git.maemo.org Git - wpasupplicant/blob - src/eap_peer/eap_peap.c

   1 /*
   2  * EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
   3  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16
  17 #include "common.h"
  18 #include "eap_i.h"
  19 #include "eap_tls_common.h"
  20 #include "eap_config.h"
  21 #include "tls.h"
  22 #include "eap_tlv.h"
  23
  24
  25 /* Maximum supported PEAP version
  26  * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
  27  * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
  28  * 2 = draft-josefsson-ppext-eap-tls-eap-10.txt
  29  */
  30 #define EAP_PEAP_VERSION 1
  31
  32
  33 static void eap_peap_deinit(struct eap_sm *sm, void *priv);
  34
  35
  36 struct eap_peap_data {
  37         struct eap_ssl_data ssl;
  38
  39         int peap_version, force_peap_version, force_new_label;
  40
  41         const struct eap_method *phase2_method;
  42         void *phase2_priv;
  43         int phase2_success;
  44         int phase2_eap_success;
  45         int phase2_eap_started;
  46
  47         struct eap_method_type phase2_type;
  48         struct eap_method_type *phase2_types;
  49         size_t num_phase2_types;
  50
  51         int peap_outer_success; /* 0 = PEAP terminated on Phase 2 inner
  52                                  * EAP-Success
  53                                  * 1 = reply with tunneled EAP-Success to inner
  54                                  * EAP-Success and expect AS to send outer
  55                                  * (unencrypted) EAP-Success after this
  56                                  * 2 = reply with PEAP/TLS ACK to inner
  57                                  * EAP-Success and expect AS to send outer
  58                                  * (unencrypted) EAP-Success after this */
  59         int resuming; /* starting a resumed session */
  60         u8 *key_data;
  61
  62         struct wpabuf *pending_phase2_req;
  63 };
  64
  65
  66 static int eap_peap_parse_phase1(struct eap_peap_data *data,
  67                                  const char *phase1)
  68 {
  69         const char *pos;
  70
  71         pos = os_strstr(phase1, "peapver=");
  72         if (pos) {
  73                 data->force_peap_version = atoi(pos + 8);
  74                 data->peap_version = data->force_peap_version;
  75                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Forced PEAP version %d",
  76                            data->force_peap_version);
  77         }
  78
  79         if (os_strstr(phase1, "peaplabel=1")) {
  80                 data->force_new_label = 1;
  81                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Force new label for key "
  82                            "derivation");
  83         }
  84
  85         if (os_strstr(phase1, "peap_outer_success=0")) {
  86                 data->peap_outer_success = 0;
  87                 wpa_printf(MSG_DEBUG, "EAP-PEAP: terminate authentication on "
  88                            "tunneled EAP-Success");
  89         } else if (os_strstr(phase1, "peap_outer_success=1")) {
  90                 data->peap_outer_success = 1;
  91                 wpa_printf(MSG_DEBUG, "EAP-PEAP: send tunneled EAP-Success "
  92                            "after receiving tunneled EAP-Success");
  93         } else if (os_strstr(phase1, "peap_outer_success=2")) {
  94                 data->peap_outer_success = 2;
  95                 wpa_printf(MSG_DEBUG, "EAP-PEAP: send PEAP/TLS ACK after "
  96                            "receiving tunneled EAP-Success");
  97         }
  98
  99         return 0;
 100 }
 101
 102
 103 static void * eap_peap_init(struct eap_sm *sm)
 104 {
 105         struct eap_peap_data *data;
 106         struct eap_peer_config *config = eap_get_config(sm);
 107
 108         data = os_zalloc(sizeof(*data));
 109         if (data == NULL)
 110                 return NULL;
 111         sm->peap_done = FALSE;
 112         data->peap_version = EAP_PEAP_VERSION;
 113         data->force_peap_version = -1;
 114         data->peap_outer_success = 2;
 115
 116         if (config && config->phase1 &&
 117             eap_peap_parse_phase1(data, config->phase1) < 0) {
 118                 eap_peap_deinit(sm, data);
 119                 return NULL;
 120         }
 121
 122         if (eap_peer_select_phase2_methods(config, "auth=",
 123                                            &data->phase2_types,
 124                                            &data->num_phase2_types) < 0) {
 125                 eap_peap_deinit(sm, data);
 126                 return NULL;
 127         }
 128
 129         data->phase2_type.vendor = EAP_VENDOR_IETF;
 130         data->phase2_type.method = EAP_TYPE_NONE;
 131
 132         if (eap_peer_tls_ssl_init(sm, &data->ssl, config)) {
 133                 wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
 134                 eap_peap_deinit(sm, data);
 135                 return NULL;
 136         }
 137
 138         return data;
 139 }
 140
 141
 142 static void eap_peap_deinit(struct eap_sm *sm, void *priv)
 143 {
 144         struct eap_peap_data *data = priv;
 145         if (data == NULL)
 146                 return;
 147         if (data->phase2_priv && data->phase2_method)
 148                 data->phase2_method->deinit(sm, data->phase2_priv);
 149         os_free(data->phase2_types);
 150         eap_peer_tls_ssl_deinit(sm, &data->ssl);
 151         os_free(data->key_data);
 152         wpabuf_free(data->pending_phase2_req);
 153         os_free(data);
 154 }
 155
 156
 157 static struct wpabuf * eap_peapv2_tlv_eap_payload(struct wpabuf *buf)
 158 {
 159         struct wpabuf *e;
 160         struct eap_tlv_hdr *tlv;
 161
 162         if (buf == NULL)
 163                 return NULL;
 164
 165         /* Encapsulate EAP packet in EAP-Payload TLV */
 166         wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Add EAP-Payload TLV");
 167         e = wpabuf_alloc(sizeof(*tlv) + wpabuf_len(buf));
 168         if (e == NULL) {
 169                 wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Failed to allocate memory "
 170                            "for TLV encapsulation");
 171                 wpabuf_free(buf);
 172                 return NULL;
 173         }
 174         tlv = wpabuf_put(e, sizeof(*tlv));
 175         tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
 176                                      EAP_TLV_EAP_PAYLOAD_TLV);
 177         tlv->length = host_to_be16(wpabuf_len(buf));
 178         wpabuf_put_buf(e, buf);
 179         wpabuf_free(buf);
 180         return e;
 181 }
 182
 183
 184 static int eap_peap_phase2_request(struct eap_sm *sm,
 185                                    struct eap_peap_data *data,
 186                                    struct eap_method_ret *ret,
 187                                    struct wpabuf *req,
 188                                    struct wpabuf **resp)
 189 {
 190         struct eap_hdr *hdr = wpabuf_mhead(req);
 191         size_t len = be_to_host16(hdr->length);
 192         u8 *pos;
 193         struct eap_method_ret iret;
 194         struct eap_peer_config *config = eap_get_config(sm);
 195
 196         if (len <= sizeof(struct eap_hdr)) {
 197                 wpa_printf(MSG_INFO, "EAP-PEAP: too short "
 198                            "Phase 2 request (len=%lu)", (unsigned long) len);
 199                 return -1;
 200         }
 201         pos = (u8 *) (hdr + 1);
 202         wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: type=%d", *pos);
 203         switch (*pos) {
 204         case EAP_TYPE_IDENTITY:
 205                 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
 206                 break;
 207         case EAP_TYPE_TLV:
 208                 os_memset(&iret, 0, sizeof(iret));
 209                 if (eap_tlv_process(sm, &iret, req, resp,
 210                                     data->phase2_eap_started &&
 211                                     !data->phase2_eap_success)) {
 212                         ret->methodState = METHOD_DONE;
 213                         ret->decision = DECISION_FAIL;
 214                         return -1;
 215                 }
 216                 if (iret.methodState == METHOD_DONE ||
 217                     iret.methodState == METHOD_MAY_CONT) {
 218                         ret->methodState = iret.methodState;
 219                         ret->decision = iret.decision;
 220                         data->phase2_success = 1;
 221                 }
 222                 break;
 223         default:
 224                 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
 225                     data->phase2_type.method == EAP_TYPE_NONE) {
 226                         size_t i;
 227                         for (i = 0; i < data->num_phase2_types; i++) {
 228                                 if (data->phase2_types[i].vendor !=
 229                                     EAP_VENDOR_IETF ||
 230                                     data->phase2_types[i].method != *pos)
 231                                         continue;
 232
 233                                 data->phase2_type.vendor =
 234                                         data->phase2_types[i].vendor;
