/**
* eap_tls_process_input - Process incoming TLS message
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @data: Data for TLS processing
* @in_data: Message received from the server
* @in_len: Length of in_data
* @out_data: Buffer for returning a pointer to application data (if available)
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
* is available, -1 on failure
*/
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
const u8 *in_data, size_t in_len,
struct wpabuf **out_data)
{
const u8 *msg;
size_t msg_len;
int need_more_input;
u8 *appl_data;
size_t appl_data_len;
msg = eap_peer_tls_data_reassemble(data, in_data, in_len,
&msg_len, &need_more_input);
if (msg == NULL)
return need_more_input ? 1 : -1;
/* Full TLS message reassembled - continue handshake processing */
if (data->tls_out) {
/* This should not happen.. */
wpa_printf(MSG_INFO, "SSL: eap_tls_process_input - pending "
"tls_out data even though tls_out_len = 0");
os_free(data->tls_out);
WPA_ASSERT(data->tls_out == NULL);
}
appl_data = NULL;
data->tls_out = tls_connection_handshake(sm->ssl_ctx, data->conn,
msg, msg_len,
&data->tls_out_len,
&appl_data, &appl_data_len);
eap_peer_tls_reset_input(data);
if (appl_data &&
tls_connection_established(sm->ssl_ctx, data->conn) &&
!tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application data",
appl_data, appl_data_len);
*out_data = wpabuf_alloc_ext_data(appl_data, appl_data_len);
if (*out_data == NULL) {
os_free(appl_data);
return -1;
}
return 2;
}
os_free(appl_data);
return 0;
}
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
const u8 *in_data, size_t in_len,
u8 **out_data, size_t *out_len)
{
const u8 *msg;
size_t msg_len;
int need_more_input;
u8 *appl_data;
size_t appl_data_len;
msg = eap_tls_data_reassemble(sm, data, in_data, in_len,
&msg_len, &need_more_input);
if (msg == NULL)
return need_more_input ? 1 : -1;
/* Full TLS message reassembled - continue handshake processing */
if (data->tls_out) {
/* This should not happen.. */
wpa_printf(MSG_INFO, "SSL: eap_tls_process_helper - pending "
"tls_out data even though tls_out_len = 0");
os_free(data->tls_out);
WPA_ASSERT(data->tls_out == NULL);
}
appl_data = NULL;
data->tls_out = tls_connection_handshake(sm->ssl_ctx, data->conn,
msg, msg_len,
&data->tls_out_len,
&appl_data, &appl_data_len);
/* Clear reassembled input data (if the buffer was needed). */
data->tls_in_left = data->tls_in_total = data->tls_in_len = 0;
os_free(data->tls_in);
data->tls_in = NULL;
if (appl_data &&
tls_connection_established(sm->ssl_ctx, data->conn) &&
!tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application data",
appl_data, appl_data_len);
*out_data = appl_data;
*out_len = appl_data_len;
return 2;
}
os_free(appl_data);
return 0;
}
static u8 * eap_tls_build_req(struct eap_sm *sm, struct eap_tls_data *data,
int id, size_t *reqDataLen)
{
int res;
u8 *req;
res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id,
&req, reqDataLen);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
data->state = SUCCESS;
}
if (res == 1)
return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_TLS, 0);
return req;
}
static u8 * eap_tls_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const u8 *reqData, size_t reqDataLen,
size_t *respDataLen)
{
const struct eap_hdr *req;
size_t left;
int res;
u8 flags, *resp, id;
const u8 *pos;
struct eap_tls_data *data = priv;
pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret,
reqData, reqDataLen, &left, &flags);
if (pos == NULL)
return NULL;
req = (const struct eap_hdr *) reqData;
id = req->identifier;
if (flags & EAP_TLS_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
left = 0; /* make sure that this frame is empty, even though it
