1214501Srpaulo/* 2214501Srpaulo * hostapd / EAP-TLS (RFC 2716) 3214501Srpaulo * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4214501Srpaulo * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7214501Srpaulo */ 8214501Srpaulo 9214501Srpaulo#include "includes.h" 10214501Srpaulo 11214501Srpaulo#include "common.h" 12214501Srpaulo#include "eap_i.h" 13214501Srpaulo#include "eap_tls_common.h" 14214501Srpaulo#include "crypto/tls.h" 15214501Srpaulo 16214501Srpaulo 17214501Srpaulostatic void eap_tls_reset(struct eap_sm *sm, void *priv); 18214501Srpaulo 19214501Srpaulo 20214501Srpaulostruct eap_tls_data { 21214501Srpaulo struct eap_ssl_data ssl; 22214501Srpaulo enum { START, CONTINUE, SUCCESS, FAILURE } state; 23214501Srpaulo int established; 24252726Srpaulo u8 eap_type; 25346981Scy int phase2; 26214501Srpaulo}; 27214501Srpaulo 28214501Srpaulo 29214501Srpaulostatic const char * eap_tls_state_txt(int state) 30214501Srpaulo{ 31214501Srpaulo switch (state) { 32214501Srpaulo case START: 33214501Srpaulo return "START"; 34214501Srpaulo case CONTINUE: 35214501Srpaulo return "CONTINUE"; 36214501Srpaulo case SUCCESS: 37214501Srpaulo return "SUCCESS"; 38214501Srpaulo case FAILURE: 39214501Srpaulo return "FAILURE"; 40214501Srpaulo default: 41214501Srpaulo return "Unknown?!"; 42214501Srpaulo } 43214501Srpaulo} 44214501Srpaulo 45214501Srpaulo 46214501Srpaulostatic void eap_tls_state(struct eap_tls_data *data, int state) 47214501Srpaulo{ 48214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s", 49214501Srpaulo eap_tls_state_txt(data->state), 50214501Srpaulo eap_tls_state_txt(state)); 51214501Srpaulo data->state = state; 52289549Srpaulo if (state == FAILURE) 53289549Srpaulo tls_connection_remove_session(data->ssl.conn); 54214501Srpaulo} 55214501Srpaulo 56214501Srpaulo 57289549Srpaulostatic void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data) 58289549Srpaulo{ 59289549Srpaulo struct wpabuf *buf; 60289549Srpaulo 61289549Srpaulo if (!sm->tls_session_lifetime) 62289549Srpaulo return; 63289549Srpaulo 64289549Srpaulo buf = wpabuf_alloc(1); 65289549Srpaulo if (!buf) 66289549Srpaulo return; 67289549Srpaulo wpabuf_put_u8(buf, data->eap_type); 68289549Srpaulo tls_connection_set_success_data(data->ssl.conn, buf); 69289549Srpaulo} 70289549Srpaulo 71289549Srpaulo 72214501Srpaulostatic void * eap_tls_init(struct eap_sm *sm) 73214501Srpaulo{ 74214501Srpaulo struct eap_tls_data *data; 75214501Srpaulo 76214501Srpaulo data = os_zalloc(sizeof(*data)); 77214501Srpaulo if (data == NULL) 78214501Srpaulo return NULL; 79214501Srpaulo data->state = START; 80214501Srpaulo 81289549Srpaulo if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) { 82214501Srpaulo wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 83214501Srpaulo eap_tls_reset(sm, data); 84214501Srpaulo return NULL; 85214501Srpaulo } 86214501Srpaulo 87252726Srpaulo data->eap_type = EAP_TYPE_TLS; 88252726Srpaulo 89346981Scy data->phase2 = sm->init_phase2; 90346981Scy 91214501Srpaulo return data; 92214501Srpaulo} 93214501Srpaulo 94214501Srpaulo 95252726Srpaulo#ifdef EAP_SERVER_UNAUTH_TLS 96252726Srpaulostatic void * eap_unauth_tls_init(struct eap_sm *sm) 97252726Srpaulo{ 98252726Srpaulo struct eap_tls_data *data; 99252726Srpaulo 100252726Srpaulo data = os_zalloc(sizeof(*data)); 101252726Srpaulo if (data == NULL) 102252726Srpaulo return NULL; 103252726Srpaulo data->state = START; 104252726Srpaulo 105289549Srpaulo if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) { 106252726Srpaulo wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 107252726Srpaulo eap_tls_reset(sm, data); 108252726Srpaulo return NULL; 109252726Srpaulo } 110252726Srpaulo 111252726Srpaulo data->eap_type = EAP_UNAUTH_TLS_TYPE; 112252726Srpaulo return data; 113252726Srpaulo} 114252726Srpaulo#endif /* EAP_SERVER_UNAUTH_TLS */ 115252726Srpaulo 116252726Srpaulo 117281806Srpaulo#ifdef CONFIG_HS20 118281806Srpaulostatic void * eap_wfa_unauth_tls_init(struct eap_sm *sm) 119281806Srpaulo{ 120281806Srpaulo struct eap_tls_data *data; 121281806Srpaulo 122281806Srpaulo data = os_zalloc(sizeof(*data)); 123281806Srpaulo if (data == NULL) 124281806Srpaulo return NULL; 125281806Srpaulo data->state = START; 126281806Srpaulo 127289549Srpaulo if (eap_server_tls_ssl_init(sm, &data->ssl, 0, 128289549Srpaulo EAP_WFA_UNAUTH_TLS_TYPE)) { 129281806Srpaulo wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 130281806Srpaulo eap_tls_reset(sm, data); 131281806Srpaulo return NULL; 132281806Srpaulo } 133281806Srpaulo 134281806Srpaulo data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE; 135281806Srpaulo return data; 136281806Srpaulo} 137281806Srpaulo#endif /* CONFIG_HS20 */ 138281806Srpaulo 139281806Srpaulo 140214501Srpaulostatic void eap_tls_reset(struct eap_sm *sm, void *priv) 141214501Srpaulo{ 142214501Srpaulo struct eap_tls_data *data = priv; 143214501Srpaulo if (data == NULL) 144214501Srpaulo return; 145214501Srpaulo eap_server_tls_ssl_deinit(sm, &data->ssl); 146214501Srpaulo os_free(data); 147214501Srpaulo} 148214501Srpaulo 149214501Srpaulo 150214501Srpaulostatic struct wpabuf * eap_tls_build_start(struct eap_sm *sm, 151214501Srpaulo struct eap_tls_data *data, u8 id) 152214501Srpaulo{ 153214501Srpaulo struct wpabuf *req; 154214501Srpaulo 155252726Srpaulo req = eap_tls_msg_alloc(data->eap_type, 1, EAP_CODE_REQUEST, id); 156214501Srpaulo if (req == NULL) { 157214501Srpaulo wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for " 158214501Srpaulo "request"); 159214501Srpaulo eap_tls_state(data, FAILURE); 160214501Srpaulo return NULL; 161214501Srpaulo } 162214501Srpaulo 163214501Srpaulo wpabuf_put_u8(req, EAP_TLS_FLAGS_START); 164214501Srpaulo 165214501Srpaulo eap_tls_state(data, CONTINUE); 166214501Srpaulo 167214501Srpaulo return req; 168214501Srpaulo} 169214501Srpaulo 170214501Srpaulo 171214501Srpaulostatic struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id) 172214501Srpaulo{ 173214501Srpaulo struct eap_tls_data *data = priv; 174214501Srpaulo struct wpabuf *res; 175214501Srpaulo 176214501Srpaulo if (data->ssl.state == FRAG_ACK) { 177252726Srpaulo return eap_server_tls_build_ack(id, data->eap_type, 0); 178214501Srpaulo } 179214501Srpaulo 180214501Srpaulo if (data->ssl.state == WAIT_FRAG_ACK) { 181252726Srpaulo res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, 182214501Srpaulo id); 183214501Srpaulo goto check_established; 184214501Srpaulo } 185214501Srpaulo 186214501Srpaulo switch (data->state) { 187214501Srpaulo case START: 188214501Srpaulo return eap_tls_build_start(sm, data, id); 189214501Srpaulo case CONTINUE: 190214501Srpaulo if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) 191214501Srpaulo data->established = 1; 192214501Srpaulo break; 193214501Srpaulo default: 194214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", 195214501Srpaulo __func__, data->state); 196214501Srpaulo return NULL; 197214501Srpaulo } 198214501Srpaulo 199252726Srpaulo res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); 200214501Srpaulo 201214501Srpaulocheck_established: 202214501Srpaulo if (data->established && data->ssl.state != WAIT_FRAG_ACK) { 203214501Srpaulo /* TLS handshake has been completed and there are no more 204214501Srpaulo * fragments waiting to be sent out. */ 205214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); 206214501Srpaulo eap_tls_state(data, SUCCESS); 207289549Srpaulo eap_tls_valid_session(sm, data); 208346981Scy if (sm->serial_num) { 209346981Scy char user[128]; 210346981Scy int user_len; 211346981Scy 212346981Scy user_len = os_snprintf(user, sizeof(user), "cert-%s", 213346981Scy sm->serial_num); 214346981Scy if (eap_user_get(sm, (const u8 *) user, user_len, 215346981Scy data->phase2) < 0) 216346981Scy wpa_printf(MSG_DEBUG, 217346981Scy "EAP-TLS: No user entry found based on the serial number of the client certificate "); 218346981Scy else 219346981Scy wpa_printf(MSG_DEBUG, 220346981Scy "EAP-TLS: Updated user entry based on the serial number of the client certificate "); 221346981Scy } 222214501Srpaulo } 223214501Srpaulo 224214501Srpaulo return res; 225214501Srpaulo} 226214501Srpaulo 227214501Srpaulo 228214501Srpaulostatic Boolean eap_tls_check(struct eap_sm *sm, void *priv, 229214501Srpaulo struct wpabuf *respData) 230214501Srpaulo{ 231252726Srpaulo struct eap_tls_data *data = priv; 232214501Srpaulo const u8 *pos; 233214501Srpaulo size_t len; 234214501Srpaulo 235252726Srpaulo if (data->eap_type == EAP_UNAUTH_TLS_TYPE) 236252726Srpaulo pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, 237252726Srpaulo EAP_VENDOR_TYPE_UNAUTH_TLS, respData, 238252726Srpaulo &len); 239281806Srpaulo else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE) 240281806Srpaulo pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW, 241281806Srpaulo EAP_VENDOR_WFA_UNAUTH_TLS, respData, 242281806Srpaulo &len); 243252726Srpaulo else 244252726Srpaulo pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type, 245252726Srpaulo respData, &len); 246214501Srpaulo if (pos == NULL || len < 1) { 247214501Srpaulo wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame"); 248214501Srpaulo return TRUE; 249214501Srpaulo } 250214501Srpaulo 251214501Srpaulo return FALSE; 252214501Srpaulo} 253214501Srpaulo 254214501Srpaulo 255214501Srpaulostatic void eap_tls_process_msg(struct eap_sm *sm, void *priv, 256214501Srpaulo const struct wpabuf *respData) 257214501Srpaulo{ 258214501Srpaulo struct eap_tls_data *data = priv; 259214501Srpaulo if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) { 260214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS " 261214501Srpaulo "handshake message"); 262214501Srpaulo return; 263214501Srpaulo } 264351611Scy if (eap_server_tls_phase1(sm, &data->ssl) < 0) { 265214501Srpaulo eap_tls_state(data, FAILURE); 266351611Scy return; 267351611Scy } 268351611Scy 269351611Scy if (data->ssl.tls_v13 && 270351611Scy tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 271351611Scy struct wpabuf *plain, *encr; 272351611Scy 273351611Scy wpa_printf(MSG_DEBUG, 274351611Scy "EAP-TLS: Send empty application data to indicate end of exchange"); 