1/* 2 * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt) 3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "crypto/sha1.h" 13#include "crypto/tls.h" 14#include "crypto/random.h" 15#include "eap_i.h" 16#include "eap_tls_common.h" 17#include "eap_common/eap_tlv_common.h" 18#include "eap_common/eap_peap_common.h" 19#include "tncs.h" 20 21 22/* Maximum supported PEAP version 23 * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt 24 * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt 25 */ 26#define EAP_PEAP_VERSION 1 27 28 29static void eap_peap_reset(struct eap_sm *sm, void *priv); 30 31 32struct eap_peap_data { 33 struct eap_ssl_data ssl; 34 enum { 35 START, PHASE1, PHASE1_ID2, PHASE2_START, PHASE2_ID, 36 PHASE2_METHOD, PHASE2_SOH, 37 PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE 38 } state; 39 40 int peap_version; 41 int recv_version; 42 const struct eap_method *phase2_method; 43 void *phase2_priv; 44 int force_version; 45 struct wpabuf *pending_phase2_resp; 46 enum { TLV_REQ_NONE, TLV_REQ_SUCCESS, TLV_REQ_FAILURE } tlv_request; 47 int crypto_binding_sent; 48 int crypto_binding_used; 49 enum { NO_BINDING, OPTIONAL_BINDING, REQUIRE_BINDING } crypto_binding; 50 u8 binding_nonce[32]; 51 u8 ipmk[40]; 52 u8 cmk[20]; 53 u8 *phase2_key; 54 size_t phase2_key_len; 55 struct wpabuf *soh_response; 56}; 57 58 59static const char * eap_peap_state_txt(int state) 60{ 61 switch (state) { 62 case START: 63 return "START"; 64 case PHASE1: 65 return "PHASE1"; 66 case PHASE1_ID2: 67 return "PHASE1_ID2"; 68 case PHASE2_START: 69 return "PHASE2_START"; 70 case PHASE2_ID: 71 return "PHASE2_ID"; 72 case PHASE2_METHOD: 73 return "PHASE2_METHOD"; 74 case PHASE2_SOH: 75 return "PHASE2_SOH"; 76 case PHASE2_TLV: 77 return "PHASE2_TLV"; 78 case SUCCESS_REQ: 79 return "SUCCESS_REQ"; 80 case FAILURE_REQ: 81 return "FAILURE_REQ"; 82 case SUCCESS: 83 return "SUCCESS"; 84 case FAILURE: 85 return "FAILURE"; 86 default: 87 return "Unknown?!"; 88 } 89} 90 91 92static void eap_peap_state(struct eap_peap_data *data, int state) 93{ 94 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s -> %s", 95 eap_peap_state_txt(data->state), 96 eap_peap_state_txt(state)); 97 data->state = state; 98 if (state == FAILURE || state == FAILURE_REQ) 99 tls_connection_remove_session(data->ssl.conn); 100} 101 102 103static void eap_peap_valid_session(struct eap_sm *sm, 104 struct eap_peap_data *data) 105{ 106 struct wpabuf *buf; 107 108 if (!sm->tls_session_lifetime || 109 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 110 return; 111 112 buf = wpabuf_alloc(1 + 1 + sm->identity_len); 113 if (!buf) 114 return; 115 wpabuf_put_u8(buf, EAP_TYPE_PEAP); 116 if (sm->identity) { 117 u8 id_len; 118 119 if (sm->identity_len <= 255) 120 id_len = sm->identity_len; 121 else 122 id_len = 255; 123 wpabuf_put_u8(buf, id_len); 124 wpabuf_put_data(buf, sm->identity, id_len); 125 } else { 126 wpabuf_put_u8(buf, 0); 127 } 128 tls_connection_set_success_data(data->ssl.conn, buf); 129} 130 131 132static void eap_peap_req_success(struct eap_sm *sm, 133 struct eap_peap_data *data) 134{ 135 if (data->state == FAILURE || data->state == FAILURE_REQ) { 136 eap_peap_state(data, FAILURE); 137 return; 138 } 139 140 if (data->peap_version == 0) { 141 data->tlv_request = TLV_REQ_SUCCESS; 142 eap_peap_state(data, PHASE2_TLV); 143 } else { 144 eap_peap_state(data, SUCCESS_REQ); 145 } 146} 147 148 149static void eap_peap_req_failure(struct eap_sm *sm, 150 struct eap_peap_data *data) 151{ 152 if (data->state == FAILURE || data->state == FAILURE_REQ || 153 data->state == SUCCESS_REQ || data->tlv_request != TLV_REQ_NONE) { 154 eap_peap_state(data, FAILURE); 155 return; 156 } 157 158 if (data->peap_version == 0) { 159 data->tlv_request = TLV_REQ_FAILURE; 160 eap_peap_state(data, PHASE2_TLV); 161 } else { 162 eap_peap_state(data, FAILURE_REQ); 163 } 164} 165 166 167static void * eap_peap_init(struct eap_sm *sm) 168{ 169 struct eap_peap_data *data; 170 171 data = os_zalloc(sizeof(*data)); 172 if (data == NULL) 173 return NULL; 174 data->peap_version = EAP_PEAP_VERSION; 175 data->force_version = -1; 176 if (sm->user && sm->user->force_version >= 0) { 177 data->force_version = sm->user->force_version; 178 wpa_printf(MSG_DEBUG, "EAP-PEAP: forcing version %d", 179 data->force_version); 180 data->peap_version = data->force_version; 181 } 182 data->state = START; 183 data->crypto_binding = OPTIONAL_BINDING; 184 185 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_PEAP)) { 186 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL."); 187 eap_peap_reset(sm, data); 188 return NULL; 189 } 190 191 return data; 192} 193 194 195static void eap_peap_reset(struct eap_sm *sm, void *priv) 196{ 197 struct eap_peap_data *data = priv; 198 if (data == NULL) 199 return; 200 if (data->phase2_priv && data->phase2_method) 201 data->phase2_method->reset(sm, data->phase2_priv); 202 eap_server_tls_ssl_deinit(sm, &data->ssl); 203 wpabuf_free(data->pending_phase2_resp); 204 os_free(data->phase2_key); 205 wpabuf_free(data->soh_response); 206 bin_clear_free(data, sizeof(*data)); 207} 208 209 210static struct wpabuf * eap_peap_build_start(struct eap_sm *sm, 211 struct eap_peap_data *data, u8 id) 212{ 213 struct wpabuf *req; 214 215 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PEAP, 1, 216 EAP_CODE_REQUEST, id); 217 if (req == NULL) { 218 wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to allocate memory for" 219 " request"); 220 eap_peap_state(data, FAILURE); 221 return NULL; 222 } 223 224 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->peap_version); 225 226 eap_peap_state(data, PHASE1); 227 228 return req; 229} 230 231 232static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm, 233 struct eap_peap_data *data, 234 u8 id) 235{ 236 struct wpabuf *buf, *encr_req, msgbuf; 237 const u8 *req; 238 size_t req_len; 239 240 if (data->phase2_method == NULL || data->phase2_priv == NULL) { 241 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 method not ready"); 242 return NULL; 243 } 244 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); 245 if (buf == NULL) 246 return NULL; 247 248 req = wpabuf_head(buf); 249 req_len = wpabuf_len(buf); 250 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", 251 req, req_len); 252 253 if (data->peap_version == 0 && 254 data->phase2_method->method != EAP_TYPE_TLV) { 255 req += sizeof(struct eap_hdr); 256 req_len -= sizeof(struct eap_hdr); 257 } 258 259 wpabuf_set(&msgbuf, req, req_len); 260 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 261 wpabuf_free(buf); 262 263 return encr_req; 264} 265 266 267#ifdef EAP_SERVER_TNC 268static struct wpabuf * eap_peap_build_phase2_soh(struct eap_sm *sm, 269 struct eap_peap_data *data, 270 u8 id) 271{ 272 struct wpabuf *buf1, *buf, *encr_req, msgbuf; 273 const u8 *req; 274 size_t req_len; 275 276 buf1 = tncs_build_soh_request(); 277 if (buf1 == NULL) 278 return NULL; 279 280 buf = eap_msg_alloc(EAP_VENDOR_MICROSOFT, 0x21, wpabuf_len(buf1), 281 EAP_CODE_REQUEST, id); 282 if (buf == NULL) { 283 wpabuf_free(buf1); 284 return NULL; 285 } 286 wpabuf_put_buf(buf, buf1); 287 wpabuf_free(buf1); 288 289 req = wpabuf_head(buf); 290 req_len = wpabuf_len(buf); 291 292 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 SOH data", 293 req, req_len); 294 295 req += sizeof(struct eap_hdr); 296 req_len -= sizeof(struct eap_hdr); 297 wpabuf_set(&msgbuf, req, req_len); 298 299 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 300 wpabuf_free(buf); 301 302 return encr_req; 303} 304#endif /* EAP_SERVER_TNC */ 305 306 307static void eap_peap_get_isk(struct eap_peap_data *data, 308 u8 *isk, size_t isk_len) 309{ 310 size_t key_len; 311 312 os_memset(isk, 0, isk_len); 313 if (data->phase2_key == NULL) 314 return; 315 316 key_len = data->phase2_key_len; 317 if (key_len > isk_len) 318 key_len = isk_len; 319 os_memcpy(isk, data->phase2_key, key_len); 320} 321 322 323static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data) 324{ 325 u8 *tk; 326 u8 isk[32], imck[60]; 327 328 /* 329 * Tunnel key (TK) is the first 60 octets of the key generated by 330 * phase 1 of PEAP (based on TLS). 331 */ 332 tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption", 333 EAP_TLS_KEY_LEN); 334 if (tk == NULL) 335 return -1; 336 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60); 337 338 eap_peap_get_isk(data, isk, sizeof(isk)); 339 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk)); 340 341 /* 342 * IPMK Seed = "Inner Methods Compound Keys" | ISK 343 * TempKey = First 40 octets of TK 344 * IPMK|CMK = PRF+(TempKey, IPMK Seed, 60) 345 * (note: draft-josefsson-pppext-eap-tls-eap-10.txt includes a space 346 * in the end of the label just before ISK; is that just a typo?) 347 */ 348 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40); 349 if (peap_prfplus(data->peap_version, tk, 40, 350 "Inner Methods Compound Keys", 351 isk, sizeof(isk), imck, sizeof(imck)) < 0) { 352 os_free(tk); 353 return -1; 354 } 355 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)", 356 imck, sizeof(imck)); 357 358 os_free(tk); 359 360 /* TODO: fast-connect: IPMK|CMK = TK */ 361 os_memcpy(data->ipmk, imck, 40); 362 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40); 363 os_memcpy(data->cmk, imck + 40, 20); 364 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20); 365 366 return 0; 367} 368 369 370static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm, 371 struct eap_peap_data *data, 372 u8 id) 373{ 374 struct wpabuf *buf, *encr_req; 375 size_t mlen; 376 377 mlen = 6; /* Result TLV */ 378 if (data->peap_version == 0 && data->tlv_request == TLV_REQ_SUCCESS && 379 data->crypto_binding != NO_BINDING) { 380 mlen += 60; /* Cryptobinding TLV */ 381#ifdef EAP_SERVER_TNC 382 if (data->soh_response) 383 mlen += wpabuf_len(data->soh_response); 384#endif /* EAP_SERVER_TNC */ 385 } 386 387 buf = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, mlen, 388 EAP_CODE_REQUEST, id); 389 if (buf == NULL) 390 return NULL; 391 392 wpabuf_put_u8(buf, 0x80); /* Mandatory */ 393 wpabuf_put_u8(buf, EAP_TLV_RESULT_TLV); 394 /* Length */ 395 wpabuf_put_be16(buf, 2); 396 /* Status */ 397 wpabuf_put_be16(buf, data->tlv_request == TLV_REQ_SUCCESS ? 398 EAP_TLV_RESULT_SUCCESS : EAP_TLV_RESULT_FAILURE); 399 400 if (data->peap_version == 0 && data->tlv_request == TLV_REQ_SUCCESS && 401 data->crypto_binding != NO_BINDING) { 402 u8 *mac; 403 u8 eap_type = EAP_TYPE_PEAP; 404 const u8 *addr[2]; 405 size_t len[2]; 406 u16 tlv_type; 407 408#ifdef EAP_SERVER_TNC 409 if (data->soh_response) { 410 wpa_printf(MSG_DEBUG, "EAP-PEAP: Adding MS-SOH " 411 "Response TLV"); 412 wpabuf_put_buf(buf, data->soh_response); 413 wpabuf_free(data->soh_response); 414 data->soh_response = NULL; 415 } 416#endif /* EAP_SERVER_TNC */ 417 418 if (eap_peap_derive_cmk(sm, data) < 0 || 419 random_get_bytes(data->binding_nonce, 32)) { 420 wpabuf_free(buf); 421 return NULL; 422 } 423 424 /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */ 425 addr[0] = wpabuf_put(buf, 0); 426 len[0] = 60; 427 addr[1] = &eap_type; 428 len[1] = 1; 429 430 tlv_type = EAP_TLV_CRYPTO_BINDING_TLV; 431 wpabuf_put_be16(buf, tlv_type); 432 wpabuf_put_be16(buf, 56); 433 434 wpabuf_put_u8(buf, 0); /* Reserved */ 435 wpabuf_put_u8(buf, data->peap_version); /* Version */ 436 wpabuf_put_u8(buf, data->recv_version); /* RecvVersion */ 437 wpabuf_put_u8(buf, 0); /* SubType: 0 = Request, 1 = Response */ 438 wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */ 439 mac = wpabuf_put(buf, 20); /* Compound_MAC */ 440 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", 441 data->cmk, 20); 442 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1", 443 addr[0], len[0]); 444 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2", 445 addr[1], len[1]); 446 hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac); 447 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", 448 mac, SHA1_MAC_LEN); 449 data->crypto_binding_sent = 1; 450 } 451 452 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 TLV data", 453 buf); 454 455 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf); 456 wpabuf_free(buf); 457 458 return encr_req; 459} 460 461 462static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm, 463 struct eap_peap_data *data, 464 u8 id, int success) 465{ 466 struct wpabuf *encr_req, msgbuf; 467 size_t req_len; 468 struct eap_hdr *hdr; 469 470 req_len = sizeof(*hdr); 471 hdr = os_zalloc(req_len); 472 if (hdr == NULL) 473 return NULL; 474 475 hdr->code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE; 476 hdr->identifier = id; 477 hdr->length = host_to_be16(req_len); 478 479 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", 480 (u8 *) hdr, req_len); 481 482 wpabuf_set(&msgbuf, hdr, req_len); 483 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); 484 os_free(hdr); 485 486 return encr_req; 487} 488 489 490static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id) 491{ 492 struct eap_peap_data *data = priv; 493 494 if (data->ssl.state == FRAG_ACK) { 495 return eap_server_tls_build_ack(id, EAP_TYPE_PEAP, 496 data->peap_version); 497 } 498 499 if (data->ssl.state == WAIT_FRAG_ACK) { 500 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, 501 data->peap_version, id); 502 } 503 504 switch (data->state) { 505 case START: 506 return eap_peap_build_start(sm, data, id); 507 case PHASE1: 508 case PHASE1_ID2: 509 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 510 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, " 511 "starting Phase2"); 512 eap_peap_state(data, PHASE2_START); 513 } 514 break; 515 case PHASE2_ID: 516 case PHASE2_METHOD: 517 wpabuf_free(data->ssl.tls_out); 518 data->ssl.tls_out_pos = 0; 519 data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id); 520 break; 521#ifdef EAP_SERVER_TNC 522 case PHASE2_SOH: 523 wpabuf_free(data->ssl.tls_out); 524 data->ssl.tls_out_pos = 0; 525 data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id); 526 break; 527#endif /* EAP_SERVER_TNC */ 528 case PHASE2_TLV: 529 wpabuf_free(data->ssl.tls_out); 530 data->ssl.tls_out_pos = 0; 531 data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id); 532 break; 533 case SUCCESS_REQ: 534 wpabuf_free(data->ssl.tls_out); 535 data->ssl.tls_out_pos = 0; 536 data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id, 537 1); 538 break; 539 case FAILURE_REQ: 540 wpabuf_free(data->ssl.tls_out); 541 data->ssl.tls_out_pos = 0; 542 data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id, 543 0); 544 break; 545 default: 546 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", 547 __func__, data->state); 548 return NULL; 549 } 550 551 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, 552 data->peap_version, id); 553} 554 555 556static Boolean eap_peap_check(struct eap_sm *sm, void *priv, 557 struct wpabuf *respData) 558{ 559 const u8 *pos; 560 size_t len; 561 562 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PEAP, respData, &len); 563 if (pos == NULL || len < 1) { 564 wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame"); 565 return TRUE; 566 } 567 568 return FALSE; 569} 570 571 572static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data, 573 int vendor, EapType eap_type) 574{ 575 if (data->phase2_priv && data->phase2_method) { 576 data->phase2_method->reset(sm, data->phase2_priv); 577 data->phase2_method = NULL; 578 data->phase2_priv = NULL; 579 } 580 data->phase2_method = eap_server_get_eap_method(vendor, eap_type); 581 if (!data->phase2_method) 582 return -1; 583 584 sm->init_phase2 = 1; 585 data->phase2_priv = data->phase2_method->init(sm); 586 sm->init_phase2 = 0; 587 return 0; 588} 589 590 591static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, 592 struct eap_peap_data *data, 593 const u8 *crypto_tlv, 594 size_t crypto_tlv_len) 595{ 596 u8 buf[61], mac[SHA1_MAC_LEN]; 597 const u8 *pos; 598 599 if (crypto_tlv_len != 4 + 56) { 600 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid cryptobinding TLV " 601 "length %d", (int) crypto_tlv_len); 602 return -1; 603 } 604 605 pos = crypto_tlv; 606 pos += 4; /* TLV header */ 607 if (pos[1] != data->peap_version) { 608 wpa_printf(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV Version " 609 "mismatch (was %d; expected %d)", 610 pos[1], data->peap_version); 611 return -1; 612 } 613 614 if (pos[3] != 1) { 615 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected Cryptobinding TLV " 616 "SubType %d", pos[3]); 617 return -1; 618 } 619 pos += 4; 620 pos += 32; /* Nonce */ 621 622 /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */ 623 os_memcpy(buf, crypto_tlv, 60); 624 os_memset(buf + 4 + 4 + 32, 0, 20); /* Compound_MAC */ 625 buf[60] = EAP_TYPE_PEAP; 626 hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac); 627 628 if (os_memcmp_const(mac, pos, SHA1_MAC_LEN) != 0) { 629 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in " 630 "cryptobinding TLV"); 631 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK", data->cmk, 20); 632 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding seed data", 633 buf, 61); 634 return -1; 635 } 636 637 wpa_printf(MSG_DEBUG, "EAP-PEAP: Valid cryptobinding TLV received"); 638 639 return 0; 640} 641 642 643static void eap_peap_process_phase2_tlv(struct eap_sm *sm, 644 struct eap_peap_data *data, 645 struct wpabuf *in_data) 646{ 647 const u8 *pos; 648 size_t left; 649 const u8 *result_tlv = NULL, *crypto_tlv = NULL; 650 size_t result_tlv_len = 0, crypto_tlv_len = 0; 651 int tlv_type, mandatory, tlv_len; 652 653 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, in_data, &left); 654 if (pos == NULL) { 655 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid EAP-TLV header"); 656 return; 657 } 658 659 /* Parse TLVs */ 660 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs", pos, left); 661 while (left >= 4) { 662 mandatory = !!(pos[0] & 0x80); 663 tlv_type = pos[0] & 0x3f; 664 tlv_type = (tlv_type << 8) | pos[1]; 665 tlv_len = ((int) pos[2] << 8) | pos[3]; 666 pos += 4; 667 left -= 4; 668 if ((size_t) tlv_len > left) { 669 wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun " 670 "(tlv_len=%d left=%lu)", tlv_len, 671 (unsigned long) left); 672 eap_peap_state(data, FAILURE); 673 return; 674 } 675 switch (tlv_type) { 676 case EAP_TLV_RESULT_TLV: 677 result_tlv = pos; 678 result_tlv_len = tlv_len; 679 break; 680 case EAP_TLV_CRYPTO_BINDING_TLV: 681 crypto_tlv = pos; 682 crypto_tlv_len = tlv_len; 683 break; 684 default: 685 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type " 686 "%d%s", tlv_type, 687 mandatory ? " (mandatory)" : ""); 688 if (mandatory) { 689 eap_peap_state(data, FAILURE); 690 return; 691 } 692 /* Ignore this TLV, but process other TLVs */ 693 break; 694 } 695 696 pos += tlv_len; 697 left -= tlv_len; 698 } 699 if (left) { 700 wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in " 701 "Request (left=%lu)", (unsigned long) left); 702 eap_peap_state(data, FAILURE); 703 return; 704 } 705 706 /* Process supported TLVs */ 707 if (crypto_tlv && data->crypto_binding_sent) { 708 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV", 709 crypto_tlv, crypto_tlv_len); 710 if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4, 711 crypto_tlv_len + 4) < 0) { 712 eap_peap_state(data, FAILURE); 713 return; 714 } 715 data->crypto_binding_used = 1; 716 } else if (!crypto_tlv && data->crypto_binding_sent && 717 data->crypto_binding == REQUIRE_BINDING) { 718 wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV"); 719 eap_peap_state(data, FAILURE); 720 return; 721 } 722 723 if (result_tlv) { 724 int status; 725 const char *requested; 726 727 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Result TLV", 728 result_tlv, result_tlv_len); 729 if (result_tlv_len < 2) { 730 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Result TLV " 731 "(len=%lu)", 732 (unsigned long) result_tlv_len); 733 eap_peap_state(data, FAILURE); 734 return; 735 } 736 requested = data->tlv_request == TLV_REQ_SUCCESS ? "Success" : 737 "Failure"; 738 status = WPA_GET_BE16(result_tlv); 739 if (status == EAP_TLV_RESULT_SUCCESS) { 740 wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Success " 741 "- requested %s", requested); 742 if (data->tlv_request == TLV_REQ_SUCCESS) { 743 eap_peap_state(data, SUCCESS); 744 eap_peap_valid_session(sm, data); 745 } else { 746 eap_peap_state(data, FAILURE); 747 } 748 749 } else if (status == EAP_TLV_RESULT_FAILURE) { 750 wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Failure " 751 "- requested %s", requested); 752 eap_peap_state(data, FAILURE); 753 } else { 754 wpa_printf(MSG_INFO, "EAP-PEAP: Unknown TLV Result " 755 "Status %d", status); 756 eap_peap_state(data, FAILURE); 757 } 758 } 759} 760 761 762#ifdef EAP_SERVER_TNC 763static void eap_peap_process_phase2_soh(struct eap_sm *sm, 764 struct eap_peap_data *data, 765 struct wpabuf *in_data) 766{ 767 const u8 *pos, *vpos; 768 size_t left; 769 const u8 *soh_tlv = NULL; 770 size_t soh_tlv_len = 0; 771 int tlv_type, mandatory, tlv_len, vtlv_len; 772 u32 next_type; 773 u32 vendor_id; 774 775 pos = eap_hdr_validate(EAP_VENDOR_MICROSOFT, 0x21, in_data, &left); 776 if (pos == NULL) { 777 wpa_printf(MSG_DEBUG, "EAP-PEAP: Not a valid SoH EAP " 778 "Extensions Method header - skip TNC"); 779 goto auth_method; 780 } 781 782 /* Parse TLVs */ 783 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs (SoH)", pos, left); 784 while (left >= 4) { 785 mandatory = !!(pos[0] & 0x80); 786 tlv_type = pos[0] & 0x3f; 787 tlv_type = (tlv_type << 8) | pos[1]; 788 tlv_len = ((int) pos[2] << 8) | pos[3]; 789 pos += 4; 790 left -= 4; 791 if ((size_t) tlv_len > left) { 792 wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun " 793 "(tlv_len=%d left=%lu)", tlv_len, 794 (unsigned long) left); 795 eap_peap_state(data, FAILURE); 796 return; 797 } 798 switch (tlv_type) { 799 case EAP_TLV_VENDOR_SPECIFIC_TLV: 800 if (tlv_len < 4) { 801 wpa_printf(MSG_DEBUG, "EAP-PEAP: Too short " 802 "vendor specific TLV (len=%d)", 803 (int) tlv_len); 804 eap_peap_state(data, FAILURE); 805 return; 806 } 807 808 vendor_id = WPA_GET_BE32(pos); 809 if (vendor_id != EAP_VENDOR_MICROSOFT) { 810 if (mandatory) { 811 eap_peap_state(data, FAILURE); 812 return; 813 } 814 break; 815 } 816 817 vpos = pos + 4; 818 mandatory = !!(vpos[0] & 0x80); 819 tlv_type = vpos[0] & 0x3f; 820 tlv_type = (tlv_type << 8) | vpos[1]; 821 vtlv_len = ((int) vpos[2] << 8) | vpos[3]; 822 vpos += 4; 823 if (vpos + vtlv_len > pos + left) { 824 wpa_printf(MSG_DEBUG, "EAP-PEAP: Vendor TLV " 825 "underrun"); 826 eap_peap_state(data, FAILURE); 827 return; 828 } 829 830 if (tlv_type == 1) { 831 soh_tlv = vpos; 832 soh_tlv_len = vtlv_len; 833 break; 834 } 835 836 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported MS-TLV " 837 "Type %d%s", tlv_type, 838 mandatory ? " (mandatory)" : ""); 839 if (mandatory) { 840 eap_peap_state(data, FAILURE); 841 return; 842 } 843 /* Ignore this TLV, but process other TLVs */ 844 break; 845 default: 846 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type " 847 "%d%s", tlv_type, 848 mandatory ? " (mandatory)" : ""); 849 if (mandatory) { 850 eap_peap_state(data, FAILURE); 851 return; 852 } 853 /* Ignore this TLV, but process other TLVs */ 854 break; 855 } 856 857 pos += tlv_len; 858 left -= tlv_len; 859 } 860 if (left) { 861 wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in " 862 "Request (left=%lu)", (unsigned long) left); 863 eap_peap_state(data, FAILURE); 864 return; 865 } 866 867 /* Process supported TLVs */ 868 if (soh_tlv) { 869 int failure = 0; 870 wpabuf_free(data->soh_response); 871 data->soh_response = tncs_process_soh(soh_tlv, soh_tlv_len, 872 &failure); 873 if (failure) { 874 eap_peap_state(data, FAILURE); 875 return; 876 } 877 } else { 878 wpa_printf(MSG_DEBUG, "EAP-PEAP: No SoH TLV received"); 879 eap_peap_state(data, FAILURE); 880 return; 881 } 882 883auth_method: 884 eap_peap_state(data, PHASE2_METHOD); 885 next_type = sm->user->methods[0].method; 886 sm->user_eap_method_index = 1; 887 wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP vendor %d type %d", 888 sm->user->methods[0].vendor, next_type); 