Michael Kurecka | 1 Jul 14:24 2009
Picon

Questions for FIPS certification

We are in the process of developing an AP/Client for FIPS certification. The authentication methods used for EAP are at the most, TLS, TTLS and PEAP (MSCHAPv2). I've been asked some questions concerning this and was hoping this forum might be able to better provide them.

1) What TLS, TTLS and PEAP cipher suites are supported?

2) Is client authentication performed during TLS (Part 1 of PEAP) ?

3) Is it possible to disable PEAPv1 and allow only PEAPv2, and if so how (peaplabel=2)?

_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Andriy Tkachuk | 2 Jul 15:46 2009

[patch] WPS: support up to 4 WEP keys when parsing received credentials

Hi to all.

Attached is the patch which makes Enrollee correctly parse multiple 
network keys in received credentials. This may be needed when Registrar 
sends several WEP keys (for example, Linksys WAP610N do this).

Regards,
    Andriy
diff --git a/src/wps/wps.h b/src/wps/wps.h
index 9807ad4..6aa64e5 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
 <at>  <at>  -33,6 +33,8  <at>  <at>  enum wsc_op_code {
 struct wps_registrar;
 struct upnp_wps_device_sm;

+#define MAX_NW_KEYS 4
+
 /**
  * struct wps_credential - WPS Credential
  *  <at> ssid: SSID
 <at>  <at>  -52,9 +54,9  <at>  <at>  struct wps_credential {
 	size_t ssid_len;
 	u16 auth_type;
 	u16 encr_type;
-	u8 key_idx;
-	u8 key[64];
-	size_t key_len;
+	u8 keys_num;
+	u8 key[MAX_NW_KEYS][64];
+	size_t key_len[MAX_NW_KEYS];
 	u8 mac_addr[ETH_ALEN];
 	const u8 *cred_attr;
 	size_t cred_attr_len;
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 34057c9..08804de 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
 <at>  <at>  -378,8 +378,14  <at>  <at>  static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
 		attr->ssid_len = len;
 		break;
 	case ATTR_NETWORK_KEY:
-		attr->network_key = pos;
-		attr->network_key_len = len;
+		if (*attr->network_key_idx > MAX_NW_KEYS) {
+			wpa_printf(MSG_DEBUG, "WPS: Skipped Network Key "
+				   "attribute (max %d keys)",
+				   MAX_NW_KEYS);
+			break;
+		}
+		attr->network_key[*attr->network_key_idx-1] = pos;
+		attr->network_key_len[*attr->network_key_idx-1] = len;
 		break;
 	case ATTR_EAP_TYPE:
 		attr->eap_type = pos;
diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index ae6e906..34efb2a 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
 <at>  <at>  -164,26 +164,26  <at>  <at>  static int wps_process_cred_network_key_idx(struct wps_credential *cred,
 	if (key_idx == NULL)
 		return 0; /* optional attribute */

-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index: %d", *key_idx);
-	cred->key_idx = *key_idx;
+	wpa_printf(MSG_DEBUG, "WPS: Network Keys: %d", *key_idx);
+	cred->keys_num = *key_idx;

 	return 0;
 }

 
-static int wps_process_cred_network_key(struct wps_credential *cred,
-					const u8 *key, size_t key_len)
+static int wps_process_cred_network_key(int i, struct wps_credential *cred,
+					const u8 *key[], size_t key_len[])
 {
-	if (key == NULL) {
+	if (key[i] == NULL) {
 		wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
-			   "Network Key");
+			   "Network Key %d", i);
 		return -1;
 	}

-	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key, key_len);
-	if (key_len <= sizeof(cred->key)) {
-		os_memcpy(cred->key, key, key_len);
-		cred->key_len = key_len;
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key[i], key_len[i]);
+	if (key_len[i] <= sizeof(cred->key[i])) {
+		os_memcpy(cred->key[i], key[i], key_len[i]);
+		cred->key_len[i] = key_len[i];
 	}

 	return 0;
 <at>  <at>  -259,17 +259,23  <at>  <at>  static int wps_process_cred_802_1x_enabled(struct wps_credential *cred,

 static void wps_workaround_cred_key(struct wps_credential *cred)
 {
-	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
-	    cred->key_len > 8 && cred->key_len < 64 &&
-	    cred->key[cred->key_len - 1] == 0) {
-		/*
-		 * A deployed external registrar is known to encode ASCII
-		 * passphrases incorrectly. Remove the extra NULL termination
-		 * to fix the encoding.
-		 */
-		wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
-			   "termination from ASCII passphrase");
-		cred->key_len--;
+	int i;
+
+	if ((cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) == 0)
+		return;
+
+	/*
+	 * A deployed external registrar is known to encode ASCII
+	 * passphrases incorrectly. Remove the extra NULL termination
+	 * to fix the encoding.
+	 */
+	for (i = 0; i < cred->keys_num; i++) {
+		int len = cred->key_len[i];
+		if (len > 8 && len < 64 && cred->key[len - 1] == 0) {
+			wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
+				   "termination from ASCII passphrase");
+			cred->key_len[i]--;
+		}
 	}
 }

 <at>  <at>  -277,16 +283,15  <at>  <at>  static void wps_workaround_cred_key(struct wps_credential *cred)
 int wps_process_cred(struct wps_parse_attr *attr,
 		     struct wps_credential *cred)
 {
+	int i;
+
 	wpa_printf(MSG_DEBUG, "WPS: Process Credential");

-	/* TODO: support multiple Network Keys */
 	if (wps_process_cred_network_idx(cred, attr->network_idx) ||
 	    wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
 	    wps_process_cred_auth_type(cred, attr->auth_type) ||
 	    wps_process_cred_encr_type(cred, attr->encr_type) ||
 	    wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
-	    wps_process_cred_network_key(cred, attr->network_key,
-					 attr->network_key_len) ||
 	    wps_process_cred_mac_addr(cred, attr->mac_addr) ||
 	    wps_process_cred_eap_type(cred, attr->eap_type,
 				      attr->eap_type_len) ||
 <at>  <at>  -296,6 +301,11  <at>  <at>  int wps_process_cred(struct wps_parse_attr *attr,
 	    wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled))
 		return -1;

+	for (i = 0; i < cred->keys_num; i++)
+		if (wps_process_cred_network_key(i, cred, attr->network_key,
+					 attr->network_key_len))
+			return -1;
+
 	wps_workaround_cred_key(cred);

 	return 0;
 <at>  <at>  -312,7 +322,7  <at>  <at>  int wps_process_ap_settings(struct wps_parse_attr *attr,
 	    wps_process_cred_auth_type(cred, attr->auth_type) ||
 	    wps_process_cred_encr_type(cred, attr->encr_type) ||
 	    wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
-	    wps_process_cred_network_key(cred, attr->network_key,
+	    wps_process_cred_network_key(0, cred, attr->network_key,
 					 attr->network_key_len) ||
 	    wps_process_cred_mac_addr(cred, attr->mac_addr))
 		return -1;
diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index e3cf236..4ade2c6 100644
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
 <at>  <at>  -166,8 +166,9  <at>  <at>  struct wps_parse_attr {
 	size_t encr_settings_len;
 	const u8 *ssid; /* <= 32 octets */
 	size_t ssid_len;
-	const u8 *network_key; /* <= 64 octets */
-	size_t network_key_len;
+	const u8 *network_key[MAX_NW_KEYS]; /* <= 64 octets */
+	size_t network_key_len[MAX_NW_KEYS];
+	size_t num_nw_key;
 	const u8 *eap_type; /* <= 8 octets */
 	size_t eap_type_len;
 	const u8 *eap_identity; /* <= 64 octets */
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 185db8c..6890884 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
 <at>  <at>  -1016,8 +1016,8  <at>  <at>  static int wps_build_cred_network_key(struct wpabuf *msg,
 {
 	wpa_printf(MSG_DEBUG, "WPS:  * Network Key");
 	wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
-	wpabuf_put_be16(msg, cred->key_len);
-	wpabuf_put_data(msg, cred->key, cred->key_len);
+	wpabuf_put_be16(msg, cred->key_len[0]);
+	wpabuf_put_data(msg, cred->key[0], cred->key_len[0]);
 	return 0;
 }

 <at>  <at>  -1120,11 +1120,11  <at>  <at>  int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
 				      wps->new_psk, wps->new_psk_len);
 		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
-		wps->cred.key_len = wps->new_psk_len;
+		wps->cred.key_len[0] = wps->new_psk_len;
 	} else if (wps->wps->network_key) {
 		os_memcpy(wps->cred.key, wps->wps->network_key,
 			  wps->wps->network_key_len);
-		wps->cred.key_len = wps->wps->network_key_len;
+		wps->cred.key_len[0] = wps->wps->network_key_len;
 	} else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
 		char hex[65];
 		/* Generate a random per-device PSK */
 <at>  <at>  -1143,7 +1143,7  <at>  <at>  int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		wpa_snprintf_hex(hex, sizeof(hex), wps->new_psk,
 				 wps->new_psk_len);
 		os_memcpy(wps->cred.key, hex, wps->new_psk_len * 2);
-		wps->cred.key_len = wps->new_psk_len * 2;
+		wps->cred.key_len[0] = wps->new_psk_len * 2;
 	}

 	cred = wpabuf_alloc(200);
 <at>  <at>  -2422,7 +2422,7  <at>  <at>  static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 		cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
 		cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
 		os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
-		cred.key_len = wps->new_psk_len;
+		cred.key_len[0] = wps->new_psk_len;

 		wps->wps->wps_state = WPS_STATE_CONFIGURED;
 		wpa_hexdump_ascii_key(MSG_DEBUG,
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index a4efc6e..07aa3f0 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
 <at>  <at>  -187,7 +187,7  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 {
 	struct wpa_supplicant *wpa_s = ctx;
 	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	u8 key_idx = 0;
+	u8 i;

 	if ((wpa_s->conf->wps_cred_processing == 1 ||
 	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
 <at>  <at>  -214,9 +214,10  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
 		   cred->auth_type);
 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
-	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
-			cred->key, cred->key_len);
+	wpa_printf(MSG_DEBUG, "WPS: Network Keys %d", cred->keys_num);
+	for (i = 0; i < cred->keys_num; i++)
+		wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+				cred->key[i], cred->key_len[i]);
 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
 		   MAC2STR(cred->mac_addr));

 <at>  <at>  -261,36 +262,35  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	case WPS_ENCR_NONE:
 		break;
 	case WPS_ENCR_WEP:
-		if (cred->key_len <= 0)
-			break;
-		if (cred->key_len != 5 && cred->key_len != 13 &&
-		    cred->key_len != 10 && cred->key_len != 26) {
-			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
-				   "%lu", (unsigned long) cred->key_len);
-			return -1;
-		}
-		if (cred->key_idx > NUM_WEP_KEYS) {
-			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
-				   cred->key_idx);
+		if (cred->keys_num > NUM_WEP_KEYS) {
+			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Keys number %d",
+				   cred->keys_num);
 			return -1;
 		}
-		if (cred->key_idx)
-			key_idx = cred->key_idx - 1;
-		if (cred->key_len == 10 || cred->key_len == 26) {
-			if (hexstr2bin((char *) cred->key,
-				       ssid->wep_key[key_idx],
-				       cred->key_len / 2) < 0) {
-				wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
-					   "%d", key_idx);
+		for (i = 0; i < cred->keys_num; i++) {
+			int len = cred->key_len[i];
+			if (len <= 0)
+				break;
+			if (len != 5 && len != 13 && len != 10 && len != 26) {
+				wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key[%d] length "
+					   "%lu", i, (unsigned long) cred->key_len[i]);
 				return -1;
 			}
-			ssid->wep_key_len[key_idx] = cred->key_len / 2;
-		} else {
-			os_memcpy(ssid->wep_key[key_idx], cred->key,
-				  cred->key_len);
-			ssid->wep_key_len[key_idx] = cred->key_len;
+			if (len == 10 || len == 26) {
+				if (hexstr2bin((char *) cred->key[i],
+					       ssid->wep_key[i],
+					       cred->key_len[i] / 2) < 0) {
+					wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
+						   "%d", i);
+					return -1;
+				}
+				ssid->wep_key_len[i] = cred->key_len[i] / 2;
+			} else {
+				os_memcpy(ssid->wep_key[i], cred->key[i],
+					  cred->key_len[i]);
+				ssid->wep_key_len[i] = cred->key_len[i];
+			}
 		}
-		ssid->wep_tx_keyidx = key_idx;
 		break;
 	case WPS_ENCR_TKIP:
 		ssid->pairwise_cipher = WPA_CIPHER_TKIP;
 <at>  <at>  -334,26 +334,26  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	}

 	if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
-		if (cred->key_len == 2 * PMK_LEN) {
-			if (hexstr2bin((const char *) cred->key, ssid->psk,
+		if (cred->key_len[0] == 2 * PMK_LEN) {
+			if (hexstr2bin((const char *) cred->key[0], ssid->psk,
 				       PMK_LEN)) {
 				wpa_printf(MSG_ERROR, "WPS: Invalid Network "
 					   "Key");
 				return -1;
 			}
 			ssid->psk_set = 1;
-		} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
+		} else if (cred->key_len[0] >= 8 && cred->key_len[0] < 2 * PMK_LEN) {
 			os_free(ssid->passphrase);
-			ssid->passphrase = os_malloc(cred->key_len + 1);
+			ssid->passphrase = os_malloc(cred->key_len[0] + 1);
 			if (ssid->passphrase == NULL)
 				return -1;
-			os_memcpy(ssid->passphrase, cred->key, cred->key_len);
-			ssid->passphrase[cred->key_len] = '\0';
+			os_memcpy(ssid->passphrase, cred->key[0], cred->key_len[0]);
+			ssid->passphrase[cred->key_len[0]] = '\0';
 			wpa_config_update_psk(ssid);
 		} else {
 			wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
 				   "length %lu",
-				   (unsigned long) cred->key_len);
+				   (unsigned long) cred->key_len[0]);
 			return -1;
 		}
 	}
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Andriy Tkachuk | 2 Jul 16:44 2009

Re: [patch] WPS: support up to 4 WEP keys when parsing received credentials

Addition to prev. patch - changes in wps_hostapd.c to compile hostapd also.

Regards,
    Andriy

On 2009-07-02 16:46, Andriy Tkachuk wrote:
> Hi to all.
>
> Attached is the patch which makes Enrollee correctly parse multiple 
> network keys in received credentials. This may be needed when 
> Registrar sends several WEP keys (for example, Linksys WAP610N do this).
>
> Regards,
>    Andriy
> ------------------------------------------------------------------------
>
> _______________________________________________
> HostAP mailing list
> HostAP <at> lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
diff --git a/hostapd/wps_hostapd.c b/hostapd/wps_hostapd.c
index a0c1e3a..ea0dee8 100644
--- a/hostapd/wps_hostapd.c
+++ b/hostapd/wps_hostapd.c
 <at>  <at>  -214,9 +214,9  <at>  <at>  static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
 		   cred->auth_type);
 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+	wpa_printf(MSG_DEBUG, "WPS: Network Keys %d", cred->keys_num);
 	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
-			cred->key, cred->key_len);
+			cred->key[0], cred->key_len[0]);
 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
 		   MAC2STR(cred->mac_addr));

 <at>  <at>  -241,21 +241,21  <at>  <at>  static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
 	hapd->wps->ssid_len = cred->ssid_len;
 	hapd->wps->encr_types = cred->encr_type;
 	hapd->wps->auth_types = cred->auth_type;
-	if (cred->key == NULL) {
+	if (cred->key[0] == NULL) {
 		os_free(hapd->wps->network_key);
 		hapd->wps->network_key = NULL;
 		hapd->wps->network_key_len = 0;
 	} else {
 		if (hapd->wps->network_key == NULL ||
-		    hapd->wps->network_key_len < cred->key_len) {
+		    hapd->wps->network_key_len < cred->key_len[0]) {
 			hapd->wps->network_key_len = 0;
 			os_free(hapd->wps->network_key);
-			hapd->wps->network_key = os_malloc(cred->key_len);
+			hapd->wps->network_key = os_malloc(cred->key_len[0]);
 			if (hapd->wps->network_key == NULL)
 				return -1;
 		}
-		hapd->wps->network_key_len = cred->key_len;
-		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);
+		hapd->wps->network_key_len = cred->key_len[0];
+		os_memcpy(hapd->wps->network_key, cred->key[0], cred->key_len[0]);
 	}
 	hapd->wps->wps_state = WPS_STATE_CONFIGURED;

 <at>  <at>  -326,20 +326,20  <at>  <at>  static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
 		}
 		fprintf(nconf, "\n");

-		if (cred->key_len >= 8 && cred->key_len < 64) {
+		if (cred->key_len[0] >= 8 && cred->key_len[0] < 64) {
 			fprintf(nconf, "wpa_passphrase=");
-			for (i = 0; i < cred->key_len; i++)
-				fputc(cred->key[i], nconf);
+			for (i = 0; i < cred->key_len[0]; i++)
+				fputc(cred->key[0][i], nconf);
 			fprintf(nconf, "\n");
-		} else if (cred->key_len == 64) {
+		} else if (cred->key_len[0] == 64) {
 			fprintf(nconf, "wpa_psk=");
-			for (i = 0; i < cred->key_len; i++)
-				fputc(cred->key[i], nconf);
+			for (i = 0; i < cred->key_len[0]; i++)
+				fputc(cred->key[0][i], nconf);
 			fprintf(nconf, "\n");
 		} else {
-			wpa_printf(MSG_WARNING, "WPS: Invalid key length %lu "
+			wpa_printf(MSG_WARNING, "WPS: Invalid key[0] length %lu "
 				   "for WPA/WPA2",
-				   (unsigned long) cred->key_len);
+				   (unsigned long) cred->key_len[0]);
 		}

 		fprintf(nconf, "auth_algs=1\n");
 <at>  <at>  -352,22 +352,22  <at>  <at>  static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
 		else
 			fprintf(nconf, "auth_algs=1\n");

-		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx <= 4) {
-			int key_idx = cred->key_idx;
-			if (key_idx)
-				key_idx--;
-			fprintf(nconf, "wep_default_key=%d\n", key_idx);
-			fprintf(nconf, "wep_key%d=", key_idx);
-			if (cred->key_len == 10 || cred->key_len == 26) {
-				/* WEP key as a hex string */
-				for (i = 0; i < cred->key_len; i++)
-					fputc(cred->key[i], nconf);
-			} else {
-				/* Raw WEP key; convert to hex */
-				for (i = 0; i < cred->key_len; i++)
-					fprintf(nconf, "%02x", cred->key[i]);
+		if (cred->encr_type & WPS_ENCR_WEP && cred->keys_num <= NUM_WEP_KEYS) {
+			u8 j;
+			for (i = 0; i < cred->keys_num; i++) {
+				int len = cred->key_len[i];
+				fprintf(nconf, "wep_key%d=", i);
+				if (len == 10 || len == 26) {
+					/* WEP key[0] as a hex string */
+					for (j = 0; j < len; j++)
+						fputc(cred->key[i][j], nconf);
+				} else {
+					/* Raw WEP key[0]; convert to hex */
+					for (j = 0; j < len; j++)
+						fprintf(nconf, "%02x", cred->key[i][j]);
+				}
+				fprintf(nconf, "\n");
 			}
-			fprintf(nconf, "\n");
 		}
 	}

diff --git a/src/wps/wps.h b/src/wps/wps.h
index 9807ad4..6aa64e5 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
 <at>  <at>  -33,6 +33,8  <at>  <at>  enum wsc_op_code {
 struct wps_registrar;
 struct upnp_wps_device_sm;

+#define MAX_NW_KEYS 4
+
 /**
  * struct wps_credential - WPS Credential
  *  <at> ssid: SSID
 <at>  <at>  -52,9 +54,9  <at>  <at>  struct wps_credential {
 	size_t ssid_len;
 	u16 auth_type;
 	u16 encr_type;
-	u8 key_idx;
-	u8 key[64];
-	size_t key_len;
+	u8 keys_num;
+	u8 key[MAX_NW_KEYS][64];
+	size_t key_len[MAX_NW_KEYS];
 	u8 mac_addr[ETH_ALEN];
 	const u8 *cred_attr;
 	size_t cred_attr_len;
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 34057c9..08804de 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
 <at>  <at>  -378,8 +378,14  <at>  <at>  static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
 		attr->ssid_len = len;
 		break;
 	case ATTR_NETWORK_KEY:
-		attr->network_key = pos;
-		attr->network_key_len = len;
+		if (*attr->network_key_idx > MAX_NW_KEYS) {
+			wpa_printf(MSG_DEBUG, "WPS: Skipped Network Key "
+				   "attribute (max %d keys)",
+				   MAX_NW_KEYS);
+			break;
+		}
+		attr->network_key[*attr->network_key_idx-1] = pos;
+		attr->network_key_len[*attr->network_key_idx-1] = len;
 		break;
 	case ATTR_EAP_TYPE:
 		attr->eap_type = pos;
diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index ae6e906..34efb2a 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
 <at>  <at>  -164,26 +164,26  <at>  <at>  static int wps_process_cred_network_key_idx(struct wps_credential *cred,
 	if (key_idx == NULL)
 		return 0; /* optional attribute */

-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index: %d", *key_idx);
-	cred->key_idx = *key_idx;
+	wpa_printf(MSG_DEBUG, "WPS: Network Keys: %d", *key_idx);
+	cred->keys_num = *key_idx;

 	return 0;
 }

 
-static int wps_process_cred_network_key(struct wps_credential *cred,
-					const u8 *key, size_t key_len)
+static int wps_process_cred_network_key(int i, struct wps_credential *cred,
+					const u8 *key[], size_t key_len[])
 {
-	if (key == NULL) {
+	if (key[i] == NULL) {
 		wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
-			   "Network Key");
+			   "Network Key %d", i);
 		return -1;
 	}

-	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key, key_len);
-	if (key_len <= sizeof(cred->key)) {
-		os_memcpy(cred->key, key, key_len);
-		cred->key_len = key_len;
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key[i], key_len[i]);
+	if (key_len[i] <= sizeof(cred->key[i])) {
+		os_memcpy(cred->key[i], key[i], key_len[i]);
+		cred->key_len[i] = key_len[i];
 	}

 	return 0;
 <at>  <at>  -259,17 +259,23  <at>  <at>  static int wps_process_cred_802_1x_enabled(struct wps_credential *cred,

 static void wps_workaround_cred_key(struct wps_credential *cred)
 {
-	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
-	    cred->key_len > 8 && cred->key_len < 64 &&
-	    cred->key[cred->key_len - 1] == 0) {
-		/*
-		 * A deployed external registrar is known to encode ASCII
-		 * passphrases incorrectly. Remove the extra NULL termination
-		 * to fix the encoding.
-		 */
-		wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
-			   "termination from ASCII passphrase");
-		cred->key_len--;
+	int i;
+
+	if ((cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) == 0)
+		return;
+
+	/*
+	 * A deployed external registrar is known to encode ASCII
+	 * passphrases incorrectly. Remove the extra NULL termination
+	 * to fix the encoding.
+	 */
+	for (i = 0; i < cred->keys_num; i++) {
+		int len = cred->key_len[i];
+		if (len > 8 && len < 64 && cred->key[len - 1] == 0) {
+			wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
+				   "termination from ASCII passphrase");
+			cred->key_len[i]--;
+		}
 	}
 }

 <at>  <at>  -277,16 +283,15  <at>  <at>  static void wps_workaround_cred_key(struct wps_credential *cred)
 int wps_process_cred(struct wps_parse_attr *attr,
 		     struct wps_credential *cred)
 {
+	int i;
+
 	wpa_printf(MSG_DEBUG, "WPS: Process Credential");

-	/* TODO: support multiple Network Keys */
 	if (wps_process_cred_network_idx(cred, attr->network_idx) ||
 	    wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
 	    wps_process_cred_auth_type(cred, attr->auth_type) ||
 	    wps_process_cred_encr_type(cred, attr->encr_type) ||
 	    wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
-	    wps_process_cred_network_key(cred, attr->network_key,
-					 attr->network_key_len) ||
 	    wps_process_cred_mac_addr(cred, attr->mac_addr) ||
 	    wps_process_cred_eap_type(cred, attr->eap_type,
 				      attr->eap_type_len) ||
 <at>  <at>  -296,6 +301,11  <at>  <at>  int wps_process_cred(struct wps_parse_attr *attr,
 	    wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled))
 		return -1;

+	for (i = 0; i < cred->keys_num; i++)
+		if (wps_process_cred_network_key(i, cred, attr->network_key,
+					 attr->network_key_len))
+			return -1;
+
 	wps_workaround_cred_key(cred);

 	return 0;
 <at>  <at>  -312,7 +322,7  <at>  <at>  int wps_process_ap_settings(struct wps_parse_attr *attr,
 	    wps_process_cred_auth_type(cred, attr->auth_type) ||
 	    wps_process_cred_encr_type(cred, attr->encr_type) ||
 	    wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
-	    wps_process_cred_network_key(cred, attr->network_key,
+	    wps_process_cred_network_key(0, cred, attr->network_key,
 					 attr->network_key_len) ||
 	    wps_process_cred_mac_addr(cred, attr->mac_addr))
 		return -1;
diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index e3cf236..4ade2c6 100644
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
 <at>  <at>  -166,8 +166,9  <at>  <at>  struct wps_parse_attr {
 	size_t encr_settings_len;
 	const u8 *ssid; /* <= 32 octets */
 	size_t ssid_len;
-	const u8 *network_key; /* <= 64 octets */
-	size_t network_key_len;
+	const u8 *network_key[MAX_NW_KEYS]; /* <= 64 octets */
+	size_t network_key_len[MAX_NW_KEYS];
+	size_t num_nw_key;
 	const u8 *eap_type; /* <= 8 octets */
 	size_t eap_type_len;
 	const u8 *eap_identity; /* <= 64 octets */
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 185db8c..6890884 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
 <at>  <at>  -1016,8 +1016,8  <at>  <at>  static int wps_build_cred_network_key(struct wpabuf *msg,
 {
 	wpa_printf(MSG_DEBUG, "WPS:  * Network Key");
 	wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
-	wpabuf_put_be16(msg, cred->key_len);
-	wpabuf_put_data(msg, cred->key, cred->key_len);
+	wpabuf_put_be16(msg, cred->key_len[0]);
+	wpabuf_put_data(msg, cred->key[0], cred->key_len[0]);
 	return 0;
 }

 <at>  <at>  -1120,11 +1120,11  <at>  <at>  int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
 				      wps->new_psk, wps->new_psk_len);
 		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
-		wps->cred.key_len = wps->new_psk_len;
+		wps->cred.key_len[0] = wps->new_psk_len;
 	} else if (wps->wps->network_key) {
 		os_memcpy(wps->cred.key, wps->wps->network_key,
 			  wps->wps->network_key_len);
-		wps->cred.key_len = wps->wps->network_key_len;
+		wps->cred.key_len[0] = wps->wps->network_key_len;
 	} else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
 		char hex[65];
 		/* Generate a random per-device PSK */
 <at>  <at>  -1143,7 +1143,7  <at>  <at>  int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		wpa_snprintf_hex(hex, sizeof(hex), wps->new_psk,
 				 wps->new_psk_len);
 		os_memcpy(wps->cred.key, hex, wps->new_psk_len * 2);
-		wps->cred.key_len = wps->new_psk_len * 2;
+		wps->cred.key_len[0] = wps->new_psk_len * 2;
 	}

 	cred = wpabuf_alloc(200);
 <at>  <at>  -2422,7 +2422,7  <at>  <at>  static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 		cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
 		cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
 		os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
-		cred.key_len = wps->new_psk_len;
+		cred.key_len[0] = wps->new_psk_len;

 		wps->wps->wps_state = WPS_STATE_CONFIGURED;
 		wpa_hexdump_ascii_key(MSG_DEBUG,
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index a4efc6e..07aa3f0 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
 <at>  <at>  -187,7 +187,7  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 {
 	struct wpa_supplicant *wpa_s = ctx;
 	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	u8 key_idx = 0;
+	u8 i;

 	if ((wpa_s->conf->wps_cred_processing == 1 ||
 	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
 <at>  <at>  -214,9 +214,10  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
 		   cred->auth_type);
 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
-	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
-			cred->key, cred->key_len);
+	wpa_printf(MSG_DEBUG, "WPS: Network Keys %d", cred->keys_num);
+	for (i = 0; i < cred->keys_num; i++)
+		wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+				cred->key[i], cred->key_len[i]);
 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
 		   MAC2STR(cred->mac_addr));

 <at>  <at>  -261,36 +262,35  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	case WPS_ENCR_NONE:
 		break;
 	case WPS_ENCR_WEP:
-		if (cred->key_len <= 0)
-			break;
-		if (cred->key_len != 5 && cred->key_len != 13 &&
-		    cred->key_len != 10 && cred->key_len != 26) {
-			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
-				   "%lu", (unsigned long) cred->key_len);
-			return -1;
-		}
-		if (cred->key_idx > NUM_WEP_KEYS) {
-			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
-				   cred->key_idx);
+		if (cred->keys_num > NUM_WEP_KEYS) {
+			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Keys number %d",
+				   cred->keys_num);
 			return -1;
 		}
-		if (cred->key_idx)
-			key_idx = cred->key_idx - 1;
-		if (cred->key_len == 10 || cred->key_len == 26) {
-			if (hexstr2bin((char *) cred->key,
-				       ssid->wep_key[key_idx],
-				       cred->key_len / 2) < 0) {
-				wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
-					   "%d", key_idx);
+		for (i = 0; i < cred->keys_num; i++) {
+			int len = cred->key_len[i];
+			if (len <= 0)
+				break;
+			if (len != 5 && len != 13 && len != 10 && len != 26) {
+				wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key[%d] length "
+					   "%lu", i, (unsigned long) cred->key_len[i]);
 				return -1;
 			}
-			ssid->wep_key_len[key_idx] = cred->key_len / 2;
-		} else {
-			os_memcpy(ssid->wep_key[key_idx], cred->key,
-				  cred->key_len);
-			ssid->wep_key_len[key_idx] = cred->key_len;
+			if (len == 10 || len == 26) {
+				if (hexstr2bin((char *) cred->key[i],
+					       ssid->wep_key[i],
+					       cred->key_len[i] / 2) < 0) {
+					wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
+						   "%d", i);
+					return -1;
+				}
+				ssid->wep_key_len[i] = cred->key_len[i] / 2;
+			} else {
+				os_memcpy(ssid->wep_key[i], cred->key[i],
+					  cred->key_len[i]);
+				ssid->wep_key_len[i] = cred->key_len[i];
+			}
 		}
-		ssid->wep_tx_keyidx = key_idx;
 		break;
 	case WPS_ENCR_TKIP:
 		ssid->pairwise_cipher = WPA_CIPHER_TKIP;
 <at>  <at>  -334,26 +334,26  <at>  <at>  static int wpa_supplicant_wps_cred(void *ctx,
 	}

 	if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
-		if (cred->key_len == 2 * PMK_LEN) {
-			if (hexstr2bin((const char *) cred->key, ssid->psk,
+		if (cred->key_len[0] == 2 * PMK_LEN) {
+			if (hexstr2bin((const char *) cred->key[0], ssid->psk,
 				       PMK_LEN)) {
 				wpa_printf(MSG_ERROR, "WPS: Invalid Network "
 					   "Key");
 				return -1;
 			}
 			ssid->psk_set = 1;
-		} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
+		} else if (cred->key_len[0] >= 8 && cred->key_len[0] < 2 * PMK_LEN) {
 			os_free(ssid->passphrase);
-			ssid->passphrase = os_malloc(cred->key_len + 1);
+			ssid->passphrase = os_malloc(cred->key_len[0] + 1);
 			if (ssid->passphrase == NULL)
 				return -1;
-			os_memcpy(ssid->passphrase, cred->key, cred->key_len);
-			ssid->passphrase[cred->key_len] = '\0';
+			os_memcpy(ssid->passphrase, cred->key[0], cred->key_len[0]);
+			ssid->passphrase[cred->key_len[0]] = '\0';
 			wpa_config_update_psk(ssid);
 		} else {
 			wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
 				   "length %lu",
-				   (unsigned long) cred->key_len);
+				   (unsigned long) cred->key_len[0]);
 			return -1;
 		}
 	}
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Jon Loeliger | 2 Jul 17:02 2009

[PATCH] Allow wpa_supplicant to use libnl-2.0

Introduce CONFIG_LIBNL20 .config parameter and propogate
that as a CFLAG in the Makefile.

Add forward-compatibility code to allow the existing code
to also use libnl-2.0.

Signed-off-by: Jon Loeliger <jdl <at> bigfootnetworks.com>
---

 This patch applies to:
    git://w1.fi/srv/git/hostap-06.git
    fa4e296f542af01da135d997358d6d45a32dd59e

and was originally posted on the linux-wireless list.

Also, I suspect that this define:

    +#define nl_handle nl_sock

may need to be added to the hostapd side as well, but
I'm not using that and haven't investigated or tested that.

jdl

 src/drivers/driver_nl80211.c |   17 +++++++++++++++++
 wpa_supplicant/Makefile      |    4 ++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index a7b351a..66288f6 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
 <at>  <at>  -47,6 +47,15  <at>  <at> 
 #endif

 
+#ifdef CONFIG_LIBNL20
+/* libnl 2.0 compatibility code */
+
+#define nl_handle nl_sock
+#define nl_handle_alloc_cb nl_socket_alloc_cb
+#define nl_handle_destroy nl_socket_free
+#endif /* CONFIG_LIBNL20 */
+
+
 struct wpa_driver_nl80211_data {
 	void *ctx;
 	int wext_event_sock;
 <at>  <at>  -1441,12 +1450,20  <at>  <at>  static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
 		goto err3;
 	}

+#ifdef CONFIG_LIBNL20
+	if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
+	    wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
+			   "netlink cache");
+		goto err3;
+	}
+#else
 	drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
 	if (drv->nl_cache == NULL) {
 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
 			   "netlink cache");
 		goto err3;
 	}
+#endif

 	drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
 	if (drv->nl80211 == NULL) {
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 45d6ada..fa43a0c 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
 <at>  <at>  -135,6 +135,10  <at>  <at>  ifdef CONFIG_DRIVER_NL80211
 CFLAGS += -DCONFIG_DRIVER_NL80211
 OBJS_d += ../src/drivers/driver_nl80211.o
 LIBS += -lnl
+ifdef CONFIG_LIBNL20
+LIBS += -lnl-genl
+CFLAGS += -DCONFIG_LIBNL20
+endif
 ifdef CONFIG_CLIENT_MLME
 OBJS_d += ../src/drivers/radiotap.o
 endif
--

-- 
1.6.3.GIT
Dan Williams | 2 Jul 17:30 2009
Picon

Re: [PATCH] Allow wpa_supplicant to use libnl-2.0

On Thu, 2009-07-02 at 10:02 -0500, Jon Loeliger wrote:
> Introduce CONFIG_LIBNL20 .config parameter and propogate
> that as a CFLAG in the Makefile.

