esp-idf/components/lwip/netif/ppp/eap.c

2430 lines
61 KiB
C
Raw Normal View History

2016-08-17 11:08:22 -04:00
/*
* eap.c - Extensible Authentication Protocol for PPP (RFC 2284)
*
* Copyright (c) 2001 by Sun Microsystems, Inc.
* All rights reserved.
*
* Non-exclusive rights to redistribute, modify, translate, and use
* this software in source and binary forms, in whole or in part, is
* hereby granted, provided that the above copyright notice is
* duplicated in any source form, and that neither the name of the
* copyright holder nor the author is used to endorse or promote
* products derived from this software.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Original version by James Carlson
*
* This implementation of EAP supports MD5-Challenge and SRP-SHA1
* authentication styles. Note that support of MD5-Challenge is a
* requirement of RFC 2284, and that it's essentially just a
* reimplementation of regular RFC 1994 CHAP using EAP messages.
*
* As an authenticator ("server"), there are multiple phases for each
* style. In the first phase of each style, the unauthenticated peer
* name is queried using the EAP Identity request type. If the
* "remotename" option is used, then this phase is skipped, because
* the peer's name is presumed to be known.
*
* For MD5-Challenge, there are two phases, and the second phase
* consists of sending the challenge itself and handling the
* associated response.
*
* For SRP-SHA1, there are four phases. The second sends 's', 'N',
* and 'g'. The reply contains 'A'. The third sends 'B', and the
* reply contains 'M1'. The forth sends the 'M2' value.
*
* As an authenticatee ("client"), there's just a single phase --
* responding to the queries generated by the peer. EAP is an
* authenticator-driven protocol.
*
* Based on draft-ietf-pppext-eap-srp-03.txt.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "netif/ppp/ppp_impl.h"
#if LWIP_INCLUDED_POLARSSL_MD5
#include "netif/ppp/polarssl/md5.h"
#else
#include "polarssl/md5.h"
#endif
#include "netif/ppp/eap.h"
#include "netif/ppp/magic.h"
#ifdef USE_SRP
#include <t_pwd.h>
#include <t_server.h>
#include <t_client.h>
#include "netif/ppp/pppcrypt.h"
#endif /* USE_SRP */
#ifndef SHA_DIGESTSIZE
#define SHA_DIGESTSIZE 20
#endif
#ifdef USE_SRP
static char *pn_secret = NULL; /* Pseudonym generating secret */
#endif
#if PPP_OPTIONS
/*
* Command-line options.
*/
static option_t eap_option_list[] = {
{ "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
"Set retransmit timeout for EAP Requests (server)" },
{ "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
"Set max number of EAP Requests sent (server)" },
{ "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout,
"Set time limit for peer EAP authentication" },
{ "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests,
"Set max number of EAP Requests allows (client)" },
{ "eap-interval", o_int, &eap_states[0].es_rechallenge,
"Set interval for EAP rechallenge" },
#ifdef USE_SRP
{ "srp-interval", o_int, &eap_states[0].es_lwrechallenge,
"Set interval for SRP lightweight rechallenge" },
{ "srp-pn-secret", o_string, &pn_secret,
"Long term pseudonym generation secret" },
{ "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo,
"Use pseudonym if offered one by server", 1 },
#endif
{ NULL }
};
#endif /* PPP_OPTIONS */
/*
* Protocol entry points.
*/
static void eap_init(ppp_pcb *pcb);
static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen);
static void eap_protrej(ppp_pcb *pcb);
static void eap_lowerup(ppp_pcb *pcb);
static void eap_lowerdown(ppp_pcb *pcb);
#if PRINTPKT_SUPPORT
static int eap_printpkt(const u_char *inp, int inlen,
void (*)(void *arg, const char *fmt, ...), void *arg);
#endif /* PRINTPKT_SUPPORT */
const struct protent eap_protent = {
PPP_EAP, /* protocol number */
eap_init, /* initialization procedure */
eap_input, /* process a received packet */
eap_protrej, /* process a received protocol-reject */
eap_lowerup, /* lower layer has gone up */
eap_lowerdown, /* lower layer has gone down */
NULL, /* open the protocol */
NULL, /* close the protocol */
#if PRINTPKT_SUPPORT
eap_printpkt, /* print a packet in readable form */
#endif /* PRINTPKT_SUPPORT */
#if PPP_DATAINPUT
NULL, /* process a received data packet */
#endif /* PPP_DATAINPUT */
#if PRINTPKT_SUPPORT
"EAP", /* text name of protocol */
NULL, /* text name of corresponding data protocol */
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
eap_option_list, /* list of command-line options */
NULL, /* check requested options; assign defaults */
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
NULL, /* configure interface for demand-dial */
NULL /* say whether to bring up link for this pkt */
#endif /* DEMAND_SUPPORT */
};
#ifdef USE_SRP
/*
* A well-known 2048 bit modulus.
*/
static const u_char wkmodulus[] = {
0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B,
0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F,
0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07,
0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50,
0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED,
0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D,
0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D,
0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50,
0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3,
0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8,
0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8,
0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA,
0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74,
0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7,
0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B,
0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16,
0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A,
0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48,
0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D,
0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA,
0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78,
0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6,
0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29,
0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8,
0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6,
0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4,
0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75,
0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2,
0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73
};
#endif
#if PPP_SERVER
/* Local forward declarations. */
static void eap_server_timeout(void *arg);
#endif /* PPP_SERVER */
/*
* Convert EAP state code to printable string for debug.
*/
static const char * eap_state_name(enum eap_state_code esc)
{
static const char *state_names[] = { EAP_STATES };
return (state_names[(int)esc]);
}
/*
* eap_init - Initialize state for an EAP user. This is currently
* called once by main() during start-up.
*/
static void eap_init(ppp_pcb *pcb) {
BZERO(&pcb->eap, sizeof(eap_state));
#if PPP_SERVER
pcb->eap.es_server.ea_id = magic();
#endif /* PPP_SERVER */
}
/*
* eap_client_timeout - Give up waiting for the peer to send any
* Request messages.
*/
static void eap_client_timeout(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (!eap_client_active(pcb))
return;
ppp_error("EAP: timeout waiting for Request from peer");
auth_withpeer_fail(pcb, PPP_EAP);
pcb->eap.es_client.ea_state = eapBadAuth;
}
/*
* eap_authwithpeer - Authenticate to our peer (behave as client).
*
* Start client state and wait for requests. This is called only
* after eap_lowerup.
*/
void eap_authwithpeer(ppp_pcb *pcb, const char *localname) {
if(NULL == localname)
return;
/* Save the peer name we're given */
pcb->eap.es_client.ea_name = localname;
pcb->eap.es_client.ea_namelen = strlen(localname);
pcb->eap.es_client.ea_state = eapListen;
/*
* Start a timer so that if the other end just goes
* silent, we don't sit here waiting forever.
*/
if (pcb->settings.eap_req_time > 0)
TIMEOUT(eap_client_timeout, pcb,
pcb->settings.eap_req_time);
}
#if PPP_SERVER
/*
* Format a standard EAP Failure message and send it to the peer.
* (Server operation)
*/
static void eap_send_failure(ppp_pcb *pcb) {
struct pbuf *p;
u_char *outp;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_FAILURE, outp);
pcb->eap.es_server.ea_id++;
PUTCHAR(pcb->eap.es_server.ea_id, outp);
PUTSHORT(EAP_HEADERLEN, outp);
ppp_write(pcb, p);
pcb->eap.es_server.ea_state = eapBadAuth;
auth_peer_fail(pcb, PPP_EAP);
}
/*
* Format a standard EAP Success message and send it to the peer.
* (Server operation)
*/
static void eap_send_success(ppp_pcb *pcb) {
struct pbuf *p;
u_char *outp;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_SUCCESS, outp);
pcb->eap.es_server.ea_id++;
PUTCHAR(pcb->eap.es_server.ea_id, outp);
PUTSHORT(EAP_HEADERLEN, outp);
ppp_write(pcb, p);
auth_peer_success(pcb, PPP_EAP, 0,
pcb->eap.es_server.ea_peer, pcb->eap.es_server.ea_peerlen);
}
#endif /* PPP_SERVER */
#ifdef USE_SRP
/*
* Set DES key according to pseudonym-generating secret and current
* date.
