LCOV - code coverage report
Current view: top level - src/eap_peer - eap_peap.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 502 633 79.3 %
Date: 2015-02-03 Functions: 21 22 95.5 %

          Line data    Source code
       1             : /*
       2             :  * EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
       3             :  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "crypto/sha1.h"
      13             : #include "crypto/tls.h"
      14             : #include "eap_common/eap_tlv_common.h"
      15             : #include "eap_common/eap_peap_common.h"
      16             : #include "eap_i.h"
      17             : #include "eap_tls_common.h"
      18             : #include "eap_config.h"
      19             : #include "tncc.h"
      20             : 
      21             : 
      22             : /* Maximum supported PEAP version
      23             :  * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
      24             :  * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
      25             :  */
      26             : #define EAP_PEAP_VERSION 1
      27             : 
      28             : 
      29             : static void eap_peap_deinit(struct eap_sm *sm, void *priv);
      30             : 
      31             : 
      32             : struct eap_peap_data {
      33             :         struct eap_ssl_data ssl;
      34             : 
      35             :         int peap_version, force_peap_version, force_new_label;
      36             : 
      37             :         const struct eap_method *phase2_method;
      38             :         void *phase2_priv;
      39             :         int phase2_success;
      40             :         int phase2_eap_success;
      41             :         int phase2_eap_started;
      42             : 
      43             :         struct eap_method_type phase2_type;
      44             :         struct eap_method_type *phase2_types;
      45             :         size_t num_phase2_types;
      46             : 
      47             :         int peap_outer_success; /* 0 = PEAP terminated on Phase 2 inner
      48             :                                  * EAP-Success
      49             :                                  * 1 = reply with tunneled EAP-Success to inner
      50             :                                  * EAP-Success and expect AS to send outer
      51             :                                  * (unencrypted) EAP-Success after this
      52             :                                  * 2 = reply with PEAP/TLS ACK to inner
      53             :                                  * EAP-Success and expect AS to send outer
      54             :                                  * (unencrypted) EAP-Success after this */
      55             :         int resuming; /* starting a resumed session */
      56             :         int reauth; /* reauthentication */
      57             :         u8 *key_data;
      58             :         u8 *session_id;
      59             :         size_t id_len;
      60             : 
      61             :         struct wpabuf *pending_phase2_req;
      62             :         enum { NO_BINDING, OPTIONAL_BINDING, REQUIRE_BINDING } crypto_binding;
      63             :         int crypto_binding_used;
      64             :         u8 binding_nonce[32];
      65             :         u8 ipmk[40];
      66             :         u8 cmk[20];
      67             :         int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
      68             :                   * is enabled. */
      69             : };
      70             : 
      71             : 
      72          16 : static int eap_peap_parse_phase1(struct eap_peap_data *data,
      73             :                                  const char *phase1)
      74             : {
      75             :         const char *pos;
      76             : 
      77          16 :         pos = os_strstr(phase1, "peapver=");
      78          16 :         if (pos) {
      79           9 :                 data->force_peap_version = atoi(pos + 8);
      80           9 :                 data->peap_version = data->force_peap_version;
      81           9 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Forced PEAP version %d",
      82             :                            data->force_peap_version);
      83             :         }
      84             : 
      85          16 :         if (os_strstr(phase1, "peaplabel=1")) {
      86           2 :                 data->force_new_label = 1;
      87           2 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Force new label for key "
      88             :                            "derivation");
      89             :         }
      90             : 
      91          16 :         if (os_strstr(phase1, "peap_outer_success=0")) {
      92           0 :                 data->peap_outer_success = 0;
      93           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: terminate authentication on "
      94             :                            "tunneled EAP-Success");
      95          16 :         } else if (os_strstr(phase1, "peap_outer_success=1")) {
      96           1 :                 data->peap_outer_success = 1;
      97           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: send tunneled EAP-Success "
      98             :                            "after receiving tunneled EAP-Success");
      99          15 :         } else if (os_strstr(phase1, "peap_outer_success=2")) {
     100           1 :                 data->peap_outer_success = 2;
     101           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: send PEAP/TLS ACK after "
     102             :                            "receiving tunneled EAP-Success");
     103             :         }
     104             : 
     105          16 :         if (os_strstr(phase1, "crypto_binding=0")) {
     106           1 :                 data->crypto_binding = NO_BINDING;
     107           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Do not use cryptobinding");
     108          15 :         } else if (os_strstr(phase1, "crypto_binding=1")) {
     109           1 :                 data->crypto_binding = OPTIONAL_BINDING;
     110           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Optional cryptobinding");
     111          14 :         } else if (os_strstr(phase1, "crypto_binding=2")) {
     112           2 :                 data->crypto_binding = REQUIRE_BINDING;
     113           2 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
     114             :         }
     115             : 
     116             : #ifdef EAP_TNC
     117          16 :         if (os_strstr(phase1, "tnc=soh2")) {
     118           1 :                 data->soh = 2;
     119           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: SoH version 2 enabled");
     120          15 :         } else if (os_strstr(phase1, "tnc=soh1")) {
     121           1 :                 data->soh = 1;
     122           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: SoH version 1 enabled");
     123          14 :         } else if (os_strstr(phase1, "tnc=soh")) {
     124           1 :                 data->soh = 2;
     125           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: SoH version 2 enabled");
     126             :         }
     127             : #endif /* EAP_TNC */
     128             : 
     129          16 :         return 0;
     130             : }
     131             : 
     132             : 
     133          31 : static void * eap_peap_init(struct eap_sm *sm)
     134             : {
     135             :         struct eap_peap_data *data;
     136          31 :         struct eap_peer_config *config = eap_get_config(sm);
     137             : 
     138          31 :         data = os_zalloc(sizeof(*data));
     139          31 :         if (data == NULL)
     140           0 :                 return NULL;
     141          31 :         sm->peap_done = FALSE;
     142          31 :         data->peap_version = EAP_PEAP_VERSION;
     143          31 :         data->force_peap_version = -1;
     144          31 :         data->peap_outer_success = 2;
     145          31 :         data->crypto_binding = OPTIONAL_BINDING;
     146             : 
     147          47 :         if (config && config->phase1 &&
     148          16 :             eap_peap_parse_phase1(data, config->phase1) < 0) {
     149           0 :                 eap_peap_deinit(sm, data);
     150           0 :                 return NULL;
     151             :         }
     152             : 
     153          31 :         if (eap_peer_select_phase2_methods(config, "auth=",
     154             :                                            &data->phase2_types,
     155             :                                            &data->num_phase2_types) < 0) {
     156           0 :                 eap_peap_deinit(sm, data);
     157           0 :                 return NULL;
     158             :         }
     159             : 
     160          31 :         data->phase2_type.vendor = EAP_VENDOR_IETF;
     161          31 :         data->phase2_type.method = EAP_TYPE_NONE;
     162             : 
     163          31 :         if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_PEAP)) {
     164           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
     165           0 :                 eap_peap_deinit(sm, data);
     166           0 :                 return NULL;
     167             :         }
     168             : 
     169          31 :         return data;
     170             : }
     171             : 
     172             : 
     173          70 : static void eap_peap_free_key(struct eap_peap_data *data)
     174             : {
     175          70 :         if (data->key_data) {
     176          35 :                 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN);
     177          35 :                 data->key_data = NULL;
     178             :         }
     179          70 : }
     180             : 
     181             : 
     182          31 : static void eap_peap_deinit(struct eap_sm *sm, void *priv)
     183             : {
     184          31 :         struct eap_peap_data *data = priv;
     185          31 :         if (data == NULL)
     186          31 :                 return;
     187          31 :         if (data->phase2_priv && data->phase2_method)
     188          31 :                 data->phase2_method->deinit(sm, data->phase2_priv);
     189          31 :         os_free(data->phase2_types);
     190          31 :         eap_peer_tls_ssl_deinit(sm, &data->ssl);
     191          31 :         eap_peap_free_key(data);
     192          31 :         os_free(data->session_id);
     193          31 :         wpabuf_free(data->pending_phase2_req);
     194          31 :         os_free(data);
     195             : }
     196             : 
     197             : 
     198             : /**
     199             :  * eap_tlv_build_nak - Build EAP-TLV NAK message
     200             :  * @id: EAP identifier for the header
     201             :  * @nak_type: TLV type (EAP_TLV_*)
     202             :  * Returns: Buffer to the allocated EAP-TLV NAK message or %NULL on failure
     203             :  *
     204             :  * This function builds an EAP-TLV NAK message. The caller is responsible for
     205             :  * freeing the returned buffer.
     206             :  */
     207           0 : static struct wpabuf * eap_tlv_build_nak(int id, u16 nak_type)
     208             : {
     209             :         struct wpabuf *msg;
     210             : 
     211           0 :         msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, 10,
     212             :                             EAP_CODE_RESPONSE, id);
     213           0 :         if (msg == NULL)
     214           0 :                 return NULL;
     215             : 
     216           0 :         wpabuf_put_u8(msg, 0x80); /* Mandatory */
     217           0 :         wpabuf_put_u8(msg, EAP_TLV_NAK_TLV);
     218           0 :         wpabuf_put_be16(msg, 6); /* Length */
     219           0 :         wpabuf_put_be32(msg, 0); /* Vendor-Id */
     220           0 :         wpabuf_put_be16(msg, nak_type); /* NAK-Type */
     221             : 
     222           0 :         return msg;
     223             : }
     224             : 
     225             : 
     226           7 : static int eap_peap_get_isk(struct eap_sm *sm, struct eap_peap_data *data,
     227             :                             u8 *isk, size_t isk_len)
     228             : {
     229             :         u8 *key;
     230             :         size_t key_len;
     231             : 
     232           7 :         os_memset(isk, 0, isk_len);
     233          14 :         if (data->phase2_method == NULL || data->phase2_priv == NULL ||
     234          14 :             data->phase2_method->isKeyAvailable == NULL ||
     235           7 :             data->phase2_method->getKey == NULL)
     236           0 :                 return 0;
     237             : 
     238          14 :         if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) ||
     239           7 :             (key = data->phase2_method->getKey(sm, data->phase2_priv,
     240             :                                                &key_len)) == NULL) {
     241           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Could not get key material "
     242             :                            "from Phase 2");
     243           0 :                 return -1;
     244             :         }
     245             : 
     246           7 :         if (key_len > isk_len)
     247           0 :                 key_len = isk_len;
     248           7 :         os_memcpy(isk, key, key_len);
     249           7 :         os_free(key);
     250             : 
     251           7 :         return 0;
     252             : }
     253             : 
     254             : 
     255           7 : static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
     256             : {
     257             :         u8 *tk;
     258             :         u8 isk[32], imck[60];
     259             : 
     260             :         /*
     261             :          * Tunnel key (TK) is the first 60 octets of the key generated by
     262             :          * phase 1 of PEAP (based on TLS).
     263             :          */
     264           7 :         tk = data->key_data;
     265           7 :         if (tk == NULL)
     266           0 :                 return -1;
     267           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
     268             : 
     269           8 :         if (data->reauth &&
     270           1 :             tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
     271             :                 /* Fast-connect: IPMK|CMK = TK */
     272           0 :                 os_memcpy(data->ipmk, tk, 40);
     273           0 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
     274           0 :                                 data->ipmk, 40);
     275           0 :                 os_memcpy(data->cmk, tk + 40, 20);
     276           0 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK from TK",
     277           0 :                                 data->cmk, 20);
     278           0 :                 return 0;
     279             :         }
     280             : 
     281           7 :         if (eap_peap_get_isk(sm, data, isk, sizeof(isk)) < 0)
     282           0 :                 return -1;
     283           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk));
     284             : 
     285             :         /*
     286             :          * IPMK Seed = "Inner Methods Compound Keys" | ISK
     287             :          * TempKey = First 40 octets of TK
     288             :          * IPMK|CMK = PRF+(TempKey, IPMK Seed, 60)
     289             :          * (note: draft-josefsson-pppext-eap-tls-eap-10.txt includes a space
     290             :          * in the end of the label just before ISK; is that just a typo?)
     291             :          */
     292           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40);
     293           7 :         if (peap_prfplus(data->peap_version, tk, 40,
     294             :                          "Inner Methods Compound Keys",
     295             :                          isk, sizeof(isk), imck, sizeof(imck)) < 0)
     296           0 :                 return -1;
     297           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
     298             :                         imck, sizeof(imck));
     299             : 
     300           7 :         os_memcpy(data->ipmk, imck, 40);
     301           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
     302           7 :         os_memcpy(data->cmk, imck + 40, 20);
     303           7 :         wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
     304             : 
     305           7 :         return 0;
     306             : }
     307             : 
     308             : 
     309           6 : static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
     310             :                                      struct eap_peap_data *data,
     311             :                                      struct wpabuf *buf)
     312             : {
     313             :         u8 *mac;
     314           6 :         u8 eap_type = EAP_TYPE_PEAP;
     315             :         const u8 *addr[2];
     316             :         size_t len[2];
     317             :         u16 tlv_type;
     318             : 
     319             :         /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */
     320           6 :         addr[0] = wpabuf_put(buf, 0);
     321           6 :         len[0] = 60;
     322           6 :         addr[1] = &eap_type;
     323           6 :         len[1] = 1;
     324             : 
     325           6 :         tlv_type = EAP_TLV_CRYPTO_BINDING_TLV;
     326           6 :         wpabuf_put_be16(buf, tlv_type);
     327           6 :         wpabuf_put_be16(buf, 56);
     328             : 
     329           6 :         wpabuf_put_u8(buf, 0); /* Reserved */
     330           6 :         wpabuf_put_u8(buf, data->peap_version); /* Version */
     331           6 :         wpabuf_put_u8(buf, data->peap_version); /* RecvVersion */
     332           6 :         wpabuf_put_u8(buf, 1); /* SubType: 0 = Request, 1 = Response */
     333           6 :         wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */
     334           6 :         mac = wpabuf_put(buf, 20); /* Compound_MAC */
     335           6 :         wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", data->cmk, 20);
     336          12 :         wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1",
     337           6 :                     addr[0], len[0]);
     338          12 :         wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
     339           6 :                     addr[1], len[1]);
     340           6 :         hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
     341           6 :         wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
     342           6 :         data->crypto_binding_used = 1;
     343             : 
     344           6 :         return 0;
     345             : }
     346             : 
     347             : 
     348             : /**
     349             :  * eap_tlv_build_result - Build EAP-TLV Result message
     350             :  * @id: EAP identifier for the header
     351             :  * @status: Status (EAP_TLV_RESULT_SUCCESS or EAP_TLV_RESULT_FAILURE)
     352             :  * Returns: Buffer to the allocated EAP-TLV Result message or %NULL on failure
     353             :  *
     354             :  * This function builds an EAP-TLV Result message. The caller is responsible
     355             :  * for freeing the returned buffer.
     356             :  */
     357           8 : static struct wpabuf * eap_tlv_build_result(struct eap_sm *sm,
     358             :                                             struct eap_peap_data *data,
     359             :                                             int crypto_tlv_used,
     360             :                                             int id, u16 status)
     361             : {
     362             :         struct wpabuf *msg;
     363             :         size_t len;
     364             : 
     365           8 :         if (data->crypto_binding == NO_BINDING)
     366           1 :                 crypto_tlv_used = 0;
     367             : 
     368           8 :         len = 6;
     369           8 :         if (crypto_tlv_used)
     370           6 :                 len += 60; /* Cryptobinding TLV */
     371           8 :         msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, len,
     372             :                             EAP_CODE_RESPONSE, id);
     373           8 :         if (msg == NULL)
     374           0 :                 return NULL;
     375             : 
     376           8 :         wpabuf_put_u8(msg, 0x80); /* Mandatory */
     377           8 :         wpabuf_put_u8(msg, EAP_TLV_RESULT_TLV);
     378           8 :         wpabuf_put_be16(msg, 2); /* Length */
     379           8 :         wpabuf_put_be16(msg, status); /* Status */
     380             : 
     381           8 :         if (crypto_tlv_used && eap_tlv_add_cryptobinding(sm, data, msg)) {
     382           0 :                 wpabuf_free(msg);
     383           0 :                 return NULL;
     384             :         }
     385             : 
     386           8 :         return msg;
     387             : }
     388             : 
     389             : 
     390           7 : static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
     391             :                                           struct eap_peap_data *data,
     392             :                                           const u8 *crypto_tlv,
     393             :                                           size_t crypto_tlv_len)
     394             : {
     395             :         u8 buf[61], mac[SHA1_MAC_LEN];
     396             :         const u8 *pos;
     397             : 
     398           7 :         if (eap_peap_derive_cmk(sm, data) < 0) {
     399           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Could not derive CMK");
     400           0 :                 return -1;
     401             :         }
     402             : 
     403           7 :         if (crypto_tlv_len != 4 + 56) {
     404           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid cryptobinding TLV "
     405             :                            "length %d", (int) crypto_tlv_len);
     406           0 :                 return -1;
     407             :         }
     408             : 
     409           7 :         pos = crypto_tlv;
     410           7 :         pos += 4; /* TLV header */
     411           7 :         if (pos[1] != data->peap_version) {
     412           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV Version "
     413             :                            "mismatch (was %d; expected %d)",
     414           0 :                            pos[1], data->peap_version);
     415           0 :                 return -1;
     416             :         }
     417             : 
     418           7 :         if (pos[3] != 0) {
     419           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected Cryptobinding TLV "
     420           0 :                            "SubType %d", pos[3]);
     421           0 :                 return -1;
     422             :         }
     423           7 :         pos += 4;
     424           7 :         os_memcpy(data->binding_nonce, pos, 32);
     425           7 :         pos += 32; /* Nonce */
     426             : 
     427             :         /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */
     428           7 :         os_memcpy(buf, crypto_tlv, 60);
     429           7 :         os_memset(buf + 4 + 4 + 32, 0, 20); /* Compound_MAC */
     430           7 :         buf[60] = EAP_TYPE_PEAP;
     431           7 :         wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Compound_MAC data",
     432             :                     buf, sizeof(buf));
     433           7 :         hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
     434             : 
     435           7 :         if (os_memcmp_const(mac, pos, SHA1_MAC_LEN) != 0) {
     436           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in "
     437             :                            "cryptobinding TLV");
     438           1 :                 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received MAC",
     439             :                             pos, SHA1_MAC_LEN);
     440           1 :                 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Expected MAC",
     441             :                             mac, SHA1_MAC_LEN);
     442           1 :                 return -1;
     443             :         }
     444             : 
     445           6 :         wpa_printf(MSG_DEBUG, "EAP-PEAP: Valid cryptobinding TLV received");
     446             : 
     447           6 :         return 0;
     448             : }
     449             : 
     450             : 
     451             : /**
     452             :  * eap_tlv_process - Process a received EAP-TLV message and generate a response
     453             :  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
     454             :  * @ret: Return values from EAP request validation and processing
     455             :  * @req: EAP-TLV request to be processed. The caller must have validated that
     456             :  * the buffer is large enough to contain full request (hdr->length bytes) and
     457             :  * that the EAP type is EAP_TYPE_TLV.
     458             :  * @resp: Buffer to return a pointer to the allocated response message. This
     459             :  * field should be initialized to %NULL before the call. The value will be
     460             :  * updated if a response message is generated. The caller is responsible for
     461             :  * freeing the allocated message.
     462             :  * @force_failure: Force negotiation to fail
     463             :  * Returns: 0 on success, -1 on failure
     464             :  */
     465           9 : static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
     466             :                            struct eap_method_ret *ret,
     467             :                            const struct wpabuf *req, struct wpabuf **resp,
     468             :                            int force_failure)
     469             : {
     470             :         size_t left, tlv_len;
     471             :         const u8 *pos;
     472           9 :         const u8 *result_tlv = NULL, *crypto_tlv = NULL;
     473           9 :         size_t result_tlv_len = 0, crypto_tlv_len = 0;
     474             :         int tlv_type, mandatory;
     475             : 
     476             :         /* Parse TLVs */
     477           9 :         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, req, &left);
     478           9 :         if (pos == NULL)
     479           0 :                 return -1;
     480           9 :         wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left);
     481          35 :         while (left >= 4) {
     482          17 :                 mandatory = !!(pos[0] & 0x80);
     483          17 :                 tlv_type = WPA_GET_BE16(pos) & 0x3fff;
     484          17 :                 pos += 2;
     485          17 :                 tlv_len = WPA_GET_BE16(pos);
     486          17 :                 pos += 2;
     487          17 :                 left -= 4;
     488          17 :                 if (tlv_len > left) {
     489           0 :                         wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun "
     490             :                                    "(tlv_len=%lu left=%lu)",
     491             :                                    (unsigned long) tlv_len,
     492             :                                    (unsigned long) left);
     493           0 :                         return -1;
     494             :                 }
     495          17 :                 switch (tlv_type) {
     496             :                 case EAP_TLV_RESULT_TLV:
     497           9 :                         result_tlv = pos;
     498           9 :                         result_tlv_len = tlv_len;
     499           9 :                         break;
     500             :                 case EAP_TLV_CRYPTO_BINDING_TLV:
     501           8 :                         crypto_tlv = pos;
     502           8 :                         crypto_tlv_len = tlv_len;
     503           8 :                         break;
     504             :                 default:
     505           0 :                         wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type "
     506             :                                    "%d%s", tlv_type,
     507             :                                    mandatory ? " (mandatory)" : "");
     508           0 :                         if (mandatory) {
     509             :                                 /* NAK TLV and ignore all TLVs in this packet.
     510             :                                  */
     511           0 :                                 *resp = eap_tlv_build_nak(eap_get_id(req),
     512             :                                                           tlv_type);
     513           0 :                                 return *resp == NULL ? -1 : 0;
     514             :                         }
     515             :                         /* Ignore this TLV, but process other TLVs */
     516           0 :                         break;
     517             :                 }
     518             : 
     519          17 :                 pos += tlv_len;
     520          17 :                 left -= tlv_len;
     521             :         }
     522           9 :         if (left) {
     523           0 :                 wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in "
     524             :                            "Request (left=%lu)", (unsigned long) left);
     525           0 :                 return -1;
     526             :         }
     527             : 
     528             :         /* Process supported TLVs */
     529           9 :         if (crypto_tlv && data->crypto_binding != NO_BINDING) {
     530           7 :                 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV",
     531             :                             crypto_tlv, crypto_tlv_len);
     532          14 :                 if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
     533             :                                                    crypto_tlv_len + 4) < 0) {
     534           1 :                         if (result_tlv == NULL)
     535           0 :                                 return -1;
     536           1 :                         force_failure = 1;
     537           1 :                         crypto_tlv = NULL; /* do not include Cryptobinding TLV
     538             :                                             * in response, if the received
     539             :                                             * cryptobinding was invalid. */
     540             :                 }
     541           2 :         } else if (!crypto_tlv && data->crypto_binding == REQUIRE_BINDING) {
     542           1 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV");
     543           1 :                 return -1;
     544             :         }
     545             : 
     546           8 :         if (result_tlv) {
     547             :                 int status, resp_status;
     548           8 :                 wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV",
     549             :                             result_tlv, result_tlv_len);
     550           8 :                 if (result_tlv_len < 2) {
     551           0 :                         wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV "
     552             :                                    "(len=%lu)",
     553             :                                    (unsigned long) result_tlv_len);
     554           0 :                         return -1;
     555             :                 }
     556           8 :                 status = WPA_GET_BE16(result_tlv);
     557           8 :                 if (status == EAP_TLV_RESULT_SUCCESS) {
     558           8 :                         wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
     559             :                                    "- EAP-TLV/Phase2 Completed");
     560           8 :                         if (force_failure) {
     561           1 :                                 wpa_printf(MSG_INFO, "EAP-TLV: Earlier failure"
     562             :                                            " - force failed Phase 2");
     563           1 :                                 resp_status = EAP_TLV_RESULT_FAILURE;
     564           1 :                                 ret->decision = DECISION_FAIL;
     565             :                         } else {
     566           7 :                                 resp_status = EAP_TLV_RESULT_SUCCESS;
     567           7 :                                 ret->decision = DECISION_UNCOND_SUCC;
     568             :                         }
     569           0 :                 } else if (status == EAP_TLV_RESULT_FAILURE) {
     570           0 :                         wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure");
     571           0 :                         resp_status = EAP_TLV_RESULT_FAILURE;
     572           0 :                         ret->decision = DECISION_FAIL;
     573             :                 } else {
     574           0 :                         wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result "
     575             :                                    "Status %d", status);
     576           0 :                         resp_status = EAP_TLV_RESULT_FAILURE;
     577           0 :                         ret->decision = DECISION_FAIL;
     578             :                 }
     579           8 :                 ret->methodState = METHOD_DONE;
     580             : 
     581          16 :                 *resp = eap_tlv_build_result(sm, data, crypto_tlv != NULL,
     582           8 :                                              eap_get_id(req), resp_status);
     583             :         }
     584             : 
     585           8 :         return 0;
     586             : }
     587             : 
     588             : 
     589         125 : static int eap_peap_phase2_request(struct eap_sm *sm,
     590             :                                    struct eap_peap_data *data,
     591             :                                    struct eap_method_ret *ret,
     592             :                                    struct wpabuf *req,
     593             :                                    struct wpabuf **resp)
     594             : {
     595         125 :         struct eap_hdr *hdr = wpabuf_mhead(req);
     596         125 :         size_t len = be_to_host16(hdr->length);
     597             :         u8 *pos;
     598             :         struct eap_method_ret iret;
     599         125 :         struct eap_peer_config *config = eap_get_config(sm);
     600             : 
     601         125 :         if (len <= sizeof(struct eap_hdr)) {
     602           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: too short "
     603             :                            "Phase 2 request (len=%lu)", (unsigned long) len);
     604           0 :                 return -1;
     605             :         }
     606         125 :         pos = (u8 *) (hdr + 1);
     607         125 :         wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: type=%d", *pos);
     608         125 :         switch (*pos) {
     609             :         case EAP_TYPE_IDENTITY:
     610          35 :                 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
     611          35 :                 break;
     612             :         case EAP_TYPE_TLV:
     613           9 :                 os_memset(&iret, 0, sizeof(iret));
     614          18 :                 if (eap_tlv_process(sm, data, &iret, req, resp,
     615           9 :                                     data->phase2_eap_started &&
     616           9 :                                     !data->phase2_eap_success)) {
     617           1 :                         ret->methodState = METHOD_DONE;
     618           1 :                         ret->decision = DECISION_FAIL;
     619           1 :                         return -1;
     620             :                 }
     621           8 :                 if (iret.methodState == METHOD_DONE ||
     622           0 :                     iret.methodState == METHOD_MAY_CONT) {
     623           8 :                         ret->methodState = iret.methodState;
     624           8 :                         ret->decision = iret.decision;
     625           8 :                         data->phase2_success = 1;
     626             :                 }
     627           8 :                 break;
     628             :         case EAP_TYPE_EXPANDED:
     629             : #ifdef EAP_TNC
     630           3 :                 if (data->soh) {
     631             :                         const u8 *epos;
     632             :                         size_t eleft;
     633             : 
     634           3 :                         epos = eap_hdr_validate(EAP_VENDOR_MICROSOFT, 0x21,
     635             :                                                 req, &eleft);
     636           3 :                         if (epos) {
     637             :                                 struct wpabuf *buf;
     638           3 :                                 wpa_printf(MSG_DEBUG,
     639             :                                            "EAP-PEAP: SoH EAP Extensions");
     640           3 :                                 buf = tncc_process_soh_request(data->soh,
     641             :                                                                epos, eleft);
     642           3 :                                 if (buf) {
     643           3 :                                         *resp = eap_msg_alloc(
     644             :                                                 EAP_VENDOR_MICROSOFT, 0x21,
     645             :                                                 wpabuf_len(buf),
     646             :                                                 EAP_CODE_RESPONSE,
     647           3 :                                                 hdr->identifier);
     648           3 :                                         if (*resp == NULL) {
     649           0 :                                                 ret->methodState = METHOD_DONE;
     650           0 :                                                 ret->decision = DECISION_FAIL;
     651           0 :                                                 return -1;
     652             :                                         }
     653           3 :                                         wpabuf_put_buf(*resp, buf);
     654           3 :                                         wpabuf_free(buf);
     655           3 :                                         break;
     656             :                                 }
     657             :                         }
     658             :                 }
     659             : #endif /* EAP_TNC */
     660             :                 /* fall through */
     661             :         default:
     662         156 :                 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
     663          78 :                     data->phase2_type.method == EAP_TYPE_NONE) {
     664             :                         size_t i;
     665          78 :                         for (i = 0; i < data->num_phase2_types; i++) {
     666          37 :                                 if (data->phase2_types[i].vendor !=
     667          37 :                                     EAP_VENDOR_IETF ||
     668          37 :                                     data->phase2_types[i].method != *pos)
     669           6 :                                         continue;
     670             : 
     671          31 :                                 data->phase2_type.vendor =
     672          31 :                                         data->phase2_types[i].vendor;
     673          31 :                                 data->phase2_type.method =
     674          31 :                                         data->phase2_types[i].method;
     675          31 :                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Selected "
     676             :                                            "Phase 2 EAP vendor %d method %d",
     677             :                                            data->phase2_type.vendor,
     678             :                                            data->phase2_type.method);
     679          31 :                                 break;
     680             :                         }
     681             :                 }
     682         154 :                 if (*pos != data->phase2_type.method ||
     683          76 :                     *pos == EAP_TYPE_NONE) {
     684           2 :                         if (eap_peer_tls_phase2_nak(data->phase2_types,
     685             :                                                     data->num_phase2_types,
     686             :                                                     hdr, resp))
     687           0 :                                 return -1;
     688           2 :                         return 0;
     689             :                 }
     690             : 
     691          76 :                 if (data->phase2_priv == NULL) {
     692          31 :                         data->phase2_method = eap_peer_get_eap_method(
     693             :                                 data->phase2_type.vendor,
     694          31 :                                 data->phase2_type.method);
     695          31 :                         if (data->phase2_method) {
     696          31 :                                 sm->init_phase2 = 1;
     697          31 :                                 data->phase2_priv =
     698          31 :                                         data->phase2_method->init(sm);
     699          31 :                                 sm->init_phase2 = 0;
     700             :                         }
     701             :                 }
     702          76 :                 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
     703           0 :                         wpa_printf(MSG_INFO, "EAP-PEAP: failed to initialize "
     704           0 :                                    "Phase 2 EAP method %d", *pos);
     705           0 :                         ret->methodState = METHOD_DONE;
     706           0 :                         ret->decision = DECISION_FAIL;
     707           0 :                         return -1;
     708             :                 }
     709          76 :                 data->phase2_eap_started = 1;
     710          76 :                 os_memset(&iret, 0, sizeof(iret));
     711          76 :                 *resp = data->phase2_method->process(sm, data->phase2_priv,
     712             :                                                      &iret, req);
     713         118 :                 if ((iret.methodState == METHOD_DONE ||
     714         116 :                      iret.methodState == METHOD_MAY_CONT) &&
     715         118 :                     (iret.decision == DECISION_UNCOND_SUCC ||
     716          44 :                      iret.decision == DECISION_COND_SUCC)) {
     717          33 :                         data->phase2_eap_success = 1;
     718          33 :                         data->phase2_success = 1;
     719             :                 }
     720          76 :                 break;
     721             :         }
     722             : 
     723         124 :         if (*resp == NULL &&
     724           5 :             (config->pending_req_identity || config->pending_req_password ||
     725           1 :              config->pending_req_otp || config->pending_req_new_password)) {
     726           2 :                 wpabuf_free(data->pending_phase2_req);
     727           2 :                 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
     728             :         }
     729             : 
     730         122 :         return 0;
     731             : }
     732             : 
     733             : 
     734         151 : static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
     735             :                             struct eap_method_ret *ret,
     736             :                             const struct eap_hdr *req,
     737             :                             const struct wpabuf *in_data,
     738             :                             struct wpabuf **out_data)
     739             : {
     740         151 :         struct wpabuf *in_decrypted = NULL;
     741         151 :         int res, skip_change = 0;
     742             :         struct eap_hdr *hdr, *rhdr;
     743         151 :         struct wpabuf *resp = NULL;
     744             :         size_t len;
     745             : 
     746         151 :         wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
     747             :                    " Phase 2", (unsigned long) wpabuf_len(in_data));
     748             : 
     749         151 :         if (data->pending_phase2_req) {
     750           2 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
     751             :                            "skip decryption and use old data");
     752             :                 /* Clear TLS reassembly state. */
     753           2 :                 eap_peer_tls_reset_input(&data->ssl);
     754           2 :                 in_decrypted = data->pending_phase2_req;
     755           2 :                 data->pending_phase2_req = NULL;
     756           2 :                 skip_change = 1;
     757           2 :                 goto continue_req;
     758             :         }
     759             : 
     760         149 :         if (wpabuf_len(in_data) == 0 && sm->workaround &&
     761           0 :             data->phase2_success) {
     762             :                 /*
     763             :                  * Cisco ACS seems to be using TLS ACK to terminate
     764             :                  * EAP-PEAPv0/GTC. Try to reply with TLS ACK.
     765             :                  */
     766           0 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Received TLS ACK, but "
     767             :                            "expected data - acknowledge with TLS ACK since "
     768             :                            "Phase 2 has been completed");
     769           0 :                 ret->decision = DECISION_COND_SUCC;
     770           0 :                 ret->methodState = METHOD_DONE;
     771           0 :                 return 1;
     772         149 :         } else if (wpabuf_len(in_data) == 0) {
     773             :                 /* Received TLS ACK - requesting more fragments */
     774           0 :                 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
     775             :                                             data->peap_version,
     776           0 :                                             req->identifier, NULL, out_data);
     777             :         }
     778             : 
     779         149 :         res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
     780         149 :         if (res)
     781           0 :                 return res;
     782             : 
     783             : continue_req:
     784         151 :         wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP",
     785             :                         in_decrypted);
     786             : 
     787         151 :         hdr = wpabuf_mhead(in_decrypted);
     788         177 :         if (wpabuf_len(in_decrypted) == 5 && hdr->code == EAP_CODE_REQUEST &&
     789          52 :             be_to_host16(hdr->length) == 5 &&
     790          26 :             eap_get_type(in_decrypted) == EAP_TYPE_IDENTITY) {
     791             :                 /* At least FreeRADIUS seems to send full EAP header with
     792             :                  * EAP Request Identity */
     793          26 :                 skip_change = 1;
     794             :         }
     795         246 :         if (wpabuf_len(in_decrypted) >= 5 && hdr->code == EAP_CODE_REQUEST &&
     796          95 :             eap_get_type(in_decrypted) == EAP_TYPE_TLV) {
     797           9 :                 skip_change = 1;
     798             :         }
     799             : 
     800         151 :         if (data->peap_version == 0 && !skip_change) {
     801             :                 struct eap_hdr *nhdr;
     802          30 :                 struct wpabuf *nmsg = wpabuf_alloc(sizeof(struct eap_hdr) +
     803          30 :                                                    wpabuf_len(in_decrypted));
     804          30 :                 if (nmsg == NULL) {
     805           0 :                         wpabuf_free(in_decrypted);
     806           0 :                         return 0;
     807             :                 }
     808          30 :                 nhdr = wpabuf_put(nmsg, sizeof(*nhdr));
     809          30 :                 wpabuf_put_buf(nmsg, in_decrypted);
     810          30 :                 nhdr->code = req->code;
     811          30 :                 nhdr->identifier = req->identifier;
     812          30 :                 nhdr->length = host_to_be16(sizeof(struct eap_hdr) +
     813             :                                             wpabuf_len(in_decrypted));
     814             : 
     815          30 :                 wpabuf_free(in_decrypted);
     816          30 :                 in_decrypted = nmsg;
     817             :         }
     818             : 
     819         151 :         hdr = wpabuf_mhead(in_decrypted);
     820         151 :         if (wpabuf_len(in_decrypted) < sizeof(*hdr)) {
     821           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
     822             :                            "EAP frame (len=%lu)",
     823             :                            (unsigned long) wpabuf_len(in_decrypted));
     824           0 :                 wpabuf_free(in_decrypted);
     825           0 :                 return 0;
     826             :         }
     827         151 :         len = be_to_host16(hdr->length);
     828         151 :         if (len > wpabuf_len(in_decrypted)) {
     829           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in "
     830             :                            "Phase 2 EAP frame (len=%lu hdr->length=%lu)",
     831             :                            (unsigned long) wpabuf_len(in_decrypted),
     832             :                            (unsigned long) len);
     833           0 :                 wpabuf_free(in_decrypted);
     834           0 :                 return 0;
     835             :         }
     836         151 :         if (len < wpabuf_len(in_decrypted)) {
     837           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: Odd.. Phase 2 EAP header has "
     838             :                            "shorter length than full decrypted data "
     839             :                            "(%lu < %lu)",
     840             :                            (unsigned long) len,
     841             :                            (unsigned long) wpabuf_len(in_decrypted));
     842             :         }
     843         302 :         wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d "
     844         302 :                    "identifier=%d length=%lu", hdr->code, hdr->identifier,
     845             :                    (unsigned long) len);
     846         151 :         switch (hdr->code) {
     847             :         case EAP_CODE_REQUEST:
     848         125 :                 if (eap_peap_phase2_request(sm, data, ret, in_decrypted,
     849             :                                             &resp)) {
     850           1 :                         wpabuf_free(in_decrypted);
     851           1 :                         wpa_printf(MSG_INFO, "EAP-PEAP: Phase2 Request "
     852             :                                    "processing failed");
     853           1 :                         return 0;
     854             :                 }
     855         124 :                 break;
     856             :         case EAP_CODE_SUCCESS:
     857          24 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
     858          24 :                 if (data->peap_version == 1) {
     859             :                         /* EAP-Success within TLS tunnel is used to indicate
     860             :                          * shutdown of the TLS channel. The authentication has
     861             :                          * been completed. */
     862          48 :                         if (data->phase2_eap_started &&
     863          24 :                             !data->phase2_eap_success) {
     864           0 :                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
     865             :                                            "Success used to indicate success, "
     866             :                                            "but Phase 2 EAP was not yet "
     867             :                                            "completed successfully");
     868           0 :                                 ret->methodState = METHOD_DONE;
     869           0 :                                 ret->decision = DECISION_FAIL;
     870           0 :                                 wpabuf_free(in_decrypted);
     871           0 :                                 return 0;
     872             :                         }
     873          24 :                         wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
     874             :                                    "EAP-Success within TLS tunnel - "
     875             :                                    "authentication completed");
     876          24 :                         ret->decision = DECISION_UNCOND_SUCC;
     877          24 :                         ret->methodState = METHOD_DONE;
     878          24 :                         data->phase2_success = 1;
     879          24 :                         if (data->peap_outer_success == 2) {
     880          23 :                                 wpabuf_free(in_decrypted);
     881          23 :                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Use TLS ACK "
     882             :                                            "to finish authentication");
     883          23 :                                 return 1;
     884           1 :                         } else if (data->peap_outer_success == 1) {
     885             :                                 /* Reply with EAP-Success within the TLS
     886             :                                  * channel to complete the authentication. */
     887           1 :                                 resp = wpabuf_alloc(sizeof(struct eap_hdr));
     888           1 :                                 if (resp) {
     889           1 :                                         rhdr = wpabuf_put(resp, sizeof(*rhdr));
     890           1 :                                         rhdr->code = EAP_CODE_SUCCESS;
     891           1 :                                         rhdr->identifier = hdr->identifier;
     892           1 :                                         rhdr->length =
     893           1 :                                                 host_to_be16(sizeof(*rhdr));
     894             :                                 }
     895             :                         } else {
     896             :                                 /* No EAP-Success expected for Phase 1 (outer,
     897             :                                  * unencrypted auth), so force EAP state
     898             :                                  * machine to SUCCESS state. */
     899           0 :                                 sm->peap_done = TRUE;
     900             :                         }
     901             :                 } else {
     902             :                         /* FIX: ? */
     903             :                 }
     904           1 :                 break;
     905             :         case EAP_CODE_FAILURE:
     906           2 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure");
     907           2 :                 ret->decision = DECISION_FAIL;
     908           2 :                 ret->methodState = METHOD_MAY_CONT;
     909           2 :                 ret->allowNotifications = FALSE;
     910             :                 /* Reply with EAP-Failure within the TLS channel to complete
     911             :                  * failure reporting. */
     912           2 :                 resp = wpabuf_alloc(sizeof(struct eap_hdr));
     913           2 :                 if (resp) {
     914           2 :                         rhdr = wpabuf_put(resp, sizeof(*rhdr));
     915           2 :                         rhdr->code = EAP_CODE_FAILURE;
     916           2 :                         rhdr->identifier = hdr->identifier;
     917           2 :                         rhdr->length = host_to_be16(sizeof(*rhdr));
     918             :                 }
     919           2 :                 break;
     920             :         default:
     921           0 :                 wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in "
     922           0 :                            "Phase 2 EAP header", hdr->code);
     923           0 :                 break;
     924             :         }
     925             : 
     926         127 :         wpabuf_free(in_decrypted);
     927             : 
     928         127 :         if (resp) {
     929         125 :                 int skip_change2 = 0;
     930             :                 struct wpabuf *rmsg, buf;
     931             : 
     932         125 :                 wpa_hexdump_buf_key(MSG_DEBUG,
     933             :                                     "EAP-PEAP: Encrypting Phase 2 data", resp);
     934             :                 /* PEAP version changes */
     935         247 :                 if (wpabuf_len(resp) >= 5 &&
     936         244 :                     wpabuf_head_u8(resp)[0] == EAP_CODE_RESPONSE &&
     937         122 :                     eap_get_type(resp) == EAP_TYPE_TLV)
     938           8 :                         skip_change2 = 1;
     939         125 :                 rmsg = resp;
     940         125 :                 if (data->peap_version == 0 && !skip_change2) {
     941          30 :                         wpabuf_set(&buf, wpabuf_head_u8(resp) +
     942             :                                    sizeof(struct eap_hdr),
     943          30 :                                    wpabuf_len(resp) - sizeof(struct eap_hdr));
     944          30 :                         rmsg = &buf;
     945             :                 }
     946             : 
     947         125 :                 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
     948         125 :                                          data->peap_version, req->identifier,
     949             :                                          rmsg, out_data)) {
     950           0 :                         wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt "
     951             :                                    "a Phase 2 frame");
     952             :                 }
     953         125 :                 wpabuf_free(resp);
     954             :         }
     955             : 
     956         127 :         return 0;
     957             : }
     958             : 
     959             : 
     960         288 : static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
     961             :                                         struct eap_method_ret *ret,
     962             :                                         const struct wpabuf *reqData)
     963             : {
     964             :         const struct eap_hdr *req;
     965             :         size_t left;
     966             :         int res;
     967             :         u8 flags, id;
     968             :         struct wpabuf *resp;
     969             :         const u8 *pos;
     970         288 :         struct eap_peap_data *data = priv;
     971             : 
     972         288 :         pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
     973             :                                         reqData, &left, &flags);
     974         288 :         if (pos == NULL)
     975           0 :                 return NULL;
     976         288 :         req = wpabuf_head(reqData);
     977         288 :         id = req->identifier;
     978             : 
     979         288 :         if (flags & EAP_TLS_FLAGS_START) {
     980          35 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own "
     981             :                            "ver=%d)", flags & EAP_TLS_VERSION_MASK,
     982             :                         data->peap_version);
     983          35 :                 if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version)
     984           0 :                         data->peap_version = flags & EAP_TLS_VERSION_MASK;
     985          45 :                 if (data->force_peap_version >= 0 &&
     986          10 :                     data->force_peap_version != data->peap_version) {
     987           0 :                         wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select "
     988             :                                    "forced PEAP version %d",
     989             :                                    data->force_peap_version);
     990           0 :                         ret->methodState = METHOD_DONE;
     991           0 :                         ret->decision = DECISION_FAIL;
     992           0 :                         ret->allowNotifications = FALSE;
     993           0 :                         return NULL;
     994             :                 }
     995          35 :                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Using PEAP version %d",
     996             :                            data->peap_version);
     997          35 :                 left = 0; /* make sure that this frame is empty, even though it
     998             :                            * should always be, anyway */
     999             :         }
    1000             : 
    1001         288 :         resp = NULL;
    1002         443 :         if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
    1003         306 :             !data->resuming) {
    1004             :                 struct wpabuf msg;
    1005         151 :                 wpabuf_set(&msg, pos, left);
    1006         151 :                 res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
    1007             :         } else {
    1008         137 :                 res = eap_peer_tls_process_helper(sm, &data->ssl,
    1009             :                                                   EAP_TYPE_PEAP,
    1010             :                                                   data->peap_version, id, pos,
    1011             :                                                   left, &resp);
    1012             : 
    1013         137 :                 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
    1014             :                         char *label;
    1015          35 :                         wpa_printf(MSG_DEBUG,
    1016             :                                    "EAP-PEAP: TLS done, proceed to Phase 2");
    1017          35 :                         eap_peap_free_key(data);
    1018             :                         /* draft-josefsson-ppext-eap-tls-eap-05.txt
    1019             :                          * specifies that PEAPv1 would use "client PEAP
    1020             :                          * encryption" as the label. However, most existing
    1021             :                          * PEAPv1 implementations seem to be using the old
    1022             :                          * label, "client EAP encryption", instead. Use the old
    1023             :                          * label by default, but allow it to be configured with
    1024             :                          * phase1 parameter peaplabel=1. */
    1025          35 :                         if (data->force_new_label)
    1026           2 :                                 label = "client PEAP encryption";
    1027             :                         else
    1028          33 :                                 label = "client EAP encryption";
    1029          35 :                         wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
    1030             :                                    "key derivation", label);
    1031          35 :                         data->key_data =
    1032          35 :                                 eap_peer_tls_derive_key(sm, &data->ssl, label,
    1033             :                                                         EAP_TLS_KEY_LEN);
    1034          35 :                         if (data->key_data) {
    1035          35 :                                 wpa_hexdump_key(MSG_DEBUG, 
    1036             :                                                 "EAP-PEAP: Derived key",
    1037          35 :                                                 data->key_data,
    1038             :                                                 EAP_TLS_KEY_LEN);
    1039             :                         } else {
    1040           0 :                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
    1041             :                                            "derive key");
    1042             :                         }
    1043             : 
    1044          35 :                         os_free(data->session_id);
    1045          35 :                         data->session_id =
    1046          35 :                                 eap_peer_tls_derive_session_id(sm, &data->ssl,
    1047             :                                                                EAP_TYPE_PEAP,
    1048             :                                                                &data->id_len);
    1049          35 :                         if (data->session_id) {
    1050          70 :                                 wpa_hexdump(MSG_DEBUG,
    1051             :                                             "EAP-PEAP: Derived Session-Id",
    1052          35 :                                             data->session_id, data->id_len);
    1053             :                         } else {
    1054           0 :                                 wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to "
    1055             :                                            "derive Session-Id");
    1056             :                         }
    1057             : 
    1058          35 :                         if (sm->workaround && data->resuming) {
    1059             :                                 /*
    1060             :                                  * At least few RADIUS servers (Aegis v1.1.6;
    1061             :                                  * but not v1.1.4; and Cisco ACS) seem to be
    1062             :                                  * terminating PEAPv1 (Aegis) or PEAPv0 (Cisco
    1063             :                                  * ACS) session resumption with outer
    1064             :                                  * EAP-Success. This does not seem to follow
    1065             :                                  * draft-josefsson-pppext-eap-tls-eap-05.txt
    1066             :                                  * section 4.2, so only allow this if EAP
    1067             :                                  * workarounds are enabled.
    1068             :                                  */
    1069           4 :                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
    1070             :                                            "allow outer EAP-Success to "
    1071             :                                            "terminate PEAP resumption");
    1072           4 :                                 ret->decision = DECISION_COND_SUCC;
    1073           4 :                                 data->phase2_success = 1;
    1074             :                         }
    1075             : 
    1076          35 :                         data->resuming = 0;
    1077             :                 }
    1078             : 
    1079         137 :                 if (res == 2) {
    1080             :                         struct wpabuf msg;
    1081             :                         /*
    1082             :                          * Application data included in the handshake message.
    1083             :                          */
    1084           0 :                         wpabuf_free(data->pending_phase2_req);
    1085           0 :                         data->pending_phase2_req = resp;
    1086           0 :                         resp = NULL;
    1087           0 :                         wpabuf_set(&msg, pos, left);
    1088           0 :                         res = eap_peap_decrypt(sm, data, ret, req, &msg,
    1089             :                                                &resp);
    1090             :                 }
    1091             :         }
    1092             : 
    1093         288 :         if (ret->methodState == METHOD_DONE) {
    1094          33 :                 ret->allowNotifications = FALSE;
    1095             :         }
    1096             : 
    1097         288 :         if (res == 1) {
    1098          89 :                 wpabuf_free(resp);
    1099          89 :                 return eap_peer_tls_build_ack(id, EAP_TYPE_PEAP,
    1100             :                                               data->peap_version);
    1101             :         }
    1102             : 
    1103         199 :         return resp;
    1104             : }
    1105             : 
    1106             : 
    1107           9 : static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
    1108             : {
    1109           9 :         struct eap_peap_data *data = priv;
    1110          18 :         return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
    1111           9 :                 data->phase2_success;
    1112             : }
    1113             : 
    1114             : 
    1115           4 : static void eap_peap_deinit_for_reauth(struct eap_sm *sm, void *priv)
    1116             : {
    1117           4 :         struct eap_peap_data *data = priv;
    1118           4 :         wpabuf_free(data->pending_phase2_req);
    1119           4 :         data->pending_phase2_req = NULL;
    1120           4 :         data->crypto_binding_used = 0;
    1121           4 : }
    1122             : 
    1123             : 
    1124           4 : static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
    1125             : {
    1126           4 :         struct eap_peap_data *data = priv;
    1127           4 :         eap_peap_free_key(data);
    1128           4 :         os_free(data->session_id);
    1129           4 :         data->session_id = NULL;
    1130           4 :         if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
    1131           0 :                 os_free(data);
    1132           0 :                 return NULL;
    1133             :         }
    1134           8 :         if (data->phase2_priv && data->phase2_method &&
    1135           4 :             data->phase2_method->init_for_reauth)
    1136           1 :                 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
    1137           4 :         data->phase2_success = 0;
    1138           4 :         data->phase2_eap_success = 0;
    1139           4 :         data->phase2_eap_started = 0;
    1140           4 :         data->resuming = 1;
    1141           4 :         data->reauth = 1;
    1142           4 :         sm->peap_done = FALSE;
    1143           4 :         return priv;
    1144             : }
    1145             : 
    1146             : 
    1147          23 : static int eap_peap_get_status(struct eap_sm *sm, void *priv, char *buf,
    1148             :                                size_t buflen, int verbose)
    1149             : {
    1150          23 :         struct eap_peap_data *data = priv;
    1151             :         int len, ret;
    1152             : 
    1153          23 :         len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
    1154          23 :         if (data->phase2_method) {
    1155          23 :                 ret = os_snprintf(buf + len, buflen - len,
    1156             :                                   "EAP-PEAPv%d Phase2 method=%s\n",
    1157             :                                   data->peap_version,
    1158          23 :                                   data->phase2_method->name);
    1159          23 :                 if (os_snprintf_error(buflen - len, ret))
    1160           0 :                         return len;
    1161          23 :                 len += ret;
    1162             :         }
    1163          23 :         return len;
    1164             : }
    1165             : 
    1166             : 
    1167         288 : static Boolean eap_peap_isKeyAvailable(struct eap_sm *sm, void *priv)
    1168             : {
    1169         288 :         struct eap_peap_data *data = priv;
    1170         288 :         return data->key_data != NULL && data->phase2_success;
    1171             : }
    1172             : 
    1173             : 
    1174          81 : static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
    1175             : {
    1176          81 :         struct eap_peap_data *data = priv;
    1177             :         u8 *key;
    1178             : 
    1179          81 :         if (data->key_data == NULL || !data->phase2_success)
    1180           0 :                 return NULL;
    1181             : 
    1182          81 :         key = os_malloc(EAP_TLS_KEY_LEN);
    1183          81 :         if (key == NULL)
    1184           0 :                 return NULL;
    1185             : 
    1186          81 :         *len = EAP_TLS_KEY_LEN;
    1187             : 
    1188          81 :         if (data->crypto_binding_used) {
    1189             :                 u8 csk[128];
    1190             :                 /*
    1191             :                  * Note: It looks like Microsoft implementation requires null
    1192             :                  * termination for this label while the one used for deriving
    1193             :                  * IPMK|CMK did not use null termination.
    1194             :                  */
    1195           6 :                 if (peap_prfplus(data->peap_version, data->ipmk, 40,
    1196             :                                  "Session Key Generating Function",
    1197             :                                  (u8 *) "\00", 1, csk, sizeof(csk)) < 0) {
    1198           0 :                         os_free(key);
    1199           0 :                         return NULL;
    1200             :                 }
    1201           6 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
    1202           6 :                 os_memcpy(key, csk, EAP_TLS_KEY_LEN);
    1203           6 :                 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
    1204             :                             key, EAP_TLS_KEY_LEN);
    1205             :         } else
    1206          75 :                 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
    1207             : 
    1208          81 :         return key;
    1209             : }
    1210             : 
    1211             : 
    1212          81 : static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
    1213             : {
    1214          81 :         struct eap_peap_data *data = priv;
    1215             :         u8 *id;
    1216             : 
    1217          81 :         if (data->session_id == NULL || !data->phase2_success)
    1218           0 :                 return NULL;
    1219             : 
    1220          81 :         id = os_malloc(data->id_len);
    1221          81 :         if (id == NULL)
    1222           0 :                 return NULL;
    1223             : 
    1224          81 :         *len = data->id_len;
    1225          81 :         os_memcpy(id, data->session_id, data->id_len);
    1226             : 
    1227          81 :         return id;
    1228             : }
    1229             : 
    1230             : 
    1231          30 : int eap_peer_peap_register(void)
    1232             : {
    1233             :         struct eap_method *eap;
    1234             :         int ret;
    1235             : 
    1236          30 :         eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
    1237             :                                     EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP");
    1238          30 :         if (eap == NULL)
    1239           0 :                 return -1;
    1240             : 
    1241          30 :         eap->init = eap_peap_init;
    1242          30 :         eap->deinit = eap_peap_deinit;
    1243          30 :         eap->process = eap_peap_process;
    1244          30 :         eap->isKeyAvailable = eap_peap_isKeyAvailable;
    1245          30 :         eap->getKey = eap_peap_getKey;
    1246          30 :         eap->get_status = eap_peap_get_status;
    1247          30 :         eap->has_reauth_data = eap_peap_has_reauth_data;
    1248          30 :         eap->deinit_for_reauth = eap_peap_deinit_for_reauth;
    1249          30 :         eap->init_for_reauth = eap_peap_init_for_reauth;
    1250          30 :         eap->getSessionId = eap_peap_get_session_id;
    1251             : 
    1252          30 :         ret = eap_peer_method_register(eap);
    1253          30 :         if (ret)
    1254           0 :                 eap_peer_method_free(eap);
    1255          30 :         return ret;
    1256             : }

Generated by: LCOV version 1.10