aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorCarolin Latze <carolin.latze@unifr.ch>2008-11-18 14:53:32 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-18 14:53:32 (GMT)
commit98842d51ec1d4c6b124774b2c2fdaa6b312a1dc0 (patch)
tree1d2e93d192679298449470070b73dd3850d1cb7c /src/eap_peer
parent9ef21b2fef7d32ee55d7ef00b867ea08dcf05cfb (diff)
downloadhostap-06-98842d51ec1d4c6b124774b2c2fdaa6b312a1dc0.zip
hostap-06-98842d51ec1d4c6b124774b2c2fdaa6b312a1dc0.tar.gz
hostap-06-98842d51ec1d4c6b124774b2c2fdaa6b312a1dc0.tar.bz2
Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you only defined one engine variable, which was read already in phase1. I defined some new variables: engine2 engine2_id pin2 and added support to read those in phase2 wheres all the engine variables without number are only read in phase1. That solved it and I am now able to use an engine also in EAP-TTLS phase2.
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_config.h41
-rw-r--r--src/eap_peer/eap_tls.c3
-rw-r--r--src/eap_peer/eap_tls_common.c14
3 files changed, 52 insertions, 6 deletions
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index 3fd3783..bd526ff 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -409,6 +409,47 @@ struct eap_peer_config {
char *engine_id;
/**
+ * engine2 - Enable OpenSSL engine (e.g., for smartcard) (Phase 2)
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ *
+ * This field is like engine, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ int engine2;
+
+
+ /**
+ * pin2 - PIN for USIM, GSM SIM, and smartcards (Phase 2)
+ *
+ * This field is used to configure PIN for SIM and smartcards for
+ * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a
+ * smartcard is used for private key operations.
+ *
+ * This field is like pin2, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ *
+ * If left out, this will be asked through control interface.
+ */
+ char *pin2;
+
+ /**
+ * engine2_id - Engine ID for OpenSSL engine (Phase 2)
+ *
+ * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11
+ * engine.
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ *
+ * This field is like engine_id, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ char *engine2_id;
+
+
+ /**
* key_id - Key ID for OpenSSL engine
*
* This is used if private key operations for EAP-TLS are performed
diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index 6929468..31344a9 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -36,7 +36,8 @@ static void * eap_tls_init(struct eap_sm *sm)
struct eap_peer_config *config = eap_get_config(sm);
if (config == NULL ||
((sm->init_phase2 ? config->private_key2 : config->private_key)
- == NULL && config->engine == 0)) {
+ == NULL &&
+ (sm->init_phase2 ? config->engine2 : config->engine) == 0)) {
wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
return NULL;
}
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index d2a494b..9ff4eed 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -56,6 +56,7 @@ static void eap_tls_params_from_conf1(struct tls_connection_params *params,
params->dh_file = (char *) config->dh_file;
params->subject_match = (char *) config->subject_match;
params->altsubject_match = (char *) config->altsubject_match;
+ params->engine = config->engine;
params->engine_id = config->engine_id;
params->pin = config->pin;
params->key_id = config->key_id;
@@ -75,8 +76,9 @@ static void eap_tls_params_from_conf2(struct tls_connection_params *params,
params->dh_file = (char *) config->dh_file2;
params->subject_match = (char *) config->subject_match2;
params->altsubject_match = (char *) config->altsubject_match2;
- params->engine_id = config->engine_id;
- params->pin = config->pin;
+ params->engine = config->engine2;
+ params->engine_id = config->engine2_id;
+ params->pin = config->pin2;
params->key_id = config->key2_id;
params->cert_id = config->cert2_id;
params->ca_cert_id = config->ca_cert2_id;
@@ -89,11 +91,13 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
struct eap_peer_config *config, int phase2)
{
os_memset(params, 0, sizeof(*params));
- params->engine = config->engine;
- if (phase2)
+ if (phase2) {
+ wpa_printf(MSG_DEBUG, "TLS: using phase2 config options");
eap_tls_params_from_conf2(params, config);
- else
+ } else {
+ wpa_printf(MSG_DEBUG, "TLS: using phase1 config options");
eap_tls_params_from_conf1(params, config);
+ }
params->tls_ia = data->tls_ia;
/*