[PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tim Kourt <tim.a.kourt@linux.intel.com>
To: iwd@lists.01.org
Subject: [PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs
Date: Thu, 12 Dec 2019 12:10:15 -0800	[thread overview]
Message-ID: <20191212201016.18072-1-tim.a.kourt@linux.intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 5143 bytes --]

The handler for EAP Extensions has been modified to support multiple
TLV types instead of the single Result TLV. This will allow to handle
the other TLVs such as Crypto-Binding TLV.
---
 src/eap-peap.c | 125 ++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 88 insertions(+), 37 deletions(-)

diff --git a/src/eap-peap.c b/src/eap-peap.c
index ed18c667..8059e60b 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -111,6 +111,7 @@ static void eap_peap_phase2_complete(enum eap_result result, void *user_data)
  */
 #define EAP_EXTENSIONS_HEADER_LEN 5
 #define EAP_EXTENSIONS_TLV_HEADER_LEN 4
+#define EAP_EXTENSIONS_TLV_M_BIT_MASK 0x8000
 
 enum eap_extensions_tlv_type {
 	/* Reserved = 0x0000, */
@@ -127,39 +128,24 @@ enum eap_extensions_result {
 static int eap_extensions_handle_result_tlv(struct eap_state *eap,
 						const uint8_t *data,
 						size_t data_len,
-						uint8_t *response)
+						uint8_t *response,
+						uint8_t *result)
 {
+	static const uint8_t result_tlv_len = 2;
 	struct peap_state *peap_state;
-	uint16_t type;
-	uint16_t len;
-	uint16_t result;
 
-	if (data_len < EAP_EXTENSIONS_TLV_HEADER_LEN + 2)
-		return -ENOENT;
-
-	type = l_get_be16(data);
-
-	if (type != EAP_EXTENSIONS_TLV_TYPE_RESULT)
-		return -ENOENT;
-
-	data += 2;
-
-	len = l_get_be16(data);
-
-	if (len != 2)
-		return -ENOENT;
-
-	data += 2;
+	if (data_len != result_tlv_len)
+		return -EBADMSG;
 
-	result = l_get_be16(data);
+	*result = l_get_be16(data);
 
-	l_debug("result: %d", result);
+	l_debug("result: %d", *result);
 
-	switch (result) {
+	switch (*result) {
 	case EAP_EXTENSIONS_RESULT_SUCCCESS:
 		peap_state = eap_tls_common_get_variant_data(eap);
 
-		result = eap_method_is_success(peap_state->phase2) ?
+		*result = eap_method_is_success(peap_state->phase2) ?
 					EAP_EXTENSIONS_RESULT_SUCCCESS :
 					EAP_EXTENSIONS_RESULT_FAILURE;
 		/* fall through */
@@ -169,13 +155,68 @@ static int eap_extensions_handle_result_tlv(struct eap_state *eap,
 		return -ENOENT;
 	}
 
-	l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT,
-					&response[EAP_EXTENSIONS_HEADER_LEN]);
-	l_put_be16(2, &response[EAP_EXTENSIONS_HEADER_LEN + 2]);
-	l_put_be16(result, &response[EAP_EXTENSIONS_HEADER_LEN +
-						EAP_EXTENSIONS_TLV_HEADER_LEN]);
+	/* Build response Result TLV */
+
+	l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT, response);
+	response += 2;
+
+	l_put_be16(result_tlv_len, response);
+	response += 2;
+
+	l_put_be16(*result, response);
+
+	return EAP_EXTENSIONS_TLV_HEADER_LEN + result_tlv_len;
+}
+
+static int eap_extensions_process_tlvs(struct eap_state *eap,
+						const uint8_t *data,
+						size_t data_len,
+						uint8_t *response,
+						uint8_t *result)
+{
+	int response_len = 0;
+	uint16_t tlv_type;
+	uint16_t tlv_value_len;
+
+	while (data_len >= EAP_EXTENSIONS_TLV_HEADER_LEN) {
+		int response_tlv_len = 0;
+
+		tlv_type = l_get_be16(data);
+		data += 2;
+
+		tlv_value_len = l_get_be16(data);
+		data += 2;
+
+		data_len -= EAP_EXTENSIONS_TLV_HEADER_LEN;
+
+		if (data_len < tlv_value_len)
+			return -EBADMSG;
+
+		switch (tlv_type) {
+		case EAP_EXTENSIONS_TLV_TYPE_RESULT:
+			response_tlv_len = eap_extensions_handle_result_tlv(eap,
+						data, tlv_value_len, response,
+						result);
+
+			break;
+		default:
+			if (tlv_type & EAP_EXTENSIONS_TLV_M_BIT_MASK)
+				return -ENOENT;
+
+			break;
+		}
+
+		if (response_tlv_len < 0)
+			return response_tlv_len;
+
+		response += response_tlv_len;
+		response_len += response_tlv_len;
+
+		data += tlv_value_len;
+		data_len -= tlv_value_len;
+	}
 
-	return result;
+	return response_len;
 }
 
 static void eap_extensions_handle_request(struct eap_state *eap,
@@ -184,24 +225,34 @@ static void eap_extensions_handle_request(struct eap_state *eap,
 							size_t len)
 {
 	struct peap_state *peap_state;
-	uint8_t response[EAP_EXTENSIONS_HEADER_LEN +
-					EAP_EXTENSIONS_TLV_HEADER_LEN + 2];
-	int r = eap_extensions_handle_result_tlv(eap, pkt, len, response);
+	uint8_t result = EAP_EXTENSIONS_RESULT_FAILURE;
+	/*
+	 * The buffer size is chosen to satisfy the needs of the two supported
+	 * TLVs.
+	 */
+	uint8_t response[256];
+	int response_len;
 
-	if (r < 0)
+	response_len = eap_extensions_process_tlvs(eap, pkt, len,
+					&response[EAP_EXTENSIONS_HEADER_LEN],
+					&result);
+
+	if (response_len < 0)
 		return;
 
+	response_len += EAP_EXTENSIONS_HEADER_LEN;
+
 	response[0] = EAP_CODE_RESPONSE;
 	response[1] = id;
-	l_put_be16(sizeof(response), &response[2]);
+	l_put_be16(response_len, &response[2]);
 	response[4] = EAP_TYPE_EXTENSIONS;
 
-	eap_peap_phase2_send_response(response, sizeof(response), eap);
+	eap_peap_phase2_send_response(response, response_len, eap);
 
 	eap_discard_success_and_failure(eap, false);
 	eap_tls_common_set_completed(eap);
 
-	if (r != EAP_EXTENSIONS_RESULT_SUCCCESS) {
+	if (result != EAP_EXTENSIONS_RESULT_SUCCCESS) {
 		eap_tls_common_set_phase2_failed(eap);
 
 		eap_tls_common_tunnel_close(eap);
-- 
2.13.6

next             reply	other threads:[~2019-12-12 20:10 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-12 20:10 Tim Kourt [this message]
2019-12-12 20:10 ` [PATCH v2 2/2] peap: Add support for Crypto-Binding in PEAPv0 Tim Kourt
2019-12-12 21:14   ` Denis Kenzior
2019-12-12 21:14 ` [PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs Denis Kenzior

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ed18c66 dfblob:8059e60 )
 OR (
bs:"[PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191212201016.18072-1-tim.a.kourt@linux.intel.com \
    --to=tim.a.kourt@linux.intel.com \
    --cc=iwd@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.