Commit graph

19735 commits

Author SHA1 Message Date
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
ab17e3f2b7 Fixed EAP-IKEv2 server fragment processing
Need to clear the state back to MSG after having processed all incoming
fragments. Without this, the server got stuck in sending the fragment ACK
even after having received the full message.
2008-05-26 16:51:40 +03:00
Jouni Malinen
ef626b4d50 Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this
cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not
seem to have a configuration item for disabling all compression (0.9.9 has
such an option). If compression is used, Phase 2 decryption may end up
producing more data than the input buffer due to compressed data. This
shows up especially with EAP-TNC that uses very compressible data format.

As a workaround, increase the decryption buffer length to (orig_len+500)*3.
This is a hack, but at least it handles most cases. TLS compression should
really be disabled for EAP use of TLS, but since this can show up with
common setups, it is better to handle this case.
2008-05-26 12:33:04 +03:00
Jouni Malinen
e572cb6398 Do not define tls_engine_get_cert() if OpenSSL engine is disabled 2008-05-26 12:04:35 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
d9521c7438 Example configuration for EAP-TLS authentication using PKCS#11 TPM token 2008-05-23 19:41:05 +03:00
David Smith
61ee0f71bb Add support to wpa_supplicant configuring eap_peer for client cert and CA
cert on smartcard, plus handling phase2 auth with smartcard same as phase1.
2008-05-23 10:55:30 +03:00
David Smith
d1f73353bc Add support to eap_peer for client cert and CA cert on smartcard and in
phase2 auth.
2008-05-23 10:52:49 +03:00
David Smith
e59c91af82 Add support to crypto/tls for client cert and CA cert from smartcard 2008-05-23 10:49:59 +03:00
Jouni Malinen
29222cd303 Added instructions on how to create the DH parameters files. 2008-05-21 10:53:56 +03:00
Jouni Malinen
fca25ef4b4 Only use SSL_OP_NO_COMPRESSION if it is defined
It looks like this SSL_set_options() value was added in 0.9.9 and it does
not exist in stable releases of OpenSSL. Fix build by using #ifdef on this
variable before use.
2008-05-21 10:10:10 +03:00
Jouni Malinen
1f358437d3 Disable TLS compression since the EAP-TTLS/PEAP/FAST payload processing
does not support it currently and EAP-TLS RFC does not allow compression to
be negotiated for TLS.
2008-05-15 16:48:44 +03:00
Jouni Malinen
dcf9c2bd77 Updated the comment on 'bridge' variable to mention nl80211 which needs
this parameter, too.
2008-05-07 13:51:00 +03:00
Jouni Malinen
579313ab07 Fixed xsi:schemaLocation to use whitespace to separate members of the pair. 2008-05-06 21:29:14 +03:00
David Smith
e403be0b12 Add setSmartcardModules DBus message to set pkcs11 and opensc options
This will be used by most importantly network manager to set smartcard
options at run time.
2008-04-28 17:15:56 +03:00
Henrik Brix Andersen
a6a89fea36 Fix compilation without IEEE8021X_EAPOL defined 2008-04-28 17:06:43 +03:00
Michael Bernhard
b717ee2ab2 Disable functionality in hostapd_deauth_all_stas for hostap driver only
Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-04-16 14:40:32 +03:00
Jouni Malinen
fe2b7dda02 Fixed fallback to full handshake when server rejects PAC-Opaque
The TLS client changes in ssl3_get_server_hello() were based on the
pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case
PAC-Opaque was used. This prevented fallback to full TLS handshake in case
the server rejected PAC-Opaque in ClientHello. The fixed version simplifies
ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL
(ssl3_check_finished) to allow the state machine handle start of
abbreviated handshake based on the used ticket.
2008-04-15 17:24:06 +03:00
Jouni Malinen
d4092763cf Fixed fallback to full handshake when server rejects PAC-Opaque
The TLS client changes in ssl3_get_server_hello() were based on the
pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case
PAC-Opaque was used. This prevented fallback to full TLS handshake in case
the server rejected PAC-Opaque in ClientHello. The fixed version simplifies
ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL
(ssl3_check_finished) to allow the state machine handle start of
abbreviated handshake based on the used ticket.
2008-04-15 17:08:15 +03:00
Jouni Malinen
1c156e783d Fixed tls_prf() to handle keys with odd length
The middle byte of the secret (key for PRF) is shared with key halfs in
case the key length is odd. This does not happen in any of the current
tls_prf() uses, but it's better to fix this function to avoid future issues
should someone end up defining a use that uses an odd length for the key.
2008-04-14 20:11:49 +03:00
Jouni Malinen
0d58229994 Small whitespace cleanup 2008-04-13 12:48:59 +03:00
Michael Bernhard
4c6122c397 driver_nl80211: Do not send nl80211 message if beacon is not set yet
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:41:30 +03:00
Michael Bernhard
f4a5a7468d driver_nl80211: Return correct value
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:40:24 +03:00
Michael Bernhard
a325926a9c driver_nl80211: Initialize local variable
This solves the problem with out-of-sync ACK messages.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:39:13 +03:00
Michael Bernhard
99c55ef92f driver_nl80211: Clone netlink callbacks instead of creating new ones
This way the default callbacks are inherited.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:37:49 +03:00
Bernhard Michael
f7868b5018 driver_nl80211: Use customizable netlink callbacks
This allows the use of NL_CB_VERBOSE or NL_CB_DEBUG.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:36:23 +03:00
Michael Bernhard
7cc92d7275 driver_nl80211: Use the correct nl80211 command to flush all stations
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:33:59 +03:00
Johannes Berg
dda803699f nl80211 driver: fix beacon interval setting
This removes the hard-coded beacon interval setting.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-04-09 10:11:04 +03:00
Jouni Malinen
0146165170 TNC: Added preliminary code for IF-TNCCS-SOH client side support
Process SoH Request in SoH EAP Extension method and reply with SoH TLV. The
contents of SSoH is not yet complete (i.e., some of the required attributes
are still missing). Use of SoH is disabled by default; it can be enabled
with tnc=soh in phase1 parameter for PEAP.
2008-04-08 16:15:56 +03:00
Jouni Malinen
d6888f9e37 PEAPv0: Added crypto_binding configuration option (part of phase1)
crypto_binding=# in phase1 network parameter can now be used to change the
PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default),
2 = required).
2008-04-08 14:57:39 +03:00
Artem Antonov
eaaab2bd98 Fix nl80211 driver to receive EAPOL response
This patch fixes nl80211 driver to receive EAPOL response if wlan0 was
added to bridge.
2008-04-08 09:49:06 +03:00
Pavel Roskin
8738e4fc55 driver_wext: Fix missing bracket in [DORMANT]
Signed-off-by: Pavel Roskin <proski@gnu.org>
2008-04-07 10:09:37 +03:00
Daniel Wagner
913cf1caec Rename NL80211_[ATTR]_STA_STAT_* to NL80211_[ATTR_]STA_INFO_
adapt to change 72141605e9f9d856418bbed9dc47e5ad42aabb42
nl80211/cfg80211: support for mesh, sta dumping

Signed-off-by: Daniel Wagner <wagi@monom.org>
2008-03-31 12:39:52 +03:00
Kel Modderman
0e5776f673 Remove the -w option from help output
Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:51:49 +03:00
Kel Modderman
7da6794022 Explain not all driver backends will be compiled into wpa_supplicant binary
Explain that wpa_supplicant supports a variety of drivers, but only a
subset of them are chosen at compile time.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:49:55 +03:00
Tomasz Wolniewicz
c454f57379 eapol_test: Allow client IP address to be specified
Allow the user to set the IP address of the eapol_test client. This if
very useful when you have a machine with many interfaces and want to use a
particular one for testing RADIUS connectivity. For instance when I run the
national eduroam proxy I can only connect to other server from a particular
address, an our machine happens to have several IPs. So if I want to run
connectivity tests, I must make sure that my test uses a particular
interface. The -A option allows one to set this).

(jm: cleaned up to use radius configuration structure instead of global
variable for the address and added IPv6 support)
2008-03-30 18:15:52 +03:00
Tomasz Wolniewicz
1e4b9da10c Chargeable-User-Identity (RFC 4372) in eapol_test
Implements the Chargable-User-Identity (CUI), as defined in RFC 4372.
Option "-i" causes the eapol_test to send a NUL CUI - which is a request to
send a CUI back. Capital "-I" allows to specify the value of the CUI.
This has been defined for cases where the client wants to reauthenticate.
2008-03-30 17:39:19 +03:00
Jouni Malinen
1c2ff04f3a TNC: Added preliminary code for IF-TNCCS-SOH server side support
If TNC is enabled, PEAPv0 server is now sending out SoH request to initiate
IF-TNCCS-SOH (Microsoft NAP / Statement of Health) handshake. The results
are currently only shown in debug log and they do not affect authentication
or authorization result.
2008-03-30 17:10:44 +03:00
Jouni Malinen
30680e9332 EAP-TTLS: Fixed implicit challenge derivation to use correct output length
The previous version was deriving unnecessarily large amount of output data
for the implicit challenge. With the TLS PRF, this was not causing any
problems because the output length is not explicitly bound into the
derivation. Anyway, it is better to use the correct output length should
the PRF be ever changed to a one that uses the output length to change the
beginning of the output data.
2008-03-23 12:07:59 +02:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
32f049b2af EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation
Microsoft uses reverse order for MS-MPPE keys in EAP-PEAP when compared to
EAP-FAST derivation of ISK. Swap the keys here to get the correct ISK for
EAP-PEAPv0 cryptobinding. This resolves the cryptobinding interop issue
with WinXP SP3 RC2. However, it looks like MSK derivation does not
interoperate when using cryptobinding, so this code remains disabled for
the time being.
2008-03-18 16:27:55 +02:00
Jouni Malinen
e1a69a0b10 EAP-PEAP: Added preliminary code for PEAPv0 and PEAPv2 cryptobinding
This implementation is complete for PEAPv0 (Microsoft extension), but the
use of cryptobinding is disabled in this version, i.e., this does not
change protocol behavior at all.

Interop tests between hostapd and wpa_supplicant work fine, but there are
some problems in getting hostapd to interoperate with Windows XP SP3 RC2
(peer replies with Result Failure to the attempted cryptobinding). The
implementation will remain disabled until this issue has been resolved.
2008-03-18 12:19:52 +02:00
Jouni Malinen
0ac0e4df1c EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 11:26:17 +02:00
Jouni Malinen
06726f0bdd EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c server
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 08:31:04 +02:00
Jouni Malinen
a865bd5031 Some cleanup for the new driver wrapper for PS3
wpa_printf() does not use '\n'. Fixed set_wpa_key() to allocate buf for
ASCII passphrase case.
2008-03-13 19:05:45 +02:00
Masakazu Mokuno
b5a357b476 Add support for PS3 Linux wireless driver
This adds support for PS3 wireless to wpa_supplicant.

Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:

 - PS3 wireless driver uses private WEXT ioctls for accepting PSK of
   WPA-Personal from the userland.
   WEXT does not specify the way to do it.

 - The association and 4-way handshake are done by PS3 virtual
   wireless device. The guest OSes can not interfere it.

 - No EAPOL frames are allowed to go outside of the
   hypervisor/firmware nor come from. They are eaten by the firmware.

Thus I needed to make a new driver wrapper for PS3 wireless.

This patch can be applied against the latest 0.6.x tree.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-03-13 19:00:37 +02:00
Chris Zimmermann
6affdaee6b Support for RADIUS ACLs with drivers that do not use hostapd MLME
Sam Leffler <sam@errno.com>:
Attached are changes from Chris Zimmerman (cc'd) to allow drivers to handle
radius ACL's.  The patch is against 0.5.10 but I suspect will also apply to
your latest code.  These mods enable radius acl support in freebsd w/ my
vap code.

You may want to do the changes to ieee802_11_auth.c differently as they
currently require all participating drivers to work the same.  You might be
able to check the return value from hostapd_set_radius_acl_auth and use
that to decide whether the alternate code should be run so you can have 1
driver using this stuff while the other does not.

(jm: Added without more dynamic check for now; in addition, none of the
current in-tree driver wrappers actually implement these handlers, so this
is in preparation for future changes)
2008-03-12 11:43:55 +02:00
Chris Zimmermann
b6745143e8 hostapd_allowed_address() is called from hostapd_config_reload_sta() with
session_timeout and acct_interim_interval set to NULL.  Without checking
these before accessing, we'd cause a NULL pointer access in this case.  In
ieee802_11.c calls hostapd_allowed_address() with valid pointers.
2008-03-12 11:39:56 +02:00
Jouni Malinen
658d166297 FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily
updated to point to the correct target address when doing over-the-air FT
since the address is used before the association has actually been
completed.
2008-03-12 11:20:20 +02:00
Jouni Malinen
58a98fb027 Delete PTK SA on (re)association if this is not part of a Fast BSS
Transition. This fixes a potential issue where an incorrectly behaving AP
could send a group key update using the old (now invalid after reassociate)
PTK. This could also happen if there is a race condition between reporting
received EAPOL frames and association events.
2008-03-12 11:18:57 +02:00