Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-06 03:59:22 +01:00
Code Releases Activity
8799d5a393
iwd/src/eap-tls-common.c

1088 lines
25 KiB
C
Raw Normal View History

eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
/*
*
* Wireless daemon for Linux
*
treewide: Move the Intel copyright forward to 2019
2019-10-25 00:43:08 +02:00
* Copyright (C) 2018-2019 Intel Corporation. All rights reserved.
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
#include <stdio.h>
#include <errno.h>
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
#include <ell/ell.h>
build: Add support for including fallbacks for missing defines
2019-04-03 18:34:22 +02:00
#include "src/missing.h"
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
#include "src/eap.h"
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
#include "src/eap-private.h"
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
#include "src/eap-tls-common.h"
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
eap-tls-common: Make databuf private
2018-12-11 23:56:54 +01:00
struct databuf {
uint8_t *data;
size_t len;
size_t capacity;
};
static struct databuf *databuf_new(size_t capacity)
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
{
struct databuf *databuf;
if (!capacity)
return NULL;
databuf = l_new(struct databuf, 1);
databuf->data = l_malloc(capacity);
databuf->capacity = capacity;
return databuf;
}
eap-tls-common: Make databuf private
2018-12-11 23:56:54 +01:00
static void databuf_append(struct databuf *databuf, const uint8_t *data,
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
size_t data_len)
{
size_t new_len;
if (!databuf)
return;
new_len = databuf->len + data_len;
if (new_len > databuf->capacity) {
databuf->capacity = new_len * 2;
databuf->data = l_realloc(databuf->data, databuf->capacity);
}
memcpy(databuf->data + databuf->len, data, data_len);
databuf->len = new_len;
}
eap-tls-common: Make databuf private
2018-12-11 23:56:54 +01:00
static void databuf_free(struct databuf *databuf)
eap-tls-common: introduce utility functions for eap-tls
2018-09-21 01:38:24 +02:00
{
if (!databuf)
return;
l_free(databuf->data);
l_free(databuf);
}
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
#define EAP_TLS_PDU_MAX_LEN 65536
#define EAP_TLS_HEADER_LEN 6
#define EAP_TLS_HEADER_OCTET_FLAGS 5
#define EAP_TLS_HEADER_OCTET_FRAG_LEN 6
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
enum eap_tls_flag {
/* Reserved = 0x00, */
EAP_TLS_FLAG_S = 0x20,
EAP_TLS_FLAG_M = 0x40,
EAP_TLS_FLAG_L = 0x80,
};
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
struct eap_tls_state {
enum eap_tls_version version_negotiated;
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
struct l_tls *tunnel;
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
bool method_completed:1;
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
bool phase2_failed:1;
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
eap-tls-common: Add tunneled data handling
2018-11-29 23:41:32 +01:00
struct databuf *plain_buf;
struct databuf *tx_pdu_buf;
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
struct databuf *rx_pdu_buf;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
size_t tx_frag_offset;
size_t tx_frag_last_len;
bool expecting_frag_ack:1;
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
bool tunnel_ready:1;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
struct l_queue *ca_cert;
struct l_certchain *client_cert;
struct l_key *client_key;
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
char **domain_mask;
eap-tls-common: Introduce eap_tls_variant_ops eap_tls_variant_ops will allow methods such as TTLS, PEAP, etc. to specify their own handlers for the Phase 2 operations.
2018-11-29 23:41:28 +01:00
const struct eap_tls_variant_ops *variant_ops;
eap-tls-common: Introduce variant data and reset API
2018-11-29 23:41:40 +01:00
void *variant_data;
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
};
static void __eap_tls_common_state_reset(struct eap_tls_state *eap_tls)
{
eap_tls->version_negotiated = EAP_TLS_VERSION_NOT_NEGOTIATED;
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
eap_tls->method_completed = false;
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
eap_tls->phase2_failed = false;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap_tls->expecting_frag_ack = false;
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
eap_tls->tunnel_ready = false;
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
eap-tls: Keep l_tls instance for reauthentication After one of the eap-tls-common-based methods succeeds keep the TLS tunnel instance until the method is freed, rather than free it the moment the method succeeds. This fixes repeated method runs where until now each next run would attempt to create a new TLS tunnel instance but would have no authentication data (CA certificate, client certificate, private key and private key passphrase) since those are were by the old l_tls object from the moment of the l_tls_set_auth_data() call. Use l_tls_reset() to reset the TLS state after method success, followed by a new l_tls_start() when the reauthentication starts.
2022-05-26 18:01:53 +02:00
/*
* Keep the tunnel instance to avoid losing the authentication
* settings that we may have loaded with l_tls_set_auth_data()
* since .reset_state is not supposed to clear settings.
*/
if (eap_tls->tunnel)
l_tls_reset(eap_tls->tunnel);
eap-tls-common: Add tunneled data handling
2018-11-29 23:41:32 +01:00
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap_tls->tx_frag_offset = 0;
eap_tls->tx_frag_last_len = 0;
eap-tls-common: Add tunneled data handling
2018-11-29 23:41:32 +01:00
if (eap_tls->plain_buf) {
databuf_free(eap_tls->plain_buf);
eap_tls->plain_buf = NULL;
}
if (eap_tls->tx_pdu_buf) {
databuf_free(eap_tls->tx_pdu_buf);
eap_tls->tx_pdu_buf = NULL;
}
if (eap_tls->rx_pdu_buf) {
databuf_free(eap_tls->rx_pdu_buf);
eap_tls->rx_pdu_buf = NULL;
}
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
static void __eap_tls_common_state_free(struct eap_tls_state *eap_tls)
{
if (eap_tls->ca_cert)
l_queue_destroy(eap_tls->ca_cert,
(l_queue_destroy_func_t)l_cert_free);
if (eap_tls->client_cert)
l_certchain_free(eap_tls->client_cert);
if (eap_tls->client_key)
l_key_free(eap_tls->client_key);
l_strv_free(eap_tls->domain_mask);
eap-tls: Keep l_tls instance for reauthentication After one of the eap-tls-common-based methods succeeds keep the TLS tunnel instance until the method is freed, rather than free it the moment the method succeeds. This fixes repeated method runs where until now each next run would attempt to create a new TLS tunnel instance but would have no authentication data (CA certificate, client certificate, private key and private key passphrase) since those are were by the old l_tls object from the moment of the l_tls_set_auth_data() call. Use l_tls_reset() to reset the TLS state after method success, followed by a new l_tls_start() when the reauthentication starts.
2022-05-26 18:01:53 +02:00
if (eap_tls->tunnel)
l_tls_free(eap_tls->tunnel);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
l_free(eap_tls);
}
eap-tls-common: Introduce variant data and reset API
2018-11-29 23:41:40 +01:00
bool eap_tls_common_state_reset(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
__eap_tls_common_state_reset(eap_tls);
if (eap_tls->variant_ops->reset)
eap_tls->variant_ops->reset(eap_tls->variant_data);
return true;
}
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
void eap_tls_common_state_free(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
__eap_tls_common_state_reset(eap_tls);
eap_set_data(eap, NULL);
eap-tls-common: Introduce variant data and reset API
2018-11-29 23:41:40 +01:00
if (eap_tls->variant_ops->destroy)
eap_tls->variant_ops->destroy(eap_tls->variant_data);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
__eap_tls_common_state_free(eap_tls);
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
}
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
static void eap_tls_tunnel_debug(const char *str, void *user_data)
{
struct eap_state *eap = user_data;
l_info("%s: %s", eap_get_method_name(eap), str);
}
static void eap_tls_tunnel_data_send(const uint8_t *data, size_t data_len,
void *user_data)
{
eap-tls-common: Add tunneled data handling
2018-11-29 23:41:32 +01:00
struct eap_state *eap = user_data;
struct eap_tls_state *eap_tls = eap_get_data(eap);
if (!eap_tls->tx_pdu_buf)
eap_tls->tx_pdu_buf = databuf_new(data_len);
databuf_append(eap_tls->tx_pdu_buf, data, data_len);
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
}
static void eap_tls_tunnel_data_received(const uint8_t *data, size_t data_len,
void *user_data)
{
eap-tls-common: Add tunneled data handling
2018-11-29 23:41:32 +01:00
struct eap_state *eap = user_data;
struct eap_tls_state *eap_tls = eap_get_data(eap);
if (!eap_tls->plain_buf)
eap_tls->plain_buf = databuf_new(data_len);
databuf_append(eap_tls->plain_buf, data, data_len);
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
}
static void eap_tls_tunnel_ready(const char *peer_identity, void *user_data)
{
eap-tls-common: Handle common tunnel ready cb
2018-11-29 23:41:37 +01:00
struct eap_state *eap = user_data;
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap-tls: Check AP identity in tls ready callbck Check that the TLS logic has verified the server is trusted by the CA if one was configured. This is more of an assert as ell intentionally only allows empty certificate chains from the peer in server mode (if a CA certficate is set) although this could be made configurable.
2018-12-10 14:51:36 +01:00
if (eap_tls->ca_cert && !peer_identity) {
l_error("%s: TLS did not verify AP identity",
eap_get_method_name(eap));
eap_method_error(eap);
return;
}
eap-tls-common: Handle common tunnel ready cb
2018-11-29 23:41:37 +01:00
/*
* Since authenticator may not send us EAP-Success/EAP-Failure
* in cleartext for the outer EAP method, we reinforce
* the completion with a timer.
