1 /*
2 * hostapd / EAP-TTLS (RFC 5281)
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/ms_funcs.h"
13 #include "crypto/sha1.h"
14 #include "crypto/tls.h"
15 #include "eap_server/eap_i.h"
16 #include "eap_server/eap_tls_common.h"
17 #include "eap_common/chap.h"
18 #include "eap_common/eap_ttls.h"
19
20
21 #define EAP_TTLS_VERSION 0
22
23
24 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
25
26
27 struct eap_ttls_data {
28 struct eap_ssl_data ssl;
29 enum {
30 START, PHASE1, PHASE2_START, PHASE2_METHOD,
31 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
32 } state;
33
34 int ttls_version;
35 const struct eap_method *phase2_method;
36 void *phase2_priv;
37 int mschapv2_resp_ok;
38 u8 mschapv2_auth_response[20];
39 u8 mschapv2_ident;
40 struct wpabuf *pending_phase2_eap_resp;
41 int tnc_started;
42 };
43
44
eap_ttls_state_txt(int state)45 static const char * eap_ttls_state_txt(int state)
46 {
47 switch (state) {
48 case START:
49 return "START";
50 case PHASE1:
51 return "PHASE1";
52 case PHASE2_START:
53 return "PHASE2_START";
54 case PHASE2_METHOD:
55 return "PHASE2_METHOD";
56 case PHASE2_MSCHAPV2_RESP:
57 return "PHASE2_MSCHAPV2_RESP";
58 case SUCCESS:
59 return "SUCCESS";
60 case FAILURE:
61 return "FAILURE";
62 default:
63 return "Unknown?!";
64 }
65 }
66
67
eap_ttls_state(struct eap_ttls_data * data,int state)68 static void eap_ttls_state(struct eap_ttls_data *data, int state)
69 {
70 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
71 eap_ttls_state_txt(data->state),
72 eap_ttls_state_txt(state));
73 data->state = state;
74 if (state == FAILURE)
75 tls_connection_remove_session(data->ssl.conn);
76 }
77
78
eap_ttls_valid_session(struct eap_sm * sm,struct eap_ttls_data * data)79 static void eap_ttls_valid_session(struct eap_sm *sm,
80 struct eap_ttls_data *data)
81 {
82 struct wpabuf *buf;
83
84 if (!sm->cfg->tls_session_lifetime)
85 return;
86
87 buf = wpabuf_alloc(1 + 1 + sm->identity_len);
88 if (!buf)
89 return;
90 wpabuf_put_u8(buf, EAP_TYPE_TTLS);
91 if (sm->identity) {
92 u8 id_len;
93
94 if (sm->identity_len <= 255)
95 id_len = sm->identity_len;
96 else
97 id_len = 255;
98 wpabuf_put_u8(buf, id_len);
99 wpabuf_put_data(buf, sm->identity, id_len);
100 } else {
101 wpabuf_put_u8(buf, 0);
102 }
103 tls_connection_set_success_data(data->ssl.conn, buf);
104 }
105
106
eap_ttls_avp_hdr(u8 * avphdr,u32 avp_code,u32 vendor_id,int mandatory,size_t len)107 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
108 int mandatory, size_t len)
109 {
110 struct ttls_avp_vendor *avp;
111 u8 flags;
112 size_t hdrlen;
113
114 avp = (struct ttls_avp_vendor *) avphdr;
115 flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
116 if (vendor_id) {
117 flags |= AVP_FLAGS_VENDOR;
118 hdrlen = sizeof(*avp);
119 avp->vendor_id = host_to_be32(vendor_id);
120 } else {
121 hdrlen = sizeof(struct ttls_avp);
122 }
123
124 avp->avp_code = host_to_be32(avp_code);
125 avp->avp_length = host_to_be32(((u32) flags << 24) |
126 ((u32) (hdrlen + len)));
127
128 return avphdr + hdrlen;
129 }
130
131
eap_ttls_avp_encapsulate(struct wpabuf * resp,u32 avp_code,int mandatory)132 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
133 u32 avp_code, int mandatory)
134 {
135 struct wpabuf *avp;
136 u8 *pos;
137
138 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
139 if (avp == NULL) {
140 wpabuf_free(resp);
141 return NULL;
142 }
143
144 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
145 wpabuf_len(resp));
146 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
147 pos += wpabuf_len(resp);
148 AVP_PAD((const u8 *) wpabuf_head(avp), pos);
149 wpabuf_free(resp);
150 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
151 return avp;
152 }
153
154
155 struct eap_ttls_avp {
156 /* Note: eap is allocated memory; caller is responsible for freeing
157 * it. All the other pointers are pointing to the packet data, i.e.,
158 * they must not be freed separately. */
159 u8 *eap;
160 size_t eap_len;
161 u8 *user_name;
162 size_t user_name_len;
163 u8 *user_password;
164 size_t user_password_len;
165 u8 *chap_challenge;
166 size_t chap_challenge_len;
167 u8 *chap_password;
168 size_t chap_password_len;
169 u8 *mschap_challenge;
170 size_t mschap_challenge_len;
171 u8 *mschap_response;
172 size_t mschap_response_len;
173 u8 *mschap2_response;
174 size_t mschap2_response_len;
175 };
176
177
eap_ttls_avp_parse(struct wpabuf * buf,struct eap_ttls_avp * parse)178 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
179 {
180 struct ttls_avp *avp;
181 u8 *pos;
182 int left;
183
184 pos = wpabuf_mhead(buf);
185 left = wpabuf_len(buf);
186 os_memset(parse, 0, sizeof(*parse));
187
188 while (left > 0) {
189 u32 avp_code, avp_length, vendor_id = 0;
190 u8 avp_flags, *dpos;
191 size_t pad, dlen;
192 avp = (struct ttls_avp *) pos;
193 avp_code = be_to_host32(avp->avp_code);
194 avp_length = be_to_host32(avp->avp_length);
195 avp_flags = (avp_length >> 24) & 0xff;
196 avp_length &= 0xffffff;
197 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
198 "length=%d", (int) avp_code, avp_flags,
199 (int) avp_length);
200 if ((int) avp_length > left) {
201 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
202 "(len=%d, left=%d) - dropped",
203 (int) avp_length, left);
204 goto fail;
205 }
206 if (avp_length < sizeof(*avp)) {
207 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
208 "%d", avp_length);
209 goto fail;
210 }
211 dpos = (u8 *) (avp + 1);
212 dlen = avp_length - sizeof(*avp);
213 if (avp_flags & AVP_FLAGS_VENDOR) {
214 if (dlen < 4) {
215 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
216 "underflow");
217 goto fail;
218 }
219 vendor_id = be_to_host32(* (be32 *) dpos);
220 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
221 (int) vendor_id);
222 dpos += 4;
223 dlen -= 4;
224 }
225
226 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
227
228 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
229 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
230 if (parse->eap == NULL) {
231 parse->eap = os_memdup(dpos, dlen);
232 if (parse->eap == NULL) {
233 wpa_printf(MSG_WARNING, "EAP-TTLS: "
234 "failed to allocate memory "
235 "for Phase 2 EAP data");
236 goto fail;
237 }
238 parse->eap_len = dlen;
239 } else {
240 u8 *neweap = os_realloc(parse->eap,
241 parse->eap_len + dlen);
242 if (neweap == NULL) {
243 wpa_printf(MSG_WARNING, "EAP-TTLS: "
244 "failed to allocate memory "
245 "for Phase 2 EAP data");
246 goto fail;
247 }
248 os_memcpy(neweap + parse->eap_len, dpos, dlen);
249 parse->eap = neweap;
250 parse->eap_len += dlen;
251 }
252 } else if (vendor_id == 0 &&
253 avp_code == RADIUS_ATTR_USER_NAME) {
254 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
255 dpos, dlen);
256 parse->user_name = dpos;
257 parse->user_name_len = dlen;
258 } else if (vendor_id == 0 &&
259 avp_code == RADIUS_ATTR_USER_PASSWORD) {
260 u8 *password = dpos;
261 size_t password_len = dlen;
262 while (password_len > 0 &&
263 password[password_len - 1] == '\0') {
264 password_len--;
265 }
266 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
267 "User-Password (PAP)",
268 password, password_len);
269 parse->user_password = password;
270 parse->user_password_len = password_len;
271 } else if (vendor_id == 0 &&
272 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
273 wpa_hexdump(MSG_DEBUG,
274 "EAP-TTLS: CHAP-Challenge (CHAP)",
275 dpos, dlen);
276 parse->chap_challenge = dpos;
277 parse->chap_challenge_len = dlen;
278 } else if (vendor_id == 0 &&
279 avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
280 wpa_hexdump(MSG_DEBUG,
281 "EAP-TTLS: CHAP-Password (CHAP)",
282 dpos, dlen);
283 parse->chap_password = dpos;
284 parse->chap_password_len = dlen;
285 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
286 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
287 wpa_hexdump(MSG_DEBUG,
288 "EAP-TTLS: MS-CHAP-Challenge",
289 dpos, dlen);
290 parse->mschap_challenge = dpos;
291 parse->mschap_challenge_len = dlen;
292 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
293 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
294 wpa_hexdump(MSG_DEBUG,
295 "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
296 dpos, dlen);
297 parse->mschap_response = dpos;
298 parse->mschap_response_len = dlen;
299 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
300 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
301 wpa_hexdump(MSG_DEBUG,
302 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
303 dpos, dlen);
304 parse->mschap2_response = dpos;
305 parse->mschap2_response_len = dlen;
306 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
307 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
308 "mandatory AVP code %d vendor_id %d - "
309 "dropped", (int) avp_code, (int) vendor_id);
310 goto fail;
311 } else {
312 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
313 "AVP code %d vendor_id %d",
314 (int) avp_code, (int) vendor_id);
315 }
316
317 pad = (4 - (avp_length & 3)) & 3;
318 pos += avp_length + pad;
319 left -= avp_length + pad;
320 }
321
322 return 0;
323
324 fail:
325 os_free(parse->eap);
326 parse->eap = NULL;
327 return -1;
328 }
329
330
eap_ttls_implicit_challenge(struct eap_sm * sm,struct eap_ttls_data * data,size_t len)331 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
332 struct eap_ttls_data *data, size_t len)
333 {
334 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
335 NULL, 0, len);
336 }
337
338
eap_ttls_init(struct eap_sm * sm)339 static void * eap_ttls_init(struct eap_sm *sm)
340 {
341 struct eap_ttls_data *data;
342
343 data = os_zalloc(sizeof(*data));
344 if (data == NULL)
345 return NULL;
346 data->ttls_version = EAP_TTLS_VERSION;
347 data->state = START;
348
349 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) {
350 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
351 eap_ttls_reset(sm, data);
352 return NULL;
353 }
354
355 return data;
356 }
357
358
eap_ttls_reset(struct eap_sm * sm,void * priv)359 static void eap_ttls_reset(struct eap_sm *sm, void *priv)
360 {
361 struct eap_ttls_data *data = priv;
362 if (data == NULL)
363 return;
364 if (data->phase2_priv && data->phase2_method)
365 data->phase2_method->reset(sm, data->phase2_priv);
366 eap_server_tls_ssl_deinit(sm, &data->ssl);
367 wpabuf_free(data->pending_phase2_eap_resp);
368 bin_clear_free(data, sizeof(*data));
369 }
370
371
eap_ttls_build_start(struct eap_sm * sm,struct eap_ttls_data * data,u8 id)372 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
373 struct eap_ttls_data *data, u8 id)
374 {
375 struct wpabuf *req;
376
377 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
378 EAP_CODE_REQUEST, id);
379 if (req == NULL) {
380 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
381 " request");
382 eap_ttls_state(data, FAILURE);
383 return NULL;
384 }
385
386 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
387
388 eap_ttls_state(data, PHASE1);
389
390 return req;
391 }
392
393
eap_ttls_build_phase2_eap_req(struct eap_sm * sm,struct eap_ttls_data * data,u8 id)394 static struct wpabuf * eap_ttls_build_phase2_eap_req(
395 struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
396 {
397 struct wpabuf *buf, *encr_req;
398
399
400 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
401 if (buf == NULL)
402 return NULL;
403
404 wpa_hexdump_buf_key(MSG_DEBUG,
405 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
406
407 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
408 if (buf == NULL) {
409 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
410 "packet");
411 return NULL;
412 }
413
414 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
415 "Phase 2 data", buf);
416
417 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
418 wpabuf_free(buf);
419
420 return encr_req;
421 }
422
423
eap_ttls_build_phase2_mschapv2(struct eap_sm * sm,struct eap_ttls_data * data)424 static struct wpabuf * eap_ttls_build_phase2_mschapv2(
425 struct eap_sm *sm, struct eap_ttls_data *data)
426 {
427 struct wpabuf *encr_req, msgbuf;
428 u8 *req, *pos, *end;
429 int ret;
430
431 pos = req = os_malloc(100);
432 if (req == NULL)
433 return NULL;
434 end = req + 100;
435
436 if (data->mschapv2_resp_ok) {
437 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
438 RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
439 *pos++ = data->mschapv2_ident;
440 ret = os_snprintf((char *) pos, end - pos, "S=");
441 if (!os_snprintf_error(end - pos, ret))
442 pos += ret;
443 pos += wpa_snprintf_hex_uppercase(
444 (char *) pos, end - pos, data->mschapv2_auth_response,
445 sizeof(data->mschapv2_auth_response));
446 } else {
447 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
448 RADIUS_VENDOR_ID_MICROSOFT, 1, 7);
449 *pos++ = data->mschapv2_ident;
450 os_memcpy(pos, "Failed", 6);
451 pos += 6;
452 AVP_PAD(req, pos);
453 }
454
455 wpabuf_set(&msgbuf, req, pos - req);
456 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
457 "data", &msgbuf);
458
459 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
460 os_free(req);
461
462 return encr_req;
463 }
464
465
eap_ttls_buildReq(struct eap_sm * sm,void * priv,u8 id)466 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
467 {
468 struct eap_ttls_data *data = priv;
469
470 if (data->ssl.state == FRAG_ACK) {
471 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
472 data->ttls_version);
473 }
474
475 if (data->ssl.state == WAIT_FRAG_ACK) {
476 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
477 data->ttls_version, id);
478 }
479
480 switch (data->state) {
481 case START:
482 return eap_ttls_build_start(sm, data, id);
483 case PHASE1:
484 if (tls_connection_established(sm->cfg->ssl_ctx,
485 data->ssl.conn)) {
486 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
487 "starting Phase2");
488 eap_ttls_state(data, PHASE2_START);
489 }
490 break;
491 case PHASE2_METHOD:
492 wpabuf_free(data->ssl.tls_out);
493 data->ssl.tls_out_pos = 0;
494 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
495 id);
496 break;
497 case PHASE2_MSCHAPV2_RESP:
498 wpabuf_free(data->ssl.tls_out);
499 data->ssl.tls_out_pos = 0;
500 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
501 break;
502 default:
503 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
504 __func__, data->state);
505 return NULL;
506 }
507
508 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
509 data->ttls_version, id);
510 }
511
512
eap_ttls_check(struct eap_sm * sm,void * priv,struct wpabuf * respData)513 static bool eap_ttls_check(struct eap_sm *sm, void *priv,
514 struct wpabuf *respData)
515 {
516 const u8 *pos;
517 size_t len;
518
519 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
520 if (pos == NULL || len < 1) {
521 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
522 return true;
523 }
524
525 return false;
526 }
527
528
eap_ttls_process_phase2_pap(struct eap_sm * sm,struct eap_ttls_data * data,const u8 * user_password,size_t user_password_len)529 static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
530 struct eap_ttls_data *data,
531 const u8 *user_password,
532 size_t user_password_len)
533 {
534 if (!sm->user || !sm->user->password || sm->user->password_hash ||
535 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
536 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
537 "password configured");
538 eap_ttls_state(data, FAILURE);
539 return;
540 }
541
542 if (sm->user->password_len != user_password_len ||
543 os_memcmp_const(sm->user->password, user_password,
544 user_password_len) != 0) {
545 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
546 eap_ttls_state(data, FAILURE);
547 return;
548 }
549
550 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
551 eap_ttls_state(data, SUCCESS);
