DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

ERP: Add support for ERP on EAP server and authenticator

Browse source 
Derive rRK and rIK on EAP server if ERP is enabled and use these keys to
allow EAP re-authentication to be used and to derive rMSK.

The new hostapd configuration parameter eap_server_erp=1 can now be used
to configure the integrated EAP server to derive EMSK, rRK, and rIK at
the successful completion of an EAP authentication method. This
functionality is not included in the default build and can be enabled
with CONFIG_ERP=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-11-29 21:28:24 +02:00
parent e2ee327b19
commit d3bddd8b84
15 changed files with 676 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/eap_server/eap_i.h
View file

@ -117,7 +117,7 @@ struct eap_sm {
EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
EAP_INITIATE_REAUTH_START
EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
} EAP_state;
/* Constants */
@ -139,6 +139,7 @@ struct eap_sm {
/* Short-term (not maintained between packets) */
Boolean rxResp;
Boolean rxInitiate;
int respId;
EapType respMethod;
int respVendor;
@ -208,6 +209,7 @@ struct eap_sm {
Boolean initiate_reauth_start_sent;
Boolean try_initiate_reauth;
int erp;
#ifdef CONFIG_TESTING_OPTIONS
u32 tls_test_flags;