2 * Example application showing how EAP server code from hostapd can be used as
4 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
13 #include "crypto/tls.h"
14 #include "eap_server/eap.h"
17 void eap_example_peer_rx(const u8 *data, size_t data_len);
20 struct eap_server_ctx {
21 struct eap_eapol_interface *eap_if;
26 static struct eap_server_ctx eap_ctx;
29 static int server_get_eap_user(void *ctx, const u8 *identity,
30 size_t identity_len, int phase2,
31 struct eap_user *user)
33 os_memset(user, 0, sizeof(*user));
36 /* Only allow EAP-PEAP as the Phase 1 method */
37 user->methods[0].vendor = EAP_VENDOR_IETF;
38 user->methods[0].method = EAP_TYPE_PEAP;
42 if (identity_len != 4 || identity == NULL ||
43 os_memcmp(identity, "user", 4) != 0) {
44 printf("Unknown user\n");
48 /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
49 user->methods[0].vendor = EAP_VENDOR_IETF;
50 user->methods[0].method = EAP_TYPE_MSCHAPV2;
51 user->password = (u8 *) os_strdup("password");
52 user->password_len = 8;
58 static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
65 static struct eapol_callbacks eap_cb;
66 static struct eap_config eap_conf;
68 static int eap_example_server_init_tls(void)
70 struct tls_config tconf;
71 struct tls_connection_params tparams;
73 os_memset(&tconf, 0, sizeof(tconf));
74 eap_ctx.tls_ctx = tls_init(&tconf);
75 if (eap_ctx.tls_ctx == NULL)
78 os_memset(&tparams, 0, sizeof(tparams));
79 tparams.ca_cert = "ca.pem";
80 tparams.client_cert = "server.pem";
81 /* tparams.private_key = "server.key"; */
82 tparams.private_key = "server-key.pem";
83 /* tparams.private_key_passwd = "whatever"; */
85 if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
86 printf("Failed to set TLS parameters\n");
90 if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
91 printf("Failed to set check_crl\n");
99 static int eap_server_register_methods(void)
103 #ifdef EAP_SERVER_IDENTITY
105 ret = eap_server_identity_register();
106 #endif /* EAP_SERVER_IDENTITY */
108 #ifdef EAP_SERVER_MD5
110 ret = eap_server_md5_register();
111 #endif /* EAP_SERVER_MD5 */
113 #ifdef EAP_SERVER_TLS
115 ret = eap_server_tls_register();
116 #endif /* EAP_SERVER_TLS */
118 #ifdef EAP_SERVER_MSCHAPV2
120 ret = eap_server_mschapv2_register();
121 #endif /* EAP_SERVER_MSCHAPV2 */
123 #ifdef EAP_SERVER_PEAP
125 ret = eap_server_peap_register();
126 #endif /* EAP_SERVER_PEAP */
128 #ifdef EAP_SERVER_TLV
130 ret = eap_server_tlv_register();
131 #endif /* EAP_SERVER_TLV */
133 #ifdef EAP_SERVER_GTC
135 ret = eap_server_gtc_register();
136 #endif /* EAP_SERVER_GTC */
138 #ifdef EAP_SERVER_TTLS
140 ret = eap_server_ttls_register();
141 #endif /* EAP_SERVER_TTLS */
143 #ifdef EAP_SERVER_SIM
145 ret = eap_server_sim_register();
146 #endif /* EAP_SERVER_SIM */
148 #ifdef EAP_SERVER_AKA
150 ret = eap_server_aka_register();
151 #endif /* EAP_SERVER_AKA */
153 #ifdef EAP_SERVER_AKA_PRIME
155 ret = eap_server_aka_prime_register();
156 #endif /* EAP_SERVER_AKA_PRIME */
158 #ifdef EAP_SERVER_PAX
160 ret = eap_server_pax_register();
161 #endif /* EAP_SERVER_PAX */
163 #ifdef EAP_SERVER_PSK
165 ret = eap_server_psk_register();
166 #endif /* EAP_SERVER_PSK */
168 #ifdef EAP_SERVER_SAKE
170 ret = eap_server_sake_register();
171 #endif /* EAP_SERVER_SAKE */
173 #ifdef EAP_SERVER_GPSK
175 ret = eap_server_gpsk_register();
176 #endif /* EAP_SERVER_GPSK */
178 #ifdef EAP_SERVER_VENDOR_TEST
180 ret = eap_server_vendor_test_register();
181 #endif /* EAP_SERVER_VENDOR_TEST */
183 #ifdef EAP_SERVER_FAST
185 ret = eap_server_fast_register();
186 #endif /* EAP_SERVER_FAST */
188 #ifdef EAP_SERVER_WSC
190 ret = eap_server_wsc_register();
191 #endif /* EAP_SERVER_WSC */
193 #ifdef EAP_SERVER_IKEV2
195 ret = eap_server_ikev2_register();
196 #endif /* EAP_SERVER_IKEV2 */
198 #ifdef EAP_SERVER_TNC
200 ret = eap_server_tnc_register();
201 #endif /* EAP_SERVER_TNC */
207 int eap_example_server_init(void)
209 if (eap_server_register_methods() < 0)
212 os_memset(&eap_ctx, 0, sizeof(eap_ctx));
214 if (eap_example_server_init_tls() < 0)
217 os_memset(&eap_cb, 0, sizeof(eap_cb));
218 eap_cb.get_eap_user = server_get_eap_user;
219 eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
221 os_memset(&eap_conf, 0, sizeof(eap_conf));
222 eap_conf.eap_server = 1;
223 eap_conf.ssl_ctx = eap_ctx.tls_ctx;
225 eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
226 if (eap_ctx.eap == NULL)
229 eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
231 /* Enable "port" and request EAP to start authentication. */
232 eap_ctx.eap_if->portEnabled = TRUE;
233 eap_ctx.eap_if->eapRestart = TRUE;
239 void eap_example_server_deinit(void)
241 eap_server_sm_deinit(eap_ctx.eap);
242 eap_server_unregister_methods();
243 tls_deinit(eap_ctx.tls_ctx);
247 int eap_example_server_step(void)
249 int res, process = 0;
251 res = eap_server_sm_step(eap_ctx.eap);
253 if (eap_ctx.eap_if->eapReq) {
254 printf("==> Request\n");
256 eap_ctx.eap_if->eapReq = 0;
259 if (eap_ctx.eap_if->eapSuccess) {
260 printf("==> Success\n");
263 eap_ctx.eap_if->eapSuccess = 0;
265 if (eap_ctx.eap_if->eapKeyAvailable) {
266 wpa_hexdump(MSG_DEBUG, "EAP keying material",
267 eap_ctx.eap_if->eapKeyData,
268 eap_ctx.eap_if->eapKeyDataLen);
272 if (eap_ctx.eap_if->eapFail) {
273 printf("==> Fail\n");
275 eap_ctx.eap_if->eapFail = 0;
278 if (process && eap_ctx.eap_if->eapReqData) {
279 /* Send EAP response to the server */
280 eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
281 wpabuf_len(eap_ctx.eap_if->eapReqData));
288 void eap_example_server_rx(const u8 *data, size_t data_len)
290 /* Make received EAP message available to the EAP library */
291 wpabuf_free(eap_ctx.eap_if->eapRespData);
292 eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
293 if (eap_ctx.eap_if->eapRespData)
294 eap_ctx.eap_if->eapResp = TRUE;