aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_fast.c
Commit message (Collapse)AuthorAgeFilesLines
* EAP peer: External server certificate chain validationJouni Malinen2015-12-121-1/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for optional functionality to validate server certificate chain in TLS-based EAP methods in an external program. wpa_supplicant control interface is used to indicate when such validation is needed and what the result of the external validation is. This external validation can extend or replace the internal validation. When ca_cert or ca_path parameter is set, the internal validation is used. If these parameters are omitted, only the external validation is used. It needs to be understood that leaving those parameters out will disable most of the validation steps done with the TLS library and that configuration is not really recommend. By default, the external validation is not used. It can be enabled by addingtls_ext_cert_check=1 into the network profile phase1 parameter. When enabled, external validation is required through the CTRL-REQ/RSP mechanism similarly to other EAP authentication parameters through the control interface. The request to perform external validation is indicated by the following event: CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid> Before that event, the server certificate chain is provided with the CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump> parameter. depth=# indicates which certificate is in question (0 for the server certificate, 1 for its issues, and so on). The result of the external validation is provided with the following command: CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad> It should be noted that this is currently enabled only for OpenSSL (and BoringSSL/LibreSSL). Due to the constraints in the library API, the validation result from external processing cannot be reported cleanly with TLS alert. In other words, if the external validation reject the server certificate chain, the pending TLS handshake is terminated without sending more messages to the server. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Check T-PRF result in MSK/EMSK derivationJouni Malinen2015-12-121-2/+3
| | | | | | Pass the error return from sha1_t_prf() to callers. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST peer: Fix error path handling for Session-IdJouni Malinen2015-12-121-1/+1
| | | | | | | It was possible to hit a NULL pointer dereference if Session-Id derivation failed due to a memory allocation failure. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST peer: Avoid undefined behavior in pointer arithmeticJouni Malinen2015-10-241-1/+1
| | | | | | | | | Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TTLS/PEAP/FAST peer: Stop immediately on local TLS processing failureJouni Malinen2015-07-281-0/+7
| | | | | | | | EAP-TLS was already doing this, but the other TLS-based EAP methods did not mark methodState DONE and decision FAIL on local TLS processing errors (instead, they left the connection waiting for a longer timeout). Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST peer: Stop immediately on key derivation failureJouni Malinen2015-06-181-10/+22
| | | | | | | | If key derivation fails, there is no point in trying to continue authentication. In theory, this could happen if memory allocation during TLS PRF fails. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabufJouni Malinen2015-05-031-6/+5
| | | | | | | | The EAP-TLS-based helper functions can easily use struct wpabuf in more places, so continue cleanup in that direction by replacing separate pointer and length arguments with a single struct wpabuf argument. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Do not use type cast to remove const specificationJouni Malinen2015-05-031-3/+3
| | | | | | | All the uses here are read only, so there is no need to type case the const specification away. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Pass EAP identifier instead of full requestJouni Malinen2015-05-031-12/+10
| | | | | | | This simplifies analysis of areas that get access to unverified message payload. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check os_snprintf() result more consistently - automatic 1Jouni Malinen2014-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP peer: Clear keying material on deinitJouni Malinen2014-07-021-0/+4
| | | | | | | | | Reduce the amount of time keying material (MSK, EMSK, temporary private data) remains in memory in EAP methods. This provides additional protection should there be any issues that could expose process memory to external observers. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Use os_memcmp_const() for hash/password comparisonsJouni Malinen2014-07-021-1/+1
| | | | | | | | | This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Clean up TLV length validation (CID 62853)Jouni Malinen2014-06-181-4/+6
| | | | | | | | Use size_t instead of int for storing and comparing the TLV length against the remaining buffer length to make this easier for static analyzers to understand. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-FAST: Use clear eap_get_config() result validationJouni Malinen2014-03-021-2/+4
| | | | | | | | | This was previously checked through the eap_peer_tls_ssl_init() call which made it difficult for static analyzers. Add an explicit check for config == NULL into the beginnign of eap_fast_init() since this will always result in initialization failing anyway. Signed-off-by: Jouni Malinen <j@w1.fi>
