Import hostapd 0.5.8
authorSepherosa Ziehau <sephe@dragonflybsd.org>
Tue, 7 Aug 2007 11:18:24 +0000 (11:18 +0000)
committerSepherosa Ziehau <sephe@dragonflybsd.org>
Tue, 7 Aug 2007 11:18:24 +0000 (11:18 +0000)
150 files changed:
contrib/hostapd-0.5.8/COPYING [new file with mode: 0644]
contrib/hostapd-0.5.8/README [new file with mode: 0644]
contrib/hostapd-0.5.8/README.DELETE [new file with mode: 0644]
contrib/hostapd-0.5.8/README.DRAGONFLY [new file with mode: 0644]
contrib/hostapd-0.5.8/accounting.c [new file with mode: 0644]
contrib/hostapd-0.5.8/accounting.h [new file with mode: 0644]
contrib/hostapd-0.5.8/aes.c [new file with mode: 0644]
contrib/hostapd-0.5.8/aes.h [new file with mode: 0644]
contrib/hostapd-0.5.8/aes_wrap.c [new file with mode: 0644]
contrib/hostapd-0.5.8/aes_wrap.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ap.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ap_list.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ap_list.h [new file with mode: 0644]
contrib/hostapd-0.5.8/beacon.c [new file with mode: 0644]
contrib/hostapd-0.5.8/beacon.h [new file with mode: 0644]
contrib/hostapd-0.5.8/build_config.h [new file with mode: 0644]
contrib/hostapd-0.5.8/common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/config.c [new file with mode: 0644]
contrib/hostapd-0.5.8/config.h [new file with mode: 0644]
contrib/hostapd-0.5.8/config_types.h [new file with mode: 0644]
contrib/hostapd-0.5.8/crypto.c [new file with mode: 0644]
contrib/hostapd-0.5.8/crypto.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ctrl_iface.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ctrl_iface.h [new file with mode: 0644]
contrib/hostapd-0.5.8/defs.h [new file with mode: 0644]
contrib/hostapd-0.5.8/des.c [new file with mode: 0644]
contrib/hostapd-0.5.8/driver.c [new file with mode: 0644]
contrib/hostapd-0.5.8/driver.h [new file with mode: 0644]
contrib/hostapd-0.5.8/driver_wired.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_aka.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_defs.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_gpsk.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_gpsk_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_gpsk_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_gtc.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_i.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_identity.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_md5.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_methods.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_methods.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_mschapv2.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_pax.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_pax_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_pax_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_peap.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_psk.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_psk_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_psk_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sake.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sake_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sake_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sim.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sim_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sim_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sim_db.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_sim_db.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_tls.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_tls_common.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_tlv.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_ttls.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eap_ttls.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eapol_sm.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eapol_sm.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eloop.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eloop.h [new file with mode: 0644]
contrib/hostapd-0.5.8/eloop_none.c [new file with mode: 0644]
contrib/hostapd-0.5.8/eloop_win.c [new file with mode: 0644]
contrib/hostapd-0.5.8/hlr_auc_gw.c [new file with mode: 0644]
contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db [new file with mode: 0644]
contrib/hostapd-0.5.8/hostap_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.accept [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.c [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.conf [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.deny [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.eap_user [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.h [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.radius_clients [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.sim_db [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.vlan [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd.wpa_psk [new file with mode: 0644]
contrib/hostapd-0.5.8/hostapd_cli.c [new file with mode: 0644]
contrib/hostapd-0.5.8/hw_features.c [new file with mode: 0644]
contrib/hostapd-0.5.8/hw_features.h [new file with mode: 0644]
contrib/hostapd-0.5.8/iapp.c [new file with mode: 0644]
contrib/hostapd-0.5.8/iapp.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11_auth.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11_auth.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11h.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_11h.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_1x.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ieee802_1x.h [new file with mode: 0644]
contrib/hostapd-0.5.8/includes.h [new file with mode: 0644]
contrib/hostapd-0.5.8/l2_packet.h [new file with mode: 0644]
contrib/hostapd-0.5.8/md4.c [new file with mode: 0644]
contrib/hostapd-0.5.8/md5.c [new file with mode: 0644]
contrib/hostapd-0.5.8/md5.h [new file with mode: 0644]
contrib/hostapd-0.5.8/milenage.c [new file with mode: 0644]
contrib/hostapd-0.5.8/milenage.h [new file with mode: 0644]
contrib/hostapd-0.5.8/mlme.c [new file with mode: 0644]
contrib/hostapd-0.5.8/mlme.h [new file with mode: 0644]
contrib/hostapd-0.5.8/ms_funcs.c [new file with mode: 0644]
contrib/hostapd-0.5.8/ms_funcs.h [new file with mode: 0644]
contrib/hostapd-0.5.8/os.h [new file with mode: 0644]
contrib/hostapd-0.5.8/os_internal.c [new file with mode: 0644]
contrib/hostapd-0.5.8/os_none.c [new file with mode: 0644]
contrib/hostapd-0.5.8/os_unix.c [new file with mode: 0644]
contrib/hostapd-0.5.8/pmksa_cache.c [new file with mode: 0644]
contrib/hostapd-0.5.8/pmksa_cache.h [new file with mode: 0644]
contrib/hostapd-0.5.8/preauth.c [new file with mode: 0644]
contrib/hostapd-0.5.8/preauth.h [new file with mode: 0644]
contrib/hostapd-0.5.8/prism54.h [new file with mode: 0644]
contrib/hostapd-0.5.8/priv_netlink.h [new file with mode: 0644]
contrib/hostapd-0.5.8/radius.c [new file with mode: 0644]
contrib/hostapd-0.5.8/radius.h [new file with mode: 0644]
contrib/hostapd-0.5.8/radius_client.c [new file with mode: 0644]
contrib/hostapd-0.5.8/radius_client.h [new file with mode: 0644]
contrib/hostapd-0.5.8/radius_server.c [new file with mode: 0644]
contrib/hostapd-0.5.8/radius_server.h [new file with mode: 0644]
contrib/hostapd-0.5.8/rc4.c [new file with mode: 0644]
contrib/hostapd-0.5.8/rc4.h [new file with mode: 0644]
contrib/hostapd-0.5.8/reconfig.c [new file with mode: 0644]
contrib/hostapd-0.5.8/sha1.c [new file with mode: 0644]
contrib/hostapd-0.5.8/sha1.h [new file with mode: 0644]
contrib/hostapd-0.5.8/sha256.c [new file with mode: 0644]
contrib/hostapd-0.5.8/sha256.h [new file with mode: 0644]
contrib/hostapd-0.5.8/sta_info.c [new file with mode: 0644]
contrib/hostapd-0.5.8/sta_info.h [new file with mode: 0644]
contrib/hostapd-0.5.8/state_machine.h [new file with mode: 0644]
contrib/hostapd-0.5.8/tls.h [new file with mode: 0644]
contrib/hostapd-0.5.8/tls_gnutls.c [new file with mode: 0644]
contrib/hostapd-0.5.8/tls_none.c [new file with mode: 0644]
contrib/hostapd-0.5.8/tls_openssl.c [new file with mode: 0644]
contrib/hostapd-0.5.8/version.h [new file with mode: 0644]
contrib/hostapd-0.5.8/vlan_init.c [new file with mode: 0644]
contrib/hostapd-0.5.8/vlan_init.h [new file with mode: 0644]
contrib/hostapd-0.5.8/wired.conf [new file with mode: 0644]
contrib/hostapd-0.5.8/wireless_copy.h [new file with mode: 0644]
contrib/hostapd-0.5.8/wme.c [new file with mode: 0644]
contrib/hostapd-0.5.8/wme.h [new file with mode: 0644]
contrib/hostapd-0.5.8/wpa.c [new file with mode: 0644]
contrib/hostapd-0.5.8/wpa.h [new file with mode: 0644]
contrib/hostapd-0.5.8/wpa_common.h [new file with mode: 0644]
contrib/hostapd-0.5.8/wpa_ctrl.c [new file with mode: 0644]
contrib/hostapd-0.5.8/wpa_ctrl.h [new file with mode: 0644]

diff --git a/contrib/hostapd-0.5.8/COPYING b/contrib/hostapd-0.5.8/COPYING
new file mode 100644 (file)
index 0000000..14f5453
--- /dev/null
@@ -0,0 +1,340 @@
+                   GNU GENERAL PUBLIC LICENSE
+                      Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                           Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+\f
+                   GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+\f
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+\f
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+\f
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                           NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                    END OF TERMS AND CONDITIONS
+\f
+           How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/contrib/hostapd-0.5.8/README b/contrib/hostapd-0.5.8/README
new file mode 100644 (file)
index 0000000..541fac4
--- /dev/null
@@ -0,0 +1,386 @@
+hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
+         Authenticator and RADIUS authentication server
+================================================================
+
+Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+This program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+
+
+License
+-------
+
+GPL v2:
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2 as
+published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+(this copy of the license is in COPYING file)
+
+
+Alternatively, this software may be distributed, used, and modified
+under the terms of BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+Introduction
+============
+
+Originally, hostapd was an optional user space component for Host AP
+driver. It adds more features to the basic IEEE 802.11 management
+included in the kernel driver: using external RADIUS authentication
+server for MAC address based access control, IEEE 802.1X Authenticator
+and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
+Authenticator and dynamic TKIP/CCMP keying.
+
+The current version includes support for other drivers, an integrated
+EAP server (i.e., allow full authentication without requiring
+an external RADIUS authentication server), and RADIUS authentication
+server for EAP authentication.
+
+
+Requirements
+------------
+
+Current hardware/software requirements:
+- drivers:
+       Host AP driver for Prism2/2.5/3.
+       (http://hostap.epitest.fi/)
+       Please note that station firmware version needs to be 1.7.0 or newer
+       to work in WPA mode.
+
+       madwifi driver for cards based on Atheros chip set (ar521x)
+       (http://sourceforge.net/projects/madwifi/)
+       Please note that you will need to add the correct path for
+       madwifi driver root directory in .config (see defconfig file for
+       an example: CFLAGS += -I<path>)
+
+       Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
+       (http://www.prism54.org/)
+
+       Any wired Ethernet driver for wired IEEE 802.1X authentication
+       (experimental code)
+
+       FreeBSD -current (with some kernel mods that have not yet been
+       committed when hostapd v0.3.0 was released)
+       BSD net80211 layer (e.g., Atheros driver)
+
+
+Build configuration
+-------------------
+
+In order to be able to build hostapd, you will need to create a build
+time configuration file, .config that selects which optional
+components are included. See defconfig file for example configuration
+and list of available options.
+
+
+
+IEEE 802.1X
+===========
+
+IEEE Std 802.1X-2001 is a standard for port-based network access
+control. In case of IEEE 802.11 networks, a "virtual port" is used
+between each associated station and the AP. IEEE 802.11 specifies
+minimal authentication mechanism for stations, whereas IEEE 802.1X
+introduces a extensible mechanism for authenticating and authorizing
+users.
+
+IEEE 802.1X uses elements called Supplicant, Authenticator, Port
+Access Entity, and Authentication Server. Supplicant is a component in
+a station and it performs the authentication with the Authentication
+Server. An access point includes an Authenticator that relays the packets
+between a Supplicant and an Authentication Server. In addition, it has a
+Port Access Entity (PAE) with Authenticator functionality for
+controlling the virtual port authorization, i.e., whether to accept
+packets from or to the station.
+
+IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
+between a Supplicant and an Authenticator are sent using EAP over LAN
+(EAPOL) and the Authenticator relays these frames to the Authentication
+Server (and similarly, relays the messages from the Authentication
+Server to the Supplicant). The Authentication Server can be colocated with the
+Authenticator, in which case there is no need for additional protocol
+for EAP frame transmission. However, a more common configuration is to
+use an external Authentication Server and encapsulate EAP frame in the
+frames used by that server. RADIUS is suitable for this, but IEEE
+802.1X would also allow other mechanisms.
+
+Host AP driver includes PAE functionality in the kernel driver. It
+is a relatively simple mechanism for denying normal frames going to
+or coming from an unauthorized port. PAE allows IEEE 802.1X related
+frames to be passed between the Supplicant and the Authenticator even
+on an unauthorized port.
+
+User space daemon, hostapd, includes Authenticator functionality. It
+receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
+device that is also used with IEEE 802.11 management frames. The
+frames to the Supplicant are sent using the same device.
+
+The normal configuration of the Authenticator would use an external
+Authentication Server. hostapd supports RADIUS encapsulation of EAP
+packets, so the Authentication Server should be a RADIUS server, like
+FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
+relays the frames between the Supplicant and the Authentication
+Server. It also controls the PAE functionality in the kernel driver by
+controlling virtual port authorization, i.e., station-AP
+connection, based on the IEEE 802.1X state.
+
+When a station would like to use the services of an access point, it
+will first perform IEEE 802.11 authentication. This is normally done
+with open systems authentication, so there is no security. After
+this, IEEE 802.11 association is performed. If IEEE 802.1X is
+configured to be used, the virtual port for the station is set in
+Unauthorized state and only IEEE 802.1X frames are accepted at this
+point. The Authenticator will then ask the Supplicant to authenticate
+with the Authentication Server. After this is completed successfully,
+the virtual port is set to Authorized state and frames from and to the
+station are accepted.
+
+Host AP configuration for IEEE 802.1X
+-------------------------------------
+
+The user space daemon has its own configuration file that can be used to
+define AP options. Distribution package contains an example
+configuration file (hostapd/hostapd.conf) that can be used as a basis
+for configuration. It includes examples of all supported configuration
+options and short description of each option. hostapd should be started
+with full path to the configuration file as the command line argument,
+e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
+LAN card, you can use one hostapd process for multiple interfaces by
+giving a list of configuration files (one per interface) in the command
+line.
+
+hostapd includes a minimal co-located IEEE 802.1X server which can be
+used to test IEEE 802.1X authentication. However, it should not be
+used in normal use since it does not provide any security. This can be
+configured by setting ieee8021x and minimal_eap options in the
+configuration file.
+
+An external Authentication Server (RADIUS) is configured with
+auth_server_{addr,port,shared_secret} options. In addition,
+ieee8021x and own_ip_addr must be set for this mode. With such
+configuration, the co-located Authentication Server is not used and EAP
+frames will be relayed using EAPOL between the Supplicant and the
+Authenticator and RADIUS encapsulation between the Authenticator and
+the Authentication Server. Other than this, the functionality is similar
+to the case with the co-located Authentication Server.
+
+Authentication Server and Supplicant
+------------------------------------
+
+Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
+Authentication Server with hostapd Authenticator. FreeRADIUS
+(http://www.freeradius.org/) has been successfully tested with hostapd
+Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
+XP Supplicants. EAP/TLS was used with Xsupplicant and
+EAP/MD5-Challenge with Windows XP.
+
+http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
+about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
+Cisco access point with Host AP driver, hostapd daemon, and a Prism2
+card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
+about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
+configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
+EAP/TLS use with WinXP Supplicant.
+
+Automatic WEP key configuration
+-------------------------------
+
+EAP/TLS generates a session key that can be used to send WEP keys from
+an AP to authenticated stations. The Authenticator in hostapd can be
+configured to automatically select a random default/broadcast key
+(shared by all authenticated stations) with wep_key_len_broadcast
+option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
+wep_key_len_unicast option can be used to configure individual unicast
+keys for stations. This requires support for individual keys in the
+station driver.
+
+WEP keys can be automatically updated by configuring rekeying. This
+will improve security of the network since same WEP key will only be
+used for a limited period of time. wep_rekey_period option sets the
+interval for rekeying in seconds.
+
+
+WPA/WPA2
+========
+
+Features
+--------
+
+Supported WPA/IEEE 802.11i features:
+- WPA-PSK ("WPA-Personal")
+- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
+- key management for CCMP, TKIP, WEP104, WEP40
+- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
+
+WPA
+---
+
+The original security mechanism of IEEE 802.11 standard was not
+designed to be strong and has proved to be insufficient for most
+networks that require some kind of security. Task group I (Security)
+of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
+to address the flaws of the base standard and has in practice
+completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
+802.11 standard was approved in June 2004 and this amendment is likely
+to be published in July 2004.
+
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
+IEEE 802.11i work (draft 3.0) to define a subset of the security
+enhancements that can be implemented with existing wlan hardware. This
+is called Wi-Fi Protected Access<TM> (WPA). This has now become a
+mandatory component of interoperability testing and certification done
+by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
+site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+
+IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
+for protecting wireless networks. WEP uses RC4 with 40-bit keys,
+24-bit initialization vector (IV), and CRC32 to protect against packet
+forgery. All these choices have proven to be insufficient: key space is
+too small against current attacks, RC4 key scheduling is insufficient
+(beginning of the pseudorandom stream should be skipped), IV space is
+too small and IV reuse makes attacks easier, there is no replay
+protection, and non-keyed authentication does not protect against bit
+flipping packet data.
+
+WPA is an intermediate solution for the security issues. It uses
+Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
+compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+
+Keys can be managed using two different mechanisms. WPA can either use
+an external authentication server (e.g., RADIUS) and EAP just like
+IEEE 802.1X is using or pre-shared keys without need for additional
+servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
+respectively. Both mechanisms will generate a master session key for
+the Authenticator (AP) and Supplicant (client station).
+
+WPA implements a new key handshake (4-Way Handshake and Group Key
+Handshake) for generating and exchanging data encryption keys between
+the Authenticator and Supplicant. This handshake is also used to
+verify that both Authenticator and Supplicant know the master session
+key. These handshakes are identical regardless of the selected key
+management mechanism (only the method for generating master session
+key changes).
+
+
+IEEE 802.11i / WPA2
+-------------------
+
+The design for parts of IEEE 802.11i that were not included in WPA has
+finished (May 2004) and this amendment to IEEE 802.11 was approved in
+June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
+version of WPA called WPA2. This includes, e.g., support for more
+robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
+to replace TKIP and optimizations for handoff (reduced number of
+messages in initial key handshake, pre-authentication, and PMKSA caching).
+
+Some wireless LAN vendors are already providing support for CCMP in
+their WPA products. There is no "official" interoperability
+certification for CCMP and/or mixed modes using both TKIP and CCMP, so
+some interoperability issues can be expected even though many
+combinations seem to be working with equipment from different vendors.
+Testing for WPA2 is likely to start during the second half of 2004.
+
+hostapd configuration for WPA/WPA2
+----------------------------------
+
+TODO
+
+# Enable WPA. Setting this variable configures the AP to require WPA (either
+# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
+# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
+# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
+# RADIUS authentication server must be configured, and WPA-EAP must be included
+# in wpa_key_mgmt.
+# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
+# and/or WPA2 (full IEEE 802.11i/RSN):
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2)
+#wpa=1
+
+# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
+# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
+# (8..63 characters) that will be converted to PSK. This conversion uses SSID
+# so the PSK changes when ASCII passphrase is used and the SSID is changed.
+#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#wpa_passphrase=secret passphrase
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space.
+#wpa_key_mgmt=WPA-PSK WPA-EAP
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+#wpa_pairwise=TKIP CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds.
+#wpa_group_rekey=600
+
+# Time interval for rekeying GMK (master key used internally to generate GTKs
+# (in seconds).
+#wpa_gmk_rekey=86400
+
+# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
+# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
+# authentication and key handshake before actually associating with a new AP.
+#rsn_preauth=1
+#
+# Space separated list of interfaces from which pre-authentication frames are
+# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
+# interface that are used for connections to other APs. This could include
+# wired interfaces and WDS links. The normal wireless data interface towards
+# associated stations (e.g., wlan0) should not be added, since
+# pre-authentication is only used with APs other than the currently associated
+# one.
+#rsn_preauth_interfaces=eth0
diff --git a/contrib/hostapd-0.5.8/README.DELETE b/contrib/hostapd-0.5.8/README.DELETE
new file mode 100644 (file)
index 0000000..194d442
--- /dev/null
@@ -0,0 +1,36 @@
+.cvsignore
+ChangeLog
+Makefile
+defconfig
+developer.txt
+doc/.cvsignore
+doc/code_structure.doxygen
+doc/ctrl_iface.doxygen
+doc/doxygen.fast
+doc/doxygen.full
+doc/driver_wrapper.doxygen
+doc/eap.doxygen
+doc/hostapd.fig
+doc/kerneldoc2doxygen.pl
+doc/mainpage.doxygen
+doc/porting.doxygen
+driver_bsd.c
+driver_devicescape.c
+driver_madwifi.c
+driver_prism54.c
+driver_test.c
+eap_vendor_test.c
+hostapd.8
+hostapd_cli.1
+l2_packet_freebsd.c
+l2_packet_linux.c
+l2_packet_ndis.c
+l2_packet_none.c
+l2_packet_pcap.c
+l2_packet_winpcap.c
+logwatch/README
+logwatch/hostapd
+logwatch/hostapd.conf
+madwifi.conf
+nt_password_hash.c
+os_win32.c
diff --git a/contrib/hostapd-0.5.8/README.DRAGONFLY b/contrib/hostapd-0.5.8/README.DRAGONFLY
new file mode 100644 (file)
index 0000000..d14626e
--- /dev/null
@@ -0,0 +1,4 @@
+Original source can be downloaded at:
+<http://hostap.epitest.fi/releases/hostapd-0.5.8.tar.gz>
+
+A list of deleted files is in README.DELETED.
diff --git a/contrib/hostapd-0.5.8/accounting.c b/contrib/hostapd-0.5.8/accounting.c
new file mode 100644 (file)
index 0000000..b22347b
--- /dev/null
@@ -0,0 +1,467 @@
+/*
+ * hostapd / RADIUS Accounting
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <assert.h>
+
+#include "hostapd.h"
+#include "radius.h"
+#include "radius_client.h"
+#include "eloop.h"
+#include "accounting.h"
+#include "ieee802_1x.h"
+#include "driver.h"
+
+
+/* Default interval in seconds for polling TX/RX octets from the driver if
+ * STA is not using interim accounting. This detects wrap arounds for
+ * input/output octets and updates Acct-{Input,Output}-Gigawords. */
+#define ACCT_DEFAULT_UPDATE_INTERVAL 300
+
+/* from ieee802_1x.c */
+const char *radius_mode_txt(struct hostapd_data *hapd);
+int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta);
+
+
+static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
+                                         struct sta_info *sta,
+                                         int status_type)
+{
+       struct radius_msg *msg;
+       char buf[128];
+       u8 *val;
+       size_t len;
+       int i;
+
+       msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
+                            radius_client_get_id(hapd->radius));
+       if (msg == NULL) {
+               printf("Could not create net RADIUS packet\n");
+               return NULL;
+       }
+
+       if (sta) {
+               radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
+
+               snprintf(buf, sizeof(buf), "%08X-%08X",
+                        sta->acct_session_id_hi, sta->acct_session_id_lo);
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Acct-Session-Id\n");
+                       goto fail;
+               }
+       } else {
+               radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd));
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE,
+                                      status_type)) {
+               printf("Could not add Acct-Status-Type\n");
+               goto fail;
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
+                                      hapd->conf->ieee802_1x ?
+                                      RADIUS_ACCT_AUTHENTIC_RADIUS :
+                                      RADIUS_ACCT_AUTHENTIC_LOCAL)) {
+               printf("Could not add Acct-Authentic\n");
+               goto fail;
+       }
+
+       if (sta) {
+               val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+               if (!val) {
+                       snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+                                MAC2STR(sta->addr));
+                       val = (u8 *) buf;
+                       len = strlen(buf);
+               }
+
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
+                                        len)) {
+                       printf("Could not add User-Name\n");
+                       goto fail;
+               }
+       }
+
+       if (hapd->conf->own_ip_addr.af == AF_INET &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+                                (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
+               printf("Could not add NAS-IP-Address\n");
+               goto fail;
+       }
+
+#ifdef CONFIG_IPV6
+       if (hapd->conf->own_ip_addr.af == AF_INET6 &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
+                                (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
+               printf("Could not add NAS-IPv6-Address\n");
+               goto fail;
+       }
+#endif /* CONFIG_IPV6 */
+
+       if (hapd->conf->nas_identifier &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+                                (u8 *) hapd->conf->nas_identifier,
+                                strlen(hapd->conf->nas_identifier))) {
+               printf("Could not add NAS-Identifier\n");
+               goto fail;
+       }
+
+       if (sta &&
+           !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
+               printf("Could not add NAS-Port\n");
+               goto fail;
+       }
+
+       snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+                MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
+       if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
+                                (u8 *) buf, strlen(buf))) {
+               printf("Could not add Called-Station-Id\n");
+               goto fail;
+       }
+
+       if (sta) {
+               snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+                        MAC2STR(sta->addr));
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Calling-Station-Id\n");
+                       goto fail;
+               }
+
+               if (!radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_NAS_PORT_TYPE,
+                           RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+                       printf("Could not add NAS-Port-Type\n");
+                       goto fail;
+               }
+
+               snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
+                        radius_sta_rate(hapd, sta) / 2,
+                        (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
+                        radius_mode_txt(hapd));
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Connect-Info\n");
+                       goto fail;
+               }
+
+               for (i = 0; ; i++) {
+                       val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
+                                                         i);
+                       if (val == NULL)
+                               break;
+
+                       if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS,
+                                                val, len)) {
+                               printf("Could not add Class\n");
+                               goto fail;
+                       }
+               }
+       }
+
+       return msg;
+
+ fail:
+       radius_msg_free(msg);
+       free(msg);
+       return NULL;
+}
+
+
+static int accounting_sta_update_stats(struct hostapd_data *hapd,
+                                      struct sta_info *sta,
+                                      struct hostap_sta_driver_data *data)
+{
+       if (hostapd_read_sta_data(hapd, data, sta->addr))
+               return -1;
+
+       if (sta->last_rx_bytes > data->rx_bytes)
+               sta->acct_input_gigawords++;
+       if (sta->last_tx_bytes > data->tx_bytes)
+               sta->acct_output_gigawords++;
+       sta->last_rx_bytes = data->rx_bytes;
+       sta->last_tx_bytes = data->tx_bytes;
+
+       hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+                      HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: "
+                      "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u "
+                      "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u",
+                      sta->last_rx_bytes, sta->acct_input_gigawords,
+                      sta->last_tx_bytes, sta->acct_output_gigawords);
+
+       return 0;
+}
+
+
+static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
+{
+       struct hostapd_data *hapd = eloop_ctx;
+       struct sta_info *sta = timeout_ctx;
+       int interval;
+
+       if (sta->acct_interim_interval) {
+               accounting_sta_interim(hapd, sta);
+               interval = sta->acct_interim_interval;
+       } else {
+               struct hostap_sta_driver_data data;
+               accounting_sta_update_stats(hapd, sta, &data);
+               interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+       }
+
+       eloop_register_timeout(interval, 0, accounting_interim_update,
+                              hapd, sta);
+}
+
+
+void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       struct radius_msg *msg;
+       int interval;
+
+       if (sta->acct_session_started)
+               return;
+
+       time(&sta->acct_session_start);
+       sta->last_rx_bytes = sta->last_tx_bytes = 0;
+       sta->acct_input_gigawords = sta->acct_output_gigawords = 0;
+       hostapd_sta_clear_stats(hapd, sta->addr);
+
+       if (!hapd->conf->radius->acct_server)
+               return;
+
+       if (sta->acct_interim_interval)
+               interval = sta->acct_interim_interval;
+       else
+               interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+       eloop_register_timeout(interval, 0, accounting_interim_update,
+                              hapd, sta);
+
+       msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START);
+       if (msg)
+               radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr);
+
+       sta->acct_session_started = 1;
+}
+
+
+void accounting_sta_report(struct hostapd_data *hapd, struct sta_info *sta,
+                          int stop)
+{
+       struct radius_msg *msg;
+       int cause = sta->acct_terminate_cause;
+       struct hostap_sta_driver_data data;
+       u32 gigawords;
+
+       if (!hapd->conf->radius->acct_server)
+               return;
+
+       msg = accounting_msg(hapd, sta,
+                            stop ? RADIUS_ACCT_STATUS_TYPE_STOP :
+                            RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE);
+       if (!msg) {
+               printf("Could not create RADIUS Accounting message\n");
+               return;
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
+                                      time(NULL) - sta->acct_session_start)) {
+               printf("Could not add Acct-Session-Time\n");
+               goto fail;
+       }
+
+       if (accounting_sta_update_stats(hapd, sta, &data) == 0) {
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_INPUT_PACKETS,
+                                              data.rx_packets)) {
+                       printf("Could not add Acct-Input-Packets\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_OUTPUT_PACKETS,
+                                              data.tx_packets)) {
+                       printf("Could not add Acct-Output-Packets\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_INPUT_OCTETS,
+                                              data.rx_bytes)) {
+                       printf("Could not add Acct-Input-Octets\n");
+                       goto fail;
+               }
+               gigawords = sta->acct_input_gigawords;
+#if __WORDSIZE == 64
+               gigawords += data.rx_bytes >> 32;
+#endif
+               if (gigawords &&
+                   !radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS,
+                           gigawords)) {
+                       printf("Could not add Acct-Input-Gigawords\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_OUTPUT_OCTETS,
+                                              data.tx_bytes)) {
+                       printf("Could not add Acct-Output-Octets\n");
+                       goto fail;
+               }
+               gigawords = sta->acct_output_gigawords;
+#if __WORDSIZE == 64
+               gigawords += data.tx_bytes >> 32;
+#endif
+               if (gigawords &&
+                   !radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS,
+                           gigawords)) {
+                       printf("Could not add Acct-Output-Gigawords\n");
+                       goto fail;
+               }
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
+                                      time(NULL))) {
+               printf("Could not add Event-Timestamp\n");
+               goto fail;
+       }
+
+       if (eloop_terminated())
+               cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
+
+       if (stop && cause &&
+           !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+                                      cause)) {
+               printf("Could not add Acct-Terminate-Cause\n");
+               goto fail;
+       }
+
+       radius_client_send(hapd->radius, msg,
+                          stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM,
+                          sta->addr);
+       return;
+
+ fail:
+       radius_msg_free(msg);
+       free(msg);
+}
+
+
+void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       if (sta->acct_session_started)
+               accounting_sta_report(hapd, sta, 0);
+}
+
+
+void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       if (sta->acct_session_started) {
+               accounting_sta_report(hapd, sta, 1);
+               eloop_cancel_timeout(accounting_interim_update, hapd, sta);
+               sta->acct_session_started = 0;
+       }
+}
+
+
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       sta->acct_session_id_lo = hapd->acct_session_id_lo++;
+       if (hapd->acct_session_id_lo == 0) {
+               hapd->acct_session_id_hi++;
+       }
+       sta->acct_session_id_hi = hapd->acct_session_id_hi;
+}
+
+
+/* Process the RADIUS frames from Accounting Server */
+static RadiusRxResult
+accounting_receive(struct radius_msg *msg, struct radius_msg *req,
+                  u8 *shared_secret, size_t shared_secret_len, void *data)
+{
+       if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
+               printf("Unknown RADIUS message code\n");
+               return RADIUS_RX_UNKNOWN;
+       }
+
+       if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+               printf("Incoming RADIUS packet did not have correct "
+                      "Authenticator - dropped\n");
+               return RADIUS_RX_INVALID_AUTHENTICATOR;
+       }
+
+       return RADIUS_RX_PROCESSED;
+}
+
+
+static void accounting_report_state(struct hostapd_data *hapd, int on)
+{
+       struct radius_msg *msg;
+
+       if (!hapd->conf->radius->acct_server || hapd->radius == NULL)
+               return;
+
+       /* Inform RADIUS server that accounting will start/stop so that the
+        * server can close old accounting sessions. */
+       msg = accounting_msg(hapd, NULL,
+                            on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON :
+                            RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF);
+       if (!msg)
+               return;
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+                                      RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT))
+       {
+               printf("Could not add Acct-Terminate-Cause\n");
+               radius_msg_free(msg);
+               free(msg);
+               return;
+       }
+
+       radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL);
+}
+
+
+int accounting_init(struct hostapd_data *hapd)
+{
+       /* Acct-Session-Id should be unique over reboots. If reliable clock is
+        * not available, this could be replaced with reboot counter, etc. */
+       hapd->acct_session_id_hi = time(NULL);
+
+       if (radius_client_register(hapd->radius, RADIUS_ACCT,
+                                  accounting_receive, hapd))
+               return -1;
+
+       accounting_report_state(hapd, 1);
+
+       return 0;
+}
+
+
+void accounting_deinit(struct hostapd_data *hapd)
+{
+       accounting_report_state(hapd, 0);
+}
+
+
+int accounting_reconfig(struct hostapd_data *hapd,
+                       struct hostapd_config *oldconf)
+{
+       if (!hapd->radius_client_reconfigured)
+               return 0;
+
+       accounting_deinit(hapd);
+       return accounting_init(hapd);
+}
diff --git a/contrib/hostapd-0.5.8/accounting.h b/contrib/hostapd-0.5.8/accounting.h
new file mode 100644 (file)
index 0000000..ee2ee64
--- /dev/null
@@ -0,0 +1,27 @@
+/*
+ * hostapd / RADIUS Accounting
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef ACCOUNTING_H
+#define ACCOUNTING_H
+
+void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta);
+int accounting_init(struct hostapd_data *hapd);
+void accounting_deinit(struct hostapd_data *hapd);
+int accounting_reconfig(struct hostapd_data *hapd,
+                       struct hostapd_config *oldconf);
+
+#endif /* ACCOUNTING_H */
diff --git a/contrib/hostapd-0.5.8/aes.c b/contrib/hostapd-0.5.8/aes.c
new file mode 100644 (file)
index 0000000..1a2459b
--- /dev/null
@@ -0,0 +1,1107 @@
+/*
+ * AES (Rijndael) cipher
+ *
+ * Modifications to public domain implementation:
+ * - support only 128-bit keys
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ *   cost of reduced throughput (quite small difference on Pentium 4,
+ *   10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+/*
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* #define FULL_UNROLL */
+#define AES_SMALL_TABLES
+
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+#endif /* AES_SMALL_TABLES */
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+       0x01000000, 0x02000000, 0x04000000, 0x08000000,
+       0x10000000, 0x20000000, 0x40000000, 0x80000000,
+       0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#else /* AES_SMALL_TABLES */
+static const u8 Td4s[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u8 rcons[] = {
+       0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
+       /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#endif /* AES_SMALL_TABLES */
+
+
+#ifndef AES_SMALL_TABLES
+
+#define RCON(i) rcon[(i)]
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) Te1[((i) >> 16) & 0xff]
+#define TE2(i) Te2[((i) >> 8) & 0xff]
+#define TE3(i) Te3[(i) & 0xff]
+#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000)
+#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff)
+#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000)
+#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff)
+#define TE4(i) (Te4[(i)] & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) Td1[((i) >> 16) & 0xff]
+#define TD2(i) Td2[((i) >> 8) & 0xff]
+#define TD3(i) Td3[(i) & 0xff]
+#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000)
+#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff)
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) Td1[(i) & 0xff]
+#define TD2_(i) Td2[(i) & 0xff]
+#define TD3_(i) Td3[(i) & 0xff]
+
+#else /* AES_SMALL_TABLES */
+
+#define RCON(i) (rcons[(i)] << 24)
+
+static inline u32 rotr(u32 val, int bits)
+{
+       return (val >> bits) | (val << (32 - bits));
+}
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
+#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
+#define TE3(i) rotr(Te0[(i) & 0xff], 24)
+#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
+#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
+#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
+#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
+#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
+#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
+#define TD3(i) rotr(Td0[(i) & 0xff], 24)
+#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
+#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
+#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
+#define TD44(i) (Td4s[(i) & 0xff])
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
+#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
+#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
+
+#endif /* AES_SMALL_TABLES */
+
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+
+#ifdef _MSC_VER
+#define GETU32(p) SWAP(*((u32 *)(p)))
+#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { \
+(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
+(ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[])
+{
+       int i;
+       u32 temp;
+
+       rk[0] = GETU32(cipherKey     );
+       rk[1] = GETU32(cipherKey +  4);
+       rk[2] = GETU32(cipherKey +  8);
+       rk[3] = GETU32(cipherKey + 12);
+       for (i = 0; i < 10; i++) {
+               temp  = rk[3];
+               rk[4] = rk[0] ^
+                       TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^
+                       RCON(i);
+               rk[5] = rk[1] ^ rk[4];
+               rk[6] = rk[2] ^ rk[5];
+               rk[7] = rk[3] ^ rk[6];
+               rk += 4;
+       }
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[])
+{
+       int Nr = 10, i, j;
+       u32 temp;
+
+       /* expand the cipher key: */
+       rijndaelKeySetupEnc(rk, cipherKey);
+       /* invert the order of the round keys: */
+       for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+               temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+               temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+               temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+               temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+       }
+       /* apply the inverse MixColumn transform to all round keys but the
+        * first and the last: */
+       for (i = 1; i < Nr; i++) {
+               rk += 4;
+               for (j = 0; j < 4; j++) {
+                       rk[j] = TD0_(TE4((rk[j] >> 24)       )) ^
+                               TD1_(TE4((rk[j] >> 16) & 0xff)) ^
+                               TD2_(TE4((rk[j] >>  8) & 0xff)) ^
+                               TD3_(TE4((rk[j]      ) & 0xff));
+               }
+       }
+}
+
+void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16])
+{
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+       const int Nr = 10;
+#ifndef FULL_UNROLL
+       int r;
+#endif /* ?FULL_UNROLL */
+
+       /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+       s0 = GETU32(pt     ) ^ rk[0];
+       s1 = GETU32(pt +  4) ^ rk[1];
+       s2 = GETU32(pt +  8) ^ rk[2];
+       s3 = GETU32(pt + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
+d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
+d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
+d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+       ROUND(1,t,s);
+       ROUND(2,s,t);
+       ROUND(3,t,s);
+       ROUND(4,s,t);
+       ROUND(5,t,s);
+       ROUND(6,s,t);
+       ROUND(7,t,s);
+       ROUND(8,s,t);
+       ROUND(9,t,s);
+
+       rk += Nr << 2;
+
+#else  /* !FULL_UNROLL */
+
+       /* Nr - 1 full rounds: */
+       r = Nr >> 1;
+       for (;;) {
+               ROUND(1,t,s);
+               rk += 8;
+               if (--r == 0)
+                       break;
+               ROUND(0,s,t);
+       }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+       /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
+       PUTU32(ct     , s0);
+       s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
+       PUTU32(ct +  4, s1);
+       s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
+       PUTU32(ct +  8, s2);
+       s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
+       PUTU32(ct + 12, s3);
+}
+
+void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16])
+{
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+       const int Nr = 10;
+#ifndef FULL_UNROLL
+       int r;
+#endif /* ?FULL_UNROLL */
+
+       /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+       s0 = GETU32(ct     ) ^ rk[0];
+       s1 = GETU32(ct +  4) ^ rk[1];
+       s2 = GETU32(ct +  8) ^ rk[2];
+       s3 = GETU32(ct + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \
+d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \
+d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \
+d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+       ROUND(1,t,s);
+       ROUND(2,s,t);
+       ROUND(3,t,s);
+       ROUND(4,s,t);
+       ROUND(5,t,s);
+       ROUND(6,s,t);
+       ROUND(7,t,s);
+       ROUND(8,s,t);
+       ROUND(9,t,s);
+
+       rk += Nr << 2;
+
+#else  /* !FULL_UNROLL */
+
+       /* Nr - 1 full rounds: */
+       r = Nr >> 1;
+       for (;;) {
+               ROUND(1,t,s);
+               rk += 8;
+               if (--r == 0)
+                       break;
+               ROUND(0,s,t);
+       }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+       /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0];
+       PUTU32(pt     , s0);
+       s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1];
+       PUTU32(pt +  4, s1);
+       s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2];
+       PUTU32(pt +  8, s2);
+       s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3];
+       PUTU32(pt + 12, s3);
+}
+
+
+
+/* Generic wrapper functions for AES functions */
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+       u32 *rk;
+       if (len != 16)
+               return NULL;
+       rk = os_malloc(4 * 44);
+       if (rk == NULL)
+               return NULL;
+       rijndaelKeySetupEnc(rk, key);
+       return rk;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+       rijndaelEncrypt(ctx, plain, crypt);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+       os_free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+       u32 *rk;
+       if (len != 16)
+               return NULL;
+       rk = os_malloc(4 * 44);
+       if (rk == NULL)
+               return NULL;
+       rijndaelKeySetupDec(rk, key);
+       return rk;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+       rijndaelDecrypt(ctx, crypt, plain);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+       os_free(ctx);
+}
diff --git a/contrib/hostapd-0.5.8/aes.h b/contrib/hostapd-0.5.8/aes.h
new file mode 100644 (file)
index 0000000..6b9f414
--- /dev/null
@@ -0,0 +1,25 @@
+/*
+ * AES functions
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AES_H
+#define AES_H
+
+void * aes_encrypt_init(const u8 *key, size_t len);
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
+void aes_encrypt_deinit(void *ctx);
+void * aes_decrypt_init(const u8 *key, size_t len);
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
+void aes_decrypt_deinit(void *ctx);
+
+#endif /* AES_H */
diff --git a/contrib/hostapd-0.5.8/aes_wrap.c b/contrib/hostapd-0.5.8/aes_wrap.c
new file mode 100644 (file)
index 0000000..c52e45a
--- /dev/null
@@ -0,0 +1,472 @@
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "aes_wrap.h"
+#include "crypto.h"
+
+#ifdef INTERNAL_AES
+#include "aes.c"
+#endif /* INTERNAL_AES */
+
+
+#ifndef CONFIG_NO_AES_WRAP
+
+/**
+ * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: Key encryption key (KEK)
+ * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bit
+ * @cipher: Wrapped key, (n + 1) * 64 bit
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
+{
+       u8 *a, *r, b[16];
+       int i, j;
+       void *ctx;
+
+       a = cipher;
+       r = cipher + 8;
+
+       /* 1) Initialize variables. */
+       os_memset(a, 0xa6, 8);
+       os_memcpy(r, plain, 8 * n);
+
+       ctx = aes_encrypt_init(kek, 16);
+       if (ctx == NULL)
+               return -1;
+
+       /* 2) Calculate intermediate values.
+        * For j = 0 to 5
+        *     For i=1 to n
+        *         B = AES(K, A | R[i])
+        *         A = MSB(64, B) ^ t where t = (n*j)+i
+        *         R[i] = LSB(64, B)
+        */
+       for (j = 0; j <= 5; j++) {
+               r = cipher + 8;
+               for (i = 1; i <= n; i++) {
+                       os_memcpy(b, a, 8);
+                       os_memcpy(b + 8, r, 8);
+                       aes_encrypt(ctx, b, b);
+                       os_memcpy(a, b, 8);
+                       a[7] ^= n * j + i;
+                       os_memcpy(r, b + 8, 8);
+                       r += 8;
+               }
+       }
+       aes_encrypt_deinit(ctx);
+
+       /* 3) Output the results.
+        *
+        * These are already in @cipher due to the location of temporary
+        * variables.
+        */
+
+       return 0;
+}
+
+#endif /* CONFIG_NO_AES_WRAP */
+
+
+/**
+ * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: Key encryption key (KEK)
+ * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit
+ * @plain: Plaintext key, n * 64 bit
+ * Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
+ */
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
+{
+       u8 a[8], *r, b[16];
+       int i, j;
+       void *ctx;
+
+       /* 1) Initialize variables. */
+       os_memcpy(a, cipher, 8);
+       r = plain;
+       os_memcpy(r, cipher + 8, 8 * n);
+
+       ctx = aes_decrypt_init(kek, 16);
+       if (ctx == NULL)
+               return -1;
+
+       /* 2) Compute intermediate values.
+        * For j = 5 to 0
+        *     For i = n to 1
+        *         B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
+        *         A = MSB(64, B)
+        *         R[i] = LSB(64, B)
+        */
+       for (j = 5; j >= 0; j--) {
+               r = plain + (n - 1) * 8;
+               for (i = n; i >= 1; i--) {
+                       os_memcpy(b, a, 8);
+                       b[7] ^= n * j + i;
+
+                       os_memcpy(b + 8, r, 8);
+                       aes_decrypt(ctx, b, b);
+                       os_memcpy(a, b, 8);
+                       os_memcpy(r, b + 8, 8);
+                       r -= 8;
+               }
+       }
+       aes_decrypt_deinit(ctx);
+
+       /* 3) Output results.
+        *
+        * These are already in @plain due to the location of temporary
+        * variables. Just verify that the IV matches with the expected value.
+        */
+       for (i = 0; i < 8; i++) {
+               if (a[i] != 0xa6)
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+#define BLOCK_SIZE 16
+
+#ifndef CONFIG_NO_AES_OMAC1
+
+static void gf_mulx(u8 *pad)
+{
+       int i, carry;
+
+       carry = pad[0] & 0x80;
+       for (i = 0; i < BLOCK_SIZE - 1; i++)
+               pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+       pad[BLOCK_SIZE - 1] <<= 1;
+       if (carry)
+               pad[BLOCK_SIZE - 1] ^= 0x87;
+}
+
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
+       const u8 *pos = data;
+       size_t i, left = data_len;
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       os_memset(cbc, 0, BLOCK_SIZE);
+
+       while (left >= BLOCK_SIZE) {
+               for (i = 0; i < BLOCK_SIZE; i++)
+                       cbc[i] ^= *pos++;
+               if (left > BLOCK_SIZE)
+                       aes_encrypt(ctx, cbc, cbc);
+               left -= BLOCK_SIZE;
+       }
+
+       os_memset(pad, 0, BLOCK_SIZE);
+       aes_encrypt(ctx, pad, pad);
+       gf_mulx(pad);
+
+       if (left || data_len == 0) {
+               for (i = 0; i < left; i++)
+                       cbc[i] ^= *pos++;
+               cbc[left] ^= 0x80;
+               gf_mulx(pad);
+       }
+
+       for (i = 0; i < BLOCK_SIZE; i++)
+               pad[i] ^= cbc[i];
+       aes_encrypt(ctx, pad, mac);
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+#endif /* CONFIG_NO_AES_OMAC1 */
+
+
+/**
+ * aes_128_encrypt_block - Perform one AES 128-bit block operation
+ * @key: Key for AES
+ * @in: Input data (16 bytes)
+ * @out: Output of the AES block operation (16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+{
+       void *ctx;
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       aes_encrypt(ctx, in, out);
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+#ifndef CONFIG_NO_AES_CTR
+
+/**
+ * aes_128_ctr_encrypt - AES-128 CTR mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+                       u8 *data, size_t data_len)
+{
+       void *ctx;
+       size_t j, len, left = data_len;
+       int i;
+       u8 *pos = data;
+       u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       os_memcpy(counter, nonce, BLOCK_SIZE);
+
+       while (left > 0) {
+               aes_encrypt(ctx, counter, buf);
+
+               len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
+               for (j = 0; j < len; j++)
+                       pos[j] ^= buf[j];
+               pos += len;
+               left -= len;
+
+               for (i = BLOCK_SIZE - 1; i >= 0; i--) {
+                       counter[i]++;
+                       if (counter[i])
+                               break;
+               }
+       }
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+#endif /* CONFIG_NO_AES_CTR */
+
+
+#ifndef CONFIG_NO_AES_EAX
+
+/**
+ * aes_128_eax_encrypt - AES-128 EAX mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, u8 *tag)
+{
+       u8 *buf;
+       size_t buf_len;
+       u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+       int i;
+
+       if (nonce_len > data_len)
+               buf_len = nonce_len;
+       else
+               buf_len = data_len;
+       if (hdr_len > buf_len)
+               buf_len = hdr_len;
+       buf_len += 16;
+
+       buf = os_malloc(buf_len);
+       if (buf == NULL)
+               return -1;
+
+       os_memset(buf, 0, 15);
+
+       buf[15] = 0;
+       os_memcpy(buf + 16, nonce, nonce_len);
+       omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+       buf[15] = 1;
+       os_memcpy(buf + 16, hdr, hdr_len);
+       omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+       aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+       buf[15] = 2;
+       os_memcpy(buf + 16, data, data_len);
+       omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+       os_free(buf);
+
+       for (i = 0; i < BLOCK_SIZE; i++)
+               tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
+
+       return 0;
+}
+
+
+/**
+ * aes_128_eax_decrypt - AES-128 EAX mode decryption
+ * @key: Key for decryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure, -2 if tag does not match
+ */
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, const u8 *tag)
+{
+       u8 *buf;
+       size_t buf_len;
+       u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+       int i;
+
+       if (nonce_len > data_len)
+               buf_len = nonce_len;
+       else
+               buf_len = data_len;
+       if (hdr_len > buf_len)
+               buf_len = hdr_len;
+       buf_len += 16;
+
+       buf = os_malloc(buf_len);
+       if (buf == NULL)
+               return -1;
+
+       os_memset(buf, 0, 15);
+
+       buf[15] = 0;
+       os_memcpy(buf + 16, nonce, nonce_len);
+       omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+       buf[15] = 1;
+       os_memcpy(buf + 16, hdr, hdr_len);
+       omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+       buf[15] = 2;
+       os_memcpy(buf + 16, data, data_len);
+       omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+       os_free(buf);
+
+       for (i = 0; i < BLOCK_SIZE; i++) {
+               if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
+                       return -2;
+       }
+
+       aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+
+       return 0;
+}
+
+#endif /* CONFIG_NO_AES_EAX */
+
+
+#ifndef CONFIG_NO_AES_CBC
+
+/**
+ * aes_128_cbc_encrypt - AES-128 CBC encryption
+ * @key: Encryption key
+ * @iv: Encryption IV for CBC mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE];
+       u8 *pos = data;
+       int i, j, blocks;
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       os_memcpy(cbc, iv, BLOCK_SIZE);
+
+       blocks = data_len / BLOCK_SIZE;
+       for (i = 0; i < blocks; i++) {
+               for (j = 0; j < BLOCK_SIZE; j++)
+                       cbc[j] ^= pos[j];
+               aes_encrypt(ctx, cbc, cbc);
+               os_memcpy(pos, cbc, BLOCK_SIZE);
+               pos += BLOCK_SIZE;
+       }
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+/**
+ * aes_128_cbc_decrypt - AES-128 CBC decryption
+ * @key: Decryption key
+ * @iv: Decryption IV for CBC mode (16 bytes)
+ * @data: Data to decrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
+       u8 *pos = data;
+       int i, j, blocks;
+
+       ctx = aes_decrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       os_memcpy(cbc, iv, BLOCK_SIZE);
+
+       blocks = data_len / BLOCK_SIZE;
+       for (i = 0; i < blocks; i++) {
+               os_memcpy(tmp, pos, BLOCK_SIZE);
+               aes_decrypt(ctx, pos, pos);
+               for (j = 0; j < BLOCK_SIZE; j++)
+                       pos[j] ^= cbc[j];
+               os_memcpy(cbc, tmp, BLOCK_SIZE);
+               pos += BLOCK_SIZE;
+       }
+       aes_decrypt_deinit(ctx);
+       return 0;
+}
+
+#endif /* CONFIG_NO_AES_CBC */
diff --git a/contrib/hostapd-0.5.8/aes_wrap.h b/contrib/hostapd-0.5.8/aes_wrap.h
new file mode 100644 (file)
index 0000000..1bc6971
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AES_WRAP_H
+#define AES_WRAP_H
+
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+                       u8 *data, size_t data_len);
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, u8 *tag);
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, const u8 *tag);
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
+                       size_t data_len);
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
+                       size_t data_len);
+
+#endif /* AES_WRAP_H */
diff --git a/contrib/hostapd-0.5.8/ap.h b/contrib/hostapd-0.5.8/ap.h
new file mode 100644 (file)
index 0000000..b73c5b4
--- /dev/null
@@ -0,0 +1,111 @@
+/*
+ * hostapd / Station table data structures
+ * Copyright (c) 2002-2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AP_H
+#define AP_H
+
+/* STA flags */
+#define WLAN_STA_AUTH BIT(0)
+#define WLAN_STA_ASSOC BIT(1)
+#define WLAN_STA_PS BIT(2)
+#define WLAN_STA_TIM BIT(3)
+#define WLAN_STA_PERM BIT(4)
+#define WLAN_STA_AUTHORIZED BIT(5)
+#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */
+#define WLAN_STA_SHORT_PREAMBLE BIT(7)
+#define WLAN_STA_PREAUTH BIT(8)
+#define WLAN_STA_WME BIT(9)
+#define WLAN_STA_NONERP BIT(31)
+
+/* Maximum number of supported rates (from both Supported Rates and Extended
+ * Supported Rates IEs). */
+#define WLAN_SUPP_RATES_MAX 32
+
+
+struct sta_info {
+       struct sta_info *next; /* next entry in sta list */
+       struct sta_info *hnext; /* next entry in hash table list */
+       u8 addr[6];
+       u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+       u32 flags;
+       u16 capability;
+       u16 listen_interval; /* or beacon_int for APs */
+       u8 supported_rates[WLAN_SUPP_RATES_MAX];
+       int supported_rates_len;
+
+       unsigned int nonerp_set:1;
+       unsigned int no_short_slot_time_set:1;
+       unsigned int no_short_preamble_set:1;
+
+       u16 auth_alg;
+       u8 previous_ap[6];
+
+       enum {
+               STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE
+       } timeout_next;
+
+       /* IEEE 802.1X related data */
+       struct eapol_state_machine *eapol_sm;
+
+       /* IEEE 802.11f (IAPP) related data */
+       struct ieee80211_mgmt *last_assoc_req;
+
+       u32 acct_session_id_hi;
+       u32 acct_session_id_lo;
+       time_t acct_session_start;
+       int acct_session_started;
+       int acct_terminate_cause; /* Acct-Terminate-Cause */
+       int acct_interim_interval; /* Acct-Interim-Interval */
+
+       unsigned long last_rx_bytes;
+       unsigned long last_tx_bytes;
+       u32 acct_input_gigawords; /* Acct-Input-Gigawords */
+       u32 acct_output_gigawords; /* Acct-Output-Gigawords */
+
+       u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */
+
+       struct wpa_state_machine *wpa_sm;
+       struct rsn_preauth_interface *preauth_iface;
+
+       struct hostapd_ssid *ssid; /* SSID selection based on (Re)AssocReq */
+       struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
+
+       int vlan_id;
+};
+
+
+/* Maximum number of AIDs to use for STAs; must be 2007 or lower
+ * (8802.11 limitation) */
+#define MAX_AID_TABLE_SIZE 128
+
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+
+
+/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY has
+ * passed since last received frame from the station, a nullfunc data frame is
+ * sent to the station. If this frame is not acknowledged and no other frames
+ * have been received, the station will be disassociated after
+ * AP_DISASSOC_DELAY seconds. Similarily, the station will be deauthenticated
+ * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
+#define AP_MAX_INACTIVITY (5 * 60)
+#define AP_DISASSOC_DELAY (1)
+#define AP_DEAUTH_DELAY (1)
+/* Number of seconds to keep STA entry with Authenticated flag after it has
+ * been disassociated. */
+#define AP_MAX_INACTIVITY_AFTER_DISASSOC (1 * 30)
+/* Number of seconds to keep STA entry after it has been deauthenticated. */
+#define AP_MAX_INACTIVITY_AFTER_DEAUTH (1 * 5)
+
+#endif /* AP_H */
diff --git a/contrib/hostapd-0.5.8/ap_list.c b/contrib/hostapd-0.5.8/ap_list.c
new file mode 100644 (file)
index 0000000..f2d3221
--- /dev/null
@@ -0,0 +1,459 @@
+/*
+ * hostapd / AP table
+ * Copyright 2002-2003, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "eloop.h"
+#include "ap_list.h"
+#include "hw_features.h"
+#include "beacon.h"
+
+
+struct ieee80211_frame_info {
+       u32 version;
+       u32 length;
+       u64 mactime;
+       u64 hosttime;
+       u32 phytype;
+       u32 channel;
+       u32 datarate;
+       u32 antenna;
+       u32 priority;
+       u32 ssi_type;
+       u32 ssi_signal;
+       u32 ssi_noise;
+       u32 preamble;
+       u32 encoding;
+
+       /* Note: this structure is otherwise identical to capture format used
+        * in linux-wlan-ng, but this additional field is used to provide meta
+        * data about the frame to hostapd. This was the easiest method for
+        * providing this information, but this might change in the future. */
+       u32 msg_type;
+} __attribute__ ((packed));
+
+
+enum ieee80211_phytype {
+       ieee80211_phytype_fhss_dot11_97  = 1,
+       ieee80211_phytype_dsss_dot11_97  = 2,
+       ieee80211_phytype_irbaseband     = 3,
+       ieee80211_phytype_dsss_dot11_b   = 4,
+       ieee80211_phytype_pbcc_dot11_b   = 5,
+       ieee80211_phytype_ofdm_dot11_g   = 6,
+       ieee80211_phytype_pbcc_dot11_g   = 7,
+       ieee80211_phytype_ofdm_dot11_a   = 8,
+       ieee80211_phytype_dsss_dot11_turbog = 255,
+       ieee80211_phytype_dsss_dot11_turbo = 256,
+};
+
+
+/* AP list is a double linked list with head->prev pointing to the end of the
+ * list and tail->next = NULL. Entries are moved to the head of the list
+ * whenever a beacon has been received from the AP in question. The tail entry
+ * in this link will thus be the least recently used entry. */
+
+
+static void ap_list_new_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       wpa_printf(MSG_DEBUG, "New AP detected: " MACSTR, MAC2STR(ap->addr));
+
+       /* TODO: could send a notification message to an external program that
+        * would then determine whether a rogue AP has been detected */
+}
+
+
+static void ap_list_expired_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       wpa_printf(MSG_DEBUG, "AP info expired: " MACSTR, MAC2STR(ap->addr));
+
+       /* TODO: could send a notification message to an external program */
+}
+
+
+static int ap_list_beacon_olbc(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       int i;
+
+       if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G ||
+           ap->phytype != ieee80211_phytype_pbcc_dot11_g ||
+           iface->conf->channel != ap->channel)
+               return 0;
+
+       if (ap->erp != -1 && (ap->erp & ERP_INFO_NON_ERP_PRESENT))
+               return 1;
+
+       for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
+               int rate = (ap->supported_rates[i] & 0x7f) * 5;
+               if (rate == 60 || rate == 90 || rate > 110)
+                       return 0;
+       }
+
+       return 1;
+}
+
+
+struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *ap)
+{
+       struct ap_info *s;
+
+       s = iface->ap_hash[STA_HASH(ap)];
+       while (s != NULL && memcmp(s->addr, ap, ETH_ALEN) != 0)
+               s = s->hnext;
+       return s;
+}
+
+
+static void ap_ap_list_add(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       if (iface->ap_list) {
+               ap->prev = iface->ap_list->prev;
+               iface->ap_list->prev = ap;
+       } else
+               ap->prev = ap;
+       ap->next = iface->ap_list;
+       iface->ap_list = ap;
+}
+
+
+static void ap_ap_list_del(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       if (iface->ap_list == ap)
+               iface->ap_list = ap->next;
+       else
+               ap->prev->next = ap->next;
+
+       if (ap->next)
+               ap->next->prev = ap->prev;
+       else if (iface->ap_list)
+               iface->ap_list->prev = ap->prev;
+}
+
+
+static void ap_ap_iter_list_add(struct hostapd_iface *iface,
+                               struct ap_info *ap)
+{
+       if (iface->ap_iter_list) {
+               ap->iter_prev = iface->ap_iter_list->iter_prev;
+               iface->ap_iter_list->iter_prev = ap;
+       } else
+               ap->iter_prev = ap;
+       ap->iter_next = iface->ap_iter_list;
+       iface->ap_iter_list = ap;
+}
+
+
+static void ap_ap_iter_list_del(struct hostapd_iface *iface,
+                               struct ap_info *ap)
+{
+       if (iface->ap_iter_list == ap)
+               iface->ap_iter_list = ap->iter_next;
+       else
+               ap->iter_prev->iter_next = ap->iter_next;
+
+       if (ap->iter_next)
+               ap->iter_next->iter_prev = ap->iter_prev;
+       else if (iface->ap_iter_list)
+               iface->ap_iter_list->iter_prev = ap->iter_prev;
+}
+
+
+static void ap_ap_hash_add(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       ap->hnext = iface->ap_hash[STA_HASH(ap->addr)];
+       iface->ap_hash[STA_HASH(ap->addr)] = ap;
+}
+
+
+static void ap_ap_hash_del(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       struct ap_info *s;
+
+       s = iface->ap_hash[STA_HASH(ap->addr)];
+       if (s == NULL) return;
+       if (memcmp(s->addr, ap->addr, ETH_ALEN) == 0) {
+               iface->ap_hash[STA_HASH(ap->addr)] = s->hnext;
+               return;
+       }
+
+       while (s->hnext != NULL &&
+              memcmp(s->hnext->addr, ap->addr, ETH_ALEN) != 0)
+               s = s->hnext;
+       if (s->hnext != NULL)
+               s->hnext = s->hnext->hnext;
+       else
+               printf("AP: could not remove AP " MACSTR " from hash table\n",
+                      MAC2STR(ap->addr));
+}
+
+
+static void ap_free_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+       ap_ap_hash_del(iface, ap);
+       ap_ap_list_del(iface, ap);
+       ap_ap_iter_list_del(iface, ap);
+
+       iface->num_ap--;
+       free(ap);
+}
+
+
+static void hostapd_free_aps(struct hostapd_iface *iface)
+{
+       struct ap_info *ap, *prev;
+
+       ap = iface->ap_list;
+
+       while (ap) {
+               prev = ap;
+               ap = ap->next;
+               ap_free_ap(iface, prev);
+       }
+
+       iface->ap_list = NULL;
+}
+
+
+int ap_ap_for_each(struct hostapd_iface *iface,
+                  int (*func)(struct ap_info *s, void *data), void *data)
+{
+       struct ap_info *s;
+       int ret = 0;
+
+       s = iface->ap_list;
+
+       while (s) {
+               ret = func(s, data);
+               if (ret)
+                       break;
+               s = s->next;
+       }
+
+       return ret;
+}
+
+
+static struct ap_info * ap_ap_add(struct hostapd_iface *iface, u8 *addr)
+{
+       struct ap_info *ap;
+
+       ap = wpa_zalloc(sizeof(struct ap_info));
+       if (ap == NULL)
+               return NULL;
+
+       /* initialize AP info data */
+       memcpy(ap->addr, addr, ETH_ALEN);
+       ap_ap_list_add(iface, ap);
+       iface->num_ap++;
+       ap_ap_hash_add(iface, ap);
+       ap_ap_iter_list_add(iface, ap);
+
+       if (iface->num_ap > iface->conf->ap_table_max_size && ap != ap->prev) {
+               wpa_printf(MSG_DEBUG, "Removing the least recently used AP "
+                          MACSTR " from AP table", MAC2STR(ap->prev->addr));
+               if (iface->conf->passive_scan_interval > 0)
+                       ap_list_expired_ap(iface, ap->prev);
+               ap_free_ap(iface, ap->prev);
+       }
+
+       return ap;
+}
+
+
+void ap_list_process_beacon(struct hostapd_iface *iface,
+                           struct ieee80211_mgmt *mgmt,
+                           struct ieee802_11_elems *elems,
+                           struct hostapd_frame_info *fi)
+{
+       struct ap_info *ap;
+       int new_ap = 0;
+       size_t len;
+
+       if (iface->conf->ap_table_max_size < 1)
+               return;
+
+       ap = ap_get_ap(iface, mgmt->bssid);
+       if (!ap) {
+               ap = ap_ap_add(iface, mgmt->bssid);
+               if (!ap) {
+                       printf("Failed to allocate AP information entry\n");
+                       return;
+               }
+               new_ap = 1;
+       }
+
+       ap->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int);
+       ap->capability = le_to_host16(mgmt->u.beacon.capab_info);
+
+       if (elems->ssid) {
+               len = elems->ssid_len;
+               if (len >= sizeof(ap->ssid))
+                       len = sizeof(ap->ssid) - 1;
+               memcpy(ap->ssid, elems->ssid, len);
+               ap->ssid[len] = '\0';
+               ap->ssid_len = len;
+       }
+
+       memset(ap->supported_rates, 0, WLAN_SUPP_RATES_MAX);
+       len = 0;
+       if (elems->supp_rates) {
+               len = elems->supp_rates_len;
+               if (len > WLAN_SUPP_RATES_MAX)
+                       len = WLAN_SUPP_RATES_MAX;
+               memcpy(ap->supported_rates, elems->supp_rates, len);
+       }
+       if (elems->ext_supp_rates) {
+               int len2;
+               if (len + elems->ext_supp_rates_len > WLAN_SUPP_RATES_MAX)
+                       len2 = WLAN_SUPP_RATES_MAX - len;
+               else
+                       len2 = elems->ext_supp_rates_len;
+               memcpy(ap->supported_rates + len, elems->ext_supp_rates, len2);
+       }
+
+       ap->wpa = elems->wpa_ie != NULL;
+
+       if (elems->erp_info && elems->erp_info_len == 1)
+               ap->erp = elems->erp_info[0];
+       else
+               ap->erp = -1;
+
+       if (elems->ds_params && elems->ds_params_len == 1)
+               ap->channel = elems->ds_params[0];
+       else if (fi)
+               ap->channel = fi->channel;
+
+       ap->num_beacons++;
+       time(&ap->last_beacon);
+       if (fi) {
+               ap->phytype = fi->phytype;
+               ap->ssi_signal = fi->ssi_signal;
+               ap->datarate = fi->datarate;
+       }
+
+       if (new_ap) {
+               if (iface->conf->passive_scan_interval > 0)
+                       ap_list_new_ap(iface, ap);
+       } else if (ap != iface->ap_list) {
+               /* move AP entry into the beginning of the list so that the
+                * oldest entry is always in the end of the list */
+               ap_ap_list_del(iface, ap);
+               ap_ap_list_add(iface, ap);
+       }
+
+       if (!iface->olbc &&
+           ap_list_beacon_olbc(iface, ap)) {
+               struct hostapd_data *hapd = iface->bss[0];
+               iface->olbc = 1;
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
+                             "OLBC AP detected: " MACSTR " - enable "
+                             "protection\n", MAC2STR(ap->addr));
+               ieee802_11_set_beacons(hapd->iface);
+       }
+}
+
+
+static void ap_list_timer(void *eloop_ctx, void *timeout_ctx)
+{
+       struct hostapd_iface *iface = eloop_ctx;
+       time_t now;
+       struct ap_info *ap;
+
+       eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
+
+       if (!iface->ap_list)
+               return;
+
+       time(&now);
+
+       /* FIX: it looks like jkm-Purina ended up in busy loop in this
+        * function. Apparently, something can still cause a loop in the AP
+        * list.. */
+
+       while (iface->ap_list) {
+               ap = iface->ap_list->prev;
+               if (ap->last_beacon + iface->conf->ap_table_expiration_time >=
+                   now)
+                       break;
+
+               if (iface->conf->passive_scan_interval > 0)
+                       ap_list_expired_ap(iface, ap);
+               ap_free_ap(iface, ap);
+       }
+
+       if (iface->olbc) {
+               int olbc = 0;
+               ap = iface->ap_list;
+               while (ap) {
+                       if (ap_list_beacon_olbc(iface, ap)) {
+                               olbc = 1;
+                               break;
+                       }
+                       ap = ap->next;
+               }
+               if (!olbc) {
+                       struct hostapd_data *hapd = iface->bss[0];
+                       HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
+                                     "OLBC not detected anymore\n");
+                       iface->olbc = 0;
+                       ieee802_11_set_beacons(hapd->iface);
+               }
+       }
+}
+
+
+int ap_list_init(struct hostapd_iface *iface)
+{
+       eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
+       return 0;
+}
+
+
+void ap_list_deinit(struct hostapd_iface *iface)
+{
+       eloop_cancel_timeout(ap_list_timer, iface, NULL);
+       hostapd_free_aps(iface);
+}
+
+
+int ap_list_reconfig(struct hostapd_iface *iface,
+                    struct hostapd_config *oldconf)
+{
+       time_t now;
+       struct ap_info *ap;
+
+       if (iface->conf->ap_table_max_size == oldconf->ap_table_max_size &&
+           iface->conf->ap_table_expiration_time ==
+           oldconf->ap_table_expiration_time)
+               return 0;
+
+       time(&now);
+
+       while (iface->ap_list) {
+               ap = iface->ap_list->prev;
+               if (iface->num_ap <= iface->conf->ap_table_max_size &&
+                   ap->last_beacon + iface->conf->ap_table_expiration_time >=
+                   now)
+                       break;
+
+               if (iface->conf->passive_scan_interval > 0)
+                       ap_list_expired_ap(iface, iface->ap_list->prev);
+               ap_free_ap(iface, iface->ap_list->prev);
+       }
+
+       return 0;
+}
diff --git a/contrib/hostapd-0.5.8/ap_list.h b/contrib/hostapd-0.5.8/ap_list.h
new file mode 100644 (file)
index 0000000..668d909
--- /dev/null
@@ -0,0 +1,68 @@
+/*
+ * hostapd / AP table
+ * Copyright 2002-2003, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AP_LIST_H
+#define AP_LIST_H
+
+struct ap_info {
+       /* Note: next/prev pointers are updated whenever a new beacon is
+        * received because these are used to find the least recently used
+        * entries. iter_next/iter_prev are updated only when adding new BSSes
+        * and when removing old ones. These should be used when iterating
+        * through the table in a manner that allows beacons to be received
+        * during the iteration. */
+       struct ap_info *next; /* next entry in AP list */
+       struct ap_info *prev; /* previous entry in AP list */
+       struct ap_info *hnext; /* next entry in hash table list */
+       struct ap_info *iter_next; /* next entry in AP iteration list */
+       struct ap_info *iter_prev; /* previous entry in AP iteration list */
+       u8 addr[6];
+       u16 beacon_int;
+       u16 capability;
+       u8 supported_rates[WLAN_SUPP_RATES_MAX];
+       u8 ssid[33];
+       size_t ssid_len;
+       int wpa;
+       int erp; /* ERP Info or -1 if ERP info element not present */
+
+       int phytype; /* .11a / .11b / .11g / Atheros Turbo */
+       int channel;
+       int datarate; /* in 100 kbps */
+       int ssi_signal;
+
+       unsigned int num_beacons; /* number of beacon frames received */
+       time_t last_beacon;
+
+       int already_seen; /* whether API call AP-NEW has already fetched
+                          * information about this AP */
+};
+
+struct ieee802_11_elems;
+struct hostapd_frame_info;
+
+struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *sta);
+int ap_ap_for_each(struct hostapd_iface *iface,
+                  int (*func)(struct ap_info *s, void *data), void *data);
+void ap_list_process_beacon(struct hostapd_iface *iface,
+                           struct ieee80211_mgmt *mgmt,
+                           struct ieee802_11_elems *elems,
+                           struct hostapd_frame_info *fi);
+int ap_list_init(struct hostapd_iface *iface);
+void ap_list_deinit(struct hostapd_iface *iface);
+int ap_list_reconfig(struct hostapd_iface *iface,
+                    struct hostapd_config *oldconf);
+
+#endif /* AP_LIST_H */
diff --git a/contrib/hostapd-0.5.8/beacon.c b/contrib/hostapd-0.5.8/beacon.c
new file mode 100644 (file)
index 0000000..7af2bc1
--- /dev/null
@@ -0,0 +1,419 @@
+/*
+ * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response
+ * Copyright (c) 2002-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "wpa.h"
+#include "wme.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "driver.h"
+#include "sta_info.h"
+#include "ieee802_11h.h"
+
+
+static u8 ieee802_11_erp_info(struct hostapd_data *hapd)
+{
+       u8 erp = 0;
+
+       if (hapd->iface == NULL || hapd->iface->current_mode == NULL ||
+           hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+               return 0;
+
+       switch (hapd->iconf->cts_protection_type) {
+       case CTS_PROTECTION_FORCE_ENABLED:
+               erp |= ERP_INFO_NON_ERP_PRESENT | ERP_INFO_USE_PROTECTION;
+               break;
+       case CTS_PROTECTION_FORCE_DISABLED:
+               erp = 0;
+               break;
+       case CTS_PROTECTION_AUTOMATIC:
+               if (hapd->iface->olbc)
+                       erp |= ERP_INFO_USE_PROTECTION;
+               /* continue */
+       case CTS_PROTECTION_AUTOMATIC_NO_OLBC:
+               if (hapd->iface->num_sta_non_erp > 0) {
+                       erp |= ERP_INFO_NON_ERP_PRESENT |
+                               ERP_INFO_USE_PROTECTION;
+               }
+               break;
+       }
+       if (hapd->iface->num_sta_no_short_preamble > 0)
+               erp |= ERP_INFO_BARKER_PREAMBLE_MODE;
+
+       return erp;
+}
+
+
+static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid)
+{
+       *eid++ = WLAN_EID_DS_PARAMS;
+       *eid++ = 1;
+       *eid++ = hapd->iconf->channel;
+       return eid;
+}
+
+
+static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid)
+{
+       if (hapd->iface == NULL || hapd->iface->current_mode == NULL ||
+           hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+               return eid;
+
+       /* Set NonERP_present and use_protection bits if there
+        * are any associated NonERP stations. */
+       /* TODO: use_protection bit can be set to zero even if
+        * there are NonERP stations present. This optimization
+        * might be useful if NonERP stations are "quiet".
+        * See 802.11g/D6 E-1 for recommended practice.
+        * In addition, Non ERP present might be set, if AP detects Non ERP
+        * operation on other APs. */
+
+       /* Add ERP Information element */
+       *eid++ = WLAN_EID_ERP_INFO;
+       *eid++ = 1;
+       *eid++ = ieee802_11_erp_info(hapd);
+
+       return eid;
+}
+
+
+static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid,
+                               int max_len)
+{
+       int left;
+       u8 *pos = eid;
+
+       if ((!hapd->iconf->ieee80211d && !hapd->iface->dfs_enable) ||
+           max_len < 6)
+               return eid;
+
+       *pos++ = WLAN_EID_COUNTRY;
+       pos++; /* length will be set later */
+       memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */
+       pos += 3;
+       left = max_len - 3;
+
+       if ((pos - eid) & 1) {
+               if (left < 1)
+                       return eid;
+               *pos++ = 0; /* pad for 16-bit alignment */
+               left--;
+       }
+
+       eid[1] = (pos - eid) - 2;
+
+       return pos;
+}
+
+
+static u8 * hostapd_eid_power_constraint(struct hostapd_data *hapd, u8 *eid)
+
+{
+       if (!hapd->iface->dfs_enable)
+               return eid;
+       *eid++ = WLAN_EID_PWR_CONSTRAINT;
+       *eid++ = 1;
+       *eid++ = hapd->iface->pwr_const;
+       return eid;
+}
+
+
+static u8 * hostapd_eid_tpc_report(struct hostapd_data *hapd, u8 *eid)
+
+{
+       if (!hapd->iface->dfs_enable)
+               return eid;
+       *eid++ = WLAN_EID_TPC_REPORT;
+       *eid++ = 2;
+       *eid++ = hapd->iface->tx_power; /* TX POWER */
+       *eid++ = 0; /* Link Margin */
+       return eid;
+}
+
+static u8 * hostapd_eid_channel_switch(struct hostapd_data *hapd, u8 *eid)
+
+{
+       if (!hapd->iface->dfs_enable || !hapd->iface->channel_switch)
+               return eid;
+       *eid++ = WLAN_EID_CHANNEL_SWITCH;
+       *eid++ = 3;
+       *eid++ = CHAN_SWITCH_MODE_QUIET;
+       *eid++ = hapd->iface->channel_switch; /* New channel */
+       /* 0 - very soon; 1 - before next TBTT; num - after num beacons */
+       *eid++ = 0;
+       return eid;
+}
+
+
+static u8 * hostapd_eid_wpa(struct hostapd_data *hapd, u8 *eid, size_t len,
+                           struct sta_info *sta)
+{
+       const u8 *ie;
+       size_t ielen;
+
+       ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
+       if (ie == NULL || ielen > len)
+               return eid;
+
+       memcpy(eid, ie, ielen);
+       return eid + ielen;
+}
+
+
+void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
+                     size_t len)
+{
+       struct ieee80211_mgmt *resp;
+       struct ieee802_11_elems elems;
+       char *ssid;
+       u8 *pos, *epos;
+       size_t ssid_len;
+       struct sta_info *sta = NULL;
+
+       if (!hapd->iconf->send_probe_response)
+               return;
+
+       if (ieee802_11_parse_elems(hapd, mgmt->u.probe_req.variable,
+                                  len - (IEEE80211_HDRLEN +
+                                         sizeof(mgmt->u.probe_req)), &elems,
+                                  0)
+           == ParseFailed) {
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
+                             "Could not parse ProbeReq from " MACSTR "\n",
+                             MAC2STR(mgmt->sa));
+               return;
+       }
+
+       ssid = NULL;
+       ssid_len = 0;
+
+       if ((!elems.ssid || !elems.supp_rates)) {
+               printf("STA " MACSTR " sent probe request without SSID or "
+                      "supported rates element\n", MAC2STR(mgmt->sa));
+               return;
+       }
+
+       if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0) {
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS,
+                             "Probe Request from " MACSTR " for broadcast "
+                             "SSID ignored\n", MAC2STR(mgmt->sa));
+               return;
+       }
+
+       sta = ap_get_sta(hapd, mgmt->sa);
+
+       if (elems.ssid_len == 0 ||
+           (elems.ssid_len == hapd->conf->ssid.ssid_len &&
+            memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) == 0)) {
+               ssid = hapd->conf->ssid.ssid;
+               ssid_len = hapd->conf->ssid.ssid_len;
+               if (sta)
+                       sta->ssid_probe = &hapd->conf->ssid;
+       }
+
+       if (!ssid) {
+               if (HOSTAPD_DEBUG_COND(HOSTAPD_DEBUG_MSGDUMPS)) {
+                       printf("Probe Request from " MACSTR " for foreign "
+                              "SSID '", MAC2STR(mgmt->sa));
+                       ieee802_11_print_ssid(elems.ssid, elems.ssid_len);
+                       printf("'\n");
+               }
+               return;
+       }
+
+       /* TODO: verify that supp_rates contains at least one matching rate
+        * with AP configuration */
+#define MAX_PROBERESP_LEN 512
+       resp = wpa_zalloc(MAX_PROBERESP_LEN);
+       if (resp == NULL)
+               return;
+       epos = ((u8 *) resp) + MAX_PROBERESP_LEN;
+
+       resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+                                          WLAN_FC_STYPE_PROBE_RESP);
+       memcpy(resp->da, mgmt->sa, ETH_ALEN);
+       memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
+
+       memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
+       resp->u.probe_resp.beacon_int =
+               host_to_le16(hapd->iconf->beacon_int);
+
+       /* hardware or low-level driver will setup seq_ctrl and timestamp */
+       resp->u.probe_resp.capab_info =
+               host_to_le16(hostapd_own_capab_info(hapd, sta, 1));
+
+       pos = resp->u.probe_resp.variable;
+       *pos++ = WLAN_EID_SSID;
+       *pos++ = ssid_len;
+       memcpy(pos, ssid, ssid_len);
+       pos += ssid_len;
+
+       /* Supported rates */
+       pos = hostapd_eid_supp_rates(hapd, pos);
+
+       /* DS Params */
+       pos = hostapd_eid_ds_params(hapd, pos);
+
+       pos = hostapd_eid_country(hapd, pos, epos - pos);
+
+       pos = hostapd_eid_power_constraint(hapd, pos);
+       pos = hostapd_eid_tpc_report(hapd, pos);
+
+       /* ERP Information element */
+       pos = hostapd_eid_erp_info(hapd, pos);
+
+       /* Extended supported rates */
+       pos = hostapd_eid_ext_supp_rates(hapd, pos);
+
+       pos = hostapd_eid_wpa(hapd, pos, epos - pos, sta);
+
+       /* Wi-Fi Wireless Multimedia Extensions */
+       if (hapd->conf->wme_enabled)
+               pos = hostapd_eid_wme(hapd, pos);
+
+       if (hostapd_send_mgmt_frame(hapd, resp, pos - (u8 *) resp, 0) < 0)
+               perror("handle_probe_req: send");
+
+       free(resp);
+
+       HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, "STA " MACSTR
+                     " sent probe request for %s SSID\n",
+                     MAC2STR(mgmt->sa), elems.ssid_len == 0 ? "broadcast" :
+                     "our");
+}
+
+
+void ieee802_11_set_beacon(struct hostapd_data *hapd)
+{
+       struct ieee80211_mgmt *head;
+       u8 *pos, *tail, *tailpos;
+       int preamble;
+       u16 capab_info;
+       size_t head_len, tail_len;
+       int cts_protection = ((ieee802_11_erp_info(hapd) &
+                             ERP_INFO_USE_PROTECTION) ? 1 : 0);
+
+#define BEACON_HEAD_BUF_SIZE 256
+#define BEACON_TAIL_BUF_SIZE 256
+       head = wpa_zalloc(BEACON_HEAD_BUF_SIZE);
+       tailpos = tail = malloc(BEACON_TAIL_BUF_SIZE);
+       if (head == NULL || tail == NULL) {
+               printf("Failed to set beacon data\n");
+               free(head);
+               free(tail);
+               return;
+       }
+
+       head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+                                          WLAN_FC_STYPE_BEACON);
+       head->duration = host_to_le16(0);
+       memset(head->da, 0xff, ETH_ALEN);
+
+       memcpy(head->sa, hapd->own_addr, ETH_ALEN);
+       memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
+       head->u.beacon.beacon_int =
+               host_to_le16(hapd->iconf->beacon_int);
+
+       /* hardware or low-level driver will setup seq_ctrl and timestamp */
+       capab_info = hostapd_own_capab_info(hapd, NULL, 0);
+       head->u.beacon.capab_info = host_to_le16(capab_info);
+       pos = &head->u.beacon.variable[0];
+
+       /* SSID */
+       *pos++ = WLAN_EID_SSID;
+       if (hapd->conf->ignore_broadcast_ssid == 2) {
+               /* clear the data, but keep the correct length of the SSID */
+               *pos++ = hapd->conf->ssid.ssid_len;
+               memset(pos, 0, hapd->conf->ssid.ssid_len);
+               pos += hapd->conf->ssid.ssid_len;
+       } else if (hapd->conf->ignore_broadcast_ssid) {
+               *pos++ = 0; /* empty SSID */
+       } else {
+               *pos++ = hapd->conf->ssid.ssid_len;
+               memcpy(pos, hapd->conf->ssid.ssid, hapd->conf->ssid.ssid_len);
+               pos += hapd->conf->ssid.ssid_len;
+       }
+
+       /* Supported rates */
+       pos = hostapd_eid_supp_rates(hapd, pos);
+
+       /* DS Params */
+       pos = hostapd_eid_ds_params(hapd, pos);
+
+       head_len = pos - (u8 *) head;
+
+       tailpos = hostapd_eid_country(hapd, tailpos,
+                                     tail + BEACON_TAIL_BUF_SIZE - tailpos);
+
+       tailpos = hostapd_eid_power_constraint(hapd, tailpos);
+       tailpos = hostapd_eid_channel_switch(hapd, tailpos);
+       tailpos = hostapd_eid_tpc_report(hapd, tailpos);
+
+       /* ERP Information element */
+       tailpos = hostapd_eid_erp_info(hapd, tailpos);
+
+       /* Extended supported rates */
+       tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos);
+
+       tailpos = hostapd_eid_wpa(hapd, tailpos, tail + BEACON_TAIL_BUF_SIZE -
+                                 tailpos, NULL);
+
+       /* Wi-Fi Wireless Multimedia Extensions */
+       if (hapd->conf->wme_enabled)
+               tailpos = hostapd_eid_wme(hapd, tailpos);
+
+       tail_len = tailpos > tail ? tailpos - tail : 0;
+
+       if (hostapd_set_beacon(hapd->conf->iface, hapd, (u8 *) head, head_len,
+                              tail, tail_len))
+               printf("Failed to set beacon head/tail\n");
+
+       free(tail);
+       free(head);
+
+       if (hostapd_set_cts_protect(hapd, cts_protection))
+               printf("Failed to set CTS protect in kernel driver\n");
+
+       if (hapd->iface && hapd->iface->current_mode &&
+           hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
+           hostapd_set_short_slot_time(hapd,
+                                       hapd->iface->num_sta_no_short_slot_time
+                                       > 0 ? 0 : 1))
+               printf("Failed to set Short Slot Time option in kernel "
+                      "driver\n");
+
+       if (hapd->iface && hapd->iface->num_sta_no_short_preamble == 0 &&
+           hapd->iconf->preamble == SHORT_PREAMBLE)
+               preamble = SHORT_PREAMBLE;
+       else
+               preamble = LONG_PREAMBLE;
+       if (hostapd_set_preamble(hapd, preamble))
+               printf("Could not set preamble for kernel driver\n");
+}
+
+
+void ieee802_11_set_beacons(struct hostapd_iface *iface)
+{
+       size_t i;
+       for (i = 0; i < iface->num_bss; i++)
+               ieee802_11_set_beacon(iface->bss[i]);
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */
diff --git a/contrib/hostapd-0.5.8/beacon.h b/contrib/hostapd-0.5.8/beacon.h
new file mode 100644 (file)
index 0000000..18e0da2
--- /dev/null
@@ -0,0 +1,24 @@
+/*
+ * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response
+ * Copyright (c) 2002-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef BEACON_H
+#define BEACON_H
+
+void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
+                     size_t len);
+void ieee802_11_set_beacon(struct hostapd_data *hapd);
+void ieee802_11_set_beacons(struct hostapd_iface *iface);
+
+#endif /* BEACON_H */
diff --git a/contrib/hostapd-0.5.8/build_config.h b/contrib/hostapd-0.5.8/build_config.h
new file mode 100644 (file)
index 0000000..58bcda8
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * wpa_supplicant/hostapd - Build time configuration defines
+ * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This header file can be used to define configuration defines that were
+ * originally defined in Makefile. This is mainly meant for IDE use or for
+ * systems that do not have suitable 'make' tool. In these cases, it may be
+ * easier to have a single place for defining all the needed C pre-processor
+ * defines.
+ */
+
+#ifndef BUILD_CONFIG_H
+#define BUILD_CONFIG_H
+
+/* Insert configuration defines, e.g., #define EAP_MD5, here, if needed. */
+
+#ifdef CONFIG_WIN32_DEFAULTS
+#define CONFIG_NATIVE_WINDOWS
+#define CONFIG_ANSI_C_EXTRA
+#define CONFIG_WINPCAP
+#define IEEE8021X_EAPOL
+#define EAP_TLS_FUNCS
+#define PKCS12_FUNCS
+#define PCSC_FUNCS
+#define CONFIG_CTRL_IFACE
+#define CONFIG_CTRL_IFACE_NAMED_PIPE
+#define CONFIG_DRIVER_NDIS
+#define CONFIG_NDIS_EVENTS_INTEGRATED
+#define CONFIG_DEBUG_FILE
+#define EAP_MD5
+#define EAP_TLS
+#define EAP_MSCHAPv2
+#define EAP_PEAP
+#define EAP_TTLS
+#define EAP_GTC
+#define EAP_OTP
+#define EAP_LEAP
+#define _CRT_SECURE_NO_DEPRECATE
+#endif /* CONFIG_WIN32_DEFAULTS */
+
+#endif /* BUILD_CONFIG_H */
diff --git a/contrib/hostapd-0.5.8/common.c b/contrib/hostapd-0.5.8/common.c
new file mode 100644 (file)
index 0000000..c8d6f13
--- /dev/null
@@ -0,0 +1,603 @@
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+
+#ifdef CONFIG_DEBUG_FILE
+static FILE *out_file = NULL;
+#endif /* CONFIG_DEBUG_FILE */
+int wpa_debug_use_file = 0;
+int wpa_debug_level = MSG_INFO;
+int wpa_debug_show_keys = 0;
+int wpa_debug_timestamp = 0;
+
+
+static int hex2num(char c)
+{
+       if (c >= '0' && c <= '9')
+               return c - '0';
+       if (c >= 'a' && c <= 'f')
+               return c - 'a' + 10;
+       if (c >= 'A' && c <= 'F')
+               return c - 'A' + 10;
+       return -1;
+}
+
+
+static int hex2byte(const char *hex)
+{
+       int a, b;
+       a = hex2num(*hex++);
+       if (a < 0)
+               return -1;
+       b = hex2num(*hex++);
+       if (b < 0)
+               return -1;
+       return (a << 4) | b;
+}
+
+
+/**
+ * hwaddr_aton - Convert ASCII string to MAC address
+ * @txt: MAC address as a string (e.g., "00:11:22:33:44:55")
+ * @addr: Buffer for the MAC address (ETH_ALEN = 6 bytes)
+ * Returns: 0 on success, -1 on failure (e.g., string not a MAC address)
+ */
+int hwaddr_aton(const char *txt, u8 *addr)
+{
+       int i;
+
+       for (i = 0; i < 6; i++) {
+               int a, b;
+
+               a = hex2num(*txt++);
+               if (a < 0)
+                       return -1;
+               b = hex2num(*txt++);
+               if (b < 0)
+                       return -1;
+               *addr++ = (a << 4) | b;
+               if (i < 5 && *txt++ != ':')
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+/**
+ * hexstr2bin - Convert ASCII hex string into binary data
+ * @hex: ASCII hex string (e.g., "01ab")
+ * @buf: Buffer for the binary data
+ * @len: Length of the text to convert in bytes (of buf); hex will be double
+ * this size
+ * Returns: 0 on success, -1 on failure (invalid hex string)
+ */
+int hexstr2bin(const char *hex, u8 *buf, size_t len)
+{
+       size_t i;
+       int a;
+       const char *ipos = hex;
+       u8 *opos = buf;
+
+       for (i = 0; i < len; i++) {
+               a = hex2byte(ipos);
+               if (a < 0)
+                       return -1;
+               *opos++ = a;
+               ipos += 2;
+       }
+       return 0;
+}
+
+
+/**
+ * inc_byte_array - Increment arbitrary length byte array by one
+ * @counter: Pointer to byte array
+ * @len: Length of the counter in bytes
+ *
+ * This function increments the last byte of the counter by one and continues
+ * rolling over to more significant bytes if the byte was incremented from
+ * 0xff to 0x00.
+ */
+void inc_byte_array(u8 *counter, size_t len)
+{
+       int pos = len - 1;
+       while (pos >= 0) {
+               counter[pos]++;
+               if (counter[pos] != 0)
+                       break;
+               pos--;
+       }
+}
+
+
+void wpa_get_ntp_timestamp(u8 *buf)
+{
+       struct os_time now;
+       u32 sec, usec;
+
+       /* 64-bit NTP timestamp (time from 1900-01-01 00:00:00) */
+       os_get_time(&now);
+       sec = host_to_be32(now.sec + 2208988800U); /* Epoch to 1900 */
+       /* Estimate 2^32/10^6 = 4295 - 1/32 - 1/512 */
+       usec = now.usec;
+       usec = host_to_be32(4295 * usec - (usec >> 5) - (usec >> 9));
+       os_memcpy(buf, (u8 *) &sec, 4);
+       os_memcpy(buf + 4, (u8 *) &usec, 4);
+}
+
+
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+
+void wpa_debug_print_timestamp(void)
+{
+       struct os_time tv;
+
+       if (!wpa_debug_timestamp)
+               return;
+
+       os_get_time(&tv);
+#ifdef CONFIG_DEBUG_FILE
+       if (out_file) {
+               fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
+                       (unsigned int) tv.usec);
+       } else
+#endif /* CONFIG_DEBUG_FILE */
+       printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
+}
+
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+{
+       va_list ap;
+
+       va_start(ap, fmt);
+       if (level >= wpa_debug_level) {
+               wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+               if (out_file) {
+                       vfprintf(out_file, fmt, ap);
+                       fprintf(out_file, "\n");
+               } else {
+#endif /* CONFIG_DEBUG_FILE */
+               vprintf(fmt, ap);
+               printf("\n");
+#ifdef CONFIG_DEBUG_FILE
+               }
+#endif /* CONFIG_DEBUG_FILE */
+       }
+       va_end(ap);
+}
+
+
+static void _wpa_hexdump(int level, const char *title, const u8 *buf,
+                        size_t len, int show)
+{
+       size_t i;
+       if (level < wpa_debug_level)
+               return;
+       wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+       if (out_file) {
+               fprintf(out_file, "%s - hexdump(len=%lu):",
+                       title, (unsigned long) len);
+               if (buf == NULL) {
+                       fprintf(out_file, " [NULL]");
+               } else if (show) {
+                       for (i = 0; i < len; i++)
+                               fprintf(out_file, " %02x", buf[i]);
+               } else {
+                       fprintf(out_file, " [REMOVED]");
+               }
+               fprintf(out_file, "\n");
+       } else {
+#endif /* CONFIG_DEBUG_FILE */
+       printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+       if (buf == NULL) {
+               printf(" [NULL]");
+       } else if (show) {
+               for (i = 0; i < len; i++)
+                       printf(" %02x", buf[i]);
+       } else {
+               printf(" [REMOVED]");
+       }
+       printf("\n");
+#ifdef CONFIG_DEBUG_FILE
+       }
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys);
+}
+
+
+static void _wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+                              size_t len, int show)
+{
+       size_t i, llen;
+       const u8 *pos = buf;
+       const size_t line_len = 16;
+
+       if (level < wpa_debug_level)
+               return;
+       wpa_debug_print_timestamp();
+#ifdef CONFIG_DEBUG_FILE
+       if (out_file) {
+               if (!show) {
+                       fprintf(out_file,
+                               "%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+                               title, (unsigned long) len);
+                       return;
+               }
+               if (buf == NULL) {
+                       fprintf(out_file,
+                               "%s - hexdump_ascii(len=%lu): [NULL]\n",
+                               title, (unsigned long) len);
+                       return;
+               }
+               fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
+                       title, (unsigned long) len);
+               while (len) {
+                       llen = len > line_len ? line_len : len;
+                       fprintf(out_file, "    ");
+                       for (i = 0; i < llen; i++)
+                               fprintf(out_file, " %02x", pos[i]);
+                       for (i = llen; i < line_len; i++)
+                               fprintf(out_file, "   ");
+                       fprintf(out_file, "   ");
+                       for (i = 0; i < llen; i++) {
+                               if (isprint(pos[i]))
+                                       fprintf(out_file, "%c", pos[i]);
+                               else
+                                       fprintf(out_file, "_");
+                       }
+                       for (i = llen; i < line_len; i++)
+                               fprintf(out_file, " ");
+                       fprintf(out_file, "\n");
+                       pos += llen;
+                       len -= llen;
+               }
+       } else {
+#endif /* CONFIG_DEBUG_FILE */
+       if (!show) {
+               printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+                      title, (unsigned long) len);
+               return;
+       }
+       if (buf == NULL) {
+               printf("%s - hexdump_ascii(len=%lu): [NULL]\n",
+                      title, (unsigned long) len);
+               return;
+       }
+       printf("%s - hexdump_ascii(len=%lu):\n", title, (unsigned long) len);
+       while (len) {
+               llen = len > line_len ? line_len : len;
+               printf("    ");
+               for (i = 0; i < llen; i++)
+                       printf(" %02x", pos[i]);
+               for (i = llen; i < line_len; i++)
+                       printf("   ");
+               printf("   ");
+               for (i = 0; i < llen; i++) {
+                       if (isprint(pos[i]))
+                               printf("%c", pos[i]);
+                       else
+                               printf("_");
+               }
+               for (i = llen; i < line_len; i++)
+                       printf(" ");
+               printf("\n");
+               pos += llen;
+               len -= llen;
+       }
+#ifdef CONFIG_DEBUG_FILE
+       }
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump_ascii(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+                          size_t len)
+{
+       _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+}
+
+
+int wpa_debug_open_file(void)
+{
+#ifdef CONFIG_DEBUG_FILE
+       static int count = 0;
+       char fname[64];
+       if (!wpa_debug_use_file)
+               return 0;
+#ifdef _WIN32
+       os_snprintf(fname, sizeof(fname), "\\Temp\\wpa_supplicant-log-%d.txt",
+                   count++);
+#else /* _WIN32 */
+       os_snprintf(fname, sizeof(fname), "/tmp/wpa_supplicant-log-%d.txt",
+                   count++);
+#endif /* _WIN32 */
+       out_file = fopen(fname, "w");
+       return out_file == NULL ? -1 : 0;
+#else /* CONFIG_DEBUG_FILE */
+       return 0;
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+
+void wpa_debug_close_file(void)
+{
+#ifdef CONFIG_DEBUG_FILE
+       if (!wpa_debug_use_file)
+               return;
+       fclose(out_file);
+       out_file = NULL;
+#endif /* CONFIG_DEBUG_FILE */
+}
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifndef CONFIG_NO_WPA_MSG
+static wpa_msg_cb_func wpa_msg_cb = NULL;
+
+void wpa_msg_register_cb(wpa_msg_cb_func func)
+{
+       wpa_msg_cb = func;
+}
+
+
+void wpa_msg(void *ctx, int level, char *fmt, ...)
