[thirdparty/strongswan.git] / src / libcharon / plugins / eap_tls / eap_tls.c

/*
 * Copyright (C) 2023 Tobias Brunner
 * Copyright (C) 2010 Martin Willi
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "eap_tls.h"

#include <tls_eap.h>

#include <daemon.h>
#include <library.h>

typedef struct private_eap_tls_t private_eap_tls_t;

/**
 * Private data of an eap_tls_t object.
 */
struct private_eap_tls_t {

	/**
	 * Public interface.
	 */
	eap_tls_t public;

	/**
	 * TLS stack, wrapped by EAP helper below
	 */
	tls_t *tls;

	/**
	 * EAP helper
	 */
	tls_eap_t *tls_eap;

	/**
	 * Whether the "protected success indication" has been sent/received with
	 * TLS 1.3
	 */
	bool indication_sent_received;
};

/** Maximum number of EAP-TLS messages/fragments allowed */
#define MAX_MESSAGE_COUNT 32
/** Default size of a EAP-TLS fragment */
#define MAX_FRAGMENT_LEN 1024

METHOD(eap_method_t, initiate, status_t,
	private_eap_tls_t *this, eap_payload_t **out)
{
	chunk_t data;

	if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
	{
		*out = eap_payload_create_data(data);
		free(data.ptr);
		return NEED_MORE;
	}
	return FAILED;
}

METHOD(eap_method_t, process, status_t,
	private_eap_tls_t *this, eap_payload_t *in, eap_payload_t **out)
{
	status_t status;
	chunk_t data;

	data = in->get_data(in);
	status = this->tls_eap->process(this->tls_eap, data, &data);
	if (status == NEED_MORE)
	{
		*out = eap_payload_create_data(data);
		free(data.ptr);
	}
	return status;
}

METHOD(eap_method_t, get_type, eap_type_t,
	private_eap_tls_t *this, pen_t *vendor)
{
	*vendor = 0;
	return EAP_TLS;
}

METHOD(eap_method_t, get_msk, status_t,
	private_eap_tls_t *this, chunk_t *msk)
{
	if (this->tls->get_version_max(this->tls) < TLS_1_3 ||
		this->indication_sent_received)
	{
		*msk = this->tls_eap->get_msk(this->tls_eap);
		if (msk->len)
		{
			return SUCCESS;
		}
	}
	else
	{
		DBG1(DBG_TLS, "missing protected success indication for EAP-TLS with "
			 "%N", tls_version_names, this->tls->get_version_max(this->tls));
	}
	return FAILED;
}

METHOD(eap_method_t, get_identifier, uint8_t,
	private_eap_tls_t *this)
{
	return this->tls_eap->get_identifier(this->tls_eap);
}

METHOD(eap_method_t, set_identifier, void,
	private_eap_tls_t *this, uint8_t identifier)
{
	this->tls_eap->set_identifier(this->tls_eap, identifier);
}

METHOD(eap_method_t, is_mutual, bool,
	private_eap_tls_t *this)
{
	return TRUE;
}

METHOD(eap_method_t, get_auth, auth_cfg_t*,
	private_eap_tls_t *this)
{
	return this->tls_eap->get_auth(this->tls_eap);
}

METHOD(eap_method_t, destroy, void,
	private_eap_tls_t *this)
{
	this->tls_eap->destroy(this->tls_eap);
	free(this);
}

/**
 * Application to send/process the "protected success indication" with TLS 1.3
 * as specified in RFC 9190
 */
typedef struct {

	/**
	 * Public interface
	 */
	tls_application_t public;

	/**
	 * Reference to the EAP-TLS object
	 */
	private_eap_tls_t *this;

	/**
	 * Whether the server sent the indication
	 */
	bool indication_sent;

} eap_tls_app_t;

METHOD(tls_application_t, server_process, status_t,
	eap_tls_app_t *app, bio_reader_t *reader)
{
	/* we don't expect any data from the client, the empty response to our
	 * indication is handled as ACK in tls_eap_t */
	DBG1(DBG_TLS, "peer sent unexpected TLS data");
	return FAILED;
}

METHOD(tls_application_t, server_build, status_t,
	eap_tls_app_t *app, bio_writer_t *writer)
{
	if (app->this->indication_sent_received)
	{
		return SUCCESS;
	}
	if (app->this->tls->get_version_max(app->this->tls) >= TLS_1_3)
	{
		/* build() is called twice when sending the indication, return the same
		 * status but data only once */
		if (app->indication_sent)
		{
			app->this->indication_sent_received = TRUE;
		}
		else
		{	/* send a single 0x00 */
			DBG2(DBG_TLS, "sending protected success indication via TLS");
			writer->write_uint8(writer, 0);
			app->indication_sent = TRUE;
		}
	}
	else
	{
		/* with earlier TLS versions, return INVALID_STATE without data to send
		 * the final handshake messages (returning SUCCESS immediately would
		 * prevent that) */
		app->this->indication_sent_received = TRUE;
	}
	return INVALID_STATE;
}

