1 /*
2 * EAP peer method: EAP-TLS (RFC 5216, RFC 9190)
3 * Copyright (c) 2004-2008, 2012-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/tls.h"
13 #include "eap_i.h"
14 #include "eap_tls_common.h"
15 #include "eap_config.h"
16
17
18 static void eap_tls_deinit(struct eap_sm *sm, void *priv);
19
20
21 struct eap_tls_data {
22 struct eap_ssl_data ssl;
23 u8 *key_data;
24 u8 *session_id;
25 size_t id_len;
26 void *ssl_ctx;
27 u8 eap_type;
28 struct wpabuf *pending_resp;
29 bool prot_success_received;
30 };
31
32
eap_tls_init(struct eap_sm * sm)33 static void * eap_tls_init(struct eap_sm *sm)
34 {
35 struct eap_tls_data *data;
36 struct eap_peer_config *config = eap_get_config(sm);
37 struct eap_peer_cert_config *cert;
38
39 if (!config)
40 return NULL;
41 if (!sm->init_phase2)
42 cert = &config->cert;
43 else if (sm->use_machine_cred)
44 cert = &config->machine_cert;
45 else
46 cert = &config->phase2_cert;
47 if (!cert->private_key && cert->engine == 0) {
48 wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
49 return NULL;
50 }
51
52 data = os_zalloc(sizeof(*data));
53 if (data == NULL)
54 return NULL;
55
56 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
57 sm->ssl_ctx;
58
59 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TLS)) {
60 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
61 eap_tls_deinit(sm, data);
62 if (cert->engine) {
63 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting Smartcard "
64 "PIN");
65 eap_sm_request_pin(sm);
66 sm->ignore = true;
67 } else if (cert->private_key && !cert->private_key_passwd) {
68 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting private "
69 "key passphrase");
70 eap_sm_request_passphrase(sm);
71 sm->ignore = true;
72 }
73 return NULL;
74 }
75
76 data->eap_type = EAP_TYPE_TLS;
77
78 return data;
79 }
80
81
82 #ifdef EAP_UNAUTH_TLS
eap_unauth_tls_init(struct eap_sm * sm)83 static void * eap_unauth_tls_init(struct eap_sm *sm)
84 {
85 struct eap_tls_data *data;
86 struct eap_peer_config *config = eap_get_config(sm);
87
88 data = os_zalloc(sizeof(*data));
89 if (data == NULL)
90 return NULL;
91
92 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
93 sm->ssl_ctx;
94
95 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
96 EAP_UNAUTH_TLS_TYPE)) {
97 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
98 eap_tls_deinit(sm, data);
99 return NULL;
100 }
101
102 data->eap_type = EAP_UNAUTH_TLS_TYPE;
103
104 return data;
105 }
106 #endif /* EAP_UNAUTH_TLS */
107
108
eap_tls_free_key(struct eap_tls_data * data)109 static void eap_tls_free_key(struct eap_tls_data *data)
110 {
111 if (data->key_data) {
112 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
113 data->key_data = NULL;
114 }
115 }
116
117
eap_tls_deinit(struct eap_sm * sm,void * priv)118 static void eap_tls_deinit(struct eap_sm *sm, void *priv)
119 {
120 struct eap_tls_data *data = priv;
121 if (data == NULL)
122 return;
123 eap_peer_tls_ssl_deinit(sm, &data->ssl);
124 eap_tls_free_key(data);
125 os_free(data->session_id);
126 wpabuf_free(data->pending_resp);
127 os_free(data);
128 }
129
130
eap_tls_failure(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret,int res,struct wpabuf * resp,u8 id)131 static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
132 struct eap_tls_data *data,
133 struct eap_method_ret *ret, int res,
134 struct wpabuf *resp, u8 id)
135 {
136 wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
137
138 ret->methodState = METHOD_DONE;
139 ret->decision = DECISION_FAIL;
140
141 if (resp) {
142 /*
143 * This is likely an alert message, so send it instead of just
144 * ACKing the error.
145 */
146 return resp;
147 }
148
149 return eap_peer_tls_build_ack(id, data->eap_type, 0);
150 }
151
152
eap_tls_success(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret)153 static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
154 struct eap_method_ret *ret)
155 {
156 const char *label;
157 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
158 const u8 *context = NULL;
159 size_t context_len = 0;
160
161 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
162
163 if (data->ssl.tls_out) {
164 wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining");
165 return;
166 }
167
168 if (data->ssl.tls_v13) {
169 label = "EXPORTER_EAP_TLS_Key_Material";
170 context = eap_tls13_context;
171 context_len = 1;
172
173 /* A possible NewSessionTicket may be received before
174 * EAP-Success, so need to allow it to be received. */
175 ret->methodState = METHOD_MAY_CONT;
176 ret->decision = DECISION_COND_SUCC;
177 } else {
178 label = "client EAP encryption";
179
180 ret->methodState = METHOD_DONE;
181 ret->decision = DECISION_UNCOND_SUCC;
182 }
183
184 eap_tls_free_key(data);
185 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
186 context, context_len,
187 EAP_TLS_KEY_LEN +
188 EAP_EMSK_LEN);
189 if (data->key_data) {
190 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
191 data->key_data, EAP_TLS_KEY_LEN);
192 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived EMSK",
193 data->key_data + EAP_TLS_KEY_LEN,
194 EAP_EMSK_LEN);
195 } else {
196 wpa_printf(MSG_INFO, "EAP-TLS: Failed to derive key");
197 }
198
199 os_free(data->session_id);
200 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
201 EAP_TYPE_TLS,
202 &data->id_len);
203 if (data->session_id) {
204 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived Session-Id",
205 data->session_id, data->id_len);
206 } else {
207 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to derive Session-Id");
208 }
209 }
210
211
eap_tls_process(struct eap_sm * sm,void * priv,struct eap_method_ret * ret,const struct wpabuf * reqData)212 static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
213 struct eap_method_ret *ret,
214 const struct wpabuf *reqData)
215 {
216 size_t left;
217 int res;
218 struct wpabuf *resp;
219 u8 flags, id;
220 const u8 *pos;
221 struct eap_tls_data *data = priv;
222 struct wpabuf msg;
223
224 if (sm->waiting_ext_cert_check && data->pending_resp) {
225 struct eap_peer_config *config = eap_get_config(sm);
226
227 if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) {
228 wpa_printf(MSG_DEBUG,
229 "EAP-TLS: External certificate check succeeded - continue handshake");
230 resp = data->pending_resp;
231 data->pending_resp = NULL;
232 sm->waiting_ext_cert_check = 0;
233 return resp;
234 }
235
236 if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) {
237 wpa_printf(MSG_DEBUG,
238 "EAP-TLS: External certificate check failed - force authentication failure");
239 ret->methodState = METHOD_DONE;
240 ret->decision = DECISION_FAIL;
241 sm->waiting_ext_cert_check = 0;
242 return NULL;
243 }
244
245 wpa_printf(MSG_DEBUG,
246 "EAP-TLS: Continuing to wait external server certificate validation");
247 return NULL;
248 }
249
250 pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
251 reqData, &left, &flags);
252 if (pos == NULL)
253 return NULL;
254 id = eap_get_id(reqData);
255
256 if (flags & EAP_TLS_FLAGS_START) {
257 wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
258 left = 0; /* make sure that this frame is empty, even though it
259 * should always be, anyway */
260 }
261
262 resp = NULL;
263 wpabuf_set(&msg, pos, left);
264 res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
265 id, &msg, &resp);
266
267 if (res < 0) {
268 return eap_tls_failure(sm, data, ret, res, resp, id);
269 }
270
271 if (sm->waiting_ext_cert_check) {
272 wpa_printf(MSG_DEBUG,
273 "EAP-TLS: Waiting external server certificate validation");
274 wpabuf_free(data->pending_resp);
275 data->pending_resp = resp;
276 return NULL;
277 }
278
279 /* RFC 9190 Section 2.5 */
280 if (res == 2 && data->ssl.tls_v13 && wpabuf_len(resp) == 1 &&
281 *wpabuf_head_u8(resp) == 0) {
282 wpa_printf(MSG_DEBUG,
283 "EAP-TLS: ACKing protected success indication (appl data 0x00)");
284 eap_peer_tls_reset_output(&data->ssl);
285 res = 1;
286 ret->methodState = METHOD_DONE;
287 ret->decision = DECISION_UNCOND_SUCC;
288 data->prot_success_received = true;
289 }
290
291 if (tls_connection_established(data->ssl_ctx, data->ssl.conn) &&
