mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-26 17:28:29 -05:00
390b92913a
The internal TLS server implementation and RADIUS server implementation in hostapd can be configured to allow EAP clients to be tested to perform TLS validation steps correctly. This functionality is not included in the default build; CONFIG_TESTING_OPTIONS=y in hostapd/.config can be used to enable this. When enabled, the RADIUS server will configure special TLS test modes based on the received User-Name attribute value in this format: <user>@test-tls-<id>.<rest-of-realm>. For example, anonymous@test-tls-1.example.com. When this special format is used, TLS test modes are enabled. For other cases, the RADIUS server works normally. The following TLS test cases are enabled in this commit: 1 - break verify_data in the server Finished message 2 - break signed_params hash in ServerKeyExchange 3 - break Signature in ServerKeyExchange Correctly behaving TLS client must abort connection if any of these failures is detected and as such, shall not transmit continue the session. Signed-off-by: Jouni Malinen <j@w1.fi> |
||
|---|---|---|
| .. | ||
| eap_i.h | ||
| eap_methods.h | ||
| eap_server_aka.c | ||
| eap_server_eke.c | ||
| eap_server_fast.c | ||
| eap_server_gpsk.c | ||
| eap_server_gtc.c | ||
| eap_server_identity.c | ||
| eap_server_ikev2.c | ||
| eap_server_md5.c | ||
| eap_server_methods.c | ||
| eap_server_mschapv2.c | ||
| eap_server_pax.c | ||
| eap_server_peap.c | ||
| eap_server_psk.c | ||
| eap_server_pwd.c | ||
| eap_server_sake.c | ||
| eap_server_sim.c | ||
| eap_server_tls_common.c | ||
| eap_server_tls.c | ||
| eap_server_tnc.c | ||
| eap_server_ttls.c | ||
| eap_server_vendor_test.c | ||
| eap_server_wsc.c | ||
| eap_server.c | ||
| eap_sim_db.c | ||
| eap_sim_db.h | ||
| eap_tls_common.h | ||
| eap.h | ||
| ikev2.c | ||
| ikev2.h | ||
| Makefile | ||
| tncs.c | ||
| tncs.h | ||