*/
static bool
pncrypt_setkey(int timeoffs)
{
struct tm *tp;
char tbuf[9];
SHA1_CTX ctxt;
u_char dig[SHA_DIGESTSIZE];
time_t reftime;
if (pn_secret == NULL)
return (0);
reftime = time(NULL) + timeoffs;
tp = localtime(&reftime);
SHA1Init(&ctxt);
SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
SHA1Update(&ctxt, tbuf, strlen(tbuf));
SHA1Final(dig, &ctxt);
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
return (DesSetkey(dig));
}
static char base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
struct b64state {
u32_t bs_bits;
int bs_offs;
};
static int
b64enc(bs, inp, inlen, outp)
struct b64state *bs;
u_char *inp;
int inlen;
u_char *outp;
{
int outlen = 0;
while (inlen > 0) {
bs->bs_bits = (bs->bs_bits << 8) | *inp++;
inlen--;
bs->bs_offs += 8;
if (bs->bs_offs >= 24) {
*outp++ = base64[(bs->bs_bits >> 18) & 0x3F];
*outp++ = base64[(bs->bs_bits >> 12) & 0x3F];
*outp++ = base64[(bs->bs_bits >> 6) & 0x3F];
*outp++ = base64[bs->bs_bits & 0x3F];
outlen += 4;
bs->bs_offs = 0;
bs->bs_bits = 0;
}
}
return (outlen);
}
static int
b64flush(bs, outp)
struct b64state *bs;
u_char *outp;
{
int outlen = 0;
if (bs->bs_offs == 8) {
*outp++ = base64[(bs->bs_bits >> 2) & 0x3F];
*outp++ = base64[(bs->bs_bits << 4) & 0x3F];
outlen = 2;
} else if (bs->bs_offs == 16) {
*outp++ = base64[(bs->bs_bits >> 10) & 0x3F];
*outp++ = base64[(bs->bs_bits >> 4) & 0x3F];
*outp++ = base64[(bs->bs_bits << 2) & 0x3F];
outlen = 3;
}
bs->bs_offs = 0;
bs->bs_bits = 0;
return (outlen);
}
static int
b64dec(bs, inp, inlen, outp)
struct b64state *bs;
u_char *inp;
int inlen;
u_char *outp;
{
int outlen = 0;
char *cp;
while (inlen > 0) {
if ((cp = strchr(base64, *inp++)) == NULL)
break;
bs->bs_bits = (bs->bs_bits << 6) | (cp - base64);
inlen--;
bs->bs_offs += 6;
if (bs->bs_offs >= 8) {
*outp++ = bs->bs_bits >> (bs->bs_offs - 8);
outlen++;
bs->bs_offs -= 8;
}
}
return (outlen);
}
#endif /* USE_SRP */
#if PPP_SERVER
/*
* Assume that current waiting server state is complete and figure
* next state to use based on available authentication data. 'status'
* indicates if there was an error in handling the last query. It is
* 0 for success and non-zero for failure.
*/
static void eap_figure_next_state(ppp_pcb *pcb, int status) {
#ifdef USE_SRP
unsigned char secbuf[MAXSECRETLEN], clear[8], *sp, *dp;
struct t_pw tpw;
struct t_confent *tce, mytce;
char *cp, *cp2;
struct t_server *ts;
int id, i, plen, toffs;
u_char vals[2];
struct b64state bs;
#endif /* USE_SRP */
pcb->settings.eap_timeout_time = pcb->eap.es_savedtime;
switch (pcb->eap.es_server.ea_state) {
case eapBadAuth:
return;
case eapIdentify:
#ifdef USE_SRP
/* Discard any previous session. */
ts = (struct t_server *)pcb->eap.es_server.ea_session;
if (ts != NULL) {
t_serverclose(ts);
pcb->eap.es_server.ea_session = NULL;
pcb->eap.es_server.ea_skey = NULL;
}
#endif /* USE_SRP */
if (status != 0) {
pcb->eap.es_server.ea_state = eapBadAuth;
break;
}
#ifdef USE_SRP
/* If we've got a pseudonym, try to decode to real name. */
if (pcb->eap.es_server.ea_peerlen > SRP_PSEUDO_LEN &&
strncmp(pcb->eap.es_server.ea_peer, SRP_PSEUDO_ID,
SRP_PSEUDO_LEN) == 0 &&
(pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 <
sizeof (secbuf)) {
BZERO(&bs, sizeof (bs));
plen = b64dec(&bs,
pcb->eap.es_server.ea_peer + SRP_PSEUDO_LEN,
pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN,
secbuf);
toffs = 0;
for (i = 0; i < 5; i++) {
pncrypt_setkey(toffs);
toffs -= 86400;
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
if (!DesDecrypt(secbuf, clear)) {
ppp_dbglog("no DES here; cannot decode "
"pseudonym");
return;
}
id = *(unsigned char *)clear;
if (id + 1 <= plen && id + 9 > plen)
break;
}
if (plen % 8 == 0 && i < 5) {
/*
* Note that this is always shorter than the
* original stored string, so there's no need
* to realloc.
*/
if ((i = plen = *(unsigned char *)clear) > 7)
i = 7;
pcb->eap.es_server.ea_peerlen = plen;
dp = (unsigned char *)pcb->eap.es_server.ea_peer;
MEMCPY(dp, clear + 1, i);
plen -= i;
dp += i;
sp = secbuf + 8;
while (plen > 0) {
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
(void) DesDecrypt(sp, dp);
sp += 8;
dp += 8;
plen -= 8;
}
pcb->eap.es_server.ea_peer[
pcb->eap.es_server.ea_peerlen] = '\0';
ppp_dbglog("decoded pseudonym to \"%.*q\"",
pcb->eap.es_server.ea_peerlen,
pcb->eap.es_server.ea_peer);
} else {
ppp_dbglog("failed to decode real name");
/* Stay in eapIdentfy state; requery */
break;
}
}
/* Look up user in secrets database. */
if (get_srp_secret(pcb->eap.es_unit, pcb->eap.es_server.ea_peer,
pcb->eap.es_server.ea_name, (char *)secbuf, 1) != 0) {
/* Set up default in case SRP entry is bad */
pcb->eap.es_server.ea_state = eapMD5Chall;
/* Get t_confent based on index in srp-secrets */
id = strtol((char *)secbuf, &cp, 10);
if (*cp++ != ':' || id < 0)
break;
if (id == 0) {
mytce.index = 0;
mytce.modulus.data = (u_char *)wkmodulus;
mytce.modulus.len = sizeof (wkmodulus);
mytce.generator.data = (u_char *)"\002";
mytce.generator.len = 1;
tce = &mytce;
} else if ((tce = gettcid(id)) != NULL) {
/*
* Client will have to verify this modulus/
* generator combination, and that will take
* a while. Lengthen the timeout here.
