eap_server_tls.c (281806) | eap_server_tls.c (289549) |
---|---|
1/* 2 * hostapd / EAP-TLS (RFC 2716) 3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 --- 34 unchanged lines hidden (view full) --- 43 44 45static void eap_tls_state(struct eap_tls_data *data, int state) 46{ 47 wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s", 48 eap_tls_state_txt(data->state), 49 eap_tls_state_txt(state)); 50 data->state = state; | 1/* 2 * hostapd / EAP-TLS (RFC 2716) 3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 --- 34 unchanged lines hidden (view full) --- 43 44 45static void eap_tls_state(struct eap_tls_data *data, int state) 46{ 47 wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s", 48 eap_tls_state_txt(data->state), 49 eap_tls_state_txt(state)); 50 data->state = state; |
51 if (state == FAILURE) 52 tls_connection_remove_session(data->ssl.conn); |
|
51} 52 53 | 53} 54 55 |
56static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data) 57{ 58 struct wpabuf *buf; 59 60 if (!sm->tls_session_lifetime) 61 return; 62 63 buf = wpabuf_alloc(1); 64 if (!buf) 65 return; 66 wpabuf_put_u8(buf, data->eap_type); 67 tls_connection_set_success_data(data->ssl.conn, buf); 68} 69 70 |
|
54static void * eap_tls_init(struct eap_sm *sm) 55{ 56 struct eap_tls_data *data; 57 58 data = os_zalloc(sizeof(*data)); 59 if (data == NULL) 60 return NULL; 61 data->state = START; 62 | 71static void * eap_tls_init(struct eap_sm *sm) 72{ 73 struct eap_tls_data *data; 74 75 data = os_zalloc(sizeof(*data)); 76 if (data == NULL) 77 return NULL; 78 data->state = START; 79 |
63 if (eap_server_tls_ssl_init(sm, &data->ssl, 1)) { | 80 if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) { |
64 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 65 eap_tls_reset(sm, data); 66 return NULL; 67 } 68 69 data->eap_type = EAP_TYPE_TLS; 70 71 return data; --- 5 unchanged lines hidden (view full) --- 77{ 78 struct eap_tls_data *data; 79 80 data = os_zalloc(sizeof(*data)); 81 if (data == NULL) 82 return NULL; 83 data->state = START; 84 | 81 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 82 eap_tls_reset(sm, data); 83 return NULL; 84 } 85 86 data->eap_type = EAP_TYPE_TLS; 87 88 return data; --- 5 unchanged lines hidden (view full) --- 94{ 95 struct eap_tls_data *data; 96 97 data = os_zalloc(sizeof(*data)); 98 if (data == NULL) 99 return NULL; 100 data->state = START; 101 |
85 if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) { | 102 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) { |
86 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 87 eap_tls_reset(sm, data); 88 return NULL; 89 } 90 91 data->eap_type = EAP_UNAUTH_TLS_TYPE; 92 return data; 93} --- 5 unchanged lines hidden (view full) --- 99{ 100 struct eap_tls_data *data; 101 102 data = os_zalloc(sizeof(*data)); 103 if (data == NULL) 104 return NULL; 105 data->state = START; 106 | 103 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 104 eap_tls_reset(sm, data); 105 return NULL; 106 } 107 108 data->eap_type = EAP_UNAUTH_TLS_TYPE; 109 return data; 110} --- 5 unchanged lines hidden (view full) --- 116{ 117 struct eap_tls_data *data; 118 119 data = os_zalloc(sizeof(*data)); 120 if (data == NULL) 121 return NULL; 122 data->state = START; 123 |
107 if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) { | 124 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, 125 EAP_WFA_UNAUTH_TLS_TYPE)) { |
108 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 109 eap_tls_reset(sm, data); 110 return NULL; 111 } 112 113 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE; 114 return data; 115} --- 62 unchanged lines hidden (view full) --- 178 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); 179 180check_established: 181 if (data->established && data->ssl.state != WAIT_FRAG_ACK) { 182 /* TLS handshake has been completed and there are no more 183 * fragments waiting to be sent out. */ 184 wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); 185 eap_tls_state(data, SUCCESS); | 126 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 127 eap_tls_reset(sm, data); 128 return NULL; 129 } 130 131 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE; 132 return data; 133} --- 62 unchanged lines hidden (view full) --- 196 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); 197 198check_established: 199 if (data->established && data->ssl.state != WAIT_FRAG_ACK) { 200 /* TLS handshake has been completed and there are no more 201 * fragments waiting to be sent out. */ 202 wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); 203 eap_tls_state(data, SUCCESS); |
204 eap_tls_valid_session(sm, data); |
|
186 } 187 188 return res; 189} 190 191 192static Boolean eap_tls_check(struct eap_sm *sm, void *priv, 193 struct wpabuf *respData) --- 35 unchanged lines hidden (view full) --- 229 eap_tls_state(data, FAILURE); 230} 231 232 233static void eap_tls_process(struct eap_sm *sm, void *priv, 234 struct wpabuf *respData) 235{ 236 struct eap_tls_data *data = priv; | 205 } 206 207 return res; 208} 209 210 211static Boolean eap_tls_check(struct eap_sm *sm, void *priv, 212 struct wpabuf *respData) --- 35 unchanged lines hidden (view full) --- 248 eap_tls_state(data, FAILURE); 249} 250 251 252static void eap_tls_process(struct eap_sm *sm, void *priv, 253 struct wpabuf *respData) 254{ 255 struct eap_tls_data *data = priv; |
256 const struct wpabuf *buf; 257 const u8 *pos; 258 |
|
237 if (eap_server_tls_process(sm, &data->ssl, respData, data, 238 data->eap_type, NULL, eap_tls_process_msg) < | 259 if (eap_server_tls_process(sm, &data->ssl, respData, data, 260 data->eap_type, NULL, eap_tls_process_msg) < |
239 0) | 261 0) { |
240 eap_tls_state(data, FAILURE); | 262 eap_tls_state(data, FAILURE); |
263 return; 264 } 265 266 if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || 267 !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 268 return; 269 270 buf = tls_connection_get_success_data(data->ssl.conn); 271 if (!buf || wpabuf_len(buf) < 1) { 272 wpa_printf(MSG_DEBUG, 273 "EAP-TLS: No success data in resumed session - reject attempt"); 274 eap_tls_state(data, FAILURE); 275 return; 276 } 277 278 pos = wpabuf_head(buf); 279 if (*pos != data->eap_type) { 280 wpa_printf(MSG_DEBUG, 281 "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt", 282 *pos); 283 eap_tls_state(data, FAILURE); 284 return; 285 } 286 287 wpa_printf(MSG_DEBUG, 288 "EAP-TLS: Resuming previous session"); 289 eap_tls_state(data, SUCCESS); 290 tls_connection_set_success_data_resumed(data->ssl.conn); |
|
241} 242 243 244static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) 245{ 246 struct eap_tls_data *data = priv; 247 return data->state == SUCCESS || data->state == FAILURE; 248} --- 164 unchanged lines hidden --- | 291} 292 293 294static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) 295{ 296 struct eap_tls_data *data = priv; 297 return data->state == SUCCESS || data->state == FAILURE; 298} --- 164 unchanged lines hidden --- |