[thirdparty/hostap.git] / eap_example / eap_example_server.c

/*
 * Example application showing how EAP server code from hostapd can be used as
 * a library.
 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "crypto/tls.h"
#include "eap_server/eap.h"
#include "wpabuf.h"

void eap_example_peer_rx(const u8 *data, size_t data_len);


struct eap_server_ctx {
	struct eap_eapol_interface *eap_if;
	struct eap_sm *eap;
	void *tls_ctx;
};

static struct eap_server_ctx eap_ctx;


static int server_get_eap_user(void *ctx, const u8 *identity,
			       size_t identity_len, int phase2,
			       struct eap_user *user)
{
	os_memset(user, 0, sizeof(*user));

	if (!phase2) {
		/* Only allow EAP-PEAP as the Phase 1 method */
		user->methods[0].vendor = EAP_VENDOR_IETF;
		user->methods[0].method = EAP_TYPE_PEAP;
		return 0;
	}

	if (identity_len != 4 || identity == NULL ||
	    os_memcmp(identity, "user", 4) != 0) {
		printf("Unknown user\n");
		return -1;
	}

	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
	user->methods[0].vendor = EAP_VENDOR_IETF;
	user->methods[0].method = EAP_TYPE_MSCHAPV2;
	user->password = (u8 *) os_strdup("password");
	user->password_len = 8;

	return 0;
}


static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
{
	*len = 0;
	return NULL;
}


static struct eapol_callbacks eap_cb;
static struct eap_config eap_conf;

static int eap_example_server_init_tls(void)
{
	struct tls_config tconf;
	struct tls_connection_params tparams;

	os_memset(&tconf, 0, sizeof(tconf));
	eap_ctx.tls_ctx = tls_init(&tconf);
	if (eap_ctx.tls_ctx == NULL)
		return -1;

	os_memset(&tparams, 0, sizeof(tparams));
	tparams.ca_cert = "ca.pem";
	tparams.client_cert = "server.pem";
	/* tparams.private_key = "server.key"; */
	tparams.private_key = "server-key.pem";
	/* tparams.private_key_passwd = "whatever"; */
	tparams.dh_file = "dh.conf";

	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
		printf("Failed to set TLS parameters\n");
		return -1;
	}

	if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) {
		printf("Failed to set check_crl\n");
		return -1;
	}

	return 0;
}


static int eap_server_register_methods(void)
{
	int ret = 0;

#ifdef EAP_SERVER_IDENTITY
	if (ret == 0)
		ret = eap_server_identity_register();
#endif /* EAP_SERVER_IDENTITY */

#ifdef EAP_SERVER_MD5
	if (ret == 0)
		ret = eap_server_md5_register();
#endif /* EAP_SERVER_MD5 */

#ifdef EAP_SERVER_TLS
	if (ret == 0)
		ret = eap_server_tls_register();
#endif /* EAP_SERVER_TLS */

#ifdef EAP_SERVER_MSCHAPV2
	if (ret == 0)
		ret = eap_server_mschapv2_register();
#endif /* EAP_SERVER_MSCHAPV2 */

#ifdef EAP_SERVER_PEAP
	if (ret == 0)
		ret = eap_server_peap_register();
#endif /* EAP_SERVER_PEAP */

#ifdef EAP_SERVER_TLV
	if (ret == 0)
		ret = eap_server_tlv_register();
#endif /* EAP_SERVER_TLV */

#ifdef EAP_SERVER_GTC
	if (ret == 0)
		ret = eap_server_gtc_register();
#endif /* EAP_SERVER_GTC */

#ifdef EAP_SERVER_TTLS
	if (ret == 0)
		ret = eap_server_ttls_register();
#endif /* EAP_SERVER_TTLS */

#ifdef EAP_SERVER_SIM
	if (ret == 0)
		ret = eap_server_sim_register();
#endif /* EAP_SERVER_SIM */

#ifdef EAP_SERVER_AKA
	if (ret == 0)
		ret = eap_server_aka_register();
#endif /* EAP_SERVER_AKA */

#ifdef EAP_SERVER_AKA_PRIME
	if (ret == 0)
		ret = eap_server_aka_prime_register();
#endif /* EAP_SERVER_AKA_PRIME */

#ifdef EAP_SERVER_PAX
	if (ret == 0)
		ret = eap_server_pax_register();
#endif /* EAP_SERVER_PAX */

#ifdef EAP_SERVER_PSK
	if (ret == 0)
		ret = eap_server_psk_register();
#endif /* EAP_SERVER_PSK */

#ifdef EAP_SERVER_SAKE
	if (ret == 0)
		ret = eap_server_sake_register();
#endif /* EAP_SERVER_SAKE */

#ifdef EAP_SERVER_GPSK
	if (ret == 0)
		ret = eap_server_gpsk_register();
#endif /* EAP_SERVER_GPSK */

#ifdef EAP_SERVER_VENDOR_TEST
	if (ret == 0)
		ret = eap_server_vendor_test_register();
#endif /* EAP_SERVER_VENDOR_TEST */

#ifdef EAP_SERVER_FAST
	if (ret == 0)
		ret = eap_server_fast_register();
#endif /* EAP_SERVER_FAST */

#ifdef EAP_SERVER_WSC
	if (ret == 0)
		ret = eap_server_wsc_register();
#endif /* EAP_SERVER_WSC */

#ifdef EAP_SERVER_IKEV2
	if (ret == 0)
		ret = eap_server_ikev2_register();
#endif /* EAP_SERVER_IKEV2 */

#ifdef EAP_SERVER_TNC
	if (ret == 0)
		ret = eap_server_tnc_register();
#endif /* EAP_SERVER_TNC */

	return ret;
}


int eap_example_server_init(void)
{
	if (eap_server_register_methods() < 0)
		return -1;

	os_memset(&eap_ctx, 0, sizeof(eap_ctx));

	if (eap_example_server_init_tls() < 0)
		return -1;

	os_memset(&eap_cb, 0, sizeof(eap_cb));
	eap_cb.get_eap_user = server_get_eap_user;
	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;

	os_memset(&eap_conf, 0, sizeof(eap_conf));
	eap_conf.eap_server = 1;
	eap_conf.ssl_ctx = eap_ctx.tls_ctx;

	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
	if (eap_ctx.eap == NULL)
		return -1;

	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);

	/* Enable "port" and request EAP to start authentication. */
	eap_ctx.eap_if->portEnabled = TRUE;
	eap_ctx.eap_if->eapRestart = TRUE;

	return 0;
}


void eap_example_server_deinit(void)
{
	eap_server_sm_deinit(eap_ctx.eap);
	eap_server_unregister_methods();
	tls_deinit(eap_ctx.tls_ctx);
}


int eap_example_server_step(void)
{
	int res, process = 0;

	res = eap_server_sm_step(eap_ctx.eap);

	if (eap_ctx.eap_if->eapReq) {
		printf("==> Request\n");
		process = 1;
		eap_ctx.eap_if->eapReq = 0;
	}

	if (eap_ctx.eap_if->eapSuccess) {
		printf("==> Success\n");
		process = 1;
		res = 0;
		eap_ctx.eap_if->eapSuccess = 0;

		if (eap_ctx.eap_if->eapKeyAvailable) {
			wpa_hexdump(MSG_DEBUG, "EAP keying material",
				    eap_ctx.eap_if->eapKeyData,
				    eap_ctx.eap_if->eapKeyDataLen);
		}
	}

	if (eap_ctx.eap_if->eapFail) {
		printf("==> Fail\n");
		process = 1;
		eap_ctx.eap_if->eapFail = 0;
	}

	if (process && eap_ctx.eap_if->eapReqData) {
		/* Send EAP request to the peer */
		eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
				    wpabuf_len(eap_ctx.eap_if->eapReqData));
	}

	return res;
}


void eap_example_server_rx(const u8 *data, size_t data_len)
{
	/* Make received EAP message available to the EAP library */
	wpabuf_free(eap_ctx.eap_if->eapRespData);
	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
	if (eap_ctx.eap_if->eapRespData)
		eap_ctx.eap_if->eapResp = TRUE;
}
Commit	Line	Data
6fc6879b JM	1	/*
	2	* Example application showing how EAP server code from hostapd can be used as
	3	* a library.
	4	* Copyright (c) 2007, Jouni Malinen <j@w1.fi>
	5	*
0f3d578e JM	6	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	7	* See README for more details.
6fc6879b JM	8	*/
	9
	10	#include "includes.h"
	11
	12	#include "common.h"
03da66bd	13	#include "crypto/tls.h"
6fc6879b	14	#include "eap_server/eap.h"
6fc6879b JM	15	#include "wpabuf.h"
	16
	17	void eap_example_peer_rx(const u8 *data, size_t data_len);
	18
	19
	20	struct eap_server_ctx {
	21	struct eap_eapol_interface *eap_if;
	22	struct eap_sm *eap;
	23	void *tls_ctx;
	24	};
	25
	26	static struct eap_server_ctx eap_ctx;
	27
	28
	29	static int server_get_eap_user(void ctx, const u8 identity,
	30	size_t identity_len, int phase2,
	31	struct eap_user *user)
	32	{
	33	os_memset(user, 0, sizeof(*user));
	34
	35	if (!phase2) {
	36	/* Only allow EAP-PEAP as the Phase 1 method */
	37	user->methods[0].vendor = EAP_VENDOR_IETF;
	38	user->methods[0].method = EAP_TYPE_PEAP;
	39	return 0;
	40	}
	41
	42	if (identity_len != 4 \|\| identity == NULL \|\|
	43	os_memcmp(identity, "user", 4) != 0) {
	44	printf("Unknown user\n");
	45	return -1;
	46	}
	47
	48	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
	49	user->methods[0].vendor = EAP_VENDOR_IETF;
	50	user->methods[0].method = EAP_TYPE_MSCHAPV2;
	51	user->password = (u8 *) os_strdup("password");
	52	user->password_len = 8;
	53
	54	return 0;
	55	}
	56
	57
	58	static const char * server_get_eap_req_id_text(void ctx, size_t len)
	59	{
	60	*len = 0;
	61	return NULL;
	62	}
	63
	64
	65	static struct eapol_callbacks eap_cb;
	66	static struct eap_config eap_conf;
	67
	68	static int eap_example_server_init_tls(void)
	69	{
	70	struct tls_config tconf;
	71	struct tls_connection_params tparams;
	72
	73	os_memset(&tconf, 0, sizeof(tconf));
	74	eap_ctx.tls_ctx = tls_init(&tconf);
	75	if (eap_ctx.tls_ctx == NULL)
	76	return -1;
	77
	78	os_memset(&tparams, 0, sizeof(tparams));
79	tparams.ca_cert = "ca.pem";
80	tparams.client_cert = "server.pem";
79ec5264 JM	81	/* tparams.private_key = "server.key"; */
	82	tparams.private_key = "server-key.pem";
	83	/* tparams.private_key_passwd = "whatever"; */
897418a2	84	tparams.dh_file = "dh.conf";
6fc6879b JM	85
	86	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
	87	printf("Failed to set TLS parameters\n");
	88	return -1;
	89	}
	90
dd5d325b	91	if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) {
6fc6879b JM	92	printf("Failed to set check_crl\n");
	93	return -1;
	94	}
	95
	96	return 0;
	97	}
	98
	99
12760815 JM	100	static int eap_server_register_methods(void)
	101	{
	102	int ret = 0;
	103
	104	#ifdef EAP_SERVER_IDENTITY
	105	if (ret == 0)
	106	ret = eap_server_identity_register();
	107	#endif /* EAP_SERVER_IDENTITY */
	108
	109	#ifdef EAP_SERVER_MD5
	110	if (ret == 0)
	111	ret = eap_server_md5_register();
	112	#endif /* EAP_SERVER_MD5 */
	113
	114	#ifdef EAP_SERVER_TLS
	115	if (ret == 0)
	116	ret = eap_server_tls_register();
	117	#endif /* EAP_SERVER_TLS */
	118
	119	#ifdef EAP_SERVER_MSCHAPV2
	120	if (ret == 0)
	121	ret = eap_server_mschapv2_register();
	122	#endif /* EAP_SERVER_MSCHAPV2 */
	123
	124	#ifdef EAP_SERVER_PEAP
	125	if (ret == 0)
	126	ret = eap_server_peap_register();
	127	#endif /* EAP_SERVER_PEAP */
	128
	129	#ifdef EAP_SERVER_TLV
	130	if (ret == 0)
	131	ret = eap_server_tlv_register();
	132	#endif /* EAP_SERVER_TLV */
	133
	134	#ifdef EAP_SERVER_GTC
	135	if (ret == 0)
	136	ret = eap_server_gtc_register();
	137	#endif /* EAP_SERVER_GTC */
	138
	139	#ifdef EAP_SERVER_TTLS
	140	if (ret == 0)
	141	ret = eap_server_ttls_register();
	142	#endif /* EAP_SERVER_TTLS */
	143
	144	#ifdef EAP_SERVER_SIM
	145	if (ret == 0)
	146	ret = eap_server_sim_register();
	147	#endif /* EAP_SERVER_SIM */
	148
	149	#ifdef EAP_SERVER_AKA
	150	if (ret == 0)
	151	ret = eap_server_aka_register();
	152	#endif /* EAP_SERVER_AKA */
	153
	154	#ifdef EAP_SERVER_AKA_PRIME
	155	if (ret == 0)
	156	ret = eap_server_aka_prime_register();
	157	#endif /* EAP_SERVER_AKA_PRIME */
	158
	159	#ifdef EAP_SERVER_PAX
	160	if (ret == 0)
	161	ret = eap_server_pax_register();
	162	#endif /* EAP_SERVER_PAX */
	163
164	#ifdef EAP_SERVER_PSK
165	if (ret == 0)
166	ret = eap_server_psk_register();
167	#endif /* EAP_SERVER_PSK */
168
169	#ifdef EAP_SERVER_SAKE
170	if (ret == 0)
171	ret = eap_server_sake_register();
172	#endif /* EAP_SERVER_SAKE */
173
174	#ifdef EAP_SERVER_GPSK
175	if (ret == 0)
176	ret = eap_server_gpsk_register();
177	#endif /* EAP_SERVER_GPSK */
178
179	#ifdef EAP_SERVER_VENDOR_TEST
180	if (ret == 0)
181	ret = eap_server_vendor_test_register();
182	#endif /* EAP_SERVER_VENDOR_TEST */
183
184	#ifdef EAP_SERVER_FAST
185	if (ret == 0)
186	ret = eap_server_fast_register();
187	#endif /* EAP_SERVER_FAST */
188
189	#ifdef EAP_SERVER_WSC
190	if (ret == 0)
191	ret = eap_server_wsc_register();
192	#endif /* EAP_SERVER_WSC */
193
194	#ifdef EAP_SERVER_IKEV2
195	if (ret == 0)
196	ret = eap_server_ikev2_register();
197	#endif /* EAP_SERVER_IKEV2 */
198
199	#ifdef EAP_SERVER_TNC
200	if (ret == 0)
201	ret = eap_server_tnc_register();
202	#endif /* EAP_SERVER_TNC */
203
204	return ret;
205	}
206
207
6fc6879b JM	208	int eap_example_server_init(void)
	209	{
	210	if (eap_server_register_methods() < 0)
	211	return -1;
	212
	213	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
	214
	215	if (eap_example_server_init_tls() < 0)
	216	return -1;
	217
	218	os_memset(&eap_cb, 0, sizeof(eap_cb));
	219	eap_cb.get_eap_user = server_get_eap_user;
	220	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
	221
	222	os_memset(&eap_conf, 0, sizeof(eap_conf));
	223	eap_conf.eap_server = 1;
	224	eap_conf.ssl_ctx = eap_ctx.tls_ctx;
	225
	226	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
	227	if (eap_ctx.eap == NULL)
	228	return -1;
	229
	230	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
	231
	232	/* Enable "port" and request EAP to start authentication. */
	233	eap_ctx.eap_if->portEnabled = TRUE;
	234	eap_ctx.eap_if->eapRestart = TRUE;
	235
	236	return 0;
	237	}
	238
	239
	240	void eap_example_server_deinit(void)
	241	{
	242	eap_server_sm_deinit(eap_ctx.eap);
	243	eap_server_unregister_methods();
	244	tls_deinit(eap_ctx.tls_ctx);
	245	}
	246
	247
	248	int eap_example_server_step(void)
	249	{
	250	int res, process = 0;
	251
	252	res = eap_server_sm_step(eap_ctx.eap);
	253
	254	if (eap_ctx.eap_if->eapReq) {
	255	printf("==> Request\n");
	256	process = 1;
	257	eap_ctx.eap_if->eapReq = 0;
	258	}
	259
	260	if (eap_ctx.eap_if->eapSuccess) {
	261	printf("==> Success\n");
	262	process = 1;
	263	res = 0;
	264	eap_ctx.eap_if->eapSuccess = 0;
	265
	266	if (eap_ctx.eap_if->eapKeyAvailable) {
	267	wpa_hexdump(MSG_DEBUG, "EAP keying material",
	268	eap_ctx.eap_if->eapKeyData,
	269	eap_ctx.eap_if->eapKeyDataLen);
	270	}
	271	}
272
273	if (eap_ctx.eap_if->eapFail) {
274	printf("==> Fail\n");
275	process = 1;
276	eap_ctx.eap_if->eapFail = 0;
277	}
278
279	if (process && eap_ctx.eap_if->eapReqData) {
f5c15dc1	280	/* Send EAP request to the peer */
6fc6879b JM	281	eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
	282	wpabuf_len(eap_ctx.eap_if->eapReqData));
	283	}
	284
	285	return res;
	286	}
	287
	288
	289	void eap_example_server_rx(const u8 *data, size_t data_len)
	290	{
	291	/* Make received EAP message available to the EAP library */
	292	wpabuf_free(eap_ctx.eap_if->eapRespData);
	293	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
	294	if (eap_ctx.eap_if->eapRespData)
	295	eap_ctx.eap_if->eapResp = TRUE;
	296	}