]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * Example application showing how EAP server code from hostapd can be used as | |
3 | * a library. | |
4 | * Copyright (c) 2007, Jouni Malinen <j@w1.fi> | |
5 | * | |
0f3d578e JM |
6 | * This software may be distributed under the terms of the BSD license. |
7 | * See README for more details. | |
6fc6879b JM |
8 | */ |
9 | ||
10 | #include "includes.h" | |
11 | ||
12 | #include "common.h" | |
03da66bd | 13 | #include "crypto/tls.h" |
6fc6879b | 14 | #include "eap_server/eap.h" |
6fc6879b JM |
15 | #include "wpabuf.h" |
16 | ||
17 | void eap_example_peer_rx(const u8 *data, size_t data_len); | |
18 | ||
19 | ||
20 | struct eap_server_ctx { | |
21 | struct eap_eapol_interface *eap_if; | |
22 | struct eap_sm *eap; | |
23 | void *tls_ctx; | |
24 | }; | |
25 | ||
26 | static struct eap_server_ctx eap_ctx; | |
27 | ||
28 | ||
29 | static int server_get_eap_user(void *ctx, const u8 *identity, | |
30 | size_t identity_len, int phase2, | |
31 | struct eap_user *user) | |
32 | { | |
33 | os_memset(user, 0, sizeof(*user)); | |
34 | ||
35 | if (!phase2) { | |
36 | /* Only allow EAP-PEAP as the Phase 1 method */ | |
37 | user->methods[0].vendor = EAP_VENDOR_IETF; | |
38 | user->methods[0].method = EAP_TYPE_PEAP; | |
39 | return 0; | |
40 | } | |
41 | ||
42 | if (identity_len != 4 || identity == NULL || | |
43 | os_memcmp(identity, "user", 4) != 0) { | |
44 | printf("Unknown user\n"); | |
45 | return -1; | |
46 | } | |
47 | ||
48 | /* Only allow EAP-MSCHAPv2 as the Phase 2 method */ | |
49 | user->methods[0].vendor = EAP_VENDOR_IETF; | |
50 | user->methods[0].method = EAP_TYPE_MSCHAPV2; | |
51 | user->password = (u8 *) os_strdup("password"); | |
52 | user->password_len = 8; | |
53 | ||
54 | return 0; | |
55 | } | |
56 | ||
57 | ||
58 | static const char * server_get_eap_req_id_text(void *ctx, size_t *len) | |
59 | { | |
60 | *len = 0; | |
61 | return NULL; | |
62 | } | |
63 | ||
64 | ||
65 | static struct eapol_callbacks eap_cb; | |
66 | static struct eap_config eap_conf; | |
67 | ||
68 | static int eap_example_server_init_tls(void) | |
69 | { | |
70 | struct tls_config tconf; | |
71 | struct tls_connection_params tparams; | |
72 | ||
73 | os_memset(&tconf, 0, sizeof(tconf)); | |
74 | eap_ctx.tls_ctx = tls_init(&tconf); | |
75 | if (eap_ctx.tls_ctx == NULL) | |
76 | return -1; | |
77 | ||
78 | os_memset(&tparams, 0, sizeof(tparams)); | |
79 | tparams.ca_cert = "ca.pem"; | |
80 | tparams.client_cert = "server.pem"; | |
79ec5264 JM |
81 | /* tparams.private_key = "server.key"; */ |
82 | tparams.private_key = "server-key.pem"; | |
83 | /* tparams.private_key_passwd = "whatever"; */ | |
897418a2 | 84 | tparams.dh_file = "dh.conf"; |
6fc6879b JM |
85 | |
86 | if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) { | |
87 | printf("Failed to set TLS parameters\n"); | |
88 | return -1; | |
89 | } | |
90 | ||
dd5d325b | 91 | if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) { |
6fc6879b JM |
92 | printf("Failed to set check_crl\n"); |
