path: root/src/eap_server
Commit message (Collapse)AuthorAgeFilesLines
* EAP-TLS server: Fix TLS Message Length validationHEADmasterJouni Malinen2012-10-071-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS Message Length value properly and could end up trying to store more information into the message buffer than the allocated size if the first fragment is longer than the indicated size. This could result in hostapd process terminating in wpabuf length validation. Fix this by rejecting messages that have invalid TLS Message Length value. This would affect cases that use the internal EAP authentication server in hostapd either directly with IEEE 802.1X or when using hostapd as a RADIUS authentication server and when receiving an incorrectly constructed EAP-TLS message. Cases where hostapd uses an external authentication are not affected. Thanks to Timo Warns for finding and reporting this issue. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1 (cherry picked from commit 586c446e0ff42ae00315b014924ec669023bd8de) (cherry picked from commit f3043318970a98c98e968ed17b3e2f49dc42c646) Conflicts: src/eap_server/eap_tls_common.c
* EAP-FAST server: Piggyback Phase 2 start with end of Phase 1Jouni Malinen2010-01-091-16/+61
| | | | | | | | If Finished message from peer has been received before the server Finished message, start Phase 2 with the same message to avoid extra roundtrip when the peer does not have anything to send after the server Finished message. (cherry picked from commit c479e41f53b10ff91f4c1e183c441da76d47f05e)
* Fix lastReqData freeing to use wpabuf_free()Jouni Malinen2010-01-091-1/+1
| | | | (cherry picked from commit f52ab9e6b0f7cb77d35c59f7f561bcf383795002)
* Increase EAP server extra room for encryption overhead (for GnuTLS)Jouni Malinen2010-01-091-1/+1
| | | | | | | | This fixes issues with some GnuTLS versions that seem to be adding quite a bit of extra data into TLS messages. The EAP server code is now using the same 300 byte extra room that was already used in the EAP peer implementation. (cherry picked from commit f721aed4b1baef8ad9336c80f8835f3f3d504d68)
* Add root .gitignore file to cleanup ignore listsJouni Malinen2009-11-221-1/+0
| | | | | | | This removes need for local configuration to ignore *.o and *~ and allows the src/*/.gitignore files to be removed (subdirectories will inherit the rules from the root .gitignore). (cherry picked from commit 064bb8232c9003b11be7bce3aa0a4a68aee2fd6f)
* Fix TNC with EAP-TTLSJouni Malinen2009-03-221-6/+5
| | | | | | | | | | | | | This was broken by 510c02d4a362cd572303fa845b139eacb2dab387 which added validation of eap_ttls_phase2_eap_init() return value. The main problem in the code trying to initialize a new phase 2 EAP method unconditionally; this should only happen if there is a new method in the inner method sequence. (cherry picked from commit 51853c899bcff996dbcfc352010a2157a4dd188b) Conflicts: hostapd/ChangeLog
* Fix segmentation fault on EAP-TTLS phase 2 EAP method init failureJouni Malinen2009-03-221-1/+1
| | | | | | | | This is based on a patch and report by Masashi Honma <honma@ictec.co.jp>. The issue is more generic than just TNC, though, since failure to initialize any phase 2 EAP method can result in NULL dereference. (cherry picked from commit 99bff8430fd59dc77db56642a40ef8e6c430db28)
* TNC: Send EAP-Failure on TNC failureMasashi Honma2009-03-221-1/+1
| | | | | | | | | On PEAP(TNC), hostapd integrated RADIUS server doesn't return EAP-Failure when "Recommendation = none". So, EAP data retransmittion occurs. My co-worker "Ryuji Ohba" made below patch. (cherry picked from commit 0d308bc07433330dfa50b1adcbdac6444c9ac86b)
* Fix EAPOL/EAP reauthentication with external RADIUS serverJouni Malinen2009-03-112-2/+13
| | | | | | | | | | | | | The EAP server state machine will need to have special code in getDecision() to avoid starting passthrough operations before having completed Identity round in the beginning of reauthentication. This was broken when moving into using the full authenticator state machine from RFC 4137 in 0.6.x. (cherry picked from commit 1fd4b0db7c1dc82e09234f33d798bd07a69ab0c7) Conflicts: hostapd/ChangeLog
* Update EAP-GPSK references from internet draft to RFC 5433Jouni Malinen2009-02-271-1/+1
| | | | (cherry picked from commit 358b98668e0b8bef036be08ca941dc51c1fdcedf)
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-151-0/+3
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
* Add debug prints for couple of new EAP-AKA' attributesJouni Malinen2009-02-151-0/+4
| | | | (cherry picked from commit 3fe430b5d5822bb2b6180bb06967777ae79223f3)
* WPS UPnP: Added support for multiple external RegistrarsJouni Malinen2009-02-081-1/+0
| | | | | | | Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3. (cherry picked from commit 915c1ba3c575c32b9d31453b1a55b1a966f622bd)
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-02-081-0/+32
| | | | | | | | | | | | | | This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail. (cherry picked from commit f620268f13dd26c3a3f4ef5509d7d17c0f322a7d)
* Removed registrar pointer from wps_config and wps_dataJouni Malinen2009-01-031-1/+1
| | | | | wps_context::registrar can be used as the only location for this pointer.
