Line data Source code
1 : /*
2 : * hostapd / EAP-SAKE (RFC 4763) server
3 : * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "crypto/random.h"
13 : #include "eap_server/eap_i.h"
14 : #include "eap_common/eap_sake_common.h"
15 :
16 :
17 : struct eap_sake_data {
18 : enum { IDENTITY, CHALLENGE, CONFIRM, SUCCESS, FAILURE } state;
19 : u8 rand_s[EAP_SAKE_RAND_LEN];
20 : u8 rand_p[EAP_SAKE_RAND_LEN];
21 : struct {
22 : u8 auth[EAP_SAKE_TEK_AUTH_LEN];
23 : u8 cipher[EAP_SAKE_TEK_CIPHER_LEN];
24 : } tek;
25 : u8 msk[EAP_MSK_LEN];
26 : u8 emsk[EAP_EMSK_LEN];
27 : u8 session_id;
28 : u8 *peerid;
29 : size_t peerid_len;
30 : };
31 :
32 :
33 36 : static const char * eap_sake_state_txt(int state)
34 : {
35 36 : switch (state) {
36 : case IDENTITY:
37 0 : return "IDENTITY";
38 : case CHALLENGE:
39 10 : return "CHALLENGE";
40 : case CONFIRM:
41 17 : return "CONFIRM";
42 : case SUCCESS:
43 6 : return "SUCCESS";
44 : case FAILURE:
45 3 : return "FAILURE";
46 : default:
47 0 : return "?";
48 : }
49 : }
50 :
51 :
52 18 : static void eap_sake_state(struct eap_sake_data *data, int state)
53 : {
54 36 : wpa_printf(MSG_DEBUG, "EAP-SAKE: %s -> %s",
55 18 : eap_sake_state_txt(data->state),
56 : eap_sake_state_txt(state));
57 18 : data->state = state;
58 18 : }
59 :
60 :
61 18 : static void * eap_sake_init(struct eap_sm *sm)
62 : {
63 : struct eap_sake_data *data;
64 :
65 18 : data = os_zalloc(sizeof(*data));
66 18 : if (data == NULL)
67 0 : return NULL;
68 18 : data->state = CHALLENGE;
69 :
70 18 : if (os_get_random(&data->session_id, 1)) {
71 0 : wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
72 0 : os_free(data);
73 0 : return NULL;
74 : }
75 18 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Initialized Session ID %d",
76 18 : data->session_id);
77 :
78 18 : return data;
79 : }
80 :
81 :
82 18 : static void eap_sake_reset(struct eap_sm *sm, void *priv)
83 : {
84 18 : struct eap_sake_data *data = priv;
85 18 : os_free(data->peerid);
86 18 : bin_clear_free(data, sizeof(*data));
87 18 : }
88 :
89 :
90 27 : static struct wpabuf * eap_sake_build_msg(struct eap_sake_data *data,
91 : u8 id, size_t length, u8 subtype)
92 : {
93 : struct eap_sake_hdr *sake;
94 : struct wpabuf *msg;
95 : size_t plen;
96 :
97 27 : plen = sizeof(struct eap_sake_hdr) + length;
98 :
99 27 : msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_SAKE, plen,
100 : EAP_CODE_REQUEST, id);
101 27 : if (msg == NULL) {
102 0 : wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to allocate memory "
103 : "request");
104 0 : return NULL;
105 : }
106 :
107 27 : sake = wpabuf_put(msg, sizeof(*sake));
108 27 : sake->version = EAP_SAKE_VERSION;
109 27 : sake->session_id = data->session_id;
110 27 : sake->subtype = subtype;
111 :
112 27 : return msg;
113 : }
114 :
115 :
116 0 : static struct wpabuf * eap_sake_build_identity(struct eap_sm *sm,
117 : struct eap_sake_data *data,
118 : u8 id)
119 : {
120 : struct wpabuf *msg;
121 : size_t plen;
122 :
123 0 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Identity");
124 :
125 0 : plen = 4;
126 0 : plen += 2 + sm->server_id_len;
127 0 : msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_IDENTITY);
128 0 : if (msg == NULL) {
129 0 : data->state = FAILURE;
130 0 : return NULL;
131 : }
132 :
133 0 : wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PERM_ID_REQ");
134 0 : eap_sake_add_attr(msg, EAP_SAKE_AT_PERM_ID_REQ, NULL, 2);
135 :
136 0 : wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
137 0 : eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
138 : sm->server_id, sm->server_id_len);
139 :
140 0 : return msg;
141 : }
142 :
143 :
144 18 : static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
145 : struct eap_sake_data *data,
146 : u8 id)
147 : {
148 : struct wpabuf *msg;
149 : size_t plen;
150 :
151 18 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge");
152 :
153 18 : if (random_get_bytes(data->rand_s, EAP_SAKE_RAND_LEN)) {
154 0 : wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
