Commit Graph

1905 Commits

Author SHA1 Message Date
Jouni Malinen
1ac2d4a9ee Fixed canceling of PMKSA caching with driver generated RSN IE
It looks like some Windows NDIS drivers (e.g., Intel) do not clear the
PMKID list even when wpa_supplicant explicitly sets the list to be
empty. In such a case, the driver ends up trying to use PMKSA caching
with the AP and wpa_supplicant may not have the PMK that would be needed
to complete 4-way handshake.

RSN processing already had some code for aborting PMKSA caching by
sending EAPOL-Start. However, this was not triggered in this particular
case where the driver generates the RSN IE. With this change, this case
is included, too, and the failed PMKSA caching attempt is cleanly
canceled and wpa_supplicant can fall back to full EAP authentication.
2008-11-21 15:31:25 +02:00
Jouni Malinen
012783f1ab Fixed EAP-TLS message fragmentation for the last TLS message
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
2008-11-20 19:39:35 +02:00
Jouni Malinen
f32fe71a1f Fixed Milenage debug output to use correct length for IK and CK 2008-11-20 15:45:31 +02:00
Jouni Malinen
6cd4f02b03 Fixed EAPA-AKA warning message about AT_RES length to use bits 2008-11-20 15:23:51 +02:00
Jouni Malinen
c31a11c962 Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.
2008-11-20 12:49:34 +02:00
Jouni Malinen
bd1d13c199 Fixed size_t printf format for 64-bit builds 2008-11-19 21:21:34 +02:00
Jouke Witteveen
ea6380e7c9 Fixed a bug in read -> _read cleanup; one missed change 2008-11-19 21:20:24 +02:00
Jouni Malinen
2d981c2fd0 EAP-PEAP: Copy Binding nonce from cryptobinding request to reply
It looks like [MS-PEAP] 3.2.5.6 points towards this being the expected
behavior (however, that chapter is very confusing).

In addition, remove Cryptobinding TLV from response if the received
Cryptobinding TLV is not valid. Add some more debug messages to the case
where the received Cryptobinding TLV is found invalid.
2008-11-19 19:25:14 +02:00
Carolin Latze
98842d51ec Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:

engine2
engine2_id
pin2

and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
2008-11-18 16:53:32 +02:00
Jouni Malinen
9ef21b2fef roboswitch: Minor coding style cleanup 2008-11-18 16:35:08 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
cd35db9fef Updated userspace MLME instructions for current mac80211
Remove the old code from driver_wext.c since the private ioctl interface is
never going to be used with mac80211. driver_nl80211.c has an
implementation than can be used with mac80211 (with two external patches to
enable userspace MLME configuration are still required, though).
2008-11-18 15:45:25 +02:00
Jouni Malinen
0cf03892a4 OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding API
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
2008-11-16 21:29:12 +02:00
Jouni Malinen
ea251b4a23 EAP-FAST: Reorder TLVs in PAC Acknowledgment to fix interop issues
It looks like ACS did not like PAC Acknowledgment TLV before Result TLV, so
reorder the TLVs to match the order shown in a
draft-cam-winget-eap-fast-provisioning-09.txt example. This allows
authenticated provisioning to be terminated with Access-Accept (if ACS has
that option enabled). Previously, provisioning was otherwise successful,
but the server rejected connection due to not understanding the PAC Ack
("Invalid TEAP Data recieved").
2008-11-16 11:10:29 +02:00
Jouni Malinen
6982784e20 EAP-SIM/AKA: fixed initialization to verify PIN even if identity is set
Previously, hardcoded identity in the network configuration skipped both
IMSI reading and PIN verification. This broke cases where PIN is needed for
GSM/UMTS authentication. Now, only IMSI reading is skipped if identity is
hardcoded.
2008-11-07 20:09:44 +02:00
Jouni Malinen
04a5bad682 EAP-AKA: Validate RES Length field in AT_RES
This change breaks interoperability with older wpa_supplicant versions
(everything up to and including wpa_supplicant 0.5.10 and 0.6.5) which
incorrectly used this field as number of bytes, not bits, in RES.
2008-11-07 08:34:07 +02:00
Jouni Malinen
fa71a1d84a Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytes 2008-11-07 08:30:34 +02:00
Jouni Malinen
36100718de EAP-FAST server: allow expired PAC for PAC refresh
Instead of falling back to full TLS handshake on expired PAC, allow the
PAC to be used to allow a PAC update with some level of server
authentication (i.e., do not fall back to full TLS handshake since we
cannot be sure that the peer would be able to validate server certificate
now). However, reject the authentication since the PAC was not valid
anymore. Peer can connect again with the newly provisioned PAC after this.
2008-11-06 22:57:09 +02:00
Jouni Malinen
39452b4deb EAP-FAST: Include Tunnel PAC request only after EAP authentication 2008-11-06 21:07:53 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
81eec387dd Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
2008-11-06 04:21:32 +02:00
Jouni Malinen
31cbe002c9 driver_ndis: Added a workaround for a driver that removes SSID IE in scan
A driver was found to remove SSID IE from NDIS_WLAN_BSSID_EX IEs, but the
correct SSID is included in NDIS_802_11_SSID structure inside the BSSID
data. If this is seen in scan results, create a matching SSID IE and add it
to the end of IEs to fix scan result parsing.
2008-11-05 23:44:26 +02:00
Jouni Malinen
2a24bb3199 Added Milenage USIM emulator for EAP-AKA (can be used to simulate test
USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in
.config and password="Ki:OPc:SQN" in network configuration).
2008-11-05 23:02:13 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
ac987fb7de Fixed fwrite error path in eap_fast_write_pac not to free buf
Caller expects the buffer to be allocated on error, so eap_fast_write_pac()
must be consistent with its behavior on error paths.
2008-11-01 17:09:28 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
cb7b04c8c9 Moved ieee802_11_parse_elems() into common code 2008-10-29 21:48:14 +02:00
Jouni Malinen
308a4ec81a Verify fread(), fwrite(), and system() return values
These were starting to trigger compiler warning with recent glibc header
files and gcc.
2008-10-29 19:33:24 +02:00
Jouni Malinen
dd20838a7d Fixed size_t printf format for 64-bit targets 2008-10-29 19:30:23 +02:00
Jouni Malinen
8e8df25541 nl80211: Finish dumps properly (ported from iw.git) 2008-10-29 19:28:35 +02:00
Jouni Malinen
114622c021 Fixed EAPOL skip for PMKSA caching case to remain in authenticated state
Need to make sure that portValid is TRUE in order to avoid PAE state
machine going into DISCONNECTED state on eapol_sm_step(). This could be
triggered at least with OKC.
2008-10-25 20:21:31 +03:00
Jouni Malinen
244e07c54d EAP-FAST peer: Fixed not to add PAC Request in PAC Acknowledgement message 2008-10-19 10:02:57 +03:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
f36f51e403 Change the order of Result TLV and PAC TLV to avoid interop issues
draft-cam-winget-eap-fast-provisioning-06.txt or RFC 4851 do not seem to
mandate any particular order for TLVs, but some interop issues were noticed
with an EAP-FAST peer implementation when Result TLV followed PAC TLV. The
example in draft-cam-winget-eap-fast-provisioning-06.txt shows the TLVs in
the other order, so change the order here, too, to make it less likely to
hit this type of interop issues.
2008-10-08 15:50:01 +03:00
Jouni Malinen
3b7c9aa6aa Updated the comment on MS-Packet-Info mismatch based on [MS-SOH] info 2008-10-02 20:26:00 +03:00
Jouni Malinen
b43f7c34d2 SoH: Add null termination for empty url in MS-Quarantine-State. 2008-10-02 20:22:17 +03:00
Jouni Malinen
c908a9e5ae SoH: Add all the mandatory attributes into SSoH vendor specific attribute
This adds all the attributes that are marked as mandatory for SoH in
IF-TNCCS-SOH v1.0. MS-Machine-Inventory does not contain correct data
(i.e., all version fields are just marked as inapplicable) and
MS-MachineName is hardcoded to wpa_supplicant@w1.fi for now.
2008-10-02 19:34:22 +03:00
Jouni Malinen
75cf93d2c5 Fixed EAP-FAST peer not to add double Result TLV when ACKing PAC 2008-10-02 17:38:13 +03:00
Jouni Malinen
b6310a6f47 NDIS: Set authMode=WPA2, if needed, when flushing PMKID cache
Some drivers may refuse OID_802_11_PMKID if authMode is not set to WPA2,
so let's set it temporarily, if needed, when flushing PMKID cache.
2008-10-02 16:25:41 +03:00
Jouni Malinen
2e8c9a27f5 Fixed a typo 2008-10-02 12:40:24 +03:00
Jouni Malinen
510c02d4a3 Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return code
It is possible that the initialization of the Phase 2 EAP method fails and
if that happens, we need to stop EAP-TTLS server from trying to continue
using the uninitialized EAP method. Otherwise, the server could trigger
a segmentation fault when dereferencing a NULL pointer.
2008-10-01 13:55:04 +03:00
Jouni Malinen
6241fcb165 nl80211: clean up netlink code
This is a port of commit cafe38cae0
from Johannes Berg <johannes@sipsolutions.net> for hostapd to
wpa_supplicant driver_nl80211.c.
2008-09-30 16:46:22 +03:00
Jouni Malinen
38fa763405 Added set_mode() handler for privsep 2008-09-29 17:09:26 +03:00
Jouni Malinen
147bdb3f9c Fixed build without CONFIG_CLIENT_MLME 2008-09-29 16:59:51 +03:00
Dan Williams
ec5f180a24 Add an optional set_mode() driver_ops handler for setting mode before keys
A bug just got reported as a result of this for mac80211 drivers.

https://bugzilla.redhat.com/show_bug.cgi?id=459399

The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong.  The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.
2008-09-29 16:45:49 +03:00
Jouni Malinen
36b5e559f1 Validate WEXT event iwe->u.data.length before using the event data
This is needed to avoid crashing wpa_supplicant with invalid event messages
that may be received when using 64-bit kernel with 32-bit userspace.
2008-09-27 10:49:56 +03:00
Jouni Malinen
fa2ec7eb63 Silenced compiler warnings on size_t printf format and shadowed variables 2008-09-27 10:46:06 +03:00
Jouni Malinen
b27f13ed28 MFP + FT: Added support for sending IGTK in FTIE 2008-09-01 11:00:59 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
c2a714088d Moved WMM action category definition into ieee802_11_defs.h 2008-08-31 11:06:58 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
fd630bc183 Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer)
If IWEVGENIE or custom event wpa_ie/rsn_ie is received in scan with empty
buffer, the previous version ended up calling realloc(NULL, 0) which seems
to return a non-NULL value in some cases. When this return value is passed
again into realloc with realloc(ptr, 0), the returned value could be NULL.
If the ptr is then freed (os_free(data.ie) in SIOCGIWAP handling), glibc
may crash due to invalid pointer being freed (or double-freed?). The
non-NULL realloc(NULL, 0) return value from glibc looks a bit odd behavior,
but anyway, better avoid this case completely and just skip the IE events
that have an empty buffer.

This issue should not show up with drivers that produce proper scan results
since the IEs will always include the two-octet header. However, it seems
to be possible to see this when using 64-bit kernel and 32-bit userspace
with incorrect compat-ioctl processing.
2008-08-27 09:52:16 +03:00
Jouni Malinen
4d4233eaf4 Fixed internal TLSv1 server implementation for abbreviated handshake
When the TLS handshake had been completed earlier by the server in case of
abbreviated handshake, the output buffer length was left uninitialized. It
must be initialized to zero in this case. This code is used by EAP-FAST
server and the uninitialized length could have caused it to try to send a
very large frame (though, this would be terminated by the 50 roundtrip EAP
limit). This broke EAP-FAST server code in some cases when PAC was used to
establish the tunnel.
2008-08-24 13:08:15 +03:00
Jouni Malinen
1f21bc4cc3 Fixed EAP-FAST server PAC-Opaque padding
0.6.4 broke this for some peer identity lengths. The padding was supposed
to make sure that the length of PAC-Opaque is divisible by 8.
2008-08-24 12:50:12 +03:00
Jouni Malinen
f40b972690 HT: Removed unused definitions 2008-08-22 21:07:07 +03:00
Tomas Winkler
71b6ae1425 Add Intel copyright for files with 802.11n Intel changes
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
2008-08-22 09:15:05 +03:00
Jouni Malinen
de9289c8e9 Add preliminary IEEE 802.11n support into hostapd
This commit brings in cleaned up version of IEEE 802.11n implementation
from Intel (1). The Intel tarball includes number of other changes, too,
and only the changes specific to IEEE 802.11n are brought in here. In
addition, this does not include all the changes (e.g., some of the
configuration parameters are still missing and driver wrapper changes for
mac80211 were not included).

(1)
http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 18:18:38 +03:00
Jouni Malinen
3c83f19c80 Added mlme_{add,remove}_sta() for userspace MLME
These functions are based on the hostapd implementation and complete
the userspace MLME code in wpa_supplicant (though, mac80211 will still need
couple of pending patches to be integrated in order to get userspace client
MLME working again).
2008-08-18 22:01:04 +03:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
a9141cffb0 Updated EAP-TTLSv0 references to use RFC 5281 2008-08-16 10:17:22 +03:00
Jouni Malinen
1c8735848d nl80211: Preliminary code for usermode MLME support
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
2008-08-15 22:14:49 +03:00
Jouni Malinen
7524cfb1a3 nl80211: Fixed re-initialization of removed and re-inserted interface
Network device ifindex will change when the interface is re-inserted.
driver_nl80211.c will need to accept netlink events from "unknown" (based
on ifindex) interfaces when a previously used card was removed earlier. If
the previously removed interface is added back, the driver_wext data need
to be updated to match with the new ifindex value. In addition, the initial
setup tasks for the card (set interface up, update ifindex, set mode, etc.)
from wpa_driver_nl80211_init() need to be run again.

This is the changes from commit 3fbda8f943
(driver_wext.c) ported for driver_nl80211.c.
2008-08-15 17:55:16 +03:00
Jouni Malinen
0a4e6cbf88 nl80211: Fixed set_mode() to actually use adhoc/station nl80211 variables 2008-08-15 17:52:37 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
6724f4d07a Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
Jouni Malinen
ccb172ed75 Renamed MSG to PROC_MSG to avoid conflicts with MinGW winuser.h 2008-08-10 18:00:11 +03:00
Jouni Malinen
3ff77e070d Fixed opportunistic key caching (OKC)
wpa_sm_set_config() can be called even if the network block does not
change. However, the previous version ended up calling
pmksa_cache_notify_reconfig() every time and this cleared the network
context from PMKSA cache entries. This prevented OKC from ever being used.

Do not call pmksa_cache_notify_reconfig() if the network context remains
unchanged to allow OKC to be used.
2008-08-03 20:16:59 +03:00
Jouni Malinen
3fbda8f943 WEXT: Fixed re-initialization of removed and re-inserted interface
Network device ifindex will change when the interface is re-inserted.
driver_wext.c will need to accept netlink events from "unknown" (based on
ifindex) interfaces when a previously used card was removed earlier. If the
previously removed interface is added back, the driver_wext data need to be
updated to match with the new ifindex value. In addition, the initial setup
tasks for the card (set interface up, update ifindex, set mode, etc.) from
wpa_driver_wext_init() need to be run again.
2008-07-25 01:30:53 +03:00
Jouni Malinen
6652b61cd4 Fixed EAP-TNC not to include extra EAP header and TNC flags
The change to support fragmentation added extra function to generate the
EAP header, but forgot to remove the original code and ended up getting two
EAP headers and TNC flags field in the generated message. These header
fields need to be added only in the function that builds the final message
(and if necessary, fragments the data).
2008-07-17 02:17:37 +03:00
Dan Williams
93ef879f0f wext: fix maxrate calculation
When scan results got moved from wpa_scan_result -> wpa_scan_res, the
'maxrate' member was dropped from wpa_scan_res.  The D-Bus interface
used 'maxrate', which was replaced with wpa_scan_get_max_rate().
Unfortunately, wpa_scan_get_max_rate() returns 802.11 rate values
directly from the IE, where 'maxrate' was the rate in bits/second.  The
supplicant internally fakes an IE for wpa_scan_res from the value of
wpa_scan_result->maxrate, but interprets ->maxrate as an 802.11 rate
index.

As a side-effect, this fixes a soft-break of the D-Bus control API since
the wpa_scan_res change was introduced.
2008-07-15 20:07:50 +03:00
Jouni Malinen
6e33ca4529 Fixed wpa_scan_get_max_rate() to clear the basicrate flag when determining
the highest rate.
2008-07-15 20:05:50 +03:00
Michael Bernhard
886a807fb5 Make proactive key caching working again
Function 'wpa_sm_set_config' used the argument 'config' as the network
context which is a pointer to a local variable of the function
'wpa_supplicant_rsn_supp_set_config'.

This is one reason why no proactive key was generated. This network
context never matched with the network context saved in the pmksa cache
entries.

The structure 'rsn_supp_config' has already a member 'network_ctx' which
is now filled in by this patch with 'ssid'.

Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-07-06 10:50:53 +03:00
Jouni Malinen
089165e6a4 Added temporary #ifdef WEXT_MFP_PENDING around the MFP changes
Just in case, do not use the not-yet-approved WEXT changes even if someone
where to build wpa_supplicant with IEEE 802.11w support unless this new
macro has been defined explicitly.
2008-06-18 11:18:26 +03:00
Jouni Malinen
f0732adfe0 WEXT: IEEE 802.11w/MFP configuration
Added configuration of MFP related parameters with WEXT. The changes to
linux/wireless.h have not yet been applied to the Linux kernel tree, so the
code using them is still open to changes and is ifdef'ed out if
CONFIG_IEEE80211W is not set.
2008-06-18 11:13:33 +03:00
Masakazu Mokuno
84737a46a4 Add support for the driver which do 4-way handshake
Add the support for the Linux wireless drivers which want to do
4-way handshake and need to know the PSK before the handshake.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-06-18 11:09:00 +03:00
Masakazu Mokuno
e0f775b2a4 Add the flags for the drivers which do 4-way handshake
Add the new flags which are supposed to be included in Linux 2.6.27
for the drivers which want to do 4-way handshake and to know PMK.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-06-18 11:03:18 +03:00
Jouni Malinen
3e2ad1b932 Fixed race condition between disassociation event and group key handshake
This avoids getting stuck in state where wpa_supplicant has canceled scans,
but the driver is actually in disassociated state. The previously used code
that controlled scan timeout from WPA module is not really needed anymore
(and has not been needed for past four years since authentication timeout
was separated from scan request timeout), so this can simply be removed to
resolved the race condition. As an extra bonus, this simplifies the
interface to WPA module.
[Bug 261]
2008-06-09 16:26:47 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f5285e852 Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
2008-06-06 16:55:42 +03:00
Pavel Roskin
f3833aee90 Fix compile warnings on 64-bit systems
Don't cast pointers to int in definitions of PRISM2_HOSTAPD_RID_HDR_LEN
and PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN.  Use size_t instead.  That's
actually what the code needs.
2008-06-06 14:17:03 +03:00
Jouni Malinen
ad844747ca Updated the LibTomMath reference to use 0.41 version 2008-06-06 10:32:09 +03:00
Jouni Malinen
b95394c66f Combined internal LibTomMath configuration into one option
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
2008-06-06 10:21:28 +03:00
Jouni Malinen
ec0205a87a Added an option to build internal LibTomMath with faster div routine
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
2008-06-06 10:11:17 +03:00
Jouni Malinen
b6ab429402 Read Michael MIC keys through TK2 union instead of offset from TK1
This gets rid of potential warnings about buffer bounds errors. The earlier
code works fine, but it is not the cleanest way of using the struct wpa_ptk
definition for TK1/TK2.
2008-06-05 21:00:56 +03:00
Jouni Malinen
7cdeb81e1f Fixed potential NULL pointer dereference if memory allocation fails 2008-06-05 20:44:30 +03:00
Jouni Malinen
815c5e1435 Fixed RADIUS client local address forcing for IPv6 (eapol_test)
Need to use the IPv6 address data in bind() call if IPv6 is selected.
2008-06-05 20:33:33 +03:00
Jouni Malinen
c5f5c91aeb Add faster, optional sqr routine for internal LibTomMath
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
2008-06-05 18:33:46 +03:00
Jouni Malinen
4fba48a5a7 Silence compiler warnings about out of array bounds indexes
struct wpa_ie_hdr had separate fields for 24-bit OUI and 8-bit oui_type
for WPA/RSN selectors. {WPA,RSN}_SELECTOR_{GET,PUT} access these four
octets through oui and the "out-of-bounds" access for the fourth octet is
actually reading/writing oui_type. This works fine, but some tools complain
about the array bounds "failure". Since oui_type is never accessed
separately, the simplest fix is to just combine these into a single 4-octet
field.
2008-06-05 17:50:53 +03:00
Dan Williams
59c9707863 wext: handle mode switches correctly for mac80211
Since mac80211 requires that the device be !IFF_UP to change the mode
(and I think the old prism54 fullmac driver does too), do that.  This
shouldn't harm fullmac devices since they can handle mode switches on
the fly and usually don't care about up/down that much.
2008-06-04 20:55:57 +03:00
Jouni Malinen
87114163b7 Updated the comments since Montgomery reduction is now included 2008-06-04 11:59:45 +03:00
Jouni Malinen
8ccc0402b2 Internal LibTomMath: add optional support for Montgomery reduction
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
2008-06-04 11:57:55 +03:00
Jouni Malinen
0527710dd3 Reduce integrated LibTomMath size by dropping negative exponent support
Current uses do not require support for negative exponent in exptmod, so we
can save about 1.5 kB in leaving out invmod.
2008-06-04 11:26:52 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Dan Williams
7e1488494e Do not continually reschedule specific scans to help finding hidden SSIDs
In situations where the driver does background scanning and sends a
steady stream of scan results, wpa_supplicant would continually
reschedule the scan.  This resulted in specific SSID scans never
happening for a hidden AP, and the supplicant never connecting to the AP
because it never got found.  Instead, if there's an already scheduled
scan, and a request comes in to reschedule it, and there are enabled
scan_ssid=1 network blocks, let the scan happen anyway so the hidden
SSID has a chance to be found.
2008-06-03 11:37:48 +03:00
Dan Williams
2e5a7b49a0 wext: don't overwrite BSS frequency
mac80211 sends _both_ channel and frequency in it's scan results, with
frequency first and channel second (it's since been fixed to send
channel first and frequency second to work around this issue).  This
results in wpa_supplicant getting the right value when the frequency
comes, but overwriting the value with '0' when the channel comes because
wpa_supplicant can't handle 5GHz channel numbers.  So if a valid
previous SIOCGIWFREQ event came in, don't try to overwrite it.
2008-06-02 20:47:09 +03:00
Jouni Malinen
d952d16df4 Internal TLS: Added support for parsing PKCS #8 formatted private keys
The internal TLS implementation can now use both PKCS #1 RSA private key
and PKCS #8 encapsulated RSA private key. PKCS #8 encrypted private key is
not yet supported.
2008-06-02 19:39:46 +03:00
Jouni Malinen
bf206cada3 Changed TLS server to use OpenSSL SSL_accept() instead of SSL_read()
The server handshake processing was still using SSL_read() to get OpenSSL
to perform the handshake. While this works for most cases, it caused some
issues for re-authentication. This is now changed to use SSL_accept() which
is more approriate here since we know that the handshake is still going on
and there will not be any tunneled data available. This resolves some of
the re-authentication issues and makes it possible for the server to notice
if TLS processing fails (SSL_read() did not return an error in many of
these cases while SSL_accept() does).

Set session id context to a unique value in order to avoid fatal errors
when client tries session resumption (SSL_set_session_id_context() must be
called for that to work), but disable session resumption with the unique
value for the time being since not all server side code is ready for it yet
(e.g., EAP-TTLS needs special Phase 2 processing when using abbreviated
handshake).

Changed EAP-TLS server not to call TLS library when processing the final
ACK (empty data) from the client in order to avoid starting a new TLS
handshake with SSL_accept().
2008-05-29 20:36:18 +03:00
Jouni Malinen
3c99fa29d3 Add eap_tls_state() to get closer to EAP-TTLS/PEAP/FAST code 2008-05-28 17:19:57 +03:00
Jouni Malinen
cda97d11bb Share EAP-TLS/PEAP/TTLS/FAST core process() functionality
Move the basic processing of received frames into eap_tls_common.c and use
callback functions to handle EAP type specific processing of the version
field and payload.
2008-05-28 17:15:17 +03:00
Jouni Malinen
3c724cc564 Do not refer to Flags::Version field as 'PEAP version'
This field is also used for EAP-TTLS and EAP-FAST, so it is clearer to use
a more generic term for it.
2008-05-28 09:59:55 +03:00
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
ab17e3f2b7 Fixed EAP-IKEv2 server fragment processing
Need to clear the state back to MSG after having processed all incoming
fragments. Without this, the server got stuck in sending the fragment ACK
even after having received the full message.
2008-05-26 16:51:40 +03:00
Jouni Malinen
ef626b4d50 Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this
cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not
seem to have a configuration item for disabling all compression (0.9.9 has
such an option). If compression is used, Phase 2 decryption may end up
producing more data than the input buffer due to compressed data. This
shows up especially with EAP-TNC that uses very compressible data format.

As a workaround, increase the decryption buffer length to (orig_len+500)*3.
This is a hack, but at least it handles most cases. TLS compression should
really be disabled for EAP use of TLS, but since this can show up with
common setups, it is better to handle this case.
2008-05-26 12:33:04 +03:00
Jouni Malinen
e572cb6398 Do not define tls_engine_get_cert() if OpenSSL engine is disabled 2008-05-26 12:04:35 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
David Smith
d1f73353bc Add support to eap_peer for client cert and CA cert on smartcard and in
phase2 auth.
2008-05-23 10:52:49 +03:00
David Smith
e59c91af82 Add support to crypto/tls for client cert and CA cert from smartcard 2008-05-23 10:49:59 +03:00
Jouni Malinen
fca25ef4b4 Only use SSL_OP_NO_COMPRESSION if it is defined
It looks like this SSL_set_options() value was added in 0.9.9 and it does
not exist in stable releases of OpenSSL. Fix build by using #ifdef on this
variable before use.
2008-05-21 10:10:10 +03:00
Jouni Malinen
1f358437d3 Disable TLS compression since the EAP-TTLS/PEAP/FAST payload processing
does not support it currently and EAP-TLS RFC does not allow compression to
be negotiated for TLS.
2008-05-15 16:48:44 +03:00
Jouni Malinen
579313ab07 Fixed xsi:schemaLocation to use whitespace to separate members of the pair. 2008-05-06 21:29:14 +03:00
Jouni Malinen
1c156e783d Fixed tls_prf() to handle keys with odd length
The middle byte of the secret (key for PRF) is shared with key halfs in
case the key length is odd. This does not happen in any of the current
tls_prf() uses, but it's better to fix this function to avoid future issues
should someone end up defining a use that uses an odd length for the key.
2008-04-14 20:11:49 +03:00
Jouni Malinen
0146165170 TNC: Added preliminary code for IF-TNCCS-SOH client side support
Process SoH Request in SoH EAP Extension method and reply with SoH TLV. The
contents of SSoH is not yet complete (i.e., some of the required attributes
are still missing). Use of SoH is disabled by default; it can be enabled
with tnc=soh in phase1 parameter for PEAP.
2008-04-08 16:15:56 +03:00
Jouni Malinen
d6888f9e37 PEAPv0: Added crypto_binding configuration option (part of phase1)
crypto_binding=# in phase1 network parameter can now be used to change the
PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default),
2 = required).
2008-04-08 14:57:39 +03:00
Pavel Roskin
8738e4fc55 driver_wext: Fix missing bracket in [DORMANT]
Signed-off-by: Pavel Roskin <proski@gnu.org>
2008-04-07 10:09:37 +03:00
Tomasz Wolniewicz
c454f57379 eapol_test: Allow client IP address to be specified
Allow the user to set the IP address of the eapol_test client. This if
very useful when you have a machine with many interfaces and want to use a
particular one for testing RADIUS connectivity. For instance when I run the
national eduroam proxy I can only connect to other server from a particular
address, an our machine happens to have several IPs. So if I want to run
connectivity tests, I must make sure that my test uses a particular
interface. The -A option allows one to set this).

