Commit graph

305 commits

Author SHA1 Message Date
Jouni Malinen
065d2895b4 Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate
EAP-TLS with a configuration where the EAP server does not authenticate
the EAP peer. In other words, this method includes only server
authentication. The peer is configured with only the ca_cert parameter
(similarly to other TLS-based EAP methods). This method can be used for
cases where the network provides free access to anyone, but use of RSN
with a securely derived unique PMK for each station is desired.

The expanded EAP header uses the hostapd/wpa_supplicant vendor
code 39068 and vendor type 1 to identify the UNAUTH-TLS method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 22:34:11 +03:00
Jouni Malinen
d13f9857f8 Use proper private enterprise number for EAP VENDOR-TEST
Now that the project has its own code, it should be used with the
VENDOR-TEST EAP method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 21:37:19 +03:00
Jouni Malinen
c13f0a3e00 EAP-SIM DB: Fix a memory leak on DB connection re-opening
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 21:17:26 +03:00
Jouni Malinen
704b8762a2 EAP-SIM DB: Do not require external program at startup
The previous implementation was able to re-open the connection to an
external program (e.g., hlr_auc_gw) when needed, but required the
connection to be available during startup. Extend this to allow the
initial failure, so that hlr_auc_gw can be started after hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 20:51:21 +03:00
Jouni Malinen
997de7aa5c Remove unnecessary base64.h inclusion
All the TNC base64 operations are within tncs.c, so there is no point in
including base64.h into eap_server_tnc.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:41:45 +03:00
Jouni Malinen
a2f94dbe62 Fix memory allocation failure handling in EAP-TTLS/MSCHAPv2 server
If the os_malloc() call for the User-Name value fails in EAP-TTLS
server, the inner MSCHAPv2 processing could have tried to dereference a
NULL pointer. Avoid this by handling this cleanly as an internal error
and reject the authentication attempt.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-19 17:23:00 +03:00
Jouni Malinen
305dbc9870 EAP-MD5: Verify that CHAP operation succeeds
The MD5 operation may be disabled in the security policy so chap_md5()
call can fail.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 18:49:02 +03:00
Jouni Malinen
f54eb34995 Add extra validation of EAP header length field
These validation steps are already done in the EAP parsing code and in
the EAP methods, but the additional check is defensive programming and
can make the validation of received EAP messages more easier to
understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 23:03:25 +03:00
Jouni Malinen
daf10baf9e EAP-pwd: Replace direct OpenSSL HMAC use with wrapper
This is a step towards allowing EAP-pwd to be supported with other
crypto libraries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 22:10:03 +03:00
Jouni Malinen
1cebaabd80 EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id
If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-15 18:49:54 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
8351998313 EAP-AKA' server: Fix identity for MK derivation
Incorrect identity string could end up being used with EAP-AKA' when
the EAP client is using pseudonym. This code was supposed to use
sm->identity just like the EAP-AKA case.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:40:11 +03:00
Jouni Malinen
0047c047fc EAP-SIM/AKA server: Fix re-authentication not to update pseudonym
AT_NEXT_PSEUDONYM is supposed to be included only in the Challenge
messages, not in the Re-authentication messages. This attribute was
incorrectly included in the Re-authentication messages and could have
been used to update the pseudonym state on the server without the peer
updating its state.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-16 23:31:30 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
0dd1603c3f Remove the GPL notification from EAP-pwd implementation
Remove the GPL notification text from EAP-pwd implementation per
approval from Dan Harkins who contributed these files.
