1 /*
2 * hostapd / EAP-TLS (RFC 5216, RFC 9190)
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "eap_i.h"
13 #include "eap_tls_common.h"
14 #include "crypto/tls.h"
15
16
17 static void eap_tls_reset(struct eap_sm *sm, void *priv);
18
19
20 struct eap_tls_data {
21 struct eap_ssl_data ssl;
22 enum { START, CONTINUE, SUCCESS, FAILURE } state;
23 int established;
24 u8 eap_type;
25 int phase2;
26 };
27
28
eap_tls_state_txt(int state)29 static const char * eap_tls_state_txt(int state)
30 {
31 switch (state) {
32 case START:
33 return "START";
34 case CONTINUE:
35 return "CONTINUE";
36 case SUCCESS:
37 return "SUCCESS";
38 case FAILURE:
39 return "FAILURE";
40 default:
41 return "Unknown?!";
42 }
43 }
44
45
eap_tls_state(struct eap_tls_data * data,int state)46 static void eap_tls_state(struct eap_tls_data *data, int state)
47 {
48 wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s",
49 eap_tls_state_txt(data->state),
50 eap_tls_state_txt(state));
51 data->state = state;
52 if (state == FAILURE)
53 tls_connection_remove_session(data->ssl.conn);
54 }
55
56
eap_tls_valid_session(struct eap_sm * sm,struct eap_tls_data * data)57 static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
58 {
59 struct wpabuf *buf;
60
61 if (!sm->cfg->tls_session_lifetime)
62 return;
63
64 buf = wpabuf_alloc(1);
65 if (!buf)
66 return;
67 wpabuf_put_u8(buf, data->eap_type);
68 tls_connection_set_success_data(data->ssl.conn, buf);
69 }
70
71
eap_tls_init(struct eap_sm * sm)72 static void * eap_tls_init(struct eap_sm *sm)
73 {
74 struct eap_tls_data *data;
75
76 data = os_zalloc(sizeof(*data));
77 if (data == NULL)
78 return NULL;
79 data->state = START;
80
81 if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) {
82 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
83 eap_tls_reset(sm, data);
84 return NULL;
85 }
86
87 data->eap_type = EAP_TYPE_TLS;
88
89 data->phase2 = sm->init_phase2;
90
91 return data;
92 }
93
94
95 #ifdef EAP_SERVER_UNAUTH_TLS
eap_unauth_tls_init(struct eap_sm * sm)96 static void * eap_unauth_tls_init(struct eap_sm *sm)
97 {
98 struct eap_tls_data *data;
99
100 data = os_zalloc(sizeof(*data));
101 if (data == NULL)
102 return NULL;
103 data->state = START;
104
105 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) {
106 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
107 eap_tls_reset(sm, data);
108 return NULL;
109 }
110
111 data->eap_type = EAP_UNAUTH_TLS_TYPE;
112 return data;
113 }
114 #endif /* EAP_SERVER_UNAUTH_TLS */
115
116
eap_tls_reset(struct eap_sm * sm,void * priv)117 static void eap_tls_reset(struct eap_sm *sm, void *priv)
118 {
119 struct eap_tls_data *data = priv;
120 if (data == NULL)
121 return;
122 eap_server_tls_ssl_deinit(sm, &data->ssl);
123 os_free(data);
124 }
125
126
eap_tls_build_start(struct eap_sm * sm,struct eap_tls_data * data,u8 id)127 static struct wpabuf * eap_tls_build_start(struct eap_sm *sm,
128 struct eap_tls_data *data, u8 id)
129 {
130 struct wpabuf *req;
131
132 req = eap_tls_msg_alloc(data->eap_type, 1, EAP_CODE_REQUEST, id);
133 if (req == NULL) {
134 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for "
135 "request");
136 eap_tls_state(data, FAILURE);
137 return NULL;
138 }
139
140 wpabuf_put_u8(req, EAP_TLS_FLAGS_START);
141
142 eap_tls_state(data, CONTINUE);
143
144 return req;
145 }
146
147
eap_tls_buildReq(struct eap_sm * sm,void * priv,u8 id)148 static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
149 {
150 struct eap_tls_data *data = priv;
151 struct wpabuf *res;
152
153 if (data->ssl.state == FRAG_ACK) {
154 return eap_server_tls_build_ack(id, data->eap_type, 0);
155 }
156
157 if (data->ssl.state == WAIT_FRAG_ACK) {
158 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0,
159 id);
160 goto check_established;
161 }
162
163 switch (data->state) {
164 case START:
165 return eap_tls_build_start(sm, data, id);
166 case CONTINUE:
167 if (tls_connection_established(sm->cfg->ssl_ctx,
168 data->ssl.conn))
169 data->established = 1;
170 break;
171 default:
172 wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d",
173 __func__, data->state);
174 return NULL;
175 }
176
177 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id);
178
179 check_established:
180 if (data->established && data->ssl.state != WAIT_FRAG_ACK) {
181 /* TLS handshake has been completed and there are no more
182 * fragments waiting to be sent out. */
183 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
184 eap_tls_state(data, SUCCESS);
185 eap_tls_valid_session(sm, data);
186 if (sm->serial_num) {
187 char user[128];
188 int user_len;
189
190 user_len = os_snprintf(user, sizeof(user), "cert-%s",
191 sm->serial_num);
192 if (eap_user_get(sm, (const u8 *) user, user_len,
193 data->phase2) < 0)
194 wpa_printf(MSG_DEBUG,
195 "EAP-TLS: No user entry found based on the serial number of the client certificate ");
196 else
197 wpa_printf(MSG_DEBUG,
198 "EAP-TLS: Updated user entry based on the serial number of the client certificate ");
199 }
200 }
201
202 return res;
203 }
204
205
eap_tls_check(struct eap_sm * sm,void * priv,struct wpabuf * respData)206 static bool eap_tls_check(struct eap_sm *sm, void *priv,
207 struct wpabuf *respData)
208 {
209 struct eap_tls_data *data = priv;
210 const u8 *pos;
211 size_t len;
212
213 if (data->eap_type == EAP_UNAUTH_TLS_TYPE)
214 pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
215 EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
216 &len);
217 else
218 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type,
219 respData, &len);
220 if (pos == NULL || len < 1) {
221 wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame");
222 return true;
223 }
224
225 return false;
226 }
227
228
eap_tls_process_msg(struct eap_sm * sm,void * priv,const struct wpabuf * respData)229 static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
230 const struct wpabuf *respData)
231 {
232 struct eap_tls_data *data = priv;
233 if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) {
234 wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS "
235 "handshake message");
236 return;
237 }
238 if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
239 eap_tls_state(data, FAILURE);
240 return;
241 }
242 }
243
244
eap_tls_process(struct eap_sm * sm,void * priv,struct wpabuf * respData)245 static void eap_tls_process(struct eap_sm *sm, void *priv,
246 struct wpabuf *respData)
247 {
248 struct eap_tls_data *data = priv;
249 const struct wpabuf *buf;
250 const u8 *pos;
251
252 if (eap_server_tls_process(sm, &data->ssl, respData, data,
253 data->eap_type, NULL, eap_tls_process_msg) <
254 0) {
255 eap_tls_state(data, FAILURE);
256 return;
257 }
258
259 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
260 !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
261 return;
262
263 buf = tls_connection_get_success_data(data->ssl.conn);
264 if (!buf || wpabuf_len(buf) < 1) {
265 wpa_printf(MSG_DEBUG,
266 "EAP-TLS: No success data in resumed session - reject attempt");
267 eap_tls_state(data, FAILURE);
268 return;
269 }
270
271 pos = wpabuf_head(buf);
272 if (*pos != data->eap_type) {
273 wpa_printf(MSG_DEBUG,
274 "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
275 *pos);
276 eap_tls_state(data, FAILURE);
277 return;
278 }
279
280 wpa_printf(MSG_DEBUG,
281 "EAP-TLS: Resuming previous session");
282
283 if (data->ssl.tls_v13 && data->ssl.tls_out) {
284 wpa_hexdump_buf(MSG_DEBUG,
285 "EAP-TLS: Additional data to be sent for TLS 1.3",
286 data->ssl.tls_out);
287 return;
288 }
289
290 eap_tls_state(data, SUCCESS);
291 tls_connection_set_success_data_resumed(data->ssl.conn);
292 /* TODO: Cache serial number with session and update EAP user
293 * information based on the cached serial number */
294 }
295
296
eap_tls_isDone(struct eap_sm * sm,void * priv)297 static bool eap_tls_isDone(struct eap_sm *sm, void *priv)
298 {
299 struct eap_tls_data *data = priv;
300 return data->state == SUCCESS || data->state == FAILURE;
301 }
302
303
eap_tls_getKey(struct eap_sm * sm,void * priv,size_t * len)304 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
305 {
