/**
* tlsv1_client_handshake - Process TLS handshake
* @conn: TLSv1 client connection data from tlsv1_client_init()
* @in_data: Input data from TLS peer
* @in_len: Input data length
* @out_len: Length of the output buffer.
* @appl_data: Pointer to application data pointer, or %NULL if dropped
* @appl_data_len: Pointer to variable that is set to appl_data length
* Returns: Pointer to output data, %NULL on failure
*/
u8 * tlsv1_client_handshake(struct tlsv1_client *conn,
const u8 *in_data, size_t in_len,
size_t *out_len, u8 **appl_data,
size_t *appl_data_len)
{
const u8 *pos, *end;
u8 *msg = NULL, *in_msg, *in_pos, *in_end, alert, ct;
size_t in_msg_len;
int no_appl_data;
if (conn->state == CLIENT_HELLO) {
if (in_len)
return NULL;
return tls_send_client_hello(conn, out_len);
}
if (in_data == NULL || in_len == 0)
return NULL;
pos = in_data;
end = in_data + in_len;
in_msg = os_malloc(in_len);
if (in_msg == NULL)
return NULL;
/* Each received packet may include multiple records */
while (pos < end) {
in_msg_len = in_len;
if (tlsv1_record_receive(&conn->rl, pos, end - pos,
in_msg, &in_msg_len, &alert)) {
wpa_printf(MSG_DEBUG, "TLSv1: Processing received "
"record failed");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
goto failed;
}
ct = pos[0];
in_pos = in_msg;
in_end = in_msg + in_msg_len;
/* Each received record may include multiple messages of the
* same ContentType. */
while (in_pos < in_end) {
in_msg_len = in_end - in_pos;
if (tlsv1_client_process_handshake(conn, ct, in_pos,
&in_msg_len,
appl_data,
appl_data_len) < 0)
goto failed;
in_pos += in_msg_len;
}
pos += TLS_RECORD_HEADER_LEN + WPA_GET_BE16(pos + 3);
}
os_free(in_msg);
in_msg = NULL;
no_appl_data = appl_data == NULL || *appl_data == NULL;
msg = tlsv1_client_handshake_write(conn, out_len, no_appl_data);
failed:
os_free(in_msg);
if (conn->alert_level) {
conn->state = FAILED;
os_free(msg);
msg = tlsv1_client_send_alert(conn, conn->alert_level,
conn->alert_description,
out_len);
} else if (msg == NULL) {
msg = os_zalloc(1);
*out_len = 0;
}
return msg;
}
static void eap_pwd_process(struct eap_sm *sm, void *priv,
struct wpabuf *respData)
{
struct eap_pwd_data *data = priv;
const u8 *pos;
size_t len;
u8 lm_exch;
u16 tot_len;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, respData, &len);
if ((pos == NULL) || (len < 1)) {
wpa_printf(MSG_INFO, "Bad EAP header! pos %s and len = %d",
(pos == NULL) ? "is NULL" : "is not NULL",
(int) len);
return;
}
lm_exch = *pos;
pos++; /* skip over the bits and the exch */
len--;
/*
* if we're fragmenting then this should be an ACK with no data,
* just return and continue fragmenting in the "build" section above
*/
if (data->out_frag_pos) {
if (len > 1)
wpa_printf(MSG_INFO, "EAP-pwd: Bad response! "
"Fragmenting but not an ACK");
else
wpa_printf(MSG_DEBUG, "EAP-pwd: received ACK from "
"peer");
return;
}
/*
* if we're receiving fragmented packets then we need to buffer...
*
* the first fragment has a total length
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
if (len < 2) {
wpa_printf(MSG_DEBUG,
"EAP-pwd: Frame too short to contain Total-Length field");
return;
}
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
"length = %d", tot_len);
if (tot_len > 15000)
return;
if (data->inbuf) {
wpa_printf(MSG_DEBUG,
"EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
return;
}
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
"buffer fragments!");
return;
}
data->in_frag_pos = 0;
pos += sizeof(u16);
len -= sizeof(u16);
}
/*
* the first and all intermediate fragments have the M bit set
*/
if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
"attack detected! (%d+%d > %d)",
(int) data->in_frag_pos, (int) len,
(int) wpabuf_size(data->inbuf));
eap_pwd_state(data, FAILURE);
return;
}
wpabuf_put_data(data->inbuf, pos, len);
data->in_frag_pos += len;
}
if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
(int) len);
return;
}
/*
* last fragment won't have the M bit set (but we're obviously
* buffering fragments so that's how we know it's the last)
*/
if (data->in_frag_pos) {
pos = wpabuf_head_u8(data->inbuf);
len = data->in_frag_pos;
wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
(int) len);
}
switch (EAP_PWD_GET_EXCHANGE(lm_exch)) {
case EAP_PWD_OPCODE_ID_EXCH:
eap_pwd_process_id_resp(sm, data, pos, len);
break;
case EAP_PWD_OPCODE_COMMIT_EXCH:
eap_pwd_process_commit_resp(sm, data, pos, len);
break;
case EAP_PWD_OPCODE_CONFIRM_EXCH:
eap_pwd_process_confirm_resp(sm, data, pos, len);
break;
}
/*
* if we had been buffering fragments, here's a great place
* to clean up
*/
if (data->in_frag_pos) {
wpabuf_free(data->inbuf);
data->inbuf = NULL;
data->in_frag_pos = 0;
}
}
static int eap_fast_session_ticket_cb(void *ctx, const u8 *ticket, size_t len,
const u8 *client_random,
const u8 *server_random,
u8 *master_secret)
{
struct eap_fast_data *data = ctx;
const u8 *pac_opaque;
size_t pac_opaque_len;
u8 *buf, *pos, *end, *pac_key = NULL;
os_time_t lifetime = 0;
struct os_time now;
u8 *identity = NULL;
size_t identity_len = 0;
wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket callback");
wpa_hexdump(MSG_DEBUG, "EAP-FAST: SessionTicket (PAC-Opaque)",
ticket, len);
if (len < 4 || WPA_GET_BE16(ticket) != PAC_TYPE_PAC_OPAQUE) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Ignore invalid "
"SessionTicket");
return 0;
}
pac_opaque_len = WPA_GET_BE16(ticket + 2);
pac_opaque = ticket + 4;
if (pac_opaque_len < 8 || pac_opaque_len % 8 ||
pac_opaque_len > len - 4) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Ignore invalid PAC-Opaque "
"(len=%lu left=%lu)",
(unsigned long) pac_opaque_len,
(unsigned long) len);
return 0;
}
wpa_hexdump(MSG_DEBUG, "EAP-FAST: Received PAC-Opaque",
pac_opaque, pac_opaque_len);
buf = os_malloc(pac_opaque_len - 8);
if (buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to allocate memory "
"for decrypting PAC-Opaque");
return 0;
}
if (aes_unwrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr),
(pac_opaque_len - 8) / 8, pac_opaque, buf) < 0) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to decrypt "
"PAC-Opaque");
os_free(buf);
/*
* This may have been caused by server changing the PAC-Opaque
* encryption key, so just ignore this PAC-Opaque instead of
* failing the authentication completely. Provisioning can now
* be used to provision a new PAC.
*/
return 0;
}
end = buf + pac_opaque_len - 8;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Decrypted PAC-Opaque",
buf, end - buf);
pos = buf;
while (end - pos > 1) {
u8 id, elen;
id = *pos++;
elen = *pos++;
if (elen > end - pos)
break;
switch (id) {
case PAC_OPAQUE_TYPE_PAD:
goto done;
case PAC_OPAQUE_TYPE_KEY:
if (elen != EAP_FAST_PAC_KEY_LEN) {
wpa_printf(MSG_DEBUG,
"EAP-FAST: Invalid PAC-Key length %d",
elen);
os_free(buf);
return -1;
}
pac_key = pos;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key from "
"decrypted PAC-Opaque",
pac_key, EAP_FAST_PAC_KEY_LEN);
break;
case PAC_OPAQUE_TYPE_LIFETIME:
if (elen != 4) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "
"PAC-Key lifetime length %d",
elen);
os_free(buf);
return -1;
}
lifetime = WPA_GET_BE32(pos);
break;
case PAC_OPAQUE_TYPE_IDENTITY:
identity = pos;
identity_len = elen;
break;
}
pos += elen;
}
done:
if (pac_key == NULL) {
wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC-Key included in "
"PAC-Opaque");
os_free(buf);
return -1;
}
if (identity) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Identity from "
"PAC-Opaque", identity, identity_len);
os_free(data->identity);
data->identity = os_malloc(identity_len);
if (data->identity) {
os_memcpy(data->identity, identity, identity_len);
data->identity_len = identity_len;
}
}
if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore "
"(lifetime=%ld now=%ld)", lifetime, now.sec);
data->send_new_pac = 2;
/*
* Allow PAC to be used to allow a PAC update with some level
* of server authentication (i.e., do not fall back to full TLS
* handshake since we cannot be sure that the peer would be
* able to validate server certificate now). However, reject
* the authentication since the PAC was not valid anymore. Peer
* can connect again with the newly provisioned PAC after this.
*/
} else if (lifetime - now.sec < data->pac_key_refresh_time) {
wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key soft timeout; send "
"an update if authentication succeeds");
data->send_new_pac = 1;
}
eap_fast_derive_master_secret(pac_key, server_random, client_random,
master_secret);
os_free(buf);
return 1;
}
static struct wpabuf * eap_pax_process_std_3(struct eap_pax_data *data,
struct eap_method_ret *ret, u8 id,
const struct eap_pax_hdr *req,
size_t req_plen)
{
struct wpabuf *resp;
u8 *rpos, mac[EAP_PAX_MAC_LEN];
const u8 *pos;
size_t left;
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-3 (received)");
if (data->state != PAX_STD_2_SENT) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 received in "
"unexpected state (%d) - ignored", data->state);
ret->ignore = TRUE;
return NULL;
}
if (req->flags & EAP_PAX_FLAGS_CE) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with CE flag set - "
"ignored");
ret->ignore = TRUE;
return NULL;
}
left = req_plen - sizeof(*req);
if (left < 2 + EAP_PAX_MAC_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with too short "
"payload");
ret->ignore = TRUE;
return NULL;
}
pos = (const u8 *) (req + 1);
if (WPA_GET_BE16(pos) != EAP_PAX_MAC_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-3 with incorrect "
"MAC_CK length %d (expected %d)",
WPA_GET_BE16(pos), EAP_PAX_MAC_LEN);
ret->ignore = TRUE;
return NULL;
}
pos += 2;
left -= 2;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
pos, EAP_PAX_MAC_LEN);
eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
data->rand.r.y, EAP_PAX_RAND_LEN,
(u8 *) data->cid, data->cid_len, NULL, 0, mac);
if (os_memcmp_const(pos, mac, EAP_PAX_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(B, CID) "
"received");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected MAC_CK(B, CID)",
mac, EAP_PAX_MAC_LEN);
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
return NULL;
}
pos += EAP_PAX_MAC_LEN;
left -= EAP_PAX_MAC_LEN;
if (left > 0) {
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ignored extra payload",
pos, left);
}
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX-ACK (sending)");
resp = eap_pax_alloc_resp(req, id, EAP_PAX_OP_ACK, EAP_PAX_ICV_LEN);
if (resp == NULL)
return NULL;
/* Optional ADE could be added here, if needed */
rpos = wpabuf_put(resp, EAP_PAX_ICV_LEN);
eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
NULL, 0, NULL, 0, rpos);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
data->state = PAX_DONE;
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
ret->allowNotifications = FALSE;
return resp;
}
static void eap_peap_process_phase2_tlv(struct eap_sm *sm,
struct eap_peap_data *data,
struct wpabuf *in_data)
{
const u8 *pos;
size_t left;
const u8 *result_tlv = NULL, *crypto_tlv = NULL;
size_t result_tlv_len = 0, crypto_tlv_len = 0;
int tlv_type, mandatory, tlv_len;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, in_data, &left);
if (pos == NULL) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid EAP-TLV header");
return;
}
/* Parse TLVs */
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs", pos, left);
while (left >= 4) {
mandatory = !!(pos[0] & 0x80);
tlv_type = pos[0] & 0x3f;
tlv_type = (tlv_type << 8) | pos[1];
tlv_len = ((int) pos[2] << 8) | pos[3];
pos += 4;
left -= 4;
if ((size_t) tlv_len > left) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun "
"(tlv_len=%d left=%lu)", tlv_len,
(unsigned long) left);
eap_peap_state(data, FAILURE);
return;
}
switch (tlv_type) {
case EAP_TLV_RESULT_TLV:
result_tlv = pos;
result_tlv_len = tlv_len;
break;
case EAP_TLV_CRYPTO_BINDING_TLV:
crypto_tlv = pos;
crypto_tlv_len = tlv_len;
break;
default:
wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type "
"%d%s", tlv_type,
mandatory ? " (mandatory)" : "");
if (mandatory) {
eap_peap_state(data, FAILURE);
return;
}
/* Ignore this TLV, but process other TLVs */
break;
}
pos += tlv_len;
left -= tlv_len;
}
if (left) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in "
"Request (left=%lu)", (unsigned long) left);
eap_peap_state(data, FAILURE);
return;
}
/* Process supported TLVs */
if (crypto_tlv && data->crypto_binding_sent) {
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV",
crypto_tlv, crypto_tlv_len);
if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
crypto_tlv_len + 4) < 0) {
eap_peap_state(data, FAILURE);
return;
}
data->crypto_binding_used = 1;
} else if (!crypto_tlv && data->crypto_binding_sent &&
data->crypto_binding == REQUIRE_BINDING) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV");
eap_peap_state(data, FAILURE);
return;
}
if (result_tlv) {
int status;
const char *requested;
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Result TLV",
result_tlv, result_tlv_len);
if (result_tlv_len < 2) {
wpa_printf(MSG_INFO, "EAP-PEAP: Too short Result TLV "
"(len=%lu)",
(unsigned long) result_tlv_len);
eap_peap_state(data, FAILURE);
return;
}
requested = data->tlv_request == TLV_REQ_SUCCESS ? "Success" :
"Failure";
status = WPA_GET_BE16(result_tlv);
if (status == EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Success "
"- requested %s", requested);
if (data->tlv_request == TLV_REQ_SUCCESS)
eap_peap_state(data, SUCCESS);
else
eap_peap_state(data, FAILURE);
} else if (status == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Failure "
"- requested %s", requested);
eap_peap_state(data, FAILURE);
} else {
wpa_printf(MSG_INFO, "EAP-PEAP: Unknown TLV Result "
"Status %d", status);
eap_peap_state(data, FAILURE);
}
}
}
static int ikev2_parse_transform(struct ikev2_proposal_data *prop,
const u8 *pos, const u8 *end)
{
int transform_len;
const struct ikev2_transform *t;
u16 transform_id;
const u8 *tend;
if (end - pos < (int) sizeof(*t)) {
wpa_printf(MSG_INFO, "IKEV2: Too short transform");
return -1;
}
t = (const struct ikev2_transform *) pos;
transform_len = WPA_GET_BE16(t->transform_length);
if (transform_len < (int) sizeof(*t) || pos + transform_len > end) {
wpa_printf(MSG_INFO, "IKEV2: Invalid transform length %d",
transform_len);
return -1;
}
tend = pos + transform_len;
transform_id = WPA_GET_BE16(t->transform_id);
wpa_printf(MSG_DEBUG, "IKEV2: Transform:");
wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Transform Length: %d "
"Transform Type: %d Transform ID: %d",
t->type, transform_len, t->transform_type, transform_id);
if (t->type != 0 && t->type != 3) {
wpa_printf(MSG_INFO, "IKEV2: Unexpected Transform type");
return -1;
}
pos = (const u8 *) (t + 1);
if (pos < tend) {
wpa_hexdump(MSG_DEBUG, "IKEV2: Transform Attributes",
pos, tend - pos);
}
switch (t->transform_type) {
case IKEV2_TRANSFORM_ENCR:
if (ikev2_get_encr(transform_id)) {
if (transform_id == ENCR_AES_CBC) {
if (tend - pos != 4) {
wpa_printf(MSG_DEBUG, "IKEV2: No "
"Transform Attr for AES");
break;
}
if (WPA_GET_BE16(pos) != 0x800e) {
wpa_printf(MSG_DEBUG, "IKEV2: Not a "
"Key Size attribute for "
"AES");
break;
}
if (WPA_GET_BE16(pos + 2) != 128) {
wpa_printf(MSG_DEBUG, "IKEV2: "
"Unsupported AES key size "
"%d bits",
WPA_GET_BE16(pos + 2));
break;
}
}
prop->encr = transform_id;
}
break;
case IKEV2_TRANSFORM_PRF:
if (ikev2_get_prf(transform_id))
prop->prf = transform_id;
break;
case IKEV2_TRANSFORM_INTEG:
if (ikev2_get_integ(transform_id))
prop->integ = transform_id;
break;
case IKEV2_TRANSFORM_DH:
if (dh_groups_get(transform_id))
prop->dh = transform_id;
break;
}
return transform_len;
}
static int ikev2_process_kei(struct ikev2_responder_data *data,
const u8 *kei, size_t kei_len)
{
u16 group;
/*
* Key Exchange Payload:
* DH Group # (16 bits)
* RESERVED (16 bits)
* Key Exchange Data (Diffie-Hellman public value)
*/
if (kei == NULL) {
wpa_printf(MSG_INFO, "IKEV2: KEi not received");
return -1;
}
if (kei_len < 4 + 96) {
wpa_printf(MSG_INFO, "IKEV2: Too show Key Exchange Payload");
return -1;
}
group = WPA_GET_BE16(kei);
wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u", group);
if (group != data->proposal.dh) {
wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u does not match "
"with the selected proposal (%u)",
group, data->proposal.dh);
/* Reject message with Notify payload of type
* INVALID_KE_PAYLOAD (RFC 4306, Sect. 3.4) */
data->error_type = INVALID_KE_PAYLOAD;
data->state = NOTIFY;
return -1;
}
if (data->dh == NULL) {
wpa_printf(MSG_INFO, "IKEV2: Unsupported DH group");
return -1;
}
/* RFC 4306, Section 3.4:
* The length of DH public value MUST be equal to the length of the
* prime modulus.
*/
if (kei_len - 4 != data->dh->prime_len) {
wpa_printf(MSG_INFO, "IKEV2: Invalid DH public value length "
"%ld (expected %ld)",
(long) (kei_len - 4), (long) data->dh->prime_len);
return -1;
}
wpabuf_free(data->i_dh_public);
data->i_dh_public = wpabuf_alloc(kei_len - 4);
if (data->i_dh_public == NULL)
return -1;
wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4);
wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",
data->i_dh_public);
return 0;
}
int wfd_add_peer_info(void *msg_ctx, struct wfd_peer_info *wfd_info,
const u8 *ies, size_t ies_len)
{
struct wfd_message wfd_msg;
u16 device_info;
os_memset(&wfd_msg, 0, sizeof(wfd_msg));
if (wfd_parse_ies(ies, ies_len, &wfd_msg)) {
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: Failed to parse WFD IE for a device entry");
wfd_parse_free(&wfd_msg);
return -1;
}
wfd_info->wfd_supported = (wfd_msg.wfd_attributes != NULL);
if (!wfd_info->wfd_supported) {
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: No WFD IE found, device does not support WFD");
wfd_parse_free(&wfd_msg);
return 0;
}
if (!wfd_msg.device_info) {
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: No device info field in WFD Device Information Subelement");
wfd_parse_free(&wfd_msg);
return -1;
}
device_info = WPA_GET_BE16(wfd_msg.device_info);
switch (device_info & WFD_DEVICE_INFO_DEVICE_TYPE) {
case WFD_DEVICE_INFO_SOURCE:
wfd_info->device_type = WFD_SOURCE;
break;
case WFD_DEVICE_INFO_PRIMARY_SINK:
wfd_info->device_type = WFD_PRIMARY_SINK;
break;
case WFD_DEVICE_INFO_SECONDARY_SINK:
wfd_info->device_type = WFD_SECONDARY_SINK;
break;
case WFD_DEVICE_INFO_SOURCE_PRIMARY_SINK:
wfd_info->device_type = WFD_SOURCE_PRIMARY_SINK;
}
switch (device_info & WFD_DEVICE_INFO_AVAILABLE_FOR_SESSION) {
case WFD_DEVICE_INFO_NOT_AVAILABLE:
wfd_info->available_for_session = 0;
break;
case WFD_DEVICE_INFO_AVAILABLE:
wfd_info->available_for_session = 1;
break;
default:
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: invalid Available for Session field in Device Info Subelement");
wfd_parse_free(&wfd_msg);
return -1;
}
switch (device_info & WFD_DEVICE_INFO_PREFERRED_CONNECTIVITY) {
case WFD_DEVICE_INFO_P2P:
wfd_info->preferred_connectivity = WFD_P2P;
break;
case WFD_DEVICE_INFO_TDLS:
wfd_info->preferred_connectivity = WFD_TDLS;
}
wfd_info->coupled_sink_supported_by_source =
(device_info &
WFD_DEVICE_INFO_COUPLED_SINK_SUPPORTED_BY_SOURCE) != 0;
wfd_info->coupled_sink_supported_by_sink =
(device_info &
WFD_DEVICE_INFO_COUPLED_SINK_SUPPORTED_BY_SINK) != 0;
wfd_info->service_discovery_supported =
(device_info &
WFD_DEVICE_INFO_SERVICE_DISCOVERY_SUPPORTED) != 0;
wfd_info->content_protection_supported =
(device_info &
WFD_DEVICE_INFO_CONTENT_PROTECTION_SUPPORTED) != 0;
wfd_info->time_sync_supported =
(device_info & WFD_DEVICE_INFO_TIME_SYNC_SUPPORTED) != 0;
if (!wfd_msg.session_mgmt_ctrl_port) {
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: No session mgmt ctrl port field"
"in WFD Device Information Subelement");
wfd_parse_free(&wfd_msg);
return -1;
}
wfd_info->session_mgmt_ctrl_port =
WPA_GET_BE16(wfd_msg.session_mgmt_ctrl_port);
if (!wfd_msg.device_max_throughput) {
wpa_msg(msg_ctx, MSG_DEBUG,
"WFD: No device max throughput field in"
"WFD Device Information Subelement");
wfd_parse_free(&wfd_msg);
return -1;
}
wfd_info->device_max_throughput =
WPA_GET_BE16(wfd_msg.device_max_throughput);
if (!wfd_msg.associated_bssid)
wfd_info->is_associated_with_ap = 0;
else {
wfd_info->is_associated_with_ap = 1;
os_memcpy(wfd_info->associated_bssid,
wfd_msg.associated_bssid, ETH_ALEN);
}
wfd_parse_free(&wfd_msg);
return 0;
}
static struct wpabuf *
eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_pwd_data *data = priv;
struct wpabuf *resp = NULL;
const u8 *pos, *buf;
size_t len;
u16 tot_len = 0;
u8 lm_exch;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, reqData, &len);
if ((pos == NULL) || (len < 1)) {
wpa_printf(MSG_DEBUG, "EAP-pwd: Got a frame but pos is %s and "
"len is %d",
pos == NULL ? "NULL" : "not NULL", (int) len);
ret->ignore = TRUE;
return NULL;
}
ret->ignore = FALSE;
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_FAIL;
ret->allowNotifications = FALSE;
lm_exch = *pos;
pos++; /* skip over the bits and the exch */
len--;
/*
* we're fragmenting so send out the next fragment
*/
if (data->out_frag_pos) {
/*
* this should be an ACK
*/
if (len)
wpa_printf(MSG_INFO, "Bad Response! Fragmenting but "
"not an ACK");
wpa_printf(MSG_DEBUG, "EAP-pwd: Got an ACK for a fragment");
/*
* check if there are going to be more fragments
*/
len = wpabuf_len(data->outbuf) - data->out_frag_pos;
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
len = data->mtu - EAP_PWD_HDR_SIZE;
EAP_PWD_SET_MORE_BIT(lm_exch);
}
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
EAP_PWD_HDR_SIZE + len,
EAP_CODE_RESPONSE, eap_get_id(reqData));
if (resp == NULL) {
wpa_printf(MSG_INFO, "Unable to allocate memory for "
"next fragment!");
return NULL;
}
wpabuf_put_u8(resp, lm_exch);
buf = wpabuf_head_u8(data->outbuf);
wpabuf_put_data(resp, buf + data->out_frag_pos, len);
data->out_frag_pos += len;
/*
* this is the last fragment so get rid of the out buffer
*/
if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
wpabuf_free(data->outbuf);
data->outbuf = NULL;
data->out_frag_pos = 0;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: Send %s fragment of %d bytes",
data->out_frag_pos == 0 ? "last" : "next",
(int) len);
if (data->state == SUCCESS_ON_FRAG_COMPLETION) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
eap_pwd_state(data, SUCCESS);
}
return resp;
}
/*
* see if this is a fragment that needs buffering
*
* if it's the first fragment there'll be a length field
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
if (len < 2) {
wpa_printf(MSG_DEBUG,
"EAP-pwd: Frame too short to contain Total-Length field");
ret->ignore = TRUE;
return NULL;
}
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
"total length = %d", tot_len);
if (tot_len > 15000)
return NULL;
if (data->inbuf) {
wpa_printf(MSG_DEBUG,
"EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
ret->ignore = TRUE;
return NULL;
}
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "Out of memory to buffer "
"fragments!");
return NULL;
}
pos += sizeof(u16);
len -= sizeof(u16);
}
/*
* buffer and ACK the fragment
*/
if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
data->in_frag_pos += len;
if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
"detected (%d vs. %d)!",
(int) data->in_frag_pos,
(int) wpabuf_len(data->inbuf));
wpabuf_free(data->inbuf);
data->inbuf = NULL;
data->in_frag_pos = 0;
return NULL;
}
wpabuf_put_data(data->inbuf, pos, len);
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
EAP_PWD_HDR_SIZE,
EAP_CODE_RESPONSE, eap_get_id(reqData));
if (resp != NULL)
wpabuf_put_u8(resp, (EAP_PWD_GET_EXCHANGE(lm_exch)));
wpa_printf(MSG_DEBUG, "EAP-pwd: ACKing a %d byte fragment",
(int) len);
return resp;
}
/*
* we're buffering and this is the last fragment
*/
if (data->in_frag_pos) {
wpabuf_put_data(data->inbuf, pos, len);
wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
(int) len);
data->in_frag_pos += len;
pos = wpabuf_head_u8(data->inbuf);
len = data->in_frag_pos;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: processing frame: exch %d, len %d",
EAP_PWD_GET_EXCHANGE(lm_exch), (int) len);
switch (EAP_PWD_GET_EXCHANGE(lm_exch)) {
case EAP_PWD_OPCODE_ID_EXCH:
eap_pwd_perform_id_exchange(sm, data, ret, reqData,
pos, len);
break;
case EAP_PWD_OPCODE_COMMIT_EXCH:
eap_pwd_perform_commit_exchange(sm, data, ret, reqData,
pos, len);
break;
case EAP_PWD_OPCODE_CONFIRM_EXCH:
eap_pwd_perform_confirm_exchange(sm, data, ret, reqData,
pos, len);
break;
default:
wpa_printf(MSG_INFO, "EAP-pwd: Ignoring message with unknown "
"opcode %d", lm_exch);
break;
}
/*
* if we buffered the just processed input now's the time to free it
*/
if (data->in_frag_pos) {
wpabuf_free(data->inbuf);
data->inbuf = NULL;
data->in_frag_pos = 0;
}
if (data->outbuf == NULL) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
return NULL; /* generic failure */
}
/*
* we have output! Do we need to fragment it?
*/
lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
len = wpabuf_len(data->outbuf);
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
EAP_CODE_RESPONSE, eap_get_id(reqData));
/*
* if so it's the first so include a length field
*/
EAP_PWD_SET_LENGTH_BIT(lm_exch);
EAP_PWD_SET_MORE_BIT(lm_exch);
tot_len = len;
/*
* keep the packet at the MTU
*/
len = data->mtu - EAP_PWD_HDR_SIZE - sizeof(u16);
wpa_printf(MSG_DEBUG, "EAP-pwd: Fragmenting output, total "
"length = %d", tot_len);
} else {
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
EAP_PWD_HDR_SIZE + len,
EAP_CODE_RESPONSE, eap_get_id(reqData));
}
if (resp == NULL)
return NULL;
wpabuf_put_u8(resp, lm_exch);
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
wpabuf_put_be16(resp, tot_len);
data->out_frag_pos += len;
}
buf = wpabuf_head_u8(data->outbuf);
wpabuf_put_data(resp, buf, len);
/*
* if we're not fragmenting then there's no need to carry this around
*/
if (data->out_frag_pos == 0) {
wpabuf_free(data->outbuf);
data->outbuf = NULL;
data->out_frag_pos = 0;
if (data->state == SUCCESS_ON_FRAG_COMPLETION) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC;
eap_pwd_state(data, SUCCESS);
}
}
return resp;
}
static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
const u8 *in_data, size_t *in_len)
{
const u8 *pos, *end;
size_t left, len;
u8 type;
size_t hlen, buflen;
u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos, *buf;
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
u16 slen;
if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
if (conn->verify_peer) {
wpa_printf(MSG_DEBUG, "TLSv1: Client did not include "
"CertificateVerify");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
return tls_process_change_cipher_spec(conn, ct, in_data,
in_len);
}
if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
"received content type 0x%x", ct);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
pos = in_data;
left = *in_len;
if (left < 4) {
wpa_printf(MSG_DEBUG, "TLSv1: Too short CertificateVerify "
"message (len=%lu)", (unsigned long) left);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
type = *pos++;
len = WPA_GET_BE24(pos);
pos += 3;
left -= 4;
if (len > left) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected CertificateVerify "
"message length (len=%lu != left=%lu)",
(unsigned long) len, (unsigned long) left);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
end = pos + len;
if (type != TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY) {
wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
"message %d (expected CertificateVerify)", type);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
wpa_printf(MSG_DEBUG, "TLSv1: Received CertificateVerify");
/*
* struct {
* Signature signature;
* } CertificateVerify;
*/
hpos = hash;
if (alg == SIGN_ALG_RSA) {
hlen = MD5_MAC_LEN;
if (conn->verify.md5_cert == NULL ||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
{
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
conn->verify.md5_cert = NULL;
crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
conn->verify.sha1_cert = NULL;
return -1;
}
hpos += MD5_MAC_LEN;
} else
crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
conn->verify.md5_cert = NULL;
hlen = SHA1_MAC_LEN;
if (conn->verify.sha1_cert == NULL ||
crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) {
conn->verify.sha1_cert = NULL;
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
conn->verify.sha1_cert = NULL;
if (alg == SIGN_ALG_RSA)
hlen += MD5_MAC_LEN;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: CertificateVerify hash", hash, hlen);
if (end - pos < 2) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
slen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < slen) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
wpa_hexdump(MSG_MSGDUMP, "TLSv1: Signature", pos, end - pos);
if (conn->client_rsa_key == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: No client public key to verify "
"signature");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
buflen = end - pos;
buf = os_malloc(end - pos);
if (crypto_public_key_decrypt_pkcs1(conn->client_rsa_key,
pos, end - pos, buf, &buflen) < 0)
{
wpa_printf(MSG_DEBUG, "TLSv1: Failed to decrypt signature");
os_free(buf);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECRYPT_ERROR);
return -1;
}
wpa_hexdump_key(MSG_MSGDUMP, "TLSv1: Decrypted Signature",
buf, buflen);
if (buflen != hlen || os_memcmp(buf, hash, buflen) != 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid Signature in "
"CertificateVerify - did not match with calculated "
"hash");
os_free(buf);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECRYPT_ERROR);
return -1;
}
os_free(buf);
*in_len = end - in_data;
conn->state = CHANGE_CIPHER_SPEC;
return 0;
}
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
struct eap_aka_data *data,
u8 id,
const struct wpabuf *reqData,
struct eap_sim_attrs *attr)
{
const u8 *identity;
size_t identity_len;
int res;
struct eap_sim_attrs eattr;
wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
if (attr->checkcode &&
eap_aka_verify_checkcode(data, attr->checkcode,
attr->checkcode_len)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
"message");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
#ifdef EAP_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
if (!attr->kdf_input || attr->kdf_input_len == 0) {
wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message "
"did not include non-empty AT_KDF_INPUT");
/* Fail authentication as if AUTN had been incorrect */
return eap_aka_authentication_reject(data, id);
}
os_free(data->network_name);
data->network_name = os_malloc(attr->kdf_input_len);
if (data->network_name == NULL) {
wpa_printf(MSG_WARNING, "EAP-AKA': No memory for "
"storing Network Name");
return eap_aka_authentication_reject(data, id);
}
os_memcpy(data->network_name, attr->kdf_input,
attr->kdf_input_len);
data->network_name_len = attr->kdf_input_len;
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name "
"(AT_KDF_INPUT)",
data->network_name, data->network_name_len);
/* TODO: check Network Name per 3GPP.33.402 */
if (!eap_aka_prime_kdf_valid(data, attr))
return eap_aka_authentication_reject(data, id);
if (attr->kdf[0] != EAP_AKA_PRIME_KDF)
return eap_aka_prime_kdf_neg(data, id, attr);
data->kdf = EAP_AKA_PRIME_KDF;
wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
}
if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
u16 flags = WPA_GET_BE16(attr->bidding);
if ((flags & EAP_AKA_BIDDING_FLAG_D) &&
eap_allowed_method(sm, EAP_VENDOR_IETF,
EAP_TYPE_AKA_PRIME)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from "
"AKA' to AKA detected");
/* Fail authentication as if AUTN had been incorrect */
return eap_aka_authentication_reject(data, id);
}
}
#endif /* EAP_AKA_PRIME */
data->reauth = 0;
if (!attr->mac || !attr->rand || !attr->autn) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"did not include%s%s%s",
!attr->mac ? " AT_MAC" : "",
!attr->rand ? " AT_RAND" : "",
!attr->autn ? " AT_AUTN" : "");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
res = eap_aka_umts_auth(sm, data);
if (res == -1) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
"failed (AUTN)");
return eap_aka_authentication_reject(data, id);
} else if (res == -2) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
"failed (AUTN seq# -> AUTS)");
return eap_aka_synchronization_failure(data, id);
} else if (res > 0) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Wait for external USIM processing");
return NULL;
} else if (res) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
#ifdef EAP_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
* needed 6-octet SQN ^ AK for CK',IK' derivation */
u16 amf = WPA_GET_BE16(data->autn + 6);
if (!(amf & 0x8000)) {
wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
"not set (AMF=0x%4x)", amf);
return eap_aka_authentication_reject(data, id);
}
eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
data->autn,
data->network_name,
data->network_name_len);
}
#endif /* EAP_AKA_PRIME */
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
} else if (data->pseudonym) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else
identity = eap_get_config_identity(sm, &identity_len);
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
"derivation", identity, identity_len);
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
eap_aka_prime_derive_keys(identity, identity_len, data->ik,
data->ck, data->k_encr, data->k_aut,
data->k_re, data->msk, data->emsk);
} else {
eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
data->msk, data->emsk);
}
if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"used invalid AT_MAC");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
/* Old reauthentication identity must not be used anymore. In
* other words, if no new identities are received, full
* authentication will be used on next reauthentication (using
* pseudonym identity or permanent identity). */
eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
if (attr->encr_data) {
u8 *decrypted;
decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
attr->encr_data_len, attr->iv,
&eattr, 0);
if (decrypted == NULL) {
return eap_aka_client_error(
data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
eap_aka_learn_ids(sm, data, &eattr);
os_free(decrypted);
}
if (data->result_ind && attr->result_ind)
data->use_result_ind = 1;
if (data->state != FAILURE && data->state != RESULT_FAILURE) {
eap_aka_state(data, data->use_result_ind ?
RESULT_SUCCESS : SUCCESS);
}
data->num_id_req = 0;
data->num_notification = 0;
/* RFC 4187 specifies that counter is initialized to one after
* fullauth, but initializing it to zero makes it easier to implement
* reauth verification. */
data->counter = 0;
return eap_aka_response_challenge(data, id);
}
static int tls_process_client_key_exchange_dh_anon(
struct tlsv1_server *conn, const u8 *pos, const u8 *end)
{
const u8 *dh_yc;
u16 dh_yc_len;
u8 *shared;
size_t shared_len;
int res;
/*
* struct {
* select (PublicValueEncoding) {
* case implicit: struct { };
* case explicit: opaque dh_Yc<1..2^16-1>;
* } dh_public;
* } ClientDiffieHellmanPublic;
*/
wpa_hexdump(MSG_MSGDUMP, "TLSv1: ClientDiffieHellmanPublic",
pos, end - pos);
if (end == pos) {
wpa_printf(MSG_DEBUG, "TLSv1: Implicit public value encoding "
"not supported");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
if (end - pos < 3) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid client public value "
"length");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
dh_yc_len = WPA_GET_BE16(pos);
dh_yc = pos + 2;
if (dh_yc + dh_yc_len > end) {
wpa_printf(MSG_DEBUG, "TLSv1: Client public value overflow "
"(length %d)", dh_yc_len);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
wpa_hexdump(MSG_DEBUG, "TLSv1: DH Yc (client's public value)",
dh_yc, dh_yc_len);
if (conn->cred == NULL || conn->cred->dh_p == NULL ||
conn->dh_secret == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: No DH parameters available");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
shared_len = conn->cred->dh_p_len;
shared = os_malloc(shared_len);
if (shared == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Could not allocate memory for "
"DH");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
/* shared = Yc^secret mod p */
if (crypto_mod_exp(dh_yc, dh_yc_len, conn->dh_secret,
conn->dh_secret_len,
conn->cred->dh_p, conn->cred->dh_p_len,
shared, &shared_len)) {
os_free(shared);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "TLSv1: Shared secret from DH key exchange",
shared, shared_len);
os_memset(conn->dh_secret, 0, conn->dh_secret_len);
os_free(conn->dh_secret);
conn->dh_secret = NULL;
res = tlsv1_server_derive_keys(conn, shared, shared_len);
/* Clear the pre-master secret since it is not needed anymore */
os_memset(shared, 0, shared_len);
os_free(shared);
if (res) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive keys");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
return 0;
}
static int tls_process_client_key_exchange_rsa(
struct tlsv1_server *conn, const u8 *pos, const u8 *end)
{
u8 *out;
size_t outlen, outbuflen;
u16 encr_len;
int res;
int use_random = 0;
if (end - pos < 2) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
encr_len = WPA_GET_BE16(pos);
pos += 2;
outbuflen = outlen = end - pos;
out = os_malloc(outlen >= TLS_PRE_MASTER_SECRET_LEN ?
outlen : TLS_PRE_MASTER_SECRET_LEN);
if (out == NULL) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
/*
* struct {
* ProtocolVersion client_version;
* opaque random[46];
* } PreMasterSecret;
*
* struct {
* public-key-encrypted PreMasterSecret pre_master_secret;
* } EncryptedPreMasterSecret;
*/
/*
* Note: To avoid Bleichenbacher attack, we do not report decryption or
* parsing errors from EncryptedPreMasterSecret processing to the
* client. Instead, a random pre-master secret is used to force the
* handshake to fail.
*/
if (crypto_private_key_decrypt_pkcs1_v15(conn->cred->key,
pos, end - pos,
out, &outlen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to decrypt "
"PreMasterSecret (encr_len=%d outlen=%lu)",
(int) (end - pos), (unsigned long) outlen);
use_random = 1;
}
if (outlen != TLS_PRE_MASTER_SECRET_LEN) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected PreMasterSecret "
"length %lu", (unsigned long) outlen);
use_random = 1;
}
if (WPA_GET_BE16(out) != conn->client_version) {
wpa_printf(MSG_DEBUG, "TLSv1: Client version in "
"ClientKeyExchange does not match with version in "
"ClientHello");
use_random = 1;
}
if (use_random) {
wpa_printf(MSG_DEBUG, "TLSv1: Using random premaster secret "
"to avoid revealing information about private key");
outlen = TLS_PRE_MASTER_SECRET_LEN;
if (os_get_random(out, outlen)) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
"data");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
os_free(out);
return -1;
}
}
res = tlsv1_server_derive_keys(conn, out, outlen);
/* Clear the pre-master secret since it is not needed anymore */
os_memset(out, 0, outbuflen);
os_free(out);
if (res) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive keys");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
return 0;
}
static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
const u8 *in_data, size_t *in_len)
{
const u8 *pos, *end, *c;
size_t left, len, i, j;
u16 cipher_suite;
u16 num_suites;
int compr_null_found;
u16 ext_type, ext_len;
if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
"received content type 0x%x", ct);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
pos = in_data;
left = *in_len;
if (left < 4)
goto decode_error;
/* HandshakeType msg_type */
if (*pos != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) {
wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
"message %d (expected ClientHello)", *pos);
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
wpa_printf(MSG_DEBUG, "TLSv1: Received ClientHello");
pos++;
/* uint24 length */
len = WPA_GET_BE24(pos);
pos += 3;
left -= 4;
if (len > left)
goto decode_error;
/* body - ClientHello */
wpa_hexdump(MSG_MSGDUMP, "TLSv1: ClientHello", pos, len);
end = pos + len;
/* ProtocolVersion client_version */
if (end - pos < 2)
goto decode_error;
conn->client_version = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "TLSv1: Client version %d.%d",
conn->client_version >> 8, conn->client_version & 0xff);
if (conn->client_version < TLS_VERSION) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
"ClientHello");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_PROTOCOL_VERSION);
return -1;
}
pos += 2;
/* Random random */
if (end - pos < TLS_RANDOM_LEN)
goto decode_error;
os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN);
pos += TLS_RANDOM_LEN;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random",
conn->client_random, TLS_RANDOM_LEN);
/* SessionID session_id */
if (end - pos < 1)
goto decode_error;
if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN)
goto decode_error;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client session_id", pos + 1, *pos);
pos += 1 + *pos;
/* TODO: add support for session resumption */
/* CipherSuite cipher_suites<2..2^16-1> */
if (end - pos < 2)
goto decode_error;
num_suites = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < num_suites)
goto decode_error;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client cipher suites",
pos, num_suites);
if (num_suites & 1)
goto decode_error;
num_suites /= 2;
cipher_suite = 0;
for (i = 0; !cipher_suite && i < conn->num_cipher_suites; i++) {
c = pos;
for (j = 0; j < num_suites; j++) {
u16 tmp = WPA_GET_BE16(c);
c += 2;
if (!cipher_suite && tmp == conn->cipher_suites[i]) {
cipher_suite = tmp;
break;
}
}
}
pos += num_suites * 2;
if (!cipher_suite) {
wpa_printf(MSG_INFO, "TLSv1: No supported cipher suite "
"available");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_ILLEGAL_PARAMETER);
return -1;
}
if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to set CipherSuite for "
"record layer");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
conn->cipher_suite = cipher_suite;
/* CompressionMethod compression_methods<1..2^8-1> */
if (end - pos < 1)
goto decode_error;
num_suites = *pos++;
if (end - pos < num_suites)
goto decode_error;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client compression_methods",
pos, num_suites);
compr_null_found = 0;
for (i = 0; i < num_suites; i++) {
if (*pos++ == TLS_COMPRESSION_NULL)
compr_null_found = 1;
}
if (!compr_null_found) {
wpa_printf(MSG_INFO, "TLSv1: Client does not accept NULL "
"compression");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_ILLEGAL_PARAMETER);
return -1;
}
if (end - pos == 1) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected extra octet in the "
"end of ClientHello: 0x%02x", *pos);
goto decode_error;
}
if (end - pos >= 2) {
/* Extension client_hello_extension_list<0..2^16-1> */
ext_len = WPA_GET_BE16(pos);
pos += 2;
wpa_printf(MSG_DEBUG, "TLSv1: %u bytes of ClientHello "
"extensions", ext_len);
if (end - pos != ext_len) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid ClientHello "
"extension list length %u (expected %u)",
ext_len, (unsigned int) (end - pos));
goto decode_error;
}
/*
* struct {
* ExtensionType extension_type (0..65535)
* opaque extension_data<0..2^16-1>
* } Extension;
*/
while (pos < end) {
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid "
"extension_type field");
goto decode_error;
}
ext_type = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid "
"extension_data length field");
goto decode_error;
}
ext_len = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < ext_len) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid "
"extension_data field");
goto decode_error;
}
wpa_printf(MSG_DEBUG, "TLSv1: ClientHello Extension "
"type %u", ext_type);
wpa_hexdump(MSG_MSGDUMP, "TLSv1: ClientHello "
"Extension data", pos, ext_len);
if (ext_type == TLS_EXT_SESSION_TICKET) {
os_free(conn->session_ticket);
conn->session_ticket = os_malloc(ext_len);
if (conn->session_ticket) {
os_memcpy(conn->session_ticket, pos,
ext_len);
conn->session_ticket_len = ext_len;
}
}
pos += ext_len;
}
}
*in_len = end - in_data;
wpa_printf(MSG_DEBUG, "TLSv1: ClientHello OK - proceed to "
"ServerHello");
conn->state = SERVER_HELLO;
return 0;
decode_error:
wpa_printf(MSG_DEBUG, "TLSv1: Failed to decode ClientHello");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECODE_ERROR);
return -1;
}
/*
* RoboSwitch uses 16-bit Big Endian addresses.
* The ordering of the words is reversed in the MII registers.
*/
static void wpa_driver_roboswitch_addr_be16(const u8 addr[ETH_ALEN], u16 *be)
{
int i;
for (i = 0; i < ETH_ALEN; i += 2)
be[(ETH_ALEN - i) / 2 - 1] = WPA_GET_BE16(addr + i);
}
int wps_attr_text(struct wpabuf *data, char *buf, char *end)
{
struct wps_parse_attr attr;
char *pos = buf;
int ret;
if (wps_parse_msg(data, &attr) < 0)
return -1;
if (attr.wps_state) {
if (*attr.wps_state == WPS_STATE_NOT_CONFIGURED)
ret = os_snprintf(pos, end - pos,
"wps_state=unconfigured\n");
else if (*attr.wps_state == WPS_STATE_CONFIGURED)
ret = os_snprintf(pos, end - pos,
"wps_state=configured\n");
else
ret = 0;
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.ap_setup_locked && *attr.ap_setup_locked) {
ret = os_snprintf(pos, end - pos,
"wps_ap_setup_locked=1\n");
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.selected_registrar && *attr.selected_registrar) {
ret = os_snprintf(pos, end - pos,
"wps_selected_registrar=1\n");
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.dev_password_id) {
ret = os_snprintf(pos, end - pos,
"wps_device_password_id=%u\n",
WPA_GET_BE16(attr.dev_password_id));
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.sel_reg_config_methods) {
ret = os_snprintf(pos, end - pos,
"wps_selected_registrar_config_methods="
"0x%04x\n",
WPA_GET_BE16(attr.sel_reg_config_methods));
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.primary_dev_type) {
char devtype[WPS_DEV_TYPE_BUFSIZE];
ret = os_snprintf(pos, end - pos,
"wps_primary_device_type=%s\n",
wps_dev_type_bin2str(attr.primary_dev_type,
devtype,
sizeof(devtype)));
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.dev_name) {
char *str = os_malloc(attr.dev_name_len + 1);
size_t i;
if (str == NULL)
return pos - buf;
for (i = 0; i < attr.dev_name_len; i++) {
if (attr.dev_name[i] == 0 ||
is_ctrl_char(attr.dev_name[i]))
str[i] = '_';
else
str[i] = attr.dev_name[i];
}
str[i] = '\0';
ret = os_snprintf(pos, end - pos, "wps_device_name=%s\n", str);
os_free(str);
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (attr.config_methods) {
ret = os_snprintf(pos, end - pos,
"wps_config_methods=0x%04x\n",
WPA_GET_BE16(attr.config_methods));
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
return pos - buf;
}
static void eap_wsc_process(struct eap_sm *sm, void *priv,
struct wpabuf *respData)
{
struct eap_wsc_data *data = priv;
const u8 *start, *pos, *end;
size_t len;
u8 op_code, flags;
u16 message_length = 0;
enum wps_process_res res;
struct wpabuf tmpbuf;
eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
if (data->ext_reg_timeout) {
eap_wsc_state(data, FAIL);
return;
}
pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
respData, &len);
if (pos == NULL || len < 2)
return; /* Should not happen; message already verified */
start = pos;
end = start + len;
op_code = *pos++;
flags = *pos++;
if (flags & WSC_FLAGS_LF) {
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Message underflow");
return;
}
message_length = WPA_GET_BE16(pos);
pos += 2;
if (message_length < end - pos) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
"Length");
return;
}
}
wpa_printf(MSG_DEBUG, "EAP-WSC: Received packet: Op-Code %d "
"Flags 0x%x Message Length %d",
op_code, flags, message_length);
if (data->state == WAIT_FRAG_ACK) {
if (op_code != WSC_FRAG_ACK) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d "
"in WAIT_FRAG_ACK state", op_code);
eap_wsc_state(data, FAIL);
return;
}
wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment acknowledged");
eap_wsc_state(data, MESG);
return;
}
if (op_code != WSC_ACK && op_code != WSC_NACK && op_code != WSC_MSG &&
op_code != WSC_Done) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d",
op_code);
eap_wsc_state(data, FAIL);
return;
}
if (data->in_buf &&
eap_wsc_process_cont(data, pos, end - pos, op_code) < 0) {
eap_wsc_state(data, FAIL);
return;
}
if (flags & WSC_FLAGS_MF) {
if (eap_wsc_process_fragment(data, flags, op_code,
message_length, pos, end - pos) <
0)
eap_wsc_state(data, FAIL);
else
eap_wsc_state(data, FRAG_ACK);
return;
}
if (data->in_buf == NULL) {
/* Wrap unfragmented messages as wpabuf without extra copy */
wpabuf_set(&tmpbuf, pos, end - pos);
data->in_buf = &tmpbuf;
}
res = wps_process_msg(data->wps, op_code, data->in_buf);
switch (res) {
case WPS_DONE:
wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing completed "
"successfully - report EAP failure");
eap_wsc_state(data, FAIL);
break;
case WPS_CONTINUE:
eap_wsc_state(data, MESG);
break;
case WPS_FAILURE:
wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing failed");
eap_wsc_state(data, FAIL);
break;
case WPS_PENDING:
eap_wsc_state(data, MESG);
sm->method_pending = METHOD_PENDING_WAIT;
eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
eloop_register_timeout(5, 0, eap_wsc_ext_reg_timeout,
sm, data);
break;
}
if (data->in_buf != &tmpbuf)
wpabuf_free(data->in_buf);
data->in_buf = NULL;
}
static void eap_gpsk_process_gpsk_2(struct eap_sm *sm,
struct eap_gpsk_data *data,
const u8 *payload, size_t payloadlen)
{
const u8 *pos, *end;
u16 alen;
const struct eap_gpsk_csuite *csuite;
size_t i, miclen;
u8 mic[EAP_GPSK_MAX_MIC_LEN];
if (data->state != GPSK_1)
return;
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-2");
pos = payload;
end = payload + payloadlen;
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"ID_Peer length");
eap_gpsk_state(data, FAILURE);
return;
}
alen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"ID_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
os_free(data->id_peer);
data->id_peer = os_malloc(alen);
if (data->id_peer == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store "
"%d-octet ID_Peer", alen);
return;
}
os_memcpy(data->id_peer, pos, alen);
data->id_peer_len = alen;
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
data->id_peer, data->id_peer_len);
pos += alen;
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"ID_Server length");
eap_gpsk_state(data, FAILURE);
return;
}
alen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"ID_Server");
eap_gpsk_state(data, FAILURE);
return;
}
if (alen != sm->server_id_len ||
os_memcmp(pos, sm->server_id, alen) != 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1 and "
"GPSK-2 did not match");
eap_gpsk_state(data, FAILURE);
return;
}
pos += alen;
if (end - pos < EAP_GPSK_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"RAND_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
os_memcpy(data->rand_peer, pos, EAP_GPSK_RAND_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
if (end - pos < EAP_GPSK_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"RAND_Server");
eap_gpsk_state(data, FAILURE);
return;
}
if (os_memcmp(data->rand_server, pos, EAP_GPSK_RAND_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1 and "
"GPSK-2 did not match");
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1",
data->rand_server, EAP_GPSK_RAND_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-2",
pos, EAP_GPSK_RAND_LEN);
eap_gpsk_state(data, FAILURE);
return;
}
pos += EAP_GPSK_RAND_LEN;
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"CSuite_List length");
eap_gpsk_state(data, FAILURE);
return;
}
alen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"CSuite_List");
eap_gpsk_state(data, FAILURE);
return;
}
if (alen != data->csuite_count * sizeof(struct eap_gpsk_csuite) ||
os_memcmp(pos, data->csuite_list, alen) != 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List in GPSK-1 and "
"GPSK-2 did not match");
eap_gpsk_state(data, FAILURE);
return;
}
pos += alen;
if (end - pos < (int) sizeof(*csuite)) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"CSuite_Sel");
eap_gpsk_state(data, FAILURE);
return;
}
csuite = (const struct eap_gpsk_csuite *) pos;
for (i = 0; i < data->csuite_count; i++) {
if (os_memcmp(csuite, &data->csuite_list[i], sizeof(*csuite))
== 0)
break;
}
if (i == data->csuite_count) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported "
"ciphersuite %d:%d",
WPA_GET_BE32(csuite->vendor),
WPA_GET_BE16(csuite->specifier));
eap_gpsk_state(data, FAILURE);
return;
}
data->vendor = WPA_GET_BE32(csuite->vendor);
data->specifier = WPA_GET_BE16(csuite->specifier);
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d",
data->vendor, data->specifier);
pos += sizeof(*csuite);
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"PD_Payload_1 length");
eap_gpsk_state(data, FAILURE);
return;
}
alen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"PD_Payload_1");
eap_gpsk_state(data, FAILURE);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen);
pos += alen;
if (sm->user == NULL || sm->user->password == NULL) {
wpa_printf(MSG_INFO, "EAP-GPSK: No PSK/password configured "
"for the user");
eap_gpsk_state(data, FAILURE);
return;
}
if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len,
data->vendor, data->specifier,
data->rand_peer, data->rand_server,
data->id_peer, data->id_peer_len,
sm->server_id, sm->server_id_len,
data->msk, data->emsk,
data->sk, &data->sk_len,
data->pk, &data->pk_len) < 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive keys");
eap_gpsk_state(data, FAILURE);
return;
}
if (eap_gpsk_derive_session_id(sm->user->password,
sm->user->password_len,
data->vendor, data->specifier,
data->rand_peer, data->rand_server,
data->id_peer, data->id_peer_len,
sm->server_id, sm->server_id_len,
EAP_TYPE_GPSK,
data->session_id, &data->id_len) < 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive Session-Id");
eap_gpsk_state(data, FAILURE);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Derived Session-Id",
data->session_id, data->id_len);
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
if (end - pos < (int) miclen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
"(left=%lu miclen=%lu)",
(unsigned long) (end - pos),
(unsigned long) miclen);
eap_gpsk_state(data, FAILURE);
return;
}
if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
data->specifier, payload, pos - payload, mic)
< 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
eap_gpsk_state(data, FAILURE);
return;
}
if (os_memcmp_const(mic, pos, miclen) != 0) {
wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-2");
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
eap_gpsk_state(data, FAILURE);
return;
}
pos += miclen;
if (pos != end) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
"data in the end of GPSK-2",
(unsigned long) (end - pos));
}
eap_gpsk_state(data, GPSK_3);
}
static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
const u8 *pos, const u8 *end)
{
const u8 *pend, *ppos;
int proposal_len, i;
const struct ikev2_proposal *p;
if (end - pos < (int) sizeof(*p)) {
wpa_printf(MSG_INFO, "IKEV2: Too short proposal");
return -1;
}
/* FIX: AND processing if multiple proposals use the same # */
p = (const struct ikev2_proposal *) pos;
proposal_len = WPA_GET_BE16(p->proposal_length);
if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
proposal_len);
return -1;
}
wpa_printf(MSG_DEBUG, "IKEV2: SAi1 Proposal # %d",
p->proposal_num);
wpa_printf(MSG_DEBUG, "IKEV2: Type: %d Proposal Length: %d "
" Protocol ID: %d",
p->type, proposal_len, p->protocol_id);
wpa_printf(MSG_DEBUG, "IKEV2: SPI Size: %d Transforms: %d",
p->spi_size, p->num_transforms);
if (p->type != 0 && p->type != 2) {
wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal type");
return -1;
}
if (p->protocol_id != IKEV2_PROTOCOL_IKE) {
wpa_printf(MSG_DEBUG, "IKEV2: Unexpected Protocol ID "
"(only IKE allowed for EAP-IKEv2)");
return -1;
}
if (p->proposal_num != prop->proposal_num) {
if (p->proposal_num == prop->proposal_num + 1)
prop->proposal_num = p->proposal_num;
else {
wpa_printf(MSG_INFO, "IKEV2: Unexpected Proposal #");
return -1;
}
}
ppos = (const u8 *) (p + 1);
pend = pos + proposal_len;
if (ppos + p->spi_size > pend) {
wpa_printf(MSG_INFO, "IKEV2: Not enough room for SPI "
"in proposal");
return -1;
}
if (p->spi_size) {
wpa_hexdump(MSG_DEBUG, "IKEV2: SPI",
ppos, p->spi_size);
ppos += p->spi_size;
}
/*
* For initial IKE_SA negotiation, SPI Size MUST be zero; for
* subsequent negotiations, it must be 8 for IKE. We only support
* initial case for now.