93 | return -1; | |
94 | } | |
95 | ||
96 | return 0; | |
97 | } | |
98 | ||
99 | ||
12760815 JM |
100 | static int eap_server_register_methods(void) |
101 | { | |
102 | int ret = 0; | |
103 | ||
104 | #ifdef EAP_SERVER_IDENTITY | |
105 | if (ret == 0) | |
106 | ret = eap_server_identity_register(); | |
107 | #endif /* EAP_SERVER_IDENTITY */ | |
108 | ||
109 | #ifdef EAP_SERVER_MD5 | |
110 | if (ret == 0) | |
111 | ret = eap_server_md5_register(); | |
112 | #endif /* EAP_SERVER_MD5 */ | |
113 | ||
114 | #ifdef EAP_SERVER_TLS | |
115 | if (ret == 0) | |
116 | ret = eap_server_tls_register(); | |
117 | #endif /* EAP_SERVER_TLS */ | |
118 | ||
119 | #ifdef EAP_SERVER_MSCHAPV2 | |
120 | if (ret == 0) | |
121 | ret = eap_server_mschapv2_register(); | |
122 | #endif /* EAP_SERVER_MSCHAPV2 */ | |
123 | ||
124 | #ifdef EAP_SERVER_PEAP | |
125 | if (ret == 0) | |
126 | ret = eap_server_peap_register(); | |
127 | #endif /* EAP_SERVER_PEAP */ | |
128 | ||
129 | #ifdef EAP_SERVER_TLV | |
130 | if (ret == 0) | |
131 | ret = eap_server_tlv_register(); | |
132 | #endif /* EAP_SERVER_TLV */ | |
133 | ||
134 | #ifdef EAP_SERVER_GTC | |
135 | if (ret == 0) | |
136 | ret = eap_server_gtc_register(); | |
137 | #endif /* EAP_SERVER_GTC */ | |
138 | ||
139 | #ifdef EAP_SERVER_TTLS | |
140 | if (ret == 0) | |
141 | ret = eap_server_ttls_register(); | |
142 | #endif /* EAP_SERVER_TTLS */ | |
143 | ||
144 | #ifdef EAP_SERVER_SIM | |
145 | if (ret == 0) | |
146 | ret = eap_server_sim_register(); | |
147 | #endif /* EAP_SERVER_SIM */ | |
148 | ||
149 | #ifdef EAP_SERVER_AKA | |
150 | if (ret == 0) | |
151 | ret = eap_server_aka_register(); | |
152 | #endif /* EAP_SERVER_AKA */ | |
153 | ||
154 | #ifdef EAP_SERVER_AKA_PRIME | |
155 | if (ret == 0) | |
156 | ret = eap_server_aka_prime_register(); | |
157 | #endif /* EAP_SERVER_AKA_PRIME */ | |
158 | ||
159 | #ifdef EAP_SERVER_PAX | |
160 | if (ret == 0) | |
161 | ret = eap_server_pax_register(); | |
162 | #endif /* EAP_SERVER_PAX */ | |
163 | ||
164 | #ifdef EAP_SERVER_PSK | |
165 | if (ret == 0) | |
166 | ret = eap_server_psk_register(); | |
167 | #endif /* EAP_SERVER_PSK */ | |
168 | ||
169 | #ifdef EAP_SERVER_SAKE | |
170 | if (ret == 0) | |
171 | ret = eap_server_sake_register(); | |
172 | #endif /* EAP_SERVER_SAKE */ | |
173 | ||
174 | #ifdef EAP_SERVER_GPSK | |
175 | if (ret == 0) | |
176 | ret = eap_server_gpsk_register(); | |
177 | #endif /* EAP_SERVER_GPSK */ | |
178 | ||
179 | #ifdef EAP_SERVER_VENDOR_TEST | |
180 | if (ret == 0) | |
181 | ret = eap_server_vendor_test_register(); | |
182 | #endif /* EAP_SERVER_VENDOR_TEST */ | |
183 | ||
184 | #ifdef EAP_SERVER_FAST | |
185 | if (ret == 0) | |
186 | ret = eap_server_fast_register(); | |
187 | #endif /* EAP_SERVER_FAST */ | |
188 | ||
189 | #ifdef EAP_SERVER_WSC | |
190 | if (ret == 0) | |
191 | ret = eap_server_wsc_register(); | |
192 | #endif /* EAP_SERVER_WSC */ | |
193 | ||
194 | #ifdef EAP_SERVER_IKEV2 | |
195 | if (ret == 0) | |
196 | ret = eap_server_ikev2_register(); | |
