1 /*
2 * EAP peer method: EAP-TLS (RFC 2716)
3 * Copyright (c) 2004-2008, 2012-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/tls.h"
13 #include "eap_i.h"
14 #include "eap_tls_common.h"
15 #include "eap_config.h"
16
17
18 static void eap_tls_deinit(struct eap_sm *sm, void *priv);
19
20
21 struct eap_tls_data {
22 struct eap_ssl_data ssl;
23 u8 *key_data;
24 u8 *session_id;
25 size_t id_len;
26 void *ssl_ctx;
27 u8 eap_type;
28 struct wpabuf *pending_resp;
29 };
30
31
eap_tls_init(struct eap_sm * sm)32 static void * eap_tls_init(struct eap_sm *sm)
33 {
34 struct eap_tls_data *data;
35 struct eap_peer_config *config = eap_get_config(sm);
36 struct eap_peer_cert_config *cert;
37
38 if (!config)
39 return NULL;
40 if (!sm->init_phase2)
41 cert = &config->cert;
42 else if (sm->use_machine_cred)
43 cert = &config->machine_cert;
44 else
45 cert = &config->phase2_cert;
46 if (!cert->private_key && cert->engine == 0) {
47 wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
48 return NULL;
49 }
50
51 data = os_zalloc(sizeof(*data));
52 if (data == NULL)
53 return NULL;
54
55 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
56 sm->ssl_ctx;
57
58 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TLS)) {
59 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
60 eap_tls_deinit(sm, data);
61 if (cert->engine) {
62 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting Smartcard "
63 "PIN");
64 eap_sm_request_pin(sm);
65 sm->ignore = true;
66 }
67 #ifndef LOS_CONFIG_EAP_TLS
68 else if (cert->private_key && !cert->private_key_passwd) {
69 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting private "
70 "key passphrase");
71 eap_sm_request_passphrase(sm);
72 sm->ignore = true;
73 }
74 #endif
75 return NULL;
76 }
77
78 data->eap_type = EAP_TYPE_TLS;
79
80 return data;
81 }
82
83
84 #ifdef EAP_UNAUTH_TLS
eap_unauth_tls_init(struct eap_sm * sm)85 static void * eap_unauth_tls_init(struct eap_sm *sm)
86 {
87 struct eap_tls_data *data;
88 struct eap_peer_config *config = eap_get_config(sm);
89
90 data = os_zalloc(sizeof(*data));
91 if (data == NULL)
92 return NULL;
93
94 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
95 sm->ssl_ctx;
96
97 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
98 EAP_UNAUTH_TLS_TYPE)) {
99 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
100 eap_tls_deinit(sm, data);
101 return NULL;
102 }
103
104 data->eap_type = EAP_UNAUTH_TLS_TYPE;
105
106 return data;
107 }
108 #endif /* EAP_UNAUTH_TLS */
109
110
111 #ifdef CONFIG_HS20
eap_wfa_unauth_tls_init(struct eap_sm * sm)112 static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
113 {
114 struct eap_tls_data *data;
115 struct eap_peer_config *config = eap_get_config(sm);
116
117 data = os_zalloc(sizeof(*data));
118 if (data == NULL)
119 return NULL;
120
121 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
122 sm->ssl_ctx;
123
124 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
125 EAP_WFA_UNAUTH_TLS_TYPE)) {
126 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
127 eap_tls_deinit(sm, data);
128 return NULL;
129 }
130
131 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
132
133 return data;
134 }
135 #endif /* CONFIG_HS20 */
136
137
eap_tls_free_key(struct eap_tls_data * data)138 static void eap_tls_free_key(struct eap_tls_data *data)
139 {
140 if (data->key_data) {
141 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
142 data->key_data = NULL;
143 }
144 }
145
146
eap_tls_deinit(struct eap_sm * sm,void * priv)147 static void eap_tls_deinit(struct eap_sm *sm, void *priv)
148 {
149 struct eap_tls_data *data = priv;
150 if (data == NULL)
151 return;
152 eap_peer_tls_ssl_deinit(sm, &data->ssl);
153 eap_tls_free_key(data);
154 os_free(data->session_id);
155 wpabuf_free(data->pending_resp);
156 os_free(data);
157 }
158
159
eap_tls_failure(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret,int res,struct wpabuf * resp,u8 id)160 static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
161 struct eap_tls_data *data,
162 struct eap_method_ret *ret, int res,
163 struct wpabuf *resp, u8 id)
164 {
165 wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
166
167 ret->methodState = METHOD_DONE;
168 ret->decision = DECISION_FAIL;
169
170 if (resp) {
171 /*
172 * This is likely an alert message, so send it instead of just
173 * ACKing the error.
174 */
175 return resp;
176 }
177
178 return eap_peer_tls_build_ack(id, data->eap_type, 0);
179 }
180
181
eap_tls_success(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret)182 static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
183 struct eap_method_ret *ret)
184 {
185 const char *label;
186 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
187 const u8 *context = NULL;
188 size_t context_len = 0;
189
190 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
191
192 if (data->ssl.tls_out) {
193 wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining");
194 return;
195 }
196
197 if (data->ssl.tls_v13) {
198 label = "EXPORTER_EAP_TLS_Key_Material";
199 context = eap_tls13_context;
200 context_len = 1;
201
202 /* A possible NewSessionTicket may be received before
203 * EAP-Success, so need to allow it to be received. */
204 ret->methodState = METHOD_MAY_CONT;
205 ret->decision = DECISION_COND_SUCC;
206 } else {
207 label = "client EAP encryption";
208
209 ret->methodState = METHOD_DONE;
210 ret->decision = DECISION_UNCOND_SUCC;
211 }
212
213 eap_tls_free_key(data);
214 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
215 context, context_len,
216 EAP_TLS_KEY_LEN +
217 EAP_EMSK_LEN);
218 if (data->key_data) {
219 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
220 data->key_data, EAP_TLS_KEY_LEN);
221 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived EMSK",
222 data->key_data + EAP_TLS_KEY_LEN,
223 EAP_EMSK_LEN);
224 } else {
225 wpa_printf(MSG_INFO, "EAP-TLS: Failed to derive key");
226 }
227
228 os_free(data->session_id);
229 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
230 EAP_TYPE_TLS,
231 &data->id_len);
232 if (data->session_id) {
233 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived Session-Id",
234 data->session_id, data->id_len);
235 } else {
236 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to derive Session-Id");
237 }
238 }
239
240
eap_tls_process(struct eap_sm * sm,void * priv,struct eap_method_ret * ret,const struct wpabuf * reqData)241 static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
242 struct eap_method_ret *ret,
243 const struct wpabuf *reqData)
244 {
245 size_t left;
246 int res;
247 struct wpabuf *resp;
248 u8 flags, id;
249 const u8 *pos;
250 struct eap_tls_data *data = priv;
251 struct wpabuf msg;
252
253 if (sm->waiting_ext_cert_check && data->pending_resp) {
254 struct eap_peer_config *config = eap_get_config(sm);
255
256 if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) {
257 wpa_printf(MSG_DEBUG,
258 "EAP-TLS: External certificate check succeeded - continue handshake");
259 resp = data->pending_resp;
260 data->pending_resp = NULL;
261 sm->waiting_ext_cert_check = 0;
262 return resp;
263 }
264
265 if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) {
266 wpa_printf(MSG_DEBUG,
267 "EAP-TLS: External certificate check failed - force authentication failure");
268 ret->methodState = METHOD_DONE;
269 ret->decision = DECISION_FAIL;
270 sm->waiting_ext_cert_check = 0;
271 return NULL;
272 }
273
274 wpa_printf(MSG_DEBUG,
275 "EAP-TLS: Continuing to wait external server certificate validation");
276 return NULL;
277 }
278
279 pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
280 reqData, &left, &flags);
281 if (pos == NULL)
282 return NULL;
283 id = eap_get_id(reqData);
284
285 if (flags & EAP_TLS_FLAGS_START) {
286 wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
287 left = 0; /* make sure that this frame is empty, even though it
288 * should always be, anyway */
289 }
290
291 resp = NULL;
292 wpabuf_set(&msg, pos, left);
293 res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
294 id, &msg, &resp);
295
296 if (res < 0) {
297 return eap_tls_failure(sm, data, ret, res, resp, id);
298 }
299
300 if (sm->waiting_ext_cert_check) {
301 wpa_printf(MSG_DEBUG,
302 "EAP-TLS: Waiting external server certificate validation");
303 wpabuf_free(data->pending_resp);
304 data->pending_resp = resp;
305 return NULL;
306 }
307
308 /* draft-ietf-emu-eap-tls13-13 Section 2.5 */
309 if (res == 2 && data->ssl.tls_v13 && wpabuf_len(resp) == 1 &&
310 *wpabuf_head_u8(resp) == 0) {
311 wpa_printf(MSG_DEBUG, "EAP-TLS: ACKing Commitment Message");
312 eap_peer_tls_reset_output(&data->ssl);
313 res = 1;
314 }
315
316 if (tls_connection_established(data->ssl_ctx, data->ssl.conn))
317 eap_tls_success(sm, data, ret);
318
319 if (res == 1) {
320 wpabuf_free(resp);
321 return eap_peer_tls_build_ack(id, data->eap_type, 0);
322 }
323
324 return resp;
325 }
326
327
eap_tls_has_reauth_data(struct eap_sm * sm,void * priv)328 static bool eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
329 {
330 struct eap_tls_data *data = priv;
331 return tls_connection_established(data->ssl_ctx, data->ssl.conn);
332 }
333
334
eap_tls_deinit_for_reauth(struct eap_sm * sm,void * priv)335 static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
336 {
337 struct eap_tls_data *data = priv;
338
339 wpabuf_free(data->pending_resp);
340 data->pending_resp = NULL;
341 }
342
343
eap_tls_init_for_reauth(struct eap_sm * sm,void * priv)344 static void * eap_tls_init_for_reauth(struct eap_sm *sm, void *priv)
345 {
346 struct eap_tls_data *data = priv;
347 eap_tls_free_key(data);
348 os_free(data->session_id);
349 data->session_id = NULL;
350 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
351 os_free(data);
352 return NULL;
353 }
354 return priv;
355 }
356
357
eap_tls_get_status(struct eap_sm * sm,void * priv,char * buf,size_t buflen,int verbose)358 static int eap_tls_get_status(struct eap_sm *sm, void *priv, char *buf,
359 size_t buflen, int verbose)
360 {
361 struct eap_tls_data *data = priv;
362 return eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
363 }
364
365
eap_tls_isKeyAvailable(struct eap_sm * sm,void * priv)366 static bool eap_tls_isKeyAvailable(struct eap_sm *sm, void *priv)
367 {
368 struct eap_tls_data *data = priv;
369 return data->key_data != NULL;
370 }
371
372
eap_tls_getKey(struct eap_sm * sm,void * priv,size_t * len)373 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
374 {
375 struct eap_tls_data *data = priv;
376 u8 *key;
377
378 if (data->key_data == NULL)
379 return NULL;
380
381 key = os_memdup(data->key_data, EAP_TLS_KEY_LEN);
382 if (key == NULL)
383 return NULL;
384
385 *len = EAP_TLS_KEY_LEN;
386
387 return key;
388 }
389
390
eap_tls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)391 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
392 {
393 struct eap_tls_data *data = priv;
394 u8 *key;
395
396 if (data->key_data == NULL)
397 return NULL;
398
399 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
400 if (key == NULL)
401 return NULL;
402
403 *len = EAP_EMSK_LEN;
404
405 return key;
406 }
407
408
eap_tls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)409 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
410 {
411 struct eap_tls_data *data = priv;
412 u8 *id;
413
414 if (data->session_id == NULL)
415 return NULL;
416
417 id = os_memdup(data->session_id, data->id_len);
418 if (id == NULL)
419 return NULL;
420
421 *len = data->id_len;
422
423 return id;
424 }
425
426
eap_peer_tls_register(void)427 int eap_peer_tls_register(void)
428 {
429 struct eap_method *eap;
430
431 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
432 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
433 if (eap == NULL)
434 return -1;
435
436 eap->init = eap_tls_init;
437 eap->deinit = eap_tls_deinit;
438 eap->process = eap_tls_process;
439 eap->isKeyAvailable = eap_tls_isKeyAvailable;
440 eap->getKey = eap_tls_getKey;
441 eap->getSessionId = eap_tls_get_session_id;
442 eap->get_status = eap_tls_get_status;
443 eap->has_reauth_data = eap_tls_has_reauth_data;
444 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
445 eap->init_for_reauth = eap_tls_init_for_reauth;
446 eap->get_emsk = eap_tls_get_emsk;
447
448 return eap_peer_method_register(eap);
449 }
450
451
452 #ifdef EAP_UNAUTH_TLS
eap_peer_unauth_tls_register(void)453 int eap_peer_unauth_tls_register(void)
454 {
455 struct eap_method *eap;
456
457 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
458 EAP_VENDOR_UNAUTH_TLS,
459 EAP_VENDOR_TYPE_UNAUTH_TLS, "UNAUTH-TLS");
460 if (eap == NULL)
461 return -1;
462
463 eap->init = eap_unauth_tls_init;
464 eap->deinit = eap_tls_deinit;
465 eap->process = eap_tls_process;
466 eap->isKeyAvailable = eap_tls_isKeyAvailable;
467 eap->getKey = eap_tls_getKey;
468 eap->get_status = eap_tls_get_status;
469 eap->has_reauth_data = eap_tls_has_reauth_data;
470 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
471 eap->init_for_reauth = eap_tls_init_for_reauth;
472 eap->get_emsk = eap_tls_get_emsk;
473
474 return eap_peer_method_register(eap);
475 }
476 #endif /* EAP_UNAUTH_TLS */
477
478
479 #ifdef CONFIG_HS20
eap_peer_wfa_unauth_tls_register(void)480 int eap_peer_wfa_unauth_tls_register(void)
481 {
482 struct eap_method *eap;
483
484 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
485 EAP_VENDOR_WFA_NEW,
486 EAP_VENDOR_WFA_UNAUTH_TLS,
487 "WFA-UNAUTH-TLS");
488 if (eap == NULL)
489 return -1;
490
491 eap->init = eap_wfa_unauth_tls_init;
492 eap->deinit = eap_tls_deinit;
493 eap->process = eap_tls_process;
494 eap->isKeyAvailable = eap_tls_isKeyAvailable;
495 eap->getKey = eap_tls_getKey;
496 eap->get_status = eap_tls_get_status;
497 eap->has_reauth_data = eap_tls_has_reauth_data;
498 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
499 eap->init_for_reauth = eap_tls_init_for_reauth;
500 eap->get_emsk = eap_tls_get_emsk;
501
502 return eap_peer_method_register(eap);
503 }
504 #endif /* CONFIG_HS20 */
505