From aafa4d50bb2e40d09a3b34d7bf5d6ab0fd9c6275 Mon Sep 17 00:00:00 2001 From: Tim Kourt Date: Tue, 4 Dec 2018 15:41:49 -0800 Subject: [PATCH] eap-tls: Migrate to eap-tls-common framework The conversion transitions EAP-TLS implementation to use a common Phase 1 implementation shared among all TLS based EAP methods. --- src/eap-tls.c | 526 +++++--------------------------------------------- 1 file changed, 44 insertions(+), 482 deletions(-) diff --git a/src/eap-tls.c b/src/eap-tls.c index f326e4bc..3233ae35 100644 --- a/src/eap-tls.c +++ b/src/eap-tls.c @@ -2,7 +2,7 @@ * * Wireless daemon for Linux * - * Copyright (C) 2013-2014 Intel Corporation. All rights reserved. + * Copyright (C) 2013-2018 Intel Corporation. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -29,503 +29,63 @@ #include #include -#include "eap.h" -#include "eap-private.h" +#include "src/eap.h" +#include "src/eap-private.h" +#include "src/eap-tls-common.h" -struct eap_tls_state { - char *ca_cert; - char *client_cert; - char *client_key; - char *passphrase; - - struct l_tls *tls; - uint8_t *rx_pkt_buf; - size_t rx_pkt_received, rx_pkt_len; - uint8_t *tx_pkt_buf; - size_t tx_pkt_len, tx_pkt_capacity, tx_pkt_offset; - bool completed; -}; - -static void __eap_tls_reset_state(struct eap_tls_state *tls) +static bool eap_tls_tunnel_ready(struct eap_state *eap, + const char *peer_identity) { - tls->completed = false; - - l_free(tls->rx_pkt_buf); - tls->rx_pkt_buf = NULL; - tls->rx_pkt_received = 0; - tls->rx_pkt_len = 0; - - l_free(tls->tx_pkt_buf); - tls->tx_pkt_buf = NULL; - tls->tx_pkt_capacity = 0; - tls->tx_pkt_len = 0; - tls->tx_pkt_offset = 0; - - if (tls->tls) { - l_tls_free(tls->tls); - tls->tls = NULL; - } -} - -static bool eap_tls_reset_state(struct eap_state *eap) -{ - struct eap_tls_state *tls = eap_get_data(eap); - - __eap_tls_reset_state(tls); - return true; -} - -static void eap_tls_free(struct eap_state *eap) -{ - struct eap_tls_state *tls = eap_get_data(eap); - - __eap_tls_reset_state(tls); - eap_set_data(eap, NULL); - - l_free(tls->ca_cert); - l_free(tls->client_cert); - l_free(tls->client_key); - - if (tls->passphrase) { - memset(tls->passphrase, 0, strlen(tls->passphrase)); - l_free(tls->passphrase); - } - - l_free(tls); -} - -#define EAP_TLS_RESPONSE_HEADER_LEN 10 - -#define EAP_TLS_FLAG_L (1 << 7) -#define EAP_TLS_FLAG_M (1 << 6) -#define EAP_TLS_FLAG_S (1 << 5) -#define EAP_TLS_FLAG_LM_MASK \ - (EAP_TLS_FLAG_L | EAP_TLS_FLAG_M) - -static uint8_t *eap_tls_tx_buf_reserve(struct eap_tls_state *tls, size_t size) -{ - int offset = tls->tx_pkt_offset + tls->tx_pkt_len; - size_t end_offset = offset + size; - - tls->tx_pkt_len += size; - - if (end_offset > tls->tx_pkt_capacity) { - tls->tx_pkt_capacity = end_offset + 1024; - tls->tx_pkt_buf = - l_realloc(tls->tx_pkt_buf, tls->tx_pkt_capacity); - } - - return tls->tx_pkt_buf + offset; -} - -static void eap_tls_tx_cb(const uint8_t *data, size_t len, void *user_data) -{ - struct eap_state *eap = user_data; - struct eap_tls_state *tls = eap_get_data(eap); - - memcpy(eap_tls_tx_buf_reserve(tls, len), data, len); -} - -static void eap_tls_data_cb(const uint8_t *data, size_t len, void *user_data) -{ - /* This should never be called */ -} - -static void eap_tls_ready_cb(const char *peer_identity, void *user_data) -{ - struct eap_state *eap = user_data; - struct eap_tls_state *tls = eap_get_data(eap); uint8_t msk_emsk[128]; uint8_t iv[64]; /* TODO: if we have a CA certificate require non-NULL peer_identity */ eap_method_success(eap); - tls->completed = true; - - eap_start_complete_timeout(eap); + eap_tls_common_set_completed(eap); /* MSK, EMSK