211 lines
7.9 KiB
Diff
211 lines
7.9 KiB
Diff
From 8e6485a1bcb0baffdea9e55255a81270b768439c Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Sat, 8 Jul 2023 19:55:32 +0300
|
|
Subject: PEAP client: Update Phase 2 authentication requirements
|
|
|
|
The previous PEAP client behavior allowed the server to skip Phase 2
|
|
authentication with the expectation that the server was authenticated
|
|
during Phase 1 through TLS server certificate validation. Various PEAP
|
|
specifications are not exactly clear on what the behavior on this front
|
|
is supposed to be and as such, this ended up being more flexible than
|
|
the TTLS/FAST/TEAP cases. However, this is not really ideal when
|
|
unfortunately common misconfiguration of PEAP is used in deployed
|
|
devices where the server trust root (ca_cert) is not configured or the
|
|
user has an easy option for allowing this validation step to be skipped.
|
|
|
|
Change the default PEAP client behavior to be to require Phase 2
|
|
authentication to be successfully completed for cases where TLS session
|
|
resumption is not used and the client certificate has not been
|
|
configured. Those two exceptions are the main cases where a deployed
|
|
authentication server might skip Phase 2 and as such, where a more
|
|
strict default behavior could result in undesired interoperability
|
|
issues. Requiring Phase 2 authentication will end up disabling TLS
|
|
session resumption automatically to avoid interoperability issues.
|
|
|
|
Allow Phase 2 authentication behavior to be configured with a new phase1
|
|
configuration parameter option:
|
|
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
|
|
tunnel) behavior for PEAP:
|
|
* 0 = do not require Phase 2 authentication
|
|
* 1 = require Phase 2 authentication when client certificate
|
|
(private_key/client_cert) is no used and TLS session resumption was
|
|
not used (default)
|
|
* 2 = require Phase 2 authentication in all cases
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
src/eap_peer/eap_config.h | 8 ++++++++
|
|
src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++++++++++---
|
|
src/eap_peer/eap_tls_common.c | 6 ++++++
|
|
src/eap_peer/eap_tls_common.h | 5 +++++
|
|
wpa_supplicant/wpa_supplicant.conf | 7 +++++++
|
|
5 files changed, 63 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
|
|
index 26744ab68..58d5a1359 100644
|
|
--- a/src/eap_peer/eap_config.h
|
|
+++ b/src/eap_peer/eap_config.h
|
|
@@ -471,6 +471,14 @@ struct eap_peer_config {
|
|
* 1 = use cryptobinding if server supports it
|
|
* 2 = require cryptobinding
|
|
*
|
|
+ * phase2_auth option can be used to control Phase 2 (i.e., within TLS
|
|
+ * tunnel) behavior for PEAP:
|
|
+ * 0 = do not require Phase 2 authentication
|
|
+ * 1 = require Phase 2 authentication when client certificate
|
|
+ * (private_key/client_cert) is no used and TLS session resumption was
|
|
+ * not used (default)
|
|
+ * 2 = require Phase 2 authentication in all cases
|
|
+ *
|
|
* EAP-WSC (WPS) uses following options: pin=Device_Password and
|
|
* uuid=Device_UUID
|
|
*
|
|
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
|
|
index 12e30df29..608069719 100644
|
|
--- a/src/eap_peer/eap_peap.c
|
|
+++ b/src/eap_peer/eap_peap.c
|
|
@@ -67,6 +67,7 @@ struct eap_peap_data {
|
|
u8 cmk[20];
|
|
int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
|
|
* is enabled. */
|
|
+ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
|
|
};
|
|
|
|
|
|
@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
|
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
|
|
}
|
|
|
|
+ if (os_strstr(phase1, "phase2_auth=0")) {
|
|
+ data->phase2_auth = NO_AUTH;
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "EAP-PEAP: Do not require Phase 2 authentication");
|
|
+ } else if (os_strstr(phase1, "phase2_auth=1")) {
|
|
+ data->phase2_auth = FOR_INITIAL;
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "EAP-PEAP: Require Phase 2 authentication for initial connection");
|
|
+ } else if (os_strstr(phase1, "phase2_auth=2")) {
|
|
+ data->phase2_auth = ALWAYS;
