Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

TNC: Added preliminary code for IF-TNCCS-SOH server side support

If TNC is enabled, PEAPv0 server is now sending out SoH request to initiate
IF-TNCCS-SOH (Microsoft NAP / Statement of Health) handshake. The results
are currently only shown in debug log and they do not affect authentication
or authorization result.
Jouni Malinen 17 years ago
parent
30680e9332
commit
1c2ff04f3a
4 changed files with 265 additions and 3 deletions
Split View Show Diff Stats
  1. 1 0
      src/eap_common/eap_defs.h
  2. 218 1
      src/eap_server/eap_peap.c
  3. 41 1
      src/eap_server/tncs.c
  4. 5 1
      src/eap_server/tncs.h

+ 1 - 0
src/eap_common/eap_defs.h
View File 

@@ -75,6 +75,7 @@ typedef enum {
 
 /* SMI Network Management Private Enterprise Code for vendor specific types */
 
 enum {
 
 	EAP_VENDOR_IETF = 0,
 
+	EAP_VENDOR_MICROSOFT = 0x000137 /* Microsoft */,
 
 	EAP_VENDOR_WFA = 0x00372A /* Wi-Fi Alliance */
 
 };

+ 218 - 1
src/eap_server/eap_peap.c
View File 

@@ -20,6 +20,7 @@
 
 #include "eap_tls_common.h"
 
 #include "eap_common/eap_tlv_common.h"
 
 #include "tls.h"
 
+#include "tncs.h"
 
 
 
 /* Maximum supported PEAP version
 
@@ -37,7 +38,7 @@ struct eap_peap_data {
 
 	struct eap_ssl_data ssl;
 
 	enum {
 
 		START, PHASE1, PHASE1_ID2, PHASE2_START, PHASE2_ID,
 
-		PHASE2_METHOD,
 
+		PHASE2_METHOD, PHASE2_SOH,
 
 		PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE
 
 	} state;
 
 
@@ -56,6 +57,7 @@ struct eap_peap_data {
 
 	u8 cmk[20];
 
 	u8 *phase2_key;
 
 	size_t phase2_key_len;
 
+	struct wpabuf *soh_response;
 
 };
 
 
 
@@ -74,6 +76,8 @@ static const char * eap_peap_state_txt(int state)
 
 		return "PHASE2_ID";
 
 	case PHASE2_METHOD:
 
 		return "PHASE2_METHOD";
 
+	case PHASE2_SOH:
 
+		return "PHASE2_SOH";
 
 	case PHASE2_TLV:
 
 		return "PHASE2_TLV";
 
 	case SUCCESS_REQ:
 
@@ -199,6 +203,7 @@ static void eap_peap_reset(struct eap_sm *sm, void *priv)
 
 	eap_server_tls_ssl_deinit(sm, &data->ssl);
 
 	wpabuf_free(data->pending_phase2_resp);
 
 	os_free(data->phase2_key);
 
+	wpabuf_free(data->soh_response);
 
 	os_free(data);
 
 }
 
 
@@ -291,6 +296,10 @@ static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm,
 
 	const u8 *req;
 
 	size_t req_len;
 
 
+	if (data->phase2_method == NULL || data->phase2_priv == NULL) {
 
+		wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 method not ready");
 
+		return NULL;
 
+	}
 
 	buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
 
 	if (data->peap_version >= 2 && buf)
 
 		buf = eap_peapv2_tlv_eap_payload(buf);
 
@@ -315,6 +324,45 @@ static struct wpabuf * eap_peap_build_phase2_req(struct eap_sm *sm,
 
 }
 
 
 
+#ifdef EAP_TNC
 
+static struct wpabuf * eap_peap_build_phase2_soh(struct eap_sm *sm,
 
+						 struct eap_peap_data *data,
 
+						 u8 id)
 
+{
 
+	struct wpabuf *buf1, *buf, *encr_req;
 
+	const u8 *req;
 
+	size_t req_len;
 
+
 
+	buf1 = tncs_build_soh_request();
 
+	if (buf1 == NULL)
 
+		return NULL;
 
+
 
+	buf = eap_msg_alloc(EAP_VENDOR_MICROSOFT, 0x21, wpabuf_len(buf1),
 
+			    EAP_CODE_REQUEST, id);
 
+	if (buf == NULL) {
 
+		wpabuf_free(buf1);
 
+		return NULL;
 
