mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 19:04:02 -05:00
EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
The EAP-TLS-based helper functions can easily use struct wpabuf in more places, so continue cleanup in that direction by replacing separate pointer and length arguments with a single struct wpabuf argument. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
8d9f3b8ed6
commit
d36c803c69
@ -1528,6 +1528,7 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||||||
struct wpabuf *resp;
|
struct wpabuf *resp;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
struct eap_fast_data *data = priv;
|
struct eap_fast_data *data = priv;
|
||||||
|
struct wpabuf msg;
|
||||||
|
|
||||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
|
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
|
||||||
reqData, &left, &flags);
|
reqData, &left, &flags);
|
||||||
@ -1544,12 +1545,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||||||
left = 0; /* A-ID is not used in further packet processing */
|
left = 0; /* A-ID is not used in further packet processing */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wpabuf_set(&msg, pos, left);
|
||||||
|
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||||
!data->resuming) {
|
!data->resuming) {
|
||||||
/* Process tunneled (encrypted) phase 2 data. */
|
/* Process tunneled (encrypted) phase 2 data. */
|
||||||
struct wpabuf msg;
|
|
||||||
wpabuf_set(&msg, pos, left);
|
|
||||||
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
||||||
if (res < 0) {
|
if (res < 0) {
|
||||||
ret->methodState = METHOD_DONE;
|
ret->methodState = METHOD_DONE;
|
||||||
@ -1564,8 +1565,8 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||||||
/* Continue processing TLS handshake (phase 1). */
|
/* Continue processing TLS handshake (phase 1). */
|
||||||
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
||||||
EAP_TYPE_FAST,
|
EAP_TYPE_FAST,
|
||||||
data->fast_version, id, pos,
|
data->fast_version, id, &msg,
|
||||||
left, &resp);
|
&resp);
|
||||||
|
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||||
char cipher[80];
|
char cipher[80];
|
||||||
@ -1589,14 +1590,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (res == 2) {
|
if (res == 2) {
|
||||||
struct wpabuf msg;
|
|
||||||
/*
|
/*
|
||||||
* Application data included in the handshake message.
|
* Application data included in the handshake message.
|
||||||
*/
|
*/
|
||||||
wpabuf_free(data->pending_phase2_req);
|
wpabuf_free(data->pending_phase2_req);
|
||||||
data->pending_phase2_req = resp;
|
data->pending_phase2_req = resp;
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
wpabuf_set(&msg, pos, left);
|
|
||||||
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -968,6 +968,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||||||
struct wpabuf *resp;
|
struct wpabuf *resp;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
struct eap_peap_data *data = priv;
|
struct eap_peap_data *data = priv;
|
||||||
|
struct wpabuf msg;
|
||||||
|
|
||||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
|
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
|
||||||
reqData, &left, &flags);
|
reqData, &left, &flags);
|
||||||
@ -998,17 +999,17 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||||||
* should always be, anyway */
|
* should always be, anyway */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wpabuf_set(&msg, pos, left);
|
||||||
|
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||||
!data->resuming) {
|
!data->resuming) {
|
||||||
struct wpabuf msg;
|
|
||||||
wpabuf_set(&msg, pos, left);
|
|
||||||
res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
|
res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
|
||||||
} else {
|
} else {
|
||||||
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
res = eap_peer_tls_process_helper(sm, &data->ssl,
|
||||||
EAP_TYPE_PEAP,
|
EAP_TYPE_PEAP,
|
||||||
data->peap_version, id, pos,
|
data->peap_version, id, &msg,
|
||||||
left, &resp);
|
&resp);
|
||||||
|
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||||
char *label;
|
char *label;
|
||||||
@ -1077,14 +1078,12 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (res == 2) {
|
if (res == 2) {
|
||||||
struct wpabuf msg;
|
|
||||||
/*
|
/*
|
||||||
* Application data included in the handshake message.
|
* Application data included in the handshake message.
