diff options
Diffstat (limited to 'eap_example')
| -rw-r--r-- | eap_example/.gitignore | 4 | ||||
| -rw-r--r-- | eap_example/Makefile | 119 | ||||
| -rw-r--r-- | eap_example/README | 42 | ||||
| -rw-r--r-- | eap_example/ca.pem | 55 | ||||
| -rw-r--r-- | eap_example/dh.conf | 5 | ||||
| -rw-r--r-- | eap_example/eap_example.c | 47 | ||||
| -rw-r--r-- | eap_example/eap_example_peer.c | 377 | ||||
| -rw-r--r-- | eap_example/eap_example_server.c | 300 | ||||
| -rw-r--r-- | eap_example/server-key.pem | 15 | ||||
| -rw-r--r-- | eap_example/server.key | 16 | ||||
| -rw-r--r-- | eap_example/server.pem | 64 |
11 files changed, 0 insertions, 1044 deletions
diff --git a/eap_example/.gitignore b/eap_example/.gitignore deleted file mode 100644 index 4d6d2d1301b2..000000000000 --- a/eap_example/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.d -eap_example -libeap.so -libeap.a diff --git a/eap_example/Makefile b/eap_example/Makefile deleted file mode 100644 index 691466f03c9a..000000000000 --- a/eap_example/Makefile +++ /dev/null @@ -1,119 +0,0 @@ -ALL=eap_example - -include ../src/build.rules - -CFLAGS += -I. -CFLAGS += -I../src -CFLAGS += -I../src/utils - - -EAP_LIBS += ../src/utils/libutils.a -EAP_LIBS += ../src/crypto/libcrypto.a -EAP_LIBS += ../src/tls/libtls.a - -OBJS_both += ../src/eap_common/eap_peap_common.o -OBJS_both += ../src/eap_common/eap_psk_common.o -OBJS_both += ../src/eap_common/eap_pax_common.o -OBJS_both += ../src/eap_common/eap_sake_common.o -OBJS_both += ../src/eap_common/eap_gpsk_common.o -OBJS_both += ../src/eap_common/chap.o - -OBJS_peer += ../src/eap_peer/eap_tls.o -OBJS_peer += ../src/eap_peer/eap_peap.o -OBJS_peer += ../src/eap_peer/eap_ttls.o -OBJS_peer += ../src/eap_peer/eap_md5.o -OBJS_peer += ../src/eap_peer/eap_mschapv2.o -OBJS_peer += ../src/eap_peer/mschapv2.o -OBJS_peer += ../src/eap_peer/eap_otp.o -OBJS_peer += ../src/eap_peer/eap_gtc.o -OBJS_peer += ../src/eap_peer/eap_leap.o -OBJS_peer += ../src/eap_peer/eap_psk.o -OBJS_peer += ../src/eap_peer/eap_pax.o -OBJS_peer += ../src/eap_peer/eap_sake.o -OBJS_peer += ../src/eap_peer/eap_gpsk.o -OBJS_peer += ../src/eap_peer/eap.o -OBJS_peer += ../src/eap_common/eap_common.o -OBJS_peer += ../src/eap_peer/eap_methods.o -OBJS_peer += ../src/eap_peer/eap_tls_common.o - -CFLAGS += -DEAP_TLS -CFLAGS += -DEAP_PEAP -CFLAGS += -DEAP_TTLS -CFLAGS += -DEAP_MD5 -CFLAGS += -DEAP_MSCHAPv2 -CFLAGS += -DEAP_GTC -CFLAGS += -DEAP_OTP -CFLAGS += -DEAP_LEAP -CFLAGS += -DEAP_PSK -CFLAGS += -DEAP_PAX -CFLAGS += -DEAP_SAKE -CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 - -CFLAGS += -DEAP_SERVER_IDENTITY -CFLAGS += -DEAP_SERVER_TLS -CFLAGS += -DEAP_SERVER_PEAP -CFLAGS += -DEAP_SERVER_TTLS -CFLAGS += -DEAP_SERVER_MD5 -CFLAGS += -DEAP_SERVER_MSCHAPV2 -CFLAGS += -DEAP_SERVER_GTC -CFLAGS += -DEAP_SERVER_PSK -CFLAGS += -DEAP_SERVER_PAX -CFLAGS += -DEAP_SERVER_SAKE -CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 - -CFLAGS += -DIEEE8021X_EAPOL - - -# Optional components to add EAP server support -OBJS_server += ../src/eap_server/eap_server_tls.o -OBJS_server += ../src/eap_server/eap_server_peap.o -OBJS_server += ../src/eap_server/eap_server_ttls.o -OBJS_server += ../src/eap_server/eap_server_md5.o -OBJS_server += ../src/eap_server/eap_server_mschapv2.o -OBJS_server += ../src/eap_server/eap_server_gtc.o -OBJS_server += ../src/eap_server/eap_server_psk.o -OBJS_server += ../src/eap_server/eap_server_pax.o -OBJS_server += ../src/eap_server/eap_server_sake.o -OBJS_server += ../src/eap_server/eap_server_gpsk.o -OBJS_server += ../src/eap_server/eap_server.o -OBJS_server += ../src/eap_server/eap_server_identity.o -OBJS_server += ../src/eap_server/eap_server_methods.o -OBJS_server += ../src/eap_server/eap_server_tls_common.o -CFLAGS += -DEAP_SERVER - - -OBJS_lib=$(OBJS_both) $(OBJS_peer) $(OBJS_server) -_OBJS_VAR := OBJS_lib -include ../src/objs.mk - -OBJS_ex = eap_example.o eap_example_peer.o eap_example_server.o -_OBJS_VAR := OBJS_ex -include ../src/objs.mk - -_OBJS_VAR := EAP_LIBS -include ../src/objs.mk - - -ifneq ($(CONFIG_SOLIB), yes) -LIBEAP = libeap.a -libeap.a: $(EAP_LIBS) $(OBJS_lib) - $(AR) crT libeap.a $^ - $(RANLIB) libeap.a - -else -CFLAGS += -fPIC -DPIC -LDFLAGS += -shared - -LIBEAP = libeap.so -libeap.so: $(EAP_LIBS) $(OBJS_lib) - $(LDO) $(LDFLAGS) $^ -o $(LIBEAP) - -endif - -eap_example: $(OBJS_ex) $(LIBEAP) - $(LDO) $(LDFLAGS) -o eap_example $(OBJS_ex) -L. -leap $(LIBS) - -clean: common-clean - rm -f core *~ *.o *.d libeap.a libeap.so - --include $(OBJS:%.o=%.d) diff --git a/eap_example/README b/eap_example/README deleted file mode 100644 index 0c2921e3be93..000000000000 --- a/eap_example/README +++ /dev/null @@ -1,42 +0,0 @@ -EAP peer/server library and example program -Copyright (c) 2007, Jouni Malinen <j@w1.fi> - -This software may be distributed under the terms of the BSD license. -See the parent directory README for more details. - - -The interfaces of the EAP server/peer implementation are based on RFC -4137 (EAP State Machines). This RFC is coordinated with the state -machines defined in IEEE 802.1X-2004. hostapd and wpa_supplicant -include implementation of the IEEE 802.1X EAPOL state machines and the -interface between them and EAP. However, the EAP implementation can be -used with other protocols, too, by providing a compatible interface -which maps the EAPOL<->EAP variables to another protocol. - -This directory contains an example showing how EAP peer and server -code from wpa_supplicant and hostapd can be used as a library. The -example program initializes both an EAP server and an EAP peer -entities and then runs through an EAP-PEAP/MSCHAPv2 authentication. - -eap_example_peer.c shows the initialization and glue code needed to -control the EAP peer implementation. eap_example_server.c does the -same for EAP server. eap_example.c is an example that ties in both the -EAP server and client parts to allow an EAP authentication to be -shown. - -In this example, the EAP messages are passed between the server and -the peer are passed by direct function calls within the same process. -In practice, server and peer functionalities would likely reside in -separate devices and the EAP messages would be transmitted between the -devices based on an external protocol. For example, in IEEE 802.11 -uses IEEE 802.1X EAPOL state machines to control the transmission of -EAP messages and WiMax supports optional PMK EAP authentication -mechanism that transmits EAP messages as defined in IEEE 802.16e. - - -The EAP library links in number of helper functions from src/utils and -src/crypto directories. Most of these are suitable as-is, but it may -be desirable to replace the debug output code in src/utils/wpa_debug.c -by dropping this file from the library and re-implementing the -functions there in a way that better fits in with the main -application. diff --git a/eap_example/ca.pem b/eap_example/ca.pem deleted file mode 100644 index b128893a1e7b..000000000000 --- a/eap_example/ca.pem +++ /dev/null @@ -1,55 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=FI, O=w1.fi, CN=Root CA - Validity - Not Before: Jun 29 16:41:22 2013 GMT - Not After : Jun 27 16:41:22 2023 GMT - Subject: C=FI, O=w1.fi, CN=Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28: - 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff: - f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7: - db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c: - 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b: - 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16: - c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad: - 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7: - ae:8a:b6:d1:e7:b3:15:02:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 - X509v3 Authority Key Identifier: - keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7: - 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4: - 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82: - be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c: - 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9: - d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e: - c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3: - 92:e8 ------BEGIN CERTIFICATE----- -MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV -BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2 -MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK -DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw -gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m -Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA -cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w -HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K -GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA -Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk -uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0 -+qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug= ------END CERTIFICATE----- diff --git a/eap_example/dh.conf b/eap_example/dh.conf deleted file mode 100644 index 7bc83251c592..000000000000 --- a/eap_example/dh.conf +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr -qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd -XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC ------END DH PARAMETERS----- diff --git a/eap_example/eap_example.c b/eap_example/eap_example.c deleted file mode 100644 index 8a48cd34b030..000000000000 --- a/eap_example/eap_example.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Example application showing how EAP peer and server code from - * wpa_supplicant/hostapd can be used as a library. This example program - * initializes both an EAP server and an EAP peer entities and then runs - * through an EAP-PEAP/MSCHAPv2 authentication. - * Copyright (c) 2007, Jouni Malinen <j@w1.fi> - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" - - -int eap_example_peer_init(void); -void eap_example_peer_deinit(void); -int eap_example_peer_step(void); - -int eap_example_server_init(void); -void eap_example_server_deinit(void); -int eap_example_server_step(void); - - -int main(int argc, char *argv[]) -{ - int res_s, res_p; - - wpa_debug_level = 0; - - if (eap_example_peer_init() < 0 || - eap_example_server_init() < 0) - return -1; - - do { - printf("---[ server ]--------------------------------\n"); - res_s = eap_example_server_step(); - printf("---[ peer ]----------------------------------\n"); - res_p = eap_example_peer_step(); - } while (res_s || res_p); - - eap_example_peer_deinit(); - eap_example_server_deinit(); - - return 0; -} diff --git a/eap_example/eap_example_peer.c b/eap_example/eap_example_peer.c deleted file mode 100644 index 5fe0cb7fa7f6..000000000000 --- a/eap_example/eap_example_peer.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - * Example application showing how EAP peer code from wpa_supplicant can be - * used as a library. - * Copyright (c) 2007, Jouni Malinen <j@w1.fi> - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" -#include "eap_peer/eap.h" -#include "eap_peer/eap_config.h" -#include "wpabuf.h" - -void eap_example_server_rx(const u8 *data, size_t data_len); - - -struct eap_peer_ctx { - bool eapSuccess; - bool eapRestart; - bool eapFail; - bool eapResp; - bool eapNoResp; - bool eapReq; - bool portEnabled; - bool altAccept; /* for EAP */ - bool altReject; /* for EAP */ - bool eapTriggerStart; - - struct wpabuf *eapReqData; /* for EAP */ - - unsigned int idleWhile; /* for EAP state machine */ - - struct eap_peer_config eap_config; - struct eap_sm *eap; -}; - - -static struct eap_peer_ctx eap_ctx; - - -static struct eap_peer_config * peer_get_config(void *ctx) -{ - struct eap_peer_ctx *peer = ctx; - return &peer->eap_config; -} - - -static bool peer_get_bool(void *ctx, enum eapol_bool_var variable) -{ - struct eap_peer_ctx *peer = ctx; - if (peer == NULL) - return false; - switch (variable) { - case EAPOL_eapSuccess: - return peer->eapSuccess; - case EAPOL_eapRestart: - return peer->eapRestart; - case EAPOL_eapFail: - return peer->eapFail; - case EAPOL_eapResp: - return peer->eapResp; - case EAPOL_eapNoResp: - return peer->eapNoResp; - case EAPOL_eapReq: - return peer->eapReq; - case EAPOL_portEnabled: - return peer->portEnabled; - case EAPOL_altAccept: - return peer->altAccept; - case EAPOL_altReject: - return peer->altReject; - case EAPOL_eapTriggerStart: - return peer->eapTriggerStart; - } - return false; -} - - -static void peer_set_bool(void *ctx, enum eapol_bool_var variable, bool value) -{ - struct eap_peer_ctx *peer = ctx; - if (peer == NULL) - return; - switch (variable) { - case EAPOL_eapSuccess: - peer->eapSuccess = value; - break; - case EAPOL_eapRestart: - peer->eapRestart = value; - break; - case EAPOL_eapFail: - peer->eapFail = value; - break; - case EAPOL_eapResp: - peer->eapResp = value; - break; - case EAPOL_eapNoResp: - peer->eapNoResp = value; - break; - case EAPOL_eapReq: - peer->eapReq = value; - break; - case EAPOL_portEnabled: - peer->portEnabled = value; - break; - case EAPOL_altAccept: - peer->altAccept = value; - break; - case EAPOL_altReject: - peer->altReject = value; - break; - case EAPOL_eapTriggerStart: - peer->eapTriggerStart = value; - break; - } -} - - -static unsigned int peer_get_int(void *ctx, enum eapol_int_var variable) -{ - struct eap_peer_ctx *peer = ctx; - if (peer == NULL) - return 0; - switch (variable) { - case EAPOL_idleWhile: - return peer->idleWhile; - } - return 0; -} - - -static void peer_set_int(void *ctx, enum eapol_int_var variable, - unsigned int value) -{ - struct eap_peer_ctx *peer = ctx; - if (peer == NULL) - return; - switch (variable) { - case EAPOL_idleWhile: - peer->idleWhile = value; - break; - } -} - - -static struct wpabuf * peer_get_eapReqData(void *ctx) -{ - struct eap_peer_ctx *peer = ctx; - if (peer == NULL || peer->eapReqData == NULL) - return NULL; - - return peer->eapReqData; -} - - -static void peer_set_config_blob(void *ctx, struct wpa_config_blob *blob) -{ - printf("TODO: %s\n", __func__); -} - - -static const struct wpa_config_blob * -peer_get_config_blob(void *ctx, const char *name) -{ - printf("TODO: %s\n", __func__); - return NULL; -} - - -static void peer_notify_pending(void *ctx) -{ - printf("TODO: %s\n", __func__); -} - - -static int eap_peer_register_methods(void) -{ - int ret = 0; - -#ifdef EAP_MD5 - if (ret == 0) - ret = eap_peer_md5_register(); -#endif /* EAP_MD5 */ - -#ifdef EAP_TLS - if (ret == 0) - ret = eap_peer_tls_register(); -#endif /* EAP_TLS */ - -#ifdef EAP_MSCHAPv2 - if (ret == 0) - ret = eap_peer_mschapv2_register(); -#endif /* EAP_MSCHAPv2 */ - -#ifdef EAP_PEAP - if (ret == 0) - ret = eap_peer_peap_register(); -#endif /* EAP_PEAP */ - -#ifdef EAP_TTLS - if (ret == 0) - ret = eap_peer_ttls_register(); -#endif /* EAP_TTLS */ - -#ifdef EAP_GTC - if (ret == 0) - ret = eap_peer_gtc_register(); -#endif /* EAP_GTC */ - -#ifdef EAP_OTP - if (ret == 0) - ret = eap_peer_otp_register(); -#endif /* EAP_OTP */ - -#ifdef EAP_SIM - if (ret == 0) - ret = eap_peer_sim_register(); -#endif /* EAP_SIM */ - -#ifdef EAP_LEAP - if (ret == 0) - ret = eap_peer_leap_register(); -#endif /* EAP_LEAP */ - -#ifdef EAP_PSK - if (ret == 0) - ret = eap_peer_psk_register(); -#endif /* EAP_PSK */ - -#ifdef EAP_AKA - if (ret == 0) - ret = eap_peer_aka_register(); -#endif /* EAP_AKA */ - -#ifdef EAP_AKA_PRIME - if (ret == 0) - ret = eap_peer_aka_prime_register(); -#endif /* EAP_AKA_PRIME */ - -#ifdef EAP_FAST - if (ret == 0) - ret = eap_peer_fast_register(); -#endif /* EAP_FAST */ - -#ifdef EAP_PAX - if (ret == 0) - ret = eap_peer_pax_register(); -#endif /* EAP_PAX */ - -#ifdef EAP_SAKE - if (ret == 0) - ret = eap_peer_sake_register(); -#endif /* EAP_SAKE */ - -#ifdef EAP_GPSK - if (ret == 0) - ret = eap_peer_gpsk_register(); -#endif /* EAP_GPSK */ - -#ifdef EAP_WSC - if (ret == 0) - ret = eap_peer_wsc_register(); -#endif /* EAP_WSC */ - -#ifdef EAP_IKEV2 - if (ret == 0) - ret = eap_peer_ikev2_register(); -#endif /* EAP_IKEV2 */ - -#ifdef EAP_VENDOR_TEST - if (ret == 0) - ret = eap_peer_vendor_test_register(); -#endif /* EAP_VENDOR_TEST */ - -#ifdef EAP_TNC - if (ret == 0) - ret = eap_peer_tnc_register(); -#endif /* EAP_TNC */ - - return ret; -} - - -static struct eapol_callbacks eap_cb; -static struct eap_config eap_conf; - -int eap_example_peer_init(void) -{ - if (eap_peer_register_methods() < 0) - return -1; - - os_memset(&eap_ctx, 0, sizeof(eap_ctx)); - - eap_ctx.eap_config.identity = (u8 *) os_strdup("user"); - eap_ctx.eap_config.identity_len = 4; - eap_ctx.eap_config.password = (u8 *) os_strdup("password"); - eap_ctx.eap_config.password_len = 8; - eap_ctx.eap_config.cert.ca_cert = os_strdup("ca.pem"); - eap_ctx.eap_config.fragment_size = 1398; - - os_memset(&eap_cb, 0, sizeof(eap_cb)); - eap_cb.get_config = peer_get_config; - eap_cb.get_bool = peer_get_bool; - eap_cb.set_bool = peer_set_bool; - eap_cb.get_int = peer_get_int; - eap_cb.set_int = peer_set_int; - eap_cb.get_eapReqData = peer_get_eapReqData; - eap_cb.set_config_blob = peer_set_config_blob; - eap_cb.get_config_blob = peer_get_config_blob; - eap_cb.notify_pending = peer_notify_pending; - - os_memset(&eap_conf, 0, sizeof(eap_conf)); - eap_ctx.eap = eap_peer_sm_init(&eap_ctx, &eap_cb, &eap_ctx, &eap_conf); - if (eap_ctx.eap == NULL) - return -1; - - /* Enable "port" to allow authentication */ - eap_ctx.portEnabled = true; - - return 0; -} - - -void eap_example_peer_deinit(void) -{ - eap_peer_sm_deinit(eap_ctx.eap); - eap_peer_unregister_methods(); - wpabuf_free(eap_ctx.eapReqData); - os_free(eap_ctx.eap_config.identity); - os_free(eap_ctx.eap_config.password); - os_free(eap_ctx.eap_config.cert.ca_cert); -} - - -int eap_example_peer_step(void) -{ - int res; - res = eap_peer_sm_step(eap_ctx.eap); - - if (eap_ctx.eapResp) { - struct wpabuf *resp; - printf("==> Response\n"); - eap_ctx.eapResp = false; - resp = eap_get_eapRespData(eap_ctx.eap); - if (resp) { - /* Send EAP response to the server */ - eap_example_server_rx(wpabuf_head(resp), - wpabuf_len(resp)); - wpabuf_free(resp); - } - } - - if (eap_ctx.eapSuccess) { - res = 0; - if (eap_key_available(eap_ctx.eap)) { - const u8 *key; - size_t key_len; - key = eap_get_eapKeyData(eap_ctx.eap, &key_len); - wpa_hexdump(MSG_DEBUG, "EAP keying material", - key, key_len); - } - } - - return res; -} - - -void eap_example_peer_rx(const u8 *data, size_t data_len) -{ - /* Make received EAP message available to the EAP library */ - eap_ctx.eapReq = true; - wpabuf_free(eap_ctx.eapReqData); - eap_ctx.eapReqData = wpabuf_alloc_copy(data, data_len); -} diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c deleted file mode 100644 index 3a132bb3466e..000000000000 --- a/eap_example/eap_example_server.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Example application showing how EAP server code from hostapd can be used as - * a library. - * Copyright (c) 2007, Jouni Malinen <j@w1.fi> - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" -#include "crypto/tls.h" -#include "eap_server/eap.h" -#include "wpabuf.h" - -void eap_example_peer_rx(const u8 *data, size_t data_len); - - -struct eap_server_ctx { - struct eap_eapol_interface *eap_if; - struct eap_sm *eap; - void *tls_ctx; -}; - -static struct eap_server_ctx eap_ctx; - - -static int server_get_eap_user(void *ctx, const u8 *identity, - size_t identity_len, int phase2, - struct eap_user *user) -{ - os_memset(user, 0, sizeof(*user)); - - if (!phase2) { - /* Only allow EAP-PEAP as the Phase 1 method */ - user->methods[0].vendor = EAP_VENDOR_IETF; - user->methods[0].method = EAP_TYPE_PEAP; - return 0; - } - - if (identity_len != 4 || identity == NULL || - os_memcmp(identity, "user", 4) != 0) { - printf("Unknown user\n"); - return -1; - } - - /* Only allow EAP-MSCHAPv2 as the Phase 2 method */ - user->methods[0].vendor = EAP_VENDOR_IETF; - user->methods[0].method = EAP_TYPE_MSCHAPV2; - user->password = (u8 *) os_strdup("password"); - user->password_len = 8; - - return 0; -} - - -static const char * server_get_eap_req_id_text(void *ctx, size_t *len) -{ - *len = 0; - return NULL; -} - - -static struct eapol_callbacks eap_cb; -static struct eap_config eap_conf; - -static int eap_example_server_init_tls(void) -{ - struct tls_config tconf; - struct tls_connection_params tparams; - - os_memset(&tconf, 0, sizeof(tconf)); - eap_ctx.tls_ctx = tls_init(&tconf); - if (eap_ctx.tls_ctx == NULL) - return -1; - - os_memset(&tparams, 0, sizeof(tparams)); - tparams.ca_cert = "ca.pem"; - tparams.client_cert = "server.pem"; - /* tparams.private_key = "server.key"; */ - tparams.private_key = "server-key.pem"; - /* tparams.private_key_passwd = "whatever"; */ - tparams.dh_file = "dh.conf"; - - if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) { - printf("Failed to set TLS parameters\n"); - return -1; - } - - if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) { - printf("Failed to set check_crl\n"); - return -1; - } - - return 0; -} - - -static int eap_server_register_methods(void) -{ - int ret = 0; - -#ifdef EAP_SERVER_IDENTITY - if (ret == 0) - ret = eap_server_identity_register(); -#endif /* EAP_SERVER_IDENTITY */ - -#ifdef EAP_SERVER_MD5 - if (ret == 0) - ret = eap_server_md5_register(); -#endif /* EAP_SERVER_MD5 */ - -#ifdef EAP_SERVER_TLS - if (ret == 0) - ret = eap_server_tls_register(); -#endif /* EAP_SERVER_TLS */ - -#ifdef EAP_SERVER_MSCHAPV2 - if (ret == 0) - ret = eap_server_mschapv2_register(); -#endif /* EAP_SERVER_MSCHAPV2 */ - -#ifdef EAP_SERVER_PEAP - if (ret == 0) - ret = eap_server_peap_register(); -#endif /* EAP_SERVER_PEAP */ - -#ifdef EAP_SERVER_TLV - if (ret == 0) - ret = eap_server_tlv_register(); -#endif /* EAP_SERVER_TLV */ - -#ifdef EAP_SERVER_GTC - if (ret == 0) - ret = eap_server_gtc_register(); -#endif /* EAP_SERVER_GTC */ - -#ifdef EAP_SERVER_TTLS - if (ret == 0) - ret = eap_server_ttls_register(); -#endif /* EAP_SERVER_TTLS */ - -#ifdef EAP_SERVER_SIM - if (ret == 0) - ret = eap_server_sim_register(); -#endif /* EAP_SERVER_SIM */ - -#ifdef EAP_SERVER_AKA - if (ret == 0) - ret = eap_server_aka_register(); -#endif /* EAP_SERVER_AKA */ - -#ifdef EAP_SERVER_AKA_PRIME - if (ret == 0) - ret = eap_server_aka_prime_register(); -#endif /* EAP_SERVER_AKA_PRIME */ - -#ifdef EAP_SERVER_PAX - if (ret == 0) - ret = eap_server_pax_register(); -#endif /* EAP_SERVER_PAX */ - -#ifdef EAP_SERVER_PSK - if (ret == 0) - ret = eap_server_psk_register(); -#endif /* EAP_SERVER_PSK */ - -#ifdef EAP_SERVER_SAKE - if (ret == 0) - ret = eap_server_sake_register(); -#endif /* EAP_SERVER_SAKE */ - -#ifdef EAP_SERVER_GPSK - if (ret == 0) - ret = eap_server_gpsk_register(); -#endif /* EAP_SERVER_GPSK */ - -#ifdef EAP_SERVER_VENDOR_TEST - if (ret == 0) - ret = eap_server_vendor_test_register(); -#endif /* EAP_SERVER_VENDOR_TEST */ - -#ifdef EAP_SERVER_FAST - if (ret == 0) - ret = eap_server_fast_register(); -#endif /* EAP_SERVER_FAST */ - -#ifdef EAP_SERVER_WSC - if (ret == 0) - ret = eap_server_wsc_register(); -#endif /* EAP_SERVER_WSC */ - -#ifdef EAP_SERVER_IKEV2 - if (ret == 0) - ret = eap_server_ikev2_register(); -#endif /* EAP_SERVER_IKEV2 */ - -#ifdef EAP_SERVER_TNC - if (ret == 0) - ret = eap_server_tnc_register(); -#endif /* EAP_SERVER_TNC */ - - return ret; -} - - -int eap_example_server_init(void) -{ - struct eap_session_data eap_sess; - - if (eap_server_register_methods() < 0) - return -1; - - os_memset(&eap_ctx, 0, sizeof(eap_ctx)); - - if (eap_example_server_init_tls() < 0) - return -1; - - os_memset(&eap_cb, 0, sizeof(eap_cb)); - eap_cb.get_eap_user = server_get_eap_user; - eap_cb.get_eap_req_id_text = server_get_eap_req_id_text; - - os_memset(&eap_conf, 0, sizeof(eap_conf)); - eap_conf.eap_server = 1; - eap_conf.ssl_ctx = eap_ctx.tls_ctx; - - os_memset(&eap_sess, 0, sizeof(eap_sess)); - eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf, - &eap_sess); - if (eap_ctx.eap == NULL) - return -1; - - eap_ctx.eap_if = eap_get_interface(eap_ctx.eap); - - /* Enable "port" and request EAP to start authentication. */ - eap_ctx.eap_if->portEnabled = true; - eap_ctx.eap_if->eapRestart = true; - - return 0; -} - - -void eap_example_server_deinit(void) -{ - eap_server_sm_deinit(eap_ctx.eap); - eap_server_unregister_methods(); - tls_deinit(eap_ctx.tls_ctx); -} - - -int eap_example_server_step(void) -{ - int res, process = 0; - - res = eap_server_sm_step(eap_ctx.eap); - - if (eap_ctx.eap_if->eapReq) { - printf("==> Request\n"); - process = 1; - eap_ctx.eap_if->eapReq = 0; - } - - if (eap_ctx.eap_if->eapSuccess) { - printf("==> Success\n"); - process = 1; - res = 0; - eap_ctx.eap_if->eapSuccess = 0; - - if (eap_ctx.eap_if->eapKeyAvailable) { - wpa_hexdump(MSG_DEBUG, "EAP keying material", - eap_ctx.eap_if->eapKeyData, - eap_ctx.eap_if->eapKeyDataLen); - } - } - - if (eap_ctx.eap_if->eapFail) { - printf("==> Fail\n"); - process = 1; - eap_ctx.eap_if->eapFail = 0; - } - - if (process && eap_ctx.eap_if->eapReqData) { - /* Send EAP request to the peer */ - eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData), - wpabuf_len(eap_ctx.eap_if->eapReqData)); - } - - return res; -} - - -void eap_example_server_rx(const u8 *data, size_t data_len) -{ - /* Make received EAP message available to the EAP library */ - wpabuf_free(eap_ctx.eap_if->eapRespData); - eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len); - if (eap_ctx.eap_if->eapRespData) - eap_ctx.eap_if->eapResp = true; -} diff --git a/eap_example/server-key.pem b/eap_example/server-key.pem deleted file mode 100644 index 0fe2cec47330..000000000000 --- a/eap_example/server-key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns -ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj -+6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB -AoGAR/C5b3DOtkMgAtGPw5AXiDWNBsGOZTfJgxEnovN4Nfel64sDyqjgNeVY/kDl -baDd0OT7j9ezU1zi1+5uQPlikFSvzgpdLgQhKkvWLzzehafb2uVaJ4VsRqS3WXK8 -RE06cYx4VQRkvQvMAXWsuua9pw36OrlpQnm3HlAbrks8Mm0CQQDgMEu2WPMWP2wj -Q8735zbj7D0AxEFlcegPZr/QZ3qU//G0HL35FG18lsuTbDzesrf7apo3W1BBQLjS -ZSNtyNsLAkEA1Ru6aEy/Cj2u1GYHu1u/RcshKC+W7rdVT0wDeiSTUzKafZNiwVhY -1Epk4k5HnHB327ysTI1LiOzUMMmuNYUkIwJAKUkbmFAXLCCv5GqnYcXluOGXdl2u -AWWRq8xrRJDZ5TihJV8pqQYXB5upj9Od/hEBir5d+hXJ2Mp3ft97P8t+cwJAGeWQ -tXP+EySDxlPPxLjVeYnBsbx2vvOQbl5yXblsHcQcef4bFhvCT6nqsIWKtjwElLNM -zNCuySjecD9R6DcRuQJBAJWrpgny77wP29x1WQ/29J8ZJfxe4N5wAj1SePBVNgZ3 -gfm1O+c6niNwe8RnfQimppLrrR+qK33te2SPGXiwi6g= ------END RSA PRIVATE KEY----- diff --git a/eap_example/server.key b/eap_example/server.key deleted file mode 100644 index 1416327bef21..000000000000 --- a/eap_example/server.