*/
if (p->spi_size != 0) {
wpa_printf(MSG_INFO, "IKEV2: Unexpected SPI Size");
return -1;
}
if (p->num_transforms == 0) {
wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
return -1;
}
for (i = 0; i < (int) p->num_transforms; i++) {
int tlen = ikev2_parse_transform(prop, ppos, pend);
if (tlen < 0)
return -1;
ppos += tlen;
}
if (ppos != pend) {
wpa_printf(MSG_INFO, "IKEV2: Unexpected data after "
"transforms");
return -1;
}
return proposal_len;
}
static void eap_gpsk_process_gpsk_4(struct eap_sm *sm,
struct eap_gpsk_data *data,
const u8 *payload, size_t payloadlen)
{
const u8 *pos, *end;
u16 alen;
size_t miclen;
u8 mic[EAP_GPSK_MAX_MIC_LEN];
if (data->state != GPSK_3)
return;
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-4");
pos = payload;
end = payload + payloadlen;
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"PD_Payload_1 length");
eap_gpsk_state(data, FAILURE);
return;
}
alen = WPA_GET_BE16(pos);
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
"PD_Payload_1");
eap_gpsk_state(data, FAILURE);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen);
pos += alen;
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
if (end - pos < (int) miclen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
"(left=%lu miclen=%lu)",
(unsigned long) (end - pos),
(unsigned long) miclen);
eap_gpsk_state(data, FAILURE);
return;
}
if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
data->specifier, payload, pos - payload, mic)
< 0) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
eap_gpsk_state(data, FAILURE);
return;
}
if (os_memcmp_const(mic, pos, miclen) != 0) {
wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-4");
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
eap_gpsk_state(data, FAILURE);
return;
}
pos += miclen;
if (pos != end) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
"data in the end of GPSK-4",
(unsigned long) (end - pos));
}
eap_gpsk_state(data, SUCCESS);
}
static struct wpabuf * eap_pax_process_std_1(struct eap_pax_data *data,
struct eap_method_ret *ret, u8 id,
const struct eap_pax_hdr *req,
size_t req_plen)
{
struct wpabuf *resp;
const u8 *pos;
u8 *rpos;
size_t left, plen;
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (received)");
if (data->state != PAX_INIT) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 received in "
"unexpected state (%d) - ignored", data->state);
ret->ignore = TRUE;
return NULL;
}
if (req->flags & EAP_PAX_FLAGS_CE) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with CE flag set - "
"ignored");
ret->ignore = TRUE;
return NULL;
}
left = req_plen - sizeof(*req);
if (left < 2 + EAP_PAX_RAND_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with too short "
"payload");
ret->ignore = TRUE;
return NULL;
}
pos = (const u8 *) (req + 1);
if (WPA_GET_BE16(pos) != EAP_PAX_RAND_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: PAX_STD-1 with incorrect A "
"length %d (expected %d)",
WPA_GET_BE16(pos), EAP_PAX_RAND_LEN);
ret->ignore = TRUE;
return NULL;
}
pos += 2;
left -= 2;
os_memcpy(data->rand.r.x, pos, EAP_PAX_RAND_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: X (server rand)",
data->rand.r.x, EAP_PAX_RAND_LEN);
pos += EAP_PAX_RAND_LEN;
left -= EAP_PAX_RAND_LEN;
if (left > 0) {
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ignored extra payload",
pos, left);
}
if (random_get_bytes(data->rand.r.y, EAP_PAX_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
ret->ignore = TRUE;
return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Y (client rand)",
data->rand.r.y, EAP_PAX_RAND_LEN);
if (eap_pax_initial_key_derivation(req->mac_id, data->ak, data->rand.e,
data->mk, data->ck, data->ick,
data->mid) < 0) {
ret->ignore = TRUE;
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-2 (sending)");
plen = 2 + EAP_PAX_RAND_LEN + 2 + data->cid_len + 2 + EAP_PAX_MAC_LEN +
EAP_PAX_ICV_LEN;
resp = eap_pax_alloc_resp(req, id, EAP_PAX_OP_STD_2, plen);
if (resp == NULL)
return NULL;
wpabuf_put_be16(resp, EAP_PAX_RAND_LEN);
wpabuf_put_data(resp, data->rand.r.y, EAP_PAX_RAND_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: B = Y (client rand)",
data->rand.r.y, EAP_PAX_RAND_LEN);
wpabuf_put_be16(resp, data->cid_len);
wpabuf_put_data(resp, data->cid, data->cid_len);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PAX: CID",
(u8 *) data->cid, data->cid_len);
wpabuf_put_be16(resp, EAP_PAX_MAC_LEN);
rpos = wpabuf_put(resp, EAP_PAX_MAC_LEN);
eap_pax_mac(req->mac_id, data->ck, EAP_PAX_CK_LEN,
data->rand.r.x, EAP_PAX_RAND_LEN,
data->rand.r.y, EAP_PAX_RAND_LEN,
(u8 *) data->cid, data->cid_len, rpos);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(A, B, CID)",
rpos, EAP_PAX_MAC_LEN);
/* Optional ADE could be added here, if needed */
rpos = wpabuf_put(resp, EAP_PAX_ICV_LEN);
eap_pax_mac(req->mac_id, data->ick, EAP_PAX_ICK_LEN,
wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
NULL, 0, NULL, 0, rpos);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
data->state = PAX_STD_2_SENT;
data->mac_id = req->mac_id;
data->dh_group_id = req->dh_group_id;
data->public_key_id = req->public_key_id;
return resp;
}
static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
const u8 *buf, size_t len)
{
const u8 *pos, *end;
tlsv1_client_free_dh(conn);
pos = buf;
end = buf + len;
if (end - pos < 3)
goto fail;
conn->dh_p_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_p_len == 0 || end - pos < (int) conn->dh_p_len) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid dh_p length %lu",
(unsigned long) conn->dh_p_len);
goto fail;
}
conn->dh_p = os_malloc(conn->dh_p_len);
if (conn->dh_p == NULL)
goto fail;
os_memcpy(conn->dh_p, pos, conn->dh_p_len);
pos += conn->dh_p_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH p (prime)",
conn->dh_p, conn->dh_p_len);
if (end - pos < 3)
goto fail;
conn->dh_g_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_g_len == 0 || end - pos < (int) conn->dh_g_len)
goto fail;
conn->dh_g = os_malloc(conn->dh_g_len);
if (conn->dh_g == NULL)
goto fail;
os_memcpy(conn->dh_g, pos, conn->dh_g_len);
pos += conn->dh_g_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH g (generator)",
conn->dh_g, conn->dh_g_len);
if (conn->dh_g_len == 1 && conn->dh_g[0] < 2)
goto fail;
if (end - pos < 3)
goto fail;
conn->dh_ys_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_ys_len == 0 || end - pos < (int) conn->dh_ys_len)
goto fail;
conn->dh_ys = os_malloc(conn->dh_ys_len);
if (conn->dh_ys == NULL)
goto fail;
os_memcpy(conn->dh_ys, pos, conn->dh_ys_len);
pos += conn->dh_ys_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH Ys (server's public value)",
conn->dh_ys, conn->dh_ys_len);
return 0;
fail:
wpa_printf(MSG_DEBUG, "TLSv1: Processing DH params failed");
tlsv1_client_free_dh(conn);
return -1;
}
int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
int tlv_type, u8 *pos, int len)
{
switch (tlv_type) {
case EAP_TLV_EAP_PAYLOAD_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: EAP-Payload TLV",
pos, len);
if (tlv->eap_payload_tlv) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"EAP-Payload TLV in the message");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
tlv->eap_payload_tlv = pos;
tlv->eap_payload_tlv_len = len;
break;
case EAP_TLV_RESULT_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Result TLV", pos, len);
if (tlv->result) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"Result TLV in the message");
tlv->result = EAP_TLV_RESULT_FAILURE;
return -2;
}
if (len < 2) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
"Result TLV");
tlv->result = EAP_TLV_RESULT_FAILURE;
break;
}
tlv->result = WPA_GET_BE16(pos);
if (tlv->result != EAP_TLV_RESULT_SUCCESS &&
tlv->result != EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Result %d",
tlv->result);
tlv->result = EAP_TLV_RESULT_FAILURE;
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Result: %s",
tlv->result == EAP_TLV_RESULT_SUCCESS ?
"Success" : "Failure");
break;
case EAP_TLV_INTERMEDIATE_RESULT_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Intermediate Result TLV",
pos, len);
if (len < 2) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
"Intermediate-Result TLV");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
break;
}
if (tlv->iresult) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"Intermediate-Result TLV in the message");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
tlv->iresult = WPA_GET_BE16(pos);
if (tlv->iresult != EAP_TLV_RESULT_SUCCESS &&
tlv->iresult != EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Intermediate "
"Result %d", tlv->iresult);
tlv->iresult = EAP_TLV_RESULT_FAILURE;
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Intermediate Result: %s",
tlv->iresult == EAP_TLV_RESULT_SUCCESS ?