+{
+       va_list ap;
+       char *buf;
+       const int buflen = 2048;
+       int len;
+
+       buf = os_malloc(buflen);
+       if (buf == NULL) {
+               wpa_printf(MSG_ERROR, "wpa_msg: Failed to allocate message "
+                          "buffer");
+               return;
+       }
+       va_start(ap, fmt);
+       len = vsnprintf(buf, buflen, fmt, ap);
+       va_end(ap);
+       wpa_printf(level, "%s", buf);
+       if (wpa_msg_cb)
+               wpa_msg_cb(ctx, level, buf, len);
+       os_free(buf);
+}
+#endif /* CONFIG_NO_WPA_MSG */
+
+
+static inline int _wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data,
+                                   size_t len, int uppercase)
+{
+       size_t i;
+       char *pos = buf, *end = buf + buf_size;
+       int ret;
+       if (buf_size == 0)
+               return 0;
+       for (i = 0; i < len; i++) {
+               ret = os_snprintf(pos, end - pos, uppercase ? "%02X" : "%02x",
+                                 data[i]);
+               if (ret < 0 || ret >= end - pos) {
+                       end[-1] = '\0';
+                       return pos - buf;
+               }
+               pos += ret;
+       }
+       end[-1] = '\0';
+       return pos - buf;
+}
+
+/**
+ * wpa_snprintf_hex - Print data as a hex string into a buffer
+ * @buf: Memory area to use as the output buffer
+ * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1)
+ * @data: Data to be printed
+ * @len: Length of data in bytes
+ * Returns: Number of bytes written
+ */
+int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len)
+{
+       return _wpa_snprintf_hex(buf, buf_size, data, len, 0);
+}
+
+
+/**
+ * wpa_snprintf_hex_uppercase - Print data as a upper case hex string into buf
+ * @buf: Memory area to use as the output buffer
+ * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1)
+ * @data: Data to be printed
+ * @len: Length of data in bytes
+ * Returns: Number of bytes written
+ */
+int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
+                              size_t len)
+{
+       return _wpa_snprintf_hex(buf, buf_size, data, len, 1);
+}
+
+
+#ifdef CONFIG_ANSI_C_EXTRA
+
+#ifdef _WIN32_WCE
+void perror(const char *s)
+{
+       wpa_printf(MSG_ERROR, "%s: GetLastError: %d",
+                  s, (int) GetLastError());
+}
+#endif /* _WIN32_WCE */
+
+
+int optind = 1;
+int optopt;
+char *optarg;
+
+int getopt(int argc, char *const argv[], const char *optstring)
+{
+       static int optchr = 1;
+       char *cp;
+
+       if (optchr == 1) {
+               if (optind >= argc) {
+                       /* all arguments processed */
+                       return EOF;
+               }
+
+               if (argv[optind][0] != '-' || argv[optind][1] == '\0') {
+                       /* no option characters */
+                       return EOF;
+               }
+       }
+
+       if (os_strcmp(argv[optind], "--") == 0) {
+               /* no more options */
+               optind++;
+               return EOF;
+       }
+
+       optopt = argv[optind][optchr];
+       cp = os_strchr(optstring, optopt);
+       if (cp == NULL || optopt == ':') {
+               if (argv[optind][++optchr] == '\0') {
+                       optchr = 1;
+                       optind++;
+               }
+               return '?';
+       }
+
+       if (cp[1] == ':') {
+               /* Argument required */
+               optchr = 1;
+               if (argv[optind][optchr + 1]) {
+                       /* No space between option and argument */
+                       optarg = &argv[optind++][optchr + 1];
+               } else if (++optind >= argc) {
+                       /* option requires an argument */
+                       return '?';
+               } else {
+                       /* Argument in the next argv */
+                       optarg = argv[optind++];
+               }
+       } else {
+               /* No argument */
+               if (argv[optind][++optchr] == '\0') {
+                       optchr = 1;
+                       optind++;
+               }
+               optarg = NULL;
+       }
+       return *cp;
+}
+#endif /* CONFIG_ANSI_C_EXTRA */
+
+
+#ifdef CONFIG_NATIVE_WINDOWS
+/**
+ * wpa_unicode2ascii_inplace - Convert unicode string into ASCII
+ * @str: Pointer to string to convert
+ *
+ * This function converts a unicode string to ASCII using the same
+ * buffer for output. If UNICODE is not set, the buffer is not
+ * modified.
+ */
+void wpa_unicode2ascii_inplace(TCHAR *str)
+{
+#ifdef UNICODE
+       char *dst = (char *) str;
+       while (*str)
+               *dst++ = (char) *str++;
+       *dst = '\0';
+#endif /* UNICODE */
+}
+
+
+TCHAR * wpa_strdup_tchar(const char *str)
+{
+#ifdef UNICODE
+       TCHAR *buf;
+       buf = os_malloc((strlen(str) + 1) * sizeof(TCHAR));
+       if (buf == NULL)
+               return NULL;
+       wsprintf(buf, L"%S", str);
+       return buf;
+#else /* UNICODE */
+       return os_strdup(str);
+#endif /* UNICODE */
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+
+/**
+ * wpa_ssid_txt - Convert SSID to a printable string
+ * @ssid: SSID (32-octet string)
+ * @ssid_len: Length of ssid in octets
+ * Returns: Pointer to a printable string
+ *
+ * This function can be used to convert SSIDs into printable form. In most
+ * cases, SSIDs do not use unprintable characters, but IEEE 802.11 standard
+ * does not limit the used character set, so anything could be used in an SSID.
+ *
+ * This function uses a static buffer, so only one call can be used at the
+ * time, i.e., this is not re-entrant and the returned buffer must be used
+ * before calling this again.
+ */
+const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len)
+{
+       static char ssid_txt[33];
+       char *pos;
+
+       if (ssid_len > 32)
+               ssid_len = 32;
+       os_memcpy(ssid_txt, ssid, ssid_len);
+       ssid_txt[ssid_len] = '\0';
+       for (pos = ssid_txt; *pos != '\0'; pos++) {
+               if ((u8) *pos < 32 || (u8) *pos >= 127)
+                       *pos = '_';
+       }
+       return ssid_txt;
+}
diff --git a/contrib/hostapd-0.5.8/common.h b/contrib/hostapd-0.5.8/common.h
new file mode 100644 (file)
index 0000000..b200b58
--- /dev/null
@@ -0,0 +1,492 @@
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include "os.h"
+
+#ifdef __linux__
+#include <endian.h>
+#include <byteswap.h>
+#endif /* __linux__ */
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/types.h>
+#include <sys/endian.h>
+#define __BYTE_ORDER   _BYTE_ORDER
+#define        __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define        __BIG_ENDIAN    _BIG_ENDIAN
+#define bswap_16 bswap16
+#define bswap_32 bswap32
+#define bswap_64 bswap64
+#endif /* defined(__FreeBSD__) || defined(__NetBSD__) ||
+       * defined(__DragonFly__) */
+
+#ifdef CONFIG_TI_COMPILER
+#define __BIG_ENDIAN 4321
+#define __LITTLE_ENDIAN 1234
+#ifdef __big_endian__
+#define __BYTE_ORDER __BIG_ENDIAN
+#else
+#define __BYTE_ORDER __LITTLE_ENDIAN
+#endif
+#endif /* CONFIG_TI_COMPILER */
+
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock.h>
+
+typedef int socklen_t;
+
+#ifndef MSG_DONTWAIT
+#define MSG_DONTWAIT 0 /* not supported */
+#endif
+
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
+
+#ifdef _MSC_VER
+#define inline __inline
+#endif /* _MSC_VER */
+
+static inline unsigned short wpa_swap_16(unsigned short v)
+{
+       return ((v & 0xff) << 8) | (v >> 8);
+}
+
+static inline unsigned int wpa_swap_32(unsigned int v)
+{
+       return ((v & 0xff) << 24) | ((v & 0xff00) << 8) |
+               ((v & 0xff0000) >> 8) | (v >> 24);
+}
+
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) wpa_swap_16(n)
+#define host_to_be16(n) wpa_swap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) wpa_swap_32(n)
+#define host_to_be32(n) wpa_swap_32(n)
+
+#else /* __CYGWIN__ */
+
+#ifndef __BYTE_ORDER
+#ifndef __LITTLE_ENDIAN
+#ifndef __BIG_ENDIAN
+#define __LITTLE_ENDIAN 1234
+#define __BIG_ENDIAN 4321
+#if defined(sparc)
+#define __BYTE_ORDER __BIG_ENDIAN
+#endif
+#endif /* __BIG_ENDIAN */
+#endif /* __LITTLE_ENDIAN */
+#endif /* __BYTE_ORDER */
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) bswap_16(n)
+#define host_to_be16(n) bswap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) bswap_32(n)
+#define host_to_be32(n) bswap_32(n)
+#define le_to_host64(n) (n)
+#define host_to_le64(n) (n)
+#define be_to_host64(n) bswap_64(n)
+#define host_to_be64(n) bswap_64(n)
+#elif __BYTE_ORDER == __BIG_ENDIAN
+#define le_to_host16(n) bswap_16(n)
+#define host_to_le16(n) bswap_16(n)
+#define be_to_host16(n) (n)
+#define host_to_be16(n) (n)
+#define le_to_host32(n) bswap_32(n)
+#define be_to_host32(n) (n)
+#define host_to_be32(n) (n)
+#define le_to_host64(n) bswap_64(n)
+#define host_to_le64(n) bswap_64(n)
+#define be_to_host64(n) (n)
+#define host_to_be64(n) (n)
+#ifndef WORDS_BIGENDIAN
+#define WORDS_BIGENDIAN
+#endif
+#else
+#error Could not determine CPU byte order
+#endif
+
+#endif /* __CYGWIN__ */
+
+/* Macros for handling unaligned 16-bit variables */
+#define WPA_GET_BE16(a) ((u16) (((a)[0] << 8) | (a)[1]))
+#define WPA_PUT_BE16(a, val)                   \
+       do {                                    \
+               (a)[0] = ((u16) (val)) >> 8;    \
+               (a)[1] = ((u16) (val)) & 0xff;  \
+       } while (0)
+
+#define WPA_GET_LE16(a) ((u16) (((a)[1] << 8) | (a)[0]))
+#define WPA_PUT_LE16(a, val)                   \
+       do {                                    \
+               (a)[1] = ((u16) (val)) >> 8;    \
+               (a)[0] = ((u16) (val)) & 0xff;  \
+       } while (0)
+
+#define WPA_GET_BE24(a) ((((u32) (a)[0]) << 16) | (((u32) (a)[1]) << 8) | \
+                        ((u32) (a)[2]))
+#define WPA_PUT_BE24(a, val)                           \
+       do {                                            \
+               (a)[0] = (u8) (((u32) (val)) >> 16);    \
+               (a)[1] = (u8) (((u32) (val)) >> 8);     \
+               (a)[2] = (u8) (((u32) (val)) & 0xff);   \
+       } while (0)
+
+#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
+                        (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
+#define WPA_PUT_BE32(a, val)                           \
+       do {                                            \
+               (a)[0] = (u8) (((u32) (val)) >> 24);    \
+               (a)[1] = (u8) (((u32) (val)) >> 16);    \
+               (a)[2] = (u8) (((u32) (val)) >> 8);     \
+               (a)[3] = (u8) (((u32) (val)) & 0xff);   \
+       } while (0)
+
+#define WPA_PUT_BE64(a, val)                           \
+       do {                                            \
+               (a)[0] = (u8) (((u64) (val)) >> 56);    \
+               (a)[1] = (u8) (((u64) (val)) >> 48);    \
+               (a)[2] = (u8) (((u64) (val)) >> 40);    \
+               (a)[3] = (u8) (((u64) (val)) >> 32);    \
+               (a)[4] = (u8) (((u64) (val)) >> 24);    \
+               (a)[5] = (u8) (((u64) (val)) >> 16);    \
+               (a)[6] = (u8) (((u64) (val)) >> 8);     \
+               (a)[7] = (u8) (((u64) (val)) & 0xff);   \
+       } while (0)
+
+
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif
+
+#ifdef _MSC_VER
+typedef UINT64 u64;
+typedef UINT32 u32;
+typedef UINT16 u16;
+typedef UINT8 u8;
+typedef INT64 s64;
+typedef INT32 s32;
+typedef INT16 s16;
+typedef INT8 s8;
+#define WPA_TYPES_DEFINED
+#endif /* _MSC_VER */
+
+#ifdef __vxworks
+typedef unsigned long long u64;
+typedef UINT32 u32;
+typedef UINT16 u16;
+typedef UINT8 u8;
+typedef long long s64;
+typedef INT32 s32;
+typedef INT16 s16;
+typedef INT8 s8;
+#define WPA_TYPES_DEFINED
+#endif /* __vxworks */
+
+#ifdef CONFIG_TI_COMPILER
+#ifdef _LLONG_AVAILABLE
+typedef unsigned long long u64;
+#else
+/*
+ * TODO: 64-bit variable not available. Using long as a workaround to test the
+ * build, but this will likely not work for all operations.
+ */
+typedef unsigned long u64;
+#endif
+typedef unsigned int u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+#define WPA_TYPES_DEFINED
+#endif /* CONFIG_TI_COMPILER */
+
+#ifndef WPA_TYPES_DEFINED
+#ifdef CONFIG_USE_INTTYPES_H
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif
+typedef uint64_t u64;
+typedef uint32_t u32;
+typedef uint16_t u16;
+typedef uint8_t u8;
+typedef int64_t s64;
+typedef int32_t s32;
+typedef int16_t s16;
+typedef int8_t s8;
+#define WPA_TYPES_DEFINED
+#endif /* !WPA_TYPES_DEFINED */
+
+#define hostapd_get_rand os_get_random
+int hwaddr_aton(const char *txt, u8 *addr);
+int hexstr2bin(const char *hex, u8 *buf, size_t len);
+void inc_byte_array(u8 *counter, size_t len);
+void wpa_get_ntp_timestamp(u8 *buf);
+
+
+#ifdef __GNUC__
+#define PRINTF_FORMAT(a,b) __attribute__ ((format (printf, (a), (b))))
+#define STRUCT_PACKED __attribute__ ((packed))
+#else
+#define PRINTF_FORMAT(a,b)
+#define STRUCT_PACKED
+#endif
+
+
+/* Debugging function - conditional printf and hex dump. Driver wrappers can
+ * use these for debugging purposes. */
+
+enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR };
+
+#ifdef CONFIG_NO_STDOUT_DEBUG
+
+#define wpa_debug_print_timestamp() do { } while (0)
+#define wpa_printf(args...) do { } while (0)
+#define wpa_hexdump(l,t,b,le) do { } while (0)
+#define wpa_hexdump_key(l,t,b,le) do { } while (0)
+#define wpa_hexdump_ascii(l,t,b,le) do { } while (0)
+#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0)
+#define wpa_debug_open_file() do { } while (0)
+#define wpa_debug_close_file() do { } while (0)
+
+#else /* CONFIG_NO_STDOUT_DEBUG */
+
+int wpa_debug_open_file(void);
+void wpa_debug_close_file(void);
+
+/**
+ * wpa_debug_printf_timestamp - Print timestamp for debug output
+ *
+ * This function prints a timestamp in <seconds from 1970>.<microsoconds>
+ * format if debug output has been configured to include timestamps in debug
+ * messages.
+ */
+void wpa_debug_print_timestamp(void);
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+PRINTF_FORMAT(2, 3);
+
+/**
+ * wpa_hexdump - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump.
+ */
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump. This works
+ * like wpa_hexdump(), but by default, does not include secret keys (passwords,
+ * etc.) in debug output.
+ */
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_ascii - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown.
+ */
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+                      size_t len);
+
+/**
+ * wpa_hexdump_ascii_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
+ * default, does not include secret keys (passwords, etc.) in debug output.
+ */
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+                          size_t len);
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef CONFIG_NO_WPA_MSG
+#define wpa_msg(args...) do { } while (0)
+#define wpa_msg_register_cb(f) do { } while (0)
+#else /* CONFIG_NO_WPA_MSG */
+/**
+ * wpa_msg - Conditional printf for default target and ctrl_iface monitors
+ * @ctx: Pointer to context data; this is the ctx variable registered
+ *     with struct wpa_driver_ops::init()
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. This function is like wpa_printf(), but it also sends the
+ * same message to all attached ctrl_iface monitors.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_msg(void *ctx, int level, char *fmt, ...) PRINTF_FORMAT(3, 4);
+
+typedef void (*wpa_msg_cb_func)(void *ctx, int level, const char *txt,
+                               size_t len);
+
+/**
+ * wpa_msg_register_cb - Register callback function for wpa_msg() messages
+ * @func: Callback function (%NULL to unregister)
+ */
+void wpa_msg_register_cb(wpa_msg_cb_func func);
+#endif /* CONFIG_NO_WPA_MSG */
+
+
+int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len);
+int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
+                              size_t len);
+
+
+#ifdef EAPOL_TEST
+#define WPA_ASSERT(a)                                                 \
+       do {                                                           \
+               if (!(a)) {                                            \
+                       printf("WPA_ASSERT FAILED '" #a "' "           \
+                              "%s %s:%d\n",                           \
+                              __FUNCTION__, __FILE__, __LINE__);      \
+                       exit(1);                                       \
+               }                                                      \
+       } while (0)
+#else
+#define WPA_ASSERT(a) do { } while (0)
+#endif
+
+
+#ifdef _MSC_VER
+#undef vsnprintf
+#define vsnprintf _vsnprintf
+#undef close
+#define close closesocket
+#endif /* _MSC_VER */
+
+
+#ifdef CONFIG_ANSI_C_EXTRA
+
+#if !defined(_MSC_VER) || _MSC_VER < 1400
+/* snprintf - used in number of places; sprintf() is _not_ a good replacement
+ * due to possible buffer overflow; see, e.g.,
+ * http://www.ijs.si/software/snprintf/ for portable implementation of
+ * snprintf. */
+int snprintf(char *str, size_t size, const char *format, ...);
+
+/* vsnprintf - only used for wpa_msg() in wpa_supplicant.c */
+int vsnprintf(char *str, size_t size, const char *format, va_list ap);
+#endif /* !defined(_MSC_VER) || _MSC_VER < 1400 */
+
+/* getopt - only used in main.c */
+int getopt(int argc, char *const argv[], const char *optstring);
+extern char *optarg;
+extern int optind;
+
+#ifndef CONFIG_NO_SOCKLEN_T_TYPEDEF
+#ifndef __socklen_t_defined
+typedef int socklen_t;
+#endif
+#endif
+
+/* inline - define as __inline or just define it to be empty, if needed */
+#ifdef CONFIG_NO_INLINE
+#define inline
+#else
+#define inline __inline
+#endif
+
+#ifndef __func__
+#define __func__ "__func__ not defined"
+#endif
+
+#ifndef bswap_16
+#define bswap_16(a) ((((u16) (a) << 8) & 0xff00) | (((u16) (a) >> 8) & 0xff))
+#endif
+
+#ifndef bswap_32
+#define bswap_32(a) ((((u32) (a) << 24) & 0xff000000) | \
+                    (((u32) (a) << 8) & 0xff0000) | \
+                    (((u32) (a) >> 8) & 0xff00) | \
+                    (((u32) (a) >> 24) & 0xff))
+#endif
+
+#ifndef MSG_DONTWAIT
+#define MSG_DONTWAIT 0
+#endif
+
+#ifdef _WIN32_WCE
+void perror(const char *s);
+#endif /* _WIN32_WCE */
+
+#endif /* CONFIG_ANSI_C_EXTRA */
+
+#define wpa_zalloc(s) os_zalloc((s))
+
+#ifdef CONFIG_NATIVE_WINDOWS
+void wpa_unicode2ascii_inplace(TCHAR *str);
+TCHAR * wpa_strdup_tchar(const char *str);
+#else /* CONFIG_NATIVE_WINDOWS */
+#define wpa_unicode2ascii_inplace(s) do { } while (0)
+#define wpa_strdup_tchar(s) strdup((s))
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len);
+
+typedef u32 __be32;
+typedef u64 __be64;
+
+#endif /* COMMON_H */
diff --git a/contrib/hostapd-0.5.8/config.c b/contrib/hostapd-0.5.8/config.c
new file mode 100644 (file)
index 0000000..d1b2ba3
--- /dev/null
@@ -0,0 +1,1994 @@
+/*
+ * hostapd / Configuration file
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifndef CONFIG_NATIVE_WINDOWS
+#include <grp.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#include "hostapd.h"
+#include "driver.h"
+#include "sha1.h"
+#include "eap.h"
+#include "radius_client.h"
+#include "wpa_common.h"
+
+
+#define MAX_STA_COUNT 2007
+
+
+static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
+                                        const char *fname)
+{
+       FILE *f;
+       char buf[128], *pos, *pos2;
+       int line = 0, vlan_id;
+       struct hostapd_vlan *vlan;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("VLAN file '%s' not readable.\n", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (buf[0] == '*') {
+                       vlan_id = VLAN_ID_WILDCARD;
+                       pos = buf + 1;
+               } else {
+                       vlan_id = strtol(buf, &pos, 10);
+                       if (buf == pos || vlan_id < 1 ||
+                           vlan_id > MAX_VLAN_ID) {
+                               printf("Invalid VLAN ID at line %d in '%s'\n",
+                                      line, fname);
+                               fclose(f);
+                               return -1;
+                       }
+               }
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               pos2 = pos;
+               while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
+                       pos2++;
+               *pos2 = '\0';
+               if (*pos == '\0' || strlen(pos) > IFNAMSIZ) {
+                       printf("Invalid VLAN ifname at line %d in '%s'\n",
+                              line, fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               vlan = malloc(sizeof(*vlan));
+               if (vlan == NULL) {
+                       printf("Out of memory while reading VLAN interfaces "
+                              "from '%s'\n", fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               memset(vlan, 0, sizeof(*vlan));
+               vlan->vlan_id = vlan_id;
+               strncpy(vlan->ifname, pos, sizeof(vlan->ifname));
+               if (bss->vlan_tail)
+                       bss->vlan_tail->next = vlan;
+               else
+                       bss->vlan = vlan;
+               bss->vlan_tail = vlan;
+       }
+
+       fclose(f);
+
+       return 0;
+}
+
+
+static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
+{
+       struct hostapd_vlan *vlan, *prev;
+
+       vlan = bss->vlan;
+       prev = NULL;
+       while (vlan) {
+               prev = vlan;
+               vlan = vlan->next;
+               free(prev);
+       }
+
+       bss->vlan = NULL;
+}
+
+
+/* convert floats with one decimal place to value*10 int, i.e.,
+ * "1.5" will return 15 */
+static int hostapd_config_read_int10(const char *value)
+{
+       int i, d;
+       char *pos;
+
+       i = atoi(value);
+       pos = strchr(value, '.');
+       d = 0;
+       if (pos) {
+               pos++;
+               if (*pos >= '0' && *pos <= '9')
+                       d = *pos - '0';
+       }
+
+       return i * 10 + d;
+}
+
+
+static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+{
+       bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
+       bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
+       bss->logger_syslog = (unsigned int) -1;
+       bss->logger_stdout = (unsigned int) -1;
+
+       bss->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
+
+       bss->wep_rekeying_period = 300;
+       /* use key0 in individual key and key1 in broadcast key */
+       bss->broadcast_key_idx_min = 1;
+       bss->broadcast_key_idx_max = 2;
+       bss->eap_reauth_period = 3600;
+
+       bss->wpa_group_rekey = 600;
+       bss->wpa_gmk_rekey = 86400;
+       bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+       bss->wpa_pairwise = WPA_CIPHER_TKIP;
+       bss->wpa_group = WPA_CIPHER_TKIP;
+
+       bss->max_num_sta = MAX_STA_COUNT;
+
+       bss->dtim_period = 2;
+
+       bss->radius_server_auth_port = 1812;
+       bss->ap_max_inactivity = AP_MAX_INACTIVITY;
+       bss->eapol_version = EAPOL_VERSION;
+}
+
+
+static struct hostapd_config * hostapd_config_defaults(void)
+{
+       struct hostapd_config *conf;
+       struct hostapd_bss_config *bss;
+       int i;
+       const int aCWmin = 15, aCWmax = 1024;
+       const struct hostapd_wme_ac_params ac_bk =
+               { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
+       const struct hostapd_wme_ac_params ac_be =
+               { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
+       const struct hostapd_wme_ac_params ac_vi = /* video traffic */
+               { aCWmin >> 1, aCWmin, 2, 3000 / 32, 1 };
+       const struct hostapd_wme_ac_params ac_vo = /* voice traffic */
+               { aCWmin >> 2, aCWmin >> 1, 2, 1500 / 32, 1 };
+
+       conf = wpa_zalloc(sizeof(*conf));
+       bss = wpa_zalloc(sizeof(*bss));
+       if (conf == NULL || bss == NULL) {
+               printf("Failed to allocate memory for configuration data.\n");
+               free(conf);
+               free(bss);
+               return NULL;
+       }
+
+       /* set default driver based on configuration */
+       conf->driver = driver_lookup("default");
+       if (conf->driver == NULL) {
+               printf("No default driver registered!\n");
+               free(conf);
+               free(bss);
+               return NULL;
+       }
+
+       bss->radius = wpa_zalloc(sizeof(*bss->radius));
+       if (bss->radius == NULL) {
+               free(conf);
+               free(bss);
+               return NULL;
+       }
+
+       hostapd_config_defaults_bss(bss);
+
+       conf->num_bss = 1;
+       conf->bss = bss;
+
+       conf->beacon_int = 100;
+       conf->rts_threshold = -1; /* use driver default: 2347 */
+       conf->fragm_threshold = -1; /* user driver default: 2346 */
+       conf->send_probe_response = 1;
+       conf->bridge_packets = INTERNAL_BRIDGE_DO_NOT_CONTROL;
+
+       memcpy(conf->country, "US ", 3);
+
+       for (i = 0; i < NUM_TX_QUEUES; i++)
+               conf->tx_queue[i].aifs = -1; /* use hw default */
+
+       conf->wme_ac_params[0] = ac_be;
+       conf->wme_ac_params[1] = ac_bk;
+       conf->wme_ac_params[2] = ac_vi;
+       conf->wme_ac_params[3] = ac_vo;
+
+       return conf;
+}
+
+
+static int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr)
+{
+       if (inet_aton(txt, &addr->u.v4)) {
+               addr->af = AF_INET;
+               return 0;
+       }
+
+#ifdef CONFIG_IPV6
+       if (inet_pton(AF_INET6, txt, &addr->u.v6) > 0) {
+               addr->af = AF_INET6;
+               return 0;
+       }
+#endif /* CONFIG_IPV6 */
+
+       return -1;
+}
+
+
+int hostapd_mac_comp(const void *a, const void *b)
+{
+       return memcmp(a, b, sizeof(macaddr));
+}
+
+
+int hostapd_mac_comp_empty(const void *a)
+{
+       macaddr empty = { 0 };
+       return memcmp(a, empty, sizeof(macaddr));
+}
+
+
+static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
+                                      int *num)
+{
+       FILE *f;
+       char buf[128], *pos;
+       int line = 0;
+       u8 addr[ETH_ALEN];
+       macaddr *newacl;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("MAC list file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (hwaddr_aton(buf, addr)) {
+                       printf("Invalid MAC address '%s' at line %d in '%s'\n",
+                              buf, line, fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN);
+               if (newacl == NULL) {
+                       printf("MAC list reallocation failed\n");
+                       fclose(f);
+                       return -1;
+               }
+
+               *acl = newacl;
+               memcpy((*acl)[*num], addr, ETH_ALEN);
+               (*num)++;
+       }
+
+       fclose(f);
+
+       qsort(*acl, *num, sizeof(macaddr), hostapd_mac_comp);
+
+       return 0;
+}
+
+
+static int hostapd_config_read_wpa_psk(const char *fname,
+                                      struct hostapd_ssid *ssid)
+{
+       FILE *f;
+       char buf[128], *pos;
+       int line = 0, ret = 0, len, ok;
+       u8 addr[ETH_ALEN];
+       struct hostapd_wpa_psk *psk;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("WPA PSK file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (hwaddr_aton(buf, addr)) {
+                       printf("Invalid MAC address '%s' on line %d in '%s'\n",
+                              buf, line, fname);
+                       ret = -1;
+                       break;
+               }
+
+               psk = wpa_zalloc(sizeof(*psk));
+               if (psk == NULL) {
+                       printf("WPA PSK allocation failed\n");
+                       ret = -1;
+                       break;
+               }
+               if (memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+                       psk->group = 1;
+               else
+                       memcpy(psk->addr, addr, ETH_ALEN);
+
+               pos = buf + 17;
+               if (pos == '\0') {
+                       printf("No PSK on line %d in '%s'\n", line, fname);
+                       free(psk);
+                       ret = -1;
+                       break;
+               }
+               pos++;
+
+               ok = 0;
+               len = strlen(pos);
+               if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
+                       ok = 1;
+               else if (len >= 8 && len < 64) {
+                       pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
+                                   4096, psk->psk, PMK_LEN);
+                       ok = 1;
+               }
+               if (!ok) {
+                       printf("Invalid PSK '%s' on line %d in '%s'\n",
+                              pos, line, fname);
+                       free(psk);
+                       ret = -1;
+                       break;
+               }
+
+               psk->next = ssid->wpa_psk;
+               ssid->wpa_psk = psk;
+       }
+
+       fclose(f);
+
+       return ret;
+}
+
+
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
+{
+       struct hostapd_ssid *ssid = &conf->ssid;
+
+       if (ssid->wpa_passphrase != NULL) {
+               if (ssid->wpa_psk != NULL) {
+                       printf("Warning: both WPA PSK and passphrase set. "
+                              "Using passphrase.\n");
+                       free(ssid->wpa_psk);
+               }
+               ssid->wpa_psk = wpa_zalloc(sizeof(struct hostapd_wpa_psk));
+               if (ssid->wpa_psk == NULL) {
+                       printf("Unable to alloc space for PSK\n");
+                       return -1;
+               }
+               wpa_hexdump_ascii(MSG_DEBUG, "SSID",
+                                 (u8 *) ssid->ssid, ssid->ssid_len);
+               wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)",
+                                 (u8 *) ssid->wpa_passphrase,
+                                 strlen(ssid->wpa_passphrase));
+               pbkdf2_sha1(ssid->wpa_passphrase,
+                           ssid->ssid, ssid->ssid_len,
+                           4096, ssid->wpa_psk->psk, PMK_LEN);
+               wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)",
+                           ssid->wpa_psk->psk, PMK_LEN);
+               ssid->wpa_psk->group = 1;
+
+               memset(ssid->wpa_passphrase, 0,
+                      strlen(ssid->wpa_passphrase));
+               free(ssid->wpa_passphrase);
+               ssid->wpa_passphrase = NULL;
+       }
+
+       if (ssid->wpa_psk_file) {
+               if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
+                                               &conf->ssid))
+                       return -1;
+               free(ssid->wpa_psk_file);
+               ssid->wpa_psk_file = NULL;
+       }
+
+       return 0;
+}
+
+
+#ifdef EAP_SERVER
+static int hostapd_config_read_eap_user(const char *fname,
+                                       struct hostapd_bss_config *conf)
+{
+       FILE *f;
+       char buf[512], *pos, *start, *pos2;
+       int line = 0, ret = 0, num_methods;
+       struct hostapd_eap_user *user, *tail = NULL;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("EAP user file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               user = NULL;
+
+               if (buf[0] != '"' && buf[0] != '*') {
+                       printf("Invalid EAP identity (no \" in start) on "
+                              "line %d in '%s'\n", line, fname);
+                       goto failed;
+               }
+
+               user = wpa_zalloc(sizeof(*user));
+               if (user == NULL) {
+                       printf("EAP user allocation failed\n");
+                       goto failed;
+               }
+               user->force_version = -1;
+
+               if (buf[0] == '*') {
+                       pos = buf;
+               } else {
+                       pos = buf + 1;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               printf("Invalid EAP identity (no \" in end) on"
+                                      " line %d in '%s'\n", line, fname);
+                               goto failed;
+                       }
+
+                       user->identity = malloc(pos - start);
+                       if (user->identity == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "identity\n");
+                               goto failed;
+                       }
+                       memcpy(user->identity, start, pos - start);
+                       user->identity_len = pos - start;
+
+                       if (pos[0] == '"' && pos[1] == '*') {
+                               user->wildcard_prefix = 1;
+                               pos++;
+                       }
+               }
+               pos++;
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+
+               if (*pos == '\0') {
+                       printf("No EAP method on line %d in '%s'\n",
+                              line, fname);
+                       goto failed;
+               }
+
+               start = pos;
+               while (*pos != ' ' && *pos != '\t' && *pos != '\0')
+                       pos++;
+               if (*pos == '\0') {
+                       pos = NULL;
+               } else {
+                       *pos = '\0';
+                       pos++;
+               }
+               num_methods = 0;
+               while (*start) {
+                       char *pos3 = strchr(start, ',');
+                       if (pos3) {
+                               *pos3++ = '\0';
+                       }
+                       user->methods[num_methods].method =
+                               eap_get_type(start, &user->methods[num_methods]
+                                            .vendor);
+                       if (user->methods[num_methods].vendor ==
+                           EAP_VENDOR_IETF &&
+                           user->methods[num_methods].method == EAP_TYPE_NONE)
+                       {
+                               printf("Unsupported EAP type '%s' on line %d "
+                                      "in '%s'\n", start, line, fname);
+                               goto failed;
+                       }
+
+                       num_methods++;
+                       if (num_methods >= EAP_USER_MAX_METHODS)
+                               break;
+                       if (pos3 == NULL)
+                               break;
+                       start = pos3;
+               }
+               if (num_methods == 0) {
+                       printf("No EAP types configured on line %d in '%s'\n",
+                              line, fname);
+                       goto failed;
+               }
+
+               if (pos == NULL)
+                       goto done;
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (*pos == '\0')
+                       goto done;
+
+               if (strncmp(pos, "[ver=0]", 7) == 0) {
+                       user->force_version = 0;
+                       goto done;
+               }
+
+               if (strncmp(pos, "[ver=1]", 7) == 0) {
+                       user->force_version = 1;
+                       goto done;
+               }
+
+               if (strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+                       goto done;
+               }
+
+               if (*pos == '"') {
+                       pos++;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               printf("Invalid EAP password (no \" in end) "
+                                      "on line %d in '%s'\n", line, fname);
+                               goto failed;
+                       }
+
+                       user->password = malloc(pos - start);
+                       if (user->password == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "password\n");
+                               goto failed;
+                       }
+                       memcpy(user->password, start, pos - start);
+                       user->password_len = pos - start;
+
+                       pos++;
+               } else if (strncmp(pos, "hash:", 5) == 0) {
+                       pos += 5;
+                       pos2 = pos;
+                       while (*pos2 != '\0' && *pos2 != ' ' &&
+                              *pos2 != '\t' && *pos2 != '#')
+                               pos2++;
+                       if (pos2 - pos != 32) {
+                               printf("Invalid password hash on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password = malloc(16);
+                       if (user->password == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "password hash\n");
+                               goto failed;
+                       }
+                       if (hexstr2bin(pos, user->password, 16) < 0) {
+                               printf("Invalid hash password on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password_len = 16;
+                       user->password_hash = 1;
+                       pos = pos2;
+               } else {
+                       pos2 = pos;
+                       while (*pos2 != '\0' && *pos2 != ' ' &&
+                              *pos2 != '\t' && *pos2 != '#')
+                               pos2++;
+                       if ((pos2 - pos) & 1) {
+                               printf("Invalid hex password on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password = malloc((pos2 - pos) / 2);
+                       if (user->password == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "password\n");
+                               goto failed;
+                       }
+                       if (hexstr2bin(pos, user->password,
+                                      (pos2 - pos) / 2) < 0) {
+                               printf("Invalid hex password on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password_len = (pos2 - pos) / 2;
+                       pos = pos2;
+               }
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+               }
+
+       done:
+               if (tail == NULL) {
+                       tail = conf->eap_user = user;
+               } else {
+                       tail->next = user;
+                       tail = user;
+               }
+               continue;
+
+       failed:
+               if (user) {
+                       free(user->password);
+                       free(user->identity);
+                       free(user);
+               }
+               ret = -1;
+               break;
+       }
+
+       fclose(f);
+
+       return ret;
+}
+#endif /* EAP_SERVER */
+
+
+static int
+hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
+                               int *num_server, const char *val, int def_port,
+                               struct hostapd_radius_server **curr_serv)
+{
+       struct hostapd_radius_server *nserv;
+       int ret;
+       static int server_index = 1;
+
+       nserv = realloc(*server, (*num_server + 1) * sizeof(*nserv));
+       if (nserv == NULL)
+               return -1;
+
+       *server = nserv;
+       nserv = &nserv[*num_server];
+       (*num_server)++;
+       (*curr_serv) = nserv;
+
+       memset(nserv, 0, sizeof(*nserv));
+       nserv->port = def_port;
+       ret = hostapd_parse_ip_addr(val, &nserv->addr);
+       nserv->index = server_index++;
+
+       return ret;
+}
+
+
+static int hostapd_config_parse_key_mgmt(int line, const char *value)
+{
+       int val = 0, last;
+       char *start, *end, *buf;
+
+       buf = strdup(value);
+       if (buf == NULL)
+               return -1;
+       start = buf;
+
+       while (start != '\0') {
+               while (*start == ' ' || *start == '\t')
+                       start++;
+               if (*start == '\0')
+                       break;
+               end = start;
+               while (*end != ' ' && *end != '\t' && *end != '\0')
+                       end++;
+               last = *end == '\0';
+               *end = '\0';
+               if (strcmp(start, "WPA-PSK") == 0)
+                       val |= WPA_KEY_MGMT_PSK;
+               else if (strcmp(start, "WPA-EAP") == 0)
+                       val |= WPA_KEY_MGMT_IEEE8021X;
+               else {
+                       printf("Line %d: invalid key_mgmt '%s'\n",
+                              line, start);
+                       free(buf);
+                       return -1;
+               }
+
+               if (last)
+                       break;
+               start = end + 1;
+       }
+
+       free(buf);
+       if (val == 0) {
+               printf("Line %d: no key_mgmt values configured.\n", line);
+               return -1;
+       }
+
+       return val;
+}
+
+
+static int hostapd_config_parse_cipher(int line, const char *value)
+{
+       int val = 0, last;
+       char *start, *end, *buf;
+
+       buf = strdup(value);
+       if (buf == NULL)
+               return -1;
+       start = buf;
+
+       while (start != '\0') {
+               while (*start == ' ' || *start == '\t')
+                       start++;
+               if (*start == '\0')
+                       break;
+               end = start;
+               while (*end != ' ' && *end != '\t' && *end != '\0')
+                       end++;
+               last = *end == '\0';
+               *end = '\0';
+               if (strcmp(start, "CCMP") == 0)
+                       val |= WPA_CIPHER_CCMP;
+               else if (strcmp(start, "TKIP") == 0)
+                       val |= WPA_CIPHER_TKIP;
+               else if (strcmp(start, "WEP104") == 0)
+                       val |= WPA_CIPHER_WEP104;
+               else if (strcmp(start, "WEP40") == 0)
+                       val |= WPA_CIPHER_WEP40;
+               else if (strcmp(start, "NONE") == 0)
+                       val |= WPA_CIPHER_NONE;
+               else {
+                       printf("Line %d: invalid cipher '%s'.", line, start);
+                       free(buf);
+                       return -1;
+               }
+
+               if (last)
+                       break;
+               start = end + 1;
+       }
+       free(buf);
+
+       if (val == 0) {
+               printf("Line %d: no cipher values configured.", line);
+               return -1;
+       }
+       return val;
+}
+
+
+static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
+                                   struct hostapd_config *conf)
+{
+       if (bss->ieee802_1x && !bss->eap_server &&
+           !bss->radius->auth_servers) {
+               printf("Invalid IEEE 802.1X configuration (no EAP "
+                      "authenticator configured).\n");
+               return -1;
+       }
+
+       if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
+           bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
+           bss->ssid.wpa_psk_file == NULL) {
+               printf("WPA-PSK enabled, but PSK or passphrase is not "
+                      "configured.\n");
+               return -1;
+       }
+
+       if (hostapd_mac_comp_empty(bss->bssid) != 0) {
+               size_t i;
+
+               for (i = 0; i < conf->num_bss; i++) {
+                       if ((&conf->bss[i] != bss) &&
+                           (hostapd_mac_comp(conf->bss[i].bssid,
+                                             bss->bssid) == 0)) {
+                               printf("Duplicate BSSID " MACSTR
+                                      " on interface '%s' and '%s'.\n",
+                                      MAC2STR(bss->bssid),
+                                      conf->bss[i].iface, bss->iface);
+                               return -1;
+                       }
+               }
+       }
+
+       return 0;
+}
+
+
+static int hostapd_config_check(struct hostapd_config *conf)
+{
+       size_t i;
+
+       for (i = 0; i < conf->num_bss; i++) {
+               if (hostapd_config_check_bss(&conf->bss[i], conf))
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
+                                  char *val)
+{
+       size_t len = strlen(val);
+
+       if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
+               return -1;
+
+       if (val[0] == '"') {
+               if (len < 2 || val[len - 1] != '"')
+                       return -1;
+               len -= 2;
+               wep->key[keyidx] = malloc(len);
+               if (wep->key[keyidx] == NULL)
+                       return -1;
+               memcpy(wep->key[keyidx], val + 1, len);
+               wep->len[keyidx] = len;
+       } else {
+               if (len & 1)
+                       return -1;
+               len /= 2;
+               wep->key[keyidx] = malloc(len);
+               if (wep->key[keyidx] == NULL)
+                       return -1;
+               wep->len[keyidx] = len;
+               if (hexstr2bin(val, wep->key[keyidx], len) < 0)
+                       return -1;
+       }
+
+       wep->keys_set++;
+
+       return 0;
+}
+
+
+static int hostapd_parse_rates(int **rate_list, char *val)
+{
+       int *list;
+       int count;
+       char *pos, *end;
+
+       free(*rate_list);
+       *rate_list = NULL;
+
+       pos = val;
+       count = 0;
+       while (*pos != '\0') {
+               if (*pos == ' ')
+                       count++;
+               pos++;
+       }
+
+       list = malloc(sizeof(int) * (count + 2));
+       if (list == NULL)
+               return -1;
+       pos = val;
+       count = 0;
+       while (*pos != '\0') {
+               end = strchr(pos, ' ');
+               if (end)
+                       *end = '\0';
+
+               list[count++] = atoi(pos);
+               if (!end)
+                       break;
+               pos = end + 1;
+       }
+       list[count] = -1;
+
+       *rate_list = list;
+       return 0;
+}
+
+
+static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
+{
+       struct hostapd_bss_config *bss;
+
+       if (*ifname == '\0')
+               return -1;
+
+       bss = realloc(conf->bss, (conf->num_bss + 1) *
+                     sizeof(struct hostapd_bss_config));
+       if (bss == NULL) {
+               printf("Failed to allocate memory for multi-BSS entry\n");
+               return -1;
+       }
+       conf->bss = bss;
+
+       bss = &(conf->bss[conf->num_bss]);
+       memset(bss, 0, sizeof(*bss));
+       bss->radius = wpa_zalloc(sizeof(*bss->radius));
+       if (bss->radius == NULL) {
+               printf("Failed to allocate memory for multi-BSS RADIUS "
+                      "data\n");
+               return -1;
+       }
+
+       conf->num_bss++;
+       conf->last_bss = bss;
+
+       hostapd_config_defaults_bss(bss);
+       snprintf(bss->iface, sizeof(bss->iface), "%s", ifname);
+       memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
+
+       return 0;
+}
+
+
+static int valid_cw(int cw)
+{
+       return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
+               cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
+}
+
+
+enum {
+       IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
+       IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
+       IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
+       IEEE80211_TX_QUEUE_DATA3 = 3, /* used for EDCA AC_BK data */
+       IEEE80211_TX_QUEUE_DATA4 = 4,
+       IEEE80211_TX_QUEUE_AFTER_BEACON = 6,
+       IEEE80211_TX_QUEUE_BEACON = 7
+};
+
+static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
+                                  char *val)
+{
+       int num;
+       char *pos;
+       struct hostapd_tx_queue_params *queue;
+
+       /* skip 'tx_queue_' prefix */
+       pos = name + 9;
+       if (strncmp(pos, "data", 4) == 0 &&
+           pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
+               num = pos[4] - '0';
+               pos += 6;
+       } else if (strncmp(pos, "after_beacon_", 13) == 0) {
+               num = IEEE80211_TX_QUEUE_AFTER_BEACON;
+               pos += 13;
+       } else if (strncmp(pos, "beacon_", 7) == 0) {
+               num = IEEE80211_TX_QUEUE_BEACON;
+               pos += 7;
+       } else {
+               printf("Unknown tx_queue name '%s'\n", pos);
+               return -1;
+       }
+
+       queue = &conf->tx_queue[num];
+
+       if (strcmp(pos, "aifs") == 0) {
+               queue->aifs = atoi(val);
+               if (queue->aifs < 0 || queue->aifs > 255) {
+                       printf("Invalid AIFS value %d\n", queue->aifs);
+                       return -1;
+               }
+       } else if (strcmp(pos, "cwmin") == 0) {
+               queue->cwmin = atoi(val);
+               if (!valid_cw(queue->cwmin)) {
+                       printf("Invalid cwMin value %d\n", queue->cwmin);
+                       return -1;
+               }
+       } else if (strcmp(pos, "cwmax") == 0) {
+               queue->cwmax = atoi(val);
+               if (!valid_cw(queue->cwmax)) {
+                       printf("Invalid cwMax value %d\n", queue->cwmax);
+                       return -1;
+               }
+       } else if (strcmp(pos, "burst") == 0) {
+               queue->burst = hostapd_config_read_int10(val);
+       } else {
+               printf("Unknown tx_queue field '%s'\n", pos);
+               return -1;
+       }
+
+       queue->configured = 1;
+
+       return 0;
+}
+
+
+static int hostapd_config_wme_ac(struct hostapd_config *conf, char *name,
+                                  char *val)
+{
+       int num, v;
+       char *pos;
+       struct hostapd_wme_ac_params *ac;
+
+       /* skip 'wme_ac_' prefix */
+       pos = name + 7;
+       if (strncmp(pos, "be_", 3) == 0) {
+               num = 0;
+               pos += 3;
+       } else if (strncmp(pos, "bk_", 3) == 0) {
+               num = 1;
+               pos += 3;
+       } else if (strncmp(pos, "vi_", 3) == 0) {
+               num = 2;
+               pos += 3;
+       } else if (strncmp(pos, "vo_", 3) == 0) {
+               num = 3;
+               pos += 3;
+       } else {
+               printf("Unknown wme name '%s'\n", pos);
+               return -1;
+       }
+
+       ac = &conf->wme_ac_params[num];
+
+       if (strcmp(pos, "aifs") == 0) {
+               v = atoi(val);
+               if (v < 1 || v > 255) {
+                       printf("Invalid AIFS value %d\n", v);
+                       return -1;
+               }
+               ac->aifs = v;
+       } else if (strcmp(pos, "cwmin") == 0) {
+               v = atoi(val);
+               if (v < 0 || v > 12) {
+                       printf("Invalid cwMin value %d\n", v);
+                       return -1;
+               }
+               ac->cwmin = v;
+       } else if (strcmp(pos, "cwmax") == 0) {
+               v = atoi(val);
+               if (v < 0 || v > 12) {
+                       printf("Invalid cwMax value %d\n", v);
+                       return -1;
+               }
+               ac->cwmax = v;
+       } else if (strcmp(pos, "txop_limit") == 0) {
+               v = atoi(val);
+               if (v < 0 || v > 0xffff) {
+                       printf("Invalid txop value %d\n", v);
+                       return -1;
+               }
+               ac->txopLimit = v;
+       } else if (strcmp(pos, "acm") == 0) {
+               v = atoi(val);
+               if (v < 0 || v > 1) {
+                       printf("Invalid acm value %d\n", v);
+                       return -1;
+               }
+               ac->admission_control_mandatory = v;
+       } else {
+               printf("Unknown wme_ac_ field '%s'\n", pos);
+               return -1;
+       }
+
+       return 0;
+}
+
+
+struct hostapd_config * hostapd_config_read(const char *fname)
+{
+       struct hostapd_config *conf;
+       struct hostapd_bss_config *bss;
+       FILE *f;
+       char buf[256], *pos;
+       int line = 0;
+       int errors = 0;
+       size_t i;
+
+       f = fopen(fname, "r");
+       if (f == NULL) {
+               printf("Could not open configuration file '%s' for reading.\n",
+                      fname);
+               return NULL;
+       }
+
+       conf = hostapd_config_defaults();
+       if (conf == NULL) {
+               fclose(f);
+               return NULL;
+       }
+       bss = conf->last_bss = conf->bss;
+
+       while (fgets(buf, sizeof(buf), f)) {
+               bss = conf->last_bss;
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               pos = strchr(buf, '=');
+               if (pos == NULL) {
+                       printf("Line %d: invalid line '%s'\n", line, buf);
+                       errors++;
+                       continue;
+               }
+               *pos = '\0';
+               pos++;
+
+               if (strcmp(buf, "interface") == 0) {
+                       snprintf(conf->bss[0].iface,
+                                sizeof(conf->bss[0].iface), "%s", pos);
+               } else if (strcmp(buf, "bridge") == 0) {
+                       snprintf(bss->bridge, sizeof(bss->bridge), "%s", pos);
+               } else if (strcmp(buf, "driver") == 0) {
+                       conf->driver = driver_lookup(pos);
+                       if (conf->driver == NULL) {
+                               printf("Line %d: invalid/unknown driver "
+                                      "'%s'\n", line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "debug") == 0) {
+                       bss->debug = atoi(pos);
+               } else if (strcmp(buf, "logger_syslog_level") == 0) {
+                       bss->logger_syslog_level = atoi(pos);
+               } else if (strcmp(buf, "logger_stdout_level") == 0) {
+                       bss->logger_stdout_level = atoi(pos);
+               } else if (strcmp(buf, "logger_syslog") == 0) {
+                       bss->logger_syslog = atoi(pos);
+               } else if (strcmp(buf, "logger_stdout") == 0) {
+                       bss->logger_stdout = atoi(pos);
+               } else if (strcmp(buf, "dump_file") == 0) {
+                       bss->dump_log_name = strdup(pos);
+               } else if (strcmp(buf, "ssid") == 0) {
+                       bss->ssid.ssid_len = strlen(pos);
+                       if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
+                           bss->ssid.ssid_len < 1) {
+                               printf("Line %d: invalid SSID '%s'\n", line,
+                                      pos);
+                               errors++;
+                       } else {
+                               memcpy(bss->ssid.ssid, pos,
+                                      bss->ssid.ssid_len);
+                               bss->ssid.ssid[bss->ssid.ssid_len] = '\0';
+                               bss->ssid.ssid_set = 1;
+                       }
+               } else if (strcmp(buf, "macaddr_acl") == 0) {
+                       bss->macaddr_acl = atoi(pos);
+                       if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
+                           bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
+                           bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+                               printf("Line %d: unknown macaddr_acl %d\n",
+                                      line, bss->macaddr_acl);
+                       }
+               } else if (strcmp(buf, "accept_mac_file") == 0) {
+                       if (hostapd_config_read_maclist(pos, &bss->accept_mac,
+                                                       &bss->num_accept_mac))
+                       {
+                               printf("Line %d: Failed to read "
+                                      "accept_mac_file '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "deny_mac_file") == 0) {
+                       if (hostapd_config_read_maclist(pos, &bss->deny_mac,
+                                                       &bss->num_deny_mac))
+                       {
+                               printf("Line %d: Failed to read "
+                                      "deny_mac_file '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "ap_max_inactivity") == 0) {
+                       bss->ap_max_inactivity = atoi(pos);
+               } else if (strcmp(buf, "country_code") == 0) {
+                       memcpy(conf->country, pos, 2);
+                       /* FIX: make this configurable */
+                       conf->country[2] = ' ';
+               } else if (strcmp(buf, "ieee80211d") == 0) {
+                       conf->ieee80211d = atoi(pos);
+               } else if (strcmp(buf, "ieee80211h") == 0) {
+                       conf->ieee80211h = atoi(pos);
