Home | History | Annotate | Download | only in eap_peer
      1 /*
      2  * EAP peer method: EAP-SAKE (RFC 4763)
      3  * Copyright (c) 2006-2008, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "crypto/random.h"
     13 #include "eap_peer/eap_i.h"
     14 #include "eap_common/eap_sake_common.h"
     15 
     16 struct eap_sake_data {
     17 	enum { IDENTITY, CHALLENGE, CONFIRM, SUCCESS, FAILURE } state;
     18 	u8 root_secret_a[EAP_SAKE_ROOT_SECRET_LEN];
     19 	u8 root_secret_b[EAP_SAKE_ROOT_SECRET_LEN];
     20 	u8 rand_s[EAP_SAKE_RAND_LEN];
     21 	u8 rand_p[EAP_SAKE_RAND_LEN];
     22 	struct {
     23 		u8 auth[EAP_SAKE_TEK_AUTH_LEN];
     24 		u8 cipher[EAP_SAKE_TEK_CIPHER_LEN];
     25 	} tek;
     26 	u8 msk[EAP_MSK_LEN];
     27 	u8 emsk[EAP_EMSK_LEN];
     28 	u8 session_id;
     29 	int session_id_set;
     30 	u8 *peerid;
     31 	size_t peerid_len;
     32 	u8 *serverid;
     33 	size_t serverid_len;
     34 };
     35 
     36 
     37 static const char * eap_sake_state_txt(int state)
     38 {
     39 	switch (state) {
     40 	case IDENTITY:
     41 		return "IDENTITY";
     42 	case CHALLENGE:
     43 		return "CHALLENGE";
     44 	case CONFIRM:
     45 		return "CONFIRM";
     46 	case SUCCESS:
     47 		return "SUCCESS";
     48 	case FAILURE:
     49 		return "FAILURE";
     50 	default:
     51 		return "?";
     52 	}
     53 }
     54 
     55 
     56 static void eap_sake_state(struct eap_sake_data *data, int state)
     57 {
     58 	wpa_printf(MSG_DEBUG, "EAP-SAKE: %s -> %s",
     59 		   eap_sake_state_txt(data->state),
     60 		   eap_sake_state_txt(state));
     61 	data->state = state;
     62 }
     63 
     64 
     65 static void eap_sake_deinit(struct eap_sm *sm, void *priv);
     66 
     67 
     68 static void * eap_sake_init(struct eap_sm *sm)
     69 {
     70 	struct eap_sake_data *data;
     71 	const u8 *identity, *password;
     72 	size_t identity_len, password_len;
     73 
     74 	password = eap_get_config_password(sm, &password_len);
     75 	if (!password || password_len != 2 * EAP_SAKE_ROOT_SECRET_LEN) {
     76 		wpa_printf(MSG_INFO, "EAP-SAKE: No key of correct length "
     77 			   "configured");
     78 		return NULL;
     79 	}
     80 
     81 	data = os_zalloc(sizeof(*data));
     82 	if (data == NULL)
     83 		return NULL;
     84 	data->state = IDENTITY;
     85 
     86 	identity = eap_get_config_identity(sm, &identity_len);
     87 	if (identity) {
     88 		data->peerid = os_malloc(identity_len);
     89 		if (data->peerid == NULL) {
     90 			eap_sake_deinit(sm, data);
     91 			return NULL;
     92 		}
     93 		os_memcpy(data->peerid, identity, identity_len);
     94 		data->peerid_len = identity_len;
     95 	}
     96 
     97 	os_memcpy(data->root_secret_a, password, EAP_SAKE_ROOT_SECRET_LEN);
     98 	os_memcpy(data->root_secret_b,
     99 		  password + EAP_SAKE_ROOT_SECRET_LEN,
    100 		  EAP_SAKE_ROOT_SECRET_LEN);
    101 
    102 	return data;
    103 }
    104 
    105 
    106 static void eap_sake_deinit(struct eap_sm *sm, void *priv)
    107 {
    108 	struct eap_sake_data *data = priv;
    109 	os_free(data->serverid);
    110 	os_free(data->peerid);
    111 	os_free(data);
    112 }
    113 
    114 
    115 static struct wpabuf * eap_sake_build_msg(struct eap_sake_data *data,
    116 					  int id, size_t length, u8 subtype)
    117 {
    118 	struct eap_sake_hdr *sake;
    119 	struct wpabuf *msg;
    120 	size_t plen;
    121 
    122 	plen = length + sizeof(struct eap_sake_hdr);
    123 
    124 	msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_SAKE, plen,
    125 			    EAP_CODE_RESPONSE, id);
    126 	if (msg == NULL) {
    127 		wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to allocate memory "
    128 			   "request");
    129 		return NULL;
    130 	}
    131 
    132 	sake = wpabuf_put(msg, sizeof(*sake));
    133 	sake->version = EAP_SAKE_VERSION;
    134 	sake->session_id = data->session_id;
    135 	sake->subtype = subtype;
    136 
    137 	return msg;
    138 }
    139 
    140 
    141 static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
    142 						 struct eap_sake_data *data,
    143 						 struct eap_method_ret *ret,
    144 						 const struct wpabuf *reqData,
    145 						 const u8 *payload,
    146 						 size_t payload_len)
    147 {
    148 	struct eap_sake_parse_attr attr;
    149 	struct wpabuf *resp;
    150 
    151 	if (data->state != IDENTITY) {
    152 		ret->ignore = TRUE;
    153 		return NULL;
    154 	}
    155 
    156 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Identity");
    157 
    158 	if (eap_sake_parse_attributes(payload, payload_len, &attr))
    159 		return NULL;
    160 
    161 	if (!attr.perm_id_req && !attr.any_id_req) {
    162 		wpa_printf(MSG_INFO, "EAP-SAKE: No AT_PERM_ID_REQ or "
    163 			   "AT_ANY_ID_REQ in Request/Identity");
    164 		return NULL;
    165 	}
    166 
    167 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity");
    168 
    169 	resp = eap_sake_build_msg(data, eap_get_id(reqData),
    170 				  2 + data->peerid_len,
    171 				  EAP_SAKE_SUBTYPE_IDENTITY);
    172 	if (resp == NULL)
    173 		return NULL;
    174 
    175 	wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
    176 	eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID,
    177 			  data->peerid, data->peerid_len);
    178 
    179 	eap_sake_state(data, CHALLENGE);
    180 
    181 	return resp;
    182 }
    183 
    184 
    185 static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
    186 						  struct eap_sake_data *data,
    187 						  struct eap_method_ret *ret,
    188 						  const struct wpabuf *reqData,
    189 						  const u8 *payload,
    190 						  size_t payload_len)
    191 {
    192 	struct eap_sake_parse_attr attr;
    193 	struct wpabuf *resp;
    194 	u8 *rpos;
    195 	size_t rlen;
    196 
    197 	if (data->state != IDENTITY && data->state != CHALLENGE) {
    198 		wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge received "
    199 			   "in unexpected state (%d)", data->state);
    200 		ret->ignore = TRUE;
    201 		return NULL;
    202 	}
    203 	if (data->state == IDENTITY)
    204 		eap_sake_state(data, CHALLENGE);
    205 
    206 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Challenge");
    207 
    208 	if (eap_sake_parse_attributes(payload, payload_len, &attr))
    209 		return NULL;
    210 
    211 	if (!attr.rand_s) {
    212 		wpa_printf(MSG_INFO, "EAP-SAKE: Request/Challenge did not "
    213 			   "include AT_RAND_S");
    214 		return NULL;
    215 	}
    216 
    217 	os_memcpy(data->rand_s, attr.rand_s, EAP_SAKE_RAND_LEN);
    218 	wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
    219 		    data->rand_s, EAP_SAKE_RAND_LEN);
    220 
    221 	if (random_get_bytes(data->rand_p, EAP_SAKE_RAND_LEN)) {
    222 		wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
    223 		return NULL;
    224 	}
    225 	wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_P (peer rand)",
    226 		    data->rand_p, EAP_SAKE_RAND_LEN);
    227 
    228 	os_free(data->serverid);
    229 	data->serverid = NULL;
    230 	data->serverid_len = 0;
    231 	if (attr.serverid) {
    232 		wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-SAKE: SERVERID",
    233 				  attr.serverid, attr.serverid_len);
    234 		data->serverid = os_malloc(attr.serverid_len);
    235 		if (data->serverid == NULL)
    236 			return NULL;
    237 		os_memcpy(data->serverid, attr.serverid, attr.serverid_len);
    238 		data->serverid_len = attr.serverid_len;
    239 	}
    240 
    241 	eap_sake_derive_keys(data->root_secret_a, data->root_secret_b,
    242 			     data->rand_s, data->rand_p,
    243 			     (u8 *) &data->tek, data->msk, data->emsk);
    244 
    245 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Challenge");
    246 
    247 	rlen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN;
    248 	if (data->peerid)
    249 		rlen += 2 + data->peerid_len;
    250 	resp = eap_sake_build_msg(data, eap_get_id(reqData), rlen,
    251 				  EAP_SAKE_SUBTYPE_CHALLENGE);
    252 	if (resp == NULL)
    253 		return NULL;
    254 
    255 	wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_P");
    256 	eap_sake_add_attr(resp, EAP_SAKE_AT_RAND_P,
    257 			  data->rand_p, EAP_SAKE_RAND_LEN);
    258 
    259 	if (data->peerid) {
    260 		wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
    261 		eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID,
    262 				  data->peerid, data->peerid_len);
    263 	}
    264 
    265 	wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P");
    266 	wpabuf_put_u8(resp, EAP_SAKE_AT_MIC_P);
    267 	wpabuf_put_u8(resp, 2 + EAP_SAKE_MIC_LEN);
    268 	rpos = wpabuf_put(resp, EAP_SAKE_MIC_LEN);
    269 	if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
    270 				 data->serverid, data->serverid_len,
    271 				 data->peerid, data->peerid_len, 1,
    272 				 wpabuf_head(resp), wpabuf_len(resp), rpos,
    273 				 rpos)) {
    274 		wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
    275 		wpabuf_free(resp);
    276 		return NULL;
    277 	}
    278 
    279 	eap_sake_state(data, CONFIRM);
    280 
    281 	return resp;
    282 }
    283 
    284 
    285 static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
    286 						struct eap_sake_data *data,
    287 						struct eap_method_ret *ret,
    288 						const struct wpabuf *reqData,
    289 						const u8 *payload,
    290 						size_t payload_len)
    291 {
    292 	struct eap_sake_parse_attr attr;
    293 	u8 mic_s[EAP_SAKE_MIC_LEN];
    294 	struct wpabuf *resp;
    295 	u8 *rpos;
    296 
    297 	if (data->state != CONFIRM) {
    298 		ret->ignore = TRUE;
    299 		return NULL;
    300 	}
    301 
    302 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Confirm");
    303 
    304 	if (eap_sake_parse_attributes(payload, payload_len, &attr))
    305 		return NULL;
    306 
    307 	if (!attr.mic_s) {
    308 		wpa_printf(MSG_INFO, "EAP-SAKE: Request/Confirm did not "
    309 			   "include AT_MIC_S");
    310 		return NULL;
    311 	}
    312 
    313 	eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
    314 			     data->serverid, data->serverid_len,
    315 			     data->peerid, data->peerid_len, 0,
    316 			     wpabuf_head(reqData), wpabuf_len(reqData),
    317 			     attr.mic_s, mic_s);
    318 	if (os_memcmp(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) {
    319 		wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S");
    320 		eap_sake_state(data, FAILURE);
    321 		ret->methodState = METHOD_DONE;
    322 		ret->decision = DECISION_FAIL;
    323 		ret->allowNotifications = FALSE;
    324 		wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending "
    325 			   "Response/Auth-Reject");
    326 		return eap_sake_build_msg(data, eap_get_id(reqData), 0,
    327 					  EAP_SAKE_SUBTYPE_AUTH_REJECT);
    328 	}
    329 
    330 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Confirm");
    331 
    332 	resp = eap_sake_build_msg(data, eap_get_id(reqData),
    333 				  2 + EAP_SAKE_MIC_LEN,
    334 				  EAP_SAKE_SUBTYPE_CONFIRM);
    335 	if (resp == NULL)
    336 		return NULL;
    337 
    338 	wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P");
    339 	wpabuf_put_u8(resp, EAP_SAKE_AT_MIC_P);
    340 	wpabuf_put_u8(resp, 2 + EAP_SAKE_MIC_LEN);
    341 	rpos = wpabuf_put(resp, EAP_SAKE_MIC_LEN);
    342 	if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
    343 				 data->serverid, data->serverid_len,
    344 				 data->peerid, data->peerid_len, 1,
    345 				 wpabuf_head(resp), wpabuf_len(resp), rpos,
    346 				 rpos)) {
    347 		wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
    348 		wpabuf_free(resp);
    349 		return NULL;
    350 	}
    351 
    352 	eap_sake_state(data, SUCCESS);
    353 	ret->methodState = METHOD_DONE;
    354 	ret->decision = DECISION_UNCOND_SUCC;
    355 	ret->allowNotifications = FALSE;
    356 
    357 	return resp;
    358 }
    359 
    360 
    361 static struct wpabuf * eap_sake_process(struct eap_sm *sm, void *priv,
    362 					struct eap_method_ret *ret,
    363 					const struct wpabuf *reqData)
    364 {
    365 	struct eap_sake_data *data = priv;
    366 	const struct eap_sake_hdr *req;
    367 	struct wpabuf *resp;
    368 	const u8 *pos, *end;
    369 	size_t len;
    370 	u8 subtype, session_id;
    371 
    372 	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, reqData, &len);
    373 	if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
    374 		ret->ignore = TRUE;
    375 		return NULL;
    376 	}
    377 
    378 	req = (const struct eap_sake_hdr *) pos;
    379 	end = pos + len;
