2
* EAP peer method: EAP-EKE (RFC 6124)
3
* Copyright (c) 2013, Jouni Malinen <j@w1.fi>
5
* This software may be distributed under the terms of the BSD license.
6
* See README for more details.
12
#include "crypto/random.h"
13
#include "eap_peer/eap_i.h"
14
#include "eap_common/eap_eke_common.h"
18
IDENTITY, COMMIT, CONFIRM, SUCCESS, FAILURE
21
u8 emsk[EAP_EMSK_LEN];
26
u8 dh_priv[EAP_EKE_MAX_DH_LEN];
27
struct eap_eke_session sess;
28
u8 nonce_p[EAP_EKE_MAX_NONCE_LEN];
29
u8 nonce_s[EAP_EKE_MAX_NONCE_LEN];
31
u8 dhgroup; /* forced DH group or 0 to allow all supported */
32
u8 encr; /* forced encryption algorithm or 0 to allow all supported */
33
u8 prf; /* forced PRF or 0 to allow all supported */
34
u8 mac; /* forced MAC or 0 to allow all supported */
38
static const char * eap_eke_state_txt(int state)
57
static void eap_eke_state(struct eap_eke_data *data, int state)
59
wpa_printf(MSG_DEBUG, "EAP-EKE: %s -> %s",
60
eap_eke_state_txt(data->state), eap_eke_state_txt(state));
65
static void eap_eke_deinit(struct eap_sm *sm, void *priv);
68
static void * eap_eke_init(struct eap_sm *sm)
70
struct eap_eke_data *data;
71
const u8 *identity, *password;
72
size_t identity_len, password_len;
75
password = eap_get_config_password(sm, &password_len);
77
wpa_printf(MSG_INFO, "EAP-EKE: No password configured");
81
data = os_zalloc(sizeof(*data));
84
eap_eke_state(data, IDENTITY);
86
identity = eap_get_config_identity(sm, &identity_len);
88
data->peerid = os_malloc(identity_len);
89
if (data->peerid == NULL) {
90
eap_eke_deinit(sm, data);
93
os_memcpy(data->peerid, identity, identity_len);
94
data->peerid_len = identity_len;
97
phase1 = eap_get_config_phase1(sm);
101
pos = os_strstr(phase1, "dhgroup=");
103
data->dhgroup = atoi(pos + 8);
104
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced dhgroup %u",
108
pos = os_strstr(phase1, "encr=");
110
data->encr = atoi(pos + 5);
111
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced encr %u",
115
pos = os_strstr(phase1, "prf=");
117
data->prf = atoi(pos + 4);
118
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced prf %u",
122
pos = os_strstr(phase1, "mac=");
124
data->mac = atoi(pos + 4);
125
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced mac %u",
134
static void eap_eke_deinit(struct eap_sm *sm, void *priv)
136
struct eap_eke_data *data = priv;
137
eap_eke_session_clean(&data->sess);
138
os_free(data->serverid);
139
os_free(data->peerid);
140
wpabuf_free(data->msgs);
145
static struct wpabuf * eap_eke_build_msg(struct eap_eke_data *data, int id,
146
size_t length, u8 eke_exch)
153
msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_EKE, plen,
154
EAP_CODE_RESPONSE, id);
156
wpa_printf(MSG_ERROR, "EAP-EKE: Failed to allocate memory");
160
wpabuf_put_u8(msg, eke_exch);
166
static int eap_eke_supp_dhgroup(u8 dhgroup)
168
return dhgroup == EAP_EKE_DHGROUP_EKE_2 ||
169
dhgroup == EAP_EKE_DHGROUP_EKE_5 ||
170
dhgroup == EAP_EKE_DHGROUP_EKE_14 ||
171
dhgroup == EAP_EKE_DHGROUP_EKE_15 ||
172
dhgroup == EAP_EKE_DHGROUP_EKE_16;
176
static int eap_eke_supp_encr(u8 encr)
178
return encr == EAP_EKE_ENCR_AES128_CBC;
182
static int eap_eke_supp_prf(u8 prf)
184
return prf == EAP_EKE_PRF_HMAC_SHA1 ||
185
prf == EAP_EKE_PRF_HMAC_SHA2_256;
189
static int eap_eke_supp_mac(u8 mac)
191
return mac == EAP_EKE_MAC_HMAC_SHA1 ||
192
mac == EAP_EKE_MAC_HMAC_SHA2_256;
196
static struct wpabuf * eap_eke_build_fail(struct eap_eke_data *data,
197
struct eap_method_ret *ret,
198
const struct wpabuf *reqData,
203
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Failure/Response - code=0x%x",
206
resp = eap_eke_build_msg(data, eap_get_id(reqData), 4, EAP_EKE_FAILURE);
208
wpabuf_put_be32(resp, failure_code);
210
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
211
eap_eke_session_clean(&data->sess);
213
eap_eke_state(data, FAILURE);
214
ret->methodState = METHOD_DONE;
215
ret->decision = DECISION_FAIL;
216
ret->allowNotifications = FALSE;
222
static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data,
223
struct eap_method_ret *ret,
224
const struct wpabuf *reqData,
229
unsigned num_prop, i;
231
const u8 *prop = NULL;
234
if (data->state != IDENTITY) {
235
return eap_eke_build_fail(data, ret, reqData,
236
EAP_EKE_FAIL_PROTO_ERROR);
239
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-ID/Request");
241
if (payload_len < 2 + 4) {
242
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data");
243
return eap_eke_build_fail(data, ret, reqData,
244
EAP_EKE_FAIL_PROTO_ERROR);
248
end = payload + payload_len;
251
pos++; /* Ignore Reserved field */
253
if (pos + num_prop * 4 > end) {
254
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data (num_prop=%u)",
256
return eap_eke_build_fail(data, ret, reqData,
257
EAP_EKE_FAIL_PROTO_ERROR);
260
for (i = 0; i < num_prop; i++) {
263
wpa_printf(MSG_DEBUG, "EAP-EKE: Proposal #%u: dh=%u encr=%u prf=%u mac=%u",
264
i, pos[0], pos[1], pos[2], pos[3]);
267
if ((data->dhgroup && data->dhgroup != *tmp) ||
268
!eap_eke_supp_dhgroup(*tmp))
271
if ((data->encr && data->encr != *tmp) ||
272
!eap_eke_supp_encr(*tmp))
275
if ((data->prf && data->prf != *tmp) ||
276
!eap_eke_supp_prf(*tmp))
279
if ((data->mac && data->mac != *tmp) ||
280
!eap_eke_supp_mac(*tmp))
284
if (eap_eke_session_init(&data->sess, prop[0], prop[1], prop[2],
290
wpa_printf(MSG_DEBUG, "EAP-EKE: Selected proposal");
295
wpa_printf(MSG_DEBUG, "EAP-EKE: No acceptable proposal found");
296
return eap_eke_build_fail(data, ret, reqData,
297
EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN);
300
pos += (num_prop - i - 1) * 4;
303
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data to include IDType/Identity");
304
return eap_eke_build_fail(data, ret, reqData,
305
EAP_EKE_FAIL_PROTO_ERROR);
309
wpa_printf(MSG_DEBUG, "EAP-EKE: Server IDType %u", idtype);
310
wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Server Identity",
312
os_free(data->serverid);
313
data->serverid = os_malloc(end - pos);
314
if (data->serverid == NULL) {
315
return eap_eke_build_fail(data, ret, reqData,
316
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
318
os_memcpy(data->serverid, pos, end - pos);
319
data->serverid_len = end - pos;
321
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response");
323
resp = eap_eke_build_msg(data, eap_get_id(reqData),
324
2 + 4 + 1 + data->peerid_len,
327
return eap_eke_build_fail(data, ret, reqData,
328
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
331
wpabuf_put_u8(resp, 1); /* NumProposals */
332
wpabuf_put_u8(resp, 0); /* Reserved */
333
wpabuf_put_data(resp, prop, 4); /* Selected Proposal */
334
wpabuf_put_u8(resp, EAP_EKE_ID_NAI);
336
wpabuf_put_data(resp, data->peerid, data->peerid_len);
338
wpabuf_free(data->msgs);
339
data->msgs = wpabuf_alloc(wpabuf_len(reqData) + wpabuf_len(resp));
340
if (data->msgs == NULL) {
342
return eap_eke_build_fail(data, ret, reqData,
343
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
345
wpabuf_put_buf(data->msgs, reqData);
346
wpabuf_put_buf(data->msgs, resp);
348
eap_eke_state(data, COMMIT);
354
static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
355
struct eap_eke_data *data,
356
struct eap_method_ret *ret,
357
const struct wpabuf *reqData,
362
const u8 *pos, *end, *dhcomp;
365
u8 key[EAP_EKE_MAX_KEY_LEN];
366
u8 pub[EAP_EKE_MAX_DH_LEN];
370
if (data->state != COMMIT) {
371
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
372
return eap_eke_build_fail(data, ret, reqData,
373
EAP_EKE_FAIL_PROTO_ERROR);
376
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Commit/Request");
378
password = eap_get_config_password(sm, &password_len);
379
if (password == NULL) {
380
wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
381
return eap_eke_build_fail(data, ret, reqData,
382
EAP_EKE_FAIL_PASSWD_NOT_FOUND);
386
end = payload + payload_len;
388
if (pos + data->sess.dhcomp_len > end) {
389
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
390
return eap_eke_build_fail(data, ret, reqData,
391
EAP_EKE_FAIL_PROTO_ERROR);
394
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_S",
395
pos, data->sess.dhcomp_len);
397
pos += data->sess.dhcomp_len;
398
wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
401
* temp = prf(0+, password)
402
* key = prf+(temp, ID_S | ID_P)
404
if (eap_eke_derive_key(&data->sess, password, password_len,
405
data->serverid, data->serverid_len,
406
data->peerid, data->peerid_len, key) < 0) {
407
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
408
return eap_eke_build_fail(data, ret, reqData,
409
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
413
* y_p = g ^ x_p (mod p)
414
* x_p = random number 2 .. p-1
416
if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
417
wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
418
os_memset(key, 0, sizeof(key));
419
return eap_eke_build_fail(data, ret, reqData,
