aboutsummaryrefslogtreecommitdiffstats
path: root/eap_example
diff options
context:
space:
mode:
Diffstat (limited to 'eap_example')
-rw-r--r--eap_example/.gitignore4
-rw-r--r--eap_example/Makefile152
-rw-r--r--eap_example/README42
-rw-r--r--eap_example/ca.pem19
-rw-r--r--eap_example/eap_example.c49
-rw-r--r--eap_example/eap_example_peer.c372
-rw-r--r--eap_example/eap_example_server.c295
-rw-r--r--eap_example/server-key.pem15
-rw-r--r--eap_example/server.keybin608 -> 0 bytes
-rw-r--r--eap_example/server.pem18
10 files changed, 0 insertions, 966 deletions
diff --git a/eap_example/.gitignore b/eap_example/.gitignore
deleted file mode 100644
index 4d6d2d1..0000000
--- a/eap_example/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.d
-eap_example
-libeap.so
-libeap.a
diff --git a/eap_example/Makefile b/eap_example/Makefile
deleted file mode 100644
index 0cc19bd..0000000
--- a/eap_example/Makefile
+++ /dev/null
@@ -1,152 +0,0 @@
-ALL=eap_example
-
-all: $(ALL)
-
-ifndef CC
-CC=gcc
-endif
-
-ifndef RANLIB
-RANLIB=ranlib
-endif
-
-ifndef CFLAGS
-CFLAGS = -MMD -O2 -Wall -g
-endif
-
-
-CFLAGS += -I.
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
-
-
-OBJS_both += ../src/utils/libutils.a
-OBJS_both += ../src/crypto/libcrypto.a
-OBJS_both += ../src/tls/libtls.a
-
-OBJS_both += ../src/eap_common/eap_peap_common.o
-OBJS_both += ../src/eap_common/eap_psk_common.o
-OBJS_both += ../src/eap_common/eap_pax_common.o
-OBJS_both += ../src/eap_common/eap_sake_common.o
-OBJS_both += ../src/eap_common/eap_gpsk_common.o
-OBJS_both += ../src/eap_common/chap.o
-
-OBJS_peer += ../src/eap_peer/eap_tls.o
-OBJS_peer += ../src/eap_peer/eap_peap.o
-OBJS_peer += ../src/eap_peer/eap_ttls.o
-OBJS_peer += ../src/eap_peer/eap_md5.o
-OBJS_peer += ../src/eap_peer/eap_mschapv2.o
-OBJS_peer += ../src/eap_peer/mschapv2.o
-OBJS_peer += ../src/eap_peer/eap_otp.o
-OBJS_peer += ../src/eap_peer/eap_gtc.o
-OBJS_peer += ../src/eap_peer/eap_leap.o
-OBJS_peer += ../src/eap_peer/eap_psk.o
-OBJS_peer += ../src/eap_peer/eap_pax.o
-OBJS_peer += ../src/eap_peer/eap_sake.o
-OBJS_peer += ../src/eap_peer/eap_gpsk.o
-OBJS_peer += ../src/eap_peer/eap.o
-OBJS_peer += ../src/eap_common/eap_common.o
-OBJS_peer += ../src/eap_peer/eap_methods.o
-OBJS_peer += ../src/eap_peer/eap_tls_common.o
-
-CFLAGS += -DEAP_TLS
-CFLAGS += -DEAP_PEAP
-CFLAGS += -DEAP_TTLS
-CFLAGS += -DEAP_MD5
-CFLAGS += -DEAP_MSCHAPv2
-CFLAGS += -DEAP_GTC
-CFLAGS += -DEAP_OTP
-CFLAGS += -DEAP_LEAP
-CFLAGS += -DEAP_PSK
-CFLAGS += -DEAP_PAX
-CFLAGS += -DEAP_SAKE
-CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256
-
-CFLAGS += -DEAP_SERVER_IDENTITY
-CFLAGS += -DEAP_SERVER_TLS
-CFLAGS += -DEAP_SERVER_PEAP
-CFLAGS += -DEAP_SERVER_TTLS
-CFLAGS += -DEAP_SERVER_MD5
-CFLAGS += -DEAP_SERVER_MSCHAPV2
-CFLAGS += -DEAP_SERVER_GTC
-CFLAGS += -DEAP_SERVER_PSK
-CFLAGS += -DEAP_SERVER_PAX
-CFLAGS += -DEAP_SERVER_SAKE
-CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256
-
-CFLAGS += -DIEEE8021X_EAPOL
-
-
-# Optional components to add EAP server support
-OBJS_server += ../src/eap_server/eap_server_tls.o
-OBJS_server += ../src/eap_server/eap_server_peap.o
-OBJS_server += ../src/eap_server/eap_server_ttls.o
-OBJS_server += ../src/eap_server/eap_server_md5.o
-OBJS_server += ../src/eap_server/eap_server_mschapv2.o
-OBJS_server += ../src/eap_server/eap_server_gtc.o
-OBJS_server += ../src/eap_server/eap_server_psk.o
-OBJS_server += ../src/eap_server/eap_server_pax.o
-OBJS_server += ../src/eap_server/eap_server_sake.o
-OBJS_server += ../src/eap_server/eap_server_gpsk.o
-OBJS_server += ../src/eap_server/eap_server.o
-OBJS_server += ../src/eap_server/eap_server_identity.o
-OBJS_server += ../src/eap_server/eap_server_methods.o
-OBJS_server += ../src/eap_server/eap_server_tls_common.o
-CFLAGS += -DEAP_SERVER
-
-
-ifndef LDO
-LDO=$(CC)
-endif
-
-Q=@
-E=echo
-ifeq ($(V), 1)
-Q=
-E=true
-endif
-
-%.o: %.c
- $(Q)$(CC) -c -o $@ $(CFLAGS) $<
- @$(E) " CC " $<
-
-
-OBJS_lib=$(OBJS_both) $(OBJS_peer) $(OBJS_server)
-
-OBJS_ex = eap_example.o eap_example_peer.o eap_example_server.o
-
-
-../src/utils/libutils.a:
- $(MAKE) -C ../src/utils
-
-../src/crypto/libcrypto.a:
- $(MAKE) -C ../src/crypto
-
-../src/tls/libtls.a:
- $(MAKE) -C ../src/tls
-
-
-ifneq ($(CONFIG_SOLIB), yes)
-LIBEAP = libeap.a
-libeap.a: $(OBJS_lib)
- $(AR) crT libeap.a $(OBJS_lib)
- $(RANLIB) libeap.a
-
-else
-CFLAGS += -fPIC -DPIC
-LDFLAGS += -shared
-
-LIBEAP = libeap.so
-libeap.so: $(OBJS_lib)
- $(LDO) $(LDFLAGS) $(OBJS_lib) -o $(LIBEAP)
-
-endif
-
-eap_example: $(OBJS_ex) $(LIBEAP)
- $(LDO) $(LDFLAGS) -o eap_example $(OBJS_ex) -L. -leap $(LIBS)
-
-clean:
- $(MAKE) -C ../src clean
- rm -f core *~ *.o *.d libeap.a libeap.so $(ALL)
-
--include $(OBJS:%.o=%.d)
diff --git a/eap_example/README b/eap_example/README
deleted file mode 100644
index 0c2921e..0000000
--- a/eap_example/README
+++ /dev/null
@@ -1,42 +0,0 @@
-EAP peer/server library and example program
-Copyright (c) 2007, Jouni Malinen <j@w1.fi>
-
-This software may be distributed under the terms of the BSD license.
-See the parent directory README for more details.
-
-
-The interfaces of the EAP server/peer implementation are based on RFC
-4137 (EAP State Machines). This RFC is coordinated with the state
-machines defined in IEEE 802.1X-2004. hostapd and wpa_supplicant
-include implementation of the IEEE 802.1X EAPOL state machines and the
-interface between them and EAP. However, the EAP implementation can be
-used with other protocols, too, by providing a compatible interface
-which maps the EAPOL<->EAP variables to another protocol.
-
-This directory contains an example showing how EAP peer and server
-code from wpa_supplicant and hostapd can be used as a library. The
-example program initializes both an EAP server and an EAP peer
-entities and then runs through an EAP-PEAP/MSCHAPv2 authentication.
-
-eap_example_peer.c shows the initialization and glue code needed to
-control the EAP peer implementation. eap_example_server.c does the
-same for EAP server. eap_example.c is an example that ties in both the
-EAP server and client parts to allow an EAP authentication to be
-shown.
-
-In this example, the EAP messages are passed between the server and
-the peer are passed by direct function calls within the same process.
-In practice, server and peer functionalities would likely reside in
-separate devices and the EAP messages would be transmitted between the
-devices based on an external protocol. For example, in IEEE 802.11
-uses IEEE 802.1X EAPOL state machines to control the transmission of
-EAP messages and WiMax supports optional PMK EAP authentication
-mechanism that transmits EAP messages as defined in IEEE 802.16e.
-
-
-The EAP library links in number of helper functions from src/utils and
-src/crypto directories. Most of these are suitable as-is, but it may
-be desirable to replace the debug output code in src/utils/wpa_debug.c
-by dropping this file from the library and re-implementing the
-functions there in a way that better fits in with the main
-application.
diff --git a/eap_example/ca.pem b/eap_example/ca.pem
deleted file mode 100644
index bfae1cc..0000000
--- a/eap_example/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBzCCAnCgAwIBAgIJAIb4NS4TdLXUMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ4wDAYDVQQKEwV3MS5maTEQMA4G
-A1UEAxMHVGVzdCBDQTEbMBkGCSqGSIb3DQEJARYMdGVzdGNhQHcxLmZpMB4XDTA3
-MTIwOTAzMTQzN1oXDTE3MTIwNjAzMTQzN1owYTELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCkNhbGlmb3JuaWExDjAMBgNVBAoTBXcxLmZpMRAwDgYDVQQDEwdUZXN0IENB
-MRswGQYJKoZIhvcNAQkBFgx0ZXN0Y2FAdzEuZmkwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAO6GoecRclnILh9FTvqnY/yUZmeJDgC+3/PQiicpMDhAzCkWAmi+
-a1LSnqakNN/GdCy3q053TFLFEzhEHkhhRwY/zzj2vZIcFZESoUhr67CzCpcPmTGa
-AfOzsGPjaH6xYcaOR4RZMfXd/EKfAauHxj3LuCusLL5hK/FwxWhQJNJrAgMBAAGj
-gcYwgcMwHQYDVR0OBBYEFKhJuSLJ6JhcB/dRgB8j0h9mOlpKMIGTBgNVHSMEgYsw
-gYiAFKhJuSLJ6JhcB/dRgB8j0h9mOlpKoWWkYzBhMQswCQYDVQQGEwJVUzETMBEG
-A1UECBMKQ2FsaWZvcm5pYTEOMAwGA1UEChMFdzEuZmkxEDAOBgNVBAMTB1Rlc3Qg
-Q0ExGzAZBgkqhkiG9w0BCQEWDHRlc3RjYUB3MS5maYIJAIb4NS4TdLXUMAwGA1Ud
-EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuU+5Uerq+n8WgiIsiANT3wUoGe2Y
-cnoQi2nVjUHrivgMDufH0tgh1AVfc3wVNNREdGC136qr1KBNqalQx2rKZ76xeNqW
-sQa2LIC2wE7Q7LJsltUcUjPyZHGUhBqWjKsCvlonfNB6JHkEayTEvVvyupgzTsxW
-QuuRdZ0sNv/S8VI=
------END CERTIFICATE-----
diff --git a/eap_example/eap_example.c b/eap_example/eap_example.c
deleted file mode 100644
index 68f3c00..0000000
--- a/eap_example/eap_example.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Example application showing how EAP peer and server code from
- * wpa_supplicant/hostapd can be used as a library. This example program
- * initializes both an EAP server and an EAP peer entities and then runs
- * through an EAP-PEAP/MSCHAPv2 authentication.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-
-
-int eap_example_peer_init(void);
-void eap_example_peer_deinit(void);
-int eap_example_peer_step(void);
-
-int eap_example_server_init(void);
-void eap_example_server_deinit(void);
-int eap_example_server_step(void);
-
-
-extern int wpa_debug_level;
-
-int main(int argc, char *argv[])
-{
- int res_s, res_p;
-
- wpa_debug_level = 0;
-
- if (eap_example_peer_init() < 0 ||
- eap_example_server_init() < 0)
- return -1;
-
- do {
- printf("---[ server ]--------------------------------\n");
- res_s = eap_example_server_step();
- printf("---[ peer ]----------------------------------\n");
- res_p = eap_example_peer_step();
- } while (res_s || res_p);
-
- eap_example_peer_deinit();
- eap_example_server_deinit();
-
- return 0;
-}
diff --git a/eap_example/eap_example_peer.c b/eap_example/eap_example_peer.c
deleted file mode 100644
index bfeafa0..0000000
--- a/eap_example/eap_example_peer.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/*
- * Example application showing how EAP peer code from wpa_supplicant can be
- * used as a library.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eap_peer/eap.h"
-#include "eap_peer/eap_config.h"
-#include "wpabuf.h"
-
-void eap_example_server_rx(const u8 *data, size_t data_len);
-
-
-struct eap_peer_ctx {
- Boolean eapSuccess;
- Boolean eapRestart;
- Boolean eapFail;
- Boolean eapResp;
- Boolean eapNoResp;
- Boolean eapReq;
- Boolean portEnabled;
- Boolean altAccept; /* for EAP */
- Boolean altReject; /* for EAP */
-
- struct wpabuf *eapReqData; /* for EAP */
-
- unsigned int idleWhile; /* for EAP state machine */
-
- struct eap_peer_config eap_config;
- struct eap_sm *eap;
-};
-
-
-static struct eap_peer_ctx eap_ctx;
-
-
-static struct eap_peer_config * peer_get_config(void *ctx)
-{
- struct eap_peer_ctx *peer = ctx;
- return &peer->eap_config;
-}
-
-
-static Boolean peer_get_bool(void *ctx, enum eapol_bool_var variable)
-{
- struct eap_peer_ctx *peer = ctx;
- if (peer == NULL)
- return FALSE;
- switch (variable) {
- case EAPOL_eapSuccess:
- return peer->eapSuccess;
- case EAPOL_eapRestart:
- return peer->eapRestart;
- case EAPOL_eapFail:
- return peer->eapFail;
- case EAPOL_eapResp:
- return peer->eapResp;
- case EAPOL_eapNoResp:
- return peer->eapNoResp;
- case EAPOL_eapReq:
- return peer->eapReq;
- case EAPOL_portEnabled:
- return peer->portEnabled;
- case EAPOL_altAccept:
- return peer->altAccept;
- case EAPOL_altReject:
- return peer->altReject;
- }
- return FALSE;
-}
-
-
-static void peer_set_bool(void *ctx, enum eapol_bool_var variable,
- Boolean value)
-{
- struct eap_peer_ctx *peer = ctx;
- if (peer == NULL)
- return;
- switch (variable) {
- case EAPOL_eapSuccess:
- peer->eapSuccess = value;
- break;
- case EAPOL_eapRestart:
- peer->eapRestart = value;
- break;
- case EAPOL_eapFail:
- peer->eapFail = value;
- break;
- case EAPOL_eapResp:
- peer->eapResp = value;
- break;
- case EAPOL_eapNoResp:
- peer->eapNoResp = value;
- break;
- case EAPOL_eapReq:
- peer->eapReq = value;
- break;
- case EAPOL_portEnabled:
- peer->portEnabled = value;
- break;
- case EAPOL_altAccept:
- peer->altAccept = value;
- break;
- case EAPOL_altReject:
- peer->altReject = value;
- break;
- }
-}
-
-
-static unsigned int peer_get_int(void *ctx, enum eapol_int_var variable)
-{
- struct eap_peer_ctx *peer = ctx;
- if (peer == NULL)
- return 0;
- switch (variable) {
- case EAPOL_idleWhile:
- return peer->idleWhile;
- }
- return 0;
-}
-
-
-static void peer_set_int(void *ctx, enum eapol_int_var variable,
- unsigned int value)
-{
- struct eap_peer_ctx *peer = ctx;
- if (peer == NULL)
- return;
- switch (variable) {
- case EAPOL_idleWhile:
- peer->idleWhile = value;
- break;
- }
-}
-
-
-static struct wpabuf * peer_get_eapReqData(void *ctx)
-{
- struct eap_peer_ctx *peer = ctx;
- if (peer == NULL || peer->eapReqData == NULL)
- return NULL;
-
- return peer->eapReqData;
-}
-
-
-static void peer_set_config_blob(void *ctx, struct wpa_config_blob *blob)
-{
- printf("TODO: %s\n", __func__);
-}
-
-
-static const struct wpa_config_blob *
-peer_get_config_blob(void *ctx, const char *name)
-{
- printf("TODO: %s\n", __func__);
- return NULL;
-}
-
-
-static void peer_notify_pending(void *ctx)
-{
- printf("TODO: %s\n", __func__);
-}
-
-
-static int eap_peer_register_methods(void)
-{
- int ret = 0;
-
-#ifdef EAP_MD5
- if (ret == 0)
- ret = eap_peer_md5_register();
-#endif /* EAP_MD5 */
-
-#ifdef EAP_TLS
