HS 2.0R2: Add WFA server-only EAP-TLS server method

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/eap_register.c b/hostapd/eap_register.c
index 981e53946aac4bdb6068c60e73c85dba4afaf42c..8477c2154379db303f1760b684a67e438357c522 100644 (file)
--- a/hostapd/eap_register.c
+++ b/hostapd/eap_register.c
@@ -44,6 +44,13 @@ int eap_server_register_methods(void)
                ret = eap_server_unauth_tls_register();
 #endif /* EAP_SERVER_TLS */
 
+#ifdef EAP_SERVER_TLS
+#ifdef CONFIG_HS20
+       if (ret == 0)
+               ret = eap_server_wfa_unauth_tls_register();
+#endif /* CONFIG_HS20 */
+#endif /* EAP_SERVER_TLS */
+
 #ifdef EAP_SERVER_MSCHAPV2
        if (ret == 0)
                ret = eap_server_mschapv2_register();

diff --git a/src/eap_server/eap_methods.h b/src/eap_server/eap_methods.h
index 429cb72b22606e9b06e764a00e7691836d389989..0baa3279086e488cd8cd15bf501dd3eaa7381430 100644 (file)
--- a/src/eap_server/eap_methods.h
+++ b/src/eap_server/eap_methods.h
@@ -27,6 +27,7 @@ int eap_server_identity_register(void);
 int eap_server_md5_register(void);
 int eap_server_tls_register(void);
 int eap_server_unauth_tls_register(void);
+int eap_server_wfa_unauth_tls_register(void);
 int eap_server_mschapv2_register(void);
 int eap_server_peap_register(void);
 int eap_server_tlv_register(void);

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 447f47cfa00a818ec6f214385ed0f27ceaf9713b..6bed62f8c6eba1483f7e138b024e04fdcd74c0b5 100644 (file)
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -94,6 +94,28 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
 #endif /* EAP_SERVER_UNAUTH_TLS */
 
 
+#ifdef CONFIG_HS20
+static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
+{
+       struct eap_tls_data *data;
+
+       data = os_zalloc(sizeof(*data));
+       if (data == NULL)
+               return NULL;
+       data->state = START;
+
+       if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+               wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
+               eap_tls_reset(sm, data);
+               return NULL;
+       }
+
+       data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
+       return data;
+}
+#endif /* CONFIG_HS20 */
+
+
 static void eap_tls_reset(struct eap_sm *sm, void *priv)
 {
        struct eap_tls_data *data = priv;
@@ -178,6 +200,10 @@ static Boolean eap_tls_check(struct eap_sm *sm, void *priv,
                pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
                                       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
                                       &len);
+       else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
+               pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
+                                      EAP_VENDOR_WFA_UNAUTH_TLS, respData,
+                                      &len);
        else
                pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type,
                                       respData, &len);
@@ -340,3 +366,34 @@ int eap_server_unauth_tls_register(void)
        return ret;
 }
 #endif /* EAP_SERVER_UNAUTH_TLS */
+
+
+#ifdef CONFIG_HS20
+int eap_server_wfa_unauth_tls_register(void)
+{
+       struct eap_method *eap;
+       int ret;
+
+       eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
+                                     EAP_VENDOR_WFA_NEW,
+                                     EAP_VENDOR_WFA_UNAUTH_TLS,
+                                     "WFA-UNAUTH-TLS");
+       if (eap == NULL)
+               return -1;
+
+       eap->init = eap_wfa_unauth_tls_init;
+       eap->reset = eap_tls_reset;
+       eap->buildReq = eap_tls_buildReq;
+       eap->check = eap_tls_check;
+       eap->process = eap_tls_process;
+       eap->isDone = eap_tls_isDone;
+       eap->getKey = eap_tls_getKey;
+       eap->isSuccess = eap_tls_isSuccess;
+       eap->get_emsk = eap_tls_get_emsk;
+
+       ret = eap_server_method_register(eap);
+       if (ret)
+               eap_server_method_free(eap);
+       return ret;
+}
+#endif /* CONFIG_HS20 */

diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 526e1bcc9c83a5ab67339acddc876356b5b7b490..de5ab0dd8c31325671f9bd98547bdfb65f0b0afc 100644 (file)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -25,6 +25,10 @@ struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
                return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
                                     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
                                     code, identifier);
+       else if (type == EAP_WFA_UNAUTH_TLS_TYPE)
+               return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
+                                    EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
+                                    code, identifier);
        return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
                             identifier);
 }
@@ -393,6 +397,10 @@ int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
                pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
                                       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
                                       &left);
+       else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
+               pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
+                                      EAP_VENDOR_WFA_UNAUTH_TLS, respData,
+                                      &left);
        else
                pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData,
                                       &left);

diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h
index 11f5827513ab25fe65d793495972a28b536f8d53..91449afd72f7e6106553c8dc50b3989e794fa1e2 100644 (file)
--- a/src/eap_server/eap_tls_common.h
+++ b/src/eap_server/eap_tls_common.h
@@ -64,6 +64,7 @@ struct eap_ssl_data {
 
 /* dummy type used as a flag for UNAUTH-TLS */
 #define EAP_UNAUTH_TLS_TYPE 255
+#define EAP_WFA_UNAUTH_TLS_TYPE 254
 
 
 struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,