1 /* 2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions 3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/sha1.h" 13 #include "crypto/tls.h" 14 #include "eap_i.h" 15 #include "eap_tls_common.h" 16 #include "eap_config.h" 17 18 eap_tls_msg_alloc(enum eap_type type,size_t payload_len,u8 code,u8 identifier)19 static struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len, 20 u8 code, u8 identifier) 21 { 22 if (type == EAP_UNAUTH_TLS_TYPE) 23 return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS, 24 EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len, 25 code, identifier); 26 return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code, 27 identifier); 28 } 29 30 eap_tls_check_blob(struct eap_sm * sm,const char ** name,const u8 ** data,size_t * data_len)31 static int eap_tls_check_blob(struct eap_sm *sm, const char **name, 32 const u8 **data, size_t *data_len) 33 { 34 const struct wpa_config_blob *blob; 35 36 if (*name == NULL || os_strncmp(*name, "blob://", 7) != 0) 37 return 0; 38 39 blob = eap_get_config_blob(sm, *name + 7); 40 if (blob == NULL) { 41 wpa_printf(MSG_ERROR, "%s: Named configuration blob '%s' not " 42 "found", __func__, *name + 7); 43 return -1; 44 } 45 46 *name = NULL; 47 *data = blob->data; 48 *data_len = blob->len; 49 50 return 0; 51 } 52 53 eap_tls_params_flags(struct tls_connection_params * params,const char * txt)54 static void eap_tls_params_flags(struct tls_connection_params *params, 55 const char *txt) 56 { 57 if (txt == NULL) 58 return; 59 if (os_strstr(txt, "tls_allow_md5=1")) 60 params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5; 61 if (os_strstr(txt, "tls_disable_time_checks=1")) 62 params->flags |= TLS_CONN_DISABLE_TIME_CHECKS; 63 if (os_strstr(txt, "tls_disable_session_ticket=1")) 64 params->flags |= TLS_CONN_DISABLE_SESSION_TICKET; 65 if (os_strstr(txt, "tls_disable_session_ticket=0")) 66 params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET; 67 if (os_strstr(txt, "tls_disable_tlsv1_0=1")) 68 params->flags |= TLS_CONN_DISABLE_TLSv1_0; 69 if (os_strstr(txt, "tls_disable_tlsv1_0=0")) { 70 params->flags &= ~TLS_CONN_DISABLE_TLSv1_0; 71 params->flags |= TLS_CONN_ENABLE_TLSv1_0; 72 } 73 if (os_strstr(txt, "tls_disable_tlsv1_1=1")) 74 params->flags |= TLS_CONN_DISABLE_TLSv1_1; 75 if (os_strstr(txt, "tls_disable_tlsv1_1=0")) { 76 params->flags &= ~TLS_CONN_DISABLE_TLSv1_1; 77 params->flags |= TLS_CONN_ENABLE_TLSv1_1; 78 } 79 if (os_strstr(txt, "tls_disable_tlsv1_2=1")) 80 params->flags |= TLS_CONN_DISABLE_TLSv1_2; 81 if (os_strstr(txt, "tls_disable_tlsv1_2=0")) { 82 params->flags &= ~TLS_CONN_DISABLE_TLSv1_2; 83 params->flags |= TLS_CONN_ENABLE_TLSv1_2; 84 } 85 if (os_strstr(txt, "tls_disable_tlsv1_3=1")) 86 params->flags |= TLS_CONN_DISABLE_TLSv1_3; 87 if (os_strstr(txt, "tls_disable_tlsv1_3=0")) 88 params->flags &= ~TLS_CONN_DISABLE_TLSv1_3; 89 if (os_strstr(txt, "tls_ext_cert_check=1")) 90 params->flags |= TLS_CONN_EXT_CERT_CHECK; 91 if (os_strstr(txt, "tls_ext_cert_check=0")) 92 params->flags &= ~TLS_CONN_EXT_CERT_CHECK; 93 if (os_strstr(txt, "tls_suiteb=1")) 94 params->flags |= TLS_CONN_SUITEB; 95 if (os_strstr(txt, "tls_suiteb=0")) 96 params->flags &= ~TLS_CONN_SUITEB; 97 if (os_strstr(txt, "tls_suiteb_no_ecdh=1")) 98 params->flags |= TLS_CONN_SUITEB_NO_ECDH; 99 if (os_strstr(txt, "tls_suiteb_no_ecdh=0")) 100 params->flags &= ~TLS_CONN_SUITEB_NO_ECDH; 101 if (os_strstr(txt, "allow_unsafe_renegotiation=1")) 102 params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; 103 if (os_strstr(txt, "allow_unsafe_renegotiation=0")) 104 params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; 105 } 106 107 eap_tls_cert_params_from_conf(struct tls_connection_params * params,struct eap_peer_cert_config * config)108 static void eap_tls_cert_params_from_conf(struct tls_connection_params *params, 109 struct eap_peer_cert_config *config) 110 { 111 params->ca_cert = config->ca_cert; 112 params->ca_path = config->ca_path; 113 params->client_cert = config->client_cert; 114 params->private_key = config->private_key; 115 params->private_key_passwd = config->private_key_passwd; 116 params->subject_match = config->subject_match; 117 params->altsubject_match = config->altsubject_match; 118 params->check_cert_subject = config->check_cert_subject; 119 params->suffix_match = config->domain_suffix_match; 120 params->domain_match = config->domain_match; 121 params->engine = config->engine; 122 params->engine_id = config->engine_id; 123 params->pin = config->pin; 124 params->key_id = config->key_id; 125 params->cert_id = config->cert_id; 126 params->ca_cert_id = config->ca_cert_id; 127 if (config->ocsp) 128 params->flags |= TLS_CONN_REQUEST_OCSP; 129 if (config->ocsp >= 2) 130 params->flags |= TLS_CONN_REQUIRE_OCSP; 131 if (config->ocsp == 3) 132 params->flags |= TLS_CONN_REQUIRE_OCSP_ALL; 133 } 134 135 eap_tls_params_from_conf1(struct tls_connection_params * params,struct eap_peer_config * config)136 static void eap_tls_params_from_conf1(struct tls_connection_params *params, 137 struct eap_peer_config *config) 138 { 139 eap_tls_cert_params_from_conf(params, &config->cert); 140 eap_tls_params_flags(params, config->phase1); 141 } 142 143 eap_tls_params_from_conf2(struct tls_connection_params * params,struct eap_peer_config * config)144 static void eap_tls_params_from_conf2(struct tls_connection_params *params, 145 struct eap_peer_config *config) 146 { 147 eap_tls_cert_params_from_conf(params, &config->phase2_cert); 148 eap_tls_params_flags(params, config->phase2); 149 } 150 151 eap_tls_params_from_conf2m(struct tls_connection_params * params,struct eap_peer_config * config)152 static void eap_tls_params_from_conf2m(struct tls_connection_params *params, 153 struct eap_peer_config *config) 154 { 155 eap_tls_cert_params_from_conf(params, &config->machine_cert); 156 eap_tls_params_flags(params, config->machine_phase2); 157 } 158 159 eap_tls_params_from_conf(struct eap_sm * sm,struct eap_ssl_data * data,struct tls_connection_params * params,struct eap_peer_config * config,int phase2)160 static int eap_tls_params_from_conf(struct eap_sm *sm, 161 struct eap_ssl_data *data, 162 struct tls_connection_params *params, 163 struct eap_peer_config *config, int phase2) 164 { 165 os_memset(params, 0, sizeof(*params)); 166 if (sm->workaround && data->eap_type != EAP_TYPE_FAST && 167 data->eap_type != EAP_TYPE_TEAP) { 168 /* 169 * Some deployed authentication servers seem to be unable to 170 * handle the TLS Session Ticket extension (they are supposed 171 * to ignore unrecognized TLS extensions, but end up rejecting 172 * the ClientHello instead). As a workaround, disable use of 173 * TLS Sesson Ticket extension for EAP-TLS, EAP-PEAP, and 174 * EAP-TTLS (EAP-FAST uses session ticket, so any server that 175 * supports EAP-FAST does not need this workaround). 176 */ 177 params->flags |= TLS_CONN_DISABLE_SESSION_TICKET; 178 } 179 if (data->eap_type == EAP_TYPE_TEAP) { 180 /* RFC 7170 requires TLS v1.2 or newer to be used with TEAP */ 181 params->flags |= TLS_CONN_DISABLE_TLSv1_0 | 182 TLS_CONN_DISABLE_TLSv1_1; 183 } 184 if (data->eap_type == EAP_TYPE_FAST || 185 data->eap_type == EAP_TYPE_TEAP || 186 data->eap_type == EAP_TYPE_TTLS || 187 data->eap_type == EAP_TYPE_PEAP) { 188 /* The current EAP peer implementation is not yet ready for the 189 * TLS v1.3 changes, so disable this by default for now. */ 190 params->flags |= TLS_CONN_DISABLE_TLSv1_3; 191 } 192 #ifndef EAP_TLSV1_3 193 if (data->eap_type == EAP_TYPE_TLS || 194 data->eap_type == EAP_UNAUTH_TLS_TYPE) { 195 /* While the current EAP-TLS implementation is more or less 196 * complete for TLS v1.3, there has been only minimal 197 * interoperability testing with other implementations, so 198 * disable it by default for now until there has been chance to 199 * confirm that no significant interoperability issues show up 200 * with TLS version update. 201 */ 202 params->flags |= TLS_CONN_DISABLE_TLSv1_3; 203 } 204 #endif /* EAP_TLSV1_3 */ 205 if (phase2 && sm->use_machine_cred) { 206 wpa_printf(MSG_DEBUG, "TLS: using machine config options"); 207 eap_tls_params_from_conf2m(params, config); 208 } else if (phase2) { 209 wpa_printf(MSG_DEBUG, "TLS: using phase2 config options"); 210 eap_tls_params_from_conf2(params, config); 211 } else { 212 wpa_printf(MSG_DEBUG, "TLS: using phase1 config options"); 213 eap_tls_params_from_conf1(params, config); 214 if (data->eap_type == EAP_TYPE_FAST) 215 params->flags |= TLS_CONN_EAP_FAST; 216 } 217 218 /* 219 * Use blob data, if available. Otherwise, leave reference to external 220 * file as-is. 221 */ 222 if (eap_tls_check_blob(sm, ¶ms->ca_cert, ¶ms->ca_cert_blob, 223 ¶ms->ca_cert_blob_len) || 224 eap_tls_check_blob(sm, ¶ms->client_cert, 225 ¶ms->client_cert_blob, 226 ¶ms->client_cert_blob_len) || 227 eap_tls_check_blob(sm, ¶ms->private_key, 228 ¶ms->private_key_blob, 229 ¶ms->private_key_blob_len)) { 230 wpa_printf(MSG_INFO, "SSL: Failed to get configuration blobs"); 231 return -1; 232 } 233 234 params->openssl_ciphers = config->openssl_ciphers; 235 236 sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); 237 238 if (!phase2) 239 data->client_cert_conf = params->client_cert || 240 params->client_cert_blob || 241 params->private_key || 242 params->private_key_blob; 243 244 return 0; 245 } 246 247 eap_tls_init_connection(struct eap_sm * sm,struct eap_ssl_data * data,struct eap_peer_config * config,struct tls_connection_params * params)248 static int eap_tls_init_connection(struct eap_sm *sm, 249 struct eap_ssl_data *data, 250 struct eap_peer_config *config, 251 struct tls_connection_params *params) 252 { 253 int res; 254 255 data->conn = tls_connection_init(data->ssl_ctx); 256 if (data->conn == NULL) { 257 wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS " 258 "connection"); 259 return -1; 260 } 261 262 res = tls_connection_set_params(data->ssl_ctx, data->conn, params); 263 if (res == TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN) { 264 /* 265 * At this point with the pkcs11 engine the PIN is wrong. We 266 * reset the PIN in the configuration to be sure to not use it 267 * again and the calling function must request a new one. 268 */ 269 wpa_printf(MSG_INFO, 270 "TLS: Bad PIN provided, requesting a new one"); 271 os_free(config->cert.pin); 272 config->cert.pin = NULL; 273 eap_sm_request_pin(sm); 274 sm->ignore = true; 275 } else if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) { 276 wpa_printf(MSG_INFO, "TLS: Failed to initialize engine"); 277 } else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) { 278 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 279 sm->ignore = true; 280 } 281 if (res) { 282 wpa_printf(MSG_INFO, "TLS: Failed to set TLS connection " 283 "parameters"); 284 tls_connection_deinit(data->ssl_ctx, data->conn); 285 data->conn = NULL; 286 return -1; 287 } 288 289 return 0; 290 } 291 292 293 /** 294 * eap_peer_tls_ssl_init - Initialize shared TLS functionality 295 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 296 * @data: Data for TLS processing 297 * @config: Pointer to the network configuration 298 * @eap_type: EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) 299 * Returns: 0 on success, -1 on failure 300 * 301 * This function is used to initialize shared TLS functionality for EAP-TLS, 302 * EAP-PEAP, EAP-TTLS, and EAP-FAST. 303 */ eap_peer_tls_ssl_init(struct eap_sm * sm,struct eap_ssl_data * data,struct eap_peer_config * config,u8 eap_type)304 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 305 struct eap_peer_config *config, u8 eap_type) 306 { 307 struct tls_connection_params params; 308 309 if (config == NULL) 310 return -1; 311 312 data->eap = sm; 313 data->eap_type = eap_type; 314 data->phase2 = sm->init_phase2; 315 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 : 316 sm->ssl_ctx; 317 if (eap_tls_params_from_conf(sm, data, ¶ms, config, data->phase2) < 318 0) 319 return -1; 320 321 if (eap_tls_init_connection(sm, data, config, ¶ms) < 0) 322 return -1; 323 324 data->tls_out_limit = config->fragment_size; 325 if (data->phase2) { 326 /* Limit the fragment size in the inner TLS authentication 327 * since the outer authentication with EAP-PEAP does not yet 328 * support fragmentation */ 329 if (data->tls_out_limit > 100) 330 data->tls_out_limit -= 100; 331 } 332 333 if (config->phase1 && 334 os_strstr(config->phase1, "include_tls_length=1")) { 335 wpa_printf(MSG_DEBUG, "TLS: Include TLS Message Length in " 336 "unfragmented packets"); 337 data->include_tls_length = 1; 338 } 339 340 return 0; 341 } 342 343 344 /** 345 * eap_peer_tls_ssl_deinit - Deinitialize shared TLS functionality 346 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 347 * @data: Data for TLS processing 348 * 349 * This function deinitializes shared TLS functionality that was initialized 350 * with eap_peer_tls_ssl_init(). 351 */ eap_peer_tls_ssl_deinit(struct eap_sm * sm,struct eap_ssl_data * data)352 void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data) 353 { 354 tls_connection_deinit(data->ssl_ctx, data->conn); 355 eap_peer_tls_reset_input(data); 356 eap_peer_tls_reset_output(data); 357 } 358 359 360 /** 361 * eap_peer_tls_derive_key - Derive a key based on TLS session data 362 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 363 * @data: Data for TLS processing 364 * @label: Label string for deriving the keys, e.g., "client EAP encryption" 365 * @context: Optional extra upper-layer context (max len 2^16) 366 * @context_len: The length of the context value 367 * @len: Length of the key material to generate (usually 64 for MSK) 368 * Returns: Pointer to allocated key on success or %NULL on failure 369 * 370 * This function uses TLS-PRF to generate pseudo-random data based on the TLS 371 * session data (client/server random and master key). Each key type may use a 372 * different label to bind the key usage into the generated material. 373 * 374 * The caller is responsible for freeing the returned buffer. 375 * 376 * Note: To provide the RFC 5705 context, the context variable must be non-NULL. 377 */ eap_peer_tls_derive_key(struct eap_sm * sm,struct eap_ssl_data * data,const char * label,const u8 * context,size_t context_len,size_t len)378 u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 379 const char *label, const u8 *context, 380 size_t context_len, size_t len) 381 { 382 u8 *out; 383 384 out = os_malloc(len); 385 if (out == NULL) 386 return NULL; 387 388 if (tls_connection_export_key(data->ssl_ctx, data->conn, label, 389 context, context_len, out, len)) { 390 os_free(out); 391 return NULL; 392 } 393 394 return out; 395 } 396 397 398 /** 399 * eap_peer_tls_derive_session_id - Derive a Session-Id based on TLS data 400 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 401 * @data: Data for TLS processing 402 * @eap_type: EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) 403 * @len: Pointer to length of the session ID generated 404 * Returns: Pointer to allocated Session-Id on success or %NULL on failure 405 * 406 * This function derive the Session-Id based on the TLS session data 407 * (client/server random and method type). 408 * 409 * The caller is responsible for freeing the returned buffer. 