aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/eapol_test.c
Commit message (Collapse)AuthorAgeFilesLines
* Add RADIUS Service-Type attribute with a value of FramedNick Lowe2016-02-191-0/+7
| | | | | | | This seems to be the common value used by APs and also mentioned in RFC 3580. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* RADIUS: Redesign Request Authenticator generationNick Lowe2016-02-061-1/+1
| | | | | | | Simplify and make properly random the generation of the Request Authenticator. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* eapol_test: Add -v for displaying version informationJouni Malinen2015-10-161-2/+7
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Add a new operation mode for control interface useJouni Malinen2015-08-201-10/+106
| | | | | | | | | | | The -T<ctrl_iface> command line argument can now be used to start eapol_test in mode where the configuration file is not needed and the authentication operations are started through the control interface. Network profile is also managed through the control interface in this case. This can be used to provide more control for scripted RADIUS authentication server testing. Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Allow interface name to be specifiedJouni Malinen2015-08-201-5/+9
| | | | | | | | | The new -i<ifname> command line argument can be used to specify the name of the interface to use. This is mainly to allow unique control interface names to be defined without having to use multiple directories. Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Support IPv6 for authentication serverOndřej Caletka2015-06-101-2/+1
| | | | | | This allows testing RADIUS servers over IPv6. Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
* Declare all read only data structures as constMikael Kanstrup2015-04-251-1/+1
| | | | | | | | By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* eapol_test: Fix cert_cb() function argumentsJouni Malinen2015-01-171-0/+9
| | | | | | | altsubject[] was added here, but the callback implementation in eapol_test.c was forgotten from the commit. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check os_snprintf() result more consistently - automatic 1Jouni Malinen2014-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Allow OpenSSL cipherlist string to be configuredJouni Malinen2014-10-121-0/+1
| | | | | | | | | | | The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Check inet_aton() resultJouni Malinen2014-10-111-1/+5
| | | | | | This makes code more consistent (CID 72676). Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Fix -R option to not replace -s option valueDmitry Shmidt2014-06-281-0/+1
| | | | | | | | Commit e9852462d58750e2ec4be498e82db0e0a2dfaf7f ('eapol_test: Add PC/SC reader and PIN command line arguments') did not add break to the switch statement for the new -R command line option. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* eapol_test: Add PC/SC reader and PIN command line argumentsJouni Malinen2014-06-211-9/+24
| | | | | | | The new command line arguments -R<reader> and -P<PIN> can now be used to specify which PC/SC reader (prefix match) and PIN are to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Check EAP-Key-NameJouni Malinen2014-05-111-2/+50
| | | | | | | | | The new command line argument -e can be used to request the server to send EAP-Key-Name in Access-Accept. If both the local EAP peer implementation and server provide the EAP Session-Id, compare those values and indicate in debug log whether a match was seen. Signed-off-by: Jouni Malinen <j@w1.fi>
* Skip network disabling on expected EAP failureJouni Malinen2014-01-081-2/+3
| | | | | | | | | | Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
* Declare wpa_debug_* variables in src/utils/wpa_debug.hJouni Malinen2013-12-311-3/+0
| | | | | | | | | These were somewhat more hidden to avoid direct use, but there are now numerous places where these are needed and more justification to make the extern int declarations available from wpa_debug.h. In addition, this avoids some warnings from sparse. Signed-hostap: Jouni Malinen <j@w1.fi>
* SCARD: Clean up SIM/USIM selectionMasashi Honma2013-11-171-2/+2
| | | | | | | | Commit eb324600295a570199a5e25eb64e60781a04fb74 left an unneeded sim_type argument to scard_init(). Remove that unnecessary argument to clean up the implementation. Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
* EAP peer: Add framework for external SIM/USIM processingJouni Malinen2013-10-201-0/+1
| | | | | | | | | | | | | | The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Initialize BSS listsJouni Malinen2013-10-191-0/+2
| | | | | | | | | This is needed to avoid issues with control interface commands that could request BSS list during an eapol_test run. wpa_cli tries to update its internal BSS list and that could trigger eapol_test crashes without this. Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Fix external EAP request mechanismJouni Malinen2013-10-191-1/+51
| | | | | | | | The eap_param_needed callback was forgotten from eapol_test and this prevented external EAP request processing through ctrl_iface from being tested. Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Initialize wpa_s->global to fix ctrl_ifaceJouni Malinen2013-10-191-0/+3
| | | | | | | | wpa_s->global is now dereferenced in number of places and at least one of them hits in eapol_test cases. Fix issues with this by setting the global pointer to empty data. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add option -I for additional config fileDmitry Shmidt2013-04-231-1/+1
| | | | | | | | This option can be used only for global parameters that are not going to be changed from settings. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Iliyan Malchev <malchev@google.com>
* eapol_test: Remove unnecessary header file inclusionJouni Malinen2013-01-151-1/+0
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* eapol_test: Allow full RADIUS attribute length to be usedJouni Malinen2013-01-121-3/+3
| | | | | | | | | | The -N and -C command line parameters can be used to add arbitrary RADIUS attributes to the messages. However, these were truncated to about 128 bytes when the actually message was constructed. Fix this by using larger buffers to allow the maximum attribute length (253 octets of payload) to be used. [Bug 458] Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Fix extra RADIUS attribute allocationJouni Malinen2013-01-121-1/+1
| | | | | | | The sizeof(ptr) use here was not correct and resulted in too small memory block getting allocated for the -N command line argument. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP-SIM/AKA: Store pseudonym identity in configurationJouni Malinen2012-09-021-0/+32
| | | | | | | | Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity so that this can be maintained between EAP sessions (e.g., after wpa_supplicant restart) even if fast re-authentication data was cleared. Signed-hostap: Jouni Malinen <j@w1.fi>
* Return wpabuf from radius_msg_get_eap()Jouni Malinen2012-08-071-22/+20
| | | | | | | | This simplifies the implementation by using the buffer type to which the returned data will be converted anyway. This avoids one memory allocation for each processed RADIUS message. Signed-hostap: Jouni Malinen <j@w1.fi>
* EXT PW: Add framework for supporting external password storageJouni Malinen2012-08-031-0/+8
| | | | | | | | | | | This new mechanism can be used to make wpa_supplicant using external storage (e.g., key store in the operating system) for passwords, passphrases, and PSKs. This commit is only adding the framework part needed to support this, i.e., no actual configuration parameter can yet use this new mechanism. In addition, only a simple test backend is added to allow developer testing of the functionality. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix memory leaks on radius_client_send error pathsJouni Malinen2012-04-011-1/+3
| | | | | | | In case this function returns an error, the RADIUS message needs to freed in the caller. Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow PC/SC reader to be selected and initialized at startJouni Malinen2012-02-261-3/+3
| | | | | | | New global configuration parameters pcsc_reader and pcsc_pin can now be used to initialize PC/SC reader context at start of wpa_supplicant. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Show MNC length in debug outputJouni Malinen2012-01-221-0/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* eapol_test: Add option for writing server certificate chain to a fileJouni Malinen2011-09-171-8/+44
| | | | | | eapol_test command line argument -o<file> can now be used to request the received server certificate chain to be written to the specified file. The certificates will be written in PEM format. [Bug 391]
* Move peer certificate wpa_msg() calls to notify.cJouni Malinen2011-07-051-1/+32
| | | | | This type of wpa_supplicant specific message construction does not need to be at the EAP implementation, so better move it up to notify.c.
* eapol_test: Unregister EAP server methods if CONFIG_AP=yJouni Malinen2010-11-071-0/+4
| | | | This fixes a memory leak in CONFIG_AP=y builds.
* eloop: Remove global user data pointerJouni Malinen2009-12-191-6/+5
| | | | | This is not really needed since all signal handlers can use a context pointer provided during signal handler registration.
* eapol_test: Fix build after RADIUS msg API changesJouni Malinen2009-12-191-8/+10
|
* Change radius_msg_free() to free the bufferJouni Malinen2009-12-191-10/+3
| | | | | Since all callers were freeing the buffer immediately anyway, move this operation into radius_msg_free() to reduce code size.
* Move EAP method registration away from src/eap_{peer,server}Jouni Malinen2009-12-061-1/+1
| | | | | | This makes it easier to make a library out of EAP methods without losing possiblity of binary size optimization by linker dropping unreferenced code.
* Remove unnecessary definesJouni Malinen2009-12-051-2/+0
| | | | | | | | | The following defines are not really needed in most places, so remove them to clean up source code and build scripts: EAP_TLS_FUNCS EAP_TLS_OPENSSL EAP_TLS_GNUTLS CONFIG_TLS_INTERNAL
* Remove src/rsn_supp from default header pathJouni Malinen2009-11-291-1/+1
|
* Merge wpa_supplicant and hostapd driver wrapper implementationsJouni Malinen2009-04-091-1/+1
| | | | | | | | This commit merges the driver_ops structures and implementations from hostapd/driver*.[ch] into src/drivers. This is only an initial step and there is room for number of cleanups to share code between the hostapd and wpa_supplicant parts of the wrappers to avoid unnecessary source code duplication.
* eapol_test: Allow generated RADIUS attributes to be replacedJouni Malinen2009-01-131-5/+23
| | | | | | | Do not add the automatically generated RADIUS attributes NAS-IP-Address, Calling-Station-Id, Framed-MTU, NAS-Port-Type, and Connect-Info if -N option is used with the same attribute type. This allows these attributes to be replaced without causing duplicate entries.
* Fixed eapol_test build after RADIUS API changes (const)Jouni Malinen2009-01-091-2/+3
|
* Fixed a typo in usage helpJouni Malinen2009-01-041-1/+1
|
* eapol_test: Add a universal way of adding extra RADIUS attributesTomasz Wolniewicz2009-01-041-30/+127
| | | | | | This change replaces -I and -i options (Chargeable-User-Identity) with a new -N option that can add any RADIUS attribute into the Access-Request messages without having to modify eapol_test for each new attribute.
* Cleaned up EAP-MSCHAPv2 key derivationJouni Malinen2008-12-141-0/+10
| | | | | | | | | | | | | Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
* Removed mac_addr from eapol_ctx to fix the eapol_test buildJouni Malinen2008-12-031-1/+0
|
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+1
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* eapol_test: Allow client IP address to be specifiedTomasz Wolniewicz2008-03-301-5/+23
| | | | | | | | | | | | | Allow the user to set the IP address of the eapol_test client. This if very useful when you have a machine with many interfaces and want to use a particular one for testing RADIUS connectivity. For instance when I run the national eduroam proxy I can only connect to other server from a particular address, an our machine happens to have several IPs. So if I want to run connectivity tests, I must make sure that my test uses a particular interface. The -A option allows one to set this). (jm: cleaned up to use radius configuration structure instead of global variable for the address and added IPv6 support)