Line data Source code
1 : /*
2 : * hostapd / EAP-TTLS (RFC 5281)
3 : * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "crypto/ms_funcs.h"
13 : #include "crypto/sha1.h"
14 : #include "crypto/tls.h"
15 : #include "eap_server/eap_i.h"
16 : #include "eap_server/eap_tls_common.h"
17 : #include "eap_common/chap.h"
18 : #include "eap_common/eap_ttls.h"
19 :
20 :
21 : #define EAP_TTLS_VERSION 0
22 :
23 :
24 : static void eap_ttls_reset(struct eap_sm *sm, void *priv);
25 :
26 :
27 : struct eap_ttls_data {
28 : struct eap_ssl_data ssl;
29 : enum {
30 : START, PHASE1, PHASE2_START, PHASE2_METHOD,
31 : PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
32 : } state;
33 :
34 : int ttls_version;
35 : const struct eap_method *phase2_method;
36 : void *phase2_priv;
37 : int mschapv2_resp_ok;
38 : u8 mschapv2_auth_response[20];
39 : u8 mschapv2_ident;
40 : struct wpabuf *pending_phase2_eap_resp;
41 : int tnc_started;
42 : };
43 :
44 :
45 1400 : static const char * eap_ttls_state_txt(int state)
46 : {
47 1400 : switch (state) {
48 : case START:
49 256 : return "START";
50 : case PHASE1:
51 435 : return "PHASE1";
52 : case PHASE2_START:
53 314 : return "PHASE2_START";
54 : case PHASE2_METHOD:
55 51 : return "PHASE2_METHOD";
56 : case PHASE2_MSCHAPV2_RESP:
57 166 : return "PHASE2_MSCHAPV2_RESP";
58 : case SUCCESS:
59 134 : return "SUCCESS";
60 : case FAILURE:
61 44 : return "FAILURE";
62 : default:
63 0 : return "Unknown?!";
64 : }
65 : }
66 :
67 :
68 700 : static void eap_ttls_state(struct eap_ttls_data *data, int state)
69 : {
70 1400 : wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
71 700 : eap_ttls_state_txt(data->state),
72 : eap_ttls_state_txt(state));
73 700 : data->state = state;
74 700 : }
75 :
76 :
77 147 : static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
78 : int mandatory, size_t len)
79 : {
80 : struct ttls_avp_vendor *avp;
81 : u8 flags;
82 : size_t hdrlen;
83 :
84 147 : avp = (struct ttls_avp_vendor *) avphdr;
85 147 : flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
86 147 : if (vendor_id) {
87 83 : flags |= AVP_FLAGS_VENDOR;
88 83 : hdrlen = sizeof(*avp);
89 83 : avp->vendor_id = host_to_be32(vendor_id);
90 : } else {
91 64 : hdrlen = sizeof(struct ttls_avp);
92 : }
93 :
94 147 : avp->avp_code = host_to_be32(avp_code);
95 147 : avp->avp_length = host_to_be32(((u32) flags << 24) |
96 : ((u32) (hdrlen + len)));
97 :
98 147 : return avphdr + hdrlen;
99 : }
100 :
101 :
102 64 : static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
103 : u32 avp_code, int mandatory)
104 : {
105 : struct wpabuf *avp;
106 : u8 *pos;
107 :
108 64 : avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
109 64 : if (avp == NULL) {
110 0 : wpabuf_free(resp);
111 0 : return NULL;
112 : }
113 :
114 64 : pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
115 : wpabuf_len(resp));
116 64 : os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
117 64 : pos += wpabuf_len(resp);
118 64 : AVP_PAD((const u8 *) wpabuf_head(avp), pos);
119 64 : wpabuf_free(resp);
120 64 : wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
121 64 : return avp;
122 : }
123 :
124 :
125 : struct eap_ttls_avp {
126 : /* Note: eap is allocated memory; caller is responsible for freeing
127 : * it. All the other pointers are pointing to the packet data, i.e.,
128 : * they must not be freed separately. */
129 : u8 *eap;
130 : size_t eap_len;
131 : u8 *user_name;
132 : size_t user_name_len;
133 : u8 *user_password;
134 : size_t user_password_len;
135 : u8 *chap_challenge;
136 : size_t chap_challenge_len;
137 : u8 *chap_password;
138 : size_t chap_password_len;
139 : u8 *mschap_challenge;
140 : size_t mschap_challenge_len;
141 : u8 *mschap_response;
142 : size_t mschap_response_len;
143 : u8 *mschap2_response;
144 : size_t mschap2_response_len;
145 : };
146 :
147 :
148 221 : static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
149 : {
150 : struct ttls_avp *avp;
151 : u8 *pos;
152 : int left;
153 :
154 221 : pos = wpabuf_mhead(buf);
155 221 : left = wpabuf_len(buf);
156 221 : os_memset(parse, 0, sizeof(*parse));
157 :
158 895 : while (left > 0) {
159 453 : u32 avp_code, avp_length, vendor_id = 0;
160 : u8 avp_flags, *dpos;
161 : size_t pad, dlen;
162 453 : avp = (struct ttls_avp *) pos;
163 453 : avp_code = be_to_host32(avp->avp_code);
164 453 : avp_length = be_to_host32(avp->avp_length);
165 453 : avp_flags = (avp_length >> 24) & 0xff;
166 453 : avp_length &= 0xffffff;
167 453 : wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
168 : "length=%d", (int) avp_code, avp_flags,
169 : (int) avp_length);
170 453 : if ((int) avp_length > left) {
171 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
172 : "(len=%d, left=%d) - dropped",
173 : (int) avp_length, left);
174 0 : goto fail;
175 : }
176 453 : if (avp_length < sizeof(*avp)) {
177 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
178 : "%d", avp_length);
179 0 : goto fail;
180 : }
181 453 : dpos = (u8 *) (avp + 1);