- if (ret == 0)
- ret = eap_peer_tls_register();
-#endif /* EAP_TLS */
-
-#ifdef EAP_MSCHAPv2
- if (ret == 0)
- ret = eap_peer_mschapv2_register();
-#endif /* EAP_MSCHAPv2 */
-
-#ifdef EAP_PEAP
- if (ret == 0)
- ret = eap_peer_peap_register();
-#endif /* EAP_PEAP */
-
-#ifdef EAP_TTLS
- if (ret == 0)
- ret = eap_peer_ttls_register();
-#endif /* EAP_TTLS */
-
-#ifdef EAP_GTC
- if (ret == 0)
- ret = eap_peer_gtc_register();
-#endif /* EAP_GTC */
-
-#ifdef EAP_OTP
- if (ret == 0)
- ret = eap_peer_otp_register();
-#endif /* EAP_OTP */
-
-#ifdef EAP_SIM
- if (ret == 0)
- ret = eap_peer_sim_register();
-#endif /* EAP_SIM */
-
-#ifdef EAP_LEAP
- if (ret == 0)
- ret = eap_peer_leap_register();
-#endif /* EAP_LEAP */
-
-#ifdef EAP_PSK
- if (ret == 0)
- ret = eap_peer_psk_register();
-#endif /* EAP_PSK */
-
-#ifdef EAP_AKA
- if (ret == 0)
- ret = eap_peer_aka_register();
-#endif /* EAP_AKA */
-
-#ifdef EAP_AKA_PRIME
- if (ret == 0)
- ret = eap_peer_aka_prime_register();
-#endif /* EAP_AKA_PRIME */
-
-#ifdef EAP_FAST
- if (ret == 0)
- ret = eap_peer_fast_register();
-#endif /* EAP_FAST */
-
-#ifdef EAP_PAX
- if (ret == 0)
- ret = eap_peer_pax_register();
-#endif /* EAP_PAX */
-
-#ifdef EAP_SAKE
- if (ret == 0)
- ret = eap_peer_sake_register();
-#endif /* EAP_SAKE */
-
-#ifdef EAP_GPSK
- if (ret == 0)
- ret = eap_peer_gpsk_register();
-#endif /* EAP_GPSK */
-
-#ifdef EAP_WSC
- if (ret == 0)
- ret = eap_peer_wsc_register();
-#endif /* EAP_WSC */
-
-#ifdef EAP_IKEV2
- if (ret == 0)
- ret = eap_peer_ikev2_register();
-#endif /* EAP_IKEV2 */
-
-#ifdef EAP_VENDOR_TEST
- if (ret == 0)
- ret = eap_peer_vendor_test_register();
-#endif /* EAP_VENDOR_TEST */
-
-#ifdef EAP_TNC
- if (ret == 0)
- ret = eap_peer_tnc_register();
-#endif /* EAP_TNC */
-
- return ret;
-}
-
-
-static struct eapol_callbacks eap_cb;
-static struct eap_config eap_conf;
-
-int eap_example_peer_init(void)
-{
- if (eap_peer_register_methods() < 0)
- return -1;
-
- os_memset(&eap_ctx, 0, sizeof(eap_ctx));
-
- eap_ctx.eap_config.identity = (u8 *) os_strdup("user");
- eap_ctx.eap_config.identity_len = 4;
- eap_ctx.eap_config.password = (u8 *) os_strdup("password");
- eap_ctx.eap_config.password_len = 8;
- eap_ctx.eap_config.ca_cert = (u8 *) os_strdup("ca.pem");
- eap_ctx.eap_config.fragment_size = 1398;
-
- os_memset(&eap_cb, 0, sizeof(eap_cb));
- eap_cb.get_config = peer_get_config;
- eap_cb.get_bool = peer_get_bool;
- eap_cb.set_bool = peer_set_bool;
- eap_cb.get_int = peer_get_int;
- eap_cb.set_int = peer_set_int;
- eap_cb.get_eapReqData = peer_get_eapReqData;
- eap_cb.set_config_blob = peer_set_config_blob;
- eap_cb.get_config_blob = peer_get_config_blob;
- eap_cb.notify_pending = peer_notify_pending;
-
- os_memset(&eap_conf, 0, sizeof(eap_conf));
- eap_ctx.eap = eap_peer_sm_init(&eap_ctx, &eap_cb, &eap_ctx, &eap_conf);
- if (eap_ctx.eap == NULL)
- return -1;
-
- /* Enable "port" to allow authentication */
- eap_ctx.portEnabled = TRUE;
-
- return 0;
-}
-
-
-void eap_example_peer_deinit(void)
-{
- eap_peer_sm_deinit(eap_ctx.eap);
- eap_peer_unregister_methods();
- wpabuf_free(eap_ctx.eapReqData);
- os_free(eap_ctx.eap_config.identity);
- os_free(eap_ctx.eap_config.password);
- os_free(eap_ctx.eap_config.ca_cert);
-}
-
-
-int eap_example_peer_step(void)
-{