 235                                 data->phase2_type.method =
 236                                         data->phase2_types[i].method;
 237                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Selected "
 238                                            "Phase 2 EAP vendor %d method %d",
 239                                            data->phase2_type.vendor,
 240                                            data->phase2_type.method);
 241                                 break;
 242                         }
 243                 }
 244                 if (*pos != data->phase2_type.method ||
 245                     *pos == EAP_TYPE_NONE) {
 246                         if (eap_peer_tls_phase2_nak(data->phase2_types,
 247                                                     data->num_phase2_types,
 248                                                     hdr, resp))
 249                                 return -1;
 250                         return 0;
 251                 }
 252
 253                 if (data->phase2_priv == NULL) {
 254                         data->phase2_method = eap_peer_get_eap_method(
 255                                 data->phase2_type.vendor,
 256                                 data->phase2_type.method);
 257                         if (data->phase2_method) {
 258                                 sm->init_phase2 = 1;
 259                                 data->phase2_priv =
 260                                         data->phase2_method->init(sm);
 261                                 sm->init_phase2 = 0;
 262                         }
 263                 }
 264                 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
 265                         wpa_printf(MSG_INFO, "EAP-PEAP: failed to initialize "
 266                                    "Phase 2 EAP method %d", *pos);
 267                         ret->methodState = METHOD_DONE;
 268                         ret->decision = DECISION_FAIL;
 269                         return -1;
 270                 }
 271                 data->phase2_eap_started = 1;
 272                 os_memset(&iret, 0, sizeof(iret));
 273                 *resp = data->phase2_method->process(sm, data->phase2_priv,
 274                                                      &iret, req);
 275                 if ((iret.methodState == METHOD_DONE ||
 276                      iret.methodState == METHOD_MAY_CONT) &&
 277                     (iret.decision == DECISION_UNCOND_SUCC ||
 278                      iret.decision == DECISION_COND_SUCC)) {
 279                         data->phase2_eap_success = 1;
 280                         data->phase2_success = 1;
 281                 }
 282                 break;
 283         }
 284
 285         if (*resp == NULL &&
 286             (config->pending_req_identity || config->pending_req_password ||
 287              config->pending_req_otp || config->pending_req_new_password)) {
 288                 wpabuf_free(data->pending_phase2_req);
 289                 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
 290         }
 291
 292         return 0;
 293 }
 294
 295
 296 static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
 297                             struct eap_method_ret *ret,
 298                             const struct eap_hdr *req,
 299                             const struct wpabuf *in_data,
 300                             struct wpabuf **out_data)
 301 {
 302         struct wpabuf *in_decrypted = NULL;
 303         int res, skip_change = 0;
 304         struct eap_hdr *hdr, *rhdr;
 305         struct wpabuf *resp = NULL;
 306         size_t len;
 307
 308         wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
 309                    " Phase 2", (unsigned long) wpabuf_len(in_data));
 310
 311         if (data->pending_phase2_req) {
 312                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
 313                            "skip decryption and use old data");
 314                 /* Clear TLS reassembly state. */
 315                 eap_peer_tls_reset_input(&data->ssl);
 316                 in_decrypted = data->pending_phase2_req;
 317                 data->pending_phase2_req = NULL;
 318                 skip_change = 1;
 319                 goto continue_req;
 320         }
 321
 322         if (wpabuf_len(in_data) == 0 && sm->workaround &&
 323             data->phase2_success) {
 324                 /*
 325                  * Cisco ACS seems to be using TLS ACK to terminate
 326                  * EAP-PEAPv0/GTC. Try to reply with TLS ACK.
 327                  */
 328                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Received TLS ACK, but "
 329                            "expected data - acknowledge with TLS ACK since "
 330                            "Phase 2 has been completed");
 331                 ret->decision = DECISION_COND_SUCC;
 332                 ret->methodState = METHOD_DONE;
 333                 return 1;
 334         } else if (wpabuf_len(in_data) == 0) {
 335                 /* Received TLS ACK - requesting more fragments */
 336                 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
 337                                             data->peap_version,
 338                                             req->identifier, NULL, out_data);
 339         }
 340
 341         res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
 342         if (res)
 343                 return res;
 344
 345 continue_req:
 346         wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP",
 347                         in_decrypted);
 348
 349         hdr = wpabuf_mhead(in_decrypted);
 350         if (wpabuf_len(in_decrypted) == 5 && hdr->code == EAP_CODE_REQUEST &&
 351             be_to_host16(hdr->length) == 5 &&
 352             eap_get_type(in_decrypted) == EAP_TYPE_IDENTITY) {
 353                 /* At least FreeRADIUS seems to send full EAP header with
 354                  * EAP Request Identity */
 355                 skip_change = 1;
 356         }
 357         if (wpabuf_len(in_decrypted) >= 5 && hdr->code == EAP_CODE_REQUEST &&
 358             eap_get_type(in_decrypted) == EAP_TYPE_TLV) {
 359                 skip_change = 1;
 360         }
 361
 362         if (data->peap_version == 0 && !skip_change) {
 363                 struct eap_hdr *nhdr;
 364                 struct wpabuf *nmsg = wpabuf_alloc(sizeof(struct eap_hdr) +
 365                                                    wpabuf_len(in_decrypted));
 366                 if (nmsg == NULL) {
 367                         wpabuf_free(in_decrypted);
 368                         return 0;
 369                 }
 370                 nhdr = wpabuf_put(nmsg, sizeof(*nhdr));
 371                 wpabuf_put_buf(nmsg, in_decrypted);
 372                 nhdr->code = req->code;
 373                 nhdr->identifier = req->identifier;
 374                 nhdr->length = host_to_be16(sizeof(struct eap_hdr) +
 375                                             wpabuf_len(in_decrypted));
 376
 377                 wpabuf_free(in_decrypted);
 378                 in_decrypted = nmsg;
 379         }
 380
 381         if (data->peap_version >= 2) {
 382                 struct eap_tlv_hdr *tlv;
 383                 struct wpabuf *nmsg;
 384
 385                 if (wpabuf_len(in_decrypted) < sizeof(*tlv) + sizeof(*hdr)) {
 386                         wpa_printf(MSG_INFO, "EAP-PEAPv2: Too short Phase 2 "
 387                                    "EAP TLV");
 388                         wpabuf_free(in_decrypted);
 389                         return 0;
 390                 }
 391                 tlv = wpabuf_mhead(in_decrypted);
 392                 if ((be_to_host16(tlv->tlv_type) & 0x3fff) !=
 393                     EAP_TLV_EAP_PAYLOAD_TLV) {
 394                         wpa_printf(MSG_INFO, "EAP-PEAPv2: Not an EAP TLV");
 395                         wpabuf_free(in_decrypted);
 396                         return 0;
 397                 }
 398                 if (sizeof(*tlv) + be_to_host16(tlv->length) >
 399                     wpabuf_len(in_decrypted)) {
 400                         wpa_printf(MSG_INFO, "EAP-PEAPv2: Invalid EAP TLV "
 401                                    "length");
 402                         wpabuf_free(in_decrypted);
 403                         return 0;
 404                 }
 405                 hdr = (struct eap_hdr *) (tlv + 1);
 406                 if (be_to_host16(hdr->length) > be_to_host16(tlv->length)) {
 407                         wpa_printf(MSG_INFO, "EAP-PEAPv2: No room for full "
 408                                    "EAP packet in EAP TLV");
 409                         wpabuf_free(in_decrypted);
 410                         return 0;
 411                 }
 412
 413                 nmsg = wpabuf_alloc(be_to_host16(hdr->length));
 414                 if (nmsg == NULL) {
 415                         wpabuf_free(in_decrypted);
 416                         return 0;
 417                 }
 418
 419                 wpabuf_put_data(nmsg, hdr, be_to_host16(hdr->length));
 420                 wpabuf_free(in_decrypted);
 421                 in_decrypted = nmsg;
 422         }
 423
 424         hdr = wpabuf_mhead(in_decrypted);
