1/* 2 * hostapd / EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "crypto/ms_funcs.h" 13#include "crypto/sha1.h" 14#include "crypto/tls.h" 15#include "eap_server/eap_i.h" 16#include "eap_server/eap_tls_common.h" 17#include "eap_common/chap.h" 18#include "eap_common/eap_ttls.h" 19 20 21#define EAP_TTLS_VERSION 0 22 23 24static void eap_ttls_reset(struct eap_sm *sm, void *priv); 25 26 27struct eap_ttls_data { 28 struct eap_ssl_data ssl; 29 enum { 30 START, PHASE1, PHASE2_START, PHASE2_METHOD, 31 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE 32 } state; 33 34 int ttls_version; 35 const struct eap_method *phase2_method; 36 void *phase2_priv; 37 int mschapv2_resp_ok; 38 u8 mschapv2_auth_response[20]; 39 u8 mschapv2_ident; 40 struct wpabuf *pending_phase2_eap_resp; 41 int tnc_started; 42}; 43 44 45static const char * eap_ttls_state_txt(int state) 46{ 47 switch (state) { 48 case START: 49 return "START"; 50 case PHASE1: 51 return "PHASE1"; 52 case PHASE2_START: 53 return "PHASE2_START"; 54 case PHASE2_METHOD: 55 return "PHASE2_METHOD"; 56 case PHASE2_MSCHAPV2_RESP: 57 return "PHASE2_MSCHAPV2_RESP"; 58 case SUCCESS: 59 return "SUCCESS"; 60 case FAILURE: 61 return "FAILURE"; 62 default: 63 return "Unknown?!"; 64 } 65} 66 67 68static void eap_ttls_state(struct eap_ttls_data *data, int state) 69{ 70 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s", 71 eap_ttls_state_txt(data->state), 72 eap_ttls_state_txt(state)); 73 data->state = state; 74 if (state == FAILURE) 75 tls_connection_remove_session(data->ssl.conn); 76} 77 78 79static void eap_ttls_valid_session(struct eap_sm *sm, 80 struct eap_ttls_data *data) 81{ 82 struct wpabuf *buf; 83 84 if (!sm->tls_session_lifetime) 85 return; 86 87 buf = wpabuf_alloc(1 + 1 + sm->identity_len); 88 if (!buf) 89 return; 90 wpabuf_put_u8(buf, EAP_TYPE_TTLS); 91 if (sm->identity) { 92 u8 id_len; 93 94 if (sm->identity_len <= 255) 95 id_len = sm->identity_len; 96 else 97 id_len = 255; 98 wpabuf_put_u8(buf, id_len); 99 wpabuf_put_data(buf, sm->identity, id_len); 100 } else { 101 wpabuf_put_u8(buf, 0); 102 } 103 tls_connection_set_success_data(data->ssl.conn, buf); 104} 105 106 107static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 108 int mandatory, size_t len) 109{ 110 struct ttls_avp_vendor *avp; 111 u8 flags; 112 size_t hdrlen; 113 114 avp = (struct ttls_avp_vendor *) avphdr; 115 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 116 if (vendor_id) { 117 flags |= AVP_FLAGS_VENDOR; 118 hdrlen = sizeof(*avp); 119 avp->vendor_id = host_to_be32(vendor_id); 120 } else { 121 hdrlen = sizeof(struct ttls_avp); 122 } 123 124 avp->avp_code = host_to_be32(avp_code); 125 avp->avp_length = host_to_be32(((u32) flags << 24) | 126 ((u32) (hdrlen + len))); 127 128 return avphdr + hdrlen; 129} 130 131 132static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp, 133 u32 avp_code, int mandatory) 134{ 135 struct wpabuf *avp; 136 u8 *pos; 137 138 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4); 139 if (avp == NULL) { 140 wpabuf_free(resp); 141 return NULL; 142 } 143 144 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory, 145 wpabuf_len(resp)); 146 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp)); 147 pos += wpabuf_len(resp); 148 AVP_PAD((const u8 *) wpabuf_head(avp), pos); 149 wpabuf_free(resp); 150 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp)); 151 return avp; 152} 153 154 155struct eap_ttls_avp { 156 /* Note: eap is allocated memory; caller is responsible for freeing 157 * it. All the other pointers are pointing to the packet data, i.e., 158 * they must not be freed separately. */ 159 u8 *eap; 160 size_t eap_len; 161 u8 *user_name; 162 size_t user_name_len; 163 u8 *user_password; 164 size_t user_password_len; 165 u8 *chap_challenge; 166 size_t chap_challenge_len; 167 u8 *chap_password; 168 size_t chap_password_len; 169 u8 *mschap_challenge; 170 size_t mschap_challenge_len; 171 u8 *mschap_response; 172 size_t mschap_response_len; 173 u8 *mschap2_response; 174 size_t mschap2_response_len; 175}; 176 177 178static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse) 179{ 180 struct ttls_avp *avp; 181 u8 *pos; 182 int left; 183 184 pos = wpabuf_mhead(buf); 185 left = wpabuf_len(buf); 186 os_memset(parse, 0, sizeof(*parse)); 187 188 while (left > 0) { 189 u32 avp_code, avp_length, vendor_id = 0; 190 u8 avp_flags, *dpos; 191 size_t pad, dlen; 192 avp = (struct ttls_avp *) pos; 193 avp_code = be_to_host32(avp->avp_code); 194 avp_length = be_to_host32(avp->avp_length); 195 avp_flags = (avp_length >> 24) & 0xff; 196 avp_length &= 0xffffff; 197 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 198 "length=%d", (int) avp_code, avp_flags, 199 (int) avp_length); 200 if ((int) avp_length > left) { 201 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 202 "(len=%d, left=%d) - dropped", 203 (int) avp_length, left); 204 goto fail; 205 } 206 if (avp_length < sizeof(*avp)) { 207 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length " 208 "%d", avp_length); 209 goto fail; 210 } 211 dpos = (u8 *) (avp + 1); 212 dlen = avp_length - sizeof(*avp); 213 if (avp_flags & AVP_FLAGS_VENDOR) { 214 if (dlen < 4) { 215 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP " 216 "underflow"); 217 goto fail; 218 } 219 vendor_id = be_to_host32(* (be32 *) dpos); 220 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 221 (int) vendor_id); 222 dpos += 4; 223 dlen -= 4; 224 } 225 226 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 227 228 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 229 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 230 if (parse->eap == NULL) { 231 parse->eap = os_memdup(dpos, dlen); 232 if (parse->eap == NULL) { 233 wpa_printf(MSG_WARNING, "EAP-TTLS: " 234 "failed to allocate memory " 235 "for Phase 2 EAP data"); 236 goto fail; 237 } 238 parse->eap_len = dlen; 239 } else { 240 u8 *neweap = os_realloc(parse->eap, 241 parse->eap_len + dlen); 242 if (neweap == NULL) { 243 wpa_printf(MSG_WARNING, "EAP-TTLS: " 244 "failed to allocate memory " 245 "for Phase 2 EAP data"); 246 goto fail; 247 } 248 os_memcpy(neweap + parse->eap_len, dpos, dlen); 249 parse->eap = neweap; 250 parse->eap_len += dlen; 251 } 252 } else if (vendor_id == 0 && 253 avp_code == RADIUS_ATTR_USER_NAME) { 254 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name", 255 dpos, dlen); 256 parse->user_name = dpos; 257 parse->user_name_len = dlen; 258 } else if (vendor_id == 0 && 259 avp_code == RADIUS_ATTR_USER_PASSWORD) { 260 u8 *password = dpos; 261 size_t password_len = dlen; 262 while (password_len > 0 && 263 password[password_len - 1] == '\0') { 264 password_len--; 265 } 266 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: " 267 "User-Password (PAP)", 268 password, password_len); 269 parse->user_password = password; 270 parse->user_password_len = password_len; 271 } else if (vendor_id == 0 && 272 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) { 273 wpa_hexdump(MSG_DEBUG, 274 "EAP-TTLS: CHAP-Challenge (CHAP)", 275 dpos, dlen); 276 parse->chap_challenge = dpos; 277 parse->chap_challenge_len = dlen; 278 } else if (vendor_id == 0 && 279 avp_code == RADIUS_ATTR_CHAP_PASSWORD) { 280 wpa_hexdump(MSG_DEBUG, 281 "EAP-TTLS: CHAP-Password (CHAP)", 282 dpos, dlen); 283 parse->chap_password = dpos; 284 parse->chap_password_len = dlen; 285 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 286 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) { 287 wpa_hexdump(MSG_DEBUG, 288 "EAP-TTLS: MS-CHAP-Challenge", 289 dpos, dlen); 290 parse->mschap_challenge = dpos; 291 parse->mschap_challenge_len = dlen; 292 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 293 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) { 294 wpa_hexdump(MSG_DEBUG, 295 "EAP-TTLS: MS-CHAP-Response (MSCHAP)", 296 dpos, dlen); 297 parse->mschap_response = dpos; 298 parse->mschap_response_len = dlen; 299 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 300 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) { 301 wpa_hexdump(MSG_DEBUG, 302 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)", 303 dpos, dlen); 304 parse->mschap2_response = dpos; 305 parse->mschap2_response_len = dlen; 306 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 307 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported " 308 "mandatory AVP code %d vendor_id %d - " 309 "dropped", (int) avp_code, (int) vendor_id); 310 goto fail; 311 } else { 312 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported " 313 "AVP code %d vendor_id %d", 314 (int) avp_code, (int) vendor_id); 315 } 316 317 pad = (4 - (avp_length & 3)) & 3; 318 pos += avp_length + pad; 319 left -= avp_length + pad; 320 } 321 322 return 0; 323 324fail: 325 os_free(parse->eap); 326 parse->eap = NULL; 327 return -1; 328} 329 330 331static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 332 struct eap_ttls_data *data, size_t len) 333{ 334 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge", 335 NULL, 0, len); 336} 337 338 339static void * eap_ttls_init(struct eap_sm *sm) 340{ 341 struct eap_ttls_data *data; 342 343 data = os_zalloc(sizeof(*data)); 344 if (data == NULL) 345 return NULL; 346 data->ttls_version = EAP_TTLS_VERSION; 347 data->state = START; 348 349 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) { 350 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 351 eap_ttls_reset(sm, data); 352 return NULL; 353 } 354 355 return data; 356} 357 358 359static void eap_ttls_reset(struct eap_sm *sm, void *priv) 360{ 361 struct eap_ttls_data *data = priv; 362 if (data == NULL) 363 return; 364 if (data->phase2_priv && data->phase2_method) 365 data->phase2_method->reset(sm, data->phase2_priv); 366 eap_server_tls_ssl_deinit(sm, &data->ssl); 367 wpabuf_free(data->pending_phase2_eap_resp); 368 bin_clear_free(data, sizeof(*data)); 369} 370 371 372static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm, 373 struct eap_ttls_data *data, u8 id) 374{ 375 struct wpabuf *req; 376 377 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1, 378 EAP_CODE_REQUEST, id); 379 if (req == NULL) { 380 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for" 381 " request"); 382 eap_ttls_state(data, FAILURE); 383 return NULL; 384 } 385 386 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version); 387 388 eap_ttls_state(data, PHASE1); 389 390 return req; 391} 392 393 394static struct wpabuf * eap_ttls_build_phase2_eap_req( 395 struct eap_sm *sm, struct eap_ttls_data *data, u8 id) 396{ 397 struct wpabuf *buf, *encr_req; 398 399 400 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); 401 if (buf == NULL) 402 return NULL; 403 404 wpa_hexdump_buf_key(MSG_DEBUG, 405 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf); 406 407 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1); 408 if (buf == NULL) { 409 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate " 410 "packet"); 411 return NULL; 412 } 413 414 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated " 415 "Phase 2 data", buf); 416 417 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf); 418 wpabuf_free(buf); 419 420 return encr_req; 421} 422 423 424static struct wpabuf * eap_ttls_build_phase2_mschapv2( 425 struct eap_sm *sm, struct eap_ttls_data *data) 426{ 427 struct wpabuf *encr_req, msgbuf; 428 u8 *req, *pos, *end; 429 int ret; 430 431 pos = req = os_malloc(100); 432 if (req == NULL) 433 return NULL; 434 end = req + 100; 435 436 if (data->mschapv2_resp_ok) { 437 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS, 438 RADIUS_VENDOR_ID_MICROSOFT, 1, 43); 439 *pos++ = data->mschapv2_ident; 440 ret = os_snprintf((char *) pos, end - pos, "S="); 441 if (!os_snprintf_error(end - pos, ret)) 442 pos += ret; 443 pos += wpa_snprintf_hex_uppercase( 444 (char *) pos, end - pos, data->mschapv2_auth_response, 445 sizeof(data->mschapv2_auth_response)); 446 } else { 447 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR, 448 RADIUS_VENDOR_ID_MICROSOFT, 1, 6); 449 os_memcpy(pos, "Failed", 6); 450 pos += 6; 451 AVP_PAD(req, pos); 452 } 453 454 wpabuf_set(&msgbuf, req, pos - req); 455 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 " 456 "data", &msgbuf); 457 458 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 459 os_free(req); 460 461 return encr_req; 462} 463 464 465static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id) 466{ 467 struct eap_ttls_data *data = priv; 468 469 if (data->ssl.state == FRAG_ACK) { 470 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS, 471 data->ttls_version); 472 } 473 474 if (data->ssl.state == WAIT_FRAG_ACK) { 475 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 476 data->ttls_version, id); 477 } 478 479 switch (data->state) { 480 case START: 481 return eap_ttls_build_start(sm, data, id); 482 case PHASE1: 483 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 484 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, " 485 "starting Phase2"); 486 eap_ttls_state(data, PHASE2_START); 487 } 488 break; 489 case PHASE2_METHOD: 490 wpabuf_free(data->ssl.tls_out); 491 data->ssl.tls_out_pos = 0; 492 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data, 493 id); 494 break; 495 case PHASE2_MSCHAPV2_RESP: 496 wpabuf_free(data->ssl.tls_out); 497 data->ssl.tls_out_pos = 0; 498 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data); 499 break; 500 default: 501 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 502 __func__, data->state); 503 return NULL; 504 } 505 506 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS, 507 data->ttls_version, id); 508} 509 510 511static Boolean eap_ttls_check(struct eap_sm *sm, void *priv, 512 struct wpabuf *respData) 513{ 514 const u8 *pos; 515 size_t len; 516 517 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len); 518 if (pos == NULL || len < 1) { 519 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame"); 520 return TRUE; 521 } 522 523 return FALSE; 524} 525 526 527static void eap_ttls_process_phase2_pap(struct eap_sm *sm, 528 struct eap_ttls_data *data, 529 const u8 *user_password, 530 size_t user_password_len) 531{ 532 if (!sm->user || !sm->user->password || sm->user->password_hash || 533 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) { 534 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user " 535 "password configured"); 536 eap_ttls_state(data, FAILURE); 537 return; 538 } 539 540 if (sm->user->password_len != user_password_len || 541 os_memcmp_const(sm->user->password, user_password, 542 user_password_len) != 0) { 543 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password"); 544 eap_ttls_state(data, FAILURE); 545 return; 546 } 547 548 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password"); 549 eap_ttls_state(data, SUCCESS); 550 eap_ttls_valid_session(sm, data); 551} 552 553 554static void eap_ttls_process_phase2_chap(struct eap_sm *sm, 555 struct eap_ttls_data *data, 556 const u8 *challenge, 557 size_t challenge_len, 558 const u8 *password, 559 size_t password_len) 560{ 561 u8 *chal, hash[CHAP_MD5_LEN]; 562 563 if (challenge == NULL || password == NULL || 564 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN || 565 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) { 566 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes " 567 "(challenge len %lu password len %lu)", 568 (unsigned long) challenge_len, 569 (unsigned long) password_len); 570 eap_ttls_state(data, FAILURE); 571 return; 572 } 573 574 if (!sm->user || !sm->user->password || sm->user->password_hash || 575 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) { 576 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user " 577 "password configured"); 578 eap_ttls_state(data, FAILURE); 579 return; 580 } 581 582 chal = eap_ttls_implicit_challenge(sm, data, 583 EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 584 if (chal == NULL) { 585 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate " 586 "challenge from TLS data"); 587 eap_ttls_state(data, FAILURE); 588 return; 589 } 590 591 if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) 592 != 0 || 593 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) { 594 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch"); 595 os_free(chal); 596 eap_ttls_state(data, FAILURE); 597 return; 598 } 599 os_free(chal); 600 601 /* MD5(Ident + Password + Challenge) */ 602 chap_md5(password[0], sm->user->password, sm->user->password_len, 603 challenge, challenge_len, hash); 604 605 if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 606 0) { 607 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password"); 608 eap_ttls_state(data, SUCCESS); 609 eap_ttls_valid_session(sm, data); 610 } else { 611 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password"); 612 eap_ttls_state(data, FAILURE); 613 } 614} 615 616 617static void eap_ttls_process_phase2_mschap(struct eap_sm *sm, 618 struct eap_ttls_data *data, 619 u8 *challenge, size_t challenge_len, 620 u8 *response, size_t response_len) 621{ 622 u8 *chal, nt_response[24]; 623 624 if (challenge == NULL || response == NULL || 625 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN || 626 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) { 627 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP " 628 "attributes (challenge len %lu response len %lu)", 629 (unsigned long) challenge_len, 630 (unsigned long) response_len); 631 eap_ttls_state(data, FAILURE); 632 return; 633 } 634 635 if (!sm->user || !sm->user->password || 636 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) { 637 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password " 638 "configured"); 639 eap_ttls_state(data, FAILURE); 640 return; 641 } 642 643 chal = eap_ttls_implicit_challenge(sm, data, 644 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 645 if (chal == NULL) { 646 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate " 647 "challenge from TLS data"); 648 eap_ttls_state(data, FAILURE); 649 return; 650 } 651 652#ifdef CONFIG_TESTING_OPTIONS 653 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP", 654 sm->identity, sm->identity_len, 655 challenge, response + 2 + 24); 656#endif /* CONFIG_TESTING_OPTIONS */ 657 658 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) 659 != 0 || 660 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) { 661 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch"); 662 os_free(chal); 663 eap_ttls_state(data, FAILURE); 664 return; 665 } 666 os_free(chal); 667 668 if ((sm->user->password_hash && 669 challenge_response(challenge, sm->user->password, nt_response)) || 670 (!sm->user->password_hash && 671 nt_challenge_response(challenge, sm->user->password, 672 sm->user->password_len, nt_response))) { 673 eap_ttls_state(data, FAILURE); 674 return; 675 } 676 677 if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) { 678 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response"); 679 eap_ttls_state(data, SUCCESS); 680 eap_ttls_valid_session(sm, data); 681 } else { 682 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response"); 683 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received", 684 response + 2 + 24, 24); 685 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected", 686 nt_response, 24); 687 eap_ttls_state(data, FAILURE); 688 } 689} 690 691 692static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 693 struct eap_ttls_data *data, 694 u8 *challenge, 695 size_t challenge_len, 696 u8 *response, size_t response_len) 697{ 698 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge, 699 *auth_challenge; 700 size_t username_len, i; 701 702 if (challenge == NULL || response == NULL || 703 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN || 704 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) { 705 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 " 706 "attributes (challenge len %lu response len %lu)", 707 (unsigned long) challenge_len, 708 (unsigned long) response_len); 709 eap_ttls_state(data, FAILURE); 710 return; 711 } 712 713 if (!sm->user || !sm->user->password || 714 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) { 715 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password " 716 "configured"); 717 eap_ttls_state(data, FAILURE); 718 return; 719 } 720 721 if (sm->identity == NULL) { 722 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity " 723 "known"); 724 eap_ttls_state(data, FAILURE); 725 return; 726 } 727 728 /* MSCHAPv2 does not include optional domain name in the 729 * challenge-response calculation, so remove domain prefix 730 * (if present). */ 731 username = sm->identity; 732 username_len = sm->identity_len; 733 for (i = 0; i < username_len; i++) { 734 if (username[i] == '\\') { 735 username_len -= i + 1; 736 username += i + 1; 737 break; 738 } 739 } 740 741 chal = eap_ttls_implicit_challenge( 742 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 743 if (chal == NULL) { 744 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate " 745 "challenge from TLS data"); 746 eap_ttls_state(data, FAILURE); 747 return; 748 } 749 750 if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) 751 != 0 || 752 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) { 753 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch"); 754 os_free(chal); 755 eap_ttls_state(data, FAILURE); 756 return; 757 } 758 os_free(chal); 759 760 auth_challenge = challenge; 761 peer_challenge = response + 2; 762 763 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User", 764 username, username_len); 765 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge", 766 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 767 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge", 768 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 769 770 if (sm->user->password_hash) { 771 generate_nt_response_pwhash(auth_challenge, peer_challenge, 772 username, username_len, 773 sm->user->password, 774 nt_response); 775 } else { 776 generate_nt_response(auth_challenge, peer_challenge, 777 username, username_len, 778 sm->user->password, 779 sm->user->password_len, 780 nt_response); 781 } 782 783 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8; 784#ifdef CONFIG_TESTING_OPTIONS 785 { 786 u8 challenge2[8]; 787 788 if (challenge_hash(peer_challenge, auth_challenge, 789 username, username_len, challenge2) == 0) { 790 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2", 791 username, username_len, 792 challenge2, rx_resp); 793 } 794 } 795#endif /* CONFIG_TESTING_OPTIONS */ 796 if (os_memcmp_const(nt_response, rx_resp, 24) == 0) { 797 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct " 798 "NT-Response"); 799 data->mschapv2_resp_ok = 1; 800 801 if (sm->user->password_hash) { 802 generate_authenticator_response_pwhash( 803 sm->user->password, 804 peer_challenge, auth_challenge, 805 username, username_len, nt_response, 806 data->mschapv2_auth_response); 807 } else { 808 generate_authenticator_response( 809 sm->user->password, sm->user->password_len, 810 peer_challenge, auth_challenge, 811 username, username_len, nt_response, 812 data->mschapv2_auth_response); 813 } 814 } else { 815 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid " 816 "NT-Response"); 817 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received", 818 rx_resp, 24); 819 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected", 820 nt_response, 24); 821 data->mschapv2_resp_ok = 0; 822 } 823 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP); 824 data->mschapv2_ident = response[0]; 825} 826 827 828static int eap_ttls_phase2_eap_init(struct eap_sm *sm, 829 struct eap_ttls_data *data, 830 EapType eap_type) 831{ 832 if (data->phase2_priv && data->phase2_method) { 833 data->phase2_method->reset(sm, data->phase2_priv); 834 data->phase2_method = NULL; 835 data->phase2_priv = NULL; 836 } 837 data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF, 838 eap_type); 839 if (!data->phase2_method) 840 return -1; 841 842 sm->init_phase2 = 1; 843 data->phase2_priv = data->phase2_method->init(sm); 844 sm->init_phase2 = 0; 845 return data->phase2_priv == NULL ? -1 : 0; 846} 847 848 849static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm, 850 struct eap_ttls_data *data, 851 u8 *in_data, size_t in_len) 852{ 853 u8 next_type = EAP_TYPE_NONE; 854 struct eap_hdr *hdr; 855 u8 *pos; 856 size_t left; 857 struct wpabuf buf; 858 const struct eap_method *m = data->phase2_method; 859 void *priv = data->phase2_priv; 860 861 if (priv == NULL) { 862 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not " 863 "initialized?!", __func__); 864 return; 865 } 866 867 hdr = (struct eap_hdr *) in_data; 868 pos = (u8 *) (hdr + 1); 869 870 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { 871 left = in_len - sizeof(*hdr); 872 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; " 873 "allowed types", pos + 1, left - 1); 874 eap_sm_process_nak(sm, pos + 1, left - 1); 875 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && 876 sm->user->methods[sm->user_eap_method_index].method != 877 EAP_TYPE_NONE) { 878 next_type = sm->user->methods[ 879 sm->user_eap_method_index++].method; 880 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", 881 next_type); 882 if (eap_ttls_phase2_eap_init(sm, data, next_type)) { 883 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to " 884 "initialize EAP type %d", 885 next_type); 886 eap_ttls_state(data, FAILURE); 887 return; 888 } 889 } else { 890 eap_ttls_state(data, FAILURE); 891 } 892 return; 893 } 894 895 wpabuf_set(&buf, in_data, in_len); 896 897 if (m->check(sm, priv, &buf)) { 898 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to " 899 "ignore the packet"); 900 return; 901 } 902 903 m->process(sm, priv, &buf); 904 905 if (sm->method_pending == METHOD_PENDING_WAIT) { 906 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in " 907 "pending wait state - save decrypted response"); 908 wpabuf_free(data->pending_phase2_eap_resp); 909 data->pending_phase2_eap_resp = wpabuf_dup(&buf); 910 } 911 912 if (!m->isDone(sm, priv)) 913 return; 914 915 if (!m->isSuccess(sm, priv)) { 916 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed"); 917 eap_ttls_state(data, FAILURE); 918 return; 919 } 920 921 switch (data->state) { 922 case PHASE2_START: 923 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 924 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 " 925 "Identity not found in the user " 926 "database", 927 sm->identity, sm->identity_len); 928 eap_ttls_state(data, FAILURE); 929 break; 930 } 931 932 eap_ttls_state(data, PHASE2_METHOD); 933 next_type = sm->user->methods[0].method; 934 sm->user_eap_method_index = 1; 935 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type); 936 if (eap_ttls_phase2_eap_init(sm, data, next_type)) { 937 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize " 938 "EAP type %d", next_type); 939 eap_ttls_state(data, FAILURE); 940 } 941 break; 942 case PHASE2_METHOD: 943 eap_ttls_state(data, SUCCESS); 944 eap_ttls_valid_session(sm, data); 945 break; 946 case FAILURE: 947 break; 948 default: 949 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", 950 __func__, data->state); 951 break; 952 } 953} 954 955 956static void eap_ttls_process_phase2_eap(struct eap_sm *sm, 957 struct eap_ttls_data *data, 958 const u8 *eap, size_t eap_len) 959{ 960 struct eap_hdr *hdr; 961 size_t len; 962 963 if (data->state == PHASE2_START) { 964 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2"); 965 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0) 966 { 967 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to " 968 "initialize EAP-Identity"); 969 return; 970 } 971 } 972 973 if (eap_len < sizeof(*hdr)) { 974 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP " 975 "packet (len=%lu)", (unsigned long) eap_len); 976 return; 977 } 978 979 hdr = (struct eap_hdr *) eap; 980 len = be_to_host16(hdr->length); 981 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d " 982 "identifier=%d length=%lu", hdr->code, hdr->identifier, 983 (unsigned long) len); 984 if (len > eap_len) { 985 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2" 986 " EAP frame (hdr len=%lu, data len in AVP=%lu)", 987 (unsigned long) len, (unsigned long) eap_len); 988 return; 989 } 990 991 switch (hdr->code) { 992 case EAP_CODE_RESPONSE: 993 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr, 994 len); 995 break; 996 default: 997 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in " 998 "Phase 2 EAP header", hdr->code); 999 break; 1000 } 1001} 1002 1003 1004static void eap_ttls_process_phase2(struct eap_sm *sm, 1005 struct eap_ttls_data *data, 1006 struct wpabuf *in_buf) 1007{ 1008 struct wpabuf *in_decrypted; 1009 struct eap_ttls_avp parse; 1010 1011 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1012 " Phase 2", (unsigned long) wpabuf_len(in_buf)); 1013 1014 if (data->pending_phase2_eap_resp) { 1015 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response " 1016 "- skip decryption and use old data"); 1017 eap_ttls_process_phase2_eap( 1018 