libeap/src/eap_server/eap_server_ttls.c

   1 /*
   2  * hostapd / EAP-TTLS (RFC 5281)
   3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10
  11 #include "common.h"
  12 #include "crypto/ms_funcs.h"
  13 #include "crypto/sha1.h"
  14 #include "crypto/tls.h"
  15 #include "eap_server/eap_i.h"
  16 #include "eap_server/eap_tls_common.h"
  17 #include "eap_common/chap.h"
  18 #include "eap_common/eap_ttls.h"
  19
  20
  21 #define EAP_TTLS_VERSION 0
  22
  23
  24 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
  25
  26
  27 struct eap_ttls_data {
  28         struct eap_ssl_data ssl;
  29         enum {
  30                 START, PHASE1, PHASE2_START, PHASE2_METHOD,
  31                 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
  32         } state;
  33
  34         int ttls_version;
  35         const struct eap_method *phase2_method;
  36         void *phase2_priv;
  37         int mschapv2_resp_ok;
  38         u8 mschapv2_auth_response[20];
  39         u8 mschapv2_ident;
  40         struct wpabuf *pending_phase2_eap_resp;
  41         int tnc_started;
  42 };
  43
  44
  45 static const char * eap_ttls_state_txt(int state)
  46 {
  47         switch (state) {
  48         case START:
  49                 return "START";
  50         case PHASE1:
  51                 return "PHASE1";
  52         case PHASE2_START:
  53                 return "PHASE2_START";
  54         case PHASE2_METHOD:
  55                 return "PHASE2_METHOD";
  56         case PHASE2_MSCHAPV2_RESP:
  57                 return "PHASE2_MSCHAPV2_RESP";
  58         case SUCCESS:
  59                 return "SUCCESS";
  60         case FAILURE:
  61                 return "FAILURE";
  62         default:
  63                 return "Unknown?!";
  64         }
  65 }
  66
  67
  68 static void eap_ttls_state(struct eap_ttls_data *data, int state)
  69 {
  70         wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
  71                    eap_ttls_state_txt(data->state),
  72                    eap_ttls_state_txt(state));
  73         data->state = state;
  74         if (state == FAILURE)
  75                 tls_connection_remove_session(data->ssl.conn);
  76 }
  77
  78
  79 static void eap_ttls_valid_session(struct eap_sm *sm,
  80                                    struct eap_ttls_data *data)
  81 {
  82         struct wpabuf *buf;
  83
  84         if (!sm->tls_session_lifetime)
  85                 return;
  86
  87         buf = wpabuf_alloc(1 + 1 + sm->identity_len);
  88         if (!buf)
  89                 return;
  90         wpabuf_put_u8(buf, EAP_TYPE_TTLS);
  91         if (sm->identity) {
  92                 u8 id_len;
  93
  94                 if (sm->identity_len <= 255)
  95                         id_len = sm->identity_len;
  96                 else
  97                         id_len = 255;
  98                 wpabuf_put_u8(buf, id_len);
  99                 wpabuf_put_data(buf, sm->identity, id_len);
 100         } else {
 101                 wpabuf_put_u8(buf, 0);
 102         }
 103         tls_connection_set_success_data(data->ssl.conn, buf);
 104 }
 105
 106
 107 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
 108                              int mandatory, size_t len)
 109 {
 110         struct ttls_avp_vendor *avp;
 111         u8 flags;
 112         size_t hdrlen;
 113
 114         avp = (struct ttls_avp_vendor *) avphdr;
 115         flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
 116         if (vendor_id) {
 117                 flags |= AVP_FLAGS_VENDOR;
 118                 hdrlen = sizeof(*avp);
 119                 avp->vendor_id = host_to_be32(vendor_id);
 120         } else {
 121                 hdrlen = sizeof(struct ttls_avp);
 122         }
 123
 124         avp->avp_code = host_to_be32(avp_code);
 125         avp->avp_length = host_to_be32(((u32) flags << 24) |
 126                                        ((u32) (hdrlen + len)));
 127
 128         return avphdr + hdrlen;
 129 }
 130
 131
 132 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
 133                                                 u32 avp_code, int mandatory)
 134 {
 135         struct wpabuf *avp;
 136         u8 *pos;
 137
 138         avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
 139         if (avp == NULL) {
 140                 wpabuf_free(resp);
 141                 return NULL;
 142         }
 143
 144         pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
 145                                wpabuf_len(resp));
 146         os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
 147         pos += wpabuf_len(resp);
 148         AVP_PAD((const u8 *) wpabuf_head(avp), pos);
 149         wpabuf_free(resp);
 150         wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
 151         return avp;
 152 }
 153
 154
 155 struct eap_ttls_avp {
 156          /* Note: eap is allocated memory; caller is responsible for freeing
 157           * it. All the other pointers are pointing to the packet data, i.e.,
 158           * they must not be freed separately. */
 159         u8 *eap;
 160         size_t eap_len;
 161         u8 *user_name;
 162         size_t user_name_len;
 163         u8 *user_password;
 164         size_t user_password_len;
 165         u8 *chap_challenge;
 166         size_t chap_challenge_len;
 167         u8 *chap_password;
 168         size_t chap_password_len;
 169         u8 *mschap_challenge;
 170         size_t mschap_challenge_len;
 171         u8 *mschap_response;
 172         size_t mschap_response_len;
 173         u8 *mschap2_response;
 174         size_t mschap2_response_len;
 175 };
 176
 177
 178 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
 179 {
 180         struct ttls_avp *avp;
 181         u8 *pos;
 182         int left;
 183
 184         pos = wpabuf_mhead(buf);
 185         left = wpabuf_len(buf);
 186         os_memset(parse, 0, sizeof(*parse));
 187
 188         while (left > 0) {
 189                 u32 avp_code, avp_length, vendor_id = 0;
 190                 u8 avp_flags, *dpos;
 191                 size_t pad, dlen;
 192                 avp = (struct ttls_avp *) pos;
 193                 avp_code = be_to_host32(avp->avp_code);
 194                 avp_length = be_to_host32(avp->avp_length);
 195                 avp_flags = (avp_length >> 24) & 0xff;
 196                 avp_length &= 0xffffff;
 197                 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
 198                            "length=%d", (int) avp_code, avp_flags,
 199                            (int) avp_length);
 200                 if ((int) avp_length > left) {
 201                         wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
 202                                    "(len=%d, left=%d) - dropped",
 203                                    (int) avp_length, left);
 204                         goto fail;
 205                 }
 206                 if (avp_length < sizeof(*avp)) {
 207                         wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
 208                                    "%d", avp_length);
 209                         goto fail;
 210                 }
 211                 dpos = (u8 *) (avp + 1);
