18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hostapd / EAP-TLS (RFC 2716) 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "includes.h" 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common.h" 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_i.h" 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_tls_common.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "crypto/tls.h" 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void eap_tls_reset(struct eap_sm *sm, void *priv); 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_tls_data { 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_ssl_data ssl; 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { START, CONTINUE, SUCCESS, FAILURE } state; 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int established; 2461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt u8 eap_type; 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic const char * eap_tls_state_txt(int state) 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt switch (state) { 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case START: 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return "START"; 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case CONTINUE: 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return "CONTINUE"; 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case SUCCESS: 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return "SUCCESS"; 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case FAILURE: 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return "FAILURE"; 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt default: 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return "Unknown?!"; 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void eap_tls_state(struct eap_tls_data *data, int state) 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s", 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state_txt(data->state), 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state_txt(state)); 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt data->state = state; 51d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (state == FAILURE) 52d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt tls_connection_remove_session(data->ssl.conn); 53d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt} 54d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 55d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 56d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidtstatic void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data) 57d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt{ 58d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt struct wpabuf *buf; 59d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 60d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (!sm->tls_session_lifetime) 61d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 62d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 63d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt buf = wpabuf_alloc(1); 64d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (!buf) 65d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 66d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt wpabuf_put_u8(buf, data->eap_type); 67d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt tls_connection_set_success_data(data->ssl.conn, buf); 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void * eap_tls_init(struct eap_sm *sm) 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data; 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt data = os_zalloc(sizeof(*data)); 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data == NULL) 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt data->state = START; 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 80d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) { 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_reset(sm, data); 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 8661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt data->eap_type = EAP_TYPE_TLS; 8761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 8861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return data; 8961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt} 9061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 9161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 9261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt#ifdef EAP_SERVER_UNAUTH_TLS 9361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidtstatic void * eap_unauth_tls_init(struct eap_sm *sm) 9461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt{ 9561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct eap_tls_data *data; 9661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 9761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt data = os_zalloc(sizeof(*data)); 9861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (data == NULL) 9961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return NULL; 10061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt data->state = START; 10161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 102d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) { 10361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 10461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap_tls_reset(sm, data); 10561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return NULL; 10661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt } 10761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 10861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt data->eap_type = EAP_UNAUTH_TLS_TYPE; 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return data; 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 11161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt#endif /* EAP_SERVER_UNAUTH_TLS */ 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 114f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt#ifdef CONFIG_HS20 115f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidtstatic void * eap_wfa_unauth_tls_init(struct eap_sm *sm) 116f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt{ 117f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt struct eap_tls_data *data; 118f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 119f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt data = os_zalloc(sizeof(*data)); 120f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt if (data == NULL) 121f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt return NULL; 122f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt data->state = START; 123f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 124d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (eap_server_tls_ssl_init(sm, &data->ssl, 0, 125d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt EAP_WFA_UNAUTH_TLS_TYPE)) { 126f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); 127f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap_tls_reset(sm, data); 128f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt return NULL; 129f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt } 130f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 131f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE; 132f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt return data; 133f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt} 134f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt#endif /* CONFIG_HS20 */ 135f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 136f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void eap_tls_reset(struct eap_sm *sm, void *priv) 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data == NULL) 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return; 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_server_tls_ssl_deinit(sm, &data->ssl); 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt os_free(data); 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic struct wpabuf * eap_tls_build_start(struct eap_sm *sm, 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data, u8 id) 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *req; 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 15261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt req = eap_tls_msg_alloc(data->eap_type, 1, EAP_CODE_REQUEST, id); 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (req == NULL) { 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for " 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "request"); 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state(data, FAILURE); 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpabuf_put_u8(req, EAP_TLS_FLAGS_START); 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state(data, CONTINUE); 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return req; 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id) 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *res; 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->ssl.state == FRAG_ACK) { 17461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return eap_server_tls_build_ack(id, data->eap_type, 0); 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->ssl.state == WAIT_FRAG_ACK) { 17861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt id); 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt goto check_established; 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt switch (data->state) { 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case START: 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return eap_tls_build_start(sm, data, id); 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt case CONTINUE: 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt data->established = 1; 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt break; 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt default: 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt __func__, data->state); 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 19661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id); 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtcheck_established: 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->established && data->ssl.state != WAIT_FRAG_ACK) { 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* TLS handshake has been completed and there are no more 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragments waiting to be sent out. */ 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state(data, SUCCESS); 204d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt eap_tls_valid_session(sm, data); 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return res; 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic Boolean eap_tls_check(struct eap_sm *sm, void *priv, 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *respData) 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 21461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct eap_tls_data *data = priv; 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *pos; 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len; 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 21861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (data->eap_type == EAP_UNAUTH_TLS_TYPE) 21961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, 22061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt EAP_VENDOR_TYPE_UNAUTH_TLS, respData, 22161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt &len); 222f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE) 223f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW, 224f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt EAP_VENDOR_WFA_UNAUTH_TLS, respData, 225f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt &len); 22661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt else 22761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type, 22861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt respData, &len); 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (pos == NULL || len < 1) { 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame"); 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return TRUE; 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return FALSE; 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void eap_tls_process_msg(struct eap_sm *sm, void *priv, 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *respData) 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) { 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS " 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "handshake message"); 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return; 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (eap_server_tls_phase1(sm, &data->ssl) < 0) 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state(data, FAILURE); 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void eap_tls_process(struct eap_sm *sm, void *priv, 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *respData) 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 256d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt const struct wpabuf *buf; 257d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt const u8 *pos; 258d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (eap_server_tls_process(sm, &data->ssl, respData, data, 26061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt data->eap_type, NULL, eap_tls_process_msg) < 261d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 0) { 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap_tls_state(data, FAILURE); 263d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 264d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt } 265d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 266d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || 267d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 268d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 269d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 270d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt buf = tls_connection_get_success_data(data->ssl.conn); 271d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (!buf || wpabuf_len(buf) < 1) { 272d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt wpa_printf(MSG_DEBUG, 273d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt "EAP-TLS: No success data in resumed session - reject attempt"); 274d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt eap_tls_state(data, FAILURE); 275d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 276d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt } 277d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 278d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt pos = wpabuf_head(buf); 279d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt if (*pos != data->eap_type) { 280d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt wpa_printf(MSG_DEBUG, 281d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt", 282d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt *pos); 283d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt eap_tls_state(data, FAILURE); 284d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt return; 285d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt } 286d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt 287d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt wpa_printf(MSG_DEBUG, 288d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt "EAP-TLS: Resuming previous session"); 289d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt eap_tls_state(data, SUCCESS); 290d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt tls_connection_set_success_data_resumed(data->ssl.conn); 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return data->state == SUCCESS || data->state == FAILURE; 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData; 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->state != SUCCESS) 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "client EAP encryption", 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_TLS_KEY_LEN); 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (eapKeyData) { 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *len = EAP_TLS_KEY_LEN; 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key", 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eapKeyData, EAP_TLS_KEY_LEN); 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key"); 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return eapKeyData; 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData, *emsk; 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (data->state != SUCCESS) 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "client EAP encryption", 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 3358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (eapKeyData) { 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt emsk = os_malloc(EAP_EMSK_LEN); 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (emsk) 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, 3398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_EMSK_LEN); 340fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt emsk = NULL; 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (emsk) { 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *len = EAP_EMSK_LEN; 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK", 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt emsk, EAP_EMSK_LEN); 3488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 3498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK"); 3508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 3518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return emsk; 3538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 3548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv) 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_tls_data *data = priv; 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return data->state == SUCCESS; 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 3618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 363fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 364fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{ 365fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt struct eap_tls_data *data = priv; 366fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt 367fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt if (data->state != SUCCESS) 368fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt return NULL; 369fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt 370fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TLS, 371fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt len); 372fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt} 373fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt 374fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt 3758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_server_tls_register(void) 3768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 3778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method *eap; 3788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 3808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS"); 3818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (eap == NULL) 3828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return -1; 3838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->init = eap_tls_init; 3858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->reset = eap_tls_reset; 3868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->buildReq = eap_tls_buildReq; 3878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->check = eap_tls_check; 3888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->process = eap_tls_process; 3898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->isDone = eap_tls_isDone; 3908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->getKey = eap_tls_getKey; 3918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->isSuccess = eap_tls_isSuccess; 3928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap->get_emsk = eap_tls_get_emsk; 393fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt eap->getSessionId = eap_tls_get_session_id; 3948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3951d6bf427f4769edb60865a3999d01eeb8f8fcb19Dmitry Shmidt return eap_server_method_register(eap); 3968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 39761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 39861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 39961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt#ifdef EAP_SERVER_UNAUTH_TLS 40061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidtint eap_server_unauth_tls_register(void) 40161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt{ 40261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct eap_method *eap; 40361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 40461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 40561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt EAP_VENDOR_UNAUTH_TLS, 40661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt EAP_VENDOR_TYPE_UNAUTH_TLS, 40761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt "UNAUTH-TLS"); 40861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (eap == NULL) 40961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return -1; 41061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 41161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->init = eap_unauth_tls_init; 41261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->reset = eap_tls_reset; 41361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->buildReq = eap_tls_buildReq; 41461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->check = eap_tls_check; 41561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->process = eap_tls_process; 41661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->isDone = eap_tls_isDone; 41761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->getKey = eap_tls_getKey; 41861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->isSuccess = eap_tls_isSuccess; 41961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt eap->get_emsk = eap_tls_get_emsk; 42061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 4211d6bf427f4769edb60865a3999d01eeb8f8fcb19Dmitry Shmidt return eap_server_method_register(eap); 42261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt} 42361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt#endif /* EAP_SERVER_UNAUTH_TLS */ 424f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 425f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 426f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt#ifdef CONFIG_HS20 427f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidtint eap_server_wfa_unauth_tls_register(void) 428f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt{ 429f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt struct eap_method *eap; 430f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 431f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 432f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt EAP_VENDOR_WFA_NEW, 433f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt EAP_VENDOR_WFA_UNAUTH_TLS, 434f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt "WFA-UNAUTH-TLS"); 435f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt if (eap == NULL) 436f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt return -1; 437f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 438f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->init = eap_wfa_unauth_tls_init; 439f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->reset = eap_tls_reset; 440f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->buildReq = eap_tls_buildReq; 441f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->check = eap_tls_check; 442f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->process = eap_tls_process; 443f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->isDone = eap_tls_isDone; 444f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->getKey = eap_tls_getKey; 445f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->isSuccess = eap_tls_isSuccess; 446f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt eap->get_emsk = eap_tls_get_emsk; 447f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 4481d6bf427f4769edb60865a3999d01eeb8f8fcb19Dmitry Shmidt return eap_server_method_register(eap); 449f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt} 450f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt#endif /* CONFIG_HS20 */ 451