From: Luke Howard Date: Wed, 27 Apr 2011 14:42:16 +0000 (+0200) Subject: remove @EAP_LDFLAGS@, no longer exists X-Git-Tag: 0.9.2~211 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=fa210a112d16848a282d662f16f9b8589dd371df;hp=a3d666260a9b578b9ad6f7ffd15671530ec632d9 remove @EAP_LDFLAGS@, no longer exists --- diff --git a/libeap/.gitignore b/libeap/.gitignore new file mode 100644 index 0000000..4a1ad86 --- /dev/null +++ b/libeap/.gitignore @@ -0,0 +1,17 @@ +*.o +*.d +*~ +wpa_supplicant/eapol_test +wpa_supplicant/preauth_test +wpa_supplicant/wpa_cli +wpa_supplicant/wpa_passphrase +wpa_supplicant/wpa_supplicant +wpa_supplicant/wpa_priv +wpa_supplicant/wpa_gui/Makefile +wpa_supplicant/wpa_gui/wpa_gui +wpa_supplicant/wpa_gui-qt4/Makefile +wpa_supplicant/wpa_gui-qt4/wpa_gui +hostapd/hostapd +hostapd/hostapd_cli +hostapd/hlr_auc_gw +hostapd/nt_password_hash diff --git a/libeap/COPYING b/libeap/COPYING new file mode 100644 index 0000000..14f5453 --- /dev/null +++ b/libeap/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/libeap/FAQ b/libeap/FAQ new file mode 100644 index 0000000..ce65abb --- /dev/null +++ b/libeap/FAQ @@ -0,0 +1,181 @@ +Host AP driver - Frequently Asked Questions +=========================================== + +1. What does "GetNextTuple: No more items" mean in hostap_cs initialization? +2. Why RX does not work? + What does "NETDEV WATCHDOG: wlan0: transmit timed out" mean? + (interrupt delivery problems) +3. What is wrong with Host AP mode in secondary (station) firmware v1.4.2? +4. What is causing 'Unresolved symbols' in depmod/modprobe? +5. How can I upgrade Prism2/2.5/3 firmware? +6. Why did I get two network interfaces (wlan0 and wifi0) even when I have + only one wireless card? +7. Why does my D-Link DWL-650 rev. P1 or D-Link DWL-520 rev. E1 (or any other + card with small flash) card fail? +8. Does Host AP driver support IEEE 802.11a and 802.11g? Does it support + chipsets other than Prism 2/2.5/3? + + + +1. What does "GetNextTuple: No more items" mean in hostap_cs initialization? + +This is one of the most often reported problems in getting the +hostap_cs.o driver working. It is usually reported for D-Link DWL-650 +PC Card, e.g., on ISA-to-PCMCIA adapter. Later versions of the driver +report this also with "Vcc mismatch - skipping this entry". + +Most common reason for getting this is a mismatch in voltage +configuration. The driver tries to make sure that the voltage (Vcc) +configuration in CIS and the slot match each other. It refuses to +initialize the card if the card CIS does not include a CFTABLE entry +with a matching Vcc value. This seems to be a problem for some cases +since the CIS is invalid or the reported voltage is incorrect. + +As a workaround, the driver supports a module parameter ignore_cis_vcc +that can be used to skip this verification. This can be enabled by +setting ignore_cis_vcc=1 in /etc/pcmcia/hostap_cs.conf (commented +example line in the end of file). This can also be tested by manually +loading the module with 'modprobe hostap_cs ignore_cis_vcc=1' before +inserting the card). + + + +2. Why RX does not work? + What does "NETDEV WATCHDOG: wlan0: transmit timed out" mean? + (interrupt delivery problems) + +If the driver does not seem to receive any packets or sending packets +results in "NETDEV WATCHDOG: wlan0: transmit timed out", the reason is +probably in interrupt delivery problems. This is quite common with +PCI-to-PCMCIA adapters. Newer than 2002-05-19 of the driver have a +test that will report this after the initialization ("wlan: Possible +interrupt delivery problem"). Another method for checking this is to +observer whether interrupt counters in /proc/interrupts increase for +hostap_cs/wlan0 entry. + +Adding suitable irq_mode=# setting in PCIC_OPTS line of +pcmcia-configuration is the most common fix for this. pcmcia-cs HOWTO +has more information on how to debug and fix interrupt delivery +problems at +http://pcmcia-cs.sourceforge.net/ftp/doc/PCMCIA-HOWTO-5.html#irqmode + + + +3. What is wrong with Host AP mode in secondary (station) firmware v1.4.2? + +It looks like secondary firmware v1.4.2 sends beacon frames properly, +but does not respond to probe requests. With most station cards, this +prevents authentication and association and thus, in practice, no data +frames can be sent. It has been reported that at least some Cisco +Aironet 350 cards can associate with Host AP mode even with firmware +v1.4.2 (i.e., without receiving probe response), but Prism2 and +Lucent/ORiNOCO/Agere seem to require probe response and they do not +thus associate with AP using v1.4.2 firmware. + +This is fixed in later secondary firmware versions; probably already +in 1.4.3, but at least 1.4.9 has been tested to work. In other words, +this problem can be fixed by upgrading card firmware. + + + +4. What is causing 'Unresolved symbols' in depmod/modprobe? + +Installation of Host AP driver (e.g, 'make install_pccard') may report +unresolved symbols when running depmod. These are usually caused with +mismatch in kernel configuration for modversions. + +Example: + +depmod reports unresolved symbol 'eth_type_trans' (this is without +modversions): +depmod: eth_type_trans + +but kernel was really configured with CONFIG_MODVERSIONS: + +# grep eth_type_trans /proc/ksyms +c01b66c0 eth_type_trans_Rdb9cd26f + +(notice the _R... postfix) + +This happens if the kernel configuration given to Host AP driver's +Makefile (.config in KERNEL_PATH) has not CONFIG_MODVERSIONS, but the +running kernel is compiled with it. +If the kernel were configured without modversions, /proc/ksyms would +show the symbols with _R... postfix: + + +Mismatches in kernel configuration can be fixed by using the same +configuration (i.e., Linux kernel .config) for both the kernel and the +driver. If you are using a kernel from