1 /* 2 * EAP peer method: EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/ms_funcs.h" 13 #include "crypto/sha1.h" 14 #include "crypto/tls.h" 15 #include "eap_common/chap.h" 16 #include "eap_common/eap_ttls.h" 17 #include "mschapv2.h" 18 #include "eap_i.h" 19 #include "eap_tls_common.h" 20 #include "eap_config.h" 21 22 23 #define EAP_TTLS_VERSION 0 24 25 26 static void eap_ttls_deinit(struct eap_sm *sm, void *priv); 27 28 29 struct eap_ttls_data { 30 struct eap_ssl_data ssl; 31 32 int ttls_version; 33 34 const struct eap_method *phase2_method; 35 void *phase2_priv; 36 int phase2_success; 37 int phase2_start; 38 EapDecision decision_succ; 39 40 enum phase2_types { 41 EAP_TTLS_PHASE2_EAP, 42 EAP_TTLS_PHASE2_MSCHAPV2, 43 EAP_TTLS_PHASE2_MSCHAP, 44 EAP_TTLS_PHASE2_PAP, 45 EAP_TTLS_PHASE2_CHAP 46 } phase2_type; 47 struct eap_method_type phase2_eap_type; 48 struct eap_method_type *phase2_eap_types; 49 size_t num_phase2_eap_types; 50 51 u8 auth_response[MSCHAPV2_AUTH_RESPONSE_LEN]; 52 int auth_response_valid; 53 u8 master_key[MSCHAPV2_MASTER_KEY_LEN]; /* MSCHAPv2 master key */ 54 u8 ident; 55 int resuming; /* starting a resumed session */ 56 int reauth; /* reauthentication */ 57 u8 *key_data; 58 u8 *session_id; 59 size_t id_len; 60 61 struct wpabuf *pending_phase2_req; 62 struct wpabuf *pending_resp; 63 64 #ifdef EAP_TNC 65 int ready_for_tnc; 66 int tnc_started; 67 #endif /* EAP_TNC */ 68 69 enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; 70 }; 71 72 73 static void eap_ttls_parse_phase1(struct eap_ttls_data *data, 74 const char *phase1) 75 { 76 if (os_strstr(phase1, "phase2_auth=0")) { 77 data->phase2_auth = NO_AUTH; 78 wpa_printf(MSG_DEBUG, 79 "EAP-TTLS: Do not require Phase 2 authentication"); 80 } else if (os_strstr(phase1, "phase2_auth=1")) { 81 data->phase2_auth = FOR_INITIAL; 82 wpa_printf(MSG_DEBUG, 83 "EAP-TTLS: Require Phase 2 authentication for initial connection"); 84 } else if (os_strstr(phase1, "phase2_auth=2")) { 85 data->phase2_auth = ALWAYS; 86 wpa_printf(MSG_DEBUG, 87 "EAP-TTLS: Require Phase 2 authentication for all cases"); 88 } 89 } 90 91 92 static void * eap_ttls_init(struct eap_sm *sm) 93 { 94 struct eap_ttls_data *data; 95 struct eap_peer_config *config = eap_get_config(sm); 96 int selected_non_eap; 97 char *selected; 98 99 data = os_zalloc(sizeof(*data)); 100 if (data == NULL) 101 return NULL; 102 data->ttls_version = EAP_TTLS_VERSION; 103 selected = "EAP"; 104 selected_non_eap = 0; 105 data->phase2_type = EAP_TTLS_PHASE2_EAP; 106 data->phase2_auth = FOR_INITIAL; 107 108 if (config && config->phase1) 109 eap_ttls_parse_phase1(data, config->phase1); 110 111 /* 112 * Either one auth= type or one or more autheap= methods can be 113 * specified. 114 */ 115 if (config && config->phase2) { 116 const char *token, *last = NULL; 117 118 while ((token = cstr_token(config->phase2, " \t", &last))) { 119 if (os_strncmp(token, "auth=", 5) != 0) 120 continue; 121 token += 5; 122 123 if (last - token == 8 && 124 os_strncmp(token, "MSCHAPV2", 8) == 0) { 125 selected = "MSCHAPV2"; 126 data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2; 127 } else if (last - token == 6 && 128 os_strncmp(token, "MSCHAP", 6) == 0) { 129 selected = "MSCHAP"; 130 data->phase2_type = EAP_TTLS_PHASE2_MSCHAP; 131 } else if (last - token == 3 && 132 os_strncmp(token, "PAP", 3) == 0) { 133 selected = "PAP"; 134 data->phase2_type = EAP_TTLS_PHASE2_PAP; 135 } else if (last - token == 4 && 136 os_strncmp(token, "CHAP", 4) == 0) { 137 selected = "CHAP"; 138 data->phase2_type = EAP_TTLS_PHASE2_CHAP; 139 } else { 140 wpa_printf(MSG_ERROR, 141 "EAP-TTLS: Unsupported Phase2 type '%s'", 142 token); 143 eap_ttls_deinit(sm, data); 144 return NULL; 145 } 146 147 if (selected_non_eap) { 148 wpa_printf(MSG_ERROR, 149 "EAP-TTLS: Only one Phase2 type can be specified"); 150 eap_ttls_deinit(sm, data); 151 return NULL; 152 } 153 154 selected_non_eap = 1; 155 } 156 157 if (os_strstr(config->phase2, "autheap=")) { 158 if (selected_non_eap) { 159 wpa_printf(MSG_ERROR, 160 "EAP-TTLS: Both auth= and autheap= params cannot be specified"); 161 eap_ttls_deinit(sm, data); 162 return NULL; 163 } 164 selected = "EAP"; 165 data->phase2_type = EAP_TTLS_PHASE2_EAP; 166 } 167 } 168 169 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected); 170 171 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) { 172 if (eap_peer_select_phase2_methods(config, "autheap=", 173 &data->phase2_eap_types, 174 &data->num_phase2_eap_types, 175 0) < 0) { 176 eap_ttls_deinit(sm, data); 177 return NULL; 178 } 179 180 data->phase2_eap_type.vendor = EAP_VENDOR_IETF; 181 data->phase2_eap_type.method = EAP_TYPE_NONE; 182 } 183 184 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TTLS)) { 185 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 186 eap_ttls_deinit(sm, data); 187 return NULL; 188 } 189 190 return data; 191 } 192 193 194 static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm, 195 struct eap_ttls_data *data) 196 { 197 if (data->phase2_priv && data->phase2_method) { 198 data->phase2_method->deinit(sm, data->phase2_priv); 199 data->phase2_method = NULL; 200 data->phase2_priv = NULL; 201 } 202 } 203 204 205 static void eap_ttls_free_key(struct eap_ttls_data *data) 206 { 207 if (data->key_data) { 208 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 209 data->key_data = NULL; 210 } 211 } 212 213 214 static void eap_ttls_deinit(struct eap_sm *sm, void *priv) 215 { 216 struct eap_ttls_data *data = priv; 217 if (data == NULL) 218 return; 219 eap_ttls_phase2_eap_deinit(sm, data); 220 os_free(data->phase2_eap_types); 221 eap_peer_tls_ssl_deinit(sm, &data->ssl); 222 eap_ttls_free_key(data); 223 os_free(data->session_id); 224 wpabuf_clear_free(data->pending_phase2_req); 225 wpabuf_clear_free(data->pending_resp); 226 os_free(data); 227 } 228 229 230 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 231 int mandatory, size_t len) 232 { 233 struct ttls_avp_vendor *avp; 234 u8 flags; 235 size_t hdrlen; 236 237 avp = (struct ttls_avp_vendor *) avphdr; 238 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 239 if (vendor_id) { 240 flags |= AVP_FLAGS_VENDOR; 241 hdrlen = sizeof(*avp); 242 avp->vendor_id = host_to_be32(vendor_id); 243 } else { 244 hdrlen = sizeof(struct ttls_avp); 245 } 246 247 avp->avp_code = host_to_be32(avp_code); 248 avp->avp_length = host_to_be32(((u32) flags << 24) | 249 (u32) (hdrlen + len)); 250 251 return avphdr + hdrlen; 252 } 253 254 255 static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code, 256 u32 vendor_id, int mandatory, 257 const u8 *data, size_t len) 258 { 259 u8 *pos; 260 pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len); 261 os_memcpy(pos, data, len); 262 pos += len; 263 AVP_PAD(start, pos); 264 return pos; 265 } 266 267 268 static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code, 269 