2 * hostapd / EAP-GPSK (RFC 5433) server
3 * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/random.h"
13 #include "eap_server/eap_i.h"
14 #include "eap_common/eap_gpsk_common.h"
17 struct eap_gpsk_data {
18 enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
19 u8 rand_server[EAP_GPSK_RAND_LEN];
20 u8 rand_peer[EAP_GPSK_RAND_LEN];
22 u8 emsk[EAP_EMSK_LEN];
23 u8 sk[EAP_GPSK_MAX_SK_LEN];
25 u8 pk[EAP_GPSK_MAX_PK_LEN];
31 #define MAX_NUM_CSUITES 2
32 struct eap_gpsk_csuite csuite_list[MAX_NUM_CSUITES];
34 int vendor; /* CSuite/Vendor */
35 int specifier; /* CSuite/Specifier */
39 static const char * eap_gpsk_state_txt(int state)
56 static void eap_gpsk_state(struct eap_gpsk_data *data, int state)
58 wpa_printf(MSG_DEBUG, "EAP-GPSK: %s -> %s",
59 eap_gpsk_state_txt(data->state),
60 eap_gpsk_state_txt(state));
65 static void * eap_gpsk_init(struct eap_sm *sm)
67 struct eap_gpsk_data *data;
69 data = os_zalloc(sizeof(*data));
74 data->csuite_count = 0;
75 if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
76 EAP_GPSK_CIPHER_AES)) {
77 WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
78 EAP_GPSK_VENDOR_IETF);
79 WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
83 if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
84 EAP_GPSK_CIPHER_SHA256)) {
85 WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
86 EAP_GPSK_VENDOR_IETF);
87 WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
88 EAP_GPSK_CIPHER_SHA256);
96 static void eap_gpsk_reset(struct eap_sm *sm, void *priv)
98 struct eap_gpsk_data *data = priv;
99 os_free(data->id_peer);
100 bin_clear_free(data, sizeof(*data));
104 static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm,
105 struct eap_gpsk_data *data, u8 id)
110 wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1");
112 if (random_get_bytes(data->rand_server, EAP_GPSK_RAND_LEN)) {
113 wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data");
114 eap_gpsk_state(data, FAILURE);
117 wpa_hexdump(MSG_MSGDUMP, "EAP-GPSK: RAND_Server",
118 data->rand_server, EAP_GPSK_RAND_LEN);
120 len = 1 + 2 + sm->server_id_len + EAP_GPSK_RAND_LEN + 2 +
121 data->csuite_count * sizeof(struct eap_gpsk_csuite);
122 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len,
123 EAP_CODE_REQUEST, id);
125 wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to allocate memory "
126 "for request/GPSK-1");
127 eap_gpsk_state(data, FAILURE);
131 wpabuf_put_u8(req, EAP_GPSK_OPCODE_GPSK_1);
132 wpabuf_put_be16(req, sm->server_id_len);
133 wpabuf_put_data(req, sm->server_id, sm->server_id_len);
134 wpabuf_put_data(req, data->rand_server, EAP_GPSK_RAND_LEN);
136 data->csuite_count * sizeof(struct eap_gpsk_csuite));
137 wpabuf_put_data(req, data->csuite_list,
138 data->csuite_count * sizeof(struct eap_gpsk_csuite));
144 static struct wpabuf * eap_gpsk_build_gpsk_3(struct eap_sm *sm,
145 struct eap_gpsk_data *data, u8 id)
149 struct eap_gpsk_csuite *csuite;
152 wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3");
154 miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
155 len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + sm->server_id_len +
156 sizeof(struct eap_gpsk_csuite) + 2 + miclen;
157 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len,
158 EAP_CODE_REQUEST, id);
160 wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to allocate memory "
161 "for request/GPSK-3");
162 eap_gpsk_state(data, FAILURE);
166 wpabuf_put_u8(req, EAP_GPSK_OPCODE_GPSK_3);
167 start = wpabuf_put(req, 0);
169 wpabuf_put_data(req, data->rand_peer, EAP_GPSK_RAND_LEN);
170 wpabuf_put_data(req, data->rand_server, EAP_GPSK_RAND_LEN);
171 wpabuf_put_be16(req, sm->server_id_len);
172 wpabuf_put_data(req, sm->server_id, sm->server_id_len);
173 csuite = wpabuf_put(req, sizeof(*csuite));
174 WPA_PUT_BE32(csuite->vendor, data->vendor);
175 WPA_PUT_BE16(csuite->specifier, data->specifier);
177 /* no PD_Payload_2 */
178 wpabuf_put_be16(req, 0);
180 pos = wpabuf_put(req, miclen);
181 if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
182 data->specifier, start, pos - start, pos) < 0)
185 eap_gpsk_state(data, FAILURE);
193 static struct wpabuf * eap_gpsk_buildReq(struct eap_sm *sm, void *priv, u8 id)
195 struct eap_gpsk_data *data = priv;
197 switch (data->state) {
199 return eap_gpsk_build_gpsk_1(sm, data, id);
201 return eap_gpsk_build_gpsk_3(sm, data, id);
203 wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown state %d in buildReq",
211 static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv,
212 struct wpabuf *respData)
214 struct eap_gpsk_data *data = priv;
218 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respData, &len);
219 if (pos == NULL || len < 1) {
220 wpa_printf(MSG_INFO, "EAP-GPSK: Invalid frame");
224 wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode=%d", *pos);
226 if (data->state == GPSK_1 && *pos == EAP_GPSK_OPCODE_GPSK_2)
229 if (data->state == GPSK_3 && *pos == EAP_GPSK_OPCODE_GPSK_4)
232 wpa_printf(MSG_INFO, "EAP-GPSK: Unexpected opcode=%d in state=%d",
239 static void eap_gpsk_process_gpsk_2(struct eap_sm *sm,
240 struct eap_gpsk_data *data,
241 const u8 *payload, size_t payloadlen)
245 const struct eap_gpsk_csuite *csuite;
247 u8 mic[EAP_GPSK_MAX_MIC_LEN];
249 if (data->state != GPSK_1)
252 wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-2");
255 end = payload + payloadlen;
258 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
260 eap_gpsk_state(data, FAILURE);
263 alen = WPA_GET_BE16(pos);
265 if (end - pos < alen) {
266 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
268 eap_gpsk_state(data, FAILURE);
271 os_free(data->id_peer);
272 data->id_peer = os_malloc(alen);
273 if (data->id_peer == NULL) {
274 wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store "
275 "%d-octet ID_Peer", alen);
278 os_memcpy(data->id_peer, pos, alen);
279 data->id_peer_len = alen;
280 wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
281 data->id_peer, data->id_peer_len);
285 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
287 eap_gpsk_state(data, FAILURE);
290 alen = WPA_GET_BE16(pos);
292 if (end - pos < alen) {
293 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
295 eap_gpsk_state(data, FAILURE);
298 if (alen != sm->server_id_len ||
299 os_memcmp(pos, sm->server_id, alen) != 0) {
300 wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1 and "
301 "GPSK-2 did not match");
302 eap_gpsk_state(data, FAILURE);
307 if (end - pos < EAP_GPSK_RAND_LEN) {
308 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
310 eap_gpsk_state(data, FAILURE);
313 os_memcpy(data->rand_peer, pos, EAP_GPSK_RAND_LEN);
314 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
315 data->rand_peer, EAP_GPSK_RAND_LEN);
316 pos += EAP_GPSK_RAND_LEN;
318 if (end - pos < EAP_GPSK_RAND_LEN) {
319 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
321 eap_gpsk_state(data, FAILURE);
324 if (os_memcmp(data->rand_server, pos, EAP_GPSK_RAND_LEN) != 0) {
325 wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1 and "
326 "GPSK-2 did not match");
327 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1",
328 data->rand_server, EAP_GPSK_RAND_LEN);
329 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-2",
330 pos, EAP_GPSK_RAND_LEN);
331 eap_gpsk_state(data, FAILURE);
334 pos += EAP_GPSK_RAND_LEN;
337 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
338 "CSuite_List length");
339 eap_gpsk_state(data, FAILURE);
342 alen = WPA_GET_BE16(pos);
344 if (end - pos < alen) {
345 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
347 eap_gpsk_state(data, FAILURE);
350 if (alen != data->csuite_count * sizeof(struct eap_gpsk_csuite) ||
351 os_memcmp(pos, data->csuite_list, alen) != 0) {
352 wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List in GPSK-1 and "
353 "GPSK-2 did not match");
354 eap_gpsk_state(data, FAILURE);
359 if (end - pos < (int) sizeof(*csuite)) {
360 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
362 eap_gpsk_state(data, FAILURE);
365 csuite = (const struct eap_gpsk_csuite *) pos;
366 for (i = 0; i < data->csuite_count; i++) {
367 if (os_memcmp(csuite, &data->csuite_list[i], sizeof(*csuite))
371 if (i == data->csuite_count) {
372 wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported "
374 WPA_GET_BE32(csuite->vendor),
375 WPA_GET_BE16(csuite->specifier));
376 eap_gpsk_state(data, FAILURE);
379 data->vendor = WPA_GET_BE32(csuite->vendor);
380 data->specifier = WPA_GET_BE16(csuite->specifier);
381 wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d",
382 data->vendor, data->specifier);
383 pos += sizeof(*csuite);
386 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
387 "PD_Payload_1 length");
388 eap_gpsk_state(data, FAILURE);
391 alen = WPA_GET_BE16(pos);
393 if (end - pos < alen) {
394 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
396 eap_gpsk_state(data, FAILURE);
399 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen);
402 if (sm->user == NULL || sm->user->password == NULL) {
403 wpa_printf(MSG_INFO, "EAP-GPSK: No PSK/password configured "
405 eap_gpsk_state(data, FAILURE);
409 if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len,
410 data->vendor, data->specifier,
411 data->rand_peer, data->rand_server,
412 data->id_peer, data->id_peer_len,
413 sm->server_id, sm->server_id_len,
414 data->msk, data->emsk,
415 data->sk, &data->sk_len,
416 data->pk, &data->pk_len) < 0) {
417 wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive keys");
418 eap_gpsk_state(data, FAILURE);
422 if (eap_gpsk_derive_session_id(sm->user->password,
423 sm->user->password_len,
424 data->vendor, data->specifier,
425 data->rand_peer, data->rand_server,
426 data->id_peer, data->id_peer_len,
427 sm->server_id, sm->server_id_len,
429 data->session_id, &data->id_len) < 0) {
430 wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive Session-Id");
431 eap_gpsk_state(data, FAILURE);
434 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Derived Session-Id",
435 data->session_id, data->id_len);
437 miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
438 if (end - pos < (int) miclen) {
439 wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
440 "(left=%lu miclen=%lu)",
441 (unsigned long) (end - pos),
442 (unsigned long) miclen);
443 eap_gpsk_state(data, FAILURE);
446 if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
447 data->specifier, payload, pos - payload, mic)
449 wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
450 eap_gpsk_state(data, FAILURE);
453 if (os_memcmp_const(mic, pos, miclen) != 0) {
454 wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-2");
455 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
456 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
457 eap_gpsk_state(data, FAILURE);
463 wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
464 "data in the end of GPSK-2",
465 (unsigned long) (end - pos));
468 eap_gpsk_state(data, GPSK_3);
472 static void eap_gpsk_process_gpsk_4(struct eap_sm *sm,
473 struct eap_gpsk_data *data,
474 const u8 *payload, size_t payloadlen)
479 u8 mic[EAP_GPSK_MAX_MIC_LEN];
481 if (data->state != GPSK_3)
484 wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-4");
487 end = payload + payloadlen;
490 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
491 "PD_Payload_1 length");
492 eap_gpsk_state(data, FAILURE);
495 alen = WPA_GET_BE16(pos);
497 if (end - pos < alen) {
498 wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
500 eap_gpsk_state(data, FAILURE);
503 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen);
506 miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
507 if (end - pos < (int) miclen) {
508 wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
509 "(left=%lu miclen=%lu)",
510 (unsigned long) (end - pos),
511 (unsigned long) miclen);
512 eap_gpsk_state(data, FAILURE);
515 if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
516 data->specifier, payload, pos - payload, mic)
518 wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
519 eap_gpsk_state(data, FAILURE);
522 if (os_memcmp_const(mic, pos, miclen) != 0) {
523 wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-4");
524 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
525 wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
526 eap_gpsk_state(data, FAILURE);
532 wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
533 "data in the end of GPSK-4",
534 (unsigned long) (end - pos));
537 eap_gpsk_state(data, SUCCESS);
541 static void eap_gpsk_process(struct eap_sm *sm, void *priv,
542 struct wpabuf *respData)
544 struct eap_gpsk_data *data = priv;
548 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respData, &len);
549 if (pos == NULL || len < 1)
553 case EAP_GPSK_OPCODE_GPSK_2:
554 eap_gpsk_process_gpsk_2(sm, data, pos + 1, len - 1);
556 case EAP_GPSK_OPCODE_GPSK_4:
557 eap_gpsk_process_gpsk_4(sm, data, pos + 1, len - 1);
563 static Boolean eap_gpsk_isDone(struct eap_sm *sm, void *priv)
565 struct eap_gpsk_data *data = priv;
566 return data->state == SUCCESS || data->state == FAILURE;
570 static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len)
572 struct eap_gpsk_data *data = priv;
575 if (data->state != SUCCESS)
578 key = os_malloc(EAP_MSK_LEN);
581 os_memcpy(key, data->msk, EAP_MSK_LEN);
588 static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
590 struct eap_gpsk_data *data = priv;
593 if (data->state != SUCCESS)
596 key = os_malloc(EAP_EMSK_LEN);
599 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
606 static Boolean eap_gpsk_isSuccess(struct eap_sm *sm, void *priv)
608 struct eap_gpsk_data *data = priv;
609 return data->state == SUCCESS;
613 static u8 * eap_gpsk_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
615 struct eap_gpsk_data *data = priv;
618 if (data->state != SUCCESS)
621 sid = os_malloc(data->id_len);
624 os_memcpy(sid, data->session_id, data->id_len);
631 int eap_server_gpsk_register(void)
633 struct eap_method *eap;
636 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
637 EAP_VENDOR_IETF, EAP_TYPE_GPSK, "GPSK");
641 eap->init = eap_gpsk_init;
642 eap->reset = eap_gpsk_reset;
643 eap->buildReq = eap_gpsk_buildReq;
644 eap->check = eap_gpsk_check;
645 eap->process = eap_gpsk_process;
646 eap->isDone = eap_gpsk_isDone;
647 eap->getKey = eap_gpsk_getKey;
648 eap->isSuccess = eap_gpsk_isSuccess;
649 eap->get_emsk = eap_gpsk_get_emsk;
650 eap->getSessionId = eap_gpsk_get_session_id;
652 ret = eap_server_method_register(eap);
654 eap_server_method_free(eap);