eap.c revision 1.1.1.4
1 1.1 christos /* 2 1.1 christos * eap.c - Extensible Authentication Protocol for PPP (RFC 2284) 3 1.1 christos * 4 1.1 christos * Copyright (c) 2001 by Sun Microsystems, Inc. 5 1.1 christos * All rights reserved. 6 1.1 christos * 7 1.1 christos * Non-exclusive rights to redistribute, modify, translate, and use 8 1.1 christos * this software in source and binary forms, in whole or in part, is 9 1.1 christos * hereby granted, provided that the above copyright notice is 10 1.1 christos * duplicated in any source form, and that neither the name of the 11 1.1 christos * copyright holder nor the author is used to endorse or promote 12 1.1 christos * products derived from this software. 13 1.1 christos * 14 1.1 christos * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 15 1.1 christos * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 16 1.1 christos * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 17 1.1 christos * 18 1.1 christos * Original version by James Carlson 19 1.1 christos * 20 1.1 christos * This implementation of EAP supports MD5-Challenge and SRP-SHA1 21 1.1 christos * authentication styles. Note that support of MD5-Challenge is a 22 1.1 christos * requirement of RFC 2284, and that it's essentially just a 23 1.1 christos * reimplementation of regular RFC 1994 CHAP using EAP messages. 24 1.1 christos * 25 1.1 christos * As an authenticator ("server"), there are multiple phases for each 26 1.1 christos * style. In the first phase of each style, the unauthenticated peer 27 1.1 christos * name is queried using the EAP Identity request type. If the 28 1.1 christos * "remotename" option is used, then this phase is skipped, because 29 1.1 christos * the peer's name is presumed to be known. 30 1.1 christos * 31 1.1 christos * For MD5-Challenge, there are two phases, and the second phase 32 1.1 christos * consists of sending the challenge itself and handling the 33 1.1 christos * associated response. 34 1.1 christos * 35 1.1 christos * For SRP-SHA1, there are four phases. The second sends 's', 'N', 36 1.1 christos * and 'g'. The reply contains 'A'. The third sends 'B', and the 37 1.1 christos * reply contains 'M1'. The forth sends the 'M2' value. 38 1.1 christos * 39 1.1 christos * As an authenticatee ("client"), there's just a single phase -- 40 1.1 christos * responding to the queries generated by the peer. EAP is an 41 1.1 christos * authenticator-driven protocol. 42 1.1 christos * 43 1.1 christos * Based on draft-ietf-pppext-eap-srp-03.txt. 44 1.1 christos */ 45 1.1 christos 46 1.1 christos /* 47 1.1.1.4 christos * Modification by Beniamino Galvani, Mar 2005 48 1.1.1.4 christos * Implemented EAP-TLS authentication 49 1.1 christos */ 50 1.1 christos 51 1.1 christos #include <stdio.h> 52 1.1 christos #include <stdlib.h> 53 1.1 christos #include <string.h> 54 1.1 christos #include <unistd.h> 55 1.1 christos #include <pwd.h> 56 1.1 christos #include <sys/types.h> 57 1.1 christos #include <sys/stat.h> 58 1.1 christos #include <fcntl.h> 59 1.1 christos #include <assert.h> 60 1.1 christos #include <errno.h> 61 1.1 christos 62 1.1 christos #include "pppd.h" 63 1.1 christos #include "pathnames.h" 64 1.1 christos #include "md5.h" 65 1.1 christos #include "eap.h" 66 1.1 christos 67 1.1.1.4 christos #ifdef CHAPMS 68 1.1.1.4 christos #include "chap_ms.h" 69 1.1.1.4 christos #endif 70 1.1.1.4 christos 71 1.1 christos #ifdef USE_SRP 72 1.1 christos #include <t_pwd.h> 73 1.1 christos #include <t_server.h> 74 1.1 christos #include <t_client.h> 75 1.1 christos #include "pppcrypt.h" 76 1.1 christos #endif /* USE_SRP */ 77 1.1 christos 78 1.1 christos #ifndef SHA_DIGESTSIZE 79 1.1 christos #define SHA_DIGESTSIZE 20 80 1.1 christos #endif 81 1.1 christos 82 1.1.1.4 christos #ifdef USE_EAPTLS 83 1.1.1.4 christos #include "eap-tls.h" 84 1.1.1.4 christos #endif /* USE_EAPTLS */ 85 1.1.1.4 christos #ifdef CHAPMS 86 1.1.1.4 christos #include "magic.h" 87 1.1.1.4 christos #include "chap_ms.h" 88 1.1.1.4 christos #include "chap-new.h" 89 1.1.1.4 christos #endif /* CHAPMS */ 90 1.1 christos 91 1.1 christos eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */ 92 1.1 christos #ifdef USE_SRP 93 1.1 christos static char *pn_secret = NULL; /* Pseudonym generating secret */ 94 1.1 christos #endif 95 1.1 christos 96 1.1 christos /* 97 1.1 christos * Command-line options. 98 1.1 christos */ 99 1.1 christos static option_t eap_option_list[] = { 100 1.1 christos { "eap-restart", o_int, &eap_states[0].es_server.ea_timeout, 101 1.1 christos "Set retransmit timeout for EAP Requests (server)" }, 102 1.1 christos { "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests, 103 1.1 christos "Set max number of EAP Requests sent (server)" }, 104 1.1 christos { "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout, 105 1.1 christos "Set time limit for peer EAP authentication" }, 106 1.1 christos { "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests, 107 1.1 christos "Set max number of EAP Requests allows (client)" }, 108 1.1 christos { "eap-interval", o_int, &eap_states[0].es_rechallenge, 109 1.1 christos "Set interval for EAP rechallenge" }, 110 1.1 christos #ifdef USE_SRP 111 1.1 christos { "srp-interval", o_int, &eap_states[0].es_lwrechallenge, 112 1.1 christos "Set interval for SRP lightweight rechallenge" }, 113 1.1 christos { "srp-pn-secret", o_string, &pn_secret, 114 1.1 christos "Long term pseudonym generation secret" }, 115 1.1 christos { "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo, 116 1.1 christos "Use pseudonym if offered one by server", 1 }, 117 1.1 christos #endif 118 1.1 christos { NULL } 119 1.1 christos }; 120 1.1 christos 121 1.1 christos /* 122 1.1 christos * Protocol entry points. 123 1.1 christos */ 124 1.1.1.4 christos static void eap_init (int unit); 125 1.1.1.4 christos static void eap_input (int unit, u_char *inp, int inlen); 126 1.1.1.4 christos static void eap_protrej (int unit); 127 1.1.1.4 christos static void eap_lowerup (int unit); 128 1.1.1.4 christos static void eap_lowerdown (int unit); 129 1.1.1.4 christos static int eap_printpkt (u_char *inp, int inlen, 130 1.1.1.4 christos void (*)(void *arg, char *fmt, ...), void *arg); 131 1.1 christos 132 1.1 christos struct protent eap_protent = { 133 1.1 christos PPP_EAP, /* protocol number */ 134 1.1 christos eap_init, /* initialization procedure */ 135 1.1 christos eap_input, /* process a received packet */ 136 1.1 christos eap_protrej, /* process a received protocol-reject */ 137 1.1 christos eap_lowerup, /* lower layer has gone up */ 138 1.1 christos eap_lowerdown, /* lower layer has gone down */ 139 1.1 christos NULL, /* open the protocol */ 140 1.1 christos NULL, /* close the protocol */ 141 1.1 christos eap_printpkt, /* print a packet in readable form */ 142 1.1 christos NULL, /* process a received data packet */ 143 1.1 christos 1, /* protocol enabled */ 144 1.1 christos "EAP", /* text name of protocol */ 145 1.1 christos NULL, /* text name of corresponding data protocol */ 146 1.1 christos eap_option_list, /* list of command-line options */ 147 1.1 christos NULL, /* check requested options; assign defaults */ 148 1.1 christos NULL, /* configure interface for demand-dial */ 149 1.1 christos NULL /* say whether to bring up link for this pkt */ 150 1.1 christos }; 151 1.1 christos 152 1.1.1.4 christos #ifdef USE_SRP 153 1.1 christos /* 154 1.1 christos * A well-known 2048 bit modulus. 155 1.1 christos */ 156 1.1 christos static const u_char wkmodulus[] = { 157 1.1 christos 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 158 1.1 christos 0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 159 1.1 christos 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 160 1.1 christos 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, 161 1.1 christos 0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED, 162 1.1 christos 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, 163 1.1 christos 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, 164 1.1 christos 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50, 165 1.1 christos 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, 166 1.1 christos 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 167 1.1 christos 0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 168 1.1 christos 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 169 1.1 christos 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, 170 1.1 christos 0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74, 171 1.1 christos 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, 172 1.1 christos 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, 173 1.1 christos 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16, 174 1.1 christos 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, 175 1.1 christos 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 176 1.1 christos 0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 177 1.1 christos 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 178 1.1 christos 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, 179 1.1 christos 0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78, 180 1.1 christos 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, 181 1.1 christos 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, 182 1.1 christos 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8, 183 1.1 christos 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, 184 1.1 christos 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 185 1.1 christos 0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 186 1.1 christos 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 187 1.1 christos 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 188 1.1 christos 0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73 189 1.1 christos }; 190 1.1.1.4 christos #endif /* USE_SRP */ 191 1.1 christos 192 1.1 christos /* Local forward declarations. */ 193 1.1.1.4 christos static void eap_server_timeout (void *arg); 194 1.1 christos 195 1.1 christos /* 196 1.1 christos * Convert EAP state code to printable string for debug. 197 1.1 christos */ 198 1.1 christos static const char * 199 1.1.1.4 christos eap_state_name(enum eap_state_code esc) 200 1.1 christos { 201 1.1 christos static const char *state_names[] = { EAP_STATES }; 202 1.1 christos 203 1.1 christos return (state_names[(int)esc]); 204 1.1 christos } 205 1.1 christos 206 1.1 christos /* 207 1.1 christos * eap_init - Initialize state for an EAP user. This is currently 208 1.1 christos * called once by main() during start-up. 209 1.1 christos */ 210 1.1 christos static void 211 1.1.1.4 christos eap_init(int unit) 212 1.1 christos { 213 1.1 christos eap_state *esp = &eap_states[unit]; 214 1.1 christos 215 1.1 christos BZERO(esp, sizeof (*esp)); 216 1.1 christos esp->es_unit = unit; 217 1.1 christos esp->es_server.ea_timeout = EAP_DEFTIMEOUT; 218 1.1 christos esp->es_server.ea_maxrequests = EAP_DEFTRANSMITS; 219 1.1 christos esp->es_server.ea_id = (u_char)(drand48() * 0x100); 220 1.1 christos esp->es_client.ea_timeout = EAP_DEFREQTIME; 221 1.1 christos esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ; 222 1.1.1.4 christos #ifdef USE_EAPTLS 223 1.1.1.4 christos esp->es_client.ea_using_eaptls = 0; 224 1.1.1.4 christos #endif /* USE_EAPTLS */ 225 1.1.1.4 christos #ifdef CHAPMS 226 1.1.1.4 christos esp->es_client.digest = chap_find_digest(CHAP_MICROSOFT_V2); 227 1.1.1.4 christos #endif 228 1.1 christos } 229 1.1 christos 230 1.1 christos /* 231 1.1 christos * eap_client_timeout - Give up waiting for the peer to send any 232 1.1 christos * Request messages. 233 1.1 christos */ 234 1.1 christos static void 235 1.1.1.4 christos eap_client_timeout(void *arg) 236 1.1 christos { 237 1.1 christos eap_state *esp = (eap_state *) arg; 238 1.1 christos 239 1.1 christos if (!eap_client_active(esp)) 240 1.1 christos return; 241 1.1 christos 242 1.1 christos error("EAP: timeout waiting for Request from peer"); 243 1.1 christos auth_withpeer_fail(esp->es_unit, PPP_EAP); 244 1.1 christos esp->es_client.ea_state = eapBadAuth; 245 1.1 christos } 246 1.1 christos 247 1.1 christos /* 248 1.1 christos * eap_authwithpeer - Authenticate to our peer (behave as client). 249 1.1 christos * 250 1.1 christos * Start client state and wait for requests. This is called only 251 1.1 christos * after eap_lowerup. 252 1.1 christos */ 253 1.1 christos void 254 1.1.1.4 christos eap_authwithpeer(int unit, char *localname) 255 1.1 christos { 256 1.1 christos eap_state *esp = &eap_states[unit]; 257 1.1 christos 258 1.1 christos /* Save the peer name we're given */ 259 1.1 christos esp->es_client.ea_name = localname; 260 1.1 christos esp->es_client.ea_namelen = strlen(localname); 261 1.1 christos 262 1.1 christos esp->es_client.ea_state = eapListen; 263 1.1 christos 264 1.1 christos /* 265 1.1 christos * Start a timer so that if the other end just goes 266 1.1 christos * silent, we don't sit here waiting forever. 267 1.1 christos */ 268 1.1 christos if (esp->es_client.ea_timeout > 0) 269 1.1 christos TIMEOUT(eap_client_timeout, (void *)esp, 270 1.1 christos esp->es_client.ea_timeout); 271 1.1 christos } 272 1.1 christos 273 1.1 christos /* 274 1.1 christos * Format a standard EAP Failure message and send it to the peer. 275 1.1 christos * (Server operation) 276 1.1 christos */ 277 1.1 christos static void 278 1.1.1.4 christos eap_send_failure(eap_state *esp) 279 1.1 christos { 280 1.1 christos u_char *outp; 281 1.1 christos 282 1.1 christos outp = outpacket_buf; 283 1.1 christos 284 1.1 christos MAKEHEADER(outp, PPP_EAP); 285 1.1 christos 286 1.1 christos PUTCHAR(EAP_FAILURE, outp); 287 1.1 christos esp->es_server.ea_id++; 288 1.1 christos PUTCHAR(esp->es_server.ea_id, outp); 289 1.1 christos PUTSHORT(EAP_HEADERLEN, outp); 290 1.1 christos 291 1.1 christos output(esp->es_unit, outpacket_buf, EAP_HEADERLEN + PPP_HDRLEN); 292 1.1 christos 293 1.1 christos esp->es_server.ea_state = eapBadAuth; 294 1.1 christos auth_peer_fail(esp->es_unit, PPP_EAP); 295 1.1 christos } 296 1.1 christos 297 1.1 christos /* 298 1.1 christos * Format a standard EAP Success message and send it to the peer. 299 1.1 christos * (Server operation) 300 1.1 christos */ 301 1.1 christos static void 302 1.1.1.4 christos eap_send_success(eap_state *esp) 303 1.1 christos { 304 1.1 christos u_char *outp; 305 1.1 christos 306 1.1 christos outp = outpacket_buf; 307 1.1 christos 308 1.1 christos MAKEHEADER(outp, PPP_EAP); 309 1.1 christos 310 1.1 christos PUTCHAR(EAP_SUCCESS, outp); 311 1.1 christos esp->es_server.ea_id++; 312 1.1 christos PUTCHAR(esp->es_server.ea_id, outp); 313 1.1 christos PUTSHORT(EAP_HEADERLEN, outp); 314 1.1 christos 315 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + EAP_HEADERLEN); 316 1.1 christos 317 1.1 christos auth_peer_success(esp->es_unit, PPP_EAP, 0, 318 1.1 christos esp->es_server.ea_peer, esp->es_server.ea_peerlen); 319 1.1 christos } 320 1.1 christos 321 1.1 christos #ifdef USE_SRP 322 1.1 christos /* 323 1.1 christos * Set DES key according to pseudonym-generating secret and current 324 1.1 christos * date. 325 1.1 christos */ 326 1.1 christos static bool 327 1.1 christos pncrypt_setkey(int timeoffs) 328 1.1 christos { 329 1.1 christos struct tm *tp; 330 1.1 christos char tbuf[9]; 331 1.1 christos SHA1_CTX ctxt; 332 1.1 christos u_char dig[SHA_DIGESTSIZE]; 333 1.1 christos time_t reftime; 334 1.1 christos 335 1.1 christos if (pn_secret == NULL) 336 1.1 christos return (0); 337 1.1 christos reftime = time(NULL) + timeoffs; 338 1.1 christos tp = localtime(&reftime); 339 1.1 christos SHA1Init(&ctxt); 340 1.1 christos SHA1Update(&ctxt, pn_secret, strlen(pn_secret)); 341 1.1 christos strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp); 342 1.1 christos SHA1Update(&ctxt, tbuf, strlen(tbuf)); 343 1.1 christos SHA1Final(dig, &ctxt); 344 1.1 christos return (DesSetkey(dig)); 345 1.1 christos } 346 1.1 christos 347 1.1 christos static char base64[] = 348 1.1 christos "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 349 1.1 christos 350 1.1 christos struct b64state { 351 1.1 christos u_int32_t bs_bits; 352 1.1 christos int bs_offs; 353 1.1 christos }; 354 1.1 christos 355 1.1 christos static int 356 1.1.1.4 christos b64enc(struct b64state *bs, u_char *inp, int inlen, u_char *outp) 357 1.1 christos { 358 1.1 christos int outlen = 0; 359 1.1 christos 360 1.1 christos while (inlen > 0) { 361 1.1 christos bs->bs_bits = (bs->bs_bits << 8) | *inp++; 362 1.1 christos inlen--; 363 1.1 christos bs->bs_offs += 8; 364 1.1 christos if (bs->bs_offs >= 24) { 365 1.1 christos *outp++ = base64[(bs->bs_bits >> 18) & 0x3F]; 366 1.1 christos *outp++ = base64[(bs->bs_bits >> 12) & 0x3F]; 367 1.1 christos *outp++ = base64[(bs->bs_bits >> 6) & 0x3F]; 368 1.1 christos *outp++ = base64[bs->bs_bits & 0x3F]; 369 1.1 christos outlen += 4; 370 1.1 christos bs->bs_offs = 0; 371 1.1 christos bs->bs_bits = 0; 372 1.1 christos } 373 1.1 christos } 374 1.1 christos return (outlen); 375 1.1 christos } 376 1.1 christos 377 1.1 christos static int 378 1.1.1.4 christos b64flush(struct b64state *bs, u_char *outp) 379 1.1 christos { 380 1.1 christos int outlen = 0; 381 1.1 christos 382 1.1 christos if (bs->bs_offs == 8) { 383 1.1 christos *outp++ = base64[(bs->bs_bits >> 2) & 0x3F]; 384 1.1 christos *outp++ = base64[(bs->bs_bits << 4) & 0x3F]; 385 1.1 christos outlen = 2; 386 1.1 christos } else if (bs->bs_offs == 16) { 387 1.1 christos *outp++ = base64[(bs->bs_bits >> 10) & 0x3F]; 388 1.1 christos *outp++ = base64[(bs->bs_bits >> 4) & 0x3F]; 389 1.1 christos *outp++ = base64[(bs->bs_bits << 2) & 0x3F]; 390 1.1 christos outlen = 3; 391 1.1 christos } 392 1.1 christos bs->bs_offs = 0; 393 1.1 christos bs->bs_bits = 0; 394 1.1 christos return (outlen); 395 1.1 christos } 396 1.1 christos 397 1.1 christos static int 398 1.1.1.4 christos b64dec(struct b64state *bs, u_char *inp, int inlen, u_char *outp) 399 1.1 christos { 400 1.1 christos int outlen = 0; 401 1.1 christos char *cp; 402 1.1 christos 403 1.1 christos while (inlen > 0) { 404 1.1 christos if ((cp = strchr(base64, *inp++)) == NULL) 405 1.1 christos break; 406 1.1 christos bs->bs_bits = (bs->bs_bits << 6) | (cp - base64); 407 1.1 christos inlen--; 408 1.1 christos bs->bs_offs += 6; 409 1.1 christos if (bs->bs_offs >= 8) { 410 1.1 christos *outp++ = bs->bs_bits >> (bs->bs_offs - 8); 411 1.1 christos outlen++; 412 1.1 christos bs->bs_offs -= 8; 413 1.1 christos } 414 1.1 christos } 415 1.1 christos return (outlen); 416 1.1 christos } 417 1.1 christos #endif /* USE_SRP */ 418 1.1 christos 419 1.1 christos /* 420 1.1 christos * Assume that current waiting server state is complete and figure 421 1.1 christos * next state to use based on available authentication data. 'status' 422 1.1 christos * indicates if there was an error in handling the last query. It is 423 1.1 christos * 0 for success and non-zero for failure. 424 1.1 christos */ 425 1.1 christos static void 426 1.1.1.4 christos eap_figure_next_state(eap_state *esp, int status) 427 1.1 christos { 428 1.1 christos #ifdef USE_SRP 429 1.1 christos unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp; 430 1.1 christos struct t_pw tpw; 431 1.1 christos struct t_confent *tce, mytce; 432 1.1 christos char *cp, *cp2; 433 1.1 christos struct t_server *ts; 434 1.1 christos int id, i, plen, toffs; 435 1.1 christos u_char vals[2]; 436 1.1 christos struct b64state bs; 437 1.1 christos #endif /* USE_SRP */ 438 1.1.1.4 christos #ifdef USE_EAPTLS 439 1.1.1.4 christos struct eaptls_session *ets; 440 1.1.1.4 christos int secret_len; 441 1.1.1.4 christos char secret[MAXWORDLEN]; 442 1.1.1.4 christos #endif /* USE_EAPTLS */ 443 1.1 christos 444 1.1 christos esp->es_server.ea_timeout = esp->es_savedtime; 445 1.1.1.4 christos #ifdef USE_EAPTLS 446 1.1.1.4 christos esp->es_server.ea_prev_state = esp->es_server.ea_state; 447 1.1.1.4 christos #endif /* USE_EAPTLS */ 448 1.1 christos switch (esp->es_server.ea_state) { 449 1.1 christos case eapBadAuth: 450 1.1 christos return; 451 1.1 christos 452 1.1 christos case eapIdentify: 453 1.1 christos #ifdef USE_SRP 454 1.1 christos /* Discard any previous session. */ 455 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 456 1.1 christos if (ts != NULL) { 457 1.1 christos t_serverclose(ts); 458 1.1 christos esp->es_server.ea_session = NULL; 459 1.1 christos esp->es_server.ea_skey = NULL; 460 1.1 christos } 461 1.1 christos #endif /* USE_SRP */ 462 1.1 christos if (status != 0) { 463 1.1 christos esp->es_server.ea_state = eapBadAuth; 464 1.1 christos break; 465 1.1 christos } 466 1.1 christos #ifdef USE_SRP 467 1.1 christos /* If we've got a pseudonym, try to decode to real name. */ 468 1.1 christos if (esp->es_server.ea_peerlen > SRP_PSEUDO_LEN && 469 1.1 christos strncmp(esp->es_server.ea_peer, SRP_PSEUDO_ID, 470 1.1 christos SRP_PSEUDO_LEN) == 0 && 471 1.1 christos (esp->es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 < 472 1.1 christos sizeof (secbuf)) { 473 1.1 christos BZERO(&bs, sizeof (bs)); 474 1.1 christos plen = b64dec(&bs, 475 1.1 christos esp->es_server.ea_peer + SRP_PSEUDO_LEN, 476 1.1 christos esp->es_server.ea_peerlen - SRP_PSEUDO_LEN, 477 1.1 christos secbuf); 478 1.1 christos toffs = 0; 479 1.1 christos for (i = 0; i < 5; i++) { 480 1.1 christos pncrypt_setkey(toffs); 481 1.1 christos toffs -= 86400; 482 1.1 christos if (!DesDecrypt(secbuf, clear)) { 483 1.1 christos dbglog("no DES here; cannot decode " 484 1.1 christos "pseudonym"); 485 1.1 christos return; 486 1.1 christos } 487 1.1 christos id = *(unsigned char *)clear; 488 1.1 christos if (id + 1 <= plen && id + 9 > plen) 489 1.1 christos break; 490 1.1 christos } 491 1.1 christos if (plen % 8 == 0 && i < 5) { 492 1.1 christos /* 493 1.1 christos * Note that this is always shorter than the 494 1.1 christos * original stored string, so there's no need 495 1.1 christos * to realloc. 496 1.1 christos */ 497 1.1 christos if ((i = plen = *(unsigned char *)clear) > 7) 498 1.1 christos i = 7; 499 1.1 christos esp->es_server.ea_peerlen = plen; 500 1.1 christos dp = (unsigned char *)esp->es_server.ea_peer; 501 1.1 christos BCOPY(clear + 1, dp, i); 502 1.1 christos plen -= i; 503 1.1 christos dp += i; 504 1.1 christos sp = secbuf + 8; 505 1.1 christos while (plen > 0) { 506 1.1 christos (void) DesDecrypt(sp, dp); 507 1.1 christos sp += 8; 508 1.1 christos dp += 8; 509 1.1 christos plen -= 8; 510 1.1 christos } 511 1.1 christos esp->es_server.ea_peer[ 512 1.1 christos esp->es_server.ea_peerlen] = '\0'; 513 1.1 christos dbglog("decoded pseudonym to \"%.*q\"", 514 1.1 christos esp->es_server.ea_peerlen, 515 1.1 christos esp->es_server.ea_peer); 516 1.1 christos } else { 517 1.1 christos dbglog("failed to decode real name"); 518 1.1 christos /* Stay in eapIdentfy state; requery */ 519 1.1 christos break; 520 1.1 christos } 521 1.1 christos } 522 1.1 christos /* Look up user in secrets database. */ 523 1.1 christos if (get_srp_secret(esp->es_unit, esp->es_server.ea_peer, 524 1.1 christos esp->es_server.ea_name, (char *)secbuf, 1) != 0) { 525 1.1 christos /* Set up default in case SRP entry is bad */ 526 1.1 christos esp->es_server.ea_state = eapMD5Chall; 527 1.1 christos /* Get t_confent based on index in srp-secrets */ 528 1.1 christos id = strtol((char *)secbuf, &cp, 10); 529 1.1 christos if (*cp++ != ':' || id < 0) 530 1.1 christos break; 531 1.1 christos if (id == 0) { 532 1.1 christos mytce.index = 0; 533 1.1 christos mytce.modulus.data = (u_char *)wkmodulus; 534 1.1 christos mytce.modulus.len = sizeof (wkmodulus); 535 1.1 christos mytce.generator.data = (u_char *)"\002"; 536 1.1 christos mytce.generator.len = 1; 537 1.1 christos tce = &mytce; 538 1.1 christos } else if ((tce = gettcid(id)) != NULL) { 539 1.1 christos /* 540 1.1 christos * Client will have to verify this modulus/ 541 1.1 christos * generator combination, and that will take 542 1.1 christos * a while. Lengthen the timeout here. 543 1.1 christos */ 544 1.1 christos if (esp->es_server.ea_timeout > 0 && 545 1.1 christos esp->es_server.ea_timeout < 30) 546 1.1 christos esp->es_server.ea_timeout = 30; 547 1.1 christos } else { 548 1.1 christos break; 549 1.1 christos } 550 1.1 christos if ((cp2 = strchr(cp, ':')) == NULL) 551 1.1 christos break; 552 1.1 christos *cp2++ = '\0'; 553 1.1 christos tpw.pebuf.name = esp->es_server.ea_peer; 554 1.1 christos tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf, 555 1.1 christos cp); 556 1.1 christos tpw.pebuf.password.data = tpw.pwbuf; 557 1.1 christos tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf, 558 1.1 christos cp2); 559 1.1 christos tpw.pebuf.salt.data = tpw.saltbuf; 560 1.1 christos if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL) 561 1.1 christos break; 562 1.1 christos esp->es_server.ea_session = (void *)ts; 563 1.1 christos esp->es_server.ea_state = eapSRP1; 564 1.1 christos vals[0] = esp->es_server.ea_id + 1; 565 1.1 christos vals[1] = EAPT_SRP; 566 1.1 christos t_serveraddexdata(ts, vals, 2); 567 1.1 christos /* Generate B; must call before t_servergetkey() */ 568 1.1 christos t_servergenexp(ts); 569 1.1 christos break; 570 1.1 christos } 571 1.1 christos #endif /* USE_SRP */ 572 1.1.1.4 christos #ifdef USE_EAPTLS 573 1.1.1.4 christos if (!get_secret(esp->es_unit, esp->es_server.ea_peer, 574 1.1.1.4 christos esp->es_server.ea_name, secret, &secret_len, 1)) { 575 1.1.1.4 christos 576 1.1.1.4 christos esp->es_server.ea_state = eapTlsStart; 577 1.1.1.4 christos break; 578 1.1.1.4 christos } 579 1.1.1.4 christos #endif /* USE_EAPTLS */ 580 1.1.1.4 christos 581 1.1 christos esp->es_server.ea_state = eapMD5Chall; 582 1.1 christos break; 583 1.1 christos 584 1.1.1.4 christos #ifdef USE_EAPTLS 585 1.1.1.4 christos case eapTlsStart: 586 1.1.1.4 christos /* Initialize ssl session */ 587 1.1.1.4 christos if(!eaptls_init_ssl_server(esp)) { 588 1.1.1.4 christos esp->es_server.ea_state = eapBadAuth; 589 1.1.1.4 christos break; 590 1.1.1.4 christos } 591 1.1.1.4 christos 592 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecv; 593 1.1.1.4 christos break; 594 1.1.1.4 christos 595 1.1.1.4 christos case eapTlsRecv: 596 1.1.1.4 christos ets = (struct eaptls_session *) esp->es_server.ea_session; 597 1.1.1.4 christos 598 1.1.1.4 christos if(ets->alert_sent) { 599 1.1.1.4 christos esp->es_server.ea_state = eapTlsSendAlert; 600 1.1.1.4 christos break; 601 1.1.1.4 christos } 602 1.1.1.4 christos 603 1.1.1.4 christos if (status) { 604 1.1.1.4 christos esp->es_server.ea_state = eapBadAuth; 605 1.1.1.4 christos break; 606 1.1.1.4 christos } 607 1.1.1.4 christos ets = (struct eaptls_session *) esp->es_server.ea_session; 608 1.1.1.4 christos 609 1.1.1.4 christos if(ets->frag) 610 1.1.1.4 christos esp->es_server.ea_state = eapTlsSendAck; 611 1.1.1.4 christos else 612 1.1.1.4 christos esp->es_server.ea_state = eapTlsSend; 613 1.1.1.4 christos break; 614 1.1.1.4 christos 615 1.1.1.4 christos case eapTlsSend: 616 1.1.1.4 christos ets = (struct eaptls_session *) esp->es_server.ea_session; 617 1.1.1.4 christos 618 1.1.1.4 christos if(ets->frag) 619 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecvAck; 620 1.1.1.4 christos else 621 1.1.1.4 christos if(SSL_is_init_finished(ets->ssl)) 622 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecvClient; 623 1.1.1.4 christos else 624 1.1.1.4 christos /* JJK Add "TLS empty record" message here ??? */ 625 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecv; 626 1.1.1.4 christos break; 627 1.1.1.4 christos 628 1.1.1.4 christos case eapTlsSendAck: 629 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecv; 630 1.1.1.4 christos break; 631 1.1.1.4 christos 632 1.1.1.4 christos case eapTlsRecvAck: 633 1.1.1.4 christos if (status) 634 1.1.1.4 christos { 635 1.1.1.4 christos esp->es_server.ea_state = eapBadAuth; 636 1.1.1.4 christos break; 637 1.1.1.4 christos } 638 1.1.1.4 christos 639 1.1.1.4 christos esp->es_server.ea_state = eapTlsSend; 640 1.1.1.4 christos break; 641 1.1.1.4 christos 642 1.1.1.4 christos case eapTlsSendAlert: 643 1.1.1.4 christos esp->es_server.ea_state = eapTlsRecvAlertAck; 644 1.1.1.4 christos break; 645 1.1.1.4 christos #endif /* USE_EAPTLS */ 646 1.1.1.4 christos 647 1.1 christos case eapSRP1: 648 1.1 christos #ifdef USE_SRP 649 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 650 1.1 christos if (ts != NULL && status != 0) { 651 1.1 christos t_serverclose(ts); 652 1.1 christos esp->es_server.ea_session = NULL; 653 1.1 christos esp->es_server.ea_skey = NULL; 654 1.1 christos } 655 1.1 christos #endif /* USE_SRP */ 656 1.1 christos if (status == 1) { 657 1.1 christos esp->es_server.ea_state = eapMD5Chall; 658 1.1 christos } else if (status != 0 || esp->es_server.ea_session == NULL) { 659 1.1 christos esp->es_server.ea_state = eapBadAuth; 660 1.1 christos } else { 661 1.1 christos esp->es_server.ea_state = eapSRP2; 662 1.1 christos } 663 1.1 christos break; 664 1.1 christos 665 1.1 christos case eapSRP2: 666 1.1 christos #ifdef USE_SRP 667 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 668 1.1 christos if (ts != NULL && status != 0) { 669 1.1 christos t_serverclose(ts); 670 1.1 christos esp->es_server.ea_session = NULL; 671 1.1 christos esp->es_server.ea_skey = NULL; 672 1.1 christos } 673 1.1 christos #endif /* USE_SRP */ 674 1.1 christos if (status != 0 || esp->es_server.ea_session == NULL) { 675 1.1 christos esp->es_server.ea_state = eapBadAuth; 676 1.1 christos } else { 677 1.1 christos esp->es_server.ea_state = eapSRP3; 678 1.1 christos } 679 1.1 christos break; 680 1.1 christos 681 1.1 christos case eapSRP3: 682 1.1 christos case eapSRP4: 683 1.1 christos #ifdef USE_SRP 684 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 685 1.1 christos if (ts != NULL && status != 0) { 686 1.1 christos t_serverclose(ts); 687 1.1 christos esp->es_server.ea_session = NULL; 688 1.1 christos esp->es_server.ea_skey = NULL; 689 1.1 christos } 690 1.1 christos #endif /* USE_SRP */ 691 1.1 christos if (status != 0 || esp->es_server.ea_session == NULL) { 692 1.1 christos esp->es_server.ea_state = eapBadAuth; 693 1.1 christos } else { 694 1.1 christos esp->es_server.ea_state = eapOpen; 695 1.1 christos } 696 1.1 christos break; 697 1.1 christos 698 1.1.1.4 christos #ifdef CHAPMS 699 1.1.1.4 christos case eapMSCHAPv2Chall: 700 1.1.1.4 christos #endif 701 1.1 christos case eapMD5Chall: 702 1.1 christos if (status != 0) { 703 1.1 christos esp->es_server.ea_state = eapBadAuth; 704 1.1 christos } else { 705 1.1 christos esp->es_server.ea_state = eapOpen; 706 1.1 christos } 707 1.1 christos break; 708 1.1 christos 709 1.1 christos default: 710 1.1 christos esp->es_server.ea_state = eapBadAuth; 711 1.1 christos break; 712 1.1 christos } 713 1.1 christos if (esp->es_server.ea_state == eapBadAuth) 714 1.1 christos eap_send_failure(esp); 715 1.1.1.4 christos 716 1.1.1.4 christos #ifdef USE_EAPTLS 717 1.1.1.4 christos dbglog("EAP id=0x%2x '%s' -> '%s'", esp->es_server.ea_id, eap_state_name(esp->es_server.ea_prev_state), eap_state_name(esp->es_server.ea_state)); 718 1.1.1.4 christos #endif /* USE_EAPTLS */ 719 1.1.1.4 christos } 720 1.1.1.4 christos 721 1.1.1.4 christos #if CHAPMS 722 1.1.1.4 christos static int 723 1.1.1.4 christos eap_chapms2_verify_response(int id, char *name, 724 1.1.1.4 christos unsigned char *secret, int secret_len, 725 1.1.1.4 christos unsigned char *challenge, unsigned char *response, 726 1.1.1.4 christos char *message, int message_space) 727 1.1.1.4 christos { 728 1.1.1.4 christos unsigned char md[MS_CHAP2_RESPONSE_LEN]; 729 1.1.1.4 christos char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; 730 1.1.1.4 christos int challenge_len, response_len; 731 1.1.1.4 christos 732 1.1.1.4 christos challenge_len = *challenge++; /* skip length, is 16 */ 733 1.1.1.4 christos response_len = *response++; 734 1.1.1.4 christos if (response_len != MS_CHAP2_RESPONSE_LEN) 735 1.1.1.4 christos goto bad; /* not even the right length */ 736 1.1.1.4 christos 737 1.1.1.4 christos /* Generate the expected response and our mutual auth. */ 738 1.1.1.4 christos ChapMS2(challenge, &response[MS_CHAP2_PEER_CHALLENGE], name, 739 1.1.1.4 christos (char *)secret, secret_len, md, 740 1.1.1.4 christos (unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR); 741 1.1.1.4 christos 742 1.1.1.4 christos /* compare MDs and send the appropriate status */ 743 1.1.1.4 christos /* 744 1.1.1.4 christos * Per RFC 2759, success message must be formatted as 745 1.1.1.4 christos * "S=<auth_string> M=<message>" 746 1.1.1.4 christos * where 747 1.1.1.4 christos * <auth_string> is the Authenticator Response (mutual auth) 748 1.1.1.4 christos * <message> is a text message 749 1.1.1.4 christos * 750 1.1.1.4 christos * However, some versions of Windows (win98 tested) do not know 751 1.1.1.4 christos * about the M=<message> part (required per RFC 2759) and flag 752 1.1.1.4 christos * it as an error (reported incorrectly as an encryption error 753 1.1.1.4 christos * to the user). Since the RFC requires it, and it can be 754 1.1.1.4 christos * useful information, we supply it if the peer is a conforming 755 1.1.1.4 christos * system. Luckily (?), win98 sets the Flags field to 0x04 756 1.1.1.4 christos * (contrary to RFC requirements) so we can use that to 757 1.1.1.4 christos * distinguish between conforming and non-conforming systems. 758 1.1.1.4 christos * 759 1.1.1.4 christos * Special thanks to Alex Swiridov <say (at) real.kharkov.ua> for 760 1.1.1.4 christos * help debugging this. 761 1.1.1.4 christos */ 762 1.1.1.4 christos if (memcmp(&md[MS_CHAP2_NTRESP], &response[MS_CHAP2_NTRESP], 763 1.1.1.4 christos MS_CHAP2_NTRESP_LEN) == 0) { 764 1.1.1.4 christos if (response[MS_CHAP2_FLAGS]) 765 1.1.1.4 christos slprintf(message, message_space, "S=%s", saresponse); 766 1.1.1.4 christos else 767 1.1.1.4 christos slprintf(message, message_space, "S=%s M=%s", 768 1.1.1.4 christos saresponse, "Access granted"); 769 1.1.1.4 christos return 1; 770 1.1.1.4 christos } 771 1.1.1.4 christos 772 1.1.1.4 christos bad: 773 1.1.1.4 christos /* 774 1.1.1.4 christos * Failure message must be formatted as 775 1.1.1.4 christos * "E=e R=r C=c V=v M=m" 776 1.1.1.4 christos * where 777 1.1.1.4 christos * e = error code (we use 691, ERROR_AUTHENTICATION_FAILURE) 778 1.1.1.4 christos * r = retry (we use 1, ok to retry) 779 1.1.1.4 christos * c = challenge to use for next response, we reuse previous 780 1.1.1.4 christos * v = Change Password version supported, we use 0 781 1.1.1.4 christos * m = text message 782 1.1.1.4 christos * 783 1.1.1.4 christos * The M=m part is only for MS-CHAPv2. Neither win2k nor 784 1.1.1.4 christos * win98 (others untested) display the message to the user anyway. 785 1.1.1.4 christos * They also both ignore the E=e code. 786 1.1.1.4 christos * 787 1.1.1.4 christos * Note that it's safe to reuse the same challenge as we don't 788 1.1.1.4 christos * actually accept another response based on the error message 789 1.1.1.4 christos * (and no clients try to resend a response anyway). 790 1.1.1.4 christos * 791 1.1.1.4 christos * Basically, this whole bit is useless code, even the small 792 1.1.1.4 christos * implementation here is only because of overspecification. 793 1.1.1.4 christos */ 794 1.1.1.4 christos slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", 795 1.1.1.4 christos challenge_len, challenge, "Access denied"); 796 1.1.1.4 christos return 0; 797 1.1.1.4 christos } 798 1.1.1.4 christos 799 1.1.1.4 christos static struct chap_digest_type eap_chapms2_digest = { 800 1.1.1.4 christos CHAP_MICROSOFT_V2, /* code */ 801 1.1.1.4 christos NULL, /* chapms2_generate_challenge, */ 802 1.1.1.4 christos eap_chapms2_verify_response, 803 1.1.1.4 christos NULL, /* chapms2_make_response, */ 804 1.1.1.4 christos NULL, /* chapms2_check_success, */ 805 1.1.1.4 christos NULL, /* chapms_handle_failure, */ 806 1.1.1.4 christos }; 807 1.1.1.4 christos 808 1.1.1.4 christos /* 809 1.1.1.4 christos * eap_chap_verify_response - check whether the peer's response matches 810 1.1.1.4 christos * what we think it should be. Returns 1 if it does (authentication 811 1.1.1.4 christos * succeeded), or 0 if it doesn't. 812 1.1.1.4 christos */ 813 1.1.1.4 christos static int 814 1.1.1.4 christos eap_chap_verify_response(char *name, char *ourname, int id, 815 1.1.1.4 christos struct chap_digest_type *digest, 816 1.1.1.4 christos unsigned char *challenge, unsigned char *response, 817 1.1.1.4 christos char *message, int message_space) 818 1.1.1.4 christos { 819 1.1.1.4 christos int ok; 820 1.1.1.4 christos unsigned char secret[MAXSECRETLEN]; 821 1.1.1.4 christos int secret_len; 822 1.1.1.4 christos 823 1.1.1.4 christos /* Get the secret that the peer is supposed to know */ 824 1.1.1.4 christos if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) { 825 1.1.1.4 christos error("No CHAP secret found for authenticating %q", name); 826 1.1.1.4 christos return 0; 827 1.1.1.4 christos } 828 1.1.1.4 christos 829 1.1.1.4 christos ok = digest->verify_response(id, name, secret, secret_len, challenge, 830 1.1.1.4 christos response, message, message_space); 831 1.1.1.4 christos memset(secret, 0, sizeof(secret)); 832 1.1.1.4 christos 833 1.1.1.4 christos return ok; 834 1.1 christos } 835 1.1 christos 836 1.1 christos /* 837 1.1.1.4 christos * Format and send an CHAPV2-Success/Failure EAP Request message. 