1 /* 2 * hostapd / EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/ms_funcs.h" 13 #include "crypto/sha1.h" 14 #include "crypto/tls.h" 15 #include "eap_server/eap_i.h" 16 #include "eap_server/eap_tls_common.h" 17 #include "eap_common/chap.h" 18 #include "eap_common/eap_ttls.h" 19 20 21 #define EAP_TTLS_VERSION 0 22 23 24 static void eap_ttls_reset(struct eap_sm *sm, void *priv); 25 26 27 struct eap_ttls_data { 28 struct eap_ssl_data ssl; 29 enum { 30 START, PHASE1, PHASE2_START, PHASE2_METHOD, 31 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE 32 } state; 33 34 int ttls_version; 35 const struct eap_method *phase2_method; 36 void *phase2_priv; 37 int mschapv2_resp_ok; 38 u8 mschapv2_auth_response[20]; 39 u8 mschapv2_ident; 40 struct wpabuf *pending_phase2_eap_resp; 41 int tnc_started; 42 }; 43 44 45 static const char * eap_ttls_state_txt(int state) 46 { 47 switch (state) { 48 case START: 49 return "START"; 50 case PHASE1: 51 return "PHASE1"; 52 case PHASE2_START: 53 return "PHASE2_START"; 54 case PHASE2_METHOD: 55 return "PHASE2_METHOD"; 56 case PHASE2_MSCHAPV2_RESP: 57 return "PHASE2_MSCHAPV2_RESP"; 58 case SUCCESS: 59 return "SUCCESS"; 60 case FAILURE: 61 return "FAILURE"; 62 default: 63 return "Unknown?!"; 64 } 65 } 66 67 68 static void eap_ttls_state(struct eap_ttls_data *data, int state) 69 { 70 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s", 71 eap_ttls_state_txt(data->state), 72 eap_ttls_state_txt(state)); 73 data->state = state; 74 if (state == FAILURE) 75 tls_connection_remove_session(data->ssl.conn); 76 } 77 78 79 static void eap_ttls_valid_session(struct eap_sm *sm, 80 struct eap_ttls_data *data) 81 { 82 struct wpabuf *buf; 83 84 if (!sm->cfg->tls_session_lifetime) 85 return; 86 87 buf = wpabuf_alloc(1 + 1 + sm->identity_len); 88 if (!buf) 89 return; 90 wpabuf_put_u8(buf, EAP_TYPE_TTLS); 91 if (sm->identity) { 92 u8 id_len; 93 94 if (sm->identity_len <= 255) 95 id_len = sm->identity_len; 96 else 97 id_len = 255; 98 wpabuf_put_u8(buf, id_len); 99 wpabuf_put_data(buf, sm->identity, id_len); 100 } else { 101 wpabuf_put_u8(buf, 0); 102 } 103 tls_connection_set_success_data(data->ssl.conn, buf); 104 } 105 106 107 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 108 int mandatory, size_t len) 109 { 110 struct ttls_avp_vendor *avp; 111 u8 flags; 112 size_t hdrlen; 113 114 avp = (struct ttls_avp_vendor *) avphdr; 115 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 116 if (vendor_id) { 117 flags |= AVP_FLAGS_VENDOR; 118 hdrlen = sizeof(*avp); 119 avp->vendor_id = host_to_be32(vendor_id); 120 } else { 121 hdrlen = sizeof(struct ttls_avp); 122 } 123 124 avp->avp_code = host_to_be32(avp_code); 125 avp->avp_length = host_to_be32(((u32) flags << 24) | 126 ((u32) (hdrlen + len))); 127 128 return avphdr + hdrlen; 129 } 130 131 132 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp, 133 u32 avp_code, int mandatory) 134 { 135 struct wpabuf *avp; 136 u8 *pos; 137 138 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4); 139 if (avp == NULL) { 140 wpabuf_free(resp); 141 return NULL; 142 } 143 144 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory, 145 wpabuf_len(resp)); 146 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp)); 147 pos += wpabuf_len(resp); 148 AVP_PAD((const u8 *) wpabuf_head(avp), pos); 149 wpabuf_free(resp); 150 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp)); 151 return avp; 152 } 153 154 155 struct eap_ttls_avp { 156 /* Note: eap is allocated memory; caller is responsible for freeing 157 * it. All the other pointers are pointing to the packet data, i.e., 158 * they must not be freed separately. */ 159 u8 *eap; 160 size_t eap_len; 161 u8 *user_name; 162 size_t user_name_len; 163 u8 *user_password; 164 size_t user_password_len; 165 u8 *chap_challenge; 166 size_t chap_challenge_len; 167 u8 *chap_password; 168 size_t chap_password_len; 169 u8 *mschap_challenge; 170 size_t mschap_challenge_len; 171 u8 *mschap_response; 172 size_t mschap_response_len; 173 u8 *mschap2_response; 174 size_t mschap2_response_len; 175 }; 176 177 178 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse) 179 { 180 struct ttls_avp *avp; 181 u8 *pos; 182 int left; 183 184 pos = wpabuf_mhead(buf); 185 left = wpabuf_len(buf); 186 os_memset(parse, 0, sizeof(*parse)); 187 188 while (left > 0) { 189 u32 avp_code, avp_length, vendor_id = 0; 190 u8 avp_flags, *dpos; 191 size_t pad, dlen; 192 avp = (struct ttls_avp *) pos; 193 avp_code = be_to_host32(avp->avp_code); 194 avp_length = be_to_host32(avp->avp_length); 195 avp_flags = (avp_length >> 24) & 0xff; 196 avp_length &= 0xffffff; 197 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 198 "length=%d", (int) avp_code, avp_flags, 199 (int) avp_length); 200 if ((int) avp_length > left) { 201 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 202 "(len=%d, left=%d) - dropped", 203 (int) avp_length, left); 204 goto fail; 205 } 206 if (avp_length < sizeof(*avp)) { 207 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length " 208 "%d", avp_length); 209 goto fail; 210 } 211 dpos = (u8 *) (avp + 1); 212 dlen = avp_length - sizeof(*avp); 213 if (avp_flags & AVP_FLAGS_VENDOR) { 214 if (dlen < 4) { 215 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP " 216 "underflow"); 217 goto fail; 218 } 219 vendor_id = be_to_host32(* (be32 *) dpos); 220 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 221 (int) vendor_id); 222 dpos += 4; 223 dlen -= 4; 224 } 225 226 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 227 228 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 229 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 230 if (parse->eap == NULL) { 231 parse->eap = os_memdup(dpos, dlen); 232 if (parse->eap == NULL) { 233 wpa_printf(MSG_WARNING, "EAP-TTLS: " 234 "failed to allocate memory " 235 "for Phase 2 EAP data"); 236 goto fail; 237 } 238 parse->eap_len = dlen; 239 } else { 240 u8 *neweap = os_realloc(parse->eap, 241 parse->eap_len + dlen); 242 if (neweap == NULL) { 243 wpa_printf(MSG_WARNING, "EAP-TTLS: " 244 "failed to allocate memory " 245 "for Phase 2 EAP data"); 246 goto fail; 247 } 248 os_memcpy(neweap + parse->eap_len, dpos, dlen); 249 parse->eap = neweap; 250 parse->eap_len += dlen; 251 } 252 } else if (vendor_id == 0 && 253 avp_code == RADIUS_ATTR_USER_NAME) { 254 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name", 255 dpos, dlen); 256 parse->user_name = dpos; 257 parse->user_name_len = dlen; 258 } else if (vendor_id == 0 && 259 avp_code == RADIUS_ATTR_USER_PASSWORD) { 260 u8 *password = dpos; 261 size_t password_len = dlen; 262 while (password_len > 0 && 263 password[password_len - 1] == '\0') { 264 password_len--; 265 } 266 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: " 267 "User-Password (PAP)", 268 password, password_len); 269 parse->user_password = password; 270 parse->user_password_len = password_len; 271 } else if (vendor_id == 0 && 272 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) { 273 wpa_hexdump(MSG_DEBUG, 274 "EAP-TTLS: CHAP-Challenge (CHAP)", 275 dpos, dlen); 276 parse->chap_challenge = dpos; 277 parse->chap_challenge_len = dlen; 278 } else if (vendor_id == 0 && 279 avp_code == RADIUS_ATTR_CHAP_PASSWORD) { 280 wpa_hexdump(MSG_DEBUG, 281 "EAP-TTLS: CHAP-Password (CHAP)", 282 dpos, dlen); 283 parse->chap_password = dpos; 284 parse->chap_password_len = dlen; 285 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 286 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) { 287 wpa_hexdump(MSG_DEBUG, 288 "EAP-TTLS: MS-CHAP-Challenge", 289 dpos, dlen); 290 parse->mschap_challenge = dpos; 291 parse->mschap_challenge_len = dlen; 292 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 293 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) { 294 wpa_hexdump(MSG_DEBUG, 295 "EAP-TTLS: MS-CHAP-Response (MSCHAP)", 296 dpos, dlen); 297 parse->mschap_response = dpos; 298 parse->mschap_response_len = dlen; 299 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 300 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) { 301 wpa_hexdump(MSG_DEBUG, 302 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)", 303 dpos, dlen); 304 parse->mschap2_response = dpos; 305 parse->mschap2_response_len = dlen; 306 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 307 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported " 308 "mandatory AVP code %d vendor_id %d - " 309 "dropped", (int) avp_code, (int) vendor_id); 310 goto fail; 311 } else { 312 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported " 313 "AVP code %d vendor_id %d", 314 (int) avp_code, (int) vendor_id); 315 } 316 317 pad = (4 - (avp_length & 3)) & 3; 318 pos += avp_length + pad; 319 left -= avp_length + pad; 320 } 321 322 return 0; 323 324 fail: 325 os_free(parse->eap); 326 parse->eap = NULL; 327 return -1; 328 } 329 330 331 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 332 struct eap_ttls_data *data, size_t len) 333 { 334 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge", 335 NULL, 0, len); 336 } 337 338 339 static void * eap_ttls_init(struct eap_sm *sm) 340 { 341 struct eap_ttls_data *data; 342 343 data = os_zalloc(sizeof(*data)); 344 if (data == NULL) 345 return NULL; 346 data->ttls_version = EAP_TTLS_VERSION; 347 data->state = START; 348 349 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) { 350 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 351 eap_ttls_reset(sm, data); 352 return NULL; 353 } 354 355 return data; 356 } 357 358 359 static void eap_ttls_reset(struct eap_sm *sm, void *priv) 360 { 361 struct eap_ttls_data *data = priv; 362 if (data == NULL) 363 return; 364 if (data->phase2_priv && data->phase2_method) 365 data->phase2_method->reset(sm, data->phase2_priv); 366 eap_server_tls_ssl_deinit(sm, &data->ssl); 367 wpabuf_free(data->pending_phase2_eap_resp); 368 bin_clear_free(data, sizeof(*data)); 369 } 370 371 372 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm, 373 struct eap_ttls_data *data, u8 id) 374 { 375 struct wpabuf *req; 376 377 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1, 378 EAP_CODE_REQUEST, id); 379 if (req == NULL) { 380 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for" 381 " request"); 382 eap_ttls_state(data, FAILURE); 383 return NULL; 384 } 385 386 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version); 387 388 eap_ttls_state(data, PHASE1); 389 390 return req; 391 } 392 393 394 static struct wpabuf * eap_ttls_build_phase2_eap_req( 395 struct eap_sm *sm, struct eap_ttls_data *data, u8 id) 396 { 397 struct wpabuf *buf, *encr_req; 398 399 400 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); 401 if (buf == NULL) 402 return NULL; 403 404 wpa_hexdump_buf_key(MSG_DEBUG, 405 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf); 406 407 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1); 408 if (buf == NULL) { 409 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate " 410 "packet"); 411 return NULL; 412 } 413 414 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated " 415 "Phase 2 data", buf); 416 417 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf); 418 wpabuf_free(buf); 419 420 return encr_req; 421 } 422 423 424 static struct wpabuf * eap_ttls_build_phase2_mschapv2( 425 struct eap_sm *sm, struct eap_ttls_data *data) 426 { 427 struct wpabuf *encr_req, msgbuf; 428 u8 *req, *pos, *end; 429 int ret; 430 431 pos = req = os_malloc(100); 432 if (req == NULL) 433 return NULL; 434 end = req + 100; 435 436 if (data->mschapv2_resp_ok) { 437 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS, 438 RADIUS_VENDOR_ID_MICROSOFT, 1, 43); 439 *pos++ = data->mschapv2_ident; 440 ret = os_snprintf((char *) pos, end - pos, "S="); 441 if (!os_snprintf_error(end - pos, ret)) 442 pos += ret; 443 pos += wpa_snprintf_hex_uppercase( 444 (char *) pos, end - pos, data->mschapv2_auth_response, 445 sizeof(data->mschapv2_auth_response)); 446 } else { 447 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR, 448 RADIUS_VENDOR_ID_MICROSOFT, 1, 6); 449 os_memcpy(pos, "Failed", 6); 450 pos += 6; 451 AVP_PAD(req, pos); 452 } 453 454 wpabuf_set(&msgbuf, req, pos - req); 455 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 " 456 "data", &msgbuf); 457 458 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 459 os_free(req); 460 461 return encr_req; 462 } 463 464 465 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id) 466 { 467 struct eap_ttls_data *data = priv; 468 469 if (data->ssl.state == FRAG_ACK) { 470 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS, 471 data->ttls_version); 472 } 473 474 if (data->ssl.state == WAIT_FRAG_ACK) { 475 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 476 data->ttls_version, id); 477 } 478 479 switch (data->state) { 480 case START: 481 return eap_ttls_build_start(sm, data, id); 482 case PHASE1: 483 if (tls_connection_established(sm->cfg->ssl_ctx, 484 data->ssl.conn)) { 485 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, " 486 "starting Phase2"); 487 eap_ttls_state(data, PHASE2_START); 488 } 489 break; 490 case PHASE2_METHOD: 491 wpabuf_free(data->ssl.tls_out); 492 data->ssl.tls_out_pos = 0; 493 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data, 494 id); 495 break; 496 case PHASE2_MSCHAPV2_RESP: 497 wpabuf_free(data->ssl.tls_out); 498 data->ssl.tls_out_pos = 0; 499 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data); 500 break; 501 default: 502 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 503 __func__, data->state); 504 return NULL; 505 } 506 507 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 508 data->ttls_version, id); 509 } 510 511 512 static bool eap_ttls_check(struct eap_sm *sm, void *priv, 513 struct wpabuf *respData) 514 { 515 const u8 *pos; 516 size_t len; 517 518 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len); 519 if (pos == NULL || len < 1) { 520 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame"); 521 return true; 522 } 523 524 return false; 525 } 526 527 528 static void eap_ttls_process_phase2_pap(struct eap_sm *sm, 529 struct eap_ttls_data *data, 530 const u8 *user_password, 531 size_t user_password_len) 532 { 533 if (!sm->user || !sm->user->password || sm->user->password_hash || 534 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) { 535 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user " 536 "password configured"); 537 eap_ttls_state(data, FAILURE); 538 return; 539 } 540 541 if (sm->user->password_len != user_password_len || 542 os_memcmp_const(sm->user->password, user_password, 543 user_password_len) != 0) { 544 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password"); 545 eap_ttls_state(data, FAILURE); 546 return; 547 } 548 549 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password"); 550 eap_ttls_state(data, SUCCESS); 551 eap_ttls_valid_session(sm, data); 552 } 553 554 555 static void eap_ttls_process_phase2_chap(struct eap_sm *sm, 556 struct eap_ttls_data *data, 557 const u8 *challenge, 558 size_t challenge_len, 559 const u8 *password, 560 size_t password_len) 561 { 562 u8 *chal, hash[CHAP_MD5_LEN]; 563 564 if (challenge == NULL || password == NULL || 565 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN || 566 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) { 567 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes " 568 "(challenge len %lu password len %lu)", 569 (unsigned long) challenge_len, 570 (unsigned long) password_len); 571 eap_ttls_state(data, FAILURE); 572 return; 573 } 574 575 if (!sm->user || !sm->user->password || sm->user->password_hash || 576 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) { 577 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user " 578 "password configured"); 579 eap_ttls_state(data, FAILURE); 580 return; 581 } 582 583 chal = eap_ttls_implicit_challenge(sm, data, 584 EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 585 if (chal == NULL) { 586 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate " 587 "challenge from TLS data"); 588 eap_ttls_state(data, FAILURE); 589 return; 590 } 591 592 if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) 593 != 0 || 594 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) { 595 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch"); 596 os_free(chal); 597 eap_ttls_state(data, FAILURE); 598 return; 599 } 600 os_free(chal); 601 602 /* MD5(Ident + Password + Challenge) */ 603 chap_md5(password[0], sm->user->password, sm->user->password_len, 604 challenge, challenge_len, hash); 605 606 if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 607 0) { 608 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password"); 609 eap_ttls_state(data, SUCCESS); 610 eap_ttls_valid_session(sm, data); 611 } else { 612 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password"); 613 eap_ttls_state(data, FAILURE); 614 } 615 } 616 617 618 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm, 619 struct eap_ttls_data *data, 620 u8 *challenge, size_t challenge_len, 621 u8 *response, size_t response_len) 622 { 623 u8 *chal, nt_response[24]; 624 625 if (challenge == NULL || response == NULL || 626 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN || 627 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) { 628 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP " 629 "attributes (challenge len %lu response len %lu)", 630 (unsigned long) challenge_len, 631 (unsigned long) response_len); 632 eap_ttls_state(data, FAILURE); 633 return; 634 } 635 636 if (!sm->user || !sm->user->password || 637 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) { 638 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password " 639 "configured"); 640 eap_ttls_state(data, FAILURE); 641 return; 642 } 643 644 chal = eap_ttls_implicit_challenge(sm, data, 645 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 646 if (chal == NULL) { 647 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate " 648 "challenge from TLS data"); 649 eap_ttls_state(data, FAILURE); 650 return; 651 } 652 653 #ifdef CONFIG_TESTING_OPTIONS 654 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP", 655 sm->identity, sm->identity_len, 656 challenge, response + 2 + 24); 657 #endif /* CONFIG_TESTING_OPTIONS */ 658 659 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) 660 != 0 || 661 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) { 662 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch"); 663 os_free(chal); 664 eap_ttls_state(data, FAILURE); 665 return; 666 } 667 os_free(chal); 668 669 if ((sm->user->password_hash && 670 challenge_response(challenge, sm->user->password, nt_response)) || 671 (!sm->user->password_hash && 672 nt_challenge_response(challenge, sm->user->password, 673 sm->user->password_len, nt_response))) { 674 eap_ttls_state(data, FAILURE); 675 return; 676 } 677 678 if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) { 679 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response"); 680 eap_ttls_state(data, SUCCESS); 681 eap_ttls_valid_session(sm, data); 682 } else { 683 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response"); 684 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received", 685 response + 2 + 24, 24); 686 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected", 687 nt_response, 24); 688 eap_ttls_state(data, FAILURE); 689 } 690 } 691 692 693 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 694 struct eap_ttls_data *data, 695 u8 *challenge, 696 size_t challenge_len, 697 u8 *response, size_t response_len) 698 { 699 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge, 700 *auth_challenge; 701 size_t username_len, i; 702 703 if (challenge == NULL || response == NULL || 704 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN || 705 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) { 706 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 " 707 "attributes (challenge len %lu response len %lu)", 708 (unsigned long) challenge_len, 709 (unsigned long) response_len); 710 eap_ttls_state(data, FAILURE); 711 return; 712 } 713 714 if (!sm->user || !sm->user->password || 715 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) { 716 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password " 717 "configured"); 718 eap_ttls_state(data, FAILURE); 719 return; 720 } 721 722 if (sm->identity == NULL) { 723 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity " 724 "known"); 725 eap_ttls_state(data, FAILURE); 726 return; 727 } 728 729 /* MSCHAPv2 does not include optional domain name in the 730 * challenge-response calculation, so remove domain prefix 731 * (if present). */ 732 username = sm->identity; 733 username_len = sm->identity_len; 734 for (i = 0; i < username_len; i++) { 735 if (username[i] == '\\') { 736 username_len -= i + 1; 737 username += i + 1; 738 break; 739 } 740 } 741 742 chal = eap_ttls_implicit_challenge( 743 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 744 if (chal == NULL) { 745 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate " 746 "challenge from TLS data"); 747 eap_ttls_state(data, FAILURE); 748 return; 749 } 750 751 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) 752 != 0 || 753 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) { 754 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch"); 755 os_free(chal); 756 eap_ttls_state(data, FAILURE); 757 return; 758 } 759 os_free(chal); 760 761 auth_challenge = challenge; 762 peer_challenge = response + 2; 763 764 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User", 765 username, username_len); 766 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge", 767 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 768 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge", 769 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 770 771 if (sm->user->password_hash) { 772 generate_nt_response_pwhash(auth_challenge, peer_challenge, 773 username, username_len, 774 sm->user->password, 775 nt_response); 776 } else { 777 generate_nt_response(auth_challenge, peer_challenge, 778 username, username_len, 779 sm->user->password, 780 sm->user->password_len, 781 nt_response); 782 } 783 784 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8; 785 #ifdef CONFIG_TESTING_OPTIONS 786 { 787 u8 challenge2[8]; 788 789 if (challenge_hash(peer_challenge, auth_challenge, 790 username, username_len, challenge2) == 0) { 791 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2", 792 username, username_len, 793 challenge2, rx_resp); 794 } 795 } 796 #endif /* CONFIG_TESTING_OPTIONS */ 797 if (os_memcmp_const(nt_response, rx_resp, 24) == 0) { 798 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct " 799 "NT-Response"); 800 data->mschapv2_resp_ok = 1; 801 802 if (sm->user->password_hash) { 803 generate_authenticator_response_pwhash( 804 sm->user->password, 805 peer_challenge, auth_challenge, 806 username, username_len, nt_response, 807 data->mschapv2_auth_response); 808 } else { 809 generate_authenticator_response( 810 sm->user->password, sm->user->password_len, 811 peer_challenge, auth_challenge, 812 username, username_len, nt_response, 813 data->mschapv2_auth_response); 814 } 815 } else { 816 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid " 817 "NT-Response"); 818 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received", 819 rx_resp, 24); 820 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected", 821 nt_response, 24); 822 data->mschapv2_resp_ok = 0; 823 } 824 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP); 825 data->mschapv2_ident = response[0]; 826 } 827 828 829 static int eap_ttls_phase2_eap_init(struct eap_sm *sm, 830 struct eap_ttls_data *data, 831 int vendor, enum eap_type eap_type) 832 { 833 if (data->phase2_priv && data->phase2_method) { 834 data->phase2_method->reset(sm, data->phase2_priv); 835 data->phase2_method = NULL; 836 data->phase2_priv = NULL; 837 } 838 data->phase2_method = eap_server_get_eap_method(vendor, eap_type); 839 if (!data->phase2_method) 840 return -1; 841 842 sm->init_phase2 = 1; 843 data->phase2_priv = data->phase2_method->init(sm); 844 sm->init_phase2 = 0; 845 return data->phase2_priv == NULL ? -1 : 0; 846 } 847 848 849 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm, 850 struct eap_ttls_data *data, 851 u8 *in_data, size_t in_len) 852 { 853 int next_vendor = EAP_VENDOR_IETF; 854 enum eap_type next_type = EAP_TYPE_NONE; 855 struct eap_hdr *hdr; 856 u8 *pos; 857 size_t left; 858 struct wpabuf buf; 859 const struct eap_method *m = data->phase2_method; 860 void *priv = data->phase2_priv; 861 862 if (priv == NULL) { 863 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not " 864 "initialized?!", __func__); 865 return; 866 } 867 868 hdr = (struct eap_hdr *) in_data; 869 pos = (u8 *) (hdr + 1); 870 871 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { 872 left = in_len - sizeof(*hdr); 873 