This commit adds support for deriving ERP key information in EAP Proxy
based EAP method implementations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows ERP keys to be managed by external entities, e.g., when
offloading FILS shared key authentication to a driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The RSN pre-authentication case ended up ignoring the initial
startPeriod value and delayed EAPOL-Start message by two seconds. Fix
this by forcing the first EAPOL-Start message to be sent when running
pre-authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This function is called only from locations within ifdef
CONFIG_EAP_PROXY, so there is no need to try to cover the not-defined
case here and the function can simply be removed completely if
CONFIG_EAP_PROXY=y is not used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.
Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be callable through the EAPOL supplicant wrappers to allow
FILS implementation to use ERP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The EAP peer state machine moved from IDLE to FAILURE state when the
EAPOL Authenticator triggered reauthentication with an
EAP-Request/Identity in a case where the associated started with FT
protocol or offloaded PMKSA cache use (4-way handshake using a
previously acquired PMK). This happened due to the altSuccess=TRUE
setting being left behind and not cleared when processing the restart of
authentication. Fix this by clearing altAccept and eapSuccess when going
through SUPP_PAE RESTART state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, only CONNECTING->CONNECTING case ended up sending out an
EAPOL-Start frame to avoid sending the unnecessary initial EAPOL-Start.
However, this optimization prevented new EAPOL-Start from being
initiated when leaving the HELD state. Allow that case to trigger
immediate EAPOL-Start transmission to speed up connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
This program can be used to run fuzzing tests for areas related to EAPOL
frame parsing and processing on the supplicant side.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.
Signed-off-by: Jouni Malinen <j@w1.fi>
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com
Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.
Signed-off-by: Jouni Malinen <j@w1.fi>
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.
If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.
Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
While it does not look like that eapol_sm_get_key() would ever be called
with sm == NULL, the current implementation is inconsistent on whether
that is allowed or not. Check sm != NULL consistently to avoid warnings
from static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.
Signed-hostap: Jouni Malinen <j@w1.fi>
This was already included in all the other calls to eap_proxy, but
somehow the get_imsi call had been forgotten.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code
10 after successful EAP authentication which restarts the EAPOL
state machine. Drop such frames with this unrecognized code without
advancing the EAPOL supplicant or EAP peer state machines to avoid
interoperability issues with the AP.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication. Slightly enhance the "logon" case
by expiring any running "startWhile" timer.
Signed-hostap: Paul Stewart <pstew@chromium.org>
In addition to the offload mechanism, the Android configuration and
makefiles are extended to allow this to be configured for the build by
dropping in platform specific configuration files and makefile without
having to modify any existing files.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The previous eapol_sm_notify_cached() implementation forced the port
to be authorized when receiving EAPOL-Key msg 1/4 that included a
matching PMKID in cases when PMKSA caching is used. This is too early
since the port should really be authorized only after the PTK has been
configured which is the case when PMKSA caching is not used.
Fix this by using the EAPOL supplicant PAE state machine to go through
the AUTHENTICATING and AUTHENTICATED states instead of forcing a jump
to AUTHENTICATED without performing full state machine steps. This can
be achieved simply by marking eapSuccess TRUE at least with the current
version of EAP and EAPOL state machines (the earlier commits in this
function seemed to indicate that this may have not been that easy in
the older versions due to the hacks needed here).
This addresses an issue with nl80211-based driver interface when the
driver depends on the STA Authorized flag being used to prevent
unprotected frames from being accepted (both TX and RX) prior to PTK
configuration.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.
Signed-hostap: Jouni Malinen <j@w1.fi>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).
Signed-hostap: Jouni Malinen <j@w1.fi>
These checks would not really be needed since eapol_sm_rx_eapol()
validates the length fields. Anyway, these makes it more obvious to
anyone reviewing the code that there are no integer underflow issues in
processKey().
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the password parameter for EAP methods to be fetched
from an external storage.
Following example can be used for developer testing:
ext_password_backend=test:pw1=password|pw2=testing
network={
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
password=ext:pw1
ca_cert="ca.pem"
phase2="auth=PAP"
}
Signed-hostap: Jouni Malinen <j@w1.fi>
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:
- During method selection (ACK and NAK)
- During certificate verification
- While sending and receiving TLS alert messages
- EAP success and failure messages
This provides DBus callers a number of new tools:
- The ability to probe an AP for available EAP methods
(given an identity).
- The ability to identify why the remote certificate was
not verified.
- The ability to identify why the remote peer refused
a TLS connection.
Signed-hostap: Paul Stewart <pstew@chromium.org>
IEEE Std 802.1X-2004 does not clear authWhile and heldWhile in this
case, but doing so allows the timer tick to be stopped more quickly when
the port is not enabled. Since these variables are used only within HELD
and RECEIVE states, clearing them on initialization does not change
actual state machine behavior. This reduces some unnecessary operations
in port disabled state and cleans up the wpa_supplicant debug log after
disconnection.
Signed-hostap: Jouni Malinen <j@w1.fi>
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.
Signed-off-by: Dan Williams <dcbw@redhat.com>
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]