838 1.1.1.4 christos */ 839 1.1.1.4 christos static void 840 1.1.1.4 christos eap_chapms2_send_request(eap_state *esp, u_char id, 841 1.1.1.4 christos u_char opcode, u_char chapid, 842 1.1.1.4 christos char *message, int message_len) 843 1.1.1.4 christos { 844 1.1.1.4 christos u_char *outp; 845 1.1.1.4 christos int msglen; 846 1.1.1.4 christos 847 1.1.1.4 christos outp = outpacket_buf; 848 1.1.1.4 christos 849 1.1.1.4 christos MAKEHEADER(outp, PPP_EAP); 850 1.1.1.4 christos 851 1.1.1.4 christos msglen = EAP_HEADERLEN + 5 * sizeof (u_char); 852 1.1.1.4 christos msglen += message_len; 853 1.1.1.4 christos 854 1.1.1.4 christos PUTCHAR(EAP_REQUEST, outp); 855 1.1.1.4 christos PUTCHAR(id, outp); 856 1.1.1.4 christos PUTSHORT(msglen, outp); 857 1.1.1.4 christos PUTCHAR(EAPT_MSCHAPV2, outp); 858 1.1.1.4 christos PUTCHAR(opcode, outp); 859 1.1.1.4 christos PUTCHAR(chapid, outp); 860 1.1.1.4 christos /* MS len */ 861 1.1.1.4 christos PUTSHORT(msglen - 5, outp); 862 1.1.1.4 christos BCOPY(message, outp, message_len); 863 1.1.1.4 christos 864 1.1.1.4 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 865 1.1.1.4 christos 866 1.1.1.4 christos if (opcode == CHAP_SUCCESS) { 867 1.1.1.4 christos auth_peer_success(esp->es_unit, PPP_EAP, 0, 868 1.1.1.4 christos esp->es_server.ea_peer, esp->es_server.ea_peerlen); 869 1.1.1.4 christos } 870 1.1.1.4 christos else { 871 1.1.1.4 christos esp->es_server.ea_state = eapBadAuth; 872 1.1.1.4 christos auth_peer_fail(esp->es_unit, PPP_EAP); 873 1.1.1.4 christos } 874 1.1.1.4 christos } 875 1.1.1.4 christos #endif /* CHAPMS */ 876 1.1.1.4 christos 877 1.1.1.4 christos /* 878 1.1 christos * Format an EAP Request message and send it to the peer. Message 879 1.1 christos * type depends on current state. (Server operation) 880 1.1 christos */ 881 1.1 christos static void 882 1.1.1.4 christos eap_send_request(eap_state *esp) 883 1.1 christos { 884 1.1 christos u_char *outp; 885 1.1 christos u_char *lenloc; 886 1.1 christos u_char *ptr; 887 1.1 christos int outlen; 888 1.1 christos int challen; 889 1.1 christos char *str; 890 1.1 christos #ifdef USE_SRP 891 1.1 christos struct t_server *ts; 892 1.1 christos u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp; 893 1.1 christos int i, j; 894 1.1 christos struct b64state b64; 895 1.1 christos SHA1_CTX ctxt; 896 1.1 christos #endif /* USE_SRP */ 897 1.1 christos 898 1.1 christos /* Handle both initial auth and restart */ 899 1.1 christos if (esp->es_server.ea_state < eapIdentify && 900 1.1 christos esp->es_server.ea_state != eapInitial) { 901 1.1 christos esp->es_server.ea_state = eapIdentify; 902 1.1 christos if (explicit_remote) { 903 1.1 christos /* 904 1.1 christos * If we already know the peer's 905 1.1 christos * unauthenticated name, then there's no 906 1.1 christos * reason to ask. Go to next state instead. 907 1.1 christos */ 908 1.1 christos esp->es_server.ea_peer = remote_name; 909 1.1 christos esp->es_server.ea_peerlen = strlen(remote_name); 910 1.1 christos eap_figure_next_state(esp, 0); 911 1.1 christos } 912 1.1 christos } 913 1.1 christos 914 1.1 christos if (esp->es_server.ea_maxrequests > 0 && 915 1.1 christos esp->es_server.ea_requests >= esp->es_server.ea_maxrequests) { 916 1.1 christos if (esp->es_server.ea_responses > 0) 917 1.1 christos error("EAP: too many Requests sent"); 918 1.1 christos else 919 1.1 christos error("EAP: no response to Requests"); 920 1.1 christos eap_send_failure(esp); 921 1.1 christos return; 922 1.1 christos } 923 1.1 christos 924 1.1 christos outp = outpacket_buf; 925 1.1 christos 926 1.1 christos MAKEHEADER(outp, PPP_EAP); 927 1.1 christos 928 1.1 christos PUTCHAR(EAP_REQUEST, outp); 929 1.1 christos PUTCHAR(esp->es_server.ea_id, outp); 930 1.1 christos lenloc = outp; 931 1.1 christos INCPTR(2, outp); 932 1.1 christos 933 1.1 christos switch (esp->es_server.ea_state) { 934 1.1 christos case eapIdentify: 935 1.1 christos PUTCHAR(EAPT_IDENTITY, outp); 936 1.1 christos str = "Name"; 937 1.1 christos challen = strlen(str); 938 1.1 christos BCOPY(str, outp, challen); 939 1.1 christos INCPTR(challen, outp); 940 1.1 christos break; 941 1.1 christos 942 1.1 christos case eapMD5Chall: 943 1.1 christos PUTCHAR(EAPT_MD5CHAP, outp); 944 1.1 christos /* 945 1.1 christos * pick a random challenge length between 946 1.1 christos * MIN_CHALLENGE_LENGTH and MAX_CHALLENGE_LENGTH 947 1.1 christos */ 948 1.1 christos challen = (drand48() * 949 1.1 christos (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) + 950 1.1 christos MIN_CHALLENGE_LENGTH; 951 1.1 christos PUTCHAR(challen, outp); 952 1.1 christos esp->es_challen = challen; 953 1.1 christos ptr = esp->es_challenge; 954 1.1 christos while (--challen >= 0) 955 1.1 christos *ptr++ = (u_char) (drand48() * 0x100); 956 1.1 christos BCOPY(esp->es_challenge, outp, esp->es_challen); 957 1.1 christos INCPTR(esp->es_challen, outp); 958 1.1 christos BCOPY(esp->es_server.ea_name, outp, esp->es_server.ea_namelen); 959 1.1 christos INCPTR(esp->es_server.ea_namelen, outp); 960 1.1 christos break; 961 1.1 christos 962 1.1.1.4 christos #ifdef CHAPMS 963 1.1.1.4 christos case eapMSCHAPv2Chall: 964 1.1.1.4 christos challen = 0x10; 965 1.1.1.4 christos esp->es_challen = challen; 966 1.1.1.4 christos esp->es_challenge[0] = challen; 967 1.1.1.4 christos random_bytes(&esp->es_challenge[1], challen); 968 1.1.1.4 christos 969 1.1.1.4 christos PUTCHAR(EAPT_MSCHAPV2, outp); 970 1.1.1.4 christos PUTCHAR(CHAP_CHALLENGE, outp); 971 1.1.1.4 christos PUTCHAR(esp->es_server.ea_id, outp); 972 1.1.1.4 christos /* MS len */ 973 1.1.1.4 christos PUTSHORT(5 + challen + 974 1.1.1.4 christos esp->es_server.ea_namelen, 975 1.1.1.4 christos outp); 976 1.1.1.4 christos /* challen + challenge */ 977 1.1.1.4 christos BCOPY(esp->es_challenge, outp, challen+1); 978 1.1.1.4 christos INCPTR(challen+1, outp); 979 1.1.1.4 christos BCOPY(esp->es_server.ea_name, 980 1.1.1.4 christos outp, 981 1.1.1.4 christos esp->es_server.ea_namelen); 982 1.1.1.4 christos INCPTR(esp->es_server.ea_namelen, outp); 983 1.1.1.4 christos break; 984 1.1.1.4 christos #endif /* CHAPMS */ 985 1.1.1.4 christos 986 1.1.1.4 christos #ifdef USE_EAPTLS 987 1.1.1.4 christos case eapTlsStart: 988 1.1.1.4 christos PUTCHAR(EAPT_TLS, outp); 989 1.1.1.4 christos PUTCHAR(EAP_TLS_FLAGS_START, outp); 990 1.1.1.4 christos eap_figure_next_state(esp, 0); 991 1.1.1.4 christos break; 992 1.1.1.4 christos 993 1.1.1.4 christos case eapTlsSend: 994 1.1.1.4 christos eaptls_send(esp->es_server.ea_session, &outp); 995 1.1.1.4 christos eap_figure_next_state(esp, 0); 996 1.1.1.4 christos break; 997 1.1.1.4 christos 998 1.1.1.4 christos case eapTlsSendAck: 999 1.1.1.4 christos PUTCHAR(EAPT_TLS, outp); 1000 1.1.1.4 christos PUTCHAR(0, outp); 1001 1.1.1.4 christos eap_figure_next_state(esp, 0); 1002 1.1.1.4 christos break; 1003 1.1.1.4 christos 1004 1.1.1.4 christos case eapTlsSendAlert: 1005 1.1.1.4 christos eaptls_send(esp->es_server.ea_session, &outp); 1006 1.1.1.4 christos eap_figure_next_state(esp, 0); 1007 1.1.1.4 christos break; 1008 1.1.1.4 christos #endif /* USE_EAPTLS */ 1009 1.1.1.4 christos 1010 1.1 christos #ifdef USE_SRP 1011 1.1 christos case eapSRP1: 1012 1.1 christos PUTCHAR(EAPT_SRP, outp); 1013 1.1 christos PUTCHAR(EAPSRP_CHALLENGE, outp); 1014 1.1 christos 1015 1.1 christos PUTCHAR(esp->es_server.ea_namelen, outp); 1016 1.1 christos BCOPY(esp->es_server.ea_name, outp, esp->es_server.ea_namelen); 1017 1.1 christos INCPTR(esp->es_server.ea_namelen, outp); 1018 1.1 christos 1019 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 1020 1.1 christos assert(ts != NULL); 1021 1.1 christos PUTCHAR(ts->s.len, outp); 1022 1.1 christos BCOPY(ts->s.data, outp, ts->s.len); 1023 1.1 christos INCPTR(ts->s.len, outp); 1024 1.1 christos 1025 1.1 christos if (ts->g.len == 1 && ts->g.data[0] == 2) { 1026 1.1 christos PUTCHAR(0, outp); 1027 1.1 christos } else { 1028 1.1 christos PUTCHAR(ts->g.len, outp); 1029 1.1 christos BCOPY(ts->g.data, outp, ts->g.len); 1030 1.1 christos INCPTR(ts->g.len, outp); 1031 1.1 christos } 1032 1.1 christos 1033 1.1 christos if (ts->n.len != sizeof (wkmodulus) || 1034 1.1 christos BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) { 1035 1.1 christos BCOPY(ts->n.data, outp, ts->n.len); 1036 1.1 christos INCPTR(ts->n.len, outp); 1037 1.1 christos } 1038 1.1 christos break; 1039 1.1 christos 1040 1.1 christos case eapSRP2: 1041 1.1 christos PUTCHAR(EAPT_SRP, outp); 1042 1.1 christos PUTCHAR(EAPSRP_SKEY, outp); 1043 1.1 christos 1044 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 1045 1.1 christos assert(ts != NULL); 1046 1.1 christos BCOPY(ts->B.data, outp, ts->B.len); 1047 1.1 christos INCPTR(ts->B.len, outp); 1048 1.1 christos break; 1049 1.1 christos 1050 1.1 christos case eapSRP3: 1051 1.1 christos PUTCHAR(EAPT_SRP, outp); 1052 1.1 christos PUTCHAR(EAPSRP_SVALIDATOR, outp); 1053 1.1 christos PUTLONG(SRPVAL_EBIT, outp); 1054 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 1055 1.1 christos assert(ts != NULL); 1056 1.1 christos BCOPY(t_serverresponse(ts), outp, SHA_DIGESTSIZE); 1057 1.1 christos INCPTR(SHA_DIGESTSIZE, outp); 1058 1.1 christos 1059 1.1 christos if (pncrypt_setkey(0)) { 1060 1.1 christos /* Generate pseudonym */ 1061 1.1 christos optr = outp; 1062 1.1 christos cp = (unsigned char *)esp->es_server.ea_peer; 1063 1.1 christos if ((j = i = esp->es_server.ea_peerlen) > 7) 1064 1.1 christos j = 7; 1065 1.1 christos clear[0] = i; 1066 1.1 christos BCOPY(cp, clear + 1, j); 1067 1.1 christos i -= j; 1068 1.1 christos cp += j; 1069 1.1 christos if (!DesEncrypt(clear, cipher)) { 1070 1.1 christos dbglog("no DES here; not generating pseudonym"); 1071 1.1 christos break; 1072 1.1 christos } 1073 1.1 christos BZERO(&b64, sizeof (b64)); 1074 1.1 christos outp++; /* space for pseudonym length */ 1075 1.1 christos outp += b64enc(&b64, cipher, 8, outp); 1076 1.1 christos while (i >= 8) { 1077 1.1 christos (void) DesEncrypt(cp, cipher); 1078 1.1 christos outp += b64enc(&b64, cipher, 8, outp); 1079 1.1 christos cp += 8; 1080 1.1 christos i -= 8; 1081 1.1 christos } 1082 1.1 christos if (i > 0) { 1083 1.1 christos BCOPY(cp, clear, i); 1084 1.1 christos cp += i; 1085 1.1 christos while (i < 8) { 1086 1.1 christos *cp++ = drand48() * 0x100; 1087 1.1 christos i++; 1088 1.1 christos } 1089 1.1 christos (void) DesEncrypt(clear, cipher); 1090 1.1 christos outp += b64enc(&b64, cipher, 8, outp); 1091 1.1 christos } 1092 1.1 christos outp += b64flush(&b64, outp); 1093 1.1 christos 1094 1.1 christos /* Set length and pad out to next 20 octet boundary */ 1095 1.1 christos i = outp - optr - 1; 1096 1.1 christos *optr = i; 1097 1.1 christos i %= SHA_DIGESTSIZE; 1098 1.1 christos if (i != 0) { 1099 1.1 christos while (i < SHA_DIGESTSIZE) { 1100 1.1 christos *outp++ = drand48() * 0x100; 1101 1.1 christos i++; 1102 1.1 christos } 1103 1.1 christos } 1104 1.1 christos 1105 1.1 christos /* Obscure the pseudonym with SHA1 hash */ 1106 1.1 christos SHA1Init(&ctxt); 1107 1.1 christos SHA1Update(&ctxt, &esp->es_server.ea_id, 1); 1108 1.1 christos SHA1Update(&ctxt, esp->es_server.ea_skey, 1109 1.1 christos SESSION_KEY_LEN); 1110 1.1 christos SHA1Update(&ctxt, esp->es_server.ea_peer, 1111 1.1 christos esp->es_server.ea_peerlen); 1112 1.1 christos while (optr < outp) { 1113 1.1 christos SHA1Final(dig, &ctxt); 1114 1.1 christos cp = dig; 1115 1.1 christos while (cp < dig + SHA_DIGESTSIZE) 1116 1.1 christos *optr++ ^= *cp++; 1117 1.1 christos SHA1Init(&ctxt); 1118 1.1 christos SHA1Update(&ctxt, &esp->es_server.ea_id, 1); 1119 1.1 christos SHA1Update(&ctxt, esp->es_server.ea_skey, 1120 1.1 christos SESSION_KEY_LEN); 1121 1.1 christos SHA1Update(&ctxt, optr - SHA_DIGESTSIZE, 1122 1.1 christos SHA_DIGESTSIZE); 1123 1.1 christos } 1124 1.1 christos } 1125 1.1 christos break; 1126 1.1 christos 1127 1.1 christos case eapSRP4: 1128 1.1 christos PUTCHAR(EAPT_SRP, outp); 1129 1.1 christos PUTCHAR(EAPSRP_LWRECHALLENGE, outp); 1130 1.1 christos challen = MIN_CHALLENGE_LENGTH + 1131 1.1 christos ((MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH) * drand48()); 1132 1.1 christos esp->es_challen = challen; 1133 1.1 christos ptr = esp->es_challenge; 1134 1.1 christos while (--challen >= 0) 1135 1.1 christos *ptr++ = drand48() * 0x100; 1136 1.1 christos BCOPY(esp->es_challenge, outp, esp->es_challen); 1137 1.1 christos INCPTR(esp->es_challen, outp); 1138 1.1 christos break; 1139 1.1 christos #endif /* USE_SRP */ 1140 1.1 christos 1141 1.1 christos default: 1142 1.1 christos return; 1143 1.1 christos } 1144 1.1 christos 1145 1.1 christos outlen = (outp - outpacket_buf) - PPP_HDRLEN; 1146 1.1 christos PUTSHORT(outlen, lenloc); 1147 1.1 christos 1148 1.1 christos output(esp->es_unit, outpacket_buf, outlen + PPP_HDRLEN); 1149 1.1 christos 1150 1.1 christos esp->es_server.ea_requests++; 1151 1.1 christos 1152 1.1 christos if (esp->es_server.ea_timeout > 0) 1153 1.1 christos TIMEOUT(eap_server_timeout, esp, esp->es_server.ea_timeout); 1154 1.1 christos } 1155 1.1 christos 1156 1.1 christos /* 1157 1.1 christos * eap_authpeer - Authenticate our peer (behave as server). 1158 1.1 christos * 1159 1.1 christos * Start server state and send first request. This is called only 1160 1.1 christos * after eap_lowerup. 1161 1.1 christos */ 1162 1.1 christos void 1163 1.1.1.4 christos eap_authpeer(int unit, char *localname) 1164 1.1 christos { 1165 1.1 christos eap_state *esp = &eap_states[unit]; 1166 1.1 christos 1167 1.1 christos /* Save the name we're given. */ 1168 1.1 christos esp->es_server.ea_name = localname; 1169 1.1 christos esp->es_server.ea_namelen = strlen(localname); 1170 1.1 christos 1171 1.1 christos esp->es_savedtime = esp->es_server.ea_timeout; 1172 1.1 christos 1173 1.1 christos /* Lower layer up yet? */ 1174 1.1 christos if (esp->es_server.ea_state == eapInitial || 1175 1.1 christos esp->es_server.ea_state == eapPending) { 1176 1.1 christos esp->es_server.ea_state = eapPending; 1177 1.1 christos return; 1178 1.1 christos } 1179 1.1 christos 1180 1.1 christos esp->es_server.ea_state = eapPending; 1181 1.1 christos 1182 1.1 christos /* ID number not updated here intentionally; hashed into M1 */ 1183 1.1 christos eap_send_request(esp); 1184 1.1 christos } 1185 1.1 christos 1186 1.1 christos /* 1187 1.1 christos * eap_server_timeout - Retransmission timer for sending Requests 1188 1.1 christos * expired. 1189 1.1 christos */ 1190 1.1 christos static void 1191 1.1.1.4 christos eap_server_timeout(void *arg) 1192 1.1 christos { 1193 1.1.1.4 christos #ifdef USE_EAPTLS 1194 1.1.1.4 christos u_char *outp; 1195 1.1.1.4 christos u_char *lenloc; 1196 1.1.1.4 christos int outlen; 1197 1.1.1.4 christos #endif /* USE_EAPTLS */ 1198 1.1.1.4 christos 1199 1.1 christos eap_state *esp = (eap_state *) arg; 1200 1.1 christos 1201 1.1 christos if (!eap_server_active(esp)) 1202 1.1 christos return; 1203 1.1 christos 1204 1.1.1.4 christos #ifdef USE_EAPTLS 1205 1.1.1.4 christos switch(esp->es_server.ea_prev_state) { 1206 1.1.1.4 christos 1207 1.1.1.4 christos /* 1208 1.1.1.4 christos * In eap-tls the state changes after a request, so we return to 1209 1.1.1.4 christos * previous state ... 1210 1.1.1.4 christos */ 1211 1.1.1.4 christos case(eapTlsStart): 1212 1.1.1.4 christos case(eapTlsSendAck): 1213 1.1.1.4 christos esp->es_server.ea_state = esp->es_server.ea_prev_state; 1214 1.1.1.4 christos break; 1215 1.1.1.4 christos 1216 1.1.1.4 christos /* 1217 1.1.1.4 christos * ... or resend the stored data 1218 1.1.1.4 christos */ 1219 1.1.1.4 christos case(eapTlsSend): 1220 1.1.1.4 christos case(eapTlsSendAlert): 1221 1.1.1.4 christos outp = outpacket_buf; 1222 1.1.1.4 christos MAKEHEADER(outp, PPP_EAP); 1223 1.1.1.4 christos PUTCHAR(EAP_REQUEST, outp); 1224 1.1.1.4 christos PUTCHAR(esp->es_server.ea_id, outp); 1225 1.1.1.4 christos lenloc = outp; 1226 1.1.1.4 christos INCPTR(2, outp); 1227 1.1.1.4 christos 1228 1.1.1.4 christos eaptls_retransmit(esp->es_server.ea_session, &outp); 1229 1.1.1.4 christos 1230 1.1.1.4 christos outlen = (outp - outpacket_buf) - PPP_HDRLEN; 1231 1.1.1.4 christos PUTSHORT(outlen, lenloc); 1232 1.1.1.4 christos output(esp->es_unit, outpacket_buf, outlen + PPP_HDRLEN); 1233 1.1.1.4 christos esp->es_server.ea_requests++; 1234 1.1.1.4 christos 1235 1.1.1.4 christos if (esp->es_server.ea_timeout > 0) 1236 1.1.1.4 christos TIMEOUT(eap_server_timeout, esp, esp->es_server.ea_timeout); 1237 1.1.1.4 christos 1238 1.1.1.4 christos return; 1239 1.1.1.4 christos default: 1240 1.1.1.4 christos break; 1241 1.1.1.4 christos } 1242 1.1.1.4 christos #endif /* USE_EAPTLS */ 1243 1.1.1.4 christos 1244 1.1 christos /* EAP ID number must not change on timeout. */ 1245 1.1 christos eap_send_request(esp); 1246 1.1 christos } 1247 1.1 christos 1248 1.1 christos /* 1249 1.1 christos * When it's time to send rechallenge the peer, this timeout is 1250 1.1 christos * called. Once the rechallenge is successful, the response handler 1251 1.1 christos * will restart the timer. If it fails, then the link is dropped. 1252 1.1 christos */ 1253 1.1 christos static void 1254 1.1.1.4 christos eap_rechallenge(void *arg) 1255 1.1 christos { 1256 1.1 christos eap_state *esp = (eap_state *)arg; 1257 1.1 christos 1258 1.1 christos if (esp->es_server.ea_state != eapOpen && 1259 1.1 christos esp->es_server.ea_state != eapSRP4) 1260 1.1 christos return; 1261 1.1 christos 1262 1.1 christos esp->es_server.ea_requests = 0; 1263 1.1 christos esp->es_server.ea_state = eapIdentify; 1264 1.1 christos eap_figure_next_state(esp, 0); 1265 1.1 christos esp->es_server.ea_id++; 1266 1.1 christos eap_send_request(esp); 1267 1.1 christos } 1268 1.1 christos 1269 1.1 christos static void 1270 1.1.1.4 christos srp_lwrechallenge(void *arg) 1271 1.1 christos { 1272 1.1 christos eap_state *esp = (eap_state *)arg; 1273 1.1 christos 1274 1.1 christos if (esp->es_server.ea_state != eapOpen || 1275 1.1 christos esp->es_server.ea_type != EAPT_SRP) 1276 1.1 christos return; 1277 1.1 christos 1278 1.1 christos esp->es_server.ea_requests = 0; 1279 1.1 christos esp->es_server.ea_state = eapSRP4; 1280 1.1 christos esp->es_server.ea_id++; 1281 1.1 christos eap_send_request(esp); 1282 1.1 christos } 1283 1.1 christos 1284 1.1 christos /* 1285 1.1 christos * eap_lowerup - The lower layer is now up. 1286 1.1 christos * 1287 1.1 christos * This is called before either eap_authpeer or eap_authwithpeer. See 1288 1.1 christos * link_established() in auth.c. All that's necessary here is to 1289 1.1 christos * return to closed state so that those two routines will do the right 1290 1.1 christos * thing. 1291 1.1 christos */ 1292 1.1 christos static void 1293 1.1.1.4 christos eap_lowerup(int unit) 1294 1.1 christos { 1295 1.1 christos eap_state *esp = &eap_states[unit]; 1296 1.1 christos 1297 1.1 christos /* Discard any (possibly authenticated) peer name. */ 1298 1.1 christos if (esp->es_server.ea_peer != NULL && 1299 1.1 christos esp->es_server.ea_peer != remote_name) 1300 1.1 christos free(esp->es_server.ea_peer); 1301 1.1 christos esp->es_server.ea_peer = NULL; 1302 1.1 christos if (esp->es_client.ea_peer != NULL) 1303 1.1 christos free(esp->es_client.ea_peer); 1304 1.1 christos esp->es_client.ea_peer = NULL; 1305 1.1 christos 1306 1.1 christos esp->es_client.ea_state = eapClosed; 1307 1.1 christos esp->es_server.ea_state = eapClosed; 1308 1.1 christos } 1309 1.1 christos 1310 1.1 christos /* 1311 1.1 christos * eap_lowerdown - The lower layer is now down. 1312 1.1 christos * 1313 1.1 christos * Cancel all timeouts and return to initial state. 1314 1.1 christos */ 1315 1.1 christos static void 1316 1.1.1.4 christos eap_lowerdown(int unit) 1317 1.1 christos { 1318 1.1 christos eap_state *esp = &eap_states[unit]; 1319 1.1 christos 1320 1.1 christos if (eap_client_active(esp) && esp->es_client.ea_timeout > 0) { 1321 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 1322 1.1 christos } 1323 1.1 christos if (eap_server_active(esp)) { 1324 1.1 christos if (esp->es_server.ea_timeout > 0) { 1325 1.1 christos UNTIMEOUT(eap_server_timeout, (void *)esp); 1326 1.1 christos } 1327 1.1 christos } else { 1328 1.1 christos if ((esp->es_server.ea_state == eapOpen || 1329 1.1 christos esp->es_server.ea_state == eapSRP4) && 1330 1.1 christos esp->es_rechallenge > 0) { 1331 1.1 christos UNTIMEOUT(eap_rechallenge, (void *)esp); 1332 1.1 christos } 1333 1.1 christos if (esp->es_server.ea_state == eapOpen && 1334 1.1 christos esp->es_lwrechallenge > 0) { 1335 1.1 christos UNTIMEOUT(srp_lwrechallenge, (void *)esp); 1336 1.1 christos } 1337 1.1 christos } 1338 1.1 christos 1339 1.1 christos esp->es_client.ea_state = esp->es_server.ea_state = eapInitial; 1340 1.1 christos esp->es_client.ea_requests = esp->es_server.ea_requests = 0; 1341 1.1 christos } 1342 1.1 christos 1343 1.1 christos /* 1344 1.1 christos * eap_protrej - Peer doesn't speak this protocol. 1345 1.1 christos * 1346 1.1 christos * This shouldn't happen. If it does, it represents authentication 1347 1.1 christos * failure. 1348 1.1 christos */ 1349 1.1 christos static void 1350 1.1.1.4 christos eap_protrej(int unit) 1351 1.1 christos { 1352 1.1 christos eap_state *esp = &eap_states[unit]; 1353 1.1 christos 1354 1.1 christos if (eap_client_active(esp)) { 1355 1.1 christos error("EAP authentication failed due to Protocol-Reject"); 1356 1.1 christos auth_withpeer_fail(unit, PPP_EAP); 1357 1.1 christos } 1358 1.1 christos if (eap_server_active(esp)) { 1359 1.1 christos error("EAP authentication of peer failed on Protocol-Reject"); 1360 1.1 christos auth_peer_fail(unit, PPP_EAP); 1361 1.1 christos } 1362 1.1 christos eap_lowerdown(unit); 1363 1.1 christos } 1364 1.1 christos 1365 1.1 christos /* 1366 1.1 christos * Format and send a regular EAP Response message. 1367 1.1 christos */ 1368 1.1 christos static void 1369 1.1.1.4 christos eap_send_response(eap_state *esp, u_char id, u_char typenum, 1370 1.1.1.4 christos u_char *str, int lenstr) 1371 1.1 christos { 1372 1.1 christos u_char *outp; 1373 1.1 christos int msglen; 1374 1.1 christos 1375 1.1 christos outp = outpacket_buf; 1376 1.1 christos 1377 1.1 christos MAKEHEADER(outp, PPP_EAP); 1378 1.1 christos 1379 1.1 christos PUTCHAR(EAP_RESPONSE, outp); 1380 1.1 christos PUTCHAR(id, outp); 1381 1.1 christos esp->es_client.ea_id = id; 1382 1.1 christos msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr; 1383 1.1 christos PUTSHORT(msglen, outp); 1384 1.1 christos PUTCHAR(typenum, outp); 1385 1.1 christos if (lenstr > 0) { 1386 1.1 christos BCOPY(str, outp, lenstr); 1387 1.1 christos } 1388 1.1 christos 1389 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1390 1.1 christos } 1391 1.1 christos 1392 1.1 christos /* 1393 1.1 christos * Format and send an MD5-Challenge EAP Response message. 1394 1.1 christos */ 1395 1.1 christos static void 1396 1.1.1.4 christos eap_chap_response(eap_state *esp, u_char id, u_char *hash, 1397 1.1.1.4 christos char *name, int namelen) 1398 1.1 christos { 1399 1.1 christos u_char *outp; 1400 1.1 christos int msglen; 1401 1.1 christos 1402 1.1 christos outp = outpacket_buf; 1403 1.1 christos 1404 1.1 christos MAKEHEADER(outp, PPP_EAP); 1405 1.1 christos 1406 1.1 christos PUTCHAR(EAP_RESPONSE, outp); 1407 1.1 christos PUTCHAR(id, outp); 1408 1.1 christos esp->es_client.ea_id = id; 1409 1.1 christos msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE + 1410 1.1 christos namelen; 1411 1.1 christos PUTSHORT(msglen, outp); 1412 1.1 christos PUTCHAR(EAPT_MD5CHAP, outp); 1413 1.1 christos PUTCHAR(MD5_SIGNATURE_SIZE, outp); 1414 1.1 christos BCOPY(hash, outp, MD5_SIGNATURE_SIZE); 1415 1.1 christos INCPTR(MD5_SIGNATURE_SIZE, outp); 1416 1.1 christos if (namelen > 0) { 1417 1.1 christos BCOPY(name, outp, namelen); 1418 1.1 christos } 1419 1.1 christos 1420 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1421 1.1 christos } 1422 1.1 christos 1423 1.1 christos #ifdef USE_SRP 1424 1.1 christos /* 1425 1.1 christos * Format and send a SRP EAP Response message. 1426 1.1 christos */ 1427 1.1 christos static void 1428 1.1.1.4 christos eap_srp_response(eap_state *esp, u_char id, u_char subtypenum, 1429 1.1.1.4 christos u_char *str, int lenstr) 1430 1.1 christos { 1431 1.1 christos u_char *outp; 1432 1.1 christos int msglen; 1433 1.1 christos 1434 1.1 christos outp = outpacket_buf; 1435 1.1 christos 1436 1.1 christos MAKEHEADER(outp, PPP_EAP); 1437 1.1 christos 1438 1.1 christos PUTCHAR(EAP_RESPONSE, outp); 1439 1.1 christos PUTCHAR(id, outp); 1440 1.1 christos esp->es_client.ea_id = id; 1441 1.1 christos msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr; 1442 1.1 christos PUTSHORT(msglen, outp); 1443 1.1 christos PUTCHAR(EAPT_SRP, outp); 1444 1.1 christos PUTCHAR(subtypenum, outp); 1445 1.1 christos if (lenstr > 0) { 1446 1.1 christos BCOPY(str, outp, lenstr); 1447 1.1 christos } 1448 1.1 christos 1449 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1450 1.1 christos } 1451 1.1 christos 1452 1.1 christos /* 1453 1.1 christos * Format and send a SRP EAP Client Validator Response message. 1454 1.1 christos */ 1455 1.1 christos static void 1456 1.1.1.4 christos eap_srpval_response(eap_state *esp, u_char id, u_int32_t flags, u_char *str) 1457 1.1 christos { 1458 1.1 christos u_char *outp; 1459 1.1 christos int msglen; 1460 1.1 christos 1461 1.1 christos outp = outpacket_buf; 1462 1.1 christos 1463 1.1 christos MAKEHEADER(outp, PPP_EAP); 1464 1.1 christos 1465 1.1 christos PUTCHAR(EAP_RESPONSE, outp); 1466 1.1 christos PUTCHAR(id, outp); 1467 1.1 christos esp->es_client.ea_id = id; 1468 1.1 christos msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u_int32_t) + 1469 1.1 christos SHA_DIGESTSIZE; 1470 1.1 christos PUTSHORT(msglen, outp); 1471 1.1 christos PUTCHAR(EAPT_SRP, outp); 1472 1.1 christos PUTCHAR(EAPSRP_CVALIDATOR, outp); 1473 1.1 christos PUTLONG(flags, outp); 1474 1.1 christos BCOPY(str, outp, SHA_DIGESTSIZE); 1475 1.1 christos 1476 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1477 1.1 christos } 1478 1.1 christos #endif /* USE_SRP */ 1479 1.1 christos 1480 1.1.1.4 christos #ifdef USE_EAPTLS 1481 1.1.1.4 christos /* 1482 1.1.1.4 christos * Send an EAP-TLS response message with tls data 1483 1.1.1.4 christos */ 1484 1.1.1.4 christos static void 1485 1.1.1.4 christos eap_tls_response(eap_state *esp, u_char id) 1486 1.1.1.4 christos { 1487 1.1.1.4 christos u_char *outp; 1488 1.1.1.4 christos int outlen; 1489 1.1.1.4 christos u_char *lenloc; 1490 1.1.1.4 christos 1491 1.1.1.4 christos outp = outpacket_buf; 1492 1.1.1.4 christos 1493 1.1.1.4 christos MAKEHEADER(outp, PPP_EAP); 1494 1.1.1.4 christos 1495 1.1.1.4 christos PUTCHAR(EAP_RESPONSE, outp); 1496 1.1.1.4 christos PUTCHAR(id, outp); 1497 1.1.1.4 christos 1498 1.1.1.4 christos lenloc = outp; 1499 1.1.1.4 christos INCPTR(2, outp); 1500 1.1.1.4 christos 1501 1.1.1.4 christos /* 1502 1.1.1.4 christos If the id in the request is unchanged, we must retransmit 1503 1.1.1.4 christos the old data 1504 1.1.1.4 christos */ 1505 1.1.1.4 christos if(id == esp->es_client.ea_id) 1506 1.1.1.4 christos eaptls_retransmit(esp->es_client.ea_session, &outp); 1507 1.1.1.4 christos else 1508 1.1.1.4 christos eaptls_send(esp->es_client.ea_session, &outp); 1509 1.1.1.4 christos 1510 1.1.1.4 christos outlen = (outp - outpacket_buf) - PPP_HDRLEN; 1511 1.1.1.4 christos PUTSHORT(outlen, lenloc); 1512 1.1.1.4 christos 1513 1.1.1.4 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen); 1514 1.1.1.4 christos 1515 1.1.1.4 christos esp->es_client.ea_id = id; 1516 1.1.1.4 christos } 1517 1.1.1.4 christos 1518 1.1.1.4 christos /* 1519 1.1.1.4 christos * Send an EAP-TLS ack 1520 1.1.1.4 christos */ 1521 1.1.1.4 christos static void 1522 1.1.1.4 christos eap_tls_sendack(eap_state *esp, u_char id) 1523 1.1.1.4 christos { 1524 1.1.1.4 christos u_char *outp; 1525 1.1.1.4 christos int outlen; 1526 1.1.1.4 christos u_char *lenloc; 1527 1.1.1.4 christos 1528 1.1.1.4 christos outp = outpacket_buf; 1529 1.1.1.4 christos 1530 1.1.1.4 christos MAKEHEADER(outp, PPP_EAP); 1531 1.1.1.4 christos 1532 1.1.1.4 christos PUTCHAR(EAP_RESPONSE, outp); 1533 1.1.1.4 christos PUTCHAR(id, outp); 1534 1.1.1.4 christos esp->es_client.ea_id = id; 1535 1.1.1.4 christos 1536 1.1.1.4 christos lenloc = outp; 1537 1.1.1.4 christos INCPTR(2, outp); 1538 1.1.1.4 christos 1539 1.1.1.4 christos PUTCHAR(EAPT_TLS, outp); 1540 1.1.1.4 christos PUTCHAR(0, outp); 1541 1.1.1.4 christos 1542 1.1.1.4 christos outlen = (outp - outpacket_buf) - PPP_HDRLEN; 1543 1.1.1.4 christos PUTSHORT(outlen, lenloc); 1544 1.1.1.4 christos 1545 1.1.1.4 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen); 1546 1.1.1.4 christos } 1547 1.1.1.4 christos #endif /* USE_EAPTLS */ 1548 1.1.1.4 christos 1549 1.1 christos static void 1550 1.1.1.4 christos eap_send_nak(eap_state *esp, u_char id, u_char type) 1551 1.1 christos { 1552 1.1 christos u_char *outp; 1553 1.1 christos int msglen; 1554 1.1 christos 1555 1.1 christos outp = outpacket_buf; 1556 1.1 christos 1557 1.1 christos MAKEHEADER(outp, PPP_EAP); 1558 1.1 christos 1559 1.1 christos PUTCHAR(EAP_RESPONSE, outp); 1560 1.1 christos PUTCHAR(id, outp); 1561 1.1 christos esp->es_client.ea_id = id; 1562 1.1 christos msglen = EAP_HEADERLEN + 2 * sizeof (u_char); 1563 1.1 christos PUTSHORT(msglen, outp); 1564 1.1 christos PUTCHAR(EAPT_NAK, outp); 1565 1.1 christos PUTCHAR(type, outp); 1566 1.1 christos 1567 1.1 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1568 1.1 christos } 1569 1.1 christos 1570 1.1 christos #ifdef USE_SRP 1571 1.1 christos static char * 1572 1.1.1.4 christos name_of_pn_file(void) 1573 1.1 christos { 1574 1.1 christos char *user, *path, *file; 1575 1.1 christos struct passwd *pw; 1576 1.1 christos size_t pl; 1577 1.1 christos static bool pnlogged = 0; 1578 1.1 christos 1579 1.1 christos pw = getpwuid(getuid()); 1580 1.1 christos if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) { 1581 1.1 christos errno = EINVAL; 1582 1.1 christos return (NULL); 1583 1.1 christos } 1584 1.1 christos file = _PATH_PSEUDONYM; 1585 1.1 christos pl = strlen(user) + strlen(file) + 2; 1586 1.1 christos path = malloc(pl); 1587 1.1 christos if (path == NULL) 1588 1.1 christos return (NULL); 1589 1.1 christos (void) slprintf(path, pl, "%s/%s", user, file); 1590 1.1 christos if (!pnlogged) { 1591 1.1 christos dbglog("pseudonym file: %s", path); 1592 1.1 christos pnlogged = 1; 1593 1.1 christos } 1594 1.1 christos return (path); 1595 1.1 christos } 1596 1.1 christos 1597 1.1 christos static int 1598 1.1.1.4 christos open_pn_file(mode_t modebits) 1599 1.1 christos { 1600 1.1 christos char *path; 1601 1.1 christos int fd, err; 1602 1.1 christos 1603 1.1 christos if ((path = name_of_pn_file()) == NULL) 1604 1.1 christos return (-1); 1605 1.1 christos fd = open(path, modebits, S_IRUSR | S_IWUSR); 1606 1.1 christos err = errno; 1607 1.1 christos free(path); 1608 1.1 christos errno = err; 1609 1.1 christos return (fd); 1610 1.1 christos } 1611 1.1 christos 1612 1.1 christos static void 1613 1.1.1.4 christos remove_pn_file(void) 1614 1.1 christos { 1615 1.1 christos char *path; 1616 1.1 christos 1617 1.1 christos if ((path = name_of_pn_file()) != NULL) { 1618 1.1 christos (void) unlink(path); 1619 1.1 christos (void) free(path); 1620 1.1 christos } 1621 1.1 christos } 1622 1.1 christos 1623 1.1 christos static void 1624 1.1.1.4 christos write_pseudonym(eap_state *esp, u_char *inp, int len, int id) 1625 1.1 christos { 1626 1.1 christos u_char val; 1627 1.1 christos u_char *datp, *digp; 1628 1.1 christos SHA1_CTX ctxt; 1629 1.1 christos u_char dig[SHA_DIGESTSIZE]; 1630 1.1 christos int dsize, fd, olen = len; 1631 1.1 christos 1632 1.1 christos /* 1633 1.1 christos * Do the decoding by working backwards. This eliminates the need 1634 1.1 christos * to save the decoded output in a separate buffer. 1635 1.1 christos */ 1636 1.1 christos val = id; 1637 1.1 christos while (len > 0) { 1638 1.1 christos if ((dsize = len % SHA_DIGESTSIZE) == 0) 1639 1.1 christos dsize = SHA_DIGESTSIZE; 1640 1.1 christos len -= dsize; 1641 1.1 christos datp = inp + len; 1642 1.1 christos SHA1Init(&ctxt); 1643 1.1 christos SHA1Update(&ctxt, &val, 1); 1644 1.1 christos SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN); 1645 1.1 christos if (len > 0) { 1646 1.1 christos SHA1Update(&ctxt, datp, SHA_DIGESTSIZE); 1647 1.1 christos } else { 1648 1.1 christos SHA1Update(&ctxt, esp->es_client.ea_name, 1649 1.1 christos esp->es_client.ea_namelen); 1650 1.1 christos } 1651 1.1 christos SHA1Final(dig, &ctxt); 1652 1.1 christos for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++) 1653 1.1 christos *datp++ ^= *digp; 1654 1.1 christos } 1655 1.1 christos 1656 1.1 christos /* Now check that the result is sane */ 1657 1.1 christos if (olen <= 0 || *inp + 1 > olen) { 1658 1.1 christos dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp); 1659 1.1 christos return; 1660 1.1 christos } 1661 1.1 christos 1662 1.1 christos /* Save it away */ 1663 1.1 christos fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC); 1664 1.1 christos if (fd < 0) { 1665 1.1 christos dbglog("EAP: error saving pseudonym: %m"); 1666 1.1 christos return; 1667 1.1 christos } 1668 1.1 christos len = write(fd, inp + 1, *inp); 1669 1.1 christos if (close(fd) != -1 && len == *inp) { 1670 1.1 christos dbglog("EAP: saved pseudonym"); 1671 1.1 christos esp->es_usedpseudo = 0; 1672 1.1 christos } else { 1673 1.1 christos dbglog("EAP: failed to save pseudonym"); 1674 1.1 christos remove_pn_file(); 1675 1.1 christos } 1676 1.1 christos } 1677 1.1 christos #endif /* USE_SRP */ 1678 1.1 christos 1679 1.1.1.4 christos #if CHAPMS 1680 1.1.1.4 christos /* 1681 1.1.1.4 christos * Format and send an CHAPV2-Challenge EAP Response message. 1682 1.1.1.4 christos */ 1683 1.1.1.4 christos static void 1684 1.1.1.4 christos eap_chapv2_response(eap_state *esp, u_char id, u_char chapid, u_char *response, char *user, int user_len) 1685 1.1.1.4 christos { 1686 1.1.1.4 christos u_char *outp; 1687 1.1.1.4 christos int msglen; 1688 1.1.1.4 christos 1689 1.1.1.4 christos outp = outpacket_buf; 1690 1.1.1.4 christos 1691 1.1.1.4 christos MAKEHEADER(outp, PPP_EAP); 1692 1.1.1.4 christos 1693 1.1.1.4 christos PUTCHAR(EAP_RESPONSE, outp); 1694 1.1.1.4 christos PUTCHAR(id, outp); 1695 1.1.1.4 christos esp->es_client.ea_id = id; 1696 1.1.1.4 christos msglen = EAP_HEADERLEN + 6 * sizeof (u_char) + MS_CHAP2_RESPONSE_LEN + user_len; 1697 1.1.1.4 christos PUTSHORT(msglen, outp); 1698 1.1.1.4 christos PUTCHAR(EAPT_MSCHAPV2, outp); 1699 1.1.1.4 christos PUTCHAR(CHAP_RESPONSE, outp); 1700 1.1.1.4 christos PUTCHAR(chapid, outp); 1701 1.1.1.4 christos PUTCHAR(0, outp); 1702 1.1.1.4 christos /* len */ 1703 1.1.1.4 christos PUTCHAR(5 + user_len + MS_CHAP2_RESPONSE_LEN, outp); 1704 1.1.1.4 christos BCOPY(response, outp, MS_CHAP2_RESPONSE_LEN+1); // VLEN + VALUE 1705 1.1.1.4 christos INCPTR(MS_CHAP2_RESPONSE_LEN+1, outp); 1706 1.1.1.4 christos BCOPY(user, outp, user_len); 1707 1.1.1.4 christos 1708 1.1.1.4 christos output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); 1709 1.1.1.4 christos } 1710 1.1.1.4 christos #endif 1711 1.1.1.4 christos 1712 1.1 christos /* 1713 1.1 christos * eap_request - Receive EAP Request message (client mode). 1714 1.1 christos */ 1715 1.1 christos static void 1716 1.1.1.4 christos eap_request(eap_state *esp, u_char *inp, int id, int len) 1717 1.1 christos { 1718 1.1 christos u_char typenum; 1719 1.1 christos u_char vallen; 1720 1.1 christos int secret_len; 1721 1.1 christos char secret[MAXWORDLEN]; 1722 1.1 christos char rhostname[256]; 1723 1.1 christos MD5_CTX mdContext; 1724 1.1 christos u_char hash[MD5_SIGNATURE_SIZE]; 1725 1.1.1.4 christos #ifdef USE_EAPTLS 1726 1.1.1.4 christos u_char flags; 1727 1.1.1.4 christos struct eaptls_session *ets = esp->es_client.ea_session; 1728 1.1.1.4 christos #endif /* USE_EAPTLS */ 1729 1.1.1.4 christos 1730 1.1 christos #ifdef USE_SRP 1731 1.1 christos struct t_client *tc; 1732 1.1 christos struct t_num sval, gval, Nval, *Ap, Bval; 1733 1.1 christos u_char vals[2]; 1734 1.1 christos SHA1_CTX ctxt; 1735 1.1 christos u_char dig[SHA_DIGESTSIZE]; 1736 1.1 christos int fd; 1737 1.1 christos #endif /* USE_SRP */ 1738 1.1 christos 1739 1.1 christos /* 1740 1.1.1.4 christos * Ignore requests if we're not open 1741 1.1.1.4 christos */ 1742 1.1.1.4 christos if (esp->es_client.ea_state <= eapClosed) 1743 1.1.1.4 christos return; 1744 1.1.1.4 christos 1745 1.1.1.4 christos /* 1746 1.1 christos * Note: we update es_client.ea_id *only if* a Response 1747 1.1 christos * message is being generated. Otherwise, we leave it the 1748 1.1 christos * same for duplicate detection purposes. 1749 1.1 christos */ 1750 1.1 christos 1751 1.1 christos esp->es_client.ea_requests++; 1752 1.1 christos if (esp->es_client.ea_maxrequests != 0 && 1753 1.1 christos esp->es_client.ea_requests > esp->es_client.ea_maxrequests) { 1754 1.1 christos info("EAP: received too many Request messages"); 1755 1.1 christos if (esp->es_client.ea_timeout > 0) { 1756 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 1757 1.1 christos } 1758 1.1 christos auth_withpeer_fail(esp->es_unit, PPP_EAP); 1759 1.1 christos return; 1760 1.1 christos } 1761 1.1 christos 1762 1.1 christos if (len <= 0) { 1763 1.1 christos error("EAP: empty Request message discarded"); 1764 1.1 christos return; 1765 1.1 christos } 1766 1.1 christos 1767 1.1 christos GETCHAR(typenum, inp); 1768 1.1 christos len--; 1769 1.1 christos 1770 1.1 christos switch (typenum) { 1771 1.1 christos case EAPT_IDENTITY: 1772 1.1 christos if (len > 0) 1773 1.1 christos info("EAP: Identity prompt \"%.