1 /* 2 * hostapd / EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/ms_funcs.h" 13 #include "crypto/sha1.h" 14 #include "crypto/tls.h" 15 #include "eap_server/eap_i.h" 16 #include "eap_server/eap_tls_common.h" 17 #include "eap_common/chap.h" 18 #include "eap_common/eap_ttls.h" 19 20 21 #define EAP_TTLS_VERSION 0 22 23 24 static void eap_ttls_reset(struct eap_sm *sm, void *priv); 25 26 27 struct eap_ttls_data { 28 struct eap_ssl_data ssl; 29 enum { 30 START, PHASE1, PHASE2_START, PHASE2_METHOD, 31 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE 32 } state; 33 34 int ttls_version; 35 const struct eap_method *phase2_method; 36 void *phase2_priv; 37 int mschapv2_resp_ok; 38 u8 mschapv2_auth_response[20]; 39 u8 mschapv2_ident; 40 struct wpabuf *pending_phase2_eap_resp; 41 int tnc_started; 42 }; 43 44 45 static const char * eap_ttls_state_txt(int state) 46 { 47 switch (state) { 48 case START: 49 return "START"; 50 case PHASE1: 51 return "PHASE1"; 52 case PHASE2_START: 53 return "PHASE2_START"; 54 case PHASE2_METHOD: 55 return "PHASE2_METHOD"; 56 case PHASE2_MSCHAPV2_RESP: 57 return "PHASE2_MSCHAPV2_RESP"; 58 case SUCCESS: 59 return "SUCCESS"; 60 case FAILURE: 61 return "FAILURE"; 62 default: 63 return "Unknown?!"; 64 } 65 } 66 67 68 static void eap_ttls_state(struct eap_ttls_data *data, int state) 69 { 70 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s", 71 eap_ttls_state_txt(data->state), 72 eap_ttls_state_txt(state)); 73 data->state = state; 74 if (state == FAILURE) 75 tls_connection_remove_session(data->ssl.conn); 76 } 77 78 79 static void eap_ttls_valid_session(struct eap_sm *sm, 80 struct eap_ttls_data *data) 81 { 82 struct wpabuf *buf; 83 84 if (!sm->cfg->tls_session_lifetime) 85 return; 86 87 buf = wpabuf_alloc(1 + 1 + sm->identity_len); 88 if (!buf) 89 return; 90 wpabuf_put_u8(buf, EAP_TYPE_TTLS); 91 if (sm->identity) { 92 u8 id_len; 93 94 if (sm->identity_len <= 255) 95 id_len = sm->identity_len; 96 else 97 id_len = 255; 98 wpabuf_put_u8(buf, id_len); 99 wpabuf_put_data(buf, sm->identity, id_len); 100 } else { 101 wpabuf_put_u8(buf, 0); 102 } 103 tls_connection_set_success_data(data->ssl.conn, buf); 104 } 105 106 107 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 108 int mandatory, size_t len) 109 { 110 struct ttls_avp_vendor *avp; 111 u8 flags; 112 size_t hdrlen; 113 114 avp = (struct ttls_avp_vendor *) avphdr; 115 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 116 if (vendor_id) { 117 flags |= AVP_FLAGS_VENDOR; 118 hdrlen = sizeof(*avp); 119 avp->vendor_id = host_to_be32(vendor_id); 120 } else { 121 hdrlen = sizeof(struct ttls_avp); 122 } 123 124 avp->avp_code = host_to_be32(avp_code); 125 avp->avp_length = host_to_be32(((u32) flags << 24) | 126 ((u32) (hdrlen + len))); 127 128 return avphdr + hdrlen; 129 } 130 131 132 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp, 133 u32 avp_code, int mandatory) 134 { 135 struct wpabuf *avp; 136 u8 *pos; 137 138 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4); 139 if (avp == NULL) { 140 wpabuf_free(resp); 141 return NULL; 142 } 143 144 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory, 145 wpabuf_len(resp)); 146 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp)); 147 pos += wpabuf_len(resp); 148 AVP_PAD((const u8 *) wpabuf_head(avp), pos); 149 wpabuf_free(resp); 150 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp)); 151 return avp; 152 } 153 154 155 struct eap_ttls_avp { 156 /* Note: eap is allocated memory; caller is responsible for freeing 157 * it. All the other pointers are pointing to the packet data, i.e., 158 * they must not be freed separately. */ 159 u8 *eap; 160 size_t eap_len; 161 u8 *user_name; 162 size_t user_name_len; 163 u8 *user_password; 164 size_t user_password_len; 165 u8 *chap_challenge; 166 size_t chap_challenge_len; 167 u8 *chap_password; 168 size_t chap_password_len; 169 u8 *mschap_challenge; 170 size_t mschap_challenge_len; 171 u8 *mschap_response; 172 size_t mschap_response_len; 173 u8 *mschap2_response; 174 size_t mschap2_response_len; 175 }; 176 177 178 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse) 179 { 180 struct ttls_avp *avp; 181 u8 *pos; 182 int left; 183 184 pos = wpabuf_mhead(buf); 185 left = wpabuf_len(buf); 186 os_memset(parse, 0, sizeof(*parse)); 187 188 while (left > 0) { 189 u32 avp_code, avp_length, vendor_id = 0; 190 u8 avp_flags, *dpos; 191 size_t pad, dlen; 192 avp = (struct ttls_avp *) pos; 193 avp_code = be_to_host32(avp->avp_code); 194 avp_length = be_to_host32(avp->avp_length); 195 avp_flags = (avp_length >> 24) & 0xff; 196 avp_length &= 0xffffff; 197 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 198 "length=%d", (int) avp_code, avp_flags, 199 (int) avp_length); 200 if ((int) avp_length > left) { 201 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 202 "(len=%d, left=%d) - dropped", 203 (int) avp_length, left); 204 goto fail; 205 } 206 if (avp_length < sizeof(*avp)) { 207 