The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
tls.h
Go to the documentation of this file.
1 #pragma once
2 /*
3  * This program is free software; you can redistribute it and/or modify
4  * it under the terms of the GNU General Public License as published by
5  * the Free Software Foundation; either version 2 of the License, or (at
6  * your option) any later version.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16  */
17 
18 /**
19  * $Id: 5d63710780e3beabd8dcb6610f7c4a32fca5ef58 $
20  * @file lib/eap/tls.h
21  * @brief Generic EAP over TLS API
22  *
23  * @copyright 2001 hereUare Communications, Inc. (raghud@hereuare.com)
24  * @copyright 2003 Alan DeKok (aland@freeradius.org)
25  * @copyright 2006 The FreeRADIUS server project
26  */
27 
28 RCSIDH(lib_eap_tls_h, "$Id: 5d63710780e3beabd8dcb6610f7c4a32fca5ef58 $")
29 USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
30 
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <errno.h>
35 #include <sys/types.h>
36 #include <sys/socket.h>
37 #include <netinet/in.h>
38 #include <netinet/tcp.h>
39 #include <netdb.h>
40 #include <fcntl.h>
41 #include <signal.h>
42 
43 #include <ctype.h>
44 #include <sys/time.h>
45 #include <arpa/inet.h>
46 
47 #ifdef HAVE_UNISTD_H
48 # include <unistd.h>
49 #endif
50 
51 #include <freeradius-devel/server/base.h>
52 #include <freeradius-devel/tls/base.h>
53 #include <freeradius-devel/eap/base.h>
54 
55 #define TLS_HEADER_LEN 4
56 #define TLS_HEADER_LENGTH_FIELD_LEN 4
57 
58 /*
59  * RFC 2716, Section 4.2:
60  *
61  * Flags
62  *
63  * 0 1 2 3 4 5 6 7 8
64  * +-+-+-+-+-+-+-+-+
65  * |L M S R R R R R|
66  * +-+-+-+-+-+-+-+-+
67  *
68  * L = Length included
69  * M = More fragments
70  * S = EAP-TLS start
71  * R = Reserved
72  */
73 #define TLS_RESERVED4(x) (((x) & 0x01) != 0)
74 #define TLS_RESERVED3(x) (((x) & 0x02) != 0)
75 #define TLS_RESERVED2(x) (((x) & 0x04) != 0)
76 #define TLS_RESERVED1(x) (((x) & 0x08) != 0)
77 #define TLS_RESERVED0(x) (((x) & 0x10) != 0)
78 #define TLS_START(x) (((x) & 0x20) != 0)
79 #define TLS_MORE_FRAGMENTS(x) (((x) & 0x40) != 0)
80 #define TLS_LENGTH_INCLUDED(x) (((x) & 0x80) != 0)
81 
82 #define TLS_CHANGE_CIPHER_SPEC(x) (((x) & 0x0014) == 0x0014)
83 #define TLS_ALERT(x) (((x) & 0x0015) == 0x0015)
84 #define TLS_HANDSHAKE(x) (((x) & 0x0016) == 0x0016)
85 
86 #define SET_START(x) ((x) | (0x20))
87 #define SET_MORE_FRAGMENTS(x) ((x) | (0x40))
88 #define SET_LENGTH_INCLUDED(x) ((x) | (0x80))
89 
90 typedef enum {
91  EAP_TLS_INVALID = 0, //!< Invalid, don't reply.
92  EAP_TLS_ESTABLISHED, //!< Session established, send success (or start phase2).
93  EAP_TLS_FAIL, //!< Fail, send fail.
94  EAP_TLS_HANDLED, //!< TLS code has handled it.
95 
96  /*
97  * Composition states, we need to
98  * compose a request of this type.
99  */
100  EAP_TLS_START_SEND, //!< We're starting a new TLS session.
101  EAP_TLS_RECORD_SEND, //!< We're sending a record.
102  EAP_TLS_ACK_SEND, //!< Acknowledge receipt of a record or record fragment.
103 
104  /*
105  * Receive states, we received a
106  * response containing a fragment of a
107  * record.
108  */
109  EAP_TLS_RECORD_RECV_FIRST, //!< Received first fragment of a record.
110  EAP_TLS_RECORD_RECV_MORE, //!< Received additional fragment of a record.
111  EAP_TLS_RECORD_RECV_COMPLETE //!< Received final fragment of a record.
112 } eap_tls_status_t;
113 
114 typedef struct {
115  uint8_t flags;
116  uint8_t data[1];
117 } eap_tls_data_t;
118 
119 /** Tracks the state of an EAP-TLS session
120  *
121  * Contains any EAP-TLS specific state information, such as whether we're
122  * sending/receiving fragments, and the progress of those operations.
123  *
124  * TLS session state is stored in a fr_tls_session_t accessed via the tls_session field.
125  */
126 typedef struct {
127  eap_tls_status_t state; //!< The state of the EAP-TLS session.
128 
129  fr_tls_session_t *tls_session; //!< TLS session used to authenticate peer
130  //!< or tunnel sensitive data.
131 
132  int base_flags; //!< Some protocols use the reserved bits of the EAP-TLS
133  //!< flags (such as PEAP). This allows the base flags to
134  //!< be set.
135 
136  bool phase2; //!< Whether we're in phase 2
137 
138  bool include_length; //!< A flag to include length in every TLS Data/Alert packet.
139  //!< If set to no then only the first fragment contains length.
140 
141  bool authentication_success; //! for methods with inner auth, if the inner auth succeeded.
142 
143  bool record_out_started; //!< Whether a record transfer to the peer is currently
144  //!< in progress.
145  size_t record_out_total_len; //!< Actual/Total TLS message length we're sending.
146 
147  bool record_in_started; //!< Whether a record transfer from the peer is currently
148  //!< in progress.
149  size_t record_in_total_len; //!< How long the peer indicated the complete tls record
150  //!< would be.
151  size_t record_in_recvd_len; //!< How much of the record we've received so far.
152 } eap_tls_session_t;
153 
154 typedef struct {
155  char const *keying_prf_label; //!< PRF label to use for generating keying material.
156  //!< If NULL, no MPPE keys will be generated.
157  size_t keying_prf_label_len; //!< length of the keying PRF label.
158 
159  char const *sessid_prf_label; //!< PRF label to use when generating the session ID.
160  //!< If NULL, session ID will be based on client/server randoms.
161  size_t sessid_prf_label_len; //!< Length of the session ID PRF label.
162 
163  uint8_t context[1]; //!< for TLS 1.3 context, is the EAP Type code
164  size_t context_len; //!< length of the context
165 
166  int use_context; //!< for SSL_export_keying_material().
167 } eap_tls_prf_label_t;
168 
169 extern fr_table_num_ordered_t const eap_tls_status_table[];
170 extern size_t eap_tls_status_table_len;
171 
172 /*
173  * Externally exported TLS functions.
174  */
175 unlang_action_t eap_tls_process(request_t *request, eap_session_t *eap_session) CC_HINT(nonnull);
176 
177 int eap_tls_start(request_t *request, eap_session_t *eap_session) CC_HINT(nonnull);
178 
179 int eap_tls_success(request_t *request, eap_session_t *eap_session, eap_tls_prf_label_t *prf_label) CC_HINT(nonnull(1,2));
180 
181 int eap_tls_fail(request_t *request, eap_session_t *eap_session) CC_HINT(nonnull);
182 
183 int eap_tls_request(request_t *request, eap_session_t *eap_session) CC_HINT(nonnull);
184 
185 int eap_tls_compose(request_t *request, eap_session_t *eap_session,
186  eap_tls_status_t status, uint8_t flags,
187  fr_tls_record_t *record, size_t record_len, size_t frag_len);
188 
189 /* MPPE key generation */
190 void eap_crypto_prf_label_init(eap_tls_prf_label_t *prf_label, eap_session_t *eap_session,
191  char const *keying_prf_label, size_t keying_prf_label_len);
192 
193 int eap_crypto_mppe_keys(request_t *request, SSL *ssl, eap_tls_prf_label_t *prf_label) CC_HINT(nonnull);
194 
195 int eap_crypto_tls_session_id(TALLOC_CTX *ctx, request_t *request,
196  SSL *ssl, eap_tls_prf_label_t *prf_label, uint8_t **out,
197  uint8_t eap_type);
198 
199 /* EAP-TLS framework */
200 eap_tls_session_t *eap_tls_session_init(request_t *request, eap_session_t *eap_session,
201  SSL_CTX *ssl_ctx, bool client_cert) CC_HINT(nonnull);
202 
203 
204 fr_tls_conf_t *eap_tls_conf_parse(CONF_SECTION *cs, char const *key) CC_HINT(nonnull);
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
context
static int context
Definition: radmin.c:71
USES_APPLE_DEPRECATED_API
#define USES_APPLE_DEPRECATED_API
Definition: build.h:468
RCSIDH
#define RCSIDH(h, id)
Definition: build.h:482
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
eap_type
eap_type
Definition: types.h:44
eap_session_s
Tracks the progress of a single session of any EAP method.
Definition: session.h:40
uint8_t
unsigned char uint8_t
Definition: merged_model.c:30
request_t
Definition: merged_model.c:210
signal.h
Signals that can be sent to a request.
fr_table_num_ordered_t
An element in an arbitrarily ordered array of name to num mappings.
Definition: table.h:57
eap_tls_session_t::base_flags
int base_flags
Some protocols use the reserved bits of the EAP-TLS flags (such as PEAP).
Definition: tls.h:132
eap_tls_session_t::state
eap_tls_status_t state
The state of the EAP-TLS session.
Definition: tls.h:127
eap_tls_session_t::phase2
bool phase2
Whether we're in phase 2.
Definition: tls.h:136
eap_tls_status_t
eap_tls_status_t
Definition: tls.h:90
EAP_TLS_RECORD_RECV_FIRST
@ EAP_TLS_RECORD_RECV_FIRST
Received first fragment of a record.
Definition: tls.h:109
EAP_TLS_INVALID
@ EAP_TLS_INVALID
Invalid, don't reply.
Definition: tls.h:91
EAP_TLS_HANDLED
@ EAP_TLS_HANDLED
TLS code has handled it.
Definition: tls.h:94
EAP_TLS_RECORD_RECV_MORE
@ EAP_TLS_RECORD_RECV_MORE
Received additional fragment of a record.
Definition: tls.h:110
EAP_TLS_ACK_SEND
@ EAP_TLS_ACK_SEND
Acknowledge receipt of a record or record fragment.
Definition: tls.h:102
EAP_TLS_RECORD_SEND
@ EAP_TLS_RECORD_SEND
We're sending a record.
Definition: tls.h:101
EAP_TLS_RECORD_RECV_COMPLETE
@ EAP_TLS_RECORD_RECV_COMPLETE
Received final fragment of a record.
Definition: tls.h:111
EAP_TLS_START_SEND
@ EAP_TLS_START_SEND
We're starting a new TLS session.
Definition: tls.h:100
EAP_TLS_FAIL
@ EAP_TLS_FAIL
Fail, send fail.
Definition: tls.h:93
EAP_TLS_ESTABLISHED
@ EAP_TLS_ESTABLISHED
Session established, send success (or start phase2).
Definition: tls.h:92
eap_tls_session_t::tls_session
fr_tls_session_t * tls_session
TLS session used to authenticate peer or tunnel sensitive data.
Definition: tls.h:129
eap_tls_session_init
eap_tls_session_t * eap_tls_session_init(request_t *request, eap_session_t *eap_session, SSL_CTX *ssl_ctx, bool client_cert)
Create a new fr_tls_session_t associated with an eap_session_t.
Definition: tls.c:1131
eap_tls_prf_label_t::keying_prf_label_len
size_t keying_prf_label_len
length of the keying PRF label.
Definition: tls.h:157
eap_tls_session_t::record_in_started
bool record_in_started
Whether a record transfer from the peer is currently in progress.
Definition: tls.h:147
eap_tls_session_t::record_out_total_len
size_t record_out_total_len
Actual/Total TLS message length we're sending.