*/
if (pcb->settings.eap_timeout_time > 0 &&
pcb->settings.eap_timeout_time < 30)
pcb->settings.eap_timeout_time = 30;
} else {
break;
}
if ((cp2 = strchr(cp, ':')) == NULL)
break;
*cp2++ = '\0';
tpw.pebuf.name = pcb->eap.es_server.ea_peer;
tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf,
cp);
tpw.pebuf.password.data = tpw.pwbuf;
tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf,
cp2);
tpw.pebuf.salt.data = tpw.saltbuf;
if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL)
break;
pcb->eap.es_server.ea_session = (void *)ts;
pcb->eap.es_server.ea_state = eapSRP1;
vals[0] = pcb->eap.es_server.ea_id + 1;
vals[1] = EAPT_SRP;
t_serveraddexdata(ts, vals, 2);
/* Generate B; must call before t_servergetkey() */
t_servergenexp(ts);
break;
}
#endif /* USE_SRP */
pcb->eap.es_server.ea_state = eapMD5Chall;
break;
case eapSRP1:
#ifdef USE_SRP
ts = (struct t_server *)pcb->eap.es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
pcb->eap.es_server.ea_session = NULL;
pcb->eap.es_server.ea_skey = NULL;
}
#endif /* USE_SRP */
if (status == 1) {
pcb->eap.es_server.ea_state = eapMD5Chall;
} else if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
pcb->eap.es_server.ea_state = eapBadAuth;
} else {
pcb->eap.es_server.ea_state = eapSRP2;
}
break;
case eapSRP2:
#ifdef USE_SRP
ts = (struct t_server *)pcb->eap.es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
pcb->eap.es_server.ea_session = NULL;
pcb->eap.es_server.ea_skey = NULL;
}
#endif /* USE_SRP */
if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
pcb->eap.es_server.ea_state = eapBadAuth;
} else {
pcb->eap.es_server.ea_state = eapSRP3;
}
break;
case eapSRP3:
case eapSRP4:
#ifdef USE_SRP
ts = (struct t_server *)pcb->eap.es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
pcb->eap.es_server.ea_session = NULL;
pcb->eap.es_server.ea_skey = NULL;
}
#endif /* USE_SRP */
if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
pcb->eap.es_server.ea_state = eapBadAuth;
} else {
pcb->eap.es_server.ea_state = eapOpen;
}
break;
case eapMD5Chall:
if (status != 0) {
pcb->eap.es_server.ea_state = eapBadAuth;
} else {
pcb->eap.es_server.ea_state = eapOpen;
}
break;
default:
pcb->eap.es_server.ea_state = eapBadAuth;
break;
}
if (pcb->eap.es_server.ea_state == eapBadAuth)
eap_send_failure(pcb);
}
/*
* Format an EAP Request message and send it to the peer. Message
* type depends on current state. (Server operation)
*/
static void eap_send_request(ppp_pcb *pcb) {
struct pbuf *p;
u_char *outp;
u_char *lenloc;
int outlen;
int len;
const char *str;
#ifdef USE_SRP
struct t_server *ts;
u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp;
int i, j;
struct b64state b64;
SHA1_CTX ctxt;
#endif /* USE_SRP */
/* Handle both initial auth and restart */
if (pcb->eap.es_server.ea_state < eapIdentify &&
pcb->eap.es_server.ea_state != eapInitial) {
pcb->eap.es_server.ea_state = eapIdentify;
#if PPP_REMOTENAME
if (pcb->settings.explicit_remote && pcb->remote_name) {
/*
* If we already know the peer's
* unauthenticated name, then there's no
* reason to ask. Go to next state instead.
*/
int len = (int)strlen(pcb->remote_name);
if (len > MAXNAMELEN) {
len = MAXNAMELEN;
}
MEMCPY(pcb->eap.es_server.ea_peer, pcb->remote_name, len);
pcb->eap.es_server.ea_peer[len] = '\0';
pcb->eap.es_server.ea_peerlen = len;
eap_figure_next_state(pcb, 0);
}
#endif /* PPP_REMOTENAME */
}
if (pcb->settings.eap_max_transmits > 0 &&
pcb->eap.es_server.ea_requests >= pcb->settings.eap_max_transmits) {
if (pcb->eap.es_server.ea_responses > 0)
ppp_error("EAP: too many Requests sent");
else
ppp_error("EAP: no response to Requests");
eap_send_failure(pcb);
return;
}
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_CTRL_PBUF_MAX_SIZE), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_REQUEST, outp);
PUTCHAR(pcb->eap.es_server.ea_id, outp);
lenloc = outp;
INCPTR(2, outp);
switch (pcb->eap.es_server.ea_state) {
case eapIdentify:
PUTCHAR(EAPT_IDENTITY, outp);
str = "Name";
len = strlen(str);
MEMCPY(outp, str, len);
INCPTR(len, outp);
break;
case eapMD5Chall:
PUTCHAR(EAPT_MD5CHAP, outp);
/*
* pick a random challenge length between
* EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH
*/
pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
PUTCHAR(pcb->eap.es_challen, outp);
magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
INCPTR(pcb->eap.es_challen, outp);
MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
INCPTR(pcb->eap.es_server.ea_namelen, outp);
break;
#ifdef USE_SRP
case eapSRP1:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CHALLENGE, outp);
PUTCHAR(pcb->eap.es_server.ea_namelen, outp);
MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
INCPTR(pcb->eap.es_server.ea_namelen, outp);
ts = (struct t_server *)pcb->eap.es_server.ea_session;
assert(ts != NULL);
PUTCHAR(ts->s.len, outp);
MEMCPY(outp, ts->s.data, ts->s.len);
INCPTR(ts->s.len, outp);
if (ts->g.len == 1 && ts->g.data[0] == 2) {
PUTCHAR(0, outp);
} else {
PUTCHAR(ts->g.len, outp);
MEMCPY(outp, ts->g.data, ts->g.len);
INCPTR(ts->g.len, outp);
}
if (ts->n.len != sizeof (wkmodulus) ||
BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) {
MEMCPY(outp, ts->n.data, ts->n.len);
INCPTR(ts->n.len, outp);
}
break;
case eapSRP2:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_SKEY, outp);
ts = (struct t_server *)pcb->eap.es_server.ea_session;
assert(ts != NULL);
MEMCPY(outp, ts->B.data, ts->B.len);
INCPTR(ts->B.len, outp);
break;
case eapSRP3:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_SVALIDATOR, outp);
PUTLONG(SRPVAL_EBIT, outp);
ts = (struct t_server *)pcb->eap.es_server.ea_session;
assert(ts != NULL);
MEMCPY(outp, t_serverresponse(ts), SHA_DIGESTSIZE);
INCPTR(SHA_DIGESTSIZE, outp);
if (pncrypt_setkey(0)) {
/* Generate pseudonym */
optr = outp;
cp = (unsigned char *)pcb->eap.es_server.ea_peer;
if ((j = i = pcb->eap.es_server.ea_peerlen) > 7)
j = 7;
clear[0] = i;
MEMCPY(clear + 1, cp, j);
i -= j;
cp += j;
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
if (!DesEncrypt(clear, cipher)) {
ppp_dbglog("no DES here; not generating pseudonym");
break;
}
BZERO(&b64, sizeof (b64));
outp++; /* space for pseudonym length */
outp += b64enc(&b64, cipher, 8, outp);
while (i >= 8) {
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
(void) DesEncrypt(cp, cipher);
outp += b64enc(&b64, cipher, 8, outp);
cp += 8;
i -= 8;
}
if (i > 0) {
MEMCPY(clear, cp, i);
cp += i;
magic_random_bytes(cp, 8-i);
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
(void) DesEncrypt(clear, cipher);
outp += b64enc(&b64, cipher, 8, outp);
}
outp += b64flush(&b64, outp);
/* Set length and pad out to next 20 octet boundary */
i = outp - optr - 1;
*optr = i;
i %= SHA_DIGESTSIZE;
if (i != 0) {
magic_random_bytes(outp, SHA_DIGESTSIZE-i);
INCPTR(SHA_DIGESTSIZE-i, outp);
}
/* Obscure the pseudonym with SHA1 hash */
SHA1Init(&ctxt);
SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
SESSION_KEY_LEN);
SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
pcb->eap.es_server.ea_peerlen);
while (optr < outp) {
SHA1Final(dig, &ctxt);
cp = dig;
while (cp < dig + SHA_DIGESTSIZE)
*optr++ ^= *cp++;
SHA1Init(&ctxt);
SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
SESSION_KEY_LEN);
SHA1Update(&ctxt, optr - SHA_DIGESTSIZE,
SHA_DIGESTSIZE);
}
}
break;
case eapSRP4:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_LWRECHALLENGE, outp);
pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
INCPTR(pcb->eap.es_challen, outp);
break;
#endif /* USE_SRP */
default:
return;
}
outlen = (outp - (unsigned char*)p->payload) - PPP_HDRLEN;
PUTSHORT(outlen, lenloc);
pbuf_realloc(p, outlen + PPP_HDRLEN);
ppp_write(pcb, p);
pcb->eap.es_server.ea_requests++;
if (pcb->settings.eap_timeout_time > 0)
TIMEOUT(eap_server_timeout, pcb, pcb->settings.eap_timeout_time);
}
/*
* eap_authpeer - Authenticate our peer (behave as server).
*
* Start server state and send first request. This is called only
* after eap_lowerup.
*/
void eap_authpeer(ppp_pcb *pcb, const char *localname) {
/* Save the name we're given. */
pcb->eap.es_server.ea_name = localname;
pcb->eap.es_server.ea_namelen = strlen(localname);
pcb->eap.es_savedtime = pcb->settings.eap_timeout_time;
/* Lower layer up yet? */
if (pcb->eap.es_server.ea_state == eapInitial ||
pcb->eap.es_server.ea_state == eapPending) {
pcb->eap.es_server.ea_state = eapPending;
return;
}
pcb->eap.es_server.ea_state = eapPending;
/* ID number not updated here intentionally; hashed into M1 */
eap_send_request(pcb);
}
/*
* eap_server_timeout - Retransmission timer for sending Requests
* expired.
*/
static void eap_server_timeout(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (!eap_server_active(pcb))
return;
/* EAP ID number must not change on timeout. */
eap_send_request(pcb);
}
/*
* When it's time to send rechallenge the peer, this timeout is
* called. Once the rechallenge is successful, the response handler
* will restart the timer. If it fails, then the link is dropped.
*/
static void eap_rechallenge(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (pcb->eap.es_server.ea_state != eapOpen &&
pcb->eap.es_server.ea_state != eapSRP4)
return;
pcb->eap.es_server.ea_requests = 0;
pcb->eap.es_server.ea_state = eapIdentify;
eap_figure_next_state(pcb, 0);
pcb->eap.es_server.ea_id++;
eap_send_request(pcb);
}
static void srp_lwrechallenge(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (pcb->eap.es_server.ea_state != eapOpen ||
pcb->eap.es_server.ea_type != EAPT_SRP)
return;
pcb->eap.es_server.ea_requests = 0;
pcb->eap.es_server.ea_state = eapSRP4;
pcb->eap.es_server.ea_id++;
eap_send_request(pcb);
}
#endif /* PPP_SERVER */
/*
* eap_lowerup - The lower layer is now up.
*
* This is called before either eap_authpeer or eap_authwithpeer. See
* link_established() in auth.c. All that's necessary here is to
* return to closed state so that those two routines will do the right
* thing.
*/
static void eap_lowerup(ppp_pcb *pcb) {
pcb->eap.es_client.ea_state = eapClosed;
#if PPP_SERVER
pcb->eap.es_server.ea_state = eapClosed;
#endif /* PPP_SERVER */
}
/*
* eap_lowerdown - The lower layer is now down.
*
* Cancel all timeouts and return to initial state.
*/
static void eap_lowerdown(ppp_pcb *pcb) {
if (eap_client_active(pcb) && pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, pcb);
}
#if PPP_SERVER
if (eap_server_active(pcb)) {
if (pcb->settings.eap_timeout_time > 0) {
UNTIMEOUT(eap_server_timeout, pcb);
}
} else {
if ((pcb->eap.es_server.ea_state == eapOpen ||
pcb->eap.es_server.ea_state == eapSRP4) &&
pcb->eap.es_rechallenge > 0) {
UNTIMEOUT(eap_rechallenge, (void *)pcb);
}
if (pcb->eap.es_server.ea_state == eapOpen &&
pcb->eap.es_lwrechallenge > 0) {
UNTIMEOUT(srp_lwrechallenge, (void *)pcb);
}
}
pcb->eap.es_client.ea_state = pcb->eap.es_server.ea_state = eapInitial;
pcb->eap.es_client.ea_requests = pcb->eap.es_server.ea_requests = 0;
#endif /* PPP_SERVER */
}
/*
* eap_protrej - Peer doesn't speak this protocol.
*
* This shouldn't happen. If it does, it represents authentication
* failure.
*/
static void eap_protrej(ppp_pcb *pcb) {
if (eap_client_active(pcb)) {
ppp_error("EAP authentication failed due to Protocol-Reject");
auth_withpeer_fail(pcb, PPP_EAP);
}
#if PPP_SERVER
if (eap_server_active(pcb)) {
ppp_error("EAP authentication of peer failed on Protocol-Reject");
auth_peer_fail(pcb, PPP_EAP);
}
#endif /* PPP_SERVER */
eap_lowerdown(pcb);
}
/*
* Format and send a regular EAP Response message.
*/
static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, const u_char *str, int lenstr) {
struct pbuf *p;
u_char *outp;
int msglen;
msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
pcb->eap.es_client.ea_id = id;
PUTSHORT(msglen, outp);
PUTCHAR(typenum, outp);
if (lenstr > 0) {
MEMCPY(outp, str, lenstr);
}
ppp_write(pcb, p);
}
/*
* Format and send an MD5-Challenge EAP Response message.
*/
static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, const char *name, int namelen) {
struct pbuf *p;
u_char *outp;
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
namelen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
pcb->eap.es_client.ea_id = id;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_MD5CHAP, outp);
PUTCHAR(MD5_SIGNATURE_SIZE, outp);
MEMCPY(outp, hash, MD5_SIGNATURE_SIZE);
INCPTR(MD5_SIGNATURE_SIZE, outp);
if (namelen > 0) {
MEMCPY(outp, name, namelen);
}
ppp_write(pcb, p);
}
#ifdef USE_SRP
/*
* Format and send a SRP EAP Response message.
*/
static void
eap_srp_response(esp, id, subtypenum, str, lenstr)
eap_state *esp;
u_char id;
u_char subtypenum;
u_char *str;
int lenstr;
{
ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
struct pbuf *p;
u_char *outp;
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
pcb->eap.es_client.ea_id = id;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(subtypenum, outp);
if (lenstr > 0) {
MEMCPY(outp, str, lenstr);
}
ppp_write(pcb, p);
}
/*
* Format and send a SRP EAP Client Validator Response message.
*/
static void
eap_srpval_response(esp, id, flags, str)
eap_state *esp;
u_char id;
u32_t flags;
u_char *str;
{
ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
struct pbuf *p;
u_char *outp;
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u32_t) +
SHA_DIGESTSIZE;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
pcb->eap.es_client.ea_id = id;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CVALIDATOR, outp);
PUTLONG(flags, outp);
MEMCPY(outp, str, SHA_DIGESTSIZE);
ppp_write(pcb, p);
}
#endif /* USE_SRP */
static void eap_send_nak(ppp_pcb *pcb, u_char id, u_char type) {
struct pbuf *p;
u_char *outp;
int msglen;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char);
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
pcb->eap.es_client.ea_id = id;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_NAK, outp);
PUTCHAR(type, outp);
ppp_write(pcb, p);
}
#ifdef USE_SRP
static char *
name_of_pn_file()
{
char *user, *path, *file;
struct passwd *pw;
size_t pl;
static bool pnlogged = 0;
pw = getpwuid(getuid());
if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) {
errno = EINVAL;
return (NULL);
}
file = _PATH_PSEUDONYM;
pl = strlen(user) + strlen(file) + 2;
path = malloc(pl);
if (path == NULL)
return (NULL);
(void) slprintf(path, pl, "%s/%s", user, file);
if (!pnlogged) {
ppp_dbglog("pseudonym file: %s", path);
pnlogged = 1;
}
return (path);
}
static int
open_pn_file(modebits)
mode_t modebits;
{
char *path;
int fd, err;
if ((path = name_of_pn_file()) == NULL)
return (-1);
fd = open(path, modebits, S_IRUSR | S_IWUSR);
err = errno;
free(path);
errno = err;
return (fd);
}
static void
remove_pn_file()
{
char *path;
if ((path = name_of_pn_file()) != NULL) {
(void) unlink(path);
(void) free(path);
}
}
static void
write_pseudonym(esp, inp, len, id)
eap_state *esp;
u_char *inp;
int len, id;
{
u_char val;
u_char *datp, *digp;
SHA1_CTX ctxt;
u_char dig[SHA_DIGESTSIZE];
int dsize, fd, olen = len;
/*
* Do the decoding by working backwards. This eliminates the need
* to save the decoded output in a separate buffer.
*/
val = id;
while (len > 0) {
if ((dsize = len % SHA_DIGESTSIZE) == 0)
dsize = SHA_DIGESTSIZE;
len -= dsize;
datp = inp + len;
SHA1Init(&ctxt);
SHA1Update(&ctxt, &val, 1);
SHA1Update(&ctxt, pcb->eap.es_client.ea_skey, SESSION_KEY_LEN);
if (len > 0) {
SHA1Update(&ctxt, datp, SHA_DIGESTSIZE);
} else {
SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_namelen);
}
SHA1Final(dig, &ctxt);
for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++)
*datp++ ^= *digp;
}
/* Now check that the result is sane */
if (olen <= 0 || *inp + 1 > olen) {
ppp_dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp);
return;
}
/* Save it away */
fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC);
if (fd < 0) {
ppp_dbglog("EAP: error saving pseudonym: %m");
return;
}
len = write(fd, inp + 1, *inp);
if (close(fd) != -1 && len == *inp) {
ppp_dbglog("EAP: saved pseudonym");
pcb->eap.es_usedpseudo = 0;
} else {
ppp_dbglog("EAP: failed to save pseudonym");
remove_pn_file();
}
}
#endif /* USE_SRP */
/*
* eap_request - Receive EAP Request message (client mode).
*/
static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) {
u_char typenum;
u_char vallen;
int secret_len;
char secret[MAXSECRETLEN];
char rhostname[MAXNAMELEN];
md5_context mdContext;
u_char hash[MD5_SIGNATURE_SIZE];
#ifdef USE_SRP
struct t_client *tc;
struct t_num sval, gval, Nval, *Ap, Bval;
u_char vals[2];
SHA1_CTX ctxt;
u_char dig[SHA_DIGESTSIZE];
int fd;
#endif /* USE_SRP */
/*
* Note: we update es_client.ea_id *only if* a Response
* message is being generated. Otherwise, we leave it the
* same for duplicate detection purposes.
*/
pcb->eap.es_client.ea_requests++;
if (pcb->settings.eap_allow_req != 0 &&
pcb->eap.es_client.ea_requests > pcb->settings.eap_allow_req) {
ppp_info("EAP: received too many Request messages");
if (pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, pcb);
}
auth_withpeer_fail(pcb, PPP_EAP);
return;
}
if (len <= 0) {
ppp_error("EAP: empty Request message discarded");
return;
}
GETCHAR(typenum, inp);
len--;
switch (typenum) {
case EAPT_IDENTITY:
if (len > 0)
ppp_info("EAP: Identity prompt \"%.*q\"", len, inp);
#ifdef USE_SRP
if (pcb->eap.es_usepseudo &&
(pcb->eap.es_usedpseudo == 0 ||
(pcb->eap.es_usedpseudo == 1 &&
id == pcb->eap.es_client.ea_id))) {
pcb->eap.es_usedpseudo = 1;
/* Try to get a pseudonym */
if ((fd = open_pn_file(O_RDONLY)) >= 0) {
strcpy(rhostname, SRP_PSEUDO_ID);
len = read(fd, rhostname + SRP_PSEUDO_LEN,
sizeof (rhostname) - SRP_PSEUDO_LEN);
/* XXX NAI unsupported */
if (len > 0) {
eap_send_response(pcb, id, typenum,
rhostname, len + SRP_PSEUDO_LEN);
}
(void) close(fd);
if (len > 0)
break;
}
}
/* Stop using pseudonym now. */
if (pcb->eap.es_usepseudo && pcb->eap.es_usedpseudo != 2) {
remove_pn_file();
pcb->eap.es_usedpseudo = 2;
}
#endif /* USE_SRP */
eap_send_response(pcb, id, typenum, (const u_char*)pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_namelen);
break;
case EAPT_NOTIFICATION:
if (len > 0)
ppp_info("EAP: Notification \"%.*q\"", len, inp);
eap_send_response(pcb, id, typenum, NULL, 0);
break;
case EAPT_NAK:
/*
* Avoid the temptation to send Response Nak in reply
* to Request Nak here. It can only lead to trouble.
*/
ppp_warn("EAP: unexpected Nak in Request; ignored");
/* Return because we're waiting for something real. */
return;
case EAPT_MD5CHAP:
if (len < 1) {
ppp_error("EAP: received MD5-Challenge with no data");
/* Bogus request; wait for something real. */
return;
}
GETCHAR(vallen, inp);
len--;
if (vallen < 8 || vallen > len) {
ppp_error("EAP: MD5-Challenge with bad length %d (8..%d)",
vallen, len);
/* Try something better. */
eap_send_nak(pcb, id, EAPT_SRP);
break;
}
/* Not so likely to happen. */
if (vallen >= len + sizeof (rhostname)) {
ppp_dbglog("EAP: trimming really long peer name down");
MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
} else {
MEMCPY(rhostname, inp + vallen, len - vallen);
rhostname[len - vallen] = '\0';
}
#if PPP_REMOTENAME
/* In case the remote doesn't give us his name. */
if (pcb->settings.explicit_remote ||
(pcb->settings.remote_name[0] != '\0' && vallen == len))
strlcpy(rhostname, pcb->settings.remote_name, sizeof (rhostname));
#endif /* PPP_REMOTENAME */
/*
* Get the secret for authenticating ourselves with
* the specified host.
*/
if (!get_secret(pcb, pcb->eap.es_client.ea_name,
rhostname, secret, &secret_len, 0)) {
ppp_dbglog("EAP: no MD5 secret for auth to %q", rhostname);
eap_send_nak(pcb, id, EAPT_SRP);
break;
}
md5_starts(&mdContext);
typenum = id;
md5_update(&mdContext, &typenum, 1);
md5_update(&mdContext, (u_char *)secret, secret_len);
BZERO(secret, sizeof (secret));
md5_update(&mdContext, inp, vallen);
md5_finish(&mdContext, hash);
eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_namelen);
break;
#ifdef USE_SRP
case EAPT_SRP:
if (len < 1) {
ppp_error("EAP: received empty SRP Request");
/* Bogus request; wait for something real. */
return;
}
/* Get subtype */
GETCHAR(vallen, inp);
len--;
switch (vallen) {
case EAPSRP_CHALLENGE:
tc = NULL;
if (pcb->eap.es_client.ea_session != NULL) {
tc = (struct t_client *)pcb->eap.es_client.
ea_session;
/*
* If this is a new challenge, then start
* over with a new client session context.
* Otherwise, just resend last response.
*/
if (id != pcb->eap.es_client.ea_id) {
t_clientclose(tc);
pcb->eap.es_client.ea_session = NULL;
tc = NULL;
}
}
/* No session key just yet */
pcb->eap.es_client.ea_skey = NULL;
if (tc == NULL) {
int rhostnamelen;
GETCHAR(vallen, inp);
len--;
if (vallen >= len) {
ppp_error("EAP: badly-formed SRP Challenge"
" (name)");
/* Ignore badly-formed messages */
return;
}
MEMCPY(rhostname, inp, vallen);
rhostname[vallen] = '\0';
INCPTR(vallen, inp);
len -= vallen;
/*
* In case the remote doesn't give us his name,
* use configured name.
*/
if (explicit_remote ||
(remote_name[0] != '\0' && vallen == 0)) {
strlcpy(rhostname, remote_name,
sizeof (rhostname));
}
rhostnamelen = (int)strlen(rhostname);
if (rhostnamelen > MAXNAMELEN) {
rhostnamelen = MAXNAMELEN;
}
MEMCPY(pcb->eap.es_client.ea_peer, rhostname, rhostnamelen);
pcb->eap.es_client.ea_peer[rhostnamelen] = '\0';
pcb->eap.es_client.ea_peerlen = rhostnamelen;
GETCHAR(vallen, inp);
len--;
if (vallen >= len) {
ppp_error("EAP: badly-formed SRP Challenge"
" (s)");
/* Ignore badly-formed messages */
return;
}
sval.data = inp;
sval.len = vallen;
INCPTR(vallen, inp);
len -= vallen;
GETCHAR(vallen, inp);
len--;
if (vallen > len) {
ppp_error("EAP: badly-formed SRP Challenge"
" (g)");
/* Ignore badly-formed messages */
return;
}
/* If no generator present, then use value 2 */
if (vallen == 0) {
gval.data = (u_char *)"\002";
gval.len = 1;
} else {
gval.data = inp;
gval.len = vallen;
}
INCPTR(vallen, inp);
len -= vallen;
/*
* If no modulus present, then use well-known
* value.
*/
if (len == 0) {
Nval.data = (u_char *)wkmodulus;
Nval.len = sizeof (wkmodulus);
} else {
Nval.data = inp;
Nval.len = len;
}
tc = t_clientopen(pcb->eap.es_client.ea_name,
&Nval, &gval, &sval);
if (tc == NULL) {
eap_send_nak(pcb, id, EAPT_MD5CHAP);
break;
}
pcb->eap.es_client.ea_session = (void *)tc;
/* Add Challenge ID & type to verifier */
vals[0] = id;
vals[1] = EAPT_SRP;
t_clientaddexdata(tc, vals, 2);
}
Ap = t_clientgenexp(tc);
eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data,
Ap->len);
break;
case EAPSRP_SKEY:
tc = (struct t_client *)pcb->eap.es_client.ea_session;
if (tc == NULL) {
ppp_warn("EAP: peer sent Subtype 2 without 1");
eap_send_nak(pcb, id, EAPT_MD5CHAP);
break;
}
if (pcb->eap.es_client.ea_skey != NULL) {
/*
* ID number should not change here. Warn
* if it does (but otherwise ignore).
*/
if (id != pcb->eap.es_client.ea_id) {
ppp_warn("EAP: ID changed from %d to %d "
"in SRP Subtype 2 rexmit",
pcb->eap.es_client.ea_id, id);
}
} else {
if (get_srp_secret(pcb->eap.es_unit,
pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_peer, secret, 0) == 0) {
/*
* Can't work with this peer because
* the secret is missing. Just give
* up.
*/
eap_send_nak(pcb, id, EAPT_MD5CHAP);
break;
}
Bval.data = inp;
Bval.len = len;
t_clientpasswd(tc, secret);
BZERO(secret, sizeof (secret));
pcb->eap.es_client.ea_skey =
t_clientgetkey(tc, &Bval);
if (pcb->eap.es_client.ea_skey == NULL) {
/* Server is rogue; stop now */
ppp_error("EAP: SRP server is rogue");
goto client_failure;
}
}
eap_srpval_response(esp, id, SRPVAL_EBIT,
t_clientresponse(tc));
break;
case EAPSRP_SVALIDATOR:
tc = (struct t_client *)pcb->eap.es_client.ea_session;
if (tc == NULL || pcb->eap.es_client.ea_skey == NULL) {
ppp_warn("EAP: peer sent Subtype 3 without 1/2");
eap_send_nak(pcb, id, EAPT_MD5CHAP);
break;
}
/*
* If we're already open, then this ought to be a
* duplicate. Otherwise, check that the server is
* who we think it is.
*/
if (pcb->eap.es_client.ea_state == eapOpen) {
if (id != pcb->eap.es_client.ea_id) {
ppp_warn("EAP: ID changed from %d to %d "
"in SRP Subtype 3 rexmit",
pcb->eap.es_client.ea_id, id);
}
} else {
len -= sizeof (u32_t) + SHA_DIGESTSIZE;
if (len < 0 || t_clientverify(tc, inp +
sizeof (u32_t)) != 0) {
ppp_error("EAP: SRP server verification "
"failed");
goto client_failure;
}
GETLONG(pcb->eap.es_client.ea_keyflags, inp);
/* Save pseudonym if user wants it. */
if (len > 0 && pcb->eap.es_usepseudo) {
INCPTR(SHA_DIGESTSIZE, inp);
write_pseudonym(esp, inp, len, id);
}
}
/*
* We've verified our peer. We're now mostly done,
* except for waiting on the regular EAP Success
* message.
*/
eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0);
break;
case EAPSRP_LWRECHALLENGE:
if (len < 4) {
ppp_warn("EAP: malformed Lightweight rechallenge");
return;
}
SHA1Init(&ctxt);
vals[0] = id;
SHA1Update(&ctxt, vals, 1);
SHA1Update(&ctxt, pcb->eap.es_client.ea_skey,
SESSION_KEY_LEN);
SHA1Update(&ctxt, inp, len);
SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
pcb->eap.es_client.ea_namelen);
SHA1Final(dig, &ctxt);
eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
SHA_DIGESTSIZE);
break;
default:
ppp_error("EAP: unknown SRP Subtype %d", vallen);
eap_send_nak(pcb, id, EAPT_MD5CHAP);
break;
}
break;
#endif /* USE_SRP */
default:
ppp_info("EAP: unknown authentication type %d; Naking", typenum);
eap_send_nak(pcb, id, EAPT_SRP);
break;
}
if (pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, pcb);
TIMEOUT(eap_client_timeout, pcb,
pcb->settings.eap_req_time);
}
return;
#ifdef USE_SRP
client_failure:
pcb->eap.es_client.ea_state = eapBadAuth;
if (pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, (void *)esp);
}
pcb->eap.es_client.ea_session = NULL;
t_clientclose(tc);
auth_withpeer_fail(pcb, PPP_EAP);
#endif /* USE_SRP */
}
#if PPP_SERVER
/*
* eap_response - Receive EAP Response message (server mode).
*/
static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) {
u_char typenum;
u_char vallen;
int secret_len;
char secret[MAXSECRETLEN];
char rhostname[MAXNAMELEN];
md5_context mdContext;
u_char hash[MD5_SIGNATURE_SIZE];
#ifdef USE_SRP
struct t_server *ts;
struct t_num A;
SHA1_CTX ctxt;
u_char dig[SHA_DIGESTSIZE];
#endif /* USE_SRP */
if (pcb->eap.es_server.ea_id != id) {
ppp_dbglog("EAP: discarding Response %d; expected ID %d", id,
pcb->eap.es_server.ea_id);
return;
}
pcb->eap.es_server.ea_responses++;
if (len <= 0) {
ppp_error("EAP: empty Response message discarded");
return;
}
GETCHAR(typenum, inp);
len--;
switch (typenum) {
case EAPT_IDENTITY:
if (pcb->eap.es_server.ea_state != eapIdentify) {
ppp_dbglog("EAP discarding unwanted Identify \"%.q\"", len,
inp);
break;
}
ppp_info("EAP: unauthenticated peer name \"%.*q\"", len, inp);
if (len > MAXNAMELEN) {
len = MAXNAMELEN;
}
MEMCPY(pcb->eap.es_server.ea_peer, inp, len);
pcb->eap.es_server.ea_peer[len] = '\0';
pcb->eap.es_server.ea_peerlen = len;
eap_figure_next_state(pcb, 0);
break;
case EAPT_NOTIFICATION:
ppp_dbglog("EAP unexpected Notification; response discarded");
break;
case EAPT_NAK:
if (len < 1) {
ppp_info("EAP: Nak Response with no suggested protocol");
eap_figure_next_state(pcb, 1);
break;
}
GETCHAR(vallen, inp);
len--;
if (
#if PPP_REMOTENAME
!pcb->explicit_remote &&
#endif /* PPP_REMOTENAME */
pcb->eap.es_server.ea_state == eapIdentify){
/* Peer cannot Nak Identify Request */
eap_figure_next_state(pcb, 1);
break;
}
switch (vallen) {
case EAPT_SRP:
/* Run through SRP validator selection again. */
pcb->eap.es_server.ea_state = eapIdentify;
eap_figure_next_state(pcb, 0);
break;
case EAPT_MD5CHAP:
pcb->eap.es_server.ea_state = eapMD5Chall;
break;
default:
ppp_dbglog("EAP: peer requesting unknown Type %d", vallen);
switch (pcb->eap.es_server.ea_state) {
case eapSRP1:
case eapSRP2:
case eapSRP3:
pcb->eap.es_server.ea_state = eapMD5Chall;
break;
case eapMD5Chall:
case eapSRP4:
pcb->eap.es_server.ea_state = eapIdentify;
eap_figure_next_state(pcb, 0);
break;
default:
break;
}
break;
}
break;
case EAPT_MD5CHAP:
if (pcb->eap.es_server.ea_state != eapMD5Chall) {
ppp_error("EAP: unexpected MD5-Response");
eap_figure_next_state(pcb, 1);
break;
}
if (len < 1) {
ppp_error("EAP: received MD5-Response with no data");
eap_figure_next_state(pcb, 1);
break;
}
GETCHAR(vallen, inp);
len--;
if (vallen != 16 || vallen > len) {
ppp_error("EAP: MD5-Response with bad length %d", vallen);
eap_figure_next_state(pcb, 1);
break;
}
/* Not so likely to happen. */
if (vallen >= len + sizeof (rhostname)) {
ppp_dbglog("EAP: trimming really long peer name down");
MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
} else {
MEMCPY(rhostname, inp + vallen, len - vallen);
rhostname[len - vallen] = '\0';
}
#if PPP_REMOTENAME
/* In case the remote doesn't give us his name. */
if (explicit_remote ||
(remote_name[0] != '\0' && vallen == len))
strlcpy(rhostname, remote_name, sizeof (rhostname));
#endif /* PPP_REMOTENAME */
/*
* Get the secret for authenticating the specified
* host.