182 453 : dlen = avp_length - sizeof(*avp);
183 453 : if (avp_flags & AVP_FLAGS_VENDOR) {
184 190 : if (dlen < 4) {
185 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
186 : "underflow");
187 0 : goto fail;
188 : }
189 190 : vendor_id = be_to_host32(* (be32 *) dpos);
190 190 : wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
191 : (int) vendor_id);
192 190 : dpos += 4;
193 190 : dlen -= 4;
194 : }
195 :
196 453 : wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
197 :
198 453 : if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
199 94 : wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
200 188 : if (parse->eap == NULL) {
201 94 : parse->eap = os_malloc(dlen);
202 94 : if (parse->eap == NULL) {
203 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: "
204 : "failed to allocate memory "
205 : "for Phase 2 EAP data");
206 0 : goto fail;
207 : }
208 94 : os_memcpy(parse->eap, dpos, dlen);
209 94 : parse->eap_len = dlen;
210 : } else {
211 0 : u8 *neweap = os_realloc(parse->eap,
212 0 : parse->eap_len + dlen);
213 0 : if (neweap == NULL) {
214 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: "
215 : "failed to allocate memory "
216 : "for Phase 2 EAP data");
217 0 : goto fail;
218 : }
219 0 : os_memcpy(neweap + parse->eap_len, dpos, dlen);
220 0 : parse->eap = neweap;
221 0 : parse->eap_len += dlen;
222 : }
223 359 : } else if (vendor_id == 0 &&
224 : avp_code == RADIUS_ATTR_USER_NAME) {
225 127 : wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
226 : dpos, dlen);
227 127 : parse->user_name = dpos;
228 127 : parse->user_name_len = dlen;
229 232 : } else if (vendor_id == 0 &&
230 22 : avp_code == RADIUS_ATTR_USER_PASSWORD) {
231 22 : u8 *password = dpos;
232 22 : size_t password_len = dlen;
233 392 : while (password_len > 0 &&
234 185 : password[password_len - 1] == '\0') {
235 163 : password_len--;
236 : }
237 22 : wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
238 : "User-Password (PAP)",
239 : password, password_len);
240 22 : parse->user_password = password;
241 22 : parse->user_password_len = password_len;
242 210 : } else if (vendor_id == 0 &&
243 : avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
244 10 : wpa_hexdump(MSG_DEBUG,
245 : "EAP-TTLS: CHAP-Challenge (CHAP)",
246 : dpos, dlen);
247 10 : parse->chap_challenge = dpos;
248 10 : parse->chap_challenge_len = dlen;
249 200 : } else if (vendor_id == 0 &&
250 : avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
251 10 : wpa_hexdump(MSG_DEBUG,
252 : "EAP-TTLS: CHAP-Password (CHAP)",
253 : dpos, dlen);
254 10 : parse->chap_password = dpos;
255 10 : parse->chap_password_len = dlen;
256 190 : } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
257 : avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
258 95 : wpa_hexdump(MSG_DEBUG,
259 : "EAP-TTLS: MS-CHAP-Challenge",
260 : dpos, dlen);
261 95 : parse->mschap_challenge = dpos;
262 95 : parse->mschap_challenge_len = dlen;
263 95 : } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
264 : avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
265 11 : wpa_hexdump(MSG_DEBUG,
266 : "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
267 : dpos, dlen);
268 11 : parse->mschap_response = dpos;
269 11 : parse->mschap_response_len = dlen;
270 84 : } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
271 : avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
272 84 : wpa_hexdump(MSG_DEBUG,
273 : "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
274 : dpos, dlen);
275 84 : parse->mschap2_response = dpos;
276 84 : parse->mschap2_response_len = dlen;
277 0 : } else if (avp_flags & AVP_FLAGS_MANDATORY) {
278 0 : wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
279 : "mandatory AVP code %d vendor_id %d - "
280 : "dropped", (int) avp_code, (int) vendor_id);
281 0 : goto fail;
282 : } else {
283 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
284 : "AVP code %d vendor_id %d",
285 : (int) avp_code, (int) vendor_id);
286 : }
287 :
288 453 : pad = (4 - (avp_length & 3)) & 3;
289 453 : pos += avp_length + pad;
290 453 : left -= avp_length + pad;
291 : }
292 :
293 221 : return 0;
294 :
295 : fail:
296 0 : os_free(parse->eap);
297 0 : parse->eap = NULL;
298 0 : return -1;
299 : }
300 :
301 :
302 101 : static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
303 : struct eap_ttls_data *data, size_t len)
304 : {
305 101 : return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
306 : len);
307 : }
308 :
309 :
310 256 : static void * eap_ttls_init(struct eap_sm *sm)
311 : {
312 : struct eap_ttls_data *data;
313 :
314 256 : data = os_zalloc(sizeof(*data));
315 256 : if (data == NULL)
316 0 : return NULL;
317 256 : data->ttls_version = EAP_TTLS_VERSION;
318 256 : data->state = START;
319 :
320 256 : if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
321 0 : wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
322 0 : eap_ttls_reset(sm, data);
323 0 : return NULL;
324 : }
325 :
326 256 : return data;
327 : }
328 :
329 :
330 256 : static void eap_ttls_reset(struct eap_sm *sm, void *priv)
331 : {
332 256 : struct eap_ttls_data *data = priv;
333 256 : if (data == NULL)
334 256 : return;
335 256 : if (data->phase2_priv && data->phase2_method)
336 29 : data->phase2_method->reset(sm, data->phase2_priv);
337 256 : eap_server_tls_ssl_deinit(sm, &data->ssl);
338 256 : wpabuf_free(data->pending_phase2_eap_resp);
339 256 : bin_clear_free(data, sizeof(*data));
340 : }
341 :
342 :
343 256 : static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
344 : struct eap_ttls_data *data, u8 id)
345 : {
346 : struct wpabuf *req;
347 :
348 256 : req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
349 : EAP_CODE_REQUEST, id);
350 256 : if (req == NULL) {
351 0 : wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
352 : " request");
353 0 : eap_ttls_state(data, FAILURE);
354 0 : return NULL;
355 : }
356 :
357 256 : wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
358 :
359 256 : eap_ttls_state(data, PHASE1);
360 :
361 256 : return req;
362 : }
363 :
364 :
365 69 : static struct wpabuf * eap_ttls_build_phase2_eap_req(
366 : struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
367 : {
368 : struct wpabuf *buf, *encr_req;
369 :
370 :
371 69 : buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
372 69 : if (buf == NULL)
373 5 : return NULL;
374 :
375 64 : wpa_hexdump_buf_key(MSG_DEBUG,
376 : "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
377 :
378 64 : buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
379 64 : if (buf == NULL) {
380 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
381 : "packet");
382 0 : return NULL;
383 : }
384 :
385 64 : wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
386 : "Phase 2 data", buf);
387 :
388 64 : encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
389 64 : wpabuf_free(buf);
390 :
391 64 : return encr_req;
392 : }
393 :
394 :
395 83 : static struct wpabuf * eap_ttls_build_phase2_mschapv2(
396 : struct eap_sm *sm, struct eap_ttls_data *data)
397 : {
398 : struct wpabuf *encr_req, msgbuf;
399 : u8 *req, *pos, *end;
400 : int ret;
401 :
402 83 : pos = req = os_malloc(100);
403 83 : if (req == NULL)
404 0 : return NULL;
405 83 : end = req + 100;
406 :
407 83 : if (data->mschapv2_resp_ok) {
408 82 : pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
409 : RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
410 82 : *pos++ = data->mschapv2_ident;
411 82 : ret = os_snprintf((char *) pos, end - pos, "S=");
412 82 : if (!os_snprintf_error(end - pos, ret))
413 82 : pos += ret;
414 82 : pos += wpa_snprintf_hex_uppercase(
415 82 : (char *) pos, end - pos, data->mschapv2_auth_response,
416 : sizeof(data->mschapv2_auth_response));
417 : } else {
418 1 : pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
419 : RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
420 1 : os_memcpy(pos, "Failed", 6);
421 1 : pos += 6;
422 1 : AVP_PAD(req, pos);
423 : }
424 :
425 83 : wpabuf_set(&msgbuf, req, pos - req);
426 83 : wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
427 : "data", &msgbuf);
428 :
429 83 : encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
430 83 : os_free(req);
431 :
432 83 : return encr_req;
433 : }
434 :
435 :
436 962 : static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
437 : {
438 962 : struct eap_ttls_data *data = priv;
439 :
440 962 : if (data->ssl.state == FRAG_ACK) {
441 57 : return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
442 : data->ttls_version);
443 : }
444 :
445 905 : if (data->ssl.state == WAIT_FRAG_ACK) {
446 162 : return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
447 : data->ttls_version, id);
448 : }
449 :
450 743 : switch (data->state) {
451 : case START:
452 256 : return eap_ttls_build_start(sm, data, id);
453 : case PHASE1:
454 335 : if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
455 157 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
456 : "starting Phase2");
457 157 : eap_ttls_state(data, PHASE2_START);
458 : }
459 335 : break;
460 : case PHASE2_METHOD:
461 69 : wpabuf_free(data->ssl.tls_out);
462 69 : data->ssl.tls_out_pos = 0;
463 69 : data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
464 : id);
465 69 : break;
466 : case PHASE2_MSCHAPV2_RESP:
467 83 : wpabuf_free(data->ssl.tls_out);
468 83 : data->ssl.tls_out_pos = 0;
469 83 : data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
470 83 : break;
471 : default:
472 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
473 0 : __func__, data->state);
474 0 : return NULL;
475 : }
476 :
477 487 : return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
478 : data->ttls_version, id);
479 : }
480 :
481 :
482 880 : static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
483 : struct wpabuf *respData)
484 : {
485 : const u8 *pos;
486 : size_t len;
487 :
488 880 : pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
489 880 : if (pos == NULL || len < 1) {
490 0 : wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
491 0 : return TRUE;
492 : }
493 :
494 880 : return FALSE;
495 : }
496 :
497 :
498 22 : static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
499 : struct eap_ttls_data *data,
500 : const u8 *user_password,
501 : size_t user_password_len)
502 : {
503 44 : if (!sm->user || !sm->user->password || sm->user->password_hash ||
504 22 : !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
505 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
506 : "password configured");
507 1 : eap_ttls_state(data, FAILURE);
508 1 : return;
509 : }
510 :
511 41 : if (sm->user->password_len != user_password_len ||
512 20 : os_memcmp_const(sm->user->password, user_password,
513 : user_password_len) != 0) {
514 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
515 1 : eap_ttls_state(data, FAILURE);
516 1 : return;
517 : }
518 :
519 20 : wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
520 20 : eap_ttls_state(data, SUCCESS);
521 : }
522 :
523 :
524 10 : static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
525 : struct eap_ttls_data *data,
526 : const u8 *challenge,
527 : size_t challenge_len,
528 : const u8 *password,
529 : size_t password_len)
530 : {
531 : u8 *chal, hash[CHAP_MD5_LEN];
532 :
533 10 : if (challenge == NULL || password == NULL ||
534 10 : challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
535 : password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
536 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
537 : "(challenge len %lu password len %lu)",
538 : (unsigned long) challenge_len,
539 : (unsigned long) password_len);
540 0 : eap_ttls_state(data, FAILURE);
541 0 : return;
542 : }
543 :
544 20 : if (!sm->user || !sm->user->password || sm->user->password_hash ||
545 10 : !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
546 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
547 : "password configured");
548 1 : eap_ttls_state(data, FAILURE);
549 1 : return;
550 : }
551 :
552 9 : chal = eap_ttls_implicit_challenge(sm, data,
553 : EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
554 9 : if (chal == NULL) {
555 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
556 : "challenge from TLS data");
557 0 : eap_ttls_state(data, FAILURE);
558 0 : return;
559 : }
560 :
561 9 : if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN)
562 9 : != 0 ||
563 9 : password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
564 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
565 0 : os_free(chal);
566 0 : eap_ttls_state(data, FAILURE);
567 0 : return;
568 : }
569 9 : os_free(chal);
570 :
571 : /* MD5(Ident + Password + Challenge) */
572 9 : chap_md5(password[0], sm->user->password, sm->user->password_len,
573 : challenge, challenge_len, hash);
574 :
575 9 : if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) ==
576 : 0) {
577 8 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
578 8 : eap_ttls_state(data, SUCCESS);
579 : } else {
580 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
581 1 : eap_ttls_state(data, FAILURE);
582 : }
583 : }
584 :
585 :
586 10 : static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
587 : struct eap_ttls_data *data,
588 : u8 *challenge, size_t challenge_len,
589 : u8 *response, size_t response_len)
590 : {
591 : u8 *chal, nt_response[24];
592 :
593 10 : if (challenge == NULL || response == NULL ||
594 10 : challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
595 : response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
596 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
597 : "attributes (challenge len %lu response len %lu)",
598 : (unsigned long) challenge_len,
599 : (unsigned long) response_len);
600 0 : eap_ttls_state(data, FAILURE);
601 0 : return;
602 : }
603 :
604 20 : if (!sm->user || !sm->user->password ||
605 10 : !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
606 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
607 : "configured");
608 1 : eap_ttls_state(data, FAILURE);
609 1 : return;
610 : }
611 :
612 9 : chal = eap_ttls_implicit_challenge(sm, data,
613 : EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
614 9 : if (chal == NULL) {
615 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
616 : "challenge from TLS data");
617 0 : eap_ttls_state(data, FAILURE);
618 0 : return;
619 : }
620 :
621 9 : if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
622 9 : != 0 ||
623 9 : response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
624 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
625 0 : os_free(chal);
626 0 : eap_ttls_state(data, FAILURE);
627 0 : return;
628 : }
629 9 : os_free(chal);
630 :
631 9 : if (sm->user->password_hash)
632 0 : challenge_response(challenge, sm->user->password, nt_response);
633 : else
634 9 : nt_challenge_response(challenge, sm->user->password,
635 9 : sm->user->password_len, nt_response);
636 :
637 9 : if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
638 8 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
639 8 : eap_ttls_state(data, SUCCESS);
640 : } else {
641 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
642 1 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
643 : response + 2 + 24, 24);
644 1 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
645 : nt_response, 24);
646 1 : eap_ttls_state(data, FAILURE);
647 : }
648 : }
649 :
650 :
651 84 : static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
652 : struct eap_ttls_data *data,
653 : u8 *challenge,
654 : size_t challenge_len,
655 : u8 *response, size_t response_len)
656 : {
657 : u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
658 : *auth_challenge;
659 : size_t username_len, i;
660 :
661 84 : if (challenge == NULL || response == NULL ||
662 84 : challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
663 : response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
664 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
665 : "attributes (challenge len %lu response len %lu)",
666 : (unsigned long) challenge_len,
667 : (unsigned long) response_len);
668 0 : eap_ttls_state(data, FAILURE);
669 0 : return;
670 : }
671 :
672 168 : if (!sm->user || !sm->user->password ||
673 84 : !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
674 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
675 : "configured");
676 1 : eap_ttls_state(data, FAILURE);
677 1 : return;
678 : }
679 :
680 83 : if (sm->identity == NULL) {
681 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity "
682 : "known");
683 0 : eap_ttls_state(data, FAILURE);
684 0 : return;
685 : }
686 :
687 : /* MSCHAPv2 does not include optional domain name in the
688 : * challenge-response calculation, so remove domain prefix
689 : * (if present). */
690 83 : username = sm->identity;
691 83 : username_len = sm->identity_len;
692 828 : for (i = 0; i < username_len; i++) {
693 759 : if (username[i] == '\\') {
694 14 : username_len -= i + 1;
695 14 : username += i + 1;
696 14 : break;
697 : }
698 : }
699 :
700 83 : chal = eap_ttls_implicit_challenge(
701 : sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
702 83 : if (chal == NULL) {
703 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
704 : "challenge from TLS data");
705 0 : eap_ttls_state(data, FAILURE);
706 0 : return;
707 : }
708 :
709 83 : if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN)
710 83 : != 0 ||
711 83 : response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
712 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
713 0 : os_free(chal);
714 0 : eap_ttls_state(data, FAILURE);
715 0 : return;
716 : }
717 83 : os_free(chal);
718 :
719 83 : auth_challenge = challenge;
720 83 : peer_challenge = response + 2;
721 :
722 83 : wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
723 : username, username_len);
724 83 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
725 : auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
726 83 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
727 : peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
728 :
729 83 : if (sm->user->password_hash) {
730 15 : generate_nt_response_pwhash(auth_challenge, peer_challenge,
731 : username, username_len,
732 15 : sm->user->password,
733 : nt_response);
734 : } else {
735 136 : generate_nt_response(auth_challenge, peer_challenge,
736 : username, username_len,
737 68 : sm->user->password,
738 68 : sm->user->password_len,
739 : nt_response);
740 : }
741 :
742 83 : rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
743 83 : if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
744 82 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
745 : "NT-Response");
746 82 : data->mschapv2_resp_ok = 1;
747 :
748 82 : if (sm->user->password_hash) {
749 14 : generate_authenticator_response_pwhash(
750 14 : sm->user->password,
751 : peer_challenge, auth_challenge,
752 : username, username_len, nt_response,
753 14 : data->mschapv2_auth_response);
754 : } else {
755 136 : generate_authenticator_response(
756 136 : sm->user->password, sm->user->password_len,
757 : peer_challenge, auth_challenge,
758 : username, username_len, nt_response,
759 68 : data->mschapv2_auth_response);
760 : }
761 : } else {
762 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
763 : "NT-Response");
764 1 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
765 : rx_resp, 24);
766 1 : wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
767 : nt_response, 24);
768 1 : data->mschapv2_resp_ok = 0;
769 : }
770 83 : eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
771 83 : data->mschapv2_ident = response[0];
772 : }
773 :
774 :
775 71 : static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
776 : struct eap_ttls_data *data,
777 : EapType eap_type)
778 : {
779 71 : if (data->phase2_priv && data->phase2_method) {
780 39 : data->phase2_method->reset(sm, data->phase2_priv);
781 39 : data->phase2_method = NULL;
782 39 : data->phase2_priv = NULL;
783 : }
784 71 : data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
785 : eap_type);
786 71 : if (!data->phase2_method)
787 0 : return -1;
788 :
789 71 : sm->init_phase2 = 1;
790 71 : data->phase2_priv = data->phase2_method->init(sm);
791 71 : sm->init_phase2 = 0;
792 71 : return data->phase2_priv == NULL ? -1 : 0;
793 : }
794 :
795 :
796 95 : static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
797 : struct eap_ttls_data *data,
798 : u8 *in_data, size_t in_len)
799 : {
800 95 : u8 next_type = EAP_TYPE_NONE;
801 : struct eap_hdr *hdr;
802 : u8 *pos;
803 : size_t left;
804 : struct wpabuf buf;
805 95 : const struct eap_method *m = data->phase2_method;
806 95 : void *priv = data->phase2_priv;
807 :
808 95 : if (priv == NULL) {
809 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
810 : "initialized?!", __func__);
811 0 : return;
812 : }
813 :
814 95 : hdr = (struct eap_hdr *) in_data;
815 95 : pos = (u8 *) (hdr + 1);
816 :
817 95 : if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
818 13 : left = in_len - sizeof(*hdr);
819 13 : wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
820 : "allowed types", pos + 1, left - 1);
821 13 : eap_sm_process_nak(sm, pos + 1, left - 1);
822 26 : if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
823 13 : sm->user->methods[sm->user_eap_method_index].method !=
824 : EAP_TYPE_NONE) {
825 26 : next_type = sm->user->methods[
826 13 : sm->user_eap_method_index++].method;
827 13 : wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
828 : next_type);
829 24 : if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
830 2 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
831 : "initialize EAP type %d",
832 : next_type);
833 2 : eap_ttls_state(data, FAILURE);
834 2 : return;
835 : }
836 : } else {
837 0 : eap_ttls_state(data, FAILURE);
838 : }
839 11 : return;
840 : }
841 :
842 82 : wpabuf_set(&buf, in_data, in_len);
843 :
844 82 : if (m->check(sm, priv, &buf)) {
845 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
846 : "ignore the packet");
847 0 : return;
848 : }
849 :
850 82 : m->process(sm, priv, &buf);
851 :
852 82 : if (sm->method_pending == METHOD_PENDING_WAIT) {
853 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
854 : "pending wait state - save decrypted response");
855 1 : wpabuf_free(data->pending_phase2_eap_resp);
856 1 : data->pending_phase2_eap_resp = wpabuf_dup(&buf);
857 : }
858 :
859 82 : if (!m->isDone(sm, priv))
860 32 : return;
861 :
862 50 : if (!m->isSuccess(sm, priv)) {
863 6 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
864 6 : eap_ttls_state(data, FAILURE);
865 6 : return;
866 : }
867 :
868 44 : switch (data->state) {
869 : case PHASE2_START:
870 30 : if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
871 8 : wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
872 : "Identity not found in the user "
873 : "database",
874 4 : sm->identity, sm->identity_len);
875 4 : eap_ttls_state(data, FAILURE);
876 4 : break;
877 : }
878 :
879 26 : eap_ttls_state(data, PHASE2_METHOD);
880 26 : next_type = sm->user->methods[0].method;
881 26 : sm->user_eap_method_index = 1;
882 26 : wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
883 26 : if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
884 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
885 : "EAP type %d", next_type);
886 1 : eap_ttls_state(data, FAILURE);
887 : }
888 26 : break;
889 : case PHASE2_METHOD:
890 14 : eap_ttls_state(data, SUCCESS);
891 14 : break;
892 : case FAILURE:
893 0 : break;
894 : default:
895 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
896 0 : __func__, data->state);
897 0 : break;
898 : }
899 : }
900 :
901 :
902 95 : static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
903 : struct eap_ttls_data *data,
904 : const u8 *eap, size_t eap_len)
905 : {
906 : struct eap_hdr *hdr;
907 : size_t len;
908 :
909 95 : if (data->state == PHASE2_START) {
910 30 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
911 30 : if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0)
912 : {
913 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
914 : "initialize EAP-Identity");
915 0 : return;
916 : }
917 : }
918 :
919 95 : if (eap_len < sizeof(*hdr)) {
920 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
921 : "packet (len=%lu)", (unsigned long) eap_len);
922 0 : return;
923 : }
924 :
925 95 : hdr = (struct eap_hdr *) eap;
926 95 : len = be_to_host16(hdr->length);
927 190 : wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
928 190 : "identifier=%d length=%lu", hdr->code, hdr->identifier,
929 : (unsigned long) len);
930 95 : if (len > eap_len) {
931 0 : wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
932 : " EAP frame (hdr len=%lu, data len in AVP=%lu)",
933 : (unsigned long) len, (unsigned long) eap_len);
934 0 : return;
935 : }
936 :
937 95 : switch (hdr->code) {
938 : case EAP_CODE_RESPONSE:
939 95 : eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
940 : len);
941 95 : break;
942 : default:
943 0 : wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
944 0 : "Phase 2 EAP header", hdr->code);
945 0 : break;
946 : }
947 : }
948 :
949 :
950 222 : static void eap_ttls_process_phase2(struct eap_sm *sm,
951 : struct eap_ttls_data *data,
952 : struct wpabuf *in_buf)
953 : {
954 : struct wpabuf *in_decrypted;
955 : struct eap_ttls_avp parse;
956 :
957 222 : wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
958 : " Phase 2", (unsigned long) wpabuf_len(in_buf));
959 :
960 222 : if (data->pending_phase2_eap_resp) {
961 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
962 : "- skip decryption and use old data");
963 2 : eap_ttls_process_phase2_eap(
964 1 : sm, data, wpabuf_head(data->pending_phase2_eap_resp),
965 1 : wpabuf_len(data->pending_phase2_eap_resp));
966 1 : wpabuf_free(data->pending_phase2_eap_resp);
967 1 : data->pending_phase2_eap_resp = NULL;
968 2 : return;
969 : }
970 :
971 221 : in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
972 : in_buf);
973 221 : if (in_decrypted == NULL) {
974 0 : wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
975 : "data");
976 0 : eap_ttls_state(data, FAILURE);
977 0 : return;
978 : }
979 :
980 221 : wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
981 : in_decrypted);
982 :
983 221 : if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
984 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
985 0 : wpabuf_free(in_decrypted);
986 0 : eap_ttls_state(data, FAILURE);
987 0 : return;
988 : }
989 :
990 221 : if (parse.user_name) {
991 : char *nbuf;
992 127 : nbuf = os_malloc(parse.user_name_len * 4 + 1);
993 127 : if (nbuf) {
994 254 : printf_encode(nbuf, parse.user_name_len * 4 + 1,
995 127 : parse.user_name,
996 : parse.user_name_len);
997 127 : eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
998 127 : os_free(nbuf);
999 : }
1000 :
1001 127 : os_free(sm->identity);
1002 127 : sm->identity = os_malloc(parse.user_name_len);
1003 127 : if (sm->identity == NULL) {
1004 0 : eap_ttls_state(data, FAILURE);
1005 0 : goto done;
1006 : }
1007 127 : os_memcpy(sm->identity, parse.user_name, parse.user_name_len);
1008 127 : sm->identity_len = parse.user_name_len;
1009 127 : if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
1010 : != 0) {
1011 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
1012 : "found in the user database");
1013 1 : eap_ttls_state(data, FAILURE);
1014 1 : goto done;
1015 : }
1016 : }
1017 :
1018 : #ifdef EAP_SERVER_TNC
1019 220 : if (data->tnc_started && parse.eap == NULL) {
1020 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1021 : "response from peer");
1022 0 : eap_ttls_state(data, FAILURE);
1023 0 : goto done;
1024 : }
1025 : #endif /* EAP_SERVER_TNC */
1026 :
1027 220 : if (parse.eap) {
1028 94 : eap_ttls_process_phase2_eap(sm, data, parse.eap,
1029 : parse.eap_len);
1030 126 : } else if (parse.user_password) {
1031 22 : eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1032 : parse.user_password_len);
1033 104 : } else if (parse.chap_password) {
1034 30 : eap_ttls_process_phase2_chap(sm, data,
1035 10 : parse.chap_challenge,
1036 : parse.chap_challenge_len,
1037 10 : parse.chap_password,
1038 : parse.chap_password_len);
1039 94 : } else if (parse.mschap_response) {
1040 10 : eap_ttls_process_phase2_mschap(sm, data,
1041 : parse.mschap_challenge,
1042 : parse.mschap_challenge_len,
1043 : parse.mschap_response,
1044 : parse.mschap_response_len);
1045 84 : } else if (parse.mschap2_response) {
1046 84 : eap_ttls_process_phase2_mschapv2(sm, data,
1047 : parse.mschap_challenge,
1048 : parse.mschap_challenge_len,
1049 : parse.mschap2_response,
1050 : parse.mschap2_response_len);
1051 : }
1052 :
1053 : done:
1054 221 : wpabuf_free(in_decrypted);
1055 221 : os_free(parse.eap);
1056 : }
1057 :
1058 :
1059 305 : static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1060 : {
1061 : #ifdef EAP_SERVER_TNC
1062 305 : if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
1063 303 : return;
1064 :
1065 2 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1066 2 : if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
1067 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1068 0 : eap_ttls_state(data, FAILURE);
1069 0 : return;
1070 : }
1071 :
1072 2 : data->tnc_started = 1;
1073 2 : eap_ttls_state(data, PHASE2_METHOD);
1074 : #endif /* EAP_SERVER_TNC */
1075 : }
1076 :
1077 :
1078 881 : static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1079 : int peer_version)
1080 : {
1081 881 : struct eap_ttls_data *data = priv;
1082 881 : if (peer_version < data->ttls_version) {
1083 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1084 : "use version %d",
1085 : peer_version, data->ttls_version, peer_version);
1086 0 : data->ttls_version = peer_version;
1087 : }
1088 :
1089 881 : return 0;
1090 : }
1091 :
1092 :
