Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

HS 2.0R2: Add WFA server-only EAP-TLS peer method

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 11 years ago
parent
df0f01d91f
commit
8e5fdfabf6
6 changed files with 81 additions and 2 deletions
Split View Show Diff Stats
  1. 5 2
      src/eap_common/eap_defs.h
  2. 1 0
      src/eap_peer/eap_methods.h
  3. 59 0
      src/eap_peer/eap_tls.c
  4. 8 0
      src/eap_peer/eap_tls_common.c
  5. 1 0
      src/eap_peer/eap_tls_common.h
  6. 7 0
      wpa_supplicant/eap_register.c

+ 5 - 2
src/eap_common/eap_defs.h
View File 

@@ -72,13 +72,16 @@ typedef enum {
 
 enum {
 
 	EAP_VENDOR_IETF = 0,
 
 	EAP_VENDOR_MICROSOFT = 0x000137 /* Microsoft */,
 
-	EAP_VENDOR_WFA = 0x00372A /* Wi-Fi Alliance */,
 
-	EAP_VENDOR_HOSTAP = 39068 /* hostapd/wpa_supplicant project */
 
+	EAP_VENDOR_WFA = 0x00372A /* Wi-Fi Alliance (moved to WBA) */,
 
+	EAP_VENDOR_HOSTAP = 39068 /* hostapd/wpa_supplicant project */,
 
+	EAP_VENDOR_WFA_NEW = 40808 /* Wi-Fi Alliance */
 
 };
 
 
 #define EAP_VENDOR_UNAUTH_TLS EAP_VENDOR_HOSTAP
 
 #define EAP_VENDOR_TYPE_UNAUTH_TLS 1
 
 
+#define EAP_VENDOR_WFA_UNAUTH_TLS 13
 
+
 
 #define EAP_MSK_LEN 64
 
 #define EAP_EMSK_LEN 64

+ 1 - 0
src/eap_peer/eap_methods.h
View File 

@@ -86,6 +86,7 @@ static inline int eap_peer_method_unload(struct eap_method *method)
 
 int eap_peer_md5_register(void);
 
 int eap_peer_tls_register(void);
 
 int eap_peer_unauth_tls_register(void);
 
+int eap_peer_wfa_unauth_tls_register(void);
 
 int eap_peer_mschapv2_register(void);
 
 int eap_peer_peap_register(void);
 
 int eap_peer_ttls_register(void);

+ 59 - 0
src/eap_peer/eap_tls.c
View File 

@@ -98,6 +98,33 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
 
 #endif /* EAP_UNAUTH_TLS */
 
 
 
+#ifdef CONFIG_HS20
 
+static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
 
+{
 
+	struct eap_tls_data *data;
 
+	struct eap_peer_config *config = eap_get_config(sm);
 
+
 
+	data = os_zalloc(sizeof(*data));
 
+	if (data == NULL)
 
+		return NULL;
 
+
 
+	data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
 
+		sm->ssl_ctx;
 
+
 
+	if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
 
+				  EAP_WFA_UNAUTH_TLS_TYPE)) {
 
+		wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
 
+		eap_tls_deinit(sm, data);
 
+		return NULL;
 
+	}
 
+
 
+	data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
 
+
 
+	return data;
 
+}
 
+#endif /* CONFIG_HS20 */
 
+
 
+
 
 static void eap_tls_deinit(struct eap_sm *sm, void *priv)
 
 {
 
 	struct eap_tls_data *data = priv;
 
@@ -382,3 +409,35 @@ int eap_peer_unauth_tls_register(void)
 
 	return ret;
 
 }
 
 #endif /* EAP_UNAUTH_TLS */
 
+
 
+
 
+#ifdef CONFIG_HS20
 
+int eap_peer_wfa_unauth_tls_register(void)
 
+{
 
+	struct eap_method *eap;
 
+	int ret;
 
+
 
+	eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
 
+				    EAP_VENDOR_WFA_NEW,
 
+				    EAP_VENDOR_WFA_UNAUTH_TLS,
 
+				    "WFA-UNAUTH-TLS");
 
+	if (eap == NULL)
 
+		return -1;
 
+
 
+	eap->init = eap_wfa_unauth_tls_init;
 
+	eap->deinit = eap_tls_deinit;
 
+	eap->process = eap_tls_process;
 
+	eap->isKeyAvailable = eap_tls_isKeyAvailable;
 
+	eap->getKey = eap_tls_getKey;
 
+	eap->get_status = eap_tls_get_status;
 
+	eap->has_reauth_data = eap_tls_has_reauth_data;
 
+	eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
 
+	eap->init_for_reauth = eap_tls_init_for_reauth;
 
+	eap->get_emsk = eap_tls_get_emsk;
 
+
 
+	ret = eap_peer_method_register(eap);
 
+	if (ret)
 
+		eap_peer_method_free(eap);
 
+	return ret;
 
+}
 
+#endif /* CONFIG_HS20 */

+ 8 - 0
src/eap_peer/eap_tls_common.c
View File 

@@ -23,6 +23,10 @@ static struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
 
 		return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
 
 				     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
 
 				     code, identifier);
 
+	if (type == EAP_WFA_UNAUTH_TLS_TYPE)
 
+		return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
 
+				     EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
 
+				     code, identifier);
 
 	return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
 
 			     identifier);
 
 }
 
@@ -846,6 +850,10 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
 
 		pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
 
 				       EAP_VENDOR_TYPE_UNAUTH_TLS, reqData,
 
 				       &left);
 
+	else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
 
+		pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
 
+				       EAP_VENDOR_WFA_UNAUTH_TLS, reqData,
 
+				       &left);
 
 	else
 
 		pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData,
 
 				       &left);

+ 1 - 0
src/eap_peer/eap_tls_common.h
View File 

@@ -87,6 +87,7 @@ struct eap_ssl_data {
 
 
 /* dummy type used as a flag for UNAUTH-TLS */
 
 #define EAP_UNAUTH_TLS_TYPE 255
 
+#define EAP_WFA_UNAUTH_TLS_TYPE 254
 
 
 
 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,

+ 7 - 0
wpa_supplicant/eap_register.c
View File 

@@ -40,6 +40,13 @@ int eap_register_methods(void)
 
 		ret = eap_peer_unauth_tls_register();
 
 #endif /* EAP_UNAUTH_TLS */
 
 
+#ifdef EAP_TLS
 
+#ifdef CONFIG_HS20
 
+	if (ret == 0)
 
+		ret = eap_peer_wfa_unauth_tls_register();
 
+#endif /* CONFIG_HS20 */
 
+#endif /* EAP_TLS */
 
+
 
 #ifdef EAP_MSCHAPv2
 
 	if (ret == 0)
 
 		ret = eap_peer_mschapv2_register();