diff options
| author | Jouni Malinen <j@w1.fi> | 2014-01-05 12:17:08 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2014-01-07 08:45:11 (GMT) |
| commit | 5a0f596b7b758a98eeca947fd33410d4c9782b3c (patch) | |
| tree | 1d302cb6a16f596eadfa609080a68f01faa30f20 /src/eap_peer/eap_gpsk.c | |
| parent | 5f01c3c84a9c11c2b58c35a4e7264de43f524bc8 (diff) | |
| download | hostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.zip hostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.tar.gz hostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.tar.bz2 | |
EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_gpsk.c')
| -rw-r--r-- | src/eap_peer/eap_gpsk.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/eap_peer/eap_gpsk.c b/src/eap_peer/eap_gpsk.c index 8a0644d..6f7b23b 100644 --- a/src/eap_peer/eap_gpsk.c +++ b/src/eap_peer/eap_gpsk.c @@ -1,6 +1,6 @@ /* * EAP peer method: EAP-GPSK (RFC 5433) - * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi> + * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi> * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -33,6 +33,7 @@ struct eap_gpsk_data { int specifier; /* CSuite/Specifier */ u8 *psk; size_t psk_len; + u16 forced_cipher; /* force cipher or 0 to allow all supported */ }; @@ -80,6 +81,7 @@ static void * eap_gpsk_init(struct eap_sm *sm) struct eap_gpsk_data *data; const u8 *identity, *password; size_t identity_len, password_len; + const char *phase1; password = eap_get_config_password(sm, &password_len); if (password == NULL) { @@ -103,6 +105,18 @@ static void * eap_gpsk_init(struct eap_sm *sm) data->id_peer_len = identity_len; } + phase1 = eap_get_config_phase1(sm); + if (phase1) { + const char *pos; + + pos = os_strstr(phase1, "cipher="); + if (pos) { + data->forced_cipher = atoi(pos + 7); + wpa_printf(MSG_DEBUG, "EAP-GPSK: Forced cipher %u", + data->forced_cipher); + } + } + data->psk = os_malloc(password_len); if (data->psk == NULL) { eap_gpsk_deinit(sm, data); @@ -195,7 +209,9 @@ static int eap_gpsk_select_csuite(struct eap_sm *sm, i, vendor, specifier); if (data->vendor == EAP_GPSK_VENDOR_IETF && data->specifier == EAP_GPSK_CIPHER_RESERVED && - eap_gpsk_supported_ciphersuite(vendor, specifier)) { + eap_gpsk_supported_ciphersuite(vendor, specifier) && + (!data->forced_cipher || data->forced_cipher == specifier)) + { data->vendor = vendor; data->specifier = specifier; } |