eap_fast.c 48 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820
  1. /*
  2. * EAP peer method: EAP-FAST (RFC 4851)
  3. * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
  4. *
  5. * This software may be distributed under the terms of the BSD license.
  6. * See README for more details.
  7. */
  8. #include "includes.h"
  9. #include "common.h"
  10. #include "crypto/tls.h"
  11. #include "crypto/sha1.h"
  12. #include "eap_common/eap_tlv_common.h"
  13. #include "eap_i.h"
  14. #include "eap_tls_common.h"
  15. #include "eap_config.h"
  16. #include "eap_fast_pac.h"
  17. #ifdef EAP_FAST_DYNAMIC
  18. #include "eap_fast_pac.c"
  19. #endif /* EAP_FAST_DYNAMIC */
  20. /* TODO:
  21. * - test session resumption and enable it if it interoperates
  22. * - password change (pending mschapv2 packet; replay decrypted packet)
  23. */
  24. static void eap_fast_deinit(struct eap_sm *sm, void *priv);
  25. struct eap_fast_data {
  26. struct eap_ssl_data ssl;
  27. int fast_version;
  28. const struct eap_method *phase2_method;
  29. void *phase2_priv;
  30. int phase2_success;
  31. struct eap_method_type phase2_type;
  32. struct eap_method_type *phase2_types;
  33. size_t num_phase2_types;
  34. int resuming; /* starting a resumed session */
  35. struct eap_fast_key_block_provisioning *key_block_p;
  36. #define EAP_FAST_PROV_UNAUTH 1
  37. #define EAP_FAST_PROV_AUTH 2
  38. int provisioning_allowed; /* Allowed PAC provisioning modes */
  39. int provisioning; /* doing PAC provisioning (not the normal auth) */
  40. int anon_provisioning; /* doing anonymous (unauthenticated)
  41. * provisioning */
  42. int session_ticket_used;
  43. u8 key_data[EAP_FAST_KEY_LEN];
  44. u8 *session_id;
  45. size_t id_len;
  46. u8 emsk[EAP_EMSK_LEN];
  47. int success;
  48. struct eap_fast_pac *pac;
  49. struct eap_fast_pac *current_pac;
  50. size_t max_pac_list_len;
  51. int use_pac_binary_format;
  52. u8 simck[EAP_FAST_SIMCK_LEN];
  53. int simck_idx;
  54. struct wpabuf *pending_phase2_req;
  55. struct wpabuf *pending_resp;
  56. };
  57. static int eap_fast_session_ticket_cb(void *ctx, const u8 *ticket, size_t len,
  58. const u8 *client_random,
  59. const u8 *server_random,
  60. u8 *master_secret)
  61. {
  62. struct eap_fast_data *data = ctx;
  63. wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket callback");
  64. if (client_random == NULL || server_random == NULL ||
  65. master_secret == NULL) {
  66. wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket failed - fall "
  67. "back to full TLS handshake");
  68. data->session_ticket_used = 0;
  69. if (data->provisioning_allowed) {
  70. wpa_printf(MSG_DEBUG, "EAP-FAST: Try to provision a "
  71. "new PAC-Key");
  72. data->provisioning = 1;
  73. data->current_pac = NULL;
  74. }
  75. return 0;
  76. }
  77. wpa_hexdump(MSG_DEBUG, "EAP-FAST: SessionTicket", ticket, len);
  78. if (data->current_pac == NULL) {
  79. wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC-Key available for "
  80. "using SessionTicket");
  81. data->session_ticket_used = 0;
  82. return 0;
  83. }
  84. eap_fast_derive_master_secret(data->current_pac->pac_key,
  85. server_random, client_random,
  86. master_secret);
  87. data->session_ticket_used = 1;
  88. return 1;
  89. }
  90. static void eap_fast_parse_phase1(struct eap_fast_data *data,
  91. const char *phase1)
  92. {
  93. const char *pos;
  94. pos = os_strstr(phase1, "fast_provisioning=");
  95. if (pos) {
  96. data->provisioning_allowed = atoi(pos + 18);
  97. wpa_printf(MSG_DEBUG, "EAP-FAST: Automatic PAC provisioning "
  98. "mode: %d", data->provisioning_allowed);
  99. }
  100. pos = os_strstr(phase1, "fast_max_pac_list_len=");
  101. if (pos) {
  102. data->max_pac_list_len = atoi(pos + 22);
  103. if (data->max_pac_list_len == 0)
  104. data->max_pac_list_len = 1;
  105. wpa_printf(MSG_DEBUG, "EAP-FAST: Maximum PAC list length: %lu",
  106. (unsigned long) data->max_pac_list_len);
  107. }
  108. pos = os_strstr(phase1, "fast_pac_format=binary");
  109. if (pos) {
  110. data->use_pac_binary_format = 1;
  111. wpa_printf(MSG_DEBUG, "EAP-FAST: Using binary format for PAC "
  112. "list");
  113. }
  114. }
  115. static void * eap_fast_init(struct eap_sm *sm)
  116. {
  117. struct eap_fast_data *data;
  118. struct eap_peer_config *config = eap_get_config(sm);
  119. if (config == NULL)
  120. return NULL;
  121. data = os_zalloc(sizeof(*data));
  122. if (data == NULL)
  123. return NULL;
  124. data->fast_version = EAP_FAST_VERSION;
  125. data->max_pac_list_len = 10;
  126. if (config->phase1)
  127. eap_fast_parse_phase1(data, config->phase1);
  128. if (eap_peer_select_phase2_methods(config, "auth=",
  129. &data->phase2_types,
  130. &data->num_phase2_types) < 0) {
  131. eap_fast_deinit(sm, data);
  132. return NULL;
  133. }
  134. data->phase2_type.vendor = EAP_VENDOR_IETF;
  135. data->phase2_type.method = EAP_TYPE_NONE;
  136. if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_FAST)) {
  137. wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
  138. eap_fast_deinit(sm, data);
  139. return NULL;
  140. }
  141. if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
  142. eap_fast_session_ticket_cb,
  143. data) < 0) {
  144. wpa_printf(MSG_INFO, "EAP-FAST: Failed to set SessionTicket "
  145. "callback");
  146. eap_fast_deinit(sm, data);
  147. return NULL;
  148. }
  149. /*
  150. * The local RADIUS server in a Cisco AP does not seem to like empty
  151. * fragments before data, so disable that workaround for CBC.
  152. * TODO: consider making this configurable
  153. */
  154. if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn)) {
  155. wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to enable TLS "
  156. "workarounds");
  157. }
  158. if (!config->pac_file) {
  159. wpa_printf(MSG_INFO, "EAP-FAST: No PAC file configured");
  160. eap_fast_deinit(sm, data);
  161. return NULL;
  162. }
  163. if (data->use_pac_binary_format &&
  164. eap_fast_load_pac_bin(sm, &data->pac, config->pac_file) < 0) {
  165. wpa_printf(MSG_INFO, "EAP-FAST: Failed to load PAC file");
  166. eap_fast_deinit(sm, data);
  167. return NULL;
  168. }
  169. if (!data->use_pac_binary_format &&
  170. eap_fast_load_pac(sm, &data->pac, config->pac_file) < 0) {
  171. wpa_printf(MSG_INFO, "EAP-FAST: Failed to load PAC file");
  172. eap_fast_deinit(sm, data);
  173. return NULL;
  174. }
  175. eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len);
  176. if (data->pac == NULL && !data->provisioning_allowed) {
  177. wpa_printf(MSG_INFO, "EAP-FAST: No PAC configured and "
  178. "provisioning disabled");
  179. eap_fast_deinit(sm, data);
  180. return NULL;
  181. }
  182. return data;
  183. }
  184. static void eap_fast_deinit(struct eap_sm *sm, void *priv)
  185. {
  186. struct eap_fast_data *data = priv;
  187. struct eap_fast_pac *pac, *prev;
  188. if (data == NULL)
  189. return;
  190. if (data->phase2_priv && data->phase2_method)
  191. data->phase2_method->deinit(sm, data->phase2_priv);
  192. os_free(data->phase2_types);
  193. os_free(data->key_block_p);
  194. eap_peer_tls_ssl_deinit(sm, &data->ssl);
  195. pac = data->pac;
  196. prev = NULL;
  197. while (pac) {
  198. prev = pac;
  199. pac = pac->next;
  200. eap_fast_free_pac(prev);
  201. }
  202. os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
  203. os_memset(data->emsk, 0, EAP_EMSK_LEN);
  204. os_free(data->session_id);
  205. wpabuf_free(data->pending_phase2_req);
  206. wpabuf_free(data->pending_resp);
  207. os_free(data);
  208. }
  209. static int eap_fast_derive_msk(struct eap_fast_data *data)
  210. {
  211. if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 ||
  212. eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0)
  213. return -1;
  214. data->success = 1;
  215. return 0;
  216. }
  217. static int eap_fast_derive_key_auth(struct eap_sm *sm,
  218. struct eap_fast_data *data)
  219. {
  220. u8 *sks;
  221. /* RFC 4851, Section 5.1:
  222. * Extra key material after TLS key_block: session_key_seed[40]
  223. */
  224. sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
  225. EAP_FAST_SKS_LEN);
  226. if (sks == NULL) {
  227. wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive "
  228. "session_key_seed");
  229. return -1;
  230. }
  231. /*
  232. * RFC 4851, Section 5.2:
  233. * S-IMCK[0] = session_key_seed
  234. */
  235. wpa_hexdump_key(MSG_DEBUG,
  236. "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
  237. sks, EAP_FAST_SKS_LEN);
  238. data->simck_idx = 0;
  239. os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN);
  240. os_free(sks);
  241. return 0;
  242. }
  243. static int eap_fast_derive_key_provisioning(struct eap_sm *sm,
  244. struct eap_fast_data *data)
  245. {
  246. os_free(data->key_block_p);
  247. data->key_block_p = (struct eap_fast_key_block_provisioning *)
  248. eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
  249. sizeof(*data->key_block_p));
  250. if (data->key_block_p == NULL) {
  251. wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive key block");
  252. return -1;
  253. }
  254. /*
  255. * RFC 4851, Section 5.2:
  256. * S-IMCK[0] = session_key_seed
  257. */
  258. wpa_hexdump_key(MSG_DEBUG,
  259. "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
  260. data->key_block_p->session_key_seed,
  261. sizeof(data->key_block_p->session_key_seed));
  262. data->simck_idx = 0;
  263. os_memcpy(data->simck, data->key_block_p->session_key_seed,
  264. EAP_FAST_SIMCK_LEN);
  265. wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: server_challenge",
  266. data->key_block_p->server_challenge,
  267. sizeof(data->key_block_p->server_challenge));
  268. wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: client_challenge",
  269. data->key_block_p->client_challenge,
  270. sizeof(data->key_block_p->client_challenge));
  271. return 0;
  272. }
  273. static int eap_fast_derive_keys(struct eap_sm *sm, struct eap_fast_data *data)
  274. {
  275. int res;
  276. if (data->anon_provisioning)
  277. res = eap_fast_derive_key_provisioning(sm, data);
  278. else
  279. res = eap_fast_derive_key_auth(sm, data);
  280. return res;
  281. }
  282. static int eap_fast_init_phase2_method(struct eap_sm *sm,
  283. struct eap_fast_data *data)
  284. {
  285. data->phase2_method =
  286. eap_peer_get_eap_method(data->phase2_type.vendor,
  287. data->phase2_type.method);
  288. if (data->phase2_method == NULL)
  289. return -1;
  290. if (data->key_block_p) {
  291. sm->auth_challenge = data->key_block_p->server_challenge;
  292. sm->peer_challenge = data->key_block_p->client_challenge;
  293. }
  294. sm->init_phase2 = 1;
  295. data->phase2_priv = data->phase2_method->init(sm);
  296. sm->init_phase2 = 0;
  297. sm->auth_challenge = NULL;
  298. sm->peer_challenge = NULL;
  299. return data->phase2_priv == NULL ? -1 : 0;
  300. }
  301. static int eap_fast_select_phase2_method(struct eap_fast_data *data, u8 type)
  302. {
  303. size_t i;
  304. /* TODO: TNC with anonymous provisioning; need to require both
  305. * completed MSCHAPv2 and TNC */
  306. if (data->anon_provisioning && type != EAP_TYPE_MSCHAPV2) {
  307. wpa_printf(MSG_INFO, "EAP-FAST: Only EAP-MSCHAPv2 is allowed "
  308. "during unauthenticated provisioning; reject phase2"
  309. " type %d", type);
  310. return -1;
  311. }
  312. #ifdef EAP_TNC
  313. if (type == EAP_TYPE_TNC) {
  314. data->phase2_type.vendor = EAP_VENDOR_IETF;
  315. data->phase2_type.method = EAP_TYPE_TNC;
  316. wpa_printf(MSG_DEBUG, "EAP-FAST: Selected Phase 2 EAP "
  317. "vendor %d method %d for TNC",
  318. data->phase2_type.vendor,
  319. data->phase2_type.method);
  320. return 0;
  321. }
  322. #endif /* EAP_TNC */
  323. for (i = 0; i < data->num_phase2_types; i++) {
  324. if (data->phase2_types[i].vendor != EAP_VENDOR_IETF ||
  325. data->phase2_types[i].method != type)
  326. continue;
  327. data->phase2_type.vendor = data->phase2_types[i].vendor;
  328. data->phase2_type.method = data->phase2_types[i].method;
  329. wpa_printf(MSG_DEBUG, "EAP-FAST: Selected Phase 2 EAP "
  330. "vendor %d method %d",
  331. data->phase2_type.vendor,
  332. data->phase2_type.method);
  333. break;
  334. }
  335. if (type != data->phase2_type.method || type == EAP_TYPE_NONE)
  336. return -1;
  337. return 0;
  338. }
  339. static int eap_fast_phase2_request(struct eap_sm *sm,
  340. struct eap_fast_data *data,
  341. struct eap_method_ret *ret,
  342. struct eap_hdr *hdr,
  343. struct wpabuf **resp)
  344. {
  345. size_t len = be_to_host16(hdr->length);
  346. u8 *pos;
  347. struct eap_method_ret iret;
  348. struct eap_peer_config *config = eap_get_config(sm);
  349. struct wpabuf msg;
  350. if (len <= sizeof(struct eap_hdr)) {
  351. wpa_printf(MSG_INFO, "EAP-FAST: too short "
  352. "Phase 2 request (len=%lu)", (unsigned long) len);
  353. return -1;
  354. }
  355. pos = (u8 *) (hdr + 1);
  356. wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 Request: type=%d", *pos);
  357. if (*pos == EAP_TYPE_IDENTITY) {
  358. *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
  359. return 0;
  360. }
  361. if (data->phase2_priv && data->phase2_method &&
  362. *pos != data->phase2_type.method) {
  363. wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 EAP sequence - "
  364. "deinitialize previous method");
  365. data->phase2_method->deinit(sm, data->phase2_priv);
  366. data->phase2_method = NULL;
  367. data->phase2_priv = NULL;
  368. data->phase2_type.vendor = EAP_VENDOR_IETF;
  369. data->phase2_type.method = EAP_TYPE_NONE;
  370. }
  371. if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
  372. data->phase2_type.method == EAP_TYPE_NONE &&
  373. eap_fast_select_phase2_method(data, *pos) < 0) {
  374. if (eap_peer_tls_phase2_nak(data->phase2_types,
  375. data->num_phase2_types,
  376. hdr, resp))
  377. return -1;
  378. return 0;
  379. }
  380. if ((data->phase2_priv == NULL &&
  381. eap_fast_init_phase2_method(sm, data) < 0) ||
  382. data->phase2_method == NULL) {
  383. wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize "
  384. "Phase 2 EAP method %d", *pos);
  385. ret->methodState = METHOD_DONE;
  386. ret->decision = DECISION_FAIL;
  387. return -1;
  388. }
  389. os_memset(&iret, 0, sizeof(iret));
  390. wpabuf_set(&msg, hdr, len);
  391. *resp = data->phase2_method->process(sm, data->phase2_priv, &iret,
  392. &msg);
  393. if (*resp == NULL ||
  394. (iret.methodState == METHOD_DONE &&
  395. iret.decision == DECISION_FAIL)) {
  396. ret->methodState = METHOD_DONE;
  397. ret->decision = DECISION_FAIL;
  398. } else if ((iret.methodState == METHOD_DONE ||
  399. iret.methodState == METHOD_MAY_CONT) &&
  400. (iret.decision == DECISION_UNCOND_SUCC ||
  401. iret.decision == DECISION_COND_SUCC)) {
  402. data->phase2_success = 1;
  403. }
  404. if (*resp == NULL && config &&
  405. (config->pending_req_identity || config->pending_req_password ||
  406. config->pending_req_otp || config->pending_req_new_password)) {
  407. wpabuf_free(data->pending_phase2_req);
  408. data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
  409. } else if (*resp == NULL)
  410. return -1;
  411. return 0;
  412. }
  413. static struct wpabuf * eap_fast_tlv_nak(int vendor_id, int tlv_type)
  414. {
  415. struct wpabuf *buf;
  416. struct eap_tlv_nak_tlv *nak;
  417. buf = wpabuf_alloc(sizeof(*nak));
  418. if (buf == NULL)
  419. return NULL;
  420. nak = wpabuf_put(buf, sizeof(*nak));
  421. nak->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | EAP_TLV_NAK_TLV);
  422. nak->length = host_to_be16(6);
  423. nak->vendor_id = host_to_be32(vendor_id);
  424. nak->nak_type = host_to_be16(tlv_type);
  425. return buf;
  426. }
  427. static struct wpabuf * eap_fast_tlv_result(int status, int intermediate)
  428. {
  429. struct wpabuf *buf;
  430. struct eap_tlv_intermediate_result_tlv *result;
  431. buf = wpabuf_alloc(sizeof(*result));
  432. if (buf == NULL)
  433. return NULL;
  434. wpa_printf(MSG_DEBUG, "EAP-FAST: Add %sResult TLV(status=%d)",
  435. intermediate ? "Intermediate " : "", status);
  436. result = wpabuf_put(buf, sizeof(*result));
  437. result->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
  438. (intermediate ?
  439. EAP_TLV_INTERMEDIATE_RESULT_TLV :
  440. EAP_TLV_RESULT_TLV));
  441. result->length = host_to_be16(2);
  442. result->status = host_to_be16(status);
  443. return buf;
  444. }
  445. static struct wpabuf * eap_fast_tlv_pac_ack(void)
  446. {
  447. struct wpabuf *buf;
  448. struct eap_tlv_result_tlv *res;
  449. struct eap_tlv_pac_ack_tlv *ack;
  450. buf = wpabuf_alloc(sizeof(*res) + sizeof(*ack));
  451. if (buf == NULL)
  452. return NULL;
  453. wpa_printf(MSG_DEBUG, "EAP-FAST: Add PAC TLV (ack)");
  454. ack = wpabuf_put(buf, sizeof(*ack));
  455. ack->tlv_type = host_to_be16(EAP_TLV_PAC_TLV |
  456. EAP_TLV_TYPE_MANDATORY);
  457. ack->length = host_to_be16(sizeof(*ack) - sizeof(struct eap_tlv_hdr));
  458. ack->pac_type = host_to_be16(PAC_TYPE_PAC_ACKNOWLEDGEMENT);
  459. ack->pac_len = host_to_be16(2);
  460. ack->result = host_to_be16(EAP_TLV_RESULT_SUCCESS);
  461. return buf;
  462. }
  463. static struct wpabuf * eap_fast_process_eap_payload_tlv(
  464. struct eap_sm *sm, struct eap_fast_data *data,
  465. struct eap_method_ret *ret,
  466. u8 *eap_payload_tlv, size_t eap_payload_tlv_len)
  467. {
  468. struct eap_hdr *hdr;
  469. struct wpabuf *resp = NULL;
  470. if (eap_payload_tlv_len < sizeof(*hdr)) {
  471. wpa_printf(MSG_DEBUG, "EAP-FAST: too short EAP "
  472. "Payload TLV (len=%lu)",
  473. (unsigned long) eap_payload_tlv_len);
  474. return NULL;
  475. }
  476. hdr = (struct eap_hdr *) eap_payload_tlv;
  477. if (be_to_host16(hdr->length) > eap_payload_tlv_len) {
  478. wpa_printf(MSG_DEBUG, "EAP-FAST: EAP packet overflow in "
  479. "EAP Payload TLV");
  480. return NULL;
  481. }
  482. if (hdr->code != EAP_CODE_REQUEST) {
  483. wpa_printf(MSG_INFO, "EAP-FAST: Unexpected code=%d in "
  484. "Phase 2 EAP header", hdr->code);
  485. return NULL;
  486. }
  487. if (eap_fast_phase2_request(sm, data, ret, hdr, &resp)) {
  488. wpa_printf(MSG_INFO, "EAP-FAST: Phase2 Request processing "
  489. "failed");
  490. return NULL;
  491. }
  492. return eap_fast_tlv_eap_payload(resp);
  493. }
  494. static int eap_fast_validate_crypto_binding(
  495. struct eap_tlv_crypto_binding_tlv *_bind)
  496. {
  497. wpa_printf(MSG_DEBUG, "EAP-FAST: Crypto-Binding TLV: Version %d "
  498. "Received Version %d SubType %d",
  499. _bind->version, _bind->received_version, _bind->subtype);
  500. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
  501. _bind->nonce, sizeof(_bind->nonce));
  502. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
  503. _bind->compound_mac, sizeof(_bind->compound_mac));
  504. if (_bind->version != EAP_FAST_VERSION ||
  505. _bind->received_version != EAP_FAST_VERSION ||
  506. _bind->subtype != EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST) {
  507. wpa_printf(MSG_INFO, "EAP-FAST: Invalid version/subtype in "
  508. "Crypto-Binding TLV: Version %d "
  509. "Received Version %d SubType %d",
  510. _bind->version, _bind->received_version,
  511. _bind->subtype);
  512. return -1;
  513. }
  514. return 0;
  515. }
  516. static void eap_fast_write_crypto_binding(
  517. struct eap_tlv_crypto_binding_tlv *rbind,
  518. struct eap_tlv_crypto_binding_tlv *_bind, const u8 *cmk)
  519. {
  520. rbind->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
  521. EAP_TLV_CRYPTO_BINDING_TLV);
  522. rbind->length = host_to_be16(sizeof(*rbind) -
  523. sizeof(struct eap_tlv_hdr));
  524. rbind->version = EAP_FAST_VERSION;
  525. rbind->received_version = _bind->version;
  526. rbind->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE;
  527. os_memcpy(rbind->nonce, _bind->nonce, sizeof(_bind->nonce));
  528. inc_byte_array(rbind->nonce, sizeof(rbind->nonce));
  529. hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) rbind, sizeof(*rbind),
  530. rbind->compound_mac);
  531. wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: Version %d "
  532. "Received Version %d SubType %d",
  533. rbind->version, rbind->received_version, rbind->subtype);
  534. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
  535. rbind->nonce, sizeof(rbind->nonce));
  536. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
  537. rbind->compound_mac, sizeof(rbind->compound_mac));
  538. }
  539. static int eap_fast_get_phase2_key(struct eap_sm *sm,
  540. struct eap_fast_data *data,
  541. u8 *isk, size_t isk_len)
  542. {
  543. u8 *key;
  544. size_t key_len;
  545. os_memset(isk, 0, isk_len);
  546. if (data->phase2_method == NULL || data->phase2_priv == NULL) {
  547. wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 method not "
  548. "available");
  549. return -1;
  550. }
  551. if (data->phase2_method->isKeyAvailable == NULL ||
  552. data->phase2_method->getKey == NULL)
  553. return 0;
  554. if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) ||
  555. (key = data->phase2_method->getKey(sm, data->phase2_priv,
  556. &key_len)) == NULL) {
  557. wpa_printf(MSG_DEBUG, "EAP-FAST: Could not get key material "
  558. "from Phase 2");
  559. return -1;
  560. }
  561. if (key_len > isk_len)
  562. key_len = isk_len;
  563. if (key_len == 32 &&
  564. data->phase2_method->vendor == EAP_VENDOR_IETF &&
  565. data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
  566. /*
  567. * EAP-FAST uses reverse order for MS-MPPE keys when deriving
  568. * MSK from EAP-MSCHAPv2. Swap the keys here to get the correct
  569. * ISK for EAP-FAST cryptobinding.