275351611Scy /* FIX: This should be an empty application data based on 276351611Scy * draft-ietf-emu-eap-tls13-05, but OpenSSL does not allow zero 277351611Scy * length payload (SSL_write() documentation explicitly 278351611Scy * describes this as not allowed), so work around that for now 279351611Scy * by sending out a payload of one octet. Hopefully the draft 280351611Scy * specification will change to allow this so that no crypto 281351611Scy * library changes are needed. */ 282351611Scy plain = wpabuf_alloc(1); 283351611Scy if (!plain) 284351611Scy return; 285351611Scy wpabuf_put_u8(plain, 0); 286351611Scy encr = eap_server_tls_encrypt(sm, &data->ssl, plain); 287351611Scy wpabuf_free(plain); 288351611Scy if (!encr) 289351611Scy return; 290351611Scy if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) { 291351611Scy wpa_printf(MSG_INFO, 292351611Scy "EAP-TLS: Failed to resize output buffer"); 293351611Scy wpabuf_free(encr); 294351611Scy return; 295351611Scy } 296351611Scy wpabuf_put_buf(data->ssl.tls_out, encr); 297351611Scy wpa_hexdump_buf(MSG_DEBUG, 298351611Scy "EAP-TLS: Data appended to the message", encr); 299351611Scy wpabuf_free(encr); 300351611Scy } 301214501Srpaulo} 302214501Srpaulo 303214501Srpaulo 304214501Srpaulostatic void eap_tls_process(struct eap_sm *sm, void *priv, 305214501Srpaulo struct wpabuf *respData) 306214501Srpaulo{ 307214501Srpaulo struct eap_tls_data *data = priv; 308289549Srpaulo const struct wpabuf *buf; 309289549Srpaulo const u8 *pos; 310289549Srpaulo 311214501Srpaulo if (eap_server_tls_process(sm, &data->ssl, respData, data, 312252726Srpaulo data->eap_type, NULL, eap_tls_process_msg) < 313289549Srpaulo 0) { 314214501Srpaulo eap_tls_state(data, FAILURE); 315289549Srpaulo return; 316289549Srpaulo } 317289549Srpaulo 318289549Srpaulo if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || 319289549Srpaulo !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 320289549Srpaulo return; 321289549Srpaulo 322289549Srpaulo buf = tls_connection_get_success_data(data->ssl.conn); 323289549Srpaulo if (!buf || wpabuf_len(buf) < 1) { 324289549Srpaulo wpa_printf(MSG_DEBUG, 325289549Srpaulo "EAP-TLS: No success data in resumed session - reject attempt"); 326289549Srpaulo eap_tls_state(data, FAILURE); 327289549Srpaulo return; 328289549Srpaulo } 329289549Srpaulo 330289549Srpaulo pos = wpabuf_head(buf); 331289549Srpaulo if (*pos != data->eap_type) { 332289549Srpaulo wpa_printf(MSG_DEBUG, 333289549Srpaulo "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt", 334289549Srpaulo *pos); 335289549Srpaulo eap_tls_state(data, FAILURE); 336289549Srpaulo return; 337289549Srpaulo } 338289549Srpaulo 339289549Srpaulo wpa_printf(MSG_DEBUG, 340289549Srpaulo "EAP-TLS: Resuming previous session"); 341289549Srpaulo eap_tls_state(data, SUCCESS); 342289549Srpaulo tls_connection_set_success_data_resumed(data->ssl.conn); 343346981Scy /* TODO: Cache serial number with session and update EAP user 344346981Scy * information based on the cached serial number */ 345214501Srpaulo} 346214501Srpaulo 347214501Srpaulo 348214501Srpaulostatic Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) 349214501Srpaulo{ 350214501Srpaulo struct eap_tls_data *data = priv; 351214501Srpaulo return data->state == SUCCESS || data->state == FAILURE; 352214501Srpaulo} 353214501Srpaulo 354214501Srpaulo 355214501Srpaulostatic