Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf

The EAP-TLS-based helper functions can easily use struct wpabuf in more
places, so continue cleanup in that direction by replacing separate
pointer and length arguments with a single struct wpabuf argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
8d9f3b8ed6
commit
d36c803c69
6 changed files with 27 additions and 32 deletions
Split View Show Diff Stats
  1. 5 6
      src/eap_peer/eap_fast.c
  2. 5 6
      src/eap_peer/eap_peap.c
  3. 3 1
      src/eap_peer/eap_tls.c
  4. 6 10
      src/eap_peer/eap_tls_common.c
  5. 1 1
      src/eap_peer/eap_tls_common.h
  6. 7 8
      src/eap_peer/eap_ttls.c

+ 5 - 6
src/eap_peer/eap_fast.c
View File 

@@ -1528,6 +1528,7 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 
 	struct wpabuf *resp;
 
 	const u8 *pos;
 
 	struct eap_fast_data *data = priv;
 
+	struct wpabuf msg;
 
 
 	pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
 
 					reqData, &left, &flags);
 
@@ -1544,12 +1545,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 
 		left = 0; /* A-ID is not used in further packet processing */
 
 	}
 
 
+	wpabuf_set(&msg, pos, left);
 
+
 
 	resp = NULL;
 
 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
 
 	    !data->resuming) {
 
 		/* Process tunneled (encrypted) phase 2 data. */
 
-		struct wpabuf msg;
 
-		wpabuf_set(&msg, pos, left);
 
 		res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
 
 		if (res < 0) {
 
 			ret->methodState = METHOD_DONE;
 
@@ -1564,8 +1565,8 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 
 		/* Continue processing TLS handshake (phase 1). */
 
 		res = eap_peer_tls_process_helper(sm, &data->ssl,
 
 						  EAP_TYPE_FAST,
 
-						  data->fast_version, id, pos,
 
-						  left, &resp);
 
+						  data->fast_version, id, &msg,
 
+						  &resp);
 
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 
 			char cipher[80];
 
@@ -1589,14 +1590,12 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 
 		}
 
 
 		if (res == 2) {
 
-			struct wpabuf msg;
 
 			/*
 
 			 * Application data included in the handshake message.
 
 			 */
 
 			wpabuf_free(data->pending_phase2_req);
 
 			data->pending_phase2_req = resp;
 
 			resp = NULL;
 
-			wpabuf_set(&msg, pos, left);
 
 			res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
 
 		}
 
 	}

+ 5 - 6
src/eap_peer/eap_peap.c
View File 

@@ -968,6 +968,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 
 	struct wpabuf *resp;
 
 	const u8 *pos;
 
 	struct eap_peap_data *data = priv;
 
+	struct wpabuf msg;
 
 
 	pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
 
 					reqData, &left, &flags);
 
@@ -998,17 +999,17 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 
 			   * should always be, anyway */
 
 	}
 
 
+	wpabuf_set(&msg, pos, left);
 
+
 
 	resp = NULL;
 
 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
 
 	    !data->resuming) {
 
-		struct wpabuf msg;
 
-		wpabuf_set(&msg, pos, left);
 
 		res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
 
 	} else {
 
 		res = eap_peer_tls_process_helper(sm, &data->ssl,
 
 						  EAP_TYPE_PEAP,
 
-						  data->peap_version, id, pos,
 
-						  left, &resp);
 
+						  data->peap_version, id, &msg,
 
+						  &resp);
 
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 
 			char *label;
 
@@ -1077,14 +1078,12 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 
 		}
 
 
 		if (res == 2) {
 
-			struct wpabuf msg;
 
 			/*
 
 			 * Application data included in the handshake message.
 
 			 */
 
 			wpabuf_free(data->pending_phase2_req);
 
 			data->pending_phase2_req = resp;
 
 			resp = NULL;
 
-			wpabuf_set(&msg, pos, left);
 
 			res = eap_peap_decrypt(sm, data, ret, req, &msg,
 
 					       &resp);
 
 		}

+ 3 - 1
src/eap_peer/eap_tls.c
View File 

@@ -228,6 +228,7 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
 
 	u8 flags, id;
 
 	const u8 *pos;
 
 	struct eap_tls_data *data = priv;
 
+	struct wpabuf msg;
 
 
 	pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
 
 					reqData, &left, &flags);
 
@@ -242,8 +243,9 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
 
 	}
 
 
 	resp = NULL;
 
+	wpabuf_set(&msg, pos, left);
 
 	res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
 
-					  id, pos, left, &resp);
 
+					  id, &msg, &resp);
 
 
 	if (res < 0) {
 
 		return eap_tls_failure(sm, data, ret, res, resp, id);

+ 6 - 10
src/eap_peer/eap_tls_common.c
View File 

@@ -477,22 +477,19 @@ static const struct wpabuf * eap_peer_tls_data_reassemble(
 
  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
 
  * @data: Data for TLS processing
 
  * @in_data: Message received from the server
 
- * @in_len: Length of in_data
 
  * @out_data: Buffer for returning a pointer to application data (if available)
 
