ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command

This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index d46b5c43c371e4ab521e04912cfc9bd3a428d61d..52e9e312dcf1405f730661f28e963e056f6a3700 100644 (file)
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -459,7 +459,7 @@ static void eap_erp_remove_keys_realm(struct eap_sm *sm, const char *realm)
 #endif /* CONFIG_ERP */
 
 
-static void eap_peer_erp_free_keys(struct eap_sm *sm)
+void eap_peer_erp_free_keys(struct eap_sm *sm)
 {
 #ifdef CONFIG_ERP
        struct eap_erp_key *erp, *tmp;

diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 0e3569c6b9eeeafcf2b59129c369ce77581fa237..bc207e74fef76185ed5853a3f62ff4bd7979fff7 100644 (file)
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -336,6 +336,7 @@ struct ext_password_data;
 void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
 void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
 int eap_peer_was_failure_expected(struct eap_sm *sm);
+void eap_peer_erp_free_keys(struct eap_sm *sm);
 
 #endif /* IEEE8021X_EAPOL */
 

diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index d375114655b16d11f315b71e892a701280892382..895ead67913bd18973eaef0930c7974dbcd249d9 100644 (file)
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -2121,3 +2121,10 @@ int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len)
        return -1;
 #endif /* CONFIG_EAP_PROXY */
 }
+
+
+void eapol_sm_erp_flush(struct eapol_sm *sm)
+{
+       if (sm)
+               eap_peer_erp_free_keys(sm->eap);
+}

diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index cc3ca67b26413edd7522f5d45b3e9d1e7a653440..e089e88b573df0dfac9bc8066c12fa35f0fab67f 100644 (file)
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -316,6 +316,7 @@ const char * eapol_sm_get_method_name(struct eapol_sm *sm);
 void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm,
                             struct ext_password_data *ext);
 int eapol_sm_failed(struct eapol_sm *sm);
+void eapol_sm_erp_flush(struct eapol_sm *sm);
 int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len);
 #else /* IEEE8021X_EAPOL */
 static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
@@ -416,6 +417,9 @@ static inline int eapol_sm_failed(struct eapol_sm *sm)
 {
        return 0;
 }
+static inline void eapol_sm_erp_flush(struct eapol_sm *sm)
+{
+}
 #endif /* IEEE8021X_EAPOL */
 
 #endif /* EAPOL_SUPP_SM_H */

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 02d429f239d7015194e01424920bc5fe726cee6a..2259a1a82d74cc10f7b3c6328723b368e52512dc 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -6930,6 +6930,13 @@ static int wpas_ctrl_iface_send_neigbor_rep(struct wpa_supplicant *wpa_s,
 }
 
 
+static int wpas_ctrl_iface_erp_flush(struct wpa_supplicant *wpa_s)
+{
+       eapol_sm_erp_flush(wpa_s->eapol);
+       return 0;
+}
+
+
 char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                                         char *buf, size_t *resp_len)
 {
@@ -7541,6 +7548,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
        } else if (os_strncmp(buf, "NEIGHBOR_REP_REQUEST", 20) == 0) {
                if (wpas_ctrl_iface_send_neigbor_rep(wpa_s, buf + 20))
                        reply_len = -1;
+       } else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+               wpas_ctrl_iface_erp_flush(wpa_s);
        } else {
                os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
                reply_len = 16;

diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index e2ac1e302e66cc09dfbf81c0a9246425bdb05b52..778adf9ce8c64e285e215e1fa26b71213e6180ab 100644 (file)
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -2510,6 +2510,12 @@ static int wpa_cli_cmd_neighbor_rep_request(struct wpa_ctrl *ctrl, int argc,
 }
 
 
+static int wpa_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+       return wpa_ctrl_command(ctrl, "ERP_FLUSH");
+}
+
+
 enum wpa_cli_cmd_flags {
        cli_cmd_flag_none               = 0x00,
        cli_cmd_flag_sensitive          = 0x01
@@ -3023,6 +3029,8 @@ static struct wpa_cli_cmd wpa_cli_commands[] = {
          "[ssid=<SSID>] = Trigger request to AP for neighboring AP report "
          "(with optional given SSID, default: current SSID)"
        },
+       { "erp_flush", wpa_cli_cmd_erp_flush, NULL, cli_cmd_flag_none,
+         "= flush ERP keys" },
        { NULL, NULL, NULL, cli_cmd_flag_none, NULL }
 };