esp_wifi: Add support for EAP-FAST authentication method

components/wpa_supplicant/src/eap_peer/mschapv2.c

@@ -14,10 +14,11 @@ const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
 	size_t i;
 
 	/*
-	 * MSCHAPV2 does not include optional domain name in the
+	 * MSCHAPv2 does not include optional domain name in the
 	 * challenge-response calculation, so remove domain prefix
-	 * (if present)
+	 * (if present).
 	 */
+
 	for (i = 0; i < *len; i++) {
 		if (username[i] == '\\') {
 			*len -= i + 1;
@@ -28,31 +29,48 @@ const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
 	return username;
 }
 
+
 int mschapv2_derive_response(const u8 *identity, size_t identity_len,
-			 const u8 *password, size_t password_len,
-			 int pwhash,
-			 const u8 *auth_challenge,
-			 const u8 *peer_challenge,
-			 u8 *nt_response, u8 *auth_response,
-			 u8 *master_key)
+			     const u8 *password, size_t password_len,
+			     int pwhash,
+			     const u8 *auth_challenge,
+			     const u8 *peer_challenge,
+			     u8 *nt_response, u8 *auth_response,
+			     u8 *master_key)
 {
 	const u8 *username;
 	size_t username_len;
 	u8 password_hash[16], password_hash_hash[16];
 
+	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity",
+			  identity, identity_len);
 	username_len = identity_len;
 	username = mschapv2_remove_domain(identity, &username_len);
+	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username",
+			  username, username_len);
 
+	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge",
+		    auth_challenge, MSCHAPV2_CHAL_LEN);
+	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge",
+		    peer_challenge, MSCHAPV2_CHAL_LEN);
+	wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username",
+			  username, username_len);
+	/* Authenticator response is not really needed yet, but calculate it
+	 * here so that challenges need not be saved. */
 	if (pwhash) {
+		wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: password hash",
+				password, password_len);
 		if (generate_nt_response_pwhash(auth_challenge, peer_challenge,
 						username, username_len,
 						password, nt_response) ||
 		    generate_authenticator_response_pwhash(
-				password, peer_challenge, auth_challenge,
-				username, username_len, nt_response,
-				auth_response))
+			    password, peer_challenge, auth_challenge,
+			    username, username_len, nt_response,
+			    auth_response))
 			return -1;
 	} else {
+		wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password",
+				      password, password_len);
 		if (generate_nt_response(auth_challenge, peer_challenge,
 					 username, username_len,
 					 password, password_len,
@@ -65,7 +83,12 @@ int mschapv2_derive_response(const u8 *identity, size_t identity_len,
 						    auth_response))
 			return -1;
 	}
+	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response",
+		    nt_response, MSCHAPV2_NT_RESPONSE_LEN);
+	wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response",
+		    auth_response, MSCHAPV2_AUTH_RESPONSE_LEN);
 
+	/* Generate master_key here since we have the needed data available. */
 	if (pwhash) {
 		if (hash_nt_password_hash(password, password_hash_hash))
 			return -1;
@@ -76,17 +99,20 @@ int mschapv2_derive_response(const u8 *identity, size_t identity_len,
 	}
 	if (get_master_key(password_hash_hash, nt_response, master_key))
 		return -1;
+	wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key",
+			master_key, MSCHAPV2_MASTER_KEY_LEN);
 
 	return 0;
 }
 
+
 int mschapv2_verify_auth_response(const u8 *auth_response,
-			      const u8 *buf, size_t buf_len)
+				  const u8 *buf, size_t buf_len)
 {
 	u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN];
 	if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN ||
 	    buf[0] != 'S' || buf[1] != '=' ||
-	    hexstr2bin((char *)(buf + 2), recv_response,
+	    hexstr2bin((char *) (buf + 2), recv_response,
 		       MSCHAPV2_AUTH_RESPONSE_LEN) ||
 	    os_memcmp(auth_response, recv_response,
 		      MSCHAPV2_AUTH_RESPONSE_LEN) != 0)