projects / wpasupplicant / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wpa_supplicant AP: Add management frame RX for nl80211
[wpasupplicant] / src / eap_server / eap_fast.c
diff --git a/src/eap_server/eap_fast.c b/src/eap_server/eap_fast.c
index fa3c6e5..3563908 100644 (file)
--- a/src/eap_server/eap_fast.c
+++ b/src/eap_server/eap_fast.c
@@ -33,17 +33,6 @@ static void eap_fast_reset(struct eap_sm *sm, void *priv);
 #define PAC_OPAQUE_TYPE_LIFETIME 2
 #define PAC_OPAQUE_TYPE_IDENTITY 3
 
-/* PAC-Key lifetime in seconds (hard limit) */
-#define PAC_KEY_LIFETIME (7 * 24 * 60 * 60)
-
-/*
- * PAC-Key refresh time in seconds (soft limit on remaining hard limit). The
- * server will generate a new PAC-Key when this number of seconds (or fewer)
- * of the lifetime.
- */
-#define PAC_KEY_REFRESH_TIME (1 * 24 * 60 * 60)
-
-
 struct eap_fast_data {
        struct eap_ssl_data ssl;
        enum {
@@ -67,7 +56,9 @@ struct eap_fast_data {
        int simck_idx;
 
        u8 pac_opaque_encr[16];
-       char *srv_id;
+       u8 *srv_id;
+       size_t srv_id_len;
+       char *srv_id_info;
 
        int anon_provisioning;
        int send_new_pac; /* server triggered re-keying of Tunnel PAC */
@@ -76,6 +67,9 @@ struct eap_fast_data {
        size_t identity_len;
        int eap_seq;
        int tnc_started;
+
+       int pac_key_lifetime;
+       int pac_key_refresh_time;
 };
 
 
@@ -247,12 +241,20 @@ static int eap_fast_session_ticket_cb(void *ctx, const u8 *ticket, size_t len,
        if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
                wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore "
                           "(lifetime=%ld now=%ld)", lifetime, now.sec);
-               os_free(buf);
-               return 0;
-       }
-
-       if (lifetime - now.sec < PAC_KEY_REFRESH_TIME)
+               data->send_new_pac = 2;
+               /*
+                * Allow PAC to be used to allow a PAC update with some level
+                * of server authentication (i.e., do not fall back to full TLS
+                * handshake since we cannot be sure that the peer would be
+                * able to validate server certificate now). However, reject
+                * the authentication since the PAC was not valid anymore. Peer
+                * can connect again with the newly provisioned PAC after this.
+                */
+       } else if (lifetime - now.sec < data->pac_key_refresh_time) {
+               wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key soft timeout; send "
+                          "an update if authentication succeeds");
                data->send_new_pac = 1;
+       }
 
        eap_fast_derive_master_secret(pac_key, server_random, client_random,
                                      master_secret);
@@ -352,7 +354,18 @@ static int eap_fast_get_phase2_key(struct eap_sm *sm,
 
        if (key_len > isk_len)
                key_len = isk_len;
-       os_memcpy(isk, key, key_len);
+       if (key_len == 32 &&
+           data->phase2_method->vendor == EAP_VENDOR_IETF &&
+           data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
+               /*
+                * EAP-FAST uses reverse order for MS-MPPE keys when deriving
+                * MSK from EAP-MSCHAPv2. Swap the keys here to get the correct
+                * ISK for EAP-FAST cryptobinding.
+                */
+               os_memcpy(isk, key + 16, 16);
+               os_memcpy(isk + 16, key, 16);
+       } else
+               os_memcpy(isk, key, key_len);
        os_free(key);
 
        return 0;
@@ -453,11 +466,34 @@ static void * eap_fast_init(struct eap_sm *sm)
                eap_fast_reset(sm, data);
                return NULL;
        }
-       data->srv_id = os_strdup(sm->eap_fast_a_id);
+       data->srv_id = os_malloc(sm->eap_fast_a_id_len);
        if (data->srv_id == NULL) {
                eap_fast_reset(sm, data);
                return NULL;
        }
+       os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
+       data->srv_id_len = sm->eap_fast_a_id_len;
+
+       if (sm->eap_fast_a_id_info == NULL) {
+               wpa_printf(MSG_INFO, "EAP-FAST: No A-ID-Info configured");
+               eap_fast_reset(sm, data);
+               return NULL;
+       }
+       data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
+       if (data->srv_id_info == NULL) {
+               eap_fast_reset(sm, data);
+               return NULL;
+       }
+
+       /* PAC-Key lifetime in seconds (hard limit) */
+       data->pac_key_lifetime = sm->pac_key_lifetime;
+
+       /*
+        * PAC-Key refresh time in seconds (soft limit on remaining hard
+        * limit). The server will generate a new PAC-Key when this number of
+        * seconds (or fewer) of the lifetime remains.
+        */
+       data->pac_key_refresh_time = sm->pac_key_refresh_time;
 