Or use pkgconfig to autodetect what version you have installed.

Dan

> Add forward-compatibility code to allow the existing code
> to also use libnl-2.0.
> 
> Signed-off-by: Jon Loeliger <jdl <at> bigfootnetworks.com>
> ---
> 
>  This patch applies to:
>     git://w1.fi/srv/git/hostap-06.git
>     fa4e296f542af01da135d997358d6d45a32dd59e
> 
> and was originally posted on the linux-wireless list.
>  
> Also, I suspect that this define:
> 
>     +#define nl_handle nl_sock
> 
> may need to be added to the hostapd side as well, but
> I'm not using that and haven't investigated or tested that.
> 
> jdl
> 
>  src/drivers/driver_nl80211.c |   17 +++++++++++++++++
>  wpa_supplicant/Makefile      |    4 ++++
>  2 files changed, 21 insertions(+), 0 deletions(-)
> 
> diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
> index a7b351a..66288f6 100644
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
>  <at>  <at>  -47,6 +47,15  <at>  <at> 
>  #endif
>  
> 
> +#ifdef CONFIG_LIBNL20
> +/* libnl 2.0 compatibility code */
> +
> +#define nl_handle nl_sock
> +#define nl_handle_alloc_cb nl_socket_alloc_cb
> +#define nl_handle_destroy nl_socket_free
> +#endif /* CONFIG_LIBNL20 */
> +
> +
>  struct wpa_driver_nl80211_data {
>  	void *ctx;
>  	int wext_event_sock;
>  <at>  <at>  -1441,12 +1450,20  <at>  <at>  static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
>  		goto err3;
>  	}
>  
> +#ifdef CONFIG_LIBNL20
> +	if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
> +	    wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
> +			   "netlink cache");
> +		goto err3;
> +	}
> +#else
>  	drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
>  	if (drv->nl_cache == NULL) {
>  		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
>  			   "netlink cache");
>  		goto err3;
>  	}
> +#endif
>  
>  	drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
>  	if (drv->nl80211 == NULL) {
> diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> index 45d6ada..fa43a0c 100644
> --- a/wpa_supplicant/Makefile
> +++ b/wpa_supplicant/Makefile
>  <at>  <at>  -135,6 +135,10  <at>  <at>  ifdef CONFIG_DRIVER_NL80211
>  CFLAGS += -DCONFIG_DRIVER_NL80211
>  OBJS_d += ../src/drivers/driver_nl80211.o
>  LIBS += -lnl
> +ifdef CONFIG_LIBNL20
> +LIBS += -lnl-genl
> +CFLAGS += -DCONFIG_LIBNL20
> +endif
>  ifdef CONFIG_CLIENT_MLME
>  OBJS_d += ../src/drivers/radiotap.o
>  endif
Jon Loeliger | 2 Jul 17:32 2009

Re: [PATCH] Allow wpa_supplicant to use libnl-2.0

On Thu, 2009-07-02 at 11:30 -0400, Dan Williams wrote:
> On Thu, 2009-07-02 at 10:02 -0500, Jon Loeliger wrote:
> > Introduce CONFIG_LIBNL20 .config parameter and propogate
> > that as a CFLAG in the Makefile.
> 
> Or use pkgconfig to autodetect what version you have installed.
> 
> Dan

Dan,

I actually followed the existing style and code that was
already present for the hostapd compile, so I didn't really
have a choice about mechanism here.  I simply extended it
into the wpa_supplicant side.

jdl
Jouni Malinen | 2 Jul 17:40 2009
Picon

Re: [PATCH] Allow wpa_supplicant to use libnl-2.0

On Thu, Jul 02, 2009 at 10:02:57AM -0500, Jon Loeliger wrote:
> Introduce CONFIG_LIBNL20 .config parameter and propogate
> that as a CFLAG in the Makefile.
> 
> Add forward-compatibility code to allow the existing code
> to also use libnl-2.0.

Thanks. I don't think libnl 2.0 has been released and the snapshot
versions after 1.1 are known to have changed the API in incompatible
ways, so I do not have much interest in tracking this before a real
release is available. I'm not aware of any need for the 2.0 snapshots at
this point, i.e., 1.1 release should cover all needs for wpa_supplicant
and hostapd.

>  This patch applies to:
>     git://w1.fi/srv/git/hostap-06.git

All changes to wpa_supplicant/hostapd need to go through hostap.git
repository first and then be merged into hostap-06.git should they be
considered important for the stable branch. I did not yet look at
whether this would apply to hostap.git as-is, but can do so at some
point if needed.

--

-- 
Jouni Malinen                                            PGP id EFC895FA
Jon Loeliger | 2 Jul 18:21 2009

Re: [PATCH] Allow wpa_supplicant to use libnl-2.0

On Thu, 2009-07-02 at 18:40 +0300, Jouni Malinen wrote:
> On Thu, Jul 02, 2009 at 10:02:57AM -0500, Jon Loeliger wrote:
> > Introduce CONFIG_LIBNL20 .config parameter and propogate
> > that as a CFLAG in the Makefile.
> > 
> > Add forward-compatibility code to allow the existing code
> > to also use libnl-2.0.
> 
> Thanks. I don't think libnl 2.0 has been released

As far as I know, it has not yet been officially released.
The libnl 1.1 release, though, was about 18 months ago.
I'm hoping we've made some improvements in the library since then! :-)

> and the snapshot
> versions after 1.1 are known to have changed the API in incompatible
> ways,

So, hostapd, though it has the options in its build, doesn't work?

