/** Authenticate a previously sent challenge
*
*/
static rlm_rcode_t mod_process(UNUSED void *instance, eap_session_t *eap_session)
{
REQUEST *request = eap_session->request;
eap_sim_session_t *eap_sim_session = talloc_get_type_abort(eap_session->opaque, eap_sim_session_t);
fr_sim_decode_ctx_t ctx = {
.keys = &eap_sim_session->keys,
};
VALUE_PAIR *subtype_vp, *from_peer, *vp;
fr_cursor_t cursor;
eap_sim_subtype_t subtype;
int ret;
/*
* VPS is the data from the client
*/
from_peer = eap_session->request->packet->vps;
fr_cursor_init(&cursor, &request->packet->vps);
fr_cursor_tail(&cursor);
ret = fr_sim_decode(eap_session->request,
&cursor,
dict_eap_sim,
eap_session->this_round->response->type.data,
eap_session->this_round->response->type.length,
&ctx);
/*
* RFC 4186 says we *MUST* notify, not just
* send an EAP-Failure in this case where
* we cannot decode an EAP-AKA packet.
*/
if (ret < 0) {
RPEDEBUG2("Failed decoding EAP-SIM attributes");
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
vp = fr_cursor_current(&cursor);
if (vp && RDEBUG_ENABLED2) {
RDEBUG2("Decoded EAP-SIM attributes");
log_request_pair_list(L_DBG_LVL_2, request, vp, NULL);
}
subtype_vp = fr_pair_find_by_da(from_peer, attr_eap_sim_subtype, TAG_ANY);
if (!subtype_vp) {
REDEBUG("Missing EAP-SIM-Subtype");
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
subtype = subtype_vp->vp_uint16;
switch (eap_sim_session->state) {
/*
* Response to our advertised versions and request for an ID
* This is very similar to Identity negotiation in EAP-AKA[']
*/
case EAP_SIM_SERVER_START:
switch (subtype) {
case EAP_SIM_START:
if (process_eap_sim_start(eap_session, from_peer) == 0) return RLM_MODULE_HANDLED;
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
/*
* Case 1 where we're allowed to send an EAP-Failure
*
* This can happen in the case of a conservative
* peer, where it refuses to provide the permanent
* identity.
*/
case EAP_SIM_CLIENT_ERROR:
{
char buff[20];
vp = fr_pair_find_by_da(from_peer, attr_eap_sim_client_error_code, TAG_ANY);
if (!vp) {
REDEBUG("EAP-SIM Peer rejected SIM-Start (%s) with client-error message but "
"has not supplied a client error code",
fr_int2str(sim_id_request_table, eap_sim_session->id_req, "<INVALID>"));
} else {
REDEBUG("Client rejected SIM-Start (%s) with error: %s (%i)",
fr_int2str(sim_id_request_table, eap_sim_session->id_req, "<INVALID>"),
fr_pair_value_enum(vp, buff), vp->vp_uint16);
}
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
case EAP_SIM_NOTIFICATION:
notification:
{
char buff[20];
vp = fr_pair_afrom_da(from_peer, attr_eap_sim_notification);
if (!vp) {
REDEBUG2("Received SIM-Notification with no notification code");
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
/*
* Case 2 where we're allowed to send an EAP-Failure
*/
if (!(vp->vp_uint16 & 0x8000)) {
REDEBUG2("SIM-Notification %s (%i) indicates failure", fr_pair_value_enum(vp, buff),
vp->vp_uint16);
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
/*
* ...if it's not a failure, then re-enter the
* current state.
*/
REDEBUG2("Got SIM-Notification %s (%i)", fr_pair_value_enum(vp, buff), vp->vp_uint16);
eap_sim_state_enter(eap_session, eap_sim_session->state);
return RLM_MODULE_HANDLED;
default:
unexpected_subtype:
/*
* RFC 4186 says we *MUST* notify, not just
* send an EAP-Failure in this case.
*/
REDEBUG("Unexpected subtype %pV", &subtype_vp->data);
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
}
/*
* Process the response to our previous challenge.
*/
case EAP_SIM_SERVER_CHALLENGE:
switch (subtype) {
/*
* A response to our EAP-Sim/Request/Challenge!
*/
case EAP_SIM_CHALLENGE:
switch (process_eap_sim_challenge(eap_session, from_peer)) {
case 1:
return RLM_MODULE_HANDLED;
case 0:
return RLM_MODULE_OK;
case -1:
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
case EAP_SIM_CLIENT_ERROR:
{
char buff[20];
vp = fr_pair_find_by_da(from_peer, attr_eap_sim_client_error_code, TAG_ANY);
if (!vp) {
REDEBUG("EAP-SIM Peer rejected SIM-Challenge with client-error message but "
"has not supplied a client error code");
} else {
REDEBUG("Client rejected SIM-Challenge with error: %s (%i)",
fr_pair_value_enum(vp, buff), vp->vp_uint16);
}
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
case EAP_SIM_NOTIFICATION:
goto notification;
default:
goto unexpected_subtype;
}
/*
* Peer acked our failure
*/
case EAP_SIM_SERVER_FAILURE_NOTIFICATION:
switch (subtype) {
case EAP_SIM_NOTIFICATION:
RDEBUG2("SIM-Notification ACKed, sending EAP-Failure");
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE);
return RLM_MODULE_REJECT;
default:
goto unexpected_subtype;
}
/*
* Something bad happened...
*/
default:
rad_assert(0);
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
}
/*
* Initiate the EAP-SIM session by starting the state machine
* and initiating the state.
*/
static rlm_rcode_t mod_session_init(void *instance, eap_session_t *eap_session)
{
REQUEST *request = eap_session->request;
eap_sim_session_t *eap_sim_session;
rlm_eap_sim_t *inst = instance;
fr_sim_id_type_t type;
fr_sim_method_hint_t method;
MEM(eap_sim_session = talloc_zero(eap_session, eap_sim_session_t));
eap_session->opaque = eap_sim_session;
/*
* Set default configuration, we may allow these
* to be toggled by attributes later.
*/
eap_sim_session->send_result_ind = inst->protected_success;
eap_sim_session->id_req = SIM_ANY_ID_REQ; /* Set the default */
/*
* This value doesn't have be strong, but it is
* good if it is different now and then.
*/
eap_sim_session->sim_id = (fr_rand() & 0xff);
/*
* Save the keying material, because it could change on a subsequent retrieval.
*/
RDEBUG2("New EAP-SIM session");
/*
* Process the identity that we received in the
* EAP-Identity-Response and use it to determine
* the initial request we send to the Supplicant.
*/
if (fr_sim_id_type(&type, &method,
eap_session->identity, talloc_array_length(eap_session->identity) - 1) < 0) {
RPWDEBUG2("Failed parsing identity, continuing anyway");
}
switch (method) {
default:
RWDEBUG("EAP-Identity-Response hints that EAP-%s should be started, but we're attempting EAP-SIM",
fr_int2str(sim_id_method_hint_table, method, "<INVALID>"));
break;
case SIM_METHOD_HINT_SIM:
case SIM_METHOD_HINT_UNKNOWN:
break;
}
eap_session->process = mod_process;
/*
* Figure out what type of identity we have
* and use it to determine the initial
* request we send.
*/
switch (type) {
/*
* These types need to be transformed into something
* usable before we can do anything.
*/
case SIM_ID_TYPE_UNKNOWN:
case SIM_ID_TYPE_PSEUDONYM:
case SIM_ID_TYPE_FASTAUTH:
/*
* Permanent ID means we can just send the challenge
*/
case SIM_ID_TYPE_PERMANENT:
eap_sim_session->keys.identity_len = talloc_array_length(eap_session->identity) - 1;
MEM(eap_sim_session->keys.identity = talloc_memdup(eap_sim_session, eap_session->identity,
eap_sim_session->keys.identity_len));
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_START);
return RLM_MODULE_HANDLED;
}
return RLM_MODULE_HANDLED;
}
/** Process an EAP-Sim/Response/Start
*
* Verify that client chose a version, and provided a NONCE_MT,
* and if so, then change states to challenge, and send the new
* challenge, else, resend the Request/Start.
*/
static int process_eap_sim_start(eap_session_t *eap_session, VALUE_PAIR *vps)
{
REQUEST *request = eap_session->request;
VALUE_PAIR *nonce_vp, *selected_version_vp;
eap_sim_session_t *eap_sim_session;
uint16_t eap_sim_version;
VALUE_PAIR *id;
fr_sim_id_type_t type = SIM_ID_TYPE_UNKNOWN;
fr_sim_method_hint_t method = SIM_METHOD_HINT_UNKNOWN;
eap_sim_session = talloc_get_type_abort(eap_session->opaque, eap_sim_session_t);
/*
* For fullauth We require both the NONCE_MT
* and SELECTED_VERSION from the peer, else
* the packet is invalid.
*/
nonce_vp = fr_pair_find_by_da(vps, attr_eap_sim_nonce_mt, TAG_ANY);
selected_version_vp = fr_pair_find_by_da(vps, attr_eap_sim_selected_version, TAG_ANY);
if (!nonce_vp || !selected_version_vp) {
REDEBUG2("Client did not select a version and send a NONCE");
return -1;
}
eap_sim_version = selected_version_vp->vp_uint16;
if (eap_sim_version != EAP_SIM_VERSION) {
REDEBUG2("EAP-SIM-Version %i is unknown", eap_sim_version);
return -1;
}
/*
* Record it for later keying
*/
eap_sim_version = htons(eap_sim_version);
memcpy(eap_sim_session->keys.gsm.version_select,
&eap_sim_version, sizeof(eap_sim_session->keys.gsm.version_select));
/*
* Double check the nonce size.
*/
if (nonce_vp->vp_length != 16) {
REDEBUG("EAP-SIM nonce_mt must be 16 bytes, not %zu bytes", nonce_vp->vp_length);
return -1;
}
memcpy(eap_sim_session->keys.gsm.nonce_mt, nonce_vp->vp_octets, 16);
/*
* See if we got an AT_IDENTITY
*/
id = fr_pair_find_by_da(vps, attr_eap_sim_identity, TAG_ANY);
if (id) {
if (fr_sim_id_type(&type, &method,
eap_session->identity, talloc_array_length(eap_session->identity) - 1) < 0) {
RPWDEBUG2("Failed parsing identity");
}
/*
* Update cryptographic identity
*/
talloc_const_free(eap_sim_session->keys.identity);
eap_sim_session->keys.identity_len = id->vp_length;
MEM(eap_sim_session->keys.identity = talloc_memdup(eap_sim_session, id->vp_strvalue, id->vp_length));
}
/*
* @TODO Run a virtual server to see if we can use the
* identity we just acquired, or whether we need to
* negotiate the next permissive ID.
*/
/*
* Negotiate the next permissive form
* if identity, or fail.
*/
switch (eap_sim_session->id_req) {
case SIM_ANY_ID_REQ:
eap_sim_session->id_req = SIM_FULLAUTH_ID_REQ;
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_START);
break;
case SIM_FULLAUTH_ID_REQ:
eap_sim_session->id_req = SIM_PERMANENT_ID_REQ;
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_START);
break;
case SIM_NO_ID_REQ:
case SIM_PERMANENT_ID_REQ:
eap_sim_state_enter(eap_session, EAP_SIM_SERVER_CHALLENGE);
// REDEBUG2("Failed to negotiate a usable identity");
// eap_sim_state_enter(eap_session, eap_sim_session, EAP_SIM_SERVER_FAILURE_NOTIFICATION);
break;
}
return 0;
}
static int process_eap_aka_identity(eap_session_t *eap_session, VALUE_PAIR *vps)
{
REQUEST *request = eap_session->request;
eap_aka_session_t *eap_aka_session = talloc_get_type_abort(eap_session->opaque, eap_aka_session_t);
VALUE_PAIR *id;
fr_sim_id_type_t type = SIM_ID_TYPE_UNKNOWN;
fr_sim_method_hint_t method = SIM_METHOD_HINT_UNKNOWN;
/*
* Digest the identity response
*/
if (fr_sim_crypto_update_checkcode(eap_aka_session->checkcode_state, eap_session->this_round->response) < 0) {
RPEDEBUG("Failed updating checkcode");
return -1;
}
/*
* See if we got an AT_IDENTITY
*/
id = fr_pair_find_by_da(vps, attr_eap_aka_identity, TAG_ANY);
if (id) {
if (fr_sim_id_type(&type, &method,
eap_session->identity, talloc_array_length(eap_session->identity) - 1) < 0) {
RPWDEBUG2("Failed parsing identity");
}
/*
* Update cryptographic identity
*/
talloc_const_free(eap_aka_session->keys.identity);
eap_aka_session->keys.identity_len = id->vp_length;
MEM(eap_aka_session->keys.identity = talloc_memdup(eap_aka_session, id->vp_strvalue, id->vp_length));
}
/*
* @TODO Run a virtual server to see if we can use the
* identity we just acquired, or whether we need to
* negotiate the next permissive ID.
*/
/*
* Negotiate the next permissive form
* if identity, or fail.
*/
switch (eap_aka_session->id_req) {
case SIM_ANY_ID_REQ:
eap_aka_session->id_req = SIM_FULLAUTH_ID_REQ;
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_IDENTITY);
break;
case SIM_FULLAUTH_ID_REQ:
eap_aka_session->id_req = SIM_PERMANENT_ID_REQ;
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_IDENTITY);
break;
case SIM_PERMANENT_ID_REQ:
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_CHALLENGE);
// REDEBUG2("Failed to negotiate a usable identity");
// eap_aka_state_enter(eap_session, eap_aka_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
break;
case SIM_NO_ID_REQ:
rad_assert(0);
return -1;
}
return 0;
}
/** Process the Peer's response and advantage the state machine
*
*/
static rlm_rcode_t mod_process(UNUSED void *instance, eap_session_t *eap_session)
{
REQUEST *request = eap_session->request;
eap_aka_session_t *eap_aka_session = talloc_get_type_abort(eap_session->opaque, eap_aka_session_t);
fr_sim_decode_ctx_t ctx = {
.keys = &eap_aka_session->keys,
};
VALUE_PAIR *vp, *vps, *subtype_vp;
fr_cursor_t cursor;
eap_aka_subtype_t subtype;
int ret;
/*
* RFC 4187 says we ignore the contents of the
* next packet after we send our success notification
* and always send a success.
*/
if (eap_aka_session->state == EAP_AKA_SERVER_SUCCESS_NOTIFICATION) {
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_SUCCESS);
return RLM_MODULE_HANDLED;
}
/* vps is the data from the client */
vps = request->packet->vps;
fr_cursor_init(&cursor, &request->packet->vps);
fr_cursor_tail(&cursor);
ret = fr_sim_decode(eap_session->request,
&cursor,
dict_eap_aka,
eap_session->this_round->response->type.data,
eap_session->this_round->response->type.length,
&ctx);
/*
* RFC 4187 says we *MUST* notify, not just
* send an EAP-Failure in this case where
* we cannot decode an EAP-AKA packet.
*/
if (ret < 0) {
RPEDEBUG2("Failed decoding EAP-AKA attributes");
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
vp = fr_cursor_current(&cursor);
if (vp && RDEBUG_ENABLED2) {
RDEBUG2("EAP-AKA decoded attributes");
log_request_pair_list(L_DBG_LVL_2, request, vp, NULL);
}
subtype_vp = fr_pair_find_by_da(vps, attr_eap_aka_subtype, TAG_ANY);
if (!subtype_vp) {
REDEBUG("Missing EAP-AKA-Subtype");
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
subtype = subtype_vp->vp_uint16;
switch (eap_aka_session->state) {
/*
* Here we expected the peer to send
* us identities for validation.
*/
case EAP_AKA_SERVER_IDENTITY:
switch (subtype) {
case EAP_AKA_IDENTITY:
if (process_eap_aka_identity(eap_session, vps) == 0) return RLM_MODULE_HANDLED;
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
/*
* Case 1 where we're allowed to send an EAP-Failure
*
* This can happen in the case of a conservative
* peer, where it refuses to provide the permanent
* identity.
*/
case EAP_AKA_CLIENT_ERROR:
{
char buff[20];
vp = fr_pair_find_by_da(vps, attr_eap_aka_client_error_code, TAG_ANY);
if (!vp) {
REDEBUG("EAP-AKA Peer rejected AKA-Identity (%s) with client-error message but "
"has not supplied a client error code",
fr_int2str(sim_id_request_table, eap_aka_session->id_req, "<INVALID>"));
} else {
REDEBUG("Client rejected AKA-Identity (%s) with error: %s (%i)",
fr_int2str(sim_id_request_table, eap_aka_session->id_req, "<INVALID>"),
fr_pair_value_enum(vp, buff), vp->vp_uint16);
}
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
case EAP_AKA_NOTIFICATION:
notification:
{
char buff[20];
vp = fr_pair_afrom_da(vps, attr_eap_aka_notification);
if (!vp) {
REDEBUG2("Received AKA-Notification with no notification code");
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
/*
* Case 3 where we're allowed to send an EAP-Failure
*/
if (!(vp->vp_uint16 & 0x8000)) {
REDEBUG2("AKA-Notification %s (%i) indicates failure", fr_pair_value_enum(vp, buff),
vp->vp_uint16);
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
/*
* ...if it's not a failure, then re-enter the
* current state.
*/
REDEBUG2("Got AKA-Notification %s (%i)", fr_pair_value_enum(vp, buff), vp->vp_uint16);
eap_aka_state_enter(eap_session, eap_aka_session->state);
return RLM_MODULE_HANDLED;
}
default:
unexpected_subtype:
/*
* RFC 4187 says we *MUST* notify, not just
* send an EAP-Failure in this case.
*/
REDEBUG("Unexpected subtype %pV", &subtype_vp->data);
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
/*
* Process the response to our previous challenge.
*/
case EAP_AKA_SERVER_CHALLENGE:
switch (subtype) {
case EAP_AKA_CHALLENGE:
switch (process_eap_aka_challenge(eap_session, vps)) {
case 1:
return RLM_MODULE_HANDLED;
case 0:
return RLM_MODULE_OK;
case -1:
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
case EAP_AKA_SYNCHRONIZATION_FAILURE:
REDEBUG("EAP-AKA Peer synchronization failure"); /* We can't handle these yet */
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
/*
* Case 1 where we're allowed to send an EAP-Failure
*/
case EAP_AKA_CLIENT_ERROR:
{
char buff[20];
vp = fr_pair_find_by_da(vps, attr_eap_aka_client_error_code, TAG_ANY);
if (!vp) {
REDEBUG("EAP-AKA Peer rejected AKA-Challenge with client-error message but "
"has not supplied a client error code");
} else {
REDEBUG("Client rejected AKA-Challenge with error: %s (%i)",
fr_pair_value_enum(vp, buff), vp->vp_uint16);
}
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE);
return RLM_MODULE_REJECT;
}
/*
* Case 2 where we're allowed to send an EAP-Failure
*/
case EAP_AKA_AUTHENTICATION_REJECT:
REDEBUG("EAP-AKA Peer Rejected AUTN");
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE);
return RLM_MODULE_REJECT;
case EAP_AKA_NOTIFICATION:
goto notification;
default:
goto unexpected_subtype;
}
/*
* Peer acked our failure
*/
case EAP_AKA_SERVER_FAILURE_NOTIFICATION:
switch (subtype) {
case EAP_AKA_NOTIFICATION:
RDEBUG2("AKA-Notification ACKed, sending EAP-Failure");
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE);
return RLM_MODULE_REJECT;
default:
goto unexpected_subtype;
}
/*
* Something bad happened...
