]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/eap_peer/eap_eke.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use os_memdup()
[thirdparty/hostap.git] / src / eap_peer / eap_eke.c
1 /*
2 * EAP peer method: EAP-EKE (RFC 6124)
3 * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/random.h"
13 #include "eap_peer/eap_i.h"
14 #include "eap_common/eap_eke_common.h"
15
16 struct eap_eke_data {
17 enum {
18 IDENTITY, COMMIT, CONFIRM, SUCCESS, FAILURE
19 } state;
20 u8 msk[EAP_MSK_LEN];
21 u8 emsk[EAP_EMSK_LEN];
22 u8 *peerid;
23 size_t peerid_len;
24 u8 *serverid;
25 size_t serverid_len;
26 u8 dh_priv[EAP_EKE_MAX_DH_LEN];
27 struct eap_eke_session sess;
28 u8 nonce_p[EAP_EKE_MAX_NONCE_LEN];
29 u8 nonce_s[EAP_EKE_MAX_NONCE_LEN];
30 struct wpabuf *msgs;
31 u8 dhgroup; /* forced DH group or 0 to allow all supported */
32 u8 encr; /* forced encryption algorithm or 0 to allow all supported */
33 u8 prf; /* forced PRF or 0 to allow all supported */
34 u8 mac; /* forced MAC or 0 to allow all supported */
35 };
36
37
38 static const char * eap_eke_state_txt(int state)
39 {
40 switch (state) {
41 case IDENTITY:
42 return "IDENTITY";
43 case COMMIT:
44 return "COMMIT";
45 case CONFIRM:
46 return "CONFIRM";
47 case SUCCESS:
48 return "SUCCESS";
49 case FAILURE:
50 return "FAILURE";
51 default:
52 return "?";
53 }
54 }
55
56
57 static void eap_eke_state(struct eap_eke_data *data, int state)
58 {
59 wpa_printf(MSG_DEBUG, "EAP-EKE: %s -> %s",
60 eap_eke_state_txt(data->state), eap_eke_state_txt(state));
61 data->state = state;
62 }
63
64
65 static void eap_eke_deinit(struct eap_sm *sm, void *priv);
66
67
68 static void * eap_eke_init(struct eap_sm *sm)
69 {
70 struct eap_eke_data *data;
71 const u8 *identity, *password;
72 size_t identity_len, password_len;
73 const char *phase1;
74
75 password = eap_get_config_password(sm, &password_len);
76 if (!password) {
77 wpa_printf(MSG_INFO, "EAP-EKE: No password configured");
78 return NULL;
79 }
80
81 data = os_zalloc(sizeof(*data));
82 if (data == NULL)
83 return NULL;
84 eap_eke_state(data, IDENTITY);
85
86 identity = eap_get_config_identity(sm, &identity_len);
87 if (identity) {
88 data->peerid = os_memdup(identity, identity_len);
89 if (data->peerid == NULL) {
90 eap_eke_deinit(sm, data);
91 return NULL;
92 }
93 data->peerid_len = identity_len;
94 }
95
96 phase1 = eap_get_config_phase1(sm);
97 if (phase1) {
98 const char *pos;
99
100 pos = os_strstr(phase1, "dhgroup=");
101 if (pos) {
102 data->dhgroup = atoi(pos + 8);
103 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced dhgroup %u",
104 data->dhgroup);
105 }
106
107 pos = os_strstr(phase1, "encr=");
108 if (pos) {
109 data->encr = atoi(pos + 5);
110 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced encr %u",
111 data->encr);
112 }
113
114 pos = os_strstr(phase1, "prf=");
115 if (pos) {
116 data->prf = atoi(pos + 4);
117 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced prf %u",
118 data->prf);
119 }
120
121 pos = os_strstr(phase1, "mac=");
122 if (pos) {
123 data->mac = atoi(pos + 4);
124 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced mac %u",
125 data->mac);
126 }
127 }
128
129 return data;
130 }
131
132
133 static void eap_eke_deinit(struct eap_sm *sm, void *priv)
134 {
135 struct eap_eke_data *data = priv;
136 eap_eke_session_clean(&data->sess);
137 os_free(data->serverid);
138 os_free(data->peerid);
139 wpabuf_free(data->msgs);
140 bin_clear_free(data, sizeof(*data));
141 }
142
143
144 static struct wpabuf * eap_eke_build_msg(struct eap_eke_data *data, int id,
145 size_t length, u8 eke_exch)
146 {
147 struct wpabuf *msg;
148 size_t plen;
149
150 plen = 1 + length;
151
152 msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_EKE, plen,
153 EAP_CODE_RESPONSE, id);
154 if (msg == NULL) {
155 wpa_printf(MSG_ERROR, "EAP-EKE: Failed to allocate memory");
156 return NULL;
157 }
158
159 wpabuf_put_u8(msg, eke_exch);
160
161 return msg;
162 }
163
164
165 static int eap_eke_supp_dhgroup(u8 dhgroup)
166 {
167 return dhgroup == EAP_EKE_DHGROUP_EKE_2 ||
168 dhgroup == EAP_EKE_DHGROUP_EKE_5 ||
169 dhgroup == EAP_EKE_DHGROUP_EKE_14 ||
170 dhgroup == EAP_EKE_DHGROUP_EKE_15 ||
171 dhgroup == EAP_EKE_DHGROUP_EKE_16;
172 }
173
174
175 static int eap_eke_supp_encr(u8 encr)
176 {
177 return encr == EAP_EKE_ENCR_AES128_CBC;
178 }
179
180
181 static int eap_eke_supp_prf(u8 prf)
182 {
183 return prf == EAP_EKE_PRF_HMAC_SHA1 ||
184 prf == EAP_EKE_PRF_HMAC_SHA2_256;
185 }
186
187
188 static int eap_eke_supp_mac(u8 mac)
189 {
190 return mac == EAP_EKE_MAC_HMAC_SHA1 ||
191 mac == EAP_EKE_MAC_HMAC_SHA2_256;
192 }
193
194
195 static struct wpabuf * eap_eke_build_fail(struct eap_eke_data *data,
196 struct eap_method_ret *ret,
197 u8 id, u32 failure_code)
198 {
199 struct wpabuf *resp;
200
201 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Failure/Response - code=0x%x",
202 failure_code);
203
204 resp = eap_eke_build_msg(data, id, 4, EAP_EKE_FAILURE);
205 if (resp)
206 wpabuf_put_be32(resp, failure_code);
207
208 os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
209 eap_eke_session_clean(&data->sess);
210
211 eap_eke_state(data, FAILURE);
212 ret->methodState = METHOD_DONE;
213 ret->decision = DECISION_FAIL;
214 ret->allowNotifications = FALSE;
215
216 return resp;
217 }
218
219
220 static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data,
221 struct eap_method_ret *ret,
222 const struct wpabuf *reqData,
223 const u8 *payload,
224 size_t payload_len)
225 {
226 struct wpabuf *resp;
227 unsigned num_prop, i;
228 const u8 *pos, *end;
229 const u8 *prop = NULL;
230 u8 idtype;
231 u8 id = eap_get_id(reqData);
232
233 if (data->state != IDENTITY) {
234 return eap_eke_build_fail(data, ret, id,
235 EAP_EKE_FAIL_PROTO_ERROR);
236 }
237
238 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-ID/Request");
239
240 if (payload_len < 2 + 4) {
241 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data");
242 return eap_eke_build_fail(data, ret, id,
243 EAP_EKE_FAIL_PROTO_ERROR);
244 }
245
246 pos = payload;
247 end = payload + payload_len;
248
249 num_prop = *pos++;
250 pos++; /* Ignore Reserved field */
251
252 if (pos + num_prop * 4 > end) {
253 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data (num_prop=%u)",
254 num_prop);
255 return eap_eke_build_fail(data, ret, id,
256 EAP_EKE_FAIL_PROTO_ERROR);
257 }
258
259 for (i = 0; i < num_prop; i++) {
260 const u8 *tmp = pos;
261
262 wpa_printf(MSG_DEBUG, "EAP-EKE: Proposal #%u: dh=%u encr=%u prf=%u mac=%u",
263 i, pos[0], pos[1], pos[2], pos[3]);
264 pos += 4;
265
266 if ((data->dhgroup && data->dhgroup != *tmp) ||
267 !eap_eke_supp_dhgroup(*tmp))
268 continue;
269 tmp++;
270 if ((data->encr && data->encr != *tmp) ||
271 !eap_eke_supp_encr(*tmp))
272 continue;
273 tmp++;
274 if ((data->prf && data->prf != *tmp) ||
275 !eap_eke_supp_prf(*tmp))
276 continue;
277 tmp++;
278 if ((data->mac && data->mac != *tmp) ||
279 !eap_eke_supp_mac(*tmp))
280 continue;
281
282 prop = tmp - 3;
283 if (eap_eke_session_init(&data->sess, prop[0], prop[1], prop[2],
284 prop[3]) < 0) {
285 prop = NULL;
286 continue;
287 }
288
289 wpa_printf(MSG_DEBUG, "EAP-EKE: Selected proposal");
290 break;
291 }
292
293 if (prop == NULL) {
294 wpa_printf(MSG_DEBUG, "EAP-EKE: No acceptable proposal found");
295 return eap_eke_build_fail(data, ret, id,
296 EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN);
297 }
298
299 pos += (num_prop - i - 1) * 4;
