Lines Matching +full:entry +full:- +full:method
2 * EAP peer method: EAP-FAST (RFC 4851)
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
25 * - test session resumption and enable it if it interoperates
26 * - password change (pending mschapv2 packet; replay decrypted packet)
81 wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket callback");
85 wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket failed - fall "
87 data->session_ticket_used = 0;
88 if (data->provisioning_allowed) {
89 wpa_printf(MSG_DEBUG, "EAP-FAST: Try to provision a "
90 "new PAC-Key");
91 data->provisioning = 1;
92 data->current_pac = NULL;
97 wpa_hexdump(MSG_DEBUG, "EAP-FAST: SessionTicket", ticket, len);
99 if (data->current_pac == NULL) {
100 wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC-Key available for "
102 data->session_ticket_used = 0;
106 eap_fast_derive_master_secret(data->current_pac->pac_key,
110 data->session_ticket_used = 1;
123 data->provisioning_allowed = atoi(pos + 18);
124 wpa_printf(MSG_DEBUG, "EAP-FAST: Automatic PAC provisioning "
125 "mode: %d", data->provisioning_allowed);
130 data->max_pac_list_len = atoi(pos + 22);
131 if (data->max_pac_list_len == 0)
132 data->max_pac_list_len = 1;
133 wpa_printf(MSG_DEBUG, "EAP-FAST: Maximum PAC list length: %lu",
134 (unsigned long) data->max_pac_list_len);
139 data->use_pac_binary_format = 1;
140 wpa_printf(MSG_DEBUG, "EAP-FAST: Using binary format for PAC "
157 data->fast_version = EAP_FAST_VERSION;
158 data->max_pac_list_len = 10;
160 if (config->phase1)
161 eap_fast_parse_phase1(data, config->phase1);
164 &data->phase2_types,
165 &data->num_phase2_types, 0) < 0) {
170 data->phase2_type.vendor = EAP_VENDOR_IETF;
171 data->phase2_type.method = EAP_TYPE_NONE;
173 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_FAST)) {
174 wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
179 if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
182 wpa_printf(MSG_INFO, "EAP-FAST: Failed to set SessionTicket "
193 if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn)) {
194 wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to enable TLS "
198 if (!config->pac_file) {
199 wpa_printf(MSG_INFO, "EAP-FAST: No PAC file configured");
204 if (data->use_pac_binary_format &&
205 eap_fast_load_pac_bin(sm, &data->pac, config->pac_file) < 0) {
206 wpa_printf(MSG_INFO, "EAP-FAST: Failed to load PAC file");
211 if (!data->use_pac_binary_format &&
212 eap_fast_load_pac(sm, &data->pac, config->pac_file) < 0) {
213 wpa_printf(MSG_INFO, "EAP-FAST: Failed to load PAC file");
217 eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len);
219 if (data->pac == NULL && !data->provisioning_allowed) {
220 wpa_printf(MSG_INFO, "EAP-FAST: No PAC configured and "
237 if (data->phase2_priv && data->phase2_method)
238 data->phase2_method->deinit(sm, data->phase2_priv);
239 os_free(data->phase2_types);
240 os_free(data->key_block_p);
241 eap_peer_tls_ssl_deinit(sm, &data->ssl);
243 pac = data->pac;
247 pac = pac->next;
250 os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
251 os_memset(data->emsk, 0, EAP_EMSK_LEN);
252 os_free(data->session_id);
253 wpabuf_clear_free(data->pending_phase2_req);
254 wpabuf_clear_free(data->pending_resp);
261 if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 ||
262 eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0)
263 return -1;
264 data->success = 1;
278 sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
281 wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive "
283 return -1;
288 * S-IMCK[0] = session_key_seed
291 "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
293 data->simck_idx = 0;
294 os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN);
303 os_free(data->key_block_p);
304 data->key_block_p = (struct eap_fast_key_block_provisioning *)
305 eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
306 sizeof(*data->key_block_p));
307 if (data->key_block_p == NULL) {
