aboutsummaryrefslogtreecommitdiffstats
path: root/src/eapol_auth/eapol_auth_sm.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-11-29 19:28:24 (GMT)
committerJouni Malinen <j@w1.fi>2014-12-04 10:16:27 (GMT)
commitd3bddd8b84dc345f7aa0c20536f45a68e0a5ba85 (patch)
treef0c4554d3333a842697020f28d1b0c98929f2bec /src/eapol_auth/eapol_auth_sm.c
parente2ee327b191d2c64c31f3f535cc42e955fb084a4 (diff)
downloadhostap-d3bddd8b84dc345f7aa0c20536f45a68e0a5ba85.zip
hostap-d3bddd8b84dc345f7aa0c20536f45a68e0a5ba85.tar.gz
hostap-d3bddd8b84dc345f7aa0c20536f45a68e0a5ba85.tar.bz2
ERP: Add support for ERP on EAP server and authenticator
Derive rRK and rIK on EAP server if ERP is enabled and use these keys to allow EAP re-authentication to be used and to derive rMSK. The new hostapd configuration parameter eap_server_erp=1 can now be used to configure the integrated EAP server to derive EMSK, rRK, and rIK at the successful completion of an EAP authentication method. This functionality is not included in the default build and can be enabled with CONFIG_ERP=y. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eapol_auth/eapol_auth_sm.c')
-rw-r--r--src/eapol_auth/eapol_auth_sm.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 088e9d3..0df6eb5 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -834,6 +834,7 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1;
eap_conf.server_id = eapol->conf.server_id;
eap_conf.server_id_len = eapol->conf.server_id_len;
+ eap_conf.erp = eapol->conf.erp;
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
if (sm->eap == NULL) {
eapol_auth_free(sm);
@@ -1040,6 +1041,21 @@ static const char * eapol_sm_get_erp_domain(void *ctx)
}
+static struct eap_server_erp_key * eapol_sm_erp_get_key(void *ctx,
+ const char *keyname)
+{
+ struct eapol_state_machine *sm = ctx;
+ return sm->eapol->cb.erp_get_key(sm->eapol->conf.ctx, keyname);
+}
+
+
+static int eapol_sm_erp_add_key(void *ctx, struct eap_server_erp_key *erp)
+{
+ struct eapol_state_machine *sm = ctx;
+ return sm->eapol->cb.erp_add_key(sm->eapol->conf.ctx, erp);
+}
+
+
static struct eapol_callbacks eapol_cb =
{
eapol_sm_get_eap_user,
@@ -1047,6 +1063,8 @@ static struct eapol_callbacks eapol_cb =
NULL,
eapol_sm_get_erp_send_reauth_start,
eapol_sm_get_erp_domain,
+ eapol_sm_erp_get_key,
+ eapol_sm_erp_add_key,
};
@@ -1129,6 +1147,7 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
dst->erp_domain = NULL;
}
dst->erp_send_reauth_start = src->erp_send_reauth_start;
+ dst->erp = src->erp;
return 0;
@@ -1183,6 +1202,8 @@ struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
eapol->cb.abort_auth = cb->abort_auth;
eapol->cb.tx_key = cb->tx_key;
eapol->cb.eapol_event = cb->eapol_event;
+ eapol->cb.erp_get_key = cb->erp_get_key;
+ eapol->cb.erp_add_key = cb->erp_add_key;
/* Acct-Multi-Session-Id should be unique over reboots. If reliable
* clock is not available, this could be replaced with reboot counter,