Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired years ago and it does not seem likely that EAP-TTLSv1 would be deployed. The implementation in hostapd/wpa_supplicant was not complete and not fully tested. In addition, the TLS/IA functionality was only available when GnuTLS was used. Since GnuTLS removed this functionality in 3.0.0, there is no available TLS/IA implementation in the latest version of any supported TLS library. Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted complexity from hostapd and wpa_supplicant. In addition, this removes any potential use of the GnuTLS extra library.
This commit is contained in:
Jouni Malinen
parent
e655e1f512
commit
fd2f2d0489
15 changed files with 48 additions and 1171 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* hostapd / EAP-TTLS (RFC 5281)
|
||||
* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
@ -24,16 +24,7 @@
|
|||
#include "eap_common/eap_ttls.h"
|
||||
|
||||
|
||||
/* Maximum supported TTLS version
|
||||
* 0 = RFC 5281
|
||||
* 1 = draft-funk-eap-ttls-v1-00.txt
|
||||
*/
|
||||
#ifndef EAP_TTLS_VERSION
|
||||
#define EAP_TTLS_VERSION 0 /* TTLSv1 implementation is not yet complete */
|
||||
#endif /* EAP_TTLS_VERSION */
|
||||
|
||||
|
||||
#define MSCHAPV2_KEY_LEN 16
|
||||
#define EAP_TTLS_VERSION 0
|
||||
|
||||
|
||||
static void eap_ttls_reset(struct eap_sm *sm, void *priv);
|
||||
|
|
@ -43,17 +34,15 @@ struct eap_ttls_data {
|
|||
struct eap_ssl_data ssl;
|
||||
enum {
|
||||
START, PHASE1, PHASE2_START, PHASE2_METHOD,
|
||||
PHASE2_MSCHAPV2_RESP, PHASE_FINISHED, SUCCESS, FAILURE
|
||||
PHASE2_MSCHAPV2_RESP, SUCCESS, FAILURE
|
||||
} state;
|
||||
|
||||
int ttls_version;
|
||||
int force_version;
|
||||
const struct eap_method *phase2_method;
|
||||
void *phase2_priv;
|
||||
int mschapv2_resp_ok;
|
||||
u8 mschapv2_auth_response[20];
|
||||
u8 mschapv2_ident;
|
||||
int tls_ia_configured;
|
||||
struct wpabuf *pending_phase2_eap_resp;
|
||||
int tnc_started;
|
||||
};
|
||||
|
|
@ -72,8 +61,6 @@ static const char * eap_ttls_state_txt(int state)
|
|||
return "PHASE2_METHOD";
|
||||
case PHASE2_MSCHAPV2_RESP:
|
||||
return "PHASE2_MSCHAPV2_RESP";
|
||||
case PHASE_FINISHED:
|
||||
return "PHASE_FINISHED";
|
||||
case SUCCESS:
|
||||
return "SUCCESS";
|
||||
case FAILURE:
|
||||
|
|
@ -320,54 +307,8 @@ fail:
|
|||
static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
|
||||
struct eap_ttls_data *data, size_t len)
|
||||
{
|
||||
struct tls_keys keys;
|
||||
u8 *challenge, *rnd;
|
||||
|
||||
if (data->ttls_version == 0) {
|
||||
return eap_server_tls_derive_key(sm, &data->ssl,
|
||||
"ttls challenge", len);
|
||||
}
|
||||
|
||||
os_memset(&keys, 0, sizeof(keys));
|
||||
if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
|
||||
keys.client_random == NULL || keys.server_random == NULL ||
|
||||
keys.inner_secret == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, "
|
||||
"client random, or server random to derive "
|
||||
"implicit challenge");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rnd = os_malloc(keys.client_random_len + keys.server_random_len);
|
||||
challenge = os_malloc(len);
|
||||
if (rnd == NULL || challenge == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: No memory for implicit "
|
||||
"challenge derivation");
|
||||
os_free(rnd);
|
||||
os_free(challenge);
|
||||
return NULL;
|
||||
}
|
||||
os_memcpy(rnd, keys.server_random, keys.server_random_len);
|
||||
os_memcpy(rnd + keys.server_random_len, keys.client_random,
|
||||
keys.client_random_len);
|
||||
|
||||
if (tls_prf(keys.inner_secret, keys.inner_secret_len,
|
||||
"inner application challenge", rnd,
|
||||
keys.client_random_len + keys.server_random_len,
|
||||
challenge, len)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive implicit "
|
||||
"challenge");
|
||||
os_free(rnd);
|
||||
os_free(challenge);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
os_free(rnd);
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived implicit challenge",
|
||||
challenge, len);
|
||||
|
||||
return challenge;
|
||||
return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge",
|
||||
len);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -379,27 +320,8 @@ static void * eap_ttls_init(struct eap_sm *sm)
|
|||
if (data == NULL)
|
||||
return NULL;
|
||||
data->ttls_version = EAP_TTLS_VERSION;
|
||||
data->force_version = -1;
|
||||
if (sm->user && sm->user->force_version >= 0) {
|
||||
data->force_version = sm->user->force_version;
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: forcing version %d",
|
||||
data->force_version);
|
||||
data->ttls_version = data->force_version;
|
||||
}
|
||||
data->state = START;
|
||||
|
||||
if (!(tls_capabilities(sm->ssl_ctx) & TLS_CAPABILITY_IA) &&
|
||||
data->ttls_version > 0) {
|
||||
if (data->force_version > 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Forced TTLSv%d and "
|
||||
"TLS library does not support TLS/IA.",
|
||||
data->force_version);
|
||||
eap_ttls_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->ttls_version = 0;
|
||||
}
|
||||
|
||||
if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
|
||||
eap_ttls_reset(sm, data);
|
||||
|
|
@ -516,14 +438,6 @@ static struct wpabuf * eap_ttls_build_phase2_mschapv2(
|
|||
}
|
||||
|
||||
|
||||
static struct wpabuf * eap_ttls_build_phase_finished(
|
||||
struct eap_sm *sm, struct eap_ttls_data *data, int final)
|
||||
{
|
||||
return tls_connection_ia_send_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn, final);
|
||||
}
|
||||
|
||||
|
||||
static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
{
|
||||
struct eap_ttls_data *data = priv;
|
||||
|
|
@ -559,11 +473,6 @@ static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
|||
data->ssl.tls_out_pos = 0;
|
||||
data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
|
||||
break;
|
||||
case PHASE_FINISHED:
|
||||
wpabuf_free(data->ssl.tls_out);
|
||||
data->ssl.tls_out_pos = 0;
|
||||
data->ssl.tls_out = eap_ttls_build_phase_finished(sm, data, 1);
|
||||
break;
|
||||
default:
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
|
||||
__func__, data->state);
|
||||
|
|
@ -591,37 +500,6 @@ static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
|
|||
}
|
||||
|
||||
|
||||
static int eap_ttls_ia_permute_inner_secret(struct eap_sm *sm,
|
||||
struct eap_ttls_data *data,
|
||||
const u8 *key, size_t key_len)
|
||||
{
|
||||
u8 *buf;
|
||||
size_t buf_len;
|
||||
int ret;
|
||||
|
||||
if (key) {
|
||||
buf_len = 2 + key_len;
|
||||
buf = os_malloc(buf_len);
|
||||
if (buf == NULL)
|
||||
return -1;
|
||||
WPA_PUT_BE16(buf, key_len);
|
||||
os_memcpy(buf + 2, key, key_len);
|
||||
} else {
|
||||
buf = NULL;
|
||||
buf_len = 0;
|
||||
}
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Session keys for TLS/IA inner "
|
||||
"secret permutation", buf, buf_len);
|
||||
ret = tls_connection_ia_permute_inner_secret(sm->ssl_ctx,
|
||||
data->ssl.conn,
|
||||
buf, buf_len);
|
||||
os_free(buf);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
|
||||
struct eap_ttls_data *data,
|
||||
const u8 *user_password,
|
||||
|
|
@ -644,8 +522,7 @@ static void eap_ttls_process_phase2_pap(struct eap_sm *sm,
|
|||
}
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
|
||||
eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED :
|
||||
SUCCESS);
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -701,8 +578,7 @@ static void eap_ttls_process_phase2_chap(struct eap_sm *sm,
|
|||
|
||||
if (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
|
||||
eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED :
|
||||
SUCCESS);
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
|
||||
eap_ttls_state(data, FAILURE);
|
||||
|
|
@ -762,8 +638,7 @@ static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
|
|||
|
||||
if (os_memcmp(nt_response, response + 2 + 24, 24) == 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
|
||||
eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED :
|
||||
SUCCESS);
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
|
||||
wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
|
||||
|
|
@ -863,30 +738,6 @@ static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
|||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
|
||||
"NT-Response");
|
||||
data->mschapv2_resp_ok = 1;
|
||||
if (data->ttls_version > 0) {
|
||||
const u8 *pw_hash;
|
||||
u8 pw_hash_buf[16], pw_hash_hash[16], master_key[16];
|
||||
u8 session_key[2 * MSCHAPV2_KEY_LEN];
|
||||
|
||||
if (sm->user->password_hash)
|
||||
pw_hash = sm->user->password;
|
||||
else {
|
||||
nt_password_hash(sm->user->password,
|
||||
sm->user->password_len,
|
||||
pw_hash_buf);
|
||||
pw_hash = pw_hash_buf;
|
||||
}
|
||||
hash_nt_password_hash(pw_hash, pw_hash_hash);
|
||||
get_master_key(pw_hash_hash, nt_response, master_key);
|
||||
get_asymetric_start_key(master_key, session_key,
|
||||
MSCHAPV2_KEY_LEN, 0, 0);
|
||||
get_asymetric_start_key(master_key,
|
||||
session_key + MSCHAPV2_KEY_LEN,
|
||||
MSCHAPV2_KEY_LEN, 1, 0);
|
||||
eap_ttls_ia_permute_inner_secret(sm, data,
|
||||
session_key,
|
||||
sizeof(session_key));
|
||||
}
|
||||
|
||||
if (sm->user->password_hash) {
|
||||
generate_authenticator_response_pwhash(
|
||||
|
|
@ -1030,17 +881,7 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
|
|||
}
|
||||
break;
|
||||
case PHASE2_METHOD:
|
||||
if (data->ttls_version > 0) {
|
||||
if (m->getKey) {
|
||||
u8 *key;
|
||||
size_t key_len;
|
||||
key = m->getKey(sm, priv, &key_len);
|
||||
eap_ttls_ia_permute_inner_secret(sm, data,
|
||||
key, key_len);
|
||||
}
|
||||
eap_ttls_state(data, PHASE_FINISHED);
|
||||
} else
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
break;
|
||||
case FAILURE:
|
||||
break;
|
||||
|
|
@ -1130,23 +971,6 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
|
|||
return;
|
||||
}
|
||||
|
||||
if (data->state == PHASE_FINISHED) {
|
||||
if (wpabuf_len(in_decrypted) == 0 &&
|
||||
tls_connection_ia_final_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: FinalPhaseFinished "
|
||||
"received");
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
} else {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Did not receive valid "
|
||||
"FinalPhaseFinished");
|
||||
eap_ttls_state(data, FAILURE);
|
||||
}
|
||||
|
||||
wpabuf_free(in_decrypted);
|
||||
return;
|
||||
}
|
||||
|
||||
wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP",
|
||||
in_decrypted);
|
||||
|
||||
|
|
@ -1245,15 +1069,6 @@ static int eap_ttls_process_version(struct eap_sm *sm, void *priv,
|
|||
data->ttls_version = peer_version;
|
||||
}
|
||||
|
||||
if (data->ttls_version > 0 && !data->tls_ia_configured) {
|
||||
if (tls_connection_set_ia(sm->ssl_ctx, data->ssl.conn, 1)) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to enable "
|
||||
"TLS/IA");
|
||||
return -1;
|
||||
}
|
||||
data->tls_ia_configured = 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1270,7 +1085,6 @@ static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
|
|||
break;
|
||||
case PHASE2_START:
|
||||
case PHASE2_METHOD:
|
||||
case PHASE_FINISHED:
|
||||
eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
|
||||
eap_ttls_start_tnc(sm, data);
|
||||
break;
|
||||
|
|
@ -1279,8 +1093,7 @@ static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
|
|||
0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
|
||||
"acknowledged response");
|
||||
eap_ttls_state(data, data->ttls_version > 0 ?
|
||||
PHASE_FINISHED : SUCCESS);
|
||||
eap_ttls_state(data, SUCCESS);
|
||||
} else if (!data->mschapv2_resp_ok) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
|
||||
"acknowledged error");
|
||||
|
|
@ -1321,54 +1134,6 @@ static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
|
|||
}
|
||||
|
||||
|
||||
static u8 * eap_ttls_v1_derive_key(struct eap_sm *sm,
|
||||
struct eap_ttls_data *data)
|
||||
{
|
||||
struct tls_keys keys;
|
||||
u8 *rnd, *key;
|
||||
|
||||
os_memset(&keys, 0, sizeof(keys));
|
||||
if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
|
||||
keys.client_random == NULL || keys.server_random == NULL ||
|
||||
keys.inner_secret == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, "
|
||||
"client random, or server random to derive keying "
|
||||
"material");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rnd = os_malloc(keys.client_random_len + keys.server_random_len);
|
||||
key = os_malloc(EAP_TLS_KEY_LEN);
|
||||
if (rnd == NULL || key == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: No memory for key derivation");
|
||||
os_free(rnd);
|
||||
os_free(key);
|
||||
return NULL;
|
||||
}
|
||||
os_memcpy(rnd, keys.client_random, keys.client_random_len);
|
||||
os_memcpy(rnd + keys.client_random_len, keys.server_random,
|
||||
keys.server_random_len);
|
||||
|
||||
if (tls_prf(keys.inner_secret, keys.inner_secret_len,
|
||||
"ttls v1 keying material", rnd, keys.client_random_len +
|
||||
keys.server_random_len, key, EAP_TLS_KEY_LEN)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key");
|
||||
os_free(rnd);
|
||||
os_free(key);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-TTLS: client/server random",
|
||||
rnd, keys.client_random_len + keys.server_random_len);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: TLS/IA inner secret",
|
||||
keys.inner_secret, keys.inner_secret_len);
|
||||
|
||||
os_free(rnd);
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
|
||||
static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||
{
|
||||
struct eap_ttls_data *data = priv;
|
||||
|
|
@ -1377,14 +1142,9 @@ static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
if (data->state != SUCCESS)
|
||||
return NULL;
|
||||
|
||||
if (data->ttls_version == 0) {
|
||||
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
|
||||
"ttls keying material",
|
||||
EAP_TLS_KEY_LEN);
|
||||
} else {
|
||||
eapKeyData = eap_ttls_v1_derive_key(sm, data);
|
||||
}
|
||||
|
||||
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
|
||||
"ttls keying material",
|
||||
EAP_TLS_KEY_LEN);
|
||||
if (eapKeyData) {
|
||||
*len = EAP_TLS_KEY_LEN;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue