2
* EAP peer method: EAP-GPSK (RFC 5433)
3
* Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
5
* This software may be distributed under the terms of the BSD license.
6
* See README for more details.
12
#include "crypto/random.h"
13
#include "eap_peer/eap_i.h"
14
#include "eap_common/eap_gpsk_common.h"
16
struct eap_gpsk_data {
17
enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
18
u8 rand_server[EAP_GPSK_RAND_LEN];
19
u8 rand_peer[EAP_GPSK_RAND_LEN];
21
u8 emsk[EAP_EMSK_LEN];
22
u8 sk[EAP_GPSK_MAX_SK_LEN];
24
u8 pk[EAP_GPSK_MAX_PK_LEN];
32
int vendor; /* CSuite/Specifier */
33
int specifier; /* CSuite/Specifier */
36
u16 forced_cipher; /* force cipher or 0 to allow all supported */
40
static struct wpabuf * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data,
42
const u8 *csuite_list,
43
size_t csuite_list_len);
44
static struct wpabuf * eap_gpsk_send_gpsk_4(struct eap_gpsk_data *data,
48
#ifndef CONFIG_NO_STDOUT_DEBUG
49
static const char * eap_gpsk_state_txt(int state)
64
#endif /* CONFIG_NO_STDOUT_DEBUG */
67
static void eap_gpsk_state(struct eap_gpsk_data *data, int state)
69
wpa_printf(MSG_DEBUG, "EAP-GPSK: %s -> %s",
70
eap_gpsk_state_txt(data->state),
71
eap_gpsk_state_txt(state));
76
static void eap_gpsk_deinit(struct eap_sm *sm, void *priv);
79
static void * eap_gpsk_init(struct eap_sm *sm)
81
struct eap_gpsk_data *data;
82
const u8 *identity, *password;
83
size_t identity_len, password_len;
86
password = eap_get_config_password(sm, &password_len);
87
if (password == NULL) {
88
wpa_printf(MSG_INFO, "EAP-GPSK: No key (password) configured");
92
data = os_zalloc(sizeof(*data));
97
identity = eap_get_config_identity(sm, &identity_len);
99
data->id_peer = os_malloc(identity_len);
100
if (data->id_peer == NULL) {
101
eap_gpsk_deinit(sm, data);
104
os_memcpy(data->id_peer, identity, identity_len);
105
data->id_peer_len = identity_len;
108
phase1 = eap_get_config_phase1(sm);
112
pos = os_strstr(phase1, "cipher=");
114
data->forced_cipher = atoi(pos + 7);
115
wpa_printf(MSG_DEBUG, "EAP-GPSK: Forced cipher %u",
116
data->forced_cipher);
120
data->psk = os_malloc(password_len);
121
if (data->psk == NULL) {
122
eap_gpsk_deinit(sm, data);
125
os_memcpy(data->psk, password, password_len);
126
data->psk_len = password_len;
132
static void eap_gpsk_deinit(struct eap_sm *sm, void *priv)
134
struct eap_gpsk_data *data = priv;
135
os_free(data->id_server);
136
os_free(data->id_peer);
142
static const u8 * eap_gpsk_process_id_server(struct eap_gpsk_data *data,
143
const u8 *pos, const u8 *end)
148
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short GPSK-1 packet");
151
alen = WPA_GET_BE16(pos);
153
if (end - pos < alen) {
154
wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server overflow");
157
os_free(data->id_server);
158
data->id_server = os_malloc(alen);
159
if (data->id_server == NULL) {
160
wpa_printf(MSG_DEBUG, "EAP-GPSK: No memory for ID_Server");
163
os_memcpy(data->id_server, pos, alen);
164
data->id_server_len = alen;
165
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server",
166
data->id_server, data->id_server_len);
173
static const u8 * eap_gpsk_process_rand_server(struct eap_gpsk_data *data,
174
const u8 *pos, const u8 *end)
179
if (end - pos < EAP_GPSK_RAND_LEN) {
180
wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server overflow");
183
os_memcpy(data->rand_server, pos, EAP_GPSK_RAND_LEN);
184
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server",
185
data->rand_server, EAP_GPSK_RAND_LEN);
186
pos += EAP_GPSK_RAND_LEN;
192
static int eap_gpsk_select_csuite(struct eap_sm *sm,
193
struct eap_gpsk_data *data,
194
const u8 *csuite_list,
195
size_t csuite_list_len)
197
struct eap_gpsk_csuite *csuite;
200
count = csuite_list_len / sizeof(struct eap_gpsk_csuite);
201
data->vendor = EAP_GPSK_VENDOR_IETF;
202
data->specifier = EAP_GPSK_CIPHER_RESERVED;
203
csuite = (struct eap_gpsk_csuite *) csuite_list;
204
for (i = 0; i < count; i++) {
205
int vendor, specifier;
206
vendor = WPA_GET_BE32(csuite->vendor);
207
specifier = WPA_GET_BE16(csuite->specifier);
208
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite[%d]: %d:%d",
209
i, vendor, specifier);
210
if (data->vendor == EAP_GPSK_VENDOR_IETF &&
211
data->specifier == EAP_GPSK_CIPHER_RESERVED &&
212
eap_gpsk_supported_ciphersuite(vendor, specifier) &&
213
(!data->forced_cipher || data->forced_cipher == specifier))
215
data->vendor = vendor;
216
data->specifier = specifier;
220
if (data->vendor == EAP_GPSK_VENDOR_IETF &&
221
data->specifier == EAP_GPSK_CIPHER_RESERVED) {
222
wpa_msg(sm->msg_ctx, MSG_INFO, "EAP-GPSK: No supported "
223
"ciphersuite found");
226
wpa_printf(MSG_DEBUG, "EAP-GPSK: Selected ciphersuite %d:%d",
227
data->vendor, data->specifier);
233
static const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm,
234
struct eap_gpsk_data *data,
237
const u8 *pos, const u8 *end)
243
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short GPSK-1 packet");
246
*list_len = WPA_GET_BE16(pos);
248
if (end - pos < (int) *list_len) {
249
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List overflow");
252
if (*list_len == 0 || (*list_len % sizeof(struct eap_gpsk_csuite))) {
253
wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %lu",
254
(unsigned long) *list_len);
260
if (eap_gpsk_select_csuite(sm, data, *list, *list_len) < 0)
267
static struct wpabuf * eap_gpsk_process_gpsk_1(struct eap_sm *sm,
268
struct eap_gpsk_data *data,
269
struct eap_method_ret *ret,
270
const struct wpabuf *reqData,
274
size_t csuite_list_len;
275
const u8 *csuite_list, *pos, *end;
278
if (data->state != GPSK_1) {
283
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Request/GPSK-1");
285
end = payload + payload_len;
287
pos = eap_gpsk_process_id_server(data, payload, end);
288
pos = eap_gpsk_process_rand_server(data, pos, end);
289
pos = eap_gpsk_process_csuite_list(sm, data, &csuite_list,
290
&csuite_list_len, pos, end);
292
ret->methodState = METHOD_DONE;
293
eap_gpsk_state(data, FAILURE);
297
resp = eap_gpsk_send_gpsk_2(data, eap_get_id(reqData),
298
csuite_list, csuite_list_len);
302
eap_gpsk_state(data, GPSK_3);
308
static struct wpabuf * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data,
310
const u8 *csuite_list,
311
size_t csuite_list_len)
316
struct eap_gpsk_csuite *csuite;
318
wpa_printf(MSG_DEBUG, "EAP-GPSK: Sending Response/GPSK-2");
320
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
321
len = 1 + 2 + data->id_peer_len + 2 + data->id_server_len +
322
2 * EAP_GPSK_RAND_LEN + 2 + csuite_list_len +
323
sizeof(struct eap_gpsk_csuite) + 2 + miclen;
325
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len,
326
EAP_CODE_RESPONSE, identifier);
330
wpabuf_put_u8(resp, EAP_GPSK_OPCODE_GPSK_2);
331
start = wpabuf_put(resp, 0);
333
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
334
data->id_peer, data->id_peer_len);
335
wpabuf_put_be16(resp, data->id_peer_len);
336
wpabuf_put_data(resp, data->id_peer, data->id_peer_len);
338
wpabuf_put_be16(resp, data->id_server_len);
339
wpabuf_put_data(resp, data->id_server, data->id_server_len);
341
if (random_get_bytes(data->rand_peer, EAP_GPSK_RAND_LEN)) {
342
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data "
344
eap_gpsk_state(data, FAILURE);
348
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
349
data->rand_peer, EAP_GPSK_RAND_LEN);
350
wpabuf_put_data(resp, data->rand_peer, EAP_GPSK_RAND_LEN);
351
wpabuf_put_data(resp, data->rand_server, EAP_GPSK_RAND_LEN);
353
wpabuf_put_be16(resp, csuite_list_len);
354
wpabuf_put_data(resp, csuite_list, csuite_list_len);
356
csuite = wpabuf_put(resp, sizeof(*csuite));
357
WPA_PUT_BE32(csuite->vendor, data->vendor);
358
WPA_PUT_BE16(csuite->specifier, data->specifier);
360
if (eap_gpsk_derive_keys(data->psk, data->psk_len,
361
data->vendor, data->specifier,
362
data->rand_peer, data->rand_server,
363
data->id_peer, data->id_peer_len,
364
data->id_server, data->id_server_len,
365
data->msk, data->emsk,
366
data->sk, &data->sk_len,
367
data->pk, &data->pk_len) < 0) {
368
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive keys");
369