sm, data, wpabuf_head(data->pending_phase2_eap_resp), 1019 wpabuf_len(data->pending_phase2_eap_resp)); 1020 wpabuf_free(data->pending_phase2_eap_resp); 1021 data->pending_phase2_eap_resp = NULL; 1022 return; 1023 } 1024 1025 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn, 1026 in_buf); 1027 if (in_decrypted == NULL) { 1028 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 " 1029 "data"); 1030 eap_ttls_state(data, FAILURE); 1031 return; 1032 } 1033 1034 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP", 1035 in_decrypted); 1036 1037 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) { 1038 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs"); 1039 wpabuf_free(in_decrypted); 1040 eap_ttls_state(data, FAILURE); 1041 return; 1042 } 1043 1044 if (parse.user_name) { 1045 char *nbuf; 1046 nbuf = os_malloc(parse.user_name_len * 4 + 1); 1047 if (nbuf) { 1048 printf_encode(nbuf, parse.user_name_len * 4 + 1, 1049 parse.user_name, 1050 parse.user_name_len); 1051 eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf); 1052 os_free(nbuf); 1053 } 1054 1055 os_free(sm->identity); 1056 sm->identity = os_memdup(parse.user_name, parse.user_name_len); 1057 if (sm->identity == NULL) { 1058 eap_ttls_state(data, FAILURE); 1059 goto done; 1060 } 1061 sm->identity_len = parse.user_name_len; 1062 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) 1063 != 0) { 1064 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not " 1065 "found in the user database"); 1066 eap_ttls_state(data, FAILURE); 1067 goto done; 1068 } 1069 } 1070 1071#ifdef EAP_SERVER_TNC 1072 if (data->tnc_started && parse.eap == NULL) { 1073 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP " 1074 "response from peer"); 1075 eap_ttls_state(data, FAILURE); 1076 goto done; 1077 } 1078#endif /* EAP_SERVER_TNC */ 1079 1080 if (parse.eap) { 1081 eap_ttls_process_phase2_eap(sm, data, parse.eap, 1082 parse.eap_len); 1083 } else if (parse.user_password) { 1084 eap_ttls_process_phase2_pap(sm, data, parse.user_password, 1085 parse.user_password_len); 1086 } else if (parse.chap_password) { 1087 eap_ttls_process_phase2_chap(sm, data, 1088 parse.chap_challenge, 1089 parse.chap_challenge_len, 1090 parse.chap_password, 1091 parse.chap_password_len); 1092 } else if (parse.mschap_response) { 1093 eap_ttls_process_phase2_mschap(sm, data, 1094 parse.mschap_challenge, 1095 parse.mschap_challenge_len, 1096 parse.mschap_response, 1097 parse.mschap_response_len); 1098 } else if (parse.mschap2_response) { 1099 eap_ttls_process_phase2_mschapv2(sm, data, 1100 parse.mschap_challenge, 1101 parse.mschap_challenge_len, 1102 parse.mschap2_response, 1103 parse.mschap2_response_len); 1104 } 1105 1106done: 1107 wpabuf_free(in_decrypted); 1108 os_free(parse.eap); 1109} 1110 1111 1112static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) 1113{ 1114#ifdef EAP_SERVER_TNC 1115 if (!sm->tnc || data->state != SUCCESS || data->tnc_started) 1116 return; 1117 1118 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); 1119 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) { 1120 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); 1121 eap_ttls_state(data, FAILURE); 1122 return; 1123 } 1124 1125 data->tnc_started = 1; 1126 eap_ttls_state(data, PHASE2_METHOD); 1127#endif /* EAP_SERVER_TNC */ 1128} 1129 1130 1131static int eap_ttls_process_version(struct eap_sm *sm, void *priv, 1132 int peer_version) 1133{ 1134 struct eap_ttls_data *data = priv; 1135 if (peer_version < data->ttls_version) { 1136 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; " 1137 "use version %d", 1138 peer_version, data->ttls_version, peer_version); 1139 data->ttls_version = peer_version; 1140 } 1141 1142 return 0; 1143} 1144 1145 1146static void eap_ttls_process_msg(struct eap_sm *sm, void *priv, 1147 const struct wpabuf *respData) 1148{ 1149 struct eap_ttls_data *data = priv; 1150 1151 switch (data->state) { 1152 case PHASE1: 1153 if (eap_server_tls_phase1(sm, &data->ssl) < 0) 1154 eap_ttls_state(data, FAILURE); 1155 break; 1156 case PHASE2_START: 1157 case PHASE2_METHOD: 1158 eap_ttls_process_phase2(sm, data, data->ssl.tls_in); 1159 eap_ttls_start_tnc(sm, data); 1160 break; 1161 case PHASE2_MSCHAPV2_RESP: 1162 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) == 1163 0) { 1164 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1165 "acknowledged response"); 1166 eap_ttls_state(data, SUCCESS); 1167 eap_ttls_valid_session(sm, data); 1168 } else if (!data->mschapv2_resp_ok) { 1169 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " 1170 "acknowledged error"); 1171 eap_ttls_state(data, FAILURE); 1172 } else { 1173 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected " 1174 "frame from peer (payload len %lu, " 1175 "expected empty frame)", 1176 (unsigned long) 1177 wpabuf_len(data->ssl.tls_in)); 1178 eap_ttls_state(data, FAILURE); 1179 } 1180 eap_ttls_start_tnc(sm, data); 1181 break; 1182 default: 1183 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s", 1184 data->state, __func__); 1185 break; 1186 } 1187} 1188 1189 1190static void eap_ttls_process(struct eap_sm *sm, void *priv, 1191 struct wpabuf *respData) 1192{ 1193 struct eap_ttls_data *data = priv; 1194 const struct wpabuf *buf; 1195 const u8 *pos; 1196 u8 id_len; 1197 1198 if (eap_server_tls_process(sm, &data->ssl, respData, data, 1199 EAP_TYPE_TTLS, eap_ttls_process_version, 1200 eap_ttls_process_msg) < 0) { 1201 eap_ttls_state(data, FAILURE); 1202 return; 1203 } 1204 1205 if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) || 1206 !