2 * Example application showing how EAP server code from hostapd can be used as
4 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
13 #include "crypto/tls.h"
14 #include "eap_server/eap.h"
17 void eap_example_peer_rx(const u8
*data
, size_t data_len
);
20 struct eap_server_ctx
{
21 struct eap_eapol_interface
*eap_if
;
26 static struct eap_server_ctx eap_ctx
;
29 static int server_get_eap_user(void *ctx
, const u8
*identity
,
30 size_t identity_len
, int phase2
,
31 struct eap_user
*user
)
33 os_memset(user
, 0, sizeof(*user
));
36 /* Only allow EAP-PEAP as the Phase 1 method */
37 user
->methods
[0].vendor
= EAP_VENDOR_IETF
;
38 user
->methods
[0].method
= EAP_TYPE_PEAP
;
42 if (identity_len
!= 4 || identity
== NULL
||
43 os_memcmp(identity
, "user", 4) != 0) {
44 printf("Unknown user\n");
48 /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
49 user
->methods
[0].vendor
= EAP_VENDOR_IETF
;
50 user
->methods
[0].method
= EAP_TYPE_MSCHAPV2
;
51 user
->password
= (u8
*) os_strdup("password");
52 user
->password_len
= 8;
58 static const char * server_get_eap_req_id_text(void *ctx
, size_t *len
)
65 static struct eapol_callbacks eap_cb
;
66 static struct eap_config eap_conf
;
68 static int eap_example_server_init_tls(void)
70 struct tls_config tconf
;
71 struct tls_connection_params tparams
;
73 os_memset(&tconf
, 0, sizeof(tconf
));
74 eap_ctx
.tls_ctx
= tls_init(&tconf
);
75 if (eap_ctx
.tls_ctx
== NULL
)
78 os_memset(&tparams
, 0, sizeof(tparams
));
79 tparams
.ca_cert
= "ca.pem";
80 tparams
.client_cert
= "server.pem";
81 /* tparams.private_key = "server.key"; */
82 tparams
.private_key
= "server-key.pem";
83 /* tparams.private_key_passwd = "whatever"; */
85 if (tls_global_set_params(eap_ctx
.tls_ctx
, &tparams
)) {
86 printf("Failed to set TLS parameters\n");
90 if (tls_global_set_verify(eap_ctx
.tls_ctx
, 0)) {
91 printf("Failed to set check_crl\n");
99 static int eap_server_register_methods(void)
103 #ifdef EAP_SERVER_IDENTITY
105 ret
= eap_server_identity_register();
106 #endif /* EAP_SERVER_IDENTITY */
108 #ifdef EAP_SERVER_MD5
110 ret
= eap_server_md5_register();
111 #endif /* EAP_SERVER_MD5 */
113 #ifdef EAP_SERVER_TLS
115 ret
= eap_server_tls_register();
116 #endif /* EAP_SERVER_TLS */
118 #ifdef EAP_SERVER_MSCHAPV2
120 ret
= eap_server_mschapv2_register();
121 #endif /* EAP_SERVER_MSCHAPV2 */
123 #ifdef EAP_SERVER_PEAP
125 ret
= eap_server_peap_register();
126 #endif /* EAP_SERVER_PEAP */
128 #ifdef EAP_SERVER_TLV
130 ret
= eap_server_tlv_register();
131 #endif /* EAP_SERVER_TLV */
133 #ifdef EAP_SERVER_GTC
135 ret
= eap_server_gtc_register();
136 #endif /* EAP_SERVER_GTC */
138 #ifdef EAP_SERVER_TTLS
140 ret
= eap_server_ttls_register();
141 #endif /* EAP_SERVER_TTLS */
143 #ifdef EAP_SERVER_SIM
145 ret
= eap_server_sim_register();
146 #endif /* EAP_SERVER_SIM */
148 #ifdef EAP_SERVER_AKA
150 ret
= eap_server_aka_register();
151 #endif /* EAP_SERVER_AKA */
153 #ifdef EAP_SERVER_AKA_PRIME
155 ret
= eap_server_aka_prime_register();
156 #endif /* EAP_SERVER_AKA_PRIME */
158 #ifdef EAP_SERVER_PAX
160 ret
= eap_server_pax_register();
161 #endif /* EAP_SERVER_PAX */
163 #ifdef EAP_SERVER_PSK
165 ret
= eap_server_psk_register();
166 #endif /* EAP_SERVER_PSK */
168 #ifdef EAP_SERVER_SAKE
170 ret
= eap_server_sake_register();
171 #endif /* EAP_SERVER_SAKE */
173 #ifdef EAP_SERVER_GPSK
175 ret
= eap_server_gpsk_register();
176 #endif /* EAP_SERVER_GPSK */
178 #ifdef EAP_SERVER_VENDOR_TEST
180 ret
= eap_server_vendor_test_register();
181 #endif /* EAP_SERVER_VENDOR_TEST */
183 #ifdef EAP_SERVER_FAST
185 ret
= eap_server_fast_register();
186 #endif /* EAP_SERVER_FAST */
188 #ifdef EAP_SERVER_WSC
190 ret
= eap_server_wsc_register();
191 #endif /* EAP_SERVER_WSC */
193 #ifdef EAP_SERVER_IKEV2
195 ret
= eap_server_ikev2_register();
196 #endif /* EAP_SERVER_IKEV2 */
198 #ifdef EAP_SERVER_TNC
200 ret
= eap_server_tnc_register();
201 #endif /* EAP_SERVER_TNC */
207 int eap_example_server_init(void)
209 if (eap_server_register_methods() < 0)
212 os_memset(&eap_ctx
, 0, sizeof(eap_ctx
));
214 if (eap_example_server_init_tls() < 0)
217 os_memset(&eap_cb
, 0, sizeof(eap_cb
));
218 eap_cb
.get_eap_user
= server_get_eap_user
;
219 eap_cb
.get_eap_req_id_text
= server_get_eap_req_id_text
;
221 os_memset(&eap_conf
, 0, sizeof(eap_conf
));
222 eap_conf
.eap_server
= 1;
223 eap_conf
.ssl_ctx
= eap_ctx
.tls_ctx
;
225 eap_ctx
.eap
= eap_server_sm_init(&eap_ctx
, &eap_cb
, &eap_conf
);
226 if (eap_ctx
.eap
== NULL
)
229 eap_ctx
.eap_if
= eap_get_interface(eap_ctx
.eap
);
231 /* Enable "port" and request EAP to start authentication. */
232 eap_ctx
.eap_if
->portEnabled
= TRUE
;
233 eap_ctx
.eap_if
->eapRestart
= TRUE
;
239 void eap_example_server_deinit(void)
241 eap_server_sm_deinit(eap_ctx
.eap
);
242 eap_server_unregister_methods();
243 tls_deinit(eap_ctx
.tls_ctx
);
247 int eap_example_server_step(void)
249 int res
, process
= 0;
251 res
= eap_server_sm_step(eap_ctx
.eap
);
253 if (eap_ctx
.eap_if
->eapReq
) {
254 printf("==> Request\n");
256 eap_ctx
.eap_if
->eapReq
= 0;
259 if (eap_ctx
.eap_if
->eapSuccess
) {
260 printf("==> Success\n");
263 eap_ctx
.eap_if
->eapSuccess
= 0;
265 if (eap_ctx
.eap_if
->eapKeyAvailable
) {
266 wpa_hexdump(MSG_DEBUG
, "EAP keying material",
267 eap_ctx
.eap_if
->eapKeyData
,
268 eap_ctx
.eap_if
->eapKeyDataLen
);
272 if (eap_ctx
.eap_if
->eapFail
) {
273 printf("==> Fail\n");
275 eap_ctx
.eap_if
->eapFail
= 0;
278 if (process
&& eap_ctx
.eap_if
->eapReqData
) {
279 /* Send EAP response to the server */
280 eap_example_peer_rx(wpabuf_head(eap_ctx
.eap_if
->eapReqData
),
281 wpabuf_len(eap_ctx
.eap_if
->eapReqData
));
288 void eap_example_server_rx(const u8
*data
, size_t data_len
)
290 /* Make received EAP message available to the EAP library */
291 wpabuf_free(eap_ctx
.eap_if
->eapRespData
);
292 eap_ctx
.eap_if
->eapRespData
= wpabuf_alloc_copy(data
, data_len
);
293 if (eap_ctx
.eap_if
->eapRespData
)
294 eap_ctx
.eap_if
->eapResp
= TRUE
;