  570. */
  571. os_memcpy(isk, key + 16, 16);
  572. os_memcpy(isk + 16, key, 16);
  573. } else
  574. os_memcpy(isk, key, key_len);
  575. os_free(key);
  576. return 0;
  577. }
  578. static int eap_fast_get_cmk(struct eap_sm *sm, struct eap_fast_data *data,
  579. u8 *cmk)
  580. {
  581. u8 isk[32], imck[60];
  582. wpa_printf(MSG_DEBUG, "EAP-FAST: Determining CMK[%d] for Compound MIC "
  583. "calculation", data->simck_idx + 1);
  584. /*
  585. * RFC 4851, Section 5.2:
  586. * IMCK[j] = T-PRF(S-IMCK[j-1], "Inner Methods Compound Keys",
  587. * MSK[j], 60)
  588. * S-IMCK[j] = first 40 octets of IMCK[j]
  589. * CMK[j] = last 20 octets of IMCK[j]
  590. */
  591. if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0)
  592. return -1;
  593. wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: ISK[j]", isk, sizeof(isk));
  594. if (sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
  595. "Inner Methods Compound Keys",
  596. isk, sizeof(isk), imck, sizeof(imck)) < 0)
  597. return -1;
  598. data->simck_idx++;
  599. os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
  600. wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",
  601. data->simck, EAP_FAST_SIMCK_LEN);
  602. os_memcpy(cmk, imck + EAP_FAST_SIMCK_LEN, EAP_FAST_CMK_LEN);
  603. wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]",
  604. cmk, EAP_FAST_CMK_LEN);
  605. return 0;
  606. }
  607. static u8 * eap_fast_write_pac_request(u8 *pos, u16 pac_type)
  608. {
  609. struct eap_tlv_hdr *pac;
  610. struct eap_tlv_request_action_tlv *act;
  611. struct eap_tlv_pac_type_tlv *type;
  612. act = (struct eap_tlv_request_action_tlv *) pos;
  613. act->tlv_type = host_to_be16(EAP_TLV_REQUEST_ACTION_TLV);
  614. act->length = host_to_be16(2);
  615. act->action = host_to_be16(EAP_TLV_ACTION_PROCESS_TLV);
  616. pac = (struct eap_tlv_hdr *) (act + 1);
  617. pac->tlv_type = host_to_be16(EAP_TLV_PAC_TLV);
  618. pac->length = host_to_be16(sizeof(*type));
  619. type = (struct eap_tlv_pac_type_tlv *) (pac + 1);
  620. type->tlv_type = host_to_be16(PAC_TYPE_PAC_TYPE);
  621. type->length = host_to_be16(2);
  622. type->pac_type = host_to_be16(pac_type);
  623. return (u8 *) (type + 1);
  624. }
  625. static struct wpabuf * eap_fast_process_crypto_binding(
  626. struct eap_sm *sm, struct eap_fast_data *data,
  627. struct eap_method_ret *ret,
  628. struct eap_tlv_crypto_binding_tlv *_bind, size_t bind_len)
  629. {
  630. struct wpabuf *resp;
  631. u8 *pos;
  632. u8 cmk[EAP_FAST_CMK_LEN], cmac[SHA1_MAC_LEN];
  633. int res;
  634. size_t len;
  635. if (eap_fast_validate_crypto_binding(_bind) < 0)
  636. return NULL;
  637. if (eap_fast_get_cmk(sm, data, cmk) < 0)
  638. return NULL;
  639. /* Validate received Compound MAC */
  640. os_memcpy(cmac, _bind->compound_mac, sizeof(cmac));
  641. os_memset(_bind->compound_mac, 0, sizeof(cmac));
  642. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for Compound "
  643. "MAC calculation", (u8 *) _bind, bind_len);
  644. hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) _bind, bind_len,
  645. _bind->compound_mac);
  646. res = os_memcmp_const(cmac, _bind->compound_mac, sizeof(cmac));
  647. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Received Compound MAC",
  648. cmac, sizeof(cmac));
  649. wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Calculated Compound MAC",
  650. _bind->compound_mac, sizeof(cmac));
  651. if (res != 0) {
  652. wpa_printf(MSG_INFO, "EAP-FAST: Compound MAC did not match");
  653. os_memcpy(_bind->compound_mac, cmac, sizeof(cmac));
  654. return NULL;
  655. }
  656. /*
  657. * Compound MAC was valid, so authentication succeeded. Reply with
  658. * crypto binding to allow server to complete authentication.
  659. */
  660. len = sizeof(struct eap_tlv_crypto_binding_tlv);
  661. resp = wpabuf_alloc(len);
  662. if (resp == NULL)
  663. return NULL;
  664. if (!data->anon_provisioning && data->phase2_success &&
  665. eap_fast_derive_msk(data) < 0) {
  666. wpa_printf(MSG_INFO, "EAP-FAST: Failed to generate MSK");
  667. ret->methodState = METHOD_DONE;
  668. ret->decision = DECISION_FAIL;
  669. data->phase2_success = 0;
  670. wpabuf_free(resp);
  671. return NULL;
  672. }
  673. if (!data->anon_provisioning && data->phase2_success) {
  674. os_free(data->session_id);
  675. data->session_id = eap_peer_tls_derive_session_id(
  676. sm, &data->ssl, EAP_TYPE_FAST, &data->id_len);
  677. if (data->session_id) {
  678. wpa_hexdump(MSG_DEBUG, "EAP-FAST: Derived Session-Id",
  679. data->session_id, data->id_len);
  680. } else {
  681. wpa_printf(MSG_ERROR, "EAP-FAST: Failed to derive "
  682. "Session-Id");
  683. wpabuf_free(resp);
  684. return NULL;
  685. }
  686. }
  687. pos = wpabuf_put(resp, sizeof(struct eap_tlv_crypto_binding_tlv));
  688. eap_fast_write_crypto_binding((struct eap_tlv_crypto_binding_tlv *)
  689. pos, _bind, cmk);
  690. return resp;
  691. }
  692. static void eap_fast_parse_pac_tlv(struct eap_fast_pac *entry, int type,
  693. u8 *pos, size_t len, int *pac_key_found)
  694. {
  695. switch (type & 0x7fff) {
  696. case PAC_TYPE_PAC_KEY:
  697. wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key", pos, len);
  698. if (len != EAP_FAST_PAC_KEY_LEN) {
  699. wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid PAC-Key "
  700. "length %lu", (unsigned long) len);
  701. break;
  702. }
  703. *pac_key_found = 1;
  704. os_memcpy(entry->pac_key, pos, len);
  705. break;
  706. case PAC_TYPE_PAC_OPAQUE:
  707. wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Opaque", pos, len);
  708. entry->pac_opaque = pos;
  709. entry->pac_opaque_len = len;
  710. break;
  711. case PAC_TYPE_PAC_INFO:
  712. wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Info", pos, len);
  713. entry->pac_info = pos;
  714. entry->pac_info_len = len;
  715. break;
  716. default:
  717. wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown PAC type %d",
  718. type);
  719. break;
  720. }
  721. }
  722. static int eap_fast_process_pac_tlv(struct eap_fast_pac *entry,
  723. u8 *pac, size_t pac_len)
  724. {
  725. struct pac_tlv_hdr *hdr;
  726. u8 *pos;
  727. size_t left, len;
  728. int type, pac_key_found = 0;
  729. pos = pac;
  730. left = pac_len;
  731. while (left > sizeof(*hdr)) {
  732. hdr = (struct pac_tlv_hdr *) pos;
  733. type = be_to_host16(hdr->type);
  734. len = be_to_host16(hdr->len);
  735. pos += sizeof(*hdr);
  736. left -= sizeof(*hdr);
  737. if (len > left) {
  738. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV overrun "
  739. "(type=%d len=%lu left=%lu)",
  740. type, (unsigned long) len,
  741. (unsigned long) left);
  742. return -1;
  743. }
  744. eap_fast_parse_pac_tlv(entry, type, pos, len, &pac_key_found);
  745. pos += len;
  746. left -= len;
  747. }
  748. if (!pac_key_found || !entry->pac_opaque || !entry->pac_info) {
  749. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV does not include "
  750. "all the required fields");
  751. return -1;
  752. }
  753. return 0;
  754. }
  755. static int eap_fast_parse_pac_info(struct eap_fast_pac *entry, int type,
  756. u8 *pos, size_t len)
  757. {
  758. u16 pac_type;
  759. u32 lifetime;
  760. struct os_time now;
  761. switch (type & 0x7fff) {
  762. case PAC_TYPE_CRED_LIFETIME:
  763. if (len != 4) {
  764. wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Info - "
  765. "Invalid CRED_LIFETIME length - ignored",
  766. pos, len);
  767. return 0;
  768. }
  769. /*
  770. * This is not currently saved separately in PAC files since
  771. * the server can automatically initiate PAC update when
  772. * needed. Anyway, the information is available from PAC-Info
  773. * dump if it is needed for something in the future.