(email from Dan Harkins <dharkins@lounge.org> dated
Wed, 4 Jan 2012 16:25:48 -0800)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Dan Harkins
5ea93947ca EAP-pwd: Add support for fragmentation
Signed-hostap: Dan Harkins <dharkins@lounge.org>
2012-02-11 12:46:30 +02:00
Jouni Malinen
5331c274e0 EAP server: Force identity request after eapRestart for passthrough
Fix start of reauthentication after failed authentication with
passthrough (external AAA server) to use internal EAP Identity method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 13:02:23 +02:00
Jouni Malinen
4a9e26b6e7 Revert "EAP server: Force identity request after INITIALIZE for passthrough"
This reverts commit 204dd3f420.
start_reauth was not supposed to be used in this way and setting it
to TRUE in INITIALIZE breaks internal EAP server.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 12:47:17 +02:00
Jouni Malinen
c8894a3100 Use explicit type casting to avoid sign extensions
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 17:06:35 +02:00
Jouni Malinen
607bcf61a4 Check nt_password_hash() return code
While this is unlikely to fail in practice, better be more consistent
in validating nt_password_hash() result.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:59:16 +02:00
Jouni Malinen
204dd3f420 EAP server: Force identity request after INITIALIZE for passthrough
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 17:37:48 +02:00
Jouni Malinen
363ab44067 EAP-AKA: Use strdup instead of strlen + malloc + memcpy
While the copy is not used as a null terminated string, this can prevent
some static analyzers from complaining about non-issue.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:45:01 +02:00
Jouni Malinen
0ac6c3f71a EAP-PEAP: Remove unused hdr assignment
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:43:21 +02:00
Jouni Malinen
864a8e3bf6 EAP-PSK: Fix memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:41:38 +02:00
Jouni Malinen
cd52acec85 Rename tls_prf() to tls_prf_sha1_md5()
Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based
TLS PRF function to more specific name and add tls_prf() within the
internal TLS implementation as a wrapper for this for now.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:27:01 +02:00
Jouni Malinen
5419d6afed EAP-pwd: Remove struct eap_pwd_hdr
This structure was not really used for anything apart from figuring out
length of the EAP-pwd header (and even that in a way that would not work
with fragmentation). Since the bitfields in the structure could have
been problematic depending on target endianness, remove this unnecessary
structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-19 16:52:52 +02:00
Dan Harkins
e547e071e1 EAP-pwd: Fix zero-padding of input to H()
Another niceness of OpenSSL is that if the high-order bit of a 521-bit
big num is not set then BN_bn2bin() will just return 65 bytes instead of
66 bytes with the 1st (big endian, after all) being all zero. When this
happens the wrong number of octets are mixed into function H(). So
there's a whole bunch of "offset" computations and BN_bn2bin() dumps the
big number into a buffer + offset. That should be obvious in the patch
too.
2011-11-19 16:47:25 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
bfbc4284a8 Avoid 0-length memmove from buffer end to keep static analyzers happier
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 19:54:26 +02:00
Jouni Malinen
3724ddc0c1 PEAP: Verify peap_prfplus() result
This function can fail in theory since the SHA-1 functions are
allowed to return an error. While this does not really happen in
practice (we would not get this far if SHA-1 does not work), it is
cleaner to include the error handling here to keep static analyzers
happier. [Bug 421]

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 11:29:17 +02:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
49a191a142 EAP: Add "expanded" EAP type to get_name functions 2011-08-28 19:23:16 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Jouni Malinen
f8b5f7dc6b TNC: Fix TNC_{TNCC,TNCS}_ReportMessageTypes copy type
The supportedTypes parameter is a list of TNC_MessageType values
and the buffer to be copied should use size of TNC_MessageType, not
TNC_MessageTypeList. In practice, these are of same length on most
platforms, so this is not a critical issue, but anyway, the correct
type should be used.
2011-04-13 23:10:21 +03:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Dan Harkins
e4d7b22a53 EAP-pwd: Fix some interoperability issues
The changes are:

  1. the word "and" in the hunting-and-pecking string passed to the KDF
     should be capitalized.
  2. the primebitlen used in the KDF should be a short not an int.
  3. the computation of MK in hostap is based on an older version of the
     draft and is not the way it's specified in the RFC.
  4. the group being passed into computation of the Commit was not in
     network order.
2011-01-16 13:12:07 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
6fc58a89e1 Fix EAP standalone server
Commit c3fc47ea8e fixed EAP passthrough
server to allow Logoff/Re-authentication to be used. However, it
broke EAP standalone server while doing that. Fix this by reverting
the earlier fix and by clearing the EAP Identity information in the
EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is
received.
