Mercurial > illumos > wpa
changeset 14040:b49db56f0d47
wpa_s 2.0 includes, replaced driver ops disassoc with deauth, removed uninit warning in libdlaggr
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/ap/ap_config.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,539 @@ +/* + * hostapd / Configuration definitions and helpers functions + * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef HOSTAPD_CONFIG_H +#define HOSTAPD_CONFIG_H + +#include "common/defs.h" +#include "ip_addr.h" +#include "common/wpa_common.h" +#include "common/ieee802_11_common.h" +#include "wps/wps.h" + +#define MAX_STA_COUNT 2007 +#define MAX_VLAN_ID 4094 + +typedef u8 macaddr[ETH_ALEN]; + +struct mac_acl_entry { + macaddr addr; + int vlan_id; +}; + +struct hostapd_radius_servers; +struct ft_remote_r0kh; +struct ft_remote_r1kh; + +#define HOSTAPD_MAX_SSID_LEN 32 + +#define NUM_WEP_KEYS 4 +struct hostapd_wep_keys { + u8 idx; + u8 *key[NUM_WEP_KEYS]; + size_t len[NUM_WEP_KEYS]; + int keys_set; + size_t default_len; /* key length used for dynamic key generation */ +}; + +typedef enum hostap_security_policy { + SECURITY_PLAINTEXT = 0, + SECURITY_STATIC_WEP = 1, + SECURITY_IEEE_802_1X = 2, + SECURITY_WPA_PSK = 3, + SECURITY_WPA = 4 +} secpolicy; + +struct hostapd_ssid { + u8 ssid[HOSTAPD_MAX_SSID_LEN]; + size_t ssid_len; + unsigned int ssid_set:1; + unsigned int utf8_ssid:1; + + char vlan[IFNAMSIZ + 1]; + secpolicy security_policy; + + struct hostapd_wpa_psk *wpa_psk; + char *wpa_passphrase; + char *wpa_psk_file; + + struct hostapd_wep_keys wep; + +#define DYNAMIC_VLAN_DISABLED 0 +#define DYNAMIC_VLAN_OPTIONAL 1 +#define DYNAMIC_VLAN_REQUIRED 2 + int dynamic_vlan; +#define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0 +#define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1 +#define DYNAMIC_VLAN_NAMING_END 2 + int vlan_naming; +#ifdef CONFIG_FULL_DYNAMIC_VLAN + char *vlan_tagged_interface; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + struct hostapd_wep_keys **dyn_vlan_keys; + size_t max_dyn_vlan_keys; +}; + + +#define VLAN_ID_WILDCARD -1 + +struct hostapd_vlan { + struct hostapd_vlan *next; + int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ + char ifname[IFNAMSIZ + 1]; + int dynamic_vlan; +#ifdef CONFIG_FULL_DYNAMIC_VLAN + +#define DVLAN_CLEAN_BR 0x1 +#define DVLAN_CLEAN_VLAN 0x2 +#define DVLAN_CLEAN_VLAN_PORT 0x4 +#define DVLAN_CLEAN_WLAN_PORT 0x8 + int clean; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ +}; + +#define PMK_LEN 32 +struct hostapd_sta_wpa_psk_short { + struct hostapd_sta_wpa_psk_short *next; + u8 psk[PMK_LEN]; +}; + +struct hostapd_wpa_psk { + struct hostapd_wpa_psk *next; + int group; + u8 psk[PMK_LEN]; + u8 addr[ETH_ALEN]; +}; + +struct hostapd_eap_user { + struct hostapd_eap_user *next; + u8 *identity; + size_t identity_len; + struct { + int vendor; + u32 method; + } methods[EAP_MAX_METHODS]; + u8 *password; + size_t password_len; + int phase2; + int force_version; + unsigned int wildcard_prefix:1; + unsigned int password_hash:1; /* whether password is hashed with + * nt_password_hash() */ + int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */ +}; + +struct hostapd_radius_attr { + u8 type; + struct wpabuf *val; + struct hostapd_radius_attr *next; +}; + + +#define NUM_TX_QUEUES 4 + +struct hostapd_tx_queue_params { + int aifs; + int cwmin; + int cwmax; + int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */ +}; + + +#define MAX_ROAMING_CONSORTIUM_LEN 15 + +struct hostapd_roaming_consortium { + u8 len; + u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; +}; + +struct hostapd_lang_string { + u8 lang[3]; + u8 name_len; + u8 name[252]; +}; + +#define MAX_NAI_REALMS 10 +#define MAX_NAI_REALMLEN 255 +#define MAX_NAI_EAP_METHODS 5 +#define MAX_NAI_AUTH_TYPES 4 +struct hostapd_nai_realm_data { + u8 encoding; + char