 425         if (wpabuf_len(in_decrypted) < sizeof(*hdr)) {
 426                 wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
 427                            "EAP frame (len=%lu)",
 428                            (unsigned long) wpabuf_len(in_decrypted));
 429                 wpabuf_free(in_decrypted);
 430                 return 0;
 431         }
 432         len = be_to_host16(hdr->length);
 433         if (len > wpabuf_len(in_decrypted)) {
 434                 wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in "
 435                            "Phase 2 EAP frame (len=%lu hdr->length=%lu)",
 436                            (unsigned long) wpabuf_len(in_decrypted),
 437                            (unsigned long) len);
 438                 wpabuf_free(in_decrypted);
 439                 return 0;
 440         }
 441         if (len < wpabuf_len(in_decrypted)) {
 442                 wpa_printf(MSG_INFO, "EAP-PEAP: Odd.. Phase 2 EAP header has "
 443                            "shorter length than full decrypted data "
 444                            "(%lu < %lu)",
 445                            (unsigned long) len,
 446                            (unsigned long) wpabuf_len(in_decrypted));
 447         }
 448         wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d "
 449                    "identifier=%d length=%lu", hdr->code, hdr->identifier,
 450                    (unsigned long) len);
 451         switch (hdr->code) {
 452         case EAP_CODE_REQUEST:
 453                 if (eap_peap_phase2_request(sm, data, ret, in_decrypted,
 454                                             &resp)) {
 455                         wpabuf_free(in_decrypted);
 456                         wpa_printf(MSG_INFO, "EAP-PEAP: Phase2 Request "
 457                                    "processing failed");
 458                         return 0;
 459                 }
 460                 break;
 461         case EAP_CODE_SUCCESS:
 462                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
 463                 if (data->peap_version == 1) {
 464                         /* EAP-Success within TLS tunnel is used to indicate
 465                          * shutdown of the TLS channel. The authentication has
 466                          * been completed. */
 467                         if (data->phase2_eap_started &&
 468                             !data->phase2_eap_success) {
 469                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
 470                                            "Success used to indicate success, "
 471                                            "but Phase 2 EAP was not yet "
 472                                            "completed successfully");
 473                                 ret->methodState = METHOD_DONE;
 474                                 ret->decision = DECISION_FAIL;
 475                                 wpabuf_free(in_decrypted);
 476                                 return 0;
 477                         }
 478                         wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
 479                                    "EAP-Success within TLS tunnel - "
 480                                    "authentication completed");
 481                         ret->decision = DECISION_UNCOND_SUCC;
 482                         ret->methodState = METHOD_DONE;
 483                         data->phase2_success = 1;
 484                         if (data->peap_outer_success == 2) {
 485                                 wpabuf_free(in_decrypted);
 486                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Use TLS ACK "
 487                                            "to finish authentication");
 488                                 return 1;
 489                         } else if (data->peap_outer_success == 1) {
 490                                 /* Reply with EAP-Success within the TLS
 491                                  * channel to complete the authentication. */
 492                                 resp = wpabuf_alloc(sizeof(struct eap_hdr));
 493                                 if (resp) {
 494                                         rhdr = wpabuf_put(resp, sizeof(*rhdr));
 495                                         rhdr->code = EAP_CODE_SUCCESS;
 496                                         rhdr->identifier = hdr->identifier;
 497                                         rhdr->length =
 498                                                 host_to_be16(sizeof(*rhdr));
 499                                 }
 500                         } else {