155 0 : data->state = FAILURE;
156 0 : return NULL;
157 : }
158 18 : wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
159 18 : data->rand_s, EAP_SAKE_RAND_LEN);
160 :
161 18 : plen = 2 + EAP_SAKE_RAND_LEN + 2 + sm->server_id_len;
162 18 : msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_CHALLENGE);
163 18 : if (msg == NULL) {
164 0 : data->state = FAILURE;
165 0 : return NULL;
166 : }
167 :
168 18 : wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_S");
169 18 : eap_sake_add_attr(msg, EAP_SAKE_AT_RAND_S,
170 18 : data->rand_s, EAP_SAKE_RAND_LEN);
171 :
172 18 : wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
173 18 : eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
174 : sm->server_id, sm->server_id_len);
175 :
176 18 : return msg;
177 : }
178 :
179 :
180 9 : static struct wpabuf * eap_sake_build_confirm(struct eap_sm *sm,
181 : struct eap_sake_data *data,
182 : u8 id)
183 : {
184 : struct wpabuf *msg;
185 : u8 *mic;
186 :
187 9 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Confirm");
188 :
189 9 : msg = eap_sake_build_msg(data, id, 2 + EAP_SAKE_MIC_LEN,
190 : EAP_SAKE_SUBTYPE_CONFIRM);
191 9 : if (msg == NULL) {
192 0 : data->state = FAILURE;
193 0 : return NULL;
194 : }
195 :
196 9 : wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_S");
197 9 : wpabuf_put_u8(msg, EAP_SAKE_AT_MIC_S);
198 9 : wpabuf_put_u8(msg, 2 + EAP_SAKE_MIC_LEN);
199 9 : mic = wpabuf_put(msg, EAP_SAKE_MIC_LEN);
200 27 : if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
201 : sm->server_id, sm->server_id_len,
202 9 : data->peerid, data->peerid_len, 0,
203 9 : wpabuf_head(msg), wpabuf_len(msg), mic, mic))
204 : {
205 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
206 0 : data->state = FAILURE;
207 0 : os_free(msg);
208 0 : return NULL;
209 : }
210 :
211 9 : return msg;
212 : }
213 :
214 :
215 27 : static struct wpabuf * eap_sake_buildReq(struct eap_sm *sm, void *priv, u8 id)
216 : {
217 27 : struct eap_sake_data *data = priv;
218 :
219 27 : switch (data->state) {
220 : case IDENTITY:
221 0 : return eap_sake_build_identity(sm, data, id);
222 : case CHALLENGE:
223 18 : return eap_sake_build_challenge(sm, data, id);
224 : case CONFIRM:
225 9 : return eap_sake_build_confirm(sm, data, id);
226 : default:
227 0 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Unknown state %d in buildReq",
228 0 : data->state);
229 0 : break;
230 : }
231 0 : return NULL;
232 : }
233 :
234 :
235 18 : static Boolean eap_sake_check(struct eap_sm *sm, void *priv,
236 : struct wpabuf *respData)
237 : {
238 18 : struct eap_sake_data *data = priv;
239 : struct eap_sake_hdr *resp;
240 : size_t len;
241 : u8 version, session_id, subtype;
242 : const u8 *pos;
243 :
244 18 : pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, respData, &len);
245 18 : if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
246 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Invalid frame");
247 0 : return TRUE;
248 : }
249 :
250 18 : resp = (struct eap_sake_hdr *) pos;
251 18 : version = resp->version;
252 18 : session_id = resp->session_id;
253 18 : subtype = resp->subtype;
254 :
255 18 : if (version != EAP_SAKE_VERSION) {
256 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Unknown version %d", version);
257 0 : return TRUE;
258 : }
259 :
260 18 : if (session_id != data->session_id) {
261 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)",
262 0 : session_id, data->session_id);
263 0 : return TRUE;
264 : }
265 :
266 18 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype=%d", subtype);
267 :
268 18 : if (data->state == IDENTITY && subtype == EAP_SAKE_SUBTYPE_IDENTITY)
269 0 : return FALSE;
270 :
271 18 : if (data->state == CHALLENGE && subtype == EAP_SAKE_SUBTYPE_CHALLENGE)
272 10 : return FALSE;
273 :
274 8 : if (data->state == CONFIRM && subtype == EAP_SAKE_SUBTYPE_CONFIRM)
275 6 : return FALSE;
276 :
277 2 : if (subtype == EAP_SAKE_SUBTYPE_AUTH_REJECT)
278 2 : return FALSE;
279 :
280 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Unexpected subtype=%d in state=%d",
281 0 : subtype, data->state);
282 :
283 0 : return TRUE;
284 : }
285 :
286 :
287 0 : static void eap_sake_process_identity(struct eap_sm *sm,
288 : struct eap_sake_data *data,
289 : const struct wpabuf *respData,
290 : const u8 *payload, size_t payloadlen)
291 : {
292 0 : if (data->state != IDENTITY)
293 0 : return;
294 :
295 0 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Identity");
296 : /* TODO: update identity and select new user data */
297 0 : eap_sake_state(data, CHALLENGE);
298 : }
299 :
300 :
301 10 : static void eap_sake_process_challenge(struct eap_sm *sm,
302 : struct eap_sake_data *data,
303 : const struct wpabuf *respData,
304 : const u8 *payload, size_t payloadlen)
305 : {
306 : struct eap_sake_parse_attr attr;
307 : u8 mic_p[EAP_SAKE_MIC_LEN];
308 :
309 10 : if (data->state != CHALLENGE)
310 1 : return;
311 :
312 10 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Challenge");
313 :
314 10 : if (eap_sake_parse_attributes(payload, payloadlen, &attr))
315 0 : return;
316 :
317 10 : if (!attr.rand_p || !attr.mic_p) {
318 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Response/Challenge did not "
319 : "include AT_RAND_P or AT_MIC_P");
320 0 : return;
321 : }
322 :
323 10 : os_memcpy(data->rand_p, attr.rand_p, EAP_SAKE_RAND_LEN);
324 :
325 10 : os_free(data->peerid);
326 10 : data->peerid = NULL;
327 10 : data->peerid_len = 0;
328 10 : if (attr.peerid) {
329 10 : data->peerid = os_malloc(attr.peerid_len);
330 10 : if (data->peerid == NULL)
331 0 : return;
332 10 : os_memcpy(data->peerid, attr.peerid, attr.peerid_len);
333 10 : data->peerid_len = attr.peerid_len;
334 : }
335 :
336 20 : if (sm->user == NULL || sm->user->password == NULL ||
337 10 : sm->user->password_len != 2 * EAP_SAKE_ROOT_SECRET_LEN) {
338 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Plaintext password with "
339 : "%d-byte key not configured",
340 : 2 * EAP_SAKE_ROOT_SECRET_LEN);
341 0 : data->state = FAILURE;
342 0 : return;
343 : }
344 10 : eap_sake_derive_keys(sm->user->password,
345 10 : sm->user->password + EAP_SAKE_ROOT_SECRET_LEN,
346 10 : data->rand_s, data->rand_p,
347 10 : (u8 *) &data->tek, data->msk, data->emsk);
348 :
349 30 : eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
350 : sm->server_id, sm->server_id_len,
351 10 : data->peerid, data->peerid_len, 1,
352 10 : wpabuf_head(respData), wpabuf_len(respData),
353 : attr.mic_p, mic_p);
354 10 : if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
355 1 : wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
356 1 : eap_sake_state(data, FAILURE);
357 1 : return;
358 : }
359 :
360 9 : eap_sake_state(data, CONFIRM);
361 : }
362 :
363 :
364 6 : static void eap_sake_process_confirm(struct eap_sm *sm,
365 : struct eap_sake_data *data,
366 : const struct wpabuf *respData,
367 : const u8 *payload, size_t payloadlen)
368 : {
369 : struct eap_sake_parse_attr attr;
370 : u8 mic_p[EAP_SAKE_MIC_LEN];
371 :
372 6 : if (data->state != CONFIRM)
373 0 : return;
374 :
375 6 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Confirm");
376 :
377 6 : if (eap_sake_parse_attributes(payload, payloadlen, &attr))
378 0 : return;
379 :
380 6 : if (!attr.mic_p) {
381 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Response/Confirm did not "
382 : "include AT_MIC_P");
383 0 : return;
384 : }
385 :
386 18 : eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
387 : sm->server_id, sm->server_id_len,
388 6 : data->peerid, data->peerid_len, 1,
389 6 : wpabuf_head(respData), wpabuf_len(respData),
390 : attr.mic_p, mic_p);
391 6 : if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
392 0 : wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
393 0 : eap_sake_state(data, FAILURE);
394 : } else
395 6 : eap_sake_state(data, SUCCESS);
396 : }
397 :
398 :
399 2 : static void eap_sake_process_auth_reject(struct eap_sm *sm,
400 : struct eap_sake_data *data,
401 : const struct wpabuf *respData,
402 : const u8 *payload, size_t payloadlen)