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length " 208 "%d", avp_length); 209 goto fail; 210 } 211 dpos = (u8 *) (avp + 1); 212 dlen = avp_length - sizeof(*avp); 213 if (avp_flags & AVP_FLAGS_VENDOR) { 214 if (dlen < 4) { 215 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP " 216 "underflow"); 217 goto fail; 218 } 219 vendor_id = be_to_host32(* (be32 *) dpos); 220 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 221 (int) vendor_id); 222 dpos += 4; 223 dlen -= 4; 224 } 225 226 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 227 228 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 229 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 230 if (parse->eap == NULL) { 231 parse->eap = os_memdup(dpos, dlen); 232 if (parse->eap == NULL) { 233 wpa_printf(MSG_WARNING, "EAP-TTLS: " 234 "failed to allocate memory " 235 "for Phase 2 EAP data"); 236 goto fail; 237 } 238 parse->eap_len = dlen; 239 } else { 240 u8 *neweap = os_realloc(parse->eap, 241 parse->eap_len + dlen); 242 if (neweap == NULL) { 243 wpa_printf(MSG_WARNING, "EAP-TTLS: " 244 "failed to allocate memory " 245 "for Phase 2 EAP data"); 246 goto fail; 247 } 248 os_memcpy(neweap + parse->eap_len, dpos, dlen); 249 parse->eap = neweap; 250 parse->eap_len += dlen; 251 } 252 } else if (vendor_id == 0 && 253 avp_code == RADIUS_ATTR_USER_NAME) { 254 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name", 255 dpos, dlen); 256 parse->user_name = dpos; 257 parse->user_name_len = dlen; 258 } else if (vendor_id == 0 && 259 avp_code == RADIUS_ATTR_USER_PASSWORD) { 260 u8 *password = dpos; 261 size_t password_len = dlen; 262 while (password_len > 0 && 263 password[password_len - 1] == '\0') { 264 password_len--; 265 } 266 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: " 267 "User-Password (PAP)", 268 password, password_len); 269 parse->user_password = password; 270 parse->user_password_len = password_len; 271 } else if (vendor_id == 0 && 272 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) { 273 wpa_hexdump(MSG_DEBUG, 274 "EAP-TTLS: CHAP-Challenge (CHAP)", 275 dpos, dlen); 276 parse->chap_challenge = dpos; 277 parse->chap_challenge_len = dlen; 278 } else if (vendor_id == 0 && 279 avp_code == RADIUS_ATTR_CHAP_PASSWORD) { 280 wpa_hexdump(MSG_DEBUG, 281 "EAP-TTLS: CHAP-Password (CHAP)", 282 dpos, dlen); 283 parse->chap_password = dpos; 284 parse->chap_password_len = dlen; 285 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 286 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) { 287 wpa_hexdump(MSG_DEBUG, 288 "EAP-TTLS: MS-CHAP-Challenge", 289 dpos, dlen); 290 parse->mschap_challenge = dpos; 291 parse->mschap_challenge_len = dlen; 292 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 293 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) { 294 wpa_hexdump(MSG_DEBUG, 295 "EAP-TTLS: MS-CHAP-Response (MSCHAP)", 296 dpos, dlen); 297 parse->mschap_response = dpos; 298 parse->mschap_response_len = dlen; 299 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 300 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) { 301 wpa_hexdump(MSG_DEBUG, 302 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)", 303 dpos, dlen); 304 parse->mschap2_response = dpos; 305 parse->mschap2_response_len = dlen; 306 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 307 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported " 308 "mandatory AVP code %d vendor_id %d - " 309 "dropped", (int) avp_code, (int) vendor_id); 310 goto fail; 311 } else { 312 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported " 313 "AVP code %d vendor_id %d", 314 (int) avp_code, (int) vendor_id); 315 } 316 317 pad = (4 - (avp_length & 3)) & 3; 318 pos += avp_length + pad; 319 left -= avp_length + pad; 320 } 321 322 return 0; 323 324 fail: 325 os_free(parse->eap); 326 parse->eap = NULL; 327 return -1; 328 } 329 330 331 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 332 struct eap_ttls_data *data, size_t len) 333 { 334 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge", 335 NULL, 0, len); 336 } 337 338 339 static void * eap_ttls_init(struct eap_sm *sm) 340 { 341 struct eap_ttls_data *data; 342 343 data = os_zalloc(sizeof(*data)); 344 if (data == NULL) 345 return NULL; 346 data->ttls_version = EAP_TTLS_VERSION; 347 data->state = START; 348 349 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) { 350 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 351 eap_ttls_reset(sm, data); 352 return NULL; 353 } 354 355 return data; 356 } 357 358 359 static void eap_ttls_reset(struct eap_sm *sm, void *priv) 360 { 361 struct eap_ttls_data *data = priv; 362 if (data == NULL) 363 return; 364 if (data->phase2_priv && data->phase2_method) 365 data->phase2_method->reset(sm, data->phase2_priv); 366 eap_server_tls_ssl_deinit(sm, &data->ssl); 367 wpabuf_free(data->pending_phase2_eap_resp); 368 bin_clear_free(data, sizeof(*data)); 369 } 370 371 372 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm, 373 struct eap_ttls_data *data, u8 id) 374 { 375 struct wpabuf *req; 376 377 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1, 378 EAP_CODE_REQUEST, id); 379 if (req == NULL) { 380 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for" 381 " request"); 382 eap_ttls_state(data, FAILURE); 383 return NULL; 384 } 385 386 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version); 387 388 eap_ttls_state(data, PHASE1); 389 390 return req; 391 } 392 393 394 static struct wpabuf * eap_ttls_build_phase2_eap_req( 395 struct eap_sm *sm, struct eap_ttls_data *data, u8 id) 396 { 397 struct wpabuf *buf, *encr_req; 398 399 400 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); 401 if (buf == NULL) 402 return NULL; 403 404 wpa_hexdump_buf_key(MSG_DEBUG, 405 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf); 406 407 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1); 408 if (buf == NULL) { 409 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate " 410 "packet"); 411 return NULL; 412 } 413 414 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated " 415 "Phase 2 data", buf); 416 417 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf); 418 wpabuf_free(buf); 419 420 return encr_req; 421 } 422 423 424 static struct wpabuf * eap_ttls_build_phase2_mschapv2( 425 struct eap_sm *sm, struct eap_ttls_data *data) 426 { 427 struct wpabuf *encr_req, msgbuf; 428 u8 *req, *pos, *end; 429 int ret; 430 431 pos = req = os_malloc(100); 432 if (req == NULL) 433 return NULL; 434 end = req + 100; 435 436 if (data->mschapv2_resp_ok) { 437 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS, 438 RADIUS_VENDOR_ID_MICROSOFT, 1, 43); 439 *pos++ = data->mschapv2_ident; 440 ret = os_snprintf((char *) pos, end - pos, "S="); 441 if (!os_snprintf_error(end - pos, ret)) 442 pos += ret; 443 pos += wpa_snprintf_hex_uppercase( 444 (char *) pos, end - pos, data->mschapv2_auth_response, 445 sizeof(data->mschapv2_auth_response)); 446 } else { 447 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR, 448 RADIUS_VENDOR_ID_MICROSOFT, 1, 7); 449 *pos++ = data->mschapv2_ident; 450 os_memcpy(pos, "Failed", 6); 451 pos += 6; 452 AVP_PAD(req, pos); 453 } 454 455 wpabuf_set(&msgbuf, req, pos - req); 456 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 " 457 "data", &msgbuf); 458 459 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 460 os_free(req); 461 462 return encr_req; 463 } 464 465 466 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id) 467 { 468 struct eap_ttls_data *data = priv; 469 470 if (data->ssl.state == FRAG_ACK) { 471 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS, 472 data->ttls_version); 473 } 474 475 if (data->ssl.state == WAIT_FRAG_ACK) { 476 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 477 data->ttls_version, id); 478 } 479 480 switch (data->state) { 481 case START: 482 return eap_ttls_build_start(sm, data, id); 483 case PHASE1: 484 if (tls_connection_established(sm->cfg->ssl_ctx, 485 data->ssl.conn)) { 486 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, " 487 "starting Phase2"); 488 eap_ttls_state(data, PHASE2_START); 489 } 490 break; 491 case PHASE2_METHOD: 492 wpabuf_free(data->ssl.tls_out); 493 data->ssl.tls_out_pos = 0; 494 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data, 495 id); 496 break; 497 case PHASE2_MSCHAPV2_RESP: 498 wpabuf_free(data->ssl.tls_out); 499 data->ssl.tls_out_pos = 0; 500 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data); 501 break; 502 default: 503 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 504 __func__, data->state); 505 return NULL; 506 } 507 508 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 509 data->ttls_version, id); 510 } 511 512 513 static bool eap_ttls_check(struct eap_sm *sm, void *priv, 514 struct wpabuf *respData) 515 { 516 const u8 *pos; 517 size_t len; 518 519 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len); 520 if (pos == NULL || len < 1) { 521 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame"); 522 return true; 523 } 524 525 return false; 526 } 527 528 529 static void eap_ttls_process_phase2_pap(struct eap_sm *sm, 530 struct eap_ttls_data *data, 531 const u8 *user_password, 532 size_t user_password_len) 533 { 534 if (!sm->user || !sm->user->password || sm->user->password_hash || 535 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) { 536 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user " 537 "password configured"); 538 eap_ttls_state(data, FAILURE); 539 return; 540 } 541 542 if (sm->user->password_len != user_password_len || 543 os_memcmp_const(sm->user->password, user_password, 544 user_password_len) != 0) { 545 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password"); 546 eap_ttls_state(data, FAILURE); 547 return; 548 } 549 550 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password"); 551 eap_ttls_state(data, SUCCESS); 552 eap_ttls_valid_session(sm, data); 553 } 554 555 556 static void eap_ttls_process_phase2_chap(struct eap_sm *sm, 557 struct eap_ttls_data *data, 558 const u8 *challenge, 559 size_t challenge_len, 560 const u8 *password, 561 size_t password_len) 562 { 563 u8 *chal, hash[CHAP_MD5_LEN]; 564 565 if (challenge == NULL || password == NULL || 566 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN || 567 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) { 568 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes " 569 "(challenge len %lu password len %lu)", 570 (unsigned long) challenge_len, 571 (unsigned long) password_len); 572 eap_ttls_state(data, FAILURE); 573 return; 574 } 575 576 if (!sm->user || !sm->user->password || sm->user->password_hash || 577 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) { 578 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user " 579 "password configured"); 580 eap_ttls_state(data, FAILURE); 581 return; 582 } 583 584 chal = eap_ttls_implicit_challenge(sm, data, 585 EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 586 if (chal == NULL) { 587 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate " 588 "challenge from TLS data"); 589 eap_ttls_state(data, FAILURE); 590 return; 591 } 592 593 if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) 594 != 0 || 595 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) { 596 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch"); 597 os_free(chal); 598 eap_ttls_state(data, FAILURE); 599 return; 600 } 601 os_free(chal); 602 603 /* MD5(Ident + Password + Challenge) */ 604 chap_md5(password[0], sm->user->password, sm->user->password_len, 605 challenge, challenge_len, hash); 606 607 if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 608 0) { 609 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password"); 610 eap_ttls_state(data, SUCCESS); 611 eap_ttls_valid_session(sm, data); 612 } else { 613 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password"); 614 eap_ttls_state(data, FAILURE); 615 } 616 } 617 618 619 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm, 620 struct eap_ttls_data *data, 621 u8 *challenge, size_t challenge_len, 622 u8 *response, size_t response_len) 623 { 624 u8 *chal, nt_response[24]; 625 626 if (challenge == NULL || response == NULL || 627 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN || 628 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) { 629 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP " 630 "attributes (challenge len %lu response len %lu)", 631 (unsigned long) challenge_len, 632 (unsigned long) response_len); 633 eap_ttls_state(data, FAILURE); 634 return; 635 } 636 637 if (!sm->user || !sm->user->password || 638 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) { 639 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password " 640 "configured"); 641 eap_ttls_state(data, FAILURE); 642 return; 643 } 644 645 chal = eap_ttls_implicit_challenge(sm, data, 646 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 647 if (chal == NULL) { 648 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate " 649 "challenge from TLS data"); 650 eap_ttls_state(data, FAILURE); 651 return; 652 } 653 654 #ifdef CONFIG_TESTING_OPTIONS 655 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP", 656 sm->identity, sm->identity_len, 657 challenge, response + 2 + 24); 658 #endif /* CONFIG_TESTING_OPTIONS */ 659 660 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) 661 != 0 || 662 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) { 663 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch"); 664 os_free(chal); 665 eap_ttls_state(data, FAILURE); 666 return; 667 } 668 os_free(chal); 669 670 if ((sm->user->password_hash && 671 challenge_response(challenge, sm->user->password, nt_response)) || 672 (!sm->user->password_hash && 673 nt_challenge_response(challenge, sm->user->password, 674 sm->user->password_len, nt_response))) { 675 eap_ttls_state(data, FAILURE); 676 return; 677 } 678 679 if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) { 680 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response"); 681 eap_ttls_state(data, SUCCESS); 682 eap_ttls_valid_session(sm, data); 683 } else { 684 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response"); 685 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received", 686 response + 2 + 24, 24); 687 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected", 688 nt_response, 24); 689 eap_ttls_state(data, FAILURE); 690 } 691 } 692 693 694 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 695 struct eap_ttls_data *data, 696 u8 *challenge, 697 size_t challenge_len, 698 u8 *response, size_t response_len) 699 { 700 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge, 701 *auth_challenge; 702 size_t username_len, i; 703 704 if (challenge == NULL || response == NULL || 705 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN || 706 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) { 707 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 " 708 "attributes (challenge len %lu response len %lu)", 709 (unsigned long) challenge_len, 710 (unsigned long) response_len); 711 eap_ttls_state(data, FAILURE); 712 return; 713 } 714 715 if (!sm->user || !sm->user->password || 716 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) { 717 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password " 718 "configured"); 719 eap_ttls_state(data, FAILURE); 720 return; 721 } 722 723 if (sm->identity == NULL) { 724 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity " 725 "known"); 726 eap_ttls_state(data, FAILURE); 727 return; 728 } 729 730 /* MSCHAPv2 does not include optional domain name in the 731 * challenge-response calculation, so remove domain prefix 732 * (if present). */ 733 username = sm->identity; 734 username_len = sm->identity_len; 735 for (i = 0; i < username_len; i++) { 736 if (username[i] == '\\') { 737 username_len -= i + 1; 738 username += i + 1; 739 break; 740 } 741 } 742 743 chal = eap_ttls_implicit_challenge( 744 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 745 if (chal == NULL) { 746 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate " 747 "challenge from TLS data"); 748 eap_ttls_state(data, FAILURE); 749 return; 750 } 751 752 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) 753 != 0 || 754 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) { 755 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch"); 756 os_free(chal); 757 eap_ttls_state(data, FAILURE); 758 return; 759 } 760 os_free(chal); 761 762 auth_challenge = challenge; 763 peer_challenge = response + 2; 764 765 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User", 766 username, username_len); 767 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge", 768 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 769 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge", 770 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 771 772 if (sm->user->password_hash) { 773 generate_nt_response_pwhash(auth_challenge, peer_challenge, 774 username, username_len, 775 sm->user->password, 776 nt_response); 777 } else { 778 generate_nt_response(auth_challenge, peer_challenge, 779 username, username_len, 780 sm->user->password, 781 sm->user->password_len, 782 nt_response); 783 } 784 785 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8; 786 #ifdef CONFIG_TESTING_OPTIONS 787 { 788 u8 challenge2[8]; 789 790 if (challenge_hash(peer_challenge, auth_challenge, 791 username, username_len, challenge2) == 0) { 792 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2", 793 username, username_len, 794 challenge2, rx_resp); 795 } 796 } 797 #endif /* CONFIG_TESTING_OPTIONS */ 798 if (os_memcmp_const(nt_response, rx_resp, 24) == 0) { 799 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct " 800 "NT-Response"); 801 data->mschapv2_resp_ok = 1; 802 803 if (sm->user->password_hash) { 804 generate_authenticator_response_pwhash( 805 sm->user->password, 806 peer_challenge, auth_challenge, 807 username, username_len, nt_response, 808 data->mschapv2_auth_response); 809 } else { 810 generate_authenticator_response( 811 sm->user->password, sm->user->password_len, 812 peer_challenge, auth_challenge, 813 username, username_len, nt_response, 814 data->mschapv2_auth_response); 815 } 816 } else { 817 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid " 818 "NT-Response"); 819 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received", 820 rx_resp, 24); 821 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected", 822 nt_response, 24); 823 data->mschapv2_resp_ok = 0; 824 } 825 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP); 826 data->mschapv2_ident = response[0]; 827 } 828 829 830 static int eap_ttls_phase2_eap_init(struct eap_sm *sm, 831 struct eap_ttls_data *data, 832 int vendor, enum eap_type eap_type) 833 { 834 if (data->phase2_priv && data->phase2_method) { 835 data->phase2_method->reset(sm, data->phase2_priv); 836 data->phase2_method = NULL; 837 data->phase2_priv = NULL; 838 } 839 data->phase2_method = eap_server_get_eap_method(vendor, eap_type); 840 if (!data->phase2_method) 841 return -1; 842 843 sm->init_phase2 = 1; 844 data->phase2_priv = data->phase2_method->init(sm); 845 sm->init_phase2 = 0; 846 return data->phase2_priv == NULL ? -1 : 0; 847 } 848 849 850 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm, 851 struct eap_ttls_data *data, 852 u8 *in_data, size_t in_len) 853 { 854 int next_vendor = EAP_VENDOR_IETF; 855 enum eap_type next_type = EAP_TYPE_NONE; 856 struct eap_hdr *hdr; 857 u8 *pos; 858 size_t left; 859 struct wpabuf buf; 860 const struct eap_method *m = data->phase2_method; 861 void *priv = data->phase2_priv; 862 863 if (priv == NULL) { 864 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not " 865 "initialized?!", __func__); 866 return; 867 } 868 869 hdr = (struct eap_hdr *) in_data; 870 pos = (u8 *) (hdr + 1); 871 872 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { 873 left = in_len - sizeof(*hdr); 874 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; " 875 "allowed types", pos + 1, left - 1); 876 eap_sm_process_nak(sm, pos + 1, left - 1); 877 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && 878 sm->user->methods[sm->user_eap_method_index].method != 879 EAP_TYPE_NONE) { 880 next_vendor = sm->user->methods[ 881 sm->user_eap_method_index].vendor; 882 next_type = sm->user->methods[ 883 sm->user_eap_method_index++].method; 884 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u", 885 next_vendor, next_type); 886 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, 887 next_type)) { 888 wpa_printf(MSG_DEBUG, 889 "EAP-TTLS: Failed to initialize EAP type %u:%u", 890 next_vendor, next_type); 891 eap_ttls_state(data, FAILURE); 892 return; 893 } 894 } else { 895 eap_ttls_state(data, FAILURE); 896 } 897 return; 898 } 899 900 wpabuf_set(&buf, in_data, in_len); 901 902 if (m->check(sm, priv, &buf)) { 903 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to " 904 "ignore the packet"); 905 return; 906 } 907 908 m->process(sm, priv, &buf); 909 910 if (sm->method_pending == METHOD_PENDING_WAIT) { 911 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in " 912 "pending wait state - save decrypted response"); 913 wpabuf_free(data->pending_phase2_eap_resp); 914 data->pending_phase2_eap_resp = wpabuf_dup(&buf); 915 } 916 917 if (!m->isDone(sm, priv)) 918 return; 919 920 if (!m->isSuccess(sm, priv)) { 921 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed"); 922 eap_ttls_state(data, FAILURE); 923 return; 924 } 925 926 switch (data->state) { 927 case PHASE2_START: 928 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 929 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 " 930 "Identity not found in the user " 931 "database", 932 sm->identity, sm->identity_len); 933 eap_ttls_state(data, FAILURE); 934 break; 935 } 936 937 eap_ttls_state(data, PHASE2_METHOD); 938 next_vendor = sm->user->methods[0].vendor; 939 next_type = sm->user->methods[0].method; 940 sm->user_eap_method_index = 1; 941 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u", 942 next_vendor, next_type); 943 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, 944 next_type)) { 945 wpa_printf(MSG_DEBUG, 946 "EAP-TTLS: Failed to initialize EAP type %u:%u", 947 next_vendor, next_type); 948 eap_ttls_state(data, FAILURE); 949 } 950 break; 951 case PHASE2_METHOD: 952 eap_ttls_state(data, SUCCESS); 953 eap_ttls_valid_session(sm, data); 954 break; 955 case FAILURE: 956 break; 957 default: 958 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 959 __func__, data->state); 960 break; 961 } 962 } 963 964 965 static void eap_ttls_process_phase2_eap(struct eap_sm *sm, 966 struct eap_ttls_data *data, 967 const u8 *eap, size_t eap_len) 968 { 969 struct eap_hdr *hdr; 970 size_t len; 971 972 if (data->state == PHASE2_START) { 973 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2"); 974 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, 975 EAP_TYPE_IDENTITY) < 0) { 976 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to " 977 "initialize EAP-Identity"); 978 return; 979 } 980 } 981 982 if (eap_len < sizeof(*hdr)) { 983 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP " 984 "packet (len=%lu)", (unsigned long) eap_len); 985 return; 986 } 987 988 hdr = (struct eap_hdr *) eap; 989 len = be_to_host16(hdr->length); 990 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d " 991 "identifier=%d length=%lu", hdr->code, hdr->identifier, 992 (unsigned long) len); 993 if (len > eap_len) { 994 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2" 995 " EAP frame (hdr len=%lu, data len in AVP=%lu)", 996 (unsigned long) len, (unsigned long) eap_len); 997 return; 998 } 999 1000 switch (hdr->code) { 1001 case EAP_CODE_RESPONSE: 1002 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr, 1003 len); 1004 break; 1005 default: 1006 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in " 1007 "Phase 2 EAP header", hdr->code); 1008 break; 1009 } 1010 } 1011 1012 1013 static void eap_ttls_process_phase2(struct eap_sm *sm, 1014 struct eap_ttls_data *data, 1015 struct wpabuf *in_buf) 1016 { 1017 struct wpabuf *in_decrypted; 1018 struct eap_ttls_avp parse; 1019 1020 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1021 " Phase 2", (unsigned long) wpabuf_len(in_buf)); 1022 1023 if (data->pending_phase2_eap_resp) { 1024 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response " 1025 "- skip decryption and use old data"); 1026 eap_ttls_process_phase2_eap( 1027 sm, data, wpabuf_head(data->pending_phase2_eap_resp), 1028 wpabuf_len(data->pending_phase2_eap_resp)); 1029 wpabuf_free(data->pending_phase2_eap_resp); 1030 data->pending_phase2_eap_resp = NULL; 1031 return; 1032 } 1033 1034 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, 1035 in_buf); 1036 if (in_decrypted == NULL) { 1037 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 " 1038 "data"); 1039 eap_ttls_state(data, FAILURE); 1040 return; 1041 } 1042 1043 