From ba8857d2f486ab5b0470cdb7b84aec0929a1582b Mon Sep 17 00:00:00 2001
From: Tim Kourt <tim.a.kourt@linux.intel.com>
Date: Tue, 23 Jan 2018 15:29:13 -0800
Subject: [PATCH] eap-peap: configure Protected EAP

---
 src/eap-peap.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/src/eap-peap.c b/src/eap-peap.c
index 769c6ce9..8fc864c3 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -31,18 +31,102 @@
 
 #include "eap.h"
 
+enum peap_version {
+	PEAP_VERSION_0               = 0x00,
+	PEAP_VERSION_1               = 0x01,
+	__PEAP_VERSION_MAX_SUPPORTED = PEAP_VERSION_1,
+	PEAP_VERSION_MASK            = 0x07,
+	PEAP_VERSION_NOT_NEGOTIATED  = 0x08,
+};
+
+struct eap_peap_state {
+	enum peap_version version;
+
+	char *ca_cert;
+	char *client_cert;
+	char *client_key;
+	char *passphrase;
+};
+
+static void eap_peap_free(struct eap_state *eap)
+{
+	struct eap_peap_state *peap = eap_get_data(eap);
+
+	eap_set_data(eap, NULL);
+
+	l_free(peap->ca_cert);
+	l_free(peap->client_cert);
+	l_free(peap->client_key);
+	l_free(peap->passphrase);
+
+	l_free(peap);
+}
+
 static void eap_peap_handle_request(struct eap_state *eap,
 					const uint8_t *pkt, size_t len)
 {
 	eap_method_error(eap);
 }
 
+static bool eap_peap_load_settings(struct eap_state *eap,
+					struct l_settings *settings,
+					const char *prefix)
+{
+	struct eap_peap_state *peap;
+	char entry[64];
+
+	peap = l_new(struct eap_peap_state, 1);
+
+	peap->version = PEAP_VERSION_NOT_NEGOTIATED;
+
+	snprintf(entry, sizeof(entry), "%sPEAP-CACert", prefix);
+	peap->ca_cert = l_strdup(l_settings_get_value(settings, "Security",
+									entry));
+
+	snprintf(entry, sizeof(entry), "%sPEAP-ClientCert", prefix);
+	peap->client_cert = l_strdup(l_settings_get_value(settings, "Security",
+									entry));
+
+	snprintf(entry, sizeof(entry), "%sPEAP-ClientKey", prefix);
+	peap->client_key = l_strdup(l_settings_get_value(settings, "Security",
+									entry));
+
+	snprintf(entry, sizeof(entry), "%sPEAP-ClientKeyPassphrase", prefix);
+	peap->passphrase = l_strdup(l_settings_get_value(settings, "Security",
+									entry));
+
+	if (!peap->client_cert && peap->client_key) {
+		l_error("Client key present but no client certificate");
+		goto error;
+	}
+
+	if (!peap->client_key && peap->passphrase) {
+		l_error("Passphrase present but no client private key");
+		goto error;
+	}
+
+	eap_set_data(eap, peap);
+
+	return true;
+
+error:
+	l_free(peap->ca_cert);
+	l_free(peap->client_cert);
+	l_free(peap->client_key);
+	l_free(peap->passphrase);
+	l_free(peap);
+
+	return false;
+}
+
 static struct eap_method eap_peap = {
 	.request_type = EAP_TYPE_PEAP,
 	.name = "PEAP",
 	.exports_msk = true,
 
 	.handle_request = eap_peap_handle_request,
+	.load_settings = eap_peap_load_settings,
+	.free = eap_peap_free,
 };
 
 static int eap_peap_init(void)