endif
endif
+ifdef CONFIG_WEP
+L_CFLAGS += -DCONFIG_WEP
+endif
+
include $(LOCAL_PATH)/src/drivers/drivers.mk
endif
endif
+ifdef CONFIG_WEP
+CFLAGS += -DCONFIG_WEP
+endif
+
ALL=hostapd hostapd_cli
all: verify_config $(ALL)
# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before
# either wpa_supplicant or hostapd are run.
CONFIG_NO_RANDOM_POOL=y
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current hostapd
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+CONFIG_WEP=y
}
+#ifdef CONFIG_WEP
static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
char *val)
{
return 0;
}
+#endif /* CONFIG_WEP */
static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val)
} else if (os_strcmp(buf, "erp_domain") == 0) {
os_free(bss->erp_domain);
bss->erp_domain = os_strdup(pos);
+#ifdef CONFIG_WEP
} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
int val = atoi(pos);
line, bss->wep_rekeying_period);
return 1;
}
+#endif /* CONFIG_WEP */
} else if (os_strcmp(buf, "eap_reauth_period") == 0) {
bss->eap_reauth_period = atoi(pos);
if (bss->eap_reauth_period < 0) {
bss->ignore_broadcast_ssid = atoi(pos);
} else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) {
bss->no_probe_resp_if_max_sta = atoi(pos);
+#ifdef CONFIG_WEP
} else if (os_strcmp(buf, "wep_default_key") == 0) {
bss->ssid.wep.idx = atoi(pos);
if (bss->ssid.wep.idx > 3) {
line, buf);
return 1;
}
+#endif /* CONFIG_WEP */
#ifndef CONFIG_NO_VLAN
} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
bss->ssid.dynamic_vlan = atoi(pos);
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current hostapd
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
bss->logger_syslog = (unsigned int) -1;
bss->logger_stdout = (unsigned int) -1;
+#ifdef CONFIG_WEP
bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
bss->wep_rekeying_period = 300;
/* use key0 in individual key and key1 in broadcast key */
bss->broadcast_key_idx_min = 1;
bss->broadcast_key_idx_max = 2;
+#else /* CONFIG_WEP */
+ bss->auth_algs = WPA_AUTH_ALG_OPEN;
+#endif /* CONFIG_WEP */
bss->eap_reauth_period = 3600;
bss->wpa_group_rekey = 600;
}
+#ifdef CONFIG_WEP
static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
{
int i;
keys->key[i] = NULL;
}
}
+#endif /* CONFIG_WEP */
void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
str_clear_free(conf->ssid.wpa_passphrase);
os_free(conf->ssid.wpa_psk_file);
+#ifdef CONFIG_WEP
hostapd_config_free_wep(&conf->ssid.wep);
+#endif /* CONFIG_WEP */
#ifdef CONFIG_FULL_DYNAMIC_VLAN
os_free(conf->ssid.vlan_tagged_interface);
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
return -1;
}
+#ifdef CONFIG_WEP
if (bss->wpa) {
int wep, i;
return -1;
}
}
+#endif /* CONFIG_WEP */
if (full_config && bss->wpa &&
bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
"allowed, disabling HT capabilities");
}
+#ifdef CONFIG_WEP
if (full_config && conf->ieee80211n &&
bss->ssid.security_policy == SECURITY_STATIC_WEP) {
bss->disable_11n = 1;
wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
"allowed, disabling HT capabilities");
}
+#endif /* CONFIG_WEP */
if (full_config && conf->ieee80211n && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
}
#ifdef CONFIG_IEEE80211AC
+#ifdef CONFIG_WEP
if (full_config && conf->ieee80211ac &&
bss->ssid.security_policy == SECURITY_STATIC_WEP) {
bss->disable_11ac = 1;
wpa_printf(MSG_ERROR,
"VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
}
+#endif /* CONFIG_WEP */
if (full_config && conf->ieee80211ac && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
bss->wps_state = 0;
}
+#ifdef CONFIG_WEP
if (full_config && bss->wps_state &&
bss->ssid.wep.keys_set && bss->wpa == 0) {
wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
"disabled");
bss->wps_state = 0;
}
+#endif /* CONFIG_WEP */
if (full_config && bss->wps_state && bss->wpa &&
(!(bss->wpa & 2) ||
void hostapd_set_security_params(struct hostapd_bss_config *bss,
int full_config)
{
+#ifdef CONFIG_WEP
if (bss->individual_wep_key_len == 0) {
/* individual keys are not use; can use key idx0 for
* broadcast keys */
bss->broadcast_key_idx_min = 0;
}
+#endif /* CONFIG_WEP */
if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
bss->rsn_pairwise = bss->wpa_pairwise;
} else if (bss->ieee802_1x) {
int cipher = WPA_CIPHER_NONE;
bss->ssid.security_policy = SECURITY_IEEE_802_1X;
+#ifdef CONFIG_WEP
bss->ssid.wep.default_len = bss->default_wep_key_len;
if (full_config && bss->default_wep_key_len) {
cipher = bss->default_wep_key_len >= 13 ?
