mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
2430 lines
61 KiB
C
2430 lines
61 KiB
C
|
/*
|
||
|
* eap.c - Extensible Authentication Protocol for PPP (RFC 2284)
|
||
|
*
|
||
|
* Copyright (c) 2001 by Sun Microsystems, Inc.
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* Non-exclusive rights to redistribute, modify, translate, and use
|
||
|
* this software in source and binary forms, in whole or in part, is
|
||
|
* hereby granted, provided that the above copyright notice is
|
||
|
* duplicated in any source form, and that neither the name of the
|
||
|
* copyright holder nor the author is used to endorse or promote
|
||
|
* products derived from this software.
|
||
|
*
|
||
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
||
|
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||
|
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
*
|
||
|
* Original version by James Carlson
|
||
|
*
|
||
|
* This implementation of EAP supports MD5-Challenge and SRP-SHA1
|
||
|
* authentication styles. Note that support of MD5-Challenge is a
|
||
|
* requirement of RFC 2284, and that it's essentially just a
|
||
|
* reimplementation of regular RFC 1994 CHAP using EAP messages.
|
||
|
*
|
||
|
* As an authenticator ("server"), there are multiple phases for each
|
||
|
* style. In the first phase of each style, the unauthenticated peer
|
||
|
* name is queried using the EAP Identity request type. If the
|
||
|
* "remotename" option is used, then this phase is skipped, because
|
||
|
* the peer's name is presumed to be known.
|
||
|
*
|
||
|
* For MD5-Challenge, there are two phases, and the second phase
|
||
|
* consists of sending the challenge itself and handling the
|
||
|
* associated response.
|
||
|
*
|
||
|
* For SRP-SHA1, there are four phases. The second sends 's', 'N',
|
||
|
* and 'g'. The reply contains 'A'. The third sends 'B', and the
|
||
|
* reply contains 'M1'. The forth sends the 'M2' value.
|
||
|
*
|
||
|
* As an authenticatee ("client"), there's just a single phase --
|
||
|
* responding to the queries generated by the peer. EAP is an
|
||
|
* authenticator-driven protocol.
|
||
|
*
|
||
|
* Based on draft-ietf-pppext-eap-srp-03.txt.
|
||
|
*/
|
||
|
|
||
|
#include "lwip/opt.h"
|
||
|
#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
||
|
|
||
|
#include "netif/ppp/ppp_impl.h"
|
||
|
|
||
|
#if LWIP_INCLUDED_POLARSSL_MD5
|
||
|
#include "netif/ppp/polarssl/md5.h"
|
||
|
#else
|
||
|
#include "polarssl/md5.h"
|
||
|
#endif
|
||
|
|
||
|
#include "netif/ppp/eap.h"
|
||
|
#include "netif/ppp/magic.h"
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
#include <t_pwd.h>
|
||
|
#include <t_server.h>
|
||
|
#include <t_client.h>
|
||
|
#include "netif/ppp/pppcrypt.h"
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
#ifndef SHA_DIGESTSIZE
|
||
|
#define SHA_DIGESTSIZE 20
|
||
|
#endif
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
static char *pn_secret = NULL; /* Pseudonym generating secret */
|
||
|
#endif
|
||
|
|
||
|
#if PPP_OPTIONS
|
||
|
/*
|
||
|
* Command-line options.
|
||
|
*/
|
||
|
static option_t eap_option_list[] = {
|
||
|
{ "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
|
||
|
"Set retransmit timeout for EAP Requests (server)" },
|
||
|
{ "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
|
||
|
"Set max number of EAP Requests sent (server)" },
|
||
|
{ "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout,
|
||
|
"Set time limit for peer EAP authentication" },
|
||
|
{ "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests,
|
||
|
"Set max number of EAP Requests allows (client)" },
|
||
|
{ "eap-interval", o_int, &eap_states[0].es_rechallenge,
|
||
|
"Set interval for EAP rechallenge" },
|
||
|
#ifdef USE_SRP
|
||
|
{ "srp-interval", o_int, &eap_states[0].es_lwrechallenge,
|
||
|
"Set interval for SRP lightweight rechallenge" },
|
||
|
{ "srp-pn-secret", o_string, &pn_secret,
|
||
|
"Long term pseudonym generation secret" },
|
||
|
{ "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo,
|
||
|
"Use pseudonym if offered one by server", 1 },
|
||
|
#endif
|
||
|
{ NULL }
|
||
|
};
|
||
|
#endif /* PPP_OPTIONS */
|
||
|
|
||
|
/*
|
||
|
* Protocol entry points.
|
||
|
*/
|
||
|
static void eap_init(ppp_pcb *pcb);
|
||
|
static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen);
|
||
|
static void eap_protrej(ppp_pcb *pcb);
|
||
|
static void eap_lowerup(ppp_pcb *pcb);
|
||
|
static void eap_lowerdown(ppp_pcb *pcb);
|
||
|
#if PRINTPKT_SUPPORT
|
||
|
static int eap_printpkt(const u_char *inp, int inlen,
|
||
|
void (*)(void *arg, const char *fmt, ...), void *arg);
|
||
|
#endif /* PRINTPKT_SUPPORT */
|
||
|
|
||
|
const struct protent eap_protent = {
|
||
|
PPP_EAP, /* protocol number */
|
||
|
eap_init, /* initialization procedure */
|
||
|
eap_input, /* process a received packet */
|
||
|
eap_protrej, /* process a received protocol-reject */
|
||
|
eap_lowerup, /* lower layer has gone up */
|
||
|
eap_lowerdown, /* lower layer has gone down */
|
||
|
NULL, /* open the protocol */
|
||
|
NULL, /* close the protocol */
|
||
|
#if PRINTPKT_SUPPORT
|
||
|
eap_printpkt, /* print a packet in readable form */
|
||
|
#endif /* PRINTPKT_SUPPORT */
|
||
|
#if PPP_DATAINPUT
|
||
|
NULL, /* process a received data packet */
|
||
|
#endif /* PPP_DATAINPUT */
|
||
|
#if PRINTPKT_SUPPORT
|
||
|
"EAP", /* text name of protocol */
|
||
|
NULL, /* text name of corresponding data protocol */
|
||
|
#endif /* PRINTPKT_SUPPORT */
|
||
|
#if PPP_OPTIONS
|
||
|
eap_option_list, /* list of command-line options */
|
||
|
NULL, /* check requested options; assign defaults */
|
||
|
#endif /* PPP_OPTIONS */
|
||
|
#if DEMAND_SUPPORT
|
||
|
NULL, /* configure interface for demand-dial */
|
||
|
NULL /* say whether to bring up link for this pkt */
|
||
|
#endif /* DEMAND_SUPPORT */
|
||
|
};
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
/*
|
||
|
* A well-known 2048 bit modulus.
|
||
|
*/
|
||
|
static const u_char wkmodulus[] = {
|
||
|
0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B,
|
||
|
0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F,
|
||
|
0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07,
|
||
|
0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50,
|
||
|
0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED,
|
||
|
0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D,
|
||
|
0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D,
|
||
|
0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50,
|
||
|
0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
|
||
|
0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3,
|
||
|
0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8,
|
||
|
0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8,
|
||
|
0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA,
|
||
|
0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74,
|
||
|
0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7,
|
||
|
0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B,
|
||
|
0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16,
|
||
|
0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
|
||
|
0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A,
|
||
|
0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48,
|
||
|
0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D,
|
||
|
0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA,
|
||
|
0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78,
|
||
|
0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6,
|
||
|
0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29,
|
||
|
0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8,
|
||
|
0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
|
||
|
0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6,
|
||
|
0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4,
|
||
|
0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75,
|
||
|
0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2,
|
||
|
0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73
|
||
|
};
|
||
|
#endif
|
||
|
|
||
|
#if PPP_SERVER
|
||
|
/* Local forward declarations. */
|
||
|
static void eap_server_timeout(void *arg);
|
||
|
#endif /* PPP_SERVER */
|
||
|
|
||
|
/*
|
||
|
* Convert EAP state code to printable string for debug.
|
||
|
*/
|
||
|
static const char * eap_state_name(enum eap_state_code esc)
|
||
|
{
|
||
|
static const char *state_names[] = { EAP_STATES };
|
||
|
|
||
|
return (state_names[(int)esc]);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_init - Initialize state for an EAP user. This is currently
|
||
|
* called once by main() during start-up.
|
||
|
*/
|
||
|
static void eap_init(ppp_pcb *pcb) {
|
||
|
|
||
|
BZERO(&pcb->eap, sizeof(eap_state));
|
||
|
#if PPP_SERVER
|
||
|
pcb->eap.es_server.ea_id = magic();
|
||
|
#endif /* PPP_SERVER */
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_client_timeout - Give up waiting for the peer to send any
|
||
|
* Request messages.
|
||
|
*/
|
||
|
static void eap_client_timeout(void *arg) {
|
||
|
ppp_pcb *pcb = (ppp_pcb*)arg;
|
||
|
|
||
|
if (!eap_client_active(pcb))
|
||
|
return;
|
||
|
|
||
|
ppp_error("EAP: timeout waiting for Request from peer");
|
||
|
auth_withpeer_fail(pcb, PPP_EAP);
|
||
|
pcb->eap.es_client.ea_state = eapBadAuth;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_authwithpeer - Authenticate to our peer (behave as client).
|
||
|
*
|
||
|
* Start client state and wait for requests. This is called only
|
||
|
* after eap_lowerup.
|
||
|
*/
|
||
|
void eap_authwithpeer(ppp_pcb *pcb, const char *localname) {
|
||
|
|
||
|
if(NULL == localname)
|
||
|
return;
|
||
|
|
||
|
/* Save the peer name we're given */
|
||
|
pcb->eap.es_client.ea_name = localname;
|
||
|
pcb->eap.es_client.ea_namelen = strlen(localname);
|
||
|
|
||
|
pcb->eap.es_client.ea_state = eapListen;
|
||
|
|
||
|
/*
|
||
|
* Start a timer so that if the other end just goes
|
||
|
* silent, we don't sit here waiting forever.
|
||
|
*/
|
||
|
if (pcb->settings.eap_req_time > 0)
|
||
|
TIMEOUT(eap_client_timeout, pcb,
|
||
|
pcb->settings.eap_req_time);
|
||
|
}
|
||
|
|
||
|
#if PPP_SERVER
|
||
|
/*
|
||
|
* Format a standard EAP Failure message and send it to the peer.
|
||
|
* (Server operation)
|
||
|
*/
|
||
|
static void eap_send_failure(ppp_pcb *pcb) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_FAILURE, outp);
|
||
|
pcb->eap.es_server.ea_id++;
|
||
|
PUTCHAR(pcb->eap.es_server.ea_id, outp);
|
||
|
PUTSHORT(EAP_HEADERLEN, outp);
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
auth_peer_fail(pcb, PPP_EAP);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Format a standard EAP Success message and send it to the peer.
|
||
|
* (Server operation)
|
||
|
*/
|
||
|
static void eap_send_success(ppp_pcb *pcb) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_SUCCESS, outp);
|
||
|
pcb->eap.es_server.ea_id++;
|
||
|
PUTCHAR(pcb->eap.es_server.ea_id, outp);
|
||
|
PUTSHORT(EAP_HEADERLEN, outp);
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
|
||
|
auth_peer_success(pcb, PPP_EAP, 0,
|
||
|
pcb->eap.es_server.ea_peer, pcb->eap.es_server.ea_peerlen);
|
||
|
}
|
||
|
#endif /* PPP_SERVER */
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
/*
|
||
|
* Set DES key according to pseudonym-generating secret and current
|
||
|
* date.
|
||
|
*/
|
||
|
static bool
|
||
|
pncrypt_setkey(int timeoffs)
|
||
|
{
|
||
|
struct tm *tp;
|
||
|
char tbuf[9];
|
||
|
SHA1_CTX ctxt;
|
||
|
u_char dig[SHA_DIGESTSIZE];
|
||
|
time_t reftime;
|
||
|
|
||
|
if (pn_secret == NULL)
|
||
|
return (0);
|
||
|
reftime = time(NULL) + timeoffs;
|
||
|
tp = localtime(&reftime);
|
||
|
SHA1Init(&ctxt);
|
||
|
SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
|
||
|
strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
|
||
|
SHA1Update(&ctxt, tbuf, strlen(tbuf));
|
||
|
SHA1Final(dig, &ctxt);
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
return (DesSetkey(dig));
|
||
|
}
|
||
|
|
||
|
static char base64[] =
|
||
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||
|
|
||
|
struct b64state {
|
||
|
u32_t bs_bits;
|
||
|
int bs_offs;
|
||
|
};
|
||
|
|
||
|
static int
|
||
|
b64enc(bs, inp, inlen, outp)
|
||
|
struct b64state *bs;
|
||
|
u_char *inp;
|
||
|
int inlen;
|
||
|
u_char *outp;
|
||
|
{
|
||
|
int outlen = 0;
|
||
|
|
||
|
while (inlen > 0) {
|
||
|
bs->bs_bits = (bs->bs_bits << 8) | *inp++;
|
||
|
inlen--;
|
||
|
bs->bs_offs += 8;
|
||
|
if (bs->bs_offs >= 24) {
|
||
|
*outp++ = base64[(bs->bs_bits >> 18) & 0x3F];
|
||
|
*outp++ = base64[(bs->bs_bits >> 12) & 0x3F];
|
||
|
*outp++ = base64[(bs->bs_bits >> 6) & 0x3F];
|
||
|
*outp++ = base64[bs->bs_bits & 0x3F];
|
||
|
outlen += 4;
|
||
|
bs->bs_offs = 0;
|
||
|
bs->bs_bits = 0;
|
||
|
}
|
||
|
}
|
||
|
return (outlen);
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
b64flush(bs, outp)
|
||
|
struct b64state *bs;
|
||
|
u_char *outp;
|
||
|
{
|
||
|
int outlen = 0;
|
||
|
|
||
|
if (bs->bs_offs == 8) {
|
||
|
*outp++ = base64[(bs->bs_bits >> 2) & 0x3F];
|
||
|
*outp++ = base64[(bs->bs_bits << 4) & 0x3F];
|
||
|
outlen = 2;
|
||
|
} else if (bs->bs_offs == 16) {
|
||
|
*outp++ = base64[(bs->bs_bits >> 10) & 0x3F];
|
||
|
*outp++ = base64[(bs->bs_bits >> 4) & 0x3F];
|
||
|
*outp++ = base64[(bs->bs_bits << 2) & 0x3F];
|
||
|
outlen = 3;
|
||
|
}
|
||
|
bs->bs_offs = 0;
|
||
|
bs->bs_bits = 0;
|
||
|
return (outlen);
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
b64dec(bs, inp, inlen, outp)
|
||
|
struct b64state *bs;
|
||
|
u_char *inp;
|
||
|
int inlen;
|
||
|
u_char *outp;
|
||
|
{
|
||
|
int outlen = 0;
|
||
|
char *cp;
|
||
|
|
||
|
while (inlen > 0) {
|
||
|
if ((cp = strchr(base64, *inp++)) == NULL)
|
||
|
break;
|
||
|
bs->bs_bits = (bs->bs_bits << 6) | (cp - base64);
|
||
|
inlen--;
|
||
|
bs->bs_offs += 6;
|
||
|
if (bs->bs_offs >= 8) {
|
||
|
*outp++ = bs->bs_bits >> (bs->bs_offs - 8);
|
||
|
outlen++;
|
||
|
bs->bs_offs -= 8;
|
||
|
}
|
||
|
}
|
||
|
return (outlen);
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
#if PPP_SERVER
|
||
|
/*
|
||
|
* Assume that current waiting server state is complete and figure
|
||
|
* next state to use based on available authentication data. 'status'
|
||
|
* indicates if there was an error in handling the last query. It is
|
||
|
* 0 for success and non-zero for failure.
|
||
|
*/
|
||
|
static void eap_figure_next_state(ppp_pcb *pcb, int status) {
|
||
|
#ifdef USE_SRP
|
||
|
unsigned char secbuf[MAXSECRETLEN], clear[8], *sp, *dp;
|
||
|
struct t_pw tpw;
|
||
|
struct t_confent *tce, mytce;
|
||
|
char *cp, *cp2;
|
||
|
struct t_server *ts;
|
||
|
int id, i, plen, toffs;
|
||
|
u_char vals[2];
|
||
|
struct b64state bs;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
pcb->settings.eap_timeout_time = pcb->eap.es_savedtime;
|
||
|
switch (pcb->eap.es_server.ea_state) {
|
||
|
case eapBadAuth:
|
||
|
return;
|
||
|
|
||
|
case eapIdentify:
|
||
|
#ifdef USE_SRP
|
||
|
/* Discard any previous session. */
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
if (ts != NULL) {
|
||
|
t_serverclose(ts);
|
||
|
pcb->eap.es_server.ea_session = NULL;
|
||
|
pcb->eap.es_server.ea_skey = NULL;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
if (status != 0) {
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
break;
|
||
|
}
|
||
|
#ifdef USE_SRP
|
||
|
/* If we've got a pseudonym, try to decode to real name. */
|
||
|
if (pcb->eap.es_server.ea_peerlen > SRP_PSEUDO_LEN &&
|
||
|
strncmp(pcb->eap.es_server.ea_peer, SRP_PSEUDO_ID,
|
||
|
SRP_PSEUDO_LEN) == 0 &&
|
||
|
(pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 <
|
||
|
sizeof (secbuf)) {
|
||
|
BZERO(&bs, sizeof (bs));
|
||
|
plen = b64dec(&bs,
|
||
|
pcb->eap.es_server.ea_peer + SRP_PSEUDO_LEN,
|
||
|
pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN,
|
||
|
secbuf);
|
||
|
toffs = 0;
|
||
|
for (i = 0; i < 5; i++) {
|
||
|
pncrypt_setkey(toffs);
|
||
|
toffs -= 86400;
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
if (!DesDecrypt(secbuf, clear)) {
|
||
|
ppp_dbglog("no DES here; cannot decode "
|
||
|
"pseudonym");
|
||
|
return;
|
||
|
}
|
||
|
id = *(unsigned char *)clear;
|
||
|
if (id + 1 <= plen && id + 9 > plen)
|
||
|
break;
|
||
|
}
|
||
|
if (plen % 8 == 0 && i < 5) {
|
||
|
/*
|
||
|
* Note that this is always shorter than the
|
||
|
* original stored string, so there's no need
|
||
|
* to realloc.
|
||
|
*/
|
||
|
if ((i = plen = *(unsigned char *)clear) > 7)
|
||
|
i = 7;
|
||
|
pcb->eap.es_server.ea_peerlen = plen;
|
||
|
dp = (unsigned char *)pcb->eap.es_server.ea_peer;
|
||
|
MEMCPY(dp, clear + 1, i);
|
||
|
plen -= i;
|
||
|
dp += i;
|
||
|
sp = secbuf + 8;
|
||
|
while (plen > 0) {
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
(void) DesDecrypt(sp, dp);
|
||
|
sp += 8;
|
||
|
dp += 8;
|
||
|
plen -= 8;
|
||
|
}
|
||
|
pcb->eap.es_server.ea_peer[
|
||
|
pcb->eap.es_server.ea_peerlen] = '\0';
|
||
|
ppp_dbglog("decoded pseudonym to \"%.*q\"",
|
||
|
pcb->eap.es_server.ea_peerlen,
|
||
|
pcb->eap.es_server.ea_peer);
|
||
|
} else {
|
||
|
ppp_dbglog("failed to decode real name");
|
||
|
/* Stay in eapIdentfy state; requery */
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
/* Look up user in secrets database. */
|
||
|
if (get_srp_secret(pcb->eap.es_unit, pcb->eap.es_server.ea_peer,
|
||
|
pcb->eap.es_server.ea_name, (char *)secbuf, 1) != 0) {
|
||
|
/* Set up default in case SRP entry is bad */
|
||
|
pcb->eap.es_server.ea_state = eapMD5Chall;
|
||
|
/* Get t_confent based on index in srp-secrets */
|
||
|
id = strtol((char *)secbuf, &cp, 10);
|
||
|
if (*cp++ != ':' || id < 0)
|
||
|
break;
|
||
|
if (id == 0) {
|
||
|
mytce.index = 0;
|
||
|
mytce.modulus.data = (u_char *)wkmodulus;
|
||
|
mytce.modulus.len = sizeof (wkmodulus);
|
||
|
mytce.generator.data = (u_char *)"\002";
|
||
|
mytce.generator.len = 1;
|
||
|
tce = &mytce;
|
||
|
} else if ((tce = gettcid(id)) != NULL) {
|
||
|
/*
|
||
|
* Client will have to verify this modulus/
|
||
|
* generator combination, and that will take
|
||
|
* a while. Lengthen the timeout here.
|
||
|
*/
|
||
|
if (pcb->settings.eap_timeout_time > 0 &&
|
||
|
pcb->settings.eap_timeout_time < 30)
|
||
|
pcb->settings.eap_timeout_time = 30;
|
||
|
} else {
|
||
|
break;
|
||
|
}
|
||
|
if ((cp2 = strchr(cp, ':')) == NULL)
|
||
|
break;
|
||
|
*cp2++ = '\0';
|
||
|
tpw.pebuf.name = pcb->eap.es_server.ea_peer;
|
||
|
tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf,
|
||
|
cp);
|
||
|
tpw.pebuf.password.data = tpw.pwbuf;
|
||
|
tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf,
|
||
|
cp2);
|
||
|
tpw.pebuf.salt.data = tpw.saltbuf;
|
||
|
if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL)
|
||
|
break;
|
||
|
pcb->eap.es_server.ea_session = (void *)ts;
|
||
|
pcb->eap.es_server.ea_state = eapSRP1;
|
||
|
vals[0] = pcb->eap.es_server.ea_id + 1;
|
||
|
vals[1] = EAPT_SRP;
|
||
|
t_serveraddexdata(ts, vals, 2);
|
||
|
/* Generate B; must call before t_servergetkey() */
|
||
|
t_servergenexp(ts);
|
||
|
break;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
pcb->eap.es_server.ea_state = eapMD5Chall;
|
||
|
break;
|
||
|
|
||
|
case eapSRP1:
|
||
|
#ifdef USE_SRP
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
if (ts != NULL && status != 0) {
|
||
|
t_serverclose(ts);
|
||
|
pcb->eap.es_server.ea_session = NULL;
|
||
|
pcb->eap.es_server.ea_skey = NULL;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
if (status == 1) {
|
||
|
pcb->eap.es_server.ea_state = eapMD5Chall;
|
||
|
} else if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
} else {
|
||
|
pcb->eap.es_server.ea_state = eapSRP2;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case eapSRP2:
|
||
|
#ifdef USE_SRP
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
if (ts != NULL && status != 0) {
|
||
|
t_serverclose(ts);
|
||
|
pcb->eap.es_server.ea_session = NULL;
|
||
|
pcb->eap.es_server.ea_skey = NULL;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
} else {
|
||
|
pcb->eap.es_server.ea_state = eapSRP3;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case eapSRP3:
|
||
|
case eapSRP4:
|
||
|
#ifdef USE_SRP
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
if (ts != NULL && status != 0) {
|
||
|
t_serverclose(ts);
|
||
|
pcb->eap.es_server.ea_session = NULL;
|
||
|
pcb->eap.es_server.ea_skey = NULL;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
} else {
|
||
|
pcb->eap.es_server.ea_state = eapOpen;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case eapMD5Chall:
|
||
|
if (status != 0) {
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
} else {
|
||
|
pcb->eap.es_server.ea_state = eapOpen;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
pcb->eap.es_server.ea_state = eapBadAuth;
|
||
|
break;
|
||
|
}
|
||
|
if (pcb->eap.es_server.ea_state == eapBadAuth)
|
||
|
eap_send_failure(pcb);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Format an EAP Request message and send it to the peer. Message
|
||
|
* type depends on current state. (Server operation)
|
||
|
*/
|
||
|
static void eap_send_request(ppp_pcb *pcb) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
u_char *lenloc;
|
||
|
int outlen;
|
||
|
int len;
|
||
|
const char *str;
|
||
|
#ifdef USE_SRP
|
||
|
struct t_server *ts;
|
||
|
u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp;
|
||
|
int i, j;
|
||
|
struct b64state b64;
|
||
|
SHA1_CTX ctxt;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
/* Handle both initial auth and restart */
|
||
|
if (pcb->eap.es_server.ea_state < eapIdentify &&
|
||
|
pcb->eap.es_server.ea_state != eapInitial) {
|
||
|
pcb->eap.es_server.ea_state = eapIdentify;
|
||
|
#if PPP_REMOTENAME
|
||
|
if (pcb->settings.explicit_remote && pcb->remote_name) {
|
||
|
/*
|
||
|
* If we already know the peer's
|
||
|
* unauthenticated name, then there's no
|
||
|
* reason to ask. Go to next state instead.
|
||
|
*/
|
||
|
int len = (int)strlen(pcb->remote_name);
|
||
|
if (len > MAXNAMELEN) {
|
||
|
len = MAXNAMELEN;
|
||
|
}
|
||
|
MEMCPY(pcb->eap.es_server.ea_peer, pcb->remote_name, len);
|
||
|
pcb->eap.es_server.ea_peer[len] = '\0';
|
||
|
pcb->eap.es_server.ea_peerlen = len;
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
}
|
||
|
#endif /* PPP_REMOTENAME */
|
||
|
}
|
||
|
|
||
|
if (pcb->settings.eap_max_transmits > 0 &&
|
||
|
pcb->eap.es_server.ea_requests >= pcb->settings.eap_max_transmits) {
|
||
|
if (pcb->eap.es_server.ea_responses > 0)
|
||
|
ppp_error("EAP: too many Requests sent");
|
||
|
else
|
||
|
ppp_error("EAP: no response to Requests");
|
||
|
eap_send_failure(pcb);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_CTRL_PBUF_MAX_SIZE), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_REQUEST, outp);
|
||
|
PUTCHAR(pcb->eap.es_server.ea_id, outp);
|
||
|
lenloc = outp;
|
||
|
INCPTR(2, outp);
|
||
|
|
||
|
switch (pcb->eap.es_server.ea_state) {
|
||
|
case eapIdentify:
|
||
|
PUTCHAR(EAPT_IDENTITY, outp);
|
||
|
str = "Name";
|
||
|
len = strlen(str);
|
||
|
MEMCPY(outp, str, len);
|
||
|
INCPTR(len, outp);
|
||
|
break;
|
||
|
|
||
|
case eapMD5Chall:
|
||
|
PUTCHAR(EAPT_MD5CHAP, outp);
|
||
|
/*
|
||
|
* pick a random challenge length between
|
||
|
* EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH
|
||
|
*/
|
||
|
pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
|
||
|
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
|
||
|
PUTCHAR(pcb->eap.es_challen, outp);
|
||
|
magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
INCPTR(pcb->eap.es_challen, outp);
|
||
|
MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
|
||
|
INCPTR(pcb->eap.es_server.ea_namelen, outp);
|
||
|
break;
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
case eapSRP1:
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(EAPSRP_CHALLENGE, outp);
|
||
|
|
||
|
PUTCHAR(pcb->eap.es_server.ea_namelen, outp);
|
||
|
MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
|
||
|
INCPTR(pcb->eap.es_server.ea_namelen, outp);
|
||
|
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
assert(ts != NULL);
|
||
|
PUTCHAR(ts->s.len, outp);
|
||
|
MEMCPY(outp, ts->s.data, ts->s.len);
|
||
|
INCPTR(ts->s.len, outp);
|
||
|
|
||
|
if (ts->g.len == 1 && ts->g.data[0] == 2) {
|
||
|
PUTCHAR(0, outp);
|
||
|
} else {
|
||
|
PUTCHAR(ts->g.len, outp);
|
||
|
MEMCPY(outp, ts->g.data, ts->g.len);
|
||
|
INCPTR(ts->g.len, outp);
|
||
|
}
|
||
|
|
||
|
if (ts->n.len != sizeof (wkmodulus) ||
|
||
|
BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) {
|
||
|
MEMCPY(outp, ts->n.data, ts->n.len);
|
||
|
INCPTR(ts->n.len, outp);
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case eapSRP2:
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(EAPSRP_SKEY, outp);
|
||
|
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
assert(ts != NULL);
|
||
|
MEMCPY(outp, ts->B.data, ts->B.len);
|
||
|
INCPTR(ts->B.len, outp);
|
||
|
break;
|
||
|
|
||
|
case eapSRP3:
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(EAPSRP_SVALIDATOR, outp);
|
||
|
PUTLONG(SRPVAL_EBIT, outp);
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
assert(ts != NULL);
|
||
|
MEMCPY(outp, t_serverresponse(ts), SHA_DIGESTSIZE);
|
||
|
INCPTR(SHA_DIGESTSIZE, outp);
|
||
|
|
||
|
if (pncrypt_setkey(0)) {
|
||
|
/* Generate pseudonym */
|
||
|
optr = outp;
|
||
|
cp = (unsigned char *)pcb->eap.es_server.ea_peer;
|
||
|
if ((j = i = pcb->eap.es_server.ea_peerlen) > 7)
|
||
|
j = 7;
|
||
|
clear[0] = i;
|
||
|
MEMCPY(clear + 1, cp, j);
|
||
|
i -= j;
|
||
|
cp += j;
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
if (!DesEncrypt(clear, cipher)) {
|
||
|
ppp_dbglog("no DES here; not generating pseudonym");
|
||
|
break;
|
||
|
}
|
||
|
BZERO(&b64, sizeof (b64));
|
||
|
outp++; /* space for pseudonym length */
|
||
|
outp += b64enc(&b64, cipher, 8, outp);
|
||
|
while (i >= 8) {
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
(void) DesEncrypt(cp, cipher);
|
||
|
outp += b64enc(&b64, cipher, 8, outp);
|
||
|
cp += 8;
|
||
|
i -= 8;
|
||
|
}
|
||
|
if (i > 0) {
|
||
|
MEMCPY(clear, cp, i);
|
||
|
cp += i;
|
||
|
magic_random_bytes(cp, 8-i);
|
||
|
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
|
||
|
(void) DesEncrypt(clear, cipher);
|
||
|
outp += b64enc(&b64, cipher, 8, outp);
|
||
|
}
|
||
|
outp += b64flush(&b64, outp);
|
||
|
|
||
|
/* Set length and pad out to next 20 octet boundary */
|
||
|
i = outp - optr - 1;
|
||
|
*optr = i;
|
||
|
i %= SHA_DIGESTSIZE;
|
||
|
if (i != 0) {
|
||
|
magic_random_bytes(outp, SHA_DIGESTSIZE-i);
|
||
|
INCPTR(SHA_DIGESTSIZE-i, outp);
|
||
|
}
|
||
|
|
||
|
/* Obscure the pseudonym with SHA1 hash */
|
||
|
SHA1Init(&ctxt);
|
||
|
SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
|
||
|
SESSION_KEY_LEN);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
|
||
|
pcb->eap.es_server.ea_peerlen);
|
||
|
while (optr < outp) {
|
||
|
SHA1Final(dig, &ctxt);
|
||
|
cp = dig;
|
||
|
while (cp < dig + SHA_DIGESTSIZE)
|
||
|
*optr++ ^= *cp++;
|
||
|
SHA1Init(&ctxt);
|
||
|
SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
|
||
|
SESSION_KEY_LEN);
|
||
|
SHA1Update(&ctxt, optr - SHA_DIGESTSIZE,
|
||
|
SHA_DIGESTSIZE);
|
||
|
}
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case eapSRP4:
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(EAPSRP_LWRECHALLENGE, outp);
|
||
|
pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
|
||
|
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
|
||
|
magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
INCPTR(pcb->eap.es_challen, outp);
|
||
|
break;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
default:
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outlen = (outp - (unsigned char*)p->payload) - PPP_HDRLEN;
|
||
|
PUTSHORT(outlen, lenloc);
|
||
|
|
||
|
pbuf_realloc(p, outlen + PPP_HDRLEN);
|
||
|
ppp_write(pcb, p);
|
||
|
|
||
|
pcb->eap.es_server.ea_requests++;
|
||
|
|
||
|
if (pcb->settings.eap_timeout_time > 0)
|
||
|
TIMEOUT(eap_server_timeout, pcb, pcb->settings.eap_timeout_time);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_authpeer - Authenticate our peer (behave as server).
|
||
|
*
|
||
|
* Start server state and send first request. This is called only
|
||
|
* after eap_lowerup.
