + 1;
+ end = buf + len;
+
+ /* RES */
+ if (pos[0] > RES_MAX_LEN || pos + pos[0] > end) {
+ wpa_printf(MSG_DEBUG, "SCARD: Invalid RES");
+ return -1;
+ }
+ *res_len = *pos++;
+ os_memcpy(res, pos, *res_len);
+ pos += *res_len;
+ wpa_hexdump(MSG_DEBUG, "SCARD: RES", res, *res_len);
+
+ /* CK */
+ if (pos[0] != CK_LEN || pos + CK_LEN > end) {
+ wpa_printf(MSG_DEBUG, "SCARD: Invalid CK");
+ return -1;
+ }
+ pos++;
+ os_memcpy(ck, pos, CK_LEN);
+ pos += CK_LEN;
+ wpa_hexdump(MSG_DEBUG, "SCARD: CK", ck, CK_LEN);
+
+ /* IK */
+ if (pos[0] != IK_LEN || pos + IK_LEN > end) {
+ wpa_printf(MSG_DEBUG, "SCARD: Invalid IK");
+ return -1;
+ }
+ pos++;
+ os_memcpy(ik, pos, IK_LEN);
+ pos += IK_LEN;
+ wpa_hexdump(MSG_DEBUG, "SCARD: IK", ik, IK_LEN);
+
+ return 0;
+ }
+
+ wpa_printf(MSG_DEBUG, "SCARD: Unrecognized response");
+ return -1;
+}
--- /dev/null
+/*
+ * WPA Supplicant / PC/SC smartcard interface for USIM, GSM SIM
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PCSC_FUNCS_H
+#define PCSC_FUNCS_H
+
+/* GSM files
+ * File type in first octet:
+ * 3F = Master File
+ * 7F = Dedicated File
+ * 2F = Elementary File under the Master File
+ * 6F = Elementary File under a Dedicated File
+ */
+#define SCARD_FILE_MF 0x3F00
+#define SCARD_FILE_GSM_DF 0x7F20
+#define SCARD_FILE_UMTS_DF 0x7F50
+#define SCARD_FILE_GSM_EF_IMSI 0x6F07
+#define SCARD_FILE_EF_DIR 0x2F00
+#define SCARD_FILE_EF_ICCID 0x2FE2
+#define SCARD_FILE_EF_CK 0x6FE1
+#define SCARD_FILE_EF_IK 0x6FE2
+
+#define SCARD_CHV1_OFFSET 13
+#define SCARD_CHV1_FLAG 0x80
+
+typedef enum {
+ SCARD_GSM_SIM_ONLY,
+ SCARD_USIM_ONLY,
+ SCARD_TRY_BOTH
+} scard_sim_type;
+
+
+#ifdef PCSC_FUNCS
+struct scard_data * scard_init(scard_sim_type sim_type);
+void scard_deinit(struct scard_data *scard);
+
+int scard_set_pin(struct scard_data *scard, const char *pin);
+int scard_get_imsi(struct scard_data *scard, char *imsi, size_t *len);
+int scard_gsm_auth(struct scard_data *scard, const unsigned char *_rand,
+ unsigned char *sres, unsigned char *kc);
+int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
+ const unsigned char *autn,
+ unsigned char *res, size_t *res_len,
+ unsigned char *ik, unsigned char *ck, unsigned char *auts);
+
+#else /* PCSC_FUNCS */
+
+#define scard_init(s) NULL
+#define scard_deinit(s) do { } while (0)
+#define scard_set_pin(s, p) -1
+#define scard_get_imsi(s, i, l) -1
+#define scard_gsm_auth(s, r, s2, k) -1
+#define scard_umts_auth(s, r, a, r2, rl, i, c, a2) -1
+
+#endif /* PCSC_FUNCS */
+
+#endif /* PCSC_FUNCS_H */
--- /dev/null
+/*
+ * WPA Supplicant - RSN PMKSA cache
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa.h"
+#include "eloop.h"
+#include "config_ssid.h"
+#include "sha1.h"
+#include "wpa_i.h"
+#include "l2_packet.h"
+#include "eapol_sm.h"
+#include "pmksa_cache.h"
+
+#if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
+
+static const int pmksa_cache_max_entries = 32;
+
+struct rsn_pmksa_cache {
+ struct rsn_pmksa_cache_entry *pmksa; /* PMKSA cache */
+ int pmksa_count; /* number of entries in PMKSA cache */
+ struct wpa_sm *sm; /* TODO: get rid of this reference(?) */
+
+ void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx,
+ int replace);
+ void *ctx;
+};
+
+
+/**
+ * rsn_pmkid - Calculate PMK identifier
+ * @pmk: Pairwise master key
+ * @pmk_len: Length of pmk in bytes
+ * @aa: Authenticator address
+ * @spa: Supplicant address
+ *
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
+ */
+static void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa,
+ const u8 *spa, u8 *pmkid)
+{
+ char *title = "PMK Name";
+ const u8 *addr[3];
+ const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
+ unsigned char hash[SHA1_MAC_LEN];
+
+ addr[0] = (u8 *) title;
+ addr[1] = aa;
+ addr[2] = spa;
+
+ hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
+ os_memcpy(pmkid, hash, PMKID_LEN);
+}
+
+
+static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
+
+
+static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
+{
+ os_free(entry);
+}
+
+
+static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
+ struct rsn_pmksa_cache_entry *entry,
+ int replace)
+{
+ pmksa->pmksa_count--;
+ pmksa->free_cb(entry, pmksa->ctx, replace);
+ _pmksa_cache_free_entry(entry);
+}
+
+
+static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
+{
+ struct rsn_pmksa_cache *pmksa = eloop_ctx;
+ struct os_time now;
+
+ os_get_time(&now);
+ while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
+ struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
+ pmksa->pmksa = entry->next;
+ wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
+ MACSTR, MAC2STR(entry->aa));
+ pmksa_cache_free_entry(pmksa, entry, 0);
+ }
+
+ pmksa_cache_set_expiration(pmksa);
+}
+
+
+static void pmksa_cache_reauth(void *eloop_ctx, void *timeout_ctx)
+{
+ struct rsn_pmksa_cache *pmksa = eloop_ctx;
+ pmksa->sm->cur_pmksa = NULL;
+ eapol_sm_request_reauth(pmksa->sm->eapol);
+}
+
+
+static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
+{
+ int sec;
+ struct rsn_pmksa_cache_entry *entry;
+ struct os_time now;
+
+ eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
+ eloop_cancel_timeout(pmksa_cache_reauth, pmksa, NULL);
+ if (pmksa->pmksa == NULL)
+ return;
+ os_get_time(&now);
+ sec = pmksa->pmksa->expiration - now.sec;
+ if (sec < 0)
+ sec = 0;
+ eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
+
+ entry = pmksa->sm->cur_pmksa ? pmksa->sm->cur_pmksa :
+ pmksa_cache_get(pmksa, pmksa->sm->bssid, NULL);
+ if (entry) {
+ sec = pmksa->pmksa->reauth_time - now.sec;
+ if (sec < 0)
+ sec = 0;
+ eloop_register_timeout(sec, 0, pmksa_cache_reauth, pmksa,
+ NULL);
+ }
+}
+
+
+/**
+ * pmksa_cache_add - Add a PMKSA cache entry
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @pmk: The new pairwise master key
+ * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
+ * @aa: Authenticator address
+ * @spa: Supplicant address
+ * @ssid: The network configuration for which this PMK is being added
+ * Returns: Pointer to the added PMKSA cache entry or %NULL on error
+ *
+ * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
+ * cache. If an old entry is already in the cache for the same Authenticator,
+ * this entry will be replaced with the new entry. PMKID will be calculated
+ * based on the PMK and the driver interface is notified of the new PMKID.
+ */
+struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, struct wpa_ssid *ssid)
+{
+ struct rsn_pmksa_cache_entry *entry, *pos, *prev;
+ struct os_time now;
+
+ if (pmksa->sm->proto != WPA_PROTO_RSN || pmk_len > PMK_LEN)
+ return NULL;
+
+ entry = os_zalloc(sizeof(*entry));
+ if (entry == NULL)
+ return NULL;
+ os_memcpy(entry->pmk, pmk, pmk_len);
+ entry->pmk_len = pmk_len;
+ rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid);
+ os_get_time(&now);
+ entry->expiration = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime;
+ entry->reauth_time = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime *
+ pmksa->sm->dot11RSNAConfigPMKReauthThreshold / 100;
+ entry->akmp = WPA_KEY_MGMT_IEEE8021X;
+ os_memcpy(entry->aa, aa, ETH_ALEN);
+ entry->ssid = ssid;
+
+ /* Replace an old entry for the same Authenticator (if found) with the
+ * new entry */
+ pos = pmksa->pmksa;
+ prev = NULL;
+ while (pos) {
+ if (os_memcmp(aa, pos->aa, ETH_ALEN) == 0) {
+ if (pos->pmk_len == pmk_len &&
+ os_memcmp(pos->pmk, pmk, pmk_len) == 0 &&
+ os_memcmp(pos->pmkid, entry->pmkid, PMKID_LEN) ==
+ 0) {
+ wpa_printf(MSG_DEBUG, "WPA: reusing previous "
+ "PMKSA entry");
+ os_free(entry);
+ return pos;
+ }
+ if (prev == NULL)
+ pmksa->pmksa = pos->next;
+ else
+ prev->next = pos->next;
+ if (pos == pmksa->sm->cur_pmksa) {
+ /* We are about to replace the current PMKSA
+ * cache entry. This happens when the PMKSA
+ * caching attempt fails, so we don't want to
+ * force pmksa_cache_free_entry() to disconnect
+ * at this point. Let's just make sure the old
+ * PMKSA cache entry will not be used in the
+ * future.
+ */
+ wpa_printf(MSG_DEBUG, "RSN: replacing current "
+ "PMKSA entry");
+ pmksa->sm->cur_pmksa = NULL;
+ }
+ wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
+ "the current AP");
+ pmksa_cache_free_entry(pmksa, pos, 1);
+ break;
+ }
+ prev = pos;
+ pos = pos->next;
+ }
+
+ if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
+ /* Remove the oldest entry to make room for the new entry */
+ pos = pmksa->pmksa;
+ pmksa->pmksa = pos->next;
+ wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
+ "entry (for " MACSTR ") to make room for new one",
+ MAC2STR(pos->aa));
+ wpa_sm_remove_pmkid(pmksa->sm, pos->aa, pos->pmkid);
+ pmksa_cache_free_entry(pmksa, pos, 0);
+ }
+
+ /* Add the new entry; order by expiration time */
+ pos = pmksa->pmksa;
+ prev = NULL;
+ while (pos) {
+ if (pos->expiration > entry->expiration)
+ break;
+ prev = pos;
+ pos = pos->next;
+ }
+ if (prev == NULL) {
+ entry->next = pmksa->pmksa;
+ pmksa->pmksa = entry;
+ pmksa_cache_set_expiration(pmksa);
+ } else {
+ entry->next = prev->next;
+ prev->next = entry;
+ }
+ pmksa->pmksa_count++;
+ wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
+ MAC2STR(entry->aa));
+ wpa_sm_add_pmkid(pmksa->sm, entry->aa, entry->pmkid);
+
+ return entry;
+}
+
+
+/**
+ * pmksa_cache_deinit - Free all entries in PMKSA cache
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ */
+void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
+{
+ struct rsn_pmksa_cache_entry *entry, *prev;
+
+ if (pmksa == NULL)
+ return;
+
+ entry = pmksa->pmksa;
+ pmksa->pmksa = NULL;
+ while (entry) {
+ prev = entry;
+ entry = entry->next;
+ os_free(prev);
+ }
+ pmksa_cache_set_expiration(pmksa);
+ os_free(pmksa);
+}
+
+
+/**
+ * pmksa_cache_get - Fetch a PMKSA cache entry
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @aa: Authenticator address or %NULL to match any
+ * @pmkid: PMKID or %NULL to match any
+ * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
+ */
+struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
+ const u8 *aa, const u8 *pmkid)
+{
+ struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
+ while (entry) {
+ if ((aa == NULL || os_memcmp(entry->aa, aa, ETH_ALEN) == 0) &&
+ (pmkid == NULL ||
+ os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
+ return entry;
+ entry = entry->next;
+ }
+ return NULL;
+}
+
+
+/**
+ * pmksa_cache_notify_reconfig - Reconfiguration notification for PMKSA cache
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ *
+ * Clear references to old data structures when wpa_supplicant is reconfigured.
+ */
+void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa)
+{
+ struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
+ while (entry) {
+ entry->ssid = NULL;
+ entry = entry->next;
+ }
+}
+
+
+static struct rsn_pmksa_cache_entry *
+pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
+ const struct rsn_pmksa_cache_entry *old_entry,
+ const u8 *aa)
+{
+ struct rsn_pmksa_cache_entry *new_entry;
+
+ new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
+ aa, pmksa->sm->own_addr, old_entry->ssid);
+ if (new_entry == NULL)
+ return NULL;
+
+ /* TODO: reorder entries based on expiration time? */
+ new_entry->expiration = old_entry->expiration;
+ new_entry->opportunistic = 1;
+
+ return new_entry;
+}
+
+
+/**
+ * pmksa_cache_get_opportunistic - Try to get an opportunistic PMKSA entry
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @ssid: Pointer to the current network configuration
+ * @aa: Authenticator address for the new AP
+ * Returns: Pointer to a new PMKSA cache entry or %NULL if not available
+ *
+ * Try to create a new PMKSA cache entry opportunistically by guessing that the
+ * new AP is sharing the same PMK as another AP that has the same SSID and has
+ * already an entry in PMKSA cache.
+ */
+struct rsn_pmksa_cache_entry *
+pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
+ struct wpa_ssid *ssid, const u8 *aa)
+{
+ struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
+
+ if (ssid == NULL)
+ return NULL;
+ while (entry) {
+ if (entry->ssid == ssid) {
+ entry = pmksa_cache_clone_entry(pmksa, entry, aa);
+ if (entry) {
+ wpa_printf(MSG_DEBUG, "RSN: added "
+ "opportunistic PMKSA cache entry "
+ "for " MACSTR, MAC2STR(aa));
+ }
+ return entry;
+ }
+ entry = entry->next;
+ }
+ return NULL;
+}
+
+
+/**
+ * pmksa_cache_get_current - Get the current used PMKSA entry
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * Returns: Pointer to the current PMKSA cache entry or %NULL if not available
+ */
+struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm)
+{
+ if (sm == NULL)
+ return NULL;
+ return sm->cur_pmksa;
+}
+
+
+/**
+ * pmksa_cache_clear_current - Clear the current PMKSA entry selection
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ */
+void pmksa_cache_clear_current(struct wpa_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ sm->cur_pmksa = NULL;
+}
+
+
+/**
+ * pmksa_cache_set_current - Set the current PMKSA entry selection
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @pmkid: PMKID for selecting PMKSA or %NULL if not used
+ * @bssid: BSSID for PMKSA or %NULL if not used
+ * @ssid: The network configuration for the current network
+ * @try_opportunistic: Whether to allow opportunistic PMKSA caching
+ * Returns: 0 if PMKSA was found or -1 if no matching entry was found
+ */
+int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
+ const u8 *bssid, struct wpa_ssid *ssid,
+ int try_opportunistic)
+{
+ struct rsn_pmksa_cache *pmksa = sm->pmksa;
+ sm->cur_pmksa = NULL;
+ if (pmkid)
+ sm->cur_pmksa = pmksa_cache_get(pmksa, NULL, pmkid);
+ if (sm->cur_pmksa == NULL && bssid)
+ sm->cur_pmksa = pmksa_cache_get(pmksa, bssid, NULL);
+ if (sm->cur_pmksa == NULL && try_opportunistic && bssid)
+ sm->cur_pmksa = pmksa_cache_get_opportunistic(pmksa, ssid,
+ bssid);
+ if (sm->cur_pmksa) {
+ wpa_hexdump(MSG_DEBUG, "RSN: PMKID",
+ sm->cur_pmksa->pmkid, PMKID_LEN);
+ return 0;
+ }
+ return -1;
+}
+
+
+/**
+ * pmksa_cache_list - Dump text list of entries in PMKSA cache
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @buf: Buffer for the list
+ * @len: Length of the buffer
+ * Returns: number of bytes written to buffer
+ *
+ * This function is used to generate a text format representation of the
+ * current PMKSA cache contents for the ctrl_iface PMKSA command.
+ */
+int pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
+{
+ int i, ret;
+ char *pos = buf;
+ struct rsn_pmksa_cache_entry *entry;
+ struct os_time now;
+
+ os_get_time(&now);
+ ret = os_snprintf(pos, buf + len - pos,
+ "Index / AA / PMKID / expiration (in seconds) / "
+ "opportunistic\n");
+ if (ret < 0 || ret >= buf + len - pos)
+ return pos - buf;
+ pos += ret;
+ i = 0;
+ entry = sm->pmksa->pmksa;
+ while (entry) {
+ i++;
+ ret = os_snprintf(pos, buf + len - pos, "%d " MACSTR " ",
+ i, MAC2STR(entry->aa));
+ if (ret < 0 || ret >= buf + len - pos)
+ return pos - buf;
+ pos += ret;
+ pos += wpa_snprintf_hex(pos, buf + len - pos, entry->pmkid,
+ PMKID_LEN);
+ ret = os_snprintf(pos, buf + len - pos, " %d %d\n",
+ (int) (entry->expiration - now.sec),
+ entry->opportunistic);
+ if (ret < 0 || ret >= buf + len - pos)
+ return pos - buf;
+ pos += ret;
+ entry = entry->next;
+ }
+ return pos - buf;
+}
+
+
+/**
+ * pmksa_cache_init - Initialize PMKSA cache
+ * @free_cb: Callback function to be called when a PMKSA cache entry is freed
+ * @ctx: Context pointer for free_cb function
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * Returns: Pointer to PMKSA cache data or %NULL on failure
+ */
+struct rsn_pmksa_cache *
+pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+ void *ctx, int replace),
+ void *ctx, struct wpa_sm *sm)
+{
+ struct rsn_pmksa_cache *pmksa;
+
+ pmksa = os_zalloc(sizeof(*pmksa));
+ if (pmksa) {
+ pmksa->free_cb = free_cb;
+ pmksa->ctx = ctx;
+ pmksa->sm = sm;
+ }
+
+ return pmksa;
+}
+
+#endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
--- /dev/null
+/*
+ * wpa_supplicant - WPA2/RSN PMKSA cache functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PMKSA_CACHE_H
+#define PMKSA_CACHE_H
+
+/**
+ * struct rsn_pmksa_cache_entry - PMKSA cache entry
+ */
+struct rsn_pmksa_cache_entry {
+ struct rsn_pmksa_cache_entry *next;
+ u8 pmkid[PMKID_LEN];
+ u8 pmk[PMK_LEN];
+ size_t pmk_len;
+ os_time_t expiration;
+ int akmp; /* WPA_KEY_MGMT_* */
+ u8 aa[ETH_ALEN];
+
+ os_time_t reauth_time;
+ struct wpa_ssid *ssid;
+ int opportunistic;
+};
+
+struct rsn_pmksa_cache;
+
+#if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
+
+struct rsn_pmksa_cache *
+pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+ void *ctx, int replace),
+ void *ctx, struct wpa_sm *sm);
+void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
+struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
+ const u8 *aa, const u8 *pmkid);
+int pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len);
+struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, struct wpa_ssid *ssid);
+void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa);
+struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
+void pmksa_cache_clear_current(struct wpa_sm *sm);
+int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
+ const u8 *bssid, struct wpa_ssid *ssid,
+ int try_opportunistic);
+struct rsn_pmksa_cache_entry *
+pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
+ struct wpa_ssid *ssid, const u8 *aa);
+
+#else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
+
+static inline struct rsn_pmksa_cache *
+pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+ void *ctx, int replace),
+ void *ctx, struct wpa_sm *sm)
+{
+ return (void *) -1;
+}
+
+static inline void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
+{
+}
+
+static inline struct rsn_pmksa_cache_entry *
+pmksa_cache_get(struct rsn_pmksa_cache *pmksa, const u8 *aa, const u8 *pmkid)
+{
+ return NULL;
+}
+
+static inline struct rsn_pmksa_cache_entry *
+pmksa_cache_get_current(struct wpa_sm *sm)
+{
+ return NULL;
+}
+
+static inline int pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
+{
+ return -1;
+}
+
+static inline struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, struct wpa_ssid *ssid)
+{
+ return NULL;
+}
+
+static inline void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa)
+{
+}
+
+static inline void pmksa_cache_clear_current(struct wpa_sm *sm)
+{
+}
+
+static inline int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
+ const u8 *bssid,
+ struct wpa_ssid *ssid,
+ int try_opportunistic)
+{
+ return -1;
+}
+
+#endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
+
+#endif /* PMKSA_CACHE_H */
--- /dev/null
+/*
+ * WPA Supplicant - RSN pre-authentication
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa.h"
+#include "driver.h"
+#include "eloop.h"
+#include "config.h"
+#include "l2_packet.h"
+#include "eapol_sm.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "wpa_i.h"
+
+
+#define PMKID_CANDIDATE_PRIO_SCAN 1000
+
+
+struct rsn_pmksa_candidate {
+ struct rsn_pmksa_candidate *next;
+ u8 bssid[ETH_ALEN];
+ int priority;
+};
+
+
+/**
+ * pmksa_candidate_free - Free all entries in PMKSA candidate list
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ */
+void pmksa_candidate_free(struct wpa_sm *sm)
+{
+ struct rsn_pmksa_candidate *entry, *prev;
+
+ if (sm == NULL)
+ return;
+
+ entry = sm->pmksa_candidates;
+ sm->pmksa_candidates = NULL;
+ while (entry) {
+ prev = entry;
+ entry = entry->next;
+ os_free(prev);
+ }
+}
+
+
+#if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
+
+static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ struct wpa_sm *sm = ctx;
+
+ wpa_printf(MSG_DEBUG, "RX pre-auth from " MACSTR, MAC2STR(src_addr));
+ wpa_hexdump(MSG_MSGDUMP, "RX pre-auth", buf, len);
+
+ if (sm->preauth_eapol == NULL ||
+ os_memcmp(sm->preauth_bssid, "\x00\x00\x00\x00\x00\x00",
+ ETH_ALEN) == 0 ||
+ os_memcmp(sm->preauth_bssid, src_addr, ETH_ALEN) != 0) {
+ wpa_printf(MSG_WARNING, "RSN pre-auth frame received from "
+ "unexpected source " MACSTR " - dropped",
+ MAC2STR(src_addr));
+ return;
+ }
+
+ eapol_sm_rx_eapol(sm->preauth_eapol, src_addr, buf, len);
+}
+
+
+static void rsn_preauth_eapol_cb(struct eapol_sm *eapol, int success,
+ void *ctx)
+{
+ struct wpa_sm *sm = ctx;
+ u8 pmk[PMK_LEN];
+
+ if (success) {
+ int res, pmk_len;
+ pmk_len = PMK_LEN;
+ res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
+ if (res) {
+ /*
+ * EAP-LEAP is an exception from other EAP methods: it
+ * uses only 16-byte PMK.
+ */
+ res = eapol_sm_get_key(eapol, pmk, 16);
+ pmk_len = 16;
+ }
+ if (res == 0) {
+ wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from pre-auth",
+ pmk, pmk_len);
+ sm->pmk_len = pmk_len;
+ pmksa_cache_add(sm->pmksa, pmk, pmk_len,
+ sm->preauth_bssid, sm->own_addr,
+ sm->cur_ssid);
+ } else {
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "RSN: failed to get "
+ "master session key from pre-auth EAPOL state "
+ "machines");
+ success = 0;
+ }
+ }
+
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "RSN: pre-authentication with " MACSTR
+ " %s", MAC2STR(sm->preauth_bssid),
+ success ? "completed successfully" : "failed");
+
+ rsn_preauth_deinit(sm);
+ rsn_preauth_candidate_process(sm);
+}
+
+
+static void rsn_preauth_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_sm *sm = eloop_ctx;
+
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "RSN: pre-authentication with " MACSTR
+ " timed out", MAC2STR(sm->preauth_bssid));
+ rsn_preauth_deinit(sm);
+ rsn_preauth_candidate_process(sm);
+}
+
+
+static int rsn_preauth_eapol_send(void *ctx, int type, const u8 *buf,
+ size_t len)
+{
+ struct wpa_sm *sm = ctx;
+ u8 *msg;
+ size_t msglen;
+ int res;
+
+ /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
+ * extra copy here */
+
+ if (sm->l2_preauth == NULL)
+ return -1;
+
+ msg = wpa_sm_alloc_eapol(sm, type, buf, len, &msglen, NULL);
+ if (msg == NULL)
+ return -1;
+
+ wpa_hexdump(MSG_MSGDUMP, "TX EAPOL (preauth)", msg, msglen);
+ res = l2_packet_send(sm->l2_preauth, sm->preauth_bssid,
+ ETH_P_RSN_PREAUTH, msg, msglen);
+ os_free(msg);
+ return res;
+}
+
+
+/**
+ * rsn_preauth_init - Start new RSN pre-authentication
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @dst: Authenticator address (BSSID) with which to preauthenticate
+ * @config: Current network configuration
+ * Returns: 0 on success, -1 on another pre-authentication is in progress,
+ * -2 on layer 2 packet initialization failure, -3 on EAPOL state machine
+ * initialization failure, -4 on memory allocation failure
+ *
+ * This function request an RSN pre-authentication with a given destination
+ * address. This is usually called for PMKSA candidates found from scan results
+ * or from driver reports. In addition, ctrl_iface PREAUTH command can trigger
+ * pre-authentication.
+ */
+int rsn_preauth_init(struct wpa_sm *sm, const u8 *dst, struct wpa_ssid *config)
+{
+ struct eapol_config eapol_conf;
+ struct eapol_ctx *ctx;
+
+ if (sm->preauth_eapol)
+ return -1;
+
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: starting pre-authentication "
+ "with " MACSTR, MAC2STR(dst));
+
+ sm->l2_preauth = l2_packet_init(sm->ifname, sm->own_addr,
+ ETH_P_RSN_PREAUTH,
+ rsn_preauth_receive, sm, 0);
+ if (sm->l2_preauth == NULL) {
+ wpa_printf(MSG_WARNING, "RSN: Failed to initialize L2 packet "
+ "processing for pre-authentication");
+ return -2;
+ }
+
+ if (sm->bridge_ifname) {
+ sm->l2_preauth_br = l2_packet_init(sm->bridge_ifname,
+ sm->own_addr,
+ ETH_P_RSN_PREAUTH,
+ rsn_preauth_receive, sm, 0);
+ if (sm->l2_preauth_br == NULL) {
+ wpa_printf(MSG_WARNING, "RSN: Failed to initialize L2 "
+ "packet processing (bridge) for "
+ "pre-authentication");
+ return -2;
+ }
+ }
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL) {
+ wpa_printf(MSG_WARNING, "Failed to allocate EAPOL context.");
+ return -4;
+ }
+ ctx->ctx = sm->ctx->ctx;
+ ctx->msg_ctx = sm->ctx->ctx;
+ ctx->preauth = 1;
+ ctx->cb = rsn_preauth_eapol_cb;
+ ctx->cb_ctx = sm;
+ ctx->scard_ctx = sm->scard_ctx;
+ ctx->eapol_send = rsn_preauth_eapol_send;
+ ctx->eapol_send_ctx = sm;
+ ctx->set_config_blob = sm->ctx->set_config_blob;
+ ctx->get_config_blob = sm->ctx->get_config_blob;
+
+ sm->preauth_eapol = eapol_sm_init(ctx);
+ if (sm->preauth_eapol == NULL) {
+ os_free(ctx);
+ wpa_printf(MSG_WARNING, "RSN: Failed to initialize EAPOL "
+ "state machines for pre-authentication");
+ return -3;
+ }
+ os_memset(&eapol_conf, 0, sizeof(eapol_conf));
+ eapol_conf.accept_802_1x_keys = 0;
+ eapol_conf.required_keys = 0;
+ eapol_conf.fast_reauth = sm->fast_reauth;
+ if (config)
+ eapol_conf.workaround = config->eap_workaround;
+ eapol_sm_notify_config(sm->preauth_eapol, config, &eapol_conf);
+ /*
+ * Use a shorter startPeriod with preauthentication since the first
+ * preauth EAPOL-Start frame may end up being dropped due to race
+ * condition in the AP between the data receive and key configuration
+ * after the 4-Way Handshake.
+ */
+ eapol_sm_configure(sm->preauth_eapol, -1, -1, 5, 6);
+ os_memcpy(sm->preauth_bssid, dst, ETH_ALEN);
+
+ eapol_sm_notify_portValid(sm->preauth_eapol, TRUE);
+ /* 802.1X::portControl = Auto */
+ eapol_sm_notify_portEnabled(sm->preauth_eapol, TRUE);
+
+ eloop_register_timeout(sm->dot11RSNAConfigSATimeout, 0,
+ rsn_preauth_timeout, sm, NULL);
+
+ return 0;
+}
+
+
+/**
+ * rsn_preauth_deinit - Abort RSN pre-authentication
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ *
+ * This function aborts the current RSN pre-authentication (if one is started)
+ * and frees resources allocated for it.
+ */
+void rsn_preauth_deinit(struct wpa_sm *sm)
+{
+ if (sm == NULL || !sm->preauth_eapol)
+ return;
+
+ eloop_cancel_timeout(rsn_preauth_timeout, sm, NULL);
+ eapol_sm_deinit(sm->preauth_eapol);
+ sm->preauth_eapol = NULL;
+ os_memset(sm->preauth_bssid, 0, ETH_ALEN);
+
+ l2_packet_deinit(sm->l2_preauth);
+ sm->l2_preauth = NULL;
+ if (sm->l2_preauth_br) {
+ l2_packet_deinit(sm->l2_preauth_br);
+ sm->l2_preauth_br = NULL;
+ }
+}
+
+
+/**
+ * rsn_preauth_candidate_process - Process PMKSA candidates
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ *
+ * Go through the PMKSA candidates and start pre-authentication if a candidate
+ * without an existing PMKSA cache entry is found. Processed candidates will be
+ * removed from the list.
+ */
+void rsn_preauth_candidate_process(struct wpa_sm *sm)
+{
+ struct rsn_pmksa_candidate *candidate;
+
+ if (sm->pmksa_candidates == NULL)
+ return;
+
+ /* TODO: drop priority for old candidate entries */
+
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: processing PMKSA candidate "
+ "list");
+ if (sm->preauth_eapol ||
+ sm->proto != WPA_PROTO_RSN ||
+ wpa_sm_get_state(sm) != WPA_COMPLETED ||
+ sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X) {
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: not in suitable state "
+ "for new pre-authentication");
+ return; /* invalid state for new pre-auth */
+ }
+
+ while (sm->pmksa_candidates) {
+ struct rsn_pmksa_cache_entry *p = NULL;
+ candidate = sm->pmksa_candidates;
+ p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL);
+ if (os_memcmp(sm->bssid, candidate->bssid, ETH_ALEN) != 0 &&
+ (p == NULL || p->opportunistic)) {
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: PMKSA "
+ "candidate " MACSTR
+ " selected for pre-authentication",
+ MAC2STR(candidate->bssid));
+ sm->pmksa_candidates = candidate->next;
+ rsn_preauth_init(sm, candidate->bssid, sm->cur_ssid);
+ os_free(candidate);
+ return;
+ }
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: PMKSA candidate "
+ MACSTR " does not need pre-authentication anymore",
+ MAC2STR(candidate->bssid));
+ /* Some drivers (e.g., NDIS) expect to get notified about the
+ * PMKIDs again, so report the existing data now. */
+ if (p) {
+ wpa_sm_add_pmkid(sm, candidate->bssid, p->pmkid);
+ }
+
+ sm->pmksa_candidates = candidate->next;
+ os_free(candidate);
+ }
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: no more pending PMKSA "
+ "candidates");
+}
+
+
+/**
+ * pmksa_candidate_add - Add a new PMKSA candidate
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @bssid: BSSID (authenticator address) of the candidate
+ * @prio: Priority (the smaller number, the higher priority)
+ * @preauth: Whether the candidate AP advertises support for pre-authentication
+ *
+ * This function is used to add PMKSA candidates for RSN pre-authentication. It
+ * is called from scan result processing and from driver events for PMKSA
+ * candidates, i.e., EVENT_PMKID_CANDIDATE events to wpa_supplicant_event().
+ */
+void pmksa_candidate_add(struct wpa_sm *sm, const u8 *bssid,
+ int prio, int preauth)
+{
+ struct rsn_pmksa_candidate *cand, *prev, *pos;
+
+ if (sm->cur_ssid && sm->cur_ssid->proactive_key_caching)
+ pmksa_cache_get_opportunistic(sm->pmksa, sm->cur_ssid, bssid);
+
+ if (!preauth) {
+ wpa_printf(MSG_DEBUG, "RSN: Ignored PMKID candidate without "
+ "preauth flag");
+ return;
+ }
+
+ /* If BSSID already on candidate list, update the priority of the old
+ * entry. Do not override priority based on normal scan results. */
+ prev = NULL;
+ cand = sm->pmksa_candidates;
+ while (cand) {
+ if (os_memcmp(cand->bssid, bssid, ETH_ALEN) == 0) {
+ if (prev)
+ prev->next = cand->next;
+ else
+ sm->pmksa_candidates = cand->next;
+ break;
+ }
+ prev = cand;
+ cand = cand->next;
+ }
+
+ if (cand) {
+ if (prio < PMKID_CANDIDATE_PRIO_SCAN)
+ cand->priority = prio;
+ } else {
+ cand = os_zalloc(sizeof(*cand));
+ if (cand == NULL)
+ return;
+ os_memcpy(cand->bssid, bssid, ETH_ALEN);
+ cand->priority = prio;
+ }
+
+ /* Add candidate to the list; order by increasing priority value. i.e.,
+ * highest priority (smallest value) first. */
+ prev = NULL;
+ pos = sm->pmksa_candidates;
+ while (pos) {
+ if (cand->priority <= pos->priority)
+ break;
+ prev = pos;
+ pos = pos->next;
+ }
+ cand->next = pos;
+ if (prev)
+ prev->next = cand;
+ else
+ sm->pmksa_candidates = cand;
+
+ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: added PMKSA cache "
+ "candidate " MACSTR " prio %d", MAC2STR(bssid), prio);
+ rsn_preauth_candidate_process(sm);
+}
+
+
+/* TODO: schedule periodic scans if current AP supports preauth */
+
+/**
+ * rsn_preauth_scan_results - Process scan results to find PMKSA candidates
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @results: Scan results
+ * @count: Number of BSSes in scan results
+ *
+ * This functions goes through the scan results and adds all suitable APs
+ * (Authenticators) into PMKSA candidate list.
+ */
+void rsn_preauth_scan_results(struct wpa_sm *sm,
+ struct wpa_scan_result *results, int count)
+{
+ struct wpa_scan_result *r;
+ struct wpa_ie_data ie;
+ int i;
+ struct rsn_pmksa_cache_entry *pmksa;
+
+ if (sm->cur_ssid == NULL)
+ return;
+
+ /*
+ * TODO: is it ok to free all candidates? What about the entries
+ * received from EVENT_PMKID_CANDIDATE?
+ */
+ pmksa_candidate_free(sm);
+
+ for (i = count - 1; i >= 0; i--) {
+ r = &results[i];
+ if (r->ssid_len != sm->cur_ssid->ssid_len ||
+ os_memcmp(r->ssid, sm->cur_ssid->ssid,
+ r->ssid_len) != 0)
+ continue;
+
+ if (os_memcmp(r->bssid, sm->bssid, ETH_ALEN) == 0)
+ continue;
+
+ if (r->rsn_ie_len == 0 ||
+ wpa_parse_wpa_ie(r->rsn_ie, r->rsn_ie_len, &ie))
+ continue;
+
+ pmksa = pmksa_cache_get(sm->pmksa, r->bssid, NULL);
+ if (pmksa &&
+ (!pmksa->opportunistic ||
+ !(ie.capabilities & WPA_CAPABILITY_PREAUTH)))
+ continue;
+
+ /*
+ * Give less priority to candidates found from normal
+ * scan results.
+ */
+ pmksa_candidate_add(sm, r->bssid,
+ PMKID_CANDIDATE_PRIO_SCAN,
+ ie.capabilities & WPA_CAPABILITY_PREAUTH);
+ }
+}
+
+
+#ifdef CONFIG_CTRL_IFACE
+/**
+ * rsn_preauth_get_status - Get pre-authentication status
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf.
+ *
+ * Query WPA2 pre-authentication for status information. This function fills in
+ * a text area with current status information. If the buffer (buf) is not
+ * large enough, status information will be truncated to fit the buffer.
+ */
+int rsn_preauth_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
+ int verbose)
+{
+ char *pos = buf, *end = buf + buflen;
+ int res, ret;
+
+ if (sm->preauth_eapol) {
+ ret = os_snprintf(pos, end - pos, "Pre-authentication "
+ "EAPOL state machines:\n");
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ res = eapol_sm_get_status(sm->preauth_eapol,
+ pos, end - pos, verbose);
+ if (res >= 0)
+ pos += res;
+ }
+
+ return pos - buf;
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+/**
+ * rsn_preauth_in_progress - Verify whether pre-authentication is in progress
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ */
+int rsn_preauth_in_progress(struct wpa_sm *sm)
+{
+ return sm->preauth_eapol != NULL;
+}
+
+#endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
--- /dev/null
+/*
+ * wpa_supplicant - WPA2/RSN pre-authentication functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PREAUTH_H
+#define PREAUTH_H
+
+struct wpa_scan_result;
+
+#ifndef CONFIG_NO_WPA
+
+void pmksa_candidate_free(struct wpa_sm *sm);
+
+#else /* CONFIG_NO_WPA */
+
+static inline void pmksa_candidate_free(struct wpa_sm *sm)
+{
+}
+
+#endif /* CONFIG_NO_WPA */
+
+
+#if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
+
+int rsn_preauth_init(struct wpa_sm *sm, const u8 *dst,
+ struct wpa_ssid *config);
+void rsn_preauth_deinit(struct wpa_sm *sm);
+void rsn_preauth_scan_results(struct wpa_sm *sm,
+ struct wpa_scan_result *results, int count);
+void pmksa_candidate_add(struct wpa_sm *sm, const u8 *bssid,
+ int prio, int preauth);
+void rsn_preauth_candidate_process(struct wpa_sm *sm);
+int rsn_preauth_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
+ int verbose);
+int rsn_preauth_in_progress(struct wpa_sm *sm);
+
+#else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
+
+static inline void rsn_preauth_candidate_process(struct wpa_sm *sm)
+{
+}
+
+static inline int rsn_preauth_init(struct wpa_sm *sm, const u8 *dst,
+ struct wpa_ssid *config)
+{
+ return -1;
+}
+
+static inline void rsn_preauth_deinit(struct wpa_sm *sm)
+{
+}
+static inline void rsn_preauth_scan_results(struct wpa_sm *sm,
+ struct wpa_scan_result *results,
+ int count)
+{
+}
+
+static inline void pmksa_candidate_add(struct wpa_sm *sm,
+ const u8 *bssid,
+ int prio, int preauth)
+{
+}
+
+static inline int rsn_preauth_get_status(struct wpa_sm *sm, char *buf,
+ size_t buflen, int verbose)
+{
+ return 0;
+}
+
+static inline int rsn_preauth_in_progress(struct wpa_sm *sm)
+{
+ return 0;
+}
+
+#endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
+
+#endif /* PREAUTH_H */
--- /dev/null
+/*
+ * WPA Supplicant - test code for pre-authentication
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
+ * Not used in production version.
+ */
+
+#include "includes.h"
+#include <assert.h>
+
+#include "common.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "eap.h"
+#include "wpa_supplicant.h"
+#include "wpa_supplicant_i.h"
+#include "l2_packet.h"
+#include "ctrl_iface.h"
+#include "pcsc_funcs.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+
+
+extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
+
+struct wpa_driver_ops *wpa_supplicant_drivers[] = { NULL };
+
+
+struct preauth_test_data {
+ int auth_timed_out;
+};
+
+
+static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
+{
+ wpa_supplicant_req_scan(wpa_s, sec, usec);
+}
+
+
+static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
+{
+ wpa_supplicant_disassociate(wpa_s, reason_code);
+}
+
+
+static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
+{
+ wpa_supplicant_deauthenticate(wpa_s, reason_code);
+}
+
+
+static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
+ const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos)
+{
+ struct ieee802_1x_hdr *hdr;
+
+ *msg_len = sizeof(*hdr) + data_len;
+ hdr = os_malloc(*msg_len);
+ if (hdr == NULL)
+ return NULL;
+
+ hdr->version = wpa_s->conf->eapol_version;
+ hdr->type = type;
+ hdr->length = htons(data_len);
+
+ if (data)
+ os_memcpy(hdr + 1, data, data_len);
+ else
+ os_memset(hdr + 1, 0, data_len);
+
+ if (data_pos)
+ *data_pos = hdr + 1;
+
+ return (u8 *) hdr;
+}
+
+
+static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
+ const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos)
+{
+ return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
+}
+
+
+static void _wpa_supplicant_set_state(void *ctx, wpa_states state)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_s->wpa_state = state;
+}
+
+
+static wpa_states _wpa_supplicant_get_state(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_s->wpa_state;
+}
+
+
+static int wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
+ const u8 *buf, size_t len)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
+{
+ return wpa_supplicant_get_ssid(wpa_s);
+}
+
+
+static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
+{
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+}
+
+
+static int wpa_supplicant_get_beacon_ie(void *wpa_s)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
+{
+ printf("%s - not implemented\n", __func__);
+}
+
+
+static int wpa_supplicant_get_bssid(void *wpa_s, u8 *bssid)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
+ int protection_type,
+ int key_type)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static int wpa_supplicant_add_pmkid(void *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static int wpa_supplicant_remove_pmkid(void *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ printf("%s - not implemented\n", __func__);
+ return -1;
+}
+
+
+static void wpa_supplicant_set_config_blob(void *ctx,
+ struct wpa_config_blob *blob)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_config_set_blob(wpa_s->conf, blob);
+}
+
+
+static const struct wpa_config_blob *
+wpa_supplicant_get_config_blob(void *ctx, const char *name)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_config_get_blob(wpa_s->conf, name);
+}
+
+
+static void test_eapol_clean(struct wpa_supplicant *wpa_s)
+{
+ rsn_preauth_deinit(wpa_s->wpa);
+ pmksa_candidate_free(wpa_s->wpa);
+ wpa_sm_deinit(wpa_s->wpa);
+ scard_deinit(wpa_s->scard);
+ if (wpa_s->ctrl_iface) {
+ wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
+ }
+ wpa_config_free(wpa_s->conf);
+}
+
+
+static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct preauth_test_data *p = eloop_ctx;
+ printf("EAPOL test timed out\n");
+ p->auth_timed_out = 1;
+ eloop_terminate();
+}
+
+
+static void eapol_test_poll(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ if (!rsn_preauth_in_progress(wpa_s->wpa))
+ eloop_terminate();
+ else {
+ eloop_register_timeout(0, 100000, eapol_test_poll, eloop_ctx,
+ timeout_ctx);
+ }
+}
+
+
+static struct wpa_driver_ops dummy_driver;
+
+
+static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname)
+{
+ struct l2_packet_data *l2;
+ struct wpa_sm_ctx *ctx;
+
+ os_memset(&dummy_driver, 0, sizeof(dummy_driver));
+ wpa_s->driver = &dummy_driver;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ assert(ctx != NULL);
+
+ ctx->ctx = wpa_s;
+ ctx->set_state = _wpa_supplicant_set_state;
+ ctx->get_state = _wpa_supplicant_get_state;
+ ctx->req_scan = _wpa_supplicant_req_scan;
+ ctx->deauthenticate = _wpa_supplicant_deauthenticate;
+ ctx->disassociate = _wpa_supplicant_disassociate;
+ ctx->set_key = wpa_supplicant_set_key;
+ ctx->scan = wpa_supplicant_scan;
+ ctx->get_ssid = _wpa_supplicant_get_ssid;
+ ctx->get_bssid = wpa_supplicant_get_bssid;
+ ctx->ether_send = wpa_ether_send;
+ ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
+ ctx->alloc_eapol = _wpa_alloc_eapol;
+ ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
+ ctx->add_pmkid = wpa_supplicant_add_pmkid;
+ ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
+ ctx->set_config_blob = wpa_supplicant_set_config_blob;
+ ctx->get_config_blob = wpa_supplicant_get_config_blob;
+ ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
+
+ wpa_s->wpa = wpa_sm_init(ctx);
+ assert(wpa_s->wpa != NULL);
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, WPA_PROTO_RSN);
+
+ os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
+ wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname, NULL);
+
+ l2 = l2_packet_init(wpa_s->ifname, NULL, ETH_P_RSN_PREAUTH, NULL,
+ NULL, 0);
+ assert(l2 != NULL);
+ if (l2_packet_get_own_addr(l2, wpa_s->own_addr)) {
+ wpa_printf(MSG_WARNING, "Failed to get own L2 address\n");
+ exit(-1);
+ }
+ l2_packet_deinit(l2);
+ wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
+}
+
+
+static void eapol_test_terminate(int sig, void *eloop_ctx,
+ void *signal_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
+ eloop_terminate();
+}
+
+
+int main(int argc, char *argv[])
+{
+ struct wpa_supplicant wpa_s;
+ int ret = 1;
+ u8 bssid[ETH_ALEN];
+ struct preauth_test_data preauth_test;
+
+ if (os_program_init())
+ return -1;
+
+ os_memset(&preauth_test, 0, sizeof(preauth_test));
+
+ wpa_debug_level = 0;
+ wpa_debug_show_keys = 1;
+
+ if (argc != 4) {
+ printf("usage: preauth_test <conf> <target MAC address> "
+ "<ifname>\n");
+ return -1;
+ }
+
+ if (hwaddr_aton(argv[2], bssid)) {
+ printf("Failed to parse target address '%s'.\n", argv[2]);
+ return -1;
+ }
+
+ if (eap_peer_register_methods()) {
+ wpa_printf(MSG_ERROR, "Failed to register EAP methods");
+ return -1;
+ }
+
+ if (eloop_init(&wpa_s)) {
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ return -1;
+ }
+
+ os_memset(&wpa_s, 0, sizeof(wpa_s));
+ wpa_s.conf = wpa_config_read(argv[1]);
+ if (wpa_s.conf == NULL) {
+ printf("Failed to parse configuration file '%s'.\n", argv[1]);
+ return -1;
+ }
+ if (wpa_s.conf->ssid == NULL) {
+ printf("No networks defined.\n");
+ return -1;
+ }
+
+ wpa_init_conf(&wpa_s, argv[3]);
+ wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
+ if (wpa_s.ctrl_iface == NULL) {
+ printf("Failed to initialize control interface '%s'.\n"
+ "You may have another preauth_test process already "
+ "running or the file was\n"
+ "left by an unclean termination of preauth_test in "
+ "which case you will need\n"
+ "to manually remove this file before starting "
+ "preauth_test again.\n",
+ wpa_s.conf->ctrl_interface);
+ return -1;
+ }
+ if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
+ return -1;
+
+ if (rsn_preauth_init(wpa_s.wpa, bssid, wpa_s.conf->ssid))
+ return -1;
+
+ eloop_register_timeout(30, 0, eapol_test_timeout, &preauth_test, NULL);
+ eloop_register_timeout(0, 100000, eapol_test_poll, &wpa_s, NULL);
+ eloop_register_signal_terminate(eapol_test_terminate, NULL);
+ eloop_register_signal_reconfig(eapol_test_terminate, NULL);
+ eloop_run();
+
+ if (preauth_test.auth_timed_out)
+ ret = -2;
+ else {
+ ret = pmksa_cache_set_current(wpa_s.wpa, NULL, bssid, NULL, 0)
+ ? 0 : -3;
+ }
+
+ test_eapol_clean(&wpa_s);
+
+ eap_peer_unregister_methods();
+
+ eloop_destroy();
+
+ os_program_deinit();
+
+ return ret;
+}
--- /dev/null
+/*
+ * wpa_supplicant - Private copy of Linux netlink/rtnetlink definitions.
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PRIV_NETLINK_H
+#define PRIV_NETLINK_H
+
+/*
+ * This should be replaced with user space header once one is available with C
+ * library, etc..
+ */
+
+#ifndef IFF_LOWER_UP
+#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
+#endif
+#ifndef IFF_DORMANT
+#define IFF_DORMANT 0x20000 /* driver signals dormant */
+#endif
+
+#ifndef IFLA_IFNAME
+#define IFLA_IFNAME 3
+#endif
+#ifndef IFLA_WIRELESS
+#define IFLA_WIRELESS 11
+#endif
+#ifndef IFLA_OPERSTATE
+#define IFLA_OPERSTATE 16
+#endif
+#ifndef IFLA_LINKMODE
+#define IFLA_LINKMODE 17
+#define IF_OPER_DORMANT 5
+#define IF_OPER_UP 6
+#endif
+
+#define NLM_F_REQUEST 1
+
+#define NETLINK_ROUTE 0
+#define RTMGRP_LINK 1
+#define RTM_BASE 0x10
+#define RTM_NEWLINK (RTM_BASE + 0)
+#define RTM_DELLINK (RTM_BASE + 1)
+#define RTM_SETLINK (RTM_BASE + 3)
+
+#define NLMSG_ALIGNTO 4
+#define NLMSG_ALIGN(len) (((len) + NLMSG_ALIGNTO - 1) & ~(NLMSG_ALIGNTO - 1))
+#define NLMSG_LENGTH(len) ((len) + NLMSG_ALIGN(sizeof(struct nlmsghdr)))
+#define NLMSG_DATA(nlh) ((void*) (((char*) nlh) + NLMSG_LENGTH(0)))
+
+#define RTA_ALIGNTO 4
+#define RTA_ALIGN(len) (((len) + RTA_ALIGNTO - 1) & ~(RTA_ALIGNTO - 1))
+#define RTA_OK(rta,len) \
+((len) > 0 && (rta)->rta_len >= sizeof(struct rtattr) && \
+(rta)->rta_len <= (len))
+#define RTA_NEXT(rta,attrlen) \
+((attrlen) -= RTA_ALIGN((rta)->rta_len), \
+(struct rtattr *) (((char *)(rta)) + RTA_ALIGN((rta)->rta_len)))
+#define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
+#define RTA_DATA(rta) ((void *) (((char *) (rta)) + RTA_LENGTH(0)))
+
+
+struct sockaddr_nl
+{
+ sa_family_t nl_family;
+ unsigned short nl_pad;
+ u32 nl_pid;
+ u32 nl_groups;
+};
+
+struct nlmsghdr
+{
+ u32 nlmsg_len;
+ u16 nlmsg_type;
+ u16 nlmsg_flags;
+ u32 nlmsg_seq;
+ u32 nlmsg_pid;
+};
+
+struct ifinfomsg
+{
+ unsigned char ifi_family;
+ unsigned char __ifi_pad;
+ unsigned short ifi_type;
+ int ifi_index;
+ unsigned ifi_flags;
+ unsigned ifi_change;
+};
+
+struct rtattr
+{
+ unsigned short rta_len;
+ unsigned short rta_type;
+};
+
+#endif /* PRIV_NETLINK_H */
--- /dev/null
+/*
+ * hostapd / RADIUS message processing
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "radius.h"
+#include "md5.h"
+#include "crypto.h"
+
+
+struct radius_msg *radius_msg_new(u8 code, u8 identifier)
+{
+ struct radius_msg *msg;
+
+ msg = os_malloc(sizeof(*msg));
+ if (msg == NULL)
+ return NULL;
+
+ if (radius_msg_initialize(msg, RADIUS_DEFAULT_MSG_SIZE)) {
+ os_free(msg);
+ return NULL;
+ }
+
+ radius_msg_set_hdr(msg, code, identifier);
+
+ return msg;
+}
+
+
+int radius_msg_initialize(struct radius_msg *msg, size_t init_len)
+{
+ if (msg == NULL || init_len < sizeof(struct radius_hdr))
+ return -1;
+
+ os_memset(msg, 0, sizeof(*msg));
+ msg->buf = wpa_zalloc(init_len);
+ if (msg->buf == NULL)
+ return -1;
+
+ msg->buf_size = init_len;
+ msg->hdr = (struct radius_hdr *) msg->buf;
+ msg->buf_used = sizeof(*msg->hdr);
+
+ msg->attrs =
+ os_malloc(RADIUS_DEFAULT_ATTR_COUNT * sizeof(*msg->attrs));
+ if (msg->attrs == NULL) {
+ os_free(msg->buf);
+ msg->buf = NULL;
+ msg->hdr = NULL;
+ return -1;
+ }
+
+ msg->attr_size = RADIUS_DEFAULT_ATTR_COUNT;
+ msg->attr_used = 0;
+
+ return 0;
+}
+
+
+void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier)
+{
+ msg->hdr->code = code;
+ msg->hdr->identifier = identifier;
+}
+
+
+void radius_msg_free(struct radius_msg *msg)
+{
+ if (msg->buf != NULL) {
+ os_free(msg->buf);
+ msg->buf = NULL;
+ msg->hdr = NULL;
+ }
+ msg->buf_size = msg->buf_used = 0;
+
+ if (msg->attrs != NULL) {
+ os_free(msg->attrs);
+ msg->attrs = NULL;
+ }
+ msg->attr_size = msg->attr_used = 0;
+}
+
+
+static const char *radius_code_string(u8 code)
+{
+ switch (code) {
+ case RADIUS_CODE_ACCESS_REQUEST: return "Access-Request";
+ case RADIUS_CODE_ACCESS_ACCEPT: return "Access-Accept";
+ case RADIUS_CODE_ACCESS_REJECT: return "Access-Reject";
+ case RADIUS_CODE_ACCOUNTING_REQUEST: return "Accounting-Request";
+ case RADIUS_CODE_ACCOUNTING_RESPONSE: return "Accounting-Response";
+ case RADIUS_CODE_ACCESS_CHALLENGE: return "Access-Challenge";
+ case RADIUS_CODE_STATUS_SERVER: return "Status-Server";
+ case RADIUS_CODE_STATUS_CLIENT: return "Status-Client";
+ case RADIUS_CODE_RESERVED: return "Reserved";
+ default: return "?Unknown?";
+ }
+}
+
+
+struct radius_attr_type {
+ u8 type;
+ char *name;
+ enum {
+ RADIUS_ATTR_UNDIST, RADIUS_ATTR_TEXT, RADIUS_ATTR_IP,
+ RADIUS_ATTR_HEXDUMP, RADIUS_ATTR_INT32, RADIUS_ATTR_IPV6
+ } data_type;
+};
+
+static struct radius_attr_type radius_attrs[] =
+{
+ { RADIUS_ATTR_USER_NAME, "User-Name", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_USER_PASSWORD, "User-Password", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_NAS_IP_ADDRESS, "NAS-IP-Address", RADIUS_ATTR_IP },
+ { RADIUS_ATTR_NAS_PORT, "NAS-Port", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_FRAMED_MTU, "Framed-MTU", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_STATE, "State", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_CLASS, "Class", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_VENDOR_SPECIFIC, "Vendor-Specific", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_SESSION_TIMEOUT, "Session-Timeout", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_IDLE_TIMEOUT, "Idle-Timeout", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_TERMINATION_ACTION, "Termination-Action",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_CALLED_STATION_ID, "Called-Station-Id",
+ RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_CALLING_STATION_ID, "Calling-Station-Id",
+ RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_NAS_IDENTIFIER, "NAS-Identifier", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_PROXY_STATE, "Proxy-State", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_ACCT_STATUS_TYPE, "Acct-Status-Type",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_DELAY_TIME, "Acct-Delay-Time", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_INPUT_OCTETS, "Acct-Input-Octets",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_OUTPUT_OCTETS, "Acct-Output-Octets",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_SESSION_ID, "Acct-Session-Id", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_ACCT_AUTHENTIC, "Acct-Authentic", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_SESSION_TIME, "Acct-Session-Time",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_INPUT_PACKETS, "Acct-Input-Packets",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_OUTPUT_PACKETS, "Acct-Output-Packets",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_TERMINATE_CAUSE, "Acct-Terminate-Cause",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_MULTI_SESSION_ID, "Acct-Multi-Session-Id",
+ RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_ACCT_LINK_COUNT, "Acct-Link-Count", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_INPUT_GIGAWORDS, "Acct-Input-Gigawords",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS, "Acct-Output-Gigawords",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_EVENT_TIMESTAMP, "Event-Timestamp",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_NAS_PORT_TYPE, "NAS-Port-Type", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_TUNNEL_TYPE, "Tunnel-Type", RADIUS_ATTR_HEXDUMP },
+ { RADIUS_ATTR_TUNNEL_MEDIUM_TYPE, "Tunnel-Medium-Type",
+ RADIUS_ATTR_HEXDUMP },
+ { RADIUS_ATTR_CONNECT_INFO, "Connect-Info", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_EAP_MESSAGE, "EAP-Message", RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_MESSAGE_AUTHENTICATOR, "Message-Authenticator",
+ RADIUS_ATTR_UNDIST },
+ { RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID, "Tunnel-Private-Group-Id",
+ RADIUS_ATTR_HEXDUMP },
+ { RADIUS_ATTR_ACCT_INTERIM_INTERVAL, "Acct-Interim-Interval",
+ RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_NAS_IPV6_ADDRESS, "NAS-IPv6-Address", RADIUS_ATTR_IPV6 },
+};
+#define RADIUS_ATTRS (sizeof(radius_attrs) / sizeof(radius_attrs[0]))
+
+
+static struct radius_attr_type *radius_get_attr_type(u8 type)
+{
+ size_t i;
+
+ for (i = 0; i < RADIUS_ATTRS; i++) {
+ if (type == radius_attrs[i].type)
+ return &radius_attrs[i];
+ }
+
+ return NULL;
+}
+
+
+static void print_char(char c)
+{
+ if (c >= 32 && c < 127)
+ printf("%c", c);
+ else
+ printf("<%02x>", c);
+}
+
+
+static void radius_msg_dump_attr(struct radius_attr_hdr *hdr)
+{
+ struct radius_attr_type *attr;
+ int i, len;
+ unsigned char *pos;
+
+ attr = radius_get_attr_type(hdr->type);
+
+ printf(" Attribute %d (%s) length=%d\n",
+ hdr->type, attr ? attr->name : "?Unknown?", hdr->length);
+
+ if (attr == NULL)
+ return;
+
+ len = hdr->length - sizeof(struct radius_attr_hdr);
+ pos = (unsigned char *) (hdr + 1);
+
+ switch (attr->data_type) {
+ case RADIUS_ATTR_TEXT:
+ printf(" Value: '");
+ for (i = 0; i < len; i++)
+ print_char(pos[i]);
+ printf("'\n");
+ break;
+
+ case RADIUS_ATTR_IP:
+ if (len == 4) {
+ struct in_addr addr;
+ os_memcpy(&addr, pos, 4);
+ printf(" Value: %s\n", inet_ntoa(addr));
+ } else
+ printf(" Invalid IP address length %d\n", len);
+ break;
+
+#ifdef CONFIG_IPV6
+ case RADIUS_ATTR_IPV6:
+ if (len == 16) {
+ char buf[128];
+ const char *atxt;
+ struct in6_addr *addr = (struct in6_addr *) pos;
+ atxt = inet_ntop(AF_INET6, addr, buf, sizeof(buf));
+ printf(" Value: %s\n", atxt ? atxt : "?");
+ } else
+ printf(" Invalid IPv6 address length %d\n", len);
+ break;
+#endif /* CONFIG_IPV6 */
+
+ case RADIUS_ATTR_HEXDUMP:
+ case RADIUS_ATTR_UNDIST:
+ printf(" Value:");
+ for (i = 0; i < len; i++)
+ printf(" %02x", pos[i]);
+ printf("\n");
+ break;
+
+ case RADIUS_ATTR_INT32:
+ if (len == 4)
+ printf(" Value: %u\n", WPA_GET_BE32(pos));
+ else
+ printf(" Invalid INT32 length %d\n", len);
+ break;
+
+ default:
+ break;
+ }
+}
+
+
+void radius_msg_dump(struct radius_msg *msg)
+{
+ size_t i;
+
+ printf("RADIUS message: code=%d (%s) identifier=%d length=%d\n",
+ msg->hdr->code, radius_code_string(msg->hdr->code),
+ msg->hdr->identifier, ntohs(msg->hdr->length));
+
+ for (i = 0; i < msg->attr_used; i++) {
+ radius_msg_dump_attr(msg->attrs[i]);
+ }
+}
+
+
+int radius_msg_finish(struct radius_msg *msg, u8 *secret, size_t secret_len)
+{
+ if (secret) {
+ u8 auth[MD5_MAC_LEN];
+ struct radius_attr_hdr *attr;
+
+ os_memset(auth, 0, MD5_MAC_LEN);
+ attr = radius_msg_add_attr(msg,
+ RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ auth, MD5_MAC_LEN);
+ if (attr == NULL) {
+ printf("WARNING: Could not add "
+ "Message-Authenticator\n");
+ return -1;
+ }
+ msg->hdr->length = htons(msg->buf_used);
+ hmac_md5(secret, secret_len, msg->buf, msg->buf_used,
+ (u8 *) (attr + 1));
+ } else
+ msg->hdr->length = htons(msg->buf_used);
+
+ if (msg->buf_used > 0xffff) {
+ printf("WARNING: too long RADIUS message (%lu)\n",
+ (unsigned long) msg->buf_used);
+ return -1;
+ }
+ return 0;
+}
+
+
+int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, const u8 *req_authenticator)
+{
+ u8 auth[MD5_MAC_LEN];
+ struct radius_attr_hdr *attr;
+ const u8 *addr[4];
+ size_t len[4];
+
+ os_memset(auth, 0, MD5_MAC_LEN);
+ attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ auth, MD5_MAC_LEN);
+ if (attr == NULL) {
+ printf("WARNING: Could not add Message-Authenticator\n");
+ return -1;
+ }
+ msg->hdr->length = htons(msg->buf_used);
+ os_memcpy(msg->hdr->authenticator, req_authenticator,
+ sizeof(msg->hdr->authenticator));
+ hmac_md5(secret, secret_len, msg->buf, msg->buf_used,
+ (u8 *) (attr + 1));
+
+ /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+ addr[0] = (u8 *) msg->hdr;
+ len[0] = 1 + 1 + 2;
+ addr[1] = req_authenticator;
+ len[1] = MD5_MAC_LEN;
+ addr[2] = (u8 *) (msg->hdr + 1);
+ len[2] = msg->buf_used - sizeof(*msg->hdr);
+ addr[3] = secret;
+ len[3] = secret_len;
+ md5_vector(4, addr, len, msg->hdr->authenticator);
+
+ if (msg->buf_used > 0xffff) {
+ printf("WARNING: too long RADIUS message (%lu)\n",
+ (unsigned long) msg->buf_used);
+ return -1;
+ }
+ return 0;
+}
+
+
+void radius_msg_finish_acct(struct radius_msg *msg, u8 *secret,
+ size_t secret_len)
+{
+ const u8 *addr[2];
+ size_t len[2];
+
+ msg->hdr->length = htons(msg->buf_used);
+ os_memset(msg->hdr->authenticator, 0, MD5_MAC_LEN);
+ addr[0] = msg->buf;
+ len[0] = msg->buf_used;
+ addr[1] = secret;
+ len[1] = secret_len;
+ md5_vector(2, addr, len, msg->hdr->authenticator);
+
+ if (msg->buf_used > 0xffff) {
+ printf("WARNING: too long RADIUS messages (%lu)\n",
+ (unsigned long) msg->buf_used);
+ }
+}
+
+
+static int radius_msg_add_attr_to_array(struct radius_msg *msg,
+ struct radius_attr_hdr *attr)
+{
+ if (msg->attr_used >= msg->attr_size) {
+ struct radius_attr_hdr **nattrs;
+ int nlen = msg->attr_size * 2;
+
+ nattrs = os_realloc(msg->attrs, nlen * sizeof(*msg->attrs));
+ if (nattrs == NULL)
+ return -1;
+
+ msg->attrs = nattrs;
+ msg->attr_size = nlen;
+ }
+
+ msg->attrs[msg->attr_used++] = attr;
+
+ return 0;
+}
+
+
+struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type,
+ const u8 *data, size_t data_len)
+{
+ size_t buf_needed;
+ struct radius_attr_hdr *attr;
+
+ if (data_len > RADIUS_MAX_ATTR_LEN) {
+ printf("radius_msg_add_attr: too long attribute (%lu bytes)\n",
+ (unsigned long) data_len);
+ return NULL;
+ }
+
+ buf_needed = msg->buf_used + sizeof(*attr) + data_len;
+
+ if (msg->buf_size < buf_needed) {
+ /* allocate more space for message buffer */
+ unsigned char *nbuf;
+ size_t i, nlen = msg->buf_size;
+ int diff;
+
+ while (nlen < buf_needed)
+ nlen *= 2;
+ nbuf = os_realloc(msg->buf, nlen);
+ if (nbuf == NULL)
+ return NULL;
+ diff = nbuf - msg->buf;
+ msg->buf = nbuf;
+ msg->hdr = (struct radius_hdr *) msg->buf;
+ /* adjust attr pointers to match with the new buffer */
+ for (i = 0; i < msg->attr_used; i++)
+ msg->attrs[i] = (struct radius_attr_hdr *)
+ (((u8 *) msg->attrs[i]) + diff);
+ os_memset(msg->buf + msg->buf_size, 0, nlen - msg->buf_size);
+ msg->buf_size = nlen;
+ }
+
+ attr = (struct radius_attr_hdr *) (msg->buf + msg->buf_used);
+ attr->type = type;
+ attr->length = sizeof(*attr) + data_len;
+ if (data_len > 0)
+ os_memcpy(attr + 1, data, data_len);
+
+ msg->buf_used += sizeof(*attr) + data_len;
+
+ if (radius_msg_add_attr_to_array(msg, attr))
+ return NULL;
+
+ return attr;
+}
+
+
+struct radius_msg *radius_msg_parse(const u8 *data, size_t len)
+{
+ struct radius_msg *msg;
+ struct radius_hdr *hdr;
+ struct radius_attr_hdr *attr;
+ size_t msg_len;
+ unsigned char *pos, *end;
+
+ if (data == NULL || len < sizeof(*hdr))
+ return NULL;
+
+ hdr = (struct radius_hdr *) data;
+
+ msg_len = ntohs(hdr->length);
+ if (msg_len < sizeof(*hdr) || msg_len > len) {
+ printf("Invalid RADIUS message length\n");
+ return NULL;
+ }
+
+ if (msg_len < len) {
+ printf("Ignored %lu extra bytes after RADIUS message\n",
+ (unsigned long) len - msg_len);
+ }
+
+ msg = os_malloc(sizeof(*msg));
+ if (msg == NULL)
+ return NULL;
+
+ if (radius_msg_initialize(msg, msg_len)) {
+ os_free(msg);
+ return NULL;
+ }
+
+ os_memcpy(msg->buf, data, msg_len);
+ msg->buf_size = msg->buf_used = msg_len;
+
+ /* parse attributes */
+ pos = (unsigned char *) (msg->hdr + 1);
+ end = msg->buf + msg->buf_used;
+ while (pos < end) {
+ if ((size_t) (end - pos) < sizeof(*attr))
+ goto fail;
+
+ attr = (struct radius_attr_hdr *) pos;
+
+ if (pos + attr->length > end || attr->length < sizeof(*attr))
+ goto fail;
+
+ /* TODO: check that attr->length is suitable for attr->type */
+
+ if (radius_msg_add_attr_to_array(msg, attr))
+ goto fail;
+
+ pos += attr->length;
+ }
+
+ return msg;
+
+ fail:
+ radius_msg_free(msg);
+ os_free(msg);
+ return NULL;
+}
+
+
+int radius_msg_add_eap(struct radius_msg *msg, const u8 *data, size_t data_len)
+{
+ const u8 *pos = data;
+ size_t left = data_len;
+
+ while (left > 0) {
+ int len;
+ if (left > RADIUS_MAX_ATTR_LEN)
+ len = RADIUS_MAX_ATTR_LEN;
+ else
+ len = left;
+
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_EAP_MESSAGE,
+ pos, len))
+ return 0;
+
+ pos += len;
+ left -= len;
+ }
+
+ return 1;
+}
+
+
+u8 *radius_msg_get_eap(struct radius_msg *msg, size_t *eap_len)
+{
+ u8 *eap, *pos;
+ size_t len, i;
+
+ if (msg == NULL)
+ return NULL;
+
+ len = 0;
+ for (i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == RADIUS_ATTR_EAP_MESSAGE)
+ len += msg->attrs[i]->length -
+ sizeof(struct radius_attr_hdr);
+ }
+
+ if (len == 0)
+ return NULL;
+
+ eap = os_malloc(len);
+ if (eap == NULL)
+ return NULL;
+
+ pos = eap;
+ for (i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == RADIUS_ATTR_EAP_MESSAGE) {
+ struct radius_attr_hdr *attr = msg->attrs[i];
+ int flen = attr->length - sizeof(*attr);
+ os_memcpy(pos, attr + 1, flen);
+ pos += flen;
+ }
+ }
+
+ if (eap_len)
+ *eap_len = len;
+
+ return eap;
+}
+
+
+int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, const u8 *req_auth)
+{
+ u8 auth[MD5_MAC_LEN], orig[MD5_MAC_LEN];
+ u8 orig_authenticator[16];
+ struct radius_attr_hdr *attr = NULL;
+ size_t i;
+
+ for (i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == RADIUS_ATTR_MESSAGE_AUTHENTICATOR) {
+ if (attr != NULL) {
+ printf("Multiple Message-Authenticator "
+ "attributes in RADIUS message\n");
+ return 1;
+ }
+ attr = msg->attrs[i];
+ }
+ }
+
+ if (attr == NULL) {
+ printf("No Message-Authenticator attribute found\n");
+ return 1;
+ }
+
+ os_memcpy(orig, attr + 1, MD5_MAC_LEN);
+ os_memset(attr + 1, 0, MD5_MAC_LEN);
+ if (req_auth) {
+ os_memcpy(orig_authenticator, msg->hdr->authenticator,
+ sizeof(orig_authenticator));
+ os_memcpy(msg->hdr->authenticator, req_auth,
+ sizeof(msg->hdr->authenticator));
+ }
+ hmac_md5(secret, secret_len, msg->buf, msg->buf_used, auth);
+ os_memcpy(attr + 1, orig, MD5_MAC_LEN);
+ if (req_auth) {
+ os_memcpy(msg->hdr->authenticator, orig_authenticator,
+ sizeof(orig_authenticator));
+ }
+
+ if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
+ printf("Invalid Message-Authenticator!\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+
+int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, struct radius_msg *sent_msg, int auth)
+{
+ const u8 *addr[4];
+ size_t len[4];
+ u8 hash[MD5_MAC_LEN];
+
+ if (sent_msg == NULL) {
+ printf("No matching Access-Request message found\n");
+ return 1;
+ }
+
+ if (auth &&
+ radius_msg_verify_msg_auth(msg, secret, secret_len,
+ sent_msg->hdr->authenticator)) {
+ return 1;
+ }
+
+ /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+ addr[0] = (u8 *) msg->hdr;
+ len[0] = 1 + 1 + 2;
+ addr[1] = sent_msg->hdr->authenticator;
+ len[1] = MD5_MAC_LEN;
+ addr[2] = (u8 *) (msg->hdr + 1);
+ len[2] = msg->buf_used - sizeof(*msg->hdr);
+ addr[3] = secret;
+ len[3] = secret_len;
+ md5_vector(4, addr, len, hash);
+ if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
+ printf("Response Authenticator invalid!\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+
+int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
+ u8 type)
+{
+ struct radius_attr_hdr *attr;
+ size_t i;
+ int count = 0;
+
+ for (i = 0; i < src->attr_used; i++) {
+ attr = src->attrs[i];
+ if (attr->type == type) {
+ if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1),
+ attr->length - sizeof(*attr)))
+ return -1;
+ count++;
+ }
+ }
+
+ return count;
+}
+
+
+/* Create Request Authenticator. The value should be unique over the lifetime
+ * of the shared secret between authenticator and authentication server.
+ * Use one-way MD5 hash calculated from current timestamp and some data given
+ * by the caller. */
+void radius_msg_make_authenticator(struct radius_msg *msg,
+ const u8 *data, size_t len)
+{
+ struct os_time tv;
+ long int l;
+ const u8 *addr[3];
+ size_t elen[3];
+
+ os_get_time(&tv);
+ l = os_random();
+ addr[0] = (u8 *) &tv;
+ elen[0] = sizeof(tv);
+ addr[1] = data;
+ elen[1] = len;
+ addr[2] = (u8 *) &l;
+ elen[2] = sizeof(l);
+ md5_vector(3, addr, elen, msg->hdr->authenticator);
+}
+
+
+/* Get Vendor-specific RADIUS Attribute from a parsed RADIUS message.
+ * Returns the Attribute payload and sets alen to indicate the length of the
+ * payload if a vendor attribute with subtype is found, otherwise returns NULL.
+ * The returned payload is allocated with os_malloc() and caller must free it
+ * by calling os_free().
+ */
+static u8 *radius_msg_get_vendor_attr(struct radius_msg *msg, u32 vendor,
+ u8 subtype, size_t *alen)
+{
+ u8 *data, *pos;
+ size_t i, len;
+
+ if (msg == NULL)
+ return NULL;
+
+ for (i = 0; i < msg->attr_used; i++) {
+ struct radius_attr_hdr *attr = msg->attrs[i];
+ size_t left;
+ u32 vendor_id;
+ struct radius_attr_vendor *vhdr;
+
+ if (attr->type != RADIUS_ATTR_VENDOR_SPECIFIC)
+ continue;
+
+ left = attr->length - sizeof(*attr);
+ if (left < 4)
+ continue;
+
+ pos = (u8 *) (attr + 1);
+
+ os_memcpy(&vendor_id, pos, 4);
+ pos += 4;
+ left -= 4;
+
+ if (ntohl(vendor_id) != vendor)
+ continue;
+
+ while (left >= sizeof(*vhdr)) {
+ vhdr = (struct radius_attr_vendor *) pos;
+ if (vhdr->vendor_length > left ||
+ vhdr->vendor_length < sizeof(*vhdr)) {
+ left = 0;
+ break;
+ }
+ if (vhdr->vendor_type != subtype) {
+ pos += vhdr->vendor_length;
+ left -= vhdr->vendor_length;
+ continue;
+ }
+
+ len = vhdr->vendor_length - sizeof(*vhdr);
+ data = os_malloc(len);
+ if (data == NULL)
+ return NULL;
+ os_memcpy(data, pos + sizeof(*vhdr), len);
+ if (alen)
+ *alen = len;
+ return data;
+ }
+ }
+
+ return NULL;
+}
+
+
+static u8 * decrypt_ms_key(const u8 *key, size_t len,
+ const u8 *req_authenticator,
+ const u8 *secret, size_t secret_len, size_t *reslen)
+{
+ u8 *plain, *ppos, *res;
+ const u8 *pos;
+ size_t left, plen;
+ u8 hash[MD5_MAC_LEN];
+ int i, first = 1;
+ const u8 *addr[3];
+ size_t elen[3];
+
+ /* key: 16-bit salt followed by encrypted key info */
+
+ if (len < 2 + 16)
+ return NULL;
+
+ pos = key + 2;
+ left = len - 2;
+ if (left % 16) {
+ printf("Invalid ms key len %lu\n", (unsigned long) left);
+ return NULL;
+ }
+
+ plen = left;
+ ppos = plain = os_malloc(plen);
+ if (plain == NULL)
+ return NULL;
+
+ while (left > 0) {
+ /* b(1) = MD5(Secret + Request-Authenticator + Salt)
+ * b(i) = MD5(Secret + c(i - 1)) for i > 1 */
+
+ addr[0] = secret;
+ elen[0] = secret_len;
+ if (first) {
+ addr[1] = req_authenticator;
+ elen[1] = MD5_MAC_LEN;
+ addr[2] = key;
+ elen[2] = 2; /* Salt */
+ } else {
+ addr[1] = pos - MD5_MAC_LEN;
+ elen[1] = MD5_MAC_LEN;
+ }
+ md5_vector(first ? 3 : 2, addr, elen, hash);
+ first = 0;
+
+ for (i = 0; i < MD5_MAC_LEN; i++)
+ *ppos++ = *pos++ ^ hash[i];
+ left -= MD5_MAC_LEN;
+ }
+
+ if (plain[0] > plen - 1) {
+ printf("Failed to decrypt MPPE key\n");
+ os_free(plain);
+ return NULL;
+ }
+
+ res = os_malloc(plain[0]);
+ if (res == NULL) {
+ os_free(plain);
+ return NULL;
+ }
+ os_memcpy(res, plain + 1, plain[0]);
+ if (reslen)
+ *reslen = plain[0];
+ os_free(plain);
+ return res;
+}
+
+
+static void encrypt_ms_key(const u8 *key, size_t key_len, u16 salt,
+ const u8 *req_authenticator,
+ const u8 *secret, size_t secret_len,
+ u8 *ebuf, size_t *elen)
+{
+ int i, len, first = 1;
+ u8 hash[MD5_MAC_LEN], saltbuf[2], *pos;
+ const u8 *addr[3];
+ size_t _len[3];
+
+ saltbuf[0] = salt >> 8;
+ saltbuf[1] = salt;
+
+ len = 1 + key_len;
+ if (len & 0x0f) {
+ len = (len & 0xf0) + 16;
+ }
+ os_memset(ebuf, 0, len);
+ ebuf[0] = key_len;
+ os_memcpy(ebuf + 1, key, key_len);
+
+ *elen = len;
+
+ pos = ebuf;
+ while (len > 0) {
+ /* b(1) = MD5(Secret + Request-Authenticator + Salt)
+ * b(i) = MD5(Secret + c(i - 1)) for i > 1 */
+ addr[0] = secret;
+ _len[0] = secret_len;
+ if (first) {
+ addr[1] = req_authenticator;
+ _len[1] = MD5_MAC_LEN;
+ addr[2] = saltbuf;
+ _len[2] = sizeof(saltbuf);
+ } else {
+ addr[1] = pos - MD5_MAC_LEN;
+ _len[1] = MD5_MAC_LEN;
+ }
+ md5_vector(first ? 3 : 2, addr, _len, hash);
+ first = 0;
+
+ for (i = 0; i < MD5_MAC_LEN; i++)
+ *pos++ ^= hash[i];
+
+ len -= MD5_MAC_LEN;
+ }
+}
+
+
+struct radius_ms_mppe_keys *
+radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ u8 *secret, size_t secret_len)
+{
+ u8 *key;
+ size_t keylen;
+ struct radius_ms_mppe_keys *keys;
+
+ if (msg == NULL || sent_msg == NULL)
+ return NULL;
+
+ keys = wpa_zalloc(sizeof(*keys));
+ if (keys == NULL)
+ return NULL;
+
+ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_MICROSOFT,
+ RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY,
+ &keylen);
+ if (key) {
+ keys->send = decrypt_ms_key(key, keylen,
+ sent_msg->hdr->authenticator,
+ secret, secret_len,
+ &keys->send_len);
+ os_free(key);
+ }
+
+ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_MICROSOFT,
+ RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY,
+ &keylen);
+ if (key) {
+ keys->recv = decrypt_ms_key(key, keylen,
+ sent_msg->hdr->authenticator,
+ secret, secret_len,
+ &keys->recv_len);
+ os_free(key);
+ }
+
+ return keys;
+}
+
+
+struct radius_ms_mppe_keys *
+radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ u8 *secret, size_t secret_len)
+{
+ u8 *key;
+ size_t keylen;
+ struct radius_ms_mppe_keys *keys;
+
+ if (msg == NULL || sent_msg == NULL)
+ return NULL;
+
+ keys = wpa_zalloc(sizeof(*keys));
+ if (keys == NULL)
+ return NULL;
+
+ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_CISCO,
+ RADIUS_CISCO_AV_PAIR, &keylen);
+ if (key && keylen == 51 &&
+ os_memcmp(key, "leap:session-key=", 17) == 0) {
+ keys->recv = decrypt_ms_key(key + 17, keylen - 17,
+ sent_msg->hdr->authenticator,
+ secret, secret_len,
+ &keys->recv_len);
+ }
+ os_free(key);
+
+ return keys;
+}
+
+
+int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ const u8 *req_authenticator,
+ const u8 *secret, size_t secret_len,
+ const u8 *send_key, size_t send_key_len,
+ const u8 *recv_key, size_t recv_key_len)
+{
+ struct radius_attr_hdr *attr;
+ u32 vendor_id = htonl(RADIUS_VENDOR_ID_MICROSOFT);
+ u8 *buf;
+ struct radius_attr_vendor *vhdr;
+ u8 *pos;
+ size_t elen;
+ int hlen;
+ u16 salt;
+
+ hlen = sizeof(vendor_id) + sizeof(*vhdr) + 2;
+
+ /* MS-MPPE-Send-Key */
+ buf = os_malloc(hlen + send_key_len + 16);
+ if (buf == NULL) {
+ return 0;
+ }
+ pos = buf;
+ os_memcpy(pos, &vendor_id, sizeof(vendor_id));
+ pos += sizeof(vendor_id);
+ vhdr = (struct radius_attr_vendor *) pos;
+ vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY;
+ pos = (u8 *) (vhdr + 1);
+ salt = os_random() | 0x8000;
+ *pos++ = salt >> 8;
+ *pos++ = salt;
+ encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret,
+ secret_len, pos, &elen);
+ vhdr->vendor_length = hlen + elen - sizeof(vendor_id);
+
+ attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
+ buf, hlen + elen);
+ os_free(buf);
+ if (attr == NULL) {
+ return 0;
+ }
+
+ /* MS-MPPE-Recv-Key */
+ buf = os_malloc(hlen + send_key_len + 16);
+ if (buf == NULL) {
+ return 0;
+ }
+ pos = buf;
+ os_memcpy(pos, &vendor_id, sizeof(vendor_id));
+ pos += sizeof(vendor_id);
+ vhdr = (struct radius_attr_vendor *) pos;
+ vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY;
+ pos = (u8 *) (vhdr + 1);
+ salt ^= 1;
+ *pos++ = salt >> 8;
+ *pos++ = salt;
+ encrypt_ms_key(recv_key, recv_key_len, salt, req_authenticator, secret,
+ secret_len, pos, &elen);
+ vhdr->vendor_length = hlen + elen - sizeof(vendor_id);
+
+ attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
+ buf, hlen + elen);
+ os_free(buf);
+ if (attr == NULL) {
+ return 0;
+ }
+
+ return 1;
+}
+
+
+/* Add User-Password attribute to a RADIUS message and encrypt it as specified
+ * in RFC 2865, Chap. 5.2 */
+struct radius_attr_hdr *
+radius_msg_add_attr_user_password(struct radius_msg *msg,
+ u8 *data, size_t data_len,
+ u8 *secret, size_t secret_len)
+{
+ u8 buf[128];
+ int padlen, i;
+ size_t buf_len, pos;
+ const u8 *addr[2];
+ size_t len[2];
+ u8 hash[16];
+
+ if (data_len > 128)
+ return NULL;
+
+ os_memcpy(buf, data, data_len);
+ buf_len = data_len;
+
+ padlen = data_len % 16;
+ if (padlen) {
+ padlen = 16 - padlen;
+ os_memset(buf + data_len, 0, padlen);
+ buf_len += padlen;
+ }
+
+ addr[0] = secret;
+ len[0] = secret_len;
+ addr[1] = msg->hdr->authenticator;
+ len[1] = 16;
+ md5_vector(2, addr, len, hash);
+
+ for (i = 0; i < 16; i++)
+ buf[i] ^= hash[i];
+ pos = 16;
+
+ while (pos < buf_len) {
+ addr[0] = secret;
+ len[0] = secret_len;
+ addr[1] = &buf[pos - 16];
+ len[1] = 16;
+ md5_vector(2, addr, len, hash);
+
+ for (i = 0; i < 16; i++)
+ buf[pos + i] ^= hash[i];
+
+ pos += 16;
+ }
+
+ return radius_msg_add_attr(msg, RADIUS_ATTR_USER_PASSWORD,
+ buf, buf_len);
+}
+
+
+int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len)
+{
+ struct radius_attr_hdr *attr = NULL;
+ size_t i, dlen;
+
+ for (i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == type) {
+ attr = msg->attrs[i];
+ break;
+ }
+ }
+
+ if (!attr)
+ return -1;
+
+ dlen = attr->length - sizeof(*attr);
+ if (buf)
+ os_memcpy(buf, (attr + 1), dlen > len ? len : dlen);
+ return dlen;
+}
+
+
+int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf,
+ size_t *len, const u8 *start)
+{
+ size_t i;
+ struct radius_attr_hdr *attr = NULL;
+
+ for (i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == type &&
+ (start == NULL || (u8 *) msg->attrs[i] > start)) {
+ attr = msg->attrs[i];
+ break;
+ }
+ }
+
+ if (!attr)
+ return -1;
+
+ *buf = (u8 *) (attr + 1);
+ *len = attr->length - sizeof(*attr);
+ return 0;
+}
+
+
+int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len)
+{
+ size_t i;
+ int count;
+
+ for (count = 0, i = 0; i < msg->attr_used; i++) {
+ if (msg->attrs[i]->type == type &&
+ msg->attrs[i]->length >=
+ sizeof(struct radius_attr_hdr) + min_len)
+ count++;
+ }
+
+ return count;
+}
+
+
+struct radius_tunnel_attrs {
+ int tag_used;
+ int type; /* Tunnel-Type */
+ int medium_type; /* Tunnel-Medium-Type */
+ int vlanid;
+};
+
+
+/**
+ * radius_msg_get_vlanid - Parse RADIUS attributes for VLAN tunnel information
+ * @msg: RADIUS message
+ * Returns: VLAN ID for the first tunnel configuration of -1 if none is found
+ */
+int radius_msg_get_vlanid(struct radius_msg *msg)
+{
+ struct radius_tunnel_attrs tunnel[RADIUS_TUNNEL_TAGS], *tun;
+ size_t i;
+ struct radius_attr_hdr *attr = NULL;
+ const u8 *data;
+ char buf[10];
+ size_t dlen;
+
+ os_memset(&tunnel, 0, sizeof(tunnel));
+
+ for (i = 0; i < msg->attr_used; i++) {
+ attr = msg->attrs[i];
+ data = (const u8 *) (attr + 1);
+ dlen = attr->length - sizeof(*attr);
+ if (attr->length < 3)
+ continue;
+ if (data[0] >= RADIUS_TUNNEL_TAGS)
+ tun = &tunnel[0];
+ else
+ tun = &tunnel[data[0]];
+
+ switch (attr->type) {
+ case RADIUS_ATTR_TUNNEL_TYPE:
+ if (attr->length != 6)
+ break;
+ tun->tag_used++;
+ tun->type = (data[1] << 16) | (data[2] << 8) | data[3];
+ break;
+ case RADIUS_ATTR_TUNNEL_MEDIUM_TYPE:
+ if (attr->length != 6)
+ break;
+ tun->tag_used++;
+ tun->medium_type =
+ (data[1] << 16) | (data[2] << 8) | data[3];
+ break;
+ case RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID:
+ if (data[0] < RADIUS_TUNNEL_TAGS) {
+ data++;
+ dlen--;
+ }
+ if (dlen >= sizeof(buf))
+ break;
+ os_memcpy(buf, data, dlen);
+ buf[dlen] = '\0';
+ tun->tag_used++;
+ tun->vlanid = atoi(buf);
+ break;
+ }
+ }
+
+ for (i = 0; i < RADIUS_TUNNEL_TAGS; i++) {
+ tun = &tunnel[i];
+ if (tun->tag_used &&
+ tun->type == RADIUS_TUNNEL_TYPE_VLAN &&
+ tun->medium_type == RADIUS_TUNNEL_MEDIUM_TYPE_802 &&
+ tun->vlanid > 0)
+ return tun->vlanid;
+ }
+
+ return -1;
+}
--- /dev/null
+/*
+ * hostapd / RADIUS message processing
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef RADIUS_H
+#define RADIUS_H
+
+/* RFC 2865 - RADIUS */
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct radius_hdr {
+ u8 code;
+ u8 identifier;
+ u16 length; /* including this header */
+ u8 authenticator[16];
+ /* followed by length-20 octets of attributes */
+} STRUCT_PACKED;
+
+enum { RADIUS_CODE_ACCESS_REQUEST = 1,
+ RADIUS_CODE_ACCESS_ACCEPT = 2,
+ RADIUS_CODE_ACCESS_REJECT = 3,
+ RADIUS_CODE_ACCOUNTING_REQUEST = 4,
+ RADIUS_CODE_ACCOUNTING_RESPONSE = 5,
+ RADIUS_CODE_ACCESS_CHALLENGE = 11,
+ RADIUS_CODE_STATUS_SERVER = 12,
+ RADIUS_CODE_STATUS_CLIENT = 13,
+ RADIUS_CODE_RESERVED = 255
+};
+
+struct radius_attr_hdr {
+ u8 type;
+ u8 length; /* including this header */
+ /* followed by length-2 octets of attribute value */
+} STRUCT_PACKED;
+
+#define RADIUS_MAX_ATTR_LEN (255 - sizeof(struct radius_attr_hdr))
+
+enum { RADIUS_ATTR_USER_NAME = 1,
+ RADIUS_ATTR_USER_PASSWORD = 2,
+ RADIUS_ATTR_NAS_IP_ADDRESS = 4,
+ RADIUS_ATTR_NAS_PORT = 5,
+ RADIUS_ATTR_FRAMED_MTU = 12,
+ RADIUS_ATTR_STATE = 24,
+ RADIUS_ATTR_CLASS = 25,
+ RADIUS_ATTR_VENDOR_SPECIFIC = 26,
+ RADIUS_ATTR_SESSION_TIMEOUT = 27,
+ RADIUS_ATTR_IDLE_TIMEOUT = 28,
+ RADIUS_ATTR_TERMINATION_ACTION = 29,
+ RADIUS_ATTR_CALLED_STATION_ID = 30,
+ RADIUS_ATTR_CALLING_STATION_ID = 31,
+ RADIUS_ATTR_NAS_IDENTIFIER = 32,
+ RADIUS_ATTR_PROXY_STATE = 33,
+ RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
+ RADIUS_ATTR_ACCT_DELAY_TIME = 41,
+ RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
+ RADIUS_ATTR_ACCT_OUTPUT_OCTETS = 43,
+ RADIUS_ATTR_ACCT_SESSION_ID = 44,
+ RADIUS_ATTR_ACCT_AUTHENTIC = 45,
+ RADIUS_ATTR_ACCT_SESSION_TIME = 46,
+ RADIUS_ATTR_ACCT_INPUT_PACKETS = 47,
+ RADIUS_ATTR_ACCT_OUTPUT_PACKETS = 48,
+ RADIUS_ATTR_ACCT_TERMINATE_CAUSE = 49,
+ RADIUS_ATTR_ACCT_MULTI_SESSION_ID = 50,
+ RADIUS_ATTR_ACCT_LINK_COUNT = 51,
+ RADIUS_ATTR_ACCT_INPUT_GIGAWORDS = 52,
+ RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS = 53,
+ RADIUS_ATTR_EVENT_TIMESTAMP = 55,
+ RADIUS_ATTR_NAS_PORT_TYPE = 61,
+ RADIUS_ATTR_TUNNEL_TYPE = 64,
+ RADIUS_ATTR_TUNNEL_MEDIUM_TYPE = 65,
+ RADIUS_ATTR_CONNECT_INFO = 77,
+ RADIUS_ATTR_EAP_MESSAGE = 79,
+ RADIUS_ATTR_MESSAGE_AUTHENTICATOR = 80,
+ RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81,
+ RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85,
+ RADIUS_ATTR_NAS_IPV6_ADDRESS = 95
+};
+
+
+/* Termination-Action */
+#define RADIUS_TERMINATION_ACTION_DEFAULT 0
+#define RADIUS_TERMINATION_ACTION_RADIUS_REQUEST 1
+
+/* NAS-Port-Type */
+#define RADIUS_NAS_PORT_TYPE_IEEE_802_11 19
+
+/* Acct-Status-Type */
+#define RADIUS_ACCT_STATUS_TYPE_START 1
+#define RADIUS_ACCT_STATUS_TYPE_STOP 2
+#define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3
+#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON 7
+#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF 8
+
+/* Acct-Authentic */
+#define RADIUS_ACCT_AUTHENTIC_RADIUS 1
+#define RADIUS_ACCT_AUTHENTIC_LOCAL 2
+#define RADIUS_ACCT_AUTHENTIC_REMOTE 3
+
+/* Acct-Terminate-Cause */
+#define RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST 1
+#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_CARRIER 2
+#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_SERVICE 3
+#define RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT 4
+#define RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT 5
+#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET 6
+#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT 7
+#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_ERROR 8
+#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_ERROR 9
+#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REQUEST 10
+#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT 11
+#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_UNNEEDED 12
+#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_PREEMPTED 13
+#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_SUSPENDED 14
+#define RADIUS_ACCT_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
+#define RADIUS_ACCT_TERMINATE_CAUSE_CALLBACK 16
+#define RADIUS_ACCT_TERMINATE_CAUSE_USER_ERROR 17
+#define RADIUS_ACCT_TERMINATE_CAUSE_HOST_REQUEST 18
+
+#define RADIUS_TUNNEL_TAGS 32
+
+/* Tunnel-Type */
+#define RADIUS_TUNNEL_TYPE_PPTP 1
+#define RADIUS_TUNNEL_TYPE_L2TP 3
+#define RADIUS_TUNNEL_TYPE_IPIP 7
+#define RADIUS_TUNNEL_TYPE_GRE 10
+#define RADIUS_TUNNEL_TYPE_VLAN 13
+
+/* Tunnel-Medium-Type */
+#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1
+#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2
+#define RADIUS_TUNNEL_MEDIUM_TYPE_802 6
+
+
+struct radius_attr_vendor {
+ u8 vendor_type;
+ u8 vendor_length;
+} STRUCT_PACKED;
+
+#define RADIUS_VENDOR_ID_CISCO 9
+#define RADIUS_CISCO_AV_PAIR 1
+
+/* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */
+#define RADIUS_VENDOR_ID_MICROSOFT 311
+
+enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
+ RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
+};
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+struct radius_ms_mppe_keys {
+ u8 *send;
+ size_t send_len;
+ u8 *recv;
+ size_t recv_len;
+};
+
+
+/* RADIUS message structure for new and parsed messages */
+struct radius_msg {
+ unsigned char *buf;
+ size_t buf_size; /* total size allocated for buf */
+ size_t buf_used; /* bytes used in buf */
+
+ struct radius_hdr *hdr;
+
+ struct radius_attr_hdr **attrs; /* array of pointers to attributes */
+ size_t attr_size; /* total size of the attribute pointer array */
+ size_t attr_used; /* total number of attributes in the array */
+};
+
+
+/* Default size to be allocated for new RADIUS messages */
+#define RADIUS_DEFAULT_MSG_SIZE 1024
+
+/* Default size to be allocated for attribute array */
+#define RADIUS_DEFAULT_ATTR_COUNT 16
+
+
+/* MAC address ASCII format for IEEE 802.1X use
+ * (draft-congdon-radius-8021x-20.txt) */
+#define RADIUS_802_1X_ADDR_FORMAT "%02X-%02X-%02X-%02X-%02X-%02X"
+/* MAC address ASCII format for non-802.1X use */
+#define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x"
+
+struct radius_msg *radius_msg_new(u8 code, u8 identifier);
+int radius_msg_initialize(struct radius_msg *msg, size_t init_len);
+void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier);
+void radius_msg_free(struct radius_msg *msg);
+void radius_msg_dump(struct radius_msg *msg);
+int radius_msg_finish(struct radius_msg *msg, u8 *secret, size_t secret_len);
+int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, const u8 *req_authenticator);
+void radius_msg_finish_acct(struct radius_msg *msg, u8 *secret,
+ size_t secret_len);
+struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type,
+ const u8 *data, size_t data_len);
+struct radius_msg *radius_msg_parse(const u8 *data, size_t len);
+int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
+ size_t data_len);
+u8 *radius_msg_get_eap(struct radius_msg *msg, size_t *len);
+int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, struct radius_msg *sent_msg,
+ int auth);
+int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, const u8 *req_auth);
+int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
+ u8 type);
+void radius_msg_make_authenticator(struct radius_msg *msg,
+ const u8 *data, size_t len);
+struct radius_ms_mppe_keys *
+radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ u8 *secret, size_t secret_len);
+struct radius_ms_mppe_keys *
+radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ u8 *secret, size_t secret_len);
+int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ const u8 *req_authenticator,
+ const u8 *secret, size_t secret_len,
+ const u8 *send_key, size_t send_key_len,
+ const u8 *recv_key, size_t recv_key_len);
+struct radius_attr_hdr *
+radius_msg_add_attr_user_password(struct radius_msg *msg,
+ u8 *data, size_t data_len,
+ u8 *secret, size_t secret_len);
+int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len);
+int radius_msg_get_vlanid(struct radius_msg *msg);
+
+static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
+ u32 value)
+{
+ u32 val = htonl(value);
+ return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
+}
+
+static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
+ u32 *value)
+{
+ u32 val;
+ int res;
+ res = radius_msg_get_attr(msg, type, (u8 *) &val, 4);
+ if (res != 4)
+ return -1;
+
+ *value = ntohl(val);
+ return 0;
+}
+int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf,
+ size_t *len, const u8 *start);
+int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len);
+
+#endif /* RADIUS_H */
--- /dev/null
+/*
+ * hostapd / RADIUS client
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "radius.h"
+#include "radius_client.h"
+#include "eloop.h"
+
+/* Defaults for RADIUS retransmit values (exponential backoff) */
+#define RADIUS_CLIENT_FIRST_WAIT 3 /* seconds */
+#define RADIUS_CLIENT_MAX_WAIT 120 /* seconds */
+#define RADIUS_CLIENT_MAX_RETRIES 10 /* maximum number of retransmit attempts
+ * before entry is removed from retransmit
+ * list */
+#define RADIUS_CLIENT_MAX_ENTRIES 30 /* maximum number of entries in retransmit
+ * list (oldest will be removed, if this
+ * limit is exceeded) */
+#define RADIUS_CLIENT_NUM_FAILOVER 4 /* try to change RADIUS server after this
+ * many failed retry attempts */
+
+
+struct radius_rx_handler {
+ RadiusRxResult (*handler)(struct radius_msg *msg,
+ struct radius_msg *req,
+ u8 *shared_secret, size_t shared_secret_len,
+ void *data);
+ void *data;
+};
+
+
+/* RADIUS message retransmit list */
+struct radius_msg_list {
+ u8 addr[ETH_ALEN]; /* STA/client address; used to find RADIUS messages
+ * for the same STA. */
+ struct radius_msg *msg;
+ RadiusType msg_type;
+ os_time_t first_try;
+ os_time_t next_try;
+ int attempts;
+ int next_wait;
+ struct os_time last_attempt;
+
+ u8 *shared_secret;
+ size_t shared_secret_len;
+
+ /* TODO: server config with failover to backup server(s) */
+
+ struct radius_msg_list *next;
+};
+
+
+struct radius_client_data {
+ void *ctx;
+ struct hostapd_radius_servers *conf;
+
+ int auth_serv_sock; /* socket for authentication RADIUS messages */
+ int acct_serv_sock; /* socket for accounting RADIUS messages */
+ int auth_serv_sock6;
+ int acct_serv_sock6;
+ int auth_sock; /* currently used socket */
+ int acct_sock; /* currently used socket */
+
+ struct radius_rx_handler *auth_handlers;
+ size_t num_auth_handlers;
+ struct radius_rx_handler *acct_handlers;
+ size_t num_acct_handlers;
+
+ struct radius_msg_list *msgs;
+ size_t num_msgs;
+
+ u8 next_radius_identifier;
+};
+
+
+static int
+radius_change_server(struct radius_client_data *radius,
+ struct hostapd_radius_server *nserv,
+ struct hostapd_radius_server *oserv,
+ int sock, int sock6, int auth);
+static int radius_client_init_acct(struct radius_client_data *radius);
+static int radius_client_init_auth(struct radius_client_data *radius);
+
+
+static void radius_client_msg_free(struct radius_msg_list *req)
+{
+ radius_msg_free(req->msg);
+ os_free(req->msg);
+ os_free(req);
+}
+
+
+int radius_client_register(struct radius_client_data *radius,
+ RadiusType msg_type,
+ RadiusRxResult (*handler)(struct radius_msg *msg,
+ struct radius_msg *req,
+ u8 *shared_secret,
+ size_t shared_secret_len,
+ void *data),
+ void *data)
+{
+ struct radius_rx_handler **handlers, *newh;
+ size_t *num;
+
+ if (msg_type == RADIUS_ACCT) {
+ handlers = &radius->acct_handlers;
+ num = &radius->num_acct_handlers;
+ } else {
+ handlers = &radius->auth_handlers;
+ num = &radius->num_auth_handlers;
+ }
+
+ newh = os_realloc(*handlers,
+ (*num + 1) * sizeof(struct radius_rx_handler));
+ if (newh == NULL)
+ return -1;
+
+ newh[*num].handler = handler;
+ newh[*num].data = data;
+ (*num)++;
+ *handlers = newh;
+
+ return 0;
+}
+
+
+static void radius_client_handle_send_error(struct radius_client_data *radius,
+ int s, RadiusType msg_type)
+{
+#ifndef CONFIG_NATIVE_WINDOWS
+ int _errno = errno;
+ perror("send[RADIUS]");
+ if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL ||
+ _errno == EBADF) {
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "Send failed - maybe interface status changed -"
+ " try to connect again");
+ eloop_unregister_read_sock(s);
+ close(s);
+ if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM)
+ radius_client_init_acct(radius);
+ else
+ radius_client_init_auth(radius);
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+}
+
+
+static int radius_client_retransmit(struct radius_client_data *radius,
+ struct radius_msg_list *entry,
+ os_time_t now)
+{
+ struct hostapd_radius_servers *conf = radius->conf;
+ int s;
+
+ if (entry->msg_type == RADIUS_ACCT ||
+ entry->msg_type == RADIUS_ACCT_INTERIM) {
+ s = radius->acct_sock;
+ if (entry->attempts == 0)
+ conf->acct_server->requests++;
+ else {
+ conf->acct_server->timeouts++;
+ conf->acct_server->retransmissions++;
+ }
+ } else {
+ s = radius->auth_sock;
+ if (entry->attempts == 0)
+ conf->auth_server->requests++;
+ else {
+ conf->auth_server->timeouts++;
+ conf->auth_server->retransmissions++;
+ }
+ }
+
+ /* retransmit; remove entry if too many attempts */
+ entry->attempts++;
+ hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
+ entry->msg->hdr->identifier);
+
+ os_get_time(&entry->last_attempt);
+ if (send(s, entry->msg->buf, entry->msg->buf_used, 0) < 0)
+ radius_client_handle_send_error(radius, s, entry->msg_type);
+
+ entry->next_try = now + entry->next_wait;
+ entry->next_wait *= 2;
+ if (entry->next_wait > RADIUS_CLIENT_MAX_WAIT)
+ entry->next_wait = RADIUS_CLIENT_MAX_WAIT;
+ if (entry->attempts >= RADIUS_CLIENT_MAX_RETRIES) {
+ printf("Removing un-ACKed RADIUS message due to too many "
+ "failed retransmit attempts\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+
+static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct radius_client_data *radius = eloop_ctx;
+ struct hostapd_radius_servers *conf = radius->conf;
+ struct os_time now;
+ os_time_t first;
+ struct radius_msg_list *entry, *prev, *tmp;
+ int auth_failover = 0, acct_failover = 0;
+ char abuf[50];
+
+ entry = radius->msgs;
+ if (!entry)
+ return;
+
+ os_get_time(&now);
+ first = 0;
+
+ prev = NULL;
+ while (entry) {
+ if (now.sec >= entry->next_try &&
+ radius_client_retransmit(radius, entry, now.sec)) {
+ if (prev)
+ prev->next = entry->next;
+ else
+ radius->msgs = entry->next;
+
+ tmp = entry;
+ entry = entry->next;
+ radius_client_msg_free(tmp);
+ radius->num_msgs--;
+ continue;
+ }
+
+ if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER) {
+ if (entry->msg_type == RADIUS_ACCT ||
+ entry->msg_type == RADIUS_ACCT_INTERIM)
+ acct_failover++;
+ else
+ auth_failover++;
+ }
+
+ if (first == 0 || entry->next_try < first)
+ first = entry->next_try;
+
+ prev = entry;
+ entry = entry->next;
+ }
+
+ if (radius->msgs) {
+ if (first < now.sec)
+ first = now.sec;
+ eloop_register_timeout(first - now.sec, 0,
+ radius_client_timer, radius, NULL);
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Next RADIUS client "
+ "retransmit in %ld seconds",
+ (long int) (first - now.sec));
+ }
+
+ if (auth_failover && conf->num_auth_servers > 1) {
+ struct hostapd_radius_server *next, *old;
+ old = conf->auth_server;
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_NOTICE,
+ "No response from Authentication server "
+ "%s:%d - failover",
+ hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)),
+ old->port);
+
+ for (entry = radius->msgs; entry; entry = entry->next) {
+ if (entry->msg_type == RADIUS_AUTH)
+ old->timeouts++;
+ }
+
+ next = old + 1;
+ if (next > &(conf->auth_servers[conf->num_auth_servers - 1]))
+ next = conf->auth_servers;
+ conf->auth_server = next;
+ radius_change_server(radius, next, old,
+ radius->auth_serv_sock,
+ radius->auth_serv_sock6, 1);
+ }
+
+ if (acct_failover && conf->num_acct_servers > 1) {
+ struct hostapd_radius_server *next, *old;
+ old = conf->acct_server;
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_NOTICE,
+ "No response from Accounting server "
+ "%s:%d - failover",
+ hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)),
+ old->port);
+
+ for (entry = radius->msgs; entry; entry = entry->next) {
+ if (entry->msg_type == RADIUS_ACCT ||
+ entry->msg_type == RADIUS_ACCT_INTERIM)
+ old->timeouts++;
+ }
+
+ next = old + 1;
+ if (next > &conf->acct_servers[conf->num_acct_servers - 1])
+ next = conf->acct_servers;
+ conf->acct_server = next;
+ radius_change_server(radius, next, old,
+ radius->acct_serv_sock,
+ radius->acct_serv_sock6, 0);
+ }
+}
+
+
+static void radius_client_update_timeout(struct radius_client_data *radius)
+{
+ struct os_time now;
+ os_time_t first;
+ struct radius_msg_list *entry;
+
+ eloop_cancel_timeout(radius_client_timer, radius, NULL);
+
+ if (radius->msgs == NULL) {
+ return;
+ }
+
+ first = 0;
+ for (entry = radius->msgs; entry; entry = entry->next) {
+ if (first == 0 || entry->next_try < first)
+ first = entry->next_try;
+ }
+
+ os_get_time(&now);
+ if (first < now.sec)
+ first = now.sec;
+ eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
+ NULL);
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in"
+ " %ld seconds\n", (long int) (first - now.sec));
+}
+
+
+static void radius_client_list_add(struct radius_client_data *radius,
+ struct radius_msg *msg,
+ RadiusType msg_type, u8 *shared_secret,
+ size_t shared_secret_len, const u8 *addr)
+{
+ struct radius_msg_list *entry, *prev;
+
+ if (eloop_terminated()) {
+ /* No point in adding entries to retransmit queue since event
+ * loop has already been terminated. */
+ radius_msg_free(msg);
+ os_free(msg);
+ return;
+ }
+
+ entry = wpa_zalloc(sizeof(*entry));
+ if (entry == NULL) {
+ printf("Failed to add RADIUS packet into retransmit list\n");
+ radius_msg_free(msg);
+ os_free(msg);
+ return;
+ }
+
+ if (addr)
+ os_memcpy(entry->addr, addr, ETH_ALEN);
+ entry->msg = msg;
+ entry->msg_type = msg_type;
+ entry->shared_secret = shared_secret;
+ entry->shared_secret_len = shared_secret_len;
+ os_get_time(&entry->last_attempt);
+ entry->first_try = entry->last_attempt.sec;
+ entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT;
+ entry->attempts = 1;
+ entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2;
+ entry->next = radius->msgs;
+ radius->msgs = entry;
+ radius_client_update_timeout(radius);
+
+ if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
+ printf("Removing the oldest un-ACKed RADIUS packet due to "
+ "retransmit list limits.\n");
+ prev = NULL;
+ while (entry->next) {
+ prev = entry;
+ entry = entry->next;
+ }
+ if (prev) {
+ prev->next = NULL;
+ radius_client_msg_free(entry);
+ }
+ } else
+ radius->num_msgs++;
+}
+
+
+static void radius_client_list_del(struct radius_client_data *radius,
+ RadiusType msg_type, const u8 *addr)
+{
+ struct radius_msg_list *entry, *prev, *tmp;
+
+ if (addr == NULL)
+ return;
+
+ entry = radius->msgs;
+ prev = NULL;
+ while (entry) {
+ if (entry->msg_type == msg_type &&
+ os_memcmp(entry->addr, addr, ETH_ALEN) == 0) {
+ if (prev)
+ prev->next = entry->next;
+ else
+ radius->msgs = entry->next;
+ tmp = entry;
+ entry = entry->next;
+ hostapd_logger(radius->ctx, addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "Removing matching RADIUS message");
+ radius_client_msg_free(tmp);
+ radius->num_msgs--;
+ continue;
+ }
+ prev = entry;
+ entry = entry->next;
+ }
+}
+
+
+int radius_client_send(struct radius_client_data *radius,
+ struct radius_msg *msg, RadiusType msg_type,
+ const u8 *addr)
+{
+ struct hostapd_radius_servers *conf = radius->conf;
+ u8 *shared_secret;
+ size_t shared_secret_len;
+ char *name;
+ int s, res;
+
+ if (msg_type == RADIUS_ACCT_INTERIM) {
+ /* Remove any pending interim acct update for the same STA. */
+ radius_client_list_del(radius, msg_type, addr);
+ }
+
+ if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
+ if (conf->acct_server == NULL) {
+ hostapd_logger(radius->ctx, NULL,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "No accounting server configured");
+ return -1;
+ }
+ shared_secret = conf->acct_server->shared_secret;
+ shared_secret_len = conf->acct_server->shared_secret_len;
+ radius_msg_finish_acct(msg, shared_secret, shared_secret_len);
+ name = "accounting";
+ s = radius->acct_sock;
+ conf->acct_server->requests++;
+ } else {
+ if (conf->auth_server == NULL) {
+ hostapd_logger(radius->ctx, NULL,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "No authentication server configured");
+ return -1;
+ }
+ shared_secret = conf->auth_server->shared_secret;
+ shared_secret_len = conf->auth_server->shared_secret_len;
+ radius_msg_finish(msg, shared_secret, shared_secret_len);
+ name = "authentication";
+ s = radius->auth_sock;
+ conf->auth_server->requests++;
+ }
+
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s "
+ "server", name);
+ if (conf->msg_dumps)
+ radius_msg_dump(msg);
+
+ res = send(s, msg->buf, msg->buf_used, 0);
+ if (res < 0)
+ radius_client_handle_send_error(radius, s, msg_type);
+
+ radius_client_list_add(radius, msg, msg_type, shared_secret,
+ shared_secret_len, addr);
+
+ return res;
+}
+
+
+static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct radius_client_data *radius = eloop_ctx;
+ struct hostapd_radius_servers *conf = radius->conf;
+ RadiusType msg_type = (RadiusType) sock_ctx;
+ int len, roundtrip;
+ unsigned char buf[3000];
+ struct radius_msg *msg;
+ struct radius_rx_handler *handlers;
+ size_t num_handlers, i;
+ struct radius_msg_list *req, *prev_req;
+ struct os_time now;
+ struct hostapd_radius_server *rconf;
+ int invalid_authenticator = 0;
+
+ if (msg_type == RADIUS_ACCT) {
+ handlers = radius->acct_handlers;
+ num_handlers = radius->num_acct_handlers;
+ rconf = conf->acct_server;
+ } else {
+ handlers = radius->auth_handlers;
+ num_handlers = radius->num_auth_handlers;
+ rconf = conf->auth_server;
+ }
+
+ len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT);
+ if (len < 0) {
+ perror("recv[RADIUS]");
+ return;
+ }
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS "
+ "server", len);
+ if (len == sizeof(buf)) {
+ printf("Possibly too long UDP frame for our buffer - "
+ "dropping it\n");
+ return;
+ }
+
+ msg = radius_msg_parse(buf, len);
+ if (msg == NULL) {
+ printf("Parsing incoming RADIUS frame failed\n");
+ rconf->malformed_responses++;
+ return;
+ }
+
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "Received RADIUS message");
+ if (conf->msg_dumps)
+ radius_msg_dump(msg);
+
+ switch (msg->hdr->code) {
+ case RADIUS_CODE_ACCESS_ACCEPT:
+ rconf->access_accepts++;
+ break;
+ case RADIUS_CODE_ACCESS_REJECT:
+ rconf->access_rejects++;
+ break;
+ case RADIUS_CODE_ACCESS_CHALLENGE:
+ rconf->access_challenges++;
+ break;
+ case RADIUS_CODE_ACCOUNTING_RESPONSE:
+ rconf->responses++;
+ break;
+ }
+
+ prev_req = NULL;
+ req = radius->msgs;
+ while (req) {
+ /* TODO: also match by src addr:port of the packet when using
+ * alternative RADIUS servers (?) */
+ if ((req->msg_type == msg_type ||
+ (req->msg_type == RADIUS_ACCT_INTERIM &&
+ msg_type == RADIUS_ACCT)) &&
+ req->msg->hdr->identifier == msg->hdr->identifier)
+ break;
+
+ prev_req = req;
+ req = req->next;
+ }
+
+ if (req == NULL) {
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "No matching RADIUS request found (type=%d "
+ "id=%d) - dropping packet",
+ msg_type, msg->hdr->identifier);
+ goto fail;
+ }
+
+ os_get_time(&now);
+ roundtrip = (now.sec - req->last_attempt.sec) * 100 +
+ (now.usec - req->last_attempt.usec) / 10000;
+ hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "Received RADIUS packet matched with a pending "
+ "request, round trip time %d.%02d sec",
+ roundtrip / 100, roundtrip % 100);
+ rconf->round_trip_time = roundtrip;
+
+ /* Remove ACKed RADIUS packet from retransmit list */
+ if (prev_req)
+ prev_req->next = req->next;
+ else
+ radius->msgs = req->next;
+ radius->num_msgs--;
+
+ for (i = 0; i < num_handlers; i++) {
+ RadiusRxResult res;
+ res = handlers[i].handler(msg, req->msg, req->shared_secret,
+ req->shared_secret_len,
+ handlers[i].data);
+ switch (res) {
+ case RADIUS_RX_PROCESSED:
+ radius_msg_free(msg);
+ os_free(msg);
+ /* continue */
+ case RADIUS_RX_QUEUED:
+ radius_client_msg_free(req);
+ return;
+ case RADIUS_RX_INVALID_AUTHENTICATOR:
+ invalid_authenticator++;
+ /* continue */
+ case RADIUS_RX_UNKNOWN:
+ /* continue with next handler */
+ break;
+ }
+ }
+
+ if (invalid_authenticator)
+ rconf->bad_authenticators++;
+ else
+ rconf->unknown_types++;
+ hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found "
+ "(type=%d code=%d id=%d)%s - dropping packet",
+ msg_type, msg->hdr->code, msg->hdr->identifier,
+ invalid_authenticator ? " [INVALID AUTHENTICATOR]" :
+ "");
+ radius_client_msg_free(req);
+
+ fail:
+ radius_msg_free(msg);
+ os_free(msg);
+}
+
+
+u8 radius_client_get_id(struct radius_client_data *radius)
+{
+ struct radius_msg_list *entry, *prev, *_remove;
+ u8 id = radius->next_radius_identifier++;
+
+ /* remove entries with matching id from retransmit list to avoid
+ * using new reply from the RADIUS server with an old request */
+ entry = radius->msgs;
+ prev = NULL;
+ while (entry) {
+ if (entry->msg->hdr->identifier == id) {
+ hostapd_logger(radius->ctx, entry->addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "Removing pending RADIUS message, "
+ "since its id (%d) is reused", id);
+ if (prev)
+ prev->next = entry->next;
+ else
+ radius->msgs = entry->next;
+ _remove = entry;
+ } else {
+ _remove = NULL;
+ prev = entry;
+ }
+ entry = entry->next;
+
+ if (_remove)
+ radius_client_msg_free(_remove);
+ }
+
+ return id;
+}
+
+
+void radius_client_flush(struct radius_client_data *radius, int only_auth)
+{
+ struct radius_msg_list *entry, *prev, *tmp;
+
+ if (!radius)
+ return;
+
+ prev = NULL;
+ entry = radius->msgs;
+
+ while (entry) {
+ if (!only_auth || entry->msg_type == RADIUS_AUTH) {
+ if (prev)
+ prev->next = entry->next;
+ else
+ radius->msgs = entry->next;
+
+ tmp = entry;
+ entry = entry->next;
+ radius_client_msg_free(tmp);
+ radius->num_msgs--;
+ } else {
+ prev = entry;
+ entry = entry->next;
+ }
+ }
+
+ if (radius->msgs == NULL)
+ eloop_cancel_timeout(radius_client_timer, radius, NULL);
+}
+
+
+void radius_client_update_acct_msgs(struct radius_client_data *radius,
+ u8 *shared_secret,
+ size_t shared_secret_len)
+{
+ struct radius_msg_list *entry;
+
+ if (!radius)
+ return;
+
+ for (entry = radius->msgs; entry; entry = entry->next) {
+ if (entry->msg_type == RADIUS_ACCT) {
+ entry->shared_secret = shared_secret;
+ entry->shared_secret_len = shared_secret_len;
+ radius_msg_finish_acct(entry->msg, shared_secret,
+ shared_secret_len);
+ }
+ }
+}
+
+
+static int
+radius_change_server(struct radius_client_data *radius,
+ struct hostapd_radius_server *nserv,
+ struct hostapd_radius_server *oserv,
+ int sock, int sock6, int auth)
+{
+ struct sockaddr_in serv;
+#ifdef CONFIG_IPV6
+ struct sockaddr_in6 serv6;
+#endif /* CONFIG_IPV6 */
+ struct sockaddr *addr;
+ socklen_t addrlen;
+ char abuf[50];
+ int sel_sock;
+ struct radius_msg_list *entry;
+
+ hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "%s server %s:%d",
+ auth ? "Authentication" : "Accounting",
+ hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
+ nserv->port);
+
+ if (!oserv || nserv->shared_secret_len != oserv->shared_secret_len ||
+ os_memcmp(nserv->shared_secret, oserv->shared_secret,
+ nserv->shared_secret_len) != 0) {
+ /* Pending RADIUS packets used different shared secret, so
+ * they need to be modified. Update accounting message
+ * authenticators here. Authentication messages are removed
+ * since they would require more changes and the new RADIUS
+ * server may not be prepared to receive them anyway due to
+ * missing state information. Client will likely retry
+ * authentication, so this should not be an issue. */
+ if (auth)
+ radius_client_flush(radius, 1);
+ else {
+ radius_client_update_acct_msgs(
+ radius, nserv->shared_secret,
+ nserv->shared_secret_len);
+ }
+ }
+
+ /* Reset retry counters for the new server */
+ for (entry = radius->msgs; entry; entry = entry->next) {
+ if ((auth && entry->msg_type != RADIUS_AUTH) ||
+ (!auth && entry->msg_type != RADIUS_ACCT))
+ continue;
+ entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT;
+ entry->attempts = 0;
+ entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2;
+ }
+
+ if (radius->msgs) {
+ eloop_cancel_timeout(radius_client_timer, radius, NULL);
+ eloop_register_timeout(RADIUS_CLIENT_FIRST_WAIT, 0,
+ radius_client_timer, radius, NULL);
+ }
+
+ switch (nserv->addr.af) {
+ case AF_INET:
+ os_memset(&serv, 0, sizeof(serv));
+ serv.sin_family = AF_INET;
+ serv.sin_addr.s_addr = nserv->addr.u.v4.s_addr;
+ serv.sin_port = htons(nserv->port);
+ addr = (struct sockaddr *) &serv;
+ addrlen = sizeof(serv);
+ sel_sock = sock;
+ break;
+#ifdef CONFIG_IPV6
+ case AF_INET6:
+ os_memset(&serv6, 0, sizeof(serv6));
+ serv6.sin6_family = AF_INET6;
+ os_memcpy(&serv6.sin6_addr, &nserv->addr.u.v6,
+ sizeof(struct in6_addr));
+ serv6.sin6_port = htons(nserv->port);
+ addr = (struct sockaddr *) &serv6;
+ addrlen = sizeof(serv6);
+ sel_sock = sock6;
+ break;
+#endif /* CONFIG_IPV6 */
+ default:
+ return -1;
+ }
+
+ if (connect(sel_sock, addr, addrlen) < 0) {
+ perror("connect[radius]");
+ return -1;
+ }
+
+ if (auth)
+ radius->auth_sock = sel_sock;
+ else
+ radius->acct_sock = sel_sock;
+
+ return 0;
+}
+
+
+static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct radius_client_data *radius = eloop_ctx;
+ struct hostapd_radius_servers *conf = radius->conf;
+ struct hostapd_radius_server *oserv;
+
+ if (radius->auth_sock >= 0 && conf->auth_servers &&
+ conf->auth_server != conf->auth_servers) {
+ oserv = conf->auth_server;
+ conf->auth_server = conf->auth_servers;
+ radius_change_server(radius, conf->auth_server, oserv,
+ radius->auth_serv_sock,
+ radius->auth_serv_sock6, 1);
+ }
+
+ if (radius->acct_sock >= 0 && conf->acct_servers &&
+ conf->acct_server != conf->acct_servers) {
+ oserv = conf->acct_server;
+ conf->acct_server = conf->acct_servers;
+ radius_change_server(radius, conf->acct_server, oserv,
+ radius->acct_serv_sock,
+ radius->acct_serv_sock6, 0);
+ }
+
+ if (conf->retry_primary_interval)
+ eloop_register_timeout(conf->retry_primary_interval, 0,
+ radius_retry_primary_timer, radius,
+ NULL);
+}
+
+
+static int radius_client_init_auth(struct radius_client_data *radius)
+{
+ struct hostapd_radius_servers *conf = radius->conf;
+ int ok = 0;
+
+ radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (radius->auth_serv_sock < 0)
+ perror("socket[PF_INET,SOCK_DGRAM]");
+ else
+ ok++;
+
+#ifdef CONFIG_IPV6
+ radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
+ if (radius->auth_serv_sock6 < 0)
+ perror("socket[PF_INET6,SOCK_DGRAM]");
+ else
+ ok++;
+#endif /* CONFIG_IPV6 */
+
+ if (ok == 0)
+ return -1;
+
+ radius_change_server(radius, conf->auth_server, NULL,
+ radius->auth_serv_sock, radius->auth_serv_sock6,
+ 1);
+
+ if (radius->auth_serv_sock >= 0 &&
+ eloop_register_read_sock(radius->auth_serv_sock,
+ radius_client_receive, radius,
+ (void *) RADIUS_AUTH)) {
+ printf("Could not register read socket for authentication "
+ "server\n");
+ return -1;
+ }
+
+#ifdef CONFIG_IPV6
+ if (radius->auth_serv_sock6 >= 0 &&
+ eloop_register_read_sock(radius->auth_serv_sock6,
+ radius_client_receive, radius,
+ (void *) RADIUS_AUTH)) {
+ printf("Could not register read socket for authentication "
+ "server\n");
+ return -1;
+ }
+#endif /* CONFIG_IPV6 */
+
+ return 0;
+}
+
+
+static int radius_client_init_acct(struct radius_client_data *radius)
+{
+ struct hostapd_radius_servers *conf = radius->conf;
+ int ok = 0;
+
+ radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (radius->acct_serv_sock < 0)
+ perror("socket[PF_INET,SOCK_DGRAM]");
+ else
+ ok++;
+
+#ifdef CONFIG_IPV6
+ radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
+ if (radius->acct_serv_sock6 < 0)
+ perror("socket[PF_INET6,SOCK_DGRAM]");
+ else
+ ok++;
+#endif /* CONFIG_IPV6 */
+
+ if (ok == 0)
+ return -1;
+
+ radius_change_server(radius, conf->acct_server, NULL,
+ radius->acct_serv_sock, radius->acct_serv_sock6,
+ 0);
+
+ if (radius->acct_serv_sock >= 0 &&
+ eloop_register_read_sock(radius->acct_serv_sock,
+ radius_client_receive, radius,
+ (void *) RADIUS_ACCT)) {
+ printf("Could not register read socket for accounting "
+ "server\n");
+ return -1;
+ }
+
+#ifdef CONFIG_IPV6
+ if (radius->acct_serv_sock6 >= 0 &&
+ eloop_register_read_sock(radius->acct_serv_sock6,
+ radius_client_receive, radius,
+ (void *) RADIUS_ACCT)) {
+ printf("Could not register read socket for accounting "
+ "server\n");
+ return -1;
+ }
+#endif /* CONFIG_IPV6 */
+
+ return 0;
+}
+
+
+struct radius_client_data *
+radius_client_init(void *ctx, struct hostapd_radius_servers *conf)
+{
+ struct radius_client_data *radius;
+
+ radius = wpa_zalloc(sizeof(struct radius_client_data));
+ if (radius == NULL)
+ return NULL;
+
+ radius->ctx = ctx;
+ radius->conf = conf;
+ radius->auth_serv_sock = radius->acct_serv_sock =
+ radius->auth_serv_sock6 = radius->acct_serv_sock6 =
+ radius->auth_sock = radius->acct_sock = -1;
+
+ if (conf->auth_server && radius_client_init_auth(radius)) {
+ radius_client_deinit(radius);
+ return NULL;
+ }
+
+ if (conf->acct_server && radius_client_init_acct(radius)) {
+ radius_client_deinit(radius);
+ return NULL;
+ }
+
+ if (conf->retry_primary_interval)
+ eloop_register_timeout(conf->retry_primary_interval, 0,
+ radius_retry_primary_timer, radius,
+ NULL);
+
+ return radius;
+}
+
+
+void radius_client_deinit(struct radius_client_data *radius)
+{
+ if (!radius)
+ return;
+
+ if (radius->auth_serv_sock >= 0)
+ eloop_unregister_read_sock(radius->auth_serv_sock);
+ if (radius->acct_serv_sock >= 0)
+ eloop_unregister_read_sock(radius->acct_serv_sock);
+
+ eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
+
+ radius_client_flush(radius, 0);
+ os_free(radius->auth_handlers);
+ os_free(radius->acct_handlers);
+ os_free(radius);
+}
+
+
+void radius_client_flush_auth(struct radius_client_data *radius, u8 *addr)
+{
+ struct radius_msg_list *entry, *prev, *tmp;
+
+ prev = NULL;
+ entry = radius->msgs;
+ while (entry) {
+ if (entry->msg_type == RADIUS_AUTH &&
+ os_memcmp(entry->addr, addr, ETH_ALEN) == 0) {
+ hostapd_logger(radius->ctx, addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "Removing pending RADIUS authentication"
+ " message for removed client");
+
+ if (prev)
+ prev->next = entry->next;
+ else
+ radius->msgs = entry->next;
+
+ tmp = entry;
+ entry = entry->next;
+ radius_client_msg_free(tmp);
+ radius->num_msgs--;
+ continue;
+ }
+
+ prev = entry;
+ entry = entry->next;
+ }
+}
+
+
+static int radius_client_dump_auth_server(char *buf, size_t buflen,
+ struct hostapd_radius_server *serv,
+ struct radius_client_data *cli)
+{
+ int pending = 0;
+ struct radius_msg_list *msg;
+ char abuf[50];
+
+ if (cli) {
+ for (msg = cli->msgs; msg; msg = msg->next) {
+ if (msg->msg_type == RADIUS_AUTH)
+ pending++;
+ }
+ }
+
+ return os_snprintf(buf, buflen,
+ "radiusAuthServerIndex=%d\n"
+ "radiusAuthServerAddress=%s\n"
+ "radiusAuthClientServerPortNumber=%d\n"
+ "radiusAuthClientRoundTripTime=%d\n"
+ "radiusAuthClientAccessRequests=%u\n"
+ "radiusAuthClientAccessRetransmissions=%u\n"
+ "radiusAuthClientAccessAccepts=%u\n"
+ "radiusAuthClientAccessRejects=%u\n"
+ "radiusAuthClientAccessChallenges=%u\n"
+ "radiusAuthClientMalformedAccessResponses=%u\n"
+ "radiusAuthClientBadAuthenticators=%u\n"
+ "radiusAuthClientPendingRequests=%u\n"
+ "radiusAuthClientTimeouts=%u\n"
+ "radiusAuthClientUnknownTypes=%u\n"
+ "radiusAuthClientPacketsDropped=%u\n",
+ serv->index,
+ hostapd_ip_txt(&serv->addr, abuf, sizeof(abuf)),
+ serv->port,
+ serv->round_trip_time,
+ serv->requests,
+ serv->retransmissions,
+ serv->access_accepts,
+ serv->access_rejects,
+ serv->access_challenges,
+ serv->malformed_responses,
+ serv->bad_authenticators,
+ pending,
+ serv->timeouts,
+ serv->unknown_types,
+ serv->packets_dropped);
+}
+
+
+static int radius_client_dump_acct_server(char *buf, size_t buflen,
+ struct hostapd_radius_server *serv,
+ struct radius_client_data *cli)
+{
+ int pending = 0;
+ struct radius_msg_list *msg;
+ char abuf[50];
+
+ if (cli) {
+ for (msg = cli->msgs; msg; msg = msg->next) {
+ if (msg->msg_type == RADIUS_ACCT ||
+ msg->msg_type == RADIUS_ACCT_INTERIM)
+ pending++;
+ }
+ }
+
+ return os_snprintf(buf, buflen,
+ "radiusAccServerIndex=%d\n"
+ "radiusAccServerAddress=%s\n"
+ "radiusAccClientServerPortNumber=%d\n"
+ "radiusAccClientRoundTripTime=%d\n"
+ "radiusAccClientRequests=%u\n"
+ "radiusAccClientRetransmissions=%u\n"
+ "radiusAccClientResponses=%u\n"
+ "radiusAccClientMalformedResponses=%u\n"
+ "radiusAccClientBadAuthenticators=%u\n"
+ "radiusAccClientPendingRequests=%u\n"
+ "radiusAccClientTimeouts=%u\n"
+ "radiusAccClientUnknownTypes=%u\n"
+ "radiusAccClientPacketsDropped=%u\n",
+ serv->index,
+ hostapd_ip_txt(&serv->addr, abuf, sizeof(abuf)),
+ serv->port,
+ serv->round_trip_time,
+ serv->requests,
+ serv->retransmissions,
+ serv->responses,
+ serv->malformed_responses,
+ serv->bad_authenticators,
+ pending,
+ serv->timeouts,
+ serv->unknown_types,
+ serv->packets_dropped);
+}
+
+
+int radius_client_get_mib(struct radius_client_data *radius, char *buf,
+ size_t buflen)
+{
+ struct hostapd_radius_servers *conf = radius->conf;
+ int i;
+ struct hostapd_radius_server *serv;
+ int count = 0;
+
+ if (conf->auth_servers) {
+ for (i = 0; i < conf->num_auth_servers; i++) {
+ serv = &conf->auth_servers[i];
+ count += radius_client_dump_auth_server(
+ buf + count, buflen - count, serv,
+ serv == conf->auth_server ?
+ radius : NULL);
+ }
+ }
+
+ if (conf->acct_servers) {
+ for (i = 0; i < conf->num_acct_servers; i++) {
+ serv = &conf->acct_servers[i];
+ count += radius_client_dump_acct_server(
+ buf + count, buflen - count, serv,
+ serv == conf->acct_server ?
+ radius : NULL);
+ }
+ }
+
+ return count;
+}
+
+
+static int radius_servers_diff(struct hostapd_radius_server *nserv,
+ struct hostapd_radius_server *oserv,
+ int num)
+{
+ int i;
+
+ for (i = 0; i < num; i++) {
+ if (hostapd_ip_diff(&nserv[i].addr, &oserv[i].addr) ||
+ nserv[i].port != oserv[i].port ||
+ nserv[i].shared_secret_len != oserv[i].shared_secret_len ||
+ memcmp(nserv[i].shared_secret, oserv[i].shared_secret,
+ nserv[i].shared_secret_len) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+
+struct radius_client_data *
+radius_client_reconfig(struct radius_client_data *old, void *ctx,
+ struct hostapd_radius_servers *oldconf,
+ struct hostapd_radius_servers *newconf)
+{
+ radius_client_flush(old, 0);
+
+ if (newconf->retry_primary_interval !=
+ oldconf->retry_primary_interval ||
+ newconf->num_auth_servers != oldconf->num_auth_servers ||
+ newconf->num_acct_servers != oldconf->num_acct_servers ||
+ radius_servers_diff(newconf->auth_servers, oldconf->auth_servers,
+ newconf->num_auth_servers) ||
+ radius_servers_diff(newconf->acct_servers, oldconf->acct_servers,
+ newconf->num_acct_servers)) {
+ hostapd_logger(ctx, NULL, HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_DEBUG,
+ "Reconfiguring RADIUS client");
+ radius_client_deinit(old);
+ return radius_client_init(ctx, newconf);
+ }
+
+ return old;
+}
--- /dev/null
+/*
+ * hostapd / RADIUS client
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef RADIUS_CLIENT_H
+#define RADIUS_CLIENT_H
+
+#include "config_types.h"
+
+struct radius_msg;
+
+struct hostapd_radius_server {
+ /* MIB prefix for shared variables:
+ * @ = radiusAuth or radiusAcc depending on the type of the server */
+ struct hostapd_ip_addr addr; /* @ServerAddress */
+ int port; /* @ClientServerPortNumber */
+ u8 *shared_secret;
+ size_t shared_secret_len;
+
+ /* Dynamic (not from configuration file) MIB data */
+ int index; /* @ServerIndex */
+ int round_trip_time; /* @ClientRoundTripTime; in hundredths of a
+ * second */
+ u32 requests; /* @Client{Access,}Requests */
+ u32 retransmissions; /* @Client{Access,}Retransmissions */
+ u32 access_accepts; /* radiusAuthClientAccessAccepts */
+ u32 access_rejects; /* radiusAuthClientAccessRejects */
+ u32 access_challenges; /* radiusAuthClientAccessChallenges */
+ u32 responses; /* radiusAccClientResponses */
+ u32 malformed_responses; /* @ClientMalformed{Access,}Responses */
+ u32 bad_authenticators; /* @ClientBadAuthenticators */
+ u32 timeouts; /* @ClientTimeouts */
+ u32 unknown_types; /* @ClientUnknownTypes */
+ u32 packets_dropped; /* @ClientPacketsDropped */
+ /* @ClientPendingRequests: length of hapd->radius->msgs for matching
+ * msg_type */
+};
+
+struct hostapd_radius_servers {
+ /* RADIUS Authentication and Accounting servers in priority order */
+ struct hostapd_radius_server *auth_servers, *auth_server;
+ int num_auth_servers;
+ struct hostapd_radius_server *acct_servers, *acct_server;
+ int num_acct_servers;
+
+ int retry_primary_interval;
+ int acct_interim_interval;
+
+ int msg_dumps;
+};
+
+
+typedef enum {
+ RADIUS_AUTH,
+ RADIUS_ACCT,
+ RADIUS_ACCT_INTERIM /* used only with radius_client_send(); just like
+ * RADIUS_ACCT, but removes any pending interim
+ * RADIUS Accounting packages for the same STA
+ * before sending the new interim update */
+} RadiusType;
+
+typedef enum {
+ RADIUS_RX_PROCESSED,
+ RADIUS_RX_QUEUED,
+ RADIUS_RX_UNKNOWN,
+ RADIUS_RX_INVALID_AUTHENTICATOR
+} RadiusRxResult;
+
+struct radius_client_data;
+
+int radius_client_register(struct radius_client_data *radius,
+ RadiusType msg_type,
+ RadiusRxResult (*handler)
+ (struct radius_msg *msg, struct radius_msg *req,
+ u8 *shared_secret, size_t shared_secret_len,
+ void *data),
+ void *data);
+int radius_client_send(struct radius_client_data *radius,
+ struct radius_msg *msg,
+ RadiusType msg_type, const u8 *addr);
+u8 radius_client_get_id(struct radius_client_data *radius);
+
+void radius_client_flush(struct radius_client_data *radius, int only_auth);
+struct radius_client_data *
+radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
+void radius_client_deinit(struct radius_client_data *radius);
+void radius_client_flush_auth(struct radius_client_data *radius, u8 *addr);
+int radius_client_get_mib(struct radius_client_data *radius, char *buf,
+ size_t buflen);
+struct radius_client_data *
+radius_client_reconfig(struct radius_client_data *old, void *ctx,
+ struct hostapd_radius_servers *oldconf,
+ struct hostapd_radius_servers *newconf);
+
+#endif /* RADIUS_CLIENT_H */
--- /dev/null
+/*
+ * RC4 stream cipher
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "rc4.h"
+
+#define S_SWAP(a,b) do { u8 t = S[a]; S[a] = S[b]; S[b] = t; } while(0)
+
+/**
+ * rc4 - XOR RC4 stream to given data with skip-stream-start
+ * @key: RC4 key
+ * @keylen: RC4 key length
+ * @skip: number of bytes to skip from the beginning of the RC4 stream
+ * @data: data to be XOR'ed with RC4 stream
+ * @data_len: buf length
+ *
+ * Generate RC4 pseudo random stream for the given key, skip beginning of the
+ * stream, and XOR the end result with the data buffer to perform RC4
+ * encryption/decryption.
+ */
+void rc4_skip(const u8 *key, size_t keylen, size_t skip,
+ u8 *data, size_t data_len)
+{
+ u32 i, j, k;
+ u8 S[256], *pos;
+ size_t kpos;
+
+ /* Setup RC4 state */
+ for (i = 0; i < 256; i++)
+ S[i] = i;
+ j = 0;
+ kpos = 0;
+ for (i = 0; i < 256; i++) {
+ j = (j + S[i] + key[kpos]) & 0xff;
+ kpos++;
+ if (kpos >= keylen)
+ kpos = 0;
+ S_SWAP(i, j);
+ }
+
+ /* Skip the start of the stream */
+ i = j = 0;
+ for (k = 0; k < skip; k++) {
+ i = (i + 1) & 0xff;
+ j = (j + S[i]) & 0xff;
+ S_SWAP(i, j);
+ }
+
+ /* Apply RC4 to data */
+ pos = data;
+ for (k = 0; k < data_len; k++) {
+ i = (i + 1) & 0xff;
+ j = (j + S[i]) & 0xff;
+ S_SWAP(i, j);
+ *pos++ ^= S[(S[i] + S[j]) & 0xff];
+ }
+}
+
+
+/**
+ * rc4 - XOR RC4 stream to given data
+ * @buf: data to be XOR'ed with RC4 stream
+ * @len: buf length
+ * @key: RC4 key
+ * @key_len: RC4 key length
+ *
+ * Generate RC4 pseudo random stream for the given key and XOR this with the
+ * data buffer to perform RC4 encryption/decryption.
+ */
+void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len)
+{
+ rc4_skip(key, key_len, 0, buf, len);
+}
--- /dev/null
+/*
+ * RC4 stream cipher
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef RC4_H
+#define RC4_H
+
+void rc4_skip(const u8 *key, size_t keylen, size_t skip,
+ u8 *data, size_t data_len);
+void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len);
+
+#endif /* RC4_H */
--- /dev/null
+/*
+ * RSA
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+#include "asn1.h"
+#include "bignum.h"
+#include "rsa.h"
+
+
+struct crypto_rsa_key {
+ int private_key; /* whether private key is set */
+ struct bignum *n; /* modulus (p * q) */
+ struct bignum *e; /* public exponent */
+ /* The following parameters are available only if private_key is set */
+ struct bignum *d; /* private exponent */
+ struct bignum *p; /* prime p (factor of n) */
+ struct bignum *q; /* prime q (factor of n) */
+ struct bignum *dmp1; /* d mod (p - 1); CRT exponent */
+ struct bignum *dmq1; /* d mod (q - 1); CRT exponent */
+ struct bignum *iqmp; /* 1 / q mod p; CRT coefficient */
+};
+
+
+static const u8 * crypto_rsa_parse_integer(const u8 *pos, const u8 *end,
+ struct bignum *num)
+{
+ struct asn1_hdr hdr;
+
+ if (pos == NULL)
+ return NULL;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_INTEGER) {
+ wpa_printf(MSG_DEBUG, "RSA: Expected INTEGER - found class %d "
+ "tag 0x%x", hdr.class, hdr.tag);
+ return NULL;
+ }
+
+ if (bignum_set_unsigned_bin(num, hdr.payload, hdr.length) < 0) {
+ wpa_printf(MSG_DEBUG, "RSA: Failed to parse INTEGER");
+ return NULL;
+ }
+
+ return hdr.payload + hdr.length;
+}
+
+
+/**
+ * crypto_rsa_import_public_key - Import an RSA public key
+ * @buf: Key buffer (DER encoded RSA public key)
+ * @len: Key buffer length in bytes
+ * Returns: Pointer to the public key or %NULL on failure
+ */
+struct crypto_rsa_key *
+crypto_rsa_import_public_key(const u8 *buf, size_t len)
+{
+ struct crypto_rsa_key *key;
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+
+ key = os_zalloc(sizeof(*key));
+ if (key == NULL)
+ return NULL;
+
+ key->n = bignum_init();
+ key->e = bignum_init();
+ if (key->n == NULL || key->e == NULL) {
+ crypto_rsa_free(key);
+ return NULL;
+ }
+
+ /*
+ * PKCS #1, 7.1:
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER -- e
+ * }
+ */
+
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "RSA: Expected SEQUENCE "
+ "(public key) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto error;
+ }
+ pos = hdr.payload;
+ end = pos + hdr.length;
+
+ pos = crypto_rsa_parse_integer(pos, end, key->n);
+ pos = crypto_rsa_parse_integer(pos, end, key->e);
+
+ if (pos == NULL)
+ goto error;
+
+ if (pos != end) {
+ wpa_hexdump(MSG_DEBUG,
+ "RSA: Extra data in public key SEQUENCE",
+ pos, end - pos);
+ goto error;
+ }
+
+ return key;
+
+error:
+ crypto_rsa_free(key);
+ return NULL;
+}
+
+
+/**
+ * crypto_rsa_import_private_key - Import an RSA private key
+ * @buf: Key buffer (DER encoded RSA private key)
+ * @len: Key buffer length in bytes
+ * Returns: Pointer to the private key or %NULL on failure
+ */
+struct crypto_rsa_key *
+crypto_rsa_import_private_key(const u8 *buf, size_t len)
+{
+ struct crypto_rsa_key *key;
+ struct bignum *zero;
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+
+ key = os_zalloc(sizeof(*key));
+ if (key == NULL)
+ return NULL;
+
+ key->private_key = 1;
+
+ key->n = bignum_init();
+ key->e = bignum_init();
+ key->d = bignum_init();
+ key->p = bignum_init();
+ key->q = bignum_init();
+ key->dmp1 = bignum_init();
+ key->dmq1 = bignum_init();
+ key->iqmp = bignum_init();
+
+ if (key->n == NULL || key->e == NULL || key->d == NULL ||
+ key->p == NULL || key->q == NULL || key->dmp1 == NULL ||
+ key->dmq1 == NULL || key->iqmp == NULL) {
+ crypto_rsa_free(key);
+ return NULL;
+ }
+
+ /*
+ * PKCS #1, 7.2:
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version,
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER -- (inverse of q) mod p
+ * }
+ *
+ * Version ::= INTEGER -- shall be 0 for this version of the standard
+ */
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "RSA: Expected SEQUENCE "
+ "(public key) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto error;
+ }
+ pos = hdr.payload;
+ end = pos + hdr.length;
+
+ zero = bignum_init();
+ if (zero == NULL)
+ goto error;
+ pos = crypto_rsa_parse_integer(pos, end, zero);
+ if (pos == NULL || bignum_cmp_d(zero, 0) != 0) {
+ wpa_printf(MSG_DEBUG, "RSA: Expected zero INTEGER in the "
+ "beginning of private key; not found");
+ bignum_deinit(zero);
+ goto error;
+ }
+ bignum_deinit(zero);
+
+ pos = crypto_rsa_parse_integer(pos, end, key->n);
+ pos = crypto_rsa_parse_integer(pos, end, key->e);
+ pos = crypto_rsa_parse_integer(pos, end, key->d);
+ pos = crypto_rsa_parse_integer(pos, end, key->p);
+ pos = crypto_rsa_parse_integer(pos, end, key->q);
+ pos = crypto_rsa_parse_integer(pos, end, key->dmp1);
+ pos = crypto_rsa_parse_integer(pos, end, key->dmq1);
+ pos = crypto_rsa_parse_integer(pos, end, key->iqmp);
+
+ if (pos == NULL)
+ goto error;
+
+ if (pos != end) {
+ wpa_hexdump(MSG_DEBUG,
+ "RSA: Extra data in public key SEQUENCE",
+ pos, end - pos);
+ goto error;
+ }
+
+ return key;
+
+error:
+ crypto_rsa_free(key);
+ return NULL;
+}
+
+
+/**
+ * crypto_rsa_get_modulus_len - Get the modulus length of the RSA key
+ * @key: RSA key
+ * Returns: Modulus length of the key
+ */
+size_t crypto_rsa_get_modulus_len(struct crypto_rsa_key *key)
+{
+ return bignum_get_unsigned_bin_len(key->n);
+}
+
+
+/**
+ * crypto_rsa_exptmod - RSA modular exponentiation
+ * @in: Input data
+ * @inlen: Input data length
+ * @out: Buffer for output data
+ * @outlen: Maximum size of the output buffer and used size on success
+ * @key: RSA key
+ * @use_private: 1 = Use RSA private key, 0 = Use RSA public key
+ * Returns: 0 on success, -1 on failure
+ */
+int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
+ struct crypto_rsa_key *key, int use_private)
+{
+ struct bignum *tmp, *a = NULL, *b = NULL;
+ int ret = -1;
+ size_t modlen;
+
+ if (use_private && !key->private_key)
+ return -1;
+
+ tmp = bignum_init();
+ if (tmp == NULL)
+ return -1;
+
+ if (bignum_set_unsigned_bin(tmp, in, inlen) < 0)
+ goto error;
+ if (bignum_cmp(key->n, tmp) < 0) {
+ /* Too large input value for the RSA key modulus */
+ goto error;
+ }
+
+ if (use_private) {
+ /*
+ * Decrypt (or sign) using Chinese remainer theorem to speed
+ * up calculation. This is equivalent to tmp = tmp^d mod n
+ * (which would require more CPU to calculate directly).
+ *
+ * dmp1 = (1/e) mod (p-1)
+ * dmq1 = (1/e) mod (q-1)
+ * iqmp = (1/q) mod p, where p > q
+ * m1 = c^dmp1 mod p
+ * m2 = c^dmq1 mod q
+ * h = q^-1 (m1 - m2) mod p
+ * m = m2 + hq
+ */
+ a = bignum_init();
+ b = bignum_init();
+ if (a == NULL || b == NULL)
+ goto error;
+
+ /* a = tmp^dmp1 mod p */
+ if (bignum_exptmod(tmp, key->dmp1, key->p, a) < 0)
+ goto error;
+
+ /* b = tmp^dmq1 mod q */
+ if (bignum_exptmod(tmp, key->dmq1, key->q, b) < 0)
+ goto error;
+
+ /* tmp = (a - b) * (1/q mod p) (mod p) */
+ if (bignum_sub(a, b, tmp) < 0 ||
+ bignum_mulmod(tmp, key->iqmp, key->p, tmp) < 0)
+ goto error;
+
+ /* tmp = b + q * tmp */
+ if (bignum_mul(tmp, key->q, tmp) < 0 ||
+ bignum_add(tmp, b, tmp) < 0)
+ goto error;
+ } else {
+ /* Encrypt (or verify signature) */
+ /* tmp = tmp^e mod N */
+ if (bignum_exptmod(tmp, key->e, key->n, tmp) < 0)
+ goto error;
+ }
+
+ modlen = crypto_rsa_get_modulus_len(key);
+ if (modlen > *outlen) {
+ *outlen = modlen;
+ goto error;
+ }
+
+ if (bignum_get_unsigned_bin_len(tmp) > modlen)
+ goto error; /* should never happen */
+
+ *outlen = modlen;
+ os_memset(out, 0, modlen);
+ if (bignum_get_unsigned_bin(
+ tmp, out +
+ (modlen - bignum_get_unsigned_bin_len(tmp)), NULL) < 0)
+ goto error;
+
+ ret = 0;
+
+error:
+ bignum_deinit(tmp);
+ bignum_deinit(a);
+ bignum_deinit(b);
+ return ret;
+}
+
+
+/**
+ * crypto_rsa_free - Free RSA key
+ * @key: RSA key to be freed
+ *
+ * This function frees an RSA key imported with either
+ * crypto_rsa_import_public_key() or crypto_rsa_import_private_key().
+ */
+void crypto_rsa_free(struct crypto_rsa_key *key)
+{
+ if (key) {
+ bignum_deinit(key->n);
+ bignum_deinit(key->e);
+ bignum_deinit(key->d);
+ bignum_deinit(key->p);
+ bignum_deinit(key->q);
+ bignum_deinit(key->dmp1);
+ bignum_deinit(key->dmq1);
+ bignum_deinit(key->iqmp);
+ os_free(key);
+ }
+}
--- /dev/null
+/*
+ * RSA
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef RSA_H
+#define RSA_H
+
+struct crypto_rsa_key;
+
+struct crypto_rsa_key *
+crypto_rsa_import_public_key(const u8 *buf, size_t len);
+struct crypto_rsa_key *
+crypto_rsa_import_private_key(const u8 *buf, size_t len);
+size_t crypto_rsa_get_modulus_len(struct crypto_rsa_key *key);
+int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
+ struct crypto_rsa_key *key, int use_private);
+void crypto_rsa_free(struct crypto_rsa_key *key);
+
+#endif /* RSA_H */
--- /dev/null
+/*
+ * SHA1 hash implementation and interface functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "md5.h"
+#include "crypto.h"
+
+
+/**
+ * hmac_sha1_vector - HMAC-SHA1 over data vector (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash (20 bytes)
+ */
+void hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
+ unsigned char tk[20];
+ const u8 *_addr[6];
+ size_t _len[6], i;
+
+ if (num_elem > 5) {
+ /*
+ * Fixed limit on the number of fragments to avoid having to
+ * allocate memory (which could fail).
+ */
+ return;
+ }
+
+ /* if key is longer than 64 bytes reset it to key = SHA1(key) */
+ if (key_len > 64) {
+ sha1_vector(1, &key, &key_len, tk);
+ key = tk;
+ key_len = 20;
+ }
+
+ /* the HMAC_SHA1 transform looks like:
+ *
+ * SHA1(K XOR opad, SHA1(K XOR ipad, text))
+ *
+ * where K is an n byte key
+ * ipad is the byte 0x36 repeated 64 times
+ * opad is the byte 0x5c repeated 64 times
+ * and text is the data being protected */
+
+ /* start out by storing key in ipad */
+ os_memset(k_pad, 0, sizeof(k_pad));
+ os_memcpy(k_pad, key, key_len);
+ /* XOR key with ipad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x36;
+
+ /* perform inner SHA1 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ for (i = 0; i < num_elem; i++) {
+ _addr[i + 1] = addr[i];
+ _len[i + 1] = len[i];
+ }
+ sha1_vector(1 + num_elem, _addr, _len, mac);
+
+ os_memset(k_pad, 0, sizeof(k_pad));
+ os_memcpy(k_pad, key, key_len);
+ /* XOR key with opad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x5c;
+
+ /* perform outer SHA1 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ _addr[1] = mac;
+ _len[1] = SHA1_MAC_LEN;
+ sha1_vector(2, _addr, _len, mac);
+}
+
+
+/**
+ * hmac_sha1 - HMAC-SHA1 over data buffer (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @data: Pointers to the data area
+ * @data_len: Length of the data area
+ * @mac: Buffer for the hash (20 bytes)
+ */
+void hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac)
+{
+ hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+/**
+ * sha1_prf - SHA1-based Pseudo-Random Function (PRF) (IEEE 802.11i, 8.5.1.1)
+ * @key: Key for PRF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @data: Extra data to bind into the key
+ * @data_len: Length of the data
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key (e.g., PMK in IEEE 802.11i).
+ */
+void sha1_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
+{
+ u8 zero = 0, counter = 0;
+ size_t pos, plen;
+ u8 hash[SHA1_MAC_LEN];
+ size_t label_len = os_strlen(label);
+ const unsigned char *addr[4];
+ size_t len[4];
+
+ addr[0] = (u8 *) label;
+ len[0] = label_len;
+ addr[1] = &zero;
+ len[1] = 1;
+ addr[2] = data;
+ len[2] = data_len;
+ addr[3] = &counter;
+ len[3] = 1;
+
+ pos = 0;
+ while (pos < buf_len) {
+ plen = buf_len - pos;
+ if (plen >= SHA1_MAC_LEN) {
+ hmac_sha1_vector(key, key_len, 4, addr, len,
+ &buf[pos]);
+ pos += SHA1_MAC_LEN;
+ } else {
+ hmac_sha1_vector(key, key_len, 4, addr, len,
+ hash);
+ os_memcpy(&buf[pos], hash, plen);
+ break;
+ }
+ counter++;
+ }
+}
+
+
+/**
+ * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF)
+ * @key: Key for PRF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @seed: Seed value to bind into the key
+ * @seed_len: Length of the seed
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key for EAP-FAST. T-PRF is defined in
+ * draft-cam-winget-eap-fast-02.txt, Appendix B.
+ */
+void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len)
+{
+ unsigned char counter = 0;
+ size_t pos, plen;
+ u8 hash[SHA1_MAC_LEN];
+ size_t label_len = os_strlen(label);
+ u8 output_len[2];
+ const unsigned char *addr[5];
+ size_t len[5];
+
+ addr[0] = hash;
+ len[0] = 0;
+ addr[1] = (unsigned char *) label;
+ len[1] = label_len + 1;
+ addr[2] = seed;
+ len[2] = seed_len;
+ addr[3] = output_len;
+ len[3] = 2;
+ addr[4] = &counter;
+ len[4] = 1;
+
+ output_len[0] = (buf_len >> 8) & 0xff;
+ output_len[1] = buf_len & 0xff;
+ pos = 0;
+ while (pos < buf_len) {
+ counter++;
+ plen = buf_len - pos;
+ hmac_sha1_vector(key, key_len, 5, addr, len, hash);
+ if (plen >= SHA1_MAC_LEN) {
+ os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
+ pos += SHA1_MAC_LEN;
+ } else {
+ os_memcpy(&buf[pos], hash, plen);
+ break;
+ }
+ len[0] = SHA1_MAC_LEN;
+ }
+}
+
+
+/**
+ * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
+ * @secret: Key for PRF
+ * @secret_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @seed: Seed value to bind into the key
+ * @seed_len: Length of the seed
+ * @out: Buffer for the generated pseudo-random key
+ * @outlen: Number of bytes of key to generate
+ * Returns: 0 on success, -1 on failure.
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
+ */
+int tls_prf(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+{
+ size_t L_S1, L_S2, i;
+ const u8 *S1, *S2;
+ u8 A_MD5[MD5_MAC_LEN], A_SHA1[SHA1_MAC_LEN];
+ u8 P_MD5[MD5_MAC_LEN], P_SHA1[SHA1_MAC_LEN];
+ int MD5_pos, SHA1_pos;
+ const u8 *MD5_addr[3];
+ size_t MD5_len[3];
+ const unsigned char *SHA1_addr[3];
+ size_t SHA1_len[3];
+
+ if (secret_len & 1)
+ return -1;
+
+ MD5_addr[0] = A_MD5;
+ MD5_len[0] = MD5_MAC_LEN;
+ MD5_addr[1] = (unsigned char *) label;
+ MD5_len[1] = os_strlen(label);
+ MD5_addr[2] = seed;
+ MD5_len[2] = seed_len;
+
+ SHA1_addr[0] = A_SHA1;
+ SHA1_len[0] = SHA1_MAC_LEN;
+ SHA1_addr[1] = (unsigned char *) label;
+ SHA1_len[1] = os_strlen(label);
+ SHA1_addr[2] = seed;
+ SHA1_len[2] = seed_len;
+
+ /* RFC 2246, Chapter 5
+ * A(0) = seed, A(i) = HMAC(secret, A(i-1))
+ * P_hash = HMAC(secret, A(1) + seed) + HMAC(secret, A(2) + seed) + ..
+ * PRF = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)
+ */
+
+ L_S1 = L_S2 = (secret_len + 1) / 2;
+ S1 = secret;
+ S2 = secret + L_S1;
+
+ hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5);
+ hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1);
+
+ MD5_pos = MD5_MAC_LEN;
+ SHA1_pos = SHA1_MAC_LEN;
+ for (i = 0; i < outlen; i++) {
+ if (MD5_pos == MD5_MAC_LEN) {
+ hmac_md5_vector(S1, L_S1, 3, MD5_addr, MD5_len, P_MD5);
+ MD5_pos = 0;
+ hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5);
+ }
+ if (SHA1_pos == SHA1_MAC_LEN) {
+ hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len,
+ P_SHA1);
+ SHA1_pos = 0;
+ hmac_sha1(S2, L_S2, A_SHA1, SHA1_MAC_LEN, A_SHA1);
+ }
+
+ out[i] = P_MD5[MD5_pos] ^ P_SHA1[SHA1_pos];
+
+ MD5_pos++;
+ SHA1_pos++;
+ }
+
+ return 0;
+}
+
+
+static void pbkdf2_sha1_f(const char *passphrase, const char *ssid,
+ size_t ssid_len, int iterations, unsigned int count,
+ u8 *digest)
+{
+ unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN];
+ int i, j;
+ unsigned char count_buf[4];
+ const u8 *addr[2];
+ size_t len[2];
+ size_t passphrase_len = os_strlen(passphrase);
+
+ addr[0] = (u8 *) ssid;
+ len[0] = ssid_len;
+ addr[1] = count_buf;
+ len[1] = 4;
+
+ /* F(P, S, c, i) = U1 xor U2 xor ... Uc
+ * U1 = PRF(P, S || i)
+ * U2 = PRF(P, U1)
+ * Uc = PRF(P, Uc-1)
+ */
+
+ count_buf[0] = (count >> 24) & 0xff;
+ count_buf[1] = (count >> 16) & 0xff;
+ count_buf[2] = (count >> 8) & 0xff;
+ count_buf[3] = count & 0xff;
+ hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, tmp);
+ os_memcpy(digest, tmp, SHA1_MAC_LEN);
+
+ for (i = 1; i < iterations; i++) {
+ hmac_sha1((u8 *) passphrase, passphrase_len, tmp, SHA1_MAC_LEN,
+ tmp2);
+ os_memcpy(tmp, tmp2, SHA1_MAC_LEN);
+ for (j = 0; j < SHA1_MAC_LEN; j++)
+ digest[j] ^= tmp2[j];
+ }
+}
+
+
+/**
+ * pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i
+ * @passphrase: ASCII passphrase
+ * @ssid: SSID
+ * @ssid_len: SSID length in bytes
+ * @interations: Number of iterations to run
+ * @buf: Buffer for the generated key
+ * @buflen: Length of the buffer in bytes
+ *
+ * This function is used to derive PSK for WPA-PSK. For this protocol,
+ * iterations is set to 4096 and buflen to 32. This function is described in
+ * IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0.
+ */
+void pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
+ int iterations, u8 *buf, size_t buflen)
+{
+ unsigned int count = 0;
+ unsigned char *pos = buf;
+ size_t left = buflen, plen;
+ unsigned char digest[SHA1_MAC_LEN];
+
+ while (left > 0) {
+ count++;
+ pbkdf2_sha1_f(passphrase, ssid, ssid_len, iterations, count,
+ digest);
+ plen = left > SHA1_MAC_LEN ? SHA1_MAC_LEN : left;
+ os_memcpy(pos, digest, plen);
+ pos += plen;
+ left -= plen;
+ }
+}
+
+
+#ifdef INTERNAL_SHA1
+
+struct SHA1Context {
+ u32 state[5];
+ u32 count[2];
+ unsigned char buffer[64];
+};
+
+typedef struct SHA1Context SHA1_CTX;
+
+#ifndef CONFIG_CRYPTO_INTERNAL
+static void SHA1Init(struct SHA1Context *context);
+static void SHA1Update(struct SHA1Context *context, const void *data, u32 len);
+static void SHA1Final(unsigned char digest[20], struct SHA1Context *context);
+#endif /* CONFIG_CRYPTO_INTERNAL */
+static void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
+
+
+/**
+ * sha1_vector - SHA-1 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ SHA1_CTX ctx;
+ size_t i;
+
+ SHA1Init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ SHA1Update(&ctx, addr[i], len[i]);
+ SHA1Final(mac, &ctx);
+}
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ u8 xkey[64];
+ u32 t[5], _t[5];
+ int i, j, m, k;
+ u8 *xpos = x;
+ u32 carry;
+
+ if (seed_len > sizeof(xkey))
+ seed_len = sizeof(xkey);
+
+ /* FIPS 186-2 + change notice 1 */
+
+ os_memcpy(xkey, seed, seed_len);
+ os_memset(xkey + seed_len, 0, 64 - seed_len);
+ t[0] = 0x67452301;
+ t[1] = 0xEFCDAB89;
+ t[2] = 0x98BADCFE;
+ t[3] = 0x10325476;
+ t[4] = 0xC3D2E1F0;
+
+ m = xlen / 40;
+ for (j = 0; j < m; j++) {
+ /* XSEED_j = 0 */
+ for (i = 0; i < 2; i++) {
+ /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+ /* w_i = G(t, XVAL) */
+ os_memcpy(_t, t, 20);
+ SHA1Transform(_t, xkey);
+ _t[0] = host_to_be32(_t[0]);
+ _t[1] = host_to_be32(_t[1]);
+ _t[2] = host_to_be32(_t[2]);
+ _t[3] = host_to_be32(_t[3]);
+ _t[4] = host_to_be32(_t[4]);
+ os_memcpy(xpos, _t, 20);
+
+ /* XKEY = (1 + XKEY + w_i) mod 2^b */
+ carry = 1;
+ for (k = 19; k >= 0; k--) {
+ carry += xkey[k] + xpos[k];
+ xkey[k] = carry & 0xff;
+ carry >>= 8;
+ }
+
+ xpos += SHA1_MAC_LEN;
+ }
+ /* x_j = w_0|w_1 */
+ }
+
+ return 0;
+}
+
+
+/* ===== start - public domain SHA1 implementation ===== */
+
+/*
+SHA-1 in C
+By Steve Reid <sreid@sea-to-sky.net>
+100% Public Domain
+
+-----------------
+Modified 7/98
+By James H. Brown <jbrown@burgoyne.com>
+Still 100% Public Domain
+
+Corrected a problem which generated improper hash values on 16 bit machines
+Routine SHA1Update changed from
+ void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
+len)
+to
+ void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
+long len)
+
+The 'len' parameter was declared an int which works fine on 32 bit machines.
+However, on 16 bit machines an int is too small for the shifts being done
+against
+it. This caused the hash function to generate incorrect values if len was
+greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
+
+Since the file IO in main() reads 16K at a time, any file 8K or larger would
+be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
+"a"s).
+
+I also changed the declaration of variables i & j in SHA1Update to
+unsigned long from unsigned int for the same reason.
+
+These changes should make no difference to any 32 bit implementations since
+an
+int and a long are the same size in those environments.
+
+--
+I also corrected a few compiler warnings generated by Borland C.
+1. Added #include <process.h> for exit() prototype
+2. Removed unused variable 'j' in SHA1Final
+3. Changed exit(0) to return(0) at end of main.
+
+ALL changes I made can be located by searching for comments containing 'JHB'
+-----------------
+Modified 8/98
+By Steve Reid <sreid@sea-to-sky.net>
+Still 100% public domain
+
+1- Removed #include <process.h> and used return() instead of exit()
+2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
+3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
+
+-----------------
+Modified 4/01
+By Saul Kravitz <Saul.Kravitz@celera.com>
+Still 100% PD
+Modified to run on Compaq Alpha hardware.
+
+-----------------
+Modified 4/01
+By Jouni Malinen <j@w1.fi>
+Minor changes to match the coding style used in Dynamics.
+
+Modified September 24, 2004
+By Jouni Malinen <j@w1.fi>
+Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined.
+
+*/
+
+/*
+Test Vectors (from FIPS PUB 180-1)
+"abc"
+ A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+A million repetitions of "a"
+ 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+*/
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#ifndef WORDS_BIGENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \
+ (rol(block->l[i], 8) & 0x00FF00FF))
+#else
+#define blk0(i) block->l[i]
+#endif
+#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \
+ block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) \
+ z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R1(v,w,x,y,z,i) \
+ z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R2(v,w,x,y,z,i) \
+ z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
+#define R3(v,w,x,y,z,i) \
+ z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
+ w = rol(w, 30);
+#define R4(v,w,x,y,z,i) \
+ z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
+ w=rol(w, 30);
+
+
+#ifdef VERBOSE /* SAK */
+void SHAPrintContext(SHA1_CTX *context, char *msg)
+{
+ printf("%s (%d,%d) %x %x %x %x %x\n",
+ msg,
+ context->count[0], context->count[1],
+ context->state[0],
+ context->state[1],
+ context->state[2],
+ context->state[3],
+ context->state[4]);
+}
+#endif
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+static void SHA1Transform(u32 state[5], const unsigned char buffer[64])
+{
+ u32 a, b, c, d, e;
+ typedef union {
+ unsigned char c[64];
+ u32 l[16];
+ } CHAR64LONG16;
+ CHAR64LONG16* block;
+#ifdef SHA1HANDSOFF
+ u32 workspace[16];
+ block = (CHAR64LONG16 *) workspace;
+ os_memcpy(block, buffer, 64);
+#else
+ block = (CHAR64LONG16 *) buffer;
+#endif
+ /* Copy context->state[] to working vars */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ /* 4 rounds of 20 operations each. Loop unrolled. */
+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+ /* Add the working vars back into context.state[] */
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ /* Wipe variables */
+ a = b = c = d = e = 0;
+#ifdef SHA1HANDSOFF
+ os_memset(block, 0, 64);
+#endif
+}
+
+
+/* SHA1Init - Initialize new context */
+
+void SHA1Init(SHA1_CTX* context)
+{
+ /* SHA1 initialization constants */
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xEFCDAB89;
+ context->state[2] = 0x98BADCFE;
+ context->state[3] = 0x10325476;
+ context->state[4] = 0xC3D2E1F0;
+ context->count[0] = context->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+
+void SHA1Update(SHA1_CTX* context, const void *_data, u32 len)
+{
+ u32 i, j;
+ const unsigned char *data = _data;
+
+#ifdef VERBOSE
+ SHAPrintContext(context, "before");
+#endif
+ j = (context->count[0] >> 3) & 63;
+ if ((context->count[0] += len << 3) < (len << 3))
+ context->count[1]++;
+ context->count[1] += (len >> 29);
+ if ((j + len) > 63) {
+ os_memcpy(&context->buffer[j], data, (i = 64-j));
+ SHA1Transform(context->state, context->buffer);
+ for ( ; i + 63 < len; i += 64) {
+ SHA1Transform(context->state, &data[i]);
+ }
+ j = 0;
+ }
+ else i = 0;
+ os_memcpy(&context->buffer[j], &data[i], len - i);
+#ifdef VERBOSE
+ SHAPrintContext(context, "after ");
+#endif
+}
+
+
+/* Add padding and return the message digest. */
+
+void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
+{
+ u32 i;
+ unsigned char finalcount[8];
+
+ for (i = 0; i < 8; i++) {
+ finalcount[i] = (unsigned char)
+ ((context->count[(i >= 4 ? 0 : 1)] >>
+ ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
+ }
+ SHA1Update(context, (unsigned char *) "\200", 1);
+ while ((context->count[0] & 504) != 448) {
+ SHA1Update(context, (unsigned char *) "\0", 1);
+ }
+ SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform()
+ */
+ for (i = 0; i < 20; i++) {
+ digest[i] = (unsigned char)
+ ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) &
+ 255);
+ }
+ /* Wipe variables */
+ i = 0;
+ os_memset(context->buffer, 0, 64);
+ os_memset(context->state, 0, 20);
+ os_memset(context->count, 0, 8);
+ os_memset(finalcount, 0, 8);
+}
+
+/* ===== end - public domain SHA1 implementation ===== */
+
+#endif /* INTERNAL_SHA1 */
--- /dev/null
+/*
+ * SHA1 hash implementation and interface functions
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef SHA1_H
+#define SHA1_H
+
+#define SHA1_MAC_LEN 20
+
+void hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
+void hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac);
+void sha1_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
+void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len);
+int tls_prf(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen);
+void pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
+ int iterations, u8 *buf, size_t buflen);
+
+#ifdef CONFIG_CRYPTO_INTERNAL
+struct SHA1Context;
+
+void SHA1Init(struct SHA1Context *context);
+void SHA1Update(struct SHA1Context *context, const void *data, u32 len);
+void SHA1Final(unsigned char digest[20], struct SHA1Context *context);
+#endif /* CONFIG_CRYPTO_INTERNAL */
+
+#endif /* SHA1_H */
--- /dev/null
+/*
+ * SHA-256 hash implementation and interface functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha256.h"
+#include "crypto.h"
+
+
+/**
+ * hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash (32 bytes)
+ */
+void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
+ unsigned char tk[32];
+ const u8 *_addr[6];
+ size_t _len[6], i;
+
+ if (num_elem > 5) {
+ /*
+ * Fixed limit on the number of fragments to avoid having to
+ * allocate memory (which could fail).
+ */
+ return;
+ }
+
+ /* if key is longer than 64 bytes reset it to key = SHA256(key) */
+ if (key_len > 64) {
+ sha256_vector(1, &key, &key_len, tk);
+ key = tk;
+ key_len = 32;
+ }
+
+ /* the HMAC_SHA256 transform looks like:
+ *
+ * SHA256(K XOR opad, SHA256(K XOR ipad, text))
+ *
+ * where K is an n byte key
+ * ipad is the byte 0x36 repeated 64 times
+ * opad is the byte 0x5c repeated 64 times
+ * and text is the data being protected */
+
+ /* start out by storing key in ipad */
+ memset(k_pad, 0, sizeof(k_pad));
+ memcpy(k_pad, key, key_len);
+ /* XOR key with ipad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x36;
+
+ /* perform inner SHA256 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ for (i = 0; i < num_elem; i++) {
+ _addr[i + 1] = addr[i];
+ _len[i + 1] = len[i];
+ }
+ sha256_vector(1 + num_elem, _addr, _len, mac);
+
+ memset(k_pad, 0, sizeof(k_pad));
+ memcpy(k_pad, key, key_len);
+ /* XOR key with opad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x5c;
+
+ /* perform outer SHA256 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ _addr[1] = mac;
+ _len[1] = SHA256_MAC_LEN;
+ sha256_vector(2, _addr, _len, mac);
+}
+
+
+/**
+ * hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @data: Pointers to the data area
+ * @data_len: Length of the data area
+ * @mac: Buffer for the hash (20 bytes)
+ */
+void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
+ size_t data_len, u8 *mac)
+{
+ hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+/**
+ * sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5A.3)
+ * @key: Key for PRF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @data: Extra data to bind into the key
+ * @data_len: Length of the data
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key.
+ */
+void sha256_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
+{
+ u16 counter = 0;
+ size_t pos, plen;
+ u8 hash[SHA256_MAC_LEN];
+ const u8 *addr[3];
+ size_t len[3];
+ u8 counter_le[2];
+
+ addr[0] = counter_le;
+ len[0] = 2;
+ addr[1] = (u8 *) label;
+ len[1] = strlen(label) + 1;
+ addr[2] = data;
+ len[2] = data_len;
+
+ pos = 0;
+ while (pos < buf_len) {
+ plen = buf_len - pos;
+ WPA_PUT_LE16(counter_le, counter);
+ if (plen >= SHA256_MAC_LEN) {
+ hmac_sha256_vector(key, key_len, 3, addr, len,
+ &buf[pos]);
+ pos += SHA256_MAC_LEN;
+ } else {
+ hmac_sha256_vector(key, key_len, 3, addr, len, hash);
+ memcpy(&buf[pos], hash, plen);
+ break;
+ }
+ counter++;
+ }
+}
+
+
+#ifdef INTERNAL_SHA256
+
+struct sha256_state {
+ u64 length;
+ u32 state[8], curlen;
+ u8 buf[64];
+};
+
+static void sha256_init(struct sha256_state *md);
+static int sha256_process(struct sha256_state *md, const unsigned char *in,
+ unsigned long inlen);
+static int sha256_done(struct sha256_state *md, unsigned char *out);
+
+
+/**
+ * sha256_vector - SHA256 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ struct sha256_state ctx;
+ size_t i;
+
+ sha256_init(&ctx);
+ for (i = 0; i < num_elem; i++)
+ sha256_process(&ctx, addr[i], len[i]);
+ sha256_done(&ctx, mac);
+}
+
+
+/* ===== start - public domain SHA256 implementation ===== */
+
+/* This is based on SHA256 implementation in LibTomCrypt that was released into
+ * public domain by Tom St Denis. */
+
+/* the K array */
+static const unsigned long K[64] = {
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+
+/* Various logical functions */
+#define RORc(x, y) \
+( ((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \
+ ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
+#define Ch(x,y,z) (z ^ (x & (y ^ z)))
+#define Maj(x,y,z) (((x | y) & z) | (x & y))
+#define S(x, n) RORc((x), (n))
+#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
+#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
+#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
+#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
+#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+#ifndef MIN
+#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+#endif
+
+/* compress 512-bits */
+static int sha256_compress(struct sha256_state *md, unsigned char *buf)
+{
+ u32 S[8], W[64], t0, t1;
+ u32 t;
+ int i;
+
+ /* copy state into S */
+ for (i = 0; i < 8; i++) {
+ S[i] = md->state[i];
+ }
+
+ /* copy the state into 512-bits into W[0..15] */
+ for (i = 0; i < 16; i++)
+ W[i] = WPA_GET_BE32(buf + (4 * i));
+
+ /* fill W[16..63] */
+ for (i = 16; i < 64; i++) {
+ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) +
+ W[i - 16];
+ }
+
+ /* Compress */
+#define RND(a,b,c,d,e,f,g,h,i) \
+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
+ t1 = Sigma0(a) + Maj(a, b, c); \
+ d += t0; \
+ h = t0 + t1;
+
+ for (i = 0; i < 64; ++i) {
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i);
+ t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];
+ S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t;
+ }
+
+ /* feedback */
+ for (i = 0; i < 8; i++) {
+ md->state[i] = md->state[i] + S[i];
+ }
+ return 0;
+}
+
+
+/* Initialize the hash state */
+static void sha256_init(struct sha256_state *md)
+{
+ md->curlen = 0;
+ md->length = 0;
+ md->state[0] = 0x6A09E667UL;
+ md->state[1] = 0xBB67AE85UL;
+ md->state[2] = 0x3C6EF372UL;
+ md->state[3] = 0xA54FF53AUL;
+ md->state[4] = 0x510E527FUL;
+ md->state[5] = 0x9B05688CUL;
+ md->state[6] = 0x1F83D9ABUL;
+ md->state[7] = 0x5BE0CD19UL;
+}
+
+/**
+ Process a block of memory though the hash
+ @param md The hash state
+ @param in The data to hash
+ @param inlen The length of the data (octets)
+ @return CRYPT_OK if successful
+*/
+static int sha256_process(struct sha256_state *md, const unsigned char *in,
+ unsigned long inlen)
+{
+ unsigned long n;
+#define block_size 64
+
+ if (md->curlen > sizeof(md->buf))
+ return -1;
+
+ while (inlen > 0) {
+ if (md->curlen == 0 && inlen >= block_size) {
+ if (sha256_compress(md, (unsigned char *) in) < 0)
+ return -1;
+ md->length += block_size * 8;
+ in += block_size;
+ inlen -= block_size;
+ } else {
+ n = MIN(inlen, (block_size - md->curlen));
+ memcpy(md->buf + md->curlen, in, n);
+ md->curlen += n;
+ in += n;
+ inlen -= n;
+ if (md->curlen == block_size) {
+ if (sha256_compress(md, md->buf) < 0)
+ return -1;
+ md->length += 8 * block_size;
+ md->curlen = 0;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ Terminate the hash to get the digest
+ @param md The hash state
+ @param out [out] The destination of the hash (32 bytes)
+ @return CRYPT_OK if successful
+*/
+static int sha256_done(struct sha256_state *md, unsigned char *out)
+{
+ int i;
+
+ if (md->curlen >= sizeof(md->buf))
+ return -1;
+
+ /* increase the length of the message */
+ md->length += md->curlen * 8;
+
+ /* append the '1' bit */
+ md->buf[md->curlen++] = (unsigned char) 0x80;
+
+ /* if the length is currently above 56 bytes we append zeros
+ * then compress. Then we can fall back to padding zeros and length
+ * encoding like normal.
+ */
+ if (md->curlen > 56) {
+ while (md->curlen < 64) {
+ md->buf[md->curlen++] = (unsigned char) 0;
+ }
+ sha256_compress(md, md->buf);
+ md->curlen = 0;
+ }
+
+ /* pad upto 56 bytes of zeroes */
+ while (md->curlen < 56) {
+ md->buf[md->curlen++] = (unsigned char) 0;
+ }
+
+ /* store length */
+ WPA_PUT_BE64(md->buf + 56, md->length);
+ sha256_compress(md, md->buf);
+
+ /* copy output */
+ for (i = 0; i < 8; i++)
+ WPA_PUT_BE32(out + (4 * i), md->state[i]);
+
+ return 0;
+}
+
+/* ===== end - public domain SHA256 implementation ===== */
+
+#endif /* INTERNAL_SHA256 */
--- /dev/null
+/*
+ * SHA256 hash implementation and interface functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef SHA256_H
+#define SHA256_H
+
+#define SHA256_MAC_LEN 32
+
+void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
+void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
+ size_t data_len, u8 *mac);
+void sha256_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
+
+#endif /* SHA256_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd - State machine definitions
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file includes a set of pre-processor macros that can be used to
+ * implement a state machine. In addition to including this header file, each
+ * file implementing a state machine must define STATE_MACHINE_DATA to be the
+ * data structure including state variables (enum <machine>_state,
+ * Boolean changed), and STATE_MACHINE_DEBUG_PREFIX to be a string that is used
+ * as a prefix for all debug messages. If SM_ENTRY_MA macro is used to define
+ * a group of state machines with shared data structure, STATE_MACHINE_ADDR
+ * needs to be defined to point to the MAC address used in debug output.
+ * SM_ENTRY_M macro can be used to define similar group of state machines
+ * without this additional debug info.
+ */
+
+#ifndef STATE_MACHINE_H
+#define STATE_MACHINE_H
+
+/**
+ * SM_STATE - Declaration of a state machine function
+ * @machine: State machine name
+ * @state: State machine state
+ *
+ * This macro is used to declare a state machine function. It is used in place
+ * of a C function definition to declare functions to be run when the state is
+ * entered by calling SM_ENTER or SM_ENTER_GLOBAL.
+ */
+#define SM_STATE(machine, state) \
+static void sm_ ## machine ## _ ## state ## _Enter(STATE_MACHINE_DATA *sm, \
+ int global)
+
+/**
+ * SM_ENTRY - State machine function entry point
+ * @machine: State machine name
+ * @state: State machine state
+ *
+ * This macro is used inside each state machine function declared with
+ * SM_STATE. SM_ENTRY should be in the beginning of the function body, but
+ * after declaration of possible local variables. This macro prints debug
+ * information about state transition and update the state machine state.
+ */
+#define SM_ENTRY(machine, state) \
+if (!global || sm->machine ## _state != machine ## _ ## state) { \
+ sm->changed = TRUE; \
+ wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " #machine \
+ " entering state " #state); \
+} \
+sm->machine ## _state = machine ## _ ## state;
+
+/**
+ * SM_ENTRY_M - State machine function entry point for state machine group
+ * @machine: State machine name
+ * @_state: State machine state
+ * @data: State variable prefix (full variable: <prefix>_state)
+ *
+ * This macro is like SM_ENTRY, but for state machine groups that use a shared
+ * data structure for more than one state machine. Both machine and prefix
+ * parameters are set to "sub-state machine" name. prefix is used to allow more
+ * than one state variable to be stored in the same data structure.
+ */
+#define SM_ENTRY_M(machine, _state, data) \
+if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \
+ sm->changed = TRUE; \
+ wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " \
+ #machine " entering state " #_state); \
+} \
+sm->data ## _ ## state = machine ## _ ## _state;
+
+/**
+ * SM_ENTRY_MA - State machine function entry point for state machine group
+ * @machine: State machine name
+ * @_state: State machine state
+ * @data: State variable prefix (full variable: <prefix>_state)
+ *
+ * This macro is like SM_ENTRY_M, but a MAC address is included in debug
+ * output. STATE_MACHINE_ADDR has to be defined to point to the MAC address to
+ * be included in debug.
+ */
+#define SM_ENTRY_MA(machine, _state, data) \
+if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \
+ sm->changed = TRUE; \
+ wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " MACSTR " " \
+ #machine " entering state " #_state, \
+ MAC2STR(STATE_MACHINE_ADDR)); \
+} \
+sm->data ## _ ## state = machine ## _ ## _state;
+
+/**
+ * SM_ENTER - Enter a new state machine state
+ * @machine: State machine name
+ * @state: State machine state
+ *
+ * This macro expands to a function call to a state machine function defined
+ * with SM_STATE macro. SM_ENTER is used in a state machine step function to
+ * move the state machine to a new state.
+ */
+#define SM_ENTER(machine, state) \
+sm_ ## machine ## _ ## state ## _Enter(sm, 0)
+
+/**
+ * SM_ENTER_GLOBAL - Enter a new state machine state based on global rule
+ * @machine: State machine name
+ * @state: State machine state
+ *
+ * This macro is like SM_ENTER, but this is used when entering a new state
+ * based on a global (not specific to any particular state) rule. A separate
+ * macro is used to avoid unwanted debug message floods when the same global
+ * rule is forcing a state machine to remain in on state.
+ */
+#define SM_ENTER_GLOBAL(machine, state) \
+sm_ ## machine ## _ ## state ## _Enter(sm, 1)
+
+/**
+ * SM_STEP - Declaration of a state machine step function
+ * @machine: State machine name
+ *
+ * This macro is used to declare a state machine step function. It is used in
+ * place of a C function definition to declare a function that is used to move
+ * state machine to a new state based on state variables. This function uses
+ * SM_ENTER and SM_ENTER_GLOBAL macros to enter new state.
+ */
+#define SM_STEP(machine) \
+static void sm_ ## machine ## _Step(STATE_MACHINE_DATA *sm)
+
+/**
+ * SM_STEP_RUN - Call the state machine step function
+ * @machine: State machine name
+ *
+ * This macro expands to a function call to a state machine step function
+ * defined with SM_STEP macro.
+ */
+#define SM_STEP_RUN(machine) sm_ ## machine ## _Step(sm)
+
+#endif /* STATE_MACHINE_H */
--- /dev/null
+/*
+ * Test program for AES
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+#include "aes_wrap.h"
+
+#define BLOCK_SIZE 16
+
+static void test_aes_perf(void)
+{
+#if 0 /* this did not seem to work with new compiler?! */
+#ifdef __i386__
+#define rdtscll(val) \
+ __asm__ __volatile__("rdtsc" : "=A" (val))
+ const int num_iters = 10;
+ int i;
+ unsigned int start, end;
+ u8 key[16], pt[16], ct[16];
+ void *ctx;
+
+ printf("keySetupEnc:");
+ for (i = 0; i < num_iters; i++) {
+ rdtscll(start);
+ ctx = aes_encrypt_init(key, 16);
+ rdtscll(end);
+ aes_encrypt_deinit(ctx);
+ printf(" %d", end - start);
+ }
+ printf("\n");
+
+ printf("Encrypt:");
+ ctx = aes_encrypt_init(key, 16);
+ for (i = 0; i < num_iters; i++) {
+ rdtscll(start);
+ aes_encrypt(ctx, pt, ct);
+ rdtscll(end);
+ printf(" %d", end - start);
+ }
+ aes_encrypt_deinit(ctx);
+ printf("\n");
+#endif /* __i386__ */
+#endif
+}
+
+
+static int test_eax(void)
+{
+ u8 msg[] = { 0xF7, 0xFB };
+ u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
+ 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
+ u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
+ 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
+ u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
+ u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
+ 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
+ 0x67, 0xE5 };
+ u8 data[sizeof(msg)], tag[BLOCK_SIZE];
+
+ memcpy(data, msg, sizeof(msg));
+ if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), tag)) {
+ printf("AES-128 EAX mode encryption failed\n");
+ return 1;
+ }
+ if (memcmp(data, cipher, sizeof(data)) != 0) {
+ printf("AES-128 EAX mode encryption returned invalid cipher "
+ "text\n");
+ return 1;
+ }
+ if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
+ printf("AES-128 EAX mode encryption returned invalid tag\n");
+ return 1;
+ }
+
+ if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), tag)) {
+ printf("AES-128 EAX mode decryption failed\n");
+ return 1;
+ }
+ if (memcmp(data, msg, sizeof(data)) != 0) {
+ printf("AES-128 EAX mode decryption returned invalid plain "
+ "text\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+
+static int test_cbc(void)
+{
+ struct cbc_test_vector {
+ u8 key[16];
+ u8 iv[16];
+ u8 plain[32];
+ u8 cipher[32];
+ size_t len;
+ } vectors[] = {
+ {
+ { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
+ 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
+ { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
+ 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
+ "Single block msg",
+ { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
+ 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
+ 16
+ },
+ {
+ { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
+ 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
+ { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
+ 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+ { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
+ 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
+ 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
+ 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
+ 32
+ }
+ };
+ int ret = 0;
+ u8 *buf;
+ unsigned int i;
+
+ for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
+ struct cbc_test_vector *tv = &vectors[i];
+ buf = malloc(tv->len);
+ if (buf == NULL) {
+ ret++;
+ break;
+ }
+ memcpy(buf, tv->plain, tv->len);
+ aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
+ if (memcmp(buf, tv->cipher, tv->len) != 0) {
+ printf("AES-CBC encrypt %d failed\n", i);
+ ret++;
+ }
+ memcpy(buf, tv->cipher, tv->len);
+ aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
+ if (memcmp(buf, tv->plain, tv->len) != 0) {
+ printf("AES-CBC decrypt %d failed\n", i);
+ ret++;
+ }
+ free(buf);
+ }
+
+ return ret;
+}
+
+
+/* OMAC1 AES-128 test vectors from
+ * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
+ */
+
+struct omac1_test_vector {
+ u8 k[16];
+ u8 msg[64];
+ int msg_len;
+ u8 tag[16];
+};
+
+static struct omac1_test_vector test_vectors[] =
+{
+ {
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { },
+ 0,
+ { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
+ 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
+ },
+ {
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
+ 16,
+ { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
+ 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
+ },
+ {
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
+ 40,
+ { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
+ 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
+ },
+ {
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
+ 64,
+ { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
+ 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
+ },
+};
+
+
+int main(int argc, char *argv[])
+{
+ u8 kek[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+ u8 plain[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
+ };
+ u8 crypt[] = {
+ 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+ 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+ 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
+ };
+ u8 result[24];
+ int ret = 0;
+ unsigned int i;
+ struct omac1_test_vector *tv;
+
+ if (aes_wrap(kek, 2, plain, result)) {
+ printf("AES-WRAP-128-128 reported failure\n");
+ ret++;
+ }
+ if (memcmp(result, crypt, 24) != 0) {
+ printf("AES-WRAP-128-128 failed\n");
+ ret++;
+ }
+ if (aes_unwrap(kek, 2, crypt, result)) {
+ printf("AES-UNWRAP-128-128 reported failure\n");
+ ret++;
+ }
+ if (memcmp(result, plain, 16) != 0) {
+ int i;
+ printf("AES-UNWRAP-128-128 failed\n");
+ ret++;
+ for (i = 0; i < 16; i++)
+ printf(" %02x", result[i]);
+ printf("\n");
+ }
+
+ test_aes_perf();
+
+ for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
+ tv = &test_vectors[i];
+ omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
+ if (memcmp(result, tv->tag, 16) != 0) {
+ printf("OMAC1-AES-128 test vector %d failed\n", i);
+ ret++;
+ }
+
+ if (tv->msg_len > 1) {
+ const u8 *addr[2];
+ size_t len[2];
+
+ addr[0] = tv->msg;
+ len[0] = 1;
+ addr[1] = tv->msg + 1;
+ len[1] = tv->msg_len - 1;
+
+ omac1_aes_128_vector(tv->k, 2, addr, len, result);
+ if (memcmp(result, tv->tag, 16) != 0) {
+ printf("OMAC1-AES-128(vector) test vector %d "
+ "failed\n", i);
+ ret++;
+ }
+ }
+ }
+
+ ret += test_eax();
+
+ ret += test_cbc();
+
+ if (ret)
+ printf("FAILED!\n");
+
+ return ret;
+}
--- /dev/null
+/*
+ * Test program for EAP-SIM PRF
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "eap_sim_common.c"
+
+
+static int test_eap_sim_prf(void)
+{
+ /* http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf */
+ u8 xkey[] = {
+ 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
+ 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
+ 0xeb, 0x5a, 0x38, 0xb6
+ };
+ u8 w[] = {
+ 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
+ 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
+ 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
+ 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
+ 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
+ };
+ u8 buf[40];
+
+ printf("Testing EAP-SIM PRF (FIPS 186-2 + change notice 1)\n");
+ eap_sim_prf(xkey, buf, sizeof(buf));
+ if (memcmp(w, buf, sizeof(w) != 0)) {
+ printf("eap_sim_prf failed\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+
+int main(int argc, char *argv[])
+{
+ int errors = 0;
+
+ errors += test_eap_sim_prf();
+
+ return errors;
+}
--- /dev/null
+/*
+ * Test program for MD4 (test vectors from RFC 1320)
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+
+int main(int argc, char *argv[])
+{
+ struct {
+ char *data;
+ u8 *hash;
+ } tests[] = {
+ {
+ "",
+ "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31"
+ "\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"
+ },
+ {
+ "a",
+ "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46"
+ "\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"
+ },
+ {
+ "abc",
+ "\xa4\x48\x01\x7a\xaf\x21\xd8\x52"
+ "\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"
+ },
+ {
+ "message digest",
+ "\xd9\x13\x0a\x81\x64\x54\x9f\xe8"
+ "\x18\x87\x48\x06\xe1\xc7\x01\x4b"
+ },
+ {
+ "abcdefghijklmnopqrstuvwxyz",
+ "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd"
+ "\xee\xa8\xed\x63\xdf\x41\x2d\xa9"
+ },
+ {
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ "0123456789",
+ "\x04\x3f\x85\x82\xf2\x41\xdb\x35"
+ "\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"
+ },
+ {
+ "12345678901234567890123456789012345678901234567890"
+ "123456789012345678901234567890",
+ "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19"
+ "\x9c\x3e\x7b\x16\x4f\xcc\x05\x36"
+ }
+ };
+ unsigned int i;
+ u8 hash[16];
+ const u8 *addr[2];
+ size_t len[2];
+ int errors = 0;
+
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ printf("MD4 test case %d:", i);
+
+ addr[0] = tests[i].data;
+ len[0] = strlen(tests[i].data);
+ md4_vector(1, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 16) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+
+ if (len[0]) {
+ addr[0] = tests[i].data;
+ len[0] = strlen(tests[i].data);
+ addr[1] = tests[i].data + 1;
+ len[1] = strlen(tests[i].data) - 1;
+ md4_vector(1, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 16) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+ }
+
+ printf("\n");
+ }
+
+ return errors;
+}
--- /dev/null
+/*
+ * Test program for MD5 (test vectors from RFC 1321)
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto.h"
+
+int main(int argc, char *argv[])
+{
+ struct {
+ char *data;
+ u8 *hash;
+ } tests[] = {
+ {
+ "",
+ "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+ "\xe9\x80\x09\x98\xec\xf8\x42\x7e"
+ },
+ {
+ "a",
+ "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
+ "\x31\xc3\x99\xe2\x69\x77\x26\x61"
+ },
+ {
+ "abc",
+ "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+ "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
+ },
+ {
+ "message digest",
+ "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
+ "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
+ },
+ {
+ "abcdefghijklmnopqrstuvwxyz",
+ "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
+ "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
+ },
+ {
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ "0123456789",
+ "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
+ "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
+ },
+ {
+ "12345678901234567890123456789012345678901234567890"
+ "123456789012345678901234567890",
+ "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
+ "\xac\x49\xda\x2e\x21\x07\xb6\x7a"
+ }
+ };
+ unsigned int i;
+ u8 hash[16];
+ const u8 *addr[2];
+ size_t len[2];
+ int errors = 0;
+
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ printf("MD5 test case %d:", i);
+
+ addr[0] = tests[i].data;
+ len[0] = strlen(tests[i].data);
+ md5_vector(1, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 16) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+
+ if (len[0]) {
+ addr[0] = tests[i].data;
+ len[0] = strlen(tests[i].data);
+ addr[1] = tests[i].data + 1;
+ len[1] = strlen(tests[i].data) - 1;
+ md5_vector(1, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 16) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+ }
+
+ printf("\n");
+ }
+
+ return errors;
+}
--- /dev/null
+/*
+ * Test program for ms_funcs
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "ms_funcs.c"
+
+
+int main(int argc, char *argv[])
+{
+ /* Test vector from RFC2759 example */
+ u8 *username = "User";
+ u8 *password = "clientPass";
+ u8 auth_challenge[] = {
+ 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
+ 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
+ };
+ u8 peer_challenge[] = {
+ 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
+ 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
+ };
+ u8 challenge[] = { 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26 };
+ u8 password_hash[] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+ u8 nt_response[] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ u8 password_hash_hash[] = {
+ 0x41, 0xC0, 0x0C, 0x58, 0x4B, 0xD2, 0xD9, 0x1C,
+ 0x40, 0x17, 0xA2, 0xA1, 0x2F, 0xA5, 0x9F, 0x3F
+ };
+ u8 authenticator_response[] = {
+ 0x40, 0x7A, 0x55, 0x89, 0x11, 0x5F, 0xD0, 0xD6,
+ 0x20, 0x9F, 0x51, 0x0F, 0xE9, 0xC0, 0x45, 0x66,
+ 0x93, 0x2C, 0xDA, 0x56
+ };
+ u8 master_key[] = {
+ 0xFD, 0xEC, 0xE3, 0x71, 0x7A, 0x8C, 0x83, 0x8C,
+ 0xB3, 0x88, 0xE5, 0x27, 0xAE, 0x3C, 0xDD, 0x31
+ };
+ u8 send_start_key[] = {
+ 0x8B, 0x7C, 0xDC, 0x14, 0x9B, 0x99, 0x3A, 0x1B,
+ 0xA1, 0x18, 0xCB, 0x15, 0x3F, 0x56, 0xDC, 0xCB
+ };
+ u8 buf[32];
+
+ int errors = 0;
+
+ printf("Testing ms_funcs.c\n");
+
+ challenge_hash(peer_challenge, auth_challenge,
+ username, strlen(username),
+ buf);
+ if (memcmp(challenge, buf, sizeof(challenge)) != 0) {
+ printf("challenge_hash failed\n");
+ errors++;
+ }
+
+ nt_password_hash(password, strlen(password), buf);
+ if (memcmp(password_hash, buf, sizeof(password_hash)) != 0) {
+ printf("nt_password_hash failed\n");
+ errors++;
+ }
+
+ generate_nt_response(auth_challenge, peer_challenge,
+ username, strlen(username),
+ password, strlen(password),
+ buf);
+ if (memcmp(nt_response, buf, sizeof(nt_response)) != 0) {
+ printf("generate_nt_response failed\n");
+ errors++;
+ }
+
+ hash_nt_password_hash(password_hash, buf);
+ if (memcmp(password_hash_hash, buf, sizeof(password_hash_hash)) != 0) {
+ printf("hash_nt_password_hash failed\n");
+ errors++;
+ }
+
+ generate_authenticator_response(password, strlen(password),
+ peer_challenge, auth_challenge,
+ username, strlen(username),
+ nt_response, buf);
+ if (memcmp(authenticator_response, buf, sizeof(authenticator_response))
+ != 0) {
+ printf("generate_authenticator_response failed\n");
+ errors++;
+ }
+
+ get_master_key(password_hash_hash, nt_response, buf);
+ if (memcmp(master_key, buf, sizeof(master_key)) != 0) {
+ printf("get_master_key failed\n");
+ errors++;
+ }
+
+ get_asymetric_start_key(master_key, buf, sizeof(send_start_key), 1, 1);
+ if (memcmp(send_start_key, buf, sizeof(send_start_key)) != 0) {
+ printf("get_asymetric_start_key failed\n");
+ errors++;
+ }
+
+ if (errors)
+ printf("FAILED! %d errors\n", errors);
+
+ return errors;
+}
--- /dev/null
+/*
+ * Test program for SHA1 and MD5
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "md5.h"
+#include "crypto.h"
+
+
+static int test_eap_fast(void)
+{
+ /* draft-cam-winget-eap-fast-01.txt */
+ const u8 pac_key[] = {
+ 0x0B, 0x97, 0x39, 0x0F, 0x37, 0x51, 0x78, 0x09,
+ 0x81, 0x1E, 0xFD, 0x9C, 0x6E, 0x65, 0x94, 0x2B,
+ 0x63, 0x2C, 0xE9, 0x53, 0x89, 0x38, 0x08, 0xBA,
+ 0x36, 0x0B, 0x03, 0x7C, 0xD1, 0x85, 0xE4, 0x14
+ };
+ const u8 seed[] = {
+ 0x3F, 0xFB, 0x11, 0xC4, 0x6C, 0xBF, 0xA5, 0x7A,
+ 0x54, 0x40, 0xDA, 0xE8, 0x22, 0xD3, 0x11, 0xD3,
+ 0xF7, 0x6D, 0xE4, 0x1D, 0xD9, 0x33, 0xE5, 0x93,
+ 0x70, 0x97, 0xEB, 0xA9, 0xB3, 0x66, 0xF4, 0x2A,
+ 0x00, 0x00, 0x00, 0x02, 0x6A, 0x66, 0x43, 0x2A,
+ 0x8D, 0x14, 0x43, 0x2C, 0xEC, 0x58, 0x2D, 0x2F,
+ 0xC7, 0x9C, 0x33, 0x64, 0xBA, 0x04, 0xAD, 0x3A,
+ 0x52, 0x54, 0xD6, 0xA5, 0x79, 0xAD, 0x1E, 0x00
+ };
+ const u8 master_secret[] = {
+ 0x4A, 0x1A, 0x51, 0x2C, 0x01, 0x60, 0xBC, 0x02,
+ 0x3C, 0xCF, 0xBC, 0x83, 0x3F, 0x03, 0xBC, 0x64,
+ 0x88, 0xC1, 0x31, 0x2F, 0x0B, 0xA9, 0xA2, 0x77,
+ 0x16, 0xA8, 0xD8, 0xE8, 0xBD, 0xC9, 0xD2, 0x29,
+ 0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
+ 0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
+ };
+ const u8 key_block[] = {
+ 0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
+ 0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
+ 0xDF, 0xFB, 0xC8, 0x1E, 0x9C, 0x24, 0x9C, 0x8B,
+ 0x0E, 0xC3, 0x1D, 0x72, 0xC8, 0x84, 0x9D, 0x57,
+ 0x48, 0x51, 0x2E, 0x45, 0x97, 0x6C, 0x88, 0x70,
+ 0xBE, 0x5F, 0x01, 0xD3, 0x64, 0xE7, 0x4C, 0xBB,
+ 0x11, 0x24, 0xE3, 0x49, 0xE2, 0x3B, 0xCD, 0xEF,
+ 0x7A, 0xB3, 0x05, 0x39, 0x5D, 0x64, 0x8A, 0x44,
+ 0x11, 0xB6, 0x69, 0x88, 0x34, 0x2E, 0x8E, 0x29,
+ 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
+ 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
+ 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
+ 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
+ 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
+ };
+ const u8 sks[] = {
+ 0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
+ 0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
+ 0x8F, 0x0B, 0x5E, 0x06, 0x46, 0x7A, 0x44, 0x84,
+ 0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
+ 0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
+ };
+ const u8 isk[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ const u8 imck[] = {
+ 0x16, 0x15, 0x3C, 0x3F, 0x21, 0x55, 0xEF, 0xD9,
+ 0x7F, 0x34, 0xAE, 0xC8, 0x1A, 0x4E, 0x66, 0x80,
+ 0x4C, 0xC3, 0x76, 0xF2, 0x8A, 0xA9, 0x6F, 0x96,
+ 0xC2, 0x54, 0x5F, 0x8C, 0xAB, 0x65, 0x02, 0xE1,
+ 0x18, 0x40, 0x7B, 0x56, 0xBE, 0xEA, 0xA7, 0xC5,
+ 0x76, 0x5D, 0x8F, 0x0B, 0xC5, 0x07, 0xC6, 0xB9,
+ 0x04, 0xD0, 0x69, 0x56, 0x72, 0x8B, 0x6B, 0xB8,
+ 0x15, 0xEC, 0x57, 0x7B
+ };
+ const u8 msk[] = {
+ 0x4D, 0x83, 0xA9, 0xBE, 0x6F, 0x8A, 0x74, 0xED,
+ 0x6A, 0x02, 0x66, 0x0A, 0x63, 0x4D, 0x2C, 0x33,
+ 0xC2, 0xDA, 0x60, 0x15, 0xC6, 0x37, 0x04, 0x51,
+ 0x90, 0x38, 0x63, 0xDA, 0x54, 0x3E, 0x14, 0xB9,
+ 0x27, 0x99, 0x18, 0x1E, 0x07, 0xBF, 0x0F, 0x5A,
+ 0x5E, 0x3C, 0x32, 0x93, 0x80, 0x8C, 0x6C, 0x49,
+ 0x67, 0xED, 0x24, 0xFE, 0x45, 0x40, 0xA0, 0x59,
+ 0x5E, 0x37, 0xC2, 0xE9, 0xD0, 0x5D, 0x0A, 0xE3
+ };
+ u8 tlv[] = {
+ 0x80, 0x0C, 0x00, 0x38, 0x00, 0x01, 0x01, 0x00,
+ 0xD8, 0x6A, 0x8C, 0x68, 0x3C, 0x32, 0x31, 0xA8,
+ 0x56, 0x63, 0xB6, 0x40, 0x21, 0xFE, 0x21, 0x14,
+ 0x4E, 0xE7, 0x54, 0x20, 0x79, 0x2D, 0x42, 0x62,
+ 0xC9, 0xBF, 0x53, 0x7F, 0x54, 0xFD, 0xAC, 0x58,
+ 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
+ 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
+ 0x05, 0xC5, 0x5B, 0xB7
+ };
+ const u8 compound_mac[] = {
+ 0x43, 0x24, 0x6E, 0x30, 0x92, 0x17, 0x6D, 0xCF,
+ 0xE6, 0xE0, 0x69, 0xEB, 0x33, 0x61, 0x6A, 0xCC,
+ 0x05, 0xC5, 0x5B, 0xB7
+ };
+ u8 buf[512];
+ const u8 *simck, *cmk;
+ int errors = 0;
+
+ printf("EAP-FAST test cases\n");
+
+ printf("- T-PRF (SHA1) test case / master_secret\n");
+ sha1_t_prf(pac_key, sizeof(pac_key), "PAC to master secret label hash",
+ seed, sizeof(seed), buf, sizeof(master_secret));
+ if (memcmp(master_secret, buf, sizeof(master_secret)) != 0) {
+ printf("T-PRF test - FAILED!\n");
+ errors++;
+ }
+
+ printf("- PRF (TLS, SHA1/MD5) test case / key_block\n");
+ tls_prf(master_secret, sizeof(master_secret), "key expansion",
+ seed, sizeof(seed), buf, sizeof(key_block));
+ if (memcmp(key_block, buf, sizeof(key_block)) != 0) {
+ printf("PRF test - FAILED!\n");
+ errors++;
+ }
+
+ printf("- T-PRF (SHA1) test case / IMCK\n");
+ sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
+ isk, sizeof(isk), buf, sizeof(imck));
+ if (memcmp(imck, buf, sizeof(imck)) != 0) {
+ printf("T-PRF test - FAILED!\n");
+ errors++;
+ }
+
+ simck = imck;
+ cmk = imck + 40;
+
+ printf("- T-PRF (SHA1) test case / MSK\n");
+ sha1_t_prf(simck, 40, "Session Key Generating Function",
+ (u8 *) "", 0, buf, sizeof(msk));
+ if (memcmp(msk, buf, sizeof(msk)) != 0) {
+ printf("T-PRF test - FAILED!\n");
+ errors++;
+ }
+
+ printf("- Compound MAC test case\n");
+ memset(tlv + sizeof(tlv) - 20, 0, 20);
+ hmac_sha1(cmk, 20, tlv, sizeof(tlv), tlv + sizeof(tlv) - 20);
+ if (memcmp(tlv + sizeof(tlv) - 20, compound_mac, sizeof(compound_mac))
+ != 0) {
+ printf("Compound MAC test - FAILED!\n");
+ errors++;
+ }
+
+ return errors;
+}
+
+
+static u8 key0[] =
+{
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+};
+static u8 data0[] = "Hi There";
+static u8 prf0[] =
+{
+ 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
+ 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
+ 0xb8, 0x62, 0x17, 0x5e, 0xd9, 0xf0, 0x06, 0x06,
+ 0xe1, 0x7d, 0x8d, 0xa3, 0x54, 0x02, 0xff, 0xee,
+ 0x75, 0xdf, 0x78, 0xc3, 0xd3, 0x1e, 0x0f, 0x88,
+ 0x9f, 0x01, 0x21, 0x20, 0xc0, 0x86, 0x2b, 0xeb,
+ 0x67, 0x75, 0x3e, 0x74, 0x39, 0xae, 0x24, 0x2e,
+ 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
+};
+
+static u8 key1[] = "Jefe";
+static u8 data1[] = "what do ya want for nothing?";
+static u8 prf1[] =
+{
+ 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
+ 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
+ 0xfe, 0x63, 0x14, 0x46, 0xfa, 0xbd, 0xfa, 0x58,
+ 0x24, 0x47, 0x59, 0xae, 0x58, 0xef, 0x90, 0x09,
+ 0xa9, 0x9a, 0xbf, 0x4e, 0xac, 0x2c, 0xa5, 0xfa,
+ 0x87, 0xe6, 0x92, 0xc4, 0x40, 0xeb, 0x40, 0x02,
+ 0x3e, 0x7b, 0xab, 0xb2, 0x06, 0xd6, 0x1d, 0xe7,
+ 0xb9, 0x2f, 0x41, 0x52, 0x90, 0x92, 0xb8, 0xfc
+};
+
+
+static u8 key2[] =
+{
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa
+};
+static u8 data2[] =
+{
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd
+};
+static u8 prf2[] =
+{
+ 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
+ 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
+ 0x7a, 0x02, 0x52, 0xca, 0x5d, 0x8d, 0x8d, 0xf1,
+ 0x2c, 0xfb, 0x04, 0x73, 0x52, 0x52, 0x49, 0xce,
+ 0x9d, 0xd8, 0xd1, 0x77, 0xea, 0xd7, 0x10, 0xbc,
+ 0x9b, 0x59, 0x05, 0x47, 0x23, 0x91, 0x07, 0xae,
+ 0xf7, 0xb4, 0xab, 0xd4, 0x3d, 0x87, 0xf0, 0xa6,
+ 0x8f, 0x1c, 0xbd, 0x9e, 0x2b, 0x6f, 0x76, 0x07
+};
+
+
+struct passphrase_test {
+ char *passphrase;
+ char *ssid;
+ char psk[32];
+};
+
+static struct passphrase_test passphrase_tests[] =
+{
+ {
+ "password",
+ "IEEE",
+ {
+ 0xf4, 0x2c, 0x6f, 0xc5, 0x2d, 0xf0, 0xeb, 0xef,
+ 0x9e, 0xbb, 0x4b, 0x90, 0xb3, 0x8a, 0x5f, 0x90,
+ 0x2e, 0x83, 0xfe, 0x1b, 0x13, 0x5a, 0x70, 0xe2,
+ 0x3a, 0xed, 0x76, 0x2e, 0x97, 0x10, 0xa1, 0x2e
+ }
+ },
+ {
+ "ThisIsAPassword",
+ "ThisIsASSID",
+ {
+ 0x0d, 0xc0, 0xd6, 0xeb, 0x90, 0x55, 0x5e, 0xd6,
+ 0x41, 0x97, 0x56, 0xb9, 0xa1, 0x5e, 0xc3, 0xe3,
+ 0x20, 0x9b, 0x63, 0xdf, 0x70, 0x7d, 0xd5, 0x08,
+ 0xd1, 0x45, 0x81, 0xf8, 0x98, 0x27, 0x21, 0xaf
+ }
+ },
+ {
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+ "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
+ {
+ 0xbe, 0xcb, 0x93, 0x86, 0x6b, 0xb8, 0xc3, 0x83,
+ 0x2c, 0xb7, 0x77, 0xc2, 0xf5, 0x59, 0x80, 0x7c,
+ 0x8c, 0x59, 0xaf, 0xcb, 0x6e, 0xae, 0x73, 0x48,
+ 0x85, 0x00, 0x13, 0x00, 0xa9, 0x81, 0xcc, 0x62
+ }
+ },
+};
+
+#define NUM_PASSPHRASE_TESTS \
+(sizeof(passphrase_tests) / sizeof(passphrase_tests[0]))
+
+
+int main(int argc, char *argv[])
+{
+ u8 res[512];
+ int ret = 0;
+ unsigned int i;
+
+ printf("PRF-SHA1 test cases:\n");
+
+ sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1,
+ res, sizeof(prf0));
+ if (memcmp(res, prf0, sizeof(prf0)) == 0)
+ printf("Test case 0 - OK\n");
+ else {
+ printf("Test case 0 - FAILED!\n");
+ ret++;
+ }
+
+ sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1,
+ res, sizeof(prf1));
+ if (memcmp(res, prf1, sizeof(prf1)) == 0)
+ printf("Test case 1 - OK\n");
+ else {
+ printf("Test case 1 - FAILED!\n");
+ ret++;
+ }
+
+ sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2),
+ res, sizeof(prf2));
+ if (memcmp(res, prf2, sizeof(prf2)) == 0)
+ printf("Test case 2 - OK\n");
+ else {
+ printf("Test case 2 - FAILED!\n");
+ ret++;
+ }
+
+ ret += test_eap_fast();
+
+ printf("PBKDF2-SHA1 Passphrase test cases:\n");
+ for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
+ u8 psk[32];
+ struct passphrase_test *test = &passphrase_tests[i];
+ pbkdf2_sha1(test->passphrase,
+ test->ssid, strlen(test->ssid),
+ 4096, psk, 32);
+ if (memcmp(psk, test->psk, 32) == 0)
+ printf("Test case %d - OK\n", i);
+ else {
+ printf("Test case %d - FAILED!\n", i);
+ ret++;
+ }
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * Test program for SHA256
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha256.h"
+#include "crypto.h"
+
+struct {
+ char *data;
+ u8 hash[32];
+} tests[] = {
+ {
+ "abc",
+ {
+ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
+ 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+ 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+ }
+ },
+ {
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ {
+ 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
+ 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+ 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+ 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
+ }
+ }
+};
+
+struct hmac_test {
+ u8 key[80];
+ size_t key_len;
+ u8 data[128];
+ size_t data_len;
+ u8 hash[32];
+} hmac_tests[] = {
+ /* draft-ietf-ipsec-ciph-sha-256-01.txt */
+ {
+ {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
+ },
+ 32,
+ "abc", 3,
+ {
+ 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
+ 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
+ 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
+ 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81
+ }
+ },
+ {
+ {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
+ },
+ 32,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ 56,
+ {
+ 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
+ 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
+ 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
+ 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30
+ }
+ },
+ {
+ {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20
+ },
+ 32,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ 112,
+ {
+ 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
+ 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
+ 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
+ 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3
+ }
+ },
+ {
+ {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+ },
+ 32,
+ "Hi There",
+ 8,
+ {
+ 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
+ 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
+ 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
+ 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7
+ }
+ },
+ {
+ "Jefe",
+ 4,
+ "what do ya want for nothing?",
+ 28,
+ {
+ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
+ 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
+ 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
+ }
+ },
+ {
+ {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ },
+ 32,
+ {
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd
+ },
+ 50,
+ {
+ 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
+ 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
+ 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
+ 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0
+ }
+ },
+ {
+ {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25
+ },
+ 37,
+ {
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd
+ },
+ 50,
+ {
+ 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
+ 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
+ 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
+ 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17
+ }
+ },
+ {
+ {
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+ },
+ 32,
+ "Test With Truncation",
+ 20,
+ {
+ 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
+ 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
+ 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
+ 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42
+ }
+ },
+ {
+ {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ },
+ 80,
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ 54,
+ {
+ 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
+ 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
+ 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
+ 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f
+ }
+ },
+ {
+ {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ },
+ 80,
+ "Test Using Larger Than Block-Size Key and Larger Than One "
+ "Block-Size Data",
+ 73,
+ {
+ 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
+ 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
+ 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
+ 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6
+ }
+ }
+};
+
+
+int main(int argc, char *argv[])
+{
+
+ unsigned int i;
+ u8 hash[32];
+ const u8 *addr[2];
+ size_t len[2];
+ int errors = 0;
+
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ printf("SHA256 test case %d:", i + 1);
+
+ addr[0] = (u8 *) tests[i].data;
+ len[0] = strlen(tests[i].data);
+ sha256_vector(1, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 32) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+
+ if (len[0]) {
+ addr[0] = (u8 *) tests[i].data;
+ len[0] = 1;
+ addr[1] = (u8 *) tests[i].data + 1;
+ len[1] = strlen(tests[i].data) - 1;
+ sha256_vector(2, addr, len, hash);
+ if (memcmp(hash, tests[i].hash, 32) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+ }
+
+ printf("\n");
+ }
+
+ for (i = 0; i < sizeof(hmac_tests) / sizeof(hmac_tests[0]); i++) {
+ struct hmac_test *t = &hmac_tests[i];
+ printf("HMAC-SHA256 test case %d:", i + 1);
+
+ hmac_sha256(t->key, t->key_len, t->data, t->data_len, hash);
+ if (memcmp(hash, t->hash, 32) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+
+ addr[0] = t->data;
+ len[0] = t->data_len;
+ hmac_sha256_vector(t->key, t->key_len, 1, addr, len, hash);
+ if (memcmp(hash, t->hash, 32) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+
+ if (len[0]) {
+ addr[0] = t->data;
+ len[0] = 1;
+ addr[1] = t->data + 1;
+ len[1] = t->data_len - 1;
+ hmac_sha256_vector(t->key, t->key_len, 2, addr, len,
+ hash);
+ if (memcmp(hash, t->hash, 32) != 0) {
+ printf(" FAIL");
+ errors++;
+ } else
+ printf(" OK");
+ }
+
+ printf("\n");
+ }
+
+ printf("Test IEEE 802.11r KDF\n");
+ sha256_prf("abc", 3, "KDF test", "data", 4, hash, sizeof(hash));
+ /* TODO: add proper test case for this */
+
+ return errors;
+}
--- /dev/null
+/*
+ * Testing tool for X.509v3 routines
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "asn1.h"
+#include "x509v3.h"
+
+extern int wpa_debug_level;
+
+
+int main(int argc, char *argv[])
+{
+ char *buf;
+ size_t len;
+ struct x509_certificate *certs = NULL, *last = NULL, *cert;
+ int i, reason;
+
+ wpa_debug_level = 0;
+
+ if (argc < 3 || strcmp(argv[1], "-v") != 0) {
+ printf("usage: test_x509v3 -v <cert1.der> <cert2.der> ..\n");
+ return -1;
+ }
+
+ for (i = 2; i < argc; i++) {
+ printf("Reading: %s\n", argv[i]);
+ buf = os_readfile(argv[i], &len);
+ if (buf == NULL) {
+ printf("Failed to read '%s'\n", argv[i]);
+ return -1;
+ }
+
+ cert = x509_certificate_parse(buf, len);
+ if (cert == NULL) {
+ printf("Failed to parse X.509 certificate\n");
+ return -1;
+ }
+
+ free(buf);
+
+ if (certs == NULL)
+ certs = cert;
+ else
+ last->next = cert;
+ last = cert;
+ }
+
+ printf("\n\nValidating certificate chain\n");
+ if (x509_certificate_chain_validate(last, certs, &reason) < 0) {
+ printf("\nCertificate chain validation failed: %d\n", reason);
+ return -1;
+ }
+ printf("\nCertificate chain is valid\n");
+
+ return 0;
+}
--- /dev/null
+/*
+ * WPA Supplicant / SSL/TLS interface definition
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef TLS_H
+#define TLS_H
+
+struct tls_connection;
+
+struct tls_keys {
+ const u8 *master_key; /* TLS master secret */
+ size_t master_key_len;
+ const u8 *client_random;
+ size_t client_random_len;
+ const u8 *server_random;
+ size_t server_random_len;
+ const u8 *inner_secret; /* TLS/IA inner secret */
+ size_t inner_secret_len;
+};
+
+struct tls_config {
+ const char *opensc_engine_path;
+ const char *pkcs11_engine_path;
+ const char *pkcs11_module_path;
+};
+
+/**
+ * struct tls_connection_params - Parameters for TLS connection
+ * @ca_cert: File or reference name for CA X.509 certificate in PEM or DER
+ * format
+ * @ca_cert_blob: ca_cert as inlined data or %NULL if not used
+ * @ca_cert_blob_len: ca_cert_blob length
+ * @ca_path: Path to CA certificates (OpenSSL specific)
+ * @subject_match: String to match in the subject of the peer certificate or
+ * %NULL to allow all subjects
+ * @altsubject_match: String to match in the alternative subject of the peer
+ * certificate or %NULL to allow all alternative subjects
+ * @client_cert: File or reference name for client X.509 certificate in PEM or
+ * DER format
+ * @client_cert_blob: client_cert as inlined data or %NULL if not used
+ * @client_cert_blob_len: client_cert_blob length
+ * @private_key: File or reference name for client private key in PEM or DER
+ * format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY)
+ * @private_key_blob: private_key as inlined data or %NULL if not used
+ * @private_key_blob_len: private_key_blob length
+ * @private_key_passwd: Passphrase for decrypted private key, %NULL if no
+ * passphrase is used.
+ * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used
+ * @dh_blob: dh_file as inlined data or %NULL if not used
+ * @dh_blob_len: dh_blob length
+ * @engine: 1 = use engine (e.g., a smartcard) for private key operations
+ * (this is OpenSSL specific for now)
+ * @engine_id: engine id string (this is OpenSSL specific for now)
+ * @ppin: pointer to the pin variable in the configuration
+ * (this is OpenSSL specific for now)
+ * @key_id: the private key's key id (this is OpenSSL specific for now)
+ * @tls_ia: Whether to enable TLS/IA (for EAP-TTLSv1)
+ *
+ * TLS connection parameters to be configured with tls_connection_set_params()
+ * and tls_global_set_params().
+ *
+ * Certificates and private key can be configured either as a reference name
+ * (file path or reference to certificate store) or by providing the same data
+ * as a pointer to the data in memory. Only one option will be used for each
+ * field.
+ */
+struct tls_connection_params {
+ const char *ca_cert;
+ const u8 *ca_cert_blob;
+ size_t ca_cert_blob_len;
+ const char *ca_path;
+ const char *subject_match;
+ const char *altsubject_match;
+ const char *client_cert;
+ const u8 *client_cert_blob;
+ size_t client_cert_blob_len;
+ const char *private_key;
+ const u8 *private_key_blob;
+ size_t private_key_blob_len;
+ const char *private_key_passwd;
+ const char *dh_file;
+ const u8 *dh_blob;
+ size_t dh_blob_len;
+ int tls_ia;
+
+ /* OpenSSL specific variables */
+ int engine;
+ const char *engine_id;
+ const char *pin;
+ const char *key_id;
+};
+
+
+/**
+ * tls_init - Initialize TLS library
+ * @conf: Configuration data for TLS library
+ * Returns: Context data to be used as tls_ctx in calls to other functions,
+ * or %NULL on failure.
+ *
+ * Called once during program startup and once for each RSN pre-authentication
+ * session. In other words, there can be two concurrent TLS contexts. If global
+ * library initialization is needed (i.e., one that is shared between both
+ * authentication types), the TLS library wrapper should maintain a reference
+ * counter and do global initialization only when moving from 0 to 1 reference.
+ */
+void * tls_init(const struct tls_config *conf);
+
+/**
+ * tls_deinit - Deinitialize TLS library
+ * @tls_ctx: TLS context data from tls_init()
+ *
+ * Called once during program shutdown and once for each RSN pre-authentication
+ * session. If global library deinitialization is needed (i.e., one that is
+ * shared between both authentication types), the TLS library wrapper should
+ * maintain a reference counter and do global deinitialization only when moving
+ * from 1 to 0 references.
+ */
+void tls_deinit(void *tls_ctx);
+
+/**
+ * tls_get_errors - Process pending errors
+ * @tls_ctx: TLS context data from tls_init()
+ * Returns: Number of found error, 0 if no errors detected.
+ *
+ * Process all pending TLS errors.
+ */
+int tls_get_errors(void *tls_ctx);
+
+/**
+ * tls_connection_init - Initialize a new TLS connection
+ * @tls_ctx: TLS context data from tls_init()
+ * Returns: Connection context data, conn for other function calls
+ */
+struct tls_connection * tls_connection_init(void *tls_ctx);
+
+/**
+ * tls_connection_deinit - Free TLS connection data
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ *
+ * Release all resources allocated for TLS connection.
+ */
+void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
+
+/**
+ * tls_connection_established - Has the TLS connection been completed?
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: 1 if TLS connection has been completed, 0 if not.
+ */
+int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
+
+/**
+ * tls_connection_shutdown - Shutdown TLS connection
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: 0 on success, -1 on failure
+ *
+ * Shutdown current TLS connection without releasing all resources. New
+ * connection can be started by using the same conn without having to call
+ * tls_connection_init() or setting certificates etc. again. The new
+ * connection should try to use session resumption.
+ */
+int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
+
+enum {
+ TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
+ TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
+};
+
+/**
+ * tls_connection_set_params - Set TLS connection parameters
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @params: Connection parameters
+ * Returns: 0 on success, -1 on failure,
+ * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
+ * PKCS#11 engine failure, or
+ * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
+ * PKCS#11 engine private key.
+ */
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params);
+
+/**
+ * tls_global_set_params - Set TLS parameters for all TLS connection
+ * @tls_ctx: TLS context data from tls_init()
+ * @params: Global TLS parameters
+ * Returns: 0 on success, -1 on failure,
+ * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
+ * PKCS#11 engine failure, or
+ * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
+ * PKCS#11 engine private key.
+ */
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params);
+
+/**
+ * tls_global_set_verify - Set global certificate verification options
+ * @tls_ctx: TLS context data from tls_init()
+ * @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate,
+ * 2 = verify CRL for all certificates
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_global_set_verify(void *tls_ctx, int check_crl);
+
+/**
+ * tls_connection_set_verify - Set certificate verification options
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @verify_peer: 1 = verify peer certificate
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
+ int verify_peer);
+
+/**
+ * tls_connection_set_ia - Set TLS/IA parameters
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @tls_ia: 1 = enable TLS/IA
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to configure TLS/IA in server mode where
+ * tls_connection_set_params() is not used.
+ */
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia);
+
+/**
+ * tls_connection_get_keys - Get master key and random data from TLS connection
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @keys: Structure of key/random data (filled on success)
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
+ struct tls_keys *keys);
+
+/**
+ * tls_connection_prf - Use TLS-PRF to derive keying material
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @label: Label (e.g., description of the key) for PRF
+ * @server_random_first: seed is 0 = client_random|server_random,
+ * 1 = server_random|client_random
+ * @out: Buffer for output data from TLS-PRF
+ * @out_len: Length of the output buffer
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is optional to implement if tls_connection_get_keys() provides
+ * access to master secret and server/client random values. If these values are
+ * not exported from the TLS library, tls_connection_prf() is required so that
+ * further keying material can be derived from the master secret. If not
+ * implemented, the function will still need to be defined, but it can just
+ * return -1. Example implementation of this function is in tls_prf() function
+ * when it is called with seed set to client_random|server_random (or
+ * server_random|client_random).
+ */
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len);
+
+/**
+ * tls_connection_handshake - Process TLS handshake (client side)
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @in_data: Input data from TLS peer
+ * @in_len: Input data length
+ * @out_len: Length of the output buffer.
+ * @appl_data: Pointer to application data pointer, or %NULL if dropped
+ * @appl_data_len: Pointer to variable that is set to appl_data length
+ * Returns: Pointer to output data, %NULL on failure
+ *
+ * Caller is responsible for freeing returned output data. If the final
+ * handshake message includes application data, this is decrypted and
+ * appl_data (if not %NULL) is set to point this data. Caller is responsible
+ * for freeing appl_data.
+ *
+ * This function is used during TLS handshake. The first call is done with
+ * in_data == %NULL and the library is expected to return ClientHello packet.
+ * This packet is then send to the server and a response from server is given
+ * to TLS library by calling this function again with in_data pointing to the
+ * TLS message from the server.
+ *
+ * If the TLS handshake fails, this function may return %NULL. However, if the
+ * TLS library has a TLS alert to send out, that should be returned as the
+ * output data. In this case, tls_connection_get_failed() must return failure
+ * (> 0).
+ *
+ * tls_connection_established() should return 1 once the TLS handshake has been
+ * completed successfully.
+ */
+u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len);
+
+/**
+ * tls_connection_server_handshake - Process TLS handshake (server side)
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @in_data: Input data from TLS peer
+ * @in_len: Input data length
+ * @out_len: Length of the output buffer.
+ * Returns: pointer to output data, %NULL on failure
+ *
+ * Caller is responsible for freeing returned output data.
+ */
+u8 * tls_connection_server_handshake(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len);
+
+/**
+ * tls_connection_encrypt - Encrypt data into TLS tunnel
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @in_data: Pointer to plaintext data to be encrypted
+ * @in_len: Input buffer length
+ * @out_data: Pointer to output buffer (encrypted TLS data)
+ * @out_len: Maximum out_data length
+ * Returns: Number of bytes written to out_data, -1 on failure
+ *
+ * This function is used after TLS handshake has been completed successfully to
+ * send data in the encrypted tunnel.
+ */
+int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len);
+
+/**
+ * tls_connection_decrypt - Decrypt data from TLS tunnel
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @in_data: Pointer to input buffer (encrypted TLS data)
+ * @in_len: Input buffer length
+ * @out_data: Pointer to output buffer (decrypted data from TLS tunnel)
+ * @out_len: Maximum out_data length
+ * Returns: Number of bytes written to out_data, -1 on failure
+ *
+ * This function is used after TLS handshake has been completed successfully to
+ * receive data from the encrypted tunnel.
+ */
+int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len);
+
+/**
+ * tls_connection_resumed - Was session resumption used
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: 1 if current session used session resumption, 0 if not
+ */
+int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);
+
+/**
+ * tls_connection_set_master_key - Configure master secret for TLS connection
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @key: TLS pre-master-secret
+ * @key_len: length of key in bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len);
+
+enum {
+ TLS_CIPHER_NONE,
+ TLS_CIPHER_RC4_SHA /* 0x0005 */,
+ TLS_CIPHER_AES128_SHA /* 0x002f */,
+ TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
+ TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
+};
+
+/**
+ * tls_connection_set_cipher_list - Configure acceptable cipher suites
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
+ * (TLS_CIPHER_*).
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers);
+
+/**
+ * tls_get_cipher - Get current cipher name
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @buf: Buffer for the cipher name
+ * @buflen: buf size
+ * Returns: 0 on success, -1 on failure
+ *
+ * Get the name of the currently used cipher.
+ */
+int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen);
+
+/**
+ * tls_connection_enable_workaround - Enable TLS workaround options
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to enable connection-specific workaround options for
+ * buffer SSL/TLS implementations.
+ */
+int tls_connection_enable_workaround(void *tls_ctx,
+ struct tls_connection *conn);
+
+/**
+ * tls_connection_client_hello_ext - Set TLS extension for ClientHello
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @ext_type: Extension type
+ * @data: Extension payload (%NULL to remove extension)
+ * @data_len: Extension payload length
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len);
+
+/**
+ * tls_connection_get_failed - Get connection failure status
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ *
+ * Returns >0 if connection has failed, 0 if not.
+ */
+int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);
+
+/**
+ * tls_connection_get_read_alerts - Get connection read alert status
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: Number of times a fatal read (remote end reported error) has
+ * happened during this connection.
+ */
+int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
+
+/**
+ * tls_connection_get_write_alerts - Get connection write alert status
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: Number of times a fatal write (locally detected error) has happened
+ * during this connection.
+ */
+int tls_connection_get_write_alerts(void *tls_ctx,
+ struct tls_connection *conn);
+
+/**
+ * tls_connection_get_keyblock_size - Get TLS key_block size
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: Size of the key_block for the negotiated cipher suite or -1 on
+ * failure
+ */
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn);
+
+#define TLS_CAPABILITY_IA 0x0001 /* TLS Inner Application (TLS/IA) */
+/**
+ * tls_capabilities - Get supported TLS capabilities
+ * @tls_ctx: TLS context data from tls_init()
+ * Returns: Bit field of supported TLS capabilities (TLS_CAPABILITY_*)
+ */
+unsigned int tls_capabilities(void *tls_ctx);
+
+/**
+ * tls_connection_ia_send_phase_finished - Send a TLS/IA PhaseFinished message
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @final: 1 = FinalPhaseFinished, 0 = IntermediatePhaseFinished
+ * @out_data: Pointer to output buffer (encrypted TLS/IA data)
+ * @out_len: Maximum out_data length
+ * Returns: Number of bytes written to out_data on success, -1 on failure
+ *
+ * This function is used to send the TLS/IA end phase message, e.g., when the
+ * EAP server completes EAP-TTLSv1.
+ */
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len);
+
+/**
+ * tls_connection_ia_final_phase_finished - Has final phase been completed
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: 1 if valid FinalPhaseFinished has been received, 0 if not, or -1
+ * on failure
+ */
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn);
+
+/**
+ * tls_connection_ia_permute_inner_secret - Permute TLS/IA inner secret
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @key: Session key material (session_key vectors with 2-octet length), or
+ * %NULL if no session key was generating in the current phase
+ * @key_len: Length of session key material
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len);
+
+#endif /* TLS_H */
--- /dev/null
+/*
+ * WPA Supplicant / SSL/TLS interface functions for openssl
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#ifdef PKCS12_FUNCS
+#include <gnutls/pkcs12.h>
+#endif /* PKCS12_FUNCS */
+
+#ifdef CONFIG_GNUTLS_EXTRA
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010302
+#define GNUTLS_IA
+#include <gnutls/extra.h>
+#if LIBGNUTLS_VERSION_NUMBER == 0x010302
+/* This function is not included in the current gnutls/extra.h even though it
+ * should be, so define it here as a workaround for the time being. */
+int gnutls_ia_verify_endphase(gnutls_session_t session, char *checksum);
+#endif /* LIBGNUTLS_VERSION_NUMBER == 0x010302 */
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
+#endif /* CONFIG_GNUTLS_EXTRA */
+
+#include "common.h"
+#include "tls.h"
+
+
+#define TLS_RANDOM_SIZE 32
+#define TLS_MASTER_SIZE 48
+
+
+#if LIBGNUTLS_VERSION_NUMBER < 0x010302
+/* GnuTLS 1.3.2 added functions for using master secret. Older versions require
+ * use of internal structures to get the master_secret and
+ * {server,client}_random.
+ */
+#define GNUTLS_INTERNAL_STRUCTURE_HACK
+#endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
+
+
+#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
+/*
+ * It looks like gnutls does not provide access to client/server_random and
+ * master_key. This is somewhat unfortunate since these are needed for key
+ * derivation in EAP-{TLS,TTLS,PEAP,FAST}. Workaround for now is a horrible
+ * hack that copies the gnutls_session_int definition from gnutls_int.h so that
+ * we can get the needed information.
+ */
+
+typedef u8 uint8;
+typedef unsigned char opaque;
+typedef struct {
+ uint8 suite[2];
+} cipher_suite_st;
+
+typedef struct {
+ gnutls_connection_end_t entity;
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_cipher_algorithm_t read_bulk_cipher_algorithm;
+ gnutls_mac_algorithm_t read_mac_algorithm;
+ gnutls_compression_method_t read_compression_algorithm;
+ gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
+ gnutls_mac_algorithm_t write_mac_algorithm;
+ gnutls_compression_method_t write_compression_algorithm;
+ cipher_suite_st current_cipher_suite;
+ opaque master_secret[TLS_MASTER_SIZE];
+ opaque client_random[TLS_RANDOM_SIZE];
+ opaque server_random[TLS_RANDOM_SIZE];
+ /* followed by stuff we are not interested in */
+} security_parameters_st;
+
+struct gnutls_session_int {
+ security_parameters_st security_parameters;
+ /* followed by things we are not interested in */
+};
+#endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */
+
+static int tls_gnutls_ref_count = 0;
+
+struct tls_global {
+ /* Data for session resumption */
+ void *session_data;
+ size_t session_data_size;
+
+ int server;
+
+ int params_set;
+ gnutls_certificate_credentials_t xcred;
+};
+
+struct tls_connection {
+ gnutls_session session;
+ char *subject_match, *altsubject_match;
+ int read_alerts, write_alerts, failed;
+
+ u8 *pre_shared_secret;
+ size_t pre_shared_secret_len;
+ int established;
+ int verify_peer;
+
+ u8 *push_buf, *pull_buf, *pull_buf_offset;
+ size_t push_buf_len, pull_buf_len;
+
+ int params_set;
+ gnutls_certificate_credentials_t xcred;
+
+ int tls_ia;
+ int final_phase_finished;
+
+#ifdef GNUTLS_IA
+ gnutls_ia_server_credentials_t iacred_srv;
+ gnutls_ia_client_credentials_t iacred_cli;
+
+ /* Session keys generated in the current phase for inner secret
+ * permutation before generating/verifying PhaseFinished. */
+ u8 *session_keys;
+ size_t session_keys_len;
+
+ u8 inner_secret[TLS_MASTER_SIZE];
+#endif /* GNUTLS_IA */
+};
+
+
+static void tls_log_func(int level, const char *msg)
+{
+ char *s, *pos;
+ if (level == 6 || level == 7) {
+ /* These levels seem to be mostly I/O debug and msg dumps */
+ return;
+ }
+
+ s = os_strdup(msg);
+ if (s == NULL)
+ return;
+
+ pos = s;
+ while (*pos != '\0') {
+ if (*pos == '\n') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+ wpa_printf(level > 3 ? MSG_MSGDUMP : MSG_DEBUG,
+ "gnutls<%d> %s", level, s);
+ os_free(s);
+}
+
+
+extern int wpa_debug_show_keys;
+
+void * tls_init(const struct tls_config *conf)
+{
+ struct tls_global *global;
+
+#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
+ /* Because of the horrible hack to get master_secret and client/server
+ * random, we need to make sure that the gnutls version is something
+ * that is expected to have same structure definition for the session
+ * data.. */
+ const char *ver;
+ const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9",
+ "1.3.2",
+ NULL };
+ int i;
+#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
+
+ global = os_zalloc(sizeof(*global));
+ if (global == NULL)
+ return NULL;
+
+ if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
+ os_free(global);
+ return NULL;
+ }
+ tls_gnutls_ref_count++;
+
+#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
+ ver = gnutls_check_version(NULL);
+ if (ver == NULL) {
+ tls_deinit(global);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
+ for (i = 0; ok_ver[i]; i++) {
+ if (strcmp(ok_ver[i], ver) == 0)
+ break;
+ }
+ if (ok_ver[i] == NULL) {
+ wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
+ "to be tested and enabled in tls_gnutls.c", ver);
+ tls_deinit(global);
+ return NULL;
+ }
+#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (wpa_debug_show_keys)
+ gnutls_global_set_log_level(11);
+ return global;
+}
+
+
+void tls_deinit(void *ssl_ctx)
+{
+ struct tls_global *global = ssl_ctx;
+ if (global) {
+ if (global->params_set)
+ gnutls_certificate_free_credentials(global->xcred);
+ os_free(global->session_data);
+ os_free(global);
+ }
+
+ tls_gnutls_ref_count--;
+ if (tls_gnutls_ref_count == 0)
+ gnutls_global_deinit();
+}
+
+
+int tls_get_errors(void *ssl_ctx)
+{
+ return 0;
+}
+
+
+static ssize_t tls_pull_func(gnutls_transport_ptr ptr, void *buf,
+ size_t len)
+{
+ struct tls_connection *conn = (struct tls_connection *) ptr;
+ u8 *end;
+ if (conn->pull_buf == NULL) {
+ errno = EWOULDBLOCK;
+ return -1;
+ }
+
+ end = conn->pull_buf + conn->pull_buf_len;
+ if ((size_t) (end - conn->pull_buf_offset) < len)
+ len = end - conn->pull_buf_offset;
+ os_memcpy(buf, conn->pull_buf_offset, len);
+ conn->pull_buf_offset += len;
+ if (conn->pull_buf_offset == end) {
+ wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__);
+ os_free(conn->pull_buf);
+ conn->pull_buf = conn->pull_buf_offset = NULL;
+ conn->pull_buf_len = 0;
+ } else {
+ wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in pull_buf",
+ __func__, end - conn->pull_buf_offset);
+ }
+ return len;
+}
+
+
+static ssize_t tls_push_func(gnutls_transport_ptr ptr, const void *buf,
+ size_t len)
+{
+ struct tls_connection *conn = (struct tls_connection *) ptr;
+ u8 *nbuf;
+
+ nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len);
+ if (nbuf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ os_memcpy(nbuf + conn->push_buf_len, buf, len);
+ conn->push_buf = nbuf;
+ conn->push_buf_len += len;
+
+ return len;
+}
+
+
+static int tls_gnutls_init_session(struct tls_global *global,
+ struct tls_connection *conn)
+{
+ const int cert_types[2] = { GNUTLS_CRT_X509, 0 };
+ const int protos[2] = { GNUTLS_TLS1, 0 };
+ int ret;
+
+ ret = gnutls_init(&conn->session,
+ global->server ? GNUTLS_SERVER : GNUTLS_CLIENT);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "TLS: Failed to initialize new TLS "
+ "connection: %s", gnutls_strerror(ret));
+ return -1;
+ }
+
+ ret = gnutls_set_default_priority(conn->session);
+ if (ret < 0)
+ goto fail;
+
+ ret = gnutls_certificate_type_set_priority(conn->session, cert_types);
+ if (ret < 0)
+ goto fail;
+
+ ret = gnutls_protocol_set_priority(conn->session, protos);
+ if (ret < 0)
+ goto fail;
+
+ gnutls_transport_set_pull_function(conn->session, tls_pull_func);
+ gnutls_transport_set_push_function(conn->session, tls_push_func);
+ gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);
+
+ return 0;
+
+fail:
+ wpa_printf(MSG_INFO, "TLS: Failed to setup new TLS connection: %s",
+ gnutls_strerror(ret));
+ gnutls_deinit(conn->session);
+ return -1;
+}
+
+
+struct tls_connection * tls_connection_init(void *ssl_ctx)
+{
+ struct tls_global *global = ssl_ctx;
+ struct tls_connection *conn;
+ int ret;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (conn == NULL)
+ return NULL;
+
+ if (tls_gnutls_init_session(global, conn)) {
+ os_free(conn);
+ return NULL;
+ }
+
+ if (global->params_set) {
+ ret = gnutls_credentials_set(conn->session,
+ GNUTLS_CRD_CERTIFICATE,
+ global->xcred);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "Failed to configure "
+ "credentials: %s", gnutls_strerror(ret));
+ os_free(conn);
+ return NULL;
+ }
+ }
+
+ if (gnutls_certificate_allocate_credentials(&conn->xcred)) {
+ os_free(conn);
+ return NULL;
+ }
+
+ return conn;
+}
+
+
+void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return;
+
+#ifdef GNUTLS_IA
+ if (conn->iacred_srv)
+ gnutls_ia_free_server_credentials(conn->iacred_srv);
+ if (conn->iacred_cli)
+ gnutls_ia_free_client_credentials(conn->iacred_cli);
+ if (conn->session_keys) {
+ os_memset(conn->session_keys, 0, conn->session_keys_len);
+ os_free(conn->session_keys);
+ }
+#endif /* GNUTLS_IA */
+
+ gnutls_certificate_free_credentials(conn->xcred);
+ gnutls_deinit(conn->session);
+ os_free(conn->pre_shared_secret);
+ os_free(conn->subject_match);
+ os_free(conn->altsubject_match);
+ os_free(conn->push_buf);
+ os_free(conn->pull_buf);
+ os_free(conn);
+}
+
+
+int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
+{
+ return conn ? conn->established : 0;
+}
+
+
+int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
+{
+ struct tls_global *global = ssl_ctx;
+ int ret;
+
+ if (conn == NULL)
+ return -1;
+
+ /* Shutdown previous TLS connection without notifying the peer
+ * because the connection was already terminated in practice
+ * and "close notify" shutdown alert would confuse AS. */
+ gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
+ os_free(conn->push_buf);
+ conn->push_buf = NULL;
+ conn->push_buf_len = 0;
+ conn->established = 0;
+ conn->final_phase_finished = 0;
+#ifdef GNUTLS_IA
+ if (conn->session_keys) {
+ os_memset(conn->session_keys, 0, conn->session_keys_len);
+ os_free(conn->session_keys);
+ }
+ conn->session_keys_len = 0;
+#endif /* GNUTLS_IA */
+
+ gnutls_deinit(conn->session);
+ if (tls_gnutls_init_session(global, conn)) {
+ wpa_printf(MSG_INFO, "GnuTLS: Failed to preparare new session "
+ "for session resumption use");
+ return -1;
+ }
+
+ ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
+ conn->params_set ? conn->xcred :
+ global->xcred);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "GnuTLS: Failed to configure credentials "
+ "for session resumption: %s", gnutls_strerror(ret));
+ return -1;
+ }
+
+ if (global->session_data) {
+ ret = gnutls_session_set_data(conn->session,
+ global->session_data,
+ global->session_data_size);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "GnuTLS: Failed to set session "
+ "data: %s", gnutls_strerror(ret));
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+#if 0
+static int tls_match_altsubject(X509 *cert, const char *match)
+{
+ GENERAL_NAME *gen;
+ char *field, *tmp;
+ void *ext;
+ int i, found = 0;
+ size_t len;
+
+ ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+
+ for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
+ gen = sk_GENERAL_NAME_value(ext, i);
+ switch (gen->type) {
+ case GEN_EMAIL:
+ field = "EMAIL";
+ break;
+ case GEN_DNS:
+ field = "DNS";
+ break;
+ case GEN_URI:
+ field = "URI";
+ break;
+ default:
+ field = NULL;
+ wpa_printf(MSG_DEBUG, "TLS: altSubjectName: "
+ "unsupported type=%d", gen->type);
+ break;
+ }
+
+ if (!field)
+ continue;
+
+ wpa_printf(MSG_DEBUG, "TLS: altSubjectName: %s:%s",
+ field, gen->d.ia5->data);
+ len = os_strlen(field) + 1 +
+ strlen((char *) gen->d.ia5->data) + 1;
+ tmp = os_malloc(len);
+ if (tmp == NULL)
+ continue;
+ snprintf(tmp, len, "%s:%s", field, gen->d.ia5->data);
+ if (strstr(tmp, match))
+ found++;
+ os_free(tmp);
+ }
+
+ return found;
+}
+#endif
+
+
+#if 0
+static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ char buf[256];
+ X509 *err_cert;
+ int err, depth;
+ SSL *ssl;
+ struct tls_connection *conn;
+ char *match, *altmatch;
+
+ err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+ err = X509_STORE_CTX_get_error(x509_ctx);
+ depth = X509_STORE_CTX_get_error_depth(x509_ctx);
+ ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
+ SSL_get_ex_data_X509_STORE_CTX_idx());
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+
+ conn = SSL_get_app_data(ssl);
+ match = conn ? conn->subject_match : NULL;
+ altmatch = conn ? conn->altsubject_match : NULL;
+
+ if (!preverify_ok) {
+ wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
+ " error %d (%s) depth %d for '%s'", err,
+ X509_verify_cert_error_string(err), depth, buf);
+ } else {
+ wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - "
+ "preverify_ok=%d err=%d (%s) depth=%d buf='%s'",
+ preverify_ok, err,
+ X509_verify_cert_error_string(err), depth, buf);
+ if (depth == 0 && match && strstr(buf, match) == NULL) {
+ wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
+ "match with '%s'", buf, match);
+ preverify_ok = 0;
+ } else if (depth == 0 && altmatch &&
+ !tls_match_altsubject(err_cert, altmatch)) {
+ wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
+ "'%s' not found", altmatch);
+ preverify_ok = 0;
+ }
+ }
+
+ return preverify_ok;
+}
+#endif
+
+
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params)
+{
+ int ret;
+
+ if (conn == NULL || params == NULL)
+ return -1;
+
+ os_free(conn->subject_match);
+ conn->subject_match = NULL;
+ if (params->subject_match) {
+ conn->subject_match = os_strdup(params->subject_match);
+ if (conn->subject_match == NULL)
+ return -1;
+ }
+
+ os_free(conn->altsubject_match);
+ conn->altsubject_match = NULL;
+ if (params->altsubject_match) {
+ conn->altsubject_match = os_strdup(params->altsubject_match);
+ if (conn->altsubject_match == NULL)
+ return -1;
+ }
+
+ /* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
+ * to force peer validation(?) */
+
+ if (params->ca_cert) {
+ conn->verify_peer = 1;
+ ret = gnutls_certificate_set_x509_trust_file(
+ conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' "
+ "in PEM format: %s", params->ca_cert,
+ gnutls_strerror(ret));
+ ret = gnutls_certificate_set_x509_trust_file(
+ conn->xcred, params->ca_cert,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read CA cert "
+ "'%s' in DER format: %s",
+ params->ca_cert,
+ gnutls_strerror(ret));
+ return -1;
+ }
+ }
+ }
+
+ if (params->client_cert && params->private_key) {
+ /* TODO: private_key_passwd? */
+ ret = gnutls_certificate_set_x509_key_file(
+ conn->xcred, params->client_cert, params->private_key,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
+ "in PEM format: %s", gnutls_strerror(ret));
+ ret = gnutls_certificate_set_x509_key_file(
+ conn->xcred, params->client_cert,
+ params->private_key, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read client "
+ "cert/key in DER format: %s",
+ gnutls_strerror(ret));
+ return ret;
+ }
+ }
+ } else if (params->private_key) {
+ int pkcs12_ok = 0;
+#ifdef PKCS12_FUNCS
+ /* Try to load in PKCS#12 format */
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010302
+ ret = gnutls_certificate_set_x509_simple_pkcs12_file(
+ conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
+ params->private_key_passwd);
+ if (ret != 0) {
+ wpa_printf(MSG_DEBUG, "Failed to load private_key in "
+ "PKCS#12 format: %s", gnutls_strerror(ret));
+ return -1;
+ } else
+ pkcs12_ok = 1;
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
+#endif /* PKCS12_FUNCS */
+
+ if (!pkcs12_ok) {
+ wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not "
+ "included");
+ return -1;
+ }
+ }
+
+ conn->tls_ia = params->tls_ia;
+ conn->params_set = 1;
+
+ ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
+ conn->xcred);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "Failed to configure credentials: %s",
+ gnutls_strerror(ret));
+ }
+
+#ifdef GNUTLS_IA
+ if (conn->iacred_cli)
+ gnutls_ia_free_client_credentials(conn->iacred_cli);
+
+ ret = gnutls_ia_allocate_client_credentials(&conn->iacred_cli);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s",
+ gnutls_strerror(ret));
+ return -1;
+ }
+
+ ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
+ conn->iacred_cli);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s",
+ gnutls_strerror(ret));
+ gnutls_ia_free_client_credentials(conn->iacred_cli);
+ conn->iacred_cli = NULL;
+ return -1;
+ }
+#endif /* GNUTLS_IE */
+
+ return ret;
+}
+
+
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params)
+{
+ struct tls_global *global = tls_ctx;
+ int ret;
+
+ /* Currently, global parameters are only set when running in server
+ * mode. */
+ global->server = 1;
+
+ if (global->params_set) {
+ gnutls_certificate_free_credentials(global->xcred);
+ global->params_set = 0;
+ }
+
+ ret = gnutls_certificate_allocate_credentials(&global->xcred);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "Failed to allocate global credentials "
+ "%s", gnutls_strerror(ret));
+ return -1;
+ }
+
+ if (params->ca_cert) {
+ ret = gnutls_certificate_set_x509_trust_file(
+ global->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' "
+ "in PEM format: %s", params->ca_cert,
+ gnutls_strerror(ret));
+ ret = gnutls_certificate_set_x509_trust_file(
+ global->xcred, params->ca_cert,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read CA cert "
+ "'%s' in DER format: %s",
+ params->ca_cert,
+ gnutls_strerror(ret));
+ goto fail;
+ }
+ }
+ }
+
+ if (params->client_cert && params->private_key) {
+ /* TODO: private_key_passwd? */
+ ret = gnutls_certificate_set_x509_key_file(
+ global->xcred, params->client_cert,
+ params->private_key, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
+ "in PEM format: %s", gnutls_strerror(ret));
+ ret = gnutls_certificate_set_x509_key_file(
+ global->xcred, params->client_cert,
+ params->private_key, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to read client "
+ "cert/key in DER format: %s",
+ gnutls_strerror(ret));
+ goto fail;
+ }
+ }
+ } else if (params->private_key) {
+ int pkcs12_ok = 0;
+#ifdef PKCS12_FUNCS
+ /* Try to load in PKCS#12 format */
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010302
+ ret = gnutls_certificate_set_x509_simple_pkcs12_file(
+ global->xcred, params->private_key,
+ GNUTLS_X509_FMT_DER, params->private_key_passwd);
+ if (ret != 0) {
+ wpa_printf(MSG_DEBUG, "Failed to load private_key in "
+ "PKCS#12 format: %s", gnutls_strerror(ret));
+ goto fail;
+ } else
+ pkcs12_ok = 1;
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
+#endif /* PKCS12_FUNCS */
+
+ if (!pkcs12_ok) {
+ wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not "
+ "included");
+ goto fail;
+ }
+ }
+
+ global->params_set = 1;
+
+ return 0;
+
+fail:
+ gnutls_certificate_free_credentials(global->xcred);
+ return -1;
+}
+
+
+int tls_global_set_verify(void *ssl_ctx, int check_crl)
+{
+ /* TODO */
+ return 0;
+}
+
+
+int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
+ int verify_peer)
+{
+ if (conn == NULL || conn->session == NULL)
+ return -1;
+
+ conn->verify_peer = verify_peer;
+ gnutls_certificate_server_set_request(conn->session,
+ verify_peer ? GNUTLS_CERT_REQUIRE
+ : GNUTLS_CERT_REQUEST);
+
+ return 0;
+}
+
+
+int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
+ struct tls_keys *keys)
+{
+#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
+ security_parameters_st *sec;
+#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
+
+ if (conn == NULL || conn->session == NULL || keys == NULL)
+ return -1;
+
+ os_memset(keys, 0, sizeof(*keys));
+
+#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
+ sec = &conn->session->security_parameters;
+ keys->master_key = sec->master_secret;
+ keys->master_key_len = TLS_MASTER_SIZE;
+ keys->client_random = sec->client_random;
+ keys->server_random = sec->server_random;
+#else /* GNUTLS_INTERNAL_STRUCTURE_HACK */
+ keys->client_random =
+ (u8 *) gnutls_session_get_client_random(conn->session);
+ keys->server_random =
+ (u8 *) gnutls_session_get_server_random(conn->session);
+ /* No access to master_secret */
+#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
+
+#ifdef GNUTLS_IA
+ gnutls_ia_extract_inner_secret(conn->session,
+ (char *) conn->inner_secret);
+ keys->inner_secret = conn->inner_secret;
+ keys->inner_secret_len = TLS_MASTER_SIZE;
+#endif /* GNUTLS_IA */
+
+ keys->client_random_len = TLS_RANDOM_SIZE;
+ keys->server_random_len = TLS_RANDOM_SIZE;
+
+ return 0;
+}
+
+
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len)
+{
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010302
+ if (conn == NULL || conn->session == NULL)
+ return -1;
+
+ return gnutls_prf(conn->session, os_strlen(label), label,
+ server_random_first, 0, NULL, out_len, (char *) out);
+#else /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
+ return -1;
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
+}
+
+
+static int tls_connection_verify_peer(struct tls_connection *conn)
+{
+ unsigned int status, num_certs, i;
+ struct os_time now;
+ const gnutls_datum_t *certs;
+ gnutls_x509_crt_t cert;
+
+ if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) {
+ wpa_printf(MSG_INFO, "TLS: Failed to verify peer "
+ "certificate chain");
+ return -1;
+ }
+
+ if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
+ wpa_printf(MSG_INFO, "TLS: Peer certificate not trusted");
+ return -1;
+ }
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
+ wpa_printf(MSG_INFO, "TLS: Peer certificate does not have a "
+ "known issuer");
+ return -1;
+ }
+
+ if (status & GNUTLS_CERT_REVOKED) {
+ wpa_printf(MSG_INFO, "TLS: Peer certificate has been revoked");
+ return -1;
+ }
+
+ os_get_time(&now);
+
+ certs = gnutls_certificate_get_peers(conn->session, &num_certs);
+ if (certs == NULL) {
+ wpa_printf(MSG_INFO, "TLS: No peer certificate chain "
+ "received");
+ return -1;
+ }
+
+ for (i = 0; i < num_certs; i++) {
+ char *buf;
+ size_t len;
+ if (gnutls_x509_crt_init(&cert) < 0) {
+ wpa_printf(MSG_INFO, "TLS: Certificate initialization "
+ "failed");
+ return -1;
+ }
+
+ if (gnutls_x509_crt_import(cert, &certs[i],
+ GNUTLS_X509_FMT_DER) < 0) {
+ wpa_printf(MSG_INFO, "TLS: Could not parse peer "
+ "certificate %d/%d", i + 1, num_certs);
+ gnutls_x509_crt_deinit(cert);
+ return -1;
+ }
+
+ gnutls_x509_crt_get_dn(cert, NULL, &len);
+ len++;
+ buf = os_malloc(len + 1);
+ if (buf) {
+ buf[0] = buf[len] = '\0';
+ gnutls_x509_crt_get_dn(cert, buf, &len);
+ }
+ wpa_printf(MSG_DEBUG, "TLS: Peer cert chain %d/%d: %s",
+ i + 1, num_certs, buf);
+
+ if (i == 0) {
+ /* TODO: validate subject_match and altsubject_match */
+ }
+
+ os_free(buf);
+
+ if (gnutls_x509_crt_get_expiration_time(cert) < now.sec ||
+ gnutls_x509_crt_get_activation_time(cert) > now.sec) {
+ wpa_printf(MSG_INFO, "TLS: Peer certificate %d/%d is "
+ "not valid at this time",
+ i + 1, num_certs);
+ gnutls_x509_crt_deinit(cert);
+ return -1;
+ }
+
+ gnutls_x509_crt_deinit(cert);
+ }
+
+ return 0;
+}
+
+
+u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len)
+{
+ struct tls_global *global = ssl_ctx;
+ u8 *out_data;
+ int ret;
+
+ if (appl_data)
+ *appl_data = NULL;
+
+ if (in_data && in_len) {
+ if (conn->pull_buf) {
+ wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in "
+ "pull_buf", __func__, conn->pull_buf_len);
+ os_free(conn->pull_buf);
+ }
+ conn->pull_buf = os_malloc(in_len);
+ if (conn->pull_buf == NULL)
+ return NULL;
+ os_memcpy(conn->pull_buf, in_data, in_len);
+ conn->pull_buf_offset = conn->pull_buf;
+ conn->pull_buf_len = in_len;
+ }
+
+ ret = gnutls_handshake(conn->session);
+ if (ret < 0) {
+ switch (ret) {
+ case GNUTLS_E_AGAIN:
+ if (global->server && conn->established &&
+ conn->push_buf == NULL) {
+ /* Need to return something to trigger
+ * completion of EAP-TLS. */
+ conn->push_buf = os_malloc(1);
+ }
+ break;
+ case GNUTLS_E_FATAL_ALERT_RECEIVED:
+ wpa_printf(MSG_DEBUG, "%s - received fatal '%s' alert",
+ __func__, gnutls_alert_get_name(
+ gnutls_alert_get(conn->session)));
+ conn->read_alerts++;
+ /* continue */
+ default:
+ wpa_printf(MSG_DEBUG, "%s - gnutls_handshake failed "
+ "-> %s", __func__, gnutls_strerror(ret));
+ conn->failed++;
+ }
+ } else {
+ size_t size;
+
+ if (conn->verify_peer && tls_connection_verify_peer(conn)) {
+ wpa_printf(MSG_INFO, "TLS: Peer certificate chain "
+ "failed validation");
+ conn->failed++;
+ return NULL;
+ }
+
+ if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) {
+ wpa_printf(MSG_INFO, "TLS: No TLS/IA negotiation");
+ conn->failed++;
+ return NULL;
+ }
+
+ if (conn->tls_ia)
+ wpa_printf(MSG_DEBUG, "TLS: Start TLS/IA handshake");
+ else {
+ wpa_printf(MSG_DEBUG, "TLS: Handshake completed "
+ "successfully");
+ }
+ conn->established = 1;
+ if (conn->push_buf == NULL) {
+ /* Need to return something to get final TLS ACK. */
+ conn->push_buf = os_malloc(1);
+ }
+
+ gnutls_session_get_data(conn->session, NULL, &size);
+ if (global->session_data == NULL ||
+ global->session_data_size < size) {
+ os_free(global->session_data);
+ global->session_data = os_malloc(size);
+ }
+ if (global->session_data) {
+ global->session_data_size = size;
+ gnutls_session_get_data(conn->session,
+ global->session_data,
+ &global->session_data_size);
+ }
+ }
+
+ out_data = conn->push_buf;
+ *out_len = conn->push_buf_len;
+ conn->push_buf = NULL;
+ conn->push_buf_len = 0;
+ return out_data;
+}
+
+
+u8 * tls_connection_server_handshake(void *ssl_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ return tls_connection_handshake(ssl_ctx, conn, in_data, in_len,
+ out_len, NULL, NULL);
+}
+
+
+int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ ssize_t res;
+
+#ifdef GNUTLS_IA
+ if (conn->tls_ia)
+ res = gnutls_ia_send(conn->session, (char *) in_data, in_len);
+ else
+#endif /* GNUTLS_IA */
+ res = gnutls_record_send(conn->session, in_data, in_len);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "%s: Encryption failed: %s",
+ __func__, gnutls_strerror(res));
+ return -1;
+ }
+ if (conn->push_buf == NULL)
+ return -1;
+ if (conn->push_buf_len < out_len)
+ out_len = conn->push_buf_len;
+ os_memcpy(out_data, conn->push_buf, out_len);
+ os_free(conn->push_buf);
+ conn->push_buf = NULL;
+ conn->push_buf_len = 0;
+ return out_len;
+}
+
+
+int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ ssize_t res;
+
+ if (conn->pull_buf) {
+ wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in "
+ "pull_buf", __func__, conn->pull_buf_len);
+ os_free(conn->pull_buf);
+ }
+ conn->pull_buf = os_malloc(in_len);
+ if (conn->pull_buf == NULL)
+ return -1;
+ os_memcpy(conn->pull_buf, in_data, in_len);
+ conn->pull_buf_offset = conn->pull_buf;
+ conn->pull_buf_len = in_len;
+
+#ifdef GNUTLS_IA
+ if (conn->tls_ia) {
+ res = gnutls_ia_recv(conn->session, (char *) out_data,
+ out_len);
+ if (out_len >= 12 &&
+ (res == GNUTLS_E_WARNING_IA_IPHF_RECEIVED ||
+ res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)) {
+ int final = res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED;
+ wpa_printf(MSG_DEBUG, "%s: Received %sPhaseFinished",
+ __func__, final ? "Final" : "Intermediate");
+
+ res = gnutls_ia_permute_inner_secret(
+ conn->session, conn->session_keys_len,
+ (char *) conn->session_keys);
+ if (conn->session_keys) {
+ os_memset(conn->session_keys, 0,
+ conn->session_keys_len);
+ os_free(conn->session_keys);
+ }
+ conn->session_keys = NULL;
+ conn->session_keys_len = 0;
+ if (res) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to permute "
+ "inner secret: %s",
+ __func__, gnutls_strerror(res));
+ return -1;
+ }
+
+ res = gnutls_ia_verify_endphase(conn->session,
+ (char *) out_data);
+ if (res == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Correct endphase "
+ "checksum", __func__);
+ } else {
+ wpa_printf(MSG_INFO, "%s: Endphase "
+ "verification failed: %s",
+ __func__, gnutls_strerror(res));
+ return -1;
+ }
+
+ if (final)
+ conn->final_phase_finished = 1;
+
+ return 0;
+ }
+
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "%s - gnutls_ia_recv failed: %d "
+ "(%s)", __func__, res,
+ gnutls_strerror(res));
+ }
+ return res;
+ }
+#endif /* GNUTLS_IA */
+
+ res = gnutls_record_recv(conn->session, out_data, out_len);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "%s - gnutls_record_recv failed: %d "
+ "(%s)", __func__, res, gnutls_strerror(res));
+ }
+
+ return res;
+}
+
+
+int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return 0;
+ return gnutls_session_is_resumed(conn->session);
+}
+
+
+int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ /* TODO */
+ return -1;
+}
+
+
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers)
+{
+ /* TODO */
+ return -1;
+}
+
+
+int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ /* TODO */
+ buf[0] = '\0';
+ return 0;
+}
+
+
+int tls_connection_enable_workaround(void *ssl_ctx,
+ struct tls_connection *conn)
+{
+ /* TODO: set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
+ return 0;
+}
+
+
+int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len)
+{
+ /* TODO */
+ return -1;
+}
+
+
+int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->failed;
+}
+
+
+int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->read_alerts;
+}
+
+
+int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->write_alerts;
+}
+
+
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ /* TODO */
+ return -1;
+}
+
+
+unsigned int tls_capabilities(void *tls_ctx)
+{
+ unsigned int capa = 0;
+
+#ifdef GNUTLS_IA
+ capa |= TLS_CAPABILITY_IA;
+#endif /* GNUTLS_IA */
+
+ return capa;
+}
+
+
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia)
+{
+#ifdef GNUTLS_IA
+ int ret;
+
+ if (conn == NULL)
+ return -1;
+
+ conn->tls_ia = tls_ia;
+ if (!tls_ia)
+ return 0;
+
+ ret = gnutls_ia_allocate_server_credentials(&conn->iacred_srv);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s",
+ gnutls_strerror(ret));
+ return -1;
+ }
+
+ ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
+ conn->iacred_srv);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s",
+ gnutls_strerror(ret));
+ gnutls_ia_free_server_credentials(conn->iacred_srv);
+ conn->iacred_srv = NULL;
+ return -1;
+ }
+
+ return 0;
+#else /* GNUTLS_IA */
+ return -1;
+#endif /* GNUTLS_IA */
+}
+
+
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len)
+{
+#ifdef GNUTLS_IA
+ int ret;
+
+ if (conn == NULL || conn->session == NULL || !conn->tls_ia)
+ return -1;
+
+ ret = gnutls_ia_permute_inner_secret(conn->session,
+ conn->session_keys_len,
+ (char *) conn->session_keys);
+ if (conn->session_keys) {
+ os_memset(conn->session_keys, 0, conn->session_keys_len);
+ os_free(conn->session_keys);
+ }
+ conn->session_keys = NULL;
+ conn->session_keys_len = 0;
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to permute inner secret: %s",
+ __func__, gnutls_strerror(ret));
+ return -1;
+ }
+
+ ret = gnutls_ia_endphase_send(conn->session, final);
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to send endphase: %s",
+ __func__, gnutls_strerror(ret));
+ return -1;
+ }
+
+ if (conn->push_buf == NULL)
+ return -1;
+ if (conn->push_buf_len < out_len)
+ out_len = conn->push_buf_len;
+ os_memcpy(out_data, conn->push_buf, out_len);
+ os_free(conn->push_buf);
+ conn->push_buf = NULL;
+ conn->push_buf_len = 0;
+ return out_len;
+#else /* GNUTLS_IA */
+ return -1;
+#endif /* GNUTLS_IA */
+}
+
+
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+
+ return conn->final_phase_finished;
+}
+
+
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+#ifdef GNUTLS_IA
+ if (conn == NULL || !conn->tls_ia)
+ return -1;
+
+ if (conn->session_keys) {
+ os_memset(conn->session_keys, 0, conn->session_keys_len);
+ os_free(conn->session_keys);
+ }
+ conn->session_keys_len = 0;
+
+ if (key) {
+ conn->session_keys = os_malloc(key_len);
+ if (conn->session_keys == NULL)
+ return -1;
+ os_memcpy(conn->session_keys, key, key_len);
+ conn->session_keys_len = key_len;
+ } else {
+ conn->session_keys = NULL;
+ conn->session_keys_len = 0;
+ }
+
+ return 0;
+#else /* GNUTLS_IA */
+ return -1;
+#endif /* GNUTLS_IA */
+}
--- /dev/null
+/*
+ * WPA Supplicant / TLS interface functions and an internal TLS implementation
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file interface functions for hostapd/wpa_supplicant to use the
+ * integrated TLSv1 implementation.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "tls.h"
+#include "tlsv1_client.h"
+
+
+static int tls_ref_count = 0;
+
+struct tls_global {
+ int dummy;
+};
+
+struct tls_connection {
+ struct tlsv1_client *client;
+};
+
+
+void * tls_init(const struct tls_config *conf)
+{
+ struct tls_global *global;
+
+ if (tls_ref_count == 0) {
+ if (tlsv1_client_global_init())
+ return NULL;
+ }
+ tls_ref_count++;
+
+ global = os_zalloc(sizeof(*global));
+ if (global == NULL)
+ return NULL;
+
+ return global;
+}
+
+void tls_deinit(void *ssl_ctx)
+{
+ struct tls_global *global = ssl_ctx;
+ tls_ref_count--;
+ if (tls_ref_count == 0) {
+ tlsv1_client_global_deinit();
+ }
+ os_free(global);
+}
+
+
+int tls_get_errors(void *tls_ctx)
+{
+ return 0;
+}
+
+
+struct tls_connection * tls_connection_init(void *tls_ctx)
+{
+ struct tls_connection *conn;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (conn == NULL)
+ return NULL;
+
+ conn->client = tlsv1_client_init();
+ if (conn->client == NULL) {
+ os_free(conn);
+ return NULL;
+ }
+
+ return conn;
+}
+
+
+void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return;
+ tlsv1_client_deinit(conn->client);
+ os_free(conn);
+}
+
+
+int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
+{
+ return tlsv1_client_established(conn->client);
+}
+
+
+int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
+{
+ return tlsv1_client_shutdown(conn->client);
+}
+
+
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params)
+{
+ if (tlsv1_client_set_ca_cert(conn->client, params->ca_cert,
+ params->ca_cert_blob,
+ params->ca_cert_blob_len,
+ params->ca_path)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
+ "certificates");
+ return -1;
+ }
+
+ if (tlsv1_client_set_client_cert(conn->client, params->client_cert,
+ params->client_cert_blob,
+ params->client_cert_blob_len)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to configure client "
+ "certificate");
+ return -1;
+ }
+
+ if (tlsv1_client_set_private_key(conn->client,
+ params->private_key,
+ params->private_key_passwd,
+ params->private_key_blob,
+ params->private_key_blob_len)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to load private key");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params)
+{
+ wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
+ return -1;
+}
+
+
+int tls_global_set_verify(void *tls_ctx, int check_crl)
+{
+ wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
+ return -1;
+}
+
+
+int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
+ int verify_peer)
+{
+ return -1;
+}
+
+
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia)
+{
+ return -1;
+}
+
+
+int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
+ struct tls_keys *keys)
+{
+ return tlsv1_client_get_keys(conn->client, keys);
+}
+
+
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len)
+{
+ return tlsv1_client_prf(conn->client, label, server_random_first,
+ out, out_len);
+}
+
+
+u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len)
+{
+ if (appl_data)
+ *appl_data = NULL;
+
+ wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
+ __func__, in_data, (unsigned long) in_len);
+ return tlsv1_client_handshake(conn->client, in_data, in_len, out_len);
+}
+
+
+u8 * tls_connection_server_handshake(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ wpa_printf(MSG_INFO, "TLS: not implemented - %s", __func__);
+ return NULL;
+}
+
+
+int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ return tlsv1_client_encrypt(conn->client, in_data, in_len, out_data,
+ out_len);
+}
+
+
+int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ return tlsv1_client_decrypt(conn->client, in_data, in_len, out_data,
+ out_len);
+}
+
+
+int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
+{
+ return tlsv1_client_resumed(conn->client);
+}
+
+
+int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return tlsv1_client_set_master_key(conn->client, key, key_len);
+}
+
+
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers)
+{
+ return tlsv1_client_set_cipher_list(conn->client, ciphers);
+}
+
+
+int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ if (conn == NULL)
+ return -1;
+ return tlsv1_client_get_cipher(conn->client, buf, buflen);
+}
+
+
+int tls_connection_enable_workaround(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len)
+{
+ return tlsv1_client_hello_ext(conn->client, ext_type, data, data_len);
+}
+
+
+int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_write_alerts(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return tlsv1_client_get_keyblock_size(conn->client);
+}
+
+
+unsigned int tls_capabilities(void *tls_ctx)
+{
+ return 0;
+}
+
+
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
--- /dev/null
+/*
+ * WPA Supplicant / SSL/TLS interface functions for no TLS case
+ * Copyright (c) 2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "tls.h"
+
+void * tls_init(const struct tls_config *conf)
+{
+ return (void *) 1;
+}
+
+void tls_deinit(void *ssl_ctx)
+{
+}
+
+
+#ifdef EAP_TLS_NONE
+
+int tls_get_errors(void *tls_ctx)
+{
+ return 0;
+}
+
+
+struct tls_connection * tls_connection_init(void *tls_ctx)
+{
+ return NULL;
+}
+
+
+void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
+{
+}
+
+
+int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params)
+{
+ return -1;
+}
+
+
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params)
+{
+ return -1;
+}
+
+
+int tls_global_set_verify(void *tls_ctx, int check_crl)
+{
+ return -1;
+}
+
+
+int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
+ int verify_peer)
+{
+ return -1;
+}
+
+
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia)
+{
+ return -1;
+}
+
+
+int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
+ struct tls_keys *keys)
+{
+ return -1;
+}
+
+
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len)
+{
+ return -1;
+}
+
+
+u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len)
+{
+ return NULL;
+}
+
+
+u8 * tls_connection_server_handshake(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ return NULL;
+}
+
+
+int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
+
+
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers)
+{
+ return -1;
+}
+
+
+int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ return -1;
+}
+
+
+int tls_connection_enable_workaround(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len)
+{
+ return -1;
+}
+
+
+int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_write_alerts(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+unsigned int tls_capabilities(void *tls_ctx)
+{
+ return 0;
+}
+
+
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
+
+#endif /* EAP_TLS_NONE */
--- /dev/null
+/*
+ * WPA Supplicant / SSL/TLS interface functions for openssl
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_SMARTCARD
+#ifndef OPENSSL_NO_ENGINE
+#define OPENSSL_NO_ENGINE
+#endif
+#endif
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif /* OPENSSL_NO_ENGINE */
+
+#include "common.h"
+#include "tls.h"
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#define OPENSSL_d2i_TYPE const unsigned char **
+#else
+#define OPENSSL_d2i_TYPE unsigned char **
+#endif
+
+static int tls_openssl_ref_count = 0;
+
+struct tls_connection {
+ SSL *ssl;
+ BIO *ssl_in, *ssl_out;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *engine; /* functional reference to the engine */
+ EVP_PKEY *private_key; /* the private key if using engine */
+#endif /* OPENSSL_NO_ENGINE */
+ char *subject_match, *altsubject_match;
+ int read_alerts, write_alerts, failed;
+
+ u8 *pre_shared_secret;
+ size_t pre_shared_secret_len;
+};
+
+
+#ifdef CONFIG_NO_STDOUT_DEBUG
+
+static void _tls_show_errors(void)
+{
+ unsigned long err;
+
+ while ((err = ERR_get_error())) {
+ /* Just ignore the errors, since stdout is disabled */
+ }
+}
+#define tls_show_errors(l, f, t) _tls_show_errors()
+
+#else /* CONFIG_NO_STDOUT_DEBUG */
+
+static void tls_show_errors(int level, const char *func, const char *txt)
+{
+ unsigned long err;
+
+ wpa_printf(level, "OpenSSL: %s - %s %s",
+ func, txt, ERR_error_string(ERR_get_error(), NULL));
+
+ while ((err = ERR_get_error())) {
+ wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
+ ERR_error_string(err, NULL));
+ }
+}
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef CONFIG_NATIVE_WINDOWS
+
+/* Windows CryptoAPI and access to certificate stores */
+#include <wincrypt.h>
+
+#ifdef __MINGW32_VERSION
+/*
+ * MinGW does not yet include all the needed definitions for CryptoAPI, so
+ * define here whatever extra is needed.
+ */
+#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
+#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
+#define CERT_STORE_READONLY_FLAG 0x00008000
+#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
+#define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004
+
+static BOOL WINAPI
+(*CryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT pCert, DWORD dwFlags,
+ void *pvReserved, HCRYPTPROV *phCryptProv,
+ DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
+= NULL; /* to be loaded from crypt32.dll */
+
+static PCCERT_CONTEXT WINAPI
+(*CertEnumCertificatesInStore)(HCERTSTORE hCertStore,
+ PCCERT_CONTEXT pPrevCertContext)
+= NULL; /* to be loaded from crypt32.dll */
+
+static int mingw_load_crypto_func(void)
+{
+ HINSTANCE dll;
+
+ /* MinGW does not yet have full CryptoAPI support, so load the needed
+ * function here. */
+
+ if (CryptAcquireCertificatePrivateKey)
+ return 0;
+
+ dll = LoadLibrary("crypt32");
+ if (dll == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 "
+ "library");
+ return -1;
+ }
+
+ CryptAcquireCertificatePrivateKey = GetProcAddress(
+ dll, "CryptAcquireCertificatePrivateKey");
+ if (CryptAcquireCertificatePrivateKey == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
+ "CryptAcquireCertificatePrivateKey() address from "
+ "crypt32 library");
+ return -1;
+ }
+
+ CertEnumCertificatesInStore = (void *) GetProcAddress(
+ dll, "CertEnumCertificatesInStore");
+ if (CertEnumCertificatesInStore == NULL) {
+ wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
+ "CertEnumCertificatesInStore() address from "
+ "crypt32 library");
+ return -1;
+ }
+
+ return 0;
+}
+
+#else /* __MINGW32_VERSION */
+
+static int mingw_load_crypto_func(void)
+{
+ return 0;
+}
+
+#endif /* __MINGW32_VERSION */
+
+
+struct cryptoapi_rsa_data {
+ const CERT_CONTEXT *cert;
+ HCRYPTPROV crypt_prov;
+ DWORD key_spec;
+ BOOL free_crypt_prov;
+};
+
+
+static void cryptoapi_error(const char *msg)
+{
+ wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
+ msg, (unsigned int) GetLastError());
+}
+
+
+static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
+ return 0;
+}
+
+
+static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
+ return 0;
+}
+
+
+static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ struct cryptoapi_rsa_data *priv =
+ (struct cryptoapi_rsa_data *) rsa->meth->app_data;
+ HCRYPTHASH hash;
+ DWORD hash_size, len, i;
+ unsigned char *buf = NULL;
+ int ret = 0;
+
+ if (priv == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (padding != RSA_PKCS1_PADDING) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ RSA_R_UNKNOWN_PADDING_TYPE);
+ return 0;
+ }
+
+ if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
+ wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
+ __func__);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ RSA_R_INVALID_MESSAGE_LENGTH);
+ return 0;
+ }
+
+ if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
+ {
+ cryptoapi_error("CryptCreateHash failed");
+ return 0;
+ }
+
+ len = sizeof(hash_size);
+ if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
+ 0)) {
+ cryptoapi_error("CryptGetHashParam failed");
+ goto err;
+ }
+
+ if ((int) hash_size != flen) {
+ wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
+ (unsigned) hash_size, flen);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ RSA_R_INVALID_MESSAGE_LENGTH);
+ goto err;
+ }
+ if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
+ cryptoapi_error("CryptSetHashParam failed");
+ goto err;
+ }
+
+ len = RSA_size(rsa);
+ buf = os_malloc(len);
+ if (buf == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
+ cryptoapi_error("CryptSignHash failed");
+ goto err;
+ }
+
+ for (i = 0; i < len; i++)
+ to[i] = buf[len - i - 1];
+ ret = len;
+
+err:
+ os_free(buf);
+ CryptDestroyHash(hash);
+
+ return ret;
+}
+
+
+static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
+ return 0;
+}
+
+
+static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
+{
+ if (priv == NULL)
+ return;
+ if (priv->crypt_prov && priv->free_crypt_prov)
+ CryptReleaseContext(priv->crypt_prov, 0);
+ if (priv->cert)
+ CertFreeCertificateContext(priv->cert);
+ os_free(priv);
+}
+
+
+static int cryptoapi_finish(RSA *rsa)
+{
+ cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
+ os_free((void *) rsa->meth);
+ rsa->meth = NULL;
+ return 1;
+}
+
+
+static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
+{
+ HCERTSTORE cs;
+ const CERT_CONTEXT *ret = NULL;
+
+ cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
+ store | CERT_STORE_OPEN_EXISTING_FLAG |
+ CERT_STORE_READONLY_FLAG, L"MY");
+ if (cs == NULL) {
+ cryptoapi_error("Failed to open 'My system store'");
+ return NULL;
+ }
+
+ if (strncmp(name, "cert://", 7) == 0) {
+ unsigned short wbuf[255];
+ MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
+ ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
+ PKCS_7_ASN_ENCODING,
+ 0, CERT_FIND_SUBJECT_STR,
+ wbuf, NULL);
+ } else if (strncmp(name, "hash://", 7) == 0) {
+ CRYPT_HASH_BLOB blob;
+ int len;
+ const char *hash = name + 7;
+ unsigned char *buf;
+
+ len = os_strlen(hash) / 2;
+ buf = os_malloc(len);
+ if (buf && hexstr2bin(hash, buf, len) == 0) {
+ blob.cbData = len;
+ blob.pbData = buf;
+ ret = CertFindCertificateInStore(cs,
+ X509_ASN_ENCODING |
+ PKCS_7_ASN_ENCODING,
+ 0, CERT_FIND_HASH,
+ &blob, NULL);
+ }
+ os_free(buf);
+ }
+
+ CertCloseStore(cs, 0);
+
+ return ret;
+}
+
+
+static int tls_cryptoapi_cert(SSL *ssl, const char *name)
+{
+ X509 *cert = NULL;
+ RSA *rsa = NULL, *pub_rsa;
+ struct cryptoapi_rsa_data *priv;
+ RSA_METHOD *rsa_meth;
+
+ if (name == NULL ||
+ (strncmp(name, "cert://", 7) != 0 &&
+ strncmp(name, "hash://", 7) != 0))
+ return -1;
+
+ priv = os_zalloc(sizeof(*priv));
+ rsa_meth = os_zalloc(sizeof(*rsa_meth));
+ if (priv == NULL || rsa_meth == NULL) {
+ wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
+ "for CryptoAPI RSA method");
+ os_free(priv);
+ os_free(rsa_meth);
+ return -1;
+ }
+
+ priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
+ if (priv->cert == NULL) {
+ priv->cert = cryptoapi_find_cert(
+ name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
+ }
+ if (priv->cert == NULL) {
+ wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
+ "'%s'", name);
+ goto err;
+ }
+
+ cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
+ priv->cert->cbCertEncoded);
+ if (cert == NULL) {
+ wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
+ "encoding");
+ goto err;
+ }
+
+ if (mingw_load_crypto_func())
+ goto err;
+
+ if (!CryptAcquireCertificatePrivateKey(priv->cert,
+ CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+ NULL, &priv->crypt_prov,
+ &priv->key_spec,
+ &priv->free_crypt_prov)) {
+ cryptoapi_error("Failed to acquire a private key for the "
+ "certificate");
+ goto err;
+ }
+
+ rsa_meth->name = "Microsoft CryptoAPI RSA Method";
+ rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
+ rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
+ rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
+ rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
+ rsa_meth->finish = cryptoapi_finish;
+ rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
+ rsa_meth->app_data = (char *) priv;
+
+ rsa = RSA_new();
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!SSL_use_certificate(ssl, cert)) {
+ RSA_free(rsa);
+ rsa = NULL;
+ goto err;
+ }
+ pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
+ X509_free(cert);
+ cert = NULL;
+
+ rsa->n = BN_dup(pub_rsa->n);
+ rsa->e = BN_dup(pub_rsa->e);
+ if (!RSA_set_method(rsa, rsa_meth))
+ goto err;
+
+ if (!SSL_use_RSAPrivateKey(ssl, rsa))
+ goto err;
+ RSA_free(rsa);
+
+ return 0;
+
+err:
+ if (cert)
+ X509_free(cert);
+ if (rsa)
+ RSA_free(rsa);
+ else {
+ os_free(rsa_meth);
+ cryptoapi_free_data(priv);
+ }
+ return -1;
+}
+
+
+static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
+{
+ HCERTSTORE cs;
+ PCCERT_CONTEXT ctx = NULL;
+ X509 *cert;
+ char buf[128];
+ const char *store;
+#ifdef UNICODE
+ WCHAR *wstore;
+#endif /* UNICODE */
+
+ if (mingw_load_crypto_func())
+ return -1;
+
+ if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
+ return -1;
+
+ store = name + 13;
+#ifdef UNICODE
+ wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
+ if (wstore == NULL)
+ return -1;
+ wsprintf(wstore, L"%S", store);
+ cs = CertOpenSystemStore(0, wstore);
+ os_free(wstore);
+#else /* UNICODE */
+ cs = CertOpenSystemStore(0, store);
+#endif /* UNICODE */
+ if (cs == NULL) {
+ wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
+ "'%s': error=%d", __func__, store,
+ (int) GetLastError());
+ return -1;
+ }
+
+ while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
+ cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
+ ctx->cbCertEncoded);
+ if (cert == NULL) {
+ wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
+ "X509 DER encoding for CA cert");
+ continue;
+ }
+
+ X509_NAME_oneline(X509_get_subject_name(cert), buf,
+ sizeof(buf));
+ wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
+ "system certificate store: subject='%s'", buf);
+
+ if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to add ca_cert to OpenSSL "
+ "certificate store");
+ }
+
+ X509_free(cert);
+ }
+
+ if (!CertCloseStore(cs, 0)) {
+ wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
+ "'%s': error=%d", __func__, name + 13,
+ (int) GetLastError());
+ }
+
+ return 0;
+}
+
+
+#else /* CONFIG_NATIVE_WINDOWS */
+
+static int tls_cryptoapi_cert(SSL *ssl, const char *name)
+{
+ return -1;
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+
+static void ssl_info_cb(const SSL *ssl, int where, int ret)
+{
+ const char *str;
+ int w;
+
+ wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
+ w = where & ~SSL_ST_MASK;
+ if (w & SSL_ST_CONNECT)
+ str = "SSL_connect";
+ else if (w & SSL_ST_ACCEPT)
+ str = "SSL_accept";
+ else
+ str = "undefined";
+
+ if (where & SSL_CB_LOOP) {
+ wpa_printf(MSG_DEBUG, "SSL: %s:%s",
+ str, SSL_state_string_long(ssl));
+ } else if (where & SSL_CB_ALERT) {
+ wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
+ where & SSL_CB_READ ?
+ "read (remote end reported an error)" :
+ "write (local SSL3 detected an error)",
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
+ if ((ret >> 8) == SSL3_AL_FATAL) {
+ struct tls_connection *conn =
+ SSL_get_app_data((SSL *) ssl);
+ if (where & SSL_CB_READ)
+ conn->read_alerts++;
+ else
+ conn->write_alerts++;
+ }
+ } else if (where & SSL_CB_EXIT && ret <= 0) {
+ wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
+ str, ret == 0 ? "failed" : "error",
+ SSL_state_string_long(ssl));
+ }
+}
+
+
+#ifndef OPENSSL_NO_ENGINE
+/**
+ * tls_engine_load_dynamic_generic - load any openssl engine
+ * @pre: an array of commands and values that load an engine initialized
+ * in the engine specific function
+ * @post: an array of commands and values that initialize an already loaded
+ * engine (or %NULL if not required)
+ * @id: the engine id of the engine to load (only required if post is not %NULL
+ *
+ * This function is a generic function that loads any openssl engine.
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+static int tls_engine_load_dynamic_generic(const char *pre[],
+ const char *post[], const char *id)
+{
+ ENGINE *engine;
+ const char *dynamic_id = "dynamic";
+
+ engine = ENGINE_by_id(id);
+ if (engine) {
+ ENGINE_free(engine);
+ wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
+ "available", id);
+ return 0;
+ }
+ ERR_clear_error();
+
+ engine = ENGINE_by_id(dynamic_id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ dynamic_id,
+ ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+
+ /* Perform the pre commands. This will load the engine. */
+ while (pre && pre[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
+ if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
+ wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
+ "%s %s [%s]", pre[0], pre[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_free(engine);
+ return -1;
+ }
+ pre += 2;
+ }
+
+ /*
+ * Free the reference to the "dynamic" engine. The loaded engine can
+ * now be looked up using ENGINE_by_id().
+ */
+ ENGINE_free(engine);
+
+ engine = ENGINE_by_id(id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ id, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+
+ while (post && post[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
+ if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
+ wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
+ " %s %s [%s]", post[0], post[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_remove(engine);
+ ENGINE_free(engine);
+ return -1;
+ }
+ post += 2;
+ }
+ ENGINE_free(engine);
+
+ return 0;
+}
+
+
+/**
+ * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
+ * @pkcs11_so_path: pksc11_so_path from the configuration
+ * @pcks11_module_path: pkcs11_module_path from the configuration
+ */
+static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
+ const char *pkcs11_module_path)
+{
+ char *engine_id = "pkcs11";
+ const char *pre_cmd[] = {
+ "SO_PATH", NULL /* pkcs11_so_path */,
+ "ID", NULL /* engine_id */,
+ "LIST_ADD", "1",
+ /* "NO_VCHECK", "1", */
+ "LOAD", NULL,
+ NULL, NULL
+ };
+ const char *post_cmd[] = {
+ "MODULE_PATH", NULL /* pkcs11_module_path */,
+ NULL, NULL
+ };
+
+ if (!pkcs11_so_path || !pkcs11_module_path)
+ return 0;
+
+ pre_cmd[1] = pkcs11_so_path;
+ pre_cmd[3] = engine_id;
+ post_cmd[1] = pkcs11_module_path;
+
+ wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
+ pkcs11_so_path);
+
+ return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
+}
+
+
+/**
+ * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
+ * @opensc_so_path: opensc_so_path from the configuration
+ */
+static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
+{
+ char *engine_id = "opensc";
+ const char *pre_cmd[] = {
+ "SO_PATH", NULL /* opensc_so_path */,
+ "ID", NULL /* engine_id */,
+ "LIST_ADD", "1",
+ "LOAD", NULL,
+ NULL, NULL
+ };
+
+ if (!opensc_so_path)
+ return 0;
+
+ pre_cmd[1] = opensc_so_path;
+ pre_cmd[3] = engine_id;
+
+ wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
+ opensc_so_path);
+
+ return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
+}
+#endif /* OPENSSL_NO_ENGINE */
+
+
+void * tls_init(const struct tls_config *conf)
+{
+ SSL_CTX *ssl;
+
+ if (tls_openssl_ref_count == 0) {
+ SSL_load_error_strings();
+ SSL_library_init();
+ /* TODO: if /dev/urandom is available, PRNG is seeded
+ * automatically. If this is not the case, random data should
+ * be added here. */
+
+#ifdef PKCS12_FUNCS
+ PKCS12_PBE_add();
+#endif /* PKCS12_FUNCS */
+ }
+ tls_openssl_ref_count++;
+
+ ssl = SSL_CTX_new(TLSv1_method());
+ if (ssl == NULL)
+ return NULL;
+
+ SSL_CTX_set_info_callback(ssl, ssl_info_cb);
+
+#ifndef OPENSSL_NO_ENGINE
+ if (conf &&
+ (conf->opensc_engine_path || conf->pkcs11_engine_path ||
+ conf->pkcs11_module_path)) {
+ wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
+ ERR_load_ENGINE_strings();
+ ENGINE_load_dynamic();
+
+ if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
+ tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
+ conf->pkcs11_module_path)) {
+ tls_deinit(ssl);
+ return NULL;
+ }
+ }
+#endif /* OPENSSL_NO_ENGINE */
+
+ return ssl;
+}
+
+
+void tls_deinit(void *ssl_ctx)
+{
+ SSL_CTX *ssl = ssl_ctx;
+ SSL_CTX_free(ssl);
+
+ tls_openssl_ref_count--;
+ if (tls_openssl_ref_count == 0) {
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif /* OPENSSL_NO_ENGINE */
+ ERR_free_strings();
+ EVP_cleanup();
+ }
+}
+
+
+static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
+ const char *pin, const char *key_id)
+{
+#ifndef OPENSSL_NO_ENGINE
+ int ret = -1;
+ if (engine_id == NULL) {
+ wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
+ return -1;
+ }
+ if (pin == NULL) {
+ wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
+ return -1;
+ }
+ if (key_id == NULL) {
+ wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
+ return -1;
+ }
+
+ ERR_clear_error();
+ conn->engine = ENGINE_by_id(engine_id);
+ if (!conn->engine) {
+ wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
+ engine_id, ERR_error_string(ERR_get_error(), NULL));
+ goto err;
+ }
+ if (ENGINE_init(conn->engine) != 1) {
+ wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
+ "(engine: %s) [%s]", engine_id,
+ ERR_error_string(ERR_get_error(), NULL));
+ goto err;
+ }
+ wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
+
+ if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
+ wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
+ ERR_error_string(ERR_get_error(), NULL));
+ goto err;
+ }
+ conn->private_key = ENGINE_load_private_key(conn->engine,
+ key_id, NULL, NULL);
+ if (!conn->private_key) {
+ wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
+ " '%s' [%s]", key_id,
+ ERR_error_string(ERR_get_error(), NULL));
+ ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
+ goto err;
+ }
+ return 0;
+
+err:
+ if (conn->engine) {
+ ENGINE_free(conn->engine);
+ conn->engine = NULL;
+ }
+
+ if (conn->private_key) {
+ EVP_PKEY_free(conn->private_key);
+ conn->private_key = NULL;
+ }
+
+ return ret;
+#else /* OPENSSL_NO_ENGINE */
+ return 0;
+#endif /* OPENSSL_NO_ENGINE */
+}
+
+
+static void tls_engine_deinit(struct tls_connection *conn)
+{
+#ifndef OPENSSL_NO_ENGINE
+ wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
+ if (conn->private_key) {
+ EVP_PKEY_free(conn->private_key);
+ conn->private_key = NULL;
+ }
+ if (conn->engine) {
+ ENGINE_finish(conn->engine);
+ conn->engine = NULL;
+ }
+#endif /* OPENSSL_NO_ENGINE */
+}
+
+
+int tls_get_errors(void *ssl_ctx)
+{
+ int count = 0;
+ unsigned long err;
+
+ while ((err = ERR_get_error())) {
+ wpa_printf(MSG_INFO, "TLS - SSL error: %s",
+ ERR_error_string(err, NULL));
+ count++;
+ }
+
+ return count;
+}
+
+struct tls_connection * tls_connection_init(void *ssl_ctx)
+{
+ SSL_CTX *ssl = ssl_ctx;
+ struct tls_connection *conn;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (conn == NULL)
+ return NULL;
+ conn->ssl = SSL_new(ssl);
+ if (conn->ssl == NULL) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to initialize new SSL connection");
+ os_free(conn);
+ return NULL;
+ }
+
+ SSL_set_app_data(conn->ssl, conn);
+ SSL_set_options(conn->ssl,
+ SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+ SSL_OP_SINGLE_DH_USE);
+
+ conn->ssl_in = BIO_new(BIO_s_mem());
+ if (!conn->ssl_in) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to create a new BIO for ssl_in");
+ SSL_free(conn->ssl);
+ os_free(conn);
+ return NULL;
+ }
+
+ conn->ssl_out = BIO_new(BIO_s_mem());
+ if (!conn->ssl_out) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to create a new BIO for ssl_out");
+ SSL_free(conn->ssl);
+ BIO_free(conn->ssl_in);
+ os_free(conn);
+ return NULL;
+ }
+
+ SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
+
+ return conn;
+}
+
+
+void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return;
+ os_free(conn->pre_shared_secret);
+ SSL_free(conn->ssl);
+ tls_engine_deinit(conn);
+ os_free(conn->subject_match);
+ os_free(conn->altsubject_match);
+ os_free(conn);
+}
+
+
+int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
+{
+ return conn ? SSL_is_init_finished(conn->ssl) : 0;
+}
+
+
+int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+
+ /* Shutdown previous TLS connection without notifying the peer
+ * because the connection was already terminated in practice
+ * and "close notify" shutdown alert would confuse AS. */
+ SSL_set_quiet_shutdown(conn->ssl, 1);
+ SSL_shutdown(conn->ssl);
+ return 0;
+}
+
+
+static int tls_match_altsubject_component(X509 *cert, int type,
+ const char *value, size_t len)
+{
+ GENERAL_NAME *gen;
+ void *ext;
+ int i, found = 0;
+
+ ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+
+ for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
+ gen = sk_GENERAL_NAME_value(ext, i);
+ if (gen->type != type)
+ continue;
+ if (os_strlen((char *) gen->d.ia5->data) == len &&
+ os_memcmp(value, gen->d.ia5->data, len) == 0)
+ found++;
+ }
+
+ return found;
+}
+
+
+static int tls_match_altsubject(X509 *cert, const char *match)
+{
+ int type;
+ const char *pos, *end;
+ size_t len;
+
+ pos = match;
+ do {
+ if (os_strncmp(pos, "EMAIL:", 6) == 0) {
+ type = GEN_EMAIL;
+ pos += 6;
+ } else if (os_strncmp(pos, "DNS:", 4) == 0) {
+ type = GEN_DNS;
+ pos += 4;
+ } else if (os_strncmp(pos, "URI:", 4) == 0) {
+ type = GEN_URI;
+ pos += 4;
+ } else {
+ wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
+ "match '%s'", pos);
+ return 0;
+ }
+ end = os_strchr(pos, ';');
+ while (end) {
+ if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
+ os_strncmp(end + 1, "DNS:", 4) == 0 ||
+ os_strncmp(end + 1, "URI:", 4) == 0)
+ break;
+ end = os_strchr(end + 1, ';');
+ }
+ if (end)
+ len = end - pos;
+ else
+ len = os_strlen(pos);
+ if (tls_match_altsubject_component(cert, type, pos, len) > 0)
+ return 1;
+ pos = end + 1;
+ } while (end);
+
+ return 0;
+}
+
+
+static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ char buf[256];
+ X509 *err_cert;
+ int err, depth;
+ SSL *ssl;
+ struct tls_connection *conn;
+ char *match, *altmatch;
+
+ err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+ err = X509_STORE_CTX_get_error(x509_ctx);
+ depth = X509_STORE_CTX_get_error_depth(x509_ctx);
+ ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
+ SSL_get_ex_data_X509_STORE_CTX_idx());
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+
+ conn = SSL_get_app_data(ssl);
+ match = conn ? conn->subject_match : NULL;
+ altmatch = conn ? conn->altsubject_match : NULL;
+
+ if (!preverify_ok) {
+ wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
+ " error %d (%s) depth %d for '%s'", err,
+ X509_verify_cert_error_string(err), depth, buf);
+ } else {
+ wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - "
+ "preverify_ok=%d err=%d (%s) depth=%d buf='%s'",
+ preverify_ok, err,
+ X509_verify_cert_error_string(err), depth, buf);
+ if (depth == 0 && match && os_strstr(buf, match) == NULL) {
+ wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
+ "match with '%s'", buf, match);
+ preverify_ok = 0;
+ } else if (depth == 0 && altmatch &&
+ !tls_match_altsubject(err_cert, altmatch)) {
+ wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
+ "'%s' not found", altmatch);
+ preverify_ok = 0;
+ }
+ }
+
+ return preverify_ok;
+}
+
+
+#ifndef OPENSSL_NO_STDIO
+static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
+{
+ SSL_CTX *ssl_ctx = _ssl_ctx;
+ X509_LOOKUP *lookup;
+ int ret = 0;
+
+ lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
+ X509_LOOKUP_file());
+ if (lookup == NULL) {
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed add lookup for X509 store");
+ return -1;
+ }
+
+ if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
+ unsigned long err = ERR_peek_error();
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed load CA in DER format");
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
+ "cert already in hash table error",
+ __func__);
+ } else
+ ret = -1;
+ }
+
+ return ret;
+}
+#endif /* OPENSSL_NO_STDIO */
+
+
+static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
+ const char *ca_cert, const u8 *ca_cert_blob,
+ size_t ca_cert_blob_len, const char *ca_path)
+{
+ SSL_CTX *ssl_ctx = _ssl_ctx;
+
+ /*
+ * Remove previously configured trusted CA certificates before adding
+ * new ones.
+ */
+ X509_STORE_free(ssl_ctx->cert_store);
+ ssl_ctx->cert_store = X509_STORE_new();
+ if (ssl_ctx->cert_store == NULL) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
+ "certificate store", __func__);
+ return -1;
+ }
+
+ if (ca_cert_blob) {
+ X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
+ ca_cert_blob_len);
+ if (cert == NULL) {
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to parse ca_cert_blob");
+ return -1;
+ }
+
+ if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
+ unsigned long err = ERR_peek_error();
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to add ca_cert_blob to "
+ "certificate store");
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+ ERR_GET_REASON(err) ==
+ X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
+ "cert already in hash table error",
+ __func__);
+ } else {
+ X509_free(cert);
+ return -1;
+ }
+ }
+ X509_free(cert);
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
+ "to certificate store", __func__);
+ SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
+ return 0;
+ }
+
+#ifdef CONFIG_NATIVE_WINDOWS
+ if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
+ 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
+ "system certificate store");
+ SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
+ return 0;
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ if (ca_cert || ca_path) {
+#ifndef OPENSSL_NO_STDIO
+ if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
+ 1) {
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to load root certificates");
+ if (ca_cert &&
+ tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
+ "DER format CA certificate",
+ __func__);
+ } else
+ return -1;
+ } else {
+ wpa_printf(MSG_DEBUG, "TLS: Trusted root "
+ "certificate(s) loaded");
+ tls_get_errors(ssl_ctx);
+ }
+ SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
+#else /* OPENSSL_NO_STDIO */
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
+ __func__);
+ return -1;
+#endif /* OPENSSL_NO_STDIO */
+ } else {
+ /* No ca_cert configured - do not try to verify server
+ * certificate */
+ SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
+ }
+
+ return 0;
+}
+
+
+static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
+{
+ if (ca_cert) {
+ if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
+ {
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to load root certificates");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLS: Trusted root "
+ "certificate(s) loaded");
+
+#ifndef OPENSSL_NO_STDIO
+ /* Add the same CAs to the client certificate requests */
+ SSL_CTX_set_client_CA_list(ssl_ctx,
+ SSL_load_client_CA_file(ca_cert));
+#endif /* OPENSSL_NO_STDIO */
+ }
+
+ return 0;
+}
+
+
+int tls_global_set_verify(void *ssl_ctx, int check_crl)
+{
+ int flags;
+
+ if (check_crl) {
+ X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
+ if (cs == NULL) {
+ tls_show_errors(MSG_INFO, __func__, "Failed to get "
+ "certificate store when enabling "
+ "check_crl");
+ return -1;
+ }
+ flags = X509_V_FLAG_CRL_CHECK;
+ if (check_crl == 2)
+ flags |= X509_V_FLAG_CRL_CHECK_ALL;
+ X509_STORE_set_flags(cs, flags);
+ }
+ return 0;
+}
+
+
+static int tls_connection_set_subject_match(struct tls_connection *conn,
+ const char *subject_match,
+ const char *altsubject_match)
+{
+ os_free(conn->subject_match);
+ conn->subject_match = NULL;
+ if (subject_match) {
+ conn->subject_match = os_strdup(subject_match);
+ if (conn->subject_match == NULL)
+ return -1;
+ }
+
+ os_free(conn->altsubject_match);
+ conn->altsubject_match = NULL;
+ if (altsubject_match) {
+ conn->altsubject_match = os_strdup(altsubject_match);
+ if (conn->altsubject_match == NULL)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
+ int verify_peer)
+{
+ if (conn == NULL)
+ return -1;
+
+ if (verify_peer) {
+ SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+ SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
+ } else {
+ SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
+ }
+
+ SSL_set_accept_state(conn->ssl);
+
+ return 0;
+}
+
+
+static int tls_connection_client_cert(struct tls_connection *conn,
+ const char *client_cert,
+ const u8 *client_cert_blob,
+ size_t client_cert_blob_len)
+{
+ if (client_cert == NULL && client_cert_blob == NULL)
+ return 0;
+
+ if (client_cert_blob &&
+ SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
+ client_cert_blob_len) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
+ "OK");
+ return 0;
+ } else if (client_cert_blob) {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_certificate_ASN1 failed");
+ }
+
+ if (client_cert == NULL)
+ return -1;
+
+#ifndef OPENSSL_NO_STDIO
+ if (SSL_use_certificate_file(conn->ssl, client_cert,
+ SSL_FILETYPE_ASN1) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
+ " --> OK");
+ return 0;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_certificate_file (DER) failed");
+ }
+
+ if (SSL_use_certificate_file(conn->ssl, client_cert,
+ SSL_FILETYPE_PEM) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
+ " --> OK");
+ return 0;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_certificate_file (PEM) failed");
+ }
+#else /* OPENSSL_NO_STDIO */
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
+#endif /* OPENSSL_NO_STDIO */
+
+ return -1;
+}
+
+
+static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
+{
+#ifndef OPENSSL_NO_STDIO
+ if (client_cert == NULL)
+ return 0;
+
+ if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
+ SSL_FILETYPE_ASN1) != 1 &&
+ SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
+ SSL_FILETYPE_PEM) != 1) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to load client certificate");
+ return -1;
+ }
+ return 0;
+#else /* OPENSSL_NO_STDIO */
+ if (client_cert == NULL)
+ return 0;
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
+ return -1;
+#endif /* OPENSSL_NO_STDIO */
+}
+
+
+static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
+{
+ if (password == NULL) {
+ return 0;
+ }
+ os_strncpy(buf, (char *) password, size);
+ buf[size - 1] = '\0';
+ return os_strlen(buf);
+}
+
+
+#ifdef PKCS12_FUNCS
+static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
+ const char *passwd)
+{
+ EVP_PKEY *pkey;
+ X509 *cert;
+ STACK_OF(X509) *certs;
+ int res = 0;
+ char buf[256];
+
+ pkey = NULL;
+ cert = NULL;
+ certs = NULL;
+ if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "Failed to parse PKCS12 file");
+ PKCS12_free(p12);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
+
+ if (cert) {
+ X509_NAME_oneline(X509_get_subject_name(cert), buf,
+ sizeof(buf));
+ wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
+ "subject='%s'", buf);
+ if (ssl) {
+ if (SSL_use_certificate(ssl, cert) != 1)
+ res = -1;
+ } else {
+ if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
+ res = -1;
+ }
+ X509_free(cert);
+ }
+
+ if (pkey) {
+ wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
+ if (ssl) {
+ if (SSL_use_PrivateKey(ssl, pkey) != 1)
+ res = -1;
+ } else {
+ if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
+ res = -1;
+ }
+ EVP_PKEY_free(pkey);
+ }
+
+ if (certs) {
+ while ((cert = sk_X509_pop(certs)) != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(cert), buf,
+ sizeof(buf));
+ wpa_printf(MSG_DEBUG, "TLS: additional certificate"
+ " from PKCS12: subject='%s'", buf);
+ /*
+ * There is no SSL equivalent for the chain cert - so
+ * always add it to the context...
+ */
+ if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
+ res = -1;
+ break;
+ }
+ }
+ sk_X509_free(certs);
+ }
+
+ PKCS12_free(p12);
+
+ if (res < 0)
+ tls_get_errors(ssl_ctx);
+
+ return res;
+}
+#endif /* PKCS12_FUNCS */
+
+
+static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
+ const char *passwd)
+{
+#ifdef PKCS12_FUNCS
+ FILE *f;
+ PKCS12 *p12;
+
+ f = fopen(private_key, "rb");
+ if (f == NULL)
+ return -1;
+
+ p12 = d2i_PKCS12_fp(f, NULL);
+ fclose(f);
+
+ if (p12 == NULL) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to use PKCS#12 file");
+ return -1;
+ }
+
+ return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
+
+#else /* PKCS12_FUNCS */
+ wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
+ "p12/pfx files");
+ return -1;
+#endif /* PKCS12_FUNCS */
+}
+
+
+static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
+ const u8 *blob, size_t len, const char *passwd)
+{
+#ifdef PKCS12_FUNCS
+ PKCS12 *p12;
+
+ p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
+ if (p12 == NULL) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to use PKCS#12 blob");
+ return -1;
+ }
+
+ return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
+
+#else /* PKCS12_FUNCS */
+ wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
+ "p12/pfx blobs");
+ return -1;
+#endif /* PKCS12_FUNCS */
+}
+
+
+static int tls_connection_engine_private_key(struct tls_connection *conn)
+{
+#ifndef OPENSSL_NO_ENGINE
+ if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
+ tls_show_errors(MSG_ERROR, __func__,
+ "ENGINE: cannot use private key for TLS");
+ return -1;
+ }
+ if (!SSL_check_private_key(conn->ssl)) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Private key failed verification");
+ return -1;
+ }
+ return 0;
+#else /* OPENSSL_NO_ENGINE */
+ wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
+ "engine support was not compiled in");
+ return -1;
+#endif /* OPENSSL_NO_ENGINE */
+}
+
+
+static int tls_connection_private_key(void *_ssl_ctx,
+ struct tls_connection *conn,
+ const char *private_key,
+ const char *private_key_passwd,
+ const u8 *private_key_blob,
+ size_t private_key_blob_len)
+{
+ SSL_CTX *ssl_ctx = _ssl_ctx;
+ char *passwd;
+ int ok;
+
+ if (private_key == NULL && private_key_blob == NULL)
+ return 0;
+
+ if (private_key_passwd) {
+ passwd = os_strdup(private_key_passwd);
+ if (passwd == NULL)
+ return -1;
+ } else
+ passwd = NULL;
+
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
+
+ ok = 0;
+ while (private_key_blob) {
+ if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
+ (u8 *) private_key_blob,
+ private_key_blob_len) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
+ "ASN1(EVP_PKEY_RSA) --> OK");
+ ok = 1;
+ break;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)"
+ " failed");
+ }
+
+ if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
+ (u8 *) private_key_blob,
+ private_key_blob_len) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
+ "ASN1(EVP_PKEY_DSA) --> OK");
+ ok = 1;
+ break;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)"
+ " failed");
+ }
+
+ if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
+ (u8 *) private_key_blob,
+ private_key_blob_len) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
+ "SSL_use_RSAPrivateKey_ASN1 --> OK");
+ ok = 1;
+ break;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_RSAPrivateKey_ASN1 failed");
+ }
+
+ if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
+ private_key_blob_len, passwd) == 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
+ "OK");
+ ok = 1;
+ break;
+ }
+
+ break;
+ }
+
+ while (!ok && private_key) {
+#ifndef OPENSSL_NO_STDIO
+ if (SSL_use_PrivateKey_file(conn->ssl, private_key,
+ SSL_FILETYPE_ASN1) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
+ "SSL_use_PrivateKey_File (DER) --> OK");
+ ok = 1;
+ break;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_File (DER) "
+ "failed");
+ }
+
+ if (SSL_use_PrivateKey_file(conn->ssl, private_key,
+ SSL_FILETYPE_PEM) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
+ "SSL_use_PrivateKey_File (PEM) --> OK");
+ ok = 1;
+ break;
+ } else {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_File (PEM) "
+ "failed");
+ }
+#else /* OPENSSL_NO_STDIO */
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
+ __func__);
+#endif /* OPENSSL_NO_STDIO */
+
+ if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
+ == 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
+ "--> OK");
+ ok = 1;
+ break;
+ }
+
+ if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
+ "access certificate store --> OK");
+ ok = 1;
+ break;
+ }
+
+ break;
+ }
+
+ if (!ok) {
+ wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key");
+ os_free(passwd);
+ ERR_clear_error();
+ return -1;
+ }
+ ERR_clear_error();
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+ os_free(passwd);
+
+ if (!SSL_check_private_key(conn->ssl)) {
+ tls_show_errors(MSG_INFO, __func__, "Private key failed "
+ "verification");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
+ return 0;
+}
+
+
+static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
+ const char *private_key_passwd)
+{
+ char *passwd;
+
+ if (private_key == NULL)
+ return 0;
+
+ if (private_key_passwd) {
+ passwd = os_strdup(private_key_passwd);
+ if (passwd == NULL)
+ return -1;
+ } else
+ passwd = NULL;
+
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
+ if (
+#ifndef OPENSSL_NO_STDIO
+ SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
+ SSL_FILETYPE_ASN1) != 1 &&
+ SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
+ SSL_FILETYPE_PEM) != 1 &&
+#endif /* OPENSSL_NO_STDIO */
+ tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to load private key");
+ os_free(passwd);
+ ERR_clear_error();
+ return -1;
+ }
+ os_free(passwd);
+ ERR_clear_error();
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+
+ if (!SSL_CTX_check_private_key(ssl_ctx)) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Private key failed verification");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
+{
+#ifdef OPENSSL_NO_DH
+ if (dh_file == NULL)
+ return 0;
+ wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
+ "dh_file specified");
+ return -1;
+#else /* OPENSSL_NO_DH */
+ DH *dh;
+ BIO *bio;
+
+ /* TODO: add support for dh_blob */
+ if (dh_file == NULL)
+ return 0;
+ if (conn == NULL)
+ return -1;
+
+ bio = BIO_new_file(dh_file, "r");
+ if (bio == NULL) {
+ wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
+ dh_file, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+#ifndef OPENSSL_NO_DSA
+ while (dh == NULL) {
+ DSA *dsa;
+ wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
+ " trying to parse as DSA params", dh_file,
+ ERR_error_string(ERR_get_error(), NULL));
+ bio = BIO_new_file(dh_file, "r");
+ if (bio == NULL)
+ break;
+ dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ if (!dsa) {
+ wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
+ "'%s': %s", dh_file,
+ ERR_error_string(ERR_get_error(), NULL));
+ break;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL) {
+ wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
+ "params into DH params");
+ break;
+ }
+ break;
+ }
+#endif /* !OPENSSL_NO_DSA */
+ if (dh == NULL) {
+ wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
+ "'%s'", dh_file);
+ return -1;
+ }
+
+ if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
+ wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
+ "%s", dh_file,
+ ERR_error_string(ERR_get_error(), NULL));
+ DH_free(dh);
+ return -1;
+ }
+ DH_free(dh);
+ return 0;
+#endif /* OPENSSL_NO_DH */
+}
+
+
+int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
+ struct tls_keys *keys)
+{
+ SSL *ssl;
+
+ if (conn == NULL || keys == NULL)
+ return -1;
+ ssl = conn->ssl;
+ if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
+ return -1;
+
+ os_memset(keys, 0, sizeof(*keys));
+ keys->master_key = ssl->session->master_key;
+ keys->master_key_len = ssl->session->master_key_length;
+ keys->client_random = ssl->s3->client_random;
+ keys->client_random_len = SSL3_RANDOM_SIZE;
+ keys->server_random = ssl->s3->server_random;
+ keys->server_random_len = SSL3_RANDOM_SIZE;
+
+ return 0;
+}
+
+
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len)
+{
+ return -1;
+}
+
+
+u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len)
+{
+ int res;
+ u8 *out_data;
+
+ if (appl_data)
+ *appl_data = NULL;
+
+ /*
+ * Give TLS handshake data from the server (if available) to OpenSSL
+ * for processing.
+ */
+ if (in_data &&
+ BIO_write(conn->ssl_in, in_data, in_len) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Handshake failed - BIO_write");
+ return NULL;
+ }
+
+ /* Initiate TLS handshake or continue the existing handshake */
+ res = SSL_connect(conn->ssl);
+ if (res != 1) {
+ int err = SSL_get_error(conn->ssl, res);
+ if (err == SSL_ERROR_WANT_READ)
+ wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
+ "more data");
+ else if (err == SSL_ERROR_WANT_WRITE)
+ wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
+ "write");
+ else {
+ tls_show_errors(MSG_INFO, __func__, "SSL_connect");
+ conn->failed++;
+ }
+ }
+
+ /* Get the TLS handshake data to be sent to the server */
+ res = BIO_ctrl_pending(conn->ssl_out);
+ wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
+ out_data = os_malloc(res == 0 ? 1 : res);
+ if (out_data == NULL) {
+ wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
+ "handshake output (%d bytes)", res);
+ if (BIO_reset(conn->ssl_out) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "BIO_reset failed");
+ }
+ *out_len = 0;
+ return NULL;
+ }
+ res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Handshake failed - BIO_read");
+ if (BIO_reset(conn->ssl_out) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "BIO_reset failed");
+ }
+ *out_len = 0;
+ return NULL;
+ }
+ *out_len = res;
+
+ if (SSL_is_init_finished(conn->ssl) && appl_data) {
+ *appl_data = os_malloc(in_len);
+ if (*appl_data) {
+ res = SSL_read(conn->ssl, *appl_data, in_len);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to read possible "
+ "Application Data");
+ os_free(*appl_data);
+ *appl_data = NULL;
+ } else {
+ *appl_data_len = res;
+ wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application"
+ " Data in Finish message",
+ *appl_data, *appl_data_len);
+ }
+ }
+ }
+
+ return out_data;
+}
+
+
+u8 * tls_connection_server_handshake(void *ssl_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ int res;
+ u8 *out_data;
+ char buf[10];
+
+ if (in_data &&
+ BIO_write(conn->ssl_in, in_data, in_len) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Handshake failed - BIO_write");
+ return NULL;
+ }
+
+ res = SSL_read(conn->ssl, buf, sizeof(buf));
+ if (res >= 0) {
+ wpa_printf(MSG_DEBUG, "SSL: Unexpected data from SSL_read "
+ "(res=%d)", res);
+ }
+
+ res = BIO_ctrl_pending(conn->ssl_out);
+ wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
+ out_data = os_malloc(res == 0 ? 1 : res);
+ if (out_data == NULL) {
+ wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
+ "handshake output (%d bytes)", res);
+ if (BIO_reset(conn->ssl_out) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "BIO_reset failed");
+ }
+ *out_len = 0;
+ return NULL;
+ }
+ res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Handshake failed - BIO_read");
+ if (BIO_reset(conn->ssl_out) < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "BIO_reset failed");
+ }
+ *out_len = 0;
+ return NULL;
+ }
+ *out_len = res;
+ return out_data;
+}
+
+
+int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ int res;
+
+ if (conn == NULL)
+ return -1;
+
+ /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
+ if ((res = BIO_reset(conn->ssl_in)) < 0 ||
+ (res = BIO_reset(conn->ssl_out)) < 0) {
+ tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
+ return res;
+ }
+ res = SSL_write(conn->ssl, in_data, in_len);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Encryption failed - SSL_write");
+ return res;
+ }
+
+ /* Read encrypted data to be sent to the server */
+ res = BIO_read(conn->ssl_out, out_data, out_len);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Encryption failed - BIO_read");
+ return res;
+ }
+
+ return res;
+}
+
+
+int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ int res;
+
+ /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
+ res = BIO_write(conn->ssl_in, in_data, in_len);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Decryption failed - BIO_write");
+ return res;
+ }
+ if (BIO_reset(conn->ssl_out) < 0) {
+ tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
+ return res;
+ }
+
+ /* Read decrypted data for further processing */
+ res = SSL_read(conn->ssl, out_data, out_len);
+ if (res < 0) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Decryption failed - SSL_read");
+ return res;
+ }
+
+ return res;
+}
+
+
+int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
+{
+ return conn ? conn->ssl->hit : 0;
+}
+
+
+#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC)
+/* Pre-shared secred requires a patch to openssl, so this function is
+ * commented out unless explicitly needed for EAP-FAST in order to be able to
+ * build this file with unmodified openssl. */
+
+static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
+ STACK_OF(SSL_CIPHER) *peer_ciphers,
+ SSL_CIPHER **cipher, void *arg)
+{
+ struct tls_connection *conn = arg;
+
+ if (conn == NULL || conn->pre_shared_secret == 0)
+ return 0;
+
+ os_memcpy(secret, conn->pre_shared_secret,
+ conn->pre_shared_secret_len);
+ *secret_len = conn->pre_shared_secret_len;
+
+ return 1;
+}
+
+
+int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ if (conn == NULL || key_len > SSL_MAX_MASTER_KEY_LENGTH)
+ return -1;
+
+ os_free(conn->pre_shared_secret);
+ conn->pre_shared_secret = NULL;
+ conn->pre_shared_secret_len = 0;
+
+ if (key) {
+ conn->pre_shared_secret = os_malloc(key_len);
+ if (conn->pre_shared_secret) {
+ os_memcpy(conn->pre_shared_secret, key, key_len);
+ conn->pre_shared_secret_len = key_len;
+ }
+ if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
+ conn) != 1)
+ return -1;
+ } else {
+ if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
+ return -1;
+ }
+
+ return 0;
+}
+#endif /* EAP_FAST || EAP_FAST_DYNAMIC */
+
+
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers)
+{
+ char buf[100], *pos, *end;
+ u8 *c;
+ int ret;
+
+ if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
+ return -1;
+
+ buf[0] = '\0';
+ pos = buf;
+ end = pos + sizeof(buf);
+
+ c = ciphers;
+ while (*c != TLS_CIPHER_NONE) {
+ const char *suite;
+
+ switch (*c) {
+ case TLS_CIPHER_RC4_SHA:
+ suite = "RC4-SHA";
+ break;
+ case TLS_CIPHER_AES128_SHA:
+ suite = "AES128-SHA";
+ break;
+ case TLS_CIPHER_RSA_DHE_AES128_SHA:
+ suite = "DHE-RSA-AES128-SHA";
+ break;
+ case TLS_CIPHER_ANON_DH_AES128_SHA:
+ suite = "ADH-AES128-SHA";
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "TLS: Unsupported "
+ "cipher selection: %d", *c);
+ return -1;
+ }
+ ret = os_snprintf(pos, end - pos, ":%s", suite);
+ if (ret < 0 || ret >= end - pos)
+ break;
+ pos += ret;
+
+ c++;
+ }
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+
+ if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Cipher suite configuration failed");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ const char *name;
+ if (conn == NULL || conn->ssl == NULL)
+ return -1;
+
+ name = SSL_get_cipher(conn->ssl);
+ if (name == NULL)
+ return -1;
+
+ os_snprintf(buf, buflen, "%s", name);
+ buf[buflen - 1] = '\0';
+ return 0;
+}
+
+
+int tls_connection_enable_workaround(void *ssl_ctx,
+ struct tls_connection *conn)
+{
+ SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+
+ return 0;
+}
+
+
+#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC)
+/* ClientHello TLS extensions require a patch to openssl, so this function is
+ * commented out unless explicitly needed for EAP-FAST in order to be able to
+ * build this file with unmodified openssl. */
+int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len)
+{
+ if (conn == NULL || conn->ssl == NULL)
+ return -1;
+
+ if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
+ data_len) != 1)
+ return -1;
+
+ return 0;
+}
+#endif /* EAP_FAST || EAP_FAST_DYNAMIC */
+
+
+int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->failed;
+}
+
+
+int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->read_alerts;
+}
+
+
+int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->write_alerts;
+}
+
+
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params)
+{
+ int ret;
+ unsigned long err;
+
+ if (conn == NULL)
+ return -1;
+
+ while ((err = ERR_get_error())) {
+ wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
+ __func__, ERR_error_string(err, NULL));
+ }
+
+ if (tls_connection_set_subject_match(conn,
+ params->subject_match,
+ params->altsubject_match))
+ return -1;
+ if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
+ params->ca_cert_blob,
+ params->ca_cert_blob_len,
+ params->ca_path))
+ return -1;
+ if (tls_connection_client_cert(conn, params->client_cert,
+ params->client_cert_blob,
+ params->client_cert_blob_len))
+ return -1;
+
+ if (params->engine) {
+ wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
+ ret = tls_engine_init(conn, params->engine_id, params->pin,
+ params->key_id);
+ if (ret)
+ return ret;
+ if (tls_connection_engine_private_key(conn))
+ return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
+ } else if (tls_connection_private_key(tls_ctx, conn,
+ params->private_key,
+ params->private_key_passwd,
+ params->private_key_blob,
+ params->private_key_blob_len)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
+ params->private_key);
+ return -1;
+ }
+
+ if (tls_connection_dh(conn, params->dh_file)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
+ params->dh_file);
+ return -1;
+ }
+
+ tls_get_errors(tls_ctx);
+
+ return 0;
+}
+
+
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params)
+{
+ SSL_CTX *ssl_ctx = tls_ctx;
+ unsigned long err;
+
+ while ((err = ERR_get_error())) {
+ wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
+ __func__, ERR_error_string(err, NULL));
+ }
+
+ if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
+ return -1;
+
+ if (tls_global_client_cert(ssl_ctx, params->client_cert))
+ return -1;
+
+ if (tls_global_private_key(ssl_ctx, params->private_key,
+ params->private_key_passwd))
+ return -1;
+
+ return 0;
+}
+
+
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+
+ if (conn == NULL || conn->ssl == NULL ||
+ conn->ssl->enc_read_ctx == NULL ||
+ conn->ssl->enc_read_ctx->cipher == NULL ||
+ conn->ssl->read_hash == NULL)
+ return -1;
+
+ c = conn->ssl->enc_read_ctx->cipher;
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+ h = EVP_MD_CTX_md(conn->ssl->read_hash);
+#else
+ h = conn->ssl->read_hash;
+#endif
+
+ return 2 * (EVP_CIPHER_key_length(c) +
+ EVP_MD_size(h) +
+ EVP_CIPHER_iv_length(c));
+}
+
+
+unsigned int tls_capabilities(void *tls_ctx)
+{
+ return 0;
+}
+
+
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
--- /dev/null
+/*
+ * WPA Supplicant / SSL/TLS interface functions for Microsoft Schannel
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+/*
+ * FIX: Go through all SSPI functions and verify what needs to be freed
+ * FIX: session resumption
+ * TODO: add support for server cert chain validation
+ * TODO: add support for CA cert validation
+ * TODO: add support for EAP-TLS (client cert/key conf)
+ */
+
+#include "includes.h"
+#include <windows.h>
+#include <wincrypt.h>
+#include <schannel.h>
+#define SECURITY_WIN32
+#include <security.h>
+#include <sspi.h>
+
+#include "common.h"
+#include "tls.h"
+
+
+struct tls_global {
+ HMODULE hsecurity;
+ PSecurityFunctionTable sspi;
+ HCERTSTORE my_cert_store;
+};
+
+struct tls_connection {
+ int established, start;
+ int failed, read_alerts, write_alerts;
+
+ SCHANNEL_CRED schannel_cred;
+ CredHandle creds;
+ CtxtHandle context;
+
+ u8 eap_tls_prf[128];
+ int eap_tls_prf_set;
+};
+
+
+static int schannel_load_lib(struct tls_global *global)
+{
+ INIT_SECURITY_INTERFACE pInitSecurityInterface;
+
+ global->hsecurity = LoadLibrary(TEXT("Secur32.dll"));
+ if (global->hsecurity == NULL) {
+ wpa_printf(MSG_ERROR, "%s: Could not load Secur32.dll - 0x%x",
+ __func__, (unsigned int) GetLastError());
+ return -1;
+ }
+
+ pInitSecurityInterface = (INIT_SECURITY_INTERFACE) GetProcAddress(
+ global->hsecurity, "InitSecurityInterfaceA");
+ if (pInitSecurityInterface == NULL) {
+ wpa_printf(MSG_ERROR, "%s: Could not find "
+ "InitSecurityInterfaceA from Secur32.dll",
+ __func__);
+ FreeLibrary(global->hsecurity);
+ global->hsecurity = NULL;
+ return -1;
+ }
+
+ global->sspi = pInitSecurityInterface();
+ if (global->sspi == NULL) {
+ wpa_printf(MSG_ERROR, "%s: Could not read security "
+ "interface - 0x%x",
+ __func__, (unsigned int) GetLastError());
+ FreeLibrary(global->hsecurity);
+ global->hsecurity = NULL;
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void * tls_init(const struct tls_config *conf)
+{
+ struct tls_global *global;
+
+ global = os_zalloc(sizeof(*global));
+ if (global == NULL)
+ return NULL;
+ if (schannel_load_lib(global)) {
+ os_free(global);
+ return NULL;
+ }
+ return global;
+}
+
+
+void tls_deinit(void *ssl_ctx)
+{
+ struct tls_global *global = ssl_ctx;
+
+ if (global->my_cert_store)
+ CertCloseStore(global->my_cert_store, 0);
+ FreeLibrary(global->hsecurity);
+ os_free(global);
+}
+
+
+int tls_get_errors(void *ssl_ctx)
+{
+ return 0;
+}
+
+
+struct tls_connection * tls_connection_init(void *ssl_ctx)
+{
+ struct tls_connection *conn;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (conn == NULL)
+ return NULL;
+ conn->start = 1;
+
+ return conn;
+}
+
+
+void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return;
+
+ os_free(conn);
+}
+
+
+int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
+{
+ return conn ? conn->established : 0;
+}
+
+
+int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
+{
+ struct tls_global *global = ssl_ctx;
+ if (conn == NULL)
+ return -1;
+
+ conn->eap_tls_prf_set = 0;
+ conn->established = conn->failed = 0;
+ conn->read_alerts = conn->write_alerts = 0;
+ global->sspi->DeleteSecurityContext(&conn->context);
+ /* FIX: what else needs to be reseted? */
+
+ return 0;
+}
+
+
+int tls_global_set_params(void *tls_ctx,
+ const struct tls_connection_params *params)
+{
+ return -1;
+}
+
+
+int tls_global_set_verify(void *ssl_ctx, int check_crl)
+{
+ return -1;
+}
+
+
+int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
+ int verify_peer)
+{
+ return -1;
+}
+
+
+int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
+ struct tls_keys *keys)
+{
+ /* Schannel does not export master secret or client/server random. */
+ return -1;
+}
+
+
+int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
+ const char *label, int server_random_first,
+ u8 *out, size_t out_len)
+{
+ /*
+ * Cannot get master_key from Schannel, but EapKeyBlock can be used to
+ * generate session keys for EAP-TLS and EAP-PEAPv0. EAP-PEAPv2 and
+ * EAP-TTLS cannot use this, though, since they are using different
+ * labels. The only option could be to implement TLSv1 completely here
+ * and just use Schannel or CryptoAPI for low-level crypto
+ * functionality..
+ */
+
+ if (conn == NULL || !conn->eap_tls_prf_set || server_random_first ||
+ os_strcmp(label, "client EAP encryption") != 0 ||
+ out_len > sizeof(conn->eap_tls_prf))
+ return -1;
+
+ os_memcpy(out, conn->eap_tls_prf, out_len);
+
+ return 0;
+}
+
+
+static u8 * tls_conn_hs_clienthello(struct tls_global *global,
+ struct tls_connection *conn,
+ size_t *out_len)
+{
+ DWORD sspi_flags, sspi_flags_out;
+ SecBufferDesc outbuf;
+ SecBuffer outbufs[1];
+ SECURITY_STATUS status;
+ TimeStamp ts_expiry;
+
+ sspi_flags = ISC_REQ_REPLAY_DETECT |
+ ISC_REQ_CONFIDENTIALITY |
+ ISC_RET_EXTENDED_ERROR |
+ ISC_REQ_ALLOCATE_MEMORY |
+ ISC_REQ_MANUAL_CRED_VALIDATION;
+
+ wpa_printf(MSG_DEBUG, "%s: Generating ClientHello", __func__);
+
+ outbufs[0].pvBuffer = NULL;
+ outbufs[0].BufferType = SECBUFFER_TOKEN;
+ outbufs[0].cbBuffer = 0;
+
+ outbuf.cBuffers = 1;
+ outbuf.pBuffers = outbufs;
+ outbuf.ulVersion = SECBUFFER_VERSION;
+
+#ifdef UNICODE
+ status = global->sspi->InitializeSecurityContextW(
+ &conn->creds, NULL, NULL /* server name */, sspi_flags, 0,
+ SECURITY_NATIVE_DREP, NULL, 0, &conn->context,
+ &outbuf, &sspi_flags_out, &ts_expiry);
+#else /* UNICODE */
+ status = global->sspi->InitializeSecurityContextA(
+ &conn->creds, NULL, NULL /* server name */, sspi_flags, 0,
+ SECURITY_NATIVE_DREP, NULL, 0, &conn->context,
+ &outbuf, &sspi_flags_out, &ts_expiry);
+#endif /* UNICODE */
+ if (status != SEC_I_CONTINUE_NEEDED) {
+ wpa_printf(MSG_ERROR, "%s: InitializeSecurityContextA "
+ "failed - 0x%x",
+ __func__, (unsigned int) status);
+ return NULL;
+ }
+
+ if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) {
+ u8 *buf;
+ wpa_hexdump(MSG_MSGDUMP, "SChannel - ClientHello",
+ outbufs[0].pvBuffer, outbufs[0].cbBuffer);
+ conn->start = 0;
+ *out_len = outbufs[0].cbBuffer;
+ buf = os_malloc(*out_len);
+ if (buf == NULL)
+ return NULL;
+ os_memcpy(buf, outbufs[0].pvBuffer, *out_len);
+ global->sspi->FreeContextBuffer(outbufs[0].pvBuffer);
+ return buf;
+ }
+
+ wpa_printf(MSG_ERROR, "SChannel: Failed to generate ClientHello");
+
+ return NULL;
+}
+
+
+#ifndef SECPKG_ATTR_EAP_KEY_BLOCK
+#define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b
+
+typedef struct _SecPkgContext_EapKeyBlock {
+ BYTE rgbKeys[128];
+ BYTE rgbIVs[64];
+} SecPkgContext_EapKeyBlock, *PSecPkgContext_EapKeyBlock;
+#endif /* !SECPKG_ATTR_EAP_KEY_BLOCK */
+
+static int tls_get_eap(struct tls_global *global, struct tls_connection *conn)
+{
+ SECURITY_STATUS status;
+ SecPkgContext_EapKeyBlock kb;
+
+ /* Note: Windows NT and Windows Me/98/95 do not support getting
+ * EapKeyBlock */
+
+ status = global->sspi->QueryContextAttributes(
+ &conn->context, SECPKG_ATTR_EAP_KEY_BLOCK, &kb);
+ if (status != SEC_E_OK) {
+ wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes("
+ "SECPKG_ATTR_EAP_KEY_BLOCK) failed (%d)",
+ __func__, (int) status);
+ return -1;
+ }
+
+ wpa_hexdump_key(MSG_MSGDUMP, "Schannel - EapKeyBlock - rgbKeys",
+ kb.rgbKeys, sizeof(kb.rgbKeys));
+ wpa_hexdump_key(MSG_MSGDUMP, "Schannel - EapKeyBlock - rgbIVs",
+ kb.rgbIVs, sizeof(kb.rgbIVs));
+
+ os_memcpy(conn->eap_tls_prf, kb.rgbKeys, sizeof(kb.rgbKeys));
+ conn->eap_tls_prf_set = 1;
+ return 0;
+}
+
+
+u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len, u8 **appl_data,
+ size_t *appl_data_len)
+{
+ struct tls_global *global = ssl_ctx;
+ DWORD sspi_flags, sspi_flags_out;
+ SecBufferDesc inbuf, outbuf;
+ SecBuffer inbufs[2], outbufs[1];
+ SECURITY_STATUS status;
+ TimeStamp ts_expiry;
+ u8 *out_buf = NULL;
+
+ if (appl_data)
+ *appl_data = NULL;
+
+ if (conn->start) {
+ return tls_conn_hs_clienthello(global, conn, out_len);
+ }
+
+ wpa_printf(MSG_DEBUG, "SChannel: %d bytes handshake data to process",
+ in_len);
+
+ sspi_flags = ISC_REQ_REPLAY_DETECT |
+ ISC_REQ_CONFIDENTIALITY |
+ ISC_RET_EXTENDED_ERROR |
+ ISC_REQ_ALLOCATE_MEMORY |
+ ISC_REQ_MANUAL_CRED_VALIDATION;
+
+ /* Input buffer for Schannel */
+ inbufs[0].pvBuffer = (u8 *) in_data;
+ inbufs[0].cbBuffer = in_len;
+ inbufs[0].BufferType = SECBUFFER_TOKEN;
+
+ /* Place for leftover data from Schannel */
+ inbufs[1].pvBuffer = NULL;
+ inbufs[1].cbBuffer = 0;
+ inbufs[1].BufferType = SECBUFFER_EMPTY;
+
+ inbuf.cBuffers = 2;
+ inbuf.pBuffers = inbufs;
+ inbuf.ulVersion = SECBUFFER_VERSION;
+
+ /* Output buffer for Schannel */
+ outbufs[0].pvBuffer = NULL;
+ outbufs[0].cbBuffer = 0;
+ outbufs[0].BufferType = SECBUFFER_TOKEN;
+
+ outbuf.cBuffers = 1;
+ outbuf.pBuffers = outbufs;
+ outbuf.ulVersion = SECBUFFER_VERSION;
+
+#ifdef UNICODE
+ status = global->sspi->InitializeSecurityContextW(
+ &conn->creds, &conn->context, NULL, sspi_flags, 0,
+ SECURITY_NATIVE_DREP, &inbuf, 0, NULL,
+ &outbuf, &sspi_flags_out, &ts_expiry);
+#else /* UNICODE */
+ status = global->sspi->InitializeSecurityContextA(
+ &conn->creds, &conn->context, NULL, sspi_flags, 0,
+ SECURITY_NATIVE_DREP, &inbuf, 0, NULL,
+ &outbuf, &sspi_flags_out, &ts_expiry);
+#endif /* UNICODE */
+
+ wpa_printf(MSG_MSGDUMP, "Schannel: InitializeSecurityContext -> "
+ "status=%d inlen[0]=%d intype[0]=%d inlen[1]=%d "
+ "intype[1]=%d outlen[0]=%d",
+ (int) status, (int) inbufs[0].cbBuffer,
+ (int) inbufs[0].BufferType, (int) inbufs[1].cbBuffer,
+ (int) inbufs[1].BufferType,
+ (int) outbufs[0].cbBuffer);
+ if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED ||
+ (FAILED(status) && (sspi_flags_out & ISC_RET_EXTENDED_ERROR))) {
+ if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) {
+ wpa_hexdump(MSG_MSGDUMP, "SChannel - output",
+ outbufs[0].pvBuffer, outbufs[0].cbBuffer);
+ *out_len = outbufs[0].cbBuffer;
+ out_buf = os_malloc(*out_len);
+ if (out_buf)
+ os_memcpy(out_buf, outbufs[0].pvBuffer,
+ *out_len);
+ global->sspi->FreeContextBuffer(outbufs[0].pvBuffer);
+ outbufs[0].pvBuffer = NULL;
+ if (out_buf == NULL)
+ return NULL;
+ }
+ }
+
+ switch (status) {
+ case SEC_E_INCOMPLETE_MESSAGE:
+ wpa_printf(MSG_DEBUG, "Schannel: SEC_E_INCOMPLETE_MESSAGE");
+ break;
+ case SEC_I_CONTINUE_NEEDED:
+ wpa_printf(MSG_DEBUG, "Schannel: SEC_I_CONTINUE_NEEDED");
+ break;
+ case SEC_E_OK:
+ /* TODO: verify server certificate chain */
+ wpa_printf(MSG_DEBUG, "Schannel: SEC_E_OK - Handshake "
+ "completed successfully");
+ conn->established = 1;
+ tls_get_eap(global, conn);
+
+ /* Need to return something to get final TLS ACK. */
+ if (out_buf == NULL)
+ out_buf = os_malloc(1);
+
+ if (inbufs[1].BufferType == SECBUFFER_EXTRA) {
+ wpa_hexdump(MSG_MSGDUMP, "SChannel - Encrypted "
+ "application data",
+ inbufs[1].pvBuffer, inbufs[1].cbBuffer);
+ if (appl_data) {
+ *appl_data_len = outbufs[1].cbBuffer;
+ appl_data = os_malloc(*appl_data_len);
+ if (appl_data)
+ os_memcpy(appl_data,
+ outbufs[1].pvBuffer,
+ *appl_data_len);
+ }
+ global->sspi->FreeContextBuffer(inbufs[1].pvBuffer);
+ inbufs[1].pvBuffer = NULL;
+ }
+ break;
+ case SEC_I_INCOMPLETE_CREDENTIALS:
+ wpa_printf(MSG_DEBUG,
+ "Schannel: SEC_I_INCOMPLETE_CREDENTIALS");
+ break;
+ case SEC_E_WRONG_PRINCIPAL:
+ wpa_printf(MSG_DEBUG, "Schannel: SEC_E_WRONG_PRINCIPAL");
+ break;
+ case SEC_E_INTERNAL_ERROR:
+ wpa_printf(MSG_DEBUG, "Schannel: SEC_E_INTERNAL_ERROR");
+ break;
+ }
+
+ if (FAILED(status)) {
+ wpa_printf(MSG_DEBUG, "Schannel: Handshake failed "
+ "(out_buf=%p)", out_buf);
+ conn->failed++;
+ global->sspi->DeleteSecurityContext(&conn->context);
+ return out_buf;
+ }
+
+ if (inbufs[1].BufferType == SECBUFFER_EXTRA) {
+ /* TODO: Can this happen? What to do with this data? */
+ wpa_hexdump(MSG_MSGDUMP, "SChannel - Leftover data",
+ inbufs[1].pvBuffer, inbufs[1].cbBuffer);
+ global->sspi->FreeContextBuffer(inbufs[1].pvBuffer);
+ inbufs[1].pvBuffer = NULL;
+ }
+
+ return out_buf;
+}
+
+
+u8 * tls_connection_server_handshake(void *ssl_ctx,
+ struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ return NULL;
+}
+
+
+int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ struct tls_global *global = ssl_ctx;
+ SECURITY_STATUS status;
+ SecBufferDesc buf;
+ SecBuffer bufs[4];
+ SecPkgContext_StreamSizes sizes;
+ int i;
+ size_t total_len;
+
+ status = global->sspi->QueryContextAttributes(&conn->context,
+ SECPKG_ATTR_STREAM_SIZES,
+ &sizes);
+ if (status != SEC_E_OK) {
+ wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes failed",
+ __func__);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "%s: Stream sizes: header=%u trailer=%u",
+ __func__,
+ (unsigned int) sizes.cbHeader,
+ (unsigned int) sizes.cbTrailer);
+
+ total_len = sizes.cbHeader + in_len + sizes.cbTrailer;
+
+ if (out_len < total_len) {
+ wpa_printf(MSG_DEBUG, "%s: too short out_data (out_len=%lu "
+ "in_len=%lu total_len=%lu)", __func__,
+ (unsigned long) out_len, (unsigned long) in_len,
+ (unsigned long) total_len);
+ return -1;
+ }
+
+ os_memset(&bufs, 0, sizeof(bufs));
+ bufs[0].pvBuffer = out_data;
+ bufs[0].cbBuffer = sizes.cbHeader;
+ bufs[0].BufferType = SECBUFFER_STREAM_HEADER;
+
+ os_memcpy(out_data + sizes.cbHeader, in_data, in_len);
+ bufs[1].pvBuffer = out_data + sizes.cbHeader;
+ bufs[1].cbBuffer = in_len;
+ bufs[1].BufferType = SECBUFFER_DATA;
+
+ bufs[2].pvBuffer = out_data + sizes.cbHeader + in_len;
+ bufs[2].cbBuffer = sizes.cbTrailer;
+ bufs[2].BufferType = SECBUFFER_STREAM_TRAILER;
+
+ buf.ulVersion = SECBUFFER_VERSION;
+ buf.cBuffers = 3;
+ buf.pBuffers = bufs;
+
+ status = global->sspi->EncryptMessage(&conn->context, 0, &buf, 0);
+
+ wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage -> "
+ "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d "
+ "len[2]=%d type[2]=%d",
+ (int) status,
+ (int) bufs[0].cbBuffer, (int) bufs[0].BufferType,
+ (int) bufs[1].cbBuffer, (int) bufs[1].BufferType,
+ (int) bufs[2].cbBuffer, (int) bufs[2].BufferType);
+ wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage pointers: "
+ "out_data=%p bufs %p %p %p",
+ out_data, bufs[0].pvBuffer, bufs[1].pvBuffer,
+ bufs[2].pvBuffer);
+
+ for (i = 0; i < 3; i++) {
+ if (bufs[i].pvBuffer && bufs[i].BufferType != SECBUFFER_EMPTY)
+ {
+ wpa_hexdump(MSG_MSGDUMP, "SChannel: bufs",
+ bufs[i].pvBuffer, bufs[i].cbBuffer);
+ }
+ }
+
+ if (status == SEC_E_OK) {
+ wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__);
+ wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Encrypted data from "
+ "EncryptMessage", out_data, total_len);
+ return total_len;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: Failed - status=%d",
+ __func__, (int) status);
+ return -1;
+}
+
+
+int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ struct tls_global *global = ssl_ctx;
+ SECURITY_STATUS status;
+ SecBufferDesc buf;
+ SecBuffer bufs[4];
+ int i;
+
+ if (out_len < in_len) {
+ wpa_printf(MSG_DEBUG, "%s: out_len=%lu < in_len=%lu", __func__,
+ (unsigned long) out_len, (unsigned long) in_len);
+ return -1;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP, "Schannel: Encrypted data to DecryptMessage",
+ in_data, in_len);
+ os_memset(&bufs, 0, sizeof(bufs));
+ os_memcpy(out_data, in_data, in_len);
+ bufs[0].pvBuffer = out_data;
+ bufs[0].cbBuffer = in_len;
+ bufs[0].BufferType = SECBUFFER_DATA;
+
+ bufs[1].BufferType = SECBUFFER_EMPTY;
+ bufs[2].BufferType = SECBUFFER_EMPTY;
+ bufs[3].BufferType = SECBUFFER_EMPTY;
+
+ buf.ulVersion = SECBUFFER_VERSION;
+ buf.cBuffers = 4;
+ buf.pBuffers = bufs;
+
+ status = global->sspi->DecryptMessage(&conn->context, &buf, 0,
+ NULL);
+ wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage -> "
+ "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d "
+ "len[2]=%d type[2]=%d len[3]=%d type[3]=%d",
+ (int) status,
+ (int) bufs[0].cbBuffer, (int) bufs[0].BufferType,
+ (int) bufs[1].cbBuffer, (int) bufs[1].BufferType,
+ (int) bufs[2].cbBuffer, (int) bufs[2].BufferType,
+ (int) bufs[3].cbBuffer, (int) bufs[3].BufferType);
+ wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage pointers: "
+ "out_data=%p bufs %p %p %p %p",
+ out_data, bufs[0].pvBuffer, bufs[1].pvBuffer,
+ bufs[2].pvBuffer, bufs[3].pvBuffer);
+
+ switch (status) {
+ case SEC_E_INCOMPLETE_MESSAGE:
+ wpa_printf(MSG_DEBUG, "%s: SEC_E_INCOMPLETE_MESSAGE",
+ __func__);
+ break;
+ case SEC_E_OK:
+ wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__);
+ for (i = 0; i < 4; i++) {
+ if (bufs[i].BufferType == SECBUFFER_DATA)
+ break;
+ }
+ if (i == 4) {
+ wpa_printf(MSG_DEBUG, "%s: No output data from "
+ "DecryptMessage", __func__);
+ return -1;
+ }
+ wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Decrypted data from "
+ "DecryptMessage",
+ bufs[i].pvBuffer, bufs[i].cbBuffer);
+ if (bufs[i].cbBuffer > out_len) {
+ wpa_printf(MSG_DEBUG, "%s: Too long output data",
+ __func__);
+ return -1;
+ }
+ os_memmove(out_data, bufs[i].pvBuffer, bufs[i].cbBuffer);
+ return bufs[i].cbBuffer;
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: Failed - status=%d",
+ __func__, (int) status);
+ return -1;
+}
+
+
+int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
+
+
+int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+ u8 *ciphers)
+{
+ return -1;
+}
+
+
+int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ return -1;
+}
+
+
+int tls_connection_enable_workaround(void *ssl_ctx,
+ struct tls_connection *conn)
+{
+ return 0;
+}
+
+
+int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
+ int ext_type, const u8 *data,
+ size_t data_len)
+{
+ return -1;
+}
+
+
+int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->failed;
+}
+
+
+int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->read_alerts;
+}
+
+
+int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
+{
+ if (conn == NULL)
+ return -1;
+ return conn->write_alerts;
+}
+
+
+int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ const struct tls_connection_params *params)
+{
+ struct tls_global *global = tls_ctx;
+ ALG_ID algs[1];
+ SECURITY_STATUS status;
+ TimeStamp ts_expiry;
+
+ if (conn == NULL)
+ return -1;
+
+ if (global->my_cert_store == NULL &&
+ (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
+ NULL) {
+ wpa_printf(MSG_ERROR, "%s: CertOpenSystemStore failed - 0x%x",
+ __func__, (unsigned int) GetLastError());
+ return -1;
+ }
+
+ os_memset(&conn->schannel_cred, 0, sizeof(conn->schannel_cred));
+ conn->schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
+ conn->schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1;
+ algs[0] = CALG_RSA_KEYX;
+ conn->schannel_cred.cSupportedAlgs = 1;
+ conn->schannel_cred.palgSupportedAlgs = algs;
+ conn->schannel_cred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
+#ifdef UNICODE
+ status = global->sspi->AcquireCredentialsHandleW(
+ NULL, UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL,
+ &conn->schannel_cred, NULL, NULL, &conn->creds, &ts_expiry);
+#else /* UNICODE */
+ status = global->sspi->AcquireCredentialsHandleA(
+ NULL, UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
+ &conn->schannel_cred, NULL, NULL, &conn->creds, &ts_expiry);
+#endif /* UNICODE */
+ if (status != SEC_E_OK) {
+ wpa_printf(MSG_DEBUG, "%s: AcquireCredentialsHandleA failed - "
+ "0x%x", __func__, (unsigned int) status);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+unsigned int tls_capabilities(void *tls_ctx)
+{
+ return 0;
+}
+
+
+int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
+ int tls_ia)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_send_phase_finished(void *tls_ctx,
+ struct tls_connection *conn,
+ int final,
+ u8 *out_data, size_t out_len)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_final_phase_finished(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ return -1;
+}
+
+
+int tls_connection_ia_permute_inner_secret(void *tls_ctx,
+ struct tls_connection *conn,
+ const u8 *key, size_t key_len)
+{
+ return -1;
+}
--- /dev/null
+/*
+ * wpa_supplicant: TLSv1 client (RFC 2246)
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "base64.h"
+#include "md5.h"
+#include "sha1.h"
+#include "crypto.h"
+#include "tls.h"
+#include "tlsv1_common.h"
+#include "tlsv1_client.h"
+#include "x509v3.h"
+
+/* TODO:
+ * Support for a message fragmented across several records (RFC 2246, 6.2.1)
+ */
+
+struct tlsv1_client {
+ enum {
+ CLIENT_HELLO, SERVER_HELLO, SERVER_CERTIFICATE,
+ SERVER_KEY_EXCHANGE, SERVER_CERTIFICATE_REQUEST,
+ SERVER_HELLO_DONE, CLIENT_KEY_EXCHANGE, CHANGE_CIPHER_SPEC,
+ SERVER_CHANGE_CIPHER_SPEC, SERVER_FINISHED, ACK_FINISHED,
+ ESTABLISHED, FAILED
+ } state;
+
+ struct tlsv1_record_layer rl;
+
+ u8 session_id[TLS_SESSION_ID_MAX_LEN];
+ size_t session_id_len;
+ u8 client_random[TLS_RANDOM_LEN];
+ u8 server_random[TLS_RANDOM_LEN];
+ u8 master_secret[TLS_MASTER_SECRET_LEN];
+
+ u8 alert_level;
+ u8 alert_description;
+
+ unsigned int certificate_requested:1;
+ unsigned int session_resumed:1;
+ unsigned int ticket:1;
+ unsigned int ticket_key:1;
+
+ struct crypto_public_key *server_rsa_key;
+
+ struct crypto_hash *verify_md5_client;
+ struct crypto_hash *verify_sha1_client;
+ struct crypto_hash *verify_md5_server;
+ struct crypto_hash *verify_sha1_server;
+ struct crypto_hash *verify_md5_cert;
+ struct crypto_hash *verify_sha1_cert;
+
+#define MAX_CIPHER_COUNT 30
+ u16 cipher_suites[MAX_CIPHER_COUNT];
+ size_t num_cipher_suites;
+
+ u16 prev_cipher_suite;
+
+ u8 *client_hello_ext;
+ size_t client_hello_ext_len;
+
+ /* The prime modulus used for Diffie-Hellman */
+ u8 *dh_p;
+ size_t dh_p_len;
+ /* The generator used for Diffie-Hellman */
+ u8 *dh_g;
+ size_t dh_g_len;
+ /* The server's Diffie-Hellman public value */
+ u8 *dh_ys;
+ size_t dh_ys_len;
+
+ struct x509_certificate *trusted_certs;
+ struct x509_certificate *client_cert;
+ struct crypto_private_key *client_key;
+};
+
+
+static int tls_derive_keys(struct tlsv1_client *conn,
+ const u8 *pre_master_secret,
+ size_t pre_master_secret_len);
+static int tls_process_server_key_exchange(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len);
+static int tls_process_certificate_request(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len);
+static int tls_process_server_hello_done(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len);
+
+
+static void tls_alert(struct tlsv1_client *conn, u8 level, u8 description)
+{
+ conn->alert_level = level;
+ conn->alert_description = description;
+}
+
+
+static void tls_verify_hash_add(struct tlsv1_client *conn, const u8 *buf,
+ size_t len)
+{
+ if (conn->verify_md5_client && conn->verify_sha1_client) {
+ crypto_hash_update(conn->verify_md5_client, buf, len);
+ crypto_hash_update(conn->verify_sha1_client, buf, len);
+ }
+ if (conn->verify_md5_server && conn->verify_sha1_server) {
+ crypto_hash_update(conn->verify_md5_server, buf, len);
+ crypto_hash_update(conn->verify_sha1_server, buf, len);
+ }
+ if (conn->verify_md5_cert && conn->verify_sha1_cert) {
+ crypto_hash_update(conn->verify_md5_cert, buf, len);
+ crypto_hash_update(conn->verify_sha1_cert, buf, len);
+ }
+}
+
+
+static u8 * tls_send_alert(struct tlsv1_client *conn,
+ u8 level, u8 description,
+ size_t *out_len)
+{
+ u8 *alert, *pos, *length;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send Alert(%d:%d)", level, description);
+ *out_len = 0;
+
+ alert = os_malloc(10);
+ if (alert == NULL)
+ return NULL;
+
+ pos = alert;
+
+ /* TLSPlaintext */
+ /* ContentType type */
+ *pos++ = TLS_CONTENT_TYPE_ALERT;
+ /* ProtocolVersion version */
+ WPA_PUT_BE16(pos, TLS_VERSION);
+ pos += 2;
+ /* uint16 length (to be filled) */
+ length = pos;
+ pos += 2;
+ /* opaque fragment[TLSPlaintext.length] */
+
+ /* Alert */
+ /* AlertLevel level */
+ *pos++ = level;
+ /* AlertDescription description */
+ *pos++ = description;
+
+ WPA_PUT_BE16(length, pos - length - 2);
+ *out_len = pos - alert;
+
+ return alert;
+}
+
+
+static u8 * tls_send_client_hello(struct tlsv1_client *conn,
+ size_t *out_len)
+{
+ u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
+ struct os_time now;
+ size_t len, i;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello");
+ *out_len = 0;
+
+ os_get_time(&now);
+ WPA_PUT_BE32(conn->client_random, now.sec);
+ if (os_get_random(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
+ wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
+ "client_random");
+ return NULL;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random",
+ conn->client_random, TLS_RANDOM_LEN);
+
+ len = 100 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
+ hello = os_malloc(len);
+ if (hello == NULL)
+ return NULL;
+ end = hello + len;
+
+ rhdr = hello;
+ pos = rhdr + TLS_RECORD_HEADER_LEN;
+
+ /* opaque fragment[TLSPlaintext.length] */
+
+ /* Handshake */
+ hs_start = pos;
+ /* HandshakeType msg_type */
+ *pos++ = TLS_HANDSHAKE_TYPE_CLIENT_HELLO;
+ /* uint24 length (to be filled) */
+ hs_length = pos;
+ pos += 3;
+ /* body - ClientHello */
+ /* ProtocolVersion client_version */
+ WPA_PUT_BE16(pos, TLS_VERSION);
+ pos += 2;
+ /* Random random: uint32 gmt_unix_time, opaque random_bytes */
+ os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN);
+ pos += TLS_RANDOM_LEN;
+ /* SessionID session_id */
+ *pos++ = conn->session_id_len;
+ os_memcpy(pos, conn->session_id, conn->session_id_len);
+ pos += conn->session_id_len;
+ /* CipherSuite cipher_suites<2..2^16-1> */
+ WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites);
+ pos += 2;
+ for (i = 0; i < conn->num_cipher_suites; i++) {
+ WPA_PUT_BE16(pos, conn->cipher_suites[i]);
+ pos += 2;
+ }
+ /* CompressionMethod compression_methods<1..2^8-1> */
+ *pos++ = 1;
+ *pos++ = TLS_COMPRESSION_NULL;
+
+ if (conn->client_hello_ext) {
+ os_memcpy(pos, conn->client_hello_ext,
+ conn->client_hello_ext_len);
+ pos += conn->client_hello_ext_len;
+ }
+
+ WPA_PUT_BE24(hs_length, pos - hs_length - 3);
+ tls_verify_hash_add(conn, hs_start, pos - hs_start);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
+ rhdr, end - rhdr, pos - hs_start, out_len) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to create TLS record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(hello);
+ return NULL;
+ }
+
+ conn->state = SERVER_HELLO;
+
+ return hello;
+}
+
+
+static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len, i;
+ u16 cipher_suite;
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4)
+ goto decode_error;
+
+ /* HandshakeType msg_type */
+ if (*pos != TLS_HANDSHAKE_TYPE_SERVER_HELLO) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
+ "message %d (expected ServerHello)", *pos);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "TLSv1: Received ServerHello");
+ pos++;
+ /* uint24 length */
+ len = WPA_GET_BE24(pos);
+ pos += 3;
+ left -= 4;
+
+ if (len > left)
+ goto decode_error;
+
+ /* body - ServerHello */
+
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: ServerHello", pos, len);
+ end = pos + len;
+
+ /* ProtocolVersion server_version */
+ if (end - pos < 2)
+ goto decode_error;
+ if (WPA_GET_BE16(pos) != TLS_VERSION) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
+ "ServerHello");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_PROTOCOL_VERSION);
+ return -1;
+ }
+ pos += 2;
+
+ /* Random random */
+ if (end - pos < TLS_RANDOM_LEN)
+ goto decode_error;
+
+ os_memcpy(conn->server_random, pos, TLS_RANDOM_LEN);
+ pos += TLS_RANDOM_LEN;
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: server_random",
+ conn->server_random, TLS_RANDOM_LEN);
+
+ /* SessionID session_id */
+ if (end - pos < 1)
+ goto decode_error;
+ if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN)
+ goto decode_error;
+ if (conn->session_id_len && conn->session_id_len == *pos &&
+ os_memcmp(conn->session_id, pos + 1, conn->session_id_len) == 0) {
+ pos += 1 + conn->session_id_len;
+ wpa_printf(MSG_DEBUG, "TLSv1: Resuming old session");
+ conn->session_resumed = 1;
+ } else {
+ conn->session_id_len = *pos;
+ pos++;
+ os_memcpy(conn->session_id, pos, conn->session_id_len);
+ pos += conn->session_id_len;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: session_id",
+ conn->session_id, conn->session_id_len);
+
+ /* CipherSuite cipher_suite */
+ if (end - pos < 2)
+ goto decode_error;
+ cipher_suite = WPA_GET_BE16(pos);
+ pos += 2;
+ for (i = 0; i < conn->num_cipher_suites; i++) {
+ if (cipher_suite == conn->cipher_suites[i])
+ break;
+ }
+ if (i == conn->num_cipher_suites) {
+ wpa_printf(MSG_INFO, "TLSv1: Server selected unexpected "
+ "cipher suite 0x%04x", cipher_suite);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_ILLEGAL_PARAMETER);
+ return -1;
+ }
+
+ if (conn->session_resumed && cipher_suite != conn->prev_cipher_suite) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Server selected a different "
+ "cipher suite for a resumed connection (0x%04x != "
+ "0x%04x)", cipher_suite, conn->prev_cipher_suite);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_ILLEGAL_PARAMETER);
+ return -1;
+ }
+
+ if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to set CipherSuite for "
+ "record layer");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ conn->prev_cipher_suite = cipher_suite;
+
+ if (conn->session_resumed || conn->ticket_key)
+ tls_derive_keys(conn, NULL, 0);
+
+ /* CompressionMethod compression_method */
+ if (end - pos < 1)
+ goto decode_error;
+ if (*pos != TLS_COMPRESSION_NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Server selected unexpected "
+ "compression 0x%02x", *pos);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_ILLEGAL_PARAMETER);
+ return -1;
+ }
+ pos++;
+
+ if (end != pos) {
+ wpa_hexdump(MSG_DEBUG, "TLSv1: Unexpected extra data in the "
+ "end of ServerHello", pos, end - pos);
+ goto decode_error;
+ }
+
+ *in_len = end - in_data;
+
+ conn->state = (conn->session_resumed || conn->ticket) ?
+ SERVER_CHANGE_CIPHER_SPEC : SERVER_CERTIFICATE;
+
+ return 0;
+
+decode_error:
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to decode ServerHello");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+}
+
+
+static int tls_server_key_exchange_allowed(struct tlsv1_client *conn)
+{
+ const struct tls_cipher_suite *suite;
+
+ /* RFC 2246, Section 7.4.3 */
+ suite = tls_get_cipher_suite(conn->rl.cipher_suite);
+ if (suite == NULL)
+ return 0;
+
+ switch (suite->key_exchange) {
+ case TLS_KEY_X_DHE_DSS:
+ case TLS_KEY_X_DHE_DSS_EXPORT:
+ case TLS_KEY_X_DHE_RSA:
+ case TLS_KEY_X_DHE_RSA_EXPORT:
+ case TLS_KEY_X_DH_anon_EXPORT:
+ case TLS_KEY_X_DH_anon:
+ return 1;
+ case TLS_KEY_X_RSA_EXPORT:
+ return 1 /* FIX: public key len > 512 bits */;
+ default:
+ return 0;
+ }
+}
+
+
+static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len, list_len, cert_len, idx;
+ u8 type;
+ struct x509_certificate *chain = NULL, *last = NULL, *cert;
+ int reason;
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short Certificate message "
+ "(len=%lu)", (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ type = *pos++;
+ len = WPA_GET_BE24(pos);
+ pos += 3;
+ left -= 4;
+
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected Certificate message "
+ "length (len=%lu != left=%lu)",
+ (unsigned long) len, (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ if (type == TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE)
+ return tls_process_server_key_exchange(conn, ct, in_data,
+ in_len);
+ if (type == TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST)
+ return tls_process_certificate_request(conn, ct, in_data,
+ in_len);
+ if (type == TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE)
+ return tls_process_server_hello_done(conn, ct, in_data,
+ in_len);
+ if (type != TLS_HANDSHAKE_TYPE_CERTIFICATE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
+ "message %d (expected Certificate/"
+ "ServerKeyExchange/CertificateRequest/"
+ "ServerHelloDone)", type);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "TLSv1: Received Certificate (certificate_list len %lu)",
+ (unsigned long) len);
+
+ /*
+ * opaque ASN.1Cert<2^24-1>;
+ *
+ * struct {
+ * ASN.1Cert certificate_list<1..2^24-1>;
+ * } Certificate;
+ */
+
+ end = pos + len;
+
+ if (end - pos < 3) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short Certificate "
+ "(left=%lu)", (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ list_len = WPA_GET_BE24(pos);
+ pos += 3;
+
+ if ((size_t) (end - pos) != list_len) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected certificate_list "
+ "length (len=%lu left=%lu)",
+ (unsigned long) list_len,
+ (unsigned long) (end - pos));
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ idx = 0;
+ while (pos < end) {
+ if (end - pos < 3) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse "
+ "certificate_list");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ x509_certificate_chain_free(chain);
+ return -1;
+ }
+
+ cert_len = WPA_GET_BE24(pos);
+ pos += 3;
+
+ if ((size_t) (end - pos) < cert_len) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected certificate "
+ "length (len=%lu left=%lu)",
+ (unsigned long) cert_len,
+ (unsigned long) (end - pos));
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ x509_certificate_chain_free(chain);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Certificate %lu (len %lu)",
+ (unsigned long) idx, (unsigned long) cert_len);
+
+ if (idx == 0) {
+ crypto_public_key_free(conn->server_rsa_key);
+ if (tls_parse_cert(pos, cert_len,
+ &conn->server_rsa_key)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse "
+ "the certificate");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_BAD_CERTIFICATE);
+ x509_certificate_chain_free(chain);
+ return -1;
+ }
+ }
+
+ cert = x509_certificate_parse(pos, cert_len);
+ if (cert == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse "
+ "the certificate");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_BAD_CERTIFICATE);
+ x509_certificate_chain_free(chain);
+ return -1;
+ }
+
+ if (last == NULL)
+ chain = cert;
+ else
+ last->next = cert;
+ last = cert;
+
+ idx++;
+ pos += cert_len;
+ }
+
+ if (x509_certificate_chain_validate(conn->trusted_certs, chain,
+ &reason) < 0) {
+ int tls_reason;
+ wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "
+ "validation failed (reason=%d)", reason);
+ switch (reason) {
+ case X509_VALIDATE_BAD_CERTIFICATE:
+ tls_reason = TLS_ALERT_BAD_CERTIFICATE;
+ break;
+ case X509_VALIDATE_UNSUPPORTED_CERTIFICATE:
+ tls_reason = TLS_ALERT_UNSUPPORTED_CERTIFICATE;
+ break;
+ case X509_VALIDATE_CERTIFICATE_REVOKED:
+ tls_reason = TLS_ALERT_CERTIFICATE_REVOKED;
+ break;
+ case X509_VALIDATE_CERTIFICATE_EXPIRED:
+ tls_reason = TLS_ALERT_CERTIFICATE_EXPIRED;
+ break;
+ case X509_VALIDATE_CERTIFICATE_UNKNOWN:
+ tls_reason = TLS_ALERT_CERTIFICATE_UNKNOWN;
+ break;
+ case X509_VALIDATE_UNKNOWN_CA:
+ tls_reason = TLS_ALERT_UNKNOWN_CA;
+ break;
+ default:
+ tls_reason = TLS_ALERT_BAD_CERTIFICATE;
+ break;
+ }
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_reason);
+ x509_certificate_chain_free(chain);
+ return -1;
+ }
+
+ x509_certificate_chain_free(chain);
+
+ *in_len = end - in_data;
+
+ conn->state = SERVER_KEY_EXCHANGE;
+
+ return 0;
+}
+
+
+static void tlsv1_client_free_dh(struct tlsv1_client *conn)
+{
+ os_free(conn->dh_p);
+ os_free(conn->dh_g);
+ os_free(conn->dh_ys);
+ conn->dh_p = conn->dh_g = conn->dh_ys = NULL;
+}
+
+
+static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
+ const u8 *buf, size_t len)
+{
+ const u8 *pos, *end;
+
+ tlsv1_client_free_dh(conn);
+
+ pos = buf;
+ end = buf + len;
+
+ if (end - pos < 3)
+ goto fail;
+ conn->dh_p_len = WPA_GET_BE16(pos);
+ pos += 2;
+ if (conn->dh_p_len == 0 || end - pos < (int) conn->dh_p_len)
+ goto fail;
+ conn->dh_p = os_malloc(conn->dh_p_len);
+ if (conn->dh_p == NULL)
+ goto fail;
+ os_memcpy(conn->dh_p, pos, conn->dh_p_len);
+ pos += conn->dh_p_len;
+ wpa_hexdump(MSG_DEBUG, "TLSv1: DH p (prime)",
+ conn->dh_p, conn->dh_p_len);
+
+ if (end - pos < 3)
+ goto fail;
+ conn->dh_g_len = WPA_GET_BE16(pos);
+ pos += 2;
+ if (conn->dh_g_len == 0 || end - pos < (int) conn->dh_g_len)
+ goto fail;
+ conn->dh_g = os_malloc(conn->dh_g_len);
+ if (conn->dh_g == NULL)
+ goto fail;
+ os_memcpy(conn->dh_g, pos, conn->dh_g_len);
+ pos += conn->dh_g_len;
+ wpa_hexdump(MSG_DEBUG, "TLSv1: DH g (generator)",
+ conn->dh_g, conn->dh_g_len);
+ if (conn->dh_g_len == 1 && conn->dh_g[0] < 2)
+ goto fail;
+
+ if (end - pos < 3)
+ goto fail;
+ conn->dh_ys_len = WPA_GET_BE16(pos);
+ pos += 2;
+ if (conn->dh_ys_len == 0 || end - pos < (int) conn->dh_ys_len)
+ goto fail;
+ conn->dh_ys = os_malloc(conn->dh_ys_len);
+ if (conn->dh_ys == NULL)
+ goto fail;
+ os_memcpy(conn->dh_ys, pos, conn->dh_ys_len);
+ pos += conn->dh_ys_len;
+ wpa_hexdump(MSG_DEBUG, "TLSv1: DH Ys (server's public value)",
+ conn->dh_ys, conn->dh_ys_len);
+
+ return 0;
+
+fail:
+ tlsv1_client_free_dh(conn);
+ return -1;
+}
+
+
+static int tls_process_server_key_exchange(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len;
+ u8 type;
+ const struct tls_cipher_suite *suite;
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short ServerKeyExchange "
+ "(Left=%lu)", (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ type = *pos++;
+ len = WPA_GET_BE24(pos);
+ pos += 3;
+ left -= 4;
+
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Mismatch in ServerKeyExchange "
+ "length (len=%lu != left=%lu)",
+ (unsigned long) len, (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ end = pos + len;
+
+ if (type == TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST)
+ return tls_process_certificate_request(conn, ct, in_data,
+ in_len);
+ if (type == TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE)
+ return tls_process_server_hello_done(conn, ct, in_data,
+ in_len);
+ if (type != TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
+ "message %d (expected ServerKeyExchange/"
+ "CertificateRequest/ServerHelloDone)", type);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received ServerKeyExchange");
+
+ if (!tls_server_key_exchange_allowed(conn)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: ServerKeyExchange not allowed "
+ "with the selected cipher suite");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "TLSv1: ServerKeyExchange", pos, len);
+ suite = tls_get_cipher_suite(conn->rl.cipher_suite);
+ if (suite && suite->key_exchange == TLS_KEY_X_DH_anon) {
+ if (tlsv1_process_diffie_hellman(conn, pos, len) < 0) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+ } else {
+ wpa_printf(MSG_DEBUG, "TLSv1: UnexpectedServerKeyExchange");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ *in_len = end - in_data;
+
+ conn->state = SERVER_CERTIFICATE_REQUEST;
+
+ return 0;
+}
+
+
+static int tls_process_certificate_request(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len;
+ u8 type;
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short CertificateRequest "
+ "(left=%lu)", (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ type = *pos++;
+ len = WPA_GET_BE24(pos);
+ pos += 3;
+ left -= 4;
+
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Mismatch in CertificateRequest "
+ "length (len=%lu != left=%lu)",
+ (unsigned long) len, (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ end = pos + len;
+
+ if (type == TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE)
+ return tls_process_server_hello_done(conn, ct, in_data,
+ in_len);
+ if (type != TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
+ "message %d (expected CertificateRequest/"
+ "ServerHelloDone)", type);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received CertificateRequest");
+
+ conn->certificate_requested = 1;
+
+ *in_len = end - in_data;
+
+ conn->state = SERVER_HELLO_DONE;
+
+ return 0;
+}
+
+
+static int tls_process_server_hello_done(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len;
+ u8 type;
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short ServerHelloDone "
+ "(left=%lu)", (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ type = *pos++;
+ len = WPA_GET_BE24(pos);
+ pos += 3;
+ left -= 4;
+
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Mismatch in ServerHelloDone "
+ "length (len=%lu != left=%lu)",
+ (unsigned long) len, (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+ end = pos + len;
+
+ if (type != TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
+ "message %d (expected ServerHelloDone)", type);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received ServerHelloDone");
+
+ *in_len = end - in_data;
+
+ conn->state = CLIENT_KEY_EXCHANGE;
+
+ return 0;
+}
+
+
+static int tls_process_server_change_cipher_spec(struct tlsv1_client *conn,
+ u8 ct, const u8 *in_data,
+ size_t *in_len)
+{
+ const u8 *pos;
+ size_t left;
+
+ if (ct != TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected ChangeCipherSpec; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 1) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short ChangeCipherSpec");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ if (*pos != TLS_CHANGE_CIPHER_SPEC) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected ChangeCipherSpec; "
+ "received data 0x%x", *pos);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received ChangeCipherSpec");
+ if (tlsv1_record_change_read_cipher(&conn->rl) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to change read cipher "
+ "for record layer");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ *in_len = pos + 1 - in_data;
+
+ conn->state = SERVER_FINISHED;
+
+ return 0;
+}
+
+
+static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
+ const u8 *in_data, size_t *in_len)
+{
+ const u8 *pos, *end;
+ size_t left, len, hlen;
+ u8 verify_data[TLS_VERIFY_DATA_LEN];
+ u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN];
+
+ if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Finished; "
+ "received content type 0x%x", ct);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ pos = in_data;
+ left = *in_len;
+
+ if (left < 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short record (left=%lu) for "
+ "Finished",
+ (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+
+ if (pos[0] != TLS_HANDSHAKE_TYPE_FINISHED) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Expected Finished; received "
+ "type 0x%x", pos[0]);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ len = WPA_GET_BE24(pos + 1);
+
+ pos += 4;
+ left -= 4;
+
+ if (len > left) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short buffer for Finished "
+ "(len=%lu > left=%lu)",
+ (unsigned long) len, (unsigned long) left);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+ end = pos + len;
+ if (len != TLS_VERIFY_DATA_LEN) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected verify_data length "
+ "in Finished: %lu (expected %d)",
+ (unsigned long) len, TLS_VERIFY_DATA_LEN);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: verify_data in Finished",
+ pos, TLS_VERIFY_DATA_LEN);
+
+ hlen = MD5_MAC_LEN;
+ if (conn->verify_md5_server == NULL ||
+ crypto_hash_finish(conn->verify_md5_server, hash, &hlen) < 0) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ conn->verify_md5_server = NULL;
+ crypto_hash_finish(conn->verify_sha1_server, NULL, NULL);
+ conn->verify_sha1_server = NULL;
+ return -1;
+ }
+ conn->verify_md5_server = NULL;
+ hlen = SHA1_MAC_LEN;
+ if (conn->verify_sha1_server == NULL ||
+ crypto_hash_finish(conn->verify_sha1_server, hash + MD5_MAC_LEN,
+ &hlen) < 0) {
+ conn->verify_sha1_server = NULL;
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ conn->verify_sha1_server = NULL;
+
+ if (tls_prf(conn->master_secret, TLS_MASTER_SECRET_LEN,
+ "server finished", hash, MD5_MAC_LEN + SHA1_MAC_LEN,
+ verify_data, TLS_VERIFY_DATA_LEN)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive verify_data");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECRYPT_ERROR);
+ return -1;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (server)",
+ verify_data, TLS_VERIFY_DATA_LEN);
+
+ if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
+ wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received Finished");
+
+ *in_len = end - in_data;
+
+ conn->state = (conn->session_resumed || conn->ticket) ?
