Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP server: Add support for configuring fragment size

Jouni Malinen 14 years ago
parent
f3a3e6987e
commit
7f6ec672ea
13 changed files with 22 additions and 5 deletions
Split View Show Diff Stats
  1. 2 0
      hostapd/config_file.c
  2. 3 0
      hostapd/hostapd.conf
  3. 1 0
      src/ap/ap_config.h
  4. 1 0
      src/ap/ieee802_1x.c
  5. 1 0
      src/eap_server/eap.h
  6. 3 0
      src/eap_server/eap_i.h
  7. 1 0
      src/eap_server/eap_server.c
  8. 2 1
      src/eap_server/eap_server_ikev2.c
  9. 1 2
      src/eap_server/eap_server_tls_common.c
  10. 2 1
      src/eap_server/eap_server_tnc.c
  11. 2 1
      src/eap_server/eap_server_wsc.c
  12. 2 0
      src/eapol_auth/eapol_auth_sm.c
  13. 1 0
      src/eapol_auth/eapol_auth_sm.h

+ 2 - 0
hostapd/config_file.c
View File 

@@ -1313,6 +1313,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 
 		} else if (os_strcmp(buf, "dh_file") == 0) {
 
 			os_free(bss->dh_file);
 
 			bss->dh_file = os_strdup(pos);
 
+		} else if (os_strcmp(buf, "fragment_size") == 0) {
 
+			bss->fragment_size = atoi(pos);
 
 #ifdef EAP_SERVER_FAST
 
 		} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
 
 			os_free(bss->pac_opaque_encr_key);

+ 3 - 0
hostapd/hostapd.conf
View File 

@@ -504,6 +504,9 @@ eap_server=0
 
 # "openssl dhparam -out /etc/hostapd.dh.pem 1024"
 
 #dh_file=/etc/hostapd.dh.pem
 
 
+# Fragment size for EAP methods
 
+#fragment_size=1400
 
+
 
 # Configuration data for EAP-SIM database/authentication gateway interface.
 
 # This is a text string in implementation specific format. The example
 
 # implementation in eap_sim_db.c uses this as the UNIX domain socket name for

+ 1 - 0
src/ap/ap_config.h
View File 

@@ -254,6 +254,7 @@ struct hostapd_bss_config {
 
 	int pac_key_refresh_time;
 
 	int eap_sim_aka_result_ind;
 
 	int tnc;
 
+	int fragment_size;
 
 
 	char *radius_server_clients;
 
 	int radius_server_auth_port;

+ 1 - 0
src/ap/ieee802_1x.c
View File 

@@ -1651,6 +1651,7 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 
 	conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
 
 	conf.tnc = hapd->conf->tnc;
 
 	conf.wps = hapd->wps;
 
+	conf.fragment_size = hapd->conf->fragment_size;
 
 
 	os_memset(&cb, 0, sizeof(cb));
 
 	cb.eapol_send = ieee802_1x_eapol_send;

+ 1 - 0
src/eap_server/eap.h
View File 

@@ -107,6 +107,7 @@ struct eap_config {
 
 	struct wps_context *wps;
 
 	const struct wpabuf *assoc_wps_ie;
 
 	const u8 *peer_addr;
 
+	int fragment_size;
 
 };

+ 3 - 0
src/eap_server/eap_i.h
View File 

@@ -187,6 +187,9 @@ struct eap_sm {
 
 	Boolean start_reauth;
 
 
 	u8 peer_addr[ETH_ALEN];
 
+
 
+	/* Fragmentation size for EAP method init() handler */
 
+	int fragment_size;
 
 };
 
 
 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,

+ 1 - 0
src/eap_server/eap_server.c
View File 

@@ -1257,6 +1257,7 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
 
 		sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
 
 	if (conf->peer_addr)
 
 		os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
 
+	sm->fragment_size = conf->fragment_size;
 
 
 	wpa_printf(MSG_DEBUG, "EAP: Server state machine created");

+ 2 - 1
src/eap_server/eap_server_ikev2.c
View File 

@@ -93,7 +93,8 @@ static void * eap_ikev2_init(struct eap_sm *sm)
 
 	if (data == NULL)
 
 		return NULL;
 
 	data->state = MSG;
 
-	data->fragment_size = IKEV2_FRAGMENT_SIZE;
 
+	data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
 
+		IKEV2_FRAGMENT_SIZE;
 
 	data->ikev2.state = SA_INIT;
 
 	data->ikev2.peer_auth = PEER_AUTH_SECRET;
 
 	data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");

+ 1 - 2
src/eap_server/eap_server_tls_common.c
View File 

@@ -45,8 +45,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 
 		return -1;
 
 	}
 
 
-	/* TODO: make this configurable */
 
-	data->tls_out_limit = 1398;
 
+	data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
 
 	if (data->phase2) {
 
 		/* Limit the fragment size in the inner TLS authentication
 
 		 * since the outer authentication with EAP-PEAP does not yet

+ 2 - 1
src/eap_server/eap_server_tnc.c
View File 

@@ -91,7 +91,8 @@ static void * eap_tnc_init(struct eap_sm *sm)
 
 		return NULL;
 
 	}
 
 
-	data->fragment_size = 1300;
 
+	data->fragment_size = sm->fragment_size > 100 ?
 
+		sm->fragment_size - 98 : 1300;
 
 
 	return data;
 
 }

+ 2 - 1
src/eap_server/eap_server_wsc.c
View File 

@@ -136,7 +136,8 @@ static void * eap_wsc_init(struct eap_sm *sm)
 
 		os_free(data);
 
 		return NULL;
 
 	}
 
-	data->fragment_size = WSC_FRAGMENT_SIZE;
 
+	data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
 
+		WSC_FRAGMENT_SIZE;
 
 
 	return data;
 
 }

+ 2 - 0
src/eapol_auth/eapol_auth_sm.c
View File 

@@ -830,6 +830,7 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
 
 	eap_conf.wps = eapol->conf.wps;
 
 	eap_conf.assoc_wps_ie = assoc_wps_ie;
 
 	eap_conf.peer_addr = addr;
 
+	eap_conf.fragment_size = eapol->conf.fragment_size;
 
 	sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
 
 	if (sm->eap == NULL) {
 
 		eapol_auth_free(sm);
 
@@ -1077,6 +1078,7 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
 
 	dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
 
 	dst->tnc = src->tnc;
 
 	dst->wps = src->wps;
 
+	dst->fragment_size = src->fragment_size;
 
 	return 0;
 
 }

+ 1 - 0
src/eapol_auth/eapol_auth_sm.h
View File 

@@ -40,6 +40,7 @@ struct eapol_auth_config {
 
 	int eap_sim_aka_result_ind;
 
 	int tnc;
 
 	struct wps_context *wps;
 
+	int fragment_size;
 
 
 	/* Opaque context pointer to owner data for callback functions */
 
 	void *ctx;