*/
eap_start_complete_timeout(eap);
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
eap_tls->tunnel_ready = true;
eap-tls-common: Handle common tunnel ready cb
2018-11-29 23:41:37 +01:00
if (!eap_tls->variant_ops->tunnel_ready)
return;
if (!eap_tls->variant_ops->tunnel_ready(eap, peer_identity))
l_tls_close(eap_tls->tunnel);
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
}
eap-tls: Print a hint about IWD_TLS_DEBUG on TLS errors
2020-03-19 22:12:18 +01:00
static void eap_tls_debug_hint(void)
{
if (!getenv("IWD_TLS_DEBUG"))
l_debug("set the IWD_TLS_DEBUG environment variable to see "
"more information");
}
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
static void eap_tls_tunnel_disconnected(enum l_tls_alert_desc reason,
bool remote, void *user_data)
{
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
struct eap_state *eap = user_data;
struct eap_tls_state *eap_tls = eap_get_data(eap);
l_info("%s: Tunnel has disconnected with alert: %s",
eap_get_method_name(eap), l_tls_alert_to_str(reason));
eap_tls->method_completed = true;
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
eap_tls->tunnel_ready = false;
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
}
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
static bool eap_tls_validate_version(struct eap_state *eap,
uint8_t flags_version)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
enum eap_tls_version version_proposed =
flags_version & EAP_TLS_VERSION_MASK;
if (eap_tls->version_negotiated == version_proposed)
return true;
if (!(flags_version & EAP_TLS_FLAG_S) ||
eap_tls->version_negotiated !=
EAP_TLS_VERSION_NOT_NEGOTIATED)
return false;
if (version_proposed < eap_tls->variant_ops->version_max_supported)
eap_tls->version_negotiated = version_proposed;
else
eap_tls->version_negotiated =
eap_tls->variant_ops->version_max_supported;
return true;
}
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
static void eap_tls_send_fragment(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
size_t mtu = eap_get_mtu(eap);
uint8_t buf[mtu];
size_t len = eap_tls->tx_pdu_buf->len - eap_tls->tx_frag_offset;
size_t header_len = EAP_TLS_HEADER_LEN;
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
uint8_t position = 0;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
if (eap_get_method_type(eap) == EAP_TYPE_EXPANDED) {
header_len += 7;
position += 7;
}
buf[EAP_TLS_HEADER_OCTET_FLAGS + position] =
eap_tls->version_negotiated;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
if (len > mtu - EAP_TLS_HEADER_LEN - position) {
len = mtu - EAP_TLS_HEADER_LEN - position;
buf[EAP_TLS_HEADER_OCTET_FLAGS + position] |= EAP_TLS_FLAG_M;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap_tls->expecting_frag_ack = true;
}
if (!eap_tls->tx_frag_offset) {
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
buf[EAP_TLS_HEADER_OCTET_FLAGS + position] |= EAP_TLS_FLAG_L;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
l_put_be32(eap_tls->tx_pdu_buf->len,
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
&buf[EAP_TLS_HEADER_OCTET_FRAG_LEN + position]);
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
len -= 4;
header_len += 4;
}
memcpy(buf + header_len,
eap_tls->tx_pdu_buf->data + eap_tls->tx_frag_offset, len);
eap: Simplify sending EAP method responses Replace the usage of eap_send_response() in the method implementations with a new eap_method_respond that skips the redundant "type" parameter. The new eap_send_packet is used inside eap_method_respond and will be reused for sending request packets in authenticator side EAP methods.
2020-08-13 02:50:17 +02:00
eap_method_respond(eap, buf, header_len + len);
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap_tls->tx_frag_last_len = len;
}
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
static bool needs_workaround(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
/*
* Windows Server 2008 - Network Policy Server (NPS) generates an
* invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0
* due to incorrect parsing of the message containing TLS Client Hello.
* Setting L bit and including TLS Message Length field, even for the
* packets that do not require fragmentation, corrects the issue. The
* redundant TLS Message Length field in unfragmented packets doesn't
* seem to effect the other server implementations.
*/
return eap_get_method_type(eap) == EAP_TYPE_PEAP &&
eap_tls->version_negotiated == EAP_TLS_VERSION_0 &&
!eap_tls->tunnel_ready;
}
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
static void eap_tls_send_response(struct eap_state *eap,
const uint8_t *pdu, size_t pdu_len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
size_t msg_len = EAP_TLS_HEADER_LEN + pdu_len;
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
bool set_tls_msg_len = needs_workaround(eap);
msg_len += set_tls_msg_len ? 4 : 0;
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
if (msg_len <= eap_get_mtu(eap)) {
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
uint8_t *buf;
uint8_t extra = 0;
if (eap_get_method_type(eap) == EAP_TYPE_EXPANDED) {
extra += 7;
msg_len += 7;
}
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
buf = l_malloc(msg_len);
buf[EAP_TLS_HEADER_OCTET_FLAGS + extra] =
eap_tls->version_negotiated;
eap-tls-common: Address PEAPv0 interoperability with Windows Windows Server 2008 - Network Policy Server (NPS) generates an invalid Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to incorrect parsing of the message containing TLS Client Hello. Setting L bit and including TLS Message Length field, even for the packets that do not require fragmentation, corrects the issue. The redundant TLS Message Length field in unfragmented packets doesn't seem to affect the other server implementations.
2020-01-31 23:25:14 +01:00
if (set_tls_msg_len) {
buf[extra + EAP_TLS_HEADER_OCTET_FLAGS] |=
EAP_TLS_FLAG_L;
l_put_be32(pdu_len,
&buf[extra + EAP_TLS_HEADER_OCTET_FRAG_LEN]);
extra += 4;
}
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
memcpy(buf + EAP_TLS_HEADER_LEN + extra, pdu, pdu_len);
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap: Simplify sending EAP method responses Replace the usage of eap_send_response() in the method implementations with a new eap_method_respond that skips the redundant "type" parameter. The new eap_send_packet is used inside eap_method_respond and will be reused for sending request packets in authenticator side EAP methods.
2020-08-13 02:50:17 +02:00
eap_method_respond(eap, buf, msg_len);
eap: Use l_malloc to avoid variable-length array bound is unknown error
2019-04-30 17:11:39 +02:00
l_free(buf);
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
return;
}
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
eap_tls->tx_frag_offset = 0;
eap_tls_send_fragment(eap);
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
}
eap-tls-common: Make send empty response func. public
2018-11-29 23:41:41 +01:00
void eap_tls_common_send_empty_response(struct eap_state *eap)
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
uint8_t buf[EAP_TLS_HEADER_LEN + 7];
uint8_t position = 0;
if (eap_get_method_type(eap) == EAP_TYPE_EXPANDED)
position += 7;
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
eap-tls-common: allow for EAP_TYPE_EXPANDED in TLS The Hotspot 2.0 spec introduces 'Anonymous EAP-TLS' as a new EAP method to be used with OSEN/Hotspot. The protocol details of this aren't relevant to this patch, but one major difference is that it uses the expanded EAP type rather than the TLS type. Since the common TLS code was written with only EAP_TYPE_TLS in mind the vendor ID/type cause the EAP packet to be malformed when using the expanded EAP type. To handle this the common TLS code now checks the EAP type, and if its expanded we shift the payload 7 bytes further to account for the extra header data.
2019-06-05 23:59:58 +02:00
buf[EAP_TLS_HEADER_OCTET_FLAGS + position] = eap_tls->version_negotiated;
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
eap: Simplify sending EAP method responses Replace the usage of eap_send_response() in the method implementations with a new eap_method_respond that skips the redundant "type" parameter. The new eap_send_packet is used inside eap_method_respond and will be reused for sending request packets in authenticator side EAP methods.
2020-08-13 02:50:17 +02:00
eap_method_respond(eap, buf, EAP_TLS_HEADER_LEN + position);
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
}
static int eap_tls_init_request_assembly(struct eap_state *eap,
const uint8_t *pkt, size_t len,
uint8_t flags)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
size_t tls_msg_len;
if (eap_tls->rx_pdu_buf) {
/*
* EAP-TLS: RFC 5216 Section 3.1
*
* The L bit (length included) is set to indicate the presence
* of the four-octet TLS Message Length field, and MUST be set
* for the first fragment of a fragmented TLS message or set of
* messages.
*/
eap-tls-common: Increase log level for the common warning
2018-12-17 21:05:08 +01:00
l_debug("%s: Server has set the L bit in the fragment other "
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
"than the first of a fragmented TLS message.",
eap_get_method_name(eap));
return 0;
}
if (len < 4)
return -EINVAL;
tls_msg_len = l_get_be32(pkt);
len -= 4;
if (!tls_msg_len || tls_msg_len > EAP_TLS_PDU_MAX_LEN) {
treewide: fix typos
2020-01-21 07:21:38 +01:00
l_warn("%s: Fragmented pkt size is outside of allowed"
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
" boundaries [1, %u]", eap_get_method_name(eap),
EAP_TLS_PDU_MAX_LEN);
return -EINVAL;
}
if (tls_msg_len == len) {
/*
* EAP-TLS: RFC 5216 Section 3.1
*
* The L bit (length included) is set to indicate the presence
* of the four-octet TLS Message Length field, and MUST be set
* for the first fragment of a fragmented TLS message or set of
* messages.
*
* EAP-TTLSv0: RFC 5281, Section 9.2.2:
* "Unfragmented messages MAY have the L bit set and include
* the length of the message (though this information is
* redundant)."
*
* Some of the PEAP server implementations set the L flag along
* with redundant TLS Message Length field for the un-fragmented
* packets.
*/
eap-tls-common: Increase log level for the common warning
2018-12-17 21:05:08 +01:00
l_debug("%s: Server has set the redundant TLS Message Length "
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
"field for the un-fragmented packet.",
eap_get_method_name(eap));
return -ENOMSG;
}
if (tls_msg_len < len) {
l_warn("%s: Fragmented pkt size is smaller than the received "
"packet.", eap_get_method_name(eap));
return -EINVAL;
}
eap_tls->rx_pdu_buf = databuf_new(tls_msg_len);
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
if (!(flags & EAP_TLS_FLAG_M)) {
/*
* EAP-TLS: RFC 5216 Section 3.1
*
* The M bit (more fragments) is set on all but the last
* fragment.
*
* Note: Some of the EAP-TLS based server implementations break
* the protocol and do not set the M flag for the first packet
* during the fragmented transmission. To stay compatible with
* such devices, we have relaxed this requirement.
*/
eap-tls-common: Increase log level for the common warning
2018-12-17 21:05:08 +01:00
l_debug("%s: Server has failed to set the M flag in the first"
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
" packet of the fragmented transmission.",
eap_get_method_name(eap));
return -EAGAIN;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
return 0;
}
static void eap_tls_send_fragmented_request_ack(struct eap_state *eap)
{
eap_tls_common_send_empty_response(eap);
}
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
static bool eap_tls_handle_fragmented_response_ack(struct eap_state *eap,
size_t len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
if (len)
return false;
if (!eap_tls->tx_frag_last_len)
return false;
eap_tls->tx_frag_offset += eap_tls->tx_frag_last_len;
eap_tls->tx_frag_last_len = 0;
eap_tls->expecting_frag_ack = false;
eap_tls_send_fragment(eap);
return true;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
static int eap_tls_handle_fragmented_request(struct eap_state *eap,
const uint8_t *pkt,
size_t len,
uint8_t flags_version)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
int r = 0;
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
if (flags_version & EAP_TLS_FLAG_L) {
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
r = eap_tls_init_request_assembly(eap, pkt, len, flags_version);
if (r && r != -EAGAIN)
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
return r;
pkt += 4;
len -= 4;
}
if (!eap_tls->rx_pdu_buf)
return -EINVAL;
if (eap_tls->rx_pdu_buf->capacity < eap_tls->rx_pdu_buf->len + len) {
l_error("%s: Request fragment pkt size mismatch.",
eap_get_method_name(eap));
return -EINVAL;
}
databuf_append(eap_tls->rx_pdu_buf, pkt, len);
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
if (flags_version & EAP_TLS_FLAG_M)
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
return -EAGAIN;
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
return r;
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
}
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
static bool eap_tls_tunnel_init(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
if (eap_tls->tunnel)
eap-tls: Keep l_tls instance for reauthentication After one of the eap-tls-common-based methods succeeds keep the TLS tunnel instance until the method is freed, rather than free it the moment the method succeeds. This fixes repeated method runs where until now each next run would attempt to create a new TLS tunnel instance but would have no authentication data (CA certificate, client certificate, private key and private key passphrase) since those are were by the old l_tls object from the moment of the l_tls_set_auth_data() call. Use l_tls_reset() to reset the TLS state after method success, followed by a new l_tls_start() when the reauthentication starts.
