2 * hostapd / EAP-TLS/PEAP/TTLS/FAST common functions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
19 #include "eap_tls_common.h"
24 int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
28 data->phase2 = sm->init_phase2;
30 data->conn = tls_connection_init(sm->ssl_ctx);
31 if (data->conn == NULL) {
32 wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
37 if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
38 wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
39 "of TLS peer certificate");
40 tls_connection_deinit(sm->ssl_ctx, data->conn);
45 /* TODO: make this configurable */
46 data->tls_out_limit = 1398;
48 /* Limit the fragment size in the inner TLS authentication
49 * since the outer authentication with EAP-PEAP does not yet
50 * support fragmentation */
51 if (data->tls_out_limit > 100)
52 data->tls_out_limit -= 100;
58 void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
60 tls_connection_deinit(sm->ssl_ctx, data->conn);
61 os_free(data->in_buf);
62 os_free(data->out_buf);
66 u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
67 char *label, size_t len)
76 if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
80 if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
83 if (keys.client_random == NULL || keys.server_random == NULL ||
84 keys.master_key == NULL)
87 rnd = os_malloc(keys.client_random_len + keys.server_random_len);
90 os_memcpy(rnd, keys.client_random, keys.client_random_len);
91 os_memcpy(rnd + keys.client_random_len, keys.server_random,
92 keys.server_random_len);
94 if (tls_prf(keys.master_key, keys.master_key_len,
95 label, rnd, keys.client_random_len +
96 keys.server_random_len, out, len))
109 struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
110 int eap_type, int version, u8 id)
114 size_t send_len, plen;
116 wpa_printf(MSG_DEBUG, "SSL: Generating Request");
117 if (data->out_buf == NULL) {
118 wpa_printf(MSG_ERROR, "SSL: out_buf NULL in %s", __func__);
123 send_len = wpabuf_len(data->out_buf) - data->out_used;
124 if (1 + send_len > data->tls_out_limit) {
125 send_len = data->tls_out_limit - 1;
126 flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
127 if (data->out_used == 0) {
128 flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
134 if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
137 req = eap_msg_alloc(EAP_VENDOR_IETF, eap_type, plen,
138 EAP_CODE_REQUEST, id);
142 wpabuf_put_u8(req, flags); /* Flags */
143 if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
144 wpabuf_put_be32(req, wpabuf_len(data->out_buf));
146 wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used,
148 data->out_used += send_len;
150 if (data->out_used == wpabuf_len(data->out_buf)) {
151 wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
152 "(message sent completely)",
153 (unsigned long) send_len);
154 wpabuf_free(data->out_buf);
155 data->out_buf = NULL;
159 wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
160 "(%lu more to send)", (unsigned long) send_len,
161 (unsigned long) wpabuf_len(data->out_buf) -
163 data->state = WAIT_FRAG_ACK;
170 struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version)
174 req = eap_msg_alloc(EAP_VENDOR_IETF, eap_type, 1, EAP_CODE_REQUEST,
178 wpa_printf(MSG_DEBUG, "SSL: Building ACK");
179 wpabuf_put_u8(req, version); /* Flags */
184 static int eap_server_tls_process_cont(struct eap_ssl_data *data,
185 const u8 *buf, size_t len)
187 /* Process continuation of a pending message */
188 if (len > wpabuf_tailroom(data->in_buf)) {
189 wpa_printf(MSG_DEBUG, "SSL: Fragment overflow");
193 wpabuf_put_data(data->in_buf, buf, len);
194 wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes, waiting for %lu "
195 "bytes more", (unsigned long) len,
196 (unsigned long) wpabuf_tailroom(data->in_buf));
202 static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
203 u8 flags, u32 message_length,
204 const u8 *buf, size_t len)
206 /* Process a fragment that is not the last one of the message */