410 */ eap_peer_tls_derive_session_id(struct eap_sm * sm,struct eap_ssl_data * data,u8 eap_type,size_t * len)411 u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm, 412 struct eap_ssl_data *data, u8 eap_type, 413 size_t *len) 414 { 415 struct tls_random keys; 416 u8 *out; 417 418 if (data->tls_v13) { 419 u8 *id, *method_id; 420 const u8 context[] = { eap_type }; 421 422 /* Session-Id = <EAP-Type> || Method-Id 423 * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", 424 * Type-Code, 64) 425 */ 426 *len = 1 + 64; 427 id = os_malloc(*len); 428 if (!id) 429 return NULL; 430 method_id = eap_peer_tls_derive_key( 431 sm, data, "EXPORTER_EAP_TLS_Method-Id", context, 1, 64); 432 if (!method_id) { 433 os_free(id); 434 return NULL; 435 } 436 id[0] = eap_type; 437 os_memcpy(id + 1, method_id, 64); 438 os_free(method_id); 439 return id; 440 } 441 442 if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) || 443 keys.client_random == NULL || keys.server_random == NULL) 444 return NULL; 445 446 *len = 1 + keys.client_random_len + keys.server_random_len; 447 out = os_malloc(*len); 448 if (out == NULL) 449 return NULL; 450 451 /* Session-Id = EAP type || client.random || server.random */ 452 out[0] = eap_type; 453 os_memcpy(out + 1, keys.client_random, keys.client_random_len); 454 os_memcpy(out + 1 + keys.client_random_len, keys.server_random, 455 keys.server_random_len); 456 457 return out; 458 } 459 460 461 /** 462 * eap_peer_tls_reassemble_fragment - Reassemble a received fragment 463 * @data: Data for TLS processing 464 * @in_data: Next incoming TLS segment 465 * Returns: 0 on success, 1 if more data is needed for the full message, or 466 * -1 on error 467 */ eap_peer_tls_reassemble_fragment(struct eap_ssl_data * data,const struct wpabuf * in_data)468 static int eap_peer_tls_reassemble_fragment(struct eap_ssl_data *data, 469 const struct wpabuf *in_data) 470 { 471 size_t tls_in_len, in_len; 472 473 tls_in_len = data->tls_in ? wpabuf_len(data->tls_in) : 0; 474 in_len = in_data ? wpabuf_len(in_data) : 0; 475 476 if (tls_in_len + in_len == 0) { 477 /* No message data received?! */ 478 wpa_printf(MSG_WARNING, "SSL: Invalid reassembly state: " 479 "tls_in_left=%lu tls_in_len=%lu in_len=%lu", 480 (unsigned long) data->tls_in_left, 481 (unsigned long) tls_in_len, 482 (unsigned long) in_len); 483 eap_peer_tls_reset_input(data); 484 return -1; 485 } 486 487 if (tls_in_len + in_len > 65536) { 488 /* 489 * Limit length to avoid rogue servers from causing large 490 * memory allocations. 491 */ 492 wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size over " 493 "64 kB)"); 494 eap_peer_tls_reset_input(data); 495 return -1; 496 } 497 498 if (in_len > data->tls_in_left) { 499 /* Sender is doing something odd - reject message */ 500 wpa_printf(MSG_INFO, "SSL: more data than TLS message length " 501 "indicated"); 502 eap_peer_tls_reset_input(data); 503 return -1; 504 } 505 506 if (wpabuf_resize(&data->tls_in, in_len) < 0) { 507 wpa_printf(MSG_INFO, "SSL: Could not allocate memory for TLS " 508 "data"); 509 eap_peer_tls_reset_input(data); 510 return -1; 511 } 512 if (in_data) 513 wpabuf_put_buf(data->tls_in, in_data); 514 data->tls_in_left -= in_len; 515 516 if (data->tls_in_left > 0) { 517 wpa_printf(MSG_DEBUG, "SSL: Need %lu bytes more input " 518 "data", (unsigned long) data->tls_in_left); 519 return 1; 520 } 521 522 return 0; 523 } 524 525 526 /** 527 * eap_peer_tls_data_reassemble - Reassemble TLS data 528 * @data: Data for TLS processing 529 * @in_data: Next incoming TLS segment 530 * @need_more_input: Variable for returning whether more input data is needed 531 * to reassemble this TLS packet 532 * Returns: Pointer to output data, %NULL on error or when more data is needed 533 * for the full message (in which case, *need_more_input is also set to 1). 534 * 535 * This function reassembles TLS fragments. Caller must not free the returned 536 * data buffer since an internal pointer to it is maintained. 537 */ eap_peer_tls_data_reassemble(struct eap_ssl_data * data,const struct wpabuf * in_data,int * need_more_input)538 static const struct wpabuf * eap_peer_tls_data_reassemble( 539 struct eap_ssl_data *data, const struct wpabuf *in_data, 540 int *need_more_input) 541 { 542 *need_more_input = 0; 543 544 if (data->tls_in_left > wpabuf_len(in_data) || data->tls_in) { 545 /* Message has fragments */ 546 int res = eap_peer_tls_reassemble_fragment(data, in_data); 547 if (res) { 548 if (res == 1) 549 *need_more_input = 1; 550 return NULL; 551 } 552 553 /* Message is now fully reassembled. */ 554 } else { 555 /* No fragments in this message, so just make a copy of it. */ 556 data->tls_in_left = 0; 557 data->tls_in = wpabuf_dup(in_data); 558 if (data->tls_in == NULL) 559 return NULL; 560 } 561 562 return data->tls_in; 563 } 564 565 566 /** 567 * eap_tls_process_input - Process incoming TLS message 568 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 569 * @data: Data for TLS processing 570 * @in_data: Message received from the server 571 * @out_data: Buffer for returning a pointer to application data (if available) 572 * Returns: 0 on success, 1 if more input data is needed, 2 if application data 573 * is available, -1 on failure 574 */ eap_tls_process_input(struct eap_sm * sm,struct eap_ssl_data * data,const struct wpabuf * in_data,struct wpabuf ** out_data)575 static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data, 576 const struct wpabuf *in_data, 577 struct wpabuf **out_data) 578 { 579 const struct wpabuf *msg; 580 int need_more_input; 581 struct wpabuf *appl_data; 582 583 msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input); 584 if (msg == NULL) 585 return need_more_input ? 