EAP server: Extend EAP-TLS Commitment Message use to PEAP and EAP-TTLS
Use the explicit Commitment Message per draft-ietf-emu-eap-tls13-13 Section 2.5 and extend this functionality to PEAP and EAP-TTLS when using TLS 1.3. Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
This commit is contained in:
Alexander Clouter
Jouni Malinen
parent
fae4eafe4a
commit
0dee287c84
3 changed files with 69 additions and 36 deletions
|
|
@ -512,9 +512,27 @@ static struct wpabuf * eap_peap_build_phase2_term(struct eap_sm *sm,
|
||||||
encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
|
encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf);
|
||||||
os_free(hdr);
|
os_free(hdr);
|
||||||
|
|
||||||
|
if (!data->ssl.tls_v13 ||
|
||||||
|
!tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) {
|
||||||
|
wpabuf_free(data->ssl.tls_out);
|
||||||
|
data->ssl.tls_out_pos = 0;
|
||||||
return encr_req;
|
return encr_req;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr_req)) < 0) {
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"EAP-PEAP: Failed to resize output buffer");
|
||||||
|
wpabuf_free(encr_req);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
wpabuf_put_buf(data->ssl.tls_out, encr_req);
|
||||||
|
wpa_hexdump_buf(MSG_DEBUG,
|
||||||
|
"EAP-PEAP: Data appended to the message", encr_req);
|
||||||
|
os_free(encr_req);
|
||||||
|
|
||||||
|
return data->ssl.tls_out;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||||
{
|
{
|
||||||
|
|
@ -561,8 +579,6 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||||
data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
|
data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
|
||||||
break;
|
break;
|
||||||
case SUCCESS_REQ:
|
case SUCCESS_REQ:
|
||||||
wpabuf_free(data->ssl.tls_out);
|
|
||||||
data->ssl.tls_out_pos = 0;
|
|
||||||
data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
|
data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
|
||||||
1);
|
1);
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -266,39 +266,6 @@ static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
|
||||||
eap_tls_state(data, FAILURE);
|
eap_tls_state(data, FAILURE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->ssl.tls_v13 &&
|
|
||||||
tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn)) {
|
|
||||||
struct wpabuf *plain, *encr;
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"EAP-TLS: Send empty application data to indicate end of exchange");
|
|
||||||
/* FIX: This should be an empty application data based on
|
|
||||||
* draft-ietf-emu-eap-tls13-05, but OpenSSL does not allow zero
|
|
||||||
* length payload (SSL_write() documentation explicitly
|
|
||||||
* describes this as not allowed), so work around that for now
|
|
||||||
* by sending out a payload of one octet. Hopefully the draft
|
|
||||||
* specification will change to allow this so that no crypto
|
|
||||||
* library changes are needed. */
|
|
||||||
plain = wpabuf_alloc(1);
|
|
||||||
if (!plain)
|
|
||||||
return;
|
|
||||||
wpabuf_put_u8(plain, 0);
|
|
||||||
encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
|
|
||||||
wpabuf_free(plain);
|
|
||||||
if (!encr)
|
|
||||||
return;
|
|
||||||
if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
|
|
||||||
wpa_printf(MSG_INFO,
|
|
||||||
"EAP-TLS: Failed to resize output buffer");
|
|
||||||
wpabuf_free(encr);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
wpabuf_put_buf(data->ssl.tls_out, encr);
|
|
||||||
wpa_hexdump_buf(MSG_DEBUG,
|
|
||||||
"EAP-TLS: Data appended to the message", encr);
|
|
||||||
wpabuf_free(encr);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -366,6 +366,56 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
|
||||||
sm->serial_num = tls_connection_peer_serial_num(
|
sm->serial_num = tls_connection_peer_serial_num(
|
||||||
sm->cfg->ssl_ctx, data->conn);
|
sm->cfg->ssl_ctx, data->conn);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* https://tools.ietf.org/html/draft-ietf-emu-eap-tls13#section-2.5
|
||||||
|
*
|
||||||
|
* We need to signal the other end that TLS negotiation is done. We
|
||||||
|
* can't send a zero-length application data message, so we send
|
||||||
|
* application data which is one byte of zero.
|
||||||
|
*
|
||||||
|
* Note this is only done for when there is no application data to be
|
||||||
|
* sent. So this is done always for EAP-TLS but notibly not for PEAP
|
||||||
|
* even on resumption.
|
||||||
|
*/
|
||||||
|
if (data->tls_v13 &&
|
||||||
|
tls_connection_established(sm->cfg->ssl_ctx, data->conn)) {
|
||||||
|
struct wpabuf *plain, *encr;
|
||||||
|
|
||||||
|
switch (sm->currentMethod) {
|
||||||
|
case EAP_TYPE_PEAP:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (!tls_connection_resumed(sm->cfg->ssl_ctx,
|
||||||
|
data->conn))
|
||||||
|
break;
|
||||||
|
/* fallthrough */
|
||||||
|
case EAP_TYPE_TLS:
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"EAP-TLS: Send Commitment Message");
|
||||||
|
|
||||||
|
plain = wpabuf_alloc(1);
|
||||||
|
if (!plain)
|
||||||
|
return -1;
|
||||||
|
wpabuf_put_u8(plain, 0);
|
||||||
|
encr = eap_server_tls_encrypt(sm, data, plain);
|
||||||
|
wpabuf_free(plain);
|
||||||
|
if (!encr)
|
||||||
|
return -1;
|
||||||
|
if (wpabuf_resize(&data->tls_out, wpabuf_len(encr)) < 0)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"EAP-TLS: Failed to resize output buffer");
|
||||||
|
wpabuf_free(encr);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
wpabuf_put_buf(data->tls_out, encr);
|
||||||
|
wpa_hexdump_buf(MSG_DEBUG,
|
||||||
|
"EAP-TLS: Data appended to the message",
|
||||||
|
encr);
|
||||||
|
wpabuf_free(encr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue