| 1 | /* |
| 2 | * hostapd / EAP-TLS (RFC 2716) |
| 3 | * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License version 2 as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * Alternatively, this software may be distributed under the terms of BSD |
| 10 | * license. |
| 11 | * |
| 12 | * See README and COPYING for more details. |
| 13 | */ |
| 14 | |
| 15 | #include "includes.h" |
| 16 | |
| 17 | #include "hostapd.h" |
| 18 | #include "common.h" |
| 19 | #include "eap_i.h" |
| 20 | #include "eap_tls_common.h" |
| 21 | #include "tls.h" |
| 22 | |
| 23 | |
| 24 | static void eap_tls_reset(struct eap_sm *sm, void *priv); |
| 25 | |
| 26 | |
| 27 | struct eap_tls_data { |
| 28 | struct eap_ssl_data ssl; |
| 29 | enum { START, CONTINUE, SUCCESS, FAILURE } state; |
| 30 | }; |
| 31 | |
| 32 | |
| 33 | static void * eap_tls_init(struct eap_sm *sm) |
| 34 | { |
| 35 | struct eap_tls_data *data; |
| 36 | |
| 37 | data = wpa_zalloc(sizeof(*data)); |
| 38 | if (data == NULL) |
| 39 | return NULL; |
| 40 | data->state = START; |
| 41 | |
| 42 | if (eap_tls_ssl_init(sm, &data->ssl, 1)) { |
| 43 | wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); |
| 44 | eap_tls_reset(sm, data); |
| 45 | return NULL; |
| 46 | } |
| 47 | |
| 48 | return data; |
| 49 | } |
| 50 | |
| 51 | |
| 52 | static void eap_tls_reset(struct eap_sm *sm, void *priv) |
| 53 | { |
| 54 | struct eap_tls_data *data = priv; |
| 55 | if (data == NULL) |
| 56 | return; |
| 57 | eap_tls_ssl_deinit(sm, &data->ssl); |
| 58 | free(data); |
| 59 | } |
| 60 | |
| 61 | |
| 62 | static u8 * eap_tls_build_start(struct eap_sm *sm, struct eap_tls_data *data, |
| 63 | int id, size_t *reqDataLen) |
| 64 | { |
| 65 | struct eap_hdr *req; |
| 66 | u8 *pos; |
| 67 | |
| 68 | *reqDataLen = sizeof(*req) + 2; |
| 69 | req = malloc(*reqDataLen); |
| 70 | if (req == NULL) { |
| 71 | wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for " |
| 72 | "request"); |
| 73 | data->state = FAILURE; |
| 74 | return NULL; |
| 75 | } |
| 76 | |
| 77 | req->code = EAP_CODE_REQUEST; |
| 78 | req->identifier = id; |
| 79 | req->length = htons(*reqDataLen); |
| 80 | pos = (u8 *) (req + 1); |
| 81 | *pos++ = EAP_TYPE_TLS; |
| 82 | *pos = EAP_TLS_FLAGS_START; |
| 83 | |
| 84 | data->state = CONTINUE; |
| 85 | |
| 86 | return (u8 *) req; |
| 87 | } |
| 88 | |
| 89 | |
| 90 | static u8 * eap_tls_build_req(struct eap_sm *sm, struct eap_tls_data *data, |
| 91 | int id, size_t *reqDataLen) |
| 92 | { |
| 93 | int res; |
| 94 | u8 *req; |
| 95 | |
| 96 | res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, |
| 97 | &req, reqDataLen); |
| 98 | |
| 99 | if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { |
| 100 | wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); |
| 101 | data->state = SUCCESS; |
| 102 | } |
| 103 | |
| 104 | if (res == 1) |
| 105 | return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_TLS, 0); |
| 106 | return req; |
| 107 | } |
| 108 | |
| 109 | |
| 110 | static u8 * eap_tls_buildReq(struct eap_sm *sm, void *priv, int id, |
| 111 | size_t *reqDataLen) |
| 112 | { |
| 113 | struct eap_tls_data *data = priv; |
| 114 | |
| 115 | switch (data->state) { |
| 116 | case START: |
| 117 | return eap_tls_build_start(sm, data, id, reqDataLen); |
| 118 | case CONTINUE: |
| 119 | return eap_tls_build_req(sm, data, id, reqDataLen); |
| 120 | default: |
| 121 | wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", |
| 122 | __func__, data->state); |
| 123 | return NULL; |
| 124 | } |
| 125 | } |
| 126 | |
| 127 | |
| 128 | static Boolean eap_tls_check(struct eap_sm *sm, void *priv, |
| 129 | u8 *respData, size_t respDataLen) |
| 130 | { |
| 131 | struct eap_hdr *resp; |
| 132 | u8 *pos; |
| 133 | |
| 134 | resp = (struct eap_hdr *) respData; |
| 135 | pos = (u8 *) (resp + 1); |
| 136 | if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_TLS || |
| 137 | (ntohs(resp->length)) > respDataLen) { |
| 138 | wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame"); |
| 139 | return TRUE; |
| 140 | } |
| 141 | |
| 142 | return FALSE; |
| 143 | } |
| 144 | |
| 145 | |
| 146 | static void eap_tls_process(struct eap_sm *sm, void *priv, |
| 147 | u8 *respData, size_t respDataLen) |
| 148 | { |
| 149 | struct eap_tls_data *data = priv; |
| 150 | struct eap_hdr *resp; |
| 151 | u8 *pos, flags; |
| 152 | int left; |
| 153 | unsigned int tls_msg_len; |
| 154 | |
| 155 | resp = (struct eap_hdr *) respData; |