308 wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive key block");
309 return -1;
313 * S-IMCK[0] = session_key_seed
316 "EAP-FAST: session_key_seed (SKS = S-IMCK[0])",
317 data->key_block_p->session_key_seed,
318 sizeof(data->key_block_p->session_key_seed));
319 data->simck_idx = 0;
320 os_memcpy(data->simck, data->key_block_p->session_key_seed,
322 wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: server_challenge",
323 data->key_block_p->server_challenge,
324 sizeof(data->key_block_p->server_challenge));
325 wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: client_challenge",
326 data->key_block_p->client_challenge,
327 sizeof(data->key_block_p->client_challenge));
336 if (data->anon_provisioning)
347 data->phase2_method =
348 eap_peer_get_eap_method(data->phase2_type.vendor,
349 data->phase2_type.method);
350 if (data->phase2_method == NULL)
351 return -1;
353 if (data->key_block_p) {
354 sm->auth_challenge = data->key_block_p->server_challenge;
355 sm->peer_challenge = data->key_block_p->client_challenge;
357 sm->eap_fast_mschapv2 = true;
358 sm->init_phase2 = 1;
359 data->phase2_priv = data->phase2_method->init(sm);
360 sm->init_phase2 = 0;
361 sm->auth_challenge = NULL;
362 sm->peer_challenge = NULL;
364 return data->phase2_priv == NULL ? -1 : 0;
376 if (data->anon_provisioning &&
379 "EAP-FAST: Only EAP-MSCHAPv2 is allowed during unauthenticated provisioning; reject phase2 type %u:%u",
381 return -1;
386 data->phase2_type.vendor = EAP_VENDOR_IETF;
387 data->phase2_type.method = EAP_TYPE_TNC;
388 wpa_printf(MSG_DEBUG, "EAP-FAST: Selected Phase 2 EAP "
389 "vendor %d method %d for TNC",
390 data->phase2_type.vendor,
391 data->phase2_type.method);
396 for (i = 0; i < data->num_phase2_types; i++) {
397 if (data->phase2_types[i].vendor != vendor ||
398 data->phase2_types[i].method != type)
401 data->phase2_type.vendor = data->phase2_types[i].vendor;
402 data->phase2_type.method = data->phase2_types[i].method;
403 wpa_printf(MSG_DEBUG, "EAP-FAST: Selected Phase 2 EAP "
404 "vendor %d method %d",
405 data->phase2_type.vendor,
406 data->phase2_type.method);
410 if (vendor != data->phase2_type.vendor ||
411 type != data->phase2_type.method ||
413 return -1;
425 size_t len = be_to_host16(hdr->length);
431 enum eap_type method;
434 wpa_printf(MSG_INFO, "EAP-FAST: too short "
436 return -1;
439 method = *pos;
440 if (method == EAP_TYPE_EXPANDED) {
443 "EAP-FAST: Too short Phase 2 request (expanded header) (len=%lu)",
445 return -1;
448 method = WPA_GET_BE32(pos + 4);
450 wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 Request: type=%u:%u",
451 vendor, method);
452 if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_IDENTITY) {
453 *resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
457 if (data->phase2_priv && data->phase2_method &&
458 (vendor != data->phase2_type.vendor ||
459 method != data->phase2_type.method)) {
460 wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 EAP sequence - "
461 "deinitialize previous method");
462 data->phase2_method->deinit(sm, data->phase2_priv);
463 data->phase2_method = NULL;
464 data->phase2_priv = NULL;
465 data->phase2_type.vendor = EAP_VENDOR_IETF;
466 data->phase2_type.method = EAP_TYPE_NONE;
469 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
470 data->phase2_type.method == EAP_TYPE_NONE &&
471 eap_fast_select_phase2_method(data, vendor, method) < 0) {
472 if (eap_peer_tls_phase2_nak(data->phase2_types,
473 data->num_phase2_types,
475 return -1;
479 if ((data->phase2_priv == NULL &&
481 data->phase2_method == NULL) {
483 "EAP-FAST: Failed to initialize Phase 2 EAP method %u:%u",
484 vendor, method);
485 ret->methodState = METHOD_DONE;
486 ret->decision = DECISION_FAIL;
487 return -1;
492 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret,
497 ret->methodState = METHOD_DONE;
498 ret->decision = DECISION_FAIL;
503 data->phase2_success = 1;
507 (config->pending_req_identity || config->pending_req_password ||
