2 * EAP-IKEv2 peer (RFC 5106)
3 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
13 #include "eap_common/eap_ikev2_common.h"
17 struct eap_ikev2_data {
18 struct ikev2_responder_data ikev2;
19 enum { WAIT_START, PROC_MSG, WAIT_FRAG_ACK, DONE, FAIL } state;
20 struct wpabuf *in_buf;
21 struct wpabuf *out_buf;
25 u8 keymat[EAP_MSK_LEN + EAP_EMSK_LEN];
30 static const char * eap_ikev2_state_txt(int state)
38 return "WAIT_FRAG_ACK";
49 static void eap_ikev2_state(struct eap_ikev2_data *data, int state)
51 wpa_printf(MSG_DEBUG, "EAP-IKEV2: %s -> %s",
52 eap_ikev2_state_txt(data->state),
53 eap_ikev2_state_txt(state));
58 static void * eap_ikev2_init(struct eap_sm *sm)
60 struct eap_ikev2_data *data;
61 const u8 *identity, *password;
62 size_t identity_len, password_len;
64 identity = eap_get_config_identity(sm, &identity_len);
65 if (identity == NULL) {
66 wpa_printf(MSG_INFO, "EAP-IKEV2: No identity available");
70 data = os_zalloc(sizeof(*data));
73 data->state = WAIT_START;
74 data->fragment_size = IKEV2_FRAGMENT_SIZE;
75 data->ikev2.state = SA_INIT;
76 data->ikev2.peer_auth = PEER_AUTH_SECRET;
77 data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
78 if (data->ikev2.key_pad == NULL)
80 data->ikev2.key_pad_len = 21;
81 data->ikev2.IDr = os_malloc(identity_len);
82 if (data->ikev2.IDr == NULL)
84 os_memcpy(data->ikev2.IDr, identity, identity_len);
85 data->ikev2.IDr_len = identity_len;
87 password = eap_get_config_password(sm, &password_len);
89 data->ikev2.shared_secret = os_malloc(password_len);
90 if (data->ikev2.shared_secret == NULL)
92 os_memcpy(data->ikev2.shared_secret, password, password_len);
93 data->ikev2.shared_secret_len = password_len;
99 ikev2_responder_deinit(&data->ikev2);
105 static void eap_ikev2_deinit(struct eap_sm *sm, void *priv)
107 struct eap_ikev2_data *data = priv;
108 wpabuf_free(data->in_buf);
109 wpabuf_free(data->out_buf);
110 ikev2_responder_deinit(&data->ikev2);
115 static int eap_ikev2_peer_keymat(struct eap_ikev2_data *data)
117 if (eap_ikev2_derive_keymat(
118 data->ikev2.proposal.prf, &data->ikev2.keys,
119 data->ikev2.i_nonce, data->ikev2.i_nonce_len,
120 data->ikev2.r_nonce, data->ikev2.r_nonce_len,
122 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Failed to "
123 "derive key material");
131 static struct wpabuf * eap_ikev2_build_msg(struct eap_ikev2_data *data,
132 struct eap_method_ret *ret, u8 id)
136 size_t send_len, plen, icv_len = 0;
139 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Generating Response");
140 ret->allowNotifications = TRUE;
143 send_len = wpabuf_len(data->out_buf) - data->out_used;
144 if (1 + send_len > data->fragment_size) {
145 send_len = data->fragment_size - 1;
146 flags |= IKEV2_FLAGS_MORE_FRAGMENTS;
147 if (data->out_used == 0) {
148 flags |= IKEV2_FLAGS_LENGTH_INCLUDED;
153 /* Some issues figuring out the length of the message if Message Length
154 * field not included?! */
155 if (!(flags & IKEV2_FLAGS_LENGTH_INCLUDED))
156 flags |= IKEV2_FLAGS_LENGTH_INCLUDED;
160 if (flags & IKEV2_FLAGS_LENGTH_INCLUDED)
162 if (data->keys_ready) {
163 const struct ikev2_integ_alg *integ;
164 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Add Integrity Checksum "
166 flags |= IKEV2_FLAGS_ICV_INCLUDED;
167 integ = ikev2_get_integ(data->ikev2.proposal.integ);
169 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Unknown INTEG "
170 "transform / cannot generate ICV");
173 icv_len = integ->hash_len;
177 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IKEV2, plen,
178 EAP_CODE_RESPONSE, id);
182 wpabuf_put_u8(resp, flags); /* Flags */
183 if (flags & IKEV2_FLAGS_LENGTH_INCLUDED)
184 wpabuf_put_be32(resp, wpabuf_len(data->out_buf));
186 wpabuf_put_data(resp, wpabuf_head_u8(data->out_buf) + data->out_used,
188 data->out_used += send_len;
190 if (flags & IKEV2_FLAGS_ICV_INCLUDED) {
191 const u8 *msg = wpabuf_head(resp);
192 size_t len = wpabuf_len(resp);
193 ikev2_integ_hash(data->ikev2.proposal.integ,
194 data->ikev2.keys.SK_ar,
195 data->ikev2.keys.SK_integ_len,
196 msg, len, wpabuf_put(resp, icv_len));
199 ret->methodState = METHOD_MAY_CONT;
200 ret->decision = DECISION_FAIL;
202 if (data->out_used == wpabuf_len(data->out_buf)) {
203 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Sending out %lu bytes "
204 "(message sent completely)",
205 (unsigned long) send_len);
206 wpabuf_free(data->out_buf);
207 data->out_buf = NULL;
209 switch (data->ikev2.state) {
211 /* SA_INIT was sent out, so message have to be
212 * integrity protected from now on. */
213 data->keys_ready = 1;
216 ret->methodState = METHOD_DONE;
217 if (data->state == FAIL)
219 ret->decision = DECISION_COND_SUCC;
220 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Authentication "
221 "completed successfully");
222 if (eap_ikev2_peer_keymat(data))
224 eap_ikev2_state(data, DONE);
227 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Authentication "
229 ret->methodState = METHOD_DONE;
230 ret->decision = DECISION_FAIL;
236 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Sending out %lu bytes "
237 "(%lu more to send)", (unsigned long) send_len,
238 (unsigned long) wpabuf_len(data->out_buf) -
240 eap_ikev2_state(data, WAIT_FRAG_ACK);
247 static int eap_ikev2_process_icv(struct eap_ikev2_data *data,
248 const struct wpabuf *reqData,
249 u8 flags, const u8 *pos, const u8 **end)
251 if (flags & IKEV2_FLAGS_ICV_INCLUDED) {
252 int icv_len = eap_ikev2_validate_icv(
253 data->ikev2.proposal.integ, &data->ikev2.keys, 1,
257 /* Hide Integrity Checksum Data from further processing */
259 } else if (data->keys_ready) {
260 wpa_printf(MSG_INFO, "EAP-IKEV2: The message should have "
261 "included integrity checksum");
269 static int eap_ikev2_process_cont(struct eap_ikev2_data *data,
270 const u8 *buf, size_t len)
272 /* Process continuation of a pending message */
273 if (len > wpabuf_tailroom(data->in_buf)) {
274 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Fragment overflow");
275 eap_ikev2_state(data, FAIL);
279 wpabuf_put_data(data->in_buf, buf, len);
280 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Received %lu bytes, waiting "
281 "for %lu bytes more", (unsigned long) len,
282 (unsigned long) wpabuf_tailroom(data->in_buf));
288 static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,
289 struct eap_method_ret *ret,
292 const u8 *buf, size_t len)
294 /* Process a fragment that is not the last one of the message */
295 if (data->in_buf == NULL && !(flags & IKEV2_FLAGS_LENGTH_INCLUDED)) {
296 wpa_printf(MSG_DEBUG, "EAP-IKEV2: No Message Length field in "
297 "a fragmented packet");
302 if (data->in_buf == NULL) {
303 /* First fragment of the message */
304 data->in_buf = wpabuf_alloc(message_length);
305 if (data->in_buf == NULL) {
306 wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "
311 wpabuf_put_data(data->in_buf, buf, len);
312 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Received %lu bytes in first "
