Search
Home | Topics | Links | About

Howto add new EAP methods to wpa_supplicant and hostapd

This article is a guide for creating new EAP methods using the open source wpa_supplicant EAP peer and the hostapd RADIUS server.


Overview

From : http://hostap.epitest.fi/wpa_supplicant/devel/eap_module.html

Adding EAP methods Each EAP method is implemented as a separate module, usually as one C file named eap_<name of the method>.c, e.g., eap_md5.c. All EAP methods use the same interface between the peer state machine and method specific functions. This allows new EAP methods to be added without modifying the core EAP state machine implementation.

New EAP methods need to be registered by adding them into the build (Makefile) and the EAP method registration list in the eap_peer_register_methods() function of eap_methods.c. Each EAP method should use a build-time configuration option, e.g., EAP_TLS, in order to make it possible to select which of the methods are included in the build.

EAP methods must implement the interface defined in eap_i.h. struct eap_method defines the needed function pointers that each EAP method must provide. In addition, the EAP type and name are registered using this structure. This interface is based on section 4.4 of RFC 4137.


Procedure

Throughout this example, we assume that we are creating an new EAP method called EAP-KRB5 with type 88. The procedure for adding a new EAP method is the same for wpa_supplicant and hostapd.


Add the method to the Makefile

ifdef CONFIG_EAP_KRB5
# EAP-KRB5
ifeq ($(CONFIG_EAP_KRB5), dyn)
CFLAGS += -DEAP_KRB5_DYNAMIC
EAPDYN += eap_krb5.so
else
CFLAGS += -DEAP_KRB5
OBJS += eap_krb5.o eap_krb5_common.o
endif
CONFIG_IEEE8021X_EAPOL=y
NEED_AES=y
endif

The eap method must be linked statically and placed in the root directory. Compilation of existing methods is as follows : 

eap_krb5.so: eap_krb5.c eap_krb5_common.c
        $(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
        -Deap_peer_krb5_register=eap_peer_method_dynamic_init

Add the method to the EAP method registration list

In the eap_peer_register_methods() function in eap_methods.c, add the following code : 

#ifdef EAP_KRB5
        if (ret == 0) {
                int eap_peer_krb5_register(void);
                ret = eap_peer_krb5_register();
        }
#endif /* EAP_KRB5 */
 
#ifdef EAP_KRB5
        if (ret == 0) {
                int eap_server_krb5_register(void);
                ret = eap_server_krb5_register();
        }
#endif /* EAP_KRB5 */

Add the following to .config located in the root folder

        CONFIG_EAP_KRB5=y

Add an entry in the EapType structure in eap_defs.h

        EAP_TYPE_KRB5 = 88 ,


Labels: , , Wireless Internet Security Coding Network Monitoring

Comment

Enter your comment (wiki syntax is allowed):
HRWEK

Subscribe for more

Via RSS
wireless security and more 
Or, via email





web metrics



 
 

Wireless Internet Security Performance RADIUS server Wireless Internet Security Performance RADIUS server