xref: /freebsd/contrib/wpa/src/eap_peer/eap_ttls.c (revision 5ab1c5846ff41be24b1f6beb0317bf8258cd4409)
1 /*
2  * EAP peer method: EAP-TTLS (RFC 5281)
3  * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/ms_funcs.h"
13 #include "crypto/sha1.h"
14 #include "crypto/tls.h"
15 #include "eap_common/chap.h"
16 #include "eap_common/eap_ttls.h"
17 #include "mschapv2.h"
18 #include "eap_i.h"
19 #include "eap_tls_common.h"
20 #include "eap_config.h"
21 
22 
23 #define EAP_TTLS_VERSION 0
24 
25 
26 static void eap_ttls_deinit(struct eap_sm *sm, void *priv);
27 
28 
29 struct eap_ttls_data {
30 	struct eap_ssl_data ssl;
31 
32 	int ttls_version;
33 
34 	const struct eap_method *phase2_method;
35 	void *phase2_priv;
36 	int phase2_success;
37 	int phase2_start;
38 	EapDecision decision_succ;
39 
40 	enum phase2_types {
41 		EAP_TTLS_PHASE2_EAP,
42 		EAP_TTLS_PHASE2_MSCHAPV2,
43 		EAP_TTLS_PHASE2_MSCHAP,
44 		EAP_TTLS_PHASE2_PAP,
45 		EAP_TTLS_PHASE2_CHAP
46 	} phase2_type;
47 	struct eap_method_type phase2_eap_type;
48 	struct eap_method_type *phase2_eap_types;
49 	size_t num_phase2_eap_types;
50 
51 	u8 auth_response[MSCHAPV2_AUTH_RESPONSE_LEN];
52 	int auth_response_valid;
53 	u8 master_key[MSCHAPV2_MASTER_KEY_LEN]; /* MSCHAPv2 master key */
54 	u8 ident;
55 	int resuming; /* starting a resumed session */
56 	int reauth; /* reauthentication */
57 	u8 *key_data;
58 	u8 *session_id;
59 	size_t id_len;
60 
61 	struct wpabuf *pending_phase2_req;
62 	struct wpabuf *pending_resp;
63 
64 #ifdef EAP_TNC
65 	int ready_for_tnc;
66 	int tnc_started;
67 #endif /* EAP_TNC */
68 };
69 
70 
71 static void * eap_ttls_init(struct eap_sm *sm)
72 {
73 	struct eap_ttls_data *data;
74 	struct eap_peer_config *config = eap_get_config(sm);
75 	int selected_non_eap;
76 	char *selected;
77 
78 	data = os_zalloc(sizeof(*data));
79 	if (data == NULL)
80 		return NULL;
81 	data->ttls_version = EAP_TTLS_VERSION;
82 	selected = "EAP";
83 	selected_non_eap = 0;
84 	data->phase2_type = EAP_TTLS_PHASE2_EAP;
85 
86 	/*
87 	 * Either one auth= type or one or more autheap= methods can be
88 	 * specified.
89 	 */
90 	if (config && config->phase2) {
91 		const char *token, *last = NULL;
92 
93 		while ((token = cstr_token(config->phase2, " \t", &last))) {
94 			if (os_strncmp(token, "auth=", 5) != 0)
95 				continue;
96 			token += 5;
97 
98 			if (last - token == 8 &&
99 			    os_strncmp(token, "MSCHAPV2", 8) == 0) {
100 				selected = "MSCHAPV2";
101 				data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
102 			} else if (last - token == 6 &&
103 				   os_strncmp(token, "MSCHAP", 6) == 0) {
104 				selected = "MSCHAP";
105 				data->phase2_type = EAP_TTLS_PHASE2_MSCHAP;
106 			} else if (last - token == 3 &&
107 				   os_strncmp(token, "PAP", 3) == 0) {
108 				selected = "PAP";
109 				data->phase2_type = EAP_TTLS_PHASE2_PAP;
110 			} else if (last - token == 4 &&
111 				   os_strncmp(token, "CHAP", 4) == 0) {
112 				selected = "CHAP";
113 				data->phase2_type = EAP_TTLS_PHASE2_CHAP;
114 			} else {
115 				wpa_printf(MSG_ERROR,
116 					   "EAP-TTLS: Unsupported Phase2 type '%s'",
117 					   token);
118 				eap_ttls_deinit(sm, data);
119 				return NULL;
120 			}
121 
122 			if (selected_non_eap) {
123 				wpa_printf(MSG_ERROR,
124 					   "EAP-TTLS: Only one Phase2 type can be specified");
125 				eap_ttls_deinit(sm, data);
126 				return NULL;
127 			}
128 
129 			selected_non_eap = 1;
130 		}
131 
132 		if (os_strstr(config->phase2, "autheap=")) {
133 			if (selected_non_eap) {
134 				wpa_printf(MSG_ERROR,
135 					   "EAP-TTLS: Both auth= and autheap= params cannot be specified");
136 				eap_ttls_deinit(sm, data);
137 				return NULL;
138 			}
139 			selected = "EAP";
140 			data->phase2_type = EAP_TTLS_PHASE2_EAP;
141 		}
142 	}
143 
144 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected);
145 
146 	if (data->phase2_type == EAP_TTLS_PHASE2_EAP) {
147 		if (eap_peer_select_phase2_methods(config, "autheap=",
148 						   &data->phase2_eap_types,
149 						   &data->num_phase2_eap_types)
150 		    < 0) {
151 			eap_ttls_deinit(sm, data);
152 			return NULL;
153 		}
154 
155 		data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
156 		data->phase2_eap_type.method = EAP_TYPE_NONE;
157 	}
158 
159 	if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TTLS)) {
160 		wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
161 		eap_ttls_deinit(sm, data);
162 		return NULL;
163 	}
164 
165 	return data;
166 }
167 
168 
169 static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
170 				       struct eap_ttls_data *data)
171 {
172 	if (data->phase2_priv && data->phase2_method) {
173 		data->phase2_method->deinit(sm, data->phase2_priv);
174 		data->phase2_method = NULL;
175 		data->phase2_priv = NULL;
176 	}
177 }
178 
179 
180 static void eap_ttls_free_key(struct eap_ttls_data *data)
181 {
182 	if (data->key_data) {
183 		bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
184 		data->key_data = NULL;
185 	}
186 }
187 
188 
189 static void eap_ttls_deinit(struct eap_sm *sm, void *priv)
190 {
191 	struct eap_ttls_data *data = priv;
192 	if (data == NULL)
193 		return;
194 	eap_ttls_phase2_eap_deinit(sm, data);
195 	os_free(data->phase2_eap_types);
196 	eap_peer_tls_ssl_deinit(sm, &data->ssl);
197 	eap_ttls_free_key(data);
198 	os_free(data->session_id);
199 	wpabuf_clear_free(data->pending_phase2_req);
200 	wpabuf_clear_free(data->pending_resp);
201 	os_free(data);
202 }
203 
204 
205 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
206 			     int mandatory, size_t len)
207 {
208 	struct ttls_avp_vendor *avp;
209 	u8 flags;
210 	size_t hdrlen;
211 
212 	avp = (struct ttls_avp_vendor *) avphdr;
213 	flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
214 	if (vendor_id) {
215 		flags |= AVP_FLAGS_VENDOR;
216 		hdrlen = sizeof(*avp);
217 		avp->vendor_id = host_to_be32(vendor_id);
218 	} else {
219 		hdrlen = sizeof(struct ttls_avp);
220 	}
221 
222 	avp->avp_code = host_to_be32(avp_code);
223 	avp->avp_length = host_to_be32(((u32) flags << 24) |
224 				       (u32) (hdrlen + len));
225 
226 	return avphdr + hdrlen;
227 }
228 
229 
230 static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code,
231 			     u32 vendor_id, int mandatory,
232 			     const u8 *data, size_t len)
233 {
234 	u8 *pos;
235 	pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len);
236 	os_memcpy(pos, data, len);
237 	pos += len;
238 	AVP_PAD(start, pos);
239 	return pos;
240 }
241 
242 
243 static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code,
244 				    int mandatory)
245 {
246 	struct wpabuf *msg;
247 	u8 *avp, *pos;
248 
249 	msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4);
250 	if (msg == NULL) {
251 		wpabuf_clear_free(*resp);
252 		*resp = NULL;
253 		return -1;
254 	}
255 
256 	avp = wpabuf_mhead(msg);
257 	pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp));
258 	os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp));
259 	pos += wpabuf_len(*resp);
260 	AVP_PAD(avp, pos);
261 	wpabuf_clear_free(*resp);
262 	wpabuf_put(msg, pos - avp);
263 	*resp = msg;
264 	return 0;
265 }
266 
267 
268 static int eap_ttls_v0_derive_key(struct eap_sm *sm,
269 				  struct eap_ttls_data *data)
270 {
271 	eap_ttls_free_key(data);
272 	data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
273 						 "ttls keying material",
274 						 NULL, 0,
275 						 EAP_TLS_KEY_LEN +
276 						 EAP_EMSK_LEN);
277 	if (!data->key_data) {
278 		wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key");
279 		return -1;
280 	}
281 
282 	wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
283 			data->key_data, EAP_TLS_KEY_LEN);
284 	wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived EMSK",
285 			data->key_data + EAP_TLS_KEY_LEN,
286 			EAP_EMSK_LEN);
287 
288 	os_free(data->session_id);
289 	data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
290 							  EAP_TYPE_TTLS,
291 	                                                  &data->id_len);
292 	if (data->session_id) {
293 		wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived Session-Id",
294 			    data->session_id, data->id_len);
295 	} else {
296 		wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive Session-Id");
297 	}
298 
299 	return 0;
300 }
301 
302 
303 #ifndef CONFIG_FIPS
304 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
305 					struct eap_ttls_data *data, size_t len)
306 {
307 	return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge",
308 				       NULL, 0, len);
309 }
310 #endif /* CONFIG_FIPS */
311 
312 
313 static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data,
314 					      u8 method)
315 {
316 	size_t i;
317 	for (i = 0; i < data->num_phase2_eap_types; i++) {
318 		if (data->phase2_eap_types[i].vendor != EAP_VENDOR_IETF ||
319 		    data->phase2_eap_types[i].method != method)
320 			continue;
321 
322 		data->phase2_eap_type.vendor =
323 			data->phase2_eap_types[i].vendor;
324 		data->phase2_eap_type.method =
325 			data->phase2_eap_types[i].method;
326 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
327 			   "Phase 2 EAP vendor %d method %d",
328 			   data->phase2_eap_type.vendor,
329 			   data->phase2_eap_type.method);
330 		break;
331 	}
332 }
333 
334 
335 static int eap_ttls_phase2_eap_process(struct eap_sm *sm,
336 				       struct eap_ttls_data *data,
337 				       struct eap_method_ret *ret,
338 				       struct eap_hdr *hdr, size_t len,
339 				       struct wpabuf **resp)
340 {
341 	struct wpabuf msg;
342 	struct eap_method_ret iret;
343 
344 	os_memset(&iret, 0, sizeof(iret));
345 	wpabuf_set(&msg, hdr, len);
346 	*resp = data->phase2_method->process(sm, data->phase2_priv, &iret,
347 					     &msg);
348 	if ((iret.methodState == METHOD_DONE ||
349 	     iret.methodState == METHOD_MAY_CONT) &&
350 	    (iret.decision == DECISION_UNCOND_SUCC ||
351 	     iret.decision == DECISION_COND_SUCC ||
352 	     iret.decision == DECISION_FAIL)) {
353 		ret->methodState = iret.methodState;
354 		ret->decision = iret.decision;
355 	}
356 
357 	return 0;
358 }
359 
360 
361 static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm,
362 					      struct eap_ttls_data *data,
363 					      struct eap_method_ret *ret,
364 					      struct eap_hdr *hdr, size_t len,
365 					      u8 method, struct wpabuf **resp)
366 {
367 #ifdef EAP_TNC
368 	if (data->tnc_started && data->phase2_method &&
369 	    data->phase2_priv && method == EAP_TYPE_TNC &&
370 	    data->phase2_eap_type.method == EAP_TYPE_TNC)
371 		return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len,
372 						   resp);
373 
374 	if (data->ready_for_tnc && !data->tnc_started &&
375 	    method == EAP_TYPE_TNC) {
376 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
377 			   "EAP method");
378 		data->tnc_started = 1;
379 	}
380 
381 	if (data->tnc_started) {
382 		if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF ||
383 		    data->phase2_eap_type.method == EAP_TYPE_TNC) {
384 			wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected EAP "
385 				   "type %d for TNC", method);
386 			return -1;
387 		}
388 
389 		data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
390 		data->phase2_eap_type.method = method;
391 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
392 			   "Phase 2 EAP vendor %d method %d (TNC)",
393 			   data->phase2_eap_type.vendor,
394 			   data->phase2_eap_type.method);
395 
396 		if (data->phase2_type == EAP_TTLS_PHASE2_EAP)
397 			eap_ttls_phase2_eap_deinit(sm, data);
398 	}
399 #endif /* EAP_TNC */
400 
401 	if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF &&
402 	    data->phase2_eap_type.method == EAP_TYPE_NONE)
403 		eap_ttls_phase2_select_eap_method(data, method);
404 
405 	if (method != data->phase2_eap_type.method || method == EAP_TYPE_NONE)
406 	{
407 		if (eap_peer_tls_phase2_nak(data->phase2_eap_types,
408 					    data->num_phase2_eap_types,
409 					    hdr, resp))
410 			return -1;
411 		return 0;
412 	}
413 
414 	if (data->phase2_priv == NULL) {
415 		data->phase2_method = eap_peer_get_eap_method(
416 			EAP_VENDOR_IETF, method);
417 		if (data->phase2_method) {
418 			sm->init_phase2 = 1;
419 			data->phase2_priv = data->phase2_method->init(sm);
420 			sm->init_phase2 = 0;
421 		}
422 	}
423 	if (data->phase2_priv == NULL || data->phase2_method == NULL) {
424 		wpa_printf(MSG_INFO, "EAP-TTLS: failed to initialize "
425 			   "Phase 2 EAP method %d", method);
426 		return -1;
427 	}
428 
429 	return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp);
430 }
431 
432 
433 static int eap_ttls_phase2_request_eap(struct eap_sm *sm,
434 				       struct eap_ttls_data *data,
435 				       struct eap_method_ret *ret,
436 				       struct eap_hdr *hdr,
437 				       struct wpabuf **resp)
438 {
439 	size_t len = be_to_host16(hdr->length);
440 	u8 *pos;
441 	struct eap_peer_config *config = eap_get_config(sm);
442 
443 	if (len <= sizeof(struct eap_hdr)) {
444 		wpa_printf(MSG_INFO, "EAP-TTLS: too short "
445 			   "Phase 2 request (len=%lu)", (unsigned long) len);
446 		return -1;
447 	}
448 	pos = (u8 *) (hdr + 1);
449 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos);
450 	switch (*pos) {
451 	case EAP_TYPE_IDENTITY:
452 		*resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
453 		break;
454 	default:
455 		if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len,
456 						       *pos, resp) < 0)
457 			return -1;
458 		break;
459 	}
460 
461 	if (*resp == NULL &&
462 	    (config->pending_req_identity || config->pending_req_password ||
463 	     config->pending_req_otp || config->pending_req_sim)) {
464 		return 0;
465 	}
466 
467 	if (*resp == NULL)
468 		return -1;
469 
470 	wpa_hexdump_buf(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response",
471 			*resp);
472 	return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1);
473 }
474 
475 
476 static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
477 					    struct eap_ttls_data *data,
478 					    struct eap_method_ret *ret,
479 					    struct wpabuf **resp)
480 {
481 #ifdef CONFIG_FIPS
482 	wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPV2 not supported in FIPS build");
483 	return -1;
484 #else /* CONFIG_FIPS */
485 #ifdef EAP_MSCHAPv2
486 	struct wpabuf *msg;