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; " 874 "allowed types", pos + 1, left - 1); 875 eap_sm_process_nak(sm, pos + 1, left - 1); 876 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && 877 sm->user->methods[sm->user_eap_method_index].method != 878 EAP_TYPE_NONE) { 879 next_vendor = sm->user->methods[ 880 sm->user_eap_method_index].vendor; 881 next_type = sm->user->methods[ 882 sm->user_eap_method_index++].method; 883 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u", 884 next_vendor, next_type); 885 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, 886 next_type)) { 887 wpa_printf(MSG_DEBUG, 888 "EAP-TTLS: Failed to initialize EAP type %u:%u", 889 next_vendor, next_type); 890 eap_ttls_state(data, FAILURE); 891 return; 892 } 893 } else { 894 eap_ttls_state(data, FAILURE); 895 } 896 return; 897 } 898 899 wpabuf_set(&buf, in_data, in_len); 900 901 if (m->check(sm, priv, &buf)) { 902 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to " 903 "ignore the packet"); 904 return; 905 } 906 907 m->process(sm, priv, &buf); 908 909 if (sm->method_pending == METHOD_PENDING_WAIT) { 910 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in " 911 "pending wait state - save decrypted response"); 912 wpabuf_free(data->pending_phase2_eap_resp); 913 data->pending_phase2_eap_resp = wpabuf_dup(&buf); 914 } 915 916 if (!m->isDone(sm, priv)) 917 return; 918 919 if (!m->isSuccess(sm, priv)) { 920 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed"); 921 eap_ttls_state(data, FAILURE); 922 return; 923 } 924 925 switch (data->state) { 926 case PHASE2_START: 927 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 928 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 " 929 "Identity not found in the user " 930 "database", 931 sm->identity, sm->identity_len); 932 eap_ttls_state(data, FAILURE); 933 break; 934 } 935 936 eap_ttls_state(data, PHASE2_METHOD); 937 next_vendor = sm->user->methods[0].vendor; 938 next_type = sm->user->methods[0].method; 939 sm->user_eap_method_index = 1; 940 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u", 941 next_vendor, next_type); 942 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, 943 next_type)) { 944 wpa_printf(MSG_DEBUG, 945 "EAP-TTLS: Failed to initialize EAP type %u:%u", 946 next_vendor, next_type); 947 eap_ttls_state(data, FAILURE); 948 } 949 break; 950 case PHASE2_METHOD: 951 eap_ttls_state(data, SUCCESS); 952 eap_ttls_valid_session(sm, data); 953 break; 954 case FAILURE: 955 break; 956 default: 957 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 958 __func__, data->state); 959 break; 960 } 961 } 962 963 964 static void eap_ttls_process_phase2_eap(struct eap_sm *sm, 965 struct eap_ttls_data *data, 966 const u8 *eap, size_t eap_len) 967 { 968 struct eap_hdr *hdr; 969 size_t len; 970 971 if (data->state == PHASE2_START) { 972 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2"); 973 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, 974 EAP_TYPE_IDENTITY) < 0) { 975 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to " 976 "initialize EAP-Identity"); 977 return; 978 } 979 } 980 981 if (eap_len < sizeof(*hdr)) { 982 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP " 983 "packet (len=%lu)", (unsigned long) eap_len); 984 return; 985 } 986 987 hdr = (struct eap_hdr *) eap; 988 len = be_to_host16(hdr->length); 989 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d " 990 "identifier=%d length=%lu", hdr->code, hdr->identifier, 991 (unsigned long) len); 992 if (len > eap_len) { 993 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2" 994 " EAP frame (hdr len=%lu, data len in AVP=%lu)", 995 (unsigned long) len, (unsigned long) eap_len); 996 return; 997 } 998 999 switch (hdr->code) { 1000 case EAP_CODE_RESPONSE: 1001 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr, 1002 len); 1003 break; 1004 default: 1005 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in " 1006 "Phase 2 EAP header", hdr->code); 1007 break; 1008 } 1009 } 1010 1011 1012 static void eap_ttls_process_phase2(struct eap_sm *sm, 1013 struct eap_ttls_data *data, 1014 struct wpabuf *in_buf) 1015 { 1016 struct wpabuf *in_decrypted; 1017 struct eap_ttls_avp parse; 1018 1019 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1020 " Phase 2", (unsigned long) wpabuf_len(in_buf)); 1021 1022 if (data->pending_phase2_eap_resp) { 1023 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response " 1024 "- skip decryption and use old data"); 1025 eap_ttls_process_phase2_eap( 1026 sm, data, wpabuf_head(data->pending_phase2_eap_resp), 1027 wpabuf_len(data->pending_phase2_eap_resp)); 1028 wpabuf_free(data->pending_phase2_eap_resp); 1029 data->pending_phase2_eap_resp = NULL; 1030 return; 1031 } 1032 1033 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, 1034 in_buf); 1035 if (in_decrypted == NULL) { 1036 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 " 1037 "data"); 1038 eap_ttls_state(data, FAILURE); 1039 return; 1040 } 1041 1042 