realm_buf[MAX_NAI_REALMLEN + 1]; + char *realm[MAX_NAI_REALMS]; + u8 eap_method_count; + struct hostapd_nai_realm_eap { + u8 eap_method; + u8 num_auths; + u8 auth_id[MAX_NAI_AUTH_TYPES]; + u8 auth_val[MAX_NAI_AUTH_TYPES]; + } eap_method[MAX_NAI_EAP_METHODS]; +}; + +/** + * struct hostapd_bss_config - Per-BSS configuration + */ +struct hostapd_bss_config { + char iface[IFNAMSIZ + 1]; + char bridge[IFNAMSIZ + 1]; + char wds_bridge[IFNAMSIZ + 1]; + + enum hostapd_logger_level logger_syslog_level, logger_stdout_level; + + unsigned int logger_syslog; /* module bitfield */ + unsigned int logger_stdout; /* module bitfield */ + + char *dump_log_name; /* file name for state dump (SIGUSR1) */ + + int max_num_sta; /* maximum number of STAs in station table */ + + int dtim_period; + + int ieee802_1x; /* use IEEE 802.1X */ + int eapol_version; + int eap_server; /* Use internal EAP server instead of external + * RADIUS server */ + struct hostapd_eap_user *eap_user; + char *eap_user_sqlite; + char *eap_sim_db; + struct hostapd_ip_addr own_ip_addr; + char *nas_identifier; + struct hostapd_radius_servers *radius; + int acct_interim_interval; + int radius_request_cui; + struct hostapd_radius_attr *radius_auth_req_attr; + struct hostapd_radius_attr *radius_acct_req_attr; + int radius_das_port; + unsigned int radius_das_time_window; + int radius_das_require_event_timestamp; + struct hostapd_ip_addr radius_das_client_addr; + u8 *radius_das_shared_secret; + size_t radius_das_shared_secret_len; + + struct hostapd_ssid ssid; + + char *eap_req_id_text; /* optional displayable message sent with + * EAP Request-Identity */ + size_t eap_req_id_text_len; + int eapol_key_index_workaround; + + size_t default_wep_key_len; + int individual_wep_key_len; + int wep_rekeying_period; + int broadcast_key_idx_min, broadcast_key_idx_max; + int eap_reauth_period; + + int ieee802_11f; /* use IEEE 802.11f (IAPP) */ + char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast + * frames */ + + enum { + ACCEPT_UNLESS_DENIED = 0, + DENY_UNLESS_ACCEPTED = 1, + USE_EXTERNAL_RADIUS_AUTH = 2 + } macaddr_acl; + struct mac_acl_entry *accept_mac; + int num_accept_mac; + struct mac_acl_entry *deny_mac; + int num_deny_mac; + int wds_sta; + int isolate; + + int auth_algs; /* bitfield of allowed IEEE 802.11 authentication + * algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */ + + int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */ + int wpa_key_mgmt; +#ifdef CONFIG_IEEE80211W + enum mfp_options ieee80211w; + /* dot11AssociationSAQueryMaximumTimeout (in TUs) */ + unsigned int assoc_sa_query_max_timeout; + /* dot11AssociationSAQueryRetryTimeout (in TUs) */ + int assoc_sa_query_retry_timeout; +#endif /* CONFIG_IEEE80211W */ + enum { + PSK_RADIUS_IGNORED = 0, + PSK_RADIUS_ACCEPTED = 1, + PSK_RADIUS_REQUIRED = 2 + } wpa_psk_radius; + int wpa_pairwise; + int wpa_group; + int wpa_group_rekey; + int wpa_strict_rekey; + int wpa_gmk_rekey; + int wpa_ptk_rekey; + int rsn_pairwise; + int rsn_preauth; + char *rsn_preauth_interfaces; + int peerkey; + +#ifdef CONFIG_IEEE80211R + /* IEEE 802.11r - Fast BSS Transition */ + u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; + u8 r1_key_holder[FT_R1KH_ID_LEN]; + u32 r0_key_lifetime; + u32 reassociation_deadline; + struct ft_remote_r0kh *r0kh_list; + struct ft_remote_r1kh *r1kh_list; + int pmk_r1_push; + int ft_over_ds; +#endif /* CONFIG_IEEE80211R */ + + char *ctrl_interface; /* directory for UNIX domain sockets */ +#ifndef CONFIG_NATIVE_WINDOWS + gid_t ctrl_interface_gid; +#endif /* CONFIG_NATIVE_WINDOWS */ + int ctrl_interface_gid_set; + + char *ca_cert; + char *server_cert; + char *private_key; + char *private_key_passwd; + int check_crl; + char *dh_file; + u8 *pac_opaque_encr_key; + u8 *eap_fast_a_id; + size_t eap_fast_a_id_len; + char *eap_fast_a_id_info; + int