a distribution installation +(i.e., you have not compiled it yourself), you will need to create a +matching .config file somehow. This depends on the distribution you +are using, but 'make oldconfig' in kernel source directory might work +with some distributions. If you compile the kernel yourself, it will +be easier, since you already have to have created the correct .config +file. + + + +5. How can I upgrade Prism2/2.5/3 firmware? + +Prism2/2.5/3 cards and Host AP driver support two different mechanism +of upgrading the card firmware. Firmware images (primary and station) +can be downloaded either into volatile memory (RAM download) or +non-volatile memory (flash upgrade). Firmware images downloaded into +volatile memory are lost when the card is resetted, so they are quite +safe. Flash upgrade with incorrect images may cause permanent problems +(i.e., render the card useless), so certain amount of caution is +always recommended for this. + +Note! Some of the older versions of Host AP driver or prism2_srec had +fatal bugs in flash upgrade. Only versions 0.1.0 or newer should be +used when performing non-volatile flash upgrade! + +utils/prism2_srec (run 'make' in utils directory to build this) is a +tool that can be instructed Host AP driver to download firmware image +into the wlan card. Brief usage information is available by running +this program without any command line parameters. Please note, that +the downloading support is disabled in the default Host AP driver +build. You will need to change this by defining +PRISM2_DOWNLOAD_SUPPORT (and PRISM2_NON_VOLATILE_DOWNLOAD if you want +to update flash); see driver/modules/hostap_config.h for more details. + +Jun Sun has written a mini-howto on flashing Intersil Prism +Chipsets. This is available at http://linux.junsun.net/intersil-prism/. + + + +6. Why did I get two network interfaces (wlan0 and wifi0) even when I have + only one wireless card? + +Host AP driver supports multiple virtual interfaces per wireless +card. wifi0 is the master radio interface and wlan0 is the first +virtual interface for this radio. Other virtual interfaces are wlan0ap +(for hostapd), and one interface per WDS link. + +In most cases, one should ignore wifi0 interface and just use wlan0 +interface. In other words, assign IP address to wlan0, not wifi0 and +in general, just ignore the wifi0 interface. + + + +7. Why does my D-Link DWL-650 rev. P1 or D-Link DWL-520 rev. E1 (or any other + card with small flash) card fail? + +Some of the new Prism3-based cards use a smaller flash chip that does +not include full firmware for the card. For example, D-Link DWL-650 +rev. P1 and D-Link DWL-520 rev. E1 are such cards. These cards require +that the firmware is downloaded to the card during initialization. See +utils/hostap_fw_load for example commands on doing this. + + + +8. Does Host AP driver support IEEE 802.11a and 802.11g? Does it support + chipsets other than Prism 2/2.5/3? + +Host AP driver supports only Intersil Prism chipsets, versions 2, 2.5, +and 3. Those chipsets support IEEE 802.11b only; other chipsets are +not supported. All utilities distributed with Host AP driver except +wpa_supplicant work only with Host AP driver, so they are limited to +the same hardware. wpa_supplicant works with other drivers, including +those that support 802.11a and 802.11g. diff --git a/libeap/Makefile.am b/libeap/Makefile.am new file mode 100644 index 0000000..a87ee2e --- /dev/null +++ b/libeap/Makefile.am @@ -0,0 +1,124 @@ +AUTOMAKE_OPTIONS = foreign + +AM_CPPFLAGS = -I$(srcdir)/src -I$(srcdir)/eap_example -I$(srcdir)/src/utils + +SOURCES_BOTH = src/eap_common/eap_peap_common.c +SOURCES_BOTH += src/eap_common/eap_psk_common.c +SOURCES_BOTH += src/eap_common/eap_pax_common.c +SOURCES_BOTH += src/eap_common/eap_sake_common.c +SOURCES_BOTH += src/eap_common/eap_gpsk_common.c +SOURCES_BOTH += src/eap_common/chap.c + +SOURCES_peer = src/eap_peer/eap_tls.c +SOURCES_peer += src/eap_peer/eap_peap.c +SOURCES_peer += src/eap_peer/eap_ttls.c +SOURCES_peer += src/eap_peer/eap_md5.c +SOURCES_peer += src/eap_peer/eap_mschapv2.c +SOURCES_peer += src/eap_peer/mschapv2.c +SOURCES_peer += src/eap_peer/eap_otp.c +SOURCES_peer += src/eap_peer/eap_gtc.c +SOURCES_peer += src/eap_peer/eap_leap.c +SOURCES_peer += src/eap_peer/eap_psk.c +SOURCES_peer += src/eap_peer/eap_pax.c +SOURCES_peer += src/eap_peer/eap_sake.c +SOURCES_peer += src/eap_peer/eap_gpsk.c +SOURCES_peer += src/eap_peer/eap.c +SOURCES_peer += src/eap_common/eap_common.c +SOURCES_peer += src/eap_peer/eap_methods.c +SOURCES_peer += src/eap_peer/eap_tls_common.c +CFLAGS += -DEAP_TLS +CFLAGS += -DEAP_PEAP +CFLAGS += -DEAP_TTLS +CFLAGS += -DEAP_MD5 +CFLAGS += -DEAP_MSCHAPv2 +CFLAGS += -DEAP_GTC +CFLAGS += -DEAP_OTP +CFLAGS += -DEAP_LEAP +CFLAGS += -DEAP_PSK +CFLAGS += -DEAP_PAX +CFLAGS += -DEAP_SAKE +CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 + +CFLAGS += -DEAP_SERVER_IDENTITY +CFLAGS += -DEAP_SERVER_TLS +CFLAGS += -DEAP_SERVER_PEAP +CFLAGS += -DEAP_SERVER_TTLS +CFLAGS += -DEAP_SERVER_MD5 +CFLAGS += -DEAP_SERVER_MSCHAPV2 +CFLAGS += -DEAP_SERVER_GTC +CFLAGS += -DEAP_SERVER_PSK +CFLAGS += -DEAP_SERVER_PAX +CFLAGS += -DEAP_SERVER_SAKE +CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 + +CFLAGS += -DIEEE8021X_EAPOL +CFLAGS += -DCONFIG_IPV6 + +CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH +CFLAGS += -DCONFIG_CRYPTO_INTERNAL + + +UTILS_SRCS = src/utils/base64.c \ + src/utils/common.c \ + src/utils/ip_addr.c \ + src/utils/radiotap.c \ + src/utils/trace.c \ + src/utils/uuid.c \ + src/utils/wpa_debug.c \ + src/utils/wpabuf.c +CRYPTO_SRCS = \ + src/crypto/aes-cbc.c \ + src/crypto/aes-ctr.c \ + src/crypto/aes-eax.c \ + src/crypto/aes-encblock.c \ + src/crypto/aes-internal.c \ + src/crypto/aes-internal-dec.c \ + src/crypto/aes-internal-enc.c \ + src/crypto/aes-omac1.c \ + src/crypto/aes-unwrap.c \ + src/crypto/aes-wrap.c \ + src/crypto/des-internal.c \ + src/crypto/dh_group5.c \ + src/crypto/dh_groups.c \ + src/crypto/md4-internal.c \ + src/crypto/md5.c \ + src/crypto/md5-internal.c \ + src/crypto/md5-non-fips.c \ + src/crypto/milenage.c \ + src/crypto/ms_funcs.c \ + src/crypto/rc4.c \ + src/crypto/sha1.c \ + src/crypto/sha1-internal.c \ + src/crypto/sha1-pbkdf2.c \ + src/crypto/sha1-tlsprf.c \ + src/crypto/sha1-tprf.c \ + src/crypto/sha256.c \ + src/crypto/sha256-internal.c \ + src/crypto/crypto_internal.c \ + src/crypto/crypto_internal-cipher.c \ + src/crypto/crypto_internal-modexp.c \ + src/crypto/crypto_internal-rsa.c \ + src/crypto/tls_internal.c \ + src/crypto/fips_prf_internal.c + +TLS_SRCS = \ + src/tls/asn1.c \ + src/tls/bignum.c \ + src/tls/pkcs1.c \ + src/tls/pkcs5.c \ + src/tls/pkcs8.c \ + src/tls/rsa.c \ + src/tls/tlsv1_client.c \ + src/tls/tlsv1_client_read.c \ + src/tls/tlsv1_client_write.c \ + src/tls/tlsv1_common.c \ + src/tls/tlsv1_cred.c \ + src/tls/tlsv1_record.c \ + src/tls/tlsv1_server.c \ + src/tls/tlsv1_server_read.c \ + src/tls/tlsv1_server_write.c \ + src/tls/x509v3.c + +libeap_la_SOURCES = $(SOURCES_BOTH) $(UTILS_SRCS) $(CRYPTO_SRCS) $(TLS_SRCS) + +noinst_LTLIBRARIES = libeap.la diff --git a/libeap/README b/libeap/README new file mode 100644 index 0000000..9c6be85 --- /dev/null +++ b/libeap/README @@ -0,0 +1,19 @@ +wpa_supplicant and hostapd v0.6.x +--------------------------------- + +Copyright (c) 2002-2007, Jouni Malinen and contributors +All Rights Reserved. + +These program is dual-licensed under both the GPL version 2 and BSD +license. Either license may be used at your option. + + +This package may include either wpa_supplicant, hostapd, or both. See +README file respective subdirectories (wpa_supplicant/README or +hostapd/README) for more details. + +Source code files have been moved around in v0.6.x releases and +compared to earlier releases, the programs are now build by first +going to a subdirectory (wpa_supplicant or hostapd) and creating +build configuration (.config) and running 'make' there (for +Linux/BSD/cygwin builds). diff --git a/libeap/build_nsis.sh b/libeap/build_nsis.sh new file mode 100755 index 0000000..e41bc36 --- /dev/null +++ b/libeap/build_nsis.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +if [ -d nsis.in ]; then + /bin/rm -r nsis.in +fi + +unzip -j -d nsis.in $1 +VER=`echo $1 | sed "s/.*wpa_supplicant-windows-bin-\(.*\).zip/\1/"` + +cat wpa_supplicant/wpa_supplicant.nsi | + sed "s/@WPAVER@/$VER/g" \ + > nsis.in/wpa_supplicant.nsi + +makensis nsis.in/wpa_supplicant.nsi + +/bin/rm -r nsis.in diff --git a/libeap/build_release b/libeap/build_release new file mode 100755 index 0000000..22dcd42 --- /dev/null +++ b/libeap/build_release @@ -0,0 +1,148 @@ +#!/bin/sh + +WINLOCAL=/home/jm/H-win/local + +set -e + +if [ -z "$1" ]; then + echo "build_release [nobin]" + exit 1 +fi + +TMP=tmp.build_release +RELDIR=`pwd`/Release +VER=$1 +NOW=`date +%Y-%m-%d` + +echo "Version: $VER - $NOW" + +DATEw=`head -n 3 wpa_supplicant/ChangeLog | tail -n 1 | sed "s/ .*//"` +DATEh=`head -n 3 hostapd/ChangeLog | tail -n 1 | sed "s/ .*//"` + +if [ "$DATEw" != "$NOW" -o "$DATEh" != "$NOW" ]; then + echo "NOTE! Date mismatch in ChangeLog: wpa_supplicant $DATEw hostapd $DATEh != $NOW" +fi + +if [ -r $TMP ]; then + echo "Temporary directory '$TMP' exists. Remove it before running this." + exit 1 +fi + +mkdir $TMP +mkdir -p $RELDIR + +git archive --format=tar --prefix=wpa-$VER/ HEAD \ + README COPYING patches src wpa_supplicant hostapd | + gzip > $RELDIR/wpa-$VER.tar.gz +git archive --format=tar --prefix=hostapd-$VER/ HEAD \ + README COPYING patches src hostapd | + gzip > $RELDIR/hostapd-$VER.tar.gz +git archive --format=tar --prefix=wpa_supplicant-$VER/ HEAD \ + README COPYING patches src wpa_supplicant | + tar --directory=$TMP -xf - + +cd $TMP +make -C wpa_supplicant-$VER/wpa_supplicant/doc/docbook man +rm -f wpa_supplicant-$VER/wpa_supplicant/doc/docbook/manpage.{links,refs} +tar czf $RELDIR/wpa_supplicant-$VER.tar.gz wpa_supplicant-$VER +cd .. +rm -r $TMP + +if [ "$2" = "nobin" ]; then + exit 0 +fi + + +cd $RELDIR + + PDIR=wpa_supplicant-$VER + WDIR=wpa_supplicant-windows-bin-$VER + tar xzf $PDIR.tar.gz + mkdir "$WDIR" + cd "$PDIR/wpa_supplicant" + cat > .config <> .config < ../../"$WDIR"/$i + done + for i in README README-Windows.txt wpa_supplicant.conf; do + unix2dos < $i > ../../"$WDIR"/$i + done + mv *.exe ../../"$WDIR" + cp win_example.reg ../../"$WDIR" + + cd wpa_gui-qt4 + make -C icons + qmake -spec win32-x-g++ + make -j2 + cp release/wpa_gui.exe ../../../"$WDIR" + lrelease wpa_gui.pro + cp lang/wpa_gui_de.qm ../../../"$WDIR" + cd ../../.. + rm -rf "$PDIR" + zip "$WDIR.zip" "$WDIR"/* + rm -rf "$WDIR" + +cd $RELDIR/.. + +./build_nsis.sh "$RELDIR/$WDIR.zip" +mv wpa_supplicant-$VER.exe $RELDIR + +ls -l $RELDIR/*$VER* + +exit 0 diff --git a/libeap/doc/.gitignore b/libeap/doc/.gitignore new file mode 100644 index 0000000..4ea164e --- /dev/null +++ b/libeap/doc/.gitignore @@ -0,0 +1,8 @@ +doxygen.warnings +hostapd.eps +hostapd.png +html +latex +wpa_supplicant.eps +wpa_supplicant.png +wpa_supplicant-devel.pdf diff --git a/libeap/doc/Makefile b/libeap/doc/Makefile new file mode 100644 index 0000000..5c1b386 --- /dev/null +++ b/libeap/doc/Makefile @@ -0,0 +1,26 @@ +all: docs + +%.eps: %.fig + fig2dev -L eps $*.fig $*.eps + +%.png: %.fig + fig2dev -L png -m 3 $*.fig | pngtopnm | pnmscale 0.4 | pnmtopng \ + > $*.png + +docs-pics: wpa_supplicant.png wpa_supplicant.eps hostapd.png hostapd.eps + +docs: docs-pics + (cd ..; doxygen doc/doxygen.conf; cd doc) + $(MAKE) -C latex + cp latex/refman.pdf wpa_supplicant-devel.pdf + +html: docs-pics + (cd ..; doxygen doc/doxygen.conf; cd doc) + +clean: + rm -f *~ + rm -f wpa_supplicant.eps wpa_supplicant.png + rm -f hostapd.eps hostapd.png + rm -f doxygen.warnings + rm -rf html latex + rm -f wpa_supplicant-devel.pdf diff --git a/libeap/doc/code_structure.doxygen b/libeap/doc/code_structure.doxygen new file mode 100644 index 0000000..96f6160 --- /dev/null +++ b/libeap/doc/code_structure.doxygen @@ -0,0 +1,322 @@ +/** +\page code_structure Structure of the source code + +[ \ref wpa_supplicant_core "wpa_supplicant core functionality" | +\ref generic_helper_func "Generic helper functions" | +\ref crypto_func "Cryptographic functions" | +\ref tls_func "TLS library" | +\ref configuration "Configuration" | +\ref ctrl_iface "Control interface" | +\ref wpa_code "WPA supplicant" | +\ref eap_peer "EAP peer" | +\ref eapol_supp "EAPOL supplicant" | +\ref win_port "Windows port" | +\ref test_programs "Test programs" ] + +%wpa_supplicant implementation is divided into number of independent +modules. Core code includes functionality for controlling the network +selection, association, and configuration. Independent modules include +WPA code (key handshake, PMKSA caching, pre-authentication), EAPOL +state machine, and EAP state machine and methods. In addition, there +are number of separate files for generic helper functions. + +Both WPA and EAPOL/EAP state machines can be used separately in other +programs than %wpa_supplicant. As an example, the included test +programs eapol_test and preauth_test are using these modules. + +\ref driver_wrapper "Driver interface API" is defined in driver.h and +all hardware/driver dependent functionality is implemented in +driver_*.c. + + +\section wpa_supplicant_core wpa_supplicant core functionality + +wpa_supplicant.c + Program initialization, main control loop + +main.c + main() for UNIX-like operating systems and MinGW (Windows); this + uses command line arguments to configure wpa_supplicant + +events.c + Driver event processing; wpa_supplicant_event() and related functions + +wpa_supplicant_i.h + Internal definitions for %wpa_supplicant core; should not be + included into independent modules + + +\section generic_helper_func Generic helper functions + +%wpa_supplicant uses generic helper functions some of which are shared +with with hostapd. The following C files are currently used: + +eloop.c and eloop.h + Event loop (select() loop with registerable timeouts, socket read + callbacks, and signal callbacks) + +common.c and common.h + Common helper functions + +defs.h + Definitions shared by multiple files + +l2_packet.h, l2_packet_linux.c, and l2_packet_pcap.c + Layer 2 (link) access wrapper (includes native Linux implementation + and wrappers for libdnet/libpcap). A new l2_packet implementation + may need to be added when porting to new operating systems that are + not supported by libdnet/libpcap. Makefile can be used to select which + l2_packet implementation is included. l2_packet_linux.c uses Linux + packet sockets and l2_packet_pcap.c has a more portable version using + libpcap and libdnet. + +pcsc_funcs.c and pcsc_funcs.h + Wrapper for PC/SC lite SIM and smart card readers + +priv_netlink.h + Private version of netlink definitions from Linux kernel header files; + this could be replaced with C library header file once suitable + version becomes commonly available + +version.h + Version number definitions + +wireless_copy.h + Private version of Linux wireless extensions definitions from kernel + header files; this could be replaced with C library header file once + suitable version becomes commonly available + + +\section crypto_func Cryptographic functions + +md5.c and md5.h + MD5 (replaced with a crypto library if TLS support is included) + HMAC-MD5 (keyed checksum for message authenticity validation) + +rc4.c and rc4.h + RC4 (broadcast/default key encryption) + +sha1.c and sha1.h + SHA-1 (replaced with a crypto library if TLS support is included) + HMAC-SHA-1 (keyed checksum for message authenticity validation) + PRF-SHA-1 (pseudorandom (key/nonce generation) function) + PBKDF2-SHA-1 (ASCII passphrase to shared secret) + T-PRF (for EAP-FAST) + TLS-PRF (RFC 2246) + +sha256.c and sha256.h + SHA-256 (replaced with a crypto library if TLS support is included) + +aes_wrap.c, aes_wrap.h, aes.c + AES (replaced with a crypto library if TLS support is included), + AES Key Wrap Algorithm with 128-bit KEK, RFC3394 (broadcast/default + key encryption), + One-Key CBC MAC (OMAC1) hash with AES-128, + AES-128 CTR mode encryption, + AES-128 EAX mode encryption/decryption, + AES-128 CBC + +crypto.h + Definition of crypto library wrapper + +crypto_openssl.c + Wrapper functions for libcrypto (OpenSSL) + +crypto_internal.c + Wrapper functions for internal crypto implementation + +crypto_gnutls.c + Wrapper functions for libgcrypt (used by GnuTLS) + +ms_funcs.c and ms_funcs.h + Helper functions for MSCHAPV2 and LEAP + +tls.h + Definition of TLS library wrapper + +tls_none.c + Dummy implementation of TLS library wrapper for cases where TLS + functionality is not included. + +tls_openssl.c + TLS library wrapper for openssl + +tls_internal.c + TLS library for internal TLS implementation + +tls_gnutls.c + TLS library wrapper for GnuTLS + + +\section tls_func TLS library + +asn1.c and asn1.h + ASN.1 DER parsing + +bignum.c and bignum.h + Big number math + +rsa.c and rsa.h + RSA + +x509v3.c and x509v3.h + X.509v3 certificate parsing and processing + +tlsv1_client.c, tlsv1_client.h + TLSv1 client (RFC 2246) + +tlsv1_client_i.h + Internal structures for TLSv1 client + +tlsv1_client_read.c + TLSv1 client: read handshake messages + +tlsv1_client_write.c + TLSv1 client: write handshake messages + +tlsv1_common.c and tlsv1_common.h + Common TLSv1 routines and definitions + +tlsv1_cred.c and tlsv1_cred.h + TLSv1 credentials + +tlsv1_record.c and tlsv1_record.h + TLSv1 record protocol + + +\section configuration Configuration + +config_ssid.h + Definition of per network configuration items + +config.h + Definition of the %wpa_supplicant configuration + +config.c + Configuration parser and common functions + +config_file.c + Configuration backend for text files (e.g., wpa_supplicant.conf) + +config_winreg.c + Configuration backend for Windows registry + + +\section ctrl_iface Control interface + +%wpa_supplicant has a \ref ctrl_iface_page "control interface" +that can be used to get status +information and manage operations from external programs. An example +command line interface (wpa_cli) and GUI (wpa_gui) for this interface +are included in the %wpa_supplicant distribution. + +ctrl_iface.c and ctrl_iface.h + %wpa_supplicant-side of the control interface + +ctrl_iface_unix.c + UNIX domain sockets -based control interface backend + +ctrl_iface_udp.c + UDP sockets -based control interface backend + +ctrl_iface_named_pipe.c + Windows named pipes -based control interface backend + +wpa_ctrl.c and wpa_ctrl.h + Library functions for external programs to provide access to the + %wpa_supplicant control interface + +wpa_cli.c + Example program for using %wpa_supplicant control interface + + +\section wpa_code WPA supplicant + +wpa.c and wpa.h + WPA state machine and 4-Way/Group Key Handshake processing + +preauth.c and preauth.h + PMKSA caching and pre-authentication (RSN/WPA2) + +wpa_i.h + Internal definitions for WPA code; not to be included to other modules. + +\section eap_peer EAP peer + +\ref eap_peer_module "EAP peer implementation" is a separate module that +can be used by other programs than just %wpa_supplicant. + +eap.c and eap.h + EAP state machine and method interface + +eap_defs.h + Common EAP definitions + +eap_i.h + Internal definitions for EAP state machine and EAP methods; not to be + included in other modules + +eap_sim_common.c and eap_sim_common.h + Common code for EAP-SIM and EAP-AKA + +eap_tls_common.c and eap_tls_common.h + Common code for EAP-PEAP, EAP-TTLS, and EAP-FAST + +eap_tlv.c and eap_tlv.h + EAP-TLV code for EAP-PEAP and EAP-FAST + +eap_ttls.c and eap_ttls.h + EAP-TTLS + +eap_pax.c, eap_pax_common.h, eap_pax_common.c + EAP-PAX + +eap_psk.c, eap_psk_common.h, eap_psk_common.c + EAP-PSK (note: this is not needed for WPA-PSK) + +eap_sake.c, eap_sake_common.h, eap_sake_common.c + EAP-SAKE + +eap_gpsk.c, eap_gpsk_common.h, eap_gpsk_common.c + EAP-GPSK + +eap_aka.c, eap_fast.c, eap_gtc.c, eap_leap.c, eap_md5.c, eap_mschapv2.c, +eap_otp.c, eap_peap.c, eap_sim.c, eap_tls.c + Other EAP method implementations + + +\section eapol_supp EAPOL supplicant + +eapol_supp_sm.c and eapol_supp_sm.h + EAPOL supplicant state machine and IEEE 802.1X processing + + +\section win_port Windows port + +ndis_events.c + Code for receiving NdisMIndicateStatus() events and delivering them to + %wpa_supplicant driver_ndis.c in more easier to use form + +win_if_list.c + External program for listing current network interface + + +\section test_programs Test programs + +radius_client.c and radius_client.h + RADIUS authentication client implementation for eapol_test + +radius.c and radius.h + RADIUS message processing for eapol_test + +eapol_test.c + Standalone EAP testing tool with integrated RADIUS authentication + client + +preauth_test.c + Standalone RSN pre-authentication tool + +wpa_passphrase.c + WPA ASCII passphrase to PSK conversion + +*/ diff --git a/libeap/doc/ctrl_iface.doxygen b/libeap/doc/ctrl_iface.doxygen new file mode 100644 index 0000000..85847f6 --- /dev/null +++ b/libeap/doc/ctrl_iface.doxygen @@ -0,0 +1,1053 @@ +/** +\page ctrl_iface_page %wpa_supplicant control interface + +%wpa_supplicant implements a control interface that can be used by +external programs to control the operations of the %wpa_supplicant +daemon and to get status information and event notifications. There is +a small C library, in a form of a single C file, wpa_ctrl.c, that +provides helper functions to facilitate the use of the control +interface. External programs can link this file into them and then use +the library functions documented in wpa_ctrl.h to interact with +%wpa_supplicant. This library can also be used with C++. wpa_cli.c and +wpa_gui are example programs using this library. + +There are multiple mechanisms for inter-process communication. For +example, Linux version of %wpa_supplicant is using UNIX domain sockets +for the control interface and Windows version UDP sockets. The use of +the functions defined in wpa_ctrl.h can be used to hide the details of +the used IPC from external programs. + + +\section using_ctrl_iface Using the control interface + +External programs, e.g., a GUI or a configuration utility, that need to +communicate with %wpa_supplicant should link in wpa_ctrl.c. This +allows them to use helper functions to open connection to the control +interface with wpa_ctrl_open() and to send commands with +wpa_ctrl_request(). + +%wpa_supplicant uses the control interface for two types of communication: +commands and unsolicited event messages. Commands are a pair of +messages, a request from the external program and a response from +%wpa_supplicant. These can be executed using wpa_ctrl_request(). +Unsolicited event messages are sent by %wpa_supplicant to the control +interface connection without specific request from the external program +for receiving each message. However, the external program needs to +attach to the control interface with wpa_ctrl_attach() to receive these +unsolicited messages. + +If the control interface connection is used both for commands and +unsolicited event messages, there is potential for receiving an +unsolicited message between the command request and response. +wpa_ctrl_request() caller will need to supply a callback, msg_cb, +for processing these messages. Often it is easier to open two +control interface connections by calling wpa_ctrl_open() twice and +then use one of the connections for commands and the other one for +unsolicited messages. This way command request/response pairs will +not be broken by unsolicited messages. wpa_cli is an example of how +to use only one connection for both purposes and wpa_gui demonstrates +how to use two separate connections. + +Once the control interface connection is not needed anymore, it should +be closed by calling wpa_ctrl_close(). If the connection was used for +unsolicited event messages, it should be first detached by calling +wpa_ctrl_detach(). + + +\section ctrl_iface_cmds Control interface commands + +Following commands can be used with wpa_ctrl_request(): + +\subsection ctrl_iface_PING PING + +This command can be used to test whether %wpa_supplicant is replying +to the control interface commands. The expected reply is \c PONG if the +connection is open and %wpa_supplicant is processing commands. + + +\subsection ctrl_iface_MIB MIB + +Request a list of MIB variables (dot1x, dot11). The output is a text +block with each line in \c variable=value format. For example: + +\verbatim +dot11RSNAOptionImplemented=TRUE +dot11RSNAPreauthenticationImplemented=TRUE +dot11RSNAEnabled=FALSE +dot11RSNAPreauthenticationEnabled=FALSE +dot11RSNAConfigVersion=1 +dot11RSNAConfigPairwiseKeysSupported=5 +dot11RSNAConfigGroupCipherSize=128 +dot11RSNAConfigPMKLifetime=43200 +dot11RSNAConfigPMKReauthThreshold=70 +dot11RSNAConfigNumberOfPTKSAReplayCounters=1 +dot11RSNAConfigSATimeout=60 +dot11RSNAAuthenticationSuiteSelected=00-50-f2-2 +dot11RSNAPairwiseCipherSelected=00-50-f2-4 +dot11RSNAGroupCipherSelected=00-50-f2-4 +dot11RSNAPMKIDUsed= +dot11RSNAAuthenticationSuiteRequested=00-50-f2-2 +dot11RSNAPairwiseCipherRequested=00-50-f2-4 +dot11RSNAGroupCipherRequested=00-50-f2-4 +dot11RSNAConfigNumberOfGTKSAReplayCounters=0 +dot11RSNA4WayHandshakeFailures=0 +dot1xSuppPaeState=5 +dot1xSuppHeldPeriod=60 +dot1xSuppAuthPeriod=30 +dot1xSuppStartPeriod=30 +dot1xSuppMaxStart=3 +dot1xSuppSuppControlledPortStatus=Authorized +dot1xSuppBackendPaeState=2 +dot1xSuppEapolFramesRx=0 +dot1xSuppEapolFramesTx=440 +dot1xSuppEapolStartFramesTx=2 +dot1xSuppEapolLogoffFramesTx=0 +dot1xSuppEapolRespFramesTx=0 +dot1xSuppEapolReqIdFramesRx=0 +dot1xSuppEapolReqFramesRx=0 +dot1xSuppInvalidEapolFramesRx=0 +dot1xSuppEapLengthErrorFramesRx=0 +dot1xSuppLastEapolFrameVersion=0 +dot1xSuppLastEapolFrameSource=00:00:00:00:00:00 +\endverbatim + + +\subsection ctrl_iface_STATUS STATUS + +Request current WPA/EAPOL/EAP status information. The output is a text +block with each line in \c variable=value format. For example: + +\verbatim +bssid=02:00:01:02:03:04 +ssid=test network +pairwise_cipher=CCMP +group_cipher=CCMP +key_mgmt=WPA-PSK +wpa_state=COMPLETED +ip_address=192.168.1.21 +Supplicant PAE state=AUTHENTICATED +suppPortStatus=Authorized +EAP state=SUCCESS +\endverbatim + + +\subsection ctrl_iface_STATUS-VERBOSE STATUS-VERBOSE + +Same as STATUS, but with more verbosity (i.e., more \c variable=value pairs). + +\verbatim +bssid=02:00:01:02:03:04 +ssid=test network +id=0 +pairwise_cipher=CCMP +group_cipher=CCMP +key_mgmt=WPA-PSK +wpa_state=COMPLETED +ip_address=192.168.1.21 +Supplicant PAE state=AUTHENTICATED +suppPortStatus=Authorized +heldPeriod=60 +authPeriod=30 +startPeriod=30 +maxStart=3 +portControl=Auto +Supplicant Backend state=IDLE +EAP state=SUCCESS +reqMethod=0 +methodState=NONE +decision=COND_SUCC +ClientTimeout=60 +\endverbatim + + +\subsection ctrl_iface_PMKSA PMKSA + +Show PMKSA cache + +\verbatim +Index / AA / PMKID / expiration (in seconds) / opportunistic +1 / 02:00:01:02:03:04 / 000102030405060708090a0b0c0d0e0f / 41362 / 0 +2 / 02:00:01:33:55:77 / 928389281928383b34afb34ba4212345 / 362 / 1 +\endverbatim + + +\subsection ctrl_iface_SET SET + +Set variables: +- EAPOL::heldPeriod +- EAPOL::authPeriod +- EAPOL::startPeriod +- EAPOL::maxStart +- dot11RSNAConfigPMKLifetime +- dot11RSNAConfigPMKReauthThreshold +- dot11RSNAConfigSATimeout + +Example command: +\verbatim +SET EAPOL::heldPeriod 45 +\endverbatim + + +\subsection ctrl_iface_LOGON LOGON + +IEEE 802.1X EAPOL state machine logon. + + +\subsection ctrl_iface_LOGOFF LOGOFF + +IEEE 802.1X EAPOL state machine logoff. + + +\subsection ctrl_iface_REASSOCIATE REASSOCIATE + +Force reassociation. + + +\subsection ctrl_iface_RECONNECT RECONNECT + +Connect if disconnected (i.e., like \c REASSOCIATE, but only connect +if in disconnected state). + + +\subsection ctrl_iface_PREAUTH PREAUTH + +Start pre-authentication with the given BSSID. + + +\subsection ctrl_iface_ATTACH ATTACH + +Attach the connection as a monitor for unsolicited events. This can +be done with wpa_ctrl_attach(). + + +\subsection ctrl_iface_DETACH DETACH + +Detach the connection as a monitor for unsolicited events. This can +be done with wpa_ctrl_detach(). + + +\subsection ctrl_iface_LEVEL LEVEL + +Change debug level. + + +\subsection ctrl_iface_RECONFIGURE RECONFIGURE + +Force %wpa_supplicant to re-read its configuration data. + + +\subsection ctrl_iface_TERMINATE TERMINATE + +Terminate %wpa_supplicant process. + + +\subsection ctrl_iface_BSSID BSSID + +Set preferred BSSID for a network. Network id can be received from the +\c LIST_NETWORKS command output. + + +\subsection ctrl_iface_LIST_NETWORKS LIST_NETWORKS + +List configured networks. + +\verbatim +network id / ssid / bssid / flags +0 example network any [CURRENT] +\endverbatim + +(note: fields are separated with tabs) + + +\subsection ctrl_iface_DISCONNECT DISCONNECT + +Disconnect and wait for \c REASSOCIATE or \c RECONNECT command before +connecting. + + +\subsection ctrl_iface_SCAN SCAN + +Request a new BSS scan. + + +\subsection ctrl_iface_SCAN_RESULTS SCAN_RESULTS + +Get the latest scan results. + +\verbatim +bssid / frequency / signal level / flags / ssid +00:09:5b:95:e0:4e 