static int eap_fast_phase1_done(struct eap_sm *sm, struct eap_fast_data *data)
{
char cipher[64];
wpa_printf(MSG_DEBUG, "EAP-FAST: Phase1 done, starting Phase2");
if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
< 0) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to get cipher "
"information");
eap_fast_state(data, FAILURE);
return -1;
}
data->anon_provisioning = os_strstr(cipher, "ADH") != NULL;
if (data->anon_provisioning) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Anonymous provisioning");
eap_fast_derive_key_provisioning(sm, data);
} else
eap_fast_derive_key_auth(sm, data);
eap_fast_state(data, PHASE2_START);
return 0;
}
int eap_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, char *buf,
size_t buflen, int verbose)
{
char name[128];
int len = 0, ret;
if (tls_get_cipher(sm->ssl_ctx, data->conn, name, sizeof(name)) == 0) {
ret = os_snprintf(buf + len, buflen - len,
"EAP TLS cipher=%s\n", name);
if (ret < 0 || (size_t) ret >= buflen - len)
return len;
len += ret;
}
return len;
}
VMINT vm_tls_get_cipher(VMINT res_id, vm_tls_ciphersuites_enum * cipher)
{
kal_int32 ret;
vm_tls_context_t * ctx_p = NULL;
MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_S, 15, __LINE__);
ctx_p = vm_tls_get_ctx_by_res(res_id);
if (NULL == ctx_p)
{
MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E1, 15, __LINE__);
return VM_TLS_RET_BASE -2;
}
ret = tls_get_cipher((kal_int8)ctx_p->soc_id, (tls_ciphersuites_enum*)cipher);
if (TLS_ERR_NONE != ret)
{
MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E2, 15, __LINE__);
return ret;
}
MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E, 15, __LINE__);
return 0;
}
/**
* eap_peer_tls_status - Get TLS status
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @data: Data for TLS processing
* @buf: Buffer for status information
* @buflen: Maximum buffer length
* @verbose: Whether to include verbose status information
* Returns: Number of bytes written to buf.
*/
int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
char *buf, size_t buflen, int verbose)
{
char version[20], name[128];
int len = 0, ret;
if (tls_get_version(data->ssl_ctx, data->conn, version,
sizeof(version)) < 0)
version[0] = '\0';
if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) < 0)
name[0] = '\0';
ret = os_snprintf(buf + len, buflen - len,
"eap_tls_version=%s\n"
"EAP TLS cipher=%s\n"
"tls_session_reused=%d\n",
version, name,
tls_connection_resumed(data->ssl_ctx, data->conn));
if (os_snprintf_error(buflen - len, ret))
return len;
len += ret;
return len;
}
static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
const struct eap_hdr *req;
size_t left;
int res;
u8 flags, id;
struct wpabuf *resp;
const u8 *pos;
struct eap_fast_data *data = priv;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
reqData, &left, &flags);
if (pos == NULL)
return NULL;
req = wpabuf_head(reqData);
id = req->identifier;
if (flags & EAP_TLS_FLAGS_START) {
if (eap_fast_process_start(sm, data, flags, pos, left) < 0)
return NULL;
left = 0; /* A-ID is not used in further packet processing */
}
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
/* Process tunneled (encrypted) phase 2 data. */
struct wpabuf msg;
wpabuf_set(&msg, pos, left);
res = eap_fast_decrypt(sm, data, ret, req, &msg, &resp);
if (res < 0) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
/*
* Ack possible Alert that may have caused failure in
* decryption.
*/
res = 1;
}
} else {
/* Continue processing TLS handshake (phase 1). */
res = eap_peer_tls_process_helper(sm, &data->ssl,
EAP_TYPE_FAST,
data->fast_version, id, pos,
left, &resp);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char cipher[80];
wpa_printf(MSG_DEBUG,
"EAP-FAST: TLS done, proceed to Phase 2");
if (data->provisioning &&
(!(data->provisioning_allowed &
EAP_FAST_PROV_AUTH) ||
tls_get_cipher(sm->ssl_ctx, data->ssl.conn,
cipher, sizeof(cipher)) < 0 ||
os_strstr(cipher, "ADH-") ||
os_strstr(cipher, "anon"))) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Using "
"anonymous (unauthenticated) "
"provisioning");
data->anon_provisioning = 1;
} else
data->anon_provisioning = 0;
data->resuming = 0;
eap_fast_derive_keys(sm, data);
}
if (res == 2) {
struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
wpabuf_set(&msg, pos, left);
res = eap_fast_decrypt(sm, data, ret, req, &msg,
&resp);
}
}
if (res == 1) {
wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_FAST,
data->fast_version);
}
return resp;
}