*q\"", len, inp); 1774 1.1 christos #ifdef USE_SRP 1775 1.1 christos if (esp->es_usepseudo && 1776 1.1 christos (esp->es_usedpseudo == 0 || 1777 1.1 christos (esp->es_usedpseudo == 1 && 1778 1.1 christos id == esp->es_client.ea_id))) { 1779 1.1 christos esp->es_usedpseudo = 1; 1780 1.1 christos /* Try to get a pseudonym */ 1781 1.1 christos if ((fd = open_pn_file(O_RDONLY)) >= 0) { 1782 1.1 christos strcpy(rhostname, SRP_PSEUDO_ID); 1783 1.1 christos len = read(fd, rhostname + SRP_PSEUDO_LEN, 1784 1.1 christos sizeof (rhostname) - SRP_PSEUDO_LEN); 1785 1.1 christos /* XXX NAI unsupported */ 1786 1.1 christos if (len > 0) { 1787 1.1 christos eap_send_response(esp, id, typenum, 1788 1.1 christos rhostname, len + SRP_PSEUDO_LEN); 1789 1.1 christos } 1790 1.1 christos (void) close(fd); 1791 1.1 christos if (len > 0) 1792 1.1 christos break; 1793 1.1 christos } 1794 1.1 christos } 1795 1.1 christos /* Stop using pseudonym now. */ 1796 1.1 christos if (esp->es_usepseudo && esp->es_usedpseudo != 2) { 1797 1.1 christos remove_pn_file(); 1798 1.1 christos esp->es_usedpseudo = 2; 1799 1.1 christos } 1800 1.1 christos #endif /* USE_SRP */ 1801 1.1.1.4 christos eap_send_response(esp, id, typenum, (u_char *)esp->es_client.ea_name, 1802 1.1 christos esp->es_client.ea_namelen); 1803 1.1 christos break; 1804 1.1 christos 1805 1.1 christos case EAPT_NOTIFICATION: 1806 1.1 christos if (len > 0) 1807 1.1 christos info("EAP: Notification \"%.*q\"", len, inp); 1808 1.1 christos eap_send_response(esp, id, typenum, NULL, 0); 1809 1.1 christos break; 1810 1.1 christos 1811 1.1 christos case EAPT_NAK: 1812 1.1 christos /* 1813 1.1 christos * Avoid the temptation to send Response Nak in reply 1814 1.1 christos * to Request Nak here. It can only lead to trouble. 1815 1.1 christos */ 1816 1.1 christos warn("EAP: unexpected Nak in Request; ignored"); 1817 1.1 christos /* Return because we're waiting for something real. */ 1818 1.1 christos return; 1819 1.1 christos 1820 1.1 christos case EAPT_MD5CHAP: 1821 1.1 christos if (len < 1) { 1822 1.1 christos error("EAP: received MD5-Challenge with no data"); 1823 1.1 christos /* Bogus request; wait for something real. */ 1824 1.1 christos return; 1825 1.1 christos } 1826 1.1 christos GETCHAR(vallen, inp); 1827 1.1 christos len--; 1828 1.1 christos if (vallen < 8 || vallen > len) { 1829 1.1 christos error("EAP: MD5-Challenge with bad length %d (8..%d)", 1830 1.1 christos vallen, len); 1831 1.1 christos /* Try something better. */ 1832 1.1 christos eap_send_nak(esp, id, EAPT_SRP); 1833 1.1 christos break; 1834 1.1 christos } 1835 1.1 christos 1836 1.1 christos /* Not so likely to happen. */ 1837 1.1.1.4 christos if (len - vallen >= sizeof (rhostname)) { 1838 1.1 christos dbglog("EAP: trimming really long peer name down"); 1839 1.1 christos BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); 1840 1.1 christos rhostname[sizeof (rhostname) - 1] = '\0'; 1841 1.1 christos } else { 1842 1.1 christos BCOPY(inp + vallen, rhostname, len - vallen); 1843 1.1 christos rhostname[len - vallen] = '\0'; 1844 1.1 christos } 1845 1.1 christos 1846 1.1 christos /* In case the remote doesn't give us his name. */ 1847 1.1 christos if (explicit_remote || 1848 1.1 christos (remote_name[0] != '\0' && vallen == len)) 1849 1.1 christos strlcpy(rhostname, remote_name, sizeof (rhostname)); 1850 1.1 christos 1851 1.1 christos /* 1852 1.1 christos * Get the secret for authenticating ourselves with 1853 1.1 christos * the specified host. 1854 1.1 christos */ 1855 1.1 christos if (!get_secret(esp->es_unit, esp->es_client.ea_name, 1856 1.1 christos rhostname, secret, &secret_len, 0)) { 1857 1.1 christos dbglog("EAP: no MD5 secret for auth to %q", rhostname); 1858 1.1 christos eap_send_nak(esp, id, EAPT_SRP); 1859 1.1 christos break; 1860 1.1 christos } 1861 1.1 christos MD5_Init(&mdContext); 1862 1.1 christos typenum = id; 1863 1.1 christos MD5_Update(&mdContext, &typenum, 1); 1864 1.1 christos MD5_Update(&mdContext, (u_char *)secret, secret_len); 1865 1.1 christos BZERO(secret, sizeof (secret)); 1866 1.1 christos MD5_Update(&mdContext, inp, vallen); 1867 1.1 christos MD5_Final(hash, &mdContext); 1868 1.1 christos eap_chap_response(esp, id, hash, esp->es_client.ea_name, 1869 1.1 christos esp->es_client.ea_namelen); 1870 1.1 christos break; 1871 1.1 christos 1872 1.1.1.4 christos #ifdef USE_EAPTLS 1873 1.1.1.4 christos case EAPT_TLS: 1874 1.1.1.4 christos 1875 1.1.1.4 christos switch(esp->es_client.ea_state) { 1876 1.1.1.4 christos 1877 1.1.1.4 christos case eapListen: 1878 1.1.1.4 christos 1879 1.1.1.4 christos if (len < 1) { 1880 1.1.1.4 christos error("EAP: received EAP-TLS Listen packet with no data"); 1881 1.1.1.4 christos /* Bogus request; wait for something real. */ 1882 1.1.1.4 christos return; 1883 1.1.1.4 christos } 1884 1.1.1.4 christos GETCHAR(flags, inp); 1885 1.1.1.4 christos if(flags & EAP_TLS_FLAGS_START){ 1886 1.1.1.4 christos 1887 1.1.1.4 christos esp->es_client.ea_using_eaptls = 1; 1888 1.1.1.4 christos 1889 1.1.1.4 christos if (explicit_remote){ 1890 1.1.1.4 christos esp->es_client.ea_peer = strdup(remote_name); 1891 1.1.1.4 christos esp->es_client.ea_peerlen = strlen(remote_name); 1892 1.1.1.4 christos } else 1893 1.1.1.4 christos esp->es_client.ea_peer = NULL; 1894 1.1.1.4 christos 1895 1.1.1.4 christos /* Init ssl session */ 1896 1.1.1.4 christos if(!eaptls_init_ssl_client(esp)) { 1897 1.1.1.4 christos dbglog("cannot init ssl"); 1898 1.1.1.4 christos eap_send_nak(esp, id, EAPT_MSCHAPV2); 1899 1.1.1.4 christos esp->es_client.ea_using_eaptls = 0; 1900 1.1.1.4 christos break; 1901 1.1.1.4 christos } 1902 1.1.1.4 christos 1903 1.1.1.4 christos ets = esp->es_client.ea_session; 1904 1.1.1.4 christos eap_tls_response(esp, id); 1905 1.1.1.4 christos esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : eapTlsRecv); 1906 1.1.1.4 christos break; 1907 1.1.1.4 christos } 1908 1.1.1.4 christos 1909 1.1.1.4 christos /* The server has sent a bad start packet. */ 1910 1.1.1.4 christos eap_send_nak(esp, id, EAPT_MSCHAPV2); 1911 1.1.1.4 christos break; 1912 1.1.1.4 christos 1913 1.1.1.4 christos case eapTlsRecvAck: 1914 1.1.1.4 christos eap_tls_response(esp, id); 1915 1.1.1.4 christos esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : eapTlsRecv); 1916 1.1.1.4 christos break; 1917 1.1.1.4 christos 1918 1.1.1.4 christos case eapTlsRecv: 1919 1.1.1.4 christos if (len < 1) { 1920 1.1.1.4 christos error("EAP: discarding EAP-TLS Receive packet with no data"); 1921 1.1.1.4 christos /* Bogus request; wait for something real. */ 1922 1.1.1.4 christos return; 1923 1.1.1.4 christos } 1924 1.1.1.4 christos eaptls_receive(ets, inp, len); 1925 1.1.1.4 christos 1926 1.1.1.4 christos if(ets->frag) { 1927 1.1.1.4 christos eap_tls_sendack(esp, id); 1928 1.1.1.4 christos esp->es_client.ea_state = eapTlsRecv; 1929 1.1.1.4 christos break; 1930 1.1.1.4 christos } 1931 1.1.1.4 christos 1932 1.1.1.4 christos if(ets->alert_recv) { 1933 1.1.1.4 christos eap_tls_sendack(esp, id); 1934 1.1.1.4 christos esp->es_client.ea_state = eapTlsRecvFailure; 1935 1.1.1.4 christos break; 1936 1.1.1.4 christos } 1937 1.1.1.4 christos 1938 1.1.1.4 christos /* Check if TLS handshake is finished */ 1939 1.1.1.4 christos if(eaptls_is_init_finished(ets)) { 1940 1.1.1.4 christos #ifdef MPPE 1941 1.1.1.4 christos eaptls_gen_mppe_keys(ets, 1); 1942 1.1.1.4 christos #endif 1943 1.1.1.4 christos eaptls_free_session(ets); 1944 1.1.1.4 christos eap_tls_sendack(esp, id); 1945 1.1.1.4 christos esp->es_client.ea_state = eapTlsRecvSuccess; 1946 1.1.1.4 christos break; 1947 1.1.1.4 christos } 1948 1.1.1.4 christos 1949 1.1.1.4 christos eap_tls_response(esp,id); 1950 1.1.1.4 christos esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : eapTlsRecv); 1951 1.1.1.4 christos break; 1952 1.1.1.4 christos 1953 1.1.1.4 christos default: 1954 1.1.1.4 christos eap_send_nak(esp, id, EAPT_MSCHAPV2); 1955 1.1.1.4 christos esp->es_client.ea_using_eaptls = 0; 1956 1.1.1.4 christos break; 1957 1.1.1.4 christos } 1958 1.1.1.4 christos 1959 1.1.1.4 christos break; 1960 1.1.1.4 christos #endif /* USE_EAPTLS */ 1961 1.1.1.4 christos 1962 1.1 christos #ifdef USE_SRP 1963 1.1 christos case EAPT_SRP: 1964 1.1 christos if (len < 1) { 1965 1.1 christos error("EAP: received empty SRP Request"); 1966 1.1 christos /* Bogus request; wait for something real. */ 1967 1.1 christos return; 1968 1.1 christos } 1969 1.1 christos 1970 1.1 christos /* Get subtype */ 1971 1.1 christos GETCHAR(vallen, inp); 1972 1.1 christos len--; 1973 1.1 christos switch (vallen) { 1974 1.1 christos case EAPSRP_CHALLENGE: 1975 1.1 christos tc = NULL; 1976 1.1 christos if (esp->es_client.ea_session != NULL) { 1977 1.1 christos tc = (struct t_client *)esp->es_client. 1978 1.1 christos ea_session; 1979 1.1 christos /* 1980 1.1 christos * If this is a new challenge, then start 1981 1.1 christos * over with a new client session context. 1982 1.1 christos * Otherwise, just resend last response. 1983 1.1 christos */ 1984 1.1 christos if (id != esp->es_client.ea_id) { 1985 1.1 christos t_clientclose(tc); 1986 1.1 christos esp->es_client.ea_session = NULL; 1987 1.1 christos tc = NULL; 1988 1.1 christos } 1989 1.1 christos } 1990 1.1 christos /* No session key just yet */ 1991 1.1 christos esp->es_client.ea_skey = NULL; 1992 1.1 christos if (tc == NULL) { 1993 1.1 christos GETCHAR(vallen, inp); 1994 1.1 christos len--; 1995 1.1 christos if (vallen >= len) { 1996 1.1 christos error("EAP: badly-formed SRP Challenge" 1997 1.1 christos " (name)"); 1998 1.1 christos /* Ignore badly-formed messages */ 1999 1.1 christos return; 2000 1.1 christos } 2001 1.1 christos BCOPY(inp, rhostname, vallen); 2002 1.1 christos rhostname[vallen] = '\0'; 2003 1.1 christos INCPTR(vallen, inp); 2004 1.1 christos len -= vallen; 2005 1.1 christos 2006 1.1 christos /* 2007 1.1 christos * In case the remote doesn't give us his name, 2008 1.1 christos * use configured name. 2009 1.1 christos */ 2010 1.1 christos if (explicit_remote || 2011 1.1 christos (remote_name[0] != '\0' && vallen == 0)) { 2012 1.1 christos strlcpy(rhostname, remote_name, 2013 1.1 christos sizeof (rhostname)); 2014 1.1 christos } 2015 1.1 christos 2016 1.1 christos if (esp->es_client.ea_peer != NULL) 2017 1.1 christos free(esp->es_client.ea_peer); 2018 1.1 christos esp->es_client.ea_peer = strdup(rhostname); 2019 1.1 christos esp->es_client.ea_peerlen = strlen(rhostname); 2020 1.1 christos 2021 1.1 christos GETCHAR(vallen, inp); 2022 1.1 christos len--; 2023 1.1 christos if (vallen >= len) { 2024 1.1 christos error("EAP: badly-formed SRP Challenge" 2025 1.1 christos " (s)"); 2026 1.1 christos /* Ignore badly-formed messages */ 2027 1.1 christos return; 2028 1.1 christos } 2029 1.1 christos sval.data = inp; 2030 1.1 christos sval.len = vallen; 2031 1.1 christos INCPTR(vallen, inp); 2032 1.1 christos len -= vallen; 2033 1.1 christos 2034 1.1 christos GETCHAR(vallen, inp); 2035 1.1 christos len--; 2036 1.1 christos if (vallen > len) { 2037 1.1 christos error("EAP: badly-formed SRP Challenge" 2038 1.1 christos " (g)"); 2039 1.1 christos /* Ignore badly-formed messages */ 2040 1.1 christos return; 2041 1.1 christos } 2042 1.1 christos /* If no generator present, then use value 2 */ 2043 1.1 christos if (vallen == 0) { 2044 1.1 christos gval.data = (u_char *)"\002"; 2045 1.1 christos gval.len = 1; 2046 1.1 christos } else { 2047 1.1 christos gval.data = inp; 2048 1.1 christos gval.len = vallen; 2049 1.1 christos } 2050 1.1 christos INCPTR(vallen, inp); 2051 1.1 christos len -= vallen; 2052 1.1 christos 2053 1.1 christos /* 2054 1.1 christos * If no modulus present, then use well-known 2055 1.1 christos * value. 