Definition: tls.h:145
eap_tls_data_t::flags
uint8_t flags
Definition: tls.h:115
eap_tls_prf_label_t::keying_prf_label
char const * keying_prf_label
PRF label to use for generating keying material.
Definition: tls.h:155
eap_tls_compose
int eap_tls_compose(request_t *request, eap_session_t *eap_session, eap_tls_status_t status, uint8_t flags, fr_tls_record_t *record, size_t record_len, size_t frag_len)
Convert the EAP-TLS reply packet into an EAP packet.
Definition: tls.c:114
eap_crypto_prf_label_init
void eap_crypto_prf_label_init(eap_tls_prf_label_t *prf_label, eap_session_t *eap_session, char const *keying_prf_label, size_t keying_prf_label_len)
Initialize the PRF label fields.
Definition: crypto.c:48
eap_tls_status_table
fr_table_num_ordered_t const eap_tls_status_table[]
Definition: tls.c:80
eap_tls_prf_label_t::context_len
size_t context_len
length of the context
Definition: tls.h:164
eap_tls_session_t::record_in_total_len
size_t record_in_total_len
How long the peer indicated the complete tls record would be.
Definition: tls.h:149
eap_tls_status_table_len
size_t eap_tls_status_table_len
Definition: tls.c:94
eap_crypto_mppe_keys
int eap_crypto_mppe_keys(request_t *request, SSL *ssl, eap_tls_prf_label_t *prf_label)
Generate keys according to RFC 5216 and add to the reply.
Definition: crypto.c:85
eap_tls_start
int eap_tls_start(request_t *request, eap_session_t *eap_session)
Send an initial EAP-TLS request to the peer.
Definition: tls.c:239
eap_tls_request
int eap_tls_request(request_t *request, eap_session_t *eap_session)
Frames the OpenSSL data that needs to be sent to the client in an EAP-Request.
Definition: tls.c:372
eap_tls_success
int eap_tls_success(request_t *request, eap_session_t *eap_session, eap_tls_prf_label_t *prf_label))
Send an EAP-TLS success.
Definition: tls.c:264
eap_tls_fail
int eap_tls_fail(request_t *request, eap_session_t *eap_session)
Send an EAP-TLS failure.
Definition: tls.c:322
eap_tls_prf_label_t::sessid_prf_label
char const * sessid_prf_label
PRF label to use when generating the session ID.
Definition: tls.h:159
eap_tls_conf_parse
fr_tls_conf_t * eap_tls_conf_parse(CONF_SECTION *cs, char const *key)
Parse TLS configuration.
Definition: tls.c:1231
eap_tls_session_t::record_out_started
bool record_out_started
for methods with inner auth, if the inner auth succeeded.
Definition: tls.h:143
eap_tls_session_t::record_in_recvd_len
size_t record_in_recvd_len
How much of the record we've received so far.
Definition: tls.h:151
eap_tls_prf_label_t::use_context
int use_context
for SSL_export_keying_material().
Definition: tls.h:166
eap_crypto_tls_session_id
int eap_crypto_tls_session_id(TALLOC_CTX *ctx, request_t *request, SSL *ssl, eap_tls_prf_label_t *prf_label, uint8_t **out, uint8_t eap_type)
Definition: crypto.c:132
eap_tls_session_t::authentication_success
bool authentication_success
Definition: tls.h:141
eap_tls_prf_label_t::sessid_prf_label_len
size_t sessid_prf_label_len
Length of the session ID PRF label.
Definition: tls.h:161
eap_tls_session_t::include_length
bool include_length
A flag to include length in every TLS Data/Alert packet.
Definition: tls.h:138
eap_tls_process
unlang_action_t eap_tls_process(request_t *request, eap_session_t *eap_session)
Process an EAP TLS request.
Definition: tls.c:963
eap_tls_data_t
Definition: tls.h:114
eap_tls_prf_label_t
Definition: tls.h:154
eap_tls_session_t
Tracks the state of an EAP-TLS session.
Definition: tls.h:126
data
static fr_slen_t data
Definition: value.h:1265
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition: value.h:997
Generated by   doxygen 1.9.1