 212                 dlen = avp_length - sizeof(*avp);
 213                 if (avp_flags & AVP_FLAGS_VENDOR) {
 214                         if (dlen < 4) {
 215                                 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
 216                                            "underflow");
 217                                 goto fail;
 218                         }
 219                         vendor_id = be_to_host32(* (be32 *) dpos);
 220                         wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
 221                                    (int) vendor_id);
 222                         dpos += 4;
 223                         dlen -= 4;
 224                 }
 225
 226                 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
 227
 228                 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
 229                         wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
 230                         if (parse->eap == NULL) {
 231                                 parse->eap = os_malloc(dlen);
 232                                 if (parse->eap == NULL) {
 233                                         wpa_printf(MSG_WARNING, "EAP-TTLS: "
 234                                                    "failed to allocate memory "
 235                                                    "for Phase 2 EAP data");
 236                                         goto fail;
 237                                 }
 238                                 os_memcpy(parse->eap, dpos, dlen);
 239                                 parse->eap_len = dlen;
 240                         } else {
 241                                 u8 *neweap = os_realloc(parse->eap,
 242                                                         parse->eap_len + dlen);
 243                                 if (neweap == NULL) {
 244                                         wpa_printf(MSG_WARNING, "EAP-TTLS: "
 245                                                    "failed to allocate memory "
 246                                                    "for Phase 2 EAP data");
 247                                         goto fail;
 248                                 }
 249                                 os_memcpy(neweap + parse->eap_len, dpos, dlen);
 250                                 parse->eap = neweap;
 251                                 parse->eap_len += dlen;
 252                         }
 253                 } else if (vendor_id == 0 &&
 254                            avp_code == RADIUS_ATTR_USER_NAME) {
 255                         wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
 256                                           dpos, dlen);
 257                         parse->user_name = dpos;
 258                         parse->user_name_len = dlen;
 259                 } else if (vendor_id == 0 &&
 260                            avp_code == RADIUS_ATTR_USER_PASSWORD) {
 261                         u8 *password = dpos;
 262                         size_t password_len = dlen;
 263                         while (password_len > 0 &&
 264                                password[password_len - 1] == '\0') {
 265                                 password_len--;
 266                         }
 267                         wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
 268                                               "User-Password (PAP)",
 269                                               password, password_len);
 270                         parse->user_password = password;
 271                         parse->user_password_len = password_len;
 272                 } else if (vendor_id == 0 &&
 273                            avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
 274                         wpa_hexdump(MSG_DEBUG,
 275                                     "EAP-TTLS: CHAP-Challenge (CHAP)",
 276                                     dpos, dlen);
 277                         parse->chap_challenge = dpos;
 278                         parse->chap_challenge_len = dlen;
 279                 } else if (vendor_id == 0 &&
 280                            avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
 281                         wpa_hexdump(MSG_DEBUG,
 282                                     "EAP-TTLS: CHAP-Password (CHAP)",
 283                                     dpos, dlen);
 284                         parse->chap_password = dpos;
 285                         parse->chap_password_len = dlen;
 286                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
 287                            avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
 288                         wpa_hexdump(MSG_DEBUG,
 289                                     "EAP-TTLS: MS-CHAP-Challenge",
 290                                     dpos, dlen);
 291                         parse->mschap_challenge = dpos;
 292                         parse->mschap_challenge_len = dlen;
 293                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
 294                            avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
 295                         wpa_hexdump(MSG_DEBUG,
 296                                     "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
 297                                     dpos, dlen);
 298                         parse->mschap_response = dpos;
 299                         parse->mschap_response_len = dlen;
 300                 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
 301                            avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
 302                         wpa_hexdump(MSG_DEBUG,
 303                                     "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
 304                                     dpos, dlen);
 305                         parse->mschap2_response = dpos;
 306                         parse->mschap2_response_len = dlen;
 307                 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
 308                         wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
 309                                    "mandatory AVP code %d vendor_id %d - "
 310                                    "dropped", (int) avp_code, (int) vendor_id);
 311                         goto fail;
 312                 } else {
 313                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
 314                                    "AVP code %d vendor_id %d",
 315                                    (int) avp_code, (int) vendor_id);
 316                 }
 317
 318                 pad = (4 - (avp_length & 3)) & 3;
 319                 pos += avp_length + pad;
 320                 left -= avp_length + pad;
 321         }
 322
 323         return 0;
 324
 325 fail:
 326         os_free(parse->eap);
 327         parse->eap = NULL;
 328         return -1;
 329 }
 330
 331
 332 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
 333                                         struct eap_ttls_data *data, size_t len)
 334 {
 335         return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
 336                                          len);
 337 }
 338
 339
 340 static void * eap_ttls_init(struct eap_sm *sm)
 341 {
 342         struct eap_ttls_data *data;
 343
 344         data = os_zalloc(sizeof(*data));
 345         if (data == NULL)
 346                 return NULL;
 347         data->ttls_version = EAP_TTLS_VERSION;
 348         data->state = START;
 349
 350         if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) {
 351                 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
 352                 eap_ttls_reset(sm, data);
 353                 return NULL;
 354         }
 355
 356         return data;
 357 }
 358
 359
 360 static void eap_ttls_reset(struct eap_sm *sm, void *priv)
 361 {
 362         struct eap_ttls_data *data = priv;
 363         if (data == NULL)
 364                 return;
 365         if (data->phase2_priv && data->phase2_method)
 366                 data->phase2_method->reset(sm, data->phase2_priv);
 367         eap_server_tls_ssl_deinit(sm, &data->ssl);
 368         wpabuf_free(data->pending_phase2_eap_resp);
 369         bin_clear_free(data, sizeof(*data));
 370 }
 371
 372
 373 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
 374                                             struct eap_ttls_data *data, u8 id)
 375 {
 376         struct wpabuf *req;
 377
 378         req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
 379                             EAP_CODE_REQUEST, id);
 380         if (req == NULL) {
 381                 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
 382                            " request");
 383                 eap_ttls_state(data, FAILURE);
 384                 return NULL;
 385         }
 386
 387         wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
 388
 389         eap_ttls_state(data, PHASE1);
 390
 391         return req;
 392 }
 393
 394
 395 static struct wpabuf * eap_ttls_build_phase2_eap_req(
 396         struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
 397 {
 398         struct wpabuf *buf, *encr_req;
 399
 400
 401         buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
 402         if (buf == NULL)
 403                 return NULL;
 404
 405         wpa_hexdump_buf_key(MSG_DEBUG,
 406                             "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
 407
 408         buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
 409         if (buf == NULL) {
 410                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
 411                            "packet");
 412                 return NULL;
 413         }
 414
 415         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
 416                             "Phase 2 data", buf);
 417
 418         encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
 419         wpabuf_free(buf);
 420
 421         return encr_req;
 422 }
 423
 424
 425 static struct wpabuf * eap_ttls_build_phase2_mschapv2(
 426         struct eap_sm *sm, struct eap_ttls_data *data)
 427 {
 428         struct wpabuf *encr_req, msgbuf;
 429         u8 *req, *pos, *end;
 430         int ret;
 431
 432         pos = req = os_malloc(100);
 433         if (req == NULL)
 434                 return NULL;
 435         end = req + 100;
 436
 437         if (data->mschapv2_resp_ok) {
 438                 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
 439                                        RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
 440                 *pos++ = data->mschapv2_ident;
 441                 ret = os_snprintf((char *) pos, end - pos, "S=");
 442                 if (!os_snprintf_error(end - pos, ret))
 443                         pos += ret;
 444                 pos += wpa_snprintf_hex_uppercase(
 445                         (char *) pos, end - pos, data->mschapv2_auth_response,
 446                         sizeof(data->mschapv2_auth_response));
 447         } else {
 448                 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
 449                                        RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
 450                 os_memcpy(pos, "Failed", 6);
 451                 pos += 6;
 452                 AVP_PAD(req, pos);
 453         }
 454
 455         wpabuf_set(&msgbuf, req, pos - req);
 456         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
 457                             "data", &msgbuf);
 458
 459         encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
 460         os_free(req);
 461
 462         return encr_req;
 463 }
 464
 465
 466 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
 467 {
 468         struct eap_ttls_data *data = priv;
 469
 470         if (data->ssl.state == FRAG_ACK) {
 471                 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
 472                                                 data->ttls_version);
 473         }
 474
 475         if (data->ssl.state == WAIT_FRAG_ACK) {
 476                 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
 477                                                 data->ttls_version, id);
 478         }
 479
 480         switch (data->state) {
 481         case START:
 482                 return eap_ttls_build_start(sm, data, id);
 483         case PHASE1:
 484                 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 485                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
 486                                    "starting Phase2");
 487                         eap_ttls_state(data, PHASE2_START);
 488                 }
 489                 break;
 490         case PHASE2_METHOD:
 491                 wpabuf_free(data->ssl.tls_out);
 492                 data->ssl.tls_out_pos = 0;
 493                 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
 494                                                                   id);
 495                 break;
 496         case PHASE2_MSCHAPV2_RESP:
 497                 wpabuf_free(data->ssl.tls_out);
 498                 data->ssl.tls_out_pos = 0;
 499                 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
 500                 break;
 501         default:
 502                 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
 503                            __func__, data->state);
 504                 return NULL;
 505         }
 506
 507         return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
 508                                         data->ttls_version, id);
 509 }
 510
 511
 512 static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
 513                               struct wpabuf *respData)
 514 {
 515         const u8 *pos;
 516         size_t len;
 517
 518         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
 519         if (pos == NULL || len < 1) {
 520                 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
 521                 return TRUE;
 522         }
 523
 524         return FALSE;
 525 }
 526
 527
 528 static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
 529                                         struct eap_ttls_data *data,
 530                                         const u8 *user_password,
 531                                         size_t user_password_len)
 532 {
 533         if (!sm->user || !sm->user->password || sm->user->password_hash ||
 534             !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
 535                 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
 536                            "password configured");
 537                 eap_ttls_state(data, FAILURE);
 538                 return;
 539         }
 540
 541         if (sm->user->password_len != user_password_len ||
 542             os_memcmp_const(sm->user->password, user_password,
 543                             user_password_len) != 0) {
 544                 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
 545                 eap_ttls_state(data, FAILURE);
 546                 return;
 547         }
 548
 549         wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
 550         eap_ttls_state(data, SUCCESS);
 551         eap_ttls_valid_session(sm, data);
 552 }
 553
 554
 555 static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
 556                                          struct eap_ttls_data *data,
 557                                          const u8 *challenge,
 558                                          size_t challenge_len,
 559                                          const u8 *password,
 560                                          size_t password_len)
 561 {
 562         u8 *chal, hash[CHAP_MD5_LEN];
 563
 564         if (challenge == NULL || password == NULL ||
 565             challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
 566             password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
 567                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
 568                            "(challenge len %lu password len %lu)",
 569                            (unsigned long) challenge_len,
 570                            (unsigned long) password_len);
 571                 eap_ttls_state(data, FAILURE);
 572                 return;
 573         }
 574
 575         if (!sm->user || !sm->user->password || sm->user->password_hash ||
 576             !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
 577                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
 578                            "password configured");
 579                 eap_ttls_state(data, FAILURE);
 580                 return;
 581         }
 582
 583         chal = eap_ttls_implicit_challenge(sm, data,
 584                                            EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
 585         if (chal == NULL) {
 586                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
 587                            "challenge from TLS data");
 588                 eap_ttls_state(data, FAILURE);
 589                 return;
 590         }
 591
 592         if (os_memcmp_const(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN)
 593             != 0 ||
 594             password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
 595                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
 596                 os_free(chal);
 597                 eap_ttls_state(data, FAILURE);
 598                 return;
 599         }
 600         os_free(chal);
 601
 602         /* MD5(Ident + Password + Challenge) */
 603         chap_md5(password[0], sm->user->password, sm->user->password_len,
 604                  challenge, challenge_len, hash);
 605
 606         if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) ==
 607             0) {
 608                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
 609                 eap_ttls_state(data, SUCCESS);
 610                 eap_ttls_valid_session(sm, data);
 611         } else {
 612                 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
 613                 eap_ttls_state(data, FAILURE);
 614         }
 615 }
 616
 617
 618 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
 619                                            struct eap_ttls_data *data,
 620                                            u8 *challenge, size_t challenge_len,
 621                                            u8 *response, size_t response_len)
 622 {
 623         u8 *chal, nt_response[24];
 624
 625         if (challenge == NULL || response == NULL ||
 626             challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
 627             response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
 628                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
 629                            "attributes (challenge len %lu response len %lu)",
 630                            (unsigned long) challenge_len,
 631                            (unsigned long) response_len);
 632                 eap_ttls_state(data, FAILURE);
 633                 return;
 634         }
 635
 636         if (!sm->user || !sm->user->password ||
 637             !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
 638                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
 639                            "configured");
 640                 eap_ttls_state(data, FAILURE);
 641                 return;
 642         }
 643
 644         chal = eap_ttls_implicit_challenge(sm, data,
 645                                            EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
 646         if (chal == NULL) {
 647                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
 648                            "challenge from TLS data");
 649                 eap_ttls_state(data, FAILURE);
 650                 return;
 651         }
 652
 653 #ifdef CONFIG_TESTING_OPTIONS
 654         eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP",
 655                                       sm->identity, sm->identity_len,
 656                                       challenge, response + 2 + 24);
 657 #endif /* CONFIG_TESTING_OPTIONS */
 658
 659         if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
 660             != 0 ||
 661             response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
 662                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
 663                 os_free(chal);
 664                 eap_ttls_state(data, FAILURE);
 665                 return;
 666         }
 667         os_free(chal);
 668
 669         if (sm->user->password_hash)
 670                 challenge_response(challenge, sm->user->password, nt_response);
 671         else
 672                 nt_challenge_response(challenge, sm->user->password,
 673                                       sm->user->password_len, nt_response);
 674
 675         if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
 676                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
 677                 eap_ttls_state(data, SUCCESS);
 678                 eap_ttls_valid_session(sm, data);
 679         } else {
 680                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
 681                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
 682                             response + 2 + 24, 24);
 683                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
 684                             nt_response, 24);
 685                 eap_ttls_state(data, FAILURE);
 686         }
 687 }
 688
 689
 690 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
 691                                              struct eap_ttls_data *data,
 692                                              u8 *challenge,
 693                                              size_t challenge_len,
 694                                              u8 *response, size_t response_len)
 695 {
 696         u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
 697                 *auth_challenge;
 698         size_t username_len, i;
 699
 700         if (challenge == NULL || response == NULL ||
 701             challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
 702             response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
 703                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
 704                            "attributes (challenge len %lu response len %lu)",
 705                            (unsigned long) challenge_len,
 706                            (unsigned long) response_len);
 707                 eap_ttls_state(data, FAILURE);
 708                 return;
 709         }
 710
 711         if (!sm->user || !sm->user->password ||
 712             !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
 713                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
 714                            "configured");
 715                 eap_ttls_state(data, FAILURE);
 716                 return;
 717         }
 718
 719         if (sm->identity == NULL) {
 720                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity "
 721                            "known");
 722                 eap_ttls_state(data, FAILURE);
 723                 return;
 724         }
 725
 726         /* MSCHAPv2 does not include optional domain name in the
 727          * challenge-response calculation, so remove domain prefix
 728          * (if present). */
 729         username = sm->identity;
 730         username_len = sm->identity_len;
 731         for (i = 0; i < username_len; i++) {
 732                 if (username[i] == '\\') {
 733                         username_len -= i + 1;
 734                         username += i + 1;
 735                         break;
 736                 }
 737         }
 738
 739         chal = eap_ttls_implicit_challenge(
 740                 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
 741         if (chal == NULL) {
 742                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
 743                            "challenge from TLS data");
 744                 eap_ttls_state(data, FAILURE);
 745                 return;
 746         }
 747
 748         if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN)
 749             != 0 ||
 750             response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
 751                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
 752                 os_free(chal);
 753                 eap_ttls_state(data, FAILURE);
 754                 return;
 755         }
 756         os_free(chal);
 757
 758         auth_challenge = challenge;
 759         peer_challenge = response + 2;
 760
 761         wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
 762                           username, username_len);
 763         wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
 764                     auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
 765         wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
 766                     peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
 767
 768         if (sm->user->password_hash) {
 769                 generate_nt_response_pwhash(auth_challenge, peer_challenge,
 770                                             username, username_len,
 771                                             sm->user->password,
 772                                             nt_response);
 773         } else {
 774                 generate_nt_response(auth_challenge, peer_challenge,
 775                                      username, username_len,
 776                                      sm->user->password,
 777                                      sm->user->password_len,
 778                                      nt_response);
 779         }
 780
 781         rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
 782 #ifdef CONFIG_TESTING_OPTIONS
 783         {
 784                 u8 challenge2[8];
 785
 786                 if (challenge_hash(peer_challenge, auth_challenge,
 787                                    username, username_len, challenge2) == 0) {
 788                         eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2",
 789                                                       username, username_len,
 790                                                       challenge2, rx_resp);
 791                 }
 792         }
 793 #endif /* CONFIG_TESTING_OPTIONS */
 794         if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
 795                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
 796                            "NT-Response");
 797                 data->mschapv2_resp_ok = 1;
 798
 799                 if (sm->user->password_hash) {
 800                         generate_authenticator_response_pwhash(
 801                                 sm->user->password,
 802                                 peer_challenge, auth_challenge,
 803                                 username, username_len, nt_response,
 804                                 data->mschapv2_auth_response);
 805                 } else {
 806                         generate_authenticator_response(
 807                                 sm->user->password, sm->user->password_len,
 808                                 peer_challenge, auth_challenge,
 809                                 username, username_len, nt_response,
 810                                 data->mschapv2_auth_response);
 811                 }
 812         } else {
 813                 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
 814                            "NT-Response");
 815                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
 816                             rx_resp, 24);
 817                 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
 818                             nt_response, 24);
 819                 data->mschapv2_resp_ok = 0;
 820         }
 821         eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
 822         data->mschapv2_ident = response[0];
 823 }
 824
 825
 826 static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
 827                                     struct eap_ttls_data *data,
 828                                     EapType eap_type)
 829 {
 830         if (data->phase2_priv && data->phase2_method) {
 831                 data->phase2_method->reset(sm, data->phase2_priv);
 832                 data->phase2_method = NULL;
 833                 data->phase2_priv = NULL;
 834         }
 835         data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
 836                                                         eap_type);
 837         if (!data->phase2_method)
 838                 return -1;
 839
 840         sm->init_phase2 = 1;
 841         data->phase2_priv = data->phase2_method->init(sm);
 842         sm->init_phase2 = 0;
 843         return data->phase2_priv == NULL ? -1 : 0;
 844 }
 845
 846
 847 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
 848                                                  struct eap_ttls_data *data,
 849                                                  u8 *in_data, size_t in_len)
 850 {
 851         u8 next_type = EAP_TYPE_NONE;
 852         struct eap_hdr *hdr;
 853         u8 *pos;
 854         size_t left;
 855         struct wpabuf buf;
 856         const struct eap_method *m = data->phase2_method;
 857         void *priv = data->phase2_priv;
 858
 859         if (priv == NULL) {
 860                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
 861                            "initialized?!", __func__);
 862                 return;
 863         }
 864
 865         hdr = (struct eap_hdr *) in_data;
 866         pos = (u8 *) (hdr + 1);
 867
 868         if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
 869                 left = in_len - sizeof(*hdr);
 870                 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
 871                             "allowed types", pos + 1, left - 1);
 872                 eap_sm_process_nak(sm, pos + 1, left - 1);
 873                 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
 874                     sm->user->methods[sm->user_eap_method_index].method !=
 875                     EAP_TYPE_NONE) {
 876                         next_type = sm->user->methods[
 877                                 sm->user_eap_method_index++].method;
 878                         wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
 879                                    next_type);
 880                         if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
 881                                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
 882                                            "initialize EAP type %d",
 883                                            next_type);
 884                                 eap_ttls_state(data, FAILURE);
 885                                 return;
 886                         }
 887                 } else {
 888                         eap_ttls_state(data, FAILURE);
 889                 }
 890                 return;
 891         }
 892
 893         wpabuf_set(&buf, in_data, in_len);
 894
 895         if (m->check(sm, priv, &buf)) {
 896                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
 897                            "ignore the packet");
 898                 return;
 899         }
 900
 901         m->process(sm, priv, &buf);
 902
 903         if (sm->method_pending == METHOD_PENDING_WAIT) {
 904                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
 905                            "pending wait state - save decrypted response");
 906                 wpabuf_free(data->pending_phase2_eap_resp);
 907                 data->pending_phase2_eap_resp = wpabuf_dup(&buf);
 908         }
 909
 910         if (!m->isDone(sm, priv))
 911                 return;
 912
 913         if (!m->isSuccess(sm, priv)) {
 914                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
 915                 eap_ttls_state(data, FAILURE);
 916                 return;
 917         }
 918
 919         switch (data->state) {
 920         case PHASE2_START:
 921                 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
 922                         wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
 923                                           "Identity not found in the user "
 924                                           "database",
 925                                           sm->identity, sm->identity_len);
 926                         eap_ttls_state(data, FAILURE);
 927                         break;
 928                 }
 929
 930                 eap_ttls_state(data, PHASE2_METHOD);
 931                 next_type = sm->user->methods[0].method;
 932                 sm->user_eap_method_index = 1;
 933                 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
 934                 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
 935                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
 936                                    "EAP type %d", next_type);
 937                         eap_ttls_state(data, FAILURE);
 938                 }
 939                 break;
 940         case PHASE2_METHOD:
 941                 eap_ttls_state(data, SUCCESS);
 942                 eap_ttls_valid_session(sm, data);
 943                 break;
 944         case FAILURE:
 945                 break;
 946         default:
 947                 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
 948                            __func__, data->state);
 949                 break;
 950         }
 951 }
 952
 953
 954 static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
 955                                         struct eap_ttls_data *data,
 956                                         const u8 *eap, size_t eap_len)
 957 {
 958         struct eap_hdr *hdr;
 959         size_t len;
 960
 961         if (data->state == PHASE2_START) {
 962                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
 963                 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0)
 964                 {
 965                         wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
 966                                    "initialize EAP-Identity");
 967                         return;
 968                 }
 969         }
 970
 971         if (eap_len < sizeof(*hdr)) {
 972                 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
 973                            "packet (len=%lu)", (unsigned long) eap_len);
 974                 return;
 975         }
 976
 977         hdr = (struct eap_hdr *) eap;
 978         len = be_to_host16(hdr->length);
 979         wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
 980                    "identifier=%d length=%lu", hdr->code, hdr->identifier,
 981                    (unsigned long) len);
 982         if (len > eap_len) {
 983                 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
 984                            " EAP frame (hdr len=%lu, data len in AVP=%lu)",
 985                            (unsigned long) len, (unsigned long) eap_len);
 986                 return;
 987         }
 988
 989         switch (hdr->code) {
 990         case EAP_CODE_RESPONSE:
 991                 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
 992                                                      len);
 993                 break;
 994         default:
 995                 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
 996                            "Phase 2 EAP header", hdr->code);
 997                 break;
 998         }
 999 }
1000
1001
1002 static void eap_ttls_process_phase2(struct eap_sm *sm,
1003                                     struct eap_ttls_data *data,
1004                                     struct wpabuf *in_buf)
1005 {
1006         struct wpabuf *in_decrypted;
1007         struct eap_ttls_avp parse;
1008
1009         wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