else
cipher = WPA_CIPHER_WEP40;
}
+#endif /* CONFIG_WEP */
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
if (full_config)
bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
+#ifdef CONFIG_WEP
} else if (bss->ssid.wep.keys_set) {
int cipher = WPA_CIPHER_WEP40;
if (bss->ssid.wep.len[0] >= 13)
bss->rsn_pairwise = cipher;
if (full_config)
bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
+#endif /* CONFIG_WEP */
} else if (bss->osen) {
bss->ssid.security_policy = SECURITY_OSEN;
bss->wpa_group = WPA_CIPHER_CCMP;
struct ft_remote_r0kh;
struct ft_remote_r1kh;
+#ifdef CONFIG_WEP
#define NUM_WEP_KEYS 4
struct hostapd_wep_keys {
u8 idx;
int keys_set;
size_t default_len; /* key length used for dynamic key generation */
};
+#endif /* CONFIG_WEP */
typedef enum hostap_security_policy {
SECURITY_PLAINTEXT = 0,
+#ifdef CONFIG_WEP
SECURITY_STATIC_WEP = 1,
+#endif /* CONFIG_WEP */
SECURITY_IEEE_802_1X = 2,
SECURITY_WPA_PSK = 3,
SECURITY_WPA = 4,
char *wpa_psk_file;
struct sae_pt *pt;
+#ifdef CONFIG_WEP
struct hostapd_wep_keys wep;
+#endif /* CONFIG_WEP */
#define DYNAMIC_VLAN_DISABLED 0
#define DYNAMIC_VLAN_OPTIONAL 1
size_t eap_req_id_text_len;
int eapol_key_index_workaround;
+#ifdef CONFIG_WEP
size_t default_wep_key_len;
int individual_wep_key_len;
int wep_rekeying_period;
int broadcast_key_idx_min, broadcast_key_idx_max;
+#endif /* CONFIG_WEP */
int eap_reauth_period;
int erp_send_reauth_start;
char *erp_domain;
params->key_mgmt_suites = hapd->conf->wpa_key_mgmt;
params->auth_algs = hapd->conf->auth_algs;
params->wpa_version = hapd->conf->wpa;
- params->privacy = hapd->conf->ssid.wep.keys_set || hapd->conf->wpa ||
+ params->privacy = hapd->conf->wpa;
+#ifdef CONFIG_WEP
+ params->privacy |= hapd->conf->ssid.wep.keys_set ||
(hapd->conf->ieee802_1x &&
(hapd->conf->default_wep_key_len ||
hapd->conf->individual_wep_key_len));
+#endif /* CONFIG_WEP */
switch (hapd->conf->ignore_broadcast_ssid) {
case 0:
params->hide_ssid = NO_SSID_HIDING;
static int hostapd_flush_old_stations(struct hostapd_data *hapd, u16 reason);
+#ifdef CONFIG_WEP
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd);
+#endif /* CONFIG_WEP */
static int setup_interface2(struct hostapd_iface *iface);
static void channel_list_update_timeout(void *eloop_ctx, void *timeout_ctx);
static void hostapd_interface_setup_failure_handler(void *eloop_ctx,
return;
hostapd_set_privacy(hapd, 0);
+#ifdef CONFIG_WEP
hostapd_setup_encryption(hapd->conf->iface, hapd);
+#endif /* CONFIG_WEP */
}
wpa_deinit(hapd->wpa_auth);
hapd->wpa_auth = NULL;
hostapd_set_privacy(hapd, 0);
+#ifdef CONFIG_WEP
hostapd_setup_encryption(hapd->conf->iface, hapd);
+#endif /* CONFIG_WEP */
hostapd_set_generic_elem(hapd, (u8 *) "", 0);
}
for (j = 0; j < iface->num_bss; j++) {
hostapd_flush_old_stations(iface->bss[j],
WLAN_REASON_PREV_AUTH_NOT_VALID);
+#ifdef CONFIG_WEP
hostapd_broadcast_wep_clear(iface->bss[j]);
+#endif /* CONFIG_WEP */
#ifndef CONFIG_NO_RADIUS
/* TODO: update dynamic data based on changed configuration
}
+#ifdef CONFIG_WEP
+
static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
const char *ifname)
{
return errors;
}
+#endif /* CONFIG_WEP */
+
static void hostapd_free_hapd_data(struct hostapd_data *hapd)
{
}
+#ifdef CONFIG_WEP
+
static void hostapd_clear_wep(struct hostapd_data *hapd)
{
if (hapd->drv_priv && !hapd->iface->driver_ap_teardown && hapd->conf) {
return 0;
}
+#endif /* CONFIG_WEP */
+
static int hostapd_flush_old_stations(struct hostapd_data *hapd, u16 reason)
{
{
hostapd_free_stas(hapd);
hostapd_flush_old_stations(hapd, WLAN_REASON_DEAUTH_LEAVING);
+#ifdef CONFIG_WEP
hostapd_clear_wep(hapd);
+#endif /* CONFIG_WEP */
}
WLAN_REASON_PREV_AUTH_NOT_VALID);
hostapd_set_privacy(hapd, 0);
+#ifdef CONFIG_WEP
hostapd_broadcast_wep_clear(hapd);
if (hostapd_setup_encryption(conf->iface, hapd))
return -1;
+#endif /* CONFIG_WEP */
/*
* Fetch the SSID from the system and use it or,
u16 hostapd_own_capab_info(struct hostapd_data *hapd)
{
int capab = WLAN_CAPABILITY_ESS;
- int privacy;
+ int privacy = 0;
int dfs;
int i;
hapd->iconf->preamble == SHORT_PREAMBLE)
capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
+#ifdef CONFIG_WEP
privacy = hapd->conf->ssid.wep.keys_set;
if (hapd->conf->ieee802_1x &&
(hapd->conf->default_wep_key_len ||
hapd->conf->individual_wep_key_len))
privacy = 1;
+#endif /* CONFIG_WEP */
if (hapd->conf->wpa)
privacy = 1;
}
+#ifdef CONFIG_WEP
#ifndef CONFIG_NO_RC4
static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
u16 auth_transaction, const u8 *challenge,
return 0;
}
#endif /* CONFIG_NO_RC4 */
+#endif /* CONFIG_WEP */
static int send_auth_reply(struct hostapd_data *hapd, struct sta_info *sta,
sta->auth_alg = WLAN_AUTH_OPEN;
mlme_authenticate_indication(hapd, sta);
break;
+#ifdef CONFIG_WEP
#ifndef CONFIG_NO_RC4
case WLAN_AUTH_SHARED_KEY:
resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
}
break;
#endif /* CONFIG_NO_RC4 */
+#endif /* CONFIG_WEP */
#ifdef CONFIG_IEEE80211R_AP
case WLAN_AUTH_FT:
sta->auth_alg = WLAN_AUTH_FT;
struct sta_info *sta,
char *ifname_wds)
{
+#ifdef CONFIG_WEP
int i;
struct hostapd_ssid *ssid = &hapd->conf->ssid;
break;
}
}
+#endif /* CONFIG_WEP */
}
}
+#ifdef CONFIG_WEP
#ifndef CONFIG_FIPS
#ifndef CONFIG_NO_RC4
#endif /* CONFIG_NO_RC4 */
#endif /* CONFIG_FIPS */
+#endif /* CONFIG_WEP */
const char *radius_mode_txt(struct hostapd_data *hapd)
}
+#ifdef CONFIG_WEP
+
static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
{
struct eapol_authenticator *eapol = hapd->eapol_auth;
}
}
+#endif /* CONFIG_WEP */
+
static void ieee802_1x_eapol_send(void *ctx, void *sta_ctx, u8 type,
const u8 *data, size_t datalen)
}
+#ifdef CONFIG_WEP
static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx)
{
#ifndef CONFIG_FIPS
#endif /* CONFIG_NO_RC4 */
#endif /* CONFIG_FIPS */
}
+#endif /* CONFIG_WEP */
static void ieee802_1x_eapol_event(void *ctx, void *sta_ctx,
int ieee802_1x_init(struct hostapd_data *hapd)
{
- int i;
struct eapol_auth_config conf;
struct eapol_auth_cb cb;
conf.ctx = hapd;
conf.eap_reauth_period = hapd->conf->eap_reauth_period;
conf.wpa = hapd->conf->wpa;
+#ifdef CONFIG_WEP
conf.individual_wep_key_len = hapd->conf->individual_wep_key_len;
+#endif /* CONFIG_WEP */
conf.eap_req_id_text = hapd->conf->eap_req_id_text;
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
cb.logger = ieee802_1x_logger;
cb.set_port_authorized = ieee802_1x_set_port_authorized;
cb.abort_auth = _ieee802_1x_abort_auth;
+#ifdef CONFIG_WEP
cb.tx_key = _ieee802_1x_tx_key;
+#endif /* CONFIG_WEP */
cb.eapol_event = ieee802_1x_eapol_event;
#ifdef CONFIG_ERP
cb.erp_get_key = ieee802_1x_erp_get_key;
return -1;
#endif /* CONFIG_NO_RADIUS */
+#ifdef CONFIG_WEP
if (hapd->conf->default_wep_key_len) {
+ int i;
+
for (i = 0; i < 4; i++)
hostapd_drv_set_key(hapd->conf->iface, hapd,
WPA_ALG_NONE, NULL, i, 0, 0, NULL,
if (!hapd->eapol_auth->default_wep_key)
return -1;
}
+#endif /* CONFIG_WEP */
return 0;
}
void ieee802_1x_deinit(struct hostapd_data *hapd)
{
+#ifdef CONFIG_WEP
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
+#endif /* CONFIG_WEP */
if (hapd->driver && hapd->drv_priv &&
(hapd->conf->ieee802_1x || hapd->conf->wpa))
static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
int existsok)
{
- int ret, i;
+ int ret;
+#ifdef CONFIG_WEP
+ int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (!hapd->conf->ssid.wep.key[i])
vlan->ifname);
return -1;
}
+#endif /* CONFIG_WEP */
if (!iface_exists(vlan->ifname))
ret = hostapd_vlan_if_add(hapd, vlan->ifname);
(str_starts(buf, "ssid=") ||
str_starts(buf, "ssid2=") ||
str_starts(buf, "auth_algs=") ||
+#ifdef CONFIG_WEP
str_starts(buf, "wep_default_key=") ||
str_starts(buf, "wep_key") ||
+#endif /* CONFIG_WEP */
str_starts(buf, "wps_state=") ||
(pmf_changed && str_starts(buf, "ieee80211w=")) ||
str_starts(buf, "wpa=") ||
wpa_snprintf_hex((char *) wps->network_key, 2 * PMK_LEN + 1,
conf->ssid.wpa_psk->psk, PMK_LEN);
wps->network_key_len = 2 * PMK_LEN;
+#ifdef CONFIG_WEP
} else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
wps->network_key = os_malloc(conf->ssid.wep.len[0]);
if (wps->network_key == NULL)
os_memcpy(wps->network_key, conf->ssid.wep.key[0],
conf->ssid.wep.len[0]);
wps->network_key_len = conf->ssid.wep.len[0];
+#endif /* CONFIG_WEP */
}
if (conf->ssid.wpa_psk) {
switch (cipher) {
case WPA_CIPHER_NONE:
return "NONE";
+#ifdef CONFIG_WEP
case WPA_CIPHER_WEP40:
return "WEP-40";
case WPA_CIPHER_WEP104:
return "WEP-104";
+#endif /* CONFIG_WEP */
case WPA_CIPHER_TKIP:
return "TKIP";
case WPA_CIPHER_CCMP:
val |= WPA_CIPHER_GCMP;
else if (os_strcmp(start, "TKIP") == 0)
val |= WPA_CIPHER_TKIP;
+#ifdef CONFIG_WEP
else if (os_strcmp(start, "WEP104") == 0)
val |= WPA_CIPHER_WEP104;
else if (os_strcmp(start, "WEP40") == 0)
val |= WPA_CIPHER_WEP40;
+#endif /* CONFIG_WEP */
else if (os_strcmp(start, "NONE") == 0)
val |= WPA_CIPHER_NONE;
else if (os_strcmp(start, "GTK_NOT_USED") == 0)
+#ifdef CONFIG_WEP
+
/* Authenticator Key Transmit state machine */
SM_STATE(AUTH_KEY_TX, NO_KEY_TRANSMIT)
}
}
+#endif /* CONFIG_WEP */
+
/* Controlled Directions state machine */
sm->portControl = Auto;
+#ifdef CONFIG_WEP
if (!eapol->conf.wpa &&
(eapol->default_wep_key || eapol->conf.individual_wep_key_len > 0))
sm->keyTxEnabled = TRUE;
else
+#endif /* CONFIG_WEP */
sm->keyTxEnabled = FALSE;
if (eapol->conf.wpa)
sm->portValid = FALSE;
SM_STEP_RUN(BE_AUTH);
if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
SM_STEP_RUN(REAUTH_TIMER);
+#ifdef CONFIG_WEP
if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
SM_STEP_RUN(AUTH_KEY_TX);
if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
SM_STEP_RUN(KEY_RX);
+#endif /* CONFIG_WEP */
if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
SM_STEP_RUN(CTRL_DIR);
dst->ctx = src->ctx;
dst->eap_reauth_period = src->eap_reauth_period;
dst->wpa = src->wpa;
+#ifdef CONFIG_WEP
dst->individual_wep_key_len = src->individual_wep_key_len;
+#endif /* CONFIG_WEP */
os_free(dst->eap_req_id_text);
if (src->eap_req_id_text) {
dst->eap_req_id_text = os_memdup(src->eap_req_id_text,
return NULL;
}
+#ifdef CONFIG_WEP
if (conf->individual_wep_key_len > 0) {
/* use key0 in individual key and key1 in broadcast key */
eapol->default_wep_key_idx = 1;
}
+#endif /* CONFIG_WEP */
eapol->cb.eapol_send = cb->eapol_send;
