Import of hostapd 0.4.9
authorSepherosa Ziehau <sephe@dragonflybsd.org>
Sat, 2 Sep 2006 05:28:36 +0000 (05:28 +0000)
committerSepherosa Ziehau <sephe@dragonflybsd.org>
Sat, 2 Sep 2006 05:28:36 +0000 (05:28 +0000)
102 files changed:
contrib/hostapd-0.4.9/COPYING [new file with mode: 0644]
contrib/hostapd-0.4.9/README [new file with mode: 0644]
contrib/hostapd-0.4.9/README.DELETE [new file with mode: 0644]
contrib/hostapd-0.4.9/README.DRAGONFLY [new file with mode: 0644]
contrib/hostapd-0.4.9/accounting.c [new file with mode: 0644]
contrib/hostapd-0.4.9/accounting.h [new file with mode: 0644]
contrib/hostapd-0.4.9/aes.c [new file with mode: 0644]
contrib/hostapd-0.4.9/aes_wrap.c [new file with mode: 0644]
contrib/hostapd-0.4.9/aes_wrap.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ap.h [new file with mode: 0644]
contrib/hostapd-0.4.9/common.c [new file with mode: 0644]
contrib/hostapd-0.4.9/common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/config.c [new file with mode: 0644]
contrib/hostapd-0.4.9/config.h [new file with mode: 0644]
contrib/hostapd-0.4.9/config_types.h [new file with mode: 0644]
contrib/hostapd-0.4.9/crypto.c [new file with mode: 0644]
contrib/hostapd-0.4.9/crypto.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ctrl_iface.c [new file with mode: 0644]
contrib/hostapd-0.4.9/ctrl_iface.h [new file with mode: 0644]
contrib/hostapd-0.4.9/defconfig [new file with mode: 0644]
contrib/hostapd-0.4.9/defs.h [new file with mode: 0644]
contrib/hostapd-0.4.9/developer.txt [new file with mode: 0644]
contrib/hostapd-0.4.9/driver.h [new file with mode: 0644]
contrib/hostapd-0.4.9/driver_wired.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_defs.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_gtc.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_i.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_identity.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_md5.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_mschapv2.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_pax.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_pax_common.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_pax_common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_peap.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_psk.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_psk_common.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_psk_common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_sim.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_sim_common.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_sim_common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_sim_db.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_sim_db.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_tls.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_tls_common.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_tlv.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_ttls.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eap_ttls.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eapol_sm.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eapol_sm.h [new file with mode: 0644]
contrib/hostapd-0.4.9/eloop.c [new file with mode: 0644]
contrib/hostapd-0.4.9/eloop.h [new file with mode: 0644]
contrib/hostapd-0.4.9/hostap_common.h [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.8 [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.accept [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.c [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.conf [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.deny [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.eap_user [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.h [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.radius_clients [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.sim_db [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd.wpa_psk [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd_cli.1 [new file with mode: 0644]
contrib/hostapd-0.4.9/hostapd_cli.c [new file with mode: 0644]
contrib/hostapd-0.4.9/iapp.c [new file with mode: 0644]
contrib/hostapd-0.4.9/iapp.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_11.c [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_11.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_11_auth.c [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_11_auth.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_1x.c [new file with mode: 0644]
contrib/hostapd-0.4.9/ieee802_1x.h [new file with mode: 0644]
contrib/hostapd-0.4.9/l2_packet.h [new file with mode: 0644]
contrib/hostapd-0.4.9/madwifi.conf [new file with mode: 0644]
contrib/hostapd-0.4.9/md5.c [new file with mode: 0644]
contrib/hostapd-0.4.9/md5.h [new file with mode: 0644]
contrib/hostapd-0.4.9/ms_funcs.c [new file with mode: 0644]
contrib/hostapd-0.4.9/ms_funcs.h [new file with mode: 0644]
contrib/hostapd-0.4.9/radius.c [new file with mode: 0644]
contrib/hostapd-0.4.9/radius.h [new file with mode: 0644]
contrib/hostapd-0.4.9/radius_client.c [new file with mode: 0644]
contrib/hostapd-0.4.9/radius_client.h [new file with mode: 0644]
contrib/hostapd-0.4.9/radius_server.c [new file with mode: 0644]
contrib/hostapd-0.4.9/radius_server.h [new file with mode: 0644]
contrib/hostapd-0.4.9/rc4.c [new file with mode: 0644]
contrib/hostapd-0.4.9/rc4.h [new file with mode: 0644]
contrib/hostapd-0.4.9/sha1.c [new file with mode: 0644]
contrib/hostapd-0.4.9/sha1.h [new file with mode: 0644]
contrib/hostapd-0.4.9/sta_info.c [new file with mode: 0644]
contrib/hostapd-0.4.9/sta_info.h [new file with mode: 0644]
contrib/hostapd-0.4.9/tls.h [new file with mode: 0644]
contrib/hostapd-0.4.9/tls_none.c [new file with mode: 0644]
contrib/hostapd-0.4.9/tls_openssl.c [new file with mode: 0644]
contrib/hostapd-0.4.9/version.h [new file with mode: 0644]
contrib/hostapd-0.4.9/wired.conf [new file with mode: 0644]
contrib/hostapd-0.4.9/wpa.c [new file with mode: 0644]
contrib/hostapd-0.4.9/wpa.h [new file with mode: 0644]
contrib/hostapd-0.4.9/wpa_ctrl.c [new file with mode: 0644]
contrib/hostapd-0.4.9/wpa_ctrl.h [new file with mode: 0644]

diff --git a/contrib/hostapd-0.4.9/COPYING b/contrib/hostapd-0.4.9/COPYING
new file mode 100644 (file)
index 0000000..60549be
--- /dev/null
@@ -0,0 +1,340 @@
+                   GNU GENERAL PUBLIC LICENSE
+                      Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                           Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+\f
+                   GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+\f
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+\f
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+\f
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                           NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                    END OF TERMS AND CONDITIONS
+\f
+           How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/contrib/hostapd-0.4.9/README b/contrib/hostapd-0.4.9/README
new file mode 100644 (file)
index 0000000..13f38ee
--- /dev/null
@@ -0,0 +1,395 @@
+hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
+         Authenticator and RADIUS authentication server
+================================================================
+
+Copyright (c) 2002-2006, Jouni Malinen <jkmaline@cc.hut.fi> and
+contributors
+All Rights Reserved.
+
+This program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+
+
+License
+-------
+
+GPL v2:
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2 as
+published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+(this copy of the license is in COPYING file)
+
+
+Alternatively, this software may be distributed under the terms of BSD
+license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+Introduction
+============
+
+Originally, hostapd was an optional user space component for Host AP
+driver. It adds more features to the basic IEEE 802.11 management
+included in the kernel driver: using external RADIUS authentication
+server for MAC address based access control, IEEE 802.1X Authenticator
+and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
+Authenticator and dynamic TKIP/CCMP keying.
+
+The current version includes support for other drivers, an integrated
+EAP server (i.e., allow full authentication without requiring
+an external RADIUS authentication server), and RADIUS authentication
+server for EAP authentication.
+
+
+Requirements
+------------
+
+Current hardware/software requirements:
+- drivers:
+       Host AP driver for Prism2/2.5/3.
+       (http://hostap.epitest.fi/)
+       Please note that station firmware version needs to be 1.7.0 or newer
+       to work in WPA mode.
+
+       madwifi driver for cards based on Atheros chip set (ar521x)
+       (http://sourceforge.net/projects/madwifi/)
+       Please note that you will need to add the correct path for
+       madwifi driver root directory in .config (see defconfig file for
+       an example: CFLAGS += -I<path>)
+
+       Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
+       (http://www.prism54.org/)
+
+       Any wired Ethernet driver for wired IEEE 802.1X authentication
+       (experimental code)
+
+       FreeBSD -current (with some kernel mods that have not yet been
+       committed when hostapd v0.3.0 was released)
+       BSD net80211 layer (e.g., Atheros driver)
+
+
+Build configuration
+-------------------
+
+In order to be able to build hostapd, you will need to create a build
+time configuration file, .config that selects which optional
+components are included. See defconfig file for example configuration
+and list of available options.
+
+
+
+IEEE 802.1X
+===========
+
+IEEE Std 802.1X-2001 is a standard for port-based network access
+control. In case of IEEE 802.11 networks, a "virtual port" is used
+between each associated station and the AP. IEEE 802.11 specifies
+minimal authentication mechanism for stations, whereas IEEE 802.1X
+introduces a extensible mechanism for authenticating and authorizing
+users.
+
+IEEE 802.1X uses elements called Supplicant, Authenticator, Port
+Access Entity, and Authentication Server. Supplicant is a component in
+a station and it performs the authentication with the Authentication
+Server. An access point includes an Authenticator that relays the packets
+between a Supplicant and an Authentication Server. In addition, it has a
+Port Access Entity (PAE) with Authenticator functionality for
+controlling the virtual port authorization, i.e., whether to accept
+packets from or to the station.
+
+IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
+between a Supplicant and an Authenticator are sent using EAP over LAN
+(EAPOL) and the Authenticator relays these frames to the Authentication
+Server (and similarly, relays the messages from the Authentication
+Server to the Supplicant). The Authentication Server can be colocated with the
+Authenticator, in which case there is no need for additional protocol
+for EAP frame transmission. However, a more common configuration is to
+use an external Authentication Server and encapsulate EAP frame in the
+frames used by that server. RADIUS is suitable for this, but IEEE
+802.1X would also allow other mechanisms.
+
+Host AP driver includes PAE functionality in the kernel driver. It
+is a relatively simple mechanism for denying normal frames going to
+or coming from an unauthorized port. PAE allows IEEE 802.1X related
+frames to be passed between the Supplicant and the Authenticator even
+on an unauthorized port.
+
+User space daemon, hostapd, includes Authenticator functionality. It
+receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
+device that is also used with IEEE 802.11 management frames. The
+frames to the Supplicant are sent using the same device.
+
+hostapd includes a minimal colocated Authentication Server for testing
+purposes. It only requests the identity of the Supplicant and
+authorizes any host that is able to send a valid EAP Response
+frame. This can be used for quick testing since it does not require an
+external Authentication Server, but it should not be used for any real
+authentication purposes since no keys are required and anyone can
+authenticate.
+
+The normal configuration of the Authenticator would use an external
+Authentication Server. hostapd supports RADIUS encapsulation of EAP
+packets, so the Authentication Server should be a RADIUS server, like
+FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
+relays the frames between the Supplicant and the Authentication
+Server. It also controls the PAE functionality in the kernel driver by
+controlling virtual port authorization, i.e., station-AP
+connection, based on the IEEE 802.1X state.
+
+When a station would like to use the services of an access point, it
+will first perform IEEE 802.11 authentication. This is normally done
+with open systems authentication, so there is no security. After
+this, IEEE 802.11 association is performed. If IEEE 802.1X is
+configured to be used, the virtual port for the station is set in
+Unauthorized state and only IEEE 802.1X frames are accepted at this
+point. The Authenticator will then ask the Supplicant to authenticate
+with the Authentication Server. After this is completed successfully,
+the virtual port is set to Authorized state and frames from and to the
+station are accepted.
+
+Host AP configuration for IEEE 802.1X
+-------------------------------------
+
+The user space daemon has its own configuration file that can be used to
+define AP options. Distribution package contains an example
+configuration file (hostapd/hostapd.conf) that can be used as a basis
+for configuration. It includes examples of all supported configuration
+options and short description of each option. hostapd should be started
+with full path to the configuration file as the command line argument,
+e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
+LAN card, you can use one hostapd process for multiple interfaces by
+giving a list of configuration files (one per interface) in the command
+line.
+
+hostapd includes a minimal co-located IEEE 802.1X server which can be
+used to test IEEE 802.1X authentication. However, it should not be
+used in normal use since it does not provide any security. This can be
+configured by setting ieee8021x and minimal_eap options in the
+configuration file.
+
+An external Authentication Server (RADIUS) is configured with
+auth_server_{addr,port,shared_secret} options. In addition,
+ieee8021x and own_ip_addr must be set for this mode. With such
+configuration, the co-located Authentication Server is not used and EAP
+frames will be relayed using EAPOL between the Supplicant and the
+Authenticator and RADIUS encapsulation between the Authenticator and
+the Authentication Server. Other than this, the functionality is similar
+to the case with the co-located Authentication Server.
+
+Authentication Server and Supplicant
+------------------------------------
+
+Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
+Authentication Server with hostapd Authenticator. FreeRADIUS
+(http://www.freeradius.org/) has been successfully tested with hostapd
+Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
+XP Supplicants. EAP/TLS was used with Xsupplicant and
+EAP/MD5-Challenge with Windows XP.
+
+http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
+about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
+Cisco access point with Host AP driver, hostapd daemon, and a Prism2
+card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
+about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
+configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
+EAP/TLS use with WinXP Supplicant.
+
+Automatic WEP key configuration
+-------------------------------
+
+EAP/TLS generates a session key that can be used to send WEP keys from
+an AP to authenticated stations. The Authenticator in hostapd can be
+configured to automatically select a random default/broadcast key
+(shared by all authenticated stations) with wep_key_len_broadcast
+option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
+wep_key_len_unicast option can be used to configure individual unicast
+keys for stations. This requires support for individual keys in the
+station driver.
+
+WEP keys can be automatically updated by configuring rekeying. This
+will improve security of the network since same WEP key will only be
+used for a limited period of time. wep_rekey_period option sets the
+interval for rekeying in seconds.
+
+
+WPA/WPA2
+========
+
+Features
+--------
+
+Supported WPA/IEEE 802.11i features:
+- WPA-PSK ("WPA-Personal")
+- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
+- key management for CCMP, TKIP, WEP104, WEP40
+- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
+
+WPA
+---
+
+The original security mechanism of IEEE 802.11 standard was not
+designed to be strong and has proved to be insufficient for most
+networks that require some kind of security. Task group I (Security)
+of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
+to address the flaws of the base standard and has in practice
+completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
+802.11 standard was approved in June 2004 and this amendment is likely
+to be published in July 2004.
+
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
+IEEE 802.11i work (draft 3.0) to define a subset of the security
+enhancements that can be implemented with existing wlan hardware. This
+is called Wi-Fi Protected Access<TM> (WPA). This has now become a
+mandatory component of interoperability testing and certification done
+by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
+site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+
+IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
+for protecting wireless networks. WEP uses RC4 with 40-bit keys,
+24-bit initialization vector (IV), and CRC32 to protect against packet
+forgery. All these choices have proven to be insufficient: key space is
+too small against current attacks, RC4 key scheduling is insufficient
+(beginning of the pseudorandom stream should be skipped), IV space is
+too small and IV reuse makes attacks easier, there is no replay
+protection, and non-keyed authentication does not protect against bit
+flipping packet data.
+
+WPA is an intermediate solution for the security issues. It uses
+Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
+compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+
+Keys can be managed using two different mechanisms. WPA can either use
+an external authentication server (e.g., RADIUS) and EAP just like
+IEEE 802.1X is using or pre-shared keys without need for additional
+servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
+respectively. Both mechanisms will generate a master session key for
+the Authenticator (AP) and Supplicant (client station).
+
+WPA implements a new key handshake (4-Way Handshake and Group Key
+Handshake) for generating and exchanging data encryption keys between
+the Authenticator and Supplicant. This handshake is also used to
+verify that both Authenticator and Supplicant know the master session
+key. These handshakes are identical regardless of the selected key
+management mechanism (only the method for generating master session
+key changes).
+
+
+IEEE 802.11i / WPA2
+-------------------
+
+The design for parts of IEEE 802.11i that were not included in WPA has
+finished (May 2004) and this amendment to IEEE 802.11 was approved in
+June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
+version of WPA called WPA2. This includes, e.g., support for more
+robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
+to replace TKIP and optimizations for handoff (reduced number of
+messages in initial key handshake, pre-authentication, and PMKSA caching).
+
+Some wireless LAN vendors are already providing support for CCMP in
+their WPA products. There is no "official" interoperability
+certification for CCMP and/or mixed modes using both TKIP and CCMP, so
+some interoperability issues can be expected even though many
+combinations seem to be working with equipment from different vendors.
+Testing for WPA2 is likely to start during the second half of 2004.
+
+hostapd configuration for WPA/WPA2
+----------------------------------
+
+TODO
+
+# Enable WPA. Setting this variable configures the AP to require WPA (either
+# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
+# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
+# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
+# RADIUS authentication server must be configured, and WPA-EAP must be included
+# in wpa_key_mgmt.
+# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
+# and/or WPA2 (full IEEE 802.11i/RSN):
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2)
+#wpa=1
+
+# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
+# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
+# (8..63 characters) that will be converted to PSK. This conversion uses SSID
+# so the PSK changes when ASCII passphrase is used and the SSID is changed.
+#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#wpa_passphrase=secret passphrase
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space.
+#wpa_key_mgmt=WPA-PSK WPA-EAP
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+#wpa_pairwise=TKIP CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds.
+#wpa_group_rekey=600
+
+# Time interval for rekeying GMK (master key used internally to generate GTKs
+# (in seconds).
+#wpa_gmk_rekey=86400
+
+# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
+# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
+# authentication and key handshake before actually associating with a new AP.
+#rsn_preauth=1
+#
+# Space separated list of interfaces from which pre-authentication frames are
+# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
+# interface that are used for connections to other APs. This could include
+# wired interfaces and WDS links. The normal wireless data interface towards
+# associated stations (e.g., wlan0) should not be added, since
+# pre-authentication is only used with APs other than the currently associated
+# one.
+#rsn_preauth_interfaces=eth0
diff --git a/contrib/hostapd-0.4.9/README.DELETE b/contrib/hostapd-0.4.9/README.DELETE
new file mode 100644 (file)
index 0000000..7c7b59d
--- /dev/null
@@ -0,0 +1,18 @@
+.cvsignore
+ChangeLog
+Makefile
+README.DELETE
+driver.c
+driver_bsd.c
+driver_madwifi.c
+driver_prism54.c
+driver_test.c
+l2_packet_freebsd.c
+l2_packet_linux.c
+l2_packet_pcap.c
+logwatch/README
+logwatch/hostapd
+logwatch/hostapd.conf
+prism54.h
+priv_netlink.h
+wireless_copy.h
diff --git a/contrib/hostapd-0.4.9/README.DRAGONFLY b/contrib/hostapd-0.4.9/README.DRAGONFLY
new file mode 100644 (file)
index 0000000..219b8d7
--- /dev/null
@@ -0,0 +1,4 @@
+Original source can be downloaded at:
+<http://hostap.epitest.fi/releases/hostapd-0.4.9.tar.gz>
+
+A list of deleted files is in README.DELETED.
diff --git a/contrib/hostapd-0.4.9/accounting.c b/contrib/hostapd-0.4.9/accounting.c
new file mode 100644 (file)
index 0000000..5ee3d75
--- /dev/null
@@ -0,0 +1,457 @@
+/*
+ * Host AP (software wireless LAN access point) user space daemon for
+ * Host AP kernel driver / Accounting
+ * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <signal.h>
+#include <assert.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+
+
+#include "hostapd.h"
+#include "radius.h"
+#include "radius_client.h"
+#include "eloop.h"
+#include "accounting.h"
+#include "ieee802_1x.h"
+#include "driver.h"
+
+
+/* Default interval in seconds for polling TX/RX octets from the driver if
+ * STA is not using interim accounting. This detects wrap arounds for
+ * input/output octets and updates Acct-{Input,Output}-Gigawords. */
+#define ACCT_DEFAULT_UPDATE_INTERVAL 300
+
+static struct radius_msg * accounting_msg(hostapd *hapd, struct sta_info *sta,
+                                         int status_type)
+{
+       struct radius_msg *msg;
+       char buf[128];
+       u8 *val;
+       size_t len;
+       int i;
+
+       msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
+                            radius_client_get_id(hapd->radius));
+       if (msg == NULL) {
+               printf("Could not create net RADIUS packet\n");
+               return NULL;
+       }
+
+       if (sta) {
+               radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
+
+               snprintf(buf, sizeof(buf), "%08X-%08X",
+                        sta->acct_session_id_hi, sta->acct_session_id_lo);
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Acct-Session-Id\n");
+                       goto fail;
+               }
+       } else {
+               radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd));
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE,
+                                      status_type)) {
+               printf("Could not add Acct-Status-Type\n");
+               goto fail;
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
+                                      hapd->conf->ieee802_1x ?
+                                      RADIUS_ACCT_AUTHENTIC_RADIUS :
+                                      RADIUS_ACCT_AUTHENTIC_LOCAL)) {
+               printf("Could not add Acct-Authentic\n");
+               goto fail;
+       }
+
+       if (sta) {
+               val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+               if (!val) {
+                       snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+                                MAC2STR(sta->addr));
+                       val = (u8 *) buf;
+                       len = strlen(buf);
+               }
+
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
+                                        len)) {
+                       printf("Could not add User-Name\n");
+                       goto fail;
+               }
+       }
+
+       if (hapd->conf->own_ip_addr.af == AF_INET &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+                                (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
+               printf("Could not add NAS-IP-Address\n");
+               goto fail;
+       }
+
+#ifdef CONFIG_IPV6
+       if (hapd->conf->own_ip_addr.af == AF_INET6 &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
+                                (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
+               printf("Could not add NAS-IPv6-Address\n");
+               goto fail;
+       }
+#endif /* CONFIG_IPV6 */
+
+       if (hapd->conf->nas_identifier &&
+           !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+                                (u8 *) hapd->conf->nas_identifier,
+                                strlen(hapd->conf->nas_identifier))) {
+               printf("Could not add NAS-Identifier\n");
+               goto fail;
+       }
+
+       if (sta &&
+           !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
+               printf("Could not add NAS-Port\n");
+               goto fail;
+       }
+
+       snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+                MAC2STR(hapd->own_addr), hapd->conf->ssid);
+       if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
+                                (u8 *) buf, strlen(buf))) {
+               printf("Could not add Called-Station-Id\n");
+               goto fail;
+       }
+
+       if (sta) {
+               snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+                        MAC2STR(sta->addr));
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Calling-Station-Id\n");
+                       goto fail;
+               }
+
+               if (!radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_NAS_PORT_TYPE,
+                           RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+                       printf("Could not add NAS-Port-Type\n");
+                       goto fail;
+               }
+
+               snprintf(buf, sizeof(buf), "CONNECT 11Mbps 802.11b");
+               if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+                                        (u8 *) buf, strlen(buf))) {
+                       printf("Could not add Connect-Info\n");
+                       goto fail;
+               }
+
+               for (i = 0; ; i++) {
+                       val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
+                                                         i);
+                       if (val == NULL)
+                               break;
+
+                       if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS,
+                                                val, len)) {
+                               printf("Could not add Class\n");
+                               goto fail;
+                       }
+               }
+       }
+
+       return msg;
+
+ fail:
+       radius_msg_free(msg);
+       free(msg);
+       return NULL;
+}
+
+
+static int accounting_sta_update_stats(struct hostapd_data *hapd,
+                                      struct sta_info *sta,
+                                      struct hostap_sta_driver_data *data)
+{
+       if (hostapd_read_sta_data(hapd, data, sta->addr))
+               return -1;
+
+       if (sta->last_rx_bytes > data->rx_bytes)
+               sta->acct_input_gigawords++;
+       if (sta->last_tx_bytes > data->tx_bytes)
+               sta->acct_output_gigawords++;
+       sta->last_rx_bytes = data->rx_bytes;
+       sta->last_tx_bytes = data->tx_bytes;
+
+       hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+                      HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: "
+                      "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u "
+                      "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u",
+                      sta->last_rx_bytes, sta->acct_input_gigawords,
+                      sta->last_tx_bytes, sta->acct_output_gigawords);
+
+       return 0;
+}
+
+
+static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
+{
+       hostapd *hapd = eloop_ctx;
+       struct sta_info *sta = timeout_ctx;
+       int interval;
+
+       if (sta->acct_interim_interval) {
+               accounting_sta_interim(hapd, sta);
+               interval = sta->acct_interim_interval;
+       } else {
+               struct hostap_sta_driver_data data;
+               accounting_sta_update_stats(hapd, sta, &data);
+               interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+       }
+
+       eloop_register_timeout(interval, 0, accounting_interim_update,
+                              hapd, sta);
+}
+
+
+void accounting_sta_start(hostapd *hapd, struct sta_info *sta)
+{
+       struct radius_msg *msg;
+       int interval;
+       
+       if (sta->acct_session_started)
+               return;
+
+       time(&sta->acct_session_start);
+       sta->last_rx_bytes = sta->last_tx_bytes = 0;
+       sta->acct_input_gigawords = sta->acct_output_gigawords = 0;
+       hostapd_sta_clear_stats(hapd, sta->addr);
+
+       if (!hapd->conf->radius->acct_server)
+               return;
+
+       if (sta->acct_interim_interval)
+               interval = sta->acct_interim_interval;
+       else
+               interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+       eloop_register_timeout(interval, 0, accounting_interim_update,
+                              hapd, sta);
+
+       msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START);
+       if (msg)
+               radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr);
+
+       sta->acct_session_started = 1;
+}
+
+
+void accounting_sta_report(hostapd *hapd, struct sta_info *sta, int stop)
+{
+       struct radius_msg *msg;
+       int cause = sta->acct_terminate_cause;
+       struct hostap_sta_driver_data data;
+       u32 gigawords;
+
+       if (!hapd->conf->radius->acct_server)
+               return;
+
+       msg = accounting_msg(hapd, sta,
+                            stop ? RADIUS_ACCT_STATUS_TYPE_STOP :
+                            RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE);
+       if (!msg) {
+               printf("Could not create RADIUS Accounting message\n");
+               return;
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
+                                      time(NULL) - sta->acct_session_start)) {
+               printf("Could not add Acct-Session-Time\n");
+               goto fail;
+       }
+
+       if (accounting_sta_update_stats(hapd, sta, &data) == 0) {
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_INPUT_PACKETS,
+                                              data.rx_packets)) {
+                       printf("Could not add Acct-Input-Packets\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_OUTPUT_PACKETS,
+                                              data.tx_packets)) {
+                       printf("Could not add Acct-Output-Packets\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_INPUT_OCTETS,
+                                              data.rx_bytes)) {
+                       printf("Could not add Acct-Input-Octets\n");
+                       goto fail;
+               }
+               gigawords = sta->acct_input_gigawords;
+#if __WORDSIZE == 64
+               gigawords += data.rx_bytes >> 32;
+#endif
+               if (gigawords &&
+                   !radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS,
+                           gigawords)) {
+                       printf("Could not add Acct-Input-Gigawords\n");
+                       goto fail;
+               }
+               if (!radius_msg_add_attr_int32(msg,
+                                              RADIUS_ATTR_ACCT_OUTPUT_OCTETS,
+                                              data.tx_bytes)) {
+                       printf("Could not add Acct-Output-Octets\n");
+                       goto fail;
+               }
+               gigawords = sta->acct_output_gigawords;
+#if __WORDSIZE == 64
+               gigawords += data.tx_bytes >> 32;
+#endif
+               if (gigawords &&
+                   !radius_msg_add_attr_int32(
+                           msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS,
+                           gigawords)) {
+                       printf("Could not add Acct-Output-Gigawords\n");
+                       goto fail;
+               }
+       }
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
+                                      time(NULL))) {
+               printf("Could not add Event-Timestamp\n");
+               goto fail;
+       }
+
+       if (eloop_terminated())
+               cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
+
+       if (stop && cause &&
+           !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+                                      cause)) {
+               printf("Could not add Acct-Terminate-Cause\n");
+               goto fail;
+       }
+
+       radius_client_send(hapd->radius, msg,
+                          stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM,
+                          sta->addr);
+       return;
+
+ fail:
+       radius_msg_free(msg);
+       free(msg);
+}
+
+
+void accounting_sta_interim(hostapd *hapd, struct sta_info *sta)
+{
+       if (sta->acct_session_started)
+               accounting_sta_report(hapd, sta, 0);
+}
+
+
+void accounting_sta_stop(hostapd *hapd, struct sta_info *sta)
+{
+       if (sta->acct_session_started) {
+               accounting_sta_report(hapd, sta, 1);
+               eloop_cancel_timeout(accounting_interim_update, hapd, sta);
+               sta->acct_session_started = 0;
+       }
+}
+
+
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       sta->acct_session_id_lo = hapd->acct_session_id_lo++;
+       if (hapd->acct_session_id_lo == 0) {
+               hapd->acct_session_id_hi++;
+       }
+       sta->acct_session_id_hi = hapd->acct_session_id_hi;
+}
+
+
+/* Process the RADIUS frames from Accounting Server */
+static RadiusRxResult
+accounting_receive(struct radius_msg *msg, struct radius_msg *req,
+                  u8 *shared_secret, size_t shared_secret_len, void *data)
+{
+       if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
+               printf("Unknown RADIUS message code\n");
+               return RADIUS_RX_UNKNOWN;
+       }
+
+       if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+               printf("Incoming RADIUS packet did not have correct "
+                      "Authenticator - dropped\n");
+               return RADIUS_RX_INVALID_AUTHENTICATOR;
+       }
+
+       return RADIUS_RX_PROCESSED;
+}
+
+
+static void accounting_report_state(struct hostapd_data *hapd, int on)
+{
+       struct radius_msg *msg;
+
+       if (!hapd->conf->radius->acct_server || hapd->radius == NULL)
+               return;
+
+       /* Inform RADIUS server that accounting will start/stop so that the
+        * server can close old accounting sessions. */
+       msg = accounting_msg(hapd, NULL,
+                            on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON :
+                            RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF);
+       if (!msg)
+               return;
+
+       if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+                                      RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT))
+       {
+               printf("Could not add Acct-Terminate-Cause\n");
+               radius_msg_free(msg);
+               free(msg);
+               return;
+       }
+
+       radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL);
+}
+
+
+int accounting_init(hostapd *hapd)
+{
+       /* Acct-Session-Id should be unique over reboots. If reliable clock is
+        * not available, this could be replaced with reboot counter, etc. */
+       hapd->acct_session_id_hi = time(NULL);
+
+       if (radius_client_register(hapd->radius, RADIUS_ACCT,
+                                  accounting_receive, hapd))
+               return -1;
+
+       accounting_report_state(hapd, 1);
+
+       return 0;
+}
+
+
+void accounting_deinit(hostapd *hapd)
+{
+       accounting_report_state(hapd, 0);
+}
diff --git a/contrib/hostapd-0.4.9/accounting.h b/contrib/hostapd-0.4.9/accounting.h
new file mode 100644 (file)
index 0000000..8af3eac
--- /dev/null
@@ -0,0 +1,13 @@
+#ifndef ACCOUNTING_H
+#define ACCOUNTING_H
+
+
+void accounting_sta_start(hostapd *hapd, struct sta_info *sta);
+void accounting_sta_interim(hostapd *hapd, struct sta_info *sta);
+void accounting_sta_stop(hostapd *hapd, struct sta_info *sta);
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta);
+int accounting_init(hostapd *hapd);
+void accounting_deinit(hostapd *hapd);
+
+
+#endif /* ACCOUNTING_H */
diff --git a/contrib/hostapd-0.4.9/aes.c b/contrib/hostapd-0.4.9/aes.c
new file mode 100644 (file)
index 0000000..ce94778
--- /dev/null
@@ -0,0 +1,1105 @@
+/*
+ * AES (Rijndael) cipher
+ *
+ * Modifications to public domain implementation:
+ * - support only 128-bit keys
+ * - cleanup
+ * - use C pre-processor to make it easier to change S table access
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
+ *   cost of reduced throughput (quite small difference on Pentium 4,
+ *   10-25% when using -O1 or -O2 optimization)
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+/*
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* #define FULL_UNROLL */
+#define AES_SMALL_TABLES
+
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+#endif /* AES_SMALL_TABLES */
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+#ifndef AES_SMALL_TABLES
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+       0x01000000, 0x02000000, 0x04000000, 0x08000000,
+       0x10000000, 0x20000000, 0x40000000, 0x80000000,
+       0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#else /* AES_SMALL_TABLES */
+static const u8 Td4s[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u8 rcons[] = {
+       0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
+       /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+#endif /* AES_SMALL_TABLES */
+
+
+#ifndef AES_SMALL_TABLES
+
+#define RCON(i) rcon[(i)]
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) Te1[((i) >> 16) & 0xff]
+#define TE2(i) Te2[((i) >> 8) & 0xff]
+#define TE3(i) Te3[(i) & 0xff]
+#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000)
+#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff)
+#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000)
+#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff)
+#define TE4(i) (Te4[(i)] & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) Td1[((i) >> 16) & 0xff]
+#define TD2(i) Td2[((i) >> 8) & 0xff]
+#define TD3(i) Td3[(i) & 0xff]
+#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000)
+#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff)
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) Td1[(i) & 0xff]
+#define TD2_(i) Td2[(i) & 0xff]
+#define TD3_(i) Td3[(i) & 0xff]
+
+#else /* AES_SMALL_TABLES */
+
+#define RCON(i) (rcons[(i)] << 24)
+
+static inline u32 rotr(u32 val, int bits)
+{
+       return (val >> bits) | (val << (32 - bits));
+}
+
+#define TE0(i) Te0[((i) >> 24) & 0xff]
+#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8)
+#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16)
+#define TE3(i) rotr(Te0[(i) & 0xff], 24)
+#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000)
+#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000)
+#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00)
+#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff)
+#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000)
+#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000)
+#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00)
+#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff)
+#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff)
+
+#define TD0(i) Td0[((i) >> 24) & 0xff]
+#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8)
+#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16)
+#define TD3(i) rotr(Td0[(i) & 0xff], 24)
+#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24)
+#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16)
+#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8)
+#define TD44(i) (Td4s[(i) & 0xff])
+#define TD0_(i) Td0[(i) & 0xff]
+#define TD1_(i) rotr(Td0[(i) & 0xff], 8)
+#define TD2_(i) rotr(Td0[(i) & 0xff], 16)
+#define TD3_(i) rotr(Td0[(i) & 0xff], 24)
+
+#endif /* AES_SMALL_TABLES */
+
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+
+#ifdef _MSC_VER
+#define GETU32(p) SWAP(*((u32 *)(p)))
+#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { \
+(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \
+(ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[])
+{
+       int i;
+       u32 temp;
+
+       rk[0] = GETU32(cipherKey     );
+       rk[1] = GETU32(cipherKey +  4);
+       rk[2] = GETU32(cipherKey +  8);
+       rk[3] = GETU32(cipherKey + 12);
+       for (i = 0; i < 10; i++) {
+               temp  = rk[3];
+               rk[4] = rk[0] ^
+                       TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^
+                       RCON(i);
+               rk[5] = rk[1] ^ rk[4];
+               rk[6] = rk[2] ^ rk[5];
+               rk[7] = rk[3] ^ rk[6];
+               rk += 4;
+       }
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
+ */
+void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[])
+{
+       int Nr = 10, i, j;
+       u32 temp;
+
+       /* expand the cipher key: */
+       rijndaelKeySetupEnc(rk, cipherKey);
+       /* invert the order of the round keys: */
+       for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+               temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+               temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+               temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+               temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+       }
+       /* apply the inverse MixColumn transform to all round keys but the
+        * first and the last: */
+       for (i = 1; i < Nr; i++) {
+               rk += 4;
+               for (j = 0; j < 4; j++) {
+                       rk[j] = TD0_(TE4((rk[j] >> 24)       )) ^
+                               TD1_(TE4((rk[j] >> 16) & 0xff)) ^
+                               TD2_(TE4((rk[j] >>  8) & 0xff)) ^
+                               TD3_(TE4((rk[j]      ) & 0xff));
+               }
+       }
+}
+
+void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16])
+{
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+       const int Nr = 10;
+#ifndef FULL_UNROLL
+       int r;
+#endif /* ?FULL_UNROLL */
+
+       /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+       s0 = GETU32(pt     ) ^ rk[0];
+       s1 = GETU32(pt +  4) ^ rk[1];
+       s2 = GETU32(pt +  8) ^ rk[2];
+       s3 = GETU32(pt + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
+d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
+d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
+d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+       ROUND(1,t,s);
+       ROUND(2,s,t);
+       ROUND(3,t,s);
+       ROUND(4,s,t);
+       ROUND(5,t,s);
+       ROUND(6,s,t);
+       ROUND(7,t,s);
+       ROUND(8,s,t);
+       ROUND(9,t,s);
+
+       rk += Nr << 2;
+
+#else  /* !FULL_UNROLL */
+
+       /* Nr - 1 full rounds: */
+       r = Nr >> 1;
+       for (;;) {
+               ROUND(1,t,s);
+               rk += 8;
+               if (--r == 0)
+                       break;
+               ROUND(0,s,t);
+       }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+       /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
+       PUTU32(ct     , s0);
+       s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
+       PUTU32(ct +  4, s1);
+       s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
+       PUTU32(ct +  8, s2);
+       s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
+       PUTU32(ct + 12, s3);
+}
+
+void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16])
+{
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+       const int Nr = 10;
+#ifndef FULL_UNROLL
+       int r;
+#endif /* ?FULL_UNROLL */
+
+       /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+       s0 = GETU32(ct     ) ^ rk[0];
+       s1 = GETU32(ct +  4) ^ rk[1];
+       s2 = GETU32(ct +  8) ^ rk[2];
+       s3 = GETU32(ct + 12) ^ rk[3];
+
+#define ROUND(i,d,s) \
+d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \
+d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \
+d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \
+d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3]
+
+#ifdef FULL_UNROLL
+
+       ROUND(1,t,s);
+       ROUND(2,s,t);
+       ROUND(3,t,s);
+       ROUND(4,s,t);
+       ROUND(5,t,s);
+       ROUND(6,s,t);
+       ROUND(7,t,s);
+       ROUND(8,s,t);
+       ROUND(9,t,s);
+
+       rk += Nr << 2;
+
+#else  /* !FULL_UNROLL */
+
+       /* Nr - 1 full rounds: */
+       r = Nr >> 1;
+       for (;;) {
+               ROUND(1,t,s);
+               rk += 8;
+               if (--r == 0)
+                       break;
+               ROUND(0,s,t);
+       }
+
+#endif /* ?FULL_UNROLL */
+
+#undef ROUND
+
+       /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0];
+       PUTU32(pt     , s0);
+       s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1];
+       PUTU32(pt +  4, s1);
+       s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2];
+       PUTU32(pt +  8, s2);
+       s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3];
+       PUTU32(pt + 12, s3);
+}
+
+
+
+/* Generic wrapper functions for AES functions */
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+       u32 *rk;
+       if (len != 16)
+               return NULL;
+       rk = malloc(4 * 44);
+       if (rk == NULL)
+               return NULL;
+       rijndaelKeySetupEnc(rk, key);
+       return rk;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+       rijndaelEncrypt(ctx, plain, crypt);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+       free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+       u32 *rk;
+       if (len != 16)
+               return NULL;
+       rk = malloc(4 * 44);
+       if (rk == NULL)
+               return NULL;
+       rijndaelKeySetupDec(rk, key);
+       return rk;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+       rijndaelDecrypt(ctx, crypt, plain);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+       free(ctx);
+}
diff --git a/contrib/hostapd-0.4.9/aes_wrap.c b/contrib/hostapd-0.4.9/aes_wrap.c
new file mode 100644 (file)
index 0000000..a5925ca
--- /dev/null
@@ -0,0 +1,725 @@
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "common.h"
+#include "aes_wrap.h"
+#include "crypto.h"
+
+#ifndef EAP_TLS_FUNCS
+#include "aes.c"
+#endif /* EAP_TLS_FUNCS */
+
+
+/**
+ * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: Key encryption key (KEK)
+ * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bit
+ * @cipher: Wrapped key, (n + 1) * 64 bit
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
+{
+       u8 *a, *r, b[16];
+       int i, j;
+       void *ctx;
+
+       a = cipher;
+       r = cipher + 8;
+
+       /* 1) Initialize variables. */
+       memset(a, 0xa6, 8);
+       memcpy(r, plain, 8 * n);
+
+       ctx = aes_encrypt_init(kek, 16);
+       if (ctx == NULL)
+               return -1;
+
+       /* 2) Calculate intermediate values.
+        * For j = 0 to 5
+        *     For i=1 to n
+        *         B = AES(K, A | R[i])
+        *         A = MSB(64, B) ^ t where t = (n*j)+i
+        *         R[i] = LSB(64, B)
+        */
+       for (j = 0; j <= 5; j++) {
+               r = cipher + 8;
+               for (i = 1; i <= n; i++) {
+                       memcpy(b, a, 8);
+                       memcpy(b + 8, r, 8);
+                       aes_encrypt(ctx, b, b);
+                       memcpy(a, b, 8);
+                       a[7] ^= n * j + i;
+                       memcpy(r, b + 8, 8);
+                       r += 8;
+               }
+       }
+       aes_encrypt_deinit(ctx);
+
+       /* 3) Output the results.
+        *
+        * These are already in @cipher due to the location of temporary
+        * variables.
+        */
+
+       return 0;
+}
+
+
+/**
+ * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * @kek: Key encryption key (KEK)
+ * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit
+ * @plain: Plaintext key, n * 64 bit
+ * Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
+ */
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
+{
+       u8 a[8], *r, b[16];
+       int i, j;
+       void *ctx;
+
+       /* 1) Initialize variables. */
+       memcpy(a, cipher, 8);
+       r = plain;
+       memcpy(r, cipher + 8, 8 * n);
+
+       ctx = aes_decrypt_init(kek, 16);
+       if (ctx == NULL)
+               return -1;
+
+       /* 2) Compute intermediate values.
+        * For j = 5 to 0
+        *     For i = n to 1
+        *         B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
+        *         A = MSB(64, B)
+        *         R[i] = LSB(64, B)
+        */
+       for (j = 5; j >= 0; j--) {
+               r = plain + (n - 1) * 8;
+               for (i = n; i >= 1; i--) {
+                       memcpy(b, a, 8);
+                       b[7] ^= n * j + i;
+
+                       memcpy(b + 8, r, 8);
+                       aes_decrypt(ctx, b, b);
+                       memcpy(a, b, 8);
+                       memcpy(r, b + 8, 8);
+                       r -= 8;
+               }
+       }
+       aes_decrypt_deinit(ctx);
+
+       /* 3) Output results.
+        *
+        * These are already in @plain due to the location of temporary
+        * variables. Just verify that the IV matches with the expected value.
+        */
+       for (i = 0; i < 8; i++) {
+               if (a[i] != 0xa6)
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+#define BLOCK_SIZE 16
+
+static void gf_mulx(u8 *pad)
+{
+       int i, carry;
+
+       carry = pad[0] & 0x80;
+       for (i = 0; i < BLOCK_SIZE - 1; i++)
+               pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+       pad[BLOCK_SIZE - 1] <<= 1;
+       if (carry)
+               pad[BLOCK_SIZE - 1] ^= 0x87;
+}
+
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128
+ * @key: Key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
+       const u8 *pos = data;
+       int i;
+       size_t left = data_len;
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       memset(cbc, 0, BLOCK_SIZE);
+
+       while (left >= BLOCK_SIZE) {
+               for (i = 0; i < BLOCK_SIZE; i++)
+                       cbc[i] ^= *pos++;
+               if (left > BLOCK_SIZE)
+                       aes_encrypt(ctx, cbc, cbc);
+               left -= BLOCK_SIZE;
+       }
+
+       memset(pad, 0, BLOCK_SIZE);
+       aes_encrypt(ctx, pad, pad);
+       gf_mulx(pad);
+
+       if (left || data_len == 0) {
+               for (i = 0; i < left; i++)
+                       cbc[i] ^= *pos++;
+               cbc[left] ^= 0x80;
+               gf_mulx(pad);
+       }
+
+       for (i = 0; i < BLOCK_SIZE; i++)
+               pad[i] ^= cbc[i];
+       aes_encrypt(ctx, pad, mac);
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+/**
+ * aes_128_encrypt_block - Perform one AES 128-bit block operation
+ * @key: Key for AES
+ * @in: Input data (16 bytes)
+ * @out: Output of the AES block operation (16 bytes)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+{
+       void *ctx;
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       aes_encrypt(ctx, in, out);
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+/**
+ * aes_128_ctr_encrypt - AES-128 CTR mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+                       u8 *data, size_t data_len)
+{
+       void *ctx;
+       size_t len, left = data_len;
+       int i;
+       u8 *pos = data;
+       u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       memcpy(counter, nonce, BLOCK_SIZE);
+
+       while (left > 0) {
+               aes_encrypt(ctx, counter, buf);
+
+               len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
+               for (i = 0; i < len; i++)
+                       pos[i] ^= buf[i];
+               pos += len;
+               left -= len;
+
+               for (i = BLOCK_SIZE - 1; i >= 0; i--) {
+                       counter[i]++;
+                       if (counter[i])
+                               break;
+               }
+       }
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+/**
+ * aes_128_eax_encrypt - AES-128 EAX mode encryption
+ * @key: Key for encryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, u8 *tag)
+{
+       u8 *buf;
+       size_t buf_len;
+       u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+       int i;
+
+       if (nonce_len > data_len)
+               buf_len = nonce_len;
+       else
+               buf_len = data_len;
+       if (hdr_len > buf_len)
+               buf_len = hdr_len;
+       buf_len += 16;
+
+       buf = malloc(buf_len);
+       if (buf == NULL)
+               return -1;
+
+       memset(buf, 0, 15);
+
+       buf[15] = 0;
+       memcpy(buf + 16, nonce, nonce_len);
+       omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+       buf[15] = 1;
+       memcpy(buf + 16, hdr, hdr_len);
+       omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+       aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+       buf[15] = 2;
+       memcpy(buf + 16, data, data_len);
+       omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+       free(buf);
+
+       for (i = 0; i < BLOCK_SIZE; i++)
+               tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
+
+       return 0;
+}
+
+
+/**
+ * aes_128_eax_decrypt - AES-128 EAX mode decryption
+ * @key: Key for decryption (16 bytes)
+ * @nonce: Nonce for counter mode
+ * @nonce_len: Nonce length in bytes
+ * @hdr: Header data to be authenticity protected
+ * @hdr_len: Length of the header data bytes
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes
+ * @tag: 16-byte tag value
+ * Returns: 0 on success, -1 on failure, -2 if tag does not match
+ */
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, const u8 *tag)
+{
+       u8 *buf;
+       size_t buf_len;
+       u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
+       int i;
+
+       if (nonce_len > data_len)
+               buf_len = nonce_len;
+       else
+               buf_len = data_len;
+       if (hdr_len > buf_len)
+               buf_len = hdr_len;
+       buf_len += 16;
+
+       buf = malloc(buf_len);
+       if (buf == NULL)
+               return -1;
+
+       memset(buf, 0, 15);
+
+       buf[15] = 0;
+       memcpy(buf + 16, nonce, nonce_len);
+       omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
+
+       buf[15] = 1;
+       memcpy(buf + 16, hdr, hdr_len);
+       omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
+
+       buf[15] = 2;
+       memcpy(buf + 16, data, data_len);
+       omac1_aes_128(key, buf, 16 + data_len, data_mac);
+
+       free(buf);
+
+       for (i = 0; i < BLOCK_SIZE; i++) {
+               if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
+                       return -2;
+       }
+
+       aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
+
+       return 0;
+}
+
+
+/**
+ * aes_128_cbc_encrypt - AES-128 CBC encryption
+ * @key: Encryption key
+ * @iv: Encryption IV for CBC mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE];
+       u8 *pos = data;
+       int i, j, blocks;
+
+       ctx = aes_encrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       memcpy(cbc, iv, BLOCK_SIZE);
+
+       blocks = data_len / BLOCK_SIZE;
+       for (i = 0; i < blocks; i++) {
+               for (j = 0; j < BLOCK_SIZE; j++)
+                       cbc[j] ^= pos[j];
+               aes_encrypt(ctx, cbc, cbc);
+               memcpy(pos, cbc, BLOCK_SIZE);
+               pos += BLOCK_SIZE;
+       }
+       aes_encrypt_deinit(ctx);
+       return 0;
+}
+
+
+/**
+ * aes_128_cbc_decrypt - AES-128 CBC decryption
+ * @key: Decryption key
+ * @iv: Decryption IV for CBC mode (16 bytes)
+ * @data: Data to decrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+       void *ctx;
+       u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
+       u8 *pos = data;
+       int i, j, blocks;
+
+       ctx = aes_decrypt_init(key, 16);
+       if (ctx == NULL)
+               return -1;
+       memcpy(cbc, iv, BLOCK_SIZE);
+
+       blocks = data_len / BLOCK_SIZE;
+       for (i = 0; i < blocks; i++) {
+               memcpy(tmp, pos, BLOCK_SIZE);
+               aes_decrypt(ctx, pos, pos);
+               for (j = 0; j < BLOCK_SIZE; j++)
+                       pos[j] ^= cbc[j];
+               memcpy(cbc, tmp, BLOCK_SIZE);
+               pos += BLOCK_SIZE;
+       }
+       aes_decrypt_deinit(ctx);
+       return 0;
+}
+
+
+#ifdef TEST_MAIN
+
+#ifdef __i386__
+#define rdtscll(val) \
+     __asm__ __volatile__("rdtsc" : "=A" (val))
+
+static void test_aes_perf(void)
+{
+       const int num_iters = 10;
+       int i;
+       unsigned int start, end;
+       u8 key[16], pt[16], ct[16];
+       void *ctx;
+
+       printf("keySetupEnc:");
+       for (i = 0; i < num_iters; i++) {
+               rdtscll(start);
+               ctx = aes_encrypt_init(key, 16);
+               rdtscll(end);
+               aes_encrypt_deinit(ctx);
+               printf(" %d", end - start);
+       }
+       printf("\n");
+
+       printf("Encrypt:");
+       ctx = aes_encrypt_init(key, 16);
+       for (i = 0; i < num_iters; i++) {
+               rdtscll(start);
+               aes_encrypt(ctx, pt, ct);
+               rdtscll(end);
+               printf(" %d", end - start);
+       }
+       aes_encrypt_deinit(ctx);
+       printf("\n");
+}
+#endif /* __i386__ */
+
+
+static int test_eax(void)
+{
+       u8 msg[] = { 0xF7, 0xFB };
+       u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
+                    0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
+       u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
+                      0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
+       u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
+       u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
+                       0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
+                       0x67, 0xE5 };
+       u8 data[sizeof(msg)], tag[BLOCK_SIZE];
+
+       memcpy(data, msg, sizeof(msg));
+       if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+                               data, sizeof(data), tag)) {
+               printf("AES-128 EAX mode encryption failed\n");
+               return 1;
+       }
+       if (memcmp(data, cipher, sizeof(data)) != 0) {
+               printf("AES-128 EAX mode encryption returned invalid cipher "
+                      "text\n");
+               return 1;
+       }
+       if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
+               printf("AES-128 EAX mode encryption returned invalid tag\n");
+               return 1;
+       }
+
+       if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+                               data, sizeof(data), tag)) {
+               printf("AES-128 EAX mode decryption failed\n");
+               return 1;
+       }
+       if (memcmp(data, msg, sizeof(data)) != 0) {
+               printf("AES-128 EAX mode decryption returned invalid plain "
+                      "text\n");
+               return 1;
+       }
+
+       return 0;
+}
+
+
+static int test_cbc(void)
+{
+       struct cbc_test_vector {
+               u8 key[16];
+               u8 iv[16];
+               u8 plain[32];
+               u8 cipher[32];
+               size_t len;
+       } vectors[] = {
+               {
+                       { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
+                         0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
+                       { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
+                         0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
+                       "Single block msg",
+                       { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
+                         0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
+                       16
+               },
+               {
+                       { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
+                         0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
+                       { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
+                         0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
+                       { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+                       { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
+                         0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
+                         0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
+                         0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
+                       32
+               }
+       };
+       int i, ret = 0;
+       u8 *buf;
+
+       for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
+               struct cbc_test_vector *tv = &vectors[i];
+               buf = malloc(tv->len);
+               if (buf == NULL) {
+                       ret++;
+                       break;
+               }
+               memcpy(buf, tv->plain, tv->len);
+               aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
+               if (memcmp(buf, tv->cipher, tv->len) != 0) {
+                       printf("AES-CBC encrypt %d failed\n", i);
+                       ret++;
+               }
+               memcpy(buf, tv->cipher, tv->len);
+               aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
+               if (memcmp(buf, tv->plain, tv->len) != 0) {
+                       printf("AES-CBC decrypt %d failed\n", i);
+                       ret++;
+               }
+               free(buf);
+       }
+
+       return ret;
+}
+
+
+/* OMAC1 AES-128 test vectors from
+ * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
+ */
+
+struct omac1_test_vector {
+       u8 k[16];
+       u8 msg[64];
+       int msg_len;
+       u8 tag[16];
+};
+
+static struct omac1_test_vector test_vectors[] =
+{
+       {
+               { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+                 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+               { },
+               0,
+               { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
+                 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
+       },
+       {
+               { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+                 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+               { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+                 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
+               16,
+               { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
+                 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
+       },
+       {
+               { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+                 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+               { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+                 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+                 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+                 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+                 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
+               40,
+               { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
+                 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
+       },
+       {
+               { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+                 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+               { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+                 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+                 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+                 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+                 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+                 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+                 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+                 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
+               64,
+               { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
+                 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
+       },
+};
+
+
+int main(int argc, char *argv[])
+{
+       u8 kek[] = {
+               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+       };
+       u8 plain[] = {
+               0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+               0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
+       };
+       u8 crypt[] = {
+               0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+               0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+               0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
+       };
+       u8 result[24];
+       int ret = 0, i;
+       struct omac1_test_vector *tv;
+
+       if (aes_wrap(kek, 2, plain, result)) {
+               printf("AES-WRAP-128-128 reported failure\n");
+               ret++;
+       }
+       if (memcmp(result, crypt, 24) != 0) {
+               printf("AES-WRAP-128-128 failed\n");
+               ret++;
+       }
+       if (aes_unwrap(kek, 2, crypt, result)) {
+               printf("AES-UNWRAP-128-128 reported failure\n");
+               ret++;
+       }
+       if (memcmp(result, plain, 16) != 0) {
+               int i;
+               printf("AES-UNWRAP-128-128 failed\n");
+               ret++;
+               for (i = 0; i < 16; i++)
+                       printf(" %02x", result[i]);
+               printf("\n");
+       }
+
+#ifdef __i386__
+       test_aes_perf();
+#endif /* __i386__ */
+
+       for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
+               tv = &test_vectors[i];
+               omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
+               if (memcmp(result, tv->tag, 16) != 0) {
+                       printf("OMAC1-AES-128 test vector %d failed\n", i);
+                       ret++;
+               }
+       }
+
+       ret += test_eax();
+
+       ret += test_cbc();
+
+       if (ret)
+               printf("FAILED!\n");
+
+       return ret;
+}
+#endif /* TEST_MAIN */
diff --git a/contrib/hostapd-0.4.9/aes_wrap.h b/contrib/hostapd-0.4.9/aes_wrap.h
new file mode 100644 (file)
index 0000000..cb1a539
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * AES-based functions
+ *
+ * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
+ * - One-Key CBC MAC (OMAC1) hash with AES-128
+ * - AES-128 CTR mode encryption
+ * - AES-128 EAX mode encryption/decryption
+ * - AES-128 CBC
+ *
+ * Copyright (c) 2003-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AES_WRAP_H
+#define AES_WRAP_H
+
+int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
+int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
+int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+                       u8 *data, size_t data_len);
+int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, u8 *tag);
+int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
+                       const u8 *hdr, size_t hdr_len,
+                       u8 *data, size_t data_len, const u8 *tag);
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
+                       size_t data_len);
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
+                       size_t data_len);
+
+#endif /* AES_WRAP_H */
diff --git a/contrib/hostapd-0.4.9/ap.h b/contrib/hostapd-0.4.9/ap.h
new file mode 100644 (file)
index 0000000..e874ffd
--- /dev/null
@@ -0,0 +1,99 @@
+#ifndef AP_H
+#define AP_H
+
+/* STA flags */
+#define WLAN_STA_AUTH BIT(0)
+#define WLAN_STA_ASSOC BIT(1)
+#define WLAN_STA_PS BIT(2)
+#define WLAN_STA_TIM BIT(3)
+#define WLAN_STA_PERM BIT(4)
+#define WLAN_STA_AUTHORIZED BIT(5)
+#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */
+#define WLAN_STA_PREAUTH BIT(7)
+
+#define WLAN_RATE_1M BIT(0)
+#define WLAN_RATE_2M BIT(1)
+#define WLAN_RATE_5M5 BIT(2)
+#define WLAN_RATE_11M BIT(3)
+#define WLAN_RATE_COUNT 4
+
+/* Maximum size of Supported Rates info element. IEEE 802.11 has a limit of 8,
+ * but some pre-standard IEEE 802.11g products use longer elements. */
+#define WLAN_SUPP_RATES_MAX 32
+
+
+struct sta_info {
+       struct sta_info *next; /* next entry in sta list */
+       struct sta_info *hnext; /* next entry in hash table list */
+       u8 addr[6];
+       u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+       u32 flags;
+       u16 capability;
+       u16 listen_interval; /* or beacon_int for APs */
+       u8 supported_rates[WLAN_SUPP_RATES_MAX];
+       u8 tx_supp_rates;
+
+       enum {
+               STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE
+       } timeout_next;
+
+       /* IEEE 802.1X related data */
+       struct eapol_state_machine *eapol_sm;
+
+       /* IEEE 802.11f (IAPP) related data */
+       struct ieee80211_mgmt *last_assoc_req;
+
+       u32 acct_session_id_hi;
+       u32 acct_session_id_lo;
+       time_t acct_session_start;
+       int acct_session_started;
+       int acct_terminate_cause; /* Acct-Terminate-Cause */
+       int acct_interim_interval; /* Acct-Interim-Interval */
+
+       unsigned long last_rx_bytes;
+       unsigned long last_tx_bytes;
+       u32 acct_input_gigawords; /* Acct-Input-Gigawords */
+       u32 acct_output_gigawords; /* Acct-Output-Gigawords */
+
+       u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */
+
+       int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
+       u8 *wpa_ie;
+       size_t wpa_ie_len;
+       struct wpa_state_machine *wpa_sm;
+       enum {
+               WPA_VERSION_NO_WPA = 0 /* WPA not used */,
+               WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
+               WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
+       } wpa;
+       int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
+       struct rsn_pmksa_cache *pmksa;
+       struct rsn_preauth_interface *preauth_iface;
+       u8 req_replay_counter[8 /* WPA_REPLAY_COUNTER_LEN */];
+       int req_replay_counter_used;
+       u32 dot11RSNAStatsTKIPLocalMICFailures;
+       u32 dot11RSNAStatsTKIPRemoteMICFailures;
+};
+
+
+#define MAX_STA_COUNT 1024
+
+/* Maximum number of AIDs to use for STAs; must be 2007 or lower
+ * (8802.11 limitation) */
+#define MAX_AID_TABLE_SIZE 128
+
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+
+
+/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY has
+ * passed since last received frame from the station, a nullfunc data frame is
+ * sent to the station. If this frame is not acknowledged and no other frames
+ * have been received, the station will be disassociated after
+ * AP_DISASSOC_DELAY seconds. Similarily, the station will be deauthenticated
+ * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
+#define AP_MAX_INACTIVITY (5 * 60)
+#define AP_DISASSOC_DELAY (1)
+#define AP_DEAUTH_DELAY (1)
+
+#endif /* AP_H */
diff --git a/contrib/hostapd-0.4.9/common.c b/contrib/hostapd-0.4.9/common.c
new file mode 100644 (file)
index 0000000..4b756d8
--- /dev/null
@@ -0,0 +1,388 @@
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <time.h>
+#include <sys/time.h>
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock2.h>
+#include <wincrypt.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#include "common.h"
+
+
+int wpa_debug_level = MSG_INFO;
+int wpa_debug_show_keys = 0;
+int wpa_debug_timestamp = 0;
+
+
+int hostapd_get_rand(u8 *buf, size_t len)
+{
+#ifdef CONFIG_NATIVE_WINDOWS
+       HCRYPTPROV prov;
+       BOOL ret;
+
+       if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL,
+                                CRYPT_VERIFYCONTEXT))
+               return -1;
+
+       ret = CryptGenRandom(prov, len, buf);
+       CryptReleaseContext(prov, 0);
+
+       return ret ? 0 : -1;
+#else /* CONFIG_NATIVE_WINDOWS */
+       FILE *f;
+       size_t rc;
+
+       f = fopen("/dev/urandom", "r");
+       if (f == NULL) {
+               printf("Could not open /dev/urandom.\n");
+               return -1;
+       }
+
+       rc = fread(buf, 1, len, f);
+       fclose(f);
+
+       return rc != len ? -1 : 0;
+#endif /* CONFIG_NATIVE_WINDOWS */
+}
+
+
+void hostapd_hexdump(const char *title, const u8 *buf, size_t len)
+{
+       size_t i;
+       printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+       for (i = 0; i < len; i++)
+               printf(" %02x", buf[i]);
+       printf("\n");
+}
+
+
+static int hex2num(char c)
+{
+       if (c >= '0' && c <= '9')
+               return c - '0';
+       if (c >= 'a' && c <= 'f')
+               return c - 'a' + 10;
+       if (c >= 'A' && c <= 'F')
+               return c - 'A' + 10;
+       return -1;
+}
+
+
+static int hex2byte(const char *hex)
+{
+       int a, b;
+       a = hex2num(*hex++);
+       if (a < 0)
+               return -1;
+       b = hex2num(*hex++);
+       if (b < 0)
+               return -1;
+       return (a << 4) | b;
+}
+
+
+/**
+ * hwaddr_aton - Convert ASCII string to MAC address
+ * @txt: MAC address as a string (e.g., "00:11:22:33:44:55")
+ * @addr: Buffer for the MAC address (ETH_ALEN = 6 bytes)
+ * Returns: 0 on success, -1 on failure (e.g., string not a MAC address)
+ */
+int hwaddr_aton(const char *txt, u8 *addr)
+{
+       int i;
+
+       for (i = 0; i < 6; i++) {
+               int a, b;
+
+               a = hex2num(*txt++);
+               if (a < 0)
+                       return -1;
+               b = hex2num(*txt++);
+               if (b < 0)
+                       return -1;
+               *addr++ = (a << 4) | b;
+               if (i < 5 && *txt++ != ':')
+                       return -1;
+       }
+
+       return 0;
+}
+
+
+/**
+ * hexstr2bin - Convert ASCII hex string into binary data
+ * @hex: ASCII hex string (e.g., "01ab")
+ * @buf: Buffer for the binary data
+ * @len: Length of the text to convert in bytes (of buf); hex will be double
+ * this size
+ * Returns: 0 on success, -1 on failure (invalid hex string)
+ */
+int hexstr2bin(const char *hex, u8 *buf, size_t len)
+{
+       int i, a;
+       const char *ipos = hex;
+       u8 *opos = buf;
+
+       for (i = 0; i < len; i++) {
+               a = hex2byte(ipos);
+               if (a < 0)
+                       return -1;
+               *opos++ = a;
+               ipos += 2;
+       }
+       return 0;
+}
+
+
+char * rel2abs_path(const char *rel_path)
+{
+       char *buf = NULL, *cwd, *ret;
+       size_t len = 128, cwd_len, rel_len, ret_len;
+
+       if (rel_path[0] == '/')
+               return strdup(rel_path);
+
+       for (;;) {
+               buf = malloc(len);
+               if (buf == NULL)
+                       return NULL;
+               cwd = getcwd(buf, len);
+               if (cwd == NULL) {
+                       free(buf);
+                       if (errno != ERANGE) {
+                               return NULL;
+                       }
+                       len *= 2;
+               } else {
+                       break;
+               }
+       }
+
+       cwd_len = strlen(cwd);
+       rel_len = strlen(rel_path);
+       ret_len = cwd_len + 1 + rel_len + 1;
+       ret = malloc(ret_len);
+       if (ret) {
+               memcpy(ret, cwd, cwd_len);
+               ret[cwd_len] = '/';
+               memcpy(ret + cwd_len + 1, rel_path, rel_len);
+               ret[ret_len - 1] = '\0';
+       }
+       free(buf);
+       return ret;
+}
+
+
+/**
+ * inc_byte_array - Increment arbitrary length byte array by one
+ * @counter: Pointer to byte array
+ * @len: Length of the counter in bytes
+ *
+ * This function increments the last byte of the counter by one and continues
+ * rolling over to more significant bytes if the byte was incremented from
+ * 0xff to 0x00.
+ */
+void inc_byte_array(u8 *counter, size_t len)
+{
+       int pos = len - 1;
+       while (pos >= 0) {
+               counter[pos]++;
+               if (counter[pos] != 0)
+                       break;
+               pos--;
+       }
+}
+
+
+void print_char(char c)
+{
+       if (c >= 32 && c < 127)
+               printf("%c", c);
+       else
+               printf("<%02x>", c);
+}
+
+
+void fprint_char(FILE *f, char c)
+{
+       if (c >= 32 && c < 127)
+               fprintf(f, "%c", c);
+       else
+               fprintf(f, "<%02x>", c);
+}
+
+
+#ifndef CONFIG_NO_STDOUT_DEBUG
+
+void wpa_debug_print_timestamp(void)
+{
+       struct timeval tv;
+       char buf[16];
+
+       if (!wpa_debug_timestamp)
+               return;
+
+       gettimeofday(&tv, NULL);
+       if (strftime(buf, sizeof(buf), "%b %d %H:%M:%S",
+                    localtime((const time_t *) &tv.tv_sec)) <= 0) {
+               snprintf(buf, sizeof(buf), "%u", (int) tv.tv_sec);
+       }
+       printf("%s.%06u: ", buf, (unsigned int) tv.tv_usec);
+}
+
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+{
+       va_list ap;
+
+       va_start(ap, fmt);
+       if (level >= wpa_debug_level) {
+               wpa_debug_print_timestamp();
+               vprintf(fmt, ap);
+               printf("\n");
+       }
+       va_end(ap);
+}
+
+
+static void _wpa_hexdump(int level, const char *title, const u8 *buf,
+                        size_t len, int show)
+{
+       size_t i;
+       if (level < wpa_debug_level)
+               return;
+       wpa_debug_print_timestamp();
+       printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+       if (buf == NULL) {
+               printf(" [NULL]");
+       } else if (show) {
+               for (i = 0; i < len; i++)
+                       printf(" %02x", buf[i]);
+       } else {
+               printf(" [REMOVED]");
+       }
+       printf("\n");
+}
+
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys);
+}
+
+
+static void _wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+                              size_t len, int show)
+{
+       int i, llen;
+       const u8 *pos = buf;
+       const int line_len = 16;
+
+       if (level < wpa_debug_level)
+               return;
+       wpa_debug_print_timestamp();
+       if (!show) {
+               printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+                      title, (unsigned long) len);
+               return;
+       }
+       if (buf == NULL) {
+               printf("%s - hexdump_ascii(len=%lu): [NULL]\n",
+                      title, (unsigned long) len);
+               return;
+       }
+       printf("%s - hexdump_ascii(len=%lu):\n", title, (unsigned long) len);
+       while (len) {
+               llen = len > line_len ? line_len : len;
+               printf("    ");
+               for (i = 0; i < llen; i++)
+                       printf(" %02x", pos[i]);
+               for (i = llen; i < line_len; i++)
+                       printf("   ");
+               printf("   ");
+               for (i = 0; i < llen; i++) {
+                       if (isprint(pos[i]))
+                               printf("%c", pos[i]);
+                       else
+                               printf("_");
+               }
+               for (i = llen; i < line_len; i++)
+                       printf(" ");
+               printf("\n");
+               pos += llen;
+               len -= llen;
+       }
+}
+
+
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, size_t len)
+{
+       _wpa_hexdump_ascii(level, title, buf, len, 1);
+}
+
+
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+                          size_t len)
+{
+       _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+}
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef CONFIG_NATIVE_WINDOWS
+
+#define EPOCHFILETIME (116444736000000000ULL)
+
+int gettimeofday(struct timeval *tv, struct timezone *tz)
+{
+       FILETIME ft;
+       LARGE_INTEGER li;
+       ULONGLONG t;
+
+       GetSystemTimeAsFileTime(&ft);
+       li.LowPart = ft.dwLowDateTime;
+       li.HighPart = ft.dwHighDateTime;
+       t = (li.QuadPart - EPOCHFILETIME) / 10;
+       tv->tv_sec = (long) (t / 1000000);
+       tv->tv_usec = (long) (t % 1000000);
+
+       return 0;
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
diff --git a/contrib/hostapd-0.4.9/common.h b/contrib/hostapd-0.4.9/common.h
new file mode 100644 (file)
index 0000000..2ce8a5a
--- /dev/null
@@ -0,0 +1,293 @@
+/*
+ * wpa_supplicant/hostapd / common helper functions, etc.
+ * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#ifdef __linux__
+#include <endian.h>
+#include <byteswap.h>
+#endif /* __linux__ */
+
+#if defined(__FreeBSD__) || defined(__NetBSD__)
+#include <sys/types.h>
+#include <sys/endian.h>
+#define __BYTE_ORDER   _BYTE_ORDER
+#define        __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define        __BIG_ENDIAN    _BIG_ENDIAN
+#define bswap_16 bswap16
+#define bswap_32 bswap32
+#define bswap_64 bswap64
+#endif /* defined(__FreeBSD__) || defined(__NetBSD__) */
+
+#ifdef CONFIG_NATIVE_WINDOWS
+#include <winsock2.h>
+
+static inline int daemon(int nochdir, int noclose)
+{
+       printf("Windows - daemon() not supported yet\n");
+       return -1;
+}
+
+static inline void sleep(int seconds)
+{
+       Sleep(seconds * 1000);
+}
+
+static inline void usleep(unsigned long usec)
+{
+       Sleep(usec / 1000);
+}
+
+#ifndef timersub
+#define timersub(a, b, res) do { \
+       (res)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
+       (res)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
+       if ((res)->tv_usec < 0) { \
+               (res)->tv_sec--; \
+               (res)->tv_usec += 1000000; \
+       } \
+} while (0)
+#endif
+
+struct timezone {
+       int  tz_minuteswest;
+       int  tz_dsttime;
+};
+
+int gettimeofday(struct timeval *tv, struct timezone *tz);
+
+static inline long int random(void)
+{
+       return rand();
+}
+
+typedef int gid_t;
+typedef int socklen_t;
+
+#ifndef MSG_DONTWAIT
+#define MSG_DONTWAIT 0 /* not supported */
+#endif
+
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
+
+static inline unsigned short wpa_swap_16(unsigned short v)
+{
+       return ((v & 0xff) << 8) | (v >> 8);
+}
+
+static inline unsigned int wpa_swap_32(unsigned int v)
+{
+       return ((v & 0xff) << 24) | ((v & 0xff00) << 8) |
+               ((v & 0xff0000) >> 8) | (v >> 24);
+}
+
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) wpa_swap_16(n)
+#define host_to_be16(n) wpa_swap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) wpa_swap_32(n)
+#define host_to_be32(n) wpa_swap_32(n)
+
+#else /* __CYGWIN__ */
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define le_to_host16(n) (n)
+#define host_to_le16(n) (n)
+#define be_to_host16(n) bswap_16(n)
+#define host_to_be16(n) bswap_16(n)
+#define le_to_host32(n) (n)
+#define be_to_host32(n) bswap_32(n)
+#define host_to_be32(n) bswap_32(n)
+#elif __BYTE_ORDER == __BIG_ENDIAN
+#define le_to_host16(n) bswap_16(n)
+#define host_to_le16(n) bswap_16(n)
+#define be_to_host16(n) (n)
+#define host_to_be16(n) (n)
+#define le_to_host32(n) bswap_32(n)
+#define be_to_host32(n) (n)
+#define host_to_be32(n) (n)
+#ifndef WORDS_BIGENDIAN
+#define WORDS_BIGENDIAN
+#endif
+#else
+#error Could not determine CPU byte order
+#endif
+
+#endif /* __CYGWIN__ */
+
+/* Macros for handling unaligned 16-bit variables */
+#define WPA_GET_BE16(a) ((u16) (((a)[0] << 8) | (a)[1]))
+#define WPA_PUT_BE16(a, val)                   \
+       do {                                    \
+               (a)[0] = ((u16) (val)) >> 8;    \
+               (a)[1] = ((u16) (val)) & 0xff;  \
+       } while (0)
+
+#define WPA_GET_LE16(a) ((u16) (((a)[1] << 8) | (a)[0]))
+#define WPA_PUT_LE16(a, val)                   \
+       do {                                    \
+               (a)[1] = ((u16) (val)) >> 8;    \
+               (a)[0] = ((u16) (val)) & 0xff;  \
+       } while (0)
+
+#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
+                        (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
+
+
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif
+
+#include <stdint.h>
+typedef uint64_t u64;
+typedef uint32_t u32;
+typedef uint16_t u16;
+typedef uint8_t u8;
+typedef int64_t s64;
+typedef int32_t s32;
+typedef int16_t s16;
+typedef int8_t s8;
+
+int hostapd_get_rand(u8 *buf, size_t len);
+void hostapd_hexdump(const char *title, const u8 *buf, size_t len);
+int hwaddr_aton(const char *txt, u8 *addr);
+int hexstr2bin(const char *hex, u8 *buf, size_t len);
+char * rel2abs_path(const char *rel_path);
+void inc_byte_array(u8 *counter, size_t len);
+void print_char(char c);
+void fprint_char(FILE *f, char c);
+
+
+/* Debugging function - conditional printf and hex dump. Driver wrappers can
+ *  use these for debugging purposes. */
+
+enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR };
+
+#ifdef CONFIG_NO_STDOUT_DEBUG
+
+#define wpa_debug_print_timestamp() do { } while (0)
+#define wpa_printf(args...) do { } while (0)
+#define wpa_hexdump(args...) do { } while (0)
+#define wpa_hexdump_key(args...) do { } while (0)
+#define wpa_hexdump_ascii(args...) do { } while (0)
+#define wpa_hexdump_ascii_key(args...) do { } while (0)
+
+#else /* CONFIG_NO_STDOUT_DEBUG */
+
+/**
+ * wpa_debug_printf_timestamp - Print timestamp for debug output
+ *
+ * This function prints a timestamp in <seconds from 1970>.<microsoconds>
+ * format if debug output has been configured to include timestamps in debug
+ * messages.
+ */
+void wpa_debug_print_timestamp(void);
+
+/**
+ * wpa_printf - conditional printf
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration.
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+void wpa_printf(int level, char *fmt, ...)
+__attribute__ ((format (printf, 2, 3)));
+
+/**
+ * wpa_hexdump - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump.
+ */
+void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump. This works
+ * like wpa_hexdump(), but by default, does not include secret keys (passwords,
+ * etc.) in debug output.
+ */
+void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len);
+
+/**
+ * wpa_hexdump_ascii - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown.
+ */
+void wpa_hexdump_ascii(int level, const char *title, const u8 *buf,
+                      size_t len);
+
+/**
+ * wpa_hexdump_ascii_key - conditional hex dump, hide keys
+ * @level: priority level (MSG_*) of the message
+ * @title: title of for the message
+ * @buf: data buffer to be dumped
+ * @len: length of the buf
+ *
+ * This function is used to print conditional debugging and error messages. The
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump with both
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
+ * default, does not include secret keys (passwords, etc.) in debug output.
+ */
+void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
+                          size_t len);
+
+#endif /* CONFIG_NO_STDOUT_DEBUG */
+
+
+#ifdef EAPOL_TEST
+#define WPA_ASSERT(a)                                                 \
+       do {                                                           \
+               if (!(a)) {                                            \
+                       printf("WPA_ASSERT FAILED '" #a "' "           \
+                              "%s %s:%d\n",                           \
+                              __FUNCTION__, __FILE__, __LINE__);      \
+                       exit(1);                                       \
+               }                                                      \
+       } while (0)
+#else
+#define WPA_ASSERT(a) do { } while (0)
+#endif
+
+#endif /* COMMON_H */
diff --git a/contrib/hostapd-0.4.9/config.c b/contrib/hostapd-0.4.9/config.c
new file mode 100644 (file)
index 0000000..1c4f84e
--- /dev/null
@@ -0,0 +1,1230 @@
+/*
+ * Host AP (software wireless LAN access point) user space daemon for
+ * Host AP kernel driver / Configuration file
+ * Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <grp.h>
+
+#include "hostapd.h"
+#include "driver.h"
+#include "sha1.h"
+#include "eap.h"
+#include "radius_client.h"
+#include "ieee802_1x.h"
+
+
+static struct hostapd_config *hostapd_config_defaults(void)
+{
+       struct hostapd_config *conf;
+
+       conf = malloc(sizeof(*conf) + sizeof(struct hostapd_radius_servers));
+       if (conf == NULL) {
+               printf("Failed to allocate memory for configuration data.\n");
+               return NULL;
+       }
+       memset(conf, 0, sizeof(*conf) + sizeof(struct hostapd_radius_servers));
+       conf->radius = (struct hostapd_radius_servers *) (conf + 1);
+
+       /* set default driver based on configuration */
+       conf->driver = driver_lookup("default");
+       if (conf->driver == NULL) {
+               printf("No default driver registered!\n");
+               free(conf);
+               return NULL;
+       }
+
+       conf->wep_rekeying_period = 300;
+       conf->eap_reauth_period = 3600;
+
+       conf->logger_syslog_level = HOSTAPD_LEVEL_INFO;
+       conf->logger_stdout_level = HOSTAPD_LEVEL_INFO;
+       conf->logger_syslog = (unsigned int) -1;
+       conf->logger_stdout = (unsigned int) -1;
+
+       conf->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
+       conf->eapol_version = EAPOL_VERSION;
+
+       conf->wpa_group_rekey = 600;
+       conf->wpa_gmk_rekey = 86400;
+       conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+       conf->wpa_pairwise = WPA_CIPHER_TKIP;
+       conf->wpa_group = WPA_CIPHER_TKIP;
+
+       conf->radius_server_auth_port = 1812;
+
+       return conf;
+}
+
+
+static int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr)
+{
+       if (inet_aton(txt, &addr->u.v4)) {
+               addr->af = AF_INET;
+               return 0;
+       }
+
+#ifdef CONFIG_IPV6
+       if (inet_pton(AF_INET6, txt, &addr->u.v6) > 0) {
+               addr->af = AF_INET6;
+               return 0;
+       }
+#endif /* CONFIG_IPV6 */
+
+       return -1;
+}
+
+
+static int mac_comp(const void *a, const void *b)
+{
+       return memcmp(a, b, sizeof(macaddr));
+}
+
+
+static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
+                                      int *num)
+{
+       FILE *f;
+       char buf[128], *pos;
+       int line = 0;
+       u8 addr[ETH_ALEN];
+       macaddr *newacl;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("MAC list file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (hwaddr_aton(buf, addr)) {
+                       printf("Invalid MAC address '%s' at line %d in '%s'\n",
+                              buf, line, fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN);
+               if (newacl == NULL) {
+                       printf("MAC list reallocation failed\n");
+                       fclose(f);
+                       return -1;
+               }
+
+               *acl = newacl;
+               memcpy((*acl)[*num], addr, ETH_ALEN);
+               (*num)++;
+       }
+
+       fclose(f);
+
+       qsort(*acl, *num, sizeof(macaddr), mac_comp);
+
+       return 0;
+}
+
+
+static int hostapd_config_read_wpa_psk(const char *fname,
+                                      struct hostapd_config *conf)
+{
+       FILE *f;
+       char buf[128], *pos;
+       int line = 0, ret = 0, len, ok;
+       u8 addr[ETH_ALEN];
+       struct hostapd_wpa_psk *psk;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("WPA PSK file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (hwaddr_aton(buf, addr)) {
+                       printf("Invalid MAC address '%s' on line %d in '%s'\n",
+                              buf, line, fname);
+                       ret = -1;
+                       break;
+               }
+
+               psk = malloc(sizeof(*psk));
+               if (psk == NULL) {
+                       printf("WPA PSK allocation failed\n");
+                       ret = -1;
+                       break;
+               }
+               memset(psk, 0, sizeof(*psk));
+               if (memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+                       psk->group = 1;
+               else
+                       memcpy(psk->addr, addr, ETH_ALEN);
+
+               pos = buf + 17;
+               if (pos == '\0') {
+                       printf("No PSK on line %d in '%s'\n", line, fname);
+                       free(psk);
+                       ret = -1;
+                       break;
+               }
+               pos++;
+
+               ok = 0;
+               len = strlen(pos);
+               if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
+                       ok = 1;
+               else if (len >= 8 && len < 64) {
+                       pbkdf2_sha1(pos, conf->ssid, conf->ssid_len,
+                                   4096, psk->psk, PMK_LEN);
+                       ok = 1;
+               }
+               if (!ok) {
+                       printf("Invalid PSK '%s' on line %d in '%s'\n",
+                              pos, line, fname);
+                       free(psk);
+                       ret = -1;
+                       break;
+               }
+
+               psk->next = conf->wpa_psk;
+               conf->wpa_psk = psk;
+       }
+
+       fclose(f);
+
+       return ret;
+}
+
+
+int hostapd_setup_wpa_psk(struct hostapd_config *conf)
+{
+       if (conf->wpa_passphrase != NULL) {
+               if (conf->wpa_psk != NULL) {
+                       printf("Warning: both WPA PSK and passphrase set. "
+                              "Using passphrase.\n");
+                       free(conf->wpa_psk);
+               }
+               conf->wpa_psk = malloc(sizeof(struct hostapd_wpa_psk));
+               if (conf->wpa_psk == NULL) {
+                       printf("Unable to alloc space for PSK\n");
+                       return -1;
+               }
+               wpa_hexdump_ascii(MSG_DEBUG, "SSID",
+                                 (u8 *) conf->ssid, conf->ssid_len);
+               wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)",
+                                 (u8 *) conf->wpa_passphrase,
+                                 strlen(conf->wpa_passphrase));
+               memset(conf->wpa_psk, 0, sizeof(struct hostapd_wpa_psk));
+               pbkdf2_sha1(conf->wpa_passphrase,
+                           conf->ssid, conf->ssid_len,
+                           4096, conf->wpa_psk->psk, PMK_LEN);
+               wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)",
+                           conf->wpa_psk->psk, PMK_LEN);
+               conf->wpa_psk->group = 1;
+
+               memset(conf->wpa_passphrase, 0, strlen(conf->wpa_passphrase));
+               free(conf->wpa_passphrase);
+               conf->wpa_passphrase = 0;
+       }
+
+       if (conf->wpa_psk_file) {
+               if (hostapd_config_read_wpa_psk(conf->wpa_psk_file, conf))
+                       return -1;
+               free(conf->wpa_psk_file);
+               conf->wpa_psk_file = NULL;
+       }
+
+       return 0;
+}
+
+
+#ifdef EAP_SERVER
+static int hostapd_config_read_eap_user(const char *fname,
+                                       struct hostapd_config *conf)
+{
+       FILE *f;
+       char buf[512], *pos, *start, *pos2;
+       int line = 0, ret = 0, num_methods;
+       struct hostapd_eap_user *user, *tail = NULL;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               printf("EAP user file '%s' not found.\n", fname);
+               return -1;
+       }
+
+       /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               user = NULL;
+
+               if (buf[0] != '"' && buf[0] != '*') {
+                       printf("Invalid EAP identity (no \" in start) on "
+                              "line %d in '%s'\n", line, fname);
+                       goto failed;
+               }
+
+               user = malloc(sizeof(*user));
+               if (user == NULL) {
+                       printf("EAP user allocation failed\n");
+                       goto failed;
+               }
+               memset(user, 0, sizeof(*user));
+               user->force_version = -1;
+
+               if (buf[0] == '*') {
+                       pos = buf;
+               } else {
+                       pos = buf + 1;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               printf("Invalid EAP identity (no \" in end) on"
+                                      " line %d in '%s'\n", line, fname);
+                               goto failed;
+                       }
+
+                       user->identity = malloc(pos - start);
+                       if (user->identity == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "identity\n");
+                               goto failed;
+                       }
+                       memcpy(user->identity, start, pos - start);
+                       user->identity_len = pos - start;
+               }
+               pos++;
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+
+               if (*pos == '\0') {
+                       printf("No EAP method on line %d in '%s'\n",
+                              line, fname);
+                       goto failed;
+               }
+
+               start = pos;
+               while (*pos != ' ' && *pos != '\t' && *pos != '\0')
+                       pos++;
+               if (*pos == '\0') {
+                       pos = NULL;
+               } else {
+                       *pos = '\0';
+                       pos++;
+               }
+               num_methods = 0;
+               while (*start) {
+                       char *pos2 = strchr(start, ',');
+                       if (pos2) {
+                               *pos2++ = '\0';
+                       }
+                       user->methods[num_methods] = eap_get_type(start);
+                       if (user->methods[num_methods] == EAP_TYPE_NONE) {
+                               printf("Unsupported EAP type '%s' on line %d "
+                                      "in '%s'\n", start, line, fname);
+                               goto failed;
+                       }
+
+                       num_methods++;
+                       if (num_methods >= EAP_USER_MAX_METHODS)
+                               break;
+                       if (pos2 == NULL)
+                               break;
+                       start = pos2;
+               }
+               if (num_methods == 0) {
+                       printf("No EAP types configured on line %d in '%s'\n",
+                              line, fname);
+                       goto failed;
+               }
+
+               if (pos == NULL)
+                       goto done;
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (*pos == '\0')
+                       goto done;
+
+               if (strncmp(pos, "[ver=0]", 7) == 0) {
+                       user->force_version = 0;
+                       goto done;
+               }
+
+               if (strncmp(pos, "[ver=1]", 7) == 0) {
+                       user->force_version = 1;
+                       goto done;
+               }
+
+               if (strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+                       goto done;
+               }
+
+               if (*pos == '"') {
+                       pos++;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               printf("Invalid EAP password (no \" in end) "
+                                      "on line %d in '%s'\n", line, fname);
+                               goto failed;
+                       }
+
+                       user->password = malloc(pos - start);
+                       if (user->password == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "password\n");
+                               goto failed;
+                       }
+                       memcpy(user->password, start, pos - start);
+                       user->password_len = pos - start;
+
+                       pos++;
+               } else {
+                       pos2 = pos;
+                       while (*pos2 != '\0' && *pos2 != ' ' &&
+                              *pos2 != '\t' && *pos2 != '#')
+                               pos2++;
+                       if ((pos2 - pos) & 1) {
+                               printf("Invalid hex password on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password = malloc((pos2 - pos) / 2);
+                       if (user->password == NULL) {
+                               printf("Failed to allocate memory for EAP "
+                                      "password\n");
+                               goto failed;
+                       }
+                       if (hexstr2bin(pos, user->password,
+                                      (pos2 - pos) / 2) < 0) {
+                               printf("Invalid hex password on line %d in "
+                                      "'%s'\n", line, fname);
+                               goto failed;
+                       }
+                       user->password_len = (pos2 - pos) / 2;
+                       pos = pos2;
+               }
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+               }
+
+       done:
+               if (tail == NULL) {
+                       tail = conf->eap_user = user;
+               } else {
+                       tail->next = user;
+                       tail = user;
+               }
+               continue;
+
+       failed:
+               if (user) {
+                       free(user->identity);
+                       free(user);
+               }
+               ret = -1;
+               break;
+       }
+
+       fclose(f);
+
+       return ret;
+}
+#endif /* EAP_SERVER */
+
+
+static int
+hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
+                               int *num_server, const char *val, int def_port,
+                               struct hostapd_radius_server **curr_serv)
+{
+       struct hostapd_radius_server *nserv;
+       int ret;
+       static int server_index = 1;
+
+       nserv = realloc(*server, (*num_server + 1) * sizeof(*nserv));
+       if (nserv == NULL)
+               return -1;
+
+       *server = nserv;
+       nserv = &nserv[*num_server];
+       (*num_server)++;
+       (*curr_serv) = nserv;
+
+       memset(nserv, 0, sizeof(*nserv));
+       nserv->port = def_port;
+       ret = hostapd_parse_ip_addr(val, &nserv->addr);
+       nserv->index = server_index++;
+
+       return ret;
+}
+
+
+static int hostapd_config_parse_key_mgmt(int line, const char *value)
+{
+       int val = 0, last;
+       char *start, *end, *buf;
+
+       buf = strdup(value);
+       if (buf == NULL)
+               return -1;
+       start = buf;
+
+       while (start != '\0') {
+               while (*start == ' ' || *start == '\t')
+                       start++;
+               if (*start == '\0')
+                       break;
+               end = start;
+               while (*end != ' ' && *end != '\t' && *end != '\0')
+                       end++;
+               last = *end == '\0';
+               *end = '\0';
+               if (strcmp(start, "WPA-PSK") == 0)
+                       val |= WPA_KEY_MGMT_PSK;
+               else if (strcmp(start, "WPA-EAP") == 0)
+                       val |= WPA_KEY_MGMT_IEEE8021X;
+               else {
+                       printf("Line %d: invalid key_mgmt '%s'", line, start);
+                       free(buf);
+                       return -1;
+               }
+
+               if (last)
+                       break;
+               start = end + 1;
+       }
+
+       free(buf);
+       if (val == 0) {
+               printf("Line %d: no key_mgmt values configured.", line);
+               return -1;
+       }
+
+       return val;
+}
+
+
+static int hostapd_config_parse_cipher(int line, const char *value)
+{
+       int val = 0, last;
+       char *start, *end, *buf;
+
+       buf = strdup(value);
+       if (buf == NULL)
+               return -1;
+       start = buf;
+
+       while (start != '\0') {
+               while (*start == ' ' || *start == '\t')
+                       start++;
+               if (*start == '\0')
+                       break;
+               end = start;
+               while (*end != ' ' && *end != '\t' && *end != '\0')
+                       end++;
+               last = *end == '\0';
+               *end = '\0';
+               if (strcmp(start, "CCMP") == 0)
+                       val |= WPA_CIPHER_CCMP;
+               else if (strcmp(start, "TKIP") == 0)
+                       val |= WPA_CIPHER_TKIP;
+               else if (strcmp(start, "WEP104") == 0)
+                       val |= WPA_CIPHER_WEP104;
+               else if (strcmp(start, "WEP40") == 0)
+                       val |= WPA_CIPHER_WEP40;
+               else if (strcmp(start, "NONE") == 0)
+                       val |= WPA_CIPHER_NONE;
+               else {
+                       printf("Line %d: invalid cipher '%s'.", line, start);
+                       free(buf);
+                       return -1;
+               }
+
+               if (last)
+                       break;
+               start = end + 1;
+       }
+       free(buf);
+
+       if (val == 0) {
+               printf("Line %d: no cipher values configured.", line);
+               return -1;
+       }
+       return val;
+}
+
+
+static int hostapd_config_check(struct hostapd_config *conf)
+{
+       if (conf->ieee802_1x && !conf->eap_server &&
+           !conf->radius->auth_servers) {
+               printf("Invalid IEEE 802.1X configuration (no EAP "
+                      "authenticator configured).\n");
+               return -1;
+       }
+
+       if (conf->wpa && (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
+           conf->wpa_psk == NULL && conf->wpa_passphrase == NULL &&
+           conf->wpa_psk_file == NULL) {
+               printf("WPA-PSK enabled, but PSK or passphrase is not "
+                      "configured.\n");
+               return -1;
+       }
+
+       return 0;
+}
+
+
+struct hostapd_config * hostapd_config_read(const char *fname)
+{
+       struct hostapd_config *conf;
+       FILE *f;
+       char buf[256], *pos;
+       int line = 0;
+       int errors = 0;
+       char *accept_mac_file = NULL, *deny_mac_file = NULL;
+#ifdef EAP_SERVER
+       char *eap_user_file = NULL;
+#endif /* EAP_SERVER */
+
+       f = fopen(fname, "r");
+       if (f == NULL) {
+               printf("Could not open configuration file '%s' for reading.\n",
+                      fname);
+               return NULL;
+       }
+
+       conf = hostapd_config_defaults();
+       if (conf == NULL) {
+               fclose(f);
+               return NULL;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               pos = strchr(buf, '=');
+               if (pos == NULL) {
+                       printf("Line %d: invalid line '%s'\n", line, buf);
+                       errors++;
+                       continue;
+               }
+               *pos = '\0';
+               pos++;
+
+               if (strcmp(buf, "interface") == 0) {
+                       snprintf(conf->iface, sizeof(conf->iface), "%s", pos);
+               } else if (strcmp(buf, "bridge") == 0) {
+                       snprintf(conf->bridge, sizeof(conf->bridge), "%s",
+                                pos);
+               } else if (strcmp(buf, "driver") == 0) {
+                       conf->driver = driver_lookup(pos);
+                       if (conf->driver == NULL) {
+                               printf("Line %d: invalid/unknown driver "
+                                      "'%s'\n", line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "debug") == 0) {
+                       conf->debug = atoi(pos);
+               } else if (strcmp(buf, "logger_syslog_level") == 0) {
+                       conf->logger_syslog_level = atoi(pos);
+               } else if (strcmp(buf, "logger_stdout_level") == 0) {
+                       conf->logger_stdout_level = atoi(pos);
+               } else if (strcmp(buf, "logger_syslog") == 0) {
+                       conf->logger_syslog = atoi(pos);
+               } else if (strcmp(buf, "logger_stdout") == 0) {
+                       conf->logger_stdout = atoi(pos);
+               } else if (strcmp(buf, "dump_file") == 0) {
+                       conf->dump_log_name = strdup(pos);
+               } else if (strcmp(buf, "ssid") == 0) {
+                       conf->ssid_len = strlen(pos);
+                       if (conf->ssid_len >= HOSTAPD_SSID_LEN ||
+                           conf->ssid_len < 1) {
+                               printf("Line %d: invalid SSID '%s'\n", line,
+                                      pos);
+                               errors++;
+                       }
+                       memcpy(conf->ssid, pos, conf->ssid_len);
+                       conf->ssid[conf->ssid_len] = '\0';
+                       conf->ssid_set = 1;
+               } else if (strcmp(buf, "macaddr_acl") == 0) {
+                       conf->macaddr_acl = atoi(pos);
+                       if (conf->macaddr_acl != ACCEPT_UNLESS_DENIED &&
+                           conf->macaddr_acl != DENY_UNLESS_ACCEPTED &&
+                           conf->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+                               printf("Line %d: unknown macaddr_acl %d\n",
+                                      line, conf->macaddr_acl);
+                       }
+               } else if (strcmp(buf, "accept_mac_file") == 0) {
+                       accept_mac_file = strdup(pos);
+                       if (!accept_mac_file) {
+                               printf("Line %d: allocation failed\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "deny_mac_file") == 0) {
+                       deny_mac_file = strdup(pos);
+                       if (!deny_mac_file) {
+                               printf("Line %d: allocation failed\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "assoc_ap_addr") == 0) {
+                       if (hwaddr_aton(pos, conf->assoc_ap_addr)) {
+                               printf("Line %d: invalid MAC address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+                       conf->assoc_ap = 1;
+               } else if (strcmp(buf, "ieee8021x") == 0) {
+                       conf->ieee802_1x = atoi(pos);
+               } else if (strcmp(buf, "eapol_version") == 0) {
+                       conf->eapol_version = atoi(pos);
+                       if (conf->eapol_version < 1 ||
+                           conf->eapol_version > 2) {
+                               printf("Line %d: invalid EAPOL "
+                                      "version (%d): '%s'.\n",
+                                      line, conf->eapol_version, pos);
+                               errors++;
+                       } else
+                               wpa_printf(MSG_DEBUG, "eapol_version=%d",
+                                          conf->eapol_version);
+#ifdef EAP_SERVER
+               } else if (strcmp(buf, "eap_authenticator") == 0) {
+                       conf->eap_server = atoi(pos);
+                       printf("Line %d: obsolete eap_authenticator used; "
+                              "this has been renamed to eap_server\n", line);
+               } else if (strcmp(buf, "eap_server") == 0) {
+                       conf->eap_server = atoi(pos);
+               } else if (strcmp(buf, "eap_user_file") == 0) {
+                       free(eap_user_file);
+                       eap_user_file = strdup(pos);
+                       if (!eap_user_file) {
+                               printf("Line %d: allocation failed\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "ca_cert") == 0) {
+                       free(conf->ca_cert);
+                       conf->ca_cert = strdup(pos);
+               } else if (strcmp(buf, "server_cert") == 0) {
+                       free(conf->server_cert);
+                       conf->server_cert = strdup(pos);
+               } else if (strcmp(buf, "private_key") == 0) {
+                       free(conf->private_key);
+                       conf->private_key = strdup(pos);
+               } else if (strcmp(buf, "private_key_passwd") == 0) {
+                       free(conf->private_key_passwd);
+                       conf->private_key_passwd = strdup(pos);
+               } else if (strcmp(buf, "check_crl") == 0) {
+                       conf->check_crl = atoi(pos);
+#ifdef EAP_SIM
+               } else if (strcmp(buf, "eap_sim_db") == 0) {
+                       free(conf->eap_sim_db);
+                       conf->eap_sim_db = strdup(pos);
+#endif /* EAP_SIM */
+#endif /* EAP_SERVER */
+               } else if (strcmp(buf, "eap_message") == 0) {
+                       char *term;
+                       conf->eap_req_id_text = strdup(pos);
+                       if (conf->eap_req_id_text == NULL) {
+                               printf("Line %d: Failed to allocate memory "
+                                      "for eap_req_id_text\n", line);
+                               errors++;
+                               continue;
+                       }
+                       conf->eap_req_id_text_len =
+                               strlen(conf->eap_req_id_text);
+                       term = strstr(conf->eap_req_id_text, "\\0");
+                       if (term) {
+                               *term++ = '\0';
+                               memmove(term, term + 1,
+                                       conf->eap_req_id_text_len -
+                                       (term - conf->eap_req_id_text) - 1);
+                               conf->eap_req_id_text_len--;
+                       }
+               } else if (strcmp(buf, "wep_key_len_broadcast") == 0) {
+                       conf->default_wep_key_len = atoi(pos);
+                       if (conf->default_wep_key_len > 13) {
+                               printf("Line %d: invalid WEP key len %lu "
+                                      "(= %lu bits)\n", line,
+                                      (unsigned long)
+                                      conf->default_wep_key_len,
+                                      (unsigned long)
+                                      conf->default_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wep_key_len_unicast") == 0) {
+                       conf->individual_wep_key_len = atoi(pos);
+                       if (conf->individual_wep_key_len < 0 ||
+                           conf->individual_wep_key_len > 13) {
+                               printf("Line %d: invalid WEP key len %d "
+                                      "(= %d bits)\n", line,
+                                      conf->individual_wep_key_len,
+                                      conf->individual_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wep_rekey_period") == 0) {
+                       conf->wep_rekeying_period = atoi(pos);
+                       if (conf->wep_rekeying_period < 0) {
+                               printf("Line %d: invalid period %d\n",
+                                      line, conf->wep_rekeying_period);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "eap_reauth_period") == 0) {
+                       conf->eap_reauth_period = atoi(pos);
+                       if (conf->eap_reauth_period < 0) {
+                               printf("Line %d: invalid period %d\n",
+                                      line, conf->eap_reauth_period);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "eapol_key_index_workaround") == 0) {
+                       conf->eapol_key_index_workaround = atoi(pos);
+#ifdef CONFIG_IAPP
+               } else if (strcmp(buf, "iapp_interface") == 0) {
+                       conf->ieee802_11f = 1;
+                       snprintf(conf->iapp_iface, sizeof(conf->iapp_iface),
+                                "%s", pos);
+#endif /* CONFIG_IAPP */
+               } else if (strcmp(buf, "own_ip_addr") == 0) {
+                       if (hostapd_parse_ip_addr(pos, &conf->own_ip_addr)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "nas_identifier") == 0) {
+                       conf->nas_identifier = strdup(pos);
+               } else if (strcmp(buf, "auth_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &conf->radius->auth_servers,
+                                   &conf->radius->num_auth_servers, pos, 1812,
+                                   &conf->radius->auth_server)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (conf->radius->auth_server &&
+                          strcmp(buf, "auth_server_port") == 0) {
+                       conf->radius->auth_server->port = atoi(pos);
+               } else if (conf->radius->auth_server &&
+                          strcmp(buf, "auth_server_shared_secret") == 0) {
+                       int len = strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               printf("Line %d: empty shared secret is not "
+                                      "allowed.\n", line);
+                               errors++;
+                       }
+                       conf->radius->auth_server->shared_secret =
+                               (u8 *) strdup(pos);
+                       conf->radius->auth_server->shared_secret_len = len;
+               } else if (strcmp(buf, "acct_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &conf->radius->acct_servers,
+                                   &conf->radius->num_acct_servers, pos, 1813,
+                                   &conf->radius->acct_server)) {
+                               printf("Line %d: invalid IP address '%s'\n",
+                                      line, pos);
+                               errors++;
+                       }
+               } else if (conf->radius->acct_server &&
+                          strcmp(buf, "acct_server_port") == 0) {
+                       conf->radius->acct_server->port = atoi(pos);
+               } else if (conf->radius->acct_server &&
+                          strcmp(buf, "acct_server_shared_secret") == 0) {
+                       int len = strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               printf("Line %d: empty shared secret is not "
+                                      "allowed.\n", line);
+                               errors++;
+                       }
+                       conf->radius->acct_server->shared_secret =
+                               (u8 *) strdup(pos);
+                       conf->radius->acct_server->shared_secret_len = len;
+               } else if (strcmp(buf, "radius_retry_primary_interval") == 0) {
+                       conf->radius->retry_primary_interval = atoi(pos);
+               } else if (strcmp(buf, "radius_acct_interim_interval") == 0) {
+                       conf->radius->acct_interim_interval = atoi(pos);
+               } else if (strcmp(buf, "auth_algs") == 0) {
+                       conf->auth_algs = atoi(pos);
+                       if (conf->auth_algs == 0) {
+                               printf("Line %d: no authentication algorithms "
+                                      "allowed\n",
+                                      line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wpa") == 0) {
+                       conf->wpa = atoi(pos);
+               } else if (strcmp(buf, "wpa_group_rekey") == 0) {
+                       conf->wpa_group_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_strict_rekey") == 0) {
+                       conf->wpa_strict_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_gmk_rekey") == 0) {
+                       conf->wpa_gmk_rekey = atoi(pos);
+               } else if (strcmp(buf, "wpa_passphrase") == 0) {
+                       int len = strlen(pos);
+                       if (len < 8 || len > 63) {
+                               printf("Line %d: invalid WPA passphrase length"
+                                      " %d (expected 8..63)\n", line, len);
+                               errors++;
+                       } else {
+                               free(conf->wpa_passphrase);
+                               conf->wpa_passphrase = strdup(pos);
+                       }
+               } else if (strcmp(buf, "wpa_psk") == 0) {
+                       free(conf->wpa_psk);
+                       conf->wpa_psk = malloc(sizeof(struct hostapd_wpa_psk));
+                       if (conf->wpa_psk) {
+                               memset(conf->wpa_psk, 0,
+                                      sizeof(struct hostapd_wpa_psk));
+                       }
+                       if (conf->wpa_psk == NULL)
+                               errors++;
+                       else if (hexstr2bin(pos, conf->wpa_psk->psk, PMK_LEN)
+                                || pos[PMK_LEN * 2] != '\0') {
+                               printf("Line %d: Invalid PSK '%s'.\n", line,
+                                      pos);
+                               errors++;
+                       } else {
+                               conf->wpa_psk->group = 1;
+                       }
+               } else if (strcmp(buf, "wpa_psk_file") == 0) {
+                       free(conf->wpa_psk_file);
+                       conf->wpa_psk_file = strdup(pos);
+                       if (!conf->wpa_psk_file) {
+                               printf("Line %d: allocation failed\n", line);
+                               errors++;
+                       }
+               } else if (strcmp(buf, "wpa_key_mgmt") == 0) {
+                       conf->wpa_key_mgmt =
+                               hostapd_config_parse_key_mgmt(line, pos);
+                       if (conf->wpa_key_mgmt == -1)
+                               errors++;
+               } else if (strcmp(buf, "wpa_pairwise") == 0) {
+                       conf->wpa_pairwise =
+                               hostapd_config_parse_cipher(line, pos);
+                       if (conf->wpa_pairwise == -1 ||
+                           conf->wpa_pairwise == 0)
+                               errors++;
+                       else if (conf->wpa_pairwise &
+                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+                                 WPA_CIPHER_WEP104)) {
+                               printf("Line %d: unsupported pairwise "
+                                      "cipher suite '%s'\n",
+                                      conf->wpa_pairwise, pos);
+                               errors++;
+                       } else {
+                               if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+                                       conf->wpa_group = WPA_CIPHER_TKIP;
+                               else
+                                       conf->wpa_group = WPA_CIPHER_CCMP;
+                       }
+#ifdef CONFIG_RSN_PREAUTH
+               } else if (strcmp(buf, "rsn_preauth") == 0) {
+                       conf->rsn_preauth = atoi(pos);
+               } else if (strcmp(buf, "rsn_preauth_interfaces") == 0) {
+                       conf->rsn_preauth_interfaces = strdup(pos);
+#endif /* CONFIG_RSN_PREAUTH */
+               } else if (strcmp(buf, "ctrl_interface") == 0) {
+                       free(conf->ctrl_interface);
+                       conf->ctrl_interface = strdup(pos);
+               } else if (strcmp(buf, "ctrl_interface_group") == 0) {
+                       struct group *grp;
+                       char *endp;
+                       const char *group = pos;
+
+                       grp = getgrnam(group);
+                       if (grp) {
+                               conf->ctrl_interface_gid = grp->gr_gid;
+                               conf->ctrl_interface_gid_set = 1;
+                               wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
+                                          " (from group name '%s')",
+                                          conf->ctrl_interface_gid, group);
+                               continue;
+                       }
+
+                       /* Group name not found - try to parse this as gid */
+                       conf->ctrl_interface_gid = strtol(group, &endp, 10);
+                       if (*group == '\0' || *endp != '\0') {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
+                                          "'%s'", line, group);
+                               errors++;
+                               continue;
+                       }
+                       conf->ctrl_interface_gid_set = 1;
+                       wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+                                  conf->ctrl_interface_gid);
+#ifdef RADIUS_SERVER
+               } else if (strcmp(buf, "radius_server_clients") == 0) {
+                       free(conf->radius_server_clients);
+                       conf->radius_server_clients = strdup(pos);
+               } else if (strcmp(buf, "radius_server_auth_port") == 0) {
+                       conf->radius_server_auth_port = atoi(pos);
+               } else if (strcmp(buf, "radius_server_ipv6") == 0) {
+                       conf->radius_server_ipv6 = atoi(pos);
+#endif /* RADIUS_SERVER */
+               } else if (strcmp(buf, "test_socket") == 0) {
+                       free(conf->test_socket);
+                       conf->test_socket = strdup(pos);
+               } else if (strcmp(buf, "use_pae_group_addr") == 0) {
+                       conf->use_pae_group_addr = atoi(pos);
+               } else {
+                       printf("Line %d: unknown configuration item '%s'\n",
+                              line, buf);
+                       errors++;
+               }
+       }
+
+       fclose(f);
+
+       if (hostapd_config_read_maclist(accept_mac_file, &conf->accept_mac,
+                                       &conf->num_accept_mac))
+               errors++;
+       free(accept_mac_file);
+       if (hostapd_config_read_maclist(deny_mac_file, &conf->deny_mac,
+                                       &conf->num_deny_mac))
+               errors++;
+       free(deny_mac_file);
+
+#ifdef EAP_SERVER
+       if (hostapd_config_read_eap_user(eap_user_file, conf))
+               errors++;
+       free(eap_user_file);
+#endif /* EAP_SERVER */
+
+       conf->radius->auth_server = conf->radius->auth_servers;
+       conf->radius->acct_server = conf->radius->acct_servers;
+
+       if (hostapd_config_check(conf))
+               errors++;
+
+       if (errors) {
+               printf("%d errors found in configuration file '%s'\n",
+                      errors, fname);
+               hostapd_config_free(conf);
+               conf = NULL;
+       }
+
+       return conf;
+}
+
+
+static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
+                                      int num_servers)
+{
+       int i;
+
+       for (i = 0; i < num_servers; i++) {
+               free(servers[i].shared_secret);
+       }
+       free(servers);
+}
+
+
+static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
+{
+       free(user->identity);
+       free(user->password);
+       free(user);
+}
+
+
+void hostapd_config_free(struct hostapd_config *conf)
+{
+       struct hostapd_wpa_psk *psk, *prev;
+       struct hostapd_eap_user *user, *prev_user;
+
+       if (conf == NULL)
+               return;
+
+       psk = conf->wpa_psk;
+       while (psk) {
+               prev = psk;
+               psk = psk->next;
+               free(prev);
+       }
+
+       free(conf->wpa_passphrase);
+       free(conf->wpa_psk_file);
+
+       user = conf->eap_user;
+       while (user) {
+               prev_user = user;
+               user = user->next;
+               hostapd_config_free_eap_user(prev_user);
+       }
+
+       free(conf->dump_log_name);
+       free(conf->eap_req_id_text);
+       free(conf->accept_mac);
+       free(conf->deny_mac);
+       free(conf->nas_identifier);
+       hostapd_config_free_radius(conf->radius->auth_servers,
+                                  conf->radius->num_auth_servers);
+       hostapd_config_free_radius(conf->radius->acct_servers,
+                                  conf->radius->num_acct_servers);
+       free(conf->rsn_preauth_interfaces);
+       free(conf->ctrl_interface);
+       free(conf->ca_cert);
+       free(conf->server_cert);
+       free(conf->private_key);
+       free(conf->private_key_passwd);
+       free(conf->eap_sim_db);
+       free(conf->radius_server_clients);
+       free(conf->test_socket);
+       free(conf);
+}
+
+
+/* Perform a binary search for given MAC address from a pre-sorted list.
+ * Returns 1 if address is in the list or 0 if not. */
+int hostapd_maclist_found(macaddr *list, int num_entries, u8 *addr)
+{
+       int start, end, middle, res;
+
+       start = 0;
+       end = num_entries - 1;
+
+       while (start <= end) {
+               middle = (start + end) / 2;
+               res = memcmp(list[middle], addr, ETH_ALEN);
+               if (res == 0)
+                       return 1;
+               if (res < 0)
+                       start = middle + 1;
+               else
+                       end = middle - 1;
+       }
+
+       return 0;
+}
+
+
+const u8 * hostapd_get_psk(const struct hostapd_config *conf, const u8 *addr,
+                          const u8 *prev_psk)
+{
+       struct hostapd_wpa_psk *psk;
+       int next_ok = prev_psk == NULL;
+
+       for (psk = conf->wpa_psk; psk != NULL; psk = psk->next) {
+               if (next_ok &&
+                   (psk->group || memcmp(psk->addr, addr, ETH_ALEN) == 0))
+                       return psk->psk;
+
+               if (psk->psk == prev_psk)
+                       next_ok = 1;
+       }
+
+       return NULL;
+}
+
+
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_config *conf, const u8 *identity,
+                    size_t identity_len, int phase2)
+{
+       struct hostapd_eap_user *user = conf->eap_user;
+
+       while (user) {
+               if (!phase2 && user->identity == NULL) {
+                       /* Wildcard match */
+                       break;
+               }
+               if (user->phase2 == !!phase2 &&
+                   user->identity_len == identity_len &&
+                   memcmp(user->identity, identity, identity_len) == 0)
+                       break;
+               user = user->next;
+       }
+
+       return user;
+}
diff --git a/contrib/hostapd-0.4.9/config.h b/contrib/hostapd-0.4.9/config.h
new file mode 100644 (file)
index 0000000..df411a5
--- /dev/null
@@ -0,0 +1,160 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include "config_types.h"
+
+typedef u8 macaddr[ETH_ALEN];
+
+struct hostapd_radius_servers;
+
+#define PMK_LEN 32
+struct hostapd_wpa_psk {
+       struct hostapd_wpa_psk *next;
+       int group;
+       u8 psk[PMK_LEN];
+       u8 addr[ETH_ALEN];
+};
+
+#define EAP_USER_MAX_METHODS 8
+struct hostapd_eap_user {
+       struct hostapd_eap_user *next;
+       u8 *identity;
+       size_t identity_len;
+       u8 methods[EAP_USER_MAX_METHODS];
+       u8 *password;
+       size_t password_len;
+       int phase2;
+       int force_version;
+};
+
+struct hostapd_config {
+       char iface[IFNAMSIZ + 1];
+       char bridge[IFNAMSIZ + 1];
+
+       const struct driver_ops *driver;
+
+       enum {
+               HOSTAPD_LEVEL_DEBUG_VERBOSE = 0,
+               HOSTAPD_LEVEL_DEBUG = 1,
+               HOSTAPD_LEVEL_INFO = 2,
+               HOSTAPD_LEVEL_NOTICE = 3,
+               HOSTAPD_LEVEL_WARNING = 4
+       } logger_syslog_level, logger_stdout_level;
+
+#define HOSTAPD_MODULE_IEEE80211 BIT(0)
+#define HOSTAPD_MODULE_IEEE8021X BIT(1)
+#define HOSTAPD_MODULE_RADIUS BIT(2)
+#define HOSTAPD_MODULE_WPA BIT(3)
+#define HOSTAPD_MODULE_DRIVER BIT(4)
+#define HOSTAPD_MODULE_IAPP BIT(5)
+       unsigned int logger_syslog; /* module bitfield */
+       unsigned int logger_stdout; /* module bitfield */
+
+       enum { HOSTAPD_DEBUG_NO = 0, HOSTAPD_DEBUG_MINIMAL = 1,
+              HOSTAPD_DEBUG_VERBOSE = 2,
+              HOSTAPD_DEBUG_MSGDUMPS = 3,
+              HOSTAPD_DEBUG_EXCESSIVE = 4 } debug; /* debug verbosity level */
+       char *dump_log_name; /* file name for state dump (SIGUSR1) */
+
+       int ieee802_1x; /* use IEEE 802.1X */
+       int eapol_version;
+       int eap_server; /* Use internal EAP server instead of external
+                        * RADIUS server */
+       struct hostapd_eap_user *eap_user;
+       char *eap_sim_db;
+       struct hostapd_ip_addr own_ip_addr;
+       char *nas_identifier;
+       struct hostapd_radius_servers *radius;
+
+#define HOSTAPD_SSID_LEN 32
+       char ssid[HOSTAPD_SSID_LEN + 1];
+       size_t ssid_len;
+       int ssid_set;
+       char *eap_req_id_text; /* optional displayable message sent with
+                               * EAP Request-Identity */
+       size_t eap_req_id_text_len;
+       int eapol_key_index_workaround;
+
+       size_t default_wep_key_len;
+       int individual_wep_key_len;
+       int wep_rekeying_period;
+       int eap_reauth_period;
+
+       int ieee802_11f; /* use IEEE 802.11f (IAPP) */
+       char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
+                                       * frames */
+
+       u8 assoc_ap_addr[ETH_ALEN];
+       int assoc_ap; /* whether assoc_ap_addr is set */
+
+       enum {
+               ACCEPT_UNLESS_DENIED = 0,
+               DENY_UNLESS_ACCEPTED = 1,
+               USE_EXTERNAL_RADIUS_AUTH = 2
+       } macaddr_acl;
+       macaddr *accept_mac;
+       int num_accept_mac;
+       macaddr *deny_mac;
+       int num_deny_mac;
+
+#define HOSTAPD_AUTH_OPEN BIT(0)
+#define HOSTAPD_AUTH_SHARED_KEY BIT(1)
+       int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
+                       * algorithms */
+
+#define HOSTAPD_WPA_VERSION_WPA BIT(0)
+#define HOSTAPD_WPA_VERSION_WPA2 BIT(1)
+       int wpa;
+       struct hostapd_wpa_psk *wpa_psk;
+       char *wpa_passphrase;
+       char *wpa_psk_file;
+#define WPA_KEY_MGMT_IEEE8021X BIT(0)
+#define WPA_KEY_MGMT_PSK BIT(1)
+       int wpa_key_mgmt;
+#define WPA_CIPHER_NONE BIT(0)
+#define WPA_CIPHER_WEP40 BIT(1)
+#define WPA_CIPHER_WEP104 BIT(2)
+#define WPA_CIPHER_TKIP BIT(3)
+#define WPA_CIPHER_CCMP BIT(4)
+       int wpa_pairwise;
+       int wpa_group;
+       int wpa_group_rekey;
+       int wpa_strict_rekey;
+       int wpa_gmk_rekey;
+       int rsn_preauth;
+       char *rsn_preauth_interfaces;
+
+       char *ctrl_interface; /* directory for UNIX domain sockets */
+       gid_t ctrl_interface_gid;
+       int ctrl_interface_gid_set;
+
+       char *ca_cert;
+       char *server_cert;
+       char *private_key;
+       char *private_key_passwd;
+       int check_crl;
+
+       char *radius_server_clients;
+       int radius_server_auth_port;
+       int radius_server_ipv6;
+
+       char *test_socket; /* UNIX domain socket path for driver_test */
+
+       int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group
+                                * address instead of individual address
+                                * (for driver_wired.c).
+                                */
+};
+
+
+struct hostapd_config * hostapd_config_read(const char *fname);
+void hostapd_config_free(struct hostapd_config *conf);
+int hostapd_maclist_found(macaddr *list, int num_entries, u8 *addr);
+const u8 * hostapd_get_psk(const struct hostapd_config *conf, const u8 *addr,
+                          const u8 *prev_psk);
+int hostapd_setup_wpa_psk(struct hostapd_config *conf);
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_config *conf, const u8 *identity,
+                    size_t identity_len, int phase2);
+
+#endif /* CONFIG_H */
diff --git a/contrib/hostapd-0.4.9/config_types.h b/contrib/hostapd-0.4.9/config_types.h
new file mode 100644 (file)
index 0000000..12b57cb
--- /dev/null
@@ -0,0 +1,14 @@
+#ifndef CONFIG_TYPES_H
+#define CONFIG_TYPES_H
+
+struct hostapd_ip_addr {
+       union {
+               struct in_addr v4;
+#ifdef CONFIG_IPV6
+               struct in6_addr v6;
+#endif /* CONFIG_IPV6 */
+       } u;
+       int af; /* AF_INET / AF_INET6 */
+};
+
+#endif /* CONFIG_TYPES_H */
diff --git a/contrib/hostapd-0.4.9/crypto.c b/contrib/hostapd-0.4.9/crypto.c
new file mode 100644 (file)
index 0000000..1b13671
--- /dev/null
@@ -0,0 +1,157 @@
+/*
+ * WPA Supplicant / wrapper functions for libcrypto
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+
+#include <openssl/opensslv.h>
+#include <openssl/md4.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/des.h>
+#include <openssl/aes.h>
+
+#include "common.h"
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000
+#define DES_key_schedule des_key_schedule
+#define DES_cblock des_cblock
+#define DES_set_key(key, schedule) des_set_key((key), *(schedule))
+#define DES_ecb_encrypt(input, output, ks, enc) \
+       des_ecb_encrypt((input), (output), *(ks), (enc))
+#endif /* openssl < 0.9.7 */
+
+
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       MD4_CTX ctx;
+       int i;
+
+       MD4_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               MD4_Update(&ctx, addr[i], len[i]);
+       MD4_Final(mac, &ctx);
+}
+
+
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+       u8 pkey[8], next, tmp;
+       int i;
+       DES_key_schedule ks;
+
+       /* Add parity bits to the key */
+       next = 0;
+       for (i = 0; i < 7; i++) {
+               tmp = key[i];
+               pkey[i] = (tmp >> i) | next | 1;
+               next = tmp << (7 - i);
+       }
+       pkey[i] = next | 1;
+
+       DES_set_key(&pkey, &ks);
+       DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
+                       DES_ENCRYPT);
+}
+
+
+#ifdef EAP_TLS_FUNCS
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       MD5_CTX ctx;
+       int i;
+
+       MD5_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               MD5_Update(&ctx, addr[i], len[i]);
+       MD5_Final(mac, &ctx);
+}
+
+
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+       SHA_CTX ctx;
+       int i;
+
+       SHA1_Init(&ctx);
+       for (i = 0; i < num_elem; i++)
+               SHA1_Update(&ctx, addr[i], len[i]);
+       SHA1_Final(mac, &ctx);
+}
+
+
+void sha1_transform(u8 *state, const u8 data[64])
+{
+       SHA_CTX context;
+       memset(&context, 0, sizeof(context));
+       memcpy(&context.h0, state, 5 * 4);
+       SHA1_Transform(&context, data);
+       memcpy(state, &context.h0, 5 * 4);
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+       AES_KEY *ak;
+       ak = malloc(sizeof(*ak));
+       if (ak == NULL)
+               return NULL;
+       if (AES_set_encrypt_key(key, 8 * len, ak) < 0) {
+               free(ak);
+               return NULL;
+       }
+       return ak;
+}
+
+
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+       AES_encrypt(plain, crypt, ctx);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+       free(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+       AES_KEY *ak;
+       ak = malloc(sizeof(*ak));
+       if (ak == NULL)
+               return NULL;
+       if (AES_set_decrypt_key(key, 8 * len, ak) < 0) {
+               free(ak);
+               return NULL;
+       }
+       return ak;
+}
+
+
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+       AES_decrypt(crypt, plain, ctx);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+       free(ctx);
+}
+#endif /* EAP_TLS_FUNCS */
diff --git a/contrib/hostapd-0.4.9/crypto.h b/contrib/hostapd-0.4.9/crypto.h
new file mode 100644 (file)
index 0000000..e664861
--- /dev/null
@@ -0,0 +1,123 @@
+/*
+ * WPA Supplicant / wrapper functions for crypto libraries
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * This file defines the cryptographic functions that need to be implemented
+ * for wpa_supplicant and hostapd. When TLS is not used, internal
+ * implementation of MD5, SHA1, and AES is used and no external libraries are
+ * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the
+ * crypto library used by the TLS implementation is expected to be used for
+ * non-TLS needs, too, in order to save space by not implementing these
+ * functions twice.
+ *
+ * Wrapper code for using each crypto library is in its own file (crypto*.c)
+ * and one of these files is build and linked in to provide the functions
+ * defined here.
+ */
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+/**
+ * md4_vector - MD4 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * md5_vector - MD5 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
+
+/**
+ * sha1_vector - SHA-1 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ */
+void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+                u8 *mac);
+
+/**
+ * sha1_transform - Perform one SHA-1 transform step
+ * @state: SHA-1 state
+ * @data: Input data for the SHA-1 transform
+ *
+ * This function is used to implement random number generation specified in
+ * NIST FIPS Publication 186-2 for EAP-SIM. This PRF uses a function that is
+ * similar to SHA-1, but has different message padding and as such, access to
+ * just part of the SHA-1 is needed.
+ */
+void sha1_transform(u8 *state, const u8 data[64]);
+
+/**
+ * des_encrypt - Encrypt one block with DES
+ * @clear: 8 octets (in)
+ * @key: 7 octets (in) (no parity bits included)
+ * @cypher: 8 octets (out)
+ */
+void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher);
+
+/**
+ * aes_encrypt_init - Initialize AES for encryption
+ * @key: Encryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_encrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_encrypt - Encrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @plain: Plaintext data to be encrypted (16 bytes)
+ * @crypt: Buffer for the encrypted data (16 bytes)
+ */
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
+
+/**
+ * aes_encrypt_deinit - Deinitialize AES encryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_encrypt_deinit(void *ctx);
+
+/**
+ * aes_decrypt_init - Initialize AES for decryption
+ * @key: Decryption key
+ * @len: Key length in bytes (usually 16, i.e., 128 bits)
+ * Returns: Pointer to context data or %NULL on failure
+ */
+void * aes_decrypt_init(const u8 *key, size_t len);
+
+/**
+ * aes_decrypt - Decrypt one AES block
+ * @ctx: Context pointer from aes_encrypt_init()
+ * @crypt: Encrypted data (16 bytes)
+ * @plain: Buffer for the decrypted data (16 bytes)
+ */
+void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
+
+/**
+ * aes_decrypt_deinit - Deinitialize AES decryption
+ * @ctx: Context pointer from aes_encrypt_init()
+ */
+void aes_decrypt_deinit(void *ctx);
+
+
+#endif /* CRYPTO_H */
diff --git a/contrib/hostapd-0.4.9/ctrl_iface.c b/contrib/hostapd-0.4.9/ctrl_iface.c
new file mode 100644 (file)
index 0000000..ff730d4
--- /dev/null
@@ -0,0 +1,456 @@
+/*
+ * Host AP (software wireless LAN access point) user space daemon for
+ * Host AP kernel driver / UNIX domain socket -based control interface
+ * Copyright (c) 2004, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/uio.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#include "hostapd.h"
+#include "eloop.h"
+#include "config.h"
+#include "eapol_sm.h"
+#include "ieee802_1x.h"
+#include "wpa.h"
+#include "radius_client.h"
+#include "ieee802_11.h"
+#include "ctrl_iface.h"
+#include "sta_info.h"
+
+
+struct wpa_ctrl_dst {
+       struct wpa_ctrl_dst *next;
+       struct sockaddr_un addr;
+       socklen_t addrlen;
+       int debug_level;
+       int errors;
+};
+
+
+static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
+                                    struct sockaddr_un *from,
+                                    socklen_t fromlen)
+{
+       struct wpa_ctrl_dst *dst;
+
+       dst = malloc(sizeof(*dst));
+       if (dst == NULL)
+               return -1;
+       memset(dst, 0, sizeof(*dst));
+       memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
+       dst->addrlen = fromlen;
+       dst->debug_level = MSG_INFO;
+       dst->next = hapd->ctrl_dst;
+       hapd->ctrl_dst = dst;
+       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached",
+                   (u8 *) from->sun_path, fromlen);
+       return 0;
+}
+
+
+static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd,
+                                    struct sockaddr_un *from,
+                                    socklen_t fromlen)
+{
+       struct wpa_ctrl_dst *dst, *prev = NULL;
+
+       dst = hapd->ctrl_dst;
+       while (dst) {
+               if (fromlen == dst->addrlen &&
+                   memcmp(from->sun_path, dst->addr.sun_path, fromlen) == 0) {
+                       if (prev == NULL)
+                               hapd->ctrl_dst = dst->next;
+                       else
+                               prev->next = dst->next;
+                       free(dst);
+                       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
+                                   (u8 *) from->sun_path, fromlen);
+                       return 0;
+               }
+               prev = dst;
+               dst = dst->next;
+       }
+       return -1;
+}
+
+
+static int hostapd_ctrl_iface_level(struct hostapd_data *hapd,
+                                   struct sockaddr_un *from,
+                                   socklen_t fromlen,
+                                   char *level)
+{
+       struct wpa_ctrl_dst *dst;
+
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
+
+       dst = hapd->ctrl_dst;
+       while (dst) {
+               if (fromlen == dst->addrlen &&
+                   memcmp(from->sun_path, dst->addr.sun_path, fromlen) == 0) {
+                       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor "
+                                   "level", (u8 *) from->sun_path, fromlen);
+                       dst->debug_level = atoi(level);
+                       return 0;
+               }
+               dst = dst->next;
+       }
+
+       return -1;
+}
+
+
+static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
+                                     struct sta_info *sta,
+                                     char *buf, size_t buflen)
+{
+       int len, res;
+
+       if (sta == NULL) {
+               return snprintf(buf, buflen, "FAIL\n");
+       }
+
+       len = 0;
+       len += snprintf(buf + len, buflen - len, MACSTR "\n",
+                       MAC2STR(sta->addr));
+
+       res = ieee802_11_get_mib_sta(hapd, sta, buf + len, buflen - len);
+       if (res >= 0)
+               len += res;
+       res = wpa_get_mib_sta(hapd, sta, buf + len, buflen - len);
+       if (res >= 0)
+               len += res;
+       res = ieee802_1x_get_mib_sta(hapd, sta, buf + len, buflen - len);
+       if (res >= 0)
+               len += res;
+
+       return len;
+}
+
+
+static int hostapd_ctrl_iface_sta_first(struct hostapd_data *hapd,
+                                       char *buf, size_t buflen)
+{
+       return hostapd_ctrl_iface_sta_mib(hapd, hapd->sta_list, buf, buflen);
+}
+
+
+static int hostapd_ctrl_iface_sta(struct hostapd_data *hapd,
+                                 const char *txtaddr,
+                                 char *buf, size_t buflen)
+{
+       u8 addr[ETH_ALEN];
+
+       if (hwaddr_aton(txtaddr, addr))
+               return snprintf(buf, buflen, "FAIL\n");
+       return hostapd_ctrl_iface_sta_mib(hapd, ap_get_sta(hapd, addr),
+                                         buf, buflen);
+}
+
+
+static int hostapd_ctrl_iface_sta_next(struct hostapd_data *hapd,
+                                      const char *txtaddr,
+                                      char *buf, size_t buflen)
+{
+       u8 addr[ETH_ALEN];
+       struct sta_info *sta;
+
+       if (hwaddr_aton(txtaddr, addr) ||
+           (sta = ap_get_sta(hapd, addr)) == NULL)
+               return snprintf(buf, buflen, "FAIL\n");
+       return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
+}
+
+
+static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
+                                      void *sock_ctx)
+{
+       struct hostapd_data *hapd = eloop_ctx;
+       char buf[256];
+       int res;
+       struct sockaddr_un from;
+       socklen_t fromlen = sizeof(from);
+       char *reply;
+       const int reply_size = 4096;
+       int reply_len;
+
+       res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+                      (struct sockaddr *) &from, &fromlen);
+       if (res < 0) {
+               perror("recvfrom(ctrl_iface)");
+               return;
+       }
+       buf[res] = '\0';
+       wpa_hexdump_ascii(MSG_DEBUG, "RX ctrl_iface", (u8 *) buf, res);
+
+       reply = malloc(reply_size);
+       if (reply == NULL) {
+               sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+                      fromlen);
+               return;
+       }
+
+       memcpy(reply, "OK\n", 3);
+       reply_len = 3;
+
+       if (strcmp(buf, "PING") == 0) {
+               memcpy(reply, "PONG\n", 5);
+               reply_len = 5;
+       } else if (strcmp(buf, "MIB") == 0) {
+               reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
+               if (reply_len >= 0) {
+                       res = wpa_get_mib(hapd, reply + reply_len,
+                                         reply_size - reply_len);
+                       if (res < 0)
+                               reply_len = -1;
+                       else
+                               reply_len += res;
+               }
+               if (reply_len >= 0) {
+                       res = ieee802_1x_get_mib(hapd, reply + reply_len,
+                                                reply_size - reply_len);
+                       if (res < 0)
+                               reply_len = -1;
+                       else
+                               reply_len += res;
+               }
+               if (reply_len >= 0) {
+                       res = radius_client_get_mib(hapd->radius,
+                                                   reply + reply_len,
+                                                   reply_size - reply_len);
+                       if (res < 0)
+                               reply_len = -1;
+                       else
+                               reply_len += res;
+               }
+       } else if (strcmp(buf, "STA-FIRST") == 0) {
+               reply_len = hostapd_ctrl_iface_sta_first(hapd, reply,
+                                                        reply_size);
+       } else if (strncmp(buf, "STA ", 4) == 0) {
+               reply_len = hostapd_ctrl_iface_sta(hapd, buf + 4, reply,
+                                                  reply_size);
+       } else if (strncmp(buf, "STA-NEXT ", 9) == 0) {
+               reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
+                                                       reply_size);
+       } else if (strcmp(buf, "ATTACH") == 0) {
+               if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
+                       reply_len = -1;
+       } else if (strcmp(buf, "DETACH") == 0) {
+               if (hostapd_ctrl_iface_detach(hapd, &from, fromlen))
+                       reply_len = -1;
+       } else if (strncmp(buf, "LEVEL ", 6) == 0) {
+               if (hostapd_ctrl_iface_level(hapd, &from, fromlen,
+                                                   buf + 6))
+                       reply_len = -1;
+       } else {
+               memcpy(reply, "UNKNOWN COMMAND\n", 16);
+               reply_len = 16;
+       }
+
+       if (reply_len < 0) {
+               memcpy(reply, "FAIL\n", 5);
+               reply_len = 5;
+       }
+       sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, fromlen);
+       free(reply);
+}
+
+
+static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd)
+{
+       char *buf;
+       size_t len;
+
+       if (hapd->conf->ctrl_interface == NULL)
+               return NULL;
+
+       len = strlen(hapd->conf->ctrl_interface) + strlen(hapd->conf->iface) +
+               2;
+       buf = malloc(len);
+       if (buf == NULL)
+               return NULL;
+
+       snprintf(buf, len, "%s/%s",
+                hapd->conf->ctrl_interface, hapd->conf->iface);
+       return buf;
+}
+
+
+int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
+{
+       struct sockaddr_un addr;
+       int s = -1;
+       char *fname = NULL;
+
+       hapd->ctrl_sock = -1;
+
+       if (hapd->conf->ctrl_interface == NULL)
+               return 0;
+
+       if (mkdir(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) {
+               if (errno == EEXIST) {
+                       wpa_printf(MSG_DEBUG, "Using existing control "
+                                  "interface directory.");
+               } else {
+                       perror("mkdir[ctrl_interface]");
+                       goto fail;
+               }
+       }
+
+       if (hapd->conf->ctrl_interface_gid_set &&
+           chown(hapd->conf->ctrl_interface, 0,
+                 hapd->conf->ctrl_interface_gid) < 0) {
+               perror("chown[ctrl_interface]");
+               return -1;
+       }
+
+       if (strlen(hapd->conf->ctrl_interface) + 1 + strlen(hapd->conf->iface)
+           >= sizeof(addr.sun_path))
+               goto fail;
+
+       s = socket(PF_UNIX, SOCK_DGRAM, 0);
+       if (s < 0) {
+               perror("socket(PF_UNIX)");
+               goto fail;
+       }
+
+       memset(&addr, 0, sizeof(addr));
+       addr.sun_family = AF_UNIX;
+       fname = hostapd_ctrl_iface_path(hapd);
+       if (fname == NULL)
+               goto fail;
+       strncpy(addr.sun_path, fname, sizeof(addr.sun_path));
+       if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+               perror("bind(PF_UNIX)");
+               goto fail;
+       }
+
+       if (hapd->conf->ctrl_interface_gid_set &&
+           chown(fname, 0, hapd->conf->ctrl_interface_gid) < 0) {
+               perror("chown[ctrl_interface/ifname]");
+               goto fail;
+       }
+
+       if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
+               perror("chmod[ctrl_interface/ifname]");
+               goto fail;
+       }
+       free(fname);
+
+       hapd->ctrl_sock = s;
+       eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd,
+                                NULL);
+
+       return 0;
+
+fail:
+       if (s >= 0)
+               close(s);
+       if (fname) {
+               unlink(fname);
+               free(fname);
+       }
+       return -1;
+}
+
+
+void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd)
+{
+       struct wpa_ctrl_dst *dst, *prev;
+
+       if (hapd->ctrl_sock > -1) {
+               char *fname;
+               eloop_unregister_read_sock(hapd->ctrl_sock);
+               close(hapd->ctrl_sock);
+               hapd->ctrl_sock = -1;
+               fname = hostapd_ctrl_iface_path(hapd);
+               if (fname)
+                       unlink(fname);
+               free(fname);
+
+               if (hapd->conf->ctrl_interface &&
+                   rmdir(hapd->conf->ctrl_interface) < 0) {
+                       if (errno == ENOTEMPTY) {
+                               wpa_printf(MSG_DEBUG, "Control interface "
+                                          "directory not empty - leaving it "
+                                          "behind");
+                       } else {
+                               perror("rmdir[ctrl_interface]");
+                       }
+               }
+       }
+
+       dst = hapd->ctrl_dst;
+       while (dst) {
+               prev = dst;
+               dst = dst->next;
+               free(prev);
+       }
+}
+
+
+void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+                            char *buf, size_t len)
+{
+       struct wpa_ctrl_dst *dst, *next;
+       struct msghdr msg;
+       int idx;
+       struct iovec io[2];
+       char levelstr[10];
+
+       dst = hapd->ctrl_dst;
+       if (hapd->ctrl_sock < 0 || dst == NULL)
+               return;
+
+       snprintf(levelstr, sizeof(levelstr), "<%d>", level);
+       io[0].iov_base = levelstr;
+       io[0].iov_len = strlen(levelstr);
+       io[1].iov_base = buf;
+       io[1].iov_len = len;
+       memset(&msg, 0, sizeof(msg));
+       msg.msg_iov = io;
+       msg.msg_iovlen = 2;
+
+       idx = 0;
+       while (dst) {
+               next = dst->next;
+               if (level >= dst->debug_level) {
+                       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor send",
+                                   (u8 *) dst->addr.sun_path, dst->addrlen);
+                       msg.msg_name = &dst->addr;
+                       msg.msg_namelen = dst->addrlen;
+                       if (sendmsg(hapd->ctrl_sock, &msg, 0) < 0) {
+                               fprintf(stderr, "CTRL_IFACE monitor[%d]: ",
+                                       idx);
+                               perror("sendmsg");
+                               dst->errors++;
+                               if (dst->errors > 10) {
+                                       hostapd_ctrl_iface_detach(
+                                               hapd, &dst->addr,
+                                               dst->addrlen);
+                               }
+                       } else
+                               dst->errors = 0;
+               }
+               idx++;
+               dst = next;
+       }
+}
diff --git a/contrib/hostapd-0.4.9/ctrl_iface.h b/contrib/hostapd-0.4.9/ctrl_iface.h
new file mode 100644 (file)
index 0000000..ef1a541
--- /dev/null
@@ -0,0 +1,9 @@
+#ifndef CTRL_IFACE_H
+#define CTRL_IFACE_H
+
+int hostapd_ctrl_iface_init(struct hostapd_data *hapd);
+void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd);
+void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+                            char *buf, size_t len);
+
+#endif /* CTRL_IFACE_H */
diff --git a/contrib/hostapd-0.4.9/defconfig b/contrib/hostapd-0.4.9/defconfig
new file mode 100644 (file)
index 0000000..e8f4e4f
--- /dev/null
@@ -0,0 +1,75 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../head # change to reflect local setup; directory for madwifi src
+
+# Driver interface for Prism54 driver
+#CONFIG_DRIVER_PRISM54=y
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
diff --git a/contrib/hostapd-0.4.9/defs.h b/contrib/hostapd-0.4.9/defs.h
new file mode 100644 (file)
index 0000000..6f9881d
--- /dev/null
@@ -0,0 +1,131 @@
+/*
+ * WPA Supplicant - Common definitions
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DEFS_H
+#define DEFS_H
+
+#ifdef FALSE
+#undef FALSE
+#endif
+#ifdef TRUE
+#undef TRUE
+#endif
+typedef enum { FALSE = 0, TRUE = 1 } Boolean;
+
+
+typedef enum { WPA_ALG_NONE, WPA_ALG_WEP, WPA_ALG_TKIP, WPA_ALG_CCMP } wpa_alg;
+typedef enum { CIPHER_NONE, CIPHER_WEP40, CIPHER_TKIP, CIPHER_CCMP,
+              CIPHER_WEP104 } wpa_cipher;
+typedef enum { KEY_MGMT_802_1X, KEY_MGMT_PSK, KEY_MGMT_NONE,
+              KEY_MGMT_802_1X_NO_WPA, KEY_MGMT_WPA_NONE } wpa_key_mgmt;
+
+/**
+ * enum wpa_states - wpa_supplicant state
+ *
+ * These enumeration values are used to indicate the current wpa_supplicant
+ * state (wpa_s->wpa_state). The current state can be retrieved with
+ * wpa_supplicant_get_state() function and the state can be changed by calling
+ * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the
+ * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used
+ * to access the state variable.
+ */
+typedef enum {
+       /**
+        * WPA_DISCONNECTED - Disconnected state
+        *
+        * This state indicates that client is not associated, but is likely to
+        * start looking for an access point. This state is entered when a
+        * connection is lost.
+        */
+       WPA_DISCONNECTED,
+
+       /**
+        * WPA_INACTIVE - Inactive state (wpa_supplicant disabled)
+        *
+        * This state is entered if there are no enabled networks in the
+        * configuration. wpa_supplicant is not trying to associate with a new
+        * network and external interaction (e.g., ctrl_iface call to add or
+        * enable a network) is needed to start association.
+        */
+       WPA_INACTIVE,
+
+       /**
+        * WPA_SCANNING - Scanning for a network
+        *
+        * This state is entered when wpa_supplicant starts scanning for a
+        * network.
+        */
+       WPA_SCANNING,
+
+       /**
+        * WPA_ASSOCIATING - Trying to associate with a BSS/SSID
+        *
+        * This state is entered when wpa_supplicant has found a suitable BSS
+        * to associate with and the driver is configured to try to associate
+        * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this
+        * state is entered when the driver is configured to try to associate
+        * with a network using the configured SSID and security policy.
+        */
+       WPA_ASSOCIATING,
+
+       /**
+        * WPA_ASSOCIATED - Association completed
+        *
+        * This state is entered when the driver reports that association has
+        * been successfully completed with an AP. If IEEE 802.1X is used
+        * (with or without WPA/WPA2), wpa_supplicant remains in this state
+        * until the IEEE 802.1X/EAPOL authentication has been completed.
+        */
+       WPA_ASSOCIATED,
+
+       /**
+        * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress
+        *
+        * This state is entered when WPA/WPA2 4-Way Handshake is started. In
+        * case of WPA-PSK, this happens when receiving the first EAPOL-Key
+        * frame after association. In case of WPA-EAP, this state is entered
+        * when the IEEE 802.1X/EAPOL authentication has been completed.
+        */
+       WPA_4WAY_HANDSHAKE,
+
+       /**
+        * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress
+        *
+        * This state is entered when 4-Way Key Handshake has been completed
+        * (i.e., when the supplicant sends out message 4/4) and when Group
+        * Key rekeying is started by the AP (i.e., when supplicant receives
+        * message 1/2).
+        */
+       WPA_GROUP_HANDSHAKE,
+
+       /**
+        * WPA_COMPLETED - All authentication completed
+        *
+        * This state is entered when the full authentication process is
+        * completed. In case of WPA2, this happens when the 4-Way Handshake is
+        * successfully completed. With WPA, this state is entered after the
+        * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is
+        * completed after dynamic keys are received (or if not used, after
+        * the EAP authentication has been completed). With static WEP keys and
+        * plaintext connections, this state is entered when an association
+        * has been completed.
+        *
+        * This state indicates that the supplicant has completed its
+        * processing for the association phase and that data connection is
+        * fully configured.
+        */
+       WPA_COMPLETED
+} wpa_states;
+
+#endif /* DEFS_H */
diff --git a/contrib/hostapd-0.4.9/developer.txt b/contrib/hostapd-0.4.9/developer.txt
new file mode 100644 (file)
index 0000000..e1d3163
--- /dev/null
@@ -0,0 +1,219 @@
+Developer notes for hostapd
+===========================
+
+hostapd daemon setup, operations, and shutdown
+----------------------------------------------
+
+Files: hostapd.[ch]
+
+Externally called functions:
+  hostapd_new_assoc_sta() is called when a station associates with the AP
+
+Event loop functions:
+  handle_term() is called on SIGINT and SIGTERM to terminate hostapd process
+  handle_reload() is called on SIGHUP to reload configuration
+  handle_dump_state() is called on SIGUSR1 to dump station state data to a
+       text file
+  hostapd_rotate_wep() is called to periodically change WEP keys
+
+
+Configuration parsing
+---------------------
+
+Configuration file parsing and data structure definition.
+
+Files: config.[ch]
+
+Externally called functions:
+  hostapd_config_read() is called to read and parse a configuration file;
+       allocates and returns configuration data structure
+  hostapd_config_free() is called to free configuration data structure
+  hostapd_maclist_found() is called to check whether a given address is found
+       in a list of MAC addresses
+
+
+Kernel driver access
+--------------------
+
+Helper functions for configuring the Host AP kernel driver and
+accessing data from it.
+
+Files: driver.[ch]
+
+
+IEEE 802.11 frame handling (netdevice wlan#ap)
+----------------------------------------------
+
+Receive all incoming IEEE 802.11 frames from the kernel driver via
+wlan#ap interface.
+
+Files: receive.c
+
+Externally called functions:
+  hostapd_init_sockets() is called to initialize sockets for receiving and
+       sending IEEE 802.11 frames via wlan#ap interface
+
+Event loop functions:
+  handle_read() is called for each incoming packet from wlan#ap net device
+
+
+Station table
+-------------
+
+Files: sta_info.[ch], ap.h
+
+Event loop functions:
+  ap_handle_timer() is called to check station activity and to remove
+       inactive stations
+
+
+IEEE 802.11 management
+----------------------
+
+IEEE 802.11 management frame sending and processing (mainly,
+authentication and association). IEEE 802.11 station functionality
+(authenticate and associate with another AP as an station).
+
+Files: ieee802_11.[ch]
+
+Externally called functions:
+  ieee802_11_mgmt() is called for each received IEEE 802.11 management frame
+       (from handle_frame() in hostapd.c)
+  ieee802_11_mgmt_cb() is called for each received TX callback of IEEE 802.11
+       management frame (from handle_tx_callback() in hostapd.c)
+  ieee802_11_send_deauth() is called to send deauthentication frame
+  ieee802_11_send_disassoc() is called to send disassociation frame
+  ieee802_11_parse_elems() is used to parse information elements in
+       IEEE 802.11 management frames
+
+Event loop functions:
+  ieee802_11_sta_authenticate() called to retry authentication (with another
+       AP)
+  ieee802_11_sta_associate() called to retry association (with another AP)
+
+
+IEEE 802.11 authentication
+--------------------------
+
+Access control list for IEEE 802.11 authentication. Uses staticly
+configured ACL from configuration files or an external RADIUS
+server. Results from external RADIUS queries are cached to allow
+faster authentication frame processing.
+
+Files: ieee802_11_auth.[ch]
+
+Externally called functions:
+  hostapd_acl_init() called once during hostapd startup
+  hostapd_acl_deinit() called once during hostapd shutdown
+  hostapd_acl_recv_radius() called by IEEE 802.1X code for incoming RADIUS
+       Authentication messages (returns 0 if message was processed)
+  hostapd_allowed_address() called to check whether a specified station can be
+       authenticated
+
+Event loop functions:
+  hostapd_acl_expire() is called to expire ACL cache entries
+
+
+IEEE 802.1X Authenticator
+-------------------------
+
+Files: ieee802_1x.[ch]
+
+
+Externally called functions:
+  ieee802_1x_receive() is called for each incoming EAPOL frame from the
+       wireless interface
+  ieee802_1x_new_station() is called to start IEEE 802.1X authentication when
+       a new station completes IEEE 802.11 association
+
+Event loop functions:
+  ieee802_1x_receive_auth() called for each incoming RADIUS Authentication
+       message
+
+
+EAPOL state machine
+-------------------
+
+IEEE 802.1X state machine for EAPOL.
+
+Files: eapol_sm.[ch]
+
+Externally called functions:
+  eapol_sm_step() is called to advance EAPOL state machines after any change
+       that could affect their state
+
+Event loop functions:
+  eapol_port_timers_tick() called once per second to advance Port Timers state
+       machine
+
+
+IEEE 802.11f (IAPP)
+-------------------
+
+Files: iapp.[ch]
+
+Externally called functions:
+  iapp_new_station() is called to start accounting session when a new station
+       completes IEEE 802.11 association or IEEE 802.1X authentication
+
+Event loop functions:
+  iapp_receive_udp() is called for incoming IAPP frames over UDP
+
+
+Per station accounting
+----------------------
+
+Send RADIUS Accounting start and stop messages to a RADIUS Accounting
+server. Process incoming RADIUS Accounting messages.
+
+Files: accounting.[ch]
+
+Externally called functions:
+  accounting_init() called once during hostapd startup
+  accounting_deinit() called once during hostapd shutdown
+  accounting_sta_start() called when a station starts new session
+  accounting_sta_stop() called when a station session is terminated
+
+Event loop functions:
+  accounting_receive() called for each incoming RADIUS Accounting message
+  accounting_list_timer() called to retransmit accounting messages and to
+       remove expired entries
+
+
+RADIUS messages
+---------------
+
+RADIUS message generation and parsing functions.
+
+Files: radius.[ch]
+
+
+Event loop
+----------
+
+Event loop for registering timeout calls, signal handlers, and socket
+read events.
+
+Files: eloop.[ch]
+
+
+RC4
+---
+
+RC4 encryption
+
+Files: rc4.[ch]
+
+
+MD5
+---
+
+MD5 hash and HMAC-MD5.
+
+Files: md5.[ch]
+
+
+Miscellaneous helper functions
+------------------------------
+
+Files: common.[ch]
diff --git a/contrib/hostapd-0.4.9/driver.h b/contrib/hostapd-0.4.9/driver.h
new file mode 100644 (file)
index 0000000..ed9ecbf
--- /dev/null
@@ -0,0 +1,271 @@
+#ifndef DRIVER_H
+#define DRIVER_H
+
+struct driver_ops {
+       const char *name;               /* as appears in the config file */
+
+       int (*init)(struct hostapd_data *hapd);
+       void (*deinit)(void *priv);
+
+       int (*wireless_event_init)(void *priv);
+       void (*wireless_event_deinit)(void *priv);
+
+       /**
+        * set_8021x - enable/disable IEEE 802.1X support
+        * @priv: driver private data
+        * @enabled: 1 = enable, 0 = disable
+        *
+        * Returns: 0 on success, -1 on failure
+        *
+        * Configure the kernel driver to enable/disable 802.1X support.
+        * This may be an empty function if 802.1X support is always enabled.
+        */
+       int (*set_ieee8021x)(void *priv, int enabled);
+
+       /**
+        * set_privacy - enable/disable privacy
+        * @priv: driver private data
+        * @enabled: 1 = privacy enabled, 0 = disabled
+        *
+        * Return: 0 on success, -1 on failure
+        *
+        * Configure privacy.
+        */
+       int (*set_privacy)(void *priv, int enabled);
+
+       int (*set_encryption)(void *priv, const char *alg, u8 *addr,
+                             int idx, u8 *key, size_t key_len);
+       int (*get_seqnum)(void *priv, u8 *addr, int idx, u8 *seq);
+       int (*flush)(void *priv);
+       int (*set_generic_elem)(void *priv, const u8 *elem, size_t elem_len);
+
+       int (*read_sta_data)(void *priv, struct hostap_sta_driver_data *data,
+                            u8 *addr);
+       int (*send_eapol)(void *priv, u8 *addr, u8 *data, size_t data_len,
+                         int encrypt);
+       int (*set_sta_authorized)(void *driver, u8 *addr, int authorized);
+       int (*sta_deauth)(void *priv, u8 *addr, int reason);
+       int (*sta_disassoc)(void *priv, u8 *addr, int reason);
+       int (*sta_remove)(void *priv, u8 *addr);
+       int (*get_ssid)(void *priv, u8 *buf, int len);
+       int (*set_ssid)(void *priv, u8 *buf, int len);
+       int (*set_countermeasures)(void *priv, int enabled);
+       int (*send_mgmt_frame)(void *priv, const void *msg, size_t len,
+                              int flags);
+       int (*set_assoc_ap)(void *priv, u8 *addr);
+       int (*sta_add)(void *priv, u8 *addr, u16 aid, u16 capability,
+                      u8 tx_supp_rates);
+       int (*get_inact_sec)(void *priv, u8 *addr);
+       int (*sta_clear_stats)(void *priv, u8 *addr);
+};
+
+static inline int
+hostapd_driver_init(struct hostapd_data *hapd)
+{
+       if (hapd->driver == NULL || hapd->driver->init == NULL)
+               return -1;
+       return hapd->driver->init(hapd);
+}
+
+static inline void
+hostapd_driver_deinit(struct hostapd_data *hapd)
+{
+       if (hapd->driver == NULL || hapd->driver->deinit == NULL)
+               return;
+       hapd->driver->deinit(hapd->driver);
+}
+
+static inline int
+hostapd_wireless_event_init(struct hostapd_data *hapd)
+{
+       if (hapd->driver == NULL ||
+           hapd->driver->wireless_event_init == NULL)
+               return 0;
+       return hapd->driver->wireless_event_init(hapd->driver);
+}
+
+static inline void
+hostapd_wireless_event_deinit(struct hostapd_data *hapd)
+{
+       if (hapd->driver == NULL ||
+           hapd->driver->wireless_event_deinit == NULL)
+               return;
+       hapd->driver->wireless_event_deinit(hapd->driver);
+}
+
+static inline int
+hostapd_set_ieee8021x(struct hostapd_data *hapd, int enabled)
+{
+       if (hapd->driver == NULL || hapd->driver->set_ieee8021x == NULL)
+               return 0;
+       return hapd->driver->set_ieee8021x(hapd->driver, enabled);
+}
+
+static inline int
+hostapd_set_privacy(struct hostapd_data *hapd, int enabled)
+{
+       if (hapd->driver == NULL || hapd->driver->set_privacy == NULL)
+               return 0;
+       return hapd->driver->set_privacy(hapd->driver, enabled);
+}
+
+static inline int
+hostapd_set_encryption(struct hostapd_data *hapd, const char *alg, u8 *addr,
+                      int idx, u8 *key, size_t key_len)
+{
+       if (hapd->driver == NULL || hapd->driver->set_encryption == NULL)
+               return 0;
+       return hapd->driver->set_encryption(hapd->driver, alg, addr, idx, key,
+                                           key_len);
+}
+
+static inline int
+hostapd_get_seqnum(struct hostapd_data *hapd, u8 *addr, int idx, u8 *seq)
+{
+       if (hapd->driver == NULL || hapd->driver->get_seqnum == NULL)
+               return 0;
+       return hapd->driver->get_seqnum(hapd->driver, addr, idx, seq);
+}
+
+static inline int
+hostapd_flush(struct hostapd_data *hapd)
+{
+       if (hapd->driver == NULL || hapd->driver->flush == NULL)
+               return 0;
+       return hapd->driver->flush(hapd->driver);
+}
+
+static inline int
+hostapd_set_generic_elem(struct hostapd_data *hapd, const u8 *elem,
+                        size_t elem_len)
+{
+       if (hapd->driver == NULL || hapd->driver->set_generic_elem == NULL)
+               return 0;
+       return hapd->driver->set_generic_elem(hapd->driver, elem, elem_len);
+}
+
+static inline int
+hostapd_read_sta_data(struct hostapd_data *hapd,
+                     struct hostap_sta_driver_data *data, u8 *addr)
+{
+       if (hapd->driver == NULL || hapd->driver->read_sta_data == NULL)
+               return -1;
+       return hapd->driver->read_sta_data(hapd->driver, data, addr);
+}
+
+static inline int
+hostapd_send_eapol(struct hostapd_data *hapd, u8 *addr, u8 *data,
+                  size_t data_len, int encrypt)
+{
+       if (hapd->driver == NULL || hapd->driver->send_eapol == NULL)
+               return 0;
+       return hapd->driver->send_eapol(hapd->driver, addr, data, data_len,
+                                       encrypt);
+}
+
+static inline int
+hostapd_set_sta_authorized(struct hostapd_data *hapd, u8 *addr, int authorized)
+{
+       if (hapd->driver == NULL || hapd->driver->set_sta_authorized == NULL)
+               return 0;
+       return hapd->driver->set_sta_authorized(hapd->driver, addr,
+                                               authorized);
+}
+
+static inline int
+hostapd_sta_deauth(struct hostapd_data *hapd, u8 *addr, int reason)
+{
+       if (hapd->driver == NULL || hapd->driver->sta_deauth == NULL)
+               return 0;
+       return hapd->driver->sta_deauth(hapd->driver, addr, reason);
+}
+
+static inline int
+hostapd_sta_disassoc(struct hostapd_data *hapd, u8 *addr, int reason)
+{
+       if (hapd->driver == NULL || hapd->driver->sta_disassoc == NULL)
+               return 0;
+       return hapd->driver->sta_disassoc(hapd->driver, addr, reason);
+}
+
+static inline int
+hostapd_sta_remove(struct hostapd_data *hapd, u8 *addr)
+{
+       if (hapd->driver == NULL || hapd->driver->sta_remove == NULL)
+               return 0;
+       return hapd->driver->sta_remove(hapd->driver, addr);
+}
+
+static inline int
+hostapd_get_ssid(struct hostapd_data *hapd, u8 *buf, size_t len)
+{
+       if (hapd->driver == NULL || hapd->driver->get_ssid == NULL)
+               return 0;
+       return hapd->driver->get_ssid(hapd->driver, buf, len);
+}
+
+static inline int
+hostapd_set_ssid(struct hostapd_data *hapd, u8 *buf, size_t len)
+{
+       if (hapd->driver == NULL || hapd->driver->set_ssid == NULL)
+               return 0;
+       return hapd->driver->set_ssid(hapd->driver, buf, len);
+}
+
+static inline int
+hostapd_send_mgmt_frame(struct hostapd_data *hapd, const void *msg, size_t len,
+                       int flags)
+{
+       if (hapd->driver == NULL || hapd->driver->send_mgmt_frame == NULL)
+               return 0;
+       return hapd->driver->send_mgmt_frame(hapd->driver, msg, len, flags);
+}
+
+static inline int
+hostapd_set_assoc_ap(struct hostapd_data *hapd, u8 *addr)
+{
+       if (hapd->driver == NULL || hapd->driver->set_assoc_ap == NULL)
+               return 0;
+       return hapd->driver->set_assoc_ap(hapd->driver, addr);
+}
+
+static inline int 
+hostapd_set_countermeasures(struct hostapd_data *hapd, int enabled)
+{
+       if (hapd->driver == NULL || hapd->driver->set_countermeasures == NULL)
+               return 0;
+       return hapd->driver->set_countermeasures(hapd->driver, enabled);
+}
+
+static inline int
+hostapd_sta_add(struct hostapd_data *hapd, u8 *addr, u16 aid, u16 capability,
+               u8 tx_supp_rates)
+{
+       if (hapd->driver == NULL || hapd->driver->sta_add == NULL)
+               return 0;
+       return hapd->driver->sta_add(hapd->driver, addr, aid, capability,
+                                    tx_supp_rates);
+}
+
+static inline int
+hostapd_get_inact_sec(struct hostapd_data *hapd, u8 *addr)
+{
+       if (hapd->driver == NULL || hapd->driver->get_inact_sec == NULL)
+               return 0;
+       return hapd->driver->get_inact_sec(hapd->driver, addr);
+}
+
+
+void driver_register(const char *name, const struct driver_ops *ops);
+void driver_unregister(const char *name);
+const struct driver_ops *driver_lookup(const char *name);
+
+static inline int
+hostapd_sta_clear_stats(struct hostapd_data *hapd, u8 *addr)
+{
+       if (hapd->driver == NULL || hapd->driver->sta_clear_stats == NULL)
+               return 0;
+       return hapd->driver->sta_clear_stats(hapd->driver, addr);
+}
+
+#endif /* DRIVER_H */
diff --git a/contrib/hostapd-0.4.9/driver_wired.c b/contrib/hostapd-0.4.9/driver_wired.c
new file mode 100644 (file)
index 0000000..09eb319
--- /dev/null
@@ -0,0 +1,399 @@
+/*
+ * Host AP (software wireless LAN access point) user space daemon for
+ * Host AP kernel driver / Kernel driver communication
+ * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright (c) 2004, Gunter Burchardt <tira@isx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#ifdef USE_KERNEL_HEADERS
+#include <asm/types.h>
+#include <linux/if_packet.h>
+#include <linux/if_ether.h>   /* The L2 protocols */
+#include <linux/if_arp.h>
+#include <linux/if.h>
+#else /* USE_KERNEL_HEADERS */
+#include <net/if_arp.h>
+#include <net/if.h>
+#include <netpacket/packet.h>
+#endif /* USE_KERNEL_HEADERS */
+
+#include "hostapd.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "driver.h"
+#include "accounting.h"
+
+
+struct wired_driver_data {
+       struct driver_ops ops;
+       struct hostapd_data *hapd;
+
+       int sock; /* raw packet socket for driver access */
+       int dhcp_sock; /* socket for dhcp packets */
+       int use_pae_group_addr;
+};
+
+static const struct driver_ops wired_driver_ops;
+
+
+#define WIRED_EAPOL_MULTICAST_GROUP    {0x01,0x80,0xc2,0x00,0x00,0x03}
+
+
+/* TODO: detecting new devices should eventually be changed from using DHCP
+ * snooping to trigger on any packet from a new layer 2 MAC address, e.g.,
+ * based on ebtables, etc. */
+
+struct dhcp_message {
+       u_int8_t op;
+       u_int8_t htype;
+       u_int8_t hlen;
+       u_int8_t hops;
+       u_int32_t xid;
+       u_int16_t secs;
+       u_int16_t flags;
+       u_int32_t ciaddr;
+       u_int32_t yiaddr;
+       u_int32_t siaddr;
+       u_int32_t giaddr;
+       u_int8_t chaddr[16];
+       u_int8_t sname[64];
+       u_int8_t file[128];
+       u_int32_t cookie;
+       u_int8_t options[308]; /* 312 - cookie */
+};
+
+
+static void wired_possible_new_sta(struct hostapd_data *hapd, u8 *addr)
+{
+       struct sta_info *sta;
+
+       sta = ap_get_sta(hapd, addr);
+       if (sta)
+               return;
+
+       HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Data frame from unknown STA "
+                     MACSTR " - adding a new STA\n", MAC2STR(addr));
+       sta = ap_sta_add(hapd, addr);
+       if (sta) {
+               hostapd_new_assoc_sta(hapd, sta, 0);
+               accounting_sta_get_id(hapd, sta);
+       } else {
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Failed to add STA entry "
+                             "for " MACSTR "\n", MAC2STR(addr));
+       }
+}
+
+
+static void handle_data(struct hostapd_data *hapd, unsigned char *buf,
+                       size_t len)
+{
+       struct ieee8023_hdr *hdr;
+       u8 *pos, *sa;
+       size_t left;
+
+       /* must contain at least ieee8023_hdr 6 byte source, 6 byte dest,
+        * 2 byte ethertype */
+       if (len < 14) {
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "handle_data: too short "
+                             "(%lu)\n", (unsigned long) len);
+               return;
+       }
+
+       hdr = (struct ieee8023_hdr *) buf;
+
+       switch (ntohs(hdr->ethertype)) {
+               case ETH_P_PAE:
+                       HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE,
+                                     "Received EAPOL packet\n");
+                       sa = hdr->src;
+                       wired_possible_new_sta(hapd, sa);
+
+                       pos = (u8 *) (hdr + 1);
+                       left = len - sizeof(*hdr);
+
+                       ieee802_1x_receive(hapd, sa, pos, left);
+               break;
+
+       default:
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
+                             "Unknown ethertype 0x%04x in data frame\n",
+                             ntohs(hdr->ethertype));
+               break;
+       }
+}
+
+
+static void handle_read(int sock, void *eloop_ctx, void *sock_ctx)
+{
+       struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+       int len;
+       unsigned char buf[3000];
+
+       len = recv(sock, buf, sizeof(buf), 0);
+       if (len < 0) {
+               perror("recv");
+               return;
+       }
+       
+       handle_data(hapd, buf, len);
+}
+
+
+static void handle_dhcp(int sock, void *eloop_ctx, void *sock_ctx)
+{
+       struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+       int len;
+       unsigned char buf[3000];
+       struct dhcp_message *msg;
+       u8 *mac_address;
+
+       len = recv(sock, buf, sizeof(buf), 0);
+       if (len < 0) {
+               perror("recv"); 
+               return;
+       }
+
+       /* must contain at least dhcp_message->chaddr */
+       if (len < 44) {
+               HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "handle_dhcp: too short "
+                             "(%d)\n", len);
+               return;
+       }
+       
+       msg = (struct dhcp_message *) buf;
+       mac_address = (u8 *) &(msg->chaddr);
+       
+       HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE,
+                     "Got DHCP broadcast packet from " MACSTR "\n",
+                     MAC2STR(mac_address));
+
+       wired_possible_new_sta(hapd, mac_address);
+}
+
+
+static int wired_init_sockets(struct wired_driver_data *drv)
+{
+       struct hostapd_data *hapd = drv->hapd;
+       struct ifreq ifr;
+       struct sockaddr_ll addr;
+       struct sockaddr_in addr2;
+       struct packet_mreq mreq;
+       u8 multicastgroup_eapol[6] = WIRED_EAPOL_MULTICAST_GROUP;
+       int n = 1;
+
+       drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE));
+       if (drv->sock < 0) {
+               perror("socket[PF_PACKET,SOCK_RAW]");
+               return -1;
+       }
+
+       if (eloop_register_read_sock(drv->sock, handle_read, hapd, NULL)) {
+               printf("Could not register read socket\n");
+               return -1;
+       }
+
+       memset(&ifr, 0, sizeof(ifr));
+       snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s",
+       hapd->conf->iface);
+       if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) {
+               perror("ioctl(SIOCGIFINDEX)");
+               return -1;
+       }
+
+       
+       memset(&addr, 0, sizeof(addr));
+       addr.sll_family = AF_PACKET;
+       addr.sll_ifindex = ifr.ifr_ifindex;
+       HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
+                     "Opening raw packet socket for ifindex %d\n",
+                     addr.sll_ifindex);
+
+       if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+               perror("bind");
+               return -1;
+       }
+
+       /* filter multicast address */
+       memset(&mreq, 0, sizeof(mreq));
+       mreq.mr_ifindex = ifr.ifr_ifindex;
+       mreq.mr_type = PACKET_MR_MULTICAST;
+       mreq.mr_alen = 6;
+       memcpy(mreq.mr_address, multicastgroup_eapol, mreq.mr_alen);
+
+       if (setsockopt(drv->sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq,
+                      sizeof(mreq)) < 0) {
+               perror("setsockopt[SOL_SOCKET,PACKET_ADD_MEMBERSHIP]");
+               return -1;
+       }
+
+       memset(&ifr, 0, sizeof(ifr));
+       snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", hapd->conf->iface);
+       if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) {
+               perror("ioctl(SIOCGIFHWADDR)");
+               return -1;
+       }
+
+       if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+               printf("Invalid HW-addr family 0x%04x\n",
+                      ifr.ifr_hwaddr.sa_family);
+               return -1;
+       }
+       memcpy(hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+       /* setup dhcp listen socket for sta detection */
+       if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+               perror("socket call failed for dhcp");
+               return -1;
+       }
+
+       if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, hapd, NULL))
+       {
+               printf("Could not register read socket\n");
+               return -1;
+       }
+       
+       memset(&addr2, 0, sizeof(addr2));
+       addr2.sin_family = AF_INET;
+       addr2.sin_port = htons(67);
+       addr2.sin_addr.s_addr = INADDR_ANY;
+
+       if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_REUSEADDR, (char *) &n,
+                      sizeof(n)) == -1) {
+               perror("setsockopt[SOL_SOCKET,SO_REUSEADDR]");
+               return -1;
+       }
+       if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BROADCAST, (char *) &n,
+                      sizeof(n)) == -1) {
+               perror("setsockopt[SOL_SOCKET,SO_BROADCAST]");
+               return -1;
+       }
+
+       memset(&ifr, 0, sizeof(ifr));
+       strncpy(ifr.ifr_ifrn.ifrn_name, hapd->conf->iface, IFNAMSIZ);
+       if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BINDTODEVICE,
+                      (char *) &ifr, sizeof(ifr)) < 0) {
+               perror("setsockopt[SOL_SOCKET,SO_BINDTODEVICE]");
+               return -1;
+       }
+
+       if (bind(drv->dhcp_sock, (struct sockaddr *) &addr2,
+                sizeof(struct sockaddr)) == -1) {
+               perror("bind");
+               return -1;
+       }
+
+       return 0;
+}
+
+
+static int wired_send_eapol(void *priv, u8 *addr,
+                           u8 *data, size_t data_len, int encrypt)
+{
+       struct wired_driver_data *drv = priv;
+       u8 pae_group_addr[ETH_ALEN] = WIRED_EAPOL_MULTICAST_GROUP;
+       struct ieee8023_hdr *hdr;
+       size_t len;
+       u8 *pos;
+       int res;
+
+       len = sizeof(*hdr) + data_len;
+       hdr = malloc(len);
+       if (hdr == NULL) {
+               printf("malloc() failed for wired_send_eapol(len=%lu)\n",
+                      (unsigned long) len);
+               return -1;
+       }
+
+       memset(hdr, 0, len);
+       memcpy(hdr->dest, drv->use_pae_group_addr ? pae_group_addr : addr,
+              ETH_ALEN);
+       memcpy(hdr->src, drv->hapd->own_addr, ETH_ALEN);
+       hdr->ethertype = htons(ETH_P_PAE);
+
+       pos = (u8 *) (hdr + 1);
+       memcpy(pos, data, data_len);
+
+       res = send(drv->sock, (u8 *) hdr, len, 0);
+       free(hdr);
+
+       if (res < 0) {
+               perror("wired_send_eapol: send");
+               printf("wired_send_eapol - packet len: %lu - failed\n",
+                      (unsigned long) len);
+       }
+
+       return res;
+}
+
+
+static int wired_driver_init(struct hostapd_data *hapd)
+{
+       struct wired_driver_data *drv;
+
+       drv = malloc(sizeof(struct wired_driver_data));
+       if (drv == NULL) {
+               printf("Could not allocate memory for wired driver data\n");
+               return -1;
+       }
+
+       memset(drv, 0, sizeof(*drv));
+       drv->ops = wired_driver_ops;
+       drv->hapd = hapd;
+       drv->use_pae_group_addr = hapd->conf->use_pae_group_addr;
+
+       if (wired_init_sockets(drv))
+               return -1;
+
+       hapd->driver = &drv->ops;
+       return 0;
+}
+
+
+static void wired_driver_deinit(void *priv)
+{
+       struct wired_driver_data *drv = priv;
+
+       drv->hapd->driver = NULL;
+
+       if (drv->sock >= 0)
+               close(drv->sock);
+       
+       if (drv->dhcp_sock >= 0)
+               close(drv->dhcp_sock);
+
+       free(drv);
+}
+
+
+static const struct driver_ops wired_driver_ops = {
+       .name = "wired",
+       .init = wired_driver_init,
+       .deinit = wired_driver_deinit,
+       .send_eapol = wired_send_eapol,
+};
+
+void wired_driver_register(void)
+{
+       driver_register(wired_driver_ops.name, &wired_driver_ops);
+}
diff --git a/contrib/hostapd-0.4.9/eap.c b/contrib/hostapd-0.4.9/eap.c
new file mode 100644 (file)
index 0000000..a20147e
--- /dev/null
@@ -0,0 +1,944 @@
+/*
+ * hostapd / EAP Standalone Authenticator state machine
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <sys/socket.h>
+
+#include "hostapd.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "eap_i.h"
+
+#define EAP_MAX_AUTH_ROUNDS 50
+
+extern const struct eap_method eap_method_identity;
+#ifdef EAP_MD5
+extern const struct eap_method eap_method_md5;
+#endif /* EAP_MD5 */
+#ifdef EAP_TLS
+extern const struct eap_method eap_method_tls;
+#endif /* EAP_TLS */
+#ifdef EAP_MSCHAPv2
+extern const struct eap_method eap_method_mschapv2;
+#endif /* EAP_MSCHAPv2 */
+#ifdef EAP_PEAP
+extern const struct eap_method eap_method_peap;
+#endif /* EAP_PEAP */
+#ifdef EAP_TLV
+extern const struct eap_method eap_method_tlv;
+#endif /* EAP_TLV */
+#ifdef EAP_GTC
+extern const struct eap_method eap_method_gtc;
+#endif /* EAP_GTC */
+#ifdef EAP_TTLS
+extern const struct eap_method eap_method_ttls;
+#endif /* EAP_TTLS */
+#ifdef EAP_SIM
+extern const struct eap_method eap_method_sim;
+#endif /* EAP_SIM */
+#ifdef EAP_PAX
+extern const struct eap_method eap_method_pax;
+#endif /* EAP_PAX */
+#ifdef EAP_PSK
+extern const struct eap_method eap_method_psk;
+#endif /* EAP_PSK */
+
+static const struct eap_method *eap_methods[] =
+{
+       &eap_method_identity,
+#ifdef EAP_MD5
+       &eap_method_md5,
+#endif /* EAP_MD5 */
+#ifdef EAP_TLS
+       &eap_method_tls,
+#endif /* EAP_TLS */
+#ifdef EAP_MSCHAPv2
+       &eap_method_mschapv2,
+#endif /* EAP_MSCHAPv2 */
+#ifdef EAP_PEAP
+       &eap_method_peap,
+#endif /* EAP_PEAP */
+#ifdef EAP_TTLS
+       &eap_method_ttls,
+#endif /* EAP_TTLS */
+#ifdef EAP_TLV
+       &eap_method_tlv,
+#endif /* EAP_TLV */
+#ifdef EAP_GTC
+       &eap_method_gtc,
+#endif /* EAP_GTC */
+#ifdef EAP_SIM
+       &eap_method_sim,
+#endif /* EAP_SIM */
+#ifdef EAP_PAX
+       &eap_method_pax,
+#endif /* EAP_PAX */
+#ifdef EAP_PSK
+       &eap_method_psk,
+#endif /* EAP_PSK */
+};
+#define NUM_EAP_METHODS (sizeof(eap_methods) / sizeof(eap_methods[0]))
+
+
+const struct eap_method * eap_sm_get_eap_methods(int method)
+{
+       int i;
+       for (i = 0; i < NUM_EAP_METHODS; i++) {
+               if (eap_methods[i]->method == method)
+                       return eap_methods[i];
+       }
+       return NULL;
+}
+
+static void eap_user_free(struct eap_user *user);
+
+
+/* EAP state machines are described in draft-ietf-eap-statemachine-05.txt */
+
+static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
+                                  int eapSRTT, int eapRTTVAR,
+                                  int methodTimeout);
+static void eap_sm_parseEapResp(struct eap_sm *sm, u8 *resp, size_t len);
+static u8 * eap_sm_buildSuccess(struct eap_sm *sm, int id, size_t *len);
+static u8 * eap_sm_buildFailure(struct eap_sm *sm, int id, size_t *len);
+static int eap_sm_nextId(struct eap_sm *sm, int id);
+static void eap_sm_Policy_update(struct eap_sm *sm, u8 *nak_list, size_t len);
+static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm);
+static int eap_sm_Policy_getDecision(struct eap_sm *sm);
+static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method);
+
+
+/* Definitions for clarifying state machine implementation */
+#define SM_STATE(machine, state) \
+static void sm_ ## machine ## _ ## state ## _Enter(struct eap_sm *sm, \
+       int global)
+
+#define SM_ENTRY(machine, state) \
+if (!global || sm->machine ## _state != machine ## _ ## state) { \
+       sm->changed = TRUE; \
+       wpa_printf(MSG_DEBUG, "EAP: " #machine " entering state " #state); \
+} \
+sm->machine ## _state = machine ## _ ## state;
+
+#define SM_ENTER(machine, state) \
+sm_ ## machine ## _ ## state ## _Enter(sm, 0)
+#define SM_ENTER_GLOBAL(machine, state) \
+sm_ ## machine ## _ ## state ## _Enter(sm, 1)
+
+#define SM_STEP(machine) \
+static void sm_ ## machine ## _Step(struct eap_sm *sm)
+
+#define SM_STEP_RUN(machine) sm_ ## machine ## _Step(sm)
+
+
+static Boolean eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var)
+{
+       return sm->eapol_cb->get_bool(sm->eapol_ctx, var);
+}
+
+
+static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var,
+                          Boolean value)
+{
+       sm->eapol_cb->set_bool(sm->eapol_ctx, var, value);
+}
+
+
+static void eapol_set_eapReqData(struct eap_sm *sm,
+                                const u8 *eapReqData, size_t eapReqDataLen)
+{
+       wpa_hexdump(MSG_MSGDUMP, "EAP: eapReqData -> EAPOL",
+                   sm->eapReqData, sm->eapReqDataLen);
+       sm->eapol_cb->set_eapReqData(sm->eapol_ctx, eapReqData, eapReqDataLen);
+}
+
+
+static void eapol_set_eapKeyData(struct eap_sm *sm,
+                                const u8 *eapKeyData, size_t eapKeyDataLen)
+{
+       wpa_hexdump(MSG_MSGDUMP, "EAP: eapKeyData -> EAPOL",
+                   sm->eapKeyData, sm->eapKeyDataLen);
+       sm->eapol_cb->set_eapKeyData(sm->eapol_ctx, eapKeyData, eapKeyDataLen);
+}
+
+
+int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
+                int phase2)
+{
+       struct eap_user *user;
+
+       if (sm == NULL || sm->eapol_cb == NULL ||
+           sm->eapol_cb->get_eap_user == NULL)
+               return -1;
+
+       eap_user_free(sm->user);
+       sm->user = NULL;
+
+       user = malloc(sizeof(*user));
+       if (user == NULL)
+           return -1;
+       memset(user, 0, sizeof(*user));
+
+       if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
+                                      identity_len, phase2, user) != 0) {
+               eap_user_free(user);
+               return -1;
+       }
+
+       sm->user = user;
+       sm->user_eap_method_index = 0;
+
+       return 0;
+}
+
+
+SM_STATE(EAP, DISABLED)
+{
+       SM_ENTRY(EAP, DISABLED);
+       sm->num_rounds = 0;
+}
+
+
+SM_STATE(EAP, INITIALIZE)
+{
+       SM_ENTRY(EAP, INITIALIZE);
+
+       sm->currentId = -1;
+       eapol_set_bool(sm, EAPOL_eapSuccess, FALSE);
+       eapol_set_bool(sm, EAPOL_eapFail, FALSE);
+       eapol_set_bool(sm, EAPOL_eapTimeout, FALSE);
+       free(sm->eapKeyData);
+       sm->eapKeyData = NULL;
+       sm->eapKeyDataLen = 0;
+       /* eapKeyAvailable = FALSE */
+       eapol_set_bool(sm, EAPOL_eapRestart, FALSE);
+
+       /* This is not defined in draft-ietf-eap-statemachine-05.txt, but
+        * method state needs to be reseted here so that it does not remain in
+        * success state when re-authentication starts. */
+       if (sm->m && sm->eap_method_priv) {
+               sm->m->reset(sm, sm->eap_method_priv);
+               sm->eap_method_priv = NULL;
+       }
+       sm->m = NULL;
+       sm->user_eap_method_index = 0;
+
+       if (sm->backend_auth) {
+               sm->currentMethod = EAP_TYPE_NONE;
+               /* parse rxResp, respId, respMethod */
+               eap_sm_parseEapResp(sm, sm->eapRespData, sm->eapRespDataLen);
+               if (sm->rxResp) {
+                       sm->currentId = sm->respId;
+               }
+       }
+       sm->num_rounds = 0;
+}
+
+
+SM_STATE(EAP, PICK_UP_METHOD)
+{
+       SM_ENTRY(EAP, PICK_UP_METHOD);
+
+       if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) {
+               sm->currentMethod = sm->respMethod;
+               if (sm->m && sm->eap_method_priv) {
+                       sm->m->reset(sm, sm->eap_method_priv);
+                       sm->eap_method_priv = NULL;
+               }
+               sm->m = eap_sm_get_eap_methods(sm->currentMethod);
+               if (sm->m && sm->m->initPickUp) {
+                       sm->eap_method_priv = sm->m->initPickUp(sm);
+                       if (sm->eap_method_priv == NULL) {
+                               wpa_printf(MSG_DEBUG, "EAP: Failed to "
+                                          "initialize EAP method %d",
+                                          sm->currentMethod);
+                               sm->m = NULL;
+                               sm->currentMethod = EAP_TYPE_NONE;
+                       }
+               } else {
+                       sm->m = NULL;
+                       sm->currentMethod = EAP_TYPE_NONE;
+               }
+       }
+}
+
+
+SM_STATE(EAP, IDLE)
+{
+       SM_ENTRY(EAP, IDLE);
+
+       sm->retransWhile = eap_sm_calculateTimeout(sm, sm->retransCount,
+                                                  sm->eapSRTT, sm->eapRTTVAR,
+                                                  sm->methodTimeout);
+}
+
+
+SM_STATE(EAP, RETRANSMIT)
+{
+       SM_ENTRY(EAP, RETRANSMIT);
+
+       /* TODO: Is this needed since EAPOL state machines take care of
+        * retransmit? */
+}
+
+
+SM_STATE(EAP, RECEIVED)
+{
+       SM_ENTRY(EAP, RECEIVED);
+
+       /* parse rxResp, respId, respMethod */
+       eap_sm_parseEapResp(sm, sm->eapRespData, sm->eapRespDataLen);
+       sm->num_rounds++;
+}
+
+
+SM_STATE(EAP, DISCARD)
+{
+       SM_ENTRY(EAP, DISCARD);
+       eapol_set_bool(sm, EAPOL_eapResp, FALSE);
+       eapol_set_bool(sm, EAPOL_eapNoReq, TRUE);
+}
+
+
+SM_STATE(EAP, SEND_REQUEST)
+{
+       SM_ENTRY(EAP, SEND_REQUEST);
+
+       sm->retransCount = 0;
+       if (sm->eapReqData) {
+               eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen);
+               free(sm->lastReqData);
+               sm->lastReqData = sm->eapReqData;
+               sm->lastReqDataLen = sm->eapReqDataLen;
+               sm->eapReqData = NULL;
+               sm->eapReqDataLen = 0;
+               eapol_set_bool(sm, EAPOL_eapResp, FALSE);
+               eapol_set_bool(sm, EAPOL_eapReq, TRUE);
+       } else {
+               wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
+               eapol_set_bool(sm, EAPOL_eapResp, FALSE);
+               eapol_set_bool(sm, EAPOL_eapReq, FALSE);
+               eapol_set_bool(sm, EAPOL_eapNoReq, TRUE);
+       }
+}
+
+
+SM_STATE(EAP, INTEGRITY_CHECK)
+{
+       SM_ENTRY(EAP, INTEGRITY_CHECK);
+
+       if (sm->m->check) {
+               sm->ignore = sm->m->check(sm, sm->eap_method_priv,
+                                         sm->eapRespData, sm->eapRespDataLen);
+       }
+}
+
+
+SM_STATE(EAP, METHOD_REQUEST)
+{
+       SM_ENTRY(EAP, METHOD_REQUEST);
+
+       if (sm->m == NULL) {
+               wpa_printf(MSG_DEBUG, "EAP: method not initialized");
+               return;
+       }
+
+       sm->currentId = eap_sm_nextId(sm, sm->currentId);
+       wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
+                  sm->currentId);
+       sm->lastId = sm->currentId;
+       free(sm->eapReqData);
+       sm->eapReqData = sm->m->buildReq(sm, sm->eap_method_priv,
+                                        sm->currentId, &sm->eapReqDataLen);
+       if (sm->m->getTimeout)
+               sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv);
+       else
+               sm->methodTimeout = 0;
+}
+
+
+SM_STATE(EAP, METHOD_RESPONSE)
+{
+       SM_ENTRY(EAP, METHOD_RESPONSE);
+
+       sm->m->process(sm, sm->eap_method_priv, sm->eapRespData,
+                      sm->eapRespDataLen);
+       if (sm->m->isDone(sm, sm->eap_method_priv)) {
+               eap_sm_Policy_update(sm, NULL, 0);
+               free(sm->eapKeyData);
+               if (sm->m->getKey) {
+                       sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv,
+                                                      &sm->eapKeyDataLen);
+               } else {
+                       sm->eapKeyData = NULL;
+                       sm->eapKeyDataLen = 0;
+               }
+               sm->methodState = METHOD_END;
+       } else {
+               sm->methodState = METHOD_CONTINUE;
+       }
+}
+
+
+SM_STATE(EAP, PROPOSE_METHOD)
+{
+       SM_ENTRY(EAP, PROPOSE_METHOD);
+
+       sm->currentMethod = eap_sm_Policy_getNextMethod(sm);
+       if (sm->m && sm->eap_method_priv) {
+               sm->m->reset(sm, sm->eap_method_priv);
+               sm->eap_method_priv = NULL;
+       }
+       sm->m = eap_sm_get_eap_methods(sm->currentMethod);
+       if (sm->m) {
+               sm->eap_method_priv = sm->m->init(sm);
+               if (sm->eap_method_priv == NULL) {
+                       wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP "
+                                  "method %d", sm->currentMethod);
+                       sm->m = NULL;
+                       sm->currentMethod = EAP_TYPE_NONE;
+               }
+       }
+       if (sm->currentMethod == EAP_TYPE_IDENTITY ||
+           sm->currentMethod == EAP_TYPE_NOTIFICATION)
+               sm->methodState = METHOD_CONTINUE;
+       else
+               sm->methodState = METHOD_PROPOSED;
+}
+
+
+SM_STATE(EAP, NAK)
+{
+       struct eap_hdr *nak;
+       size_t len = 0;
+       u8 *pos, *nak_list = NULL;
+
+       SM_ENTRY(EAP, NAK);
+
+       if (sm->eap_method_priv) {
+               sm->m->reset(sm, sm->eap_method_priv);
+               sm->eap_method_priv = NULL;
+       }
+       sm->m = NULL;
+
+       nak = (struct eap_hdr *) sm->eapRespData;
+       if (nak && sm->eapRespDataLen > sizeof(*nak)) {
+               len = ntohs(nak->length);
+               if (len > sm->eapRespDataLen)
+                       len = sm->eapRespDataLen;
+               pos = (u8 *) (nak + 1);
+               len -= sizeof(*nak);
+               if (*pos == EAP_TYPE_NAK) {
+                       pos++;
+                       len--;
+                       nak_list = pos;
+               }
+       }
+       eap_sm_Policy_update(sm, nak_list, len);
+}
+
+
+SM_STATE(EAP, SELECT_ACTION)
+{
+       SM_ENTRY(EAP, SELECT_ACTION);
+
+       sm->decision = eap_sm_Policy_getDecision(sm);
+}
+
+
+SM_STATE(EAP, TIMEOUT_FAILURE)
+{
+       SM_ENTRY(EAP, TIMEOUT_FAILURE);
+
+       eapol_set_bool(sm, EAPOL_eapTimeout, TRUE);
+}
+
+
+SM_STATE(EAP, FAILURE)
+{
+       SM_ENTRY(EAP, FAILURE);
+
+       free(sm->eapReqData);
+       sm->eapReqData = eap_sm_buildFailure(sm, sm->currentId,
+                                            &sm->eapReqDataLen);
+       if (sm->eapReqData) {
+               eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen);
+               free(sm->eapReqData);
+               sm->eapReqData = NULL;
+               sm->eapReqDataLen = 0;
+       }
+       free(sm->lastReqData);
+       sm->lastReqData = NULL;
+       sm->lastReqDataLen = 0;
+       eapol_set_bool(sm, EAPOL_eapFail, TRUE);
+}
+
+
+SM_STATE(EAP, SUCCESS)
+{
+       SM_ENTRY(EAP, SUCCESS);
+
+       free(sm->eapReqData);
+       sm->eapReqData = eap_sm_buildSuccess(sm, sm->currentId,
+                                            &sm->eapReqDataLen);
+       if (sm->eapReqData) {
+               eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen);
+               free(sm->eapReqData);
+               sm->eapReqData = NULL;
+               sm->eapReqDataLen = 0;
+       }
+       free(sm->lastReqData);
+       sm->lastReqData = NULL;
+       sm->lastReqDataLen = 0;
+       if (sm->eapKeyData) {
+               eapol_set_eapKeyData(sm, sm->eapKeyData, sm->eapKeyDataLen);
+       }
+       eapol_set_bool(sm, EAPOL_eapSuccess, TRUE);
+}
+
+
+SM_STEP(EAP)
+{
+       if (eapol_get_bool(sm, EAPOL_eapRestart) &&
+           eapol_get_bool(sm, EAPOL_portEnabled))
+               SM_ENTER_GLOBAL(EAP, INITIALIZE);
+       else if (!eapol_get_bool(sm, EAPOL_portEnabled))
+               SM_ENTER_GLOBAL(EAP, DISABLED);
+       else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
+               if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
+                       wpa_printf(MSG_DEBUG, "EAP: more than %d "
+                                  "authentication rounds - abort",
+                                  EAP_MAX_AUTH_ROUNDS);
+                       sm->num_rounds++;
+                       SM_ENTER_GLOBAL(EAP, FAILURE);
+               }
+       } else switch (sm->EAP_state) {
+       case EAP_INITIALIZE:
+               if (sm->backend_auth) {
+                       if (!sm->rxResp)
+                               SM_ENTER(EAP, SELECT_ACTION);
+                       else if (sm->rxResp &&
+                                (sm->respMethod == EAP_TYPE_NAK ||
+                                 sm->respMethod == EAP_TYPE_EXPANDED_NAK))
+                               SM_ENTER(EAP, NAK);
+                       else
+                               SM_ENTER(EAP, PICK_UP_METHOD);
+               } else {
+                       SM_ENTER(EAP, SELECT_ACTION);
+               }
+               break;
+       case EAP_PICK_UP_METHOD:
+               if (sm->currentMethod == EAP_TYPE_NONE) {
+                       SM_ENTER(EAP, SELECT_ACTION);
+               } else {
+                       SM_ENTER(EAP, METHOD_RESPONSE);
+               }
+               break;
+       case EAP_DISABLED:
+               if (eapol_get_bool(sm, EAPOL_portEnabled))
+                       SM_ENTER(EAP, INITIALIZE);
+               break;
+       case EAP_IDLE:
+               if (sm->retransWhile == 0)
+                       SM_ENTER(EAP, RETRANSMIT);
+               else if (eapol_get_bool(sm, EAPOL_eapResp))
+                       SM_ENTER(EAP, RECEIVED);
+               break;
+       case EAP_RETRANSMIT:
+               if (sm->retransCount > sm->MaxRetrans)
+                       SM_ENTER(EAP, TIMEOUT_FAILURE);
+               else
+                       SM_ENTER(EAP, IDLE);
+               break;
+       case EAP_RECEIVED:
+               if (sm->rxResp && (sm->respId == sm->currentId) &&
+                   (sm->respMethod == EAP_TYPE_NAK ||
+                    sm->respMethod == EAP_TYPE_EXPANDED_NAK)
+                   && (sm->methodState == METHOD_PROPOSED))
+                       SM_ENTER(EAP, NAK);
+               else if (sm->rxResp && (sm->respId == sm->currentId) &&
+                        (sm->respMethod == sm->currentMethod))
+                       SM_ENTER(EAP, INTEGRITY_CHECK);
+               else
+                       SM_ENTER(EAP, DISCARD);
+               break;
+       case EAP_DISCARD:
+               SM_ENTER(EAP, IDLE);
+               break;
+       case EAP_SEND_REQUEST:
+               SM_ENTER(EAP, IDLE);
+               break;
+       case EAP_INTEGRITY_CHECK:
+               if (sm->ignore)
+                       SM_ENTER(EAP, DISCARD);
+               else
+                       SM_ENTER(EAP, METHOD_RESPONSE);
+               break;
+       case EAP_METHOD_REQUEST:
+               SM_ENTER(EAP, SEND_REQUEST);
+               break;
+       case EAP_METHOD_RESPONSE:
+               if (sm->methodState == METHOD_END)
+                       SM_ENTER(EAP, SELECT_ACTION);
+               else
+                       SM_ENTER(EAP, METHOD_REQUEST);
+               break;
+       case EAP_PROPOSE_METHOD:
+               SM_ENTER(EAP, METHOD_REQUEST);
+               break;
+       case EAP_NAK:
+               SM_ENTER(EAP, SELECT_ACTION);
+               break;
+       case EAP_SELECT_ACTION:
+               if (sm->decision == DECISION_FAILURE)
+                       SM_ENTER(EAP, FAILURE);
+               else if (sm->decision == DECISION_SUCCESS)
+                       SM_ENTER(EAP, SUCCESS);
+               else
+                       SM_ENTER(EAP, PROPOSE_METHOD);
+               break;
+       case EAP_TIMEOUT_FAILURE:
+               break;
+       case EAP_FAILURE:
+               break;
+       case EAP_SUCCESS:
+               break;
+       }
+}
+
+
+static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
+                                  int eapSRTT, int eapRTTVAR,
+                                  int methodTimeout)
+{
+       /* For now, retransmission is done in EAPOL state machines, so make
+        * sure EAP state machine does not end up trying to retransmit packets.
+        */
+       return 1;
+}
+
+
+static void eap_sm_parseEapResp(struct eap_sm *sm, u8 *resp, size_t len)
+{
+       struct eap_hdr *hdr;
+       size_t plen;
+
+       /* parse rxResp, respId, respMethod */
+       sm->rxResp = FALSE;
+       sm->respId = -1;
+       sm->respMethod = EAP_TYPE_NONE;
+
+       if (resp == NULL || len < sizeof(*hdr))
+               return;
+
+       hdr = (struct eap_hdr *) resp;
+       plen = ntohs(hdr->length);
+       if (plen > len) {
+               wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
+                          "(len=%lu plen=%lu)", (unsigned long) len,
+                          (unsigned long) plen);
+               return;
+       }
+
+       sm->respId = hdr->identifier;
+
+       if (hdr->code == EAP_CODE_RESPONSE)
+               sm->rxResp = TRUE;
+
+       if (len > sizeof(*hdr))
+               sm->respMethod = *((u8 *) (hdr + 1));
+
+       wpa_printf(MSG_DEBUG, "EAP: parseEapResp: rxResp=%d respId=%d "
+                  "respMethod=%d", sm->rxResp, sm->respId, sm->respMethod);
+}
+
+
+static u8 * eap_sm_buildSuccess(struct eap_sm *sm, int id, size_t *len)
+{
+       struct eap_hdr *resp;
+       wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id);
+
+       *len = sizeof(*resp);
+       resp = malloc(*len);
+       if (resp == NULL)
+               return NULL;
+       resp->code = EAP_CODE_SUCCESS;
+       resp->identifier = id;
+       resp->length = htons(*len);
+
+       return (u8 *) resp;
+}
+
+
+static u8 * eap_sm_buildFailure(struct eap_sm *sm, int id, size_t *len)
+{
+       struct eap_hdr *resp;
+       wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id);
+
+       *len = sizeof(*resp);
+       resp = malloc(*len);
+       if (resp == NULL)
+               return NULL;
+       resp->code = EAP_CODE_FAILURE;
+       resp->identifier = id;
+       resp->length = htons(*len);
+
+       return (u8 *) resp;
+}
+
+
+static int eap_sm_nextId(struct eap_sm *sm, int id)
+{
+       if (id < 0) {
+               /* RFC 3748 Ch 4.1: recommended to initalize Identifier with a
+                * random number */
+               id = rand() & 0xff;
+               if (id != sm->lastId)
+                       return id;
+       }
+       return (id + 1) & 0xff;
+}
+
+
+void eap_sm_process_nak(struct eap_sm *sm, u8 *nak_list, size_t len)
+{
+       int i, j;
+
+       wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method "
+                  "index %d)", sm->user_eap_method_index);
+
+       wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods",
+                   sm->user->methods, EAP_MAX_METHODS);
+       wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer",
+                   nak_list, len);
+
+       i = sm->user_eap_method_index;
+       while (i < EAP_MAX_METHODS && sm->user->methods[i] != EAP_TYPE_NONE) {
+               for (j = 0; j < len; j++) {
+                       if (nak_list[j] == sm->user->methods[i]) {
+                               break;
+                       }
+               }
+
+               if (j < len) {
+                       /* found */
+                       i++;
+                       continue;
+               }
+
+               /* not found - remove from the list */
+               memmove(&sm->user->methods[i], &sm->user->methods[i + 1],
+                       EAP_MAX_METHODS - i - 1);
+               sm->user->methods[EAP_MAX_METHODS - 1] = EAP_TYPE_NONE;
+       }
+
+       wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods",
+                   sm->user->methods, EAP_MAX_METHODS);
+}
+
+
+static void eap_sm_Policy_update(struct eap_sm *sm, u8 *nak_list, size_t len)
+{
+       if (nak_list == NULL || sm == NULL || sm->user == NULL)
+               return;
+
+       if (sm->user->phase2) {
+               wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user"
+                          " info was selected - reject");
+               sm->decision = DECISION_FAILURE;
+               return;
+       }
+
+       eap_sm_process_nak(sm, nak_list, len);
+}
+
+
+static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm)
+{
+       EapType next;
+
+       /* In theory, there should be no problems with starting
+        * re-authentication with something else than EAP-Request/Identity and
+        * this does indeed work with wpa_supplicant. However, at least Funk
+        * Supplicant seemed to ignore re-auth if it skipped
+        * EAP-Request/Identity.
+        * Re-auth sets currentId == -1, so that can be used here to select
+        * whether Identity needs to be requested again. */
+       if (sm->identity == NULL || sm->currentId == -1) {
+               next = EAP_TYPE_IDENTITY;
+               sm->update_user = TRUE;
+       } else if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
+                  sm->user->methods[sm->user_eap_method_index] !=
+                  EAP_TYPE_NONE) {
+               next = sm->user->methods[sm->user_eap_method_index++];
+       } else {
+               next = EAP_TYPE_NONE;
+       }
+       wpa_printf(MSG_DEBUG, "EAP: getNextMethod: type %d", next);
+       return next;
+}
+
+
+static int eap_sm_Policy_getDecision(struct eap_sm *sm)
+{
+       if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY &&
+           sm->m->isSuccess(sm, sm->eap_method_priv)) {
+               wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
+                          "SUCCESS");
+               sm->update_user = TRUE;
+               return DECISION_SUCCESS;
+       }
+
+       if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) &&
+           !sm->m->isSuccess(sm, sm->eap_method_priv)) {
+               wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
+                          "FAILURE");
+               sm->update_user = TRUE;
+               return DECISION_FAILURE;
+       }
+
+       if ((sm->user == NULL || sm->update_user) && sm->identity) {
+               if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
+                       wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
+                                  "found from database -> FAILURE");
+                       return DECISION_FAILURE;
+               }
+               sm->update_user = FALSE;
+       }
+
+       if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
+           sm->user->methods[sm->user_eap_method_index] != EAP_TYPE_NONE) {
+               wpa_printf(MSG_DEBUG, "EAP: getDecision: another method "
+                          "available -> CONTINUE");
+               return DECISION_CONTINUE;
+       }
+
+       if (sm->identity == NULL || sm->currentId == -1) {
+               wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known "
+                          "yet -> CONTINUE");
+               return DECISION_CONTINUE;
+       }
+
+       wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> "
+                  "FAILURE");
+       return DECISION_FAILURE;
+}
+
+
+static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method)
+{
+       return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
+}
+
+
+int eap_sm_step(struct eap_sm *sm)
+{
+       int res = 0;
+       do {
+               sm->changed = FALSE;
+               SM_STEP_RUN(EAP);
+               if (sm->changed)
+                       res = 1;
+       } while (sm->changed);
+       return res;
+}
+
+
+u8 eap_get_type(const char *name)
+{
+       int i;
+       for (i = 0; i < NUM_EAP_METHODS; i++) {
+               if (strcmp(eap_methods[i]->name, name) == 0)
+                       return eap_methods[i]->method;
+       }
+       return EAP_TYPE_NONE;
+}
+
+
+void eap_set_eapRespData(struct eap_sm *sm, const u8 *eapRespData,
+                        size_t eapRespDataLen)
+{
+       if (sm == NULL)
+               return;
+       free(sm->eapRespData);
+       sm->eapRespData = malloc(eapRespDataLen);
+       if (sm->eapRespData == NULL)
+               return;
+       memcpy(sm->eapRespData, eapRespData, eapRespDataLen);
+       sm->eapRespDataLen = eapRespDataLen;
+       wpa_hexdump(MSG_MSGDUMP, "EAP: EAP-Response received",
+                   eapRespData, eapRespDataLen);
+}
+
+
+static void eap_user_free(struct eap_user *user)
+{
+       if (user == NULL)
+               return;
+       free(user->password);
+       user->password = NULL;
+       free(user);
+}
+
+
+struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
+                           struct eap_config *eap_conf)
+{
+       struct eap_sm *sm;
+
+       sm = malloc(sizeof(*sm));
+       if (sm == NULL)
+               return NULL;
+       memset(sm, 0, sizeof(*sm));
+       sm->eapol_ctx = eapol_ctx;
+       sm->eapol_cb = eapol_cb;
+       sm->MaxRetrans = 10;
+       sm->ssl_ctx = eap_conf->ssl_ctx;
+       sm->eap_sim_db_priv = eap_conf->eap_sim_db_priv;
+       sm->backend_auth = eap_conf->backend_auth;
+
+       wpa_printf(MSG_DEBUG, "EAP: State machine created");
+
+       return sm;
+}
+
+
+void eap_sm_deinit(struct eap_sm *sm)
+{
+       if (sm == NULL)
+               return;
+       wpa_printf(MSG_DEBUG, "EAP: State machine removed");
+       if (sm->m && sm->eap_method_priv)
+               sm->m->reset(sm, sm->eap_method_priv);
+       free(sm->eapReqData);
+       free(sm->eapKeyData);
+       free(sm->lastReqData);
+       free(sm->eapRespData);
+       free(sm->identity);
+       eap_user_free(sm->user);
+       free(sm);
+}
+
+
+void eap_sm_notify_cached(struct eap_sm *sm)
+{
+       if (sm == NULL)
+               return;
+
+       sm->EAP_state = EAP_SUCCESS;
+}
diff --git a/contrib/hostapd-0.4.9/eap.h b/contrib/hostapd-0.4.9/eap.h
new file mode 100644 (file)
index 0000000..c5c62eb
--- /dev/null
@@ -0,0 +1,89 @@
+#ifndef EAP_H
+#define EAP_H
+
+#include "defs.h"
+#include "eap_defs.h"
+
+struct eap_sm;
+
+#define EAP_MAX_METHODS 8
+struct eap_user {
+       u8 methods[EAP_MAX_METHODS];
+       u8 *password;
+       size_t password_len;
+       int phase2;
+       int force_version;
+};
+
+enum eapol_bool_var {
+       EAPOL_eapSuccess, EAPOL_eapRestart, EAPOL_eapFail, EAPOL_eapResp,
+       EAPOL_eapReq, EAPOL_eapNoReq, EAPOL_portEnabled, EAPOL_eapTimeout
+};
+
+struct eapol_callbacks {
+       Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable);
+       void (*set_bool)(void *ctx, enum eapol_bool_var variable,
+                        Boolean value);
+       void (*set_eapReqData)(void *ctx, const u8 *eapReqData,
+                              size_t eapReqDataLen);
+       void (*set_eapKeyData)(void *ctx, const u8 *eapKeyData,
+                              size_t eapKeyDataLen);
+       int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
+                           int phase2, struct eap_user *user);
+       const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
+};
+
+struct eap_config {
+       void *ssl_ctx;
+       void *eap_sim_db_priv;
+       Boolean backend_auth;
+};
+
+
+#ifdef EAP_SERVER
+
+struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
+                           struct eap_config *eap_conf);
+void eap_sm_deinit(struct eap_sm *sm);
+int eap_sm_step(struct eap_sm *sm);
+u8 eap_get_type(const char *name);
+void eap_set_eapRespData(struct eap_sm *sm, const u8 *eapRespData,
+                        size_t eapRespDataLen);
+void eap_sm_notify_cached(struct eap_sm *sm);
+
+#else /* EAP_SERVER */
+
+static inline struct eap_sm * eap_sm_init(void *eapol_ctx,
+                                         struct eapol_callbacks *eapol_cb,
+                                         struct eap_config *eap_conf)
+{
+       return NULL;
+}
+
+static inline void eap_sm_deinit(struct eap_sm *sm)
+{
+}
+
+static inline int eap_sm_step(struct eap_sm *sm)
+{
+       return 0;
+}
+
+static inline u8 eap_get_type(const char *name)
+{
+       return EAP_TYPE_NONE;
+}
+
+static inline void eap_set_eapRespData(struct eap_sm *sm,
+                                      const u8 *eapRespData,
+                                      size_t eapRespDataLen)
+{
+}
+
+static inline void eap_sm_notify_cached(struct eap_sm *sm)
+{
+}
+
+#endif /* EAP_SERVER */
+
+#endif /* EAP_H */
diff --git a/contrib/hostapd-0.4.9/eap_defs.h b/contrib/hostapd-0.4.9/eap_defs.h
new file mode 100644 (file)
index 0000000..9cd4490
--- /dev/null
@@ -0,0 +1,56 @@
+/*
+ * WPA Supplicant/hostapd / Shared EAP definitions
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAP_DEFS_H
+#define EAP_DEFS_H
+
+/* RFC 3748 - Extensible Authentication Protocol (EAP) */
+
+struct eap_hdr {
+       u8 code;
+       u8 identifier;
+       u16 length; /* including code and identifier; network byte order */
+       /* followed by length-4 octets of data */
+} __attribute__ ((packed));
+
+enum { EAP_CODE_REQUEST = 1, EAP_CODE_RESPONSE = 2, EAP_CODE_SUCCESS = 3,
+       EAP_CODE_FAILURE = 4 };
+
+/* EAP Request and Response data begins with one octet Type. Success and
+ * Failure do not have additional data. */
+
+typedef enum {
+       EAP_TYPE_NONE = 0,
+       EAP_TYPE_IDENTITY = 1 /* RFC 3748 */,
+       EAP_TYPE_NOTIFICATION = 2 /* RFC 3748 */,
+       EAP_TYPE_NAK = 3 /* Response only, RFC 3748 */,
+       EAP_TYPE_MD5 = 4, /* RFC 3748 */
+       EAP_TYPE_OTP = 5 /* RFC 3748 */,
+       EAP_TYPE_GTC = 6, /* RFC 3748 */
+       EAP_TYPE_TLS = 13 /* RFC 2716 */,
+       EAP_TYPE_LEAP = 17 /* Cisco proprietary */,
+       EAP_TYPE_SIM = 18 /* draft-haverinen-pppext-eap-sim-12.txt */,
+       EAP_TYPE_TTLS = 21 /* draft-ietf-pppext-eap-ttls-02.txt */,
+       EAP_TYPE_AKA = 23 /* draft-arkko-pppext-eap-aka-12.txt */,
+       EAP_TYPE_PEAP = 25 /* draft-josefsson-pppext-eap-tls-eap-06.txt */,
+       EAP_TYPE_MSCHAPV2 = 26 /* draft-kamath-pppext-eap-mschapv2-00.txt */,
+       EAP_TYPE_TLV = 33 /* draft-josefsson-pppext-eap-tls-eap-07.txt */,
+       EAP_TYPE_FAST = 43 /* draft-cam-winget-eap-fast-00.txt */,
+       EAP_TYPE_PAX = 46, /* draft-clancy-eap-pax-04.txt */
+       EAP_TYPE_EXPANDED_NAK = 254 /* RFC 3748 */,
+       EAP_TYPE_PSK = 255 /* EXPERIMENTAL - type not yet allocated
+                           * draft-bersani-eap-psk-09 */
+} EapType;
+
+#endif /* EAP_DEFS_H */
diff --git a/contrib/hostapd-0.4.9/eap_gtc.c b/contrib/hostapd-0.4.9/eap_gtc.c
new file mode 100644 (file)
index 0000000..674f837
--- /dev/null
@@ -0,0 +1,158 @@
+/*
+ * hostapd / EAP-GTC (RFC 3748)
+ * Copyright (c) 2004, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <netinet/in.h>
+
+#include "hostapd.h"
+#include "common.h"
+#include "eap_i.h"
+
+
+struct eap_gtc_data {
+       enum { CONTINUE, SUCCESS, FAILURE } state;
+};
+
+
+static void * eap_gtc_init(struct eap_sm *sm)
+{
+       struct eap_gtc_data *data;
+
+       data = malloc(sizeof(*data));
+       if (data == NULL)
+               return data;
+       memset(data, 0, sizeof(*data));
+       data->state = CONTINUE;
+
+       return data;
+}
+
+
+static void eap_gtc_reset(struct eap_sm *sm, void *priv)
+{
+       struct eap_gtc_data *data = priv;
+       free(data);
+}
+
+
+static u8 * eap_gtc_buildReq(struct eap_sm *sm, void *priv, int id,
+                            size_t *reqDataLen)
+{
+       struct eap_gtc_data *data = priv;
+       struct eap_hdr *req;
+       u8 *pos;
+       char *msg = "Password";
+       size_t msg_len;
+
+       msg_len = strlen(msg);
+       *reqDataLen = sizeof(*req) + 1 + msg_len;
+       req = malloc(*reqDataLen);
+       if (req == NULL) {
+               wpa_printf(MSG_ERROR, "EAP-GTC: Failed to allocate memory for "
+                          "request");
+               data->state = FAILURE;
+               return NULL;
+       }
+
+       req->code = EAP_CODE_REQUEST;
+       req->identifier = id;
+       req->length = htons(*reqDataLen);
+       pos = (u8 *) (req + 1);
+       *pos++ = EAP_TYPE_GTC;
+       memcpy(pos, msg, msg_len);
+
+       data->state = CONTINUE;
+
+       return (u8 *) req;
+}
+
+
+static Boolean eap_gtc_check(struct eap_sm *sm, void *priv,
+                            u8 *respData, size_t respDataLen)
+{
+       struct eap_hdr *resp;
+       u8 *pos;
+       size_t len;
+
+       resp = (struct eap_hdr *) respData;
+       pos = (u8 *) (resp + 1);
+       if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_GTC ||
+           (len = ntohs(resp->length)) > respDataLen) {
+               wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame");
+               return TRUE;
+       }
+
+       return FALSE;
+}
+
+
+static void eap_gtc_process(struct eap_sm *sm, void *priv,
+                           u8 *respData, size_t respDataLen)
+{
+       struct eap_gtc_data *data = priv;
+       struct eap_hdr *resp;
+       u8 *pos;
+       size_t rlen;
+
+       if (sm->user == NULL || sm->user->password == NULL) {
+               wpa_printf(MSG_INFO, "EAP-GTC: Password not configured");
+               data->state = FAILURE;
+               return;
+       }
+
+       resp = (struct eap_hdr *) respData;
+       pos = (u8 *) (resp + 1);
+       pos++;
+       rlen = ntohs(resp->length) - sizeof(*resp) - 1;
+       wpa_hexdump_key(MSG_MSGDUMP, "EAP-GTC: Response", pos, rlen);
+
+       if (rlen != sm->user->password_len ||
+        &