313 "fragment, waiting for %lu bytes more",
315 (unsigned long) wpabuf_tailroom(data->in_buf));
318 return eap_ikev2_build_frag_ack(id, EAP_CODE_RESPONSE);
322 static struct wpabuf * eap_ikev2_process(struct eap_sm *sm, void *priv,
323 struct eap_method_ret *ret,
324 const struct wpabuf *reqData)
326 struct eap_ikev2_data *data = priv;
327 const u8 *start, *pos, *end;
330 u32 message_length = 0;
331 struct wpabuf tmpbuf;
333 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IKEV2, reqData, &len);
339 id = eap_get_id(reqData);
345 flags = 0; /* fragment ack */
349 if (eap_ikev2_process_icv(data, reqData, flags, pos, &end) < 0) {
354 if (flags & IKEV2_FLAGS_LENGTH_INCLUDED) {
356 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Message underflow");
360 message_length = WPA_GET_BE32(pos);
363 if (message_length < (u32) (end - pos)) {
364 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Invalid Message "
365 "Length (%d; %ld remaining in this msg)",
366 message_length, (long) (end - pos));
372 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Received packet: Flags 0x%x "
373 "Message Length %u", flags, message_length);
375 if (data->state == WAIT_FRAG_ACK) {
377 if (len > 1) /* Empty Flags field included in ACK */
382 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Unexpected payload "
383 "in WAIT_FRAG_ACK state");
387 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Fragment acknowledged");
388 eap_ikev2_state(data, PROC_MSG);
389 return eap_ikev2_build_msg(data, ret, id);
392 if (data->in_buf && eap_ikev2_process_cont(data, pos, end - pos) < 0) {
397 if (flags & IKEV2_FLAGS_MORE_FRAGMENTS) {
398 return eap_ikev2_process_fragment(data, ret, id, flags,
403 if (data->in_buf == NULL) {
404 /* Wrap unfragmented messages as wpabuf without extra copy */
405 wpabuf_set(&tmpbuf, pos, end - pos);
406 data->in_buf = &tmpbuf;
409 if (ikev2_responder_process(&data->ikev2, data->in_buf) < 0) {
410 if (data->in_buf == &tmpbuf)
412 eap_ikev2_state(data, FAIL);
416 if (data->in_buf != &tmpbuf)
417 wpabuf_free(data->in_buf);
420 if (data->out_buf == NULL) {
421 data->out_buf = ikev2_responder_build(&data->ikev2);
422 if (data->out_buf == NULL) {
423 wpa_printf(MSG_DEBUG, "EAP-IKEV2: Failed to generate "
430 eap_ikev2_state(data, PROC_MSG);
431 return eap_ikev2_build_msg(data, ret, id);
435 static Boolean eap_ikev2_isKeyAvailable(struct eap_sm *sm, void *priv)
437 struct eap_ikev2_data *data = priv;
438 return data->state == DONE && data->keymat_ok;
442 static u8 * eap_ikev2_getKey(struct eap_sm *sm, void *priv, size_t *len)
444 struct eap_ikev2_data *data = priv;
447 if (data->state != DONE || !data->keymat_ok)
450 key = os_malloc(EAP_MSK_LEN);
452 os_memcpy(key, data->keymat, EAP_MSK_LEN);
460 static u8 * eap_ikev2_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
462 struct eap_ikev2_data *data = priv;
465 if (data->state != DONE || !data->keymat_ok)
468 key = os_malloc(EAP_EMSK_LEN);
470 os_memcpy(key, data->keymat + EAP_MSK_LEN, EAP_EMSK_LEN);
478 int eap_peer_ikev2_register(void)
480 struct eap_method *eap;
483 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
484 EAP_VENDOR_IETF, EAP_TYPE_IKEV2,
489 eap->init = eap_ikev2_init;
490 eap->deinit = eap_ikev2_deinit;
491 eap->process = eap_ikev2_process;
492 eap->isKeyAvailable = eap_ikev2_isKeyAvailable;
493 eap->getKey = eap_ikev2_getKey;
494 eap->get_emsk = eap_ikev2_get_emsk;
496 ret = eap_peer_method_register(eap);
498 eap_peer_method_free(eap);