This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.
Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
It looks like some Windows NDIS drivers (e.g., Intel) do not clear the
PMKID list even when wpa_supplicant explicitly sets the list to be
empty. In such a case, the driver ends up trying to use PMKSA caching
with the AP and wpa_supplicant may not have the PMK that would be needed
to complete 4-way handshake.
RSN processing already had some code for aborting PMKSA caching by
sending EAPOL-Start. However, this was not triggered in this particular
case where the driver generates the RSN IE. With this change, this case
is included, too, and the failed PMKSA caching attempt is cleanly
canceled and wpa_supplicant can fall back to full EAP authentication.
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
It looks like [MS-PEAP] 3.2.5.6 points towards this being the expected
behavior (however, that chapter is very confusing).
In addition, remove Cryptobinding TLV from response if the received
Cryptobinding TLV is not valid. Add some more debug messages to the case
where the received Cryptobinding TLV is found invalid.
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:
engine2
engine2_id
pin2
and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.
LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]
USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
Remove the old code from driver_wext.c since the private ioctl interface is
never going to be used with mac80211. driver_nl80211.c has an
implementation than can be used with mac80211 (with two external patches to
enable userspace MLME configuration are still required, though).
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
It looks like ACS did not like PAC Acknowledgment TLV before Result TLV, so
reorder the TLVs to match the order shown in a
draft-cam-winget-eap-fast-provisioning-09.txt example. This allows
authenticated provisioning to be terminated with Access-Accept (if ACS has
that option enabled). Previously, provisioning was otherwise successful,
but the server rejected connection due to not understanding the PAC Ack
("Invalid TEAP Data recieved").
Previously, hardcoded identity in the network configuration skipped both
IMSI reading and PIN verification. This broke cases where PIN is needed for
GSM/UMTS authentication. Now, only IMSI reading is skipped if identity is
hardcoded.
This change breaks interoperability with older wpa_supplicant versions
(everything up to and including wpa_supplicant 0.5.10 and 0.6.5) which
incorrectly used this field as number of bytes, not bits, in RES.
Instead of falling back to full TLS handshake on expired PAC, allow the
PAC to be used to allow a PAC update with some level of server
authentication (i.e., do not fall back to full TLS handshake since we
cannot be sure that the peer would be able to validate server certificate
now). However, reject the authentication since the PAC was not valid
anymore. Peer can connect again with the newly provisioned PAC after this.
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).
With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
A driver was found to remove SSID IE from NDIS_WLAN_BSSID_EX IEs, but the
correct SSID is included in NDIS_802_11_SSID structure inside the BSSID
data. If this is seen in scan results, create a matching SSID IE and add it
to the end of IEs to fix scan result parsing.
Need to make sure that portValid is TRUE in order to avoid PAE state
machine going into DISCONNECTED state on eapol_sm_step(). This could be
triggered at least with OKC.
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
draft-cam-winget-eap-fast-provisioning-06.txt or RFC 4851 do not seem to
mandate any particular order for TLVs, but some interop issues were noticed
with an EAP-FAST peer implementation when Result TLV followed PAC TLV. The
example in draft-cam-winget-eap-fast-provisioning-06.txt shows the TLVs in
the other order, so change the order here, too, to make it less likely to
hit this type of interop issues.
This adds all the attributes that are marked as mandatory for SoH in
IF-TNCCS-SOH v1.0. MS-Machine-Inventory does not contain correct data
(i.e., all version fields are just marked as inapplicable) and
MS-MachineName is hardcoded to wpa_supplicant@w1.fi for now.
It is possible that the initialization of the Phase 2 EAP method fails and
if that happens, we need to stop EAP-TTLS server from trying to continue
using the uninitialized EAP method. Otherwise, the server could trigger
a segmentation fault when dereferencing a NULL pointer.