+	}
 
+	wpabuf_put_buf(buf, buf1);
 
+	wpabuf_free(buf1);
 
+
 
+	req = wpabuf_head(buf);
 
+	req_len = wpabuf_len(buf);
 
+
 
+	wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 SOH data",
 
+			req, req_len);
 
+
 
+	req += sizeof(struct eap_hdr);
 
+	req_len -= sizeof(struct eap_hdr);
 
+
 
+	encr_req = eap_peap_encrypt(sm, data, id, req, req_len);
 
+	wpabuf_free(buf);
 
+
 
+	return encr_req;
 
+}
 
+#endif /* EAP_TNC */
 
+
 
+
 
 static void eap_peap_get_isk(struct eap_peap_data *data,
 
 			     u8 *isk, size_t isk_len)
 
 {
 
@@ -454,6 +502,10 @@ static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
 
 	len = 6; /* Result TLV */
 
 	if (data->crypto_binding != NO_BINDING)
 
 		len += 60; /* Cryptobinding TLV */
 
+#ifdef EAP_TNC
 
+	if (data->soh_response)
 
+		len += wpabuf_len(data->soh_response);
 
+#endif /* EAP_TNC */
 
 
 	buf = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, len,
 
 			    EAP_CODE_REQUEST, id);
 
@@ -476,6 +528,16 @@ static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
 
 		size_t len[2];
 
 		u16 tlv_type;
 
 
+#ifdef EAP_TNC
 
+		if (data->soh_response) {
 
+			wpa_printf(MSG_DEBUG, "EAP-PEAP: Adding MS-SOH "
 
+				   "Response TLV");
 
+			wpabuf_put_buf(buf, data->soh_response);
 
+			wpabuf_free(data->soh_response);
 
+			data->soh_response = NULL;
 
+		}
 
+#endif /* EAP_TNC */
 
+
 
 		if (eap_peap_derive_cmk(sm, data) < 0 ||
 
 		    os_get_random(data->binding_nonce, 32)) {
 
 			wpabuf_free(buf);
 
@@ -563,6 +625,10 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
 
 	case PHASE2_ID:
 
 	case PHASE2_METHOD:
 
 		return eap_peap_build_phase2_req(sm, data, id);
 
+#ifdef EAP_TNC
 
+	case PHASE2_SOH:
 
+		return eap_peap_build_phase2_soh(sm, data, id);
 
+#endif /* EAP_TNC */
 
 	case PHASE2_TLV:
 
 		return eap_peap_build_phase2_tlv(sm, data, id);
 
 	case SUCCESS_REQ:
 
@@ -782,6 +848,137 @@ static void eap_peap_process_phase2_tlv(struct eap_sm *sm,
 
 }
 
 
 
+#ifdef EAP_TNC
 
+static void eap_peap_process_phase2_soh(struct eap_sm *sm,
 
+					struct eap_peap_data *data,
 
+					struct wpabuf *in_data)
 
+{
 
+	const u8 *pos, *vpos;
 
+	size_t left;
 
+	const u8 *soh_tlv = NULL;
 
+	size_t soh_tlv_len = 0;
 
+	int tlv_type, mandatory, tlv_len, vtlv_len;
 
+	u8 next_type;
 
+	u32 vendor_id;
 
+
 
+	pos = eap_hdr_validate(EAP_VENDOR_MICROSOFT, 0x21, in_data, &left);
 
+	if (pos == NULL) {
 
+		wpa_printf(MSG_DEBUG, "EAP-PEAP: Not a valid SoH EAP "
 
+			   "Extensions Method header - skip TNC");
 
+		goto auth_method;
 
+	}
 
+
 
+	/* Parse TLVs */
 
+	wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received TLVs (SoH)", pos, left);
 
+	while (left >= 4) {
 
+		mandatory = !!(pos[0] & 0x80);
 
+		tlv_type = pos[0] & 0x3f;
 
+		tlv_type = (tlv_type << 8) | pos[1];
 
+		tlv_len = ((int) pos[2] << 8) | pos[3];
 
+		pos += 4;
 
+		left -= 4;
 
+		if ((size_t) tlv_len > left) {
 
+			wpa_printf(MSG_DEBUG, "EAP-PEAP: TLV underrun "
 
+				   "(tlv_len=%d left=%lu)", tlv_len,
 
+				   (unsigned long) left);
 
+			eap_peap_state(data, FAILURE);
 