* should always be, anyway */
}
resp = NULL;
res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos,
left, &resp, respDataLen);
if (res < 0) {
return eap_tls_failure(sm, data, ret, res, resp, id,
respDataLen);
}
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
eap_tls_success(sm, data, ret);
if (res == 1) {
return eap_tls_build_ack(&data->ssl, respDataLen, id,
EAP_TYPE_TLS, 0);
}
return resp;
}
static void eap_peap_process_msg(struct eap_sm *sm, void *priv,
const struct wpabuf *respData)
{
struct eap_peap_data *data = priv;
switch (data->state) {
case PHASE1:
if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
eap_peap_state(data, FAILURE);
break;
}
if (data->peap_version >= 2 &&
tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
if (eap_peapv2_start_phase2(sm, data)) {
eap_peap_state(data, FAILURE);
break;
}
}
break;
case PHASE2_START:
eap_peap_state(data, PHASE2_ID);
eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY);
break;
case PHASE1_ID2:
case PHASE2_ID:
case PHASE2_METHOD:
case PHASE2_SOH:
case PHASE2_TLV:
eap_peap_process_phase2(sm, data, respData, data->ssl.in_buf);
break;
case SUCCESS_REQ:
eap_peap_state(data, SUCCESS);
break;
case FAILURE_REQ:
eap_peap_state(data, FAILURE);
break;
default:
wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s",
data->state, __func__);
break;
}
}
static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
{
struct eap_tls_data *data = priv;
struct wpabuf *res;
if (data->ssl.state == FRAG_ACK) {
return eap_server_tls_build_ack(id, data->eap_type, 0);
}
if (data->ssl.state == WAIT_FRAG_ACK) {
res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0,
id);
goto check_established;
}
switch (data->state) {
case START:
return eap_tls_build_start(sm, data, id);
case CONTINUE:
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
data->established = 1;
break;
default:
wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d",
__func__, data->state);
return NULL;
}
res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id);
check_established:
if (data->established && data->ssl.state != WAIT_FRAG_ACK) {
/* TLS handshake has been completed and there are no more
* fragments waiting to be sent out. */
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
eap_tls_state(data, SUCCESS);
eap_tls_valid_session(sm, data);
}
return res;
}
static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
size_t left;
int res;
struct wpabuf *resp;
u8 flags, id;
const u8 *pos;
struct eap_tls_data *data = priv;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret,
reqData, &left, &flags);
if (pos == NULL)
return NULL;
id = eap_get_id(reqData);
if (flags & EAP_TLS_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
left = 0; /* make sure that this frame is empty, even though it
* should always be, anyway */
}
resp = NULL;
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id,
pos, left, &resp);
if (res < 0) {
return eap_tls_failure(sm, data, ret, res, resp, id);
}
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
eap_tls_success(sm, data, ret);
if (res == 1) {
wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_TLS, 0);
}
return resp;
}
static int eap_fast_process_phase1(struct eap_sm *sm,
struct eap_fast_data *data)
{
if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
wpa_printf(MSG_INFO, "EAP-FAST: TLS processing failed");
eap_fast_state(data, FAILURE);
return -1;
}
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
wpabuf_len(data->ssl.tls_out) > 0)
return 1;
/*
* Phase 1 was completed with the received message (e.g., when using
* abbreviated handshake), so Phase 2 can be started immediately
* without having to send through an empty message to the peer.
