| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
The STA won't be able to use block ACK/aggregation, but at least it
should be allowed to use MCS rates and HT40.
|
| |
|
|
|
| |
In addition, make uninstall use confirm dialog to avoid accidental
uninstalls.
|
| | |
|
| |
|
|
|
|
| |
UUID-E is not required to be present in Beacon frame, so we need to
accept scan results that do not have UUID-E as a valid PBC situation as
long as not more than one AP is in active PBC mode.
|
| | |
|
| |
|
|
|
|
| |
wpa_gui will now ask user whether the wpasvc service should be started
if it is not running. In addition, File menu has items for starting and
stopping the service.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Change association behavior to match with ap_scan=1 when WPS is used in
ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded
BSSID to be used to select AP even if selected registrar attribute is
not present.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
A separate cross compiler mkspecs file (win32-x-g++) is now used to
configure all build options so the setup-mingw-cross-compiling hack is
not needed anymore. Furthermore, the MinGW setup is now on path, so no
need to specify extra PATH changes for it.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This callback is now used to stop wpa_supplicant from trying to continue
using parameters (most likely, device password) that do not work in a
loop. In addition, wpa_gui can now notify user of failed registration.
|
| |
|
|
|
|
| |
The event callback will be used for various event messages and the M2D
notification is the first such message. It is used to notify wpa_gui
about Registrar not yet knowing the device password (PIN).
|
| | |
|
| |
|
|
| |
crypto_mod_exp() is needed for both EAP-FAST and WPS.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dot11RSNAConfigGroupUpdateTimeOut and
dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in
draft versions of IEEE 802.11i, so rename these in order not to use
confusing name here.
Replaced EAPOL-Key timeout to use following timeouts (in
milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There
is no point in sending out the final EAPOL-Key frame which would be
immediately followed by disconnection. After the change to allow
response to any pending EAPOL-Key frame, it is fine to send the first
retransmission quickly to avoid long wait in cases where Supplicant
did not receive the first frame for any reason. The new sequence will
still provide 3.1 seconds of time to get any response frame, so this
does not reduce the previous time.
|
| |
|
|
|
|
|
|
| |
We need to be a bit more careful when removing the WPS configuration
block since wpa_s->current_ssid may still be pointing at it. In
addition, registrar pointer in wps_context will need to be cleared
since the context data is now maintained over multiple EAP-WSC runs.
Without this, certain WPS operations could have used freed memory.
|
| |
|
|
|
|
| |
IEEE 802.11n does not allow HT STAs to use TKIP between themselves, so
do do allow a configuration that would force this to happen if HT is
used.
|
| |
|
|
|
|
|
| |
The specific AP (BSSID) can now be selected through scan results for
WPS (WPS pushbutton on the network configuration dialog). When a BSSID
is selected, AP device PIN (e.g., from a label) can be used to configure
the AP by acting as a Registrar.
|
| |
|
|
|
|
| |
Instead of sending out EAP-Failure on errors (on AP) or stopping (on
Supplicant), send a NACK message based on the allowed EAP state machine
transitions for EAP-WSC.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Accept response to any pending request, not just the last one. This
gives the Supplicant more time to reply since hostapd will now allow up
to three seconds for the reply to the first EAPOL-Key frame transmission
(and two seconds for the first retry and one second for the last) while
the previous version invalidated any old request immediately when
sending a retransmitted frame.
If the Supplicant replies to more than one request, only the first reply
to arrive at the Authenticator will be processed. As far as the
Supplicant is concerned, this behavior does not differ from the previous
one except for being less likely to cause unneeded retransmissions of
EAPOL-Key frames.
This can help in cases where power saving is used when the group key is
rekeyed or when there is excessive traffic on the channel that can delay
(or drop) EAPOL-Key frames.
|
| |
|
|
| |
Currently, only Enrollee operations (both PBC and PIN) are supported.
|
| | |
|
| |
|
|
|
|
|
| |
Whenever new scan results include WPS AP(s) and the client is not
associated, send a notification message to control interface monitors.
This makes it easier for GUIs to notify the user about possible WPS
availability without having to go through the scan results.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows Server 2008 NPS gets very confused if the TLS Message Length is
not included in the Phase 1 messages even if fragmentation is not used.
If the TLS Message Length field is not included in ClientHello message,
NPS seems to decide to use the ClientHello data (excluding first six
octets, i.e., EAP header, type, Flags) as the OuterTLVs data in
Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP)..
Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of
this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0
is now using optional Cryptobinding by default (again) since there are
no known interop issues with it anymore.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changed peer to derive the full key (both MS-MPPE-Recv-Key and
MS-MPPE-Send-Key for total of 32 octets) to match with server
implementation.
Swapped the order of MPPE keys in MSK derivation since server
MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for
EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now
using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap
the order of the MPPE keys to get ISK in a way that interoperates with
Cisco EAP-FAST implementation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.
hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
|
| |
|
|
|
| |
This is now available in MinGW header files, so the loading code is
triggering conflicts.
|
| | |
|