306 struct eap_tls_data *data = priv;
307 u8 *eapKeyData;
308 const char *label;
309 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
310 const u8 *context = NULL;
311 size_t context_len = 0;
312
313 if (data->state != SUCCESS)
314 return NULL;
315
316 if (data->ssl.tls_v13) {
317 label = "EXPORTER_EAP_TLS_Key_Material";
318 context = eap_tls13_context;
319 context_len = 1;
320 } else {
321 label = "client EAP encryption";
322 }
323 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
324 context, context_len,
325 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
326 if (eapKeyData) {
327 *len = EAP_TLS_KEY_LEN;
328 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key",
329 eapKeyData, EAP_TLS_KEY_LEN);
330 os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
331 } else {
332 wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key");
333 }
334
335 return eapKeyData;
336 }
337
338
eap_tls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)339 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
340 {
341 struct eap_tls_data *data = priv;
342 u8 *eapKeyData, *emsk;
343 const char *label;
344 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
345 const u8 *context = NULL;
346 size_t context_len = 0;
347
348 if (data->state != SUCCESS)
349 return NULL;
350
351 if (data->ssl.tls_v13) {
352 label = "EXPORTER_EAP_TLS_Key_Material";
353 context = eap_tls13_context;
354 context_len = 1;
355 } else {
356 label = "client EAP encryption";
357 }
358 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
359 context, context_len,
360 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
361 if (eapKeyData) {
362 emsk = os_malloc(EAP_EMSK_LEN);
363 if (emsk)
364 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
365 EAP_EMSK_LEN);
366 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
367 } else
368 emsk = NULL;
369
370 if (emsk) {
371 *len = EAP_EMSK_LEN;
372 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK",
373 emsk, EAP_EMSK_LEN);
374 } else {
375 wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK");
376 }
377
378 return emsk;
379 }
380
381
eap_tls_isSuccess(struct eap_sm * sm,void * priv)382 static bool eap_tls_isSuccess(struct eap_sm *sm, void *priv)
383 {
384 struct eap_tls_data *data = priv;
385 return data->state == SUCCESS;
386 }
387
388
eap_tls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)389 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
390 {
391 struct eap_tls_data *data = priv;
392
393 if (data->state != SUCCESS)
394 return NULL;
395
396 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TLS,
397 len);
398 }
399
400
eap_server_tls_register(void)401 int eap_server_tls_register(void)
402 {
403 struct eap_method *eap;
404
405 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
406 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
407 if (eap == NULL)
408 return -1;
409
410 eap->init = eap_tls_init;
411 eap->reset = eap_tls_reset;
412 eap->buildReq = eap_tls_buildReq;
413 eap->check = eap_tls_check;
414 eap->process = eap_tls_process;
415 eap->isDone = eap_tls_isDone;
416 eap->getKey = eap_tls_getKey;
417 eap->isSuccess = eap_tls_isSuccess;
418 eap->get_emsk = eap_tls_get_emsk;
419 eap->getSessionId = eap_tls_get_session_id;
420
421 return eap_server_method_register(eap);
422 }
423
424
425 #ifdef EAP_SERVER_UNAUTH_TLS
eap_server_unauth_tls_register(void)426 int eap_server_unauth_tls_register(void)
427 {
428 struct eap_method *eap;
429
430 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
431 EAP_VENDOR_UNAUTH_TLS,
432 EAP_VENDOR_TYPE_UNAUTH_TLS,
433 "UNAUTH-TLS");
434 if (eap == NULL)
435 return -1;
436
437 eap->init = eap_unauth_tls_init;
438 eap->reset = eap_tls_reset;
439 eap->buildReq = eap_tls_buildReq;
440 eap->check = eap_tls_check;
441 eap->process = eap_tls_process;
442 eap->isDone = eap_tls_isDone;
443 eap->getKey = eap_tls_getKey;
444 eap->isSuccess = eap_tls_isSuccess;
445 eap->get_emsk = eap_tls_get_emsk;
446
447 return eap_server_method_register(eap);
448 }
449 #endif /* EAP_SERVER_UNAUTH_TLS */
450