487 	u8 *buf, *pos, *challenge, *peer_challenge;
488 	const u8 *identity, *password;
489 	size_t identity_len, password_len;
490 	int pwhash;
491 
492 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request");
493 
494 	identity = eap_get_config_identity(sm, &identity_len);
495 	password = eap_get_config_password2(sm, &password_len, &pwhash);
496 	if (identity == NULL || password == NULL)
497 		return -1;
498 
499 	msg = wpabuf_alloc(identity_len + 1000);
500 	if (msg == NULL) {
501 		wpa_printf(MSG_ERROR,
502 			   "EAP-TTLS/MSCHAPV2: Failed to allocate memory");
503 		return -1;
504 	}
505 	pos = buf = wpabuf_mhead(msg);
506 
507 	/* User-Name */
508 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
509 			       identity, identity_len);
510 
511 	/* MS-CHAP-Challenge */
512 	challenge = eap_ttls_implicit_challenge(
513 		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
514 	if (challenge == NULL) {
515 		wpabuf_clear_free(msg);
516 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
517 			   "implicit challenge");
518 		return -1;
519 	}
520 
521 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
522 			       RADIUS_VENDOR_ID_MICROSOFT, 1,
523 			       challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
524 
525 	/* MS-CHAP2-Response */
526 	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE,
527 			       RADIUS_VENDOR_ID_MICROSOFT, 1,
528 			       EAP_TTLS_MSCHAPV2_RESPONSE_LEN);
529 	data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN];
530 	*pos++ = data->ident;
531 	*pos++ = 0; /* Flags */
532 	if (os_get_random(pos, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) < 0) {
533 		os_free(challenge);
534 		wpabuf_clear_free(msg);
535 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get "
536 			   "random data for peer challenge");
537 		return -1;
538 	}
539 	peer_challenge = pos;
540 	pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
541 	os_memset(pos, 0, 8); /* Reserved, must be zero */
542 	pos += 8;
543 	if (mschapv2_derive_response(identity, identity_len, password,
544 				     password_len, pwhash, challenge,
545 				     peer_challenge, pos, data->auth_response,
546 				     data->master_key)) {
547 		os_free(challenge);
548 		wpabuf_clear_free(msg);
549 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
550 			   "response");
551 		return -1;
552 	}
553 	data->auth_response_valid = 1;
554 
555 	pos += 24;
556 	os_free(challenge);
557 	AVP_PAD(buf, pos);
558 
559 	wpabuf_put(msg, pos - buf);
560 	*resp = msg;
561 
562 	return 0;
563 #else /* EAP_MSCHAPv2 */
564 	wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
565 	return -1;
566 #endif /* EAP_MSCHAPv2 */
567 #endif /* CONFIG_FIPS */
568 }
569 
570 
571 static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
572 					  struct eap_ttls_data *data,
573 					  struct eap_method_ret *ret,
574 					  struct wpabuf **resp)
575 {
576 #ifdef CONFIG_FIPS
577 	wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAP not supported in FIPS build");
578 	return -1;
579 #else /* CONFIG_FIPS */
580 	struct wpabuf *msg;
581 	u8 *buf, *pos, *challenge;
582 	const u8 *identity, *password;
583 	size_t identity_len, password_len;
584 	int pwhash;
585 
586 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request");
587 
588 	identity = eap_get_config_identity(sm, &identity_len);
589 	password = eap_get_config_password2(sm, &password_len, &pwhash);
590 	if (identity == NULL || password == NULL)
591 		return -1;
592 
593 	msg = wpabuf_alloc(identity_len + 1000);
594 	if (msg == NULL) {
595 		wpa_printf(MSG_ERROR,
596 			   "EAP-TTLS/MSCHAP: Failed to allocate memory");
597 		return -1;
598 	}
599 	pos = buf = wpabuf_mhead(msg);
600 
601 	/* User-Name */
602 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
603 			       identity, identity_len);
604 
605 	/* MS-CHAP-Challenge */
606 	challenge = eap_ttls_implicit_challenge(
607 		sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
608 	if (challenge == NULL) {
609 		wpabuf_clear_free(msg);
610 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
611 			   "implicit challenge");
612 		return -1;
613 	}
614 
615 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
616 			       RADIUS_VENDOR_ID_MICROSOFT, 1,
617 			       challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
618 
619 	/* MS-CHAP-Response */
620 	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE,
621 			       RADIUS_VENDOR_ID_MICROSOFT, 1,
622 			       EAP_TTLS_MSCHAP_RESPONSE_LEN);
623 	data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN];
624 	*pos++ = data->ident;
625 	*pos++ = 1; /* Flags: Use NT style passwords */
626 	os_memset(pos, 0, 24); /* LM-Response */
627 	pos += 24;
628 	if (pwhash) {
629 		/* NT-Response */
630 		if (challenge_response(challenge, password, pos)) {
631 			wpa_printf(MSG_ERROR,
632 				   "EAP-TTLS/MSCHAP: Failed derive password hash");
633 			wpabuf_clear_free(msg);
634 			os_free(challenge);
635 			return -1;
636 		}
637 
638 		wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash",
639 				password, 16);
640 	} else {
641 		/* NT-Response */
642 		if (nt_challenge_response(challenge, password, password_len,
643 					  pos)) {
644 			wpa_printf(MSG_ERROR,
645 				   "EAP-TTLS/MSCHAP: Failed derive password");
646 			wpabuf_clear_free(msg);
647 			os_free(challenge);
648 			return -1;
649 		}
650 
651 		wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
652 				      password, password_len);
653 	}
654 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge",
655 		    challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
656 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24);
657 	pos += 24;
658 	os_free(challenge);
659 	AVP_PAD(buf, pos);
660 
661 	wpabuf_put(msg, pos - buf);
662 	*resp = msg;
663 
664 	/* EAP-TTLS/MSCHAP does not provide tunneled success
665 	 * notification, so assume that Phase2 succeeds. */
666 	ret->methodState = METHOD_DONE;
667 	ret->decision = DECISION_COND_SUCC;
668 
669 	return 0;
670 #endif /* CONFIG_FIPS */
671 }
672 
673 
674 static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
675 				       struct eap_ttls_data *data,
676 				       struct eap_method_ret *ret,
677 				       struct wpabuf **resp)
678 {
679 	struct wpabuf *msg;
680 	u8 *buf, *pos;
681 	size_t pad;
682 	const u8 *identity, *password;
683 	size_t identity_len, password_len;
684 
685 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request");
686 
687 	identity = eap_get_config_identity(sm, &identity_len);
688 	password = eap_get_config_password(sm, &password_len);
689 	if (identity == NULL || password == NULL)
690 		return -1;
691 
692 	msg = wpabuf_alloc(identity_len + password_len + 100);
693 	if (msg == NULL) {
694 		wpa_printf(MSG_ERROR,
695 			   "EAP-TTLS/PAP: Failed to allocate memory");
696 		return -1;
697 	}
698 	pos = buf = wpabuf_mhead(msg);
699 
700 	/* User-Name */
701 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
702 			       identity, identity_len);
703 
704 	/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
705 	 * the data, so no separate encryption is used in the AVP itself.
