EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
The EAP-TLS-based helper functions can easily use struct wpabuf in more places, so continue cleanup in that direction by replacing separate pointer and length arguments with a single struct wpabuf argument. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
8d9f3b8ed6
commit
d36c803c69
6 changed files with 27 additions and 32 deletions
|
|
@ -1528,6 +1528,7 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||
struct wpabuf *resp;
|
||||
const u8 *pos;
|
||||
struct eap_fast_data *data = priv;
|
||||
struct wpabuf msg;
|
||||
|
||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
|
||||
reqData, &left, &flags);
|
||||
|
|
@ -1544,12 +1545,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||
left = 0; /* A-ID is not used in further packet processing */
|
||||
}
|
||||
|
||||
wpabuf_set(&msg, pos, left);
|
||||
|
||||
resp = NULL;
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||
!data->resuming) {
|
||||
/* Process tunneled (encrypted) phase 2 data. */
|
||||
struct wpabuf msg;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
||||
if (res < 0) {
|
||||
ret->methodState = METHOD_DONE;
|
||||
|
|
@ -1564,8 +1565,8 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||
/* Continue processing TLS handshake (phase 1). */
|
||||
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
||||
EAP_TYPE_FAST,
|
||||
data->fast_version, id, pos,
|
||||
left, &resp);
|
||||
data->fast_version, id, &msg,
|
||||
&resp);
|
||||
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
char cipher[80];
|
||||
|
|
@ -1589,14 +1590,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||
}
|
||||
|
||||
if (res == 2) {
|
||||
struct wpabuf msg;
|
||||
/*
|
||||
* Application data included in the handshake message.
|
||||
*/
|
||||
wpabuf_free(data->pending_phase2_req);
|
||||
data->pending_phase2_req = resp;
|
||||
resp = NULL;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -968,6 +968,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||
struct wpabuf *resp;
|
||||
const u8 *pos;
|
||||
struct eap_peap_data *data = priv;
|
||||
struct wpabuf msg;
|
||||
|
||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
|
||||
reqData, &left, &flags);
|
||||
|
|
@ -998,17 +999,17 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||
* should always be, anyway */
|
||||
}
|
||||
|
||||
wpabuf_set(&msg, pos, left);
|
||||
|
||||
resp = NULL;
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||
!data->resuming) {
|
||||
struct wpabuf msg;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
|
||||
} else {
|
||||
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
||||
EAP_TYPE_PEAP,
|
||||
data->peap_version, id, pos,
|
||||
left, &resp);
|
||||
data->peap_version, id, &msg,
|
||||
&resp);
|
||||
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
char *label;
|
||||
|
|
@ -1077,14 +1078,12 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||
}
|
||||
|
||||
if (res == 2) {
|
||||
struct wpabuf msg;
|
||||
/*
|
||||
* Application data included in the handshake message.
|
||||
*/
|
||||
wpabuf_free(data->pending_phase2_req);
|
||||
data->pending_phase2_req = resp;
|
||||
resp = NULL;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_peap_decrypt(sm, data, ret, req, &msg,
|
||||
&resp);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -228,6 +228,7 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
|
|||
u8 flags, id;
|
||||
const u8 *pos;
|
||||
struct eap_tls_data *data = priv;
|
||||
struct wpabuf msg;
|
||||
|
||||
pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
|
||||
reqData, &left, &flags);
|
||||
|
|
@ -242,8 +243,9 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
|
|||
}
|
||||
|
||||
resp = NULL;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
|
||||
id, pos, left, &resp);
|
||||
id, &msg, &resp);
|
||||
|
||||
if (res < 0) {
|
||||
return eap_tls_failure(sm, data, ret, res, resp, id);
|
||||
|
|
|
|||
|
|
@ -477,22 +477,19 @@ static const struct wpabuf * eap_peer_tls_data_reassemble(
|
|||
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
|
||||
* @data: Data for TLS processing
|
||||
* @in_data: Message received from the server
|
||||
* @in_len: Length of in_data
|
||||
* @out_data: Buffer for returning a pointer to application data (if available)
|
||||
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
||||
* is available, -1 on failure
|
||||
*/
|
||||