552 eap_ttls_valid_session(sm, data);
553 }
554
555
eap_ttls_process_phase2_chap(struct eap_sm * sm,struct eap_ttls_data * data,const u8 * challenge,size_t challenge_len,const u8 * password,size_t password_len)556 static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
557 struct eap_ttls_data *data,
558 const u8 *challenge,
559 size_t challenge_len,
560 const u8 *password,
561 size_t password_len)
562 {
563 u8 *chal, hash[CHAP_MD5_LEN];
564
565 if (challenge == NULL || password == NULL ||
566 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
567 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
568 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
569 "(challenge len %lu password len %lu)",
570 (unsigned long) challenge_len,
571 (unsigned long) password_len);
572 eap_ttls_state(data, FAILURE);
573 return;
574 }
575
576 if (!sm->user || !sm->user->password || sm->user->password_hash ||
577 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
578 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
579 "password configured");
580 eap_ttls_state(data, FAILURE);
581 return;
582 }
583
584 chal = eap_ttls_implicit_challenge(sm, data,
585 EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
586 if (chal == NULL) {
587 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
588 "challenge from TLS data");
589 eap_ttls_state(data, FAILURE);
590 return;
591 }
592
593 if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN)
594 != 0 ||
595 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
596 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
597 os_free(chal);
598 eap_ttls_state(data, FAILURE);
599 return;
600 }
601 os_free(chal);
602
603 /* MD5(Ident + Password + Challenge) */
604 chap_md5(password[0], sm->user->password, sm->user->password_len,
605 challenge, challenge_len, hash);
606
607 if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) ==
608 0) {
609 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
610 eap_ttls_state(data, SUCCESS);
611 eap_ttls_valid_session(sm, data);
612 } else {
613 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
614 eap_ttls_state(data, FAILURE);
615 }
616 }
617
618
eap_ttls_process_phase2_mschap(struct eap_sm * sm,struct eap_ttls_data * data,u8 * challenge,size_t challenge_len,u8 * response,size_t response_len)619 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
620 struct eap_ttls_data *data,
621 u8 *challenge, size_t challenge_len,
622 u8 *response, size_t response_len)
623 {
624 u8 *chal, nt_response[24];
625
626 if (challenge == NULL || response == NULL ||
627 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
628 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
629 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
630 "attributes (challenge len %lu response len %lu)",
631 (unsigned long) challenge_len,
632 (unsigned long) response_len);
633 eap_ttls_state(data, FAILURE);
634 return;
635 }
636
637 if (!sm->user || !sm->user->password ||
638 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
639 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
640 "configured");
641 eap_ttls_state(data, FAILURE);
642 return;
643 }
644
645 chal = eap_ttls_implicit_challenge(sm, data,
646 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
647 if (chal == NULL) {
648 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
649 "challenge from TLS data");
650 eap_ttls_state(data, FAILURE);
651 return;
652 }
653
654 #ifdef CONFIG_TESTING_OPTIONS
655 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP",
656 sm->identity, sm->identity_len,
657 challenge, response + 2 + 24);
658 #endif /* CONFIG_TESTING_OPTIONS */
659
660 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
661 != 0 ||
662 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
663 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
664 os_free(chal);
665 eap_ttls_state(data, FAILURE);
666 return;
667 }
668 os_free(chal);
669
670 if ((sm->user->password_hash &&
671 challenge_response(challenge, sm->user->password, nt_response)) ||
672 (!sm->user->password_hash &&
673 nt_challenge_response(challenge, sm->user->password,
674 sm->user->password_len, nt_response))) {
675 eap_ttls_state(data, FAILURE);
676 return;
677 }
678
679 if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
680 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
681 eap_ttls_state(data, SUCCESS);
682 eap_ttls_valid_session(sm, data);
683 } else {
684 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
685 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
686 response + 2 + 24, 24);
687 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
688 nt_response, 24);
689 eap_ttls_state(data, FAILURE);
690 }
691 }
692
693
eap_ttls_process_phase2_mschapv2(struct eap_sm * sm,struct eap_ttls_data * data,u8 * challenge,size_t challenge_len,u8 * response,size_t response_len)694 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
695 struct eap_ttls_data *data,
696 u8 *challenge,
697 size_t challenge_len,
698 u8 *response, size_t response_len)
699 {
700 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
701 *auth_challenge;
702 size_t username_len, i;
703
704 if (challenge == NULL || response == NULL ||
