ERP: Make eap_peer_erp_reauth_start() available

This needs to be callable through the EAPOL supplicant wrappers to allow FILS implementation to use ERP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-09 23:39:48 +03:00 · 2015-09-09 23:39:48 +03:00 · c28767e11c
commit c28767e11c
parent 5b092fb63f
4 changed files with 41 additions and 7 deletions
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@ -571,7 +571,7 @@ fail:


 #ifdef CONFIG_ERP
-static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
+struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
 {
 	char *realm;
 	struct eap_erp_key *erp;
@ -580,16 +580,16 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)

 	realm = eap_home_realm(sm);
 	if (!realm)
-		return -1;
+		return NULL;

 	erp = eap_erp_get_key(sm, realm);
 	os_free(realm);
 	realm = NULL;
 	if (!erp)
-		return -1;
+		return NULL;

 	if (erp->next_seq >= 65536)
-		return -1; /* SEQ has range of 0..65535 */
+		return NULL; /* SEQ has range of 0..65535 */

 	/* TODO: check rRK lifetime expiration */

@ -600,7 +600,7 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
 			    1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16,
 			    EAP_CODE_INITIATE, eap_id);
 	if (msg == NULL)
-		return -1;
+		return NULL;

 	wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */
 	wpabuf_put_be16(msg, erp->next_seq);
@ -614,13 +614,28 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
 	if (hmac_sha256(erp->rIK, erp->rIK_len,
 			wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
 		wpabuf_free(msg);
-		return -1;
+		return NULL;
 	}
 	wpabuf_put_data(msg, hash, 16);

-	wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
 	sm->erp_seq = erp->next_seq;
 	erp->next_seq++;
+
+	wpa_hexdump_buf(MSG_DEBUG, "ERP: EAP-Initiate/Re-auth", msg);
+
+	return msg;
+}
+
+
+static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id)
+{
+	struct wpabuf *msg;
+
+	msg = eap_peer_build_erp_reauth_start(sm, eap_id);
+	if (!msg)
+		return -1;
+
+	wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth");
 	wpabuf_free(sm->eapRespData);
 	sm->eapRespData = msg;
 	sm->reauthInit = TRUE;
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@ -348,6 +348,7 @@ void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
 void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
 int eap_peer_was_failure_expected(struct eap_sm *sm);
 void eap_peer_erp_free_keys(struct eap_sm *sm);
+struct wpabuf * eap_peer_build_erp_reauth_start(struct eap_sm *sm, u8 eap_id);

 #endif /* IEEE8021X_EAPOL */

--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@ -2158,3 +2158,15 @@ void eapol_sm_erp_flush(struct eapol_sm *sm)
 	if (sm)
 		eap_peer_erp_free_keys(sm->eap);
 }
+
+
+struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm)
+{
+#ifdef CONFIG_ERP
+	if (!sm)
+		return NULL;
+	return eap_peer_build_erp_reauth_start(sm->eap, 0);
+#else /* CONFIG_ERP */
+	return NULL;
+#endif /* CONFIG_ERP */
+}
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@ -328,6 +328,7 @@ void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm,
 			     struct ext_password_data *ext);
 int eapol_sm_failed(struct eapol_sm *sm);
 void eapol_sm_erp_flush(struct eapol_sm *sm);
+struct wpabuf * eapol_sm_build_erp_reauth_start(struct eapol_sm *sm);
 int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len);
 #else /* IEEE8021X_EAPOL */
 static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
@ -438,6 +439,11 @@ static inline int eapol_sm_failed(struct eapol_sm *sm)
 static inline void eapol_sm_erp_flush(struct eapol_sm *sm)
 {
 }
+static inline struct wpabuf *
+eapol_sm_build_erp_reauth_start(struct eapol_sm *sm)
+{
+	return NULL;
+}
 #endif /* IEEE8021X_EAPOL */

 #endif /* EAPOL_SUPP_SM_H */