projects / framework / connectivity / wpasupplicant.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update changes file and submitted to OBS
[framework/connectivity/wpasupplicant.git] / src / eap_server / eap_server_ttls.c
1 /*
2  * hostapd / EAP-TTLS (RFC 5281)
3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "crypto/ms_funcs.h"
19 #include "crypto/sha1.h"
20 #include "crypto/tls.h"
21 #include "eap_server/eap_i.h"
22 #include "eap_server/eap_tls_common.h"
23 #include "eap_common/chap.h"
24 #include "eap_common/eap_ttls.h"
25
26
27 #define EAP_TTLS_VERSION 0
28
29
30 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
31
32
33 struct eap_ttls_data {
34         struct eap_ssl_data ssl;
35         enum {
36                 START, PHASE1, PHASE2_START, PHASE2_METHOD,
37                 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
38         } state;
39
40         int ttls_version;
41         const struct eap_method *phase2_method;
42         void *phase2_priv;
43         int mschapv2_resp_ok;
44         u8 mschapv2_auth_response[20];
45         u8 mschapv2_ident;
46         struct wpabuf *pending_phase2_eap_resp;
47         int tnc_started;
48 };
49
50
51 static const char * eap_ttls_state_txt(int state)
52 {
53         switch (state) {
54         case START:
55                 return "START";
56         case PHASE1:
57                 return "PHASE1";
58         case PHASE2_START:
59                 return "PHASE2_START";
60         case PHASE2_METHOD:
61                 return "PHASE2_METHOD";
62         case PHASE2_MSCHAPV2_RESP:
63                 return "PHASE2_MSCHAPV2_RESP";
64         case SUCCESS:
65                 return "SUCCESS";
66         case FAILURE:
67                 return "FAILURE";
68         default:
69                 return "Unknown?!";
70         }
71 }
72
73
74 static void eap_ttls_state(struct eap_ttls_data *data, int state)
75 {
76         wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
77                    eap_ttls_state_txt(data->state),
78                    eap_ttls_state_txt(state));
79         data->state = state;
80 }
81
82
83 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
84                              int mandatory, size_t len)
85 {
86         struct ttls_avp_vendor *avp;
87         u8 flags;
88         size_t hdrlen;
89
90         avp = (struct ttls_avp_vendor *) avphdr;
91         flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
92         if (vendor_id) {
93                 flags |= AVP_FLAGS_VENDOR;
94                 hdrlen = sizeof(*avp);
95                 avp->vendor_id = host_to_be32(vendor_id);
96         } else {
97                 hdrlen = sizeof(struct ttls_avp);
98         }
99
100         avp->avp_code = host_to_be32(avp_code);
101         avp->avp_length = host_to_be32(((u32) flags << 24) |
102                                        ((u32) (hdrlen + len)));
103
104         return avphdr + hdrlen;
105 }
106
107
108 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
109                                                 u32 avp_code, int mandatory)
110 {
111         struct wpabuf *avp;
112         u8 *pos;
113
114         avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
115         if (avp == NULL) {
116                 wpabuf_free(resp);
117                 return NULL;
118         }
119
120         pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
121                                wpabuf_len(resp));
122         os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
123         pos += wpabuf_len(resp);
124         AVP_PAD((const u8 *) wpabuf_head(avp), pos);
125         wpabuf_free(resp);
126         wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
127         return avp;
128 }
129
130
131 struct eap_ttls_avp {
132          /* Note: eap is allocated memory; caller is responsible for freeing
133           * it. All the other pointers are pointing to the packet data, i.e.,
134           * they must not be freed separately. */
135         u8 *eap;
136         size_t eap_len;
137         u8 *user_name;
138         size_t user_name_len;
139         u8 *user_password;
140         size_t user_password_len;
141         u8 *chap_challenge;
142         size_t chap_challenge_len;
143         u8 *chap_password;
144         size_t chap_password_len;
145         u8 *mschap_challenge;
146         size_t mschap_challenge_len;
147         u8 *mschap_response;
148         size_t mschap_response_len;
149         u8 *mschap2_response;
150         size_t mschap2_response_len;
151 };
152
153
154 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
155 {
156         struct ttls_avp *avp;
157         u8 *pos;
158         int left;
159
160         pos = wpabuf_mhead(buf);
161         left = wpabuf_len(buf);
162         os_memset(parse, 0, sizeof(*parse));
163
164         while (left > 0) {
165                 u32 avp_code, avp_length, vendor_id = 0;
166                 u8 avp_flags, *dpos;
167                 size_t pad, dlen;
168                 avp = (struct ttls_avp *) pos;
169                 avp_code = be_to_host32(avp->avp_code);
170                 avp_length = be_to_host32(avp->avp_length);
171                 avp_flags = (avp_length >> 24) & 0xff;
172                 avp_length &= 0xffffff;
173                 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
174                            "length=%d", (int) avp_code, avp_flags,
175                            (int) avp_length);
176                 if ((int) avp_length > left) {
177                         wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
178                                    "(len=%d, left=%d) - dropped",
179                                    (int) avp_length, left);
180                         goto fail;
181                 }
182                 if (avp_length < sizeof(*avp)) {
183                         wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
184                                    "%d", avp_length);
185                         goto fail;
186                 }
187                 dpos = (u8 *) (avp + 1);
188                 dlen = avp_length - sizeof(*avp);
189                 if (avp_flags & AVP_FLAGS_VENDOR) {
190                         if (dlen < 4) {
191                                 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
192                                            "underflow");
193                                 goto fail;
194                         }
195                         vendor_id = be_to_host32(* (be32 *) dpos);
196                         wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
197                                    (int) vendor_id);
198                         dpos += 4;
199                         dlen -= 4;
200                 }
201
202                 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
203
204                 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
205                         wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
206                         if (parse->eap == NULL) {
207                                 parse->eap = os_malloc(dlen);
208                                 if (parse->eap == NULL) {
209                                         wpa_printf(MSG_WARNING, "EAP-TTLS: "
210                                                    "failed to allocate memory "
211                                                    "for Phase 2 EAP data");
212                                         goto fail;
213                                 }
214                                 os_memcpy(parse->eap, dpos, dlen);
215                                 parse->eap_len = dlen;
216                         } else {
217                                 u8 *neweap = os_realloc(parse->eap,
218                                                         parse->eap_len + dlen);
219                                 if (neweap == NULL) {
220                                         wpa_printf(MSG_WARNING, "EAP-TTLS: "
221                                                    "failed to allocate memory "
222                                                    "for Phase 2 EAP data");
223                                         goto fail;
224                                 }
225                                 os_memcpy(neweap + parse->eap_len, dpos, dlen);
226                                 parse->eap = neweap;
227                                 parse->eap_len += dlen;
228                         }
229                 } else if (vendor_id == 0 &&
230                            avp_code == RADIUS_ATTR_USER_NAME) {
231                         wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
232                                           dpos, dlen);
233                         parse->user_name = dpos;
234                         parse->user_name_len = dlen;
235                 } else if (vendor_id == 0 &&
236                            avp_code == RADIUS_ATTR_USER_PASSWORD) {
237                         u8 *password = dpos;
238                         size_t password_len = dlen;
239                         while (password_len > 0 &&
240                                password[password_len - 1] == '\0') {
241                                 password_len--;
242                         }
243                         wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
244                                               "User-Password (PAP)",
245                                               password, password_len);
246                         parse->user_password = password;
247                         parse->user_password_len = password_len;
248                 } else if (vendor_id == 0 &&
249                            avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
250                         wpa_hexdump(MSG_DEBUG,
251                                     "EAP-TTLS: CHAP-Challenge (CHAP)",
252                                     dpos, dlen);
253                         parse->chap_challenge = dpos;
254                         parse->chap_challenge_len = dlen;
255                 } else if (vendor_id == 0 &&
256                            avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
257                         wpa_hexdump(MSG_DEBUG,
258                                     "EAP-TTLS: CHAP-Password (CHAP)",
259                                     dpos, dlen);
260                         parse->chap_password = dpos;
261                         parse->chap_password_len = dlen;
262                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
263                            avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
264                         wpa_hexdump(MSG_DEBUG,
265                                     "EAP-TTLS: MS-CHAP-Challenge",
266                                     dpos, dlen);
267                         parse->mschap_challenge = dpos;
268                         parse->mschap_challenge_len = dlen;
269                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
270                            avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
271                         wpa_hexdump(MSG_DEBUG,
272                                     "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
273                                     dpos, dlen);
274                         parse->mschap_response = dpos;
275                         parse->mschap_response_len = dlen;
276                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
277                            avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
278                         wpa_hexdump(MSG_DEBUG,
279                                     "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
280                                     dpos, dlen);
281                         parse->mschap2_response = dpos;
282                         parse->mschap2_response_len = dlen;
283                 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
284                         wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
285                                    "mandatory AVP code %d vendor_id %d - "
286                                    "dropped", (int) avp_code, (int) vendor_id);
287                         goto fail;
288                 } else {
289                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
290                                    "AVP code %d vendor_id %d",
291                                    (int) avp_code, (int) vendor_id);
292                 }
293
294                 pad = (4 - (avp_length & 3)) & 3;
295                 pos += avp_length + pad;
296                 left -= avp_length + pad;
297         }
298
299         return 0;
300
301 fail:
302         os_free(parse->eap);
303         parse->eap = NULL;
304         return -1;
305 }
306
307
308 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
309                                         struct eap_ttls_data *data, size_t len)
310 {
311         return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
312                                          len);
313 }
314
315
316 static void * eap_ttls_init(struct eap_sm *sm)
317 {
318         struct eap_ttls_data *data;
319
320         data = os_zalloc(sizeof(*data));
321         if (data == NULL)
322                 return NULL;
323         data->ttls_version = EAP_TTLS_VERSION;
324         data->state = START;
325
326         if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
327                 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
328                 eap_ttls_reset(sm, data);
329                 return NULL;
330         }
331
332         return data;
333 }
334
335
336 static void eap_ttls_reset(struct eap_sm *sm, void *priv)
337 {
338         struct eap_ttls_data *data = priv;
339         if (data == NULL)
340                 return;
341         if (data->phase2_priv && data->phase2_method)
342                 data->phase2_method->reset(sm, data->phase2_priv);
343         eap_server_tls_ssl_deinit(sm, &data->ssl);
344         wpabuf_free(data->pending_phase2_eap_resp);
345         os_free(data);
346 }
347
348
349 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
350                                             struct eap_ttls_data *data, u8 id)
351 {       
352         struct wpabuf *req;
353
354         req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
355                             EAP_CODE_REQUEST, id);
356         if (req == NULL) {
357                 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
358                            " request");
359                 eap_ttls_state(data, FAILURE);
360                 return NULL;
361         }
362
363         wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
364
365         eap_ttls_state(data, PHASE1);
366
367         return req;
368 }
369
370
371 static struct wpabuf * eap_ttls_build_phase2_eap_req(
372         struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
373 {
374         struct wpabuf *buf, *encr_req;
375
376
377         buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
378         if (buf == NULL)
379                 return NULL;
380
381         wpa_hexdump_buf_key(MSG_DEBUG,
382                             "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
383
384         buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
385         if (buf == NULL) {
386                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
387                            "packet");
388                 return NULL;
389         }
390
391         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
392                             "Phase 2 data", buf);
393
394         encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
395         wpabuf_free(buf);
396
397         return encr_req;
398 }
399
400
401 static struct wpabuf * eap_ttls_build_phase2_mschapv2(
402         struct eap_sm *sm, struct eap_ttls_data *data)
403 {
404         struct wpabuf *encr_req, msgbuf;
405         u8 *req, *pos, *end;
406         int ret;
407
408         pos = req = os_malloc(100);
409         if (req == NULL)
410                 return NULL;
411         end = req + 100;
412
413         if (data->mschapv2_resp_ok) {
414                 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
415                                        RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
416                 *pos++ = data->mschapv2_ident;
417                 ret = os_snprintf((char *) pos, end - pos, "S=");
418                 if (ret >= 0 && ret < end - pos)
419                         pos += ret;
420                 pos += wpa_snprintf_hex_uppercase(
421                         (char *) pos, end - pos, data->mschapv2_auth_response,
422                         sizeof(data->mschapv2_auth_response));
423         } else {
424                 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
425                                        RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
426                 os_memcpy(pos, "Failed", 6);
427                 pos += 6;
428                 AVP_PAD(req, pos);
429         }
430
431         wpabuf_set(&msgbuf, req, pos - req);
432         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
433                             "data", &msgbuf);
434
435         encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
436         os_free(req);
437
438         return encr_req;
439 }
440
441
442 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
443 {
444         struct eap_ttls_data *data = priv;
445
446         if (data->ssl.state == FRAG_ACK) {
447                 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
448                                                 data->ttls_version);
449         }
450
451         if (data->ssl.state == WAIT_FRAG_ACK) {
452                 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
453                                                 data->ttls_version, id);
454         }
455
456         switch (data->state) {
457         case START:
458                 return eap_ttls_build_start(sm, data, id);
459         case PHASE1:
460                 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
461                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
462                                    "starting Phase2");
463                         eap_ttls_state(data, PHASE2_START);
464                 }
465                 break;
466         case PHASE2_METHOD:
467                 wpabuf_free(data->ssl.tls_out);
468                 data->ssl.tls_out_pos = 0;
469                 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
470                                                                   id);
