jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ERP: Make eap_peer_erp_reauth_start() available

Browse source 
This needs to be callable through the EAPOL supplicant wrappers to allow
FILS implementation to use ERP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-09-09 23:39:48 +03:00 committed by Jouni Malinen
parent 5b092fb63f
commit c28767e11c
4 changed files with 41 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/eap_peer/eap.c
View file

@ -571,7 +571,7 @@ fail:
#ifdef CONFIG_ERP #ifdef CONFIG_ERP
static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
{ {
char *realm; char *realm;
struct eap_erp_key *erp; struct eap_erp_key *erp;
@ -580,16 +580,16 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
realm = eap_home_realm(sm); realm = eap_home_realm(sm);
if (!realm) if (!realm)
return -1; return NULL;
erp = eap_erp_get_key(sm, realm); erp = eap_erp_get_key(sm, realm);
os_free(realm); os_free(realm);
realm = NULL; realm = NULL;
if (!erp) if (!erp)
return -1; return NULL;
if (erp->next_seq >= 65536) if (erp->next_seq >= 65536)
return -1; /* SEQ has range of 0..65535 */ return NULL; /* SEQ has range of 0..65535 */
/* TODO: check rRK lifetime expiration */ /* TODO: check rRK lifetime expiration */
@ -600,7 +600,7 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16, 1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16,
EAP_CODE_INITIATE, eap_id); EAP_CODE_INITIATE, eap_id);
if (msg == NULL) if (msg == NULL)
return -1; return NULL;
wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */ wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */
wpabuf_put_be16(msg, erp->next_seq); wpabuf_put_be16(msg, erp->next_seq);
@ -614,13 +614,28 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
if (hmac_sha256(erp->rIK, erp->rIK_len, if (hmac_sha256(erp->rIK, erp->rIK_len,
wpabuf_head(msg), wpabuf_len(msg), hash) < 0) { wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
wpabuf_free(msg); wpabuf_free(msg);
return -1; return NULL;
} }
wpabuf_put_data(msg, hash, 16); wpabuf_put_data(msg, hash, 16);
wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
sm->erp_seq = erp->next_seq; sm->erp_seq = erp->next_seq;
erp->next_seq++; erp->next_seq++;
wpa_hexdump_buf(MSG_DEBUG, "ERP: EAP-Initiate/Re-auth", msg);
return msg;
}
static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
{
struct wpabuf *msg;
msg = eap_peer_build_erp_reauth_start(sm, eap_id);
if (!msg)
return -1;
wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
wpabuf_free(sm->eapRespData); wpabuf_free(sm->eapRespData);
sm->eapRespData = msg; sm->eapRespData = msg;
sm->reauthInit = TRUE; sm->reauthInit = TRUE;

1
src/eap_peer/eap.h
View file

@ -348,6 +348,7 @@ void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len); void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
int eap_peer_was_failure_expected(struct eap_sm *sm); int eap_peer_was_failure_expected(struct eap_sm *sm);
void eap_peer_erp_free_keys(struct eap_sm *sm); void eap_peer_erp_free_keys(struct eap_sm *sm);
struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id);
#endif /* IEEE8021X_EAPOL */ #endif /* IEEE8021X_EAPOL */

12
src/eapol_supp/eapol_supp_sm.c
View file

@ -2158,3 +2158,15 @@ void eapol_sm_erp_flush(struct eapol_sm *sm)
if (sm) if (sm)
eap_peer_erp_free_keys(sm->eap); eap_peer_erp_free_keys(sm->eap);
} }
struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm)
{
#ifdef CONFIG_ERP
if (!sm)
return NULL;
return eap_peer_build_erp_reauth_start(sm->eap, 0);
#else /* CONFIG_ERP */
return NULL;
#endif /* CONFIG_ERP */
}

6
src/eapol_supp/eapol_supp_sm.h
View file

@ -328,6 +328,7 @@ void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm,
struct ext_password_data *ext); struct ext_password_data *ext);
int eapol_sm_failed(struct eapol_sm *sm); int eapol_sm_failed(struct eapol_sm *sm);
void eapol_sm_erp_flush(struct eapol_sm *sm); void eapol_sm_erp_flush(struct eapol_sm *sm);
struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm);
int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len); int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len);
#else /* IEEE8021X_EAPOL */ #else /* IEEE8021X_EAPOL */
static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
@ -438,6 +439,11 @@ static inline int eapol_sm_failed(struct eapol_sm *sm)
static inline void eapol_sm_erp_flush(struct eapol_sm *sm) static inline void eapol_sm_erp_flush(struct eapol_sm *sm)
{ {
} }
static inline struct wpabuf *
eapol_sm_build_erp_reauth_start(struct eapol_sm *sm)
{
return NULL;
}
#endif /* IEEE8021X_EAPOL */ #endif /* IEEE8021X_EAPOL */
#endif /* EAPOL_SUPP_SM_H */ #endif /* EAPOL_SUPP_SM_H */