2 * hostapd / EAP-TLS (RFC 2716)
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
13 #include "eap_tls_common.h"
14 #include "crypto/tls.h"
17 static void eap_tls_reset(struct eap_sm *sm, void *priv);
21 struct eap_ssl_data ssl;
22 enum { START, CONTINUE, SUCCESS, FAILURE } state;
29 static const char * eap_tls_state_txt(int state)
46 static void eap_tls_state(struct eap_tls_data *data, int state)
48 wpa_printf(MSG_DEBUG, "EAP-TLS: %s -> %s",
49 eap_tls_state_txt(data->state),
50 eap_tls_state_txt(state));
53 tls_connection_remove_session(data->ssl.conn);
57 static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
61 if (!sm->tls_session_lifetime)
64 buf = wpabuf_alloc(1);
67 wpabuf_put_u8(buf, data->eap_type);
68 tls_connection_set_success_data(data->ssl.conn, buf);
72 static void * eap_tls_init(struct eap_sm *sm)
74 struct eap_tls_data *data;
76 data = os_zalloc(sizeof(*data));
81 if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) {
82 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
83 eap_tls_reset(sm, data);
87 data->eap_type = EAP_TYPE_TLS;
89 data->phase2 = sm->init_phase2;
95 #ifdef EAP_SERVER_UNAUTH_TLS
96 static void * eap_unauth_tls_init(struct eap_sm *sm)
98 struct eap_tls_data *data;
100 data = os_zalloc(sizeof(*data));
105 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) {
106 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
107 eap_tls_reset(sm, data);
111 data->eap_type = EAP_UNAUTH_TLS_TYPE;
114 #endif /* EAP_SERVER_UNAUTH_TLS */
118 static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
120 struct eap_tls_data *data;
122 data = os_zalloc(sizeof(*data));
127 if (eap_server_tls_ssl_init(sm, &data->ssl, 0,
128 EAP_WFA_UNAUTH_TLS_TYPE)) {
129 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
130 eap_tls_reset(sm, data);
134 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
137 #endif /* CONFIG_HS20 */
140 static void eap_tls_reset(struct eap_sm *sm, void *priv)
142 struct eap_tls_data *data = priv;
145 eap_server_tls_ssl_deinit(sm, &data->ssl);
150 static struct wpabuf * eap_tls_build_start(struct eap_sm *sm,
151 struct eap_tls_data *data, u8 id)
155 req = eap_tls_msg_alloc(data->eap_type, 1, EAP_CODE_REQUEST, id);
157 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for "
159 eap_tls_state(data, FAILURE);
163 wpabuf_put_u8(req, EAP_TLS_FLAGS_START);
165 eap_tls_state(data, CONTINUE);
171 static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
173 struct eap_tls_data *data = priv;
176 if (data->ssl.state == FRAG_ACK) {
177 return eap_server_tls_build_ack(id, data->eap_type, 0);
180 if (data->ssl.state == WAIT_FRAG_ACK) {
181 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0,
183 goto check_established;
186 switch (data->state) {
188 return eap_tls_build_start(sm, data, id);
190 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
191 data->established = 1;
194 wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d",
195 __func__, data->state);
199 res = eap_server_tls_build_msg(&data->ssl, data->eap_type, 0, id);
202 if (data->established && data->ssl.state != WAIT_FRAG_ACK) {
203 /* TLS handshake has been completed and there are no more
204 * fragments waiting to be sent out. */
205 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
206 eap_tls_state(data, SUCCESS);
207 eap_tls_valid_session(sm, data);
208 if (sm->serial_num) {
212 user_len = os_snprintf(user, sizeof(user), "cert-%s",
214 if (eap_user_get(sm, (const u8 *) user, user_len,
216 wpa_printf(MSG_DEBUG,
217 "EAP-TLS: No user entry found based on the serial number of the client certificate ");
219 wpa_printf(MSG_DEBUG,
220 "EAP-TLS: Updated user entry based on the serial number of the client certificate ");
228 static Boolean eap_tls_check(struct eap_sm *sm, void *priv,
229 struct wpabuf *respData)
231 struct eap_tls_data *data = priv;
235 if (data->eap_type == EAP_UNAUTH_TLS_TYPE)
236 pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
237 EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
239 else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
240 pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
241 EAP_VENDOR_WFA_UNAUTH_TLS, respData,
244 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type,
246 if (pos == NULL || len < 1) {
247 wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame");
255 static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
256 const struct wpabuf *respData)
258 struct eap_tls_data *data = priv;
259 if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) {
260 wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS "
261 "handshake message");
264 if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
265 eap_tls_state(data, FAILURE);
269 if (data->ssl.tls_v13 &&
270 tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
271 struct wpabuf *plain, *encr;
273 wpa_printf(MSG_DEBUG,
274 "EAP-TLS: Send empty application data to indicate end of exchange");
275 /* FIX: This should be an empty application data based on
276 * draft-ietf-emu-eap-tls13-05, but OpenSSL does not allow zero
277 * length payload (SSL_write() documentation explicitly
278 * describes this as not allowed), so work around that for now
279 * by sending out a payload of one octet. Hopefully the draft
280 * specification will change to allow this so that no crypto
281 * library changes are needed. */