2010-11-07 16:25:35 +02:00
Jouni Malinen
c3fc47ea8e EAP server: Allow reauth to be started with passthrough
Some sequencies of EAPOL logoff/logon/start messages seem to be
able to get the previous implementation into state where hostapd
would not be able to start reauthentication when external
authentication server is used. The EAP server code would bypass
the initial Identity Request generation and EAPOL code would not
be able to send anything to the authentication server or supplicant
at that point. Work around this by forcing EAP server code to
start with Identity Request after INITIALIZE state even if the
Identity is known.
2010-10-09 08:53:45 +03:00
Jouni Malinen
3d32c6517d EAP-pwd: Fix couple of memory leaks 2010-09-14 22:16:17 -10:00
Jouni Malinen
d52be1db76 EAP-pwd: Move bnctx into per-protocol instance structure
This avoids double frees of bnctx and related crashes.
2010-09-14 22:04:09 -10:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Jouni Malinen
f684e608af P2P: Use PSK format in WPS Credential 2010-09-09 07:17:17 -07:00
Jouni Malinen
cce1f698e5 WPS: Use more defensive design to avoid theoretical NULL deref
Prior to commit 6195adda9b the sm->user
dereference did not exist here. While this is in practice non-NULL,
better use more defensive construction here to avoid NULL pointer
dereference should this ever change.
2010-09-04 21:37:36 +03:00
Jouni Malinen
8cbd92ee29 EAP-FAST server: Add I-ID into PAC-Info
This indicates that the peer identity is associated with the
credential and will be required to match with the identity used
during authentication when the PAC is used (RFC 5422, 4.2.4).
2010-08-19 21:16:19 +03:00
Jouni Malinen
6195adda9b WPS: Allow AP to start in Enrollee mode without AP PIN for probing
In theory, this should not really be needed, but Windows 7 uses
Registrar mode to probe AP's WPS capabilities before trying to use
Enrollee and fails if the AP does not allow that probing to happen.
This allows the AP to start as an Enrollee and send M1, but refuse
to continue beyond that (M3 will not be sent if AP PIN is not known).
2010-07-26 18:12:08 -07:00
Jouni Malinen
7f6ec672ea EAP server: Add support for configuring fragment size 2010-07-20 22:56:10 -07:00
Jouni Malinen
e4cbe058d6 TNC: Add more debug infor to EAP-TNC server state changes 2010-04-18 12:24:02 +03:00
Jouni Malinen
11804a4ebc TNC: Fix EAP-TNC fragmentation of the last message
62477841a1 tried to address fragmentation
issues, but it did not address the case where the final EAP-TNC
message gets fragmented. Move the state update to the correct place
to address this case, too.
2010-04-18 12:21:56 +03:00
Jouni Malinen
5febb0d272 TNCS: Fix uninit in error case to not double free IMVs 2010-04-18 11:10:46 +03:00
Jouni Malinen
7992b07f6a Remove unnecessary SUBDIRS loops from src/*/Makefile
There are no subdirectories in any of these directories or plans
for adding ones. As such, there is no point in running the loop
that does not do anything and can cause problems with some shells.
2010-04-17 17:10:31 +03:00
Jouni Malinen
8d6399e455 Use unsigned bitfield for 1-bit values 2010-04-11 12:27:13 +03:00
Gregory Detal
bb437f282b AP: Add wpa_msg() events for EAP server state machine 2010-04-07 11:13:14 +03:00
Jouni Malinen
0823031750 Fix Windows compilation issues with AP mode code 2010-04-04 08:14:14 +03:00
Jouni Malinen
ffd2c8cd4d Avoid warnings on unused function/variables if debug is disabled
CONFIG_NO_STDOUT_DEBUG removes wpa_printf() calls, so need to ifdef
some function and variable definitions to avoid compiler warnings.
2010-03-06 16:37:57 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
25ac1328f6 EAP-TNC: Add Flags field into fragment acknowledgement
TNC IF-T is somewhat unclear on this are, but
draft-hanna-nea-pt-eap-00.txt, which is supposed to define the same
protocol, is clearer on the Flags field being included.

This change breaks interoperability with the old implementation if
EAP-TNC fragmentation is used. The old version would not accept
the acknowledgement message with the added Flags octet while the
new version accepts messagss with with both options.
2010-02-14 16:08:15 +02:00
Jouni Malinen
62477841a1 EAP-TNC server: Fix processing when last message is fragmented
If the last message from the EAP-TNC server was fragmented, the
fragment processing lost the DONE/FAIL state and did not know how
to handle the final ACK from the peer. Fix this by remembering the
earlier DONE/FAIL state when fragmenting a frame.
2010-02-13 18:03:52 +02:00
Jouni Malinen
b29d086d50 EAP-TNC: Accept fragment ack frame with Flags field
TNC IF-T specification is unclear on the exact contents of the fragment
acknowledgement frame. An interoperability issue with the tncs@fhh
implementation was reported by Arne Welzel
<arne.welzel@stud.fh-hannover.de> due to the different interpretations
of the specification. Relax EAP-TNC server/peer validation rules to
accept fragmentation acknowledgement frames to include the Flags field
to avoid this issue.
2010-02-13 18:00:39 +02:00
Jouni Malinen
2e06e9dd6f Fix TLS in/out buffer freeing
The previous version could end leaking memory since os_free() was used
instead of wpabuf_free(). In addition, this could potentially have
triggered a crash if the TLS context were being freed when pending
input data where still in the buffer (though, this may not be possible
to trigger in practice).
2010-02-12 21:13:51 +02:00
Jouni Malinen
2a29f0d45c Rename EAP TLS variables to make server and peer code consistent 2009-12-24 00:16:58 +02:00
Jouni Malinen
f3f2eeba01 WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
2009-12-21 12:46:19 +02:00
Jouni Malinen
496c5d981e Use wpabuf with tls_connection_ia_send_phase_finished() 2009-12-20 21:33:32 +02:00
Jouni Malinen
2574634b7f Check TLS status on EAP server during handshake
The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.
2009-12-20 19:11:43 +02:00
Jouni Malinen
81c85c069a Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(),
tls_connection_server_handshake(), tls_connection_encrypt(), and
tls_connection_decrypt() to use struct wpa_buf to allow higher layer
code to be cleaned up with consistent struct wpabuf use.
2009-12-20 18:17:55 +02:00
Jouni Malinen
f52ab9e6b0 Fix lastReqData freeing to use wpabuf_free() 2009-12-20 17:22:25 +02:00
Jouni Malinen
c479e41f53 EAP-FAST server: Piggyback Phase 2 start with end of Phase 1
If Finished message from peer has been received before the server
Finished message, start Phase 2 with the same message to avoid extra
roundtrip when the peer does not have anything to send after the server
Finished message.
2009-12-20 11:39:45 +02:00
Jouni Malinen
5c90d47657 Move EAP-SIM DB conditional build into hostapd 2009-12-06 18:23:53 +02:00
Jouni Malinen
f721aed4b1 Increase EAP server extra room for encryption overhead (for GnuTLS)
This fixes issues with some GnuTLS versions that seem to be adding
quite a bit of extra data into TLS messages. The EAP server code is
now using the same 300 byte extra room that was already used in the
EAP peer implementation.
2009-12-06 12:02:28 +02:00
Jouni Malinen
127608152e Move EAP method registration away from src/eap_{peer,server}
This makes it easier to make a library out of EAP methods without
losing possiblity of binary size optimization by linker dropping
unreferenced code.
2009-12-06 11:28:41 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
2773ca093e Replace eap_type_text() with EAP server methods function
While this may not include knowledge of all EAP methods since this
depends on build configuration, it is better to not have to include
ieee802_1x.h into eapol_sm.c.
2009-11-29 18:57:15 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
34c9910dc7 Fix EAP-AKA server build without EAP-SIM 2009-10-11 22:23:05 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
064bb8232c Add root .gitignore file to cleanup ignore lists
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
2009-06-29 21:47:19 +03:00
Jouni Malinen
3ec97afe57 wpa_supplicant AP: Add preliminary support for WPS Internal Registrar
When in AP mode, wpa_supplicant is now enabling WPS (only Internal
Registrar). wpa_cli wps_pbc and wps_pin commands can be used to initiate
WPS negotiation similarly to how this is done in station mode (though,
the BSSID parameter is ignored).
2009-04-21 16:45:16 +03:00
Jouni Malinen
1e5839e06f Rename EAP server defines from EAP_* to EAP_SERVER_*
This allows separate set of EAP server and peer methods to be built into
a single binary.
2009-03-25 12:06:19 +02:00
Jouni Malinen
51853c899b Fix TNC with EAP-TTLS
This was broken by 510c02d4a3 which added
validation of eap_ttls_phase2_eap_init() return value. The main problem
in the code trying to initialize a new phase 2 EAP method
unconditionally; this should only happen if there is a new method in the
inner method sequence.
2009-03-13 18:20:59 +02:00
Jouni Malinen
99bff8430f Fix segmentation fault on EAP-TTLS phase 2 EAP method init failure
This is based on a patch and report by Masashi Honma
<honma@ictec.co.jp>. The issue is more generic than just TNC, though,
since failure to initialize any phase 2 EAP method can result in NULL
dereference.
2009-03-13 17:53:13 +02:00
Masashi Honma
0d308bc074 TNC: Send EAP-Failure on TNC failure
On PEAP(TNC), hostapd integrated RADIUS server doesn't return
EAP-Failure when "Recommendation = none". So, EAP data retransmittion
occurs.

My co-worker "Ryuji Ohba" made below patch.
2009-03-13 17:41:58 +02:00
Jouni Malinen
1fd4b0db7c Fix EAPOL/EAP reauthentication with external RADIUS server
The EAP server state machine will need to have special code in
getDecision() to avoid starting passthrough operations before having
completed Identity round in the beginning of reauthentication. This was
broken when moving into using the full authenticator state machine from
RFC 4137 in 0.6.x.
2009-03-02 19:06:23 +02:00
Jouni Malinen
358b98668e Update EAP-GPSK references from internet draft to RFC 5433 2009-02-26 23:08:40 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Jouni Malinen
3fe430b5d5 Add debug prints for couple of new EAP-AKA' attributes 2009-02-15 10:28:16 +02:00
Jouni Malinen
915c1ba3c5 WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
2009-02-06 21:39:32 +02:00
Jouni Malinen
f620268f13 WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.

This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
2009-01-29 18:47:02 +02:00
Jouni Malinen
0b8695bb2b Renamed shadowed variable 2009-01-13 19:31:51 +02:00
Jouni Malinen
41c00105f2 Removed registrar pointer from wps_config and wps_data
wps_context::registrar can be used as the only location for this
pointer.
2009-01-03 20:09:35 +02:00
Jouni Malinen
5a8c6d3353 Removed duplicated authenticator yes/no from wps_config and wps_data
wps_context::ap is available for this purpose and there is no need to
change between AP and not AP between protocol runs.
2009-01-03 19:57:22 +02:00
Jouni Malinen
ae2633af63 Removed unused WPS_PENDING processing result 2009-01-03 19:52:20 +02:00
Jouni Malinen
f90c86d4a3 Added Doxygen documentation for WPS code 2009-01-03 19:50:49 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
98de443890 WPS: Set recommended retransmission times with EAP method specific hint 2008-12-29 18:50:37 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Jouni Malinen
ac5953db66 Fixed EAP-AKA build in case EAP-AKA' is disabled 2008-12-16 18:57:49 +02:00
Jouni Malinen
000a1de72b Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and
MS-MPPE-Send-Key for total of 32 octets) to match with server
implementation.

Swapped the order of MPPE keys in MSK derivation since server
MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for
EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now
using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap
the order of the MPPE keys to get ISK in a way that interoperates with
Cisco EAP-FAST implementation.