eap_gpsk_state(data, FAILURE);
374
if (eap_gpsk_derive_session_id(data->psk, data->psk_len,
375
data->vendor, data->specifier,
376
data->rand_peer, data->rand_server,
377
data->id_peer, data->id_peer_len,
378
data->id_server, data->id_server_len,
380
data->session_id, &data->id_len) < 0) {
381
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive Session-Id");
382
eap_gpsk_state(data, FAILURE);
386
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Derived Session-Id",
387
data->session_id, data->id_len);
389
/* No PD_Payload_1 */
390
wpabuf_put_be16(resp, 0);
392
rpos = wpabuf_put(resp, miclen);
393
if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
394
data->specifier, start, rpos - start, rpos) <
396
eap_gpsk_state(data, FAILURE);
405
static const u8 * eap_gpsk_validate_rand(struct eap_gpsk_data *data,
406
const u8 *pos, const u8 *end)
408
if (end - pos < EAP_GPSK_RAND_LEN) {
409
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
413
if (os_memcmp(pos, data->rand_peer, EAP_GPSK_RAND_LEN) != 0) {
414
wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-2 and "
415
"GPSK-3 did not match");
416
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-2",
417
data->rand_peer, EAP_GPSK_RAND_LEN);
418
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer in GPSK-3",
419
pos, EAP_GPSK_RAND_LEN);
422
pos += EAP_GPSK_RAND_LEN;
424
if (end - pos < EAP_GPSK_RAND_LEN) {
425
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
429
if (os_memcmp(pos, data->rand_server, EAP_GPSK_RAND_LEN) != 0) {
430
wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1 and "
431
"GPSK-3 did not match");
432
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1",
433
data->rand_server, EAP_GPSK_RAND_LEN);
434
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-3",
435
pos, EAP_GPSK_RAND_LEN);
438
pos += EAP_GPSK_RAND_LEN;
444
static const u8 * eap_gpsk_validate_id_server(struct eap_gpsk_data *data,
445
const u8 *pos, const u8 *end)
452
if (end - pos < (int) 2) {
453
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
454
"length(ID_Server)");
458
len = WPA_GET_BE16(pos);
461
if (end - pos < (int) len) {
462
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
467
if (len != data->id_server_len ||
468
os_memcmp(pos, data->id_server, len) != 0) {
469
wpa_printf(MSG_INFO, "EAP-GPSK: ID_Server did not match with "
470
"the one used in GPSK-1");
471
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1",
472
data->id_server, data->id_server_len);
473
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-3",
484
static const u8 * eap_gpsk_validate_csuite(struct eap_gpsk_data *data,
485
const u8 *pos, const u8 *end)
487
int vendor, specifier;
488
const struct eap_gpsk_csuite *csuite;
493
if (end - pos < (int) sizeof(*csuite)) {
494
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
498
csuite = (const struct eap_gpsk_csuite *) pos;
499
vendor = WPA_GET_BE32(csuite->vendor);
500
specifier = WPA_GET_BE16(csuite->specifier);
501
pos += sizeof(*csuite);
502
if (vendor != data->vendor || specifier != data->specifier) {
503
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel (%d:%d) does not "
504
"match with the one sent in GPSK-2 (%d:%d)",
505
vendor, specifier, data->vendor, data->specifier);
513
static const u8 * eap_gpsk_validate_pd_payload_2(struct eap_gpsk_data *data,
514
const u8 *pos, const u8 *end)
522
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
523
"PD_Payload_2 length");
526
alen = WPA_GET_BE16(pos);
528
if (end - pos < alen) {
529
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for "
530
"%d-octet PD_Payload_2", alen);
533
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_2", pos, alen);
540
static const u8 * eap_gpsk_validate_gpsk_3_mic(struct eap_gpsk_data *data,
542
const u8 *pos, const u8 *end)
545
u8 mic[EAP_GPSK_MAX_MIC_LEN];
550
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
551
if (end - pos < (int) miclen) {
552
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
553
"(left=%lu miclen=%lu)",
554
(unsigned long) (end - pos),
555
(unsigned long) miclen);
558
if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
559
data->specifier, payload, pos - payload, mic)
561
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
564
if (os_memcmp(mic, pos, miclen) != 0) {
565
wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-3");
566
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
567
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
576
static struct wpabuf * eap_gpsk_process_gpsk_3(struct eap_sm *sm,
577
struct eap_gpsk_data *data,
578
struct eap_method_ret *ret,
579
const struct wpabuf *reqData,
586
if (data->state != GPSK_3) {
591
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Request/GPSK-3");
593
end = payload + payload_len;
595
pos = eap_gpsk_validate_rand(data, payload, end);
596
pos = eap_gpsk_validate_id_server(data, pos, end);
597
pos = eap_gpsk_validate_csuite(data, pos, end);
598
pos = eap_gpsk_validate_pd_payload_2(data, pos, end);
599
pos = eap_gpsk_validate_gpsk_3_mic(data, payload, pos, end);
602
eap_gpsk_state(data, FAILURE);
606
wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
607
"data in the end of GPSK-2",
608
(unsigned long) (end - pos));
611
resp = eap_gpsk_send_gpsk_4(data, eap_get_id(reqData));
615
eap_gpsk_state(data, SUCCESS);
616
ret->methodState = METHOD_DONE;
617
ret->decision = DECISION_UNCOND_SUCC;
623
static struct wpabuf * eap_gpsk_send_gpsk_4(struct eap_gpsk_data *data,
630
wpa_printf(MSG_DEBUG, "EAP-GPSK: Sending Response/GPSK-4");
632
mlen = eap_gpsk_mic_len(data->vendor, data->specifier);
634
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, 1 + 2 + mlen,
635
EAP_CODE_RESPONSE, identifier);
639
wpabuf_put_u8(resp, EAP_GPSK_OPCODE_GPSK_4);
640
start = wpabuf_put(resp, 0);
642
/* No PD_Payload_3 */
643
wpabuf_put_be16(resp, 0);
645
rpos = wpabuf_put(resp, mlen);
646
if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
647
data->specifier, start, rpos - start, rpos) <
649
eap_gpsk_state(data, FAILURE);
658
static struct wpabuf * eap_gpsk_process(struct eap_sm *sm, void *priv,
659
struct eap_method_ret *ret,
660
const struct wpabuf *reqData)
662
struct eap_gpsk_data *data = priv;
667
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqData, &len);
668
if (pos == NULL || len < 1) {
673
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode %d", *pos);
676
ret->methodState = METHOD_MAY_CONT;
677
ret->decision = DECISION_FAIL;
678
ret->allowNotifications = FALSE;
681
case EAP_GPSK_OPCODE_GPSK_1:
682
resp = eap_gpsk_process_gpsk_1(sm, data, ret, reqData,
685
case EAP_GPSK_OPCODE_GPSK_3:
686
resp = eap_gpsk_process_gpsk_3(sm, data, ret, reqData,
690
wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignoring message with "
691
"unknown opcode %d", *pos);
700
static Boolean eap_gpsk_isKeyAvailable(struct eap_sm *sm, void *priv)
702
struct eap_gpsk_data *data = priv;
703
return data->state == SUCCESS;
707
static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len)
709
struct eap_gpsk_data *data = priv;
712
if (data->state != SUCCESS)
715
key = os_malloc(EAP_MSK_LEN);
718
os_memcpy(key, data->msk, EAP_MSK_LEN);
725
static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
727
struct eap_gpsk_data *data = priv;
730
if (data->state != SUCCESS)
733
key = os_malloc(EAP_EMSK_LEN);
736
os_memcpy(key, data->emsk, EAP_EMSK_LEN);
743
static u8 * eap_gpsk_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
745
struct eap_gpsk_data *data = priv;
748
if (data->state != SUCCESS)
751
sid = os_malloc(data->id_len);
754
os_memcpy(sid, data->session_id, data->id_len);
761
int eap_peer_gpsk_register(void)
763
struct eap_method *eap;
766
eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
767
EAP_VENDOR_IETF, EAP_TYPE_GPSK, "GPSK");
771
eap->init = eap_gpsk_init;
772
eap->deinit = eap_gpsk_deinit;
773
eap->process = eap_gpsk_process;
774
eap->isKeyAvailable = eap_gpsk_isKeyAvailable;
775
eap->getKey = eap_gpsk_getKey;
776
eap->get_emsk = eap_gpsk_get_emsk;
777
eap->getSessionId = eap_gpsk_get_session_id;
779
ret = eap_peer_method_register(eap);
781
eap_peer_method_free(eap);