706 	 * However, the password is padded to obfuscate its length. */
707 	pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
708 	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
709 			       password_len + pad);
710 	os_memcpy(pos, password, password_len);
711 	pos += password_len;
712 	os_memset(pos, 0, pad);
713 	pos += pad;
714 	AVP_PAD(buf, pos);
715 
716 	wpabuf_put(msg, pos - buf);
717 	*resp = msg;
718 
719 	/* EAP-TTLS/PAP does not provide tunneled success notification,
720 	 * so assume that Phase2 succeeds. */
721 	ret->methodState = METHOD_DONE;
722 	ret->decision = DECISION_COND_SUCC;
723 
724 	return 0;
725 }
726 
727 
728 static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
729 					struct eap_ttls_data *data,
730 					struct eap_method_ret *ret,
731 					struct wpabuf **resp)
732 {
733 #ifdef CONFIG_FIPS
734 	wpa_printf(MSG_ERROR, "EAP-TTLS: CHAP not supported in FIPS build");
735 	return -1;
736 #else /* CONFIG_FIPS */
737 	struct wpabuf *msg;
738 	u8 *buf, *pos, *challenge;
739 	const u8 *identity, *password;
740 	size_t identity_len, password_len;
741 
742 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request");
743 
744 	identity = eap_get_config_identity(sm, &identity_len);
745 	password = eap_get_config_password(sm, &password_len);
746 	if (identity == NULL || password == NULL)
747 		return -1;
748 
749 	msg = wpabuf_alloc(identity_len + 1000);
750 	if (msg == NULL) {
751 		wpa_printf(MSG_ERROR,
752 			   "EAP-TTLS/CHAP: Failed to allocate memory");
753 		return -1;
754 	}
755 	pos = buf = wpabuf_mhead(msg);
756 
757 	/* User-Name */
758 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
759 			       identity, identity_len);
760 
761 	/* CHAP-Challenge */
762 	challenge = eap_ttls_implicit_challenge(
763 		sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
764 	if (challenge == NULL) {
765 		wpabuf_clear_free(msg);
766 		wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
767 			   "implicit challenge");
768 		return -1;
769 	}
770 
771 	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1,
772 			       challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
773 
774 	/* CHAP-Password */
775 	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1,
776 			       1 + EAP_TTLS_CHAP_PASSWORD_LEN);
777 	data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN];
778 	*pos++ = data->ident;
779 
780 	/* MD5(Ident + Password + Challenge) */
781 	chap_md5(data->ident, password, password_len, challenge,
782 		 EAP_TTLS_CHAP_CHALLENGE_LEN, pos);
783 
784 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username",
785 			  identity, identity_len);
786 	wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password",
787 			      password, password_len);
788 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge",
789 		    challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
790 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password",
791 		    pos, EAP_TTLS_CHAP_PASSWORD_LEN);
792 	pos += EAP_TTLS_CHAP_PASSWORD_LEN;
793 	os_free(challenge);
794 	AVP_PAD(buf, pos);
795 
796 	wpabuf_put(msg, pos - buf);
797 	*resp = msg;
798 
799 	/* EAP-TTLS/CHAP does not provide tunneled success
800 	 * notification, so assume that Phase2 succeeds. */
801 	ret->methodState = METHOD_DONE;
802 	ret->decision = DECISION_COND_SUCC;
803 
804 	return 0;
805 #endif /* CONFIG_FIPS */
806 }
807 
808 
809 static int eap_ttls_phase2_request(struct eap_sm *sm,
810 				   struct eap_ttls_data *data,
811 				   struct eap_method_ret *ret,
812 				   struct eap_hdr *hdr,
813 				   struct wpabuf **resp)
814 {
815 	int res = 0;
816 	size_t len;
817 	enum phase2_types phase2_type = data->phase2_type;
818 
819 #ifdef EAP_TNC
820 	if (data->tnc_started) {
821 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC");
822 		phase2_type = EAP_TTLS_PHASE2_EAP;
823 	}
824 #endif /* EAP_TNC */
825 
826 	if (phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 ||
827 	    phase2_type == EAP_TTLS_PHASE2_MSCHAP ||
828 	    phase2_type == EAP_TTLS_PHASE2_PAP ||
829 	    phase2_type == EAP_TTLS_PHASE2_CHAP) {
830 		if (eap_get_config_identity(sm, &len) == NULL) {
831 			wpa_printf(MSG_INFO,
832 				   "EAP-TTLS: Identity not configured");
833 			eap_sm_request_identity(sm);
834 			if (eap_get_config_password(sm, &len) == NULL)
835 				eap_sm_request_password(sm);
836 			return 0;
837 		}
838 
839 		if (eap_get_config_password(sm, &len) == NULL) {
840 			wpa_printf(MSG_INFO,
841 				   "EAP-TTLS: Password not configured");
842 			eap_sm_request_password(sm);
843 			return 0;
844 		}
845 	}
846 
847 	switch (phase2_type) {
848 	case EAP_TTLS_PHASE2_EAP:
849 		res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp);
850 		break;
851 	case EAP_TTLS_PHASE2_MSCHAPV2:
852 		res = eap_ttls_phase2_request_mschapv2(sm, data, ret, resp);
853 		break;
854 	case EAP_TTLS_PHASE2_MSCHAP:
855 		res = eap_ttls_phase2_request_mschap(sm, data, ret, resp);
856 		break;
857 	case EAP_TTLS_PHASE2_PAP:
858 		res = eap_ttls_phase2_request_pap(sm, data, ret, resp);
859 		break;
860 	case EAP_TTLS_PHASE2_CHAP:
861 		res = eap_ttls_phase2_request_chap(sm, data, ret, resp);
862 		break;
863 	default:
864 		wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown");
865 		res = -1;
866 		break;
867 	}
868 
869 	if (res < 0) {
870 		ret->methodState = METHOD_DONE;
871 		ret->decision = DECISION_FAIL;
872 	}
873 
874 	return res;
875 }
876 
877 
878 struct ttls_parse_avp {
879 	u8 *mschapv2;
880 	u8 *eapdata;
881 	size_t eap_len;
882 	int mschapv2_error;
883 };
884 
885 
886 static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen,
887 				   struct ttls_parse_avp *parse)
888 {
889 	wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
890 	if (parse->eapdata == NULL) {
891 		parse->eapdata = os_memdup(dpos, dlen);
892 		if (parse->eapdata == NULL) {
893 			wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
894 				   "memory for Phase 2 EAP data");
895 			return -1;
896 		}
897 		parse->eap_len = dlen;
898 	} else {
899 		u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen);
900 		if (neweap == NULL) {
901 			wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
902 				   "memory for Phase 2 EAP data");
903 			return -1;
904 		}
905 		os_memcpy(neweap + parse->eap_len, dpos, dlen);
906 		parse->eapdata = neweap;
907 		parse->eap_len += dlen;
908 	}
909 
910 	return 0;
911 }
912 
913 
914 static int eap_ttls_parse_avp(u8 *pos, size_t left,
915 			      struct ttls_parse_avp *parse)
916 {
917 	struct ttls_avp *avp;
918 	u32 avp_code, avp_length, vendor_id = 0;
919 	u8 avp_flags, *dpos;
920 	size_t dlen;
921 
922 	avp = (struct ttls_avp *) pos;
923 	avp_code = be_to_host32(avp->avp_code);
924 	avp_length = be_to_host32(avp->avp_length);
925 	avp_flags = (avp_length >> 24) & 0xff;
926 	avp_length &= 0xffffff;
927 	wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
928 		   "length=%d", (int) avp_code, avp_flags,
929 		   (int) avp_length);
930 
931 	if (avp_length > left) {
932 		wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
933 			   "(len=%d, left=%lu) - dropped",
934 			   (int) avp_length, (unsigned long) left);
935 		return -1;
936 	}
937 
938 	if (avp_length < sizeof(*avp)) {
939 		wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length %d",
940 			   avp_length);
941 		return -1;
942 	}
943 
944 	dpos = (u8 *) (avp + 1);
945 	dlen = avp_length - sizeof(*avp);
946 	if (avp_flags & AVP_FLAGS_VENDOR) {
947 		if (dlen < 4) {
948 			wpa_printf(MSG_WARNING, "EAP-TTLS: Vendor AVP "
949 				   "underflow");
950 			return -1;
951 		}
952 		vendor_id = WPA_GET_BE32(dpos);
953 		wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
954 			   (int) vendor_id);
955 		dpos += 4;
956 		dlen -= 4;
957 	}
958 
959 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
960 
961 	if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
962 		if (eap_ttls_parse_attr_eap(dpos, dlen, parse) < 0)
963 			return -1;
964 	} else if (vendor_id == 0 && avp_code == RADIUS_ATTR_REPLY_MESSAGE) {
965 		/* This is an optional message that can be displayed to
966 		 * the user. */
967 		wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: AVP - Reply-Message",
968 				  dpos, dlen);
969 	} else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
970 		   avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) {
971 		wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP2-Success",
972 				  dpos, dlen);
973 		if (dlen != 43) {
974 			wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected "
975 				   "MS-CHAP2-Success length "
976 				   "(len=%lu, expected 43)",
977 				   (unsigned long) dlen);
978 			return -1;
979 		}
980 		parse->mschapv2 = dpos;
981 	} else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
982 		   avp_code == RADIUS_ATTR_MS_CHAP_ERROR) {
983 		wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP-Error",
984 				  dpos, dlen);
985 		parse->mschapv2_error = 1;
986 	} else if (avp_flags & AVP_FLAGS_MANDATORY) {
987 		wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported mandatory AVP "
988 			   "code %d vendor_id %d - dropped",
989 			   (int) avp_code, (int) vendor_id);
990 		return -1;
991 	} else {
992 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported AVP "
993 			   "code %d vendor_id %d",
994 			   (int) avp_code, (int) vendor_id);
995 	}
996 
997 	return avp_length;
998 }
999 
1000 
1001 static int eap_ttls_parse_avps(struct wpabuf *in_decrypted,
1002 			       struct ttls_parse_avp *parse)
1003 {
1004 	u8 *pos;
1005 	size_t left, pad;
1006 	int avp_length;
1007 
1008 	pos = wpabuf_mhead(in_decrypted);
1009 	left = wpabuf_len(in_decrypted);
1010 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left);
1011 	if (left < sizeof(struct ttls_avp)) {
1012 		wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame"
1013 			   " len=%lu expected %lu or more - dropped",
1014 			   (unsigned long) left,
1015 			   (unsigned long) sizeof(struct ttls_avp));
1016 		return -1;
1017 	}
1018 
1019 	/* Parse AVPs */
1020 	os_memset(parse, 0, sizeof(*parse));
1021 
1022 	while (left > 0) {
1023 		avp_length = eap_ttls_parse_avp(pos, left, parse);
1024 		if (avp_length < 0)
1025 			return -1;
1026 
1027 		pad = (4 - (avp_length & 3)) & 3;
1028 		pos += avp_length + pad;
1029 		if (left < avp_length + pad)
1030 			left = 0;
1031 		else
1032 			left -= avp_length + pad;
1033 	}
1034 
1035 	return 0;
1036 }
1037 
1038 
1039 static u8 * eap_ttls_fake_identity_request(void)
1040 {
1041 	struct eap_hdr *hdr;
1042 	u8 *buf;
1043 
1044 	wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
1045 		   "Phase 2 - use fake EAP-Request Identity");
1046 	buf = os_malloc(sizeof(*hdr) + 1);
1047 	if (buf == NULL) {
1048 		wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate "
1049 			   "memory for fake EAP-Identity Request");
1050 		return NULL;
1051 	}
1052 
1053 	hdr = (struct eap_hdr *) buf;
1054 	hdr->code = EAP_CODE_REQUEST;
1055 	hdr->identifier = 0;
1056 	hdr->length = host_to_be16(sizeof(*hdr) + 1);
1057 	buf[sizeof(*hdr)] = EAP_TYPE_IDENTITY;
1058 
1059 	return buf;
1060 }
1061 
1062 
1063 static int eap_ttls_encrypt_response(struct eap_sm *sm,
1064 				     struct eap_ttls_data *data,
1065 				     struct wpabuf *resp, u8 identifier,
1066 				     struct wpabuf **out_data)
1067 {
1068 	if (resp == NULL)
1069 		return 0;
1070 
1071 	wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data",
1072 			    resp);
1073 	if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
1074 				 data->ttls_version, identifier,
1075 				 resp, out_data)) {
1076 		wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 "
1077 			   "frame");
1078 		wpabuf_clear_free(resp);
1079 		return -1;
1080 	}
1081 	wpabuf_clear_free(resp);
1082 
1083 	return 0;
1084 }
1085 
1086 
1087 static int eap_ttls_process_phase2_eap(struct eap_sm *sm,
1088 				       struct eap_ttls_data *data,
1089 				       struct eap_method_ret *ret,
1090 				       struct ttls_parse_avp *parse,
1091 				       struct wpabuf **resp)
1092 {
1093 	struct eap_hdr *hdr;
1094 	size_t len;
1095 
1096 	if (parse->eapdata == NULL) {
1097 		wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in the "
1098 			   "packet - dropped");
1099 		return -1;
1100 	}
1101 
1102 	wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP",
1103 		    parse->eapdata, parse->eap_len);
1104 	hdr = (struct eap_hdr *) parse->eapdata;
1105 
1106 	if (parse->eap_len < sizeof(*hdr)) {
1107 		wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 EAP "
1108 			   "frame (len=%lu, expected %lu or more) - dropped",
1109 			   (unsigned long) parse->eap_len,
1110 			   (unsigned long) sizeof(*hdr));
1111 		return -1;
1112 	}
1113 	len = be_to_host16(hdr->length);
1114 	if (len > parse->eap_len) {
1115 		wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in Phase 2 "
1116 			   "EAP frame (EAP hdr len=%lu, EAP data len in "
1117 			   "AVP=%lu)",
1118 			   (unsigned long) len,
1119 			   (unsigned long) parse->eap_len);
1120 		return -1;
1121 	}
1122 	wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d "
1123 		   "identifier=%d length=%lu",
1124 		   hdr->code, hdr->identifier, (unsigned long) len);
1125 	switch (hdr->code) {
1126 	case EAP_CODE_REQUEST:
1127 		if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) {
1128 			wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request "
1129 				   "processing failed");
1130 			return -1;
1131 		}
1132 		break;
1133 	default:
1134 		wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in "
1135 			   "Phase 2 EAP header", hdr->code);
1136 		return -1;
1137 	}
1138 
1139 	return 0;
1140 }
1141 
1142 
1143 static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
1144 					    struct eap_ttls_data *data,
1145 					    struct eap_method_ret *ret,
1146 					    struct ttls_parse_avp *parse)
1147 {
1148 #ifdef EAP_MSCHAPv2
1149 	if (parse->mschapv2_error) {
1150 		wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received "
1151 			   "MS-CHAP-Error - failed");
1152 		ret->methodState = METHOD_DONE;
1153 		ret->decision = DECISION_FAIL;
1154 		/* Reply with empty data to ACK error */
1155 		return 1;
1156 	}
1157 
1158 	if (parse->mschapv2 == NULL) {
1159 #ifdef EAP_TNC
1160 		if (data->phase2_success && parse->eapdata) {
1161 			/*
1162 			 * Allow EAP-TNC to be started after successfully
1163 			 * completed MSCHAPV2.
1164 			 */
1165 			return 1;
1166 		}
1167 #endif /* EAP_TNC */
1168 		wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP "
1169 			   "received for Phase2 MSCHAPV2");
1170 		return -1;
1171 	}
1172 	if (parse->mschapv2[0] != data->ident) {
1173 		wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch for Phase 2 "
1174 			   "MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)",
1175 			   parse->mschapv2[0], data->ident);
1176 		return -1;
1177 	}
1178 	if (!data->auth_response_valid ||
1179 	    mschapv2_verify_auth_response(data->auth_response,
1180 					  parse->mschapv2 + 1, 42)) {
1181 		wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid authenticator "
1182 			   "response in Phase 2 MSCHAPV2 success request");
1183 		return -1;
1184 	}
1185 
1186 	wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 "
1187 		   "authentication succeeded");
1188 	ret->methodState = METHOD_DONE;
1189 	ret->decision = DECISION_UNCOND_SUCC;
1190 	data->phase2_success = 1;
1191 
1192 	/*
1193 	 * Reply with empty data; authentication server will reply
1194 	 * with EAP-Success after this.
1195 	 */
1196 	return 1;
1197 #else /* EAP_MSCHAPv2 */
1198 	wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
1199 	return -1;
1200 #endif /* EAP_MSCHAPv2 */
1201 }
1202 
1203 
1204 #ifdef EAP_TNC
1205 static int eap_ttls_process_tnc_start(struct eap_sm *sm,
1206 				      struct eap_ttls_data *data,
1207 				      struct eap_method_ret *ret,
1208 				      struct ttls_parse_avp *parse,
1209 				      struct wpabuf **resp)
1210 {
1211 	/* TNC uses inner EAP method after non-EAP TTLS phase 2. */
1212 	if (parse->eapdata == NULL) {
1213 		wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received "
1214 			   "unexpected tunneled data (no EAP)");
1215 		return -1;
1216 	}
1217 
1218 	if (!data->ready_for_tnc) {
1219 		wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received "
1220 			   "EAP after non-EAP, but not ready for TNC");
1221 		return -1;
1222 	}
1223 
1224 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
1225 		   "non-EAP method");
1226 	data->tnc_started = 1;
1227 
1228 	if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0)
1229 		return -1;
1230 
1231 	return 0;
1232 }
1233 #endif /* EAP_TNC */
1234 
1235 
1236 static int eap_ttls_process_decrypted(struct eap_sm *sm,
1237 				      struct eap_ttls_data *data,
1238 				      struct eap_method_ret *ret,
1239 				      u8 identifier,
1240 				      struct ttls_parse_avp *parse,
1241 				      struct wpabuf *in_decrypted,
1242 				      struct wpabuf **out_data)
1243 {
1244 	struct wpabuf *resp = NULL;
1245 	struct eap_peer_config *config = eap_get_config(sm);
1246 	int res;
1247 	enum phase2_types phase2_type = data->phase2_type;
1248 
1249 #ifdef EAP_TNC
1250 	if (data->tnc_started)
1251 		phase2_type = EAP_TTLS_PHASE2_EAP;
1252 #endif /* EAP_TNC */
1253 
1254 	switch (phase2_type) {
1255 	case EAP_TTLS_PHASE2_EAP:
1256 		if (eap_ttls_process_phase2_eap(sm, data, ret, parse, &resp) <
1257 		    0)
1258 			return -1;
1259 		break;
1260 	case EAP_TTLS_PHASE2_MSCHAPV2:
1261 		res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse);
1262 #ifdef EAP_TNC
1263 		if (res == 1 && parse->eapdata && data->phase2_success) {
1264 			/*
1265 			 * TNC may be required as the next
1266 			 * authentication method within the tunnel.
1267 			 */
1268 			ret->methodState = METHOD_MAY_CONT;
1269 			data->ready_for_tnc = 1;
1270 			if (eap_ttls_process_tnc_start(sm, data, ret, parse,
1271 						       &resp) == 0)
1272 				break;
1273 		}
1274 #endif /* EAP_TNC */
1275 		return res;
1276 	case EAP_TTLS_PHASE2_MSCHAP:
1277 	case EAP_TTLS_PHASE2_PAP:
1278 	case EAP_TTLS_PHASE2_CHAP:
1279 #ifdef EAP_TNC
1280 		if (eap_ttls_process_tnc_start(sm, data, ret, parse, &resp) <
1281 		    0)
1282 			return -1;
1283 		break;
1284 #else /* EAP_TNC */
1285 		/* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled
1286 		 * requests to the supplicant */
1287 		wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected "
1288 			   "tunneled data");
1289 		return -1;
1290 #endif /* EAP_TNC */
1291 	}
1292 
1293 	if (resp) {
1294 		if (eap_ttls_encrypt_response(sm, data, resp, identifier,
1295 					      out_data) < 0)
1296 			return -1;
1297 	} else if (config->pending_req_identity ||
1298 		   config->pending_req_password ||
1299 		   config->pending_req_otp ||
1300 		   config->pending_req_new_password ||
1301 		   config->pending_req_sim) {
1302 		wpabuf_clear_free(data->pending_phase2_req);
1303 		data->pending_phase2_req = wpabuf_dup(in_decrypted);
1304 	}
1305 
1306 	return 0;
1307 }
1308 
1309 
1310 static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
1311 					      struct eap_ttls_data *data,
1312 					      struct eap_method_ret *ret,
1313 					      u8 identifier,
1314 					      struct wpabuf **out_data)
1315 {
1316 	int retval = 0;
1317 	struct eap_hdr *hdr;
1318 	struct wpabuf *resp;
1319 
1320 	hdr = (struct eap_hdr *) eap_ttls_fake_identity_request();
1321 	if (hdr == NULL) {
1322 		ret->methodState = METHOD_DONE;
1323 		ret->decision = DECISION_FAIL;
1324 		return -1;
1325 	}
1326 
1327 	resp = NULL;
1328 	if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) {
1329 		wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request "
1330 			   "processing failed");
1331 		retval = -1;
1332 	} else {
1333 		struct eap_peer_config *config = eap_get_config(sm);
1334 		if (resp == NULL &&
1335 		    (config->pending_req_identity ||
1336 		     config->pending_req_password ||
1337 		     config->pending_req_otp ||
1338 		     config->pending_req_new_password ||
1339 		     config->pending_req_sim)) {
1340 			/*
1341 			 * Use empty buffer to force implicit request
1342 			 * processing when EAP request is re-processed after
1343 			 * user input.
1344 			 */
1345 			wpabuf_clear_free(data->pending_phase2_req);
1346 			data->pending_phase2_req = wpabuf_alloc(0);
1347 		}
1348 
1349 		retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
1350 						   out_data);
1351 	}
1352 
1353 	os_free(hdr);
1354 
1355 	if (retval < 0) {
1356 		ret->methodState = METHOD_DONE;
1357 		ret->decision = DECISION_FAIL;
1358 	}
1359 
1360 	return retval;
1361 }
1362 
1363 
1364 static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data,
1365 				 struct eap_method_ret *ret, u8 identifier,
1366 				 struct wpabuf **out_data)
1367 {
1368 	data->phase2_start = 0;
1369 
1370 	/*
1371 	 * EAP-TTLS does not use Phase2 on fast re-auth; this must be done only
1372 	 * if TLS part was indeed resuming a previous session. Most
1373 	 * Authentication Servers terminate EAP-TTLS before reaching this
1374 	 * point, but some do not. Make wpa_supplicant stop phase 2 here, if
1375 	 * needed.
1376 	 */
1377 	if (data->reauth &&
1378 	    tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
1379 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - "
1380 			   "skip phase 2");
1381 		*out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS,
1382 						   data->ttls_version);
1383 		ret->methodState = METHOD_DONE;
1384 		ret->decision = DECISION_UNCOND_SUCC;
1385 		data->phase2_success = 1;
1386 		return 0;
1387 	}
1388 
1389 	return eap_ttls_implicit_identity_request(sm, data, ret, identifier,
1390 						  out_data);
1391 }
1392 
1393 
1394 static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
1395 			    struct eap_method_ret *ret, u8 identifier,
1396 			    const struct wpabuf *in_data,
1397 			    struct wpabuf **out_data)
1398 {
1399 	struct wpabuf *in_decrypted = NULL;
1400 	int retval = 0;
1401 	struct ttls_parse_avp parse;
1402 
1403 	os_memset(&parse, 0, sizeof(parse));
1404 
1405 	wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
1406 		   " Phase 2",
1407 		   in_data ? (unsigned long) wpabuf_len(in_data) : 0);
1408 
1409 	if (data->pending_phase2_req) {
1410 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
1411 			   "skip decryption and use old data");
1412 		/* Clear TLS reassembly state. */
1413 		eap_peer_tls_reset_input(&data->ssl);
1414 
1415 		in_decrypted = data->pending_phase2_req;
1416 		data->pending_phase2_req = NULL;
1417 		if (wpabuf_len(in_decrypted) == 0) {
1418 			wpabuf_clear_free(in_decrypted);
1419 			return eap_ttls_implicit_identity_request(
1420 				sm, data, ret, identifier, out_data);
1421 		}
1422 		goto continue_req;
1423 	}
1424 
1425 	if ((in_data == NULL || wpabuf_len(in_data) == 0) &&
1426 	    data->phase2_start) {
1427 		return eap_ttls_phase2_start(sm, data, ret, identifier,
1428 					     out_data);
1429 	}
1430 
1431 	if (in_data == NULL || wpabuf_len(in_data) == 0) {
1432 		/* Received TLS ACK - requesting more fragments */
1433 		return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
1434 					    data->ttls_version,
1435 					    identifier, NULL, out_data);
1436 	}
1437 
1438 	retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
1439 	if (retval)
1440 		goto done;
1441 
1442 continue_req:
1443 	data->phase2_start = 0;
1444 
1445 	if (eap_ttls_parse_avps(in_decrypted, &parse) < 0) {
1446 		retval = -1;
1447 		goto done;
1448 	}
1449 
1450 	retval = eap_ttls_process_decrypted(sm, data, ret, identifier,
1451 					    &parse, in_decrypted, out_data);
1452 
1453 done:
1454 	wpabuf_clear_free(in_decrypted);
1455 	os_free(parse.eapdata);
1456 
1457 	if (retval < 0) {
1458 		ret->methodState = METHOD_DONE;
1459 		ret->decision = DECISION_FAIL;
1460 	}
1461 
1462 	return retval;
1463 }
1464 
1465 
1466 static int eap_ttls_process_handshake(struct eap_sm *sm,
1467 				      struct eap_ttls_data *data,
1468 				      struct eap_method_ret *ret,
1469 				      u8 identifier,
1470 				      const struct wpabuf *in_data,
1471 				      struct wpabuf **out_data)
1472 {
1473 	int res;
1474 
1475 	if (sm->waiting_ext_cert_check && data->pending_resp) {
1476 		struct eap_peer_config *config = eap_get_config(sm);
1477 
1478 		if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) {
1479 			wpa_printf(MSG_DEBUG,
1480 				   "EAP-TTLS: External certificate check succeeded - continue handshake");
1481 			*out_data = data->pending_resp;
1482 			data->pending_resp = NULL;
1483 			sm->waiting_ext_cert_check = 0;
1484 			return 0;
1485 		}
1486 
1487 		if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) {
1488 			wpa_printf(MSG_DEBUG,
1489 				   "EAP-TTLS: External certificate check failed - force authentication failure");
1490 			ret->methodState = METHOD_DONE;
1491 			ret->decision = DECISION_FAIL;
1492 			sm->waiting_ext_cert_check = 0;
1493 			return 0;
1494 		}
1495 
1496 		wpa_printf(MSG_DEBUG,
1497 			   "EAP-TTLS: Continuing to wait external server certificate validation");
1498 		return 0;
1499 	}
1500 
1501 	res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
1502 					  data->ttls_version, identifier,
1503 					  in_data, out_data);
1504 	if (res < 0) {
1505 		wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS processing failed");
1506 		ret->methodState = METHOD_DONE;
1507 		ret->decision = DECISION_FAIL;
1508 		return -1;
1509 	}
1510 
1511 	if (sm->waiting_ext_cert_check) {
1512 		wpa_printf(MSG_DEBUG,
1513 			   "EAP-TTLS: Waiting external server certificate validation");
1514 		wpabuf_clear_free(data->pending_resp);
1515 		data->pending_resp = *out_data;
1516 		*out_data = NULL;
1517 		return 0;
1518 	}
1519 
1520 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1521 		wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
1522 			   "Phase 2");
1523 		if (data->resuming) {
1524 			wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may "
1525 				   "skip Phase 2");
1526 			ret->decision = DECISION_COND_SUCC;
1527 			ret->methodState = METHOD_MAY_CONT;
1528 		}
1529 		data->phase2_start = 1;
1530 		eap_ttls_v0_derive_key(sm, data);
1531 
1532 		if (*out_data == NULL || wpabuf_len(*out_data) == 0) {
1533 			if (eap_ttls_decrypt(sm, data, ret, identifier,
1534 					     NULL, out_data)) {
1535 				wpa_printf(MSG_WARNING, "EAP-TTLS: "
1536 					   "failed to process early "
1537 					   "start for Phase 2");
1538 			}
1539 			res = 0;
1540 		}
1541 		data->resuming = 0;
1542 	}
1543 
1544 	if (res == 2) {
1545 		/*
1546 		 * Application data included in the handshake message.
1547 		 */
1548 		wpabuf_clear_free(data->pending_phase2_req);
1549 		data->pending_phase2_req = *out_data;
1550 		*out_data = NULL;
1551 		res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
1552 				       out_data);
1553 	}
1554 
1555 	return res;
1556 }
1557 
1558 
1559 static void eap_ttls_check_auth_status(struct eap_sm *sm,
1560 				       struct eap_ttls_data *data,
1561 				       struct eap_method_ret *ret)
1562 {
1563 	if (ret->methodState == METHOD_DONE) {
1564 		ret->allowNotifications = FALSE;
1565 		if (ret->decision == DECISION_UNCOND_SUCC ||
1566 		    ret->decision == DECISION_COND_SUCC) {
1567 			wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
1568 				   "completed successfully");
1569 			data->phase2_success = 1;
1570 			data->decision_succ = ret->decision;
1571 #ifdef EAP_TNC
1572 			if (!data->ready_for_tnc && !data->tnc_started) {
1573 				/*
1574 				 * TNC may be required as the next
1575 				 * authentication method within the tunnel.
1576 				 */
1577 				ret->methodState = METHOD_MAY_CONT;
1578 				data->ready_for_tnc = 1;
1579 			}
1580 #endif /* EAP_TNC */
1581 		}
1582 	} else if (ret->methodState == METHOD_MAY_CONT &&
1583 		   (ret->decision == DECISION_UNCOND_SUCC ||
1584 		    ret->decision == DECISION_COND_SUCC)) {
1585 			wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
1586 				   "completed successfully (MAY_CONT)");
1587 			data->phase2_success = 1;
1588 			data->decision_succ = ret->decision;
1589 	} else if (data->decision_succ != DECISION_FAIL &&
1590 		   data->phase2_success &&
1591 		   !data->ssl.tls_out) {
1592 		/*
1593 		 * This is needed to cover the case where the final Phase 2
1594 		 * message gets fragmented since fragmentation clears
1595 		 * decision back to FAIL.
