20 static void eap_teap_reset(struct eap_sm *sm, void *priv);
76 static int eap_teap_process_phase2_start(struct eap_sm *sm,
282 static int eap_teap_derive_key_auth(struct eap_sm *sm,
288 	res = tls_connection_export_key(sm->ssl_ctx, data->ssl.conn,
302 static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data)
311 	if (sm->eap_teap_auth == 1)
321 		msk = data->phase2_method->getKey(sm, data->phase2_priv,
331 		emsk = data->phase2_method->get_emsk(sm, data->phase2_priv,
350 static void * eap_teap_init(struct eap_sm *sm)
360 	if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TEAP)) {
362 		eap_teap_reset(sm, data);
369 	if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
374 		eap_teap_reset(sm, data);
378 	if (!sm->pac_opaque_encr_key) {
381 		eap_teap_reset(sm, data);
384 	os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
387 	if (!sm->eap_fast_a_id) {
389 		eap_teap_reset(sm, data);
392 	data->srv_id = os_malloc(sm->eap_fast_a_id_len);
394 		eap_teap_reset(sm, data);
397 	os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
398 	data->srv_id_len = sm->eap_fast_a_id_len;
400 	if (!sm->eap_fast_a_id_info) {
402 		eap_teap_reset(sm, data);
405 	data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
407 		eap_teap_reset(sm, data);
412 	data->pac_key_lifetime = sm->pac_key_lifetime;
419 	data->pac_key_refresh_time = sm->pac_key_refresh_time;
425 static void eap_teap_reset(struct eap_sm *sm, void *priv)
432 		data->phase2_method->reset(sm, data->phase2_priv);
433 	eap_server_tls_ssl_deinit(sm, &data->ssl);
449 static struct wpabuf * eap_teap_build_start(struct eap_sm *sm,
489 static int eap_teap_phase1_done(struct eap_sm *sm, struct eap_teap_data *data)
499 	if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
511 	if (eap_teap_derive_key_auth(sm, data) < 0) {
522 static struct wpabuf * eap_teap_build_phase2_req(struct eap_sm *sm,
528 	if (sm->eap_teap_auth == 1) {
544 	req = data->phase2_method->buildReq(sm, data->phase2_priv, id);
554 	struct eap_sm *sm, struct eap_teap_data *data)
649 static struct wpabuf * eap_teap_build_pac(struct eap_sm *sm,
671 		(2 + sm->identity_len) + 8;
691 	if (sm->identity) {
693 				  sm->identity, sm->identity_len);
695 		*pos++ = sm->identity_len;
696 		os_memcpy(pos, sm->identity, sm->identity_len);
697 		pos += sm->identity_len;
765 	if (sm->identity) {
766 		eap_teap_put_tlv(buf, PAC_TYPE_I_ID, sm->identity,
767 				 sm->identity_len);
787 static int eap_teap_encrypt_phase2(struct eap_sm *sm,
795 	encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
825 static struct wpabuf * eap_teap_buildReq(struct eap_sm *sm, void *priv, u8 id)
843 		return eap_teap_build_start(sm, data, id);
845 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
846 			if (eap_teap_phase1_done(sm, data) < 0)
858 				res = eap_teap_process_phase2_start(sm, data);
861 						sm, data);
868 				req = eap_teap_build_phase2_req(sm, data, id);
876 		req = eap_teap_build_phase2_req(sm, data, id);
879 		req = eap_teap_build_crypto_binding(sm, data);
888 			eap = eap_teap_build_phase2_req(sm, data, id);
894 		req = eap_teap_build_pac(sm, data);
908 	if (req && eap_teap_encrypt_phase2(sm, data, req, piggyback) < 0)
916 static Boolean eap_teap_check(struct eap_sm *sm, void *priv,
932 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
936 		data->phase2_method->reset(sm, data->phase2_priv);
945 	sm->init_phase2 = 1;
946 	data->phase2_priv = data->phase2_method->init(sm);
947 	sm->init_phase2 = 0;
953 static void eap_teap_process_phase2_response(struct eap_sm *sm,
986 			eap_teap_phase2_init(sm, data, next_type);
990 		eap_sm_process_nak(sm, pos + 1, left - 1);
991 		if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