(jm: cleaned up to use radius configuration structure instead of global
variable for the address and added IPv6 support)
2008-03-30 18:15:52 +03:00
Tomasz Wolniewicz
1e4b9da10c Chargeable-User-Identity (RFC 4372) in eapol_test
Implements the Chargable-User-Identity (CUI), as defined in RFC 4372.
Option "-i" causes the eapol_test to send a NUL CUI - which is a request to
send a CUI back. Capital "-I" allows to specify the value of the CUI.
This has been defined for cases where the client wants to reauthenticate.
2008-03-30 17:39:19 +03:00
Jouni Malinen
1c2ff04f3a TNC: Added preliminary code for IF-TNCCS-SOH server side support
If TNC is enabled, PEAPv0 server is now sending out SoH request to initiate
IF-TNCCS-SOH (Microsoft NAP / Statement of Health) handshake. The results
are currently only shown in debug log and they do not affect authentication
or authorization result.
2008-03-30 17:10:44 +03:00
Jouni Malinen
30680e9332 EAP-TTLS: Fixed implicit challenge derivation to use correct output length
The previous version was deriving unnecessarily large amount of output data
for the implicit challenge. With the TLS PRF, this was not causing any
problems because the output length is not explicitly bound into the
derivation. Anyway, it is better to use the correct output length should
the PRF be ever changed to a one that uses the output length to change the
beginning of the output data.
2008-03-23 12:07:59 +02:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
32f049b2af EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation
Microsoft uses reverse order for MS-MPPE keys in EAP-PEAP when compared to
EAP-FAST derivation of ISK. Swap the keys here to get the correct ISK for
EAP-PEAPv0 cryptobinding. This resolves the cryptobinding interop issue
with WinXP SP3 RC2. However, it looks like MSK derivation does not
interoperate when using cryptobinding, so this code remains disabled for
the time being.
2008-03-18 16:27:55 +02:00
Jouni Malinen
e1a69a0b10 EAP-PEAP: Added preliminary code for PEAPv0 and PEAPv2 cryptobinding
This implementation is complete for PEAPv0 (Microsoft extension), but the
use of cryptobinding is disabled in this version, i.e., this does not
change protocol behavior at all.

Interop tests between hostapd and wpa_supplicant work fine, but there are
some problems in getting hostapd to interoperate with Windows XP SP3 RC2
(peer replies with Result Failure to the attempted cryptobinding). The
implementation will remain disabled until this issue has been resolved.
2008-03-18 12:19:52 +02:00
Jouni Malinen
0ac0e4df1c EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 11:26:17 +02:00
Jouni Malinen
06726f0bdd EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c server
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 08:31:04 +02:00
Jouni Malinen
a865bd5031 Some cleanup for the new driver wrapper for PS3
wpa_printf() does not use '\n'. Fixed set_wpa_key() to allocate buf for
ASCII passphrase case.
2008-03-13 19:05:45 +02:00
Masakazu Mokuno
b5a357b476 Add support for PS3 Linux wireless driver
This adds support for PS3 wireless to wpa_supplicant.

Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:

 - PS3 wireless driver uses private WEXT ioctls for accepting PSK of
   WPA-Personal from the userland.
   WEXT does not specify the way to do it.

