eap_hdr_validate - Validate EAP header @vendor: Expected EAP Vendor-Id (0 = IETF) @eap_type: Expected EAP type number @msg: EAP frame (starting with EAP header) @plen: Pointer to variable to contain the returned payload length Returns: Pointer to EAP payload (after type field), or %NULL on failure This is a helper function for EAP method implementations. This is usually called in the beginning of struct eap_method::process() function to verify that the received EAP request packet has a valid header. This function is able to process both legacy and expanded EAP headers and in most cases, the caller can just use the returned payload pointer (into *plen) for processing the payload regardless of whether the packet used the expanded EAP header or not.

wps_build_registrar_nonce()

wpabuf_put_str()

wpabuf_concat()

wpabuf_concat - Concatenate two buffers into a newly allocated one @a: First buffer @b: Second buffer Returns: wpabuf with concatenated a + b data or %NULL on failure Both buffers a and b will be freed regardless of the return value. Input buffers can be %NULL which is interpreted as an empty buffer.

wps_build_authenticator()

wps_process_authenticator()

wpabuf_tailroom()

wpabuf_tailroom - Get size of available tail room in the end of the buffer @buf: wpabuf buffer Returns: Tail room (in bytes) of available space in the end of the buffer

wpabuf_mhead_u8()

eap_get_id()

eap_get_id - Get EAP Identifier from wpabuf @msg: Buffer starting with an EAP header Returns: The Identifier field from the EAP header

eap_peer_tls_encrypt()

eap_peer_tls_encrypt - Encrypt phase 2 TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @peap_version: Version number for EAP-PEAP/TTLS @id: EAP identifier for the response @in_data: Plaintext phase 2 data to encrypt or %NULL to continue fragments @out_data: Buffer for returning a pointer to the encrypted response message Returns: 0 on success, -1 on failure

wps_build_rf_bands()

wpabuf_zeropad()

wpabuf_zeropad - Pad buffer with 0x00 octets (prefix) to specified length @buf: Buffer to be padded @len: Length for the padded buffer Returns: wpabuf padded to len octets or %NULL on failure If buf is longer than len octets or of same size, it will be returned as-is. Otherwise a new buffer is allocated and prefixed with 0x00 octets followed by the source data. The source buffer will be freed on error, i.e., caller will only be responsible on freeing the returned buffer. If buf is %NULL, %NULL will be returned.

wpabuf_printf()

wps_build_config_error()

wps_build_key_wrap_auth()

wps_build_encr_settings()

wps_process_key_wrap_auth()

eap_hdr_len_valid()

eap_hdr_len_valid - Validate EAP header length field @msg: EAP frame (starting with EAP header) @min_payload: Minimum payload length needed Returns: 1 for valid header, 0 for invalid This is a helper function that does minimal validation of EAP messages. The length field is verified to be large enough to include the header and not too large to go beyond the end of the buffer.

eap_get_type()

eap_get_id - Get EAP Type from wpabuf @msg: Buffer starting with an EAP header Returns: The EAP Type after the EAP header

eap_peer_tls_process_helper()

eap_peer_tls_process_helper - Process TLS handshake message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @peap_version: Version number for EAP-PEAP/TTLS @id: EAP identifier for the response @in_data: Message received from the server @in_len: Length of in_data @out_data: Buffer for returning a pointer to the response message Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, or -1 on failure This function can be used to process TLS handshake messages. It reassembles the received fragments and uses a TLS library to process the messages. The response data from the TLS library is fragmented to suitable output messages that the caller can send out. out_data is used to return the response message if the return value of this function is 0, 2, or -1. In case of failure, the message is likely a TLS alarm message. The caller is responsible for freeing the allocated buffer if *out_data is not %NULL. This function is called for each received TLS message during the TLS handshake after eap_peer_tls_process_init() call and possible processing of TLS Flags field. Once the handshake has been completed, i.e., when tls_connection_established() returns 1, EAP method specific decrypting of the tunneled data is used.

eap_peer_tls_process_init()

eap_peer_tls_process_init - Initial validation/processing of EAP requests @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @ret: Return values from EAP request validation and processing @reqData: EAP request to be processed (eapReqData) @len: Buffer for returning length of the remaining payload @flags: Buffer for returning TLS flags Returns: Pointer to payload after TLS flags and length or %NULL on failure This function validates the EAP header and processes the optional TLS Message Length field. If this is the first fragment of a TLS message, the TLS reassembly code is initialized to receive the indicated number of bytes. EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST methods are expected to use this function as the first step in processing received messages. They will need to process the flags (apart from Message Length Included) that are returned through the flags pointer and the message payload that will be returned (and the length is returned through the len pointer). Return values (ret) are set for continuation of EAP method processing. The caller is responsible for setting these to indicate completion (either success or failure) based on the authentication result.

wps_build_device_attrs()

wps_build_assoc_state()

wps_build_uuid_e()

wpas_rrm_report_elem()

asn1_put_hdr()

eap_peer_tls_decrypt()

eap_peer_tls_decrypt - Decrypt received phase 2 TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @in_data: Message received from the server @in_decrypted: Buffer for returning a pointer to the decrypted message Returns: 0 on success, 1 if more input data is needed, or -1 on failure

eap_peer_tls_phase2_nak()

eap_peer_tls_phase2_nak - Generate EAP-Nak for Phase 2 @types: Buffer for returning allocated list of allowed EAP methods @num_types: Buffer for returning number of allocated EAP methods @hdr: EAP-Request header (and the following EAP type octet) @resp: Buffer for returning the EAP-Nak message Returns: 0 on success, -1 on failure

eap_fast_encrypt_response()

json_add_base64url()

json_add_string_escape()

wps_build_dev_name()

wps_build_os_version()

wps_build_auth_type_flags()

wps_build_encr_type_flags()

wps_build_conn_type_flags()

wps_ie_encapsulate()

wps_build_public_key()

wps_build_config_methods()

wps_build_dev_password_id()

sae_write_commit()

sae_write_confirm()

eap_update_len()

eap_update_len - Update EAP header length @msg: EAP message from eap_msg_alloc This function updates the length field in the EAP header to match with the current length for the buffer. This allows eap_msg_alloc() to be used to allocate a larger buffer than the exact message length (e.g., if exact message length is not yet known).

tls_connection_handshake()

tls_connection_handshake - Process TLS handshake (client side) @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Input data from TLS server @appl_data: Pointer to application data pointer, or %NULL if dropped Returns: Output data, %NULL on failure The caller is responsible for freeing the returned output data. If the final handshake message includes application data, this is decrypted and appl_data (if not %NULL) is set to point this data. The caller is responsible for freeing appl_data. This function is used during TLS handshake. The first call is done with in_data == %NULL and the library is expected to return ClientHello packet. This packet is then send to the server and a response from server is given to TLS library by calling this function again with in_data pointing to the TLS message from the server. If the TLS handshake fails, this function may return %NULL. However, if the TLS library has a TLS alert to send out, that should be returned as the output data. In this case, tls_connection_get_failed() must return failure (> 0). tls_connection_established() should return 1 once the TLS handshake has been completed successfully.

tls_connection_encrypt()

tls_connection_encrypt - Encrypt data into TLS tunnel @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Plaintext data to be encrypted Returns: Encrypted TLS data or %NULL on failure This function is used after TLS handshake has been completed successfully to send data in the encrypted tunnel. The caller is responsible for freeing the returned output data.

tls_connection_decrypt()

tls_connection_decrypt - Decrypt data from TLS tunnel @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Encrypted TLS data Returns: Decrypted TLS data or %NULL on failure This function is used after TLS handshake has been completed successfully to receive data from the encrypted tunnel. The caller is responsible for freeing the returned output data.

eap_ttls_decrypt()

eap_fast_put_tlv_hdr()

json_start_array()

json_end_array()

wps_build_manufacturer()

wps_build_model_name()

wps_build_model_number()

wps_build_primary_dev_type()

wps_build_vendor_ext()

wps_build_application_ext()

wps_build_mac_addr()

wps_enrollee_process_msg()

wps_build_req_type()

wps_build_resp_type()

wpas_rrm_send_msr_report()

dpp_build_attr_status()

dpp_build_attr_r_bootstrap_key_hash()

dpp_build_attr_i_bootstrap_key_hash()

eap_sm_parseEapResp()

wps_build_credential()

eapol_auth_alloc()

wps_validate_wsc_ack()

wps_validate_wsc_nack()

wps_process_msg()

wps_process_msg - Process a WPS message @wps: WPS Registration protocol data from wps_init() @op_code: Message OP Code @msg: Message data Returns: Processing result This function is used to process WPS messages with OP Codes WSC_ACK, WSC_NACK, WSC_MSG, and WSC_Done. The caller (e.g., EAP server/peer) is responsible for reassembling the messages before calling this function. Response to this message is built by calling wps_get_msg().

wps_is_selected_pbc_registrar()

wps_is_selected_pbc_registrar - Check whether WPS IE indicates active PBC @msg: WPS IE contents from Beacon or Probe Response frame Returns: 1 if PBC Registrar is active, 0 if not

wps_is_addr_authorized()

wps_is_addr_authorized - Check whether WPS IE authorizes MAC address @msg: WPS IE contents from Beacon or Probe Response frame @addr: MAC address to search for @ver1_compat: Whether to use version 1 compatibility mode Returns: 2 if the specified address is explicit authorized, 1 if address is authorized (broadcast), 0 if not

wps_get_uuid_e()

wps_get_uuid_e - Get UUID-E from WPS IE @msg: WPS IE contents from Beacon or Probe Response frame Returns: Pointer to UUID-E or %NULL if not included The returned pointer is to the msg contents and it remains valid only as long as the msg buffer is valid.

dh_init()

dh_init - Initialize Diffie-Hellman handshake @dh: Selected Diffie-Hellman group @priv: Pointer for returning Diffie-Hellman private key Returns: Diffie-Hellman public value

dh_derive_shared()

dh_derive_shared - Derive shared Diffie-Hellman key @peer_public: Diffie-Hellman public value from peer @own_private: Diffie-Hellman private key from dh_init() @dh: Selected Diffie-Hellman group Returns: Diffie-Hellman shared key

dh5_init()

dh5_derive_shared()

wpas_mbo_scan_ie()

tls_connection_handshake2()

tls_connection_server_handshake()

tls_connection_server_handshake - Process TLS handshake (server side) @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Input data from TLS peer @appl_data: Pointer to application data pointer, or %NULL if dropped Returns: Output data, %NULL on failure The caller is responsible for freeing the returned output data.

tls_connection_decrypt2()

eap_peap_decrypt()

eap_tls_process_output()

eap_tls_process_output - Process outgoing TLS message @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @peap_version: Version number for EAP-PEAP/TTLS @id: EAP identifier for the response @ret: Return value to use on success @out_data: Buffer for returning the allocated output buffer Returns: ret (0 or 1) on success, -1 on failure

eap_peer_tls_data_reassemble()

eap_peer_tls_data_reassemble - Reassemble TLS data @data: Data for TLS processing @in_data: Next incoming TLS segment @need_more_input: Variable for returning whether more input data is needed to reassemble this TLS packet Returns: Pointer to output data, %NULL on error or when more data is needed for the full message (in which case, *need_more_input is also set to 1). This function reassembles TLS fragments. Caller must not free the returned data buffer since an internal pointer to it is maintained.

eap_ttls_phase2_request_eap_method()

eap_ttls_encrypt_response()

eap_ttls_implicit_identity_request()

eap_ttls_phase2_request()

eap_fast_decrypt()

eap_fast_put_tlv_buf()

eap_fast_tlv_eap_payload()

wpabuf_overflow()

json_add_int()

wps_build_cred()

wps_build_serial_number()

wps_build_vendor_ext_m1()

wps_build_secondary_dev_type()

wps_build_req_dev_type()

wps_build_rf_bands_attr()

wps_registrar_process_msg()

wpas_add_beacon_rep()

wpas_beacon_rep_no_results()

wnm_add_cand_list()

wpas_mbo_non_pref_chan_attr_body()

wpas_mbo_non_pref_chan_attr_hdr()

wpas_mbo_non_pref_chan_subelem_hdr()

wpas_mbo_non_pref_chan_attrs()

asn1_put_oid()

asn1_encaps()

asn1_put_len()

dpp_auth_build_resp()

dpp_build_jwk()

dpp_build_legacy_cred_params()

dpp_check_pubkey_match()

eap_copy_buf()

eap_identity_check()

wps_build_config_methods_r()

wps_build_wps_state()

wps_build_ap_setup_locked()

wps_build_selected_registrar()

wps_build_sel_reg_dev_password_id()

wps_build_sel_reg_config_methods()

wps_build_uuid_r()

wpabuf_size()

wpabuf_size - Get the currently allocated size of a wpabuf buffer @buf: wpabuf buffer Returns: Currently allocated size of the buffer

wps_validate_m4_encr()

wps_validate_m5()

wps_validate_m5_encr()

wps_validate_m6()

wps_validate_m6_encr()

wps_validate_m7()

wps_validate_m7_encr()

wps_validate_m8()

wps_validate_m8_encr()

wps_validate_wsc_done()

wps_is_selected_pin_registrar()

wps_is_selected_pin_registrar - Check whether WPS IE indicates active PIN @msg: WPS IE contents from Beacon or Probe Response frame Returns: 1 if PIN Registrar is active, 0 if not

wps_ap_priority_compar()

wps_ap_priority_compar - Prioritize WPS IE from two APs @wps_a: WPS IE contents from Beacon or Probe Response frame @wps_b: WPS IE contents from Beacon or Probe Response frame Returns: 1 if wps_b is considered more likely selection for WPS provisioning, -1 if wps_a is considered more like, or 0 if no preference

wps_is_20()

wps_is_20 - Check whether WPS attributes claim support for WPS 2.0

wps_registrar_probe_req_rx()

wps_registrar_probe_req_rx - Notify Registrar of Probe Request @reg: Registrar data from wps_registrar_init() @addr: MAC address of the Probe Request sender @wps_data: WPS IE contents This function is called on an AP when a Probe Request with WPS IE is received. This is used to track PBC mode use and to detect possible overlap situation with other WPS APs.

wps_build_credential_wrap()

wps_attr_text()

dh5_init_fixed()

tls_connection_set_success_data()

eap_mschapv2_copy_challenge()

eap_mschapv2_process()

eap_mschapv2_process - Process an EAP-MSCHAPv2 request @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @priv: Pointer to private EAP method data from eap_mschapv2_init() @ret: Return values from EAP request validation and processing @reqData: EAP request to be processed (eapReqData) Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if no reply available

eap_peapv2_tlv_eap_payload()

eap_tlv_add_cryptobinding()

eap_peap_phase2_request()

eap_tlv_process()

eap_tlv_process - Process a received EAP-TLV message and generate a response @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @ret: Return values from EAP request validation and processing @req: EAP-TLV request to be processed. The caller must have validated that the buffer is large enough to contain full request (hdr->length bytes) and that the EAP type is EAP_TYPE_TLV. @resp: Buffer to return a pointer to the allocated response message. This field should be initialized to %NULL before the call. The value will be updated if a response message is generated. The caller is responsible for freeing the allocated message. @force_failure: Force negotiation to fail Returns: 0 on success, -1 on failure

eap_peap_process()

eap_tls_failure()

eap_tls_process()

eap_tls_process_input()

eap_tls_process_input - Process incoming TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @in_data: Message received from the server @in_len: Length of in_data @out_data: Buffer for returning a pointer to application data (if available) Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, -1 on failure

eap_peer_tls_reassemble_fragment()

eap_peer_tls_reassemble_fragment - Reassemble a received fragment @data: Data for TLS processing @in_data: Next incoming TLS segment Returns: 0 on success, 1 if more data is needed for the full message, or -1 on error

eap_ttls_phase2_request_eap()

eap_ttls_phase2_request_mschapv2()

eap_ttls_phase2_eap_process()

eap_ttls_phase2_request_mschap()

eap_ttls_avp_encapsulate()

eap_ttls_phase2_request_pap()

eap_ttls_phase2_request_chap()

eap_ttls_process()

eap_ttls_parse_avps()

eap_ttls_process_phase2_eap()

eap_ttls_process_decrypted()

eap_ttls_phase2_start()

eap_ttls_process_handshake()

eap_fast_process()

eap_fast_phase2_request()

eap_fast_parse_decrypted()

eap_fast_process_decrypted()

eap_fast_put_tlv()

wps_build_ap_channel()

wps_build_wps_state()

wps_build_e_hash()

wps_build_e_snonce1()

wps_build_e_snonce2()

wps_build_ap_settings()

wps_process_ap_settings_e()

wps_process_wsc_start()

wps_process_wsc_msg()

wps_process_wsc_ack()

wps_process_wsc_nack()

eap_sm_send_eapol()

eap_sm_process_request()

wps_enrollee_process_msg_frag()

wpa3_check_sae_rejected_groups()

wpas_rrm_handle_msr_req_element()

wpas_rm_handle_beacon_req()

Returns 0 if the next element can be processed, 1 if some operation was triggered, and -1 if processing failed (i.e., the element is in invalid format or an internal error occurred).

wpas_beacon_rep_table()

wpas_add_beacon_rep_elem()

wnm_add_nei_rep()

wnm_nei_rep_add_bss()

wpas_mbo_non_pref_chan_attr()

wpas_mbo_non_pref_chan_subelement()

asn1_put_octet_string()

asn1_put_sequence()

asn1_put_set()

asn1_put_utf8string()

asn1_build_alg_id()

asn1_put_integer()