+ CHANGE_CIPHER_SPEC : ACK_FINISHED;
+
+ return 0;
+}
+
+
+static int tls_derive_pre_master_secret(u8 *pre_master_secret)
+{
+ WPA_PUT_BE16(pre_master_secret, TLS_VERSION);
+ if (os_get_random(pre_master_secret + 2,
+ TLS_PRE_MASTER_SECRET_LEN - 2))
+ return -1;
+ return 0;
+}
+
+
+static int tls_derive_keys(struct tlsv1_client *conn,
+ const u8 *pre_master_secret,
+ size_t pre_master_secret_len)
+{
+ u8 seed[2 * TLS_RANDOM_LEN];
+ u8 key_block[TLS_MAX_KEY_BLOCK_LEN];
+ u8 *pos;
+ size_t key_block_len;
+
+ if (pre_master_secret) {
+ wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: pre_master_secret",
+ pre_master_secret, pre_master_secret_len);
+ os_memcpy(seed, conn->client_random, TLS_RANDOM_LEN);
+ os_memcpy(seed + TLS_RANDOM_LEN, conn->server_random,
+ TLS_RANDOM_LEN);
+ if (tls_prf(pre_master_secret, pre_master_secret_len,
+ "master secret", seed, 2 * TLS_RANDOM_LEN,
+ conn->master_secret, TLS_MASTER_SECRET_LEN)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive "
+ "master_secret");
+ return -1;
+ }
+ wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: master_secret",
+ conn->master_secret, TLS_MASTER_SECRET_LEN);
+ }
+
+ os_memcpy(seed, conn->server_random, TLS_RANDOM_LEN);
+ os_memcpy(seed + TLS_RANDOM_LEN, conn->client_random, TLS_RANDOM_LEN);
+ key_block_len = 2 * (conn->rl.hash_size + conn->rl.key_material_len +
+ conn->rl.iv_size);
+ if (tls_prf(conn->master_secret, TLS_MASTER_SECRET_LEN,
+ "key expansion", seed, 2 * TLS_RANDOM_LEN,
+ key_block, key_block_len)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive key_block");
+ return -1;
+ }
+ wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: key_block",
+ key_block, key_block_len);
+
+ pos = key_block;
+
+ /* client_write_MAC_secret */
+ os_memcpy(conn->rl.write_mac_secret, pos, conn->rl.hash_size);
+ pos += conn->rl.hash_size;
+ /* server_write_MAC_secret */
+ os_memcpy(conn->rl.read_mac_secret, pos, conn->rl.hash_size);
+ pos += conn->rl.hash_size;
+
+ /* client_write_key */
+ os_memcpy(conn->rl.write_key, pos, conn->rl.key_material_len);
+ pos += conn->rl.key_material_len;
+ /* server_write_key */
+ os_memcpy(conn->rl.read_key, pos, conn->rl.key_material_len);
+ pos += conn->rl.key_material_len;
+
+ /* client_write_IV */
+ os_memcpy(conn->rl.write_iv, pos, conn->rl.iv_size);
+ pos += conn->rl.iv_size;
+ /* server_write_IV */
+ os_memcpy(conn->rl.read_iv, pos, conn->rl.iv_size);
+ pos += conn->rl.iv_size;
+
+ return 0;
+}
+
+
+static int tls_write_client_certificate(struct tlsv1_client *conn,
+ u8 **msgpos, u8 *end)
+{
+ u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start;
+ size_t rlen;
+ struct x509_certificate *cert;
+
+ pos = *msgpos;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send Certificate");
+ rhdr = pos;
+ pos += TLS_RECORD_HEADER_LEN;
+
+ /* opaque fragment[TLSPlaintext.length] */
+
+ /* Handshake */
+ hs_start = pos;
+ /* HandshakeType msg_type */
+ *pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE;
+ /* uint24 length (to be filled) */
+ hs_length = pos;
+ pos += 3;
+ /* body - Certificate */
+ /* uint24 length (to be filled) */
+ cert_start = pos;
+ pos += 3;
+ cert = conn->client_cert;
+ while (cert) {
+ if (pos + 3 + cert->cert_len > end) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space "
+ "for Certificate (cert_len=%lu left=%lu)",
+ (unsigned long) cert->cert_len,
+ (unsigned long) (end - pos));
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ WPA_PUT_BE24(pos, cert->cert_len);
+ pos += 3;
+ os_memcpy(pos, cert->cert_start, cert->cert_len);
+ pos += cert->cert_len;
+
+ if (x509_certificate_self_signed(cert))
+ break;
+ cert = x509_certificate_get_subject(conn->trusted_certs,
+ &cert->issuer);
+ }
+ if (cert == conn->client_cert || cert == NULL) {
+ /*
+ * Client was not configured with all the needed certificates
+ * to form a full certificate chain. The server may fail to
+ * validate the chain unless it is configured with all the
+ * missing CA certificates.
+ */
+ wpa_printf(MSG_DEBUG, "TLSv1: Full client certificate chain "
+ "not configured - validation may fail");
+ }
+ WPA_PUT_BE24(cert_start, pos - cert_start - 3);
+
+ WPA_PUT_BE24(hs_length, pos - hs_length - 3);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
+ rhdr, end - rhdr, pos - hs_start, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to generate a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ pos = rhdr + rlen;
+
+ tls_verify_hash_add(conn, hs_start, pos - hs_start);
+
+ *msgpos = pos;
+
+ return 0;
+}
+
+
+static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
+{
+#ifdef EAP_FAST
+ /* ClientDiffieHellmanPublic */
+ u8 *csecret, *csecret_start, *dh_yc, *shared;
+ size_t csecret_len, dh_yc_len, shared_len;
+
+ csecret_len = conn->dh_p_len;
+ csecret = os_malloc(csecret_len);
+ if (csecret == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to allocate "
+ "memory for Yc (Diffie-Hellman)");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ if (os_get_random(csecret, csecret_len)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
+ "data for Diffie-Hellman");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(csecret);
+ return -1;
+ }
+
+ if (os_memcmp(csecret, conn->dh_p, csecret_len) > 0)
+ csecret[0] = 0; /* make sure Yc < p */
+
+ csecret_start = csecret;
+ while (csecret_len > 1 && *csecret_start == 0) {
+ csecret_start++;
+ csecret_len--;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "TLSv1: DH client's secret value",
+ csecret_start, csecret_len);
+
+ /* Yc = g^csecret mod p */
+ dh_yc_len = conn->dh_p_len;
+ dh_yc = os_malloc(dh_yc_len);
+ if (dh_yc == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to allocate "
+ "memory for Diffie-Hellman");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(csecret);
+ return -1;
+ }
+ crypto_mod_exp(conn->dh_g, conn->dh_g_len,
+ csecret_start, csecret_len,
+ conn->dh_p, conn->dh_p_len,
+ dh_yc, &dh_yc_len);
+
+ wpa_hexdump(MSG_DEBUG, "TLSv1: DH Yc (client's public value)",
+ dh_yc, dh_yc_len);
+
+ WPA_PUT_BE16(*pos, dh_yc_len);
+ *pos += 2;
+ if (*pos + dh_yc_len > end) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Not enough room in the "
+ "message buffer for Yc");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(csecret);
+ os_free(dh_yc);
+ return -1;
+ }
+ os_memcpy(*pos, dh_yc, dh_yc_len);
+ *pos += dh_yc_len;
+ os_free(dh_yc);
+
+ shared_len = conn->dh_p_len;
+ shared = os_malloc(shared_len);
+ if (shared == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Could not allocate memory for "
+ "DH");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(csecret);
+ return -1;
+ }
+
+ /* shared = Ys^csecret mod p */
+ crypto_mod_exp(conn->dh_ys, conn->dh_ys_len,
+ csecret_start, csecret_len,
+ conn->dh_p, conn->dh_p_len,
+ shared, &shared_len);
+ wpa_hexdump_key(MSG_DEBUG, "TLSv1: Shared secret from DH key exchange",
+ shared, shared_len);
+
+ os_memset(csecret_start, 0, csecret_len);
+ os_free(csecret);
+ if (tls_derive_keys(conn, shared, shared_len)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive keys");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(shared);
+ return -1;
+ }
+ os_memset(shared, 0, shared_len);
+ os_free(shared);
+ tlsv1_client_free_dh(conn);
+ return 0;
+#else /* EAP_FAST */
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+#endif /* EAP_FAST */
+}
+
+
+static int tlsv1_key_x_rsa(struct tlsv1_client *conn, u8 **pos, u8 *end)
+{
+ u8 pre_master_secret[TLS_PRE_MASTER_SECRET_LEN];
+ size_t clen;
+ int res;
+
+ if (tls_derive_pre_master_secret(pre_master_secret) < 0 ||
+ tls_derive_keys(conn, pre_master_secret,
+ TLS_PRE_MASTER_SECRET_LEN)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive keys");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /* EncryptedPreMasterSecret */
+ if (conn->server_rsa_key == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: No server RSA key to "
+ "use for encrypting pre-master secret");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /* RSA encrypted value is encoded with PKCS #1 v1.5 block type 2. */
+ *pos += 2;
+ clen = end - *pos;
+ res = crypto_public_key_encrypt_pkcs1_v15(
+ conn->server_rsa_key,
+ pre_master_secret, TLS_PRE_MASTER_SECRET_LEN,
+ *pos, &clen);
+ os_memset(pre_master_secret, 0, TLS_PRE_MASTER_SECRET_LEN);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: RSA encryption failed");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ WPA_PUT_BE16(*pos - 2, clen);
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: Encrypted pre_master_secret",
+ *pos, clen);
+ *pos += clen;
+
+ return 0;
+}
+
+
+static int tls_write_client_key_exchange(struct tlsv1_client *conn,
+ u8 **msgpos, u8 *end)
+{
+ u8 *pos, *rhdr, *hs_start, *hs_length;
+ size_t rlen;
+ tls_key_exchange keyx;
+ const struct tls_cipher_suite *suite;
+
+ suite = tls_get_cipher_suite(conn->rl.cipher_suite);
+ if (suite == NULL)
+ keyx = TLS_KEY_X_NULL;
+ else
+ keyx = suite->key_exchange;
+
+ pos = *msgpos;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send ClientKeyExchange");
+
+ rhdr = pos;
+ pos += TLS_RECORD_HEADER_LEN;
+
+ /* opaque fragment[TLSPlaintext.length] */
+
+ /* Handshake */
+ hs_start = pos;
+ /* HandshakeType msg_type */
+ *pos++ = TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE;
+ /* uint24 length (to be filled) */
+ hs_length = pos;
+ pos += 3;
+ /* body - ClientKeyExchange */
+ if (keyx == TLS_KEY_X_DH_anon) {
+ if (tlsv1_key_x_anon_dh(conn, &pos, end) < 0)
+ return -1;
+ } else {
+ if (tlsv1_key_x_rsa(conn, &pos, end) < 0)
+ return -1;
+ }
+
+ WPA_PUT_BE24(hs_length, pos - hs_length - 3);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
+ rhdr, end - rhdr, pos - hs_start, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to create a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ pos = rhdr + rlen;
+ tls_verify_hash_add(conn, hs_start, pos - hs_start);
+
+ *msgpos = pos;
+
+ return 0;
+}
+
+
+static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
+ u8 **msgpos, u8 *end)
+{
+ u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
+ size_t rlen, hlen, clen;
+ u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos;
+ enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
+
+ pos = *msgpos;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send CertificateVerify");
+ rhdr = pos;
+ pos += TLS_RECORD_HEADER_LEN;
+
+ /* Handshake */
+ hs_start = pos;
+ /* HandshakeType msg_type */
+ *pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY;
+ /* uint24 length (to be filled) */
+ hs_length = pos;
+ pos += 3;
+
+ /*
+ * RFC 2246: 7.4.3 and 7.4.8:
+ * Signature signature
+ *
+ * RSA:
+ * digitally-signed struct {
+ * opaque md5_hash[16];
+ * opaque sha_hash[20];
+ * };
+ *
+ * DSA:
+ * digitally-signed struct {
+ * opaque sha_hash[20];
+ * };
+ *
+ * The hash values are calculated over all handshake messages sent or
+ * received starting at ClientHello up to, but not including, this
+ * CertificateVerify message, including the type and length fields of
+ * the handshake messages.
+ */
+
+ hpos = hash;
+
+ if (alg == SIGN_ALG_RSA) {
+ hlen = MD5_MAC_LEN;
+ if (conn->verify_md5_cert == NULL ||
+ crypto_hash_finish(conn->verify_md5_cert, hpos, &hlen) < 0)
+ {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ conn->verify_md5_cert = NULL;
+ crypto_hash_finish(conn->verify_sha1_cert, NULL, NULL);
+ conn->verify_sha1_cert = NULL;
+ return -1;
+ }
+ hpos += MD5_MAC_LEN;
+ } else
+ crypto_hash_finish(conn->verify_md5_cert, NULL, NULL);
+
+ conn->verify_md5_cert = NULL;
+ hlen = SHA1_MAC_LEN;
+ if (conn->verify_sha1_cert == NULL ||
+ crypto_hash_finish(conn->verify_sha1_cert, hpos, &hlen) < 0) {
+ conn->verify_sha1_cert = NULL;
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ conn->verify_sha1_cert = NULL;
+
+ if (alg == SIGN_ALG_RSA)
+ hlen += MD5_MAC_LEN;
+
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: CertificateVerify hash", hash, hlen);
+
+ /*
+ * RFC 2246, 4.7:
+ * In digital signing, one-way hash functions are used as input for a
+ * signing algorithm. A digitally-signed element is encoded as an
+ * opaque vector <0..2^16-1>, where the length is specified by the
+ * signing algorithm and key.
+ *
+ * In RSA signing, a 36-byte structure of two hashes (one SHA and one
+ * MD5) is signed (encrypted with the private key). It is encoded with
+ * PKCS #1 block type 0 or type 1 as described in [PKCS1].
+ */
+ signed_start = pos; /* length to be filled */
+ pos += 2;
+ clen = end - pos;
+ if (crypto_private_key_sign_pkcs1(conn->client_key, hash, hlen,
+ pos, &clen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to sign hash (PKCS #1)");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ WPA_PUT_BE16(signed_start, clen);
+
+ pos += clen;
+
+ WPA_PUT_BE24(hs_length, pos - hs_length - 3);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
+ rhdr, end - rhdr, pos - hs_start, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to generate a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ pos = rhdr + rlen;
+
+ tls_verify_hash_add(conn, hs_start, pos - hs_start);
+
+ *msgpos = pos;
+
+ return 0;
+}
+
+
+static int tls_write_client_change_cipher_spec(struct tlsv1_client *conn,
+ u8 **msgpos, u8 *end)
+{
+ u8 *pos, *rhdr;
+ size_t rlen;
+
+ pos = *msgpos;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send ChangeCipherSpec");
+ rhdr = pos;
+ pos += TLS_RECORD_HEADER_LEN;
+ *pos = TLS_CHANGE_CIPHER_SPEC;
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC,
+ rhdr, end - rhdr, 1, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to create a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ if (tlsv1_record_change_write_cipher(&conn->rl) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to set write cipher for "
+ "record layer");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ *msgpos = rhdr + rlen;
+
+ return 0;
+}
+
+
+static int tls_write_client_finished(struct tlsv1_client *conn,
+ u8 **msgpos, u8 *end)
+{
+ u8 *pos, *rhdr, *hs_start, *hs_length;
+ size_t rlen, hlen;
+ u8 verify_data[TLS_VERIFY_DATA_LEN];
+ u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN];
+
+ pos = *msgpos;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Send Finished");
+
+ /* Encrypted Handshake Message: Finished */
+
+ hlen = MD5_MAC_LEN;
+ if (conn->verify_md5_client == NULL ||
+ crypto_hash_finish(conn->verify_md5_client, hash, &hlen) < 0) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ conn->verify_md5_client = NULL;
+ crypto_hash_finish(conn->verify_sha1_client, NULL, NULL);
+ conn->verify_sha1_client = NULL;
+ return -1;
+ }
+ conn->verify_md5_client = NULL;
+ hlen = SHA1_MAC_LEN;
+ if (conn->verify_sha1_client == NULL ||
+ crypto_hash_finish(conn->verify_sha1_client, hash + MD5_MAC_LEN,
+ &hlen) < 0) {
+ conn->verify_sha1_client = NULL;
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ conn->verify_sha1_client = NULL;
+
+ if (tls_prf(conn->master_secret, TLS_MASTER_SECRET_LEN,
+ "client finished", hash, MD5_MAC_LEN + SHA1_MAC_LEN,
+ verify_data, TLS_VERIFY_DATA_LEN)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to generate verify_data");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (client)",
+ verify_data, TLS_VERIFY_DATA_LEN);
+
+ rhdr = pos;
+ pos += TLS_RECORD_HEADER_LEN;
+ /* Handshake */
+ hs_start = pos;
+ /* HandshakeType msg_type */
+ *pos++ = TLS_HANDSHAKE_TYPE_FINISHED;
+ /* uint24 length (to be filled) */
+ hs_length = pos;
+ pos += 3;
+ os_memcpy(pos, verify_data, TLS_VERIFY_DATA_LEN);
+ pos += TLS_VERIFY_DATA_LEN;
+ WPA_PUT_BE24(hs_length, pos - hs_length - 3);
+ tls_verify_hash_add(conn, hs_start, pos - hs_start);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
+ rhdr, end - rhdr, pos - hs_start, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to create a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ pos = rhdr + rlen;
+
+ *msgpos = pos;
+
+ return 0;
+}
+
+
+static size_t tls_client_cert_chain_der_len(struct tlsv1_client *conn)
+{
+ size_t len = 0;
+ struct x509_certificate *cert;
+
+ cert = conn->client_cert;
+ while (cert) {
+ len += 3 + cert->cert_len;
+ if (x509_certificate_self_signed(cert))
+ break;
+ cert = x509_certificate_get_subject(conn->trusted_certs,
+ &cert->issuer);
+ }
+
+ return len;
+}
+
+
+static u8 * tls_send_client_key_exchange(struct tlsv1_client *conn,
+ size_t *out_len)
+{
+ u8 *msg, *end, *pos;
+ size_t msglen;
+
+ *out_len = 0;
+
+ msglen = 1000;
+ if (conn->certificate_requested)
+ msglen += tls_client_cert_chain_der_len(conn);
+
+ msg = os_malloc(msglen);
+ if (msg == NULL)
+ return NULL;
+
+ pos = msg;
+ end = msg + msglen;
+
+ if (conn->certificate_requested) {
+ if (tls_write_client_certificate(conn, &pos, end) < 0) {
+ os_free(msg);
+ return NULL;
+ }
+ }
+
+ if (tls_write_client_key_exchange(conn, &pos, end) < 0 ||
+ (conn->certificate_requested && conn->client_key &&
+ tls_write_client_certificate_verify(conn, &pos, end) < 0) ||
+ tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
+ tls_write_client_finished(conn, &pos, end) < 0) {
+ os_free(msg);
+ return NULL;
+ }
+
+ *out_len = pos - msg;
+
+ conn->state = SERVER_CHANGE_CIPHER_SPEC;
+
+ return msg;
+}
+
+
+static u8 * tls_send_change_cipher_spec(struct tlsv1_client *conn,
+ size_t *out_len)
+{
+ u8 *msg, *end, *pos;
+
+ *out_len = 0;
+
+ msg = os_malloc(1000);
+ if (msg == NULL)
+ return NULL;
+
+ pos = msg;
+ end = msg + 1000;
+
+ if (tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
+ tls_write_client_finished(conn, &pos, end) < 0) {
+ os_free(msg);
+ return NULL;
+ }
+
+ *out_len = pos - msg;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Session resumption completed "
+ "successfully");
+ conn->state = ESTABLISHED;
+
+ return msg;
+}
+
+
+static int tlsv1_client_process_handshake(struct tlsv1_client *conn, u8 ct,
+ const u8 *buf, size_t *len)
+{
+ if (ct == TLS_CONTENT_TYPE_HANDSHAKE && *len >= 4 &&
+ buf[0] == TLS_HANDSHAKE_TYPE_HELLO_REQUEST) {
+ size_t hr_len = WPA_GET_BE24(buf + 1);
+ if (hr_len > *len - 4) {
+ wpa_printf(MSG_DEBUG, "TLSv1: HelloRequest underflow");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_DECODE_ERROR);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "TLSv1: Ignored HelloRequest");
+ *len = 4 + hr_len;
+ return 0;
+ }
+
+ switch (conn->state) {
+ case SERVER_HELLO:
+ if (tls_process_server_hello(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_CERTIFICATE:
+ if (tls_process_certificate(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_KEY_EXCHANGE:
+ if (tls_process_server_key_exchange(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_CERTIFICATE_REQUEST:
+ if (tls_process_certificate_request(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_HELLO_DONE:
+ if (tls_process_server_hello_done(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_CHANGE_CIPHER_SPEC:
+ if (tls_process_server_change_cipher_spec(conn, ct, buf, len))
+ return -1;
+ break;
+ case SERVER_FINISHED:
+ if (tls_process_server_finished(conn, ct, buf, len))
+ return -1;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected state %d "
+ "while processing received message",
+ conn->state);
+ return -1;
+ }
+
+ if (ct == TLS_CONTENT_TYPE_HANDSHAKE)
+ tls_verify_hash_add(conn, buf, *len);
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_handshake - Process TLS handshake
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @in_data: Input data from TLS peer
+ * @in_len: Input data length
+ * @out_len: Length of the output buffer.
+ * Returns: Pointer to output data, %NULL on failure
+ */
+u8 * tlsv1_client_handshake(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len)
+{
+ const u8 *pos, *end;
+ u8 *msg = NULL, *in_msg, *in_pos, *in_end, alert, ct;
+ size_t in_msg_len;
+
+ if (conn->state == CLIENT_HELLO) {
+ if (in_len)
+ return NULL;
+ return tls_send_client_hello(conn, out_len);
+ }
+
+ if (in_data == NULL || in_len == 0)
+ return NULL;
+
+ pos = in_data;
+ end = in_data + in_len;
+ in_msg = os_malloc(in_len);
+ if (in_msg == NULL)
+ return NULL;
+
+ /* Each received packet may include multiple records */
+ while (pos < end) {
+ in_msg_len = in_len;
+ if (tlsv1_record_receive(&conn->rl, pos, end - pos,
+ in_msg, &in_msg_len, &alert)) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Processing received "
+ "record failed");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
+ goto failed;
+ }
+ ct = pos[0];
+
+ in_pos = in_msg;
+ in_end = in_msg + in_msg_len;
+
+ /* Each received record may include multiple messages of the
+ * same ContentType. */
+ while (in_pos < in_end) {
+ in_msg_len = in_end - in_pos;
+ if (tlsv1_client_process_handshake(conn, ct, in_pos,
+ &in_msg_len) < 0)
+ goto failed;
+ in_pos += in_msg_len;
+ }
+
+ pos += TLS_RECORD_HEADER_LEN + WPA_GET_BE16(pos + 3);
+ }
+
+ os_free(in_msg);
+ in_msg = NULL;
+
+ switch (conn->state) {
+ case CLIENT_KEY_EXCHANGE:
+ msg = tls_send_client_key_exchange(conn, out_len);
+ break;
+ case CHANGE_CIPHER_SPEC:
+ msg = tls_send_change_cipher_spec(conn, out_len);
+ break;
+ case ACK_FINISHED:
+ wpa_printf(MSG_DEBUG, "TLSv1: Handshake completed "
+ "successfully");
+ conn->state = ESTABLISHED;
+ /* Need to return something to get final TLS ACK. */
+ msg = os_malloc(1);
+ *out_len = 0;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected state %d while "
+ "generating reply", conn->state);
+ break;
+ }
+
+failed:
+ os_free(in_msg);
+ if (conn->alert_level) {
+ conn->state = FAILED;
+ os_free(msg);
+ msg = tls_send_alert(conn, conn->alert_level,
+ conn->alert_description, out_len);
+ }
+
+ return msg;
+}
+
+
+/**
+ * tlsv1_client_encrypt - Encrypt data into TLS tunnel
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @in_data: Pointer to plaintext data to be encrypted
+ * @in_len: Input buffer length
+ * @out_data: Pointer to output buffer (encrypted TLS data)
+ * @out_len: Maximum out_data length
+ * Returns: Number of bytes written to out_data, -1 on failure
+ *
+ * This function is used after TLS handshake has been completed successfully to
+ * send data in the encrypted tunnel.
+ */
+int tlsv1_client_encrypt(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ size_t rlen;
+
+ wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: Plaintext AppData",
+ in_data, in_len);
+
+ os_memcpy(out_data + TLS_RECORD_HEADER_LEN, in_data, in_len);
+
+ if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_APPLICATION_DATA,
+ out_data, out_len, in_len, &rlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to create a record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ return rlen;
+}
+
+
+/**
+ * tlsv1_client_decrypt - Decrypt data from TLS tunnel
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @in_data: Pointer to input buffer (encrypted TLS data)
+ * @in_len: Input buffer length
+ * @out_data: Pointer to output buffer (decrypted data from TLS tunnel)
+ * @out_len: Maximum out_data length
+ * Returns: Number of bytes written to out_data, -1 on failure
+ *
+ * This function is used after TLS handshake has been completed successfully to
+ * receive data from the encrypted tunnel.
+ */
+int tlsv1_client_decrypt(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len)
+{
+ const u8 *in_end, *pos;
+ int res;
+ u8 alert, *out_end, *out_pos;
+ size_t olen;
+
+ pos = in_data;
+ in_end = in_data + in_len;
+ out_pos = out_data;
+ out_end = out_data + out_len;
+
+ while (pos < in_end) {
+ if (pos[0] != TLS_CONTENT_TYPE_APPLICATION_DATA) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected content type "
+ "0x%x", pos[0]);
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ olen = out_end - out_pos;
+ res = tlsv1_record_receive(&conn->rl, pos, in_end - pos,
+ out_pos, &olen, &alert);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record layer processing "
+ "failed");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
+ return -1;
+ }
+ out_pos += olen;
+ if (out_pos > out_end) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Buffer not large enough "
+ "for processing the received record");
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
+
+ pos += TLS_RECORD_HEADER_LEN + WPA_GET_BE16(pos + 3);
+ }
+
+ return out_pos - out_data;
+}
+
+
+/**
+ * tlsv1_client_global_init - Initialize TLSv1 client
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function must be called before using any other TLSv1 client functions.
+ */
+int tlsv1_client_global_init(void)
+{
+ return crypto_global_init();
+}
+
+
+/**
+ * tlsv1_client_global_deinit - Deinitialize TLSv1 client
+ *
+ * This function can be used to deinitialize the TLSv1 client that was
+ * initialized by calling tlsv1_client_global_init(). No TLSv1 client functions
+ * can be called after this before calling tlsv1_client_global_init() again.
+ */
+void tlsv1_client_global_deinit(void)
+{
+ crypto_global_deinit();
+}
+
+
+static void tlsv1_client_free_verify_hashes(struct tlsv1_client *conn)
+{
+ crypto_hash_finish(conn->verify_md5_client, NULL, NULL);
+ crypto_hash_finish(conn->verify_md5_server, NULL, NULL);
+ crypto_hash_finish(conn->verify_md5_cert, NULL, NULL);
+ crypto_hash_finish(conn->verify_sha1_client, NULL, NULL);
+ crypto_hash_finish(conn->verify_sha1_server, NULL, NULL);
+ crypto_hash_finish(conn->verify_sha1_cert, NULL, NULL);
+ conn->verify_md5_client = NULL;
+ conn->verify_md5_server = NULL;
+ conn->verify_md5_cert = NULL;
+ conn->verify_sha1_client = NULL;
+ conn->verify_sha1_server = NULL;
+ conn->verify_sha1_cert = NULL;
+}
+
+
+static int tlsv1_client_init_verify_hashes(struct tlsv1_client *conn)
+{
+ conn->verify_md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL,
+ 0);
+ conn->verify_md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL,
+ 0);
+ conn->verify_md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
+ conn->verify_sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL,
+ 0);
+ conn->verify_sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL,
+ 0);
+ conn->verify_sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL,
+ 0);
+ if (conn->verify_md5_client == NULL ||
+ conn->verify_md5_server == NULL ||
+ conn->verify_md5_cert == NULL ||
+ conn->verify_sha1_client == NULL ||
+ conn->verify_sha1_server == NULL ||
+ conn->verify_sha1_cert == NULL) {
+ tlsv1_client_free_verify_hashes(conn);
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_init - Initialize TLSv1 client connection
+ * Returns: Pointer to TLSv1 client connection data or %NULL on failure
+ */
+struct tlsv1_client * tlsv1_client_init(void)
+{
+ struct tlsv1_client *conn;
+ size_t count;
+ u16 *suites;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (conn == NULL)
+ return NULL;
+
+ conn->state = CLIENT_HELLO;
+
+ if (tlsv1_client_init_verify_hashes(conn) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize verify "
+ "hash");
+ os_free(conn);
+ return NULL;
+ }
+
+ count = 0;
+ suites = conn->cipher_suites;
+#ifndef CONFIG_CRYPTO_INTERNAL
+ suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
+#endif /* CONFIG_CRYPTO_INTERNAL */
+ suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+ suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
+ suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
+ suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
+ conn->num_cipher_suites = count;
+
+ return conn;
+}
+
+
+/**
+ * tlsv1_client_deinit - Deinitialize TLSv1 client connection
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ */
+void tlsv1_client_deinit(struct tlsv1_client *conn)
+{
+ crypto_public_key_free(conn->server_rsa_key);
+ tlsv1_record_set_cipher_suite(&conn->rl, TLS_NULL_WITH_NULL_NULL);
+ tlsv1_record_change_write_cipher(&conn->rl);
+ tlsv1_record_change_read_cipher(&conn->rl);
+ tlsv1_client_free_verify_hashes(conn);
+ os_free(conn->client_hello_ext);
+ tlsv1_client_free_dh(conn);
+ x509_certificate_chain_free(conn->trusted_certs);
+ x509_certificate_chain_free(conn->client_cert);
+ crypto_private_key_free(conn->client_key);
+ os_free(conn);
+}
+
+
+/**
+ * tlsv1_client_established - Check whether connection has been established
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * Returns: 1 if connection is established, 0 if not
+ */
+int tlsv1_client_established(struct tlsv1_client *conn)
+{
+ return conn->state == ESTABLISHED;
+}
+
+
+/**
+ * tlsv1_client_prf - Use TLS-PRF to derive keying material
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @label: Label (e.g., description of the key) for PRF
+ * @server_random_first: seed is 0 = client_random|server_random,
+ * 1 = server_random|client_random
+ * @out: Buffer for output data from TLS-PRF
+ * @out_len: Length of the output buffer
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_prf(struct tlsv1_client *conn, const char *label,
+ int server_random_first, u8 *out, size_t out_len)
+{
+ u8 seed[2 * TLS_RANDOM_LEN];
+
+ if (conn->state != ESTABLISHED)
+ return -1;
+
+ if (server_random_first) {
+ os_memcpy(seed, conn->server_random, TLS_RANDOM_LEN);
+ os_memcpy(seed + TLS_RANDOM_LEN, conn->client_random,
+ TLS_RANDOM_LEN);
+ } else {
+ os_memcpy(seed, conn->client_random, TLS_RANDOM_LEN);
+ os_memcpy(seed + TLS_RANDOM_LEN, conn->server_random,
+ TLS_RANDOM_LEN);
+ }
+
+ return tls_prf(conn->master_secret, TLS_MASTER_SECRET_LEN,
+ label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
+}
+
+
+/**
+ * tlsv1_client_get_cipher - Get current cipher name
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @buf: Buffer for the cipher name
+ * @buflen: buf size
+ * Returns: 0 on success, -1 on failure
+ *
+ * Get the name of the currently used cipher.
+ */
+int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
+ size_t buflen)
+{
+ char *cipher;
+
+ switch (conn->rl.cipher_suite) {
+ case TLS_RSA_WITH_RC4_128_MD5:
+ cipher = "RC4-MD5";
+ break;
+ case TLS_RSA_WITH_RC4_128_SHA:
+ cipher = "RC4-SHA";
+ break;
+ case TLS_RSA_WITH_DES_CBC_SHA:
+ cipher = "DES-CBC-SHA";
+ break;
+ case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+ cipher = "DES-CBC3-SHA";
+ break;
+ default:
+ return -1;
+ }
+
+ os_snprintf(buf, buflen, "%s", cipher);
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_shutdown - Shutdown TLS connection
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_shutdown(struct tlsv1_client *conn)
+{
+ conn->state = CLIENT_HELLO;
+
+ tlsv1_client_free_verify_hashes(conn);
+ if (tlsv1_client_init_verify_hashes(conn) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to re-initialize verify "
+ "hash");
+ return -1;
+ }
+
+ tlsv1_record_set_cipher_suite(&conn->rl, TLS_NULL_WITH_NULL_NULL);
+ tlsv1_record_change_write_cipher(&conn->rl);
+ tlsv1_record_change_read_cipher(&conn->rl);
+
+ conn->certificate_requested = 0;
+ crypto_public_key_free(conn->server_rsa_key);
+ conn->server_rsa_key = NULL;
+ conn->session_resumed = 0;
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_resumed - Was session resumption used
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * Returns: 1 if current session used session resumption, 0 if not
+ */
+int tlsv1_client_resumed(struct tlsv1_client *conn)
+{
+ return !!conn->session_resumed;
+}
+
+
+/**
+ * tlsv1_client_hello_ext - Set TLS extension for ClientHello
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @ext_type: Extension type
+ * @data: Extension payload (%NULL to remove extension)
+ * @data_len: Extension payload length
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
+ const u8 *data, size_t data_len)
+{
+ u8 *pos;
+
+ conn->ticket = 0;
+ os_free(conn->client_hello_ext);
+ conn->client_hello_ext = NULL;
+ conn->client_hello_ext_len = 0;
+
+ if (data == NULL || data_len == 0)
+ return 0;
+
+ pos = conn->client_hello_ext = os_malloc(6 + data_len);
+ if (pos == NULL)
+ return -1;
+
+ WPA_PUT_BE16(pos, 4 + data_len);
+ pos += 2;
+ WPA_PUT_BE16(pos, ext_type);
+ pos += 2;
+ WPA_PUT_BE16(pos, data_len);
+ pos += 2;
+ os_memcpy(pos, data, data_len);
+ conn->client_hello_ext_len = 6 + data_len;
+
+ if (ext_type == TLS_EXT_PAC_OPAQUE) {
+ conn->ticket = 1;
+ wpa_printf(MSG_DEBUG, "TLSv1: Using session ticket");
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_get_keys - Get master key and random data from TLS connection
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @keys: Structure of key/random data (filled on success)
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys)
+{
+ os_memset(keys, 0, sizeof(*keys));
+ if (conn->state == CLIENT_HELLO)
+ return -1;
+
+ keys->client_random = conn->client_random;
+ keys->client_random_len = TLS_RANDOM_LEN;
+
+ if (conn->state != SERVER_HELLO) {
+ keys->server_random = conn->server_random;
+ keys->server_random_len = TLS_RANDOM_LEN;
+ keys->master_key = conn->master_secret;
+ keys->master_key_len = TLS_MASTER_SECRET_LEN;
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_set_master_key - Configure master secret for TLS connection
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @key: TLS pre-master-secret
+ * @key_len: length of key in bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_set_master_key(struct tlsv1_client *conn,
+ const u8 *key, size_t key_len)
+{
+ if (key_len > TLS_MASTER_SECRET_LEN)
+ return -1;
+ wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: master_secret from session "
+ "ticket", key, key_len);
+ os_memcpy(conn->master_secret, key, key_len);
+ conn->ticket_key = 1;
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_get_keyblock_size - Get TLS key_block size
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * Returns: Size of the key_block for the negotiated cipher suite or -1 on
+ * failure
+ */
+int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn)
+{
+ if (conn->state == CLIENT_HELLO || conn->state == SERVER_HELLO)
+ return -1;
+
+ return 2 * (conn->rl.hash_size + conn->rl.key_material_len +
+ conn->rl.iv_size);
+}
+
+
+/**
+ * tlsv1_client_set_cipher_list - Configure acceptable cipher suites
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
+ * (TLS_CIPHER_*).
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
+{
+#ifdef EAP_FAST
+ size_t count;
+ u16 *suites;
+
+ /* TODO: implement proper configuration of cipher suites */
+ if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
+ count = 0;
+ suites = conn->cipher_suites;
+ suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
+ suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
+ suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
+ suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
+ suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA;
+ conn->num_cipher_suites = count;
+ }
+
+ return 0;
+#else /* EAP_FAST */
+ return -1;
+#endif /* EAP_FAST */
+}
+
+
+static int tlsv1_client_add_cert_der(struct x509_certificate **chain,
+ const u8 *buf, size_t len)
+{
+ struct x509_certificate *cert;
+ char name[128];
+
+ cert = x509_certificate_parse(buf, len);
+ if (cert == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: %s - failed to parse certificate",
+ __func__);
+ return -1;
+ }
+
+ cert->next = *chain;
+ *chain = cert;
+
+ x509_name_string(&cert->subject, name, sizeof(name));
+ wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name);
+
+ return 0;
+}
+
+
+static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
+static const char *pem_cert_end = "-----END CERTIFICATE-----";
+
+
+static const u8 * search_tag(const char *tag, const u8 *buf, size_t len)
+{
+ size_t i, plen;
+
+ plen = os_strlen(tag);
+ if (len < plen)
+ return NULL;
+
+ for (i = 0; i < len - plen; i++) {
+ if (os_memcmp(buf + i, tag, plen) == 0)
+ return buf + i;
+ }
+
+ return NULL;
+}
+
+
+static int tlsv1_client_add_cert(struct x509_certificate **chain,
+ const u8 *buf, size_t len)
+{
+ const u8 *pos, *end;
+ unsigned char *der;
+ size_t der_len;
+
+ pos = search_tag(pem_cert_begin, buf, len);
+ if (!pos) {
+ wpa_printf(MSG_DEBUG, "TLSv1: No PEM certificate tag found - "
+ "assume DER format");
+ return tlsv1_client_add_cert_der(chain, buf, len);
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Converting PEM format certificate into "
+ "DER format");
+
+ while (pos) {
+ pos += os_strlen(pem_cert_begin);
+ end = search_tag(pem_cert_end, pos, buf + len - pos);
+ if (end == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Could not find PEM "
+ "certificate end tag (%s)", pem_cert_end);
+ return -1;
+ }
+
+ der = base64_decode(pos, end - pos, &der_len);
+ if (der == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Could not decode PEM "
+ "certificate");
+ return -1;
+ }
+
+ if (tlsv1_client_add_cert_der(chain, der, der_len) < 0) {
+ wpa_printf(MSG_INFO, "TLSv1: Failed to parse PEM "
+ "certificate after DER conversion");
+ os_free(der);
+ return -1;
+ }
+
+ os_free(der);
+
+ end += os_strlen(pem_cert_end);
+ pos = search_tag(pem_cert_begin, end, buf + len - end);
+ }
+
+ return 0;
+}
+
+
+static int tlsv1_client_set_cert_chain(struct x509_certificate **chain,
+ const char *cert, const u8 *cert_blob,
+ size_t cert_blob_len)
+{
+ if (cert_blob)
+ return tlsv1_client_add_cert(chain, cert_blob, cert_blob_len);
+
+ if (cert) {
+ u8 *buf;
+ size_t len;
+ int ret;
+
+ buf = (u8 *) os_readfile(cert, &len);
+ if (buf == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Failed to read '%s'",
+ cert);
+ return -1;
+ }
+
+ ret = tlsv1_client_add_cert(chain, buf, len);
+ os_free(buf);
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_set_ca_cert - Set trusted CA certificate(s)
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @cert: File or reference name for X.509 certificate in PEM or DER format
+ * @cert_blob: cert as inlined data or %NULL if not used
+ * @cert_blob_len: ca_cert_blob length
+ * @path: Path to CA certificates (not yet supported)
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_set_ca_cert(struct tlsv1_client *conn, const char *cert,
+ const u8 *cert_blob, size_t cert_blob_len,
+ const char *path)
+{
+ if (tlsv1_client_set_cert_chain(&conn->trusted_certs, cert,
+ cert_blob, cert_blob_len) < 0)
+ return -1;
+
+ if (path) {
+ /* TODO: add support for reading number of certificate files */
+ wpa_printf(MSG_INFO, "TLSv1: Use of CA certificate directory "
+ "not yet supported");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_set_client_cert - Set client certificate
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @cert: File or reference name for X.509 certificate in PEM or DER format
+ * @cert_blob: cert as inlined data or %NULL if not used
+ * @cert_blob_len: ca_cert_blob length
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_set_client_cert(struct tlsv1_client *conn, const char *cert,
+ const u8 *cert_blob, size_t cert_blob_len)
+{
+ return tlsv1_client_set_cert_chain(&conn->client_cert, cert,
+ cert_blob, cert_blob_len);
+}
+
+
+static int tlsv1_client_set_key(struct tlsv1_client *conn,
+ const u8 *key, size_t len)
+{
+ conn->client_key = crypto_private_key_import(key, len);
+ if (conn->client_key == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Failed to parse private key");
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * tlsv1_client_set_private_key - Set client private key
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @private_key: File or reference name for the key in PEM or DER format
+ * @private_key_passwd: Passphrase for decrypted private key, %NULL if no
+ * passphrase is used.
+ * @private_key_blob: private_key as inlined data or %NULL if not used
+ * @private_key_blob_len: private_key_blob length
+ * Returns: 0 on success, -1 on failure
+ */
+int tlsv1_client_set_private_key(struct tlsv1_client *conn,
+ const char *private_key,
+ const char *private_key_passwd,
+ const u8 *private_key_blob,
+ size_t private_key_blob_len)
+{
+ crypto_private_key_free(conn->client_key);
+ conn->client_key = NULL;
+
+ if (private_key_blob)
+ return tlsv1_client_set_key(conn, private_key_blob,
+ private_key_blob_len);
+
+ if (private_key) {
+ u8 *buf;
+ size_t len;
+ int ret;
+
+ buf = (u8 *) os_readfile(private_key, &len);
+ if (buf == NULL) {
+ wpa_printf(MSG_INFO, "TLSv1: Failed to read '%s'",
+ private_key);
+ return -1;
+ }
+
+ ret = tlsv1_client_set_key(conn, buf, len);
+ os_free(buf);
+ return ret;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * wpa_supplicant: TLSv1 client (RFC 2246)
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef TLSV1_CLIENT_H
+#define TLSV1_CLIENT_H
+
+struct tlsv1_client;
+
+int tlsv1_client_global_init(void);
+void tlsv1_client_global_deinit(void);
+struct tlsv1_client * tlsv1_client_init(void);
+void tlsv1_client_deinit(struct tlsv1_client *conn);
+int tlsv1_client_established(struct tlsv1_client *conn);
+int tlsv1_client_prf(struct tlsv1_client *conn, const char *label,
+ int server_random_first, u8 *out, size_t out_len);
+u8 * tlsv1_client_handshake(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ size_t *out_len);
+int tlsv1_client_encrypt(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len);
+int tlsv1_client_decrypt(struct tlsv1_client *conn,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t out_len);
+int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
+ size_t buflen);
+int tlsv1_client_shutdown(struct tlsv1_client *conn);
+int tlsv1_client_resumed(struct tlsv1_client *conn);
+int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
+ const u8 *data, size_t data_len);
+int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys);
+int tlsv1_client_set_master_key(struct tlsv1_client *conn,
+ const u8 *key, size_t key_len);
+int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
+int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
+int tlsv1_client_set_ca_cert(struct tlsv1_client *conn, const char *cert,
+ const u8 *cert_blob, size_t cert_blob_len,
+ const char *path);
+int tlsv1_client_set_client_cert(struct tlsv1_client *conn, const char *cert,
+ const u8 *cert_blob, size_t cert_blob_len);
+int tlsv1_client_set_private_key(struct tlsv1_client *conn,
+ const char *private_key,
+ const char *private_key_passwd,
+ const u8 *private_key_blob,
+ size_t private_key_blob_len);
+
+#endif /* TLSV1_CLIENT_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd: TLSv1 common routines
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "md5.h"
+#include "sha1.h"
+#include "crypto.h"
+#include "x509v3.h"
+#include "tlsv1_common.h"
+
+
+/*
+ * TODO:
+ * RFC 2246 Section 9: Mandatory to implement TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+ * Add support for commonly used cipher suites; don't bother with exportable
+ * suites.
+ */
+
+static const struct tls_cipher_suite tls_cipher_suites[] = {
+ { TLS_NULL_WITH_NULL_NULL, TLS_KEY_X_NULL, TLS_CIPHER_NULL,
+ TLS_HASH_NULL },
+ { TLS_RSA_WITH_RC4_128_MD5, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
+ TLS_HASH_MD5 },
+ { TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
+ TLS_HASH_SHA },
+ { TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
+ TLS_HASH_SHA },
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
+ TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+ { TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
+ TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
+ { TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
+ TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
+ { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
+ TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+ { TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
+ TLS_HASH_SHA },
+ { TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
+ TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA },
+ { TLS_RSA_WITH_AES_256_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_256_CBC,
+ TLS_HASH_SHA },
+ { TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_KEY_X_DH_anon,
+ TLS_CIPHER_AES_256_CBC, TLS_HASH_SHA }
+};
+
+#define NUM_ELEMS(a) (sizeof(a) / sizeof((a)[0]))
+#define NUM_TLS_CIPHER_SUITES NUM_ELEMS(tls_cipher_suites)
+
+
+static const struct tls_cipher_data tls_ciphers[] = {
+ { TLS_CIPHER_NULL, TLS_CIPHER_STREAM, 0, 0, 0,
+ CRYPTO_CIPHER_NULL },
+ { TLS_CIPHER_IDEA_CBC, TLS_CIPHER_BLOCK, 16, 16, 8,
+ CRYPTO_CIPHER_NULL },
+ { TLS_CIPHER_RC2_CBC_40, TLS_CIPHER_BLOCK, 5, 16, 0,
+ CRYPTO_CIPHER_ALG_RC2 },
+ { TLS_CIPHER_RC4_40, TLS_CIPHER_STREAM, 5, 16, 0,
+ CRYPTO_CIPHER_ALG_RC4 },
+ { TLS_CIPHER_RC4_128, TLS_CIPHER_STREAM, 16, 16, 0,
+ CRYPTO_CIPHER_ALG_RC4 },
+ { TLS_CIPHER_DES40_CBC, TLS_CIPHER_BLOCK, 5, 8, 8,
+ CRYPTO_CIPHER_ALG_DES },
+ { TLS_CIPHER_DES_CBC, TLS_CIPHER_BLOCK, 8, 8, 8,
+ CRYPTO_CIPHER_ALG_DES },
+ { TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK, 24, 24, 8,
+ CRYPTO_CIPHER_ALG_3DES },
+ { TLS_CIPHER_AES_128_CBC, TLS_CIPHER_BLOCK, 16, 16, 16,
+ CRYPTO_CIPHER_ALG_AES },
+ { TLS_CIPHER_AES_256_CBC, TLS_CIPHER_BLOCK, 32, 32, 16,
+ CRYPTO_CIPHER_ALG_AES }
+};
+
+#define NUM_TLS_CIPHER_DATA NUM_ELEMS(tls_ciphers)
+
+
+/**
+ * tls_get_cipher_suite - Get TLS cipher suite
+ * @suite: Cipher suite identifier
+ * Returns: Pointer to the cipher data or %NULL if not found
+ */
+const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite)
+{
+ size_t i;
+ for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++)
+ if (tls_cipher_suites[i].suite == suite)
+ return &tls_cipher_suites[i];
+ return NULL;
+}
+
+
+static const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher)
+{
+ size_t i;
+ for (i = 0; i < NUM_TLS_CIPHER_DATA; i++)
+ if (tls_ciphers[i].cipher == cipher)
+ return &tls_ciphers[i];
+ return NULL;
+}
+
+
+/**
+ * tls_parse_cert - Parse DER encoded X.509 certificate and get public key
+ * @buf: ASN.1 DER encoded certificate
+ * @len: Length of the buffer
+ * @pk: Buffer for returning the allocated public key
+ * Returns: 0 on success, -1 on failure
+ *
+ * This functions parses an ASN.1 DER encoded X.509 certificate and retrieves
+ * the public key from it. The caller is responsible for freeing the public key
+ * by calling crypto_public_key_free().
+ */
+int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk)
+{
+ struct x509_certificate *cert;
+
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: Parse ASN.1 DER certificate",
+ buf, len);
+
+ *pk = crypto_public_key_from_cert(buf, len);
+ if (*pk)
+ return 0;
+
+ cert = x509_certificate_parse(buf, len);
+ if (cert == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse X.509 "
+ "certificate");
+ return -1;
+ }
+
+ /* TODO
+ * verify key usage (must allow encryption)
+ *
+ * All certificate profiles, key and cryptographic formats are
+ * defined by the IETF PKIX working group [PKIX]. When a key
+ * usage extension is present, the digitalSignature bit must be
+ * set for the key to be eligible for signing, as described
+ * above, and the keyEncipherment bit must be present to allow
+ * encryption, as described above. The keyAgreement bit must be
+ * set on Diffie-Hellman certificates. (PKIX: RFC 3280)
+ */
+
+ *pk = crypto_public_key_import(cert->public_key, cert->public_key_len);
+ x509_certificate_free(cert);
+
+ if (*pk == NULL) {
+ wpa_printf(MSG_ERROR, "TLSv1: Failed to import "
+ "server public key");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_record_set_cipher_suite - TLS record layer: Set cipher suite
+ * @rl: Pointer to TLS record layer data
+ * @cipher_suite: New cipher suite
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to prepare TLS record layer for cipher suite change.
+ * tlsv1_record_change_write_cipher() and
+ * tlsv1_record_change_read_cipher() functions can then be used to change the
+ * currently used ciphers.
+ */
+int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
+ u16 cipher_suite)
+{
+ const struct tls_cipher_suite *suite;
+ const struct tls_cipher_data *data;
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Selected cipher suite: 0x%04x",
+ cipher_suite);
+ rl->cipher_suite = cipher_suite;
+
+ suite = tls_get_cipher_suite(cipher_suite);
+ if (suite == NULL)
+ return -1;
+
+ if (suite->hash == TLS_HASH_MD5) {
+ rl->hash_alg = CRYPTO_HASH_ALG_HMAC_MD5;
+ rl->hash_size = MD5_MAC_LEN;
+ } else if (suite->hash == TLS_HASH_SHA) {
+ rl->hash_alg = CRYPTO_HASH_ALG_HMAC_SHA1;
+ rl->hash_size = SHA1_MAC_LEN;
+ }
+
+ data = tls_get_cipher_data(suite->cipher);
+ if (data == NULL)
+ return -1;
+
+ rl->key_material_len = data->key_material;
+ rl->iv_size = data->block_size;
+ rl->cipher_alg = data->alg;
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_record_change_write_cipher - TLS record layer: Change write cipher
+ * @rl: Pointer to TLS record layer data
+ * Returns: 0 on success (cipher changed), -1 on failure
+ *
+ * This function changes TLS record layer to use the new cipher suite
+ * configured with tlsv1_record_set_cipher_suite() for writing.
+ */
+int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl)
+{
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New write cipher suite "
+ "0x%04x", rl->cipher_suite);
+ rl->write_cipher_suite = rl->cipher_suite;
+ os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN);
+
+ if (rl->write_cbc) {
+ crypto_cipher_deinit(rl->write_cbc);
+ rl->write_cbc = NULL;
+ }
+ if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
+ rl->write_cbc = crypto_cipher_init(rl->cipher_alg,
+ rl->write_iv, rl->write_key,
+ rl->key_material_len);
+ if (rl->write_cbc == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize "
+ "cipher");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_record_change_read_cipher - TLS record layer: Change read cipher
+ * @rl: Pointer to TLS record layer data
+ * Returns: 0 on success (cipher changed), -1 on failure
+ *
+ * This function changes TLS record layer to use the new cipher suite
+ * configured with tlsv1_record_set_cipher_suite() for reading.
+ */
+int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl)
+{
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New read cipher suite "
+ "0x%04x", rl->cipher_suite);
+ rl->read_cipher_suite = rl->cipher_suite;
+ os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
+
+ if (rl->read_cbc) {
+ crypto_cipher_deinit(rl->read_cbc);
+ rl->read_cbc = NULL;
+ }
+ if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
+ rl->read_cbc = crypto_cipher_init(rl->cipher_alg,
+ rl->read_iv, rl->read_key,
+ rl->key_material_len);
+ if (rl->read_cbc == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize "
+ "cipher");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_record_send - TLS record layer: Send a message
+ * @rl: Pointer to TLS record layer data
+ * @content_type: Content type (TLS_CONTENT_TYPE_*)
+ * @buf: Buffer to send (with TLS_RECORD_HEADER_LEN octets reserved in the
+ * beginning for record layer to fill in; payload filled in after this and
+ * extra space in the end for HMAC).
+ * @buf_size: Maximum buf size
+ * @payload_len: Length of the payload
+ * @out_len: Buffer for returning the used buf length
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function fills in the TLS record layer header, adds HMAC, and encrypts
+ * the data using the current write cipher.
+ */
+int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
+ size_t buf_size, size_t payload_len, size_t *out_len)
+{
+ u8 *pos, *ct_start, *length, *payload;
+ struct crypto_hash *hmac;
+ size_t clen;
+
+ pos = buf;
+ /* ContentType type */
+ ct_start = pos;
+ *pos++ = content_type;
+ /* ProtocolVersion version */
+ WPA_PUT_BE16(pos, TLS_VERSION);
+ pos += 2;
+ /* uint16 length */
+ length = pos;
+ WPA_PUT_BE16(length, payload_len);
+ pos += 2;
+
+ /* opaque fragment[TLSPlaintext.length] */
+ payload = pos;
+ pos += payload_len;
+
+ if (rl->write_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
+ hmac = crypto_hash_init(rl->hash_alg, rl->write_mac_secret,
+ rl->hash_size);
+ if (hmac == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
+ "to initialize HMAC");
+ return -1;
+ }
+ crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
+ /* type + version + length + fragment */
+ crypto_hash_update(hmac, ct_start, pos - ct_start);
+ clen = buf + buf_size - pos;
+ if (clen < rl->hash_size) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not "
+ "enough room for MAC");
+ crypto_hash_finish(hmac, NULL, NULL);
+ return -1;
+ }
+
+ if (crypto_hash_finish(hmac, pos, &clen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
+ "to calculate HMAC");
+ return -1;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: Record Layer - Write HMAC",
+ pos, clen);
+ pos += clen;
+ if (rl->iv_size) {
+ size_t len = pos - payload;
+ size_t pad;
+ pad = (len + 1) % rl->iv_size;
+ if (pad)
+ pad = rl->iv_size - pad;
+ if (pos + pad + 1 > buf + buf_size) {
+ wpa_printf(MSG_DEBUG, "TLSv1: No room for "
+ "block cipher padding");
+ return -1;
+ }
+ os_memset(pos, pad, pad + 1);
+ pos += pad + 1;
+ }
+
+ if (crypto_cipher_encrypt(rl->write_cbc, payload,
+ payload, pos - payload) < 0)
+ return -1;
+ }
+
+ WPA_PUT_BE16(length, pos - length - 2);
+ inc_byte_array(rl->write_seq_num, TLS_SEQ_NUM_LEN);
+
+ *out_len = pos - buf;
+
+ return 0;
+}
+
+
+/**
+ * tlsv1_record_receive - TLS record layer: Process a received message
+ * @rl: Pointer to TLS record layer data
+ * @in_data: Received data
+ * @in_len: Length of the received data
+ * @out_data: Buffer for output data (must be at least as long as in_data)
+ * @out_len: Set to maximum out_data length by caller; used to return the
+ * length of the used data
+ * @alert: Buffer for returning an alert value on failure
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function decrypts the received message, verifies HMAC and TLS record
+ * layer header.
+ */
+int tlsv1_record_receive(struct tlsv1_record_layer *rl,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t *out_len, u8 *alert)
+{
+ size_t i, rlen, hlen;
+ u8 padlen;
+ struct crypto_hash *hmac;
+ u8 len[2], hash[100];
+
+ wpa_hexdump(MSG_MSGDUMP, "TLSv1: Record Layer - Received",
+ in_data, in_len);
+
+ if (in_len < TLS_RECORD_HEADER_LEN) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short record (in_len=%lu)",
+ (unsigned long) in_len);
+ *alert = TLS_ALERT_DECODE_ERROR;
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "TLSv1: Received content type %d version %d.%d "
+ "length %d", in_data[0], in_data[1], in_data[2],
+ WPA_GET_BE16(in_data + 3));
+
+ if (in_data[0] != TLS_CONTENT_TYPE_HANDSHAKE &&
+ in_data[0] != TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC &&
+ in_data[0] != TLS_CONTENT_TYPE_APPLICATION_DATA) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected content type 0x%x",
+ in_data[0]);
+ *alert = TLS_ALERT_UNEXPECTED_MESSAGE;
+ return -1;
+ }
+
+ if (WPA_GET_BE16(in_data + 1) != TLS_VERSION) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
+ "%d.%d", in_data[1], in_data[2]);
+ *alert = TLS_ALERT_PROTOCOL_VERSION;
+ return -1;
+ }
+
+ rlen = WPA_GET_BE16(in_data + 3);
+
+ /* TLSCiphertext must not be more than 2^14+2048 bytes */
+ if (TLS_RECORD_HEADER_LEN + rlen > 18432) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record overflow (len=%lu)",
+ (unsigned long) (TLS_RECORD_HEADER_LEN + rlen));
+ *alert = TLS_ALERT_RECORD_OVERFLOW;
+ return -1;
+ }
+
+ in_data += TLS_RECORD_HEADER_LEN;
+ in_len -= TLS_RECORD_HEADER_LEN;
+
+ if (rlen > in_len) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Not all record data included "
+ "(rlen=%lu > in_len=%lu)",
+ (unsigned long) rlen, (unsigned long) in_len);
+ *alert = TLS_ALERT_DECODE_ERROR;
+ return -1;
+ }
+
+ in_len = rlen;
+
+ if (*out_len < in_len) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Not enough output buffer for "
+ "processing received record");
+ *alert = TLS_ALERT_INTERNAL_ERROR;
+ return -1;
+ }
+
+ os_memcpy(out_data, in_data, in_len);
+ *out_len = in_len;
+
+ if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
+ if (crypto_cipher_decrypt(rl->read_cbc, out_data,
+ out_data, in_len) < 0) {
+ *alert = TLS_ALERT_DECRYPTION_FAILED;
+ return -1;
+ }
+ if (rl->iv_size) {
+ if (in_len == 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short record"
+ " (no pad)");
+ *alert = TLS_ALERT_DECODE_ERROR;
+ return -1;
+ }
+ padlen = out_data[in_len - 1];
+ if (padlen >= in_len) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Incorrect pad "
+ "length (%u, in_len=%lu) in "
+ "received record",
+ padlen, (unsigned long) in_len);
+ *alert = TLS_ALERT_DECRYPTION_FAILED;
+ return -1;
+ }
+ for (i = in_len - padlen; i < in_len; i++) {
+ if (out_data[i] != padlen) {
+ wpa_hexdump(MSG_DEBUG,
+ "TLSv1: Invalid pad in "
+ "received record",
+ out_data + in_len - padlen,
+ padlen);
+ *alert = TLS_ALERT_DECRYPTION_FAILED;
+ return -1;
+ }
+ }
+
+ *out_len -= padlen + 1;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP,
+ "TLSv1: Record Layer - Decrypted data",
+ out_data, in_len);
+
+ if (*out_len < rl->hash_size) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Too short record; no "
+ "hash value");
+ *alert = TLS_ALERT_INTERNAL_ERROR;
+ return -1;
+ }
+
+ *out_len -= rl->hash_size;
+
+ hmac = crypto_hash_init(rl->hash_alg, rl->read_mac_secret,
+ rl->hash_size);
+ if (hmac == NULL) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
+ "to initialize HMAC");
+ *alert = TLS_ALERT_INTERNAL_ERROR;
+ return -1;
+ }
+
+ crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
+ /* type + version + length + fragment */
+ crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
+ WPA_PUT_BE16(len, *out_len);
+ crypto_hash_update(hmac, len, 2);
+ crypto_hash_update(hmac, out_data, *out_len);
+ hlen = sizeof(hash);
+ if (crypto_hash_finish(hmac, hash, &hlen) < 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
+ "to calculate HMAC");
+ return -1;
+ }
+ if (hlen != rl->hash_size ||
+ os_memcmp(hash, out_data + *out_len, hlen) != 0) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Invalid HMAC value in "
+ "received message");
+ *alert = TLS_ALERT_BAD_RECORD_MAC;
+ return -1;
+ }
+ }
+
+ /* TLSCompressed must not be more than 2^14+1024 bytes */
+ if (TLS_RECORD_HEADER_LEN + *out_len > 17408) {
+ wpa_printf(MSG_DEBUG, "TLSv1: Record overflow (len=%lu)",
+ (unsigned long) (TLS_RECORD_HEADER_LEN + *out_len));
+ *alert = TLS_ALERT_RECORD_OVERFLOW;
+ return -1;
+ }
+
+ inc_byte_array(rl->read_seq_num, TLS_SEQ_NUM_LEN);
+
+ return 0;
+}
--- /dev/null
+/*
+ * wpa_supplicant/hostapd: TLSv1 common definitions
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef TLSV1_COMMON
+#define TLSV1_COMMON
+
+#define TLS_VERSION 0x0301 /* TLSv1 */
+#define TLS_RANDOM_LEN 32
+#define TLS_PRE_MASTER_SECRET_LEN 48
+#define TLS_MASTER_SECRET_LEN 48
+#define TLS_SESSION_ID_MAX_LEN 32
+#define TLS_VERIFY_DATA_LEN 12
+#define TLS_MAX_WRITE_MAC_SECRET_LEN 20
+#define TLS_MAX_WRITE_KEY_LEN 32
+#define TLS_MAX_IV_LEN 16
+#define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
+ TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
+#define TLS_SEQ_NUM_LEN 8
+#define TLS_RECORD_HEADER_LEN 5
+
+/* ContentType */
+enum {
+ TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
+ TLS_CONTENT_TYPE_ALERT = 21,
+ TLS_CONTENT_TYPE_HANDSHAKE = 22,
+ TLS_CONTENT_TYPE_APPLICATION_DATA = 23
+};
+
+/* HandshakeType */
+enum {
+ TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
+ TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
+ TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
+ TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
+ TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
+ TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
+ TLS_HANDSHAKE_TYPE_FINISHED = 20
+};
+
+/* CipherSuite */
+#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */
+#define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */
+#define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */
+#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */
+#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */
+#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */
+#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */
+#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */
+#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */
+#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */
+#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */
+#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */
+#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */
+
+/* CompressionMethod */
+#define TLS_COMPRESSION_NULL 0
+
+/* AlertLevel */
+#define TLS_ALERT_LEVEL_WARNING 1
+#define TLS_ALERT_LEVEL_FATAL 2
+
+/* AlertDescription */
+#define TLS_ALERT_CLOSE_NOTIFY 0
+#define TLS_ALERT_UNEXPECTED_MESSAGE 10
+#define TLS_ALERT_BAD_RECORD_MAC 20
+#define TLS_ALERT_DECRYPTION_FAILED 21
+#define TLS_ALERT_RECORD_OVERFLOW 22
+#define TLS_ALERT_DECOMPRESSION_FAILURE 30
+#define TLS_ALERT_HANDSHAKE_FAILURE 40
+#define TLS_ALERT_BAD_CERTIFICATE 42
+#define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43
+#define TLS_ALERT_CERTIFICATE_REVOKED 44
+#define TLS_ALERT_CERTIFICATE_EXPIRED 45
+#define TLS_ALERT_CERTIFICATE_UNKNOWN 46
+#define TLS_ALERT_ILLEGAL_PARAMETER 47
+#define TLS_ALERT_UNKNOWN_CA 48
+#define TLS_ALERT_ACCESS_DENIED 49
+#define TLS_ALERT_DECODE_ERROR 50
+#define TLS_ALERT_DECRYPT_ERROR 51
+#define TLS_ALERT_EXPORT_RESTRICTION 60
+#define TLS_ALERT_PROTOCOL_VERSION 70
+#define TLS_ALERT_INSUFFICIENT_SECURITY 71
+#define TLS_ALERT_INTERNAL_ERROR 80
+#define TLS_ALERT_USER_CANCELED 90
+#define TLS_ALERT_NO_RENEGOTIATION 100
+
+/* ChangeCipherSpec */
+enum {
+ TLS_CHANGE_CIPHER_SPEC = 1
+};
+
+/* TLS Extensions */
+#define TLS_EXT_PAC_OPAQUE 35
+
+
+typedef enum {
+ TLS_KEY_X_NULL,
+ TLS_KEY_X_RSA,
+ TLS_KEY_X_RSA_EXPORT,
+ TLS_KEY_X_DH_DSS_EXPORT,
+ TLS_KEY_X_DH_DSS,
+ TLS_KEY_X_DH_RSA_EXPORT,
+ TLS_KEY_X_DH_RSA,
+ TLS_KEY_X_DHE_DSS_EXPORT,
+ TLS_KEY_X_DHE_DSS,
+ TLS_KEY_X_DHE_RSA_EXPORT,
+ TLS_KEY_X_DHE_RSA,
+ TLS_KEY_X_DH_anon_EXPORT,
+ TLS_KEY_X_DH_anon
+} tls_key_exchange;
+
+typedef enum {
+ TLS_CIPHER_NULL,
+ TLS_CIPHER_RC4_40,
+ TLS_CIPHER_RC4_128,
+ TLS_CIPHER_RC2_CBC_40,
+ TLS_CIPHER_IDEA_CBC,
+ TLS_CIPHER_DES40_CBC,
+ TLS_CIPHER_DES_CBC,
+ TLS_CIPHER_3DES_EDE_CBC,
+ TLS_CIPHER_AES_128_CBC,
+ TLS_CIPHER_AES_256_CBC
+} tls_cipher;
+
+typedef enum {
+ TLS_HASH_NULL,
+ TLS_HASH_MD5,
+ TLS_HASH_SHA
+} tls_hash;
+
+struct tls_cipher_suite {
+ u16 suite;
+ tls_key_exchange key_exchange;
+ tls_cipher cipher;
+ tls_hash hash;
+};
+
+typedef enum {
+ TLS_CIPHER_STREAM,
+ TLS_CIPHER_BLOCK
+} tls_cipher_type;
+
+struct tls_cipher_data {
+ tls_cipher cipher;
+ tls_cipher_type type;
+ size_t key_material;
+ size_t expanded_key_material;
+ size_t block_size; /* also iv_size */
+ enum crypto_cipher_alg alg;
+};
+
+
+struct tlsv1_record_layer {
+ u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
+ u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
+ u8 write_key[TLS_MAX_WRITE_KEY_LEN];
+ u8 read_key[TLS_MAX_WRITE_KEY_LEN];
+ u8 write_iv[TLS_MAX_IV_LEN];
+ u8 read_iv[TLS_MAX_IV_LEN];
+
+ size_t hash_size;
+ size_t key_material_len;
+ size_t iv_size; /* also block_size */
+
+ enum crypto_hash_alg hash_alg;
+ enum crypto_cipher_alg cipher_alg;
+
+ u8 write_seq_num[TLS_SEQ_NUM_LEN];
+ u8 read_seq_num[TLS_SEQ_NUM_LEN];
+
+ u16 cipher_suite;
+ u16 write_cipher_suite;
+ u16 read_cipher_suite;
+
+ struct crypto_cipher *write_cbc;
+ struct crypto_cipher *read_cbc;
+};
+
+
+const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
+int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
+int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
+ u16 cipher_suite);
+int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
+int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
+int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
+ size_t buf_size, size_t payload_len, size_t *out_len);
+int tlsv1_record_receive(struct tlsv1_record_layer *rl,
+ const u8 *in_data, size_t in_len,
+ u8 *out_data, size_t *out_len, u8 *alert);
+
+#endif /* TLSV1_COMMON_H */
--- /dev/null
+To do:
+- hostap: try other roaming modes
+ NOTE: current mode (manual roaming) does not really roam at all..
+ Firmware did not notice the current AP disappearing..
+- add support for WPA with ap_scan=0 (update selected cipher etc. based on
+ AssocInfo; make sure these match with configuration)
+- optional security separation (build time option): run EAPOL state machines
+ as non-root (need to add something like socketpair between privileged root
+ process and non-root handler; send EAPOL packets between processes
+ and send keying data from non-root -> privileged)
+ EAPOL-Key processing (WPA & WEP keys) could be in privileged part
+ at least in the beginning; some parts might end up being moved to
+ non-root part eventually
+- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
+ authentication has been completed (cache scard data based on serial#(?)
+ and try to optimize next connection if the same card is present for next
+ auth)
+- EAP-AKA: AT_CHECKCODE
+- EAP-SIM/AKA: AT_RESULT_IND
+- on disconnect event, could try to associate with another AP if one is
+ present in scan results; would need to update scan results periodically..
+- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
+ ssid->proto fields to avoid detecting downgrade attacks when the driver
+ is not reporting RSN IE, but msg 3/4 has one
+- Cisco AP and non-zero keyidx for unicast -> map to broadcast
+ (actually, this already works with driver_ndis; so maybe just change
+ driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
+ for unicast); worked also with Host AP driver and madwifi
+- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
+ to see unencrypted EAPOL-Key frames at all..
+- EAP-PAX with PAX_SEC
+- EAP (RFC 3748)
+ * OTP Extended Responses (Sect. 5.5)
+- test what happens if authenticator sends EAP-Success before real EAP
+ authentication ("canned" Success); this should be ignored based on
+ RFC 3748 Sect. 4.2
+- test compilation with gcc -W options (more warnings?)
+ (Done once; number of unused function arguments still present)
+- add proper support for using dot11RSNAConfigSATimeout
+- ctrl_iface: get/set/remove blob
+- use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
+ web pages including the same information.. i.e., have this information only
+ in one page; how to build a PDF file with all the SGML included?
+- test wait-for-interface and daemonize combinations with number of driver
+ interfaces
+ * 'test' worked with WPA-PSK
+- EAP-POTP/RSA SecurID profile (draft-nystrom-eap-potp-03.txt)
+- document wpa_gui build and consider adding it to 'make install'
+- test madwifi with pairwise=TKIP group=WEP104
+- possibility to link in WPA Authenticator state machine to wpa_supplicant
+ (new STAKey handshake, WPA2 IBSS)
+- consider merging hostapd and wpa_supplicant PMKSA cache implementations
+- add support for configuring password for MSCHAPv2 as NtPasswordHash in
+ the same way as was added to hostapd (hash:<hex value>)
+- test_driver: configure directory and create AP-<mac> and STA-<mac> files
+ there to allow scanning multiple APs (e.g., for testing pre-auth and PMKSA
+ caching testing) and to exchange STA-STA EAPOL frames
+- consider adding generic buffer functionality that could be used in number
+ of places
+ * allocate buffer (with default max size), allow reserving head room to
+ make it possible to add a header without having to reallocate buffer
+ * reallocate buffer (add head and/or tail room)
+ * ref count and free when count=0 ?
+ * add data (to tail): re-alloc more tailroom if needed and copy new data
+ * error flag so that caller can do multiple add()s and only in the end
+ check whether something has failed; this should make error handling
+ simpler
+- consider redesigning pending EAP requests (identity/password/otp from
+ ctrl_iface) by moving the retrying of the previous request into EAP
+ state machine so that EAPOL state machine is not needed for this
+- rfc4284.txt (network selection for eap)
+- www pages about configuring wpa_supplicant:
+ * global options (ap_scan, ctrl_interfaces) based on OS/driver
+ * network block
+ * key_mgmt selection
+ * WPA parameters
+ * EAP options (one page for each method)
+ * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
+ generate example configuration
+- error path in rsn_preauth_init: should probably deinit l2_packet handlers
+ if something fails; does something else need deinit?
+- consider moving SIM card functionality (IMSI fetching) away from eap.c;
+ this should likely happen before EAP is initialized for authentication;
+ now IMSI is read only after receiving EAP-Identity/Request, but since it is
+ really needed for all cases, reading IMSI and generating Identity string
+ could very well be done before EAP has been started
+- test all allowed EAP Phase 2 methods (i.e., anything else than PEAP, TTLS,
+ FAST): SIM AKA PAX PSK LEAP; if these work, include in eap_testing.txt; if
+ not, either fix or make eap_allowed_phase2_type reject
+- try to work around race in receiving association event and first EAPOL
+ message
+- helper function to do memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN)
+- add wpa_secure_memzero() macro and secure implementation (volatile u8*) to
+ clear memory; this would be used to clear temporary buffers containing
+ private data (e.g., keys); the macro can be defined to NOP in order to save
+ space (i.e., no code should depend on the macro doing something)
+- make sure that TLS session cache is not shared between EAP types or if it
+ is, that the cache entries are bound to only one EAP type; e.g., cache entry
+ created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
+- consider moving eap_tls_build_ack() call into eap_tls_process_helper()
+ (it seems to be called always if helper returns 1)
+ * could need to modify eap_{ttls,peap,fast}_decrypt to do same
+- add support for fetching full user cert chain from Windows certificate
+ stores even when there are intermediate CA certs that are not in the
+ configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
+
+
+0.6.x branch:
+- clean up common.[ch]
+- change TLS/crypto library interface to use a structure of function
+ pointers and helper inline functions (like driver_ops) instead of
+ requiring every TLS wrapper to implement all functions
+- move from CVS to git (0.3.x, 0.4.x, 0.5.x releases will continue
+ to be updated only on CVS)
+- move files into subdirectories and combine wpa_supplicant and hostapd
+ into a repository that matches in directory structure with the release
+ tarballs
+ (subdirs: eap_common, eap_peer, eap_server, driver, driver_ap, ...)
+- make it clearer that EAP server/peer can be used as a separate library
+ for other programs
+- add support for encrypted configuration fields (e.g., password, psk,
+ passphrase, pin)
+- wpa_gui: add support for setting and showing priority, id_str, auth_alg
+ (open/shared for static WEP)
--- /dev/null
+#ifndef VERSION_H
+#define VERSION_H
+
+#define VERSION_STR "0.5.10"
+
+#endif /* VERSION_H */
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="eapol_test"\r
+ ProjectGUID="{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}"\r
+ RootNamespace="eapol_test"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="1"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\aes_wrap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\base64.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config_file.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\crypto.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface_named_pipe.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_aka.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_gtc.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_leap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_methods.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_mschapv2.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_otp.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_peap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_sim.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_sim_common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls_common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tlv.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_ttls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eapol_sm.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eapol_test.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eloop_win.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\events.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\l2_packet_winpcap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ms_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\os_win32.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pcsc_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pmksa_cache.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\preauth.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\radius.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\radius_client.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\rc4.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\sha1.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\tls_openssl.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_supplicant.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="win_if_list"\r
+ ProjectGUID="{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}"\r
+ RootNamespace="win_if_list"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wpcap.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wpcap.lib"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\win_if_list.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="wpa_cli"\r
+ ProjectGUID="{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}"\r
+ RootNamespace="wpa_cli"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ DisableSpecificWarnings="4244;4267"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib"\r
+ LinkIncremental="2"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ DisableSpecificWarnings="4244;4267"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib"\r
+ LinkIncremental="1"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\os_win32.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_cli.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_ctrl.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="wpa_passphrase"\r
+ ProjectGUID="{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}"\r
+ RootNamespace="wpa_passphrase"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ AdditionalIncludeDirectories="C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS;INTERNAL_SHA1;INTERNAL_MD5"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ DisableSpecificWarnings="4244;4267"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ AdditionalIncludeDirectories="C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS;INTERNAL_SHA1;INTERNAL_MD5"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ DisableSpecificWarnings="4244;4267"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="ws2_32.lib"\r
+ LinkIncremental="1"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\os_win32.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\sha1.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_passphrase.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+\r
+Microsoft Visual Studio Solution File, Format Version 9.00\r
+# Visual Studio 2005\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_supplicant", "wpa_supplicant\wpa_supplicant.vcproj", "{8BCFDA77-AEDC-4168-8897-5B73105BBB87}"\r
+EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_cli", "wpa_cli\wpa_cli.vcproj", "{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}"\r
+EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpasvc", "wpasvc\wpasvc.vcproj", "{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}"\r
+EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_passphrase", "wpa_passphrase\wpa_passphrase.vcproj", "{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}"\r
+EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win_if_list", "win_if_list\win_if_list.vcproj", "{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}"\r
+EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eapol_test", "eapol_test\eapol_test.vcproj", "{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}"\r
+EndProject\r
+Global\r
+ GlobalSection(DPCodeReviewSolutionGUID) = preSolution\r
+ DPCodeReviewSolutionGUID = {00000000-0000-0000-0000-000000000000}\r
+ EndGlobalSection\r
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution\r
+ Debug|Win32 = Debug|Win32\r
+ Release|Win32 = Release|Win32\r
+ EndGlobalSection\r
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution\r
+ {8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Debug|Win32.Build.0 = Debug|Win32\r
+ {8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Release|Win32.ActiveCfg = Release|Win32\r
+ {8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Release|Win32.Build.0 = Release|Win32\r
+ {E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Debug|Win32.Build.0 = Debug|Win32\r
+ {E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Release|Win32.ActiveCfg = Release|Win32\r
+ {E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Release|Win32.Build.0 = Release|Win32\r
+ {E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Debug|Win32.Build.0 = Debug|Win32\r
+ {E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Release|Win32.ActiveCfg = Release|Win32\r
+ {E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Release|Win32.Build.0 = Release|Win32\r
+ {ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Debug|Win32.Build.0 = Debug|Win32\r
+ {ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Release|Win32.ActiveCfg = Release|Win32\r
+ {ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Release|Win32.Build.0 = Release|Win32\r
+ {9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Debug|Win32.Build.0 = Debug|Win32\r
+ {9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Release|Win32.ActiveCfg = Release|Win32\r
+ {9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Release|Win32.Build.0 = Release|Win32\r
+ {0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Debug|Win32.ActiveCfg = Debug|Win32\r
+ {0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Debug|Win32.Build.0 = Debug|Win32\r
+ {0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Release|Win32.ActiveCfg = Release|Win32\r
+ EndGlobalSection\r
+ GlobalSection(SolutionProperties) = preSolution\r
+ HideSolutionNode = FALSE\r
+ EndGlobalSection\r
+EndGlobal\r
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="wpa_supplicant"\r
+ ProjectGUID="{8BCFDA77-AEDC-4168-8897-5B73105BBB87}"\r
+ RootNamespace="wpa_supplicant"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\aes_wrap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\base64.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config_file.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\crypto.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface_named_pipe.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\driver_ndis.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\driver_ndis_.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\drivers.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_gtc.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_leap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_methods.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_mschapv2.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_otp.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_peap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls_common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tlv.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_ttls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eapol_sm.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eloop_win.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\events.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\l2_packet_winpcap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\main.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md4.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ms_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ndis_events.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\os_win32.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pcsc_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pmksa_cache.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\preauth.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\rc4.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\sha1.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\tls_openssl.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_supplicant.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+<?xml version="1.0" encoding="Windows-1252"?>\r
+<VisualStudioProject\r
+ ProjectType="Visual C++"\r
+ Version="8.00"\r
+ Name="wpasvc"\r
+ ProjectGUID="{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}"\r
+ RootNamespace="wpasvc"\r
+ Keyword="Win32Proj"\r
+ >\r
+ <Platforms>\r
+ <Platform\r
+ Name="Win32"\r
+ />\r
+ </Platforms>\r
+ <ToolFiles>\r
+ </ToolFiles>\r
+ <Configurations>\r
+ <Configuration\r
+ Name="Debug|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="4"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ CharacterSet="0"\r
+ WholeProgramOptimization="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ AdditionalIncludeDirectories="C:\dev\WpdPack\include;C:\dev\openssl\include"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="true"\r
+ DebugInformationFormat="3"\r
+ DisableSpecificWarnings="4244;4267;4311"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebDeploymentTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ </Configurations>\r
+ <References>\r
+ </References>\r
+ <Files>\r
+ <Filter\r
+ Name="Source Files"\r
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
+ >\r
+ <File\r
+ RelativePath="..\..\aes_wrap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\config_winreg.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\crypto.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ctrl_iface_named_pipe.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\driver_ndis.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\driver_ndis_.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\drivers.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_gtc.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_leap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_methods.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_mschapv2.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_otp.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_peap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tls_common.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_tlv.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eap_ttls.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eapol_sm.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\eloop_win.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\events.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\l2_packet_winpcap.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\main_winsvc.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md4.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\md5.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ms_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\ndis_events.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\os_win32.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pcsc_funcs.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\pmksa_cache.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\preauth.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\rc4.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\sha1.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\tls_openssl.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa.c"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath="..\..\wpa_supplicant.c"\r
+ >\r
+ </File>\r
+ </Filter>\r
+ <Filter\r
+ Name="Header Files"\r
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
+ >\r
+ </Filter>\r
+ <Filter\r
+ Name="Resource Files"\r
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
+ >\r
+ </Filter>\r
+ </Files>\r
+ <Globals>\r
+ </Globals>\r
+</VisualStudioProject>\r
--- /dev/null
+REGEDIT4\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant]\r
+"debug_level"=dword:00000000\r
+"debug_show_keys"=dword:00000001\r
+"debug_use_file"=dword:00000000\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs]\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test]\r
+"ap_scan"=dword:00000002\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\blobs]\r
+"testblob"=hex:01,02,03,04,05\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks]\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000]\r
+"ssid"="\"example network\""\r
+"key_mgmt"="WPA-PSK"\r
+"psk"="\"secret password\""\r
+"pairwise"="CCMP"\r
+"group"="CCMP"\r
+"proto"="WPA"\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\interfaces]\r
+\r
+[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\interfaces\0000]\r
+"adapter"="{A7627643-C310-49E5-BD89-7E77709C04AB}"\r
+"config"="test"\r
+"ctrl_interface"=""\r
+\r
--- /dev/null
+/*
+ * win_if_list - Display network interfaces with description (for Windows)
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This small tool is for the Windows build to provide an easy way of fetching
+ * a list of available network interfaces.
+ */
+
+#include "includes.h"
+#include <stdio.h>
+#ifdef CONFIG_USE_NDISUIO
+#include <winsock2.h>
+#include <ntddndis.h>
+#else /* CONFIG_USE_NDISUIO */
+#include "pcap.h"
+#include <winsock.h>
+#endif /* CONFIG_USE_NDISUIO */
+
+#ifdef CONFIG_USE_NDISUIO
+
+/* from nuiouser.h */
+#define FSCTL_NDISUIO_BASE FILE_DEVICE_NETWORK
+
+#define _NDISUIO_CTL_CODE(_Function, _Method, _Access) \
+ CTL_CODE(FSCTL_NDISUIO_BASE, _Function, _Method, _Access)
+
+#define IOCTL_NDISUIO_QUERY_BINDING \
+ _NDISUIO_CTL_CODE(0x203, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#define IOCTL_NDISUIO_BIND_WAIT \
+ _NDISUIO_CTL_CODE(0x204, METHOD_BUFFERED, \
+ FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+typedef struct _NDISUIO_QUERY_BINDING
+{
+ ULONG BindingIndex;
+ ULONG DeviceNameOffset;
+ ULONG DeviceNameLength;
+ ULONG DeviceDescrOffset;
+ ULONG DeviceDescrLength;
+} NDISUIO_QUERY_BINDING, *PNDISUIO_QUERY_BINDING;
+
+
+static HANDLE ndisuio_open(void)
+{
+ DWORD written;
+ HANDLE h;
+
+ h = CreateFile(TEXT("\\\\.\\\\Ndisuio"),
+ GENERIC_READ | GENERIC_WRITE, 0, NULL,
+ OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
+ INVALID_HANDLE_VALUE);
+ if (h == INVALID_HANDLE_VALUE)
+ return h;
+
+#ifndef _WIN32_WCE
+ if (!DeviceIoControl(h, IOCTL_NDISUIO_BIND_WAIT, NULL, 0, NULL, 0,
+ &written, NULL)) {
+ printf("IOCTL_NDISUIO_BIND_WAIT failed: %d",
+ (int) GetLastError());
+ CloseHandle(h);
+ return INVALID_HANDLE_VALUE;
+ }
+#endif /* _WIN32_WCE */
+
+ return h;
+}
+
+
+static void ndisuio_query_bindings(HANDLE ndisuio)
+{
+ NDISUIO_QUERY_BINDING *b;
+ size_t blen = sizeof(*b) + 1024;
+ int i, error;
+ DWORD written;
+ char name[256], desc[256];
+ WCHAR *pos;
+ size_t j, len;
+
+ b = malloc(blen);
+ if (b == NULL)
+ return;
+
+ for (i = 0; ; i++) {
+ memset(b, 0, blen);
+ b->BindingIndex = i;
+ if (!DeviceIoControl(ndisuio, IOCTL_NDISUIO_QUERY_BINDING,
+ b, sizeof(NDISUIO_QUERY_BINDING), b,
+ (DWORD) blen, &written, NULL)) {
+ error = (int) GetLastError();
+ if (error == ERROR_NO_MORE_ITEMS)
+ break;
+ printf("IOCTL_NDISUIO_QUERY_BINDING failed: %d",
+ error);
+ break;
+ }
+
+ pos = (WCHAR *) ((char *) b + b->DeviceNameOffset);
+ len = b->DeviceNameLength;
+ if (len >= sizeof(name))
+ len = sizeof(name) - 1;
+ for (j = 0; j < len; j++)
+ name[j] = (char) pos[j];
+ name[len] = '\0';
+
+ pos = (WCHAR *) ((char *) b + b->DeviceDescrOffset);
+ len = b->DeviceDescrLength;
+ if (len >= sizeof(desc))
+ len = sizeof(desc) - 1;
+ for (j = 0; j < len; j++)
+ desc[j] = (char) pos[j];
+ desc[len] = '\0';
+
+ printf("ifname: %s\ndescription: %s\n\n", name, desc);
+ }
+
+ free(b);
+}
+
+
+static void ndisuio_enum_bindings(void)
+{
+ HANDLE ndisuio = ndisuio_open();
+ if (ndisuio == INVALID_HANDLE_VALUE)
+ return;
+
+ ndisuio_query_bindings(ndisuio);
+ CloseHandle(ndisuio);
+}
+
+#else /* CONFIG_USE_NDISUIO */
+
+static void show_dev(pcap_if_t *dev)
+{
+ printf("ifname: %s\ndescription: %s\n\n",
+ dev->name, dev->description);
+}
+
+
+static void pcap_enum_devs(void)
+{
+ pcap_if_t *devs, *dev;
+ char err[PCAP_ERRBUF_SIZE + 1];
+
+ if (pcap_findalldevs(&devs, err) < 0) {
+ fprintf(stderr, "Error - pcap_findalldevs: %s\n", err);
+ return;
+ }
+
+ for (dev = devs; dev; dev = dev->next) {
+ show_dev(dev);
+ }
+
+ pcap_freealldevs(devs);
+}
+
+#endif /* CONFIG_USE_NDISUIO */
+
+
+int main(int argc, char *argv[])
+{
+#ifdef CONFIG_USE_NDISUIO
+ ndisuio_enum_bindings();
+#else /* CONFIG_USE_NDISUIO */
+ pcap_enum_devs();
+#endif /* CONFIG_USE_NDISUIO */
+
+ return 0;
+}
--- /dev/null
+/* This is based on Linux Wireless Extensions header file from WIRELESS_EXT 18.
+ * I have just removed kernel related headers and added some typedefs etc. to
+ * make this easier to include into user space programs.
+ * Jouni Malinen, 2005-03-12.
+ */
+
+
+/*
+ * This file define a set of standard wireless extensions
+ *
+ * Version : 19 18.3.05
+ *
+ * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
+ * Copyright (c) 1997-2005 Jean Tourrilhes, All Rights Reserved.
+ */
+
+#ifndef _LINUX_WIRELESS_H
+#define _LINUX_WIRELESS_H
+
+/************************** DOCUMENTATION **************************/
+/*
+ * Initial APIs (1996 -> onward) :
+ * -----------------------------
+ * Basically, the wireless extensions are for now a set of standard ioctl
+ * call + /proc/net/wireless
+ *
+ * The entry /proc/net/wireless give statistics and information on the
+ * driver.
+ * This is better than having each driver having its entry because
+ * its centralised and we may remove the driver module safely.
+ *
+ * Ioctl are used to configure the driver and issue commands. This is
+ * better than command line options of insmod because we may want to
+ * change dynamically (while the driver is running) some parameters.
+ *
+ * The ioctl mechanimsm are copied from standard devices ioctl.
+ * We have the list of command plus a structure descibing the
+ * data exchanged...
+ * Note that to add these ioctl, I was obliged to modify :
+ * # net/core/dev.c (two place + add include)
+ * # net/ipv4/af_inet.c (one place + add include)
+ *
+ * /proc/net/wireless is a copy of /proc/net/dev.
+ * We have a structure for data passed from the driver to /proc/net/wireless
+ * Too add this, I've modified :
+ * # net/core/dev.c (two other places)
+ * # include/linux/netdevice.h (one place)
+ * # include/linux/proc_fs.h (one place)
+ *
+ * New driver API (2002 -> onward) :
+ * -------------------------------
+ * This file is only concerned with the user space API and common definitions.
+ * The new driver API is defined and documented in :
+ * # include/net/iw_handler.h
+ *
+ * Note as well that /proc/net/wireless implementation has now moved in :
+ * # net/core/wireless.c
+ *
+ * Wireless Events (2002 -> onward) :
+ * --------------------------------
+ * Events are defined at the end of this file, and implemented in :
+ * # net/core/wireless.c
+ *
+ * Other comments :
+ * --------------
+ * Do not add here things that are redundant with other mechanisms
+ * (drivers init, ifconfig, /proc/net/dev, ...) and with are not
+ * wireless specific.
+ *
+ * These wireless extensions are not magic : each driver has to provide
+ * support for them...
+ *
+ * IMPORTANT NOTE : As everything in the kernel, this is very much a
+ * work in progress. Contact me if you have ideas of improvements...
+ */
+
+/***************************** INCLUDES *****************************/
+
+ /* jkm - replaced linux headers with C library headers, added typedefs */
+#if 0
+/* To minimise problems in user space, I might remove those headers
+ * at some point. Jean II */
+#include <linux/types.h> /* for "caddr_t" et al */
+#include <linux/socket.h> /* for "struct sockaddr" et al */
+#include <linux/if.h> /* for IFNAMSIZ and co... */
+#else
+#include <sys/types.h>
+#include <net/if.h>
+typedef __uint32_t __u32;
+typedef __int32_t __s32;
+typedef __uint16_t __u16;
+typedef __int16_t __s16;
+typedef __uint8_t __u8;
+#ifndef __user
+#define __user
+#endif /* __user */
+#endif
+
+/***************************** VERSION *****************************/
+/*
+ * This constant is used to know the availability of the wireless
+ * extensions and to know which version of wireless extensions it is
+ * (there is some stuff that will be added in the future...)
+ * I just plan to increment with each new version.
+ */
+#define WIRELESS_EXT 19
+
+/*
+ * Changes :
+ *
+ * V2 to V3
+ * --------
+ * Alan Cox start some incompatibles changes. I've integrated a bit more.
+ * - Encryption renamed to Encode to avoid US regulation problems
+ * - Frequency changed from float to struct to avoid problems on old 386
+ *
+ * V3 to V4
+ * --------
+ * - Add sensitivity
+ *
+ * V4 to V5
+ * --------
+ * - Missing encoding definitions in range
+ * - Access points stuff
+ *
+ * V5 to V6
+ * --------
+ * - 802.11 support (ESSID ioctls)
+ *
+ * V6 to V7
+ * --------
+ * - define IW_ESSID_MAX_SIZE and IW_MAX_AP
+ *
+ * V7 to V8
+ * --------
+ * - Changed my e-mail address
+ * - More 802.11 support (nickname, rate, rts, frag)
+ * - List index in frequencies
+ *
+ * V8 to V9
+ * --------
+ * - Support for 'mode of operation' (ad-hoc, managed...)
+ * - Support for unicast and multicast power saving
+ * - Change encoding to support larger tokens (>64 bits)
+ * - Updated iw_params (disable, flags) and use it for NWID
+ * - Extracted iw_point from iwreq for clarity
+ *
+ * V9 to V10
+ * ---------
+ * - Add PM capability to range structure
+ * - Add PM modifier : MAX/MIN/RELATIVE
+ * - Add encoding option : IW_ENCODE_NOKEY
+ * - Add TxPower ioctls (work like TxRate)
+ *
+ * V10 to V11
+ * ----------
+ * - Add WE version in range (help backward/forward compatibility)
+ * - Add retry ioctls (work like PM)
+ *
+ * V11 to V12
+ * ----------
+ * - Add SIOCSIWSTATS to get /proc/net/wireless programatically
+ * - Add DEV PRIVATE IOCTL to avoid collisions in SIOCDEVPRIVATE space
+ * - Add new statistics (frag, retry, beacon)
+ * - Add average quality (for user space calibration)
+ *
+ * V12 to V13
+ * ----------
+ * - Document creation of new driver API.
+ * - Extract union iwreq_data from struct iwreq (for new driver API).
+ * - Rename SIOCSIWNAME as SIOCSIWCOMMIT
+ *
+ * V13 to V14
+ * ----------
+ * - Wireless Events support : define struct iw_event
+ * - Define additional specific event numbers
+ * - Add "addr" and "param" fields in union iwreq_data
+ * - AP scanning stuff (SIOCSIWSCAN and friends)
+ *
+ * V14 to V15
+ * ----------
+ * - Add IW_PRIV_TYPE_ADDR for struct sockaddr private arg
+ * - Make struct iw_freq signed (both m & e), add explicit padding
+ * - Add IWEVCUSTOM for driver specific event/scanning token
+ * - Add IW_MAX_GET_SPY for driver returning a lot of addresses
+ * - Add IW_TXPOW_RANGE for range of Tx Powers
+ * - Add IWEVREGISTERED & IWEVEXPIRED events for Access Points
+ * - Add IW_MODE_MONITOR for passive monitor
+ *
+ * V15 to V16
+ * ----------
+ * - Increase the number of bitrates in iw_range to 32 (for 802.11g)
+ * - Increase the number of frequencies in iw_range to 32 (for 802.11b+a)
+ * - Reshuffle struct iw_range for increases, add filler
+ * - Increase IW_MAX_AP to 64 for driver returning a lot of addresses
+ * - Remove IW_MAX_GET_SPY because conflict with enhanced spy support
+ * - Add SIOCSIWTHRSPY/SIOCGIWTHRSPY and "struct iw_thrspy"
+ * - Add IW_ENCODE_TEMP and iw_range->encoding_login_index
+ *
+ * V16 to V17
+ * ----------
+ * - Add flags to frequency -> auto/fixed
+ * - Document (struct iw_quality *)->updated, add new flags (INVALID)
+ * - Wireless Event capability in struct iw_range
+ * - Add support for relative TxPower (yick !)
+ *
+ * V17 to V18 (From Jouni Malinen <j@w1.fi>)
+ * ----------
+ * - Add support for WPA/WPA2
+ * - Add extended encoding configuration (SIOCSIWENCODEEXT and
+ * SIOCGIWENCODEEXT)
+ * - Add SIOCSIWGENIE/SIOCGIWGENIE
+ * - Add SIOCSIWMLME
+ * - Add SIOCSIWPMKSA
+ * - Add struct iw_range bit field for supported encoding capabilities
+ * - Add optional scan request parameters for SIOCSIWSCAN
+ * - Add SIOCSIWAUTH/SIOCGIWAUTH for setting authentication and WPA
+ * related parameters (extensible up to 4096 parameter values)
+ * - Add wireless events: IWEVGENIE, IWEVMICHAELMICFAILURE,
+ * IWEVASSOCREQIE, IWEVASSOCRESPIE, IWEVPMKIDCAND
+ *
+ * V18 to V19
+ * ----------
+ * - Remove (struct iw_point *)->pointer from events and streams
+ * - Remove header includes to help user space
+ * - Increase IW_ENCODING_TOKEN_MAX from 32 to 64
+ * - Add IW_QUAL_ALL_UPDATED and IW_QUAL_ALL_INVALID macros
+ * - Add explicit flag to tell stats are in dBm : IW_QUAL_DBM
+ * - Add IW_IOCTL_IDX() and IW_EVENT_IDX() macros
+ */
+
+/**************************** CONSTANTS ****************************/
+
+/* -------------------------- IOCTL LIST -------------------------- */
+
+/* Wireless Identification */
+#define SIOCSIWCOMMIT 0x8B00 /* Commit pending changes to driver */
+#define SIOCGIWNAME 0x8B01 /* get name == wireless protocol */
+/* SIOCGIWNAME is used to verify the presence of Wireless Extensions.
+ * Common values : "IEEE 802.11-DS", "IEEE 802.11-FH", "IEEE 802.11b"...
+ * Don't put the name of your driver there, it's useless. */
+
+/* Basic operations */
+#define SIOCSIWNWID 0x8B02 /* set network id (pre-802.11) */
+#define SIOCGIWNWID 0x8B03 /* get network id (the cell) */
+#define SIOCSIWFREQ 0x8B04 /* set channel/frequency (Hz) */
+#define SIOCGIWFREQ 0x8B05 /* get channel/frequency (Hz) */
+#define SIOCSIWMODE 0x8B06 /* set operation mode */
+#define SIOCGIWMODE 0x8B07 /* get operation mode */
+#define SIOCSIWSENS 0x8B08 /* set sensitivity (dBm) */
+#define SIOCGIWSENS 0x8B09 /* get sensitivity (dBm) */
+
+/* Informative stuff */
+#define SIOCSIWRANGE 0x8B0A /* Unused */
+#define SIOCGIWRANGE 0x8B0B /* Get range of parameters */
+#define SIOCSIWPRIV 0x8B0C /* Unused */
+#define SIOCGIWPRIV 0x8B0D /* get private ioctl interface info */
+#define SIOCSIWSTATS 0x8B0E /* Unused */
+#define SIOCGIWSTATS 0x8B0F /* Get /proc/net/wireless stats */
+/* SIOCGIWSTATS is strictly used between user space and the kernel, and
+ * is never passed to the driver (i.e. the driver will never see it). */
+
+/* Spy support (statistics per MAC address - used for Mobile IP support) */
+#define SIOCSIWSPY 0x8B10 /* set spy addresses */
+#define SIOCGIWSPY 0x8B11 /* get spy info (quality of link) */
+#define SIOCSIWTHRSPY 0x8B12 /* set spy threshold (spy event) */
+#define SIOCGIWTHRSPY 0x8B13 /* get spy threshold */
+
+/* Access Point manipulation */
+#define SIOCSIWAP 0x8B14 /* set access point MAC addresses */
+#define SIOCGIWAP 0x8B15 /* get access point MAC addresses */
+#define SIOCGIWAPLIST 0x8B17 /* Deprecated in favor of scanning */
+#define SIOCSIWSCAN 0x8B18 /* trigger scanning (list cells) */
+#define SIOCGIWSCAN 0x8B19 /* get scanning results */
+
+/* 802.11 specific support */
+#define SIOCSIWESSID 0x8B1A /* set ESSID (network name) */
+#define SIOCGIWESSID 0x8B1B /* get ESSID */
+#define SIOCSIWNICKN 0x8B1C /* set node name/nickname */
+#define SIOCGIWNICKN 0x8B1D /* get node name/nickname */
+/* As the ESSID and NICKN are strings up to 32 bytes long, it doesn't fit
+ * within the 'iwreq' structure, so we need to use the 'data' member to
+ * point to a string in user space, like it is done for RANGE... */
+
+/* Other parameters useful in 802.11 and some other devices */
+#define SIOCSIWRATE 0x8B20 /* set default bit rate (bps) */
+#define SIOCGIWRATE 0x8B21 /* get default bit rate (bps) */
+#define SIOCSIWRTS 0x8B22 /* set RTS/CTS threshold (bytes) */
+#define SIOCGIWRTS 0x8B23 /* get RTS/CTS threshold (bytes) */
+#define SIOCSIWFRAG 0x8B24 /* set fragmentation thr (bytes) */
+#define SIOCGIWFRAG 0x8B25 /* get fragmentation thr (bytes) */
+#define SIOCSIWTXPOW 0x8B26 /* set transmit power (dBm) */
+#define SIOCGIWTXPOW 0x8B27 /* get transmit power (dBm) */
+#define SIOCSIWRETRY 0x8B28 /* set retry limits and lifetime */
+#define SIOCGIWRETRY 0x8B29 /* get retry limits and lifetime */
+
+/* Encoding stuff (scrambling, hardware security, WEP...) */
+#define SIOCSIWENCODE 0x8B2A /* set encoding token & mode */
+#define SIOCGIWENCODE 0x8B2B /* get encoding token & mode */
+/* Power saving stuff (power management, unicast and multicast) */
+#define SIOCSIWPOWER 0x8B2C /* set Power Management settings */
+#define SIOCGIWPOWER 0x8B2D /* get Power Management settings */
+
+/* WPA : Generic IEEE 802.11 informatiom element (e.g., for WPA/RSN/WMM).
+ * This ioctl uses struct iw_point and data buffer that includes IE id and len
+ * fields. More than one IE may be included in the request. Setting the generic
+ * IE to empty buffer (len=0) removes the generic IE from the driver. Drivers
+ * are allowed to generate their own WPA/RSN IEs, but in these cases, drivers
+ * are required to report the used IE as a wireless event, e.g., when
+ * associating with an AP. */
+#define SIOCSIWGENIE 0x8B30 /* set generic IE */
+#define SIOCGIWGENIE 0x8B31 /* get generic IE */
+
+/* WPA : IEEE 802.11 MLME requests */
+#define SIOCSIWMLME 0x8B16 /* request MLME operation; uses
+ * struct iw_mlme */
+/* WPA : Authentication mode parameters */
+#define SIOCSIWAUTH 0x8B32 /* set authentication mode params */
+#define SIOCGIWAUTH 0x8B33 /* get authentication mode params */
+
+/* WPA : Extended version of encoding configuration */
+#define SIOCSIWENCODEEXT 0x8B34 /* set encoding token & mode */
+#define SIOCGIWENCODEEXT 0x8B35 /* get encoding token & mode */
+
+/* WPA2 : PMKSA cache management */
+#define SIOCSIWPMKSA 0x8B36 /* PMKSA cache operation */
+
+/* -------------------- DEV PRIVATE IOCTL LIST -------------------- */
+
+/* These 32 ioctl are wireless device private, for 16 commands.
+ * Each driver is free to use them for whatever purpose it chooses,
+ * however the driver *must* export the description of those ioctls
+ * with SIOCGIWPRIV and *must* use arguments as defined below.
+ * If you don't follow those rules, DaveM is going to hate you (reason :
+ * it make mixed 32/64bit operation impossible).
+ */
+#define SIOCIWFIRSTPRIV 0x8BE0
+#define SIOCIWLASTPRIV 0x8BFF
+/* Previously, we were using SIOCDEVPRIVATE, but we now have our
+ * separate range because of collisions with other tools such as
+ * 'mii-tool'.
+ * We now have 32 commands, so a bit more space ;-).
+ * Also, all 'odd' commands are only usable by root and don't return the
+ * content of ifr/iwr to user (but you are not obliged to use the set/get
+ * convention, just use every other two command). More details in iwpriv.c.
+ * And I repeat : you are not forced to use them with iwpriv, but you
+ * must be compliant with it.
+ */
+
+/* ------------------------- IOCTL STUFF ------------------------- */
+
+/* The first and the last (range) */
+#define SIOCIWFIRST 0x8B00
+#define SIOCIWLAST SIOCIWLASTPRIV /* 0x8BFF */
+#define IW_IOCTL_IDX(cmd) ((cmd) - SIOCIWFIRST)
+
+/* Even : get (world access), odd : set (root access) */
+#define IW_IS_SET(cmd) (!((cmd) & 0x1))
+#define IW_IS_GET(cmd) ((cmd) & 0x1)
+
+/* ----------------------- WIRELESS EVENTS ----------------------- */
+/* Those are *NOT* ioctls, do not issue request on them !!! */
+/* Most events use the same identifier as ioctl requests */
+
+#define IWEVTXDROP 0x8C00 /* Packet dropped to excessive retry */
+#define IWEVQUAL 0x8C01 /* Quality part of statistics (scan) */
+#define IWEVCUSTOM 0x8C02 /* Driver specific ascii string */
+#define IWEVREGISTERED 0x8C03 /* Discovered a new node (AP mode) */
+#define IWEVEXPIRED 0x8C04 /* Expired a node (AP mode) */
+#define IWEVGENIE 0x8C05 /* Generic IE (WPA, RSN, WMM, ..)
+ * (scan results); This includes id and
+ * length fields. One IWEVGENIE may
+ * contain more than one IE. Scan
+ * results may contain one or more
+ * IWEVGENIE events. */
+#define IWEVMICHAELMICFAILURE 0x8C06 /* Michael MIC failure
+ * (struct iw_michaelmicfailure)
+ */
+#define IWEVASSOCREQIE 0x8C07 /* IEs used in (Re)Association Request.
+ * The data includes id and length
+ * fields and may contain more than one
+ * IE. This event is required in
+ * Managed mode if the driver
+ * generates its own WPA/RSN IE. This
+ * should be sent just before
+ * IWEVREGISTERED event for the
+ * association. */
+#define IWEVASSOCRESPIE 0x8C08 /* IEs used in (Re)Association
+ * Response. The data includes id and
+ * length fields and may contain more
+ * than one IE. This may be sent
+ * between IWEVASSOCREQIE and
+ * IWEVREGISTERED events for the
+ * association. */
+#define IWEVPMKIDCAND 0x8C09 /* PMKID candidate for RSN
+ * pre-authentication
+ * (struct iw_pmkid_cand) */
+
+#define IWEVFIRST 0x8C00
+#define IW_EVENT_IDX(cmd) ((cmd) - IWEVFIRST)
+
+/* ------------------------- PRIVATE INFO ------------------------- */
+/*
+ * The following is used with SIOCGIWPRIV. It allow a driver to define
+ * the interface (name, type of data) for its private ioctl.
+ * Privates ioctl are SIOCIWFIRSTPRIV -> SIOCIWLASTPRIV
+ */
+
+#define IW_PRIV_TYPE_MASK 0x7000 /* Type of arguments */
+#define IW_PRIV_TYPE_NONE 0x0000
+#define IW_PRIV_TYPE_BYTE 0x1000 /* Char as number */
+#define IW_PRIV_TYPE_CHAR 0x2000 /* Char as character */
+#define IW_PRIV_TYPE_INT 0x4000 /* 32 bits int */
+#define IW_PRIV_TYPE_FLOAT 0x5000 /* struct iw_freq */
+#define IW_PRIV_TYPE_ADDR 0x6000 /* struct sockaddr */
+
+#define IW_PRIV_SIZE_FIXED 0x0800 /* Variable or fixed number of args */
+
+#define IW_PRIV_SIZE_MASK 0x07FF /* Max number of those args */
+
+/*
+ * Note : if the number of args is fixed and the size < 16 octets,
+ * instead of passing a pointer we will put args in the iwreq struct...
+ */
+
+/* ----------------------- OTHER CONSTANTS ----------------------- */
+
+/* Maximum frequencies in the range struct */
+#define IW_MAX_FREQUENCIES 32
+/* Note : if you have something like 80 frequencies,
+ * don't increase this constant and don't fill the frequency list.
+ * The user will be able to set by channel anyway... */
+
+/* Maximum bit rates in the range struct */
+#define IW_MAX_BITRATES 32
+
+/* Maximum tx powers in the range struct */
+#define IW_MAX_TXPOWER 8
+/* Note : if you more than 8 TXPowers, just set the max and min or
+ * a few of them in the struct iw_range. */
+
+/* Maximum of address that you may set with SPY */
+#define IW_MAX_SPY 8
+
+/* Maximum of address that you may get in the
+ list of access points in range */
+#define IW_MAX_AP 64
+
+/* Maximum size of the ESSID and NICKN strings */
+#define IW_ESSID_MAX_SIZE 32
+
+/* Modes of operation */
+#define IW_MODE_AUTO 0 /* Let the driver decides */
+#define IW_MODE_ADHOC 1 /* Single cell network */
+#define IW_MODE_INFRA 2 /* Multi cell network, roaming, ... */
+#define IW_MODE_MASTER 3 /* Synchronisation master or Access Point */
+#define IW_MODE_REPEAT 4 /* Wireless Repeater (forwarder) */
+#define IW_MODE_SECOND 5 /* Secondary master/repeater (backup) */
+#define IW_MODE_MONITOR 6 /* Passive monitor (listen only) */
+
+/* Statistics flags (bitmask in updated) */
+#define IW_QUAL_QUAL_UPDATED 0x01 /* Value was updated since last read */
+#define IW_QUAL_LEVEL_UPDATED 0x02
+#define IW_QUAL_NOISE_UPDATED 0x04
+#define IW_QUAL_ALL_UPDATED 0x07
+#define IW_QUAL_DBM 0x08 /* Level + Noise are dBm */
+#define IW_QUAL_QUAL_INVALID 0x10 /* Driver doesn't provide value */
+#define IW_QUAL_LEVEL_INVALID 0x20
+#define IW_QUAL_NOISE_INVALID 0x40
+#define IW_QUAL_ALL_INVALID 0x70
+
+/* Frequency flags */
+#define IW_FREQ_AUTO 0x00 /* Let the driver decides */
+#define IW_FREQ_FIXED 0x01 /* Force a specific value */
+
+/* Maximum number of size of encoding token available
+ * they are listed in the range structure */
+#define IW_MAX_ENCODING_SIZES 8
+
+/* Maximum size of the encoding token in bytes */
+#define IW_ENCODING_TOKEN_MAX 64 /* 512 bits (for now) */
+
+/* Flags for encoding (along with the token) */
+#define IW_ENCODE_INDEX 0x00FF /* Token index (if needed) */
+#define IW_ENCODE_FLAGS 0xFF00 /* Flags defined below */
+#define IW_ENCODE_MODE 0xF000 /* Modes defined below */
+#define IW_ENCODE_DISABLED 0x8000 /* Encoding disabled */
+#define IW_ENCODE_ENABLED 0x0000 /* Encoding enabled */
+#define IW_ENCODE_RESTRICTED 0x4000 /* Refuse non-encoded packets */
+#define IW_ENCODE_OPEN 0x2000 /* Accept non-encoded packets */
+#define IW_ENCODE_NOKEY 0x0800 /* Key is write only, so not present */
+#define IW_ENCODE_TEMP 0x0400 /* Temporary key */
+
+/* Power management flags available (along with the value, if any) */
+#define IW_POWER_ON 0x0000 /* No details... */
+#define IW_POWER_TYPE 0xF000 /* Type of parameter */
+#define IW_POWER_PERIOD 0x1000 /* Value is a period/duration of */
+#define IW_POWER_TIMEOUT 0x2000 /* Value is a timeout (to go asleep) */
+#define IW_POWER_MODE 0x0F00 /* Power Management mode */
+#define IW_POWER_UNICAST_R 0x0100 /* Receive only unicast messages */
+#define IW_POWER_MULTICAST_R 0x0200 /* Receive only multicast messages */
+#define IW_POWER_ALL_R 0x0300 /* Receive all messages though PM */
+#define IW_POWER_FORCE_S 0x0400 /* Force PM procedure for sending unicast */
+#define IW_POWER_REPEATER 0x0800 /* Repeat broadcast messages in PM period */
+#define IW_POWER_MODIFIER 0x000F /* Modify a parameter */
+#define IW_POWER_MIN 0x0001 /* Value is a minimum */
+#define IW_POWER_MAX 0x0002 /* Value is a maximum */
+#define IW_POWER_RELATIVE 0x0004 /* Value is not in seconds/ms/us */
+
+/* Transmit Power flags available */
+#define IW_TXPOW_TYPE 0x00FF /* Type of value */
+#define IW_TXPOW_DBM 0x0000 /* Value is in dBm */
+#define IW_TXPOW_MWATT 0x0001 /* Value is in mW */
+#define IW_TXPOW_RELATIVE 0x0002 /* Value is in arbitrary units */
+#define IW_TXPOW_RANGE 0x1000 /* Range of value between min/max */
+
+/* Retry limits and lifetime flags available */
+#define IW_RETRY_ON 0x0000 /* No details... */
+#define IW_RETRY_TYPE 0xF000 /* Type of parameter */
+#define IW_RETRY_LIMIT 0x1000 /* Maximum number of retries*/
+#define IW_RETRY_LIFETIME 0x2000 /* Maximum duration of retries in us */
+#define IW_RETRY_MODIFIER 0x000F /* Modify a parameter */
+#define IW_RETRY_MIN 0x0001 /* Value is a minimum */
+#define IW_RETRY_MAX 0x0002 /* Value is a maximum */
+#define IW_RETRY_RELATIVE 0x0004 /* Value is not in seconds/ms/us */
+
+/* Scanning request flags */
+#define IW_SCAN_DEFAULT 0x0000 /* Default scan of the driver */
+#define IW_SCAN_ALL_ESSID 0x0001 /* Scan all ESSIDs */
+#define IW_SCAN_THIS_ESSID 0x0002 /* Scan only this ESSID */
+#define IW_SCAN_ALL_FREQ 0x0004 /* Scan all Frequencies */
+#define IW_SCAN_THIS_FREQ 0x0008 /* Scan only this Frequency */
+#define IW_SCAN_ALL_MODE 0x0010 /* Scan all Modes */
+#define IW_SCAN_THIS_MODE 0x0020 /* Scan only this Mode */
+#define IW_SCAN_ALL_RATE 0x0040 /* Scan all Bit-Rates */
+#define IW_SCAN_THIS_RATE 0x0080 /* Scan only this Bit-Rate */
+/* struct iw_scan_req scan_type */
+#define IW_SCAN_TYPE_ACTIVE 0
+#define IW_SCAN_TYPE_PASSIVE 1
+/* Maximum size of returned data */
+#define IW_SCAN_MAX_DATA 4096 /* In bytes */
+
+/* Max number of char in custom event - use multiple of them if needed */
+#define IW_CUSTOM_MAX 256 /* In bytes */
+
+/* Generic information element */
+#define IW_GENERIC_IE_MAX 1024
+
+/* MLME requests (SIOCSIWMLME / struct iw_mlme) */
+#define IW_MLME_DEAUTH 0
+#define IW_MLME_DISASSOC 1
+
+/* SIOCSIWAUTH/SIOCGIWAUTH struct iw_param flags */
+#define IW_AUTH_INDEX 0x0FFF
+#define IW_AUTH_FLAGS 0xF000
+/* SIOCSIWAUTH/SIOCGIWAUTH parameters (0 .. 4095)
+ * (IW_AUTH_INDEX mask in struct iw_param flags; this is the index of the
+ * parameter that is being set/get to; value will be read/written to
+ * struct iw_param value field) */
+#define IW_AUTH_WPA_VERSION 0
+#define IW_AUTH_CIPHER_PAIRWISE 1
+#define IW_AUTH_CIPHER_GROUP 2
+#define IW_AUTH_KEY_MGMT 3
+#define IW_AUTH_TKIP_COUNTERMEASURES 4
+#define IW_AUTH_DROP_UNENCRYPTED 5
+#define IW_AUTH_80211_AUTH_ALG 6
+#define IW_AUTH_WPA_ENABLED 7
+#define IW_AUTH_RX_UNENCRYPTED_EAPOL 8
+#define IW_AUTH_ROAMING_CONTROL 9
+#define IW_AUTH_PRIVACY_INVOKED 10
+
+/* IW_AUTH_WPA_VERSION values (bit field) */
+#define IW_AUTH_WPA_VERSION_DISABLED 0x00000001
+#define IW_AUTH_WPA_VERSION_WPA 0x00000002
+#define IW_AUTH_WPA_VERSION_WPA2 0x00000004
+
+/* IW_AUTH_PAIRWISE_CIPHER and IW_AUTH_GROUP_CIPHER values (bit field) */
+#define IW_AUTH_CIPHER_NONE 0x00000001
+#define IW_AUTH_CIPHER_WEP40 0x00000002
+#define IW_AUTH_CIPHER_TKIP 0x00000004
+#define IW_AUTH_CIPHER_CCMP 0x00000008
+#define IW_AUTH_CIPHER_WEP104 0x00000010
+
+/* IW_AUTH_KEY_MGMT values (bit field) */
+#define IW_AUTH_KEY_MGMT_802_1X 1
+#define IW_AUTH_KEY_MGMT_PSK 2
+
+/* IW_AUTH_80211_AUTH_ALG values (bit field) */
+#define IW_AUTH_ALG_OPEN_SYSTEM 0x00000001
+#define IW_AUTH_ALG_SHARED_KEY 0x00000002
+#define IW_AUTH_ALG_LEAP 0x00000004
+
+/* IW_AUTH_ROAMING_CONTROL values */
+#define IW_AUTH_ROAMING_ENABLE 0 /* driver/firmware based roaming */
+#define IW_AUTH_ROAMING_DISABLE 1 /* user space program used for roaming
+ * control */
+
+/* SIOCSIWENCODEEXT definitions */
+#define IW_ENCODE_SEQ_MAX_SIZE 8
+/* struct iw_encode_ext ->alg */
+#define IW_ENCODE_ALG_NONE 0
+#define IW_ENCODE_ALG_WEP 1
+#define IW_ENCODE_ALG_TKIP 2
+#define IW_ENCODE_ALG_CCMP 3
+/* struct iw_encode_ext ->ext_flags */
+#define IW_ENCODE_EXT_TX_SEQ_VALID 0x00000001
+#define IW_ENCODE_EXT_RX_SEQ_VALID 0x00000002
+#define IW_ENCODE_EXT_GROUP_KEY 0x00000004
+#define IW_ENCODE_EXT_SET_TX_KEY 0x00000008
+
+/* IWEVMICHAELMICFAILURE : struct iw_michaelmicfailure ->flags */
+#define IW_MICFAILURE_KEY_ID 0x00000003 /* Key ID 0..3 */
+#define IW_MICFAILURE_GROUP 0x00000004
+#define IW_MICFAILURE_PAIRWISE 0x00000008
+#define IW_MICFAILURE_STAKEY 0x00000010
+#define IW_MICFAILURE_COUNT 0x00000060 /* 1 or 2 (0 = count not supported)
+ */
+
+/* Bit field values for enc_capa in struct iw_range */
+#define IW_ENC_CAPA_WPA 0x00000001
+#define IW_ENC_CAPA_WPA2 0x00000002
+#define IW_ENC_CAPA_CIPHER_TKIP 0x00000004
+#define IW_ENC_CAPA_CIPHER_CCMP 0x00000008
+
+/* Event capability macros - in (struct iw_range *)->event_capa
+ * Because we have more than 32 possible events, we use an array of
+ * 32 bit bitmasks. Note : 32 bits = 0x20 = 2^5. */
+#define IW_EVENT_CAPA_BASE(cmd) ((cmd >= SIOCIWFIRSTPRIV) ? \
+ (cmd - SIOCIWFIRSTPRIV + 0x60) : \
+ (cmd - SIOCSIWCOMMIT))
+#define IW_EVENT_CAPA_INDEX(cmd) (IW_EVENT_CAPA_BASE(cmd) >> 5)
+#define IW_EVENT_CAPA_MASK(cmd) (1 << (IW_EVENT_CAPA_BASE(cmd) & 0x1F))
+/* Event capability constants - event autogenerated by the kernel
+ * This list is valid for most 802.11 devices, customise as needed... */
+#define IW_EVENT_CAPA_K_0 (IW_EVENT_CAPA_MASK(0x8B04) | \
+ IW_EVENT_CAPA_MASK(0x8B06) | \
+ IW_EVENT_CAPA_MASK(0x8B1A))
+#define IW_EVENT_CAPA_K_1 (IW_EVENT_CAPA_MASK(0x8B2A))
+/* "Easy" macro to set events in iw_range (less efficient) */
+#define IW_EVENT_CAPA_SET(event_capa, cmd) (event_capa[IW_EVENT_CAPA_INDEX(cmd)] |= IW_EVENT_CAPA_MASK(cmd))
+#define IW_EVENT_CAPA_SET_KERNEL(event_capa) {event_capa[0] |= IW_EVENT_CAPA_K_0; event_capa[1] |= IW_EVENT_CAPA_K_1; }
+
+
+/****************************** TYPES ******************************/
+
+/* --------------------------- SUBTYPES --------------------------- */
+/*
+ * Generic format for most parameters that fit in an int
+ */
+struct iw_param
+{
+ __s32 value; /* The value of the parameter itself */
+ __u8 fixed; /* Hardware should not use auto select */
+ __u8 disabled; /* Disable the feature */
+ __u16 flags; /* Various specifc flags (if any) */
+};
+
+/*
+ * For all data larger than 16 octets, we need to use a
+ * pointer to memory allocated in user space.
+ */
+struct iw_point
+{
+ void __user *pointer; /* Pointer to the data (in user space) */
+ __u16 length; /* number of fields or size in bytes */
+ __u16 flags; /* Optional params */
+};
+
+/*
+ * A frequency
+ * For numbers lower than 10^9, we encode the number in 'm' and
+ * set 'e' to 0
+ * For number greater than 10^9, we divide it by the lowest power
+ * of 10 to get 'm' lower than 10^9, with 'm'= f / (10^'e')...
+ * The power of 10 is in 'e', the result of the division is in 'm'.
+ */
+struct iw_freq
+{
+ __s32 m; /* Mantissa */
+ __s16 e; /* Exponent */
+ __u8 i; /* List index (when in range struct) */
+ __u8 flags; /* Flags (fixed/auto) */
+};
+
+/*
+ * Quality of the link
+ */
+struct iw_quality
+{
+ __u8 qual; /* link quality (%retries, SNR,
+ %missed beacons or better...) */
+ __u8 level; /* signal level (dBm) */
+ __u8 noise; /* noise level (dBm) */
+ __u8 updated; /* Flags to know if updated */
+};
+
+/*
+ * Packet discarded in the wireless adapter due to
+ * "wireless" specific problems...
+ * Note : the list of counter and statistics in net_device_stats
+ * is already pretty exhaustive, and you should use that first.
+ * This is only additional stats...
+ */
+struct iw_discarded
+{
+ __u32 nwid; /* Rx : Wrong nwid/essid */
+ __u32 code; /* Rx : Unable to code/decode (WEP) */
+ __u32 fragment; /* Rx : Can't perform MAC reassembly */
+ __u32 retries; /* Tx : Max MAC retries num reached */
+ __u32 misc; /* Others cases */
+};
+
+/*
+ * Packet/Time period missed in the wireless adapter due to
+ * "wireless" specific problems...
+ */
+struct iw_missed
+{
+ __u32 beacon; /* Missed beacons/superframe */
+};
+
+/*
+ * Quality range (for spy threshold)
+ */
+struct iw_thrspy
+{
+ struct sockaddr addr; /* Source address (hw/mac) */
+ struct iw_quality qual; /* Quality of the link */
+ struct iw_quality low; /* Low threshold */
+ struct iw_quality high; /* High threshold */
+};
+
+/*
+ * Optional data for scan request
+ *
+ * Note: these optional parameters are controlling parameters for the
+ * scanning behavior, these do not apply to getting scan results
+ * (SIOCGIWSCAN). Drivers are expected to keep a local BSS table and
+ * provide a merged results with all BSSes even if the previous scan
+ * request limited scanning to a subset, e.g., by specifying an SSID.
+ * Especially, scan results are required to include an entry for the
+ * current BSS if the driver is in Managed mode and associated with an AP.
+ */
+struct iw_scan_req
+{
+ __u8 scan_type; /* IW_SCAN_TYPE_{ACTIVE,PASSIVE} */
+ __u8 essid_len;
+ __u8 num_channels; /* num entries in channel_list;
+ * 0 = scan all allowed channels */
+ __u8 flags; /* reserved as padding; use zero, this may
+ * be used in the future for adding flags
+ * to request different scan behavior */
+ struct sockaddr bssid; /* ff:ff:ff:ff:ff:ff for broadcast BSSID or
+ * individual address of a specific BSS */
+
+ /*
+ * Use this ESSID if IW_SCAN_THIS_ESSID flag is used instead of using
+ * the current ESSID. This allows scan requests for specific ESSID
+ * without having to change the current ESSID and potentially breaking
+ * the current association.