  774. */
  775. lifetime = WPA_GET_BE32(pos);
  776. os_get_time(&now);
  777. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info - CRED_LIFETIME %d "
  778. "(%d days)",
  779. lifetime, (lifetime - (u32) now.sec) / 86400);
  780. break;
  781. case PAC_TYPE_A_ID:
  782. wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - A-ID",
  783. pos, len);
  784. entry->a_id = pos;
  785. entry->a_id_len = len;
  786. break;
  787. case PAC_TYPE_I_ID:
  788. wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - I-ID",
  789. pos, len);
  790. entry->i_id = pos;
  791. entry->i_id_len = len;
  792. break;
  793. case PAC_TYPE_A_ID_INFO:
  794. wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - A-ID-Info",
  795. pos, len);
  796. entry->a_id_info = pos;
  797. entry->a_id_info_len = len;
  798. break;
  799. case PAC_TYPE_PAC_TYPE:
  800. /* RFC 5422, Section 4.2.6 - PAC-Type TLV */
  801. if (len != 2) {
  802. wpa_printf(MSG_INFO, "EAP-FAST: Invalid PAC-Type "
  803. "length %lu (expected 2)",
  804. (unsigned long) len);
  805. wpa_hexdump_ascii(MSG_DEBUG,
  806. "EAP-FAST: PAC-Info - PAC-Type",
  807. pos, len);
  808. return -1;
  809. }
  810. pac_type = WPA_GET_BE16(pos);
  811. if (pac_type != PAC_TYPE_TUNNEL_PAC &&
  812. pac_type != PAC_TYPE_USER_AUTHORIZATION &&
  813. pac_type != PAC_TYPE_MACHINE_AUTHENTICATION) {
  814. wpa_printf(MSG_INFO, "EAP-FAST: Unsupported PAC Type "
  815. "%d", pac_type);
  816. return -1;
  817. }
  818. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info - PAC-Type %d",
  819. pac_type);
  820. entry->pac_type = pac_type;
  821. break;
  822. default:
  823. wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown PAC-Info "
  824. "type %d", type);
  825. break;
  826. }
  827. return 0;
  828. }
  829. static int eap_fast_process_pac_info(struct eap_fast_pac *entry)
  830. {
  831. struct pac_tlv_hdr *hdr;
  832. u8 *pos;
  833. size_t left, len;
  834. int type;
  835. /* RFC 5422, Section 4.2.4 */
  836. /* PAC-Type defaults to Tunnel PAC (Type 1) */
  837. entry->pac_type = PAC_TYPE_TUNNEL_PAC;
  838. pos = entry->pac_info;
  839. left = entry->pac_info_len;
  840. while (left > sizeof(*hdr)) {
  841. hdr = (struct pac_tlv_hdr *) pos;
  842. type = be_to_host16(hdr->type);
  843. len = be_to_host16(hdr->len);
  844. pos += sizeof(*hdr);
  845. left -= sizeof(*hdr);
  846. if (len > left) {
  847. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info overrun "
  848. "(type=%d len=%lu left=%lu)",
  849. type, (unsigned long) len,
  850. (unsigned long) left);
  851. return -1;
  852. }
  853. if (eap_fast_parse_pac_info(entry, type, pos, len) < 0)
  854. return -1;
  855. pos += len;
  856. left -= len;
  857. }
  858. if (entry->a_id == NULL || entry->a_id_info == NULL) {
  859. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info does not include "
  860. "all the required fields");
  861. return -1;
  862. }
  863. return 0;
  864. }
  865. static struct wpabuf * eap_fast_process_pac(struct eap_sm *sm,
  866. struct eap_fast_data *data,
  867. struct eap_method_ret *ret,
  868. u8 *pac, size_t pac_len)
  869. {
  870. struct eap_peer_config *config = eap_get_config(sm);
  871. struct eap_fast_pac entry;
  872. os_memset(&entry, 0, sizeof(entry));
  873. if (eap_fast_process_pac_tlv(&entry, pac, pac_len) ||
  874. eap_fast_process_pac_info(&entry))
  875. return NULL;
  876. eap_fast_add_pac(&data->pac, &data->current_pac, &entry);
  877. eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len);
  878. if (data->use_pac_binary_format)
  879. eap_fast_save_pac_bin(sm, data->pac, config->pac_file);
  880. else
  881. eap_fast_save_pac(sm, data->pac, config->pac_file);
  882. if (data->provisioning) {
  883. if (data->anon_provisioning) {
  884. /*
  885. * Unauthenticated provisioning does not provide keying
  886. * material and must end with an EAP-Failure.
  887. * Authentication will be done separately after this.
  888. */
  889. data->success = 0;
  890. ret->decision = DECISION_FAIL;
  891. } else {
  892. /*
  893. * Server may or may not allow authenticated
  894. * provisioning also for key generation.
  895. */
  896. ret->decision = DECISION_COND_SUCC;
  897. }
  898. wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
  899. "- Provisioning completed successfully");
  900. sm->expected_failure = 1;
  901. } else {
  902. /*
  903. * This is PAC refreshing, i.e., normal authentication that is
  904. * expected to be completed with an EAP-Success. However,
  905. * RFC 5422, Section 3.5 allows EAP-Failure to be sent even
  906. * after protected success exchange in case of EAP-Fast
  907. * provisioning, so we better use DECISION_COND_SUCC here
  908. * instead of DECISION_UNCOND_SUCC.
  909. */
  910. wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
  911. "- PAC refreshing completed successfully");
  912. ret->decision = DECISION_COND_SUCC;
  913. }
  914. ret->methodState = METHOD_DONE;
  915. return eap_fast_tlv_pac_ack();
  916. }
  917. static int eap_fast_parse_decrypted(struct wpabuf *decrypted,
  918. struct eap_fast_tlv_parse *tlv,
  919. struct wpabuf **resp)
  920. {
  921. int mandatory, tlv_type, res;
  922. size_t len;
  923. u8 *pos, *end;
  924. os_memset(tlv, 0, sizeof(*tlv));
  925. /* Parse TLVs from the decrypted Phase 2 data */
  926. pos = wpabuf_mhead(decrypted);
  927. end = pos + wpabuf_len(decrypted);
  928. while (end - pos > 4) {
  929. mandatory = pos[0] & 0x80;
  930. tlv_type = WPA_GET_BE16(pos) & 0x3fff;
  931. pos += 2;
  932. len = WPA_GET_BE16(pos);
  933. pos += 2;
  934. if (len > (size_t) (end - pos)) {
  935. wpa_printf(MSG_INFO, "EAP-FAST: TLV overflow");
  936. return -1;
  937. }
  938. wpa_printf(MSG_DEBUG, "EAP-FAST: Received Phase 2: "
  939. "TLV type %d length %u%s",
  940. tlv_type, (unsigned int) len,
  941. mandatory ? " (mandatory)" : "");
  942. res = eap_fast_parse_tlv(tlv, tlv_type, pos, len);
  943. if (res == -2)
  944. break;
  945. if (res < 0) {
  946. if (mandatory) {
  947. wpa_printf(MSG_DEBUG, "EAP-FAST: Nak unknown "
  948. "mandatory TLV type %d", tlv_type);
  949. *resp = eap_fast_tlv_nak(0, tlv_type);
  950. break;
  951. } else {
  952. wpa_printf(MSG_DEBUG, "EAP-FAST: ignored "
  953. "unknown optional TLV type %d",
  954. tlv_type);
  955. }
  956. }
  957. pos += len;
  958. }
  959. return 0;
  960. }
  961. static int eap_fast_encrypt_response(struct eap_sm *sm,
  962. struct eap_fast_data *data,
  963. struct wpabuf *resp,
  964. u8 identifier, struct wpabuf **out_data)
  965. {
  966. if (resp == NULL)
  967. return 0;
