EAP-TLS: Testing functionality to skip protected success indication
This server side testing functionality can be used to test EAP-TLSv1.3 peer behavior. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
95fd54b862
commit
7114e56060
8 changed files with 30 additions and 0 deletions
|
|
@ -4252,6 +4252,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
bss->oci_freq_override_fils_assoc = atoi(pos);
|
bss->oci_freq_override_fils_assoc = atoi(pos);
|
||||||
} else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) {
|
} else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) {
|
||||||
bss->oci_freq_override_wnm_sleep = atoi(pos);
|
bss->oci_freq_override_wnm_sleep = atoi(pos);
|
||||||
|
} else if (os_strcmp(buf, "eap_skip_prot_success") == 0) {
|
||||||
|
bss->eap_skip_prot_success = atoi(pos);
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
} else if (os_strcmp(buf, "sae_password") == 0) {
|
} else if (os_strcmp(buf, "sae_password") == 0) {
|
||||||
|
|
|
||||||
|
|
@ -331,6 +331,9 @@ struct hostapd_bss_config {
|
||||||
int eap_reauth_period;
|
int eap_reauth_period;
|
||||||
int erp_send_reauth_start;
|
int erp_send_reauth_start;
|
||||||
char *erp_domain;
|
char *erp_domain;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
bool eap_skip_prot_success;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
enum macaddr_acl {
|
enum macaddr_acl {
|
||||||
ACCEPT_UNLESS_DENIED = 0,
|
ACCEPT_UNLESS_DENIED = 0,
|
||||||
|
|
|
||||||
|
|
@ -222,6 +222,9 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
|
||||||
cfg->server_id_len = 7;
|
cfg->server_id_len = 7;
|
||||||
}
|
}
|
||||||
cfg->erp = hapd->conf->eap_server_erp;
|
cfg->erp = hapd->conf->eap_server_erp;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
cfg->skip_prot_success = hapd->conf->eap_skip_prot_success;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
return cfg;
|
return cfg;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2448,6 +2448,9 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
||||||
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
|
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
|
||||||
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
|
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
|
||||||
conf.erp_domain = hapd->conf->erp_domain;
|
conf.erp_domain = hapd->conf->erp_domain;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
conf.eap_skip_prot_success = hapd->conf->eap_skip_prot_success;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
os_memset(&cb, 0, sizeof(cb));
|
os_memset(&cb, 0, sizeof(cb));
|
||||||
cb.eapol_send = ieee802_1x_eapol_send;
|
cb.eapol_send = ieee802_1x_eapol_send;
|
||||||
|
|
|
||||||
|
|
@ -258,6 +258,10 @@ struct eap_config {
|
||||||
|
|
||||||
unsigned int max_auth_rounds;
|
unsigned int max_auth_rounds;
|
||||||
unsigned int max_auth_rounds_short;
|
unsigned int max_auth_rounds_short;
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
bool skip_prot_success;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct eap_session_data {
|
struct eap_session_data {
|
||||||
|
|
|
||||||
|
|
@ -94,6 +94,11 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
if (data->tls_out_limit > 100)
|
if (data->tls_out_limit > 100)
|
||||||
data->tls_out_limit -= 100;
|
data->tls_out_limit -= 100;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
data->skip_prot_success = sm->cfg->skip_prot_success;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -390,6 +395,13 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
|
||||||
break;
|
break;
|
||||||
/* fallthrough */
|
/* fallthrough */
|
||||||
case EAP_TYPE_TLS:
|
case EAP_TYPE_TLS:
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
if (data->skip_prot_success) {
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"TESTING: Do not send protected success indication");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"EAP-TLS: Send protected success indication (appl data 0x00)");
|
"EAP-TLS: Send protected success indication (appl data 0x00)");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,8 @@ struct eap_ssl_data {
|
||||||
* tls_v13 - Whether TLS v1.3 or newer is used
|
* tls_v13 - Whether TLS v1.3 or newer is used
|
||||||
*/
|
*/
|
||||||
int tls_v13;
|
int tls_v13;
|
||||||
|
|
||||||
|
bool skip_prot_success; /* testing behavior only for TLS v1.3 */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ struct eapol_auth_config {
|
||||||
size_t eap_req_id_text_len;
|
size_t eap_req_id_text_len;
|
||||||
int erp_send_reauth_start;
|
int erp_send_reauth_start;
|
||||||
char *erp_domain; /* a copy of this will be allocated */
|
char *erp_domain; /* a copy of this will be allocated */
|
||||||
|
bool eap_skip_prot_success;
|
||||||
|
|
||||||
/* Opaque context pointer to owner data for callback functions */
|
/* Opaque context pointer to owner data for callback functions */
|
||||||
void *ctx;
|
void *ctx;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue