2 * EAP peer method: EAP-TTLS (RFC 5281)
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "radius/radius.h"
13 #include "crypto/ms_funcs.h"
14 #include "crypto/sha1.h"
15 #include "crypto/tls.h"
16 #include "eap_common/chap.h"
17 #include "eap_common/eap_ttls.h"
20 #include "eap_tls_common.h"
21 #include "eap_config.h"
24 #define EAP_TTLS_VERSION 0
27 static void eap_ttls_deinit(struct eap_sm *sm, void *priv);
30 struct eap_ttls_data {
31 struct eap_ssl_data ssl;
35 const struct eap_method *phase2_method;
42 EAP_TTLS_PHASE2_MSCHAPV2,
43 EAP_TTLS_PHASE2_MSCHAP,
47 struct eap_method_type phase2_eap_type;
48 struct eap_method_type *phase2_eap_types;
49 size_t num_phase2_eap_types;
51 u8 auth_response[MSCHAPV2_AUTH_RESPONSE_LEN];
52 int auth_response_valid;
53 u8 master_key[MSCHAPV2_MASTER_KEY_LEN]; /* MSCHAPv2 master key */
55 int resuming; /* starting a resumed session */
56 int reauth; /* reauthentication */
61 struct wpabuf *pending_phase2_req;
62 int chbind_req_sent; /* channel binding request was sent */
63 int done_butfor_cb; /*we turned METHOD_DONE into METHOD_MAY_CONT to receive cb*/
64 EapDecision cbDecision;
72 /* draft-ietf-emu-chbind-13 section 5.3 */
89 static void * eap_ttls_init(struct eap_sm *sm)
91 struct eap_ttls_data *data;
92 struct eap_peer_config *config = eap_get_config(sm);
95 data = os_zalloc(sizeof(*data));
98 data->ttls_version = EAP_TTLS_VERSION;
100 data->phase2_type = EAP_TTLS_PHASE2_EAP;
102 if (config && config->phase2) {
103 if (os_strstr(config->phase2, "autheap=")) {
105 data->phase2_type = EAP_TTLS_PHASE2_EAP;
106 } else if (os_strstr(config->phase2, "auth=MSCHAPV2")) {
107 selected = "MSCHAPV2";
108 data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
109 } else if (os_strstr(config->phase2, "auth=MSCHAP")) {
111 data->phase2_type = EAP_TTLS_PHASE2_MSCHAP;
112 } else if (os_strstr(config->phase2, "auth=PAP")) {
114 data->phase2_type = EAP_TTLS_PHASE2_PAP;
115 } else if (os_strstr(config->phase2, "auth=CHAP")) {
117 data->phase2_type = EAP_TTLS_PHASE2_CHAP;
120 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 type: %s", selected);
122 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) {
123 if (eap_peer_select_phase2_methods(config, "autheap=",
124 &data->phase2_eap_types,
125 &data->num_phase2_eap_types)
127 eap_ttls_deinit(sm, data);
131 data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
132 data->phase2_eap_type.method = EAP_TYPE_NONE;
135 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TTLS)) {
136 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
137 eap_ttls_deinit(sm, data);
145 static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
146 struct eap_ttls_data *data)
148 if (data->phase2_priv && data->phase2_method) {
149 data->phase2_method->deinit(sm, data->phase2_priv);
150 data->phase2_method = NULL;
151 data->phase2_priv = NULL;
156 static void eap_ttls_free_key(struct eap_ttls_data *data)
158 if (data->key_data) {
159 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
160 data->key_data = NULL;
165 static void eap_ttls_deinit(struct eap_sm *sm, void *priv)
167 struct eap_ttls_data *data = priv;
170 eap_ttls_phase2_eap_deinit(sm, data);
171 os_free(data->phase2_eap_types);
172 eap_peer_tls_ssl_deinit(sm, &data->ssl);
173 eap_ttls_free_key(data);
174 os_free(data->session_id);
175 wpabuf_free(data->pending_phase2_req);
180 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
181 int mandatory, size_t len)
183 struct ttls_avp_vendor *avp;
187 avp = (struct ttls_avp_vendor *) avphdr;
188 flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
190 flags |= AVP_FLAGS_VENDOR;
191 hdrlen = sizeof(*avp);
192 avp->vendor_id = host_to_be32(vendor_id);
194 hdrlen = sizeof(struct ttls_avp);
197 avp->avp_code = host_to_be32(avp_code);
198 avp->avp_length = host_to_be32(((u32) flags << 24) |
199 (u32) (hdrlen + len));
201 return avphdr + hdrlen;
205 static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code,
206 u32 vendor_id, int mandatory,
207 const u8 *data, size_t len)
210 pos = eap_ttls_avp_hdr(avphdr, avp_code, vendor_id, mandatory, len);
211 os_memcpy(pos, data, len);
218 static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code,
224 msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4);
231 avp = wpabuf_mhead(msg);
232 pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp));
233 os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp));
234 pos += wpabuf_len(*resp);
237 wpabuf_put(msg, pos - avp);
242 /* chop up resp into multiple vsa's as necessary*/
243 static int eap_ttls_avp_radius_vsa_encapsulate(struct wpabuf **resp, u32 vendor,
244 u8 attr, int mandatory)
247 u8 *avp, *pos, *src, *final;
248 size_t size = wpabuf_len(*resp);
249 size_t num_msgs = 1 + (size / 248);
250 size_t msg_wrapper_size = sizeof(struct ttls_avp_vendor) + 6;
251 size_t allocated_total = num_msgs * (4 + msg_wrapper_size) + size;
253 msg = wpabuf_alloc(allocated_total);
259 src = wpabuf_mhead(*resp);
260 avp = wpabuf_mhead(msg);
262 int avp_size = size > 248 ? 248 : size;
264 pos = eap_ttls_avp_hdr(avp, RADIUS_ATTR_VENDOR_SPECIFIC, 0, mandatory,
266 wpabuf_put(msg, pos-avp);
267 wpabuf_put_be32(msg, vendor);
268 wpabuf_put_u8(msg, (u8) attr);
269 wpabuf_put_u8(msg, (u8) avp_size+2);
270 wpabuf_put_data(msg, src, avp_size);
272 pos = wpabuf_mhead_u8(msg) + wpabuf_len(msg);
273 final = pos; /*keep pos so we know how much padding is added*/
274 AVP_PAD(avp, final); /*final modified*/
276 wpabuf_put(msg, final-pos);
279 /* check avp-wpabuf_mhead(msg) < allocated_total */
285 static int eap_ttls_v0_derive_key(struct eap_sm *sm,
286 struct eap_ttls_data *data)
288 eap_ttls_free_key(data);
289 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl,
290 "ttls keying material",
293 if (!data->key_data) {
294 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to derive key");
298 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
299 data->key_data, EAP_TLS_KEY_LEN);
300 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived EMSK",
301 data->key_data + EAP_TLS_KEY_LEN,
304 os_free(data->session_id);
305 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
308 if (data->session_id) {
309 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived Session-Id",
310 data->session_id, data->id_len);
312 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive Session-Id");
320 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
321 struct eap_ttls_data *data, size_t len)
323 return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len);
325 #endif /* CONFIG_FIPS */
328 static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data,
332 for (i = 0; i < data->num_phase2_eap_types; i++) {
333 if (data->phase2_eap_types[i].vendor != EAP_VENDOR_IETF ||
334 data->phase2_eap_types[i].method != method)
337 data->phase2_eap_type.vendor =
338 data->phase2_eap_types[i].vendor;
339 data->phase2_eap_type.method =
340 data->phase2_eap_types[i].method;
341 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
342 "Phase 2 EAP vendor %d method %d",
343 data->phase2_eap_type.vendor,
344 data->phase2_eap_type.method);
350 static int eap_ttls_phase2_eap_process(struct eap_sm *sm,
351 struct eap_ttls_data *data,
352 struct eap_method_ret *ret,
353 struct eap_hdr *hdr, size_t len,
354 struct wpabuf **resp)
357 struct eap_method_ret iret;
359 os_memset(&iret, 0, sizeof(iret));
360 wpabuf_set(&msg, hdr, len);
361 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret,
363 if ((iret.methodState == METHOD_DONE ||
364 iret.methodState == METHOD_MAY_CONT) &&
365 (iret.decision == DECISION_UNCOND_SUCC ||
366 iret.decision == DECISION_COND_SUCC ||
367 iret.decision == DECISION_FAIL)) {
368 ret->methodState = iret.methodState;
369 ret->decision = iret.decision;
376 static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm,
377 struct eap_ttls_data *data,
378 struct eap_method_ret *ret,
379 struct eap_hdr *hdr, size_t len,
380 u8 method, struct wpabuf **resp)
383 if (data->tnc_started && data->phase2_method &&
384 data->phase2_priv && method == EAP_TYPE_TNC &&
385 data->phase2_eap_type.method == EAP_TYPE_TNC)
386 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len,
389 if (data->ready_for_tnc && !data->tnc_started &&
390 method == EAP_TYPE_TNC) {
391 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
393 data->tnc_started = 1;
396 if (data->tnc_started) {
397 if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF ||
398 data->phase2_eap_type.method == EAP_TYPE_TNC) {
399 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected EAP "
400 "type %d for TNC", method);
404 data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
405 data->phase2_eap_type.method = method;
406 wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
407 "Phase 2 EAP vendor %d method %d (TNC)",
408 data->phase2_eap_type.vendor,
409 data->phase2_eap_type.method);
411 if (data->phase2_type == EAP_TTLS_PHASE2_EAP)
412 eap_ttls_phase2_eap_deinit(sm, data);
416 if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF &&
417 data->phase2_eap_type.method == EAP_TYPE_NONE)
418 eap_ttls_phase2_select_eap_method(data, method);
420 if (method != data->phase2_eap_type.method || method == EAP_TYPE_NONE)
422 if (eap_peer_tls_phase2_nak(data->phase2_eap_types,
423 data->num_phase2_eap_types,
429 if (data->phase2_priv == NULL) {
430 data->phase2_method = eap_peer_get_eap_method(
431 EAP_VENDOR_IETF, method);
432 if (data->phase2_method) {
434 data->phase2_priv = data->phase2_method->init(sm);
438 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
439 wpa_printf(MSG_INFO, "EAP-TTLS: failed to initialize "
440 "Phase 2 EAP method %d", method);
444 return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp);
448 static int eap_ttls_phase2_request_eap(struct eap_sm *sm,
449 struct eap_ttls_data *data,
450 struct eap_method_ret *ret,
452 struct wpabuf **resp)
454 size_t len = be_to_host16(hdr->length);
456 struct eap_peer_config *config = eap_get_config(sm);
458 if (len <= sizeof(struct eap_hdr)) {
459 wpa_printf(MSG_INFO, "EAP-TTLS: too short "
460 "Phase 2 request (len=%lu)", (unsigned long) len);
463 pos = (u8 *) (hdr + 1);
464 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d", *pos);
466 case EAP_TYPE_IDENTITY:
467 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
470 if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len,
477 (config->pending_req_identity || config->pending_req_password ||
478 config->pending_req_otp)) {
485 wpa_hexdump_buf(MSG_DEBUG, "EAP-TTLS: AVP encapsulate EAP Response",
487 return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1);
491 static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
492 struct eap_ttls_data *data,
493 struct eap_method_ret *ret,
494 struct wpabuf **resp)
497 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPV2 not supported in FIPS build");
499 #else /* CONFIG_FIPS */
502 u8 *buf, *pos, *challenge, *peer_challenge;
503 const u8 *identity, *password;
504 size_t identity_len, password_len;
507 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request");
509 identity = eap_get_config_identity(sm, &identity_len);
510 password = eap_get_config_password2(sm, &password_len, &pwhash);
511 if (identity == NULL || password == NULL)
514 msg = wpabuf_alloc(identity_len + 1000);
516 wpa_printf(MSG_ERROR,
517 "EAP-TTLS/MSCHAPV2: Failed to allocate memory");
520 pos = buf = wpabuf_mhead(msg);
523 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
524 identity, identity_len);
526 /* MS-CHAP-Challenge */
527 challenge = eap_ttls_implicit_challenge(
528 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
529 if (challenge == NULL) {
531 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
532 "implicit challenge");
536 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
537 RADIUS_VENDOR_ID_MICROSOFT, 1,
538 challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
540 /* MS-CHAP2-Response */
541 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_RESPONSE,
542 RADIUS_VENDOR_ID_MICROSOFT, 1,
543 EAP_TTLS_MSCHAPV2_RESPONSE_LEN);
544 data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN];
545 *pos++ = data->ident;
546 *pos++ = 0; /* Flags */
547 if (os_get_random(pos, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) < 0) {
550 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get "
551 "random data for peer challenge");
554 peer_challenge = pos;
555 pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
556 os_memset(pos, 0, 8); /* Reserved, must be zero */
558 if (mschapv2_derive_response(identity, identity_len, password,
559 password_len, pwhash, challenge,
560 peer_challenge, pos, data->auth_response,
564 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
568 data->auth_response_valid = 1;
574 wpabuf_put(msg, pos - buf);
578 #else /* EAP_MSCHAPv2 */
579 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
581 #endif /* EAP_MSCHAPv2 */
582 #endif /* CONFIG_FIPS */
586 static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
587 struct eap_ttls_data *data,
588 struct eap_method_ret *ret,
589 struct wpabuf **resp)
592 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAP not supported in FIPS build");
594 #else /* CONFIG_FIPS */
596 u8 *buf, *pos, *challenge;
597 const u8 *identity, *password;
598 size_t identity_len, password_len;
601 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request");
603 identity = eap_get_config_identity(sm, &identity_len);
604 password = eap_get_config_password2(sm, &password_len, &pwhash);
605 if (identity == NULL || password == NULL)
608 msg = wpabuf_alloc(identity_len + 1000);
610 wpa_printf(MSG_ERROR,
611 "EAP-TTLS/MSCHAP: Failed to allocate memory");
614 pos = buf = wpabuf_mhead(msg);
617 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
618 identity, identity_len);
620 /* MS-CHAP-Challenge */
621 challenge = eap_ttls_implicit_challenge(
622 sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
623 if (challenge == NULL) {
625 wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
626 "implicit challenge");
630 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
631 RADIUS_VENDOR_ID_MICROSOFT, 1,
632 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
634 /* MS-CHAP-Response */
635 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE,
636 RADIUS_VENDOR_ID_MICROSOFT, 1,
637 EAP_TTLS_MSCHAP_RESPONSE_LEN);
638 data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN];
639 *pos++ = data->ident;
640 *pos++ = 1; /* Flags: Use NT style passwords */
641 os_memset(pos, 0, 24); /* LM-Response */
644 challenge_response(challenge, password, pos); /* NT-Response */
645 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password hash",
648 nt_challenge_response(challenge, password, password_len,
649 pos); /* NT-Response */
650 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: MSCHAP password",
651 password, password_len);
653 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP implicit challenge",
654 challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
655 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: MSCHAP response", pos, 24);
660 wpabuf_put(msg, pos - buf);
663 /* EAP-TTLS/MSCHAP does not provide tunneled success
664 * notification, so assume that Phase2 succeeds. */
665 ret->methodState = METHOD_DONE;
666 ret->decision = DECISION_COND_SUCC;
669 #endif /* CONFIG_FIPS */
673 static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
674 struct eap_ttls_data *data,
675 struct eap_method_ret *ret,
676 struct wpabuf **resp)
681 const u8 *identity, *password;
682 size_t identity_len, password_len;
684 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request");
686 identity = eap_get_config_identity(sm, &identity_len);
687 password = eap_get_config_password(sm, &password_len);
688 if (identity == NULL || password == NULL)
691 msg = wpabuf_alloc(identity_len + password_len + 100);
693 wpa_printf(MSG_ERROR,
694 "EAP-TTLS/PAP: Failed to allocate memory");
697 pos = buf = wpabuf_mhead(msg);
700 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
701 identity, identity_len);
703 /* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
704 * the data, so no separate encryption is used in the AVP itself.
705 * However, the password is padded to obfuscate its length. */
706 pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
707 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
709 os_memcpy(pos, password, password_len);
711 os_memset(pos, 0, pad);
715 wpabuf_put(msg, pos - buf);
718 /* EAP-TTLS/PAP does not provide tunneled success notification,
719 * so assume that Phase2 succeeds. */
720 ret->methodState = METHOD_DONE;
721 ret->decision = DECISION_COND_SUCC;
727 static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
728 struct eap_ttls_data *data,
729 struct eap_method_ret *ret,
730 struct wpabuf **resp)
733 wpa_printf(MSG_ERROR, "EAP-TTLS: CHAP not supported in FIPS build");
735 #else /* CONFIG_FIPS */
737 u8 *buf, *pos, *challenge;
738 const u8 *identity, *password;
739 size_t identity_len, password_len;
741 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request");
743 identity = eap_get_config_identity(sm, &identity_len);
744 password = eap_get_config_password(sm, &password_len);
745 if (identity == NULL || password == NULL)
748 msg = wpabuf_alloc(identity_len + 1000);
750 wpa_printf(MSG_ERROR,
751 "EAP-TTLS/CHAP: Failed to allocate memory");
754 pos = buf = wpabuf_mhead(msg);
757 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
758 identity, identity_len);
761 challenge = eap_ttls_implicit_challenge(
762 sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
763 if (challenge == NULL) {
765 wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
766 "implicit challenge");
770 pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1,
771 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
774 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1,
775 1 + EAP_TTLS_CHAP_PASSWORD_LEN);
776 data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN];
777 *pos++ = data->ident;
779 /* MD5(Ident + Password + Challenge) */
780 chap_md5(data->ident, password, password_len, challenge,
781 EAP_TTLS_CHAP_CHALLENGE_LEN, pos);
783 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: CHAP username",
784 identity, identity_len);
785 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: CHAP password",
786 password, password_len);
787 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP implicit challenge",
788 challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
789 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: CHAP password",
790 pos, EAP_TTLS_CHAP_PASSWORD_LEN);
791 pos += EAP_TTLS_CHAP_PASSWORD_LEN;
795 wpabuf_put(msg, pos - buf);
798 /* EAP-TTLS/CHAP does not provide tunneled success
799 * notification, so assume that Phase2 succeeds. */
800 ret->methodState = METHOD_DONE;
801 ret->decision = DECISION_COND_SUCC;
804 #endif /* CONFIG_FIPS */
808 static int eap_ttls_phase2_request(struct eap_sm *sm,
809 struct eap_ttls_data *data,
810 struct eap_method_ret *ret,
812 struct wpabuf **resp)
816 enum phase2_types phase2_type = data->phase2_type;
819 if (data->tnc_started) {
820 wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC");
821 phase2_type = EAP_TTLS_PHASE2_EAP;
825 if (phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 ||
826 phase2_type == EAP_TTLS_PHASE2_MSCHAP ||
827 phase2_type == EAP_TTLS_PHASE2_PAP ||
828 phase2_type == EAP_TTLS_PHASE2_CHAP) {
829 if (eap_get_config_identity(sm, &len) == NULL) {
831 "EAP-TTLS: Identity not configured");
832 eap_sm_request_identity(sm);
833 if (eap_get_config_password(sm, &len) == NULL)
834 eap_sm_request_password(sm);
838 if (eap_get_config_password(sm, &len) == NULL) {
840 "EAP-TTLS: Password not configured");
841 eap_sm_request_password(sm);
846 switch (phase2_type) {
847 case EAP_TTLS_PHASE2_EAP:
848 res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp);
850 case EAP_TTLS_PHASE2_MSCHAPV2:
851 res = eap_ttls_phase2_request_mschapv2(sm, data, ret, resp);
853 case EAP_TTLS_PHASE2_MSCHAP:
854 res = eap_ttls_phase2_request_mschap(sm, data, ret, resp);
856 case EAP_TTLS_PHASE2_PAP:
857 res = eap_ttls_phase2_request_pap(sm, data, ret, resp);
859 case EAP_TTLS_PHASE2_CHAP:
860 res = eap_ttls_phase2_request_chap(sm, data, ret, resp);
863 wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown");
869 ret->methodState = METHOD_DONE;
870 ret->decision = DECISION_FAIL;
877 struct ttls_parse_avp {
887 static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen,
888 struct ttls_parse_avp *parse)
890 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
891 if (parse->eapdata == NULL) {
892 parse->eapdata = os_malloc(dlen);
893 if (parse->eapdata == NULL) {
894 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
895 "memory for Phase 2 EAP data");
898 os_memcpy(parse->eapdata, dpos, dlen);
899 parse->eap_len = dlen;
901 u8 *neweap = os_realloc(parse->eapdata, parse->eap_len + dlen);
902 if (neweap == NULL) {
903 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
904 "memory for Phase 2 EAP data");
907 os_memcpy(neweap + parse->eap_len, dpos, dlen);
908 parse->eapdata = neweap;
909 parse->eap_len += dlen;
916 static int eap_ttls_parse_attr_chbind(const u8 *dpos, size_t dlen,
917 struct ttls_parse_avp *parse)
919 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - Channel Binding Message");
921 if (parse->chbind_data == NULL) {
922 parse->chbind_data = os_malloc(dlen);
923 if (parse->chbind_data == NULL) {
924 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
925 "memory for Phase 2 channel binding data");
928 os_memcpy(parse->chbind_data, dpos, dlen);
929 parse->chbind_len = dlen;
931 /* TODO: can this really happen? maybe just make this an error? */
932 u8 *newchbind = os_realloc(parse->chbind_data,
933 parse->chbind_len + dlen);
934 if (newchbind == NULL) {
935 wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to allocate "
936 "memory for Phase 2 channel binding data");
939 os_memcpy(newchbind + parse->chbind_len, dpos, dlen);
940 parse->chbind_data = newchbind;
941 parse->chbind_len += dlen;