420
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
423
if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
425
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
426
os_memset(key, 0, sizeof(key));
427
return eap_eke_build_fail(data, ret, reqData,
428
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
431
if (eap_eke_derive_ke_ki(&data->sess,
432
data->serverid, data->serverid_len,
433
data->peerid, data->peerid_len) < 0) {
434
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
435
os_memset(key, 0, sizeof(key));
436
return eap_eke_build_fail(data, ret, reqData,
437
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
440
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
442
resp = eap_eke_build_msg(data, eap_get_id(reqData),
443
data->sess.dhcomp_len + data->sess.pnonce_len,
446
os_memset(key, 0, sizeof(key));
447
return eap_eke_build_fail(data, ret, reqData,
448
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
451
/* DHComponent_P = Encr(key, y_p) */
452
rpos = wpabuf_put(resp, data->sess.dhcomp_len);
453
if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
454
wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_S");
455
os_memset(key, 0, sizeof(key));
456
return eap_eke_build_fail(data, ret, reqData,
457
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
459
os_memset(key, 0, sizeof(key));
461
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
462
rpos, data->sess.dhcomp_len);
464
if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
466
return eap_eke_build_fail(data, ret, reqData,
467
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
469
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
470
data->nonce_p, data->sess.nonce_len);
471
prot_len = wpabuf_tailroom(resp);
472
if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
473
wpabuf_put(resp, 0), &prot_len) < 0) {
475
return eap_eke_build_fail(data, ret, reqData,
476
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
478
wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
479
wpabuf_put(resp, 0), prot_len);
480
wpabuf_put(resp, prot_len);
484
if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
487
return eap_eke_build_fail(data, ret, reqData,
488
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
490
wpabuf_put_buf(data->msgs, reqData);
491
wpabuf_put_buf(data->msgs, resp);
493
eap_eke_state(data, CONFIRM);
499
static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
500
struct eap_method_ret *ret,
501
const struct wpabuf *reqData,
508
u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
509
u8 auth_s[EAP_EKE_MAX_HASH_LEN];
513
if (data->state != CONFIRM) {
514
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
516
return eap_eke_build_fail(data, ret, reqData,
517
EAP_EKE_FAIL_PROTO_ERROR);
520
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Confirm/Request");
523
end = payload + payload_len;
525
if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
526
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
527
return eap_eke_build_fail(data, ret, reqData,
528
EAP_EKE_FAIL_PROTO_ERROR);
531
decrypt_len = sizeof(nonces);
532
if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
533
nonces, &decrypt_len) < 0) {
534
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
535
return eap_eke_build_fail(data, ret, reqData,
536
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
538
if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
539
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
540
return eap_eke_build_fail(data, ret, reqData,
541
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
543
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
544
nonces, 2 * data->sess.nonce_len);
545
if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
546
wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match trnsmitted Nonce_P");
547
return eap_eke_build_fail(data, ret, reqData,
548
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
551
os_memcpy(data->nonce_s, nonces + data->sess.nonce_len,
552
data->sess.nonce_len);
553
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
554
data->nonce_s, data->sess.nonce_len);
556
if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
557
data->peerid, data->peerid_len,
558
data->nonce_p, data->nonce_s) < 0) {
559
return eap_eke_build_fail(data, ret, reqData,
560
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
563
if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
565
return eap_eke_build_fail(data, ret, reqData,
566
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
568
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
569
if (os_memcmp(auth_s, pos + data->sess.pnonce_ps_len,
570
data->sess.prf_len) != 0) {
571
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
572
return eap_eke_build_fail(data, ret, reqData,
573
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
576
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
578
resp = eap_eke_build_msg(data, eap_get_id(reqData),
579
data->sess.pnonce_len + data->sess.prf_len,
582
return eap_eke_build_fail(data, ret, reqData,
583
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
586
prot_len = wpabuf_tailroom(resp);
587
if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
588
wpabuf_put(resp, 0), &prot_len) < 0) {
590
return eap_eke_build_fail(data, ret, reqData,
591
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
593
wpabuf_put(resp, prot_len);
595
auth = wpabuf_put(resp, data->sess.prf_len);
596
if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
598
return eap_eke_build_fail(data, ret, reqData,
599
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
601
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
603
if (eap_eke_derive_msk(&data->sess, data->serverid, data->serverid_len,
604
data->peerid, data->peerid_len,
605
data->nonce_s, data->nonce_p,
606
data->msk, data->emsk) < 0) {
607
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
609
return eap_eke_build_fail(data, ret, reqData,
610
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
613
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
614
eap_eke_session_clean(&data->sess);
616
eap_eke_state(data, SUCCESS);
617
ret->methodState = METHOD_MAY_CONT;
618
ret->decision = DECISION_COND_SUCC;
619
ret->allowNotifications = FALSE;
625
static struct wpabuf * eap_eke_process_failure(struct eap_eke_data *data,
626
struct eap_method_ret *ret,
627
const struct wpabuf *reqData,
631
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Failure/Request");
633
if (payload_len < 4) {
634
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Failure");
637
code = WPA_GET_BE32(payload);
638
wpa_printf(MSG_INFO, "EAP-EKE: Failure-Code 0x%x", code);
641
return eap_eke_build_fail(data, ret, reqData, EAP_EKE_FAIL_NO_ERROR);
645
static struct wpabuf * eap_eke_process(struct eap_sm *sm, void *priv,
646
struct eap_method_ret *ret,
647
const struct wpabuf *reqData)
649
struct eap_eke_data *data = priv;
655
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, reqData, &len);
656
if (pos == NULL || len < 1) {
664
wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: exch %d", eke_exch);
665
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Received Data", pos, end - pos);
668
ret->methodState = METHOD_MAY_CONT;
669
ret->decision = DECISION_FAIL;
670
ret->allowNotifications = TRUE;
674
resp = eap_eke_process_id(data, ret, reqData, pos, end - pos);
677
resp = eap_eke_process_commit(sm, data, ret, reqData,
680
case EAP_EKE_CONFIRM:
681
resp = eap_eke_process_confirm(data, ret, reqData,
684
case EAP_EKE_FAILURE:
685
resp = eap_eke_process_failure(data, ret, reqData,
689
wpa_printf(MSG_DEBUG, "EAP-EKE: Ignoring message with unknown EKE-Exch %d", eke_exch);
694
if (ret->methodState == METHOD_DONE)
695
ret->allowNotifications = FALSE;
701
static Boolean eap_eke_isKeyAvailable(struct eap_sm *sm, void *priv)
703
struct eap_eke_data *data = priv;
704
return data->state == SUCCESS;
708
static u8 * eap_eke_getKey(struct eap_sm *sm, void *priv, size_t *len)
710
struct eap_eke_data *data = priv;
713
if (data->state != SUCCESS)
716
key = os_malloc(EAP_MSK_LEN);
719
os_memcpy(key, data->msk, EAP_MSK_LEN);
726
static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
728
struct eap_eke_data *data = priv;
731
if (data->state != SUCCESS)
734
key = os_malloc(EAP_EMSK_LEN);
737
os_memcpy(key, data->emsk, EAP_EMSK_LEN);
744
int eap_peer_eke_register(void)
746
struct eap_method *eap;
749
eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
750
EAP_VENDOR_IETF, EAP_TYPE_EKE, "EKE");
754
eap->init = eap_eke_init;
755
eap->deinit = eap_eke_deinit;
756
eap->process = eap_eke_process;
757
eap->isKeyAvailable = eap_eke_isKeyAvailable;
758
eap->getKey = eap_eke_getKey;
759
eap->get_emsk = eap_eke_get_emsk;
761
ret = eap_peer_method_register(eap);
763
eap_peer_method_free(eap);