Commit graph

338 commits

Author SHA1 Message Date
Jouni Malinen
b3ddab2122 WPS: Pad DH Public Key and Shared Key to 192 octets
WPS spec is not very specific on the presentation used for the DH
values. The Public Key attribute is described to be 192 octets long, so
that could be interpreted to imply that other places use fixed length
presentation for the DH keys. Change the DH derivation to use fixed
length bufferd by zero padding them from beginning if needed. This can
resolve infrequent (about 1/256 chance for both Public Key and Shared
Key being shorter) interop issues.
2009-01-22 19:32:58 +02:00
Masashi Honma
96fa129da9 Use WPS state Not Configured instead of Configured in Enrollee
This is needed to allow external Registrar (at least the implementation
in Windows Vista) to configure the Enrollee.

With this patch and my previous patch (for wps.c) , I could pass "Wi-Fi
WPS Test Plan Version 1.0 [5.1.4. Add to AP using PIN Config method and
PASS PHRASE through wired external registrar]".
2009-01-22 15:18:03 +02:00
Masashi Honma
e29bcf9eab WPS: Check Device Password ID attribute only if present in AP search
I can't pass the "Wi-Fi WPS Test Plan Version 1.0 [5.1.4. Add to AP
using PIN Config method and PASS PHRASE through wired external
registrar]". The wpa_supplicant-0.6.7 can't recoginize the testbed
AP(BCM94704AGRRev-E.2.4) as WPS PIN AP. Because after PIN entered, the
AP sends Selected Registrar attribute=0 and not send Device Password ID
attribute.

The proposed change as-is removed validation of Selected Registrar
attribute completely. However, that part is not included in this commit
since it can cause problems for environments with multiple WPS-enabled
APs. Another workaround for this will be considered in wpa_supplicant
scanning process (e.g., start trying to use WPS with APs that do not set
Selected Registrar to TRUE after couple of scan runs that do not find
any APs with Selected Registrar TRUE).
2009-01-22 15:12:18 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
05bf32cc87 Changed Credential MAC Address to be BSSID in AP/Registrar
WPS spec is not very clear on which MAC address is used here, but BSSID
makes more sense than Enrollee MAC address.
2009-01-20 21:28:31 +02:00
Jouni Malinen
790ccdb2b3 Changed the version to 0.7.0 since development branch is now 0.7.x 2009-01-20 21:16:29 +02:00
Jouni Malinen
3a4606585c Implement set_probe_req_ie() for nl80211 drivers 2009-01-20 14:06:02 +02:00
Jouni Malinen
b0e8a05a1e Sync nl80211_copy.h with wireless-testing.git linux/nl80211.h 2009-01-20 13:56:58 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
eca6e0a9a5 WPS: Provide the unparsed Credential attribute to cred_cb()
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
2009-01-17 22:17:12 +02:00
Jouni Malinen
655e466600 Changed the Network Index value to 1 since that is the default value 2009-01-17 21:14:13 +02:00
Jouni Malinen
0f057fb2c7 Added a separate ctx pointer for wpa_msg() calls in WPA supp
This is needed to allow IBSS RSN to use per-peer context while
maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
2009-01-17 17:54:40 +02:00
Jouni Malinen
0d1286e411 Added support for IBSS scanning into driver_test 2009-01-17 16:44:05 +02:00
Jouni Malinen
6fa68a0ee5 Added an option to add (or override) Credential attribute(s) in M8 2009-01-16 22:50:41 +02:00
Jouni Malinen
11ef8d3578 Added initial step for IBSS RSN support
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.