948 static int eap_ttls_parse_avp(u8 *pos, size_t left,
949 struct ttls_parse_avp *parse)
951 struct ttls_avp *avp;
952 u32 avp_code, avp_length, vendor_id = 0;
956 avp = (struct ttls_avp *) pos;
957 avp_code = be_to_host32(avp->avp_code);
958 avp_length = be_to_host32(avp->avp_length);
959 avp_flags = (avp_length >> 24) & 0xff;
960 avp_length &= 0xffffff;
961 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
962 "length=%d", (int) avp_code, avp_flags,
965 if (avp_length > left) {
966 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
967 "(len=%d, left=%lu) - dropped",
968 (int) avp_length, (unsigned long) left);
972 if (avp_length < sizeof(*avp)) {
973 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length %d",
978 dpos = (u8 *) (avp + 1);
979 dlen = avp_length - sizeof(*avp);
980 if (avp_flags & AVP_FLAGS_VENDOR) {
982 wpa_printf(MSG_WARNING, "EAP-TTLS: Vendor AVP "
986 vendor_id = WPA_GET_BE32(dpos);
987 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
993 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
995 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
996 if (eap_ttls_parse_attr_eap(dpos, dlen, parse) < 0)
998 } else if (vendor_id == RADIUS_VENDOR_ID_UKERNA &&
999 avp_code == RADIUS_ATTR_UKERNA_CHBIND) {
1000 /* message containing channel binding data */
1001 if (eap_ttls_parse_attr_chbind(dpos, dlen, parse) < 0)
1003 } else if (vendor_id == 0 && avp_code == RADIUS_ATTR_REPLY_MESSAGE) {
1004 /* This is an optional message that can be displayed to
1006 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: AVP - Reply-Message",
1008 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
1009 avp_code == RADIUS_ATTR_MS_CHAP2_SUCCESS) {
1010 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP2-Success",
1013 wpa_printf(MSG_WARNING, "EAP-TTLS: Unexpected "
1014 "MS-CHAP2-Success length "
1015 "(len=%lu, expected 43)",
1016 (unsigned long) dlen);
1019 parse->mschapv2 = dpos;
1020 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
1021 avp_code == RADIUS_ATTR_MS_CHAP_ERROR) {
1022 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: MS-CHAP-Error",
1024 parse->mschapv2_error = 1;
1025 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
1026 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported mandatory AVP "
1027 "code %d vendor_id %d - dropped",
1028 (int) avp_code, (int) vendor_id);
1031 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported AVP "
1032 "code %d vendor_id %d",
1033 (int) avp_code, (int) vendor_id);
1040 static int eap_ttls_parse_avps(struct wpabuf *in_decrypted,
1041 struct ttls_parse_avp *parse)
1047 pos = wpabuf_mhead(in_decrypted);
1048 left = wpabuf_len(in_decrypted);
1049 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left);
1050 if (left < sizeof(struct ttls_avp)) {
1051 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 AVP frame"
1052 " len=%lu expected %lu or more - dropped",
1053 (unsigned long) left,
1054 (unsigned long) sizeof(struct ttls_avp));
1059 os_memset(parse, 0, sizeof(*parse));
1062 avp_length = eap_ttls_parse_avp(pos, left, parse);
1066 pad = (4 - (avp_length & 3)) & 3;
1067 pos += avp_length + pad;
1068 if (left < avp_length + pad)
1071 left -= avp_length + pad;
1078 static u8 * eap_ttls_fake_identity_request(void)
1080 struct eap_hdr *hdr;
1083 wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
1084 "Phase 2 - use fake EAP-Request Identity");
1085 buf = os_malloc(sizeof(*hdr) + 1);
1087 wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate "
1088 "memory for fake EAP-Identity Request");
1092 hdr = (struct eap_hdr *) buf;
1093 hdr->code = EAP_CODE_REQUEST;
1094 hdr->identifier = 0;
1095 hdr->length = host_to_be16(sizeof(*hdr) + 1);
1096 buf[sizeof(*hdr)] = EAP_TYPE_IDENTITY;
1102 static int eap_ttls_encrypt_response(struct eap_sm *sm,
1103 struct eap_ttls_data *data,
1104 struct wpabuf *resp, u8 identifier,
1105 struct wpabuf **out_data)
1110 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data",
1112 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
1113 data->ttls_version, identifier,
1115 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 "
1125 static int eap_ttls_add_chbind_request(struct eap_sm *sm,
1126 struct eap_ttls_data *data,
1127 struct wpabuf **resp)
1129 struct wpabuf *chbind_req, *res;
1131 struct eap_peer_config *config = eap_get_config(sm);
1133 if (!config->chbind_config || config->chbind_config_len <= 0)
1136 for (i=0; i<config->chbind_config_len; i++) {
1137 length += 3 + config->chbind_config[i].req_data_len;
1140 chbind_req = wpabuf_alloc(length);
1144 wpabuf_put_u8(chbind_req, CHBIND_CODE_REQUEST);
1145 for (i=0; i<config->chbind_config_len; i++) {
1146 struct eap_peer_chbind_config *chbind_config =
1147 &config->chbind_config[i];
1148 wpabuf_put_be16(chbind_req, chbind_config->req_data_len);
1149 wpabuf_put_u8(chbind_req, chbind_config->nsid);
1150 wpabuf_put_data(chbind_req, chbind_config->req_data,
1151 chbind_config->req_data_len);
1153 if (eap_ttls_avp_radius_vsa_encapsulate(&chbind_req,
1154 RADIUS_VENDOR_ID_UKERNA,
1155 RADIUS_ATTR_UKERNA_CHBIND, 0) < 0)
1158 /* bleh. This will free *resp regardless of whether combined buffer
1159 alloc succeeds, which is not consistent with the other error
1160 condition behavior in this function */
1161 *resp = wpabuf_concat(chbind_req, *resp);
1163 return (*resp) ? 0 : -1;
1167 static int eap_ttls_process_chbind(struct eap_sm *sm,
1168 struct eap_ttls_data *data,
1169 struct eap_method_ret *ret,
1170 struct ttls_parse_avp *parse,
1171 struct wpabuf **resp)
1176 struct chbind_hdr *hdr;
1177 struct eap_peer_config *config = eap_get_config(sm);
1181 if (parse->chbind_data == NULL) {
1182 wpa_printf(MSG_WARNING, "EAP-TTLS: No channel binding message "
1183 "in the packet - dropped");
1186 if (parse->chbind_len < 1 ) {
1187 wpa_printf(MSG_WARNING, "EAP-TTLS: bad channel binding response "
1188 "frame (len=%lu, expected %lu or more) - dropped",
1189 (unsigned long) parse->chbind_len,
1193 code = parse->chbind_data[pos++];
1194 for (i=0; i<config->chbind_config_len; i++) {
1195 struct eap_peer_chbind_config *chbind_config =
1196 &config->chbind_config[i];
1199 while (pos+sizeof(*hdr) < parse->chbind_len) {
1200 hdr = (struct chbind_hdr *)(&parse->chbind_data[pos]);
1201 pos += sizeof(*hdr);
1202 len = be_to_host16(hdr->len);
1203 if (pos + len <= parse->chbind_len) {
1204 if (chbind_config->nsid == hdr->nsid)
1205 chbind_config->response_cb(
1208 &parse->chbind_data[pos], len);
1213 if (pos != parse->chbind_len) {
1214 wpa_printf(MSG_WARNING, "EAP-TTLS: bad channel binding response "
1215 "frame (parsed len=%lu, expected %lu) - dropped",
1216 (unsigned long) pos,
1217 (unsigned long) parse->chbind_len);
1221 chbind_config->response_cb(
1223 code, chbind_config->nsid,
1231 static int eap_ttls_process_phase2_eap(struct eap_sm *sm,
1232 struct eap_ttls_data *data,
1233 struct eap_method_ret *ret,
1234 struct ttls_parse_avp *parse,
1235 struct wpabuf **resp)
1237 struct eap_hdr *hdr;
1240 if (parse->eapdata == NULL) {
1241 wpa_printf(MSG_WARNING, "EAP-TTLS: No EAP Message in the "
1242 "packet - dropped");
1246 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP",
1247 parse->eapdata, parse->eap_len);
1248 hdr = (struct eap_hdr *) parse->eapdata;
1250 if (parse->eap_len < sizeof(*hdr)) {
1251 wpa_printf(MSG_WARNING, "EAP-TTLS: Too short Phase 2 EAP "
1252 "frame (len=%lu, expected %lu or more) - dropped",
1253 (unsigned long) parse->eap_len,
1254 (unsigned long) sizeof(*hdr));
1257 len = be_to_host16(hdr->length);
1258 if (len > parse->eap_len) {
1259 wpa_printf(MSG_INFO, "EAP-TTLS: Length mismatch in Phase 2 "
1260 "EAP frame (EAP hdr len=%lu, EAP data len in "
1262 (unsigned long) len,
1263 (unsigned long) parse->eap_len);
1266 wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d "
1267 "identifier=%d length=%lu",
1268 hdr->code, hdr->identifier, (unsigned long) len);
1269 switch (hdr->code) {
1270 case EAP_CODE_REQUEST:
1271 if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) {
1272 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request "
1273 "processing failed");
1278 wpa_printf(MSG_INFO, "EAP-TTLS: Unexpected code=%d in "
1279 "Phase 2 EAP header", hdr->code);
1287 static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
1288 struct eap_ttls_data *data,
1289 struct eap_method_ret *ret,
1290 struct ttls_parse_avp *parse)
1293 if (parse->mschapv2_error) {
1294 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Received "
1295 "MS-CHAP-Error - failed");
1296 ret->methodState = METHOD_DONE;
1297 ret->decision = DECISION_FAIL;
1298 /* Reply with empty data to ACK error */
1302 if (parse->mschapv2 == NULL) {
1304 if (data->phase2_success && parse->eapdata) {
1306 * Allow EAP-TNC to be started after successfully
1307 * completed MSCHAPV2.
1311 #endif /* EAP_TNC */
1312 wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP "
1313 "received for Phase2 MSCHAPV2");
1316 if (parse->mschapv2[0] != data->ident) {
1317 wpa_printf(MSG_WARNING, "EAP-TTLS: Ident mismatch for Phase 2 "
1318 "MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)",
1319 parse->mschapv2[0], data->ident);
1322 if (!data->auth_response_valid ||
1323 mschapv2_verify_auth_response(data->auth_response,
1324 parse->mschapv2 + 1, 42)) {
1325 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid authenticator "
1326 "response in Phase 2 MSCHAPV2 success request");
1330 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 MSCHAPV2 "
1331 "authentication succeeded");
1332 ret->methodState = METHOD_DONE;
1333 ret->decision = DECISION_UNCOND_SUCC;
1334 data->phase2_success = 1;
1337 * Reply with empty data; authentication server will reply
1338 * with EAP-Success after this.
1341 #else /* EAP_MSCHAPv2 */
1342 wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
1344 #endif /* EAP_MSCHAPv2 */
1349 static int eap_ttls_process_tnc_start(struct eap_sm *sm,
1350 struct eap_ttls_data *data,
1351 struct eap_method_ret *ret,
1352 struct ttls_parse_avp *parse,
1353 struct wpabuf **resp)
1355 /* TNC uses inner EAP method after non-EAP TTLS phase 2. */
1356 if (parse->eapdata == NULL) {
1357 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received "
1358 "unexpected tunneled data (no EAP)");
1362 if (!data->ready_for_tnc) {
1363 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received "
1364 "EAP after non-EAP, but not ready for TNC");
1368 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
1370 data->tnc_started = 1;
1372 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0)
1377 #endif /* EAP_TNC */
1380 static int eap_ttls_process_decrypted(struct eap_sm *sm,
1381 struct eap_ttls_data *data,
1382 struct eap_method_ret *ret,
1384 struct ttls_parse_avp *parse,
1385 struct wpabuf *in_decrypted,
1386 struct wpabuf **out_data)
1388 struct wpabuf *resp = NULL;
1389 struct eap_peer_config *config = eap_get_config(sm);
1391 enum phase2_types phase2_type = data->phase2_type;
1394 if (data->tnc_started)
1395 phase2_type = EAP_TTLS_PHASE2_EAP;
1396 #endif /* EAP_TNC */
1398 /* handle channel binding response here */
1399 if (parse->chbind_data) {
1400 /* received channel binding repsonse */
1401 if (eap_ttls_process_chbind(sm, data, ret, parse, &resp) < 0)
1403 if (data->done_butfor_cb) {
1404 ret->methodState = METHOD_DONE;
1405 ret->decision = data->cbDecision;
1406 data->phase2_success = 1;
1407 return 1; /*request ack*/
1411 switch (phase2_type) {
1412 case EAP_TTLS_PHASE2_EAP:
1413 if (eap_ttls_process_phase2_eap(sm, data, ret, parse, &resp) <
1417 case EAP_TTLS_PHASE2_MSCHAPV2:
1418 res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse);
1420 if (res == 1 && parse->eapdata && data->phase2_success) {
1422 * TNC may be required as the next
1423 * authentication method within the tunnel.
1425 ret->methodState = METHOD_MAY_CONT;
1426 data->ready_for_tnc = 1;
1427 if (eap_ttls_process_tnc_start(sm, data, ret, parse,
1431 #endif /* EAP_TNC */
1433 case EAP_TTLS_PHASE2_MSCHAP:
1434 case EAP_TTLS_PHASE2_PAP:
1435 case EAP_TTLS_PHASE2_CHAP:
1437 if (eap_ttls_process_tnc_start(sm, data, ret, parse, &resp) <
1442 /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled
1443 * requests to the supplicant */
1444 wpa_printf(MSG_INFO, "EAP-TTLS: Phase 2 received unexpected "
1447 #endif /* EAP_TNC */
1450 if (!resp && (config->pending_req_identity ||
1451 config->pending_req_password ||
1452 config->pending_req_otp ||
1453 config->pending_req_new_password)) {
1454 wpabuf_free(data->pending_phase2_req);
1455 data->pending_phase2_req = wpabuf_dup(in_decrypted);
1459 /* issue channel binding request when appropriate */
1460 if (config->chbind_config && config->chbind_config_len > 0 &&
1461 !data->chbind_req_sent) {
1462 if (eap_ttls_add_chbind_request(sm, data, &resp) < 0)
1464 data->chbind_req_sent = 1;
1465 if (ret->methodState == METHOD_DONE) {
1466 data->done_butfor_cb = 1;
1467 data->cbDecision = ret->decision;
1468 ret->methodState = METHOD_MAY_CONT;
1473 if (eap_ttls_encrypt_response(sm, data, resp, identifier,
1482 static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
1483 struct eap_ttls_data *data,
1484 struct eap_method_ret *ret,
1486 struct wpabuf **out_data)
1489 struct eap_hdr *hdr;
1490 struct wpabuf *resp;
1492 hdr = (struct eap_hdr *) eap_ttls_fake_identity_request();
1494 ret->methodState = METHOD_DONE;
1495 ret->decision = DECISION_FAIL;
1500 if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) {
1501 wpa_printf(MSG_INFO, "EAP-TTLS: Phase2 Request "
1502 "processing failed");
1505 struct eap_peer_config *config = eap_get_config(sm);
1507 (config->pending_req_identity ||
1508 config->pending_req_password ||
1509 config->pending_req_otp ||
1510 config->pending_req_new_password)) {
1512 * Use empty buffer to force implicit request
1513 * processing when EAP request is re-processed after
1516 wpabuf_free(data->pending_phase2_req);
1517 data->pending_phase2_req = wpabuf_alloc(0);
1520 retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
1527 ret->methodState = METHOD_DONE;
1528 ret->decision = DECISION_FAIL;
1535 static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data,
1536 struct eap_method_ret *ret, u8 identifier,
1537 struct wpabuf **out_data)
1539 data->phase2_start = 0;
1542 * EAP-TTLS does not use Phase2 on fast re-auth; this must be done only
1543 * if TLS part was indeed resuming a previous session. Most
1544 * Authentication Servers terminate EAP-TTLS before reaching this
1545 * point, but some do not. Make wpa_supplicant stop phase 2 here, if
1549 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
1550 wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - "
1552 *out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS,
1553 data->ttls_version);
1554 ret->methodState = METHOD_DONE;
1555 ret->decision = DECISION_UNCOND_SUCC;
1556 data->phase2_success = 1;
1560 return eap_ttls_implicit_identity_request(sm, data, ret, identifier,
1565 static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
1566 struct eap_method_ret *ret, u8 identifier,
1567 const struct wpabuf *in_data,
1568 struct wpabuf **out_data)
1570 struct wpabuf *in_decrypted = NULL;
1572 struct ttls_parse_avp parse;
1574 os_memset(&parse, 0, sizeof(parse));
1576 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
1578 in_data ? (unsigned long) wpabuf_len(in_data) : 0);
1580 if (data->pending_phase2_req) {
1581 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
1582 "skip decryption and use old data");
1583 /* Clear TLS reassembly state. */
1584 eap_peer_tls_reset_input(&data->ssl);
1586 in_decrypted = data->pending_phase2_req;
1587 data->pending_phase2_req = NULL;
1588 if (wpabuf_len(in_decrypted) == 0) {
1589 wpabuf_free(in_decrypted);
1590 return eap_ttls_implicit_identity_request(
1591 sm, data, ret, identifier, out_data);
1596 if ((in_data == NULL || wpabuf_len(in_data) == 0) &&
1597 data->phase2_start) {
1598 return eap_ttls_phase2_start(sm, data, ret, identifier,
1602 if (in_data == NULL || wpabuf_len(in_data) == 0) {
1603 /* Received TLS ACK - requesting more fragments */
1604 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
1606 identifier, NULL, out_data);
1609 retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
1614 data->phase2_start = 0;
1616 if (eap_ttls_parse_avps(in_decrypted, &parse) < 0) {
1621 retval = eap_ttls_process_decrypted(sm, data, ret, identifier,
1622 &parse, in_decrypted, out_data);
1625 wpabuf_free(in_decrypted);
1626 os_free(parse.eapdata);
1629 ret->methodState = METHOD_DONE;
1630 ret->decision = DECISION_FAIL;
1637 static int eap_ttls_process_handshake(struct eap_sm *sm,
1638 struct eap_ttls_data *data,
1639 struct eap_method_ret *ret,
1641 const struct wpabuf *in_data,
1642 struct wpabuf **out_data)
1646 res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
1647 data->ttls_version, identifier,
1650 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS processing failed");
1651 ret->methodState = METHOD_DONE;
1652 ret->decision = DECISION_FAIL;
1656 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1657 wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
1659 if (data->resuming) {
1660 wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may "
1662 ret->decision = DECISION_COND_SUCC;
1663 ret->methodState = METHOD_MAY_CONT;
1665 data->phase2_start = 1;
1666 eap_ttls_v0_derive_key(sm, data);
1668 if (*out_data == NULL || wpabuf_len(*out_data) == 0) {
1669 if (eap_ttls_decrypt(sm, data, ret, identifier,
1671 wpa_printf(MSG_WARNING, "EAP-TTLS: "
1672 "failed to process early "
1673 "start for Phase 2");
1682 * Application data included in the handshake message.
1684 wpabuf_free(data->pending_phase2_req);
1685 data->pending_phase2_req = *out_data;
1687 res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
1695 static void eap_ttls_check_auth_status(struct eap_sm *sm,
1696 struct eap_ttls_data *data,
1697 struct eap_method_ret *ret)
1699 if (ret->methodState == METHOD_DONE) {
1700 ret->allowNotifications = FALSE;
1701 if (ret->decision == DECISION_UNCOND_SUCC ||
1702 ret->decision == DECISION_COND_SUCC) {
1703 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
1704 "completed successfully");
1705 data->phase2_success = 1;
1707 if (!data->ready_for_tnc && !data->tnc_started) {
1709 * TNC may be required as the next
1710 * authentication method within the tunnel.
