static void eap_tls_process(struct eap_sm *sm, void *priv, struct wpabuf *respData) { struct eap_tls_data *data = priv; if (eap_server_tls_process(sm, &data->ssl, respData, data, EAP_TYPE_TLS, NULL, eap_tls_process_msg) < 0) eap_tls_state(data, FAILURE); }
static struct wpabuf * eap_tls_build_start(struct eap_sm *sm, struct eap_tls_data *data, u8 id) { struct wpabuf *req; req = eap_tls_msg_alloc(data->eap_type, 1, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for " "request"); eap_tls_state(data, FAILURE); return NULL; } wpabuf_put_u8(req, EAP_TLS_FLAGS_START); eap_tls_state(data, CONTINUE); return req; }
static void eap_tls_process_msg(struct eap_sm *sm, void *priv, const struct wpabuf *respData) { struct eap_tls_data *data = priv; if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) { wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS " "handshake message"); return; } if (eap_server_tls_phase1(sm, &data->ssl) < 0) eap_tls_state(data, FAILURE); }
static void eap_tls_process(struct eap_sm *sm, void *priv, struct wpabuf *respData) { struct eap_tls_data *data = priv; const struct wpabuf *buf; const u8 *pos; if (eap_server_tls_process(sm, &data->ssl, respData, data, data->eap_type, NULL, eap_tls_process_msg) < 0) { eap_tls_state(data, FAILURE); return; } if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) return; buf = tls_connection_get_success_data(data->ssl.conn); if (!buf || wpabuf_len(buf) < 1) { wpa_printf(MSG_DEBUG, "EAP-TLS: No success data in resumed session - reject attempt"); eap_tls_state(data, FAILURE); return; } pos = wpabuf_head(buf); if (*pos != data->eap_type) { wpa_printf(MSG_DEBUG, "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt", *pos); eap_tls_state(data, FAILURE); return; } wpa_printf(MSG_DEBUG, "EAP-TLS: Resuming previous session"); eap_tls_state(data, SUCCESS); tls_connection_set_success_data_resumed(data->ssl.conn); }
static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id) { struct eap_tls_data *data = priv; struct wpabuf *res; if (data->ssl.state == FRAG_ACK) { return eap_server_tls_build_ack(id, data->eap_type, 0); } if (data->ssl.state == WAIT_FRAG_ACK) { res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); goto check_established; } switch (data->state) { case START: return eap_tls_build_start(sm, data, id); case CONTINUE: if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) data->established = 1; break; default: wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", __func__, data->state); return NULL; } res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); check_established: if (data->established && data->ssl.state != WAIT_FRAG_ACK) { /* TLS handshake has been completed and there are no more * fragments waiting to be sent out. */ wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); eap_tls_state(data, SUCCESS); eap_tls_valid_session(sm, data); } return res; }