1 : -1; 586 587 /* Full TLS message reassembled - continue handshake processing */ 588 if (data->tls_out) { 589 /* This should not happen.. */ 590 wpa_printf(MSG_INFO, "SSL: eap_tls_process_input - pending " 591 "tls_out data even though tls_out_len = 0"); 592 wpabuf_free(data->tls_out); 593 WPA_ASSERT(data->tls_out == NULL); 594 } 595 appl_data = NULL; 596 data->tls_out = tls_connection_handshake(data->ssl_ctx, data->conn, 597 msg, &appl_data); 598 599 eap_peer_tls_reset_input(data); 600 601 if (appl_data && 602 tls_connection_established(data->ssl_ctx, data->conn) && 603 !tls_connection_get_failed(data->ssl_ctx, data->conn)) { 604 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application data", 605 appl_data); 606 *out_data = appl_data; 607 return 2; 608 } 609 610 wpabuf_free(appl_data); 611 612 return 0; 613 } 614 615 616 /** 617 * eap_tls_process_output - Process outgoing TLS message 618 * @data: Data for TLS processing 619 * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) 620 * @peap_version: Version number for EAP-PEAP/TTLS 621 * @id: EAP identifier for the response 622 * @ret: Return value to use on success 623 * @out_data: Buffer for returning the allocated output buffer 624 * Returns: ret (0 or 1) on success, -1 on failure 625 */ eap_tls_process_output(struct eap_ssl_data * data,enum eap_type eap_type,int peap_version,u8 id,int ret,struct wpabuf ** out_data)626 static int eap_tls_process_output(struct eap_ssl_data *data, 627 enum eap_type eap_type, 628 int peap_version, u8 id, int ret, 629 struct wpabuf **out_data) 630 { 631 size_t len; 632 u8 *flags; 633 int more_fragments, length_included; 634 635 if (data->tls_out == NULL) 636 return -1; 637 len = wpabuf_len(data->tls_out) - data->tls_out_pos; 638 wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total " 639 "%lu bytes)", 640 (unsigned long) len, 641 (unsigned long) wpabuf_len(data->tls_out)); 642 643 /* 644 * Limit outgoing message to the configured maximum size. Fragment 645 * message if needed. 646 */ 647 if (len > data->tls_out_limit) { 648 more_fragments = 1; 649 len = data->tls_out_limit; 650 wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments " 651 "will follow", (unsigned long) len); 652 } else 653 more_fragments = 0; 654 655 length_included = data->tls_out_pos == 0 && 656 (wpabuf_len(data->tls_out) > data->tls_out_limit || 657 data->include_tls_length); 658 if (!length_included && 659 eap_type == EAP_TYPE_PEAP && peap_version == 0 && 660 !tls_connection_established(data->eap->ssl_ctx, data->conn)) { 661 /* 662 * Windows Server 2008 NPS really wants to have the TLS Message 663 * length included in phase 0 even for unfragmented frames or 664 * it will get very confused with Compound MAC calculation and 665 * Outer TLVs. 666 */ 667 length_included = 1; 668 } 669 670 *out_data = eap_tls_msg_alloc(eap_type, 1 + length_included * 4 + len, 671 EAP_CODE_RESPONSE, id); 672 if (*out_data == NULL) 673 return -1; 674 675 flags = wpabuf_put(*out_data, 1); 676 *flags = peap_version; 677 if (more_fragments) 678 *flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS; 679 if (length_included) { 680 *flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED; 681 wpabuf_put_be32(*out_data, wpabuf_len(data->tls_out)); 682 } 683 684 wpabuf_put_data(*out_data, 685 wpabuf_head_u8(data->tls_out) + data->tls_out_pos, 686 len); 687 data->tls_out_pos += len; 688 689 if (!more_fragments) 690 eap_peer_tls_reset_output(data); 691 692 return ret; 693 } 694 695 696 /** 697 * eap_peer_tls_process_helper - Process TLS handshake message 698 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 699 * @data: Data for TLS processing 700 * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) 701 * @peap_version: Version number for EAP-PEAP/TTLS 702 * @id: EAP identifier for the response 703 * @in_data: Message received from the server 704 * @out_data: Buffer for returning a pointer to the response message 705 * Returns: 0 on success, 1 if more input data is needed, 2 if application data 706 * is available, or -1 on failure 707 * 708 * This function can be used to process TLS handshake messages. It reassembles 709 * the received fragments and uses a TLS library to process the messages. The 710 * response data from the TLS library is fragmented to suitable output messages 711 * that the caller can send out. 712 * 713 * out_data is used to return the response message if the return value of this 714 * function is 0, 2, or -1. In case of failure, the message is likely a TLS 715 * alarm message. The caller is responsible for freeing the allocated buffer if 716 * *out_data is not %NULL. 717 * 718 * This function is called for each received TLS message during the TLS 719 * handshake after eap_peer_tls_process_init() call and possible processing of 720 * TLS Flags field. Once the handshake has been completed, i.e., when 721 * tls_connection_established() returns 1, EAP method specific decrypting of 722 * the tunneled data is used. 723 */ eap_peer_tls_process_helper(struct eap_sm * sm,struct eap_ssl_data * data,enum eap_type eap_type,int peap_version,u8 id,const struct wpabuf * in_data,struct wpabuf ** out_data)724 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, 725 enum eap_type eap_type, int peap_version, 726 u8 id, const struct wpabuf *in_data, 727 struct wpabuf **out_data) 728 { 729 int ret = 0; 730 731 *out_data = NULL; 732 733 if (data->tls_out && wpabuf_len(data->tls_out) > 0 && 734 wpabuf_len(in_data) > 0) { 735 wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output " 736 "fragments are waiting to be sent out"); 737 return -1; 738 } 739 740 if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) { 741 /* 742 * No more data to send out - expect to receive more data from 743 * the AS. 744 */ 745 int res = eap_tls_process_input(sm, data, in_data, out_data); 746 char buf[20]; 747 748 if (res) { 749 /* 750 * Input processing failed (res = -1) or more data is 751 * needed (res = 1). 752 */ 753 return res; 754 } 755 756 /* 757 * The incoming message has been reassembled and processed. The 758 * response was allocated into data->tls_out buffer. 759 */ 760 761 if (tls_get_version(data->ssl_ctx, data->conn, 762 buf, sizeof(buf)) == 0) { 763 wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf); 764 data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0; 765 } 766 } 767 768 if (data->tls_out == NULL) { 769 /* 770 * No outgoing fragments remaining from the previous message 771 * and no new message generated. This indicates an error in TLS 772 * processing. 773 */ 774 eap_peer_tls_reset_output(data); 775 return -1; 776 } 777 778 if (tls_connection_get_failed(data->ssl_ctx, data->conn)) { 779 /* TLS processing has failed - return error */ 780 wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to " 781 "report error (len=%u)", 782 (unsigned int) wpabuf_len(data->tls_out)); 783 ret = -1; 784 /* TODO: clean pin if engine used? */ 785 if (wpabuf_len(data->tls_out) == 0) { 786 wpabuf_free(data->tls_out); 787 data->tls_out = NULL; 788 return -1; 789 } 790 } 791 792 if (wpabuf_len(data->tls_out) == 0) { 793 /* 794 * TLS negotiation should now be complete since all other cases 795 * needing more data should have been caught above based on 796 * the TLS Message Length field. 797 */ 798 wpa_printf(MSG_DEBUG, "SSL: No data to be sent out"); 799 wpabuf_free(data->tls_out); 800 data->tls_out = NULL; 801 return 1; 802 } 803 804 /* Send the pending message (in fragments, if needed). */ 805 return eap_tls_process_output(data, eap_type, peap_version, id, ret, 806 out_data); 807 } 808 809 810 /** 811 * eap_peer_tls_build_ack - Build a TLS ACK frame 812 * @id: EAP identifier for the response 813 * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) 814 * @peap_version: Version number for EAP-PEAP/TTLS 815 * Returns: Pointer to the allocated ACK frame or %NULL on failure 816 */ eap_peer_tls_build_ack(u8 id,enum eap_type eap_type,int peap_version)817 struct wpabuf * eap_peer_tls_build_ack(u8 id, enum eap_type eap_type, 818 int peap_version) 819 { 820 struct wpabuf *resp; 821 822 resp = eap_tls_msg_alloc(eap_type, 1, EAP_CODE_RESPONSE, id); 823 if (resp == NULL) 824 return NULL; 825 wpa_printf(MSG_DEBUG, "SSL: Building ACK (type=%d id=%d ver=%d)", 826 (int) eap_type, id, peap_version); 827 wpabuf_put_u8(resp, peap_version); /* Flags */ 828 return resp; 829 } 830 831 832 /** 833 * eap_peer_tls_reauth_init - Re-initialize shared TLS for session resumption 834 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 835 * @data: Data for TLS processing 836 * Returns: 0 on success, -1 on failure 837 */ eap_peer_tls_reauth_init(struct eap_sm * sm,struct eap_ssl_data * data)838 int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data) 839 { 840 eap_peer_tls_reset_input(data); 841 eap_peer_tls_reset_output(data); 842 return tls_connection_shutdown(data->ssl_ctx, data->conn); 843 } 844 845 846 /** 847 * eap_peer_tls_status - Get TLS status 848 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 849 * @data: Data for TLS processing 850 * @buf: Buffer for status information 851 * @buflen: Maximum buffer length 852 * @verbose: Whether to include verbose status information 853 * Returns: Number of bytes written to buf. 854 */ eap_peer_tls_status(struct eap_sm * sm,struct eap_ssl_data * data,char * buf,size_t buflen,int verbose)855 int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, 856 char *buf, size_t buflen, int verbose) 857 { 858 char version[20], name[128]; 859 int len = 0, ret; 860 861 if (tls_get_version(data->ssl_ctx, data->conn, version, 862 sizeof(version)) < 0) 863 version[0] = '\0'; 864 if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) < 0) 865 name[0] = '\0'; 866 867 ret = os_snprintf(buf + len, buflen - len, 868 "eap_tls_version=%s\n" 869 "EAP TLS cipher=%s\n" 870 "tls_session_reused=%d\n", 871 version, name, 872 tls_connection_resumed(data->ssl_ctx, data->conn)); 873 if (os_snprintf_error(buflen - len, ret)) 874 return len; 875 len += ret; 876 877 return len; 878 } 879 880 881 /** 882 * eap_peer_tls_process_init - Initial validation/processing of EAP requests 883 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 884 * @data: Data for TLS processing 885 * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) 886 * @ret: Return values from EAP request validation and processing 887 * @reqData: EAP request to be processed (eapReqData) 888 * @len: Buffer for returning length of the remaining payload 889 * @flags: Buffer for returning TLS flags 890 * Returns: Pointer to payload after TLS flags and length or %NULL on failure 891 * 892 * This function validates the EAP header and processes the optional TLS 893 * Message Length field. If this is the first fragment of a TLS message, the 894 * TLS reassembly code is initialized to receive the indicated number of bytes. 