* Removed duplicated authenticator yes/no from wps_config and wps_dataJouni Malinen2009-01-031-1/+0
| | | | | wps_context::ap is available for this purpose and there is no need to change between AP and not AP between protocol runs.
* Removed unused WPS_PENDING processing resultJouni Malinen2009-01-031-4/+0
* Added Doxygen documentation for WPS codeJouni Malinen2009-01-031-1/+1
* Fixed number of doxygen warningsJouni Malinen2009-01-022-3/+6
* WPS: Set recommended retransmission times with EAP method specific hintJouni Malinen2008-12-291-0/+10
* Fixed retransmission of EAP requests if no response is receivedJouni Malinen2008-12-291-4/+45
| | | | | | | | | | | | | | | | | It looks like this never survived the move from IEEE 802.1X-2001 to IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission scheduling and control is now in EAP authenticator and the calculateTimeout() producedure is used to determine timeout for retransmission (either dynamic backoff or value from EAP method hint). The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not yet implemented since there is no round-trip time measurement available yet. This should make EAP authentication much more robust in environments where initial packets are lost for any reason. If the EAP method does not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20, ... seconds will be used.
* Add RADIUS server support for identity selection hint (RFC 4284)Jouni Malinen2008-12-262-0/+21
| | | | | | | | | | | Previously, only the delivery option 1 from RFC 4284 (EAP-Request/Identity from the AP) was supported. Now option 3 (subsequent EAP-Request/Identity from RADIUS server) can also be used when hostapd is used as a RADIUS server. The eap_user file will need to have a Phase 1 user entry pointing to Identity method in order for this to happen (e.g., "* Identity" in the end of the file). The identity hint is configured in the same was as for AP/Authenticator case (eap_message in hostapd.conf).
* Fixed EAP-AKA build in case EAP-AKA' is disabledJouni Malinen2008-12-161-0/+4
* Cleaned up EAP-MSCHAPv2 key derivationJouni Malinen2008-12-143-18/+15
| | | | | | | | | | | | | Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-072-1301/+273
* Added protection against EAP-AKA' -> EAP-AKA bidding down attacksJouni Malinen2008-12-051-0/+29
| | | | | AT_BIDDING attribute is included in EAP-AKA/Challenge to allow peer to know whether the server would have preferred EAP-AKA'.
* EAP-AKA': Added CK',IK' derivationJouni Malinen2008-12-041-3/+17
| | | | | | This is based on a change request 3GPP TS 33.402 CR 0033 for version 8.1.1. The hardcoded ANID is now 'WLAN' since that is used in 3GPP TS 24.302.
* EAP-AKA': Comment out EAP-AKA' server KDF negotiationJouni Malinen2008-12-041-0/+4
| | | | | | | | Since only one KDF is currently supported, the negotiation is not allowed and peer must be rejected if it tries to send KDF selection in a Challenge message. The negotiation code is left in the file and just commented out since it was tested to work and can be used in the future if another KDF is added.
* EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributesJouni Malinen2008-12-041-1/+45
| | | | | | Network Name is not yet generated and validated based on 3GPP.33.402 (i.e., a hardcoded string is used in server and anything is accepted in peer).
* EAP-AKA': Allow both AKA AKA' to be registed from eap_aka_prime.cJouni Malinen2008-12-031-4/+52
| | | | | | | This allows the same source code file to be shared for both methods. For now, this is only in eap_aka_prime.c, but eventually, changes in eap_aka_prime.c are likely to be merged into eap_aka.c at which point the separate eap_aka_prime.c can be removed.
* EAP-AKA': Derive keys using the new KDF (PRF')Jouni Malinen2008-12-033-39/+161
* EAP-AKA': Use HMAC-SHA-256-128 for AT_MACJouni Malinen2008-12-021-3/+15
* EAP-AKA': Use SHA256 for AT_CHECKCODEJouni Malinen2008-12-021-7/+19
* Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'Jouni Malinen2008-12-021-7/+16
| | | | | This makes it easier to eventually replace EAP-AKA implementation with a shared implementation that supports both EAP-AKA and EAP-AKA'.
* Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)Jouni Malinen2008-12-022-0/+1043
| | | | | | | | | | | | | This is just making an as-is copy of EAP-AKA server and peer implementation into a new file and by using the different EAP method type that is allocated for EAP-AKA' (50). None of the other differences between EAP-AKA and EAP-AKA' are not yet included. It is likely that once EAP-AKA' implementation is done and is found to work correctly, large part of the EAP-AKA and EAP-AKA' code will be shared. However, it is not reasonable to destabilize EAP-AKA implementation at this point before it is clearer what the final differences will be.
* WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keysJouni Malinen2008-11-294-1/+7
| | | | | | | WPS IE is now passed from hostapd association processing into EAP-WSC and WPS processing. Request Type attribute is parsed from this information and if the request is for a WLAN Manager Registrar, additional management keys are derived (to be used with UPnP).
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-235-0/+471
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Fixed EAP-TLS message fragmentation for the last TLS messageJouni Malinen2008-11-201-8/+18
| | | | | | It the message was large enough to require fragmentation (e.g., if a large Session Ticket data is included), More Fragment flag was set, but no more fragments were actually sent (i.e., Access-Accept was sent out).
* Fixed EAPA-AKA warning message about AT_RES length to use bitsJouni Malinen2008-11-201-1/+1
* EAP-AKA: Validate RES Length field in AT_RESJouni Malinen2008-11-071-2/+11
| | | | | | This change breaks interoperability with older wpa_supplicant versions (everything up to and including wpa_supplicant 0.5.10 and 0.6.5) which incorrectly used this field as number of bytes, not bits, in RES.
* EAP-FAST server: allow expired PAC for PAC refreshJouni Malinen2008-11-061-6/+15
| | | | | | | | | Instead of falling back to full TLS handshake on expired PAC, allow the PAC to be used to allow a PAC update with some level of server authentication (i.e., do not fall back to full TLS handshake since we cannot be sure that the peer would be able to validate server certificate now). However, reject the authentication since the PAC was not valid anymore. Peer can connect again with the newly provisioned PAC after this.
* Fixed size_t printf format for 64-bit targetsJouni Malinen2008-10-292-10/+17
* EAP-FAST: Allow A-ID and A-ID-Info to be configured separatelyJouni Malinen2008-10-194-14/+43
| | | | | | | Changed EAP-FAST configuration to use separate fields for A-ID and A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed 16-octet len binary value for better interoperability with some peer implementations; eap_fast_a_id is now configured as a hex string.
* EAP-FAST: Make PAC-Key lifetime values configurableJouni Malinen2008-10-084-14/+22
| | | | | The hardcoded values in eap_fast.c were replaced with values read from hostapd.conf.
* EAP-FAST: Added support for disabling anonymous/authenticated provisioningJouni Malinen2008-10-084-0/+27
| | | | | | | | | eap_fast_prov config parameter can now be used to enable/disable different EAP-FAST provisioning modes: 0 = provisioning disabled 1 = only anonymous provisioning allowed 2 = only authenticated provisioning allowed 3 = both provisioning modes allowed
* Change the order of Result TLV and PAC TLV to avoid interop issuesJouni Malinen2008-10-081-8/+8
| | | | | | | | | draft-cam-winget-eap-fast-provisioning-06.txt or RFC 4851 do not seem to mandate any particular order for TLVs, but some interop issues were noticed with an EAP-FAST peer implementation when Result TLV followed PAC TLV. The example in draft-cam-winget-eap-fast-provisioning-06.txt shows the TLVs in the other order, so change the order here, too, to make it less likely to hit this type of interop issues.
* Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return codeJouni Malinen2008-10-011-2/+12
| | | | | | | It is possible that the initialization of the Phase 2 EAP method fails and if that happens, we need to stop EAP-TTLS server from trying to continue using the uninitialized EAP method. Otherwise, the server could trigger a segmentation fault when dereferencing a NULL pointer.
* Fixed EAP-FAST server PAC-Opaque paddingJouni Malinen2008-08-241-1/+1
| | | | | 0.6.4 broke this for some peer identity lengths. The padding was supposed to make sure that the length of PAC-Opaque is divisible by 8.
* Updated EAP-TTLSv0 references to use RFC 5281Jouni Malinen2008-08-161-2/+2
* Fixed EAP-TNC not to include extra EAP header and TNC flagsJouni Malinen2008-07-161-14/+10
| | | | | | | | The change to support fragmentation added extra function to generate the EAP header, but forgot to remove the original code and ended up getting two EAP headers and TNC flags field in the generated message. These header fields need to be added only in the function that builds the final message (and if necessary, fragments the data).