EAP-TLS: Testing functionality to skip protected success indication
This server side testing functionality can be used to test EAP-TLSv1.3 peer behavior. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
95fd54b862
commit
7114e56060
8 changed files with 30 additions and 0 deletions
|
@ -4252,6 +4252,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
|||
bss->oci_freq_override_fils_assoc = atoi(pos);
|
||||
} else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) {
|
||||
bss->oci_freq_override_wnm_sleep = atoi(pos);
|
||||
} else if (os_strcmp(buf, "eap_skip_prot_success") == 0) {
|
||||
bss->eap_skip_prot_success = atoi(pos);
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
#ifdef CONFIG_SAE
|
||||
} else if (os_strcmp(buf, "sae_password") == 0) {
|
||||
|
|
|
@ -331,6 +331,9 @@ struct hostapd_bss_config {
|
|||
int eap_reauth_period;
|
||||
int erp_send_reauth_start;
|
||||
char *erp_domain;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
bool eap_skip_prot_success;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
enum macaddr_acl {
|
||||
ACCEPT_UNLESS_DENIED = 0,
|
||||
|
|
|
@ -222,6 +222,9 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
|
|||
cfg->server_id_len = 7;
|
||||
}
|
||||
cfg->erp = hapd->conf->eap_server_erp;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
cfg->skip_prot_success = hapd->conf->eap_skip_prot_success;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
return cfg;
|
||||
}
|
||||
|
|
|
@ -2448,6 +2448,9 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
|||
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
|
||||
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
|
||||
conf.erp_domain = hapd->conf->erp_domain;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
conf.eap_skip_prot_success = hapd->conf->eap_skip_prot_success;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
os_memset(&cb, 0, sizeof(cb));
|
||||
cb.eapol_send = ieee802_1x_eapol_send;
|
||||
|
|
|
@ -258,6 +258,10 @@ struct eap_config {
|
|||
|
||||
unsigned int max_auth_rounds;
|
||||
unsigned int max_auth_rounds_short;
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
bool skip_prot_success;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
};
|
||||
|
||||
struct eap_session_data {
|
||||
|
|
|
@ -94,6 +94,11 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
|||
if (data->tls_out_limit > 100)
|
||||
data->tls_out_limit -= 100;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
data->skip_prot_success = sm->cfg->skip_prot_success;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -390,6 +395,13 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
|
|||
break;
|
||||
/* fallthrough */
|
||||
case EAP_TYPE_TLS:
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (data->skip_prot_success) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"TESTING: Do not send protected success indication");
|
||||
break;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: Send protected success indication (appl data 0x00)");
|
||||
|
||||
|
|
|
@ -55,6 +55,8 @@ struct eap_ssl_data {
|
|||
* tls_v13 - Whether TLS v1.3 or newer is used
|
||||
*/
|
||||
int tls_v13;
|
||||
|
||||
bool skip_prot_success; /* testing behavior only for TLS v1.3 */
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -23,6 +23,7 @@ struct eapol_auth_config {
|
|||
size_t eap_req_id_text_len;
|
||||
int erp_send_reauth_start;
|
||||
char *erp_domain; /* a copy of this will be allocated */
|
||||
bool eap_skip_prot_success;
|
||||
|
||||
/* Opaque context pointer to owner data for callback functions */
|
||||
void *ctx;
|
||||
|
|
Loading…
Reference in a new issue