* Skip network disabling on expected EAP failureJouni Malinen2014-01-081-0/+2
| | | | | | | | | | Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP-FAST peer: Make debug clearer on missing pac_file configurationJouni Malinen2014-01-081-0/+8
| | | | | | | | EAP-FAST requires pac_file to be configured, so make it clearer from the debug output if missing configuration parameter was the reason for EAP-FAST initialization failing. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP peer: Add Session-Id derivationStevent Li2013-02-081-0/+40
| | | | | | | | This adds a new getSessionId() callback for EAP peer methods to allow EAP Session-Id to be derived. This commits implements this for EAP-FAST, EAP-GPSK, EAP-IKEv2, EAP-PEAP, EAP-TLS, and EAP-TTLS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Disable TLS Session Ticket extension by default for EAP-TLS/PEAP/TTLSJouni Malinen2012-08-171-1/+1
| | | | | | | | | | | Some deployed authentication servers seem to be unable to handle the TLS Session Ticket extension (they are supposed to ignore unrecognized TLS extensions, but end up rejecting the ClientHello instead). As a workaround, disable use of TLS Sesson Ticket extension for EAP-TLS, EAP-PEAP, and EAP-TTLS (EAP-FAST uses session ticket, so any server that supports EAP-FAST does not need this workaround). Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Make phase2_method initialization easier for static analyzersJouni Malinen2011-11-131-2/+3
| | | | | | | | | | data->phase2_method cannot really be NULL if eap_fast_init_phase2_method() returns success, but this construction seems to be too difficult for some static analyzers. While this change is not really needed in practice, it makes it easier to go through warnings from such analyzers. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unused function argumentJouni Malinen2011-10-161-2/+2
|
* EAP-FAST: Allow unprotected EAP-Failure in provisioning caseJouni Malinen2011-10-121-2/+6
| | | | | | | | | | While EAP-FAST uses protected success notification, RFC 5422, Section 3.5 points out a possibility of EAP-Failure being sent out even after protected success notification in case of provisioning. Change the EAP-FAST peer implementation to accept that exception to the protected success notification. This allows the station to re-connect more quickly to complete EAP-FAST connection in the case the server rejects the initial attempt by only allowing it to use to provision a new PAC.
* Rename EAP TLS variables to make server and peer code consistentJouni Malinen2009-12-231-3/+3
|
* Remove src/crypto from default include pathJouni Malinen2009-11-291-3/+3
| | | | | | In addition, start ordering header file includes to be in more consistent order: system header files, src/utils, src/*, same directory as the *.c file.
* Update draft-cam-winget-eap-fast-provisioning references to RFC 5422Jouni Malinen2009-03-141-5/+2
|
* Cleaned up EAP-MSCHAPv2 key derivationJouni Malinen2008-12-141-3/+12
| | | | | | | | | | | | | Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
* EAP-FAST: Reorder TLVs in PAC Acknowledgment to fix interop issuesJouni Malinen2008-11-161-2/+2
| | | | | | | | | | It looks like ACS did not like PAC Acknowledgment TLV before Result TLV, so reorder the TLVs to match the order shown in a draft-cam-winget-eap-fast-provisioning-09.txt example. This allows authenticated provisioning to be terminated with Access-Accept (if ACS has that option enabled). Previously, provisioning was otherwise successful, but the server rejected connection due to not understanding the PAC Ack ("Invalid TEAP Data recieved").
* EAP-FAST: Include Tunnel PAC request only after EAP authenticationJouni Malinen2008-11-061-1/+3
|
* EAP-FAST peer: Fixed not to add PAC Request in PAC Acknowledgement messageJouni Malinen2008-10-191-1/+1
|
* Fixed EAP-FAST peer not to add double Result TLV when ACKing PACJouni Malinen2008-10-021-6/+3
|
* EAP-PEAP: Moved EAP-TLV processing into eap_peap.cJouni Malinen2008-03-181-1/+1
| | | | | | | | | EAP-PEAP was the only method that used the external eap_tlv.c peer implementation. This worked fine just for the simple protected result notification, but extending the TLV support for cryptobinding etc. is not trivial with such separation. With the TLV processing integrated into eap_peap.c, all the needed information is now available for using additional TLVs.
* TNC: Added support for using TNC with EAP-FASTJouni Malinen2008-03-091-0/+26
|
* EAP-FAST: Cleaned up TLV processing and added support for EAP SequencesJouni Malinen2008-02-281-84/+94
| | | | | | | | Number of TLVs were processed in groups and these cases were now separated into more flexible processing of one TLV at the time. wpabuf_concat() function was added to make it easier to concatenate TLVs. EAP Sequences are now supported in both server and peer code, but the server side is not enabled by default.
* EAP-FAST: Define and use EAP_FAST_CMK_LENJouni Malinen2008-02-281-5/+8
|
* Removed extra '_' from struct eap_tlv_crypto_binding__tlv nameJouni Malinen2008-02-281-7/+7
|
* EAP-FAST: Moved common peer/server functionality into a shared fileJouni Malinen2008-02-281-196/+8
|
* EAP-FAST: Added shared helper functions for building TLVsJouni Malinen2008-02-281-7/+4
|
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+1859