2 * hostapd / EAP-TTLS (RFC 5281)
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "crypto/ms_funcs.h"
19 #include "crypto/sha1.h"
20 #include "crypto/tls.h"
21 #include "eap_server/eap_i.h"
22 #include "eap_server/eap_tls_common.h"
23 #include "eap_common/chap.h"
24 #include "eap_common/eap_ttls.h"
27 #define EAP_TTLS_VERSION 0
30 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
33 struct eap_ttls_data {
34 struct eap_ssl_data ssl;
36 START, PHASE1, PHASE2_START, PHASE2_METHOD,
37 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
41 const struct eap_method *phase2_method;
44 u8 mschapv2_auth_response[20];
46 struct wpabuf *pending_phase2_eap_resp;
51 static const char * eap_ttls_state_txt(int state)
59 return "PHASE2_START";
61 return "PHASE2_METHOD";
62 case PHASE2_MSCHAPV2_RESP:
63 return "PHASE2_MSCHAPV2_RESP";
74 static void eap_ttls_state(struct eap_ttls_data *data, int state)
76 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
77 eap_ttls_state_txt(data->state),
78 eap_ttls_state_txt(state));
83 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
84 int mandatory, size_t len)
86 struct ttls_avp_vendor *avp;
90 avp = (struct ttls_avp_vendor *) avphdr;
91 flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
93 flags |= AVP_FLAGS_VENDOR;
94 hdrlen = sizeof(*avp);
95 avp->vendor_id = host_to_be32(vendor_id);
97 hdrlen = sizeof(struct ttls_avp);
100 avp->avp_code = host_to_be32(avp_code);
101 avp->avp_length = host_to_be32(((u32) flags << 24) |
102 ((u32) (hdrlen + len)));
104 return avphdr + hdrlen;
108 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
109 u32 avp_code, int mandatory)
114 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
120 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
122 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
123 pos += wpabuf_len(resp);
124 AVP_PAD((const u8 *) wpabuf_head(avp), pos);
126 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
131 struct eap_ttls_avp {
132 /* Note: eap is allocated memory; caller is responsible for freeing
133 * it. All the other pointers are pointing to the packet data, i.e.,
134 * they must not be freed separately. */
138 size_t user_name_len;
140 size_t user_password_len;
142 size_t chap_challenge_len;
144 size_t chap_password_len;
145 u8 *mschap_challenge;
146 size_t mschap_challenge_len;
148 size_t mschap_response_len;
149 u8 *mschap2_response;
150 size_t mschap2_response_len;
154 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
156 struct ttls_avp *avp;
160 pos = wpabuf_mhead(buf);
161 left = wpabuf_len(buf);
162 os_memset(parse, 0, sizeof(*parse));
165 u32 avp_code, avp_length, vendor_id = 0;
168 avp = (struct ttls_avp *) pos;
169 avp_code = be_to_host32(avp->avp_code);
170 avp_length = be_to_host32(avp->avp_length);
171 avp_flags = (avp_length >> 24) & 0xff;
172 avp_length &= 0xffffff;
173 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
174 "length=%d", (int) avp_code, avp_flags,
176 if ((int) avp_length > left) {
177 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
178 "(len=%d, left=%d) - dropped",
179 (int) avp_length, left);
182 if (avp_length < sizeof(*avp)) {
183 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
187 dpos = (u8 *) (avp + 1);
188 dlen = avp_length - sizeof(*avp);
189 if (avp_flags & AVP_FLAGS_VENDOR) {
191 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
195 vendor_id = be_to_host32(* (be32 *) dpos);
196 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
202 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
204 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
205 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
206 if (parse->eap == NULL) {
207 parse->eap = os_malloc(dlen);
208 if (parse->eap == NULL) {
209 wpa_printf(MSG_WARNING, "EAP-TTLS: "
210 "failed to allocate memory "
211 "for Phase 2 EAP data");
214 os_memcpy(parse->eap, dpos, dlen);
215 parse->eap_len = dlen;
217 u8 *neweap = os_realloc(parse->eap,
218 parse->eap_len + dlen);
219 if (neweap == NULL) {
220 wpa_printf(MSG_WARNING, "EAP-TTLS: "
221 "failed to allocate memory "
222 "for Phase 2 EAP data");
225 os_memcpy(neweap + parse->eap_len, dpos, dlen);
227 parse->eap_len += dlen;
229 } else if (vendor_id == 0 &&
230 avp_code == RADIUS_ATTR_USER_NAME) {
231 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
233 parse->user_name = dpos;
234 parse->user_name_len = dlen;
235 } else if (vendor_id == 0 &&
236 avp_code == RADIUS_ATTR_USER_PASSWORD) {
238 size_t password_len = dlen;
239 while (password_len > 0 &&
240 password[password_len - 1] == '\0') {