 - The association and 4-way handshake are done by PS3 virtual
   wireless device. The guest OSes can not interfere it.

 - No EAPOL frames are allowed to go outside of the
   hypervisor/firmware nor come from. They are eaten by the firmware.

Thus I needed to make a new driver wrapper for PS3 wireless.

This patch can be applied against the latest 0.6.x tree.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-03-13 19:00:37 +02:00
Jouni Malinen
658d166297 FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily
updated to point to the correct target address when doing over-the-air FT
since the address is used before the association has actually been
completed.
2008-03-12 11:20:20 +02:00
Jouni Malinen
58a98fb027 Delete PTK SA on (re)association if this is not part of a Fast BSS
Transition. This fixes a potential issue where an incorrectly behaving AP
could send a group key update using the old (now invalid after reassociate)
PTK. This could also happen if there is a race condition between reporting
received EAPOL frames and association events.
2008-03-12 11:18:57 +02:00
Jouni Malinen
ccfab35a6a Silence gcc 4.3.0 warnings about invalid array indexes 2008-03-12 09:33:18 +02:00
Jouni Malinen
c80a74d70c TNC: Integrated TNC support into EAP-TTLS server
If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel
after a successful authentication.
2008-03-09 12:05:06 +02:00
Jouni Malinen
35f39ac4c9 TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
Need to process EAP AVP after the non-EAP Phase 2 method. In addition,
EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after
extra roundtrip of MSCHAPv2 success message.
2008-03-09 12:04:10 +02:00
Jouni Malinen
7db0fca522 TNC: Integrated TNC support into EAP-FAST server
Tunneled EAP sequence is now used to perform both the authentication (e.g.,
using EAP-GTC) and TNC validation (EAP-TNC) inside the EAP-FAST tunnel if
TNC has been enabled.
2008-03-09 11:22:17 +02:00
Jouni Malinen
4f1c561725 TNC: Added support for using TNC with EAP-FAST 2008-03-09 11:21:01 +02:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
da08a7c732 TNC: Added preliminary TNC implementation for hostapd
This adds EAP-TNC method and TNCS (IF-IMV and IF-TNCCS) functionality.
There is no integration with EAP-TTLS and EAP-FAST at this point, so this
version is not yet suitable for real use (i.e., EAP-TNC can only be tested
outside a tunnel which is not an allowed configuration for deployment).
However, the basic TNCS functionality is more or less complete and this
version seems to interoperate with wpa_supplicant.
2008-03-09 10:37:18 +02:00
Jouni Malinen
13b3f33942 EAP-FAST: Verify that identity from PAC-Opaque matches with Phase 2 (GTC) 2008-02-27 18:00:12 -08:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
2bab8ae401 EAP-FAST: Define and use EAP_FAST_CMK_LEN 2008-02-27 17:58:46 -08:00
Jouni Malinen
ed5a02fd94 Removed extra '_' from struct eap_tlv_crypto_binding__tlv name 2008-02-27 17:58:13 -08:00
Jouni Malinen
cdd1bc9288 EAP-FAST: Divided eap_fast_process() into number of helper functions 2008-02-27 17:57:49 -08:00
Jouni Malinen
7f4c1d4300 EAP-FAST: Moved common peer/server functionality into a shared file 2008-02-27 17:57:19 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
829f14be17 EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
This allows Phase 2 Identity Request to be skipped if the identity is
already known from PAC-Opaque received in TLS handshake in order to save
one roundtrip from normal authentication.
2008-02-27 17:55:40 -08:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
4d6c3de3df driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed 2008-02-27 17:53:22 -08:00
Jouni Malinen
5e77500c4f driver_ralink: Use os_strlcpy instead of os_strncpy to ensure null
termination
2008-02-27 17:52:43 -08:00
Jouni Malinen
d04cbdd640 driver_ralink: Fixed couple of memory leaks on error path 2008-02-27 17:52:05 -08:00
Jouni Malinen
a6ee047fcb Verify that os_get_time() does not fail before using the time value when
registering an eloop timeout.
2008-02-27 17:50:36 -08:00
Jouni Malinen
72822e7be4 Fixed base64_decode() reject empty input buffers 2008-02-27 17:49:59 -08:00
Jouni Malinen
380da72b80 Enforce non-zero MPPE key length 2008-02-27 17:49:24 -08:00
Jouni Malinen
6076f6ce08 Silence SIOCSIWAUTH ioctl failure message.
These are expected in most cases and there is no need to confuse users
with the messages in stderr (perror was used here). These are now only
shown in debug output and EOPNOTSUPP errors are silently ignored.
2008-02-27 17:47:23 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00