Silently discard encrypted attributes if we're sending them too early

FreeRADIUS · Dec 14, 2017 · 668fa4f · 668fa4f
1 parent d2801e6
commit 668fa4f
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 0 deletions.
diff --git a/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h b/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h
@@ -45,6 +45,7 @@ typedef enum {
 
 typedef struct {
 	eap_aka_server_state_t		state;			//!< Current session state.
+	bool				allow_encrypted;	//!< Whether we can send encrypted attributes.
 	bool				challenge_success;	//!< Whether we received the correct
 								///< challenge response.
 

diff --git a/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c b/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c
@@ -78,12 +78,25 @@ static int eap_aka_compose(eap_session_t *eap_session)
 					.hmac_extra = NULL,
 					.hmac_extra_len = 0
 				};
+	fr_dict_attr_t const	*encr = fr_dict_attr_child_by_num(dict_sim_root, FR_EAP_AKA_ENCR_DATA);
 
 	fr_pair_cursor_init(&cursor, &eap_session->request->reply->vps);
 	fr_pair_cursor_init(&to_encode, &head);
 
 	while ((fr_pair_cursor_next_by_ancestor(&cursor, dict_aka_root, TAG_ANY))) {
 		vp = fr_pair_cursor_remove(&cursor);
+
+		/*
+		 *	Silently discard encrypted attributes until
+		 *	the peer should have k_encr.  These can be
+		 *	added by policy, and seem to cause
+		 *	wpa_supplicant to fail if sent before the challenge.
+		 */
+		if (!eap_aka_session->allow_encrypted && fr_dict_parent_common(encr, vp->da, true)) {
+			talloc_free(vp);
+			continue;
+		}
+
 		fr_pair_cursor_append(&to_encode, vp);
 	}
 
@@ -139,6 +152,7 @@ static int eap_aka_send_identity_request(eap_session_t *eap_session)
 
 	RDEBUG2("Sending AKA-Identity (%s)", fr_int2str(sim_id_request_table, eap_aka_session->id_req, "<INVALID>"));
 	eap_session->this_round->request->code = FR_EAP_CODE_REQUEST;
+	eap_aka_session->allow_encrypted = false;	/* In case this is after failed fast-resumption */
 
 	packet = request->reply;
 	fr_cursor_init(&cursor, &packet->vps);
@@ -371,6 +385,12 @@ static int eap_aka_send_challenge(eap_session_t *eap_session)
 	}
 	fr_pair_replace(to_peer, vp);
 
+	/*
+	 *	We've sent the challenge so the peer should now be able
+	 *	to accept encrypted attributes.
+	 */
+	eap_aka_session->allow_encrypted = true;
+
 	/*
 	 *	Encode the packet
 	 */

diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h b/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h
@@ -44,6 +44,8 @@ typedef enum {
 
 typedef struct {
 	eap_sim_server_state_t		state;			//!< Current session state.
+
+	bool				allow_encrypted;	//!< Whether we can send encrypted attributes.
 	bool				challenge_success;	//!< Whether we received the correct
 								///< challenge response.
 

diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c
@@ -80,6 +80,7 @@ static int eap_sim_compose(eap_session_t *eap_session, uint8_t const *hmac_extra
 				};
 
 	ssize_t			ret;
+	fr_dict_attr_t const	*encr = fr_dict_attr_child_by_num(dict_sim_root, FR_EAP_SIM_ENCR_DATA);
 
 	/* we will set the ID on requests, since we have to HMAC it */
 	eap_session->this_round->set_request_id = true;
@@ -89,6 +90,18 @@ static int eap_sim_compose(eap_session_t *eap_session, uint8_t const *hmac_extra
 
 	while ((fr_pair_cursor_next_by_ancestor(&cursor, dict_sim_root, TAG_ANY))) {
 		vp = fr_pair_cursor_remove(&cursor);
+
+		/*
+		 *	Silently discard encrypted attributes until
+		 *	the peer should have k_encr.  These can be
+		 *	added by policy, and seem to cause
+		 *	wpa_supplicant to fail if sent before the challenge.
+		 */
+		if (!eap_sim_session->allow_encrypted && fr_dict_parent_common(encr, vp->da, true)) {
+			talloc_free(vp);
+			continue;
+		}
+
 		fr_pair_cursor_append(&to_encode, vp);
 	}
 
@@ -123,6 +136,7 @@ static int eap_sim_send_start(eap_session_t *eap_session)
 
 	RDEBUG2("Sending SIM-State");
 	eap_session->this_round->request->code = FR_EAP_CODE_REQUEST;
+	eap_sim_session->allow_encrypted = false;	/* In case this is after failed fast-resumption */
 
 	/* these are the outgoing attributes */
 	packet = eap_session->request->reply;
@@ -267,6 +281,12 @@ static int eap_sim_send_challenge(eap_session_t *eap_session)
 	vp = fr_pair_afrom_child_num(packet, dict_sim_root, FR_EAP_SIM_MAC);
 	fr_pair_replace(to_peer, vp);
 
+	/*
+	 *	We've sent the challenge so the peer should now be able
+	 *	to accept encrypted attributes.
+	 */
+	eap_sim_session->allow_encrypted = true;
+
 	/*
 	 *	Encode the packet
 	 */