u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) 356214501Srpaulo{ 357214501Srpaulo struct eap_tls_data *data = priv; 358214501Srpaulo u8 *eapKeyData; 359346981Scy const char *label; 360351611Scy const u8 eap_tls13_context[] = { EAP_TYPE_TLS }; 361351611Scy const u8 *context = NULL; 362351611Scy size_t context_len = 0; 363214501Srpaulo 364214501Srpaulo if (data->state != SUCCESS) 365214501Srpaulo return NULL; 366214501Srpaulo 367351611Scy if (data->ssl.tls_v13) { 368346981Scy label = "EXPORTER_EAP_TLS_Key_Material"; 369351611Scy context = eap_tls13_context; 370351611Scy context_len = 1; 371351611Scy } else { 372346981Scy label = "client EAP encryption"; 373351611Scy } 374346981Scy eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label, 375351611Scy context, context_len, 376346981Scy EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 377214501Srpaulo if (eapKeyData) { 378214501Srpaulo *len = EAP_TLS_KEY_LEN; 379214501Srpaulo wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key", 380214501Srpaulo eapKeyData, EAP_TLS_KEY_LEN); 381346981Scy os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN); 382214501Srpaulo } else { 383214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key"); 384214501Srpaulo } 385214501Srpaulo 386214501Srpaulo return eapKeyData; 387214501Srpaulo} 388214501Srpaulo 389214501Srpaulo 390214501Srpaulostatic u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 391214501Srpaulo{ 392214501Srpaulo struct eap_tls_data *data = priv; 393214501Srpaulo u8 *eapKeyData, *emsk; 394346981Scy const char *label; 395351611Scy const u8 eap_tls13_context[] = { EAP_TYPE_TLS }; 396351611Scy const u8 *context = NULL; 397351611Scy size_t context_len = 0; 398214501Srpaulo 399214501Srpaulo if (data->state != SUCCESS) 400214501Srpaulo return NULL; 401214501Srpaulo 402351611Scy if (data->ssl.tls_v13) { 403346981Scy label = "EXPORTER_EAP_TLS_Key_Material"; 404351611Scy context = eap_tls13_context; 405351611Scy context_len = 1; 406351611Scy } else { 407346981Scy label = "client EAP encryption"; 408351611Scy } 409346981Scy eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label, 410351611Scy context, context_len, 411214501Srpaulo EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 412214501Srpaulo if (eapKeyData) { 413214501Srpaulo emsk = os_malloc(EAP_EMSK_LEN); 414214501Srpaulo if (emsk) 415214501Srpaulo os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, 416214501Srpaulo EAP_EMSK_LEN); 417281806Srpaulo bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 418214501Srpaulo } else 419214501Srpaulo emsk = NULL; 420214501Srpaulo 421214501Srpaulo if (emsk) { 422214501Srpaulo *len = EAP_EMSK_LEN; 423214501Srpaulo wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK", 424214501Srpaulo emsk, EAP_EMSK_LEN); 425214501Srpaulo } else { 426214501Srpaulo wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK"); 427214501Srpaulo } 428214501Srpaulo 429214501Srpaulo return emsk; 430214501Srpaulo} 431214501Srpaulo 432214501Srpaulo 433214501Srpaulostatic Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv) 434214501Srpaulo{ 435214501Srpaulo struct eap_tls_data *data = priv; 436214501Srpaulo return data->state == SUCCESS; 437214501Srpaulo} 438214501Srpaulo 439214501Srpaulo 440281806Srpaulostatic u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 441281806Srpaulo{ 