1 /* 2 * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt) 3 * Copyright (c) 2004-2008, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "sha1.h" 19 #include "eap_i.h" 20 #include "eap_tls_common.h" 21 #include "eap_common/eap_tlv_common.h" 22 #include "eap_common/eap_peap_common.h" 23 #include "tls.h" 24 #include "tncs.h" 25 26 27 /* Maximum supported PEAP version 28 * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt 29 * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt 30 * 2 = draft-josefsson-ppext-eap-tls-eap-10.txt 31 */ 32 #define EAP_PEAP_VERSION 1 33 34 35 static void eap_peap_reset(struct eap_sm *sm, void *priv); 36 37 38 struct eap_peap_data { 39 struct eap_ssl_data ssl; 40 enum { 41 START, PHASE1, PHASE1_ID2, PHASE2_START, PHASE2_ID, 42 PHASE2_METHOD, PHASE2_SOH, 43 PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE 44 } state; 45 46 int peap_version; 47 int recv_version; 48 const struct eap_method *phase2_method; 49 void *phase2_priv; 50 int force_version; 51 struct wpabuf *pending_phase2_resp; 52 enum { TLV_REQ_NONE, TLV_REQ_SUCCESS, TLV_REQ_FAILURE } tlv_request; 53 int crypto_binding_sent; 54 int crypto_binding_used; 55 enum { NO_BINDING, OPTIONAL_BINDING, REQUIRE_BINDING } crypto_binding; 56 u8 binding_nonce[32]; 57 u8 ipmk[40]; 58 u8 cmk[20]; 59 u8 *phase2_key; 60 size_t phase2_key_len; 61 struct wpabuf *soh_response; 62 }; 63 64 65 static const char * eap_peap_state_txt(int state) 66 { 67 switch (state) { 68 case START: 69 return "START"; 70 case PHASE1: 71 return "PHASE1"; 72 case PHASE1_ID2: 73 return "PHASE1_ID2"; 74 case PHASE2_START: 75 return "PHASE2_START"; 76 case PHASE2_ID: 77 return "PHASE2_ID"; 78 case PHASE2_METHOD: 79 return "PHASE2_METHOD"; 80 case PHASE2_SOH: 81 return "PHASE2_SOH"; 82 case PHASE2_TLV: 83 return "PHASE2_TLV"; 84 case SUCCESS_REQ: 85 return "SUCCESS_REQ"; 86 case FAILURE_REQ: 87 return "FAILURE_REQ"; 88 case SUCCESS: 89 return "SUCCESS"; 90 case FAILURE: 91 return "FAILURE"; 92 default: 93 return "Unknown?!"; 94 } 95 } 96 97 98 static void eap_peap_state(struct eap_peap_data *data, int state) 99 { 100 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s -> %s", 101 eap_peap_state_txt(data->state), 102 eap_peap_state_txt(state)); 103 data->state = state; 104 } 105 106 107 static struct wpabuf * eap_peapv2_tlv_eap_payload(struct wpabuf *buf) 108 { 109 struct wpabuf *e; 110 struct eap_tlv_hdr *tlv; 111 112 if (buf == NULL) 113 return NULL; 114 115 /* Encapsulate EAP packet in EAP-Payload TLV */ 116 wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Add EAP-Payload TLV"); 117 e = wpabuf_alloc(sizeof(*tlv) + wpabuf_len(buf)); 118 if (e == NULL) { 119 wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Failed to allocate memory " 120 "for TLV encapsulation"); 121 wpabuf_free(buf); 122 return NULL; 123 } 124 tlv = wpabuf_put(e, sizeof(*tlv)); 125 tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | 126 EAP_TLV_EAP_PAYLOAD_TLV); 127 tlv->length = host_to_be16(wpabuf_len(buf)); 128 wpabuf_put_buf(e, buf); 129 wpabuf_free(buf); 130 return e; 131 } 132 133 134 static void eap_peap_req_success(struct eap_sm *sm, 135 struct eap_peap_data *data) 136 { 137 if (data->state == FAILURE || data->state == FAILURE_REQ) { 138 eap_peap_state(data, FAILURE); 139 return; 140 } 141 142 if (data->peap_version == 0) { 143 data->tlv_request = TLV_REQ_SUCCESS; 144 eap_peap_state(data, PHASE2_TLV); 145 } else { 146 eap_peap_state(data, SUCCESS_REQ); 147 } 148 } 149 150 151 static void eap_peap_req_failure(struct eap_sm *sm, 152 struct eap_peap_data *data) 153 { 154 if (data->state == FAILURE || data->state == FAILURE_REQ || 155 data->state == SUCCESS_REQ || data->tlv_request != TLV_REQ_NONE) { 156 eap_peap_state(data, FAILURE); 157 return; 158 } 159 160 if (data->peap_version == 0) { 161 data->tlv_request = TLV_REQ_FAILURE; 162 eap_peap_state(data, PHASE2_TLV); 163 } else { 164 eap_peap_state(data, FAILURE_REQ); 165 } 166 } 167 168 169 static void * eap_peap_init(struct eap_sm *sm) 170 { 171 struct eap_peap_data *data; 172 173 data = os_zalloc(sizeof(*data)); 174 if (data == NULL) 175 return NULL; 176 data->peap_version = EAP_PEAP_VERSION; 177 data->force_version = -1; 178 if (sm->user && sm->user->force_version >= 0) { 179 data->force_version = sm->user->force_version; 180 wpa_printf(MSG_DEBUG, "EAP-PEAP: forcing version %d", 181 data->force_version); 182 data->peap_version = data->force_version; 183 } 184 data->state = START; 185 data->crypto_binding = OPTIONAL_BINDING; 186 187 if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) { 188 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL."); 189 eap_peap_reset(sm, data); 190 return NULL; 191 } 192 193 return data; 194 } 195 196 197 static void eap_peap_reset(struct eap_sm *sm, void *priv) 198 { 199 struct eap_peap_data *data = priv; 200 if (data == NULL) 201 return; 202 if (data->phase2_priv && data->phase2_method) 203 data->phase2_method->reset(sm, data->phase2_priv); 204 eap_server_tls_ssl_deinit(sm, &data->ssl); 205 wpabuf_free(data->pending_phase2_resp); 206 os_free(data->phase2_key); 207 wpabuf_free(data->soh_response); 208 os_free(data); 209 } 210 211 212 static struct wpabuf * eap_peap_build_start(struct eap_sm *sm, 213 struct eap_peap_data *data, u8 id) 214 { 215 struct wpabuf *req; 216 217 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PEAP, 1, 218 EAP_CODE_REQUEST, id); 219 if (req == NULL) { 220 wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to allocate memory for" 221 " request"); 222 eap_peap_state(data, FAILURE); 223 return NULL; 224 } 225 226 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->peap_version); 227 228 eap_peap_state(data, PHASE1); 229 230 return req; 231 } 232 233 234 static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm, 235 struct eap_peap_data *data, 236 u8 id) 237 { 238 struct wpabuf *buf, *encr_req; 239 const u8 *req; 240 size_t req_len; 241 242 if (data->phase2_method == NULL || data->phase2_priv == NULL) { 243 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 method not ready"); 244 return NULL; 245 } 246 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); 247 if (data->peap_version >= 2 && buf) 248 buf = eap_peapv2_tlv_eap_payload(buf); 249 if (buf == NULL) 250 return NULL; 251 252 req = wpabuf_head(buf); 253 req_len = wpabuf_len(buf); 254 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", 255 req, req_len); 256 257 if (data->peap_version == 0 && 258 data->phase2_method->method != EAP_TYPE_TLV) { 259 req += sizeof(struct eap_hdr); 260 req_len -= sizeof(struct eap_hdr); 261 } 262 263 encr_req = eap_server_tls_encrypt(sm, &data->ssl, req, req_len); 264 wpabuf_free(buf); 265 266 return encr_req; 267 } 268 269 270 #ifdef EAP_TNC 271 static struct wpabuf * eap_peap_build_phase2_soh(struct eap_sm *sm, 272 struct eap_peap_data *data, 273 u8 id) 274 { 275 struct wpabuf *buf1, *buf, *encr_req; 276 const u8 *req; 277 size_t req_len; 278 279 buf1 = tncs_build_soh_request(); 280 if (buf1 == NULL) 281 return NULL; 282 283 buf = eap_msg_alloc(EAP_VENDOR_MICROSOFT, 0x21, wpabuf_len(buf1), 284 EAP_CODE_REQUEST, id); 285 if (buf == NULL) { 286 wpabuf_free(buf1); 287 return NULL; 288 } 289 wpabuf_put_buf(buf, buf1); 290 wpabuf_free(buf1); 291 292 req = wpabuf_head(buf); 293 req_len = wpabuf_len(buf); 294 295 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 SOH data", 296 req, req_len); 297 298 req += sizeof(struct eap_hdr); 299 req_len -= sizeof(struct eap_hdr); 300 301 encr_req = eap_server_tls_encrypt(sm, &data->ssl, req, req_len); 302 wpabuf_free(buf); 303 304 return encr_req; 305 } 306 #endif /* EAP_TNC */ 307 308 309 static void eap_peap_get_isk(struct eap_peap_data *data, 310 u8 *isk, size_t isk_len) 311 { 312 size_t key_len; 313 314 os_memset(isk, 0, isk_len); 315 if (data->phase2_key == NULL) 316 return; 317 318 key_len = data->phase2_key_len; 319 if (key_len > isk_len) 320 key_len = isk_len; 321 os_memcpy(isk, data->phase2_key, key_len); 322 } 323 324 325 static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data) 326 { 327 u8 *tk; 328 u8 isk[32], imck[60]; 329 330 /* 331 * Tunnel key (TK) is the first 60 octets of the key generated by 332 * phase 1 of PEAP (based on TLS). 333 */ 334 tk = eap_server_tls_derive_key(sm, &data->ssl, "client EAP encryption", 335 EAP_TLS_KEY_LEN); 336 if (tk == NULL) 337 return -1; 338 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60); 339 340 eap_peap_get_isk(data, isk, sizeof(isk)); 341 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk)); 342 343 /* 344 * IPMK Seed = "Inner Methods Compound Keys" | ISK 345 * TempKey = First 40 octets of TK 346 * IPMK|CMK = PRF+(TempKey, IPMK Seed, 60) 347 * (note: draft-josefsson-pppext-eap-tls-eap-10.txt includes a space 348 * in the end of the label just before ISK; is that just a typo?) 349 */ 350 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40); 351 peap_prfplus(data->peap_version, tk, 40, "Inner Methods Compound Keys", 352 isk, sizeof(isk), imck, sizeof(imck)); 353 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)", 354 imck, sizeof(imck)); 355 356 os_free(tk); 357 358 /* TODO: fast-connect: IPMK|CMK = TK */ 359 os_memcpy(data->ipmk, imck, 40); 360 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40); 361 os_memcpy(data->cmk, imck + 40, 20); 362 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20); 363 364 return 0; 365 } 366 367 368 static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm, 369 struct eap_peap_data *data, 370 u8 id) 371 { 372 struct wpabuf *buf, *encr_req; 373 size_t len; 374 375 len = 6; /* Result TLV */ 376 if (data->crypto_binding != NO_BINDING) 377 len += 60; /* Cryptobinding TLV */ 378 #ifdef EAP_TNC 379 if (data->soh_response) 380 len += wpabuf_len(data->soh_response); 381 #endif /* EAP_TNC */ 382 383 buf = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, len, 384 EAP_CODE_REQUEST, id); 385 if (buf == NULL) 386 return NULL; 387 388 wpabuf_put_u8(buf, 0x80); /* Mandatory */ 389 wpabuf_put_u8(buf, EAP_TLV_RESULT_TLV); 390 /* Length */ 391 wpabuf_put_be16(buf, 2); 392 /* Status */ 393 wpabuf_put_be16(buf, data->tlv_request == TLV_REQ_SUCCESS ? 