895 * 896 * EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST methods are expected to use this 897 * function as the first step in processing received messages. They will need 898 * to process the flags (apart from Message Length Included) that are returned 899 * through the flags pointer and the message payload that will be returned (and 900 * the length is returned through the len pointer). Return values (ret) are set 901 * for continuation of EAP method processing. The caller is responsible for 902 * setting these to indicate completion (either success or failure) based on 903 * the authentication result. 904 */ eap_peer_tls_process_init(struct eap_sm * sm,struct eap_ssl_data * data,enum eap_type eap_type,struct eap_method_ret * ret,const struct wpabuf * reqData,size_t * len,u8 * flags)905 const u8 * eap_peer_tls_process_init(struct eap_sm *sm, 906 struct eap_ssl_data *data, 907 enum eap_type eap_type, 908 struct eap_method_ret *ret, 909 const struct wpabuf *reqData, 910 size_t *len, u8 *flags) 911 { 912 const u8 *pos; 913 size_t left; 914 unsigned int tls_msg_len; 915 916 if (tls_get_errors(data->ssl_ctx)) { 917 wpa_printf(MSG_INFO, "SSL: TLS errors detected"); 918 ret->ignore = true; 919 return NULL; 920 } 921 922 if (eap_type == EAP_UNAUTH_TLS_TYPE) 923 pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS, 924 EAP_VENDOR_TYPE_UNAUTH_TLS, reqData, 925 &left); 926 else 927 pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData, 928 &left); 929 if (pos == NULL) { 930 ret->ignore = true; 931 return NULL; 932 } 933 if (left == 0) { 934 wpa_printf(MSG_DEBUG, "SSL: Invalid TLS message: no Flags " 935 "octet included"); 936 if (!sm->workaround) { 937 ret->ignore = true; 938 return NULL; 939 } 940 941 wpa_printf(MSG_DEBUG, "SSL: Workaround - assume no Flags " 942 "indicates ACK frame"); 943 *flags = 0; 944 } else { 945 *flags = *pos++; 946 left--; 947 } 948 wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - " 949 "Flags 0x%02x", (unsigned long) wpabuf_len(reqData), 950 *flags); 951 if (*flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { 952 if (left < 4) { 953 wpa_printf(MSG_INFO, "SSL: Short frame with TLS " 954 "length"); 955 ret->ignore = true; 956 return NULL; 957 } 958 tls_msg_len = WPA_GET_BE32(pos); 959 wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d", 960 tls_msg_len); 961 if (data->tls_in_left == 0) { 962 data->tls_in_total = tls_msg_len; 963 data->tls_in_left = tls_msg_len; 964 wpabuf_free(data->tls_in); 965 data->tls_in = NULL; 966 } 967 pos += 4; 968 left -= 4; 969 970 if (left > tls_msg_len) { 971 wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d " 972 "bytes) smaller than this fragment (%d " 973 "bytes)", (int) tls_msg_len, (int) left); 974 ret->ignore = true; 975 return NULL; 976 } 977 } 978 979 ret->ignore = false; 980 ret->methodState = METHOD_MAY_CONT; 981 ret->decision = DECISION_FAIL; 982 ret->allowNotifications = true; 983 984 *len = left; 985 return pos; 986 } 987 988 989 /** 990 * eap_peer_tls_reset_input - Reset input buffers 991 * @data: Data for TLS processing 992 * 993 * This function frees any allocated memory for input buffers and resets input 994 * state. 995 */ eap_peer_tls_reset_input(struct eap_ssl_data * data)996 void eap_peer_tls_reset_input(struct eap_ssl_data *data) 997 { 998 data->tls_in_left = data->tls_in_total = 0; 999 wpabuf_free(data->tls_in); 1000 data->tls_in = NULL; 1001 } 1002 1003 1004 /** 1005 * eap_peer_tls_reset_output - Reset output buffers 1006 * @data: Data for TLS processing 1007 * 1008 * This function frees any allocated memory for output buffers and resets 1009 * output state. 1010 */ eap_peer_tls_reset_output(struct eap_ssl_data * data)1011 void eap_peer_tls_reset_output(struct eap_ssl_data *data) 1012 { 1013 data->tls_out_pos = 0; 1014 wpabuf_free(data->tls_out); 1015 data->tls_out = NULL; 1016 } 1017 1018 1019 /** 1020 * eap_peer_tls_decrypt - Decrypt received phase 2 TLS message 1021 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1022 * @data: Data for TLS processing 1023 * @in_data: Message received from the server 1024 * @in_decrypted: Buffer for returning a pointer to the decrypted message 1025 * Returns: 0 on success, 1 if more input data is needed, or -1 on failure 1026 */ eap_peer_tls_decrypt(struct eap_sm * sm,struct eap_ssl_data * data,const struct wpabuf * in_data,struct wpabuf ** in_decrypted)1027 int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, 1028 const struct wpabuf *in_data, 1029 struct wpabuf **in_decrypted) 1030 { 1031 const struct wpabuf *msg; 1032 int need_more_input; 1033 1034 msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input); 1035 if (msg == NULL) 1036 return need_more_input ? 