eap_example/eap_example_server.c

   1 /*
   2  * Example application showing how EAP server code from hostapd can be used as
   3  * a library.
   4  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
   5  *
   6  * This software may be distributed under the terms of the BSD license.
   7  * See README for more details.
   8  */
   9
  10 #include "includes.h"
  11
  12 #include "common.h"
  13 #include "crypto/tls.h"
  14 #include "eap_server/eap.h"
  15 #include "wpabuf.h"
  16
  17 void eap_example_peer_rx(const u8 *data, size_t data_len);
  18
  19
  20 struct eap_server_ctx {
  21         struct eap_eapol_interface *eap_if;
  22         struct eap_sm *eap;
  23         void *tls_ctx;
  24 };
  25
  26 static struct eap_server_ctx eap_ctx;
  27
  28
  29 static int server_get_eap_user(void *ctx, const u8 *identity,
  30                                size_t identity_len, int phase2,
  31                                struct eap_user *user)
  32 {
  33         os_memset(user, 0, sizeof(*user));
  34
  35         if (!phase2) {
  36                 /* Only allow EAP-PEAP as the Phase 1 method */
  37                 user->methods[0].vendor = EAP_VENDOR_IETF;
  38                 user->methods[0].method = EAP_TYPE_PEAP;
  39                 return 0;
  40         }
  41
  42         if (identity_len != 4 || identity == NULL ||
  43             os_memcmp(identity, "user", 4) != 0) {
  44                 printf("Unknown user\n");
  45                 return -1;
  46         }
  47
  48         /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
  49         user->methods[0].vendor = EAP_VENDOR_IETF;
  50         user->methods[0].method = EAP_TYPE_MSCHAPV2;
  51         user->password = (u8 *) os_strdup("password");
  52         user->password_len = 8;
  53
  54         return 0;
  55 }
  56
  57
  58 static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
  59 {
  60         *len = 0;
  61         return NULL;
  62 }
  63
  64
  65 static struct eapol_callbacks eap_cb;
  66 static struct eap_config eap_conf;
  67
  68 static int eap_example_server_init_tls(void)
  69 {
  70         struct tls_config tconf;
  71         struct tls_connection_params tparams;
  72
  73         os_memset(&tconf, 0, sizeof(tconf));
  74         eap_ctx.tls_ctx = tls_init(&tconf);
  75         if (eap_ctx.tls_ctx == NULL)
  76                 return -1;
  77
  78         os_memset(&tparams, 0, sizeof(tparams));
  79         tparams.ca_cert = "ca.pem";
  80         tparams.client_cert = "server.pem";
  81         /* tparams.private_key = "server.key"; */
  82         tparams.private_key = "server-key.pem";
  83         /* tparams.private_key_passwd = "whatever"; */
  84         tparams.dh_file = "dh.conf";
  85
  86         if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
  87                 printf("Failed to set TLS parameters\n");
  88                 return -1;
  89         }
  90
  91         if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) {
  92                 printf("Failed to set check_crl\n");
  93                 return -1;
  94         }
  95
  96         return 0;
  97 }
  98
  99
 100 static int eap_server_register_methods(void)
 101 {
 102         int ret = 0;
 103
 104 #ifdef EAP_SERVER_IDENTITY
 105         if (ret == 0)
 106                 ret = eap_server_identity_register();
 107 #endif /* EAP_SERVER_IDENTITY */
 108
 109 #ifdef EAP_SERVER_MD5
 110         if (ret == 0)
 111                 ret = eap_server_md5_register();
 112 #endif /* EAP_SERVER_MD5 */
 113
 114 #ifdef EAP_SERVER_TLS
 115         if (ret == 0)
 116                 ret = eap_server_tls_register();
 117 #endif /* EAP_SERVER_TLS */
 118
 119 #ifdef EAP_SERVER_MSCHAPV2
 120         if (ret == 0)
 121                 ret = eap_server_mschapv2_register();
 122 #endif /* EAP_SERVER_MSCHAPV2 */
 123
 124 #ifdef EAP_SERVER_PEAP
 125         if (ret == 0)
 126                 ret = eap_server_peap_register();
 127 #endif /* EAP_SERVER_PEAP */
 128
 129 #ifdef EAP_SERVER_TLV
 130         if (ret == 0)
 131                 ret = eap_server_tlv_register();
 132 #endif /* EAP_SERVER_TLV */
 133
 134 #ifdef EAP_SERVER_GTC
 135         if (ret == 0)
 136                 ret = eap_server_gtc_register();
 137 #endif /* EAP_SERVER_GTC */
 138
 139 #ifdef EAP_SERVER_TTLS
 140         if (ret == 0)
 141                 ret = eap_server_ttls_register();
 142 #endif /* EAP_SERVER_TTLS */
 143
 144 #ifdef EAP_SERVER_SIM
 145         if (ret == 0)
 146                 ret = eap_server_sim_register();
 147 #endif /* EAP_SERVER_SIM */
 148
 149 #ifdef EAP_SERVER_AKA
 150         if (ret == 0)
 151                 ret = eap_server_aka_register();
 152 #endif /* EAP_SERVER_AKA */
 153
