2 * Example application showing how EAP server code from hostapd can be used as
4 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
13 #include "crypto/tls.h"
14 #include "eap_server/eap.h"
17 void eap_example_peer_rx(const u8 *data, size_t data_len);
20 struct eap_server_ctx {
21 struct eap_eapol_interface *eap_if;
26 static struct eap_server_ctx eap_ctx;
29 static int server_get_eap_user(void *ctx, const u8 *identity,
30 size_t identity_len, int phase2,
31 struct eap_user *user)
33 os_memset(user, 0, sizeof(*user));
36 /* Only allow EAP-PEAP as the Phase 1 method */
37 user->methods[0].vendor = EAP_VENDOR_IETF;
38 user->methods[0].method = EAP_TYPE_PEAP;
42 if (identity_len != 4 || identity == NULL ||
43 os_memcmp(identity, "user", 4) != 0) {
44 printf("Unknown user\n");
48 /* Only allow EAP-MSCHAPv2 as the Phase 2 method */
49 user->methods[0].vendor = EAP_VENDOR_IETF;
50 user->methods[0].method = EAP_TYPE_MSCHAPV2;
51 user->password = (u8 *) os_strdup("password");
52 user->password_len = 8;
58 static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
65 static struct eapol_callbacks eap_cb;
66 static struct eap_config eap_conf;
68 static int eap_example_server_init_tls(void)
70 struct tls_config tconf;
71 struct tls_connection_params tparams;
73 os_memset(&tconf, 0, sizeof(tconf));
74 eap_ctx.tls_ctx = tls_init(&tconf);
75 if (eap_ctx.tls_ctx == NULL)
78 os_memset(&tparams, 0, sizeof(tparams));
79 tparams.ca_cert = "ca.pem";
80 tparams.client_cert = "server.pem";
81 /* tparams.private_key = "server.key"; */
82 tparams.private_key = "server-key.pem";
83 /* tparams.private_key_passwd = "whatever"; */
84 tparams.dh_file = "dh.conf";
86 if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
87 printf("Failed to set TLS parameters\n");
91 if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
92 printf("Failed to set check_crl\n");
100 static int eap_server_register_methods(void)
104 #ifdef EAP_SERVER_IDENTITY
106 ret = eap_server_identity_register();
107 #endif /* EAP_SERVER_IDENTITY */
109 #ifdef EAP_SERVER_MD5
111 ret = eap_server_md5_register();
112 #endif /* EAP_SERVER_MD5 */
114 #ifdef EAP_SERVER_TLS
116 ret = eap_server_tls_register();
117 #endif /* EAP_SERVER_TLS */
119 #ifdef EAP_SERVER_MSCHAPV2
121 ret = eap_server_mschapv2_register();
122 #endif /* EAP_SERVER_MSCHAPV2 */
124 #ifdef EAP_SERVER_PEAP
126 ret = eap_server_peap_register();
127 #endif /* EAP_SERVER_PEAP */
129 #ifdef EAP_SERVER_TLV
131 ret = eap_server_tlv_register();
132 #endif /* EAP_SERVER_TLV */
134 #ifdef EAP_SERVER_GTC
136 ret = eap_server_gtc_register();
137 #endif /* EAP_SERVER_GTC */
139 #ifdef EAP_SERVER_TTLS
141 ret = eap_server_ttls_register();
142 #endif /* EAP_SERVER_TTLS */
144 #ifdef EAP_SERVER_SIM
146 ret = eap_server_sim_register();
147 #endif /* EAP_SERVER_SIM */
149 #ifdef EAP_SERVER_AKA
151 ret = eap_server_aka_register();
152 #endif /* EAP_SERVER_AKA */
154 #ifdef EAP_SERVER_AKA_PRIME
156 ret = eap_server_aka_prime_register();
157 #endif /* EAP_SERVER_AKA_PRIME */
159 #ifdef EAP_SERVER_PAX
161 ret = eap_server_pax_register();
162 #endif /* EAP_SERVER_PAX */
164 #ifdef EAP_SERVER_PSK
166 ret = eap_server_psk_register();
167 #endif /* EAP_SERVER_PSK */
169 #ifdef EAP_SERVER_SAKE
171 ret = eap_server_sake_register();
172 #endif /* EAP_SERVER_SAKE */
174 #ifdef EAP_SERVER_GPSK
176 ret = eap_server_gpsk_register();
177 #endif /* EAP_SERVER_GPSK */
179 #ifdef EAP_SERVER_VENDOR_TEST
181 ret = eap_server_vendor_test_register();
182 #endif /* EAP_SERVER_VENDOR_TEST */
184 #ifdef EAP_SERVER_FAST
186 ret = eap_server_fast_register();
187 #endif /* EAP_SERVER_FAST */
189 #ifdef EAP_SERVER_WSC
191 ret = eap_server_wsc_register();
192 #endif /* EAP_SERVER_WSC */
194 #ifdef EAP_SERVER_IKEV2
196 ret = eap_server_ikev2_register();
197 #endif /* EAP_SERVER_IKEV2 */
199 #ifdef EAP_SERVER_TNC
201 ret = eap_server_tnc_register();
202 #endif /* EAP_SERVER_TNC */
208 int eap_example_server_init(void)
210 if (eap_server_register_methods() < 0)
213 os_memset(&eap_ctx, 0, sizeof(eap_ctx));
215 if (eap_example_server_init_tls() < 0)
218 os_memset(&eap_cb, 0, sizeof(eap_cb));
219 eap_cb.get_eap_user = server_get_eap_user;
220 eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
222 os_memset(&eap_conf, 0, sizeof(eap_conf));
223 eap_conf.eap_server = 1;
224 eap_conf.ssl_ctx = eap_ctx.tls_ctx;
226 eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
227 if (eap_ctx.eap == NULL)
230 eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
232 /* Enable "port" and request EAP to start authentication. */
233 eap_ctx.eap_if->portEnabled = TRUE;
234 eap_ctx.eap_if->eapRestart = TRUE;
240 void eap_example_server_deinit(void)
242 eap_server_sm_deinit(eap_ctx.eap);
243 eap_server_unregister_methods();
244 tls_deinit(eap_ctx.tls_ctx);
248 int eap_example_server_step(void)
250 int res, process = 0;
252 res = eap_server_sm_step(eap_ctx.eap);
254 if (eap_ctx.eap_if->eapReq) {
255 printf("==> Request\n");
257 eap_ctx.eap_if->eapReq = 0;
260 if (eap_ctx.eap_if->eapSuccess) {
261 printf("==> Success\n");
264 eap_ctx.eap_if->eapSuccess = 0;
266 if (eap_ctx.eap_if->eapKeyAvailable) {
267 wpa_hexdump(MSG_DEBUG, "EAP keying material",
268 eap_ctx.eap_if->eapKeyData,
269 eap_ctx.eap_if->eapKeyDataLen);
273 if (eap_ctx.eap_if->eapFail) {
274 printf("==> Fail\n");
276 eap_ctx.eap_if->eapFail = 0;
279 if (process && eap_ctx.eap_if->eapReqData) {
280 /* Send EAP response to the server */
281 eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
282 wpabuf_len(eap_ctx.eap_if->eapReqData));
289 void eap_example_server_rx(const u8 *data, size_t data_len)
291 /* Make received EAP message available to the EAP library */
292 wpabuf_free(eap_ctx.eap_if->eapRespData);
293 eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
294 if (eap_ctx.eap_if->eapRespData)
295 eap_ctx.eap_if->eapResp = TRUE;