EAP-SAKE: Pass EAP identifier instead of full request

This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_sake.c b/src/eap_peer/eap_sake.c
index 7d14907433e5032d2e1067ed02b94820f6f21112..c4f9843febb35f8e6840023e7d452e1d2161a2ba 100644 (file)
--- a/src/eap_peer/eap_sake.c
+++ b/src/eap_peer/eap_sake.c
@@ -141,7 +141,7 @@ static struct wpabuf * eap_sake_build_msg(struct eap_sake_data *data,
 static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
                                                 struct eap_sake_data *data,
                                                 struct eap_method_ret *ret,
-                                                const struct wpabuf *reqData,
+                                                u8 id,
                                                 const u8 *payload,
                                                 size_t payload_len)
 {
@@ -166,8 +166,7 @@ static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
 
        wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity");
 
-       resp = eap_sake_build_msg(data, eap_get_id(reqData),
-                                 2 + data->peerid_len,
+       resp = eap_sake_build_msg(data, id, 2 + data->peerid_len,
                                  EAP_SAKE_SUBTYPE_IDENTITY);
        if (resp == NULL)
                return NULL;
@@ -185,7 +184,7 @@ static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
 static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
                                                  struct eap_sake_data *data,
                                                  struct eap_method_ret *ret,
-                                                 const struct wpabuf *reqData,
+                                                 u8 id,
                                                  const u8 *payload,
                                                  size_t payload_len)
 {
@@ -247,8 +246,7 @@ static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
        rlen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN;
        if (data->peerid)
                rlen += 2 + data->peerid_len;
-       resp = eap_sake_build_msg(data, eap_get_id(reqData), rlen,
-                                 EAP_SAKE_SUBTYPE_CHALLENGE);
+       resp = eap_sake_build_msg(data, id, rlen, EAP_SAKE_SUBTYPE_CHALLENGE);
        if (resp == NULL)
                return NULL;
 
@@ -285,6 +283,7 @@ static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
 static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
                                                struct eap_sake_data *data,
                                                struct eap_method_ret *ret,
+                                               u8 id,
                                                const struct wpabuf *reqData,
                                                const u8 *payload,
                                                size_t payload_len)
@@ -323,14 +322,13 @@ static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
                ret->allowNotifications = FALSE;
                wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending "
                           "Response/Auth-Reject");
-               return eap_sake_build_msg(data, eap_get_id(reqData), 0,
+               return eap_sake_build_msg(data, id, 0,
                                          EAP_SAKE_SUBTYPE_AUTH_REJECT);
        }
 
        wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Confirm");
 
-       resp = eap_sake_build_msg(data, eap_get_id(reqData),
-                                 2 + EAP_SAKE_MIC_LEN,
+       resp = eap_sake_build_msg(data, id, 2 + EAP_SAKE_MIC_LEN,
                                  EAP_SAKE_SUBTYPE_CONFIRM);
        if (resp == NULL)
                return NULL;
@@ -367,7 +365,7 @@ static struct wpabuf * eap_sake_process(struct eap_sm *sm, void *priv,
        struct wpabuf *resp;
        const u8 *pos, *end;
        size_t len;
-       u8 subtype, session_id;
+       u8 subtype, session_id, id;
 
        pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, reqData, &len);
        if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
@@ -377,6 +375,7 @@ static struct wpabuf * eap_sake_process(struct eap_sm *sm, void *priv,
 
        req = (const struct eap_sake_hdr *) pos;
        end = pos + len;
+       id = eap_get_id(reqData);
        subtype = req->subtype;
        session_id = req->session_id;
        pos = (const u8 *) (req + 1);
@@ -402,15 +401,15 @@ static struct wpabuf * eap_sake_process(struct eap_sm *sm, void *priv,
 
        switch (subtype) {
        case EAP_SAKE_SUBTYPE_IDENTITY:
-               resp = eap_sake_process_identity(sm, data, ret, reqData,
+               resp = eap_sake_process_identity(sm, data, ret, id,
                                                 pos, end - pos);
                break;
        case EAP_SAKE_SUBTYPE_CHALLENGE:
-               resp = eap_sake_process_challenge(sm, data, ret, reqData,
+               resp = eap_sake_process_challenge(sm, data, ret, id,
                                                  pos, end - pos);
                break;
        case EAP_SAKE_SUBTYPE_CONFIRM:
-               resp = eap_sake_process_confirm(sm, data, ret, reqData,
+               resp = eap_sake_process_confirm(sm, data, ret, id, reqData,
                                                pos, end - pos);
                break;
        default: