eap_example/eap_example_server.c

   1 /*
   2  * Example application showing how EAP server code from hostapd can be used as
   3  * a library.
   4  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  *
  10  * Alternatively, this software may be distributed under the terms of BSD
  11  * license.
  12  *
  13  * See README and COPYING for more details.
  14  */
  15
  16 #include "includes.h"
  17
  18 #include "common.h"
  19 #include "eap_server/eap.h"
  20 #include "tls.h"
  21 #include "wpabuf.h"
  22
  23 void eap_example_peer_rx(const u8 *data, size_t data_len);
  24
  25
  26 struct eap_server_ctx {
  27         struct eap_eapol_interface *eap_if;
  28         struct eap_sm *eap;
  29         void *tls_ctx;
  30 };
  31
  32 static struct eap_server_ctx eap_ctx;
  33
  34
  35 static int server_get_eap_user(void *ctx, const u8 *identity,
  36                                size_t identity_len, int phase2,
  37                                struct eap_user *user)
  38 {
  39         os_memset(user, 0, sizeof(*user));
  40
  41         if (!phase2) {
  42                 /* Only allow EAP-PEAP as the Phase 1 method */
  43                 user->methods[0].vendor = EAP_VENDOR_IETF;
  44                 user->methods[0].method = EAP_TYPE_PEAP;
  45                 return 0;
  46         }
  47
  48         if (identity_len != 4 || identity == NULL ||
  49             os_memcmp(identity, "user", 4) != 0) {
  50                 printf("Unknown user\n");
  51                 return -1;
  52         }
  53
  54         /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
  55         user->methods[0].vendor = EAP_VENDOR_IETF;
  56         user->methods[0].method = EAP_TYPE_MSCHAPV2;
  57         user->password = (u8 *) os_strdup("password");
  58         user->password_len = 8;
  59
  60         return 0;
  61 }
  62
  63
  64 static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
  65 {
  66         *len = 0;
  67         return NULL;
  68 }
  69
  70
  71 static struct eapol_callbacks eap_cb;
  72 static struct eap_config eap_conf;
  73
  74 static int eap_example_server_init_tls(void)
  75 {
  76         struct tls_config tconf;
  77         struct tls_connection_params tparams;
  78
  79         os_memset(&tconf, 0, sizeof(tconf));
  80         eap_ctx.tls_ctx = tls_init(&tconf);
  81         if (eap_ctx.tls_ctx == NULL)
  82                 return -1;
  83
  84         os_memset(&tparams, 0, sizeof(tparams));
  85         tparams.ca_cert = "ca.pem";
  86         tparams.client_cert = "server.pem";
  87         tparams.private_key = "server.key";
  88         tparams.private_key_passwd = "whatever";
  89
  90         if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
  91                 printf("Failed to set TLS parameters\n");
  92                 return -1;
  93         }
  94
  95         if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
  96                 printf("Failed to set check_crl\n");
  97                 return -1;
  98         }
  99
 100         return 0;
 101 }
 102
 103
 104 int eap_example_server_init(void)
 105 {
 106         if (eap_server_register_methods() < 0)
 107                 return -1;
 108
 109         os_memset(&eap_ctx, 0, sizeof(eap_ctx));
 110
 111         if (eap_example_server_init_tls() < 0)
 112                 return -1;
 113
 114         os_memset(&eap_cb, 0, sizeof(eap_cb));
 115         eap_cb.get_eap_user = server_get_eap_user;
 116         eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
 117
 118         os_memset(&eap_conf, 0, sizeof(eap_conf));
 119         eap_conf.eap_server = 1;
 120         eap_conf.ssl_ctx = eap_ctx.tls_ctx;
 121
 122         eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
 123         if (eap_ctx.eap == NULL)
 124                 return -1;
 125
 126         eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
 127
 128         /* Enable "port" and request EAP to start authentication. */
 129         eap_ctx.eap_if->portEnabled = TRUE;
 130         eap_ctx.eap_if->eapRestart = TRUE;
 131
 132         return 0;
 133 }
 134
 135
 136 void eap_example_server_deinit(void)
 137 {
 138         eap_server_sm_deinit(eap_ctx.eap);
 139         eap_server_unregister_methods();
 140         tls_deinit(eap_ctx.tls_ctx);
 141 }
 142
 143
 144 int eap_example_server_step(void)
 145 {
 146         int res, process = 0;
 147
 148         res = eap_server_sm_step(eap_ctx.eap);
 149
 150         if (eap_ctx.eap_if->eapReq) {
 151                 printf("==> Request\n");
 152                 process = 1;
 153                 eap_ctx.eap_if->eapReq = 0;
 154         }
 155
 156         if (eap_ctx.eap_if->eapSuccess) {
 157                 printf("==> Success\n");
 158                 process = 1;
 159                 res = 0;
 160                 eap_ctx.eap_if->eapSuccess = 0;
 161
 162                 if (eap_ctx.eap_if->eapKeyAvailable) {
 163                         wpa_hexdump(MSG_DEBUG, "EAP keying material",
 164                                     eap_ctx.eap_if->eapKeyData,
 165                                     eap_ctx.eap_if->eapKeyDataLen);
 166                 }
 167         }
 168
 169         if (eap_ctx.eap_if->eapFail) {
 170                 printf("==> Fail\n");
 171                 process = 1;
 172                 eap_ctx.eap_if->eapFail = 0;
 173         }
 174
 175         if (process && eap_ctx.eap_if->eapReqData) {
 176                 /* Send EAP response to the server */
 177                 eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
 178                                     wpabuf_len(eap_ctx.eap_if->eapReqData));
 179         }
 180
 181         return res;
 182 }
 183
 184
 185 void eap_example_server_rx(const u8 *data, size_t data_len)
 186 {
 187         /* Make received EAP message available to the EAP library */
 188         wpabuf_free(eap_ctx.eap_if->eapRespData);
 189         eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
 190         if (eap_ctx.eap_if->eapRespData)
 191                 eap_ctx.eap_if->eapResp = TRUE;
 192 }