/** * eap_tls_process_input - Process incoming TLS message * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() * @data: Data for TLS processing * @in_data: Message received from the server * @in_len: Length of in_data * @out_data: Buffer for returning a pointer to application data (if available) * Returns: 0 on success, 1 if more input data is needed, 2 if application data * is available, -1 on failure */ static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data, size_t in_len, struct wpabuf **out_data) { const u8 *msg; size_t msg_len; int need_more_input; u8 *appl_data; size_t appl_data_len; msg = eap_peer_tls_data_reassemble(data, in_data, in_len, &msg_len, &need_more_input); if (msg == NULL) return need_more_input ? 1 : -1; /* Full TLS message reassembled - continue handshake processing */ if (data->tls_out) { /* This should not happen.. */ wpa_printf(MSG_INFO, "SSL: eap_tls_process_input - pending " "tls_out data even though tls_out_len = 0"); os_free(data->tls_out); WPA_ASSERT(data->tls_out == NULL); } appl_data = NULL; data->tls_out = tls_connection_handshake(sm->ssl_ctx, data->conn, msg, msg_len, &data->tls_out_len, &appl_data, &appl_data_len); eap_peer_tls_reset_input(data); if (appl_data && tls_connection_established(sm->ssl_ctx, data->conn) && !tls_connection_get_failed(sm->ssl_ctx, data->conn)) { wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application data", appl_data, appl_data_len); *out_data = wpabuf_alloc_ext_data(appl_data, appl_data_len); if (*out_data == NULL) { os_free(appl_data); return -1; } return 2; } os_free(appl_data); return 0; }
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data, size_t in_len, u8 **out_data, size_t *out_len) { const u8 *msg; size_t msg_len; int need_more_input; u8 *appl_data; size_t appl_data_len; msg = eap_tls_data_reassemble(sm, data, in_data, in_len, &msg_len, &need_more_input); if (msg == NULL) return need_more_input ? 1 : -1; /* Full TLS message reassembled - continue handshake processing */ if (data->tls_out) { /* This should not happen.. */ wpa_printf(MSG_INFO, "SSL: eap_tls_process_helper - pending " "tls_out data even though tls_out_len = 0"); os_free(data->tls_out); WPA_ASSERT(data->tls_out == NULL); } appl_data = NULL; data->tls_out = tls_connection_handshake(sm->ssl_ctx, data->conn, msg, msg_len, &data->tls_out_len, &appl_data, &appl_data_len); /* Clear reassembled input data (if the buffer was needed). */ data->tls_in_left = data->tls_in_total = data->tls_in_len = 0; os_free(data->tls_in); data->tls_in = NULL; if (appl_data && tls_connection_established(sm->ssl_ctx, data->conn) && !tls_connection_get_failed(sm->ssl_ctx, data->conn)) { wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application data", appl_data, appl_data_len); *out_data = appl_data; *out_len = appl_data_len; return 2; } os_free(appl_data); return 0; }
static u8 * eap_tls_build_req(struct eap_sm *sm, struct eap_tls_data *data, int id, size_t *reqDataLen) { int res; u8 *req; res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, &req, reqDataLen); if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); data->state = SUCCESS; } if (res == 1) return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_TLS, 0); return req; }
static u8 * eap_tls_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const u8 *reqData, size_t reqDataLen, size_t *respDataLen) { const struct eap_hdr *req; size_t left; int res; u8 flags, *resp, id; const u8 *pos; struct eap_tls_data *data = priv; pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret, reqData, reqDataLen, &left, &flags); if (pos == NULL) return NULL; req = (const struct eap_hdr *) reqData; id = req->identifier; if (flags & EAP_TLS_FLAGS_START) { wpa_printf(MSG_DEBUG, "EAP-TLS: Start"); left = 0; /* make sure that this frame is empty, even though it * should always be, anyway */ } resp = NULL; res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos, left, &resp, respDataLen); if (res < 0) { return eap_tls_failure(sm, data, ret, res, resp, id, respDataLen); } if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) eap_tls_success(sm, data, ret); if (res == 1) { return eap_tls_build_ack(&data->ssl, respDataLen, id, EAP_TYPE_TLS, 0); } return resp; }
