/** * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC * @wpa_s: pointer to wpa_supplicant data * @ssid: Configuration data for the network * Returns: 0 on success, -1 on failure * * This function is called when starting authentication with a network that is * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA). */ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { #ifdef IEEE8021X_EAPOL int aka = 0, sim = 0, type; if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL) return 0; if (ssid->eap.eap_methods == NULL) { sim = 1; aka = 1; } else { struct eap_method_type *eap = ssid->eap.eap_methods; while (eap->vendor != EAP_VENDOR_IETF || eap->method != EAP_TYPE_NONE) { if (eap->vendor == EAP_VENDOR_IETF) { if (eap->method == EAP_TYPE_SIM) sim = 1; else if (eap->method == EAP_TYPE_AKA) aka = 1; } eap++; } } if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL) sim = 0; if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL) aka = 0; if (!sim && !aka) { wpa_printf(MSG_DEBUG, "Selected network is configured to use " "SIM, but neither EAP-SIM nor EAP-AKA are enabled"); return 0; } wpa_printf(MSG_DEBUG, "Selected network is configured to use SIM " "(sim=%d aka=%d) - initialize PCSC", sim, aka); if (sim && aka) type = SCARD_TRY_BOTH; else if (aka) type = SCARD_USIM_ONLY; else type = SCARD_GSM_SIM_ONLY; wpa_s->scard = scard_init(type); if (wpa_s->scard == NULL) { wpa_printf(MSG_WARNING, "Failed to initialize SIM " "(pcsc-lite)"); return -1; } wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); #endif /* IEEE8021X_EAPOL */ return 0; }
static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { struct eapol_config eapol_conf; struct eapol_ctx *ctx; ctx = os_zalloc(sizeof(*ctx)); if (ctx == NULL) { printf("Failed to allocate EAPOL context.\n"); return -1; } ctx->ctx = e; ctx->msg_ctx = wpa_s; ctx->scard_ctx = wpa_s->scard; ctx->cb = eapol_sm_cb; ctx->cb_ctx = e; ctx->eapol_send_ctx = wpa_s; ctx->preauth = 0; ctx->eapol_done_cb = eapol_test_eapol_done_cb; ctx->eapol_send = eapol_test_eapol_send; ctx->set_config_blob = eapol_test_set_config_blob; ctx->get_config_blob = eapol_test_get_config_blob; ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers; ctx->eap_param_needed = eapol_test_eap_param_needed; ctx->cert_cb = eapol_test_cert_cb; ctx->cert_in_cb = 1; ctx->set_anon_id = eapol_test_set_anon_id; wpa_s->eapol = eapol_sm_init(ctx); if (wpa_s->eapol == NULL) { os_free(ctx); printf("Failed to initialize EAPOL state machines.\n"); return -1; } wpa_s->current_ssid = ssid; os_memset(&eapol_conf, 0, sizeof(eapol_conf)); eapol_conf.accept_802_1x_keys = 1; eapol_conf.required_keys = 0; eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; eapol_conf.workaround = ssid->eap_workaround; eapol_conf.external_sim = wpa_s->conf->external_sim; eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); /* 802.1X::portControl = Auto */ eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); return 0; }
static int test_eapol(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { struct eapol_config eapol_conf; struct eapol_ctx *ctx; ctx = malloc(sizeof(*ctx)); if (ctx == NULL) { printf("Failed to allocate EAPOL context.\n"); return -1; } memset(ctx, 0, sizeof(*ctx)); ctx->ctx = wpa_s; ctx->msg_ctx = wpa_s; ctx->scard_ctx = wpa_s->scard; ctx->cb = eapol_sm_cb; ctx->cb_ctx = wpa_s; ctx->preauth = 0; ctx->eapol_done_cb = eapol_test_eapol_done_cb; ctx->eapol_send = eapol_test_eapol_send; wpa_s->eapol = eapol_sm_init(ctx); if (wpa_s->eapol == NULL) { free(ctx); printf("Failed to initialize EAPOL state machines.\n"); return -1; } wpa_s->current_ssid = ssid; memset(&eapol_conf, 0, sizeof(eapol_conf)); eapol_conf.accept_802_1x_keys = 1; eapol_conf.required_keys = 0; eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; eapol_conf.workaround = ssid->eap_workaround; eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf); eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); /* 802.1X::portControl = Auto */ eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); return 0; }
static void wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { char buf[100]; size_t len; if (ssid->pcsc == NULL) return; if (wpa_s->scard != NULL) { wpa_supplicant_imsi_identity(wpa_s, ssid); return; } wpa_printf(MSG_DEBUG, "Selected network is configured to use SIM - " "initialize PCSC"); wpa_s->scard = scard_init(SCARD_TRY_BOTH, ssid->pin); if (wpa_s->scard == NULL) { wpa_printf(MSG_WARNING, "Failed to initialize SIM " "(pcsc-lite)"); /* TODO: what to do here? */ return; } eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); len = sizeof(buf); if (scard_get_imsi(wpa_s->scard, buf, &len)) { wpa_printf(MSG_WARNING, "Failed to get IMSI from SIM"); /* TODO: what to do here? */ return; } wpa_hexdump(MSG_DEBUG, "IMSI", buf, len); free(wpa_s->imsi); wpa_s->imsi = malloc(len); if (wpa_s->imsi) { wpa_s->imsi = buf; wpa_s->imsi_len = len; wpa_supplicant_imsi_identity(wpa_s, ssid); } }