int mandatory) 270 { 271 struct wpabuf *msg; 272 u8 *avp, *pos; 273 274 msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4); 275 if (msg == NULL) { 276 wpabuf_clear_free(*resp); 277 *resp = NULL; 278 return -1; 279 } 280 281 avp = wpabuf_mhead(msg); 282 pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp)); 283 os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp)); 284 pos += wpabuf_len(*resp); 285 AVP_PAD(avp, pos); 286 wpabuf_clear_free(*resp); 287 wpabuf_put(msg, pos - avp); 288 *resp = msg; 289 return 0; 290 } 291 292 293 static int eap_ttls_v0_derive_key(struct eap_sm *sm, 294 struct eap_ttls_data *data) 295 { 296 const char *label; 297 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; 298 const u8 *context = NULL; 299 size_t context_len = 0; 300 301 if (data->ssl.tls_v13) { 302 label = "EXPORTER_EAP_TLS_Key_Material"; 303 context = eap_tls13_context; 304 context_len = sizeof(eap_tls13_context); 305 } else { 306 label = "ttls keying material"; 307 } 308 309 eap_ttls_free_key(data); 310 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label, 311 context, context_len, 312 EAP_TLS_KEY_LEN + 313 EAP_EMSK_LEN); 314 if (!data->key_data) { 315 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key"); 316 return -1; 317 } 318 319 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 320 data->key_data, EAP_TLS_KEY_LEN); 321 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived EMSK", 322 data->key_data + EAP_TLS_KEY_LEN, 323 EAP_EMSK_LEN); 324 325 os_free(data->session_id); 326 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl, 327 EAP_TYPE_TTLS, 328 &data->id_len); 329 if (data->session_id) { 330 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived Session-Id", 331 data->session_id, data->id_len); 332 } else { 333 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive Session-Id"); 334 } 335 336 return 0; 337 } 338 339 340 #ifndef CONFIG_FIPS 341 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 342 struct eap_ttls_data *data, size_t len) 343 { 344 return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", 345 NULL, 0, len); 346 } 347 #endif /* CONFIG_FIPS */ 348 349 350 static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data, 351 int vendor, enum eap_type method) 352 { 353 size_t i; 354 for (i = 0; i < data->num_phase2_eap_types; i++) { 355 if (data->phase2_eap_types[i].vendor != vendor || 356 data->phase2_eap_types[i].method != method) 357 continue; 358 359 data->phase2_eap_type.vendor = 360 data->phase2_eap_types[i].vendor; 361 data->phase2_eap_type.method = 362 data->phase2_eap_types[i].method; 363 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 364 "Phase 2 EAP vendor %d method %d", 365 data->phase2_eap_type.vendor, 366 data->phase2_eap_type.method); 367 break; 368 } 369 } 370 371 372 static int eap_ttls_phase2_eap_process(struct eap_sm *sm, 373 struct eap_ttls_data *data, 374 struct eap_method_ret *ret, 375 struct eap_hdr *hdr, size_t len, 376 struct wpabuf **resp) 377 { 378 struct wpabuf msg; 379 struct eap_method_ret iret; 380 381 os_memset(&iret, 0, sizeof(iret)); 382 wpabuf_set(&msg, hdr, len); 383 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret, 384 &msg); 385 if ((iret.methodState == METHOD_DONE || 386 iret.methodState == METHOD_MAY_CONT) && 387 (iret.decision == DECISION_UNCOND_SUCC || 388 iret.decision == DECISION_COND_SUCC || 389 iret.decision == DECISION_FAIL)) { 390 ret->methodState = iret.methodState; 391 ret->decision = iret.decision; 392 } 393 394 return 0; 395 } 396 397 398 static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm, 399 struct eap_ttls_data *data, 400 struct eap_method_ret *ret, 401 struct eap_hdr *hdr, size_t len, 402 int vendor, enum eap_type method, 403 struct wpabuf **resp) 404 { 405 #ifdef EAP_TNC 406 if (data->tnc_started && data->phase2_method && 407 data->phase2_priv && 408 vendor == EAP_VENDOR_IETF && method == EAP_TYPE_TNC && 409 data->phase2_eap_type.method == EAP_TYPE_TNC) 410 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, 411 resp); 412 413 if (data->ready_for_tnc && !data->tnc_started && 414 vendor == EAP_VENDOR_IETF && method == EAP_TYPE_TNC) { 415 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 416 "EAP method"); 417 data->tnc_started = 1; 418 } 419 420 if (data->tnc_started) { 421 if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF || 422 data->phase2_eap_type.method == EAP_TYPE_TNC) { 423 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected EAP " 424 "type %d for TNC", method); 425 return -1; 426 } 427 428 data->phase2_eap_type.vendor = vendor; 429 data->phase2_eap_type.method = method; 430 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 431 "Phase 2 EAP vendor %d method %d (TNC)", 432 data->phase2_eap_type.vendor, 433 data->phase2_eap_type.method); 434 435 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) 436 eap_ttls_phase2_eap_deinit(sm, data); 437 } 438 #endif /* EAP_TNC */ 439 440 if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF && 441 data->phase2_eap_type.method == EAP_TYPE_NONE) 442 eap_ttls_phase2_select_eap_method(data, vendor, method); 443 444 if (vendor != data->phase2_eap_type.vendor || 445 method != data->phase2_eap_type.method || 446 (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_NONE)) { 447 if (eap_peer_tls_phase2_nak(data->phase2_eap_types, 448 data->num_phase2_eap_types, 449 hdr, resp)) 450 return -1; 451 return 0; 452 } 453 454 if (data->phase2_priv == NULL) { 455 data->phase2_method = eap_peer_get_eap_method(vendor, method); 456 if (data->phase2_method) { 457 sm->init_phase2 = 1; 458 data->phase2_priv = data->phase2_method->init(sm); 459 sm->init_phase2 = 0; 460 } 461 } 462 if (data->phase2_priv == NULL || data->phase2_method == NULL) { 463 wpa_printf(MSG_INFO, 464 "EAP-TTLS: failed to initialize Phase 2 EAP method %u:%u", 465 vendor, method); 466 return -1; 467 } 468 469 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp); 470 } 471 472 473 static int eap_ttls_phase2_request_eap(struct eap_sm *sm, 474 struct eap_ttls_data *data, 475 struct eap_method_ret *ret, 476 struct eap_hdr *hdr, 477 struct wpabuf **resp) 478 { 479 size_t len = be_to_host16(hdr->length); 480 u8 *pos; 481 struct eap_peer_config *config = eap_get_config(sm); 482 483 if (len <= sizeof(struct eap_hdr)) { 484 wpa_printf(MSG_INFO, "EAP-TTLS: too short " 485 "Phase 2 request (len=%lu)", (unsigned long) len); 486 return -1; 487 } 488 pos = (u8 *) (hdr + 1); 489 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos); 490 switch (*pos) { 491 case EAP_TYPE_IDENTITY: 492 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1); 493 break; 494 case EAP_TYPE_EXPANDED: 495 if (len < sizeof(struct eap_hdr) + 8) { 496 wpa_printf(MSG_INFO, 497 "EAP-TTLS: Too short Phase 2 request (expanded header) (len=%lu)", 498 (unsigned long) len); 499 return -1; 500 } 501 if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len, 502 WPA_GET_BE24(pos + 1), 503 WPA_GET_BE32(pos + 4), 504 resp) < 0) 505 return -1; 506 break; 507 default: 508 if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len, 509 EAP_VENDOR_IETF, *pos, 510 resp) < 0) 511 return -1; 512 break; 513 } 514 515 if (*resp == NULL && 516 (config->pending_req_identity || config->pending_req_password || 517 config->pending_req_otp || config->pending_req_sim)) { 518 return 0; 519 } 520 521 if (*resp == NULL) 522 return -1; 523 524 wpa_hexdump_buf(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response", 525 *resp); 526 return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1); 527 } 528 529 530 static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm, 531 struct eap_ttls_data *data, 532 struct eap_method_ret *ret, 533 struct wpabuf **resp) 534 { 535 #ifdef CONFIG_FIPS 536 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPV2 not supported in FIPS build"); 537 return -1; 538 #else /* CONFIG_FIPS */ 539 #ifdef EAP_MSCHAPv2 540 struct wpabuf *msg; 541 u8 *buf, *pos, *challenge, *peer_challenge; 542 const u8 *identity, *password; 543 size_t identity_len, password_len; 544 int pwhash; 545 546 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request"); 547 548 identity = eap_get_config_identity(sm, &identity_len); 549 password = eap_get_config_password2(sm, &password_len, &pwhash); 550 if (identity == NULL || password == NULL) 551 return -1; 552 553 msg = wpabuf_alloc(identity_len + 1000); 554 if (msg == NULL) { 555 wpa_printf(MSG_ERROR, 556 "EAP-TTLS/MSCHAPV2: Failed to allocate memory"); 557 return -1; 558 } 559 pos = buf = wpabuf_mhead(msg); 560 561 /* User-Name */ 562 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 563 identity, identity_len); 564 565 /* MS-CHAP-Challenge */ 566 challenge = eap_ttls_implicit_challenge( 567 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 568 if (challenge == NULL) { 569 wpabuf_clear_free(msg); 570 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 571 "implicit challenge"); 572 return -1; 573 } 574 575 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 576 RADIUS_VENDOR_ID_MICROSOFT, 1, 577 challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 578 579 /* MS-CHAP2-Response */ 580 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE, 581 RADIUS_VENDOR_ID_MICROSOFT, 1, 582 EAP_TTLS_MSCHAPV2_RESPONSE_LEN); 583 data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]; 584 *pos++ = data->ident; 585 *pos++ = 0; /* Flags */ 586 if (os_get_random(pos, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) < 0) { 587 os_free(challenge); 588 wpabuf_clear_free(msg); 589 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get " 590 "random data for peer challenge"); 591 return -1; 592 } 593 peer_challenge = pos; 594 pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN; 595 os_memset(pos, 0, 8); /* Reserved, must be zero */ 596 pos += 8; 597 if (mschapv2_derive_response(identity, identity_len, password, 598 password_len, pwhash, challenge, 599 peer_challenge, pos, data->auth_response, 600 data->master_key)) { 601 os_free(challenge); 602 wpabuf_clear_free(msg); 603 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 604 "response"); 605 return -1; 606 } 607 data->auth_response_valid = 1; 608 609 pos += 24; 610 os_free(challenge); 611 AVP_PAD(buf, pos); 612 613 wpabuf_put(msg, pos - buf); 614 *resp = msg; 615 616 return 0; 617 #else /* EAP_MSCHAPv2 */ 618 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build"); 619 return -1; 620 #endif /* EAP_MSCHAPv2 */ 621 #endif /* CONFIG_FIPS */ 622 } 623 624 625 static int eap_ttls_phase2_request_mschap(struct eap_sm *sm, 626 struct eap_ttls_data *data, 627 struct eap_method_ret *ret, 628 struct wpabuf **resp) 629 { 630 #ifdef CONFIG_FIPS 631 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAP not supported in FIPS build"); 632 return -1; 633 #else /* CONFIG_FIPS */ 634 struct wpabuf *msg; 635 u8 *buf, *pos, *challenge; 636 const u8 *identity, *password; 637 size_t identity_len, password_len; 638 int pwhash; 639 640 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request"); 641 642 identity = eap_get_config_identity(sm, &identity_len); 643 password = eap_get_config_password2(sm, &password_len, &pwhash); 644 if (identity == NULL || password == NULL) 645 return -1; 646 647 msg = wpabuf_alloc(identity_len + 1000); 648 if (msg == NULL) { 649 wpa_printf(MSG_ERROR, 650 "EAP-TTLS/MSCHAP: Failed to allocate memory"); 651 return -1; 652 } 653 pos = buf = wpabuf_mhead(msg); 654 655 /* User-Name */ 656 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 657 identity, identity_len); 658 659 /* MS-CHAP-Challenge */ 660 challenge = eap_ttls_implicit_challenge( 661 sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 662 if (challenge == NULL) { 663 wpabuf_clear_free(msg); 664 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive " 665 "implicit challenge"); 666 return -1; 667 } 668 669 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 670 RADIUS_VENDOR_ID_MICROSOFT, 1, 671 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 672 673 /* MS-CHAP-Response */ 674 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE, 675 RADIUS_VENDOR_ID_MICROSOFT, 1, 676 EAP_TTLS_MSCHAP_RESPONSE_LEN); 677 data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN]; 678 *pos++ = data->ident; 679 *pos++ = 1; /* Flags: Use NT style passwords */ 680 os_memset(pos, 0, 24); /* LM-Response */ 681 pos += 24; 682 if (pwhash) { 683 /* NT-Response */ 684 if (challenge_response(challenge, password, pos)) { 685 wpa_printf(MSG_ERROR, 686 "EAP-TTLS/MSCHAP: Failed derive password hash"); 687 wpabuf_clear_free(msg); 688 os_free(challenge); 689 return -1; 690 } 691 692 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash", 693 password, 16); 694 } else { 695 /* NT-Response */ 696 if (nt_challenge_response(challenge, password, password_len, 697 pos)) { 698 wpa_printf(MSG_ERROR, 699 "EAP-TTLS/MSCHAP: Failed derive password"); 700 wpabuf_clear_free(msg); 701 os_free(challenge); 702 return -1; 703 } 704 705 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password", 706 password, password_len); 707 } 708 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge", 709 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 710 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24); 711 pos += 24; 712 os_free(challenge); 713 AVP_PAD(buf, pos); 714 715 wpabuf_put(msg, pos - buf); 716 *resp = msg; 717 718 /* EAP-TTLS/MSCHAP does not provide tunneled success 719 * notification, so assume that Phase2 succeeds. */ 720 ret->methodState = METHOD_DONE; 721 ret->decision = DECISION_COND_SUCC; 722 723 return 0; 724 #endif /* CONFIG_FIPS */ 725 } 726 727 728 static int eap_ttls_phase2_request_pap(struct eap_sm *sm, 729 struct eap_ttls_data *data, 730 struct eap_method_ret *ret, 731 struct wpabuf **resp) 732 { 733 struct wpabuf *msg; 734 u8 *buf, *pos; 735 size_t pad; 736 const u8 *identity, *password; 737 size_t identity_len, password_len; 738 739 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request"); 740 741 identity = eap_get_config_identity(sm, &identity_len); 742 password = eap_get_config_password(sm, &password_len); 743 if (identity == NULL || password == NULL) 744 return -1; 745 746 msg = wpabuf_alloc(identity_len + password_len + 100); 747 if (msg == NULL) { 748 wpa_printf(MSG_ERROR, 749 "EAP-TTLS/PAP: Failed to allocate memory"); 750 return -1; 751 } 752 pos = buf = wpabuf_mhead(msg); 753 754 /* User-Name */ 755 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 756 identity, identity_len); 757 758 /* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts 759 * the data, so no separate encryption is used in the AVP itself. 760 * However, the password is padded to obfuscate its length. */ 761 pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15; 762 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1, 763 password_len + pad); 764 os_memcpy(pos, password, password_len); 765 pos += password_len; 766 os_memset(pos, 0, pad); 767 pos += pad; 768 AVP_PAD(buf, pos); 769 770 wpabuf_put(msg, pos - buf); 771 *resp = msg; 772 773 /* EAP-TTLS/PAP does not provide tunneled success notification, 774 * so assume that Phase2 succeeds. */ 775 ret->methodState = METHOD_DONE; 776 ret->decision = DECISION_COND_SUCC; 777 778 return 0; 779 } 780 781 782 static int eap_ttls_phase2_request_chap(struct eap_sm *sm, 783 struct eap_ttls_data *data, 784 struct eap_method_ret *ret, 785 struct wpabuf **resp) 786 { 787 #ifdef CONFIG_FIPS 788 wpa_printf(MSG_ERROR, "EAP-TTLS: CHAP not supported in FIPS build"); 789 return -1; 790 #else /* CONFIG_FIPS */ 791 struct wpabuf *msg; 792 u8 *buf, *pos, *challenge; 793 const u8 *identity, *password; 794 size_t identity_len, password_len; 795 796 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request"); 797 798 identity = eap_get_config_identity(sm, &identity_len); 799 password = eap_get_config_password(sm, &password_len); 800 if (identity == NULL || password == NULL) 801 return -1; 802 803 msg = wpabuf_alloc(identity_len + 1000); 804 if (msg == NULL) { 805 wpa_printf(MSG_ERROR, 806 "EAP-TTLS/CHAP: Failed to allocate memory"); 807 return -1; 808 } 809 pos = buf = wpabuf_mhead(msg); 810 811 /* User-Name */ 812 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 813 identity, identity_len); 814 815 /* CHAP-Challenge */ 816 challenge = eap_ttls_implicit_challenge( 817 sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 818 if (challenge == NULL) { 819 wpabuf_clear_free(msg); 820 wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive " 821 "implicit challenge"); 822 return -1; 823 } 824 825 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1, 826 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 827 828 /* CHAP-Password */ 829 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1, 830 1 + EAP_TTLS_CHAP_PASSWORD_LEN); 831 data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN]; 832 *pos++ = data->ident; 833 834 /* MD5(Ident + Password + Challenge) */ 835 chap_md5(data->ident, password, password_len, challenge, 836 EAP_TTLS_CHAP_CHALLENGE_LEN, pos); 837 838 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username", 839 identity, identity_len); 840 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password", 841 password, password_len); 842 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge", 843 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 844 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password", 845 pos, EAP_TTLS_CHAP_PASSWORD_LEN); 846 pos += EAP_TTLS_CHAP_PASSWORD_LEN; 847 os_free(challenge); 848 AVP_PAD(buf, pos); 849 850 wpabuf_put(msg, pos - buf); 851 *resp = msg; 852 853 /* EAP-TTLS/CHAP does not provide tunneled success 854 * notification, so assume that Phase2 succeeds. */ 855 ret->methodState = METHOD_DONE; 856 ret->decision = DECISION_COND_SUCC; 857 858 return 0; 859 #endif /* CONFIG_FIPS */ 860 } 861 862 863 static int eap_ttls_phase2_request(struct eap_sm *sm, 864 struct eap_ttls_data *data, 865 struct eap_method_ret *ret, 866 struct eap_hdr *hdr, 867 struct wpabuf **resp) 868 { 869 int res = 0; 870 size_t len; 871 enum phase2_types phase2_type = data->phase2_type; 872 873 #ifdef EAP_TNC 874 if (data->tnc_started) { 875 wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC"); 876 phase2_type = EAP_TTLS_PHASE2_EAP; 877 } 878 #endif /* EAP_TNC */ 879 880 if (phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 || 881 phase2_type == EAP_TTLS_PHASE2_MSCHAP || 882 phase2_type == EAP_TTLS_PHASE2_PAP || 883 phase2_type == EAP_TTLS_PHASE2_CHAP) { 884 if (eap_get_config_identity(sm, &len) == NULL) { 885 wpa_printf(MSG_INFO, 886 "EAP-TTLS: Identity not configured"); 887 eap_sm_request_identity(sm); 888 if (eap_get_config_password(sm, &len) == NULL) 889 eap_sm_request_password(sm); 890 return 0; 891 } 892 893 if (eap_get_config_password(sm, &len) == NULL) { 894 wpa_printf(MSG_INFO, 895 "EAP-TTLS: Password not configured"); 896 eap_sm_request_password(sm); 897 return 0; 898 } 899 } 900 901 switch (phase2_type) { 902 case EAP_TTLS_PHASE2_EAP: 903 res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp); 904 break; 905 case EAP_TTLS_PHASE2_MSCHAPV2: 906 res = eap_ttls_phase2_request_mschapv2(sm, data, ret, resp); 907 break; 908 case EAP_TTLS_PHASE2_MSCHAP: 909 res = eap_ttls_phase2_request_mschap(sm, data, ret, resp); 910 break; 911 case EAP_TTLS_PHASE2_PAP: 912 res = eap_ttls_phase2_request_pap(sm, data, ret, resp); 913 break; 914 case EAP_TTLS_PHASE2_CHAP: 915 res = eap_ttls_phase2_request_chap(sm, data, ret, resp); 916 break; 917 default: 918 wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown"); 919 res = -1; 920 break; 921 } 922 923 if (res < 0) { 924 ret->methodState = METHOD_DONE; 925 ret->decision = DECISION_FAIL; 926 } 927 928 return res; 929 } 930 931 932 struct ttls_parse_avp { 933 u8 *mschapv2; 934 u8 *eapdata; 935 size_t eap_len; 936 int mschapv2_error; 937 }; 938 939 940 static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen, 941 struct ttls_parse_avp *parse) 942 { 943 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 944 if (parse->eapdata == NULL) { 945 parse->eapdata = os_memdup(dpos, dlen); 946 if (parse->eapdata == NULL) { 947 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 948 "memory for Phase 2 EAP data"); 949 return -1; 950 } 951 parse->eap_len = dlen; 952 } else { 953 u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen); 954 if (neweap == NULL) { 955 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 956 "memory for Phase 2 EAP data"); 957 return -1; 958 } 959 os_memcpy(neweap + parse->eap_len, dpos, dlen); 960 parse->eapdata = neweap; 961 parse->eap_len += dlen; 962 } 963 964 return 0; 965 } 966 967 968 static int eap_ttls_parse_avp(u8 *pos, size_t left, 969 struct ttls_parse_avp *parse) 970 { 971 struct ttls_avp *avp; 972 u32 avp_code, avp_length, vendor_id = 0; 973 u8 avp_flags, *dpos; 974 size_t dlen; 975 976 avp = (struct ttls_avp *) pos; 977 avp_code = be_to_host32(avp->avp_code); 978 avp_length = be_to_host32(avp->avp_length); 979 avp_flags = (avp_length >> 24) & 0xff; 980 avp_length &= 0xffffff; 981 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 982 "length=%d", (int) avp_code, avp_flags, 983 (int) avp_length); 984 985 if (avp_length > left) { 986 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 987 "(len=%d, left=%lu) - dropped", 988 (int) avp_length, (unsigned long) left); 989 return -1; 990 } 991 992 if (avp_length < sizeof(*avp)) { 993 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length %d", 994 avp_length); 995 return -1; 996 } 997 998 dpos = (u8 *) (avp + 1); 999 dlen = avp_length - sizeof(*avp); 1000 if (avp_flags & AVP_FLAGS_VENDOR) { 1001 if (dlen < 4) { 1002 wpa_printf(MSG_WARNING, "EAP-TTLS: Vendor AVP " 1003 "underflow"); 1004 return -1; 1005 } 1006 vendor_id = WPA_GET_BE32(dpos); 1007 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 1008 (int) vendor_id); 1009 dpos += 4; 1010 dlen -= 4; 1011 } 1012 1013 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 1014 1015 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 1016 if (eap_ttls_parse_attr_eap(dpos, dlen, parse) < 0) 1017 return -1; 1018 } else if (vendor_id == 0 && avp_code == RADIUS_ATTR_REPLY_MESSAGE) { 1019 /* This is an optional message that can be displayed to 1020 * the user. */ 1021 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: AVP - Reply-Message", 1022 dpos, dlen); 1023 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 1024 avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) { 1025 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP2-Success", 1026 dpos, dlen); 1027 if (dlen != 43) { 1028 wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected " 1029 "MS-CHAP2-Success length " 1030 "(len=%lu, expected 43)", 1031 (unsigned long) dlen); 1032 return -1; 1033 } 1034 parse->mschapv2 = dpos; 1035 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 1036 avp_code == RADIUS_ATTR_MS_CHAP_ERROR) { 1037 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP-Error", 1038 dpos, dlen); 1039 parse->mschapv2_error = 1; 1040 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 1041 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported mandatory AVP " 1042 "code %d vendor_id %d - dropped", 1043 (int) avp_code, (int) vendor_id); 1044 return -1; 1045 } else { 1046 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported AVP " 1047 "code %d vendor_id %d", 1048 (int) avp_code, (int) vendor_id); 1049 } 1050 1051 return avp_length; 1052 } 1053 1054 1055 static int eap_ttls_parse_avps(struct wpabuf *in_decrypted, 1056 struct ttls_parse_avp *parse) 1057 { 1058 u8 *pos; 1059 size_t left, pad; 1060 int avp_length; 1061 1062 pos = wpabuf_mhead(in_decrypted); 1063 left = wpabuf_len(in_decrypted); 1064 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left); 1065 if (left < sizeof(struct ttls_avp)) { 1066 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame" 1067 " len=%lu expected %lu or more - dropped", 1068 (unsigned long) left, 1069 (unsigned long) sizeof(struct ttls_avp)); 1070 return -1; 1071 } 1072 1073 /* Parse AVPs */ 1074 os_memset(parse, 0, sizeof(*parse)); 1075 1076 while (left > 0) { 1077 avp_length = eap_ttls_parse_avp(pos, left, parse); 1078 if (avp_length < 0) 1079 return -1; 1080 1081 pad = (4 - (avp_length & 3)) & 3; 1082 pos += avp_length + pad; 1083 if (left < avp_length + pad) 1084 left = 0; 1085 else 1086 left -= avp_length + pad; 1087 } 1088 1089 return 0; 1090 } 1091 1092 1093 static u8 * eap_ttls_fake_identity_request(void) 1094 { 1095 struct eap_hdr *hdr; 1096 u8 *buf; 1097 1098 wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of " 1099 "Phase 2 - use fake EAP-Request Identity"); 1100 buf = os_malloc(sizeof(*hdr) + 1); 1101 if (buf == NULL) { 1102 wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate " 1103 "memory for fake EAP-Identity Request"); 1104 return NULL; 1105 } 1106 1107 hdr = (struct eap_hdr *) buf; 1108 hdr->code = EAP_CODE_REQUEST; 1109 hdr->identifier = 0; 1110 hdr->length = host_to_be16(sizeof(*hdr) + 1); 1111 buf[sizeof(*hdr)] = EAP_TYPE_IDENTITY; 1112 1113 return buf; 1114 } 1115 1116 1117 static int eap_ttls_encrypt_response(struct eap_sm *sm, 1118 struct eap_ttls_data *data, 1119 struct wpabuf *resp, u8 identifier, 1120 struct wpabuf **out_data) 1121 { 1122 if (resp == NULL) 1123 return 0; 1124 1125 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data", 1126 resp); 1127 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 1128 data->ttls_version, identifier, 1129 resp, out_data)) { 1130 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 " 1131 "frame"); 1132 wpabuf_clear_free(resp); 1133 return -1; 1134 } 1135 wpabuf_clear_free(resp); 1136 1137 return 0; 1138 } 1139 1140 1141 static int eap_ttls_process_phase2_eap(struct eap_sm *sm, 1142 struct eap_ttls_data *data, 1143 struct eap_method_ret *ret, 1144 struct ttls_parse_avp *parse, 1145 struct wpabuf **resp) 1146 { 1147 struct eap_hdr *hdr; 1148 size_t len; 1149 1150 if (parse->eapdata == NULL) { 1151 wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in the " 1152 "packet - dropped"); 1153 return -1; 1154 } 1155 1156 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP", 1157 parse->eapdata, parse->eap_len); 1158 hdr = (struct eap_hdr *) parse->eapdata; 1159 1160 if (parse->eap_len < sizeof(*hdr)) { 1161 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 EAP " 1162 "frame (len=%lu, expected %lu or more) - dropped", 1163 (unsigned long) parse->eap_len, 1164 (unsigned long) sizeof(*hdr)); 1165 return -1; 1166 } 1167 len = be_to_host16(hdr->length); 1168 if (len > parse->eap_len) { 1169 wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in Phase 2 " 1170 "EAP frame (EAP hdr len=%lu, EAP data len in " 1171 "AVP=%lu)", 1172 (unsigned long) len, 1173 (unsigned long) parse->eap_len); 1174 return -1; 1175 } 1176 wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d " 1177 "identifier=%d length=%lu", 1178 hdr->code, hdr->identifier, (unsigned long) len); 1179 switch (hdr->code) { 1180 case EAP_CODE_REQUEST: 1181 if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) { 1182 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1183 "processing failed"); 1184 return -1; 1185 } 1186 break; 1187 default: 1188 wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in " 1189 "Phase 2 EAP header", hdr->code); 1190 return -1; 1191 } 1192 1193 return 0; 1194 } 1195 1196 1197 static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 1198 struct eap_ttls_data *data, 1199 struct eap_method_ret *ret, 1200 struct ttls_parse_avp *parse) 1201 { 1202 #ifdef EAP_MSCHAPv2 1203 if (parse->mschapv2_error) { 1204 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received " 1205 "MS-CHAP-Error - failed"); 1206 ret->methodState = METHOD_DONE; 1207 ret->decision = DECISION_FAIL; 1208 /* Reply with empty data to ACK error */ 1209 return 1; 1210 } 1211 1212 if (parse->mschapv2 == NULL) { 1213 #ifdef EAP_TNC 1214 if (data->phase2_success && parse->eapdata) { 1215 /* 1216 * Allow EAP-TNC to be started after successfully 1217 * completed MSCHAPV2. 1218 */ 1219 return 1; 1220 } 1221 #endif /* EAP_TNC */ 1222 wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP " 1223 "received for Phase2 MSCHAPV2"); 1224 return -1; 1225 } 1226 if (parse->mschapv2[0] != data->ident) { 1227 wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch for Phase 2 " 1228 "MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)", 1229 parse->mschapv2[0], data->ident); 1230 return -1; 1231 } 1232 if (!data->auth_response_valid || 1233 mschapv2_verify_auth_response(data->auth_response, 1234 parse->mschapv2 + 1, 42)) { 1235 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid authenticator " 1236 "response in Phase 2 MSCHAPV2 success request"); 1237 return -1; 1238 } 1239 1240 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 " 1241 "authentication succeeded"); 1242 ret->methodState = METHOD_DONE; 1243 ret->decision = DECISION_UNCOND_SUCC; 1244 data->phase2_success = 1; 1245 1246 /* 1247 * Reply with empty data; authentication server will reply 1248 * with EAP-Success after this. 1249 */ 1250 return 1; 1251 #else /* EAP_MSCHAPv2 */ 1252 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build"); 1253 return -1; 1254 #endif /* EAP_MSCHAPv2 */ 1255 } 1256 1257 1258 #ifdef EAP_TNC 1259 static int eap_ttls_process_tnc_start(struct eap_sm *sm, 1260 struct eap_ttls_data *data, 1261 struct eap_method_ret *ret, 1262 struct ttls_parse_avp *parse, 1263 struct wpabuf **resp) 1264 { 1265 /* TNC uses inner EAP method after non-EAP TTLS phase 2. */ 1266 if (parse->eapdata == NULL) { 1267 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1268 "unexpected tunneled data (no EAP)"); 1269 return -1; 1270 } 1271 1272 if (!data->ready_for_tnc) { 1273 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1274 "EAP after non-EAP, but not ready for TNC"); 1275 return -1; 1276 } 1277 1278 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 1279 "non-EAP method"); 1280 data->tnc_started = 1; 1281 1282 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0) 1283 return -1; 1284 1285 return 0; 1286 } 1287 #endif /* EAP_TNC */ 1288 1289 1290 static int eap_ttls_process_decrypted(struct eap_sm *sm, 1291 struct eap_ttls_data *data, 1292 struct eap_method_ret *ret, 1293 u8 identifier, 1294 struct ttls_parse_avp *parse, 1295 struct wpabuf *in_decrypted, 1296 struct wpabuf **out_data) 1297 { 1298 struct wpabuf *resp = NULL; 1299 struct eap_peer_config *config = eap_get_config(sm); 1300 int res; 1301 enum phase2_types phase2_type = data->phase2_type; 1302 1303 #ifdef EAP_TNC 1304 if (data->tnc_started) 1305 phase2_type = EAP_TTLS_PHASE2_EAP; 1306 #endif /* EAP_TNC */ 1307 1308 switch (phase2_type) { 1309 case EAP_TTLS_PHASE2_EAP: 1310 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, &resp) < 1311 0) 1312 return -1; 1313 break; 1314 case EAP_TTLS_PHASE2_MSCHAPV2: 1315 res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse); 1316 #ifdef EAP_TNC 1317 if (res == 1 && parse->eapdata && data->phase2_success) { 1318 /* 1319 * TNC may be required as the next 1320 * authentication method within the tunnel. 1321 */ 1322 ret->methodState = METHOD_MAY_CONT; 1323 data->ready_for_tnc = 1; 1324 if (eap_ttls_process_tnc_start(sm, data, ret, parse, 1325 &resp) == 0) 1326 break; 1327 } 1328 #endif /* EAP_TNC */ 1329 return res; 1330 case EAP_TTLS_PHASE2_MSCHAP: 1331 case EAP_TTLS_PHASE2_PAP: 1332 case EAP_TTLS_PHASE2_CHAP: 1333 #ifdef EAP_TNC 1334 if (eap_ttls_process_tnc_start(sm, data, ret, parse, &resp) < 1335 0) 1336 return -1; 1337 break; 1338 #else /* EAP_TNC */ 1339 /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled 1340 * requests to the supplicant */ 1341 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected " 1342 "tunneled data"); 1343 return -1; 1344 #endif /* EAP_TNC */ 1345 } 1346 1347 if (resp) { 1348 if (eap_ttls_encrypt_response(sm, data, resp, identifier, 1349 out_data) < 0) 1350 return -1; 1351 } else if (config->pending_req_identity || 1352 config->pending_req_password || 1353 config->pending_req_otp || 1354 config->pending_req_new_password || 1355 config->pending_req_sim) { 1356 wpabuf_clear_free(data->pending_phase2_req); 1357 data->pending_phase2_req = wpabuf_dup(in_decrypted); 1358 } 1359 1360 return 0; 1361 } 1362 1363 1364 static int eap_ttls_implicit_identity_request(struct eap_sm *sm, 1365 struct eap_ttls_data *data, 1366 struct eap_method_ret *ret, 1367 u8 identifier, 1368 struct wpabuf **out_data) 1369 { 1370 int retval = 0; 1371 struct eap_hdr *hdr; 1372 struct wpabuf *resp; 1373 1374 hdr = (struct eap_hdr *) eap_ttls_fake_identity_request(); 1375 if (hdr == NULL) { 1376 ret->methodState = METHOD_DONE; 1377 ret->decision = DECISION_FAIL; 1378 return -1; 1379 } 1380 1381 resp = NULL; 1382 if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) { 1383 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1384 "processing failed"); 1385 retval = -1; 1386 } else { 1387 struct eap_peer_config *config = eap_get_config(sm); 1388 if (resp == NULL && 1389 (config->pending_req_identity || 1390 config->pending_req_password || 1391 config->pending_req_otp || 1392 config->pending_req_new_password || 1393 config->pending_req_sim)) { 1394 /* 1395 * Use empty buffer to force implicit request 1396 * processing when EAP request is re-processed after 1397 * user input. 1398 */ 1399 wpabuf_clear_free(data->pending_phase2_req); 1400 data->pending_phase2_req = wpabuf_alloc(0); 1401 } 1402 1403 retval = eap_ttls_encrypt_response(sm, data, resp, identifier, 1404 out_data); 1405 } 1406 1407 os_free(hdr); 1408 1409 if (retval < 0) { 1410 ret->methodState = METHOD_DONE; 1411 ret->decision = DECISION_FAIL; 1412 } 1413 1414 return retval; 1415 } 1416 1417 1418 static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data, 1419 struct eap_method_ret *ret, u8 identifier, 1420 struct wpabuf **out_data) 1421 { 1422 data->phase2_start = 0; 1423 1424 /* 1425 * EAP-TTLS does not use Phase2 on fast re-auth; this must be done only 1426 * if TLS part was indeed resuming a previous session. Most 1427 * Authentication Servers terminate EAP-TTLS before reaching this 1428 * point, but some do not. Make wpa_supplicant stop phase 2 here, if 1429 * needed. 1430 */ 1431 if (data->reauth && 1432 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) { 1433 wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - " 1434 "skip phase 2"); 1435 *out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS, 1436 data->ttls_version); 1437 ret->methodState = METHOD_DONE; 1438 ret->decision = DECISION_UNCOND_SUCC; 1439 data->phase2_success = 1; 1440 return 0; 1441 } 1442 1443 return eap_ttls_implicit_identity_request(sm, data, ret, identifier, 1444 out_data); 1445 } 1446 1447 1448 static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data, 1449 struct eap_method_ret *ret, u8 identifier, 1450 const struct wpabuf *in_data, 1451 struct wpabuf **out_data) 1452 { 1453 struct wpabuf *in_decrypted = NULL; 1454 int retval = 0; 1455 struct ttls_parse_avp parse; 1456 1457 os_memset(&parse, 0, sizeof(parse)); 1458 1459 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1460 " Phase 2", 1461 in_data ? (unsigned long) wpabuf_len(in_data) : 0); 1462 1463 if (data->pending_phase2_req) { 1464 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - " 1465 "skip decryption and use old data"); 1466 /* Clear TLS reassembly state. */ 1467 eap_peer_tls_reset_input(&data->ssl); 1468 1469 in_decrypted = data->pending_phase2_req; 1470 data->pending_phase2_req = NULL; 1471 if (wpabuf_len(in_decrypted) == 0) { 1472 wpabuf_clear_free(in_decrypted); 1473 return eap_ttls_implicit_identity_request( 1474 sm, data, ret, identifier, out_data); 1475 } 1476 goto continue_req; 1477 } 1478 1479 if ((in_data == NULL || wpabuf_len(in_data) == 0) && 1480 data->phase2_start) { 1481 start: 1482 return eap_ttls_phase2_start(sm, data, ret, identifier, 1483 out_data); 1484 } 1485 1486 if (in_data == NULL || wpabuf_len(in_data) == 0) { 1487 /* Received TLS ACK - requesting more fragments */ 1488 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 1489 data->ttls_version, 1490 identifier, NULL, out_data); 1491 } 1492 1493 retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); 1494 if (retval) 1495 goto done; 1496 if (wpabuf_len(in_decrypted) == 0) { 1497 wpabuf_free(in_decrypted); 1498 goto start; 1499 } 1500 1501 /* RFC 9190 Section 2.5 */ 1502 if (data->ssl.tls_v13 && wpabuf_len(in_decrypted) == 1 && 1503 *wpabuf_head_u8(in_decrypted) == 0) { 1504 wpa_printf(MSG_DEBUG, 1505 "EAP-TLS: ACKing protected success indication (appl data 0x00)"); 1506 eap_peer_tls_reset_output(&data->ssl); 1507 wpabuf_free(in_decrypted); 1508 return 1; 1509 } 1510 1511 continue_req: 1512 data->phase2_start = 0; 1513 1514 if (eap_ttls_parse_avps(in_decrypted, &parse) < 0) { 1515 retval = -1; 1516 goto done; 1517 } 1518 1519 retval = eap_ttls_process_decrypted(sm, data, ret, identifier, 1520 &parse, in_decrypted, out_data); 1521 1522 done: 1523 wpabuf_clear_free(in_decrypted); 1524 os_free(parse.eapdata); 1525 1526 if (retval < 0) { 1527 ret->methodState = METHOD_DONE; 1528 ret->decision = DECISION_FAIL; 1529 } 1530 1531 return retval; 1532 } 1533 1534 1535 static int eap_ttls_process_handshake(struct eap_sm *sm, 1536 struct eap_ttls_data *data, 1537 struct eap_method_ret *ret, 1538 u8 identifier, 1539 const struct wpabuf *in_data, 1540 struct wpabuf **out_data) 1541 { 1542 int res; 1543 1544 if (sm->waiting_ext_cert_check && data->pending_resp) { 1545 struct eap_peer_config *config = eap_get_config(sm); 1546 1547 if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) { 1548 wpa_printf(MSG_DEBUG, 1549 "EAP-TTLS: External certificate check succeeded - continue handshake"); 1550 *out_data = data->pending_resp; 1551 data->pending_resp = NULL; 1552 sm->waiting_ext_cert_check = 0; 1553 return 0; 1554 } 1555 1556 if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) { 1557 wpa_printf(MSG_DEBUG, 1558 "EAP-TTLS: External certificate check failed - force authentication failure"); 1559 ret->methodState = METHOD_DONE; 1560 ret->decision = DECISION_FAIL; 1561 sm->waiting_ext_cert_check = 0; 1562 return 0; 1563 } 1564 1565 wpa_printf(MSG_DEBUG, 1566 "EAP-TTLS: Continuing to wait external server certificate validation"); 1567 return 0; 1568 } 1569 1570 res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS, 1571 data->ttls_version, identifier, 1572 in_data, out_data); 1573 if (res < 0) { 1574 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS processing failed"); 1575 ret->methodState = METHOD_DONE; 1576 ret->decision = DECISION_FAIL; 1577 return -1; 1578 } 1579 1580 if (sm->waiting_ext_cert_check) { 1581 wpa_printf(MSG_DEBUG, 1582 "EAP-TTLS: Waiting external server certificate validation"); 1583 wpabuf_clear_free(data->pending_resp); 1584 data->pending_resp = *out_data; 1585 *out_data = NULL; 1586 return 0; 1587 } 1588 1589 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 1590 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to " 1591 "Phase 2"); 1592 if (data->resuming) { 1593 wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may " 1594 "skip Phase 2"); 1595 ret->decision = DECISION_COND_SUCC; 1596 ret->methodState = METHOD_MAY_CONT; 1597 } 1598 data->phase2_start = 1; 1599 eap_ttls_v0_derive_key(sm, data); 1600 1601 if (*out_data == NULL || wpabuf_len(*out_data) == 0) { 1602 if (eap_ttls_decrypt(sm, data, ret, identifier, 1603 NULL, out_data)) { 1604 wpa_printf(MSG_WARNING, "EAP-TTLS: " 1605 "failed to process early " 1606 "start for Phase 2"); 1607 } 1608 res = 0; 1609 } 1610 data->resuming = 0; 1611 } 1612 1613 if (res == 2) { 1614 /* 1615 * Application data included in the handshake message. 1616 */ 1617 wpabuf_clear_free(data->pending_phase2_req); 1618 data->pending_phase2_req = *out_data; 1619 *out_data = NULL; 1620 res = eap_ttls_decrypt(sm, data, ret, identifier, in_data, 1621 out_data); 1622 } 1623 1624 return res; 1625 } 1626 1627 1628 static void eap_ttls_check_auth_status(struct eap_sm *sm, 1629 struct eap_ttls_data *data, 1630 struct eap_method_ret *ret) 1631 { 1632 if (ret->methodState == METHOD_DONE) { 1633 ret->allowNotifications = false; 1634 if (ret->decision == DECISION_UNCOND_SUCC || 1635 ret->decision == DECISION_COND_SUCC) { 1636 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1637 "completed successfully"); 1638 data->phase2_success = 1; 1639 data->decision_succ = ret->decision; 1640 #ifdef EAP_TNC 1641 if (!data->ready_for_tnc && !data->tnc_started) { 1642 /* 1643 * TNC may be required as the next 1644 * authentication method within the tunnel. 1645 */ 1646 ret->methodState = METHOD_MAY_CONT; 1647 data->ready_for_tnc = 1; 1648 } 1649 #endif /* EAP_TNC */ 1650 } 1651 } else if (ret->methodState == METHOD_MAY_CONT && 1652 (ret->decision == DECISION_UNCOND_SUCC || 1653 ret->decision == DECISION_COND_SUCC)) { 1654 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1655 "completed successfully (MAY_CONT)"); 1656 data->phase2_success = 1; 1657 data->decision_succ = ret->decision; 1658 } else if (data->decision_succ != DECISION_FAIL && 1659 data->phase2_success && 1660 !data->ssl.tls_out) { 1661 /* 1662 * This is needed to cover the case where the final Phase 2 1663 * message gets fragmented since fragmentation clears 1664 * decision back to FAIL. 1665 */ 1666 wpa_printf(MSG_DEBUG, 1667 "EAP-TTLS: Restore success decision after fragmented frame sent completely"); 1668 ret->decision = data->decision_succ; 1669 } 1670 } 1671 1672 1673 static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv, 1674 struct eap_method_ret *ret, 1675 const struct wpabuf *reqData) 1676 { 1677 size_t left; 1678 int res; 1679 u8 flags, id; 1680 struct wpabuf *resp; 1681 const u8 *pos; 1682 struct eap_ttls_data *data = priv; 1683 struct wpabuf msg; 1684 1685 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret, 1686 reqData, &left, &flags); 1687 if (pos == NULL) 1688 return NULL; 1689 id = eap_get_id(reqData); 1690 1691 if (flags & EAP_TLS_FLAGS_START) { 1692 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own " 1693 "ver=%d)", flags & EAP_TLS_VERSION_MASK, 1694 data->ttls_version); 1695 1696 /* RFC 5281, Ch. 9.2: 1697 * "This packet MAY contain additional information in the form 1698 * of AVPs, which may provide useful hints to the client" 1699 * For now, ignore any potential extra data. 1700 */ 1701 left = 0; 1702 } 1703 1704 wpabuf_set(&msg, pos, left); 1705 1706 resp = NULL; 1707 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1708 !data->resuming) { 1709 res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp); 1710 } else { 1711 res = eap_ttls_process_handshake(sm, data, ret, id, 1712 &msg, &resp); 1713 } 1714 1715 eap_ttls_check_auth_status(sm, data, ret); 1716 1717 /* FIX: what about res == -1? Could just move all error processing into 1718 * the other functions and get rid of this res==1 case here. */ 1719 if (res == 1) { 1720 wpabuf_clear_free(resp); 1721 return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS, 1722 data->ttls_version); 1723 } 1724 return resp; 1725 } 1726 1727 1728 static bool eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv) 1729 { 1730 struct eap_ttls_data *data = priv; 1731 1732 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1733 data->phase2_success && data->phase2_auth != ALWAYS; 1734 } 1735 1736 1737 static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv) 1738 { 1739 struct eap_ttls_data *data = priv; 1740 1741 if (data->phase2_priv && data->phase2_method && 1742 data->phase2_method->deinit_for_reauth) 1743 data->phase2_method->deinit_for_reauth(sm, data->phase2_priv); 1744 wpabuf_clear_free(data->pending_phase2_req); 1745 data->pending_phase2_req = NULL; 1746 wpabuf_clear_free(data->pending_resp); 1747 data->pending_resp = NULL; 1748 data->decision_succ = DECISION_FAIL; 1749 #ifdef EAP_TNC 1750 data->ready_for_tnc = 0; 1751 data->tnc_started = 0; 1752 #endif /* EAP_TNC */ 1753 } 1754 1755 1756 static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv) 1757 { 1758 struct eap_ttls_data *data = priv; 1759 eap_ttls_free_key(data); 1760 os_free(data->session_id); 1761 data->session_id = NULL; 1762 if (eap_peer_tls_reauth_init(sm, &data->ssl)) { 1763 os_free(data); 1764 return NULL; 1765 } 1766 if (data->phase2_priv && data->phase2_method && 1767 data->phase2_method->init_for_reauth) 1768 data->phase2_method->init_for_reauth(sm, data->phase2_priv); 1769 data->phase2_start = 0; 1770 data->phase2_success = 0; 1771 data->resuming = 1; 1772 data->reauth = 1; 1773 return priv; 1774 } 1775 1776 1777 static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf, 1778 size_t buflen, int verbose) 1779 { 1780 struct eap_ttls_data *data = priv; 1781 int len, ret; 1782 1783 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose); 1784 ret = os_snprintf(buf + len, buflen - len, 1785 "EAP-TTLSv%d Phase2 method=", 1786 data->ttls_version); 1787 if (os_snprintf_error(buflen - len, ret)) 1788 return len; 1789 len += ret; 1790 switch (data->phase2_type) { 1791 case EAP_TTLS_PHASE2_EAP: 1792 ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n", 1793 data->phase2_method ? 1794 data->phase2_method->name : "?"); 1795 break; 1796 case EAP_TTLS_PHASE2_MSCHAPV2: 1797 ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n"); 1798 break; 1799 case EAP_TTLS_PHASE2_MSCHAP: 1800 ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n"); 1801 break; 1802 case EAP_TTLS_PHASE2_PAP: 1803 ret = os_snprintf(buf + len, buflen - len, "PAP\n"); 1804 break; 1805 case EAP_TTLS_PHASE2_CHAP: 1806 ret = os_snprintf(buf + len, buflen - len, "CHAP\n"); 1807 break; 1808 default: 1809 ret = 0; 1810 break; 1811 } 1812 if (os_snprintf_error(buflen - len, ret)) 1813 return len; 1814 len += ret; 1815 1816 return len; 1817 } 1818 1819 1820 static bool eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv) 1821 { 1822 struct eap_ttls_data *data = priv; 1823 return data->key_data != NULL && data->phase2_success; 1824 } 1825 1826 1827 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1828 { 1829 struct eap_ttls_data *data = priv; 1830 u8 *key; 1831 1832 if (data->key_data == NULL || !data->phase2_success) 1833 return NULL; 1834 1835 key = os_memdup(data->key_data, EAP_TLS_KEY_LEN); 1836 if (key == NULL) 1837 return NULL; 1838 1839 *len = EAP_TLS_KEY_LEN; 1840 1841 return key; 1842 } 1843 1844 1845 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1846 { 1847 struct eap_ttls_data *data = priv; 1848 u8 *id; 1849 1850 if (data->session_id == NULL || !data->phase2_success) 1851 return NULL; 1852 1853 id = os_memdup(data->session_id, data->id_len); 1854 if (id == NULL) 1855 return NULL; 1856 1857 *len = data->id_len; 1858 1859 return id; 1860 } 1861 1862 1863 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 1864 { 1865 struct eap_ttls_data *data = priv; 1866 u8 *key; 1867 1868 if (data->key_data == NULL) 1869 return NULL; 1870 1871 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN); 1872 if (key == NULL) 1873 return NULL; 1874 1875 *len = EAP_EMSK_LEN; 1876 1877 return key; 1878 } 1879 1880 1881 int eap_peer_ttls_register(void) 1882 { 1883 struct eap_method *eap; 1884 1885 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, 1886 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1887 if (eap == NULL) 1888 return -1; 1889 1890 eap->init = eap_ttls_init; 1891 eap->deinit = eap_ttls_deinit; 1892 eap->process = eap_ttls_process; 1893 eap->isKeyAvailable = eap_ttls_isKeyAvailable; 1894 eap->getKey = eap_ttls_getKey; 1895 eap->getSessionId = eap_ttls_get_session_id; 1896 eap->get_status = eap_ttls_get_status; 1897 eap->has_reauth_data = eap_ttls_has_reauth_data; 1898 eap->deinit_for_reauth = eap_ttls_deinit_for_reauth; 1899 eap->init_for_reauth = eap_ttls_init_for_reauth; 1900 eap->get_emsk = eap_ttls_get_emsk; 1901 1902 return eap_peer_method_register(eap); 1903 } 1904