2  * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
13 #include "crypto/tls.h"
174 		 * handle the TLS Session Ticket extension (they are supposed  in eap_tls_params_from_conf()
175 		 * to ignore unrecognized TLS extensions, but end up rejecting  in eap_tls_params_from_conf()
177 		 * TLS Sesson Ticket extension for EAP-TLS, EAP-PEAP, and  in eap_tls_params_from_conf()
184 		/* RFC 7170 requires TLS v1.2 or newer to be used with TEAP */  in eap_tls_params_from_conf()
195 		 * TLS v1.3 changes, so disable this by default for now. */  in eap_tls_params_from_conf()
202 		/* While the current EAP-TLS implementation is more or less  in eap_tls_params_from_conf()
203 		 * complete for TLS v1.3, there has been only minimal  in eap_tls_params_from_conf()
207 		 * with TLS version update.  in eap_tls_params_from_conf()
213 		wpa_printf(MSG_DEBUG, "TLS: using machine config options");  in eap_tls_params_from_conf()
216 		wpa_printf(MSG_DEBUG, "TLS: using phase2 config options");  in eap_tls_params_from_conf()
219 		wpa_printf(MSG_DEBUG, "TLS: using phase1 config options");  in eap_tls_params_from_conf()
264 		wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "  in eap_tls_init_connection()
277 			   "TLS: Bad PIN provided, requesting a new one");  in eap_tls_init_connection()
283 		wpa_printf(MSG_INFO, "TLS: Failed to initialize engine");  in eap_tls_init_connection()
285 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");  in eap_tls_init_connection()
289 		wpa_printf(MSG_INFO, "TLS: Failed to set TLS connection "  in eap_tls_init_connection()
301  * eap_peer_tls_ssl_init - Initialize shared TLS functionality
303  * @data: Data for TLS processing
308  * This function is used to initialize shared TLS functionality for EAP-TLS,
333 		/* Limit the fragment size in the inner TLS authentication  in eap_peer_tls_ssl_init()
342 		wpa_printf(MSG_DEBUG, "TLS: Include TLS Message Length in "  in eap_peer_tls_ssl_init()
352  * eap_peer_tls_ssl_deinit - Deinitialize shared TLS functionality
354  * @data: Data for TLS processing
356  * This function deinitializes shared TLS functionality that was initialized
368  * eap_peer_tls_derive_key - Derive a key based on TLS session data
370  * @data: Data for TLS processing
377  * This function uses TLS-PRF to generate pseudo-random data based on the TLS
406  * eap_peer_tls_derive_session_id - Derive a Session-Id based on TLS data
408  * @data: Data for TLS processing
413  * This function derive the Session-Id based on the TLS session data
430 		 * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",  in eap_peer_tls_derive_session_id()
470  * @data: Data for TLS processing
471  * @in_data: Next incoming TLS segment
499 		wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size over "  in eap_peer_tls_reassemble_fragment()
507 		wpa_printf(MSG_INFO, "SSL: more data than TLS message length "  in eap_peer_tls_reassemble_fragment()
514 		wpa_printf(MSG_INFO, "SSL: Could not allocate memory for TLS "  in eap_peer_tls_reassemble_fragment()
534  * eap_peer_tls_data_reassemble - Reassemble TLS data
535  * @data: Data for TLS processing
536  * @in_data: Next incoming TLS segment
538  * to reassemble this TLS packet
542  * This function reassembles TLS fragments. Caller must not free the returned
574  * eap_tls_process_input - Process incoming TLS message
576  * @data: Data for TLS processing
594 	/* Full TLS message reassembled - continue handshake processing */  in eap_tls_process_input()
624  * eap_tls_process_output - Process outgoing TLS message
625  * @data: Data for TLS processing
669 		 * Windows Server 2008 NPS really wants to have the TLS Message  in eap_tls_process_output()
704  * eap_peer_tls_process_helper - Process TLS handshake message
706  * @data: Data for TLS processing
715  * This function can be used to process TLS handshake messages. It reassembles
716  * the received fragments and uses a TLS library to process the messages. The
717  * response data from the TLS library is fragmented to suitable output messages
721  * function is 0, 2, or -1. In case of failure, the message is likely a TLS
725  * This function is called for each received TLS message during the TLS
727  * TLS Flags field. Once the handshake has been completed, i.e., when
770 			wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);  in eap_peer_tls_process_helper()
778 		 * and no new message generated. This indicates an error in TLS  in eap_peer_tls_process_helper()
786 		/* TLS processing has failed - return error */  in eap_peer_tls_process_helper()
801 		 * TLS negotiation should now be complete since all other cases  in eap_peer_tls_process_helper()
803 		 * the TLS Message Length field.  in eap_peer_tls_process_helper()
818  * eap_peer_tls_build_ack - Build a TLS ACK frame
840  * eap_peer_tls_reauth_init - Re-initialize shared TLS for session resumption
842  * @data: Data for TLS processing
854  * eap_peer_tls_status - Get TLS status
856  * @data: Data for TLS processing
876 			  "EAP TLS cipher=%s\n"  in eap_peer_tls_status()
891  * @data: Data for TLS processing
896  * @flags: Buffer for returning TLS flags
897  * Returns: Pointer to payload after TLS flags and length or %NULL on failure
899  * This function validates the EAP header and processes the optional TLS
900  * Message Length field. If this is the first fragment of a TLS message, the
901  * TLS reassembly code is initialized to receive the indicated number of bytes.
903  * EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST methods are expected to use this
924 		wpa_printf(MSG_INFO, "SSL: TLS errors detected");  in eap_peer_tls_process_init()
945 		wpa_printf(MSG_DEBUG, "SSL: Invalid TLS message: no Flags "  in eap_peer_tls_process_init()
964 			wpa_printf(MSG_INFO, "SSL: Short frame with TLS "  in eap_peer_tls_process_init()
970 		wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d",  in eap_peer_tls_process_init()
982 			wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "  in eap_peer_tls_process_init()
1002  * @data: Data for TLS processing
1017  * @data: Data for TLS processing
1031  * eap_peer_tls_decrypt - Decrypt received phase 2 TLS message
1033  * @data: Data for TLS processing
1060  * eap_peer_tls_encrypt - Encrypt phase 2 TLS message
1062  * @data: Data for TLS processing
1143 			wpa_printf(MSG_ERROR, "TLS: Unsupported Phase2 EAP "  in eap_peer_select_phase2_methods()
1172 		wpa_printf(MSG_ERROR, "TLS: No Phase2 EAP methods available");  in eap_peer_select_phase2_methods()
1175 	wpa_hexdump(MSG_DEBUG, "TLS: Phase2 EAP types",  in eap_peer_select_phase2_methods()
1201 	wpa_printf(MSG_DEBUG, "TLS: Phase 2 Request: Nak type=%d", *pos);  in eap_peer_tls_phase2_nak()
1202 	wpa_hexdump(MSG_DEBUG, "TLS: Allowed Phase2 EAP types",  in eap_peer_tls_phase2_nak()