1 /* 2 * EAP peer method: EAP-TTLS (RFC 5281) 3 * Copyright (c) 2004-2011, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/ms_funcs.h" 13 #include "crypto/sha1.h" 14 #include "crypto/tls.h" 15 #include "eap_common/chap.h" 16 #include "eap_common/eap_ttls.h" 17 #include "mschapv2.h" 18 #include "eap_i.h" 19 #include "eap_tls_common.h" 20 #include "eap_config.h" 21 22 23 #define EAP_TTLS_VERSION 0 24 25 26 static void eap_ttls_deinit(struct eap_sm *sm, void *priv); 27 28 29 struct eap_ttls_data { 30 struct eap_ssl_data ssl; 31 32 int ttls_version; 33 34 const struct eap_method *phase2_method; 35 void *phase2_priv; 36 int phase2_success; 37 int phase2_start; 38 39 enum phase2_types { 40 EAP_TTLS_PHASE2_EAP, 41 EAP_TTLS_PHASE2_MSCHAPV2, 42 EAP_TTLS_PHASE2_MSCHAP, 43 EAP_TTLS_PHASE2_PAP, 44 EAP_TTLS_PHASE2_CHAP 45 } phase2_type; 46 struct eap_method_type phase2_eap_type; 47 struct eap_method_type *phase2_eap_types; 48 size_t num_phase2_eap_types; 49 50 u8 auth_response[MSCHAPV2_AUTH_RESPONSE_LEN]; 51 int auth_response_valid; 52 u8 master_key[MSCHAPV2_MASTER_KEY_LEN]; /* MSCHAPv2 master key */ 53 u8 ident; 54 int resuming; /* starting a resumed session */ 55 int reauth; /* reauthentication */ 56 u8 *key_data; 57 58 struct wpabuf *pending_phase2_req; 59 60 #ifdef EAP_TNC 61 int ready_for_tnc; 62 int tnc_started; 63 #endif /* EAP_TNC */ 64 }; 65 66 67 static void * eap_ttls_init(struct eap_sm *sm) 68 { 69 struct eap_ttls_data *data; 70 struct eap_peer_config *config = eap_get_config(sm); 71 char *selected; 72 73 data = os_zalloc(sizeof(*data)); 74 if (data == NULL) 75 return NULL; 76 data->ttls_version = EAP_TTLS_VERSION; 77 selected = "EAP"; 78 data->phase2_type = EAP_TTLS_PHASE2_EAP; 79 80 if (config && config->phase2) { 81 if (os_strstr(config->phase2, "autheap=")) { 82 selected = "EAP"; 83 data->phase2_type = EAP_TTLS_PHASE2_EAP; 84 } else if (os_strstr(config->phase2, "auth=MSCHAPV2")) { 85 selected = "MSCHAPV2"; 86 data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2; 87 } else if (os_strstr(config->phase2, "auth=MSCHAP")) { 88 selected = "MSCHAP"; 89 data->phase2_type = EAP_TTLS_PHASE2_MSCHAP; 90 } else if (os_strstr(config->phase2, "auth=PAP")) { 91 selected = "PAP"; 92 data->phase2_type = EAP_TTLS_PHASE2_PAP; 93 } else if (os_strstr(config->phase2, "auth=CHAP")) { 94 selected = "CHAP"; 95 data->phase2_type = EAP_TTLS_PHASE2_CHAP; 96 } 97 } 98 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected); 99 100 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) { 101 if (eap_peer_select_phase2_methods(config, "autheap=", 102 &data->phase2_eap_types, 103 &data->num_phase2_eap_types) 104 < 0) { 105 eap_ttls_deinit(sm, data); 106 return NULL; 107 } 108 109 data->phase2_eap_type.vendor = EAP_VENDOR_IETF; 110 data->phase2_eap_type.method = EAP_TYPE_NONE; 111 } 112 113 if (eap_peer_tls_ssl_init(sm, &data->ssl, config)) { 114 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); 115 eap_ttls_deinit(sm, data); 116 return NULL; 117 } 118 119 return data; 120 } 121 122 123 static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm, 124 struct eap_ttls_data *data) 125 { 126 if (data->phase2_priv && data->phase2_method) { 127 data->phase2_method->deinit(sm, data->phase2_priv); 128 data->phase2_method = NULL; 129 data->phase2_priv = NULL; 130 } 131 } 132 133 134 static void eap_ttls_deinit(struct eap_sm *sm, void *priv) 135 { 136 struct eap_ttls_data *data = priv; 137 if (data == NULL) 138 return; 139 eap_ttls_phase2_eap_deinit(sm, data); 140 os_free(data->phase2_eap_types); 141 eap_peer_tls_ssl_deinit(sm, &data->ssl); 142 os_free(data->key_data); 143 wpabuf_free(data->pending_phase2_req); 144 os_free(data); 145 } 146 147 148 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, 149 int mandatory, size_t len) 150 { 151 struct ttls_avp_vendor *avp; 152 u8 flags; 153 size_t hdrlen; 154 155 avp = (struct ttls_avp_vendor *) avphdr; 156 flags = mandatory ? AVP_FLAGS_MANDATORY : 0; 157 if (vendor_id) { 158 flags |= AVP_FLAGS_VENDOR; 159 hdrlen = sizeof(*avp); 160 avp->vendor_id = host_to_be32(vendor_id); 161 } else { 162 hdrlen = sizeof(struct ttls_avp); 163 } 164 165 avp->avp_code = host_to_be32(avp_code); 166 avp->avp_length = host_to_be32((flags << 24) | (u32) (hdrlen + len)); 167 168 return avphdr + hdrlen; 169 } 170 171 172 static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code, 173 u32 vendor_id, int mandatory, 174 const u8 *data, size_t len) 175 { 176 u8 *pos; 177 pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len); 178 os_memcpy(pos, data, len); 179 pos += len; 180 AVP_PAD(start, pos); 181 return pos; 182 } 183 184 185 static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code, 186 int mandatory) 187 { 188 struct wpabuf *msg; 189 u8 *avp, *pos; 190 191 msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4); 192 if (msg == NULL) { 193 wpabuf_free(*resp); 194 *resp = NULL; 195 return -1; 196 } 197 198 avp = wpabuf_mhead(msg); 199 pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp)); 200 os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp)); 201 pos += wpabuf_len(*resp); 202 AVP_PAD(avp, pos); 203 wpabuf_free(*resp); 204 wpabuf_put(msg, pos - avp); 205 *resp = msg; 206 return 0; 207 } 208 209 210 static int eap_ttls_v0_derive_key(struct eap_sm *sm, 211 struct eap_ttls_data *data) 212 { 213 os_free(data->key_data); 214 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, 215 "ttls keying material", 216 EAP_TLS_KEY_LEN); 217 if (!data->key_data) { 218 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key"); 219 return -1; 220 } 221 222 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", 223 data->key_data, EAP_TLS_KEY_LEN); 224 225 return 0; 226 } 227 228 229 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, 230 struct eap_ttls_data *data, size_t len) 231 { 232 return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len); 233 } 234 235 236 static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data, 237 u8 method) 238 { 239 size_t i; 240 for (i = 0; i < data->num_phase2_eap_types; i++) { 241 if (data->phase2_eap_types[i].vendor != EAP_VENDOR_IETF || 242 data->phase2_eap_types[i].method != method) 243 continue; 244 245 data->phase2_eap_type.vendor = 246 data->phase2_eap_types[i].vendor; 247 data->phase2_eap_type.method = 248 data->phase2_eap_types[i].method; 249 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 250 "Phase 2 EAP vendor %d method %d", 251 data->phase2_eap_type.vendor, 252 data->phase2_eap_type.method); 253 break; 254 } 255 } 256 257 258 static int eap_ttls_phase2_eap_process(struct eap_sm *sm, 259 struct eap_ttls_data *data, 260 struct eap_method_ret *ret, 261 struct eap_hdr *hdr, size_t len, 262 struct wpabuf **resp) 263 { 264 struct wpabuf msg; 265 struct eap_method_ret iret; 266 267 os_memset(&iret, 0, sizeof(iret)); 268 wpabuf_set(&msg, hdr, len); 269 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret, 270 &msg); 271 if ((iret.methodState == METHOD_DONE || 272 iret.methodState == METHOD_MAY_CONT) && 273 (iret.decision == DECISION_UNCOND_SUCC || 274 iret.decision == DECISION_COND_SUCC || 275 iret.decision == DECISION_FAIL)) { 276 ret->methodState = iret.methodState; 277 ret->decision = iret.decision; 278 } 279 280 return 0; 281 } 282 283 284 static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm, 285 struct eap_ttls_data *data, 286 struct eap_method_ret *ret, 287 struct eap_hdr *hdr, size_t len, 288 u8 method, struct wpabuf **resp) 289 { 290 #ifdef EAP_TNC 291 if (data->tnc_started && data->phase2_method && 292 data->phase2_priv && method == EAP_TYPE_TNC && 293 data->phase2_eap_type.method == EAP_TYPE_TNC) 294 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, 295 resp); 296 297 if (data->ready_for_tnc && !data->tnc_started && 298 method == EAP_TYPE_TNC) { 299 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 300 "EAP method"); 301 data->tnc_started = 1; 302 } 303 304 if (data->tnc_started) { 305 if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF || 306 data->phase2_eap_type.method == EAP_TYPE_TNC) { 307 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected EAP " 308 "type %d for TNC", method); 309 return -1; 310 } 311 312 data->phase2_eap_type.vendor = EAP_VENDOR_IETF; 313 data->phase2_eap_type.method = method; 314 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected " 315 "Phase 2 EAP vendor %d method %d (TNC)", 316 data->phase2_eap_type.vendor, 317 data->phase2_eap_type.method); 318 319 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) 320 eap_ttls_phase2_eap_deinit(sm, data); 321 } 322 #endif /* EAP_TNC */ 323 324 if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF && 325 data->phase2_eap_type.method == EAP_TYPE_NONE) 326 eap_ttls_phase2_select_eap_method(data, method); 327 328 if (method != data->phase2_eap_type.method || method == EAP_TYPE_NONE) 329 { 330 if (eap_peer_tls_phase2_nak(data->phase2_eap_types, 331 data->num_phase2_eap_types, 332 hdr, resp)) 333 return -1; 334 return 0; 335 } 336 337 if (data->phase2_priv == NULL) { 338 data->phase2_method = eap_peer_get_eap_method( 339 EAP_VENDOR_IETF, method); 340 if (data->phase2_method) { 341 sm->init_phase2 = 1; 342 data->phase2_priv = data->phase2_method->init(sm); 343 sm->init_phase2 = 0; 344 } 345 } 346 if (data->phase2_priv == NULL || data->phase2_method == NULL) { 347 wpa_printf(MSG_INFO, "EAP-TTLS: failed to initialize " 348 "Phase 2 EAP method %d", method); 349 return -1; 350 } 351 352 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp); 353 } 354 355 356 static int eap_ttls_phase2_request_eap(struct eap_sm *sm, 357 struct eap_ttls_data *data, 358 struct eap_method_ret *ret, 359 struct eap_hdr *hdr, 360 struct wpabuf **resp) 361 { 362 size_t len = be_to_host16(hdr->length); 363 u8 *pos; 364 struct eap_peer_config *config = eap_get_config(sm); 365 366 if (len <= sizeof(struct eap_hdr)) { 367 wpa_printf(MSG_INFO, "EAP-TTLS: too short " 368 "Phase 2 request (len=%lu)", (unsigned long) len); 369 return -1; 370 } 371 pos = (u8 *) (hdr + 1); 372 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos); 373 switch (*pos) { 374 case EAP_TYPE_IDENTITY: 375 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1); 376 break; 377 default: 378 if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len, 379 *pos, resp) < 0) 380 return -1; 381 break; 382 } 383 384 if (*resp == NULL && 385 (config->pending_req_identity || config->pending_req_password || 386 config->pending_req_otp)) { 387 return 0; 388 } 389 390 if (*resp == NULL) 391 return -1; 392 393 wpa_hexdump_buf(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response", 394 *resp); 395 return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1); 396 } 397 398 399 static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm, 400 struct eap_ttls_data *data, 401 struct eap_method_ret *ret, 402 struct wpabuf **resp) 403 { 404 struct wpabuf *msg; 405 u8 *buf, *pos, *challenge, *peer_challenge; 406 const u8 *identity, *password; 407 size_t identity_len, password_len; 408 int pwhash; 409 410 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request"); 411 412 identity = eap_get_config_identity(sm, &identity_len); 413 password = eap_get_config_password2(sm, &password_len, &pwhash); 414 if (identity == NULL || password == NULL) 415 return -1; 416 417 msg = wpabuf_alloc(identity_len + 1000); 418 if (msg == NULL) { 419 wpa_printf(MSG_ERROR, 420 "EAP-TTLS/MSCHAPV2: Failed to allocate memory"); 421 return -1; 422 } 423 pos = buf = wpabuf_mhead(msg); 424 425 /* User-Name */ 426 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 427 identity, identity_len); 428 429 /* MS-CHAP-Challenge */ 430 challenge = eap_ttls_implicit_challenge( 431 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); 432 if (challenge == NULL) { 433 wpabuf_free(msg); 434 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 435 "implicit challenge"); 436 return -1; 437 } 438 peer_challenge = challenge + 1 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN; 439 440 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 441 RADIUS_VENDOR_ID_MICROSOFT, 1, 442 challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 443 444 /* MS-CHAP2-Response */ 445 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE, 446 RADIUS_VENDOR_ID_MICROSOFT, 1, 447 EAP_TTLS_MSCHAPV2_RESPONSE_LEN); 448 data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]; 449 *pos++ = data->ident; 450 *pos++ = 0; /* Flags */ 451 os_memcpy(pos, peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); 452 pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN; 453 os_memset(pos, 0, 8); /* Reserved, must be zero */ 454 pos += 8; 455 if (mschapv2_derive_response(identity, identity_len, password, 456 password_len, pwhash, challenge, 457 peer_challenge, pos, data->auth_response, 458 data->master_key)) { 459 wpabuf_free(msg); 460 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " 461 "response"); 462 return -1; 463 } 464 data->auth_response_valid = 1; 465 466 pos += 24; 467 os_free(challenge); 468 AVP_PAD(buf, pos); 469 470 wpabuf_put(msg, pos - buf); 471 *resp = msg; 472 473 if (sm->workaround) { 474 /* At least FreeRADIUS seems to be terminating 475 * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success 476 * packet. */ 477 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: EAP workaround - " 478 "allow success without tunneled response"); 479 ret->methodState = METHOD_MAY_CONT; 480 ret->decision = DECISION_COND_SUCC; 481 } 482 483 return 0; 484 } 485 486 487 static int eap_ttls_phase2_request_mschap(struct eap_sm *sm, 488 struct eap_ttls_data *data, 489 struct eap_method_ret *ret, 490 struct wpabuf **resp) 491 { 492 struct wpabuf *msg; 493 u8 *buf, *pos, *challenge; 494 const u8 *identity, *password; 495 size_t identity_len, password_len; 496 int pwhash; 497 498 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request"); 499 500 identity = eap_get_config_identity(sm, &identity_len); 501 password = eap_get_config_password2(sm, &password_len, &pwhash); 502 if (identity == NULL || password == NULL) 503 return -1; 504 505 msg = wpabuf_alloc(identity_len + 1000); 506 if (msg == NULL) { 507 wpa_printf(MSG_ERROR, 508 "EAP-TTLS/MSCHAP: Failed to allocate memory"); 509 return -1; 510 } 511 pos = buf = wpabuf_mhead(msg); 512 513 /* User-Name */ 514 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 515 identity, identity_len); 516 517 /* MS-CHAP-Challenge */ 518 challenge = eap_ttls_implicit_challenge( 519 sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); 520 if (challenge == NULL) { 521 wpabuf_free(msg); 522 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive " 523 "implicit challenge"); 524 return -1; 525 } 526 527 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE, 528 RADIUS_VENDOR_ID_MICROSOFT, 1, 529 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 530 531 /* MS-CHAP-Response */ 532 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE, 533 RADIUS_VENDOR_ID_MICROSOFT, 1, 534 EAP_TTLS_MSCHAP_RESPONSE_LEN); 535 data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN]; 536 *pos++ = data->ident; 537 *pos++ = 1; /* Flags: Use NT style passwords */ 538 os_memset(pos, 0, 24); /* LM-Response */ 539 pos += 24; 540 if (pwhash) { 541 challenge_response(challenge, password, pos); /* NT-Response */ 542 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash", 543 password, 16); 544 } else { 545 nt_challenge_response(challenge, password, password_len, 546 pos); /* NT-Response */ 547 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password", 548 password, password_len); 549 } 550 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge", 551 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN); 552 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24); 553 pos += 24; 554 os_free(challenge); 555 AVP_PAD(buf, pos); 556 557 wpabuf_put(msg, pos - buf); 558 *resp = msg; 559 560 /* EAP-TTLS/MSCHAP does not provide tunneled success 561 * notification, so assume that Phase2 succeeds. */ 562 ret->methodState = METHOD_DONE; 563 ret->decision = DECISION_COND_SUCC; 564 565 return 0; 566 } 567 568 569 static int eap_ttls_phase2_request_pap(struct eap_sm *sm, 570 struct eap_ttls_data *data, 571 struct eap_method_ret *ret, 572 struct wpabuf **resp) 573 { 574 struct wpabuf *msg; 575 u8 *buf, *pos; 576 size_t pad; 577 const u8 *identity, *password; 578 size_t identity_len, password_len; 579 580 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request"); 581 582 identity = eap_get_config_identity(sm, &identity_len); 583 password = eap_get_config_password(sm, &password_len); 584 if (identity == NULL || password == NULL) 585 return -1; 586 587 msg = wpabuf_alloc(identity_len + password_len + 100); 588 if (msg == NULL) { 589 wpa_printf(MSG_ERROR, 590 "EAP-TTLS/PAP: Failed to allocate memory"); 591 return -1; 592 } 593 pos = buf = wpabuf_mhead(msg); 594 595 /* User-Name */ 596 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 597 identity, identity_len); 598 599 /* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts 600 * the data, so no separate encryption is used in the AVP itself. 601 * However, the password is padded to obfuscate its length. */ 602 pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15; 603 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1, 604 password_len + pad); 605 os_memcpy(pos, password, password_len); 606 pos += password_len; 607 os_memset(pos, 0, pad); 608 pos += pad; 609 AVP_PAD(buf, pos); 610 611 wpabuf_put(msg, pos - buf); 612 *resp = msg; 613 614 /* EAP-TTLS/PAP does not provide tunneled success notification, 615 * so assume that Phase2 succeeds. */ 616 ret->methodState = METHOD_DONE; 617 ret->decision = DECISION_COND_SUCC; 618 619 return 0; 620 } 621 622 623 static int eap_ttls_phase2_request_chap(struct eap_sm *sm, 624 struct eap_ttls_data *data, 625 struct eap_method_ret *ret, 626 struct wpabuf **resp) 627 { 628 struct wpabuf *msg; 629 u8 *buf, *pos, *challenge; 630 const u8 *identity, *password; 631 size_t identity_len, password_len; 632 633 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request"); 634 635 identity = eap_get_config_identity(sm, &identity_len); 636 password = eap_get_config_password(sm, &password_len); 637 if (identity == NULL || password == NULL) 638 return -1; 639 640 msg = wpabuf_alloc(identity_len + 1000); 641 if (msg == NULL) { 642 wpa_printf(MSG_ERROR, 643 "EAP-TTLS/CHAP: Failed to allocate memory"); 644 return -1; 645 } 646 pos = buf = wpabuf_mhead(msg); 647 648 /* User-Name */ 649 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1, 650 identity, identity_len); 651 652 /* CHAP-Challenge */ 653 challenge = eap_ttls_implicit_challenge( 654 sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1); 655 if (challenge == NULL) { 656 wpabuf_free(msg); 657 wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive " 658 "implicit challenge"); 659 return -1; 660 } 661 662 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1, 663 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 664 665 /* CHAP-Password */ 666 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1, 667 1 + EAP_TTLS_CHAP_PASSWORD_LEN); 668 data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN]; 669 *pos++ = data->ident; 670 671 /* MD5(Ident + Password + Challenge) */ 672 chap_md5(data->ident, password, password_len, challenge, 673 EAP_TTLS_CHAP_CHALLENGE_LEN, pos); 674 675 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username", 676 identity, identity_len); 677 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password", 678 password, password_len); 679 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge", 680 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN); 681 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password", 682 pos, EAP_TTLS_CHAP_PASSWORD_LEN); 683 pos += EAP_TTLS_CHAP_PASSWORD_LEN; 684 os_free(challenge); 685 AVP_PAD(buf, pos); 686 687 wpabuf_put(msg, pos - buf); 688 *resp = msg; 689 690 /* EAP-TTLS/CHAP does not provide tunneled success 691 * notification, so assume that Phase2 succeeds. */ 692 ret->methodState = METHOD_DONE; 693 ret->decision = DECISION_COND_SUCC; 694 695 return 0; 696 } 697 698 699 static int eap_ttls_phase2_request(struct eap_sm *sm, 700 struct eap_ttls_data *data, 701 struct eap_method_ret *ret, 702 struct eap_hdr *hdr, 703 struct wpabuf **resp) 704 { 705 int res = 0; 706 size_t len; 707 enum phase2_types phase2_type = data->phase2_type; 708 709 #ifdef EAP_TNC 710 if (data->tnc_started) { 711 wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC"); 712 phase2_type = EAP_TTLS_PHASE2_EAP; 713 } 714 #endif /* EAP_TNC */ 715 716 if (phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 || 717 phase2_type == EAP_TTLS_PHASE2_MSCHAP || 718 phase2_type == EAP_TTLS_PHASE2_PAP || 719 phase2_type == EAP_TTLS_PHASE2_CHAP) { 720 if (eap_get_config_identity(sm, &len) == NULL) { 721 wpa_printf(MSG_INFO, 722 "EAP-TTLS: Identity not configured"); 723 eap_sm_request_identity(sm); 724 if (eap_get_config_password(sm, &len) == NULL) 725 eap_sm_request_password(sm); 726 return 0; 727 } 728 729 if (eap_get_config_password(sm, &len) == NULL) { 730 wpa_printf(MSG_INFO, 731 "EAP-TTLS: Password not configured"); 732 eap_sm_request_password(sm); 733 return 0; 734 } 735 } 736 737 switch (phase2_type) { 738 case EAP_TTLS_PHASE2_EAP: 739 res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp); 740 break; 741 case EAP_TTLS_PHASE2_MSCHAPV2: 742 res = eap_ttls_phase2_request_mschapv2(sm, data, ret, resp); 743 break; 744 case EAP_TTLS_PHASE2_MSCHAP: 745 res = eap_ttls_phase2_request_mschap(sm, data, ret, resp); 746 break; 747 case EAP_TTLS_PHASE2_PAP: 748 res = eap_ttls_phase2_request_pap(sm, data, ret, resp); 749 break; 750 case EAP_TTLS_PHASE2_CHAP: 751 res = eap_ttls_phase2_request_chap(sm, data, ret, resp); 752 break; 753 default: 754 wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown"); 755 res = -1; 756 break; 757 } 758 759 if (res < 0) { 760 ret->methodState = METHOD_DONE; 761 ret->decision = DECISION_FAIL; 762 } 763 764 return res; 765 } 766 767 768 struct ttls_parse_avp { 769 u8 *mschapv2; 770 u8 *eapdata; 771 size_t eap_len; 772 int mschapv2_error; 773 }; 774 775 776 static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen, 777 struct ttls_parse_avp *parse) 778 { 779 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); 780 if (parse->eapdata == NULL) { 781 parse->eapdata = os_malloc(dlen); 782 if (parse->eapdata == NULL) { 783 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 784 "memory for Phase 2 EAP data"); 785 return -1; 786 } 787 os_memcpy(parse->eapdata, dpos, dlen); 788 parse->eap_len = dlen; 789 } else { 790 u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen); 791 if (neweap == NULL) { 792 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate " 793 "memory for Phase 2 EAP data"); 794 return -1; 795 } 796 os_memcpy(neweap + parse->eap_len, dpos, dlen); 797 parse->eapdata = neweap; 798 parse->eap_len += dlen; 799 } 800 801 return 0; 802 } 803 804 805 static int eap_ttls_parse_avp(u8 *pos, size_t left, 806 struct ttls_parse_avp *parse) 807 { 808 struct ttls_avp *avp; 809 u32 avp_code, avp_length, vendor_id = 0; 810 u8 avp_flags, *dpos; 811 size_t dlen; 812 813 avp = (struct ttls_avp *) pos; 814 avp_code = be_to_host32(avp->avp_code); 815 avp_length = be_to_host32(avp->avp_length); 816 avp_flags = (avp_length >> 24) & 0xff; 817 avp_length &= 0xffffff; 818 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " 819 "length=%d", (int) avp_code, avp_flags, 820 (int) avp_length); 821 822 if (avp_length > left) { 823 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " 824 "(len=%d, left=%lu) - dropped", 825 (int) avp_length, (unsigned long) left); 826 return -1; 827 } 828 829 if (avp_length < sizeof(*avp)) { 830 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length %d", 831 avp_length); 832 return -1; 833 } 834 835 dpos = (u8 *) (avp + 1); 836 dlen = avp_length - sizeof(*avp); 837 if (avp_flags & AVP_FLAGS_VENDOR) { 838 if (dlen < 4) { 839 wpa_printf(MSG_WARNING, "EAP-TTLS: Vendor AVP " 840 "underflow"); 841 return -1; 842 } 843 vendor_id = WPA_GET_BE32(dpos); 844 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", 845 (int) vendor_id); 846 dpos += 4; 847 dlen -= 4; 848 } 849 850 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); 851 852 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { 853 if (eap_ttls_parse_attr_eap(dpos, dlen, parse) < 0) 854 return -1; 855 } else if (vendor_id == 0 && avp_code == RADIUS_ATTR_REPLY_MESSAGE) { 856 /* This is an optional message that can be displayed to 857 * the user. */ 858 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: AVP - Reply-Message", 859 dpos, dlen); 860 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 861 avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) { 862 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP2-Success", 863 dpos, dlen); 864 if (dlen != 43) { 865 wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected " 866 "MS-CHAP2-Success length " 867 "(len=%lu, expected 43)", 868 (unsigned long) dlen); 869 return -1; 870 } 871 parse->mschapv2 = dpos; 872 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && 873 avp_code == RADIUS_ATTR_MS_CHAP_ERROR) { 874 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP-Error", 875 dpos, dlen); 876 parse->mschapv2_error = 1; 877 } else if (avp_flags & AVP_FLAGS_MANDATORY) { 878 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported mandatory AVP " 879 "code %d vendor_id %d - dropped", 880 (int) avp_code, (int) vendor_id); 881 return -1; 882 } else { 883 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported AVP " 884 "code %d vendor_id %d", 885 (int) avp_code, (int) vendor_id); 886 } 887 888 return avp_length; 889 } 890 891 892 static int eap_ttls_parse_avps(struct wpabuf *in_decrypted, 893 struct ttls_parse_avp *parse) 894 { 895 u8 *pos; 896 size_t left, pad; 897 int avp_length; 898 899 pos = wpabuf_mhead(in_decrypted); 900 left = wpabuf_len(in_decrypted); 901 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left); 902 if (left < sizeof(struct ttls_avp)) { 903 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame" 904 " len=%lu expected %lu or more - dropped", 905 (unsigned long) left, 906 (unsigned long) sizeof(struct ttls_avp)); 907 return -1; 908 } 909 910 /* Parse AVPs */ 911 os_memset(parse, 0, sizeof(*parse)); 912 913 while (left > 0) { 914 avp_length = eap_ttls_parse_avp(pos, left, parse); 915 if (avp_length < 0) 916 return -1; 917 918 pad = (4 - (avp_length & 3)) & 3; 919 pos += avp_length + pad; 920 if (left < avp_length + pad) 921 left = 0; 922 else 923 left -= avp_length + pad; 924 } 925 926 return 0; 927 } 928 929 930 static u8 * eap_ttls_fake_identity_request(void) 931 { 932 struct eap_hdr *hdr; 933 u8 *buf; 934 935 wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of " 936 "Phase 2 - use fake EAP-Request Identity"); 937 buf = os_malloc(sizeof(*hdr) + 1); 938 if (buf == NULL) { 939 wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate " 940 "memory for fake EAP-Identity Request"); 941 return NULL; 942 } 943 944 hdr = (struct eap_hdr *) buf; 945 hdr->code = EAP_CODE_REQUEST; 946 hdr->identifier = 0; 947 hdr->length = host_to_be16(sizeof(*hdr) + 1); 948 buf[sizeof(*hdr)] = EAP_TYPE_IDENTITY; 949 950 return buf; 951 } 952 953 954 static int eap_ttls_encrypt_response(struct eap_sm *sm, 955 struct eap_ttls_data *data, 956 struct wpabuf *resp, u8 identifier, 957 struct wpabuf **out_data) 958 { 959 if (resp == NULL) 960 return 0; 961 962 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data", 963 resp); 964 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 965 data->ttls_version, identifier, 966 resp, out_data)) { 967 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 " 968 "frame"); 969 return -1; 970 } 971 wpabuf_free(resp); 972 973 return 0; 974 } 975 976 977 static int eap_ttls_process_phase2_eap(struct eap_sm *sm, 978 struct eap_ttls_data *data, 979 struct eap_method_ret *ret, 980 struct ttls_parse_avp *parse, 981 struct wpabuf **resp) 982 { 983 struct eap_hdr *hdr; 984 size_t len; 985 986 if (parse->eapdata == NULL) { 987 wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in the " 988 "packet - dropped"); 989 return -1; 990 } 991 992 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP", 993 parse->eapdata, parse->eap_len); 994 hdr = (struct eap_hdr *) parse->eapdata; 995 996 if (parse->eap_len < sizeof(*hdr)) { 997 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 EAP " 998 "frame (len=%lu, expected %lu or more) - dropped", 999 (unsigned long) parse->eap_len, 1000 (unsigned long) sizeof(*hdr)); 1001 return -1; 1002 } 1003 len = be_to_host16(hdr->length); 1004 if (len > parse->eap_len) { 1005 wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in Phase 2 " 1006 "EAP frame (EAP hdr len=%lu, EAP data len in " 1007 "AVP=%lu)", 1008 (unsigned long) len, 1009 (unsigned long) parse->eap_len); 1010 return -1; 1011 } 1012 wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d " 1013 "identifier=%d length=%lu", 1014 hdr->code, hdr->identifier, (unsigned long) len); 1015 switch (hdr->code) { 1016 case EAP_CODE_REQUEST: 1017 if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) { 1018 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1019 "processing failed"); 1020 return -1; 1021 } 1022 break; 1023 default: 1024 wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in " 1025 "Phase 2 EAP header", hdr->code); 1026 return -1; 1027 } 1028 1029 return 0; 1030 } 1031 1032 1033 static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, 1034 struct eap_ttls_data *data, 1035 struct eap_method_ret *ret, 1036 struct ttls_parse_avp *parse) 1037 { 1038 if (parse->mschapv2_error) { 1039 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received " 1040 "MS-CHAP-Error - failed"); 1041 ret->methodState = METHOD_DONE; 1042 ret->decision = DECISION_FAIL; 1043 /* Reply with empty data to ACK error */ 1044 return 1; 1045 } 1046 1047 if (parse->mschapv2 == NULL) { 1048 #ifdef EAP_TNC 1049 if (data->phase2_success && parse->eapdata) { 1050 /* 1051 * Allow EAP-TNC to be started after successfully 1052 * completed MSCHAPV2. 1053 */ 1054 return 1; 1055 } 1056 #endif /* EAP_TNC */ 1057 wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP " 1058 "received for Phase2 MSCHAPV2"); 1059 return -1; 1060 } 1061 if (parse->mschapv2[0] != data->ident) { 1062 wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch for Phase 2 " 1063 "MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)", 1064 parse->mschapv2[0], data->ident); 1065 return -1; 1066 } 1067 if (!data->auth_response_valid || 1068 mschapv2_verify_auth_response(data->auth_response, 1069 parse->mschapv2 + 1, 42)) { 1070 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid authenticator " 1071 "response in Phase 2 MSCHAPV2 success request"); 1072 return -1; 1073 } 1074 1075 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 " 1076 "authentication succeeded"); 1077 ret->methodState = METHOD_DONE; 1078 ret->decision = DECISION_UNCOND_SUCC; 1079 data->phase2_success = 1; 1080 1081 /* 1082 * Reply with empty data; authentication server will reply 1083 * with EAP-Success after this. 1084 */ 1085 return 1; 1086 } 1087 1088 1089 #ifdef EAP_TNC 1090 static int eap_ttls_process_tnc_start(struct eap_sm *sm, 1091 struct eap_ttls_data *data, 1092 struct eap_method_ret *ret, 1093 struct ttls_parse_avp *parse, 1094 struct wpabuf **resp) 1095 { 1096 /* TNC uses inner EAP method after non-EAP TTLS phase 2. */ 1097 if (parse->eapdata == NULL) { 1098 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1099 "unexpected tunneled data (no EAP)"); 1100 return -1; 1101 } 1102 1103 if (!data->ready_for_tnc) { 1104 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received " 1105 "EAP after non-EAP, but not ready for TNC"); 1106 return -1; 1107 } 1108 1109 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed " 1110 "non-EAP method"); 1111 data->tnc_started = 1; 1112 1113 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0) 1114 return -1; 1115 1116 return 0; 1117 } 1118 #endif /* EAP_TNC */ 1119 1120 1121 static int eap_ttls_process_decrypted(struct eap_sm *sm, 1122 struct eap_ttls_data *data, 1123 struct eap_method_ret *ret, 1124 u8 identifier, 1125 struct ttls_parse_avp *parse, 1126 struct wpabuf *in_decrypted, 1127 struct wpabuf **out_data) 1128 { 1129 struct wpabuf *resp = NULL; 1130 struct eap_peer_config *config = eap_get_config(sm); 1131 int res; 1132 enum phase2_types phase2_type = data->phase2_type; 1133 1134 #ifdef EAP_TNC 1135 if (data->tnc_started) 1136 phase2_type = EAP_TTLS_PHASE2_EAP; 1137 #endif /* EAP_TNC */ 1138 1139 switch (phase2_type) { 1140 case EAP_TTLS_PHASE2_EAP: 1141 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, &resp) < 1142 0) 1143 return -1; 1144 break; 1145 case EAP_TTLS_PHASE2_MSCHAPV2: 1146 res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse); 1147 #ifdef EAP_TNC 1148 if (res == 1 && parse->eapdata && data->phase2_success) { 1149 /* 1150 * TNC may be required as the next 1151 * authentication method within the tunnel. 1152 */ 1153 ret->methodState = METHOD_MAY_CONT; 1154 data->ready_for_tnc = 1; 1155 if (eap_ttls_process_tnc_start(sm, data, ret, parse, 1156 &resp) == 0) 1157 break; 1158 } 1159 #endif /* EAP_TNC */ 1160 return res; 1161 case EAP_TTLS_PHASE2_MSCHAP: 1162 case EAP_TTLS_PHASE2_PAP: 1163 case EAP_TTLS_PHASE2_CHAP: 1164 #ifdef EAP_TNC 1165 if (eap_ttls_process_tnc_start(sm, data, ret, parse, &resp) < 1166 0) 1167 return -1; 1168 break; 1169 #else /* EAP_TNC */ 1170 /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled 1171 * requests to the supplicant */ 1172 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected " 1173 "tunneled data"); 1174 return -1; 1175 #endif /* EAP_TNC */ 1176 } 1177 1178 if (resp) { 1179 if (eap_ttls_encrypt_response(sm, data, resp, identifier, 1180 out_data) < 0) 1181 return -1; 1182 } else if (config->pending_req_identity || 1183 config->pending_req_password || 1184 config->pending_req_otp || 1185 config->pending_req_new_password) { 1186 wpabuf_free(data->pending_phase2_req); 1187 data->pending_phase2_req = wpabuf_dup(in_decrypted); 1188 } 1189 1190 return 0; 1191 } 1192 1193 1194 static int eap_ttls_implicit_identity_request(struct eap_sm *sm, 1195 struct eap_ttls_data *data, 1196 struct eap_method_ret *ret, 1197 u8 identifier, 1198 struct wpabuf **out_data) 1199 { 1200 int retval = 0; 1201 struct eap_hdr *hdr; 1202 struct wpabuf *resp; 1203 1204 hdr = (struct eap_hdr *) eap_ttls_fake_identity_request(); 1205 if (hdr == NULL) { 1206 ret->methodState = METHOD_DONE; 1207 ret->decision = DECISION_FAIL; 1208 return -1; 1209 } 1210 1211 resp = NULL; 1212 if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) { 1213 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request " 1214 "processing failed"); 1215 retval = -1; 1216 } else { 1217 struct eap_peer_config *config = eap_get_config(sm); 1218 if (resp == NULL && 1219 (config->pending_req_identity || 1220 config->pending_req_password || 1221 config->pending_req_otp || 1222 config->pending_req_new_password)) { 1223 /* 1224 * Use empty buffer to force implicit request 1225 * processing when EAP request is re-processed after 1226 * user input. 1227 */ 1228 wpabuf_free(data->pending_phase2_req); 1229 data->pending_phase2_req = wpabuf_alloc(0); 1230 } 1231 1232 retval = eap_ttls_encrypt_response(sm, data, resp, identifier, 1233 out_data); 1234 } 1235 1236 os_free(hdr); 1237 1238 if (retval < 0) { 1239 ret->methodState = METHOD_DONE; 1240 ret->decision = DECISION_FAIL; 1241 } 1242 1243 return retval; 1244 } 1245 1246 1247 static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data, 1248 struct eap_method_ret *ret, u8 identifier, 1249 struct wpabuf **out_data) 1250 { 1251 data->phase2_start = 0; 1252 1253 /* 1254 * EAP-TTLS does not use Phase2 on fast re-auth; this must be done only 1255 * if TLS part was indeed resuming a previous session. Most 1256 * Authentication Servers terminate EAP-TTLS before reaching this 1257 * point, but some do not. Make wpa_supplicant stop phase 2 here, if 1258 * needed. 1259 */ 1260 if (data->reauth && 1261 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) { 1262 wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - " 1263 "skip phase 2"); 1264 *out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS, 1265 data->ttls_version); 1266 ret->methodState = METHOD_DONE; 1267 ret->decision = DECISION_UNCOND_SUCC; 1268 data->phase2_success = 1; 1269 return 0; 1270 } 1271 1272 return eap_ttls_implicit_identity_request(sm, data, ret, identifier, 1273 out_data); 1274 } 1275 1276 1277 static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data, 1278 struct eap_method_ret *ret, u8 identifier, 1279 const struct wpabuf *in_data, 1280 struct wpabuf **out_data) 1281 { 1282 struct wpabuf *in_decrypted = NULL; 1283 int retval = 0; 1284 struct ttls_parse_avp parse; 1285 1286 os_memset(&parse, 0, sizeof(parse)); 1287 1288 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" 1289 " Phase 2", 1290 in_data ? (unsigned long) wpabuf_len(in_data) : 0); 1291 1292 if (data->pending_phase2_req) { 1293 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - " 1294 "skip decryption and use old data"); 1295 /* Clear TLS reassembly state. */ 1296 eap_peer_tls_reset_input(&data->ssl); 1297 1298 in_decrypted = data->pending_phase2_req; 1299 data->pending_phase2_req = NULL; 1300 if (wpabuf_len(in_decrypted) == 0) { 1301 wpabuf_free(in_decrypted); 1302 return eap_ttls_implicit_identity_request( 1303 sm, data, ret, identifier, out_data); 1304 } 1305 goto continue_req; 1306 } 1307 1308 if ((in_data == NULL || wpabuf_len(in_data) == 0) && 1309 data->phase2_start) { 1310 return eap_ttls_phase2_start(sm, data, ret, identifier, 1311 out_data); 1312 } 1313 1314 if (in_data == NULL || wpabuf_len(in_data) == 0) { 1315 /* Received TLS ACK - requesting more fragments */ 1316 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, 1317 data->ttls_version, 1318 identifier, NULL, out_data); 1319 } 1320 1321 retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); 1322 if (retval) 1323 goto done; 1324 1325 continue_req: 1326 data->phase2_start = 0; 1327 1328 if (eap_ttls_parse_avps(in_decrypted, &parse) < 0) { 1329 retval = -1; 1330 goto done; 1331 } 1332 1333 retval = eap_ttls_process_decrypted(sm, data, ret, identifier, 1334 &parse, in_decrypted, out_data); 1335 1336 done: 1337 wpabuf_free(in_decrypted); 1338 os_free(parse.eapdata); 1339 1340 if (retval < 0) { 1341 ret->methodState = METHOD_DONE; 1342 ret->decision = DECISION_FAIL; 1343 } 1344 1345 return retval; 1346 } 1347 1348 1349 static int eap_ttls_process_handshake(struct eap_sm *sm, 1350 struct eap_ttls_data *data, 1351 struct eap_method_ret *ret, 1352 u8 identifier, 1353 const u8 *in_data, size_t in_len, 1354 struct wpabuf **out_data) 1355 { 1356 int res; 1357 1358 res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS, 1359 data->ttls_version, identifier, 1360 in_data, in_len, out_data); 1361 1362 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 1363 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to " 1364 "Phase 2"); 1365 if (data->resuming) { 1366 wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may " 1367 "skip Phase 2"); 1368 ret->decision = DECISION_COND_SUCC; 1369 ret->methodState = METHOD_MAY_CONT; 1370 } 1371 data->phase2_start = 1; 1372 eap_ttls_v0_derive_key(sm, data); 1373 1374 if (*out_data == NULL || wpabuf_len(*out_data) == 0) { 1375 if (eap_ttls_decrypt(sm, data, ret, identifier, 1376 NULL, out_data)) { 1377 wpa_printf(MSG_WARNING, "EAP-TTLS: " 1378 "failed to process early " 1379 "start for Phase 2"); 1380 } 1381 res = 0; 1382 } 1383 data->resuming = 0; 1384 } 1385 1386 if (res == 2) { 1387 struct wpabuf msg; 1388 /* 1389 * Application data included in the handshake message. 1390 */ 1391 wpabuf_free(data->pending_phase2_req); 1392 data->pending_phase2_req = *out_data; 1393 *out_data = NULL; 1394 wpabuf_set(&msg, in_data, in_len); 1395 res = eap_ttls_decrypt(sm, data, ret, identifier, &msg, 1396 out_data); 1397 } 1398 1399 return res; 1400 } 1401 1402 1403 static void eap_ttls_check_auth_status(struct eap_sm *sm, 1404 struct eap_ttls_data *data, 1405 struct eap_method_ret *ret) 1406 { 1407 if (ret->methodState == METHOD_DONE) { 1408 ret->allowNotifications = FALSE; 1409 if (ret->decision == DECISION_UNCOND_SUCC || 1410 ret->decision == DECISION_COND_SUCC) { 1411 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1412 "completed successfully"); 1413 data->phase2_success = 1; 1414 #ifdef EAP_TNC 1415 if (!data->ready_for_tnc && !data->tnc_started) { 1416 /* 1417 * TNC may be required as the next 1418 * authentication method within the tunnel. 1419 */ 1420 ret->methodState = METHOD_MAY_CONT; 1421 data->ready_for_tnc = 1; 1422 } 1423 #endif /* EAP_TNC */ 1424 } 1425 } else if (ret->methodState == METHOD_MAY_CONT && 1426 (ret->decision == DECISION_UNCOND_SUCC || 1427 ret->decision == DECISION_COND_SUCC)) { 1428 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication " 1429 "completed successfully (MAY_CONT)"); 1430 data->phase2_success = 1; 1431 } 1432 } 1433 1434 1435 static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv, 1436 struct eap_method_ret *ret, 1437 const struct wpabuf *reqData) 1438 { 1439 size_t left; 1440 int res; 1441 u8 flags, id; 1442 struct wpabuf *resp; 1443 const u8 *pos; 1444 struct eap_ttls_data *data = priv; 1445 1446 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret, 1447 reqData, &left, &flags); 1448 if (pos == NULL) 1449 return NULL; 1450 id = eap_get_id(reqData); 1451 1452 if (flags & EAP_TLS_FLAGS_START) { 1453 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own " 1454 "ver=%d)", flags & EAP_TLS_VERSION_MASK, 1455 data->ttls_version); 1456 1457 /* RFC 5281, Ch. 9.2: 1458 * "This packet MAY contain additional information in the form 1459 * of AVPs, which may provide useful hints to the client" 1460 * For now, ignore any potential extra data. 1461 */ 1462 left = 0; 1463 } 1464 1465 resp = NULL; 1466 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1467 !data->resuming) { 1468 struct wpabuf msg; 1469 wpabuf_set(&msg, pos, left); 1470 res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp); 1471 } else { 1472 res = eap_ttls_process_handshake(sm, data, ret, id, 1473 pos, left, &resp); 1474 } 1475 1476 eap_ttls_check_auth_status(sm, data, ret); 1477 1478 /* FIX: what about res == -1? Could just move all error processing into 1479 * the other functions and get rid of this res==1 case here. */ 1480 if (res == 1) { 1481 wpabuf_free(resp); 1482 return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS, 1483 data->ttls_version); 1484 } 1485 return resp; 1486 } 1487 1488 1489 static Boolean eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv) 1490 { 1491 struct eap_ttls_data *data = priv; 1492 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1493 data->phase2_success; 1494 } 1495 1496 1497 static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv) 1498 { 1499 struct eap_ttls_data *data = priv; 1500 wpabuf_free(data->pending_phase2_req); 1501 data->pending_phase2_req = NULL; 1502 #ifdef EAP_TNC 1503 data->ready_for_tnc = 0; 1504 data->tnc_started = 0; 1505 #endif /* EAP_TNC */ 1506 } 1507 1508 1509 static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv) 1510 { 1511 struct eap_ttls_data *data = priv; 1512 os_free(data->key_data); 1513 data->key_data = NULL; 1514 if (eap_peer_tls_reauth_init(sm, &data->ssl)) { 1515 os_free(data); 1516 return NULL; 1517 } 1518 if (data->phase2_priv && data->phase2_method && 1519 data->phase2_method->init_for_reauth) 1520 data->phase2_method->init_for_reauth(sm, data->phase2_priv); 1521 data->phase2_start = 0; 1522 data->phase2_success = 0; 1523 data->resuming = 1; 1524 data->reauth = 1; 1525 return priv; 1526 } 1527 1528 1529 static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf, 1530 size_t buflen, int verbose) 1531 { 1532 struct eap_ttls_data *data = priv; 1533 int len, ret; 1534 1535 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose); 1536 ret = os_snprintf(buf + len, buflen - len, 1537 "EAP-TTLSv%d Phase2 method=", 1538 data->ttls_version); 1539 if (ret < 0 || (size_t) ret >= buflen - len) 1540 return len; 1541 len += ret; 1542 switch (data->phase2_type) { 1543 case EAP_TTLS_PHASE2_EAP: 1544 ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n", 1545 data->phase2_method ? 1546 data->phase2_method->name : "?"); 1547 break; 1548 case EAP_TTLS_PHASE2_MSCHAPV2: 1549 ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n"); 1550 break; 1551 case EAP_TTLS_PHASE2_MSCHAP: 1552 ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n"); 1553 break; 1554 case EAP_TTLS_PHASE2_PAP: 1555 ret = os_snprintf(buf + len, buflen - len, "PAP\n"); 1556 break; 1557 case EAP_TTLS_PHASE2_CHAP: 1558 ret = os_snprintf(buf + len, buflen - len, "CHAP\n"); 1559 break; 1560 default: 1561 ret = 0; 1562 break; 1563 } 1564 if (ret < 0 || (size_t) ret >= buflen - len) 1565 return len; 1566 len += ret; 1567 1568 return len; 1569 } 1570 1571 1572 static Boolean eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv) 1573 { 1574 struct eap_ttls_data *data = priv; 1575 return data->key_data != NULL && data->phase2_success; 1576 } 1577 1578 1579 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) 1580 { 1581 struct eap_ttls_data *data = priv; 1582 u8 *key; 1583 1584 if (data->key_data == NULL || !data->phase2_success) 1585 return NULL; 1586 1587 key = os_malloc(EAP_TLS_KEY_LEN); 1588 if (key == NULL) 1589 return NULL; 1590 1591 *len = EAP_TLS_KEY_LEN; 1592 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN); 1593 1594 return key; 1595 } 1596 1597 1598 int eap_peer_ttls_register(void) 1599 { 1600 struct eap_method *eap; 1601 int ret; 1602 1603 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, 1604 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); 1605 if (eap == NULL) 1606 return -1; 1607 1608 eap->init = eap_ttls_init; 1609 eap->deinit = eap_ttls_deinit; 1610 eap->process = eap_ttls_process; 1611 eap->isKeyAvailable = eap_ttls_isKeyAvailable; 1612 eap->getKey = eap_ttls_getKey; 1613 eap->get_status = eap_ttls_get_status; 1614 eap->has_reauth_data = eap_ttls_has_reauth_data; 1615 eap->deinit_for_reauth = eap_ttls_deinit_for_reauth; 1616 eap->init_for_reauth = eap_ttls_init_for_reauth; 1617 1618 ret = eap_peer_method_register(eap); 1619 if (ret) 1620 eap_peer_method_free(eap); 1621 return ret; 1622 } 1623