471                 break;
472         case PHASE2_MSCHAPV2_RESP:
473                 wpabuf_free(data->ssl.tls_out);
474                 data->ssl.tls_out_pos = 0;
475                 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
476                 break;
477         default:
478                 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
479                            __func__, data->state);
480                 return NULL;
481         }
482
483         return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
484                                         data->ttls_version, id);
485 }
486
487
488 static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
489                               struct wpabuf *respData)
490 {
491         const u8 *pos;
492         size_t len;
493
494         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
495         if (pos == NULL || len < 1) {
496                 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
497                 return TRUE;
498         }
499
500         return FALSE;
501 }
502
503
504 static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
505                                         struct eap_ttls_data *data,
506                                         const u8 *user_password,
507                                         size_t user_password_len)
508 {
509         if (!sm->user || !sm->user->password || sm->user->password_hash ||
510             !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
511                 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
512                            "password configured");
513                 eap_ttls_state(data, FAILURE);
514                 return;
515         }
516
517         if (sm->user->password_len != user_password_len ||
518             os_memcmp(sm->user->password, user_password, user_password_len) !=
519             0) {
520                 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
521                 eap_ttls_state(data, FAILURE);
522                 return;
523         }
524
525         wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
526         eap_ttls_state(data, SUCCESS);
527 }
528
529
530 static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
531                                          struct eap_ttls_data *data,
532                                          const u8 *challenge,
533                                          size_t challenge_len,
534                                          const u8 *password,
535                                          size_t password_len)
536 {
537         u8 *chal, hash[CHAP_MD5_LEN];
538
539         if (challenge == NULL || password == NULL ||
540             challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
541             password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
542                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
543                            "(challenge len %lu password len %lu)",
544                            (unsigned long) challenge_len,
545                            (unsigned long) password_len);
546                 eap_ttls_state(data, FAILURE);
547                 return;
548         }
549
550         if (!sm->user || !sm->user->password || sm->user->password_hash ||
551             !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
552                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
553                            "password configured");
554                 eap_ttls_state(data, FAILURE);
555                 return;
556         }
557
558         chal = eap_ttls_implicit_challenge(sm, data,
559                                            EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
560         if (chal == NULL) {
561                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
562                            "challenge from TLS data");
563                 eap_ttls_state(data, FAILURE);
564                 return;
565         }
566
567         if (os_memcmp(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) != 0 ||
568             password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
569                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
570                 os_free(chal);
571                 eap_ttls_state(data, FAILURE);
572                 return;
573         }
574         os_free(chal);
575
576         /* MD5(Ident + Password + Challenge) */
577         chap_md5(password[0], sm->user->password, sm->user->password_len,
578                  challenge, challenge_len, hash);
579
580         if (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) {
581                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
582                 eap_ttls_state(data, SUCCESS);
583         } else {
584                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
585                 eap_ttls_state(data, FAILURE);
586         }
587 }
588
589
590 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
591                                            struct eap_ttls_data *data,
592                                            u8 *challenge, size_t challenge_len,
593                                            u8 *response, size_t response_len)
594 {
595         u8 *chal, nt_response[24];
596
597         if (challenge == NULL || response == NULL ||
598             challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
599             response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
600                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
601                            "attributes (challenge len %lu response len %lu)",
602                            (unsigned long) challenge_len,
603                            (unsigned long) response_len);
604                 eap_ttls_state(data, FAILURE);
605                 return;
606         }
607
608         if (!sm->user || !sm->user->password ||
609             !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
610                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
611                            "configured");
612                 eap_ttls_state(data, FAILURE);
613                 return;
614         }
615
616         chal = eap_ttls_implicit_challenge(sm, data,
617                                            EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
618         if (chal == NULL) {
619                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
620                            "challenge from TLS data");
621                 eap_ttls_state(data, FAILURE);
622                 return;
623         }
624
625         if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) != 0 ||
626             response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
627                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
628                 os_free(chal);
629                 eap_ttls_state(data, FAILURE);
630                 return;
631         }
632         os_free(chal);
633
634         if (sm->user->password_hash)
635                 challenge_response(challenge, sm->user->password, nt_response);
636         else
637                 nt_challenge_response(challenge, sm->user->password,
638                                       sm->user->password_len, nt_response);
639
640         if (os_memcmp(nt_response, response + 2 + 24, 24) == 0) {
641                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
642                 eap_ttls_state(data, SUCCESS);
643         } else {
644                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
645                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
646                             response + 2 + 24, 24);
647                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
648                             nt_response, 24);
649                 eap_ttls_state(data, FAILURE);
650         }
651 }
652
653
654 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
655                                              struct eap_ttls_data *data,
656                                              u8 *challenge,
657                                              size_t challenge_len,
658                                              u8 *response, size_t response_len)
659 {
660         u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
661                 *auth_challenge;
662         size_t username_len, i;
663
664         if (challenge == NULL || response == NULL ||
665             challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
666             response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
667                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
668                            "attributes (challenge len %lu response len %lu)",
669                            (unsigned long) challenge_len,
670                            (unsigned long) response_len);
671                 eap_ttls_state(data, FAILURE);
672                 return;
673         }
674
675         if (!sm->user || !sm->user->password ||
676             !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
677                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
678                            "configured");
679                 eap_ttls_state(data, FAILURE);
680                 return;
681         }
682
683         /* MSCHAPv2 does not include optional domain name in the
684          * challenge-response calculation, so remove domain prefix
685          * (if present). */
686         username = sm->identity;
687         username_len = sm->identity_len;
688         for (i = 0; i < username_len; i++) {
689                 if (username[i] == '\\') {
690                         username_len -= i + 1;
691                         username += i + 1;
692                         break;
693                 }
694         }
695
696         chal = eap_ttls_implicit_challenge(
697                 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
698         if (chal == NULL) {
699                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
700                            "challenge from TLS data");
701                 eap_ttls_state(data, FAILURE);
702                 return;
703         }
704
705         if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) != 0 ||
706             response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
707                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
708                 os_free(chal);
709                 eap_ttls_state(data, FAILURE);
710                 return;
711         }
712         os_free(chal);
713
714         auth_challenge = challenge;
715         peer_challenge = response + 2;
716
717         wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
718                           username, username_len);
719         wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
720                     auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
721         wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
722                     peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
723
724         if (sm->user->password_hash) {
725                 generate_nt_response_pwhash(auth_challenge, peer_challenge,
726                                             username, username_len,
727                                             sm->user->password,
728                                             nt_response);
729         } else {
730                 generate_nt_response(auth_challenge, peer_challenge,
731                                      username, username_len,
732                                      sm->user->password,
733                                      sm->user->password_len,
734                                      nt_response);
735         }
736
737         rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
738         if (os_memcmp(nt_response, rx_resp, 24) == 0) {
739                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
740                            "NT-Response");
741                 data->mschapv2_resp_ok = 1;
742
743                 if (sm->user->password_hash) {
744                         generate_authenticator_response_pwhash(
745                                 sm->user->password,
746                                 peer_challenge, auth_challenge,
747                                 username, username_len, nt_response,
748                                 data->mschapv2_auth_response);
749                 } else {
750                         generate_authenticator_response(
751                                 sm->user->password, sm->user->password_len,
752                                 peer_challenge, auth_challenge,
753                                 username, username_len, nt_response,
754                                 data->mschapv2_auth_response);
755                 }
756         } else {
757                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
758                            "NT-Response");
759                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
760                             rx_resp, 24);
761                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
762                             nt_response, 24);
763                 data->mschapv2_resp_ok = 0;
764         }
765         eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
766         data->mschapv2_ident = response[0];
767 }
768
769
770 static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
771                                     struct eap_ttls_data *data,
772                                     EapType eap_type)
773 {
774         if (data->phase2_priv && data->phase2_method) {
775                 data->phase2_method->reset(sm, data->phase2_priv);
776                 data->phase2_method = NULL;
777                 data->phase2_priv = NULL;
778         }
779         data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
780                                                         eap_type);
781         if (!data->phase2_method)
782                 return -1;
783
784         sm->init_phase2 = 1;
785         data->phase2_priv = data->phase2_method->init(sm);
786         sm->init_phase2 = 0;
787         return data->phase2_priv == NULL ? -1 : 0;
788 }
789
790
791 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
792                                                  struct eap_ttls_data *data,
793                                                  u8 *in_data, size_t in_len)
794 {
795         u8 next_type = EAP_TYPE_NONE;
796         struct eap_hdr *hdr;
797         u8 *pos;
798         size_t left;
799         struct wpabuf buf;
800         const struct eap_method *m = data->phase2_method;
801         void *priv = data->phase2_priv;
802
803         if (priv == NULL) {
804                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
805                            "initialized?!", __func__);
806                 return;
807         }
808
809         hdr = (struct eap_hdr *) in_data;
810         pos = (u8 *) (hdr + 1);
811
812         if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
813                 left = in_len - sizeof(*hdr);
814                 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
815                             "allowed types", pos + 1, left - 1);
816                 eap_sm_process_nak(sm, pos + 1, left - 1);
817                 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
818                     sm->user->methods[sm->user_eap_method_index].method !=
819                     EAP_TYPE_NONE) {
820                         next_type = sm->user->methods[
821                                 sm->user_eap_method_index++].method;
822                         wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
823                                    next_type);
824                         if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
825                                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
826                                            "initialize EAP type %d",
827                                            next_type);
828                                 eap_ttls_state(data, FAILURE);
829                                 return;
830                         }
831                 } else {
832                         eap_ttls_state(data, FAILURE);
833                 }
834                 return;
835         }
836
837         wpabuf_set(&buf, in_data, in_len);
838
839         if (m->check(sm, priv, &buf)) {
840                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
841                            "ignore the packet");
842                 return;
843         }
844
845         m->process(sm, priv, &buf);
846
847         if (sm->method_pending == METHOD_PENDING_WAIT) {
848                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
849                            "pending wait state - save decrypted response");
850                 wpabuf_free(data->pending_phase2_eap_resp);
851                 data->pending_phase2_eap_resp = wpabuf_dup(&buf);
852         }
853
854         if (!m->isDone(sm, priv))
855                 return;
856
857         if (!m->isSuccess(sm, priv)) {
858                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
859                 eap_ttls_state(data, FAILURE);
860                 return;
861         }
862
863         switch (data->state) {
864         case PHASE2_START:
865                 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
866                         wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
867                                           "Identity not found in the user "
868                                           "database",
869                                           sm->identity, sm->identity_len);
870                         eap_ttls_state(data, FAILURE);
871                         break;
872                 }
873
874                 eap_ttls_state(data, PHASE2_METHOD);
875                 next_type = sm->user->methods[0].method;
876                 sm->user_eap_method_index = 1;
877                 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
878                 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
879                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
880                                    "EAP type %d", next_type);
881                         eap_ttls_state(data, FAILURE);
882                 }
883                 break;
884         case PHASE2_METHOD:
885                 eap_ttls_state(data, SUCCESS);
886                 break;
887         case FAILURE:
888                 break;
889         default:
890                 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
891                            __func__, data->state);
892                 break;
893         }
894 }
895
896
897 static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
898                                         struct eap_ttls_data *data,
899                                         const u8 *eap, size_t eap_len)
900 {
901         struct eap_hdr *hdr;
902         size_t len;
903
904         if (data->state == PHASE2_START) {
905                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
906                 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0)
907                 {
908                         wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
909                                    "initialize EAP-Identity");
910                         return;
911                 }
912         }
913
914         if (eap_len < sizeof(*hdr)) {
915                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
916                            "packet (len=%lu)", (unsigned long) eap_len);
917                 return;
918         }
919
920         hdr = (struct eap_hdr *) eap;
921         len = be_to_host16(hdr->length);
922         wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
923                    "identifier=%d length=%lu", hdr->code, hdr->identifier,
924                    (unsigned long) len);
925         if (len > eap_len) {
926                 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
927                            " EAP frame (hdr len=%lu, data len in AVP=%lu)",
928                            (unsigned long) len, (unsigned long) eap_len);
929                 return;
930         }
931
932         switch (hdr->code) {
933         case EAP_CODE_RESPONSE:
934                 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
935                                                      len);
936                 break;
937         default:
938                 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
939                            "Phase 2 EAP header", hdr->code);
940                 break;
941         }
942 }
943
944
945 static void eap_ttls_process_phase2(struct eap_sm *sm,
946                                     struct eap_ttls_data *data,
947                                     struct wpabuf *in_buf)
948 {
949         struct wpabuf *in_decrypted;
950         struct eap_ttls_avp parse;
951
952         wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
953                    " Phase 2", (unsigned long) wpabuf_len(in_buf));
954
955         if (data->pending_phase2_eap_resp) {
956                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
957                            "- skip decryption and use old data");
958                 eap_ttls_process_phase2_eap(
959                         sm, data, wpabuf_head(data->pending_phase2_eap_resp),
960                         wpabuf_len(data->pending_phase2_eap_resp));
961                 wpabuf_free(data->pending_phase2_eap_resp);
962                 data->pending_phase2_eap_resp = NULL;
963                 return;
964         }
965
966         in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
967                                               in_buf);
968         if (in_decrypted == NULL) {
969                 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
970                            "data");
971                 eap_ttls_state(data, FAILURE);
972                 return;
973         }
974
975         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
976                             in_decrypted);
977
978         if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
979                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
980                 wpabuf_free(in_decrypted);
981                 eap_ttls_state(data, FAILURE);
982                 return;
983         }
984
985         if (parse.user_name) {
986                 os_free(sm->identity);
987                 sm->identity = os_malloc(parse.user_name_len);
988                 if (sm->identity) {
989                         os_memcpy(sm->identity, parse.user_name,
990                                   parse.user_name_len);
991                         sm->identity_len = parse.user_name_len;
992                 }
993                 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
994                     != 0) {
995                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
996                                    "found in the user database");
997                         eap_ttls_state(data, FAILURE);
998                         goto done;
999                 }
1000         }
1001
1002 #ifdef EAP_SERVER_TNC
1003         if (data->tnc_started && parse.eap == NULL) {
1004                 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1005                            "response from peer");
1006                 eap_ttls_state(data, FAILURE);
1007                 goto done;
1008         }
1009 #endif /* EAP_SERVER_TNC */
1010
1011         if (parse.eap) {
1012                 eap_ttls_process_phase2_eap(sm, data, parse.eap,
1013                                             parse.eap_len);
1014         } else if (parse.user_password) {
1015                 eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1016                                             parse.user_password_len);
1017         } else if (parse.chap_password) {
1018                 eap_ttls_process_phase2_chap(sm, data,
1019                                              parse.chap_challenge,
1020                                              parse.chap_challenge_len,
1021                                              parse.chap_password,
1022                                              parse.chap_password_len);
1023         } else if (parse.mschap_response) {
1024                 eap_ttls_process_phase2_mschap(sm, data,
1025                                                parse.mschap_challenge,
1026                                                parse.mschap_challenge_len,
1027                                                parse.mschap_response,
1028                                                parse.mschap_response_len);
1029         } else if (parse.mschap2_response) {
1030                 eap_ttls_process_phase2_mschapv2(sm, data,
1031                                                  parse.mschap_challenge,
1032                                                  parse.mschap_challenge_len,
1033                                                  parse.mschap2_response,
1034                                                  parse.mschap2_response_len);
1035         }
1036
1037 done:
1038         wpabuf_free(in_decrypted);
1039         os_free(parse.eap);
1040 }
1041
1042
1043 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1044 {
1045 #ifdef EAP_SERVER_TNC
1046         if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
1047                 return;
1048
1049         wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1050         if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
1051                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1052                 eap_ttls_state(data, FAILURE);
1053                 return;
1054         }
1055
1056         data->tnc_started = 1;
1057         eap_ttls_state(data, PHASE2_METHOD);
1058 #endif /* EAP_SERVER_TNC */
1059 }
1060
1061
1062 static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1063                                     int peer_version)
1064 {
1065         struct eap_ttls_data *data = priv;
1066         if (peer_version < data->ttls_version) {
1067                 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1068                            "use version %d",
1069                            peer_version, data->ttls_version, peer_version);
1070                 data->ttls_version = peer_version;
1071         }
1072
1073         return 0;
1074 }
1075
1076
1077 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1078                                  const struct wpabuf *respData)
1079 {
1080         struct eap_ttls_data *data = priv;
1081
1082         switch (data->state) {
1083         case PHASE1:
1084                 if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1085                         eap_ttls_state(data, FAILURE);
1086                 break;
1087         case PHASE2_START:
1088         case PHASE2_METHOD:
1089                 eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1090                 eap_ttls_start_tnc(sm, data);
1091                 break;
1092         case PHASE2_MSCHAPV2_RESP:
1093                 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1094                     0) {
1095                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1096                                    "acknowledged response");
1097                         eap_ttls_state(data, SUCCESS);
1098                 } else if (!data->mschapv2_resp_ok) {
1099                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1100                                    "acknowledged error");
1101                         eap_ttls_state(data, FAILURE);
1102                 } else {
1103                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1104                                    "frame from peer (payload len %lu, "
1105                                    "expected empty frame)",
1106                                    (unsigned long)
1107                                    wpabuf_len(data->ssl.tls_in));
1108                         eap_ttls_state(data, FAILURE);
1109                 }
1110                 eap_ttls_start_tnc(sm, data);
1111                 break;
1112         default:
1113                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1114                            data->state, __func__);
1115                 break;
1116         }
1117 }
1118
1119
1120 static void eap_ttls_process(struct eap_sm *sm, void *priv,
1121                              struct wpabuf *respData)
1122 {
1123         struct eap_ttls_data *data = priv;
1124         if (eap_server_tls_process(sm, &data->ssl, respData, data,
1125                                    EAP_TYPE_TTLS, eap_ttls_process_version,
1126                                    eap_ttls_process_msg) < 0)
1127                 eap_ttls_state(data, FAILURE);
1128 }
1129
1130
1131 static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
1132 {
1133         struct eap_ttls_data *data = priv;
1134         return data->state == SUCCESS || data->state == FAILURE;
1135 }
1136
1137
1138 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1139 {
1140         struct eap_ttls_data *data = priv;
1141         u8 *eapKeyData;
1142
1143         if (data->state != SUCCESS)
1144                 return NULL;
1145
1146         eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1147                                                "ttls keying material",
1148                                                EAP_TLS_KEY_LEN);
1149         if (eapKeyData) {
1150                 *len = EAP_TLS_KEY_LEN;
1151                 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1152                                 eapKeyData, EAP_TLS_KEY_LEN);
1153         } else {
1154                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1155         }
1156
1157         return eapKeyData;
1158 }
1159
1160
1161 static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1162 {
1163         struct eap_ttls_data *data = priv;
1164         return data->state == SUCCESS;
1165 }
1166
1167
1168 int eap_server_ttls_register(void)
1169 {
1170         struct eap_method *eap;
1171         int ret;
1172
1173         eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1174                                       EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1175         if (eap == NULL)
1176                 return -1;
1177
1178         eap->init = eap_ttls_init;
1179         eap->reset = eap_ttls_reset;
1180         eap->buildReq = eap_ttls_buildReq;
1181         eap->check = eap_ttls_check;
1182         eap->process = eap_ttls_process;
1183         eap->isDone = eap_ttls_isDone;
1184         eap->getKey = eap_ttls_getKey;
1185         eap->isSuccess = eap_ttls_isSuccess;
1186
1187         ret = eap_server_method_register(eap);
1188         if (ret)
1189                 eap_server_method_free(eap);
1190         return ret;
1191 }
Domain: Network & Connectivity / WiFi;