243 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
244 "User-Password (PAP)",
245 password, password_len);
246 parse->user_password = password;
247 parse->user_password_len = password_len;
248 } else if (vendor_id == 0 &&
249 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
250 wpa_hexdump(MSG_DEBUG,
251 "EAP-TTLS: CHAP-Challenge (CHAP)",
253 parse->chap_challenge = dpos;
254 parse->chap_challenge_len = dlen;
255 } else if (vendor_id == 0 &&
256 avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
257 wpa_hexdump(MSG_DEBUG,
258 "EAP-TTLS: CHAP-Password (CHAP)",
260 parse->chap_password = dpos;
261 parse->chap_password_len = dlen;
262 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
263 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
264 wpa_hexdump(MSG_DEBUG,
265 "EAP-TTLS: MS-CHAP-Challenge",
267 parse->mschap_challenge = dpos;
268 parse->mschap_challenge_len = dlen;
269 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
270 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
271 wpa_hexdump(MSG_DEBUG,
272 "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
274 parse->mschap_response = dpos;
275 parse->mschap_response_len = dlen;
276 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
277 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
278 wpa_hexdump(MSG_DEBUG,
279 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
281 parse->mschap2_response = dpos;
282 parse->mschap2_response_len = dlen;
283 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
284 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
285 "mandatory AVP code %d vendor_id %d - "
286 "dropped", (int) avp_code, (int) vendor_id);
289 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
290 "AVP code %d vendor_id %d",
291 (int) avp_code, (int) vendor_id);
294 pad = (4 - (avp_length & 3)) & 3;
295 pos += avp_length + pad;
296 left -= avp_length + pad;
308 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
309 struct eap_ttls_data *data, size_t len)
311 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
316 static void * eap_ttls_init(struct eap_sm *sm)
318 struct eap_ttls_data *data;
320 data = os_zalloc(sizeof(*data));
323 data->ttls_version = EAP_TTLS_VERSION;
326 if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
327 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
328 eap_ttls_reset(sm, data);
336 static void eap_ttls_reset(struct eap_sm *sm, void *priv)
338 struct eap_ttls_data *data = priv;
341 if (data->phase2_priv && data->phase2_method)
342 data->phase2_method->reset(sm, data->phase2_priv);
343 eap_server_tls_ssl_deinit(sm, &data->ssl);
344 wpabuf_free(data->pending_phase2_eap_resp);
349 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
350 struct eap_ttls_data *data, u8 id)
354 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
355 EAP_CODE_REQUEST, id);
357 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
359 eap_ttls_state(data, FAILURE);
363 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
365 eap_ttls_state(data, PHASE1);
371 static struct wpabuf * eap_ttls_build_phase2_eap_req(
372 struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
374 struct wpabuf *buf, *encr_req;
377 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
381 wpa_hexdump_buf_key(MSG_DEBUG,
382 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
384 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
386 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
391 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
392 "Phase 2 data", buf);
394 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
401 static struct wpabuf * eap_ttls_build_phase2_mschapv2(
402 struct eap_sm *sm, struct eap_ttls_data *data)
404 struct wpabuf *encr_req, msgbuf;
408 pos = req = os_malloc(100);
413 if (data->mschapv2_resp_ok) {
414 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
415 RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
416 *pos++ = data->mschapv2_ident;
417 ret = os_snprintf((char *) pos, end - pos, "S=");
418 if (ret >= 0 && ret < end - pos)
420 pos += wpa_snprintf_hex_uppercase(
421 (char *) pos, end - pos, data->mschapv2_auth_response,
422 sizeof(data->mschapv2_auth_response));
424 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
425 RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
426 os_memcpy(pos, "Failed", 6);
431 wpabuf_set(&msgbuf, req, pos - req);
432 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
435 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
442 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
444 struct eap_ttls_data *data = priv;
446 if (data->ssl.state == FRAG_ACK) {
447 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
451 if (data->ssl.state == WAIT_FRAG_ACK) {
452 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
453 data->ttls_version, id);
456 switch (data->state) {
458 return eap_ttls_build_start(sm, data, id);
460 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
461 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
463 eap_ttls_state(data, PHASE2_START);
467 wpabuf_free(data->ssl.tls_out);
468 data->ssl.tls_out_pos = 0;
469 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
472 case PHASE2_MSCHAPV2_RESP:
473 wpabuf_free(data->ssl.tls_out);
474 data->ssl.tls_out_pos = 0;
475 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
478 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
479 __func__, data->state);
483 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
484 data->ttls_version, id);
488 static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
489 struct wpabuf *respData)
494 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
495 if (pos == NULL || len < 1) {
496 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
504 static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
505 struct eap_ttls_data *data,
506 const u8 *user_password,
507 size_t user_password_len)
509 if (!sm->user || !sm->user->password || sm->user->password_hash ||
510 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
511 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
512 "password configured");
513 eap_ttls_state(data, FAILURE);
517 if (sm->user->password_len != user_password_len ||
518 os_memcmp(sm->user->password, user_password, user_password_len) !=
520 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
521 eap_ttls_state(data, FAILURE);
525 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
526 eap_ttls_state(data, SUCCESS);
530 static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
531 struct eap_ttls_data *data,
533 size_t challenge_len,
537 u8 *chal, hash[CHAP_MD5_LEN];
539 if (challenge == NULL || password == NULL ||
540 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
541 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
542 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
543 "(challenge len %lu password len %lu)",
544 (unsigned long) challenge_len,
545 (unsigned long) password_len);
546 eap_ttls_state(data, FAILURE);
550 if (!sm->user || !sm->user->password || sm->user->password_hash ||
551 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
552 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
553 "password configured");
554 eap_ttls_state(data, FAILURE);
558 chal = eap_ttls_implicit_challenge(sm, data,
559 EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
561 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
562 "challenge from TLS data");
563 eap_ttls_state(data, FAILURE);
567 if (os_memcmp(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) != 0 ||
568 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
569 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
571 eap_ttls_state(data, FAILURE);
576 /* MD5(Ident + Password + Challenge) */
577 chap_md5(password[0], sm->user->password, sm->user->password_len,
578 challenge, challenge_len, hash);
580 if (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) {
581 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
582 eap_ttls_state(data, SUCCESS);
584 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
585 eap_ttls_state(data, FAILURE);
590 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
591 struct eap_ttls_data *data,
592 u8 *challenge, size_t challenge_len,
593 u8 *response, size_t response_len)
595 u8 *chal, nt_response[24];
597 if (challenge == NULL || response == NULL ||
598 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
599 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
600 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
601 "attributes (challenge len %lu response len %lu)",
602 (unsigned long) challenge_len,
603 (unsigned long) response_len);
604 eap_ttls_state(data, FAILURE);
608 if (!sm->user || !sm->user->password ||
609 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
610 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
612 eap_ttls_state(data, FAILURE);
616 chal = eap_ttls_implicit_challenge(sm, data,
617 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
619 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
620 "challenge from TLS data");
621 eap_ttls_state(data, FAILURE);
625 if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) != 0 ||
626 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
627 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
629 eap_ttls_state(data, FAILURE);
634 if (sm->user->password_hash)
635 challenge_response(challenge, sm->user->password, nt_response);
637 nt_challenge_response(challenge, sm->user->password,
638 sm->user->password_len, nt_response);
640 if (os_memcmp(nt_response, response + 2 + 24, 24) == 0) {
641 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
642 eap_ttls_state(data, SUCCESS);
644 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
645 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
646 response + 2 + 24, 24);
647 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
649 eap_ttls_state(data, FAILURE);
654 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
655 struct eap_ttls_data *data,
657 size_t challenge_len,
658 u8 *response, size_t response_len)
660 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
662 size_t username_len, i;
664 if (challenge == NULL || response == NULL ||
665 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
666 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
667 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
668 "attributes (challenge len %lu response len %lu)",
669 (unsigned long) challenge_len,
670 (unsigned long) response_len);
671 eap_ttls_state(data, FAILURE);
675 if (!sm->user || !sm->user->password ||
676 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
677 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
679 eap_ttls_state(data, FAILURE);
683 /* MSCHAPv2 does not include optional domain name in the
684 * challenge-response calculation, so remove domain prefix
686 username = sm->identity;
687 username_len = sm->identity_len;
688 for (i = 0; i < username_len; i++) {
689 if (username[i] == '\\') {
690 username_len -= i + 1;
696 chal = eap_ttls_implicit_challenge(
697 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
699 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
700 "challenge from TLS data");
701 eap_ttls_state(data, FAILURE);
705 if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) != 0 ||
706 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
707 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
709 eap_ttls_state(data, FAILURE);
714 auth_challenge = challenge;
715 peer_challenge = response + 2;
717 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
718 username, username_len);
719 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
720 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
721 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
722 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
724 if (sm->user->password_hash) {
725 generate_nt_response_pwhash(auth_challenge, peer_challenge,
726 username, username_len,
730 generate_nt_response(auth_challenge, peer_challenge,
731 username, username_len,
733 sm->user->password_len,
737 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
738 if (os_memcmp(nt_response, rx_resp, 24) == 0) {
739 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
741 data->mschapv2_resp_ok = 1;
743 if (sm->user->password_hash) {
744 generate_authenticator_response_pwhash(
746 peer_challenge, auth_challenge,
747 username, username_len, nt_response,
748 data->mschapv2_auth_response);
750 generate_authenticator_response(
751 sm->user->password, sm->user->password_len,
752 peer_challenge, auth_challenge,
753 username, username_len, nt_response,
754 data->mschapv2_auth_response);
757 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
759 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
761 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
763 data->mschapv2_resp_ok = 0;
765 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
766 data->mschapv2_ident = response[0];
770 static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
771 struct eap_ttls_data *data,
774 if (data->phase2_priv && data->phase2_method) {
775 data->phase2_method->reset(sm, data->phase2_priv);
776 data->phase2_method = NULL;
777 data->phase2_priv = NULL;
779 data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
781 if (!data->phase2_method)
785 data->phase2_priv = data->phase2_method->init(sm);
787 return data->phase2_priv == NULL ? -1 : 0;
791 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
792 struct eap_ttls_data *data,
793 u8 *in_data, size_t in_len)
795 u8 next_type = EAP_TYPE_NONE;
800 const struct eap_method *m = data->phase2_method;
801 void *priv = data->phase2_priv;
804 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
805 "initialized?!", __func__);
809 hdr = (struct eap_hdr *) in_data;
810 pos = (u8 *) (hdr + 1);
812 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
813 left = in_len - sizeof(*hdr);
814 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
815 "allowed types", pos + 1, left - 1);
816 eap_sm_process_nak(sm, pos + 1, left - 1);
817 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
818 sm->user->methods[sm->user_eap_method_index].method !=
820 next_type = sm->user->methods[
821 sm->user_eap_method_index++].method;
822 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
824 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
825 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
826 "initialize EAP type %d",
828 eap_ttls_state(data, FAILURE);
832 eap_ttls_state(data, FAILURE);
837 wpabuf_set(&buf, in_data, in_len);
839 if (m->check(sm, priv, &buf)) {
840 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
841 "ignore the packet");
845 m->process(sm, priv, &buf);
847 if (sm->method_pending == METHOD_PENDING_WAIT) {
848 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
849 "pending wait state - save decrypted response");
850 wpabuf_free(data->pending_phase2_eap_resp);
851 data->pending_phase2_eap_resp = wpabuf_dup(&buf);
854 if (!m->isDone(sm, priv))
857 if (!m->isSuccess(sm, priv)) {
858 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
859 eap_ttls_state(data, FAILURE);
863 switch (data->state) {
865 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
866 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
867 "Identity not found in the user "
869 sm->identity, sm->identity_len);
870 eap_ttls_state(data, FAILURE);
874 eap_ttls_state(data, PHASE2_METHOD);
875 next_type = sm->user->methods[0].method;
876 sm->user_eap_method_index = 1;
877 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
878 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
879 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
880 "EAP type %d", next_type);
881 eap_ttls_state(data, FAILURE);
885 eap_ttls_state(data, SUCCESS);
890 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
891 __func__, data->state);
897 static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
898 struct eap_ttls_data *data,
899 const u8 *eap, size_t eap_len)
904 if (data->state == PHASE2_START) {
905 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
906 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0)
908 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
909 "initialize EAP-Identity");
914 if (eap_len < sizeof(*hdr)) {
915 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
916 "packet (len=%lu)", (unsigned long) eap_len);
920 hdr = (struct eap_hdr *) eap;
921 len = be_to_host16(hdr->length);
922 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
923 "identifier=%d length=%lu", hdr->code, hdr->identifier,
924 (unsigned long) len);
926 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
927 " EAP frame (hdr len=%lu, data len in AVP=%lu)",
928 (unsigned long) len, (unsigned long) eap_len);
933 case EAP_CODE_RESPONSE:
934 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
938 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
939 "Phase 2 EAP header", hdr->code);
945 static void eap_ttls_process_phase2(struct eap_sm *sm,
946 struct eap_ttls_data *data,
947 struct wpabuf *in_buf)
949 struct wpabuf *in_decrypted;
950 struct eap_ttls_avp parse;
952 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
953 " Phase 2", (unsigned long) wpabuf_len(in_buf));
955 if (data->pending_phase2_eap_resp) {
956 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
957 "- skip decryption and use old data");
958 eap_ttls_process_phase2_eap(
959 sm, data, wpabuf_head(data->pending_phase2_eap_resp),
960 wpabuf_len(data->pending_phase2_eap_resp));
961 wpabuf_free(data->pending_phase2_eap_resp);
962 data->pending_phase2_eap_resp = NULL;
966 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
968 if (in_decrypted == NULL) {
969 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
971 eap_ttls_state(data, FAILURE);
975 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
978 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
979 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
980 wpabuf_free(in_decrypted);
981 eap_ttls_state(data, FAILURE);
985 if (parse.user_name) {
986 os_free(sm->identity);
987 sm->identity = os_malloc(parse.user_name_len);
989 os_memcpy(sm->identity, parse.user_name,
990 parse.user_name_len);
991 sm->identity_len = parse.user_name_len;
993 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