282 plain = wpabuf_alloc(1);
285 wpabuf_put_u8(plain, 0);
286 encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
290 if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
292 "EAP-TLS: Failed to resize output buffer");
296 wpabuf_put_buf(data->ssl.tls_out, encr);
297 wpa_hexdump_buf(MSG_DEBUG,
298 "EAP-TLS: Data appended to the message", encr);
304 static void eap_tls_process(struct eap_sm *sm, void *priv,
305 struct wpabuf *respData)
307 struct eap_tls_data *data = priv;
308 const struct wpabuf *buf;
311 if (eap_server_tls_process(sm, &data->ssl, respData, data,
312 data->eap_type, NULL, eap_tls_process_msg) <
314 eap_tls_state(data, FAILURE);
318 if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
319 !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
322 buf = tls_connection_get_success_data(data->ssl.conn);
323 if (!buf || wpabuf_len(buf) < 1) {
324 wpa_printf(MSG_DEBUG,
325 "EAP-TLS: No success data in resumed session - reject attempt");
326 eap_tls_state(data, FAILURE);
330 pos = wpabuf_head(buf);
331 if (*pos != data->eap_type) {
332 wpa_printf(MSG_DEBUG,
333 "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
335 eap_tls_state(data, FAILURE);
339 wpa_printf(MSG_DEBUG,
340 "EAP-TLS: Resuming previous session");
341 eap_tls_state(data, SUCCESS);
342 tls_connection_set_success_data_resumed(data->ssl.conn);
343 /* TODO: Cache serial number with session and update EAP user
344 * information based on the cached serial number */
348 static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv)
350 struct eap_tls_data *data = priv;
351 return data->state == SUCCESS || data->state == FAILURE;
355 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
357 struct eap_tls_data *data = priv;
360 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
361 const u8 *context = NULL;
362 size_t context_len = 0;
364 if (data->state != SUCCESS)
367 if (data->ssl.tls_v13) {
368 label = "EXPORTER_EAP_TLS_Key_Material";
369 context = eap_tls13_context;
372 label = "client EAP encryption";
374 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
375 context, context_len,
376 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
378 *len = EAP_TLS_KEY_LEN;
379 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key",
380 eapKeyData, EAP_TLS_KEY_LEN);
381 os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
383 wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key");
390 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
392 struct eap_tls_data *data = priv;
393 u8 *eapKeyData, *emsk;
395 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
396 const u8 *context = NULL;
397 size_t context_len = 0;
399 if (data->state != SUCCESS)
402 if (data->ssl.tls_v13) {
403 label = "EXPORTER_EAP_TLS_Key_Material";
404 context = eap_tls13_context;
407 label = "client EAP encryption";
409 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, label,
410 context, context_len,
411 EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
413 emsk = os_malloc(EAP_EMSK_LEN);
415 os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
417 bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
423 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK",
426 wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK");
433 static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv)
435 struct eap_tls_data *data = priv;
436 return data->state == SUCCESS;
440 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
442 struct eap_tls_data *data = priv;
444 if (data->state != SUCCESS)
447 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TLS,
452 int eap_server_tls_register(void)
454 struct eap_method *eap;
456 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
457 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
461 eap->init = eap_tls_init;
462 eap->reset = eap_tls_reset;
463 eap->buildReq = eap_tls_buildReq;
464 eap->check = eap_tls_check;
465 eap->process = eap_tls_process;
466 eap->isDone = eap_tls_isDone;
467 eap->getKey = eap_tls_getKey;
468 eap->isSuccess = eap_tls_isSuccess;
469 eap->get_emsk = eap_tls_get_emsk;
470 eap->getSessionId = eap_tls_get_session_id;
472 return eap_server_method_register(eap);
476 #ifdef EAP_SERVER_UNAUTH_TLS
477 int eap_server_unauth_tls_register(void)
479 struct eap_method *eap;
481 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
482 EAP_VENDOR_UNAUTH_TLS,
483 EAP_VENDOR_TYPE_UNAUTH_TLS,
488 eap->init = eap_unauth_tls_init;
489 eap->reset = eap_tls_reset;
490 eap->buildReq = eap_tls_buildReq;
491 eap->check = eap_tls_check;
492 eap->process = eap_tls_process;
493 eap->isDone = eap_tls_isDone;
494 eap->getKey = eap_tls_getKey;
495 eap->isSuccess = eap_tls_isSuccess;
496 eap->get_emsk = eap_tls_get_emsk;
498 return eap_server_method_register(eap);
500 #endif /* EAP_SERVER_UNAUTH_TLS */
504 int eap_server_wfa_unauth_tls_register(void)
506 struct eap_method *eap;
508 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
510 EAP_VENDOR_WFA_UNAUTH_TLS,
515 eap->init = eap_wfa_unauth_tls_init;
516 eap->reset = eap_tls_reset;
517 eap->buildReq = eap_tls_buildReq;
518 eap->check = eap_tls_check;
519 eap->process = eap_tls_process;
520 eap->isDone = eap_tls_isDone;
521 eap->getKey = eap_tls_getKey;
522 eap->isSuccess = eap_tls_isSuccess;
523 eap->get_emsk = eap_tls_get_emsk;
525 return eap_server_method_register(eap);
527 #endif /* CONFIG_HS20 */