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqgd1UiFIVVZZtk -LK3tm91lMcnaYFDOONY03Oi8G54w5xLjU2zJ7UgDeYFpmM6KuHdHNkXPxuDxex5x -iVT3AcwiraBCsag1nmCqOphR0P8f7r6NCmP7ojkX8mRh9mUCMnl04Z/RiWVVqcMg -nr9pVrP3Tz+pVMLajzyv8nVU+n6BAgMBAAECgYBH8LlvcM62QyAC0Y/DkBeINY0G -wY5lN8mDESei83g196XriwPKqOA15Vj+QOVtoN3Q5PuP17NTXOLX7m5A+WKQVK/O -Cl0uBCEqS9YvPN6Fp9va5VonhWxGpLdZcrxETTpxjHhVBGS9C8wBday65r2nDfo6 -uWlCebceUBuuSzwybQJBAOAwS7ZY8xY/bCNDzvfnNuPsPQDEQWVx6A9mv9BnepT/ -8bQcvfkUbXyWy5NsPN6yt/tqmjdbUEFAuNJlI23I2wsCQQDVG7poTL8KPa7UZge7 -W79FyyEoL5but1VPTAN6JJNTMpp9k2LBWFjUSmTiTkeccHfbvKxMjUuI7NQwya41 -hSQjAkApSRuYUBcsIK/kaqdhxeW44Zd2Xa4BZZGrzGtEkNnlOKElXympBhcHm6mP -053+EQGKvl36FcnYynd+33s/y35zAkAZ5ZC1c/4TJIPGU8/EuNV5icGxvHa+85Bu -XnJduWwdxBx5/hsWG8JPqeqwhYq2PASUs0zM0K7JKN5wP1HoNxG5AkEAlaumCfLv -vA/b3HVZD/b0nxkl/F7g3nACPVJ48FU2BneB+bU75zqeI3B7xGd9CKamkuutH6or -fe17ZI8ZeLCLqA== ------END PRIVATE KEY----- diff --git a/eap_example/server.pem b/eap_example/server.pem deleted file mode 100644 index 93b39b9d5027..000000000000 --- a/eap_example/server.pem +++ /dev/null @@ -1,64 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15624081837803162903 (0xd8d3e3a6cbe3cd17) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FI, O=w1.fi, CN=Root CA - Validity - Not Before: Oct 3 22:13:55 2018 GMT - Not After : Oct 3 22:13:55 2019 GMT - Subject: C=FI, O=w1.fi, CN=server.w1.fi - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:ba:a0:77:55:22:14:85:55:65:9b:64:2c:ad:ed: - 9b:dd:65:31:c9:da:60:50:ce:38:d6:34:dc:e8:bc: - 1b:9e:30:e7:12:e3:53:6c:c9:ed:48:03:79:81:69: - 98:ce:8a:b8:77:47:36:45:cf:c6:e0:f1:7b:1e:71: - 89:54:f7:01:cc:22:ad:a0:42:b1:a8:35:9e:60:aa: - 3a:98:51:d0:ff:1f:ee:be:8d:0a:63:fb:a2:39:17: - f2:64:61:f6:65:02:32:79:74:e1:9f:d1:89:65:55: - a9:c3:20:9e:bf:69:56:b3:f7:4f:3f:a9:54:c2:da: - 8f:3c:af:f2:75:54:fa:7e:81 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 31:4F:10:5C:67:9F:BE:4E:88:D6:DC:C5:AB:9E:12:88:86:69:02:4F - X509v3 Authority Key Identifier: - keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 - - Authority Information Access: - OCSP - URI:http://server.w1.fi:8888/ - - X509v3 Subject Alternative Name: - DNS:server.w1.fi - X509v3 Extended Key Usage: - TLS Web Server Authentication - Signature Algorithm: sha256WithRSAEncryption - b6:98:ae:d9:9b:9a:44:49:b2:06:ee:af:36:83:cb:cd:cb:c9: - f3:38:6d:65:cb:e9:81:d2:25:dd:76:12:5c:da:3f:a1:0e:11: - a5:04:ed:05:29:2d:66:94:82:a2:80:67:d1:d8:78:71:72:5f: - 10:c3:51:a2:7b:f5:0b:5f:ec:70:12:99:cb:65:6f:50:7f:2b: - 05:7c:b4:d7:1b:21:77:66:47:33:f3:a7:d6:fb:ce:97:fe:5f: - fd:df:1f:1d:6f:ef:22:5a:c6:78:d2:2b:07:1e:55:ec:80:62: - 06:7a:be:6a:0d:4d:96:c2:d5:df:76:56:b0:85:6a:f8:a0:27: - 62:31 ------BEGIN CERTIFICATE----- -MIIClTCCAf6gAwIBAgIJANjT46bL480XMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV -BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xODEw -MDMyMjEzNTVaFw0xOTEwMDMyMjEzNTVaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK -DAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns -ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj -+6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB -o4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFPEFxnn75OiNbcxaueEoiGaQJP -MB8GA1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkw -JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAXBgNVHREE -EDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN -AQELBQADgYEAtpiu2ZuaREmyBu6vNoPLzcvJ8zhtZcvpgdIl3XYSXNo/oQ4RpQTt -BSktZpSCooBn0dh4cXJfEMNRonv1C1/scBKZy2VvUH8rBXy01xshd2ZHM/On1vvO -l/5f/d8fHW/vIlrGeNIrBx5V7IBiBnq+ag1NlsLV33ZWsIVq+KAnYjE= ------END CERTIFICATE----- |