292 (!data->ssl.tls_v13 || data->prot_success_received))
293 eap_tls_success(sm, data, ret);
294
295 if (res == 1) {
296 wpabuf_free(resp);
297 return eap_peer_tls_build_ack(id, data->eap_type, 0);
298 }
299
300 return resp;
301 }
302
303
eap_tls_has_reauth_data(struct eap_sm * sm,void * priv)304 static bool eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
305 {
306 struct eap_tls_data *data = priv;
307 return tls_connection_established(data->ssl_ctx, data->ssl.conn);
308 }
309
310
eap_tls_deinit_for_reauth(struct eap_sm * sm,void * priv)311 static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
312 {
313 struct eap_tls_data *data = priv;
314
315 wpabuf_free(data->pending_resp);
316 data->pending_resp = NULL;
317 data->prot_success_received = false;
318 }
319
320
eap_tls_init_for_reauth(struct eap_sm * sm,void * priv)321 static void * eap_tls_init_for_reauth(struct eap_sm *sm, void *priv)
322 {
323 struct eap_tls_data *data = priv;
324 eap_tls_free_key(data);
325 os_free(data->session_id);
326 data->session_id = NULL;
327 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
328 os_free(data);
329 return NULL;
330 }
331 return priv;
332 }
333
334
eap_tls_get_status(struct eap_sm * sm,void * priv,char * buf,size_t buflen,int verbose)335 static int eap_tls_get_status(struct eap_sm *sm, void *priv, char *buf,
336 size_t buflen, int verbose)
337 {
338 struct eap_tls_data *data = priv;
339 return eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
340 }
341
342
eap_tls_isKeyAvailable(struct eap_sm * sm,void * priv)343 static bool eap_tls_isKeyAvailable(struct eap_sm *sm, void *priv)
344 {
345 struct eap_tls_data *data = priv;
346 return data->key_data != NULL;
347 }
348
349
eap_tls_getKey(struct eap_sm * sm,void * priv,size_t * len)350 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
351 {
352 struct eap_tls_data *data = priv;
353 u8 *key;
354
355 if (data->key_data == NULL)
356 return NULL;
357
358 key = os_memdup(data->key_data, EAP_TLS_KEY_LEN);
359 if (key == NULL)
360 return NULL;
361
362 *len = EAP_TLS_KEY_LEN;
363
364 return key;
365 }
366
367
eap_tls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)368 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
369 {
370 struct eap_tls_data *data = priv;
371 u8 *key;
372
373 if (data->key_data == NULL)
374 return NULL;
375
376 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
377 if (key == NULL)
378 return NULL;
379
380 *len = EAP_EMSK_LEN;
381
382 return key;
383 }
384
385
eap_tls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)386 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
387 {
388 struct eap_tls_data *data = priv;
389 u8 *id;
390
391 if (data->session_id == NULL)
392 return NULL;
393
394 id = os_memdup(data->session_id, data->id_len);
395 if (id == NULL)
396 return NULL;
397
398 *len = data->id_len;
399
400 return id;
401 }
402
403
eap_peer_tls_register(void)404 int eap_peer_tls_register(void)
405 {
406 struct eap_method *eap;
407
408 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
409 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
410 if (eap == NULL)
411 return -1;
412
413 eap->init = eap_tls_init;
414 eap->deinit = eap_tls_deinit;
415 eap->process = eap_tls_process;
416 eap->isKeyAvailable = eap_tls_isKeyAvailable;
417 eap->getKey = eap_tls_getKey;
418 eap->getSessionId = eap_tls_get_session_id;
419 eap->get_status = eap_tls_get_status;
420 eap->has_reauth_data = eap_tls_has_reauth_data;
421 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
422 eap->init_for_reauth = eap_tls_init_for_reauth;
423 eap->get_emsk = eap_tls_get_emsk;
424
425 return eap_peer_method_register(eap);
426 }
427
428
429 #ifdef EAP_UNAUTH_TLS
eap_peer_unauth_tls_register(void)430 int eap_peer_unauth_tls_register(void)
431 {
432 struct eap_method *eap;
433
434 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
435 EAP_VENDOR_UNAUTH_TLS,
436 EAP_VENDOR_TYPE_UNAUTH_TLS, "UNAUTH-TLS");
437 if (eap == NULL)
438 return -1;
439
440 eap->init = eap_unauth_tls_init;
441 eap->deinit = eap_tls_deinit;
442 eap->process = eap_tls_process;
443 eap->isKeyAvailable = eap_tls_isKeyAvailable;
444 eap->getKey = eap_tls_getKey;
445 eap->get_status = eap_tls_get_status;
446 eap->has_reauth_data = eap_tls_has_reauth_data;
447 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
448 eap->init_for_reauth = eap_tls_init_for_reauth;
449 eap->get_emsk = eap_tls_get_emsk;
450
451 return eap_peer_method_register(eap);
452 }
453 #endif /* EAP_UNAUTH_TLS */
454