2 * EAP-TLS/PEAP/TTLS/FAST server common functions
3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "crypto/sha1.h"
19 #include "crypto/tls.h"
21 #include "eap_tls_common.h"
24 static void eap_server_tls_free_in_buf(struct eap_ssl_data
*data
);
27 int eap_server_tls_ssl_init(struct eap_sm
*sm
, struct eap_ssl_data
*data
,
31 data
->phase2
= sm
->init_phase2
;
33 data
->conn
= tls_connection_init(sm
->ssl_ctx
);
34 if (data
->conn
== NULL
) {
35 wpa_printf(MSG_INFO
, "SSL: Failed to initialize new TLS "
40 if (tls_connection_set_verify(sm
->ssl_ctx
, data
->conn
, verify_peer
)) {
41 wpa_printf(MSG_INFO
, "SSL: Failed to configure verification "
42 "of TLS peer certificate");
43 tls_connection_deinit(sm
->ssl_ctx
, data
->conn
);
48 /* TODO: make this configurable */
49 data
->tls_out_limit
= 1398;
51 /* Limit the fragment size in the inner TLS authentication
52 * since the outer authentication with EAP-PEAP does not yet
53 * support fragmentation */
54 if (data
->tls_out_limit
> 100)
55 data
->tls_out_limit
-= 100;
61 void eap_server_tls_ssl_deinit(struct eap_sm
*sm
, struct eap_ssl_data
*data
)
63 tls_connection_deinit(sm
->ssl_ctx
, data
->conn
);
64 eap_server_tls_free_in_buf(data
);
65 wpabuf_free(data
->tls_out
);
70 u8
* eap_server_tls_derive_key(struct eap_sm
*sm
, struct eap_ssl_data
*data
,
71 char *label
, size_t len
)
80 if (tls_connection_prf(sm
->ssl_ctx
, data
->conn
, label
, 0, out
, len
) ==
84 if (tls_connection_get_keys(sm
->ssl_ctx
, data
->conn
, &keys
))
87 if (keys
.client_random
== NULL
|| keys
.server_random
== NULL
||
88 keys
.master_key
== NULL
)
91 rnd
= os_malloc(keys
.client_random_len
+ keys
.server_random_len
);
94 os_memcpy(rnd
, keys
.client_random
, keys
.client_random_len
);
95 os_memcpy(rnd
+ keys
.client_random_len
, keys
.server_random
,
96 keys
.server_random_len
);
98 if (tls_prf(keys
.master_key
, keys
.master_key_len
,
99 label
, rnd
, keys
.client_random_len
+
100 keys
.server_random_len
, out
, len
))
113 struct wpabuf
* eap_server_tls_build_msg(struct eap_ssl_data
*data
,
114 int eap_type
, int version
, u8 id
)
118 size_t send_len
, plen
;
120 wpa_printf(MSG_DEBUG
, "SSL: Generating Request");
121 if (data
->tls_out
== NULL
) {
122 wpa_printf(MSG_ERROR
, "SSL: tls_out NULL in %s", __func__
);
127 send_len
= wpabuf_len(data
->tls_out
) - data
->tls_out_pos
;
128 if (1 + send_len
> data
->tls_out_limit
) {
129 send_len
= data
->tls_out_limit
- 1;
130 flags
|= EAP_TLS_FLAGS_MORE_FRAGMENTS
;
131 if (data
->tls_out_pos
== 0) {
132 flags
|= EAP_TLS_FLAGS_LENGTH_INCLUDED
;
138 if (flags
& EAP_TLS_FLAGS_LENGTH_INCLUDED
)
141 req
= eap_msg_alloc(EAP_VENDOR_IETF
, eap_type
, plen
,
142 EAP_CODE_REQUEST
, id
);
146 wpabuf_put_u8(req
, flags
); /* Flags */
147 if (flags
& EAP_TLS_FLAGS_LENGTH_INCLUDED
)
148 wpabuf_put_be32(req
, wpabuf_len(data
->tls_out
));
150 wpabuf_put_data(req
, wpabuf_head_u8(data
->tls_out
) + data
->tls_out_pos
,
152 data
->tls_out_pos
+= send_len
;
154 if (data
->tls_out_pos
== wpabuf_len(data
->tls_out
)) {
155 wpa_printf(MSG_DEBUG
, "SSL: Sending out %lu bytes "
156 "(message sent completely)",
157 (unsigned long) send_len
);
158 wpabuf_free(data
->tls_out
);
159 data
->tls_out
= NULL
;
160 data
->tls_out_pos
= 0;
163 wpa_printf(MSG_DEBUG
, "SSL: Sending out %lu bytes "
164 "(%lu more to send)", (unsigned long) send_len
,
165 (unsigned long) wpabuf_len(data
->tls_out
) -
167 data
->state
= WAIT_FRAG_ACK
;
174 struct wpabuf
* eap_server_tls_build_ack(u8 id
, int eap_type
, int version
)
178 req
= eap_msg_alloc(EAP_VENDOR_IETF
, eap_type
, 1, EAP_CODE_REQUEST
,
182 wpa_printf(MSG_DEBUG
, "SSL: Building ACK");
183 wpabuf_put_u8(req
, version
); /* Flags */
188 static int eap_server_tls_process_cont(struct eap_ssl_data
*data
,
189 const u8
*buf
, size_t len
)
191 /* Process continuation of a pending message */
192 if (len
> wpabuf_tailroom(data
->tls_in
)) {
193 wpa_printf(MSG_DEBUG
, "SSL: Fragment overflow");
197 wpabuf_put_data(data
->tls_in
, buf
, len
);
198 wpa_printf(MSG_DEBUG
, "SSL: Received %lu bytes, waiting for %lu "
199 "bytes more", (unsigned long) len
,
200 (unsigned long) wpabuf_tailroom(data
->tls_in
));
206 static int eap_server_tls_process_fragment(struct eap_ssl_data
*data
,
207 u8 flags
, u32 message_length
,
208 const u8
*buf
, size_t len
)
210 /* Process a fragment that is not the last one of the message */
211 if (data
->tls_in
== NULL
&& !(flags
& EAP_TLS_FLAGS_LENGTH_INCLUDED
)) {
212 wpa_printf(MSG_DEBUG
, "SSL: No Message Length field in a "
213 "fragmented packet");
217 if (data
->tls_in
== NULL
) {
218 /* First fragment of the message */
220 /* Limit length to avoid rogue peers from causing large
221 * memory allocations. */
222 if (message_length
> 65536) {
223 wpa_printf(MSG_INFO
, "SSL: Too long TLS fragment (size"
228 data
->tls_in
= wpabuf_alloc(message_length
);
229 if (data
->tls_in
== NULL
) {
230 wpa_printf(MSG_DEBUG
, "SSL: No memory for message");
233 wpabuf_put_data(data
->tls_in
, buf
, len
);
234 wpa_printf(MSG_DEBUG
, "SSL: Received %lu bytes in first "
235 "fragment, waiting for %lu bytes more",
237 (unsigned long) wpabuf_tailroom(data
->tls_in
));
244 int eap_server_tls_phase1(struct eap_sm
*sm
, struct eap_ssl_data
*data
)
247 /* This should not happen.. */
248 wpa_printf(MSG_INFO
, "SSL: pending tls_out data when "
249 "processing new message");
250 wpabuf_free(data
->tls_out
);
251 WPA_ASSERT(data
->tls_out
== NULL
);
254 data
->tls_out
= tls_connection_server_handshake(sm
->ssl_ctx
,
257 if (data
->tls_out
== NULL
) {
258 wpa_printf(MSG_INFO
