29 static void eap_peap_reset(struct eap_sm *sm, void *priv);
103 static void eap_peap_valid_session(struct eap_sm *sm,
108 	if (!sm->tls_session_lifetime ||
109 	    tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
112 	buf = wpabuf_alloc(1 + 1 + sm->identity_len);
116 	if (sm->identity) {
119 		if (sm->identity_len <= 255)
120 			id_len = sm->identity_len;
124 		wpabuf_put_data(buf, sm->identity, id_len);
132 static void eap_peap_req_success(struct eap_sm *sm,
149 static void eap_peap_req_failure(struct eap_sm *sm,
167 static void * eap_peap_init(struct eap_sm *sm)
176 	if (sm->user && sm->user->force_version >= 0) {
177 		data->force_version = sm->user->force_version;
185 	if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_PEAP)) {
187 		eap_peap_reset(sm, data);
195 static void eap_peap_reset(struct eap_sm *sm, void *priv)
201 		data->phase2_method->reset(sm, data->phase2_priv);
202 	eap_server_tls_ssl_deinit(sm, &data->ssl);
210 static struct wpabuf * eap_peap_build_start(struct eap_sm *sm,
232 static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm,
244 	buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
260 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
268 static struct wpabuf * eap_peap_build_phase2_soh(struct eap_sm *sm,
299 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
323 static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
333 	tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption",
339 	if (tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
385 static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
433 		if (eap_peap_derive_cmk(sm, data) < 0 ||
470 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
477 static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm,
498 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
505 static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
521 		return eap_peap_build_start(sm, data, id);
524 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
534 		data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id);
540 		data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id);
546 		data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
551 		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
557 		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
571 static Boolean eap_peap_check(struct eap_sm *sm, void *priv,
587 static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data,
591 		data->phase2_method->reset(sm, data->phase2_priv);
599 	sm->init_phase2 = 1;
600 	data->phase2_priv = data->phase2_method->init(sm);
601 	sm->init_phase2 = 0;
606 static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
658 static void eap_peap_process_phase2_tlv(struct eap_sm *sm,
725 		if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
759 				eap_peap_valid_session(sm, data);
778 static void eap_peap_process_phase2_soh(struct eap_sm *sm,
900 	next_type = sm->user->methods[0].method;
901 	sm->user_eap_method_index = 1;
903 		   sm->user->methods[0].vendor, next_type);
904 	eap_peap_phase2_init(sm, data, sm->user->methods[0].vendor, next_type);
909 static void eap_peap_process_phase2_response(struct eap_sm *sm,
920 		eap_peap_process_phase2_tlv(sm, data, in_data);
926 		eap_peap_process_phase2_soh(sm, data, in_data);
944 		eap_sm_process_nak(sm, pos + 1, left - 1);
945 		if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
946 		    (sm->user->methods[sm->user_eap_method_index].vendor !=
948 		     sm->user->methods[sm->user_eap_method_index].method !=
950 			next_vendor = sm->user->methods[
951 				sm->user_eap_method_index].vendor;
952 			next_type = sm->user->methods[
953 				sm->user_eap_method_index++].method;
958 			eap_peap_req_failure(sm, data);
962 		eap_peap_phase2_init(sm, data, next_vendor, next_type);
966 	if (data->phase2_method->check(sm, data->phase2_priv, in_data)) {
972 	data->phase2_method->process(sm, data->phase2_priv, in_data);
974 	if (sm->method_pending == METHOD_PENDING_WAIT) {
981 	if (!data->phase2_method->isDone(sm, data->phase2_priv))
984 	if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) {
986 		eap_peap_req_failure(sm, data);
989 		eap_peap_phase2_init(sm, data, next_vendor, next_type);
996 			sm, data->phase2_priv, &data->phase2_key_len);
1000 			eap_peap_req_failure(sm, data);
1001 			eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF,
1011 		if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1015 					  sm->identity, sm->identity_len);
1016 			eap_peap_req_failure(sm, data);
1023 		if (data->state != PHASE2_SOH && sm->tnc &&
1035 		next_vendor = sm->user->methods[0].vendor;
1036 		next_type = sm->user->methods[0].method;
1037 		sm->user_eap_method_index = 1;
1042 		eap_peap_req_success(sm, data);
1054 	eap_peap_phase2_init(sm, data, next_vendor, next_type);
1058 static void eap_peap_process_phase2(struct eap_sm *sm,
1073 		eap_peap_process_phase2_response(sm, data,
1080 	in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1121 		eap_peap_req_failure(sm, data);
1131 		eap_peap_req_failure(sm, data);
1139 		eap_peap_process_phase2_response(sm, data, in_decrypted);
1145 			eap_peap_valid_session(sm, data);
1162 static int eap_peap_process_version(struct eap_sm *sm, void *priv,
1185 static void eap_peap_process_msg(struct eap_sm *sm, void *priv,
1192 		if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
1199 		eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF,
1207 		eap_peap_process_phase2(sm, data, respData, data->ssl.tls_in);
1211 		eap_peap_valid_session(sm, data);
1224 static void eap_peap_process(struct eap_sm *sm, void *priv,
1232 	if (eap_server_tls_process(sm, &data->ssl, respData, data,
1240 	    !tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
1241 	    !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
1265 	os_free(sm->identity);
1266 	sm->identity = os_malloc(id_len ? id_len : 1);
1267 	if (!sm->identity) {
1268 		sm->identity_len = 0;
1273 	os_memcpy(sm->identity, pos, id_len);
1274 	sm->identity_len = id_len;
1276 	if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1278 				  sm->identity, sm->identity_len);
1285 	eap_peap_req_success(sm, data);
1291 static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv)
1298 static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
1335 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1351 static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1365 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1385 static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv)
1392 static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1399 	return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_PEAP,

Indexes created Sun Jun 16 09:41:23 MDT 2024