  968. wpa_hexdump_buf(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 data",
  969. resp);
  970. if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST,
  971. data->fast_version, identifier,
  972. resp, out_data)) {
  973. wpa_printf(MSG_INFO, "EAP-FAST: Failed to encrypt a Phase 2 "
  974. "frame");
  975. }
  976. wpabuf_free(resp);
  977. return 0;
  978. }
  979. static struct wpabuf * eap_fast_pac_request(void)
  980. {
  981. struct wpabuf *tmp;
  982. u8 *pos, *pos2;
  983. tmp = wpabuf_alloc(sizeof(struct eap_tlv_hdr) +
  984. sizeof(struct eap_tlv_request_action_tlv) +
  985. sizeof(struct eap_tlv_pac_type_tlv));
  986. if (tmp == NULL)
  987. return NULL;
  988. pos = wpabuf_put(tmp, 0);
  989. pos2 = eap_fast_write_pac_request(pos, PAC_TYPE_TUNNEL_PAC);
  990. wpabuf_put(tmp, pos2 - pos);
  991. return tmp;
  992. }
  993. static int eap_fast_process_decrypted(struct eap_sm *sm,
  994. struct eap_fast_data *data,
  995. struct eap_method_ret *ret,
  996. u8 identifier,
  997. struct wpabuf *decrypted,
  998. struct wpabuf **out_data)
  999. {
  1000. struct wpabuf *resp = NULL, *tmp;
  1001. struct eap_fast_tlv_parse tlv;
  1002. int failed = 0;
  1003. if (eap_fast_parse_decrypted(decrypted, &tlv, &resp) < 0)
  1004. return 0;
  1005. if (resp)
  1006. return eap_fast_encrypt_response(sm, data, resp,
  1007. identifier, out_data);
  1008. if (tlv.result == EAP_TLV_RESULT_FAILURE) {
  1009. resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0);
  1010. return eap_fast_encrypt_response(sm, data, resp,
  1011. identifier, out_data);
  1012. }
  1013. if (tlv.iresult == EAP_TLV_RESULT_FAILURE) {
  1014. resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 1);
  1015. return eap_fast_encrypt_response(sm, data, resp,
  1016. identifier, out_data);
  1017. }
  1018. if (tlv.crypto_binding) {
  1019. tmp = eap_fast_process_crypto_binding(sm, data, ret,
  1020. tlv.crypto_binding,
  1021. tlv.crypto_binding_len);
  1022. if (tmp == NULL)
  1023. failed = 1;
  1024. else
  1025. resp = wpabuf_concat(resp, tmp);
  1026. }
  1027. if (tlv.iresult == EAP_TLV_RESULT_SUCCESS) {
  1028. tmp = eap_fast_tlv_result(failed ? EAP_TLV_RESULT_FAILURE :
  1029. EAP_TLV_RESULT_SUCCESS, 1);
  1030. resp = wpabuf_concat(resp, tmp);
  1031. }
  1032. if (tlv.eap_payload_tlv) {
  1033. tmp = eap_fast_process_eap_payload_tlv(
  1034. sm, data, ret, tlv.eap_payload_tlv,
  1035. tlv.eap_payload_tlv_len);
  1036. resp = wpabuf_concat(resp, tmp);
  1037. }
  1038. if (tlv.pac && tlv.result != EAP_TLV_RESULT_SUCCESS) {
  1039. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV without Result TLV "
  1040. "acknowledging success");
  1041. failed = 1;
  1042. } else if (tlv.pac && tlv.result == EAP_TLV_RESULT_SUCCESS) {
  1043. tmp = eap_fast_process_pac(sm, data, ret, tlv.pac,
  1044. tlv.pac_len);
  1045. resp = wpabuf_concat(resp, tmp);
  1046. }
  1047. if (data->current_pac == NULL && data->provisioning &&
  1048. !data->anon_provisioning && !tlv.pac &&
  1049. (tlv.iresult == EAP_TLV_RESULT_SUCCESS ||
  1050. tlv.result == EAP_TLV_RESULT_SUCCESS)) {
  1051. /*
  1052. * Need to request Tunnel PAC when using authenticated
  1053. * provisioning.
  1054. */
  1055. wpa_printf(MSG_DEBUG, "EAP-FAST: Request Tunnel PAC");
  1056. tmp = eap_fast_pac_request();
  1057. resp = wpabuf_concat(resp, tmp);
  1058. }
  1059. if (tlv.result == EAP_TLV_RESULT_SUCCESS && !failed) {
  1060. tmp = eap_fast_tlv_result(EAP_TLV_RESULT_SUCCESS, 0);
  1061. resp = wpabuf_concat(tmp, resp);
  1062. } else if (failed) {
  1063. tmp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0);
  1064. resp = wpabuf_concat(tmp, resp);
  1065. }
  1066. if (resp && tlv.result == EAP_TLV_RESULT_SUCCESS && !failed &&
  1067. tlv.crypto_binding && data->phase2_success) {
  1068. if (data->anon_provisioning) {
  1069. wpa_printf(MSG_DEBUG, "EAP-FAST: Unauthenticated "
  1070. "provisioning completed successfully.");
  1071. ret->methodState = METHOD_DONE;
  1072. ret->decision = DECISION_FAIL;
  1073. sm->expected_failure = 1;
  1074. } else {
  1075. wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
  1076. "completed successfully.");
  1077. if (data->provisioning)
  1078. ret->methodState = METHOD_MAY_CONT;
  1079. else
  1080. ret->methodState = METHOD_DONE;
  1081. ret->decision = DECISION_UNCOND_SUCC;
  1082. }
  1083. }
  1084. if (resp == NULL) {
  1085. wpa_printf(MSG_DEBUG, "EAP-FAST: No recognized TLVs - send "
  1086. "empty response packet");
  1087. resp = wpabuf_alloc(1);
  1088. }
  1089. return eap_fast_encrypt_response(sm, data, resp, identifier,
  1090. out_data);
  1091. }
  1092. static int eap_fast_decrypt(struct eap_sm *sm, struct eap_fast_data *data,
  1093. struct eap_method_ret *ret, u8 identifier,
  1094. const struct wpabuf *in_data,
  1095. struct wpabuf **out_data)
  1096. {
  1097. struct wpabuf *in_decrypted;
  1098. int res;
  1099. wpa_printf(MSG_DEBUG, "EAP-FAST: Received %lu bytes encrypted data for"
  1100. " Phase 2", (unsigned long) wpabuf_len(in_data));
  1101. if (data->pending_phase2_req) {
  1102. wpa_printf(MSG_DEBUG, "EAP-FAST: Pending Phase 2 request - "
  1103. "skip decryption and use old data");
  1104. /* Clear TLS reassembly state. */
  1105. eap_peer_tls_reset_input(&data->ssl);
  1106. in_decrypted = data->pending_phase2_req;
  1107. data->pending_phase2_req = NULL;
  1108. goto continue_req;
  1109. }
  1110. if (wpabuf_len(in_data) == 0) {
  1111. /* Received TLS ACK - requesting more fragments */
  1112. return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST,
  1113. data->fast_version,
  1114. identifier, NULL, out_data);
  1115. }
  1116. res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
  1117. if (res)
  1118. return res;
  1119. continue_req:
  1120. wpa_hexdump_buf(MSG_MSGDUMP, "EAP-FAST: Decrypted Phase 2 TLV(s)",
  1121. in_decrypted);
  1122. if (wpabuf_len(in_decrypted) < 4) {
  1123. wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
  1124. "TLV frame (len=%lu)",
  1125. (unsigned long) wpabuf_len(in_decrypted));
  1126. wpabuf_free(in_decrypted);
  1127. return -1;
  1128. }
  1129. res = eap_fast_process_decrypted(sm, data, ret, identifier,
  1130. in_decrypted, out_data);
  1131. wpabuf_free(in_decrypted);
  1132. return res;
  1133. }
  1134. static const u8 * eap_fast_get_a_id(const u8 *buf, size_t len, size_t *id_len)
  1135. {
  1136. const u8 *a_id;
  1137. const struct pac_tlv_hdr *hdr;
  1138. /*
  1139. * Parse authority identity (A-ID) from the EAP-FAST/Start. This
  1140. * supports both raw A-ID and one inside an A-ID TLV.
