29 static void eap_peap_reset(struct eap_sm *sm, void *priv);
59 static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data,
107 static void eap_peap_valid_session(struct eap_sm *sm,  in eap_peap_valid_session()  argument
112 	if (!sm->cfg->tls_session_lifetime ||  in eap_peap_valid_session()
113 	    tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))  in eap_peap_valid_session()
116 	buf = wpabuf_alloc(1 + 1 + sm->identity_len);  in eap_peap_valid_session()
120 	if (sm->identity) {  in eap_peap_valid_session()
123 		if (sm->identity_len <= 255)  in eap_peap_valid_session()
124 			id_len = sm->identity_len;  in eap_peap_valid_session()
128 		wpabuf_put_data(buf, sm->identity, id_len);  in eap_peap_valid_session()
136 static void eap_peap_req_success(struct eap_sm *sm,  in eap_peap_req_success()  argument
153 static void eap_peap_req_failure(struct eap_sm *sm,  in eap_peap_req_failure()  argument
171 static void * eap_peap_init(struct eap_sm *sm)  in eap_peap_init()  argument
180 	if (sm->user && sm->user->force_version >= 0) {  in eap_peap_init()
181 		data->force_version = sm->user->force_version;  in eap_peap_init()
189 	if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_PEAP)) {  in eap_peap_init()
191 		eap_peap_reset(sm, data);  in eap_peap_init()
199 static void eap_peap_reset(struct eap_sm *sm, void *priv)  in eap_peap_reset()  argument
205 		data->phase2_method->reset(sm, data->phase2_priv);  in eap_peap_reset()
206 	eap_server_tls_ssl_deinit(sm, &data->ssl);  in eap_peap_reset()
214 static struct wpabuf * eap_peap_build_start(struct eap_sm *sm,  in eap_peap_build_start()  argument
236 static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm,  in eap_peap_build_phase2_req()  argument
248 	buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);  in eap_peap_build_phase2_req()
264 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);  in eap_peap_build_phase2_req()
272 static struct wpabuf * eap_peap_build_phase2_soh(struct eap_sm *sm,  in eap_peap_build_phase2_soh()  argument
303 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);  in eap_peap_build_phase2_soh()
327 static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)  in eap_peap_derive_cmk()  argument
350 	tk = eap_server_tls_derive_key(sm, &data->ssl, label,  in eap_peap_derive_cmk()
357 	if (tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) {  in eap_peap_derive_cmk()
403 static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,  in eap_peap_build_phase2_tlv()  argument
451 		if (eap_peap_derive_cmk(sm, data) < 0 ||  in eap_peap_build_phase2_tlv()
488 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);  in eap_peap_build_phase2_tlv()
495 static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm,  in eap_peap_build_phase2_term()  argument
516 	encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);  in eap_peap_build_phase2_term()
520 	    !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) {  in eap_peap_build_phase2_term()
541 static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)  in eap_peap_buildReq()  argument
557 		return eap_peap_build_start(sm, data, id);  in eap_peap_buildReq()
560 		if (tls_connection_established(sm->cfg->ssl_ctx,  in eap_peap_buildReq()
574 				eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF,  in eap_peap_buildReq()
585 		data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id);  in eap_peap_buildReq()
591 		data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id);  in eap_peap_buildReq()
597 		data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);  in eap_peap_buildReq()
600 		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,  in eap_peap_buildReq()
606 		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,  in eap_peap_buildReq()
620 static bool eap_peap_check(struct eap_sm *sm, void *priv,  in eap_peap_check()  argument
636 static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data,  in eap_peap_phase2_init()  argument
640 		data->phase2_method->reset(sm, data->phase2_priv);  in eap_peap_phase2_init()
648 	sm->init_phase2 = 1;  in eap_peap_phase2_init()
649 	data->phase2_priv = data->phase2_method->init(sm);  in eap_peap_phase2_init()
650 	sm->init_phase2 = 0;  in eap_peap_phase2_init()
655 static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,  in eap_tlv_validate_cryptobinding()  argument
707 static void eap_peap_process_phase2_tlv(struct eap_sm *sm,  in eap_peap_process_phase2_tlv()  argument
774 		if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,  in eap_peap_process_phase2_tlv()
808 				eap_peap_valid_session(sm, data);  in eap_peap_process_phase2_tlv()
827 static void eap_peap_process_phase2_soh(struct eap_sm *sm,  in eap_peap_process_phase2_soh()  argument
949 	next_type = sm->user->methods[0].method;  in eap_peap_process_phase2_soh()
950 	sm->user_eap_method_index = 1;  in eap_peap_process_phase2_soh()
952 		   sm->user->methods[0].vendor, next_type);  in eap_peap_process_phase2_soh()
953 	eap_peap_phase2_init(sm, data, sm->user->methods[0].vendor, next_type);  in eap_peap_process_phase2_soh()
958 static void eap_peap_process_phase2_response(struct eap_sm *sm,  in eap_peap_process_phase2_response()  argument
969 		eap_peap_process_phase2_tlv(sm, data, in_data);  in eap_peap_process_phase2_response()
975 		eap_peap_process_phase2_soh(sm, data, in_data);  in eap_peap_process_phase2_response()
993 		eap_sm_process_nak(sm, pos + 1, left - 1);  in eap_peap_process_phase2_response()
994 		if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&  in eap_peap_process_phase2_response()
995 		    (sm->user->methods[sm->user_eap_method_index].vendor !=  in eap_peap_process_phase2_response()
997 		     sm->user->methods[sm->user_eap_method_index].method !=  in eap_peap_process_phase2_response()
999 			next_vendor = sm->user->methods[  in eap_peap_process_phase2_response()
1000 				sm->user_eap_method_index].vendor;  in eap_peap_process_phase2_response()
1001 			next_type = sm->user->methods[  in eap_peap_process_phase2_response()
1002 				sm->user_eap_method_index++].method;  in eap_peap_process_phase2_response()
1007 			eap_peap_req_failure(sm, data);  in eap_peap_process_phase2_response()
1011 		eap_peap_phase2_init(sm, data, next_vendor, next_type);  in eap_peap_process_phase2_response()
1015 	if (data->phase2_method->check(sm, data->phase2_priv, in_data)) {  in eap_peap_process_phase2_response()
1021 	data->phase2_method->process(sm, data->phase2_priv, in_data);  in eap_peap_process_phase2_response()
1023 	if (sm->method_pending == METHOD_PENDING_WAIT) {  in eap_peap_process_phase2_response()
1030 	if (!data->phase2_method->isDone(sm, data->phase2_priv))  in eap_peap_process_phase2_response()
1033 	if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) {  in eap_peap_process_phase2_response()
1035 		eap_peap_req_failure(sm, data);  in eap_peap_process_phase2_response()
1038 		eap_peap_phase2_init(sm, data, next_vendor, next_type);  in eap_peap_process_phase2_response()
1045 			sm, data->phase2_priv, &data->phase2_key_len);  in eap_peap_process_phase2_response()
1049 			eap_peap_req_failure(sm, data);  in eap_peap_process_phase2_response()
1050 			eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF,  in eap_peap_process_phase2_response()
1060 		if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {  in eap_peap_process_phase2_response()
1064 					  sm->identity, sm->identity_len);  in eap_peap_process_phase2_response()
1065 			eap_peap_req_failure(sm, data);  in eap_peap_process_phase2_response()
1072 		if (data->state != PHASE2_SOH && sm->cfg->tnc &&  in eap_peap_process_phase2_response()
1084 		next_vendor = sm->user->methods[0].vendor;  in eap_peap_process_phase2_response()
1085 		next_type = sm->user->methods[0].method;  in eap_peap_process_phase2_response()
1086 		sm->user_eap_method_index = 1;  in eap_peap_process_phase2_response()
1091 		eap_peap_req_success(sm, data);  in eap_peap_process_phase2_response()
1103 	eap_peap_phase2_init(sm, data, next_vendor, next_type);  in eap_peap_process_phase2_response()
1107 static void eap_peap_process_phase2(struct eap_sm *sm,  in eap_peap_process_phase2()  argument
1122 		eap_peap_process_phase2_response(sm, data,  in eap_peap_process_phase2()
1129 	in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,  in eap_peap_process_phase2()
1170 		eap_peap_req_failure(sm, data);  in eap_peap_process_phase2()
1180 		eap_peap_req_failure(sm, data);  in eap_peap_process_phase2()
1188 		eap_peap_process_phase2_response(sm, data, in_decrypted);  in eap_peap_process_phase2()
1194 			eap_peap_valid_session(sm, data);  in eap_peap_process_phase2()
1211 static int eap_peap_process_version(struct eap_sm *sm, void *priv,  in eap_peap_process_version()  argument
1234 static void eap_peap_process_msg(struct eap_sm *sm, void *priv,  in eap_peap_process_msg()  argument
1241 		if (eap_server_tls_phase1(sm, &data->ssl) < 0) {  in eap_peap_process_msg()
1248 		eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF,  in eap_peap_process_msg()
1256 		eap_peap_process_phase2(sm, data, respData, data->ssl.tls_in);  in eap_peap_process_msg()
1260 		eap_peap_valid_session(sm, data);  in eap_peap_process_msg()
1273 static void eap_peap_process(struct eap_sm *sm, void *priv,  in eap_peap_process()  argument
1281 	if (eap_server_tls_process(sm, &data->ssl, respData, data,  in eap_peap_process()
1289 	    !tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||  in eap_peap_process()
1290 	    !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))  in eap_peap_process()
1314 	os_free(sm->identity);  in eap_peap_process()
1315 	sm->identity = os_malloc(id_len ? id_len : 1);  in eap_peap_process()
1316 	if (!sm->identity) {  in eap_peap_process()
1317 		sm->identity_len = 0;  in eap_peap_process()
1322 	os_memcpy(sm->identity, pos, id_len);  in eap_peap_process()
1323 	sm->identity_len = id_len;  in eap_peap_process()
1325 	if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {  in eap_peap_process()
1327 				  sm->identity, sm->identity_len);  in eap_peap_process()
1334 	eap_peap_req_success(sm, data);  in eap_peap_process()
1340 static bool eap_peap_isDone(struct eap_sm *sm, void *priv)  in eap_peap_isDone()  argument
1347 static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)  in eap_peap_getKey()  argument
1396 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,  in eap_peap_getKey()
1412 static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)  in eap_peap_get_emsk()  argument
1438 	eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,  in eap_peap_get_emsk()
1458 static bool eap_peap_isSuccess(struct eap_sm *sm, void *priv)  in eap_peap_isSuccess()  argument
1465 static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len)  in eap_peap_get_session_id()  argument
1472 	return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_PEAP,  in eap_peap_get_session_id()