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
const u8 *in_data, size_t in_len,
|
||||
const struct wpabuf *in_data,
|
||||
struct wpabuf **out_data)
|
||||
{
|
||||
const struct wpabuf *msg;
|
||||
int need_more_input;
|
||||
struct wpabuf *appl_data;
|
||||
struct wpabuf buf;
|
||||
|
||||
wpabuf_set(&buf, in_data, in_len);
|
||||
msg = eap_peer_tls_data_reassemble(data, &buf, &need_more_input);
|
||||
msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input);
|
||||
if (msg == NULL)
|
||||
return need_more_input ? 1 : -1;
|
||||
|
||||
|
|
@ -612,7 +609,6 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
|
|||
* @peap_version: Version number for EAP-PEAP/TTLS
|
||||
* @id: EAP identifier for the response
|
||||
* @in_data: Message received from the server
|
||||
* @in_len: Length of in_data
|
||||
* @out_data: Buffer for returning a pointer to the response message
|
||||
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
||||
* is available, or -1 on failure
|
||||
|
|
@ -635,14 +631,15 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
|
|||
*/
|
||||
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
EapType eap_type, int peap_version,
|
||||
u8 id, const u8 *in_data, size_t in_len,
|
||||
u8 id, const struct wpabuf *in_data,
|
||||
struct wpabuf **out_data)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
*out_data = NULL;
|
||||
|
||||
if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) {
|
||||
if (data->tls_out && wpabuf_len(data->tls_out) > 0 &&
|
||||
wpabuf_len(in_data) > 0) {
|
||||
wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
|
||||
"fragments are waiting to be sent out");
|
||||
return -1;
|
||||
|
|
@ -653,8 +650,7 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
|||
* No more data to send out - expect to receive more data from
|
||||
* the AS.
|
||||
*/
|
||||
int res = eap_tls_process_input(sm, data, in_data, in_len,
|
||||
out_data);
|
||||
int res = eap_tls_process_input(sm, data, in_data, out_data);
|
||||
if (res) {
|
||||
/*
|
||||
* Input processing failed (res = -1) or more data is
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
|
|||
size_t *len);
|
||||
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
EapType eap_type, int peap_version,
|
||||
u8 id, const u8 *in_data, size_t in_len,
|
||||
u8 id, const struct wpabuf *in_data,
|
||||
struct wpabuf **out_data);
|
||||
struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
|
||||
int peap_version);
|
||||
|
|
|
|||
|
|
@ -1385,14 +1385,14 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||
struct eap_ttls_data *data,
|
||||
struct eap_method_ret *ret,
|
||||
u8 identifier,
|
||||
const u8 *in_data, size_t in_len,
|
||||
const struct wpabuf *in_data,
|
||||
struct wpabuf **out_data)
|
||||
{
|
||||
int res;
|
||||
|
||||
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
|
||||
data->ttls_version, identifier,
|
||||
in_data, in_len, out_data);
|
||||
in_data, out_data);
|
||||
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
|
||||
|
|
@ -1419,15 +1419,13 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||
}
|
||||
|
||||
if (res == 2) {
|
||||
struct wpabuf msg;
|
||||
/*
|
||||
* Application data included in the handshake message.
|
||||
*/
|
||||
wpabuf_free(data->pending_phase2_req);
|
||||
data->pending_phase2_req = *out_data;
|
||||
*out_data = NULL;
|
||||
wpabuf_set(&msg, in_data, in_len);
|
||||
res = eap_ttls_decrypt(sm, data, ret, identifier, &msg,
|
||||
res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
|
||||
out_data);
|
||||
}
|
||||
|
||||
|
|
@ -1477,6 +1475,7 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
|
|||
struct wpabuf *resp;
|
||||
const u8 *pos;
|
||||
struct eap_ttls_data *data = priv;
|
||||
struct wpabuf msg;
|
||||
|
||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
|
||||
reqData, &left, &flags);
|
||||
|
|
@ -1497,15 +1496,15 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
|
|||
left = 0;
|
||||
}
|
||||
|
||||
wpabuf_set(&msg, pos, left);
|
||||
|
||||
resp = NULL;
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||
!data->resuming) {
|
||||
struct wpabuf msg;
|
||||
wpabuf_set(&msg, pos, left);
|
||||
res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
|
||||
} else {
|
||||
res = eap_ttls_process_handshake(sm, data, ret, id,
|
||||
pos, left, &resp);
|
||||
&msg, &resp);
|
||||
}
|
||||
|
||||
eap_ttls_check_auth_status(sm, data, ret);
|
||||
|
|
|
|||
Loading…
Reference in a new issue