static void eap_eke_process_failure(struct eap_sm *sm,
struct eap_eke_data *data,
const struct wpabuf *respData,
const u8 *payload, size_t payloadlen)
{
u32 code;
wpa_printf(MSG_DEBUG, "EAP-EKE: Received Response/Failure");
if (payloadlen < 4) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Failure");
eap_eke_state(data, FAILURE);
return;
}
code = WPA_GET_BE32(payload);
wpa_printf(MSG_DEBUG, "EAP-EKE: Peer reported failure code 0x%x", code);
eap_eke_state(data, FAILURE);
}
static struct wpabuf * eap_eke_build_failure(struct eap_eke_data *data, u8 id)
{
struct wpabuf *msg;
wpa_printf(MSG_DEBUG, "EAP-EKE: Request/Failure: Failure-Code=0x%x",
data->failure_code);
msg = eap_eke_build_msg(data, id, 4, EAP_EKE_FAILURE);
if (msg == NULL) {
eap_eke_state(data, FAILURE);
return NULL;
}
wpabuf_put_be32(msg, data->failure_code);
return msg;
}
static void * eap_eke_init(struct eap_sm *sm)
{
struct eap_eke_data *data;
size_t i;
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
eap_eke_state(data, IDENTITY);
data->serverid_type = EAP_EKE_ID_OPAQUE;
for (i = 0; i < sm->server_id_len; i++) {
if (sm->server_id[i] == '.' &&
data->serverid_type == EAP_EKE_ID_OPAQUE)
data->serverid_type = EAP_EKE_ID_FQDN;
if (sm->server_id[i] == '@')
data->serverid_type = EAP_EKE_ID_NAI;
}
data->phase2 = sm->init_phase2;
return data;
}
static struct wpabuf * eap_eke_build_fail(struct eap_eke_data *data,
struct eap_method_ret *ret,
u8 id, u32 failure_code)
{
struct wpabuf *resp;
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Failure/Response - code=0x%x",
failure_code);
resp = eap_eke_build_msg(data, id, 4, EAP_EKE_FAILURE);
if (resp)
wpabuf_put_be32(resp, failure_code);
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
eap_eke_session_clean(&data->sess);
eap_eke_state(data, FAILURE);
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
ret->allowNotifications = FALSE;
return resp;
}
static void eap_eke_fail(struct eap_eke_data *data, u32 code)
{
wpa_printf(MSG_DEBUG, "EAP-EKE: Failure - code 0x%x", code);
data->failure_code = code;
eap_eke_state(data, FAILURE_REPORT);
}
static void eap_eke_process_confirm(struct eap_sm *sm,
struct eap_eke_data *data,
const struct wpabuf *respData,
const u8 *payload, size_t payloadlen)
{
size_t decrypt_len;
u8 nonce[EAP_EKE_MAX_NONCE_LEN];
u8 auth_p[EAP_EKE_MAX_HASH_LEN];
wpa_printf(MSG_DEBUG, "EAP-EKE: Received Response/Confirm");
if (data->state != CONFIRM) {
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received Response/Confirm");
if (payloadlen < (size_t) data->sess.pnonce_len + data->sess.prf_len) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
decrypt_len = sizeof(nonce);
if (eap_eke_decrypt_prot(&data->sess, payload, data->sess.pnonce_len,
nonce, &decrypt_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_S");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
if (decrypt_len < (size_t) data->sess.nonce_len) {
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_S protected data too short to include Nonce_S");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_S",
nonce, data->sess.nonce_len);
if (os_memcmp(nonce, data->nonce_s, data->sess.nonce_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_S does not match previously sent Nonce_S");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth_p) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Could not derive Auth_P");
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth_p, data->sess.prf_len);
if (os_memcmp_const(auth_p, payload + data->sess.pnonce_len,
data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_P does not match");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
if (eap_eke_derive_msk(&data->sess, sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len,
data->nonce_s, data->nonce_p,
data->msk, data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
os_memset(data->key, 0, sizeof(data->key));
eap_eke_session_clean(&data->sess);
eap_eke_state(data, SUCCESS);
}
static void eap_eke_process_commit(struct eap_sm *sm,
struct eap_eke_data *data,
const struct wpabuf *respData,
const u8 *payload, size_t payloadlen)
{
const u8 *pos, *end, *dhcomp, *pnonce;
size_t decrypt_len;
wpa_printf(MSG_DEBUG, "EAP-EKE: Received Response/Commit");
if (data->state != COMMIT) {
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
pos = payload;
end = payload + payloadlen;
if (pos + data->sess.dhcomp_len + data->sess.pnonce_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
pos, data->sess.dhcomp_len);
dhcomp = pos;
pos += data->sess.dhcomp_len;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P", pos, data->sess.pnonce_len);
pnonce = pos;
pos += data->sess.pnonce_len;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
if (eap_eke_shared_secret(&data->sess, data->key, data->dh_priv, dhcomp)
< 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
if (eap_eke_derive_ke_ki(&data->sess,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
decrypt_len = sizeof(data->nonce_p);
if (eap_eke_decrypt_prot(&data->sess, pnonce, data->sess.pnonce_len,
data->nonce_p, &decrypt_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_P");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
if (decrypt_len < (size_t) data->sess.nonce_len) {
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_P protected data too short to include Nonce_P");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
data->nonce_p, data->sess.nonce_len);
if (wpabuf_resize(&data->msgs, wpabuf_len(respData)) < 0) {
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
wpabuf_put_buf(data->msgs, respData);
eap_eke_state(data, CONFIRM);
}
static void eap_eke_process_identity(struct eap_sm *sm,
struct eap_eke_data *data,
const struct wpabuf *respData,
const u8 *payload, size_t payloadlen)
{
const u8 *pos, *end;
int i;
wpa_printf(MSG_DEBUG, "EAP-EKE: Received Response/Identity");
if (data->state != IDENTITY) {
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
pos = payload;
end = payload + payloadlen;
if (pos + 2 + 4 + 1 > end) {
wpa_printf(MSG_INFO, "EAP-EKE: Too short EAP-EKE-ID payload");
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
if (*pos != 1) {
wpa_printf(MSG_INFO, "EAP-EKE: Unexpected NumProposals %d (expected 1)",
*pos);
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
pos += 2;
if (!supported_proposal(pos)) {
wpa_printf(MSG_INFO, "EAP-EKE: Unexpected Proposal (%u:%u:%u:%u)",
pos[0], pos[1], pos[2], pos[3]);
eap_eke_fail(data, EAP_EKE_FAIL_PROTO_ERROR);
return;
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Selected Proposal (%u:%u:%u:%u)",
pos[0], pos[1], pos[2], pos[3]);
if (eap_eke_session_init(&data->sess, pos[0], pos[1], pos[2], pos[3]) <
0) {
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
pos += 4;
data->peerid_type = *pos++;
os_free(data->peerid);
data->peerid = os_memdup(pos, end - pos);
if (data->peerid == NULL) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to allocate memory for peerid");
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
data->peerid_len = end - pos;
wpa_printf(MSG_DEBUG, "EAP-EKE: Peer IDType %u", data->peerid_type);
wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Peer Identity",
data->peerid, data->peerid_len);
if (eap_user_get(sm, data->peerid, data->peerid_len, data->phase2)) {
wpa_printf(MSG_INFO, "EAP-EKE: Peer Identity not found from user database");
eap_eke_fail(data, EAP_EKE_FAIL_PASSWD_NOT_FOUND);
return;
}
for (i = 0; i < EAP_MAX_METHODS; i++) {
if (sm->user->methods[i].vendor == EAP_VENDOR_IETF &&
sm->user->methods[i].method == EAP_TYPE_EKE)
break;
}
if (i == EAP_MAX_METHODS) {
wpa_printf(MSG_INFO, "EAP-EKE: Matching user entry does not allow EAP-EKE");
eap_eke_fail(data, EAP_EKE_FAIL_PASSWD_NOT_FOUND);
return;
}
if (sm->user->password == NULL || sm->user->password_len == 0) {
wpa_printf(MSG_INFO, "EAP-EKE: No password configured for peer");
eap_eke_fail(data, EAP_EKE_FAIL_PASSWD_NOT_FOUND);
return;
}
if (wpabuf_resize(&data->msgs, wpabuf_len(respData)) < 0) {
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return;
}
wpabuf_put_buf(data->msgs, respData);
eap_eke_state(data, COMMIT);
}
static void * eap_eke_init(struct eap_sm *sm)
{
struct eap_eke_data *data;
const u8 *identity, *password;
size_t identity_len, password_len;
const char *phase1;
password = eap_get_config_password(sm, &password_len);
if (!password) {
wpa_printf(MSG_INFO, "EAP-EKE: No password configured");
return NULL;
}
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
eap_eke_state(data, IDENTITY);
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
data->peerid = os_malloc(identity_len);
if (data->peerid == NULL) {
eap_eke_deinit(sm, data);
return NULL;
}
os_memcpy(data->peerid, identity, identity_len);
data->peerid_len = identity_len;
}
phase1 = eap_get_config_phase1(sm);
if (phase1) {
const char *pos;
pos = os_strstr(phase1, "dhgroup=");
if (pos) {
data->dhgroup = atoi(pos + 8);
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced dhgroup %u",
data->dhgroup);
}
pos = os_strstr(phase1, "encr=");
if (pos) {
data->encr = atoi(pos + 5);
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced encr %u",
data->encr);
}
pos = os_strstr(phase1, "prf=");
if (pos) {
data->prf = atoi(pos + 4);
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced prf %u",
data->prf);
}
pos = os_strstr(phase1, "mac=");
if (pos) {
data->mac = atoi(pos + 4);
wpa_printf(MSG_DEBUG, "EAP-EKE: Forced mac %u",
data->mac);
}
}
return data;
}
static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct wpabuf *resp;
const u8 *pos, *end;
size_t prot_len;
u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
u8 auth_s[EAP_EKE_MAX_HASH_LEN];
size_t decrypt_len;
u8 *auth;
u8 id = eap_get_id(reqData);
if (data->state != CONFIRM) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
data->state);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Confirm/Request");
pos = payload;
end = payload + payload_len;
if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
decrypt_len = sizeof(nonces);
if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
nonces, &decrypt_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
nonces, 2 * data->sess.nonce_len);
if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match transmitted Nonce_P");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
os_memcpy(data->nonce_s, nonces + data->sess.nonce_len,
data->sess.nonce_len);
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
data->nonce_s, data->sess.nonce_len);
if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
data->peerid, data->peerid_len,
data->nonce_p, data->nonce_s) < 0) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
{
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
resp = eap_eke_build_msg(data, id,
data->sess.pnonce_len + data->sess.prf_len,
EAP_EKE_CONFIRM);
if (resp == NULL) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
prot_len = wpabuf_tailroom(resp);
if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put(resp, prot_len);
auth = wpabuf_put(resp, data->sess.prf_len);
if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
if (eap_eke_derive_msk(&data->sess, data->serverid, data->serverid_len,
data->peerid, data->peerid_len,
data->nonce_s, data->nonce_p,
data->msk, data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
eap_eke_session_clean(&data->sess);
eap_eke_state(data, SUCCESS);
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC;
ret->allowNotifications = FALSE;
return resp;
}
static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct wpabuf *resp;
const u8 *pos, *end, *dhcomp;
size_t prot_len;
u8 *rpos;
u8 key[EAP_EKE_MAX_KEY_LEN];
u8 pub[EAP_EKE_MAX_DH_LEN];
const u8 *password;
size_t password_len;
u8 id = eap_get_id(reqData);
if (data->state != COMMIT) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Commit/Request");
password = eap_get_config_password(sm, &password_len);
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PASSWD_NOT_FOUND);
}
pos = payload;
end = payload + payload_len;
if (pos + data->sess.dhcomp_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_S",
pos, data->sess.dhcomp_len);
dhcomp = pos;
pos += data->sess.dhcomp_len;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
/*
* temp = prf(0+, password)
* key = prf+(temp, ID_S | ID_P)
*/
if (eap_eke_derive_key(&data->sess, password, password_len,
data->serverid, data->serverid_len,
data->peerid, data->peerid_len, key) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
/*
* y_p = g ^ x_p (mod p)
* x_p = random number 2 .. p-1
*/
if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
{
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_derive_ke_ki(&data->sess,
data->serverid, data->serverid_len,
data->peerid, data->peerid_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
resp = eap_eke_build_msg(data, id,
data->sess.dhcomp_len + data->sess.pnonce_len,
EAP_EKE_COMMIT);
if (resp == NULL) {
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
/* DHComponent_P = Encr(key, y_p) */
rpos = wpabuf_put(resp, data->sess.dhcomp_len);
if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
wpabuf_free(resp);
wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memset(key, 0, sizeof(key));
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
rpos, data->sess.dhcomp_len);
if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
data->nonce_p, data->sess.nonce_len);
prot_len = wpabuf_tailroom(resp);
if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
wpabuf_put(resp, 0), prot_len);
wpabuf_put(resp, prot_len);
/* TODO: CBValue */
if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
< 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_buf(data->msgs, reqData);
wpabuf_put_buf(data->msgs, resp);
eap_eke_state(data, CONFIRM);
return resp;
}
static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct wpabuf *resp;
unsigned num_prop, i;
const u8 *pos, *end;
const u8 *prop = NULL;
u8 idtype;
u8 id = eap_get_id(reqData);
if (data->state != IDENTITY) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-ID/Request");
if (payload_len < 2 + 4) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
pos = payload;
end = payload + payload_len;
num_prop = *pos++;
pos++; /* Ignore Reserved field */
if (pos + num_prop * 4 > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data (num_prop=%u)",
num_prop);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
for (i = 0; i < num_prop; i++) {
const u8 *tmp = pos;
wpa_printf(MSG_DEBUG, "EAP-EKE: Proposal #%u: dh=%u encr=%u prf=%u mac=%u",
i, pos[0], pos[1], pos[2], pos[3]);
pos += 4;
if ((data->dhgroup && data->dhgroup != *tmp) ||
!eap_eke_supp_dhgroup(*tmp))
continue;
tmp++;
if ((data->encr && data->encr != *tmp) ||
!eap_eke_supp_encr(*tmp))
continue;
tmp++;
if ((data->prf && data->prf != *tmp) ||
!eap_eke_supp_prf(*tmp))
continue;
tmp++;
if ((data->mac && data->mac != *tmp) ||
!eap_eke_supp_mac(*tmp))
continue;
prop = tmp - 3;
if (eap_eke_session_init(&data->sess, prop[0], prop[1], prop[2],
prop[3]) < 0) {
prop = NULL;
continue;
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Selected proposal");
break;
}
if (prop == NULL) {
wpa_printf(MSG_DEBUG, "EAP-EKE: No acceptable proposal found");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN);
}
pos += (num_prop - i - 1) * 4;
if (pos == end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data to include IDType/Identity");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
idtype = *pos++;
wpa_printf(MSG_DEBUG, "EAP-EKE: Server IDType %u", idtype);
wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Server Identity",
pos, end - pos);
os_free(data->serverid);
data->serverid = os_malloc(end - pos);
if (data->serverid == NULL) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memcpy(data->serverid, pos, end - pos);
data->serverid_len = end - pos;
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response");
resp = eap_eke_build_msg(data, id,
2 + 4 + 1 + data->peerid_len,
EAP_EKE_ID);
if (resp == NULL) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_u8(resp, 1); /* NumProposals */
wpabuf_put_u8(resp, 0); /* Reserved */
wpabuf_put_data(resp, prop, 4); /* Selected Proposal */
wpabuf_put_u8(resp, EAP_EKE_ID_NAI);
if (data->peerid)
wpabuf_put_data(resp, data->peerid, data->peerid_len);
wpabuf_free(data->msgs);
data->msgs = wpabuf_alloc(wpabuf_len(reqData) + wpabuf_len(resp));
if (data->msgs == NULL) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_buf(data->msgs, reqData);
wpabuf_put_buf(data->msgs, resp);
eap_eke_state(data, COMMIT);
return resp;
}