992 		    sm->user->methods[sm->user_eap_method_index].method !=
994 			next_type = sm->user->methods[
995 				sm->user_eap_method_index++].method;
1001 		eap_teap_phase2_init(sm, data, next_type);
1007 	if (m->check(sm, priv, &buf)) {
1014 	m->process(sm, priv, &buf);
1016 	if (!m->isDone(sm, priv))
1019 	if (!m->isSuccess(sm, priv)) {
1022 		eap_teap_phase2_init(sm, data, next_type);
1028 		if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1031 					  sm->identity, sm->identity_len);
1043 			sm->user_eap_method_index = 0;
1045 			next_type = sm->user->methods[0].method;
1046 			sm->user_eap_method_index = 1;
1052 		eap_teap_update_icmk(sm, data);
1057 		if (sm->tnc && !data->tnc_started) {
1072 	eap_teap_phase2_init(sm, data, next_type);
1076 static void eap_teap_process_phase2_eap(struct eap_sm *sm,
1105 		eap_teap_process_phase2_response(sm, data, (u8 *) hdr, len);
1116 static void eap_teap_process_basic_auth_resp(struct eap_sm *sm,
1172 	if (eap_user_get(sm, username, userlen, 1) != 0) {
1179 	if (!sm->user || !sm->user->password || sm->user->password_hash) {
1186 	if (sm->user->password_len != passlen ||
1187 	    os_memcmp_const(sm->user->password, password, passlen) != 0) {
1196 		os_free(sm->identity);
1197 		sm->identity = new_id;
1198 		sm->identity_len = userlen;
1201 	eap_teap_update_icmk(sm, data);
1376 static void eap_teap_process_phase2_tlvs(struct eap_sm *sm,
1469 		    sm->eap_fast_prov != ANON_PROV &&
1470 		    sm->eap_fast_prov != BOTH_PROV) {
1477 		if (sm->eap_fast_prov != AUTH_PROV &&
1478 		    sm->eap_fast_prov != BOTH_PROV &&
1504 		if (sm->eap_teap_auth != 1) {
1510 		eap_teap_process_basic_auth_resp(sm, data, tlv.basic_auth_resp,
1515 		if (sm->eap_teap_auth == 1) {
1521 		eap_teap_process_phase2_eap(sm, data, tlv.eap_payload_tlv,
1527 static void eap_teap_process_phase2(struct eap_sm *sm,
1540 		eap_teap_process_phase2_tlvs(sm, data,
1547 	in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1559 	eap_teap_process_phase2_tlvs(sm, data, in_decrypted);
1561 	if (sm->method_pending == METHOD_PENDING_WAIT) {
1573 static int eap_teap_process_version(struct eap_sm *sm, void *priv,
1599 static int eap_teap_process_phase1(struct eap_sm *sm,
1602 	if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
1608 	if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
1618 	return eap_teap_phase1_done(sm, data);
1622 static int eap_teap_process_phase2_start(struct eap_sm *sm,
1629 		os_free(sm->identity);
1630 		sm->identity = data->identity;
1632 		sm->identity_len = data->identity_len;
1634 		if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1637 					  sm->identity, sm->identity_len);
1640 		} else if (sm->eap_teap_pac_no_inner) {
1650 		} else if (sm->eap_teap_auth == 1) {
1656 			next_type = sm->user->methods[0].method;
1657 			sm->user_eap_method_index = 1;
1661 	} else if (sm->eap_teap_auth == 1) {
1669 	return eap_teap_phase2_init(sm, data, next_type);
1673 static void eap_teap_process_msg(struct eap_sm *sm, void *priv,
1681 		if (eap_teap_process_phase1(sm, data))
1686 		eap_teap_process_phase2_start(sm, data);
1693 		eap_teap_process_phase2(sm, data, data->ssl.tls_in);
1710 static void eap_teap_process(struct eap_sm *sm, void *priv,
1824 	if (eap_server_tls_process(sm, &data->ssl, resp, data,
1834 static Boolean eap_teap_isDone(struct eap_sm *sm, void *priv)
1842 static u8 * eap_teap_getKey(struct eap_sm *sm, void *priv, size_t *len)
1866 static u8 * eap_teap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1890 static Boolean eap_teap_isSuccess(struct eap_sm *sm, void *priv)
1898 static u8 * eap_teap_get_session_id(struct eap_sm *sm, void *priv, size_t *len)

Indexes created Fri Jun 14 05:58:36 MDT 2024