+			return;
 
+		}
 
+		switch (tlv_type) {
 
+		case EAP_TLV_VENDOR_SPECIFIC_TLV:
 
+			if (tlv_len < 4) {
 
+				wpa_printf(MSG_DEBUG, "EAP-PEAP: Too short "
 
+					   "vendor specific TLV (len=%d)",
 
+					   (int) tlv_len);
 
+				eap_peap_state(data, FAILURE);
 
+				return;
 
+			}
 
+
 
+			vendor_id = WPA_GET_BE32(pos);
 
+			if (vendor_id != EAP_VENDOR_MICROSOFT) {
 
+				if (mandatory) {
 
+					eap_peap_state(data, FAILURE);
 
+					return;
 
+				}
 
+				break;
 
+			}
 
+
 
+			vpos = pos + 4;
 
+			mandatory = !!(vpos[0] & 0x80);
 
+			tlv_type = vpos[0] & 0x3f;
 
+			tlv_type = (tlv_type << 8) | vpos[1];
 
+			vtlv_len = ((int) vpos[2] << 8) | vpos[3];
 
+			vpos += 4;
 
+			if (vpos + vtlv_len > pos + left) {
 
+				wpa_printf(MSG_DEBUG, "EAP-PEAP: Vendor TLV "
 
+					   "underrun");
 
+				eap_peap_state(data, FAILURE);
 
+				return;
 
+			}
 
+
 
+			if (tlv_type == 1) {
 
+				soh_tlv = vpos;
 
+				soh_tlv_len = vtlv_len;
 
+				break;
 
+			}
 
+
 
+			wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported MS-TLV "
 
+				   "Type %d%s", tlv_type,
 
+				   mandatory ? " (mandatory)" : "");
 
+			if (mandatory) {
 
+				eap_peap_state(data, FAILURE);
 
+				return;
 
+			}
 
+			/* Ignore this TLV, but process other TLVs */
 
+			break;
 
+		default:
 
+			wpa_printf(MSG_DEBUG, "EAP-PEAP: Unsupported TLV Type "
 
+				   "%d%s", tlv_type,
 
+				   mandatory ? " (mandatory)" : "");
 
+			if (mandatory) {
 
+				eap_peap_state(data, FAILURE);
 
+				return;
 
+			}
 
+			/* Ignore this TLV, but process other TLVs */
 
+			break;
 
+		}
 
+
 
+		pos += tlv_len;
 
+		left -= tlv_len;
 
+	}
 
+	if (left) {
 
+		wpa_printf(MSG_DEBUG, "EAP-PEAP: Last TLV too short in "
 
+			   "Request (left=%lu)", (unsigned long) left);
 
+		eap_peap_state(data, FAILURE);
 
+		return;
 
+	}
 
+
 
+	/* Process supported TLVs */
 
+	if (soh_tlv) {
 
+		int failure = 0;
 
+		wpabuf_free(data->soh_response);
 
+		data->soh_response = tncs_process_soh(soh_tlv, soh_tlv_len,
 
+						      &failure);
 
+		if (failure) {
 
+			eap_peap_state(data, FAILURE);
 
+			return;
 
+		}
 
+	} else {
 
+		wpa_printf(MSG_DEBUG, "EAP-PEAP: No SoH TLV received");
 
+		eap_peap_state(data, FAILURE);
 
+		return;
 
+	}
 
+
 
+auth_method:
 
+	eap_peap_state(data, PHASE2_METHOD);
 
+	next_type = sm->user->methods[0].method;
 
+	sm->user_eap_method_index = 1;
 
+	wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type);
 
+	eap_peap_phase2_init(sm, data, next_type);
 
+}
 
+#endif /* EAP_TNC */
 
+
 
+
 
 static void eap_peap_process_phase2_response(struct eap_sm *sm,
 
 					     struct eap_peap_data *data,
 
 					     struct wpabuf *in_data)
 
@@ -796,6 +993,13 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
 
 		return;
 
 	}
 
 
+#ifdef EAP_TNC
 
+	if (data->state == PHASE2_SOH) {
 
+		eap_peap_process_phase2_soh(sm, data, in_data);
 
+		return;
 
+	}
 
+#endif /* EAP_TNC */
 
+
 
 	if (data->phase2_priv == NULL) {
 
 		wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - Phase2 not "
 
 			   "initialized?!", __func__);
 
