aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_gpsk.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-01-05 12:17:08 (GMT)
committerJouni Malinen <j@w1.fi>2014-01-07 08:45:11 (GMT)
commit5a0f596b7b758a98eeca947fd33410d4c9782b3c (patch)
tree1d302cb6a16f596eadfa609080a68f01faa30f20 /src/eap_peer/eap_gpsk.c
parent5f01c3c84a9c11c2b58c35a4e7264de43f524bc8 (diff)
downloadhostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.zip
hostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.tar.gz
hostap-5a0f596b7b758a98eeca947fd33410d4c9782b3c.tar.bz2
EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm proposal is selected, e.g., with phase1="cipher=1" selecting AES-based design and cipher=2 SHA256-based. This is mainly for testing purposes, but can also be used to enforce stronger algorithms to be used. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_gpsk.c')
-rw-r--r--src/eap_peer/eap_gpsk.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/eap_peer/eap_gpsk.c b/src/eap_peer/eap_gpsk.c
index 8a0644d..6f7b23b 100644
--- a/src/eap_peer/eap_gpsk.c
+++ b/src/eap_peer/eap_gpsk.c
@@ -1,6 +1,6 @@
/*
* EAP peer method: EAP-GPSK (RFC 5433)
- * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -33,6 +33,7 @@ struct eap_gpsk_data {
int specifier; /* CSuite/Specifier */
u8 *psk;
size_t psk_len;
+ u16 forced_cipher; /* force cipher or 0 to allow all supported */
};
@@ -80,6 +81,7 @@ static void * eap_gpsk_init(struct eap_sm *sm)
struct eap_gpsk_data *data;
const u8 *identity, *password;
size_t identity_len, password_len;
+ const char *phase1;
password = eap_get_config_password(sm, &password_len);
if (password == NULL) {
@@ -103,6 +105,18 @@ static void * eap_gpsk_init(struct eap_sm *sm)
data->id_peer_len = identity_len;
}
+ phase1 = eap_get_config_phase1(sm);
+ if (phase1) {
+ const char *pos;
+
+ pos = os_strstr(phase1, "cipher=");
+ if (pos) {
+ data->forced_cipher = atoi(pos + 7);
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Forced cipher %u",
+ data->forced_cipher);
+ }
+ }
+
data->psk = os_malloc(password_len);
if (data->psk == NULL) {
eap_gpsk_deinit(sm, data);
@@ -195,7 +209,9 @@ static int eap_gpsk_select_csuite(struct eap_sm *sm,
i, vendor, specifier);
if (data->vendor == EAP_GPSK_VENDOR_IETF &&
data->specifier == EAP_GPSK_CIPHER_RESERVED &&
- eap_gpsk_supported_ciphersuite(vendor, specifier)) {
+ eap_gpsk_supported_ciphersuite(vendor, specifier) &&
+ (!data->forced_cipher || data->forced_cipher == specifier))
+ {
data->vendor = vendor;
data->specifier = specifier;
}