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 1207 return; 1208 1209 buf = tls_connection_get_success_data(data->ssl.conn); 1210 if (!buf || wpabuf_len(buf) < 1) { 1211 wpa_printf(MSG_DEBUG, 1212 "EAP-TTLS: No success data in resumed session - reject attempt"); 1213 eap_ttls_state(data, FAILURE); 1214 return; 1215 } 1216 1217 pos = wpabuf_head(buf); 1218 if (*pos != EAP_TYPE_TTLS) { 1219 wpa_printf(MSG_DEBUG, 1220 "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt", 1221 *pos); 1222 eap_ttls_state(data, FAILURE); 1223 return; 1224 } 1225 1226 pos++; 1227 id_len = *pos++; 1228 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session", 1229 pos, id_len); 1230 os_free(sm->identity); 1231 sm->identity = os_malloc(id_len ? id_len : 1); 1232 if (!sm->identity) { 1233 sm->identity_len = 0; 1234 eap_ttls_state(data, FAILURE); 1235 return; 1236 } 1237 1238 os_memcpy(sm->identity, pos, id_len); 1239 sm->identity_len = id_len; 1240 1241 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 1242 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database", 1243 sm->identity, sm->identity_len); 1244 eap_ttls_state(data, FAILURE); 1245 return; 1246 } 1247 1248 wpa_printf(MSG_DEBUG, 1249 "EAP-TTLS: Resuming previous session - skip Phase2"); 1250 eap_ttls_state(data, SUCCESS); 1251 tls_connection_set_success_data_resumed(data->ssl.conn); 1252} 1253 1254 1255static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv) 1256{ 1257 struct eap_ttls_data *data = priv; 1258 return data->state == SUCCESS || data->state == FAILURE; 1259} 1260 1261 1262static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1263{ 1264 struct eap_ttls_data *data = priv; 1265 u8 *eapKeyData; 1266 1267 if (data->state != SUCCESS) 1268 return NULL; 1269 1270 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1271 "ttls keying material", NULL, 0, 1272 EAP_TLS_KEY_LEN); 1273 if (eapKeyData) { 1274 *len = EAP_TLS_KEY_LEN; 1275 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 1276 eapKeyData, EAP_TLS_KEY_LEN); 1277 } else { 1278 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key"); 1279 } 1280 1281 return eapKeyData; 1282} 1283 1284 1285static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv) 1286{ 1287 struct eap_ttls_data *data = priv; 1288 return data->state == SUCCESS; 1289} 1290 1291 1292static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1293{ 1294 struct eap_ttls_data *data = priv; 1295 1296 if (data->state != SUCCESS) 1297 return NULL; 1298 1299 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS, 1300 len); 1301} 1302 1303 1304static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 1305{ 1306 struct eap_ttls_data *data = priv; 1307 u8 *eapKeyData, *emsk; 1308 1309 if (data->state != SUCCESS) 1310 return NULL; 1311 1312 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1313 "ttls keying material", NULL, 0, 1314 EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1315 if (eapKeyData) { 1316 emsk = os_malloc(EAP_EMSK_LEN); 1317 if (emsk) 1318 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, 1319 EAP_EMSK_LEN); 1320 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN); 1321 } else 1322 emsk = NULL; 1323 1324 if (emsk) { 1325 *len = EAP_EMSK_LEN; 1326 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK", 1327 emsk, EAP_EMSK_LEN); 1328 } else { 1329 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK"); 1330 } 1331 1332 return emsk; 1333} 1334 1335 1336int eap_server_ttls_register(void) 1337{ 1338 struct eap_method *eap; 1339 1340 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1341 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1342 if (eap == NULL) 1343 return -1; 1344 1345 eap->init = eap_ttls_init; 1346 eap->reset = eap_ttls_reset; 1347 eap->buildReq = eap_ttls_buildReq; 1348 eap->check = eap_ttls_check; 1349 eap->process = eap_ttls_process; 1350 eap->isDone = eap_ttls_isDone; 1351 eap->getKey = eap_ttls_getKey; 1352 eap->isSuccess = eap_ttls_isSuccess; 1353 eap->getSessionId = eap_ttls_get_session_id; 1354 eap->get_emsk = eap_ttls_get_emsk; 1355 1356 return eap_server_method_register(eap); 1357} 1358