- int res;
- res = eap_peer_sm_step(eap_ctx.eap);
-
- if (eap_ctx.eapResp) {
- struct wpabuf *resp;
- printf("==> Response\n");
- eap_ctx.eapResp = FALSE;
- resp = eap_get_eapRespData(eap_ctx.eap);
- if (resp) {
- /* Send EAP response to the server */
- eap_example_server_rx(wpabuf_head(resp),
- wpabuf_len(resp));
- wpabuf_free(resp);
- }
- }
-
- if (eap_ctx.eapSuccess) {
- res = 0;
- if (eap_key_available(eap_ctx.eap)) {
- const u8 *key;
- size_t key_len;
- key = eap_get_eapKeyData(eap_ctx.eap, &key_len);
- wpa_hexdump(MSG_DEBUG, "EAP keying material",
- key, key_len);
- }
- }
-
- return res;
-}
-
-
-void eap_example_peer_rx(const u8 *data, size_t data_len)
-{
- /* Make received EAP message available to the EAP library */
- eap_ctx.eapReq = TRUE;
- wpabuf_free(eap_ctx.eapReqData);
- eap_ctx.eapReqData = wpabuf_alloc_copy(data, data_len);
-}
diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c
deleted file mode 100644
index 7097bca..0000000
--- a/eap_example/eap_example_server.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Example application showing how EAP server code from hostapd can be used as
- * a library.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/tls.h"
-#include "eap_server/eap.h"
-#include "wpabuf.h"
-
-void eap_example_peer_rx(const u8 *data, size_t data_len);
-
-
-struct eap_server_ctx {
- struct eap_eapol_interface *eap_if;
- struct eap_sm *eap;
- void *tls_ctx;
-};
-
-static struct eap_server_ctx eap_ctx;
-
-
-static int server_get_eap_user(void *ctx, const u8 *identity,
- size_t identity_len, int phase2,
- struct eap_user *user)
-{
- os_memset(user, 0, sizeof(*user));
-
- if (!phase2) {
- /* Only allow EAP-PEAP as the Phase 1 method */
- user->methods[0].vendor = EAP_VENDOR_IETF;
- user->methods[0].method = EAP_TYPE_PEAP;
- return 0;
- }
-
- if (identity_len != 4 || identity == NULL ||
- os_memcmp(identity, "user", 4) != 0) {
- printf("Unknown user\n");
- return -1;
- }
-
- /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
- user->methods[0].vendor = EAP_VENDOR_IETF;
- user->methods[0].method = EAP_TYPE_MSCHAPV2;
- user->password = (u8 *) os_strdup("password");
- user->password_len = 8;
-
- return 0;
-}
-
-
-static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
-{
- *len = 0;
- return NULL;
-}
-
-
-static struct eapol_callbacks eap_cb;
-static struct eap_config eap_conf;
-
-static int eap_example_server_init_tls(void)
-{
- struct tls_config tconf;
- struct tls_connection_params tparams;
-
- os_memset(&tconf, 0, sizeof(tconf));
- eap_ctx.tls_ctx = tls_init(&tconf);
- if (eap_ctx.tls_ctx == NULL)
- return -1;
-
- os_memset(&tparams, 0, sizeof(tparams));
- tparams.ca_cert = "ca.pem";
- tparams.client_cert = "server.pem";
- /* tparams.private_key = "server.key"; */
- tparams.private_key = "server-key.pem";
- /* tparams.private_key_passwd = "whatever"; */
-
- if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
- printf("Failed to set TLS parameters\n");
- return -1;
- }
-
- if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
- printf("Failed to set check_crl\n");
- return -1;
- }
-
- return 0;
-}
-
-
-static int eap_server_register_methods(void)
-{
- int ret = 0;
-
-#ifdef EAP_SERVER_IDENTITY
- if (ret == 0)
- ret = eap_server_identity_register();
-#endif /* EAP_SERVER_IDENTITY */
