58 |
58 |
59 #define EAP_STATUS_RETURN_AND_CREATE_TLS_PROTOCOL_ALERT(tools, status) \ |
59 #define EAP_STATUS_RETURN_AND_CREATE_TLS_PROTOCOL_ALERT(tools, status) \ |
60 EAP_STATUS_RETURN(tools, eap_status_return_and_create_tls_protocol_alert((status))) |
60 EAP_STATUS_RETURN(tools, eap_status_return_and_create_tls_protocol_alert((status))) |
61 |
61 |
62 |
62 |
63 EAP_FUNC_EXPORT eap_status_e tls_record_c::eap_status_return_and_create_tls_protocol_alert( |
63 eap_status_e tls_record_c::eap_status_return_and_create_tls_protocol_alert( |
64 const eap_status_e status) |
64 const eap_status_e status) |
65 { |
65 { |
66 if (status != eap_status_ok |
66 if (status != eap_status_ok |
67 && status != eap_status_success |
67 && status != eap_status_success |
68 && status != eap_status_pending_request |
68 && status != eap_status_pending_request |
271 this, |
271 this, |
272 (m_is_client == true ? "client": "server"))); |
272 (m_is_client == true ? "client": "server"))); |
273 |
273 |
274 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_record_c::tls_record_c()"); |
274 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_record_c::tls_record_c()"); |
275 |
275 |
276 #if defined(USE_FAST_EAP_TYPE) |
|
277 EAP_TRACE_DEBUG( |
|
278 m_am_tools, |
|
279 TRACE_FLAGS_DEFAULT, |
|
280 (EAPL("TLS: tls_record_c::tls_record_c(): EAP-FAST enabled."))); |
|
281 #else |
|
282 EAP_TRACE_DEBUG( |
|
283 m_am_tools, |
|
284 TRACE_FLAGS_DEFAULT, |
|
285 (EAPL("TLS: tls_record_c::tls_record_c(): EAP-FAST disabled."))); |
|
286 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
287 |
|
288 if (receive_network_id == 0 |
276 if (receive_network_id == 0 |
289 || receive_network_id->get_is_valid_data() == false) |
277 || receive_network_id->get_is_valid_data() == false) |
290 { |
278 { |
291 // No need to delete anything here because it is done in destructor. |
279 // No need to delete anything here because it is done in destructor. |
292 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
280 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1200 return EAP_STATUS_RETURN(m_am_tools, status); |
1188 return EAP_STATUS_RETURN(m_am_tools, status); |
1201 } |
1189 } |
1202 |
1190 |
1203 //-------------------------------------------------- |
1191 //-------------------------------------------------- |
1204 |
1192 |
1205 EAP_FUNC_EXPORT void tls_record_c::send_error_notification(const eap_status_e error) |
1193 void tls_record_c::send_error_notification(const eap_status_e error) |
1206 { |
1194 { |
1207 // Notifies the lower level of an authentication error. |
1195 // Notifies the lower level of an authentication error. |
1208 |
1196 |
1209 eap_general_state_variable_e general_state_variable(eap_general_state_authentication_error); |
1197 eap_general_state_variable_e general_state_variable(eap_general_state_authentication_error); |
1210 |
1198 |
1942 } |
1930 } |
1943 break; |
1931 break; |
1944 } |
1932 } |
1945 case tls_completion_action_complete_create_handshake_type_client_key_exchange: |
1933 case tls_completion_action_complete_create_handshake_type_client_key_exchange: |
1946 { |
1934 { |
1947 if ((cipher_suite_is_TLS_RSA() == true |
1935 if (cipher_suite_is_TLS_RSA() == true |
1948 && m_own_encrypted_premaster_secret.get_is_valid_data() == true) |
1936 && m_own_encrypted_premaster_secret.get_is_valid_data() == true |
1949 || ((cipher_suite_is_TLS_DHE_DSS() == true |
1937 || ((cipher_suite_is_TLS_DHE_DSS() == true |
1950 || cipher_suite_is_TLS_DHE_RSA() == true |
1938 || cipher_suite_is_TLS_DHE_RSA() == true |
1951 #if defined(USE_FAST_EAP_TYPE) |
1939 #if defined(USE_FAST_EAP_TYPE) |
1952 || (m_eap_type == eap_type_fast |
1940 || (m_eap_type == eap_type_fast |
1953 && m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP == true |
1941 && m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP == true |
3428 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3416 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3429 |
3417 |
3430 EAP_TRACE_ALWAYS( |
3418 EAP_TRACE_ALWAYS( |
3431 m_am_tools, |
3419 m_am_tools, |
3432 TRACE_FLAGS_DEFAULT, |
3420 TRACE_FLAGS_DEFAULT, |
3433 (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0xfe%06x%08x=%s: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), |
3421 (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0x%08x: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), |
3434 this, |
3422 this, |
3435 (m_is_client == true ? "client": "server"), |
3423 (m_is_client == true ? "client": "server"), |
3436 m_eap_type.get_vendor_id(), |
3424 convert_eap_type_to_u32_t(m_eap_type), |
3437 m_eap_type.get_vendor_type(), |
|