  1141. */
  1142. a_id = buf;
  1143. *id_len = len;
  1144. if (len > sizeof(*hdr)) {
  1145. int tlen;
  1146. hdr = (const struct pac_tlv_hdr *) buf;
  1147. tlen = be_to_host16(hdr->len);
  1148. if (be_to_host16(hdr->type) == PAC_TYPE_A_ID &&
  1149. sizeof(*hdr) + tlen <= len) {
  1150. wpa_printf(MSG_DEBUG, "EAP-FAST: A-ID was in TLV "
  1151. "(Start)");
  1152. a_id = (const u8 *) (hdr + 1);
  1153. *id_len = tlen;
  1154. }
  1155. }
  1156. wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: A-ID", a_id, *id_len);
  1157. return a_id;
  1158. }
  1159. static void eap_fast_select_pac(struct eap_fast_data *data,
  1160. const u8 *a_id, size_t a_id_len)
  1161. {
  1162. data->current_pac = eap_fast_get_pac(data->pac, a_id, a_id_len,
  1163. PAC_TYPE_TUNNEL_PAC);
  1164. if (data->current_pac == NULL) {
  1165. /*
  1166. * Tunnel PAC was not available for this A-ID. Try to use
  1167. * Machine Authentication PAC, if one is available.
  1168. */
  1169. data->current_pac = eap_fast_get_pac(
  1170. data->pac, a_id, a_id_len,
  1171. PAC_TYPE_MACHINE_AUTHENTICATION);
  1172. }
  1173. if (data->current_pac) {
  1174. wpa_printf(MSG_DEBUG, "EAP-FAST: PAC found for this A-ID "
  1175. "(PAC-Type %d)", data->current_pac->pac_type);
  1176. wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-FAST: A-ID-Info",
  1177. data->current_pac->a_id_info,
  1178. data->current_pac->a_id_info_len);
  1179. }
  1180. }
  1181. static int eap_fast_use_pac_opaque(struct eap_sm *sm,
  1182. struct eap_fast_data *data,
  1183. struct eap_fast_pac *pac)
  1184. {
  1185. u8 *tlv;
  1186. size_t tlv_len, olen;
  1187. struct eap_tlv_hdr *ehdr;
  1188. olen = pac->pac_opaque_len;
  1189. tlv_len = sizeof(*ehdr) + olen;
  1190. tlv = os_malloc(tlv_len);
  1191. if (tlv) {
  1192. ehdr = (struct eap_tlv_hdr *) tlv;
  1193. ehdr->tlv_type = host_to_be16(PAC_TYPE_PAC_OPAQUE);
  1194. ehdr->length = host_to_be16(olen);
  1195. os_memcpy(ehdr + 1, pac->pac_opaque, olen);
  1196. }
  1197. if (tlv == NULL ||
  1198. tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn,
  1199. TLS_EXT_PAC_OPAQUE,
  1200. tlv, tlv_len) < 0) {
  1201. wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to add PAC-Opaque TLS "
  1202. "extension");
  1203. os_free(tlv);
  1204. return -1;
  1205. }
  1206. os_free(tlv);
  1207. return 0;
  1208. }
  1209. static int eap_fast_clear_pac_opaque_ext(struct eap_sm *sm,
  1210. struct eap_fast_data *data)
  1211. {
  1212. if (tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn,
  1213. TLS_EXT_PAC_OPAQUE, NULL, 0) < 0) {
  1214. wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to remove PAC-Opaque "
  1215. "TLS extension");
  1216. return -1;
  1217. }
  1218. return 0;
  1219. }
  1220. static int eap_fast_set_provisioning_ciphers(struct eap_sm *sm,
  1221. struct eap_fast_data *data)
  1222. {
  1223. u8 ciphers[7];
  1224. int count = 0;
  1225. if (data->provisioning_allowed & EAP_FAST_PROV_UNAUTH) {
  1226. wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling unauthenticated "
  1227. "provisioning TLS cipher suites");
  1228. ciphers[count++] = TLS_CIPHER_ANON_DH_AES128_SHA;
  1229. }
  1230. if (data->provisioning_allowed & EAP_FAST_PROV_AUTH) {
  1231. wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling authenticated "
  1232. "provisioning TLS cipher suites");
  1233. ciphers[count++] = TLS_CIPHER_RSA_DHE_AES256_SHA;
  1234. ciphers[count++] = TLS_CIPHER_RSA_DHE_AES128_SHA;
  1235. ciphers[count++] = TLS_CIPHER_AES256_SHA;
  1236. ciphers[count++] = TLS_CIPHER_AES128_SHA;
  1237. ciphers[count++] = TLS_CIPHER_RC4_SHA;
  1238. }
  1239. ciphers[count++] = TLS_CIPHER_NONE;
  1240. if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,
  1241. ciphers)) {
  1242. wpa_printf(MSG_INFO, "EAP-FAST: Could not configure TLS "
  1243. "cipher suites for provisioning");
  1244. return -1;
  1245. }
  1246. return 0;
  1247. }
  1248. static int eap_fast_process_start(struct eap_sm *sm,
  1249. struct eap_fast_data *data, u8 flags,
  1250. const u8 *pos, size_t left)
  1251. {
  1252. const u8 *a_id;
  1253. size_t a_id_len;
  1254. /* EAP-FAST Version negotiation (section 3.1) */
  1255. wpa_printf(MSG_DEBUG, "EAP-FAST: Start (server ver=%d, own ver=%d)",
  1256. flags & EAP_TLS_VERSION_MASK, data->fast_version);
  1257. if ((flags & EAP_TLS_VERSION_MASK) < data->fast_version)
  1258. data->fast_version = flags & EAP_TLS_VERSION_MASK;
  1259. wpa_printf(MSG_DEBUG, "EAP-FAST: Using FAST version %d",
  1260. data->fast_version);
  1261. a_id = eap_fast_get_a_id(pos, left, &a_id_len);
  1262. eap_fast_select_pac(data, a_id, a_id_len);
  1263. if (data->resuming && data->current_pac) {
  1264. wpa_printf(MSG_DEBUG, "EAP-FAST: Trying to resume session - "
  1265. "do not add PAC-Opaque to TLS ClientHello");
  1266. if (eap_fast_clear_pac_opaque_ext(sm, data) < 0)
  1267. return -1;
  1268. } else if (data->current_pac) {
  1269. /*
  1270. * PAC found for the A-ID and we are not resuming an old
  1271. * session, so add PAC-Opaque extension to ClientHello.
  1272. */
  1273. if (eap_fast_use_pac_opaque(sm, data, data->current_pac) < 0)
  1274. return -1;
  1275. } else {
  1276. /* No PAC found, so we must provision one. */
  1277. if (!data->provisioning_allowed) {
  1278. wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found and "
  1279. "provisioning disabled");
  1280. return -1;
  1281. }
  1282. wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found - "
  1283. "starting provisioning");
  1284. if (eap_fast_set_provisioning_ciphers(sm, data) < 0 ||
  1285. eap_fast_clear_pac_opaque_ext(sm, data) < 0)
  1286. return -1;
  1287. data->provisioning = 1;
  1288. }
  1289. return 0;
  1290. }
  1291. static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
  1292. struct eap_method_ret *ret,
  1293. const struct wpabuf *reqData)
  1294. {
  1295. const struct eap_hdr *req;
  1296. size_t left;
  1297. int res;
  1298. u8 flags, id;
  1299. struct wpabuf *resp;
  1300. const u8 *pos;
  1301. struct eap_fast_data *data = priv;
  1302. struct wpabuf msg;
  1303. pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
  1304. reqData, &left, &flags);
  1305. if (pos == NULL)
  1306. return NULL;
  1307. req = wpabuf_head(reqData);
  1308. id = req->identifier;
  1309. if (flags & EAP_TLS_FLAGS_START) {
  1310. if (eap_fast_process_start(sm, data, flags, pos, left) < 0)
  1311. return NULL;
  1312. left = 0; /* A-ID is not used in further packet processing */
  1313. }
  1314. wpabuf_set(&msg, pos, left);
  1315. resp = NULL;
  1316. if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
  1317. !data->resuming) {
  1318. /* Process tunneled (encrypted) phase 2 data. */
  1319. res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
  1320. if (res < 0) {
  1321. ret->methodState = METHOD_DONE;
  1322. ret->decision = DECISION_FAIL;
  1323. /*
  1324. * Ack possible Alert that may have caused failure in
  1325. * decryption.
  1326. */
  1327. res = 1;
  1328. }
  1329. } else {
  1330. if (sm->waiting_ext_cert_check && data->pending_resp) {
  1331. struct eap_peer_config *config = eap_get_config(sm);
  1332. if (config->pending_ext_cert_check ==
  1333. EXT_CERT_CHECK_GOOD) {
  1334. wpa_printf(MSG_DEBUG,
  1335. "EAP-FAST: External certificate check succeeded - continue handshake");
  1336. resp = data->pending_resp;
  1337. data->pending_resp = NULL;
  1338. sm->waiting_ext_cert_check = 0;
  1339. return resp;
  1340. }
  1341. if (config->pending_ext_cert_check ==
  1342. EXT_CERT_CHECK_BAD) {
  1343. wpa_printf(MSG_DEBUG,
  1344. "EAP-FAST: External certificate check failed - force authentication failure");
  1345. ret->methodState = METHOD_DONE;
  1346. ret->decision = DECISION_FAIL;
  1347. sm->waiting_ext_cert_check = 0;
  1348. return NULL;
  1349. }
  1350. wpa_printf(MSG_DEBUG,
  1351. "EAP-FAST: Continuing to wait external server certificate validation");
  1352. return NULL;
  1353. }
  1354. /* Continue processing TLS handshake (phase 1). */
  1355. res = eap_peer_tls_process_helper(sm, &data->ssl,
  1356. EAP_TYPE_FAST,
  1357. data->fast_version, id, &msg,
  1358. &resp);
  1359. if (res < 0) {
  1360. wpa_printf(MSG_DEBUG,
  1361. "EAP-FAST: TLS processing failed");
  1362. ret->methodState = METHOD_DONE;
  1363. ret->decision = DECISION_FAIL;
  1364. return resp;
  1365. }
  1366. if (sm->waiting_ext_cert_check) {
  1367. wpa_printf(MSG_DEBUG,
  1368. "EAP-FAST: Waiting external server certificate validation");
  1369. wpabuf_free(data->pending_resp);
  1370. data->pending_resp = resp;
  1371. return NULL;
  1372. }
  1373. if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
  1374. char cipher[80];
  1375. wpa_printf(MSG_DEBUG,
  1376. "EAP-FAST: TLS done, proceed to Phase 2");
  1377. if (data->provisioning &&
  1378. (!(data->provisioning_allowed &
  1379. EAP_FAST_PROV_AUTH) ||
  1380. tls_get_cipher(sm->ssl_ctx, data->ssl.conn,
  1381. cipher, sizeof(cipher)) < 0 ||
  1382. os_strstr(cipher, "ADH-") ||
  1383. os_strstr(cipher, "anon"))) {
  1384. wpa_printf(MSG_DEBUG, "EAP-FAST: Using "
  1385. "anonymous (unauthenticated) "
  1386. "provisioning");
  1387. data->anon_provisioning = 1;
  1388. } else
  1389. data->anon_provisioning = 0;
  1390. data->resuming = 0;
  1391. if (eap_fast_derive_keys(sm, data) < 0) {
  1392. wpa_printf(MSG_DEBUG,
  1393. "EAP-FAST: Could not derive keys");
  1394. ret->methodState = METHOD_DONE;
  1395. ret->decision = DECISION_FAIL;
  1396. wpabuf_free(resp);
  1397. return NULL;
  1398. }
  1399. }
  1400. if (res == 2) {
  1401. /*
  1402. * Application data included in the handshake message.
  1403. */
  1404. wpabuf_free(data->pending_phase2_req);
  1405. data->pending_phase2_req = resp;
  1406. resp = NULL;
  1407. res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
  1408. }
  1409. }
  1410. if (res == 1) {
  1411. wpabuf_free(resp);
  1412. return eap_peer_tls_build_ack(id, EAP_TYPE_FAST,
  1413. data->fast_version);
  1414. }
  1415. return resp;
  1416. }
  1417. #if 0 /* FIX */
  1418. static Boolean eap_fast_has_reauth_data(struct eap_sm *sm, void *priv)
  1419. {
  1420. struct eap_fast_data *data = priv;
  1421. return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
  1422. }
  1423. static void eap_fast_deinit_for_reauth(struct eap_sm *sm, void *priv)
  1424. {
  1425. struct eap_fast_data *data = priv;
  1426. os_free(data->key_block_p);
  1427. data->key_block_p = NULL;
  1428. wpabuf_free(data->pending_phase2_req);
  1429. data->pending_phase2_req = NULL;
  1430. wpabuf_free(data->pending_resp);
  1431. data->pending_resp = NULL;
  1432. }
  1433. static void * eap_fast_init_for_reauth(struct eap_sm *sm, void *priv)
  1434. {
  1435. struct eap_fast_data *data = priv;
  1436. if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
  1437. os_free(data);
  1438. return NULL;
  1439. }
  1440. os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
  1441. os_memset(data->emsk, 0, EAP_EMSK_LEN);
  1442. os_free(data->session_id);
  1443. data->session_id = NULL;
  1444. if (data->phase2_priv && data->phase2_method &&
  1445. data->phase2_method->init_for_reauth)
  1446. data->phase2_method->init_for_reauth(sm, data->phase2_priv);
  1447. data->phase2_success = 0;
  1448. data->resuming = 1;
  1449. data->provisioning = 0;
  1450. data->anon_provisioning = 0;
  1451. data->simck_idx = 0;
  1452. return priv;
  1453. }
  1454. #endif
  1455. static int eap_fast_get_status(struct eap_sm *sm, void *priv, char *buf,
  1456. size_t buflen, int verbose)
  1457. {
  1458. struct eap_fast_data *data = priv;
  1459. int len, ret;
  1460. len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
  1461. if (data->phase2_method) {
  1462. ret = os_snprintf(buf + len, buflen - len,
  1463. "EAP-FAST Phase2 method=%s\n",
  1464. data->phase2_method->name);
  1465. if (os_snprintf_error(buflen - len, ret))
  1466. return len;
  1467. len += ret;
  1468. }
  1469. return len;
  1470. }
  1471. static Boolean eap_fast_isKeyAvailable(struct eap_sm *sm, void *priv)
  1472. {
  1473. struct eap_fast_data *data = priv;
  1474. return data->success;
  1475. }
  1476. static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
  1477. {
  1478. struct eap_fast_data *data = priv;
  1479. u8 *key;
  1480. if (!data->success)
  1481. return NULL;
  1482. key = os_malloc(EAP_FAST_KEY_LEN);
  1483. if (key == NULL)
  1484. return NULL;
  1485. *len = EAP_FAST_KEY_LEN;
  1486. os_memcpy(key, data->key_data, EAP_FAST_KEY_LEN);
  1487. return key;
  1488. }
  1489. static u8 * eap_fast_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
  1490. {
  1491. struct eap_fast_data *data = priv;
  1492. u8 *id;
  1493. if (!data->success || !data->session_id)
  1494. return NULL;
  1495. id = os_malloc(data->id_len);
  1496. if (id == NULL)
  1497. return NULL;
  1498. *len = data->id_len;
  1499. os_memcpy(id, data->session_id, data->id_len);
  1500. return id;
  1501. }
  1502. static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
  1503. {
  1504. struct eap_fast_data *data = priv;
  1505. u8 *key;
  1506. if (!data->success)
  1507. return NULL;
  1508. key = os_malloc(EAP_EMSK_LEN);
  1509. if (key == NULL)
  1510. return NULL;
  1511. *len = EAP_EMSK_LEN;
  1512. os_memcpy(key, data->emsk, EAP_EMSK_LEN);
  1513. return key;
  1514. }
  1515. int eap_peer_fast_register(void)
  1516. {
  1517. struct eap_method *eap;
  1518. eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
  1519. EAP_VENDOR_IETF, EAP_TYPE_FAST, "FAST");
  1520. if (eap == NULL)
  1521. return -1;
  1522. eap->init = eap_fast_init;
  1523. eap->deinit = eap_fast_deinit;
  1524. eap->process = eap_fast_process;
  1525. eap->isKeyAvailable = eap_fast_isKeyAvailable;
  1526. eap->getKey = eap_fast_getKey;
  1527. eap->getSessionId = eap_fast_get_session_id;
  1528. eap->get_status = eap_fast_get_status;
  1529. #if 0
  1530. eap->has_reauth_data = eap_fast_has_reauth_data;
  1531. eap->deinit_for_reauth = eap_fast_deinit_for_reauth;
  1532. eap->init_for_reauth = eap_fast_init_for_reauth;
  1533. #endif
  1534. eap->get_emsk = eap_fast_get_emsk;
  1535. return eap_peer_method_register(eap);
  1536. }