508 config->pending_req_otp || config->pending_req_new_password ||
509 config->pending_req_sim)) {
510 wpabuf_clear_free(data->pending_phase2_req);
511 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
513 return -1;
527 nak->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | EAP_TLV_NAK_TLV);
528 nak->length = host_to_be16(6);
529 nak->vendor_id = host_to_be32(vendor_id);
530 nak->nak_type = host_to_be16(tlv_type);
542 wpa_printf(MSG_DEBUG, "EAP-FAST: Add %sResult TLV(status=%d)",
545 result->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
549 result->length = host_to_be16(2);
550 result->status = host_to_be16(status);
565 wpa_printf(MSG_DEBUG, "EAP-FAST: Add PAC TLV (ack)");
567 ack->tlv_type = host_to_be16(EAP_TLV_PAC_TLV |
569 ack->length = host_to_be16(sizeof(*ack) - sizeof(struct eap_tlv_hdr));
570 ack->pac_type = host_to_be16(PAC_TYPE_PAC_ACKNOWLEDGEMENT);
571 ack->pac_len = host_to_be16(2);
572 ack->result = host_to_be16(EAP_TLV_RESULT_SUCCESS);
587 wpa_printf(MSG_DEBUG, "EAP-FAST: too short EAP "
594 if (be_to_host16(hdr->length) > eap_payload_tlv_len) {
595 wpa_printf(MSG_DEBUG, "EAP-FAST: EAP packet overflow in "
600 if (hdr->code != EAP_CODE_REQUEST) {
601 wpa_printf(MSG_INFO, "EAP-FAST: Unexpected code=%d in "
602 "Phase 2 EAP header", hdr->code);
607 wpa_printf(MSG_INFO, "EAP-FAST: Phase2 Request processing "
619 wpa_printf(MSG_DEBUG, "EAP-FAST: Crypto-Binding TLV: Version %d "
621 _bind->version, _bind->received_version, _bind->subtype);
622 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
623 _bind->nonce, sizeof(_bind->nonce));
624 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
625 _bind->compound_mac, sizeof(_bind->compound_mac));
627 if (_bind->version != EAP_FAST_VERSION ||
628 _bind->received_version != EAP_FAST_VERSION ||
629 _bind->subtype != EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST) {
630 wpa_printf(MSG_INFO, "EAP-FAST: Invalid version/subtype in "
631 "Crypto-Binding TLV: Version %d "
633 _bind->version, _bind->received_version,
634 _bind->subtype);
635 return -1;
646 rbind->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
648 rbind->length = host_to_be16(sizeof(*rbind) -
650 rbind->version = EAP_FAST_VERSION;
651 rbind->received_version = _bind->version;
652 rbind->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE;
653 os_memcpy(rbind->nonce, _bind->nonce, sizeof(_bind->nonce));
654 inc_byte_array(rbind->nonce, sizeof(rbind->nonce));
656 rbind->compound_mac);
658 wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: Version %d "
660 rbind->version, rbind->received_version, rbind->subtype);
661 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: NONCE",
662 rbind->nonce, sizeof(rbind->nonce));
663 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Compound MAC",
664 rbind->compound_mac, sizeof(rbind->compound_mac));
677 if (data->phase2_method == NULL || data->phase2_priv == NULL) {
678 wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 method not "
680 return -1;
683 if (data->phase2_method->isKeyAvailable == NULL ||
684 data->phase2_method->getKey == NULL)
687 if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) ||
688 (key = data->phase2_method->getKey(sm, data->phase2_priv,
690 wpa_printf(MSG_DEBUG, "EAP-FAST: Could not get key material "
692 return -1;
709 wpa_printf(MSG_DEBUG, "EAP-FAST: Determining CMK[%d] for Compound MIC "
710 "calculation", data->simck_idx + 1);
714 * IMCK[j] = T-PRF(S-IMCK[j-1], "Inner Methods Compound Keys",
716 * S-IMCK[j] = first 40 octets of IMCK[j]
721 return -1;
722 wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: ISK[j]", isk, sizeof(isk));
723 if (sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
726 return -1;
727 data->simck_idx++;
728 os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
729 wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",
730 data->simck, EAP_FAST_SIMCK_LEN);
732 wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]",
746 act->tlv_type = host_to_be16(EAP_TLV_REQUEST_ACTION_TLV);
747 act->length = host_to_be16(2);
748 act->action = host_to_be16(EAP_TLV_ACTION_PROCESS_TLV);
751 pac->tlv_type = host_to_be16(EAP_TLV_PAC_TLV);
752 pac->length = host_to_be16(sizeof(*type));
755 type->tlv_type = host_to_be16(PAC_TYPE_PAC_TYPE);
756 type->length = host_to_be16(2);
757 type->pac_type = host_to_be16(pac_type);
781 os_memcpy(cmac, _bind->compound_mac, sizeof(cmac));
782 os_memset(_bind->compound_mac, 0, sizeof(cmac));
783 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for Compound "
786 _bind->compound_mac);
787 res = os_memcmp_const(cmac, _bind->compound_mac, sizeof(cmac));
788 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Received Compound MAC",
790 wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Calculated Compound MAC",
791 _bind->compound_mac, sizeof(cmac));
793 wpa_printf(MSG_INFO, "EAP-FAST: Compound MAC did not match");
794 os_memcpy(_bind->compound_mac, cmac, sizeof(cmac));
808 if (!data->anon_provisioning && data->phase2_success &&
810 wpa_printf(MSG_INFO, "EAP-FAST: Failed to generate MSK");
811 ret->methodState = METHOD_DONE;
812 ret->decision = DECISION_FAIL;
813 data->phase2_success = 0;
818 if (!data->anon_provisioning && data->phase2_success) {
819 os_free(data->session_id);
820 data->session_id = eap_peer_tls_derive_session_id(
821 sm, &data->ssl, EAP_TYPE_FAST, &data->id_len);
822 if (data->session_id) {
823 wpa_hexdump(MSG_DEBUG, "EAP-FAST: Derived Session-Id",
824 data->session_id, data->id_len);
826 wpa_printf(MSG_ERROR, "EAP-FAST: Failed to derive "
827 "Session-Id");
841 static void eap_fast_parse_pac_tlv(struct eap_fast_pac *entry, int type,
846 wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key", pos, len);
848 wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid PAC-Key "
853 os_memcpy(entry->pac_key, pos, len);
856 wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Opaque", pos, len);
857 entry->pac_opaque = pos;
858 entry->pac_opaque_len = len;
861 wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Info", pos, len);
862 entry->pac_info = pos;
863 entry->pac_info_len = len;
866 wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown PAC type %d",
873 static int eap_fast_process_pac_tlv(struct eap_fast_pac *entry,
886 type = be_to_host16(hdr->type);
887 len = be_to_host16(hdr->len);
889 left -= sizeof(*hdr);
891 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV overrun "
895 return -1;
898 eap_fast_parse_pac_tlv(entry, type, pos, len, &pac_key_found);
901 left -= len;
904 if (!pac_key_found || !entry->pac_opaque || !entry->pac_info) {
905 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV does not include "
907 return -1;
914 static int eap_fast_parse_pac_info(struct eap_fast_pac *entry, int type,
924 wpa_hexdump(MSG_DEBUG, "EAP-FAST: PAC-Info - "
925 "Invalid CRED_LIFETIME length - ignored",
933 * needed. Anyway, the information is available from PAC-Info
938 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info - CRED_LIFETIME %d "
940 lifetime, (lifetime - (u32) now.sec) / 86400);
943 wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - A-ID",
945 entry->a_id = pos;
946 entry->a_id_len = len;
949 wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - I-ID",
951 entry->i_id = pos;
952 entry->i_id_len = len;
955 wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: PAC-Info - A-ID-Info",
957 entry->a_id_info = pos;
958 entry->a_id_info_len = len;
961 /* RFC 5422, Section 4.2.6 - PAC-Type TLV */
963 wpa_printf(MSG_INFO, "EAP-FAST: Invalid PAC-Type "
967 "EAP-FAST: PAC-Info - PAC-Type",
969 return -1;
975 wpa_printf(MSG_INFO, "EAP-FAST: Unsupported PAC Type "
977 return -1;
980 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info - PAC-Type %d",
982 entry->pac_type = pac_type;
985 wpa_printf(MSG_DEBUG, "EAP-FAST: Ignored unknown PAC-Info "
994 static int eap_fast_process_pac_info(struct eap_fast_pac *entry)
