Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

EAP-TLS server: Add support for session resumption

This allows TLS session resumption to be used to enable abbreviated
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 9 ans
Parent
b6f2ae3b5b
commit
7f417feaa1
1 fichiers modifiés avec 50 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 50 1
      src/eap_server/eap_server_tls.c

+ 50 - 1
src/eap_server/eap_server_tls.c
Voir le fichier 

@@ -48,6 +48,23 @@ static void eap_tls_state(struct eap_tls_data *data, int state)
 
 		   eap_tls_state_txt(data->state),
 
 		   eap_tls_state_txt(state));
 
 	data->state = state;
 
+	if (state == FAILURE)
 
+		tls_connection_remove_session(data->ssl.conn);
 
+}
 
+
 
+
 
+static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
 
+{
 
+	struct wpabuf *buf;
 
+
 
+	if (!sm->tls_session_lifetime)
 
+		return;
 
+
 
+	buf = wpabuf_alloc(1);
 
+	if (!buf)
 
+		return;
 
+	wpabuf_put_u8(buf, data->eap_type);
 
+	tls_connection_set_success_data(data->ssl.conn, buf);
 
 }
 
 
 
@@ -184,6 +201,7 @@ check_established:
 
 		 * fragments waiting to be sent out. */
 
 		wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
 
 		eap_tls_state(data, SUCCESS);
 
+		eap_tls_valid_session(sm, data);
 
 	}
 
 
 	return res;
 
@@ -235,10 +253,41 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
 
 			    struct wpabuf *respData)
 
 {
 
 	struct eap_tls_data *data = priv;
 
+	const struct wpabuf *buf;
 
+	const u8 *pos;
 
+
 
 	if (eap_server_tls_process(sm, &data->ssl, respData, data,
 
 				   data->eap_type, NULL, eap_tls_process_msg) <
 
-	    0)
 
+	    0) {
 
 		eap_tls_state(data, FAILURE);
 
+		return;
 
+	}
 
+
 
+	if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
 
+	    !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
 
+		return;
 
+
 
+	buf = tls_connection_get_success_data(data->ssl.conn);
 
+	if (!buf || wpabuf_len(buf) < 1) {
 
+		wpa_printf(MSG_DEBUG,
 
+			   "EAP-TLS: No success data in resumed session - reject attempt");
 
+		eap_tls_state(data, FAILURE);
 
+		return;
 
+	}
 
+
 
+	pos = wpabuf_head(buf);
 
+	if (*pos != data->eap_type) {
 
+		wpa_printf(MSG_DEBUG,
 
+			   "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
 
+			   *pos);
 
+		eap_tls_state(data, FAILURE);
 
+		return;
 
+	}
 
+
 
+	wpa_printf(MSG_DEBUG,
 
+		   "EAP-TLS: Resuming previous session");
 
+	eap_tls_state(data, SUCCESS);
 
+	tls_connection_set_success_data_resumed(data->ssl.conn);
 
 }