3438 eap_header_string_c::get_eap_type_string(m_eap_type), |
|
3439 m_tls_session_type, |
3425 m_tls_session_type, |
3440 eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type), |
3426 eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type), |
3441 m_tls_peap_state, |
3427 m_tls_peap_state, |
3442 eap_tls_trace_string_c::get_state_string(m_tls_peap_state), |
3428 eap_tls_trace_string_c::get_state_string(m_tls_peap_state), |
3443 eap_state_notification_c::get_state_string(state->get_protocol_layer(), state->get_current_state()))); |
3429 eap_state_notification_c::get_state_string(state->get_protocol_layer(), state->get_current_state()))); |
3578 { |
3564 { |
3579 EAP_TRACE_ALWAYS( |
3565 EAP_TRACE_ALWAYS( |
3580 m_am_tools, |
3566 m_am_tools, |
3581 TRACE_FLAGS_DEFAULT, |
3567 TRACE_FLAGS_DEFAULT, |
3582 (EAPL("%s: tls_record_c::state_notification(): ") |
3568 (EAPL("%s: tls_record_c::state_notification(): ") |
3583 EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0xfe%06x%08x=%s\n"), |
3569 EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0x%08x\n"), |
3584 (m_is_client == true ? "client": "server"), |
3570 (m_is_client == true ? "client": "server"), |
3585 m_eap_type.get_vendor_id(), |
3571 convert_eap_type_to_u32_t(m_eap_type))); |
3586 m_eap_type.get_vendor_type(), |
|
3587 eap_header_string_c::get_eap_type_string(m_eap_type))); |
|
3588 } |
3572 } |
3589 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
3573 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
3590 |
3574 |
3591 } |
3575 } |
3592 |
3576 |
3636 |
3620 |
3637 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3621 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3638 return get_type_partner()->cancel_timer( |
3622 return get_type_partner()->cancel_timer( |
3639 initializer, |
3623 initializer, |
3640 id); |
3624 id); |
|
3625 } |
|
3626 |
|
3627 //-------------------------------------------------- |
|
3628 |
|
3629 // This is commented in abs_tls_base_application_c. |
|
3630 EAP_FUNC_EXPORT eap_status_e tls_record_c::cancel_all_timers() |
|
3631 { |
|
3632 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3633 |
|
3634 if (get_type_partner() == 0) |
|
3635 { |
|
3636 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3637 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
3638 } |
|
3639 |
|
3640 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
3641 return get_type_partner()->cancel_all_timers(); |
3641 } |
3642 } |
3642 |
3643 |
3643 //-------------------------------------------------- |
3644 //-------------------------------------------------- |
3644 |
3645 |
3645 // This is commented in abs_tls_base_application_c. |
3646 // This is commented in abs_tls_base_application_c. |
8861 if (status != eap_status_ok) |
8862 if (status != eap_status_ok) |
8862 { |
8863 { |
8863 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8864 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8864 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8865 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8865 } |
8866 } |
8866 |
|
8867 { |
|
8868 for (u32_t ind = 0ul; ind < m_peer_certificate_types.get_object_count(); ++ind) |
|
8869 { |
|
8870 const u8_t * const certificate_type = m_peer_certificate_types.get_object(ind); |
|
8871 if (certificate_type != 0) |
|
8872 { |
|
8873 EAP_TRACE_DEBUG( |
|
8874 m_am_tools, |
|
8875 TRACE_FLAGS_DEFAULT, |
|
8876 (EAPL("peer certificate type %d=0x%02x\n"), |
|
8877 *certificate_type, |
|
8878 *certificate_type)); |
|
8879 } |
|
8880 } |
|
8881 } |
|
8882 } |
8867 } |
8883 |
8868 |
8884 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
8869 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
8885 |
8870 |
8886 { |
8871 { |
8901 false); |
8886 false); |
8902 if (status != eap_status_ok) |
8887 if (status != eap_status_ok) |
8903 { |
8888 { |
8904 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8889 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
8905 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8890 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); |
8906 } |
|
8907 |
|
8908 { |
|
8909 for (u32_t ind = 0ul; ind < m_peer_certificate_authorities.get_object_count(); ++ind) |
|
8910 { |
|
8911 const eap_variable_data_c * const ca_authority = m_peer_certificate_authorities.get_object(ind); |
|
8912 if (ca_authority != 0) |
|
8913 { |
|
8914 EAP_TRACE_DATA_DEBUG( |
|
8915 m_am_tools, |
|
8916 EAP_TRACE_FLAGS_MESSAGE_DATA, |
|
8917 (EAPL("peer CA-authority"), |
|
8918 ca_authority->get_data(), |
|
8919 ca_authority->get_data_length())); |
|
8920 } |
|
8921 } |
|
8922 } |
8891 } |
8923 } |
8892 } |
8924 |
8893 |
8925 m_tls_peap_server_requested_client_certificate = true; |
8894 m_tls_peap_server_requested_client_certificate = true; |
8926 |
8895 |
12347 { |
12316 { |
12348 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12317 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12349 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12318 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12350 } |
12319 } |
12351 |
12320 |
|
12321 *member_cbc_crypto_block_algorithm = new crypto_cbc_c( |
|
12322 m_am_tools, |
|
12323 crypto_block_algorithm, |
|
12324 true); |
|
12325 |
|
12326 if (*member_cbc_crypto_block_algorithm == 0 |
|
12327 || (*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
|
12328 { |
|
12329 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
12330 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
12331 } |
|
12332 |
12352 // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. |
12333 // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. |
12353 block_algorithm_remove.do_not_free_variable(); |
12334 block_algorithm_remove.do_not_free_variable(); |
12354 |
12335 |
12355 *member_cbc_crypto_block_algorithm = new crypto_cbc_c( |
12336 if ((*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
12356 m_am_tools, |
|
12357 crypto_block_algorithm, |
|
12358 true); |
|
12359 |
|
12360 if (*member_cbc_crypto_block_algorithm == 0 |
|
12361 || (*member_cbc_crypto_block_algorithm)->get_is_valid() == false) |
|
12362 { |
12337 { |
12363 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12338 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
12364 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12339 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
12365 } |
12340 } |
12366 |
12341 |
16670 #if defined(USE_FAST_EAP_TYPE) |
16645 #if defined(USE_FAST_EAP_TYPE) |
16671 if (m_is_client == false |
16646 if (m_is_client == false |
16672 && m_eap_type == eap_type_fast |
16647 && m_eap_type == eap_type_fast |
16673 && m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption) |
16648 && m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption) |
16674 { |
16649 { |
16675 if (m_application == 0) |
|
16676 { |
|
16677 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
16678 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
|
16679 } |
|
16680 |
|
16681 // This is server. |
16650 // This is server. |
16682 // EAP-FAST is using Tunnel PAC. |
16651 // EAP-FAST is using Tunnel PAC. |
16683 // Here we cannot start tunneled authentication immediately |
16652 // Here we cannot start tunneled authentication immediately |
16684 // because client migth have sent a User Authorization PAC. |
16653 // because client migth have sent a User Authorization PAC. |
16685 // We must process the optional TLS Application message(s) |
16654 // We must process the optional TLS Application message(s) |
16767 return EAP_STATUS_RETURN(m_am_tools, notification_status); |
16736 return EAP_STATUS_RETURN(m_am_tools, notification_status); |
16768 } |
16737 } |
16769 } |
16738 } |
16770 } |
16739 } |
16771 else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none |
16740 else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none |
16772 #if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
16741 || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs) |
16773 || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs |
|
16774 #endif |
|
16775 ) |
|
16776 { |
16742 { |
16777 if ((m_eap_type == eap_type_peap |
16743 if ((m_eap_type == eap_type_peap |
16778 && m_peap_version >= peap_version_0_xp |
16744 && m_peap_version >= peap_version_0_xp |
16779 && m_peap_version <= peap_version_2) |
16745 && m_peap_version <= peap_version_2) |
16780 || m_eap_type == eap_type_ttls |
16746 || m_eap_type == eap_type_ttls |
19072 || certificate_chain == 0 |
19038 || certificate_chain == 0 |
19073 || certificate_chain->get_object_count() == 0) |
19039 || certificate_chain->get_object_count() == 0) |
19074 { |
19040 { |
19075 if (completion_status != eap_status_ok) |
19041 if (completion_status != eap_status_ok) |
19076 { |
19042 { |
19077 EAP_TRACE_DEBUG( |
19043 (void)EAP_STATUS_RETURN(m_am_tools, completion_status); |
19078 m_am_tools, |
|
19079 TRACE_FLAGS_DEFAULT, |
|
19080 (EAPL("WARNING: TLS: this = 0x%08x, %s: message_function: starts: tls_record_c::complete_query_certificate_chain(): No certificate chain configured.\n"), |
|
19081 this, |
|
19082 (m_is_client == true ? "client": "server"))); |
|
19083 } |
19044 } |
19084 |
19045 |
19085 if (m_is_client == false) |
19046 if (m_is_client == false) |
19086 { |
19047 { |
19087 // Server fails immediately. |
19048 // Server fails immediately. |