*/
default:
rad_assert(0);
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_FAILURE_NOTIFICATION);
return RLM_MODULE_HANDLED; /* We need to process more packets */
}
}
/** Initiate the EAP-SIM session by starting the state machine
*
*/
static rlm_rcode_t mod_session_init(void *instance, eap_session_t *eap_session)
{
REQUEST *request = eap_session->request;
eap_aka_session_t *eap_aka_session;
rlm_eap_aka_t *inst = instance;
fr_sim_id_type_t type;
fr_sim_method_hint_t method;
MEM(eap_aka_session = talloc_zero(eap_session, eap_aka_session_t));
eap_session->opaque = eap_aka_session;
/*
* Set default configuration, we may allow these
* to be toggled by attributes later.
*/
eap_aka_session->request_identity = inst->request_identity;
eap_aka_session->send_result_ind = inst->protected_success;
eap_aka_session->id_req = SIM_NO_ID_REQ; /* Set the default */
/*
* This value doesn't have be strong, but it is
* good if it is different now and then.
*/
eap_aka_session->aka_id = (fr_rand() & 0xff);
/*
* Process the identity that we received in the
* EAP-Identity-Response and use it to determine
* the initial request we send to the Supplicant.
*/
if (fr_sim_id_type(&type, &method,
eap_session->identity, talloc_array_length(eap_session->identity) - 1) < 0) {
RPWDEBUG2("Failed parsing identity, continuing anyway");
}
/*
* Unless AKA-Prime is explicitly disabled,
* use it... It has stronger keying, and
* binds authentication to the network.
*/
switch (eap_session->type) {
case FR_EAP_AKA_PRIME:
default:
RDEBUG2("New EAP-AKA' session");
eap_aka_session->type = FR_EAP_AKA_PRIME;
eap_aka_session->kdf = FR_EAP_AKA_KDF_VALUE_EAP_AKA_PRIME_WITH_CK_PRIME_IK_PRIME;
eap_aka_session->checkcode_md = eap_aka_session->mac_md = EVP_sha256();
eap_aka_session->keys.network = (uint8_t *)talloc_bstrndup(eap_aka_session, inst->network_name,
talloc_array_length(inst->network_name) - 1);
eap_aka_session->keys.network_len = talloc_array_length(eap_aka_session->keys.network) - 1;
switch (method) {
default:
RWDEBUG("EAP-Identity-Response hints that EAP-%s should be started, but we're "
"attempting EAP-AKA'", fr_int2str(sim_id_method_hint_table, method, "<INVALID>"));
break;
case SIM_METHOD_HINT_AKA_PRIME:
case SIM_METHOD_HINT_UNKNOWN:
break;
}
break;
case FR_EAP_AKA:
RDEBUG2("New EAP-AKA session");
eap_aka_session->type = FR_EAP_AKA;
eap_aka_session->kdf = FR_EAP_AKA_KDF_VALUE_EAP_AKA; /* Not actually sent */
eap_aka_session->checkcode_md = eap_aka_session->mac_md = EVP_sha1();
eap_aka_session->send_at_bidding = true;
switch (method) {
default:
RWDEBUG("EAP-Identity-Response hints that EAP-%s should be started, but we're "
"attempting EAP-AKA", fr_int2str(sim_id_method_hint_table, method, "<INVALID>"));
break;
case SIM_METHOD_HINT_AKA:
case SIM_METHOD_HINT_UNKNOWN:
break;
}
break;
}
eap_session->process = mod_process;
/*
* Admin wants us to always request an identity
* initially. The RFC says this is also the
* better way to operate, as the supplicant
* can 'decorate' the identity in the identity
* response.
*/
if (inst->request_identity) {
request_id:
/*
* We always start by requesting
* any ID initially as we can
* always negotiate down.
*/
eap_aka_session->id_req = SIM_ANY_ID_REQ;
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_IDENTITY);
return RLM_MODULE_HANDLED;
}
/*
* Figure out what type of identity we have
* and use it to determine the initial
* request we send.
*/
switch (type) {
/*
* If there's no valid tag on the identity
* then it's probably been decorated by the
* supplicant.
*
* Request the unmolested identity
*/
case SIM_ID_TYPE_UNKNOWN:
RWDEBUG("Identity format unknown, sending Identity request");
goto request_id;
/*
* These types need to be transformed into something
* usable before we can do anything.
*/
case SIM_ID_TYPE_PSEUDONYM:
case SIM_ID_TYPE_FASTAUTH:
/*
* Permanent ID means we can just send the challenge
*/
case SIM_ID_TYPE_PERMANENT:
eap_aka_session->keys.identity_len = talloc_array_length(eap_session->identity) - 1;
MEM(eap_aka_session->keys.identity = talloc_memdup(eap_aka_session, eap_session->identity,
eap_aka_session->keys.identity_len));
eap_aka_state_enter(eap_session, EAP_AKA_SERVER_CHALLENGE);
return RLM_MODULE_HANDLED;
}
return RLM_MODULE_HANDLED;
}
/** Determine the PSK to use for an incoming connection
*
* @param[in] ssl session.
* @param[in] identity The identity of the PSK to search for.
* @param[out] psk Where to write the PSK we found (if any).
* @param[in] max_psk_len The length of the buffer provided for PSK.
* @return
* - 0 if no PSK matching identity was found.
* - >0 if a PSK matching identity was found (the length of bytes written to psk).
*/
unsigned int tls_session_psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len)
{
unsigned int psk_len = 0;
fr_tls_conf_t *conf;
REQUEST *request;
conf = (fr_tls_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF);
if (!conf) return 0;
request = (REQUEST *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST);
if (request && conf->psk_query) {
size_t hex_len;
VALUE_PAIR *vp;
char buffer[2 * PSK_MAX_PSK_LEN + 4]; /* allow for too-long keys */
/*
* The passed identity is weird. Deny it.
*/
if (!session_psk_identity_is_safe(identity)) {
RWDEBUG("Invalid characters in PSK identity %s", identity);
return 0;
}
MEM(pair_update_request(&vp, attr_tls_psk_identity) >= 0);
if (fr_pair_value_from_str(vp, identity, -1, '\0', true) < 0) {
RPWDEBUG2("Failed parsing TLS PSK Identity");
talloc_free(vp);
return 0;
}
hex_len = xlat_eval(buffer, sizeof(buffer), request, conf->psk_query, NULL, NULL);
if (!hex_len) {
RWDEBUG("PSK expansion returned an empty string.");
return 0;
}
/*
* The returned key is truncated at MORE than
* OpenSSL can handle. That way we can detect
* the truncation, and complain about it.
*/
if (hex_len > (2 * max_psk_len)) {
RWDEBUG("Returned PSK is too long (%u > %u)", (unsigned int) hex_len, 2 * max_psk_len);
return 0;
}
/*
* Leave the TLS-PSK-Identity in the request, and
* convert the expansion from printable string
* back to hex.
*/
return fr_hex2bin(psk, max_psk_len, buffer, hex_len);
}
if (!conf->psk_identity) {
DEBUG("No static PSK identity set. Rejecting the user");
return 0;
}
/*
* No REQUEST, or no dynamic query. Just look for a
* static identity.
*/
if (strcmp(identity, conf->psk_identity) != 0) {
ERROR("Supplied PSK identity %s does not match configuration. Rejecting.",
identity);
return 0;
}
psk_len = strlen(conf->psk_password);
if (psk_len > (2 * max_psk_len)) return 0;
return fr_hex2bin(psk, max_psk_len, conf->psk_password, psk_len);
}
