aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2013-12-29 11:15:43 (GMT)
committerJouni Malinen <j@w1.fi>2013-12-29 15:18:17 (GMT)
commit069fb4712b8c718cbee4c37f3e5d618885cda3bc (patch)
treeae541968d222a6c912aa2593a08c8aee12db7d8a /src
parent18030dc033d19ca092b60e9d85d7f4cff518de4a (diff)
downloadhostap-069fb4712b8c718cbee4c37f3e5d618885cda3bc.zip
hostap-069fb4712b8c718cbee4c37f3e5d618885cda3bc.tar.gz
hostap-069fb4712b8c718cbee4c37f3e5d618885cda3bc.tar.bz2
EAP-EKE: Allow forced algorithm selection to be configured
phase1 parameters dhgroup, encr, prf, and mac can now be used to specify which algorithm proposal is selected, e.g., with phase1="dhgroup=3 encr=1 prf=1 mac=1" selecting the mandatory-to-implement case. This is mainly for testing purposes, but can also be used to enforce stronger algorithms to be used. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/eap_peer/eap_eke.c50
1 files changed, 46 insertions, 4 deletions
diff --git a/src/eap_peer/eap_eke.c b/src/eap_peer/eap_eke.c
index c71db5f..864ea1d 100644
--- a/src/eap_peer/eap_eke.c
+++ b/src/eap_peer/eap_eke.c
@@ -28,6 +28,10 @@ struct eap_eke_data {
u8 nonce_p[EAP_EKE_MAX_NONCE_LEN];
u8 nonce_s[EAP_EKE_MAX_NONCE_LEN];
struct wpabuf *msgs;
+ u8 dhgroup; /* forced DH group or 0 to allow all supported */
+ u8 encr; /* forced encryption algorithm or 0 to allow all supported */
+ u8 prf; /* forced PRF or 0 to allow all supported */
+ u8 mac; /* forced MAC or 0 to allow all supported */
};
@@ -66,6 +70,7 @@ static void * eap_eke_init(struct eap_sm *sm)
struct eap_eke_data *data;
const u8 *identity, *password;
size_t identity_len, password_len;
+ const char *phase1;
password = eap_get_config_password(sm, &password_len);
if (!password) {
@@ -89,6 +94,39 @@ static void * eap_eke_init(struct eap_sm *sm)
data->peerid_len = identity_len;
}
+ phase1 = eap_get_config_phase1(sm);
+ if (phase1) {
+ const char *pos;
+
+ pos = os_strstr(phase1, "dhgroup=");
+ if (pos) {
+ data->dhgroup = atoi(pos + 8);
+ wpa_printf(MSG_DEBUG, "EAP-EKE: Forced dhgroup %u",
+ data->dhgroup);
+ }
+
+ pos = os_strstr(phase1, "encr=");
+ if (pos) {
+ data->encr = atoi(pos + 5);
+ wpa_printf(MSG_DEBUG, "EAP-EKE: Forced encr %u",
+ data->encr);
+ }
+
+ pos = os_strstr(phase1, "prf=");
+ if (pos) {
+ data->prf = atoi(pos + 4);
+ wpa_printf(MSG_DEBUG, "EAP-EKE: Forced prf %u",
+ data->prf);
+ }
+
+ pos = os_strstr(phase1, "mac=");
+ if (pos) {
+ data->mac = atoi(pos + 4);
+ wpa_printf(MSG_DEBUG, "EAP-EKE: Forced mac %u",
+ data->mac);
+ }
+ }
+
return data;
}
@@ -226,16 +264,20 @@ static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data,
i, pos[0], pos[1], pos[2], pos[3]);
pos += 4;
- if (!eap_eke_supp_dhgroup(*tmp))
+ if ((data->dhgroup && data->dhgroup != *tmp) ||
+ !eap_eke_supp_dhgroup(*tmp))
continue;
tmp++;
- if (!eap_eke_supp_encr(*tmp))
+ if ((data->encr && data->encr != *tmp) ||
+ !eap_eke_supp_encr(*tmp))
continue;
tmp++;
- if (!eap_eke_supp_prf(*tmp))
+ if ((data->prf && data->prf != *tmp) ||
+ !eap_eke_supp_prf(*tmp))
continue;
tmp++;
- if (!eap_eke_supp_mac(*tmp))
+ if ((data->mac && data->mac != *tmp) ||
+ !eap_eke_supp_mac(*tmp))
continue;
prop = tmp - 3;