path: root/src/eap_server
Commit message (Collapse)AuthorAgeFilesLines
* Removed EAP header field from struct eap_pax_hdr and started usingJouni Malinen2007-12-091-39/+54
| | | | eap_msg_alloc() and eap_hdr_validate().
* Removed EAP header field from struct eap_sake_hdr and started usingJouni Malinen2007-12-091-30/+38
| | | | eap_msg_alloc() and eap_hdr_validate().
* Share a common eap_wsc_build_frag_ack() implementation between EAP-WSCJouni Malinen2007-12-081-24/+2
| | | | server and peer.
* Moved common EAP-WSC definitions into a shared header file.Jouni Malinen2007-12-081-20/+8
* Avoid possible double-free crash when processing a zero lengthJouni Malinen2007-12-081-0/+5
| | | | | EAP-TLS/PEAP/TTLS/FAST fragment. Such a message is invalid and need to be dropped instead of processed.
* EAP-GPSK was already updated to draft -07 and -08 did not change anyJouni Malinen2007-12-051-1/+1
| | | | behavior, it was just clarifying couple of points.
* Added EAP Transport of Registration Protocol for Wi-Fi Protected SetupJouni Malinen2007-12-022-0/+582
| | | | | | | | | (WPS). This version is only including the EAP specific code and there is no proper support for the WPS Registration Protocol itself. A minimal test implementation for simulating the registration is included for testing the EAP transport. That will need to be replaced with either an in-process WPS Registration implementation or an interface to an external process using pending EAP processing.
* Use eap_hdr_validate() instead of local implementation to validate EAPJouni Malinen2007-12-012-13/+12
| | | | header.
* Use eap_msg_alloc() to avoid having to fill in EAP header in multipleJouni Malinen2007-12-013-25/+6
| | | | unctions.
* Added 'os_' prefix to common C library functions.Jouni Malinen2007-12-0120-406/+408
| | | | Converted some printf() calls to use wpa_printf().
* Replaced the old hostapd_get_rand() calls with os_get_random().Jouni Malinen2007-12-019-10/+10
* Simplified the interface between EAP Full Authenticator and EAPOL/AAA byJouni Malinen2007-11-263-242/+164
| | | | | | | | | replacing the wrapper functions with a shared structure of interface variables. This reduces data copying and extra overhead from unnecessary function calls. In addition, updated eapKeyAvailable/aaaEapKeyAvailable usage to match more closely with the description in EAP state machine RFC 4137.
* Basic EAP functionality is now required for EAPOL even if full EAP serverJouni Malinen2007-11-252-74/+0
| | | | is not included in the build.
* Cleaned up EAPOL/EAP/AAA interfaces in hostapd. This updates the EAP serverJouni Malinen2007-11-254-45/+374
| | | | | | state machine to follow the Full Authenticator model and updates EAPOL state machines to IEEE 802.1X-2004. Some of EAP related functionality was in practice moved from ieee802_1x.c into eap.c.
* Updated EAP-GPSK to match with the latest draft (-07):Jouni Malinen2007-11-241-2/+7
| | | | | - MK derivation uses PSK[0..KS-1] as the key instead of zero - GPSK-3 includes ID_Server
* Fixed a memory leak on error path.Jouni Malinen2007-10-071-1/+3
* Updated EAP-GPSK key derivation to use the new GKDF construction definedJouni Malinen2007-07-181-1/+1
| | | | | in the latest EAP-GPSK draft (-06). This gets rid of SHA-256 completely if only CSuite/Specifier 1 is used.
* Changed EAP-GPSK CSuite field to use 4 octets for vendor id and 2 octetsJouni Malinen2007-07-171-10/+10
| | | | | | of specifier to match the change in draft-ietf-emu-eap-gpsk-06.txt. For the values used so far, this does not actually change any message format, so the previous version is compatible with the new one.
* Added support for bypassing an extra TLS roundtrip when the TLS handshakeJouni Malinen2007-06-271-18/+44
| | | | | | | | | | is completed with a message from peer to server (which happens when using the abbreviated handshake with PAC-Key). PHASE2_START state is now in practice skipped by moving directly into PHASE2_ID if TLS connection is established and there is no more handshake data to be sent out. This allows the server to send the first tunneled EAP message as a response to the TLS handshake message with ClientFinished.
* Added support for configuring PAC-Opaque encryption key and A-ID forJouni Malinen2007-06-104-3/+36
| | | | EAP-FAST.