eap_fast_prov; + int pac_key_lifetime; + int pac_key_refresh_time; + int eap_sim_aka_result_ind; + int tnc; + int fragment_size; + u16 pwd_group; + + char *radius_server_clients; + int radius_server_auth_port; + int radius_server_ipv6; + + char *test_socket; /* UNIX domain socket path for driver_test */ + + int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group + * address instead of individual address + * (for driver_wired.c). + */ + + int ap_max_inactivity; + int ignore_broadcast_ssid; + + int wmm_enabled; + int wmm_uapsd; + + struct hostapd_vlan *vlan, *vlan_tail; + + macaddr bssid; + + /* + * Maximum listen interval that STAs can use when associating with this + * BSS. If a STA tries to use larger value, the association will be + * denied with status code 51. + */ + u16 max_listen_interval; + + int disable_pmksa_caching; + int okc; /* Opportunistic Key Caching */ + + int wps_state; +#ifdef CONFIG_WPS + int ap_setup_locked; + u8 uuid[16]; + char *wps_pin_requests; + char *device_name; + char *manufacturer; + char *model_name; + char *model_number; + char *serial_number; + u8 device_type[WPS_DEV_TYPE_LEN]; + char *config_methods; + u8 os_version[4]; + char *ap_pin; + int skip_cred_build; + u8 *extra_cred; + size_t extra_cred_len; + int wps_cred_processing; + u8 *ap_settings; + size_t ap_settings_len; + char *upnp_iface; + char *friendly_name; + char *manufacturer_url; + char *model_description; + char *model_url; + char *upc; + struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; + int wps_nfc_dev_pw_id; + struct wpabuf *wps_nfc_dh_pubkey; + struct wpabuf *wps_nfc_dh_privkey; + struct wpabuf *wps_nfc_dev_pw; +#endif /* CONFIG_WPS */ + int pbc_in_m1; + +#define P2P_ENABLED BIT(0) +#define P2P_GROUP_OWNER BIT(1) +#define P2P_GROUP_FORMATION BIT(2) +#define P2P_MANAGE BIT(3) +#define P2P_ALLOW_CROSS_CONNECTION BIT(4) + int p2p; + + int disassoc_low_ack; + int skip_inactivity_poll; + +#define TDLS_PROHIBIT BIT(0) +#define TDLS_PROHIBIT_CHAN_SWITCH BIT(1) + int tdls; + int disable_11n; + int disable_11ac; + + /* IEEE 802.11v */ + int time_advertisement; + char *time_zone; + int wnm_sleep_mode; + int bss_transition; + + /* IEEE 802.11u - Interworking */ + int interworking; + int access_network_type; + int internet; + int asra; + int esr; + int uesa; + int venue_info_set; + u8 venue_group; + u8 venue_type; + u8 hessid[ETH_ALEN]; + + /* IEEE 802.11u - Roaming Consortium list */ + unsigned int roaming_consortium_count; + struct hostapd_roaming_consortium *roaming_consortium; + + /* IEEE 802.11u - Venue Name duples */ + unsigned int venue_name_count; + struct hostapd_lang_string *venue_name; + + /* IEEE 802.11u - Network Authentication Type */ + u8 *network_auth_type; + size_t network_auth_type_len; + + /* IEEE 802.11u - IP Address Type Availability */ + u8 ipaddr_type_availability; + u8 ipaddr_type_configured; + + /* IEEE 802.11u - 3GPP Cellular Network */ + u8 *anqp_3gpp_cell_net; + size_t anqp_3gpp_cell_net_len; + + /* IEEE 802.11u - Domain Name */ + u8 *domain_name; + size_t domain_name_len; + + unsigned int nai_realm_count; + struct hostapd_nai_realm_data *nai_realm_data; + + u16 gas_comeback_delay; + int gas_frag_limit; + +#ifdef CONFIG_HS20 + int hs20; + int disable_dgaf; + unsigned int hs20_oper_friendly_name_count; + struct hostapd_lang_string *hs20_oper_friendly_name; + u8 *hs20_wan_metrics; + u8 *hs20_connection_capability; + size_t hs20_connection_capability_len; + u8 *hs20_operating_class; + u8 hs20_operating_class_len; +#endif /* CONFIG_HS20 */ + + u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */ + +#ifdef CONFIG_RADIUS_TEST + char *dump_msk_file; +#endif /* CONFIG_RADIUS_TEST */ + + struct wpabuf *vendor_elements; +}; + + +/** + * struct hostapd_config - Per-radio interface configuration + */ +struct hostapd_config { + struct hostapd_bss_config *bss, *last_bss; + size_t num_bss; + + u16 beacon_int; + int rts_threshold; + int fragm_threshold; + u8 send_probe_response; + u8 channel; + enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ + enum { + LONG_PREAMBLE = 0, + SHORT_PREAMBLE = 1 + } preamble; + + int *supported_rates; + int *basic_rates; + + const struct wpa_driver_ops *driver; + + int ap_table_max_size; + int ap_table_expiration_time; + + char country[3]; /* first two octets: country code as described in + * ISO/IEC 3166-1. Third octet: + * ' ' (ascii 32): all environments + * 'O': Outdoor environemnt only + * 'I': Indoor environment only + */ + + int ieee80211d; + + struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; + + /* + * WMM AC parameters, in same order as 802.1D, i.e. + * 0 = BE (best effort) + * 1 = BK (background) + * 2 = VI (video) + * 3 = VO (voice) + */ + struct hostapd_wmm_ac_params wmm_ac_params[4]; + + int ht_op_mode_fixed; + u16 ht_capab; + int ieee80211n; + int secondary_channel; + int require_ht; + u32 vht_capab; + int ieee80211ac; + int require_vht; + u8 vht_oper_chwidth; + u8 vht_oper_centr_freq_seg0_idx; + u8 vht_oper_centr_freq_seg1_idx; +}; + + +int hostapd_mac_comp(const void *a, const void *b); +int hostapd_mac_comp_empty(const void *a); +struct hostapd_config * hostapd_config_defaults(void); +void hostapd_config_defaults_bss(struct hostapd_bss_config *bss); +void hostapd_config_free(struct hostapd_config *conf); +int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, + const u8 *addr, int *vlan_id); +int hostapd_rate_found(int *list, int rate); +int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, + struct hostapd_wep_keys *b); +const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, + const u8 *addr, const u8 *prev_psk); +int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); +const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, + int vlan_id); +struct hostapd_radius_attr * +hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type); + +#endif /* HOSTAPD_CONFIG_H */
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/common/defs.h Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/common/defs.h Tue May 28 10:51:43 2013 +0200 @@ -290,7 +290,7 @@ enum mfp_options { NO_MGMT_FRAME_PROTECTION = 0, MGMT_FRAME_PROTECTION_OPTIONAL = 1, - MGMT_FRAME_PROTECTION_REQUIRED = 2, + MGMT_FRAME_PROTECTION_REQUIRED = 2 }; #define MGMT_FRAME_PROTECTION_DEFAULT 3
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/crypto/sha1-pbkdf2.c Mon May 27 18:24:13 2013 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,92 +0,0 @@ -/* - * SHA1-based key derivation function (PBKDF2) for IEEE 802.11i - * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" -#include "sha1.h" - -static int pbkdf2_sha1_f(const char *passphrase, const u8 *ssid, - size_t ssid_len, int iterations, unsigned int count, - u8 *digest) -{ - unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN]; - int i, j; - unsigned char count_buf[4]; - const u8 *addr[2]; - size_t len[2]; - size_t passphrase_len = os_strlen(passphrase); - - addr[0] = ssid; - len[0] = ssid_len; - addr[1] = count_buf; - len[1] = 4; - - /* F(P, S, c, i) = U1 xor U2 xor ... Uc - * U1 = PRF(P, S || i) - * U2 = PRF(P, U1) - * Uc = PRF(P, Uc-1) - */ - - count_buf[0] = (count >> 24) & 0xff; - count_buf[1] = (count >> 16) & 0xff; - count_buf[2] = (count >> 8) & 0xff; - count_buf[3] = count & 0xff; - if (hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, - tmp)) - return -1; - os_memcpy(digest, tmp, SHA1_MAC_LEN); - - for (i = 1; i < iterations; i++) { - if (hmac_sha1((u8 *) passphrase, passphrase_len, tmp, - SHA1_MAC_LEN, tmp2)) - return -1; - os_memcpy(tmp, tmp2, SHA1_MAC_LEN); - for (j = 0; j < SHA1_MAC_LEN; j++) - digest[j] ^= tmp2[j]; - } - - return 0; -} - - -/** - * pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i - * @passphrase: ASCII passphrase - * @ssid: SSID - * @ssid_len: SSID length in bytes - * @iterations: Number of iterations to run - * @buf: Buffer for the generated key - * @buflen: Length of the buffer in bytes - * Returns: 0 on success, -1 of failure - * - * This function is used to derive PSK for WPA-PSK. For this protocol, - * iterations is set to 4096 and buflen to 32. This function is described in - * IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0. - */ -int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, - int iterations, u8 *buf, size_t buflen) -{ - unsigned int count = 0; - unsigned char *pos = buf; - size_t left = buflen, plen; - unsigned char digest[SHA1_MAC_LEN]; - - while (left > 0) { - count++; - if (pbkdf2_sha1_f(passphrase, ssid, ssid_len, iterations, - count, digest)) - return -1; - plen = left > SHA1_MAC_LEN ? SHA1_MAC_LEN : left; - os_memcpy(pos, digest, plen); - pos += plen; - left -= plen; - } - - return 0; -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/crypto/sha1-prf.c Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,66 @@ +/* + * SHA1-based PRF + * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "crypto.h" + + +/** + * sha1_prf - SHA1-based Pseudo-Random Function (PRF) (IEEE 802.11i, 8.5.1.1) + * @key: Key for PRF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @data: Extra data to bind into the key + * @data_len: Length of the data + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * Returns: 0 on success, -1 of failure + * + * This function is used to derive new, cryptographically separate keys from a + * given key (e.g., PMK in IEEE 802.11i). + */ +int sha1_prf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, u8 *buf, size_t buf_len) +{ + u8 counter = 0; + size_t pos, plen; + u8 hash[SHA1_MAC_LEN]; + size_t label_len = os_strlen(label) + 1; + const unsigned char *addr[3]; + size_t len[3]; + + addr[0] = (u8 *) label; + len[0] = label_len; + addr[1] = data; + len[1] = data_len; + addr[2] = &counter; + len[2] = 1; + + pos = 0; + while (pos < buf_len) { + plen = buf_len - pos; + if (plen >= SHA1_MAC_LEN) { + if (hmac_sha1_vector(key, key_len, 3, addr, len, + &buf[pos])) + return -1; + pos += SHA1_MAC_LEN; + } else { + if (hmac_sha1_vector(key, key_len, 3, addr, len, + hash)) + return -1; + os_memcpy(&buf[pos], hash, plen); + break; + } + counter++; + } + + return 0; +}
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/crypto/sha1.c Mon May 27 18:24:13 2013 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,104 +0,0 @@ -/* - * SHA1 hash implementation and interface functions - * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" -#include "sha1.h" -#include "crypto.h" - - -/** - * hmac_sha1_vector - HMAC-SHA1 over data vector (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash (20 bytes) - * Returns: 0 on success, -1 on failure - */ -int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, - const u8 *addr[], const size_t *len, u8 *mac) -{ - unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ - unsigned char tk[20]; - const u8 *_addr[6]; - size_t _len[6], i; - - if (num_elem > 5) { - /* - * Fixed limit on the number of fragments to avoid having to - * allocate memory (which could fail). - */ - return -1; - } - - /* if key is longer than 64 bytes reset it to key = SHA1(key) */ - if (key_len > 64) { - if (sha1_vector(1, &key, &key_len, tk)) - return -1; - key = tk; - key_len = 20; - } - - /* the HMAC_SHA1 transform looks like: - * - * SHA1(K XOR opad, SHA1(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected */ - - /* start out by storing key in ipad */ - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - /* XOR key with ipad values */ - for (i = 0; i < 64; i++) - k_pad[i] ^= 0x36; - - /* perform inner SHA1 */ - _addr[0] = k_pad; - _len[0] = 64; - for (i = 0; i < num_elem; i++) { - _addr[i + 1] = addr[i]; - _len[i + 1] = len[i]; - } - if (sha1_vector(1 + num_elem, _addr, _len, mac)) - return -1; - - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - /* XOR key with opad values */ - for (i = 0; i < 64; i++) - k_pad[i] ^= 0x5c; - - /* perform outer SHA1 */ - _addr[0] = k_pad; - _len[0] = 64; - _addr[1] = mac; - _len[1] = SHA1_MAC_LEN; - return sha1_vector(2, _addr, _len, mac); -} - - -/** - * hmac_sha1 - HMAC-SHA1 over data buffer (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @data: Pointers to the data area - * @data_len: Length of the data area - * @mac: Buffer for the hash (20 bytes) - * Returns: 0 on success, -1 of failure - */ -int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, - u8 *mac) -{ - return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); -}
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/crypto/tls_openssl.c Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/crypto/tls_openssl.c Tue May 28 10:51:43 2013 +0200 @@ -541,8 +541,8 @@ } } +#ifndef OPENSSL_NO_ENGINE #ifndef __sun -#ifndef OPENSSL_NO_ENGINE /** * tls_engine_load_dynamic_generic - load any openssl engine * @pre: an array of commands and values that load an engine initialized @@ -684,15 +684,12 @@ return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); } +#endif /* __sun */ #endif /* OPENSSL_NO_ENGINE */ -#endif /* __sun */ void * tls_init(const struct tls_config *conf) { - #ifdef __sun - char *token_path = NULL; - #endif SSL_CTX *ssl; if (tls_openssl_ref_count == 0) { @@ -759,26 +756,12 @@ SSL_CTX_set_info_callback(ssl, ssl_info_cb); +#ifndef OPENSSL_NO_ENGINE #ifdef __sun - token_path = getenv("SOFTTOKEN_DIR"); - if (token_path == NULL) { - wpa_printf(MSG_ERROR, "ENGINE: Failed reading SOFTTOKEN_DIR" - "env variable"); - tls_deinit(ssl); - return (NULL); - } - if (strcmp(token_path, "/etc/dladm") != 0) { - wpa_printf(MSG_ERROR, "ENGINE: SOFTTOKEN_DIR env variable" - "mismatch"); - tls_deinit(ssl); - return (NULL); - } - - wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 engine plugin"); - ENGINE_load_pk11(); - + wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 engine plugin"); + ENGINE_load_pk11(); #else /* __sun */ -#ifndef OPENSSL_NO_ENGINE + if (conf && (conf->opensc_engine_path || conf->pkcs11_engine_path || conf->pkcs11_module_path)) { @@ -793,8 +776,8 @@ return NULL; } } +#endif /* __sun */ #endif /* OPENSSL_NO_ENGINE */ -#endif /* __sun */ return ssl; }
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/drivers/driver_solaris.c Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/drivers/driver_solaris.c Tue May 28 10:51:43 2013 +0200 @@ -511,15 +511,17 @@ return (0); } -/* - * @brief Request driver to disassociate. - * @param priv private driver interface data - * @param addr peer address (BSSID of the AP) - * @param reason_code 16-bit reason code to be sent in the disassociation frame - * @returns 0 on success, -1 on failure +/** + * deauthenticate - Request driver to deauthenticate + * @priv: private driver interface data + * @addr: peer address (BSSID of the AP) + * @reason_code: 16-bit reason code to be sent in the deauthentication + * frame + * + * Returns: 0 on success, -1 on failure */ static int -wpa_driver_solaris_disassociate(void *priv, const u8 *addr, int reason_code) +wpa_driver_solaris_deauthenticate(void *priv, const u8 *addr, int reason_code) { const illumos_priv *data = priv; wpa_printf(MSG_DEBUG, "%s", __func__); @@ -668,7 +670,7 @@ .get_ssid = wpa_driver_solaris_get_ssid, .set_key = wpa_driver_solaris_set_key, .associate = wpa_driver_solaris_associate, - .disassociate = wpa_driver_solaris_disassociate, + .deauthenticate = wpa_driver_solaris_deauthenticate, .get_scan_results2 = wpa_driver_solaris_get_scan_results2, .set_countermeasures = wpa_driver_solaris_set_countermeasures, .scan2 = wpa_driver_solaris_scan2,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/src/utils/ip_addr.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,28 @@ +/* + * IP address processing + * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef IP_ADDR_H +#define IP_ADDR_H + +struct hostapd_ip_addr { + int af; /* AF_INET / AF_INET6 */ + union { + struct in_addr v4; +#ifdef CONFIG_IPV6 + struct in6_addr v6; +#endif /* CONFIG_IPV6 */ + u8 max_len[16]; + } u; +}; + +const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf, + size_t buflen); +int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b); +int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr); + +#endif /* IP_ADDR_H */
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/Makefile Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/Makefile Tue May 28 10:51:43 2013 +0200 @@ -19,16 +19,16 @@ ../src/utils/eloop.o config_solaris.o ../src/rsn_supp/wpa.o \ ../src/rsn_supp/preauth.o ../src/rsn_supp/pmksa_cache.o \ ../src/rsn_supp/peerkey.o ../src/rsn_supp/wpa_ie.o ../src/common/wpa_common.o \ -../src/eap_peer/eap_tls.o ../src/eap_peer/eap_gtc.o ../src/eap_peer/eap_peap.o \ +../src/eap_peer/eap_tls.o ../src/eap_peer/eap_peap.o \ ../src/eap_common/eap_peap_common.o ../src/eap_peer/eap_ttls.o \ -../src/eap_peer/eap_md5.o ../src/eap_peer/eap_mschapv2.o \ +../src/eap_peer/eap_md5.o ../src/eap_peer/eap_mschapv2.o ../src/eap_peer/eap_gtc.o \ ../src/eap_peer/mschapv2.o ../src/eapol_supp/eapol_supp_sm.o \ ../src/eap_peer/eap.o ../src/eap_peer/eap_methods.o ../src/crypto/ms_funcs.o \ ../src/eap_common/chap.o ../src/eap_peer/eap_tls_common.o \ ../src/crypto/tls_openssl.o ../src/crypto/crypto_openssl.o \ ../src/crypto/aes-unwrap.o ../src/crypto/md5.o ../src/crypto/random.o \ ctrl_iface.o ctrl_iface_unix.o ../src/utils/base64.o \ -../src/eap_common/eap_common.o ../src/crypto/sha1.o ../src/crypto/sha1-pbkdf2.o\ +../src/eap_common/eap_common.o ../src/crypto/sha1-prf.o \ ../src/crypto/sha1-tlsprf.o ../src/drivers/driver_common.o wpa_supplicant.o \ events.o blacklist.o wpas_glue.o scan.o main.o ../src/drivers/driver_solaris.o \ ../src/drivers/drivers.o ../src/l2_packet/l2_packet_solaris.o
--- a/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/Makefile.cflags Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/Makefile.cflags Tue May 28 10:51:43 2013 +0200 @@ -19,7 +19,7 @@ #4. Control Interface flags #5. Debug Control Flags -WPAFLAGS= -DCONFIG_BACKEND_SOLARIS -DCONFIG_DRIVER_SOLARIS \ +WPAFLAGS= -DCONFIG_BACKEND_SOLARIS -DCONFIG_DRIVER_SOLARIS -DCONFIG_NO_CONFIG_WRITE \ -DEAP_MD5 -DEAP_TLS -DEAP_MSCHAPv2 -DEAP_PEAP -DEAP_TTLS -DEAP_GTC \ -DIEEE8021X_EAPOL -DPKCS12_FUNCS -DCONFIG_SMARTCARD -DEAP_TLS_OPENSSL \ -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/autoscan.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,49 @@ +/* + * WPA Supplicant - auto scan + * Copyright (c) 2012, Intel Corporation. All rights reserved. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef AUTOSCAN_H +#define AUTOSCAN_H + +struct wpa_supplicant; + +struct autoscan_ops { + const char *name; + + void * (*init)(struct wpa_supplicant *wpa_s, const char *params); + void (*deinit)(void *priv); + + int (*notify_scan)(void *priv, struct wpa_scan_results *scan_res); +}; + +#ifdef CONFIG_AUTOSCAN + +int autoscan_init(struct wpa_supplicant *wpa_s, int req_scan); +void autoscan_deinit(struct wpa_supplicant *wpa_s); +int autoscan_notify_scan(struct wpa_supplicant *wpa_s, + struct wpa_scan_results *scan_res); + +#else /* CONFIG_AUTOSCAN */ + +static inline int autoscan_init(struct wpa_supplicant *wpa_s, int req_scan) +{ + return 0; +} + +static inline void autoscan_deinit(struct wpa_supplicant *wpa_s) +{ +} + +static inline int autoscan_notify_scan(struct wpa_supplicant *wpa_s, + struct wpa_scan_results *scan_res) +{ + return 0; +} + +#endif /* CONFIG_AUTOSCAN */ + +#endif /* AUTOSCAN_H */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/hs20_supplicant.