The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
2009-01-15 01:21:55 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Dan Williams
8f33641c94 driver_wext: Add IW_ENCODE_TEMP into SIOCSIWENCODE{,EXT} calls
This is needed for airo driver to work correctly and no other driver
seems to care, so the change is safe to make. This has been in number of
distro releases for a long time and no issues have been reported.
2009-01-13 20:42:15 +02:00
Jouni Malinen
540264a721 Removed wpa_sm dereference from pmksa_cache_list() 2009-01-13 20:22:42 +02:00
Jouni Malinen
f5a51b58d4 Moved proto == RSN validation from pmksa_cache.c into the caller 2009-01-13 20:15:06 +02:00
Jouni Malinen
010dc06853 Moved RADIUS Class attribute helpers into RADIUS module 2009-01-13 20:01:29 +02:00
Jouni Malinen
0b8695bb2b Renamed shadowed variable 2009-01-13 19:31:51 +02:00
Jouni Malinen
03ba2cb4c6 Added CONFIG_NO_AES_EXTRAS for hostapd
This allows unneeded AES routines to be removed from the build to reduce
binary size.
2009-01-12 15:15:35 +02:00
Jouni Malinen
3904625396 Silenced some sparse warnings 2009-01-11 10:42:07 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
7d02e64157 Mark shared secret const in RADIUS client routines 2009-01-08 16:41:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Ihar Hrachyshka
7ee6258f7c Fix wpa_supplicant build for uClinux
The code contains a bogus #ifdef for uClinux building. [Bug 286]
2009-01-05 20:32:04 +02:00
Jouni Malinen
b39d1280a7 Silenced number of Doxygen warnings 2009-01-04 15:07:54 +02:00
Jouni Malinen
08c0f0670a Completed Doxygen documentation for functions declared in wps/wps.h 2009-01-04 13:43:05 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
26d1dc96e9 Include the header file to validate function prototype. 2009-01-03 20:21:12 +02:00
Jouni Malinen
c5adf528a2 Moved WPS Registrar initialization from EAP peer to wps_supplicant.c
This matches the style used in hostapd, i.e., Registrar is initialized
only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 20:18:35 +02:00
Jouni Malinen
41c00105f2 Removed registrar pointer from wps_config and wps_data
wps_context::registrar can be used as the only location for this
pointer.
2009-01-03 20:09:35 +02:00
Jouni Malinen
5a8c6d3353 Removed duplicated authenticator yes/no from wps_config and wps_data
wps_context::ap is available for this purpose and there is no need to
change between AP and not AP between protocol runs.
2009-01-03 19:57:22 +02:00
Jouni Malinen
ae2633af63 Removed unused WPS_PENDING processing result 2009-01-03 19:52:20 +02:00
Jouni Malinen
f90c86d4a3 Added Doxygen documentation for WPS code 2009-01-03 19:50:49 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
dd42f95f71 Move addr_un definitions to avoid using out-of-scope buffer 2009-01-02 21:53:21 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
84f5b41fc1 WPS: Cleanup UUID and MAC address configuration
No need to configure these separately for each Enrollee in wps_config
since wps_context is now used both for Registrar and Enrollee.
2009-01-01 22:56:02 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
c2fef14520 Sync nl80211.h copy with the current kernel version 2008-12-31 18:00:07 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
c3469d1534 MFP: Fix SA Query Action Category
IEEE 802.11w/D7.0 incorrectly changed the Action Category from 8 to 7
when renaming Ping to SA Query. Category 7 is reserved for HT (IEEE
802.11n) and IEEE 802.11w will need to continue to use the category 8
that was allocated for it.
2008-12-31 17:52:05 +02:00
Jouni Malinen
3f732d1fc3 Fix TLS message processing if Flags field is not present
Previous version assumed that the Flags field is always present and
ended up reading one octet past the end of the buffer should the Flags
field be missing. The message length would also be set incorrectly
(size_t)-1 or (size_t)-5, but it looks like reassembly code ended up
failing in malloc before actually using this huge length to read data.

RFC 2716 uses a somewhat unclear description on what exactly is included
in the TLS Ack message ("no data" can refer to either Data field in 4.1
or TLS Data field in 4.2), so in theory, it would be possible for some
implementations to not include Flags field. However,
EAP-{PEAP,TTLS,FAST} need the Flags field in Ack messages, too, for
indicating the used version.

The EAP peer code will now accept the no-Flags case as an Ack message if
EAP workarounds are enabled (which is the default behavior). If
workarounds are disabled, the message without Flags field will be
rejected.

