2
* EAP peer method: EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
3
* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
23
* eap_tlv_build_nak - Build EAP-TLV NAK message
24
* @id: EAP identifier for the header
25
* @nak_type: TLV type (EAP_TLV_*)
26
* Returns: Buffer to the allocated EAP-TLV NAK message or %NULL on failure
28
* This funtion builds an EAP-TLV NAK message. The caller is responsible for
29
* freeing the returned buffer.
31
struct wpabuf * eap_tlv_build_nak(int id, u16 nak_type)
35
msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, 10,
36
EAP_CODE_RESPONSE, id);
40
wpabuf_put_u8(msg, 0x80); /* Mandatory */
41
wpabuf_put_u8(msg, EAP_TLV_NAK_TLV);
42
wpabuf_put_be16(msg, 6); /* Length */
43
wpabuf_put_be32(msg, 0); /* Vendor-Id */
44
wpabuf_put_be16(msg, nak_type); /* NAK-Type */
51
* eap_tlv_build_result - Build EAP-TLV Result message
52
* @id: EAP identifier for the header
53
* @status: Status (EAP_TLV_RESULT_SUCCESS or EAP_TLV_RESULT_FAILURE)
54
* Returns: Buffer to the allocated EAP-TLV Result message or %NULL on failure
56
* This funtion builds an EAP-TLV Result message. The caller is responsible for
57
* freeing the returned buffer.
59
struct wpabuf * eap_tlv_build_result(int id, u16 status)
63
msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, 6,
64
EAP_CODE_RESPONSE, id);
68
wpabuf_put_u8(msg, 0x80); /* Mandatory */
69
wpabuf_put_u8(msg, EAP_TLV_RESULT_TLV);
70
wpabuf_put_be16(msg, 2); /* Length */
71
wpabuf_put_be16(msg, status); /* Status */
78
* eap_tlv_process - Process a received EAP-TLV message and generate a response
79
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
80
* @ret: Return values from EAP request validation and processing
81
* @req: EAP-TLV request to be processed. The caller must have validated that
82
* the buffer is large enough to contain full request (hdr->length bytes) and
83
* that the EAP type is EAP_TYPE_TLV.
84
* @resp: Buffer to return a pointer to the allocated response message. This
85
* field should be initialized to %NULL before the call. The value will be
86
* updated if a response message is generated. The caller is responsible for
87
* freeing the allocated message.
88
* @force_failure: Force negotiation to fail
89
* Returns: 0 on success, -1 on failure
91
int eap_tlv_process(struct eap_sm *sm, struct eap_method_ret *ret,
92
const struct wpabuf *req, struct wpabuf **resp,
97
const u8 *result_tlv = NULL;
98
size_t result_tlv_len = 0;
99
int tlv_type, mandatory;
102
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, req, &left);
105
wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left);
107
mandatory = !!(pos[0] & 0x80);
108
tlv_type = WPA_GET_BE16(pos) & 0x3fff;
110
tlv_len = WPA_GET_BE16(pos);
113
if (tlv_len > left) {
114
wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun "
115
"(tlv_len=%lu left=%lu)",
116
(unsigned long) tlv_len,
117
(unsigned long) left);
121
case EAP_TLV_RESULT_TLV:
123
result_tlv_len = tlv_len;
126
wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type "
128
mandatory ? " (mandatory)" : "");
130
/* NAK TLV and ignore all TLVs in this packet.
132
*resp = eap_tlv_build_nak(eap_get_id(req),
134
return *resp == NULL ? -1 : 0;
136
/* Ignore this TLV, but process other TLVs */
144
wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in "
145
"Request (left=%lu)", (unsigned long) left);
149
/* Process supported TLVs */
151
int status, resp_status;
152
wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV",
153
result_tlv, result_tlv_len);
154
if (result_tlv_len < 2) {
155
wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV "
157
(unsigned long) result_tlv_len);
160
status = WPA_GET_BE16(result_tlv);
161
if (status == EAP_TLV_RESULT_SUCCESS) {
162
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
163
"- EAP-TLV/Phase2 Completed");
165
wpa_printf(MSG_INFO, "EAP-TLV: Earlier failure"
166
" - force failed Phase 2");
167
resp_status = EAP_TLV_RESULT_FAILURE;
168
ret->decision = DECISION_FAIL;
170
resp_status = EAP_TLV_RESULT_SUCCESS;
171
ret->decision = DECISION_UNCOND_SUCC;
173
} else if (status == EAP_TLV_RESULT_FAILURE) {
174
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure");
175
resp_status = EAP_TLV_RESULT_FAILURE;
176
ret->decision = DECISION_FAIL;
178
wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result "
179
"Status %d", status);
180
resp_status = EAP_TLV_RESULT_FAILURE;
181
ret->decision = DECISION_FAIL;
183
ret->methodState = METHOD_DONE;
185
*resp = eap_tlv_build_result(eap_get_id(req), resp_status);