1003 /* PAC-Type defaults to Tunnel PAC (Type 1) */
1004 entry->pac_type = PAC_TYPE_TUNNEL_PAC;
1006 pos = entry->pac_info;
1007 left = entry->pac_info_len;
1010 type = be_to_host16(hdr->type);
1011 len = be_to_host16(hdr->len);
1013 left -= sizeof(*hdr);
1015 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info overrun "
1019 return -1;
1022 if (eap_fast_parse_pac_info(entry, type, pos, len) < 0)
1023 return -1;
1026 left -= len;
1029 if (entry->a_id == NULL || entry->a_id_info == NULL) {
1030 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Info does not include "
1032 return -1;
1045 struct eap_fast_pac entry;
1047 os_memset(&entry, 0, sizeof(entry));
1048 if (eap_fast_process_pac_tlv(&entry, pac, pac_len) ||
1049 eap_fast_process_pac_info(&entry))
1052 eap_fast_add_pac(&data->pac, &data->current_pac, &entry);
1053 eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len);
1054 if (data->use_pac_binary_format)
1055 eap_fast_save_pac_bin(sm, data->pac, config->pac_file);
1057 eap_fast_save_pac(sm, data->pac, config->pac_file);
1059 if (data->provisioning) {
1060 if (data->anon_provisioning) {
1063 * material and must end with an EAP-Failure.
1066 data->success = 0;
1067 ret->decision = DECISION_FAIL;
1073 ret->decision = DECISION_COND_SUCC;
1075 wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
1076 "- Provisioning completed successfully");
1077 sm->expected_failure = 1;
1081 * expected to be completed with an EAP-Success. However,
1082 * RFC 5422, Section 3.5 allows EAP-Failure to be sent even
1083 * after protected success exchange in case of EAP-Fast
1087 wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
1088 "- PAC refreshing completed successfully");
1089 ret->decision = DECISION_COND_SUCC;
1091 ret->methodState = METHOD_DONE;
1109 while (end - pos > 4) {
1115 if (len > (size_t) (end - pos)) {
1116 wpa_printf(MSG_INFO, "EAP-FAST: TLV overflow");
1117 return -1;
1119 wpa_printf(MSG_DEBUG, "EAP-FAST: Received Phase 2: "
1125 if (res == -2)
1129 wpa_printf(MSG_DEBUG, "EAP-FAST: Nak unknown "
1134 wpa_printf(MSG_DEBUG, "EAP-FAST: ignored "
1155 wpa_hexdump_buf(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 data",
1157 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST,
1158 data->fast_version, identifier,
1160 wpa_printf(MSG_INFO, "EAP-FAST: Failed to encrypt a Phase 2 "
1182 wpabuf_put(tmp, pos2 - pos);
1240 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC TLV without Result TLV "
1249 if (data->current_pac == NULL && data->provisioning &&
1250 !data->anon_provisioning && !tlv.pac &&
1257 wpa_printf(MSG_DEBUG, "EAP-FAST: Request Tunnel PAC");
1271 tlv.crypto_binding && data->phase2_success) {
1272 if (data->anon_provisioning) {
1273 wpa_printf(MSG_DEBUG, "EAP-FAST: Unauthenticated "
1275 ret->methodState = METHOD_DONE;
1276 ret->decision = DECISION_FAIL;
1277 sm->expected_failure = 1;
1279 wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
1281 if (data->provisioning)
1282 ret->methodState = METHOD_MAY_CONT;
1284 ret->methodState = METHOD_DONE;
1285 ret->decision = DECISION_UNCOND_SUCC;
1290 wpa_printf(MSG_DEBUG, "EAP-FAST: No recognized TLVs - send "
1308 wpa_printf(MSG_DEBUG, "EAP-FAST: Received %lu bytes encrypted data for"
1311 if (data->pending_phase2_req) {
1312 wpa_printf(MSG_DEBUG, "EAP-FAST: Pending Phase 2 request - "
1315 eap_peer_tls_reset_input(&data->ssl);
1317 in_decrypted = data->pending_phase2_req;
1318 data->pending_phase2_req = NULL;
1323 /* Received TLS ACK - requesting more fragments */
1324 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST,
1325 data->fast_version,
1329 res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
1334 wpa_hexdump_buf(MSG_MSGDUMP, "EAP-FAST: Decrypted Phase 2 TLV(s)",
1338 wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
1342 return -1;
1360 * Parse authority identity (A-ID) from the EAP-FAST/Start. This
1361 * supports both raw A-ID and one inside an A-ID TLV.
1368 tlen = be_to_host16(hdr->len);
1369 if (be_to_host16(hdr->type) == PAC_TYPE_A_ID &&
1371 wpa_printf(MSG_DEBUG, "EAP-FAST: A-ID was in TLV "
1377 wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: A-ID", a_id, *id_len);
1386 data->current_pac = eap_fast_get_pac(data->pac, a_id, a_id_len,
1388 if (data->current_pac == NULL) {
1390 * Tunnel PAC was not available for this A-ID. Try to use
1393 data->current_pac = eap_fast_get_pac(
1394 data->pac, a_id, a_id_len,
1398 if (data->current_pac) {
1399 wpa_printf(MSG_DEBUG, "EAP-FAST: PAC found for this A-ID "
1400 "(PAC-Type %d)", data->current_pac->pac_type);
1401 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-FAST: A-ID-Info",
1402 data->current_pac->a_id_info,
1403 data->current_pac->a_id_info_len);
1416 olen = pac->pac_opaque_len;
1421 ehdr->tlv_type = host_to_be16(PAC_TYPE_PAC_OPAQUE);
1422 ehdr->length = host_to_be16(olen);
1423 os_memcpy(ehdr + 1, pac->pac_opaque, olen);
1426 tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn,
1429 wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to add PAC-Opaque TLS "
1432 return -1;
1443 if (tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn,
1445 wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to remove PAC-Opaque "
1447 return -1;
1459 if (data->provisioning_allowed & EAP_FAST_PROV_UNAUTH) {
1460 wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling unauthenticated "
1465 if (data->provisioning_allowed & EAP_FAST_PROV_AUTH) {
1466 wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling authenticated "
1477 if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,
1479 wpa_printf(MSG_INFO, "EAP-FAST: Could not configure TLS "
1481 return -1;
1495 /* EAP-FAST Version negotiation (section 3.1) */
1496 wpa_printf(MSG_DEBUG, "EAP-FAST: Start (server ver=%d, own ver=%d)",
1497 flags & EAP_TLS_VERSION_MASK, data->fast_version);
1498 if ((flags & EAP_TLS_VERSION_MASK) < data->fast_version)
1499 data->fast_version = flags & EAP_TLS_VERSION_MASK;
1500 wpa_printf(MSG_DEBUG, "EAP-FAST: Using FAST version %d",
1501 data->fast_version);
1506 if (data->resuming && data->current_pac) {
1507 wpa_printf(MSG_DEBUG, "EAP-FAST: Trying to resume session - "
1508 "do not add PAC-Opaque to TLS ClientHello");
1510 return -1;
1511 } else if (data->current_pac) {
1513 * PAC found for the A-ID and we are not resuming an old
1514 * session, so add PAC-Opaque extension to ClientHello.
1516 if (eap_fast_use_pac_opaque(sm, data, data->current_pac) < 0)
1517 return -1;
1520 if (!data->provisioning_allowed) {
1521 wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found and "
1523 return -1;
1525 wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC found - "
1529 return -1;
1530 data->provisioning = 1;
1550 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
1556 id = req->identifier;
1562 left = 0; /* A-ID is not used in further packet processing */
1568 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1569 !data->resuming) {
1573 ret->methodState = METHOD_DONE;
1574 ret->decision = DECISION_FAIL;
1582 if (sm->waiting_ext_cert_check && data->pending_resp) {
1585 if (config->pending_ext_cert_check ==
1588 "EAP-FAST: External certificate check succeeded - continue handshake");
1589 resp = data->pending_resp;
1590 data->pending_resp = NULL;
1591 sm->waiting_ext_cert_check = 0;
1595 if (config->pending_ext_cert_check ==
1598 "EAP-FAST: External certificate check failed - force authentication failure");
1599 ret->methodState = METHOD_DONE;
1600 ret->decision = DECISION_FAIL;
1601 sm->waiting_ext_cert_check = 0;
1606 "EAP-FAST: Continuing to wait external server certificate validation");
1611 res = eap_peer_tls_process_helper(sm, &data->ssl,
1613 data->fast_version, id, &msg,
1617 "EAP-FAST: TLS processing failed");
1618 ret->methodState = METHOD_DONE;
1619 ret->decision = DECISION_FAIL;
1623 if (sm->waiting_ext_cert_check) {
1625 "EAP-FAST: Waiting external server certificate validation");
1626 wpabuf_clear_free(data->pending_resp);
1627 data->pending_resp = resp;
1631 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1634 "EAP-FAST: TLS done, proceed to Phase 2");
1635 if (data->provisioning &&
1636 (!(data->provisioning_allowed &
1638 tls_get_cipher(sm->ssl_ctx, data->ssl.conn,
1640 os_strstr(cipher, "ADH-") ||
1642 wpa_printf(MSG_DEBUG, "EAP-FAST: Using "
1645 data->anon_provisioning = 1;
1647 data->anon_provisioning = 0;
1648 data->resuming = 0;
1651 "EAP-FAST: Could not derive keys");
1652 ret->methodState = METHOD_DONE;
1653 ret->decision = DECISION_FAIL;
1663 wpabuf_clear_free(data->pending_phase2_req);
1664 data->pending_phase2_req = resp;
1673 data->fast_version);
1684 return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
1692 if (data->phase2_priv && data->phase2_method &&
1693 data->phase2_method->deinit_for_reauth)
1694 data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
1695 os_free(data->key_block_p);
1696 data->key_block_p = NULL;
1697 wpabuf_clear_free(data->pending_phase2_req);
1698 data->pending_phase2_req = NULL;
1699 wpabuf_clear_free(data->pending_resp);
1700 data->pending_resp = NULL;
1707 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1711 os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
1712 os_memset(data->emsk, 0, EAP_EMSK_LEN);
1713 os_free(data->session_id);
1714 data->session_id = NULL;
1715 if (data->phase2_priv && data->phase2_method &&
1716 data->phase2_method->init_for_reauth)
1717 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1718 data->phase2_success = 0;
1719 data->resuming = 1;
1720 data->provisioning = 0;
1721 data->anon_provisioning = 0;
1722 data->simck_idx = 0;
1734 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
1735 if (data->phase2_method) {
1736 ret = os_snprintf(buf + len, buflen - len,
1737 "EAP-FAST Phase2 method=%s\n",
1738 data->phase2_method->name);
1739 if (os_snprintf_error(buflen - len, ret))
1750 return data->success;
1759 if (!data->success)
1762 key = os_memdup(data->key_data, EAP_FAST_KEY_LEN);
1777 if (!data->success || !data->session_id)
1780 id = os_memdup(data->session_id, data->id_len);
1784 *len = data->id_len;
1795 if (!data->success)
1798 key = os_memdup(data->emsk, EAP_EMSK_LEN);
1815 return -1;
1817 eap->init = eap_fast_init;
1818 eap->deinit = eap_fast_deinit;
1819 eap->process = eap_fast_process;
1820 eap->isKeyAvailable = eap_fast_isKeyAvailable;
1821 eap->getKey = eap_fast_getKey;
1822 eap->getSessionId = eap_fast_get_session_id;
1823 eap->get_status = eap_fast_get_status;
1825 eap->has_reauth_data = eap_fast_has_reauth_data;
1826 eap->deinit_for_reauth = eap_fast_deinit_for_reauth;
1827 eap->init_for_reauth = eap_fast_init_for_reauth;
1829 eap->get_emsk = eap_fast_get_emsk;