1093 662 : static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1094 : const struct wpabuf *respData)
1095 : {
1096 662 : struct eap_ttls_data *data = priv;
1097 :
1098 662 : switch (data->state) {
1099 : case PHASE1:
1100 357 : if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1101 22 : eap_ttls_state(data, FAILURE);
1102 357 : break;
1103 : case PHASE2_START:
1104 : case PHASE2_METHOD:
1105 222 : eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1106 222 : eap_ttls_start_tnc(sm, data);
1107 222 : break;
1108 : case PHASE2_MSCHAPV2_RESP:
1109 83 : if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1110 : 0) {
1111 82 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1112 : "acknowledged response");
1113 82 : eap_ttls_state(data, SUCCESS);
1114 1 : } else if (!data->mschapv2_resp_ok) {
1115 1 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1116 : "acknowledged error");
1117 1 : eap_ttls_state(data, FAILURE);
1118 : } else {
1119 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1120 : "frame from peer (payload len %lu, "
1121 : "expected empty frame)",
1122 : (unsigned long)
1123 0 : wpabuf_len(data->ssl.tls_in));
1124 0 : eap_ttls_state(data, FAILURE);
1125 : }
1126 83 : eap_ttls_start_tnc(sm, data);
1127 83 : break;
1128 : default:
1129 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1130 0 : data->state, __func__);
1131 0 : break;
1132 : }
1133 662 : }
1134 :
1135 :
1136 881 : static void eap_ttls_process(struct eap_sm *sm, void *priv,
1137 : struct wpabuf *respData)
1138 : {
1139 881 : struct eap_ttls_data *data = priv;
1140 881 : if (eap_server_tls_process(sm, &data->ssl, respData, data,
1141 : EAP_TYPE_TTLS, eap_ttls_process_version,
1142 : eap_ttls_process_msg) < 0)
1143 0 : eap_ttls_state(data, FAILURE);
1144 881 : }
1145 :
1146 :
1147 925 : static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
1148 : {
1149 925 : struct eap_ttls_data *data = priv;
1150 925 : return data->state == SUCCESS || data->state == FAILURE;
1151 : }
1152 :
1153 :
1154 174 : static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1155 : {
1156 174 : struct eap_ttls_data *data = priv;
1157 : u8 *eapKeyData;
1158 :
1159 174 : if (data->state != SUCCESS)
1160 44 : return NULL;
1161 :
1162 130 : eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1163 : "ttls keying material",
1164 : EAP_TLS_KEY_LEN);
1165 130 : if (eapKeyData) {
1166 130 : *len = EAP_TLS_KEY_LEN;
1167 130 : wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1168 : eapKeyData, EAP_TLS_KEY_LEN);
1169 : } else {
1170 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1171 : }
1172 :
1173 130 : return eapKeyData;
1174 : }
1175 :
1176 :
1177 218 : static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1178 : {
1179 218 : struct eap_ttls_data *data = priv;
1180 218 : return data->state == SUCCESS;
1181 : }
1182 :
1183 :
1184 174 : static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1185 : {
1186 174 : struct eap_ttls_data *data = priv;
1187 :
1188 174 : if (data->state != SUCCESS)
1189 44 : return NULL;
1190 :
1191 130 : return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS,
1192 : len);
1193 : }
1194 :
1195 :
1196 2 : static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1197 : {
1198 2 : struct eap_ttls_data *data = priv;
1199 : u8 *eapKeyData, *emsk;
1200 :
1201 2 : if (data->state != SUCCESS)
1202 0 : return NULL;
1203 :
1204 2 : eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1205 : "ttls keying material",
1206 : EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1207 2 : if (eapKeyData) {
1208 2 : emsk = os_malloc(EAP_EMSK_LEN);
1209 2 : if (emsk)
1210 2 : os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
1211 : EAP_EMSK_LEN);
1212 2 : bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1213 : } else
1214 0 : emsk = NULL;
1215 :
1216 2 : if (emsk) {
1217 2 : *len = EAP_EMSK_LEN;
1218 2 : wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK",
1219 : emsk, EAP_EMSK_LEN);
1220 : } else {
1221 0 : wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK");
1222 : }
1223 :
1224 2 : return emsk;
1225 : }
1226 :
1227 :
1228 10 : int eap_server_ttls_register(void)
1229 : {
1230 : struct eap_method *eap;
1231 : int ret;
1232 :
1233 10 : eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1234 : EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1235 10 : if (eap == NULL)
1236 0 : return -1;
1237 :
1238 10 : eap->init = eap_ttls_init;
1239 10 : eap->reset = eap_ttls_reset;
1240 10 : eap->buildReq = eap_ttls_buildReq;
1241 10 : eap->check = eap_ttls_check;
1242 10 : eap->process = eap_ttls_process;
1243 10 : eap->isDone = eap_ttls_isDone;
1244 10 : eap->getKey = eap_ttls_getKey;
1245 10 : eap->isSuccess = eap_ttls_isSuccess;
1246 10 : eap->getSessionId = eap_ttls_get_session_id;
1247 10 : eap->get_emsk = eap_ttls_get_emsk;
1248 :
1249 10 : ret = eap_server_method_register(eap);
1250 10 : if (ret)
1251 0 : eap_server_method_free(eap);
1252 10 : return ret;
1253 : }
|
