2 * hostapd / EAP-TTLS (RFC 5281)
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/ms_funcs.h"
13 #include "crypto/sha1.h"
14 #include "crypto/tls.h"
15 #include "eap_server/eap_i.h"
16 #include "eap_server/eap_tls_common.h"
17 #include "eap_common/chap.h"
18 #include "eap_common/eap_ttls.h"
21 #define EAP_TTLS_VERSION 0
24 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
27 struct eap_ttls_data {
28 struct eap_ssl_data ssl;
30 START, PHASE1, PHASE2_START, PHASE2_METHOD,
31 PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
35 const struct eap_method *phase2_method;
38 u8 mschapv2_auth_response[20];
40 struct wpabuf *pending_phase2_eap_resp;
45 static const char * eap_ttls_state_txt(int state)
53 return "PHASE2_START";
55 return "PHASE2_METHOD";
56 case PHASE2_MSCHAPV2_RESP:
57 return "PHASE2_MSCHAPV2_RESP";
68 static void eap_ttls_state(struct eap_ttls_data *data, int state)
70 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s",
71 eap_ttls_state_txt(data->state),
72 eap_ttls_state_txt(state));
77 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
78 int mandatory, size_t len)
80 struct ttls_avp_vendor *avp;
84 avp = (struct ttls_avp_vendor *) avphdr;
85 flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
87 flags |= AVP_FLAGS_VENDOR;
88 hdrlen = sizeof(*avp);
89 avp->vendor_id = host_to_be32(vendor_id);
91 hdrlen = sizeof(struct ttls_avp);
94 avp->avp_code = host_to_be32(avp_code);
95 avp->avp_length = host_to_be32(((u32) flags << 24) |
96 ((u32) (hdrlen + len)));
98 return avphdr + hdrlen;
102 static struct wpabuf * eap_ttls_avp_encapsulate(struct wpabuf *resp,
103 u32 avp_code, int mandatory)
108 avp = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(resp) + 4);
114 pos = eap_ttls_avp_hdr(wpabuf_mhead(avp), avp_code, 0, mandatory,
116 os_memcpy(pos, wpabuf_head(resp), wpabuf_len(resp));
117 pos += wpabuf_len(resp);
118 AVP_PAD((const u8 *) wpabuf_head(avp), pos);
120 wpabuf_put(avp, pos - (u8 *) wpabuf_head(avp));
125 struct eap_ttls_avp {
126 /* Note: eap is allocated memory; caller is responsible for freeing
127 * it. All the other pointers are pointing to the packet data, i.e.,
128 * they must not be freed separately. */
132 size_t user_name_len;
134 size_t user_password_len;
136 size_t chap_challenge_len;
138 size_t chap_password_len;
139 u8 *mschap_challenge;
140 size_t mschap_challenge_len;
142 size_t mschap_response_len;
143 u8 *mschap2_response;
144 size_t mschap2_response_len;
148 static int eap_ttls_avp_parse(struct wpabuf *buf, struct eap_ttls_avp *parse)
150 struct ttls_avp *avp;
154 pos = wpabuf_mhead(buf);
155 left = wpabuf_len(buf);
156 os_memset(parse, 0, sizeof(*parse));
159 u32 avp_code, avp_length, vendor_id = 0;
162 avp = (struct ttls_avp *) pos;
163 avp_code = be_to_host32(avp->avp_code);
164 avp_length = be_to_host32(avp->avp_length);
165 avp_flags = (avp_length >> 24) & 0xff;
166 avp_length &= 0xffffff;
167 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
168 "length=%d", (int) avp_code, avp_flags,
170 if ((int) avp_length > left) {
171 wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow "
172 "(len=%d, left=%d) - dropped",
173 (int) avp_length, left);
176 if (avp_length < sizeof(*avp)) {
177 wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length "
181 dpos = (u8 *) (avp + 1);
182 dlen = avp_length - sizeof(*avp);
183 if (avp_flags & AVP_FLAGS_VENDOR) {
185 wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP "
189 vendor_id = be_to_host32(* (be32 *) dpos);
190 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
196 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
198 if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) {
199 wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
200 if (parse->eap == NULL) {
201 parse->eap = os_malloc(dlen);
202 if (parse->eap == NULL) {
203 wpa_printf(MSG_WARNING, "EAP-TTLS: "
204 "failed to allocate memory "
205 "for Phase 2 EAP data");
208 os_memcpy(parse->eap, dpos, dlen);
209 parse->eap_len = dlen;
211 u8 *neweap = os_realloc(parse->eap,
212 parse->eap_len + dlen);
213 if (neweap == NULL) {
214 wpa_printf(MSG_WARNING, "EAP-TTLS: "
215 "failed to allocate memory "
216 "for Phase 2 EAP data");
219 os_memcpy(neweap + parse->eap_len, dpos, dlen);
221 parse->eap_len += dlen;
223 } else if (vendor_id == 0 &&
224 avp_code == RADIUS_ATTR_USER_NAME) {
225 wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name",
227 parse->user_name = dpos;
228 parse->user_name_len = dlen;
229 } else if (vendor_id == 0 &&
230 avp_code == RADIUS_ATTR_USER_PASSWORD) {
232 size_t password_len = dlen;
233 while (password_len > 0 &&
234 password[password_len - 1] == '\0') {
237 wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: "