* Added support for unauthentication EAP-FAST provisioning using EAP-MSCHAPv2Jouni Malinen2007-06-103-6/+52
| | | | inside the tunnel with challenges generated during the TLS handshake.
* added PAC-Key lifetime enforcement and re-keying of PAC-Key when theJouni Malinen2007-06-091-5/+74
| | | | lifetime is about to expire.
* Added support for provisioning PAC. Due to limitation in TLSv1 code,Jouni Malinen2007-06-091-63/+407
| | | | | | | only authenticated provisioning is supported for now (i.e., anon-DH cannot be used). This version is also limited by using a hardcoded encryption key for encrypting PAC-Opaque and not having any timeout for PACs. As such, this is only suitable for developer testing.
* Moved common EAP-TLV and EAP-FAST definitions from server and peerJouni Malinen2007-06-062-150/+3
| | | | implementations into shared header files.
* Added preliminary EAP-FAST server implementation for hostapd.Jouni Malinen2007-06-063-8/+1455
| | | | | | | | | | | | | eap_fast.c is based on eap_peap.c with changes to add TLV encapsulation for Phase 2 and different key derivation with crypto binding for EAP-FAST. Number of features are still missing and this version is not really for more than developer use. A hardcoded PAC-Key is currently used and inbind PAC provisioning is not yet supported. Anyway, this is complete enough to allow EAP-FAST/EAP-GTC authentication to be completed successfully with wpa_supplicant. EAP-GTC is modified to use fixed prefix when used inside EAP-FAST tunnel.
* Replaced remaining occurrences of wpa_zalloc() calls with os_zalloc() toJouni Malinen2007-05-2718-25/+25
| | | | get rid of the temporary backwards compatibility definition in common.h.
* Added support for processing AT_COUNTER_TOO_SMALL duringJouni Malinen2007-04-111-11/+24
| | | | | | | | | AKA-Reauthentication and for starting full authentication if this happens and AT_MAC is correct and AT_COUNTER matches with the previously used counter value. This fixes the re-authentication procedure for the case where AKA peer reject Counter as too small (RFC 4187, 5.5).
* Fixed EAP-AKA AT_NOTIFICATION processing. This attribute should only beJouni Malinen2007-04-101-8/+1
| | | | | | | | included in EAP-Request/AKA-Notification packet. It is not included in EAP-Response to this package. Removed addition of this attribute to the response in the peer and removed validation of this value in the server.
* Fixed Authentication-Reject processing to actually reject authentication.Jouni Malinen2007-04-101-0/+15
| | | | | | | | | Previously, this subtype could have been ignored and the message could have been processed as another subtype (e.g., Challenge) and if the contents of the message would otherwise have matched the other subtype message, authentication could have been completed successfully from the server viewpoint. Now the authentication is stopped immediately after receiving Authentication-Reject.
* Moved EAP-AKA Subtype validation to be part of process() handler instead ofJouni Malinen2007-04-101-3/+16
| | | | | check(). This allows EAP server to use EAP-AKA Notification to report errors as required by RFC 4187.
* Added support for sending EAP-AKA Notifications in error cases. Previously,Jouni Malinen2007-04-031-9/+67
| | | | | EAP-Failure was sent in these cases, but RFC 4187 actually requires AKA Notification to be used in most error cases.
* Updated EAP-GPSK to the latest draft version (-04). This changedJouni Malinen2007-03-181-22/+22
| | | | | | terminology for the peer ("client" to "peer") and KDF construction for ciphersuite #1. Both ciphersuites are now sharing SHA256-based KDF, so implementation was cleaned up by sharing a common helper function for this.
* Updated my email address jkmaline@cc.hut.fi to j@w1.fi since the HUTJouni Malinen2007-03-0924-24/+24
| | | | address is about to be removed.
* Fixed EAP-MSCHAPv2 server to use a space between S and M parametersJouni Malinen2007-03-061-2/+3
| | | | in Success Request [Bug 203].
* Added 'make clean' target to new src/* directories and call these MakefilesJouni Malinen2007-02-251-0/+6
| | | | from hostapd and wpa_supplicant Makefiles.
* Include EAP header files using an explicit path (eap_{peer,server,common})Jouni Malinen2007-02-2511-28/+28
| | | | | | instead of adding all the directories into includes path for the pre-processor. This allows EAP peer and server header files to be loaded properly even when they are using the same file names.
* First step in moving EAP server/peer methods and EAP state machines intoJouni Malinen2007-02-2525-0/+11130
src/eap_{server,peer,common} directories.