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2011-2012, Qualcomm Atheros, Inc. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef HS20_SUPPLICANT_H +#define HS20_SUPPLICANT_H + +void wpas_hs20_add_indication(struct wpabuf *buf); + +int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, + const u8 *payload, size_t payload_len); +struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, + size_t payload_len); +void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, + const u8 *sa, const u8 *data, size_t slen); + +#endif /* HS20_SUPPLICANT_H */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/wifi_display.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,20 @@ +/* + * wpa_supplicant - Wi-Fi Display + * Copyright (c) 2011, Atheros Communications, Inc. + * Copyright (c) 2011-2012, Qualcomm Atheros, Inc. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef WIFI_DISPLAY_H +#define WIFI_DISPLAY_H + +int wifi_display_init(struct wpa_global *global); +void wifi_display_deinit(struct wpa_global *global); +void wifi_display_enable(struct wpa_global *global, int enabled); +int wifi_display_subelem_set(struct wpa_global *global, char *cmd); +int wifi_display_subelem_get(struct wpa_global *global, char *cmd, + char *buf, size_t buflen); + +#endif /* WIFI_DISPLAY_H */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/cmd-inet/usr.lib/wpa_supplicant/wpa_supplicant/wnm_sta.h Tue May 28 10:51:43 2013 +0200 @@ -0,0 +1,21 @@ +/* + * IEEE 802.11v WNM related functions and structures + * Copyright (c) 2011-2012, Qualcomm Atheros, Inc. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef WNM_STA_H +#define WNM_STA_H + +struct rx_action; +struct wpa_supplicant; + +int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, + u8 action, u16 intval, struct wpabuf *tfs_req); + +void ieee802_11_rx_wnm_action(struct wpa_supplicant *wpa_s, + struct rx_action *action); + +#endif /* WNM_STA_H */
--- a/usr/src/cmd/dladm/dladm.c Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/cmd/dladm/dladm.c Tue May 28 10:51:43 2013 +0200 @@ -283,7 +283,7 @@ { "scan-wifi", do_scan_wifi, " scan-wifi <link>" }, { "connect-wifi", do_connect_wifi, - "connect-wifi\t[-e <essid>] [-k <secobj_name>,...]\n" + " connect-wifi\t[-e <essid>] [-k <secobj_name>,...]\n" "\t\t\t[-b <bssid>] [-i ESS|IBSS]\n" "\t\t\t[-U <identity>] [-N <anon_identity>]\n" "\t\t\t[-A <CA_Cert_filename>)]\n" @@ -7211,7 +7211,7 @@ "temporary secure object '%s'", field); if (!temp && (status = dladm_unset_secobj(handle, field, DLADM_OPT_PERSIST)) != DLADM_STATUS_OK) - warn_dlerr(pstatus, "could not find or delete " + warn_dlerr(status, "could not find or delete " "persistent secure object '%s'", field); }
--- a/usr/src/lib/libdladm/Makefile.com Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/lib/libdladm/Makefile.com Tue May 28 10:51:43 2013 +0200 @@ -55,6 +55,7 @@ ../common/libdliptun.c CFLAGS += $(CCVERBOSE) +CERRWARN += -_gcc=-Wno-uninitialized CPPFLAGS += -I$(SRCDIR) -D_REENTRANT .KEEP_STATE:
--- a/usr/src/lib/libdladm/common/libdlwlan.c Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/lib/libdladm/common/libdlwlan.c Tue May 28 10:51:43 2013 +0200 @@ -1391,7 +1391,7 @@ boolean_t nwam; char interface_add[DLADM_STRSIZE]; - char *interface_add_cmd[]; + char *interface_add_cmd[1]; char *state; if (ctrl_global == NULL || ifname == NULL)
--- a/usr/src/lib/libdladm/common/secobj.c Mon May 27 18:24:13 2013 +0200 +++ b/usr/src/lib/libdladm/common/secobj.c Tue May 28 10:51:43 2013 +0200 @@ -30,6 +30,7 @@ #include <stropts.h> #include <errno.h> #include <sys/stat.h> +#include <libintl.h> #include <secobj.h> #include <netinet/inetutil.h> #include <sys/dld_ioc.h>