197 | #endif /* EAP_SERVER_IKEV2 */ | |
198 | ||
199 | #ifdef EAP_SERVER_TNC | |
200 | if (ret == 0) | |
201 | ret = eap_server_tnc_register(); | |
202 | #endif /* EAP_SERVER_TNC */ | |
203 | ||
204 | return ret; | |
205 | } | |
206 | ||
207 | ||
6fc6879b JM |
208 | int eap_example_server_init(void) |
209 | { | |
210 | if (eap_server_register_methods() < 0) | |
211 | return -1; | |
212 | ||
213 | os_memset(&eap_ctx, 0, sizeof(eap_ctx)); | |
214 | ||
215 | if (eap_example_server_init_tls() < 0) | |
216 | return -1; | |
217 | ||
218 | os_memset(&eap_cb, 0, sizeof(eap_cb)); | |
219 | eap_cb.get_eap_user = server_get_eap_user; | |
220 | eap_cb.get_eap_req_id_text = server_get_eap_req_id_text; | |
221 | ||
222 | os_memset(&eap_conf, 0, sizeof(eap_conf)); | |
223 | eap_conf.eap_server = 1; | |
224 | eap_conf.ssl_ctx = eap_ctx.tls_ctx; | |
225 | ||
226 | eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf); | |
227 | if (eap_ctx.eap == NULL) | |
228 | return -1; | |
229 | ||
230 | eap_ctx.eap_if = eap_get_interface(eap_ctx.eap); | |
231 | ||
232 | /* Enable "port" and request EAP to start authentication. */ | |
233 | eap_ctx.eap_if->portEnabled = TRUE; | |
234 | eap_ctx.eap_if->eapRestart = TRUE; | |
235 | ||
236 | return 0; | |
237 | } | |
238 | ||
239 | ||
240 | void eap_example_server_deinit(void) | |
241 | { | |
242 | eap_server_sm_deinit(eap_ctx.eap); | |
243 | eap_server_unregister_methods(); | |
244 | tls_deinit(eap_ctx.tls_ctx); | |
245 | } | |
246 | ||
247 | ||
248 | int eap_example_server_step(void) | |
249 | { | |
250 | int res, process = 0; | |
251 | ||
252 | res = eap_server_sm_step(eap_ctx.eap); | |
253 | ||
254 | if (eap_ctx.eap_if->eapReq) { | |
255 | printf("==> Request\n"); | |
256 | process = 1; | |
257 | eap_ctx.eap_if->eapReq = 0; | |
258 | } | |
259 | ||
260 | if (eap_ctx.eap_if->eapSuccess) { | |
261 | printf("==> Success\n"); | |
262 | process = 1; | |
263 | res = 0; | |
264 | eap_ctx.eap_if->eapSuccess = 0; | |
265 | ||
266 | if (eap_ctx.eap_if->eapKeyAvailable) { | |
267 | wpa_hexdump(MSG_DEBUG, "EAP keying material", | |
268 | eap_ctx.eap_if->eapKeyData, | |
269 | eap_ctx.eap_if->eapKeyDataLen); | |
270 | } | |
271 | } | |
272 | ||
273 | if (eap_ctx.eap_if->eapFail) { | |
274 | printf("==> Fail\n"); | |
275 | process = 1; | |
276 | eap_ctx.eap_if->eapFail = 0; | |
277 | } | |
278 | ||
279 | if (process && eap_ctx.eap_if->eapReqData) { | |
f5c15dc1 | 280 | /* Send EAP request to the peer */ |
6fc6879b JM |
281 | eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData), |
282 | wpabuf_len(eap_ctx.eap_if->eapReqData)); | |
283 | } | |
284 | ||
285 | return res; | |
286 | } | |
287 | ||
288 | ||
289 | void eap_example_server_rx(const u8 *data, size_t data_len) | |
290 | { | |
291 | /* Make received EAP message available to the EAP library */ | |
292 | wpabuf_free(eap_ctx.eap_if->eapRespData); | |
293 | eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len); | |
294 | if (eap_ctx.eap_if->eapRespData) | |
295 | eap_ctx.eap_if->eapResp = TRUE; | |
296 | } |