eapol->cb.aaa_send = cb->aaa_send;
return;
eapol_auth_conf_free(&eapol->conf);
+#ifdef CONFIG_WEP
os_free(eapol->default_wep_key);
+#endif /* CONFIG_WEP */
os_free(eapol);
}
static void eapol_sm_processKey(struct eapol_sm *sm)
{
+#ifdef CONFIG_WEP
#ifndef CONFIG_FIPS
struct ieee802_1x_hdr *hdr;
struct ieee802_1x_eapol_key *key;
}
}
#endif /* CONFIG_FIPS */
+#endif /* CONFIG_WEP */
}
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
+CONFIG_WEP=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
+CONFIG_WEP=y
tests = [(1, "hostapd_parse_das_client",
"SET radius_das_client 192.168.1.123 pw"),
- (1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
- (1, "hostapd_config_read_wep", "SET wep_key0 0102030405"),
(1, "hostapd_parse_chanlist", "SET chanlist 1 6 11-13"),
(1, "hostapd_config_bss", "SET bss foo"),
(2, "hostapd_config_bss", "SET bss foo"),
(1, "hostapd_parse_intlist", "SET sae_groups 19 25"),
(1, "hostapd_parse_intlist", "SET basic_rates 10 20 55 110"),
(1, "hostapd_parse_intlist", "SET supported_rates 10 20 55 110")]
+ if "WEP40" in dev[0].get_capability("group"):
+ tests += [(1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
+ (1, "hostapd_config_read_wep", "SET wep_key0 0102030405")]
for count, func, cmd in tests:
with alloc_fail(hapd, count, func):
if "FAIL" not in hapd.request(cmd):
def test_ap_config_set_errors(dev, apdev):
"""hostapd configuration parsing errors"""
hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
- hapd.set("wep_key0", '"hello"')
- hapd.set("wep_key1", '"hello"')
- hapd.set("wep_key0", '')
- hapd.set("wep_key0", '"hello"')
- if "FAIL" not in hapd.request("SET wep_key1 \"hello\""):
- raise Exception("SET wep_key1 allowed to override existing key")
- hapd.set("wep_key1", '')
- hapd.set("wep_key1", '"hello"')
+ if "WEP40" in dev[0].get_capability("group"):
+ hapd.set("wep_key0", '"hello"')
+ hapd.set("wep_key1", '"hello"')
+ hapd.set("wep_key0", '')
+ hapd.set("wep_key0", '"hello"')
+ if "FAIL" not in hapd.request("SET wep_key1 \"hello\""):
+ raise Exception("SET wep_key1 allowed to override existing key")
+ hapd.set("wep_key1", '')
+ hapd.set("wep_key1", '"hello"')
hapd.set("auth_server_addr", "127.0.0.1")
hapd.set("acct_server_addr", "127.0.0.1")
dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
- dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
- scan_freq="2412", wait_connect=False)
+ if "WEP40" in dev[2].get_capability("group"):
+ dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
+ scan_freq="2412", wait_connect=False)
dev[0].flush_scan_cache()
dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
group="GTK_NOT_USED CCMP",
import hostapd
from tshark import run_tshark
from utils import alloc_fail, HwsimSkip, parse_ie
+from test_wep import check_wep_capa
@remote_compatible
def test_ap_fragmentation_rts_set_high(dev, apdev):
def test_ap_wds_sta_wep(dev, apdev):
"""WEP AP with STA using 4addr mode"""
+ check_wep_capa(dev[0])
ssid = "test-wds-wep"
params = {}
params['ssid'] = ssid
def test_ap_wep_to_wpa(dev, apdev):
"""WEP to WPA2-PSK configuration change in hostapd"""
+ check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-to-wpa",
"wep_key0": '"hello"'})
from utils import HwsimSkip, skip_with_fips
from wlantest import Wlantest
from test_ap_vht import vht_supported
+from test_wep import check_wep_capa
def start_ap_wpa2_psk(ap):
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
def test_ap_wep_tdls(dev, apdev):
"""WEP AP and two stations using TDLS"""
+ check_wep_capa(dev[0])
+ check_wep_capa(dev[1])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "test-wep", "wep_key0": '"hello"'})
wlantest_setup(hapd)
from utils import wait_fail_trigger, clear_regdom
from test_ap_eap import int_eap_server_params
from test_sae import check_sae_capab
+from test_wep import check_wep_capa
def wps_start_ap(apdev, ssid="test-wps-conf"):
params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
def test_ap_wps_wep(dev, apdev):
"""WPS AP trying to enable WEP"""
+ check_wep_capa(dev[0])
ssid = "test-wps"
hapd = hostapd.add_ap(apdev[0],
{"ssid": ssid, "eap_server": "1", "wps_state": "1",
from tshark import run_tshark
from nl80211 import *
from wpasupplicant import WpaSupplicant
+from test_wep import check_wep_capa
def nl80211_command(dev, cmd, attr):
res = dev.request("VENDOR ffffffff {} {}".format(nl80211_cmd[cmd],
@remote_compatible
def test_cfg80211_wep_key_idx_change(dev, apdev):
"""WEP Shared Key authentication and key index change without deauth"""
+ check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
import hostapd
from wpasupplicant import WpaSupplicant
from p2p_utils import *
+from test_wep import check_wep_capa
def test_connect_cmd_open(dev, apdev):
"""Open connection using cfg80211 connect command"""
def test_connect_cmd_wep(dev, apdev):
"""WEP Open System using cfg80211 connect command"""
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+ wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
+ check_wep_capa(wpas)
+
params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"'}
hapd = hostapd.add_ap(apdev[0], params)
- wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
- wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
wep_key0='"hello"')
wpas.dump_monitor()
def test_connect_cmd_wep_shared(dev, apdev):
"""WEP Shared key using cfg80211 connect command"""
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+ wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
+ check_wep_capa(wpas)
+
params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"',
"auth_algs": "2"}
hapd = hostapd.add_ap(apdev[0], params)
- wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
- wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
id = wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
auth_alg="SHARED", wep_key0='"hello"')
wpas.dump_monitor()
import hwsim_utils
from utils import alloc_fail, wait_fail_trigger
+from test_wep import check_wep_capa
def connect_ibss_cmd(dev, id, freq=2412):
dev.dump_monitor()
def test_ibss_wep(dev):
"""IBSS with WEP"""
+ check_wep_capa(dev[0])
+ check_wep_capa(dev[1])
+
ssid = "ibss-wep"
id = add_ibss(dev[0], ssid, key_mgmt="NONE", wep_key0='"hello"')
import hwsim_utils
from utils import skip_with_fips
from tshark import run_tshark
+from test_wep import check_wep_capa
logger = logging.getLogger()
def test_ieee8021x_wep104(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
def test_ieee8021x_wep40(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP40"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
def test_ieee8021x_wep_index_workaround(dev, apdev):
"""IEEE 802.1X and EAPOL-Key index workaround"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
run_static_wep(dev, apdev, '"hello-there-/"')
def run_static_wep(dev, apdev, key):
+ check_wep_capa(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
def test_ieee8021x_eapol_key(dev, apdev):
"""IEEE 802.1X connection and EAPOL-Key protocol tests"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
def test_ieee8021x_reauth_wep(dev, apdev, params):
"""IEEE 802.1X and EAPOL_REAUTH request with WEP"""
+ check_wep_capa(dev[0])
logdir = params['logdir']
params = hostapd.radius_params()
def test_ieee8021x_and_wpa_enabled(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
from utils import HwsimSkip, require_under_vm, skip_with_fips, alloc_fail, fail_test, wait_fail_trigger
from test_ap_hs20 import build_dhcp_ack
from test_ap_ft import ft_params1
+from test_wep import check_wep_capa
def connect(dev, ssid, wait_connect=True):
dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412",
def test_radius_acct_ieee8021x(dev, apdev):
"""RADIUS Accounting - IEEE 802.1X"""
+ check_wep_capa(dev[0])
skip_with_fips(dev[0])
as_hapd = hostapd.Hostapd("as")
params = hostapd.radius_params()
from utils import clear_regdom_dev
from tshark import run_tshark
from test_ap_csa import switch_channel, wait_channel_switch, csa_supported
+from test_wep import check_wep_capa
def check_scan(dev, params, other_started=False, test_busy=False):
if not other_started:
@remote_compatible
def test_scan_for_auth_wep(dev, apdev):
"""cfg80211 scan-for-auth workaround with WEP keys"""
+ check_wep_capa(dev[0])
dev[0].flush_scan_cache()
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep", "wep_key0": '"abcde"',
from remotehost import remote_compatible
import hostapd
import hwsim_utils
-from utils import clear_regdom
+from utils import clear_regdom, HwsimSkip
+
+def check_wep_capa(dev):
+ if "WEP40" not in dev.get_capability("group"):
+ raise HwsimSkip("WEP not supported")
@remote_compatible
def test_wep_open_auth(dev, apdev):
"""WEP Open System authentication"""
+ check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
"wep_key0": '"hello"'})
@remote_compatible
def test_wep_shared_key_auth(dev, apdev):
"""WEP Shared Key authentication"""
+ check_wep_capa(dev[0])
+ check_wep_capa(dev[1])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
@remote_compatible
def test_wep_shared_key_auth_not_allowed(dev, apdev):
"""WEP Shared Key authentication not allowed"""
+ check_wep_capa(dev[0])
hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
def test_wep_shared_key_auth_multi_key(dev, apdev):
"""WEP Shared Key authentication with multiple keys"""
+ check_wep_capa(dev[0])
+ check_wep_capa(dev[1])
+ check_wep_capa(dev[2])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
def test_wep_ht_vht(dev, apdev):
"""WEP and HT/VHT"""
+ check_wep_capa(dev[0])
dev[0].flush_scan_cache()
try:
hapd = None
def test_wep_ifdown(dev, apdev):
"""AP with WEP and external ifconfig down"""
+ check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
"wep_key0": '"hello"'})
from wpasupplicant import WpaSupplicant
from utils import HwsimSkip, skip_with_fips
from test_rfkill import get_rfkill
+from test_wep import check_wep_capa
def get_wext_interface():
if not os.path.exists("/proc/net/wireless"):
def test_wext_wep_open_auth(dev, apdev):
"""WEP Open System authentication"""
wpas = get_wext_interface()
+ check_wep_capa(wpas)
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
def test_wext_wep_shared_key_auth(dev, apdev):
"""WEP Shared Key authentication"""
wpas = get_wext_interface()
+ check_wep_capa(wpas)
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
from utils import HwsimSkip, alloc_fail, clear_regdom_dev
from wpasupplicant import WpaSupplicant
from test_p2p_channel import set_country
+from test_wep import check_wep_capa
def wait_ap_ready(dev):
ev = dev.wait_event(["CTRL-EVENT-CONNECTED"])
@remote_compatible
def test_wpas_ap_wep(dev):
"""wpa_supplicant AP mode - WEP"""
+ check_wep_capa(dev[0])
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap-wep")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
- id = dev[0].add_network()
- dev[0].set_network(id, "mode", "2")
- dev[0].set_network_quoted(id, "ssid", "wpas-ap")
- dev[0].set_network(id, "key_mgmt", "NONE")
- dev[0].set_network_quoted(id, "wep_key0", "hello")
- dev[0].set_network(id, "frequency", "2412")
- dev[0].set_network(id, "scan_freq", "2412")
- with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
- dev[0].select_network(id)
- dev[0].wait_disconnected()
- dev[0].request("REMOVE_NETWORK all")
+ if "WEP40" in dev[0].get_capability("group"):
+ id = dev[0].add_network()
+ dev[0].set_network(id, "mode", "2")
+ dev[0].set_network_quoted(id, "ssid", "wpas-ap")
+ dev[0].set_network(id, "key_mgmt", "NONE")
+ dev[0].set_network_quoted(id, "wep_key0", "hello")
+ dev[0].set_network(id, "frequency", "2412")
+ dev[0].set_network(id, "scan_freq", "2412")
+ with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
+ dev[0].select_network(id)
+ dev[0].wait_disconnected()
+ dev[0].request("REMOVE_NETWORK all")
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' identity 12x3'):
raise Exception("Unexpected success for invalid identity string")
- for i in range(0, 4):
- if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' wep_key' + str(i) + ' aabbccddee'):
- raise Exception("Unexpected wep_key set failure")
- if dev[0].get_network(id, "wep_key" + str(i)) != '*':
- raise Exception("Unexpected wep_key get failure")
+ if "WEP40" in dev[0].get_capability("group"):
+ for i in range(0, 4):
+ if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' wep_key' + str(i) + ' aabbccddee'):
+ raise Exception("Unexpected wep_key set failure")
+ if dev[0].get_network(id, "wep_key" + str(i)) != '*':
+ raise Exception("Unexpected wep_key get failure")
if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
raise Exception("Unexpected failure for psk_list string")
raise Exception("Invalid WEP key accepted")
if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' wep_key0 "12345678901234567"'):
raise Exception("Too long WEP key accepted")
- # too short WEP key is ignored
- dev[0].set_network_quoted(id, "wep_key0", "1234")
- dev[0].set_network_quoted(id, "wep_key1", "12345")
- dev[0].set_network_quoted(id, "wep_key2", "1234567890123")
- dev[0].set_network_quoted(id, "wep_key3", "1234567890123456")
+ if "WEP40" in dev[0].get_capability("group"):
+ # too short WEP key is ignored
+ dev[0].set_network_quoted(id, "wep_key0", "1234")
+ dev[0].set_network_quoted(id, "wep_key1", "12345")
+ dev[0].set_network_quoted(id, "wep_key2", "1234567890123")
+ dev[0].set_network_quoted(id, "wep_key3", "1234567890123456")
dev[0].set_network(id, "go_p2p_dev_addr", "any")
if dev[0].get_network(id, "go_p2p_dev_addr") is not None:
endif
endif
+ifdef CONFIG_WEP
+L_CFLAGS += -DCONFIG_WEP
+endif
+
include $(LOCAL_PATH)/src/drivers/drivers.mk
OBJS_nfc += $(FST_OBJS)
endif
+ifdef CONFIG_WEP
+CFLAGS += -DCONFIG_WEP
+endif
+
ifndef LDO
LDO=$(CC)
endif
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current wpa_supplicant
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+CONFIG_WEP=y
+
include $(wildcard $(LOCAL_PATH)/android_config_*.inc)
bss->ssid.wpa_psk_set = 1;
} else if (ssid->passphrase) {
bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase);
+#ifdef CONFIG_WEP
} else if (ssid->wep_key_len[0] || ssid->wep_key_len[1] ||
ssid->wep_key_len[2] || ssid->wep_key_len[3]) {
struct hostapd_wep_keys *wep = &bss->ssid.wep;
}
wep->idx = ssid->wep_tx_keyidx;
wep->keys_set = 1;
+#endif /* CONFIG_WEP */
}
#ifdef CONFIG_SAE
if (ssid->sae_password) {
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
bss->rsn_pairwise);
- if (bss->wpa && bss->ieee802_1x)
+ if (bss->wpa && bss->ieee802_1x) {
bss->ssid.security_policy = SECURITY_WPA;
- else if (bss->wpa)
+ } else if (bss->wpa) {
bss->ssid.security_policy = SECURITY_WPA_PSK;
- else if (bss->ieee802_1x) {
+#ifdef CONFIG_WEP
+ } else if (bss->ieee802_1x) {
int cipher = WPA_CIPHER_NONE;
bss->ssid.security_policy = SECURITY_IEEE_802_1X;
bss->ssid.wep.default_len = bss->default_wep_key_len;
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
+#endif /* CONFIG_WEP */
} else {
bss->ssid.security_policy = SECURITY_PLAINTEXT;
bss->wpa_group = WPA_CIPHER_NONE;
#endif /* IEEE8021X_EAPOL */
+#ifdef CONFIG_WEP
+
static int wpa_config_parse_wep_key(u8 *key, size_t *len, int line,
const char *value, int idx)
{
}
#endif /* NO_CONFIG_WRITE */
+#endif /* CONFIG_WEP */
+
#ifdef CONFIG_P2P
{ STRe(openssl_ciphers, openssl_ciphers) },
{ INTe(erp, erp) },
#endif /* IEEE8021X_EAPOL */
+#ifdef CONFIG_WEP
{ FUNC_KEY(wep_key0) },
{ FUNC_KEY(wep_key1) },
{ FUNC_KEY(wep_key2) },
{ FUNC_KEY(wep_key3) },
{ INT(wep_tx_keyidx) },
+#endif /* CONFIG_WEP */
{ INT(priority) },
#ifdef IEEE8021X_EAPOL
{ INT(eap_workaround) },
}
}
- if (wpa_config_set(ssid, pos, pos2, *line) < 0)
+ if (wpa_config_set(ssid, pos, pos2, *line) < 0) {
+#ifndef CONFIG_WEP
+ if (os_strcmp(pos, "wep_key0") == 0 ||
+ os_strcmp(pos, "wep_key1") == 0 ||
+ os_strcmp(pos, "wep_key2") == 0 ||
+ os_strcmp(pos, "wep_key3") == 0 ||
+ os_strcmp(pos, "wep_tx_keyidx") == 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: unsupported WEP parameter",
+ *line);
+ ssid->disabled = 1;
+ continue;
+ }
+#endif /* CONFIG_WEP */
errors++;
+ }
}
if (!end) {
#endif /* IEEE8021X_EAPOL */
+#ifdef CONFIG_WEP
static void write_wep_key(FILE *f, int idx, struct wpa_ssid *ssid)
{
char field[20], *value;
os_free(value);
}
}
+#endif /* CONFIG_WEP */
#ifdef CONFIG_P2P
static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
{
- int i;
-
#define STR(t) write_str(f, #t, ssid)
#define INT(t) write_int(f, #t, ssid->t, 0)
#define INTe(t, m) write_int(f, #t, ssid->eap.m, 0)
STR(openssl_ciphers);
INTe(erp, erp);
#endif /* IEEE8021X_EAPOL */
- for (i = 0; i < 4; i++)
- write_wep_key(f, i, ssid);
- INT(wep_tx_keyidx);
+#ifdef CONFIG_WEP
+ {
+ int i;
+
+ for (i = 0; i < 4; i++)
+ write_wep_key(f, i, ssid);
+ INT(wep_tx_keyidx);
+ }
+#endif /* CONFIG_WEP */
INT(priority);
#ifdef IEEE8021X_EAPOL
INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
struct eap_peer_config eap;
#endif /* IEEE8021X_EAPOL */
+#ifdef CONFIG_WEP
#define NUM_WEP_KEYS 4
#define MAX_WEP_KEY_LEN 16
/**
* wep_tx_keyidx - Default key index for TX frames using WEP
*/
int wep_tx_keyidx;
+#endif /* CONFIG_WEP */
/**
* proactive_key_caching - Enable proactive key caching
#endif /* IEEE8021X_EAPOL */
+#ifdef CONFIG_WEP
static void write_wep_key(HKEY hk, int idx, struct wpa_ssid *ssid)
{
char field[20], *value;
os_free(value);
}
}
+#endif /* CONFIG_WEP */
static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
{
- int i, errors = 0;
+ int errors = 0;
HKEY nhk, netw;
LONG ret;
TCHAR name[5];
INTe(engine2, phase2_cert.engine);
INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
#endif /* IEEE8021X_EAPOL */
- for (i = 0; i < 4; i++)
- write_wep_key(netw, i, ssid);
- INT(wep_tx_keyidx);
+#ifdef CONFIG_WEP
+ {
+ int i;
+
+ for (i = 0; i < 4; i++)
+ write_wep_key(netw, i, ssid);
+ INT(wep_tx_keyidx);
+ }
+#endif /* CONFIG_WEP */
INT(priority);
#ifdef IEEE8021X_EAPOL
INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
{ WPA_DRIVER_CAPA_ENC_GCMP, "GCMP", 0 },
{ WPA_DRIVER_CAPA_ENC_TKIP, "TKIP", 0 },
{ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE, "NONE", 0 },
+#ifdef CONFIG_WEP
{ WPA_DRIVER_CAPA_ENC_WEP104, "WEP104", 1 },
{ WPA_DRIVER_CAPA_ENC_WEP40, "WEP40", 1 }
+#endif /* CONFIG_WEP */
};
static const struct cipher_info ciphers_group_mgmt[] = {
if (res < 0) {
if (strict)
return 0;
+#ifdef CONFIG_WEP
len = os_strlcpy(buf, "CCMP TKIP WEP104 WEP40", buflen);
+#else /* CONFIG_WEP */
+ len = os_strlcpy(buf, "CCMP TKIP", buflen);
+#endif /* CONFIG_WEP */
if (len >= buflen)
return -1;
return len;
/***** group cipher */
if (res < 0) {
const char *args[] = {
- "ccmp", "tkip", "wep104", "wep40"
+ "ccmp", "tkip",
+#ifdef CONFIG_WEP
+ "wep104", "wep40"
+#endif /* CONFIG_WEP */
};
if (!wpa_dbus_dict_append_string_array(
((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "tkip")) ||
+#ifdef CONFIG_WEP
((capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "wep104")) ||
((capa.enc & WPA_DRIVER_CAPA_ENC_WEP40) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "wep40")) ||
+#endif /* CONFIG_WEP */
!wpa_dbus_dict_end_string_array(&iter_dict,
&iter_dict_entry,
&iter_dict_val,
/* Group */
switch (ie_data->group_cipher) {
+#ifdef CONFIG_WEP
case WPA_CIPHER_WEP40:
group = "wep40";
break;
+ case WPA_CIPHER_WEP104:
+ group = "wep104";
+ break;
+#endif /* CONFIG_WEP */
case WPA_CIPHER_TKIP:
group = "tkip";
break;
case WPA_CIPHER_GCMP:
group = "gcmp";
break;
- case WPA_CIPHER_WEP104:
- group = "wep104";
- break;
case WPA_CIPHER_CCMP_256:
group = "ccmp-256";
break;
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current wpa_supplicant
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
#ifndef CONFIG_NO_SCAN_PROCESSING
+#ifdef CONFIG_WEP
static int has_wep_key(struct wpa_ssid *ssid)
{
int i;
return 0;
}
+#endif /* CONFIG_WEP */
static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
return 1;
#endif /* CONFIG_OWE */
+#ifdef CONFIG_WEP
if (has_wep_key(ssid))
privacy = 1;
+#endif /* CONFIG_WEP */
#ifdef IEEE8021X_EAPOL
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
int proto_match = 0;
const u8 *rsn_ie, *wpa_ie;
int ret;
+#ifdef CONFIG_WEP
int wep_ok;
+#endif /* CONFIG_WEP */
ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
if (ret >= 0)
return ret;
+#ifdef CONFIG_WEP
/* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */
wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
(((ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) ||
(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
+#endif /* CONFIG_WEP */
rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
while ((ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) && rsn_ie) {
if (!ie.has_group)