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP", 1044 in_decrypted); 1045 1046 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) { 1047 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs"); 1048 wpabuf_free(in_decrypted); 1049 eap_ttls_state(data, FAILURE); 1050 return; 1051 } 1052 1053 if (parse.user_name) { 1054 char *nbuf; 1055 nbuf = os_malloc(parse.user_name_len * 4 + 1); 1056 if (nbuf) { 1057 printf_encode(nbuf, parse.user_name_len * 4 + 1, 1058 parse.user_name, 1059 parse.user_name_len); 1060 eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf); 1061 os_free(nbuf); 1062 } 1063 1064 os_free(sm->identity); 1065 sm->identity = os_memdup(parse.user_name, parse.user_name_len); 1066 if (sm->identity == NULL) { 1067 eap_ttls_state(data, FAILURE); 1068 goto done; 1069 } 1070 sm->identity_len = parse.user_name_len; 1071 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) 1072 != 0) { 1073 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not " 1074 "found in the user database"); 1075 eap_ttls_state(data, FAILURE); 1076 goto done; 1077 } 1078 } 1079 1080 #ifdef EAP_SERVER_TNC 1081 if (data->tnc_started && parse.eap == NULL) { 1082 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP " 1083 "response from peer"); 1084 eap_ttls_state(data, FAILURE); 1085 goto done; 1086 } 1087 #endif /* EAP_SERVER_TNC */ 1088 1089 if (parse.eap) { 1090 eap_ttls_process_phase2_eap(sm, data, parse.eap, 1091 parse.eap_len); 1092 } else if (parse.user_password) { 1093 eap_ttls_process_phase2_pap(sm, data, parse.user_password, 1094 parse.user_password_len); 1095 } else if (parse.chap_password) { 1096 eap_ttls_process_phase2_chap(sm, data, 1097 parse.chap_challenge, 1098 parse.chap_challenge_len, 1099 parse.chap_password, 1100 parse.chap_password_len); 1101 } else if (parse.mschap_response) { 1102 eap_ttls_process_phase2_mschap(sm, data, 1103 parse.mschap_challenge, 1104 parse.mschap_challenge_len, 1105 parse.mschap_response, 1106 parse.mschap_response_len); 1107 } else if (parse.mschap2_response) { 1108 eap_ttls_process_phase2_mschapv2(sm, data, 1109 parse.mschap_challenge, 1110 parse.mschap_challenge_len, 1111 parse.mschap2_response, 1112 parse.mschap2_response_len); 1113 } 1114 1115 done: 1116 wpabuf_free(in_decrypted); 1117 os_free(parse.eap); 1118 } 1119 1120 1121 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) 1122 { 1123 #ifdef EAP_SERVER_TNC 1124 if (!sm->cfg->tnc || data->state != SUCCESS || data->tnc_started) 1125 return; 1126 1127 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); 1128 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_TNC)) { 1129 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); 1130 eap_ttls_state(data, FAILURE); 1131 return; 1132 } 1133 1134 data->tnc_started = 1; 1135 eap_ttls_state(data, PHASE2_METHOD); 1136 #endif /* EAP_SERVER_TNC */ 1137 } 1138 1139 1140 static int eap_ttls_process_version(struct eap_sm *sm, void *priv, 1141 int peer_version) 1142 { 1143 struct eap_ttls_data *data = priv; 1144 if (peer_version < data->ttls_version) { 1145 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; " 1146 "use version %d", 1147 peer_version, data->ttls_version, peer_version); 1148 data->ttls_version = peer_version; 1149 } 1150 1151 return 0; 1152 } 1153 1154 1155 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv, 1156 const struct wpabuf *respData) 1157 { 1158 struct eap_ttls_data *data = priv; 1159 1160 switch (data->state) { 1161 case PHASE1: 1162 if (eap_server_tls_phase1(sm, &data->ssl) < 0) 1163 eap_ttls_state(data, FAILURE); 1164 break; 1165 case PHASE2_START: 1166 case PHASE2_METHOD: 1167 eap_ttls_process_phase2(sm, data, data->ssl.tls_in); 1168 eap_ttls_start_tnc(sm, data); 1169 break; 1170 case PHASE2_MSCHAPV2_RESP: 1171 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) == 1172 0) { 1173 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1174 "acknowledged response"); 1175 eap_ttls_state(data, SUCCESS); 1176 eap_ttls_valid_session(sm, data); 1177 } else if (!data->mschapv2_resp_ok) { 1178 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1179 "acknowledged error"); 1180 eap_ttls_state(data, FAILURE); 1181 } else { 1182 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected " 1183 "frame from peer (payload len %lu, " 1184 "expected empty frame)", 1185 (unsigned long) 1186 wpabuf_len(data->ssl.tls_in)); 1187 eap_ttls_state(data, FAILURE); 1188 } 1189 eap_ttls_start_tnc(sm, data); 1190 break; 1191 default: 1192 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s", 1193 data->state, __func__); 1194 break; 1195 } 1196 } 1197 1198 1199 static void eap_ttls_process(struct eap_sm *sm, void *priv, 1200 struct wpabuf *respData) 1201 { 1202 struct eap_ttls_data *data = priv; 1203 const struct wpabuf *buf; 1204 const u8 *pos; 1205 u8 id_len; 1206 1207 if (eap_server_tls_process(sm, &data->ssl, respData, data, 1208 EAP_TYPE_TTLS, eap_ttls_process_version, 1209 eap_ttls_process_msg) < 0) { 1210 eap_ttls_state(data, FAILURE); 1211 return; 1212 } 1213 1214 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || 1215 !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) 1216 return; 1217 1218 buf = tls_connection_get_success_data(data->ssl.conn); 1219 if (!buf || wpabuf_len(buf) < 1) { 1220 wpa_printf(MSG_DEBUG, 1221 "EAP-TTLS: No success data in resumed session - reject attempt"); 1222 eap_ttls_state(data, FAILURE); 1223 return; 1224 } 1225 1226 pos = wpabuf_head(buf); 1227 if (*pos != EAP_TYPE_TTLS) { 1228 wpa_printf(MSG_DEBUG, 1229 "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt", 1230 *pos); 1231 eap_ttls_state(data, FAILURE); 1232 return; 1233 } 1234 1235 pos++; 1236 id_len = *pos++; 1237 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session", 1238 pos, id_len); 1239 os_free(sm->identity); 1240 sm->identity = os_malloc(id_len ? id_len : 1); 1241 if (!sm->identity) { 1242 sm->identity_len = 0; 1243 eap_ttls_state(data, FAILURE); 1244 return; 1245 } 1246 1247 os_memcpy(sm->identity, pos, id_len); 1248 sm->identity_len = id_len; 1249 1250 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 1251 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database", 1252 sm->identity, sm->identity_len); 1253 eap_ttls_state(data, FAILURE); 1254 return; 1255 } 1256 1257 wpa_printf(MSG_DEBUG, 1258 "EAP-TTLS: Resuming previous session - skip Phase2"); 1259 eap_ttls_state(data, SUCCESS); 1260 tls_connection_set_success_data_resumed(data->ssl.conn); 1261 } 1262 1263 1264 static bool eap_ttls_isDone(struct eap_sm *sm, void *priv) 1265 { 1266 struct eap_ttls_data *data = priv; 1267 return data->state == SUCCESS || data->state == FAILURE; 1268 } 1269 1270 1271 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1272 { 1273 struct eap_ttls_data *data = priv; 1274 u8 *eapKeyData; 1275 const char *label; 1276 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; 1277 const u8 *context = NULL; 1278 size_t context_len = 0; 1279 1280 if (data->state != SUCCESS) 1281 return NULL; 1282 1283 if (data->ssl.tls_v13) { 1284 label = "EXPORTER_EAP_TLS_Key_Material"; 1285 context = eap_tls13_context; 1286 context_len = sizeof(eap_tls13_context); 1287 } else { 1288 label = "ttls keying material"; 1289 } 1290 1291 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1292 label, context, context_len, 1293 EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1294 if (eapKeyData) { 1295 *len = EAP_TLS_KEY_LEN; 1296 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 1297 eapKeyData, EAP_TLS_KEY_LEN); 1298 } else { 1299 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key"); 1300 } 1301 1302 return eapKeyData; 1303 } 1304 1305 1306 static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv) 1307 { 1308 struct eap_ttls_data *data = priv; 1309 return data->state == SUCCESS; 1310 } 1311 1312 1313 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1314 { 1315 struct eap_ttls_data *data = priv; 1316 1317 if (data->state != SUCCESS) 1318 return NULL; 1319 1320 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS, 1321 len); 1322 } 1323 1324 1325 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 1326 { 1327 struct eap_ttls_data *data = priv; 1328 u8 *eapKeyData, *emsk; 1329 const char *label; 1330 const u8 eap_tls13_context[1] = { EAP_TYPE_TTLS }; 1331 const u8 *context = NULL; 1332 size_t context_len = 0; 1333 1334 if (data->state != SUCCESS) 1335 return NULL; 1336 1337 if (data->ssl.tls_v13) { 1338 label = "EXPORTER_EAP_TLS_Key_Material"; 1339 context = eap_tls13_context; 1340 context_len = sizeof(eap_tls13_context); 1341 } else { 1342 label = "ttls keying material"; 1343 } 1344 1345 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1346 label, context, context_len, 1347 EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1348 if (eapKeyData) { 1349 emsk = os_malloc(EAP_EMSK_LEN); 1350 if (emsk) 1351 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, 1352 EAP_EMSK_LEN); 1353 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1354 } else 1355 emsk = NULL; 1356 1357 if (emsk) { 1358 *len = EAP_EMSK_LEN; 1359 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK", 1360 emsk, EAP_EMSK_LEN); 1361 } else { 1362 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK"); 1363 } 1364 1365 return emsk; 1366 } 1367 1368 1369 int eap_server_ttls_register(void) 1370 { 1371 struct eap_method *eap; 1372 1373 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1374 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1375 if (eap == NULL) 1376 return -1; 1377 1378 eap->init = eap_ttls_init; 1379 eap->reset = eap_ttls_reset; 1380 eap->buildReq = eap_ttls_buildReq; 1381 eap->check = eap_ttls_check; 1382 eap->process = eap_ttls_process; 1383 eap->isDone = eap_ttls_isDone; 1384 eap->getKey = eap_ttls_getKey; 1385 eap->isSuccess = eap_ttls_isSuccess; 1386 eap->getSessionId = eap_ttls_get_session_id; 1387 eap->get_emsk = eap_ttls_get_emsk; 1388 1389 return eap_server_method_register(eap); 1390 } 1391