        return data;
 }
@@ -472,6 +508,7 @@ static void eap_fast_reset(struct eap_sm *sm, void *priv)
                data->phase2_method->reset(sm, data->phase2_priv);
        eap_server_tls_ssl_deinit(sm, &data->ssl);
        os_free(data->srv_id);
+       os_free(data->srv_id_info);
        os_free(data->key_block_p);
        wpabuf_free(data->pending_phase2_resp);
        os_free(data->identity);
@@ -483,10 +520,9 @@ static struct wpabuf * eap_fast_build_start(struct eap_sm *sm,
                                            struct eap_fast_data *data, u8 id)
 {
        struct wpabuf *req;
-       size_t srv_id_len = os_strlen(data->srv_id);
 
        req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_FAST,
-                           1 + sizeof(struct pac_tlv_hdr) + srv_id_len,
+                           1 + sizeof(struct pac_tlv_hdr) + data->srv_id_len,
                            EAP_CODE_REQUEST, id);
        if (req == NULL) {
                wpa_printf(MSG_ERROR, "EAP-FAST: Failed to allocate memory for"
@@ -498,7 +534,7 @@ static struct wpabuf * eap_fast_build_start(struct eap_sm *sm,
        wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->fast_version);
 
        /* RFC 4851, 4.1.1. Authority ID Data */
-       eap_fast_put_tlv(req, PAC_TYPE_A_ID, data->srv_id, srv_id_len);
+       eap_fast_put_tlv(req, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len);
 
        eap_fast_state(data, PHASE1);
 
@@ -646,7 +682,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
        u8 *pac_buf, *pac_opaque;
        struct wpabuf *buf;
        u8 *pos;
-       size_t buf_len, srv_id_len, pac_len;
+       size_t buf_len, srv_id_info_len, pac_len;
        struct eap_tlv_hdr *pac_tlv;
        struct pac_tlv_hdr *pac_info;
        struct eap_tlv_result_tlv *result;
@@ -664,7 +700,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
        if (pac_buf == NULL)
                return NULL;
 
-       srv_id_len = os_strlen(data->srv_id);
+       srv_id_info_len = os_strlen(data->srv_id_info);
 
        pos = pac_buf;
        *pos++ = PAC_OPAQUE_TYPE_KEY;
@@ -674,7 +710,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
 
        *pos++ = PAC_OPAQUE_TYPE_LIFETIME;
        *pos++ = 4;
-       WPA_PUT_BE32(pos, now.sec + PAC_KEY_LIFETIME);
+       WPA_PUT_BE32(pos, now.sec + data->pac_key_lifetime);
        pos += 4;
 
        if (sm->identity) {
@@ -685,7 +721,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
        }
 
        pac_len = pos - pac_buf;
-       if (pac_len % 8) {
+       while (pac_len % 8) {
                *pos++ = PAC_OPAQUE_TYPE_PAD;
                pac_len++;
        }
@@ -710,13 +746,21 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
        buf_len = sizeof(*pac_tlv) +
                sizeof(struct pac_tlv_hdr) + EAP_FAST_PAC_KEY_LEN +
                sizeof(struct pac_tlv_hdr) + pac_len +
-               2 * srv_id_len + 100 + sizeof(*result);
+               data->srv_id_len + srv_id_info_len + 100 + sizeof(*result);
        buf = wpabuf_alloc(buf_len);
        if (buf == NULL) {
                os_free(pac_opaque);
                return NULL;
        }
 
+       /* Result TLV */
+       wpa_printf(MSG_DEBUG, "EAP-FAST: Add Result TLV (status=SUCCESS)");
+       result = wpabuf_put(buf, sizeof(*result));
+       WPA_PUT_BE16((u8 *) &result->tlv_type,
+                    EAP_TLV_TYPE_MANDATORY | EAP_TLV_RESULT_TLV);
+       WPA_PUT_BE16((u8 *) &result->length, 2);
+       WPA_PUT_BE16((u8 *) &result->status, EAP_TLV_RESULT_SUCCESS);
+
        /* PAC TLV */
        wpa_printf(MSG_DEBUG, "EAP-FAST: Add PAC TLV");
        pac_tlv = wpabuf_put(buf, sizeof(*pac_tlv));
@@ -736,15 +780,16 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
 
        /* PAC-Lifetime (inside PAC-Info) */
        eap_fast_put_tlv_hdr(buf, PAC_TYPE_CRED_LIFETIME, 4);
-       wpabuf_put_be32(buf, now.sec + PAC_KEY_LIFETIME);
+       wpabuf_put_be32(buf, now.sec + data->pac_key_lifetime);
 
        /* A-ID (inside PAC-Info) */
-       eap_fast_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, srv_id_len);
+       eap_fast_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len);
        
        /* Note: headers may be misaligned after A-ID */
 
        /* A-ID-Info (inside PAC-Info) */
-       eap_fast_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id, srv_id_len);
+       eap_fast_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id_info,
+                        srv_id_info_len);
 
        /* PAC-Type (inside PAC-Info) */
        eap_fast_put_tlv_hdr(buf, PAC_TYPE_PAC_TYPE, 2);
@@ -755,14 +800,6 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
        pac_info->len = host_to_be16(pos - (u8 *) (pac_info + 1));
        pac_tlv->length = host_to_be16(pos - (u8 *) (pac_tlv + 1));
 
-       /* Result TLV */
-       wpa_printf(MSG_DEBUG, "EAP-FAST: Add Result TLV (status=SUCCESS)");
-       result = wpabuf_put(buf, sizeof(*result));
-       WPA_PUT_BE16((u8 *) &result->tlv_type,
-                    EAP_TLV_TYPE_MANDATORY | EAP_TLV_RESULT_TLV);
-       WPA_PUT_BE16((u8 *) &result->length, 2);
-       WPA_PUT_BE16((u8 *) &result->status, EAP_TLV_RESULT_SUCCESS);
-
        return buf;
 }
 
@@ -905,7 +942,7 @@ static void eap_fast_process_phase2_response(struct eap_sm *sm,
                left = in_len - sizeof(*hdr);
                wpa_hexdump(MSG_DEBUG, "EAP-FAST: Phase2 type Nak'ed; "
                            "allowed types", pos + 1, left - 1);
-#ifdef EAP_TNC
+#ifdef EAP_SERVER_TNC
                if (m && m->vendor == EAP_VENDOR_IETF &&
                    m->method == EAP_TYPE_TNC) {
                        wpa_printf(MSG_DEBUG, "EAP-FAST: Peer Nak'ed required "
@@ -914,7 +951,7 @@ static void eap_fast_process_phase2_response(struct eap_sm *sm,
                        eap_fast_phase2_init(sm, data, next_type);
                        return;
                }
-#endif /* EAP_TNC */
+#endif /* EAP_SERVER_TNC */
                eap_sm_process_nak(sm, pos + 1, left - 1);
                if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
                    sm->user->methods[sm->user_eap_method_index].method !=
@@ -982,13 +1019,13 @@ static void eap_fast_process_phase2_response(struct eap_sm *sm,
                eap_fast_state(data, CRYPTO_BINDING);
                data->eap_seq++;
                next_type = EAP_TYPE_NONE;
-#ifdef EAP_TNC
+#ifdef EAP_SERVER_TNC
                if (sm->tnc && !data->tnc_started) {
                        wpa_printf(MSG_DEBUG, "EAP-FAST: Initialize TNC");
                        next_type = EAP_TYPE_TNC;
                        data->tnc_started = 1;
                }
-#endif /* EAP_TNC */
+#endif /* EAP_SERVER_TNC */
                break;
        case FAILURE:
                break;
@@ -1012,20 +1049,21 @@ static void eap_fast_process_phase2_eap(struct eap_sm *sm,
        hdr = (struct eap_hdr *) in_data;
        if (in_len < (int) sizeof(*hdr)) {
                wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
-                          "EAP frame (len=%d)", in_len);
+                          "EAP frame (len=%lu)", (unsigned long) in_len);
                eap_fast_req_failure(sm, data);
                return;
        }
        len = be_to_host16(hdr->length);
        if (len > in_len) {
                wpa_printf(MSG_INFO, "EAP-FAST: Length mismatch in "
-                          "Phase 2 EAP frame (len=%d hdr->length=%d)",
-                          in_len, len);
+                          "Phase 2 EAP frame (len=%lu hdr->length=%lu)",
+                          (unsigned long) in_len, (unsigned long) len);
                eap_fast_req_failure(sm, data);
                return;
        }
        wpa_printf(MSG_DEBUG, "EAP-FAST: Received Phase 2: code=%d "
-                  "identifier=%d length=%d", hdr->code, hdr->identifier, len);
+                  "identifier=%d length=%lu", hdr->code, hdr->identifier,
+                  (unsigned long) len);
        switch (hdr->code) {
        case EAP_CODE_RESPONSE:
                eap_fast_process_phase2_response(sm, data, (u8 *) hdr, len);
@@ -1199,7 +1237,8 @@ static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
 
                wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Acknowledgement received "
                           "- PAC provisioning succeeded");
-               eap_fast_state(data, data->anon_provisioning ?
+               eap_fast_state(data, (data->anon_provisioning ||
+                                     data->send_new_pac == 2) ?
                               FAILURE : SUCCESS);
                return;
        }
@@ -1241,6 +1280,28 @@ static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
                                   "completed successfully");
                }
 
+               if (data->anon_provisioning &&
+                   sm->eap_fast_prov != ANON_PROV &&
+                   sm->eap_fast_prov != BOTH_PROV) {
+                       wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+                                  "use unauthenticated provisioning which is "
+                                  "disabled");
+                       eap_fast_state(data, FAILURE);
+                       return;
+               }
+
+               if (sm->eap_fast_prov != AUTH_PROV &&
+                   sm->eap_fast_prov != BOTH_PROV &&
+                   tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
+                   eap_fast_pac_type(tlv.pac, tlv.pac_len,
+                                     PAC_TYPE_TUNNEL_PAC)) {
+                       wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+                                  "use authenticated provisioning which is "
+                                  "disabled");
+                       eap_fast_state(data, FAILURE);
+                       return;
+               }
+
                if (data->anon_provisioning ||
                    (tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
                     eap_fast_pac_type(tlv.pac, tlv.pac_len,
@@ -1334,16 +1395,17 @@ static void eap_fast_process_phase2(struct eap_sm *sm,
 }
 
 
-static int eap_fast_process_version(struct eap_fast_data *data,
+static int eap_fast_process_version(struct eap_sm *sm, void *priv,
                                    int peer_version)
 {
+       struct eap_fast_data *data = priv;
+
        data->peer_version = peer_version;
 
        if (data->force_version >= 0 && peer_version != data->force_version) {
                wpa_printf(MSG_INFO, "EAP-FAST: peer did not select the forced"
                           " version (forced=%d peer=%d) - reject",
                           data->force_version, peer_version);
-               eap_fast_state(data, FAILURE);
                return -1;
        }
 
@@ -1416,34 +1478,10 @@ static void eap_fast_process_phase2_start(struct eap_sm *sm,
 }
 
 
-static void eap_fast_process(struct eap_sm *sm, void *priv,
-                            struct wpabuf *respData)
+static void eap_fast_process_msg(struct eap_sm *sm, void *priv,
+                                const struct wpabuf *respData)
 {
        struct eap_fast_data *data = priv;
-       const u8 *pos;
-       u8 flags;
-       size_t left;
-       int ret;
-
-       pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_FAST, respData,
-                              &left);
-       if (pos == NULL || left < 1)
-               return;
-       flags = *pos++;
-       left--;
-       wpa_printf(MSG_DEBUG, "EAP-FAST: Received packet(len=%lu) - "
-                  "Flags 0x%02x", (unsigned long) wpabuf_len(respData),
-                  flags);
-
-       if (eap_fast_process_version(data, flags & EAP_TLS_VERSION_MASK))
-               return;
-
-       ret = eap_server_tls_reassemble(&data->ssl, flags, &pos, &left);
-       if (ret < 0) {
-               eap_fast_state(data, FAILURE);
-               return;
-       } else if (ret == 1)
-               return;
 
        switch (data->state) {
        case PHASE1:
@@ -1465,14 +1503,17 @@ static void eap_fast_process(struct eap_sm *sm, void *priv,
                           data->state, __func__);
                break;
        }
+}
 
-       if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) {
-               wpa_printf(MSG_INFO, "EAP-FAST: Locally detected fatal error "
-                          "in TLS processing");
-               eap_fast_state(data, FAILURE);
-       }
 
-       eap_server_tls_free_in_buf(&data->ssl);
+static void eap_fast_process(struct eap_sm *sm, void *priv,
+                            struct wpabuf *respData)
+{
+       struct eap_fast_data *data = priv;
+       if (eap_server_tls_process(sm, &data->ssl, respData, data,
+                                  EAP_TYPE_FAST, eap_fast_process_version,
+                                  eap_fast_process_msg) < 0)
+               eap_fast_state(data, FAILURE);
 }
 
 
Unnamed repository; edit this file to name it for gitweb.