|
||
|
*/
|
||
|
void eap_authpeer(ppp_pcb *pcb, const char *localname) {
|
||
|
|
||
|
/* Save the name we're given. */
|
||
|
pcb->eap.es_server.ea_name = localname;
|
||
|
pcb->eap.es_server.ea_namelen = strlen(localname);
|
||
|
|
||
|
pcb->eap.es_savedtime = pcb->settings.eap_timeout_time;
|
||
|
|
||
|
/* Lower layer up yet? */
|
||
|
if (pcb->eap.es_server.ea_state == eapInitial ||
|
||
|
pcb->eap.es_server.ea_state == eapPending) {
|
||
|
pcb->eap.es_server.ea_state = eapPending;
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
pcb->eap.es_server.ea_state = eapPending;
|
||
|
|
||
|
/* ID number not updated here intentionally; hashed into M1 */
|
||
|
eap_send_request(pcb);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_server_timeout - Retransmission timer for sending Requests
|
||
|
* expired.
|
||
|
*/
|
||
|
static void eap_server_timeout(void *arg) {
|
||
|
ppp_pcb *pcb = (ppp_pcb*)arg;
|
||
|
|
||
|
if (!eap_server_active(pcb))
|
||
|
return;
|
||
|
|
||
|
/* EAP ID number must not change on timeout. */
|
||
|
eap_send_request(pcb);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* When it's time to send rechallenge the peer, this timeout is
|
||
|
* called. Once the rechallenge is successful, the response handler
|
||
|
* will restart the timer. If it fails, then the link is dropped.
|
||
|
*/
|
||
|
static void eap_rechallenge(void *arg) {
|
||
|
ppp_pcb *pcb = (ppp_pcb*)arg;
|
||
|
|
||
|
if (pcb->eap.es_server.ea_state != eapOpen &&
|
||
|
pcb->eap.es_server.ea_state != eapSRP4)
|
||
|
return;
|
||
|
|
||
|
pcb->eap.es_server.ea_requests = 0;
|
||
|
pcb->eap.es_server.ea_state = eapIdentify;
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
pcb->eap.es_server.ea_id++;
|
||
|
eap_send_request(pcb);
|
||
|
}
|
||
|
|
||
|
static void srp_lwrechallenge(void *arg) {
|
||
|
ppp_pcb *pcb = (ppp_pcb*)arg;
|
||
|
|
||
|
if (pcb->eap.es_server.ea_state != eapOpen ||
|
||
|
pcb->eap.es_server.ea_type != EAPT_SRP)
|
||
|
return;
|
||
|
|
||
|
pcb->eap.es_server.ea_requests = 0;
|
||
|
pcb->eap.es_server.ea_state = eapSRP4;
|
||
|
pcb->eap.es_server.ea_id++;
|
||
|
eap_send_request(pcb);
|
||
|
}
|
||
|
#endif /* PPP_SERVER */
|
||
|
|
||
|
/*
|
||
|
* eap_lowerup - The lower layer is now up.
|
||
|
*
|
||
|
* This is called before either eap_authpeer or eap_authwithpeer. See
|
||
|
* link_established() in auth.c. All that's necessary here is to
|
||
|
* return to closed state so that those two routines will do the right
|
||
|
* thing.
|
||
|
*/
|
||
|
static void eap_lowerup(ppp_pcb *pcb) {
|
||
|
pcb->eap.es_client.ea_state = eapClosed;
|
||
|
#if PPP_SERVER
|
||
|
pcb->eap.es_server.ea_state = eapClosed;
|
||
|
#endif /* PPP_SERVER */
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_lowerdown - The lower layer is now down.
|
||
|
*
|
||
|
* Cancel all timeouts and return to initial state.
|
||
|
*/
|
||
|
static void eap_lowerdown(ppp_pcb *pcb) {
|
||
|
|
||
|
if (eap_client_active(pcb) && pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, pcb);
|
||
|
}
|
||
|
#if PPP_SERVER
|
||
|
if (eap_server_active(pcb)) {
|
||
|
if (pcb->settings.eap_timeout_time > 0) {
|
||
|
UNTIMEOUT(eap_server_timeout, pcb);
|
||
|
}
|
||
|
} else {
|
||
|
if ((pcb->eap.es_server.ea_state == eapOpen ||
|
||
|
pcb->eap.es_server.ea_state == eapSRP4) &&
|
||
|
pcb->eap.es_rechallenge > 0) {
|
||
|
UNTIMEOUT(eap_rechallenge, (void *)pcb);
|
||
|
}
|
||
|
if (pcb->eap.es_server.ea_state == eapOpen &&
|
||
|
pcb->eap.es_lwrechallenge > 0) {
|
||
|
UNTIMEOUT(srp_lwrechallenge, (void *)pcb);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
pcb->eap.es_client.ea_state = pcb->eap.es_server.ea_state = eapInitial;
|
||
|
pcb->eap.es_client.ea_requests = pcb->eap.es_server.ea_requests = 0;
|
||
|
#endif /* PPP_SERVER */
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_protrej - Peer doesn't speak this protocol.
|
||
|
*
|
||
|
* This shouldn't happen. If it does, it represents authentication
|
||
|
* failure.
|
||
|
*/
|
||
|
static void eap_protrej(ppp_pcb *pcb) {
|
||
|
|
||
|
if (eap_client_active(pcb)) {
|
||
|
ppp_error("EAP authentication failed due to Protocol-Reject");
|
||
|
auth_withpeer_fail(pcb, PPP_EAP);
|
||
|
}
|
||
|
#if PPP_SERVER
|
||
|
if (eap_server_active(pcb)) {
|
||
|
ppp_error("EAP authentication of peer failed on Protocol-Reject");
|
||
|
auth_peer_fail(pcb, PPP_EAP);
|
||
|
}
|
||
|
#endif /* PPP_SERVER */
|
||
|
eap_lowerdown(pcb);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Format and send a regular EAP Response message.
|
||
|
*/
|
||
|
static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, const u_char *str, int lenstr) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
int msglen;
|
||
|
|
||
|
msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr;
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_RESPONSE, outp);
|
||
|
PUTCHAR(id, outp);
|
||
|
pcb->eap.es_client.ea_id = id;
|
||
|
PUTSHORT(msglen, outp);
|
||
|
PUTCHAR(typenum, outp);
|
||
|
if (lenstr > 0) {
|
||
|
MEMCPY(outp, str, lenstr);
|
||
|
}
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Format and send an MD5-Challenge EAP Response message.
|
||
|
*/
|
||
|
static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, const char *name, int namelen) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
int msglen;
|
||
|
|
||
|
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
|
||
|
namelen;
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_RESPONSE, outp);
|
||
|
PUTCHAR(id, outp);
|
||
|
pcb->eap.es_client.ea_id = id;
|
||
|
PUTSHORT(msglen, outp);
|
||
|
PUTCHAR(EAPT_MD5CHAP, outp);
|
||
|
PUTCHAR(MD5_SIGNATURE_SIZE, outp);
|
||
|
MEMCPY(outp, hash, MD5_SIGNATURE_SIZE);
|
||
|
INCPTR(MD5_SIGNATURE_SIZE, outp);
|
||
|
if (namelen > 0) {
|
||
|
MEMCPY(outp, name, namelen);
|
||
|
}
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
}
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
/*
|
||
|
* Format and send a SRP EAP Response message.
|
||
|
*/
|
||
|
static void
|
||
|
eap_srp_response(esp, id, subtypenum, str, lenstr)
|
||
|
eap_state *esp;
|
||
|
u_char id;
|
||
|
u_char subtypenum;
|
||
|
u_char *str;
|
||
|
int lenstr;
|
||
|
{
|
||
|
ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
int msglen;
|
||
|
|
||
|
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr;
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_RESPONSE, outp);
|
||
|
PUTCHAR(id, outp);
|
||
|
pcb->eap.es_client.ea_id = id;
|
||
|
PUTSHORT(msglen, outp);
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(subtypenum, outp);
|
||
|
if (lenstr > 0) {
|
||
|
MEMCPY(outp, str, lenstr);
|
||
|
}
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Format and send a SRP EAP Client Validator Response message.
|
||
|
*/
|
||
|
static void
|
||
|
eap_srpval_response(esp, id, flags, str)
|
||
|
eap_state *esp;
|
||
|
u_char id;
|
||
|
u32_t flags;
|
||
|
u_char *str;
|
||
|
{
|
||
|
ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
int msglen;
|
||
|
|
||
|
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u32_t) +
|
||
|
SHA_DIGESTSIZE;
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_RESPONSE, outp);
|
||
|
PUTCHAR(id, outp);
|
||
|
pcb->eap.es_client.ea_id = id;
|
||
|
PUTSHORT(msglen, outp);
|
||
|
PUTCHAR(EAPT_SRP, outp);
|
||
|
PUTCHAR(EAPSRP_CVALIDATOR, outp);
|
||
|
PUTLONG(flags, outp);
|
||
|
MEMCPY(outp, str, SHA_DIGESTSIZE);
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
static void eap_send_nak(ppp_pcb *pcb, u_char id, u_char type) {
|
||
|
struct pbuf *p;
|
||
|
u_char *outp;
|
||
|
int msglen;
|
||
|
|
||
|
msglen = EAP_HEADERLEN + 2 * sizeof (u_char);
|
||
|
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
|
||
|
if(NULL == p)
|
||
|
return;
|
||
|
if(p->tot_len != p->len) {
|
||
|
pbuf_free(p);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
outp = (u_char*)p->payload;
|
||
|
|
||
|
MAKEHEADER(outp, PPP_EAP);
|
||
|
|
||
|
PUTCHAR(EAP_RESPONSE, outp);
|
||
|
PUTCHAR(id, outp);
|
||
|
pcb->eap.es_client.ea_id = id;
|
||
|
PUTSHORT(msglen, outp);
|
||
|
PUTCHAR(EAPT_NAK, outp);
|
||
|
PUTCHAR(type, outp);
|
||
|
|
||
|
ppp_write(pcb, p);
|
||
|
}
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
static char *
|
||
|
name_of_pn_file()
|
||
|
{
|
||
|
char *user, *path, *file;
|
||
|
struct passwd *pw;
|
||
|
size_t pl;
|
||
|
static bool pnlogged = 0;
|
||
|
|
||
|
pw = getpwuid(getuid());
|
||
|
if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) {
|
||
|
errno = EINVAL;
|
||
|
return (NULL);
|
||
|
}
|
||
|
file = _PATH_PSEUDONYM;
|
||
|
pl = strlen(user) + strlen(file) + 2;
|
||
|
path = malloc(pl);
|
||
|
if (path == NULL)
|
||
|
return (NULL);
|
||
|
(void) slprintf(path, pl, "%s/%s", user, file);
|
||
|
if (!pnlogged) {
|
||
|
ppp_dbglog("pseudonym file: %s", path);
|
||
|
pnlogged = 1;
|
||
|
}
|
||
|
return (path);
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
open_pn_file(modebits)
|
||
|
mode_t modebits;
|
||
|
{
|
||
|
char *path;
|
||
|
int fd, err;
|
||
|
|
||
|
if ((path = name_of_pn_file()) == NULL)
|
||
|
return (-1);
|
||
|
fd = open(path, modebits, S_IRUSR | S_IWUSR);
|
||
|
err = errno;
|
||
|
free(path);
|
||
|
errno = err;
|
||
|
return (fd);
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
remove_pn_file()
|
||
|
{
|
||
|
char *path;
|
||
|
|
||
|
if ((path = name_of_pn_file()) != NULL) {
|
||
|
(void) unlink(path);
|
||
|
(void) free(path);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
write_pseudonym(esp, inp, len, id)
|
||
|
eap_state *esp;
|
||
|
u_char *inp;
|
||
|
int len, id;
|
||
|
{
|
||
|
u_char val;
|
||
|
u_char *datp, *digp;
|
||
|
SHA1_CTX ctxt;
|
||
|
u_char dig[SHA_DIGESTSIZE];
|
||
|
int dsize, fd, olen = len;
|
||
|
|
||
|
/*
|
||
|
* Do the decoding by working backwards. This eliminates the need
|
||
|
* to save the decoded output in a separate buffer.
|
||
|
*/
|
||
|
val = id;
|
||
|
while (len > 0) {
|
||
|
if ((dsize = len % SHA_DIGESTSIZE) == 0)
|
||
|
dsize = SHA_DIGESTSIZE;
|
||
|
len -= dsize;
|
||
|
datp = inp + len;
|
||
|
SHA1Init(&ctxt);
|
||
|
SHA1Update(&ctxt, &val, 1);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_client.ea_skey, SESSION_KEY_LEN);
|
||
|
if (len > 0) {
|
||
|
SHA1Update(&ctxt, datp, SHA_DIGESTSIZE);
|
||
|
} else {
|
||
|
SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
|
||
|
pcb->eap.es_client.ea_namelen);
|
||
|
}
|
||
|
SHA1Final(dig, &ctxt);
|
||
|
for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++)
|
||
|
*datp++ ^= *digp;
|
||
|
}
|
||
|
|
||
|
/* Now check that the result is sane */
|
||
|
if (olen <= 0 || *inp + 1 > olen) {
|
||
|
ppp_dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* Save it away */
|
||
|
fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC);
|
||
|
if (fd < 0) {
|
||
|
ppp_dbglog("EAP: error saving pseudonym: %m");
|
||
|
return;
|
||
|
}
|
||
|
len = write(fd, inp + 1, *inp);
|
||
|
if (close(fd) != -1 && len == *inp) {
|
||
|
ppp_dbglog("EAP: saved pseudonym");
|
||
|
pcb->eap.es_usedpseudo = 0;
|
||
|
} else {
|
||
|
ppp_dbglog("EAP: failed to save pseudonym");
|
||
|
remove_pn_file();
|
||
|
}
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
/*
|
||
|
* eap_request - Receive EAP Request message (client mode).
|
||
|
*/
|
||
|
static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) {
|
||
|
u_char typenum;
|
||
|
u_char vallen;
|
||
|
int secret_len;
|
||
|
char secret[MAXSECRETLEN];
|
||
|
char rhostname[MAXNAMELEN];
|
||
|
md5_context mdContext;
|
||
|
u_char hash[MD5_SIGNATURE_SIZE];
|
||
|
#ifdef USE_SRP
|
||
|
struct t_client *tc;
|
||
|
struct t_num sval, gval, Nval, *Ap, Bval;
|
||
|
u_char vals[2];
|
||
|
SHA1_CTX ctxt;
|
||
|
u_char dig[SHA_DIGESTSIZE];
|
||
|
int fd;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
/*
|
||
|
* Note: we update es_client.ea_id *only if* a Response
|
||
|
* message is being generated. Otherwise, we leave it the
|
||
|
* same for duplicate detection purposes.
|
||
|
*/
|
||
|
|
||
|
pcb->eap.es_client.ea_requests++;
|
||
|
if (pcb->settings.eap_allow_req != 0 &&
|
||
|
pcb->eap.es_client.ea_requests > pcb->settings.eap_allow_req) {
|
||
|
ppp_info("EAP: received too many Request messages");
|
||
|
if (pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, pcb);
|
||
|
}
|
||
|
auth_withpeer_fail(pcb, PPP_EAP);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if (len <= 0) {
|
||
|
ppp_error("EAP: empty Request message discarded");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
GETCHAR(typenum, inp);
|
||
|
len--;
|
||
|
|
||
|
switch (typenum) {
|
||
|
case EAPT_IDENTITY:
|
||
|
if (len > 0)
|
||
|
ppp_info("EAP: Identity prompt \"%.*q\"", len, inp);
|
||
|
#ifdef USE_SRP
|
||
|
if (pcb->eap.es_usepseudo &&
|
||
|
(pcb->eap.es_usedpseudo == 0 ||
|
||
|
(pcb->eap.es_usedpseudo == 1 &&
|
||
|
id == pcb->eap.es_client.ea_id))) {
|
||
|
pcb->eap.es_usedpseudo = 1;
|
||
|
/* Try to get a pseudonym */
|
||
|
if ((fd = open_pn_file(O_RDONLY)) >= 0) {
|
||
|
strcpy(rhostname, SRP_PSEUDO_ID);
|
||
|
len = read(fd, rhostname + SRP_PSEUDO_LEN,
|
||
|
sizeof (rhostname) - SRP_PSEUDO_LEN);
|
||
|
/* XXX NAI unsupported */
|
||
|
if (len > 0) {
|
||
|
eap_send_response(pcb, id, typenum,
|
||
|
rhostname, len + SRP_PSEUDO_LEN);
|
||
|
}
|
||
|
(void) close(fd);
|
||
|
if (len > 0)
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
/* Stop using pseudonym now. */
|
||
|
if (pcb->eap.es_usepseudo && pcb->eap.es_usedpseudo != 2) {
|
||
|
remove_pn_file();
|
||
|
pcb->eap.es_usedpseudo = 2;
|
||
|
}
|
||
|
#endif /* USE_SRP */
|
||
|
eap_send_response(pcb, id, typenum, (const u_char*)pcb->eap.es_client.ea_name,
|
||
|
pcb->eap.es_client.ea_namelen);
|
||
|
break;
|
||
|
|
||
|
case EAPT_NOTIFICATION:
|
||
|
if (len > 0)
|
||
|
ppp_info("EAP: Notification \"%.*q\"", len, inp);
|
||
|
eap_send_response(pcb, id, typenum, NULL, 0);
|
||
|
break;
|
||
|
|
||
|
case EAPT_NAK:
|
||
|
/*
|
||
|
* Avoid the temptation to send Response Nak in reply
|
||
|
* to Request Nak here. It can only lead to trouble.
|
||
|
*/
|
||
|
ppp_warn("EAP: unexpected Nak in Request; ignored");
|
||
|
/* Return because we're waiting for something real. */
|
||
|
return;
|
||
|
|
||
|
case EAPT_MD5CHAP:
|
||
|
if (len < 1) {
|
||
|
ppp_error("EAP: received MD5-Challenge with no data");
|
||
|
/* Bogus request; wait for something real. */
|
||
|
return;
|
||
|
}
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen < 8 || vallen > len) {
|
||
|
ppp_error("EAP: MD5-Challenge with bad length %d (8..%d)",
|
||
|
vallen, len);
|
||
|
/* Try something better. */
|
||
|
eap_send_nak(pcb, id, EAPT_SRP);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
/* Not so likely to happen. */
|
||
|
if (vallen >= len + sizeof (rhostname)) {
|
||
|
ppp_dbglog("EAP: trimming really long peer name down");
|
||
|
MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
|
||
|
rhostname[sizeof (rhostname) - 1] = '\0';
|
||
|
} else {
|
||
|
MEMCPY(rhostname, inp + vallen, len - vallen);
|
||
|
rhostname[len - vallen] = '\0';
|
||
|
}
|
||
|
|
||
|
#if PPP_REMOTENAME
|
||
|
/* In case the remote doesn't give us his name. */
|
||
|
if (pcb->settings.explicit_remote ||
|
||
|
(pcb->settings.remote_name[0] != '\0' && vallen == len))
|
||
|
strlcpy(rhostname, pcb->settings.remote_name, sizeof (rhostname));
|
||
|
#endif /* PPP_REMOTENAME */
|
||
|
|
||
|
/*
|
||
|
* Get the secret for authenticating ourselves with
|
||
|
* the specified host.
|
||
|
*/
|
||
|
if (!get_secret(pcb, pcb->eap.es_client.ea_name,
|
||
|
rhostname, secret, &secret_len, 0)) {
|
||
|
ppp_dbglog("EAP: no MD5 secret for auth to %q", rhostname);
|
||
|
eap_send_nak(pcb, id, EAPT_SRP);
|
||
|
break;
|
||
|
}
|
||
|
md5_starts(&mdContext);
|
||
|
typenum = id;
|
||
|
md5_update(&mdContext, &typenum, 1);
|
||
|
md5_update(&mdContext, (u_char *)secret, secret_len);
|
||
|
BZERO(secret, sizeof (secret));
|
||
|
md5_update(&mdContext, inp, vallen);
|
||
|
md5_finish(&mdContext, hash);
|
||
|
eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name,
|
||
|
pcb->eap.es_client.ea_namelen);
|
||
|
break;
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
case EAPT_SRP:
|
||
|
if (len < 1) {
|
||
|
ppp_error("EAP: received empty SRP Request");
|
||
|
/* Bogus request; wait for something real. */
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* Get subtype */
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
switch (vallen) {
|
||
|
case EAPSRP_CHALLENGE:
|
||
|
tc = NULL;
|
||
|
if (pcb->eap.es_client.ea_session != NULL) {
|
||
|
tc = (struct t_client *)pcb->eap.es_client.
|
||
|
ea_session;
|
||
|
/*
|
||
|
* If this is a new challenge, then start
|
||
|
* over with a new client session context.
|
||
|
* Otherwise, just resend last response.
|
||
|
*/
|
||
|
if (id != pcb->eap.es_client.ea_id) {
|
||
|
t_clientclose(tc);
|
||
|
pcb->eap.es_client.ea_session = NULL;
|
||
|
tc = NULL;
|
||
|
}
|
||
|
}
|
||
|
/* No session key just yet */
|
||
|
pcb->eap.es_client.ea_skey = NULL;
|
||
|
if (tc == NULL) {
|
||
|
int rhostnamelen;
|
||
|
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen >= len) {
|
||
|
ppp_error("EAP: badly-formed SRP Challenge"
|
||
|
" (name)");
|
||
|
/* Ignore badly-formed messages */
|
||
|
return;
|
||
|
}
|
||
|
MEMCPY(rhostname, inp, vallen);
|
||
|
rhostname[vallen] = '\0';
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
|
||
|
/*
|
||
|
* In case the remote doesn't give us his name,
|
||
|
* use configured name.
|
||
|
*/
|
||
|
if (explicit_remote ||
|
||
|
(remote_name[0] != '\0' && vallen == 0)) {
|
||
|
strlcpy(rhostname, remote_name,
|
||
|
sizeof (rhostname));
|
||
|
}
|
||
|
|
||
|
rhostnamelen = (int)strlen(rhostname);
|
||
|
if (rhostnamelen > MAXNAMELEN) {
|
||
|
rhostnamelen = MAXNAMELEN;
|
||
|
}
|
||
|
MEMCPY(pcb->eap.es_client.ea_peer, rhostname, rhostnamelen);
|
||
|
pcb->eap.es_client.ea_peer[rhostnamelen] = '\0';
|
||
|
pcb->eap.es_client.ea_peerlen = rhostnamelen;
|
||
|
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen >= len) {
|
||
|
ppp_error("EAP: badly-formed SRP Challenge"
|
||
|
" (s)");
|
||
|
/* Ignore badly-formed messages */
|
||
|
return;
|
||
|
}
|
||
|
sval.data = inp;
|
||
|
sval.len = vallen;
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen > len) {
|
||
|
ppp_error("EAP: badly-formed SRP Challenge"
|
||
|
" (g)");
|
||
|
/* Ignore badly-formed messages */
|
||
|
return;
|
||
|
}
|
||
|
/* If no generator present, then use value 2 */
|
||
|
if (vallen == 0) {
|
||
|
gval.data = (u_char *)"\002";
|
||
|
gval.len = 1;
|
||
|
} else {
|
||
|
gval.data = inp;
|
||
|
gval.len = vallen;
|
||
|
}
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
|
||
|
/*
|
||
|
* If no modulus present, then use well-known
|
||
|
* value.
|
||
|
*/
|
||
|
if (len == 0) {
|
||
|
Nval.data = (u_char *)wkmodulus;
|
||
|
Nval.len = sizeof (wkmodulus);
|
||
|
} else {
|
||
|
Nval.data = inp;
|
||
|
Nval.len = len;
|
||
|
}
|
||
|
tc = t_clientopen(pcb->eap.es_client.ea_name,
|
||
|
&Nval, &gval, &sval);
|
||
|
if (tc == NULL) {
|
||
|
eap_send_nak(pcb, id, EAPT_MD5CHAP);
|
||
|
break;
|
||
|
}
|
||
|
pcb->eap.es_client.ea_session = (void *)tc;
|
||
|
|
||
|
/* Add Challenge ID & type to verifier */
|
||
|
vals[0] = id;
|
||
|
vals[1] = EAPT_SRP;
|
||
|
t_clientaddexdata(tc, vals, 2);
|
||
|
}
|
||
|
Ap = t_clientgenexp(tc);
|
||
|
eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data,
|
||
|
Ap->len);
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_SKEY:
|
||
|
tc = (struct t_client *)pcb->eap.es_client.ea_session;
|
||
|
if (tc == NULL) {
|
||
|
ppp_warn("EAP: peer sent Subtype 2 without 1");
|
||
|
eap_send_nak(pcb, id, EAPT_MD5CHAP);
|
||
|
break;
|
||
|
}
|
||
|
if (pcb->eap.es_client.ea_skey != NULL) {
|
||
|
/*
|
||
|
* ID number should not change here. Warn
|
||
|
* if it does (but otherwise ignore).
|
||
|
*/
|
||
|
if (id != pcb->eap.es_client.ea_id) {
|
||
|
ppp_warn("EAP: ID changed from %d to %d "
|
||
|
"in SRP Subtype 2 rexmit",
|
||
|
pcb->eap.es_client.ea_id, id);
|
||
|
}
|
||
|
} else {
|
||
|
if (get_srp_secret(pcb->eap.es_unit,
|
||
|
pcb->eap.es_client.ea_name,
|
||
|
pcb->eap.es_client.ea_peer, secret, 0) == 0) {
|
||
|
/*
|
||
|
* Can't work with this peer because
|
||
|
* the secret is missing. Just give
|
||
|
* up.
|
||
|
*/
|
||
|
eap_send_nak(pcb, id, EAPT_MD5CHAP);
|
||
|
break;
|
||
|
}
|
||
|
Bval.data = inp;
|
||
|
Bval.len = len;
|
||
|
t_clientpasswd(tc, secret);
|
||
|
BZERO(secret, sizeof (secret));
|
||
|
pcb->eap.es_client.ea_skey =
|
||
|
t_clientgetkey(tc, &Bval);
|
||
|
if (pcb->eap.es_client.ea_skey == NULL) {
|
||
|
/* Server is rogue; stop now */
|
||
|
ppp_error("EAP: SRP server is rogue");
|
||
|
goto client_failure;
|
||
|
}
|
||
|
}
|
||
|
eap_srpval_response(esp, id, SRPVAL_EBIT,
|
||
|
t_clientresponse(tc));
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_SVALIDATOR:
|
||
|
tc = (struct t_client *)pcb->eap.es_client.ea_session;
|
||
|
if (tc == NULL || pcb->eap.es_client.ea_skey == NULL) {
|
||
|
ppp_warn("EAP: peer sent Subtype 3 without 1/2");
|
||
|
eap_send_nak(pcb, id, EAPT_MD5CHAP);
|
||
|
break;
|
||
|
}
|
||
|
/*
|
||
|
* If we're already open, then this ought to be a
|
||
|
* duplicate. Otherwise, check that the server is
|
||
|
* who we think it is.
|
||
|
*/
|
||
|
if (pcb->eap.es_client.ea_state == eapOpen) {
|
||
|
if (id != pcb->eap.es_client.ea_id) {
|
||
|
ppp_warn("EAP: ID changed from %d to %d "
|
||
|
"in SRP Subtype 3 rexmit",
|
||
|
pcb->eap.es_client.ea_id, id);
|
||
|
}
|
||
|
} else {
|
||
|
len -= sizeof (u32_t) + SHA_DIGESTSIZE;
|
||
|
if (len < 0 || t_clientverify(tc, inp +
|
||
|
sizeof (u32_t)) != 0) {
|
||
|
ppp_error("EAP: SRP server verification "
|
||
|
"failed");
|
||
|
goto client_failure;
|
||
|
}
|
||
|
GETLONG(pcb->eap.es_client.ea_keyflags, inp);
|
||
|
/* Save pseudonym if user wants it. */
|
||
|
if (len > 0 && pcb->eap.es_usepseudo) {
|
||
|
INCPTR(SHA_DIGESTSIZE, inp);
|
||
|
write_pseudonym(esp, inp, len, id);
|
||
|
}
|
||
|
}
|
||
|
/*
|
||
|
* We've verified our peer. We're now mostly done,
|
||
|
* except for waiting on the regular EAP Success
|
||
|
* message.
|
||
|
*/
|
||
|
eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0);
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_LWRECHALLENGE:
|
||
|
if (len < 4) {
|
||
|
ppp_warn("EAP: malformed Lightweight rechallenge");
|
||
|
return;
|
||
|
}
|
||
|
SHA1Init(&ctxt);
|
||
|
vals[0] = id;
|
||
|
SHA1Update(&ctxt, vals, 1);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_client.ea_skey,
|
||
|
SESSION_KEY_LEN);
|
||
|
SHA1Update(&ctxt, inp, len);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
|
||
|
pcb->eap.es_client.ea_namelen);
|
||
|
SHA1Final(dig, &ctxt);
|
||
|
eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
|
||
|
SHA_DIGESTSIZE);
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
ppp_error("EAP: unknown SRP Subtype %d", vallen);
|
||
|
eap_send_nak(pcb, id, EAPT_MD5CHAP);
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
default:
|
||
|
ppp_info("EAP: unknown authentication type %d; Naking", typenum);
|
||
|
eap_send_nak(pcb, id, EAPT_SRP);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if (pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, pcb);
|
||
|
TIMEOUT(eap_client_timeout, pcb,
|
||
|
pcb->settings.eap_req_time);
|
||
|
}
|
||
|
return;
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
client_failure:
|
||
|
pcb->eap.es_client.ea_state = eapBadAuth;
|
||
|
if (pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, (void *)esp);
|
||
|
}
|
||
|
pcb->eap.es_client.ea_session = NULL;
|
||
|
t_clientclose(tc);
|
||
|
auth_withpeer_fail(pcb, PPP_EAP);
|
||
|
#endif /* USE_SRP */
|
||
|
}
|
||
|
|
||
|
#if PPP_SERVER
|
||
|
/*
|
||
|
* eap_response - Receive EAP Response message (server mode).
|
||
|
*/
|
||
|
static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) {
|
||
|
u_char typenum;
|
||
|
u_char vallen;
|
||
|
int secret_len;
|
||
|
char secret[MAXSECRETLEN];
|
||
|
char rhostname[MAXNAMELEN];
|
||
|
md5_context mdContext;
|
||
|
u_char hash[MD5_SIGNATURE_SIZE];
|
||
|
#ifdef USE_SRP
|
||
|
struct t_server *ts;
|
||
|
struct t_num A;
|
||
|
SHA1_CTX ctxt;
|
||
|
u_char dig[SHA_DIGESTSIZE];
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
if (pcb->eap.es_server.ea_id != id) {
|
||
|
ppp_dbglog("EAP: discarding Response %d; expected ID %d", id,
|
||
|
pcb->eap.es_server.ea_id);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
pcb->eap.es_server.ea_responses++;
|
||
|
|
||
|
if (len <= 0) {
|
||
|
ppp_error("EAP: empty Response message discarded");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
GETCHAR(typenum, inp);
|
||
|
len--;
|
||
|
|
||
|
switch (typenum) {
|
||
|
case EAPT_IDENTITY:
|
||
|
if (pcb->eap.es_server.ea_state != eapIdentify) {
|
||
|
ppp_dbglog("EAP discarding unwanted Identify \"%.q\"", len,
|
||
|
inp);
|
||
|
break;
|
||
|
}
|
||
|
ppp_info("EAP: unauthenticated peer name \"%.*q\"", len, inp);
|
||
|
if (len > MAXNAMELEN) {
|
||
|
len = MAXNAMELEN;
|
||
|
}
|
||
|
MEMCPY(pcb->eap.es_server.ea_peer, inp, len);
|
||
|
pcb->eap.es_server.ea_peer[len] = '\0';
|
||
|
pcb->eap.es_server.ea_peerlen = len;
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
break;
|
||
|
|
||
|
case EAPT_NOTIFICATION:
|
||
|
ppp_dbglog("EAP unexpected Notification; response discarded");
|
||
|
break;
|
||
|
|
||
|
case EAPT_NAK:
|
||
|
if (len < 1) {
|
||
|
ppp_info("EAP: Nak Response with no suggested protocol");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
|
||
|
if (
|
||
|
#if PPP_REMOTENAME
|
||
|
!pcb->explicit_remote &&
|
||
|
#endif /* PPP_REMOTENAME */
|
||
|
pcb->eap.es_server.ea_state == eapIdentify){
|
||
|
/* Peer cannot Nak Identify Request */
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
switch (vallen) {
|
||
|
case EAPT_SRP:
|
||
|
/* Run through SRP validator selection again. */
|
||
|
pcb->eap.es_server.ea_state = eapIdentify;
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
break;
|
||
|
|
||
|
case EAPT_MD5CHAP:
|
||
|
pcb->eap.es_server.ea_state = eapMD5Chall;
|
||
|
break;
|
||
|
|
||
|
default:
|
||
|
ppp_dbglog("EAP: peer requesting unknown Type %d", vallen);
|
||
|
switch (pcb->eap.es_server.ea_state) {
|
||
|
case eapSRP1:
|
||
|
case eapSRP2:
|
||
|
case eapSRP3:
|
||
|
pcb->eap.es_server.ea_state = eapMD5Chall;
|
||
|
break;
|
||
|
case eapMD5Chall:
|
||
|
case eapSRP4:
|
||
|
pcb->eap.es_server.ea_state = eapIdentify;
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPT_MD5CHAP:
|
||
|
if (pcb->eap.es_server.ea_state != eapMD5Chall) {
|
||
|
ppp_error("EAP: unexpected MD5-Response");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
if (len < 1) {
|
||
|
ppp_error("EAP: received MD5-Response with no data");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen != 16 || vallen > len) {
|
||
|
ppp_error("EAP: MD5-Response with bad length %d", vallen);
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
/* Not so likely to happen. */
|
||
|
if (vallen >= len + sizeof (rhostname)) {
|
||
|
ppp_dbglog("EAP: trimming really long peer name down");
|
||
|
MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
|
||
|
rhostname[sizeof (rhostname) - 1] = '\0';
|
||
|
} else {
|
||
|
MEMCPY(rhostname, inp + vallen, len - vallen);
|
||
|
rhostname[len - vallen] = '\0';
|
||
|
}
|
||
|
|
||
|
#if PPP_REMOTENAME
|
||
|
/* In case the remote doesn't give us his name. */
|
||
|
if (explicit_remote ||
|
||
|
(remote_name[0] != '\0' && vallen == len))
|
||
|
strlcpy(rhostname, remote_name, sizeof (rhostname));
|
||
|
#endif /* PPP_REMOTENAME */
|
||
|
|
||
|
/*
|
||
|
* Get the secret for authenticating the specified
|
||
|
* host.
|
||
|
*/
|
||
|
if (!get_secret(pcb, rhostname,
|
||
|
pcb->eap.es_server.ea_name, secret, &secret_len, 1)) {
|
||
|
ppp_dbglog("EAP: no MD5 secret for auth of %q", rhostname);
|
||
|
eap_send_failure(pcb);
|
||
|
break;
|
||
|
}
|
||
|
md5_starts(&mdContext);
|
||
|
md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1);
|
||
|
md5_update(&mdContext, (u_char *)secret, secret_len);
|
||
|
BZERO(secret, sizeof (secret));
|
||
|
md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
md5_finish(&mdContext, hash);
|
||
|
if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
|
||
|
eap_send_failure(pcb);
|
||
|
break;
|
||
|
}
|
||
|
pcb->eap.es_server.ea_type = EAPT_MD5CHAP;
|
||
|
eap_send_success(pcb);
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
if (pcb->eap.es_rechallenge != 0)
|
||
|
TIMEOUT(eap_rechallenge, pcb, pcb->eap.es_rechallenge);
|
||
|
break;
|
||
|
|
||
|
#ifdef USE_SRP
|
||
|
case EAPT_SRP:
|
||
|
if (len < 1) {
|
||
|
ppp_error("EAP: empty SRP Response");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
GETCHAR(typenum, inp);
|
||
|
len--;
|
||
|
switch (typenum) {
|
||
|
case EAPSRP_CKEY:
|
||
|
if (pcb->eap.es_server.ea_state != eapSRP1) {
|
||
|
ppp_error("EAP: unexpected SRP Subtype 1 Response");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
A.data = inp;
|
||
|
A.len = len;
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
assert(ts != NULL);
|
||
|
pcb->eap.es_server.ea_skey = t_servergetkey(ts, &A);
|
||
|
if (pcb->eap.es_server.ea_skey == NULL) {
|
||
|
/* Client's A value is bogus; terminate now */
|
||
|
ppp_error("EAP: bogus A value from client");
|
||
|
eap_send_failure(pcb);
|
||
|
} else {
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_CVALIDATOR:
|
||
|
if (pcb->eap.es_server.ea_state != eapSRP2) {
|
||
|
ppp_error("EAP: unexpected SRP Subtype 2 Response");
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
if (len < sizeof (u32_t) + SHA_DIGESTSIZE) {
|
||
|
ppp_error("EAP: M1 length %d < %d", len,
|
||
|
sizeof (u32_t) + SHA_DIGESTSIZE);
|
||
|
eap_figure_next_state(pcb, 1);
|
||
|
break;
|
||
|
}
|
||
|
GETLONG(pcb->eap.es_server.ea_keyflags, inp);
|
||
|
ts = (struct t_server *)pcb->eap.es_server.ea_session;
|
||
|
assert(ts != NULL);
|
||
|
if (t_serververify(ts, inp)) {
|
||
|
ppp_info("EAP: unable to validate client identity");
|
||
|
eap_send_failure(pcb);
|
||
|
break;
|
||
|
}
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_ACK:
|
||
|
if (pcb->eap.es_server.ea_state != eapSRP3) {
|
||
|
ppp_error("EAP: unexpected SRP Subtype 3 Response");
|
||
|
eap_send_failure(esp);
|
||
|
break;
|
||
|
}
|
||
|
pcb->eap.es_server.ea_type = EAPT_SRP;
|
||
|
eap_send_success(pcb, esp);
|
||
|
eap_figure_next_state(pcb, 0);
|
||
|
if (pcb->eap.es_rechallenge != 0)
|
||
|
TIMEOUT(eap_rechallenge, pcb,
|
||
|
pcb->eap.es_rechallenge);
|
||
|
if (pcb->eap.es_lwrechallenge != 0)
|
||
|
TIMEOUT(srp_lwrechallenge, pcb,
|
||
|
pcb->eap.es_lwrechallenge);
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_LWRECHALLENGE:
|
||
|
if (pcb->eap.es_server.ea_state != eapSRP4) {
|
||
|
ppp_info("EAP: unexpected SRP Subtype 4 Response");
|
||
|
return;
|
||
|
}
|
||
|
if (len != SHA_DIGESTSIZE) {
|
||
|
ppp_error("EAP: bad Lightweight rechallenge "
|
||
|
"response");
|
||
|
return;
|
||
|
}
|
||
|
SHA1Init(&ctxt);
|
||
|
vallen = id;
|
||
|
SHA1Update(&ctxt, &vallen, 1);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
|
||
|
SESSION_KEY_LEN);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_challenge, pcb->eap.es_challen);
|
||
|
SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
|
||
|
pcb->eap.es_server.ea_peerlen);
|
||
|
SHA1Final(dig, &ctxt);
|
||
|
if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) {
|
||
|
ppp_error("EAP: failed Lightweight rechallenge");
|
||
|
eap_send_failure(pcb);
|
||
|
break;
|
||
|
}
|
||
|
pcb->eap.es_server.ea_state = eapOpen;
|
||
|
if (pcb->eap.es_lwrechallenge != 0)
|
||
|
TIMEOUT(srp_lwrechallenge, esp,
|
||
|
pcb->eap.es_lwrechallenge);
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
#endif /* USE_SRP */
|
||
|
|
||
|
default:
|
||
|
/* This can't happen. */
|
||
|
ppp_error("EAP: unknown Response type %d; ignored", typenum);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if (pcb->settings.eap_timeout_time > 0) {
|
||
|
UNTIMEOUT(eap_server_timeout, pcb);
|
||
|
}
|
||
|
|
||
|
if (pcb->eap.es_server.ea_state != eapBadAuth &&
|
||
|
pcb->eap.es_server.ea_state != eapOpen) {
|
||
|
pcb->eap.es_server.ea_id++;
|
||
|
eap_send_request(pcb);
|
||
|
}
|
||
|
}
|
||
|
#endif /* PPP_SERVER */
|
||
|
|
||
|
/*
|
||
|
* eap_success - Receive EAP Success message (client mode).
|
||
|
*/
|
||
|
static void eap_success(ppp_pcb *pcb, u_char *inp, int id, int len) {
|
||
|
LWIP_UNUSED_ARG(id);
|
||
|
|
||
|
if (pcb->eap.es_client.ea_state != eapOpen && !eap_client_active(pcb)) {
|
||
|
ppp_dbglog("EAP unexpected success message in state %s (%d)",
|
||
|
eap_state_name(pcb->eap.es_client.ea_state),
|
||
|
pcb->eap.es_client.ea_state);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if (pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, pcb);
|
||
|
}
|
||
|
|
||
|
if (len > 0) {
|
||
|
/* This is odd. The spec doesn't allow for this. */
|
||
|
PRINTMSG(inp, len);
|
||
|
}
|
||
|
|
||
|
pcb->eap.es_client.ea_state = eapOpen;
|
||
|
auth_withpeer_success(pcb, PPP_EAP, 0);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_failure - Receive EAP Failure message (client mode).
|
||
|
*/
|
||
|
static void eap_failure(ppp_pcb *pcb, u_char *inp, int id, int len) {
|
||
|
LWIP_UNUSED_ARG(id);
|
||
|
|
||
|
if (!eap_client_active(pcb)) {
|
||
|
ppp_dbglog("EAP unexpected failure message in state %s (%d)",
|
||
|
eap_state_name(pcb->eap.es_client.ea_state),
|
||
|
pcb->eap.es_client.ea_state);
|
||
|
}
|
||
|
|
||
|
if (pcb->settings.eap_req_time > 0) {
|
||
|
UNTIMEOUT(eap_client_timeout, pcb);
|
||
|
}
|
||
|
|
||
|
if (len > 0) {
|
||
|
/* This is odd. The spec doesn't allow for this. */
|
||
|
PRINTMSG(inp, len);
|
||
|
}
|
||
|
|
||
|
pcb->eap.es_client.ea_state = eapBadAuth;
|
||
|
|
||
|
ppp_error("EAP: peer reports authentication failure");
|
||
|
auth_withpeer_fail(pcb, PPP_EAP);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* eap_input - Handle received EAP message.
|
||
|
*/
|
||
|
static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen) {
|
||
|
u_char code, id;
|
||
|
int len;
|
||
|
|
||
|
/*
|
||
|
* Parse header (code, id and length). If packet too short,
|
||
|
* drop it.
|
||
|
*/
|
||
|
if (inlen < EAP_HEADERLEN) {
|
||
|
ppp_error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN);
|
||
|
return;
|
||
|
}
|
||
|
GETCHAR(code, inp);
|
||
|
GETCHAR(id, inp);
|
||
|
GETSHORT(len, inp);
|
||
|
if (len < EAP_HEADERLEN || len > inlen) {
|
||
|
ppp_error("EAP: packet has illegal length field %d (%d..%d)", len,
|
||
|
EAP_HEADERLEN, inlen);
|
||
|
return;
|
||
|
}
|
||
|
len -= EAP_HEADERLEN;
|
||
|
|
||
|
/* Dispatch based on message code */
|
||
|
switch (code) {
|
||
|
case EAP_REQUEST:
|
||
|
eap_request(pcb, inp, id, len);
|
||
|
break;
|
||
|
|
||
|
#if PPP_SERVER
|
||
|
case EAP_RESPONSE:
|
||
|
eap_response(pcb, inp, id, len);
|
||
|
break;
|
||
|
#endif /* PPP_SERVER */
|
||
|
|
||
|
case EAP_SUCCESS:
|
||
|
eap_success(pcb, inp, id, len);
|
||
|
break;
|
||
|
|
||
|
case EAP_FAILURE:
|
||
|
eap_failure(pcb, inp, id, len);
|
||
|
break;
|
||
|
|
||
|
default: /* XXX Need code reject */
|
||
|
/* Note: it's not legal to send EAP Nak here. */
|
||
|
ppp_warn("EAP: unknown code %d received", code);
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#if PRINTPKT_SUPPORT
|
||
|
/*
|
||
|
* eap_printpkt - print the contents of an EAP packet.
|
||
|
*/
|
||
|
static const char* const eap_codenames[] = {
|
||
|
"Request", "Response", "Success", "Failure"
|
||
|
};
|
||
|
|
||
|
static const char* const eap_typenames[] = {
|
||
|
"Identity", "Notification", "Nak", "MD5-Challenge",
|
||
|
"OTP", "Generic-Token", NULL, NULL,
|
||
|
"RSA", "DSS", "KEA", "KEA-Validate",
|
||
|
"TLS", "Defender", "Windows 2000", "Arcot",
|
||
|
"Cisco", "Nokia", "SRP"
|
||
|
};
|
||
|
|
||
|
static int eap_printpkt(const u_char *inp, int inlen, void (*printer) (void *, const char *, ...), void *arg) {
|
||
|
int code, id, len, rtype, vallen;
|
||
|
const u_char *pstart;
|
||
|
u32_t uval;
|
||
|
|
||
|
if (inlen < EAP_HEADERLEN)
|
||
|
return (0);
|
||
|
pstart = inp;
|
||
|
GETCHAR(code, inp);
|
||
|
GETCHAR(id, inp);
|
||
|
GETSHORT(len, inp);
|
||
|
if (len < EAP_HEADERLEN || len > inlen)
|
||
|
return (0);
|
||
|
|
||
|
if (code >= 1 && code <= (int)sizeof(eap_codenames) / (int)sizeof(char *))
|
||
|
printer(arg, " %s", eap_codenames[code-1]);
|
||
|
else
|
||
|
printer(arg, " code=0x%x", code);
|
||
|
printer(arg, " id=0x%x", id);
|
||
|
len -= EAP_HEADERLEN;
|
||
|
switch (code) {
|
||
|
case EAP_REQUEST:
|
||
|
if (len < 1) {
|
||
|
printer(arg, " <missing type>");
|
||
|
break;
|
||
|
}
|
||
|
GETCHAR(rtype, inp);
|
||
|
len--;
|
||
|
if (rtype >= 1 &&
|
||
|
rtype <= (int)sizeof (eap_typenames) / (int)sizeof (char *))
|
||
|
printer(arg, " %s", eap_typenames[rtype-1]);
|
||
|
else
|
||
|
printer(arg, " type=0x%x", rtype);
|
||
|
switch (rtype) {
|
||
|
case EAPT_IDENTITY:
|
||
|
case EAPT_NOTIFICATION:
|
||
|
if (len > 0) {
|
||
|
printer(arg, " <Message ");
|
||
|
ppp_print_string(inp, len, printer, arg);
|
||
|
printer(arg, ">");
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
} else {
|
||
|
printer(arg, " <No message>");
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPT_MD5CHAP:
|
||
|
if (len <= 0)
|
||
|
break;
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen > len)
|
||
|
goto truncated;
|
||
|
printer(arg, " <Value%.*B>", vallen, inp);
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
if (len > 0) {
|
||
|
printer(arg, " <Name ");
|
||
|
ppp_print_string(inp, len, printer, arg);
|
||
|
printer(arg, ">");
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
} else {
|
||
|
printer(arg, " <No name>");
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPT_SRP:
|
||
|
if (len < 3)
|
||
|
goto truncated;
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
printer(arg, "-%d", vallen);
|
||
|
switch (vallen) {
|
||
|
case EAPSRP_CHALLENGE:
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen >= len)
|
||
|
goto truncated;
|
||
|
if (vallen > 0) {
|
||
|
printer(arg, " <Name ");
|
||
|
ppp_print_string(inp, vallen, printer,
|
||
|
arg);
|
||
|
printer(arg, ">");
|
||
|
} else {
|
||
|
printer(arg, " <No name>");
|
||
|
}
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen >= len)
|
||
|
goto truncated;
|
||
|
printer(arg, " <s%.*B>", vallen, inp);
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen > len)
|
||
|
goto truncated;
|
||
|
if (vallen == 0) {
|
||
|
printer(arg, " <Default g=2>");
|
||
|
} else {
|
||
|
printer(arg, " <g%.*B>", vallen, inp);
|
||
|
}
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
if (len == 0) {
|
||
|
printer(arg, " <Default N>");
|
||
|
} else {
|
||
|
printer(arg, " <N%.*B>", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_SKEY:
|
||
|
printer(arg, " <B%.*B>", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_SVALIDATOR:
|
||
|
if (len < (int)sizeof (u32_t))
|
||
|
break;
|
||
|
GETLONG(uval, inp);
|
||
|
len -= sizeof (u32_t);
|
||
|
if (uval & SRPVAL_EBIT) {
|
||
|
printer(arg, " E");
|
||
|
uval &= ~SRPVAL_EBIT;
|
||
|
}
|
||
|
if (uval != 0) {
|
||
|
printer(arg, " f<%X>", uval);
|
||
|
}
|
||
|
if ((vallen = len) > SHA_DIGESTSIZE)
|
||
|
vallen = SHA_DIGESTSIZE;
|
||
|
printer(arg, " <M2%.*B%s>", len, inp,
|
||
|
len < SHA_DIGESTSIZE ? "?" : "");
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
if (len > 0) {
|
||
|
printer(arg, " <PN%.*B>", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_LWRECHALLENGE:
|
||
|
printer(arg, " <Challenge%.*B>", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAP_RESPONSE:
|
||
|
if (len < 1)
|
||
|
break;
|
||
|
GETCHAR(rtype, inp);
|
||
|
len--;
|
||
|
if (rtype >= 1 &&
|
||
|
rtype <= (int)sizeof (eap_typenames) / (int)sizeof (char *))
|
||
|
printer(arg, " %s", eap_typenames[rtype-1]);
|
||
|
else
|
||
|
printer(arg, " type=0x%x", rtype);
|
||
|
switch (rtype) {
|
||
|
case EAPT_IDENTITY:
|
||
|
if (len > 0) {
|
||
|
printer(arg, " <Name ");
|
||
|
ppp_print_string(inp, len, printer, arg);
|
||
|
printer(arg, ">");
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPT_NAK:
|
||
|
if (len <= 0) {
|
||
|
printer(arg, " <missing hint>");
|
||
|
break;
|
||
|
}
|
||
|
GETCHAR(rtype, inp);
|
||
|
len--;
|
||
|
printer(arg, " <Suggested-type %02X", rtype);
|
||
|
if (rtype >= 1 &&
|
||
|
rtype < (int)sizeof (eap_typenames) / (int)sizeof (char *))
|
||
|
printer(arg, " (%s)", eap_typenames[rtype-1]);
|
||
|
printer(arg, ">");
|
||
|
break;
|
||
|
|
||
|
case EAPT_MD5CHAP:
|
||
|
if (len <= 0) {
|
||
|
printer(arg, " <missing length>");
|
||
|
break;
|
||
|
}
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
if (vallen > len)
|
||
|
goto truncated;
|
||
|
printer(arg, " <Value%.*B>", vallen, inp);
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
if (len > 0) {
|
||
|
printer(arg, " <Name ");
|
||
|
ppp_print_string(inp, len, printer, arg);
|
||
|
printer(arg, ">");
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
} else {
|
||
|
printer(arg, " <No name>");
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAPT_SRP:
|
||
|
if (len < 1)
|
||
|
goto truncated;
|
||
|
GETCHAR(vallen, inp);
|
||
|
len--;
|
||
|
printer(arg, "-%d", vallen);
|
||
|
switch (vallen) {
|
||
|
case EAPSRP_CKEY:
|
||
|
printer(arg, " <A%.*B>", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_CVALIDATOR:
|
||
|
if (len < (int)sizeof (u32_t))
|
||
|
break;
|
||
|
GETLONG(uval, inp);
|
||
|
len -= sizeof (u32_t);
|
||
|
if (uval & SRPVAL_EBIT) {
|
||
|
printer(arg, " E");
|
||
|
uval &= ~SRPVAL_EBIT;
|
||
|
}
|
||
|
if (uval != 0) {
|
||
|
printer(arg, " f<%X>", uval);
|
||
|
}
|
||
|
printer(arg, " <M1%.*B%s>", len, inp,
|
||
|
len == SHA_DIGESTSIZE ? "" : "?");
|
||
|
INCPTR(len, inp);
|
||
|
len = 0;
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_ACK:
|
||
|
break;
|
||
|
|
||
|
case EAPSRP_LWRECHALLENGE:
|
||
|
printer(arg, " <Response%.*B%s>", len, inp,
|
||
|
len == SHA_DIGESTSIZE ? "" : "?");
|
||
|
if ((vallen = len) > SHA_DIGESTSIZE)
|
||
|
vallen = SHA_DIGESTSIZE;
|
||
|
INCPTR(vallen, inp);
|
||
|
len -= vallen;
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
case EAP_SUCCESS: /* No payload expected for these! */
|
||
|
case EAP_FAILURE:
|
||
|
default:
|
||
|
break;
|
||
|
|
||
|
truncated:
|
||
|
printer(arg, " <truncated>");
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if (len > 8)
|
||
|
printer(arg, "%8B...", inp);
|
||
|
else if (len > 0)
|
||
|
printer(arg, "%.*B", len, inp);
|
||
|
INCPTR(len, inp);
|
||
|
|
||
|
return (inp - pstart);
|
||
|
}
|
||
|
#endif /* PRINTPKT_SUPPORT */
|
||
|
|
||
|
#endif /* PPP_SUPPORT && EAP_SUPPORT */
|