From: Jouni Malinen Date: Tue, 8 Apr 2008 11:57:39 +0000 (+0300) Subject: PEAPv0: Added crypto_binding configuration option (part of phase1) X-Git-Tag: hostap_0_6_4~93 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libeap.git;a=commitdiff_plain;h=d6888f9e3761c0e0e4bf744ffab4f75446c96737 PEAPv0: Added crypto_binding configuration option (part of phase1) crypto_binding=# in phase1 network parameter can now be used to change the PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default), 2 = required). --- diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h index c08f6fe..f07e83b 100644 --- a/src/eap_peer/eap_config.h +++ b/src/eap_peer/eap_config.h @@ -350,6 +350,12 @@ struct eap_peer_config { * fast_pac_format=binary option can be used to select binary format * for storing PAC entires in order to save some space (the default * text format uses about 2.5 times the size of minimal binary format). + * + * crypto_binding option can be used to control PEAPv0 cryptobinding + * behavior: + * 0 = do not use cryptobinding + * 1 = use cryptobinding if server supports it (default) + * 2 = require cryptobinding */ char *phase1; diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 47a6c35..c9e6db5 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -101,6 +101,17 @@ static int eap_peap_parse_phase1(struct eap_peap_data *data, "receiving tunneled EAP-Success"); } + if (os_strstr(phase1, "crypto_binding=0")) { + data->crypto_binding = NO_BINDING; + wpa_printf(MSG_DEBUG, "EAP-PEAP: Do not use cryptobinding"); + } else if (os_strstr(phase1, "crypto_binding=1")) { + data->crypto_binding = OPTIONAL_BINDING; + wpa_printf(MSG_DEBUG, "EAP-PEAP: Optional cryptobinding"); + } else if (os_strstr(phase1, "crypto_binding=2")) { + data->crypto_binding = REQUIRE_BINDING; + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + return 0; } diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index d6903e0..e3f33a1 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -387,6 +387,11 @@ fast_reauth=1 # challenges (by default, it accepts 2 or 3) # result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use # protected result indication. +# 'crypto_binding' option can be used to control PEAPv0 cryptobinding +# behavior: +# * 0 = do not use cryptobinding +# * 1 = use cryptobinding if server supports it (default) +# * 2 = require cryptobinding # phase2: Phase2 (inner authentication with TLS tunnel) parameters # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or # "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)