diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 442c757f1..0b6858a71 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4252,6 +4252,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->oci_freq_override_fils_assoc = atoi(pos); } else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) { bss->oci_freq_override_wnm_sleep = atoi(pos); + } else if (os_strcmp(buf, "eap_skip_prot_success") == 0) { + bss->eap_skip_prot_success = atoi(pos); #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_SAE } else if (os_strcmp(buf, "sae_password") == 0) { diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 4b37a5c59..18d1af2e5 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -331,6 +331,9 @@ struct hostapd_bss_config { int eap_reauth_period; int erp_send_reauth_start; char *erp_domain; +#ifdef CONFIG_TESTING_OPTIONS + bool eap_skip_prot_success; +#endif /* CONFIG_TESTING_OPTIONS */ enum macaddr_acl { ACCEPT_UNLESS_DENIED = 0, diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index 8e12daf40..35df59803 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -222,6 +222,9 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd) cfg->server_id_len = 7; } cfg->erp = hapd->conf->eap_server_erp; +#ifdef CONFIG_TESTING_OPTIONS + cfg->skip_prot_success = hapd->conf->eap_skip_prot_success; +#endif /* CONFIG_TESTING_OPTIONS */ return cfg; } diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 753c88335..fb5e92060 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -2448,6 +2448,9 @@ int ieee802_1x_init(struct hostapd_data *hapd) conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len; conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start; conf.erp_domain = hapd->conf->erp_domain; +#ifdef CONFIG_TESTING_OPTIONS + conf.eap_skip_prot_success = hapd->conf->eap_skip_prot_success; +#endif /* CONFIG_TESTING_OPTIONS */ os_memset(&cb, 0, sizeof(cb)); cb.eapol_send = ieee802_1x_eapol_send; diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h index 61032cc01..f1d3a9c99 100644 --- a/src/eap_server/eap.h +++ b/src/eap_server/eap.h @@ -258,6 +258,10 @@ struct eap_config { unsigned int max_auth_rounds; unsigned int max_auth_rounds_short; + +#ifdef CONFIG_TESTING_OPTIONS + bool skip_prot_success; +#endif /* CONFIG_TESTING_OPTIONS */ }; struct eap_session_data { diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c index 52e501904..717af2e89 100644 --- a/src/eap_server/eap_server_tls_common.c +++ b/src/eap_server/eap_server_tls_common.c @@ -94,6 +94,11 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, if (data->tls_out_limit > 100) data->tls_out_limit -= 100; } + +#ifdef CONFIG_TESTING_OPTIONS + data->skip_prot_success = sm->cfg->skip_prot_success; +#endif /* CONFIG_TESTING_OPTIONS */ + return 0; } @@ -390,6 +395,13 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data) break; /* fallthrough */ case EAP_TYPE_TLS: +#ifdef CONFIG_TESTING_OPTIONS + if (data->skip_prot_success) { + wpa_printf(MSG_INFO, + "TESTING: Do not send protected success indication"); + break; + } +#endif /* CONFIG_TESTING_OPTIONS */ wpa_printf(MSG_DEBUG, "EAP-TLS: Send protected success indication (appl data 0x00)"); diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h index b0723a1fa..ad28c7962 100644 --- a/src/eap_server/eap_tls_common.h +++ b/src/eap_server/eap_tls_common.h @@ -55,6 +55,8 @@ struct eap_ssl_data { * tls_v13 - Whether TLS v1.3 or newer is used */ int tls_v13; + + bool skip_prot_success; /* testing behavior only for TLS v1.3 */ }; diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h index 5fe89c64b..61b7039d6 100644 --- a/src/eapol_auth/eapol_auth_sm.h +++ b/src/eapol_auth/eapol_auth_sm.h @@ -23,6 +23,7 @@ struct eapol_auth_config { size_t eap_req_id_text_len; int erp_send_reauth_start; char *erp_domain; /* a copy of this will be allocated */ + bool eap_skip_prot_success; /* Opaque context pointer to owner data for callback functions */ void *ctx;