    380 	subtype = req->subtype;
    381 	session_id = req->session_id;
    382 	pos = (const u8 *) (req + 1);
    383 
    384 	wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype %d "
    385 		   "session_id %d", subtype, session_id);
    386 	wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Received attributes",
    387 		    pos, end - pos);
    388 
    389 	if (data->session_id_set && data->session_id != session_id) {
    390 		wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)",
    391 			   session_id, data->session_id);
    392 		ret->ignore = TRUE;
    393 		return NULL;
    394 	}
    395 	data->session_id = session_id;
    396 	data->session_id_set = 1;
    397 
    398 	ret->ignore = FALSE;
    399 	ret->methodState = METHOD_MAY_CONT;
    400 	ret->decision = DECISION_FAIL;
    401 	ret->allowNotifications = TRUE;
    402 
    403 	switch (subtype) {
    404 	case EAP_SAKE_SUBTYPE_IDENTITY:
    405 		resp = eap_sake_process_identity(sm, data, ret, reqData,
    406 						 pos, end - pos);
    407 		break;
    408 	case EAP_SAKE_SUBTYPE_CHALLENGE:
    409 		resp = eap_sake_process_challenge(sm, data, ret, reqData,
    410 						  pos, end - pos);
    411 		break;
    412 	case EAP_SAKE_SUBTYPE_CONFIRM:
    413 		resp = eap_sake_process_confirm(sm, data, ret, reqData,
    414 						pos, end - pos);
    415 		break;
    416 	default:
    417 		wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring message with "
    418 			   "unknown subtype %d", subtype);
    419 		ret->ignore = TRUE;
    420 		return NULL;
    421 	}
    422 
    423 	if (ret->methodState == METHOD_DONE)
    424 		ret->allowNotifications = FALSE;
    425 
    426 	return resp;
    427 }
    428 
    429 
    430 static Boolean eap_sake_isKeyAvailable(struct eap_sm *sm, void *priv)
    431 {
    432 	struct eap_sake_data *data = priv;
    433 	return data->state == SUCCESS;
    434 }
    435 
    436 
    437 static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len)
    438 {
    439 	struct eap_sake_data *data = priv;
    440 	u8 *key;
    441 
    442 	if (data->state != SUCCESS)
    443 		return NULL;
    444 
    445 	key = os_malloc(EAP_MSK_LEN);
    446 	if (key == NULL)
    447 		return NULL;
    448 	os_memcpy(key, data->msk, EAP_MSK_LEN);
    449 	*len = EAP_MSK_LEN;
    450 
    451 	return key;
    452 }
    453 
    454 
    455 static u8 * eap_sake_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
    456 {
    457 	struct eap_sake_data *data = priv;
    458 	u8 *id;
    459 
    460 	if (data->state != SUCCESS)
    461 		return NULL;
    462 
    463 	*len = 1 + 2 * EAP_SAKE_RAND_LEN;
    464 	id = os_malloc(*len);
    465 	if (id == NULL)
    466 		return NULL;
    467 
    468 	id[0] = EAP_TYPE_SAKE;
    469 	os_memcpy(id + 1, data->rand_s, EAP_SAKE_RAND_LEN);
    470 	os_memcpy(id + 1 + EAP_SAKE_RAND_LEN, data->rand_s, EAP_SAKE_RAND_LEN);
    471 	wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Derived Session-Id", id, *len);
    472 
    473 	return id;
    474 }
    475 
    476 
    477 static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
    478 {
    479 	struct eap_sake_data *data = priv;
    480 	u8 *key;
    481 
    482 	if (data->state != SUCCESS)
    483 		return NULL;
    484 
    485 	key = os_malloc(EAP_EMSK_LEN);
    486 	if (key == NULL)
    487 		return NULL;
    488 	os_memcpy(key, data->emsk, EAP_EMSK_LEN);
    489 	*len = EAP_EMSK_LEN;
    490 
    491 	return key;
    492 }
    493 
    494 
    495 int eap_peer_sake_register(void)
    496 {
    497 	struct eap_method *eap;
    498 	int ret;
    499 
    500 	eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
    501 				    EAP_VENDOR_IETF, EAP_TYPE_SAKE, "SAKE");
    502 	if (eap == NULL)
    503 		return -1;
    504 
    505 	eap->init = eap_sake_init;
    506 	eap->deinit = eap_sake_deinit;
    507 	eap->process = eap_sake_process;
    508 	eap->isKeyAvailable = eap_sake_isKeyAvailable;
    509 	eap->getKey = eap_sake_getKey;
    510 	eap->getSessionId = eap_sake_get_session_id;
    511 	eap->get_emsk = eap_sake_get_emsk;
    512 
    513 	ret = eap_peer_method_register(eap);
    514 	if (ret)
    515 		eap_peer_method_free(eap);
    516 	return ret;
    517 }
    518