 501                                 /* No EAP-Success expected for Phase 1 (outer,
 502                                  * unencrypted auth), so force EAP state
 503                                  * machine to SUCCESS state. */
 504                                 sm->peap_done = TRUE;
 505                         }
 506                 } else {
 507                         /* FIX: ? */
 508                 }
 509                 break;
 510         case EAP_CODE_FAILURE:
 511                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure");
 512                 ret->decision = DECISION_FAIL;
 513                 ret->methodState = METHOD_MAY_CONT;
 514                 ret->allowNotifications = FALSE;
 515                 /* Reply with EAP-Failure within the TLS channel to complete
 516                  * failure reporting. */
 517                 resp = wpabuf_alloc(sizeof(struct eap_hdr));
 518                 if (resp) {
 519                         rhdr = wpabuf_put(resp, sizeof(*rhdr));
 520                         rhdr->code = EAP_CODE_FAILURE;
 521                         rhdr->identifier = hdr->identifier;
 522                         rhdr->length = host_to_be16(sizeof(*rhdr));
 523                 }
 524                 break;
 525         default:
 526                 wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in "
 527                            "Phase 2 EAP header", hdr->code);
 528                 break;
 529         }
 530
 531         wpabuf_free(in_decrypted);
 532
 533         if (resp) {
 534                 int skip_change2 = 0;
 535                 struct wpabuf *rmsg, buf;
 536
 537                 wpa_hexdump_buf_key(MSG_DEBUG,
 538                                     "EAP-PEAP: Encrypting Phase 2 data", resp);
 539                 /* PEAP version changes */
 540                 if (data->peap_version >= 2) {
 541                         resp = eap_peapv2_tlv_eap_payload(resp);
 542                         if (resp == NULL)
 543                                 return -1;
 544                 }
 545                 if (wpabuf_len(resp) >= 5 &&
 546                     wpabuf_head_u8(resp)[0] == EAP_CODE_RESPONSE &&
 547                     eap_get_type(resp) == EAP_TYPE_TLV)
 548                         skip_change2 = 1;
 549                 rmsg = resp;
 550                 if (data->peap_version == 0 && !skip_change2) {
 551                         wpabuf_set(&buf, wpabuf_head_u8(resp) +
 552                                    sizeof(struct eap_hdr),
 553                                    wpabuf_len(resp) - sizeof(struct eap_hdr));
 554                         rmsg = &buf;
 555                 }
 556
 557                 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
 558                                          data->peap_version, req->identifier,
 559                                          rmsg, out_data)) {
 560                         wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt "
 561                                    "a Phase 2 frame");
 562                 }
 563                 wpabuf_free(resp);
 564         }
 565
 566         return 0;
 567 }
 568
 569
 570 static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 571                                         struct eap_method_ret *ret,
 572                                         const struct wpabuf *reqData)
 573 {
 574         const struct eap_hdr *req;
 575         size_t left;
 576         int res;
 577         u8 flags, id;
 578         struct wpabuf *resp;
 579         const u8 *pos;
 580         struct eap_peap_data *data = priv;
 581
 582         pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
 583                                         reqData, &left, &flags);
 584         if (pos == NULL)
 585                 return NULL;
 586         req = wpabuf_head(reqData);
 587         id = req->identifier;
 588
 589         if (flags & EAP_TLS_FLAGS_START) {
 590                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own "
 591                            "ver=%d)", flags & EAP_PEAP_VERSION_MASK,
 592                         data->peap_version);
 593                 if ((flags & EAP_PEAP_VERSION_MASK) < data->peap_version)
 594                         data->peap_version = flags & EAP_PEAP_VERSION_MASK;
 595                 if (data->force_peap_version >= 0 &&
 596                     data->force_peap_version != data->peap_version) {
 597                         wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select "
 598                                    "forced PEAP version %d",
 599                                    data->force_peap_version);