METHOD(tls_application_t, client_process, status_t,
	eap_tls_app_t *app, bio_reader_t *reader)
{
	uint8_t indication;

	if (app->this->tls->get_version_max(app->this->tls) < TLS_1_3 ||
		app->this->indication_sent_received)
	{
		DBG1(DBG_TLS, "peer sent unexpected TLS data");
		return FAILED;
	}
	if (!reader->read_uint8(reader, &indication) || indication != 0)
	{
		DBG1(DBG_TLS, "received incorrect protected success indication via TLS");
		return FAILED;
	}
	DBG2(DBG_TLS, "received protected success indication via TLS");
	app->this->indication_sent_received = TRUE;
	return NEED_MORE;
}

METHOD(tls_application_t, client_build, status_t,
	eap_tls_app_t *app, bio_writer_t *writer)
{
	if (app->this->tls->get_version_max(app->this->tls) < TLS_1_3 ||
		app->this->indication_sent_received)
	{	/* trigger an empty response/ACK */
		return INVALID_STATE;
	}
	return FAILED;
}

METHOD(tls_application_t, app_destroy, void,
	eap_tls_app_t *this)
{
	free(this);
}

/**
 * Create the server/peer implementation to handle the "protected success
 * indication" with TLS 1.3
 */
tls_application_t *eap_tls_app_create(private_eap_tls_t *this, bool is_server)
{
	eap_tls_app_t *app;

	INIT(app,
		.public = {
			.process = _client_process,
			.build = _client_build,
			.destroy = _app_destroy,
		},
		.this = this,
	);
	if (is_server)
	{
		app->public.process = _server_process;
		app->public.build = _server_build;
	}
	return &app->public;
}

/**
 * Generic private constructor
 */
static eap_tls_t *eap_tls_create(identification_t *server,
								 identification_t *peer, bool is_server)
{
	private_eap_tls_t *this;
	tls_application_t *app;
	size_t frag_size;
	int max_msg_count;
	bool include_length;

	INIT(this,
		.public = {
			.eap_method = {
				.initiate = _initiate,
				.process = _process,
				.get_type = _get_type,
				.is_mutual = _is_mutual,
				.get_msk = _get_msk,
				.get_identifier = _get_identifier,
				.set_identifier = _set_identifier,
				.get_auth = _get_auth,
				.destroy = _destroy,
			},
		},
	);

	frag_size = lib->settings->get_int(lib->settings,
					"%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
					lib->ns);
	max_msg_count = lib->settings->get_int(lib->settings,
					"%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
					lib->ns);
	include_length = lib->settings->get_bool(lib->settings,
					"%s.plugins.eap-tls.include_length", TRUE, lib->ns);
	app = eap_tls_app_create(this, is_server);
	this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, app,
						   NULL, 0);
	this->tls_eap = tls_eap_create(EAP_TLS, this->tls, frag_size, max_msg_count,
								   include_length);
	if (!this->tls_eap)
	{
		free(this);
		return NULL;
	}
	return &this->public;
}

eap_tls_t *eap_tls_create_server(identification_t *server,
								 identification_t *peer)
{
	return eap_tls_create(server, peer, TRUE);
}

eap_tls_t *eap_tls_create_peer(identification_t *server,
							   identification_t *peer)
{
	return eap_tls_create(server, peer, FALSE);
}
Commit	Line	Data
	1	/*
	2	* Copyright (C) 2023 Tobias Brunner
	3	* Copyright (C) 2010 Martin Willi
	4	*
	5	* Copyright (C) secunet Security Networks AG
	6	*
	7	* This program is free software; you can redistribute it and/or modify it
	8	* under the terms of the GNU General Public License as published by the
	9	* Free Software Foundation; either version 2 of the License, or (at your
	10	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	11	*
	12	* This program is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	* for more details.
	16	*/
	17
	18	#include "eap_tls.h"
	19
	20	#include <tls_eap.h>
	21
	22	#include <daemon.h>
	23	#include <library.h>
	24
	25	typedef struct private_eap_tls_t private_eap_tls_t;
	26
	27	/**
	28	* Private data of an eap_tls_t object.
	29	*/
	30	struct private_eap_tls_t {
	31
	32	/**
	33	* Public interface.
	34	*/
	35	eap_tls_t public;
	36
	37	/**
	38	* TLS stack, wrapped by EAP helper below
	39	*/
	40	tls_t *tls;
	41
	42	/**
	43	* EAP helper
	44	*/
	45	tls_eap_t *tls_eap;
	46
	47	/**
	48	* Whether the "protected success indication" has been sent/received with
	49	* TLS 1.3
	50	*/
	51	bool indication_sent_received;
	52	};
	53
	54	/** Maximum number of EAP-TLS messages/fragments allowed */
	55	#define MAX_MESSAGE_COUNT 32
	56	/** Default size of a EAP-TLS fragment */
	57	#define MAX_FRAGMENT_LEN 1024
	58
	59	METHOD(eap_method_t, initiate, status_t,
	60	private_eap_tls_t this, eap_payload_t *out)
	61	{
	62	chunk_t data;
	63
	64	if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
	65	{
	66	*out = eap_payload_create_data(data);
	67	free(data.ptr);
	68	return NEED_MORE;
	69	}
	70	return FAILED;
	71	}
	72
	73	METHOD(eap_method_t, process, status_t,
	74	private_eap_tls_t this, eap_payload_t in, eap_payload_t **out)
	75	{
	76	status_t status;
	77	chunk_t data;
	78
	79	data = in->get_data(in);
	80	status = this->tls_eap->process(this->tls_eap, data, &data);
	81	if (status == NEED_MORE)
	82	{
	83	*out = eap_payload_create_data(data);
	84	free(data.ptr);
	85	}
	86	return status;
	87	}
	88
	89	METHOD(eap_method_t, get_type, eap_type_t,
	90	private_eap_tls_t this, pen_t vendor)
	91	{
	92	*vendor = 0;
	93	return EAP_TLS;
	94	}
	95
	96	METHOD(eap_method_t, get_msk, status_t,
	97	private_eap_tls_t this, chunk_t msk)
	98	{
	99	if (this->tls->get_version_max(this->tls) < TLS_1_3 \|\|
	100	this->indication_sent_received)
	101	{
	102	*msk = this->tls_eap->get_msk(this->tls_eap);
	103	if (msk->len)
	104	{
	105	return SUCCESS;
	106	}
	107	}
	108	else
	109	{
	110	DBG1(DBG_TLS, "missing protected success indication for EAP-TLS with "
	111	"%N", tls_version_names, this->tls->get_version_max(this->tls));
	112	}
	113	return FAILED;
	114	}
	115
	116	METHOD(eap_method_t, get_identifier, uint8_t,
	117	private_eap_tls_t *this)
	118	{
	119	return this->tls_eap->get_identifier(this->tls_eap);
	120	}
	121
	122	METHOD(eap_method_t, set_identifier, void,
	123	private_eap_tls_t *this, uint8_t identifier)
	124	{
	125	this->tls_eap->set_identifier(this->tls_eap, identifier);
	126	}
	127
	128	METHOD(eap_method_t, is_mutual, bool,
	129	private_eap_tls_t *this)
	130	{
	131	return TRUE;
	132	}
	133
	134	METHOD(eap_method_t, get_auth, auth_cfg_t*,
	135	private_eap_tls_t *this)
	136	{
	137	return this->tls_eap->get_auth(this->tls_eap);
	138	}
	139
	140	METHOD(eap_method_t, destroy, void,
	141	private_eap_tls_t *this)
	142	{
	143	this->tls_eap->destroy(this->tls_eap);
	144	free(this);
	145	}
	146
	147	/**
	148	* Application to send/process the "protected success indication" with TLS 1.3
	149	* as specified in RFC 9190
	150	*/
	151	typedef struct {
	152
	153	/**
	154	* Public interface
	155	*/
	156	tls_application_t public;
	157
	158	/**
	159	* Reference to the EAP-TLS object
	160	*/
	161	private_eap_tls_t *this;
	162
	163	/**
	164	* Whether the server sent the indication
	165	*/
	166	bool indication_sent;
	167
	168	} eap_tls_app_t;
	169
	170	METHOD(tls_application_t, server_process, status_t,
	171	eap_tls_app_t app, bio_reader_t reader)
	172	{
	173	/* we don't expect any data from the client, the empty response to our
	174	* indication is handled as ACK in tls_eap_t */
	175	DBG1(DBG_TLS, "peer sent unexpected TLS data");
	176	return FAILED;
	177	}
	178
	179	METHOD(tls_application_t, server_build, status_t,
	180	eap_tls_app_t app, bio_writer_t writer)
	181	{
	182	if (app->this->indication_sent_received)
	183	{
	184	return SUCCESS;
	185	}
	186	if (app->this->tls->get_version_max(app->this->tls) >= TLS_1_3)
	187	{
	188	/* build() is called twice when sending the indication, return the same
	189	* status but data only once */
	190	if (app->indication_sent)
	191	{
	192	app->this->indication_sent_received = TRUE;
	193	}
	194	else
	195	{ /* send a single 0x00 */
	196	DBG2(DBG_TLS, "sending protected success indication via TLS");
	197	writer->write_uint8(writer, 0);
	198	app->indication_sent = TRUE;
	199	}
	200	}
	201	else
	202	{
	203	/* with earlier TLS versions, return INVALID_STATE without data to send
	204	* the final handshake messages (returning SUCCESS immediately would
	205	* prevent that) */
	206	app->this->indication_sent_received = TRUE;
	207	}
	208	return INVALID_STATE;
	209	}
	210
	211	METHOD(tls_application_t, client_process, status_t,
	212	eap_tls_app_t app, bio_reader_t reader)
	213	{
	214	uint8_t indication;
	215
	216	if (app->this->tls->get_version_max(app->this->tls) < TLS_1_3 \|\|
	217	app->this->indication_sent_received)
	218	{
	219	DBG1(DBG_TLS, "peer sent unexpected TLS data");
	220	return FAILED;
	221	}
	222	if (!reader->read_uint8(reader, &indication) \|\| indication != 0)
	223	{
	224	DBG1(DBG_TLS, "received incorrect protected success indication via TLS");
	225	return FAILED;
	226	}
	227	DBG2(DBG_TLS, "received protected success indication via TLS");
	228	app->this->indication_sent_received = TRUE;
	229	return NEED_MORE;
	230	}
	231
	232	METHOD(tls_application_t, client_build, status_t,
	233	eap_tls_app_t app, bio_writer_t writer)
	234	{
	235	if (app->this->tls->get_version_max(app->this->tls) < TLS_1_3 \|\|
	236	app->this->indication_sent_received)
	237	{ /* trigger an empty response/ACK */
	238	return INVALID_STATE;
	239	}
	240	return FAILED;
	241	}
	242
	243	METHOD(tls_application_t, app_destroy, void,
	244	eap_tls_app_t *this)
	245	{
	246	free(this);
	247	}
	248
	249	/**
	250	* Create the server/peer implementation to handle the "protected success
	251	* indication" with TLS 1.3
	252	*/
	253	tls_application_t eap_tls_app_create(private_eap_tls_t this, bool is_server)
	254	{
	255	eap_tls_app_t *app;
	256
	257	INIT(app,
	258	.public = {
	259	.process = _client_process,
	260	.build = _client_build,
	261	.destroy = _app_destroy,
	262	},
	263	.this = this,
	264	);
	265	if (is_server)
	266	{
	267	app->public.process = _server_process;
	268	app->public.build = _server_build;
	269	}
	270	return &app->public;
	271	}
	272
	273	/**
	274	* Generic private constructor
	275	*/
	276	static eap_tls_t eap_tls_create(identification_t server,
	277	identification_t *peer, bool is_server)
	278	{
	279	private_eap_tls_t *this;
	280	tls_application_t *app;
	281	size_t frag_size;
	282	int max_msg_count;
	283	bool include_length;
	284
	285	INIT(this,
	286	.public = {
	287	.eap_method = {
	288	.initiate = _initiate,
	289	.process = _process,
	290	.get_type = _get_type,
	291	.is_mutual = _is_mutual,
	292	.get_msk = _get_msk,
	293	.get_identifier = _get_identifier,
	294	.set_identifier = _set_identifier,
	295	.get_auth = _get_auth,
	296	.destroy = _destroy,
	297	},
	298	},
	299	);
	300
	301	frag_size = lib->settings->get_int(lib->settings,
	302	"%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
	303	lib->ns);
	304	max_msg_count = lib->settings->get_int(lib->settings,
	305	"%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
	306	lib->ns);
	307	include_length = lib->settings->get_bool(lib->settings,
	308	"%s.plugins.eap-tls.include_length", TRUE, lib->ns);
	309	app = eap_tls_app_create(this, is_server);
	310	this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, app,
	311	NULL, 0);
	312	this->tls_eap = tls_eap_create(EAP_TLS, this->tls, frag_size, max_msg_count,
	313	include_length);
	314	if (!this->tls_eap)
	315	{
	316	free(this);
	317	return NULL;
	318	}
	319	return &this->public;
	320	}
	321
	322	eap_tls_t eap_tls_create_server(identification_t server,
	323	identification_t *peer)
	324	{
	325	return eap_tls_create(server, peer, TRUE);
	326	}
	327
	328	eap_tls_t eap_tls_create_peer(identification_t server,
	329	identification_t *peer)
	330	{
	331	return eap_tls_create(server, peer, FALSE);
	332	}