1 : -1; 1037 1038 *in_decrypted = tls_connection_decrypt(data->ssl_ctx, data->conn, msg); 1039 eap_peer_tls_reset_input(data); 1040 if (*in_decrypted == NULL) { 1041 wpa_printf(MSG_INFO, "SSL: Failed to decrypt Phase 2 data"); 1042 return -1; 1043 } 1044 return 0; 1045 } 1046 1047 1048 /** 1049 * eap_peer_tls_encrypt - Encrypt phase 2 TLS message 1050 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1051 * @data: Data for TLS processing 1052 * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) 1053 * @peap_version: Version number for EAP-PEAP/TTLS 1054 * @id: EAP identifier for the response 1055 * @in_data: Plaintext phase 2 data to encrypt or %NULL to continue fragments 1056 * @out_data: Buffer for returning a pointer to the encrypted response message 1057 * Returns: 0 on success, -1 on failure 1058 */ eap_peer_tls_encrypt(struct eap_sm * sm,struct eap_ssl_data * data,enum eap_type eap_type,int peap_version,u8 id,const struct wpabuf * in_data,struct wpabuf ** out_data)1059 int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, 1060 enum eap_type eap_type, int peap_version, u8 id, 1061 const struct wpabuf *in_data, 1062 struct wpabuf **out_data) 1063 { 1064 if (in_data) { 1065 eap_peer_tls_reset_output(data); 1066 data->tls_out = tls_connection_encrypt(data->ssl_ctx, 1067 data->conn, in_data); 1068 if (data->tls_out == NULL) { 1069 wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 " 1070 "data (in_len=%lu)", 1071 (unsigned long) wpabuf_len(in_data)); 1072 eap_peer_tls_reset_output(data); 1073 return -1; 1074 } 1075 } 1076 1077 return eap_tls_process_output(data, eap_type, peap_version, id, 0, 1078 out_data); 1079 } 1080 1081 1082 /** 1083 * eap_peer_select_phase2_methods - Select phase 2 EAP method 1084 * @config: Pointer to the network configuration 1085 * @prefix: 'phase2' configuration prefix, e.g., "auth=" 1086 * @types: Buffer for returning allocated list of allowed EAP methods 1087 * @num_types: Buffer for returning number of allocated EAP methods 1088 * Returns: 0 on success, -1 on failure 1089 * 1090 * This function is used to parse EAP method list and select allowed methods 1091 * for Phase2 authentication. 1092 */ eap_peer_select_phase2_methods(struct eap_peer_config * config,const char * prefix,struct eap_method_type ** types,size_t * num_types,int use_machine_cred)1093 int eap_peer_select_phase2_methods(struct eap_peer_config *config, 1094 const char *prefix, 1095 struct eap_method_type **types, 1096 size_t *num_types, int use_machine_cred) 1097 { 1098 char *start, *pos, *buf; 1099 struct eap_method_type *methods = NULL, *_methods; 1100 u32 method; 1101 size_t num_methods = 0, prefix_len; 1102 const char *phase2; 1103 1104 if (!config) 1105 goto get_defaults; 1106 phase2 = use_machine_cred ? config->machine_phase2 : config->phase2; 1107 if (!phase2) 1108 goto get_defaults; 1109 1110 start = buf = os_strdup(phase2); 1111 if (buf == NULL) 1112 return -1; 1113 1114 prefix_len = os_strlen(prefix); 1115 1116 while (start && *start != '\0') { 1117 int vendor; 1118 pos = os_strstr(start, prefix); 1119 if (pos == NULL) 1120 break; 1121 if (start != pos && *(pos - 1) != ' ') { 1122 start = pos + prefix_len; 1123 continue; 1124 } 1125 1126 start = pos + prefix_len; 1127 pos = os_strchr(start, ' '); 1128 if (pos) 1129 *pos++ = '\0'; 1130 method = eap_get_phase2_type(start, &vendor); 1131 if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_NONE) { 1132 wpa_printf(MSG_ERROR, "TLS: Unsupported Phase2 EAP " 1133 "method '%s'", start); 1134 os_free(methods); 1135 os_free(buf); 1136 return -1; 1137 } else { 1138 num_methods++; 1139 _methods = os_realloc_array(methods, num_methods, 1140 sizeof(*methods)); 1141 if (_methods == NULL) { 1142 os_free(methods); 1143 os_free(buf); 1144 return -1; 1145 } 1146 methods = _methods; 1147 methods[num_methods - 1].vendor = vendor; 1148 methods[num_methods - 1].method = method; 1149 } 1150 1151 start = pos; 1152 } 1153 1154 os_free(buf); 1155 1156 get_defaults: 1157 if (methods == NULL) 1158 methods = eap_get_phase2_types(config, &num_methods); 1159 1160 if (methods == NULL) { 1161 wpa_printf(MSG_ERROR, "TLS: No Phase2 EAP methods available"); 1162 return -1; 1163 } 1164 wpa_hexdump(MSG_DEBUG, "TLS: Phase2 EAP types", 1165 (u8 *) methods, 1166 num_methods * sizeof(struct eap_method_type)); 1167 1168 *types = methods; 1169 *num_types = num_methods; 1170 1171 return 0; 1172 } 1173 1174 1175 /** 1176 * eap_peer_tls_phase2_nak - Generate EAP-Nak for Phase 2 1177 * @types: Buffer for returning allocated list of allowed EAP methods 1178 * @num_types: Buffer for returning number of allocated EAP methods 1179 * @hdr: EAP-Request header (and the following EAP type octet) 1180 * @resp: Buffer for returning the EAP-Nak message 1181 * Returns: 0 on success, -1 on failure 1182 */ eap_peer_tls_phase2_nak(struct eap_method_type * types,size_t num_types,struct eap_hdr * hdr,struct wpabuf ** resp)1183 int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, 1184 struct eap_hdr *hdr, struct wpabuf **resp) 1185 { 1186 u8 *pos = (u8 *) (hdr + 1); 1187 size_t i; 1188 1189 /* TODO: add support for expanded Nak */ 1190 wpa_printf(MSG_DEBUG, "TLS: Phase 2 Request: Nak type=%d", *pos); 1191 wpa_hexdump(MSG_DEBUG, "TLS: Allowed Phase2 EAP types", 1192 (u8 *) types, num_types * sizeof(struct eap_method_type)); 1193 *resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NAK, num_types, 1194 EAP_CODE_RESPONSE, hdr->identifier); 1195 if (*resp == NULL) 1196 return -1; 1197 1198 for (i = 0; i < num_types; i++) { 1199 if (types[i].vendor == EAP_VENDOR_IETF && 1200 types[i].method < 256) 1201 wpabuf_put_u8(*resp, types[i].method); 1202 } 1203 1204 eap_update_len(*resp); 1205 1206 return 0; 1207 } 1208