"Success" : "Failure");
break;
case EAP_TLV_CRYPTO_BINDING_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV",
pos, len);
if (tlv->crypto_binding) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"Crypto-Binding TLV in the message");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
tlv->crypto_binding_len = sizeof(struct eap_tlv_hdr) + len;
if (tlv->crypto_binding_len < sizeof(*tlv->crypto_binding)) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
"Crypto-Binding TLV");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
tlv->crypto_binding = (struct eap_tlv_crypto_binding_tlv *)
(pos - sizeof(struct eap_tlv_hdr));
break;
case EAP_TLV_REQUEST_ACTION_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Request-Action TLV",
pos, len);
if (tlv->request_action) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"Request-Action TLV in the message");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
if (len < 2) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
"Request-Action TLV");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
break;
}
tlv->request_action = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-FAST: Request-Action: %d",
tlv->request_action);
break;
case EAP_TLV_PAC_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: PAC TLV", pos, len);
if (tlv->pac) {
wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
"PAC TLV in the message");
tlv->iresult = EAP_TLV_RESULT_FAILURE;
return -2;
}
tlv->pac = pos;
tlv->pac_len = len;
break;
default:
/* Unknown TLV */
return -1;
}
return 0;
}
static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
const u8 *in_data, size_t *in_len)
{
const u8 *pos, *end;
size_t left, len, i;
u16 cipher_suite;
u16 tls_version;
if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
"received content type 0x%x", ct);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
pos = in_data;
left = *in_len;
if (left < 4)
goto decode_error;
/* HandshakeType msg_type */
if (*pos != TLS_HANDSHAKE_TYPE_SERVER_HELLO) {
wpa_printf(MSG_DEBUG, "TLSv1: Received unexpected handshake "
"message %d (expected ServerHello)", *pos);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_UNEXPECTED_MESSAGE);
return -1;
}
wpa_printf(MSG_DEBUG, "TLSv1: Received ServerHello");
pos++;
/* uint24 length */
len = WPA_GET_BE24(pos);
pos += 3;
left -= 4;
if (len > left)
goto decode_error;
/* body - ServerHello */
wpa_hexdump(MSG_MSGDUMP, "TLSv1: ServerHello", pos, len);
end = pos + len;
/* ProtocolVersion server_version */
if (end - pos < 2)
goto decode_error;
tls_version = WPA_GET_BE16(pos);
if (!tls_version_ok(tls_version)) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
"ServerHello %u.%u", pos[0], pos[1]);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_PROTOCOL_VERSION);
return -1;
}
pos += 2;
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
tls_version_str(tls_version));
conn->rl.tls_version = tls_version;
/* Random random */
if (end - pos < TLS_RANDOM_LEN)
goto decode_error;
os_memcpy(conn->server_random, pos, TLS_RANDOM_LEN);
pos += TLS_RANDOM_LEN;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: server_random",
conn->server_random, TLS_RANDOM_LEN);
/* SessionID session_id */
if (end - pos < 1)
goto decode_error;
if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN)
goto decode_error;
if (conn->session_id_len && conn->session_id_len == *pos &&
os_memcmp(conn->session_id, pos + 1, conn->session_id_len) == 0) {
pos += 1 + conn->session_id_len;
wpa_printf(MSG_DEBUG, "TLSv1: Resuming old session");
conn->session_resumed = 1;
} else {
conn->session_id_len = *pos;
pos++;
os_memcpy(conn->session_id, pos, conn->session_id_len);
pos += conn->session_id_len;
}
wpa_hexdump(MSG_MSGDUMP, "TLSv1: session_id",
conn->session_id, conn->session_id_len);
/* CipherSuite cipher_suite */
if (end - pos < 2)
goto decode_error;
cipher_suite = WPA_GET_BE16(pos);
pos += 2;
for (i = 0; i < conn->num_cipher_suites; i++) {
if (cipher_suite == conn->cipher_suites[i])
break;
}
if (i == conn->num_cipher_suites) {
wpa_printf(MSG_INFO, "TLSv1: Server selected unexpected "
"cipher suite 0x%04x", cipher_suite);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_ILLEGAL_PARAMETER);
return -1;
}
if (conn->session_resumed && cipher_suite != conn->prev_cipher_suite) {
wpa_printf(MSG_DEBUG, "TLSv1: Server selected a different "
"cipher suite for a resumed connection (0x%04x != "
"0x%04x)", cipher_suite, conn->prev_cipher_suite);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_ILLEGAL_PARAMETER);
return -1;
}
if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to set CipherSuite for "
"record layer");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
conn->prev_cipher_suite = cipher_suite;
/* CompressionMethod compression_method */
if (end - pos < 1)
goto decode_error;
if (*pos != TLS_COMPRESSION_NULL) {
wpa_printf(MSG_INFO, "TLSv1: Server selected unexpected "
"compression 0x%02x", *pos);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_ILLEGAL_PARAMETER);
return -1;
}
pos++;
if (end != pos) {
/* TODO: ServerHello extensions */
wpa_hexdump(MSG_DEBUG, "TLSv1: Unexpected extra data in the "
"end of ServerHello", pos, end - pos);
goto decode_error;
}
if (conn->session_ticket_included && conn->session_ticket_cb) {
/* TODO: include SessionTicket extension if one was included in
* ServerHello */
int res = conn->session_ticket_cb(
conn->session_ticket_cb_ctx, NULL, 0,
conn->client_random, conn->server_random,
conn->master_secret);
if (res < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: SessionTicket callback "
"indicated failure");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_HANDSHAKE_FAILURE);
return -1;
}
conn->use_session_ticket = !!res;
}
if ((conn->session_resumed || conn->use_session_ticket) &&
tls_derive_keys(conn, NULL, 0)) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to derive keys");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
*in_len = end - in_data;
conn->state = (conn->session_resumed || conn->use_session_ticket) ?
SERVER_CHANGE_CIPHER_SPEC : SERVER_CERTIFICATE;
return 0;
decode_error:
wpa_printf(MSG_DEBUG, "TLSv1: Failed to decode ServerHello");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
return -1;
}
unsigned int p2p_is_indoor_device(struct p2p_peer_info *peer)
{
int cat, sub;
if (!peer)
return 0;
cat = WPA_GET_BE16(peer->pri_dev_type);
sub = WPA_GET_BE16(&peer->pri_dev_type[6]);
switch (cat) {
case WPS_DEV_COMPUTER:
switch (sub) {
case WPS_DEV_COMPUTER_SERVER:
case WPS_DEV_COMPUTER_MEDIA_CENTER:
case WPS_DEV_COMPUTER_DESKTOP:
return 1;
case WPS_DEV_COMPUTER_PC:
case WPS_DEV_COMPUTER_ULTRA_MOBILE:
case WPS_DEV_COMPUTER_NOTEBOOK:
case WPS_DEV_COMPUTER_MID:
default:
return 0;
}
break;
case WPS_DEV_MULTIMEDIA:
switch (sub) {
case WPS_DEV_MULTIMEDIA_DAR:
case WPS_DEV_MULTIMEDIA_PVR:
case WPS_DEV_MULTIMEDIA_MCX:
case WPS_DEV_MULTIMEDIA_SET_TOP_BOX:
case WPS_DEV_MULTIMEDIA_MEDIA_SERVER:
return 1;
case WPS_DEV_MULTIMEDIA_PORTABLE_VIDEO_PLAYER:
default:
return 0;
}
break;
case WPS_DEV_GAMING:
switch (sub) {
case WPS_DEV_GAMING_XBOX:
case WPS_DEV_GAMING_XBOX360:
case WPS_DEV_GAMING_PLAYSTATION:
case WPS_DEV_GAMING_GAME_CONSOLE:
return 1;
case WPS_DEV_GAMING_PORTABLE_DEVICE:
default:
return 0;
}
break;
case WPS_DEV_PRINTER:
case WPS_DEV_DISPLAY:
case WPS_DEV_NETWORK_INFRA:
case WPS_DEV_STORAGE:
return 1;
case WPS_DEV_INPUT:
case WPS_DEV_CAMERA:
case WPS_DEV_PHONE:
case WPS_DEV_AUDIO:
default:
return 0;
}
return 0;
}
static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
const u8 *buf, size_t len,
tls_key_exchange key_exchange)
{
const u8 *pos, *end, *server_params, *server_params_end;
u8 alert;
unsigned int bits;
tlsv1_client_free_dh(conn);
pos = buf;
end = buf + len;
if (end - pos < 3)
goto fail;
server_params = pos;
conn->dh_p_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_p_len == 0 || conn->dh_p_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid dh_p length %lu",
(unsigned long) conn->dh_p_len);
goto fail;
}
bits = count_bits(pos, conn->dh_p_len);
if (bits < 768) {
wpa_printf(MSG_INFO, "TLSv1: Reject under 768-bit DH prime (insecure; only %u bits)",
bits);
wpa_hexdump(MSG_DEBUG, "TLSv1: Rejected DH prime",
pos, conn->dh_p_len);
goto fail;
}
conn->dh_p = os_malloc(conn->dh_p_len);
if (conn->dh_p == NULL)
goto fail;
os_memcpy(conn->dh_p, pos, conn->dh_p_len);
pos += conn->dh_p_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH p (prime)",
conn->dh_p, conn->dh_p_len);
if (end - pos < 3)
goto fail;
conn->dh_g_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_g_len == 0 || conn->dh_g_len > (size_t) (end - pos))
goto fail;
conn->dh_g = os_malloc(conn->dh_g_len);
if (conn->dh_g == NULL)
goto fail;
os_memcpy(conn->dh_g, pos, conn->dh_g_len);
pos += conn->dh_g_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH g (generator)",
conn->dh_g, conn->dh_g_len);
if (conn->dh_g_len == 1 && conn->dh_g[0] < 2)
goto fail;
if (end - pos < 3)
goto fail;
conn->dh_ys_len = WPA_GET_BE16(pos);
pos += 2;
if (conn->dh_ys_len == 0 || conn->dh_ys_len > (size_t) (end - pos))
goto fail;
conn->dh_ys = os_malloc(conn->dh_ys_len);
if (conn->dh_ys == NULL)
goto fail;
os_memcpy(conn->dh_ys, pos, conn->dh_ys_len);
pos += conn->dh_ys_len;
wpa_hexdump(MSG_DEBUG, "TLSv1: DH Ys (server's public value)",
conn->dh_ys, conn->dh_ys_len);
server_params_end = pos;
if (key_exchange == TLS_KEY_X_DHE_RSA) {
u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN];
int hlen;
if (conn->rl.tls_version == TLS_VERSION_1_2) {
#ifdef CONFIG_TLSV12
/*
* RFC 5246, 4.7:
* TLS v1.2 adds explicit indication of the used
* signature and hash algorithms.