238 "User-Password (PAP)",
239 password, password_len);
240 parse->user_password = password;
241 parse->user_password_len = password_len;
242 } else if (vendor_id == 0 &&
243 avp_code == RADIUS_ATTR_CHAP_CHALLENGE) {
244 wpa_hexdump(MSG_DEBUG,
245 "EAP-TTLS: CHAP-Challenge (CHAP)",
247 parse->chap_challenge = dpos;
248 parse->chap_challenge_len = dlen;
249 } else if (vendor_id == 0 &&
250 avp_code == RADIUS_ATTR_CHAP_PASSWORD) {
251 wpa_hexdump(MSG_DEBUG,
252 "EAP-TTLS: CHAP-Password (CHAP)",
254 parse->chap_password = dpos;
255 parse->chap_password_len = dlen;
256 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
257 avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) {
258 wpa_hexdump(MSG_DEBUG,
259 "EAP-TTLS: MS-CHAP-Challenge",
261 parse->mschap_challenge = dpos;
262 parse->mschap_challenge_len = dlen;
263 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
264 avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) {
265 wpa_hexdump(MSG_DEBUG,
266 "EAP-TTLS: MS-CHAP-Response (MSCHAP)",
268 parse->mschap_response = dpos;
269 parse->mschap_response_len = dlen;
270 } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT &&
271 avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) {
272 wpa_hexdump(MSG_DEBUG,
273 "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)",
275 parse->mschap2_response = dpos;
276 parse->mschap2_response_len = dlen;
277 } else if (avp_flags & AVP_FLAGS_MANDATORY) {
278 wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported "
279 "mandatory AVP code %d vendor_id %d - "
280 "dropped", (int) avp_code, (int) vendor_id);
283 wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported "
284 "AVP code %d vendor_id %d",
285 (int) avp_code, (int) vendor_id);
288 pad = (4 - (avp_length & 3)) & 3;
289 pos += avp_length + pad;
290 left -= avp_length + pad;
302 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
303 struct eap_ttls_data *data, size_t len)
305 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
310 static void * eap_ttls_init(struct eap_sm *sm)
312 struct eap_ttls_data *data;
314 data = os_zalloc(sizeof(*data));
317 data->ttls_version = EAP_TTLS_VERSION;
320 if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
321 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
322 eap_ttls_reset(sm, data);
330 static void eap_ttls_reset(struct eap_sm *sm, void *priv)
332 struct eap_ttls_data *data = priv;
335 if (data->phase2_priv && data->phase2_method)
336 data->phase2_method->reset(sm, data->phase2_priv);
337 eap_server_tls_ssl_deinit(sm, &data->ssl);
338 wpabuf_free(data->pending_phase2_eap_resp);
343 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm,
344 struct eap_ttls_data *data, u8 id)
348 req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1,
349 EAP_CODE_REQUEST, id);
351 wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for"
353 eap_ttls_state(data, FAILURE);
357 wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->ttls_version);
359 eap_ttls_state(data, PHASE1);
365 static struct wpabuf * eap_ttls_build_phase2_eap_req(
366 struct eap_sm *sm, struct eap_ttls_data *data, u8 id)
368 struct wpabuf *buf, *encr_req;
371 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
375 wpa_hexdump_buf_key(MSG_DEBUG,
376 "EAP-TTLS/EAP: Encapsulate Phase 2 data", buf);
378 buf = eap_ttls_avp_encapsulate(buf, RADIUS_ATTR_EAP_MESSAGE, 1);
380 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate "
385 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated "
386 "Phase 2 data", buf);
388 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf);
395 static struct wpabuf * eap_ttls_build_phase2_mschapv2(
396 struct eap_sm *sm, struct eap_ttls_data *data)
398 struct wpabuf *encr_req, msgbuf;
402 pos = req = os_malloc(100);
407 if (data->mschapv2_resp_ok) {
408 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS,
409 RADIUS_VENDOR_ID_MICROSOFT, 1, 43);
410 *pos++ = data->mschapv2_ident;
411 ret = os_snprintf((char *) pos, end - pos, "S=");
412 if (ret >= 0 && ret < end - pos)
414 pos += wpa_snprintf_hex_uppercase(
415 (char *) pos, end - pos, data->mschapv2_auth_response,
416 sizeof(data->mschapv2_auth_response));
418 pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
419 RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
420 os_memcpy(pos, "Failed", 6);
425 wpabuf_set(&msgbuf, req, pos - req);
426 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 "
429 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
436 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
438 struct eap_ttls_data *data = priv;
440 if (data->ssl.state == FRAG_ACK) {
441 return eap_server_tls_build_ack(id, EAP_TYPE_TTLS,
445 if (data->ssl.state == WAIT_FRAG_ACK) {
446 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
447 data->ttls_version, id);
450 switch (data->state) {
452 return eap_ttls_build_start(sm, data, id);
454 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
455 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
457 eap_ttls_state(data, PHASE2_START);
461 wpabuf_free(data->ssl.tls_out);
462 data->ssl.tls_out_pos = 0;
463 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
466 case PHASE2_MSCHAPV2_RESP:
467 wpabuf_free(data->ssl.tls_out);
468 data->ssl.tls_out_pos = 0;
469 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
472 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
473 __func__, data->state);
477 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TTLS,
478 data->ttls_version, id);
482 static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
483 struct wpabuf *respData)
488 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
489 if (pos == NULL || len < 1) {
490 wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
498 static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
499 struct eap_ttls_data *data,
500 const u8 *user_password,
501 size_t user_password_len)
503 if (!sm->user || !sm->user->password || sm->user->password_hash ||
504 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
505 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
506 "password configured");
507 eap_ttls_state(data, FAILURE);
511 if (sm->user->password_len != user_password_len ||
512 os_memcmp(sm->user->password, user_password, user_password_len) !=
514 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
515 eap_ttls_state(data, FAILURE);
519 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
520 eap_ttls_state(data, SUCCESS);
524 static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
525 struct eap_ttls_data *data,
527 size_t challenge_len,
531 u8 *chal, hash[CHAP_MD5_LEN];
533 if (challenge == NULL || password == NULL ||
534 challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN ||
535 password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) {
536 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes "
537 "(challenge len %lu password len %lu)",
538 (unsigned long) challenge_len,
539 (unsigned long) password_len);
540 eap_ttls_state(data, FAILURE);
544 if (!sm->user || !sm->user->password || sm->user->password_hash ||
545 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) {
546 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user "
547 "password configured");
548 eap_ttls_state(data, FAILURE);
552 chal = eap_ttls_implicit_challenge(sm, data,
553 EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
555 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate "
556 "challenge from TLS data");
557 eap_ttls_state(data, FAILURE);
561 if (os_memcmp(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) != 0 ||
562 password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) {
563 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch");
565 eap_ttls_state(data, FAILURE);
570 /* MD5(Ident + Password + Challenge) */
571 chap_md5(password[0], sm->user->password, sm->user->password_len,
572 challenge, challenge_len, hash);
574 if (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) {
575 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
576 eap_ttls_state(data, SUCCESS);
578 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
579 eap_ttls_state(data, FAILURE);
584 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
585 struct eap_ttls_data *data,
586 u8 *challenge, size_t challenge_len,
587 u8 *response, size_t response_len)
589 u8 *chal, nt_response[24];
591 if (challenge == NULL || response == NULL ||
592 challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN ||
593 response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) {
594 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP "
595 "attributes (challenge len %lu response len %lu)",
596 (unsigned long) challenge_len,
597 (unsigned long) response_len);
598 eap_ttls_state(data, FAILURE);
602 if (!sm->user || !sm->user->password ||
603 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) {
604 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password "
606 eap_ttls_state(data, FAILURE);
610 chal = eap_ttls_implicit_challenge(sm, data,
611 EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
613 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate "
614 "challenge from TLS data");
615 eap_ttls_state(data, FAILURE);
619 if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) != 0 ||
620 response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
621 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch");
623 eap_ttls_state(data, FAILURE);
628 if (sm->user->password_hash)
629 challenge_response(challenge, sm->user->password, nt_response);
631 nt_challenge_response(challenge, sm->user->password,
632 sm->user->password_len, nt_response);
634 if (os_memcmp(nt_response, response + 2 + 24, 24) == 0) {
635 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
636 eap_ttls_state(data, SUCCESS);
638 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
639 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
640 response + 2 + 24, 24);
641 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected",
643 eap_ttls_state(data, FAILURE);
648 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
649 struct eap_ttls_data *data,
651 size_t challenge_len,
652 u8 *response, size_t response_len)
654 u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
656 size_t username_len, i;
658 if (challenge == NULL || response == NULL ||
659 challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN ||
660 response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) {
661 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 "
662 "attributes (challenge len %lu response len %lu)",
663 (unsigned long) challenge_len,
664 (unsigned long) response_len);
665 eap_ttls_state(data, FAILURE);
669 if (!sm->user || !sm->user->password ||
670 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) {
671 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password "
673 eap_ttls_state(data, FAILURE);
677 if (sm->identity == NULL) {
678 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user identity "
680 eap_ttls_state(data, FAILURE);
684 /* MSCHAPv2 does not include optional domain name in the
685 * challenge-response calculation, so remove domain prefix
687 username = sm->identity;
688 username_len = sm->identity_len;
689 for (i = 0; i < username_len; i++) {
690 if (username[i] == '\\') {
691 username_len -= i + 1;
697 chal = eap_ttls_implicit_challenge(
698 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
700 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate "
701 "challenge from TLS data");
702 eap_ttls_state(data, FAILURE);
706 if (os_memcmp(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) != 0 ||
707 response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) {
708 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch");
710 eap_ttls_state(data, FAILURE);
715 auth_challenge = challenge;
716 peer_challenge = response + 2;
718 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User",
719 username, username_len);
720 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge",
721 auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
722 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge",
723 peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN);
725 if (sm->user->password_hash) {
726 generate_nt_response_pwhash(auth_challenge, peer_challenge,
727 username, username_len,
731 generate_nt_response(auth_challenge, peer_challenge,
732 username, username_len,
734 sm->user->password_len,
738 rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
739 if (os_memcmp(nt_response, rx_resp, 24) == 0) {
740 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
742 data->mschapv2_resp_ok = 1;
744 if (sm->user->password_hash) {
745 generate_authenticator_response_pwhash(
747 peer_challenge, auth_challenge,
748 username, username_len, nt_response,
749 data->mschapv2_auth_response);
751 generate_authenticator_response(
752 sm->user->password, sm->user->password_len,
753 peer_challenge, auth_challenge,
754 username, username_len, nt_response,
755 data->mschapv2_auth_response);
758 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid "
760 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received",
762 wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected",
764 data->mschapv2_resp_ok = 0;
766 eap_ttls_state(data, PHASE2_MSCHAPV2_RESP);
767 data->mschapv2_ident = response[0];
771 static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
772 struct eap_ttls_data *data,
775 if (data->phase2_priv && data->phase2_method) {
776 data->phase2_method->reset(sm, data->phase2_priv);
777 data->phase2_method = NULL;
778 data->phase2_priv = NULL;
780 data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
782 if (!data->phase2_method)
786 data->phase2_priv = data->phase2_method->init(sm);
788 return data->phase2_priv == NULL ? -1 : 0;
792 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
793 struct eap_ttls_data *data,
794 u8 *in_data, size_t in_len)
796 u8 next_type = EAP_TYPE_NONE;
801 const struct eap_method *m = data->phase2_method;
802 void *priv = data->phase2_priv;
805 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not "
806 "initialized?!", __func__);
810 hdr = (struct eap_hdr *) in_data;
811 pos = (u8 *) (hdr + 1);
813 if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
814 left = in_len - sizeof(*hdr);
815 wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; "
816 "allowed types", pos + 1, left - 1);
817 eap_sm_process_nak(sm, pos + 1, left - 1);
818 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
819 sm->user->methods[sm->user_eap_method_index].method !=
821 next_type = sm->user->methods[
822 sm->user_eap_method_index++].method;
823 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d",
825 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
826 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to "
827 "initialize EAP type %d",
829 eap_ttls_state(data, FAILURE);
833 eap_ttls_state(data, FAILURE);
838 wpabuf_set(&buf, in_data, in_len);
840 if (m->check(sm, priv, &buf)) {
841 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to "
842 "ignore the packet");
846 m->process(sm, priv, &buf);
848 if (sm->method_pending == METHOD_PENDING_WAIT) {
849 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method is in "
850 "pending wait state - save decrypted response");
851 wpabuf_free(data->pending_phase2_eap_resp);
852 data->pending_phase2_eap_resp = wpabuf_dup(&buf);
855 if (!m->isDone(sm, priv))
858 if (!m->isSuccess(sm, priv)) {
859 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed");
860 eap_ttls_state(data, FAILURE);
864 switch (data->state) {
866 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
867 wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 "
868 "Identity not found in the user "
870 sm->identity, sm->identity_len);
871 eap_ttls_state(data, FAILURE);
875 eap_ttls_state(data, PHASE2_METHOD);
876 next_type = sm->user->methods[0].method;
877 sm->user_eap_method_index = 1;
878 wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
879 if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
880 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
881 "EAP type %d", next_type);
882 eap_ttls_state(data, FAILURE);
886 eap_ttls_state(data, SUCCESS);
891 wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
892 __func__, data->state);
898 static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
899 struct eap_ttls_data *data,
900 const u8 *eap, size_t eap_len)
905 if (data->state == PHASE2_START) {
906 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
907 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0)
909 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
910 "initialize EAP-Identity");
915 if (eap_len < sizeof(*hdr)) {
916 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP "
917 "packet (len=%lu)", (unsigned long) eap_len);
921 hdr = (struct eap_hdr *) eap;
922 len = be_to_host16(hdr->length);
923 wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d "
924 "identifier=%d length=%lu", hdr->code, hdr->identifier,
925 (unsigned long) len);
927 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2"
928 " EAP frame (hdr len=%lu, data len in AVP=%lu)",
929 (unsigned long) len, (unsigned long) eap_len);
934 case EAP_CODE_RESPONSE:
935 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr,
939 wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in "
940 "Phase 2 EAP header", hdr->code);
946 static void eap_ttls_process_phase2(struct eap_sm *sm,
947 struct eap_ttls_data *data,
948 struct wpabuf *in_buf)
950 struct wpabuf *in_decrypted;
951 struct eap_ttls_avp parse;
953 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
954 " Phase 2", (unsigned long) wpabuf_len(in_buf));
956 if (data->pending_phase2_eap_resp) {
957 wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 EAP response "
958 "- skip decryption and use old data");
959 eap_ttls_process_phase2_eap(
960 sm, data, wpabuf_head(data->pending_phase2_eap_resp),
961 wpabuf_len(data->pending_phase2_eap_resp));
962 wpabuf_free(data->pending_phase2_eap_resp);
963 data->pending_phase2_eap_resp = NULL;
967 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
969 if (in_decrypted == NULL) {
970 wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
972 eap_ttls_state(data, FAILURE);
976 wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
979 if (eap_ttls_avp_parse(in_decrypted, &parse) < 0) {
980 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs");
981 wpabuf_free(in_decrypted);
982 eap_ttls_state(data, FAILURE);
986 if (parse.user_name) {
987 os_free(sm->identity);
988 sm->identity = os_malloc(parse.user_name_len);
989 if (sm->identity == NULL) {
990 eap_ttls_state(data, FAILURE);
993 os_memcpy(sm->identity, parse.user_name, parse.user_name_len);
994 sm->identity_len = parse.user_name_len;