| 156 | pos = (u8 *) (resp + 1); |
| 157 | pos++; |
| 158 | flags = *pos++; |
| 159 | left = htons(resp->length) - sizeof(struct eap_hdr) - 2; |
| 160 | wpa_printf(MSG_DEBUG, "EAP-TLS: Received packet(len=%lu) - " |
| 161 | "Flags 0x%02x", (unsigned long) respDataLen, flags); |
| 162 | if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { |
| 163 | if (left < 4) { |
| 164 | wpa_printf(MSG_INFO, "EAP-TLS: Short frame with TLS " |
| 165 | "length"); |
| 166 | data->state = FAILURE; |
| 167 | return; |
| 168 | } |
| 169 | tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | |
| 170 | pos[3]; |
| 171 | wpa_printf(MSG_DEBUG, "EAP-TLS: TLS Message Length: %d", |
| 172 | tls_msg_len); |
| 173 | if (data->ssl.tls_in_left == 0) { |
| 174 | data->ssl.tls_in_total = tls_msg_len; |
| 175 | data->ssl.tls_in_left = tls_msg_len; |
| 176 | free(data->ssl.tls_in); |
| 177 | data->ssl.tls_in = NULL; |
| 178 | data->ssl.tls_in_len = 0; |
| 179 | } |
| 180 | pos += 4; |
| 181 | left -= 4; |
| 182 | } |
| 183 | |
| 184 | if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { |
| 185 | wpa_printf(MSG_INFO, "EAP-TLS: TLS processing failed"); |
| 186 | data->state = FAILURE; |
| 187 | return; |
| 188 | } |
| 189 | |
| 190 | if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { |
| 191 | wpa_printf(MSG_INFO, "EAP-TLS: Locally detected fatal error " |
| 192 | "in TLS processing"); |
| 193 | data->state = FAILURE; |
| 194 | return; |
| 195 | } |
| 196 | } |
| 197 | |
| 198 | |
| 199 | static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) |
| 200 | { |
| 201 | struct eap_tls_data *data = priv; |
| 202 | return data->state == SUCCESS || data->state == FAILURE; |
| 203 | } |
| 204 | |
| 205 | |
| 206 | static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) |
| 207 | { |
| 208 | struct eap_tls_data *data = priv; |
| 209 | u8 *eapKeyData; |
| 210 | |
| 211 | if (data->state != SUCCESS) |
| 212 | return NULL; |
| 213 | |
| 214 | eapKeyData = eap_tls_derive_key(sm, &data->ssl, |
| 215 | "client EAP encryption", |
| 216 | EAP_TLS_KEY_LEN); |
| 217 | if (eapKeyData) { |
| 218 | *len = EAP_TLS_KEY_LEN; |
| 219 | wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key", |
| 220 | eapKeyData, EAP_TLS_KEY_LEN); |
| 221 | } else { |
| 222 | wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key"); |
| 223 | } |
| 224 | |
| 225 | return eapKeyData; |
| 226 | } |
| 227 | |
| 228 | |
| 229 | static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) |
| 230 | { |
| 231 | struct eap_tls_data *data = priv; |
| 232 | u8 *eapKeyData, *emsk; |
| 233 | |
| 234 | if (data->state != SUCCESS) |
| 235 | return NULL; |
| 236 | |
| 237 | eapKeyData = eap_tls_derive_key(sm, &data->ssl, |
| 238 | "client EAP encryption", |
| 239 | EAP_TLS_KEY_LEN + EAP_EMSK_LEN); |
| 240 | if (eapKeyData) { |
| 241 | emsk = malloc(EAP_EMSK_LEN); |
| 242 | if (emsk) |
| 243 | memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, |
| 244 | EAP_EMSK_LEN); |
| 245 | free(eapKeyData); |
| 246 | } else |
| 247 | emsk = NULL; |
| 248 | |
| 249 | if (emsk) { |
| 250 | *len = EAP_EMSK_LEN; |
| 251 | wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK", |
| 252 | emsk, EAP_EMSK_LEN); |
| 253 | } else { |
| 254 | wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK"); |
| 255 | } |
| 256 | |
| 257 | return emsk; |
| 258 | } |
| 259 | |
| 260 | |
| 261 | static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv) |
| 262 | { |
| 263 | struct eap_tls_data *data = priv; |
| 264 | return data->state == SUCCESS; |
| 265 | } |
| 266 | |
| 267 | |
| 268 | int eap_server_tls_register(void) |
| 269 | { |
| 270 | struct eap_method *eap; |
| 271 | int ret; |
| 272 | |
| 273 | eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, |
| 274 | EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS"); |
| 275 | if (eap == NULL) |
| 276 | return -1; |
| 277 | |
| 278 | eap->init = eap_tls_init; |
| 279 | eap->reset = eap_tls_reset; |
| 280 | eap->buildReq = eap_tls_buildReq; |
| 281 | eap->check = eap_tls_check; |
| 282 | eap->process = eap_tls_process; |
| 283 | eap->isDone = eap_tls_isDone; |
| 284 | eap->getKey = eap_tls_getKey; |
| 285 | eap->isSuccess = eap_tls_isSuccess; |
| 286 | eap->get_emsk = eap_tls_get_emsk; |
| 287 | |
| 288 | ret = eap_server_method_register(eap); |
| 289 | if (ret) |
| 290 | eap_server_method_free(eap); |
| 291 | return ret; |
| 292 | } |