+ */
+ __u8 essid[IW_ESSID_MAX_SIZE];
+
+ /*
+ * Optional parameters for changing the default scanning behavior.
+ * These are based on the MLME-SCAN.request from IEEE Std 802.11.
+ * TU is 1.024 ms. If these are set to 0, driver is expected to use
+ * reasonable default values. min_channel_time defines the time that
+ * will be used to wait for the first reply on each channel. If no
+ * replies are received, next channel will be scanned after this. If
+ * replies are received, total time waited on the channel is defined by
+ * max_channel_time.
+ */
+ __u32 min_channel_time; /* in TU */
+ __u32 max_channel_time; /* in TU */
+
+ struct iw_freq channel_list[IW_MAX_FREQUENCIES];
+};
+
+/* ------------------------- WPA SUPPORT ------------------------- */
+
+/*
+ * Extended data structure for get/set encoding (this is used with
+ * SIOCSIWENCODEEXT/SIOCGIWENCODEEXT. struct iw_point and IW_ENCODE_*
+ * flags are used in the same way as with SIOCSIWENCODE/SIOCGIWENCODE and
+ * only the data contents changes (key data -> this structure, including
+ * key data).
+ *
+ * If the new key is the first group key, it will be set as the default
+ * TX key. Otherwise, default TX key index is only changed if
+ * IW_ENCODE_EXT_SET_TX_KEY flag is set.
+ *
+ * Key will be changed with SIOCSIWENCODEEXT in all cases except for
+ * special "change TX key index" operation which is indicated by setting
+ * key_len = 0 and ext_flags |= IW_ENCODE_EXT_SET_TX_KEY.
+ *
+ * tx_seq/rx_seq are only used when respective
+ * IW_ENCODE_EXT_{TX,RX}_SEQ_VALID flag is set in ext_flags. Normal
+ * TKIP/CCMP operation is to set RX seq with SIOCSIWENCODEEXT and start
+ * TX seq from zero whenever key is changed. SIOCGIWENCODEEXT is normally
+ * used only by an Authenticator (AP or an IBSS station) to get the
+ * current TX sequence number. Using TX_SEQ_VALID for SIOCSIWENCODEEXT and
+ * RX_SEQ_VALID for SIOCGIWENCODEEXT are optional, but can be useful for
+ * debugging/testing.
+ */
+struct iw_encode_ext
+{
+ __u32 ext_flags; /* IW_ENCODE_EXT_* */
+ __u8 tx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */
+ __u8 rx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */
+ struct sockaddr addr; /* ff:ff:ff:ff:ff:ff for broadcast/multicast
+ * (group) keys or unicast address for
+ * individual keys */
+ __u16 alg; /* IW_ENCODE_ALG_* */
+ __u16 key_len;
+ __u8 key[0];
+};
+
+/* SIOCSIWMLME data */
+struct iw_mlme
+{
+ __u16 cmd; /* IW_MLME_* */
+ __u16 reason_code;
+ struct sockaddr addr;
+};
+
+/* SIOCSIWPMKSA data */
+#define IW_PMKSA_ADD 1
+#define IW_PMKSA_REMOVE 2
+#define IW_PMKSA_FLUSH 3
+
+#define IW_PMKID_LEN 16
+
+struct iw_pmksa
+{
+ __u32 cmd; /* IW_PMKSA_* */
+ struct sockaddr bssid;
+ __u8 pmkid[IW_PMKID_LEN];
+};
+
+/* IWEVMICHAELMICFAILURE data */
+struct iw_michaelmicfailure
+{
+ __u32 flags;
+ struct sockaddr src_addr;
+ __u8 tsc[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */
+};
+
+/* IWEVPMKIDCAND data */
+#define IW_PMKID_CAND_PREAUTH 0x00000001 /* RNS pre-authentication enabled */
+struct iw_pmkid_cand
+{
+ __u32 flags; /* IW_PMKID_CAND_* */
+ __u32 index; /* the smaller the index, the higher the
+ * priority */
+ struct sockaddr bssid;
+};
+
+/* ------------------------ WIRELESS STATS ------------------------ */
+/*
+ * Wireless statistics (used for /proc/net/wireless)
+ */
+struct iw_statistics
+{
+ __u16 status; /* Status
+ * - device dependent for now */
+
+ struct iw_quality qual; /* Quality of the link
+ * (instant/mean/max) */
+ struct iw_discarded discard; /* Packet discarded counts */
+ struct iw_missed miss; /* Packet missed counts */
+};
+
+/* ------------------------ IOCTL REQUEST ------------------------ */
+/*
+ * This structure defines the payload of an ioctl, and is used
+ * below.
+ *
+ * Note that this structure should fit on the memory footprint
+ * of iwreq (which is the same as ifreq), which mean a max size of
+ * 16 octets = 128 bits. Warning, pointers might be 64 bits wide...
+ * You should check this when increasing the structures defined
+ * above in this file...
+ */
+union iwreq_data
+{
+ /* Config - generic */
+ char name[IFNAMSIZ];
+ /* Name : used to verify the presence of wireless extensions.
+ * Name of the protocol/provider... */
+
+ struct iw_point essid; /* Extended network name */
+ struct iw_param nwid; /* network id (or domain - the cell) */
+ struct iw_freq freq; /* frequency or channel :
+ * 0-1000 = channel
+ * > 1000 = frequency in Hz */
+
+ struct iw_param sens; /* signal level threshold */
+ struct iw_param bitrate; /* default bit rate */
+ struct iw_param txpower; /* default transmit power */
+ struct iw_param rts; /* RTS threshold threshold */
+ struct iw_param frag; /* Fragmentation threshold */
+ __u32 mode; /* Operation mode */
+ struct iw_param retry; /* Retry limits & lifetime */
+
+ struct iw_point encoding; /* Encoding stuff : tokens */
+ struct iw_param power; /* PM duration/timeout */
+ struct iw_quality qual; /* Quality part of statistics */
+
+ struct sockaddr ap_addr; /* Access point address */
+ struct sockaddr addr; /* Destination address (hw/mac) */
+
+ struct iw_param param; /* Other small parameters */
+ struct iw_point data; /* Other large parameters */
+};
+
+/*
+ * The structure to exchange data for ioctl.
+ * This structure is the same as 'struct ifreq', but (re)defined for
+ * convenience...
+ * Do I need to remind you about structure size (32 octets) ?
+ */
+struct iwreq
+{
+ union
+ {
+ char ifrn_name[IFNAMSIZ]; /* if name, e.g. "eth0" */
+ } ifr_ifrn;
+
+ /* Data part (defined just above) */
+ union iwreq_data u;
+};
+
+/* -------------------------- IOCTL DATA -------------------------- */
+/*
+ * For those ioctl which want to exchange mode data that what could
+ * fit in the above structure...
+ */
+
+/*
+ * Range of parameters
+ */
+
+struct iw_range
+{
+ /* Informative stuff (to choose between different interface) */
+ __u32 throughput; /* To give an idea... */
+ /* In theory this value should be the maximum benchmarked
+ * TCP/IP throughput, because with most of these devices the
+ * bit rate is meaningless (overhead an co) to estimate how
+ * fast the connection will go and pick the fastest one.
+ * I suggest people to play with Netperf or any benchmark...
+ */
+
+ /* NWID (or domain id) */
+ __u32 min_nwid; /* Minimal NWID we are able to set */
+ __u32 max_nwid; /* Maximal NWID we are able to set */
+
+ /* Old Frequency (backward compat - moved lower ) */
+ __u16 old_num_channels;
+ __u8 old_num_frequency;
+
+ /* Wireless event capability bitmasks */
+ __u32 event_capa[6];
+
+ /* signal level threshold range */
+ __s32 sensitivity;
+
+ /* Quality of link & SNR stuff */
+ /* Quality range (link, level, noise)
+ * If the quality is absolute, it will be in the range [0 ; max_qual],
+ * if the quality is dBm, it will be in the range [max_qual ; 0].
+ * Don't forget that we use 8 bit arithmetics... */
+ struct iw_quality max_qual; /* Quality of the link */
+ /* This should contain the average/typical values of the quality
+ * indicator. This should be the threshold between a "good" and
+ * a "bad" link (example : monitor going from green to orange).
+ * Currently, user space apps like quality monitors don't have any
+ * way to calibrate the measurement. With this, they can split
+ * the range between 0 and max_qual in different quality level
+ * (using a geometric subdivision centered on the average).
+ * I expect that people doing the user space apps will feedback
+ * us on which value we need to put in each driver... */
+ struct iw_quality avg_qual; /* Quality of the link */
+
+ /* Rates */
+ __u8 num_bitrates; /* Number of entries in the list */
+ __s32 bitrate[IW_MAX_BITRATES]; /* list, in bps */
+
+ /* RTS threshold */
+ __s32 min_rts; /* Minimal RTS threshold */
+ __s32 max_rts; /* Maximal RTS threshold */
+
+ /* Frag threshold */
+ __s32 min_frag; /* Minimal frag threshold */
+ __s32 max_frag; /* Maximal frag threshold */
+
+ /* Power Management duration & timeout */
+ __s32 min_pmp; /* Minimal PM period */
+ __s32 max_pmp; /* Maximal PM period */
+ __s32 min_pmt; /* Minimal PM timeout */
+ __s32 max_pmt; /* Maximal PM timeout */
+ __u16 pmp_flags; /* How to decode max/min PM period */
+ __u16 pmt_flags; /* How to decode max/min PM timeout */
+ __u16 pm_capa; /* What PM options are supported */
+
+ /* Encoder stuff */
+ __u16 encoding_size[IW_MAX_ENCODING_SIZES]; /* Different token sizes */
+ __u8 num_encoding_sizes; /* Number of entry in the list */
+ __u8 max_encoding_tokens; /* Max number of tokens */
+ /* For drivers that need a "login/passwd" form */
+ __u8 encoding_login_index; /* token index for login token */
+
+ /* Transmit power */
+ __u16 txpower_capa; /* What options are supported */
+ __u8 num_txpower; /* Number of entries in the list */
+ __s32 txpower[IW_MAX_TXPOWER]; /* list, in bps */
+
+ /* Wireless Extension version info */
+ __u8 we_version_compiled; /* Must be WIRELESS_EXT */
+ __u8 we_version_source; /* Last update of source */
+
+ /* Retry limits and lifetime */
+ __u16 retry_capa; /* What retry options are supported */
+ __u16 retry_flags; /* How to decode max/min retry limit */
+ __u16 r_time_flags; /* How to decode max/min retry life */
+ __s32 min_retry; /* Minimal number of retries */
+ __s32 max_retry; /* Maximal number of retries */
+ __s32 min_r_time; /* Minimal retry lifetime */
+ __s32 max_r_time; /* Maximal retry lifetime */
+
+ /* Frequency */
+ __u16 num_channels; /* Number of channels [0; num - 1] */
+ __u8 num_frequency; /* Number of entry in the list */
+ struct iw_freq freq[IW_MAX_FREQUENCIES]; /* list */
+ /* Note : this frequency list doesn't need to fit channel numbers,
+ * because each entry contain its channel index */
+
+ __u32 enc_capa; /* IW_ENC_CAPA_* bit field */
+};
+
+/*
+ * Private ioctl interface information
+ */
+
+struct iw_priv_args
+{
+ __u32 cmd; /* Number of the ioctl to issue */
+ __u16 set_args; /* Type and number of args */
+ __u16 get_args; /* Type and number of args */
+ char name[IFNAMSIZ]; /* Name of the extension */
+};
+
+/* ----------------------- WIRELESS EVENTS ----------------------- */
+/*
+ * Wireless events are carried through the rtnetlink socket to user
+ * space. They are encapsulated in the IFLA_WIRELESS field of
+ * a RTM_NEWLINK message.
+ */
+
+/*
+ * A Wireless Event. Contains basically the same data as the ioctl...
+ */
+struct iw_event
+{
+ __u16 len; /* Real lenght of this stuff */
+ __u16 cmd; /* Wireless IOCTL */
+ union iwreq_data u; /* IOCTL fixed payload */
+};
+
+/* Size of the Event prefix (including padding and alignement junk) */
+#define IW_EV_LCP_LEN (sizeof(struct iw_event) - sizeof(union iwreq_data))
+/* Size of the various events */
+#define IW_EV_CHAR_LEN (IW_EV_LCP_LEN + IFNAMSIZ)
+#define IW_EV_UINT_LEN (IW_EV_LCP_LEN + sizeof(__u32))
+#define IW_EV_FREQ_LEN (IW_EV_LCP_LEN + sizeof(struct iw_freq))
+#define IW_EV_PARAM_LEN (IW_EV_LCP_LEN + sizeof(struct iw_param))
+#define IW_EV_ADDR_LEN (IW_EV_LCP_LEN + sizeof(struct sockaddr))
+#define IW_EV_QUAL_LEN (IW_EV_LCP_LEN + sizeof(struct iw_quality))
+
+/* iw_point events are special. First, the payload (extra data) come at
+ * the end of the event, so they are bigger than IW_EV_POINT_LEN. Second,
+ * we omit the pointer, so start at an offset. */
+#define IW_EV_POINT_OFF (((char *) &(((struct iw_point *) NULL)->length)) - \
+ (char *) NULL)
+#define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \
+ IW_EV_POINT_OFF)
+
+#endif /* _LINUX_WIRELESS_H */
--- /dev/null
+/*
+ * WPA Supplicant - WPA state machine and EAPOL-Key processing
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "md5.h"
+#include "sha1.h"
+#include "rc4.h"
+#include "aes_wrap.h"
+#include "wpa.h"
+#include "eloop.h"
+#include "config.h"
+#include "l2_packet.h"
+#include "eapol_sm.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "wpa_i.h"
+
+
+static const int WPA_SELECTOR_LEN = 4;
+static const u8 WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 };
+static const u16 WPA_VERSION = 1;
+static const u8 WPA_AUTH_KEY_MGMT_NONE[] = { 0x00, 0x50, 0xf2, 0 };
+static const u8 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 };
+static const u8 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 };
+static const u8 WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 };
+static const u8 WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 };
+static const u8 WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 };
+#if 0
+static const u8 WPA_CIPHER_SUITE_WRAP[] = { 0x00, 0x50, 0xf2, 3 };
+#endif
+static const u8 WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 };
+static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 };
+
+/* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+ * 0x01 0x00 (version; little endian)
+ * (all following fields are optional:)
+ * Group Suite Selector (4 octets) (default: TKIP)
+ * Pairwise Suite Count (2 octets, little endian) (default: 1)
+ * Pairwise Suite List (4 * n octets) (default: TKIP)
+ * Authenticated Key Management Suite Count (2 octets, little endian)
+ * (default: 1)
+ * Authenticated Key Management Suite List (4 * n octets)
+ * (default: unspec 802.1X)
+ * WPA Capabilities (2 octets, little endian) (default: 0)
+ */
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct wpa_ie_hdr {
+ u8 elem_id;
+ u8 len;
+ u8 oui[3];
+ u8 oui_type;
+ u8 version[2];
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+static const int RSN_SELECTOR_LEN = 4;
+static const u16 RSN_VERSION = 1;
+static const u8 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 };
+static const u8 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 };
+static const u8 RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 };
+static const u8 RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 };
+static const u8 RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 };
+#if 0
+static const u8 RSN_CIPHER_SUITE_WRAP[] = { 0x00, 0x0f, 0xac, 3 };
+#endif
+static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
+static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
+#ifdef CONFIG_IEEE80211W
+static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
+#endif /* CONFIG_IEEE80211W */
+
+/* EAPOL-Key Key Data Encapsulation
+ * GroupKey and PeerKey require encryption, otherwise, encryption is optional.
+ */
+static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
+#if 0
+static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
+#endif
+static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
+static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
+#ifdef CONFIG_PEERKEY
+static const u8 RSN_KEY_DATA_SMK[] = { 0x00, 0x0f, 0xac, 5 };
+static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
+static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
+static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
+#endif /* CONFIG_PEERKEY */
+#ifdef CONFIG_IEEE80211W
+/* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
+ * already taken by 802.11ma (PeerKey). Need to update the values here once
+ * IEEE 802.11w fixes these. */
+static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
+static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
+#endif /* CONFIG_IEEE80211W */
+
+#ifdef CONFIG_PEERKEY
+enum {
+ STK_MUI_4WAY_STA_AP = 1,
+ STK_MUI_4WAY_STAT_STA = 2,
+ STK_MUI_GTK = 3,
+ STK_MUI_SMK = 4
+};
+
+enum {
+ STK_ERR_STA_NR = 1,
+ STK_ERR_STA_NRSN = 2,
+ STK_ERR_CPHR_NS = 3,
+ STK_ERR_NO_STSL = 4
+};
+#endif /* CONFIG_PEERKEY */
+
+/* 1/4: PMKID
+ * 2/4: RSN IE
+ * 3/4: one or two RSN IEs + GTK IE (encrypted)
+ * 4/4: empty
+ * 1/2: GTK IE (encrypted)
+ * 2/2: empty
+ */
+
+/* RSN IE version 1
+ * 0x01 0x00 (version; little endian)
+ * (all following fields are optional:)
+ * Group Suite Selector (4 octets) (default: CCMP)
+ * Pairwise Suite Count (2 octets, little endian) (default: 1)
+ * Pairwise Suite List (4 * n octets) (default: CCMP)
+ * Authenticated Key Management Suite Count (2 octets, little endian)
+ * (default: 1)
+ * Authenticated Key Management Suite List (4 * n octets)
+ * (default: unspec 802.1X)
+ * RSN Capabilities (2 octets, little endian) (default: 0)
+ * PMKID Count (2 octets) (default: 0)
+ * PMKID List (16 * n octets)
+ * Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
+ */
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct rsn_ie_hdr {
+ u8 elem_id; /* WLAN_EID_RSN */
+ u8 len;
+ u8 version[2];
+} STRUCT_PACKED;
+
+
+struct wpa_eapol_key {
+ u8 type;
+ /* Note: key_info, key_length, and key_data_length are unaligned */
+ u8 key_info[2];
+ u8 key_length[2];
+ u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
+ u8 key_nonce[WPA_NONCE_LEN];
+ u8 key_iv[16];
+ u8 key_rsc[8];
+ u8 key_id[8]; /* Reserved in IEEE 802.11i/RSN */
+ u8 key_mic[16];
+ u8 key_data_length[2];
+ /* followed by key_data_length bytes of key_data */
+} STRUCT_PACKED;
+
+
+struct rsn_error_kde {
+ u16 mui;
+ u16 error_type;
+} STRUCT_PACKED;
+
+#ifdef CONFIG_IEEE80211W
+struct wpa_dhv_kde {
+ u8 dhv[WPA_DHV_LEN];
+} STRUCT_PACKED;
+
+struct wpa_igtk_kde {
+ u8 keyid[2];
+ u8 pn[6];
+ u8 igtk[WPA_IGTK_LEN];
+} STRUCT_PACKED;
+#endif /* CONFIG_IEEE80211W */
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define WPA_KEY_INFO_TYPE_MASK ((u16) (BIT(0) | BIT(1) | BIT(2)))
+#define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 BIT(0)
+#define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES BIT(1)
+#define WPA_KEY_INFO_KEY_TYPE BIT(3) /* 1 = Pairwise, 0 = Group key */
+/* bit4..5 is used in WPA, but is reserved in IEEE 802.11i/RSN */
+#define WPA_KEY_INFO_KEY_INDEX_MASK (BIT(4) | BIT(5))
+#define WPA_KEY_INFO_KEY_INDEX_SHIFT 4
+#define WPA_KEY_INFO_INSTALL BIT(6) /* pairwise */
+#define WPA_KEY_INFO_TXRX BIT(6) /* group */
+#define WPA_KEY_INFO_ACK BIT(7)
+#define WPA_KEY_INFO_MIC BIT(8)
+#define WPA_KEY_INFO_SECURE BIT(9)
+#define WPA_KEY_INFO_ERROR BIT(10)
+#define WPA_KEY_INFO_REQUEST BIT(11)
+#define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12) /* IEEE 802.11i/RSN only */
+#define WPA_KEY_INFO_SMK_MESSAGE BIT(13)
+
+
+#ifdef CONFIG_PEERKEY
+static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey);
+#endif /* CONFIG_PEERKEY */
+
+
+/**
+ * wpa_cipher_txt - Convert cipher suite to a text string
+ * @cipher: Cipher suite (WPA_CIPHER_* enum)
+ * Returns: Pointer to a text string of the cipher suite name
+ */
+static const char * wpa_cipher_txt(int cipher)
+{
+ switch (cipher) {
+ case WPA_CIPHER_NONE:
+ return "NONE";
+ case WPA_CIPHER_WEP40:
+ return "WEP-40";
+ case WPA_CIPHER_WEP104:
+ return "WEP-104";
+ case WPA_CIPHER_TKIP:
+ return "TKIP";
+ case WPA_CIPHER_CCMP:
+ return "CCMP";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+/**
+ * wpa_key_mgmt_txt - Convert key management suite to a text string
+ * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
+ * @proto: WPA/WPA2 version (WPA_PROTO_*)
+ * Returns: Pointer to a text string of the key management suite name
+ */
+static const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
+{
+ switch (key_mgmt) {
+ case WPA_KEY_MGMT_IEEE8021X:
+ return proto == WPA_PROTO_RSN ?
+ "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
+ case WPA_KEY_MGMT_PSK:
+ return proto == WPA_PROTO_RSN ?
+ "WPA2-PSK" : "WPA-PSK";
+ case WPA_KEY_MGMT_NONE:
+ return "NONE";
+ case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
+ return "IEEE 802.1X (no WPA)";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+static int wpa_selector_to_bitfield(const u8 *s)
+{
+ if (os_memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_NONE;
+ if (os_memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_WEP40;
+ if (os_memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_TKIP;
+ if (os_memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_CCMP;
+ if (os_memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_WEP104;
+ return 0;
+}
+
+
+static int wpa_key_mgmt_to_bitfield(const u8 *s)
+{
+ if (os_memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) ==
+ 0)
+ return WPA_KEY_MGMT_IEEE8021X;
+ if (os_memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN)
+ == 0)
+ return WPA_KEY_MGMT_PSK;
+ if (os_memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
+ return WPA_KEY_MGMT_WPA_NONE;
+ return 0;
+}
+
+
+#ifndef CONFIG_NO_WPA2
+static int rsn_selector_to_bitfield(const u8 *s)
+{
+ if (os_memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_NONE;
+ if (os_memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_WEP40;
+ if (os_memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_TKIP;
+ if (os_memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_CCMP;
+ if (os_memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_WEP104;
+#ifdef CONFIG_IEEE80211W
+ if (os_memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
+ return WPA_CIPHER_AES_128_CMAC;
+#endif /* CONFIG_IEEE80211W */
+ return 0;
+}
+
+
+static int rsn_key_mgmt_to_bitfield(const u8 *s)
+{
+ if (os_memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) ==
+ 0)
+ return WPA_KEY_MGMT_IEEE8021X;
+ if (os_memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN)
+ == 0)
+ return WPA_KEY_MGMT_PSK;
+ return 0;
+}
+#endif /* CONFIG_NO_WPA2 */
+
+
+#ifdef CONFIG_PEERKEY
+static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
+{
+ os_memcpy(pos, ie, ie_len);
+ return pos + ie_len;
+}
+
+
+static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
+ size_t data_len)
+{
+ *pos++ = GENERIC_INFO_ELEM;
+ *pos++ = RSN_SELECTOR_LEN + data_len;
+ os_memcpy(pos, kde, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ os_memcpy(pos, data, data_len);
+ pos += data_len;
+ return pos;
+}
+#endif /* CONFIG_PEERKEY */
+
+
+static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
+ struct wpa_ie_data *data)
+{
+ const struct wpa_ie_hdr *hdr;
+ const u8 *pos;
+ int left;
+ int i, count;
+
+ data->proto = WPA_PROTO_WPA;
+ data->pairwise_cipher = WPA_CIPHER_TKIP;
+ data->group_cipher = WPA_CIPHER_TKIP;
+ data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+ data->capabilities = 0;
+ data->pmkid = NULL;
+ data->num_pmkid = 0;
+ data->mgmt_group_cipher = 0;
+
+ if (wpa_ie_len == 0) {
+ /* No WPA IE - fail silently */
+ return -1;
+ }
+
+ if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
+ wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
+ __func__, (unsigned long) wpa_ie_len);
+ return -1;
+ }
+
+ hdr = (const struct wpa_ie_hdr *) wpa_ie;
+
+ if (hdr->elem_id != GENERIC_INFO_ELEM ||
+ hdr->len != wpa_ie_len - 2 ||
+ os_memcmp(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
+ WPA_GET_LE16(hdr->version) != WPA_VERSION) {
+ wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
+ __func__);
+ return -1;
+ }
+
+ pos = (const u8 *) (hdr + 1);
+ left = wpa_ie_len - sizeof(*hdr);
+
+ if (left >= WPA_SELECTOR_LEN) {
+ data->group_cipher = wpa_selector_to_bitfield(pos);
+ pos += WPA_SELECTOR_LEN;
+ left -= WPA_SELECTOR_LEN;
+ } else if (left > 0) {
+ wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
+ __func__, left);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->pairwise_cipher = 0;
+ count = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ if (count == 0 || left < count * WPA_SELECTOR_LEN) {
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
+ "count %u left %u", __func__, count, left);
+ return -1;
+ }
+ for (i = 0; i < count; i++) {
+ data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
+ pos += WPA_SELECTOR_LEN;
+ left -= WPA_SELECTOR_LEN;
+ }
+ } else if (left == 1) {
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
+ __func__);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->key_mgmt = 0;
+ count = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ if (count == 0 || left < count * WPA_SELECTOR_LEN) {
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
+ "count %u left %u", __func__, count, left);
+ return -1;
+ }
+ for (i = 0; i < count; i++) {
+ data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
+ pos += WPA_SELECTOR_LEN;
+ left -= WPA_SELECTOR_LEN;
+ }
+ } else if (left == 1) {
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
+ __func__);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->capabilities = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ }
+
+ if (left > 0) {
+ wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
+ __func__, left);
+ }
+
+ return 0;
+}
+
+
+static int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
+ struct wpa_ie_data *data)
+{
+#ifndef CONFIG_NO_WPA2
+ const struct rsn_ie_hdr *hdr;
+ const u8 *pos;
+ int left;
+ int i, count;
+
+ data->proto = WPA_PROTO_RSN;
+ data->pairwise_cipher = WPA_CIPHER_CCMP;
+ data->group_cipher = WPA_CIPHER_CCMP;
+ data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+ data->capabilities = 0;
+ data->pmkid = NULL;
+ data->num_pmkid = 0;
+#ifdef CONFIG_IEEE80211W
+ data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+#else /* CONFIG_IEEE80211W */
+ data->mgmt_group_cipher = 0;
+#endif /* CONFIG_IEEE80211W */
+
+
+ if (rsn_ie_len == 0) {
+ /* No RSN IE - fail silently */
+ return -1;
+ }
+
+ if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
+ wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
+ __func__, (unsigned long) rsn_ie_len);
+ return -1;
+ }
+
+ hdr = (const struct rsn_ie_hdr *) rsn_ie;
+
+ if (hdr->elem_id != RSN_INFO_ELEM ||
+ hdr->len != rsn_ie_len - 2 ||
+ WPA_GET_LE16(hdr->version) != RSN_VERSION) {
+ wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
+ __func__);
+ return -1;
+ }
+
+ pos = (const u8 *) (hdr + 1);
+ left = rsn_ie_len - sizeof(*hdr);
+
+ if (left >= RSN_SELECTOR_LEN) {
+ data->group_cipher = rsn_selector_to_bitfield(pos);
+#ifdef CONFIG_IEEE80211W
+ if (data->group_cipher == WPA_CIPHER_AES_128_CMAC) {
+ wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as group "
+ "cipher", __func__);
+ return -1;
+ }
+#endif /* CONFIG_IEEE80211W */
+ pos += RSN_SELECTOR_LEN;
+ left -= RSN_SELECTOR_LEN;
+ } else if (left > 0) {
+ wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
+ __func__, left);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->pairwise_cipher = 0;
+ count = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ if (count == 0 || left < count * RSN_SELECTOR_LEN) {
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
+ "count %u left %u", __func__, count, left);
+ return -1;
+ }
+ for (i = 0; i < count; i++) {
+ data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
+ pos += RSN_SELECTOR_LEN;
+ left -= RSN_SELECTOR_LEN;
+ }
+#ifdef CONFIG_IEEE80211W
+ if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
+ wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
+ "pairwise cipher", __func__);
+ return -1;
+ }
+#endif /* CONFIG_IEEE80211W */
+ } else if (left == 1) {
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
+ __func__);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->key_mgmt = 0;
+ count = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ if (count == 0 || left < count * RSN_SELECTOR_LEN) {
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
+ "count %u left %u", __func__, count, left);
+ return -1;
+ }
+ for (i = 0; i < count; i++) {
+ data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
+ pos += RSN_SELECTOR_LEN;
+ left -= RSN_SELECTOR_LEN;
+ }
+ } else if (left == 1) {
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
+ __func__);
+ return -1;
+ }
+
+ if (left >= 2) {
+ data->capabilities = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ }
+
+ if (left >= 2) {
+ data->num_pmkid = WPA_GET_LE16(pos);
+ pos += 2;
+ left -= 2;
+ if (left < data->num_pmkid * PMKID_LEN) {
+ wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
+ "(num_pmkid=%d left=%d)",
+ __func__, data->num_pmkid, left);
+ data->num_pmkid = 0;
+ } else {
+ data->pmkid = pos;
+ pos += data->num_pmkid * PMKID_LEN;
+ left -= data->num_pmkid * PMKID_LEN;
+ }
+ }
+
+#ifdef CONFIG_IEEE80211W
+ if (left >= 4) {
+ data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
+ if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
+ wpa_printf(MSG_DEBUG, "%s: Unsupported management "
+ "group cipher 0x%x", __func__,
+ data->mgmt_group_cipher);
+ return -1;
+ }
+ pos += RSN_SELECTOR_LEN;
+ left -= RSN_SELECTOR_LEN;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ if (left > 0) {
+ wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
+ __func__, left);
+ }
+
+ return 0;
+#else /* CONFIG_NO_WPA2 */
+ return -1;
+#endif /* CONFIG_NO_WPA2 */
+}
+
+
+/**
+ * wpa_parse_wpa_ie - Parse WPA/RSN IE
+ * @wpa_ie: Pointer to WPA or RSN IE
+ * @wpa_ie_len: Length of the WPA/RSN IE
+ * @data: Pointer to data area for parsing results
+ * Returns: 0 on success, -1 on failure
+ *
+ * Parse the contents of WPA or RSN IE and write the parsed data into data.
+ */
+int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
+ struct wpa_ie_data *data)
+{
+ if (wpa_ie_len >= 1 && wpa_ie[0] == RSN_INFO_ELEM)
+ return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
+ else
+ return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
+}
+
+
+static int wpa_gen_wpa_ie_wpa(u8 *wpa_ie, size_t wpa_ie_len,
+ int pairwise_cipher, int group_cipher,
+ int key_mgmt)
+{
+ u8 *pos;
+ struct wpa_ie_hdr *hdr;
+
+ if (wpa_ie_len < sizeof(*hdr) + WPA_SELECTOR_LEN +
+ 2 + WPA_SELECTOR_LEN + 2 + WPA_SELECTOR_LEN)
+ return -1;
+
+ hdr = (struct wpa_ie_hdr *) wpa_ie;
+ hdr->elem_id = GENERIC_INFO_ELEM;
+ os_memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
+ WPA_PUT_LE16(hdr->version, WPA_VERSION);
+ pos = (u8 *) (hdr + 1);
+
+ if (group_cipher == WPA_CIPHER_CCMP) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_TKIP) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_WEP104) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_WEP40) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
+ group_cipher);
+ return -1;
+ }
+ pos += WPA_SELECTOR_LEN;
+
+ *pos++ = 1;
+ *pos++ = 0;
+ if (pairwise_cipher == WPA_CIPHER_CCMP) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
+ } else if (pairwise_cipher == WPA_CIPHER_TKIP) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
+ } else if (pairwise_cipher == WPA_CIPHER_NONE) {
+ os_memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
+ pairwise_cipher);
+ return -1;
+ }
+ pos += WPA_SELECTOR_LEN;
+
+ *pos++ = 1;
+ *pos++ = 0;
+ if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
+ os_memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X,
+ WPA_SELECTOR_LEN);
+ } else if (key_mgmt == WPA_KEY_MGMT_PSK) {
+ os_memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
+ WPA_SELECTOR_LEN);
+ } else if (key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
+ os_memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
+ key_mgmt);
+ return -1;
+ }
+ pos += WPA_SELECTOR_LEN;
+
+ /* WPA Capabilities; use defaults, so no need to include it */
+
+ hdr->len = (pos - wpa_ie) - 2;
+
+ WPA_ASSERT((size_t) (pos - wpa_ie) <= wpa_ie_len);
+
+ return pos - wpa_ie;
+}
+
+
+static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
+ int pairwise_cipher, int group_cipher,
+ int key_mgmt, int mgmt_group_cipher,
+ struct wpa_sm *sm)
+{
+#ifndef CONFIG_NO_WPA2
+ u8 *pos;
+ struct rsn_ie_hdr *hdr;
+ u16 capab;
+
+ if (rsn_ie_len < sizeof(*hdr) + RSN_SELECTOR_LEN +
+ 2 + RSN_SELECTOR_LEN + 2 + RSN_SELECTOR_LEN + 2 +
+ (sm->cur_pmksa ? 2 + PMKID_LEN : 0))
+ return -1;
+
+ hdr = (struct rsn_ie_hdr *) rsn_ie;
+ hdr->elem_id = RSN_INFO_ELEM;
+ WPA_PUT_LE16(hdr->version, RSN_VERSION);
+ pos = (u8 *) (hdr + 1);
+
+ if (group_cipher == WPA_CIPHER_CCMP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_TKIP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_WEP104) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
+ } else if (group_cipher == WPA_CIPHER_WEP40) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
+ group_cipher);
+ return -1;
+ }
+ pos += RSN_SELECTOR_LEN;
+
+ *pos++ = 1;
+ *pos++ = 0;
+ if (pairwise_cipher == WPA_CIPHER_CCMP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ } else if (pairwise_cipher == WPA_CIPHER_TKIP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
+ } else if (pairwise_cipher == WPA_CIPHER_NONE) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
+ pairwise_cipher);
+ return -1;
+ }
+ pos += RSN_SELECTOR_LEN;
+
+ *pos++ = 1;
+ *pos++ = 0;
+ if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
+ os_memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X,
+ RSN_SELECTOR_LEN);
+ } else if (key_mgmt == WPA_KEY_MGMT_PSK) {
+ os_memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
+ RSN_SELECTOR_LEN);
+ } else {
+ wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
+ key_mgmt);
+ return -1;
+ }
+ pos += RSN_SELECTOR_LEN;
+
+ /* RSN Capabilities */
+ capab = 0;
+#ifdef CONFIG_IEEE80211W
+ if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
+ capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
+#endif /* CONFIG_IEEE80211W */
+ WPA_PUT_LE16(pos, capab);
+ pos += 2;
+
+ if (sm->cur_pmksa) {
+ /* PMKID Count (2 octets, little endian) */
+ *pos++ = 1;
+ *pos++ = 0;
+ /* PMKID */
+ os_memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
+ pos += PMKID_LEN;
+ }
+
+#ifdef CONFIG_IEEE80211W
+ if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
+ if (!sm->cur_pmksa) {
+ /* PMKID Count */
+ WPA_PUT_LE16(pos, 0);
+ pos += 2;
+
+ /* Management Group Cipher Suite */
+ memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC,
+ RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ }
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ hdr->len = (pos - rsn_ie) - 2;
+
+ WPA_ASSERT((size_t) (pos - rsn_ie) <= rsn_ie_len);
+
+ return pos - rsn_ie;
+#else /* CONFIG_NO_WPA2 */
+ return -1;
+#endif /* CONFIG_NO_WPA2 */
+}
+
+
+/**
+ * wpa_gen_wpa_ie - Generate WPA/RSN IE based on current security policy
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @wpa_ie: Pointer to memory area for the generated WPA/RSN IE
+ * @wpa_ie_len: Maximum length of the generated WPA/RSN IE
+ * Returns: Length of the generated WPA/RSN IE or -1 on failure
+ */
+static int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
+{
+ if (sm->proto == WPA_PROTO_RSN)
+ return wpa_gen_wpa_ie_rsn(wpa_ie, wpa_ie_len,
+ sm->pairwise_cipher,
+ sm->group_cipher,
+ sm->key_mgmt, sm->mgmt_group_cipher,
+ sm);
+ else
+ return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
+ sm->pairwise_cipher,
+ sm->group_cipher,
+ sm->key_mgmt);
+}
+
+
+/**
+ * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
+ * @pmk: Pairwise master key
+ * @pmk_len: Length of PMK
+ * @label: Label to use in derivation
+ * @addr1: AA or SA
+ * @addr2: SA or AA
+ * @nonce1: ANonce or SNonce
+ * @nonce2: SNonce or ANonce
+ * @ptk: Buffer for pairwise transient key
+ * @ptk_len: Length of PTK
+ *
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ * PTK = PRF-X(PMK, "Pairwise key expansion",
+ * Min(AA, SA) || Max(AA, SA) ||
+ * Min(ANonce, SNonce) || Max(ANonce, SNonce))
+ *
+ * STK = PRF-X(SMK, "Peer key expansion",
+ * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
+ * Min(INonce, PNonce) || Max(INonce, PNonce))
+ */
+static void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
+ const char *label,
+ const u8 *addr1, const u8 *addr2,
+ const u8 *nonce1, const u8 *nonce2,
+ u8 *ptk, size_t ptk_len)
+{
+ u8 data[2 * ETH_ALEN + 2 * 32];
+
+ if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
+ os_memcpy(data, addr1, ETH_ALEN);
+ os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
+ } else {
+ os_memcpy(data, addr2, ETH_ALEN);
+ os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
+ }
+
+ if (os_memcmp(nonce1, nonce2, 32) < 0) {
+ os_memcpy(data + 2 * ETH_ALEN, nonce1, 32);
+ os_memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
+ } else {
+ os_memcpy(data + 2 * ETH_ALEN, nonce2, 32);
+ os_memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
+ }
+
+ sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len);
+
+ wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
+ wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
+}
+
+
+/**
+ * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
+ * @key: EAPOL-Key Key Confirmation Key (KCK)
+ * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
+ * @buf: Pointer to the beginning of the EAPOL header (version field)
+ * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
+ * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
+ *
+ * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
+ * to be cleared (all zeroes) when calling this function.
+ *
+ * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
+ * description of the Key MIC calculation. It includes packet data from the
+ * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
+ * happened during final editing of the standard and the correct behavior is
+ * defined in the last draft (IEEE 802.11i/D10).
+ */
+static void wpa_eapol_key_mic(const u8 *key, int ver,
+ const u8 *buf, size_t len, u8 *mic)
+{
+ if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
+ hmac_md5(key, 16, buf, len, mic);
+ } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ u8 hash[SHA1_MAC_LEN];
+ hmac_sha1(key, 16, buf, len, hash);
+ os_memcpy(mic, hash, MD5_MAC_LEN);
+ }
+}
+
+
+static void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
+ int ver, const u8 *dest, u16 proto,
+ u8 *msg, size_t msg_len, u8 *key_mic)
+{
+ if (os_memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
+ os_memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
+ /*
+ * Association event was not yet received; try to fetch
+ * BSSID from the driver.
+ */
+ if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
+ wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
+ "EAPOL-Key destination address");
+ } else {
+ dest = sm->bssid;
+ wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
+ ") as the destination for EAPOL-Key",
+ MAC2STR(dest));
+ }
+ }
+ if (key_mic) {
+ wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
+ }
+ wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
+ wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
+ eapol_sm_notify_tx_eapol_key(sm->eapol);
+ os_free(msg);
+}
+
+
+/**
+ * wpa_sm_key_request - Send EAPOL-Key Request
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @error: Indicate whether this is an Michael MIC error report
+ * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
+ * Returns: Pointer to the current network structure or %NULL on failure
+ *
+ * Send an EAPOL-Key Request to the current authenticator. This function is
+ * used to request rekeying and it is usually called when a local Michael MIC
+ * failure is detected.
+ */
+void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
+{
+ size_t rlen;
+ struct wpa_eapol_key *reply;
+ int key_info, ver;
+ u8 bssid[ETH_ALEN], *rbuf;
+
+ if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
+ ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
+ else
+ ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
+
+ if (wpa_sm_get_bssid(sm, bssid) < 0) {
+ wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
+ "request");
+ return;
+ }
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*reply), &rlen, (void *) &reply);
+ if (rbuf == NULL)
+ return;
+
+ reply->type = sm->proto == WPA_PROTO_RSN ?
+ EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
+ key_info = WPA_KEY_INFO_REQUEST | ver;
+ if (sm->ptk_set)
+ key_info |= WPA_KEY_INFO_MIC;
+ if (error)
+ key_info |= WPA_KEY_INFO_ERROR;
+ if (pairwise)
+ key_info |= WPA_KEY_INFO_KEY_TYPE;
+ WPA_PUT_BE16(reply->key_info, key_info);
+ WPA_PUT_BE16(reply->key_length, 0);
+ os_memcpy(reply->replay_counter, sm->request_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(reply->key_data_length, 0);
+
+ wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d "
+ "pairwise=%d ptk_set=%d len=%lu)",
+ error, pairwise, sm->ptk_set, (unsigned long) rlen);
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
+ rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
+ reply->key_mic : NULL);
+}
+
+
+/**
+ * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @peer: MAC address of the peer STA
+ * Returns: 0 on success, or -1 on failure
+ *
+ * Send an EAPOL-Key Request to the current authenticator to start STK
+ * handshake with the peer.
+ */
+int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
+{
+#ifdef CONFIG_PEERKEY
+ size_t rlen, kde_len;
+ struct wpa_eapol_key *req;
+ int key_info, ver;
+ u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
+ u16 count;
+ struct wpa_ssid *ssid = sm->cur_ssid;
+ struct rsn_ie_hdr *hdr;
+ struct wpa_peerkey *peerkey;
+ struct wpa_ie_data ie;
+
+ if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set ||
+ ssid == NULL || !ssid->peerkey)
+ return -1;
+
+ if (sm->ap_rsn_ie &&
+ wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
+ !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
+ wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
+ return -1;
+ }
+
+ if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
+ ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
+ else
+ ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
+
+ if (wpa_sm_get_bssid(sm, bssid) < 0) {
+ wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
+ "SMK M1");
+ return -1;
+ }
+
+ /* TODO: find existing entry and if found, use that instead of adding
+ * a new one */
+ peerkey = os_malloc(sizeof(*peerkey));
+ if (peerkey == NULL)
+ return -1;
+ os_memset(peerkey, 0, sizeof(*peerkey));
+ peerkey->initiator = 1;
+ os_memcpy(peerkey->addr, peer, ETH_ALEN);
+
+ /* SMK M1:
+ * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
+ * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
+ */
+
+ hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
+ hdr->elem_id = RSN_INFO_ELEM;
+ WPA_PUT_LE16(hdr->version, RSN_VERSION);
+ pos = (u8 *) (hdr + 1);
+ /* Group Suite can be anything for SMK RSN IE; receiver will just
+ * ignore it. */
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ count_pos = pos;
+ pos += 2;
+
+ count = 0;
+ if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ count++;
+ }
+ if (ssid->pairwise_cipher & WPA_CIPHER_TKIP) {
+ os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ count++;
+ }
+ WPA_PUT_LE16(count_pos, count);
+
+ hdr->len = (pos - peerkey->rsnie_i) - 2;
+ peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
+ wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
+ peerkey->rsnie_i, peerkey->rsnie_i_len);
+
+ kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*req) + kde_len, &rlen,
+ (void *) &req);
+ if (rbuf == NULL) {
+ wpa_supplicant_peerkey_free(sm, peerkey);
+ return -1;
+ }
+
+ req->type = EAPOL_KEY_TYPE_RSN;
+ key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
+ WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
+ WPA_PUT_BE16(req->key_info, key_info);
+ WPA_PUT_BE16(req->key_length, 0);
+ os_memcpy(req->replay_counter, sm->request_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
+
+ if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "WPA: Failed to get random data for INonce");
+ os_free(rbuf);
+ wpa_supplicant_peerkey_free(sm, peerkey);
+ return -1;
+ }
+ os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
+ wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
+ req->key_nonce, WPA_NONCE_LEN);
+
+ WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
+ pos = (u8 *) (req + 1);
+
+ /* Initiator RSN IE */
+ pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
+ /* Peer MAC address KDE */
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
+
+ wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
+ MACSTR ")", MAC2STR(peer));
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
+ rbuf, rlen, req->key_mic);
+
+ peerkey->next = sm->peerkey;
+ sm->peerkey = peerkey;
+
+ return 0;
+
+#else /* CONFIG_PEERKEY */
+
+ return -1;
+
+#endif /* CONFIG_PEERKEY */
+}
+
+
+struct wpa_eapol_ie_parse {
+ const u8 *wpa_ie;
+ size_t wpa_ie_len;
+ const u8 *rsn_ie;
+ size_t rsn_ie_len;
+ const u8 *pmkid;
+ const u8 *gtk;
+ size_t gtk_len;
+ const u8 *mac_addr;
+ size_t mac_addr_len;
+#ifdef CONFIG_PEERKEY
+ const u8 *smk;
+ size_t smk_len;
+ const u8 *nonce;
+ size_t nonce_len;
+ const u8 *lifetime;
+ size_t lifetime_len;
+ const u8 *error;
+ size_t error_len;
+#endif /* CONFIG_PEERKEY */
+#ifdef CONFIG_IEEE80211W
+ const u8 *dhv;
+ size_t dhv_len;
+ const u8 *igtk;
+ size_t igtk_len;
+#endif /* CONFIG_IEEE80211W */
+};
+
+
+/**
+ * wpa_supplicant_parse_generic - Parse EAPOL-Key Key Data Generic IEs
+ * @pos: Pointer to the IE header
+ * @end: Pointer to the end of the Key Data buffer
+ * @ie: Pointer to parsed IE data
+ * Returns: 0 on success, 1 if end mark is found, -1 on failure
+ */
+static int wpa_supplicant_parse_generic(const u8 *pos, const u8 *end,
+ struct wpa_eapol_ie_parse *ie)
+{
+ if (pos[1] == 0)
+ return 1;
+
+ if (pos[1] >= 6 &&
+ os_memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
+ pos[2 + WPA_SELECTOR_LEN] == 1 &&
+ pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
+ ie->wpa_ie = pos;
+ ie->wpa_ie_len = pos[1] + 2;
+ return 0;
+ }
+
+ if (pos + 1 + RSN_SELECTOR_LEN < end &&
+ pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
+ ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
+ ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
+ ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
+ ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
+ ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+#ifdef CONFIG_PEERKEY
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
+ ie->smk = pos + 2 + RSN_SELECTOR_LEN;
+ ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
+ ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
+ ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
+ ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
+ ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
+ ie->error = pos + 2 + RSN_SELECTOR_LEN;
+ ie->error_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+#endif /* CONFIG_PEERKEY */
+
+#ifdef CONFIG_IEEE80211W
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_DHV, RSN_SELECTOR_LEN) == 0) {
+ ie->dhv = pos + 2 + RSN_SELECTOR_LEN;
+ ie->dhv_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+
+ if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+ os_memcmp(pos + 2, RSN_KEY_DATA_IGTK, RSN_SELECTOR_LEN) == 0) {
+ ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
+ ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
+ return 0;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_parse_ies - Parse EAPOL-Key Key Data IEs
+ * @buf: Pointer to the Key Data buffer
+ * @len: Key Data Length
+ * @ie: Pointer to parsed IE data
+ * Returns: 0 on success, -1 on failure
+ */
+static int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
+ struct wpa_eapol_ie_parse *ie)
+{
+ const u8 *pos, *end;
+ int ret = 0;
+
+ os_memset(ie, 0, sizeof(*ie));
+ for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
+ if (pos[0] == 0xdd &&
+ ((pos == buf + len - 1) || pos[1] == 0)) {
+ /* Ignore padding */
+ break;
+ }
+ if (pos + 2 + pos[1] > end) {
+ wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
+ "underflow (ie=%d len=%d pos=%d)",
+ pos[0], pos[1], (int) (pos - buf));
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
+ buf, len);
+ ret = -1;
+ break;
+ }
+ if (*pos == RSN_INFO_ELEM) {
+ ie->rsn_ie = pos;
+ ie->rsn_ie_len = pos[1] + 2;
+ } else if (*pos == GENERIC_INFO_ELEM) {
+ ret = wpa_supplicant_parse_generic(pos, end, ie);
+ if (ret < 0)
+ break;
+ if (ret > 0) {
+ ret = 0;
+ break;
+ }
+ } else {
+ wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
+ "Key Data IE", pos, 2 + pos[1]);
+ }
+ }
+
+ return ret;
+}
+
+
+static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
+ const unsigned char *src_addr,
+ const u8 *pmkid)
+{
+ int abort_cached = 0;
+
+ if (pmkid && !sm->cur_pmksa) {
+ /* When using drivers that generate RSN IE, wpa_supplicant may
+ * not have enough time to get the association information
+ * event before receiving this 1/4 message, so try to find a
+ * matching PMKSA cache entry here. */
+ sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
+ if (sm->cur_pmksa) {
+ wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from "
+ "PMKSA cache");
+ } else {
+ wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found");
+ abort_cached = 1;
+ }
+ }
+
+ if (pmkid && sm->cur_pmksa &&
+ os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
+ wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
+ wpa_sm_set_pmk_from_pmksa(sm);
+ wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
+ sm->pmk, sm->pmk_len);
+ eapol_sm_notify_cached(sm->eapol);
+ } else if (sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X && sm->eapol) {
+ int res, pmk_len;
+ pmk_len = PMK_LEN;
+ res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
+ if (res) {
+ /*
+ * EAP-LEAP is an exception from other EAP methods: it
+ * uses only 16-byte PMK.
+ */
+ res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
+ pmk_len = 16;
+ }
+ if (res == 0) {
+ wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
+ "machines", sm->pmk, pmk_len);
+ sm->pmk_len = pmk_len;
+ pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr,
+ sm->own_addr, sm->cur_ssid);
+ if (!sm->cur_pmksa && pmkid &&
+ pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
+ wpa_printf(MSG_DEBUG, "RSN: the new PMK "
+ "matches with the PMKID");
+ abort_cached = 0;
+ }
+ } else {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "WPA: Failed to get master session key from "
+ "EAPOL state machines");
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "WPA: Key handshake aborted");
+ if (sm->cur_pmksa) {
+ wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA "
+ "caching attempt");
+ sm->cur_pmksa = NULL;
+ abort_cached = 1;
+ } else {
+ return -1;
+ }
+ }
+ }
+
+ if (abort_cached && sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
+ /* Send EAPOL-Start to trigger full EAP authentication. */
+ u8 *buf;
+ size_t buflen;
+
+ wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger "
+ "full EAP authentication");
+ buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
+ NULL, 0, &buflen, NULL);
+ if (buf) {
+ wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
+ buf, buflen);
+ os_free(buf);
+ }
+
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_supplicant_send_2_of_4(struct wpa_sm *sm,
+ const unsigned char *dst,
+ const struct wpa_eapol_key *key,
+ int ver, const u8 *nonce,
+ const u8 *wpa_ie, size_t wpa_ie_len,
+ struct wpa_ptk *ptk)
+{
+ size_t rlen;
+ struct wpa_eapol_key *reply;
+ u8 *rbuf;
+
+ if (wpa_ie == NULL) {
+ wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot "
+ "generate msg 2/4");
+ return -1;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
+ NULL, sizeof(*reply) + wpa_ie_len,
+ &rlen, (void *) &reply);
+ if (rbuf == NULL)
+ return -1;
+
+ reply->type = sm->proto == WPA_PROTO_RSN ?
+ EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
+ WPA_PUT_BE16(reply->key_info,
+ ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
+ if (sm->proto == WPA_PROTO_RSN)
+ WPA_PUT_BE16(reply->key_length, 0);
+ else
+ os_memcpy(reply->key_length, key->key_length, 2);
+ os_memcpy(reply->replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
+ os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
+
+ os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
+
+ wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
+ wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
+ rbuf, rlen, reply->key_mic);
+
+ return 0;
+}
+
+
+static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ const unsigned char *src_addr,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ struct wpa_eapol_ie_parse ie;
+ struct wpa_ptk *ptk;
+ u8 buf[8];
+
+ if (wpa_sm_get_ssid(sm) == NULL) {
+ wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
+ "4).");
+ return;
+ }
+
+ wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
+ wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
+
+ os_memset(&ie, 0, sizeof(ie));
+
+#ifndef CONFIG_NO_WPA2
+ if (sm->proto == WPA_PROTO_RSN) {
+ /* RSN: msg 1/4 should contain PMKID for the selected PMK */
+ const u8 *_buf = (const u8 *) (key + 1);
+ size_t len = WPA_GET_BE16(key->key_data_length);
+ wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
+ wpa_supplicant_parse_ies(_buf, len, &ie);
+ if (ie.pmkid) {
+ wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
+ "Authenticator", ie.pmkid, PMKID_LEN);
+ }
+ }
+#endif /* CONFIG_NO_WPA2 */
+
+ if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
+ return;
+
+ if (sm->renew_snonce) {
+ if (hostapd_get_rand(sm->snonce, WPA_NONCE_LEN)) {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "WPA: Failed to get random data for SNonce");
+ return;
+ }
+ sm->renew_snonce = 0;
+ wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
+ sm->snonce, WPA_NONCE_LEN);
+ }
+
+ /* Calculate PTK which will be stored as a temporary PTK until it has
+ * been verified when processing message 3/4. */
+ ptk = &sm->tptk;
+ wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
+ sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
+ (u8 *) ptk, sizeof(*ptk));
+ /* Supplicant: swap tx/rx Mic keys */
+ os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
+ os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
+ os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
+ sm->tptk_set = 1;
+
+ if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
+ sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
+ ptk))
+ return;
+
+ os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
+}
+
+
+static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_sm *sm = eloop_ctx;
+ rsn_preauth_candidate_process(sm);
+}
+
+
+static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
+ const u8 *addr, int secure)
+{
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Key negotiation completed with "
+ MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
+ wpa_cipher_txt(sm->pairwise_cipher),
+ wpa_cipher_txt(sm->group_cipher));
+ eloop_cancel_timeout(sm->ctx->scan, sm->ctx->ctx, NULL);
+ wpa_sm_cancel_auth_timeout(sm);
+ wpa_sm_set_state(sm, WPA_COMPLETED);
+
+ if (secure) {
+ wpa_sm_mlme_setprotection(
+ sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
+ MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
+ eapol_sm_notify_portValid(sm->eapol, TRUE);
+ if (sm->key_mgmt == WPA_KEY_MGMT_PSK)
+ eapol_sm_notify_eap_success(sm->eapol, TRUE);
+ /*
+ * Start preauthentication after a short wait to avoid a
+ * possible race condition between the data receive and key
+ * configuration after the 4-Way Handshake. This increases the
+ * likelyhood of the first preauth EAPOL-Start frame getting to
+ * the target AP.
+ */
+ eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
+ }
+
+ if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
+ wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted "
+ "opportunistic PMKSA entry - marking it valid");
+ sm->cur_pmksa->opportunistic = 0;
+ }
+}
+
+
+static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ const struct wpa_eapol_key *key)
+{
+ int keylen, rsclen;
+ wpa_alg alg;
+ const u8 *key_rsc;
+ u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+ wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.");
+
+ switch (sm->pairwise_cipher) {
+ case WPA_CIPHER_CCMP:
+ alg = WPA_ALG_CCMP;
+ keylen = 16;
+ rsclen = 6;
+ break;
+ case WPA_CIPHER_TKIP:
+ alg = WPA_ALG_TKIP;
+ keylen = 32;
+ rsclen = 6;
+ break;
+ case WPA_CIPHER_NONE:
+ wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: "
+ "NONE - do not use pairwise keys");
+ return 0;
+ default:
+ wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d",
+ sm->pairwise_cipher);
+ return -1;
+ }
+
+ if (sm->proto == WPA_PROTO_RSN) {
+ key_rsc = null_rsc;
+ } else {
+ key_rsc = key->key_rsc;
+ wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
+ }
+
+ if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
+ (u8 *) sm->ptk.tk1, keylen) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
+ "driver.");
+ return -1;
+ }
+ return 0;
+}
+
+
+static int wpa_supplicant_check_group_cipher(int group_cipher,
+ int keylen, int maxkeylen,
+ int *key_rsc_len, wpa_alg *alg)
+{
+ int ret = 0;
+
+ switch (group_cipher) {
+ case WPA_CIPHER_CCMP:
+ if (keylen != 16 || maxkeylen < 16) {
+ ret = -1;
+ break;
+ }
+ *key_rsc_len = 6;
+ *alg = WPA_ALG_CCMP;
+ break;
+ case WPA_CIPHER_TKIP:
+ if (keylen != 32 || maxkeylen < 32) {
+ ret = -1;
+ break;
+ }
+ *key_rsc_len = 6;
+ *alg = WPA_ALG_TKIP;
+ break;
+ case WPA_CIPHER_WEP104:
+ if (keylen != 13 || maxkeylen < 13) {
+ ret = -1;
+ break;
+ }
+ *key_rsc_len = 0;
+ *alg = WPA_ALG_WEP;
+ break;
+ case WPA_CIPHER_WEP40:
+ if (keylen != 5 || maxkeylen < 5) {
+ ret = -1;
+ break;
+ }
+ *key_rsc_len = 0;
+ *alg = WPA_ALG_WEP;
+ break;
+ default:
+ wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
+ group_cipher);
+ return -1;
+ }
+
+ if (ret < 0 ) {
+ wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key "
+ "length %d (%d).",
+ wpa_cipher_txt(group_cipher), keylen, maxkeylen);
+ }
+
+ return ret;
+}
+
+
+struct wpa_gtk_data {
+ wpa_alg alg;
+ int tx, key_rsc_len, keyidx;
+ u8 gtk[32];
+ int gtk_len;
+};
+
+
+static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+ const u8 *key_rsc)
+{
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
+ "(keyidx=%d tx=%d).", gd->keyidx, gd->tx);
+ wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
+ if (sm->group_cipher == WPA_CIPHER_TKIP) {
+ /* Swap Tx/Rx keys for Michael MIC */
+ os_memcpy(gtk_buf, gd->gtk, 16);
+ os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
+ os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
+ _gtk = gtk_buf;
+ }
+ if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
+ if (wpa_sm_set_key(sm, gd->alg,
+ (u8 *) "\xff\xff\xff\xff\xff\xff",
+ gd->keyidx, 1, key_rsc, gd->key_rsc_len,
+ _gtk, gd->gtk_len) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to set "
+ "GTK to the driver (Group only).");
+ return -1;
+ }
+ } else if (wpa_sm_set_key(sm, gd->alg,
+ (u8 *) "\xff\xff\xff\xff\xff\xff",
+ gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
+ _gtk, gd->gtk_len) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
+ "the driver.");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
+ int tx)
+{
+ if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
+ /* Ignore Tx bit for GTK if a pairwise key is used. One AP
+ * seemed to set this bit (incorrectly, since Tx is only when
+ * doing Group Key only APs) and without this workaround, the
+ * data connection does not work because wpa_supplicant
+ * configured non-zero keyidx to be used for unicast. */
+ wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise "
+ "keys are used - ignore Tx bit");
+ return 0;
+ }
+ return tx;
+}
+
+
+static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ const struct wpa_eapol_key *key,
+ const u8 *gtk, size_t gtk_len,
+ int key_info)
+{
+#ifndef CONFIG_NO_WPA2
+ struct wpa_gtk_data gd;
+
+ /*
+ * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
+ * GTK KDE format:
+ * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
+ * Reserved [bits 0-7]
+ * GTK
+ */
+
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
+ gtk, gtk_len);
+
+ if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
+ return -1;
+
+ gd.keyidx = gtk[0] & 0x3;
+ gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
+ !!(gtk[0] & BIT(2)));
+ gtk += 2;
+ gtk_len -= 2;
+
+ os_memcpy(gd.gtk, gtk, gtk_len);
+ gd.gtk_len = gtk_len;
+
+ if (wpa_supplicant_check_group_cipher(sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+ wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) {
+ wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK");
+ return -1;
+ }
+
+ wpa_supplicant_key_neg_complete(sm, sm->bssid,
+ key_info & WPA_KEY_INFO_SECURE);
+ return 0;
+#else /* CONFIG_NO_WPA2 */
+ return -1;
+#endif /* CONFIG_NO_WPA2 */
+}
+
+
+static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+{
+#ifdef CONFIG_IEEE80211W
+ if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
+ return 0;
+
+ if (ie->igtk) {
+ const struct wpa_igtk_kde *igtk;
+ u16 keyidx;
+ if (ie->igtk_len != sizeof(*igtk))
+ return -1;
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+ keyidx = WPA_GET_LE16(igtk->keyid);
+ wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
+ "pn %02x%02x%02x%02x%02x%02x",
+ keyidx, MAC2STR(igtk->pn));
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+ igtk->igtk, WPA_IGTK_LEN);
+ if (keyidx > 4095) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
+ keyidx);
+ return -1;
+ }
+ if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
+ (u8 *) "\xff\xff\xff\xff\xff\xff",
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
+ igtk->igtk, WPA_IGTK_LEN) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
+ " to the driver");
+ return -1;
+ }
+ }
+
+ if (ie->dhv) {
+ const struct wpa_dhv_kde *dhv;
+ if (ie->dhv_len != sizeof(*dhv))
+ return -1;
+ dhv = (const struct wpa_dhv_kde *) ie->dhv;
+ wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv->dhv, WPA_DHV_LEN);
+ if (wpa_sm_set_key(sm, WPA_ALG_DHV,
+ (u8 *) "\xff\xff\xff\xff\xff\xff", 0, 0,
+ NULL, 0, dhv->dhv, WPA_DHV_LEN) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to configure DHV "
+ "to the driver");
+ return -1;
+ }
+ }
+
+ return 0;
+#else /* CONFIG_IEEE80211W */
+ return 0;
+#endif /* CONFIG_IEEE80211W */
+}
+
+
+static void wpa_report_ie_mismatch(struct wpa_sm *sm,
+ const char *reason, const u8 *src_addr,
+ const u8 *wpa_ie, size_t wpa_ie_len,
+ const u8 *rsn_ie, size_t rsn_ie_len)
+{
+ wpa_msg(sm->ctx->ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
+ reason, MAC2STR(src_addr));
+
+ if (sm->ap_wpa_ie) {
+ wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
+ sm->ap_wpa_ie, sm->ap_wpa_ie_len);
+ }
+ if (wpa_ie) {
+ if (!sm->ap_wpa_ie) {
+ wpa_printf(MSG_INFO, "WPA: No WPA IE in "
+ "Beacon/ProbeResp");
+ }
+ wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
+ wpa_ie, wpa_ie_len);
+ }
+
+ if (sm->ap_rsn_ie) {
+ wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
+ sm->ap_rsn_ie, sm->ap_rsn_ie_len);
+ }
+ if (rsn_ie) {
+ if (!sm->ap_rsn_ie) {
+ wpa_printf(MSG_INFO, "WPA: No RSN IE in "
+ "Beacon/ProbeResp");
+ }
+ wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
+ rsn_ie, rsn_ie_len);
+ }
+
+ wpa_sm_disassociate(sm, REASON_IE_IN_4WAY_DIFFERS);
+ wpa_sm_req_scan(sm, 0, 0);
+}
+
+
+static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
+ const unsigned char *src_addr,
+ struct wpa_eapol_ie_parse *ie)
+{
+ struct wpa_ssid *ssid = sm->cur_ssid;
+
+ if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
+ wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. "
+ "Trying to get from scan results");
+ if (wpa_sm_get_beacon_ie(sm) < 0) {
+ wpa_printf(MSG_WARNING, "WPA: Could not find AP from "
+ "the scan results");
+ } else {
+ wpa_printf(MSG_DEBUG, "WPA: Found the current AP from "
+ "updated scan results");
+ }
+ }
+
+ if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
+ (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
+ wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
+ "with IE in Beacon/ProbeResp (no IE?)",
+ src_addr, ie->wpa_ie, ie->wpa_ie_len,
+ ie->rsn_ie, ie->rsn_ie_len);
+ return -1;
+ }
+
+ if ((ie->wpa_ie && sm->ap_wpa_ie &&
+ (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
+ os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
+ (ie->rsn_ie && sm->ap_rsn_ie &&
+ (ie->rsn_ie_len != sm->ap_rsn_ie_len ||
+ os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
+ wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
+ "with IE in Beacon/ProbeResp",
+ src_addr, ie->wpa_ie, ie->wpa_ie_len,
+ ie->rsn_ie, ie->rsn_ie_len);
+ return -1;
+ }
+
+ if (sm->proto == WPA_PROTO_WPA &&
+ ie->rsn_ie && sm->ap_rsn_ie == NULL &&
+ ssid && (ssid->proto & WPA_PROTO_RSN)) {
+ wpa_report_ie_mismatch(sm, "Possible downgrade attack "
+ "detected - RSN was enabled and RSN IE "
+ "was in msg 3/4, but not in "
+ "Beacon/ProbeResp",
+ src_addr, ie->wpa_ie, ie->wpa_ie_len,
+ ie->rsn_ie, ie->rsn_ie_len);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm,
+ const unsigned char *dst,
+ const struct wpa_eapol_key *key,
+ u16 ver, u16 key_info,
+ const u8 *kde, size_t kde_len,
+ struct wpa_ptk *ptk)
+{
+ size_t rlen;
+ struct wpa_eapol_key *reply;
+ u8 *rbuf;
+
+ if (kde)
+ wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*reply) + kde_len,
+ &rlen, (void *) &reply);
+ if (rbuf == NULL)
+ return -1;
+
+ reply->type = sm->proto == WPA_PROTO_RSN ?
+ EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
+ key_info &= WPA_KEY_INFO_SECURE;
+ key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
+ WPA_PUT_BE16(reply->key_info, key_info);
+ if (sm->proto == WPA_PROTO_RSN)
+ WPA_PUT_BE16(reply->key_length, 0);
+ else
+ os_memcpy(reply->key_length, key->key_length, 2);
+ os_memcpy(reply->replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(reply->key_data_length, kde_len);
+ if (kde)
+ os_memcpy(reply + 1, kde, kde_len);
+
+ wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
+ wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
+ rbuf, rlen, reply->key_mic);
+
+ return 0;
+}
+
+
+static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ u16 key_info, keylen, len;
+ const u8 *pos;
+ struct wpa_eapol_ie_parse ie;
+
+ wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
+ wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
+
+ key_info = WPA_GET_BE16(key->key_info);
+
+ pos = (const u8 *) (key + 1);
+ len = WPA_GET_BE16(key->key_data_length);
+ wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
+ wpa_supplicant_parse_ies(pos, len, &ie);
+ if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
+ return;
+ }
+#ifdef CONFIG_IEEE80211W
+ if ((ie.dhv || ie.igtk) && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ wpa_printf(MSG_WARNING, "WPA: DHV/IGTK KDE in unencrypted key "
+ "data");
+ return;
+ }
+
+ if (ie.dhv && ie.dhv_len != sizeof(struct wpa_dhv_kde)) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid DHV KDE length %lu",
+ (unsigned long) ie.dhv_len);
+ return;
+ }
+
+ if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
+ (unsigned long) ie.igtk_len);
+ return;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
+ return;
+
+ if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
+ wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
+ "Handshake differs from 3 of 4-Way Handshake - drop"
+ " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
+ return;
+ }
+
+ keylen = WPA_GET_BE16(key->key_length);
+ switch (sm->pairwise_cipher) {
+ case WPA_CIPHER_CCMP:
+ if (keylen != 16) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
+ "%d (src=" MACSTR ")",
+ keylen, MAC2STR(sm->bssid));
+ return;
+ }
+ break;
+ case WPA_CIPHER_TKIP:
+ if (keylen != 32) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
+ "%d (src=" MACSTR ")",
+ keylen, MAC2STR(sm->bssid));
+ return;
+ }
+ break;
+ }
+
+ if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
+ NULL, 0, &sm->ptk))
+ return;
+
+ /* SNonce was successfully used in msg 3/4, so mark it to be renewed
+ * for the next 4-Way Handshake. If msg 3 is received again, the old
+ * SNonce will still be used to avoid changing PTK. */
+ sm->renew_snonce = 1;
+
+ if (key_info & WPA_KEY_INFO_INSTALL) {
+ wpa_supplicant_install_ptk(sm, key);
+ }
+
+ if (key_info & WPA_KEY_INFO_SECURE) {
+ wpa_sm_mlme_setprotection(
+ sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
+ MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
+ eapol_sm_notify_portValid(sm->eapol, TRUE);
+ }
+ wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
+
+ if (ie.gtk &&
+ wpa_supplicant_pairwise_gtk(sm, key,
+ ie.gtk, ie.gtk_len, key_info) < 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
+ }
+
+ if (ieee80211w_set_keys(sm, &ie) < 0)
+ wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
+}
+
+
+#ifdef CONFIG_PEERKEY
+static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+#if 0
+ struct wpa_sm *sm = eloop_ctx;
+ struct wpa_peerkey *peerkey = timeout_ctx;
+#endif
+ /* TODO: time out SMK and any STK that was generated using this SMK */
+}
+
+
+static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey)
+{
+ eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
+ os_free(peerkey);
+}
+
+
+static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
+ const u8 *peer,
+ u16 mui, u16 error_type, int ver)
+{
+#ifndef CONFIG_NO_WPA2
+ size_t rlen;
+ struct wpa_eapol_key *err;
+ struct rsn_error_kde error;
+ u8 *rbuf, *pos;
+ size_t kde_len;
+ u16 key_info;
+
+ kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
+ if (peer)
+ kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
+ NULL, sizeof(*err) + kde_len, &rlen,
+ (void *) &err);
+ if (rbuf == NULL)
+ return -1;
+
+ err->type = EAPOL_KEY_TYPE_RSN;
+ key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
+ WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
+ WPA_KEY_INFO_REQUEST;
+ WPA_PUT_BE16(err->key_info, key_info);
+ WPA_PUT_BE16(err->key_length, 0);
+ os_memcpy(err->replay_counter, sm->request_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
+ pos = (u8 *) (err + 1);
+
+ if (peer) {
+ /* Peer MAC Address KDE */
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
+ }
+
+ /* Error KDE */
+ error.mui = host_to_be16(mui);
+ error.error_type = host_to_be16(error_type);
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
+ (u8 *) &error, sizeof(error));
+
+ if (peer) {
+ wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
+ MACSTR " mui %d error_type %d)",
+ MAC2STR(peer), mui, error_type);
+ } else {
+ wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
+ "(mui %d error_type %d)", mui, error_type);
+ }
+
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
+ rbuf, rlen, err->key_mic);
+
+ return 0;
+#else /* CONFIG_NO_WPA2 */
+ return -1;
+#endif /* CONFIG_NO_WPA2 */
+}
+
+
+static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
+ const unsigned char *src_addr,
+ const struct wpa_eapol_key *key,
+ int ver, struct wpa_peerkey *peerkey)
+{
+ size_t rlen;
+ struct wpa_eapol_key *reply;
+ u8 *rbuf, *pos;
+ size_t kde_len;
+ u16 key_info;
+
+ /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
+ kde_len = peerkey->rsnie_p_len +
+ 2 + RSN_SELECTOR_LEN + ETH_ALEN +
+ 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
+ NULL, sizeof(*reply) + kde_len, &rlen,
+ (void *) &reply);
+ if (rbuf == NULL)
+ return -1;
+
+ reply->type = EAPOL_KEY_TYPE_RSN;
+ key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
+ WPA_KEY_INFO_SECURE;
+ WPA_PUT_BE16(reply->key_info, key_info);
+ WPA_PUT_BE16(reply->key_length, 0);
+ os_memcpy(reply->replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+
+ os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
+
+ WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
+ pos = (u8 *) (reply + 1);
+
+ /* Peer RSN IE */
+ pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
+
+ /* Initiator MAC Address KDE */
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
+
+ /* Initiator Nonce */
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE,
+ peerkey->inonce, WPA_NONCE_LEN);
+
+ wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
+ rbuf, rlen, reply->key_mic);
+
+ return 0;
+}
+
+
+static int wpa_supplicant_process_smk_m2(
+ struct wpa_sm *sm, const unsigned char *src_addr,
+ const struct wpa_eapol_key *key, size_t extra_len, int ver)
+{
+ struct wpa_ssid *ssid = sm->cur_ssid;
+ struct wpa_peerkey *peerkey;
+ struct wpa_eapol_ie_parse kde;
+ struct wpa_ie_data ie;
+ int cipher;
+ struct rsn_ie_hdr *hdr;
+ u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
+
+ if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
+ wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
+ "the current network");
+ return -1;
+ }
+
+ if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
+ 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
+ return -1;
+ }
+
+ if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
+ kde.mac_addr_len < ETH_ALEN) {
+ wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
+ "SMK M2");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
+ MAC2STR(kde.mac_addr));
+
+ if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
+ wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
+ "M2");
+ return -1;
+ }
+
+ if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
+ return -1;
+ }
+
+ cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
+ if (cipher & WPA_CIPHER_CCMP) {
+ wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
+ cipher = WPA_CIPHER_CCMP;
+ } else if (cipher & WPA_CIPHER_TKIP) {
+ wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
+ cipher = WPA_CIPHER_TKIP;
+ } else {
+ wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
+ wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
+ STK_MUI_SMK, STK_ERR_CPHR_NS,
+ ver);
+ return -1;
+ }
+
+ /* TODO: find existing entry and if found, use that instead of adding
+ * a new one; how to handle the case where both ends initiate at the
+ * same time? */
+ peerkey = os_malloc(sizeof(*peerkey));
+ if (peerkey == NULL)
+ return -1;
+ os_memset(peerkey, 0, sizeof(*peerkey));
+ os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
+ os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
+ os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
+ peerkey->rsnie_i_len = kde.rsn_ie_len;
+ peerkey->cipher = cipher;
+
+ if (hostapd_get_rand(peerkey->pnonce, WPA_NONCE_LEN)) {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "WPA: Failed to get random data for PNonce");
+ wpa_supplicant_peerkey_free(sm, peerkey);
+ return -1;
+ }
+
+ hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
+ hdr->elem_id = RSN_INFO_ELEM;
+ WPA_PUT_LE16(hdr->version, RSN_VERSION);
+ pos = (u8 *) (hdr + 1);
+ /* Group Suite can be anything for SMK RSN IE; receiver will just
+ * ignore it. */
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+ /* Include only the selected cipher in pairwise cipher suite */
+ WPA_PUT_LE16(pos, 1);
+ pos += 2;
+ if (cipher == WPA_CIPHER_CCMP)
+ os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
+ else if (cipher == WPA_CIPHER_TKIP)
+ os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
+ pos += RSN_SELECTOR_LEN;
+
+ hdr->len = (pos - peerkey->rsnie_p) - 2;
+ peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
+ wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
+ peerkey->rsnie_p, peerkey->rsnie_p_len);
+
+ wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
+
+ peerkey->next = sm->peerkey;
+ sm->peerkey = peerkey;
+
+ return 0;
+}
+
+
+/**
+ * rsn_smkid - Derive SMK identifier
+ * @smk: Station master key (32 bytes)
+ * @pnonce: Peer Nonce
+ * @mac_p: Peer MAC address
+ * @inonce: Initiator Nonce
+ * @mac_i: Initiator MAC address
+ *
+ * 8.5.1.4 Station to station (STK) key hierarchy
+ * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
+ */
+static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
+ const u8 *inonce, const u8 *mac_i, u8 *smkid)
+{
+ char *title = "SMK Name";
+ const u8 *addr[5];
+ const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
+ ETH_ALEN };
+ unsigned char hash[SHA1_MAC_LEN];
+
+ addr[0] = (u8 *) title;
+ addr[1] = pnonce;
+ addr[2] = mac_p;
+ addr[3] = inonce;
+ addr[4] = mac_i;
+
+ hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
+ os_memcpy(smkid, hash, PMKID_LEN);
+}
+
+
+static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey)
+{
+ size_t mlen;
+ struct wpa_eapol_key *msg;
+ u8 *mbuf;
+ size_t kde_len;
+ u16 key_info, ver;
+
+ kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
+
+ mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*msg) + kde_len, &mlen,
+ (void *) &msg);
+ if (mbuf == NULL)
+ return;
+
+ msg->type = EAPOL_KEY_TYPE_RSN;
+
+ if (peerkey->cipher == WPA_CIPHER_CCMP)
+ ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
+ else
+ ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
+
+ key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
+ WPA_PUT_BE16(msg->key_info, key_info);
+
+ if (peerkey->cipher == WPA_CIPHER_CCMP)
+ WPA_PUT_BE16(msg->key_length, 16);
+ else
+ WPA_PUT_BE16(msg->key_length, 32);
+
+ os_memcpy(msg->replay_counter, peerkey->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(msg->key_data_length, kde_len);
+ wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
+ peerkey->smkid, PMKID_LEN);
+
+ if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "RSN: Failed to get random data for INonce (STK)");
+ os_free(mbuf);
+ return;
+ }
+ wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
+ peerkey->inonce, WPA_NONCE_LEN);
+ os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
+
+ wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
+ MAC2STR(peerkey->addr));
+ wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
+ mbuf, mlen, NULL);
+}
+
+
+static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey)
+{
+ size_t mlen;
+ struct wpa_eapol_key *msg;
+ u8 *mbuf, *pos;
+ size_t kde_len;
+ u16 key_info, ver;
+ u32 lifetime;
+
+ kde_len = peerkey->rsnie_i_len +
+ 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
+
+ mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*msg) + kde_len, &mlen,
+ (void *) &msg);
+ if (mbuf == NULL)
+ return;
+
+ msg->type = EAPOL_KEY_TYPE_RSN;
+
+ if (peerkey->cipher == WPA_CIPHER_CCMP)
+ ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
+ else
+ ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
+
+ key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
+ WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
+ WPA_PUT_BE16(msg->key_info, key_info);
+
+ if (peerkey->cipher == WPA_CIPHER_CCMP)
+ WPA_PUT_BE16(msg->key_length, 16);
+ else
+ WPA_PUT_BE16(msg->key_length, 32);
+
+ os_memcpy(msg->replay_counter, peerkey->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(msg->key_data_length, kde_len);
+ pos = (u8 *) (msg + 1);
+ pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
+ lifetime = host_to_be32(peerkey->lifetime);
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
+ (u8 *) &lifetime, sizeof(lifetime));
+
+ os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
+
+ wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
+ MAC2STR(peerkey->addr));
+ wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
+ ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
+}
+
+
+static int wpa_supplicant_process_smk_m45(
+ struct wpa_sm *sm, const unsigned char *src_addr,
+ const struct wpa_eapol_key *key, size_t extra_len, int ver)
+{
+ struct wpa_ssid *ssid = sm->cur_ssid;
+ struct wpa_peerkey *peerkey;
+ struct wpa_eapol_ie_parse kde;
+ u32 lifetime;
+ struct os_time now;
+ struct wpa_ie_data ie;
+
+ if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
+ wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
+ "the current network");
+ return -1;
+ }
+
+ if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
+ 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
+ return -1;
+ }
+
+ if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
+ kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
+ kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
+ kde.lifetime == NULL || kde.lifetime_len < 4) {
+ wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
+ "Lifetime KDE in SMK M4/M5");
+ return -1;
+ }
+
+ for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
+ if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
+ os_memcmp(peerkey->initiator ? peerkey->inonce :
+ peerkey->pnonce,
+ key->key_nonce, WPA_NONCE_LEN) == 0)
+ break;
+ }
+ if (peerkey == NULL) {
+ wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
+ "for SMK M4/M5: peer " MACSTR,
+ MAC2STR(kde.mac_addr));
+ return -1;
+ }
+
+ if (peerkey->initiator) {
+ int cipher;
+ wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
+ MAC2STR(kde.mac_addr));
+ if (kde.rsn_ie == NULL || kde.rsn_ie_len > PEERKEY_MAX_IE_LEN
+ || wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) <
+ 0) {
+ wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
+ /* TODO: abort negotiation */
+ return -1;
+ }
+
+ if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN)
+ != 0) {
+ wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
+ "not match with INonce used in SMK M1");
+ return -1;
+ }
+
+ if (os_memcmp(kde.smk + PMK_LEN, peerkey->inonce,
+ WPA_NONCE_LEN) != 0) {
+ wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
+ "match with the one used in SMK M1");
+ return -1;
+ }
+
+ os_memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
+ peerkey->rsnie_p_len = kde.rsn_ie_len;
+ os_memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
+
+ cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
+ if (cipher & WPA_CIPHER_CCMP) {
+ wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
+ peerkey->cipher = WPA_CIPHER_CCMP;
+ } else if (cipher & WPA_CIPHER_TKIP) {
+ wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
+ peerkey->cipher = WPA_CIPHER_TKIP;
+ } else {
+ wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR
+ " selected unacceptable cipher",
+ MAC2STR(kde.mac_addr));
+ wpa_supplicant_send_smk_error(
+ sm, src_addr, kde.mac_addr,
+ STK_MUI_SMK, STK_ERR_CPHR_NS, ver);
+ /* TODO: abort negotiation */
+ return -1;
+ }
+ } else {
+ wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator "
+ MACSTR ")", MAC2STR(kde.mac_addr));
+
+ if (os_memcmp(kde.smk + PMK_LEN, peerkey->pnonce,
+ WPA_NONCE_LEN) != 0) {
+ wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
+ "match with the one used in SMK M3");
+ return -1;
+ }
+
+ if (os_memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0)
+ {
+ wpa_printf(MSG_INFO, "RSN: INonce in SMK M5 did not "
+ "match with the one received in SMK M2");
+ return -1;
+ }
+ }
+
+ os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
+ peerkey->smk_complete = 1;
+ wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
+ lifetime = WPA_GET_BE32(kde.lifetime);
+ wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
+ if (lifetime > 1000000000)
+ lifetime = 1000000000; /* avoid overflowing expiration time */
+ peerkey->lifetime = lifetime;
+ os_get_time(&now);
+ peerkey->expiration = now.sec + lifetime;
+ eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
+ sm, peerkey);
+
+ if (peerkey->initiator) {
+ rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
+ peerkey->inonce, sm->own_addr, peerkey->smkid);
+ wpa_supplicant_send_stk_1_of_4(sm, peerkey);
+ } else {
+ rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
+ peerkey->inonce, peerkey->addr, peerkey->smkid);
+ }
+ wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
+
+ return 0;
+}
+
+
+static int wpa_supplicant_process_smk_error(
+ struct wpa_sm *sm, const unsigned char *src_addr,
+ const struct wpa_eapol_key *key, size_t extra_len)
+{
+ struct wpa_ssid *ssid = sm->cur_ssid;
+ struct wpa_eapol_ie_parse kde;
+ struct rsn_error_kde error;
+ u8 peer[ETH_ALEN];
+ u16 error_type;
+
+ wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
+
+ if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
+ wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
+ "the current network");
+ return -1;
+ }
+
+ if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
+ 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
+ return -1;
+ }
+
+ if (kde.error == NULL || kde.error_len < sizeof(error)) {
+ wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
+ return -1;
+ }
+
+ if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
+ os_memcpy(peer, kde.mac_addr, ETH_ALEN);
+ os_memcpy(&error, kde.error, sizeof(error));
+ error_type = be_to_host16(error.error_type);
+ wpa_msg(sm->ctx->ctx, MSG_INFO,
+ "RSN: SMK Error KDE received: MUI %d error_type %d peer "
+ MACSTR,
+ be_to_host16(error.mui), error_type,
+ MAC2STR(peer));
+
+ if (kde.mac_addr &&
+ (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
+ error_type == STK_ERR_CPHR_NS)) {
+ struct wpa_peerkey *peerkey;
+
+ for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
+ if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
+ 0)
+ break;
+ }
+ if (peerkey == NULL) {
+ wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
+ "found for SMK Error");
+ return -1;
+ }
+ /* TODO: abort SMK/STK handshake and remove all related keys */
+ }
+
+ return 0;
+}
+
+
+static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ struct wpa_eapol_ie_parse ie;
+ const u8 *kde;
+ size_t len, kde_buf_len;
+ struct wpa_ptk *stk;
+ u8 buf[8], *kde_buf, *pos;
+ u32 lifetime;
+
+ wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
+
+ os_memset(&ie, 0, sizeof(ie));
+
+ /* RSN: msg 1/4 should contain SMKID for the selected SMK */
+ kde = (const u8 *) (key + 1);
+ len = WPA_GET_BE16(key->key_data_length);
+ wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
+ if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
+ wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
+ return;
+ }
+ if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
+ wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
+ ie.pmkid, PMKID_LEN);
+ return;
+ }
+
+ if (hostapd_get_rand(peerkey->pnonce, WPA_NONCE_LEN)) {
+ wpa_msg(sm->ctx->ctx, MSG_WARNING,
+ "RSN: Failed to get random data for PNonce");
+ return;
+ }
+ wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
+ peerkey->pnonce, WPA_NONCE_LEN);
+
+ /* Calculate STK which will be stored as a temporary STK until it has
+ * been verified when processing message 3/4. */
+ stk = &peerkey->tstk;
+ wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
+ sm->own_addr, peerkey->addr,
+ peerkey->pnonce, key->key_nonce,
+ (u8 *) stk, sizeof(*stk));
+ /* Supplicant: swap tx/rx Mic keys */
+ os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
+ os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
+ os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
+ peerkey->tstk_set = 1;
+
+ kde_buf_len = peerkey->rsnie_p_len +
+ 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
+ 2 + RSN_SELECTOR_LEN + PMKID_LEN;
+ kde_buf = os_malloc(kde_buf_len);
+ if (kde_buf == NULL)
+ return;
+ pos = kde_buf;
+ pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
+ lifetime = host_to_be32(peerkey->lifetime);
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
+ (u8 *) &lifetime, sizeof(lifetime));
+ pos = wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
+
+ if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
+ peerkey->pnonce, kde_buf, kde_buf_len,
+ stk)) {
+ os_free(kde_buf);
+ return;
+ }
+ os_free(kde_buf);
+
+ os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
+}
+
+
+static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey,
+ struct wpa_eapol_ie_parse *kde)
+{
+ u32 lifetime;
+ struct os_time now;
+
+ if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
+ return;
+
+ lifetime = WPA_GET_BE32(kde->lifetime);
+
+ if (lifetime >= peerkey->lifetime) {
+ wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
+ "which is larger than or equal to own value %u "
+ "seconds - ignored", lifetime, peerkey->lifetime);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
+ "(own was %u seconds) - updated",
+ lifetime, peerkey->lifetime);
+ peerkey->lifetime = lifetime;
+
+ os_get_time(&now);
+ peerkey->expiration = now.sec + lifetime;
+ eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
+ eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
+ sm, peerkey);
+}
+
+
+static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ struct wpa_eapol_ie_parse kde;
+ const u8 *keydata;
+ size_t len;
+
+ wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
+
+ os_memset(&kde, 0, sizeof(kde));
+
+ /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
+ * from the peer. It may also include Lifetime KDE. */
+ keydata = (const u8 *) (key + 1);
+ len = WPA_GET_BE16(key->key_data_length);
+ wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
+ if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
+ kde.pmkid == NULL || kde.rsn_ie == NULL) {
+ wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
+ return;
+ }
+
+ if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
+ wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
+ kde.pmkid, PMKID_LEN);
+ return;
+ }
+
+ if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
+ os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
+ wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
+ "handshakes did not match");
+ wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
+ peerkey->rsnie_p, peerkey->rsnie_p_len);
+ wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
+ kde.rsn_ie, kde.rsn_ie_len);
+ return;
+ }
+
+ wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
+
+ wpa_supplicant_send_stk_3_of_4(sm, peerkey);
+ os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
+}
+
+
+static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ struct wpa_eapol_ie_parse kde;
+ const u8 *keydata;
+ size_t len, key_len;
+ const u8 *_key;
+ u8 key_buf[32], rsc[6];
+
+ wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
+
+ os_memset(&kde, 0, sizeof(kde));
+
+ /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
+ * Lifetime KDE. */
+ keydata = (const u8 *) (key + 1);
+ len = WPA_GET_BE16(key->key_data_length);
+ wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
+ if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
+ wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
+ "STK 3/4");
+ return;
+ }
+
+ if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
+ os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
+ wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
+ "handshakes did not match");
+ wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
+ "handshake",
+ peerkey->rsnie_i, peerkey->rsnie_i_len);
+ wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
+ "handshake",
+ kde.rsn_ie, kde.rsn_ie_len);
+ return;
+ }
+
+ if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
+ wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
+ "4-Way Handshake differs from 3 of STK 4-Way "
+ "Handshake - drop packet (src=" MACSTR ")",
+ MAC2STR(peerkey->addr));
+ return;
+ }
+
+ wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
+
+ if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
+ WPA_GET_BE16(key->key_info),
+ NULL, 0, &peerkey->stk))
+ return;
+
+ _key = (u8 *) peerkey->stk.tk1;
+ if (peerkey->cipher == WPA_CIPHER_TKIP) {
+ /* Swap Tx/Rx keys for Michael MIC */
+ os_memcpy(key_buf, _key, 16);
+ os_memcpy(key_buf + 16, _key + 24, 8);
+ os_memcpy(key_buf + 24, _key + 16, 8);
+ _key = key_buf;
+ key_len = 32;
+ } else
+ key_len = 16;
+
+ os_memset(rsc, 0, 6);
+ if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
+ rsc, sizeof(rsc), _key, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
+ "driver.");
+ return;
+ }
+}
+
+
+static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
+ struct wpa_peerkey *peerkey,
+ const struct wpa_eapol_key *key,
+ u16 ver)
+{
+ u8 rsc[6];
+
+ wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
+
+ os_memset(rsc, 0, 6);
+ if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
+ rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
+ peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
+ wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
+ "driver.");
+ return;
+ }
+}
+#endif /* CONFIG_PEERKEY */
+
+
+static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
+ const u8 *keydata,
+ size_t keydatalen,
+ u16 key_info,
+ struct wpa_gtk_data *gd)
+{
+ int maxkeylen;
+ struct wpa_eapol_ie_parse ie;
+
+ wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
+ wpa_supplicant_parse_ies(keydata, keydatalen, &ie);
+ if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
+ return -1;
+ }
+ if (ie.gtk == NULL) {
+ wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2");
+ return -1;
+ }
+ maxkeylen = gd->gtk_len = ie.gtk_len - 2;
+
+ if (wpa_supplicant_check_group_cipher(sm->group_cipher,
+ gd->gtk_len, maxkeylen,
+ &gd->key_rsc_len, &gd->alg))
+ return -1;
+
+ wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
+ ie.gtk, ie.gtk_len);
+ gd->keyidx = ie.gtk[0] & 0x3;
+ gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
+ !!(ie.gtk[0] & BIT(2)));
+ if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
+ wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE "
+ "(len=%lu)", (unsigned long) ie.gtk_len - 2);
+ return -1;
+ }
+ os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
+
+ if (ieee80211w_set_keys(sm, &ie) < 0)
+ wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
+
+ return 0;
+}
+
+
+static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
+ const struct wpa_eapol_key *key,
+ size_t keydatalen, int key_info,
+ size_t extra_len, u16 ver,
+ struct wpa_gtk_data *gd)
+{
+ size_t maxkeylen;
+ u8 ek[32];
+
+ gd->gtk_len = WPA_GET_BE16(key->key_length);
+ maxkeylen = keydatalen;
+ if (keydatalen > extra_len) {
+ wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:"
+ " key_data_length=%lu > extra_len=%lu",
+ (unsigned long) keydatalen,
+ (unsigned long) extra_len);
+ return -1;
+ }
+ if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ if (maxkeylen < 8) {
+ wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)",
+ (unsigned long) maxkeylen);
+ return -1;
+ }
+ maxkeylen -= 8;
+ }
+
+ if (wpa_supplicant_check_group_cipher(sm->group_cipher,
+ gd->gtk_len, maxkeylen,
+ &gd->key_rsc_len, &gd->alg))
+ return -1;
+
+ gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
+ WPA_KEY_INFO_KEY_INDEX_SHIFT;
+ if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
+ os_memcpy(ek, key->key_iv, 16);
+ os_memcpy(ek + 16, sm->ptk.kek, 16);
+ if (keydatalen > sizeof(gd->gtk)) {
+ wpa_printf(MSG_WARNING, "WPA: RC4 key data "
+ "too long (%lu)",
+ (unsigned long) keydatalen);
+ return -1;
+ }
+ os_memcpy(gd->gtk, key + 1, keydatalen);
+ rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
+ } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ if (keydatalen % 8) {
+ wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP "
+ "len %lu", (unsigned long) keydatalen);
+ return -1;
+ }
+ if (maxkeylen > sizeof(gd->gtk)) {
+ wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data "
+ "too long (keydatalen=%lu maxkeylen=%lu)",
+ (unsigned long) keydatalen,
+ (unsigned long) maxkeylen);
+ return -1;
+ }
+ if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
+ (const u8 *) (key + 1), gd->gtk)) {
+ wpa_printf(MSG_WARNING, "WPA: AES unwrap "
+ "failed - could not decrypt GTK");
+ return -1;
+ }
+ }
+ gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
+ sm, !!(key_info & WPA_KEY_INFO_TXRX));
+ return 0;
+}
+
+
+static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
+ const struct wpa_eapol_key *key,
+ int ver, u16 key_info)
+{
+ size_t rlen;
+ struct wpa_eapol_key *reply;
+ u8 *rbuf;
+
+ rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
+ sizeof(*reply), &rlen, (void *) &reply);
+ if (rbuf == NULL)
+ return -1;
+
+ reply->type = sm->proto == WPA_PROTO_RSN ?
+ EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
+ key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
+ key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
+ WPA_PUT_BE16(reply->key_info, key_info);
+ if (sm->proto == WPA_PROTO_RSN)
+ WPA_PUT_BE16(reply->key_length, 0);
+ else
+ os_memcpy(reply->key_length, key->key_length, 2);
+ os_memcpy(reply->replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+
+ WPA_PUT_BE16(reply->key_data_length, 0);
+
+ wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
+ rbuf, rlen, reply->key_mic);
+
+ return 0;
+}
+
+
+static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ const unsigned char *src_addr,
+ const struct wpa_eapol_key *key,
+ int extra_len, u16 ver)
+{
+ u16 key_info, keydatalen;
+ int rekey, ret;
+ struct wpa_gtk_data gd;
+
+ os_memset(&gd, 0, sizeof(gd));
+
+ rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
+ wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
+ MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
+
+ key_info = WPA_GET_BE16(key->key_info);
+ keydatalen = WPA_GET_BE16(key->key_data_length);
+
+ if (sm->proto == WPA_PROTO_RSN) {
+ ret = wpa_supplicant_process_1_of_2_rsn(sm,
+ (const u8 *) (key + 1),
+ keydatalen, key_info,
+ &gd);
+ } else {
+ ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
+ key_info, extra_len,
+ ver, &gd);
+ }
+
+ wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
+
+ if (ret)
+ return;
+
+ if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
+ return;
+
+ if (rekey) {
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
+ "completed with " MACSTR " [GTK=%s]",
+ MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
+ wpa_sm_set_state(sm, WPA_COMPLETED);
+ } else {
+ wpa_supplicant_key_neg_complete(sm, sm->bssid,
+ key_info &
+ WPA_KEY_INFO_SECURE);
+ }
+}
+
+
+static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
+ struct wpa_eapol_key *key,
+ u16 ver,
+ const u8 *buf, size_t len)
+{
+ u8 mic[16];
+ int ok = 0;
+
+ os_memcpy(mic, key->key_mic, 16);
+ if (sm->tptk_set) {
+ os_memset(key->key_mic, 0, 16);
+ wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
+ key->key_mic);
+ if (os_memcmp(mic, key->key_mic, 16) != 0) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
+ "when using TPTK - ignoring TPTK");
+ } else {
+ ok = 1;
+ sm->tptk_set = 0;
+ sm->ptk_set = 1;
+ os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
+ }
+ }
+
+ if (!ok && sm->ptk_set) {
+ os_memset(key->key_mic, 0, 16);
+ wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
+ key->key_mic);
+ if (os_memcmp(mic, key->key_mic, 16) != 0) {
+ wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
+ "- dropping packet");
+ return -1;
+ }
+ ok = 1;
+ }
+
+ if (!ok) {
+ wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC "
+ "- dropping packet");
+ return -1;
+ }
+
+ os_memcpy(sm->rx_replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ sm->rx_replay_counter_set = 1;
+ return 0;
+}
+
+
+#ifdef CONFIG_PEERKEY
+static int wpa_supplicant_verify_eapol_key_mic_peerkey(
+ struct wpa_sm *sm, struct wpa_peerkey *peerkey,
+ struct wpa_eapol_key *key, u16 ver, const u8 *buf, size_t len)
+{
+ u8 mic[16];
+ int ok = 0;
+
+ if (peerkey->initiator && !peerkey->stk_set) {
+ wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
+ sm->own_addr, peerkey->addr,
+ peerkey->inonce, key->key_nonce,
+ (u8 *) &peerkey->stk, sizeof(peerkey->stk));
+ peerkey->stk_set = 1;
+ }
+
+ os_memcpy(mic, key->key_mic, 16);
+ if (peerkey->tstk_set) {
+ os_memset(key->key_mic, 0, 16);
+ wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
+ key->key_mic);
+ if (os_memcmp(mic, key->key_mic, 16) != 0) {
+ wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
+ "when using TSTK - ignoring TSTK");
+ } else {
+ ok = 1;
+ peerkey->tstk_set = 0;
+ peerkey->stk_set = 1;
+ os_memcpy(&peerkey->stk, &peerkey->tstk,
+ sizeof(peerkey->stk));
+ }
+ }
+
+ if (!ok && peerkey->stk_set) {
+ os_memset(key->key_mic, 0, 16);
+ wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
+ key->key_mic);
+ if (os_memcmp(mic, key->key_mic, 16) != 0) {
+ wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
+ "- dropping packet");
+ return -1;
+ }
+ ok = 1;
+ }
+
+ if (!ok) {
+ wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
+ "- dropping packet");
+ return -1;
+ }
+
+ os_memcpy(peerkey->replay_counter, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ peerkey->replay_counter_set = 1;
+ return 0;
+}
+#endif /* CONFIG_PEERKEY */
+
+
+/* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
+static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
+ struct wpa_eapol_key *key, u16 ver)
+{
+ u16 keydatalen = WPA_GET_BE16(key->key_data_length);
+
+ wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
+ (u8 *) (key + 1), keydatalen);
+ if (!sm->ptk_set) {
+ wpa_printf(MSG_WARNING, "WPA: PTK not available, "
+ "cannot decrypt EAPOL-Key key data.");
+ return -1;
+ }
+
+ /* Decrypt key data here so that this operation does not need
+ * to be implemented separately for each message type. */
+ if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
+ u8 ek[32];
+ os_memcpy(ek, key->key_iv, 16);
+ os_memcpy(ek + 16, sm->ptk.kek, 16);
+ rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
+ } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ u8 *buf;
+ if (keydatalen % 8) {
+ wpa_printf(MSG_WARNING, "WPA: Unsupported "
+ "AES-WRAP len %d", keydatalen);
+ return -1;
+ }
+ keydatalen -= 8; /* AES-WRAP adds 8 bytes */
+ buf = os_malloc(keydatalen);
+ if (buf == NULL) {
+ wpa_printf(MSG_WARNING, "WPA: No memory for "
+ "AES-UNWRAP buffer");
+ return -1;
+ }
+ if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
+ (u8 *) (key + 1), buf)) {
+ os_free(buf);
+ wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
+ "could not decrypt EAPOL-Key key data");
+ return -1;
+ }
+ os_memcpy(key + 1, buf, keydatalen);
+ os_free(buf);
+ WPA_PUT_BE16(key->key_data_length, keydatalen);
+ }
+ wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
+ (u8 *) (key + 1), keydatalen);
+ return 0;
+}
+
+
+/**
+ * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ */
+void wpa_sm_aborted_cached(struct wpa_sm *sm)
+{
+ if (sm && sm->cur_pmksa) {
+ wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt");
+ sm->cur_pmksa = NULL;
+ }
+}
+
+
+static void wpa_eapol_key_dump(const struct wpa_eapol_key *key)
+{
+#ifndef CONFIG_NO_STDOUT_DEBUG
+ u16 key_info = WPA_GET_BE16(key->key_info);
+
+ wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type);
+ wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
+ "%s%s%s%s%s%s%s)",
+ key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
+ (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
+ WPA_KEY_INFO_KEY_INDEX_SHIFT,
+ (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
+ key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
+ key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
+ key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
+ key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
+ key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
+ key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
+ key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
+ key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
+ wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u",
+ WPA_GET_BE16(key->key_length),
+ WPA_GET_BE16(key->key_data_length));
+ wpa_hexdump(MSG_DEBUG, " replay_counter",
+ key->replay_counter, WPA_REPLAY_COUNTER_LEN);
+ wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
+ wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
+ wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
+ wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
+ wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16);
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+}
+
+
+/**
+ * wpa_sm_rx_eapol - Process received WPA EAPOL frames
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @src_addr: Source MAC address of the EAPOL packet
+ * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
+ * @len: Length of the EAPOL frame
+ * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
+ *
+ * This function is called for each received EAPOL frame. Other than EAPOL-Key
+ * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
+ * only processing WPA and WPA2 EAPOL-Key frames.
+ *
+ * The received EAPOL-Key packets are validated and valid packets are replied
+ * to. In addition, key material (PTK, GTK) is configured at the end of a
+ * successful key handshake.
+ */
+int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ size_t plen, data_len, extra_len;
+ struct ieee802_1x_hdr *hdr;
+ struct wpa_eapol_key *key;
+ u16 key_info, ver;
+ u8 *tmp;
+ int ret = -1;
+ struct wpa_peerkey *peerkey = NULL;
+
+ if (len < sizeof(*hdr) + sizeof(*key)) {
+ wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
+ "EAPOL-Key (len %lu, expecting at least %lu)",
+ (unsigned long) len,
+ (unsigned long) sizeof(*hdr) + sizeof(*key));
+ return 0;
+ }
+
+ tmp = os_malloc(len);
+ if (tmp == NULL)
+ return -1;
+ os_memcpy(tmp, buf, len);
+
+ hdr = (struct ieee802_1x_hdr *) tmp;
+ key = (struct wpa_eapol_key *) (hdr + 1);
+ plen = be_to_host16(hdr->length);
+ data_len = plen + sizeof(*hdr);
+ wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu",
+ hdr->version, hdr->type, (unsigned long) plen);
+
+ if (hdr->version < EAPOL_VERSION) {
+ /* TODO: backwards compatibility */
+ }
+ if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
+ wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, "
+ "not a Key frame", hdr->type);
+ ret = 0;
+ goto out;
+ }
+ if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
+ wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
+ "invalid (frame size %lu)",
+ (unsigned long) plen, (unsigned long) len);
+ ret = 0;
+ goto out;
+ }
+
+ if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
+ {
+ wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, "
+ "discarded", key->type);
+ ret = 0;
+ goto out;
+ }
+ wpa_eapol_key_dump(key);
+
+ eapol_sm_notify_lower_layer_success(sm->eapol);
+ wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
+ if (data_len < len) {
+ wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
+ "802.1X data", (unsigned long) len - data_len);
+ }
+ key_info = WPA_GET_BE16(key->key_info);
+ ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+ if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
+ ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
+ "version %d.", ver);
+ goto out;
+ }
+
+ if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
+ ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+ wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "
+ "descriptor version (%d) is not 2.", ver);
+ if (sm->group_cipher != WPA_CIPHER_CCMP &&
+ !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
+ /* Earlier versions of IEEE 802.11i did not explicitly
+ * require version 2 descriptor for all EAPOL-Key
+ * packets, so allow group keys to use version 1 if
+ * CCMP is not used for them. */
+ wpa_printf(MSG_INFO, "WPA: Backwards compatibility: "
+ "allow invalid version for non-CCMP group "
+ "keys");
+ } else
+ goto out;
+ }
+
+#ifdef CONFIG_PEERKEY
+ for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
+ if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
+ break;
+ }
+
+ if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
+ if (!peerkey->initiator && peerkey->replay_counter_set &&
+ os_memcmp(key->replay_counter, peerkey->replay_counter,
+ WPA_REPLAY_COUNTER_LEN) <= 0) {
+ wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
+ "Counter did not increase (STK) - dropping "
+ "packet");
+ goto out;
+ } else if (peerkey->initiator) {
+ u8 _tmp[WPA_REPLAY_COUNTER_LEN];
+ os_memcpy(_tmp, key->replay_counter,
+ WPA_REPLAY_COUNTER_LEN);
+ inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
+ if (os_memcmp(_tmp, peerkey->replay_counter,
+ WPA_REPLAY_COUNTER_LEN) != 0) {
+ wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
+ "Counter did not match (STK) - "
+ "dropping packet");
+ goto out;
+ }
+ }
+ }
+
+ if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
+ wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer");
+ goto out;
+ }
+#endif /* CONFIG_PEERKEY */
+
+ if (!peerkey && sm->rx_replay_counter_set &&
+ os_memcmp(key->replay_counter, sm->rx_replay_counter,
+ WPA_REPLAY_COUNTER_LEN) <= 0) {
+ wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not"
+ " increase - dropping packet");
+ goto out;
+ }
+
+ if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
+#ifdef CONFIG_PEERKEY
+ && (peerkey == NULL || !peerkey->initiator)
+#endif /* CONFIG_PEERKEY */
+ ) {
+ wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info");
+ goto out;
+ }
+
+ if (key_info & WPA_KEY_INFO_REQUEST) {
+ wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - "
+ "dropped");
+ goto out;
+ }
+
+ if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
+ wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
+ goto out;
+
+#ifdef CONFIG_PEERKEY
+ if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
+ wpa_supplicant_verify_eapol_key_mic_peerkey(
+ sm, peerkey, key, ver, tmp, data_len))
+ goto out;
+#endif /* CONFIG_PEERKEY */
+
+ extra_len = data_len - sizeof(*hdr) - sizeof(*key);
+
+ if (WPA_GET_BE16(key->key_data_length) > extra_len) {
+ wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
+ "frame - key_data overflow (%d > %lu)",
+ WPA_GET_BE16(key->key_data_length),
+ (unsigned long) extra_len);
+ goto out;
+ }
+ extra_len = WPA_GET_BE16(key->key_data_length);
+
+ if (sm->proto == WPA_PROTO_RSN &&
+ (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ if (wpa_supplicant_decrypt_key_data(sm, key, ver))
+ goto out;
+ extra_len = WPA_GET_BE16(key->key_data_length);
+ }
+
+ if (key_info & WPA_KEY_INFO_KEY_TYPE) {
+ if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
+ wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key "
+ "(Pairwise) with non-zero key index");
+ goto out;
+ }
+#ifdef CONFIG_PEERKEY
+ if (peerkey) {
+ if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK))
+ == (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
+ /* 3/4 STK 4-Way Handshake */
+ wpa_supplicant_process_stk_3_of_4(sm, peerkey,
+ key, ver);
+ } else if (key_info & WPA_KEY_INFO_ACK) {
+ /* 1/4 STK 4-Way Handshake */
+ wpa_supplicant_process_stk_1_of_4(sm, peerkey,
+ key, ver);
+ } else if (key_info & WPA_KEY_INFO_SECURE) {
+ /* 4/4 STK 4-Way Handshake */
+ wpa_supplicant_process_stk_4_of_4(sm, peerkey,
+ key, ver);
+ } else {
+ /* 2/4 STK 4-Way Handshake */
+ wpa_supplicant_process_stk_2_of_4(sm, peerkey,
+ key, ver);
+ }
+ } else
+#endif /* CONFIG_PEERKEY */
+ if (key_info & WPA_KEY_INFO_MIC) {
+ /* 3/4 4-Way Handshake */
+ wpa_supplicant_process_3_of_4(sm, key, ver);
+ } else {
+ /* 1/4 4-Way Handshake */
+ wpa_supplicant_process_1_of_4(sm, src_addr, key,
+ ver);
+ }
+ } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
+#ifdef CONFIG_PEERKEY
+ if (key_info & WPA_KEY_INFO_ERROR) {
+ /* SMK Error */
+ wpa_supplicant_process_smk_error(sm, src_addr, key,
+ extra_len);
+ } else if (key_info & WPA_KEY_INFO_ACK) {
+ /* SMK M2 */
+ wpa_supplicant_process_smk_m2(sm, src_addr, key,
+ extra_len, ver);
+ } else {
+ /* SMK M4 or M5 */
+ wpa_supplicant_process_smk_m45(sm, src_addr, key,
+ extra_len, ver);
+ }
+#endif /* CONFIG_PEERKEY */
+ } else {
+ if (key_info & WPA_KEY_INFO_MIC) {
+ /* 1/2 Group Key Handshake */
+ wpa_supplicant_process_1_of_2(sm, src_addr, key,
+ extra_len, ver);
+ } else {
+ wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) "
+ "without Mic bit - dropped");
+ }
+ }
+
+ ret = 1;
+
+out:
+ os_free(tmp);
+ return ret;
+}
+
+
+#ifdef CONFIG_CTRL_IFACE
+static int wpa_cipher_bits(int cipher)
+{
+ switch (cipher) {
+ case WPA_CIPHER_CCMP:
+ return 128;
+ case WPA_CIPHER_TKIP:
+ return 256;
+ case WPA_CIPHER_WEP104:
+ return 104;
+ case WPA_CIPHER_WEP40:
+ return 40;
+ default:
+ return 0;
+ }
+}
+
+
+static const u8 * wpa_key_mgmt_suite(struct wpa_sm *sm)
+{
+ static const u8 *dummy = (u8 *) "\x00\x00\x00\x00";
+ switch (sm->key_mgmt) {
+ case WPA_KEY_MGMT_IEEE8021X:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
+ WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
+ case WPA_KEY_MGMT_PSK:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
+ WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
+ case WPA_KEY_MGMT_WPA_NONE:
+ return WPA_AUTH_KEY_MGMT_NONE;
+ default:
+ return dummy;
+ }
+}
+
+
+static const u8 * wpa_cipher_suite(struct wpa_sm *sm, int cipher)
+{
+ static const u8 *dummy = (u8 *) "\x00\x00\x00\x00";
+ switch (cipher) {
+ case WPA_CIPHER_CCMP:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
+ case WPA_CIPHER_TKIP:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
+ case WPA_CIPHER_WEP104:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
+ case WPA_CIPHER_WEP40:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
+ case WPA_CIPHER_NONE:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
+ default:
+ return dummy;
+ }
+}
+
+
+#define RSN_SUITE "%02x-%02x-%02x-%d"
+#define RSN_SUITE_ARG(s) (s)[0], (s)[1], (s)[2], (s)[3]
+
+/**
+ * wpa_sm_get_mib - Dump text list of MIB entries
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @buf: Buffer for the list
+ * @buflen: Length of the buffer
+ * Returns: Number of bytes written to buffer
+ *
+ * This function is used fetch dot11 MIB variables.
+ */
+int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
+{
+ char pmkid_txt[PMKID_LEN * 2 + 1];
+ int rsna, ret;
+ size_t len;
+
+ if (sm->cur_pmksa) {
+ wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
+ sm->cur_pmksa->pmkid, PMKID_LEN);
+ } else
+ pmkid_txt[0] = '\0';
+
+ if ((sm->key_mgmt == WPA_KEY_MGMT_PSK ||
+ sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X) &&
+ sm->proto == WPA_PROTO_RSN)
+ rsna = 1;
+ else
+ rsna = 0;
+
+ ret = os_snprintf(buf, buflen,
+ "dot11RSNAOptionImplemented=TRUE\n"
+ "dot11RSNAPreauthenticationImplemented=TRUE\n"
+ "dot11RSNAEnabled=%s\n"
+ "dot11RSNAPreauthenticationEnabled=%s\n"
+ "dot11RSNAConfigVersion=%d\n"
+ "dot11RSNAConfigPairwiseKeysSupported=5\n"
+ "dot11RSNAConfigGroupCipherSize=%d\n"
+ "dot11RSNAConfigPMKLifetime=%d\n"
+ "dot11RSNAConfigPMKReauthThreshold=%d\n"
+ "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
+ "dot11RSNAConfigSATimeout=%d\n",
+ rsna ? "TRUE" : "FALSE",
+ rsna ? "TRUE" : "FALSE",
+ RSN_VERSION,
+ wpa_cipher_bits(sm->group_cipher),
+ sm->dot11RSNAConfigPMKLifetime,
+ sm->dot11RSNAConfigPMKReauthThreshold,
+ sm->dot11RSNAConfigSATimeout);
+ if (ret < 0 || (size_t) ret >= buflen)
+ return 0;
+ len = ret;
+
+ ret = os_snprintf(
+ buf + len, buflen - len,
+ "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
+ "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
+ "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
+ "dot11RSNAPMKIDUsed=%s\n"
+ "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
+ "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
+ "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
+ "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
+ "dot11RSNA4WayHandshakeFailures=%u\n",
+ RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
+ RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
+ RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
+ pmkid_txt,
+ RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
+ RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
+ RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
+ sm->dot11RSNA4WayHandshakeFailures);
+ if (ret >= 0 && (size_t) ret < buflen)
+ len += ret;
+
+ return (int) len;
+}
+#endif /* CONFIG_CTRL_IFACE */
+
+
+static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
+ void *ctx, int replace)
+{
+ struct wpa_sm *sm = ctx;
+
+ if (sm->cur_pmksa == entry ||
+ (sm->pmk_len == entry->pmk_len &&
+ os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
+ wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
+ sm->cur_pmksa = NULL;
+
+ if (replace) {
+ /* A new entry is being added, so no need to
+ * deauthenticate in this case. This happens when EAP
+ * authentication is completed again (reauth or failed
+ * PMKSA caching attempt). */
+ return;
+ }
+
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED);
+ wpa_sm_req_scan(sm, 0, 0);
+ }
+}
+
+
+/**
+ * wpa_sm_init - Initialize WPA state machine
+ * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
+ * Returns: Pointer to the allocated WPA state machine data
+ *
+ * This function is used to allocate a new WPA state machine and the returned
+ * value is passed to all WPA state machine calls.
+ */
+struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
+{
+ struct wpa_sm *sm;
+
+ sm = os_zalloc(sizeof(*sm));
+ if (sm == NULL)
+ return NULL;
+ sm->renew_snonce = 1;
+ sm->ctx = ctx;
+
+ sm->dot11RSNAConfigPMKLifetime = 43200;
+ sm->dot11RSNAConfigPMKReauthThreshold = 70;
+ sm->dot11RSNAConfigSATimeout = 60;
+
+ sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
+ if (sm->pmksa == NULL) {
+ wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization "
+ "failed");
+ os_free(sm);
+ return NULL;
+ }
+
+ return sm;
+}
+
+
+/**
+ * wpa_sm_deinit - Deinitialize WPA state machine
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ */
+void wpa_sm_deinit(struct wpa_sm *sm)
+{
+ if (sm == NULL)
+ return;
+ pmksa_cache_deinit(sm->pmksa);
+ eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
+ os_free(sm->assoc_wpa_ie);
+ os_free(sm->ap_wpa_ie);
+ os_free(sm->ap_rsn_ie);
+ os_free(sm->ctx);
+#ifdef CONFIG_PEERKEY
+ {
+ struct wpa_peerkey *prev, *peerkey = sm->peerkey;
+ while (peerkey) {
+ prev = peerkey;
+ peerkey = peerkey->next;
+ os_free(prev);
+ }
+ }
+#endif /* CONFIG_PEERKEY */
+ os_free(sm);
+}
+
+
+/**
+ * wpa_sm_notify_assoc - Notify WPA state machine about association
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @bssid: The BSSID of the new association
+ *
+ * This function is called to let WPA state machine know that the connection
+ * was established.
+ */
+void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+{
+ if (sm == NULL)
+ return;
+
+ wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
+ os_memcpy(sm->bssid, bssid, ETH_ALEN);
+ os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
+ sm->rx_replay_counter_set = 0;
+ sm->renew_snonce = 1;
+ if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
+ rsn_preauth_deinit(sm);
+}
+
+
+/**
+ * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ *
+ * This function is called to let WPA state machine know that the connection
+ * was lost. This will abort any existing pre-authentication session.
+ */
+void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+{
+ rsn_preauth_deinit(sm);
+ if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
+ sm->dot11RSNA4WayHandshakeFailures++;
+}
+
+
+/**
+ * wpa_sm_set_pmk - Set PMK
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @pmk: The new PMK
+ * @pmk_len: The length of the new PMK in bytes
+ *
+ * Configure the PMK for WPA state machine.
+ */
+void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
+{
+ if (sm == NULL)
+ return;
+
+ sm->pmk_len = pmk_len;
+ os_memcpy(sm->pmk, pmk, pmk_len);
+}
+
+
+/**
+ * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ *
+ * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
+ * will be cleared.
+ */
+void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
+{
+ if (sm == NULL)
+ return;
+
+ if (sm->cur_pmksa) {
+ sm->pmk_len = sm->cur_pmksa->pmk_len;
+ os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
+ } else {
+ sm->pmk_len = PMK_LEN;
+ os_memset(sm->pmk, 0, PMK_LEN);
+ }
+}
+
+
+/**
+ * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @fast_reauth: Whether fast reauthentication (EAP) is allowed
+ */
+void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
+{
+ if (sm)
+ sm->fast_reauth = fast_reauth;
+}
+
+
+/**
+ * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @scard_ctx: Context pointer for smartcard related callback functions
+ */
+void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
+{
+ if (sm == NULL)
+ return;
+ sm->scard_ctx = scard_ctx;
+ if (sm->preauth_eapol)
+ eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
+}
+
+
+/**
+ * wpa_sm_set_config - Notification of current configration change
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @config: Pointer to current network configuration
+ *
+ * Notify WPA state machine that configuration has changed. config will be
+ * stored as a backpointer to network configuration. This can be %NULL to clear
+ * the stored pointed.
+ */
+void wpa_sm_set_config(struct wpa_sm *sm, struct wpa_ssid *config)
+{
+ if (sm) {
+ sm->cur_ssid = config;
+ pmksa_cache_notify_reconfig(sm->pmksa);
+ }
+}
+
+
+/**
+ * wpa_sm_set_own_addr - Set own MAC address
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @addr: Own MAC address
+ */
+void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
+{
+ if (sm)
+ os_memcpy(sm->own_addr, addr, ETH_ALEN);
+}
+
+
+/**
+ * wpa_sm_set_ifname - Set network interface name
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @ifname: Interface name
+ * @bridge_ifname: Optional bridge interface name (for pre-auth)
+ */
+void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
+ const char *bridge_ifname)
+{
+ if (sm) {
+ sm->ifname = ifname;
+ sm->bridge_ifname = bridge_ifname;
+ }
+}
+
+
+/**
+ * wpa_sm_set_eapol - Set EAPOL state machine pointer
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ */
+void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
+{
+ if (sm)
+ sm->eapol = eapol;
+}
+
+
+/**
+ * wpa_sm_set_param - Set WPA state machine parameters
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @param: Parameter field
+ * @value: Parameter value
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
+ unsigned int value)
+{
+ int ret = 0;
+
+ if (sm == NULL)
+ return -1;
+
+ switch (param) {
+ case RSNA_PMK_LIFETIME:
+ if (value > 0)
+ sm->dot11RSNAConfigPMKLifetime = value;
+ else
+ ret = -1;
+ break;
+ case RSNA_PMK_REAUTH_THRESHOLD:
+ if (value > 0 && value <= 100)
+ sm->dot11RSNAConfigPMKReauthThreshold = value;
+ else
+ ret = -1;
+ break;
+ case RSNA_SA_TIMEOUT:
+ if (value > 0)
+ sm->dot11RSNAConfigSATimeout = value;
+ else
+ ret = -1;
+ break;
+ case WPA_PARAM_PROTO:
+ sm->proto = value;
+ break;
+ case WPA_PARAM_PAIRWISE:
+ sm->pairwise_cipher = value;
+ break;
+ case WPA_PARAM_GROUP:
+ sm->group_cipher = value;
+ break;
+ case WPA_PARAM_KEY_MGMT:
+ sm->key_mgmt = value;
+ break;
+#ifdef CONFIG_IEEE80211W
+ case WPA_PARAM_MGMT_GROUP:
+ sm->mgmt_group_cipher = value;
+ break;
+#endif /* CONFIG_IEEE80211W */
+ default:
+ break;
+ }
+
+ return ret;
+}
+
+
+/**
+ * wpa_sm_get_param - Get WPA state machine parameters
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @param: Parameter field
+ * Returns: Parameter value
+ */
+unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
+{
+ if (sm == NULL)
+ return 0;
+
+ switch (param) {
+ case RSNA_PMK_LIFETIME:
+ return sm->dot11RSNAConfigPMKLifetime;
+ case RSNA_PMK_REAUTH_THRESHOLD:
+ return sm->dot11RSNAConfigPMKReauthThreshold;
+ case RSNA_SA_TIMEOUT:
+ return sm->dot11RSNAConfigSATimeout;
+ case WPA_PARAM_PROTO:
+ return sm->proto;
+ case WPA_PARAM_PAIRWISE:
+ return sm->pairwise_cipher;
+ case WPA_PARAM_GROUP:
+ return sm->group_cipher;
+ case WPA_PARAM_KEY_MGMT:
+ return sm->key_mgmt;
+#ifdef CONFIG_IEEE80211W
+ case WPA_PARAM_MGMT_GROUP:
+ return sm->mgmt_group_cipher;
+#endif /* CONFIG_IEEE80211W */
+ default:
+ return 0;
+ }
+}
+
+
+/**
+ * wpa_sm_get_status - Get WPA state machine
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @buf: Buffer for status information
+ * @buflen: Maximum buffer length
+ * @verbose: Whether to include verbose status information
+ * Returns: Number of bytes written to buf.
+ *
+ * Query WPA state machine for status information. This function fills in
+ * a text area with current status information. If the buffer (buf) is not
+ * large enough, status information will be truncated to fit the buffer.
+ */
+int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
+ int verbose)
+{
+ char *pos = buf, *end = buf + buflen;
+ int ret;
+
+ ret = os_snprintf(pos, end - pos,
+ "pairwise_cipher=%s\n"
+ "group_cipher=%s\n"
+ "key_mgmt=%s\n",
+ wpa_cipher_txt(sm->pairwise_cipher),
+ wpa_cipher_txt(sm->group_cipher),
+ wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ return pos - buf;
+}
+
+
+/**
+ * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @wpa_ie: Pointer to buffer for WPA/RSN IE
+ * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
+ size_t *wpa_ie_len)
+{
+ int res;
+
+ if (sm == NULL)
+ return -1;
+
+ res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
+ if (res < 0)
+ return -1;
+ *wpa_ie_len = res;
+
+ wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
+ wpa_ie, *wpa_ie_len);
+
+ if (sm->assoc_wpa_ie == NULL) {
+ /*
+ * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
+ * the correct version of the IE even if PMKSA caching is
+ * aborted (which would remove PMKID from IE generation).
+ */
+ sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
+ if (sm->assoc_wpa_ie == NULL)
+ return -1;
+
+ os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
+ sm->assoc_wpa_ie_len = *wpa_ie_len;
+ }
+
+ return 0;
+}
+
+
+/**
+ * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @ie: Pointer to IE data (starting from id)
+ * @len: IE length
+ * Returns: 0 on success, -1 on failure
+ *
+ * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
+ * Request frame. The IE will be used to override the default value generated
+ * with wpa_sm_set_assoc_wpa_ie_default().
+ */
+int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
+{
+ if (sm == NULL)
+ return -1;
+
+ os_free(sm->assoc_wpa_ie);
+ if (ie == NULL || len == 0) {
+ wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
+ sm->assoc_wpa_ie = NULL;
+ sm->assoc_wpa_ie_len = 0;
+ } else {
+ wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
+ sm->assoc_wpa_ie = os_malloc(len);
+ if (sm->assoc_wpa_ie == NULL)
+ return -1;
+
+ os_memcpy(sm->assoc_wpa_ie, ie, len);
+ sm->assoc_wpa_ie_len = len;
+ }
+
+ return 0;
+}
+
+
+/**
+ * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @ie: Pointer to IE data (starting from id)
+ * @len: IE length
+ * Returns: 0 on success, -1 on failure
+ *
+ * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
+ * frame.
