Commit graph

57 commits

Author SHA1 Message Date
Jouni Malinen
17b7032891 EAP peer: Clear ignore flag in INITIALIZE state
While this is not part of RFC 4137, the way m.check(eapReqData) is
implemented in wpa_supplicant allows an EAP method to not update the
ignore value even though each such call is really supposed to get a new
response. It seems to be possible to hit a sequence where a previous EAP
authentication attempt terminates with sm->ignore set from the last
m.check() call and the following EAP authentication attempt could fail
to go through the expected code path if it does not clear the ignore
flag. This is likely only hit in some error cases, though. The hwsim
test cases could trigger this with the following sequence:
eap_proto_ikev2 ap_wps_m1_oom

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 21:56:59 +02:00
Jouni Malinen
125bbef0e7 EAP peer: Replace MD5 with SHA1 in duplicate message workaround
MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
597e8afeb4 ERP: Avoid mixing of enum types
Use explicit typecasting to avoid implicit conversion warnings in cases
where enum eap_erp_type is used in functions taking an EapType argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Mikael Kanstrup
8b423edbd3 Declare all read only data structures as const
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2015-04-25 17:33:06 +03:00
Jouni Malinen
a867082cb8 EAP peer: Use 32-bit EAP method type for Phase 2 processing
This is a step towards enabling expanded EAP header within Phase 2 EAP
methods.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-01 12:57:11 +03:00
Jouni Malinen
7f7bfba919 Add an option allow canned EAP-Success for wired IEEE 802.1X
For wired IEEE 802.1X authentication, phase1="allow_canned_success=1"
can now be used to configure a mode that allows EAP-Success (and
EAP-Failure) without going through authentication step. Some switches
use such sequence when forcing the port to be authorized/unauthorized or
as a fallback option if the authentication server is unreachable. By
default, wpa_supplicant discards such frames to protect against
potential attacks by rogue devices, but this option can be used to
disable that protection for cases where the server/authenticator does
not need to be authenticated.

When enabled, this mode allows EAP-Success/EAP-Failure as an immediate
response to EAPOL-Start (or even without EAPOL-Start) and EAP-Success is
also allowed immediately after EAP-Identity exchange (fallback case for
authenticator not being able to connect to authentication server).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 19:22:54 +02:00
Jouni Malinen
d07d3fbda2 Add peer certificate alt subject name information to EAP events
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com

Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
ce460118a8 ERP: Drop ERP keys on failure on the peer
This allows recovery through fallback to full EAP authentication if the
server rejects us, e.g., due to having dropped ERP state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 15:47:04 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
56b352ec58 ERP: Avoid a static analyzer warning on uninitialized emsk_len
This was not really a real issue since bin_clear_free() would not use
the emsk_len argument when emsk is NULL as it would be on the path where
emsk_len has not been initilized. Anyway, it is better to get rid of the
warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:33:31 +02:00
Jouni Malinen
65d9a5e254 ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command
This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
02a8d45ace ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.

If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
07e2de3193 wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:55:13 +03:00
Jouni Malinen
27a725cf74 EAP: Do not allow fast session resumption with different network block
This forces EAP peer implementation to drop any possible fast resumption
data if the network block for the current connection is not the same as
the one used for the previous one. This allows different network blocks
to be used with non-matching parameters to enforce different rules even
if the same authentication server is used. For example, this allows
different CA trust rules to be enforced with different ca_cert
parameters which can prevent EAP-TTLS Phase 2 from being used based on
TLS session resumption.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 19:39:13 +03:00
Jouni Malinen
f534ee0804 EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
7b88b64cd3 EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 22:32:12 +02:00
Jouni Malinen
5f01c3c84a EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.

The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a5d44ac083 EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.

Changes to the EAP methods to use this new mechanism will be added in
separate commits.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Andrejs Cainikovs
fcf20528a0 Fix MNC length for Swisscom SIM cards
Swisscom SIM cards do not include MNC length within EF_AD, and end up
using incorrect MNC length based on the 3-digit default. Hardcode MNC
length of 2 for Switzerland, in the same manner as it was done for
Finland.

Signed-hostap: Andrejs Cainikovs <andrejs.cainikovs@sonymobile.com>
2013-08-31 10:58:23 +03:00
Shijie Zhang
d78d3c6190 EAP peer: Add check before calling getSessionId method
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.

Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
2013-04-26 12:30:01 +03:00
Stevent Li
950c563076 EAP peer: Add Session-Id derivation
This adds a new getSessionId() callback for EAP peer methods to allow
EAP Session-Id to be derived. This commits implements this for EAP-FAST,
EAP-GPSK, EAP-IKEv2, EAP-PEAP, EAP-TLS, and EAP-TTLS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-09 01:20:38 +02:00
Paul Stewart
93c7e332c2 wpa_supplicant: Add more DBus EAP status
Signal the start of EAP authentication as well as when additional
credentials are required to complete.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-01-12 19:51:18 +02:00
Jouni Malinen
ed61d2a5f9 Fix regression in LEAP
Commit 458cb30191 broke LEAP since it
rejects EAP-Success packet that is used within LEAP and this frame does
not have a payload. Fix LEAP by relaxing the generic EAP packet
validation if LEAP has been negotiated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-11 21:50:57 +03:00
Jouni Malinen
e026159a8e EAP-SIM/AKA: Store pseudonym identity in configuration
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 13:04:18 +03:00
Jouni Malinen
09bcf3be9c Clear idleWhile timer when EAP peer state machine is not in use
This allows the EAPOL tick timer to be stopped more quickly when
getting disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:08 +03:00
Jouni Malinen
f54eb34995 Add extra validation of EAP header length field
These validation steps are already done in the EAP parsing code and in
the EAP methods, but the additional check is defensive programming and
can make the validation of received EAP messages more easier to
understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 23:03:25 +03:00
Jouni Malinen
0ebb23e340 EXT PW: Add support for password parameter from external storage
This allows the password parameter for EAP methods to be fetched
from an external storage.

Following example can be used for developer testing:

ext_password_backend=test:pw1=password|pw2=testing

network={
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user"
    password=ext:pw1
    ca_cert="ca.pem"
    phase2="auth=PAP"
}

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Paul Stewart
dd7fec1f29 wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:10:01 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
9f98810c5d TLS: Use separate TLS library context for tunneled TLS
OpenSSL wrapper was using the same certificate store for both Phase 1
and Phase 2 TLS exchange in case of EAP-PEAP/TLS, EAP-TTLS/TLS, and
EAP-FAST/TLS. This would be fine if the same CA certificates were used
in both phases, but does not work properly if different CA certificates
are used. Enforce full separation of TLS state between the phases by
using a separate TLS library context in EAP peer implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-07 20:57:02 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
e6c6274947 Add preliminary MNC length determination based on IMSI
Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Jouni Malinen
a3e0105692 Avoid unnecessary memory allocation in building of SIM realm
The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Simon Baatz
2d7d0ab307 EAP-SIM/EAP-AKA peer: Support realms according to 3GPP TS 23.003
If the identity is derived from the SIM, use a realm according
to 3GPP TS 23.003.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
2012-01-22 21:54:24 +02:00
Jouni Malinen
4646ee67c0 Reject too short IMSI in EAP-SIM/AKA identity generation
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Dan Williams
9ef1aaae24 Use an enum for EAP SM requests
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Jouni Malinen
54e9c5fc69 EAP: Clear ClientTimeout back to default value in INITIALIZE
This fixes an issue where WPS run leaves a small ClientTimeout
value (2) configured and the next EAPOL authentication is started
with that small value even for Identity exchange. This can cause
problems when an EAPOL packet gets dropped immediately after
association and a retry of that packet is needed (which may take
more than two seconds).
2011-10-18 18:44:35 +03:00
Jouni Malinen
1b414f59fc eapol_test: Add option for writing server certificate chain to a file
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
2011-09-17 22:42:54 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00
Paul Stewart
8813e4d57e eap_peer: Add method to return current method name
If there is an active EAP method, return its name.

Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:47:33 +02:00
Jouni Malinen
d3e01b9d71 Re-initialize EAP ClientTimeout on for each session
ClientTimeout changes from EAP peer methods were not supposed to
change behavior for other EAP peer methods or even other sessions
of the same method. Re-initialize ClientTimeout whenever an EAP
peer method is initialized to avoid this. This addresses problems
where WPS (EAP-WSC) reduces the timeout and consecutive EAP runs
may fail due to too small timeout.
2010-12-28 12:09:14 +02:00
Jouni Malinen
f3a3e6987e WPS: Allow fragment size to be configured 2010-07-20 22:55:39 -07:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
7796f20edc Add new ctrl_iface event for EAP methods proposed by the server
This makes it easier for external programs to probe EAP server
preferences and potentially automatically detect which method
could be used.
2010-02-11 19:48:36 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
f2d8fc3d96 Do not try session resumption after EAP failure
If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
2009-02-15 17:36:49 +02:00