static void eap_peap_process_msg(struct eap_sm *sm, void *priv, const struct wpabuf *respData) { struct eap_peap_data *data = priv; switch (data->state) { case PHASE1: if (eap_server_tls_phase1(sm, &data->ssl) < 0) { eap_peap_state(data, FAILURE); break; } if (data->peap_version >= 2 && tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { if (eap_peapv2_start_phase2(sm, data)) { eap_peap_state(data, FAILURE); break; } } break; case PHASE2_START: eap_peap_state(data, PHASE2_ID); eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); break; case PHASE1_ID2: case PHASE2_ID: case PHASE2_METHOD: case PHASE2_SOH: case PHASE2_TLV: eap_peap_process_phase2(sm, data, respData, data->ssl.in_buf); break; case SUCCESS_REQ: eap_peap_state(data, SUCCESS); break; case FAILURE_REQ: eap_peap_state(data, FAILURE); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", data->state, __func__); break; } }
static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id) { struct eap_tls_data *data = priv; struct wpabuf *res; if (data->ssl.state == FRAG_ACK) { return eap_server_tls_build_ack(id, data->eap_type, 0); } if (data->ssl.state == WAIT_FRAG_ACK) { res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); goto check_established; } switch (data->state) { case START: return eap_tls_build_start(sm, data, id); case CONTINUE: if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) data->established = 1; break; default: wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", __func__, data->state); return NULL; } res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); check_established: if (data->established && data->ssl.state != WAIT_FRAG_ACK) { /* TLS handshake has been completed and there are no more * fragments waiting to be sent out. */ wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); eap_tls_state(data, SUCCESS); eap_tls_valid_session(sm, data); } return res; }
static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const struct wpabuf *reqData) { size_t left; int res; struct wpabuf *resp; u8 flags, id; const u8 *pos; struct eap_tls_data *data = priv; pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret, reqData, &left, &flags); if (pos == NULL) return NULL; id = eap_get_id(reqData); if (flags & EAP_TLS_FLAGS_START) { wpa_printf(MSG_DEBUG, "EAP-TLS: Start"); left = 0; /* make sure that this frame is empty, even though it * should always be, anyway */ } resp = NULL; res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos, left, &resp); if (res < 0) { return eap_tls_failure(sm, data, ret, res, resp, id); } if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) eap_tls_success(sm, data, ret); if (res == 1) { wpabuf_free(resp); return eap_peer_tls_build_ack(id, EAP_TYPE_TLS, 0); } return resp; }
static int eap_fast_process_phase1(struct eap_sm *sm, struct eap_fast_data *data) { if (eap_server_tls_phase1(sm, &data->ssl) < 0) { wpa_printf(MSG_INFO, "EAP-FAST: TLS processing failed"); eap_fast_state(data, FAILURE); return -1; } if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || wpabuf_len(data->ssl.tls_out) > 0) return 1; /* * Phase 1 was completed with the received message (e.g., when using * abbreviated handshake), so Phase 2 can be started immediately * without having to send through an empty message to the peer. */ return eap_fast_phase1_done(sm, data); }
static u8 * eap_peap_build_req(struct eap_sm *sm, struct eap_peap_data *data, int id, size_t *reqDataLen) { int res; u8 *req; res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, id, &req, reqDataLen); if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, starting " "Phase2"); eap_peap_state(data, PHASE2_START); } if (res == 1) return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_PEAP, data->peap_version); return req; }
static void eap_tls_process(struct eap_sm *sm, void *priv, struct wpabuf *respData) { struct eap_tls_data *data = priv; const struct wpabuf *buf; const u8 *pos; if (eap_server_tls_process(sm, &data->ssl, respData, data, data->eap_type, NULL, eap_tls_process_msg) < 0) { eap_tls_state(data, FAILURE); return; } if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) return; buf = tls_connection_get_success_data(data->ssl.conn); if (!buf || wpabuf_len(buf) < 1) { wpa_printf(MSG_DEBUG, "EAP-TLS: No success data in resumed session - reject attempt"); eap_tls_state(data, FAILURE); return; } pos = wpabuf_head(buf); if (*pos != data->eap_type) { wpa_printf(MSG_DEBUG, "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt", *pos); eap_tls_state(data, FAILURE); return; } wpa_printf(MSG_DEBUG, "EAP-TLS: Resuming previous session"); eap_tls_state(data, SUCCESS); tls_connection_set_success_data_resumed(data->ssl.conn); }
static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) { struct eap_peap_data *data = priv; return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && data->phase2_success; }
static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const struct wpabuf *reqData) { const struct eap_hdr *req; size_t left; int res; u8 flags, id; struct wpabuf *resp; const u8 *pos; struct eap_peap_data *data = priv; pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret, reqData, &left, &flags); if (pos == NULL) return NULL; req = wpabuf_head(reqData); id = req->identifier; if (flags & EAP_TLS_FLAGS_START) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own " "ver=%d)", flags & EAP_TLS_VERSION_MASK, data->peap_version); if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version) data->peap_version = flags & EAP_TLS_VERSION_MASK; if (data->force_peap_version >= 0 && data->force_peap_version != data->peap_version) { wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select " "forced PEAP version %d", data->force_peap_version); ret->methodState = METHOD_DONE; ret->decision = DECISION_FAIL; ret->allowNotifications = FALSE; return NULL; } wpa_printf(MSG_DEBUG, "EAP-PEAP: Using PEAP version %d", data->peap_version); left = 0; /* make sure that this frame is empty, even though it * should always be, anyway */ } resp = NULL; if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && !data->resuming) { struct wpabuf msg; wpabuf_set(&msg, pos, left); res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp); } else { res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, id, pos, left, &resp); if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { char *label; wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS done, proceed to Phase 2"); os_free(data->key_data); /* draft-josefsson-ppext-eap-tls-eap-05.txt * specifies that PEAPv1 would use "client PEAP * encryption" as the label. However, most existing * PEAPv1 implementations seem to be using the old * label, "client EAP encryption", instead. Use the old * label by default, but allow it to be configured with * phase1 parameter peaplabel=1. */ if (data->peap_version > 1 || data->force_new_label) label = "client PEAP encryption"; else label = "client EAP encryption"; wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in " "key derivation", label); data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label, EAP_TLS_KEY_LEN); if (data->key_data) { wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Derived key", data->key_data, EAP_TLS_KEY_LEN); } else { wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to " "derive key"); } if (sm->workaround && data->resuming) { /* * At least few RADIUS servers (Aegis v1.1.6; * but not v1.1.4; and Cisco ACS) seem to be * terminating PEAPv1 (Aegis) or PEAPv0 (Cisco * ACS) session resumption with outer * EAP-Success. This does not seem to follow * draft-josefsson-pppext-eap-tls-eap-05.txt * section 4.2, so only allow this if EAP * workarounds are enabled. */ wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - " "allow outer EAP-Success to " "terminate PEAP resumption"); ret->decision = DECISION_COND_SUCC; data->phase2_success = 1; } data->resuming = 0; } if (res == 2) { struct wpabuf msg; /* * Application data included in the handshake message. */ wpabuf_free(data->pending_phase2_req); data->pending_phase2_req = resp; resp = NULL; wpabuf_set(&msg, pos, left); res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp); } } if (ret->methodState == METHOD_DONE) { ret->allowNotifications = FALSE; } if (res == 1) { wpabuf_free(resp); return eap_peer_tls_build_ack(id, EAP_TYPE_PEAP, data->peap_version); } return resp; }
static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id) { struct eap_fast_data *data = priv; struct wpabuf *req = NULL; int piggyback = 0; if (data->ssl.state == FRAG_ACK) { return eap_server_tls_build_ack(id, EAP_TYPE_FAST, data->fast_version); } if (data->ssl.state == WAIT_FRAG_ACK) { return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_FAST, data->fast_version, id); } switch (data->state) { case START: return eap_fast_build_start(sm, data, id); case PHASE1: if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { if (eap_fast_phase1_done(sm, data) < 0) return NULL; if (data->state == PHASE2_START) { /* * Try to generate Phase 2 data to piggyback * with the end of Phase 1 to avoid extra * roundtrip. */ wpa_printf(MSG_DEBUG, "EAP-FAST: Try to start " "Phase 2"); if (eap_fast_process_phase2_start(sm, data)) break; req = eap_fast_build_phase2_req(sm, data, id); piggyback = 1; } } break; case PHASE2_ID: case PHASE2_METHOD: req = eap_fast_build_phase2_req(sm, data, id); break; case CRYPTO_BINDING: req = eap_fast_build_crypto_binding(sm, data); if (data->phase2_method) { /* * Include the start of the next EAP method in the * sequence in the same message with Crypto-Binding to * save a round-trip. */ struct wpabuf *eap; eap = eap_fast_build_phase2_req(sm, data, id); req = wpabuf_concat(req, eap); eap_fast_state(data, PHASE2_METHOD); } break; case REQUEST_PAC: req = eap_fast_build_pac(sm, data); break; default: wpa_printf(MSG_DEBUG, "EAP-FAST: %s - unexpected state %d", __func__, data->state); return NULL; } if (req && eap_fast_encrypt_phase2(sm, data, req, piggyback) < 0) return NULL; return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_FAST, data->fast_version, id); }
/** * eap_tls_process_output - Process outgoing TLS message * @data: Data for TLS processing * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) * @peap_version: Version number for EAP-PEAP/TTLS * @id: EAP identifier for the response * @ret: Return value to use on success * @out_data: Buffer for returning the allocated output buffer * Returns: ret (0 or 1) on success, -1 on failure */ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, int ret, struct wpabuf **out_data) { size_t len; u8 *flags; int more_fragments, length_included; if (data->tls_out == NULL) return -1; len = wpabuf_len(data->tls_out) - data->tls_out_pos; wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total " "%lu bytes)", (unsigned long) len, (unsigned long) wpabuf_len(data->tls_out)); /* * Limit outgoing message to the configured maximum size. Fragment * message if needed. */ if (len > data->tls_out_limit) { more_fragments = 1; len = data->tls_out_limit; wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments " "will follow", (unsigned long) len); } else more_fragments = 0; length_included = data->tls_out_pos == 0 && (wpabuf_len(data->tls_out) > data->tls_out_limit || data->include_tls_length); if (!length_included && eap_type == EAP_TYPE_PEAP && peap_version == 0 && !tls_connection_established(data->eap->ssl_ctx, data->conn)) { /* * Windows Server 2008 NPS really wants to have the TLS Message * length included in phase 0 even for unfragmented frames or * it will get very confused with Compound MAC calculation and * Outer TLVs. */ length_included = 1; } *out_data = eap_tls_msg_alloc(eap_type, 1 + length_included * 4 + len, EAP_CODE_RESPONSE, id); if (*out_data == NULL) return -1; flags = wpabuf_put(*out_data, 1); *flags = peap_version; if (more_fragments) *flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS; if (length_included) { *flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED; wpabuf_put_be32(*out_data, wpabuf_len(data->tls_out)); } wpabuf_put_data(*out_data, wpabuf_head_u8(data->tls_out) + data->tls_out_pos, len); data->tls_out_pos += len; if (!more_fragments) eap_peer_tls_reset_output(data); return ret; }
static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id) { struct eap_peap_data *data = priv; if (data->ssl.state == FRAG_ACK) { return eap_server_tls_build_ack(id, EAP_TYPE_PEAP, data->peap_version); } if (data->ssl.state == WAIT_FRAG_ACK) { return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, data->peap_version, id); } switch (data->state) { case START: return eap_peap_build_start(sm, data, id); case PHASE1: case PHASE1_ID2: if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, " "starting Phase2"); eap_peap_state(data, PHASE2_START); } break; case PHASE2_ID: case PHASE2_METHOD: wpabuf_free(data->ssl.tls_out); data->ssl.tls_out_pos = 0; data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id); break; #ifdef EAP_SERVER_TNC case PHASE2_SOH: wpabuf_free(data->ssl.tls_out); data->ssl.tls_out_pos = 0; data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id); break; #endif /* EAP_SERVER_TNC */ case PHASE2_TLV: wpabuf_free(data->ssl.tls_out); data->ssl.tls_out_pos = 0; data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id); break; case SUCCESS_REQ: wpabuf_free(data->ssl.tls_out); data->ssl.tls_out_pos = 0; data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id, 1); break; case FAILURE_REQ: wpabuf_free(data->ssl.tls_out); data->ssl.tls_out_pos = 0; data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id, 0); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", __func__, data->state); return NULL; } return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, data->peap_version, id); }
static Boolean eap_tls_has_reauth_data(struct eap_sm *sm, void *priv) { struct eap_tls_data *data = priv; return tls_connection_established(sm->ssl_ctx, data->ssl.conn); }
static u8 * eap_tls_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const u8 *reqData, size_t reqDataLen, size_t *respDataLen) { struct wpa_ssid *config = eap_get_config(sm); const struct eap_hdr *req; size_t left; int res; u8 flags, *resp, id; const u8 *pos; struct eap_tls_data *data = priv; pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret, reqData, reqDataLen, &left, &flags); if (pos == NULL) return NULL; req = (const struct eap_hdr *) reqData; id = req->identifier; if (flags & EAP_TLS_FLAGS_START) { wpa_printf(MSG_DEBUG, "EAP-TLS: Start"); left = 0; /* make sure that this frame is empty, even though it * should always be, anyway */ } resp = NULL; res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, pos, left, &resp, respDataLen); if (res < 0) { wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed"); ret->methodState = METHOD_MAY_CONT; ret->decision = DECISION_FAIL; if (res == -1) { /* * The TLS handshake failed. So better forget the old * PIN. It may be wrong, we can't be sure but trying * the wrong one again might block it on the card - so * better ask the user again. */ free(config->pin); config->pin = NULL; } if (resp) { /* This is likely an alert message, so send it instead * of just ACKing the error. */ return resp; } return eap_tls_build_ack(&data->ssl, respDataLen, id, EAP_TYPE_TLS, 0); } if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); ret->methodState = METHOD_DONE; ret->decision = DECISION_UNCOND_SUCC; free(data->key_data); data->key_data = eap_tls_derive_key(sm, &data->ssl, "client EAP encryption", EAP_TLS_KEY_LEN); if (data->key_data) { wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key", data->key_data, EAP_TLS_KEY_LEN); } else { wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key"); } } if (res == 1) { return eap_tls_build_ack(&data->ssl, respDataLen, id, EAP_TYPE_TLS, 0); } return resp; }
static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const struct wpabuf *reqData) { const struct eap_hdr *req; size_t left; int res; u8 flags, id; struct wpabuf *resp; const u8 *pos; struct eap_fast_data *data = priv; pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret, reqData, &left, &flags); if (pos == NULL) return NULL; req = wpabuf_head(reqData); id = req->identifier; if (flags & EAP_TLS_FLAGS_START) { if (eap_fast_process_start(sm, data, flags, pos, left) < 0) return NULL; left = 0; /* A-ID is not used in further packet processing */ } resp = NULL; if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && !data->resuming) { /* Process tunneled (encrypted) phase 2 data. */ struct wpabuf msg; wpabuf_set(&msg, pos, left); res = eap_fast_decrypt(sm, data, ret, req, &msg, &resp); if (res < 0) { ret->methodState = METHOD_DONE; ret->decision = DECISION_FAIL; /* * Ack possible Alert that may have caused failure in * decryption. */ res = 1; } } else { /* Continue processing TLS handshake (phase 1). */ res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_FAST, data->fast_version, id, pos, left, &resp); if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { char cipher[80]; wpa_printf(MSG_DEBUG, "EAP-FAST: TLS done, proceed to Phase 2"); if (data->provisioning && (!(data->provisioning_allowed & EAP_FAST_PROV_AUTH) || tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher)) < 0 || os_strstr(cipher, "ADH-") || os_strstr(cipher, "anon"))) { wpa_printf(MSG_DEBUG, "EAP-FAST: Using " "anonymous (unauthenticated) " "provisioning"); data->anon_provisioning = 1; } else data->anon_provisioning = 0; data->resuming = 0; eap_fast_derive_keys(sm, data); } if (res == 2) { struct wpabuf msg; /* * Application data included in the handshake message. */ wpabuf_free(data->pending_phase2_req); data->pending_phase2_req = resp; resp = NULL; wpabuf_set(&msg, pos, left); res = eap_fast_decrypt(sm, data, ret, req, &msg, &resp); } } if (res == 1) { wpabuf_free(resp); return eap_peer_tls_build_ack(id, EAP_TYPE_FAST, data->fast_version); } return resp; }