eap_tls_common.c File Reference

#include "includes.h"
#include "common.h"
#include "crypto/sha1.h"
#include "crypto/tls.h"
#include "eap_i.h"
#include "eap_tls_common.h"
#include "eap_config.h"
Include dependency graph for eap_tls_common.c:

Go to the source code of this file.

Functions

int eap_peer_select_phase2_methods (struct eap_peer_config *config, const char *prefix, struct eap_method_type **types, size_t *num_types)
struct wpabufeap_peer_tls_build_ack (u8 id, EapType eap_type, int peap_version)
static struct wpabufeap_peer_tls_data_reassemble (struct eap_ssl_data *data, const struct wpabuf *in_data, int *need_more_input)
int eap_peer_tls_decrypt (struct eap_sm *sm, struct eap_ssl_data *data, const struct wpabuf *in_data, struct wpabuf **in_decrypted)
u8eap_peer_tls_derive_key (struct eap_sm *sm, struct eap_ssl_data *data, const char *label, size_t len)
int eap_peer_tls_encrypt (struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, const struct wpabuf *in_data, struct wpabuf **out_data)
int eap_peer_tls_phase2_nak (struct eap_method_type *types, size_t num_types, struct eap_hdr *hdr, struct wpabuf **resp)
int eap_peer_tls_process_helper (struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, const u8 *in_data, size_t in_len, struct wpabuf **out_data)
const u8eap_peer_tls_process_init (struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, struct eap_method_ret *ret, const struct wpabuf *reqData, size_t *len, u8 *flags)
static int eap_peer_tls_reassemble_fragment (struct eap_ssl_data *data, const struct wpabuf *in_data)
int eap_peer_tls_reauth_init (struct eap_sm *sm, struct eap_ssl_data *data)
void eap_peer_tls_reset_input (struct eap_ssl_data *data)
void eap_peer_tls_reset_output (struct eap_ssl_data *data)
void eap_peer_tls_ssl_deinit (struct eap_sm *sm, struct eap_ssl_data *data)
int eap_peer_tls_ssl_init (struct eap_sm *sm, struct eap_ssl_data *data, struct eap_peer_config *config)
int eap_peer_tls_status (struct eap_sm *sm, struct eap_ssl_data *data, char *buf, size_t buflen, int verbose)
static int eap_tls_check_blob (struct eap_sm *sm, const char **name, const u8 **data, size_t *data_len)
static int eap_tls_init_connection (struct eap_sm *sm, struct eap_ssl_data *data, struct eap_peer_config *config, struct tls_connection_params *params)
static void eap_tls_params_flags (struct tls_connection_params *params, const char *txt)
static int eap_tls_params_from_conf (struct eap_sm *sm, struct eap_ssl_data *data, struct tls_connection_params *params, struct eap_peer_config *config, int phase2)
static void eap_tls_params_from_conf1 (struct tls_connection_params *params, struct eap_peer_config *config)
static void eap_tls_params_from_conf2 (struct tls_connection_params *params, struct eap_peer_config *config)
static int eap_tls_process_input (struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data, size_t in_len, struct wpabuf **out_data)
static int eap_tls_process_output (struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, int ret, struct wpabuf **out_data)

Function Documentation

int eap_peer_select_phase2_methods ( struct eap_peer_config config,
const char *  prefix,
struct eap_method_type **  types,
size_t *  num_types 
)

eap_peer_select_phase2_methods - Select phase 2 EAP method : Pointer to the network configuration : 'phase2' configuration prefix, e.g., "auth=" : Buffer for returning allocated list of allowed EAP methods : Buffer for returning number of allocated EAP methods Returns: 0 on success, -1 on failure

This function is used to parse EAP method list and select allowed methods for Phase2 authentication.

Definition at line 913 of file eap_tls_common.c.

struct wpabuf* eap_peer_tls_build_ack ( u8  id,
EapType  eap_type,
int  peap_version 
) [read]

eap_peer_tls_build_ack - Build a TLS ACK frame : EAP identifier for the response : EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) : Version number for EAP-PEAP/TTLS Returns: Pointer to the allocated ACK frame or NULL on failure

Definition at line 658 of file eap_tls_common.c.

static struct wpabuf* eap_peer_tls_data_reassemble ( struct eap_ssl_data data,
const struct wpabuf in_data,
int *  need_more_input 
) [static, read]

eap_peer_tls_data_reassemble - Reassemble TLS data : Data for TLS processing : Next incoming TLS segment : Variable for returning whether more input data is needed to reassemble this TLS packet Returns: Pointer to output data, NULL on error or when more data is needed for the full message (in which case, *need_more_input is also set to 1).