-
-#ifdef EAP_SERVER_MD5
- if (ret == 0)
- ret = eap_server_md5_register();
-#endif /* EAP_SERVER_MD5 */
-
-#ifdef EAP_SERVER_TLS
- if (ret == 0)
- ret = eap_server_tls_register();
-#endif /* EAP_SERVER_TLS */
-
-#ifdef EAP_SERVER_MSCHAPV2
- if (ret == 0)
- ret = eap_server_mschapv2_register();
-#endif /* EAP_SERVER_MSCHAPV2 */
-
-#ifdef EAP_SERVER_PEAP
- if (ret == 0)
- ret = eap_server_peap_register();
-#endif /* EAP_SERVER_PEAP */
-
-#ifdef EAP_SERVER_TLV
- if (ret == 0)
- ret = eap_server_tlv_register();
-#endif /* EAP_SERVER_TLV */
-
-#ifdef EAP_SERVER_GTC
- if (ret == 0)
- ret = eap_server_gtc_register();
-#endif /* EAP_SERVER_GTC */
-
-#ifdef EAP_SERVER_TTLS
- if (ret == 0)
- ret = eap_server_ttls_register();
-#endif /* EAP_SERVER_TTLS */
-
-#ifdef EAP_SERVER_SIM
- if (ret == 0)
- ret = eap_server_sim_register();
-#endif /* EAP_SERVER_SIM */
-
-#ifdef EAP_SERVER_AKA
- if (ret == 0)
- ret = eap_server_aka_register();
-#endif /* EAP_SERVER_AKA */
-
-#ifdef EAP_SERVER_AKA_PRIME
- if (ret == 0)
- ret = eap_server_aka_prime_register();
-#endif /* EAP_SERVER_AKA_PRIME */
-
-#ifdef EAP_SERVER_PAX
- if (ret == 0)
- ret = eap_server_pax_register();
-#endif /* EAP_SERVER_PAX */
-
-#ifdef EAP_SERVER_PSK
- if (ret == 0)
- ret = eap_server_psk_register();
-#endif /* EAP_SERVER_PSK */
-
-#ifdef EAP_SERVER_SAKE
- if (ret == 0)
- ret = eap_server_sake_register();
-#endif /* EAP_SERVER_SAKE */
-
-#ifdef EAP_SERVER_GPSK
- if (ret == 0)
- ret = eap_server_gpsk_register();
-#endif /* EAP_SERVER_GPSK */
-
-#ifdef EAP_SERVER_VENDOR_TEST
- if (ret == 0)
- ret = eap_server_vendor_test_register();
-#endif /* EAP_SERVER_VENDOR_TEST */
-
-#ifdef EAP_SERVER_FAST
- if (ret == 0)
- ret = eap_server_fast_register();
-#endif /* EAP_SERVER_FAST */
-
-#ifdef EAP_SERVER_WSC
- if (ret == 0)
- ret = eap_server_wsc_register();
-#endif /* EAP_SERVER_WSC */
-
-#ifdef EAP_SERVER_IKEV2
- if (ret == 0)
- ret = eap_server_ikev2_register();
-#endif /* EAP_SERVER_IKEV2 */
-
-#ifdef EAP_SERVER_TNC
- if (ret == 0)
- ret = eap_server_tnc_register();
-#endif /* EAP_SERVER_TNC */
-
- return ret;
-}
-
-
-int eap_example_server_init(void)
-{
- if (eap_server_register_methods() < 0)
- return -1;
-
- os_memset(&eap_ctx, 0, sizeof(eap_ctx));
-
- if (eap_example_server_init_tls() < 0)
- return -1;
-
- os_memset(&eap_cb, 0, sizeof(eap_cb));
- eap_cb.get_eap_user = server_get_eap_user;
- eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
-
- os_memset(&eap_conf, 0, sizeof(eap_conf));
- eap_conf.eap_server = 1;
- eap_conf.ssl_ctx = eap_ctx.tls_ctx;
-
- eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
- if (eap_ctx.eap == NULL)
- return -1;
-
- eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
-
- /* Enable "port" and request EAP to start authentication. */
- eap_ctx.eap_if->portEnabled = TRUE;
- eap_ctx.eap_if->eapRestart = TRUE;
-
- return 0;
-}
-
-
-void eap_example_server_deinit(void)
-{
- eap_server_sm_deinit(eap_ctx.eap);
- eap_server_unregister_methods();
- tls_deinit(eap_ctx.tls_ctx);
-}
-
-
-int eap_example_server_step(void)
-{
- int res, process = 0;
-
- res = eap_server_sm_step(eap_ctx.eap);
-
- if (eap_ctx.eap_if->eapReq) {
- printf("==> Request\n");
- process = 1;
- eap_ctx.eap_if->eapReq = 0;
- }
-
- if (eap_ctx.eap_if->eapSuccess) {
