1 /*
2 * EAP peer method: EAP-TLS (RFC 5216, RFC 9190)
3 * Copyright (c) 2004-2008, 2012-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/tls.h"
13 #include "eap_i.h"
14 #include "eap_tls_common.h"
15 #include "eap_config.h"
16
17
18 static void eap_tls_deinit(struct eap_sm *sm, void *priv);
19
20
21 struct eap_tls_data {
22 struct eap_ssl_data ssl;
23 u8 *key_data;
24 u8 *session_id;
25 size_t id_len;
26 void *ssl_ctx;
27 u8 eap_type;
28 struct wpabuf *pending_resp;
29 bool prot_success_received;
30 };
31
32
eap_tls_init(struct eap_sm * sm)33 static void * eap_tls_init(struct eap_sm *sm)
34 {
35 struct eap_tls_data *data;
36 struct eap_peer_config *config = eap_get_config(sm);
37 struct eap_peer_cert_config *cert;
38
39 if (!config)
40 return NULL;
41 if (!sm->init_phase2)
42 cert = &config->cert;
43 else if (sm->use_machine_cred)
44 cert = &config->machine_cert;
45 else
46 cert = &config->phase2_cert;
47 if (!cert->private_key && cert->engine == 0) {
48 wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
49 return NULL;
50 }
51
52 data = os_zalloc(sizeof(*data));
53 if (data == NULL)
54 return NULL;
55
56 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
57 sm->ssl_ctx;
58
59 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TLS)) {
60 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
61 eap_tls_deinit(sm, data);
62 if (cert->engine) {
63 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting Smartcard "
64 "PIN");
65 eap_sm_request_pin(sm);
66 sm->ignore = true;
67 } else if (cert->private_key && !cert->private_key_passwd) {
68 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting private "
69 "key passphrase");
70 eap_sm_request_passphrase(sm);
71 sm->ignore = true;
72 }
73 return NULL;
74 }
75
76 data->eap_type = EAP_TYPE_TLS;
77
78 return data;
79 }
80
81
82 #ifdef EAP_UNAUTH_TLS
eap_unauth_tls_init(struct eap_sm * sm)83 static void * eap_unauth_tls_init(struct eap_sm *sm)
84 {
85 struct eap_tls_data *data;
86 struct eap_peer_config *config = eap_get_config(sm);
87
88 data = os_zalloc(sizeof(*data));
89 if (data == NULL)
90 return NULL;
91
92 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
93 sm->ssl_ctx;
94
95 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
96 EAP_UNAUTH_TLS_TYPE)) {
97 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
98 eap_tls_deinit(sm, data);
99 return NULL;
100 }
101
102 data->eap_type = EAP_UNAUTH_TLS_TYPE;
103
104 return data;
105 }
106 #endif /* EAP_UNAUTH_TLS */
107
108
109 #ifdef CONFIG_HS20
eap_wfa_unauth_tls_init(struct eap_sm * sm)110 static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
111 {
112 struct eap_tls_data *data;
113 struct eap_peer_config *config = eap_get_config(sm);
114
115 data = os_zalloc(sizeof(*data));
116 if (data == NULL)
117 return NULL;
118
119 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
120 sm->ssl_ctx;
121
122 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
123 EAP_WFA_UNAUTH_TLS_TYPE)) {
124 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
125 eap_tls_deinit(sm, data);
126 return NULL;
127 }
128
129 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
130
131 return data;
132 }
133 #endif /* CONFIG_HS20 */
134
135
eap_tls_free_key(struct eap_tls_data * data)136 static void eap_tls_free_key(struct eap_tls_data *data)
137 {
138 if (data->key_data) {
139 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
140 data->key_data = NULL;
141 }
142 }
143
144
eap_tls_deinit(struct eap_sm * sm,void * priv)145 static void eap_tls_deinit(struct eap_sm *sm, void *priv)
146 {
147 struct eap_tls_data *data = priv;
148 if (data == NULL)
149 return;
150 eap_peer_tls_ssl_deinit(sm, &data->ssl);
151 eap_tls_free_key(data);
152 os_free(data->session_id);
153 wpabuf_free(data->pending_resp);
154 os_free(data);
155 }
156
157
eap_tls_failure(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret,int res,struct wpabuf * resp,u8 id)158 static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
159 struct eap_tls_data *data,
160 struct eap_method_ret *ret, int res,
161 struct wpabuf *resp, u8 id)
162 {
163 wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
164
165 ret->methodState = METHOD_DONE;
166 ret->decision = DECISION_FAIL;
167
168 if (resp) {
169 /*
170 * This is likely an alert message, so send it instead of just
171 * ACKing the error.
172 */
173 return resp;
174 }
175
176 return eap_peer_tls_build_ack(id, data->eap_type, 0);
177 }
178
179
eap_tls_success(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret)180 static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
181 struct eap_method_ret *ret)
182 {
183 const char *label;
184 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
185 const u8 *context = NULL;
186 size_t context_len = 0;
187
188 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
189
190 if (data->ssl.tls_out) {
191 wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining");
192 return;
193 }
194
195 if (data->ssl.tls_v13) {
196 label = "EXPORTER_EAP_TLS_Key_Material";
197 context = eap_tls13_context;
198 context_len = 1;
199
200 /* A possible NewSessionTicket may be received before
201 * EAP-Success, so need to allow it to be received. */
202 ret->methodState = METHOD_MAY_CONT;
203 ret->decision = DECISION_COND_SUCC;
204 } else {
205 label = "client EAP encryption";
206
207 ret->methodState = METHOD_DONE;
208 ret->decision = DECISION_UNCOND_SUCC;
209 }
210
211 eap_tls_free_key(data);
212 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
213 context, context_len,
214 EAP_TLS_KEY_LEN +
215 EAP_EMSK_LEN);
216 if (data->key_data) {
217 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
218 data->key_data, EAP_TLS_KEY_LEN);
219 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived EMSK",
220 data->key_data + EAP_TLS_KEY_LEN,
221 EAP_EMSK_LEN);
222 } else {
223 wpa_printf(MSG_INFO, "EAP-TLS: Failed to derive key");
224 }
225
226 os_free(data->session_id);
227 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
228 EAP_TYPE_TLS,
229 &data->id_len);
230 if (data->session_id) {
231 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived Session-Id",
232 data->session_id, data->id_len);
233 } else {
234 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to derive Session-Id");
235 }
236 }
237
238
eap_tls_process(struct eap_sm * sm,void * priv,struct eap_method_ret * ret,const struct wpabuf * reqData)239 static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
240 struct eap_method_ret *ret,
241 const struct wpabuf *reqData)
242 {
243 size_t left;
244 int res;
245 struct wpabuf *resp;
246 u8 flags, id;
247 const u8 *pos;
248 struct eap_tls_data *data = priv;
249 struct wpabuf msg;
250
251 if (sm->waiting_ext_cert_check && data->pending_resp) {
252 struct eap_peer_config *config = eap_get_config(sm);
253
254 if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) {
255 wpa_printf(MSG_DEBUG,
256 "EAP-TLS: External certificate check succeeded - continue handshake");
257 resp = data->pending_resp;
258 data->pending_resp = NULL;
259 sm->waiting_ext_cert_check = 0;
260 return resp;
261 }
262
263 if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) {
264 wpa_printf(MSG_DEBUG,
265 "EAP-TLS: External certificate check failed - force authentication failure");
266 ret->methodState = METHOD_DONE;
267 ret->decision = DECISION_FAIL;
268 sm->waiting_ext_cert_check = 0;
269 return NULL;
270 }
271
272 wpa_printf(MSG_DEBUG,
273 "EAP-TLS: Continuing to wait external server certificate validation");
274 return NULL;
275 }
276
277 pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
278 reqData, &left, &flags);
279 if (pos == NULL)
280 return NULL;
281 id = eap_get_id(reqData);
282
283 if (flags & EAP_TLS_FLAGS_START) {
284 wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
285 left = 0; /* make sure that this frame is empty, even though it
286 * should always be, anyway */
287 }
288
289 resp = NULL;
290 wpabuf_set(&msg, pos, left);
291 res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
292 id, &msg, &resp);
293
294 if (res < 0) {
295 return eap_tls_failure(sm, data, ret, res, resp, id);
296 }
297
298 if (sm->waiting_ext_cert_check) {
299 wpa_printf(MSG_DEBUG,
300 "EAP-TLS: Waiting external server certificate validation");
301 wpabuf_free(data->pending_resp);
302 data->pending_resp = resp;
303 return NULL;
304 }
305
306 /* RFC 9190 Section 2.5 */
307 if (res == 2 && data->ssl.tls_v13 && wpabuf_len(resp) == 1 &&
308 *wpabuf_head_u8(resp) == 0) {
309 wpa_printf(MSG_DEBUG,
310 "EAP-TLS: ACKing protected success indication (appl data 0x00)");
311 eap_peer_tls_reset_output(&data->ssl);
312 res = 1;
313 ret->methodState = METHOD_DONE;
314 ret->decision = DECISION_UNCOND_SUCC;
315 data->prot_success_received = true;
316 }
317
318 if (tls_connection_established(data->ssl_ctx, data->ssl.conn) &&
319 (!data->ssl.tls_v13 || data->prot_success_received))
320 eap_tls_success(sm, data, ret);
321
322 if (res == 1) {
323 wpabuf_free(resp);
324 return eap_peer_tls_build_ack(id, data->eap_type, 0);
325 }
326
327 return resp;
328 }
329
330
eap_tls_has_reauth_data(struct eap_sm * sm,void * priv)331 static bool eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
332 {
333 struct eap_tls_data *data = priv;
334 return tls_connection_established(data->ssl_ctx, data->ssl.conn);
335 }
336
337
eap_tls_deinit_for_reauth(struct eap_sm * sm,void * priv)338 static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
339 {
340 struct eap_tls_data *data = priv;
341
342 wpabuf_free(data->pending_resp);
343 data->pending_resp = NULL;
344 data->prot_success_received = false;
345 }
346
347
eap_tls_init_for_reauth(struct eap_sm * sm,void * priv)348 static void * eap_tls_init_for_reauth(struct eap_sm *sm, void *priv)
349 {
350 struct eap_tls_data *data = priv;
351 eap_tls_free_key(data);
352 os_free(data->session_id);
353 data->session_id = NULL;
354 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
355 os_free(data);
356 return NULL;
357 }
358 return priv;
359 }
360
361
eap_tls_get_status(struct eap_sm * sm,void * priv,char * buf,size_t buflen,int verbose)362 static int eap_tls_get_status(struct eap_sm *sm, void *priv, char *buf,
363 size_t buflen, int verbose)
364 {
365 struct eap_tls_data *data = priv;
366 return eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
367 }
368
369
eap_tls_isKeyAvailable(struct eap_sm * sm,void * priv)370 static bool eap_tls_isKeyAvailable(struct eap_sm *sm, void *priv)
371 {
372 struct eap_tls_data *data = priv;
373 return data->key_data != NULL;
374 }
375
376
eap_tls_getKey(struct eap_sm * sm,void * priv,size_t * len)377 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
378 {
379 struct eap_tls_data *data = priv;
380 u8 *key;
381
382 if (data->key_data == NULL)
383 return NULL;
384
385 key = os_memdup(data->key_data, EAP_TLS_KEY_LEN);
386 if (key == NULL)
387 return NULL;
388
389 *len = EAP_TLS_KEY_LEN;
390
391 return key;
392 }
393
394
eap_tls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)395 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
396 {
397 struct eap_tls_data *data = priv;
398 u8 *key;
399
400 if (data->key_data == NULL)
401 return NULL;
402
403 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
404 if (key == NULL)
405 return NULL;
406
407 *len = EAP_EMSK_LEN;
408
409 return key;
410 }
411
412
eap_tls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)413 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
414 {
415 struct eap_tls_data *data = priv;
416 u8 *id;
417
418 if (data->session_id == NULL)
419 return NULL;
420
421 id = os_memdup(data->session_id, data->id_len);
422 if (id == NULL)
423 return NULL;
424
425 *len = data->id_len;
426
427 return id;
428 }
429
430
eap_peer_tls_register(void)431 int eap_peer_tls_register(void)
432 {
433 struct eap_method *eap;
434
435 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
436 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
437 if (eap == NULL)
438 return -1;
439
440 eap->init = eap_tls_init;
441 eap->deinit = eap_tls_deinit;
442 eap->process = eap_tls_process;
443 eap->isKeyAvailable = eap_tls_isKeyAvailable;
444 eap->getKey = eap_tls_getKey;
445 eap->getSessionId = eap_tls_get_session_id;
446 eap->get_status = eap_tls_get_status;
447 eap->has_reauth_data = eap_tls_has_reauth_data;
448 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
449 eap->init_for_reauth = eap_tls_init_for_reauth;
450 eap->get_emsk = eap_tls_get_emsk;
451
452 return eap_peer_method_register(eap);
453 }
454
455
456 #ifdef EAP_UNAUTH_TLS
eap_peer_unauth_tls_register(void)457 int eap_peer_unauth_tls_register(void)
458 {
459 struct eap_method *eap;
460
461 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
462 EAP_VENDOR_UNAUTH_TLS,
463 EAP_VENDOR_TYPE_UNAUTH_TLS, "UNAUTH-TLS");
464 if (eap == NULL)
465 return -1;
466
467 eap->init = eap_unauth_tls_init;
468 eap->deinit = eap_tls_deinit;
469 eap->process = eap_tls_process;
470 eap->isKeyAvailable = eap_tls_isKeyAvailable;
471 eap->getKey = eap_tls_getKey;
472 eap->get_status = eap_tls_get_status;
473 eap->has_reauth_data = eap_tls_has_reauth_data;
474 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
475 eap->init_for_reauth = eap_tls_init_for_reauth;
476 eap->get_emsk = eap_tls_get_emsk;
477
478 return eap_peer_method_register(eap);
479 }
480 #endif /* EAP_UNAUTH_TLS */
481
482
483 #ifdef CONFIG_HS20
eap_peer_wfa_unauth_tls_register(void)484 int eap_peer_wfa_unauth_tls_register(void)
485 {
486 struct eap_method *eap;
487
488 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
489 EAP_VENDOR_WFA_NEW,
490 EAP_VENDOR_WFA_UNAUTH_TLS,
491 "WFA-UNAUTH-TLS");
492 if (eap == NULL)
493 return -1;
494
495 eap->init = eap_wfa_unauth_tls_init;
496 eap->deinit = eap_tls_deinit;
497 eap->process = eap_tls_process;
498 eap->isKeyAvailable = eap_tls_isKeyAvailable;
499 eap->getKey = eap_tls_getKey;
500 eap->get_status = eap_tls_get_status;
501 eap->has_reauth_data = eap_tls_has_reauth_data;
502 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
503 eap->init_for_reauth = eap_tls_init_for_reauth;
504 eap->get_emsk = eap_tls_get_emsk;
505
506 return eap_peer_method_register(eap);
507 }
508 #endif /* CONFIG_HS20 */
509