- update WPA-Supplicant to 2.0

- add OpenBSD WPA support written by kettenis@ (also tested by matthieu@
and Gregor Best)
- enable smartcard support via PCSC-Lite
- garbage collect OS compatibility patches which are no longer needed
(one found by me, one by kettenis@)

ok phessler@

security/wpa_supplicant/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.5 2012/01/19 16:14:11 sthen Exp $
+# $OpenBSD: Makefile,v 1.6 2013/01/28 11:03:16 sthen Exp $
 
 COMMENT=	IEEE 802.1X supplicant
 
-DISTNAME=	wpa_supplicant-0.7.3
+DISTNAME=	wpa_supplicant-2.0
 CATEGORIES=	security net
 
 HOMEPAGE=	http://hostap.epitest.fi/wpa_supplicant/
@@ -15,7 +15,9 @@ PERMIT_PACKAGE_FTP=	Yes
 PERMIT_DISTFILES_CDROM=	Yes
 PERMIT_DISTFILES_FTP=	Yes
 
-WANTLIB += c ssl crypto pcap
+WANTLIB += c ssl crypto pcap pcsclite pthread
+
+LIB_DEPENDS=	security/pcsc-lite
 
 MASTER_SITES=	http://hostap.epitest.fi/releases/
 
@@ -26,15 +28,14 @@ MAKE_FLAGS=	V=1
 
 WRKSRC=		${WRKDIST}/wpa_supplicant
 
-MAN5=	wpa_supplicant.conf.5
-MAN8=	wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8
-
 EXAMPLEDIR=	${PREFIX}/share/examples/wpa_supplicant
 
 post-extract:
-	cp ${FILESDIR}/config ${WRKSRC}/.config
+	@${SUBST_CMD} -c ${FILESDIR}/config ${WRKSRC}/.config
+	@cp ${FILESDIR}/driver_openbsd.c ${WRKSRC}/../src/drivers/
 
 post-install:
+	@#${INSTALL_PROGRAM} ${WRKBUILD}/wpa_priv ${PREFIX}/sbin
 	${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.5 ${PREFIX}/man/man5/
 	${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.8 ${PREFIX}/man/man8/
 	${INSTALL_DATA_DIR} ${EXAMPLEDIR}

security/wpa_supplicant/distinfo

@@ -1,5 +1,2 @@
-MD5 (wpa_supplicant-0.7.3.tar.gz) = 9RbxkThKmlRuP1FFwIrd2g==
-RMD160 (wpa_supplicant-0.7.3.tar.gz) = 4i8EQNZMlD5LCIbu+jQY516gG2A=
-SHA1 (wpa_supplicant-0.7.3.tar.gz) = ylHbiTH6vzhjUsh0IvPmL7RMP+M=
-SHA256 (wpa_supplicant-0.7.3.tar.gz) = 0M1QyqhTRszDdtzaXtPCWO7xmpOzyt450ldgEYrVlEM=
-SIZE (wpa_supplicant-0.7.3.tar.gz) = 1638224
+SHA256 (wpa_supplicant-2.0.tar.gz) = LBFWCfu1Ij1ROBCEpclERVqK/NqB1YQXP/VbojM3ngk=
+SIZE (wpa_supplicant-2.0.tar.gz) = 2044281

security/wpa_supplicant/files/config

@@ -1,19 +1,36 @@
+# $OpenBSD: config,v 1.2 2013/01/28 11:03:16 sthen Exp $
+# see defconfig and README for notes
+
+CFLAGS += -I${LOCALBASE}/include/PCSC
+LIBS += -L${LOCALBASE}/lib
+
+CONFIG_BACKEND=file
 CONFIG_CTRL_IFACE=y
 CONFIG_DRIVER_WIRED=y
+CONFIG_DRIVER_OPENBSD=y
 CONFIG_IEEE8021X_EAPOL=y
+CONFIG_PEERKEY=y
+
 CONFIG_EAP_MD5=y
 CONFIG_EAP_MSCHAPV2=y
 CONFIG_EAP_TLS=y
 CONFIG_EAP_PEAP=y
 CONFIG_EAP_TTLS=y
+CONFIG_EAP_FAST=y
 CONFIG_EAP_GTC=y
 CONFIG_EAP_OTP=y
-CONFIG_EAP_AKA=y
 CONFIG_EAP_PSK=y
 CONFIG_EAP_SAKE=y
 CONFIG_EAP_GPSK=y
 CONFIG_EAP_PAX=y
 CONFIG_EAP_LEAP=y
+CONFIG_EAP_IKEV2=y
+
+CONFIG_EAP_AKA=y
 CONFIG_EAP_SIM=y
-#CONFIG_EAP_FAST=n
-CONFIG_L2_PACKET=freebsd
+CONFIG_PCSC=y
+CONFIG_SMARTCARD=y
+
+# privilege separation, see README.
+# WIP: not yet tested.
+# CONFIG_PRIVSEP=y

security/wpa_supplicant/files/driver_openbsd.c

@@ -0,0 +1,136 @@
+/*
+ * Driver interaction with OpenBSD net80211 layer
+ * Copyright (c) 2013, Mark Kettenis
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include <net/if.h>
+#include <net80211/ieee80211.h>
+#include <net80211/ieee80211_crypto.h>
+#include <net80211/ieee80211_ioctl.h>
+
+#include "common.h"
+#include "driver.h"
+
+struct openbsd_driver_data {
+	char ifname[IFNAMSIZ + 1];
+	void *ctx;
+
+	int sock;			/* open socket for 802.11 ioctls */
+};
+
+
+static int
+wpa_driver_openbsd_get_ssid(void *priv, u8 *ssid)
+{
+	struct openbsd_driver_data *drv = priv;
+	struct ieee80211_nwid nwid;
+	struct ifreq ifr;
+
+	os_memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
+	ifr.ifr_data = (void *)&nwid;
+	if (ioctl(drv->sock, SIOCG80211NWID, &ifr) < 0 ||
+	    nwid.i_len > IEEE80211_NWID_LEN)
+		return -1;
+
+	os_memcpy(ssid, nwid.i_nwid, nwid.i_len);
+	return nwid.i_len;
+}
+
+static int
+wpa_driver_openbsd_get_bssid(void *priv, u8 *bssid)
+{
+	struct openbsd_driver_data *drv = priv;
+	struct ieee80211_bssid id;
+
+	os_strlcpy(id.i_name, drv->ifname, sizeof(id.i_name));
+	if (ioctl(drv->sock, SIOCG80211BSSID, &id) < 0)
+		return -1;
+
+	os_memcpy(bssid, id.i_bssid, IEEE80211_ADDR_LEN);
+	return 0;
+}
+
+
+static int
+wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+	os_memset(capa, 0, sizeof(*capa));
+	capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
+	return 0;
+}
+
+
+static int
+wpa_driver_openbsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
+	    const unsigned char *addr, int key_idx, int set_tx, const u8 *seq,
+	    size_t seq_len, const u8 *key, size_t key_len)
+{
+	struct openbsd_driver_data *drv = priv;
+	struct ieee80211_keyavail keyavail;
+
+	if (alg != WPA_ALG_PMK || key_len > IEEE80211_PMK_LEN)
+		return -1;
+
+	memset(&keyavail, 0, sizeof(keyavail));
+	os_strlcpy(keyavail.i_name, drv->ifname, sizeof(keyavail.i_name));
+	if (wpa_driver_openbsd_get_bssid(priv, keyavail.i_macaddr) < 0)
+		return -1;
+	memcpy(keyavail.i_key, key, key_len);
+
+	if (ioctl(drv->sock, SIOCS80211KEYAVAIL, &keyavail) < 0)
+		return -1;
+
+	return 0;
+}
+
+static void *
+wpa_driver_openbsd_init(void *ctx, const char *ifname)
+{
+	struct openbsd_driver_data *drv;
+
+	drv = os_zalloc(sizeof(*drv));
+	if (drv == NULL)
+		return NULL;
+
+	drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (drv->sock < 0)
+		goto fail;
+
+	drv->ctx = ctx;
+	os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
+
+	return drv;
+
+fail:
+	os_free(drv);
+	return NULL;
+}
+
+
+static void
+wpa_driver_openbsd_deinit(void *priv)
+{
+	struct openbsd_driver_data *drv = priv;
+
+	close(drv->sock);
+	os_free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_openbsd_ops = {
+	.name = "openbsd",
+	.desc = "OpenBSD 802.11 support",
+	.get_ssid = wpa_driver_openbsd_get_ssid,
+	.get_bssid = wpa_driver_openbsd_get_bssid,
+	.get_capa = wpa_driver_openbsd_get_capa,
+	.set_key = wpa_driver_openbsd_set_key,
+	.init = wpa_driver_openbsd_init,
+	.deinit = wpa_driver_openbsd_deinit,
+};

security/wpa_supplicant/files/wpa_supplicant.conf

@@ -1,4 +1,4 @@
-# $OpenBSD: wpa_supplicant.conf,v 1.1 2007/07/01 19:50:57 reyk Exp $
+# $OpenBSD: wpa_supplicant.conf,v 1.2 2013/01/28 11:03:16 sthen Exp $
 # Sample wpa_supplicant configuration file for wired IEEE 802.1x
 # port authentication. See wpa_supplicant.conf(5).
 
@@ -6,10 +6,22 @@ ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=wheel
 ap_scan=0
 
-network={
-	key_mgmt=IEEE8021X
-	eap=MD5
-	identity="user"
-	password="password"
-	eapol_flags=0
-}
+# wired network:
+
+#network={
+#	key_mgmt=IEEE8021X
+#	eap=MD5
+#	identity="user"
+#	password="password"
+#	eapol_flags=0
+#}
+
+# wireless network:
+
+#network={
+#        ssid="humppa"
+#        key_mgmt=WPA-EAP
+#        eap=TTLS PEAP
+#        identity="user"
+#        password="password"
+#}

security/wpa_supplicant/patches/patch-os_internal_c

@@ -1,12 +0,0 @@
-$OpenBSD: patch-os_internal_c,v 1.3 2012/01/19 16:14:11 sthen Exp $
---- src/utils/os_internal.c.orig	Tue May 29 03:08:48 2007
-+++ src/utils/os_internal.c	Sat Jan 14 12:52:53 2012
-@@ -178,7 +178,7 @@ int os_setenv(const char *name, const char *value, int
- 
- int os_unsetenv(const char *name)
- {
--#if defined(__FreeBSD__) || defined(__NetBSD__)
-+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
- 	unsetenv(name);
- 	return 0;
- #else

security/wpa_supplicant/patches/patch-src_drivers_drivers_c

@@ -0,0 +1,23 @@
+$OpenBSD: patch-src_drivers_drivers_c,v 1.1 2013/01/28 11:03:16 sthen Exp $
+--- src/drivers/drivers.c.orig	Sun Jan 27 18:04:16 2013
++++ src/drivers/drivers.c	Sun Jan 27 18:05:04 2013
+@@ -24,6 +24,9 @@ extern struct wpa_driver_ops wpa_driver_madwifi_ops; /
+ #ifdef CONFIG_DRIVER_BSD
+ extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */
+ #endif /* CONFIG_DRIVER_BSD */
++#ifdef CONFIG_DRIVER_OPENBSD
++extern struct wpa_driver_ops wpa_driver_openbsd_ops; /* driver_openbsd.c */
++#endif /* CONFIG_DRIVER_OPENBSD */
+ #ifdef CONFIG_DRIVER_NDIS
+ extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */
+ #endif /* CONFIG_DRIVER_NDIS */
+@@ -62,6 +65,9 @@ struct wpa_driver_ops *wpa_drivers[] =
+ #ifdef CONFIG_DRIVER_BSD
+ 	&wpa_driver_bsd_ops,
+ #endif /* CONFIG_DRIVER_BSD */
++#ifdef CONFIG_DRIVER_OPENBSD
++	&wpa_driver_openbsd_ops,
++#endif /* CONFIG_DRIVER_OPENBSD */
+ #ifdef CONFIG_DRIVER_NDIS
+ 	&wpa_driver_ndis_ops,
+ #endif /* CONFIG_DRIVER_NDIS */

security/wpa_supplicant/patches/patch-src_drivers_drivers_mak

@@ -0,0 +1,18 @@
+$OpenBSD: patch-src_drivers_drivers_mak,v 1.1 2013/01/28 11:03:16 sthen Exp $
+--- src/drivers/drivers.mak.orig	Sun Jan 27 18:05:10 2013
++++ src/drivers/drivers.mak	Sun Jan 27 18:05:42 2013
+@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y
+ CONFIG_DNET_PCAP=y
+ endif
+ 
++ifdef CONFIG_DRIVER_OPENBSD
++ifndef CONFIG_L2_PACKET
++CONFIG_L2_PACKET=freebsd
++endif
++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD
++DRV_OBJS += ../src/drivers/driver_openbsd.o
++endif
++
+ ifdef CONFIG_DRIVER_TEST
+ DRV_CFLAGS += -DCONFIG_DRIVER_TEST
+ DRV_OBJS += ../src/drivers/driver_test.o

security/wpa_supplicant/patches/patch-src_drivers_drivers_mk

@@ -0,0 +1,18 @@
+$OpenBSD: patch-src_drivers_drivers_mk,v 1.1 2013/01/28 11:03:16 sthen Exp $
+--- src/drivers/drivers.mk.orig	Sun Jan 27 18:05:45 2013
++++ src/drivers/drivers.mk	Sun Jan 27 18:06:11 2013
+@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y
+ CONFIG_DNET_PCAP=y
+ endif
+ 
++ifdef CONFIG_DRIVER_OPENBSD
++ifndef CONFIG_L2_PACKET
++CONFIG_L2_PACKET=freebsd
++endif
++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD
++DRV_OBJS += src/drivers/driver_openbsd.c
++endif
++
+ ifdef CONFIG_DRIVER_TEST
+ DRV_CFLAGS += -DCONFIG_DRIVER_TEST
+ DRV_OBJS += src/drivers/driver_test.c

security/wpa_supplicant/patches/patch-src_l2_packet_l2_packet_freebsd_c

@@ -1,11 +0,0 @@
-$OpenBSD: patch-src_l2_packet_l2_packet_freebsd_c,v 1.1 2012/06/25 14:06:26 naddy Exp $
---- src/l2_packet/l2_packet_freebsd.c.orig	Mon Jun 25 07:51:11 2012
-+++ src/l2_packet/l2_packet_freebsd.c	Mon Jun 25 07:51:32 2012
-@@ -20,6 +20,7 @@
- #include <pcap.h>
- 
- #include <sys/ioctl.h>
-+#include <sys/param.h>
- #include <sys/sysctl.h>
- 
- #include <net/if.h>

security/wpa_supplicant/patches/patch-wpa_supplicant_Makefile

@@ -0,0 +1,12 @@
+$OpenBSD: patch-wpa_supplicant_Makefile,v 1.1 2013/01/28 11:03:16 sthen Exp $
+--- wpa_supplicant/Makefile.orig	Fri Jan 25 23:16:50 2013
++++ wpa_supplicant/Makefile	Fri Jan 25 23:16:53 2013
+@@ -50,7 +50,7 @@ mkconfig:
+ 	echo CONFIG_DRIVER_WEXT=y >> .config
+ 
+ $(DESTDIR)$(BINDIR)/%: %
+-	install -D $(<) $(@)
++	install $(<) $(@)
+ 
+ install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
+ 	$(MAKE) -C ../src install

security/wpa_supplicant/patches/patch-wpa_supplicant_wpa_priv_c

@@ -0,0 +1,34 @@
+$OpenBSD: patch-wpa_supplicant_wpa_priv_c,v 1.1 2013/01/28 11:03:16 sthen Exp $
+--- wpa_supplicant/wpa_priv.c.orig	Sat Jan 26 10:49:28 2013
++++ wpa_supplicant/wpa_priv.c	Sat Jan 26 10:50:56 2013
+@@ -92,6 +92,7 @@ static void wpa_priv_cmd_unregister(struct wpa_priv_in
+ }
+ 
+ 
++#if 0
+ static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface,
+ 			      char *buf, size_t len)
+ {
+@@ -170,6 +171,7 @@ static void wpa_priv_cmd_get_scan_results(struct wpa_p
+ 		sendto(iface->fd, "", 0, 0, (struct sockaddr *) from,
+ 		       sizeof(*from));
+ }
++#endif
+ 
+ 
+ static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface,
+@@ -487,12 +489,14 @@ static void wpa_priv_receive(int sock, void *eloop_ctx
+ 	case PRIVSEP_CMD_UNREGISTER:
+ 		wpa_priv_cmd_unregister(iface, &from);
+ 		break;
++#if 0
+ 	case PRIVSEP_CMD_SCAN:
+ 		wpa_priv_cmd_scan(iface, cmd_buf, cmd_len);
+ 		break;
+ 	case PRIVSEP_CMD_GET_SCAN_RESULTS:
+ 		wpa_priv_cmd_get_scan_results(iface, &from);
+ 		break;
++#endif
+ 	case PRIVSEP_CMD_ASSOCIATE:
+ 		wpa_priv_cmd_associate(iface, cmd_buf, cmd_len);
+ 		break;

security/wpa_supplicant/pkg/PLIST

@@ -1,10 +1,11 @@
-@comment $OpenBSD: PLIST,v 1.2 2012/01/19 16:14:11 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.3 2013/01/28 11:03:16 sthen Exp $
+@comment @man man/man8/wpa_priv.8
+@comment @bin sbin/wpa_priv
 @man man/man5/wpa_supplicant.conf.5
 @man man/man8/wpa_background.8
 @man man/man8/wpa_cli.8
 @comment @man man/man8/wpa_gui.8
 @man man/man8/wpa_passphrase.8
-@comment @man man/man8/wpa_priv.8
 @man man/man8/wpa_supplicant.8
 @bin sbin/wpa_cli
 @bin sbin/wpa_passphrase