>  so I do not have much interest in tracking this before a real
> release is available.

Sorry, but this reads strangely to me.  It sounds to me like
you (we) are not interested in doing development work towards
the next release so that it might be ready when that release
happens.  Is that right?

>  I'm not aware of any need for the 2.0 snapshots at
> this point, i.e., 1.1 release should cover all needs for wpa_supplicant
> and hostapd.

I have other needs in my system to keep up to date with
the head of the wireless development efforts.  But that
could be just me. :-)

> >  This patch applies to:
> >     git://w1.fi/srv/git/hostap-06.git
> 
> All changes to wpa_supplicant/hostapd need to go through hostap.git
> repository first and then be merged into hostap-06.git should they be
> considered important for the stable branch. I did not yet look at
> whether this would apply to hostap.git as-is, but can do so at some
> point if needed.

OK, so this was very confusing to me.  Yes, I've seen the
release graph on w1.fi, and I've browsed the two hostap.git
and hostap-06.git code bases.  Because the 6.8 and 6.9 tags
are not present in the hostap.git repo, I incorrectly decided
that hostap.git was lagging behind the hostap-06.git.

If hostap.git is the current development head, I'll rebase
my patch for that repo!

Thanks,
jdl
Jouni Malinen | 2 Jul 18:49 2009
Picon

Re: [PATCH] Allow wpa_supplicant to use libnl-2.0

On Thu, Jul 02, 2009 at 11:21:21AM -0500, Jon Loeliger wrote:
> On Thu, 2009-07-02 at 18:40 +0300, Jouni Malinen wrote:
> > Thanks. I don't think libnl 2.0 has been released
> 
> As far as I know, it has not yet been officially released.
> The libnl 1.1 release, though, was about 18 months ago.
> I'm hoping we've made some improvements in the library since then! :-)

Maybe there have been improvements, but I'm not aware of issues in the
latest release either.

> > and the snapshot
> > versions after 1.1 are known to have changed the API in incompatible
> > ways,
> 
> So, hostapd, though it has the options in its build, doesn't work?

I have not checked whether it builds against the current libnl snapshot
since it is too much of a moving target with incompatible API changes
and no easy version etc. defines that could be used to automatically fix
the application builds. It used to be possible to build hostapd against
a libnl snapshot at the time when the forward compatibility code was
added into driver_nl80211.c.

> >  so I do not have much interest in tracking this before a real
> > release is available.
> 
> Sorry, but this reads strangely to me.  It sounds to me like
> you (we) are not interested in doing development work towards
> the next release so that it might be ready when that release
> happens.  Is that right?

As long as a library keeps changing its API in ways that are not even
trying to be backwards compatible, does not provide any defines to
allow this to be handled cleanly, and the author does not reply to
questions and suggestions to improve this situation, then yes, I'm not
very interested in doing the development work before the next release
is available or at least there is reasonable expectation on the new API
being frozen for 2.0 release.

> OK, so this was very confusing to me.  Yes, I've seen the
> release graph on w1.fi, and I've browsed the two hostap.git
> and hostap-06.git code bases.  Because the 6.8 and 6.9 tags
> are not present in the hostap.git repo, I incorrectly decided
> that hostap.git was lagging behind the hostap-06.git.
> 
> If hostap.git is the current development head, I'll rebase
> my patch for that repo!

Naming used here may not be clear enough if you have not been following
the development process in the past, but yes, hostap.git is indeed the
development branch and continues to be that. hostap-*.git will be stable
branches which will be created more or less when a stable release is
created. Stable release updates like 0.6.8 and 0.6.9 are only available
from the stable branches, not from the main development repository.

--

-- 
Jouni Malinen                                            PGP id EFC895FA
Chuck Tuffli | 3 Jul 00:33 2009

EAP-TLS + internal crypto problem

Hi -

I upgraded to the 0.7.x supplicant and elected to use the internal crypto, but my EAP-TLS configuration no longer works. Previously I used 0.5.10 + OpenSSL against a FreeRadius server and this worked well. The only difference now in the setup (STA, AP, FreeRadius, configuration files, etc) is the new supplicant built with CONFIG_TLS=internal. Is this a problem with internal crypto or maybe with my certs?

[416] cat /nfsroot/ctuffli/target20/opt/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
update_config=1

network={
        ssid="linksys_WPS_1dwy"

        # 802.1X
        key_mgmt=WPA-EAP
        proto=RSN
        eap=TLS
        ca_cert="/certs/wifi_ca_cert.pem"
        client_cert="/certs/client_keycert.pem"
        private_key="/certs/client_keycert.pem"
        private_key_passwd="whatever"

        identity="root"
}

# /opt/bin/wpa_supplicant -v
wpa_supplicant v0.7.0
Copyright (c) 2003-2009, Jouni Malinen <j <at> w1.fi> and contributors

# /opt/bin/wpa_cli
wpa_cli v0.7.0
Copyright (c) 2004-2009, Jouni Malinen <j <at> w1.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'wifi0'

Interactive mode

> <2>CTRL-EVENT-SCAN-RESULTS
<2>WPS-AP-AVAILABLE
<2>Trying to associate with 00:22:6b:4f:de:00 (SSID='linksys_WPS_1dwy' freq=2462 MHz)
<2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
<2>Associated with 00:22:6b:4f:de:00
<2>CTRL-EVENT-EAP-STARTED EAP authentication started
<2>EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
<2>CTRL-EVENT-EAP-STARTED EAP authentication started
<2>EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
<2>Authentication with 00:22:6b:4f:de:00 timed out.
<2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
<2>CTRL-EVENT-SCAN-RESULTS
<2>WPS-AP-AVAILABLE


______________________________________________________________________
DSP Group, Inc. automatically scans all emails and attachments using MessageLabs Email Security System.
_____________________________________________________________________
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap

Gmane