442281806Srpaulo struct eap_tls_data *data = priv; 443281806Srpaulo 444281806Srpaulo if (data->state != SUCCESS) 445281806Srpaulo return NULL; 446281806Srpaulo 447281806Srpaulo return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TLS, 448281806Srpaulo len); 449281806Srpaulo} 450281806Srpaulo 451281806Srpaulo 452214501Srpauloint eap_server_tls_register(void) 453214501Srpaulo{ 454214501Srpaulo struct eap_method *eap; 455214501Srpaulo 456214501Srpaulo eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 457214501Srpaulo EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS"); 458214501Srpaulo if (eap == NULL) 459214501Srpaulo return -1; 460214501Srpaulo 461214501Srpaulo eap->init = eap_tls_init; 462214501Srpaulo eap->reset = eap_tls_reset; 463214501Srpaulo eap->buildReq = eap_tls_buildReq; 464214501Srpaulo eap->check = eap_tls_check; 465214501Srpaulo eap->process = eap_tls_process; 466214501Srpaulo eap->isDone = eap_tls_isDone; 467214501Srpaulo eap->getKey = eap_tls_getKey; 468214501Srpaulo eap->isSuccess = eap_tls_isSuccess; 469214501Srpaulo eap->get_emsk = eap_tls_get_emsk; 470281806Srpaulo eap->getSessionId = eap_tls_get_session_id; 471214501Srpaulo 472337817Scy return eap_server_method_register(eap); 473214501Srpaulo} 474252726Srpaulo 475252726Srpaulo 476252726Srpaulo#ifdef EAP_SERVER_UNAUTH_TLS 477252726Srpauloint eap_server_unauth_tls_register(void) 478252726Srpaulo{ 479252726Srpaulo struct eap_method *eap; 480252726Srpaulo 481252726Srpaulo eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 482252726Srpaulo EAP_VENDOR_UNAUTH_TLS, 483252726Srpaulo EAP_VENDOR_TYPE_UNAUTH_TLS, 484252726Srpaulo "UNAUTH-TLS"); 485252726Srpaulo if (eap == NULL) 486252726Srpaulo return -1; 487252726Srpaulo 488252726Srpaulo eap->init = eap_unauth_tls_init; 489252726Srpaulo eap->reset = eap_tls_reset; 490252726Srpaulo eap->buildReq = eap_tls_buildReq; 491252726Srpaulo eap->check = eap_tls_check; 492252726Srpaulo eap->process = eap_tls_process; 493252726Srpaulo eap->isDone = eap_tls_isDone; 494252726Srpaulo eap->getKey = eap_tls_getKey; 495252726Srpaulo eap->isSuccess = eap_tls_isSuccess; 496252726Srpaulo eap->get_emsk = eap_tls_get_emsk; 497252726Srpaulo 498337817Scy return eap_server_method_register(eap); 499252726Srpaulo} 500252726Srpaulo#endif /* EAP_SERVER_UNAUTH_TLS */ 501281806Srpaulo 502281806Srpaulo 503281806Srpaulo#ifdef CONFIG_HS20 504281806Srpauloint eap_server_wfa_unauth_tls_register(void) 505281806Srpaulo{ 506281806Srpaulo struct eap_method *eap; 507281806Srpaulo 508281806Srpaulo eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 509281806Srpaulo EAP_VENDOR_WFA_NEW, 510281806Srpaulo EAP_VENDOR_WFA_UNAUTH_TLS, 511281806Srpaulo "WFA-UNAUTH-TLS"); 512281806Srpaulo if (eap == NULL) 513281806Srpaulo return -1; 514281806Srpaulo 515281806Srpaulo eap->init = eap_wfa_unauth_tls_init; 516281806Srpaulo eap->reset = eap_tls_reset; 517281806Srpaulo eap->buildReq = eap_tls_buildReq; 518281806Srpaulo eap->check = eap_tls_check; 519281806Srpaulo eap->process = eap_tls_process; 520281806Srpaulo eap->isDone = eap_tls_isDone; 521281806Srpaulo eap->getKey = eap_tls_getKey; 522281806Srpaulo eap->isSuccess = eap_tls_isSuccess; 523281806Srpaulo eap->get_emsk = eap_tls_get_emsk; 524281806Srpaulo 525337817Scy return eap_server_method_register(eap); 526281806Srpaulo} 527281806Srpaulo#endif /* CONFIG_HS20 */ 528