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP", 1043 in_decrypted); 1044 1045 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) { 1046 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs"); 1047 wpabuf_free(in_decrypted); 1048 eap_ttls_state(data, FAILURE); 1049 return; 1050 } 1051 1052 if (parse.user_name) { 1053 char *nbuf; 1054 nbuf = os_malloc(parse.user_name_len * 4 + 1); 1055 if (nbuf) { 1056 printf_encode(nbuf, parse.user_name_len * 4 + 1, 1057 parse.user_name, 1058 parse.user_name_len); 1059 eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf); 1060 os_free(nbuf); 1061 } 1062 1063 os_free(sm->identity); 1064 sm->identity = os_memdup(parse.user_name, parse.user_name_len); 1065 if (sm->identity == NULL) { 1066 eap_ttls_state(data, FAILURE); 1067 goto done; 1068 } 1069 sm->identity_len = parse.user_name_len; 1070 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) 1071 != 0) { 1072 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not " 1073 "found in the user database"); 1074 eap_ttls_state(data, FAILURE); 1075 goto done; 1076 } 1077 } 1078 1079 #ifdef EAP_SERVER_TNC 1080 if (data->tnc_started && parse.eap == NULL) { 1081 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP " 1082 "response from peer"); 1083 eap_ttls_state(data, FAILURE); 1084 goto done; 1085 } 1086 #endif /* EAP_SERVER_TNC */ 1087 1088 if (parse.eap) { 1089 eap_ttls_process_phase2_eap(sm, data, parse.eap, 1090 parse.eap_len); 1091 } else if (parse.user_password) { 1092 eap_ttls_process_phase2_pap(sm, data, parse.user_password, 1093 parse.user_password_len); 1094 } else if (parse.chap_password) { 1095 eap_ttls_process_phase2_chap(sm, data, 1096 parse.chap_challenge, 1097 parse.chap_challenge_len, 1098 parse.chap_password, 1099 parse.chap_password_len); 1100 } else if (parse.mschap_response) { 1101 eap_ttls_process_phase2_mschap(sm, data, 1102 parse.mschap_challenge, 1103 parse.mschap_challenge_len, 1104 parse.mschap_response, 1105 parse.mschap_response_len); 1106 } else if (parse.mschap2_response) { 1107 eap_ttls_process_phase2_mschapv2(sm, data, 1108 parse.mschap_challenge, 1109 parse.mschap_challenge_len, 1110 parse.mschap2_response, 1111 parse.mschap2_response_len); 1112 } 1113 1114 done: 1115 wpabuf_free(in_decrypted); 1116 os_free(parse.eap); 1117 } 1118 1119 1120 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) 1121 { 1122 #ifdef EAP_SERVER_TNC 1123 if (!sm->cfg->tnc || data->state != SUCCESS || data->tnc_started) 1124 return; 1125 1126 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); 1127 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_TNC)) { 1128 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); 1129 eap_ttls_state(data, FAILURE); 1130 return; 1131 } 1132 1133 data->tnc_started = 1; 1134 eap_ttls_state(data, PHASE2_METHOD); 1135 #endif /* EAP_SERVER_TNC */ 1136 } 1137 1138 1139 static int eap_ttls_process_version(struct eap_sm *sm, void *priv, 1140 int peer_version) 1141 { 1142 struct eap_ttls_data *data = priv; 1143 if (peer_version < data->ttls_version) { 1144 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; " 1145 "use version %d", 1146 peer_version, data->ttls_version, peer_version); 1147 data->ttls_version = peer_version; 1148 } 1149 1150 return 0; 1151 } 1152 1153 1154 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv, 1155 const struct wpabuf *respData) 1156 { 1157 struct eap_ttls_data *data = priv; 1158 1159 switch (data->state) { 1160 case PHASE1: 1161 if (eap_server_tls_phase1(sm, &data->ssl) < 0) 1162 eap_ttls_state(data, FAILURE); 1163 break; 1164 case PHASE2_START: 1165 case PHASE2_METHOD: 1166 eap_ttls_process_phase2(sm, data, data->ssl.tls_in); 1167 eap_ttls_start_tnc(sm, data); 1168 break; 1169 case PHASE2_MSCHAPV2_RESP: 1170 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) == 1171 0) { 1172 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1173 "acknowledged response"); 1174 eap_ttls_state(data, SUCCESS); 1175 eap_ttls_valid_session(sm, data); 1176 } else if (!data->mschapv2_resp_ok) { 1177 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1178 "acknowledged error"); 1179 eap_ttls_state(data, FAILURE); 1180 } else { 1181 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected " 1182 "frame from peer (payload len %lu, " 1183 "expected empty frame)", 1184 (unsigned long) 1185 wpabuf_len(data->ssl.tls_in)); 1186 eap_ttls_state(data, FAILURE); 1187 } 1188 eap_ttls_start_tnc(sm, data); 1189 break; 1190 default: 1191 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s", 1192 data->state, __func__); 1193 break; 1194 } 1195 } 1196 1197 1198 static void eap_ttls_process(struct eap_sm *sm, void *priv, 1199 struct wpabuf *respData) 1200 { 1201 struct eap_ttls_data *data = priv; 1202 const struct wpabuf *buf; 1203 const u8 *pos; 1204 u8 id_len; 1205 1206 if (eap_server_tls_process(sm, &data->ssl, respData, data, 1207 EAP_TYPE_TTLS, eap_ttls_process_version, 1208 eap_ttls_process_msg) < 0) { 1209 eap_ttls_state(data, FAILURE); 1210 return; 1211 } 1212 1213 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || 1214 !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) 1215 return; 1216 1217 buf = tls_connection_get_success_data(data->ssl.conn); 1218 if (!buf || wpabuf_len(buf) < 1) { 1219 wpa_printf(MSG_DEBUG, 1220 "EAP-TTLS: No success data in resumed session - reject attempt"); 1221 eap_ttls_state(data, FAILURE); 1222 return; 1223 } 1224 1225 pos = wpabuf_head(buf); 1226 if (*pos != EAP_TYPE_TTLS) { 1227 wpa_printf(MSG_DEBUG, 1228 "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt", 1229 *pos); 1230 eap_ttls_state(data, FAILURE); 1231 return; 1232 } 1233 1234 pos++; 1235 id_len = *pos++; 1236 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session", 1237 pos, id_len); 1238 os_free(sm->identity); 1239 sm->identity = os_malloc(id_len ? id_len : 1); 1240 if (!sm->identity) { 1241 sm->identity_len = 0; 1242 eap_ttls_state(data, FAILURE); 1243 return; 1244 } 1245 1246 os_memcpy(sm->identity, pos, id_len); 1247 sm->identity_len = id_len; 1248 1249 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 1250 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database", 1251 sm->identity, sm->identity_len); 1252 eap_ttls_state(data, FAILURE); 1253 return; 1254 } 1255 1256 wpa_printf(MSG_DEBUG, 1257 "EAP-TTLS: Resuming previous session - skip Phase2"); 1258 eap_ttls_state(data, SUCCESS); 1259 tls_connection_set_success_data_resumed(data->ssl.conn); 1260 } 1261 1262 1263 static bool eap_ttls_isDone(struct eap_sm *sm, void *priv) 1264 { 1265 struct eap_ttls_data *data = priv; 1266 return data->state == SUCCESS || data->state == FAILURE; 1267 } 1268 1269 1270 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1271 { 1272 struct eap_ttls_data *data = priv; 1273 u8 *eapKeyData; 1274 const char *label; 1275 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; 1276 const u8 *context = NULL; 1277 size_t context_len = 0; 1278 1279 if (data->state != SUCCESS) 1280 return NULL; 1281 1282 if (data->ssl.tls_v13) { 1283 label = "EXPORTER_EAP_TLS_Key_Material"; 1284 context = eap_tls13_context; 1285 context_len = sizeof(eap_tls13_context); 1286 } else { 1287 label = "ttls keying material"; 1288 } 1289 1290 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1291 label, context, context_len, 1292 EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1293 if (eapKeyData) { 1294 *len = EAP_TLS_KEY_LEN; 1295 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 1296 eapKeyData, EAP_TLS_KEY_LEN); 1297 } else { 1298 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key"); 1299 } 1300 1301 return eapKeyData; 1302 } 1303 1304 1305 static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv) 1306 { 1307 struct eap_ttls_data *data = priv; 1308 return data->state == SUCCESS; 1309 } 1310 1311 1312 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1313 { 1314 struct eap_ttls_data *data = priv; 1315 1316 if (data->state != SUCCESS) 1317 return NULL; 1318 1319 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS, 1320 len); 1321 } 1322 1323 1324 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 1325 { 1326 struct eap_ttls_data *data = priv; 1327 u8 *eapKeyData, *emsk; 1328 const char *label; 1329 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; 1330 const u8 *context = NULL; 1331 size_t context_len = 0; 1332 1333 if (data->state != SUCCESS) 1334 return NULL; 1335 1336 if (data->ssl.tls_v13) { 1337 label = "EXPORTER_EAP_TLS_Key_Material"; 1338 context = eap_tls13_context; 1339 context_len = sizeof(eap_tls13_context); 1340 } else { 1341 label = "ttls keying material"; 1342 } 1343 1344 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1345 label, context, context_len, 1346 EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1347 if (eapKeyData) { 1348 emsk = os_malloc(EAP_EMSK_LEN); 1349 if (emsk) 1350 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, 1351 EAP_EMSK_LEN); 1352 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1353 } else 1354 emsk = NULL; 1355 1356 if (emsk) { 1357 *len = EAP_EMSK_LEN; 1358 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK", 1359 emsk, EAP_EMSK_LEN); 1360 } else { 1361 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK"); 1362 } 1363 1364 return emsk; 1365 } 1366 1367 1368 int eap_server_ttls_register(void) 1369 { 1370 struct eap_method *eap; 1371 1372 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1373 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1374 if (eap == NULL) 1375 return -1; 1376 1377 eap->init = eap_ttls_init; 1378 eap->reset = eap_ttls_reset; 1379 eap->buildReq = eap_ttls_buildReq; 1380 eap->check = eap_ttls_check; 1381 eap->process = eap_ttls_process; 1382 eap->isDone = eap_ttls_isDone; 1383 eap->getKey = eap_ttls_getKey; 1384 eap->isSuccess = eap_ttls_isSuccess; 1385 eap->getSessionId = eap_ttls_get_session_id; 1386 eap->get_emsk = eap_ttls_get_emsk; 1387 1388 return eap_server_method_register(eap); 1389 } 1390