403 : {
404 2 : wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Auth-Reject");
405 2 : eap_sake_state(data, FAILURE);
406 2 : }
407 :
408 :
409 18 : static void eap_sake_process(struct eap_sm *sm, void *priv,
410 : struct wpabuf *respData)
411 : {
412 18 : struct eap_sake_data *data = priv;
413 : struct eap_sake_hdr *resp;
414 : u8 subtype;
415 : size_t len;
416 : const u8 *pos, *end;
417 :
418 18 : pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, respData, &len);
419 18 : if (pos == NULL || len < sizeof(struct eap_sake_hdr))
420 18 : return;
421 :
422 18 : resp = (struct eap_sake_hdr *) pos;
423 18 : end = pos + len;
424 18 : subtype = resp->subtype;
425 18 : pos = (u8 *) (resp + 1);
426 :
427 18 : wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Received attributes",
428 18 : pos, end - pos);
429 :
430 18 : switch (subtype) {
431 : case EAP_SAKE_SUBTYPE_IDENTITY:
432 0 : eap_sake_process_identity(sm, data, respData, pos, end - pos);
433 0 : break;
434 : case EAP_SAKE_SUBTYPE_CHALLENGE:
435 10 : eap_sake_process_challenge(sm, data, respData, pos, end - pos);
436 10 : break;
437 : case EAP_SAKE_SUBTYPE_CONFIRM:
438 6 : eap_sake_process_confirm(sm, data, respData, pos, end - pos);
439 6 : break;
440 : case EAP_SAKE_SUBTYPE_AUTH_REJECT:
441 2 : eap_sake_process_auth_reject(sm, data, respData, pos,
442 2 : end - pos);
443 2 : break;
444 : }
445 : }
446 :
447 :
448 21 : static Boolean eap_sake_isDone(struct eap_sm *sm, void *priv)
449 : {
450 21 : struct eap_sake_data *data = priv;
451 21 : return data->state == SUCCESS || data->state == FAILURE;
452 : }
453 :
454 :
455 9 : static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len)
456 : {
457 9 : struct eap_sake_data *data = priv;
458 : u8 *key;
459 :
460 9 : if (data->state != SUCCESS)
461 3 : return NULL;
462 :
463 6 : key = os_malloc(EAP_MSK_LEN);
464 6 : if (key == NULL)
465 0 : return NULL;
466 6 : os_memcpy(key, data->msk, EAP_MSK_LEN);
467 6 : *len = EAP_MSK_LEN;
468 :
469 6 : return key;
470 : }
471 :
472 :
473 1 : static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
474 : {
475 1 : struct eap_sake_data *data = priv;
476 : u8 *key;
477 :
478 1 : if (data->state != SUCCESS)
479 0 : return NULL;
480 :
481 1 : key = os_malloc(EAP_EMSK_LEN);
482 1 : if (key == NULL)
483 0 : return NULL;
484 1 : os_memcpy(key, data->emsk, EAP_EMSK_LEN);
485 1 : *len = EAP_EMSK_LEN;
486 :
487 1 : return key;
488 : }
489 :
490 :
491 12 : static Boolean eap_sake_isSuccess(struct eap_sm *sm, void *priv)
492 : {
493 12 : struct eap_sake_data *data = priv;
494 12 : return data->state == SUCCESS;
495 : }
496 :
497 :
498 9 : static u8 * eap_sake_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
499 : {
500 9 : struct eap_sake_data *data = priv;
501 : u8 *id;
502 :
503 9 : if (data->state != SUCCESS)
504 3 : return NULL;
505 :
506 6 : *len = 1 + 2 * EAP_SAKE_RAND_LEN;
507 6 : id = os_malloc(*len);
508 6 : if (id == NULL)
509 0 : return NULL;
510 :
511 6 : id[0] = EAP_TYPE_SAKE;
512 6 : os_memcpy(id + 1, data->rand_s, EAP_SAKE_RAND_LEN);
513 6 : os_memcpy(id + 1 + EAP_SAKE_RAND_LEN, data->rand_s, EAP_SAKE_RAND_LEN);
514 6 : wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Derived Session-Id", id, *len);
515 :
516 6 : return id;
517 : }
518 :
519 :
520 25 : int eap_server_sake_register(void)
521 : {
522 : struct eap_method *eap;
523 :
524 25 : eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
525 : EAP_VENDOR_IETF, EAP_TYPE_SAKE, "SAKE");
526 25 : if (eap == NULL)
527 0 : return -1;
528 :
529 25 : eap->init = eap_sake_init;
530 25 : eap->reset = eap_sake_reset;
531 25 : eap->buildReq = eap_sake_buildReq;
532 25 : eap->check = eap_sake_check;
533 25 : eap->process = eap_sake_process;
534 25 : eap->isDone = eap_sake_isDone;
535 25 : eap->getKey = eap_sake_getKey;
536 25 : eap->isSuccess = eap_sake_isSuccess;
537 25 : eap->get_emsk = eap_sake_get_emsk;
538 25 : eap->getSessionId = eap_sake_get_session_id;
539 :
540 25 : return eap_server_method_register(eap);
541 : }
|