889 eap_peap_phase2_init(sm, data, sm->user->methods[0].vendor, next_type); 890} 891#endif /* EAP_SERVER_TNC */ 892 893 894static void eap_peap_process_phase2_response(struct eap_sm *sm, 895 struct eap_peap_data *data, 896 struct wpabuf *in_data) 897{ 898 int next_vendor = EAP_VENDOR_IETF; 899 u32 next_type = EAP_TYPE_NONE; 900 const struct eap_hdr *hdr; 901 const u8 *pos; 902 size_t left; 903 904 if (data->state == PHASE2_TLV) { 905 eap_peap_process_phase2_tlv(sm, data, in_data); 906 return; 907 } 908 909#ifdef EAP_SERVER_TNC 910 if (data->state == PHASE2_SOH) { 911 eap_peap_process_phase2_soh(sm, data, in_data); 912 return; 913 } 914#endif /* EAP_SERVER_TNC */ 915 916 if (data->phase2_priv == NULL) { 917 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - Phase2 not " 918 "initialized?!", __func__); 919 return; 920 } 921 922 hdr = wpabuf_head(in_data); 923 pos = (const u8 *) (hdr + 1); 924 925 if (wpabuf_len(in_data) > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { 926 left = wpabuf_len(in_data) - sizeof(*hdr); 927 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Phase2 type Nak'ed; " 928 "allowed types", pos + 1, left - 1); 929 eap_sm_process_nak(sm, pos + 1, left - 1); 930 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && 931 (sm->user->methods[sm->user_eap_method_index].vendor != 932 EAP_VENDOR_IETF || 933 sm->user->methods[sm->user_eap_method_index].method != 934 EAP_TYPE_NONE)) { 935 next_vendor = sm->user->methods[ 936 sm->user_eap_method_index].vendor; 937 next_type = sm->user->methods[ 938 sm->user_eap_method_index++].method; 939 wpa_printf(MSG_DEBUG, 940 "EAP-PEAP: try EAP vendor %d type 0x%x", 941 next_vendor, next_type); 942 } else { 943 eap_peap_req_failure(sm, data); 944 next_vendor = EAP_VENDOR_IETF; 945 next_type = EAP_TYPE_NONE; 946 } 947 eap_peap_phase2_init(sm, data, next_vendor, next_type); 948 return; 949 } 950 951 if (data->phase2_method->check(sm, data->phase2_priv, in_data)) { 952 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 check() asked to " 953 "ignore the packet"); 954 return; 955 } 956 957 data->phase2_method->process(sm, data->phase2_priv, in_data); 958 959 if (sm->method_pending == METHOD_PENDING_WAIT) { 960 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method is in " 961 "pending wait state - save decrypted response"); 962 wpabuf_free(data->pending_phase2_resp); 963 data->pending_phase2_resp = wpabuf_dup(in_data); 964 } 965 966 if (!data->phase2_method->isDone(sm, data->phase2_priv)) 967 return; 968 969 if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) { 970 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method failed"); 971 eap_peap_req_failure(sm, data); 972 next_vendor = EAP_VENDOR_IETF; 973 next_type = EAP_TYPE_NONE; 974 eap_peap_phase2_init(sm, data, next_vendor, next_type); 975 return; 976 } 977 978 os_free(data->phase2_key); 979 if (data->phase2_method->getKey) { 980 data->phase2_key = data->phase2_method->getKey( 981 sm, data->phase2_priv, &data->phase2_key_len); 982 if (data->phase2_key == NULL) { 983 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 getKey " 984 "failed"); 985 eap_peap_req_failure(sm, data); 986 eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF, 987 EAP_TYPE_NONE); 988 return; 989 } 990 } 991 992 switch (data->state) { 993 case PHASE1_ID2: 994 case PHASE2_ID: 995 case PHASE2_SOH: 996 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 997 wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 " 998 "Identity not found in the user " 999 "database", 1000 sm->identity, sm->identity_len); 1001 eap_peap_req_failure(sm, data); 1002 next_vendor = EAP_VENDOR_IETF; 1003 next_type = EAP_TYPE_NONE; 1004 break; 1005 } 1006 1007#ifdef EAP_SERVER_TNC 1008 if (data->state != PHASE2_SOH && sm->tnc && 1009 data->peap_version == 0) { 1010 eap_peap_state(data, PHASE2_SOH); 1011 wpa_printf(MSG_DEBUG, "EAP-PEAP: Try to initialize " 1012 "TNC (NAP SOH)"); 1013 next_vendor = EAP_VENDOR_IETF; 1014 next_type = EAP_TYPE_NONE; 1015 break; 1016 } 1017#endif /* EAP_SERVER_TNC */ 1018 1019 eap_peap_state(data, PHASE2_METHOD); 1020 next_vendor = sm->user->methods[0].vendor; 1021 next_type = sm->user->methods[0].method; 1022 sm->user_eap_method_index = 1; 1023 wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP vendor %d type 0x%x", 1024 next_vendor, next_type); 1025 break; 1026 case PHASE2_METHOD: 1027 eap_peap_req_success(sm, data); 1028 next_vendor = EAP_VENDOR_IETF; 1029 next_type = EAP_TYPE_NONE; 1030 break; 1031 case FAILURE: 1032 break; 1033 default: 1034 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", 1035 __func__, data->state); 1036 break; 1037 } 1038 1039 eap_peap_phase2_init(sm, data, next_vendor, next_type); 1040} 1041 1042 1043static void eap_peap_process_phase2(struct eap_sm *sm, 1044 struct eap_peap_data *data, 1045 const struct wpabuf *respData, 1046 struct wpabuf *in_buf) 1047{ 1048 struct wpabuf *in_decrypted; 1049 const struct eap_hdr *hdr; 1050 size_t len; 1051 1052 wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for" 1053 " Phase 2", (unsigned long) wpabuf_len(in_buf)); 1054 1055 if (data->pending_phase2_resp) { 1056 wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 response - " 1057 "skip decryption and use old data"); 1058 eap_peap_process_phase2_response(sm, data, 1059 data->pending_phase2_resp); 1060 wpabuf_free(data->pending_phase2_resp); 1061 data->pending_phase2_resp = NULL; 1062 return; 1063 } 1064 1065 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn, 1066 in_buf); 1067 if (in_decrypted == NULL) { 1068 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 " 1069 "data"); 1070 eap_peap_state(data, FAILURE); 1071 return; 1072 } 1073 1074 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP", 1075 in_decrypted); 1076 1077 if (data->peap_version == 0 && data->state != PHASE2_TLV) { 1078 const struct eap_hdr *resp; 1079 struct eap_hdr *nhdr; 1080 struct wpabuf *nbuf = 1081 wpabuf_alloc(sizeof(struct eap_hdr) + 1082 wpabuf_len(in_decrypted)); 1083 if (nbuf == NULL) { 1084 wpabuf_free(in_decrypted); 1085 return; 1086 } 1087 1088 resp = wpabuf_head(respData); 1089 nhdr = wpabuf_put(nbuf, sizeof(*nhdr)); 1090 nhdr->code = resp->code; 1091 nhdr->identifier = resp->identifier; 1092 nhdr->length = host_to_be16(sizeof(struct eap_hdr) + 1093 wpabuf_len(in_decrypted)); 1094 wpabuf_put_buf(nbuf, in_decrypted); 1095 wpabuf_free(in_decrypted); 1096 1097 in_decrypted = nbuf; 1098 } 1099 1100 hdr = wpabuf_head(in_decrypted); 1101 if (wpabuf_len(in_decrypted) < (int) sizeof(*hdr)) { 1102 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 " 1103 "EAP frame (len=%lu)", 1104 (unsigned long) wpabuf_len(in_decrypted)); 1105 wpabuf_free(in_decrypted); 1106 eap_peap_req_failure(sm, data); 1107 return; 1108 } 1109 len = be_to_host16(hdr->length); 1110 if (len > wpabuf_len(in_decrypted)) { 1111 wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in " 1112 "Phase 2 EAP frame (len=%lu hdr->length=%lu)", 1113 (unsigned long) wpabuf_len(in_decrypted), 1114 (unsigned long) len); 1115 wpabuf_free(in_decrypted); 1116 eap_peap_req_failure(sm, data); 1117 return; 1118 } 1119 wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d " 1120 "identifier=%d length=%lu", hdr->code, hdr->identifier, 1121 (unsigned long) len); 1122 switch (hdr->code) { 1123 case EAP_CODE_RESPONSE: 1124 eap_peap_process_phase2_response(sm, data, in_decrypted); 1125 break; 1126 case EAP_CODE_SUCCESS: 1127 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success"); 1128 if (data->state == SUCCESS_REQ) { 1129 eap_peap_state(data, SUCCESS); 1130 eap_peap_valid_session(sm, data); 1131 } 1132 break; 1133 case EAP_CODE_FAILURE: 1134 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure"); 1135 eap_peap_state(data, FAILURE); 1136 break; 1137 default: 1138 wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in " 1139 "Phase 2 EAP header", hdr->code); 1140 break; 1141 } 1142 1143 wpabuf_free(in_decrypted); 1144} 1145 1146 1147static int eap_peap_process_version(struct eap_sm *sm, void *priv, 1148 int peer_version) 1149{ 1150 struct eap_peap_data *data = priv; 1151 1152 data->recv_version = peer_version; 1153 if (data->force_version >= 0 && peer_version != data->force_version) { 1154 wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced" 1155 " version (forced=%d peer=%d) - reject", 1156 data->force_version, peer_version); 1157 return -1; 1158 } 1159 if (peer_version < data->peap_version) { 1160 wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; " 1161 "use version %d", 1162 peer_version, data->peap_version, peer_version); 1163 data->peap_version = peer_version; 1164 } 1165 1166 return 0; 1167} 1168 1169 1170static void eap_peap_process_msg(struct eap_sm *sm, void *priv, 1171 const struct wpabuf *respData) 1172{ 1173 struct eap_peap_data *data = priv; 1174 1175 switch (data->state) { 1176 case PHASE1: 1177 if (eap_server_tls_phase1(sm, &data->ssl) < 0) { 1178 eap_peap_state(data, FAILURE); 1179 break; 1180 } 1181 break; 1182 case PHASE2_START: 1183 eap_peap_state(data, PHASE2_ID); 1184 eap_peap_phase2_init(sm, data, EAP_VENDOR_IETF, 1185 EAP_TYPE_IDENTITY); 1186 break; 1187 case PHASE1_ID2: 1188 case PHASE2_ID: 1189 case PHASE2_METHOD: 1190 case PHASE2_SOH: 1191 case PHASE2_TLV: 1192 eap_peap_process_phase2(sm, data, respData, data->ssl.tls_in); 1193 break; 1194 case SUCCESS_REQ: 1195 eap_peap_state(data, SUCCESS); 1196 eap_peap_valid_session(sm, data); 1197 break; 1198 case FAILURE_REQ: 1199 eap_peap_state(data, FAILURE); 1200 break; 1201 default: 1202 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", 1203 data->state, __func__); 1204 break; 1205 } 1206} 1207 1208 1209static void eap_peap_process(struct eap_sm *sm, void *priv, 1210 struct wpabuf *respData) 1211{ 1212 struct eap_peap_data *data = priv; 1213 const struct wpabuf *buf; 1214 const u8 *pos; 1215 u8 id_len; 1216 1217 if (eap_server_tls_process(sm, &data->ssl, respData, data, 1218 EAP_TYPE_PEAP, eap_peap_process_version, 1219 eap_peap_process_msg) < 0) { 1220 eap_peap_state(data, FAILURE); 1221 return; 1222 } 1223 1224 if (data->state == SUCCESS || 1225 !tls_connection_established(sm->ssl_ctx, data->ssl.conn) || 1226 !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) 1227 return; 1228 1229 buf = tls_connection_get_success_data(data->ssl.conn); 1230 if (!buf || wpabuf_len(buf) < 2) { 1231 wpa_printf(MSG_DEBUG, 1232 "EAP-PEAP: No success data in resumed session - reject attempt"); 1233 eap_peap_state(data, FAILURE); 1234 return; 1235 } 1236 1237 pos = wpabuf_head(buf); 1238 if (*pos != EAP_TYPE_PEAP) { 1239 wpa_printf(MSG_DEBUG, 1240 "EAP-PEAP: Resumed session for another EAP type (%u) - reject attempt", 1241 *pos); 1242 eap_peap_state(data, FAILURE); 1243 return; 1244 } 1245 1246 pos++; 1247 id_len = *pos++; 1248 wpa_hexdump_ascii(MSG_DEBUG, "EAP-PEAP: Identity from cached session", 1249 pos, id_len); 1250 os_free(sm->identity); 1251 sm->identity = os_malloc(id_len ? id_len : 1); 1252 if (!sm->identity) { 1253 sm->identity_len = 0; 1254 eap_peap_state(data, FAILURE); 1255 return; 1256 } 1257 1258 os_memcpy(sm->identity, pos, id_len); 1259 sm->identity_len = id_len; 1260 1261 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 1262 wpa_hexdump_ascii(MSG_DEBUG, "EAP-PEAP: Phase2 Identity not found in the user database", 1263 sm->identity, sm->identity_len); 1264 eap_peap_state(data, FAILURE); 1265 return; 1266 } 1267 1268 wpa_printf(MSG_DEBUG, 1269 "EAP-PEAP: Resuming previous session - skip Phase2"); 1270 eap_peap_state(data, SUCCESS_REQ); 1271 tls_connection_set_success_data_resumed(data->ssl.conn); 1272} 1273 1274 1275static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv) 1276{ 1277 struct eap_peap_data *data = priv; 1278 return data->state == SUCCESS || data->state == FAILURE; 1279} 1280 1281 1282static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len) 1283{ 1284 struct eap_peap_data *data = priv; 1285 u8 *eapKeyData; 1286 1287 if (data->state != SUCCESS) 1288 return NULL; 1289 1290 if (data->crypto_binding_used) { 1291 u8 csk[128]; 1292 /* 1293 * Note: It looks like Microsoft implementation requires null 1294 * termination for this label while the one used for deriving 1295 * IPMK|CMK did not use null termination. 1296 */ 1297 if (peap_prfplus(data->peap_version, data->ipmk, 40, 1298 "Session Key Generating Function", 1299 (u8 *) "\00", 1, csk, sizeof(csk)) < 0) 1300 return NULL; 1301 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); 1302 eapKeyData = os_malloc(EAP_TLS_KEY_LEN); 1303 if (eapKeyData) { 1304 os_memcpy(eapKeyData, csk, EAP_TLS_KEY_LEN); 1305 *len = EAP_TLS_KEY_LEN; 1306 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", 1307 eapKeyData, EAP_TLS_KEY_LEN); 1308 } else { 1309 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive " 1310 "key"); 1311 } 1312 1313 return eapKeyData; 1314 } 1315 1316 /* TODO: PEAPv1 - different label in some cases */ 1317 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1318 "client EAP encryption", 1319 EAP_TLS_KEY_LEN); 1320 if (eapKeyData) { 1321 *len = EAP_TLS_KEY_LEN; 1322 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", 1323 eapKeyData, EAP_TLS_KEY_LEN); 1324 } else { 1325 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive key"); 1326 } 1327 1328 return eapKeyData; 1329} 1330 1331 1332static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv) 1333{ 1334 struct eap_peap_data *data = priv; 1335 return data->state == SUCCESS; 1336} 1337 1338 1339static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1340{ 1341 struct eap_peap_data *data = priv; 1342 1343 if (data->state != SUCCESS) 1344 return NULL; 1345 1346 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_PEAP, 1347 len); 1348} 1349 1350 1351int eap_server_peap_register(void) 1352{ 1353 struct eap_method *eap; 1354 int ret; 1355 1356 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1357 EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP"); 1358 if (eap == NULL) 1359 return -1; 1360 1361 eap->init = eap_peap_init; 1362 eap->reset = eap_peap_reset; 1363 eap->buildReq = eap_peap_buildReq; 1364 eap->check = eap_peap_check; 1365 eap->process = eap_peap_process; 1366 eap->isDone = eap_peap_isDone; 1367 eap->getKey = eap_peap_getKey; 1368 eap->isSuccess = eap_peap_isSuccess; 1369 eap->getSessionId = eap_peap_get_session_id; 1370 1371 ret = eap_server_method_register(eap); 1372 if (ret) 1373 eap_server_method_free(eap); 1374 return ret; 1375} 1376