 600                         ret->methodState = METHOD_DONE;
 601                         ret->decision = DECISION_FAIL;
 602                         ret->allowNotifications = FALSE;
 603                         return NULL;
 604                 }
 605                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Using PEAP version %d",
 606                            data->peap_version);
 607                 left = 0; /* make sure that this frame is empty, even though it
 608                            * should always be, anyway */
 609         }
 610
 611         resp = NULL;
 612         if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
 613             !data->resuming) {
 614                 struct wpabuf msg;
 615                 wpabuf_set(&msg, pos, left);
 616                 res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
 617         } else {
 618                 res = eap_peer_tls_process_helper(sm, &data->ssl,
 619                                                   EAP_TYPE_PEAP,
 620                                                   data->peap_version, id, pos,
 621                                                   left, &resp);
 622
 623                 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 624                         char *label;
 625                         wpa_printf(MSG_DEBUG,
 626                                    "EAP-PEAP: TLS done, proceed to Phase 2");
 627                         os_free(data->key_data);
 628                         /* draft-josefsson-ppext-eap-tls-eap-05.txt
 629                          * specifies that PEAPv1 would use "client PEAP
 630                          * encryption" as the label. However, most existing
 631                          * PEAPv1 implementations seem to be using the old
 632                          * label, "client EAP encryption", instead. Use the old
 633                          * label by default, but allow it to be configured with
 634                          * phase1 parameter peaplabel=1. */
 635                         if (data->peap_version > 1 || data->force_new_label)
 636                                 label = "client PEAP encryption";
 637                         else
 638                                 label = "client EAP encryption";
 639                         wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
 640                                    "key derivation", label);
 641                         data->key_data =
 642                                 eap_peer_tls_derive_key(sm, &data->ssl, label,
 643                                                         EAP_TLS_KEY_LEN);
 644                         if (data->key_data) {
 645                                 wpa_hexdump_key(MSG_DEBUG,
 646                                                 "EAP-PEAP: Derived key",
 647                                                 data->key_data,
 648                                                 EAP_TLS_KEY_LEN);
 649                         } else {
 650                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
 651                                            "derive key");
 652                         }
 653
 654                         if (sm->workaround && data->resuming) {
 655                                 /*
 656                                  * At least few RADIUS servers (Aegis v1.1.6;
 657                                  * but not v1.1.4; and Cisco ACS) seem to be
 658                                  * terminating PEAPv1 (Aegis) or PEAPv0 (Cisco
 659                                  * ACS) session resumption with outer
 660                                  * EAP-Success. This does not seem to follow
 661                                  * draft-josefsson-pppext-eap-tls-eap-05.txt
 662                                  * section 4.2, so only allow this if EAP
 663                                  * workarounds are enabled.
 664                                  */
 665                                 wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
 666                                            "allow outer EAP-Success to "
 667                                            "terminate PEAP resumption");
 668                                 ret->decision = DECISION_COND_SUCC;
 669                                 data->phase2_success = 1;
 670                         }
 671
 672                         data->resuming = 0;
 673                 }
 674
 675                 if (res == 2) {
 676                         struct wpabuf msg;
 677                         /*
 678                          * Application data included in the handshake message.
 679                          */
 680                         wpabuf_free(data->pending_phase2_req);
 681                         data->pending_phase2_req = resp;
 682                         resp = NULL;
 683                         wpabuf_set(&msg, pos, left);
 684                         res = eap_peap_decrypt(sm, data, ret, req, &msg,
 685                                                &resp);
 686                 }
 687         }
 688
 689         if (ret->methodState == METHOD_DONE) {
 690                 ret->allowNotifications = FALSE;
 691         }
 692
 693         if (res == 1) {
 694                 wpabuf_free(resp);
 695                 return eap_peer_tls_build_ack(id, EAP_TYPE_PEAP,
 696                                               data->peap_version);
 697         }
 698
 699         return resp;
 700 }
 701
 702
 703 static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
 704 {
 705         struct eap_peap_data *data = priv;
 706         return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
 707                 data->phase2_success;
 708 }
 709
 710
 711 static void eap_peap_deinit_for_reauth(struct eap_sm *sm, void *priv)
 712 {
 713         struct eap_peap_data *data = priv;
 714         wpabuf_free(data->pending_phase2_req);
 715         data->pending_phase2_req = NULL;
 716 }
 717
 718
 719 static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
 720 {
 721         struct eap_peap_data *data = priv;
 722         os_free(data->key_data);
 723         data->key_data = NULL;
 724         if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
 725                 os_free(data);
 726                 return NULL;
 727         }
 728         if (data->phase2_priv && data->phase2_method &&
 729             data->phase2_method->init_for_reauth)
 730                 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
 731         data->phase2_success = 0;
 732         data->phase2_eap_success = 0;
 733         data->phase2_eap_started = 0;
 734         data->resuming = 1;
 735         sm->peap_done = FALSE;
 736         return priv;
 737 }
 738
 739
 740 static int eap_peap_get_status(struct eap_sm *sm, void *priv, char *buf,
 741                                size_t buflen, int verbose)
 742 {
 743         struct eap_peap_data *data = priv;
 744         int len, ret;
 745
 746         len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
 747         if (data->phase2_method) {
 748                 ret = os_snprintf(buf + len, buflen - len,
 749                                   "EAP-PEAPv%d Phase2 method=%s\n",
 750                                   data->peap_version,
 751                                   data->phase2_method->name);
 752                 if (ret < 0 || (size_t) ret >= buflen - len)
 753                         return len;
 754                 len += ret;
 755         }
 756         return len;
 757 }
 758
 759
 760 static Boolean eap_peap_isKeyAvailable(struct eap_sm *sm, void *priv)
 761 {
 762         struct eap_peap_data *data = priv;
 763         return data->key_data != NULL && data->phase2_success;
 764 }
 765
 766
 767 static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
 768 {
 769         struct eap_peap_data *data = priv;
 770         u8 *key;
 771
 772         if (data->key_data == NULL || !data->phase2_success)
 773                 return NULL;
 774
 775         key = os_malloc(EAP_TLS_KEY_LEN);
 776         if (key == NULL)
 777                 return NULL;
 778
 779         *len = EAP_TLS_KEY_LEN;
 780         os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
 781
 782         return key;
 783 }
 784
 785
 786 int eap_peer_peap_register(void)
 787 {
 788         struct eap_method *eap;
 789         int ret;
 790
 791         eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
 792                                     EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP");
 793         if (eap == NULL)
 794                 return -1;
 795
 796         eap->init = eap_peap_init;
 797         eap->deinit = eap_peap_deinit;
 798         eap->process = eap_peap_process;
 799         eap->isKeyAvailable = eap_peap_isKeyAvailable;
 800         eap->getKey = eap_peap_getKey;
 801         eap->get_status = eap_peap_get_status;
 802         eap->has_reauth_data = eap_peap_has_reauth_data;
 803         eap->deinit_for_reauth = eap_peap_deinit_for_reauth;
 804         eap->init_for_reauth = eap_peap_init_for_reauth;
 805
 806         ret = eap_peer_method_register(eap);
 807         if (ret)
 808                 eap_peer_method_free(eap);
 809         return ret;
 810 }