*/
return eap_fast_phase1_done(sm, data);
}
static u8 * eap_peap_build_req(struct eap_sm *sm, struct eap_peap_data *data,
int id, size_t *reqDataLen)
{
int res;
u8 *req;
res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_PEAP,
data->peap_version, id, &req,
reqDataLen);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, starting "
"Phase2");
eap_peap_state(data, PHASE2_START);
}
if (res == 1)
return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_PEAP,
data->peap_version);
return req;
}
static void eap_tls_process(struct eap_sm *sm, void *priv,
struct wpabuf *respData)
{
struct eap_tls_data *data = priv;
const struct wpabuf *buf;
const u8 *pos;
if (eap_server_tls_process(sm, &data->ssl, respData, data,
data->eap_type, NULL, eap_tls_process_msg) <
0) {
eap_tls_state(data, FAILURE);
return;
}
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
!tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
return;
buf = tls_connection_get_success_data(data->ssl.conn);
if (!buf || wpabuf_len(buf) < 1) {
wpa_printf(MSG_DEBUG,
"EAP-TLS: No success data in resumed session - reject attempt");
eap_tls_state(data, FAILURE);
return;
}
pos = wpabuf_head(buf);
if (*pos != data->eap_type) {
wpa_printf(MSG_DEBUG,
"EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
*pos);
eap_tls_state(data, FAILURE);
return;
}
wpa_printf(MSG_DEBUG,
"EAP-TLS: Resuming previous session");
eap_tls_state(data, SUCCESS);
tls_connection_set_success_data_resumed(data->ssl.conn);
}
static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
data->phase2_success;
}
static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
const struct eap_hdr *req;
size_t left;
int res;
u8 flags, id;
struct wpabuf *resp;
const u8 *pos;
struct eap_peap_data *data = priv;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
reqData, &left, &flags);
if (pos == NULL)
return NULL;
req = wpabuf_head(reqData);
id = req->identifier;
if (flags & EAP_TLS_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own "
"ver=%d)", flags & EAP_TLS_VERSION_MASK,
data->peap_version);
if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version)
data->peap_version = flags & EAP_TLS_VERSION_MASK;
if (data->force_peap_version >= 0 &&
data->force_peap_version != data->peap_version) {
wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select "
"forced PEAP version %d",
data->force_peap_version);
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
ret->allowNotifications = FALSE;
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-PEAP: Using PEAP version %d",
data->peap_version);
left = 0; /* make sure that this frame is empty, even though it
* should always be, anyway */
}
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
struct wpabuf msg;
wpabuf_set(&msg, pos, left);
res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
} else {
res = eap_peer_tls_process_helper(sm, &data->ssl,
EAP_TYPE_PEAP,
data->peap_version, id, pos,
left, &resp);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char *label;
wpa_printf(MSG_DEBUG,
"EAP-PEAP: TLS done, proceed to Phase 2");
os_free(data->key_data);
/* draft-josefsson-ppext-eap-tls-eap-05.txt
* specifies that PEAPv1 would use "client PEAP
* encryption" as the label. However, most existing
* PEAPv1 implementations seem to be using the old
* label, "client EAP encryption", instead. Use the old
* label by default, but allow it to be configured with
* phase1 parameter peaplabel=1. */
if (data->peap_version > 1 || data->force_new_label)
label = "client PEAP encryption";
else
label = "client EAP encryption";
wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
"key derivation", label);
data->key_data =
eap_peer_tls_derive_key(sm, &data->ssl, label,
EAP_TLS_KEY_LEN);
if (data->key_data) {
wpa_hexdump_key(MSG_DEBUG,
"EAP-PEAP: Derived key",
data->key_data,
EAP_TLS_KEY_LEN);
} else {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
"derive key");
}
if (sm->workaround && data->resuming) {
/*
* At least few RADIUS servers (Aegis v1.1.6;
* but not v1.1.4; and Cisco ACS) seem to be
* terminating PEAPv1 (Aegis) or PEAPv0 (Cisco
* ACS) session resumption with outer
* EAP-Success. This does not seem to follow
* draft-josefsson-pppext-eap-tls-eap-05.txt
* section 4.2, so only allow this if EAP
* workarounds are enabled.
*/
wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
"allow outer EAP-Success to "
"terminate PEAP resumption");
ret->decision = DECISION_COND_SUCC;
data->phase2_success = 1;
}
data->resuming = 0;
}
if (res == 2) {
struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
wpabuf_set(&msg, pos, left);
res = eap_peap_decrypt(sm, data, ret, req, &msg,
&resp);
}
}
if (ret->methodState == METHOD_DONE) {
ret->allowNotifications = FALSE;
}
if (res == 1) {
wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_PEAP,
data->peap_version);
}
return resp;
}
static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id)
{
struct eap_fast_data *data = priv;
struct wpabuf *req = NULL;
int piggyback = 0;
if (data->ssl.state == FRAG_ACK) {
return eap_server_tls_build_ack(id, EAP_TYPE_FAST,
data->fast_version);
}
if (data->ssl.state == WAIT_FRAG_ACK) {
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_FAST,
data->fast_version, id);
}
switch (data->state) {
case START:
return eap_fast_build_start(sm, data, id);
case PHASE1:
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
if (eap_fast_phase1_done(sm, data) < 0)
return NULL;
if (data->state == PHASE2_START) {
/*
* Try to generate Phase 2 data to piggyback
* with the end of Phase 1 to avoid extra
* roundtrip.
*/
wpa_printf(MSG_DEBUG, "EAP-FAST: Try to start "
"Phase 2");
if (eap_fast_process_phase2_start(sm, data))
break;
req = eap_fast_build_phase2_req(sm, data, id);
piggyback = 1;
}
}
break;
case PHASE2_ID:
case PHASE2_METHOD:
req = eap_fast_build_phase2_req(sm, data, id);
break;
case CRYPTO_BINDING:
req = eap_fast_build_crypto_binding(sm, data);
if (data->phase2_method) {
/*
* Include the start of the next EAP method in the
* sequence in the same message with Crypto-Binding to
* save a round-trip.
*/
struct wpabuf *eap;
eap = eap_fast_build_phase2_req(sm, data, id);
req = wpabuf_concat(req, eap);
eap_fast_state(data, PHASE2_METHOD);
}
break;
case REQUEST_PAC:
req = eap_fast_build_pac(sm, data);
break;
default:
wpa_printf(MSG_DEBUG, "EAP-FAST: %s - unexpected state %d",
__func__, data->state);
return NULL;
}
if (req &&
eap_fast_encrypt_phase2(sm, data, req, piggyback) < 0)
return NULL;
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_FAST,
data->fast_version, id);
}
/**
* eap_tls_process_output - Process outgoing TLS message
* @data: Data for TLS processing
* @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)
* @peap_version: Version number for EAP-PEAP/TTLS
* @id: EAP identifier for the response
* @ret: Return value to use on success
* @out_data: Buffer for returning the allocated output buffer
* Returns: ret (0 or 1) on success, -1 on failure
*/
static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
int peap_version, u8 id, int ret,
struct wpabuf **out_data)
{
size_t len;
u8 *flags;
int more_fragments, length_included;
if (data->tls_out == NULL)
return -1;
len = wpabuf_len(data->tls_out) - data->tls_out_pos;
wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total "
"%lu bytes)",
(unsigned long) len,
(unsigned long) wpabuf_len(data->tls_out));
/*
* Limit outgoing message to the configured maximum size. Fragment
* message if needed.
*/
if (len > data->tls_out_limit) {
more_fragments = 1;
len = data->tls_out_limit;
wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments "
"will follow", (unsigned long) len);
} else
more_fragments = 0;
length_included = data->tls_out_pos == 0 &&
(wpabuf_len(data->tls_out) > data->tls_out_limit ||
data->include_tls_length);
if (!length_included &&
eap_type == EAP_TYPE_PEAP && peap_version == 0 &&
!tls_connection_established(data->eap->ssl_ctx, data->conn)) {
/*
* Windows Server 2008 NPS really wants to have the TLS Message
* length included in phase 0 even for unfragmented frames or
* it will get very confused with Compound MAC calculation and
* Outer TLVs.
*/
length_included = 1;
}
*out_data = eap_tls_msg_alloc(eap_type, 1 + length_included * 4 + len,
EAP_CODE_RESPONSE, id);
if (*out_data == NULL)
return -1;
flags = wpabuf_put(*out_data, 1);
*flags = peap_version;
if (more_fragments)
*flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
if (length_included) {
*flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
wpabuf_put_be32(*out_data, wpabuf_len(data->tls_out));
}
wpabuf_put_data(*out_data,
wpabuf_head_u8(data->tls_out) + data->tls_out_pos,
len);
data->tls_out_pos += len;
if (!more_fragments)
eap_peer_tls_reset_output(data);
return ret;
}
static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
{
struct eap_peap_data *data = priv;
if (data->ssl.state == FRAG_ACK) {
return eap_server_tls_build_ack(id, EAP_TYPE_PEAP,
data->peap_version);
}
if (data->ssl.state == WAIT_FRAG_ACK) {
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP,
data->peap_version, id);
}
switch (data->state) {
case START:
return eap_peap_build_start(sm, data, id);
case PHASE1:
case PHASE1_ID2:
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, "
"starting Phase2");
eap_peap_state(data, PHASE2_START);
}
break;
case PHASE2_ID:
case PHASE2_METHOD:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id);
break;
#ifdef EAP_SERVER_TNC
case PHASE2_SOH:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id);
break;
#endif /* EAP_SERVER_TNC */
case PHASE2_TLV:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
break;
case SUCCESS_REQ:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