|
||||||
*/
|
*/
|
||||||
wpabuf_free(data->pending_phase2_req);
|
wpabuf_free(data->pending_phase2_req);
|
||||||
data->pending_phase2_req = resp;
|
data->pending_phase2_req = resp;
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
wpabuf_set(&msg, pos, left);
|
|
||||||
res = eap_peap_decrypt(sm, data, ret, req, &msg,
|
res = eap_peap_decrypt(sm, data, ret, req, &msg,
|
||||||
&resp);
|
&resp);
|
||||||
}
|
}
|
||||||
|
@ -228,6 +228,7 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
|
|||||||
u8 flags, id;
|
u8 flags, id;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
struct eap_tls_data *data = priv;
|
struct eap_tls_data *data = priv;
|
||||||
|
struct wpabuf msg;
|
||||||
|
|
||||||
pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
|
pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
|
||||||
reqData, &left, &flags);
|
reqData, &left, &flags);
|
||||||
@ -242,8 +243,9 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
|
|||||||
}
|
}
|
||||||
|
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
|
wpabuf_set(&msg, pos, left);
|
||||||
res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
|
res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
|
||||||
id, pos, left, &resp);
|
id, &msg, &resp);
|
||||||
|
|
||||||
if (res < 0) {
|
if (res < 0) {
|
||||||
return eap_tls_failure(sm, data, ret, res, resp, id);
|
return eap_tls_failure(sm, data, ret, res, resp, id);
|
||||||
|
@ -477,22 +477,19 @@ static const struct wpabuf * eap_peer_tls_data_reassemble(
|
|||||||
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
|
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
|
||||||
* @data: Data for TLS processing
|
* @data: Data for TLS processing
|
||||||
* @in_data: Message received from the server
|
* @in_data: Message received from the server
|
||||||
* @in_len: Length of in_data
|
|
||||||
* @out_data: Buffer for returning a pointer to application data (if available)
|
* @out_data: Buffer for returning a pointer to application data (if available)
|
||||||
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
||||||
* is available, -1 on failure
|
* is available, -1 on failure
|
||||||
*/
|
*/
|
||||||
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
|
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
const u8 *in_data, size_t in_len,
|
const struct wpabuf *in_data,
|
||||||
struct wpabuf **out_data)
|
struct wpabuf **out_data)
|
||||||
{
|
{
|
||||||
const struct wpabuf *msg;
|
const struct wpabuf *msg;
|
||||||
int need_more_input;
|
int need_more_input;
|
||||||
struct wpabuf *appl_data;
|
struct wpabuf *appl_data;
|
||||||
struct wpabuf buf;
|
|
||||||
|
|
||||||
wpabuf_set(&buf, in_data, in_len);
|
msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input);
|
||||||
msg = eap_peer_tls_data_reassemble(data, &buf, &need_more_input);
|
|
||||||
if (msg == NULL)
|
if (msg == NULL)
|
||||||
return need_more_input ? 1 : -1;
|
return need_more_input ? 1 : -1;
|
||||||
|
|
||||||
@ -612,7 +609,6 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
|
|||||||
* @peap_version: Version number for EAP-PEAP/TTLS
|
* @peap_version: Version number for EAP-PEAP/TTLS
|
||||||
* @id: EAP identifier for the response
|
* @id: EAP identifier for the response
|
||||||
* @in_data: Message received from the server
|
* @in_data: Message received from the server
|
||||||
* @in_len: Length of in_data
|
|
||||||
* @out_data: Buffer for returning a pointer to the response message
|
* @out_data: Buffer for returning a pointer to the response message
|
||||||
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
|
||||||
* is available, or -1 on failure
|
* is available, or -1 on failure
|
||||||
@ -635,14 +631,15 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
|
|||||||
*/
|
*/
|
||||||
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
EapType eap_type, int peap_version,
|
EapType eap_type, int peap_version,
|
||||||
u8 id, const u8 *in_data, size_t in_len,
|
u8 id, const struct wpabuf *in_data,
|
||||||
struct wpabuf **out_data)
|
struct wpabuf **out_data)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
*out_data = NULL;
|
*out_data = NULL;
|
||||||
|
|
||||||
if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) {
|
if (data->tls_out && wpabuf_len(data->tls_out) > 0 &&
|
||||||
|
wpabuf_len(in_data) > 0) {
|
||||||
wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
|
wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
|
||||||
"fragments are waiting to be sent out");
|
"fragments are waiting to be sent out");
|
||||||
return -1;
|
return -1;
|
||||||
@ -653,8 +650,7 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
|||||||
* No more data to send out - expect to receive more data from
|
* No more data to send out - expect to receive more data from
|
||||||
* the AS.
