EAP-TLS server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated handshake. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
b6f2ae3b5b
commit
7f417feaa1
1 changed files with 50 additions and 1 deletions
|
|
@ -48,6 +48,23 @@ static void eap_tls_state(struct eap_tls_data *data, int state)
|
|||
eap_tls_state_txt(data->state),
|
||||
eap_tls_state_txt(state));
|
||||
data->state = state;
|
||||
if (state == FAILURE)
|
||||
tls_connection_remove_session(data->ssl.conn);
|
||||
}
|
||||
|
||||
|
||||
static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
|
||||
if (!sm->tls_session_lifetime)
|
||||
return;
|
||||
|
||||
buf = wpabuf_alloc(1);
|
||||
if (!buf)
|
||||
return;
|
||||
wpabuf_put_u8(buf, data->eap_type);
|
||||
tls_connection_set_success_data(data->ssl.conn, buf);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -184,6 +201,7 @@ check_established:
|
|||
* fragments waiting to be sent out. */
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
eap_tls_valid_session(sm, data);
|
||||
}
|
||||
|
||||
return res;
|
||||
|
|
@ -235,10 +253,41 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
|
|||
struct wpabuf *respData)
|
||||
{
|
||||
struct eap_tls_data *data = priv;
|
||||
const struct wpabuf *buf;
|
||||
const u8 *pos;
|
||||
|
||||
if (eap_server_tls_process(sm, &data->ssl, respData, data,
|
||||
data->eap_type, NULL, eap_tls_process_msg) <
|
||||
0)
|
||||
0) {
|
||||
eap_tls_state(data, FAILURE);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
|
||||
return;
|
||||
|
||||
buf = tls_connection_get_success_data(data->ssl.conn);
|
||||
if (!buf || wpabuf_len(buf) < 1) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: No success data in resumed session - reject attempt");
|
||||
eap_tls_state(data, FAILURE);
|
||||
return;
|
||||
}
|
||||
|
||||
pos = wpabuf_head(buf);
|
||||
if (*pos != data->eap_type) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
|
||||
*pos);
|
||||
eap_tls_state(data, FAILURE);
|
||||
return;
|
||||
}
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: Resuming previous session");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
tls_connection_set_success_data_resumed(data->ssl.conn);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue