path: root/wpa_supplicant/eapol_test.c
AgeCommit message (Collapse)AuthorFilesLines
2019-06-14Pass full struct to peer certificate callbacksJouni Malinen1-14/+14
This makes it easier to add new information to the callbacks without having to modify each callback function type in EAPOL and EAP code every time. Signed-off-by: Jouni Malinen <>
2019-01-08eapol_test: Start the identifier at an initial random valueMartin Stanislav1-1/+2
Start the (EAP request) identifier at an initial random value as recommended by RFC 3748 in section 4.1 Request and Response on page 21. Signed-off-by: Martin Stanislav <>
2016-02-19Add RADIUS Service-Type attribute with a value of FramedNick Lowe1-0/+7
This seems to be the common value used by APs and also mentioned in RFC 3580. Signed-off-by: Nick Lowe <>
2016-02-06RADIUS: Redesign Request Authenticator generationNick Lowe1-1/+1
Simplify and make properly random the generation of the Request Authenticator. Signed-off-by: Nick Lowe <>
2015-10-16eapol_test: Add -v for displaying version informationJouni Malinen1-2/+7
Signed-off-by: Jouni Malinen <>
2015-08-21eapol_test: Add a new operation mode for control interface useJouni Malinen1-10/+106
The -T<ctrl_iface> command line argument can now be used to start eapol_test in mode where the configuration file is not needed and the authentication operations are started through the control interface. Network profile is also managed through the control interface in this case. This can be used to provide more control for scripted RADIUS authentication server testing. Signed-off-by: Jouni Malinen <>
2015-08-20eapol_test: Allow interface name to be specifiedJouni Malinen1-5/+9
The new -i<ifname> command line argument can be used to specify the name of the interface to use. This is mainly to allow unique control interface names to be defined without having to use multiple directories. Signed-off-by: Jouni Malinen <>
2015-06-10eapol_test: Support IPv6 for authentication serverOndřej Caletka1-2/+1
This allows testing RADIUS servers over IPv6. Signed-off-by: Ondřej Caletka <>
2015-04-25Declare all read only data structures as constMikael Kanstrup1-1/+1
By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <>
2015-01-17eapol_test: Fix cert_cb() function argumentsJouni Malinen1-0/+9
altsubject[] was added here, but the callback implementation in eapol_test.c was forgotten from the commit. Signed-off-by: Jouni Malinen <>
2014-12-08Check os_snprintf() result more consistently - automatic 1Jouni Malinen1-1/+1
This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <>
2014-10-12wpa_supplicant: Allow OpenSSL cipherlist string to be configuredJouni Malinen1-0/+1
The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <>
2014-10-11eapol_test: Check inet_aton() resultJouni Malinen1-1/+5
This makes code more consistent (CID 72676). Signed-off-by: Jouni Malinen <>
2014-06-28eapol_test: Fix -R option to not replace -s option valueDmitry Shmidt1-0/+1
Commit e9852462d58750e2ec4be498e82db0e0a2dfaf7f ('eapol_test: Add PC/SC reader and PIN command line arguments') did not add break to the switch statement for the new -R command line option. Signed-off-by: Dmitry Shmidt <>
2014-06-21eapol_test: Add PC/SC reader and PIN command line argumentsJouni Malinen1-9/+24
The new command line arguments -R<reader> and -P<PIN> can now be used to specify which PC/SC reader (prefix match) and PIN are to be used. Signed-off-by: Jouni Malinen <>
2014-05-11eapol_test: Check EAP-Key-NameJouni Malinen1-2/+50
The new command line argument -e can be used to request the server to send EAP-Key-Name in Access-Accept. If both the local EAP peer implementation and server provide the EAP Session-Id, compare those values and indicate in debug log whether a match was seen. Signed-off-by: Jouni Malinen <>
2014-01-08Skip network disabling on expected EAP failureJouni Malinen1-2/+3
Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <>
2013-12-31Declare wpa_debug_* variables in src/utils/wpa_debug.hJouni Malinen1-3/+0
These were somewhat more hidden to avoid direct use, but there are now numerous places where these are needed and more justification to make the extern int declarations available from wpa_debug.h. In addition, this avoids some warnings from sparse. Signed-hostap: Jouni Malinen <>
2013-11-17SCARD: Clean up SIM/USIM selectionMasashi Honma1-2/+2
Commit eb324600295a570199a5e25eb64e60781a04fb74 left an unneeded sim_type argument to scard_init(). Remove that unnecessary argument to clean up the implementation. Signed-hostap: Masashi Honma <>
2013-10-20EAP peer: Add framework for external SIM/USIM processingJouni Malinen1-0/+1
The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <>
2013-10-19eapol_test: Initialize BSS listsJouni Malinen1-0/+2
This is needed to avoid issues with control interface commands that could request BSS list during an eapol_test run. wpa_cli tries to update its internal BSS list and that could trigger eapol_test crashes without this. Signed-hostap: Jouni Malinen <>
2013-10-19eapol_test: Fix external EAP request mechanismJouni Malinen1-1/+51
The eap_param_needed callback was forgotten from eapol_test and this prevented external EAP request processing through ctrl_iface from being tested. Signed-hostap: Jouni Malinen <>
2013-10-19eapol_test: Initialize wpa_s->global to fix ctrl_ifaceJouni Malinen1-0/+3
wpa_s->global is now dereferenced in number of places and at least one of them hits in eapol_test cases. Fix issues with this by setting the global pointer to empty data. Signed-hostap: Jouni Malinen <>
2013-04-23wpa_supplicant: Add option -I for additional config fileDmitry Shmidt1-1/+1
This option can be used only for global parameters that are not going to be changed from settings. Signed-off-by: Dmitry Shmidt <> Signed-off-by: Iliyan Malchev <>
2013-01-15eapol_test: Remove unnecessary header file inclusionJouni Malinen1-1/+0
Signed-hostap: Jouni Malinen <>
2013-01-12eapol_test: Allow full RADIUS attribute length to be usedJouni Malinen1-3/+3
The -N and -C command line parameters can be used to add arbitrary RADIUS attributes to the messages. However, these were truncated to about 128 bytes when the actually message was constructed. Fix this by using larger buffers to allow the maximum attribute length (253 octets of payload) to be used. [Bug 458] Signed-hostap: Jouni Malinen <>
2013-01-12eapol_test: Fix extra RADIUS attribute allocationJouni Malinen1-1/+1
The sizeof(ptr) use here was not correct and resulted in too small memory block getting allocated for the -N command line argument. Signed-hostap: Jouni Malinen <>
2012-09-02EAP-SIM/AKA: Store pseudonym identity in configurationJouni Malinen1-0/+32
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity so that this can be maintained between EAP sessions (e.g., after wpa_supplicant restart) even if fast re-authentication data was cleared. Signed-hostap: Jouni Malinen <>
2012-08-07Return wpabuf from radius_msg_get_eap()Jouni Malinen1-22/+20
This simplifies the implementation by using the buffer type to which the returned data will be converted anyway. This avoids one memory allocation for each processed RADIUS message. Signed-hostap: Jouni Malinen <>
2012-08-03EXT PW: Add framework for supporting external password storageJouni Malinen1-0/+8
This new mechanism can be used to make wpa_supplicant using external storage (e.g., key store in the operating system) for passwords, passphrases, and PSKs. This commit is only adding the framework part needed to support this, i.e., no actual configuration parameter can yet use this new mechanism. In addition, only a simple test backend is added to allow developer testing of the functionality. Signed-hostap: Jouni Malinen <>
2012-04-01Fix memory leaks on radius_client_send error pathsJouni Malinen1-1/+3
In case this function returns an error, the RADIUS message needs to freed in the caller. Signed-hostap: Jouni Malinen <>
2012-02-26Allow PC/SC reader to be selected and initialized at startJouni Malinen1-3/+3
New global configuration parameters pcsc_reader and pcsc_pin can now be used to initialize PC/SC reader context at start of wpa_supplicant. Signed-hostap: Jouni Malinen <>
2012-02-11Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen1-8/+2
Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <>
2012-01-22eapol_test: Show MNC length in debug outputJouni Malinen1-0/+3
Signed-hostap: Jouni Malinen <>
2011-09-17eapol_test: Add option for writing server certificate chain to a fileJouni Malinen1-8/+44
eapol_test command line argument -o<file> can now be used to request the received server certificate chain to be written to the specified file. The certificates will be written in PEM format. [Bug 391]
2011-07-05Move peer certificate wpa_msg() calls to notify.cJouni Malinen1-1/+32
This type of wpa_supplicant specific message construction does not need to be at the EAP implementation, so better move it up to notify.c.
2010-11-07eapol_test: Unregister EAP server methods if CONFIG_AP=yJouni Malinen1-0/+4
This fixes a memory leak in CONFIG_AP=y builds.
2009-12-19eloop: Remove global user data pointerJouni Malinen1-6/+5
This is not really needed since all signal handlers can use a context pointer provided during signal handler registration.
2009-12-19eapol_test: Fix build after RADIUS msg API changesJouni Malinen1-8/+10
2009-12-19Change radius_msg_free() to free the bufferJouni Malinen1-10/+3
Since all callers were freeing the buffer immediately anyway, move this operation into radius_msg_free() to reduce code size.
2009-12-06Move EAP method registration away from src/eap_{peer,server}Jouni Malinen1-1/+1
This makes it easier to make a library out of EAP methods without losing possiblity of binary size optimization by linker dropping unreferenced code.
2009-12-05Remove unnecessary definesJouni Malinen1-2/+0
The following defines are not really needed in most places, so remove them to clean up source code and build scripts: EAP_TLS_FUNCS EAP_TLS_OPENSSL EAP_TLS_GNUTLS CONFIG_TLS_INTERNAL
2009-11-29Remove src/rsn_supp from default header pathJouni Malinen1-1/+1
2009-04-09Merge wpa_supplicant and hostapd driver wrapper implementationsJouni Malinen1-1/+1
This commit merges the driver_ops structures and implementations from hostapd/driver*.[ch] into src/drivers. This is only an initial step and there is room for number of cleanups to share code between the hostapd and wpa_supplicant parts of the wrappers to avoid unnecessary source code duplication.
2009-01-13eapol_test: Allow generated RADIUS attributes to be replacedJouni Malinen1-5/+23
Do not add the automatically generated RADIUS attributes NAS-IP-Address, Calling-Station-Id, Framed-MTU, NAS-Port-Type, and Connect-Info if -N option is used with the same attribute type. This allows these attributes to be replaced without causing duplicate entries.
2009-01-09Fixed eapol_test build after RADIUS API changes (const)Jouni Malinen1-2/+3
2009-01-04Fixed a typo in usage helpJouni Malinen1-1/+1
2009-01-04eapol_test: Add a universal way of adding extra RADIUS attributesTomasz Wolniewicz1-30/+127
This change replaces -I and -i options (Chargeable-User-Identity) with a new -N option that can add any RADIUS attribute into the Access-Request messages without having to modify eapol_test for each new attribute.
2008-12-14Cleaned up EAP-MSCHAPv2 key derivationJouni Malinen1-0/+10
Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
2008-12-03Removed mac_addr from eapol_ctx to fix the eapol_test buildJouni Malinen1-1/+0