 154 #ifdef EAP_SERVER_AKA_PRIME
 155         if (ret == 0)
 156                 ret = eap_server_aka_prime_register();
 157 #endif /* EAP_SERVER_AKA_PRIME */
 158
 159 #ifdef EAP_SERVER_PAX
 160         if (ret == 0)
 161                 ret = eap_server_pax_register();
 162 #endif /* EAP_SERVER_PAX */
 163
 164 #ifdef EAP_SERVER_PSK
 165         if (ret == 0)
 166                 ret = eap_server_psk_register();
 167 #endif /* EAP_SERVER_PSK */
 168
 169 #ifdef EAP_SERVER_SAKE
 170         if (ret == 0)
 171                 ret = eap_server_sake_register();
 172 #endif /* EAP_SERVER_SAKE */
 173
 174 #ifdef EAP_SERVER_GPSK
 175         if (ret == 0)
 176                 ret = eap_server_gpsk_register();
 177 #endif /* EAP_SERVER_GPSK */
 178
 179 #ifdef EAP_SERVER_VENDOR_TEST
 180         if (ret == 0)
 181                 ret = eap_server_vendor_test_register();
 182 #endif /* EAP_SERVER_VENDOR_TEST */
 183
 184 #ifdef EAP_SERVER_FAST
 185         if (ret == 0)
 186                 ret = eap_server_fast_register();
 187 #endif /* EAP_SERVER_FAST */
 188
 189 #ifdef EAP_SERVER_WSC
 190         if (ret == 0)
 191                 ret = eap_server_wsc_register();
 192 #endif /* EAP_SERVER_WSC */
 193
 194 #ifdef EAP_SERVER_IKEV2
 195         if (ret == 0)
 196                 ret = eap_server_ikev2_register();
 197 #endif /* EAP_SERVER_IKEV2 */
 198
 199 #ifdef EAP_SERVER_TNC
 200         if (ret == 0)
 201                 ret = eap_server_tnc_register();
 202 #endif /* EAP_SERVER_TNC */
 203
 204         return ret;
 205 }
 206
 207
 208 int eap_example_server_init(void)
 209 {
 210         struct eap_session_data eap_sess;
 211
 212         if (eap_server_register_methods() < 0)
 213                 return -1;
 214
 215         os_memset(&eap_ctx, 0, sizeof(eap_ctx));
 216
 217         if (eap_example_server_init_tls() < 0)
 218                 return -1;
 219
 220         os_memset(&eap_cb, 0, sizeof(eap_cb));
 221         eap_cb.get_eap_user = server_get_eap_user;
 222         eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
 223
 224         os_memset(&eap_conf, 0, sizeof(eap_conf));
 225         eap_conf.eap_server = 1;
 226         eap_conf.ssl_ctx = eap_ctx.tls_ctx;
 227
 228         os_memset(&eap_sess, 0, sizeof(eap_sess));
 229         eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf,
 230                                          &eap_sess);
 231         if (eap_ctx.eap == NULL)
 232                 return -1;
 233
 234         eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
 235
 236         /* Enable "port" and request EAP to start authentication. */
 237         eap_ctx.eap_if->portEnabled = TRUE;
 238         eap_ctx.eap_if->eapRestart = TRUE;
 239
 240         return 0;
 241 }
 242
 243
 244 void eap_example_server_deinit(void)
 245 {
 246         eap_server_sm_deinit(eap_ctx.eap);
 247         eap_server_unregister_methods();
 248         tls_deinit(eap_ctx.tls_ctx);
 249 }
 250
 251
 252 int eap_example_server_step(void)
 253 {
 254         int res, process = 0;
 255
 256         res = eap_server_sm_step(eap_ctx.eap);
 257
 258         if (eap_ctx.eap_if->eapReq) {
 259                 printf("==> Request\n");
 260                 process = 1;
 261                 eap_ctx.eap_if->eapReq = 0;
 262         }
 263
 264         if (eap_ctx.eap_if->eapSuccess) {
 265                 printf("==> Success\n");
 266                 process = 1;
 267                 res = 0;
 268                 eap_ctx.eap_if->eapSuccess = 0;
 269
 270                 if (eap_ctx.eap_if->eapKeyAvailable) {
 271                         wpa_hexdump(MSG_DEBUG, "EAP keying material",
 272                                     eap_ctx.eap_if->eapKeyData,
 273                                     eap_ctx.eap_if->eapKeyDataLen);
 274                 }
 275         }
 276
 277         if (eap_ctx.eap_if->eapFail) {
 278                 printf("==> Fail\n");
 279                 process = 1;
 280                 eap_ctx.eap_if->eapFail = 0;
 281         }
 282
 283         if (process && eap_ctx.eap_if->eapReqData) {
 284                 /* Send EAP request to the peer */
 285                 eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
 286                                     wpabuf_len(eap_ctx.eap_if->eapReqData));
 287         }
 288
 289         return res;
 290 }
 291
 292
 293 void eap_example_server_rx(const u8 *data, size_t data_len)
 294 {
 295         /* Make received EAP message available to the EAP library */
 296         wpabuf_free(eap_ctx.eap_if->eapRespData);
 297         eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
 298         if (eap_ctx.eap_if->eapRespData)
 299                 eap_ctx.eap_if->eapResp = TRUE;
 300 }