1 /*
2 * EAP peer method: EAP-TLS (RFC 2716)
3 * Copyright (c) 2004-2008, 2012-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/tls.h"
13 #include "eap_i.h"
14 #include "eap_tls_common.h"
15 #include "eap_config.h"
16
17
18 static void eap_tls_deinit(struct eap_sm *sm, void *priv);
19
20
21 struct eap_tls_data {
22 struct eap_ssl_data ssl;
23 u8 *key_data;
24 u8 *session_id;
25 size_t id_len;
26 void *ssl_ctx;
27 u8 eap_type;
28 struct wpabuf *pending_resp;
29 };
30
31
eap_tls_init(struct eap_sm * sm)32 static void * eap_tls_init(struct eap_sm *sm)
33 {
34 struct eap_tls_data *data;
35 struct eap_peer_config *config = eap_get_config(sm);
36 struct eap_peer_cert_config *cert;
37
38 if (!config)
39 return NULL;
40 if (!sm->init_phase2)
41 cert = &config->cert;
42 else if (sm->use_machine_cred)
43 cert = &config->machine_cert;
44 else
45 cert = &config->phase2_cert;
46 if (!cert->private_key && cert->engine == 0) {
47 wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
48 return NULL;
49 }
50
51 data = os_zalloc(sizeof(*data));
52 if (data == NULL)
53 return NULL;
54
55 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
56 sm->ssl_ctx;
57
58 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TLS)) {
59 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
60 eap_tls_deinit(sm, data);
61 if (cert->engine) {
62 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting Smartcard "
63 "PIN");
64 eap_sm_request_pin(sm);
65 sm->ignore = true;
66 } else if (cert->private_key && !cert->private_key_passwd) {
67 wpa_printf(MSG_DEBUG, "EAP-TLS: Requesting private "
68 "key passphrase");
69 eap_sm_request_passphrase(sm);
70 sm->ignore = true;
71 }
72 return NULL;
73 }
74
75 data->eap_type = EAP_TYPE_TLS;
76
77 return data;
78 }
79
80
81 #ifdef EAP_UNAUTH_TLS
eap_unauth_tls_init(struct eap_sm * sm)82 static void * eap_unauth_tls_init(struct eap_sm *sm)
83 {
84 struct eap_tls_data *data;
85 struct eap_peer_config *config = eap_get_config(sm);
86
87 data = os_zalloc(sizeof(*data));
88 if (data == NULL)
89 return NULL;
90
91 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
92 sm->ssl_ctx;
93
94 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
95 EAP_UNAUTH_TLS_TYPE)) {
96 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
97 eap_tls_deinit(sm, data);
98 return NULL;
99 }
100
101 data->eap_type = EAP_UNAUTH_TLS_TYPE;
102
103 return data;
104 }
105 #endif /* EAP_UNAUTH_TLS */
106
107
108 #ifdef CONFIG_HS20
eap_wfa_unauth_tls_init(struct eap_sm * sm)109 static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
110 {
111 struct eap_tls_data *data;
112 struct eap_peer_config *config = eap_get_config(sm);
113
114 data = os_zalloc(sizeof(*data));
115 if (data == NULL)
116 return NULL;
117
118 data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
119 sm->ssl_ctx;
120
121 if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
122 EAP_WFA_UNAUTH_TLS_TYPE)) {
123 wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
124 eap_tls_deinit(sm, data);
125 return NULL;
126 }
127
128 data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
129
130 return data;
131 }
132 #endif /* CONFIG_HS20 */
133
134
eap_tls_free_key(struct eap_tls_data * data)135 static void eap_tls_free_key(struct eap_tls_data *data)
136 {
137 if (data->key_data) {
138 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
139 data->key_data = NULL;
140 }
141 }
142
143
eap_tls_deinit(struct eap_sm * sm,void * priv)144 static void eap_tls_deinit(struct eap_sm *sm, void *priv)
145 {
146 struct eap_tls_data *data = priv;
147 if (data == NULL)
148 return;
149 eap_peer_tls_ssl_deinit(sm, &data->ssl);
150 eap_tls_free_key(data);
151 os_free(data->session_id);
152 wpabuf_free(data->pending_resp);
153 os_free(data);
154 }
155
156
eap_tls_failure(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret,int res,struct wpabuf * resp,u8 id)157 static struct wpabuf * eap_tls_failure(struct eap_sm *sm,
158 struct eap_tls_data *data,
159 struct eap_method_ret *ret, int res,
160 struct wpabuf *resp, u8 id)
161 {
162 wpa_printf(MSG_DEBUG, "EAP-TLS: TLS processing failed");
163
164 ret->methodState = METHOD_DONE;
165 ret->decision = DECISION_FAIL;
166
167 if (resp) {
168 /*
169 * This is likely an alert message, so send it instead of just
170 * ACKing the error.
171 */
172 return resp;
173 }
174
175 return eap_peer_tls_build_ack(id, data->eap_type, 0);
176 }
177
178
eap_tls_success(struct eap_sm * sm,struct eap_tls_data * data,struct eap_method_ret * ret)179 static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
180 struct eap_method_ret *ret)
181 {
182 const char *label;
183 const u8 eap_tls13_context[] = { EAP_TYPE_TLS };
184 const u8 *context = NULL;
185 size_t context_len = 0;
186
187 wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
188
189 if (data->ssl.tls_out) {
190 wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining");
191 return;
192 }
193
194 if (data->ssl.tls_v13) {
195 label = "EXPORTER_EAP_TLS_Key_Material";
196 context = eap_tls13_context;
197 context_len = 1;
198
199 /* A possible NewSessionTicket may be received before
200 * EAP-Success, so need to allow it to be received. */
201 ret->methodState = METHOD_MAY_CONT;
202 ret->decision = DECISION_COND_SUCC;
203 } else {
204 label = "client EAP encryption";
205
206 ret->methodState = METHOD_DONE;
207 ret->decision = DECISION_UNCOND_SUCC;
208 }
209
210 eap_tls_free_key(data);
211 data->key_data = eap_peer_tls_derive_key(sm, &data->ssl, label,
212 context, context_len,
213 EAP_TLS_KEY_LEN +
214 EAP_EMSK_LEN);
215 if (data->key_data) {
216 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived key",
217 data->key_data, EAP_TLS_KEY_LEN);
218 wpa_hexdump_key(MSG_DEBUG, "EAP-TLS: Derived EMSK",
219 data->key_data + EAP_TLS_KEY_LEN,
220 EAP_EMSK_LEN);
221 } else {
222 wpa_printf(MSG_INFO, "EAP-TLS: Failed to derive key");
223 }
224
225 os_free(data->session_id);
226 data->session_id = eap_peer_tls_derive_session_id(sm, &data->ssl,
227 EAP_TYPE_TLS,
228 &data->id_len);
229 if (data->session_id) {
230 wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived Session-Id",
231 data->session_id, data->id_len);
232 } else {
233 wpa_printf(MSG_ERROR, "EAP-TLS: Failed to derive Session-Id");
234 }
235 }
236
237
eap_tls_process(struct eap_sm * sm,void * priv,struct eap_method_ret * ret,const struct wpabuf * reqData)238 static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
239 struct eap_method_ret *ret,
240 const struct wpabuf *reqData)
241 {
242 size_t left;
243 int res;
244 struct wpabuf *resp;
245 u8 flags, id;
246 const u8 *pos;
247 struct eap_tls_data *data = priv;
248 struct wpabuf msg;
249
250 if (sm->waiting_ext_cert_check && data->pending_resp) {
251 struct eap_peer_config *config = eap_get_config(sm);
252
253 if (config->pending_ext_cert_check == EXT_CERT_CHECK_GOOD) {
254 wpa_printf(MSG_DEBUG,
255 "EAP-TLS: External certificate check succeeded - continue handshake");
256 resp = data->pending_resp;
257 data->pending_resp = NULL;
258 sm->waiting_ext_cert_check = 0;
259 return resp;
260 }
261
262 if (config->pending_ext_cert_check == EXT_CERT_CHECK_BAD) {
263 wpa_printf(MSG_DEBUG,
264 "EAP-TLS: External certificate check failed - force authentication failure");
265 ret->methodState = METHOD_DONE;
266 ret->decision = DECISION_FAIL;
267 sm->waiting_ext_cert_check = 0;
268 return NULL;
269 }
270
271 wpa_printf(MSG_DEBUG,
272 "EAP-TLS: Continuing to wait external server certificate validation");
273 return NULL;
274 }
275
276 pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
277 reqData, &left, &flags);
278 if (pos == NULL)
279 return NULL;
280 id = eap_get_id(reqData);
281
282 if (flags & EAP_TLS_FLAGS_START) {
283 wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
284 left = 0; /* make sure that this frame is empty, even though it
285 * should always be, anyway */
286 }
287
288 resp = NULL;
289 wpabuf_set(&msg, pos, left);
290 res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
291 id, &msg, &resp);
292
293 if (res < 0) {
294 return eap_tls_failure(sm, data, ret, res, resp, id);
295 }
296
297 if (sm->waiting_ext_cert_check) {
298 wpa_printf(MSG_DEBUG,
299 "EAP-TLS: Waiting external server certificate validation");
300 wpabuf_free(data->pending_resp);
301 data->pending_resp = resp;
302 return NULL;
303 }
304
305 if (res == 2) {
306 /* Application data included in the handshake message (used by
307 * EAP-TLS 1.3 to indicate conclusion of the exchange). */
308 wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Received Application Data",
309 resp);
310 wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Remaining tls_out data",
311 data->ssl.tls_out);
312 eap_peer_tls_reset_output(&data->ssl);
313 /* Send an ACK to allow the server to complete exchange */
314 res = 1;
315 }
316
317 if (tls_connection_established(data->ssl_ctx, data->ssl.conn))
318 eap_tls_success(sm, data, ret);
319
320 if (res == 1) {
321 wpabuf_free(resp);
322 return eap_peer_tls_build_ack(id, data->eap_type, 0);
323 }
324
325 return resp;
326 }
327
328
eap_tls_has_reauth_data(struct eap_sm * sm,void * priv)329 static bool eap_tls_has_reauth_data(struct eap_sm *sm, void *priv)
330 {
331 struct eap_tls_data *data = priv;
332 return tls_connection_established(data->ssl_ctx, data->ssl.conn);
333 }
334
335
eap_tls_deinit_for_reauth(struct eap_sm * sm,void * priv)336 static void eap_tls_deinit_for_reauth(struct eap_sm *sm, void *priv)
337 {
338 struct eap_tls_data *data = priv;
339
340 wpabuf_free(data->pending_resp);
341 data->pending_resp = NULL;
342 }
343
344
eap_tls_init_for_reauth(struct eap_sm * sm,void * priv)345 static void * eap_tls_init_for_reauth(struct eap_sm *sm, void *priv)
346 {
347 struct eap_tls_data *data = priv;
348 eap_tls_free_key(data);
349 os_free(data->session_id);
350 data->session_id = NULL;
351 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
352 os_free(data);
353 return NULL;
354 }
355 return priv;
356 }
357
358
eap_tls_get_status(struct eap_sm * sm,void * priv,char * buf,size_t buflen,int verbose)359 static int eap_tls_get_status(struct eap_sm *sm, void *priv, char *buf,
360 size_t buflen, int verbose)
361 {
362 struct eap_tls_data *data = priv;
363 return eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
364 }
365
366
eap_tls_isKeyAvailable(struct eap_sm * sm,void * priv)367 static bool eap_tls_isKeyAvailable(struct eap_sm *sm, void *priv)
368 {
369 struct eap_tls_data *data = priv;
370 return data->key_data != NULL;
371 }
372
373
eap_tls_getKey(struct eap_sm * sm,void * priv,size_t * len)374 static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len)
375 {
376 struct eap_tls_data *data = priv;
377 u8 *key;
378
379 if (data->key_data == NULL)
380 return NULL;
381
382 key = os_memdup(data->key_data, EAP_TLS_KEY_LEN);
383 if (key == NULL)
384 return NULL;
385
386 *len = EAP_TLS_KEY_LEN;
387
388 return key;
389 }
390