1596 		 */
1597 		wpa_printf(MSG_DEBUG,
1598 			   "EAP-TTLS: Restore success decision after fragmented frame sent completely");
1599 		ret->decision = data->decision_succ;
1600 	}
1601 }
1602 
1603 
1604 static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
1605 					struct eap_method_ret *ret,
1606 					const struct wpabuf *reqData)
1607 {
1608 	size_t left;
1609 	int res;
1610 	u8 flags, id;
1611 	struct wpabuf *resp;
1612 	const u8 *pos;
1613 	struct eap_ttls_data *data = priv;
1614 	struct wpabuf msg;
1615 
1616 	pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
1617 					reqData, &left, &flags);
1618 	if (pos == NULL)
1619 		return NULL;
1620 	id = eap_get_id(reqData);
1621 
1622 	if (flags & EAP_TLS_FLAGS_START) {
1623 		wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own "
1624 			   "ver=%d)", flags & EAP_TLS_VERSION_MASK,
1625 			   data->ttls_version);
1626 
1627 		/* RFC 5281, Ch. 9.2:
1628 		 * "This packet MAY contain additional information in the form
1629 		 * of AVPs, which may provide useful hints to the client"
1630 		 * For now, ignore any potential extra data.
1631 		 */
1632 		left = 0;
1633 	}
1634 
1635 	wpabuf_set(&msg, pos, left);
1636 
1637 	resp = NULL;
1638 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1639 	    !data->resuming) {
1640 		res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
1641 	} else {
1642 		res = eap_ttls_process_handshake(sm, data, ret, id,
1643 						 &msg, &resp);
1644 	}
1645 
1646 	eap_ttls_check_auth_status(sm, data, ret);
1647 
1648 	/* FIX: what about res == -1? Could just move all error processing into
1649 	 * the other functions and get rid of this res==1 case here. */
1650 	if (res == 1) {
1651 		wpabuf_clear_free(resp);
1652 		return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS,
1653 					      data->ttls_version);
1654 	}
1655 	return resp;
1656 }
1657 
1658 
1659 static Boolean eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv)
1660 {
1661 	struct eap_ttls_data *data = priv;
1662 	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1663 		data->phase2_success;
1664 }
1665 
1666 
1667 static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv)
1668 {
1669 	struct eap_ttls_data *data = priv;
1670 
1671 	if (data->phase2_priv && data->phase2_method &&
1672 	    data->phase2_method->deinit_for_reauth)
1673 		data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
1674 	wpabuf_clear_free(data->pending_phase2_req);
1675 	data->pending_phase2_req = NULL;
1676 	wpabuf_clear_free(data->pending_resp);
1677 	data->pending_resp = NULL;
1678 	data->decision_succ = DECISION_FAIL;
1679 #ifdef EAP_TNC
1680 	data->ready_for_tnc = 0;
1681 	data->tnc_started = 0;
1682 #endif /* EAP_TNC */
1683 }
1684 
1685 
1686 static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv)
1687 {
1688 	struct eap_ttls_data *data = priv;
1689 	eap_ttls_free_key(data);
1690 	os_free(data->session_id);
1691 	data->session_id = NULL;
1692 	if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1693 		os_free(data);
1694 		return NULL;
1695 	}
1696 	if (data->phase2_priv && data->phase2_method &&
1697 	    data->phase2_method->init_for_reauth)
1698 		data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1699 	data->phase2_start = 0;
1700 	data->phase2_success = 0;
1701 	data->resuming = 1;
1702 	data->reauth = 1;
1703 	return priv;
1704 }
1705 
1706 
1707 static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf,
1708 			       size_t buflen, int verbose)
1709 {
1710 	struct eap_ttls_data *data = priv;
1711 	int len, ret;
1712 
1713 	len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
1714 	ret = os_snprintf(buf + len, buflen - len,
1715 			  "EAP-TTLSv%d Phase2 method=",
1716 			  data->ttls_version);
1717 	if (os_snprintf_error(buflen - len, ret))
1718 		return len;
1719 	len += ret;
1720 	switch (data->phase2_type) {
1721 	case EAP_TTLS_PHASE2_EAP:
1722 		ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n",
1723 				  data->phase2_method ?
1724 				  data->phase2_method->name : "?");
1725 		break;
1726 	case EAP_TTLS_PHASE2_MSCHAPV2:
1727 		ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n");
1728 		break;
1729 	case EAP_TTLS_PHASE2_MSCHAP:
1730 		ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n");
1731 		break;
1732 	case EAP_TTLS_PHASE2_PAP:
1733 		ret = os_snprintf(buf + len, buflen - len, "PAP\n");
1734 		break;
1735 	case EAP_TTLS_PHASE2_CHAP:
1736 		ret = os_snprintf(buf + len, buflen - len, "CHAP\n");
1737 		break;
1738 	default:
1739 		ret = 0;
1740 		break;
1741 	}
1742 	if (os_snprintf_error(buflen - len, ret))
1743 		return len;
1744 	len += ret;
1745 
1746 	return len;
1747 }
1748 
1749 
1750 static Boolean eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv)
1751 {
1752 	struct eap_ttls_data *data = priv;
1753 	return data->key_data != NULL && data->phase2_success;
1754 }
1755 
1756 
1757 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1758 {
1759 	struct eap_ttls_data *data = priv;
1760 	u8 *key;
1761 
1762 	if (data->key_data == NULL || !data->phase2_success)
1763 		return NULL;
1764 
1765 	key = os_memdup(data->key_data, EAP_TLS_KEY_LEN);
1766 	if (key == NULL)
1767 		return NULL;
1768 
1769 	*len = EAP_TLS_KEY_LEN;
1770 
1771 	return key;
1772 }
1773 
1774 
1775 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1776 {
1777 	struct eap_ttls_data *data = priv;
1778 	u8 *id;
1779 
1780 	if (data->session_id == NULL || !data->phase2_success)
1781 		return NULL;
1782 
1783 	id = os_memdup(data->session_id, data->id_len);
1784 	if (id == NULL)
1785 		return NULL;
1786 
1787 	*len = data->id_len;
1788 
1789 	return id;
1790 }
1791 
1792 
1793 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1794 {
1795 	struct eap_ttls_data *data = priv;
1796 	u8 *key;
1797 
1798 	if (data->key_data == NULL)
1799 		return NULL;
1800 
1801 	key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
1802 	if (key == NULL)
1803 		return NULL;
1804 
1805 	*len = EAP_EMSK_LEN;
1806 
1807 	return key;
1808 }
1809 
1810 
1811 int eap_peer_ttls_register(void)
1812 {
1813 	struct eap_method *eap;
1814 
1815 	eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
1816 				    EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1817 	if (eap == NULL)
1818 		return -1;
1819 
1820 	eap->init = eap_ttls_init;
1821 	eap->deinit = eap_ttls_deinit;
1822 	eap->process = eap_ttls_process;
1823 	eap->isKeyAvailable = eap_ttls_isKeyAvailable;
1824 	eap->getKey = eap_ttls_getKey;
1825 	eap->getSessionId = eap_ttls_get_session_id;
1826 	eap->get_status = eap_ttls_get_status;
1827 	eap->has_reauth_data = eap_ttls_has_reauth_data;
1828 	eap->deinit_for_reauth = eap_ttls_deinit_for_reauth;
1829 	eap->init_for_reauth = eap_ttls_init_for_reauth;
1830 	eap->get_emsk = eap_ttls_get_emsk;
1831 
1832 	return eap_peer_method_register(eap);
1833 }
1834