995 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
996 "found in the user database");
997 eap_ttls_state(data, FAILURE);
1002 #ifdef EAP_SERVER_TNC
1003 if (data->tnc_started && parse.eap == NULL) {
1004 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1005 "response from peer");
1006 eap_ttls_state(data, FAILURE);
1009 #endif /* EAP_SERVER_TNC */
1012 eap_ttls_process_phase2_eap(sm, data, parse.eap,
1014 } else if (parse.user_password) {
1015 eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1016 parse.user_password_len);
1017 } else if (parse.chap_password) {
1018 eap_ttls_process_phase2_chap(sm, data,
1019 parse.chap_challenge,
1020 parse.chap_challenge_len,
1021 parse.chap_password,
1022 parse.chap_password_len);
1023 } else if (parse.mschap_response) {
1024 eap_ttls_process_phase2_mschap(sm, data,
1025 parse.mschap_challenge,
1026 parse.mschap_challenge_len,
1027 parse.mschap_response,
1028 parse.mschap_response_len);
1029 } else if (parse.mschap2_response) {
1030 eap_ttls_process_phase2_mschapv2(sm, data,
1031 parse.mschap_challenge,
1032 parse.mschap_challenge_len,
1033 parse.mschap2_response,
1034 parse.mschap2_response_len);
1038 wpabuf_free(in_decrypted);
1043 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1045 #ifdef EAP_SERVER_TNC
1046 if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
1049 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1050 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
1051 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1052 eap_ttls_state(data, FAILURE);
1056 data->tnc_started = 1;
1057 eap_ttls_state(data, PHASE2_METHOD);
1058 #endif /* EAP_SERVER_TNC */
1062 static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1065 struct eap_ttls_data *data = priv;
1066 if (peer_version < data->ttls_version) {
1067 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1069 peer_version, data->ttls_version, peer_version);
1070 data->ttls_version = peer_version;
1077 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1078 const struct wpabuf *respData)
1080 struct eap_ttls_data *data = priv;
1082 switch (data->state) {
1084 if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1085 eap_ttls_state(data, FAILURE);
1089 eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1090 eap_ttls_start_tnc(sm, data);
1092 case PHASE2_MSCHAPV2_RESP:
1093 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1095 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1096 "acknowledged response");
1097 eap_ttls_state(data, SUCCESS);
1098 } else if (!data->mschapv2_resp_ok) {
1099 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1100 "acknowledged error");
1101 eap_ttls_state(data, FAILURE);
1103 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1104 "frame from peer (payload len %lu, "
1105 "expected empty frame)",
1107 wpabuf_len(data->ssl.tls_in));
1108 eap_ttls_state(data, FAILURE);
1110 eap_ttls_start_tnc(sm, data);
1113 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1114 data->state, __func__);
1120 static void eap_ttls_process(struct eap_sm *sm, void *priv,
1121 struct wpabuf *respData)
1123 struct eap_ttls_data *data = priv;
1124 if (eap_server_tls_process(sm, &data->ssl, respData, data,
1125 EAP_TYPE_TTLS, eap_ttls_process_version,
1126 eap_ttls_process_msg) < 0)
1127 eap_ttls_state(data, FAILURE);
1131 static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
1133 struct eap_ttls_data *data = priv;
1134 return data->state == SUCCESS || data->state == FAILURE;
1138 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1140 struct eap_ttls_data *data = priv;
1143 if (data->state != SUCCESS)
1146 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1147 "ttls keying material",
1150 *len = EAP_TLS_KEY_LEN;
1151 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1152 eapKeyData, EAP_TLS_KEY_LEN);
1154 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1161 static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1163 struct eap_ttls_data *data = priv;
1164 return data->state == SUCCESS;
1168 int eap_server_ttls_register(void)
1170 struct eap_method *eap;
1173 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1174 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1178 eap->init = eap_ttls_init;
1179 eap->reset = eap_ttls_reset;
1180 eap->buildReq = eap_ttls_buildReq;
1181 eap->check = eap_ttls_check;
1182 eap->process = eap_ttls_process;
1183 eap->isDone = eap_ttls_isDone;
1184 eap->getKey = eap_ttls_getKey;
1185 eap->isSuccess = eap_ttls_isSuccess;
1187 ret = eap_server_method_register(eap);
1189 eap_server_method_free(eap);