EAP server: Extend EAP-TLS Commitment Message use to PEAP and EAP-TTLS

Use the explicit Commitment Message per draft-ietf-emu-eap-tls13-13
Section 2.5 and extend this functionality to PEAP and EAP-TTLS when
using TLS 1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
This commit is contained in:
Alexander Clouter 2020-10-16 09:49:38 +01:00 committed by Jouni Malinen
parent fae4eafe4a
commit 0dee287c84
3 changed files with 69 additions and 36 deletions

View file

@ -512,7 +512,25 @@ static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm,
encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
os_free(hdr);
return encr_req;
if (!data->ssl.tls_v13 ||
!tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) {
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
return encr_req;
}
if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr_req)) < 0) {
wpa_printf(MSG_INFO,
"EAP-PEAP: Failed to resize output buffer");
wpabuf_free(encr_req);
return NULL;
}
wpabuf_put_buf(data->ssl.tls_out, encr_req);
wpa_hexdump_buf(MSG_DEBUG,
"EAP-PEAP: Data appended to the message", encr_req);
os_free(encr_req);
return data->ssl.tls_out;
}
@ -561,8 +579,6 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
break;
case SUCCESS_REQ:
wpabuf_free(data->ssl.tls_out);
data->ssl.tls_out_pos = 0;
data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
1);
break;

View file

@ -266,39 +266,6 @@ static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
eap_tls_state(data, FAILURE);
return;
}
if (data->ssl.tls_v13 &&
tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn)) {
struct wpabuf *plain, *encr;
wpa_printf(MSG_DEBUG,
"EAP-TLS: Send empty application data to indicate end of exchange");
/* FIX: This should be an empty application data based on
* draft-ietf-emu-eap-tls13-05, but OpenSSL does not allow zero
* length payload (SSL_write() documentation explicitly
* describes this as not allowed), so work around that for now
* by sending out a payload of one octet. Hopefully the draft
* specification will change to allow this so that no crypto
* library changes are needed. */
plain = wpabuf_alloc(1);
if (!plain)
return;
wpabuf_put_u8(plain, 0);
encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
wpabuf_free(plain);
if (!encr)
return;
if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
wpa_printf(MSG_INFO,
"EAP-TLS: Failed to resize output buffer");
wpabuf_free(encr);
return;
}
wpabuf_put_buf(data->ssl.tls_out, encr);
wpa_hexdump_buf(MSG_DEBUG,
"EAP-TLS: Data appended to the message", encr);
wpabuf_free(encr);
}
}

View file

@ -366,6 +366,56 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
sm->serial_num = tls_connection_peer_serial_num(
sm->cfg->ssl_ctx, data->conn);
/*
* https://tools.ietf.org/html/draft-ietf-emu-eap-tls13#section-2.5
*
* We need to signal the other end that TLS negotiation is done. We
* can't send a zero-length application data message, so we send
* application data which is one byte of zero.
*
* Note this is only done for when there is no application data to be
* sent. So this is done always for EAP-TLS but notibly not for PEAP
* even on resumption.
*/
if (data->tls_v13 &&
tls_connection_established(sm->cfg->ssl_ctx, data->conn)) {
struct wpabuf *plain, *encr;
switch (sm->currentMethod) {
case EAP_TYPE_PEAP:
break;
default:
if (!tls_connection_resumed(sm->cfg->ssl_ctx,
data->conn))
break;
/* fallthrough */
case EAP_TYPE_TLS:
wpa_printf(MSG_DEBUG,
"EAP-TLS: Send Commitment Message");
plain = wpabuf_alloc(1);
if (!plain)
return -1;
wpabuf_put_u8(plain, 0);
encr = eap_server_tls_encrypt(sm, data, plain);
wpabuf_free(plain);
if (!encr)
return -1;
if (wpabuf_resize(&data->tls_out, wpabuf_len(encr)) < 0)
{
wpa_printf(MSG_INFO,
"EAP-TLS: Failed to resize output buffer");
wpabuf_free(encr);
return -1;
}
wpabuf_put_buf(data->tls_out, encr);
wpa_hexdump_buf(MSG_DEBUG,
"EAP-TLS: Data appended to the message",
encr);
wpabuf_free(encr);
}
}
return 0;
}