Commit graph

14 commits

Author SHA1 Message Date
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
af72d17e72 EAP-TTLS peer: Fix user input during implicit identity request
Special processing is needed to handle EAP user request for
identity or password at the beginning of Phase 2 when the implicit
identity request is used. data->pending_phase2_req needs to be set
to an empty buffer in that case to avoid re-processing the previous
part of TLS negotiation when the user enters the needed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:02:20 +02:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
74727a7b32 Use type cast to get rid of implicit sign extension
The size_t value here can be 64-bit and result in implicit sign
extension. In this particular case, that gets masked out by
host_to_be32(), so there is no practical difference, but it is better
to get rid of the 64-bit variable explicitly.
2011-04-14 01:27:38 +03:00
Jouni Malinen
2a29f0d45c Rename EAP TLS variables to make server and peer code consistent 2009-12-24 00:16:58 +02:00
Jouni Malinen
496c5d981e Use wpabuf with tls_connection_ia_send_phase_finished() 2009-12-20 21:33:32 +02:00
Masashi Honma
bab31499fd EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes
on EAP-TTLS/PAP. But when the password length is zero, no padding is
added. It doesn't cause connectivity issue. In fact, I could connect
with hostapd RADIUS server with zero length password.

I think it's better for obfuscation to pad the 16 bytes data when the
password length is zero with this patch.
2009-12-09 23:42:54 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
000a1de72b Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and
MS-MPPE-Send-Key for total of 32 octets) to match with server
implementation.

Swapped the order of MPPE keys in MSK derivation since server
MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for
EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now
using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap
the order of the MPPE keys to get ISK in a way that interoperates with
Cisco EAP-FAST implementation.
2008-12-14 13:12:20 +02:00
Jouni Malinen
a9141cffb0 Updated EAP-TTLSv0 references to use RFC 5281 2008-08-16 10:17:22 +03:00
Jouni Malinen
30680e9332 EAP-TTLS: Fixed implicit challenge derivation to use correct output length
The previous version was deriving unnecessarily large amount of output data
for the implicit challenge. With the TLS PRF, this was not causing any
problems because the output length is not explicitly bound into the
derivation. Anyway, it is better to use the correct output length should
the PRF be ever changed to a one that uses the output length to change the
beginning of the output data.
2008-03-23 12:07:59 +02:00
Jouni Malinen
35f39ac4c9 TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
Need to process EAP AVP after the non-EAP Phase 2 method. In addition,
EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after
extra roundtrip of MSCHAPv2 success message.
2008-03-09 12:04:10 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00