- printf("==> Success\n");
- process = 1;
- res = 0;
- eap_ctx.eap_if->eapSuccess = 0;
-
- if (eap_ctx.eap_if->eapKeyAvailable) {
- wpa_hexdump(MSG_DEBUG, "EAP keying material",
- eap_ctx.eap_if->eapKeyData,
- eap_ctx.eap_if->eapKeyDataLen);
- }
- }
-
- if (eap_ctx.eap_if->eapFail) {
- printf("==> Fail\n");
- process = 1;
- eap_ctx.eap_if->eapFail = 0;
- }
-
- if (process && eap_ctx.eap_if->eapReqData) {
- /* Send EAP response to the server */
- eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
- wpabuf_len(eap_ctx.eap_if->eapReqData));
- }
-
- return res;
-}
-
-
-void eap_example_server_rx(const u8 *data, size_t data_len)
-{
- /* Make received EAP message available to the EAP library */
- wpabuf_free(eap_ctx.eap_if->eapRespData);
- eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
- if (eap_ctx.eap_if->eapRespData)
- eap_ctx.eap_if->eapResp = TRUE;
-}
diff --git a/eap_example/server-key.pem b/eap_example/server-key.pem
deleted file mode 100644
index d98c4dd..0000000
--- a/eap_example/server-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDToYuDPmjEWu+/Aj0RVWTSb07sX6dAkPnrTaUjZAG5AhjRqJWz
-zD50kFmVKi+R7GgS5tlGzLUtokdwjuSUAmz8tMXwIwmVeS0HluFDVSi94XbVRczE
-+nyoDigg1RGyy1mc3t5RG84bvNatq98OceJag4ngh8L8I4k1qTLRMlyBJwIDAQAB
-AoGAP+v0asDn/h8FeSkg7uJfIJyUNxsxNnRTuHnsXkMvrgTvICyOgw828hhDpqVm
-VuoUCVmG2Tatpsn0UBApBHezGRh0u1syWoGM8fiDvZmoYmhFe5FxKnftg3KNXhDf
-Agk4OxwNNPBXpQFQP+GNxh6Qs7FEkYHLRh/J7vC0+wp3UWECQQDzcTQZXqYPow5M
-uinL819HKfh1n2257w1HGvw8cMCiYbKRyR74Q18TJcxuEyEwnPrg5ZGpMPDKiIOU
-SlgAMLBXAkEA3oxBpRue1Kqb2+Fq6lhZ7PQiZC5F69upIb/wxbk8ByImEl1pUKFW
-rV+YoKujbnj77PmMq1+R0dFkT1ai3zDzsQJBAMa3CUgMMpFhEDMhYyzQJF36rI2W
-7gJwV+5K4MqVXyktho3qFhWhKOKAYDcZ9mWwPjmGKzhocqVgecd6SAsfs1ECQA7r
-xHL3eRy1G6IQaQSxS8YxUCT7XUDFB3/1yITZOIcZ6QeOL8NyLceOA0OyflCn1+w5
-hw7uZ25z5Y/UNTNVquECQEgto3zPneEW06qkEnRz9EbLtWR3nRBS/QGrjOFNUuln
-pNhVUH4RB17Kk35xveUTz4U/Iw/WRfGNjFLHrtR/5xk=
------END RSA PRIVATE KEY-----
diff --git a/eap_example/server.key b/eap_example/server.key
deleted file mode 100644
index 4f32591..0000000
--- a/eap_example/server.key
+++ /dev/null
Binary files differ
diff --git a/eap_example/server.pem b/eap_example/server.pem
deleted file mode 100644
index 02f6e7b..0000000
--- a/eap_example/server.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIJAIb4NS4TdLXVMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ4wDAYDVQQKEwV3MS5maTEQMA4G
-A1UEAxMHVGVzdCBDQTEbMBkGCSqGSIb3DQEJARYMdGVzdGNhQHcxLmZpMB4XDTA3
-MTIwOTAzMTUwOFoXDTE3MTIwNjAzMTUwOFoweTELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDjAMBgNVBAoT
-BXcxLmZpMRAwDgYDVQQDEwdUZXN0IEFTMRswGQYJKoZIhvcNAQkBFgx0ZXN0YXNA
-dzEuZmkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOhi4M+aMRa778CPRFV
-ZNJvTuxfp0CQ+etNpSNkAbkCGNGolbPMPnSQWZUqL5HsaBLm2UbMtS2iR3CO5JQC
-bPy0xfAjCZV5LQeW4UNVKL3hdtVFzMT6fKgOKCDVEbLLWZze3lEbzhu81q2r3w5x
-4lqDieCHwvwjiTWpMtEyXIEnAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
-QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRb
-xGTC3mPimgyGb5vYLLV5wyc9ITAfBgNVHSMEGDAWgBSoSbkiyeiYXAf3UYAfI9If
-ZjpaSjANBgkqhkiG9w0BAQUFAAOBgQA9wVGtroz/rsx1EeALJejW01SAr4kpTxoS
-WP6zuWFb+J/lJd7DeVM6/QBYAwZb0fB6nwSpJJCj6XDRZtN/yLeaTd/rCZrfom4Z
-8gbkWMTXDn2Cea2VnCe5W0gK+4dIj5DD5CpPvgt4lYqlwN0WAih6twd7Q4x/tiiJ
-ejNQzlTHOg==
------END CERTIFICATE-----