and IV derivation */ - l_tls_prf_get_bytes(tls->tls, true, - "client EAP encryption", msk_emsk, 128); - l_tls_prf_get_bytes(tls->tls, false, - "client EAP encryption", iv, 64); + eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption", + msk_emsk, 128); + eap_tls_common_tunnel_prf_get_bytes(eap, false, "client EAP encryption", + iv, 64); eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64); + + eap_tls_common_send_empty_response(eap); + + return true; } -static void eap_tls_disconnect_cb(enum l_tls_alert_desc reason, - bool remote, void *user_data) +static int eap_tls_settings_check(struct l_settings *settings, + struct l_queue *secrets, + const char *prefix, + struct l_queue **out_missing) { - struct eap_state *eap = user_data; - struct eap_tls_state *tls = eap_get_data(eap); + char tls_prefix[72]; - tls->completed = true; + snprintf(tls_prefix, sizeof(tls_prefix), "%sTLS-", prefix); + + return eap_tls_common_settings_check(settings, secrets, tls_prefix, + out_missing); } -static void eap_tls_debug_cb(const char *str, void *user_data) +static const struct eap_tls_variant_ops eap_tls_ops = { + .tunnel_ready = eap_tls_tunnel_ready, +}; + +static bool eap_tls_settings_load(struct eap_state *eap, + struct l_settings *settings, + const char *prefix) { - l_info("EAP-TLS %s", str); -} + char setting_key_prefix[72]; -static void eap_tls_handle_request(struct eap_state *eap, - const uint8_t *pkt, size_t len) -{ - uint8_t flags; - uint32_t total_len; - struct eap_tls_state *tls = eap_get_data(eap); - size_t fragment_len; - uint8_t *tx_buf; + snprintf(setting_key_prefix, sizeof(setting_key_prefix), "%sTLS-", + prefix); - if (len < 1) { - l_error("EAP-TLS request too short"); - goto err; - } - - flags = pkt[0]; - - pkt += 1; - len -= 1; - - /* Check if we're expecting a fragment ACK */ - if (tls->tx_pkt_len) { - if (flags || len) { - l_error("EAP-TLS request is not an ACK"); - goto err; - } - - /* Send next response fragment, prepend the 6-byte header */ - tx_buf = &tls->tx_pkt_buf[tls->tx_pkt_offset - 6]; - - fragment_len = eap_get_mtu(eap) - 6; - tx_buf[5] = EAP_TLS_FLAG_M; /* Flags */ - - if (tls->tx_pkt_len <= fragment_len) { - fragment_len = tls->tx_pkt_len; - tx_buf[5] = 0; /* Flags */ - } - - eap_send_response(eap, EAP_TYPE_TLS_EAP, - tx_buf, fragment_len + 6); - - tls->tx_pkt_len -= fragment_len; - tls->tx_pkt_offset += fragment_len; - - return; - } - - /* Complain if S bit is not correct */ - if (!(flags & EAP_TLS_FLAG_S) == !tls->tls) { - l_error("EAP-TLS request S flag invalid"); - goto err; - } - - /* Method can't be restarted */ - if ((flags & EAP_TLS_FLAG_S) && tls->completed) { - l_error("EAP-TLS start after completed"); - goto err; - } - - /* Sanity check that first fragmented request has L flag set */ - if ((flags & EAP_TLS_FLAG_LM_MASK) == EAP_TLS_FLAG_M && - !tls->rx_pkt_buf) { - l_error("EAP-TLS request 1st fragment with no length"); - goto err; - } - - if (flags & EAP_TLS_FLAG_L) { - if (len < 7) { - l_error("EAP-TLS request with L flag too short"); - goto err; - } - - total_len = l_get_be32(pkt); - pkt += 4; - len -= 4; - - if ((flags & EAP_TLS_FLAG_M) && !tls->rx_pkt_buf) { - if (total_len > 512 * 1024) { - l_error("EAP-TLS Message too long"); - goto err; - } - - tls->rx_pkt_buf = l_malloc(total_len); - tls->rx_pkt_len = total_len; - tls->rx_pkt_received = 0; - } - - if ((tls->rx_pkt_buf && total_len != tls->rx_pkt_len) || - (!tls->rx_pkt_buf && total_len != len)) { - l_error("EAP-TLS request length mismatch"); - - l_free(tls->rx_pkt_buf); - tls->rx_pkt_buf = NULL; - - goto err; - } - } - - if (tls->rx_pkt_buf) { - if ( - ((flags & EAP_TLS_FLAG_M) && - tls->rx_pkt_received + len >= - tls->rx_pkt_len) || - (!(flags & EAP_TLS_FLAG_M) && - tls->rx_pkt_received + len != - tls->rx_pkt_len)) { - l_error("EAP-TLS request fragment length mismatch"); - - l_free(tls->rx_pkt_buf); - tls->rx_pkt_buf = NULL; - - goto err; - } - - memcpy(tls->rx_pkt_buf + tls->rx_pkt_received, pkt, len); - tls->rx_pkt_received += len; - } - - if (flags & EAP_TLS_FLAG_M) { - uint8_t buf[6]; - - /* Send an empty response as ACK */ - buf[5] = 0; - eap_send_response(eap, EAP_TYPE_TLS_EAP, buf, 6); - - return; - } - - if (tls->rx_pkt_buf) { - pkt = tls->rx_pkt_buf; - len = tls->rx_pkt_len; - } - - eap_tls_tx_buf_reserve(tls, EAP_TLS_RESPONSE_HEADER_LEN); - tls->tx_pkt_offset = tls->tx_pkt_len; - tls->tx_pkt_len = 0; - - if (flags & EAP_TLS_FLAG_S) { - tls->tls = l_tls_new(false, eap_tls_data_cb, - eap_tls_tx_cb, eap_tls_ready_cb, - eap_tls_disconnect_cb, eap); - - if (!tls->tls) { - l_error("Creating a TLS instance failed"); - goto err; - } - - if (getenv("IWD_TLS_DEBUG")) - l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL); - - if (!l_tls_set_auth_data(tls->tls, tls->client_cert, - tls->client_key, tls->passphrase) || - (tls->ca_cert && - !l_tls_set_cacert(tls->tls, tls->ca_cert))) { - l_error("Error loading EAP-TLS keys or certificates"); - goto err; - } - } - - /* - * Here we take advantage of knowing that ell will send all the - * records corresponding to the current handshake step from within - * the l_tls_handle_rx call because it doesn't use any other context - * such as timers - basic TLS specifies no timeouts. Otherwise we - * would need to analyze the record types in eap_tls_tx_cb to decide - * when we're ready to send out a response. - */ - if (len) - l_tls_handle_rx(tls->tls, pkt, len); - - if (tls->rx_pkt_buf) { - l_free(tls->rx_pkt_buf); - tls->rx_pkt_buf = NULL; - } - - /* - * Note if tls->completed && !eap->method_success we can send an empty - * response instead of passing the TLS alert. - */ - - if (tls->tx_pkt_len + 6 <= eap_get_mtu(eap)) { - /* - * Response fits in a single response packet, prepend the - * 6-byte header (no length) before the data. - */ - tx_buf = &tls->tx_pkt_buf[tls->tx_pkt_offset - 6]; - - tx_buf[5] = 0; /* Flags */ - - eap_send_response(eap, EAP_TYPE_TLS_EAP, - tx_buf, tls->tx_pkt_len + 6); - - tls->tx_pkt_len = 0; - } else { - /* - * Fragmentation needed, prepend the 10-byte header - * (4 EAP header + 2 response + 4 length) to build the - * initial fragment packet. - */ - tx_buf = &tls->tx_pkt_buf[tls->tx_pkt_offset - 10]; - - tx_buf[5] = EAP_TLS_FLAG_L | EAP_TLS_FLAG_M; /* Flags */ - l_put_be32(tls->tx_pkt_len, &tx_buf[6]); - - fragment_len = eap_get_mtu(eap) - 10; - eap_send_response(eap, EAP_TYPE_TLS_EAP, - tx_buf, fragment_len + 10); - - tls->tx_pkt_len -= fragment_len; - tls->tx_pkt_offset += fragment_len; - } - - if (tls->completed) { - l_tls_free(tls->tls); - tls->tls = NULL; - } - - return; - -err: - tls->completed = true; - - l_tls_free(tls->tls); - tls->tls = NULL; - - eap_method_error(eap); -} - -static int eap_tls_check_settings(struct l_settings *settings, - struct l_queue *secrets, - const char *prefix, - struct l_queue **out_missing) -{ - char setting[64], client_cert_setting[64], passphrase_setting[64]; - L_AUTO_FREE_VAR(char *, path) = NULL; - L_AUTO_FREE_VAR(char *, client_cert) = NULL; - L_AUTO_FREE_VAR(char *, passphrase) = NULL; - uint8_t *cert; - size_t size; - - snprintf(setting, sizeof(setting), "%sTLS-CACert", prefix); - path = l_settings_get_string(settings, "Security", setting); - if (path) { - cert = l_pem_load_certificate(path, &size); - if (!cert) { - l_error("Failed to load %s", path); - return -EIO; - } - - l_free(cert); - } - - snprintf(client_cert_setting, sizeof(client_cert_setting), - "%sTLS-ClientCert", prefix); - client_cert = l_settings_get_string(settings, "Security", - client_cert_setting); - if (client_cert) { - cert = l_pem_load_certificate(client_cert, &size); - if (!cert) { - l_error("Failed to load %s", client_cert); - return -EIO; - } - - l_free(cert); - } - - l_free(path); - - snprintf(setting, sizeof(setting), "%sTLS-ClientKey", prefix); - path = l_settings_get_string(settings, "Security", setting); - - if (path && !client_cert) { - l_error("%s present but no client certificate (%s)", - setting, client_cert_setting); - return -ENOENT; - } - - snprintf(passphrase_setting, sizeof(passphrase_setting), - "%sTLS-ClientKeyPassphrase", prefix); - passphrase = l_settings_get_string(settings, "Security", - passphrase_setting); - - if (!passphrase) { - const struct eap_secret_info *secret; - - secret = l_queue_find(secrets, eap_secret_info_match, - passphrase_setting); - if (secret) - passphrase = l_strdup(secret->value); - } - - if (path) { - struct l_key *priv_key; - bool encrypted; - - priv_key = l_pem_load_private_key(path, passphrase, &encrypted); - if (!priv_key) { - if (!encrypted) { - l_error("Error loading client private key %s", - path); - return -EIO; - } - - if (passphrase) { - l_error("Error loading encrypted client " - "private key %s", path); - return -EACCES; - } - - /* - * We've got an encrypted key and passphrase was not - * saved in the network settings, need to request - * the passphrase. - */ - eap_append_secret(out_missing, - EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_setting, NULL, path, - EAP_CACHE_TEMPORARY); - } else { - l_key_free(priv_key); - - if (passphrase && !encrypted) { - l_error("%s present but client private " - "key %s is not encrypted", - passphrase_setting, path); - return -ENOENT; - } - } - } else if (passphrase) { - l_error("%s present but no client private key path set (%s)", - passphrase_setting, setting); - return -ENOENT; - } - - return 0; -} - -static bool eap_tls_load_settings(struct eap_state *eap, - struct l_settings *settings, - const char *prefix) -{ - struct eap_tls_state *tls; - char setting[64]; - - tls = l_new(struct eap_tls_state, 1); - - snprintf(setting, sizeof(setting), "%sTLS-CACert", prefix); - tls->ca_cert = l_settings_get_string(settings, "Security", setting); - - snprintf(setting, sizeof(setting), "%sTLS-ClientCert", prefix); - tls->client_cert = l_settings_get_string(settings, "Security", setting); - - snprintf(setting, sizeof(setting), "%sTLS-ClientKey", prefix); - tls->client_key = l_settings_get_string(settings, "Security", setting); - - snprintf(setting, sizeof(setting), "%sTLS-ClientKeyPassphrase", prefix); - tls->passphrase = l_settings_get_string(settings, "Security", setting); - - eap_set_data(eap, tls); + if (!eap_tls_common_settings_load(eap, settings, setting_key_prefix, + &eap_tls_ops, NULL)) + return false; return true; } @@ -535,11 +95,13 @@ static struct eap_method eap_tls = { .exports_msk = true, .name = "TLS", - .free = eap_tls_free, - .handle_request = eap_tls_handle_request, - .check_settings = eap_tls_check_settings, - .load_settings = eap_tls_load_settings, - .reset_state = eap_tls_reset_state, + .handle_request = eap_tls_common_handle_request, + .handle_retransmit = eap_tls_common_handle_retransmit, + .reset_state = eap_tls_common_state_reset, + .free = eap_tls_common_state_free, + + .check_settings = eap_tls_settings_check, + .load_settings = eap_tls_settings_load, }; static int eap_tls_init(void)