eap_ttls.c revision 04949598a23f501be6eec21697465fd46a28840a
1/* 2 * EAP peer method: EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "crypto/ms_funcs.h" 13#include "crypto/sha1.h" 14#include "crypto/tls.h" 15#include "eap_common/chap.h" 16#include "eap_common/eap_ttls.h" 17#include "mschapv2.h" 18#include "eap_i.h" 19#include "eap_tls_common.h" 20#include "eap_config.h" 21 22 23#define EAP_TTLS_VERSION 0 24 25 26static void eap_ttls_deinit(struct eap_sm *sm, void *priv); 27 28 29struct eap_ttls_data { 30 struct eap_ssl_data ssl; 31 32 int ttls_version; 33 34 const struct eap_method *phase2_method; 35 void *phase2_priv; 36 int phase2_success; 37 int phase2_start; 38 39 enum phase2_types { 40 EAP_TTLS_PHASE2_EAP, 41 EAP_TTLS_PHASE2_MSCHAPV2, 42 EAP_TTLS_PHASE2_MSCHAP, 43 EAP_TTLS_PHASE2_PAP, 44 EAP_TTLS_PHASE2_CHAP 45 } phase2_type; 46 struct eap_method_type phase2_eap_type; 47 struct eap_method_type *phase2_eap_types; 48 size_t num_phase2_eap_types; 49 50 u8 auth_response[MSCHAPV2_AUTH_RESPONSE_LEN]; 51 int auth_response_valid; 52 u8 master_key[MSCHAPV2_MASTER_KEY_LEN]; /* MSCHAPv2 master key */ 53 u8 ident; 54 int resuming; /* starting a resumed session */ 55 int reauth; /* reauthentication */ 56 u8 *key_data; 57 58 struct wpabuf *pending_phase2_req; 59 60#ifdef EAP_TNC 61 int ready_for_tnc; 62 int tnc_started; 63#endif /* EAP_TNC */ 64}; 65 66 67static void * eap_ttls_init(struct eap_sm *sm) 68{ 69 struct eap_ttls_data *data; 70 struct eap_peer_config *config = eap_get_config(sm); 71 char *selected; 72 73 data = os_zalloc(sizeof(*data)); 74 if (data == NULL) 75 return NULL; 76 data->ttls_version = EAP_TTLS_VERSION; 77 selected = "EAP"; 78 data->phase2_type = EAP_TTLS_PHASE2_EAP; 79 80 if (config && config->phase2) { 81 if (os_strstr(config->phase2, "autheap=")) { 82 selected = "EAP"; 83 data->phase2_type = EAP_TTLS_PHASE2_EAP; 84 } else if (os_strstr(config->phase2, "auth=MSCHAPV2")) { 85 selected = "MSCHAPV2"; 86 data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2; 87 } else if (os_strstr(config->phase2, "auth=MSCHAP")) { 88 selected = "MSCHAP"; 89 data->phase2_type = EAP_TTLS_PHASE2_MSCHAP; 90 } else if (os_strstr(config->phase2, "auth=PAP")) { 91 selected = "PAP"; 92 data->phase2_type = EAP_TTLS_PHASE2_PAP; 93 } else if (os_strstr(config->phase2, "auth=CHAP")) { 94 selected = "CHAP"; 95 data->phase2_type = EAP_TTLS_PHASE2_CHAP; 96 } 97 } 98 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected); 99 100 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) { 101 if (eap_peer_select_phase2_methods(config, "autheap=", 102 &data->phase2_eap_types, 103 &data->num_phase2_eap_types) 104 < 0) { 105 eap_ttls_deinit(sm, data); 106 return NULL; 107 } 108 109 data->phase2_eap_type.vendor = EAP_VENDOR_IETF; 110 data->phase2_eap_type.method = EAP_TYPE_NONE; 111 } 112 113 if (eap_peer_tls_ssl_init(sm, &data->ssl, config)) { 114 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 115 eap_ttls_deinit(sm, data); 116 return NULL; 117 } 118 119 return data; 120} 121 122 123static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm, 124 struct eap_ttls_data *data) 125{ 126 if (data->phase2_priv && data->phase2_method) { 127 data->phase2_method->deinit(sm, data->phase2_priv); 128 data->phase2_method = NULL; 129 data->phase2_priv = NULL; 130 } 131} 132 133 134static void eap_ttls_deinit(struct eap_sm *sm, void *priv) 135{ 136 struct eap_ttls_data *data = priv; 137 if (data == NULL) 138 return; 139 eap_ttls_phase2_eap_deinit(sm, data); 140 os_free(data->phase2_eap_types); 141 eap_peer_tls_ssl_deinit(sm, &data->ssl); 142 os_free(data->key_data); 143 wpabuf_free(data->pending_phase2_req); 144 os_free(data); 145} 146 147 148static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 149 int mandatory, size_t len) 150{ 151 struct ttls_avp_vendor *avp; 152 u8 flags; 153 size_t hdrlen; 154 155 avp = (struct ttls_avp_vendor *) avphdr; 156 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 157 if (vendor_id) { 158 flags |= AVP_FLAGS_VENDOR; 159 hdrlen = sizeof(*avp); 160 avp->vendor_id = host_to_be32(vendor_id); 161 } else { 162 hdrlen = sizeof(struct ttls_avp); 163 } 164 165 avp->avp_code = host_to_be32(avp_code); 166 avp->avp_length = host_to_be32((flags << 24) | (u32) (hdrlen + len)); 167 168 return avphdr + hdrlen; 169} 170 171 172static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code, 173 u32 vendor_id, int mandatory, 174 const u8 *data, size_t len) 175{ 176 u8 *pos; 177 pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len); 178 os_memcpy(pos, data, len); 179 pos += len; 180 AVP_PAD(start, pos); 181 return pos; 182} 183 184 185static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code, 186 int mandatory) 187{ 188 struct wpabuf *msg; 189 u8 *avp, *pos; 190 191 msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4); 192 if (msg == NULL) { 193 wpabuf_free(*resp); 194 *resp = NULL; 195 return -1; 196 } 197 198 avp = wpabuf_mhead(msg); 199 pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp)); 200 os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp)); 201 pos += wpabuf_len(*resp); 202 AVP_PAD(avp, pos); 203 wpabuf_free(*resp); 204 wpabuf_put(msg, pos - avp); 205 *resp = msg; 206 return 0; 207} 208 209 210static int eap_ttls_v0_derive_key(struct eap_sm *sm, 211 struct eap_ttls_data *data) 212{ 213 os_free(data->key_data); 214 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, 215 "ttls keying material", 216 EAP_TLS_KEY_LEN); 217 if (!data->key_data) { 218 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key"); 219 return -1; 220 } 221 222 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 223 data->key_data, EAP_TLS_KEY_LEN); 224 225 return 0; 226} 227 228 229static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 230 struct eap_ttls_data *data, size_t len) 231{ 232 return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len); 233} 234 235 236static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data, 237 u8 method) 238{ 239 size_t i; 240 for (i = 0; i < data->num_phase2_eap_types; i++) { 241 if (data->phase2_eap_types[i].vendor != EAP_VENDOR_IETF || 242 data->phase2_eap_types[i].method != method) 243 continue; 244 245 data->phase2_eap_type.vendor = 246 data->phase2_eap_types[i].vendor; 247 data->phase2_eap_type.method = 248 data->phase2_eap_types[i].method; 249 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 250 "Phase 2 EAP vendor %d method %d", 251 data->phase2_eap_type.vendor, 252 data->phase2_eap_type.method); 253 break; 254 } 255} 256 257 258static int eap_ttls_phase2_eap_process(struct eap_sm *sm, 259 struct eap_ttls_data *data, 260 struct eap_method_ret *ret, 261 struct eap_hdr *hdr, size_t len, 262 struct wpabuf **resp) 263{ 264 struct wpabuf msg; 265 struct eap_method_ret iret; 266 267 os_memset(&iret, 0, sizeof(iret)); 268 wpabuf_set(&msg, hdr, len); 269 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret, 270 &msg); 271 if ((iret.methodState == METHOD_DONE || 272 iret.methodState == METHOD_MAY_CONT) && 273 (iret.decision == DECISION_UNCOND_SUCC || 274 iret.decision == DECISION_COND_SUCC || 275 iret.decision == DECISION_FAIL)) { 276 ret->methodState = iret.methodState; 277 ret->decision = iret.decision; 278 } 279 280 return 0; 281} 282 283 284static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm, 285 struct eap_ttls_data *data, 286 struct eap_method_ret *ret, 287 struct eap_hdr *hdr, size_t len, 288 u8 method, struct wpabuf **resp) 289{ 290#ifdef EAP_TNC 291 if (data->tnc_started && data->phase2_method && 292 data->phase2_priv && method == EAP_TYPE_TNC && 293 data->phase2_eap_type.method == EAP_TYPE_TNC) 294 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, 295 resp); 296 297 if (data->ready_for_tnc && !data->tnc_started && 298 method == EAP_TYPE_TNC) { 299 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 300 "EAP method"); 301 data->tnc_started = 1; 302 } 303 304 if (data->tnc_started) { 305 if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF || 306 data->phase2_eap_type.method == EAP_TYPE_TNC) { 307 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected EAP " 308 "type %d for TNC", method); 309 return -1; 310 } 311 312 data->phase2_eap_type.vendor = EAP_VENDOR_IETF; 313 data->phase2_eap_type.method = method; 314 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 315 "Phase 2 EAP vendor %d method %d (TNC)", 316 data->phase2_eap_type.vendor, 317 data->phase2_eap_type.method); 318 319 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) 320 eap_ttls_phase2_eap_deinit(sm, data); 321 } 322#endif /* EAP_TNC */ 323 324 if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF && 325 data->phase2_eap_type.method == EAP_TYPE_NONE) 326 eap_ttls_phase2_select_eap_method(data, method); 327 328 if (method != data->phase2_eap_type.method || method == EAP_TYPE_NONE) 329 { 330 if (eap_peer_tls_phase2_nak(data->phase2_eap_types, 331 data->num_phase2_eap_types, 332 hdr, resp)) 333 return -1; 334 return 0; 335 } 336 337 if (data->phase2_priv == NULL) { 338 data->phase2_method = eap_peer_get_eap_method( 339 EAP_VENDOR_IETF, method); 340 if (data->phase2_method) { 341 sm->init_phase2 = 1; 342 data->phase2_priv = data->phase2_method->init(sm); 343 sm->init_phase2 = 0; 344 } 345 } 346 if (data->phase2_priv == NULL || data->phase2_method == NULL) { 347 wpa_printf(MSG_INFO, "EAP-TTLS: failed to initialize " 348 "Phase 2 EAP method %d", method); 349 return -1; 350 } 351 352 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp); 353} 354 355 356static int eap_ttls_phase2_request_eap(struct eap_sm *sm, 357 struct eap_ttls_data *data, 358 struct eap_method_ret *ret, 359 struct eap_hdr *hdr, 360 struct wpabuf **resp) 361{ 362 size_t len = be_to_host16(hdr->length); 363 u8 *pos; 364 struct eap_peer_config *config = eap_get_config(sm); 365 366 if (len <= sizeof(struct eap_hdr)) { 367 wpa_printf(MSG_INFO, "EAP-TTLS: too short " 368 "Phase 2 request (len=%lu)", (unsigned long) len); 369 return -1; 370 } 371 pos = (u8 *) (hdr + 1); 372 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos); 373 switch (*pos) { 374 case EAP_TYPE_IDENTITY: 375 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1); 376 break; 377 default: 378 if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len, 379 *pos, resp) < 0) 380 return -1; 381 break; 382 } 383 384 if (*resp == NULL && 385 (config->pending_req_identity || config->pending_req_password || 386 config->pending_req_otp)) { 387 return 0; 388 } 389 390 if (*resp == NULL) 391 return -1; 392 393 wpa_hexdump_buf(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response", 394 *resp); 395 return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1); 396} 397 398 399static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm, 400 struct eap_ttls_data *data, 401 struct eap_method_ret *ret, 402 struct wpabuf **resp) 403{ 404 struct wpabuf *msg; 405 u8 *buf, *pos, *challenge, *peer_challenge; 406 const u8 *identity, *password; 407 size_t identity_len, password_len; 408 int pwhash; 409 410 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request"); 411 412 identity = eap_get_config_identity(sm, &identity_len); 413 password = eap_get_config_password2(sm, &password_len, &pwhash); 414 if (identity == NULL || password == NULL) 415 return -1; 416 417 msg = wpabuf_alloc(identity_len + 1000); 418 if (msg == NULL) { 419 wpa_printf(MSG_ERROR, 420 "EAP-TTLS/MSCHAPV2: Failed to allocate memory"); 421 return -1; 422 } 423 pos = buf = wpabuf_mhead(msg); 424 425 /* User-Name */ 426 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 427 identity, identity_len); 428 429 /* MS-CHAP-Challenge */ 430 challenge = eap_ttls_implicit_challenge( 431 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 432 if (challenge == NULL) { 433 wpabuf_free(msg); 434 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 435 "implicit challenge"); 436 return -1; 437 } 438 439 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 440 RADIUS_VENDOR_ID_MICROSOFT, 1, 441 challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 442 443 /* MS-CHAP2-Response */ 444 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE, 445 RADIUS_VENDOR_ID_MICROSOFT, 1, 446 EAP_TTLS_MSCHAPV2_RESPONSE_LEN); 447 data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]; 448 *pos++ = data->ident; 449 *pos++ = 0; /* Flags */ 450 if (os_get_random(pos, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) < 0) { 451 os_free(challenge); 452 wpabuf_free(msg); 453 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get " 454 "random data for peer challenge"); 455 return -1; 456 } 457 peer_challenge = pos; 458 pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN; 459 os_memset(pos, 0, 8); /* Reserved, must be zero */ 460 pos += 8; 461 if (mschapv2_derive_response(identity, identity_len, password, 462 password_len, pwhash, challenge, 463 peer_challenge, pos, data->auth_response, 464 data->master_key)) { 465 os_free(challenge); 466 wpabuf_free(msg); 467 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 468 "response"); 469 return -1; 470 } 471 data->auth_response_valid = 1; 472 473 pos += 24; 474 os_free(challenge); 475 AVP_PAD(buf, pos); 476 477 wpabuf_put(msg, pos - buf); 478 *resp = msg; 479 480 if (sm->workaround) { 481 /* At least FreeRADIUS seems to be terminating 482 * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success 483 * packet. */ 484 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: EAP workaround - " 485 "allow success without tunneled response"); 486 ret->methodState = METHOD_MAY_CONT; 487 ret->decision = DECISION_COND_SUCC; 488 } 489 490 return 0; 491} 492 493 494static int eap_ttls_phase2_request_mschap(struct eap_sm *sm, 495 struct eap_ttls_data *data, 496 struct eap_method_ret *ret, 497 struct wpabuf **resp) 498{ 499 struct wpabuf *msg; 500 u8 *buf, *pos, *challenge; 501 const u8 *identity, *password; 502 size_t identity_len, password_len; 503 int pwhash; 504 505 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request"); 506 507 identity = eap_get_config_identity(sm, &identity_len); 508 password = eap_get_config_password2(sm, &password_len, &pwhash); 509 if (identity == NULL || password == NULL) 510 return -1; 511 512 msg = wpabuf_alloc(identity_len + 1000); 513 if (msg == NULL) { 514 wpa_printf(MSG_ERROR, 515 "EAP-TTLS/MSCHAP: Failed to allocate memory"); 516 return -1; 517 } 518 pos = buf = wpabuf_mhead(msg); 519 520 /* User-Name */ 521 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 522 identity, identity_len); 523 524 /* MS-CHAP-Challenge */ 525 challenge = eap_ttls_implicit_challenge( 526 sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 527 if (challenge == NULL) { 528 wpabuf_free(msg); 529 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive " 530 "implicit challenge"); 531 return -1; 532 } 533 534 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 535 RADIUS_VENDOR_ID_MICROSOFT, 1, 536 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 537 538 /* MS-CHAP-Response */ 539 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE, 540 RADIUS_VENDOR_ID_MICROSOFT, 1, 541 EAP_TTLS_MSCHAP_RESPONSE_LEN); 542 data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN]; 543 *pos++ = data->ident; 544 *pos++ = 1; /* Flags: Use NT style passwords */ 545 os_memset(pos, 0, 24); /* LM-Response */ 546 pos += 24; 547 if (pwhash) { 548 challenge_response(challenge, password, pos); /* NT-Response */ 549 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash", 550 password, 16); 551 } else { 552 nt_challenge_response(challenge, password, password_len, 553 pos); /* NT-Response */ 554 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password", 555 password, password_len); 556 } 557 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge", 558 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 559 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24); 560 pos += 24; 561 os_free(challenge); 562 AVP_PAD(buf, pos); 563 564 wpabuf_put(msg, pos - buf); 565 *resp = msg; 566 567 /* EAP-TTLS/MSCHAP does not provide tunneled success 568 * notification, so assume that Phase2 succeeds. */ 569 ret->methodState = METHOD_DONE; 570 ret->decision = DECISION_COND_SUCC; 571 572 return 0; 573} 574 575 576static int eap_ttls_phase2_request_pap(struct eap_sm *sm, 577 struct eap_ttls_data *data, 578 struct eap_method_ret *ret, 579 struct wpabuf **resp) 580{ 581 struct wpabuf *msg; 582 u8 *buf, *pos; 583 size_t pad; 584 const u8 *identity, *password; 585 size_t identity_len, password_len; 586 587 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request"); 588 589 identity = eap_get_config_identity(sm, &identity_len); 590 password = eap_get_config_password(sm, &password_len); 591 if (identity == NULL || password == NULL) 592 return -1; 593 594 msg = wpabuf_alloc(identity_len + password_len + 100); 595 if (msg == NULL) { 596 wpa_printf(MSG_ERROR, 597 "EAP-TTLS/PAP: Failed to allocate memory"); 598 return -1; 599 } 600 pos = buf = wpabuf_mhead(msg); 601 602 /* User-Name */ 603 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 604 identity, identity_len); 605 606 /* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts 607 * the data, so no separate encryption is used in the AVP itself. 608 * However, the password is padded to obfuscate its length. */ 609 pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15; 610 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1, 611 password_len + pad); 612 os_memcpy(pos, password, password_len); 613 pos += password_len; 614 os_memset(pos, 0, pad); 615 pos += pad; 616 AVP_PAD(buf, pos); 617 618 wpabuf_put(msg, pos - buf); 619 *resp = msg; 620 621 /* EAP-TTLS/PAP does not provide tunneled success notification, 622 * so assume that Phase2 succeeds. */ 623 ret->methodState = METHOD_DONE; 624 ret->decision = DECISION_COND_SUCC; 625 626 return 0; 627} 628 629 630static int eap_ttls_phase2_request_chap(struct eap_sm *sm, 631 struct eap_ttls_data *data, 632 struct eap_method_ret *ret, 633 struct wpabuf **resp) 634{ 635 struct wpabuf *msg; 636 u8 *buf, *pos, *challenge; 637 const u8 *identity, *password; 638 size_t identity_len, password_len; 639 640 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request"); 641 642 identity = eap_get_config_identity(sm, &identity_len); 643 password = eap_get_config_password(sm, &password_len); 644 if (identity == NULL || password == NULL) 645 return -1; 646 647 msg = wpabuf_alloc(identity_len + 1000); 648 if (msg == NULL) { 649 wpa_printf(MSG_ERROR, 650 "EAP-TTLS/CHAP: Failed to allocate memory"); 651 return -1; 652 } 653 pos = buf = wpabuf_mhead(msg); 654 655 /* User-Name */ 656 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 657 identity, identity_len); 658 659 /* CHAP-Challenge */ 660 challenge = eap_ttls_implicit_challenge( 661 sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 662 if (challenge == NULL) { 663 wpabuf_free(msg); 664 wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive " 665 "implicit challenge"); 666 return -1; 667 } 668 669 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1, 670 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 671 672 /* CHAP-Password */ 673 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1, 674 1 + EAP_TTLS_CHAP_PASSWORD_LEN); 675 data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN]; 676 *pos++ = data->ident; 677 678 /* MD5(Ident + Password + Challenge) */ 679 chap_md5(data->ident, password, password_len, challenge, 680 EAP_TTLS_CHAP_CHALLENGE_LEN, pos); 681 682 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username", 683 identity, identity_len); 684 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password", 685 password, password_len); 686 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge", 687 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 688 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password", 689 pos, EAP_TTLS_CHAP_PASSWORD_LEN); 690 pos += EAP_TTLS_CHAP_PASSWORD_LEN; 691 os_free(challenge); 692 AVP_PAD(buf, pos); 693 694 wpabuf_put(msg, pos - buf); 695 *resp = msg; 696 697 /* EAP-TTLS/CHAP does not provide tunneled success 698 * notification, so assume that Phase2 succeeds. */ 699 ret->methodState = METHOD_DONE; 700 ret->decision = DECISION_COND_SUCC; 701 702 return 0; 703} 704 705 706static int eap_ttls_phase2_request(struct eap_sm *sm, 707 struct eap_ttls_data *data, 708 struct eap_method_ret *ret, 709 struct eap_hdr *hdr, 710 struct wpabuf **resp) 711{ 712 int res = 0; 713 size_t len; 714 enum phase2_types phase2_type = data->phase2_type; 715 716#ifdef EAP_TNC 717 if (data->tnc_started) { 718 wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC"); 719 phase2_type = EAP_TTLS_PHASE2_EAP; 720 } 721#endif /* EAP_TNC */ 722 723 if (phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 || 724 phase2_type == EAP_TTLS_PHASE2_MSCHAP || 725 phase2_type == EAP_TTLS_PHASE2_PAP || 726 phase2_type == EAP_TTLS_PHASE2_CHAP) { 727 if (eap_get_config_identity(sm, &len) == NULL) { 728 wpa_printf(MSG_INFO, 729 "EAP-TTLS: Identity not configured"); 730 eap_sm_request_identity(sm); 731 if (eap_get_config_password(sm, &len) == NULL) 732 eap_sm_request_password(sm); 733 return 0; 734 } 735 736 if (eap_get_config_password(sm, &len) == NULL) { 737 wpa_printf(MSG_INFO, 738 "EAP-TTLS: Password not configured"); 739 eap_sm_request_password(sm); 740 return 0; 741 } 742 } 743 744 switch (phase2_type) { 745 case EAP_TTLS_PHASE2_EAP: 746 res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp); 747 break; 748 case EAP_TTLS_PHASE2_MSCHAPV2: 749 res = eap_ttls_phase2_request_mschapv2(sm, data, ret, resp); 750 break; 751 case EAP_TTLS_PHASE2_MSCHAP: 752 res = eap_ttls_phase2_request_mschap(sm, data, ret, resp); 753 break; 754 case EAP_TTLS_PHASE2_PAP: 755 res = eap_ttls_phase2_request_pap(sm, data, ret, resp); 756 break; 757 case EAP_TTLS_PHASE2_CHAP: 758 res = eap_ttls_phase2_request_chap(sm, data, ret, resp); 759 break; 760 default: 761 wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown"); 762 res = -1; 763 break; 764 } 765 766 if (res < 0) { 767 ret->methodState = METHOD_DONE; 768 ret->decision = DECISION_FAIL; 769 } 770 771 return res; 772} 773 774 775struct ttls_parse_avp { 776 u8 *mschapv2; 777 u8 *eapdata; 778 size_t eap_len; 779 int mschapv2_error; 780}; 781 782 783static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen, 784 struct ttls_parse_avp *parse) 785{ 786 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 787 if (parse->eapdata == NULL) { 788 parse->eapdata = os_malloc(dlen); 789 if (parse->eapdata == NULL) { 790 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 791 "memory for Phase 2 EAP data"); 792 return -1; 793 } 794 os_memcpy(parse->eapdata, dpos, dlen); 795 parse->eap_len = dlen; 796 } else { 797 u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen); 798 if (neweap == NULL) { 799 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 800 "memory for Phase 2 EAP data"); 801 return -1; 802 } 803 os_memcpy(neweap + parse->eap_len, dpos, dlen); 804 parse->eapdata = neweap; 805 parse->eap_len += dlen; 806 } 807 808 return 0; 809} 810 811 812static int eap_ttls_parse_avp(u8 *pos, size_t left, 813 struct ttls_parse_avp *parse) 814{ 815 struct ttls_avp *avp; 816 u32 avp_code, avp_length, vendor_id = 0; 817 u8 avp_flags, *dpos; 818 size_t dlen; 819 820 avp = (struct ttls_avp *) pos; 821 avp_code = be_to_host32(avp->avp_code); 822 avp_length = be_to_host32(avp->avp_length); 823 avp_flags = (avp_length >> 24) & 0xff; 824 avp_length &= 0xffffff; 825 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 826 "length=%d", (int) avp_code, avp_flags, 827 (int) avp_length); 828 829 if (avp_length > left) { 830 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 831 "(len=%d, left=%lu) - dropped", 832 (int) avp_length, (unsigned long) left); 833 return -1; 834 } 835 836 if (avp_length < sizeof(*avp)) { 837 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length %d", 838 avp_length); 839 return -1; 840 } 841 842 dpos = (u8 *) (avp + 1); 843 dlen = avp_length - sizeof(*avp); 844 if (avp_flags & AVP_FLAGS_VENDOR) { 845 if (dlen < 4) { 846 wpa_printf(MSG_WARNING, "EAP-TTLS: Vendor AVP " 847 "underflow"); 848 return -1; 849 } 850 vendor_id = WPA_GET_BE32(dpos); 851 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 852 (int) vendor_id); 853 dpos += 4; 854 dlen -= 4; 855 } 856 857 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 858 859 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 860 if (eap_ttls_parse_attr_eap(dpos, dlen, parse) < 0) 861 return -1; 862 } else if (vendor_id == 0 && avp_code == RADIUS_ATTR_REPLY_MESSAGE) { 863 /* This is an optional message that can be displayed to 864 * the user. */ 865 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: AVP - Reply-Message", 866 dpos, dlen); 867 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 868 avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) { 869 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP2-Success", 870 dpos, dlen); 871 if (dlen != 43) { 872 wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected " 873 "MS-CHAP2-Success length " 874 "(len=%lu, expected 43)", 875 (unsigned long) dlen); 876 return -1; 877 } 878 parse->mschapv2 = dpos; 879 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 880 avp_code == RADIUS_ATTR_MS_CHAP_ERROR) { 881 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP-Error", 882 dpos, dlen); 883 parse->mschapv2_error = 1; 884 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 885 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported mandatory AVP " 886 "code %d vendor_id %d - dropped", 887 (int) avp_code, (int) vendor_id); 888 return -1; 889 } else { 890 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported AVP " 891 "code %d vendor_id %d", 892 (int) avp_code, (int) vendor_id); 893 } 894 895 return avp_length; 896} 897 898 899static int eap_ttls_parse_avps(struct wpabuf *in_decrypted, 900 struct ttls_parse_avp *parse) 901{ 902 u8 *pos; 903 size_t left, pad; 904 int avp_length; 905 906 pos = wpabuf_mhead(in_decrypted); 907 left = wpabuf_len(in_decrypted); 908 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left); 909 if (left < sizeof(struct ttls_avp)) { 910 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame" 911 " len=%lu expected %lu or more - dropped", 912 (unsigned long) left, 913 (unsigned long) sizeof(struct ttls_avp)); 914 return -1; 915 } 916 917 /* Parse AVPs */ 918 os_memset(parse, 0, sizeof(*parse)); 919 920 while (left > 0) { 921 avp_length = eap_ttls_parse_avp(pos, left, parse); 922 if (avp_length < 0) 923 return -1; 924 925 pad = (4 - (avp_length & 3)) & 3; 926 pos += avp_length + pad; 927 if (left < avp_length + pad) 928 left = 0; 929 else 930 left -= avp_length + pad; 931 } 932 933 return 0; 934} 935 936 937static u8 * eap_ttls_fake_identity_request(void) 938{ 939 struct eap_hdr *hdr; 940 u8 *buf; 941 942 wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of " 943 "Phase 2 - use fake EAP-Request Identity"); 944 buf = os_malloc(sizeof(*hdr) + 1); 945 if (buf == NULL) { 946 wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate " 947 "memory for fake EAP-Identity Request"); 948 return NULL; 949 } 950 951 hdr = (struct eap_hdr *) buf; 952 hdr->code = EAP_CODE_REQUEST; 953 hdr->identifier = 0; 954 hdr->length = host_to_be16(sizeof(*hdr) + 1); 955 buf[sizeof(*hdr)] = EAP_TYPE_IDENTITY; 956 957 return buf; 958} 959 960 961static int eap_ttls_encrypt_response(struct eap_sm *sm, 962 struct eap_ttls_data *data, 963 struct wpabuf *resp, u8 identifier, 964 struct wpabuf **out_data) 965{ 966 if (resp == NULL) 967 return 0; 968 969 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data", 970 resp); 971 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 972 data->ttls_version, identifier, 973 resp, out_data)) { 974 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 " 975 "frame"); 976 return -1; 977 } 978 wpabuf_free(resp); 979 980 return 0; 981} 982 983 984static int eap_ttls_process_phase2_eap(struct eap_sm *sm, 985 struct eap_ttls_data *data, 986 struct eap_method_ret *ret, 987 struct ttls_parse_avp *parse, 988 struct wpabuf **resp) 989{ 990 struct eap_hdr *hdr; 991 size_t len; 992 993 if (parse->eapdata == NULL) { 994 wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in the " 995 "packet - dropped"); 996 return -1; 997 } 998 999 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP", 1000 parse->eapdata, parse->eap_len); 1001 hdr = (struct eap_hdr *) parse->eapdata; 1002 1003 if (parse->eap_len < sizeof(*hdr)) { 1004 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 EAP " 1005 "frame (len=%lu, expected %lu or more) - dropped", 1006 (unsigned long) parse->eap_len, 1007 (unsigned long) sizeof(*hdr)); 1008 return -1; 1009 } 1010 len = be_to_host16(hdr->length); 1011 if (len > parse->eap_len) { 1012 wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in Phase 2 " 1013 "EAP frame (EAP hdr len=%lu, EAP data len in " 1014 "AVP=%lu)", 1015 (unsigned long) len, 1016 (unsigned long) parse->eap_len); 1017 return -1; 1018 } 1019 wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d " 1020 "identifier=%d length=%lu", 1021 hdr->code, hdr->identifier, (unsigned long) len); 1022 switch (hdr->code) { 1023 case EAP_CODE_REQUEST: 1024 if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) { 1025 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1026 "processing failed"); 1027 return -1; 1028 } 1029 break; 1030 default: 1031 wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in " 1032 "Phase 2 EAP header", hdr->code); 1033 return -1; 1034 } 1035 1036 return 0; 1037} 1038 1039 1040static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 1041 struct eap_ttls_data *data, 1042 struct eap_method_ret *ret, 1043 struct ttls_parse_avp *parse) 1044{ 1045 if (parse->mschapv2_error) { 1046 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received " 1047 "MS-CHAP-Error - failed"); 1048 ret->methodState = METHOD_DONE; 1049 ret->decision = DECISION_FAIL; 1050 /* Reply with empty data to ACK error */ 1051 return 1; 1052 } 1053 1054 if (parse->mschapv2 == NULL) { 1055#ifdef EAP_TNC 1056 if (data->phase2_success && parse->eapdata) { 1057 /* 1058 * Allow EAP-TNC to be started after successfully 1059 * completed MSCHAPV2. 1060 */ 1061 return 1; 1062 } 1063#endif /* EAP_TNC */ 1064 wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP " 1065 "received for Phase2 MSCHAPV2"); 1066 return -1; 1067 } 1068 if (parse->mschapv2[0] != data->ident) { 1069 wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch for Phase 2 " 1070 "MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)", 1071 parse->mschapv2[0], data->ident); 1072 return -1; 1073 } 1074 if (!data->auth_response_valid || 1075 mschapv2_verify_auth_response(data->auth_response, 1076 parse->mschapv2 + 1, 42)) { 1077 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid authenticator " 1078 "response in Phase 2 MSCHAPV2 success request"); 1079 return -1; 1080 } 1081 1082 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 " 1083 "authentication succeeded"); 1084 ret->methodState = METHOD_DONE; 1085 ret->decision = DECISION_UNCOND_SUCC; 1086 data->phase2_success = 1; 1087 1088 /* 1089 * Reply with empty data; authentication server will reply 1090 * with EAP-Success after this. 1091 */ 1092 return 1; 1093} 1094 1095 1096#ifdef EAP_TNC 1097static int eap_ttls_process_tnc_start(struct eap_sm *sm, 1098 struct eap_ttls_data *data, 1099 struct eap_method_ret *ret, 1100 struct ttls_parse_avp *parse, 1101 struct wpabuf **resp) 1102{ 1103 /* TNC uses inner EAP method after non-EAP TTLS phase 2. */ 1104 if (parse->eapdata == NULL) { 1105 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1106 "unexpected tunneled data (no EAP)"); 1107 return -1; 1108 } 1109 1110 if (!data->ready_for_tnc) { 1111 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1112 "EAP after non-EAP, but not ready for TNC"); 1113 return -1; 1114 } 1115 1116 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 1117 "non-EAP method"); 1118 data->tnc_started = 1; 1119 1120 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0) 1121 return -1; 1122 1123 return 0; 1124} 1125#endif /* EAP_TNC */ 1126 1127 1128static int eap_ttls_process_decrypted(struct eap_sm *sm, 1129 struct eap_ttls_data *data, 1130 struct eap_method_ret *ret, 1131 u8 identifier, 1132 struct ttls_parse_avp *parse, 1133 struct wpabuf *in_decrypted, 1134 struct wpabuf **out_data) 1135{ 1136 struct wpabuf *resp = NULL; 1137 struct eap_peer_config *config = eap_get_config(sm); 1138 int res; 1139 enum phase2_types phase2_type = data->phase2_type; 1140 1141#ifdef EAP_TNC 1142 if (data->tnc_started) 1143 phase2_type = EAP_TTLS_PHASE2_EAP; 1144#endif /* EAP_TNC */ 1145 1146 switch (phase2_type) { 1147 case EAP_TTLS_PHASE2_EAP: 1148 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, &resp) < 1149 0) 1150 return -1; 1151 break; 1152 case EAP_TTLS_PHASE2_MSCHAPV2: 1153 res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse); 1154#ifdef EAP_TNC 1155 if (res == 1 && parse->eapdata && data->phase2_success) { 1156 /* 1157 * TNC may be required as the next 1158 * authentication method within the tunnel. 1159 */ 1160 ret->methodState = METHOD_MAY_CONT; 1161 data->ready_for_tnc = 1; 1162 if (eap_ttls_process_tnc_start(sm, data, ret, parse, 1163 &resp) == 0) 1164 break; 1165 } 1166#endif /* EAP_TNC */ 1167 return res; 1168 case EAP_TTLS_PHASE2_MSCHAP: 1169 case EAP_TTLS_PHASE2_PAP: 1170 case EAP_TTLS_PHASE2_CHAP: 1171#ifdef EAP_TNC 1172 if (eap_ttls_process_tnc_start(sm, data, ret, parse, &resp) < 1173 0) 1174 return -1; 1175 break; 1176#else /* EAP_TNC */ 1177 /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled 1178 * requests to the supplicant */ 1179 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected " 1180 "tunneled data"); 1181 return -1; 1182#endif /* EAP_TNC */ 1183 } 1184 1185 if (resp) { 1186 if (eap_ttls_encrypt_response(sm, data, resp, identifier, 1187 out_data) < 0) 1188 return -1; 1189 } else if (config->pending_req_identity || 1190 config->pending_req_password || 1191 config->pending_req_otp || 1192 config->pending_req_new_password) { 1193 wpabuf_free(data->pending_phase2_req); 1194 data->pending_phase2_req = wpabuf_dup(in_decrypted); 1195 } 1196 1197 return 0; 1198} 1199 1200 1201static int eap_ttls_implicit_identity_request(struct eap_sm *sm, 1202 struct eap_ttls_data *data, 1203 struct eap_method_ret *ret, 1204 u8 identifier, 1205 struct wpabuf **out_data) 1206{ 1207 int retval = 0; 1208 struct eap_hdr *hdr; 1209 struct wpabuf *resp; 1210 1211 hdr = (struct eap_hdr *) eap_ttls_fake_identity_request(); 1212 if (hdr == NULL) { 1213 ret->methodState = METHOD_DONE; 1214 ret->decision = DECISION_FAIL; 1215 return -1; 1216 } 1217 1218 resp = NULL; 1219 if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) { 1220 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1221 "processing failed"); 1222 retval = -1; 1223 } else { 1224 struct eap_peer_config *config = eap_get_config(sm); 1225 if (resp == NULL && 1226 (config->pending_req_identity || 1227 config->pending_req_password || 1228 config->pending_req_otp || 1229 config->pending_req_new_password)) { 1230 /* 1231 * Use empty buffer to force implicit request 1232 * processing when EAP request is re-processed after 1233 * user input. 1234 */ 1235 wpabuf_free(data->pending_phase2_req); 1236 data->pending_phase2_req = wpabuf_alloc(0); 1237 } 1238 1239 retval = eap_ttls_encrypt_response(sm, data, resp, identifier, 1240 out_data); 1241 } 1242 1243 os_free(hdr); 1244 1245 if (retval < 0) { 1246 ret->methodState = METHOD_DONE; 1247 ret->decision = DECISION_FAIL; 1248 } 1249 1250 return retval; 1251} 1252 1253 1254static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data, 1255 struct eap_method_ret *ret, u8 identifier, 1256 struct wpabuf **out_data) 1257{ 1258 data->phase2_start = 0; 1259 1260 /* 1261 * EAP-TTLS does not use Phase2 on fast re-auth; this must be done only 1262 * if TLS part was indeed resuming a previous session. Most 1263 * Authentication Servers terminate EAP-TTLS before reaching this 1264 * point, but some do not. Make wpa_supplicant stop phase 2 here, if 1265 * needed. 1266 */ 1267 if (data->reauth && 1268 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) { 1269 wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - " 1270 "skip phase 2"); 1271 *out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS, 1272 data->ttls_version); 1273 ret->methodState = METHOD_DONE; 1274 ret->decision = DECISION_UNCOND_SUCC; 1275 data->phase2_success = 1; 1276 return 0; 1277 } 1278 1279 return eap_ttls_implicit_identity_request(sm, data, ret, identifier, 1280 out_data); 1281} 1282 1283 1284static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data, 1285 struct eap_method_ret *ret, u8 identifier, 1286 const struct wpabuf *in_data, 1287 struct wpabuf **out_data) 1288{ 1289 struct wpabuf *in_decrypted = NULL; 1290 int retval = 0; 1291 struct ttls_parse_avp parse; 1292 1293 os_memset(&parse, 0, sizeof(parse)); 1294 1295 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1296 " Phase 2", 1297 in_data ? (unsigned long) wpabuf_len(in_data) : 0); 1298 1299 if (data->pending_phase2_req) { 1300 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - " 1301 "skip decryption and use old data"); 1302 /* Clear TLS reassembly state. */ 1303 eap_peer_tls_reset_input(&data->ssl); 1304 1305 in_decrypted = data->pending_phase2_req; 1306 data->pending_phase2_req = NULL; 1307 if (wpabuf_len(in_decrypted) == 0) { 1308 wpabuf_free(in_decrypted); 1309 return eap_ttls_implicit_identity_request( 1310 sm, data, ret, identifier, out_data); 1311 } 1312 goto continue_req; 1313 } 1314 1315 if ((in_data == NULL || wpabuf_len(in_data) == 0) && 1316 data->phase2_start) { 1317 return eap_ttls_phase2_start(sm, data, ret, identifier, 1318 out_data); 1319 } 1320 1321 if (in_data == NULL || wpabuf_len(in_data) == 0) { 1322 /* Received TLS ACK - requesting more fragments */ 1323 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 1324 data->ttls_version, 1325 identifier, NULL, out_data); 1326 } 1327 1328 retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); 1329 if (retval) 1330 goto done; 1331 1332continue_req: 1333 data->phase2_start = 0; 1334 1335 if (eap_ttls_parse_avps(in_decrypted, &parse) < 0) { 1336 retval = -1; 1337 goto done; 1338 } 1339 1340 retval = eap_ttls_process_decrypted(sm, data, ret, identifier, 1341 &parse, in_decrypted, out_data); 1342 1343done: 1344 wpabuf_free(in_decrypted); 1345 os_free(parse.eapdata); 1346 1347 if (retval < 0) { 1348 ret->methodState = METHOD_DONE; 1349 ret->decision = DECISION_FAIL; 1350 } 1351 1352 return retval; 1353} 1354 1355 1356static int eap_ttls_process_handshake(struct eap_sm *sm, 1357 struct eap_ttls_data *data, 1358 struct eap_method_ret *ret, 1359 u8 identifier, 1360 const u8 *in_data, size_t in_len, 1361 struct wpabuf **out_data) 1362{ 1363 int res; 1364 1365 res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS, 1366 data->ttls_version, identifier, 1367 in_data, in_len, out_data); 1368 1369 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 1370 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to " 1371 "Phase 2"); 1372 if (data->resuming) { 1373 wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may " 1374 "skip Phase 2"); 1375 ret->decision = DECISION_COND_SUCC; 1376 ret->methodState = METHOD_MAY_CONT; 1377 } 1378 data->phase2_start = 1; 1379 eap_ttls_v0_derive_key(sm, data); 1380 1381 if (*out_data == NULL || wpabuf_len(*out_data) == 0) { 1382 if (eap_ttls_decrypt(sm, data, ret, identifier, 1383 NULL, out_data)) { 1384 wpa_printf(MSG_WARNING, "EAP-TTLS: " 1385 "failed to process early " 1386 "start for Phase 2"); 1387 } 1388 res = 0; 1389 } 1390 data->resuming = 0; 1391 } 1392 1393 if (res == 2) { 1394 struct wpabuf msg; 1395 /* 1396 * Application data included in the handshake message. 1397 */ 1398 wpabuf_free(data->pending_phase2_req); 1399 data->pending_phase2_req = *out_data; 1400 *out_data = NULL; 1401 wpabuf_set(&msg, in_data, in_len); 1402 res = eap_ttls_decrypt(sm, data, ret, identifier, &msg, 1403 out_data); 1404 } 1405 1406 return res; 1407} 1408 1409 1410static void eap_ttls_check_auth_status(struct eap_sm *sm, 1411 struct eap_ttls_data *data, 1412 struct eap_method_ret *ret) 1413{ 1414 if (ret->methodState == METHOD_DONE) { 1415 ret->allowNotifications = FALSE; 1416 if (ret->decision == DECISION_UNCOND_SUCC || 1417 ret->decision == DECISION_COND_SUCC) { 1418 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1419 "completed successfully"); 1420 data->phase2_success = 1; 1421#ifdef EAP_TNC 1422 if (!data->ready_for_tnc && !data->tnc_started) { 1423 /* 1424 * TNC may be required as the next 1425 * authentication method within the tunnel. 1426 */ 1427 ret->methodState = METHOD_MAY_CONT; 1428 data->ready_for_tnc = 1; 1429 } 1430#endif /* EAP_TNC */ 1431 } 1432 } else if (ret->methodState == METHOD_MAY_CONT && 1433 (ret->decision == DECISION_UNCOND_SUCC || 1434 ret->decision == DECISION_COND_SUCC)) { 1435 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1436 "completed successfully (MAY_CONT)"); 1437 data->phase2_success = 1; 1438 } 1439} 1440 1441 1442static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv, 1443 struct eap_method_ret *ret, 1444 const struct wpabuf *reqData) 1445{ 1446 size_t left; 1447 int res; 1448 u8 flags, id; 1449 struct wpabuf *resp; 1450 const u8 *pos; 1451 struct eap_ttls_data *data = priv; 1452 1453 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret, 1454 reqData, &left, &flags); 1455 if (pos == NULL) 1456 return NULL; 1457 id = eap_get_id(reqData); 1458 1459 if (flags & EAP_TLS_FLAGS_START) { 1460 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own " 1461 "ver=%d)", flags & EAP_TLS_VERSION_MASK, 1462 data->ttls_version); 1463 1464 /* RFC 5281, Ch. 9.2: 1465 * "This packet MAY contain additional information in the form 1466 * of AVPs, which may provide useful hints to the client" 1467 * For now, ignore any potential extra data. 1468 */ 1469 left = 0; 1470 } 1471 1472 resp = NULL; 1473 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1474 !data->resuming) { 1475 struct wpabuf msg; 1476 wpabuf_set(&msg, pos, left); 1477 res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp); 1478 } else { 1479 res = eap_ttls_process_handshake(sm, data, ret, id, 1480 pos, left, &resp); 1481 } 1482 1483 eap_ttls_check_auth_status(sm, data, ret); 1484 1485 /* FIX: what about res == -1? Could just move all error processing into 1486 * the other functions and get rid of this res==1 case here. */ 1487 if (res == 1) { 1488 wpabuf_free(resp); 1489 return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS, 1490 data->ttls_version); 1491 } 1492 return resp; 1493} 1494 1495 1496static Boolean eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv) 1497{ 1498 struct eap_ttls_data *data = priv; 1499 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1500 data->phase2_success; 1501} 1502 1503 1504static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv) 1505{ 1506 struct eap_ttls_data *data = priv; 1507 wpabuf_free(data->pending_phase2_req); 1508 data->pending_phase2_req = NULL; 1509#ifdef EAP_TNC 1510 data->ready_for_tnc = 0; 1511 data->tnc_started = 0; 1512#endif /* EAP_TNC */ 1513} 1514 1515 1516static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv) 1517{ 1518 struct eap_ttls_data *data = priv; 1519 os_free(data->key_data); 1520 data->key_data = NULL; 1521 if (eap_peer_tls_reauth_init(sm, &data->ssl)) { 1522 os_free(data); 1523 return NULL; 1524 } 1525 if (data->phase2_priv && data->phase2_method && 1526 data->phase2_method->init_for_reauth) 1527 data->phase2_method->init_for_reauth(sm, data->phase2_priv); 1528 data->phase2_start = 0; 1529 data->phase2_success = 0; 1530 data->resuming = 1; 1531 data->reauth = 1; 1532 return priv; 1533} 1534 1535 1536static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf, 1537 size_t buflen, int verbose) 1538{ 1539 struct eap_ttls_data *data = priv; 1540 int len, ret; 1541 1542 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose); 1543 ret = os_snprintf(buf + len, buflen - len, 1544 "EAP-TTLSv%d Phase2 method=", 1545 data->ttls_version); 1546 if (ret < 0 || (size_t) ret >= buflen - len) 1547 return len; 1548 len += ret; 1549 switch (data->phase2_type) { 1550 case EAP_TTLS_PHASE2_EAP: 1551 ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n", 1552 data->phase2_method ? 1553 data->phase2_method->name : "?"); 1554 break; 1555 case EAP_TTLS_PHASE2_MSCHAPV2: 1556 ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n"); 1557 break; 1558 case EAP_TTLS_PHASE2_MSCHAP: 1559 ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n"); 1560 break; 1561 case EAP_TTLS_PHASE2_PAP: 1562 ret = os_snprintf(buf + len, buflen - len, "PAP\n"); 1563 break; 1564 case EAP_TTLS_PHASE2_CHAP: 1565 ret = os_snprintf(buf + len, buflen - len, "CHAP\n"); 1566 break; 1567 default: 1568 ret = 0; 1569 break; 1570 } 1571 if (ret < 0 || (size_t) ret >= buflen - len) 1572 return len; 1573 len += ret; 1574 1575 return len; 1576} 1577 1578 1579static Boolean eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv) 1580{ 1581 struct eap_ttls_data *data = priv; 1582 return data->key_data != NULL && data->phase2_success; 1583} 1584 1585 1586static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1587{ 1588 struct eap_ttls_data *data = priv; 1589 u8 *key; 1590 1591 if (data->key_data == NULL || !data->phase2_success) 1592 return NULL; 1593 1594 key = os_malloc(EAP_TLS_KEY_LEN); 1595 if (key == NULL) 1596 return NULL; 1597 1598 *len = EAP_TLS_KEY_LEN; 1599 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN); 1600 1601 return key; 1602} 1603 1604 1605int eap_peer_ttls_register(void) 1606{ 1607 struct eap_method *eap; 1608 int ret; 1609 1610 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, 1611 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1612 if (eap == NULL) 1613 return -1; 1614 1615 eap->init = eap_ttls_init; 1616 eap->deinit = eap_ttls_deinit; 1617 eap->process = eap_ttls_process; 1618 eap->isKeyAvailable = eap_ttls_isKeyAvailable; 1619 eap->getKey = eap_ttls_getKey; 1620 eap->get_status = eap_ttls_get_status; 1621 eap->has_reauth_data = eap_ttls_has_reauth_data; 1622 eap->deinit_for_reauth = eap_ttls_deinit_for_reauth; 1623 eap->init_for_reauth = eap_ttls_init_for_reauth; 1624 1625 ret = eap_peer_method_register(eap); 1626 if (ret) 1627 eap_peer_method_free(eap); 1628 return ret; 1629} 1630