, "SSL: TLS processing failed");
261 if (tls_connection_get_failed(sm
->ssl_ctx
, data
->conn
)) {
262 /* TLS processing has failed - return error */
263 wpa_printf(MSG_DEBUG
, "SSL: Failed - tls_out available to "
272 static int eap_server_tls_reassemble(struct eap_ssl_data
*data
, u8 flags
,
273 const u8
**pos
, size_t *left
)
275 unsigned int tls_msg_len
= 0;
276 const u8
*end
= *pos
+ *left
;
278 if (flags
& EAP_TLS_FLAGS_LENGTH_INCLUDED
) {
280 wpa_printf(MSG_INFO
, "SSL: Short frame with TLS "
284 tls_msg_len
= WPA_GET_BE32(*pos
);
285 wpa_printf(MSG_DEBUG
, "SSL: TLS Message Length: %d",
291 wpa_printf(MSG_DEBUG
, "SSL: Received packet: Flags 0x%x "
292 "Message Length %u", flags
, tls_msg_len
);
294 if (data
->state
== WAIT_FRAG_ACK
) {
296 wpa_printf(MSG_DEBUG
, "SSL: Unexpected payload in "
297 "WAIT_FRAG_ACK state");
300 wpa_printf(MSG_DEBUG
, "SSL: Fragment acknowledged");
305 eap_server_tls_process_cont(data
, *pos
, end
- *pos
) < 0)
308 if (flags
& EAP_TLS_FLAGS_MORE_FRAGMENTS
) {
309 if (eap_server_tls_process_fragment(data
, flags
, tls_msg_len
,
310 *pos
, end
- *pos
) < 0)
313 data
->state
= FRAG_ACK
;
317 if (data
->state
== FRAG_ACK
) {
318 wpa_printf(MSG_DEBUG
, "SSL: All fragments received");
322 if (data
->tls_in
== NULL
) {
323 /* Wrap unfragmented messages as wpabuf without extra copy */
324 wpabuf_set(&data
->tmpbuf
, *pos
, end
- *pos
);
325 data
->tls_in
= &data
->tmpbuf
;
332 static void eap_server_tls_free_in_buf(struct eap_ssl_data
*data
)
334 if (data
->tls_in
!= &data
->tmpbuf
)
335 wpabuf_free(data
->tls_in
);
340 struct wpabuf
* eap_server_tls_encrypt(struct eap_sm
*sm
,
341 struct eap_ssl_data
*data
,
342 const struct wpabuf
*plain
)
346 buf
= tls_connection_encrypt(sm
->ssl_ctx
, data
->conn
,
349 wpa_printf(MSG_INFO
, "SSL: Failed to encrypt Phase 2 data");
357 int eap_server_tls_process(struct eap_sm
*sm
, struct eap_ssl_data
*data
,
358 struct wpabuf
*respData
, void *priv
, int eap_type
,
359 int (*proc_version
)(struct eap_sm
*sm
, void *priv
,
361 void (*proc_msg
)(struct eap_sm
*sm
, void *priv
,
362 const struct wpabuf
*respData
))
369 pos
= eap_hdr_validate(EAP_VENDOR_IETF
, eap_type
, respData
, &left
);
370 if (pos
== NULL
|| left
< 1)
371 return 0; /* Should not happen - frame already validated */
374 wpa_printf(MSG_DEBUG
, "SSL: Received packet(len=%lu) - Flags 0x%02x",
375 (unsigned long) wpabuf_len(respData
), flags
);
378 proc_version(sm
, priv
, flags
& EAP_TLS_VERSION_MASK
) < 0)
381 ret
= eap_server_tls_reassemble(data
, flags
, &pos
, &left
);
389 proc_msg(sm
, priv
, respData
);
391 if (tls_connection_get_write_alerts(sm
->ssl_ctx
, data
->conn
) > 1) {
392 wpa_printf(MSG_INFO
, "SSL: Locally detected fatal error in "
398 eap_server_tls_free_in_buf(data
);