From c28767e11cab40dfe306915c0a28eb796a8377d1 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 9 Sep 2015 23:39:48 +0300 Subject: [PATCH] ERP: Make eap_peer_erp_reauth_start() available This needs to be callable through the EAPOL supplicant wrappers to allow FILS implementation to use ERP. Signed-off-by: Jouni Malinen --- src/eap_peer/eap.c | 29 ++++++++++++++++++++++------- src/eap_peer/eap.h | 1 + src/eapol_supp/eapol_supp_sm.c | 12 ++++++++++++ src/eapol_supp/eapol_supp_sm.h | 6 ++++++ 4 files changed, 41 insertions(+), 7 deletions(-) diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 9af1fff8a..c47922056 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -571,7 +571,7 @@ fail: #ifdef CONFIG_ERP -static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) +struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id) { char *realm; struct eap_erp_key *erp; @@ -580,16 +580,16 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) realm = eap_home_realm(sm); if (!realm) - return -1; + return NULL; erp = eap_erp_get_key(sm, realm); os_free(realm); realm = NULL; if (!erp) - return -1; + return NULL; if (erp->next_seq >= 65536) - return -1; /* SEQ has range of 0..65535 */ + return NULL; /* SEQ has range of 0..65535 */ /* TODO: check rRK lifetime expiration */ @@ -600,7 +600,7 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) 1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16, EAP_CODE_INITIATE, eap_id); if (msg == NULL) - return -1; + return NULL; wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */ wpabuf_put_be16(msg, erp->next_seq); @@ -614,13 +614,28 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) if (hmac_sha256(erp->rIK, erp->rIK_len, wpabuf_head(msg), wpabuf_len(msg), hash) < 0) { wpabuf_free(msg); - return -1; + return NULL; } wpabuf_put_data(msg, hash, 16); - wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth"); sm->erp_seq = erp->next_seq; erp->next_seq++; + + wpa_hexdump_buf(MSG_DEBUG, "ERP: EAP-Initiate/Re-auth", msg); + + return msg; +} + + +static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) +{ + struct wpabuf *msg; + + msg = eap_peer_build_erp_reauth_start(sm, eap_id); + if (!msg) + return -1; + + wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth"); wpabuf_free(sm->eapRespData); sm->eapRespData = msg; sm->reauthInit = TRUE; diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h index 1a645af8b..3c6885552 100644 --- a/src/eap_peer/eap.h +++ b/src/eap_peer/eap.h @@ -348,6 +348,7 @@ void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext); void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len); int eap_peer_was_failure_expected(struct eap_sm *sm); void eap_peer_erp_free_keys(struct eap_sm *sm); +struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id); #endif /* IEEE8021X_EAPOL */ diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index 65460fc3b..a08010d89 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -2158,3 +2158,15 @@ void eapol_sm_erp_flush(struct eapol_sm *sm) if (sm) eap_peer_erp_free_keys(sm->eap); } + + +struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm) +{ +#ifdef CONFIG_ERP + if (!sm) + return NULL; + return eap_peer_build_erp_reauth_start(sm->eap, 0); +#else /* CONFIG_ERP */ + return NULL; +#endif /* CONFIG_ERP */ +} diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h index 1309ff754..7b80878f3 100644 --- a/src/eapol_supp/eapol_supp_sm.h +++ b/src/eapol_supp/eapol_supp_sm.h @@ -328,6 +328,7 @@ void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm, struct ext_password_data *ext); int eapol_sm_failed(struct eapol_sm *sm); void eapol_sm_erp_flush(struct eapol_sm *sm); +struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm); int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len); #else /* IEEE8021X_EAPOL */ static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) @@ -438,6 +439,11 @@ static inline int eapol_sm_failed(struct eapol_sm *sm) static inline void eapol_sm_erp_flush(struct eapol_sm *sm) { } +static inline struct wpabuf * +eapol_sm_build_erp_reauth_start(struct eapol_sm *sm) +{ + return NULL; +} #endif /* IEEE8021X_EAPOL */ #endif /* EAPOL_SUPP_SM_H */