int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, struct wpabuf *respData, void *priv, int eap_type, int (*proc_version)(struct eap_sm *sm, void *priv, int peer_version), void (*proc_msg)(struct eap_sm *sm, void *priv, const struct wpabuf *respData)) { const u8 *pos; u8 flags; size_t left; int ret, res = 0; if (eap_type == EAP_UNAUTH_TLS_TYPE) pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, EAP_VENDOR_TYPE_UNAUTH_TLS, respData, &left); else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE) pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW, EAP_VENDOR_WFA_UNAUTH_TLS, respData, &left); else pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData, &left); if (pos == NULL || left < 1) return 0; /* Should not happen - frame already validated */ flags = *pos++; left--; wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - Flags 0x%02x", (unsigned long) wpabuf_len(respData), flags); if (proc_version && proc_version(sm, priv, flags & EAP_TLS_VERSION_MASK) < 0) return -1; ret = eap_server_tls_reassemble(data, flags, &pos, &left); if (ret < 0) { res = -1; goto done; } else if (ret == 1) return 0; if (proc_msg) proc_msg(sm, priv, respData); if (tls_connection_get_write_alerts(sm->ssl_ctx, data->conn) > 1) { wpa_printf(MSG_INFO, "SSL: Locally detected fatal error in " "TLS processing"); res = -1; } done: eap_server_tls_free_in_buf(data); return res; }
static void eap_peap_process(struct eap_sm *sm, void *priv, u8 *respData, size_t respDataLen) { struct eap_peap_data *data = priv; struct eap_hdr *resp; u8 *pos, flags; int left; unsigned int tls_msg_len; int peer_version; resp = (struct eap_hdr *) respData; pos = (u8 *) (resp + 1); pos++; flags = *pos++; left = htons(resp->length) - sizeof(struct eap_hdr) - 2; wpa_printf(MSG_DEBUG, "EAP-PEAP: Received packet(len=%lu) - " "Flags 0x%02x", (unsigned long) respDataLen, flags); peer_version = flags & EAP_PEAP_VERSION_MASK; if (data->force_version >= 0 && peer_version != data->force_version) { wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced" " version (forced=%d peer=%d) - reject", data->force_version, peer_version); eap_peap_state(data, FAILURE); return; } if (peer_version < data->peap_version) { wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; " "use version %d", peer_version, data->peap_version, peer_version); data->peap_version = peer_version; } if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { if (left < 4) { wpa_printf(MSG_INFO, "EAP-PEAP: Short frame with TLS " "length"); eap_peap_state(data, FAILURE); return; } tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | pos[3]; wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS Message Length: %d", tls_msg_len); if (data->ssl.tls_in_left == 0) { data->ssl.tls_in_total = tls_msg_len; data->ssl.tls_in_left = tls_msg_len; free(data->ssl.tls_in); data->ssl.tls_in = NULL; data->ssl.tls_in_len = 0; } pos += 4; left -= 4; } switch (data->state) { case PHASE1: if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { wpa_printf(MSG_INFO, "EAP-PEAP: TLS processing " "failed"); eap_peap_state(data, FAILURE); } break; case PHASE2_START: eap_peap_state(data, PHASE2_ID); eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); break; case PHASE2_ID: case PHASE2_METHOD: case PHASE2_TLV: eap_peap_process_phase2(sm, data, resp, pos, left); break; case SUCCESS_REQ: eap_peap_state(data, SUCCESS); break; case FAILURE_REQ: eap_peap_state(data, FAILURE); break; default: wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", data->state, __func__); break; } if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { wpa_printf(MSG_INFO, "EAP-PEAP: Locally detected fatal error " "in TLS processing"); eap_peap_state(data, FAILURE); } }