+ */
+int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
+{
+ if (sm == NULL)
+ return -1;
+
+ os_free(sm->ap_wpa_ie);
+ if (ie == NULL || len == 0) {
+ wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE");
+ sm->ap_wpa_ie = NULL;
+ sm->ap_wpa_ie_len = 0;
+ } else {
+ wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
+ sm->ap_wpa_ie = os_malloc(len);
+ if (sm->ap_wpa_ie == NULL)
+ return -1;
+
+ os_memcpy(sm->ap_wpa_ie, ie, len);
+ sm->ap_wpa_ie_len = len;
+ }
+
+ return 0;
+}
+
+
+/**
+ * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @ie: Pointer to IE data (starting from id)
+ * @len: IE length
+ * Returns: 0 on success, -1 on failure
+ *
+ * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
+ * frame.
+ */
+int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
+{
+ if (sm == NULL)
+ return -1;
+
+ os_free(sm->ap_rsn_ie);
+ if (ie == NULL || len == 0) {
+ wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE");
+ sm->ap_rsn_ie = NULL;
+ sm->ap_rsn_ie_len = 0;
+ } else {
+ wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
+ sm->ap_rsn_ie = os_malloc(len);
+ if (sm->ap_rsn_ie == NULL)
+ return -1;
+
+ os_memcpy(sm->ap_rsn_ie, ie, len);
+ sm->ap_rsn_ie_len = len;
+ }
+
+ return 0;
+}
+
+
+/**
+ * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
+ * @sm: Pointer to WPA state machine data from wpa_sm_init()
+ * @data: Pointer to data area for parsing results
+ * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
+ *
+ * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
+ * parsed data into data.
+ */
+int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
+{
+ if (sm == NULL || sm->assoc_wpa_ie == NULL) {
+ wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from "
+ "association info");
+ return -1;
+ }
+ if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
+ return -2;
+ return 0;
+}
--- /dev/null
+/*
+ * wpa_supplicant - WPA definitions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_H
+#define WPA_H
+
+#include "defs.h"
+#include "wpa_common.h"
+
+#ifndef BIT
+#define BIT(n) (1 << (n))
+#endif
+
+#define WPA_CAPABILITY_PREAUTH BIT(0)
+#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(6)
+#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
+
+#define GENERIC_INFO_ELEM 0xdd
+#define RSN_INFO_ELEM 0x30
+
+enum {
+ REASON_UNSPECIFIED = 1,
+ REASON_DEAUTH_LEAVING = 3,
+ REASON_INVALID_IE = 13,
+ REASON_MICHAEL_MIC_FAILURE = 14,
+ REASON_4WAY_HANDSHAKE_TIMEOUT = 15,
+ REASON_GROUP_KEY_UPDATE_TIMEOUT = 16,
+ REASON_IE_IN_4WAY_DIFFERS = 17,
+ REASON_GROUP_CIPHER_NOT_VALID = 18,
+ REASON_PAIRWISE_CIPHER_NOT_VALID = 19,
+ REASON_AKMP_NOT_VALID = 20,
+ REASON_UNSUPPORTED_RSN_IE_VERSION = 21,
+ REASON_INVALID_RSN_IE_CAPAB = 22,
+ REASON_IEEE_802_1X_AUTH_FAILED = 23,
+ REASON_CIPHER_SUITE_REJECTED = 24
+};
+
+#define PMKID_LEN 16
+
+
+struct wpa_sm;
+struct wpa_ssid;
+struct eapol_sm;
+struct wpa_config_blob;
+
+struct wpa_sm_ctx {
+ void *ctx; /* pointer to arbitrary upper level context */
+
+ void (*set_state)(void *ctx, wpa_states state);
+ wpa_states (*get_state)(void *ctx);
+ void (*req_scan)(void *ctx, int sec, int usec);
+ void (*deauthenticate)(void * ctx, int reason_code);
+ void (*disassociate)(void *ctx, int reason_code);
+ int (*set_key)(void *ctx, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len);
+ void (*scan)(void *eloop_ctx, void *timeout_ctx);
+ struct wpa_ssid * (*get_ssid)(void *ctx);
+ int (*get_bssid)(void *ctx, u8 *bssid);
+ int (*ether_send)(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
+ size_t len);
+ int (*get_beacon_ie)(void *ctx);
+ void (*cancel_auth_timeout)(void *ctx);
+ u8 * (*alloc_eapol)(void *ctx, u8 type, const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos);
+ int (*add_pmkid)(void *ctx, const u8 *bssid, const u8 *pmkid);
+ int (*remove_pmkid)(void *ctx, const u8 *bssid, const u8 *pmkid);
+ void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
+ const struct wpa_config_blob * (*get_config_blob)(void *ctx,
+ const char *name);
+ int (*mlme_setprotection)(void *ctx, const u8 *addr,
+ int protection_type, int key_type);
+};
+
+
+enum wpa_sm_conf_params {
+ RSNA_PMK_LIFETIME /* dot11RSNAConfigPMKLifetime */,
+ RSNA_PMK_REAUTH_THRESHOLD /* dot11RSNAConfigPMKReauthThreshold */,
+ RSNA_SA_TIMEOUT /* dot11RSNAConfigSATimeout */,
+ WPA_PARAM_PROTO,
+ WPA_PARAM_PAIRWISE,
+ WPA_PARAM_GROUP,
+ WPA_PARAM_KEY_MGMT,
+ WPA_PARAM_MGMT_GROUP
+};
+
+struct wpa_ie_data {
+ int proto;
+ int pairwise_cipher;
+ int group_cipher;
+ int key_mgmt;
+ int capabilities;
+ int num_pmkid;
+ const u8 *pmkid;
+ int mgmt_group_cipher;
+};
+
+#ifndef CONFIG_NO_WPA
+
+struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx);
+void wpa_sm_deinit(struct wpa_sm *sm);
+void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid);
+void wpa_sm_notify_disassoc(struct wpa_sm *sm);
+void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len);
+void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm);
+void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth);
+void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx);
+void wpa_sm_set_config(struct wpa_sm *sm, struct wpa_ssid *config);
+void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr);
+void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
+ const char *bridge_ifname);
+void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol);
+int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len);
+int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
+ size_t *wpa_ie_len);
+int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len);
+int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len);
+int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen);
+
+int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
+ unsigned int value);
+unsigned int wpa_sm_get_param(struct wpa_sm *sm,
+ enum wpa_sm_conf_params param);
+
+int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
+ int verbose);
+
+void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise);
+
+int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer);
+
+int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
+ struct wpa_ie_data *data);
+
+void wpa_sm_aborted_cached(struct wpa_sm *sm);
+int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len);
+int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data);
+
+#else /* CONFIG_NO_WPA */
+
+static inline struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
+{
+ return (struct wpa_sm *) 1;
+}
+
+static inline void wpa_sm_deinit(struct wpa_sm *sm)
+{
+}
+
+static inline void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+{
+}
+
+static inline void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+{
+}
+
+static inline void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk,
+ size_t pmk_len)
+{
+}
+
+static inline void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
+{
+}
+
+static inline void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
+{
+}
+
+static inline void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
+{
+}
+
+static inline void wpa_sm_set_config(struct wpa_sm *sm,
+ struct wpa_ssid *config)
+{
+}
+
+static inline void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
+{
+}
+
+static inline void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
+ const char *bridge_ifname)
+{
+}
+
+static inline void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
+{
+}
+
+static inline int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie,
+ size_t len)
+{
+ return -1;
+}
+
+static inline int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm,
+ u8 *wpa_ie,
+ size_t *wpa_ie_len)
+{
+ return -1;
+}
+
+static inline int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie,
+ size_t len)
+{
+ return -1;
+}
+
+static inline int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie,
+ size_t len)
+{
+ return -1;
+}
+
+static inline int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
+{
+ return 0;
+}
+
+static inline int wpa_sm_set_param(struct wpa_sm *sm,
+ enum wpa_sm_conf_params param,
+ unsigned int value)
+{
+ return -1;
+}
+
+static inline unsigned int wpa_sm_get_param(struct wpa_sm *sm,
+ enum wpa_sm_conf_params param)
+{
+ return 0;
+}
+
+static inline int wpa_sm_get_status(struct wpa_sm *sm, char *buf,
+ size_t buflen, int verbose)
+{
+ return 0;
+}
+
+static inline void wpa_sm_key_request(struct wpa_sm *sm, int error,
+ int pairwise)
+{
+}
+
+static inline int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
+{
+ return -1;
+}
+
+static inline int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
+ struct wpa_ie_data *data)
+{
+ return -1;
+}
+
+static inline void wpa_sm_aborted_cached(struct wpa_sm *sm)
+{
+}
+
+static inline int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ return -1;
+}
+
+static inline int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm,
+ struct wpa_ie_data *data)
+{
+ return -1;
+}
+
+#endif /* CONFIG_NO_WPA */
+
+#endif /* WPA_H */
--- /dev/null
+/*
+ * WPA Supplicant - command line interface for wpa_supplicant daemon
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifdef CONFIG_CTRL_IFACE
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+#include <dirent.h>
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+#ifdef CONFIG_READLINE
+#include <readline/readline.h>
+#include <readline/history.h>
+#endif /* CONFIG_READLINE */
+
+#include "wpa_ctrl.h"
+#include "common.h"
+#include "version.h"
+
+
+static const char *wpa_cli_version =
+"wpa_cli v" VERSION_STR "\n"
+"Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> and contributors";
+
+
+static const char *wpa_cli_license =
+"This program is free software. You can distribute it and/or modify it\n"
+"under the terms of the GNU General Public License version 2.\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license. See README and COPYING for more details.\n";
+
+static const char *wpa_cli_full_license =
+"This program is free software; you can redistribute it and/or modify\n"
+"it under the terms of the GNU General Public License version 2 as\n"
+"published by the Free Software Foundation.\n"
+"\n"
+"This program is distributed in the hope that it will be useful,\n"
+"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
+"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
+"GNU General Public License for more details.\n"
+"\n"
+"You should have received a copy of the GNU General Public License\n"
+"along with this program; if not, write to the Free Software\n"
+"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license.\n"
+"\n"
+"Redistribution and use in source and binary forms, with or without\n"
+"modification, are permitted provided that the following conditions are\n"
+"met:\n"
+"\n"
+"1. Redistributions of source code must retain the above copyright\n"
+" notice, this list of conditions and the following disclaimer.\n"
+"\n"
+"2. Redistributions in binary form must reproduce the above copyright\n"
+" notice, this list of conditions and the following disclaimer in the\n"
+" documentation and/or other materials provided with the distribution.\n"
+"\n"
+"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
+" names of its contributors may be used to endorse or promote products\n"
+" derived from this software without specific prior written permission.\n"
+"\n"
+"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
+"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
+"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
+"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"
+"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
+"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
+"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
+"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
+"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
+"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
+"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+"\n";
+
+static const char *commands_help =
+"commands:\n"
+" status [verbose] = get current WPA/EAPOL/EAP status\n"
+" mib = get MIB variables (dot1x, dot11)\n"
+" help = show this usage help\n"
+" interface [ifname] = show interfaces/select interface\n"
+" level <debug level> = change debug level\n"
+" license = show full wpa_cli license\n"
+" logoff = IEEE 802.1X EAPOL state machine logoff\n"
+" logon = IEEE 802.1X EAPOL state machine logon\n"
+" set = set variables (shows list of variables when run without arguments)\n"
+" pmksa = show PMKSA cache\n"
+" reassociate = force reassociation\n"
+" reconfigure = force wpa_supplicant to re-read its configuration file\n"
+" preauthenticate <BSSID> = force preauthentication\n"
+" identity <network id> <identity> = configure identity for an SSID\n"
+" password <network id> <password> = configure password for an SSID\n"
+" new_password <network id> <password> = change password for an SSID\n"
+" pin <network id> <pin> = configure pin for an SSID\n"
+" otp <network id> <password> = configure one-time-password for an SSID\n"
+" passphrase <network id> <passphrase> = configure private key passphrase\n"
+" for an SSID\n"
+" bssid <network id> <BSSID> = set preferred BSSID for an SSID\n"
+" list_networks = list configured networks\n"
+" select_network <network id> = select a network (disable others)\n"
+" enable_network <network id> = enable a network\n"
+" disable_network <network id> = disable a network\n"
+" add_network = add a network\n"
+" remove_network <network id> = remove a network\n"
+" set_network <network id> <variable> <value> = set network variables "
+"(shows\n"
+" list of variables when run without arguments)\n"
+" get_network <network id> <variable> = get network variables\n"
+" save_config = save the current configuration\n"
+" disconnect = disconnect and wait for reassociate/reconnect command before\n "
+" connecting\n"
+" reconnect = like reassociate, but only takes effect if already "
+"disconnected\n"
+" scan = request new BSS scan\n"
+" scan_results = get latest scan results\n"
+" get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = "
+"get capabilies\n"
+" ap_scan <value> = set ap_scan parameter\n"
+" stkstart <addr> = request STK negotiation with <addr>\n"
+" terminate = terminate wpa_supplicant\n"
+" quit = exit wpa_cli\n";
+
+static struct wpa_ctrl *ctrl_conn;
+static int wpa_cli_quit = 0;
+static int wpa_cli_attached = 0;
+static int wpa_cli_connected = 0;
+static int wpa_cli_last_id = 0;
+static const char *ctrl_iface_dir = "/var/run/wpa_supplicant";
+static char *ctrl_ifname = NULL;
+static const char *pid_file = NULL;
+static const char *action_file = NULL;
+
+
+static void usage(void)
+{
+ printf("wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] "
+ "[-a<action file>] \\\n"
+ " [-P<pid file>] [-g<global ctrl>] [command..]\n"
+ " -h = help (show this usage text)\n"
+ " -v = shown version information\n"
+ " -a = run in daemon mode executing the action file based on "
+ "events from\n"
+ " wpa_supplicant\n"
+ " -B = run a daemon in the background\n"
+ " default path: /var/run/wpa_supplicant\n"
+ " default interface: first interface found in socket path\n"
+ "%s",
+ commands_help);
+}
+
+
+static struct wpa_ctrl * wpa_cli_open_connection(const char *ifname)
+{
+#if defined(CONFIG_CTRL_IFACE_UDP) || defined(CONFIG_CTRL_IFACE_NAMED_PIPE)
+ ctrl_conn = wpa_ctrl_open(ifname);
+ return ctrl_conn;
+#else /* CONFIG_CTRL_IFACE_UDP || CONFIG_CTRL_IFACE_NAMED_PIPE */
+ char *cfile;
+ int flen;
+
+ if (ifname == NULL)
+ return NULL;
+
+ flen = os_strlen(ctrl_iface_dir) + os_strlen(ifname) + 2;
+ cfile = os_malloc(flen);
+ if (cfile == NULL)
+ return NULL;
+ os_snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ifname);
+
+ ctrl_conn = wpa_ctrl_open(cfile);
+ os_free(cfile);
+ return ctrl_conn;
+#endif /* CONFIG_CTRL_IFACE_UDP || CONFIG_CTRL_IFACE_NAMED_PIPE */
+}
+
+
+static void wpa_cli_close_connection(void)
+{
+ if (ctrl_conn == NULL)
+ return;
+
+ if (wpa_cli_attached) {
+ wpa_ctrl_detach(ctrl_conn);
+ wpa_cli_attached = 0;
+ }
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+}
+
+
+static void wpa_cli_msg_cb(char *msg, size_t len)
+{
+ printf("%s\n", msg);
+}
+
+
+static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd, int print)
+{
+ char buf[2048];
+ size_t len;
+ int ret;
+
+ if (ctrl_conn == NULL) {
+ printf("Not connected to wpa_supplicant - command dropped.\n");
+ return -1;
+ }
+ len = sizeof(buf) - 1;
+ ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len,
+ wpa_cli_msg_cb);
+ if (ret == -2) {
+ printf("'%s' command timed out.\n", cmd);
+ return -2;
+ } else if (ret < 0) {
+ printf("'%s' command failed.\n", cmd);
+ return -1;
+ }
+ if (print) {
+ buf[len] = '\0';
+ printf("%s", buf);
+ }
+ return 0;
+}
+
+
+static int wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd)
+{
+ return _wpa_ctrl_command(ctrl, cmd, 1);
+}
+
+
+static int wpa_cli_cmd_status(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ int verbose = argc > 0 && os_strcmp(argv[0], "verbose") == 0;
+ return wpa_ctrl_command(ctrl, verbose ? "STATUS-VERBOSE" : "STATUS");
+}
+
+
+static int wpa_cli_cmd_ping(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "PING");
+}
+
+
+static int wpa_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "MIB");
+}
+
+
+static int wpa_cli_cmd_pmksa(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "PMKSA");
+}
+
+
+static int wpa_cli_cmd_help(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ printf("%s", commands_help);
+ return 0;
+}
+
+
+static int wpa_cli_cmd_license(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ printf("%s\n\n%s\n", wpa_cli_version, wpa_cli_full_license);
+ return 0;
+}
+
+
+static int wpa_cli_cmd_quit(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ wpa_cli_quit = 1;
+ return 0;
+}
+
+
+static void wpa_cli_show_variables(void)
+{
+ printf("set variables:\n"
+ " EAPOL::heldPeriod (EAPOL state machine held period, "
+ "in seconds)\n"
+ " EAPOL::authPeriod (EAPOL state machine authentication "
+ "period, in seconds)\n"
+ " EAPOL::startPeriod (EAPOL state machine start period, in "
+ "seconds)\n"
+ " EAPOL::maxStart (EAPOL state machine maximum start "
+ "attempts)\n");
+ printf(" dot11RSNAConfigPMKLifetime (WPA/WPA2 PMK lifetime in "
+ "seconds)\n"
+ " dot11RSNAConfigPMKReauthThreshold (WPA/WPA2 reauthentication"
+ " threshold\n\tpercentage)\n"
+ " dot11RSNAConfigSATimeout (WPA/WPA2 timeout for completing "
+ "security\n\tassociation in seconds)\n");
+}
+
+
+static int wpa_cli_cmd_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc == 0) {
+ wpa_cli_show_variables();
+ return 0;
+ }
+
+ if (argc != 2) {
+ printf("Invalid SET command: needs two arguments (variable "
+ "name and value)\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "SET %s %s", argv[0], argv[1]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long SET command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_logoff(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "LOGOFF");
+}
+
+
+static int wpa_cli_cmd_logon(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "LOGON");
+}
+
+
+static int wpa_cli_cmd_reassociate(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "REASSOCIATE");
+}
+
+
+static int wpa_cli_cmd_preauthenticate(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid PREAUTH command: needs one argument "
+ "(BSSID)\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "PREAUTH %s", argv[0]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long PREAUTH command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_ap_scan(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid AP_SCAN command: needs one argument (ap_scan "
+ "value)\n");
+ return -1;
+ }
+ res = os_snprintf(cmd, sizeof(cmd), "AP_SCAN %s", argv[0]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long AP_SCAN command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_stkstart(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid STKSTART command: needs one argument "
+ "(Peer STA MAC address)\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "STKSTART %s", argv[0]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long STKSTART command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_level(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid LEVEL command: needs one argument (debug "
+ "level)\n");
+ return -1;
+ }
+ res = os_snprintf(cmd, sizeof(cmd), "LEVEL %s", argv[0]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long LEVEL command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_identity(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid IDENTITY command: needs two arguments "
+ "(network id and identity)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "IDENTITY-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long IDENTITY command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long IDENTITY command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_password(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid PASSWORD command: needs two arguments "
+ "(network id and password)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PASSWORD-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PASSWORD command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PASSWORD command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_new_password(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid NEW_PASSWORD command: needs two arguments "
+ "(network id and password)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "NEW_PASSWORD-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long NEW_PASSWORD command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long NEW_PASSWORD command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_pin(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid PIN command: needs two arguments "
+ "(network id and pin)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PIN-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PIN command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PIN command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_otp(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid OTP command: needs two arguments (network "
+ "id and password)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "OTP-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long OTP command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long OTP command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_passphrase(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid PASSPHRASE command: needs two arguments "
+ "(network id and passphrase)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PASSPHRASE-%s:%s",
+ argv[0], argv[1]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PASSPHRASE command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 2; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long PASSPHRASE command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_bssid(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256], *pos, *end;
+ int i, ret;
+
+ if (argc < 2) {
+ printf("Invalid BSSID command: needs two arguments (network "
+ "id and BSSID)\n");
+ return -1;
+ }
+
+ end = cmd + sizeof(cmd);
+ pos = cmd;
+ ret = os_snprintf(pos, end - pos, "BSSID");
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long BSSID command.\n");
+ return -1;
+ }
+ pos += ret;
+ for (i = 0; i < argc; i++) {
+ ret = os_snprintf(pos, end - pos, " %s", argv[i]);
+ if (ret < 0 || ret >= end - pos) {
+ printf("Too long BSSID command.\n");
+ return -1;
+ }
+ pos += ret;
+ }
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_list_networks(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "LIST_NETWORKS");
+}
+
+
+static int wpa_cli_cmd_select_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[32];
+
+ if (argc < 1) {
+ printf("Invalid SELECT_NETWORK command: needs one argument "
+ "(network id)\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "SELECT_NETWORK %s", argv[0]);
+ cmd[sizeof(cmd) - 1] = '\0';
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_enable_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[32];
+
+ if (argc < 1) {
+ printf("Invalid ENABLE_NETWORK command: needs one argument "
+ "(network id)\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "ENABLE_NETWORK %s", argv[0]);
+ cmd[sizeof(cmd) - 1] = '\0';
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_disable_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[32];
+
+ if (argc < 1) {
+ printf("Invalid DISABLE_NETWORK command: needs one argument "
+ "(network id)\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "DISABLE_NETWORK %s", argv[0]);
+ cmd[sizeof(cmd) - 1] = '\0';
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_add_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "ADD_NETWORK");
+}
+
+
+static int wpa_cli_cmd_remove_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[32];
+
+ if (argc < 1) {
+ printf("Invalid REMOVE_NETWORK command: needs one argument "
+ "(network id)\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "REMOVE_NETWORK %s", argv[0]);
+ cmd[sizeof(cmd) - 1] = '\0';
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static void wpa_cli_show_network_variables(void)
+{
+ printf("set_network variables:\n"
+ " ssid (network name, SSID)\n"
+ " psk (WPA passphrase or pre-shared key)\n"
+ " key_mgmt (key management protocol)\n"
+ " identity (EAP identity)\n"
+ " password (EAP password)\n"
+ " ...\n"
+ "\n"
+ "Note: Values are entered in the same format as the "
+ "configuration file is using,\n"
+ "i.e., strings values need to be inside double quotation "
+ "marks.\n"
+ "For example: set_network 1 ssid \"network name\"\n"
+ "\n"
+ "Please see wpa_supplicant.conf documentation for full list "
+ "of\navailable variables.\n");
+}
+
+
+static int wpa_cli_cmd_set_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc == 0) {
+ wpa_cli_show_network_variables();
+ return 0;
+ }
+
+ if (argc != 3) {
+ printf("Invalid SET_NETWORK command: needs three arguments\n"
+ "(network id, variable name, and value)\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "SET_NETWORK %s %s %s",
+ argv[0], argv[1], argv[2]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long SET_NETWORK command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_get_network(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc == 0) {
+ wpa_cli_show_network_variables();
+ return 0;
+ }
+
+ if (argc != 2) {
+ printf("Invalid GET_NETWORK command: needs two arguments\n"
+ "(network id and variable name)\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "GET_NETWORK %s %s",
+ argv[0], argv[1]);
+ if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ printf("Too long GET_NETWORK command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_disconnect(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "DISCONNECT");
+}
+
+
+static int wpa_cli_cmd_reconnect(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "RECONNECT");
+}
+
+
+static int wpa_cli_cmd_save_config(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "SAVE_CONFIG");
+}
+
+
+static int wpa_cli_cmd_scan(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "SCAN");
+}
+
+
+static int wpa_cli_cmd_scan_results(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "SCAN_RESULTS");
+}
+
+
+static int wpa_cli_cmd_get_capability(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[64];
+
+ if (argc < 1 || argc > 2) {
+ printf("Invalid GET_CAPABILITY command: need either one or "
+ "two arguments\n");
+ return -1;
+ }
+
+ if ((argc == 2) && os_strcmp(argv[1], "strict") != 0) {
+ printf("Invalid GET_CAPABILITY command: second argument, "
+ "if any, must be 'strict'\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "GET_CAPABILITY %s%s", argv[0],
+ (argc == 2) ? " strict" : "");
+ cmd[sizeof(cmd) - 1] = '\0';
+
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_list_interfaces(struct wpa_ctrl *ctrl)
+{
+ printf("Available interfaces:\n");
+ return wpa_ctrl_command(ctrl, "INTERFACES");
+}
+
+
+static int wpa_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ if (argc < 1) {
+ wpa_cli_list_interfaces(ctrl);
+ return 0;
+ }
+
+ wpa_cli_close_connection();
+ os_free(ctrl_ifname);
+ ctrl_ifname = os_strdup(argv[0]);
+
+ if (wpa_cli_open_connection(ctrl_ifname)) {
+ printf("Connected to interface '%s.\n", ctrl_ifname);
+ if (wpa_ctrl_attach(ctrl_conn) == 0) {
+ wpa_cli_attached = 1;
+ } else {
+ printf("Warning: Failed to attach to "
+ "wpa_supplicant.\n");
+ }
+ } else {
+ printf("Could not connect to interface '%s' - re-trying\n",
+ ctrl_ifname);
+ }
+ return 0;
+}
+
+
+static int wpa_cli_cmd_reconfigure(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "RECONFIGURE");
+}
+
+
+static int wpa_cli_cmd_terminate(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "TERMINATE");
+}
+
+
+static int wpa_cli_cmd_interface_add(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[256];
+
+ if (argc < 1) {
+ printf("Invalid INTERFACE_ADD command: needs at least one "
+ "argument (interface name)\n"
+ "All arguments: ifname confname driver ctrl_interface "
+ "driver_param bridge_name\n");
+ return -1;
+ }
+
+ /*
+ * INTERFACE_ADD <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB
+ * <driver_param>TAB<bridge_name>
+ */
+ os_snprintf(cmd, sizeof(cmd), "INTERFACE_ADD %s\t%s\t%s\t%s\t%s\t%s",
+ argv[0],
+ argc > 1 ? argv[1] : "", argc > 2 ? argv[2] : "",
+ argc > 3 ? argv[3] : "", argc > 4 ? argv[4] : "",
+ argc > 5 ? argv[5] : "");
+ cmd[sizeof(cmd) - 1] = '\0';
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int wpa_cli_cmd_interface_remove(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char cmd[128];
+
+ if (argc != 1) {
+ printf("Invalid INTERFACE_REMOVE command: needs one argument "
+ "(interface name)\n");
+ return -1;
+ }
+
+ os_snprintf(cmd, sizeof(cmd), "INTERFACE_REMOVE %s", argv[0]);
+ cmd[sizeof(cmd) - 1] = '\0';
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+struct wpa_cli_cmd {
+ const char *cmd;
+ int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
+};
+
+static struct wpa_cli_cmd wpa_cli_commands[] = {
+ { "status", wpa_cli_cmd_status },
+ { "ping", wpa_cli_cmd_ping },
+ { "mib", wpa_cli_cmd_mib },
+ { "help", wpa_cli_cmd_help },
+ { "interface", wpa_cli_cmd_interface },
+ { "level", wpa_cli_cmd_level },
+ { "license", wpa_cli_cmd_license },
+ { "quit", wpa_cli_cmd_quit },
+ { "set", wpa_cli_cmd_set },
+ { "logon", wpa_cli_cmd_logon },
+ { "logoff", wpa_cli_cmd_logoff },
+ { "pmksa", wpa_cli_cmd_pmksa },
+ { "reassociate", wpa_cli_cmd_reassociate },
+ { "preauthenticate", wpa_cli_cmd_preauthenticate },
+ { "identity", wpa_cli_cmd_identity },
+ { "password", wpa_cli_cmd_password },
+ { "new_password", wpa_cli_cmd_new_password },
+ { "pin", wpa_cli_cmd_pin },
+ { "otp", wpa_cli_cmd_otp },
+ { "passphrase", wpa_cli_cmd_passphrase },
+ { "bssid", wpa_cli_cmd_bssid },
+ { "list_networks", wpa_cli_cmd_list_networks },
+ { "select_network", wpa_cli_cmd_select_network },
+ { "enable_network", wpa_cli_cmd_enable_network },
+ { "disable_network", wpa_cli_cmd_disable_network },
+ { "add_network", wpa_cli_cmd_add_network },
+ { "remove_network", wpa_cli_cmd_remove_network },
+ { "set_network", wpa_cli_cmd_set_network },
+ { "get_network", wpa_cli_cmd_get_network },
+ { "save_config", wpa_cli_cmd_save_config },
+ { "disconnect", wpa_cli_cmd_disconnect },
+ { "reconnect", wpa_cli_cmd_reconnect },
+ { "scan", wpa_cli_cmd_scan },
+ { "scan_results", wpa_cli_cmd_scan_results },
+ { "get_capability", wpa_cli_cmd_get_capability },
+ { "reconfigure", wpa_cli_cmd_reconfigure },
+ { "terminate", wpa_cli_cmd_terminate },
+ { "interface_add", wpa_cli_cmd_interface_add },
+ { "interface_remove", wpa_cli_cmd_interface_remove },
+ { "ap_scan", wpa_cli_cmd_ap_scan },
+ { "stkstart", wpa_cli_cmd_stkstart },
+ { NULL, NULL }
+};
+
+
+static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ struct wpa_cli_cmd *cmd, *match = NULL;
+ int count;
+ int ret = 0;
+
+ count = 0;
+ cmd = wpa_cli_commands;
+ while (cmd->cmd) {
+ if (os_strncasecmp(cmd->cmd, argv[0], os_strlen(argv[0])) == 0)
+ {
+ match = cmd;
+ if (os_strcasecmp(cmd->cmd, argv[0]) == 0) {
+ /* we have an exact match */
+ count = 1;
+ break;
+ }
+ count++;
+ }
+ cmd++;
+ }
+
+ if (count > 1) {
+ printf("Ambiguous command '%s'; possible commands:", argv[0]);
+ cmd = wpa_cli_commands;
+ while (cmd->cmd) {
+ if (os_strncasecmp(cmd->cmd, argv[0],
+ os_strlen(argv[0])) == 0) {
+ printf(" %s", cmd->cmd);
+ }
+ cmd++;
+ }
+ printf("\n");
+ ret = 1;
+ } else if (count == 0) {
+ printf("Unknown command '%s'\n", argv[0]);
+ ret = 1;
+ } else {
+ ret = match->handler(ctrl, argc - 1, &argv[1]);
+ }
+
+ return ret;
+}
+
+
+static int str_match(const char *a, const char *b)
+{
+ return os_strncmp(a, b, os_strlen(b)) == 0;
+}
+
+
+static int wpa_cli_exec(const char *program, const char *arg1,
+ const char *arg2)
+{
+ char *cmd;
+ size_t len;
+
+ len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+ cmd = os_malloc(len);
+ if (cmd == NULL)
+ return -1;
+ os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+ cmd[len - 1] = '\0';
+#ifndef _WIN32_WCE
+ system(cmd);
+#endif /* _WIN32_WCE */
+ os_free(cmd);
+
+ return 0;
+}
+
+
+static void wpa_cli_action_process(const char *msg)
+{
+ const char *pos;
+ char *copy = NULL, *id, *pos2;
+
+ pos = msg;
+ if (*pos == '<') {
+ /* skip priority */
+ pos = os_strchr(pos, '>');
+ if (pos)
+ pos++;
+ else
+ pos = msg;
+ }
+
+ if (str_match(pos, WPA_EVENT_CONNECTED)) {
+ int new_id = -1;
+ os_unsetenv("WPA_ID");
+ os_unsetenv("WPA_ID_STR");
+ os_unsetenv("WPA_CTRL_DIR");
+
+ pos = os_strstr(pos, "[id=");
+ if (pos)
+ copy = os_strdup(pos + 4);
+
+ if (copy) {
+ pos2 = id = copy;
+ while (*pos2 && *pos2 != ' ')
+ pos2++;
+ *pos2++ = '\0';
+ new_id = atoi(id);
+ os_setenv("WPA_ID", id, 1);
+ while (*pos2 && *pos2 != '=')
+ pos2++;
+ if (*pos2 == '=')
+ pos2++;
+ id = pos2;
+ while (*pos2 && *pos2 != ']')
+ pos2++;
+ *pos2 = '\0';
+ os_setenv("WPA_ID_STR", id, 1);
+ os_free(copy);
+ }
+
+ os_setenv("WPA_CTRL_DIR", ctrl_iface_dir, 1);
+
+ if (!wpa_cli_connected || new_id != wpa_cli_last_id) {
+ wpa_cli_connected = 1;
+ wpa_cli_last_id = new_id;
+ wpa_cli_exec(action_file, ctrl_ifname, "CONNECTED");
+ }
+ } else if (str_match(pos, WPA_EVENT_DISCONNECTED)) {
+ if (wpa_cli_connected) {
+ wpa_cli_connected = 0;
+ wpa_cli_exec(action_file, ctrl_ifname, "DISCONNECTED");
+ }
+ } else if (str_match(pos, WPA_EVENT_TERMINATING)) {
+ printf("wpa_supplicant is terminating - stop monitoring\n");
+ wpa_cli_quit = 1;
+ }
+}
+
+
+#ifndef CONFIG_ANSI_C_EXTRA
+static void wpa_cli_action_cb(char *msg, size_t len)
+{
+ wpa_cli_action_process(msg);
+}
+#endif /* CONFIG_ANSI_C_EXTRA */
+
+
+static void wpa_cli_reconnect(void)
+{
+ wpa_cli_close_connection();
+ ctrl_conn = wpa_cli_open_connection(ctrl_ifname);
+ if (ctrl_conn) {
+ printf("Connection to wpa_supplicant re-established\n");
+ if (wpa_ctrl_attach(ctrl_conn) == 0) {
+ wpa_cli_attached = 1;
+ } else {
+ printf("Warning: Failed to attach to "
+ "wpa_supplicant.\n");
+ }
+ }
+}
+
+
+static void wpa_cli_recv_pending(struct wpa_ctrl *ctrl, int in_read,
+ int action_monitor)
+{
+ int first = 1;
+ if (ctrl_conn == NULL) {
+ wpa_cli_reconnect();
+ return;
+ }
+ while (wpa_ctrl_pending(ctrl) > 0) {
+ char buf[256];
+ size_t len = sizeof(buf) - 1;
+ if (wpa_ctrl_recv(ctrl, buf, &len) == 0) {
+ buf[len] = '\0';
+ if (action_monitor)
+ wpa_cli_action_process(buf);
+ else {
+ if (in_read && first)
+ printf("\n");
+ first = 0;
+ printf("%s\n", buf);
+ }
+ } else {
+ printf("Could not read pending message.\n");
+ break;
+ }
+ }
+
+ if (wpa_ctrl_pending(ctrl) < 0) {
+ printf("Connection to wpa_supplicant lost - trying to "
+ "reconnect\n");
+ wpa_cli_reconnect();
+ }
+}
+
+
+#ifdef CONFIG_READLINE
+static char * wpa_cli_cmd_gen(const char *text, int state)
+{
+ static int i, len;
+ const char *cmd;
+
+ if (state == 0) {
+ i = 0;
+ len = os_strlen(text);
+ }
+
+ while ((cmd = wpa_cli_commands[i].cmd)) {
+ i++;
+ if (os_strncasecmp(cmd, text, len) == 0)
+ return os_strdup(cmd);
+ }
+
+ return NULL;
+}
+
+
+static char * wpa_cli_dummy_gen(const char *text, int state)
+{
+ return NULL;
+}
+
+
+static char ** wpa_cli_completion(const char *text, int start, int end)
+{
+ return rl_completion_matches(text, start == 0 ?
+ wpa_cli_cmd_gen : wpa_cli_dummy_gen);
+}
+#endif /* CONFIG_READLINE */
+
+
+static void wpa_cli_interactive(void)
+{
+#define max_args 10
+ char cmdbuf[256], *cmd, *argv[max_args], *pos;
+ int argc;
+#ifdef CONFIG_READLINE
+ char *home, *hfile = NULL;
+#endif /* CONFIG_READLINE */
+
+ printf("\nInteractive mode\n\n");
+
+#ifdef CONFIG_READLINE
+ rl_attempted_completion_function = wpa_cli_completion;
+ home = getenv("HOME");
+ if (home) {
+ const char *fname = ".wpa_cli_history";
+ int hfile_len = os_strlen(home) + 1 + os_strlen(fname) + 1;
+ hfile = os_malloc(hfile_len);
+ if (hfile) {
+ os_snprintf(hfile, hfile_len, "%s/%s", home, fname);
+ hfile[hfile_len - 1] = '\0';
+ read_history(hfile);
+ stifle_history(100);
+ }
+ }
+#endif /* CONFIG_READLINE */
+
+ do {
+ wpa_cli_recv_pending(ctrl_conn, 0, 0);
+#ifndef CONFIG_NATIVE_WINDOWS
+ alarm(1);
+#endif /* CONFIG_NATIVE_WINDOWS */
+#ifdef CONFIG_READLINE
+ cmd = readline("> ");
+ if (cmd && *cmd) {
+ HIST_ENTRY *h;
+ while (next_history())
+ ;
+ h = previous_history();
+ if (h == NULL || os_strcmp(cmd, h->line) != 0)
+ add_history(cmd);
+ next_history();
+ }
+#else /* CONFIG_READLINE */
+ printf("> ");
+ cmd = fgets(cmdbuf, sizeof(cmdbuf), stdin);
+#endif /* CONFIG_READLINE */
+#ifndef CONFIG_NATIVE_WINDOWS
+ alarm(0);
+#endif /* CONFIG_NATIVE_WINDOWS */
+ if (cmd == NULL)
+ break;
+ wpa_cli_recv_pending(ctrl_conn, 0, 0);
+ pos = cmd;
+ while (*pos != '\0') {
+ if (*pos == '\n') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+ argc = 0;
+ pos = cmd;
+ for (;;) {
+ while (*pos == ' ')
+ pos++;
+ if (*pos == '\0')
+ break;
+ argv[argc] = pos;
+ argc++;
+ if (argc == max_args)
+ break;
+ if (*pos == '"') {
+ char *pos2 = os_strrchr(pos, '"');
+ if (pos2)
+ pos = pos2 + 1;
+ }
+ while (*pos != '\0' && *pos != ' ')
+ pos++;
+ if (*pos == ' ')
+ *pos++ = '\0';
+ }
+ if (argc)
+ wpa_request(ctrl_conn, argc, argv);
+
+ if (cmd != cmdbuf)
+ os_free(cmd);
+ } while (!wpa_cli_quit);
+
+#ifdef CONFIG_READLINE
+ if (hfile) {
+ /* Save command history, excluding lines that may contain
+ * passwords. */
+ HIST_ENTRY *h;
+ history_set_pos(0);
+ h = next_history();
+ while (h) {
+ char *p = h->line;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ if (os_strncasecmp(p, "pa", 2) == 0 ||
+ os_strncasecmp(p, "o", 1) == 0 ||
+ os_strncasecmp(p, "n", 1)) {
+ h = remove_history(where_history());
+ if (h) {
+ os_free(h->line);
+ os_free(h->data);
+ os_free(h);
+ }
+ h = current_history();
+ } else {
+ h = next_history();
+ }
+ }
+ write_history(hfile);
+ os_free(hfile);
+ }
+#endif /* CONFIG_READLINE */
+}
+
+
+static void wpa_cli_action(struct wpa_ctrl *ctrl)
+{
+#ifdef CONFIG_ANSI_C_EXTRA
+ /* TODO: ANSI C version(?) */
+ printf("Action processing not supported in ANSI C build.\n");
+#else /* CONFIG_ANSI_C_EXTRA */
+ fd_set rfds;
+ int fd, res;
+ struct timeval tv;
+ char buf[256]; /* note: large enough to fit in unsolicited messages */
+ size_t len;
+
+ fd = wpa_ctrl_get_fd(ctrl);
+
+ while (!wpa_cli_quit) {
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
+ tv.tv_sec = 2;
+ tv.tv_usec = 0;
+ res = select(fd + 1, &rfds, NULL, NULL, &tv);
+ if (res < 0 && errno != EINTR) {
+ perror("select");
+ break;
+ }
+
+ if (FD_ISSET(fd, &rfds))
+ wpa_cli_recv_pending(ctrl, 0, 1);
+ else {
+ /* verify that connection is still working */
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_request(ctrl, "PING", 4, buf, &len,
+ wpa_cli_action_cb) < 0 ||
+ len < 4 || os_memcmp(buf, "PONG", 4) != 0) {
+ printf("wpa_supplicant did not reply to PING "
+ "command - exiting\n");
+ break;
+ }
+ }
+ }
+#endif /* CONFIG_ANSI_C_EXTRA */
+}
+
+
+static void wpa_cli_cleanup(void)
+{
+ wpa_cli_close_connection();
+ if (pid_file)
+ os_daemonize_terminate(pid_file);
+
+ os_program_deinit();
+}
+
+static void wpa_cli_terminate(int sig)
+{
+ wpa_cli_cleanup();
+ exit(0);
+}
+
+
+#ifndef CONFIG_NATIVE_WINDOWS
+static void wpa_cli_alarm(int sig)
+{
+ if (ctrl_conn && _wpa_ctrl_command(ctrl_conn, "PING", 0)) {
+ printf("Connection to wpa_supplicant lost - trying to "
+ "reconnect\n");
+ wpa_cli_close_connection();
+ }
+ if (!ctrl_conn)
+ wpa_cli_reconnect();
+ if (ctrl_conn)
+ wpa_cli_recv_pending(ctrl_conn, 1, 0);
+ alarm(1);
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+
+static char * wpa_cli_get_default_ifname(void)
+{
+ char *ifname = NULL;
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ struct dirent *dent;
+ DIR *dir = opendir(ctrl_iface_dir);
+ if (!dir)
+ return NULL;
+ while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+ /*
+ * Skip the file if it is not a socket. Also accept
+ * DT_UNKNOWN (0) in case the C library or underlying
+ * file system does not support d_type.
+ */
+ if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
+ continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+ if (os_strcmp(dent->d_name, ".") == 0 ||
+ os_strcmp(dent->d_name, "..") == 0)
+ continue;
+ printf("Selected interface '%s'\n", dent->d_name);
+ ifname = os_strdup(dent->d_name);
+ break;
+ }
+ closedir(dir);
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ char buf[2048], *pos;
+ size_t len;
+ struct wpa_ctrl *ctrl;
+ int ret;
+
+ ctrl = wpa_ctrl_open(NULL);
+ if (ctrl == NULL)
+ return NULL;
+
+ len = sizeof(buf) - 1;
+ ret = wpa_ctrl_request(ctrl, "INTERFACES", 10, buf, &len, NULL);
+ if (ret >= 0) {
+ buf[len] = '\0';
+ pos = os_strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ ifname = os_strdup(buf);
+ }
+ wpa_ctrl_close(ctrl);
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+
+ return ifname;
+}
+
+
+int main(int argc, char *argv[])
+{
+ int interactive;
+ int warning_displayed = 0;
+ int c;
+ int daemonize = 0;
+ int ret = 0;
+ const char *global = NULL;
+
+ if (os_program_init())
+ return -1;
+
+ for (;;) {
+ c = getopt(argc, argv, "a:Bg:hi:p:P:v");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'a':
+ action_file = optarg;
+ break;
+ case 'B':
+ daemonize = 1;
+ break;
+ case 'g':
+ global = optarg;
+ break;
+ case 'h':
+ usage();
+ return 0;
+ case 'v':
+ printf("%s\n", wpa_cli_version);
+ return 0;
+ case 'i':
+ os_free(ctrl_ifname);
+ ctrl_ifname = os_strdup(optarg);
+ break;
+ case 'p':
+ ctrl_iface_dir = optarg;
+ break;
+ case 'P':
+ pid_file = optarg;
+ break;
+ default:
+ usage();
+ return -1;
+ }
+ }
+
+ interactive = (argc == optind) && (action_file == NULL);
+
+ if (interactive)
+ printf("%s\n\n%s\n\n", wpa_cli_version, wpa_cli_license);
+
+ if (global) {
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ ctrl_conn = wpa_ctrl_open(NULL);
+#else /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+ ctrl_conn = wpa_ctrl_open(global);
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+ if (ctrl_conn == NULL) {
+ perror("Failed to connect to wpa_supplicant - "
+ "wpa_ctrl_open");
+ return -1;
+ }
+ }
+
+ for (; !global;) {
+ if (ctrl_ifname == NULL)
+ ctrl_ifname = wpa_cli_get_default_ifname();
+ ctrl_conn = wpa_cli_open_connection(ctrl_ifname);
+ if (ctrl_conn) {
+ if (warning_displayed)
+ printf("Connection established.\n");
+ break;
+ }
+
+ if (!interactive) {
+ perror("Failed to connect to wpa_supplicant - "
+ "wpa_ctrl_open");
+ return -1;
+ }
+
+ if (!warning_displayed) {
+ printf("Could not connect to wpa_supplicant - "
+ "re-trying\n");
+ warning_displayed = 1;
+ }
+ os_sleep(1, 0);
+ continue;
+ }
+
+#ifndef _WIN32_WCE
+ signal(SIGINT, wpa_cli_terminate);
+ signal(SIGTERM, wpa_cli_terminate);
+#endif /* _WIN32_WCE */
+#ifndef CONFIG_NATIVE_WINDOWS
+ signal(SIGALRM, wpa_cli_alarm);
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ if (interactive || action_file) {
+ if (wpa_ctrl_attach(ctrl_conn) == 0) {
+ wpa_cli_attached = 1;
+ } else {
+ printf("Warning: Failed to attach to "
+ "wpa_supplicant.\n");
+ if (!interactive)
+ return -1;
+ }
+ }
+
+ if (daemonize && os_daemonize(pid_file))
+ return -1;
+
+ if (interactive)
+ wpa_cli_interactive();
+ else if (action_file)
+ wpa_cli_action(ctrl_conn);
+ else
+ ret = wpa_request(ctrl_conn, argc - optind, &argv[optind]);
+
+ os_free(ctrl_ifname);
+ wpa_cli_cleanup();
+
+ return ret;
+}
+
+#else /* CONFIG_CTRL_IFACE */
+int main(int argc, char *argv[])
+{
+ printf("CONFIG_CTRL_IFACE not defined - wpa_cli disabled\n");
+ return -1;
+}
+#endif /* CONFIG_CTRL_IFACE */
--- /dev/null
+/*
+ * WPA definitions shared between hostapd and wpa_supplicant
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_COMMON_H
+#define WPA_COMMON_H
+
+#define WPA_REPLAY_COUNTER_LEN 8
+#define WPA_NONCE_LEN 32
+#define WPA_KEY_RSC_LEN 8
+
+
+/* IEEE Std 802.1X-2004 */
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct ieee802_1x_hdr {
+ u8 version;
+ u8 type;
+ u16 length;
+ /* followed by length octets of data */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define EAPOL_VERSION 2
+
+enum { IEEE802_1X_TYPE_EAP_PACKET = 0,
+ IEEE802_1X_TYPE_EAPOL_START = 1,
+ IEEE802_1X_TYPE_EAPOL_LOGOFF = 2,
+ IEEE802_1X_TYPE_EAPOL_KEY = 3,
+ IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT = 4
+};
+
+enum { EAPOL_KEY_TYPE_RC4 = 1, EAPOL_KEY_TYPE_RSN = 2,
+ EAPOL_KEY_TYPE_WPA = 254 };
+
+#ifdef CONFIG_IEEE80211W
+#define WPA_DGTK_LEN 16
+#define WPA_DHV_LEN 16
+#define WPA_IGTK_LEN 16
+#endif /* CONFIG_IEEE80211W */
+
+#endif /* WPA_COMMON_H */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd control interface library
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifdef CONFIG_CTRL_IFACE
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+#include <sys/un.h>
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+
+#include "wpa_ctrl.h"
+#include "common.h"
+
+
+#if defined(CONFIG_CTRL_IFACE_UNIX) || defined(CONFIG_CTRL_IFACE_UDP)
+#define CTRL_IFACE_SOCKET
+#endif /* CONFIG_CTRL_IFACE_UNIX || CONFIG_CTRL_IFACE_UDP */
+
+
+/**
+ * struct wpa_ctrl - Internal structure for control interface library
+ *
+ * This structure is used by the wpa_supplicant/hostapd control interface
+ * library to store internal data. Programs using the library should not touch
+ * this data directly. They can only use the pointer to the data structure as
+ * an identifier for the control interface connection and use this as one of
+ * the arguments for most of the control interface library functions.
+ */
+struct wpa_ctrl {
+#ifdef CONFIG_CTRL_IFACE_UDP
+ int s;
+ struct sockaddr_in local;
+ struct sockaddr_in dest;
+ char *cookie;
+#endif /* CONFIG_CTRL_IFACE_UDP */
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ int s;
+ struct sockaddr_un local;
+ struct sockaddr_un dest;
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ HANDLE pipe;
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+};
+
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+
+struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path)
+{
+ struct wpa_ctrl *ctrl;
+ static int counter = 0;
+
+ ctrl = os_malloc(sizeof(*ctrl));
+ if (ctrl == NULL)
+ return NULL;
+ os_memset(ctrl, 0, sizeof(*ctrl));
+
+ ctrl->s = socket(PF_UNIX, SOCK_DGRAM, 0);
+ if (ctrl->s < 0) {
+ os_free(ctrl);
+ return NULL;
+ }
+
+ ctrl->local.sun_family = AF_UNIX;
+ os_snprintf(ctrl->local.sun_path, sizeof(ctrl->local.sun_path),
+ "/tmp/wpa_ctrl_%d-%d", getpid(), counter++);
+ if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
+ sizeof(ctrl->local)) < 0) {
+ close(ctrl->s);
+ os_free(ctrl);
+ return NULL;
+ }
+
+ ctrl->dest.sun_family = AF_UNIX;
+ os_snprintf(ctrl->dest.sun_path, sizeof(ctrl->dest.sun_path), "%s",
+ ctrl_path);
+ if (connect(ctrl->s, (struct sockaddr *) &ctrl->dest,
+ sizeof(ctrl->dest)) < 0) {
+ close(ctrl->s);
+ unlink(ctrl->local.sun_path);
+ os_free(ctrl);
+ return NULL;
+ }
+
+ return ctrl;
+}
+
+
+void wpa_ctrl_close(struct wpa_ctrl *ctrl)
+{
+ unlink(ctrl->local.sun_path);
+ close(ctrl->s);
+ os_free(ctrl);
+}
+
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+
+
+#ifdef CONFIG_CTRL_IFACE_UDP
+
+struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path)
+{
+ struct wpa_ctrl *ctrl;
+ char buf[128];
+ size_t len;
+
+ ctrl = os_malloc(sizeof(*ctrl));
+ if (ctrl == NULL)
+ return NULL;
+ os_memset(ctrl, 0, sizeof(*ctrl));
+
+ ctrl->s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (ctrl->s < 0) {
+ perror("socket");
+ os_free(ctrl);
+ return NULL;
+ }
+
+ ctrl->local.sin_family = AF_INET;
+ ctrl->local.sin_addr.s_addr = htonl((127 << 24) | 1);
+ if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
+ sizeof(ctrl->local)) < 0) {
+ close(ctrl->s);
+ os_free(ctrl);
+ return NULL;
+ }
+
+ ctrl->dest.sin_family = AF_INET;
+ ctrl->dest.sin_addr.s_addr = htonl((127 << 24) | 1);
+ ctrl->dest.sin_port = htons(WPA_CTRL_IFACE_PORT);
+ if (connect(ctrl->s, (struct sockaddr *) &ctrl->dest,
+ sizeof(ctrl->dest)) < 0) {
+ perror("connect");
+ close(ctrl->s);
+ os_free(ctrl);
+ return NULL;
+ }
+
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_request(ctrl, "GET_COOKIE", 10, buf, &len, NULL) == 0) {
+ buf[len] = '\0';
+ ctrl->cookie = strdup(buf);
+ }
+
+ return ctrl;
+}
+
+
+void wpa_ctrl_close(struct wpa_ctrl *ctrl)
+{
+ close(ctrl->s);
+ os_free(ctrl->cookie);
+ os_free(ctrl);
+}
+
+#endif /* CONFIG_CTRL_IFACE_UDP */
+
+
+#ifdef CTRL_IFACE_SOCKET
+int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len,
+ char *reply, size_t *reply_len,
+ void (*msg_cb)(char *msg, size_t len))
+{
+ struct timeval tv;
+ int res;
+ fd_set rfds;
+ const char *_cmd;
+ char *cmd_buf = NULL;
+ size_t _cmd_len;
+
+#ifdef CONFIG_CTRL_IFACE_UDP
+ if (ctrl->cookie) {
+ char *pos;
+ _cmd_len = strlen(ctrl->cookie) + 1 + cmd_len;
+ cmd_buf = os_malloc(_cmd_len );
+ if (cmd_buf == NULL)
+ return -1;
+ _cmd = cmd_buf;
+ pos = cmd_buf;
+ strcpy(pos, ctrl->cookie);
+ pos += strlen(ctrl->cookie);
+ *pos++ = ' ';
+ memcpy(pos, cmd, cmd_len);
+ } else
+#endif /* CONFIG_CTRL_IFACE_UDP */
+ {
+ _cmd = cmd;
+ _cmd_len = cmd_len;
+ }
+
+ if (send(ctrl->s, _cmd, _cmd_len, 0) < 0) {
+ os_free(cmd_buf);
+ return -1;
+ }
+ os_free(cmd_buf);
+
+ for (;;) {
+ tv.tv_sec = 2;
+ tv.tv_usec = 0;
+ FD_ZERO(&rfds);
+ FD_SET(ctrl->s, &rfds);
+ res = select(ctrl->s + 1, &rfds, NULL, NULL, &tv);
+ if (FD_ISSET(ctrl->s, &rfds)) {
+ res = recv(ctrl->s, reply, *reply_len, 0);
+ if (res < 0)
+ return res;
+ if (res > 0 && reply[0] == '<') {
+ /* This is an unsolicited message from
+ * wpa_supplicant, not the reply to the
+ * request. Use msg_cb to report this to the
+ * caller. */
+ if (msg_cb) {
+ /* Make sure the message is nul
+ * terminated. */
+ if ((size_t) res == *reply_len)
+ res = (*reply_len) - 1;
+ reply[res] = '\0';
+ msg_cb(reply, res);
+ }
+ continue;
+ }
+ *reply_len = res;
+ break;
+ } else {
+ return -2;
+ }
+ }
+ return 0;
+}
+#endif /* CTRL_IFACE_SOCKET */
+
+
+static int wpa_ctrl_attach_helper(struct wpa_ctrl *ctrl, int attach)
+{
+ char buf[10];
+ int ret;
+ size_t len = 10;
+
+ ret = wpa_ctrl_request(ctrl, attach ? "ATTACH" : "DETACH", 6,
+ buf, &len, NULL);
+ if (ret < 0)
+ return ret;
+ if (len == 3 && os_memcmp(buf, "OK\n", 3) == 0)
+ return 0;
+ return -1;
+}
+
+
+int wpa_ctrl_attach(struct wpa_ctrl *ctrl)
+{
+ return wpa_ctrl_attach_helper(ctrl, 1);
+}
+
+
+int wpa_ctrl_detach(struct wpa_ctrl *ctrl)
+{
+ return wpa_ctrl_attach_helper(ctrl, 0);
+}
+
+
+#ifdef CTRL_IFACE_SOCKET
+
+int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len)
+{
+ int res;
+
+ res = recv(ctrl->s, reply, *reply_len, 0);
+ if (res < 0)
+ return res;
+ *reply_len = res;
+ return 0;
+}
+
+
+int wpa_ctrl_pending(struct wpa_ctrl *ctrl)
+{
+ struct timeval tv;
+ fd_set rfds;
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+ FD_ZERO(&rfds);
+ FD_SET(ctrl->s, &rfds);
+ select(ctrl->s + 1, &rfds, NULL, NULL, &tv);
+ return FD_ISSET(ctrl->s, &rfds);
+}
+
+
+int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl)
+{
+ return ctrl->s;
+}
+
+#endif /* CTRL_IFACE_SOCKET */
+
+
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+
+#ifndef WPA_SUPPLICANT_NAMED_PIPE
+#define WPA_SUPPLICANT_NAMED_PIPE "WpaSupplicant"
+#endif
+#define NAMED_PIPE_PREFIX TEXT("\\\\.\\pipe\\") TEXT(WPA_SUPPLICANT_NAMED_PIPE)
+
+struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path)
+{
+ struct wpa_ctrl *ctrl;
+ DWORD mode;
+ TCHAR name[256];
+ int i;
+
+ ctrl = os_malloc(sizeof(*ctrl));
+ if (ctrl == NULL)
+ return NULL;
+ os_memset(ctrl, 0, sizeof(*ctrl));
+
+#ifdef UNICODE
+ if (ctrl_path == NULL)
+ _snwprintf(name, 256, NAMED_PIPE_PREFIX);
+ else
+ _snwprintf(name, 256, NAMED_PIPE_PREFIX TEXT("-%S"),
+ ctrl_path);
+#else /* UNICODE */
+ if (ctrl_path == NULL)
+ os_snprintf(name, 256, NAMED_PIPE_PREFIX);
+ else
+ os_snprintf(name, 256, NAMED_PIPE_PREFIX "-%s",
+ ctrl_path);
+#endif /* UNICODE */
+
+ for (i = 0; i < 10; i++) {
+ ctrl->pipe = CreateFile(name, GENERIC_READ | GENERIC_WRITE, 0,
+ NULL, OPEN_EXISTING, 0, NULL);
+ /*
+ * Current named pipe server side in wpa_supplicant is
+ * re-opening the pipe for new clients only after the previous
+ * one is taken into use. This leaves a small window for race
+ * conditions when two connections are being opened at almost
+ * the same time. Retry if that was the case.
+ */
+ if (ctrl->pipe != INVALID_HANDLE_VALUE ||
+ GetLastError() != ERROR_PIPE_BUSY)
+ break;
+ WaitNamedPipe(name, 1000);
+ }
+ if (ctrl->pipe == INVALID_HANDLE_VALUE) {
+ os_free(ctrl);
+ return NULL;
+ }
+
+ mode = PIPE_READMODE_MESSAGE;
+ if (!SetNamedPipeHandleState(ctrl->pipe, &mode, NULL, NULL)) {
+ CloseHandle(ctrl->pipe);
+ os_free(ctrl);
+ return NULL;
+ }
+
+ return ctrl;
+}
+
+
+void wpa_ctrl_close(struct wpa_ctrl *ctrl)
+{
+ CloseHandle(ctrl->pipe);
+ os_free(ctrl);
+}
+
+
+int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len,
+ char *reply, size_t *reply_len,
+ void (*msg_cb)(char *msg, size_t len))
+{
+ DWORD written;
+ DWORD readlen = *reply_len;
+
+ if (!WriteFile(ctrl->pipe, cmd, cmd_len, &written, NULL))
+ return -1;
+
+ if (!ReadFile(ctrl->pipe, reply, *reply_len, &readlen, NULL))
+ return -1;
+ *reply_len = readlen;
+
+ return 0;
+}
+
+
+int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len)
+{
+ DWORD len = *reply_len;
+ if (!ReadFile(ctrl->pipe, reply, *reply_len, &len, NULL))
+ return -1;
+ *reply_len = len;
+ return 0;
+}
+
+
+int wpa_ctrl_pending(struct wpa_ctrl *ctrl)
+{
+ DWORD left;
+
+ if (!PeekNamedPipe(ctrl->pipe, NULL, 0, NULL, &left, NULL))
+ return -1;
+ return left ? 1 : 0;
+}
+
+
+int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl)
+{
+ return -1;
+}
+
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+
+#endif /* CONFIG_CTRL_IFACE */
--- /dev/null
+/*
+ * wpa_supplicant/hostapd control interface library
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_CTRL_H
+#define WPA_CTRL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* wpa_supplicant control interface - fixed message prefixes */
+
+/** Interactive request for identity/password/pin */
+#define WPA_CTRL_REQ "CTRL-REQ-"
+
+/** Response to identity/password/pin request */
+#define WPA_CTRL_RSP "CTRL-RSP-"
+
+/* Event messages with fixed prefix */
+/** Authentication completed successfully and data connection enabled */
+#define WPA_EVENT_CONNECTED "CTRL-EVENT-CONNECTED "
+/** Disconnected, data connection is not available */
+#define WPA_EVENT_DISCONNECTED "CTRL-EVENT-DISCONNECTED "
+/** wpa_supplicant is exiting */
+#define WPA_EVENT_TERMINATING "CTRL-EVENT-TERMINATING "
+/** Password change was completed successfully */
+#define WPA_EVENT_PASSWORD_CHANGED "CTRL-EVENT-PASSWORD-CHANGED "
+/** EAP-Request/Notification received */
+#define WPA_EVENT_EAP_NOTIFICATION "CTRL-EVENT-EAP-NOTIFICATION "
+/** EAP authentication started (EAP-Request/Identity received) */
+#define WPA_EVENT_EAP_STARTED "CTRL-EVENT-EAP-STARTED "
+/** EAP method selected */
+#define WPA_EVENT_EAP_METHOD "CTRL-EVENT-EAP-METHOD "
+/** EAP authentication completed successfully */
+#define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
+/** EAP authentication failed (EAP-Failure received) */
+#define WPA_EVENT_EAP_FAILURE "CTRL-EVENT-EAP-FAILURE "
+
+
+/* wpa_supplicant/hostapd control interface access */
+
+/**
+ * wpa_ctrl_open - Open a control interface to wpa_supplicant/hostapd
+ * @ctrl_path: Path for UNIX domain sockets; ignored if UDP sockets are used.
+ * Returns: Pointer to abstract control interface data or %NULL on failure
+ *
+ * This function is used to open a control interface to wpa_supplicant/hostapd.
+ * ctrl_path is usually /var/run/wpa_supplicant or /var/run/hostapd. This path
+ * is configured in wpa_supplicant/hostapd and other programs using the control
+ * interface need to use matching path configuration.
+ */
+struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path);
+
+
+/**
+ * wpa_ctrl_close - Close a control interface to wpa_supplicant/hostapd
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ *
+ * This function is used to close a control interface.
+ */
+void wpa_ctrl_close(struct wpa_ctrl *ctrl);
+
+
+/**
+ * wpa_ctrl_request - Send a command to wpa_supplicant/hostapd
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * @cmd: Command; usually, ASCII text, e.g., "PING"
+ * @cmd_len: Length of the cmd in bytes
+ * @reply: Buffer for the response
+ * @reply_len: Reply buffer length
+ * @msg_cb: Callback function for unsolicited messages or %NULL if not used
+ * Returns: 0 on success, -1 on error (send or receive failed), -2 on timeout
+ *
+ * This function is used to send commands to wpa_supplicant/hostapd. Received
+ * response will be written to reply and reply_len is set to the actual length
+ * of the reply. This function will block for up to two seconds while waiting
+ * for the reply. If unsolicited messages are received, the blocking time may
+ * be longer.
+ *
+ * msg_cb can be used to register a callback function that will be called for
+ * unsolicited messages received while waiting for the command response. These
+ * messages may be received if wpa_ctrl_request() is called at the same time as
+ * wpa_supplicant/hostapd is sending such a message. This can happen only if
+ * the program has used wpa_ctrl_attach() to register itself as a monitor for
+ * event messages. Alternatively to msg_cb, programs can register two control
+ * interface connections and use one of them for commands and the other one for
+ * receiving event messages, in other words, call wpa_ctrl_attach() only for
+ * the control interface connection that will be used for event messages.
+ */
+int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len,
+ char *reply, size_t *reply_len,
+ void (*msg_cb)(char *msg, size_t len));
+
+
+/**
+ * wpa_ctrl_attach - Register as an event monitor for the control interface
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * Returns: 0 on success, -1 on failure, -2 on timeout
+ *
+ * This function registers the control interface connection as a monitor for
+ * wpa_supplicant/hostapd events. After a success wpa_ctrl_attach() call, the
+ * control interface connection starts receiving event messages that can be
+ * read with wpa_ctrl_recv().
+ */
+int wpa_ctrl_attach(struct wpa_ctrl *ctrl);
+
+
+/**
+ * wpa_ctrl_detach - Unregister event monitor from the control interface
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * Returns: 0 on success, -1 on failure, -2 on timeout
+ *
+ * This function unregisters the control interface connection as a monitor for
+ * wpa_supplicant/hostapd events, i.e., cancels the registration done with
+ * wpa_ctrl_attach().
+ */
+int wpa_ctrl_detach(struct wpa_ctrl *ctrl);
+
+
+/**
+ * wpa_ctrl_recv - Receive a pending control interface message
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * @reply: Buffer for the message data
+ * @reply_len: Length of the reply buffer
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function will receive a pending control interface message. This
+ * function will block if no messages are available. The received response will
+ * be written to reply and reply_len is set to the actual length of the reply.
+ * wpa_ctrl_recv() is only used for event messages, i.e., wpa_ctrl_attach()
+ * must have been used to register the control interface as an event monitor.
+ */
+int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len);
+
+
+/**
+ * wpa_ctrl_pending - Check whether there are pending event messages
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * Returns: 1 if there are pending messages, 0 if no, or -1 on error
+ *
+ * This function will check whether there are any pending control interface
+ * message available to be received with wpa_ctrl_recv(). wpa_ctrl_pending() is
+ * only used for event messages, i.e., wpa_ctrl_attach() must have been used to
+ * register the control interface as an event monitor.
+ */
+int wpa_ctrl_pending(struct wpa_ctrl *ctrl);
+
+
+/**
+ * wpa_ctrl_get_fd - Get file descriptor used by the control interface
+ * @ctrl: Control interface data from wpa_ctrl_open()
+ * Returns: File descriptor used for the connection
+ *
+ * This function can be used to get the file descriptor that is used for the
+ * control interface connection. The returned value can be used, e.g., with
+ * select() while waiting for multiple events.
+ *
+ * The returned file descriptor must not be used directly for sending or
+ * receiving packets; instead, the library functions wpa_ctrl_request() and
+ * wpa_ctrl_recv() must be used for this.
+ */
+int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl);
+
+#ifdef CONFIG_CTRL_IFACE_UDP
+#define WPA_CTRL_IFACE_PORT 9877
+#define WPA_GLOBAL_CTRL_IFACE_PORT 9878
+#endif /* CONFIG_CTRL_IFACE_UDP */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WPA_CTRL_H */
--- /dev/null
+.moc
+.obj
+.ui
+Makefile
+wpa_gui
--- /dev/null
+/*
+ * wpa_gui - EventHistory class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <QHeaderView>
+
+#include "eventhistory.h"
+
+
+int EventListModel::rowCount(const QModelIndex &) const
+{
+ return msgList.count();
+}
+
+
+int EventListModel::columnCount(const QModelIndex &) const
+{
+ return 2;
+}
+
+
+QVariant EventListModel::data(const QModelIndex &index, int role) const
+{
+ if (!index.isValid())
+ return QVariant();
+
+ if (role == Qt::DisplayRole)
+ if (index.column() == 0) {
+ if (index.row() >= timeList.size())
+ return QVariant();
+ return timeList.at(index.row());
+ } else {
+ if (index.row() >= msgList.size())
+ return QVariant();
+ return msgList.at(index.row());
+ }
+ else
+ return QVariant();
+}
+
+
+QVariant EventListModel::headerData(int section, Qt::Orientation orientation,
+ int role) const
+{
+ if (role != Qt::DisplayRole)
+ return QVariant();
+
+ if (orientation == Qt::Horizontal) {
+ switch (section) {
+ case 0:
+ return QString("Timestamp");
+ case 1:
+ return QString("Message");
+ default:
+ return QVariant();
+ }
+ } else
+ return QString("%1").arg(section);
+}
+
+
+void EventListModel::addEvent(QString time, QString msg)
+{
+ beginInsertRows(QModelIndex(), msgList.size(), msgList.size() + 1);
+ timeList << time;
+ msgList << msg;
+ endInsertRows();
+}
+
+
+EventHistory::EventHistory(QWidget *parent, const char *, bool, Qt::WFlags)
+ : QDialog(parent)
+{
+ setupUi(this);
+
+ connect(closeButton, SIGNAL(clicked()), this, SLOT(close()));
+
+ elm = new EventListModel(parent);
+ eventListView->setModel(elm);
+}
+
+
+EventHistory::~EventHistory()
+{
+ destroy();
+ delete elm;
+}
+
+
+void EventHistory::languageChange()
+{
+ retranslateUi(this);
+}
+
+
+void EventHistory::addEvents(WpaMsgList msgs)
+{
+ WpaMsgList::iterator it;
+ for (it = msgs.begin(); it != msgs.end(); it++)
+ addEvent(*it);
+}
+
+
+void EventHistory::addEvent(WpaMsg msg)
+{
+ elm->addEvent(msg.getTimestamp().toString("yyyy-MM-dd hh:mm:ss.zzz"),
+ msg.getMsg());
+#if QT_VERSION >= 0x040100
+ eventListView->resizeColumnsToContents();
+ eventListView->resizeRowsToContents();
+#endif
+}
--- /dev/null
+/*
+ * wpa_gui - EventHistory class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EVENTHISTORY_H
+#define EVENTHISTORY_H
+
+#include <QObject>
+#include "ui_eventhistory.h"
+
+
+class EventListModel : public QAbstractTableModel
+{
+ Q_OBJECT
+
+public:
+ EventListModel(QObject *parent = 0)
+ : QAbstractTableModel(parent) {}
+
+ int rowCount(const QModelIndex &parent = QModelIndex()) const;
+ int columnCount(const QModelIndex &parent = QModelIndex()) const;
+ QVariant data(const QModelIndex &index, int role) const;
+ QVariant headerData(int section, Qt::Orientation orientation,
+ int role = Qt::DisplayRole) const;
+ void addEvent(QString time, QString msg);
+
+private:
+ QStringList timeList;
+ QStringList msgList;
+};
+
+
+class EventHistory : public QDialog, public Ui::EventHistory
+{
+ Q_OBJECT
+
+public:
+ EventHistory(QWidget *parent = 0, const char *name = 0,
+ bool modal = false, Qt::WFlags fl = 0);
+ ~EventHistory();
+
+public slots:
+ virtual void addEvents(WpaMsgList msgs);
+ virtual void addEvent(WpaMsg msg);
+
+protected slots:
+ virtual void languageChange();
+
+private:
+ EventListModel *elm;
+};
+
+#endif /* EVENTHISTORY_H */
--- /dev/null
+<ui version="4.0" stdsetdef="1" >
+ <author></author>
+ <comment></comment>
+ <exportmacro></exportmacro>
+ <class>EventHistory</class>
+ <widget class="QDialog" name="EventHistory" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>533</width>
+ <height>285</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>Event history</string>
+ </property>
+ <layout class="QVBoxLayout" >
+ <item>
+ <widget class="QTableView" name="eventListView" >
+ <property name="sizePolicy" >
+ <sizepolicy>
+ <hsizetype>7</hsizetype>
+ <vsizetype>7</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="selectionMode" >
+ <enum>QAbstractItemView::NoSelection</enum>
+ </property>
+ <column>
+ <property name="text" >
+ <string>Timestamp</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text" >
+ <string>Message</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" >
+ <property name="margin" >
+ <number>0</number>
+ </property>
+ <item>
+ <spacer name="spacer3" >
+ <property name="sizeHint" >
+ <size>
+ <width>20</width>
+ <height>20</height>
+ </size>
+ </property>
+ <property name="sizeType" >
+ <enum>Expanding</enum>
+ </property>
+ <property name="orientation" >
+ <enum>Horizontal</enum>
+ </property>
+ </spacer>
+ </item>
+ <item>
+ <widget class="QPushButton" name="closeButton" >
+ <property name="text" >
+ <string>Close</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+ <includes>
+ <include location="local" >wpamsg.h</include>
+ </includes>
+</ui>
--- /dev/null
+/*
+ * wpa_gui - Application startup
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+#include <QApplication>
+#include "wpagui.h"
+
+int main(int argc, char *argv[])
+{
+ QApplication app(argc, argv);
+ WpaGui w;
+ int ret;
+
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSADATA wsaData;
+ if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
+ printf("Could not find a usable WinSock.dll\n");
+ return -1;
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ w.show();
+ app.connect(&app, SIGNAL(lastWindowClosed()), &app, SLOT(quit()));
+ ret = app.exec();
+
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSACleanup();
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ return ret;
+}
--- /dev/null
+/*
+ * wpa_gui - NetworkConfig class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <QMessageBox>
+
+#include "networkconfig.h"
+#include "wpagui.h"
+
+enum {
+ AUTH_NONE = 0,
+ AUTH_IEEE8021X = 1,
+ AUTH_WPA_PSK = 2,
+ AUTH_WPA_EAP = 3,
+ AUTH_WPA2_PSK = 4,
+ AUTH_WPA2_EAP = 5
+};
+
+#define WPA_GUI_KEY_DATA "[key is configured]"
+
+
+NetworkConfig::NetworkConfig(QWidget *parent, const char *, bool, Qt::WFlags)
+ : QDialog(parent)
+{
+ setupUi(this);
+
+ connect(authSelect, SIGNAL(activated(int)), this,
+ SLOT(authChanged(int)));
+ connect(cancelButton, SIGNAL(clicked()), this, SLOT(close()));
+ connect(addButton, SIGNAL(clicked()), this, SLOT(addNetwork()));
+ connect(encrSelect, SIGNAL(activated(const QString &)), this,
+ SLOT(encrChanged(const QString &)));
+ connect(removeButton, SIGNAL(clicked()), this, SLOT(removeNetwork()));
+
+ wpagui = NULL;
+ new_network = false;
+}
+
+
+NetworkConfig::~NetworkConfig()
+{
+}
+
+
+void NetworkConfig::languageChange()
+{
+ retranslateUi(this);
+}
+
+
+void NetworkConfig::paramsFromScanResults(Q3ListViewItem *sel)
+{
+ new_network = true;
+
+ /* SSID BSSID frequency signal flags */
+ setCaption(sel->text(0));
+ ssidEdit->setText(sel->text(0));
+
+ QString flags = sel->text(4);
+ int auth, encr = 0;
+ if (flags.find("[WPA2-EAP") >= 0)
+ auth = AUTH_WPA2_EAP;
+ else if (flags.find("[WPA-EAP") >= 0)
+ auth = AUTH_WPA_EAP;
+ else if (flags.find("[WPA2-PSK") >= 0)
+ auth = AUTH_WPA2_PSK;
+ else if (flags.find("[WPA-PSK") >= 0)
+ auth = AUTH_WPA_PSK;
+ else
+ auth = AUTH_NONE;
+
+ if (flags.find("-CCMP") >= 0)
+ encr = 1;
+ else if (flags.find("-TKIP") >= 0)
+ encr = 0;
+ else if (flags.find("WEP") >= 0)
+ encr = 1;
+ else
+ encr = 0;
+
+ authSelect->setCurrentItem(auth);
+ authChanged(auth);
+ encrSelect->setCurrentItem(encr);
+
+ getEapCapa();
+}
+
+
+void NetworkConfig::authChanged(int sel)
+{
+ pskEdit->setEnabled(sel == AUTH_WPA_PSK || sel == AUTH_WPA2_PSK);
+ bool eap = sel == AUTH_IEEE8021X || sel == AUTH_WPA_EAP ||
+ sel == AUTH_WPA2_EAP;
+ eapSelect->setEnabled(eap);
+ identityEdit->setEnabled(eap);
+ passwordEdit->setEnabled(eap);
+ cacertEdit->setEnabled(eap);
+
+ while (encrSelect->count())
+ encrSelect->removeItem(0);
+
+ if (sel == AUTH_NONE || sel == AUTH_IEEE8021X) {
+ encrSelect->insertItem("None");
+ encrSelect->insertItem("WEP");
+ encrSelect->setCurrentItem(sel == AUTH_NONE ? 0 : 1);
+ } else {
+ encrSelect->insertItem("TKIP");
+ encrSelect->insertItem("CCMP");
+ encrSelect->setCurrentItem((sel == AUTH_WPA2_PSK ||
+ sel == AUTH_WPA2_EAP) ? 1 : 0);
+ }
+
+ wepEnabled(sel == AUTH_IEEE8021X);
+}
+
+
+void NetworkConfig::addNetwork()
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+ int id;
+ int psklen = pskEdit->text().length();
+ int auth = authSelect->currentItem();
+
+ if (auth == AUTH_WPA_PSK || auth == AUTH_WPA2_PSK) {
+ if (psklen < 8 || psklen > 64) {
+ QMessageBox::warning(this, "wpa_gui",
+ "WPA-PSK requires a passphrase "
+ "of 8 to 63 characters\n"
+ "or 64 hex digit PSK");
+ return;
+ }
+ }
+
+ if (wpagui == NULL)
+ return;
+
+ memset(reply, 0, sizeof(reply));
+ reply_len = sizeof(reply) - 1;
+
+ if (new_network) {
+ wpagui->ctrlRequest("ADD_NETWORK", reply, &reply_len);
+ if (reply[0] == 'F') {
+ QMessageBox::warning(this, "wpa_gui", "Failed to add "
+ "network to wpa_supplicant\n"
+ "configuration.");
+ return;
+ }
+ id = atoi(reply);
+ } else
+ id = edit_network_id;
+
+ setNetworkParam(id, "ssid", ssidEdit->text().ascii(), true);
+
+ const char *key_mgmt = NULL, *proto = NULL, *pairwise = NULL;
+ switch (auth) {
+ case AUTH_NONE:
+ key_mgmt = "NONE";
+ break;
+ case AUTH_IEEE8021X:
+ key_mgmt = "IEEE8021X";
+ break;
+ case AUTH_WPA_PSK:
+ key_mgmt = "WPA-PSK";
+ proto = "WPA";
+ break;
+ case AUTH_WPA_EAP:
+ key_mgmt = "WPA-EAP";
+ proto = "WPA";
+ break;
+ case AUTH_WPA2_PSK:
+ key_mgmt = "WPA-PSK";
+ proto = "WPA2";
+ break;
+ case AUTH_WPA2_EAP:
+ key_mgmt = "WPA-EAP";
+ proto = "WPA2";
+ break;
+ }
+
+ if (auth == AUTH_WPA_PSK || auth == AUTH_WPA_EAP ||
+ auth == AUTH_WPA2_PSK || auth == AUTH_WPA2_EAP) {
+ int encr = encrSelect->currentItem();
+ if (encr == 0)
+ pairwise = "TKIP";
+ else
+ pairwise = "CCMP";
+ }
+
+ if (proto)
+ setNetworkParam(id, "proto", proto, false);
+ if (key_mgmt)
+ setNetworkParam(id, "key_mgmt", key_mgmt, false);
+ if (pairwise) {
+ setNetworkParam(id, "pairwise", pairwise, false);
+ setNetworkParam(id, "group", "TKIP CCMP WEP104 WEP40", false);
+ }
+ if (pskEdit->isEnabled() &&
+ strcmp(passwordEdit->text().ascii(), WPA_GUI_KEY_DATA) != 0)
+ setNetworkParam(id, "psk", pskEdit->text().ascii(),
+ psklen != 64);
+ if (eapSelect->isEnabled())
+ setNetworkParam(id, "eap", eapSelect->currentText().ascii(),
+ false);
+ if (identityEdit->isEnabled())
+ setNetworkParam(id, "identity", identityEdit->text().ascii(),
+ true);
+ if (passwordEdit->isEnabled() &&
+ strcmp(passwordEdit->text().ascii(), WPA_GUI_KEY_DATA) != 0)
+ setNetworkParam(id, "password", passwordEdit->text().ascii(),
+ true);
+ if (cacertEdit->isEnabled())
+ setNetworkParam(id, "ca_cert", cacertEdit->text().ascii(),
+ true);
+ writeWepKey(id, wep0Edit, 0);
+ writeWepKey(id, wep1Edit, 1);
+ writeWepKey(id, wep2Edit, 2);
+ writeWepKey(id, wep3Edit, 3);
+
+ if (wep0Radio->isEnabled() && wep0Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "0", false);
+ else if (wep1Radio->isEnabled() && wep1Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "1", false);
+ else if (wep2Radio->isEnabled() && wep2Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "2", false);
+ else if (wep3Radio->isEnabled() && wep3Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "3", false);
+
+ snprintf(cmd, sizeof(cmd), "ENABLE_NETWORK %d", id);
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (strncmp(reply, "OK", 2) != 0) {
+ QMessageBox::warning(this, "wpa_gui", "Failed to enable "
+ "network in wpa_supplicant\n"
+ "configuration.");
+ /* Network was added, so continue anyway */
+ }
+ wpagui->triggerUpdate();
+ wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
+
+ close();
+}
+
+
+void NetworkConfig::setWpaGui(WpaGui *_wpagui)
+{
+ wpagui = _wpagui;
+}
+
+
+int NetworkConfig::setNetworkParam(int id, const char *field,
+ const char *value, bool quote)
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+ snprintf(cmd, sizeof(cmd), "SET_NETWORK %d %s %s%s%s",
+ id, field, quote ? "\"" : "", value, quote ? "\"" : "");
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ return strncmp(reply, "OK", 2) == 0 ? 0 : -1;
+}
+
+
+void NetworkConfig::encrChanged(const QString &sel)
+{
+ wepEnabled(sel.find("WEP") == 0);
+}
+
+
+void NetworkConfig::wepEnabled(bool enabled)
+{
+ wep0Edit->setEnabled(enabled);
+ wep1Edit->setEnabled(enabled);
+ wep2Edit->setEnabled(enabled);
+ wep3Edit->setEnabled(enabled);
+ wep0Radio->setEnabled(enabled);
+ wep1Radio->setEnabled(enabled);
+ wep2Radio->setEnabled(enabled);
+ wep3Radio->setEnabled(enabled);
+}
+
+
+void NetworkConfig::writeWepKey(int network_id, QLineEdit *edit, int id)
+{
+ char buf[10];
+ bool hex;
+ const char *txt, *pos;
+ size_t len;
+
+ if (!edit->isEnabled() || edit->text().isEmpty())
+ return;
+
+ /*
+ * Assume hex key if only hex characters are present and length matches
+ * with 40, 104, or 128-bit key
+ */
+ txt = edit->text().ascii();
+ if (strcmp(txt, WPA_GUI_KEY_DATA) == 0)
+ return;
+ len = strlen(txt);
+ if (len == 0)
+ return;
+ pos = txt;
+ hex = true;
+ while (*pos) {
+ if (!((*pos >= '0' && *pos <= '9') ||
+ (*pos >= 'a' && *pos <= 'f') ||
+ (*pos >= 'A' && *pos <= 'F'))) {
+ hex = false;
+ break;
+ }
+ pos++;
+ }
+ if (hex && len != 10 && len != 26 && len != 32)
+ hex = false;
+ snprintf(buf, sizeof(buf), "wep_key%d", id);
+ setNetworkParam(network_id, buf, txt, !hex);
+}
+
+
+static int key_value_isset(const char *reply, size_t reply_len)
+{
+ return reply_len > 0 && (reply_len < 4 || memcmp(reply, "FAIL", 4) != 0);
+}
+
+
+void NetworkConfig::paramsFromConfig(int network_id)
+{
+ int i, res;
+
+ edit_network_id = network_id;
+ getEapCapa();
+
+ char reply[1024], cmd[256], *pos;
+ size_t reply_len;
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ssid", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
+ reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ ssidEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d proto", network_id);
+ reply_len = sizeof(reply) - 1;
+ int wpa = 0;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "RSN") || strstr(reply, "WPA2"))
+ wpa = 2;
+ else if (strstr(reply, "WPA"))
+ wpa = 1;
+ }
+
+ int auth = AUTH_NONE, encr = 0;
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d key_mgmt", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "WPA-EAP"))
+ auth = wpa & 2 ? AUTH_WPA2_EAP : AUTH_WPA_EAP;
+ else if (strstr(reply, "WPA-PSK"))
+ auth = wpa & 2 ? AUTH_WPA2_PSK : AUTH_WPA_PSK;
+ else if (strstr(reply, "IEEE8021X")) {
+ auth = AUTH_IEEE8021X;
+ encr = 1;
+ }
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d pairwise", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "CCMP"))
+ encr = 1;
+ else if (strstr(reply, "TKIP"))
+ encr = 0;
+ else if (strstr(reply, "WEP"))
+ encr = 1;
+ else
+ encr = 0;
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d psk", network_id);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ pskEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ pskEdit->setText(WPA_GUI_KEY_DATA);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d identity", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
+ reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ identityEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d password", network_id);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ passwordEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ passwordEdit->setText(WPA_GUI_KEY_DATA);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ca_cert", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
+ reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ cacertEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d eap", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
+ reply_len >= 1) {
+ reply[reply_len] = '\0';
+ for (i = 0; i < eapSelect->count(); i++) {
+ if (eapSelect->text(i).compare(reply) == 0) {
+ eapSelect->setCurrentItem(i);
+ break;
+ }
+ }
+ }
+
+ for (i = 0; i < 4; i++) {
+ QLineEdit *wepEdit;
+ switch (i) {
+ default:
+ case 0:
+ wepEdit = wep0Edit;
+ break;
+ case 1:
+ wepEdit = wep1Edit;
+ break;
+ case 2:
+ wepEdit = wep2Edit;
+ break;
+ case 3:
+ wepEdit = wep3Edit;
+ break;
+ }
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_key%d",
+ network_id, i);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ encr = 1;
+
+ wepEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ encr = 1;
+ wepEdit->setText(WPA_GUI_KEY_DATA);
+ }
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_tx_keyidx", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 1)
+ {
+ reply[reply_len] = '\0';
+ switch (atoi(reply)) {
+ case 0:
+ wep0Radio->setChecked(true);
+ break;
+ case 1:
+ wep1Radio->setChecked(true);
+ break;
+ case 2:
+ wep2Radio->setChecked(true);
+ break;
+ case 3:
+ wep3Radio->setChecked(true);
+ break;
+ }
+ }
+
+ authSelect->setCurrentItem(auth);
+ authChanged(auth);
+ encrSelect->setCurrentItem(encr);
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ wepEnabled(encr == 1);
+
+ removeButton->setEnabled(true);
+ addButton->setText("Save");
+}
+
+
+void NetworkConfig::removeNetwork()
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+
+ if (QMessageBox::information(this, "wpa_gui",
+ "This will permanently remove the "
+ "network\n"
+ "from the configuration. Do you really "
+ "want\n"
+ "to remove this network?", "Yes", "No")
+ != 0)
+ return;
+
+ snprintf(cmd, sizeof(cmd), "REMOVE_NETWORK %d", edit_network_id);
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (strncmp(reply, "OK", 2) != 0) {
+ QMessageBox::warning(this, "wpa_gui",
+ "Failed to remove network from "
+ "wpa_supplicant\n"
+ "configuration.");
+ } else {
+ wpagui->triggerUpdate();
+ wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
+ }
+
+ close();
+}
+
+
+void NetworkConfig::newNetwork()
+{
+ new_network = true;
+ getEapCapa();
+}
+
+
+void NetworkConfig::getEapCapa()
+{
+ char reply[256];
+ size_t reply_len;
+
+ if (wpagui == NULL)
+ return;
+
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest("GET_CAPABILITY eap", reply, &reply_len) < 0)
+ return;
+ reply[reply_len] = '\0';
+
+ QString res(reply);
+ QStringList types = QStringList::split(QChar(' '), res);
+ eapSelect->insertStringList(types);
+}
--- /dev/null
+/*
+ * wpa_gui - NetworkConfig class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef NETWORKCONFIG_H
+#define NETWORKCONFIG_H
+
+#include <QObject>
+#include "ui_networkconfig.h"
+
+class WpaGui;
+
+class NetworkConfig : public QDialog, public Ui::NetworkConfig
+{
+ Q_OBJECT
+
+public:
+ NetworkConfig(QWidget *parent = 0, const char *name = 0,
+ bool modal = false, Qt::WFlags fl = 0);
+ ~NetworkConfig();
+
+ virtual void paramsFromScanResults(Q3ListViewItem *sel);
+ virtual void setWpaGui(WpaGui *_wpagui);
+ virtual int setNetworkParam(int id, const char *field,
+ const char *value, bool quote);
+ virtual void paramsFromConfig(int network_id);
+ virtual void newNetwork();
+
+public slots:
+ virtual void authChanged(int sel);
+ virtual void addNetwork();
+ virtual void encrChanged(const QString &sel);
+ virtual void writeWepKey(int network_id, QLineEdit *edit, int id);
+ virtual void removeNetwork();
+
+protected slots:
+ virtual void languageChange();
+
+private:
+ WpaGui *wpagui;
+ int edit_network_id;
+ bool new_network;
+
+ virtual void wepEnabled(bool enabled);
+ virtual void getEapCapa();
+};
+
+#endif /* NETWORKCONFIG_H */
--- /dev/null
+<ui version="4.0" stdsetdef="1" >
+ <author></author>
+ <comment></comment>
+ <exportmacro></exportmacro>
+ <class>NetworkConfig</class>
+ <widget class="QDialog" name="NetworkConfig" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>380</width>
+ <height>413</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>NetworkConfig</string>
+ </property>
+ <layout class="QGridLayout" >
+ <item row="1" column="3" >
+ <widget class="QPushButton" name="cancelButton" >
+ <property name="text" >
+ <string>Cancel</string>
+ </property>
+ </widget>
+ </item>
+ <item rowspan="1" row="0" column="0" colspan="4" >
+ <widget class="QFrame" name="frame9" >
+ <property name="frameShape" >
+ <enum>StyledPanel</enum>
+ </property>
+ <property name="frameShadow" >
+ <enum>Raised</enum>
+ </property>
+ <layout class="QGridLayout" >
+ <item row="0" column="0" >
+ <widget class="QLabel" name="textLabel1" >
+ <property name="text" >
+ <string>SSID</string>
+ </property>
+ </widget>
+ </item>
+ <item row="0" column="1" >
+ <widget class="QLineEdit" name="ssidEdit" >
+ <property name="text" >
+ <string/>
+ </property>
+ <property name="toolTip" stdset="0" >
+ <string>Network name (Service Set IDentifier)</string>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="0" >
+ <widget class="QLabel" name="textLabel2" >
+ <property name="text" >
+ <string>Authentication</string>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="1" >
+ <widget class="QComboBox" name="authSelect" >
+ <item>
+ <property name="text" >
+ <string>Plaintext or static WEP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>IEEE 802.1X</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>WPA-Personal (PSK)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>WPA-Enterprise (EAP)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>WPA2-Personal (PSK)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>WPA2-Enterprise (EAP)</string>
+ </property>
+ </item>
+ </widget>
+ </item>
+ <item row="2" column="0" >
+ <widget class="QLabel" name="textLabel3" >
+ <property name="text" >
+ <string>Encryption</string>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="1" >
+ <widget class="QComboBox" name="encrSelect" >
+ <item>
+ <property name="text" >
+ <string>None</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>WEP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>TKIP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text" >
+ <string>CCMP</string>
+ </property>
+ </item>
+ </widget>
+ </item>
+ <item row="3" column="0" >
+ <widget class="QLabel" name="textLabel4" >
+ <property name="text" >
+ <string>PSK</string>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="1" >
+ <widget class="QLineEdit" name="pskEdit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="echoMode" >
+ <enum>QLineEdit::Password</enum>
+ </property>
+ <property name="toolTip" stdset="0" >
+ <string>WPA/WPA2 pre-shared key or passphrase</string>
+ </property>
+ <property name="whatsThis" stdset="0" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="4" column="0" >
+ <widget class="QLabel" name="textLabel5" >
+ <property name="text" >
+ <string>EAP method</string>
+ </property>
+ </widget>
+ </item>
+ <item row="4" column="1" >
+ <widget class="QComboBox" name="eapSelect" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ <item row="5" column="0" >
+ <widget class="QLabel" name="textLabel6" >
+ <property name="text" >
+ <string>Identity</string>
+ </property>
+ </widget>
+ </item>
+ <item row="5" column="1" >
+ <widget class="QLineEdit" name="identityEdit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="toolTip" stdset="0" >
+ <string>Username/Identity for EAP methods</string>
+ </property>
+ </widget>
+ </item>
+ <item row="6" column="0" >
+ <widget class="QLabel" name="textLabel7" >
+ <property name="text" >
+ <string>Password</string>
+ </property>
+ </widget>
+ </item>
+ <item row="6" column="1" >
+ <widget class="QLineEdit" name="passwordEdit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="echoMode" >
+ <enum>QLineEdit::Password</enum>
+ </property>
+ <property name="toolTip" stdset="0" >
+ <string>Password for EAP methods</string>
+ </property>
+ </widget>
+ </item>
+ <item row="7" column="0" >
+ <widget class="QLabel" name="textLabel1_2" >
+ <property name="text" >
+ <string>CA certificate</string>
+ </property>
+ </widget>
+ </item>
+ <item row="7" column="1" >
+ <widget class="QLineEdit" name="cacertEdit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ <item rowspan="1" row="8" column="0" colspan="2" >
+ <widget class="QGroupBox" name="buttonGroup1" >
+ <property name="enabled" >
+ <bool>true</bool>
+ </property>
+ <property name="title" >
+ <string>WEP keys</string>
+ </property>
+ <layout class="QGridLayout" >
+ <item row="0" column="0" >
+ <widget class="QRadioButton" name="wep0Radio" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="text" >
+ <string>key 0</string>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="0" >
+ <widget class="QRadioButton" name="wep1Radio" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="text" >
+ <string>key 1</string>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="0" >
+ <widget class="QRadioButton" name="wep3Radio" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="text" >
+ <string>key 3</string>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="0" >
+ <widget class="QRadioButton" name="wep2Radio" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="text" >
+ <string>key 2</string>
+ </property>
+ </widget>
+ </item>
+ <item row="0" column="1" >
+ <widget class="QLineEdit" name="wep0Edit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="1" >
+ <widget class="QLineEdit" name="wep1Edit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="1" >
+ <widget class="QLineEdit" name="wep2Edit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="1" >
+ <widget class="QLineEdit" name="wep3Edit" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ </item>
+ <item row="1" column="0" >
+ <spacer name="spacer5" >
+ <property name="sizeHint" >
+ <size>
+ <width>130</width>
+ <height>20</height>
+ </size>
+ </property>
+ <property name="sizeType" >
+ <enum>Expanding</enum>
+ </property>
+ <property name="orientation" >
+ <enum>Horizontal</enum>
+ </property>
+ </spacer>
+ </item>
+ <item row="1" column="1" >
+ <widget class="QPushButton" name="addButton" >
+ <property name="text" >
+ <string>Add</string>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="2" >
+ <widget class="QPushButton" name="removeButton" >
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="text" >
+ <string>Remove</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+ <tabstops>
+ <tabstop>ssidEdit</tabstop>
+ <tabstop>authSelect</tabstop>
+ <tabstop>encrSelect</tabstop>
+ <tabstop>pskEdit</tabstop>
+ <tabstop>eapSelect</tabstop>
+ <tabstop>identityEdit</tabstop>
+ <tabstop>passwordEdit</tabstop>
+ <tabstop>cacertEdit</tabstop>
+ <tabstop>wep0Radio</tabstop>
+ <tabstop>wep1Radio</tabstop>
+ <tabstop>wep2Radio</tabstop>
+ <tabstop>wep3Radio</tabstop>
+ <tabstop>wep0Edit</tabstop>
+ <tabstop>wep1Edit</tabstop>
+ <tabstop>wep2Edit</tabstop>
+ <tabstop>wep3Edit</tabstop>
+ <tabstop>addButton</tabstop>
+ <tabstop>removeButton</tabstop>
+ <tabstop>cancelButton</tabstop>
+ </tabstops>
+ <includes>
+ <include location="global" >q3listview.h</include>
+ </includes>
+</ui>
--- /dev/null
+/*
+ * wpa_gui - ScanResults class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <QTimer>
+
+#include "scanresults.h"
+#include "wpagui.h"
+#include "networkconfig.h"
+
+
+ScanResults::ScanResults(QWidget *parent, const char *, bool, Qt::WFlags)
+ : QDialog(parent)
+{
+ setupUi(this);
+
+ connect(closeButton, SIGNAL(clicked()), this, SLOT(close()));
+ connect(scanButton, SIGNAL(clicked()), this, SLOT(scanRequest()));
+ connect(scanResultsView, SIGNAL(doubleClicked(Q3ListViewItem *)), this,
+ SLOT(bssSelected(Q3ListViewItem *)));
+
+ wpagui = NULL;
+}
+
+
+ScanResults::~ScanResults()
+{
+ delete timer;
+}
+
+
+void ScanResults::languageChange()
+{
+ retranslateUi(this);
+}
+
+
+void ScanResults::setWpaGui(WpaGui *_wpagui)
+{
+ wpagui = _wpagui;
+ updateResults();
+
+ timer = new QTimer(this);
+ connect(timer, SIGNAL(timeout()), SLOT(getResults()));
+ timer->start(10000, FALSE);
+}
+
+
+void ScanResults::updateResults()
+{
+ char reply[8192];
+ size_t reply_len;
+
+ if (wpagui == NULL)
+ return;
+
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest("SCAN_RESULTS", reply, &reply_len) < 0)
+ return;
+ reply[reply_len] = '\0';
+
+ scanResultsView->clear();
+
+ QString res(reply);
+ QStringList lines = QStringList::split(QChar('\n'), res);
+ bool first = true;
+ for (QStringList::Iterator it = lines.begin(); it != lines.end(); it++)
+ {
+ if (first) {
+ first = false;
+ continue;
+ }
+
+ QStringList cols = QStringList::split(QChar('\t'), *it, true);
+ QString ssid, bssid, freq, signal, flags;
+ bssid = cols.count() > 0 ? cols[0] : "";
+ freq = cols.count() > 1 ? cols[1] : "";
+ signal = cols.count() > 2 ? cols[2] : "";
+ flags = cols.count() > 3 ? cols[3] : "";
+ ssid = cols.count() > 4 ? cols[4] : "";
+ new Q3ListViewItem(scanResultsView, ssid, bssid, freq, signal,
+ flags);
+ }
+}
+
+
+void ScanResults::scanRequest()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ if (wpagui == NULL)
+ return;
+
+ wpagui->ctrlRequest("SCAN", reply, &reply_len);
+}
+
+
+void ScanResults::getResults()
+{
+ updateResults();
+}
+
+
+void ScanResults::bssSelected( Q3ListViewItem * sel )
+{
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(wpagui);
+ nc->paramsFromScanResults(sel);
+ nc->show();
+ nc->exec();
+}
--- /dev/null
+/*
+ * wpa_gui - ScanResults class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef SCANRESULTS_H
+#define SCANRESULTS_H
+
+#include <QObject>
+#include "ui_scanresults.h"
+
+class WpaGui;
+
+class ScanResults : public QDialog, public Ui::ScanResults
+{
+ Q_OBJECT
+
+public:
+ ScanResults(QWidget *parent = 0, const char *name = 0,
+ bool modal = false, Qt::WFlags fl = 0);
+ ~ScanResults();
+
+public slots:
+ virtual void setWpaGui(WpaGui *_wpagui);
+ virtual void updateResults();
+ virtual void scanRequest();
+ virtual void getResults();
+ virtual void bssSelected(Q3ListViewItem *sel);
+
+protected slots:
+ virtual void languageChange();
+
+private:
+ WpaGui *wpagui;
+ QTimer *timer;
+};
+
+#endif /* SCANRESULTS_H */
--- /dev/null
+<ui version="4.0" stdsetdef="1" >
+ <author></author>
+ <comment></comment>
+ <exportmacro></exportmacro>
+ <class>ScanResults</class>
+ <widget class="QDialog" name="ScanResults" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>452</width>
+ <height>225</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>Scan results</string>
+ </property>
+ <layout class="QVBoxLayout" >
+ <item>
+ <widget class="Q3ListView" name="scanResultsView" >
+ <property name="frameShape" >
+ <enum>QFrame::StyledPanel</enum>
+ </property>
+ <property name="frameShadow" >
+ <enum>QFrame::Sunken</enum>
+ </property>
+ <column>
+ <property name="text" >
+ <string>SSID</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text" >
+ <string>BSSID</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text" >
+ <string>frequency</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text" >
+ <string>signal</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text" >
+ <string>flags</string>
+ </property>
+ <property name="clickable" >
+ <bool>true</bool>
+ </property>
+ <property name="resizable" >
+ <bool>true</bool>
+ </property>
+ </column>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" >
+ <property name="margin" >
+ <number>0</number>
+ </property>
+ <item>
+ <spacer name="spacer6" >
+ <property name="sizeHint" >
+ <size>
+ <width>50</width>
+ <height>20</height>
+ </size>
+ </property>
+ <property name="sizeType" >
+ <enum>Expanding</enum>
+ </property>
+ <property name="orientation" >
+ <enum>Horizontal</enum>
+ </property>
+ </spacer>
+ </item>
+ <item>
+ <widget class="QPushButton" name="scanButton" >
+ <property name="text" >
+ <string>Scan</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QPushButton" name="closeButton" >
+ <property name="text" >
+ <string>Close</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+</ui>
--- /dev/null
+#!/bin/sh
+
+# qmake seems to be forcing include and lib paths from the original build
+# and I have no idea how to change these. For now, just override the
+# directories in the Makefile.Release file after qmake run.
+
+qmake -spec /q/jm/qt4-win/4.0.0/mkspecs/win32-g++ wpa_gui.pro -o Makefile
+cat Makefile.Release |
+ sed s%qt4/lib%qt4-win/4.0.0/lib%g |
+ sed s%qt4/include%qt4-win/4.0.0/include%g > tmp.Makefile.Release &&
+mv -f tmp.Makefile.Release Makefile.Release
--- /dev/null
+/*
+ * wpa_gui - UserDataRequest class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "userdatarequest.h"
+#include "wpagui.h"
+#include "wpa_ctrl.h"
+
+
+UserDataRequest::UserDataRequest(QWidget *parent, const char *, bool,
+ Qt::WFlags)
+ : QDialog(parent)
+{
+ setupUi(this);
+
+ connect(buttonOk, SIGNAL(clicked()), this, SLOT(sendReply()));
+ connect(buttonCancel, SIGNAL(clicked()), this, SLOT(reject()));
+ connect(queryEdit, SIGNAL(returnPressed()), this, SLOT(sendReply()));
+}
+
+
+UserDataRequest::~UserDataRequest()
+{
+}
+
+
+void UserDataRequest::languageChange()
+{
+ retranslateUi(this);
+}
+
+
+int UserDataRequest::setParams(WpaGui *_wpagui, const char *reqMsg)
+{
+ char *tmp, *pos, *pos2;
+ wpagui = _wpagui;
+ tmp = strdup(reqMsg);
+ if (tmp == NULL)
+ return -1;
+ pos = strchr(tmp, '-');
+ if (pos == NULL) {
+ free(tmp);
+ return -1;
+ }
+ *pos++ = '\0';
+ field = tmp;
+ pos2 = strchr(pos, ':');
+ if (pos2 == NULL) {
+ free(tmp);
+ return -1;
+ }
+ *pos2++ = '\0';
+
+ networkid = atoi(pos);
+ queryInfo->setText(pos2);
+ if (strcmp(tmp, "PASSWORD") == 0) {
+ queryField->setText("Password: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else if (strcmp(tmp, "NEW_PASSWORD") == 0) {
+ queryField->setText("New password: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else if (strcmp(tmp, "IDENTITY") == 0)
+ queryField->setText("Identity: ");
+ else if (strcmp(tmp, "PASSPHRASE") == 0) {
+ queryField->setText("Private key passphrase: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else
+ queryField->setText(field + ":");
+ free(tmp);
+
+ return 0;
+}
+
+
+void UserDataRequest::sendReply()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ if (wpagui == NULL) {
+ reject();
+ return;
+ }
+
+ QString cmd = QString(WPA_CTRL_RSP) + field + '-' +
+ QString::number(networkid) + ':' +
+ queryEdit->text();
+ wpagui->ctrlRequest(cmd.ascii(), reply, &reply_len);
+ accept();
+}
--- /dev/null
+/*
+ * wpa_gui - UserDataRequest class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef USERDATAREQUEST_H
+#define USERDATAREQUEST_H
+
+#include <QObject>
+#include "ui_userdatarequest.h"
+
+class WpaGui;
+
+class UserDataRequest : public QDialog, public Ui::UserDataRequest
+{
+ Q_OBJECT
+
+public:
+ UserDataRequest(QWidget *parent = 0, const char *name = 0,
+ bool modal = false, Qt::WFlags fl = 0);
+ ~UserDataRequest();
+
+ int setParams(WpaGui *_wpagui, const char *reqMsg);
+
+public slots:
+ virtual void sendReply();
+
+protected slots:
+ virtual void languageChange();
+
+private:
+ WpaGui *wpagui;
+ int networkid;
+ QString field;
+};
+
+#endif /* USERDATAREQUEST_H */
--- /dev/null
+<ui version="4.0" stdsetdef="1" >
+ <author></author>
+ <comment></comment>
+ <exportmacro></exportmacro>
+ <class>UserDataRequest</class>
+ <widget class="QDialog" name="UserDataRequest" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>216</width>
+ <height>103</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>Authentication credentials required</string>
+ </property>
+ <property name="sizeGripEnabled" >
+ <bool>true</bool>
+ </property>
+ <layout class="QVBoxLayout" >
+ <item>
+ <widget class="QLabel" name="queryInfo" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" >
+ <property name="margin" >
+ <number>0</number>
+ </property>
+ <item>
+ <widget class="QLabel" name="queryField" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLineEdit" name="queryEdit" >
+ <property name="enabled" >
+ <bool>true</bool>
+ </property>
+ <property name="echoMode" >
+ <enum>QLineEdit::Password</enum>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" >
+ <property name="margin" >
+ <number>0</number>
+ </property>
+ <item>
+ <spacer name="spacer4" >
+ <property name="sizeHint" >
+ <size>
+ <width>20</width>
+ <height>20</height>
+ </size>
+ </property>
+ <property name="sizeType" >
+ <enum>Expanding</enum>
+ </property>
+ <property name="orientation" >
+ <enum>Horizontal</enum>
+ </property>
+ </spacer>
+ </item>
+ <item>
+ <widget class="QPushButton" name="buttonOk" >
+ <property name="text" >
+ <string>&OK</string>
+ </property>
+ <property name="shortcut" >
+ <string/>
+ </property>
+ <property name="autoDefault" >
+ <bool>true</bool>
+ </property>
+ <property name="default" >
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QPushButton" name="buttonCancel" >
+ <property name="text" >
+ <string>&Cancel</string>
+ </property>
+ <property name="shortcut" >
+ <string/>
+ </property>
+ <property name="autoDefault" >
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+</ui>
--- /dev/null
+TEMPLATE = app
+LANGUAGE = C++
+
+CONFIG += qt warn_on release
+
+DEFINES += CONFIG_CTRL_IFACE
+
+win32 {
+ LIBS += -lws2_32 -static
+ DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
+} else:win32-g++ {
+ # cross compilation to win32
+ LIBS += -lws2_32 -static
+ DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
+} else {
+ DEFINES += CONFIG_CTRL_IFACE_UNIX
+}
+
+INCLUDEPATH += . .. ../../hostapd
+
+HEADERS += wpamsg.h \
+ wpagui.h \
+ eventhistory.h \
+ scanresults.h \
+ userdatarequest.h \
+ networkconfig.h
+
+SOURCES += main.cpp \
+ wpagui.cpp \
+ eventhistory.cpp \
+ scanresults.cpp \
+ userdatarequest.cpp \
+ networkconfig.cpp \
+ ../wpa_ctrl.c
+
+FORMS = wpagui.ui \
+ eventhistory.ui \
+ scanresults.ui \
+ userdatarequest.ui \
+ networkconfig.ui
+
+
+unix {
+ UI_DIR = .ui
+ MOC_DIR = .moc
+ OBJECTS_DIR = .obj
+}
+
+# TODO: remove need for Qt3 support code
+QT += qt3support
--- /dev/null
+/*
+ * wpa_gui - WpaGui class
+ * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifdef __MINGW32__
+/* Need to get getopt() */
+#include <unistd.h>
+#endif
+
+#include <QMessageBox>
+
+#include "wpagui.h"
+#include "dirent.h"
+#include "wpa_ctrl.h"
+#include "userdatarequest.h"
+#include "networkconfig.h"
+
+WpaGui::WpaGui(QWidget *parent, const char *, Qt::WFlags)
+ : QMainWindow(parent)
+{
+ setupUi(this);
+
+ (void) statusBar();
+
+ connect(helpIndexAction, SIGNAL(activated()), this, SLOT(helpIndex()));
+ connect(helpContentsAction, SIGNAL(activated()), this,
+ SLOT(helpContents()));
+ connect(helpAboutAction, SIGNAL(activated()), this, SLOT(helpAbout()));
+ connect(fileExitAction, SIGNAL(activated()), this, SLOT(close()));
+ connect(disconnectButton, SIGNAL(clicked()), this, SLOT(disconnect()));
+ connect(scanButton, SIGNAL(clicked()), this, SLOT(scan()));
+ connect(connectButton, SIGNAL(clicked()), this, SLOT(connectB()));
+ connect(fileEventHistoryAction, SIGNAL(activated()), this,
+ SLOT(eventHistory()));
+ connect(networkSelect, SIGNAL(activated(const QString&)), this,
+ SLOT(selectNetwork(const QString&)));
+ connect(fileEdit_networkAction, SIGNAL(activated()), this,
+ SLOT(editNetwork()));
+ connect(fileAdd_NetworkAction, SIGNAL(activated()), this,
+ SLOT(addNetwork()));
+ connect(adapterSelect, SIGNAL(activated(const QString&)), this,
+ SLOT(selectAdapter(const QString&)));
+
+ eh = NULL;
+ scanres = NULL;
+ udr = NULL;
+ ctrl_iface = NULL;
+ ctrl_conn = NULL;
+ monitor_conn = NULL;
+ msgNotifier = NULL;
+ ctrl_iface_dir = strdup("/var/run/wpa_supplicant");
+
+ parse_argv();
+
+ textStatus->setText("connecting to wpa_supplicant");
+ timer = new QTimer(this);
+ connect(timer, SIGNAL(timeout()), SLOT(ping()));
+ timer->start(1000, FALSE);
+
+ if (openCtrlConnection(ctrl_iface) < 0) {
+ printf("Failed to open control connection to "
+ "wpa_supplicant.\n");
+ }
+
+ updateStatus();
+ networkMayHaveChanged = true;
+ updateNetworks();
+}
+
+
+WpaGui::~WpaGui()
+{
+ delete msgNotifier;
+
+ if (monitor_conn) {
+ wpa_ctrl_detach(monitor_conn);
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ }
+ if (ctrl_conn) {
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ }
+
+ if (eh) {
+ eh->close();
+ delete eh;
+ eh = NULL;
+ }
+
+ if (scanres) {
+ scanres->close();
+ delete scanres;
+ scanres = NULL;
+ }
+
+ if (udr) {
+ udr->close();
+ delete udr;
+ udr = NULL;
+ }
+
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+
+ free(ctrl_iface_dir);
+ ctrl_iface_dir = NULL;
+}
+
+
+void WpaGui::languageChange()
+{
+ retranslateUi(this);
+}
+
+
+void WpaGui::parse_argv()
+{
+ int c;
+ for (;;) {
+ c = getopt(qApp->argc(), qApp->argv(), "i:p:");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'i':
+ free(ctrl_iface);
+ ctrl_iface = strdup(optarg);
+ break;
+ case 'p':
+ free(ctrl_iface_dir);
+ ctrl_iface_dir = strdup(optarg);
+ break;
+ }
+ }
+}
+
+
+int WpaGui::openCtrlConnection(const char *ifname)
+{
+ char *cfile;
+ int flen;
+ char buf[2048], *pos, *pos2;
+ size_t len;
+
+ if (ifname) {
+ if (ifname != ctrl_iface) {
+ free(ctrl_iface);
+ ctrl_iface = strdup(ifname);
+ }
+ } else {
+#ifdef CONFIG_CTRL_IFACE_UDP
+ free(ctrl_iface);
+ ctrl_iface = strdup("udp");
+#endif /* CONFIG_CTRL_IFACE_UDP */
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ struct dirent *dent;
+ DIR *dir = opendir(ctrl_iface_dir);
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+ if (dir) {
+ while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+ /* Skip the file if it is not a socket.
+ * Also accept DT_UNKNOWN (0) in case
+ * the C library or underlying file
+ * system does not support d_type. */
+ if (dent->d_type != DT_SOCK &&
+ dent->d_type != DT_UNKNOWN)
+ continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+
+ if (strcmp(dent->d_name, ".") == 0 ||
+ strcmp(dent->d_name, "..") == 0)
+ continue;
+ printf("Selected interface '%s'\n",
+ dent->d_name);
+ ctrl_iface = strdup(dent->d_name);
+ break;
+ }
+ closedir(dir);
+ }
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ struct wpa_ctrl *ctrl;
+ int ret;
+
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+
+ ctrl = wpa_ctrl_open(NULL);
+ if (ctrl) {
+ len = sizeof(buf) - 1;
+ ret = wpa_ctrl_request(ctrl, "INTERFACES", 10, buf,
+ &len, NULL);
+ if (ret >= 0) {
+ buf[len] = '\0';
+ pos = strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ ctrl_iface = strdup(buf);
+ }
+ wpa_ctrl_close(ctrl);
+ }
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+ }
+
+ if (ctrl_iface == NULL)
+ return -1;
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ flen = strlen(ctrl_iface_dir) + strlen(ctrl_iface) + 2;
+ cfile = (char *) malloc(flen);
+ if (cfile == NULL)
+ return -1;
+ snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ctrl_iface);
+#else /* CONFIG_CTRL_IFACE_UNIX */
+ flen = strlen(ctrl_iface) + 1;
+ cfile = (char *) malloc(flen);
+ if (cfile == NULL)
+ return -1;
+ snprintf(cfile, flen, "%s", ctrl_iface);
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+
+ if (ctrl_conn) {
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ }
+
+ if (monitor_conn) {
+ delete msgNotifier;
+ msgNotifier = NULL;
+ wpa_ctrl_detach(monitor_conn);
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ }
+
+ printf("Trying to connect to '%s'\n", cfile);
+ ctrl_conn = wpa_ctrl_open(cfile);
+ if (ctrl_conn == NULL) {
+ free(cfile);
+ return -1;
+ }
+ monitor_conn = wpa_ctrl_open(cfile);
+ free(cfile);
+ if (monitor_conn == NULL) {
+ wpa_ctrl_close(ctrl_conn);
+ return -1;
+ }
+ if (wpa_ctrl_attach(monitor_conn)) {
+ printf("Failed to attach to wpa_supplicant\n");
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ return -1;
+ }
+
+#if defined(CONFIG_CTRL_IFACE_UNIX) || defined(CONFIG_CTRL_IFACE_UDP)
+ msgNotifier = new QSocketNotifier(wpa_ctrl_get_fd(monitor_conn),
+ QSocketNotifier::Read, this);
+ connect(msgNotifier, SIGNAL(activated(int)), SLOT(receiveMsgs()));
+#endif
+
+ adapterSelect->clear();
+ adapterSelect->insertItem(ctrl_iface);
+ adapterSelect->setCurrentItem(0);
+
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_request(ctrl_conn, "INTERFACES", 10, buf, &len, NULL) >=
+ 0) {
+ buf[len] = '\0';
+ pos = buf;
+ while (*pos) {
+ pos2 = strchr(pos, '\n');
+ if (pos2)
+ *pos2 = '\0';
+ if (strcmp(pos, ctrl_iface) != 0)
+ adapterSelect->insertItem(pos);
+ if (pos2)
+ pos = pos2 + 1;
+ else
+ break;
+ }
+ }
+
+ return 0;
+}
+
+
+static void wpa_gui_msg_cb(char *msg, size_t)
+{
+ /* This should not happen anymore since two control connections are
+ * used. */
+ printf("missed message: %s\n", msg);
+}
+
+
+int WpaGui::ctrlRequest(const char *cmd, char *buf, size_t *buflen)
+{
+ int ret;
+
+ if (ctrl_conn == NULL)
+ return -3;
+ ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), buf, buflen,
+ wpa_gui_msg_cb);
+ if (ret == -2)
+ printf("'%s' command timed out.\n", cmd);
+ else if (ret < 0)
+ printf("'%s' command failed.\n", cmd);
+
+ return ret;
+}
+
+
+void WpaGui::updateStatus()
+{
+ char buf[2048], *start, *end, *pos;
+ size_t len;
+
+ pingsToStatusUpdate = 10;
+
+ len = sizeof(buf) - 1;
+ if (ctrl_conn == NULL || ctrlRequest("STATUS", buf, &len) < 0) {
+ textStatus->setText("Could not get status from "
+ "wpa_supplicant");
+ textAuthentication->clear();
+ textEncryption->clear();
+ textSsid->clear();
+ textBssid->clear();
+ textIpAddress->clear();
+ return;
+ }
+
+ buf[len] = '\0';
+
+ bool auth_updated = false, ssid_updated = false;
+ bool bssid_updated = false, ipaddr_updated = false;
+ bool status_updated = false;
+ char *pairwise_cipher = NULL, *group_cipher = NULL;
+
+ start = buf;
+ while (*start) {
+ bool last = false;
+ end = strchr(start, '\n');
+ if (end == NULL) {
+ last = true;
+ end = start;
+ while (end[0] && end[1])
+ end++;
+ }
+ *end = '\0';
+
+ pos = strchr(start, '=');
+ if (pos) {
+ *pos++ = '\0';
+ if (strcmp(start, "bssid") == 0) {
+ bssid_updated = true;
+ textBssid->setText(pos);
+ } else if (strcmp(start, "ssid") == 0) {
+ ssid_updated = true;
+ textSsid->setText(pos);
+ } else if (strcmp(start, "ip_address") == 0) {
+ ipaddr_updated = true;
+ textIpAddress->setText(pos);
+ } else if (strcmp(start, "wpa_state") == 0) {
+ status_updated = true;
+ textStatus->setText(pos);
+ } else if (strcmp(start, "key_mgmt") == 0) {
+ auth_updated = true;
+ textAuthentication->setText(pos);
+ /* TODO: could add EAP status to this */
+ } else if (strcmp(start, "pairwise_cipher") == 0) {
+ pairwise_cipher = pos;
+ } else if (strcmp(start, "group_cipher") == 0) {
+ group_cipher = pos;
+ }
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+
+ if (pairwise_cipher || group_cipher) {
+ QString encr;
+ if (pairwise_cipher && group_cipher &&
+ strcmp(pairwise_cipher, group_cipher) != 0) {
+ encr.append(pairwise_cipher);
+ encr.append(" + ");
+ encr.append(group_cipher);
+ } else if (pairwise_cipher) {
+ encr.append(pairwise_cipher);
+ } else if (group_cipher) {
+ encr.append(group_cipher);
+ encr.append(" [group key only]");
+ } else {
+ encr.append("?");
+ }
+ textEncryption->setText(encr);
+ } else
+ textEncryption->clear();
+
+ if (!status_updated)
+ textStatus->clear();
+ if (!auth_updated)
+ textAuthentication->clear();
+ if (!ssid_updated)
+ textSsid->clear();
+ if (!bssid_updated)
+ textBssid->clear();
+ if (!ipaddr_updated)
+ textIpAddress->clear();
+}
+
+
+void WpaGui::updateNetworks()
+{
+ char buf[2048], *start, *end, *id, *ssid, *bssid, *flags;
+ size_t len;
+ int first_active = -1;
+ bool selected = false;
+
+ if (!networkMayHaveChanged)
+ return;
+
+ networkSelect->clear();
+
+ if (ctrl_conn == NULL)
+ return;
+
+ len = sizeof(buf) - 1;
+ if (ctrlRequest("LIST_NETWORKS", buf, &len) < 0)
+ return;
+
+ buf[len] = '\0';
+ start = strchr(buf, '\n');
+ if (start == NULL)
+ return;
+ start++;
+
+ while (*start) {
+ bool last = false;
+ end = strchr(start, '\n');
+ if (end == NULL) {
+ last = true;
+ end = start;
+ while (end[0] && end[1])
+ end++;
+ }
+ *end = '\0';
+
+ id = start;
+ ssid = strchr(id, '\t');
+ if (ssid == NULL)
+ break;
+ *ssid++ = '\0';
+ bssid = strchr(ssid, '\t');
+ if (bssid == NULL)
+ break;
+ *bssid++ = '\0';
+ flags = strchr(bssid, '\t');
+ if (flags == NULL)
+ break;
+ *flags++ = '\0';
+
+ QString network(id);
+ network.append(": ");
+ network.append(ssid);
+ networkSelect->insertItem(network);
+
+ if (strstr(flags, "[CURRENT]")) {
+ networkSelect->setCurrentItem(networkSelect->count() -
+ 1);
+ selected = true;
+ } else if (first_active < 0 &&
+ strstr(flags, "[DISABLED]") == NULL)
+ first_active = networkSelect->count() - 1;
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+
+ if (!selected && first_active >= 0)
+ networkSelect->setCurrentItem(first_active);
+
+ networkMayHaveChanged = false;
+}
+
+
+void WpaGui::helpIndex()
+{
+ printf("helpIndex\n");
+}
+
+
+void WpaGui::helpContents()
+{
+ printf("helpContents\n");
+}
+
+
+void WpaGui::helpAbout()
+{
+ QMessageBox::about(this, "wpa_gui for wpa_supplicant",
+ "Copyright (c) 2003-2008,\n"
+ "Jouni Malinen <j@w1.fi>\n"
+ "and contributors.\n"
+ "\n"
+ "This program is free software. You can\n"
+ "distribute it and/or modify it under the terms "
+ "of\n"
+ "the GNU General Public License version 2.\n"
+ "\n"
+ "Alternatively, this software may be distributed\n"
+ "under the terms of the BSD license.\n"
+ "\n"
+ "This product includes software developed\n"
+ "by the OpenSSL Project for use in the\n"
+ "OpenSSL Toolkit (http://www.openssl.org/)\n");
+}
+
+
+void WpaGui::disconnect()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+ ctrlRequest("DISCONNECT", reply, &reply_len);
+}
+
+
+void WpaGui::scan()
+{
+ if (scanres) {
+ scanres->close();
+ delete scanres;
+ }
+
+ scanres = new ScanResults();
+ if (scanres == NULL)
+ return;
+ scanres->setWpaGui(this);
+ scanres->show();
+ scanres->exec();
+}
+
+
+void WpaGui::eventHistory()
+{
+ if (eh) {
+ eh->close();
+ delete eh;
+ }
+
+ eh = new EventHistory();
+ if (eh == NULL)
+ return;
+ eh->addEvents(msgs);
+ eh->show();
+ eh->exec();
+}
+
+
+void WpaGui::ping()
+{
+ char buf[10];
+ size_t len;
+
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ /*
+ * QSocketNotifier cannot be used with Windows named pipes, so use a
+ * timer to check for received messages for now. This could be
+ * optimized be doing something specific to named pipes or Windows
+ * events, but it is not clear what would be the best way of doing that
+ * in Qt.