*/
if (!get_secret(pcb, rhostname,
pcb->eap.es_server.ea_name, secret, &secret_len, 1)) {
ppp_dbglog("EAP: no MD5 secret for auth of %q", rhostname);
eap_send_failure(pcb);
break;
}
md5_starts(&mdContext);
md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1);
md5_update(&mdContext, (u_char *)secret, secret_len);
BZERO(secret, sizeof (secret));
md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen);
md5_finish(&mdContext, hash);
if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
eap_send_failure(pcb);
break;
}
pcb->eap.es_server.ea_type = EAPT_MD5CHAP;
eap_send_success(pcb);
eap_figure_next_state(pcb, 0);
if (pcb->eap.es_rechallenge != 0)
TIMEOUT(eap_rechallenge, pcb, pcb->eap.es_rechallenge);
break;
#ifdef USE_SRP
case EAPT_SRP:
if (len < 1) {
ppp_error("EAP: empty SRP Response");
eap_figure_next_state(pcb, 1);
break;
}
GETCHAR(typenum, inp);
len--;
switch (typenum) {
case EAPSRP_CKEY:
if (pcb->eap.es_server.ea_state != eapSRP1) {
ppp_error("EAP: unexpected SRP Subtype 1 Response");
eap_figure_next_state(pcb, 1);
break;
}
A.data = inp;
A.len = len;
ts = (struct t_server *)pcb->eap.es_server.ea_session;
assert(ts != NULL);
pcb->eap.es_server.ea_skey = t_servergetkey(ts, &A);
if (pcb->eap.es_server.ea_skey == NULL) {
/* Client's A value is bogus; terminate now */
ppp_error("EAP: bogus A value from client");
eap_send_failure(pcb);
} else {
eap_figure_next_state(pcb, 0);
}
break;
case EAPSRP_CVALIDATOR:
if (pcb->eap.es_server.ea_state != eapSRP2) {
ppp_error("EAP: unexpected SRP Subtype 2 Response");
eap_figure_next_state(pcb, 1);
break;
}
if (len < sizeof (u32_t) + SHA_DIGESTSIZE) {
ppp_error("EAP: M1 length %d < %d", len,
sizeof (u32_t) + SHA_DIGESTSIZE);
eap_figure_next_state(pcb, 1);
break;
}
GETLONG(pcb->eap.es_server.ea_keyflags, inp);
ts = (struct t_server *)pcb->eap.es_server.ea_session;
assert(ts != NULL);
if (t_serververify(ts, inp)) {
ppp_info("EAP: unable to validate client identity");
eap_send_failure(pcb);
break;
}
eap_figure_next_state(pcb, 0);
break;
case EAPSRP_ACK:
if (pcb->eap.es_server.ea_state != eapSRP3) {
ppp_error("EAP: unexpected SRP Subtype 3 Response");
eap_send_failure(esp);
break;
}
pcb->eap.es_server.ea_type = EAPT_SRP;
eap_send_success(pcb, esp);
eap_figure_next_state(pcb, 0);
if (pcb->eap.es_rechallenge != 0)
TIMEOUT(eap_rechallenge, pcb,
pcb->eap.es_rechallenge);
if (pcb->eap.es_lwrechallenge != 0)
TIMEOUT(srp_lwrechallenge, pcb,
pcb->eap.es_lwrechallenge);
break;
case EAPSRP_LWRECHALLENGE:
if (pcb->eap.es_server.ea_state != eapSRP4) {
ppp_info("EAP: unexpected SRP Subtype 4 Response");
return;
}
if (len != SHA_DIGESTSIZE) {
ppp_error("EAP: bad Lightweight rechallenge "
"response");
return;
}
SHA1Init(&ctxt);
vallen = id;
SHA1Update(&ctxt, &vallen, 1);
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
SESSION_KEY_LEN);
SHA1Update(&ctxt, pcb->eap.es_challenge, pcb->eap.es_challen);
SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
pcb->eap.es_server.ea_peerlen);
SHA1Final(dig, &ctxt);
if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) {
ppp_error("EAP: failed Lightweight rechallenge");
eap_send_failure(pcb);
break;
}
pcb->eap.es_server.ea_state = eapOpen;
if (pcb->eap.es_lwrechallenge != 0)
TIMEOUT(srp_lwrechallenge, esp,
pcb->eap.es_lwrechallenge);
break;
}
break;
#endif /* USE_SRP */
default:
/* This can't happen. */
ppp_error("EAP: unknown Response type %d; ignored", typenum);
return;
}
if (pcb->settings.eap_timeout_time > 0) {
UNTIMEOUT(eap_server_timeout, pcb);
}
if (pcb->eap.es_server.ea_state != eapBadAuth &&
pcb->eap.es_server.ea_state != eapOpen) {
pcb->eap.es_server.ea_id++;
eap_send_request(pcb);
}
}
#endif /* PPP_SERVER */
/*
* eap_success - Receive EAP Success message (client mode).
*/
static void eap_success(ppp_pcb *pcb, u_char *inp, int id, int len) {
LWIP_UNUSED_ARG(id);
if (pcb->eap.es_client.ea_state != eapOpen && !eap_client_active(pcb)) {
ppp_dbglog("EAP unexpected success message in state %s (%d)",
eap_state_name(pcb->eap.es_client.ea_state),
pcb->eap.es_client.ea_state);
return;
}
if (pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, pcb);
}
if (len > 0) {
/* This is odd. The spec doesn't allow for this. */
PRINTMSG(inp, len);
}
pcb->eap.es_client.ea_state = eapOpen;
auth_withpeer_success(pcb, PPP_EAP, 0);
}
/*
* eap_failure - Receive EAP Failure message (client mode).
*/
static void eap_failure(ppp_pcb *pcb, u_char *inp, int id, int len) {
LWIP_UNUSED_ARG(id);
if (!eap_client_active(pcb)) {
ppp_dbglog("EAP unexpected failure message in state %s (%d)",
eap_state_name(pcb->eap.es_client.ea_state),
pcb->eap.es_client.ea_state);
}
if (pcb->settings.eap_req_time > 0) {
UNTIMEOUT(eap_client_timeout, pcb);
}
if (len > 0) {
/* This is odd. The spec doesn't allow for this. */
PRINTMSG(inp, len);
}
pcb->eap.es_client.ea_state = eapBadAuth;
ppp_error("EAP: peer reports authentication failure");
auth_withpeer_fail(pcb, PPP_EAP);
}
/*
* eap_input - Handle received EAP message.
*/
static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen) {
u_char code, id;
int len;
/*
* Parse header (code, id and length). If packet too short,
* drop it.
*/
if (inlen < EAP_HEADERLEN) {
ppp_error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN);
return;
}
GETCHAR(code, inp);
GETCHAR(id, inp);
GETSHORT(len, inp);
if (len < EAP_HEADERLEN || len > inlen) {
ppp_error("EAP: packet has illegal length field %d (%d..%d)", len,
EAP_HEADERLEN, inlen);
return;
}
len -= EAP_HEADERLEN;
/* Dispatch based on message code */
switch (code) {
case EAP_REQUEST:
eap_request(pcb, inp, id, len);
break;
#if PPP_SERVER
case EAP_RESPONSE:
eap_response(pcb, inp, id, len);
break;
#endif /* PPP_SERVER */
case EAP_SUCCESS:
eap_success(pcb, inp, id, len);
break;
case EAP_FAILURE:
eap_failure(pcb, inp, id, len);
break;
default: /* XXX Need code reject */
/* Note: it's not legal to send EAP Nak here. */
ppp_warn("EAP: unknown code %d received", code);
break;
}
}
#if PRINTPKT_SUPPORT
/*
* eap_printpkt - print the contents of an EAP packet.
