HS 2.0R2: Add WFA server-only EAP-TLS peer method

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-07-23 21:21:36 +03:00 committed by Jouni Malinen
parent df0f01d91f
commit 8e5fdfabf6
6 changed files with 81 additions and 2 deletions

View file

@ -72,13 +72,16 @@ typedef enum {
enum { enum {
EAP_VENDOR_IETF = 0, EAP_VENDOR_IETF = 0,
EAP_VENDOR_MICROSOFT = 0x000137 /* Microsoft */, EAP_VENDOR_MICROSOFT = 0x000137 /* Microsoft */,
EAP_VENDOR_WFA = 0x00372A /* Wi-Fi Alliance */, EAP_VENDOR_WFA = 0x00372A /* Wi-Fi Alliance (moved to WBA) */,
EAP_VENDOR_HOSTAP = 39068 /* hostapd/wpa_supplicant project */ EAP_VENDOR_HOSTAP = 39068 /* hostapd/wpa_supplicant project */,
EAP_VENDOR_WFA_NEW = 40808 /* Wi-Fi Alliance */
}; };
#define EAP_VENDOR_UNAUTH_TLS EAP_VENDOR_HOSTAP #define EAP_VENDOR_UNAUTH_TLS EAP_VENDOR_HOSTAP
#define EAP_VENDOR_TYPE_UNAUTH_TLS 1 #define EAP_VENDOR_TYPE_UNAUTH_TLS 1
#define EAP_VENDOR_WFA_UNAUTH_TLS 13
#define EAP_MSK_LEN 64 #define EAP_MSK_LEN 64
#define EAP_EMSK_LEN 64 #define EAP_EMSK_LEN 64

View file

@ -86,6 +86,7 @@ static inline int eap_peer_method_unload(struct eap_method *method)
int eap_peer_md5_register(void); int eap_peer_md5_register(void);
int eap_peer_tls_register(void); int eap_peer_tls_register(void);
int eap_peer_unauth_tls_register(void); int eap_peer_unauth_tls_register(void);
int eap_peer_wfa_unauth_tls_register(void);
int eap_peer_mschapv2_register(void); int eap_peer_mschapv2_register(void);
int eap_peer_peap_register(void); int eap_peer_peap_register(void);
int eap_peer_ttls_register(void); int eap_peer_ttls_register(void);

View file

@ -98,6 +98,33 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
#endif /* EAP_UNAUTH_TLS */ #endif /* EAP_UNAUTH_TLS */
#ifdef CONFIG_HS20
static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
{
struct eap_tls_data *data;
struct eap_peer_config *config = eap_get_config(sm);
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
sm->ssl_ctx;
if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
EAP_WFA_UNAUTH_TLS_TYPE)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_deinit(sm, data);
return NULL;
}
data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
return data;
}
#endif /* CONFIG_HS20 */
static void eap_tls_deinit(struct eap_sm *sm, void *priv) static void eap_tls_deinit(struct eap_sm *sm, void *priv)
{ {
struct eap_tls_data *data = priv; struct eap_tls_data *data = priv;
@ -382,3 +409,35 @@ int eap_peer_unauth_tls_register(void)
return ret; return ret;
} }
#endif /* EAP_UNAUTH_TLS */ #endif /* EAP_UNAUTH_TLS */
#ifdef CONFIG_HS20
int eap_peer_wfa_unauth_tls_register(void)
{
struct eap_method *eap;
int ret;
eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
EAP_VENDOR_WFA_NEW,
EAP_VENDOR_WFA_UNAUTH_TLS,
"WFA-UNAUTH-TLS");
if (eap == NULL)
return -1;
eap->init = eap_wfa_unauth_tls_init;
eap->deinit = eap_tls_deinit;
eap->process = eap_tls_process;
eap->isKeyAvailable = eap_tls_isKeyAvailable;
eap->getKey = eap_tls_getKey;
eap->get_status = eap_tls_get_status;
eap->has_reauth_data = eap_tls_has_reauth_data;
eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
eap->init_for_reauth = eap_tls_init_for_reauth;
eap->get_emsk = eap_tls_get_emsk;
ret = eap_peer_method_register(eap);
if (ret)
eap_peer_method_free(eap);
return ret;
}
#endif /* CONFIG_HS20 */

View file

@ -23,6 +23,10 @@ static struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS, return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len, EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
code, identifier); code, identifier);
if (type == EAP_WFA_UNAUTH_TLS_TYPE)
return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
code, identifier);
return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code, return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
identifier); identifier);
} }
@ -846,6 +850,10 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
EAP_VENDOR_TYPE_UNAUTH_TLS, reqData, EAP_VENDOR_TYPE_UNAUTH_TLS, reqData,
&left); &left);
else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
EAP_VENDOR_WFA_UNAUTH_TLS, reqData,
&left);
else else
pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData, pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData,
&left); &left);

View file

@ -87,6 +87,7 @@ struct eap_ssl_data {
/* dummy type used as a flag for UNAUTH-TLS */ /* dummy type used as a flag for UNAUTH-TLS */
#define EAP_UNAUTH_TLS_TYPE 255 #define EAP_UNAUTH_TLS_TYPE 255
#define EAP_WFA_UNAUTH_TLS_TYPE 254
int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,

View file

@ -40,6 +40,13 @@ int eap_register_methods(void)
ret = eap_peer_unauth_tls_register(); ret = eap_peer_unauth_tls_register();
#endif /* EAP_UNAUTH_TLS */ #endif /* EAP_UNAUTH_TLS */
#ifdef EAP_TLS
#ifdef CONFIG_HS20
if (ret == 0)
ret = eap_peer_wfa_unauth_tls_register();
#endif /* CONFIG_HS20 */
#endif /* EAP_TLS */
#ifdef EAP_MSCHAPv2 #ifdef EAP_MSCHAPv2
if (ret == 0) if (ret == 0)
ret = eap_peer_mschapv2_register(); ret = eap_peer_mschapv2_register();