@@ -882,6 +1086,7 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
 
 	switch (data->state) {
 
 	case PHASE1_ID2:
 
 	case PHASE2_ID:
 
+	case PHASE2_SOH:
 
 		if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
 
 			wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 "
 
 					  "Identity not found in the user "
 
@@ -892,6 +1097,17 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
 
 			break;
 
 		}
 
 
+#ifdef EAP_TNC
 
+		if (data->state != PHASE2_SOH && sm->tnc &&
 
+		    data->peap_version == 0) {
 
+			eap_peap_state(data, PHASE2_SOH);
 
+			wpa_printf(MSG_DEBUG, "EAP-PEAP: Try to initialize "
 
+				   "TNC (NAP SOH)");
 
+			next_type = EAP_TYPE_NONE;
 
+			break;
 
+		}
 
+#endif /* EAP_TNC */
 
+
 
 		eap_peap_state(data, PHASE2_METHOD);
 
 		next_type = sm->user->methods[0].method;
 
 		sm->user_eap_method_index = 1;
 
@@ -1231,6 +1447,7 @@ static void eap_peap_process(struct eap_sm *sm, void *priv,
 
 	case PHASE1_ID2:
 
 	case PHASE2_ID:
 
 	case PHASE2_METHOD:
 
+	case PHASE2_SOH:
 
 	case PHASE2_TLV:
 
 		eap_peap_process_phase2(sm, data, respData, pos, left);
 
 		break;

+ 41 - 1
src/eap_server/tncs.c
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * EAP-TNC - TNCS (IF-IMV and IF-TNCCS)
 
+ * EAP-TNC - TNCS (IF-IMV, IF-TNCCS, and IF-TNCCS-SOH)
 
  * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
 
  *
 
  * This program is free software; you can redistribute it and/or modify
 
@@ -18,6 +18,8 @@
 
 #include "common.h"
 
 #include "base64.h"
 
 #include "tncs.h"
 
+#include "eap_common/eap_tlv_common.h"
 
+#include "eap_common/eap_defs.h"
 
 
 
 /* TODO: TNCS must be thread-safe; review the code and add locking etc. if
 
@@ -1230,3 +1232,41 @@ void tncs_global_deinit(void)
 
 
 	os_free(tncs_global_data);
 
 }
 
+
 
+
 
+struct wpabuf * tncs_build_soh_request(void)
 
+{
 
+	struct wpabuf *buf;
 
+
 
+	/*
 
+	 * Build a SoH Request TLV (to be used inside SoH EAP Extensions
 
+	 * Method)
 
+	 */
 
+
 
+	buf = wpabuf_alloc(8 + 4);
 
+	if (buf == NULL)
 
+		return NULL;
 
+
 
+	/* Vendor-Specific TLV (Microsoft) - SoH Request */
 
+	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
 
+	wpabuf_put_be16(buf, 8); /* Length */
 
+
 
+	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
 
+
 
+	wpabuf_put_be16(buf, 0x02); /* TLV Type - SoH Request TLV */
 
+	wpabuf_put_be16(buf, 0); /* Length */
 
+
 
+	return buf;
 
+}
 
+
 
+
 
+struct wpabuf * tncs_process_soh(const u8 *soh_tlv, size_t soh_tlv_len,
 
+				 int *failure)
 
+{
 
+	wpa_hexdump(MSG_DEBUG, "TNC: SoH TLV", soh_tlv, soh_tlv_len);
 
+	*failure = 0;
 
+
 
+	/* TODO: return MS-SoH Response TLV */
 
+
 
+	return NULL;
 
+}

+ 5 - 1
src/eap_server/tncs.h
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * EAP-TNC - TNCS (IF-IMV and IF-TNCCS)
 
+ * EAP-TNC - TNCS (IF-IMV, IF-TNCCS, and IF-TNCCS-SOH)
 
  * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
 
  *
 
  * This program is free software; you can redistribute it and/or modify
 
@@ -42,4 +42,8 @@ enum tncs_process_res tncs_process_if_tnccs(struct tncs_data *tncs,
 
 int tncs_global_init(void);
 
 void tncs_global_deinit(void);
 
 
+struct wpabuf * tncs_build_soh_request(void);
 
+struct wpabuf * tncs_process_soh(const u8 *soh_tlv, size_t soh_tlv_len,
 
+				 int *failure);
 
+
 
 #endif /* TNCS_H */