2412 208 [WPA-PSK-CCMP] jkm private +02:55:24:33:77:a3 2462 187 [WPA-PSK-TKIP] testing +00:09:5b:95:e0:4f 2412 209 jkm guest +\endverbatim + +(note: fields are separated with tabs) + + +\subsection ctrl_iface_BSS BSS + +Get detailed per-BSS scan results. \c BSS command can be used to +iterate through scan results one BSS at a time and to fetch all +information from the found BSSes. This provides access to the same +data that is available through \c SCAN_RESULTS but in a way that +avoids problems with large number of scan results not fitting in the +ctrl_iface messages. + +There are two options for selecting the BSS with the \c BSS command: +"BSS " requests information for the BSS identified by the index +(0 .. size-1) in the scan results table and "BSS " requests +information for the given BSS (based on BSSID in 00:01:02:03:04:05 +format). + +BSS information is presented in following format. Please note that new +fields may be added to this field=value data, so the ctrl_iface user +should be prepared to ignore values it does not understand. + +\verbatim +bssid=00:09:5b:95:e0:4e +freq=2412 +beacon_int=0 +capabilities=0x0011 +qual=51 +noise=161 +level=212 +tsf=0000000000000000 +ie=000b6a6b6d2070726976617465010180dd180050f20101000050f20401000050f20401000050f2020000 +ssid=jkm private +\endverbatim + + + +\subsection ctrl_iface_SELECT_NETWORK SELECT_NETWORK + +Select a network (disable others). Network id can be received from the +\c LIST_NETWORKS command output. + + +\subsection ctrl_iface_ENABLE_NETWORK ENABLE_NETWORK + +Enable a network. Network id can be received from the +\c LIST_NETWORKS command output. Special network id \c all can be +used to enable all network. + + +\subsection ctrl_iface_DISABLE_NETWORK DISABLE_NETWORK + +Disable a network. Network id can be received from the +\c LIST_NETWORKS command output. Special network id \c all can be +used to disable all network. + + +\subsection ctrl_iface_ADD_NETWORK ADD_NETWORK + +Add a new network. This command creates a new network with empty +configuration. The new network is disabled and once it has been +configured it can be enabled with \c ENABLE_NETWORK command. \c ADD_NETWORK +returns the network id of the new network or FAIL on failure. + + +\subsection ctrl_iface_REMOVE_NETWORK REMOVE_NETWORK + +Remove a network. Network id can be received from the +\c LIST_NETWORKS command output. Special network id \c all can be +used to remove all network. + + +\subsection ctrl_iface_SET_NETWORK SET_NETWORK + +Set network variables. Network id can be received from the +\c LIST_NETWORKS command output. + +This command uses the same variables and data formats as the +configuration file. See example wpa_supplicant.conf for more details. + +- ssid (network name, SSID) +- psk (WPA passphrase or pre-shared key) +- key_mgmt (key management protocol) +- identity (EAP identity) +- password (EAP password) +- ... + + +\subsection ctrl_iface_GET_NETWORK GET_NETWORK + +Get network variables. Network id can be received from the +\c LIST_NETWORKS command output. + + +\subsection ctrl_iface_SAVE_CONFIG SAVE_CONFIG + +Save the current configuration. + + +\subsection ctrl_iface_P2P_FIND P2P_FIND + +Start P2P device discovery. Optional parameter can be used to specify +the duration for the discovery in seconds (e.g., "P2P_FIND 5"). If the +duration is not specified, discovery will be started for indefinite +time, i.e., until it is terminated by P2P_STOP_FIND or P2P_CONNECT (to +start group formation with a discovered peer). + +The default search type is to first run a full scan of all channels +and then continue scanning only social channels (1, 6, 11). This +behavior can be changed by specifying a different search type: social +(e.g., "P2P_FIND 5 type=social") will skip the initial full scan and +only search social channels; progressive (e.g., "P2P_FIND +type=progressive") starts with a full scan and then searches +progressively through all channels one channel at the time with the +social channel scans. Progressive device discovery can be used to find +new groups (and groups that were not found during the initial scan, +e.g., due to the GO being asleep) over time without adding +considerable extra delay for every Search state round. + + +\subsection ctrl_iface_P2P_STOP_FIND P2P_STOP_FIND + +Stop ongoing P2P device discovery or other operation (connect, listen +mode). + + +\subsection ctrl_iface_P2P_CONNECT P2P_CONNECT + +Start P2P group formation with a discovered P2P peer. This includes +group owner negotiation, group interface setup, provisioning, and +establishing data connection. + +P2P_CONNECT +[label|display|keypad] [persistent] [join|auth] [go_intent=<0..15>] + +Start P2P group formation with a discovered P2P peer. This includes +optional group owner negotiation, group interface setup, provisioning, +and establishing data connection. + +The parameter specifies the WPS provisioning +method. "pbc" string starts pushbutton method, "pin" string start PIN +method using an automatically generated PIN (which will be returned as +the command return code), PIN# means that a pre-selected PIN can be +used (e.g., 12345670). [label|display|keypad] is used with PIN method +to specify which PIN is used (label=PIN from local label, +display=dynamically generated random PIN from local display, +keypad=PIN entered from peer device label or display). "persistent" +parameter can be used to request a persistent group to be formed. + +"join" indicates that this is a command to join an existing group as a +client. It skips the GO Negotiation part. + +"auth" indicates that the WPS parameters are authorized for the peer +device without actually starting GO Negotiation (i.e., the peer is +expected to initiate GO Negotiation). This is mainly for testing +purposes. + +The optional "go_intent" parameter can be used to