995 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1)
997 wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not "
998 "found in the user database");
999 eap_ttls_state(data, FAILURE);
1004 #ifdef EAP_SERVER_TNC
1005 if (data->tnc_started && parse.eap == NULL) {
1006 wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
1007 "response from peer");
1008 eap_ttls_state(data, FAILURE);
1011 #endif /* EAP_SERVER_TNC */
1014 eap_ttls_process_phase2_eap(sm, data, parse.eap,
1016 } else if (parse.user_password) {
1017 eap_ttls_process_phase2_pap(sm, data, parse.user_password,
1018 parse.user_password_len);
1019 } else if (parse.chap_password) {
1020 eap_ttls_process_phase2_chap(sm, data,
1021 parse.chap_challenge,
1022 parse.chap_challenge_len,
1023 parse.chap_password,
1024 parse.chap_password_len);
1025 } else if (parse.mschap_response) {
1026 eap_ttls_process_phase2_mschap(sm, data,
1027 parse.mschap_challenge,
1028 parse.mschap_challenge_len,
1029 parse.mschap_response,
1030 parse.mschap_response_len);
1031 } else if (parse.mschap2_response) {
1032 eap_ttls_process_phase2_mschapv2(sm, data,
1033 parse.mschap_challenge,
1034 parse.mschap_challenge_len,
1035 parse.mschap2_response,
1036 parse.mschap2_response_len);
1040 wpabuf_free(in_decrypted);
1045 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
1047 #ifdef EAP_SERVER_TNC
1048 if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
1051 wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
1052 if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
1053 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
1054 eap_ttls_state(data, FAILURE);
1058 data->tnc_started = 1;
1059 eap_ttls_state(data, PHASE2_METHOD);
1060 #endif /* EAP_SERVER_TNC */
1064 static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
1067 struct eap_ttls_data *data = priv;
1068 if (peer_version < data->ttls_version) {
1069 wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; "
1071 peer_version, data->ttls_version, peer_version);
1072 data->ttls_version = peer_version;
1079 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
1080 const struct wpabuf *respData)
1082 struct eap_ttls_data *data = priv;
1084 switch (data->state) {
1086 if (eap_server_tls_phase1(sm, &data->ssl) < 0)
1087 eap_ttls_state(data, FAILURE);
1091 eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
1092 eap_ttls_start_tnc(sm, data);
1094 case PHASE2_MSCHAPV2_RESP:
1095 if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
1097 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1098 "acknowledged response");
1099 eap_ttls_state(data, SUCCESS);
1100 } else if (!data->mschapv2_resp_ok) {
1101 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
1102 "acknowledged error");
1103 eap_ttls_state(data, FAILURE);
1105 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected "
1106 "frame from peer (payload len %lu, "
1107 "expected empty frame)",
1109 wpabuf_len(data->ssl.tls_in));
1110 eap_ttls_state(data, FAILURE);
1112 eap_ttls_start_tnc(sm, data);
1115 wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",
1116 data->state, __func__);
1122 static void eap_ttls_process(struct eap_sm *sm, void *priv,
1123 struct wpabuf *respData)
1125 struct eap_ttls_data *data = priv;
1126 if (eap_server_tls_process(sm, &data->ssl, respData, data,
1127 EAP_TYPE_TTLS, eap_ttls_process_version,
1128 eap_ttls_process_msg) < 0)
1129 eap_ttls_state(data, FAILURE);
1133 static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
1135 struct eap_ttls_data *data = priv;
1136 return data->state == SUCCESS || data->state == FAILURE;
1140 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
1142 struct eap_ttls_data *data = priv;
1145 if (data->state != SUCCESS)
1148 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
1149 "ttls keying material",
1152 *len = EAP_TLS_KEY_LEN;
1153 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
1154 eapKeyData, EAP_TLS_KEY_LEN);
1156 wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
1163 static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
1165 struct eap_ttls_data *data = priv;
1166 return data->state == SUCCESS;
1170 int eap_server_ttls_register(void)
1172 struct eap_method *eap;
1175 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1176 EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS");
1180 eap->init = eap_ttls_init;
1181 eap->reset = eap_ttls_reset;
1182 eap->buildReq = eap_ttls_buildReq;
1183 eap->check = eap_ttls_check;
1184 eap->process = eap_ttls_process;
1185 eap->isDone = eap_ttls_isDone;
1186 eap->getKey = eap_ttls_getKey;
1187 eap->isSuccess = eap_ttls_isSuccess;
1189 ret = eap_server_method_register(eap);
1191 eap_server_method_free(eap);