*
* struct {
* HashAlgorithm hash;
* SignatureAlgorithm signature;
* } SignatureAndHashAlgorithm;
*/
if (end - pos < 2)
goto fail;
if (pos[0] != TLS_HASH_ALG_SHA256 ||
pos[1] != TLS_SIGN_ALG_RSA) {
wpa_printf(MSG_DEBUG, "TLSv1.2: Unsupported hash(%u)/signature(%u) algorithm",
pos[0], pos[1]);
goto fail;
}
pos += 2;
hlen = tlsv12_key_x_server_params_hash(
conn->rl.tls_version, conn->client_random,
conn->server_random, server_params,
server_params_end - server_params, hash);
#else /* CONFIG_TLSV12 */
goto fail;
#endif /* CONFIG_TLSV12 */
} else {
hlen = tls_key_x_server_params_hash(
conn->rl.tls_version, conn->client_random,
conn->server_random, server_params,
server_params_end - server_params, hash);
}
if (hlen < 0)
goto fail;
wpa_hexdump(MSG_MSGDUMP, "TLSv1: ServerKeyExchange hash",
hash, hlen);
if (tls_verify_signature(conn->rl.tls_version,
conn->server_rsa_key,
hash, hlen, pos, end - pos,
&alert) < 0)
goto fail;
}
return 0;
fail:
wpa_printf(MSG_DEBUG, "TLSv1: Processing DH params failed");
tlsv1_client_free_dh(conn);
return -1;
}
static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
const struct wpabuf *msg)
{
struct wps_parse_attr attr;
u16 config_error;
wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
if (wps_parse_msg(msg, &attr) < 0)
return WPS_FAILURE;
if (attr.msg_type == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
return WPS_FAILURE;
}
if (*attr.msg_type != WPS_WSC_NACK) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
*attr.msg_type);
return WPS_FAILURE;
}
if (attr.registrar_nonce == NULL ||
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
{
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
attr.registrar_nonce, WPS_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: Expected Registrar Nonce",
wps->nonce_r, WPS_NONCE_LEN);
return WPS_FAILURE;
}
if (attr.enrollee_nonce == NULL ||
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
attr.enrollee_nonce, WPS_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: Expected Enrollee Nonce",
wps->nonce_e, WPS_NONCE_LEN);
return WPS_FAILURE;
}
if (attr.config_error == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
"in WSC_NACK");
return WPS_FAILURE;
}
config_error = WPA_GET_BE16(attr.config_error);
wpa_printf(MSG_DEBUG, "WPS: Registrar terminated negotiation with "
"Configuration Error %d", config_error);
switch (wps->state) {
case RECV_M4:
wps_fail_event(wps->wps, WPS_M3, config_error,
wps->error_indication);
break;
case RECV_M6:
wps_fail_event(wps->wps, WPS_M5, config_error,
wps->error_indication);
break;
case RECV_M8:
wps_fail_event(wps->wps, WPS_M7, config_error,
wps->error_indication);
break;
default:
break;
}
/* Followed by NACK if Enrollee is Supplicant or EAP-Failure if
* Enrollee is Authenticator */
wps->state = SEND_WSC_NACK;
return WPS_FAILURE;
}
/**
* tlsv1_server_handshake - Process TLS handshake
* @conn: TLSv1 server connection data from tlsv1_server_init()
* @in_data: Input data from TLS peer
* @in_len: Input data length
* @out_len: Length of the output buffer.
* Returns: Pointer to output data, %NULL on failure
*/
u8 * tlsv1_server_handshake(struct tlsv1_server *conn,
const u8 *in_data, size_t in_len,
size_t *out_len)
{
const u8 *pos, *end;
u8 *msg = NULL, *in_msg, *in_pos, *in_end, alert, ct;
size_t in_msg_len;
if (in_data == NULL || in_len == 0) {
wpa_printf(MSG_DEBUG, "TLSv1: No input data to server");
return NULL;
}
pos = in_data;
end = in_data + in_len;
in_msg = os_malloc(in_len);
if (in_msg == NULL)
return NULL;
/* Each received packet may include multiple records */
while (pos < end) {
in_msg_len = in_len;
if (tlsv1_record_receive(&conn->rl, pos, end - pos,
in_msg, &in_msg_len, &alert)) {
wpa_printf(MSG_DEBUG, "TLSv1: Processing received "
"record failed");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
goto failed;
}
ct = pos[0];
in_pos = in_msg;
in_end = in_msg + in_msg_len;
/* Each received record may include multiple messages of the
* same ContentType. */
while (in_pos < in_end) {
in_msg_len = in_end - in_pos;
if (tlsv1_server_process_handshake(conn, ct, in_pos,
&in_msg_len) < 0)
goto failed;
in_pos += in_msg_len;
}
pos += TLS_RECORD_HEADER_LEN + WPA_GET_BE16(pos + 3);
}
os_free(in_msg);
in_msg = NULL;
msg = tlsv1_server_handshake_write(conn, out_len);
failed:
os_free(in_msg);
if (conn->alert_level) {
if (conn->state == FAILED) {
/* Avoid alert loops */
wpa_printf(MSG_DEBUG, "TLSv1: Drop alert loop");
os_free(msg);
return NULL;
}
conn->state = FAILED;
os_free(msg);
msg = tlsv1_server_send_alert(conn, conn->alert_level,
conn->alert_description,
out_len);
}
return msg;
}
static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
struct eap_fast_data *data,
struct wpabuf *in_data)
{
struct eap_fast_tlv_parse tlv;
int check_crypto_binding = data->state == CRYPTO_BINDING;
if (eap_fast_parse_tlvs(in_data, &tlv) < 0) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to parse received "
"Phase 2 TLVs");
return;
}
if (tlv.result == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Result TLV indicated "
"failure");
eap_fast_state(data, FAILURE);
return;
}
if (data->state == REQUEST_PAC) {
u16 type, len, res;
if (tlv.pac == NULL || tlv.pac_len < 6) {
wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC "
"Acknowledgement received");
eap_fast_state(data, FAILURE);
return;
}
type = WPA_GET_BE16(tlv.pac);
len = WPA_GET_BE16(tlv.pac + 2);
res = WPA_GET_BE16(tlv.pac + 4);
if (type != PAC_TYPE_PAC_ACKNOWLEDGEMENT || len != 2 ||
res != EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV did not "
"contain acknowledgement");
eap_fast_state(data, FAILURE);
return;
}
wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Acknowledgement received "
"- PAC provisioning succeeded");
eap_fast_state(data, (data->anon_provisioning ||
data->send_new_pac == 2) ?
FAILURE : SUCCESS);
return;
}
if (check_crypto_binding) {
if (tlv.crypto_binding == NULL) {
wpa_printf(MSG_DEBUG, "EAP-FAST: No Crypto-Binding "
"TLV received");
eap_fast_state(data, FAILURE);
return;
}
if (data->final_result &&
tlv.result != EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Crypto-Binding TLV "
"without Success Result");
eap_fast_state(data, FAILURE);
return;
}
if (!data->final_result &&
tlv.iresult != EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Crypto-Binding TLV "
"without intermediate Success Result");
eap_fast_state(data, FAILURE);
return;
}
if (eap_fast_validate_crypto_binding(data, tlv.crypto_binding,
tlv.crypto_binding_len)) {
eap_fast_state(data, FAILURE);
return;
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Valid Crypto-Binding TLV "
"received");
if (data->final_result) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
"completed successfully");
}
if (data->anon_provisioning &&
sm->eap_fast_prov != ANON_PROV &&
sm->eap_fast_prov != BOTH_PROV) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
"use unauthenticated provisioning which is "
"disabled");
eap_fast_state(data, FAILURE);
return;
}
if (sm->eap_fast_prov != AUTH_PROV &&
sm->eap_fast_prov != BOTH_PROV &&
tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
eap_fast_pac_type(tlv.pac, tlv.pac_len,
PAC_TYPE_TUNNEL_PAC)) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
"use authenticated provisioning which is "
"disabled");
eap_fast_state(data, FAILURE);
return;
}
if (data->anon_provisioning ||
(tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
eap_fast_pac_type(tlv.pac, tlv.pac_len,
PAC_TYPE_TUNNEL_PAC))) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Requested a new "
"Tunnel PAC");
eap_fast_state(data, REQUEST_PAC);
} else if (data->send_new_pac) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Server triggered "
"re-keying of Tunnel PAC");
eap_fast_state(data, REQUEST_PAC);
} else if (data->final_result)
eap_fast_state(data, SUCCESS);
}
if (tlv.eap_payload_tlv) {
eap_fast_process_phase2_eap(sm, data, tlv.eap_payload_tlv,
tlv.eap_payload_tlv_len);
}
}
/**
* eap_tlv_process - Process a received EAP-TLV message and generate a response
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @ret: Return values from EAP request validation and processing
* @req: EAP-TLV request to be processed. The caller must have validated that
* the buffer is large enough to contain full request (hdr->length bytes) and
* that the EAP type is EAP_TYPE_TLV.
* @resp: Buffer to return a pointer to the allocated response message. This
* field should be initialized to %NULL before the call. The value will be
* updated if a response message is generated. The caller is responsible for
* freeing the allocated message.
* @force_failure: Force negotiation to fail
* Returns: 0 on success, -1 on failure
*/
static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
struct eap_method_ret *ret,
const struct wpabuf *req, struct wpabuf **resp,
int force_failure)
{
size_t left, tlv_len;
const u8 *pos;
const u8 *result_tlv = NULL, *crypto_tlv = NULL;
size_t result_tlv_len = 0, crypto_tlv_len = 0;
int tlv_type, mandatory;
/* Parse TLVs */
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, req, &left);
if (pos == NULL)
return -1;
wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left);
while (left >= 4) {
mandatory = !!(pos[0] & 0x80);
tlv_type = WPA_GET_BE16(pos) & 0x3fff;
pos += 2;
tlv_len = WPA_GET_BE16(pos);
pos += 2;
left -= 4;
if (tlv_len > left) {
wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun "
"(tlv_len=%lu left=%lu)",
(unsigned long) tlv_len,
(unsigned long) left);
return -1;
}
switch (tlv_type) {
case EAP_TLV_RESULT_TLV:
result_tlv = pos;
result_tlv_len = tlv_len;
break;
case EAP_TLV_CRYPTO_BINDING_TLV:
crypto_tlv = pos;
crypto_tlv_len = tlv_len;
break;
default:
wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type "
"%d%s", tlv_type,
mandatory ? " (mandatory)" : "");
if (mandatory) {
/* NAK TLV and ignore all TLVs in this packet.
*/
*resp = eap_tlv_build_nak(eap_get_id(req),
tlv_type);
return *resp == NULL ? -1 : 0;
}
/* Ignore this TLV, but process other TLVs */
break;
}
pos += tlv_len;
left -= tlv_len;
}
if (left) {
wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in "
"Request (left=%lu)", (unsigned long) left);
return -1;
}
/* Process supported TLVs */
if (crypto_tlv && data->crypto_binding != NO_BINDING) {
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV",
crypto_tlv, crypto_tlv_len);
if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
crypto_tlv_len + 4) < 0) {
if (result_tlv == NULL)
return -1;
force_failure = 1;
crypto_tlv = NULL; /* do not include Cryptobinding TLV
* in response, if the received
* cryptobinding was invalid. */
}
} else if (!crypto_tlv && data->crypto_binding == REQUIRE_BINDING) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV");
return -1;
}
if (result_tlv) {
int status, resp_status;
wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV",
result_tlv, result_tlv_len);
if (result_tlv_len < 2) {
wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV "
"(len=%lu)",
(unsigned long) result_tlv_len);
return -1;
}
status = WPA_GET_BE16(result_tlv);
if (status == EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
"- EAP-TLV/Phase2 Completed");
if (force_failure) {
wpa_printf(MSG_INFO, "EAP-TLV: Earlier failure"
" - force failed Phase 2");
resp_status = EAP_TLV_RESULT_FAILURE;
ret->decision = DECISION_FAIL;
} else {
resp_status = EAP_TLV_RESULT_SUCCESS;
ret->decision = DECISION_UNCOND_SUCC;
}
} else if (status == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure");
resp_status = EAP_TLV_RESULT_FAILURE;
ret->decision = DECISION_FAIL;
} else {
wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result "
"Status %d", status);
resp_status = EAP_TLV_RESULT_FAILURE;
ret->decision = DECISION_FAIL;
}
ret->methodState = METHOD_DONE;
*resp = eap_tlv_build_result(sm, data, crypto_tlv != NULL,
eap_get_id(req), resp_status);
}
return 0;
}