391
eap_tls_get_emsk(struct eap_sm * sm,void * priv,size_t * len)392 static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
393 {
394 struct eap_tls_data *data = priv;
395 u8 *key;
396
397 if (data->key_data == NULL)
398 return NULL;
399
400 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
401 if (key == NULL)
402 return NULL;
403
404 *len = EAP_EMSK_LEN;
405
406 return key;
407 }
408
409
eap_tls_get_session_id(struct eap_sm * sm,void * priv,size_t * len)410 static u8 * eap_tls_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
411 {
412 struct eap_tls_data *data = priv;
413 u8 *id;
414
415 if (data->session_id == NULL)
416 return NULL;
417
418 id = os_memdup(data->session_id, data->id_len);
419 if (id == NULL)
420 return NULL;
421
422 *len = data->id_len;
423
424 return id;
425 }
426
427
eap_peer_tls_register(void)428 int eap_peer_tls_register(void)
429 {
430 struct eap_method *eap;
431
432 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
433 EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS");
434 if (eap == NULL)
435 return -1;
436
437 eap->init = eap_tls_init;
438 eap->deinit = eap_tls_deinit;
439 eap->process = eap_tls_process;
440 eap->isKeyAvailable = eap_tls_isKeyAvailable;
441 eap->getKey = eap_tls_getKey;
442 eap->getSessionId = eap_tls_get_session_id;
443 eap->get_status = eap_tls_get_status;
444 eap->has_reauth_data = eap_tls_has_reauth_data;
445 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
446 eap->init_for_reauth = eap_tls_init_for_reauth;
447 eap->get_emsk = eap_tls_get_emsk;
448
449 return eap_peer_method_register(eap);
450 }
451
452
453 #ifdef EAP_UNAUTH_TLS
eap_peer_unauth_tls_register(void)454 int eap_peer_unauth_tls_register(void)
455 {
456 struct eap_method *eap;
457
458 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
459 EAP_VENDOR_UNAUTH_TLS,
460 EAP_VENDOR_TYPE_UNAUTH_TLS, "UNAUTH-TLS");
461 if (eap == NULL)
462 return -1;
463
464 eap->init = eap_unauth_tls_init;
465 eap->deinit = eap_tls_deinit;
466 eap->process = eap_tls_process;
467 eap->isKeyAvailable = eap_tls_isKeyAvailable;
468 eap->getKey = eap_tls_getKey;
469 eap->get_status = eap_tls_get_status;
470 eap->has_reauth_data = eap_tls_has_reauth_data;
471 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
472 eap->init_for_reauth = eap_tls_init_for_reauth;
473 eap->get_emsk = eap_tls_get_emsk;
474
475 return eap_peer_method_register(eap);
476 }
477 #endif /* EAP_UNAUTH_TLS */
478
479
480 #ifdef CONFIG_HS20
eap_peer_wfa_unauth_tls_register(void)481 int eap_peer_wfa_unauth_tls_register(void)
482 {
483 struct eap_method *eap;
484
485 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
486 EAP_VENDOR_WFA_NEW,
487 EAP_VENDOR_WFA_UNAUTH_TLS,
488 "WFA-UNAUTH-TLS");
489 if (eap == NULL)
490 return -1;
491
492 eap->init = eap_wfa_unauth_tls_init;
493 eap->deinit = eap_tls_deinit;
494 eap->process = eap_tls_process;
495 eap->isKeyAvailable = eap_tls_isKeyAvailable;
496 eap->getKey = eap_tls_getKey;
497 eap->get_status = eap_tls_get_status;
498 eap->has_reauth_data = eap_tls_has_reauth_data;
499 eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
500 eap->init_for_reauth = eap_tls_init_for_reauth;
501 eap->get_emsk = eap_tls_get_emsk;
502
503 return eap_peer_method_register(eap);
504 }
505 #endif /* CONFIG_HS20 */
506