2022-05-26 18:01:53 +02:00
goto start;
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
eap_tls->tunnel = l_tls_new(false, eap_tls_tunnel_data_received,
eap_tls_tunnel_data_send,
eap_tls_tunnel_ready,
eap_tls_tunnel_disconnected,
eap);
if (!eap_tls->tunnel) {
l_error("%s: Failed to create a TLS instance.",
eap_get_method_name(eap));
return false;
}
eap-tls: Dump server certificate when IWD_TLS_DEBUG set
2020-12-24 00:22:14 +01:00
if (getenv("IWD_TLS_DEBUG")) {
eap-tls-common: Add missing data
2018-12-17 21:05:07 +01:00
l_tls_set_debug(eap_tls->tunnel, eap_tls_tunnel_debug, eap,
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
NULL);
eap-tls: Dump server certificate when IWD_TLS_DEBUG set
2020-12-24 00:22:14 +01:00
l_tls_set_cert_dump_path(eap_tls->tunnel,
"/tmp/iwd-tls-debug-server-cert.pem");
}
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
if (eap_tls->client_cert || eap_tls->client_key) {
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
if (!l_tls_set_auth_data(eap_tls->tunnel, eap_tls->client_cert,
eap_tls->client_key)) {
l_certchain_free(eap_tls->client_cert);
eap_tls->client_cert = NULL;
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
l_key_free(eap_tls->client_key);
eap_tls->client_key = NULL;
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
l_error("%s: Failed to set auth data.",
eap_get_method_name(eap));
eap-tls: Print a hint about IWD_TLS_DEBUG on TLS errors
2020-03-19 22:12:18 +01:00
eap_tls_debug_hint();
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
return false;
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
eap_tls->client_cert = NULL;
eap_tls->client_key = NULL;
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
}
if (eap_tls->ca_cert) {
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
if (!l_tls_set_cacert(eap_tls->tunnel, eap_tls->ca_cert)) {
l_queue_destroy(eap_tls->ca_cert,
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
(l_queue_destroy_func_t)l_cert_free);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
eap_tls->ca_cert = NULL;
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
l_error("%s: Error settings CA certificates.",
eap_get_method_name(eap));
eap-tls: Print a hint about IWD_TLS_DEBUG on TLS errors
2020-03-19 22:12:18 +01:00
eap_tls_debug_hint();
eap-tls-common: update to new ELL TLS APIs
2019-10-02 17:36:06 +02:00
return false;
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
eap_tls->ca_cert = NULL;
eap-tls-common: Call the new l_tls_start
2018-12-19 02:00:43 +01:00
}
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
if (eap_tls->domain_mask)
l_tls_set_domain_mask(eap_tls->tunnel, eap_tls->domain_mask);
eap-tls: Keep l_tls instance for reauthentication After one of the eap-tls-common-based methods succeeds keep the TLS tunnel instance until the method is freed, rather than free it the moment the method succeeds. This fixes repeated method runs where until now each next run would attempt to create a new TLS tunnel instance but would have no authentication data (CA certificate, client certificate, private key and private key passphrase) since those are were by the old l_tls object from the moment of the l_tls_set_auth_data() call. Use l_tls_reset() to reset the TLS state after method success, followed by a new l_tls_start() when the reauthentication starts.
2022-05-26 18:01:53 +02:00
start:
eap-tls-common: Call the new l_tls_start
2018-12-19 02:00:43 +01:00
if (!l_tls_start(eap_tls->tunnel)) {
l_error("%s: Failed to start the TLS client",
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
eap_get_method_name(eap));
eap-tls: Print a hint about IWD_TLS_DEBUG on TLS errors
2020-03-19 22:12:18 +01:00
eap_tls_debug_hint();
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
return false;
}
return true;
}
eap-tls-common: Handle packet payload
2018-12-05 00:41:48 +01:00
static void eap_tls_handle_phase2_payload(struct eap_state *eap,
const uint8_t *pkt,
size_t pkt_len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
if (!eap_tls->variant_ops->tunnel_handle_request)
return;
if (!eap_tls->variant_ops->tunnel_handle_request(eap, pkt, pkt_len))
eap-tls-common: Add comment
2018-12-05 23:08:56 +01:00
/*
* The tunneled packet payload that violates the protocol or
* fails a method-specific integrity check result in tunnel
* shutdown.
*/
eap-tls-common: Handle packet payload
2018-12-05 00:41:48 +01:00
l_tls_close(eap_tls->tunnel);
}
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
void eap_tls_common_handle_request(struct eap_state *eap,
const uint8_t *pkt, size_t len)
{
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
uint8_t flags_version;
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
if (eap_tls->method_completed)
return;
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
if (len < 1) {
l_error("%s: Request packet is too short.",
eap_get_method_name(eap));
goto error;
}
flags_version = pkt[0];
if (!eap_tls_validate_version(eap, flags_version)) {
l_error("%s: Version negotiation has failed.",
eap_get_method_name(eap));
goto error;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
pkt += 1;
len -= 1;
eap-tls-common: Add support for fragmented response
2018-11-29 23:41:35 +01:00
if (eap_tls->expecting_frag_ack) {
if (!eap_tls_handle_fragmented_response_ack(eap, len))
goto error;
return;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
if (flags_version & EAP_TLS_FLAG_L || eap_tls->rx_pdu_buf) {
int r = eap_tls_handle_fragmented_request(eap, pkt, len,
flags_version);
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
if (r == -EAGAIN) {
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
/* Expecting more fragments. */
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
eap_tls_send_fragmented_request_ack(eap);
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
return;
eap-tls-common: ACK first fragment with missing M bit
2018-12-05 23:08:55 +01:00
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
if (r == -ENOMSG) {
/*
* Redundant usage of the L flag, no packet reassembly
* is required.
*/
pkt += 4;
len -= 4;
goto proceed;
}
if (r < 0)
goto error;
if (eap_tls->rx_pdu_buf->capacity != eap_tls->rx_pdu_buf->len) {
l_error("%s: Request fragment packet size mismatch",
eap_get_method_name(eap));
goto error;
}
pkt = eap_tls->rx_pdu_buf->data;
len = eap_tls->rx_pdu_buf->len;
}
proceed:
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
if (eap_tls->tx_pdu_buf) {
/*
treewide: Various style fixups - Mostly problems with whitespace: - Use of spaces instead of tabs - Stray spaces before closing ') - Missing spaces - Missing 'void' from function declarations & definitions that take no arguments. - Wrong indentation level
2022-01-11 17:51:11 +01:00
* tx_pdu_buf is used for the re-transmission and needs to be
* cleared on a new request.
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
*/
databuf_free(eap_tls->tx_pdu_buf);
eap_tls->tx_pdu_buf = NULL;
}
eap-tls-common: Add tls tunnel
2018-11-29 23:41:31 +01:00
if (flags_version & EAP_TLS_FLAG_S) {
if (!eap_tls_tunnel_init(eap))
goto error;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
eap-tls-common: Handle packet payload
2018-12-05 00:41:48 +01:00
if (len)
l_tls_handle_rx(eap_tls->tunnel, pkt, len);
if (eap_tls->plain_buf) {
/*
* An existence of the plain_buf indicates that the TLS tunnel
* has been established and Phase 2 payload was transmitted
* through it.
*/
eap_tls_handle_phase2_payload(eap, eap_tls->plain_buf->data,
eap_tls->plain_buf->len);
databuf_free(eap_tls->plain_buf);
eap_tls->plain_buf = NULL;
}
eap-tls-common: Add support for the fragmented requests
2018-11-29 23:41:30 +01:00
if (eap_tls->rx_pdu_buf) {
databuf_free(eap_tls->rx_pdu_buf);
eap_tls->rx_pdu_buf = NULL;
}
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
if (!eap_tls->tx_pdu_buf) {
if (eap_tls->phase2_failed)
goto error;
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
return;
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
}
eap-tls-common: Add basic send response
2018-11-29 23:41:34 +01:00
eap_tls_send_response(eap, eap_tls->tx_pdu_buf->data,
eap_tls->tx_pdu_buf->len);
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
if (eap_tls->phase2_failed)
goto error;
eap-tls-common: Add basic request handling This also introduces the version negotiation
2018-11-29 23:41:29 +01:00
return;
error:
eap_method_error(eap);
}
eap-tls-common: Handle response retransmission
2018-11-29 23:41:39 +01:00
void eap_tls_common_handle_retransmit(struct eap_state *eap,
const uint8_t *pkt, size_t len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
uint8_t flags_version;
if (len < 1) {
l_error("%s: Request packet is too short.",
eap_get_method_name(eap));
goto error;
}
flags_version = pkt[0];
if (!eap_tls_validate_version(eap, flags_version)) {
l_error("%s: Version negotiation has failed.",
eap_get_method_name(eap));
goto error;
}
if (flags_version & EAP_TLS_FLAG_M) {
if (!eap_tls->rx_pdu_buf)
goto error;
eap_tls_send_fragmented_request_ack(eap);
return;
}
if (!eap_tls->tx_pdu_buf || !eap_tls->tx_pdu_buf->data ||
!eap_tls->tx_pdu_buf->len)
goto error;
if (EAP_TLS_HEADER_LEN + eap_tls->tx_pdu_buf->len > eap_get_mtu(eap))
eap_tls_send_fragment(eap);
else
eap_tls_send_response(eap, eap_tls->tx_pdu_buf->data,
eap_tls->tx_pdu_buf->len);
return;
error:
eap_method_error(eap);
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
static const char *load_embedded_pem(struct l_settings *settings,
const char *name)
{
const char *pem;
const char *type;
pem = l_settings_get_embedded_value(settings, name + 6, &type);
if (!pem)
return NULL;
if (strcmp(type, "pem"))
return NULL;
return pem;
}
static bool is_embedded(const char *str)
{
if (!str)
return false;
if (strlen(str) < 6)
return false;
if (!strncmp("embed:", str, 6))
return true;
return false;
}
static struct l_queue *eap_tls_load_ca_cert(struct l_settings *settings,
const char *value)
{
const char *pem;
if (!is_embedded(value))
return l_pem_load_certificate_list(value);
pem = load_embedded_pem(settings, value);
if (!pem)
return NULL;
return l_pem_load_certificate_list_from_data(pem, strlen(pem));
}
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
struct l_certchain *eap_tls_load_client_cert(struct l_settings *settings,
eap-tls: Make use of l_cert_load_container_file Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use l_cert_load_container_file for file loading so that the file format is autodetected. Add new setting EAP-TLS-ClientKeyBundle for loading both the client certificate and private key from one file.
2021-01-25 18:56:12 +01:00
const char *value,
const char *passphrase,
bool *out_is_encrypted)
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
{
const char *pem;
eap-tls: Make use of l_cert_load_container_file Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use l_cert_load_container_file for file loading so that the file format is autodetected. Add new setting EAP-TLS-ClientKeyBundle for loading both the client certificate and private key from one file.
2021-01-25 18:56:12 +01:00
if (!is_embedded(value)) {
struct l_certchain *certchain;
if (l_cert_load_container_file(value, passphrase,
&certchain, NULL,
out_is_encrypted))
return certchain;
if (out_is_encrypted)
*out_is_encrypted = false;
return NULL;
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
pem = load_embedded_pem(settings, value);
if (!pem)
return NULL;
return l_pem_load_certificate_chain_from_data(pem, strlen(pem));
}
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
struct l_key *eap_tls_load_priv_key(struct l_settings *settings,
eap-tls: Make use of l_cert_load_container_file Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use l_cert_load_container_file for file loading so that the file format is autodetected. Add new setting EAP-TLS-ClientKeyBundle for loading both the client certificate and private key from one file.
2021-01-25 18:56:12 +01:00
const char *value,
const char *passphrase,
bool *out_is_encrypted)
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
{
const char *pem;
eap-tls: Make use of l_cert_load_container_file Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use l_cert_load_container_file for file loading so that the file format is autodetected. Add new setting EAP-TLS-ClientKeyBundle for loading both the client certificate and private key from one file.
2021-01-25 18:56:12 +01:00
if (!is_embedded(value)) {
struct l_key *key;
if (l_cert_load_container_file(value, passphrase, NULL, &key,
out_is_encrypted))
return key;
if (out_is_encrypted)
*out_is_encrypted = false;
return NULL;
}
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
pem = load_embedded_pem(settings, value);
if (!pem)
return NULL;
return l_pem_load_private_key_from_data(pem, strlen(pem),
eap-tls: Make use of l_cert_load_container_file Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use l_cert_load_container_file for file loading so that the file format is autodetected. Add new setting EAP-TLS-ClientKeyBundle for loading both the client certificate and private key from one file.
2021-01-25 18:56:12 +01:00
passphrase, out_is_encrypted);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
}
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
int eap_tls_common_settings_check(struct l_settings *settings,
struct l_queue *secrets,
const char *prefix,
struct l_queue **out_missing)
{
char setting_key[72];
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
bool have_cacerts = false;
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
const char *domain_mask_str;
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
L_AUTO_FREE_VAR(char *, value);
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
snprintf(setting_key, sizeof(setting_key), "%sCACert", prefix);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
value = l_settings_get_string(settings, "Security", setting_key);
if (value) {
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
struct l_queue *cacerts = eap_tls_load_ca_cert(settings, value);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
eap-tls: Replace l_pem_load_certificate() with newer functions Stop using l_pem_load_certificate which has been removed from ell, use the same functions to load certificate files to validate them as those used by the TLS implementation itself.
2018-12-15 00:30:01 +01:00
if (!cacerts) {
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
l_error("Failed to load %s", value);
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
return -EIO;
}
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
l_queue_destroy(cacerts,
(l_queue_destroy_func_t) l_cert_free);
have_cacerts = true;
eap-tls-common: More complete certificate validation In the methods' check_settings do a more complete early check for possible certificate / private key misconfiguration, including check that the certificate and the private key are always present or absent together and that they actually match each other. Do this by encrypting and decrypting a small buffer because we have no better API for that.
2019-02-08 18:32:13 +01:00
}
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
/*
* Require CACert if ServerDomainMask is present. If the server
* certificate is not being checked against any trusted certificates
* there's no point validating its contents and we wouldn't even
* receive the subject DN from ell, because it may be freely made up.
*/
snprintf(setting_key, sizeof(setting_key), "%sServerDomainMask",
prefix);
domain_mask_str = l_settings_get_value(settings, "Security",
setting_key);
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
if (domain_mask_str && !have_cacerts) {
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
l_error("%s was set but no CA Certificates given", setting_key);
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
return -EINVAL;
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
}
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
return 0;
eap-tls-common: Add check for phase one settings
2018-11-16 23:15:30 +01:00
}
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
bool eap_tls_common_settings_load(struct eap_state *eap,
eap-tls-common: Introduce eap_tls_variant_ops eap_tls_variant_ops will allow methods such as TTLS, PEAP, etc. to specify their own handlers for the Phase 2 operations.
2018-11-29 23:41:28 +01:00
struct l_settings *settings, const char *prefix,
eap-tls-common: Introduce variant data and reset API
2018-11-29 23:41:40 +01:00
const struct eap_tls_variant_ops *variant_ops,
void *variant_data)
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
{
struct eap_tls_state *eap_tls;
char setting_key[72];
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
char *domain_mask_str;
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
L_AUTO_FREE_VAR(char *, value) = NULL;
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
eap_tls = l_new(struct eap_tls_state, 1);
eap_tls->version_negotiated = EAP_TLS_VERSION_NOT_NEGOTIATED;
eap-tls-common: Introduce eap_tls_variant_ops eap_tls_variant_ops will allow methods such as TTLS, PEAP, etc. to specify their own handlers for the Phase 2 operations.
2018-11-29 23:41:28 +01:00
eap_tls->variant_ops = variant_ops;
eap-tls-common: Introduce variant data and reset API
2018-11-29 23:41:40 +01:00
eap_tls->variant_data = variant_data;
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
snprintf(setting_key, sizeof(setting_key), "%sCACert", prefix);
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
value = l_settings_get_string(settings, "Security", setting_key);
if (value) {
eap_tls->ca_cert = eap_tls_load_ca_cert(settings, value);
if (!eap_tls->ca_cert) {
l_error("Could not load CACert %s", value);
goto load_error;
}
}
eap-tls: Add ServerDomainMask config option Allow users to provide a glob string that the contents of the server certificate's subject DN should be matched against as a primitive protection against rogue APs using certificates purchased from commercial CAs trusted by the client. If the network uses an AP certificate emitted by a commerical CA and the clients are configured to trust those CAs so that the client configurations don't have to be updated when the AP renews its certificate, this new option can be used to check if the CN in the AP certificate's DN matches the known domain name. This logic assumes that the commercial CAs provide enough assurance that only the owner of the domain can buy a certificate with that domain in the CN field. The format of this option is similar to apple's TLSTrustedServerNames and wpa_supplicant's domain_match/domain_suffix_match format, the exact syntax is documented in ell/tls.c.
2019-08-23 03:30:23 +02:00
snprintf(setting_key, sizeof(setting_key), "%sServerDomainMask",
prefix);
domain_mask_str = l_settings_get_string(settings, "Security",
setting_key);
if (domain_mask_str) {
eap_tls->domain_mask = l_strsplit(domain_mask_str, ';');
l_free(domain_mask_str);
}
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
eap_set_data(eap, eap_tls);
return true;
eap-tls-common: allow embedded PEMs in settings Refactoring was required to allow for embedded certs. The existing eap_tls_state object was changed to hold the cert types (l_queue, l_certchain, l_key) rather than the file path, since there may not actually be separate PEM files. Care was taken to properly manage the memory of these objects. Since the TLS object takes ownership when setting auth data or the CA certs all error cases must be handled properly to free these objects after they are loaded and in addition they must be set to NULL so that the cleanup doesn't double free them. If everything goes to plan, we load all the PEMs in settings_load, provide these objects to the TLS APIs, and then NULL out the pointers (TLS now owns this memory). If anything fails between settings_load and l_tls_start we must free these objects. A special format must be used to indicate that a PEM is embedded inside the settings file. First, the l_settings format should be followed for the PEM itself, e.g. [@pem@my_ca_cert] <CA Cert data> This PEM can then be referenced by "embed:my_ca_cert", e.g. EAP-TLS-CACert=embed:my_ca_cert Any other value not starting with "embed:" will be treated as a file path.
2019-10-07 18:11:11 +02:00
load_error:
__eap_tls_common_state_free(eap_tls);
return false;
eap-tls-common: Introduce a common tls state and load settings
2018-11-16 23:15:31 +01:00
}
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key} As requested move the client certificate and private key loading from eap-tls-common.c to eap-tls.c. No man page change needed because those two settings weren't documented in it in the first place.
2021-01-25 18:56:11 +01:00
void eap_tls_common_set_keys(struct eap_state *eap,
struct l_certchain *client_cert,
struct l_key *client_key)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap_tls->client_cert = client_cert;
eap_tls->client_key = client_key;
}
eap-tls-common: Add method completion flag This flag prevents methods from restarting
2018-11-29 23:41:36 +01:00
void eap_tls_common_set_completed(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap_tls->method_completed = true;
}
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
eap-tls-common: Fix typo
2018-12-05 18:55:00 +01:00
void eap_tls_common_set_phase2_failed(struct eap_state *eap)
eap-tls-common: Add phase 2 failure flag This flag is used by the extensions to signal the failure during phase 2 execution.
2018-11-29 23:41:38 +01:00
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap_tls->phase2_failed = true;
}
eap-tls-common: Expose PRF
2018-11-29 23:41:42 +01:00
eap-tls-common: Add accessors for variant data and ver
2018-11-29 23:41:44 +01:00
enum eap_tls_version eap_tls_common_get_negotiated_version(
struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
return eap_tls->version_negotiated;
}
void *eap_tls_common_get_variant_data(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
return eap_tls->variant_data;
}
eap-tls-common: Expose PRF
2018-11-29 23:41:42 +01:00
bool eap_tls_common_tunnel_prf_get_bytes(struct eap_state *eap,
bool use_master_secret,
const char *label, uint8_t *buf,
size_t buf_len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
eap-tls-common: Add accessors for variant data and ver
2018-11-29 23:41:44 +01:00
return l_tls_prf_get_bytes(eap_tls->tunnel, use_master_secret,
label, buf, buf_len);
eap-tls-common: Expose PRF
2018-11-29 23:41:42 +01:00
}
eap-tls-common: Add tunnel API for send, close
2018-11-29 23:41:45 +01:00
void eap_tls_common_tunnel_send(struct eap_state *eap, const uint8_t *data,
size_t data_len)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
l_tls_write(eap_tls->tunnel, data, data_len);
}
void eap_tls_common_tunnel_close(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
l_tls_close(eap_tls->tunnel);
}
Copy Permalink