394 EAP_TLV_RESULT_SUCCESS : EAP_TLV_RESULT_FAILURE); 395 396 if (data->peap_version == 0 && data->tlv_request == TLV_REQ_SUCCESS && 397 data->crypto_binding != NO_BINDING) { 398 u8 *mac; 399 u8 eap_type = EAP_TYPE_PEAP; 400 const u8 *addr[2]; 401 size_t len[2]; 402 u16 tlv_type; 403 404 #ifdef EAP_TNC 405 if (data->soh_response) { 406 wpa_printf(MSG_DEBUG, "EAP-PEAP: Adding MS-SOH " 407 "Response TLV"); 408 wpabuf_put_buf(buf, data->soh_response); 409 wpabuf_free(data->soh_response); 410 data->soh_response = NULL; 411 } 412 #endif /* EAP_TNC */ 413 414 if (eap_peap_derive_cmk(sm, data) < 0 || 415 os_get_random(data->binding_nonce, 32)) { 416 wpabuf_free(buf); 417 return NULL; 418 } 419 420 /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */ 421 addr[0] = wpabuf_put(buf, 0); 422 len[0] = 60; 423 addr[1] = &eap_type; 424 len[1] = 1; 425 426 tlv_type = EAP_TLV_CRYPTO_BINDING_TLV; 427 if (data->peap_version >= 2) 428 tlv_type |= EAP_TLV_TYPE_MANDATORY; 429 wpabuf_put_be16(buf, tlv_type); 430 wpabuf_put_be16(buf, 56); 431 432 wpabuf_put_u8(buf, 0); /* Reserved */ 433 wpabuf_put_u8(buf, data->peap_version); /* Version */ 434 wpabuf_put_u8(buf, data->recv_version); /* RecvVersion */ 435 wpabuf_put_u8(buf, 0); /* SubType: 0 = Request, 1 = Response */ 436 wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */ 437 mac = wpabuf_put(buf, 20); /* Compound_MAC */ 438 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", 439 data->cmk, 20); 440 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1", 441 addr[0], len[0]); 442 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2", 443 addr[1], len[1]); 444 hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac); 445 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", 446 mac, SHA1_MAC_LEN); 447 data->crypto_binding_sent = 1; 448 } 449 450 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 TLV data", 451 buf); 452 453 encr_req = eap_server_tls_encrypt(sm, &data->ssl, wpabuf_head(buf), 454 wpabuf_len(buf)); 455 wpabuf_free(buf); 456 457 return encr_req; 458 } 459 460 461 static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm, 462 struct eap_peap_data *data, 463 u8 id, int success) 464 { 465 struct wpabuf *encr_req; 466 size_t req_len; 467 struct eap_hdr *hdr; 468 469 req_len = sizeof(*hdr); 470 hdr = os_zalloc(req_len); 471 if (hdr == NULL) 472 return NULL; 473 474 hdr->code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE; 475 hdr->identifier = id; 476 hdr->length = host_to_be16(req_len); 477 478 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", 479 (u8 *) hdr, req_len); 480 481 encr_req = eap_server_tls_encrypt(sm, &data->ssl, (u8 *) hdr, req_len); 482 os_free(hdr); 483 484 return encr_req; 485 } 486 487 488 static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id) 489 { 490 struct eap_peap_data *data = priv; 491 492 if (data->ssl.state == FRAG_ACK) { 493 return eap_server_tls_build_ack(id, EAP_TYPE_PEAP, 494 data->peap_version); 495 } 496 497 if (data->ssl.state == WAIT_FRAG_ACK) { 498 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, 499 data->peap_version, id); 500 } 501 502 switch (data->state) { 503 case START: 504 return eap_peap_build_start(sm, data, id); 505 case PHASE1: 506 case PHASE1_ID2: 507 if (data->peap_version < 2 && 508 tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 509 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, " 510 "starting Phase2"); 511 eap_peap_state(data, PHASE2_START); 512 } 513 break; 514 case PHASE2_ID: 515 case PHASE2_METHOD: 516 wpabuf_free(data->ssl.out_buf); 517 data->ssl.out_used = 0; 518 data->ssl.out_buf = eap_peap_build_phase2_req(sm, data, id); 519 break; 520 #ifdef EAP_TNC 521 case PHASE2_SOH: 522 wpabuf_free(data->ssl.out_buf); 523 data->ssl.out_used = 0; 524 data->ssl.out_buf = eap_peap_build_phase2_soh(sm, data, id); 525 break; 526 #endif /* EAP_TNC */ 527 case PHASE2_TLV: 528 wpabuf_free(data->ssl.out_buf); 529 data->ssl.out_used = 0; 530 data->ssl.out_buf = eap_peap_build_phase2_tlv(sm, data, id); 531 break; 532 case SUCCESS_REQ: 533 wpabuf_free(data->ssl.out_buf); 534 data->ssl.out_used = 0; 535 data->ssl.out_buf = eap_peap_build_phase2_term(sm, data, id, 536 1); 537 break; 538 case FAILURE_REQ: 539 wpabuf_free(data->ssl.out_buf); 540 data->ssl.out_used = 0; 541 data->ssl.out_buf = eap_peap_build_phase2_term(sm, data, id, 542 0); 543 break; 544 default: 545 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", 546 __func__, data->state); 547 return NULL; 548 } 549 550 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_PEAP, 551 data->peap_version, id); 552 } 553 554 555 static Boolean eap_peap_check(struct eap_sm *sm, void *priv, 556 struct wpabuf *respData) 557 { 558 const u8 *pos; 559 size_t len; 560 561 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PEAP, respData, &len); 562 if (pos == NULL || len < 1) { 563 wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame"); 564 return TRUE; 565 } 566 567 return FALSE; 568 } 569 570 571 static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data, 572 EapType eap_type) 573 { 574 if (data->phase2_priv && data->phase2_method) { 575 data->phase2_method->reset(sm, data->phase2_priv); 576 data->phase2_method = NULL; 577 data->phase2_priv = NULL; 578 } 579 data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF, 580 eap_type); 581 if (!data->phase2_method) 582 return -1; 583 584 sm->init_phase2 = 1; 585 data->phase2_priv = data->phase2_method->init(sm); 586 sm->init_phase2 = 0; 587 return 0; 588 } 589 590 591 static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, 592 struct eap_peap_data *data, 593 const u8 *crypto_tlv, 594 size_t crypto_tlv_len) 595 { 596 u8 buf[61], mac[SHA1_MAC_LEN]; 597 const u8 *pos; 598 599 if (crypto_tlv_len != 4 + 56) { 600 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid cryptobinding TLV " 601 "length %d", (int) crypto_tlv_len); 602 return -1; 603 } 604 605 pos = crypto_tlv; 606 pos += 4; /* TLV header */ 607 if (pos[1] != data->peap_version) { 608 wpa_printf(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV Version " 609 "mismatch (was %d; expected %d)", 610 pos[1], data->peap_version); 611 return -1; 612 } 613 614 if (pos[3] != 1) { 615 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected Cryptobinding TLV " 616 "SubType %d", pos[3]); 617 return -1; 618 } 619 pos += 4; 620 pos += 32; /* Nonce */ 621 622 /* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */ 623 os_memcpy(buf, crypto_tlv, 60); 624 os_memset(buf + 4 + 4 + 32, 0, 20); /* Compound_MAC */ 625 buf[60] = EAP_TYPE_PEAP; 626 hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac); 627 628 if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) { 629 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in " 630 "cryptobinding TLV"); 631 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK", data->cmk, 20); 632 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding seed data", 633 buf, 61); 634 return -1; 635 } 636 637 wpa_printf(MSG_DEBUG, "EAP-PEAP: Valid cryptobinding TLV received"); 638 639 return 0; 640 } 641 642 643 static void eap_peap_process_phase2_tlv(struct eap_sm *sm, 644 struct eap_peap_data *data, 645 struct wpabuf *in_data) 646 { 647 const u8 *pos; 648 size_t left; 649 const u8 *result_tlv = NULL, *crypto_tlv = NULL; 650 size_t result_tlv_len = 0, crypto_tlv_len = 0; 651 int tlv_type, mandatory, tlv_len; 652 653 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TLV, in_data, &left); 654 if (pos == NULL) { 655 wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid EAP-TLV header"); 656 return; 657 } 658 659 /* Parse TLVs */ 660 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs", pos, left); 661 while (left >= 4) { 662 mandatory = !!(pos[0] & 0x80); 663 tlv_type = pos[0] & 0x3f; 664 tlv_type = (tlv_type << 8) | pos[1]; 665 tlv_len = ((int) pos[2] << 8) | pos[3]; 666 pos += 4; 667 left -= 4; 668 if ((size_t) tlv_len > left) { 669 wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun " 670 "(tlv_len=%d left=%lu)", tlv_len, 671 (unsigned long) left); 672 eap_peap_state(data, FAILURE); 673 return; 674 } 675 switch (tlv_type) { 676 case EAP_TLV_RESULT_TLV: 677 result_tlv = pos; 678 result_tlv_len = tlv_len; 679 break; 680 case EAP_TLV_CRYPTO_BINDING_TLV: 681 crypto_tlv = pos; 682 crypto_tlv_len = tlv_len; 683 break; 684 default: 685 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type " 686 "%d%s", tlv_type, 687 mandatory ? " (mandatory)" : ""); 688 if (mandatory) { 689 eap_peap_state(data, FAILURE); 690 return; 691 } 692 /* Ignore this TLV, but process other TLVs */ 693 break; 694 } 695 696 pos += tlv_len; 697 left -= tlv_len; 698 } 699 if (left) { 700 wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in " 701 "Request (left=%lu)", (unsigned long) left); 702 eap_peap_state(data, FAILURE); 703 return; 704 } 705 706 /* Process supported TLVs */ 707 if (crypto_tlv && data->crypto_binding_sent) { 708 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Cryptobinding TLV", 709 crypto_tlv, crypto_tlv_len); 710 if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4, 711 crypto_tlv_len + 4) < 0) { 712 eap_peap_state(data, FAILURE); 713 return; 714 } 715 data->crypto_binding_used = 1; 716 } else if (!crypto_tlv && data->crypto_binding_sent && 717 data->crypto_binding == REQUIRE_BINDING) { 718 wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV"); 719 eap_peap_state(data, FAILURE); 720 return; 721 } 722 723 if (result_tlv) { 724 int status; 725 const char *requested; 726 727 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Result TLV", 728 result_tlv, result_tlv_len); 729 if (result_tlv_len < 2) { 730 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Result TLV " 731 "(len=%lu)", 732 (unsigned long) result_tlv_len); 733 eap_peap_state(data, FAILURE); 734 return; 735 } 736 requested = data->tlv_request == TLV_REQ_SUCCESS ? "Success" : 737 "Failure"; 738 status = WPA_GET_BE16(result_tlv); 739 if (status == EAP_TLV_RESULT_SUCCESS) { 740 wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Success " 741 "- requested %s", requested); 742 if (data->tlv_request == TLV_REQ_SUCCESS) 743 eap_peap_state(data, SUCCESS); 744 else 745 eap_peap_state(data, FAILURE); 746 747 } else if (status == EAP_TLV_RESULT_FAILURE) { 748 wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Failure " 749 "- requested %s", requested); 750 eap_peap_state(data, FAILURE); 751 } else { 752 wpa_printf(MSG_INFO, "EAP-PEAP: Unknown TLV Result " 753 "Status %d", status); 754 eap_peap_state(data, FAILURE); 755 } 756 } 757 } 758 759 760 #ifdef EAP_TNC 761 static void eap_peap_process_phase2_soh(struct eap_sm *sm, 762 struct eap_peap_data *data, 763 struct wpabuf *in_data) 764 { 765 const u8 *pos, *vpos; 766 size_t left; 767 const u8 *soh_tlv = NULL; 768 size_t soh_tlv_len = 0; 769 int tlv_type, mandatory, tlv_len, vtlv_len; 770 u8 next_type; 771 u32 vendor_id; 772 773 pos = eap_hdr_validate(EAP_VENDOR_MICROSOFT, 0x21, in_data, &left); 774 if (pos == NULL) { 775 wpa_printf(MSG_DEBUG, "EAP-PEAP: Not a valid SoH EAP " 776 "Extensions Method header - skip TNC"); 777 goto auth_method; 778 } 779 780 /* Parse TLVs */ 781 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs (SoH)", pos, left); 782 while (left >= 4) { 783 mandatory = !!(pos[0] & 0x80); 784 tlv_type = pos[0] & 0x3f; 785 tlv_type = (tlv_type << 8) | pos[1]; 786 tlv_len = ((int) pos[2] << 8) | pos[3]; 787 pos += 4; 788 left -= 4; 789 if ((size_t) tlv_len > left) { 790 wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun " 791 "(tlv_len=%d left=%lu)", tlv_len, 792 (unsigned long) left); 793 eap_peap_state(data, FAILURE); 794 return; 795 } 796 switch (tlv_type) { 797 case EAP_TLV_VENDOR_SPECIFIC_TLV: 798 if (tlv_len < 4) { 799 wpa_printf(MSG_DEBUG, "EAP-PEAP: Too short " 800 "vendor specific TLV (len=%d)", 801 (int) tlv_len); 802 eap_peap_state(data, FAILURE); 803 return; 804 } 805 806 vendor_id = WPA_GET_BE32(pos); 807 if (vendor_id != EAP_VENDOR_MICROSOFT) { 808 if (mandatory) { 809 eap_peap_state(data, FAILURE); 810 return; 811 } 812 break; 813 } 814 815 vpos = pos + 4; 816 mandatory = !!(vpos[0] & 0x80); 817 tlv_type = vpos[0] & 0x3f; 818 tlv_type = (tlv_type << 8) | vpos[1]; 819 vtlv_len = ((int) vpos[2] << 8) | vpos[3]; 820 vpos += 4; 821 if (vpos + vtlv_len > pos + left) { 822 wpa_printf(MSG_DEBUG, "EAP-PEAP: Vendor TLV " 823 "underrun"); 824 eap_peap_state(data, FAILURE); 825 return; 826 } 827 828 if (tlv_type == 1) { 829 soh_tlv = vpos; 830 soh_tlv_len = vtlv_len; 831 break; 832 } 833 834 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported MS-TLV " 835 "Type %d%s", tlv_type, 836 mandatory ? " (mandatory)" : ""); 837 if (mandatory) { 838 eap_peap_state(data, FAILURE); 839 return; 840 } 841 /* Ignore this TLV, but process other TLVs */ 842 break; 843 default: 844 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type " 845 "%d%s", tlv_type, 846 mandatory ? " (mandatory)" : ""); 847 if (mandatory) { 848 eap_peap_state(data, FAILURE); 849 return; 850 } 851 /* Ignore this TLV, but process other TLVs */ 852 break; 853 } 854 855 pos += tlv_len; 856 left -= tlv_len; 857 } 858 if (left) { 859 wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in " 860 "Request (left=%lu)", (unsigned long) left); 861 eap_peap_state(data, FAILURE); 862 return; 863 } 864 865 /* Process supported TLVs */ 866 if (soh_tlv) { 867 int failure = 0; 868 wpabuf_free(data->soh_response); 869 data->soh_response = tncs_process_soh(soh_tlv, soh_tlv_len, 870 &failure); 871 if (failure) { 872 eap_peap_state(data, FAILURE); 873 return; 874 } 875 } else { 876 wpa_printf(MSG_DEBUG, "EAP-PEAP: No SoH TLV received"); 877 eap_peap_state(data, FAILURE); 878 return; 879 } 880 881 auth_method: 882 eap_peap_state(data, PHASE2_METHOD); 883 next_type = sm->user->methods[0].method; 884 sm->user_eap_method_index = 1; 885 wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type); 886 eap_peap_phase2_init(sm, data, next_type); 887 } 888 #endif /* EAP_TNC */ 889 890 891 static void eap_peap_process_phase2_response(struct eap_sm *sm, 892 struct eap_peap_data *data, 893 struct wpabuf *in_data) 894 { 895 u8 next_type = EAP_TYPE_NONE; 896 const struct eap_hdr *hdr; 897 const u8 *pos; 898 size_t left; 899 900 if (data->state == PHASE2_TLV) { 901 eap_peap_process_phase2_tlv(sm, data, in_data); 902 return; 903 } 904 905 #ifdef EAP_TNC 906 if (data->state == PHASE2_SOH) { 907 eap_peap_process_phase2_soh(sm, data, in_data); 908 return; 909 } 910 #endif /* EAP_TNC */ 911 912 if (data->phase2_priv == NULL) { 913 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - Phase2 not " 914 "initialized?!", __func__); 915 return; 916 } 917 918 hdr = wpabuf_head(in_data); 919 pos = (const u8 *) (hdr + 1); 920 921 if (wpabuf_len(in_data) > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { 922 left = wpabuf_len(in_data) - sizeof(*hdr); 923 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Phase2 type Nak'ed; " 924 "allowed types", pos + 1, left - 1); 925 eap_sm_process_nak(sm, pos + 1, left - 1); 926 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && 927 sm->user->methods[sm->user_eap_method_index].method != 928 EAP_TYPE_NONE) { 929 next_type = sm->user->methods[ 930 sm->user_eap_method_index++].method; 931 wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", 932 next_type); 933 } else { 934 eap_peap_req_failure(sm, data); 935 next_type = EAP_TYPE_NONE; 936 } 937 eap_peap_phase2_init(sm, data, next_type); 938 return; 939 } 940 941 if (data->phase2_method->check(sm, data->phase2_priv, in_data)) { 942 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 check() asked to " 943 "ignore the packet"); 944 return; 945 } 946 947 data->phase2_method->process(sm, data->phase2_priv, in_data); 948 949 if (sm->method_pending == METHOD_PENDING_WAIT) { 950 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method is in " 951 "pending wait state - save decrypted response"); 952 wpabuf_free(data->pending_phase2_resp); 953 data->pending_phase2_resp = wpabuf_dup(in_data); 954 } 955 956 if (!data->phase2_method->isDone(sm, data->phase2_priv)) 957 return; 958 959 if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) { 960 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method failed"); 961 eap_peap_req_failure(sm, data); 962 next_type = EAP_TYPE_NONE; 963 eap_peap_phase2_init(sm, data, next_type); 964 return; 965 } 966 967 os_free(data->phase2_key); 968 if (data->phase2_method->getKey) { 969 data->phase2_key = data->phase2_method->getKey( 970 sm, data->phase2_priv, &data->phase2_key_len); 971 if (data->phase2_key == NULL) { 972 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 getKey " 973 "failed"); 974 eap_peap_req_failure(sm, data); 975 eap_peap_phase2_init(sm, data, EAP_TYPE_NONE); 976 return; 977 } 978 } 979 980 switch (data->state) { 981 case PHASE1_ID2: 982 case PHASE2_ID: 983 case PHASE2_SOH: 984 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { 985 wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 " 986 "Identity not found in the user " 987 "database", 988 sm->identity, sm->identity_len); 989 eap_peap_req_failure(sm, data); 990 next_type = EAP_TYPE_NONE; 991 break; 992 } 993 994 #ifdef EAP_TNC 995 if (data->state != PHASE2_SOH && sm->tnc && 996 data->peap_version == 0) { 997 eap_peap_state(data, PHASE2_SOH); 998 wpa_printf(MSG_DEBUG, "EAP-PEAP: Try to initialize " 999 "TNC (NAP SOH)"); 1000 next_type = EAP_TYPE_NONE; 1001 break; 1002 } 1003 #endif /* EAP_TNC */ 1004 1005 eap_peap_state(data, PHASE2_METHOD); 1006 next_type = sm->user->methods[0].method; 1007 sm->user_eap_method_index = 1; 1008 wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type); 1009 break; 1010 case PHASE2_METHOD: 1011 eap_peap_req_success(sm, data); 1012 next_type = EAP_TYPE_NONE; 1013 break; 1014 case FAILURE: 1015 break; 1016 default: 1017 wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", 1018 __func__, data->state); 1019 break; 1020 } 1021 1022 eap_peap_phase2_init(sm, data, next_type); 1023 } 1024 1025 1026 static void eap_peap_process_phase2(struct eap_sm *sm, 1027 struct eap_peap_data *data, 1028 const struct wpabuf *respData, 1029 struct wpabuf *in_buf) 1030 { 1031 struct wpabuf *in_decrypted; 1032 int len_decrypted; 1033 const struct eap_hdr *hdr; 1034 size_t buf_len, len; 1035 u8 *in_data; 1036 size_t in_len; 1037 1038 in_data = wpabuf_mhead(in_buf); 1039 in_len = wpabuf_len(in_buf); 1040 1041 wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for" 1042 " Phase 2", (unsigned long) in_len); 1043 1044 if (data->pending_phase2_resp) { 1045 wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 response - " 1046 "skip decryption and use old data"); 1047 eap_peap_process_phase2_response(sm, data, 1048 data->pending_phase2_resp); 1049 wpabuf_free(data->pending_phase2_resp); 1050 data->pending_phase2_resp = NULL; 1051 return; 1052 } 1053 1054 buf_len = in_len; 1055 /* 1056 * Even though we try to disable TLS compression, it is possible that 1057 * this cannot be done with all TLS libraries. Add extra buffer space 1058 * to handle the possibility of the decrypted data being longer than 1059 * input data. 1060 */ 1061 buf_len += 500; 1062 buf_len *= 3; 1063 in_decrypted = wpabuf_alloc(buf_len); 1064 if (in_decrypted == NULL) { 1065 wpa_printf(MSG_WARNING, "EAP-PEAP: failed to allocate memory " 1066 "for decryption"); 1067 return; 1068 } 1069 1070 len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn, 1071 in_data, in_len, 1072 wpabuf_mhead(in_decrypted), 1073 buf_len); 1074 if (len_decrypted < 0) { 1075 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 " 1076 "data"); 1077 wpabuf_free(in_decrypted); 1078 eap_peap_state(data, FAILURE); 1079 return; 1080 } 1081 wpabuf_put(in_decrypted, len_decrypted); 1082 1083 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP", 1084 in_decrypted); 1085 1086 hdr = wpabuf_head(in_decrypted); 1087 1088 if (data->peap_version == 0 && data->state != PHASE2_TLV) { 1089 const struct eap_hdr *resp; 1090 struct eap_hdr *nhdr; 1091 struct wpabuf *nbuf = 1092 wpabuf_alloc(sizeof(struct eap_hdr) + 1093 wpabuf_len(in_decrypted)); 1094 if (nbuf == NULL) { 1095 wpabuf_free(in_decrypted); 1096 return; 1097 } 1098 1099 resp = wpabuf_head(respData); 1100 nhdr = wpabuf_put(nbuf, sizeof(*nhdr)); 1101 nhdr->code = resp->code; 1102 nhdr->identifier = resp->identifier; 1103 nhdr->length = host_to_be16(sizeof(struct eap_hdr) + 1104 wpabuf_len(in_decrypted)); 1105 wpabuf_put_buf(nbuf, in_decrypted); 1106 wpabuf_free(in_decrypted); 1107 1108 in_decrypted = nbuf; 1109 } else if (data->peap_version >= 2) { 1110 struct eap_tlv_hdr *tlv; 1111 struct wpabuf *nmsg; 1112 1113 if (wpabuf_len(in_decrypted) < sizeof(*tlv) + sizeof(*hdr)) { 1114 wpa_printf(MSG_INFO, "EAP-PEAPv2: Too short Phase 2 " 1115 "EAP TLV"); 1116 wpabuf_free(in_decrypted); 1117 return; 1118 } 1119 tlv = wpabuf_mhead(in_decrypted); 1120 if ((be_to_host16(tlv->tlv_type) & EAP_TLV_TYPE_MASK) != 1121 EAP_TLV_EAP_PAYLOAD_TLV) { 1122 wpa_printf(MSG_INFO, "EAP-PEAPv2: Not an EAP TLV"); 1123 wpabuf_free(in_decrypted); 1124 return; 1125 } 1126 if (sizeof(*tlv) + be_to_host16(tlv->length) > 1127 wpabuf_len(in_decrypted)) { 1128 wpa_printf(MSG_INFO, "EAP-PEAPv2: Invalid EAP TLV " 1129 "length"); 1130 wpabuf_free(in_decrypted); 1131 return; 1132 } 1133 hdr = (struct eap_hdr *) (tlv + 1); 1134 if (be_to_host16(hdr->length) > be_to_host16(tlv->length)) { 1135 wpa_printf(MSG_INFO, "EAP-PEAPv2: No room for full " 1136 "EAP packet in EAP TLV"); 1137 wpabuf_free(in_decrypted); 1138 return; 1139 } 1140 1141 nmsg = wpabuf_alloc(be_to_host16(hdr->length)); 1142 if (nmsg == NULL) { 1143 wpabuf_free(in_decrypted); 1144 return; 1145 } 1146 1147 wpabuf_put_data(nmsg, hdr, be_to_host16(hdr->length)); 1148 wpabuf_free(in_decrypted); 1149 in_decrypted = nmsg; 1150 } 1151 1152 hdr = wpabuf_head(in_decrypted); 1153 if (wpabuf_len(in_decrypted) < (int) sizeof(*hdr)) { 1154 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 " 1155 "EAP frame (len=%lu)", 1156 (unsigned long) wpabuf_len(in_decrypted)); 1157 wpabuf_free(in_decrypted); 1158 eap_peap_req_failure(sm, data); 1159 return; 1160 } 1161 len = be_to_host16(hdr->length); 1162 if (len > wpabuf_len(in_decrypted)) { 1163 wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in " 1164 "Phase 2 EAP frame (len=%lu hdr->length=%lu)", 1165 (unsigned long) wpabuf_len(in_decrypted), 1166 (unsigned long) len); 1167 wpabuf_free(in_decrypted); 1168 eap_peap_req_failure(sm, data); 1169 return; 1170 } 1171 wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d " 1172 "identifier=%d length=%lu", hdr->code, hdr->identifier, 1173 (unsigned long) len); 1174 switch (hdr->code) { 1175 case EAP_CODE_RESPONSE: 1176 eap_peap_process_phase2_response(sm, data, in_decrypted); 1177 break; 1178 case EAP_CODE_SUCCESS: 1179 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success"); 1180 if (data->state == SUCCESS_REQ) { 1181 eap_peap_state(data, SUCCESS); 1182 } 1183 break; 1184 case EAP_CODE_FAILURE: 1185 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure"); 1186 eap_peap_state(data, FAILURE); 1187 break; 1188 default: 1189 wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in " 1190 "Phase 2 EAP header", hdr->code); 1191 break; 1192 } 1193 1194 os_free(in_decrypted); 1195 } 1196 1197 1198 static int eap_peapv2_start_phase2(struct eap_sm *sm, 1199 struct eap_peap_data *data) 1200 { 1201 struct wpabuf *buf, *buf2; 1202 int res; 1203 1204 wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Phase1 done, include first Phase2 " 1205 "payload in the same message"); 1206 eap_peap_state(data, PHASE1_ID2); 1207 if (eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY)) 1208 return -1; 1209 1210 /* TODO: which Id to use here? */ 1211 buf = data->phase2_method->buildReq(sm, data->phase2_priv, 6); 1212 if (buf == NULL) 1213 return -1; 1214 1215 buf2 = eap_peapv2_tlv_eap_payload(buf); 1216 if (buf2 == NULL) 1217 return -1; 1218 1219 wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAPv2: Identity Request", buf2); 1220 1221 buf = wpabuf_alloc(data->ssl.tls_out_limit); 1222 if (buf == NULL) { 1223 wpabuf_free(buf2); 1224 return -1; 1225 } 1226 1227 res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn, 1228 wpabuf_head(buf2), wpabuf_len(buf2), 1229 wpabuf_put(buf, 0), 1230 data->ssl.tls_out_limit); 1231 wpabuf_free(buf2); 1232 1233 if (res < 0) { 1234 wpa_printf(MSG_INFO, "EAP-PEAPv2: Failed to encrypt Phase 2 " 1235 "data"); 1236 wpabuf_free(buf); 1237 return -1; 1238 } 1239 1240 wpabuf_put(buf, res); 1241 wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAPv2: Encrypted Identity Request", 1242 buf); 1243 1244 /* Append TLS data into the pending buffer after the Server Finished */ 1245 if (wpabuf_resize(&data->ssl.out_buf, wpabuf_len(buf)) < 0) { 1246 wpabuf_free(buf); 1247 return -1; 1248 } 1249 wpabuf_put_buf(data->ssl.out_buf, buf); 1250 wpabuf_free(buf); 1251 1252 return 0; 1253 } 1254 1255 1256 static int eap_peap_process_version(struct eap_sm *sm, void *priv, 1257 int peer_version) 1258 { 1259 struct eap_peap_data *data = priv; 1260 1261 data->recv_version = peer_version; 1262 if (data->force_version >= 0 && peer_version != data->force_version) { 1263 wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced" 1264 " version (forced=%d peer=%d) - reject", 1265 data->force_version, peer_version); 1266 return -1; 1267 } 1268 if (peer_version < data->peap_version) { 1269 wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; " 1270 "use version %d", 1271 peer_version, data->peap_version, peer_version); 1272 data->peap_version = peer_version; 1273 } 1274 1275 return 0; 1276 } 1277 1278 1279 static void eap_peap_process_msg(struct eap_sm *sm, void *priv, 1280 const struct wpabuf *respData) 1281 { 1282 struct eap_peap_data *data = priv; 1283 1284 switch (data->state) { 1285 case PHASE1: 1286 if (eap_server_tls_phase1(sm, &data->ssl) < 0) { 1287 eap_peap_state(data, FAILURE); 1288 break; 1289 } 1290 1291 if (data->peap_version >= 2 && 1292 tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { 1293 if (eap_peapv2_start_phase2(sm, data)) { 1294 eap_peap_state(data, FAILURE); 1295 break; 1296 } 1297 } 1298 break; 1299 case PHASE2_START: 1300 eap_peap_state(data, PHASE2_ID); 1301 eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); 1302 break; 1303 case PHASE1_ID2: 1304 case PHASE2_ID: 1305 case PHASE2_METHOD: 1306 case PHASE2_SOH: 1307 case PHASE2_TLV: 1308 eap_peap_process_phase2(sm, data, respData, data->ssl.in_buf); 1309 break; 1310 case SUCCESS_REQ: 1311 eap_peap_state(data, SUCCESS); 1312 break; 1313 case FAILURE_REQ: 1314 eap_peap_state(data, FAILURE); 1315 break; 1316 default: 1317 wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", 1318 data->state, __func__); 1319 break; 1320 } 1321 } 1322 1323 1324 static void eap_peap_process(struct eap_sm *sm, void *priv, 1325 struct wpabuf *respData) 1326 { 1327 struct eap_peap_data *data = priv; 1328 if (eap_server_tls_process(sm, &data->ssl, respData, data, 1329 EAP_TYPE_PEAP, eap_peap_process_version, 1330 eap_peap_process_msg) < 0) 1331 eap_peap_state(data, FAILURE); 1332 } 1333 1334 1335 static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv) 1336 { 1337 struct eap_peap_data *data = priv; 1338 return data->state == SUCCESS || data->state == FAILURE; 1339 } 1340 1341 1342 static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len) 1343 { 1344 struct eap_peap_data *data = priv; 1345 u8 *eapKeyData; 1346 1347 if (data->state != SUCCESS) 1348 return NULL; 1349 1350 if (data->crypto_binding_used) { 1351 u8 csk[128]; 1352 /* 1353 * Note: It looks like Microsoft implementation requires null 1354 * termination for this label while the one used for deriving 1355 * IPMK|CMK did not use null termination. 1356 */ 1357 peap_prfplus(data->peap_version, data->ipmk, 40, 1358 "Session Key Generating Function", 1359 (u8 *) "\00", 1, csk, sizeof(csk)); 1360 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); 1361 eapKeyData = os_malloc(EAP_TLS_KEY_LEN); 1362 if (eapKeyData) { 1363 os_memcpy(eapKeyData, csk, EAP_TLS_KEY_LEN); 1364 *len = EAP_TLS_KEY_LEN; 1365 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", 1366 eapKeyData, EAP_TLS_KEY_LEN); 1367 } else { 1368 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive " 1369 "key"); 1370 } 1371 1372 return eapKeyData; 1373 } 1374 1375 /* TODO: PEAPv1 - different label in some cases */ 1376 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, 1377 "client EAP encryption", 1378 EAP_TLS_KEY_LEN); 1379 if (eapKeyData) { 1380 *len = EAP_TLS_KEY_LEN; 1381 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", 1382 eapKeyData, EAP_TLS_KEY_LEN); 1383 } else { 1384 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive key"); 1385 } 1386 1387 return eapKeyData; 1388 } 1389 1390 1391 static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv) 1392 { 1393 struct eap_peap_data *data = priv; 1394 return data->state == SUCCESS; 1395 } 1396 1397 1398 int eap_server_peap_register(void) 1399 { 1400 struct eap_method *eap; 1401 int ret; 1402 1403 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1404 EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP"); 1405 if (eap == NULL) 1406 return -1; 1407 1408 eap->init = eap_peap_init; 1409 eap->reset = eap_peap_reset; 1410 eap->buildReq = eap_peap_buildReq; 1411 eap->check = eap_peap_check; 1412 eap->process = eap_peap_process; 1413 eap->isDone = eap_peap_isDone; 1414 eap->getKey = eap_peap_getKey; 1415 eap->isSuccess = eap_peap_isSuccess; 1416 1417 ret = eap_server_method_register(eap); 1418 if (ret) 1419 eap_server_method_free(eap); 1420 return ret; 1421 } 1422