+ */
+ receiveMsgs();
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+
+ if (scanres && !scanres->isVisible()) {
+ delete scanres;
+ scanres = NULL;
+ }
+
+ if (eh && !eh->isVisible()) {
+ delete eh;
+ eh = NULL;
+ }
+
+ if (udr && !udr->isVisible()) {
+ delete udr;
+ udr = NULL;
+ }
+
+ len = sizeof(buf) - 1;
+ if (ctrlRequest("PING", buf, &len) < 0) {
+ printf("PING failed - trying to reconnect\n");
+ if (openCtrlConnection(ctrl_iface) >= 0) {
+ printf("Reconnected successfully\n");
+ pingsToStatusUpdate = 0;
+ }
+ }
+
+ pingsToStatusUpdate--;
+ if (pingsToStatusUpdate <= 0) {
+ updateStatus();
+ updateNetworks();
+ }
+}
+
+
+static int str_match(const char *a, const char *b)
+{
+ return strncmp(a, b, strlen(b)) == 0;
+}
+
+
+void WpaGui::processMsg(char *msg)
+{
+ char *pos = msg, *pos2;
+ int priority = 2;
+
+ if (*pos == '<') {
+ /* skip priority */
+ pos++;
+ priority = atoi(pos);
+ pos = strchr(pos, '>');
+ if (pos)
+ pos++;
+ else
+ pos = msg;
+ }
+
+ WpaMsg wm(pos, priority);
+ if (eh)
+ eh->addEvent(wm);
+ msgs.append(wm);
+ while (msgs.count() > 100)
+ msgs.pop_front();
+
+ /* Update last message with truncated version of the event */
+ if (strncmp(pos, "CTRL-", 5) == 0) {
+ pos2 = strchr(pos, str_match(pos, WPA_CTRL_REQ) ? ':' : ' ');
+ if (pos2)
+ pos2++;
+ else
+ pos2 = pos;
+ } else
+ pos2 = pos;
+ QString lastmsg = pos2;
+ lastmsg.truncate(40);
+ textLastMessage->setText(lastmsg);
+
+ pingsToStatusUpdate = 0;
+ networkMayHaveChanged = true;
+
+ if (str_match(pos, WPA_CTRL_REQ))
+ processCtrlReq(pos + strlen(WPA_CTRL_REQ));
+}
+
+
+void WpaGui::processCtrlReq(const char *req)
+{
+ if (udr) {
+ udr->close();
+ delete udr;
+ }
+ udr = new UserDataRequest();
+ if (udr == NULL)
+ return;
+ if (udr->setParams(this, req) < 0) {
+ delete udr;
+ udr = NULL;
+ return;
+ }
+ udr->show();
+ udr->exec();
+}
+
+
+void WpaGui::receiveMsgs()
+{
+ char buf[256];
+ size_t len;
+
+ while (monitor_conn && wpa_ctrl_pending(monitor_conn) > 0) {
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_recv(monitor_conn, buf, &len) == 0) {
+ buf[len] = '\0';
+ processMsg(buf);
+ }
+ }
+}
+
+
+void WpaGui::connectB()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+ ctrlRequest("REASSOCIATE", reply, &reply_len);
+}
+
+
+void WpaGui::selectNetwork( const QString &sel )
+{
+ QString cmd(sel);
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ int pos = cmd.find(':');
+ if (pos < 0) {
+ printf("Invalid selectNetwork '%s'\n", cmd.ascii());
+ return;
+ }
+ cmd.truncate(pos);
+ cmd.prepend("SELECT_NETWORK ");
+ ctrlRequest(cmd.ascii(), reply, &reply_len);
+}
+
+
+void WpaGui::editNetwork()
+{
+ QString sel(networkSelect->currentText());
+ int pos = sel.find(':');
+ if (pos < 0) {
+ printf("Invalid selectNetwork '%s'\n", sel.ascii());
+ return;
+ }
+ sel.truncate(pos);
+
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(this);
+
+ nc->paramsFromConfig(sel.toInt());
+ nc->show();
+ nc->exec();
+}
+
+
+void WpaGui::triggerUpdate()
+{
+ updateStatus();
+ networkMayHaveChanged = true;
+ updateNetworks();
+}
+
+
+void WpaGui::addNetwork()
+{
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(this);
+ nc->newNetwork();
+ nc->show();
+ nc->exec();
+}
+
+
+void WpaGui::selectAdapter( const QString & sel )
+{
+ if (openCtrlConnection(sel.ascii()) < 0)
+ printf("Failed to open control connection to "
+ "wpa_supplicant.\n");
+ updateStatus();
+ updateNetworks();
+}
--- /dev/null
+/*
+ * wpa_gui - WpaGui class
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPAGUI_H
+#define WPAGUI_H
+
+#include <QObject>
+#include "ui_wpagui.h"
+
+class UserDataRequest;
+
+
+class WpaGui : public QMainWindow, public Ui::WpaGui
+{
+ Q_OBJECT
+
+public:
+ WpaGui(QWidget *parent = 0, const char *name = 0,
+ Qt::WFlags fl = Qt::WType_TopLevel);
+ ~WpaGui();
+
+ virtual int ctrlRequest(const char *cmd, char *buf, size_t *buflen);
+ virtual void triggerUpdate();
+
+public slots:
+ virtual void parse_argv();
+ virtual void updateStatus();
+ virtual void updateNetworks();
+ virtual void helpIndex();
+ virtual void helpContents();
+ virtual void helpAbout();
+ virtual void disconnect();
+ virtual void scan();
+ virtual void eventHistory();
+ virtual void ping();
+ virtual void processMsg(char *msg);
+ virtual void processCtrlReq(const char *req);
+ virtual void receiveMsgs();
+ virtual void connectB();
+ virtual void selectNetwork(const QString &sel);
+ virtual void editNetwork();
+ virtual void addNetwork();
+ virtual void selectAdapter(const QString &sel);
+
+protected slots:
+ virtual void languageChange();
+
+private:
+ ScanResults *scanres;
+ bool networkMayHaveChanged;
+ char *ctrl_iface;
+ EventHistory *eh;
+ struct wpa_ctrl *ctrl_conn;
+ QSocketNotifier *msgNotifier;
+ QTimer *timer;
+ int pingsToStatusUpdate;
+ WpaMsgList msgs;
+ char *ctrl_iface_dir;
+ struct wpa_ctrl *monitor_conn;
+ UserDataRequest *udr;
+
+ int openCtrlConnection(const char *ifname);
+};
+
+#endif /* WPAGUI_H */
--- /dev/null
+<ui version="4.0" stdsetdef="1" >
+ <author></author>
+ <comment></comment>
+ <exportmacro></exportmacro>
+ <class>WpaGui</class>
+ <widget class="QMainWindow" name="WpaGui" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>279</width>
+ <height>308</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>wpa_gui</string>
+ </property>
+ <widget class="QWidget" >
+ <layout class="QGridLayout" >
+ <item rowspan="1" row="0" column="0" colspan="2" >
+ <widget class="QLabel" name="textLabel16" >
+ <property name="text" >
+ <string>Adapter:</string>
+ </property>
+ </widget>
+ </item>
+ <item rowspan="1" row="0" column="2" colspan="2" >
+ <widget class="QComboBox" name="adapterSelect" />
+ </item>
+ <item rowspan="1" row="1" column="0" colspan="2" >
+ <widget class="QLabel" name="textLabel8" >
+ <property name="text" >
+ <string>Network:</string>
+ </property>
+ </widget>
+ </item>
+ <item rowspan="1" row="1" column="2" colspan="2" >
+ <widget class="QComboBox" name="networkSelect" />
+ </item>
+ <item rowspan="1" row="2" column="0" colspan="4" >
+ <widget class="QFrame" name="frame3" >
+ <property name="frameShape" >
+ <enum>StyledPanel</enum>
+ </property>
+ <property name="frameShadow" >
+ <enum>Raised</enum>
+ </property>
+ <layout class="QGridLayout" >
+ <item row="0" column="0" >
+ <widget class="QLabel" name="textLabel1" >
+ <property name="text" >
+ <string>Status:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="0" >
+ <widget class="QLabel" name="textLabel2" >
+ <property name="text" >
+ <string>Last message:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="0" >
+ <widget class="QLabel" name="textLabel3" >
+ <property name="text" >
+ <string>Authentication:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="0" >
+ <widget class="QLabel" name="textLabel4" >
+ <property name="text" >
+ <string>Encryption:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="4" column="0" >
+ <widget class="QLabel" name="textLabel5" >
+ <property name="text" >
+ <string>SSID:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="5" column="0" >
+ <widget class="QLabel" name="textLabel6" >
+ <property name="text" >
+ <string>BSSID:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="6" column="0" >
+ <widget class="QLabel" name="textLabel7" >
+ <property name="text" >
+ <string>IP address:</string>
+ </property>
+ </widget>
+ </item>
+ <item row="0" column="1" >
+ <widget class="QLabel" name="textStatus" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item rowspan="1" row="1" column="1" colspan="3" >
+ <widget class="QLabel" name="textLastMessage" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="1" >
+ <widget class="QLabel" name="textAuthentication" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="1" >
+ <widget class="QLabel" name="textEncryption" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="4" column="1" >
+ <widget class="QLabel" name="textSsid" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="5" column="1" >
+ <widget class="QLabel" name="textBssid" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ <item row="6" column="1" >
+ <widget class="QLabel" name="textIpAddress" >
+ <property name="text" >
+ <string/>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ </item>
+ <item row="3" column="0" >
+ <spacer name="spacer7" >
+ <property name="sizeHint" >
+ <size>
+ <width>16</width>
+ <height>16</height>
+ </size>
+ </property>
+ <property name="sizeType" >
+ <enum>Expanding</enum>
+ </property>
+ <property name="orientation" >
+ <enum>Horizontal</enum>
+ </property>
+ </spacer>
+ </item>
+ <item row="3" column="1" >
+ <widget class="QPushButton" name="connectButton" >
+ <property name="text" >
+ <string>Connect</string>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="2" >
+ <widget class="QPushButton" name="disconnectButton" >
+ <property name="text" >
+ <string>Disconnect</string>
+ </property>
+ </widget>
+ </item>
+ <item row="3" column="3" >
+ <widget class="QPushButton" name="scanButton" >
+ <property name="text" >
+ <string>Scan</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <widget class="QMenuBar" name="MenuBar" >
+ <widget class="QMenu" name="fileMenu" >
+ <property name="title" >
+ <string>&File</string>
+ </property>
+ <addaction name="separator" />
+ <addaction name="fileEventHistoryAction" />
+ <addaction name="fileAdd_NetworkAction" />
+ <addaction name="fileEdit_networkAction" />
+ <addaction name="separator" />
+ <addaction name="fileExitAction" />
+ </widget>
+ <widget class="QMenu" name="helpMenu" >
+ <property name="title" >
+ <string>&Help</string>
+ </property>
+ <addaction name="helpContentsAction" />
+ <addaction name="helpIndexAction" />
+ <addaction name="separator" />
+ <addaction name="helpAboutAction" />
+ </widget>
+ <addaction name="fileMenu" />
+ <addaction name="helpMenu" />
+ </widget>
+ <action name="fileExitAction" >
+ <property name="name" >
+ <cstring>fileExitAction</cstring>
+ </property>
+ <property name="iconText" >
+ <string>Exit</string>
+ </property>
+ <property name="text" >
+ <string>E&xit</string>
+ </property>
+ <property name="shortcut" >
+ <string>Ctrl+Q</string>
+ </property>
+ </action>
+ <action name="helpContentsAction" >
+ <property name="name" >
+ <cstring>helpContentsAction</cstring>
+ </property>
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="iconText" >
+ <string>Contents</string>
+ </property>
+ <property name="text" >
+ <string>&Contents...</string>
+ </property>
+ <property name="shortcut" >
+ <string/>
+ </property>
+ </action>
+ <action name="helpIndexAction" >
+ <property name="name" >
+ <cstring>helpIndexAction</cstring>
+ </property>
+ <property name="enabled" >
+ <bool>false</bool>
+ </property>
+ <property name="iconText" >
+ <string>Index</string>
+ </property>
+ <property name="text" >
+ <string>&Index...</string>
+ </property>
+ <property name="shortcut" >
+ <string/>
+ </property>
+ </action>
+ <action name="helpAboutAction" >
+ <property name="name" >
+ <cstring>helpAboutAction</cstring>
+ </property>
+ <property name="iconText" >
+ <string>About</string>
+ </property>
+ <property name="text" >
+ <string>&About</string>
+ </property>
+ <property name="shortcut" >
+ <string/>
+ </property>
+ </action>
+ <action name="fileEventHistoryAction" >
+ <property name="name" >
+ <cstring>fileEventHistoryAction</cstring>
+ </property>
+ <property name="iconText" >
+ <string>Event History</string>
+ </property>
+ <property name="text" >
+ <string>Event &History</string>
+ </property>
+ </action>
+ <action name="fileAdd_NetworkAction" >
+ <property name="name" >
+ <cstring>fileAdd_NetworkAction</cstring>
+ </property>
+ <property name="iconText" >
+ <string>Add Network</string>
+ </property>
+ <property name="text" >
+ <string>&Add Network</string>
+ </property>
+ </action>
+ <action name="fileEdit_networkAction" >
+ <property name="name" >
+ <cstring>fileEdit_networkAction</cstring>
+ </property>
+ <property name="iconText" >
+ <string>Edit Network</string>
+ </property>
+ <property name="text" >
+ <string>&Edit Network</string>
+ </property>
+ </action>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+ <includes>
+ <include location="global" >qtimer.h</include>
+ <include location="global" >qsocketnotifier.h</include>
+ <include location="local" >wpamsg.h</include>
+ <include location="local" >eventhistory.h</include>
+ <include location="local" >scanresults.h</include>
+ </includes>
+</ui>
--- /dev/null
+/*
+ * wpa_gui - WpaMsg class for storing event messages
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPAMSG_H
+#define WPAMSG_H
+
+#include <QDateTime>
+#include <QLinkedList>
+
+class WpaMsg {
+public:
+ WpaMsg() {}
+ WpaMsg(const QString &_msg, int _priority = 2)
+ : msg(_msg), priority(_priority)
+ {
+ timestamp = QDateTime::currentDateTime();
+ }
+
+ QString getMsg() const { return msg; }
+ int getPriority() const { return priority; }
+ QDateTime getTimestamp() const { return timestamp; }
+
+private:
+ QString msg;
+ int priority;
+ QDateTime timestamp;
+};
+
+typedef QLinkedList<WpaMsg> WpaMsgList;
+
+#endif /* WPAMSG_H */
--- /dev/null
+.moc
+.obj
+.ui
+Makefile
+wpa_gui
--- /dev/null
+<!DOCTYPE UI><UI version="3.3" stdsetdef="1">
+<class>EventHistory</class>
+<widget class="QDialog">
+ <property name="name">
+ <cstring>EventHistory</cstring>
+ </property>
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>533</width>
+ <height>285</height>
+ </rect>
+ </property>
+ <property name="caption">
+ <string>Event history</string>
+ </property>
+ <vbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QListView">
+ <column>
+ <property name="text">
+ <string>Timestamp</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>Message</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <property name="name">
+ <cstring>eventListView</cstring>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>7</hsizetype>
+ <vsizetype>7</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="resizePolicy">
+ <enum>Manual</enum>
+ </property>
+ <property name="selectionMode">
+ <enum>NoSelection</enum>
+ </property>
+ <property name="resizeMode">
+ <enum>LastColumn</enum>
+ </property>
+ </widget>
+ <widget class="QLayoutWidget">
+ <property name="name">
+ <cstring>layout30</cstring>
+ </property>
+ <hbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <spacer>
+ <property name="name">
+ <cstring>spacer3</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>20</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ <widget class="QPushButton">
+ <property name="name">
+ <cstring>closeButton</cstring>
+ </property>
+ <property name="text">
+ <string>Close</string>
+ </property>
+ </widget>
+ </hbox>
+ </widget>
+ </vbox>
+</widget>
+<connections>
+ <connection>
+ <sender>closeButton</sender>
+ <signal>clicked()</signal>
+ <receiver>EventHistory</receiver>
+ <slot>close()</slot>
+ </connection>
+</connections>
+<includes>
+ <include location="local" impldecl="in declaration">wpamsg.h</include>
+ <include location="local" impldecl="in implementation">eventhistory.ui.h</include>
+</includes>
+<slots>
+ <slot>addEvents( WpaMsgList msgs )</slot>
+ <slot>addEvent( WpaMsg msg )</slot>
+</slots>
+<functions>
+ <function access="private" specifier="non virtual">init()</function>
+ <function access="private" specifier="non virtual">destroy()</function>
+</functions>
+<pixmapinproject/>
+<layoutdefaults spacing="6" margin="11"/>
+</UI>
--- /dev/null
+/****************************************************************************
+** ui.h extension file, included from the uic-generated form implementation.
+**
+** If you want to add, delete, or rename functions or slots, use
+** Qt Designer to update this file, preserving your code.
+**
+** You should not define a constructor or destructor in this file.
+** Instead, write your code in functions called init() and destroy().
+** These will automatically be called by the form's constructor and
+** destructor.
+*****************************************************************************/
+
+void EventHistory::init()
+{
+}
+
+
+void EventHistory::destroy()
+{
+}
+
+
+void EventHistory::addEvents(WpaMsgList msgs)
+{
+ WpaMsgList::iterator it;
+ for (it = msgs.begin(); it != msgs.end(); it++) {
+ addEvent(*it);
+ }
+}
+
+
+void EventHistory::addEvent(WpaMsg msg)
+{
+ Q3ListViewItem *item;
+ item = new Q3ListViewItem(eventListView,
+ msg.getTimestamp().toString("yyyy-MM-dd hh:mm:ss.zzz"),
+ msg.getMsg());
+ if (item == NULL)
+ return;
+ eventListView->setSelected(item, false);
+}
--- /dev/null
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+#include <qapplication.h>
+#include "wpagui.h"
+
+int main( int argc, char ** argv )
+{
+ QApplication a( argc, argv );
+ WpaGui w;
+ int ret;
+
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSADATA wsaData;
+ if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
+ printf("Could not find a usable WinSock.dll\n");
+ return -1;
+ }
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ w.show();
+ a.connect( &a, SIGNAL( lastWindowClosed() ), &a, SLOT( quit() ) );
+ ret = a.exec();
+
+#ifdef CONFIG_NATIVE_WINDOWS
+ WSACleanup();
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+ return ret;
+}
--- /dev/null
+<!DOCTYPE UI><UI version="3.3" stdsetdef="1">
+<class>NetworkConfig</class>
+<widget class="QDialog">
+ <property name="name">
+ <cstring>NetworkConfig</cstring>
+ </property>
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>380</width>
+ <height>413</height>
+ </rect>
+ </property>
+ <property name="caption">
+ <string>NetworkConfig</string>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QPushButton" row="1" column="3">
+ <property name="name">
+ <cstring>cancelButton</cstring>
+ </property>
+ <property name="text">
+ <string>Cancel</string>
+ </property>
+ </widget>
+ <widget class="QFrame" row="0" column="0" rowspan="1" colspan="4">
+ <property name="name">
+ <cstring>frame9</cstring>
+ </property>
+ <property name="frameShape">
+ <enum>StyledPanel</enum>
+ </property>
+ <property name="frameShadow">
+ <enum>Raised</enum>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QLabel" row="0" column="0">
+ <property name="name">
+ <cstring>textLabel1</cstring>
+ </property>
+ <property name="text">
+ <string>SSID</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="0" column="1">
+ <property name="name">
+ <cstring>ssidEdit</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ <property name="toolTip" stdset="0">
+ <string>Network name (Service Set IDentifier)</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="1" column="0">
+ <property name="name">
+ <cstring>textLabel2</cstring>
+ </property>
+ <property name="text">
+ <string>Authentication</string>
+ </property>
+ </widget>
+ <widget class="QComboBox" row="1" column="1">
+ <item>
+ <property name="text">
+ <string>Plaintext or static WEP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>IEEE 802.1X</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>WPA-Personal (PSK)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>WPA-Enterprise (EAP)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>WPA2-Personal (PSK)</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>WPA2-Enterprise (EAP)</string>
+ </property>
+ </item>
+ <property name="name">
+ <cstring>authSelect</cstring>
+ </property>
+ </widget>
+ <widget class="QLabel" row="2" column="0">
+ <property name="name">
+ <cstring>textLabel3</cstring>
+ </property>
+ <property name="text">
+ <string>Encryption</string>
+ </property>
+ </widget>
+ <widget class="QComboBox" row="2" column="1">
+ <item>
+ <property name="text">
+ <string>None</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>WEP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>TKIP</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>CCMP</string>
+ </property>
+ </item>
+ <property name="name">
+ <cstring>encrSelect</cstring>
+ </property>
+ </widget>
+ <widget class="QLabel" row="3" column="0">
+ <property name="name">
+ <cstring>textLabel4</cstring>
+ </property>
+ <property name="text">
+ <string>PSK</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="3" column="1">
+ <property name="name">
+ <cstring>pskEdit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="echoMode">
+ <enum>Password</enum>
+ </property>
+ <property name="toolTip" stdset="0">
+ <string>WPA/WPA2 pre-shared key or passphrase</string>
+ </property>
+ <property name="whatsThis" stdset="0">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="4" column="0">
+ <property name="name">
+ <cstring>textLabel5</cstring>
+ </property>
+ <property name="text">
+ <string>EAP method</string>
+ </property>
+ </widget>
+ <widget class="QComboBox" row="4" column="1">
+ <property name="name">
+ <cstring>eapSelect</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ <widget class="QLabel" row="5" column="0">
+ <property name="name">
+ <cstring>textLabel6</cstring>
+ </property>
+ <property name="text">
+ <string>Identity</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="5" column="1">
+ <property name="name">
+ <cstring>identityEdit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="toolTip" stdset="0">
+ <string>Username/Identity for EAP methods</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="6" column="0">
+ <property name="name">
+ <cstring>textLabel7</cstring>
+ </property>
+ <property name="text">
+ <string>Password</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="6" column="1">
+ <property name="name">
+ <cstring>passwordEdit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="echoMode">
+ <enum>Password</enum>
+ </property>
+ <property name="toolTip" stdset="0">
+ <string>Password for EAP methods</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="7" column="0">
+ <property name="name">
+ <cstring>textLabel1_2</cstring>
+ </property>
+ <property name="text">
+ <string>CA certificate</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="7" column="1">
+ <property name="name">
+ <cstring>cacertEdit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ <widget class="QButtonGroup" row="8" column="0" rowspan="1" colspan="2">
+ <property name="name">
+ <cstring>buttonGroup1</cstring>
+ </property>
+ <property name="enabled">
+ <bool>true</bool>
+ </property>
+ <property name="title">
+ <string>WEP keys</string>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QRadioButton" row="0" column="0">
+ <property name="name">
+ <cstring>wep0Radio</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>key 0</string>
+ </property>
+ </widget>
+ <widget class="QRadioButton" row="1" column="0">
+ <property name="name">
+ <cstring>wep1Radio</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>key 1</string>
+ </property>
+ </widget>
+ <widget class="QRadioButton" row="3" column="0">
+ <property name="name">
+ <cstring>wep3Radio</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>key 3</string>
+ </property>
+ </widget>
+ <widget class="QRadioButton" row="2" column="0">
+ <property name="name">
+ <cstring>wep2Radio</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>key 2</string>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="0" column="1">
+ <property name="name">
+ <cstring>wep0Edit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="1" column="1">
+ <property name="name">
+ <cstring>wep1Edit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="2" column="1">
+ <property name="name">
+ <cstring>wep2Edit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ <widget class="QLineEdit" row="3" column="1">
+ <property name="name">
+ <cstring>wep3Edit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ </widget>
+ </grid>
+ </widget>
+ </grid>
+ </widget>
+ <spacer row="1" column="0">
+ <property name="name">
+ <cstring>spacer5</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>130</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ <widget class="QPushButton" row="1" column="1">
+ <property name="name">
+ <cstring>addButton</cstring>
+ </property>
+ <property name="text">
+ <string>Add</string>
+ </property>
+ </widget>
+ <widget class="QPushButton" row="1" column="2">
+ <property name="name">
+ <cstring>removeButton</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Remove</string>
+ </property>
+ </widget>
+ </grid>
+</widget>
+<connections>
+ <connection>
+ <sender>authSelect</sender>
+ <signal>activated(int)</signal>
+ <receiver>NetworkConfig</receiver>
+ <slot>authChanged(int)</slot>
+ </connection>
+ <connection>
+ <sender>cancelButton</sender>
+ <signal>clicked()</signal>
+ <receiver>NetworkConfig</receiver>
+ <slot>close()</slot>
+ </connection>
+ <connection>
+ <sender>addButton</sender>
+ <signal>clicked()</signal>
+ <receiver>NetworkConfig</receiver>
+ <slot>addNetwork()</slot>
+ </connection>
+ <connection>
+ <sender>encrSelect</sender>
+ <signal>activated(const QString&)</signal>
+ <receiver>NetworkConfig</receiver>
+ <slot>encrChanged(const QString&)</slot>
+ </connection>
+ <connection>
+ <sender>removeButton</sender>
+ <signal>clicked()</signal>
+ <receiver>NetworkConfig</receiver>
+ <slot>removeNetwork()</slot>
+ </connection>
+</connections>
+<tabstops>
+ <tabstop>ssidEdit</tabstop>
+ <tabstop>authSelect</tabstop>
+ <tabstop>encrSelect</tabstop>
+ <tabstop>pskEdit</tabstop>
+ <tabstop>eapSelect</tabstop>
+ <tabstop>identityEdit</tabstop>
+ <tabstop>passwordEdit</tabstop>
+ <tabstop>cacertEdit</tabstop>
+ <tabstop>wep0Radio</tabstop>
+ <tabstop>wep1Radio</tabstop>
+ <tabstop>wep2Radio</tabstop>
+ <tabstop>wep3Radio</tabstop>
+ <tabstop>wep0Edit</tabstop>
+ <tabstop>wep1Edit</tabstop>
+ <tabstop>wep2Edit</tabstop>
+ <tabstop>wep3Edit</tabstop>
+ <tabstop>addButton</tabstop>
+ <tabstop>removeButton</tabstop>
+ <tabstop>cancelButton</tabstop>
+</tabstops>
+<includes>
+ <include location="global" impldecl="in declaration">qlistview.h</include>
+ <include location="global" impldecl="in implementation">qmessagebox.h</include>
+ <include location="local" impldecl="in implementation">wpagui.h</include>
+ <include location="local" impldecl="in implementation">networkconfig.ui.h</include>
+</includes>
+<forwards>
+ <forward>class WpaGui;</forward>
+</forwards>
+<variables>
+ <variable access="private">WpaGui *wpagui;</variable>
+ <variable access="private">int edit_network_id;</variable>
+ <variable access="private">bool new_network;</variable>
+</variables>
+<slots>
+ <slot>authChanged( int sel )</slot>
+ <slot>addNetwork()</slot>
+ <slot>encrChanged( const QString & sel )</slot>
+ <slot>writeWepKey( int network_id, QLineEdit * edit, int id )</slot>
+ <slot>removeNetwork()</slot>
+</slots>
+<functions>
+ <function access="private" specifier="non virtual">init()</function>
+ <function>paramsFromScanResults( QListViewItem * sel )</function>
+ <function>setWpaGui( WpaGui * _wpagui )</function>
+ <function returnType="int">setNetworkParam( int id, const char * field, const char * value, bool quote )</function>
+ <function access="private">wepEnabled( bool enabled )</function>
+ <function>paramsFromConfig( int network_id )</function>
+ <function>newNetwork()</function>
+ <function access="private">getEapCapa()</function>
+</functions>
+<pixmapinproject/>
+<layoutdefaults spacing="6" margin="11"/>
+</UI>
--- /dev/null
+/****************************************************************************
+** ui.h extension file, included from the uic-generated form implementation.
+**
+** If you want to add, delete, or rename functions or slots, use
+** Qt Designer to update this file, preserving your code.
+**
+** You should not define a constructor or destructor in this file.
+** Instead, write your code in functions called init() and destroy().
+** These will automatically be called by the form's constructor and
+** destructor.
+*****************************************************************************/
+
+
+enum {
+ AUTH_NONE = 0,
+ AUTH_IEEE8021X = 1,
+ AUTH_WPA_PSK = 2,
+ AUTH_WPA_EAP = 3,
+ AUTH_WPA2_PSK = 4,
+ AUTH_WPA2_EAP = 5
+};
+
+#define WPA_GUI_KEY_DATA "[key is configured]"
+
+void NetworkConfig::init()
+{
+ wpagui = NULL;
+ new_network = false;
+}
+
+void NetworkConfig::paramsFromScanResults(Q3ListViewItem *sel)
+{
+ new_network = true;
+
+ /* SSID BSSID frequency signal flags */
+ setCaption(sel->text(0));
+ ssidEdit->setText(sel->text(0));
+
+ QString flags = sel->text(4);
+ int auth, encr = 0;
+ if (flags.find("[WPA2-EAP") >= 0)
+ auth = AUTH_WPA2_EAP;
+ else if (flags.find("[WPA-EAP") >= 0)
+ auth = AUTH_WPA_EAP;
+ else if (flags.find("[WPA2-PSK") >= 0)
+ auth = AUTH_WPA2_PSK;
+ else if (flags.find("[WPA-PSK") >= 0)
+ auth = AUTH_WPA_PSK;
+ else
+ auth = AUTH_NONE;
+
+ if (flags.find("-CCMP") >= 0)
+ encr = 1;
+ else if (flags.find("-TKIP") >= 0)
+ encr = 0;
+ else if (flags.find("WEP") >= 0)
+ encr = 1;
+ else
+ encr = 0;
+
+ authSelect->setCurrentItem(auth);
+ authChanged(auth);
+ encrSelect->setCurrentItem(encr);
+
+ getEapCapa();
+}
+
+
+void NetworkConfig::authChanged(int sel)
+{
+ pskEdit->setEnabled(sel == AUTH_WPA_PSK || sel == AUTH_WPA2_PSK);
+ bool eap = sel == AUTH_IEEE8021X || sel == AUTH_WPA_EAP ||
+ sel == AUTH_WPA2_EAP;
+ eapSelect->setEnabled(eap);
+ identityEdit->setEnabled(eap);
+ passwordEdit->setEnabled(eap);
+ cacertEdit->setEnabled(eap);
+
+ while (encrSelect->count())
+ encrSelect->removeItem(0);
+
+ if (sel == AUTH_NONE || sel == AUTH_IEEE8021X) {
+ encrSelect->insertItem("None");
+ encrSelect->insertItem("WEP");
+ encrSelect->setCurrentItem(sel == AUTH_NONE ? 0 : 1);
+ } else {
+ encrSelect->insertItem("TKIP");
+ encrSelect->insertItem("CCMP");
+ encrSelect->setCurrentItem((sel == AUTH_WPA2_PSK ||
+ sel == AUTH_WPA2_EAP) ? 1 : 0);
+ }
+
+ wepEnabled(sel == AUTH_IEEE8021X);
+}
+
+
+void NetworkConfig::addNetwork()
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+ int id;
+ int psklen = pskEdit->text().length();
+ int auth = authSelect->currentItem();
+
+ if (auth == AUTH_WPA_PSK || auth == AUTH_WPA2_PSK) {
+ if (psklen < 8 || psklen > 64) {
+ QMessageBox::warning(this, "wpa_gui", "WPA-PSK requires a passphrase "
+ "of 8 to 63 characters\n"
+ "or 64 hex digit PSK");
+ return;
+ }
+ }
+
+ if (wpagui == NULL)
+ return;
+
+ memset(reply, 0, sizeof(reply));
+ reply_len = sizeof(reply) - 1;
+
+ if (new_network) {
+ wpagui->ctrlRequest("ADD_NETWORK", reply, &reply_len);
+ if (reply[0] == 'F') {
+ QMessageBox::warning(this, "wpa_gui", "Failed to add network to wpa_supplicant\n"
+ "configuration.");
+ return;
+ }
+ id = atoi(reply);
+ } else {
+ id = edit_network_id;
+ }
+
+ setNetworkParam(id, "ssid", ssidEdit->text().ascii(), true);
+
+ const char *key_mgmt = NULL, *proto = NULL, *pairwise = NULL;
+ switch (auth) {
+ case AUTH_NONE:
+ key_mgmt = "NONE";
+ break;
+ case AUTH_IEEE8021X:
+ key_mgmt = "IEEE8021X";
+ break;
+ case AUTH_WPA_PSK:
+ key_mgmt = "WPA-PSK";
+ proto = "WPA";
+ break;
+ case AUTH_WPA_EAP:
+ key_mgmt = "WPA-EAP";
+ proto = "WPA";
+ break;
+ case AUTH_WPA2_PSK:
+ key_mgmt = "WPA-PSK";
+ proto = "WPA2";
+ break;
+ case AUTH_WPA2_EAP:
+ key_mgmt = "WPA-EAP";
+ proto = "WPA2";
+ break;
+ }
+
+ if (auth == AUTH_WPA_PSK || auth == AUTH_WPA_EAP ||
+ auth == AUTH_WPA2_PSK || auth == AUTH_WPA2_EAP) {
+ int encr = encrSelect->currentItem();
+ if (encr == 0)
+ pairwise = "TKIP";
+ else
+ pairwise = "CCMP";
+ }
+
+ if (proto)
+ setNetworkParam(id, "proto", proto, false);
+ if (key_mgmt)
+ setNetworkParam(id, "key_mgmt", key_mgmt, false);
+ if (pairwise) {
+ setNetworkParam(id, "pairwise", pairwise, false);
+ setNetworkParam(id, "group", "TKIP CCMP WEP104 WEP40", false);
+ }
+ if (pskEdit->isEnabled() &&
+ strcmp(passwordEdit->text().ascii(), WPA_GUI_KEY_DATA) != 0)
+ setNetworkParam(id, "psk", pskEdit->text().ascii(), psklen != 64);
+ if (eapSelect->isEnabled())
+ setNetworkParam(id, "eap", eapSelect->currentText().ascii(), false);
+ if (identityEdit->isEnabled())
+ setNetworkParam(id, "identity", identityEdit->text().ascii(), true);
+ if (passwordEdit->isEnabled() &&
+ strcmp(passwordEdit->text().ascii(), WPA_GUI_KEY_DATA) != 0)
+ setNetworkParam(id, "password", passwordEdit->text().ascii(), true);
+ if (cacertEdit->isEnabled())
+ setNetworkParam(id, "ca_cert", cacertEdit->text().ascii(), true);
+ writeWepKey(id, wep0Edit, 0);
+ writeWepKey(id, wep1Edit, 1);
+ writeWepKey(id, wep2Edit, 2);
+ writeWepKey(id, wep3Edit, 3);
+
+ if (wep0Radio->isEnabled() && wep0Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "0", false);
+ else if (wep1Radio->isEnabled() && wep1Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "1", false);
+ else if (wep2Radio->isEnabled() && wep2Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "2", false);
+ else if (wep3Radio->isEnabled() && wep3Radio->isChecked())
+ setNetworkParam(id, "wep_tx_keyidx", "3", false);
+
+ snprintf(cmd, sizeof(cmd), "ENABLE_NETWORK %d", id);
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (strncmp(reply, "OK", 2) != 0) {
+ QMessageBox::warning(this, "wpa_gui", "Failed to enable network in wpa_supplicant\n"
+ "configuration.");
+ /* Network was added, so continue anyway */
+ }
+ wpagui->triggerUpdate();
+ wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
+
+ close();
+}
+
+
+void NetworkConfig::setWpaGui( WpaGui *_wpagui )
+{
+ wpagui = _wpagui;
+}
+
+
+int NetworkConfig::setNetworkParam(int id, const char *field, const char *value, bool quote)
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+ snprintf(cmd, sizeof(cmd), "SET_NETWORK %d %s %s%s%s",
+ id, field, quote ? "\"" : "", value, quote ? "\"" : "");
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ return strncmp(reply, "OK", 2) == 0 ? 0 : -1;
+}
+
+
+void NetworkConfig::encrChanged( const QString &sel )
+{
+ wepEnabled(sel.find("WEP") == 0);
+}
+
+
+void NetworkConfig::wepEnabled( bool enabled )
+{
+ wep0Edit->setEnabled(enabled);
+ wep1Edit->setEnabled(enabled);
+ wep2Edit->setEnabled(enabled);
+ wep3Edit->setEnabled(enabled);
+ wep0Radio->setEnabled(enabled);
+ wep1Radio->setEnabled(enabled);
+ wep2Radio->setEnabled(enabled);
+ wep3Radio->setEnabled(enabled);
+}
+
+
+void NetworkConfig::writeWepKey( int network_id, QLineEdit *edit, int id )
+{
+ char buf[10];
+ bool hex;
+ const char *txt, *pos;
+ size_t len;
+
+ if (!edit->isEnabled() || edit->text().isEmpty())
+ return;
+
+ /*
+ * Assume hex key if only hex characters are present and length matches
+ * with 40, 104, or 128-bit key
+ */
+ txt = edit->text().ascii();
+ if (strcmp(txt, WPA_GUI_KEY_DATA) == 0)
+ return;
+ len = strlen(txt);
+ if (len == 0)
+ return;
+ pos = txt;
+ hex = true;
+ while (*pos) {
+ if (!((*pos >= '0' && *pos <= '9') || (*pos >= 'a' && *pos <= 'f') ||
+ (*pos >= 'A' && *pos <= 'F'))) {
+ hex = false;
+ break;
+ }
+ pos++;
+ }
+ if (hex && len != 10 && len != 26 && len != 32)
+ hex = false;
+ snprintf(buf, sizeof(buf), "wep_key%d", id);
+ setNetworkParam(network_id, buf, txt, !hex);
+}
+
+
+static int key_value_isset(const char *reply, size_t reply_len)
+{
+ return reply_len > 0 && (reply_len < 4 || memcmp(reply, "FAIL", 4) != 0);
+}
+
+
+void NetworkConfig::paramsFromConfig( int network_id )
+{
+ int i, res;
+
+ edit_network_id = network_id;
+ getEapCapa();
+
+ char reply[1024], cmd[256], *pos;
+ size_t reply_len;
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ssid", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 2 &&
+ reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ ssidEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d proto", network_id);
+ reply_len = sizeof(reply) - 1;
+ int wpa = 0;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "RSN") || strstr(reply, "WPA2"))
+ wpa = 2;
+ else if (strstr(reply, "WPA"))
+ wpa = 1;
+ }
+
+ int auth = AUTH_NONE, encr = 0;
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d key_mgmt", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "WPA-EAP"))
+ auth = wpa & 2 ? AUTH_WPA2_EAP : AUTH_WPA_EAP;
+ else if (strstr(reply, "WPA-PSK"))
+ auth = wpa & 2 ? AUTH_WPA2_PSK : AUTH_WPA_PSK;
+ else if (strstr(reply, "IEEE8021X")) {
+ auth = AUTH_IEEE8021X;
+ encr = 1;
+ }
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d pairwise", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
+ reply[reply_len] = '\0';
+ if (strstr(reply, "CCMP"))
+ encr = 1;
+ else if (strstr(reply, "TKIP"))
+ encr = 0;
+ else if (strstr(reply, "WEP"))
+ encr = 1;
+ else
+ encr = 0;
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d psk", network_id);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ pskEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ pskEdit->setText(WPA_GUI_KEY_DATA);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d identity", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 2 &&
+ reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ identityEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d password", network_id);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 &&
+ reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ passwordEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ passwordEdit->setText(WPA_GUI_KEY_DATA);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ca_cert", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 2 &&
+ reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ cacertEdit->setText(reply + 1);
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d eap", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 1) {
+ reply[reply_len] = '\0';
+ for (i = 0; i < eapSelect->count(); i++) {
+ if (eapSelect->text(i).compare(reply) == 0) {
+ eapSelect->setCurrentItem(i);
+ break;
+ }
+ }
+ }
+
+ for (i = 0; i < 4; i++) {
+ QLineEdit *wepEdit;
+ switch (i) {
+ default:
+ case 0:
+ wepEdit = wep0Edit;
+ break;
+ case 1:
+ wepEdit = wep1Edit;
+ break;
+ case 2:
+ wepEdit = wep2Edit;
+ break;
+ case 3:
+ wepEdit = wep3Edit;
+ break;
+ }
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_key%d", network_id, i);
+ reply_len = sizeof(reply) - 1;
+ res = wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
+ reply[reply_len] = '\0';
+ pos = strchr(reply + 1, '"');
+ if (pos)
+ *pos = '\0';
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ encr = 1;
+
+ wepEdit->setText(reply + 1);
+ } else if (res >= 0 && key_value_isset(reply, reply_len)) {
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ encr = 1;
+ wepEdit->setText(WPA_GUI_KEY_DATA);
+ }
+ }
+
+ snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_tx_keyidx", network_id);
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 1) {
+ reply[reply_len] = '\0';
+ switch (atoi(reply)) {
+ case 0:
+ wep0Radio->setChecked(true);
+ break;
+ case 1:
+ wep1Radio->setChecked(true);
+ break;
+ case 2:
+ wep2Radio->setChecked(true);
+ break;
+ case 3:
+ wep3Radio->setChecked(true);
+ break;
+ }
+ }
+
+ authSelect->setCurrentItem(auth);
+ authChanged(auth);
+ encrSelect->setCurrentItem(encr);
+ if (auth == AUTH_NONE || auth == AUTH_IEEE8021X)
+ wepEnabled(encr == 1);
+
+ removeButton->setEnabled(true);
+ addButton->setText("Save");
+}
+
+
+void NetworkConfig::removeNetwork()
+{
+ char reply[10], cmd[256];
+ size_t reply_len;
+
+ if (QMessageBox::information(this, "wpa_gui",
+ "This will permanently remove the network\n"
+ "from the configuration. Do you really want\n"
+ "to remove this network?", "Yes", "No") != 0)
+ return;
+
+ snprintf(cmd, sizeof(cmd), "REMOVE_NETWORK %d", edit_network_id);
+ reply_len = sizeof(reply);
+ wpagui->ctrlRequest(cmd, reply, &reply_len);
+ if (strncmp(reply, "OK", 2) != 0) {
+ QMessageBox::warning(this, "wpa_gui",
+ "Failed to remove network from wpa_supplicant\n"
+ "configuration.");
+ } else {
+ wpagui->triggerUpdate();
+ wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
+ }
+
+ close();
+}
+
+
+void NetworkConfig::newNetwork()
+{
+ new_network = true;
+ getEapCapa();
+}
+
+
+void NetworkConfig::getEapCapa()
+{
+ char reply[256];
+ size_t reply_len;
+
+ if (wpagui == NULL)
+ return;
+
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest("GET_CAPABILITY eap", reply, &reply_len) < 0)
+ return;
+ reply[reply_len] = '\0';
+
+ QString res(reply);
+ QStringList types = QStringList::split(QChar(' '), res);
+ eapSelect->insertStringList(types);
+}
--- /dev/null
+<!DOCTYPE UI><UI version="3.3" stdsetdef="1">
+<class>ScanResults</class>
+<widget class="QDialog">
+ <property name="name">
+ <cstring>ScanResults</cstring>
+ </property>
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>452</width>
+ <height>225</height>
+ </rect>
+ </property>
+ <property name="caption">
+ <string>Scan results</string>
+ </property>
+ <vbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QListView">
+ <column>
+ <property name="text">
+ <string>SSID</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>BSSID</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>frequency</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>signal</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>flags</string>
+ </property>
+ <property name="clickable">
+ <bool>true</bool>
+ </property>
+ <property name="resizable">
+ <bool>true</bool>
+ </property>
+ </column>
+ <property name="name">
+ <cstring>scanResultsView</cstring>
+ </property>
+ <property name="frameShape">
+ <enum>StyledPanel</enum>
+ </property>
+ <property name="frameShadow">
+ <enum>Sunken</enum>
+ </property>
+ </widget>
+ <widget class="QLayoutWidget">
+ <property name="name">
+ <cstring>layout24</cstring>
+ </property>
+ <hbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <spacer>
+ <property name="name">
+ <cstring>spacer6</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>50</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ <widget class="QPushButton">
+ <property name="name">
+ <cstring>scanButton</cstring>
+ </property>
+ <property name="text">
+ <string>Scan</string>
+ </property>
+ </widget>
+ <widget class="QPushButton">
+ <property name="name">
+ <cstring>closeButton</cstring>
+ </property>
+ <property name="text">
+ <string>Close</string>
+ </property>
+ </widget>
+ </hbox>
+ </widget>
+ </vbox>
+</widget>
+<connections>
+ <connection>
+ <sender>closeButton</sender>
+ <signal>clicked()</signal>
+ <receiver>ScanResults</receiver>
+ <slot>close()</slot>
+ </connection>
+ <connection>
+ <sender>scanButton</sender>
+ <signal>clicked()</signal>
+ <receiver>ScanResults</receiver>
+ <slot>scanRequest()</slot>
+ </connection>
+ <connection>
+ <sender>scanResultsView</sender>
+ <signal>doubleClicked(QListViewItem*)</signal>
+ <receiver>ScanResults</receiver>
+ <slot>bssSelected(QListViewItem*)</slot>
+ </connection>
+</connections>
+<includes>
+ <include location="local" impldecl="in implementation">wpa_ctrl.h</include>
+ <include location="local" impldecl="in implementation">wpagui.h</include>
+ <include location="local" impldecl="in implementation">networkconfig.h</include>
+ <include location="local" impldecl="in implementation">scanresults.ui.h</include>
+</includes>
+<forwards>
+ <forward>class WpaGui;</forward>
+</forwards>
+<variables>
+ <variable access="private">WpaGui *wpagui;</variable>
+ <variable access="private">QTimer *timer;</variable>
+</variables>
+<slots>
+ <slot>setWpaGui( WpaGui * _wpagui )</slot>
+ <slot>updateResults()</slot>
+ <slot>scanRequest()</slot>
+ <slot>getResults()</slot>
+ <slot>bssSelected( QListViewItem * sel )</slot>
+</slots>
+<functions>
+ <function access="private" specifier="non virtual">init()</function>
+ <function access="private" specifier="non virtual">destroy()</function>
+</functions>
+<pixmapinproject/>
+<layoutdefaults spacing="6" margin="11"/>
+</UI>
--- /dev/null
+/****************************************************************************
+** ui.h extension file, included from the uic-generated form implementation.
+**
+** If you want to add, delete, or rename functions or slots, use
+** Qt Designer to update this file, preserving your code.
+**
+** You should not define a constructor or destructor in this file.
+** Instead, write your code in functions called init() and destroy().
+** These will automatically be called by the form's constructor and
+** destructor.
+*****************************************************************************/
+
+void ScanResults::init()
+{
+ wpagui = NULL;
+}
+
+
+void ScanResults::destroy()
+{
+ delete timer;
+}
+
+
+void ScanResults::setWpaGui(WpaGui *_wpagui)
+{
+ wpagui = _wpagui;
+ updateResults();
+
+ timer = new QTimer(this);
+ connect(timer, SIGNAL(timeout()), SLOT(getResults()));
+ timer->start(10000, FALSE);
+}
+
+
+void ScanResults::updateResults()
+{
+ char reply[8192];
+ size_t reply_len;
+
+ if (wpagui == NULL)
+ return;
+
+ reply_len = sizeof(reply) - 1;
+ if (wpagui->ctrlRequest("SCAN_RESULTS", reply, &reply_len) < 0)
+ return;
+ reply[reply_len] = '\0';
+
+ scanResultsView->clear();
+
+ QString res(reply);
+ QStringList lines = QStringList::split(QChar('\n'), res);
+ bool first = true;
+ for (QStringList::Iterator it = lines.begin(); it != lines.end(); it++) {
+ if (first) {
+ first = false;
+ continue;
+ }
+
+ QStringList cols = QStringList::split(QChar('\t'), *it, true);
+ QString ssid, bssid, freq, signal, flags;
+ bssid = cols.count() > 0 ? cols[0] : "";
+ freq = cols.count() > 1 ? cols[1] : "";
+ signal = cols.count() > 2 ? cols[2] : "";
+ flags = cols.count() > 3 ? cols[3] : "";
+ ssid = cols.count() > 4 ? cols[4] : "";
+ new Q3ListViewItem(scanResultsView, ssid, bssid, freq, signal, flags);
+ }
+}
+
+
+void ScanResults::scanRequest()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ if (wpagui == NULL)
+ return;
+
+ wpagui->ctrlRequest("SCAN", reply, &reply_len);
+}
+
+
+void ScanResults::getResults()
+{
+ updateResults();
+}
+
+
+
+
+void ScanResults::bssSelected( Q3ListViewItem * sel )
+{
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(wpagui);
+ nc->paramsFromScanResults(sel);
+ nc->show();
+ nc->exec();
+}
--- /dev/null
+#!/bin/sh
+
+# qmake seems to be forcing include and lib paths from the original build
+# and I have no idea how to change these. For now, just override the
+# directories in the Makefile.Release file after qmake run.
+
+qmake -spec /q/jm/qt4-win/4.3.3/mkspecs/win32-g++ wpa_gui.pro -o Makefile
+cat Makefile.Release |
+ sed s%/usr/lib/qt4%/q/jm/qt4-win/4.3.3/lib%g |
+ sed s%/usr/include/qt4%/q/jm/qt4-win/4.3.3/include%g > tmp.Makefile.Release &&
+mv -f tmp.Makefile.Release Makefile.Release
--- /dev/null
+<!DOCTYPE UI><UI version="3.3" stdsetdef="1">
+<class>UserDataRequest</class>
+<widget class="QDialog">
+ <property name="name">
+ <cstring>UserDataRequest</cstring>
+ </property>
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>216</width>
+ <height>103</height>
+ </rect>
+ </property>
+ <property name="caption">
+ <string>Authentication credentials required</string>
+ </property>
+ <property name="sizeGripEnabled">
+ <bool>true</bool>
+ </property>
+ <vbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QLabel">
+ <property name="name">
+ <cstring>queryInfo</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLayoutWidget">
+ <property name="name">
+ <cstring>layout28</cstring>
+ </property>
+ <hbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QLabel">
+ <property name="name">
+ <cstring>queryField</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLineEdit">
+ <property name="name">
+ <cstring>queryEdit</cstring>
+ </property>
+ <property name="enabled">
+ <bool>true</bool>
+ </property>
+ <property name="echoMode">
+ <enum>Password</enum>
+ </property>
+ </widget>
+ </hbox>
+ </widget>
+ <widget class="QLayoutWidget">
+ <property name="name">
+ <cstring>layout27</cstring>
+ </property>
+ <hbox>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <spacer>
+ <property name="name">
+ <cstring>spacer4</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>20</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ <widget class="QPushButton">
+ <property name="name">
+ <cstring>buttonOk</cstring>
+ </property>
+ <property name="text">
+ <string>&OK</string>
+ </property>
+ <property name="accel">
+ <string></string>
+ </property>
+ <property name="autoDefault">
+ <bool>true</bool>
+ </property>
+ <property name="default">
+ <bool>true</bool>
+ </property>
+ </widget>
+ <widget class="QPushButton">
+ <property name="name">
+ <cstring>buttonCancel</cstring>
+ </property>
+ <property name="text">
+ <string>&Cancel</string>
+ </property>
+ <property name="accel">
+ <string></string>
+ </property>
+ <property name="autoDefault">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </hbox>
+ </widget>
+ </vbox>
+</widget>
+<connections>
+ <connection>
+ <sender>buttonOk</sender>
+ <signal>clicked()</signal>
+ <receiver>UserDataRequest</receiver>
+ <slot>sendReply()</slot>
+ </connection>
+ <connection>
+ <sender>buttonCancel</sender>
+ <signal>clicked()</signal>
+ <receiver>UserDataRequest</receiver>
+ <slot>reject()</slot>
+ </connection>
+ <connection>
+ <sender>queryEdit</sender>
+ <signal>returnPressed()</signal>
+ <receiver>UserDataRequest</receiver>
+ <slot>sendReply()</slot>
+ </connection>
+</connections>
+<includes>
+ <include location="local" impldecl="in implementation">wpa_ctrl.h</include>
+ <include location="local" impldecl="in implementation">wpagui.h</include>
+ <include location="local" impldecl="in implementation">userdatarequest.ui.h</include>
+</includes>
+<forwards>
+ <forward>class WpaGui;</forward>
+</forwards>
+<variables>
+ <variable access="private">WpaGui *wpagui;</variable>
+ <variable access="private">int networkid;</variable>
+ <variable access="private">QString field;</variable>
+</variables>
+<slots>
+ <slot>sendReply()</slot>
+</slots>
+<functions>
+ <function specifier="non virtual" returnType="int">setParams( WpaGui * _wpagui, const char * reqMsg )</function>
+</functions>
+<pixmapinproject/>
+<layoutdefaults spacing="6" margin="11"/>
+</UI>
--- /dev/null
+/****************************************************************************
+** ui.h extension file, included from the uic-generated form implementation.
+**
+** If you want to add, delete, or rename functions or slots, use
+** Qt Designer to update this file, preserving your code.
+**
+** You should not define a constructor or destructor in this file.
+** Instead, write your code in functions called init() and destroy().
+** These will automatically be called by the form's constructor and
+** destructor.
+*****************************************************************************/
+
+int UserDataRequest::setParams(WpaGui *_wpagui, const char *reqMsg)
+{
+ char *tmp, *pos, *pos2;
+ wpagui = _wpagui;
+ tmp = strdup(reqMsg);
+ if (tmp == NULL)
+ return -1;
+ pos = strchr(tmp, '-');
+ if (pos == NULL) {
+ free(tmp);
+ return -1;
+ }
+ *pos++ = '\0';
+ field = tmp;
+ pos2 = strchr(pos, ':');
+ if (pos2 == NULL) {
+ free(tmp);
+ return -1;
+ }
+ *pos2++ = '\0';
+
+ networkid = atoi(pos);
+ queryInfo->setText(pos2);
+ if (strcmp(tmp, "PASSWORD") == 0) {
+ queryField->setText("Password: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else if (strcmp(tmp, "NEW_PASSWORD") == 0) {
+ queryField->setText("New password: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else if (strcmp(tmp, "IDENTITY") == 0)
+ queryField->setText("Identity: ");
+ else if (strcmp(tmp, "PASSPHRASE") == 0) {
+ queryField->setText("Private key passphrase: ");
+ queryEdit->setEchoMode(QLineEdit::Password);
+ } else
+ queryField->setText(field + ":");
+ free(tmp);
+
+ return 0;
+}
+
+
+void UserDataRequest::sendReply()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ if (wpagui == NULL) {
+ reject();
+ return;
+ }
+
+ QString cmd = QString(WPA_CTRL_RSP) + field + '-' +
+ QString::number(networkid) + ':' +
+ queryEdit->text();
+ wpagui->ctrlRequest(cmd.ascii(), reply, &reply_len);
+ accept();
+}
--- /dev/null
+TEMPLATE = app
+LANGUAGE = C++
+
+CONFIG += qt warn_on release
+
+DEFINES += CONFIG_CTRL_IFACE
+
+win32 {
+ LIBS += -lws2_32 -static
+ DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
+} else:win32-g++ {
+ # cross compilation to win32
+ LIBS += -lws2_32 -static
+ DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
+} else {
+ DEFINES += CONFIG_CTRL_IFACE_UNIX
+}
+
+INCLUDEPATH += . .. ../../hostapd
+
+HEADERS += wpamsg.h
+
+SOURCES += main.cpp \
+ ../wpa_ctrl.c
+
+FORMS = wpagui.ui \
+ eventhistory.ui \
+ scanresults.ui \
+ userdatarequest.ui \
+ networkconfig.ui
+
+
+unix {
+ UI_DIR = .ui
+ MOC_DIR = .moc
+ OBJECTS_DIR = .obj
+}
+
+qtver = $$[QT_VERSION]
+isEmpty( qtver ) {
+ message(Compiling for Qt 3.x)
+ DEFINES += Q3ListViewItem=QListViewItem
+} else {
+ message(Compiling for Qt $$qtver)
+ QT += qt3support
+ CONFIG += uic3
+}
--- /dev/null
+<!DOCTYPE UI><UI version="3.3" stdsetdef="1">
+<class>WpaGui</class>
+<widget class="QMainWindow">
+ <property name="name">
+ <cstring>WpaGui</cstring>
+ </property>
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>279</width>
+ <height>308</height>
+ </rect>
+ </property>
+ <property name="caption">
+ <string>wpa_gui</string>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QLabel" row="0" column="0" rowspan="1" colspan="2">
+ <property name="name">
+ <cstring>textLabel16</cstring>
+ </property>
+ <property name="text">
+ <string>Adapter:</string>
+ </property>
+ </widget>
+ <widget class="QComboBox" row="0" column="2" rowspan="1" colspan="2">
+ <property name="name">
+ <cstring>adapterSelect</cstring>
+ </property>
+ </widget>
+ <widget class="QLabel" row="1" column="0" rowspan="1" colspan="2">
+ <property name="name">
+ <cstring>textLabel8</cstring>
+ </property>
+ <property name="text">
+ <string>Network:</string>
+ </property>
+ </widget>
+ <widget class="QComboBox" row="1" column="2" rowspan="1" colspan="2">
+ <property name="name">
+ <cstring>networkSelect</cstring>
+ </property>
+ </widget>
+ <widget class="QFrame" row="2" column="0" rowspan="1" colspan="4">
+ <property name="name">
+ <cstring>frame3</cstring>
+ </property>
+ <property name="frameShape">
+ <enum>StyledPanel</enum>
+ </property>
+ <property name="frameShadow">
+ <enum>Raised</enum>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="QLabel" row="0" column="0">
+ <property name="name">
+ <cstring>textLabel1</cstring>
+ </property>
+ <property name="text">
+ <string>Status:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="1" column="0">
+ <property name="name">
+ <cstring>textLabel2</cstring>
+ </property>
+ <property name="text">
+ <string>Last message:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="2" column="0">
+ <property name="name">
+ <cstring>textLabel3</cstring>
+ </property>
+ <property name="text">
+ <string>Authentication:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="3" column="0">
+ <property name="name">
+ <cstring>textLabel4</cstring>
+ </property>
+ <property name="text">
+ <string>Encryption:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="4" column="0">
+ <property name="name">
+ <cstring>textLabel5</cstring>
+ </property>
+ <property name="text">
+ <string>SSID:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="5" column="0">
+ <property name="name">
+ <cstring>textLabel6</cstring>
+ </property>
+ <property name="text">
+ <string>BSSID:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="6" column="0">
+ <property name="name">
+ <cstring>textLabel7</cstring>
+ </property>
+ <property name="text">
+ <string>IP address:</string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="0" column="1">
+ <property name="name">
+ <cstring>textStatus</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="1" column="1" rowspan="1" colspan="3">
+ <property name="name">
+ <cstring>textLastMessage</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="2" column="1">
+ <property name="name">
+ <cstring>textAuthentication</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="3" column="1">
+ <property name="name">
+ <cstring>textEncryption</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="4" column="1">
+ <property name="name">
+ <cstring>textSsid</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="5" column="1">
+ <property name="name">
+ <cstring>textBssid</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ <widget class="QLabel" row="6" column="1">
+ <property name="name">
+ <cstring>textIpAddress</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
+ </grid>
+ </widget>
+ <spacer row="3" column="0">
+ <property name="name">
+ <cstring>spacer7</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>16</width>
+ <height>16</height>
+ </size>
+ </property>
+ </spacer>
+ <widget class="QPushButton" row="3" column="1">
+ <property name="name">
+ <cstring>connectButton</cstring>
+ </property>
+ <property name="text">
+ <string>Connect</string>
+ </property>
+ </widget>
+ <widget class="QPushButton" row="3" column="2">
+ <property name="name">
+ <cstring>disconnectButton</cstring>
+ </property>
+ <property name="text">
+ <string>Disconnect</string>
+ </property>
+ </widget>
+ <widget class="QPushButton" row="3" column="3">
+ <property name="name">
+ <cstring>scanButton</cstring>
+ </property>
+ <property name="text">
+ <string>Scan</string>
+ </property>
+ </widget>
+ </grid>
+</widget>
+<menubar>
+ <property name="name">
+ <cstring>MenuBar</cstring>
+ </property>
+ <item text="&File" name="fileMenu">
+ <separator/>
+ <action name="fileEventHistoryAction"/>
+ <action name="fileAdd_NetworkAction"/>
+ <action name="fileEdit_networkAction"/>
+ <separator/>
+ <action name="fileExitAction"/>
+ </item>
+ <item text="&Help" name="helpMenu">
+ <action name="helpContentsAction"/>
+ <action name="helpIndexAction"/>
+ <separator/>
+ <action name="helpAboutAction"/>
+ </item>
+</menubar>
+<toolbars>
+</toolbars>
+<actions>
+ <action>
+ <property name="name">
+ <cstring>fileExitAction</cstring>
+ </property>
+ <property name="text">
+ <string>Exit</string>
+ </property>
+ <property name="menuText">
+ <string>E&xit</string>
+ </property>
+ <property name="accel">
+ <string>Ctrl+Q</string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>helpContentsAction</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Contents</string>
+ </property>
+ <property name="menuText">
+ <string>&Contents...</string>
+ </property>
+ <property name="accel">
+ <string></string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>helpIndexAction</cstring>
+ </property>
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Index</string>
+ </property>
+ <property name="menuText">
+ <string>&Index...</string>
+ </property>
+ <property name="accel">
+ <string></string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>helpAboutAction</cstring>
+ </property>
+ <property name="text">
+ <string>About</string>
+ </property>
+ <property name="menuText">
+ <string>&About</string>
+ </property>
+ <property name="accel">
+ <string></string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>fileEventHistoryAction</cstring>
+ </property>
+ <property name="text">
+ <string>Event History</string>
+ </property>
+ <property name="menuText">
+ <string>Event &History</string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>fileAdd_NetworkAction</cstring>
+ </property>
+ <property name="text">
+ <string>Add Network</string>
+ </property>
+ <property name="menuText">
+ <string>&Add Network</string>
+ </property>
+ </action>
+ <action>
+ <property name="name">
+ <cstring>fileEdit_networkAction</cstring>
+ </property>
+ <property name="text">
+ <string>Edit Network</string>
+ </property>
+ <property name="menuText">
+ <string>&Edit Network</string>
+ </property>
+ </action>
+</actions>
+<connections>
+ <connection>
+ <sender>helpIndexAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>helpIndex()</slot>
+ </connection>
+ <connection>
+ <sender>helpContentsAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>helpContents()</slot>
+ </connection>
+ <connection>
+ <sender>helpAboutAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>helpAbout()</slot>
+ </connection>
+ <connection>
+ <sender>fileExitAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>close()</slot>
+ </connection>
+ <connection>
+ <sender>disconnectButton</sender>
+ <signal>clicked()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>disconnect()</slot>
+ </connection>
+ <connection>
+ <sender>scanButton</sender>
+ <signal>clicked()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>scan()</slot>
+ </connection>
+ <connection>
+ <sender>connectButton</sender>
+ <signal>clicked()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>connectB()</slot>
+ </connection>
+ <connection>
+ <sender>fileEventHistoryAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>eventHistory()</slot>
+ </connection>
+ <connection>
+ <sender>networkSelect</sender>
+ <signal>activated(const QString&)</signal>
+ <receiver>WpaGui</receiver>
+ <slot>selectNetwork(const QString&)</slot>
+ </connection>
+ <connection>
+ <sender>fileEdit_networkAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>editNetwork()</slot>
+ </connection>
+ <connection>
+ <sender>fileAdd_NetworkAction</sender>
+ <signal>activated()</signal>
+ <receiver>WpaGui</receiver>
+ <slot>addNetwork()</slot>
+ </connection>
+ <connection>
+ <sender>adapterSelect</sender>
+ <signal>activated(const QString&)</signal>
+ <receiver>WpaGui</receiver>
+ <slot>selectAdapter(const QString&)</slot>
+ </connection>
+</connections>
+<includes>
+ <include location="global" impldecl="in declaration">qtimer.h</include>
+ <include location="global" impldecl="in declaration">qsocketnotifier.h</include>
+ <include location="local" impldecl="in declaration">wpamsg.h</include>
+ <include location="local" impldecl="in declaration">eventhistory.h</include>
+ <include location="local" impldecl="in declaration">scanresults.h</include>
+ <include location="local" impldecl="in implementation">wpa_ctrl.h</include>
+ <include location="global" impldecl="in implementation">dirent.h</include>
+ <include location="global" impldecl="in implementation">qmessagebox.h</include>
+ <include location="global" impldecl="in implementation">qapplication.h</include>
+ <include location="local" impldecl="in implementation">userdatarequest.h</include>
+ <include location="local" impldecl="in implementation">networkconfig.h</include>
+ <include location="local" impldecl="in implementation">wpagui.ui.h</include>
+</includes>
+<forwards>
+ <forward>class UserDataRequest;</forward>
+</forwards>
+<variables>
+ <variable access="private">ScanResults *scanres;</variable>
+ <variable access="private">bool networkMayHaveChanged;</variable>
+ <variable access="private">char *ctrl_iface;</variable>
+ <variable access="private">EventHistory *eh;</variable>
+ <variable access="private">struct wpa_ctrl *ctrl_conn;</variable>
+ <variable access="private">QSocketNotifier *msgNotifier;</variable>
+ <variable access="private">QTimer *timer;</variable>
+ <variable access="private">int pingsToStatusUpdate;</variable>
+ <variable access="private">WpaMsgList msgs;</variable>
+ <variable access="private">char *ctrl_iface_dir;</variable>
+ <variable access="private">struct wpa_ctrl *monitor_conn;</variable>
+ <variable access="private">UserDataRequest *udr;</variable>
+</variables>
+<slots>
+ <slot>parse_argv()</slot>
+ <slot>updateStatus()</slot>
+ <slot>updateNetworks()</slot>
+ <slot>helpIndex()</slot>
+ <slot>helpContents()</slot>
+ <slot>helpAbout()</slot>
+ <slot>disconnect()</slot>
+ <slot>scan()</slot>
+ <slot>eventHistory()</slot>
+ <slot>ping()</slot>
+ <slot>processMsg( char * msg )</slot>
+ <slot>processCtrlReq( const char * req )</slot>
+ <slot>receiveMsgs()</slot>
+ <slot>connectB()</slot>
+ <slot>selectNetwork( const QString & sel )</slot>
+ <slot>editNetwork()</slot>
+ <slot>addNetwork()</slot>
+ <slot>selectAdapter( const QString & sel )</slot>
+</slots>
+<functions>
+ <function access="private" specifier="non virtual">init()</function>
+ <function access="private" specifier="non virtual">destroy()</function>
+ <function access="private" specifier="non virtual" returnType="int">openCtrlConnection( const char * ifname )</function>
+ <function returnType="int">ctrlRequest( const char * cmd, char * buf, size_t * buflen )</function>
+ <function>triggerUpdate()</function>
+</functions>
+<pixmapinproject/>
+<layoutdefaults spacing="6" margin="11"/>
+</UI>
--- /dev/null
+/****************************************************************************
+** ui.h extension file, included from the uic-generated form implementation.
+**
+** If you want to add, delete, or rename functions or slots, use
+** Qt Designer to update this file, preserving your code.
+**
+** You should not define a constructor or destructor in this file.
+** Instead, write your code in functions called init() and destroy().
+** These will automatically be called by the form's constructor and
+** destructor.
+*****************************************************************************/
+
+
+#ifdef __MINGW32__
+/* Need to get getopt() */
+#include <unistd.h>
+#endif
+
+
+void WpaGui::init()
+{
+ eh = NULL;
+ scanres = NULL;
+ udr = NULL;
+ ctrl_iface = NULL;
+ ctrl_conn = NULL;
+ monitor_conn = NULL;
+ msgNotifier = NULL;
+ ctrl_iface_dir = strdup("/var/run/wpa_supplicant");
+
+ parse_argv();
+
+ textStatus->setText("connecting to wpa_supplicant");
+ timer = new QTimer(this);
+ connect(timer, SIGNAL(timeout()), SLOT(ping()));
+ timer->start(1000, FALSE);
+
+ if (openCtrlConnection(ctrl_iface) < 0) {
+ printf("Failed to open control connection to wpa_supplicant.\n");
+ }
+
+ updateStatus();
+ networkMayHaveChanged = true;
+ updateNetworks();
+}
+
+
+void WpaGui::destroy()
+{
+ delete msgNotifier;
+
+ if (monitor_conn) {
+ wpa_ctrl_detach(monitor_conn);
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ }
+ if (ctrl_conn) {
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ }
+
+ if (eh) {
+ eh->close();
+ delete eh;
+ eh = NULL;
+ }
+
+ if (scanres) {
+ scanres->close();
+ delete scanres;
+ scanres = NULL;
+ }
+
+ if (udr) {
+ udr->close();
+ delete udr;
+ udr = NULL;
+ }
+
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+
+ free(ctrl_iface_dir);
+ ctrl_iface_dir = NULL;
+}
+
+
+void WpaGui::parse_argv()
+{
+ int c;
+ for (;;) {
+ c = getopt(qApp->argc(), qApp->argv(), "i:p:");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'i':
+ free(ctrl_iface);
+ ctrl_iface = strdup(optarg);
+ break;
+ case 'p':
+ free(ctrl_iface_dir);
+ ctrl_iface_dir = strdup(optarg);
+ break;
+ }
+ }
+}
+
+
+int WpaGui::openCtrlConnection(const char *ifname)
+{
+ char *cfile;
+ int flen;
+ char buf[2048], *pos, *pos2;
+ size_t len;
+
+ if (ifname) {
+ if (ifname != ctrl_iface) {
+ free(ctrl_iface);
+ ctrl_iface = strdup(ifname);
+ }
+ } else {
+#ifdef CONFIG_CTRL_IFACE_UDP
+ free(ctrl_iface);
+ ctrl_iface = strdup("udp");
+#endif /* CONFIG_CTRL_IFACE_UDP */
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ struct dirent *dent;
+ DIR *dir = opendir(ctrl_iface_dir);
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+ if (dir) {
+ while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+ /* Skip the file if it is not a socket.
+ * Also accept DT_UNKNOWN (0) in case
+ * the C library or underlying file
+ * system does not support d_type. */
+ if (dent->d_type != DT_SOCK &&
+ dent->d_type != DT_UNKNOWN)
+ continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+
+ if (strcmp(dent->d_name, ".") == 0 ||
+ strcmp(dent->d_name, "..") == 0)
+ continue;
+ printf("Selected interface '%s'\n", dent->d_name);
+ ctrl_iface = strdup(dent->d_name);
+ break;
+ }
+ closedir(dir);
+ }
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ struct wpa_ctrl *ctrl;
+ int ret;
+
+ free(ctrl_iface);
+ ctrl_iface = NULL;
+
+ ctrl = wpa_ctrl_open(NULL);
+ if (ctrl) {
+ len = sizeof(buf) - 1;
+ ret = wpa_ctrl_request(ctrl, "INTERFACES", 10, buf, &len, NULL);
+ if (ret >= 0) {
+ buf[len] = '\0';
+ pos = strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ ctrl_iface = strdup(buf);
+ }
+ wpa_ctrl_close(ctrl);
+ }
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+ }
+
+ if (ctrl_iface == NULL)
+ return -1;
+
+#ifdef CONFIG_CTRL_IFACE_UNIX
+ flen = strlen(ctrl_iface_dir) + strlen(ctrl_iface) + 2;
+ cfile = (char *) malloc(flen);
+ if (cfile == NULL)
+ return -1;
+ snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ctrl_iface);
+#else /* CONFIG_CTRL_IFACE_UNIX */
+ flen = strlen(ctrl_iface) + 1;
+ cfile = (char *) malloc(flen);
+ if (cfile == NULL)
+ return -1;
+ snprintf(cfile, flen, "%s", ctrl_iface);
+#endif /* CONFIG_CTRL_IFACE_UNIX */
+
+ if (ctrl_conn) {
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ }
+
+ if (monitor_conn) {
+ delete msgNotifier;
+ msgNotifier = NULL;
+ wpa_ctrl_detach(monitor_conn);
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ }
+
+ printf("Trying to connect to '%s'\n", cfile);
+ ctrl_conn = wpa_ctrl_open(cfile);
+ if (ctrl_conn == NULL) {
+ free(cfile);
+ return -1;
+ }
+ monitor_conn = wpa_ctrl_open(cfile);
+ free(cfile);
+ if (monitor_conn == NULL) {
+ wpa_ctrl_close(ctrl_conn);
+ return -1;
+ }
+ if (wpa_ctrl_attach(monitor_conn)) {
+ printf("Failed to attach to wpa_supplicant\n");
+ wpa_ctrl_close(monitor_conn);
+ monitor_conn = NULL;
+ wpa_ctrl_close(ctrl_conn);
+ ctrl_conn = NULL;
+ return -1;
+ }
+
+#if defined(CONFIG_CTRL_IFACE_UNIX) || defined(CONFIG_CTRL_IFACE_UDP)
+ msgNotifier = new QSocketNotifier(wpa_ctrl_get_fd(monitor_conn),
+ QSocketNotifier::Read, this);
+ connect(msgNotifier, SIGNAL(activated(int)), SLOT(receiveMsgs()));
+#endif
+
+ adapterSelect->clear();
+ adapterSelect->insertItem(ctrl_iface);
+ adapterSelect->setCurrentItem(0);
+
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_request(ctrl_conn, "INTERFACES", 10, buf, &len, NULL) >= 0) {
+ buf[len] = '\0';
+ pos = buf;
+ while (*pos) {
+ pos2 = strchr(pos, '\n');
+ if (pos2)
+ *pos2 = '\0';
+ if (strcmp(pos, ctrl_iface) != 0)
+ adapterSelect->insertItem(pos);
+ if (pos2)
+ pos = pos2 + 1;
+ else
+ break;
+ }
+ }
+
+ return 0;
+}
+
+
+static void wpa_gui_msg_cb(char *msg, size_t)
+{
+ /* This should not happen anymore since two control connections are used. */
+ printf("missed message: %s\n", msg);
+}
+
+
+int WpaGui::ctrlRequest(const char *cmd, char *buf, size_t *buflen)
+{
+ int ret;
+
+ if (ctrl_conn == NULL)
+ return -3;
+ ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), buf, buflen,
+ wpa_gui_msg_cb);
+ if (ret == -2) {
+ printf("'%s' command timed out.\n", cmd);
+ } else if (ret < 0) {
+ printf("'%s' command failed.\n", cmd);
+ }
+
+ return ret;
+}
+
+
+void WpaGui::updateStatus()
+{
+ char buf[2048], *start, *end, *pos;
+ size_t len;
+
+ pingsToStatusUpdate = 10;
+
+ len = sizeof(buf) - 1;
+ if (ctrl_conn == NULL || ctrlRequest("STATUS", buf, &len) < 0) {
+ textStatus->setText("Could not get status from wpa_supplicant");
+ textAuthentication->clear();
+ textEncryption->clear();
+ textSsid->clear();
+ textBssid->clear();
+ textIpAddress->clear();
+ return;
+ }
+
+ buf[len] = '\0';
+
+ bool auth_updated = false, ssid_updated = false;
+ bool bssid_updated = false, ipaddr_updated = false;
+ bool status_updated = false;
+ char *pairwise_cipher = NULL, *group_cipher = NULL;
+
+ start = buf;
+ while (*start) {
+ bool last = false;
+ end = strchr(start, '\n');
+ if (end == NULL) {
+ last = true;
+ end = start;
+ while (end[0] && end[1])
+ end++;
+ }
+ *end = '\0';
+
+ pos = strchr(start, '=');
+ if (pos) {
+ *pos++ = '\0';
+ if (strcmp(start, "bssid") == 0) {
+ bssid_updated = true;
+ textBssid->setText(pos);
+ } else if (strcmp(start, "ssid") == 0) {
+ ssid_updated = true;
+ textSsid->setText(pos);
+ } else if (strcmp(start, "ip_address") == 0) {
+ ipaddr_updated = true;
+ textIpAddress->setText(pos);
+ } else if (strcmp(start, "wpa_state") == 0) {
+ status_updated = true;
+ textStatus->setText(pos);
+ } else if (strcmp(start, "key_mgmt") == 0) {
+ auth_updated = true;
+ textAuthentication->setText(pos);
+ /* TODO: could add EAP status to this */
+ } else if (strcmp(start, "pairwise_cipher") == 0) {
+ pairwise_cipher = pos;
+ } else if (strcmp(start, "group_cipher") == 0) {
+ group_cipher = pos;
+ }
+ }
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+
+ if (pairwise_cipher || group_cipher) {
+ QString encr;
+ if (pairwise_cipher && group_cipher &&
+ strcmp(pairwise_cipher, group_cipher) != 0) {
+ encr.append(pairwise_cipher);
+ encr.append(" + ");
+ encr.append(group_cipher);
+ } else if (pairwise_cipher) {
+ encr.append(pairwise_cipher);
+ } else if (group_cipher) {
+ encr.append(group_cipher);
+ encr.append(" [group key only]");
+ } else {
+ encr.append("?");
+ }
+ textEncryption->setText(encr);
+ } else
+ textEncryption->clear();
+
+ if (!status_updated)
+ textStatus->clear();
+ if (!auth_updated)
+ textAuthentication->clear();
+ if (!ssid_updated)
+ textSsid->clear();
+ if (!bssid_updated)
+ textBssid->clear();
+ if (!ipaddr_updated)
+ textIpAddress->clear();
+}
+
+
+void WpaGui::updateNetworks()
+{
+ char buf[2048], *start, *end, *id, *ssid, *bssid, *flags;
+ size_t len;
+ int first_active = -1;
+ bool selected = false;
+
+ if (!networkMayHaveChanged)
+ return;
+
+ networkSelect->clear();
+
+ if (ctrl_conn == NULL)
+ return;
+
+ len = sizeof(buf) - 1;
+ if (ctrlRequest("LIST_NETWORKS", buf, &len) < 0)
+ return;
+
+ buf[len] = '\0';
+ start = strchr(buf, '\n');
+ if (start == NULL)
+ return;
+ start++;
+
+ while (*start) {
+ bool last = false;
+ end = strchr(start, '\n');
+ if (end == NULL) {
+ last = true;
+ end = start;
+ while (end[0] && end[1])
+ end++;
+ }
+ *end = '\0';
+
+ id = start;
+ ssid = strchr(id, '\t');
+ if (ssid == NULL)
+ break;
+ *ssid++ = '\0';
+ bssid = strchr(ssid, '\t');
+ if (bssid == NULL)
+ break;
+ *bssid++ = '\0';
+ flags = strchr(bssid, '\t');
+ if (flags == NULL)
+ break;
+ *flags++ = '\0';
+
+ QString network(id);
+ network.append(": ");
+ network.append(ssid);
+ networkSelect->insertItem(network);
+
+ if (strstr(flags, "[CURRENT]")) {
+ networkSelect->setCurrentItem(networkSelect->count() - 1);
+ selected = true;
+ } else if (first_active < 0 && strstr(flags, "[DISABLED]") == NULL)
+ first_active = networkSelect->count() - 1;
+
+ if (last)
+ break;
+ start = end + 1;
+ }
+
+ if (!selected && first_active >= 0)
+ networkSelect->setCurrentItem(first_active);
+
+ networkMayHaveChanged = false;
+}
+
+
+void WpaGui::helpIndex()
+{
+ printf("helpIndex\n");
+}
+
+
+void WpaGui::helpContents()
+{
+ printf("helpContents\n");
+}
+
+
+void WpaGui::helpAbout()
+{
+ QMessageBox::about(this, "wpa_gui for wpa_supplicant",
+ "Copyright (c) 2003-2008,\n"
+ "Jouni Malinen <j@w1.fi>\n"
+ "and contributors.\n"
+ "\n"
+ "This program is free software. You can\n"
+ "distribute it and/or modify it under the terms of\n"
+ "the GNU General Public License version 2.\n"
+ "\n"
+ "Alternatively, this software may be distributed\n"
+ "under the terms of the BSD license.\n"
+ "\n"
+ "This product includes software developed\n"
+ "by the OpenSSL Project for use in the\n"
+ "OpenSSL Toolkit (http://www.openssl.org/)\n");
+}
+
+
+void WpaGui::disconnect()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+ ctrlRequest("DISCONNECT", reply, &reply_len);
+}
+
+
+void WpaGui::scan()
+{
+ if (scanres) {
+ scanres->close();
+ delete scanres;
+ }
+
+ scanres = new ScanResults();
+ if (scanres == NULL)
+ return;
+ scanres->setWpaGui(this);
+ scanres->show();
+ scanres->exec();
+}
+
+
+void WpaGui::eventHistory()
+{
+ if (eh) {
+ eh->close();
+ delete eh;
+ }
+
+ eh = new EventHistory();
+ if (eh == NULL)
+ return;
+ eh->addEvents(msgs);
+ eh->show();
+ eh->exec();
+}
+
+
+void WpaGui::ping()
+{
+ char buf[10];
+ size_t len;
+
+#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
+ /*
+ * QSocketNotifier cannot be used with Windows named pipes, so use a timer
+ * to check for received messages for now. This could be optimized be doing
+ * something specific to named pipes or Windows events, but it is not clear
+ * what would be the best way of doing that in Qt.
+ */
+ receiveMsgs();
+#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
+
+ if (scanres && !scanres->isVisible()) {
+ delete scanres;
+ scanres = NULL;
+ }
+
+ if (eh && !eh->isVisible()) {
+ delete eh;
+ eh = NULL;
+ }
+
+ if (udr && !udr->isVisible()) {
+ delete udr;
+ udr = NULL;
+ }
+
+ len = sizeof(buf) - 1;
+ if (ctrlRequest("PING", buf, &len) < 0) {
+ printf("PING failed - trying to reconnect\n");
+ if (openCtrlConnection(ctrl_iface) >= 0) {
+ printf("Reconnected successfully\n");
+ pingsToStatusUpdate = 0;
+ }
+ }
+
+ pingsToStatusUpdate--;
+ if (pingsToStatusUpdate <= 0) {
+ updateStatus();
+ updateNetworks();
+ }
+}
+
+
+static int str_match(const char *a, const char *b)
+{
+ return strncmp(a, b, strlen(b)) == 0;
+}
+
+
+void WpaGui::processMsg(char *msg)
+{
+ char *pos = msg, *pos2;
+ int priority = 2;
+
+ if (*pos == '<') {
+ /* skip priority */
+ pos++;
+ priority = atoi(pos);
+ pos = strchr(pos, '>');
+ if (pos)
+ pos++;
+ else
+ pos = msg;
+ }
+
+ WpaMsg wm(pos, priority);
+ if (eh)
+ eh->addEvent(wm);
+ msgs.append(wm);
+ while (msgs.count() > 100)
+ msgs.pop_front();
+
+ /* Update last message with truncated version of the event */
+ if (strncmp(pos, "CTRL-", 5) == 0) {
+ pos2 = strchr(pos, str_match(pos, WPA_CTRL_REQ) ? ':' : ' ');
+ if (pos2)
+ pos2++;
+ else
+ pos2 = pos;
+ } else
+ pos2 = pos;
+ QString lastmsg = pos2;
+ lastmsg.truncate(40);
+ textLastMessage->setText(lastmsg);
+
+ pingsToStatusUpdate = 0;
+ networkMayHaveChanged = true;
+
+ if (str_match(pos, WPA_CTRL_REQ))
+ processCtrlReq(pos + strlen(WPA_CTRL_REQ));
+}
+
+
+void WpaGui::processCtrlReq(const char *req)
+{
+ if (udr) {
+ udr->close();
+ delete udr;
+ }
+ udr = new UserDataRequest();
+ if (udr == NULL)
+ return;
+ if (udr->setParams(this, req) < 0) {
+ delete udr;
+ udr = NULL;
+ return;
+ }
+ udr->show();
+ udr->exec();
+}
+
+
+void WpaGui::receiveMsgs()
+{
+ char buf[256];
+ size_t len;
+
+ while (monitor_conn && wpa_ctrl_pending(monitor_conn) > 0) {
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_recv(monitor_conn, buf, &len) == 0) {
+ buf[len] = '\0';
+ processMsg(buf);
+ }
+ }
+}
+
+
+void WpaGui::connectB()
+{
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+ ctrlRequest("REASSOCIATE", reply, &reply_len);
+}
+
+
+void WpaGui::selectNetwork( const QString &sel )
+{
+ QString cmd(sel);
+ char reply[10];
+ size_t reply_len = sizeof(reply);
+
+ int pos = cmd.find(':');
+ if (pos < 0) {
+ printf("Invalid selectNetwork '%s'\n", cmd.ascii());
+ return;
+ }
+ cmd.truncate(pos);
+ cmd.prepend("SELECT_NETWORK ");
+ ctrlRequest(cmd.ascii(), reply, &reply_len);
+}
+
+
+void WpaGui::editNetwork()
+{
+ QString sel(networkSelect->currentText());
+ int pos = sel.find(':');
+ if (pos < 0) {
+ printf("Invalid selectNetwork '%s'\n", sel.ascii());
+ return;
+ }
+ sel.truncate(pos);
+
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(this);
+
+ nc->paramsFromConfig(sel.toInt());
+ nc->show();
+ nc->exec();
+}
+
+
+void WpaGui::triggerUpdate()
+{
+ updateStatus();
+ networkMayHaveChanged = true;
+ updateNetworks();
+}
+
+
+void WpaGui::addNetwork()
+{
+ NetworkConfig *nc = new NetworkConfig();
+ if (nc == NULL)
+ return;
+ nc->setWpaGui(this);
+ nc->newNetwork();
+ nc->show();
+ nc->exec();
+}
+
+
+void WpaGui::selectAdapter( const QString & sel )
+{
+ if (openCtrlConnection(sel.ascii()) < 0)
+ printf("Failed to open control connection to wpa_supplicant.\n");
+ updateStatus();
+ updateNetworks();
+}
--- /dev/null
+#ifndef WPAMSG_H
+#define WPAMSG_H
+
+class WpaMsg;
+
+#if QT_VERSION >= 0x040000
+#include <QDateTime>
+#include <QLinkedList>
+typedef QLinkedList<WpaMsg> WpaMsgList;
+#else
+#include <qdatetime.h>
+typedef QValueList<WpaMsg> WpaMsgList;
+#endif
+
+class WpaMsg {
+public:
+ WpaMsg() {}
+ WpaMsg(const QString &_msg, int _priority = 2)
+ : msg(_msg), priority(_priority)
+ {
+ timestamp = QDateTime::currentDateTime();
+ }
+
+ QString getMsg() const { return msg; }
+ int getPriority() const { return priority; }
+ QDateTime getTimestamp() const { return timestamp; }
+
+private:
+ QString msg;
+ int priority;
+ QDateTime timestamp;
+};
+
+#endif /* WPAMSG_H */
--- /dev/null
+/*
+ * wpa_supplicant - Internal WPA state machine definitions
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_I_H
+#define WPA_I_H
+
+struct rsn_pmksa_candidate;
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+/**
+ * struct wpa_ptk - WPA Pairwise Transient Key
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ */
+struct wpa_ptk {
+ u8 kck[16]; /* EAPOL-Key Key Confirmation Key (KCK) */
+ u8 kek[16]; /* EAPOL-Key Key Encryption Key (KEK) */
+ u8 tk1[16]; /* Temporal Key 1 (TK1) */
+ union {
+ u8 tk2[16]; /* Temporal Key 2 (TK2) */
+ struct {
+ u8 tx_mic_key[8];
+ u8 rx_mic_key[8];
+ } auth;
+ } u;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+
+#ifdef CONFIG_PEERKEY
+#define PEERKEY_MAX_IE_LEN 80
+struct wpa_peerkey {
+ struct wpa_peerkey *next;
+ int initiator; /* whether this end was initator for SMK handshake */
+ u8 addr[ETH_ALEN]; /* other end MAC address */
+ u8 inonce[WPA_NONCE_LEN]; /* Initiator Nonce */
+ u8 pnonce[WPA_NONCE_LEN]; /* Peer Nonce */
+ u8 rsnie_i[PEERKEY_MAX_IE_LEN]; /* Initiator RSN IE */
+ size_t rsnie_i_len;
+ u8 rsnie_p[PEERKEY_MAX_IE_LEN]; /* Peer RSN IE */
+ size_t rsnie_p_len;
+ u8 smk[PMK_LEN];
+ int smk_complete;
+ u8 smkid[PMKID_LEN];
+ u32 lifetime;
+ os_time_t expiration;
+ int cipher; /* Selected cipher (WPA_CIPHER_*) */
+ u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int replay_counter_set;
+
+ struct wpa_ptk stk, tstk;
+ int stk_set, tstk_set;
+};
+#else /* CONFIG_PEERKEY */
+struct wpa_peerkey;
+#endif /* CONFIG_PEERKEY */
+
+
+/**
+ * struct wpa_sm - Internal WPA state machine data
+ */
+struct wpa_sm {
+ u8 pmk[PMK_LEN];
+ size_t pmk_len;
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+ struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
+ struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
+ struct rsn_pmksa_candidate *pmksa_candidates;
+
+ struct l2_packet_data *l2_preauth;
+ struct l2_packet_data *l2_preauth_br;
+ u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or
+ * 00:00:00:00:00:00 if no pre-auth is
+ * in progress */
+ struct eapol_sm *preauth_eapol;
+
+ struct wpa_sm_ctx *ctx;
+
+ void *scard_ctx; /* context for smartcard callbacks */
+ int fast_reauth; /* whether EAP fast re-authentication is enabled */
+
+ struct wpa_ssid *cur_ssid;
+
+ u8 own_addr[ETH_ALEN];
+ const char *ifname;
+ const char *bridge_ifname;
+ u8 bssid[ETH_ALEN];
+
+ unsigned int dot11RSNAConfigPMKLifetime;
+ unsigned int dot11RSNAConfigPMKReauthThreshold;
+ unsigned int dot11RSNAConfigSATimeout;
+
+ unsigned int dot11RSNA4WayHandshakeFailures;
+
+ /* Selected configuration (based on Beacon/ProbeResp WPA IE) */
+ unsigned int proto;
+ unsigned int pairwise_cipher;
+ unsigned int group_cipher;
+ unsigned int key_mgmt;
+ unsigned int mgmt_group_cipher;
+
+ u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
+ size_t assoc_wpa_ie_len;
+ u8 *ap_wpa_ie, *ap_rsn_ie;
+ size_t ap_wpa_ie_len, ap_rsn_ie_len;
+
+#ifdef CONFIG_PEERKEY
+ struct wpa_peerkey *peerkey;
+#endif /* CONFIG_PEERKEY */
+};
+
+
+static inline void wpa_sm_set_state(struct wpa_sm *sm, wpa_states state)
+{
+ sm->ctx->set_state(sm->ctx->ctx, state);
+}
+
+static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm)
+{
+ return sm->ctx->get_state(sm->ctx->ctx);
+}
+
+static inline void wpa_sm_req_scan(struct wpa_sm *sm, int sec, int usec)
+{
+ sm->ctx->req_scan(sm->ctx->ctx, sec, usec);
+}
+
+static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
+{
+ sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
+}
+
+static inline void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code)
+{
+ sm->ctx->disassociate(sm->ctx->ctx, reason_code);
+}
+
+static inline int wpa_sm_set_key(struct wpa_sm *sm, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ return sm->ctx->set_key(sm->ctx->ctx, alg, addr, key_idx, set_tx,
+ seq, seq_len, key, key_len);
+}
+
+static inline struct wpa_ssid * wpa_sm_get_ssid(struct wpa_sm *sm)
+{
+ return sm->ctx->get_ssid(sm->ctx->ctx);
+}
+
+static inline int wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
+{
+ return sm->ctx->get_bssid(sm->ctx->ctx, bssid);
+}
+
+static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest,
+ u16 proto, const u8 *buf, size_t len)
+{
+ return sm->ctx->ether_send(sm->ctx->ctx, dest, proto, buf, len);
+}
+
+static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm)
+{
+ return sm->ctx->get_beacon_ie(sm->ctx->ctx);
+}
+
+static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm)
+{
+ sm->ctx->cancel_auth_timeout(sm->ctx->ctx);
+}
+
+static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
+ const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos)
+{
+ return sm->ctx->alloc_eapol(sm->ctx->ctx, type, data, data_len,
+ msg_len, data_pos);
+}
+
+static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, const u8 *bssid,
+ const u8 *pmkid)
+{
+ return sm->ctx->add_pmkid(sm->ctx->ctx, bssid, pmkid);
+}
+
+static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, const u8 *bssid,
+ const u8 *pmkid)
+{
+ return sm->ctx->remove_pmkid(sm->ctx->ctx, bssid, pmkid);
+}
+
+static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
+ int protect_type, int key_type)
+{
+ return sm->ctx->mlme_setprotection(sm->ctx->ctx, addr, protect_type,
+ key_type);
+}
+
+#endif /* WPA_I_H */
--- /dev/null
+/*
+ * WPA Supplicant - ASCII passphrase to WPA PSK tool
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+
+
+int main(int argc, char *argv[])
+{
+ unsigned char psk[32];
+ int i;
+ char *ssid, *passphrase, buf[64], *pos;
+
+ if (argc < 2) {
+ printf("usage: wpa_passphrase <ssid> [passphrase]\n"
+ "\nIf passphrase is left out, it will be read from "
+ "stdin\n");
+ return 1;
+ }
+
+ ssid = argv[1];
+
+ if (argc > 2) {
+ passphrase = argv[2];
+ } else {
+ printf("# reading passphrase from stdin\n");
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ printf("Failed to read passphrase\n");
+ return 1;
+ }
+ buf[sizeof(buf) - 1] = '\0';
+ pos = buf;
+ while (*pos != '\0') {
+ if (*pos == '\r' || *pos == '\n') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+ passphrase = buf;
+ }
+
+ if (os_strlen(passphrase) < 8 || os_strlen(passphrase) > 63) {
+ printf("Passphrase must be 8..63 characters\n");
+ return 1;
+ }
+
+ pbkdf2_sha1(passphrase, ssid, os_strlen(ssid), 4096, psk, 32);
+
+ printf("network={\n");
+ printf("\tssid=\"%s\"\n", ssid);
+ printf("\t#psk=\"%s\"\n", passphrase);
+ printf("\tpsk=");
+ for (i = 0; i < 32; i++)
+ printf("%02x", psk[i]);
+ printf("\n");
+ printf("}\n");
+
+ return 0;
+}
--- /dev/null
+/*
+ * WPA Supplicant
+ * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file implements functions for registering and unregistering
+ * %wpa_supplicant interfaces. In addition, this file contains number of
+ * functions for managing network connections.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eapol_sm.h"
+#include "eap.h"
+#include "wpa.h"
+#include "eloop.h"
+#include "wpa_supplicant.h"
+#include "config.h"
+#include "l2_packet.h"
+#include "wpa_supplicant_i.h"
+#include "ctrl_iface.h"
+#include "ctrl_iface_dbus.h"
+#include "pcsc_funcs.h"
+#include "version.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "wpa_ctrl.h"
+#include "mlme.h"
+
+const char *wpa_supplicant_version =
+"wpa_supplicant v" VERSION_STR "\n"
+"Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> and contributors";
+
+const char *wpa_supplicant_license =
+"This program is free software. You can distribute it and/or modify it\n"
+"under the terms of the GNU General Public License version 2.\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license. See README and COPYING for more details.\n"
+#ifdef EAP_TLS_OPENSSL
+"\nThis product includes software developed by the OpenSSL Project\n"
+"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
+#endif /* EAP_TLS_OPENSSL */
+;
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+/* Long text divided into parts in order to fit in C89 strings size limits. */
+const char *wpa_supplicant_full_license1 =
+"This program is free software; you can redistribute it and/or modify\n"
+"it under the terms of the GNU General Public License version 2 as\n"
+"published by the Free Software Foundation.\n"
+"\n"
+"This program is distributed in the hope that it will be useful,\n"
+"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
+"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
+"GNU General Public License for more details.\n"
+"\n";
+const char *wpa_supplicant_full_license2 =
+"You should have received a copy of the GNU General Public License\n"
+"along with this program; if not, write to the Free Software\n"
+"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license.\n"
+"\n"
+"Redistribution and use in source and binary forms, with or without\n"
+"modification, are permitted provided that the following conditions are\n"
+"met:\n"
+"\n";
+const char *wpa_supplicant_full_license3 =
+"1. Redistributions of source code must retain the above copyright\n"
+" notice, this list of conditions and the following disclaimer.\n"
+"\n"
+"2. Redistributions in binary form must reproduce the above copyright\n"
+" notice, this list of conditions and the following disclaimer in the\n"
+" documentation and/or other materials provided with the distribution.\n"
+"\n";
+const char *wpa_supplicant_full_license4 =
+"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
+" names of its contributors may be used to endorse or promote products\n"
+" derived from this software without specific prior written permission.\n"
+"\n"
+"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
+"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
+"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
+"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
+const char *wpa_supplicant_full_license5 =
+"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
+"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
+"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
+"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
+"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
+"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
+"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+"\n";
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+extern struct wpa_driver_ops *wpa_supplicant_drivers[];
+
+extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
+extern int wpa_debug_timestamp;
+
+static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
+
+#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
+static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
+ const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos)
+{
+ struct ieee802_1x_hdr *hdr;
+
+ *msg_len = sizeof(*hdr) + data_len;
+ hdr = os_malloc(*msg_len);
+ if (hdr == NULL)
+ return NULL;
+
+ hdr->version = wpa_s->conf->eapol_version;
+ hdr->type = type;
+ hdr->length = host_to_be16(data_len);
+
+ if (data)
+ os_memcpy(hdr + 1, data, data_len);
+ else
+ os_memset(hdr + 1, 0, data_len);
+
+ if (data_pos)
+ *data_pos = hdr + 1;
+
+ return (u8 *) hdr;
+}
+
+
+/**
+ * wpa_ether_send - Send Ethernet frame
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @dest: Destination MAC address
+ * @proto: Ethertype in host byte order
+ * @buf: Frame payload starting from IEEE 802.1X header
+ * @len: Frame payload length
+ * Returns: >=0 on success, <0 on failure
+ */
+static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
+ u16 proto, const u8 *buf, size_t len)
+{
+ if (wpa_s->l2) {
+ return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
+ }
+
+ return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
+}
+#endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
+
+
+#ifdef IEEE8021X_EAPOL
+/**
+ * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
+ * @ctx: Pointer to wpa_supplicant data (wpa_s)
+ * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
+ * @buf: EAPOL payload (after IEEE 802.1X header)
+ * @len: EAPOL payload length
+ * Returns: >=0 on success, <0 on failure
+ *
+ * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
+ * to the current Authenticator.
+ */
+static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
+ size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ u8 *msg, *dst, bssid[ETH_ALEN];
+ size_t msglen;
+ int res;
+
+ /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
+ * extra copy here */
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
+ /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
+ * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
+ * machines. */
+ wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
+ "mode (type=%d len=%lu)", type,
+ (unsigned long) len);
+ return -1;
+ }
+
+ if (pmksa_cache_get_current(wpa_s->wpa) &&
+ type == IEEE802_1X_TYPE_EAPOL_START) {
+ /* Trying to use PMKSA caching - do not send EAPOL-Start frames
+ * since they will trigger full EAPOL authentication. */
+ wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
+ "EAPOL-Start");
+ return -1;
+ }
+
+ if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+ {
+ wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
+ "EAPOL frame");
+ if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
+ os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
+ 0) {
+ dst = bssid;
+ wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
+ " from the driver as the EAPOL destination",
+ MAC2STR(dst));
+ } else {
+ dst = wpa_s->last_eapol_src;
+ wpa_printf(MSG_DEBUG, "Using the source address of the"
+ " last received EAPOL frame " MACSTR " as "
+ "the EAPOL destination",
+ MAC2STR(dst));
+ }
+ } else {
+ /* BSSID was already set (from (Re)Assoc event, so use it as
+ * the EAPOL destination. */
+ dst = wpa_s->bssid;
+ }
+
+ msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
+ if (msg == NULL)
+ return -1;
+
+ wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
+ res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
+ os_free(msg);
+ return res;
+}
+
+
+/**
+ * wpa_eapol_set_wep_key - set WEP key for the driver
+ * @ctx: Pointer to wpa_supplicant data (wpa_s)
+ * @unicast: 1 = individual unicast key, 0 = broadcast key
+ * @keyidx: WEP key index (0..3)
+ * @key: Pointer to key data
+ * @keylen: Key length in bytes
+ * Returns: 0 on success or < 0 on error.
+ */
+static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
+ const u8 *key, size_t keylen)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
+ WPA_CIPHER_WEP104;
+ if (unicast)
+ wpa_s->pairwise_cipher = cipher;
+ else
+ wpa_s->group_cipher = cipher;
+ }
+ return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
+ unicast ? wpa_s->bssid :
+ (u8 *) "\xff\xff\xff\xff\xff\xff",
+ keyidx, unicast, (u8 *) "", 0, key, keylen);
+}
+
+
+static void wpa_supplicant_aborted_cached(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_sm_aborted_cached(wpa_s->wpa);
+}
+
+#endif /* IEEE8021X_EAPOL */
+
+
+#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
+static void wpa_supplicant_set_config_blob(void *ctx,
+ struct wpa_config_blob *blob)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_config_set_blob(wpa_s->conf, blob);
+}
+
+
+static const struct wpa_config_blob *
+wpa_supplicant_get_config_blob(void *ctx, const char *name)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_config_get_blob(wpa_s->conf, name);
+}
+#endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
+
+
+/* Configure default/group WEP key for static WEP */
+static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
+ size_t keylen)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
+ (u8 *) "\xff\xff\xff\xff\xff\xff",
+ keyidx, set_tx, (u8 *) "", 0, key, keylen);
+}
+
+
+static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ u8 key[32];
+ size_t keylen;
+ wpa_alg alg;
+ u8 seq[6] = { 0 };
+
+ /* IBSS/WPA-None uses only one key (Group) for both receiving and
+ * sending unicast and multicast packets. */
+
+ if (ssid->mode != IEEE80211_MODE_IBSS) {
+ wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
+ "for WPA-None", ssid->mode);
+ return -1;
+ }
+
+ if (!ssid->psk_set) {
+ wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
+ return -1;
+ }
+
+ switch (wpa_s->group_cipher) {
+ case WPA_CIPHER_CCMP:
+ os_memcpy(key, ssid->psk, 16);
+ keylen = 16;
+ alg = WPA_ALG_CCMP;
+ break;
+ case WPA_CIPHER_TKIP:
+ /* WPA-None uses the same Michael MIC key for both TX and RX */
+ os_memcpy(key, ssid->psk, 16 + 8);
+ os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
+ keylen = 32;
+ alg = WPA_ALG_TKIP;
+ break;
+ default:
+ wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
+ "WPA-None", wpa_s->group_cipher);
+ return -1;
+ }
+
+ /* TODO: should actually remember the previously used seq#, both for TX
+ * and RX from each STA.. */
+
+ return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
+ 0, 1, seq, 6, key, keylen);
+}
+
+
+#ifdef IEEE8021X_EAPOL
+static void wpa_supplicant_notify_eapol_done(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
+ wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
+ } else {
+ eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+ wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+ }
+}
+#endif /* IEEE8021X_EAPOL */
+
+
+/**
+ * wpa_blacklist_get - Get the blacklist entry for a BSSID
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @bssid: BSSID
+ * Returns: Matching blacklist entry for the BSSID or %NULL if not found
+ */
+struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
+ const u8 *bssid)
+{
+ struct wpa_blacklist *e;
+
+ e = wpa_s->blacklist;
+ while (e) {
+ if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
+ return e;
+ e = e->next;
+ }
+
+ return NULL;
+}
+
+
+/**
+ * wpa_blacklist_add - Add an BSSID to the blacklist
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @bssid: BSSID to be added to the blacklist
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function adds the specified BSSID to the blacklist or increases the
+ * blacklist count if the BSSID was already listed. It should be called when
+ * an association attempt fails either due to the selected BSS rejecting
+ * association or due to timeout.
+ *
+ * This blacklist is used to force %wpa_supplicant to go through all available
+ * BSSes before retrying to associate with an BSS that rejected or timed out
+ * association. It does not prevent the listed BSS from being used; it only
+ * changes the order in which they are tried.
+ */
+int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
+{
+ struct wpa_blacklist *e;
+
+ e = wpa_blacklist_get(wpa_s, bssid);
+ if (e) {
+ e->count++;
+ wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
+ "incremented to %d",
+ MAC2STR(bssid), e->count);
+ return 0;
+ }
+
+ e = os_zalloc(sizeof(*e));
+ if (e == NULL)
+ return -1;
+ os_memcpy(e->bssid, bssid, ETH_ALEN);
+ e->count = 1;
+ e->next = wpa_s->blacklist;
+ wpa_s->blacklist = e;
+ wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
+ MAC2STR(bssid));
+
+ return 0;
+}
+
+
+static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
+{
+ struct wpa_blacklist *e, *prev = NULL;
+
+ e = wpa_s->blacklist;
+ while (e) {
+ if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
+ if (prev == NULL) {
+ wpa_s->blacklist = e->next;
+ } else {
+ prev->next = e->next;
+ }
+ wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
+ "blacklist", MAC2STR(bssid));
+ os_free(e);
+ return 0;
+ }
+ prev = e;
+ e = e->next;
+ }
+ return -1;
+}
+
+
+/**
+ * wpa_blacklist_clear - Clear the blacklist of all entries
+ * @wpa_s: Pointer to wpa_supplicant data
+ */
+void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_blacklist *e, *prev;
+
+ e = wpa_s->blacklist;
+ wpa_s->blacklist = NULL;
+ while (e) {
+ prev = e;
+ e = e->next;
+ wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
+ "blacklist (clear)", MAC2STR(prev->bssid));
+ os_free(prev);
+ }
+}
+
+
+/**
+ * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @sec: Number of seconds after which to scan
+ * @usec: Number of microseconds after which to scan
+ *
+ * This function is used to schedule a scan for neighboring access points after
+ * the specified time.
+ */
+void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
+{
+ wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
+ sec, usec);
+ eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
+ eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
+}
+
+
+/**
+ * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
+ * @wpa_s: Pointer to wpa_supplicant data
+ *
+ * This function is used to cancel a scan request scheduled with
+ * wpa_supplicant_req_scan().
+ */
+void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
+{
+ wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
+ eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
+}
+
+
+static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ const u8 *bssid = wpa_s->bssid;
+ if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+ bssid = wpa_s->pending_bssid;
+ wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
+ MAC2STR(bssid));
+ wpa_blacklist_add(wpa_s, bssid);
+ wpa_sm_notify_disassoc(wpa_s->wpa);
+ wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+}
+
+
+/**
+ * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @sec: Number of seconds after which to time out authentication
+ * @usec: Number of microseconds after which to time out authentication
+ *
+ * This function is used to schedule a timeout for the current authentication
+ * attempt.
+ */
+void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
+ int sec, int usec)
+{
+ if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
+ wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
+ return;
+
+ wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
+ "%d usec", sec, usec);
+ eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
+ eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
+}
+
+
+/**
+ * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
+ * @wpa_s: Pointer to wpa_supplicant data
+ *
+ * This function is used to cancel authentication timeout scheduled with
+ * wpa_supplicant_req_auth_timeout() and it is called when authentication has
+ * been completed.
+ */
+void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
+{
+ wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
+ eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
+ wpa_blacklist_del(wpa_s, wpa_s->bssid);
+}
+
+
+/**
+ * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
+ * @wpa_s: Pointer to wpa_supplicant data
+ *
+ * This function is used to configure EAPOL state machine based on the selected
+ * authentication mode.
+ */
+void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
+{
+#ifdef IEEE8021X_EAPOL
+ struct eapol_config eapol_conf;
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
+ eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+ eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
+ }
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
+ eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
+ else
+ eapol_sm_notify_portControl(wpa_s->eapol, Auto);
+
+ os_memset(&eapol_conf, 0, sizeof(eapol_conf));
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ eapol_conf.accept_802_1x_keys = 1;
+ eapol_conf.required_keys = 0;
+ if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
+ eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
+ }
+ if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
+ eapol_conf.required_keys |=
+ EAPOL_REQUIRE_KEY_BROADCAST;
+ }
+
+ if (wpa_s->conf && wpa_s->driver &&
+ os_strcmp(wpa_s->driver->name, "wired") == 0) {
+ eapol_conf.required_keys = 0;
+ }
+ }
+ if (wpa_s->conf)
+ eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
+ eapol_conf.workaround = ssid->eap_workaround;
+ eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
+ wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
+ eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
+#endif /* IEEE8021X_EAPOL */
+}
+
+
+/**
+ * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @ssid: Configuration data for the network
+ *
+ * This function is used to configure WPA state machine and related parameters
+ * to a mode where WPA is not enabled. This is called as part of the
+ * authentication configuration when the selected network does not use WPA.
+ */
+void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ int i;
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
+ wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
+ else
+ wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
+ wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
+ wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
+ wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
+ wpa_s->group_cipher = WPA_CIPHER_NONE;
+ wpa_s->mgmt_group_cipher = 0;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i] > 5) {
+ wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
+ wpa_s->group_cipher = WPA_CIPHER_WEP104;
+ break;
+ } else if (ssid->wep_key_len[i] > 0) {
+ wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
+ wpa_s->group_cipher = WPA_CIPHER_WEP40;
+ break;
+ }
+ }
+
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
+ wpa_s->pairwise_cipher);
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
+#ifdef CONFIG_IEEE80211W
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
+ wpa_s->mgmt_group_cipher);
+#endif /* CONFIG_IEEE80211W */
+
+ pmksa_cache_clear_current(wpa_s->wpa);
+}
+
+
+static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
+{
+ scard_deinit(wpa_s->scard);
+ wpa_s->scard = NULL;
+ wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
+ eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
+ l2_packet_deinit(wpa_s->l2);
+ wpa_s->l2 = NULL;
+ if (wpa_s->l2_br) {
+ l2_packet_deinit(wpa_s->l2_br);
+ wpa_s->l2_br = NULL;
+ }
+
+ if (wpa_s->ctrl_iface) {
+ wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
+ }
+ if (wpa_s->conf != NULL) {
+ wpa_config_free(wpa_s->conf);
+ wpa_s->conf = NULL;
+ }
+
+ os_free(wpa_s->confname);
+ wpa_s->confname = NULL;
+
+ wpa_sm_set_eapol(wpa_s->wpa, NULL);
+ eapol_sm_deinit(wpa_s->eapol);
+ wpa_s->eapol = NULL;
+
+ rsn_preauth_deinit(wpa_s->wpa);
+
+ pmksa_candidate_free(wpa_s->wpa);
+ wpa_sm_deinit(wpa_s->wpa);
+ wpa_s->wpa = NULL;
+ wpa_blacklist_clear(wpa_s);
+
+ os_free(wpa_s->scan_results);
+ wpa_s->scan_results = NULL;
+ wpa_s->num_scan_results = 0;
+
+ wpa_supplicant_cancel_scan(wpa_s);
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+
+ ieee80211_sta_deinit(wpa_s);
+}
+
+
+/**
+ * wpa_clear_keys - Clear keys configured for the driver
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @addr: Previously used BSSID or %NULL if not available
+ *
+ * This function clears the encryption keys that has been previously configured
+ * for the driver.
+ */
+void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
+{
+ u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
+
+ if (wpa_s->keys_cleared) {
+ /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
+ * timing issues with keys being cleared just before new keys
+ * are set or just after association or something similar. This
+ * shows up in group key handshake failing often because of the
+ * client not receiving the first encrypted packets correctly.
+ * Skipping some of the extra key clearing steps seems to help
+ * in completing group key handshake more reliably. */
+ wpa_printf(MSG_DEBUG, "No keys have been configured - "
+ "skip key clearing");
+ return;
+ }
+
+ /* MLME-DELETEKEYS.request */
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
+ if (addr) {
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
+ 0);
+ /* MLME-SETPROTECTION.request(None) */
+ wpa_drv_mlme_setprotection(
+ wpa_s, addr,
+ MLME_SETPROTECTION_PROTECT_TYPE_NONE,
+ MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
+ }
+ wpa_s->keys_cleared = 1;
+}
+
+
+/**
+ * wpa_supplicant_state_txt - Get the connection state name as a text string
+ * @state: State (wpa_state; WPA_*)
+ * Returns: The state name as a printable text string
+ */
+const char * wpa_supplicant_state_txt(int state)
+{
+ switch (state) {
+ case WPA_DISCONNECTED:
+ return "DISCONNECTED";
+ case WPA_INACTIVE:
+ return "INACTIVE";
+ case WPA_SCANNING:
+ return "SCANNING";
+ case WPA_ASSOCIATING:
+ return "ASSOCIATING";
+ case WPA_ASSOCIATED:
+ return "ASSOCIATED";
+ case WPA_4WAY_HANDSHAKE:
+ return "4WAY_HANDSHAKE";
+ case WPA_GROUP_HANDSHAKE:
+ return "GROUP_HANDSHAKE";
+ case WPA_COMPLETED:
+ return "COMPLETED";
+ default:
+ return "UNKNOWN";
+ }
+}
+
+
+/**
+ * wpa_supplicant_set_state - Set current connection state
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @state: The new connection state
+ *
+ * This function is called whenever the connection state changes, e.g.,
+ * association is completed for WPA/WPA2 4-Way Handshake is started.
+ */
+void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
+{
+ wpa_printf(MSG_DEBUG, "State: %s -> %s",
+ wpa_supplicant_state_txt(wpa_s->wpa_state),
+ wpa_supplicant_state_txt(state));
+
+ wpa_supplicant_dbus_notify_state_change(wpa_s, state,
+ wpa_s->wpa_state);
+
+ if (state == WPA_COMPLETED && wpa_s->new_connection) {
+#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
+ MACSTR " completed %s [id=%d id_str=%s]",
+ MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
+ "(reauth)" : "(auth)",
+ ssid ? ssid->id : -1,
+ ssid && ssid->id_str ? ssid->id_str : "");
+#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+ wpa_s->new_connection = 0;
+ wpa_s->reassociated_connection = 1;
+ wpa_drv_set_operstate(wpa_s, 1);
+ } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
+ state == WPA_ASSOCIATED) {
+ wpa_s->new_connection = 1;
+ wpa_drv_set_operstate(wpa_s, 0);
+ }
+ wpa_s->wpa_state = state;
+}
+
+
+/**
+ * wpa_supplicant_get_state - Get the connection state
+ * @wpa_s: Pointer to wpa_supplicant data
+ * Returns: The current connection state (WPA_*)
+ */
+wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
+{
+ return wpa_s->wpa_state;
+}
+
+
+static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
+ void *signal_ctx)
+{
+ struct wpa_global *global = eloop_ctx;
+ struct wpa_supplicant *wpa_s;
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
+ "received", sig);
+ }
+ eloop_terminate();
+}
+
+
+static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->pairwise_cipher = 0;
+ wpa_s->group_cipher = 0;
+ wpa_s->mgmt_group_cipher = 0;
+ wpa_s->key_mgmt = 0;
+ wpa_s->wpa_state = WPA_DISCONNECTED;
+}
+
+
+/**
+ * wpa_supplicant_reload_configuration - Reload configuration data
+ * @wpa_s: Pointer to wpa_supplicant data
+ * Returns: 0 on success or -1 if configuration parsing failed
+ *
+ * This function can be used to request that the configuration data is reloaded
+ * (e.g., after configuration file change). This function is reloading
+ * configuration only for one interface, so this may need to be called multiple
+ * times if %wpa_supplicant is controlling multiple interfaces and all
+ * interfaces need reconfiguration.
+ */
+int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_config *conf;
+ int reconf_ctrl;
+ if (wpa_s->confname == NULL)
+ return -1;
+ conf = wpa_config_read(wpa_s->confname);
+ if (conf == NULL) {
+ wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
+ "file '%s' - exiting", wpa_s->confname);
+ return -1;
+ }
+
+ reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
+ || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
+ os_strcmp(conf->ctrl_interface,
+ wpa_s->conf->ctrl_interface) != 0);
+
+ if (reconf_ctrl && wpa_s->ctrl_iface) {
+ wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
+ }
+
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+ wpa_s->current_ssid = NULL;
+ /*
+ * TODO: should notify EAPOL SM about changes in opensc_engine_path,
+ * pkcs11_engine_path, pkcs11_module_path.
+ */
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
+ /*
+ * Clear forced success to clear EAP state for next
+ * authentication.
+ */
+ eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+ }
+ eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+ wpa_sm_set_config(wpa_s->wpa, NULL);
+ wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
+ rsn_preauth_deinit(wpa_s->wpa);
+ wpa_config_free(wpa_s->conf);
+ wpa_s->conf = conf;
+ if (reconf_ctrl)
+ wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
+
+ wpa_supplicant_clear_status(wpa_s);
+ wpa_s->reassociate = 1;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
+ return 0;
+}
+
+
+static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
+ void *signal_ctx)
+{
+ struct wpa_global *global = eloop_ctx;
+ struct wpa_supplicant *wpa_s;
+ wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
+ eloop_terminate();
+ }
+ }
+}
+
+
+static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_ssid *ssid;
+ union wpa_event_data data;
+
+ ssid = wpa_supplicant_get_ssid(wpa_s);
+ if (ssid == NULL)
+ return;
+
+ if (wpa_s->current_ssid == NULL)
+ wpa_s->current_ssid = ssid;
+ wpa_supplicant_initiate_eapol(wpa_s);
+ wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
+ "generating associated event");
+ os_memset(&data, 0, sizeof(data));
+ wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
+}
+
+
+static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct wpa_ssid *ssid;
+ int enabled, scan_req = 0, ret;
+
+ if (wpa_s->disconnected && !wpa_s->scan_req)
+ return;
+
+ enabled = 0;
+ ssid = wpa_s->conf->ssid;
+ while (ssid) {
+ if (!ssid->disabled) {
+ enabled++;
+ break;
+ }
+ ssid = ssid->next;
+ }
+ if (!enabled && !wpa_s->scan_req) {
+ wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
+ wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
+ return;
+ }
+ scan_req = wpa_s->scan_req;
+ wpa_s->scan_req = 0;
+
+ if (wpa_s->conf->ap_scan != 0 &&
+ wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
+ wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
+ "ap_scan configuration");
+ wpa_s->conf->ap_scan = 0;
+ }
+
+ if (wpa_s->conf->ap_scan == 0) {
+ wpa_supplicant_gen_assoc_event(wpa_s);
+ return;
+ }
+
+ if (wpa_s->wpa_state == WPA_DISCONNECTED ||
+ wpa_s->wpa_state == WPA_INACTIVE)
+ wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
+
+ ssid = wpa_s->conf->ssid;
+ if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
+ while (ssid) {
+ if (ssid == wpa_s->prev_scan_ssid) {
+ ssid = ssid->next;
+ break;
+ }
+ ssid = ssid->next;
+ }
+ }
+ while (ssid) {
+ if (!ssid->disabled &&
+ (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
+ break;
+ ssid = ssid->next;
+ }
+
+ if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
+ /*
+ * ap_scan=2 mode - try to associate with each SSID instead of
+ * scanning for each scan_ssid=1 network.
+ */
+ if (ssid == NULL) {
+ wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
+ "end of scan list - go back to beginning");
+ wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ return;
+ }
+ if (ssid->next) {
+ /* Continue from the next SSID on the next attempt. */
+ wpa_s->prev_scan_ssid = ssid;
+ } else {
+ /* Start from the beginning of the SSID list. */
+ wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+ }
+ wpa_supplicant_associate(wpa_s, NULL, ssid);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
+ ssid ? "specific": "broadcast");
+ if (ssid) {
+ wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
+ ssid->ssid, ssid->ssid_len);
+ wpa_s->prev_scan_ssid = ssid;
+ } else
+ wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+
+ if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
+ wpa_s->scan_res_tried++;
+ wpa_printf(MSG_DEBUG, "Trying to get current scan results "
+ "first without requesting a new scan to speed up "
+ "initial association");
+ wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
+ return;
+ }
+
+ if (wpa_s->use_client_mlme) {
+ ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
+ ssid ? ssid->ssid_len : 0);
+ } else {
+ ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
+ ssid ? ssid->ssid_len : 0);
+ }
+ if (ret) {
+ wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
+ wpa_supplicant_req_scan(wpa_s, 10, 0);
+ }
+}
+
+
+static wpa_cipher cipher_suite2driver(int cipher)
+{
+ switch (cipher) {
+ case WPA_CIPHER_NONE:
+ return CIPHER_NONE;
+ case WPA_CIPHER_WEP40:
+ return CIPHER_WEP40;
+ case WPA_CIPHER_WEP104:
+ return CIPHER_WEP104;
+ case WPA_CIPHER_CCMP:
+ return CIPHER_CCMP;
+ case WPA_CIPHER_TKIP:
+ default:
+ return CIPHER_TKIP;
+ }
+}
+
+
+static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
+{
+ switch (key_mgmt) {
+ case WPA_KEY_MGMT_NONE:
+ return KEY_MGMT_NONE;
+ case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
+ return KEY_MGMT_802_1X_NO_WPA;
+ case WPA_KEY_MGMT_IEEE8021X:
+ return KEY_MGMT_802_1X;
+ case WPA_KEY_MGMT_WPA_NONE:
+ return KEY_MGMT_WPA_NONE;
+ case WPA_KEY_MGMT_PSK:
+ default:
+ return KEY_MGMT_PSK;
+ }
+}
+
+
+static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid,
+ struct wpa_ie_data *ie)
+{
+ int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
+ if (ret) {
+ if (ret == -2) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
+ "from association info");
+ }
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
+ "suites");
+ if (!(ie->group_cipher & ssid->group_cipher)) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
+ "cipher 0x%x (mask 0x%x) - reject",
+ ie->group_cipher, ssid->group_cipher);
+ return -1;
+ }
+ if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
+ "cipher 0x%x (mask 0x%x) - reject",
+ ie->pairwise_cipher, ssid->pairwise_cipher);
+ return -1;
+ }
+ if (!(ie->key_mgmt & ssid->key_mgmt)) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
+ "management 0x%x (mask 0x%x) - reject",
+ ie->key_mgmt, ssid->key_mgmt);
+ return -1;
+ }
+
+#ifdef CONFIG_IEEE80211W
+ if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
+ ssid->ieee80211w == IEEE80211W_REQUIRED) {
+ wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
+ "that does not support management frame protection - "
+ "reject");
+ return -1;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_set_suites - Set authentication and encryption parameters
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @bss: Scan results for the selected BSS, or %NULL if not available
+ * @ssid: Configuration data for the selected network
+ * @wpa_ie: Buffer for the WPA/RSN IE
+ * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
+ * used buffer length in case the functions returns success.
+ * Returns: 0 on success or -1 on failure
+ *
+ * This function is used to configure authentication and encryption parameters
+ * based on the network configuration and scan result for the selected BSS (if
+ * available).
+ */
+int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *bss,
+ struct wpa_ssid *ssid,
+ u8 *wpa_ie, size_t *wpa_ie_len)
+{
+ struct wpa_ie_data ie;
+ int sel, proto;
+
+ if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
+ wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
+ (ie.group_cipher & ssid->group_cipher) &&
+ (ie.pairwise_cipher & ssid->pairwise_cipher) &&
+ (ie.key_mgmt & ssid->key_mgmt)) {
+ wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
+ proto = WPA_PROTO_RSN;
+ } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
+ wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
+ (ie.group_cipher & ssid->group_cipher) &&
+ (ie.pairwise_cipher & ssid->pairwise_cipher) &&
+ (ie.key_mgmt & ssid->key_mgmt)) {
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
+ proto = WPA_PROTO_WPA;
+ } else if (bss) {
+ wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
+ return -1;
+ } else {
+ if (ssid->proto & WPA_PROTO_RSN)
+ proto = WPA_PROTO_RSN;
+ else
+ proto = WPA_PROTO_WPA;
+ if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
+ os_memset(&ie, 0, sizeof(ie));
+ ie.group_cipher = ssid->group_cipher;
+ ie.pairwise_cipher = ssid->pairwise_cipher;
+ ie.key_mgmt = ssid->key_mgmt;
+#ifdef CONFIG_IEEE80211W
+ ie.mgmt_group_cipher =
+ ssid->ieee80211w != NO_IEEE80211W ?
+ WPA_CIPHER_AES_128_CMAC : 0;
+#endif /* CONFIG_IEEE80211W */
+ wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
+ "on configuration");
+ } else
+ proto = ie.proto;
+ }
+
+ wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
+ "pairwise %d key_mgmt %d proto %d",
+ ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
+#ifdef CONFIG_IEEE80211W
+ if (ssid->ieee80211w) {
+ wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
+ ie.mgmt_group_cipher);
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
+
+ if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
+ bss ? bss->wpa_ie_len : 0) ||
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
+ bss ? bss->rsn_ie_len : 0))
+ return -1;
+
+ sel = ie.group_cipher & ssid->group_cipher;
+ if (sel & WPA_CIPHER_CCMP) {
+ wpa_s->group_cipher = WPA_CIPHER_CCMP;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
+ } else if (sel & WPA_CIPHER_TKIP) {
+ wpa_s->group_cipher = WPA_CIPHER_TKIP;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
+ } else if (sel & WPA_CIPHER_WEP104) {
+ wpa_s->group_cipher = WPA_CIPHER_WEP104;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
+ } else if (sel & WPA_CIPHER_WEP40) {
+ wpa_s->group_cipher = WPA_CIPHER_WEP40;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
+ } else {
+ wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
+ return -1;
+ }
+
+ sel = ie.pairwise_cipher & ssid->pairwise_cipher;
+ if (sel & WPA_CIPHER_CCMP) {
+ wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
+ } else if (sel & WPA_CIPHER_TKIP) {
+ wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
+ } else if (sel & WPA_CIPHER_NONE) {
+ wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
+ } else {
+ wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
+ "cipher.");
+ return -1;
+ }
+
+ sel = ie.key_mgmt & ssid->key_mgmt;
+ if (sel & WPA_KEY_MGMT_IEEE8021X) {
+ wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
+ } else if (sel & WPA_KEY_MGMT_PSK) {
+ wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
+ } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
+ wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
+ } else {
+ wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
+ "key management type.");
+ return -1;
+ }
+
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
+ wpa_s->pairwise_cipher);
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
+
+#ifdef CONFIG_IEEE80211W
+ sel = ie.mgmt_group_cipher;
+ if (ssid->ieee80211w == NO_IEEE80211W ||
+ !(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
+ sel = 0;
+ if (sel & WPA_CIPHER_AES_128_CMAC) {
+ wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
+ "AES-128-CMAC");
+ } else {
+ wpa_s->mgmt_group_cipher = 0;
+ wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
+ }
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
+ wpa_s->mgmt_group_cipher);
+#endif /* CONFIG_IEEE80211W */
+
+ if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
+ return -1;
+ }
+
+ if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
+ wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
+ else
+ wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_associate - Request association
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @bss: Scan results for the selected BSS, or %NULL if not available
+ * @ssid: Configuration data for the selected network
+ *
+ * This function is used to request %wpa_supplicant to associate with a BSS.
+ */
+void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *bss,
+ struct wpa_ssid *ssid)
+{
+ u8 wpa_ie[80];
+ size_t wpa_ie_len;
+ int use_crypt, ret, i;
+ int algs = AUTH_ALG_OPEN_SYSTEM;
+ wpa_cipher cipher_pairwise, cipher_group;
+ struct wpa_driver_associate_params params;
+ int wep_keys_set = 0;
+ struct wpa_driver_capa capa;
+ int assoc_failed = 0;
+
+ wpa_s->reassociate = 0;
+ if (bss) {
+ wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
+ " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
+ os_memset(wpa_s->bssid, 0, ETH_ALEN);
+ os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
+ } else {
+ wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
+ wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
+ os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
+ }
+ wpa_supplicant_cancel_scan(wpa_s);
+
+ /* Starting new association, so clear the possibly used WPA IE from the
+ * previous association. */
+ wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
+
+#ifdef IEEE8021X_EAPOL
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ if (ssid->leap) {
+ if (ssid->non_leap == 0)
+ algs = AUTH_ALG_LEAP;
+ else
+ algs |= AUTH_ALG_LEAP;
+ }
+ }
+#endif /* IEEE8021X_EAPOL */
+ wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
+ if (ssid->auth_alg) {
+ algs = 0;
+ if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
+ algs |= AUTH_ALG_OPEN_SYSTEM;
+ if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
+ algs |= AUTH_ALG_SHARED_KEY;
+ if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
+ algs |= AUTH_ALG_LEAP;
+ wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
+ algs);
+ }
+ wpa_drv_set_auth_alg(wpa_s, algs);
+
+ if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
+ (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
+ int try_opportunistic;
+ try_opportunistic = ssid->proactive_key_caching &&
+ (ssid->proto & WPA_PROTO_RSN);
+ if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
+ wpa_s->current_ssid,
+ try_opportunistic) == 0)
+ eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
+ wpa_ie_len = sizeof(wpa_ie);
+ if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
+ wpa_ie, &wpa_ie_len)) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
+ "management and encryption suites");
+ return;
+ }
+ } else if (ssid->key_mgmt &
+ (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
+ WPA_KEY_MGMT_WPA_NONE)) {
+ wpa_ie_len = sizeof(wpa_ie);
+ if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
+ wpa_ie, &wpa_ie_len)) {
+ wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
+ "management and encryption suites (no scan "
+ "results)");
+ return;
+ }
+ } else {
+ wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
+ wpa_ie_len = 0;
+ }
+
+ wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
+ use_crypt = 1;
+ cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
+ cipher_group = cipher_suite2driver(wpa_s->group_cipher);
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
+ use_crypt = 0;
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i]) {
+ use_crypt = 1;
+ wep_keys_set = 1;
+ wpa_set_wep_key(wpa_s,
+ i == ssid->wep_tx_keyidx,
+ i, ssid->wep_key[i],
+ ssid->wep_key_len[i]);
+ }
+ }
+ }
+
+#ifdef IEEE8021X_EAPOL
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ if ((ssid->eapol_flags &
+ (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
+ EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
+ !wep_keys_set) {
+ use_crypt = 0;
+ } else {
+ /* Assume that dynamic WEP-104 keys will be used and
+ * set cipher suites in order for drivers to expect
+ * encryption. */
+ cipher_pairwise = cipher_group = CIPHER_WEP104;
+ }
+ }
+#endif /* IEEE8021X_EAPOL */
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
+ /* Set the key before (and later after) association */
+ wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
+ }
+
+ wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
+ wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
+ os_memset(¶ms, 0, sizeof(params));
+ if (bss) {
+ params.bssid = bss->bssid;
+ params.ssid = bss->ssid;
+ params.ssid_len = bss->ssid_len;
+ params.freq = bss->freq;
+ } else {
+ params.ssid = ssid->ssid;
+ params.ssid_len = ssid->ssid_len;
+ }
+ if (ssid->mode == 1 && ssid->frequency > 0 && params.freq == 0)
+ params.freq = ssid->frequency; /* Initial channel for IBSS */
+ params.wpa_ie = wpa_ie;
+ params.wpa_ie_len = wpa_ie_len;
+ params.pairwise_suite = cipher_pairwise;
+ params.group_suite = cipher_group;
+ params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
+ params.auth_alg = algs;
+ params.mode = ssid->mode;
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i])
+ params.wep_key[i] = ssid->wep_key[i];
+ params.wep_key_len[i] = ssid->wep_key_len[i];
+ }
+ params.wep_tx_keyidx = ssid->wep_tx_keyidx;
+
+#ifdef CONFIG_IEEE80211W
+ switch (ssid->ieee80211w) {
+ case NO_IEEE80211W:
+ params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
+ break;
+ case IEEE80211W_OPTIONAL:
+ params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
+ break;
+ case IEEE80211W_REQUIRED:
+ params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
+ break;
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ if (wpa_s->use_client_mlme)
+ ret = ieee80211_sta_associate(wpa_s, ¶ms);
+ else
+ ret = wpa_drv_associate(wpa_s, ¶ms);
+ if (ret < 0) {
+ wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
+ "failed");
+ /* try to continue anyway; new association will be tried again
+ * after timeout */
+ assoc_failed = 1;
+ }
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
+ /* Set the key after the association just in case association
+ * cleared the previously configured key. */
+ wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
+ /* No need to timeout authentication since there is no key
+ * management. */
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+ wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+ } else {
+ /* Timeout for IEEE 802.11 authentication and association */
+ int timeout;
+ if (assoc_failed)
+ timeout = 5;
+ else if (wpa_s->conf->ap_scan == 1)
+ timeout = 10;
+ else
+ timeout = 60;
+ wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
+ }
+
+ if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
+ capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
+ /* Set static WEP keys again */
+ int j;
+ for (j = 0; j < NUM_WEP_KEYS; j++) {
+ if (ssid->wep_key_len[j]) {
+ wpa_set_wep_key(wpa_s,
+ j == ssid->wep_tx_keyidx,
+ j, ssid->wep_key[j],
+ ssid->wep_key_len[j]);
+ }
+ }
+ }
+
+ if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
+ /*
+ * Do not allow EAP session resumption between different
+ * network configurations.
+ */
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+ }
+ wpa_s->current_ssid = ssid;
+ wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
+ wpa_supplicant_initiate_eapol(wpa_s);
+}
+
+
+/**
+ * wpa_supplicant_disassociate - Disassociate the current connection
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @reason_code: IEEE 802.11 reason code for the disassociate frame
+ *
+ * This function is used to request %wpa_supplicant to disassociate with the
+ * current AP.
+ */
+void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
+ int reason_code)
+{
+ u8 *addr = NULL;
+ if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
+ {
+ if (wpa_s->use_client_mlme)
+ ieee80211_sta_disassociate(wpa_s, reason_code);
+ else
+ wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
+ addr = wpa_s->bssid;
+ }
+ wpa_clear_keys(wpa_s, addr);
+ wpa_supplicant_mark_disassoc(wpa_s);
+ wpa_s->current_ssid = NULL;
+ wpa_sm_set_config(wpa_s->wpa, NULL);
+ eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+}
+
+
+/**
+ * wpa_supplicant_deauthenticate - Deauthenticate the current connection
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
+ *
+ * This function is used to request %wpa_supplicant to disassociate with the
+ * current AP.
+ */
+void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
+ int reason_code)
+{
+ u8 *addr = NULL;
+ wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
+ {
+ if (wpa_s->use_client_mlme)
+ ieee80211_sta_deauthenticate(wpa_s, reason_code);
+ else
+ wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
+ reason_code);
+ addr = wpa_s->bssid;
+ }
+ wpa_clear_keys(wpa_s, addr);
+ wpa_s->current_ssid = NULL;
+ wpa_sm_set_config(wpa_s->wpa, NULL);
+ eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
+ eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+}
+
+
+/**
+ * wpa_supplicant_get_scan_results - Get scan results
+ * @wpa_s: Pointer to wpa_supplicant data
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is request the current scan results from the driver and stores
+ * a local copy of the results in wpa_s->scan_results.
+ */
+int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
+{
+#define SCAN_AP_LIMIT 128
+ struct wpa_scan_result *results, *tmp;
+ int num;
+
+ results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
+ if (results == NULL) {
+ wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
+ "results");
+ return -1;
+ }
+
+ if (wpa_s->use_client_mlme) {
+ num = ieee80211_sta_get_scan_results(wpa_s, results,
+ SCAN_AP_LIMIT);
+ } else
+ num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
+ wpa_printf(MSG_DEBUG, "Scan results: %d", num);
+ if (num < 0) {
+ wpa_printf(MSG_DEBUG, "Failed to get scan results");
+ os_free(results);
+ return -1;
+ }
+ if (num > SCAN_AP_LIMIT) {
+ wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
+ num, SCAN_AP_LIMIT);
+ num = SCAN_AP_LIMIT;
+ }
+
+ /* Free unneeded memory for unused scan result entries */
+ tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
+ if (tmp || num == 0) {
+ results = tmp;
+ }
+
+ os_free(wpa_s->scan_results);
+ wpa_s->scan_results = results;
+ wpa_s->num_scan_results = num;
+
+ return 0;
+}
+
+
+#ifndef CONFIG_NO_WPA
+static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
+{
+ int i, ret = 0;
+ struct wpa_scan_result *results, *curr = NULL;
+
+ results = wpa_s->scan_results;
+ if (results == NULL) {
+ return -1;
+ }
+
+ for (i = 0; i < wpa_s->num_scan_results; i++) {
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
+ continue;
+ if (ssid == NULL ||
+ ((results[i].ssid_len == ssid->ssid_len &&
+ os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
+ == 0) ||
+ ssid->ssid_len == 0)) {
+ curr = &results[i];
+ break;
+ }
+ }
+
+ if (curr) {
+ if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
+ curr->wpa_ie_len) ||
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
+ curr->rsn_ie_len))
+ ret = -1;
+ } else {
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+static int wpa_supplicant_get_beacon_ie(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_get_beacon_ie(wpa_s) == 0) {
+ return 0;
+ }
+
+ /* No WPA/RSN IE found in the cached scan results. Try to get updated
+ * scan results from the driver. */
+ if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
+ return -1;
+ }
+
+ return wpa_get_beacon_ie(wpa_s);
+}
+#endif /* CONFIG_NO_WPA */
+
+
+/**
+ * wpa_supplicant_get_ssid - Get a pointer to the current network structure
+ * @wpa_s: Pointer to wpa_supplicant data
+ * Returns: A pointer to the current network structure or %NULL on failure
+ */
+struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_ssid *entry;
+ u8 ssid[MAX_SSID_LEN];
+ int res;
+ size_t ssid_len;
+ u8 bssid[ETH_ALEN];
+ int wired;
+
+ if (wpa_s->use_client_mlme) {
+ if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
+ wpa_printf(MSG_WARNING, "Could not read SSID from "
+ "MLME.");
+ return NULL;
+ }
+ } else {
+ res = wpa_drv_get_ssid(wpa_s, ssid);
+ if (res < 0) {
+ wpa_printf(MSG_WARNING, "Could not read SSID from "
+ "driver.");
+ return NULL;
+ }
+ ssid_len = res;
+ }
+
+ if (wpa_s->use_client_mlme)
+ os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
+ else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
+ wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
+ return NULL;
+ }
+
+ wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
+ os_strcmp(wpa_s->driver->name, "wired") == 0;
+
+ entry = wpa_s->conf->ssid;
+ while (entry) {
+ if (!entry->disabled &&
+ ((ssid_len == entry->ssid_len &&
+ os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
+ (!entry->bssid_set ||
+ os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
+ return entry;
+ entry = entry->next;
+ }
+
+ return NULL;
+}
+
+
+#ifndef CONFIG_NO_WPA
+static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
+ const void *data, u16 data_len,
+ size_t *msg_len, void **data_pos)
+{
+ return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
+}
+
+
+static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
+ const u8 *buf, size_t len)
+{
+ return wpa_ether_send(wpa_s, dest, proto, buf, len);
+}
+
+
+static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
+{
+ wpa_supplicant_req_scan(wpa_s, sec, usec);
+}
+
+
+static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
+{
+ wpa_supplicant_cancel_auth_timeout(wpa_s);
+}
+
+
+static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
+{
+ wpa_supplicant_set_state(wpa_s, state);
+}
+
+
+static wpa_states _wpa_supplicant_get_state(void *wpa_s)
+{
+ return wpa_supplicant_get_state(wpa_s);
+}
+
+
+static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
+{
+ wpa_supplicant_disassociate(wpa_s, reason_code);
+}
+
+
+static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
+{
+ wpa_supplicant_deauthenticate(wpa_s, reason_code);
+}
+
+
+static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
+{
+ return wpa_supplicant_get_ssid(wpa_s);
+}
+
+
+static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ if (wpa_s->use_client_mlme) {
+ os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
+ return 0;
+ }
+ return wpa_drv_get_bssid(wpa_s, bssid);
+}
+
+
+static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
+ key, key_len);
+}
+
+
+static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
+ int protection_type,
+ int key_type)
+{
+ return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
+ key_type);
+}
+
+
+static int wpa_supplicant_add_pmkid(void *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
+}
+
+
+static int wpa_supplicant_remove_pmkid(void *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
+}
+#endif /* CONFIG_NO_WPA */
+
+
+static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
+ const char *name)
+{
+ int i;
+
+ if (wpa_s == NULL)
+ return -1;
+
+ if (wpa_supplicant_drivers[0] == NULL) {
+ wpa_printf(MSG_ERROR, "No driver interfaces build into "
+ "wpa_supplicant.");
+ return -1;
+ }
+
+ if (name == NULL) {
+ /* default to first driver in the list */
+ wpa_s->driver = wpa_supplicant_drivers[0];
+ return 0;
+ }
+
+ for (i = 0; wpa_supplicant_drivers[i]; i++) {
+ if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
+ wpa_s->driver = wpa_supplicant_drivers[i];
+ return 0;
+ }
+ }
+
+ wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
+ return -1;
+}
+
+
+void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
+ wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
+
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
+ wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
+ "no key management is configured");
+ return;
+ }
+
+ if (wpa_s->eapol_received == 0) {
+ /* Timeout for completing IEEE 802.1X and WPA authentication */
+ wpa_supplicant_req_auth_timeout(
+ wpa_s,
+ (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
+ 70 : 10, 0);
+ }
+ wpa_s->eapol_received++;
+
+ if (wpa_s->countermeasures) {
+ wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
+ "packet");
+ return;
+ }
+
+ /* Source address of the incoming EAPOL frame could be compared to the
+ * current BSSID. However, it is possible that a centralized
+ * Authenticator could be using another MAC address than the BSSID of
+ * an AP, so just allow any address to be used for now. The replies are
+ * still sent to the current BSSID (if available), though. */
+
+ os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
+ if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
+ eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
+ return;
+ wpa_drv_poll(wpa_s);
+ wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
+}
+
+
+/**
+ * wpa_supplicant_driver_init - Initialize driver interface parameters
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @wait_for_interface: 0 = do not wait for the interface (reports a failure if
+ * the interface is not present), 1 = wait until the interface is available
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is called to initialize driver interface parameters.
+ * wpa_drv_init() must have been called before this function to initialize the
+ * driver interface.
+ */
+int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
+ int wait_for_interface)
+{
+ static int interface_count = 0;
+
+ for (;;) {
+ if (wpa_s->driver->send_eapol) {
+ const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
+ if (addr)
+ os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
+ break;
+ }
+ wpa_s->l2 = l2_packet_init(wpa_s->ifname,
+ wpa_drv_get_mac_addr(wpa_s),
+ ETH_P_EAPOL,
+ wpa_supplicant_rx_eapol, wpa_s, 0);
+ if (wpa_s->l2)
+ break;
+ else if (!wait_for_interface)
+ return -1;
+ wpa_printf(MSG_DEBUG, "Waiting for interface..");
+ os_sleep(5, 0);
+ }
+
+ if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
+ wpa_printf(MSG_ERROR, "Failed to get own L2 address");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
+ MAC2STR(wpa_s->own_addr));
+
+ if (wpa_s->bridge_ifname[0]) {
+ wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
+ " '%s'", wpa_s->bridge_ifname);
+ wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
+ wpa_s->own_addr,
+ ETH_P_EAPOL,
+ wpa_supplicant_rx_eapol, wpa_s,
+ 0);
+ if (wpa_s->l2_br == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to open l2_packet "
+ "connection for the bridge interface '%s'",
+ wpa_s->bridge_ifname);
+ return -1;
+ }
+ }
+
+ /* Backwards compatibility call to set_wpa() handler. This is called
+ * only just after init and just before deinit, so these handler can be
+ * used to implement same functionality. */
+ if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
+ struct wpa_driver_capa capa;
+ if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
+ !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
+ WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
+ wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
+ /* Continue to allow non-WPA modes to be used. */
+ } else {
+ wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
+ "driver.");
+ return -1;
+ }
+ }
+
+ wpa_clear_keys(wpa_s, NULL);
+
+ /* Make sure that TKIP countermeasures are not left enabled (could
+ * happen if wpa_supplicant is killed during countermeasures. */
+ wpa_drv_set_countermeasures(wpa_s, 0);
+
+ wpa_drv_set_drop_unencrypted(wpa_s, 1);
+
+ wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+ wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
+ interface_count++;
+
+ return 0;
+}
+
+
+static int wpa_supplicant_daemon(const char *pid_file)
+{
+ wpa_printf(MSG_DEBUG, "Daemonize..");
+ return os_daemonize(pid_file);
+}
+
+
+static struct wpa_supplicant * wpa_supplicant_alloc(void)
+{
+ struct wpa_supplicant *wpa_s;
+
+ wpa_s = os_zalloc(sizeof(*wpa_s));
+ if (wpa_s == NULL)
+ return NULL;
+ wpa_s->scan_req = 1;
+
+ return wpa_s;
+}
+
+
+static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
+ struct wpa_interface *iface)
+{
+ wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
+ "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
+ iface->confname ? iface->confname : "N/A",
+ iface->driver ? iface->driver : "default",
+ iface->ctrl_interface ? iface->ctrl_interface : "N/A",
+ iface->bridge_ifname ? iface->bridge_ifname : "N/A");
+
+ if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
+ return -1;
+ }
+
+ if (iface->confname) {
+#ifdef CONFIG_BACKEND_FILE
+ wpa_s->confname = os_rel2abs_path(iface->confname);
+ if (wpa_s->confname == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to get absolute path "
+ "for configuration file '%s'.",
+ iface->confname);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
+ iface->confname, wpa_s->confname);
+#else /* CONFIG_BACKEND_FILE */
+ wpa_s->confname = os_strdup(iface->confname);
+#endif /* CONFIG_BACKEND_FILE */
+ wpa_s->conf = wpa_config_read(wpa_s->confname);
+ if (wpa_s->conf == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to read or parse "
+ "configuration '%s'.", wpa_s->confname);
+ return -1;
+ }
+
+ /*
+ * Override ctrl_interface and driver_param if set on command
+ * line.
+ */
+ if (iface->ctrl_interface) {
+ os_free(wpa_s->conf->ctrl_interface);
+ wpa_s->conf->ctrl_interface =
+ os_strdup(iface->ctrl_interface);
+ }
+
+ if (iface->driver_param) {
+ os_free(wpa_s->conf->driver_param);
+ wpa_s->conf->driver_param =
+ os_strdup(iface->driver_param);
+ }
+ } else
+ wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
+ iface->driver_param);
+
+ if (wpa_s->conf == NULL) {
+ wpa_printf(MSG_ERROR, "\nNo configuration found.");
+ return -1;
+ }
+
+ if (iface->ifname == NULL) {
+ wpa_printf(MSG_ERROR, "\nInterface name is required.");
+ return -1;
+ }
+ if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
+ wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
+ iface->ifname);
+ return -1;
+ }
+ os_strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
+
+ if (iface->bridge_ifname) {
+ if (os_strlen(iface->bridge_ifname) >=
+ sizeof(wpa_s->bridge_ifname)) {
+ wpa_printf(MSG_ERROR, "\nToo long bridge interface "
+ "name '%s'.", iface->bridge_ifname);
+ return -1;
+ }
+ os_strncpy(wpa_s->bridge_ifname, iface->bridge_ifname,
+ sizeof(wpa_s->bridge_ifname));
+ }
+
+ return 0;
+}
+
+
+static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
+{
+#ifdef IEEE8021X_EAPOL
+ struct eapol_ctx *ctx;
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
+ return -1;
+ }
+
+ ctx->ctx = wpa_s;
+ ctx->msg_ctx = wpa_s;
+ ctx->eapol_send_ctx = wpa_s;
+ ctx->preauth = 0;
+ ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
+ ctx->eapol_send = wpa_supplicant_eapol_send;
+ ctx->set_wep_key = wpa_eapol_set_wep_key;
+ ctx->set_config_blob = wpa_supplicant_set_config_blob;
+ ctx->get_config_blob = wpa_supplicant_get_config_blob;
+ ctx->aborted_cached = wpa_supplicant_aborted_cached;
+ ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
+ ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
+ ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
+ wpa_s->eapol = eapol_sm_init(ctx);
+ if (wpa_s->eapol == NULL) {
+ os_free(ctx);
+ wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
+ "machines.");
+ return -1;
+ }
+#endif /* IEEE8021X_EAPOL */
+
+ return 0;
+}
+
+
+static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
+{
+#ifndef CONFIG_NO_WPA
+ struct wpa_sm_ctx *ctx;
+ ctx = os_zalloc(sizeof(*ctx));
+ if (ctx == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
+ return -1;
+ }
+
+ ctx->ctx = wpa_s;
+ ctx->set_state = _wpa_supplicant_set_state;
+ ctx->get_state = _wpa_supplicant_get_state;
+ ctx->req_scan = _wpa_supplicant_req_scan;
+ ctx->deauthenticate = _wpa_supplicant_deauthenticate;
+ ctx->disassociate = _wpa_supplicant_disassociate;
+ ctx->set_key = wpa_supplicant_set_key;
+ ctx->scan = wpa_supplicant_scan;
+ ctx->get_ssid = _wpa_supplicant_get_ssid;
+ ctx->get_bssid = wpa_supplicant_get_bssid;
+ ctx->ether_send = _wpa_ether_send;
+ ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
+ ctx->alloc_eapol = _wpa_alloc_eapol;
+ ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
+ ctx->add_pmkid = wpa_supplicant_add_pmkid;
+ ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
+ ctx->set_config_blob = wpa_supplicant_set_config_blob;
+ ctx->get_config_blob = wpa_supplicant_get_config_blob;
+ ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
+
+ wpa_s->wpa = wpa_sm_init(ctx);
+ if (wpa_s->wpa == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
+ "machine");
+ return -1;
+ }
+#endif /* CONFIG_NO_WPA */
+
+ return 0;
+}
+
+
+static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
+ int wait_for_interface)
+{
+ const char *ifname;
+ struct wpa_driver_capa capa;
+
+ wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
+ wpa_s->ifname);
+
+ if (wpa_supplicant_init_eapol(wpa_s) < 0)
+ return -1;
+
+ /* RSNA Supplicant Key Management - INITIALIZE */
+ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
+ eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+
+ /* Initialize driver interface and register driver event handler before
+ * L2 receive handler so that association events are processed before
+ * EAPOL-Key packets if both become available for the same select()
+ * call. */
+ wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
+ if (wpa_s->drv_priv == NULL) {
+ wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
+ return -1;
+ }
+ if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
+ wpa_printf(MSG_ERROR, "Driver interface rejected "
+ "driver_param '%s'", wpa_s->conf->driver_param);
+ return -1;
+ }
+
+ ifname = wpa_drv_get_ifname(wpa_s);
+ if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
+ wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
+ "name with '%s'", ifname);
+ os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
+ }
+
+ if (wpa_supplicant_init_wpa(wpa_s) < 0)
+ return -1;
+
+ wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
+ wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
+ NULL);
+ wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
+ wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
+
+ if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
+ wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
+ wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
+ wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
+ "dot11RSNAConfigPMKLifetime");
+ return -1;
+ }
+
+ if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
+ wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
+ wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
+ wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
+ "dot11RSNAConfigPMKReauthThreshold");
+ return -1;
+ }
+
+ if (wpa_s->conf->dot11RSNAConfigSATimeout &&
+ wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
+ wpa_s->conf->dot11RSNAConfigSATimeout)) {
+ wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
+ "dot11RSNAConfigSATimeout");
+ return -1;
+ }
+
+ if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
+ return -1;
+ }
+ wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
+
+ wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
+ if (wpa_s->ctrl_iface == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Failed to initialize control interface '%s'.\n"
+ "You may have another wpa_supplicant process "
+ "already running or the file was\n"
+ "left by an unclean termination of wpa_supplicant "
+ "in which case you will need\n"
+ "to manually remove this file before starting "
+ "wpa_supplicant again.\n",
+ wpa_s->conf->ctrl_interface);
+ return -1;
+ }
+
+ if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
+ capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
+ wpa_s->use_client_mlme = 1;
+ if (ieee80211_sta_init(wpa_s))
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->drv_priv) {
+ wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
+
+ /* Backwards compatibility call to set_wpa() handler. This is
+ * called only just after init and just before deinit, so these
+ * handler can be used to implement same functionality. */
+ if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
+ wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
+ "driver.");
+ }
+
+ wpa_drv_set_drop_unencrypted(wpa_s, 0);
+ wpa_drv_set_countermeasures(wpa_s, 0);
+ wpa_clear_keys(wpa_s, NULL);
+ }
+
+ wpas_dbus_unregister_iface(wpa_s);
+
+ wpa_supplicant_cleanup(wpa_s);
+
+ if (wpa_s->drv_priv)
+ wpa_drv_deinit(wpa_s);
+}
+
+
+/**
+ * wpa_supplicant_add_iface - Add a new network interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * @iface: Interface configuration options
+ * Returns: Pointer to the created interface or %NULL on failure
+ *
+ * This function is used to add new network interfaces for %wpa_supplicant.
+ * This can be called before wpa_supplicant_run() to add interfaces before the
+ * main event loop has been started. In addition, new interfaces can be added
+ * dynamically while %wpa_supplicant is already running. This could happen,
+ * e.g., when a hotplug network adapter is inserted.
+ */
+struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
+ struct wpa_interface *iface)
+{
+ struct wpa_supplicant *wpa_s;
+
+ if (global == NULL || iface == NULL)
+ return NULL;
+
+ wpa_s = wpa_supplicant_alloc();
+ if (wpa_s == NULL)
+ return NULL;
+
+ if (wpa_supplicant_init_iface(wpa_s, iface) ||
+ wpa_supplicant_init_iface2(wpa_s,
+ global->params.wait_for_interface)) {
+ wpa_printf(MSG_DEBUG, "Failed to add interface %s",
+ iface->ifname);
+ wpa_supplicant_deinit_iface(wpa_s);
+ os_free(wpa_s);
+ return NULL;
+ }
+
+ wpa_s->global = global;
+
+ /* Register the interface with the dbus control interface */
+ if (wpas_dbus_register_iface(wpa_s)) {
+ wpa_supplicant_deinit_iface(wpa_s);
+ os_free(wpa_s);
+ return NULL;
+ }
+
+ wpa_s->next = global->ifaces;
+ global->ifaces = wpa_s;
+
+ wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
+
+ return wpa_s;
+}
+
+
+/**
+ * wpa_supplicant_remove_iface - Remove a network interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * @wpa_s: Pointer to the network interface to be removed
+ * Returns: 0 if interface was removed, -1 if interface was not found
+ *
+ * This function can be used to dynamically remove network interfaces from
+ * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
+ * addition, this function is used to remove all remaining interfaces when
+ * %wpa_supplicant is terminated.
+ */
+int wpa_supplicant_remove_iface(struct wpa_global *global,
+ struct wpa_supplicant *wpa_s)
+{
+ struct wpa_supplicant *prev;
+
+ /* Remove interface from the global list of interfaces */
+ prev = global->ifaces;
+ if (prev == wpa_s) {
+ global->ifaces = wpa_s->next;
+ } else {
+ while (prev && prev->next != wpa_s)
+ prev = prev->next;
+ if (prev == NULL)
+ return -1;
+ prev->next = wpa_s->next;
+ }
+
+ wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
+
+ wpa_supplicant_deinit_iface(wpa_s);
+ os_free(wpa_s);
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_get_iface - Get a new network interface
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * @ifname: Interface name
+ * Returns: Pointer to the interface or %NULL if not found
+ */
+struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
+ const char *ifname)
+{
+ struct wpa_supplicant *wpa_s;
+
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (os_strcmp(wpa_s->ifname, ifname) == 0)
+ return wpa_s;
+ }
+ return NULL;
+}
+
+
+/**
+ * wpa_supplicant_init - Initialize %wpa_supplicant
+ * @params: Parameters for %wpa_supplicant
+ * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
+ *
+ * This function is used to initialize %wpa_supplicant. After successful
+ * initialization, the returned data pointer can be used to add and remove
+ * network interfaces, and eventually, to deinitialize %wpa_supplicant.
+ */
+struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
+{
+ struct wpa_global *global;
+ int ret;
+
+ if (params == NULL)
+ return NULL;
+
+ wpa_debug_open_file(params->wpa_debug_file_path);
+
+ ret = eap_peer_register_methods();
+ if (ret) {
+ wpa_printf(MSG_ERROR, "Failed to register EAP methods");
+ if (ret == -2)
+ wpa_printf(MSG_ERROR, "Two or more EAP methods used "
+ "the same EAP type.");
+ return NULL;
+ }
+
+ global = os_zalloc(sizeof(*global));
+ if (global == NULL)
+ return NULL;
+ global->params.daemonize = params->daemonize;
+ global->params.wait_for_interface = params->wait_for_interface;
+ global->params.wait_for_monitor = params->wait_for_monitor;
+ global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
+ if (params->pid_file)
+ global->params.pid_file = os_strdup(params->pid_file);
+ if (params->ctrl_interface)
+ global->params.ctrl_interface =
+ os_strdup(params->ctrl_interface);
+ wpa_debug_level = global->params.wpa_debug_level =
+ params->wpa_debug_level;
+ wpa_debug_show_keys = global->params.wpa_debug_show_keys =
+ params->wpa_debug_show_keys;
+ wpa_debug_timestamp = global->params.wpa_debug_timestamp =
+ params->wpa_debug_timestamp;
+
+ if (eloop_init(global)) {
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ wpa_supplicant_deinit(global);
+ return NULL;
+ }
+
+ global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
+ if (global->ctrl_iface == NULL) {
+ wpa_supplicant_deinit(global);
+ return NULL;
+ }
+
+ if (global->params.dbus_ctrl_interface) {
+ global->dbus_ctrl_iface =
+ wpa_supplicant_dbus_ctrl_iface_init(global);
+ if (global->dbus_ctrl_iface == NULL) {
+ wpa_supplicant_deinit(global);
+ return NULL;
+ }
+ }
+
+ if (global->params.wait_for_interface && global->params.daemonize &&
+ wpa_supplicant_daemon(global->params.pid_file)) {
+ wpa_supplicant_deinit(global);
+ return NULL;
+ }
+
+ return global;
+}
+
+
+/**
+ * wpa_supplicant_run - Run the %wpa_supplicant main event loop
+ * @global: Pointer to global data from wpa_supplicant_init()
+ * Returns: 0 after successful event loop run, -1 on failure
+ *
+ * This function starts the main event loop and continues running as long as
+ * there are any remaining events. In most cases, this function is running as
+ * long as the %wpa_supplicant process in still in use.
+ */
+int wpa_supplicant_run(struct wpa_global *global)
+{
+ struct wpa_supplicant *wpa_s;
+
+ if (!global->params.wait_for_interface && global->params.daemonize &&
+ wpa_supplicant_daemon(global->params.pid_file))
+ return -1;
+
+ if (global->params.wait_for_monitor) {
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
+ if (wpa_s->ctrl_iface)
+ wpa_supplicant_ctrl_iface_wait(
+ wpa_s->ctrl_iface);
+ }
+
+ eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
+ eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
+
+ eloop_run();
+
+ return 0;
+}
+
+
+/**
+ * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
+ * @global: Pointer to global data from wpa_supplicant_init()
+ *
+ * This function is called to deinitialize %wpa_supplicant and to free all
+ * allocated resources. Remaining network interfaces will also be removed.
+ */
+void wpa_supplicant_deinit(struct wpa_global *global)
+{
+ if (global == NULL)
+ return;
+
+ while (global->ifaces)
+ wpa_supplicant_remove_iface(global, global->ifaces);
+
+ if (global->ctrl_iface)
+ wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
+ if (global->dbus_ctrl_iface)
+ wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
+
+ eap_peer_unregister_methods();
+
+ eloop_destroy();
+
+ if (global->params.pid_file) {
+ os_daemonize_terminate(global->params.pid_file);
+ os_free(global->params.pid_file);
+ }
+ os_free(global->params.ctrl_interface);
+
+ os_free(global);
+ wpa_debug_close_file();
+}
--- /dev/null
+##### Example wpa_supplicant configuration file ###############################
+#
+# This file describes configuration file format and lists all available option.
+# Please also take a look at simpler configuration examples in 'examples'
+# subdirectory.
+#
+# Empty lines and lines starting with # are ignored
+
+# NOTE! This file may contain password information and should probably be made
+# readable only by root user on multiuser systems.
+
+# Note: All file paths in this configuration file should use full (absolute,
+# not relative to working directory) path in order to allow working directory
+# to be changed. This can happen if wpa_supplicant is run in the background.
+
+# Whether to allow wpa_supplicant to update (overwrite) configuration
+#
+# This option can be used to allow wpa_supplicant to overwrite configuration
+# file whenever configuration is changed (e.g., new network block is added with
+# wpa_cli or wpa_gui, or a password is changed). This is required for
+# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
+# Please note that overwriting configuration file will remove the comments from
+# it.
+#update_config=1
+
+# global configuration (shared by all network blocks)
+#
+# Parameters for the control interface. If this is specified, wpa_supplicant
+# will open a control interface that is available for external programs to
+# manage wpa_supplicant. The meaning of this string depends on which control
+# interface mechanism is used. For all cases, the existance of this parameter
+# in configuration is used to determine whether the control interface is
+# enabled.
+#
+# For UNIX domain sockets (default on Linux and BSD): This is a directory that
+# will be created for UNIX domain sockets for listening to requests from
+# external programs (CLI/GUI, etc.) for status information and configuration.
+# The socket file will be named based on the interface name, so multiple
+# wpa_supplicant processes can be run at the same time if more than one
+# interface is used.
+# /var/run/wpa_supplicant is the recommended directory for sockets and by
+# default, wpa_cli will use it when trying to connect with wpa_supplicant.
+#
+# Access control for the control interface can be configured by setting the
+# directory to allow only members of a group to use sockets. This way, it is
+# possible to run wpa_supplicant as root (since it needs to change network
+# configuration and open raw sockets) and still allow GUI/CLI components to be
+# run as non-root users. However, since the control interface can be used to
+# change the network configuration, this access needs to be protected in many
+# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
+# want to allow non-root users to use the control interface, add a new group
+# and change this value to match with that group. Add users that should have
+# control interface access to this group. If this variable is commented out or
+# not included in the configuration file, group will not be changed from the
+# value it got by default when the directory or socket was created.
+#
+# When configuring both the directory and group, use following format:
+# DIR=/var/run/wpa_supplicant GROUP=wheel
+# DIR=/var/run/wpa_supplicant GROUP=0
+# (group can be either group name or gid)
+#
+# For UDP connections (default on Windows): The value will be ignored. This
+# variable is just used to select that the control interface is to be created.
+# The value can be set to, e.g., udp (ctrl_interface=udp)
+#
+# For Windows Named Pipe: This value can be used to set the security descriptor
+# for controlling access to the control interface. Security descriptor can be
+# set using Security Descriptor String Format (see http://msdn.microsoft.com/
+# library/default.asp?url=/library/en-us/secauthz/security/
+# security_descriptor_string_format.asp). The descriptor string needs to be
+# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
+# DACL (which will reject all connections). See README-Windows.txt for more
+# information about SDDL string format.
+#
+ctrl_interface=/var/run/wpa_supplicant
+
+# IEEE 802.1X/EAPOL version
+# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
+# EAPOL version 2. However, there are many APs that do not handle the new
+# version number correctly (they seem to drop the frames completely). In order
+# to make wpa_supplicant interoperate with these APs, the version number is set
+# to 1 by default. This configuration value can be used to set it to the new
+# version (2).
+eapol_version=1
+
+# AP scanning/selection
+# By default, wpa_supplicant requests driver to perform AP scanning and then
+# uses the scan results to select a suitable AP. Another alternative is to
+# allow the driver to take care of AP scanning and selection and use
+# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
+# information from the driver.
+# 1: wpa_supplicant initiates scanning and AP selection
+# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
+# parameters (e.g., WPA IE generation); this mode can also be used with
+# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
+# APs (i.e., external program needs to control association). This mode must
+# also be used when using wired Ethernet drivers.
+# 2: like 0, but associate with APs using security policy and SSID (but not
+# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
+# enable operation with hidden SSIDs and optimized roaming; in this mode,
+# the network blocks in the configuration file are tried one by one until
+# the driver reports successful association; each network block should have
+# explicit security policy (i.e., only one option in the lists) for
+# key_mgmt, pairwise, group, proto variables
+ap_scan=1
+
+# EAP fast re-authentication
+# By default, fast re-authentication is enabled for all EAP methods that
+# support it. This variable can be used to disable fast re-authentication.
+# Normally, there is no need to disable this.
+fast_reauth=1
+
+# OpenSSL Engine support
+# These options can be used to load OpenSSL engines.
+# The two engines that are supported currently are shown below:
+# They are both from the opensc project (http://www.opensc.org/)
+# By default no engines are loaded.
+# make the opensc engine available
+#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
+# make the pkcs11 engine available
+#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
+# configure the path to the pkcs11 module required by the pkcs11 engine
+#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
+
+# Dynamic EAP methods
+# If EAP methods were built dynamically as shared object files, they need to be
+# loaded here before being used in the network blocks. By default, EAP methods
+# are included statically in the build, so these lines are not needed
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
+
+# Driver interface parameters
+# This field can be used to configure arbitrary driver interace parameters. The
+# format is specific to the selected driver interface. This field is not used
+# in most cases.
+#driver_param="field=value"
+
+# Maximum lifetime for PMKSA in seconds; default 43200
+#dot11RSNAConfigPMKLifetime=43200
+# Threshold for reauthentication (percentage of PMK lifetime); default 70
+#dot11RSNAConfigPMKReauthThreshold=70
+# Timeout for security association negotiation in seconds; default 60
+#dot11RSNAConfigSATimeout=60
+
+# network block
+#
+# Each network (usually AP's sharing the same SSID) is configured as a separate
+# block in this configuration file. The network blocks are in preference order
+# (the first match is used).
+#
+# network block fields:
+#
+# disabled:
+# 0 = this network can be used (default)
+# 1 = this network block is disabled (can be enabled through ctrl_iface,
+# e.g., with wpa_cli or wpa_gui)
+#
+# id_str: Network identifier string for external scripts. This value is passed
+# to external action script through wpa_cli as WPA_ID_STR environment
+# variable to make it easier to do network specific configuration.
+#
+# ssid: SSID (mandatory); either as an ASCII string with double quotation or
+# as hex string; network name
+#
+# scan_ssid:
+# 0 = do not scan this SSID with specific Probe Request frames (default)
+# 1 = scan with SSID-specific Probe Request frames (this can be used to
+# find APs that do not accept broadcast SSID or use multiple SSIDs;
+# this will add latency to scanning, so enable this only when needed)
+#
+# bssid: BSSID (optional); if set, this network block is used only when
+# associating with the AP using the configured BSSID
+#
+# priority: priority group (integer)
+# By default, all networks will get same priority group (0). If some of the
+# networks are more desirable, this field can be used to change the order in
+# which wpa_supplicant goes through the networks when selecting a BSS. The
+# priority groups will be iterated in decreasing priority (i.e., the larger the
+# priority value, the sooner the network is matched against the scan results).
+# Within each priority group, networks will be selected based on security
+# policy, signal strength, etc.
+# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
+# using this priority to select the order for scanning. Instead, they try the
+# networks in the order that used in the configuration file.
+#
+# mode: IEEE 802.11 operation mode
+# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
+# 1 = IBSS (ad-hoc, peer-to-peer)
+# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
+# to be set to 2 for IBSS. WPA-None requires following network block options:
+# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
+# both), and psk must also be set.
+#
+# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g.,
+# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial
+# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode.
+# In addition, this value is only used by the station that creates the IBSS. If
+# an IBSS network with the configured SSID is already present, the frequency of
+# the network will be used instead of this configured value.
+#
+# proto: list of accepted protocols
+# WPA = WPA/IEEE 802.11i/D3.0
+# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
+# If not set, this defaults to: WPA RSN
+#
+# key_mgmt: list of accepted authenticated key management protocols
+# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
+# WPA-EAP = WPA using EAP authentication (this can use an external
+# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
+# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
+# generated WEP keys
+# NONE = WPA is not used; plaintext or static WEP could be used
+# If not set, this defaults to: WPA-PSK WPA-EAP
+#
+# auth_alg: list of allowed IEEE 802.11 authentication algorithms
+# OPEN = Open System authentication (required for WPA/WPA2)
+# SHARED = Shared Key authentication (requires static WEP keys)
+# LEAP = LEAP/Network EAP (only used with LEAP)
+# If not set, automatic selection is used (Open System with LEAP enabled if
+# LEAP is allowed as one of the EAP methods).
+#
+# pairwise: list of accepted pairwise (unicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# NONE = Use only Group Keys (deprecated, should not be included if APs support
+# pairwise keys)
+# If not set, this defaults to: CCMP TKIP
+#
+# group: list of accepted group (broadcast/multicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
+# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
+# If not set, this defaults to: CCMP TKIP WEP104 WEP40
+#
+# psk: WPA preshared key; 256-bit pre-shared key
+# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
+# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
+# generated using the passphrase and SSID). ASCII passphrase must be between
+# 8 and 63 characters (inclusive).
+# This field is not needed, if WPA-EAP is used.
+# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
+# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
+# startup and reconfiguration time can be optimized by generating the PSK only
+# only when the passphrase or SSID has actually changed.
+#
+# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
+# Dynamic WEP key required for non-WPA mode
+# bit0 (1): require dynamically generated unicast WEP key
+# bit1 (2): require dynamically generated broadcast WEP key
+# (3 = require both keys; default)
+# Note: When using wired authentication, eapol_flags must be set to 0 for the
+# authentication to be completed successfully.
+#
+# mixed_cell: This option can be used to configure whether so called mixed
+# cells, i.e., networks that use both plaintext and encryption in the same
+# SSID, are allowed when selecting a BSS form scan results.
+# 0 = disabled (default)
+# 1 = enabled
+#
+# proactive_key_caching:
+# Enable/disable opportunistic PMKSA caching for WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#
+# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
+# hex without quotation, e.g., 0102030405)
+# wep_tx_keyidx: Default WEP key index (TX) (0..3)
+#
+# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
+# allowed. This is only used with RSN/WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#peerkey=1
+#
+# Following fields are only used with internal EAP implementation.
+# eap: space-separated list of accepted EAP methods
+# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
+# cannot be used with WPA; to be used as a Phase 2 method
+# with EAP-PEAP or EAP-TTLS)
+# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# OTP = EAP-OTP (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# GTC = EAP-GTC (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# TLS = EAP-TLS (client and server certificate)
+# PEAP = EAP-PEAP (with tunnelled EAP authentication)
+# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
+# authentication)
+# If not set, all compiled in methods are allowed.
+#
+# identity: Identity string for EAP
+# anonymous_identity: Anonymous identity string for EAP (to be used as the
+# unencrypted identity with EAP types that support different tunnelled
+# identity, e.g., EAP-TTLS)
+# password: Password string for EAP
+# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
+# or more trusted CA certificates. If ca_cert and ca_path are not
+# included, server certificate will not be verified. This is insecure and
+# a trusted CA certificate should always be configured when using
+# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
+# change when wpa_supplicant is run in the background.
+# On Windows, trusted CA certificates can be loaded from the system
+# certificate store by setting this to cert_store://<name>, e.g.,
+# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# ca_path: Directory path for CA certificate files (PEM). This path may
+# contain multiple CA certificates in OpenSSL format. Common use for this
+# is to point to system trusted CA list which is often installed into
+# directory like /etc/ssl/certs. If configured, these certificates are
+# added to the list of trusted CAs. ca_cert may also be included in that
+# case, but it is not required.
+# client_cert: File path to client certificate file (PEM/DER)
+# Full path should be used since working directory may change when
+# wpa_supplicant is run in the background.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key: File path to client private key file (PEM/DER/PFX)
+# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
+# commented out. Both the private key and certificate will be read from
+# the PKCS#12 file in this case. Full path should be used since working
+# directory may change when wpa_supplicant is run in the background.
+# Windows certificate store can be used by leaving client_cert out and
+# configuring private_key in one of the following formats:
+# cert://substring_to_match
+# hash://certificate_thumbprint_in_hex
+# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key_passwd: Password for private key file (if left out, this will be
+# asked through control interface)
+# dh_file: File path to DH/DSA parameters file (in PEM format)
+# This is an optional configuration file for setting parameters for an
+# ephemeral DH key exchange. In most cases, the default RSA
+# authentication does not use this configuration. However, it is possible
+# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
+# DSA keys always use ephemeral DH keys. This can be used to achieve
+# forward secrecy. If the file is in DSA parameters format, it will be
+# automatically converted into DH params.
+# subject_match: Substring to be matched against the subject of the
+# authentication server certificate. If this string is set, the server
+# sertificate is only accepted if it contains this string in the subject.
+# The subject string is in following format:
+# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
+# altsubject_match: Semicolon separated string of entries to be matched against
+# the alternative subject name of the authentication server certificate.
+# If this string is set, the server sertificate is only accepted if it
+# contains one of the entries in an alternative subject name extension.
+# altSubjectName string is in following format: TYPE:VALUE
+# Example: EMAIL:server@example.com
+# Example: DNS:server.example.com;DNS:server2.example.com
+# Following types are supported: EMAIL, DNS, URI
+# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
+# (string with field-value pairs, e.g., "peapver=0" or
+# "peapver=1 peaplabel=1")
+# 'peapver' can be used to force which PEAP version (0 or 1) is used.
+# 'peaplabel=1' can be used to force new label, "client PEAP encryption",
+# to be used during key derivation when PEAPv1 or newer. Most existing
+# PEAPv1 implementation seem to be using the old label, "client EAP
+# encryption", and wpa_supplicant is now using that as the default value.
+# Some servers, e.g., Radiator, may require peaplabel=1 configuration to
+# interoperate with PEAPv1; see eap_testing.txt for more details.
+# 'peap_outer_success=0' can be used to terminate PEAP authentication on
+# tunneled EAP-Success. This is required with some RADIUS servers that
+# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
+# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
+# include_tls_length=1 can be used to force wpa_supplicant to include
+# TLS Message Length field in all TLS messages even if they are not
+# fragmented.
+# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
+# challenges (by default, it accepts 2 or 3)
+# phase2: Phase2 (inner authentication with TLS tunnel) parameters
+# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
+# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
+# Following certificate/private key fields are used in inner Phase2
+# authentication when using EAP-TTLS or EAP-PEAP.
+# ca_cert2: File path to CA certificate file. This file can have one or more
+# trusted CA certificates. If ca_cert2 and ca_path2 are not included,
+# server certificate will not be verified. This is insecure and a trusted
+# CA certificate should always be configured.
+# ca_path2: Directory path for CA certificate files (PEM)
+# client_cert2: File path to client certificate file
+# private_key2: File path to client private key file
+# private_key2_passwd: Password for private key file
+# dh_file2: File path to DH/DSA parameters file (in PEM format)
+# subject_match2: Substring to be matched against the subject of the
+# authentication server certificate.
+# altsubject_match2: Substring to be matched against the alternative subject
+# name of the authentication server certificate.
+#
+# fragment_size: Maximum EAP fragment size in bytes (default 1398).
+# This value limits the fragment size for EAP methods that support
+# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
+# small enough to make the EAP messages fit in MTU of the network
+# interface used for EAPOL. The default value is suitable for most
+# cases.
+#
+# EAP-PSK variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+# nai: user NAI
+#
+# EAP-PAX variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+#
+# EAP-SAKE variables:
+# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
+# (this is concatenation of Root-Secret-A and Root-Secret-B)
+# nai: user NAI (PEERID)
+#
+# EAP-GPSK variables:
+# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
+# nai: user NAI (ID_Client)
+#
+# EAP-FAST variables:
+# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
+# to create this file and write updates to it when PAC is being
+# provisioned or refreshed. Full path to the file should be used since
+# working directory may change when wpa_supplicant is run in the
+# background. Alternatively, a named configuration blob can be used by
+# setting this to blob://<blob name>
+# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
+# credentials (PAC)
+#
+# wpa_supplicant supports number of "EAP workarounds" to work around
+# interoperability issues with incorrectly behaving authentication servers.
+# These are enabled by default because some of the issues are present in large
+# number of authentication servers. Strict EAP conformance mode can be
+# configured by disabling workarounds with eap_workaround=0.
+
+# Example blocks:
+
+# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
+network={
+ ssid="simple"
+ psk="very secret passphrase"
+ priority=5
+}
+
+# Same as previous, but request SSID-specific scanning (for APs that reject
+# broadcast SSID)
+network={
+ ssid="second ssid"
+ scan_ssid=1
+ psk="very secret passphrase"
+ priority=2
+}
+
+# Only WPA-PSK is used. Any valid cipher combination is accepted.
+network={
+ ssid="example"
+ proto=WPA
+ key_mgmt=WPA-PSK
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+ priority=2
+}
+
+# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
+# or WEP40 as the group cipher will not be accepted.
+network={
+ ssid="example"
+ proto=RSN
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ priority=1
+}
+
+# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
+# (e.g., Radiator)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=1"
+ phase2="auth=MSCHAPV2"
+ priority=10
+}
+
+# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ priority=2
+}
+
+# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
+# use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MSCHAPV2"
+}
+
+# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
+# authentication.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ # Phase1 / outer authentication
+ anonymous_identity="anonymous@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ # Phase 2 / inner authentication
+ phase2="autheap=TLS"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+ priority=2
+}
+
+# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
+# group cipher.
+network={
+ ssid="example"
+ bssid=00:11:22:33:44:55
+ proto=WPA RSN
+ key_mgmt=WPA-PSK WPA-EAP
+ pairwise=CCMP
+ group=CCMP
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+}
+
+# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
+# and all valid ciphers.
+network={
+ ssid=00010203
+ psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+}
+
+
+# EAP-SIM with a GSM SIM or USIM
+network={
+ ssid="eap-sim-test"
+ key_mgmt=WPA-EAP
+ eap=SIM
+ pin="1234"
+ pcsc=""
+}
+
+
+# EAP-PSK
+network={
+ ssid="eap-psk-test"
+ key_mgmt=WPA-EAP
+ eap=PSK
+ identity="eap_psk_user"
+ eappsk=06b4be19da289f475aa46a33cb793029
+ nai="eap_psk_user@example.com"
+}
+
+
+# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
+# EAP-TLS for authentication and key generation; require both unicast and
+# broadcast WEP keys.
+network={
+ ssid="1x-test"
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+
+
+# LEAP with dynamic WEP keys
+network={
+ ssid="leap-example"
+ key_mgmt=IEEE8021X
+ eap=LEAP
+ identity="user"
+ password="foobar"
+}
+
+# EAP-FAST with WPA (WPA or WPA2)
+network={
+ ssid="eap-fast-test"
+ key_mgmt=WPA-EAP
+ eap=FAST
+ anonymous_identity="FAST-000102030405"
+ identity="username"
+ password="password"
+ phase1="fast_provisioning=1"
+ pac_file="/etc/wpa_supplicant.eap-fast-pac"
+}
+
+network={
+ ssid="eap-fast-test"
+ key_mgmt=WPA-EAP
+ eap=FAST
+ anonymous_identity="FAST-000102030405"
+ identity="username"
+ password="password"
+ phase1="fast_provisioning=1"
+ pac_file="blob://eap-fast-pac"
+}
+
+# Plaintext connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="plaintext-test"
+ key_mgmt=NONE
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="static-wep-test"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
+# IEEE 802.11 authentication
+network={
+ ssid="static-wep-test2"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+ auth_alg=SHARED
+}
+
+
+# IBSS/ad-hoc network with WPA-None/TKIP.
+network={
+ ssid="test adhoc"
+ mode=1
+ frequency=2412
+ proto=WPA
+ key_mgmt=WPA-NONE
+ pairwise=NONE
+ group=TKIP
+ psk="secret passphrase"
+}
+
+
+# Catch all example that allows more or less all configuration modes
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+}
+
+# Example of EAP-TLS with smartcard (openssl engine)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TLS
+ proto=RSN
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+
+ engine=1
+
+ # The engine configured here must be available. Look at
+ # OpenSSL engine support in the global section.
+ # The key available through the engine must be the private key
+ # matching the client certificate configured above.
+
+ # use the opensc engine
+ #engine_id="opensc"
+ #key_id="45"
+
+ # use the pkcs11 engine
+ engine_id="pkcs11"
+ key_id="id_45"
+
+ # Optional PIN configuration; this can be left out and PIN will be
+ # asked through the control interface
+ pin="1234"
+}
+
+# Example configuration showing how to use an inlined blob as a CA certificate
+# data instead of using external file
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="blob://exampleblob"
+ priority=20
+}
+
+blob-base64-exampleblob={
+SGVsbG8gV29ybGQhCg==
+}
+
+
+# Wildcard match for SSID (plaintext APs only). This example select any
+# open AP regardless of its SSID.
+network={
+ key_mgmt=NONE
+}
--- /dev/null
+/*
+ * wpa_supplicant - Exported functions for wpa_supplicant modules
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_SUPPLICANT_H
+#define WPA_SUPPLICANT_H
+
+/* Driver wrappers are not supposed to directly touch the internal data
+ * structure used in wpa_supplicant, so that definition is not provided here.
+ */
+struct wpa_supplicant;
+
+/**
+ * enum wpa_event_type - Event type for wpa_supplicant_event() calls
+ */
+typedef enum wpa_event_type {
+ /**
+ * EVENT_ASSOC - Association completed
+ *
+ * This event needs to be delivered when the driver completes IEEE
+ * 802.11 association or reassociation successfully.
+ * wpa_driver_ops::get_bssid() is expected to provide the current BSSID
+ * after this even has been generated. In addition, optional
+ * EVENT_ASSOCINFO may be generated just before EVENT_ASSOC to provide
+ * more information about the association. If the driver interface gets
+ * both of these events at the same time, it can also include the
+ * assoc_info data in EVENT_ASSOC call.
+ */
+ EVENT_ASSOC,
+
+ /**
+ * EVENT_DISASSOC - Association lost
+ *
+ * This event should be called when association is lost either due to
+ * receiving deauthenticate or disassociate frame from the AP or when
+ * sending either of these frames to the current AP.
+ */
+ EVENT_DISASSOC,
+
+ /**
+ * EVENT_MICHAEL_MIC_FAILURE - Michael MIC (TKIP) detected
+ *
+ * This event must be delivered when a Michael MIC error is detected by
+ * the local driver. Additional data is for event processing is
+ * provided with union wpa_event_data::michael_mic_failure. This
+ * information is used to request new encyption key and to initiate
+ * TKIP countermeasures if needed.
+ */
+ EVENT_MICHAEL_MIC_FAILURE,
+
+ /**
+ * EVENT_SCAN_RESULTS - Scan results available
+ *
+ * This event must be called whenever scan results are available to be
+ * fetched with struct wpa_driver_ops::get_scan_results(). This event
+ * is expected to be used some time after struct wpa_driver_ops::scan()
+ * is called. If the driver provides an unsolicited event when the scan
+ * has been completed, this event can be used to trigger
+ * EVENT_SCAN_RESULTS call. If such event is not available from the
+ * driver, the driver wrapper code is expected to use a registered
+ * timeout to generate EVENT_SCAN_RESULTS call after the time that the
+ * scan is expected to be completed.
+ */
+ EVENT_SCAN_RESULTS,
+
+ /**
+ * EVENT_ASSOCINFO - Report optional extra information for association
+ *
+ * This event can be used to report extra association information for
+ * EVENT_ASSOC processing. This extra information includes IEs from
+ * association frames and Beacon/Probe Response frames in union
+ * wpa_event_data::assoc_info. EVENT_ASSOCINFO must be send just before
+ * EVENT_ASSOC. Alternatively, the driver interface can include
+ * assoc_info data in the EVENT_ASSOC call if it has all the
+ * information available at the same point.
+ */
+ EVENT_ASSOCINFO,
+
+ /**
+ * EVENT_INTERFACE_STATUS - Report interface status changes
+ *
+ * This optional event can be used to report changes in interface
+ * status (interface added/removed) using union
+ * wpa_event_data::interface_status. This can be used to trigger
+ * wpa_supplicant to stop and re-start processing for the interface,
+ * e.g., when a cardbus card is ejected/inserted.
+ */
+ EVENT_INTERFACE_STATUS,
+
+ /**
+ * EVENT_PMKID_CANDIDATE - Report a candidate AP for pre-authentication
+ *
+ * This event can be used to inform wpa_supplicant about candidates for
+ * RSN (WPA2) pre-authentication. If wpa_supplicant is not responsible
+ * for scan request (ap_scan=2 mode), this event is required for
+ * pre-authentication. If wpa_supplicant is performing scan request
+ * (ap_scan=1), this event is optional since scan results can be used
+ * to add pre-authentication candidates. union
+ * wpa_event_data::pmkid_candidate is used to report the BSSID of the
+ * candidate and priority of the candidate, e.g., based on the signal
+ * strength, in order to try to pre-authenticate first with candidates
+ * that are most likely targets for re-association.
+ *
+ * EVENT_PMKID_CANDIDATE can be called whenever the driver has updates
+ * on the candidate list. In addition, it can be called for the current
+ * AP and APs that have existing PMKSA cache entries. wpa_supplicant
+ * will automatically skip pre-authentication in cases where a valid
+ * PMKSA exists. When more than one candidate exists, this event should
+ * be generated once for each candidate.
+ *
+ * Driver will be notified about successful pre-authentication with
+ * struct wpa_driver_ops::add_pmkid() calls.
+ */
+ EVENT_PMKID_CANDIDATE,
+
+ /**
+ * EVENT_STKSTART - Request STK handshake (MLME-STKSTART.request)
+ *
+ * This event can be used to inform wpa_supplicant about desire to set
+ * up secure direct link connection between two stations as defined in
+ * IEEE 802.11e with a new PeerKey mechanism that replaced the original
+ * STAKey negotiation. The caller will need to set peer address for the
+ * event.
+ */
+ EVENT_STKSTART
+} wpa_event_type;
+
+
+/**
+ * union wpa_event_data - Additional data for wpa_supplicant_event() calls
+ */
+union wpa_event_data {
+ /**
+ * struct assoc_info - Data for EVENT_ASSOC and EVENT_ASSOCINFO events
+ *
+ * This structure is optional for EVENT_ASSOC calls and required for
+ * EVENT_ASSOCINFO calls. By using EVENT_ASSOC with this data, the
+ * driver interface does not need to generate separate EVENT_ASSOCINFO
+ * calls.
+ */
+ struct assoc_info {
+ /**
+ * req_ies - (Re)Association Request IEs
+ *
+ * If the driver generates WPA/RSN IE, this event data must be
+ * returned for WPA handshake to have needed information. If
+ * wpa_supplicant-generated WPA/RSN IE is used, this
+ * information event is optional.
+ *
+ * This should start with the first IE (fixed fields before IEs
+ * are not included).
+ */
+ u8 *req_ies;
+
+ /**
+ * req_ies_len - Length of req_ies in bytes
+ */
+ size_t req_ies_len;
+
+ /**
+ * resp_ies - (Re)Association Response IEs
+ *
+ * Optional association data from the driver. This data is not
+ * required WPA, but may be useful for some protocols and as
+ * such, should be reported if this is available to the driver
+ * interface.
+ *
+ * This should start with the first IE (fixed fields before IEs
+ * are not included).
+ */
+ u8 *resp_ies;
+
+ /**
+ * resp_ies_len - Length of resp_ies in bytes
+ */
+ size_t resp_ies_len;
+
+ /**
+ * beacon_ies - Beacon or Probe Response IEs
+ *
+ * Optional Beacon/ProbeResp data: IEs included in Beacon or
+ * Probe Response frames from the current AP (i.e., the one
+ * that the client just associated with). This information is
+ * used to update WPA/RSN IE for the AP. If this field is not
+ * set, the results from previous scan will be used. If no
+ * data for the new AP is found, scan results will be requested
+ * again (without scan request). At this point, the driver is
+ * expected to provide WPA/RSN IE for the AP (if WPA/WPA2 is
+ * used).
+ *
+ * This should start with the first IE (fixed fields before IEs
+ * are not included).
+ */
+ u8 *beacon_ies;
+
+ /**
+ * beacon_ies_len - Length of beacon_ies */
+ size_t beacon_ies_len;
+ } assoc_info;
+
+ /**
+ * struct michael_mic_failure - Data for EVENT_MICHAEL_MIC_FAILURE
+ */
+ struct michael_mic_failure {
+ int unicast;
+ } michael_mic_failure;
+
+ /**
+ * struct interface_status - Data for EVENT_INTERFACE_STATUS
+ */
+ struct interface_status {
+ char ifname[100];
+ enum {
+ EVENT_INTERFACE_ADDED, EVENT_INTERFACE_REMOVED
+ } ievent;
+ } interface_status;
+
+ /**
+ * struct pmkid_candidate - Data for EVENT_PMKID_CANDIDATE
+ */
+ struct pmkid_candidate {
+ /** BSSID of the PMKID candidate */
+ u8 bssid[ETH_ALEN];
+ /** Smaller the index, higher the priority */
+ int index;
+ /** Whether RSN IE includes pre-authenticate flag */
+ int preauth;
+ } pmkid_candidate;
+
+ /**
+ * struct stkstart - Data for EVENT_STKSTART
+ */
+ struct stkstart {
+ u8 peer[ETH_ALEN];
+ } stkstart;
+};
+
+/**
+ * wpa_supplicant_event - Report a driver event for wpa_supplicant
+ * @wpa_s: pointer to wpa_supplicant data; this is the ctx variable registered
+ * with struct wpa_driver_ops::init()
+ * @event: event type (defined above)
+ * @data: possible extra data for the event
+ *
+ * Driver wrapper code should call this function whenever an event is received
+ * from the driver.
+ */
+void wpa_supplicant_event(struct wpa_supplicant *wpa_s, wpa_event_type event,
+ union wpa_event_data *data);
+
+/**
+ * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
+ * @ctx: Context pointer (wpa_s)
+ * @src_addr: Source address of the EAPOL frame
+ * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
+ * @len: Length of the EAPOL data
+ *
+ * This function is called for each received EAPOL frame.
+ */
+void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len);
+
+#endif /* WPA_SUPPLICANT_H */
--- /dev/null
+/*
+ * wpa_supplicant - Internal definitions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef WPA_SUPPLICANT_I_H
+#define WPA_SUPPLICANT_I_H
+
+#include "driver.h"
+
+struct wpa_blacklist {
+ struct wpa_blacklist *next;
+ u8 bssid[ETH_ALEN];
+ int count;
+};
+
+
+struct wpa_scan_result;
+struct wpa_sm;
+struct wpa_supplicant;
+
+/*
+ * Forward declarations of private structures used within the ctrl_iface
+ * backends. Other parts of wpa_supplicant do not have access to data stored in
+ * these structures.
+ */
+struct ctrl_iface_priv;
+struct ctrl_iface_global_priv;
+struct ctrl_iface_dbus_priv;
+
+/**
+ * struct wpa_interface - Parameters for wpa_supplicant_add_iface()
+ */
+struct wpa_interface {
+ /**
+ * confname - Configuration name (file or profile) name
+ *
+ * This can also be %NULL when a configuration file is not used. In
+ * that case, ctrl_interface must be set to allow the interface to be
+ * configured.
+ */
+ const char *confname;
+
+ /**
+ * ctrl_interface - Control interface parameter
+ *
+ * If a configuration file is not used, this variable can be used to
+ * set the ctrl_interface parameter that would have otherwise been read
+ * from the configuration file. If both confname and ctrl_interface are
+ * set, ctrl_interface is used to override the value from configuration
+ * file.
+ */
+ const char *ctrl_interface;
+
+ /**
+ * driver - Driver interface name, or %NULL to use the default driver
+ */
+ const char *driver;
+
+ /**
+ * driver_param - Driver interface parameters
+ *
+ * If a configuration file is not used, this variable can be used to
+ * set the driver_param parameters that would have otherwise been read
+ * from the configuration file. If both confname and driver_param are
+ * set, driver_param is used to override the value from configuration
+ * file.
+ */
+ const char *driver_param;
+
+ /**
+ * ifname - Interface name
+ */
+ const char *ifname;
+
+ /**
+ * bridge_ifname - Optional bridge interface name
+ *
+ * If the driver interface (ifname) is included in a Linux bridge
+ * device, the bridge interface may need to be used for receiving EAPOL
+ * frames. This can be enabled by setting this variable to enable
+ * receiving of EAPOL frames from an additional interface.
+ */
+ const char *bridge_ifname;
+};
+
+/**
+ * struct wpa_params - Parameters for wpa_supplicant_init()
+ */
+struct wpa_params {
+ /**
+ * daemonize - Run %wpa_supplicant in the background
+ */
+ int daemonize;
+
+ /**
+ * wait_for_interface - Wait for the network interface to appear
+ *
+ * If set, %wpa_supplicant will wait until all the configured network
+ * interfaces are available before starting processing. Please note
+ * that in many cases, a better alternative would be to start
+ * %wpa_supplicant without network interfaces and add the interfaces
+ * dynamically whenever they become available.
+ */
+ int wait_for_interface;
+
+ /**
+ * wait_for_monitor - Wait for a monitor program before starting
+ */
+ int wait_for_monitor;
+
+ /**
+ * pid_file - Path to a PID (process ID) file
+ *
+ * If this and daemonize are set, process ID of the background process
+ * will be written to the specified file.
+ */
+ char *pid_file;
+
+ /**
+ * wpa_debug_level - Debugging verbosity level (e.g., MSG_INFO)
+ */
+ int wpa_debug_level;
+
+ /**
+ * wpa_debug_show_keys - Whether keying material is included in debug
+ *
+ * This parameter can be used to allow keying material to be included
+ * in debug messages. This is a security risk and this option should
+ * not be enabled in normal configuration. If needed during
+ * development or while troubleshooting, this option can provide more
+ * details for figuring out what is happening.
+ */
+ int wpa_debug_show_keys;
+
+ /**
+ * wpa_debug_timestamp - Whether to include timestamp in debug messages
+ */
+ int wpa_debug_timestamp;
+
+ /**
+ * ctrl_interface - Global ctrl_iface path/parameter
+ */
+ char *ctrl_interface;
+
+ /**
+ * dbus_ctrl_interface - Enable the DBus control interface
+ */
+ int dbus_ctrl_interface;
+
+ /**
+ * wpa_debug_file_path - Path of debug file or %NULL to use stdout
+ */
+ const char *wpa_debug_file_path;
+};
+
+/**
+ * struct wpa_global - Internal, global data for all %wpa_supplicant interfaces
+ *
+ * This structure is initialized by calling wpa_supplicant_init() when starting
+ * %wpa_supplicant.
+ */
+struct wpa_global {
+ struct wpa_supplicant *ifaces;
+ struct wpa_params params;
+ struct ctrl_iface_global_priv *ctrl_iface;
+ struct ctrl_iface_dbus_priv *dbus_ctrl_iface;
+};
+
+
+struct wpa_client_mlme {
+#ifdef CONFIG_CLIENT_MLME
+ enum {
+ IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
+ IEEE80211_ASSOCIATE, IEEE80211_ASSOCIATED,
+ IEEE80211_IBSS_SEARCH, IEEE80211_IBSS_JOINED
+ } state;
+ u8 prev_bssid[ETH_ALEN];
+ u8 ssid[32];
+ size_t ssid_len;
+ u16 aid;
+ u16 ap_capab, capab;
+ u8 *extra_ie; /* to be added to the end of AssocReq */
+ size_t extra_ie_len;
+ wpa_key_mgmt key_mgmt;
+
+ /* The last AssocReq/Resp IEs */
+ u8 *assocreq_ies, *assocresp_ies;
+ size_t assocreq_ies_len, assocresp_ies_len;
+
+ int auth_tries, assoc_tries;
+
+ unsigned int ssid_set:1;
+ unsigned int bssid_set:1;
+ unsigned int prev_bssid_set:1;
+ unsigned int authenticated:1;
+ unsigned int associated:1;
+ unsigned int probereq_poll:1;
+ unsigned int use_protection:1;
+ unsigned int create_ibss:1;
+ unsigned int mixed_cell:1;
+ unsigned int wmm_enabled:1;
+
+ struct os_time last_probe;
+
+#define IEEE80211_AUTH_ALG_OPEN BIT(0)
+#define IEEE80211_AUTH_ALG_SHARED_KEY BIT(1)
+#define IEEE80211_AUTH_ALG_LEAP BIT(2)
+ unsigned int auth_algs; /* bitfield of allowed auth algs */
+ int auth_alg; /* currently used IEEE 802.11 authentication algorithm */
+ int auth_transaction;
+
+ struct os_time ibss_join_req;
+ u8 *probe_resp; /* ProbeResp template for IBSS */
+ size_t probe_resp_len;
+ u32 supp_rates_bits;
+
+ int wmm_last_param_set;
+
+ int sta_scanning;
+ int scan_hw_mode_idx;
+ int scan_channel_idx;
+ enum { SCAN_SET_CHANNEL, SCAN_SEND_PROBE } scan_state;
+ struct os_time last_scan_completed;
+ int scan_oper_channel;
+ int scan_oper_freq;
+ int scan_oper_phymode;
+ u8 scan_ssid[32];
+ size_t scan_ssid_len;
+ int scan_skip_11b;
+
+ struct ieee80211_sta_bss *sta_bss_list;
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+ struct ieee80211_sta_bss *sta_bss_hash[STA_HASH_SIZE];
+
+ int cts_protect_erp_frames;
+
+ int phymode; /* current mode; WPA_MODE_IEEE80211A, .. */
+ struct wpa_hw_modes *modes;
+ size_t num_modes;
+ unsigned int hw_modes; /* bitfield of allowed hardware modes;
+ * (1 << MODE_*) */
+ int num_curr_rates;
+ struct wpa_rate_data *curr_rates;
+ int freq; /* The current frequency in MHz */
+ int channel; /* The current IEEE 802.11 channel number */
+#else /* CONFIG_CLIENT_MLME */
+ int dummy; /* to keep MSVC happy */
+#endif /* CONFIG_CLIENT_MLME */
+};
+
+/**
+ * struct wpa_supplicant - Internal data for wpa_supplicant interface
+ *
+ * This structure contains the internal data for core wpa_supplicant code. This
+ * should be only used directly from the core code. However, a pointer to this
+ * data is used from other files as an arbitrary context pointer in calls to
+ * core functions.
+ */
+struct wpa_supplicant {
+ struct wpa_global *global;
+ struct wpa_supplicant *next;
+ struct l2_packet_data *l2;
+ struct l2_packet_data *l2_br;
+ unsigned char own_addr[ETH_ALEN];
+ char ifname[100];
+#ifdef CONFIG_CTRL_IFACE_DBUS
+ char *dbus_path;
+#endif /* CONFIG_CTRL_IFACE_DBUS */
+ char bridge_ifname[16];
+
+ char *confname;
+ struct wpa_config *conf;
+ int countermeasures;
+ os_time_t last_michael_mic_error;
+ u8 bssid[ETH_ALEN];
+ u8 pending_bssid[ETH_ALEN]; /* If wpa_state == WPA_ASSOCIATING, this
+ * field contains the targer BSSID. */
+ int reassociate; /* reassociation requested */
+ int disconnected; /* all connections disabled; i.e., do no reassociate
+ * before this has been cleared */
+ struct wpa_ssid *current_ssid;
+
+ /* Selected configuration (based on Beacon/ProbeResp WPA IE) */
+ int pairwise_cipher;
+ int group_cipher;
+ int key_mgmt;
+ int mgmt_group_cipher;
+
+ void *drv_priv; /* private data used by driver_ops */
+
+ struct wpa_ssid *prev_scan_ssid; /* previously scanned SSID;
+ * NULL = not yet initialized (start
+ * with broadcast SSID)
+ * BROADCAST_SSID_SCAN = broadcast
+ * SSID was used in the previous scan
+ */
+#define BROADCAST_SSID_SCAN ((struct wpa_ssid *) 1)
+
+ struct wpa_scan_result *scan_results;
+ int num_scan_results;
+
+ struct wpa_driver_ops *driver;
+ int interface_removed; /* whether the network interface has been
+ * removed */
+ struct wpa_sm *wpa;
+ struct eapol_sm *eapol;
+
+ struct ctrl_iface_priv *ctrl_iface;
+
+ wpa_states wpa_state;
+ int new_connection;
+ int reassociated_connection;
+
+ int eapol_received; /* number of EAPOL packets received after the
+ * previous association event */
+
+ struct scard_data *scard;
+
+ unsigned char last_eapol_src[ETH_ALEN];
+
+ int keys_cleared;
+
+ struct wpa_blacklist *blacklist;
+
+ int scan_req; /* manual scan request; this forces a scan even if there
+ * are no enabled networks in the configuration */
+ int scan_res_tried; /* whether ap_scan=1 mode has tried to fetch scan
+ * results without a new scan request; this is used
+ * to speed up the first association if the driver
+ * has already available scan results. */
+
+ struct wpa_client_mlme mlme;
+ int use_client_mlme;
+};
+
+
+/* wpa_supplicant.c */
+void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s);
+
+int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
+
+const char * wpa_supplicant_state_txt(int state);
+int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
+ int wait_for_interface);
+struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
+ const u8 *bssid);
+int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid);
+void wpa_blacklist_clear(struct wpa_supplicant *wpa_s);
+int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *bss,
+ struct wpa_ssid *ssid,
+ u8 *wpa_ie, size_t *wpa_ie_len);
+void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *bss,
+ struct wpa_ssid *ssid);
+void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s);
+int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s);
+void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr);
+void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
+ int sec, int usec);
+void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state);
+struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
+ int reason_code);
+void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
+ int reason_code);
+void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
+
+void wpa_show_license(void);
+
+struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
+ struct wpa_interface *iface);
+int wpa_supplicant_remove_iface(struct wpa_global *global,
+ struct wpa_supplicant *wpa_s);
+struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
+ const char *ifname);
+struct wpa_global * wpa_supplicant_init(struct wpa_params *params);
+int wpa_supplicant_run(struct wpa_global *global);
+void wpa_supplicant_deinit(struct wpa_global *global);
+
+int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+
+/* events.c */
+void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
+
+/* driver_ops */
+static inline void * wpa_drv_init(struct wpa_supplicant *wpa_s,
+ const char *ifname)
+{
+ if (wpa_s->driver->init) {
+ return wpa_s->driver->init(wpa_s, ifname);
+ }
+ return NULL;
+}
+
+static inline void wpa_drv_deinit(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->driver->deinit)
+ wpa_s->driver->deinit(wpa_s->drv_priv);
+}
+
+static inline int wpa_drv_set_param(struct wpa_supplicant *wpa_s,
+ const char *param)
+{
+ if (wpa_s->driver->set_param)
+ return wpa_s->driver->set_param(wpa_s->drv_priv, param);
+ return 0;
+}
+
+static inline int wpa_drv_set_drop_unencrypted(struct wpa_supplicant *wpa_s,
+ int enabled)
+{
+ if (wpa_s->driver->set_drop_unencrypted) {
+ return wpa_s->driver->set_drop_unencrypted(wpa_s->drv_priv,
+ enabled);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_set_countermeasures(struct wpa_supplicant *wpa_s,
+ int enabled)
+{
+ if (wpa_s->driver->set_countermeasures) {
+ return wpa_s->driver->set_countermeasures(wpa_s->drv_priv,
+ enabled);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_set_auth_alg(struct wpa_supplicant *wpa_s,
+ int auth_alg)
+{
+ if (wpa_s->driver->set_auth_alg) {
+ return wpa_s->driver->set_auth_alg(wpa_s->drv_priv,
+ auth_alg);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_set_wpa(struct wpa_supplicant *wpa_s, int enabled)
+{
+ if (wpa_s->driver->set_wpa) {
+ return wpa_s->driver->set_wpa(wpa_s->drv_priv, enabled);
+ }
+ return 0;
+}
+
+static inline int wpa_drv_associate(struct wpa_supplicant *wpa_s,
+ struct wpa_driver_associate_params *params)
+{
+ if (wpa_s->driver->associate) {
+ return wpa_s->driver->associate(wpa_s->drv_priv, params);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_scan(struct wpa_supplicant *wpa_s, const u8 *ssid,
+ size_t ssid_len)
+{
+ if (wpa_s->driver->scan) {
+ return wpa_s->driver->scan(wpa_s->drv_priv, ssid, ssid_len);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_get_scan_results(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_result *results,
+ size_t max_size)
+{
+ if (wpa_s->driver->get_scan_results) {
+ return wpa_s->driver->get_scan_results(wpa_s->drv_priv,
+ results, max_size);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_get_bssid(struct wpa_supplicant *wpa_s, u8 *bssid)
+{
+ if (wpa_s->driver->get_bssid) {
+ return wpa_s->driver->get_bssid(wpa_s->drv_priv, bssid);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid)
+{
+ if (wpa_s->driver->get_ssid) {
+ return wpa_s->driver->get_ssid(wpa_s->drv_priv, ssid);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s, wpa_alg alg,
+ const u8 *addr, int key_idx, int set_tx,
+ const u8 *seq, size_t seq_len,
+ const u8 *key, size_t key_len)
+{
+ if (wpa_s->driver->set_key) {
+ wpa_s->keys_cleared = 0;
+ return wpa_s->driver->set_key(wpa_s->drv_priv, alg, addr,
+ key_idx, set_tx, seq, seq_len,
+ key, key_len);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_deauthenticate(struct wpa_supplicant *wpa_s,
+ const u8 *addr, int reason_code)
+{
+ if (wpa_s->driver->deauthenticate) {
+ return wpa_s->driver->deauthenticate(wpa_s->drv_priv, addr,
+ reason_code);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_disassociate(struct wpa_supplicant *wpa_s,
+ const u8 *addr, int reason_code)
+{
+ if (wpa_s->driver->disassociate) {
+ return wpa_s->driver->disassociate(wpa_s->drv_priv, addr,
+ reason_code);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_add_pmkid(struct wpa_supplicant *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ if (wpa_s->driver->add_pmkid) {
+ return wpa_s->driver->add_pmkid(wpa_s->drv_priv, bssid, pmkid);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_remove_pmkid(struct wpa_supplicant *wpa_s,
+ const u8 *bssid, const u8 *pmkid)
+{
+ if (wpa_s->driver->remove_pmkid) {
+ return wpa_s->driver->remove_pmkid(wpa_s->drv_priv, bssid,
+ pmkid);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_flush_pmkid(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->driver->flush_pmkid) {
+ return wpa_s->driver->flush_pmkid(wpa_s->drv_priv);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_get_capa(struct wpa_supplicant *wpa_s,
+ struct wpa_driver_capa *capa)
+{
+ if (wpa_s->driver->get_capa) {
+ return wpa_s->driver->get_capa(wpa_s->drv_priv, capa);
+ }
+ return -1;
+}
+
+static inline void wpa_drv_poll(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->driver->poll) {
+ wpa_s->driver->poll(wpa_s->drv_priv);
+ }
+}
+
+static inline const char * wpa_drv_get_ifname(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->driver->get_ifname) {
+ return wpa_s->driver->get_ifname(wpa_s->drv_priv);
+ }
+ return NULL;
+}
+
+static inline const u8 * wpa_drv_get_mac_addr(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->driver->get_mac_addr) {
+ return wpa_s->driver->get_mac_addr(wpa_s->drv_priv);
+ }
+ return NULL;
+}
+
+static inline int wpa_drv_send_eapol(struct wpa_supplicant *wpa_s,
+ const u8 *dst, u16 proto,
+ const u8 *data, size_t data_len)
+{
+ if (wpa_s->driver->send_eapol)
+ return wpa_s->driver->send_eapol(wpa_s->drv_priv, dst, proto,
+ data, data_len);
+ return -1;
+}
+
+static inline int wpa_drv_set_operstate(struct wpa_supplicant *wpa_s,
+ int state)
+{
+ if (wpa_s->driver->set_operstate)
+ return wpa_s->driver->set_operstate(wpa_s->drv_priv, state);
+ return 0;
+}
+
+static inline int wpa_drv_mlme_setprotection(struct wpa_supplicant *wpa_s,
+ const u8 *addr, int protect_type,
+ int key_type)
+{
+ if (wpa_s->driver->mlme_setprotection)
+ return wpa_s->driver->mlme_setprotection(wpa_s->drv_priv, addr,
+ protect_type,
+ key_type);
+ return 0;
+}
+
+static inline struct wpa_hw_modes *
+wpa_drv_get_hw_feature_data(struct wpa_supplicant *wpa_s, u16 *num_modes,
+ u16 *flags)
+{
+ if (wpa_s->driver->get_hw_feature_data)
+ return wpa_s->driver->get_hw_feature_data(wpa_s->drv_priv,
+ num_modes, flags);
+ return NULL;
+}
+
+static inline int wpa_drv_set_channel(struct wpa_supplicant *wpa_s,
+ wpa_hw_mode phymode, int chan,
+ int freq)
+{
+ if (wpa_s->driver->set_channel)
+ return wpa_s->driver->set_channel(wpa_s->drv_priv, phymode,
+ chan, freq);
+ return -1;
+}
+
+static inline int wpa_drv_set_ssid(struct wpa_supplicant *wpa_s,
+ const u8 *ssid, size_t ssid_len)
+{
+ if (wpa_s->driver->set_ssid) {
+ return wpa_s->driver->set_ssid(wpa_s->drv_priv, ssid,
+ ssid_len);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_set_bssid(struct wpa_supplicant *wpa_s,
+ const u8 *bssid)
+{
+ if (wpa_s->driver->set_bssid) {
+ return wpa_s->driver->set_bssid(wpa_s->drv_priv, bssid);
+ }
+ return -1;
+}
+
+static inline int wpa_drv_send_mlme(struct wpa_supplicant *wpa_s,
+ const u8 *data, size_t data_len)
+{
+ if (wpa_s->driver->send_mlme)
+ return wpa_s->driver->send_mlme(wpa_s->drv_priv,
+ data, data_len);
+ return -1;
+}
+
+static inline int wpa_drv_mlme_add_sta(struct wpa_supplicant *wpa_s,
+ const u8 *addr, const u8 *supp_rates,
+ size_t supp_rates_len)
+{
+ if (wpa_s->driver->mlme_add_sta)
+ return wpa_s->driver->mlme_add_sta(wpa_s->drv_priv, addr,
+ supp_rates, supp_rates_len);
+ return -1;
+}
+
+static inline int wpa_drv_mlme_remove_sta(struct wpa_supplicant *wpa_s,
+ const u8 *addr)
+{
+ if (wpa_s->driver->mlme_remove_sta)
+ return wpa_s->driver->mlme_remove_sta(wpa_s->drv_priv, addr);
+ return -1;
+}
+
+#endif /* WPA_SUPPLICANT_I_H */
--- /dev/null
+/*
+ * X.509v3 certificate parsing and processing (RFC 3280 profile)
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+#ifdef CONFIG_INTERNAL_X509
+
+#include "asn1.h"
+#include "crypto.h"
+#include "x509v3.h"
+
+
+static void x509_free_name(struct x509_name *name)
+{
+ os_free(name->cn);
+ os_free(name->c);
+ os_free(name->l);
+ os_free(name->st);
+ os_free(name->o);
+ os_free(name->ou);
+ os_free(name->email);
+ name->cn = name->c = name->l = name->st = name->o = name->ou = NULL;
+ name->email = NULL;
+}
+
+
+/**
+ * x509_certificate_free - Free an X.509 certificate
+ * @cert: Certificate to be freed
+ */
+void x509_certificate_free(struct x509_certificate *cert)
+{
+ if (cert == NULL)
+ return;
+ if (cert->next) {
+ wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
+ "was still on a list (next=%p)\n",
+ cert, cert->next);
+ }
+ x509_free_name(&cert->issuer);
+ x509_free_name(&cert->subject);
+ os_free(cert->public_key);
+ os_free(cert->sign_value);
+ os_free(cert);
+}
+
+
+/**
+ * x509_certificate_free - Free an X.509 certificate chain
+ * @cert: Pointer to the first certificate in the chain
+ */
+void x509_certificate_chain_free(struct x509_certificate *cert)
+{
+ struct x509_certificate *next;
+
+ while (cert) {
+ next = cert->next;
+ cert->next = NULL;
+ x509_certificate_free(cert);
+ cert = next;
+ }
+}
+
+
+static int x509_whitespace(char c)
+{
+ return c == ' ' || c == '\t';
+}
+
+
+static void x509_str_strip_whitespace(char *a)
+{
+ char *ipos, *opos;
+ int remove_whitespace = 1;
+
+ ipos = opos = a;
+
+ while (*ipos) {
+ if (remove_whitespace && x509_whitespace(*ipos))
+ ipos++;
+ else {
+ remove_whitespace = x509_whitespace(*ipos);
+ *opos++ = *ipos++;
+ }
+ }
+
+ *opos-- = '\0';
+ if (opos > a && x509_whitespace(*opos))
+ *opos = '\0';
+}
+
+
+static int x509_str_compare(const char *a, const char *b)
+{
+ char *aa, *bb;
+ int ret;
+
+ if (!a && b)
+ return -1;
+ if (a && !b)
+ return 1;
+ if (!a && !b)
+ return 0;
+
+ aa = os_strdup(a);
+ bb = os_strdup(b);
+
+ if (aa == NULL || bb == NULL) {
+ os_free(aa);
+ os_free(bb);
+ return os_strcasecmp(a, b);
+ }
+
+ x509_str_strip_whitespace(aa);
+ x509_str_strip_whitespace(bb);
+
+ ret = os_strcasecmp(aa, bb);
+
+ os_free(aa);
+ os_free(bb);
+
+ return ret;
+}
+
+
+/**
+ * x509_name_compare - Compare X.509 certificate names
+ * @a: Certificate name
+ * @b: Certificate name
+ * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
+ * greater than b
+ */
+int x509_name_compare(struct x509_name *a, struct x509_name *b)
+{
+ int res;
+
+ if (!a && b)
+ return -1;
+ if (a && !b)
+ return 1;
+ if (!a && !b)
+ return 0;
+
+ res = x509_str_compare(a->cn, b->cn);
+ if (res)
+ return res;
+ res = x509_str_compare(a->c, b->c);
+ if (res)
+ return res;
+ res = x509_str_compare(a->l, b->l);
+ if (res)
+ return res;
+ res = x509_str_compare(a->st, b->st);
+ if (res)
+ return res;
+ res = x509_str_compare(a->o, b->o);
+ if (res)
+ return res;
+ res = x509_str_compare(a->ou, b->ou);
+ if (res)
+ return res;
+ res = x509_str_compare(a->email, b->email);
+ if (res)
+ return res;
+
+ return 0;
+}
+
+
+static int x509_parse_algorithm_identifier(
+ const u8 *buf, size_t len,
+ struct x509_algorithm_identifier *id, const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+
+ /*
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL
+ * }
+ */
+
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(AlgorithmIdentifier) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+ end = pos + hdr.length;
+
+ if (end > buf + len)
+ return -1;
+
+ *next = end;
+
+ if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
+ return -1;
+
+ /* TODO: optional parameters */
+
+ return 0;
+}
+
+
+static int x509_parse_public_key(const u8 *buf, size_t len,
+ struct x509_certificate *cert,
+ const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+
+ /*
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING
+ * }
+ */
+
+ pos = buf;
+ end = buf + len;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+
+ if (pos + hdr.length > end)
+ return -1;
+ end = pos + hdr.length;
+ *next = end;
+
+ if (x509_parse_algorithm_identifier(pos, end - pos,
+ &cert->public_key_alg, &pos))
+ return -1;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_BITSTRING) {
+ wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
+ "(subjectPublicKey) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ if (hdr.length < 1)
+ return -1;
+ pos = hdr.payload;
+ if (*pos) {
+ wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ *pos);
+ /*
+ * TODO: should this be rejected? X.509 certificates are
+ * unlikely to use such a construction. Now we would end up
+ * including the extra bits in the buffer which may also be
+ * ok.
+ */
+ }
+ os_free(cert->public_key);
+ cert->public_key = os_malloc(hdr.length - 1);
+ if (cert->public_key == NULL) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
+ "public key");
+ return -1;
+ }
+ os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
+ cert->public_key_len = hdr.length - 1;
+ wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
+ cert->public_key, cert->public_key_len);
+
+ return 0;
+}
+
+
+static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+ const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
+ struct asn1_oid oid;
+ char **fieldp;
+
+ /*
+ * Name ::= CHOICE { RDNSequence }
+ * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue
+ * }
+ * AttributeType ::= OBJECT IDENTIFIER
+ * AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(Name / RDNSequencer) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+
+ if (pos + hdr.length > buf + len)
+ return -1;
+
+ end = *next = pos + hdr.length;
+
+ while (pos < end) {
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SET) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SET "
+ "(RelativeDistinguishedName) - found class "
+ "%d tag 0x%x", hdr.class, hdr.tag);
+ x509_free_name(name);
+ return -1;
+ }
+
+ set_pos = hdr.payload;
+ pos = set_end = hdr.payload + hdr.length;
+
+ if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(AttributeTypeAndValue) - found class %d "
+ "tag 0x%x", hdr.class, hdr.tag);
+ x509_free_name(name);
+ return -1;
+ }
+
+ seq_pos = hdr.payload;
+ seq_end = hdr.payload + hdr.length;
+
+ if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
+ x509_free_name(name);
+ return -1;
+ }
+
+ if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to parse "
+ "AttributeValue");
+ x509_free_name(name);
+ return -1;
+ }
+
+ /* RFC 3280:
+ * MUST: country, organization, organizational-unit,
+ * distinguished name qualifier, state or province name,
+ * common name, serial number.
+ * SHOULD: locality, title, surname, given name, initials,
+ * pseudonym, generation qualifier.
+ * MUST: domainComponent (RFC 2247).
+ */
+ fieldp = NULL;
+ if (oid.len == 4 &&
+ oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
+ /* id-at ::= 2.5.4 */
+ switch (oid.oid[3]) {
+ case 3:
+ /* commonName */
+ fieldp = &name->cn;
+ break;
+ case 6:
+ /* countryName */
+ fieldp = &name->c;
+ break;
+ case 7:
+ /* localityName */
+ fieldp = &name->l;
+ break;
+ case 8:
+ /* stateOrProvinceName */
+ fieldp = &name->st;
+ break;
+ case 10:
+ /* organizationName */
+ fieldp = &name->o;
+ break;
+ case 11:
+ /* organizationalUnitName */
+ fieldp = &name->ou;
+ break;
+ }
+ } else if (oid.len == 7 &&
+ oid.oid[0] == 1 && oid.oid[1] == 2 &&
+ oid.oid[2] == 840 && oid.oid[3] == 113549 &&
+ oid.oid[4] == 1 && oid.oid[5] == 9 &&
+ oid.oid[6] == 1) {
+ /* 1.2.840.113549.1.9.1 - e-mailAddress */
+ fieldp = &name->email;
+ }
+
+ if (fieldp == NULL) {
+ wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
+ (u8 *) oid.oid,
+ oid.len * sizeof(oid.oid[0]));
+ wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
+ hdr.payload, hdr.length);
+ continue;
+ }
+
+ os_free(*fieldp);
+ *fieldp = os_malloc(hdr.length + 1);
+ if (*fieldp == NULL) {
+ x509_free_name(name);
+ return -1;
+ }
+ os_memcpy(*fieldp, hdr.payload, hdr.length);
+ (*fieldp)[hdr.length] = '\0';
+ }
+
+ return 0;
+}
+
+
+/**
+ * x509_name_string - Convert an X.509 certificate name into a string
+ * @name: Name to convert
+ * @buf: Buffer for the string
+ * @len: Maximum buffer length
+ */
+void x509_name_string(struct x509_name *name, char *buf, size_t len)
+{
+ char *pos, *end;
+ int ret;
+
+ if (len == 0)
+ return;
+
+ pos = buf;
+ end = buf + len;
+
+ if (name->c) {
+ ret = os_snprintf(pos, end - pos, "C=%s, ", name->c);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+ if (name->st) {
+ ret = os_snprintf(pos, end - pos, "ST=%s, ", name->st);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+ if (name->l) {
+ ret = os_snprintf(pos, end - pos, "L=%s, ", name->l);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+ if (name->o) {
+ ret = os_snprintf(pos, end - pos, "O=%s, ", name->o);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+ if (name->ou) {
+ ret = os_snprintf(pos, end - pos, "OU=%s, ", name->ou);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+ if (name->cn) {
+ ret = os_snprintf(pos, end - pos, "CN=%s, ", name->cn);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+
+ if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
+ *pos-- = '\0';
+ *pos-- = '\0';
+ }
+
+ if (name->email) {
+ ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
+ name->email);
+ if (ret < 0 || ret >= end - pos)
+ goto done;
+ pos += ret;
+ }
+
+done:
+ end[-1] = '\0';
+}
+
+
+static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
+ os_time_t *val)
+{
+ const char *pos;
+ int year, month, day, hour, min, sec;
+
+ /*
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime
+ * }
+ *
+ * UTCTime: YYMMDDHHMMSSZ
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
+ */
+
+ pos = (const char *) buf;
+
+ switch (asn1_tag) {
+ case ASN1_TAG_UTCTIME:
+ if (len != 13 || buf[12] != 'Z') {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
+ "UTCTime format", buf, len);
+ return -1;
+ }
+ if (sscanf(pos, "%02d", &year) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
+ "UTCTime year", buf, len);
+ return -1;
+ }
+ if (year < 50)
+ year += 2000;
+ else
+ year += 1900;
+ pos += 2;
+ break;
+ case ASN1_TAG_GENERALIZEDTIME:
+ if (len != 15 || buf[14] != 'Z') {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
+ "GeneralizedTime format", buf, len);
+ return -1;
+ }
+ if (sscanf(pos, "%04d", &year) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
+ "GeneralizedTime year", buf, len);
+ return -1;
+ }
+ pos += 4;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
+ "GeneralizedTime - found tag 0x%x", asn1_tag);
+ return -1;
+ }
+
+ if (sscanf(pos, "%02d", &month) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
+ "(month)", buf, len);
+ return -1;
+ }
+ pos += 2;
+
+ if (sscanf(pos, "%02d", &day) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
+ "(day)", buf, len);
+ return -1;
+ }
+ pos += 2;
+
+ if (sscanf(pos, "%02d", &hour) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
+ "(hour)", buf, len);
+ return -1;
+ }
+ pos += 2;
+
+ if (sscanf(pos, "%02d", &min) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
+ "(min)", buf, len);
+ return -1;
+ }
+ pos += 2;
+
+ if (sscanf(pos, "%02d", &sec) != 1) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
+ "(sec)", buf, len);
+ return -1;
+ }
+
+ if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
+ buf, len);
+ if (year < 1970) {
+ /*
+ * At least some test certificates have been configured
+ * to use dates prior to 1970. Set the date to
+ * beginning of 1970 to handle these case.
+ */
+ wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
+ "assume epoch as the time", year);
+ *val = 0;
+ return 0;
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int x509_parse_validity(const u8 *buf, size_t len,
+ struct x509_certificate *cert, const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos;
+ size_t plen;
+
+ /*
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time
+ * }
+ *
+ * RFC 3280, 4.1.2.5:
+ * CAs conforming to this profile MUST always encode certificate
+ * validity dates through the year 2049 as UTCTime; certificate
+ * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
+ */
+
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(Validity) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+ plen = hdr.length;
+
+ if (pos + plen > buf + len)
+ return -1;
+
+ *next = pos + plen;
+
+ if (asn1_get_next(pos, plen, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ x509_parse_time(hdr.payload, hdr.length, hdr.tag,
+ &cert->not_before) < 0) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
+ "Time", hdr.payload, hdr.length);
+ return -1;
+ }
+
+ pos = hdr.payload + hdr.length;
+ plen = *next - pos;
+
+ if (asn1_get_next(pos, plen, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ x509_parse_time(hdr.payload, hdr.length, hdr.tag,
+ &cert->not_after) < 0) {
+ wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
+ "Time", hdr.payload, hdr.length);
+ return -1;
+ }
+
+ wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
+ (unsigned long) cert->not_before,
+ (unsigned long) cert->not_after);
+
+ return 0;
+}
+
+
+static int x509_id_ce_oid(struct asn1_oid *oid)
+{
+ /* id-ce arc from X.509 for standard X.509v3 extensions */
+ return oid->len >= 4 &&
+ oid->oid[0] == 2 /* joint-iso-ccitt */ &&
+ oid->oid[1] == 5 /* ds */ &&
+ oid->oid[2] == 29 /* id-ce */;
+}
+
+
+static int x509_parse_ext_key_usage(struct x509_certificate *cert,
+ const u8 *pos, size_t len)
+{
+ struct asn1_hdr hdr;
+
+ /*
+ * KeyUsage ::= BIT STRING {
+ * digitalSignature (0),
+ * nonRepudiation (1),
+ * keyEncipherment (2),
+ * dataEncipherment (3),
+ * keyAgreement (4),
+ * keyCertSign (5),
+ * cRLSign (6),
+ * encipherOnly (7),
+ * decipherOnly (8) }
+ */
+
+ if (asn1_get_next(pos, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_BITSTRING ||
+ hdr.length < 1) {
+ wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
+ "KeyUsage; found %d tag 0x%x len %d",
+ hdr.class, hdr.tag, hdr.length);
+ return -1;
+ }
+
+ cert->extensions_present |= X509_EXT_KEY_USAGE;
+ cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
+
+ wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
+
+ return 0;
+}
+
+
+static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
+ const u8 *pos, size_t len)
+{
+ struct asn1_hdr hdr;
+ unsigned long value;
+ size_t left;
+
+ /*
+ * BasicConstraints ::= SEQUENCE {
+ * cA BOOLEAN DEFAULT FALSE,
+ * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+ */
+
+ if (asn1_get_next(pos, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
+ "BasicConstraints; found %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+
+ cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
+
+ if (hdr.length == 0)
+ return 0;
+
+ if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to parse "
+ "BasicConstraints");
+ return -1;
+ }
+
+ if (hdr.tag == ASN1_TAG_BOOLEAN) {
+ if (hdr.length != 1) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected "
+ "Boolean length (%u) in BasicConstraints",
+ hdr.length);
+ return -1;
+ }
+ cert->ca = hdr.payload[0];
+
+ if (hdr.payload + hdr.length == pos + len) {
+ wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
+ cert->ca);
+ return 0;
+ }
+
+ if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
+ &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to parse "
+ "BasicConstraints");
+ return -1;
+ }
+ }
+
+ if (hdr.tag != ASN1_TAG_INTEGER) {
+ wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
+ "BasicConstraints; found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+
+ pos = hdr.payload;
+ left = hdr.length;
+ value = 0;
+ while (left) {
+ value <<= 8;
+ value |= *pos++;
+ left--;
+ }
+
+ cert->path_len_constraint = value;
+ cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
+
+ wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
+ "pathLenConstraint=%lu",
+ cert->ca, cert->path_len_constraint);
+
+ return 0;
+}
+
+
+static int x509_parse_extension_data(struct x509_certificate *cert,
+ struct asn1_oid *oid,
+ const u8 *pos, size_t len)
+{
+ if (!x509_id_ce_oid(oid))
+ return 1;
+
+ /* TODO: add other extensions required by RFC 3280, Ch 4.2:
+ * certificate policies (section 4.2.1.5)
+ * the subject alternative name (section 4.2.1.7)
+ * name constraints (section 4.2.1.11)
+ * policy constraints (section 4.2.1.12)
+ * extended key usage (section 4.2.1.13)
+ * inhibit any-policy (section 4.2.1.15)
+ */
+ switch (oid->oid[3]) {
+ case 15: /* id-ce-keyUsage */
+ return x509_parse_ext_key_usage(cert, pos, len);
+ case 19: /* id-ce-basicConstraints */
+ return x509_parse_ext_basic_constraints(cert, pos, len);
+ default:
+ return 1;
+ }
+}
+
+
+static int x509_parse_extension(struct x509_certificate *cert,
+ const u8 *pos, size_t len, const u8 **next)
+{
+ const u8 *end;
+ struct asn1_hdr hdr;
+ struct asn1_oid oid;
+ int critical_ext = 0, res;
+ char buf[80];
+
+ /*
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING
+ * }
+ */
+
+ if (asn1_get_next(pos, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
+ "Extensions: class %d tag 0x%x; expected SEQUENCE",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+ *next = end = pos + hdr.length;
+
+ if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
+ "Extension (expected OID)");
+ return -1;
+ }
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ (hdr.tag != ASN1_TAG_BOOLEAN &&
+ hdr.tag != ASN1_TAG_OCTETSTRING)) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
+ "Extensions: class %d tag 0x%x; expected BOOLEAN "
+ "or OCTET STRING", hdr.class, hdr.tag);
+ return -1;
+ }
+
+ if (hdr.tag == ASN1_TAG_BOOLEAN) {
+ if (hdr.length != 1) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected "
+ "Boolean length (%u)", hdr.length);
+ return -1;
+ }
+ critical_ext = hdr.payload[0];
+ pos = hdr.payload;
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ (hdr.class != ASN1_CLASS_UNIVERSAL &&
+ hdr.class != ASN1_CLASS_PRIVATE) ||
+ hdr.tag != ASN1_TAG_OCTETSTRING) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
+ "in Extensions: class %d tag 0x%x; "
+ "expected OCTET STRING",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ }
+
+ asn1_oid_to_str(&oid, buf, sizeof(buf));
+ wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
+ buf, critical_ext);
+ wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
+
+ res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
+ if (res < 0)
+ return res;
+ if (res == 1 && critical_ext) {
+ wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
+ buf);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int x509_parse_extensions(struct x509_certificate *cert,
+ const u8 *pos, size_t len)
+{
+ const u8 *end;
+ struct asn1_hdr hdr;
+
+ /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */
+
+ if (asn1_get_next(pos, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
+ "for Extensions: class %d tag 0x%x; "
+ "expected SEQUENCE", hdr.class, hdr.tag);
+ return -1;
+ }
+
+ pos = hdr.payload;
+ end = pos + hdr.length;
+
+ while (pos < end) {
+ if (x509_parse_extension(cert, pos, end - pos, &pos)
+ < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
+ struct x509_certificate *cert,
+ const u8 **next)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+ size_t left;
+ char sbuf[128];
+ unsigned long value;
+
+ /* tbsCertificate TBSCertificate ::= SEQUENCE */
+ if (asn1_get_next(buf, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
+ "with a valid SEQUENCE - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ pos = hdr.payload;
+ end = *next = pos + hdr.length;
+
+ /*
+ * version [0] EXPLICIT Version DEFAULT v1
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0)
+ return -1;
+ pos = hdr.payload;
+
+ if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
+ if (asn1_get_next(pos, end - pos, &hdr) < 0)
+ return -1;
+
+ if (hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_INTEGER) {
+ wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
+ "version field - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ if (hdr.length != 1) {
+ wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
+ "length %u (expected 1)", hdr.length);
+ return -1;
+ }
+ pos = hdr.payload;
+ left = hdr.length;
+ value = 0;
+ while (left) {
+ value <<= 8;
+ value |= *pos++;
+ left--;
+ }
+
+ cert->version = value;
+ if (cert->version != X509_CERT_V1 &&
+ cert->version != X509_CERT_V2 &&
+ cert->version != X509_CERT_V3) {
+ wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
+ cert->version + 1);
+ return -1;
+ }
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0)
+ return -1;
+ } else
+ cert->version = X509_CERT_V1;
+ wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
+
+ /* serialNumber CertificateSerialNumber ::= INTEGER */
+ if (hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_INTEGER) {
+ wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
+ "serialNumber; class=%d tag=0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+
+ pos = hdr.payload;
+ left = hdr.length;
+ while (left) {
+ cert->serial_number <<= 8;
+ cert->serial_number |= *pos++;
+ left--;
+ }
+ wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
+
+ /* signature AlgorithmIdentifier */
+ if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
+ &pos))
+ return -1;
+
+ /* issuer Name */
+ if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
+ return -1;
+ x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
+ wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
+
+ /* validity Validity */
+ if (x509_parse_validity(pos, end - pos, cert, &pos))
+ return -1;
+
+ /* subject Name */
+ if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
+ return -1;
+ x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
+ wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
+
+ /* subjectPublicKeyInfo SubjectPublicKeyInfo */
+ if (x509_parse_public_key(pos, end - pos, cert, &pos))
+ return -1;
+
+ if (pos == end)
+ return 0;
+
+ if (cert->version == X509_CERT_V1)
+ return 0;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
+ wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
+ " tag to parse optional tbsCertificate "
+ "field(s); parsed class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+
+ if (hdr.tag == 1) {
+ /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */
+ wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
+ /* TODO: parse UniqueIdentifier ::= BIT STRING */
+
+ if (hdr.payload + hdr.length == end)
+ return 0;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
+ wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
+ " tag to parse optional tbsCertificate "
+ "field(s); parsed class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ }
+
+ if (hdr.tag == 2) {
+ /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */
+ wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
+ /* TODO: parse UniqueIdentifier ::= BIT STRING */
+
+ if (hdr.payload + hdr.length == end)
+ return 0;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
+ wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
+ " tag to parse optional tbsCertificate "
+ "field(s); parsed class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return -1;
+ }
+ }
+
+ if (hdr.tag != 3) {
+ wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
+ "Context-Specific tag %d in optional "
+ "tbsCertificate fields", hdr.tag);
+ return 0;
+ }
+
+ /* extensions [3] EXPLICIT Extensions OPTIONAL */
+
+ if (cert->version != X509_CERT_V3) {
+ wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
+ "Extensions data which are only allowed for "
+ "version 3", cert->version + 1);
+ return -1;
+ }
+
+ if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
+ return -1;
+
+ pos = hdr.payload + hdr.length;
+ if (pos < end) {
+ wpa_hexdump(MSG_DEBUG,
+ "X509: Ignored extra tbsCertificate data",
+ pos, end - pos);
+ }
+
+ return 0;
+}
+
+
+static int x509_rsadsi_oid(struct asn1_oid *oid)
+{
+ return oid->len >= 4 &&
+ oid->oid[0] == 1 /* iso */ &&
+ oid->oid[1] == 2 /* member-body */ &&
+ oid->oid[2] == 840 /* us */ &&
+ oid->oid[3] == 113549 /* rsadsi */;
+}
+
+
+static int x509_pkcs_oid(struct asn1_oid *oid)
+{
+ return oid->len >= 5 &&
+ x509_rsadsi_oid(oid) &&
+ oid->oid[4] == 1 /* pkcs */;
+}
+
+
+static int x509_digest_oid(struct asn1_oid *oid)
+{
+ return oid->len >= 5 &&
+ x509_rsadsi_oid(oid) &&
+ oid->oid[4] == 2 /* digestAlgorithm */;
+}
+
+
+static int x509_sha1_oid(struct asn1_oid *oid)
+{
+ return oid->len == 6 &&
+ oid->oid[0] == 1 /* iso */ &&
+ oid->oid[1] == 3 /* identified-organization */ &&
+ oid->oid[2] == 14 /* oiw */ &&
+ oid->oid[3] == 3 /* secsig */ &&
+ oid->oid[4] == 2 /* algorithms */ &&
+ oid->oid[5] == 26 /* id-sha1 */;
+}
+
+
+/**
+ * x509_certificate_parse - Parse a X.509 certificate in DER format
+ * @buf: Pointer to the X.509 certificate in DER format
+ * @len: Buffer length
+ * Returns: Pointer to the parsed certificate or %NULL on failure
+ *
+ * Caller is responsible for freeing the returned certificate by calling
+ * x509_certificate_free().
+ */
+struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
+{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end, *hash_start;
+ struct x509_certificate *cert;
+
+ cert = os_zalloc(sizeof(*cert) + len);
+ if (cert == NULL)
+ return NULL;
+ os_memcpy(cert + 1, buf, len);
+ cert->cert_start = (u8 *) (cert + 1);
+ cert->cert_len = len;
+
+ pos = buf;
+ end = buf + len;
+
+ /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
+
+ /* Certificate ::= SEQUENCE */
+ if (asn1_get_next(pos, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
+ "a valid SEQUENCE - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ pos = hdr.payload;
+
+ if (pos + hdr.length > end) {
+ x509_certificate_free(cert);
+ return NULL;
+ }
+
+ if (pos + hdr.length < end) {
+ wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
+ "encoded certificate",
+ pos + hdr.length, end - pos + hdr.length);
+ end = pos + hdr.length;
+ }
+
+ hash_start = pos;
+ cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
+ if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ cert->tbs_cert_len = pos - hash_start;
+
+ /* signatureAlgorithm AlgorithmIdentifier */
+ if (x509_parse_algorithm_identifier(pos, end - pos,
+ &cert->signature_alg, &pos)) {
+ x509_certificate_free(cert);
+ return NULL;
+ }
+
+ /* signatureValue BIT STRING */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_BITSTRING) {
+ wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
+ "(signatureValue) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ if (hdr.length < 1) {
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ pos = hdr.payload;
+ if (*pos) {
+ wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ *pos);
+ /* PKCS #1 v1.5 10.2.1:
+ * It is an error if the length in bits of the signature S is
+ * not a multiple of eight.
+ */
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ os_free(cert->sign_value);
+ cert->sign_value = os_malloc(hdr.length - 1);
+ if (cert->sign_value == NULL) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
+ "signatureValue");
+ x509_certificate_free(cert);
+ return NULL;
+ }
+ os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
+ cert->sign_value_len = hdr.length - 1;
+ wpa_hexdump(MSG_MSGDUMP, "X509: signature",
+ cert->sign_value, cert->sign_value_len);
+
+ return cert;
+}
+
+
+/**
+ * x509_certificate_check_signature - Verify certificate signature
+ * @issuer: Issuer certificate
+ * @cert: Certificate to be verified
+ * Returns: 0 if cert has a valid signature that was signed by the issuer,
+ * -1 if not
+ */
+int x509_certificate_check_signature(struct x509_certificate *issuer,
+ struct x509_certificate *cert)
+{
+ struct crypto_public_key *pk;
+ u8 *data;
+ const u8 *pos, *end, *next, *da_end;
+ size_t data_len;
+ struct asn1_hdr hdr;
+ struct asn1_oid oid;
+ u8 hash[20];
+ size_t hash_len;
+
+ if (!x509_pkcs_oid(&cert->signature.oid) ||
+ cert->signature.oid.len != 7 ||
+ cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
+ wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
+ "algorithm");
+ return -1;
+ }
+
+ pk = crypto_public_key_import(issuer->public_key,
+ issuer->public_key_len);
+ if (pk == NULL)
+ return -1;
+
+ data_len = cert->sign_value_len;
+ data = os_malloc(data_len);
+ if (data == NULL) {
+ crypto_public_key_free(pk);
+ return -1;
+ }
+
+ if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
+ cert->sign_value_len, data,
+ &data_len) < 0) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
+ crypto_public_key_free(pk);
+ os_free(data);
+ return -1;
+ }
+ crypto_public_key_free(pk);
+
+ wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
+
+ /*
+ * PKCS #1 v1.5, 10.1.2:
+ *
+ * DigestInfo ::= SEQUENCE {
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * digest Digest
+ * }
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * Digest ::= OCTET STRING
+ *
+ */
+ if (asn1_get_next(data, data_len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(DigestInfo) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ os_free(data);
+ return -1;
+ }
+
+ pos = hdr.payload;
+ end = pos + hdr.length;
+
+ /*
+ * X.509:
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL
+ * }
+ */
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
+ "(AlgorithmIdentifier) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ os_free(data);
+ return -1;
+ }
+ da_end = hdr.payload + hdr.length;
+
+ if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
+ wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
+ os_free(data);
+ return -1;
+ }
+
+ if (x509_sha1_oid(&oid)) {
+ if (cert->signature.oid.oid[6] !=
+ 5 /* sha-1WithRSAEncryption */) {
+ wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
+ "does not match with certificate "
+ "signatureAlgorithm (%lu)",
+ cert->signature.oid.oid[6]);
+ os_free(data);
+ return -1;
+ }
+ goto skip_digest_oid;
+ }
+
+ if (!x509_digest_oid(&oid)) {
+ wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
+ os_free(data);
+ return -1;
+ }
+ switch (oid.oid[5]) {
+ case 5: /* md5 */
+ if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
+ {
+ wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
+ "not match with certificate "
+ "signatureAlgorithm (%lu)",
+ cert->signature.oid.oid[6]);
+ os_free(data);
+ return -1;
+ }
+ break;
+ case 2: /* md2 */
+ case 4: /* md4 */
+ default:
+ wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
+ "(%lu)", oid.oid[5]);
+ os_free(data);
+ return -1;
+ }
+
+skip_digest_oid:
+ /* Digest ::= OCTET STRING */
+ pos = da_end;
+ end = data + data_len;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_OCTETSTRING) {
+ wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
+ "(Digest) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ os_free(data);
+ return -1;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
+ hdr.payload, hdr.length);
+
+ switch (cert->signature.oid.oid[6]) {
+ case 4: /* md5WithRSAEncryption */
+ md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+ hash);
+ hash_len = 16;
+ wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
+ hash, hash_len);
+ break;
+ case 5: /* sha-1WithRSAEncryption */
+ sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+ hash);
+ hash_len = 20;
+ wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
+ hash, hash_len);
+ break;
+ case 2: /* md2WithRSAEncryption */
+ case 11: /* sha256WithRSAEncryption */
+ case 12: /* sha384WithRSAEncryption */
+ case 13: /* sha512WithRSAEncryption */
+ default:
+ wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
+ "algorithm (%lu)", cert->signature.oid.oid[6]);
+ os_free(data);
+ return -1;
+ }
+
+ if (hdr.length != hash_len ||
+ os_memcmp(hdr.payload, hash, hdr.length) != 0) {
+ wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
+ "with calculated tbsCertificate hash");
+ os_free(data);
+ return -1;
+ }
+
+ os_free(data);
+
+ wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
+ "calculated tbsCertificate hash");
+
+ return 0;
+}
+
+
+static int x509_valid_issuer(const struct x509_certificate *cert)
+{
+ if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
+ !cert->ca) {
+ wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
+ "issuer");
+ return -1;
+ }
+
+ if (cert->version == X509_CERT_V3 &&
+ !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
+ wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
+ "include BasicConstraints extension");
+ return -1;
+ }
+
+ if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
+ !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
+ wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
+ "keyCertSign bit in Key Usage");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * x509_certificate_chain_validate - Validate X.509 certificate chain
+ * @trusted: List of trusted certificates
+ * @chain: Certificate chain to be validated (first chain must be issued by
+ * signed by the second certificate in the chain and so on)
+ * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
+ * Returns: 0 if chain is valid, -1 if not
+ */
+int x509_certificate_chain_validate(struct x509_certificate *trusted,
+ struct x509_certificate *chain,
+ int *reason)
+{
+ long unsigned idx;
+ int chain_trusted = 0;
+ struct x509_certificate *cert, *trust;
+ char buf[128];
+ struct os_time now;
+
+ *reason = X509_VALIDATE_OK;
+
+ wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
+ os_get_time(&now);
+
+ for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
+ x509_name_string(&cert->subject, buf, sizeof(buf));
+ wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
+
+ if (chain_trusted)
+ continue;
+
+ if ((unsigned long) now.sec <
+ (unsigned long) cert->not_before ||
+ (unsigned long) now.sec >
+ (unsigned long) cert->not_after) {
+ wpa_printf(MSG_INFO, "X509: Certificate not valid "
+ "(now=%lu not_before=%lu not_after=%lu)",
+ now.sec, cert->not_before, cert->not_after);
+ *reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
+ return -1;
+ }
+
+ if (cert->next) {
+ if (x509_name_compare(&cert->issuer,
+ &cert->next->subject) != 0) {
+ wpa_printf(MSG_DEBUG, "X509: Certificate "
+ "chain issuer name mismatch");
+ *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
+ return -1;
+ }
+
+ if (x509_valid_issuer(cert->next) < 0) {
+ *reason = X509_VALIDATE_BAD_CERTIFICATE;
+ return -1;
+ }
+
+ if ((cert->next->extensions_present &
+ X509_EXT_PATH_LEN_CONSTRAINT) &&
+ idx > cert->next->path_len_constraint) {
+ wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
+ " not met (idx=%lu issuer "
+ "pathLenConstraint=%lu)", idx,
+ cert->next->path_len_constraint);
+ *reason = X509_VALIDATE_BAD_CERTIFICATE;
+ return -1;
+ }
+
+ if (x509_certificate_check_signature(cert->next, cert)
+ < 0) {
+ wpa_printf(MSG_DEBUG, "X509: Invalid "
+ "certificate signature within "
+ "chain");
+ *reason = X509_VALIDATE_BAD_CERTIFICATE;
+ return -1;
+ }
+ }
+
+ for (trust = trusted; trust; trust = trust->next) {
+ if (x509_name_compare(&cert->issuer, &trust->subject)
+ == 0)
+ break;
+ }
+
+ if (trust) {
+ wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
+ "list of trusted certificates");
+ if (x509_valid_issuer(trust) < 0) {
+ *reason = X509_VALIDATE_BAD_CERTIFICATE;
+ return -1;
+ }
+
+ if (x509_certificate_check_signature(trust, cert) < 0)
+ {
+ wpa_printf(MSG_DEBUG, "X509: Invalid "
+ "certificate signature");
+ *reason = X509_VALIDATE_BAD_CERTIFICATE;
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
+ "found to complete the chain");
+ chain_trusted = 1;
+ }
+ }
+
+ if (!chain_trusted) {
+ wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
+ "from the list of trusted certificates");
+ if (trusted) {
+ *reason = X509_VALIDATE_UNKNOWN_CA;
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
+ "disabled - ignore unknown CA issue");
+ }
+
+ wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
+
+ return 0;
+}
+
+
+/**
+ * x509_certificate_get_subject - Get a certificate based on Subject name
+ * @chain: Certificate chain to search through
+ * @name: Subject name to search for
+ * Returns: Pointer to the certificate with the given Subject name or
+ * %NULL on failure
+ */
+struct x509_certificate *
+x509_certificate_get_subject(struct x509_certificate *chain,
+ struct x509_name *name)
+{
+ struct x509_certificate *cert;
+
+ for (cert = chain; cert; cert = cert->next) {
+ if (x509_name_compare(&cert->subject, name) == 0)
+ return cert;
+ }
+ return NULL;
+}
+
+
+/**
+ * x509_certificate_self_signed - Is the certificate self-signed?
+ * @cert: Certificate
+ * Returns: 1 if certificate is self-signed, 0 if not
+ */
+int x509_certificate_self_signed(struct x509_certificate *cert)
+{
+ return x509_name_compare(&cert->issuer, &cert->subject) == 0;
+}
+
+#endif /* CONFIG_INTERNAL_X509 */
--- /dev/null
+/*
+ * X.509v3 certificate parsing and processing
+ * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef X509V3_H
+#define X509V3_H
+
+#include "asn1.h"
+
+struct x509_algorithm_identifier {
+ struct asn1_oid oid;
+};
+
+struct x509_name {
+ char *cn; /* commonName */
+ char *c; /* countryName */
+ char *l; /* localityName */
+ char *st; /* stateOrProvinceName */
+ char *o; /* organizationName */
+ char *ou; /* organizationalUnitName */
+ char *email; /* emailAddress */
+};
+
+struct x509_certificate {
+ struct x509_certificate *next;
+ enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
+ unsigned long serial_number;
+ struct x509_algorithm_identifier signature;
+ struct x509_name issuer;
+ struct x509_name subject;
+ os_time_t not_before;
+ os_time_t not_after;
+ struct x509_algorithm_identifier public_key_alg;
+ u8 *public_key;
+ size_t public_key_len;
+ struct x509_algorithm_identifier signature_alg;
+ u8 *sign_value;
+ size_t sign_value_len;
+
+ /* Extensions */
+ unsigned int extensions_present;
+#define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
+#define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
+#define X509_EXT_KEY_USAGE (1 << 2)
+
+ /* BasicConstraints */
+ int ca; /* cA */
+ unsigned long path_len_constraint; /* pathLenConstraint */
+
+ /* KeyUsage */
+ unsigned long key_usage;
+#define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
+#define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
+#define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
+#define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
+#define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
+#define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
+#define X509_KEY_USAGE_CRL_SIGN (1 << 6)
+#define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
+#define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
+
+ /*
+ * The DER format certificate follows struct x509_certificate. These
+ * pointers point to that buffer.
+ */
+ const u8 *cert_start;
+ size_t cert_len;
+ const u8 *tbs_cert_start;
+ size_t tbs_cert_len;
+};
+
+enum {
+ X509_VALIDATE_OK,
+ X509_VALIDATE_BAD_CERTIFICATE,
+ X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
+ X509_VALIDATE_CERTIFICATE_REVOKED,
+ X509_VALIDATE_CERTIFICATE_EXPIRED,
+ X509_VALIDATE_CERTIFICATE_UNKNOWN,
+ X509_VALIDATE_UNKNOWN_CA
+};
+
+#ifdef CONFIG_INTERNAL_X509
+
+void x509_certificate_free(struct x509_certificate *cert);
+struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
+void x509_name_string(struct x509_name *name, char *buf, size_t len);
+int x509_name_compare(struct x509_name *a, struct x509_name *b);
+void x509_certificate_chain_free(struct x509_certificate *cert);
+int x509_certificate_check_signature(struct x509_certificate *issuer,
+ struct x509_certificate *cert);
+int x509_certificate_chain_validate(struct x509_certificate *trusted,
+ struct x509_certificate *chain,
+ int *reason);
+struct x509_certificate *
+x509_certificate_get_subject(struct x509_certificate *chain,
+ struct x509_name *name);
+int x509_certificate_self_signed(struct x509_certificate *cert);
+
+#else /* CONFIG_INTERNAL_X509 */
+
+static inline void x509_certificate_free(struct x509_certificate *cert)
+{
+}
+
+static inline struct x509_certificate *
+x509_certificate_parse(const u8 *buf, size_t len)
+{
+ return NULL;
+}
+
+static inline void x509_name_string(struct x509_name *name, char *buf,
+ size_t len)
+{
+ if (len)
+ buf[0] = '\0';
+}
+
+static inline void x509_certificate_chain_free(struct x509_certificate *cert)
+{
+}
+
+static inline int
+x509_certificate_chain_validate(struct x509_certificate *trusted,
+ struct x509_certificate *chain,
+ int *reason)
+{
+ return -1;
+}
+
+static inline struct x509_certificate *
+x509_certificate_get_subject(struct x509_certificate *chain,
+ struct x509_name *name)
+{
+ return NULL;
+}
+
+static inline int x509_certificate_self_signed(struct x509_certificate *cert)
+{
+ return -1;
+}
+
+#endif /* CONFIG_INTERNAL_X509 */
+
+#endif /* X509V3_H */
OSDN Git Service
