EAP-TLS server: Add application data to indicate end of v1.3 handshake

This adds an encrypted version of a one octet application data payload
to the end of the handshake when TLS v1.3 is used to indicate explicit
termination of the handshake (either after Finished message or after the
optional NewSessionTicket message). The current
draft-ietf-emu-eap-tls13-05 defines this to be a zero length payload,
but since that is not allowed by OpenSSL, use a one octet payload
instead for now with hopes of getting the draft specification updated
instead of having to modify OpenSSL for this.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 9860a36537cad271e9366c3fdb8c095792b51f95..0712d4ccd5aad50a203bd1165e35c3001a655f5d 100644 (file)
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -261,8 +261,43 @@ static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
                           "handshake message");
                return;
        }
-       if (eap_server_tls_phase1(sm, &data->ssl) < 0)
+       if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
                eap_tls_state(data, FAILURE);
+               return;
+       }
+
+       if (data->ssl.tls_v13 &&
+           tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+               struct wpabuf *plain, *encr;
+
+               wpa_printf(MSG_DEBUG,
+                          "EAP-TLS: Send empty application data to indicate end of exchange");
+               /* FIX: This should be an empty application data based on
+                * draft-ietf-emu-eap-tls13-05, but OpenSSL does not allow zero
+                * length payload (SSL_write() documentation explicitly
+                * describes this as not allowed), so work around that for now
+                * by sending out a payload of one octet. Hopefully the draft
+                * specification will change to allow this so that no crypto
+                * library changes are needed. */
+               plain = wpabuf_alloc(1);
+               if (!plain)
+                       return;
+               wpabuf_put_u8(plain, 0);
+               encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
+               wpabuf_free(plain);
+               if (!encr)
+                       return;
+               if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
+                       wpa_printf(MSG_INFO,
+                                  "EAP-TLS: Failed to resize output buffer");
+                       wpabuf_free(encr);
+                       return;
+               }
+               wpabuf_put_buf(data->ssl.tls_out, encr);
+               wpa_hexdump_buf(MSG_DEBUG,
+                               "EAP-TLS: Data appended to the message", encr);
+               wpabuf_free(encr);
+       }
 }