1930 } |
1930 } |
1931 break; |
1931 break; |
1932 } |
1932 } |
1933 case tls_completion_action_complete_create_handshake_type_client_key_exchange: |
1933 case tls_completion_action_complete_create_handshake_type_client_key_exchange: |
1934 { |
1934 { |
1935 if (cipher_suite_is_TLS_RSA() == true |
1935 if ((cipher_suite_is_TLS_RSA() == true |
1936 && m_own_encrypted_premaster_secret.get_is_valid_data() == true |
1936 && m_own_encrypted_premaster_secret.get_is_valid_data() == true) |
1937 || ((cipher_suite_is_TLS_DHE_DSS() == true |
1937 || ((cipher_suite_is_TLS_DHE_DSS() == true |
1938 || cipher_suite_is_TLS_DHE_RSA() == true |
1938 || cipher_suite_is_TLS_DHE_RSA() == true |
1939 #if defined(USE_FAST_EAP_TYPE) |
1939 #if defined(USE_FAST_EAP_TYPE) |
1940 || (m_eap_type == eap_type_fast |
1940 || (m_eap_type == eap_type_fast |
1941 && m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP == true |
1941 && m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP == true |
3416 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3416 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3417 |
3417 |
3418 EAP_TRACE_ALWAYS( |
3418 EAP_TRACE_ALWAYS( |
3419 m_am_tools, |
3419 m_am_tools, |
3420 TRACE_FLAGS_DEFAULT, |
3420 TRACE_FLAGS_DEFAULT, |
3421 (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0x%08x: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), |
3421 (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0xfe%06x%08x=%s: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), |
3422 this, |
3422 this, |
3423 (m_is_client == true ? "client": "server"), |
3423 (m_is_client == true ? "client": "server"), |
3424 convert_eap_type_to_u32_t(m_eap_type), |
3424 m_eap_type.get_vendor_id(), |
|
3425 m_eap_type.get_vendor_type(), |
|
3426 eap_header_string_c::get_eap_type_string(m_eap_type), |
3425 m_tls_session_type, |
3427 m_tls_session_type, |
3426 eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type), |
3428 eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type), |
3427 m_tls_peap_state, |
3429 m_tls_peap_state, |
3428 eap_tls_trace_string_c::get_state_string(m_tls_peap_state), |
3430 eap_tls_trace_string_c::get_state_string(m_tls_peap_state), |
3429 eap_state_notification_c::get_state_string(state->get_protocol_layer(), state->get_current_state()))); |
3431 eap_state_notification_c::get_state_string(state->get_protocol_layer(), state->get_current_state()))); |
3564 { |
3566 { |
3565 EAP_TRACE_ALWAYS( |
3567 EAP_TRACE_ALWAYS( |
3566 m_am_tools, |
3568 m_am_tools, |
3567 TRACE_FLAGS_DEFAULT, |
3569 TRACE_FLAGS_DEFAULT, |
3568 (EAPL("%s: tls_record_c::state_notification(): ") |
3570 (EAPL("%s: tls_record_c::state_notification(): ") |
3569 EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0x%08x\n"), |
3571 EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0xfe%06x%08x=%s\n"), |
3570 (m_is_client == true ? "client": "server"), |
3572 (m_is_client == true ? "client": "server"), |
3571 convert_eap_type_to_u32_t(m_eap_type))); |
3573 m_eap_type.get_vendor_id(), |
|
3574 m_eap_type.get_vendor_type(), |
|
3575 eap_header_string_c::get_eap_type_string(m_eap_type))); |
3572 } |
3576 } |
3573 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
3577 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
3574 |
3578 |
3575 } |
3579 } |
3576 |
3580 |
3620 |
3624 |
3621 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3625 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3622 return get_type_partner()->cancel_timer( |
3626 return get_type_partner()->cancel_timer( |
3623 initializer, |
3627 initializer, |
3624 id); |
3628 id); |
3625 } |
|
3626 |
|
3627 //-------------------------------------------------- |
|
3628 |
|
3629 // This is commented in abs_tls_base_application_c. |
|
3630 EAP_FUNC_EXPORT eap_status_e tls_record_c::cancel_all_timers() |
|
3631 { |
|
3632 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3633 |
|
3634 if (get_type_partner() == 0) |
|
3635 { |
|
3636 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3637 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
3638 } |
|
3639 |
|
3640 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3641 return get_type_partner()->cancel_all_timers(); |
|
3642 } |
3629 } |
3643 |
3630 |
3644 //-------------------------------------------------- |
3631 //-------------------------------------------------- |
3645 |
3632 |
3646 // This is commented in abs_tls_base_application_c. |
3633 // This is commented in abs_tls_base_application_c. |
8862 if (status != eap_status_ok) |
8849 if (status != eap_status_ok) |
8863 { |
8850 { |
8864 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8851 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8865 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8852 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8866 } |
8853 } |
|
8854 |
|
8855 { |
|
8856 for (u32_t ind = 0ul; ind < m_peer_certificate_types.get_object_count(); ++ind) |
|
8857 { |
|
8858 const u8_t * const certificate_type = m_peer_certificate_types.get_object(ind); |
|
8859 if (certificate_type != 0) |
|
8860 { |
|
8861 EAP_TRACE_DEBUG( |
|
8862 m_am_tools, |
|
8863 TRACE_FLAGS_DEFAULT, |
|
8864 (EAPL("peer certificate type %d=0x%02x\n"), |
|
8865 *certificate_type, |
|
8866 *certificate_type)); |
|
8867 } |
|
8868 } |
|
8869 } |
8867 } |
8870 } |
8868 |
8871 |
8869 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
8872 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
8870 |
8873 |
8871 { |
8874 { |
8886 false); |
8889 false); |