1010                    " Phase 2", (unsigned long) wpabuf_len(in_buf));
1011
1012         if (data->pending_phase2_eap_resp) {
1013                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
1014                            "- skip decryption and use old data");
1015                 eap_ttls_process_phase2_eap(
1016                         sm, data, wpabuf_head(data->pending_phase2_eap_resp),
1017                         wpabuf_len(data->pending_phase2_eap_resp));
1018                 wpabuf_free(data->pending_phase2_eap_resp);
1019                 data->pending_phase2_eap_resp = NULL;
1020                 return;
1021         }
1022
1023         in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1024                                               in_buf);
1025         if (in_decrypted == NULL) {
1026                 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
1027                            "data");
1028                 eap_ttls_state(data, FAILURE);
1029                 return;
1030         }
1031
1032         wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
1033                             in_decrypted);
1034
1035         if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
1036                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
1037                 wpabuf_free(in_decrypted);
1038                 eap_ttls_state(data, FAILURE);
1039                 return;
1040         }
1041
1042         if (parse.user_name) {
1043                 char *nbuf;
1044                 nbuf = os_malloc(parse.user_name_len * 4 + 1);
1045                 if (nbuf) {
1046                         printf_encode(nbuf, parse.user_name_len * 4 + 1,
1047                                       parse.user_name,
1048                                       parse.user_name_len);
1049                         eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
1050                         os_free(nbuf);
1051                 }
1052
1053                 os_free(sm->identity);
1054                 sm->identity = os_malloc(parse.user_name_len);
1055                 if (sm->identity == NULL) {
1056                         eap_ttls_state(data, FAILURE);
1057                         goto done;
1058                 }
1059                 os_memcpy(sm->identity, parse.user_name, parse.user_name_len);
1060                 sm->identity_len = parse.user_name_len;
1061                 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
1062                     != 0) {
1063                         wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
1064                                    "found in the user database");
1065                         eap_ttls_state(data, FAILURE);
1066                         goto done;
1067                 }
1068         }
1069
1070 #ifdef EAP_SERVER_TNC
1071         if (data->tnc_started && parse.eap == NULL) {
1072                 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1073                            "response from peer");
1074                 eap_ttls_state(data, FAILURE);
1075                 goto done;
1076         }
1077 #endif /* EAP_SERVER_TNC */
1078
1079         if (parse.eap) {
1080                 eap_ttls_process_phase2_eap(sm, data, parse.eap,
1081                                             parse.eap_len);
1082         } else if (parse.user_password) {
1083                 eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1084                                             parse.user_password_len);
1085         } else if (parse.chap_password) {
1086                 eap_ttls_process_phase2_chap(sm, data,
1087                                              parse.chap_challenge,
1088                                              parse.chap_challenge_len,
1089                                              parse.chap_password,
1090                                              parse.chap_password_len);
1091         } else if (parse.mschap_response) {
1092                 eap_ttls_process_phase2_mschap(sm, data,
1093                                                parse.mschap_challenge,
1094                                                parse.mschap_challenge_len,
1095                                                parse.mschap_response,
1096                                                parse.mschap_response_len);
1097         } else if (parse.mschap2_response) {
1098                 eap_ttls_process_phase2_mschapv2(sm, data,
1099                                                  parse.mschap_challenge,
1100                                                  parse.mschap_challenge_len,
1101                                                  parse.mschap2_response,
1102                                                  parse.mschap2_response_len);
1103         }
1104
1105 done:
1106         wpabuf_free(in_decrypted);
1107         os_free(parse.eap);
1108 }
1109
1110
1111 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1112 {
1113 #ifdef EAP_SERVER_TNC
1114         if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
1115                 return;
1116
1117         wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1118         if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
1119                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1120                 eap_ttls_state(data, FAILURE);
1121                 return;
1122         }
1123
1124         data->tnc_started = 1;
1125         eap_ttls_state(data, PHASE2_METHOD);
1126 #endif /* EAP_SERVER_TNC */
1127 }
1128
1129
1130 static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1131                                     int peer_version)
1132 {
1133         struct eap_ttls_data *data = priv;
1134         if (peer_version < data->ttls_version) {
1135                 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1136                            "use version %d",
1137                            peer_version, data->ttls_version, peer_version);
1138                 data->ttls_version = peer_version;
1139         }
1140
1141         return 0;
1142 }
1143
1144
1145 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1146                                  const struct wpabuf *respData)
1147 {
1148         struct eap_ttls_data *data = priv;
1149
1150         switch (data->state) {
1151         case PHASE1:
1152                 if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1153                         eap_ttls_state(data, FAILURE);
1154                 break;
1155         case PHASE2_START:
1156         case PHASE2_METHOD:
1157                 eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1158                 eap_ttls_start_tnc(sm, data);
1159                 break;
1160         case PHASE2_MSCHAPV2_RESP:
1161                 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1162                     0) {
1163                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1164                                    "acknowledged response");
1165                         eap_ttls_state(data, SUCCESS);
1166                         eap_ttls_valid_session(sm, data);
1167                 } else if (!data->mschapv2_resp_ok) {