  * Returns: 0 on success, 1 if more input data is needed, 2 if application data
 
  * is available, -1 on failure
 
  */
 
 static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
 
-				 const u8 *in_data, size_t in_len,
 
+				 const struct wpabuf *in_data,
 
 				 struct wpabuf **out_data)
 
 {
 
 	const struct wpabuf *msg;
 
 	int need_more_input;
 
 	struct wpabuf *appl_data;
 
-	struct wpabuf buf;
 
 
-	wpabuf_set(&buf, in_data, in_len);
 
-	msg = eap_peer_tls_data_reassemble(data, &buf, &need_more_input);
 
+	msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input);
 
 	if (msg == NULL)
 
 		return need_more_input ? 1 : -1;
 
 
@@ -612,7 +609,6 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
 
  * @peap_version: Version number for EAP-PEAP/TTLS
 
  * @id: EAP identifier for the response
 
  * @in_data: Message received from the server
 
- * @in_len: Length of in_data
 
  * @out_data: Buffer for returning a pointer to the response message
 
  * Returns: 0 on success, 1 if more input data is needed, 2 if application data
 
  * is available, or -1 on failure
 
@@ -635,14 +631,15 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
 
  */
 
 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
 
 				EapType eap_type, int peap_version,
 
-				u8 id, const u8 *in_data, size_t in_len,
 
+				u8 id, const struct wpabuf *in_data,
 
 				struct wpabuf **out_data)
 
 {
 
 	int ret = 0;
 
 
 	*out_data = NULL;
 
 
-	if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) {
 
+	if (data->tls_out && wpabuf_len(data->tls_out) > 0 &&
 
+	    wpabuf_len(in_data) > 0) {
 
 		wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
 
 			   "fragments are waiting to be sent out");
 
 		return -1;
 
@@ -653,8 +650,7 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
 
 		 * No more data to send out - expect to receive more data from
 
 		 * the AS.
 
 		 */
 
-		int res = eap_tls_process_input(sm, data, in_data, in_len,
 
-						out_data);
 
+		int res = eap_tls_process_input(sm, data, in_data, out_data);
 
 		if (res) {
 
 			/*
 
 			 * Input processing failed (res = -1) or more data is

+ 1 - 1
src/eap_peer/eap_tls_common.h
View File 

@@ -100,7 +100,7 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
 
 				    size_t *len);
 
 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
 
 				EapType eap_type, int peap_version,
 
-				u8 id, const u8 *in_data, size_t in_len,
 
+				u8 id, const struct wpabuf *in_data,
 
 				struct wpabuf **out_data);
 
 struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
 
 				       int peap_version);

+ 7 - 8
src/eap_peer/eap_ttls.c
View File 

@@ -1385,14 +1385,14 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
 
 				      struct eap_ttls_data *data,
 
 				      struct eap_method_ret *ret,
 
 				      u8 identifier,
 
-				      const u8 *in_data, size_t in_len,
 
+				      const struct wpabuf *in_data,
 
 				      struct wpabuf **out_data)
 
 {
 
 	int res;
 
 
 	res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
 
 					  data->ttls_version, identifier,
 
-					  in_data, in_len, out_data);
 
+					  in_data, out_data);
 
 
 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 
 		wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
 
@@ -1419,15 +1419,13 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
 
 	}
 
 
 	if (res == 2) {
 
-		struct wpabuf msg;
 
 		/*
 
 		 * Application data included in the handshake message.
 
 		 */
 
 		wpabuf_free(data->pending_phase2_req);
 
 		data->pending_phase2_req = *out_data;
 
 		*out_data = NULL;
 
-		wpabuf_set(&msg, in_data, in_len);
 
-		res = eap_ttls_decrypt(sm, data, ret, identifier, &msg,
 
+		res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
 
 				       out_data);
 
 	}
 
 
@@ -1477,6 +1475,7 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
 
 	struct wpabuf *resp;
 
 	const u8 *pos;
 
 	struct eap_ttls_data *data = priv;
 
+	struct wpabuf msg;
 
 
 	pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
 
 					reqData, &left, &flags);
 
@@ -1497,15 +1496,15 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
 
 		left = 0;
 
 	}
 
 
+	wpabuf_set(&msg, pos, left);
 
+
 
 	resp = NULL;
 
 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
 
 	    !data->resuming) {
 
-		struct wpabuf msg;
 
-		wpabuf_set(&msg, pos, left);
 
 		res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
 
 	} else {
 
 		res = eap_ttls_process_handshake(sm, data, ret, id,
 
-						 pos, left, &resp);
 
+						 &msg, &resp);
 
 	}
 
 
 	eap_ttls_check_auth_status(sm, data, ret);