static void eap_peap_process_msg(struct eap_sm *sm, void *priv, const struct wpabuf *respData) { struct eap_peap_data *data = priv; switch (data->state) { case PHASE1: if (eap_server_tls_phase1(sm, &data->ssl) < 0) { eap_peap_state(data, FAILURE); break; } if (data->peap_version >= 2 && tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { if (eap_peapv2_start_phase2(sm, data)) { eap_peap_state(data, FAILURE); break; } } break; case PHASE2_START: eap_peap_state(data, PHASE2_ID); eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); break; case PHASE1_ID2: case PHASE2_ID: case PHASE2_METHOD: case PHASE2_SOH: case PHASE2_TLV: eap_peap_process_phase2(sm, data, respData, data->ssl.in_buf); break; case SUCCESS_REQ: eap_peap_state(data, SUCCESS); break; case FAILURE_REQ: eap_peap_state(data, FAILURE); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", data->state, __func__); break; } }
static void eap_peap_process_msg(struct eap_sm *sm, void *priv, const struct wpabuf *respData) { struct eap_peap_data *data = priv; switch (data->state) { case PHASE1: if (eap_server_tls_phase1(sm, &data->ssl) < 0) { eap_peap_state(data, FAILURE); break; } break; case PHASE2_START: eap_peap_state(data, PHASE2_ID); eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_IDENTITY); break; case PHASE1_ID2: case PHASE2_ID: case PHASE2_METHOD: case PHASE2_SOH: case PHASE2_TLV: eap_peap_process_phase2(sm, data, respData, data->ssl.tls_in); break; case SUCCESS_REQ: eap_peap_state(data, SUCCESS); break; case FAILURE_REQ: eap_peap_state(data, FAILURE); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", data->state, __func__); break; } }
static void eap_peap_process(struct eap_sm *sm, void *priv, u8 *respData, size_t respDataLen) { struct eap_peap_data *data = priv; struct eap_hdr *resp; u8 *pos, flags; int left; unsigned int tls_msg_len; int peer_version; resp = (struct eap_hdr *) respData; pos = (u8 *) (resp + 1); pos++; flags = *pos++; left = htons(resp->length) - sizeof(struct eap_hdr) - 2; wpa_printf(MSG_DEBUG, "EAP-PEAP: Received packet(len=%lu) - " "Flags 0x%02x", (unsigned long) respDataLen, flags); peer_version = flags & EAP_PEAP_VERSION_MASK; if (data->force_version >= 0 && peer_version != data->force_version) { wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced" " version (forced=%d peer=%d) - reject", data->force_version, peer_version); eap_peap_state(data, FAILURE); return; } if (peer_version < data->peap_version) { wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; " "use version %d", peer_version, data->peap_version, peer_version); data->peap_version = peer_version; } if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { if (left < 4) { wpa_printf(MSG_INFO, "EAP-PEAP: Short frame with TLS " "length"); eap_peap_state(data, FAILURE); return; } tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | pos[3]; wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS Message Length: %d", tls_msg_len); if (data->ssl.tls_in_left == 0) { data->ssl.tls_in_total = tls_msg_len; data->ssl.tls_in_left = tls_msg_len; free(data->ssl.tls_in); data->ssl.tls_in = NULL; data->ssl.tls_in_len = 0; } pos += 4; left -= 4; } switch (data->state) { case PHASE1: if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { wpa_printf(MSG_INFO, "EAP-PEAP: TLS processing " "failed"); eap_peap_state(data, FAILURE); } break; case PHASE2_START: eap_peap_state(data, PHASE2_ID); eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); break; case PHASE2_ID: case PHASE2_METHOD: case PHASE2_TLV: eap_peap_process_phase2(sm, data, resp, pos, left); break; case SUCCESS_REQ: eap_peap_state(data, SUCCESS); break; case FAILURE_REQ: eap_peap_state(data, FAILURE); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", data->state, __func__); break; } if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { wpa_printf(MSG_INFO, "EAP-PEAP: Locally detected fatal error " "in TLS processing"); eap_peap_state(data, FAILURE); } }