This function reassembles TLS fragments. Caller must not free the returned data buffer since an internal pointer to it is maintained.

Definition at line 389 of file eap_tls_common.c.

int eap_peer_tls_decrypt ( struct eap_sm sm,
struct eap_ssl_data data,
const struct wpabuf in_data,
struct wpabuf **  in_decrypted 
)

eap_peer_tls_decrypt - Decrypt received phase 2 TLS message : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : Message received from the server : Buffer for returning a pointer to the decrypted message Returns: 0 on success, 1 if more input data is needed, or -1 on failure

Definition at line 847 of file eap_tls_common.c.

u8* eap_peer_tls_derive_key ( struct eap_sm sm,
struct eap_ssl_data data,
const char *  label,
size_t  len 
)

eap_peer_tls_derive_key - Derive a key based on TLS session data : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : Label string for deriving the keys, e.g., "client EAP encryption" : Length of the key material to generate (usually 64 for MSK) Returns: Pointer to allocated key on success or NULL on failure

This function uses TLS-PRF to generate pseudo-random data based on the TLS session data (client/server random and master key). Each key type may use a different label to bind the key usage into the generated material.

The caller is responsible for freeing the returned buffer.

Definition at line 264 of file eap_tls_common.c.

int eap_peer_tls_encrypt ( struct eap_sm sm,
struct eap_ssl_data data,
EapType  eap_type,
int  peap_version,
u8  id,
const struct wpabuf in_data,
struct wpabuf **  out_data 
)

eap_peer_tls_encrypt - Encrypt phase 2 TLS message : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) : Version number for EAP-PEAP/TTLS : EAP identifier for the response : Plaintext phase 2 data to encrypt or NULL to continue fragments : Buffer for returning a pointer to the encrypted response message Returns: 0 on success, -1 on failure

Definition at line 879 of file eap_tls_common.c.

int eap_peer_tls_phase2_nak ( struct eap_method_type types,
size_t  num_types,
struct eap_hdr hdr,
struct wpabuf **  resp 
)

eap_peer_tls_phase2_nak - Generate EAP-Nak for Phase 2 : Buffer for returning allocated list of allowed EAP methods : Buffer for returning number of allocated EAP methods : EAP-Request header (and the following EAP type octet) : Buffer for returning the EAP-Nak message Returns: 0 on success, -1 on failure

Definition at line 996 of file eap_tls_common.c.

int eap_peer_tls_process_helper ( struct eap_sm sm,
struct eap_ssl_data data,
EapType  eap_type,
int  peap_version,
u8  id,
const u8 in_data,
size_t  in_len,
struct wpabuf **  out_data 
)

eap_peer_tls_process_helper - Process TLS handshake message : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) : Version number for EAP-PEAP/TTLS : EAP identifier for the response : Message received from the server : Length of in_data : Buffer for returning a pointer to the response message Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, or -1 on failure

This function can be used to process TLS handshake messages. It reassembles the received fragments and uses a TLS library to process the messages. The response data from the TLS library is fragmented to suitable output messages that the caller can send out.

out_data is used to return the response message if the return value of this function is 0, 2, or -1. In case of failure, the message is likely a TLS alarm message. The caller is responsible for freeing the allocated buffer if *out_data is not NULL.

This function is called for each received TLS message during the TLS handshake after eap_peer_tls_process_init() call and possible processing of TLS Flags field. Once the handshake has been completed, i.e., when tls_connection_established() returns 1, EAP method specific decrypting of the tunneled data is used.

Definition at line 579 of file eap_tls_common.c.

const u8* eap_peer_tls_process_init ( struct eap_sm sm,
struct eap_ssl_data data,
EapType  eap_type,
struct eap_method_ret ret,
const struct wpabuf reqData,
size_t *  len,
u8 flags 
)

eap_peer_tls_process_init - Initial validation/processing of EAP requests : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) : Return values from EAP request validation and processing : EAP request to be processed (eapReqData) : Buffer for returning length of the remaining payload : Buffer for returning TLS flags Returns: Pointer to payload after TLS flags and length or NULL on failure

This function validates the EAP header and processes the optional TLS Message Length field. If this is the first fragment of a TLS message, the TLS reassembly code is initialized to receive the indicated number of bytes.

EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST methods are expected to use this function as the first step in processing received messages. They will need to process the flags (apart from Message Length Included) that are returned through the flags pointer and the message payload that will be returned (and the length is returned through the len pointer). Return values (ret) are set for continuation of EAP method processing. The caller is responsible for setting these to indicate completion (either success or failure) based on the authentication result.

Definition at line 739 of file eap_tls_common.c.

static int eap_peer_tls_reassemble_fragment ( struct eap_ssl_data data,
const struct wpabuf in_data 
) [static]

eap_peer_tls_reassemble_fragment - Reassemble a received fragment : Data for TLS processing : Next incoming TLS segment Returns: 0 on success, 1 if more data is needed for the full message, or -1 on error

Definition at line 320 of file eap_tls_common.c.

int eap_peer_tls_reauth_init ( struct eap_sm sm,
struct eap_ssl_data data 
)

eap_peer_tls_reauth_init - Re-initialize shared TLS for session resumption : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing Returns: 0 on success, -1 on failure

Definition at line 680 of file eap_tls_common.c.

void eap_peer_tls_reset_input ( struct eap_ssl_data data  ) 

eap_peer_tls_reset_input - Reset input buffers : Data for TLS processing

This function frees any allocated memory for input buffers and resets input state.

Definition at line 816 of file eap_tls_common.c.

void eap_peer_tls_reset_output ( struct eap_ssl_data data  ) 

eap_peer_tls_reset_output - Reset output buffers : Data for TLS processing

This function frees any allocated memory for output buffers and resets output state.

Definition at line 831 of file eap_tls_common.c.

void eap_peer_tls_ssl_deinit ( struct eap_sm sm,
struct eap_ssl_data data 
)

eap_peer_tls_ssl_deinit - Deinitialize shared TLS functionality : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing

This function deinitializes shared TLS functionality that was initialized with eap_peer_tls_ssl_init().

Definition at line 242 of file eap_tls_common.c.

int eap_peer_tls_ssl_init ( struct eap_sm sm,
struct eap_ssl_data data,
struct eap_peer_config config 
)

eap_peer_tls_ssl_init - Initialize shared TLS functionality : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : Pointer to the network configuration Returns: 0 on success, -1 on failure

This function is used to initialize shared TLS functionality for EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST.

Definition at line 197 of file eap_tls_common.c.

int eap_peer_tls_status ( struct eap_sm sm,
struct eap_ssl_data data,
char *  buf,
size_t  buflen,
int  verbose 
)

eap_peer_tls_status - Get TLS status : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : Buffer for status information : Maximum buffer length : Whether to include verbose status information Returns: Number of bytes written to buf.

Definition at line 697 of file eap_tls_common.c.

static int eap_tls_check_blob ( struct eap_sm sm,
const char **  name,
const u8 **  data,
size_t *  data_len 
) [static]

Definition at line 25 of file eap_tls_common.c.

static int eap_tls_init_connection ( struct eap_sm sm,
struct eap_ssl_data data,
struct eap_peer_config config,
struct tls_connection_params params 
) [static]

Definition at line 139 of file eap_tls_common.c.

static void eap_tls_params_flags ( struct tls_connection_params params,
const char *  txt 
) [static]

Definition at line 48 of file eap_tls_common.c.

static int eap_tls_params_from_conf ( struct eap_sm sm,
struct eap_ssl_data data,
struct tls_connection_params params,
struct eap_peer_config config,
int  phase2 
) [static]

Definition at line 102 of file eap_tls_common.c.

static void eap_tls_params_from_conf1 ( struct tls_connection_params params,
struct eap_peer_config config 
) [static]

Definition at line 60 of file eap_tls_common.c.

static void eap_tls_params_from_conf2 ( struct tls_connection_params params,
struct eap_peer_config config 
) [static]

Definition at line 81 of file eap_tls_common.c.

static int eap_tls_process_input ( struct eap_sm sm,
struct eap_ssl_data data,
const u8 in_data,
size_t  in_len,
struct wpabuf **  out_data 
) [static]

eap_tls_process_input - Process incoming TLS message : Pointer to EAP state machine allocated with eap_peer_sm_init() : Data for TLS processing : Message received from the server : Length of in_data : Buffer for returning a pointer to application data (if available) Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, -1 on failure

Definition at line 427 of file eap_tls_common.c.

static int eap_tls_process_output ( struct eap_ssl_data data,
EapType  eap_type,
int  peap_version,
u8  id,
int  ret,
struct wpabuf **  out_data 
) [static]

eap_tls_process_output - Process outgoing TLS message : Data for TLS processing : EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) : Version number for EAP-PEAP/TTLS : EAP identifier for the response : Return value to use on success : Buffer for returning the allocated output buffer Returns: ret (0 or 1) on success, -1 on failure

Definition at line 480 of file eap_tls_common.c.

 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Defines


wpa_supplicant_node
Author(s): Package maintained by Blaise Gassend
autogenerated on Fri Jan 11 10:02:07 2013