ie.group_cipher = wpa_default_rsn_cipher(bss->freq);
+#ifdef CONFIG_WEP
if (wep_ok &&
(ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
{
" selected based on TSN in RSN IE");
return 1;
}
+#endif /* CONFIG_WEP */
if (!(ie.proto & ssid->proto) &&
!(ssid->proto & WPA_PROTO_OSEN)) {
break;
}
+#ifdef CONFIG_WEP
if (wep_ok &&
(ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
{
" selected based on TSN in WPA IE");
return 1;
}
+#endif /* CONFIG_WEP */
if (!(ie.proto & ssid->proto)) {
if (debug_print)
continue;
}
+#ifdef CONFIG_WEP
if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
has_wep_key(ssid)) {
if (debug_print)
" skip - ignore WPA/WPA2 AP for WEP network block");
continue;
}
+#endif /* CONFIG_WEP */
if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen &&
!rsn_osen) {
wpa_s->pending_eapol_rx = NULL;
}
+#ifdef CONFIG_WEP
if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
wpa_s->current_ssid &&
/* Set static WEP keys again */
wpa_set_wep_keys(wpa_s, wpa_s->current_ssid);
}
+#endif /* CONFIG_WEP */
#ifdef CONFIG_IBSS_RSN
if (wpa_s->current_ssid &&
#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
const u8 *md = NULL;
#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
- int i, bssid_changed;
+ int bssid_changed;
struct wpabuf *resp = NULL;
u8 ext_capab[18];
int ext_capab_len;
}
#endif /* CONFIG_SAE */
- for (i = 0; i < NUM_WEP_KEYS; i++) {
- if (ssid->wep_key_len[i])
- params.wep_key[i] = ssid->wep_key[i];
- params.wep_key_len[i] = ssid->wep_key_len[i];
+#ifdef CONFIG_WEP
+ {
+ int i;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i])
+ params.wep_key[i] = ssid->wep_key[i];
+ params.wep_key_len[i] = ssid->wep_key_len[i];
+ }
+ params.wep_tx_keyidx = ssid->wep_tx_keyidx;
}
- params.wep_tx_keyidx = ssid->wep_tx_keyidx;
+#endif /* CONFIG_WEP */
if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
#endif /* CONFIG_OWE */
+#ifdef CONFIG_WEP
/* Configure default/group WEP keys for static WEP */
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
return set;
}
+#endif /* CONFIG_WEP */
int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
+#ifdef CONFIG_WEP
int i;
+#endif /* CONFIG_WEP */
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
wpa_s->group_cipher = WPA_CIPHER_NONE;
wpa_s->mgmt_group_cipher = 0;
+#ifdef CONFIG_WEP
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i] > 5) {
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
break;
}
}
+#endif /* CONFIG_WEP */
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
struct wpa_supplicant *wpa_s = work->wpa_s;
u8 *wpa_ie;
const u8 *edmg_ie_oper;
- int use_crypt, ret, i, bssid_changed;
+ int use_crypt, ret, bssid_changed;
unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
struct wpa_driver_associate_params params;
int wep_keys_set = 0;
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
use_crypt = 0;
+#ifdef CONFIG_WEP
if (wpa_set_wep_keys(wpa_s, ssid)) {
use_crypt = 1;
wep_keys_set = 1;
}
+#endif /* CONFIG_WEP */
}
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
use_crypt = 0;
wpa_s->auth_alg = params.auth_alg;
params.mode = ssid->mode;
params.bg_scan_period = ssid->bg_scan_period;
- for (i = 0; i < NUM_WEP_KEYS; i++) {
- if (ssid->wep_key_len[i])
- params.wep_key[i] = ssid->wep_key[i];
- params.wep_key_len[i] = ssid->wep_key_len[i];
+#ifdef CONFIG_WEP
+ {
+ int i;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i])
+ params.wep_key[i] = ssid->wep_key[i];
+ params.wep_key_len[i] = ssid->wep_key_len[i];
+ }
+ params.wep_tx_keyidx = ssid->wep_tx_keyidx;
}
- params.wep_tx_keyidx = ssid->wep_tx_keyidx;
+#endif /* CONFIG_WEP */
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
(params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
}
+#ifdef CONFIG_WEP
if (wep_keys_set &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
/* Set static WEP keys again */
wpa_set_wep_keys(wpa_s, ssid);
}
+#endif /* CONFIG_WEP */
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
/*
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
+#ifdef CONFIG_WEP
int i;
unsigned int drv_enc;
+#endif /* CONFIG_WEP */
if (wpa_s->p2p_mgmt)
return 1; /* no normal network profiles on p2p_mgmt interface */
if (ssid->disabled)
return 1;
+#ifdef CONFIG_WEP
if (wpa_s->drv_capa_known)
drv_enc = wpa_s->drv_enc;
else
continue;
return 1; /* invalid WEP key */
}
+#endif /* CONFIG_WEP */
if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
(!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
}
+#ifdef CONFIG_WEP
/**
* wpa_eapol_set_wep_key - set WEP key for the driver
* @ctx: Pointer to wpa_supplicant data (wpa_s)
unicast ? KEY_FLAG_PAIRWISE_RX_TX :
KEY_FLAG_GROUP_RX_TX_DEFAULT);
}
+#endif /* CONFIG_WEP */
static void wpa_supplicant_aborted_cached(void *ctx)
ctx->preauth = 0;
ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
ctx->eapol_send = wpa_supplicant_eapol_send;
+#ifdef CONFIG_WEP
ctx->set_wep_key = wpa_eapol_set_wep_key;
+#endif /* CONFIG_WEP */
#ifndef CONFIG_NO_CONFIG_BLOBS
ctx->set_config_blob = wpa_supplicant_set_config_blob;
ctx->get_config_blob = wpa_supplicant_get_config_blob;
projects / thirdparty / hostap.git / commitdiff