[Bug 292]
2008-12-30 12:28:02 +02:00
Jouni Malinen
98de443890 WPS: Set recommended retransmission times with EAP method specific hint 2008-12-29 18:50:37 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
34cbe7d0b0 WPS: As a workaround, pad zero-length device attributes
Some deployed WPS implementations fail to parse zero-length attributes.
As a workaround, send a null character if the device attribute string is
empty. This allows default values (empty strings) to be used without
interop issues.
2008-12-25 21:19:46 +02:00
Andriy Tkachuk
febc0551c5 WPS: Do not use Selected Registrar Config Methods from scan results
Before this change, it looked like an AP that was using wsccmd did not
get activated since wsccmd left the Selected Registrar Config Methods
attribute to be zero. Since Device Password ID can be used to
distinguish PBC from any other method, use only it to figure out whether
PBC or PIN method is active.
2008-12-25 20:33:00 +02:00
Jouni Malinen
af7837feff Added get_interfaces() handler to list all NDIS adapters 2008-12-24 21:31:14 +02:00
Jouni Malinen
4b4a8ae547 Added a mechanism for quering driver wrappers for available interfaces
The new INTERFACE_LIST global control interface command can be used to
request a list of all available network interfaces that could be used
with the enabled driver wrappers. This could be used to enable
interfaces automatically by external programs (e.g., wpa_gui).
2008-12-24 20:25:19 +02:00
Jouni Malinen
3cf85239bd Mark local functions static. 2008-12-22 22:27:25 +02:00
Jouni Malinen
ac305589a3 Added support for global driver data (shared by multiple interfaces)
Driver wrappers can now register global_init() and global_deinit()
driver_ops handlers to get a global data structure that can be shared
for all interfaces. This allows driver wrappers to initialize some
functionality (e.g., interface monitoring) before any interfaces have
been initialized.
2008-12-22 22:24:31 +02:00
Jouni Malinen
d6e0ce9ac8 Use wildcard UUID when setting AP PIN for Registrar in wpa_supplicant 2008-12-21 17:37:40 +02:00
Jouni Malinen
723763cba0 Fixed NDIS AuthMode configuration for WPS connection 2008-12-21 17:27:32 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
ad5302a1ca WPS: Added event callback for successfully completed registration 2008-12-19 22:34:18 +02:00
Jouni Malinen
469fc3a41f WPS: Added callback for failure-after-M2/M2D
This callback is now used to stop wpa_supplicant from trying to continue
using parameters (most likely, device password) that do not work in a
loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 22:19:41 +02:00
Jouni Malinen
4b68290e77 WPS: Added event callback and M2D notification
The event callback will be used for various event messages and the M2D
notification is the first such message. It is used to notify wpa_gui
about Registrar not yet knowing the device password (PIN).
2008-12-18 21:58:42 +02:00
Andriy Tkachuk
f086742432 Fix CONFIG_WPS=y, CONFIG_TLS=internal build
crypto_mod_exp() is needed for both EAP-FAST and WPS.
2008-12-18 20:10:18 +02:00
Jouni Malinen
f0477201bd WPS: Fixed deinit code for freeing config and registrar data
We need to be a bit more careful when removing the WPS configuration
block since wpa_s->current_ssid may still be pointing at it. In
addition, registrar pointer in wps_context will need to be cleared
since the context data is now maintained over multiple EAP-WSC runs.
Without this, certain WPS operations could have used freed memory.
2008-12-18 01:06:06 +02:00
Jouni Malinen
a92c421d1a WPS: Improved error processing to use NACK correctly
Instead of sending out EAP-Failure on errors (on AP) or stopping (on
Supplicant), send a NACK message based on the allowed EAP state machine
transitions for EAP-WSC.
2008-12-16 22:37:55 +02:00
Jouni Malinen
ac5953db66 Fixed EAP-AKA build in case EAP-AKA' is disabled 2008-12-16 18:57:49 +02:00
Jouni Malinen
ff8a53a8d7 Use a fixed wps_msg prefix with WPS creds notification 2008-12-15 22:32:45 +02:00
Jouni Malinen
a524f05eb3 WPS: Added control interface notification for available WPS APs
Whenever new scan results include WPS AP(s) and the client is not
associated, send a notification message to control interface monitors.
This makes it easier for GUIs to notify the user about possible WPS
availability without having to go through the scan results.
2008-12-15 20:09:57 +02:00
Jouni Malinen
f4f2774a96 Fixed interoperability issue with PEAPv0 cryptobinding and NPS
Windows Server 2008 NPS gets very confused if the TLS Message Length is
not included in the Phase 1 messages even if fragmentation is not used.
If the TLS Message Length field is not included in ClientHello message,
NPS seems to decide to use the ClientHello data (excluding first six
octets, i.e., EAP header, type, Flags) as the OuterTLVs data in
Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP)..

Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of
this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0
is now using optional Cryptobinding by default (again) since there are
no known interop issues with it anymore.
2008-12-15 00:15:54 +02:00
Jouni Malinen
000a1de72b Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and
MS-MPPE-Send-Key for total of 32 octets) to match with server
implementation.

Swapped the order of MPPE keys in MSK derivation since server
MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for
EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now
using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap
the order of the MPPE keys to get ISK in a way that interoperates with
Cisco EAP-FAST implementation.
2008-12-14 13:12:20 +02:00
Jouni Malinen
329a55b314 Ported driver_test to Windows (only UDP socket available) 2008-12-12 22:41:18 +02:00
Jouni Malinen
e33bbd8f4d driver_test: Optional support for using UDP socket
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.

hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
2008-12-12 21:35:22 +02:00
Jouni Malinen
2ff0f83b9e Comment out dynamic CertEnumCertificatesInStore loading by default
This is now available in MinGW header files, so the loading code is
triggering conflicts.
2008-12-11 00:57:15 +02:00
Jouni Malinen
9e72e1d356 Workaround number of compiler warnings with newer MinGW version 2008-12-11 00:56:37 +02:00
Jouni Malinen
702c349e5e Resolved number of signed/unsigned mismatches and ntddndis.h location 2008-12-11 00:55:33 +02:00
Jouni Malinen
47ce4bfc38 Rename MSG to MESG to avoid conflicts with Windows header files 2008-12-11 00:54:49 +02:00
Jouni Malinen
3ee81d489a Don't include unused calls to SHA256 functions if EAP-AKA' is not enabled 2008-12-11 00:49:39 +02:00
Luis R. Rodriguez
6d1584905c wpa_supplicant: Add support for setting of a regulatory domain
This adds support for setting of a regulatory domain to wpa_supplicant
drivers. It also adds regulatory domain setting for the nl80211 driver.
We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a
global.
2008-12-09 22:11:14 +02:00
Jouni Malinen
7e45830ab7 nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
This makes it easier to build the packages and allows all new features
to be built into the binary regardless of which kernel is currently
used.
2008-12-08 11:04:13 +02:00
Jouni Malinen
9478eaef53 Added option to force SoH version 1 (tnc=soh1)
The default version with tnc=soh remains to be 2 which is the currently
recommended version in SoH specification.
2008-12-07 21:00:42 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
01b0569437 Added protection against EAP-AKA' -> EAP-AKA bidding down attacks
AT_BIDDING attribute is included in EAP-AKA/Challenge to allow peer to
know whether the server would have preferred EAP-AKA'.
2008-12-05 22:25:47 +02:00
Jouni Malinen
8de5048e26 Fixed a typo in a comment 2008-12-04 22:15:51 +02:00
Jouni Malinen
a478ef0d12 EAP-AKA': Added CK',IK' derivation
This is based on a change request 3GPP TS 33.402 CR 0033 for version
8.1.1. The hardcoded ANID is now 'WLAN' since that is used in
3GPP TS 24.302.
2008-12-04 21:50:56 +02:00
Jouni Malinen
a49c428a1b EAP-AKA': Comment out EAP-AKA' server KDF negotiation
Since only one KDF is currently supported, the negotiation is not
allowed and peer must be rejected if it tries to send KDF selection in a
Challenge message. The negotiation code is left in the file and just
commented out since it was tested to work and can be used in the future
if another KDF is added.
2008-12-04 20:32:56 +02:00
Jouni Malinen
6ec4021c03 EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributes
Network Name is not yet generated and validated based on 3GPP.33.402
(i.e., a hardcoded string is used in server and anything is accepted in
peer).
2008-12-04 20:29:46 +02:00
Jouni Malinen
b8ab624984 Fixed EAP-SIM and EAP-AKA AT_IDENTITY parsing (server only)
The attribute uses 'Actual Identity Length' field to indicate the exact
(pre-padding) length of the Identity. This actual length should be used
as the length, not the remaining attribute length.

This was previously worked around by stripping null termination away
from the end of the identity string at EAP-SIM and EAP-AKA server code.
However, it is likely that that workaround is not really needed and the
real problem was in AT_IDENTITY parsing. Anyway, the workaround is left
in just in case it was really needed with some implementations.
2008-12-04 18:51:42 +02:00
Jouni Malinen
15828ba820 Made 802.11 management frame IE parser aware of vendor HT Capab IE
This IE is not (at least yet) actually used for anything, but parsing it
cleans up verbose debug log a bit since thie previously unknown, but
commonly used, vendor IE was being reported as unknown.
2008-12-04 13:42:33 +02:00
Jouni Malinen
73d48dc4b4 EAP-AKA': Allow both AKA AKA' to be registed from eap_aka_prime.c
This allows the same source code file to be shared for both methods. For
now, this is only in eap_aka_prime.c, but eventually, changes in
eap_aka_prime.c are likely to be merged into eap_aka.c at which point
the separate eap_aka_prime.c can be removed.
2008-12-03 19:59:52 +02:00
Jouni Malinen
9881795e2c EAP-AKA': Derive keys using the new KDF (PRF') 2008-12-03 19:22:20 +02:00
Jouni Malinen
806f869918 EAP-AKA': Use HMAC-SHA-256-128 for AT_MAC 2008-12-02 21:29:26 +02:00
Jouni Malinen
f54e2c34bf EAP-AKA': Use SHA256 for AT_CHECKCODE 2008-12-02 21:05:38 +02:00
Jouni Malinen
f09d19d46a Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'
This makes it easier to eventually replace EAP-AKA implementation with a
shared implementation that supports both EAP-AKA and EAP-AKA'.
2008-12-02 20:27:05 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
08bec36178 WPS: Added support for wildcard PINs that work with any UUID-E
Since the Registrar may not yet know the UUID-E when a new PIN is
entered, use of a wildcard PIN that works with any UUID-E can be useful.
Such a PIN will be bound to the first Enrollee trying to use it and it
will be invalidated after the first use.
2008-11-30 20:32:03 +02:00