eap_example/eap_example_server.c

   1 /*
   2  * Example application showing how EAP server code from hostapd can be used as
   3  * a library.
   4  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
   5  *
   6  * This software may be distributed under the terms of the BSD license.
   7  * See README for more details.
   8  */
   9
  10 #include "includes.h"
  11
  12 #include "common.h"
  13 #include "crypto/tls.h"
  14 #include "eap_server/eap.h"
  15 #include "wpabuf.h"
  16
  17 void eap_example_peer_rx(const u8 *data, size_t data_len);
  18
  19
  20 struct eap_server_ctx {
  21         struct eap_eapol_interface *eap_if;
  22         struct eap_sm *eap;
  23         void *tls_ctx;
  24 };
  25
  26 static struct eap_server_ctx eap_ctx;
  27
  28
  29 static int server_get_eap_user(void *ctx, const u8 *identity,
  30                                size_t identity_len, int phase2,
  31                                struct eap_user *user)
  32 {
  33         os_memset(user, 0, sizeof(*user));
  34
  35         if (!phase2) {
  36                 /* Only allow EAP-PEAP as the Phase 1 method */
  37                 user->methods[0].vendor = EAP_VENDOR_IETF;
  38                 user->methods[0].method = EAP_TYPE_PEAP;
  39                 return 0;
  40         }
  41
  42         if (identity_len != 4 || identity == NULL ||
  43             os_memcmp(identity, "user", 4) != 0) {
  44                 printf("Unknown user\n");
  45                 return -1;
  46         }
  47
  48         /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
  49         user->methods[0].vendor = EAP_VENDOR_IETF;
  50         user->methods[0].method = EAP_TYPE_MSCHAPV2;
  51         user->password = (u8 *) os_strdup("password");
  52         user->password_len = 8;
  53
  54         return 0;
  55 }
  56
  57
  58 static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
  59 {
  60         *len = 0;
  61         return NULL;
  62 }
  63
  64
  65 static struct eapol_callbacks eap_cb;
  66 static struct eap_config eap_conf;
  67
  68 static int eap_example_server_init_tls(void)
  69 {
  70         struct tls_config tconf;
  71         struct tls_connection_params tparams;
  72
  73         os_memset(&tconf, 0, sizeof(tconf));
  74         eap_ctx.tls_ctx = tls_init(&tconf);
  75         if (eap_ctx.tls_ctx == NULL)
  76                 return -1;
  77
  78         os_memset(&tparams, 0, sizeof(tparams));
  79         tparams.ca_cert = "ca.pem";
  80         tparams.client_cert = "server.pem";
  81         /* tparams.private_key = "server.key"; */
  82         tparams.private_key = "server-key.pem";
  83         /* tparams.private_key_passwd = "whatever"; */
  84
  85         if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
  86                 printf("Failed to set TLS parameters\n");
  87                 return -1;
  88         }
  89
  90         if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
  91                 printf("Failed to set check_crl\n");
  92                 return -1;
  93         }
  94
  95         return 0;
  96 }
  97
  98
  99 static int eap_server_register_methods(void)
 100 {
 101         int ret = 0;
 102
 103 #ifdef EAP_SERVER_IDENTITY
 104         if (ret == 0)
 105                 ret = eap_server_identity_register();
 106 #endif /* EAP_SERVER_IDENTITY */
 107
 108 #ifdef EAP_SERVER_MD5
 109         if (ret == 0)
 110                 ret = eap_server_md5_register();
 111 #endif /* EAP_SERVER_MD5 */
 112
 113 #ifdef EAP_SERVER_TLS
 114         if (ret == 0)
 115                 ret = eap_server_tls_register();
 116 #endif /* EAP_SERVER_TLS */
 117
 118 #ifdef EAP_SERVER_MSCHAPV2
 119         if (ret == 0)
 120                 ret = eap_server_mschapv2_register();
 121 #endif /* EAP_SERVER_MSCHAPV2 */
 122
 123 #ifdef EAP_SERVER_PEAP
 124         if (ret == 0)
 125                 ret = eap_server_peap_register();
 126 #endif /* EAP_SERVER_PEAP */
 127
 128 #ifdef EAP_SERVER_TLV
 129         if (ret == 0)
 130                 ret = eap_server_tlv_register();
 131 #endif /* EAP_SERVER_TLV */
 132
 133 #ifdef EAP_SERVER_GTC
 134         if (ret == 0)
 135                 ret = eap_server_gtc_register();
 136 #endif /* EAP_SERVER_GTC */
 137
 138 #ifdef EAP_SERVER_TTLS
 139         if (ret == 0)
 140                 ret = eap_server_ttls_register();
 141 #endif /* EAP_SERVER_TTLS */
 142
 143 #ifdef EAP_SERVER_SIM
 144         if (ret == 0)
 145                 ret = eap_server_sim_register();
 146 #endif /* EAP_SERVER_SIM */
 147
 148 #ifdef EAP_SERVER_AKA
 149         if (ret == 0)
 150                 ret = eap_server_aka_register();
 151 #endif /* EAP_SERVER_AKA */
 152
 153 #ifdef EAP_SERVER_AKA_PRIME
 154         if (ret == 0)
 155                 ret = eap_server_aka_prime_register();
 156 #endif /* EAP_SERVER_AKA_PRIME */
 157
 158 #ifdef EAP_SERVER_PAX
 159         if (ret == 0)
 160                 ret = eap_server_pax_register();
 161 #endif /* EAP_SERVER_PAX */
 162
 163 #ifdef EAP_SERVER_PSK
 164         if (ret == 0)
 165                 ret = eap_server_psk_register();
 166 #endif /* EAP_SERVER_PSK */
 167
 168 #ifdef EAP_SERVER_SAKE
 169         if (ret == 0)
 170                 ret = eap_server_sake_register();
 171 #endif /* EAP_SERVER_SAKE */
 172
 173 #ifdef EAP_SERVER_GPSK
 174         if (ret == 0)
 175                 ret = eap_server_gpsk_register();
 176 #endif /* EAP_SERVER_GPSK */
 177
 178 #ifdef EAP_SERVER_VENDOR_TEST
 179         if (ret == 0)
 180                 ret = eap_server_vendor_test_register();
 181 #endif /* EAP_SERVER_VENDOR_TEST */
 182
 183 #ifdef EAP_SERVER_FAST
 184         if (ret == 0)
 185                 ret = eap_server_fast_register();
 186 #endif /* EAP_SERVER_FAST */
 187
 188 #ifdef EAP_SERVER_WSC
 189         if (ret == 0)
 190                 ret = eap_server_wsc_register();
 191 #endif /* EAP_SERVER_WSC */
 192
 193 #ifdef EAP_SERVER_IKEV2
 194         if (ret == 0)
 195                 ret = eap_server_ikev2_register();
 196 #endif /* EAP_SERVER_IKEV2 */
 197
 198 #ifdef EAP_SERVER_TNC
 199         if (ret == 0)
 200                 ret = eap_server_tnc_register();
 201 #endif /* EAP_SERVER_TNC */
 202
 203         return ret;
 204 }
 205
 206
 207 int eap_example_server_init(void)
 208 {
 209         if (eap_server_register_methods() < 0)
 210                 return -1;
 211
 212         os_memset(&eap_ctx, 0, sizeof(eap_ctx));
 213
 214         if (eap_example_server_init_tls() < 0)
 215                 return -1;
 216
 217         os_memset(&eap_cb, 0, sizeof(eap_cb));
 218         eap_cb.get_eap_user = server_get_eap_user;
 219         eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
 220
 221         os_memset(&eap_conf, 0, sizeof(eap_conf));
 222         eap_conf.eap_server = 1;
 223         eap_conf.ssl_ctx = eap_ctx.tls_ctx;
 224
 225         eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
 226         if (eap_ctx.eap == NULL)
 227                 return -1;
 228
 229         eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
 230
 231         /* Enable "port" and request EAP to start authentication. */
 232         eap_ctx.eap_if->portEnabled = TRUE;
 233         eap_ctx.eap_if->eapRestart = TRUE;
 234
 235         return 0;
 236 }
 237
 238
 239 void eap_example_server_deinit(void)
 240 {
 241         eap_server_sm_deinit(eap_ctx.eap);
 242         eap_server_unregister_methods();
 243         tls_deinit(eap_ctx.tls_ctx);
 244 }
 245
 246
 247 int eap_example_server_step(void)
 248 {
 249         int res, process = 0;
 250
 251         res = eap_server_sm_step(eap_ctx.eap);
 252
 253         if (eap_ctx.eap_if->eapReq) {
 254                 printf("==> Request\n");
 255                 process = 1;
 256                 eap_ctx.eap_if->eapReq = 0;
 257         }
 258
 259         if (eap_ctx.eap_if->eapSuccess) {
 260                 printf("==> Success\n");
 261                 process = 1;
 262                 res = 0;
 263                 eap_ctx.eap_if->eapSuccess = 0;
 264
 265                 if (eap_ctx.eap_if->eapKeyAvailable) {
 266                         wpa_hexdump(MSG_DEBUG, "EAP keying material",
 267                                     eap_ctx.eap_if->eapKeyData,
 268                                     eap_ctx.eap_if->eapKeyDataLen);
 269                 }
 270         }
 271
 272         if (eap_ctx.eap_if->eapFail) {
 273                 printf("==> Fail\n");
 274                 process = 1;
 275                 eap_ctx.eap_if->eapFail = 0;
 276         }
 277
 278         if (process && eap_ctx.eap_if->eapReqData) {
 279                 /* Send EAP response to the server */
 280                 eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
 281                                     wpabuf_len(eap_ctx.eap_if->eapReqData));
 282         }
 283
 284         return res;
 285 }
 286
 287
 288 void eap_example_server_rx(const u8 *data, size_t data_len)
 289 {
 290         /* Make received EAP message available to the EAP library */
 291         wpabuf_free(eap_ctx.eap_if->eapRespData);
 292         eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
 293         if (eap_ctx.eap_if->eapRespData)
 294                 eap_ctx.eap_if->eapResp = TRUE;
 295 }