override the default +GO Intent value. + + +\subsection ctrl_iface_P2P_LISTEN P2P_LISTEN + +Start Listen-only state. Optional parameter can be used to specify the +duration for the Listen operation in seconds. This command may not +be of that much use during normal operations and is mainly designed +for testing. It can also be used to keep the device discoverable +without having to maintain a group. + + +\subsection ctrl_iface_P2P_GROUP_REMOVE P2P_GROUP_REMOVE + +Terminate a P2P group. If a new virtual network interface was used for +the group, it will also be removed. The network interface name of the +group interface is used as a parameter for this command. + + +\subsection ctrl_iface_P2P_GROUP_ADD P2P_GROUP_ADD + +Set up a P2P group owner manually (i.e., without group owner +negotiation with a specific peer). This is also known as autonomous +GO. Optional persistent= can be used to specify restart of +a persistent group. + + +\subsection ctrl_iface_P2P_PROV_DISC P2P_PROV_DISC + +Send P2P provision discovery request to the specified peer. The +parameters for this command are the P2P device address of the peer and +the desired configuration method. For example, "P2P_PROV_DISC +02:01:02:03:04:05 display" would request the peer to display a PIN for +us and "P2P_PROV_DISC 02:01:02:03:04:05 keypad" would request the peer +to enter a PIN that we display. + + +\subsection ctrl_iface_P2P_GET_PASSPHRASE P2P_GET_PASSPHRASE + +Get the passphrase for a group (only available when acting as a GO). + + +\subsection ctrl_iface_P2P_SERV_DISC_REQ P2P_SERV_DISC_REQ + +Schedule a P2P service discovery request. The parameters for this +command are the device address of the peer device (or 00:00:00:00:00:00 +for wildcard query that is sent to every discovered P2P peer that +supports service discovery) and P2P Service Query TLV(s) as hexdump. +For example, "P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000001" schedules +a request for listing all supported service discovery protocols and +requests this to be sent to all discovered peers. The pending requests +are sent during device discovery (see \ref ctrl_iface_P2P_FIND). + +This command returns an identifier for the pending query (e.g., +"1f77628") that can be used to cancel the request. Directed requests +will be automatically removed when the specified peer has replied to +it. + + +\subsection ctrl_iface_P2P_SERV_DISC_CANCEL_REQ P2P_SERV_DISC_CANCEL_REQ + +Cancel a pending P2P service discovery request. This command takes a +single parameter: identifier for the pending query (the value returned +by \ref ctrl_iface_P2P_SERV_DISC_REQ), e.g., +"P2P_SERV_DISC_CANCEL_REQ 1f77628". + + +\subsection ctrl_iface_P2P_SERV_DISC_RESP P2P_SERV_DISC_RESP + +Reply to a service discovery query. This command takes following +parameters: frequency in MHz, destination address, dialog token, +response TLV(s). The first three parameters are copied from the +request event. For example, +"P2P_SERV_DISC_RESP 2437 02:40:61:c2:f3:b7 1 0300000101". + + +\subsection ctrl_iface_P2P_SERVICE_UPDATE P2P_SERVICE_UPDATE + +Indicate that local services have changed. This is used to increment +the P2P service indicator value so that peers know when previously +cached information may have changed. + + +\subsection ctrl_iface_P2P_SERV_DISC_EXTERNAL P2P_SERV_DISC_EXTERNAL + +Configure external processing of P2P service requests: 0 (default) = +no external processing of requests (i.e., internal code will reject +each request), 1 = external processing of requests (external program +is responsible for replying to service discovery requests with +\ref ctrl_iface_P2P_SERV_DISC_RESP). + + +\subsection ctrl_iface_P2P_REJECT P2P_REJECT + +Reject connection attempt from a peer (specified with a device +address). This is a mechanism to reject a pending GO Negotiation with +a peer and request to automatically block any further connection or +discovery of the peer. + + +\subsection ctrl_iface_P2P_INVITE P2P_INVITE + +Invite a peer to join a group or to (re)start a persistent group. + + +\subsection ctrl_iface_P2P_PEER P2P_PEER + +Fetch information about a discovered peer. This command takes in an +argument specifying which peer to select: P2P Device Address of the +peer, "FIRST" to indicate the first peer in the list, or "NEXT-" to indicate the entry following the specified peer +(to allow for iterating through the list). + + +\subsection ctrl_iface_P2P_EXT_LISTEN P2P_EXT_LISTEN + +Enable/disable extended listen timing. Without parameters, this +command disables extended listen timing. When enabling the feature, +two parameters are used: availibility period and availability interval +(both in milliseconds and with range of 1-65535). + + +\section ctrl_iface_interactive Interactive requests + +If %wpa_supplicant needs additional information during authentication +(e.g., password), it will use a specific prefix, \c CTRL-REQ- +(\a WPA_CTRL_REQ macro) in an unsolicited event message. An external +program, e.g., a GUI, can provide such information by using +\c CTRL-RSP- (\a WPA_CTRL_RSP macro) prefix in a command with matching +field name. + +The following fields can be requested in this way from the user: +- IDENTITY (EAP identity/user name) +- PASSWORD (EAP password) +- NEW_PASSWORD (New password if the server is requesting password change) +- PIN (PIN code for accessing a SIM or smartcard) +- OTP (one-time password; like password, but the value is used only once) +- PASSPHRASE (passphrase for a private key file) + +\verbatim +CTRL-REQ--- +CTRL-RSP--- +\endverbatim + +For example, request from %wpa_supplicant: +\verbatim +CTRL-REQ-PASSWORD-1-Password needed for SSID test-network +\endverbatim + +And a matching reply from the GUI: +\verbatim +CTRL-RSP-PASSWORD-1-secret +\endverbatim + + +\subsection ctrl_iface_GET_CAPABILITY GET_CAPABILITY