1);
break;
case FAILURE_REQ:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
0);
break;
default:
wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d",
__func__, data->state);
return NULL;
}
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP,
data->peap_version, id);
}
static Boolean eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
{
struct eap_tls_data *data = priv;
return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
}
static u8 * eap_tls_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const u8 *reqData, size_t reqDataLen,
size_t *respDataLen)
{
struct wpa_ssid *config = eap_get_config(sm);
const struct eap_hdr *req;
size_t left;
int res;
u8 flags, *resp, id;
const u8 *pos;
struct eap_tls_data *data = priv;
pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret,
reqData, reqDataLen, &left, &flags);
if (pos == NULL)
return NULL;
req = (const struct eap_hdr *) reqData;
id = req->identifier;
if (flags & EAP_TLS_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
left = 0; /* make sure that this frame is empty, even though it
* should always be, anyway */
}
resp = NULL;
res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos,
left, &resp, respDataLen);
if (res < 0) {
wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_FAIL;
if (res == -1) {
/*
* The TLS handshake failed. So better forget the old
* PIN. It may be wrong, we can't be sure but trying
* the wrong one again might block it on the card - so
* better ask the user again.
*/
free(config->pin);
config->pin = NULL;
}
if (resp) {
/* This is likely an alert message, so send it instead
* of just ACKing the error. */
return resp;
}
return eap_tls_build_ack(&data->ssl, respDataLen, id,
EAP_TYPE_TLS, 0);
}
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
free(data->key_data);
data->key_data = eap_tls_derive_key(sm, &data->ssl,
"client EAP encryption",
EAP_TLS_KEY_LEN);
if (data->key_data) {
wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
data->key_data, EAP_TLS_KEY_LEN);
} else {
wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key");
}
}
if (res == 1) {
return eap_tls_build_ack(&data->ssl, respDataLen, id,
EAP_TYPE_TLS, 0);
}
return resp;
}
static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
const struct eap_hdr *req;
size_t left;
int res;
u8 flags, id;
struct wpabuf *resp;
const u8 *pos;
struct eap_fast_data *data = priv;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
reqData, &left, &flags);
if (pos == NULL)
return NULL;
req = wpabuf_head(reqData);
id = req->identifier;
if (flags & EAP_TLS_FLAGS_START) {
if (eap_fast_process_start(sm, data, flags, pos, left) < 0)
return NULL;
left = 0; /* A-ID is not used in further packet processing */
}
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
/* Process tunneled (encrypted) phase 2 data. */
struct wpabuf msg;
wpabuf_set(&msg, pos, left);
res = eap_fast_decrypt(sm, data, ret, req, &msg, &resp);
if (res < 0) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
/*
* Ack possible Alert that may have caused failure in
* decryption.
*/
res = 1;
}
} else {
/* Continue processing TLS handshake (phase 1). */
res = eap_peer_tls_process_helper(sm, &data->ssl,
EAP_TYPE_FAST,
data->fast_version, id, pos,
left, &resp);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char cipher[80];
wpa_printf(MSG_DEBUG,
"EAP-FAST: TLS done, proceed to Phase 2");
if (data->provisioning &&
(!(data->provisioning_allowed &
EAP_FAST_PROV_AUTH) ||
tls_get_cipher(sm->ssl_ctx, data->ssl.conn,
cipher, sizeof(cipher)) < 0 ||
os_strstr(cipher, "ADH-") ||
os_strstr(cipher, "anon"))) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Using "
"anonymous (unauthenticated) "
"provisioning");
data->anon_provisioning = 1;
} else
data->anon_provisioning = 0;
data->resuming = 0;
eap_fast_derive_keys(sm, data);
}
if (res == 2) {
struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
wpabuf_set(&msg, pos, left);
res = eap_fast_decrypt(sm, data, ret, req, &msg,
&resp);
}
}
if (res == 1) {
wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_FAST,
data->fast_version);
}
return resp;
}