+               } else if (strcmp(buf, "assoc_ap_addr") == 0) {
+                       if (hwaddr_aton(pos, bss->assoc_ap_addr)) {
+                               printf("Line %d: invalid MAC address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+                       bss->assoc_ap = 1;
+               } else if (strcmp(buf, "ieee8021x") == 0) {
+                       bss->ieee802_1x = atoi(pos);
+               } else if (strcmp(buf, "eapol_version") == 0) {
+                       bss->eapol_version = atoi(pos);
+                       if (bss->eapol_version < 1 ||
+                           bss->eapol_version > 2) {
+                               printf("Line %d: invalid EAPOL "
+                                      "version (%d): '%s'.\n",
+                                      line, bss->eapol_version, pos);
+                               errors++;
+                       } else
+                               wpa_printf(MSG_DEBUG, "eapol_version=%d",
+                                          bss->eapol_version);
+#ifdef EAP_SERVER
+               } else if (strcmp(buf, "eap_authenticator") == 0) {
+                       bss->eap_server = atoi(pos);
+                       printf("Line %d: obsolete eap_authenticator used; "
+                              "this has been renamed to eap_server\n", line);
+               } else if (strcmp(buf, "eap_server") == 0) {
+                       bss->eap_server = atoi(pos);
+               } else if (strcmp(buf, "eap_user_file") == 0) {
+                       if (hostapd_config_read_eap_user(pos, bss))
+                               errors++;
+               } else if (strcmp(buf, "ca_cert") == 0) {
+                       free(bss->ca_cert);
+                       bss->ca_cert = strdup(pos);
+               } else if (strcmp(buf, "server_cert") == 0) {
+                       free(bss->server_cert);
+                       bss->server_cert = strdup(pos);
+               } else if (strcmp(buf, "private_key") == 0) {
+                       free(bss->private_key);
+                       bss->private_key = strdup(pos);
+               } else if (strcmp(buf, "private_key_passwd") == 0) {
+                       free(bss->private_key_passwd);
+                       bss->private_key_passwd = strdup(pos);
+               } else if (strcmp(buf, "check_crl") == 0) {
+                       bss->check_crl = atoi(pos);
+#ifdef EAP_SIM
+               } else if (strcmp(buf, "eap_sim_db") == 0) {
+                       free(bss->eap_sim_db);
+                       bss->eap_sim_db = strdup(pos);
+#endif /* EAP_SIM */
+#endif /* EAP_SERVER */
+               } else if (strcmp(buf, "eap_message") == 0) {
+                       char *term;
+                       bss->eap_req_id_text = strdup(pos);
+                       if (bss->eap_req_id_text == NULL) {
+                               printf("Line %d: Failed to allocate memory "
+                                      "for eap_req_id_text\n", line);
+                               errors++;
+                               continue;
+                       }
+                       bss->eap_req_id_text_len =
+                               strlen(bss->eap_req_id_text);
+                       term = strstr(bss->eap_req_id_text, "\\0");
+                       if (term) {
+                               *term++ = '\0';
+                               memmove(term, term + 1,
+                                       bss->eap_req_id_text_len -
+                                       (term - bss->eap_req_id_text) - 1);
+                               bss->eap_req_id_text_len--;
+                       }
+               } else if (strcmp(buf, "wep_key_len_broadcast") == 0) {
+                       bss->default_wep_key_len = atoi(pos);
+                       if (bss->default_wep_key_len > 13) {
+                               printf("Line %d: invalid WEP key len %lu "
+                                      "(= %lu bits)\n", line,
+                                      (unsigned long)
+                                      bss->default_wep_key_len,
+                                      (unsigned long)
+                                      bss->default_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wep_key_len_unicast") == 0) {
+                       bss->individual_wep_key_len = atoi(pos);
+                       if (bss->individual_wep_key_len < 0 ||
+                           bss->individual_wep_key_len > 13) {
+                               printf("Line %d: invalid WEP key len %d "
+                                      "(= %d bits)\n", line,
+                                      bss->individual_wep_key_len,
+                                      bss->individual_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wep_rekey_period") == 0) {
+                       bss->wep_rekeying_period = atoi(pos);
+                       if (bss->wep_rekeying_period < 0) {
+                               printf("Line %d: invalid period %d\n",
+                                      line, bss->wep_rekeying_period);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "eap_reauth_period") == 0) {
+                       bss->eap_reauth_period = atoi(pos);
+                       if (bss->eap_reauth_period < 0) {
+                               printf("Line %d: invalid period %d\n",
+                                      line, bss->eap_reauth_period);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "eapol_key_index_workaround") == 0) {
+                       bss->eapol_key_index_workaround = atoi(pos);
+#ifdef CONFIG_IAPP
+               } else if (strcmp(buf, "iapp_interface") == 0) {
+                       bss->ieee802_11f = 1;
+                       snprintf(bss->iapp_iface, sizeof(bss->iapp_iface),
+                                "%s", pos);
+#endif /* CONFIG_IAPP */
+               } else if (strcmp(buf, "own_ip_addr") == 0) {
+                       if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "nas_identifier") == 0) {
+                       bss->nas_identifier = strdup(pos);
+               } else if (strcmp(buf, "auth_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &bss->radius->auth_servers,
+                                   &bss->radius->num_auth_servers, pos, 1812,
+                                   &bss->radius->auth_server)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (bss->radius->auth_server &&
+                          strcmp(buf, "auth_server_port") == 0) {
+                       bss->radius->auth_server->port = atoi(pos);
+               } else if (bss->radius->auth_server &&
+                          strcmp(buf, "auth_server_shared_secret") == 0) {
+                       int len = strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               printf("Line %d: empty shared secret is not "
+                                      "allowed.\n", line);
+                               errors++;
+                       }
+                       bss->radius->auth_server->shared_secret =
+                               (u8 *) strdup(pos);
+                       bss->radius->auth_server->shared_secret_len = len;
+               } else if (strcmp(buf, "acct_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &bss->radius->acct_servers,
+                                   &bss->radius->num_acct_servers, pos, 1813,
+                                   &bss->radius->acct_server)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (bss->radius->acct_server &&
+                          strcmp(buf, "acct_server_port") == 0) {
+                       bss->radius->acct_server->port = atoi(pos);
+               } else if (bss->radius->acct_server &&
+                          strcmp(buf, "acct_server_shared_secret") == 0) {
+                       int len = strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               printf("Line %d: empty shared secret is not "
+                                      "allowed.\n", line);
+                               errors++;
+                       }
+                       bss->radius->acct_server->shared_secret =
+                               (u8 *) strdup(pos);
+                       bss->radius->acct_server->shared_secret_len = len;
+               } else if (strcmp(buf, "radius_retry_primary_interval") == 0) {
+                       bss->radius->retry_primary_interval = atoi(pos);
+               } else if (strcmp(buf, "radius_acct_interim_interval") == 0) {
+                       bss->radius->acct_interim_interval = atoi(pos);
+               } else if (strcmp(buf, "auth_algs") == 0) {
+                       bss->auth_algs = atoi(pos);
+                       if (bss->auth_algs == 0) {
+                               printf("Line %d: no authentication algorithms "
+                                      "allowed\n",
+                                      line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "max_num_sta") == 0) {
+                       bss->max_num_sta = atoi(pos);
+                       if (bss->max_num_sta < 0 ||
+                           bss->max_num_sta > MAX_STA_COUNT) {
+                               printf("Line %d: Invalid max_num_sta=%d; "
+                                      "allowed range 0..%d\n", line,
+                                      bss->max_num_sta, MAX_STA_COUNT);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wpa") == 0) {
+                       bss->wpa = atoi(pos);
+               } else if (strcmp(buf, "wpa_group_rekey") == 0) {
+                       bss->wpa_group_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_strict_rekey") == 0) {
+                       bss->wpa_strict_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_gmk_rekey") == 0) {
+                       bss->wpa_gmk_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_passphrase") == 0) {
+                       int len = strlen(pos);
+                       if (len < 8 || len > 63) {
+                               printf("Line %d: invalid WPA passphrase length"
+                                      " %d (expected 8..63)\n", line, len);
+                               errors++;
+                       } else {
+                               free(bss->ssid.wpa_passphrase);
+                               bss->ssid.wpa_passphrase = strdup(pos);
+                       }
+               } else if (strcmp(buf, "wpa_psk") == 0) {
+                       free(bss->ssid.wpa_psk);
+                       bss->ssid.wpa_psk =
+                               wpa_zalloc(sizeof(struct hostapd_wpa_psk));
+                       if (bss->ssid.wpa_psk == NULL)
+                               errors++;
+                       else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
+                                           PMK_LEN) ||
+                                pos[PMK_LEN * 2] != '\0') {
+                               printf("Line %d: Invalid PSK '%s'.\n", line,
+                                      pos);
+                               errors++;
+                       } else {
+                               bss->ssid.wpa_psk->group = 1;
+                       }
+               } else if (strcmp(buf, "wpa_psk_file") == 0) {
+                       free(bss->ssid.wpa_psk_file);
+                       bss->ssid.wpa_psk_file = strdup(pos);
+                       if (!bss->ssid.wpa_psk_file) {
+                               printf("Line %d: allocation failed\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wpa_key_mgmt") == 0) {
+                       bss->wpa_key_mgmt =
+                               hostapd_config_parse_key_mgmt(line, pos);
+                       if (bss->wpa_key_mgmt == -1)
+                               errors++;
+               } else if (strcmp(buf, "wpa_pairwise") == 0) {
+                       bss->wpa_pairwise =
+                               hostapd_config_parse_cipher(line, pos);
+                       if (bss->wpa_pairwise == -1 ||
+                           bss->wpa_pairwise == 0)
+                               errors++;
+                       else if (bss->wpa_pairwise &
+                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+                                 WPA_CIPHER_WEP104)) {
+                               printf("Line %d: unsupported pairwise "
+                                      "cipher suite '%s'\n",
+                                      bss->wpa_pairwise, pos);
+                               errors++;
+                       } else {
+                               if (bss->wpa_pairwise & WPA_CIPHER_TKIP)
+                                       bss->wpa_group = WPA_CIPHER_TKIP;
+                               else
+                                       bss->wpa_group = WPA_CIPHER_CCMP;
+                       }
+#ifdef CONFIG_RSN_PREAUTH
+               } else if (strcmp(buf, "rsn_preauth") == 0) {
+                       bss->rsn_preauth = atoi(pos);
+               } else if (strcmp(buf, "rsn_preauth_interfaces") == 0) {
+                       bss->rsn_preauth_interfaces = strdup(pos);
+#endif /* CONFIG_RSN_PREAUTH */
+#ifdef CONFIG_PEERKEY
+               } else if (strcmp(buf, "peerkey") == 0) {
+                       bss->peerkey = atoi(pos);
+#endif /* CONFIG_PEERKEY */
+               } else if (strcmp(buf, "ctrl_interface") == 0) {
+                       free(bss->ctrl_interface);
+                       bss->ctrl_interface = strdup(pos);
+               } else if (strcmp(buf, "ctrl_interface_group") == 0) {
+#ifndef CONFIG_NATIVE_WINDOWS
+                       struct group *grp;
+                       char *endp;
+                       const char *group = pos;
+
+                       grp = getgrnam(group);
+                       if (grp) {
+                               bss->ctrl_interface_gid = grp->gr_gid;
+                               bss->ctrl_interface_gid_set = 1;
+                               wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
+                                          " (from group name '%s')",
+                                          bss->ctrl_interface_gid, group);
+                               continue;
+                       }
+
+                       /* Group name not found - try to parse this as gid */
+                       bss->ctrl_interface_gid = strtol(group, &endp, 10);
+                       if (*group == '\0' || *endp != '\0') {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
+                                          "'%s'", line, group);
+                               errors++;
+                               continue;
+                       }
+                       bss->ctrl_interface_gid_set = 1;
+                       wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+                                  bss->ctrl_interface_gid);
+#endif /* CONFIG_NATIVE_WINDOWS */
+#ifdef RADIUS_SERVER
+               } else if (strcmp(buf, "radius_server_clients") == 0) {
+                       free(bss->radius_server_clients);
+                       bss->radius_server_clients = strdup(pos);
+               } else if (strcmp(buf, "radius_server_auth_port") == 0) {
+                       bss->radius_server_auth_port = atoi(pos);
+               } else if (strcmp(buf, "radius_server_ipv6") == 0) {
+                       bss->radius_server_ipv6 = atoi(pos);
+#endif /* RADIUS_SERVER */
+               } else if (strcmp(buf, "test_socket") == 0) {
+                       free(bss->test_socket);
+                       bss->test_socket = strdup(pos);
+               } else if (strcmp(buf, "use_pae_group_addr") == 0) {
+                       bss->use_pae_group_addr = atoi(pos);
+               } else if (strcmp(buf, "hw_mode") == 0) {
+                       if (strcmp(pos, "a") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
+                       else if (strcmp(pos, "b") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
+                       else if (strcmp(pos, "g") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
+                       else {
+                               printf("Line %d: unknown hw_mode '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "channel") == 0) {
+                       conf->channel = atoi(pos);
+               } else if (strcmp(buf, "beacon_int") == 0) {
+                       int val = atoi(pos);
+                       /* MIB defines range as 1..65535, but very small values
+                        * cause problems with the current implementation.
+                        * Since it is unlikely that this small numbers are
+                        * useful in real life scenarios, do not allow beacon
+                        * period to be set below 15 TU. */
+                       if (val < 15 || val > 65535) {
+                               printf("Line %d: invalid beacon_int %d "
+                                      "(expected 15..65535)\n",
+                                      line, val);
+                               errors++;
+                       } else
+                               conf->beacon_int = val;
+               } else if (strcmp(buf, "dtim_period") == 0) {
+                       bss->dtim_period = atoi(pos);
+                       if (bss->dtim_period < 1 || bss->dtim_period > 255) {
+                               printf("Line %d: invalid dtim_period %d\n",
+                                      line, bss->dtim_period);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "rts_threshold") == 0) {
+                       conf->rts_threshold = atoi(pos);
+                       if (conf->rts_threshold < 0 ||
+                           conf->rts_threshold > 2347) {
+                               printf("Line %d: invalid rts_threshold %d\n",
+                                      line, conf->rts_threshold);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "fragm_threshold") == 0) {
+                       conf->fragm_threshold = atoi(pos);
+                       if (conf->fragm_threshold < 256 ||
+                           conf->fragm_threshold > 2346) {
+                               printf("Line %d: invalid fragm_threshold %d\n",
+                                      line, conf->fragm_threshold);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "send_probe_response") == 0) {
+                       int val = atoi(pos);
+                       if (val != 0 && val != 1) {
+                               printf("Line %d: invalid send_probe_response "
+                                      "%d (expected 0 or 1)\n", line, val);
+                       } else
+                               conf->send_probe_response = val;
+               } else if (strcmp(buf, "supported_rates") == 0) {
+                       if (hostapd_parse_rates(&conf->supported_rates, pos)) {
+                               printf("Line %d: invalid rate list\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "basic_rates") == 0) {
+                       if (hostapd_parse_rates(&conf->basic_rates, pos)) {
+                               printf("Line %d: invalid rate list\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "ignore_broadcast_ssid") == 0) {
+                       bss->ignore_broadcast_ssid = atoi(pos);
+               } else if (strcmp(buf, "bridge_packets") == 0) {
+                       conf->bridge_packets = atoi(pos);
+               } else if (strcmp(buf, "wep_default_key") == 0) {
+                       bss->ssid.wep.idx = atoi(pos);
+                       if (bss->ssid.wep.idx > 3) {
+                               printf("Invalid wep_default_key index %d\n",
+                                      bss->ssid.wep.idx);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wep_key0") == 0 ||
+                          strcmp(buf, "wep_key1") == 0 ||
+                          strcmp(buf, "wep_key2") == 0 ||
+                          strcmp(buf, "wep_key3") == 0) {
+                       if (hostapd_config_read_wep(&bss->ssid.wep,
+                                                   buf[7] - '0', pos)) {
+                               printf("Line %d: invalid WEP key '%s'\n",
+                                      line, buf);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "dynamic_vlan") == 0) {
+                       bss->ssid.dynamic_vlan = atoi(pos);
+               } else if (strcmp(buf, "vlan_file") == 0) {
+                       if (hostapd_config_read_vlan_file(bss, pos)) {
+                               printf("Line %d: failed to read VLAN file "
+                                      "'%s'\n", line, pos);
+                               errors++;
+                       }
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+               } else if (strcmp(buf, "vlan_tagged_interface") == 0) {
+                       bss->ssid.vlan_tagged_interface = strdup(pos);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+               } else if (strcmp(buf, "passive_scan_interval") == 0) {
+                       conf->passive_scan_interval = atoi(pos);
+               } else if (strcmp(buf, "passive_scan_listen") == 0) {
+                       conf->passive_scan_listen = atoi(pos);
+               } else if (strcmp(buf, "passive_scan_mode") == 0) {
+                       conf->passive_scan_mode = atoi(pos);
+               } else if (strcmp(buf, "ap_table_max_size") == 0) {
+                       conf->ap_table_max_size = atoi(pos);
+               } else if (strcmp(buf, "ap_table_expiration_time") == 0) {
+                       conf->ap_table_expiration_time = atoi(pos);
+               } else if (strncmp(buf, "tx_queue_", 9) == 0) {
+                       if (hostapd_config_tx_queue(conf, buf, pos)) {
+                               printf("Line %d: invalid TX queue item\n",
+                                      line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wme_enabled") == 0) {
+                       bss->wme_enabled = atoi(pos);
+               } else if (strncmp(buf, "wme_ac_", 7) == 0) {
+                       if (hostapd_config_wme_ac(conf, buf, pos)) {
+                               printf("Line %d: invalid wme ac item\n",
+                                      line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "bss") == 0) {
+                       if (hostapd_config_bss(conf, pos)) {
+                               printf("Line %d: invalid bss item\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "bssid") == 0) {
+                       if (bss == conf->bss) {
+                               printf("Line %d: bssid item not allowed "
+                                      "for the default interface\n", line);
+                               errors++;
+                       } else if (hwaddr_aton(pos, bss->bssid)) {
+                               printf("Line %d: invalid bssid item\n", line);
+                               errors++;
+                       }
+#ifdef CONFIG_IEEE80211W
+               } else if (strcmp(buf, "ieee80211w") == 0) {
+                       bss->ieee80211w = atoi(pos);
+#endif /* CONFIG_IEEE80211W */
+               } else {
+                       printf("Line %d: unknown configuration item '%s'\n",
+                              line, buf);
+                       errors++;
+               }
+       }
+
+       fclose(f);
+
+       if (bss->individual_wep_key_len == 0) {
+               /* individual keys are not use; can use key idx0 for broadcast
+                * keys */
+               bss->broadcast_key_idx_min = 0;
+       }
+
+       for (i = 0; i < conf->num_bss; i++) {
+               bss = &conf->bss[i];
+
+               bss->radius->auth_server = bss->radius->auth_servers;
+               bss->radius->acct_server = bss->radius->acct_servers;
+
+               if (bss->wpa && bss->ieee802_1x) {
+                       bss->ssid.security_policy = SECURITY_WPA;
+               } else if (bss->wpa) {
+                       bss->ssid.security_policy = SECURITY_WPA_PSK;
+               } else if (bss->ieee802_1x) {
+                       bss->ssid.security_policy = SECURITY_IEEE_802_1X;
+                       bss->ssid.wep.default_len = bss->default_wep_key_len;
+               } else if (bss->ssid.wep.keys_set)
+                       bss->ssid.security_policy = SECURITY_STATIC_WEP;
+               else
+                       bss->ssid.security_policy = SECURITY_PLAINTEXT;
+       }
+
+       if (hostapd_config_check(conf))
+               errors++;
+
+       if (errors) {
+               printf("%d errors found in configuration file '%s'\n",
+                      errors, fname);
+               hostapd_config_free(conf);
+               conf = NULL;
+       }
+
+       return conf;
+}
+
+
+int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b)
+{
+       int i;
+
+       if (a->idx != b->idx || a->default_len != b->default_len)
+               return 1;
+       for (i = 0; i < NUM_WEP_KEYS; i++)
+               if (a->len[i] != b->len[i] ||
+                   memcmp(a->key[i], b->key[i], a->len[i]) != 0)
+                       return 1;
+       return 0;
+}
+
+
+static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
+                                      int num_servers)
+{
+       int i;
+
+       for (i = 0; i < num_servers; i++) {
+               free(servers[i].shared_secret);
+       }
+       free(servers);
+}
+
+
+static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
+{
+       free(user->identity);
+       free(user->password);
+       free(user);
+}
+
+
+static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
+{
+       int i;
+       for (i = 0; i < NUM_WEP_KEYS; i++) {
+               free(keys->key[i]);
+               keys->key[i] = NULL;
+       }
+}
+
+
+static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
+{
+       struct hostapd_wpa_psk *psk, *prev;
+       struct hostapd_eap_user *user, *prev_user;
+
+       if (conf == NULL)
+               return;
+
+       psk = conf->ssid.wpa_psk;
+       while (psk) {
+               prev = psk;
+               psk = psk->next;
+               free(prev);
+       }
+
+       free(conf->ssid.wpa_passphrase);
+       free(conf->ssid.wpa_psk_file);
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+       free(conf->ssid.vlan_tagged_interface);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+       user = conf->eap_user;
+       while (user) {
+               prev_user = user;
+               user = user->next;
+               hostapd_config_free_eap_user(prev_user);
+       }
+
+       free(conf->dump_log_name);
+       free(conf->eap_req_id_text);
+       free(conf->accept_mac);
+       free(conf->deny_mac);
+       free(conf->nas_identifier);
+       hostapd_config_free_radius(conf->radius->auth_servers,
+                                  conf->radius->num_auth_servers);
+       hostapd_config_free_radius(conf->radius->acct_servers,
+                                  conf->radius->num_acct_servers);
+       free(conf->rsn_preauth_interfaces);
+       free(conf->ctrl_interface);
+       free(conf->ca_cert);
+       free(conf->server_cert);
+       free(conf->private_key);
+       free(conf->private_key_passwd);
+       free(conf->eap_sim_db);
+       free(conf->radius_server_clients);
+       free(conf->test_socket);
+       free(conf->radius);
+       hostapd_config_free_vlan(conf);
+       if (conf->ssid.dyn_vlan_keys) {
+               struct hostapd_ssid *ssid = &conf->ssid;
+               size_t i;
+               for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
+                       if (ssid->dyn_vlan_keys[i] == NULL)
+                               continue;
+                       hostapd_config_free_wep(ssid->dyn_vlan_keys[i]);
+                       free(ssid->dyn_vlan_keys[i]);
+               }
+               free(ssid->dyn_vlan_keys);
+               ssid->dyn_vlan_keys = NULL;
+       }
+}
+
+
+void hostapd_config_free(struct hostapd_config *conf)
+{
+       size_t i;
+
+       if (conf == NULL)
+               return;
+
+       for (i = 0; i < conf->num_bss; i++)
+               hostapd_config_free_bss(&conf->bss[i]);
+       free(conf->bss);
+
+       free(conf);
+}
+
+
+/* Perform a binary search for given MAC address from a pre-sorted list.