|
* the AS.
|
||||||
*/
|
*/
|
||||||
int res = eap_tls_process_input(sm, data, in_data, in_len,
|
int res = eap_tls_process_input(sm, data, in_data, out_data);
|
||||||
out_data);
|
|
||||||
if (res) {
|
if (res) {
|
||||||
/*
|
/*
|
||||||
* Input processing failed (res = -1) or more data is
|
* Input processing failed (res = -1) or more data is
|
||||||
|
@ -100,7 +100,7 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
|
|||||||
size_t *len);
|
size_t *len);
|
||||||
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
EapType eap_type, int peap_version,
|
EapType eap_type, int peap_version,
|
||||||
u8 id, const u8 *in_data, size_t in_len,
|
u8 id, const struct wpabuf *in_data,
|
||||||
struct wpabuf **out_data);
|
struct wpabuf **out_data);
|
||||||
struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
|
struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
|
||||||
int peap_version);
|
int peap_version);
|
||||||
|
@ -1385,14 +1385,14 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||||||
struct eap_ttls_data *data,
|
struct eap_ttls_data *data,
|
||||||
struct eap_method_ret *ret,
|
struct eap_method_ret *ret,
|
||||||
u8 identifier,
|
u8 identifier,
|
||||||
const u8 *in_data, size_t in_len,
|
const struct wpabuf *in_data,
|
||||||
struct wpabuf **out_data)
|
struct wpabuf **out_data)
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
|
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
|
||||||
data->ttls_version, identifier,
|
data->ttls_version, identifier,
|
||||||
in_data, in_len, out_data);
|
in_data, out_data);
|
||||||
|
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
|
||||||
@ -1419,15 +1419,13 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (res == 2) {
|
if (res == 2) {
|
||||||
struct wpabuf msg;
|
|
||||||
/*
|
/*
|
||||||
* Application data included in the handshake message.
|
* Application data included in the handshake message.
|
||||||
*/
|
*/
|
||||||
wpabuf_free(data->pending_phase2_req);
|
wpabuf_free(data->pending_phase2_req);
|
||||||
data->pending_phase2_req = *out_data;
|
data->pending_phase2_req = *out_data;
|
||||||
*out_data = NULL;
|
*out_data = NULL;
|
||||||
wpabuf_set(&msg, in_data, in_len);
|
res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
|
||||||
res = eap_ttls_decrypt(sm, data, ret, identifier, &msg,
|
|
||||||
out_data);
|
out_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1477,6 +1475,7 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
|
|||||||
struct wpabuf *resp;
|
struct wpabuf *resp;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
struct eap_ttls_data *data = priv;
|
struct eap_ttls_data *data = priv;
|
||||||
|
struct wpabuf msg;
|
||||||
|
|
||||||
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
|
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
|
||||||
reqData, &left, &flags);
|
reqData, &left, &flags);
|
||||||
@ -1497,15 +1496,15 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
|
|||||||
left = 0;
|
left = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wpabuf_set(&msg, pos, left);
|
||||||
|
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
||||||
!data->resuming) {
|
!data->resuming) {
|
||||||
struct wpabuf msg;
|
|
||||||
wpabuf_set(&msg, pos, left);
|
|
||||||
res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
|
res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
|
||||||
} else {
|
} else {
|
||||||
res = eap_ttls_process_handshake(sm, data, ret, id,
|
res = eap_ttls_process_handshake(sm, data, ret, id,
|
||||||
pos, left, &resp);
|
&msg, &resp);
|
||||||
}
|
}
|
||||||
|
|
||||||
eap_ttls_check_auth_status(sm, data, ret);
|
eap_ttls_check_auth_status(sm, data, ret);
|
||||||
|
Loading…
Reference in New Issue
Block a user