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "EAP-PEAP: Require Phase 2 authentication for all cases");
|
|
+ }
|
|
#ifdef EAP_TNC
|
|
if (os_strstr(phase1, "tnc=soh2")) {
|
|
data->soh = 2;
|
|
@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
|
data->force_peap_version = -1;
|
|
data->peap_outer_success = 2;
|
|
data->crypto_binding = OPTIONAL_BINDING;
|
|
+ data->phase2_auth = FOR_INITIAL;
|
|
|
|
if (config && config->phase1)
|
|
eap_peap_parse_phase1(data, config->phase1);
|
|
@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
|
|
}
|
|
|
|
|
|
+static bool peap_phase2_sufficient(struct eap_sm *sm,
|
|
+ struct eap_peap_data *data)
|
|
+{
|
|
+ if ((data->phase2_auth == ALWAYS ||
|
|
+ (data->phase2_auth == FOR_INITIAL &&
|
|
+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
|
|
+ !data->ssl.client_cert_conf) ||
|
|
+ data->phase2_eap_started) &&
|
|
+ !data->phase2_eap_success)
|
|
+ return false;
|
|
+ return true;
|
|
+}
|
|
+
|
|
+
|
|
/**
|
|
* eap_tlv_process - Process a received EAP-TLV message and generate a response
|
|
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
|
|
@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
|
|
" - force failed Phase 2");
|
|
resp_status = EAP_TLV_RESULT_FAILURE;
|
|
ret->decision = DECISION_FAIL;
|
|
+ } else if (!peap_phase2_sufficient(sm, data)) {
|
|
+ wpa_printf(MSG_INFO,
|
|
+ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
|
|
+ resp_status = EAP_TLV_RESULT_FAILURE;
|
|
+ ret->decision = DECISION_FAIL;
|
|
} else {
|
|
resp_status = EAP_TLV_RESULT_SUCCESS;
|
|
ret->decision = DECISION_UNCOND_SUCC;
|
|
@@ -887,8 +921,7 @@ continue_req:
|
|
/* EAP-Success within TLS tunnel is used to indicate
|
|
* shutdown of the TLS channel. The authentication has
|
|
* been completed. */
|
|
- if (data->phase2_eap_started &&
|
|
- !data->phase2_eap_success) {
|
|
+ if (!peap_phase2_sufficient(sm, data)) {
|
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
|
|
"Success used to indicate success, "
|
|
"but Phase 2 EAP was not yet "
|
|
@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
|
|
static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
|
|
{
|
|
struct eap_peap_data *data = priv;
|
|
+
|
|
return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
|
|
- data->phase2_success;
|
|
+ data->phase2_success && data->phase2_auth != ALWAYS;
|
|
}
|
|
|
|
|
|
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
|
|
index 6193b4bdb..966cbd6c7 100644
|
|
--- a/src/eap_peer/eap_tls_common.c
|
|
+++ b/src/eap_peer/eap_tls_common.c
|
|
@@ -242,6 +242,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
|
|
|
|
sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
|
|
|
|
+ if (!phase2)
|
|
+ data->client_cert_conf = params->client_cert ||
|
|
+ params->client_cert_blob ||
|
|
+ params->private_key ||
|
|
+ params->private_key_blob;
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
|
|
index 9ac00121f..334863413 100644
|
|
--- a/src/eap_peer/eap_tls_common.h
|
|
+++ b/src/eap_peer/eap_tls_common.h
|
|
@@ -79,6 +79,11 @@ struct eap_ssl_data {
|
|
* tls_v13 - Whether TLS v1.3 or newer is used
|
|
*/
|
|
int tls_v13;
|
|
+
|
|
+ /**
|
|
+ * client_cert_conf: Whether client certificate has been configured
|
|
+ */
|
|
+ bool client_cert_conf;
|
|
};
|
|
|
|
|
|
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
|
|
index f0b82443e..1b09f57d3 100644
|
|
--- a/wpa_supplicant/wpa_supplicant.conf
|
|
+++ b/wpa_supplicant/wpa_supplicant.conf
|
|
@@ -1370,6 +1370,13 @@ fast_reauth=1
|
|
# * 0 = do not use cryptobinding (default)
|
|
# * 1 = use cryptobinding if server supports it
|
|
# * 2 = require cryptobinding
|
|
+# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
|
|
+# tunnel) behavior for PEAP:
|
|
+# * 0 = do not require Phase 2 authentication
|
|
+# * 1 = require Phase 2 authentication when client certificate
|
|
+# (private_key/client_cert) is no used and TLS session resumption was
|
|
+# not used (default)
|
|
+# * 2 = require Phase 2 authentication in all cases
|
|
# EAP-WSC (WPS) uses following options: pin=<Device Password> or
|
|
# pbc=1.
|
|
#
|
|
--
|
|
cgit v1.2.3-18-g5258
|
|
|