====== Howto add new EAP methods to wpa_supplicant and hostapd ======

This article is a guide for creating new EAP methods using the open source [[wp>wpa_supplicant]] EAP peer and the [[wp>hostapd]] RADIUS server.


===== Overview =====
From : http://hostap.epitest.fi/wpa_supplicant/devel/eap_module.html 

Adding EAP methods Each EAP method is implemented as a separate
module, usually as one C file named eap_<name of the method>.c, e.g.,
eap_md5.c. All EAP methods use the same interface between the peer state machine and method specific functions. This allows new EAP methods to be added without modifying the core EAP state machine implementation.

New EAP methods need to be registered by adding them into the
build (Makefile) and the EAP method registration list in the
eap_peer_register_methods() function of eap_methods.c. Each EAP method
should use a build-time configuration option, e.g., EAP_TLS, in order to make it possible to select which of the methods are included in the build.

EAP methods must implement the interface defined in eap_i.h. struct
eap_method defines the needed function pointers that each EAP method
must provide. In addition, the EAP type and name are registered using
this structure. This interface is based on section 4.4 of RFC 4137.



===== Procedure =====
 
Throughout this example, we assume that we are creating an new EAP method called EAP-KRB5 with type 88. The procedure for adding a new EAP method is the same for wpa_supplicant and hostapd.

==== Add the method to the Makefile ====
 
<code>
ifdef CONFIG_EAP_KRB5
# EAP-KRB5
ifeq ($(CONFIG_EAP_KRB5), dyn)
CFLAGS += -DEAP_KRB5_DYNAMIC
EAPDYN += eap_krb5.so
else
CFLAGS += -DEAP_KRB5
OBJS += eap_krb5.o eap_krb5_common.o
endif
CONFIG_IEEE8021X_EAPOL=y
NEED_AES=y
endif
</code>

The eap method must be linked statically and placed in the root
directory. Compilation of existing methods is as follows :

<code>
eap_krb5.so: eap_krb5.c eap_krb5_common.c
        $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
        -Deap_peer_krb5_register=eap_peer_method_dynamic_init
</code>



==== Add the method to the EAP method registration list ====

In the //eap_peer_register_methods()// function in //eap_methods.c//, add the following code :

<code c>

#ifdef EAP_KRB5
        if (ret == 0) {
                int eap_peer_krb5_register(void);
                ret = eap_peer_krb5_register();
        }
#endif /* EAP_KRB5 */

#ifdef EAP_KRB5
        if (ret == 0) {
                int eap_server_krb5_register(void);
                ret = eap_server_krb5_register();
        }
#endif /* EAP_KRB5 */


</code>

==== Add the following to .config located in the root folder ====

<code>
        CONFIG_EAP_KRB5=y
</code>

==== Add an entry in the EapType structure in eap_defs.h ====

<code>
        EAP_TYPE_KRB5 = 88 ,
</code>

{{tag>security coding howto}}