*/
static const char* const eap_codenames[] = {
"Request", "Response", "Success", "Failure"
};
static const char* const eap_typenames[] = {
"Identity", "Notification", "Nak", "MD5-Challenge",
"OTP", "Generic-Token", NULL, NULL,
"RSA", "DSS", "KEA", "KEA-Validate",
"TLS", "Defender", "Windows 2000", "Arcot",
"Cisco", "Nokia", "SRP"
};
static int eap_printpkt(const u_char *inp, int inlen, void (*printer) (void *, const char *, ...), void *arg) {
int code, id, len, rtype, vallen;
const u_char *pstart;
u32_t uval;
if (inlen < EAP_HEADERLEN)
return (0);
pstart = inp;
GETCHAR(code, inp);
GETCHAR(id, inp);
GETSHORT(len, inp);
if (len < EAP_HEADERLEN || len > inlen)
return (0);
if (code >= 1 && code <= (int)sizeof(eap_codenames) / (int)sizeof(char *))
printer(arg, " %s", eap_codenames[code-1]);
else
printer(arg, " code=0x%x", code);
printer(arg, " id=0x%x", id);
len -= EAP_HEADERLEN;
switch (code) {
case EAP_REQUEST:
if (len < 1) {
printer(arg, " <missing type>");
break;
}
GETCHAR(rtype, inp);
len--;
if (rtype >= 1 &&
rtype <= (int)sizeof (eap_typenames) / (int)sizeof (char *))
printer(arg, " %s", eap_typenames[rtype-1]);
else
printer(arg, " type=0x%x", rtype);
switch (rtype) {
case EAPT_IDENTITY:
case EAPT_NOTIFICATION:
if (len > 0) {
printer(arg, " <Message ");
ppp_print_string(inp, len, printer, arg);
printer(arg, ">");
INCPTR(len, inp);
len = 0;
} else {
printer(arg, " <No message>");
}
break;
case EAPT_MD5CHAP:
if (len <= 0)
break;
GETCHAR(vallen, inp);
len--;
if (vallen > len)
goto truncated;
printer(arg, " <Value%.*B>", vallen, inp);
INCPTR(vallen, inp);
len -= vallen;
if (len > 0) {
printer(arg, " <Name ");
ppp_print_string(inp, len, printer, arg);
printer(arg, ">");
INCPTR(len, inp);
len = 0;
} else {
printer(arg, " <No name>");
}
break;
case EAPT_SRP:
if (len < 3)
goto truncated;
GETCHAR(vallen, inp);
len--;
printer(arg, "-%d", vallen);
switch (vallen) {
case EAPSRP_CHALLENGE:
GETCHAR(vallen, inp);
len--;
if (vallen >= len)
goto truncated;
if (vallen > 0) {
printer(arg, " <Name ");
ppp_print_string(inp, vallen, printer,
arg);
printer(arg, ">");
} else {
printer(arg, " <No name>");
}
INCPTR(vallen, inp);
len -= vallen;
GETCHAR(vallen, inp);
len--;
if (vallen >= len)
goto truncated;
printer(arg, " <s%.*B>", vallen, inp);
INCPTR(vallen, inp);
len -= vallen;
GETCHAR(vallen, inp);
len--;
if (vallen > len)
goto truncated;
if (vallen == 0) {
printer(arg, " <Default g=2>");
} else {
printer(arg, " <g%.*B>", vallen, inp);
}
INCPTR(vallen, inp);
len -= vallen;
if (len == 0) {
printer(arg, " <Default N>");
} else {
printer(arg, " <N%.*B>", len, inp);
INCPTR(len, inp);
len = 0;
}
break;
case EAPSRP_SKEY:
printer(arg, " <B%.*B>", len, inp);
INCPTR(len, inp);
len = 0;
break;
case EAPSRP_SVALIDATOR:
if (len < (int)sizeof (u32_t))
break;
GETLONG(uval, inp);
len -= sizeof (u32_t);
if (uval & SRPVAL_EBIT) {
printer(arg, " E");
uval &= ~SRPVAL_EBIT;
}
if (uval != 0) {
printer(arg, " f<%X>", uval);
}
if ((vallen = len) > SHA_DIGESTSIZE)
vallen = SHA_DIGESTSIZE;
printer(arg, " <M2%.*B%s>", len, inp,
len < SHA_DIGESTSIZE ? "?" : "");
INCPTR(vallen, inp);
len -= vallen;
if (len > 0) {
printer(arg, " <PN%.*B>", len, inp);
INCPTR(len, inp);
len = 0;
}
break;
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Challenge%.*B>", len, inp);
INCPTR(len, inp);
len = 0;
break;
default:
break;
}
break;
default:
break;
}
break;
case EAP_RESPONSE:
if (len < 1)
break;
GETCHAR(rtype, inp);
len--;
if (rtype >= 1 &&
rtype <= (int)sizeof (eap_typenames) / (int)sizeof (char *))
printer(arg, " %s", eap_typenames[rtype-1]);
else
printer(arg, " type=0x%x", rtype);
switch (rtype) {
case EAPT_IDENTITY:
if (len > 0) {
printer(arg, " <Name ");
ppp_print_string(inp, len, printer, arg);
printer(arg, ">");
INCPTR(len, inp);
len = 0;
}
break;
case EAPT_NAK:
if (len <= 0) {
printer(arg, " <missing hint>");
break;
}
GETCHAR(rtype, inp);
len--;
printer(arg, " <Suggested-type %02X", rtype);
if (rtype >= 1 &&
rtype < (int)sizeof (eap_typenames) / (int)sizeof (char *))
printer(arg, " (%s)", eap_typenames[rtype-1]);
printer(arg, ">");
break;
case EAPT_MD5CHAP:
if (len <= 0) {
printer(arg, " <missing length>");
break;
}
GETCHAR(vallen, inp);
len--;
if (vallen > len)
goto truncated;
printer(arg, " <Value%.*B>", vallen, inp);
INCPTR(vallen, inp);
len -= vallen;
if (len > 0) {
printer(arg, " <Name ");
ppp_print_string(inp, len, printer, arg);
printer(arg, ">");
INCPTR(len, inp);
len = 0;
} else {
printer(arg, " <No name>");
}
break;
case EAPT_SRP:
if (len < 1)
goto truncated;
GETCHAR(vallen, inp);
len--;
printer(arg, "-%d", vallen);
switch (vallen) {
case EAPSRP_CKEY:
printer(arg, " <A%.*B>", len, inp);
INCPTR(len, inp);
len = 0;
break;
case EAPSRP_CVALIDATOR:
if (len < (int)sizeof (u32_t))
break;
GETLONG(uval, inp);
len -= sizeof (u32_t);
if (uval & SRPVAL_EBIT) {
printer(arg, " E");
uval &= ~SRPVAL_EBIT;
}
if (uval != 0) {
printer(arg, " f<%X>", uval);
}
printer(arg, " <M1%.*B%s>", len, inp,
len == SHA_DIGESTSIZE ? "" : "?");
INCPTR(len, inp);
len = 0;
break;
case EAPSRP_ACK:
break;
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Response%.*B%s>", len, inp,
len == SHA_DIGESTSIZE ? "" : "?");
if ((vallen = len) > SHA_DIGESTSIZE)
vallen = SHA_DIGESTSIZE;
INCPTR(vallen, inp);
len -= vallen;
break;
default:
break;
}
break;
default:
break;
}
break;
case EAP_SUCCESS: /* No payload expected for these! */
case EAP_FAILURE:
default:
break;
truncated:
printer(arg, " <truncated>");
break;
}
if (len > 8)
printer(arg, "%8B...", inp);
else if (len > 0)
printer(arg, "%.*B", len, inp);
INCPTR(len, inp);
return (inp - pstart);
}
#endif /* PRINTPKT_SUPPORT */
#endif /* PPP_SUPPORT && EAP_SUPPORT */