aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-09-09 20:39:48 (GMT)
committerJouni Malinen <j@w1.fi>2016-10-22 15:25:50 (GMT)
commitc28767e11cab40dfe306915c0a28eb796a8377d1 (patch)
tree754dbbd556ac425c04c8296da55ec330c5c89e13 /src/eap_peer
parent5b092fb63f71cbad07173138474de1d66cfc6745 (diff)
downloadhostap-c28767e11cab40dfe306915c0a28eb796a8377d1.zip
hostap-c28767e11cab40dfe306915c0a28eb796a8377d1.tar.gz
hostap-c28767e11cab40dfe306915c0a28eb796a8377d1.tar.bz2
ERP: Make eap_peer_erp_reauth_start() available
This needs to be callable through the EAPOL supplicant wrappers to allow FILS implementation to use ERP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap.c29
-rw-r--r--src/eap_peer/eap.h1
2 files changed, 23 insertions, 7 deletions
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 9af1fff..c479220 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -571,7 +571,7 @@ fail:
#ifdef CONFIG_ERP
-static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
+struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
{
char *realm;
struct eap_erp_key *erp;
@@ -580,16 +580,16 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
realm = eap_home_realm(sm);
if (!realm)
- return -1;
+ return NULL;
erp = eap_erp_get_key(sm, realm);
os_free(realm);
realm = NULL;
if (!erp)
- return -1;
+ return NULL;
if (erp->next_seq >= 65536)
- return -1; /* SEQ has range of 0..65535 */
+ return NULL; /* SEQ has range of 0..65535 */
/* TODO: check rRK lifetime expiration */
@@ -600,7 +600,7 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16,
EAP_CODE_INITIATE, eap_id);
if (msg == NULL)
- return -1;
+ return NULL;
wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */
wpabuf_put_be16(msg, erp->next_seq);
@@ -614,13 +614,28 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
if (hmac_sha256(erp->rIK, erp->rIK_len,
wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
wpabuf_free(msg);
- return -1;
+ return NULL;
}
wpabuf_put_data(msg, hash, 16);
- wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
sm->erp_seq = erp->next_seq;
erp->next_seq++;
+
+ wpa_hexdump_buf(MSG_DEBUG, "ERP: EAP-Initiate/Re-auth", msg);
+
+ return msg;
+}
+
+
+static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
+{
+ struct wpabuf *msg;
+
+ msg = eap_peer_build_erp_reauth_start(sm, eap_id);
+ if (!msg)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
wpabuf_free(sm->eapRespData);
sm->eapRespData = msg;
sm->reauthInit = TRUE;
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 1a645af..3c68855 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -348,6 +348,7 @@ void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
int eap_peer_was_failure_expected(struct eap_sm *sm);
void eap_peer_erp_free_keys(struct eap_sm *sm);
+struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id);
#endif /* IEEE8021X_EAPOL */