1168                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1169                                    "acknowledged error");
1170                         eap_ttls_state(data, FAILURE);
1171                 } else {
1172                         wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1173                                    "frame from peer (payload len %lu, "
1174                                    "expected empty frame)",
1175                                    (unsigned long)
1176                                    wpabuf_len(data->ssl.tls_in));
1177                         eap_ttls_state(data, FAILURE);
1178                 }
1179                 eap_ttls_start_tnc(sm, data);
1180                 break;
1181         default:
1182                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1183                            data->state, __func__);
1184                 break;
1185         }
1186 }
1187
1188
1189 static void eap_ttls_process(struct eap_sm *sm, void *priv,
1190                              struct wpabuf *respData)
1191 {
1192         struct eap_ttls_data *data = priv;
1193         const struct wpabuf *buf;
1194         const u8 *pos;
1195         u8 id_len;
1196
1197         if (eap_server_tls_process(sm, &data->ssl, respData, data,
1198                                    EAP_TYPE_TTLS, eap_ttls_process_version,
1199                                    eap_ttls_process_msg) < 0) {
1200                 eap_ttls_state(data, FAILURE);
1201                 return;
1202         }
1203
1204         if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
1205             !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
1206                 return;
1207
1208         buf = tls_connection_get_success_data(data->ssl.conn);
1209         if (!buf || wpabuf_len(buf) < 1) {
1210                 wpa_printf(MSG_DEBUG,
1211                            "EAP-TTLS: No success data in resumed session - reject attempt");
1212                 eap_ttls_state(data, FAILURE);
1213                 return;
1214         }
1215
1216         pos = wpabuf_head(buf);
1217         if (*pos != EAP_TYPE_TTLS) {
1218                 wpa_printf(MSG_DEBUG,
1219                            "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt",
1220                            *pos);
1221                 eap_ttls_state(data, FAILURE);
1222                 return;
1223         }
1224
1225         pos++;
1226         id_len = *pos++;
1227         wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session",
1228                           pos, id_len);
1229         os_free(sm->identity);
1230         sm->identity = os_malloc(id_len ? id_len : 1);
1231         if (!sm->identity) {
1232                 sm->identity_len = 0;
1233                 eap_ttls_state(data, FAILURE);
1234                 return;
1235         }
1236
1237         os_memcpy(sm->identity, pos, id_len);
1238         sm->identity_len = id_len;
1239
1240         if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1241                 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database",
1242                                   sm->identity, sm->identity_len);
1243                 eap_ttls_state(data, FAILURE);
1244                 return;
1245         }
1246
1247         wpa_printf(MSG_DEBUG,
1248                    "EAP-TTLS: Resuming previous session - skip Phase2");
1249         eap_ttls_state(data, SUCCESS);
1250         tls_connection_set_success_data_resumed(data->ssl.conn);
1251 }
1252
1253
1254 static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
1255 {
1256         struct eap_ttls_data *data = priv;
1257         return data->state == SUCCESS || data->state == FAILURE;
1258 }
1259
1260
1261 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1262 {
1263         struct eap_ttls_data *data = priv;
1264         u8 *eapKeyData;
1265
1266         if (data->state != SUCCESS)
1267                 return NULL;
1268
1269         eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1270                                                "ttls keying material",
1271                                                EAP_TLS_KEY_LEN);
1272         if (eapKeyData) {
1273                 *len = EAP_TLS_KEY_LEN;
1274                 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1275                                 eapKeyData, EAP_TLS_KEY_LEN);
1276         } else {
1277                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1278         }
1279
1280         return eapKeyData;
1281 }
1282
1283
1284 static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1285 {
1286         struct eap_ttls_data *data = priv;
1287         return data->state == SUCCESS;
1288 }
1289
1290
1291 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1292 {
1293         struct eap_ttls_data *data = priv;
1294
1295         if (data->state != SUCCESS)
1296                 return NULL;
1297
1298         return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS,
1299                                                 len);
1300 }
1301
1302
1303 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1304 {
1305         struct eap_ttls_data *data = priv;
1306         u8 *eapKeyData, *emsk;
1307
1308         if (data->state != SUCCESS)
1309                 return NULL;
1310
1311         eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1312                                                "ttls keying material",
1313                                                EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1314         if (eapKeyData) {
1315                 emsk = os_malloc(EAP_EMSK_LEN);
1316                 if (emsk)
1317                         os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
1318                                   EAP_EMSK_LEN);
1319                 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
1320         } else
1321                 emsk = NULL;
1322
1323         if (emsk) {
1324                 *len = EAP_EMSK_LEN;
1325                 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived EMSK",
1326                             emsk, EAP_EMSK_LEN);
1327         } else {
1328                 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive EMSK");
1329         }
1330
1331         return emsk;
1332 }
1333
1334
1335 int eap_server_ttls_register(void)
1336 {
1337         struct eap_method *eap;
1338         int ret;
1339
1340         eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1341                                       EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1342         if (eap == NULL)
1343                 return -1;
1344
1345         eap->init = eap_ttls_init;
1346         eap->reset = eap_ttls_reset;
1347         eap->buildReq = eap_ttls_buildReq;
1348         eap->check = eap_ttls_check;
1349         eap->process = eap_ttls_process;
1350         eap->isDone = eap_ttls_isDone;
1351         eap->getKey = eap_ttls_getKey;
1352         eap->isSuccess = eap_ttls_isSuccess;
1353         eap->getSessionId = eap_ttls_get_session_id;
1354         eap->get_emsk = eap_ttls_get_emsk;
1355
1356         ret = eap_server_method_register(eap);
1357         if (ret)
1358                 eap_server_method_free(eap);
1359         return ret;
1360 }