300
301 if (pos == end) {
302 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data to include IDType/Identity");
303 return eap_eke_build_fail(data, ret, id,
304 EAP_EKE_FAIL_PROTO_ERROR);
305 }
306
307 idtype = *pos++;
308 wpa_printf(MSG_DEBUG, "EAP-EKE: Server IDType %u", idtype);
309 wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Server Identity",
310 pos, end - pos);
311 os_free(data->serverid);
312 data->serverid = os_memdup(pos, end - pos);
313 if (data->serverid == NULL) {
314 return eap_eke_build_fail(data, ret, id,
315 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
316 }
317 data->serverid_len = end - pos;
318
319 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response");
320
321 resp = eap_eke_build_msg(data, id,
322 2 + 4 + 1 + data->peerid_len,
323 EAP_EKE_ID);
324 if (resp == NULL) {
325 return eap_eke_build_fail(data, ret, id,
326 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
327 }
328
329 wpabuf_put_u8(resp, 1); /* NumProposals */
330 wpabuf_put_u8(resp, 0); /* Reserved */
331 wpabuf_put_data(resp, prop, 4); /* Selected Proposal */
332 wpabuf_put_u8(resp, EAP_EKE_ID_NAI);
333 if (data->peerid)
334 wpabuf_put_data(resp, data->peerid, data->peerid_len);
335
336 wpabuf_free(data->msgs);
337 data->msgs = wpabuf_alloc(wpabuf_len(reqData) + wpabuf_len(resp));
338 if (data->msgs == NULL) {
339 wpabuf_free(resp);
340 return eap_eke_build_fail(data, ret, id,
341 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
342 }
343 wpabuf_put_buf(data->msgs, reqData);
344 wpabuf_put_buf(data->msgs, resp);
345
346 eap_eke_state(data, COMMIT);
347
348 return resp;
349 }
350
351
352 static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
353 struct eap_eke_data *data,
354 struct eap_method_ret *ret,
355 const struct wpabuf *reqData,
356 const u8 *payload,
357 size_t payload_len)
358 {
359 struct wpabuf *resp;
360 const u8 *pos, *end, *dhcomp;
361 size_t prot_len;
362 u8 *rpos;
363 u8 key[EAP_EKE_MAX_KEY_LEN];
364 u8 pub[EAP_EKE_MAX_DH_LEN];
365 const u8 *password;
366 size_t password_len;
367 u8 id = eap_get_id(reqData);
368
369 if (data->state != COMMIT) {
370 wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
371 return eap_eke_build_fail(data, ret, id,
372 EAP_EKE_FAIL_PROTO_ERROR);
373 }
374
375 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Commit/Request");
376
377 password = eap_get_config_password(sm, &password_len);
378 if (password == NULL) {
379 wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
380 return eap_eke_build_fail(data, ret, id,
381 EAP_EKE_FAIL_PASSWD_NOT_FOUND);
382 }
383
384 pos = payload;
385 end = payload + payload_len;
386
387 if (pos + data->sess.dhcomp_len > end) {
388 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
389 return eap_eke_build_fail(data, ret, id,
390 EAP_EKE_FAIL_PROTO_ERROR);
391 }
392
393 wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_S",
394 pos, data->sess.dhcomp_len);
395 dhcomp = pos;
396 pos += data->sess.dhcomp_len;
397 wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
398
399 /*
400 * temp = prf(0+, password)
401 * key = prf+(temp, ID_S | ID_P)
402 */
403 if (eap_eke_derive_key(&data->sess, password, password_len,
404 data->serverid, data->serverid_len,
405 data->peerid, data->peerid_len, key) < 0) {
406 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
407 return eap_eke_build_fail(data, ret, id,
408 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
409 }
410
411 /*
412 * y_p = g ^ x_p (mod p)
413 * x_p = random number 2 .. p-1
414 */
415 if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
416 wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
417 os_memset(key, 0, sizeof(key));
418 return eap_eke_build_fail(data, ret, id,
419 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
420 }
421
422 if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
423 {
424 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
425 os_memset(key, 0, sizeof(key));
426 return eap_eke_build_fail(data, ret, id,
427 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
428 }
429
430 if (eap_eke_derive_ke_ki(&data->sess,
431 data->serverid, data->serverid_len,
432 data->peerid, data->peerid_len) < 0) {
433 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
434 os_memset(key, 0, sizeof(key));
435 return eap_eke_build_fail(data, ret, id,
436 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
437 }
438
439 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
440
441 resp = eap_eke_build_msg(data, id,
442 data->sess.dhcomp_len + data->sess.pnonce_len,
443 EAP_EKE_COMMIT);
444 if (resp == NULL) {
445 os_memset(key, 0, sizeof(key));
446 return eap_eke_build_fail(data, ret, id,
447 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
448 }
449
450 /* DHComponent_P = Encr(key, y_p) */
451 rpos = wpabuf_put(resp, data->sess.dhcomp_len);
452 if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
453 wpabuf_free(resp);
454 wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
455 os_memset(key, 0, sizeof(key));
456 return eap_eke_build_fail(data, ret, id,
457 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
458 }
459 os_memset(key, 0, sizeof(key));
460
461 wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
462 rpos, data->sess.dhcomp_len);
463
464 if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
465 wpabuf_free(resp);
466 return eap_eke_build_fail(data, ret, id,
467 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
468 }
469 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
470 data->nonce_p, data->sess.nonce_len);
471 prot_len = wpabuf_tailroom(resp);
472 if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
473 wpabuf_put(resp, 0), &prot_len) < 0) {
474 wpabuf_free(resp);
475 return eap_eke_build_fail(data, ret, id,
476 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
477 }
478 wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
479 wpabuf_put(resp, 0), prot_len);
480 wpabuf_put(resp, prot_len);
481
482 /* TODO: CBValue */
483
484 if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
485 < 0) {
486 wpabuf_free(resp);
487 return eap_eke_build_fail(data, ret, id,
488 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
489 }
490 wpabuf_put_buf(data->msgs, reqData);
491 wpabuf_put_buf(data->msgs, resp);
492
493 eap_eke_state(data, CONFIRM);
494
495 return resp;
496 }
497
498
499 static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
500 struct eap_method_ret *ret,
501 const struct wpabuf *reqData,
502 const u8 *payload,
503 size_t payload_len)
504 {
505 struct wpabuf *resp;
506 const u8 *pos, *end;
507 size_t prot_len;
508 u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
509 u8 auth_s[EAP_EKE_MAX_HASH_LEN];
510 size_t decrypt_len;
511 u8 *auth;
512 u8 id = eap_get_id(reqData);
513
514 if (data->state != CONFIRM) {
515 wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
516 data->state);
517 return eap_eke_build_fail(data, ret, id,
518 EAP_EKE_FAIL_PROTO_ERROR);
519 }
520
521 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Confirm/Request");
522
523 pos = payload;
524 end = payload + payload_len;
525
526 if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
527 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
528 return eap_eke_build_fail(data, ret, id,
529 EAP_EKE_FAIL_PROTO_ERROR);
530 }
531
532 decrypt_len = sizeof(nonces);
533 if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
534 nonces, &decrypt_len) < 0) {
535 wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
536 return eap_eke_build_fail(data, ret, id,
537 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
538 }
539 if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
540 wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
541 return eap_eke_build_fail(data, ret, id,
542 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
543 }
544 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
545 nonces, 2 * data->sess.nonce_len);
546 if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
547 wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match transmitted Nonce_P");
548 return eap_eke_build_fail(data, ret, id,
549 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
550 }
551
552 os_memcpy(data->nonce_s, nonces + data->sess.nonce_len,
553 data->sess.nonce_len);
554 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
555 data->nonce_s, data->sess.nonce_len);
556
557 if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
558 data->peerid, data->peerid_len,
559 data->nonce_p, data->nonce_s) < 0) {
560 return eap_eke_build_fail(data, ret, id,
561 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
562 }
563
564 if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
565 {
566 return eap_eke_build_fail(data, ret, id,
567 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
568 }
569 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
570 if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
571 data->sess.prf_len) != 0) {
572 wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
573 return eap_eke_build_fail(data, ret, id,
574 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
575 }
576
577 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
578
579 resp = eap_eke_build_msg(data, id,
580 data->sess.pnonce_len + data->sess.prf_len,
581 EAP_EKE_CONFIRM);
582 if (resp == NULL) {
583 return eap_eke_build_fail(data, ret, id,
584 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
585 }
586
587 prot_len = wpabuf_tailroom(resp);
588 if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
589 wpabuf_put(resp, 0), &prot_len) < 0) {
590 wpabuf_free(resp);
591 return eap_eke_build_fail(data, ret, id,
592 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
593 }
594 wpabuf_put(resp, prot_len);
595
596 auth = wpabuf_put(resp, data->sess.prf_len);
597 if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
598 wpabuf_free(resp);
599 return eap_eke_build_fail(data, ret, id,
600 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
601 }
602 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
603
604 if (eap_eke_derive_msk(&data->sess, data->serverid, data->serverid_len,
605 data->peerid, data->peerid_len,
606 data->nonce_s, data->nonce_p,
607 data->msk, data->emsk) < 0) {
608 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
609 wpabuf_free(resp);
610 return eap_eke_build_fail(data, ret, id,
611 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
612 }
613
614 os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
615 eap_eke_session_clean(&data->sess);
616
617 eap_eke_state(data, SUCCESS);
618 ret->methodState = METHOD_MAY_CONT;
619 ret->decision = DECISION_COND_SUCC;
620 ret->allowNotifications = FALSE;
621
622 return resp;
623 }
624
625
626 static struct wpabuf * eap_eke_process_failure(struct eap_eke_data *data,
627 struct eap_method_ret *ret,
628 const struct wpabuf *reqData,
629 const u8 *payload,
630 size_t payload_len)
631 {
632 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Failure/Request");
633
634 if (payload_len < 4) {
635 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Failure");
636 } else {
637 u32 code;
638 code = WPA_GET_BE32(payload);
639 wpa_printf(MSG_INFO, "EAP-EKE: Failure-Code 0x%x", code);
640 }
641
642 return eap_eke_build_fail(data, ret, eap_get_id(reqData),
643 EAP_EKE_FAIL_NO_ERROR);
644 }
645
646
647 static struct wpabuf * eap_eke_process(struct eap_sm *sm, void *priv,
648 struct eap_method_ret *ret,
649 const struct wpabuf *reqData)
650 {
651 struct eap_eke_data *data = priv;
652 struct wpabuf *resp;
653 const u8 *pos, *end;
654 size_t len;
655 u8 eke_exch;
656
657 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, reqData, &len);
658 if (pos == NULL || len < 1) {
659 ret->ignore = TRUE;
660 return NULL;
661 }
662
663 end = pos + len;
664 eke_exch = *pos++;
665
666 wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: exch %d", eke_exch);
667 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Received Data", pos, end - pos);
668
669 ret->ignore = FALSE;
670 ret->methodState = METHOD_MAY_CONT;
671 ret->decision = DECISION_FAIL;
672 ret->allowNotifications = TRUE;
673
674 switch (eke_exch) {
675 case EAP_EKE_ID:
676 resp = eap_eke_process_id(data, ret, reqData, pos, end - pos);
677 break;
678 case EAP_EKE_COMMIT:
679 resp = eap_eke_process_commit(sm, data, ret, reqData,
680 pos, end - pos);
681 break;
682 case EAP_EKE_CONFIRM:
683 resp = eap_eke_process_confirm(data, ret, reqData,
684 pos, end - pos);
685 break;
686 case EAP_EKE_FAILURE:
687 resp = eap_eke_process_failure(data, ret, reqData,
688 pos, end - pos);
689 break;
690 default:
691 wpa_printf(MSG_DEBUG, "EAP-EKE: Ignoring message with unknown EKE-Exch %d", eke_exch);
692 ret->ignore = TRUE;
693 return NULL;
694 }
695
696 if (ret->methodState == METHOD_DONE)
697 ret->allowNotifications = FALSE;
698
699 return resp;
700 }
701
702
703 static Boolean eap_eke_isKeyAvailable(struct eap_sm *sm, void *priv)
704 {
705 struct eap_eke_data *data = priv;
706 return data->state == SUCCESS;
707 }
708
709
710 static u8 * eap_eke_getKey(struct eap_sm *sm, void *priv, size_t *len)
711 {
712 struct eap_eke_data *data = priv;
713 u8 *key;
714
715 if (data->state != SUCCESS)
716 return NULL;
717
718 key = os_memdup(data->msk, EAP_MSK_LEN);
719 if (key == NULL)
720 return NULL;
721 *len = EAP_MSK_LEN;
722
723 return key;
724 }
725
726
727 static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
728 {
729 struct eap_eke_data *data = priv;
730 u8 *key;
731
732 if (data->state != SUCCESS)
733 return NULL;
734
735 key = os_memdup(data->emsk, EAP_EMSK_LEN);
736 if (key == NULL)
737 return NULL;
738 *len = EAP_EMSK_LEN;
739
740 return key;
741 }
742
743
744 static u8 * eap_eke_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
745 {
746 struct eap_eke_data *data = priv;
747 u8 *sid;
748 size_t sid_len;
749
750 if (data->state != SUCCESS)
751 return NULL;
752
753 sid_len = 1 + 2 * data->sess.nonce_len;
754 sid = os_malloc(sid_len);
755 if (sid == NULL)
756 return NULL;
757 sid[0] = EAP_TYPE_EKE;
758 os_memcpy(sid + 1, data->nonce_p, data->sess.nonce_len);
759 os_memcpy(sid + 1 + data->sess.nonce_len, data->nonce_s,
760 data->sess.nonce_len);
761 *len = sid_len;
762
763 return sid;
764 }
765
766
767 int eap_peer_eke_register(void)
768 {
769 struct eap_method *eap;
770
771 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
772 EAP_VENDOR_IETF, EAP_TYPE_EKE, "EKE");
773 if (eap == NULL)
774 return -1;
775
776 eap->init = eap_eke_init;
777 eap->deinit = eap_eke_deinit;
778 eap->process = eap_eke_process;
779 eap->isKeyAvailable = eap_eke_isKeyAvailable;
780 eap->getKey = eap_eke_getKey;
781 eap->get_emsk = eap_eke_get_emsk;
782 eap->getSessionId = eap_eke_get_session_id;
783
784 return eap_peer_method_register(eap);
785 }
Unnamed repository; edit this file 'description' to name the repository.