2008-12-14 13:12:20 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
01b0569437 Added protection against EAP-AKA' -> EAP-AKA bidding down attacks
AT_BIDDING attribute is included in EAP-AKA/Challenge to allow peer to
know whether the server would have preferred EAP-AKA'.
2008-12-05 22:25:47 +02:00
Jouni Malinen
a478ef0d12 EAP-AKA': Added CK',IK' derivation
This is based on a change request 3GPP TS 33.402 CR 0033 for version
8.1.1. The hardcoded ANID is now 'WLAN' since that is used in
3GPP TS 24.302.
2008-12-04 21:50:56 +02:00
Jouni Malinen
a49c428a1b EAP-AKA': Comment out EAP-AKA' server KDF negotiation
Since only one KDF is currently supported, the negotiation is not
allowed and peer must be rejected if it tries to send KDF selection in a
Challenge message. The negotiation code is left in the file and just
commented out since it was tested to work and can be used in the future
if another KDF is added.
2008-12-04 20:32:56 +02:00
Jouni Malinen
6ec4021c03 EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributes
Network Name is not yet generated and validated based on 3GPP.33.402
(i.e., a hardcoded string is used in server and anything is accepted in
peer).
2008-12-04 20:29:46 +02:00
Jouni Malinen
73d48dc4b4 EAP-AKA': Allow both AKA AKA' to be registed from eap_aka_prime.c
This allows the same source code file to be shared for both methods. For
now, this is only in eap_aka_prime.c, but eventually, changes in
eap_aka_prime.c are likely to be merged into eap_aka.c at which point
the separate eap_aka_prime.c can be removed.
2008-12-03 19:59:52 +02:00
Jouni Malinen
9881795e2c EAP-AKA': Derive keys using the new KDF (PRF') 2008-12-03 19:22:20 +02:00
Jouni Malinen
806f869918 EAP-AKA': Use HMAC-SHA-256-128 for AT_MAC 2008-12-02 21:29:26 +02:00
Jouni Malinen
f54e2c34bf EAP-AKA': Use SHA256 for AT_CHECKCODE 2008-12-02 21:05:38 +02:00
Jouni Malinen
f09d19d46a Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'
This makes it easier to eventually replace EAP-AKA implementation with a
shared implementation that supports both EAP-AKA and EAP-AKA'.
2008-12-02 20:27:05 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
eb76b7e3ff WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys
WPS IE is now passed from hostapd association processing into EAP-WSC
and WPS processing. Request Type attribute is parsed from this
information and if the request is for a WLAN Manager Registrar,
additional management keys are derived (to be used with UPnP).
2008-11-29 12:11:56 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
012783f1ab Fixed EAP-TLS message fragmentation for the last TLS message
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
2008-11-20 19:39:35 +02:00
Jouni Malinen
6cd4f02b03 Fixed EAPA-AKA warning message about AT_RES length to use bits 2008-11-20 15:23:51 +02:00
Jouni Malinen
04a5bad682 EAP-AKA: Validate RES Length field in AT_RES
This change breaks interoperability with older wpa_supplicant versions
(everything up to and including wpa_supplicant 0.5.10 and 0.6.5) which
incorrectly used this field as number of bytes, not bits, in RES.
2008-11-07 08:34:07 +02:00
Jouni Malinen
36100718de EAP-FAST server: allow expired PAC for PAC refresh
Instead of falling back to full TLS handshake on expired PAC, allow the
PAC to be used to allow a PAC update with some level of server
authentication (i.e., do not fall back to full TLS handshake since we
cannot be sure that the peer would be able to validate server certificate
now). However, reject the authentication since the PAC was not valid
anymore. Peer can connect again with the newly provisioned PAC after this.