1712 ret->methodState = METHOD_MAY_CONT;
1713 data->ready_for_tnc = 1;
1715 #endif /* EAP_TNC */
1717 } else if (ret->methodState == METHOD_MAY_CONT &&
1718 (ret->decision == DECISION_UNCOND_SUCC ||
1719 ret->decision == DECISION_COND_SUCC)) {
1720 wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
1721 "completed successfully (MAY_CONT)");
1722 data->phase2_success = 1;
1727 static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
1728 struct eap_method_ret *ret,
1729 const struct wpabuf *reqData)
1734 struct wpabuf *resp;
1736 struct eap_ttls_data *data = priv;
1739 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
1740 reqData, &left, &flags);
1743 id = eap_get_id(reqData);
1745 if (flags & EAP_TLS_FLAGS_START) {
1746 wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own "
1747 "ver=%d)", flags & EAP_TLS_VERSION_MASK,
1748 data->ttls_version);
1750 /* RFC 5281, Ch. 9.2:
1751 * "This packet MAY contain additional information in the form
1752 * of AVPs, which may provide useful hints to the client"
1753 * For now, ignore any potential extra data.
1758 wpabuf_set(&msg, pos, left);
1761 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1763 res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
1765 res = eap_ttls_process_handshake(sm, data, ret, id,
1769 eap_ttls_check_auth_status(sm, data, ret);
1771 /* FIX: what about res == -1? Could just move all error processing into
1772 * the other functions and get rid of this res==1 case here. */
1775 return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS,
1776 data->ttls_version);
1782 static Boolean eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv)
1784 struct eap_ttls_data *data = priv;
1785 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1786 data->phase2_success;
1790 static void eap_ttls_deinit_for_reauth(struct eap_sm *sm, void *priv)
1792 struct eap_ttls_data *data = priv;
1793 wpabuf_free(data->pending_phase2_req);
1794 data->pending_phase2_req = NULL;
1796 data->ready_for_tnc = 0;
1797 data->tnc_started = 0;
1798 #endif /* EAP_TNC */
1802 static void * eap_ttls_init_for_reauth(struct eap_sm *sm, void *priv)
1804 struct eap_ttls_data *data = priv;
1805 eap_ttls_free_key(data);
1806 os_free(data->session_id);
1807 data->session_id = NULL;
1808 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1812 if (data->phase2_priv && data->phase2_method &&
1813 data->phase2_method->init_for_reauth)
1814 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1815 data->phase2_start = 0;
1816 data->phase2_success = 0;
1823 static int eap_ttls_get_status(struct eap_sm *sm, void *priv, char *buf,
1824 size_t buflen, int verbose)
1826 struct eap_ttls_data *data = priv;
1829 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
1830 ret = os_snprintf(buf + len, buflen - len,
1831 "EAP-TTLSv%d Phase2 method=",
1832 data->ttls_version);
1833 if (os_snprintf_error(buflen - len, ret))
1836 switch (data->phase2_type) {
1837 case EAP_TTLS_PHASE2_EAP:
1838 ret = os_snprintf(buf + len, buflen - len, "EAP-%s\n",
1839 data->phase2_method ?
1840 data->phase2_method->name : "?");
1842 case EAP_TTLS_PHASE2_MSCHAPV2:
1843 ret = os_snprintf(buf + len, buflen - len, "MSCHAPV2\n");
1845 case EAP_TTLS_PHASE2_MSCHAP:
1846 ret = os_snprintf(buf + len, buflen - len, "MSCHAP\n");
1848 case EAP_TTLS_PHASE2_PAP:
1849 ret = os_snprintf(buf + len, buflen - len, "PAP\n");
1851 case EAP_TTLS_PHASE2_CHAP:
1852 ret = os_snprintf(buf + len, buflen - len, "CHAP\n");
1858 if (os_snprintf_error(buflen - len, ret))
1866 static Boolean eap_ttls_isKeyAvailable(struct eap_sm *sm, void *priv)
1868 struct eap_ttls_data *data = priv;
1869 return data->key_data != NULL && data->phase2_success;
1873 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1875 struct eap_ttls_data *data = priv;
1878 if (data->key_data == NULL || !data->phase2_success)
1881 key = os_malloc(EAP_TLS_KEY_LEN);
1885 *len = EAP_TLS_KEY_LEN;
1886 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
1892 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1894 struct eap_ttls_data *data = priv;
1897 if (data->session_id == NULL || !data->phase2_success)
1900 id = os_malloc(data->id_len);
1904 *len = data->id_len;
1905 os_memcpy(id, data->session_id, data->id_len);
1911 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1913 struct eap_ttls_data *data = priv;
1916 if (data->key_data == NULL)
1919 key = os_malloc(EAP_EMSK_LEN);
1923 *len = EAP_EMSK_LEN;
1924 os_memcpy(key, data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
1930 int eap_peer_ttls_register(void)
1932 struct eap_method *eap;
1935 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
1936 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1940 eap->init = eap_ttls_init;
1941 eap->deinit = eap_ttls_deinit;
1942 eap->process = eap_ttls_process;
1943 eap->isKeyAvailable = eap_ttls_isKeyAvailable;
1944 eap->getKey = eap_ttls_getKey;
1945 eap->getSessionId = eap_ttls_get_session_id;
1946 eap->get_status = eap_ttls_get_status;
1947 eap->has_reauth_data = eap_ttls_has_reauth_data;
1948 eap->deinit_for_reauth = eap_ttls_deinit_for_reauth;
1949 eap->init_for_reauth = eap_ttls_init_for_reauth;
1950 eap->get_emsk = eap_ttls_get_emsk;
1952 ret = eap_peer_method_register(eap);
1954 eap_peer_method_free(eap);