+ * Returns 1 if address is in the list or 0 if not. */
+int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr)
+{
+       int start, end, middle, res;
+
+       start = 0;
+       end = num_entries - 1;
+
+       while (start <= end) {
+               middle = (start + end) / 2;
+               res = memcmp(list[middle], addr, ETH_ALEN);
+               if (res == 0)
+                       return 1;
+               if (res < 0)
+                       start = middle + 1;
+               else
+                       end = middle - 1;
+       }
+
+       return 0;
+}
+
+
+int hostapd_rate_found(int *list, int rate)
+{
+       int i;
+
+       if (list == NULL)
+               return 0;
+
+       for (i = 0; list[i] >= 0; i++)
+               if (list[i] == rate)
+                       return 1;
+
+       return 0;
+}
+
+
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
+{
+       struct hostapd_vlan *v = vlan;
+       while (v) {
+               if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
+                       return v->ifname;
+               v = v->next;
+       }
+       return NULL;
+}
+
+
+const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+                          const u8 *addr, const u8 *prev_psk)
+{
+       struct hostapd_wpa_psk *psk;
+       int next_ok = prev_psk == NULL;
+
+       for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
+               if (next_ok &&
+                   (psk->group || memcmp(psk->addr, addr, ETH_ALEN) == 0))
+                       return psk->psk;
+
+               if (psk->psk == prev_psk)
+                       next_ok = 1;
+       }
+
+       return NULL;
+}
+
+
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
+                    size_t identity_len, int phase2)
+{
+       struct hostapd_eap_user *user = conf->eap_user;
+
+       while (user) {
+               if (!phase2 && user->identity == NULL) {
+                       /* Wildcard match */
+                       break;
+               }
+
+               if (!phase2 && user->wildcard_prefix &&
+                   identity_len >= user->identity_len &&
+                   memcmp(user->identity, identity, user->identity_len) == 0)
+               {
+                       /* Wildcard prefix match */
+                       break;
+               }
+
+               if (user->phase2 == !!phase2 &&
+                   user->identity_len == identity_len &&
+                   memcmp(user->identity, identity, identity_len) == 0)
+                       break;
+               user = user->next;
+       }
+
+       return user;
+}
diff --git a/contrib/hostapd-0.5.8/config.h b/contrib/hostapd-0.5.8/config.h
new file mode 100644 (file)
index 0000000..fafe8e0
--- /dev/null
@@ -0,0 +1,362 @@
+/*
+ * hostapd / Configuration file
+ * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include "config_types.h"
+
+typedef u8 macaddr[ETH_ALEN];
+
+struct hostapd_radius_servers;
+
+#define HOSTAPD_MAX_SSID_LEN 32
+
+#define NUM_WEP_KEYS 4
+struct hostapd_wep_keys {
+       u8 idx;
+       u8 *key[NUM_WEP_KEYS];
+       size_t len[NUM_WEP_KEYS];
+       int keys_set;
+       size_t default_len; /* key length used for dynamic key generation */
+};
+
+typedef enum hostap_security_policy {
+       SECURITY_PLAINTEXT = 0,
+       SECURITY_STATIC_WEP = 1,
+       SECURITY_IEEE_802_1X = 2,
+       SECURITY_WPA_PSK = 3,
+       SECURITY_WPA = 4
+} secpolicy;
+
+struct hostapd_ssid {
+       char ssid[HOSTAPD_MAX_SSID_LEN + 1];
+       size_t ssid_len;
+       int ssid_set;
+
+       char vlan[IFNAMSIZ + 1];
+       secpolicy security_policy;
+
+       struct hostapd_wpa_psk *wpa_psk;
+       char *wpa_passphrase;
+       char *wpa_psk_file;
+
+       struct hostapd_wep_keys wep;
+
+#define DYNAMIC_VLAN_DISABLED 0
+#define DYNAMIC_VLAN_OPTIONAL 1
+#define DYNAMIC_VLAN_REQUIRED 2
+       int dynamic_vlan;
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+       char *vlan_tagged_interface;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+       struct hostapd_wep_keys **dyn_vlan_keys;
+       size_t max_dyn_vlan_keys;
+};
+
+
+#define VLAN_ID_WILDCARD -1
+
+struct hostapd_vlan {
+       struct hostapd_vlan *next;
+       int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */
+       char ifname[IFNAMSIZ + 1];
+       int dynamic_vlan;
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+
+#define DVLAN_CLEAN_BR         0x1
+#define DVLAN_CLEAN_VLAN       0x2
+#define DVLAN_CLEAN_VLAN_PORT  0x4
+#define DVLAN_CLEAN_WLAN_PORT  0x8
+       int clean;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+};
+
+#define PMK_LEN 32
+struct hostapd_wpa_psk {
+       struct hostapd_wpa_psk *next;
+       int group;
+       u8 psk[PMK_LEN];
+       u8 addr[ETH_ALEN];
+};
+
+#define EAP_USER_MAX_METHODS 8
+struct hostapd_eap_user {
+       struct hostapd_eap_user *next;
+       u8 *identity;
+       size_t identity_len;
+       struct {
+               int vendor;
+               u32 method;
+       } methods[EAP_USER_MAX_METHODS];
+       u8 *password;
+       size_t password_len;
+       int phase2;
+       int force_version;
+       unsigned int wildcard_prefix:1;
+       unsigned int password_hash:1; /* whether password is hashed with
+                                      * nt_password_hash() */
+};
+
+
+#define NUM_TX_QUEUES 8
+
+struct hostapd_tx_queue_params {
+       int aifs;
+       int cwmin;
+       int cwmax;
+       int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */
+       int configured;
+};
+
+struct hostapd_wme_ac_params {
+       int cwmin;
+       int cwmax;
+       int aifs;
+       int txopLimit; /* in units of 32us */
+       int admission_control_mandatory;
+};
+
+
+/**
+ * struct hostapd_bss_config - Per-BSS configuration
+ */
+struct hostapd_bss_config {
+       char iface[IFNAMSIZ + 1];
+       char bridge[IFNAMSIZ + 1];
+
+       enum {
+               HOSTAPD_LEVEL_DEBUG_VERBOSE = 0,
+               HOSTAPD_LEVEL_DEBUG = 1,
+               HOSTAPD_LEVEL_INFO = 2,
+               HOSTAPD_LEVEL_NOTICE = 3,
+               HOSTAPD_LEVEL_WARNING = 4
+       } logger_syslog_level, logger_stdout_level;
+
+#define HOSTAPD_MODULE_IEEE80211 BIT(0)
+#define HOSTAPD_MODULE_IEEE8021X BIT(1)
+#define HOSTAPD_MODULE_RADIUS BIT(2)
+#define HOSTAPD_MODULE_WPA BIT(3)
+#define HOSTAPD_MODULE_DRIVER BIT(4)
+#define HOSTAPD_MODULE_IAPP BIT(5)
+#define HOSTAPD_MODULE_MLME BIT(6)
+       unsigned int logger_syslog; /* module bitfield */
+       unsigned int logger_stdout; /* module bitfield */
+
+       enum { HOSTAPD_DEBUG_NO = 0, HOSTAPD_DEBUG_MINIMAL = 1,
+              HOSTAPD_DEBUG_VERBOSE = 2,
+              HOSTAPD_DEBUG_MSGDUMPS = 3,
+              HOSTAPD_DEBUG_EXCESSIVE = 4 } debug; /* debug verbosity level */
+       char *dump_log_name; /* file name for state dump (SIGUSR1) */
+
+       int max_num_sta; /* maximum number of STAs in station table */
+
+       int dtim_period;
+
+       int ieee802_1x; /* use IEEE 802.1X */
+       int eapol_version;
+       int eap_server; /* Use internal EAP server instead of external
+                        * RADIUS server */
+       struct hostapd_eap_user *eap_user;
+       char *eap_sim_db;
+       struct hostapd_ip_addr own_ip_addr;
+       char *nas_identifier;
+       struct hostapd_radius_servers *radius;
+
+       struct hostapd_ssid ssid;
+
+       char *eap_req_id_text; /* optional displayable message sent with
+                               * EAP Request-Identity */
+       size_t eap_req_id_text_len;
+       int eapol_key_index_workaround;
+
+       size_t default_wep_key_len;
+       int individual_wep_key_len;
+       int wep_rekeying_period;
+       int broadcast_key_idx_min, broadcast_key_idx_max;
+       int eap_reauth_period;
+
+       int ieee802_11f; /* use IEEE 802.11f (IAPP) */
+       char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
+                                       * frames */
+
+       u8 assoc_ap_addr[ETH_ALEN];
+       int assoc_ap; /* whether assoc_ap_addr is set */
+
+       enum {
+               ACCEPT_UNLESS_DENIED = 0,
+               DENY_UNLESS_ACCEPTED = 1,
+               USE_EXTERNAL_RADIUS_AUTH = 2
+       } macaddr_acl;
+       macaddr *accept_mac;
+       int num_accept_mac;
+       macaddr *deny_mac;
+       int num_deny_mac;
+
+#define HOSTAPD_AUTH_OPEN BIT(0)
+#define HOSTAPD_AUTH_SHARED_KEY BIT(1)
+       int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
+                       * algorithms */
+
+#define HOSTAPD_WPA_VERSION_WPA BIT(0)
+#define HOSTAPD_WPA_VERSION_WPA2 BIT(1)
+       int wpa;
+#define WPA_KEY_MGMT_IEEE8021X BIT(0)
+#define WPA_KEY_MGMT_PSK BIT(1)
+       int wpa_key_mgmt;
+#define WPA_CIPHER_NONE BIT(0)
+#define WPA_CIPHER_WEP40 BIT(1)
+#define WPA_CIPHER_WEP104 BIT(2)
+#define WPA_CIPHER_TKIP BIT(3)
+#define WPA_CIPHER_CCMP BIT(4)
+#ifdef CONFIG_IEEE80211W
+#define WPA_CIPHER_AES_128_CMAC BIT(5)
+       enum {
+               NO_IEEE80211W = 0,
+               IEEE80211W_OPTIONAL = 1,
+               IEEE80211W_REQUIRED = 2
+       } ieee80211w;
+#endif /* CONFIG_IEEE80211W */
+       int wpa_pairwise;
+       int wpa_group;
+       int wpa_group_rekey;
+       int wpa_strict_rekey;
+       int wpa_gmk_rekey;
+       int rsn_preauth;
+       char *rsn_preauth_interfaces;
+       int peerkey;
+
+       char *ctrl_interface; /* directory for UNIX domain sockets */
+       gid_t ctrl_interface_gid;
+       int ctrl_interface_gid_set;
+
+       char *ca_cert;
+       char *server_cert;
+       char *private_key;
+       char *private_key_passwd;
+       int check_crl;
+
+       char *radius_server_clients;
+       int radius_server_auth_port;
+       int radius_server_ipv6;
+
+       char *test_socket; /* UNIX domain socket path for driver_test */
+
+       int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group
+                                * address instead of individual address
+                                * (for driver_wired.c).
+                                */
+
+       int ap_max_inactivity;
+       int ignore_broadcast_ssid;
+
+       int wme_enabled;
+
+       struct hostapd_vlan *vlan, *vlan_tail;
+
+       macaddr bssid;
+};
+
+
+typedef enum {
+       HOSTAPD_MODE_IEEE80211B,
+       HOSTAPD_MODE_IEEE80211G,
+       HOSTAPD_MODE_IEEE80211A,
+       NUM_HOSTAPD_MODES
+} hostapd_hw_mode;
+
+
+/**
+ * struct hostapd_config - Per-radio interface configuration
+ */
+struct hostapd_config {
+       struct hostapd_bss_config *bss, *last_bss;
+       struct hostapd_radius_servers *radius;
+       size_t num_bss;
+
+       u16 beacon_int;
+       int rts_threshold;
+       int fragm_threshold;
+       u8 send_probe_response;
+       u8 channel;
+       hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */
+       enum {
+               LONG_PREAMBLE = 0,
+               SHORT_PREAMBLE = 1
+       } preamble;
+       enum {
+               CTS_PROTECTION_AUTOMATIC = 0,
+               CTS_PROTECTION_FORCE_ENABLED = 1,
+               CTS_PROTECTION_FORCE_DISABLED = 2,
+               CTS_PROTECTION_AUTOMATIC_NO_OLBC = 3,
+       } cts_protection_type;
+
+       int *supported_rates;
+       int *basic_rates;
+
+       const struct driver_ops *driver;
+
+       int passive_scan_interval; /* seconds, 0 = disabled */
+       int passive_scan_listen; /* usec */
+       int passive_scan_mode;
+       int ap_table_max_size;
+       int ap_table_expiration_time;
+
+       char country[3]; /* first two octets: country code as described in
+                         * ISO/IEC 3166-1. Third octet:
+                         * ' ' (ascii 32): all environments
+                         * 'O': Outdoor environemnt only
+                         * 'I': Indoor environment only
+                         */
+
+       int ieee80211d;
+       unsigned int ieee80211h; /* Enable/Disable 80211h */
+
+       struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES];
+
+       /*
+        * WME AC parameters, in same order as 802.1D, i.e.
+        * 0 = BE (best effort)
+        * 1 = BK (background)
+        * 2 = VI (video)
+        * 3 = VO (voice)
+        */
+       struct hostapd_wme_ac_params wme_ac_params[4];
+
+       enum {
+               INTERNAL_BRIDGE_DO_NOT_CONTROL = -1,
+               INTERNAL_BRIDGE_DISABLED = 0,
+               INTERNAL_BRIDGE_ENABLED = 1
+       } bridge_packets;
+};
+
+
+int hostapd_mac_comp(const void *a, const void *b);
+int hostapd_mac_comp_empty(const void *a);
+struct hostapd_config * hostapd_config_read(const char *fname);
+void hostapd_config_free(struct hostapd_config *conf);
+int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr);
+int hostapd_rate_found(int *list, int rate);
+int hostapd_wep_key_cmp(struct hostapd_wep_keys *a,
+                       struct hostapd_wep_keys *b);
+const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+                          const u8 *addr, const u8 *prev_psk);
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
+                                       int vlan_id);
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
+                    size_t identity_len, int phase2);
+
+#endif /* CONFIG_H */
diff --git a/contrib/hostapd-0.5.8/config_types.h b/contrib/hostapd-0.5.8/config_types.h
new file mode 100644 (file)
index 0000000..ffcffa3
--- /dev/null
@@ -0,0 +1,28 @@
+/*
+ * hostapd / Shared configuration file defines
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_TYPES_H
+#define CONFIG_TYPES_H
+
+struct hostapd_ip_addr {
+       union {
+               struct in_addr v4;
+#ifdef CONFIG_IPV6
+               struct in6_addr v6;
+#endif /* CONFIG_IPV6 */
+       } u;
+       int af; /* AF_INET / AF_INET6 */
+};
+
+#endif /* CONFIG_TYPES_H */
diff --git a/contrib/hostapd-0.5.8/crypto.c b/contrib/hostapd-0.5.8/crypto.c
new file mode 100644 (file)
index 0000000..c5edd24
--- /dev/null
@@ -0,0 +1,207 @@
+/*
+ * WPA Supplicant / wrapper functions for libcrypto
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <openssl/opensslv.h>
+#include <openssl/md4.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/des.h>
+#include <openssl/aes.h>
+
+#include "common.h"
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000
+#define DES_key_schedule des_key_schedule
+#define DES_cblock des_cblock
+#define DES_set_key(key, schedule) des_set_key((key), *(schedule))
+#define DES_ecb_encrypt(input, output, ks, enc) \
+       des_ecb_encrypt((input), (output), *(ks), (enc))
+#endif /* openssl < 0.9.7 */
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       MD4_CTX ctx;
+       size_t i;
+
+       MD4_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               MD4_Update(&ctx, addr[i], len[i]);
+       MD4_Final(mac, &ctx);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+       u8 pkey[8], next, tmp;
+       int i;
+       DES_key_schedule ks;
+
+       /* Add parity bits to the key */
+       next = 0;
+       for (i = 0; i < 7; i++) {
+               tmp = key[i];
+               pkey[i] = (tmp >> i) | next | 1;
+               next = tmp << (7 - i);
+       }
+       pkey[i] = next | 1;
+
+       DES_set_key(&pkey, &ks);
+       DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
+                       DES_ENCRYPT);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       MD5_CTX ctx;
+       size_t i;
+
+       MD5_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               MD5_Update(&ctx, addr[i], len[i]);
+       MD5_Final(mac, &ctx);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       SHA_CTX ctx;
+       size_t i;
+
+       SHA1_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               SHA1_Update(&ctx, addr[i], len[i]);
+       SHA1_Final(mac, &ctx);
+}
+
+
+static void sha1_transform(u8 *state, const u8 data[64])
+{
+       SHA_CTX context;
+       os_memset(&context, 0, sizeof(context));
+       os_memcpy(&context.h0, state, 5 * 4);
+       SHA1_Transform(&context, data);
+       os_memcpy(state, &context.h0, 5 * 4);
+}
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+       u8 xkey[64];
+       u32 t[5], _t[5];
+       int i, j, m, k;
+       u8 *xpos = x;
+       u32 carry;
+
+       if (seed_len > sizeof(xkey))
+               seed_len = sizeof(xkey);
+
+       /* FIPS 186-2 + change notice 1 */
+
+       os_memcpy(xkey, seed, seed_len);
+       os_memset(xkey + seed_len, 0, 64 - seed_len);
+       t[0] = 0x67452301;
+       t[1] = 0xEFCDAB89;
+       t[2] = 0x98BADCFE;
+       t[3] = 0x10325476;
+       t[4] = 0xC3D2E1F0;
+
+       m = xlen / 40;
+       for (j = 0; j < m; j++) {
+               /* XSEED_j = 0 */
+               for (i = 0; i < 2; i++) {
+                       /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+                       /* w_i = G(t, XVAL) */
+                       os_memcpy(_t, t, 20);
+                       sha1_transform((u8 *) _t, xkey);
+                       _t[0] = host_to_be32(_t[0]);
+                       _t[1] = host_to_be32(_t[1]);
+                       _t[2] = host_to_be32(_t[2]);
+                       _t[3] = host_to_be32(_t[3]);
+                       _t[4] = host_to_be32(_t[4]);
+                       os_memcpy(xpos, _t, 20);
+
+                       /* XKEY = (1 + XKEY + w_i) mod 2^b */
+                       carry = 1;
+                       for (k = 19; k >= 0; k--) {
+                               carry += xkey[k] + xpos[k];
+                               xkey[k] = carry & 0xff;
+                               carry >>= 8;
+                       }
+
+                       xpos += 20;
+               }
+               /* x_j = w_0|w_1 */
+       }
+
+       return 0;
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+       AES_KEY *ak;
+       ak = os_malloc(sizeof(*ak));
+       if (ak == NULL)
+               return NULL;
+       if (AES_set_encrypt_key(key, 8 * len, ak) < 0) {
+               os_free(ak);
+               return NULL;
+       }
+       return ak;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+       AES_encrypt(plain, crypt, ctx);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+       os_free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+       AES_KEY *ak;
+       ak = os_malloc(sizeof(*ak));
+       if (ak == NULL)
+               return NULL;
+       if (AES_set_decrypt_key(key, 8 * len, ak) < 0) {
+               os_free(ak);
+               return NULL;
+       }
+       return ak;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+       AES_decrypt(crypt, plain, ctx);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+       os_free(ctx);
+}
+#endif /* EAP_TLS_FUNCS */
diff --git a/contrib/hostapd-0.5.8/crypto.h b/contrib/hostapd-0.5.8/crypto.h
new file mode 100644 (file)
index 0000000..00b13b9
--- /dev/null
@@ -0,0 +1,413 @@
+/*
+ * WPA Supplicant / wrapper functions for crypto libraries
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file defines the cryptographic functions that need to be implemented
+ * for wpa_supplicant and hostapd. When TLS is not used, internal
+ * implementation of MD5, SHA1, and AES is used and no external libraries are
+ * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the
+ * crypto library used by the TLS implementation is expected to be used for
+ * non-TLS needs, too, in order to save space by not implementing these
+ * functions twice.
+ *
+ * Wrapper code for using each crypto library is in its own file (crypto*.c)
+ * and one of these files is build and linked in to provide the functions
+ * defined here.
+ */
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+/**
+ * md4_vector - MD4 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * md5_vector - MD5 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * sha1_vector - SHA-1 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+                u8 *mac);
+
+/**
+ * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF
+ * @seed: Seed/key for the PRF
+ * @seed_len: Seed length in bytes
+ * @x: Buffer for PRF output
+ * @xlen: Output length in bytes
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function implements random number generation specified in NIST FIPS
+ * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to
+ * SHA-1, but has different message padding.
+ */
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen);
+
+/**
+ * sha256_vector - SHA256 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+                  u8 *mac);
+
+/**
+ * des_encrypt - Encrypt one block with DES
+ * @clear: 8 octets (in)
+ * @key: 7 octets (in) (no parity bits included)
+ * @cypher: 8 octets (out)
+ */
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher);
+
+/**
+ * aes_encrypt_init - Initialize AES for encryption
+ * @key: Encryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_encrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_encrypt - Encrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @plain: Plaintext data to be encrypted (16 bytes)
+ * @crypt: Buffer for the encrypted data (16 bytes)
+ */
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
+
+/**
+ * aes_encrypt_deinit - Deinitialize AES encryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_encrypt_deinit(void *ctx);
+
+/**
+ * aes_decrypt_init - Initialize AES for decryption
+ * @key: Decryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_decrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_decrypt - Decrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @crypt: Encrypted data (16 bytes)
+ * @plain: Buffer for the decrypted data (16 bytes)
+ */
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
+
+/**
+ * aes_decrypt_deinit - Deinitialize AES decryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_decrypt_deinit(void *ctx);
+
+
+enum crypto_hash_alg {
+       CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1,
+       CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1
+};
+
+struct crypto_hash;
+
+/**
+ * crypto_hash_init - Initialize hash/HMAC function
+ * @alg: Hash algorithm
+ * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
+ * @key_len: Length of the key in bytes
+ * Returns: Pointer to hash context to use with other hash functions or %NULL
+ * on failure
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+                                     size_t key_len);
+
+/**
+ * crypto_hash_update - Add data to hash calculation
+ * @ctx: Context pointer from crypto_hash_init()
+ * @data: Data buffer to add
+ * @len: Length of the buffer
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
+
+/**
+ * crypto_hash_finish - Complete hash calculation
+ * @ctx: Context pointer from crypto_hash_init()
+ * @hash: Buffer for hash value or %NULL if caller is just freeing the hash
+ * context
+ * @len: Pointer to length of the buffer or %NULL if caller is just freeing the
+ * hash context; on return, this is set to the actual length of the hash value
+ * Returns: 0 on success, -1 if buffer is too small (len set to needed length),
+ * or -2 on other failures (including failed crypto_hash_update() operations)
+ *
+ * This function calculates the hash value and frees the context buffer that
+ * was used for hash calculation.
+ *
+ * This function is only used with internal TLSv1 implementation
+ * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
+ * to implement this.
+ */
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
+
+
+enum crypto_cipher_alg {
+       CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
+       CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
+};
+
+struct crypto_cipher;
+
+/**
+ * crypto_cipher_init - Initialize block/stream cipher function
+ * @alg: Cipher algorithm
+ * @iv: Initialization vector for block ciphers or %NULL for stream ciphers
+ * @key:&