2008-11-06 22:57:09 +02:00
Jouni Malinen
dd20838a7d Fixed size_t printf format for 64-bit targets 2008-10-29 19:30:23 +02:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
f36f51e403 Change the order of Result TLV and PAC TLV to avoid interop issues
draft-cam-winget-eap-fast-provisioning-06.txt or RFC 4851 do not seem to
mandate any particular order for TLVs, but some interop issues were noticed
with an EAP-FAST peer implementation when Result TLV followed PAC TLV. The
example in draft-cam-winget-eap-fast-provisioning-06.txt shows the TLVs in
the other order, so change the order here, too, to make it less likely to
hit this type of interop issues.
2008-10-08 15:50:01 +03:00
Jouni Malinen
510c02d4a3 Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return code
It is possible that the initialization of the Phase 2 EAP method fails and
if that happens, we need to stop EAP-TTLS server from trying to continue
using the uninitialized EAP method. Otherwise, the server could trigger
a segmentation fault when dereferencing a NULL pointer.
2008-10-01 13:55:04 +03:00
Jouni Malinen
1f21bc4cc3 Fixed EAP-FAST server PAC-Opaque padding
0.6.4 broke this for some peer identity lengths. The padding was supposed
to make sure that the length of PAC-Opaque is divisible by 8.
2008-08-24 12:50:12 +03:00
Jouni Malinen
a9141cffb0 Updated EAP-TTLSv0 references to use RFC 5281 2008-08-16 10:17:22 +03:00
Jouni Malinen
6652b61cd4 Fixed EAP-TNC not to include extra EAP header and TNC flags
The change to support fragmentation added extra function to generate the
EAP header, but forgot to remove the original code and ended up getting two
EAP headers and TNC flags field in the generated message. These header
fields need to be added only in the function that builds the final message
(and if necessary, fragments the data).
2008-07-17 02:17:37 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
7cdeb81e1f Fixed potential NULL pointer dereference if memory allocation fails 2008-06-05 20:44:30 +03:00
Jouni Malinen
bf206cada3 Changed TLS server to use OpenSSL SSL_accept() instead of SSL_read()
The server handshake processing was still using SSL_read() to get OpenSSL
to perform the handshake. While this works for most cases, it caused some
issues for re-authentication. This is now changed to use SSL_accept() which
is more approriate here since we know that the handshake is still going on
and there will not be any tunneled data available. This resolves some of
the re-authentication issues and makes it possible for the server to notice
if TLS processing fails (SSL_read() did not return an error in many of
these cases while SSL_accept() does).

Set session id context to a unique value in order to avoid fatal errors
when client tries session resumption (SSL_set_session_id_context() must be
called for that to work), but disable session resumption with the unique
value for the time being since not all server side code is ready for it yet
(e.g., EAP-TTLS needs special Phase 2 processing when using abbreviated
handshake).

Changed EAP-TLS server not to call TLS library when processing the final
ACK (empty data) from the client in order to avoid starting a new TLS
handshake with SSL_accept().
2008-05-29 20:36:18 +03:00
Jouni Malinen
3c99fa29d3 Add eap_tls_state() to get closer to EAP-TTLS/PEAP/FAST code 2008-05-28 17:19:57 +03:00
Jouni Malinen
cda97d11bb Share EAP-TLS/PEAP/TTLS/FAST core process() functionality
Move the basic processing of received frames into eap_tls_common.c and use
callback functions to handle EAP type specific processing of the version
field and payload.
2008-05-28 17:15:17 +03:00
Jouni Malinen
3c724cc564 Do not refer to Flags::Version field as 'PEAP version'
This field is also used for EAP-TTLS and EAP-FAST, so it is clearer to use
a more generic term for it.
2008-05-28 09:59:55 +03:00
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
ab17e3f2b7 Fixed EAP-IKEv2 server fragment processing
Need to clear the state back to MSG after having processed all incoming
fragments. Without this, the server got stuck in sending the fragment ACK
even after having received the full message.
2008-05-26 16:51:40 +03:00
Jouni Malinen
ef626b4d50 Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this
cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not
seem to have a configuration item for disabling all compression (0.9.9 has
such an option). If compression is used, Phase 2 decryption may end up
producing more data than the input buffer due to compressed data. This
shows up especially with EAP-TNC that uses very compressible data format.