207 if (data->in_buf == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
208 wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "
209 "fragmented packet");
213 if (data->in_buf == NULL) {
214 /* First fragment of the message */
216 /* Limit length to avoid rogue peers from causing large
217 * memory allocations. */
218 if (message_length > 65536) {
219 wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
224 data->in_buf = wpabuf_alloc(message_length);
225 if (data->in_buf == NULL) {
226 wpa_printf(MSG_DEBUG, "SSL: No memory for message");
229 wpabuf_put_data(data->in_buf, buf, len);
230 wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "
231 "fragment, waiting for %lu bytes more",
233 (unsigned long) wpabuf_tailroom(data->in_buf));
240 int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
245 next = tls_connection_server_handshake(
246 sm->ssl_ctx, data->conn,
247 wpabuf_mhead(data->in_buf),
248 wpabuf_len(data->in_buf),
251 wpa_printf(MSG_INFO, "SSL: TLS processing failed");
255 /* This should not happen.. */
256 wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
257 "processing new message");
258 os_free(data->out_buf);
259 WPA_ASSERT(data->out_buf == NULL);
261 data->out_buf = wpabuf_alloc_ext_data(next, next_len);
262 if (data->out_buf == NULL) {
270 static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
271 const u8 **pos, size_t *left)
273 unsigned int tls_msg_len = 0;
274 const u8 *end = *pos + *left;
276 if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) {
278 wpa_printf(MSG_INFO, "SSL: Short frame with TLS "
282 tls_msg_len = WPA_GET_BE32(*pos);
283 wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d",
289 wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x "
290 "Message Length %u", flags, tls_msg_len);
292 if (data->state == WAIT_FRAG_ACK) {
294 wpa_printf(MSG_DEBUG, "SSL: Unexpected payload in "
295 "WAIT_FRAG_ACK state");
298 wpa_printf(MSG_DEBUG, "SSL: Fragment acknowledged");
303 eap_server_tls_process_cont(data, *pos, end - *pos) < 0)
306 if (flags & EAP_TLS_FLAGS_MORE_FRAGMENTS) {
307 if (eap_server_tls_process_fragment(data, flags, tls_msg_len,
308 *pos, end - *pos) < 0)
311 data->state = FRAG_ACK;
315 if (data->state == FRAG_ACK) {
316 wpa_printf(MSG_DEBUG, "SSL: All fragments received");
320 if (data->in_buf == NULL) {
321 /* Wrap unfragmented messages as wpabuf without extra copy */
322 wpabuf_set(&data->tmpbuf, *pos, end - *pos);
323 data->in_buf = &data->tmpbuf;
330 static void eap_server_tls_free_in_buf(struct eap_ssl_data *data)
332 if (data->in_buf != &data->tmpbuf)
333 wpabuf_free(data->in_buf);
338 struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
339 struct eap_ssl_data *data,
340 const u8 *plain, size_t plain_len)
346 /* reserve some extra room for encryption overhead */
347 buf_len = plain_len + 200;
348 buf = wpabuf_alloc(buf_len);
351 res = tls_connection_encrypt(sm->ssl_ctx, data->conn,
352 plain, plain_len, wpabuf_put(buf, 0),
355 wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 data");
360 wpabuf_put(buf, res);
366 int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
367 struct wpabuf *respData, void *priv, int eap_type,
368 int (*proc_version)(struct eap_sm *sm, void *priv,
370 void (*proc_msg)(struct eap_sm *sm, void *priv,
371 const struct wpabuf *respData))
378 pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData, &left);
379 if (pos == NULL || left < 1)
380 return 0; /* Should not happen - frame already validated */
383 wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - Flags 0x%02x",
384 (unsigned long) wpabuf_len(respData), flags);
387 proc_version(sm, priv, flags & EAP_TLS_VERSION_MASK) < 0)
390 ret = eap_server_tls_reassemble(data, flags, &pos, &left);
398 proc_msg(sm, priv, respData);
400 if (tls_connection_get_write_alerts(sm->ssl_ctx, data->conn) > 1) {
401 wpa_printf(MSG_INFO, "SSL: Locally detected fatal error in "
407 eap_server_tls_free_in_buf(data);