[thirdparty/hostap.git] / eap_example / eap_example_server.c

/*
 * Example application showing how EAP server code from hostapd can be used as
 * a library.
 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "crypto/tls.h"
#include "eap_server/eap.h"
#include "wpabuf.h"

void eap_example_peer_rx(const u8 *data, size_t data_len);


struct eap_server_ctx {
	struct eap_eapol_interface *eap_if;
	struct eap_sm *eap;
	void *tls_ctx;
};

static struct eap_server_ctx eap_ctx;


static int server_get_eap_user(void *ctx, const u8 *identity,
			       size_t identity_len, int phase2,
			       struct eap_user *user)
{
	os_memset(user, 0, sizeof(*user));

	if (!phase2) {
		/* Only allow EAP-PEAP as the Phase 1 method */
		user->methods[0].vendor = EAP_VENDOR_IETF;
		user->methods[0].method = EAP_TYPE_PEAP;
		return 0;
	}

	if (identity_len != 4 || identity == NULL ||
	    os_memcmp(identity, "user", 4) != 0) {
		printf("Unknown user\n");
		return -1;
	}

	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
	user->methods[0].vendor = EAP_VENDOR_IETF;
	user->methods[0].method = EAP_TYPE_MSCHAPV2;
	user->password = (u8 *) os_strdup("password");
	user->password_len = 8;

	return 0;
}


static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
{
	*len = 0;
	return NULL;
}


static struct eapol_callbacks eap_cb;
static struct eap_config eap_conf;

static int eap_example_server_init_tls(void)
{
	struct tls_config tconf;
	struct tls_connection_params tparams;

	os_memset(&tconf, 0, sizeof(tconf));
	eap_ctx.tls_ctx = tls_init(&tconf);
	if (eap_ctx.tls_ctx == NULL)
		return -1;

	os_memset(&tparams, 0, sizeof(tparams));
	tparams.ca_cert = "ca.pem";
	tparams.client_cert = "server.pem";
	/* tparams.private_key = "server.key"; */
	tparams.private_key = "server-key.pem";
	/* tparams.private_key_passwd = "whatever"; */

	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
		printf("Failed to set TLS parameters\n");
		return -1;
	}

	if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
		printf("Failed to set check_crl\n");
		return -1;
	}

	return 0;
}


static int eap_server_register_methods(void)
{
	int ret = 0;

#ifdef EAP_SERVER_IDENTITY
	if (ret == 0)
		ret = eap_server_identity_register();
#endif /* EAP_SERVER_IDENTITY */

#ifdef EAP_SERVER_MD5
	if (ret == 0)
		ret = eap_server_md5_register();
#endif /* EAP_SERVER_MD5 */

#ifdef EAP_SERVER_TLS
	if (ret == 0)
		ret = eap_server_tls_register();
#endif /* EAP_SERVER_TLS */

#ifdef EAP_SERVER_MSCHAPV2
	if (ret == 0)
		ret = eap_server_mschapv2_register();
#endif /* EAP_SERVER_MSCHAPV2 */

#ifdef EAP_SERVER_PEAP
	if (ret == 0)
		ret = eap_server_peap_register();
#endif /* EAP_SERVER_PEAP */

#ifdef EAP_SERVER_TLV
	if (ret == 0)
		ret = eap_server_tlv_register();
#endif /* EAP_SERVER_TLV */

#ifdef EAP_SERVER_GTC
	if (ret == 0)
		ret = eap_server_gtc_register();
#endif /* EAP_SERVER_GTC */

#ifdef EAP_SERVER_TTLS
	if (ret == 0)
		ret = eap_server_ttls_register();
#endif /* EAP_SERVER_TTLS */

#ifdef EAP_SERVER_SIM
	if (ret == 0)
		ret = eap_server_sim_register();
#endif /* EAP_SERVER_SIM */

#ifdef EAP_SERVER_AKA
	if (ret == 0)
		ret = eap_server_aka_register();
#endif /* EAP_SERVER_AKA */

#ifdef EAP_SERVER_AKA_PRIME
	if (ret == 0)
		ret = eap_server_aka_prime_register();
#endif /* EAP_SERVER_AKA_PRIME */

#ifdef EAP_SERVER_PAX
	if (ret == 0)
		ret = eap_server_pax_register();
#endif /* EAP_SERVER_PAX */

#ifdef EAP_SERVER_PSK
	if (ret == 0)
		ret = eap_server_psk_register();
#endif /* EAP_SERVER_PSK */

#ifdef EAP_SERVER_SAKE
	if (ret == 0)
		ret = eap_server_sake_register();
#endif /* EAP_SERVER_SAKE */

#ifdef EAP_SERVER_GPSK
	if (ret == 0)
		ret = eap_server_gpsk_register();
#endif /* EAP_SERVER_GPSK */

#ifdef EAP_SERVER_VENDOR_TEST
	if (ret == 0)
		ret = eap_server_vendor_test_register();
#endif /* EAP_SERVER_VENDOR_TEST */

#ifdef EAP_SERVER_FAST
	if (ret == 0)
		ret = eap_server_fast_register();
#endif /* EAP_SERVER_FAST */

#ifdef EAP_SERVER_WSC
	if (ret == 0)
		ret = eap_server_wsc_register();
#endif /* EAP_SERVER_WSC */

#ifdef EAP_SERVER_IKEV2
	if (ret == 0)
		ret = eap_server_ikev2_register();
#endif /* EAP_SERVER_IKEV2 */

#ifdef EAP_SERVER_TNC
	if (ret == 0)
		ret = eap_server_tnc_register();
#endif /* EAP_SERVER_TNC */

	return ret;
}


int eap_example_server_init(void)
{
	if (eap_server_register_methods() < 0)
		return -1;

	os_memset(&eap_ctx, 0, sizeof(eap_ctx));

	if (eap_example_server_init_tls() < 0)
		return -1;

	os_memset(&eap_cb, 0, sizeof(eap_cb));
	eap_cb.get_eap_user = server_get_eap_user;
	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;

	os_memset(&eap_conf, 0, sizeof(eap_conf));
	eap_conf.eap_server = 1;
	eap_conf.ssl_ctx = eap_ctx.tls_ctx;

	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
	if (eap_ctx.eap == NULL)
		return -1;

	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);

	/* Enable "port" and request EAP to start authentication. */
	eap_ctx.eap_if->portEnabled = TRUE;
	eap_ctx.eap_if->eapRestart = TRUE;

	return 0;
}


void eap_example_server_deinit(void)
{
	eap_server_sm_deinit(eap_ctx.eap);
	eap_server_unregister_methods();
	tls_deinit(eap_ctx.tls_ctx);
}


int eap_example_server_step(void)
{
	int res, process = 0;

	res = eap_server_sm_step(eap_ctx.eap);

	if (eap_ctx.eap_if->eapReq) {
		printf("==> Request\n");
		process = 1;
		eap_ctx.eap_if->eapReq = 0;
	}

	if (eap_ctx.eap_if->eapSuccess) {
		printf("==> Success\n");
		process = 1;
		res = 0;
		eap_ctx.eap_if->eapSuccess = 0;

		if (eap_ctx.eap_if->eapKeyAvailable) {
			wpa_hexdump(MSG_DEBUG, "EAP keying material",
				    eap_ctx.eap_if->eapKeyData,
				    eap_ctx.eap_if->eapKeyDataLen);
		}
	}

	if (eap_ctx.eap_if->eapFail) {
		printf("==> Fail\n");
		process = 1;
		eap_ctx.eap_if->eapFail = 0;
	}

	if (process && eap_ctx.eap_if->eapReqData) {
		/* Send EAP response to the server */
		eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
				    wpabuf_len(eap_ctx.eap_if->eapReqData));
	}

	return res;
}


void eap_example_server_rx(const u8 *data, size_t data_len)
{
	/* Make received EAP message available to the EAP library */
	wpabuf_free(eap_ctx.eap_if->eapRespData);
	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
	if (eap_ctx.eap_if->eapRespData)
		eap_ctx.eap_if->eapResp = TRUE;
}
Commit	Line	Data
6fc6879b JM	1	/*
	2	* Example application showing how EAP server code from hostapd can be used as
	3	* a library.
	4	* Copyright (c) 2007, Jouni Malinen <j@w1.fi>
	5	*
0f3d578e JM	6	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	7	* See README for more details.
6fc6879b JM	8	*/
	9
	10	#include "includes.h"
	11
	12	#include "common.h"
03da66bd	13	#include "crypto/tls.h"
6fc6879b	14	#include "eap_server/eap.h"
6fc6879b JM	15	#include "wpabuf.h"
	16
	17	void eap_example_peer_rx(const u8 *data, size_t data_len);
	18
	19
	20	struct eap_server_ctx {
	21	struct eap_eapol_interface *eap_if;
	22	struct eap_sm *eap;
	23	void *tls_ctx;
	24	};
	25
	26	static struct eap_server_ctx eap_ctx;
	27
	28
	29	static int server_get_eap_user(void ctx, const u8 identity,
	30	size_t identity_len, int phase2,
	31	struct eap_user *user)
	32	{
	33	os_memset(user, 0, sizeof(*user));
	34
	35	if (!phase2) {
	36	/* Only allow EAP-PEAP as the Phase 1 method */
	37	user->methods[0].vendor = EAP_VENDOR_IETF;
	38	user->methods[0].method = EAP_TYPE_PEAP;
	39	return 0;
	40	}
	41
	42	if (identity_len != 4 \|\| identity == NULL \|\|
	43	os_memcmp(identity, "user", 4) != 0) {
	44	printf("Unknown user\n");
	45	return -1;
	46	}
	47
	48	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
	49	user->methods[0].vendor = EAP_VENDOR_IETF;
	50	user->methods[0].method = EAP_TYPE_MSCHAPV2;
	51	user->password = (u8 *) os_strdup("password");
	52	user->password_len = 8;
	53
	54	return 0;
	55	}
	56
	57
	58	static const char * server_get_eap_req_id_text(void ctx, size_t len)
	59	{
	60	*len = 0;
	61	return NULL;
	62	}
	63
	64
	65	static struct eapol_callbacks eap_cb;
	66	static struct eap_config eap_conf;
	67
	68	static int eap_example_server_init_tls(void)
	69	{
	70	struct tls_config tconf;
	71	struct tls_connection_params tparams;
	72
	73	os_memset(&tconf, 0, sizeof(tconf));
	74	eap_ctx.tls_ctx = tls_init(&tconf);
	75	if (eap_ctx.tls_ctx == NULL)
	76	return -1;
	77
	78	os_memset(&tparams, 0, sizeof(tparams));
79	tparams.ca_cert = "ca.pem";
80	tparams.client_cert = "server.pem";
79ec5264 JM	81	/* tparams.private_key = "server.key"; */
	82	tparams.private_key = "server-key.pem";
	83	/* tparams.private_key_passwd = "whatever"; */
6fc6879b JM	84
	85	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
	86	printf("Failed to set TLS parameters\n");
	87	return -1;
	88	}
	89
	90	if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
	91	printf("Failed to set check_crl\n");
	92	return -1;
	93	}
	94
	95	return 0;
	96	}
	97
	98
12760815 JM	99	static int eap_server_register_methods(void)
	100	{
	101	int ret = 0;
	102
	103	#ifdef EAP_SERVER_IDENTITY
	104	if (ret == 0)
	105	ret = eap_server_identity_register();
	106	#endif /* EAP_SERVER_IDENTITY */
	107
	108	#ifdef EAP_SERVER_MD5
	109	if (ret == 0)
	110	ret = eap_server_md5_register();
	111	#endif /* EAP_SERVER_MD5 */
	112
	113	#ifdef EAP_SERVER_TLS
	114	if (ret == 0)
	115	ret = eap_server_tls_register();
	116	#endif /* EAP_SERVER_TLS */
	117
	118	#ifdef EAP_SERVER_MSCHAPV2
	119	if (ret == 0)
	120	ret = eap_server_mschapv2_register();
	121	#endif /* EAP_SERVER_MSCHAPV2 */
	122
	123	#ifdef EAP_SERVER_PEAP
	124	if (ret == 0)
	125	ret = eap_server_peap_register();
	126	#endif /* EAP_SERVER_PEAP */
	127
	128	#ifdef EAP_SERVER_TLV
	129	if (ret == 0)
	130	ret = eap_server_tlv_register();
	131	#endif /* EAP_SERVER_TLV */
	132
	133	#ifdef EAP_SERVER_GTC
	134	if (ret == 0)
	135	ret = eap_server_gtc_register();
	136	#endif /* EAP_SERVER_GTC */
	137
	138	#ifdef EAP_SERVER_TTLS
	139	if (ret == 0)
	140	ret = eap_server_ttls_register();
	141	#endif /* EAP_SERVER_TTLS */
	142
	143	#ifdef EAP_SERVER_SIM
	144	if (ret == 0)
	145	ret = eap_server_sim_register();
	146	#endif /* EAP_SERVER_SIM */
	147
	148	#ifdef EAP_SERVER_AKA
	149	if (ret == 0)
	150	ret = eap_server_aka_register();
	151	#endif /* EAP_SERVER_AKA */
	152
	153	#ifdef EAP_SERVER_AKA_PRIME
	154	if (ret == 0)
	155	ret = eap_server_aka_prime_register();
	156	#endif /* EAP_SERVER_AKA_PRIME */
	157
	158	#ifdef EAP_SERVER_PAX
	159	if (ret == 0)
	160	ret = eap_server_pax_register();
	161	#endif /* EAP_SERVER_PAX */
	162
163	#ifdef EAP_SERVER_PSK
164	if (ret == 0)
165	ret = eap_server_psk_register();
166	#endif /* EAP_SERVER_PSK */
167
168	#ifdef EAP_SERVER_SAKE
169	if (ret == 0)
170	ret = eap_server_sake_register();
171	#endif /* EAP_SERVER_SAKE */
172
173	#ifdef EAP_SERVER_GPSK
174	if (ret == 0)
175	ret = eap_server_gpsk_register();
176	#endif /* EAP_SERVER_GPSK */
177
178	#ifdef EAP_SERVER_VENDOR_TEST
179	if (ret == 0)
180	ret = eap_server_vendor_test_register();
181	#endif /* EAP_SERVER_VENDOR_TEST */
182
183	#ifdef EAP_SERVER_FAST
184	if (ret == 0)
185	ret = eap_server_fast_register();
186	#endif /* EAP_SERVER_FAST */
187
188	#ifdef EAP_SERVER_WSC
189	if (ret == 0)
190	ret = eap_server_wsc_register();
191	#endif /* EAP_SERVER_WSC */
192
193	#ifdef EAP_SERVER_IKEV2
194	if (ret == 0)
195	ret = eap_server_ikev2_register();
196	#endif /* EAP_SERVER_IKEV2 */
197
198	#ifdef EAP_SERVER_TNC
199	if (ret == 0)
200	ret = eap_server_tnc_register();
201	#endif /* EAP_SERVER_TNC */
202
203	return ret;
204	}
205
206
6fc6879b JM	207	int eap_example_server_init(void)
	208	{
	209	if (eap_server_register_methods() < 0)
	210	return -1;
	211
	212	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
	213
	214	if (eap_example_server_init_tls() < 0)
	215	return -1;
	216
	217	os_memset(&eap_cb, 0, sizeof(eap_cb));
	218	eap_cb.get_eap_user = server_get_eap_user;
	219	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
	220
	221	os_memset(&eap_conf, 0, sizeof(eap_conf));
	222	eap_conf.eap_server = 1;
	223	eap_conf.ssl_ctx = eap_ctx.tls_ctx;
	224
	225	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
	226	if (eap_ctx.eap == NULL)
	227	return -1;
	228
	229	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
	230
	231	/* Enable "port" and request EAP to start authentication. */
	232	eap_ctx.eap_if->portEnabled = TRUE;
	233	eap_ctx.eap_if->eapRestart = TRUE;
	234
	235	return 0;
	236	}
	237
	238
	239	void eap_example_server_deinit(void)
	240	{
	241	eap_server_sm_deinit(eap_ctx.eap);
	242	eap_server_unregister_methods();
	243	tls_deinit(eap_ctx.tls_ctx);
	244	}
	245
	246
	247	int eap_example_server_step(void)
	248	{
	249	int res, process = 0;
	250
	251	res = eap_server_sm_step(eap_ctx.eap);
	252
	253	if (eap_ctx.eap_if->eapReq) {
	254	printf("==> Request\n");
	255	process = 1;
	256	eap_ctx.eap_if->eapReq = 0;
	257	}
	258
	259	if (eap_ctx.eap_if->eapSuccess) {
	260	printf("==> Success\n");
	261	process = 1;
	262	res = 0;
	263	eap_ctx.eap_if->eapSuccess = 0;
	264
	265	if (eap_ctx.eap_if->eapKeyAvailable) {
	266	wpa_hexdump(MSG_DEBUG, "EAP keying material",
	267	eap_ctx.eap_if->eapKeyData,
	268	eap_ctx.eap_if->eapKeyDataLen);
	269	}
	270	}
271
272	if (eap_ctx.eap_if->eapFail) {
273	printf("==> Fail\n");
274	process = 1;
275	eap_ctx.eap_if->eapFail = 0;
276	}
277
278	if (process && eap_ctx.eap_if->eapReqData) {
279	/* Send EAP response to the server */
280	eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
281	wpabuf_len(eap_ctx.eap_if->eapReqData));
282	}
283
284	return res;
285	}
286
287
288	void eap_example_server_rx(const u8 *data, size_t data_len)
289	{
290	/* Make received EAP message available to the EAP library */
291	wpabuf_free(eap_ctx.eap_if->eapRespData);
292	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
293	if (eap_ctx.eap_if->eapRespData)
294	eap_ctx.eap_if->eapResp = TRUE;
295	}