As a workaround, increase the decryption buffer length to (orig_len+500)*3.
This is a hack, but at least it handles most cases. TLS compression should
really be disabled for EAP use of TLS, but since this can show up with
common setups, it is better to handle this case.
2008-05-26 12:33:04 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
579313ab07 Fixed xsi:schemaLocation to use whitespace to separate members of the pair. 2008-05-06 21:29:14 +03:00
Jouni Malinen
1c2ff04f3a TNC: Added preliminary code for IF-TNCCS-SOH server side support
If TNC is enabled, PEAPv0 server is now sending out SoH request to initiate
IF-TNCCS-SOH (Microsoft NAP / Statement of Health) handshake. The results
are currently only shown in debug log and they do not affect authentication
or authorization result.
2008-03-30 17:10:44 +03:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
32f049b2af EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation
Microsoft uses reverse order for MS-MPPE keys in EAP-PEAP when compared to
EAP-FAST derivation of ISK. Swap the keys here to get the correct ISK for
EAP-PEAPv0 cryptobinding. This resolves the cryptobinding interop issue
with WinXP SP3 RC2. However, it looks like MSK derivation does not
interoperate when using cryptobinding, so this code remains disabled for
the time being.
2008-03-18 16:27:55 +02:00
Jouni Malinen
e1a69a0b10 EAP-PEAP: Added preliminary code for PEAPv0 and PEAPv2 cryptobinding
This implementation is complete for PEAPv0 (Microsoft extension), but the
use of cryptobinding is disabled in this version, i.e., this does not
change protocol behavior at all.

Interop tests between hostapd and wpa_supplicant work fine, but there are
some problems in getting hostapd to interoperate with Windows XP SP3 RC2
(peer replies with Result Failure to the attempted cryptobinding). The
implementation will remain disabled until this issue has been resolved.
2008-03-18 12:19:52 +02:00
Jouni Malinen
06726f0bdd EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c server
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 08:31:04 +02:00
Jouni Malinen
c80a74d70c TNC: Integrated TNC support into EAP-TTLS server
If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel
after a successful authentication.
2008-03-09 12:05:06 +02:00
Jouni Malinen
7db0fca522 TNC: Integrated TNC support into EAP-FAST server
Tunneled EAP sequence is now used to perform both the authentication (e.g.,
using EAP-GTC) and TNC validation (EAP-TNC) inside the EAP-FAST tunnel if
TNC has been enabled.
2008-03-09 11:22:17 +02:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
da08a7c732 TNC: Added preliminary TNC implementation for hostapd
This adds EAP-TNC method and TNCS (IF-IMV and IF-TNCCS) functionality.
There is no integration with EAP-TTLS and EAP-FAST at this point, so this
version is not yet suitable for real use (i.e., EAP-TNC can only be tested
outside a tunnel which is not an allowed configuration for deployment).
However, the basic TNCS functionality is more or less complete and this
version seems to interoperate with wpa_supplicant.
2008-03-09 10:37:18 +02:00
Jouni Malinen
13b3f33942 EAP-FAST: Verify that identity from PAC-Opaque matches with Phase 2 (GTC) 2008-02-27 18:00:12 -08:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
2bab8ae401 EAP-FAST: Define and use EAP_FAST_CMK_LEN 2008-02-27 17:58:46 -08:00
Jouni Malinen
ed5a02fd94 Removed extra '_' from struct eap_tlv_crypto_binding__tlv name 2008-02-27 17:58:13 -08:00
Jouni Malinen
cdd1bc9288 EAP-FAST: Divided eap_fast_process() into number of helper functions 2008-02-27 17:57:49 -08:00
Jouni Malinen
7f4c1d4300 EAP-FAST: Moved common peer/server functionality into a shared file 2008-02-27 17:57:19 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
829f14be17 EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
This allows Phase 2 Identity Request to be skipped if the identity is
already known from PAC-Opaque received in TLS handshake in order to save
one roundtrip from normal authentication.
2008-02-27 17:55:40 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00