8887 if (status != eap_status_ok) |
8890 if (status != eap_status_ok) |
8888 { |
8891 { |
8889 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8892 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8890 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8893 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
|
8894 } |
|
8895 |
|
8896 { |
|
8897 for (u32_t ind = 0ul; ind < m_peer_certificate_authorities.get_object_count(); ++ind) |
|
8898 { |
|
8899 const eap_variable_data_c * const ca_authority = m_peer_certificate_authorities.get_object(ind); |
|
8900 if (ca_authority != 0) |
|
8901 { |
|
8902 EAP_TRACE_DATA_DEBUG( |
|
8903 m_am_tools, |
|
8904 EAP_TRACE_FLAGS_MESSAGE_DATA, |
|
8905 (EAPL("peer CA-authority"), |
|
8906 ca_authority->get_data(), |
|
8907 ca_authority->get_data_length())); |
|
8908 } |
|
8909 } |
8891 } |
8910 } |
8892 } |
8911 } |
8893 |
8912 |
8894 m_tls_peap_server_requested_client_certificate = true; |
8913 m_tls_peap_server_requested_client_certificate = true; |
8895 |
8914 |
12316 { |
12335 { |
12317 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12336 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12318 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12337 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12319 } |
12338 } |
12320 |
12339 |
|
12340 // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. |
|
12341 block_algorithm_remove.do_not_free_variable(); |
|
12342 |
12321 *member_cbc_crypto_block_algorithm = new crypto_cbc_c( |
12343 *member_cbc_crypto_block_algorithm = new crypto_cbc_c( |
12322 m_am_tools, |
12344 m_am_tools, |
12323 crypto_block_algorithm, |
12345 crypto_block_algorithm, |
12324 true); |
12346 true); |
12325 |
12347 |
12326 if (*member_cbc_crypto_block_algorithm == 0 |
12348 if (*member_cbc_crypto_block_algorithm == 0 |
12327 || (*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
12349 || (*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
12328 { |
|
12329 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
12330 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
12331 } |
|
12332 |
|
12333 // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. |
|
12334 block_algorithm_remove.do_not_free_variable(); |
|
12335 |
|
12336 if ((*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
|
12337 { |
12350 { |
12338 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12351 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12339 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12352 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12340 } |
12353 } |
12341 |
12354 |
16645 #if defined(USE_FAST_EAP_TYPE) |
16658 #if defined(USE_FAST_EAP_TYPE) |
16646 if (m_is_client == false |
16659 if (m_is_client == false |
16647 && m_eap_type == eap_type_fast |
16660 && m_eap_type == eap_type_fast |
16648 && m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption) |
16661 && m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption) |
16649 { |
16662 { |
|
16663 if (m_application == 0) |
|
16664 { |
|
16665 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
16666 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
16667 } |
|
16668 |
16650 // This is server. |
16669 // This is server. |
16651 // EAP-FAST is using Tunnel PAC. |
16670 // EAP-FAST is using Tunnel PAC. |
16652 // Here we cannot start tunneled authentication immediately |
16671 // Here we cannot start tunneled authentication immediately |
16653 // because client migth have sent a User Authorization PAC. |
16672 // because client migth have sent a User Authorization PAC. |
16654 // We must process the optional TLS Application message(s) |
16673 // We must process the optional TLS Application message(s) |
16736 return EAP_STATUS_RETURN(m_am_tools, notification_status); |
16755 return EAP_STATUS_RETURN(m_am_tools, notification_status); |
16737 } |
16756 } |
16738 } |
16757 } |
16739 } |
16758 } |
16740 else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none |
16759 else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none |
16741 || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs) |
16760 #if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
|
16761 || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs |
|
16762 #endif |
|
16763 ) |
16742 { |
16764 { |
16743 if ((m_eap_type == eap_type_peap |
16765 if ((m_eap_type == eap_type_peap |
16744 && m_peap_version >= peap_version_0_xp |
16766 && m_peap_version >= peap_version_0_xp |
16745 && m_peap_version <= peap_version_2) |
16767 && m_peap_version <= peap_version_2) |
16746 || m_eap_type == eap_type_ttls |
16768 || m_eap_type == eap_type_ttls |
19038 || certificate_chain == 0 |
19060 || certificate_chain == 0 |
19039 || certificate_chain->get_object_count() == 0) |
19061 || certificate_chain->get_object_count() == 0) |
19040 { |
19062 { |
19041 if (completion_status != eap_status_ok) |
19063 if (completion_status != eap_status_ok) |
19042 { |
19064 { |
19043 (void)EAP_STATUS_RETURN(m_am_tools, completion_status); |
19065 EAP_TRACE_DEBUG( |
|
19066 m_am_tools, |
|
19067 TRACE_FLAGS_DEFAULT, |
|
19068 (EAPL("WARNING: TLS: this = 0x%08x, %s: message_function: starts: tls_record_c::complete_query_certificate_chain(): No certificate chain configured.\n"), |
|
19069 this, |
|
19070 (m_is_client == true ? "client": "server"))); |
19044 } |
19071 } |
19045 |
19072 |
19046 if (m_is_client == false) |
19073 if (m_is_client == false) |
19047 { |
19074 { |
19048 // Server fails immediately. |
19075 // Server fails immediately. |