705 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
706 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
707 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
708 "attributes (challenge len %lu response len %lu)",
709 (unsigned long) challenge_len,
710 (unsigned long) response_len);
711 eap_ttls_state(data, FAILURE);
712 return;
713 }
714
715 if (!sm->user || !sm->user->password ||
716 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
717 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
718 "configured");
719 eap_ttls_state(data, FAILURE);
720 return;
721 }
722
723 if (sm->identity == NULL) {
724 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity "
725 "known");
726 eap_ttls_state(data, FAILURE);
727 return;
728 }
729
730 /* MSCHAPv2 does not include optional domain name in the
731 * challenge-response calculation, so remove domain prefix
732 * (if present). */
733 username = sm->identity;
734 username_len = sm->identity_len;
735 for (i = 0; i < username_len; i++) {
736 if (username[i] == '\\') {
737 username_len -= i + 1;
738 username += i + 1;
739 break;
740 }
741 }
742
743 chal = eap_ttls_implicit_challenge(
744 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
745 if (chal == NULL) {
746 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
747 "challenge from TLS data");
748 eap_ttls_state(data, FAILURE);
749 return;
750 }
751
752 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN)
753 != 0 ||
754 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
755 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
756 os_free(chal);
757 eap_ttls_state(data, FAILURE);
758 return;
759 }
760 os_free(chal);
761
762 auth_challenge = challenge;
763 peer_challenge = response + 2;
764
765 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
766 username, username_len);
767 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
768 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
769 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
770 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
771
772 if (sm->user->password_hash) {
773 generate_nt_response_pwhash(auth_challenge, peer_challenge,
774 username, username_len,
775 sm->user->password,
776 nt_response);
777 } else {
778 generate_nt_response(auth_challenge, peer_challenge,
779 username, username_len,
780 sm->user->password,
781 sm->user->password_len,
782 nt_response);
783 }
784
785 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
786 #ifdef CONFIG_TESTING_OPTIONS
787 {
788 u8 challenge2[8];
789
790 if (challenge_hash(peer_challenge, auth_challenge,
791 username, username_len, challenge2) == 0) {
792 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2",
793 username, username_len,
794 challenge2, rx_resp);
795 }
796 }
797 #endif /* CONFIG_TESTING_OPTIONS */
798 if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
799 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
800 "NT-Response");
801 data->mschapv2_resp_ok = 1;
802
803 if (sm->user->password_hash) {
804 generate_authenticator_response_pwhash(
805 sm->user->password,
806 peer_challenge, auth_challenge,
807 username, username_len, nt_response,
808 data->mschapv2_auth_response);
809 } else {
810 generate_authenticator_response(
811 sm->user->password, sm->user->password_len,
812 peer_challenge, auth_challenge,
813 username, username_len, nt_response,
814 data->mschapv2_auth_response);
815 }
816 } else {
817 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
818 "NT-Response");
819 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
820 rx_resp, 24);
821 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
822 nt_response, 24);
823 data->mschapv2_resp_ok = 0;
824 }
825 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
826 data->mschapv2_ident = response[0];
827 }
828
829
eap_ttls_phase2_eap_init(struct eap_sm * sm,struct eap_ttls_data * data,int vendor,enum eap_type eap_type)830 static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
831 struct eap_ttls_data *data,
832 int vendor, enum eap_type eap_type)
833 {
834 if (data->phase2_priv && data->phase2_method) {
835 data->phase2_method->reset(sm, data->phase2_priv);
836 data->phase2_method = NULL;
837 data->phase2_priv = NULL;
838 }
839 data->phase2_method = eap_server_get_eap_method(vendor, eap_type);
840 if (!data->phase2_method)
841 return -1;
842
843 sm->init_phase2 = 1;
844 data->phase2_priv = data->phase2_method->init(sm);
845 sm->init_phase2 = 0;
846 return data->phase2_priv == NULL ? -1 : 0;
847 }
848
849
eap_ttls_process_phase2_eap_response(struct eap_sm * sm,struct eap_ttls_data * data,u8 * in_data,size_t in_len)850 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
851 struct eap_ttls_data *data,
852 u8 *in_data, size_t in_len)
853 {
854 int next_vendor = EAP_VENDOR_IETF;
855 enum eap_type next_type = EAP_TYPE_NONE;
856 struct eap_hdr *hdr;
857 u8 *pos;
858 size_t left;
859 struct wpabuf buf;
860 const struct eap_method *m = data->phase2_method;
861 void *priv = data->phase2_priv;
862
863 if (priv == NULL) {
864 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
865 "initialized?!", __func__);
866 return;
867 }
868
869 hdr = (struct eap_hdr *) in_data;
870 pos = (u8 *) (hdr + 1);
871
872 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
873 left = in_len - sizeof(*hdr);
874 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
875 "allowed types", pos + 1, left - 1);
876 eap_sm_process_nak(sm, pos + 1, left - 1);
877 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
878 sm->user->methods[sm->user_eap_method_index].method !=
879 EAP_TYPE_NONE) {
880 next_vendor = sm->user->methods[
881 sm->user_eap_method_index].vendor;
882 next_type = sm->user->methods[
883 sm->user_eap_method_index++].method;
884 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u",
885 next_vendor, next_type);
886 if (eap_ttls_phase2_eap_init(sm, data, next_vendor,
887 next_type)) {
888 wpa_printf(MSG_DEBUG,
889 "EAP-TTLS: Failed to initialize EAP type %u:%u",
890 next_vendor, next_type);
891 eap_ttls_state(data, FAILURE);
892 return;
893 }
894 } else {
895 eap_ttls_state(data, FAILURE);
896 }
897 return;
898 }
899
900 wpabuf_set(&buf, in_data, in_len);
901
902 if (m->check(sm, priv, &buf)) {
903 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
904 "ignore the packet");
905 return;
906 }
907
908 m->process(sm, priv, &buf);
909
910 if (sm->method_pending == METHOD_PENDING_WAIT) {
911 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
912 "pending wait state - save decrypted response");
913 wpabuf_free(data->pending_phase2_eap_resp);
914 data->pending_phase2_eap_resp = wpabuf_dup(&buf);
915 }
916
917 if (!m->isDone(sm, priv))
918 return;
919
920 if (!m->isSuccess(sm, priv)) {
921 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
922 eap_ttls_state(data, FAILURE);
923 return;
924 }
925
926 switch (data->state) {
927 case PHASE2_START:
928 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
929 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
930 "Identity not found in the user "
931 "database",
932 sm->identity, sm->identity_len);
933 eap_ttls_state(data, FAILURE);
934 break;
935 }
936
937 eap_ttls_state(data, PHASE2_METHOD);
938 next_vendor = sm->user->methods[0].vendor;
939 next_type = sm->user->methods[0].method;
940 sm->user_eap_method_index = 1;
941 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u",
942 next_vendor, next_type);
943 if (eap_ttls_phase2_eap_init(sm, data, next_vendor,
944 next_type)) {
945 wpa_printf(MSG_DEBUG,
946 "EAP-TTLS: Failed to initialize EAP type %u:%u",
947 next_vendor, next_type);
948 eap_ttls_state(data, FAILURE);
949 }
950 break;
951 case PHASE2_METHOD:
952 eap_ttls_state(data, SUCCESS);
953 eap_ttls_valid_session(sm, data);
954 break;
955 case FAILURE:
956 break;
957 default:
958 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
959 __func__, data->state);
960 break;
961 }
962 }
963
964
eap_ttls_process_phase2_eap(struct eap_sm * sm,struct eap_ttls_data * data,const u8 * eap,size_t eap_len)965 static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
966 struct eap_ttls_data *data,
967 const u8 *eap, size_t eap_len)
968 {
969 struct eap_hdr *hdr;
970 size_t len;
971
972 if (data->state == PHASE2_START) {
973 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
974 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF,
975 EAP_TYPE_IDENTITY) < 0) {
976 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
977 "initialize EAP-Identity");
978 return;
979 }
980 }
981
982 if (eap_len < sizeof(*hdr)) {
983 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
984 "packet (len=%lu)", (unsigned long) eap_len);
985 return;
986 }
987
988 hdr = (struct eap_hdr *) eap;
989 len = be_to_host16(hdr->length);
990 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
991 "identifier=%d length=%lu", hdr->code, hdr->identifier,
992 (unsigned long) len);
993 if (len > eap_len) {
994 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
995 " EAP frame (hdr len=%lu, data len in AVP=%lu)",
996 (unsigned long) len, (unsigned long) eap_len);
997 return;
998 }
999
1000 switch (hdr->code) {
1001 case EAP_CODE_RESPONSE:
1002 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
1003 len);
1004 break;
1005 default:
1006 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
1007 "Phase 2 EAP header", hdr->code);
1008 break;
1009 }
1010 }
1011
1012
eap_ttls_process_phase2(struct eap_sm * sm,struct eap_ttls_data * data,struct wpabuf * in_buf)1013 static void eap_ttls_process_phase2(struct eap_sm *sm,
1014 struct eap_ttls_data *data,
1015 struct wpabuf *in_buf)
1016 {
1017 struct wpabuf *in_decrypted;
1018 struct eap_ttls_avp parse;
1019
1020 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
1021 " Phase 2", (unsigned long) wpabuf_len(in_buf));
1022
1023 if (data->pending_phase2_eap_resp) {
1024 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
1025 "- skip decryption and use old data");
1026 eap_ttls_process_phase2_eap(
1027 sm, data, wpabuf_head(data->pending_phase2_eap_resp),
1028 wpabuf_len(data->pending_phase2_eap_resp));
1029 wpabuf_free(data->pending_phase2_eap_resp);
1030 data->pending_phase2_eap_resp = NULL;
1031 return;
1032 }
1033
1034 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,
1035 in_buf);
1036 if (in_decrypted == NULL) {
1037 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
1038 "data");
1039 eap_ttls_state(data, FAILURE);
1040 return;
1041 }
1042
1043 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
1044 in_decrypted);
1045
1046 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
1047 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
1048 wpabuf_free(in_decrypted);
1049 eap_ttls_state(data, FAILURE);
1050 return;
1051 }
1052
1053 if (parse.user_name) {
1054 char *nbuf;
1055 nbuf = os_malloc(parse.user_name_len * 4 + 1);
1056 if (nbuf) {
1057 printf_encode(nbuf, parse.user_name_len * 4 + 1,
1058 parse.user_name,
1059 parse.user_name_len);
1060 eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
1061 os_free(nbuf);
1062 }
1063
1064 os_free(sm->identity);
1065 sm->identity = os_memdup(parse.user_name, parse.user_name_len);
1066 if (sm->identity == NULL) {
1067 eap_ttls_state(data, FAILURE);
1068 goto done;
1069 }
1070 sm->identity_len = parse.user_name_len;
1071 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
1072 != 0) {
1073 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
1074 "found in the user database");
1075 eap_ttls_state(data, FAILURE);
1076 goto done;
1077 }
1078 }
1079
1080 #ifdef EAP_SERVER_TNC
1081 if (data->tnc_started && parse.eap == NULL) {
1082 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1083 "response from peer");
1084 eap_ttls_state(data, FAILURE);
1085 goto done;
1086 }
1087 #endif /* EAP_SERVER_TNC */
1088
1089 if (parse.eap) {
1090 eap_ttls_process_phase2_eap(sm, data, parse.eap,
1091 parse.eap_len);
1092 } else if (parse.user_password) {
1093 eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1094 parse.user_password_len);
1095 } else if (parse.chap_password) {
1096 eap_ttls_process_phase2_chap(sm, data,
1097 parse.chap_challenge,
1098 parse.chap_challenge_len,
1099 parse.chap_password,
1100 parse.chap_password_len);
1101 } else if (parse.mschap_response) {
1102 eap_ttls_process_phase2_mschap(sm, data,
1103 parse.mschap_challenge,
1104 parse.mschap_challenge_len,
1105 parse.mschap_response,
1106 parse.mschap_response_len);
1107 } else if (parse.mschap2_response) {
1108 eap_ttls_process_phase2_mschapv2(sm, data,
1109 parse.mschap_challenge,
1110 parse.mschap_challenge_len,
1111 parse.mschap2_response,
1112 parse.mschap2_response_len);
1113 }
1114
1115 done:
1116 wpabuf_free(in_decrypted);
1117 os_free(parse.eap);
1118 }
1119
1120
eap_ttls_start_tnc(struct eap_sm * sm,struct eap_ttls_data * data)1121 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1122 {
1123 #ifdef EAP_SERVER_TNC
1124 if (!sm->cfg->tnc || data->state != SUCCESS || data->tnc_started)
1125 return;
1126
1127 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1128 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_TNC)) {
1129 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1130 eap_ttls_state(data, FAILURE);
1131 return;
1132 }
1133
1134 data->tnc_started = 1;
1135 eap_ttls_state(data, PHASE2_METHOD);
1136 #endif /* EAP_SERVER_TNC */
1137 }
1138
1139
eap_ttls_process_version(struct eap_sm * sm,void * priv,int peer_version)1140 static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1141 int peer_version)
1142 {
1143 struct eap_ttls_data *data = priv;
1144 if (peer_version < data->ttls_version) {
1145 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1146 "use version %d",
1147 peer_version, data->ttls_version, peer_version);
1148 data->ttls_version = peer_version;
1149 }
1150
1151 return 0;
1152 }
1153
1154
eap_ttls_process_msg(struct eap_sm * sm,void * priv,const struct wpabuf * respData)1155 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1156 const struct wpabuf *respData)
1157 {
1158 struct eap_ttls_data *data = priv;
1159
1160 switch (data->state) {
1161 case PHASE1:
1162 if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1163 eap_ttls_state(data, FAILURE);
1164 break;
1165 case PHASE2_START:
1166 case PHASE2_METHOD:
1167 eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1168 eap_ttls_start_tnc(sm, data);
1169 break;
1170 case PHASE2_MSCHAPV2_RESP:
1171 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1172 0) {
1173 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1174 "acknowledged response");
1175 eap_ttls_state(data, SUCCESS);
1176 eap_ttls_valid_session(sm, data);
1177 } else if (!data->mschapv2_resp_ok) {
1178 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1179 "acknowledged error");
1180 eap_ttls_state(data, FAILURE);
1181 } else {
1182 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1183 "frame from peer (payload len %lu, "
1184 "expected empty frame)",
1185 (unsigned long)
1186 wpabuf_len(data->ssl.tls_in));
1187 eap_ttls_state(data, FAILURE);
1188 }
1189 eap_ttls_start_tnc(sm, data);
1190 break;
1191 default:
1192 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1193 data->state, __func__);
1194 break;
1195 }
1196 }
1197
1198
eap_ttls_process(struct eap_sm * sm,void * priv,struct wpabuf * respData)1199 static void eap_ttls_process(struct eap_sm *sm, void *priv,
1200 struct wpabuf *respData)
1201 {
1202 struct eap_ttls_data *data = priv;
1203 const struct wpabuf *buf;
1204 const u8 *pos;
1205 u8 id_len;
1206
1207 if (eap_server_tls_process(sm, &data->ssl, respData, data,
1208 EAP_TYPE_TTLS, eap_ttls_process_version,
1209 eap_ttls_process_msg) < 0) {
1210 eap_ttls_state(data, FAILURE);
1211 return;
1212 }
1213
1214 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
1215 !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
1216 return;
1217
1218 buf = tls_connection_get_success_data(data->ssl.conn);
1219 if (!buf || wpabuf_len(buf) < 1) {
1220 wpa_printf(MSG_DEBUG,
1221 "EAP-TTLS: No success data in resumed session - reject attempt");
1222 eap_ttls_state(data, FAILURE);
1223 return;
1224 }
1225
1226 pos = wpabuf_head(buf);
1227 if (*pos != EAP_TYPE_TTLS) {
1228 wpa_printf(MSG_DEBUG,
1229 "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt",
1230 *pos);
1231 eap_ttls_state(data, FAILURE);
1232 return;
1233 }
1234
1235 pos++;
1236 id_len = *pos++;
1237 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session",
1238 pos, id_len);
1239 os_free(sm->identity);
1240 sm->identity = os_malloc(id_len ? id_len : 1);
1241 if (!sm->identity) {
1242 sm->identity_len = 0;
1243 eap_ttls_state(data, FAILURE);
1244 return;
1245 }
1246
1247 os_memcpy(sm->identity, pos, id_len);
1248 sm->identity_len = id_len;
1249
1250 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1251 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database",
1252 sm->identity, sm->identity_len);
1253 eap_ttls_state(data, FAILURE);
1254 return;
1255 }
1256
1257 wpa_printf(MSG_DEBUG,
1258 "EAP-TTLS: Resuming previous session - skip Phase2");
1259 eap_ttls_state(data, SUCCESS);
1260 tls_connection_set_success_data_resumed(data->ssl.conn);
1261 }
1262
1263
eap_ttls_isDone(struct eap_sm * sm,void * priv)1264 static bool eap_ttls_isDone(struct eap_sm *sm, void *priv)
1265 {
1266 struct eap_ttls_data *data = priv;
1267 return data->state == SUCCESS || data->state == FAILURE;
1268 }
1269
1270
eap_ttls_getKey(struct eap_sm * sm,void * priv,size_t * len)1271 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1272 {
1273 struct eap_ttls_data *data = priv;
1274 u8 *eapKeyData;
1275 const char *label;
1276 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS };
1277 const u8 *context = NULL;
1278 size_t context_len = 0;
1279
1280 if (data->state != SUCCESS)
1281 return NULL;
1282
1283 if (data->ssl.tls_v13) {
1284 label = "EXPORTER_EAP_TLS_Key_Material";
1285 context = eap_tls13_context;
1286 context_len = sizeof(eap_tls13_context);
1287 } else {
1288 label = "ttls keying material";
1289 }
1290
1291 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1292 label, context, context_len,
1293 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1294 if (eapKeyData) {
1295 *len = EAP_TLS_KEY_LEN;
1296 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1297 eapKeyData, EAP_TLS_KEY_LEN);
1298 } else {
1299 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1300 }
1301
1302 return eapKeyData;
1303 }
1304
1305
eap_ttls_isSuccess(struct eap_sm * sm,void * priv)1306 static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1307 {
1308 struct eap_ttls_data *data = priv;
1309 return data->state == SUCCESS;
1310 }
1311
1312
eap_ttls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)1313 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1314 {
1315 struct eap_ttls_data *data = priv;
1316
1317 if (data->state != SUCCESS)
1318 return NULL;
1319
1320 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS,
1321 len);
1322 }
1323
1324
eap_ttls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)1325 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1326 {
1327 struct eap_ttls_data *data = priv;
1328 u8 *eapKeyData, *emsk;
1329 const char *label;
1330 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS };
1331 const u8 *context = NULL;
1332 size_t context_len = 0;
1333
1334 if (data->state != SUCCESS)
1335 return NULL;
1336
1337 if (data->ssl.tls_v13) {
1338 label = "EXPORTER_EAP_TLS_Key_Material";
1339 context = eap_tls13_context;
1340 context_len = sizeof(eap_tls13_context);
1341 } else {
1342 label = "ttls keying material";
1343 }
1344
1345 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1346 label, context, context_len,
1347 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1348 if (eapKeyData) {
1349 emsk = os_malloc(EAP_EMSK_LEN);
1350 if (emsk)
1351 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
1352 EAP_EMSK_LEN);
1353 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1354 } else
1355 emsk = NULL;
1356
1357 if (emsk) {
1358 *len = EAP_EMSK_LEN;
1359 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK",
1360 emsk, EAP_EMSK_LEN);
1361 } else {
1362 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK");
1363 }
1364
1365 return emsk;
1366 }
1367
1368
eap_server_ttls_register(void)1369 int eap_server_ttls_register(void)
1370 {
1371 struct eap_method *eap;
1372
1373 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1374 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1375 if (eap == NULL)
1376 return -1;
1377
1378 eap->init = eap_ttls_init;
1379 eap->reset = eap_ttls_reset;
1380 eap->buildReq = eap_ttls_buildReq;
1381 eap->check = eap_ttls_check;
1382 eap->process = eap_ttls_process;
1383 eap->isDone = eap_ttls_isDone;
1384 eap->getKey = eap_ttls_getKey;
1385 eap->isSuccess = eap_ttls_isSuccess;
1386 eap->getSessionId = eap_ttls_get_session_id;
1387 eap->get_emsk = eap_ttls_get_emsk;
1388
1389 return eap_server_method_register(eap);
1390 }
1391