path: root/src/eap_peer
Commit message (Collapse)AuthorAgeFilesLines
* Do not try session resumption after EAP failureJouni Malinen2009-02-152-1/+7
| | | | | | | | | If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. (cherry picked from commit f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab)
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-151-0/+6
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
* Check EAP-AKA' AT_KDF duplication only if KDF was negotiatedJouni Malinen2009-02-151-1/+4
| | | | | | | This fixes an issue where two AKA'/Challenge messages are received when resynchronizing SEQ#. Previously, this used to trigger an authentication failure since the second Challenge message did not duplicate AT_KDF. (cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
* EAP-AKA': Verify that AMF separation bit is setJouni Malinen2009-02-151-1/+7
| | | | (cherry picked from commit 35f30422ecfe1163b6a70c89e1b7b6637b77133f)
* Use larger buffer for TLS encryption to avoid issues with GnuTLSJouni Malinen2009-02-151-1/+1
| | | | | | | | | | | | | It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer. (cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
* Fix building dynamic EAP peer modulesPavel Roskin2009-02-081-1/+1
| | | | | | Strip directory name from the target in the pattern rule for dynamic modules. Remove dynamic modules on "make clean". (cherry picked from commit 4c2660c2b0a04ebd2eee968f356188ec31f9b635)
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-02-081-0/+1
| | | | | | | | | | | | | | This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail. (cherry picked from commit f620268f13dd26c3a3f4ef5509d7d17c0f322a7d)
* Silenced number of Doxygen warningsJouni Malinen2009-01-041-13/+13
* Mark functions static if not used elsewhere and use proper prototypesJouni Malinen2009-01-031-19/+20
* Moved WPS Registrar initialization from EAP peer to wps_supplicant.cJouni Malinen2009-01-031-57/+0
| | | | | This matches the style used in hostapd, i.e., Registrar is initialized only once and callbacks are now processed in wps_supplicant.c.
* Removed registrar pointer from wps_config and wps_dataJouni Malinen2009-01-031-1/+1
| | | | | wps_context::registrar can be used as the only location for this pointer.
* Removed duplicated authenticator yes/no from wps_config and wps_dataJouni Malinen2009-01-031-1/+0
| | | | | wps_context::ap is available for this purpose and there is no need to change between AP and not AP between protocol runs.
* Removed unused WPS_PENDING processing resultJouni Malinen2009-01-031-6/+0
* Added Doxygen documentation for WPS codeJouni Malinen2009-01-031-1/+1
* WPS: Cleanup UUID and MAC address configurationJouni Malinen2009-01-011-2/+0
| | | | | No need to configure these separately for each Enrollee in wps_config since wps_context is now used both for Registrar and Enrollee.
* Fix TLS message processing if Flags field is not presentJouni Malinen2008-12-301-2/+15
| | | | | | | | | | | | | | | | | | | | | | Previous version assumed that the Flags field is always present and ended up reading one octet past the end of the buffer should the Flags field be missing. The message length would also be set incorrectly (size_t)-1 or (size_t)-5, but it looks like reassembly code ended up failing in malloc before actually using this huge length to read data. RFC 2716 uses a somewhat unclear description on what exactly is included in the TLS Ack message ("no data" can refer to either Data field in 4.1 or TLS Data field in 4.2), so in theory, it would be possible for some implementations to not include Flags field. However, EAP-{PEAP,TTLS,FAST} need the Flags field in Ack messages, too, for indicating the used version. The EAP peer code will now accept the no-Flags case as an Ack message if EAP workarounds are enabled (which is the default behavior). If workarounds are disabled, the message without Flags field will be rejected. [Bug 292]
* Use wildcard UUID when setting AP PIN for Registrar in wpa_supplicantJouni Malinen2008-12-211-11/+3
* WPS: Fixed deinit code for freeing config and registrar dataJouni Malinen2008-12-171-0/+1
| | | | | | | | We need to be a bit more careful when removing the WPS configuration block since wpa_s->current_ssid may still be pointing at it. In addition, registrar pointer in wps_context will need to be cleared since the context data is now maintained over multiple EAP-WSC runs. Without this, certain WPS operations could have used freed memory.
* Fixed interoperability issue with PEAPv0 cryptobinding and NPSJouni Malinen2008-12-142-1/+12
| | | | | | | | | | | | | | Windows Server 2008 NPS gets very confused if the TLS Message Length is not included in the Phase 1 messages even if fragmentation is not used. If the TLS Message Length field is not included in ClientHello message, NPS seems to decide to use the ClientHello data (excluding first six octets, i.e., EAP header, type, Flags) as the OuterTLVs data in Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP).. Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0 is now using optional Cryptobinding by default (again) since there are no known interop issues with it anymore.
* Cleaned up EAP-MSCHAPv2 key derivationJouni Malinen2008-12-145-43/+18
| | | | | | | | | | | | | Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
* Rename MSG to MESG to avoid conflicts with Windows header filesJouni Malinen2008-12-101-9/+9
* Don't include unused calls to SHA256 functions if EAP-AKA' is not enabledJouni Malinen2008-12-101-0/+4
* Added option to force SoH version 1 (tnc=soh1)Jouni Malinen2008-12-073-8/+14
| | | | | The default version with tnc=soh remains to be 2 which is the currently recommended version in SoH specification.
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-072-1412/+263
* Added protection against EAP-AKA' -> EAP-AKA bidding down attacksJouni Malinen2008-12-053-1/+14
| | | | | AT_BIDDING attribute is included in EAP-AKA/Challenge to allow peer to know whether the server would have preferred EAP-AKA'.
* EAP-AKA': Added CK',IK' derivationJouni Malinen2008-12-041-0/+10
| | | | | | This is based on a change request 3GPP TS 33.402 CR 0033 for version 8.1.1. The hardcoded ANID is now 'WLAN' since that is used in 3GPP TS 24.302.
* EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributesJouni Malinen2008-12-041-1/+123
| | | | | | Network Name is not yet generated and validated based on 3GPP.33.402 (i.e., a hardcoded string is used in server and anything is accepted in peer).
* EAP-AKA': Allow both AKA AKA' to be registed from eap_aka_prime.cJouni Malinen2008-12-031-4/+38
| | | | | | | This allows the same source code file to be shared for both methods. For now, this is only in eap_aka_prime.c, but eventually, changes in eap_aka_prime.c are likely to be merged into eap_aka.c at which point the separate eap_aka_prime.c can be removed.
* EAP-AKA': Derive keys using the new KDF (PRF')Jouni Malinen2008-12-031-12/+23
* EAP-AKA': Use HMAC-SHA-256-128 for AT_MACJouni Malinen2008-12-021-7/+16
* EAP-AKA': Use SHA256 for AT_CHECKCODEJouni Malinen2008-12-021-9/+21
* Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'Jouni Malinen2008-12-021-9/+16
| | | | | This makes it easier to eventually replace EAP-AKA implementation with a shared implementation that supports both EAP-AKA and EAP-AKA'.
* Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)Jouni Malinen2008-12-022-0/+1163
| | | | | | | | | | | | | This is just making an as-is copy of EAP-AKA server and peer implementation into a new file and by using the different EAP method type that is allocated for EAP-AKA' (50). None of the other differences between EAP-AKA and EAP-AKA' are not yet included. It is likely that once EAP-AKA' implementation is done and is found to work correctly, large part of the EAP-AKA and EAP-AKA' code will be shared. However, it is not reasonable to destabilize EAP-AKA implementation at this point before it is clearer what the final differences will be.
* WPS: Get AP PIN from configuration instead of using hardcoded valueJouni Malinen2008-11-291-2/+4
* WPS: Moved mac_addr and uuid configuration into wps_contextJouni Malinen2008-11-284-23/+2
| | | | | There is no need to complicate EAPOL and EAP interfaces with WPS specific parameters now that wps_context is passed through.
* WPS: Moved wps_context initialization into wps_supplicant.cJouni Malinen2008-11-284-39/+19
| | | | | | | The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
* WPS: Merged two cred_cb variables into the same oneJouni Malinen2008-11-282-7/+3
| | | | | | | Previously, wpa_supplicant as Enrollee case was handled using a different callback function pointer. However, now that the wps_context structure is allocated for all cases, the same variable can be used in all cases.
* WPS: Moved device attributes into wps_context::dev for Enrollee caseJouni Malinen2008-11-281-9/+20
| | | | | | | | | | Previously, hardcoded values were used in wps_enrollee.c. These are now moved into shared data in struct wps_context. In case of AP/Authenticator, these are initialized in wps_hostapd.c. In case of client/supplicant, these are now initialized in EAP-WSC peer method, but will probably end up being moved into higher layer for better configuration. EAP-WSC peer method for
* WPS: Process old AP Settings in M7 when registering as external RegistrarJouni Malinen2008-11-271-5/+2
| | | | | | | | The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
* Fixed a typo in a debug messageJouni Malinen2008-11-271-2/+2
* WPS: Moved UUID configuration from phase1 into global config areaJouni Malinen2008-11-264-16/+11
* PEAPv0: Added support for IPMK/CMK derivation in session resumption caseJouni Malinen2008-11-261-1/+14
* Reject GPSK-3 if ID_Server in it does not match with the value in GPSK-1Jouni Malinen2008-11-231-0/+1
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-235-1/+605
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Add more verbose debug output for GSM-Milenage use (RAND,SRES,Kc)Jouni Malinen2008-11-221-10/+15
* Changed PEAPv0 cryptobinding to be disabled by defaultJouni Malinen2008-11-202-3/+3
| | | | | There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now.
* EAP-PEAP: Copy Binding nonce from cryptobinding request to replyJouni Malinen2008-11-191-6/+12
| | | | | | | | | It looks like [MS-PEAP] points towards this being the expected behavior (however, that chapter is very confusing). In addition, remove Cryptobinding TLV from response if the received Cryptobinding TLV is not valid. Add some more debug messages to the case where the received Cryptobinding TLV is found invalid.
* Separate OpenSSL engine configuration for Phase 2Carolin Latze2008-11-183-6/+52
| | | | | | | | | | | | | | I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you only defined one engine variable, which was read already in phase1. I defined some new variables: engine2 engine2_id pin2 and added support to read those in phase2 wheres all the engine variables without number are only read in phase1. That solved it and I am now able to use an engine also in EAP-TTLS phase2.
* EAP-FAST: Reorder TLVs in PAC Acknowledgment to fix interop issuesJouni Malinen2008-11-161-2/+2
| | | | | | | | | | It looks like ACS did not like PAC Acknowledgment TLV before Result TLV, so reorder the TLVs to match the order shown in a draft-cam-winget-eap-fast-provisioning-09.txt example. This allows authenticated provisioning to be terminated with Access-Accept (if ACS has that option enabled). Previously, provisioning was otherwise successful, but the server rejected connection due to not understanding the PAC Ack ("Invalid TEAP Data recieved").
* EAP-SIM/AKA: fixed initialization to verify PIN even if identity is setJouni Malinen2008-11-071-2/+17
| | | | | | | Previously, hardcoded identity in the network configuration skipped both IMSI reading and PIN verification. This broke cases where PIN is needed for GSM/UMTS authentication. Now, only IMSI reading is skipped if identity is hardcoded.