2056 1.1 christos */ 2057 1.1 christos if (len == 0) { 2058 1.1 christos Nval.data = (u_char *)wkmodulus; 2059 1.1 christos Nval.len = sizeof (wkmodulus); 2060 1.1 christos } else { 2061 1.1 christos Nval.data = inp; 2062 1.1 christos Nval.len = len; 2063 1.1 christos } 2064 1.1 christos tc = t_clientopen(esp->es_client.ea_name, 2065 1.1 christos &Nval, &gval, &sval); 2066 1.1 christos if (tc == NULL) { 2067 1.1 christos eap_send_nak(esp, id, EAPT_MD5CHAP); 2068 1.1 christos break; 2069 1.1 christos } 2070 1.1 christos esp->es_client.ea_session = (void *)tc; 2071 1.1 christos 2072 1.1 christos /* Add Challenge ID & type to verifier */ 2073 1.1 christos vals[0] = id; 2074 1.1 christos vals[1] = EAPT_SRP; 2075 1.1 christos t_clientaddexdata(tc, vals, 2); 2076 1.1 christos } 2077 1.1 christos Ap = t_clientgenexp(tc); 2078 1.1 christos eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data, 2079 1.1 christos Ap->len); 2080 1.1 christos break; 2081 1.1 christos 2082 1.1 christos case EAPSRP_SKEY: 2083 1.1 christos tc = (struct t_client *)esp->es_client.ea_session; 2084 1.1 christos if (tc == NULL) { 2085 1.1 christos warn("EAP: peer sent Subtype 2 without 1"); 2086 1.1 christos eap_send_nak(esp, id, EAPT_MD5CHAP); 2087 1.1 christos break; 2088 1.1 christos } 2089 1.1 christos if (esp->es_client.ea_skey != NULL) { 2090 1.1 christos /* 2091 1.1 christos * ID number should not change here. Warn 2092 1.1 christos * if it does (but otherwise ignore). 2093 1.1 christos */ 2094 1.1 christos if (id != esp->es_client.ea_id) { 2095 1.1 christos warn("EAP: ID changed from %d to %d " 2096 1.1 christos "in SRP Subtype 2 rexmit", 2097 1.1 christos esp->es_client.ea_id, id); 2098 1.1 christos } 2099 1.1 christos } else { 2100 1.1 christos if (get_srp_secret(esp->es_unit, 2101 1.1 christos esp->es_client.ea_name, 2102 1.1 christos esp->es_client.ea_peer, secret, 0) == 0) { 2103 1.1 christos /* 2104 1.1 christos * Can't work with this peer because 2105 1.1 christos * the secret is missing. Just give 2106 1.1 christos * up. 2107 1.1 christos */ 2108 1.1 christos eap_send_nak(esp, id, EAPT_MD5CHAP); 2109 1.1 christos break; 2110 1.1 christos } 2111 1.1 christos Bval.data = inp; 2112 1.1 christos Bval.len = len; 2113 1.1 christos t_clientpasswd(tc, secret); 2114 1.1 christos BZERO(secret, sizeof (secret)); 2115 1.1 christos esp->es_client.ea_skey = 2116 1.1 christos t_clientgetkey(tc, &Bval); 2117 1.1 christos if (esp->es_client.ea_skey == NULL) { 2118 1.1 christos /* Server is rogue; stop now */ 2119 1.1 christos error("EAP: SRP server is rogue"); 2120 1.1 christos goto client_failure; 2121 1.1 christos } 2122 1.1 christos } 2123 1.1 christos eap_srpval_response(esp, id, SRPVAL_EBIT, 2124 1.1 christos t_clientresponse(tc)); 2125 1.1 christos break; 2126 1.1 christos 2127 1.1 christos case EAPSRP_SVALIDATOR: 2128 1.1 christos tc = (struct t_client *)esp->es_client.ea_session; 2129 1.1 christos if (tc == NULL || esp->es_client.ea_skey == NULL) { 2130 1.1 christos warn("EAP: peer sent Subtype 3 without 1/2"); 2131 1.1 christos eap_send_nak(esp, id, EAPT_MD5CHAP); 2132 1.1 christos break; 2133 1.1 christos } 2134 1.1 christos /* 2135 1.1 christos * If we're already open, then this ought to be a 2136 1.1 christos * duplicate. Otherwise, check that the server is 2137 1.1 christos * who we think it is. 2138 1.1 christos */ 2139 1.1 christos if (esp->es_client.ea_state == eapOpen) { 2140 1.1 christos if (id != esp->es_client.ea_id) { 2141 1.1 christos warn("EAP: ID changed from %d to %d " 2142 1.1 christos "in SRP Subtype 3 rexmit", 2143 1.1 christos esp->es_client.ea_id, id); 2144 1.1 christos } 2145 1.1 christos } else { 2146 1.1 christos len -= sizeof (u_int32_t) + SHA_DIGESTSIZE; 2147 1.1 christos if (len < 0 || t_clientverify(tc, inp + 2148 1.1 christos sizeof (u_int32_t)) != 0) { 2149 1.1 christos error("EAP: SRP server verification " 2150 1.1 christos "failed"); 2151 1.1 christos goto client_failure; 2152 1.1 christos } 2153 1.1 christos GETLONG(esp->es_client.ea_keyflags, inp); 2154 1.1 christos /* Save pseudonym if user wants it. */ 2155 1.1 christos if (len > 0 && esp->es_usepseudo) { 2156 1.1 christos INCPTR(SHA_DIGESTSIZE, inp); 2157 1.1 christos write_pseudonym(esp, inp, len, id); 2158 1.1 christos } 2159 1.1 christos } 2160 1.1 christos /* 2161 1.1 christos * We've verified our peer. We're now mostly done, 2162 1.1 christos * except for waiting on the regular EAP Success 2163 1.1 christos * message. 2164 1.1 christos */ 2165 1.1 christos eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0); 2166 1.1 christos break; 2167 1.1 christos 2168 1.1 christos case EAPSRP_LWRECHALLENGE: 2169 1.1 christos if (len < 4) { 2170 1.1 christos warn("EAP: malformed Lightweight rechallenge"); 2171 1.1 christos return; 2172 1.1 christos } 2173 1.1 christos SHA1Init(&ctxt); 2174 1.1 christos vals[0] = id; 2175 1.1 christos SHA1Update(&ctxt, vals, 1); 2176 1.1 christos SHA1Update(&ctxt, esp->es_client.ea_skey, 2177 1.1 christos SESSION_KEY_LEN); 2178 1.1 christos SHA1Update(&ctxt, inp, len); 2179 1.1 christos SHA1Update(&ctxt, esp->es_client.ea_name, 2180 1.1 christos esp->es_client.ea_namelen); 2181 1.1 christos SHA1Final(dig, &ctxt); 2182 1.1 christos eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, 2183 1.1 christos SHA_DIGESTSIZE); 2184 1.1 christos break; 2185 1.1 christos 2186 1.1 christos default: 2187 1.1 christos error("EAP: unknown SRP Subtype %d", vallen); 2188 1.1 christos eap_send_nak(esp, id, EAPT_MD5CHAP); 2189 1.1 christos break; 2190 1.1 christos } 2191 1.1 christos break; 2192 1.1 christos #endif /* USE_SRP */ 2193 1.1.1.4 christos 2194 1.1.1.4 christos #ifdef CHAPMS 2195 1.1.1.4 christos case EAPT_MSCHAPV2: 2196 1.1.1.4 christos if (len < 4) { 2197 1.1.1.4 christos error("EAP: received invalid MSCHAPv2 packet, too short"); 2198 1.1.1.4 christos return; 2199 1.1.1.4 christos } 2200 1.1.1.4 christos unsigned char opcode; 2201 1.1.1.4 christos GETCHAR(opcode, inp); 2202 1.1.1.4 christos unsigned char chapid; /* Chapv2-ID */ 2203 1.1.1.4 christos GETCHAR(chapid, inp); 2204 1.1.1.4 christos short mssize; 2205 1.1.1.4 christos GETSHORT(mssize, inp); 2206 1.1.1.4 christos 2207 1.1.1.4 christos /* Validate the mssize field */ 2208 1.1.1.4 christos if (len != mssize) { 2209 1.1.1.4 christos error("EAP: received invalid MSCHAPv2 packet, invalid length"); 2210 1.1.1.4 christos return; 2211 1.1.1.4 christos } 2212 1.1.1.4 christos len -= 4; 2213 1.1.1.4 christos 2214 1.1.1.4 christos /* If MSCHAPv2 digest was not found, NAK the packet */ 2215 1.1.1.4 christos if (!esp->es_client.digest) { 2216 1.1.1.4 christos error("EAP MSCHAPv2 not supported"); 2217 1.1.1.4 christos eap_send_nak(esp, id, EAPT_SRP); 2218 1.1.1.4 christos return; 2219 1.1.1.4 christos } 2220 1.1.1.4 christos 2221 1.1.1.4 christos switch (opcode) { 2222 1.1.1.4 christos case CHAP_CHALLENGE: { 2223 1.1.1.4 christos 2224 1.1.1.4 christos /* make_response() expects: VLEN + VALUE */ 2225 1.1.1.4 christos u_char *challenge = inp; 2226 1.1.1.4 christos 2227 1.1.1.4 christos unsigned char vsize; 2228 1.1.1.4 christos GETCHAR(vsize, inp); 2229 1.1.1.4 christos len -= 1; 2230 1.1.1.4 christos 2231 1.1.1.4 christos /* Validate the VALUE field */ 2232 1.1.1.4 christos if (vsize != MS_CHAP2_PEER_CHAL_LEN || len < MS_CHAP2_PEER_CHAL_LEN) { 2233 1.1.1.4 christos error("EAP: received invalid MSCHAPv2 packet, invalid value-length: %d", vsize); 2234 1.1.1.4 christos return; 2235 1.1.1.4 christos } 2236 1.1.1.4 christos 2237 1.1.1.4 christos /* Increment past the VALUE field */ 2238 1.1.1.4 christos INCPTR(MS_CHAP2_PEER_CHAL_LEN, inp); 2239 1.1.1.4 christos len -= MS_CHAP2_PEER_CHAL_LEN; 2240 1.1.1.4 christos 2241 1.1.1.4 christos /* Extract the hostname */ 2242 1.1.1.4 christos rhostname[0] = '\0'; 2243 1.1.1.4 christos if (len > 0) { 2244 1.1.1.4 christos if (len >= sizeof (rhostname)) { 2245 1.1.1.4 christos dbglog("EAP: trimming really long peer name down"); 2246 1.1.1.4 christos len = sizeof(rhostname) - 1; 2247 1.1.1.4 christos } 2248 1.1.1.4 christos BCOPY(inp, rhostname, len); 2249 1.1.1.4 christos rhostname[len] = '\0'; 2250 1.1.1.4 christos } 2251 1.1.1.4 christos 2252 1.1.1.4 christos /* In case the remote doesn't give us his name. */ 2253 1.1.1.4 christos if (explicit_remote || (remote_name[0] != '\0' && len == 0)) 2254 1.1.1.4 christos strlcpy(rhostname, remote_name, sizeof(rhostname)); 2255 1.1.1.4 christos 2256 1.1.1.4 christos /* Get the secret for authenticating ourselves with the specified host. */ 2257 1.1.1.4 christos if (!get_secret(esp->es_unit, esp->es_client.ea_name, 2258 1.1.1.4 christos rhostname, secret, &secret_len, 0)) { 2259 1.1.1.4 christos dbglog("EAP: no CHAP secret for auth to %q", rhostname); 2260 1.1.1.4 christos eap_send_nak(esp, id, EAPT_SRP); 2261 1.1.1.4 christos break; 2262 1.1.1.4 christos } 2263 1.1.1.4 christos 2264 1.1.1.4 christos /* Create the MSCHAPv2 response (and add to cache) */ 2265 1.1.1.4 christos unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE 2266 1.1.1.4 christos esp->es_client.digest->make_response(response, chapid, esp->es_client.ea_name, 2267 1.1.1.4 christos challenge, secret, secret_len, NULL); 2268 1.1.1.4 christos 2269 1.1.1.4 christos eap_chapv2_response(esp, id, chapid, response, esp->es_client.ea_name, esp->es_client.ea_namelen); 2270 1.1.1.4 christos break; 2271 1.1.1.4 christos } 2272 1.1.1.4 christos case CHAP_SUCCESS: { 2273 1.1.1.4 christos 2274 1.1.1.4 christos /* Check response for mutual authentication */ 2275 1.1.1.4 christos u_char status = CHAP_FAILURE; 2276 1.1.1.4 christos if (esp->es_client.digest->check_success(chapid, inp, len) == 1) { 2277 1.1.1.4 christos info("Chap authentication succeeded! %.*v", len, inp); 2278 1.1.1.4 christos status = CHAP_SUCCESS; 2279 1.1.1.4 christos } 2280 1.1.1.4 christos eap_send_response(esp, id, EAPT_MSCHAPV2, &status, sizeof(status)); 2281 1.1.1.4 christos break; 2282 1.1.1.4 christos } 2283 1.1.1.4 christos case CHAP_FAILURE: { 2284 1.1.1.4 christos 2285 1.1.1.4 christos /* Process the failure string, and log appropriate information */ 2286 1.1.1.4 christos esp->es_client.digest->handle_failure(inp, len); 2287 1.1.1.4 christos 2288 1.1.1.4 christos u_char status = CHAP_FAILURE; 2289 1.1.1.4 christos eap_send_response(esp, id, EAPT_MSCHAPV2, &status, sizeof(status)); 2290 1.1.1.4 christos goto client_failure; /* force termination */ 2291 1.1.1.4 christos } 2292 1.1.1.4 christos default: 2293 1.1.1.4 christos 2294 1.1.1.4 christos error("EAP: received invalid MSCHAPv2 packet, invalid or unsupported opcode: %d", opcode); 2295 1.1.1.4 christos eap_send_nak(esp, id, EAPT_SRP); 2296 1.1.1.4 christos } 2297 1.1.1.4 christos 2298 1.1.1.4 christos break; 2299 1.1.1.4 christos #endif /* CHAPMS */ 2300 1.1 christos 2301 1.1 christos default: 2302 1.1 christos info("EAP: unknown authentication type %d; Naking", typenum); 2303 1.1 christos eap_send_nak(esp, id, EAPT_SRP); 2304 1.1 christos break; 2305 1.1 christos } 2306 1.1 christos 2307 1.1 christos if (esp->es_client.ea_timeout > 0) { 2308 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 2309 1.1 christos TIMEOUT(eap_client_timeout, (void *)esp, 2310 1.1 christos esp->es_client.ea_timeout); 2311 1.1 christos } 2312 1.1 christos return; 2313 1.1 christos 2314 1.1 christos client_failure: 2315 1.1 christos esp->es_client.ea_state = eapBadAuth; 2316 1.1 christos if (esp->es_client.ea_timeout > 0) { 2317 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 2318 1.1 christos } 2319 1.1 christos esp->es_client.ea_session = NULL; 2320 1.1.1.4 christos #ifdef USE_SRP 2321 1.1 christos t_clientclose(tc); 2322 1.1 christos auth_withpeer_fail(esp->es_unit, PPP_EAP); 2323 1.1 christos #endif /* USE_SRP */ 2324 1.1 christos } 2325 1.1 christos 2326 1.1 christos /* 2327 1.1 christos * eap_response - Receive EAP Response message (server mode). 2328 1.1 christos */ 2329 1.1 christos static void 2330 1.1.1.4 christos eap_response(eap_state *esp, u_char *inp, int id, int len) 2331 1.1 christos { 2332 1.1 christos u_char typenum; 2333 1.1 christos u_char vallen; 2334 1.1 christos int secret_len; 2335 1.1 christos char secret[MAXSECRETLEN]; 2336 1.1 christos char rhostname[256]; 2337 1.1 christos MD5_CTX mdContext; 2338 1.1 christos u_char hash[MD5_SIGNATURE_SIZE]; 2339 1.1 christos #ifdef USE_SRP 2340 1.1 christos struct t_server *ts; 2341 1.1 christos struct t_num A; 2342 1.1 christos SHA1_CTX ctxt; 2343 1.1 christos u_char dig[SHA_DIGESTSIZE]; 2344 1.1.1.4 christos SHA1_CTX ctxt; 2345 1.1.1.4 christos u_char dig[SHA_DIGESTSIZE]; 2346 1.1 christos #endif /* USE_SRP */ 2347 1.1 christos 2348 1.1.1.4 christos #ifdef USE_EAPTLS 2349 1.1.1.4 christos struct eaptls_session *ets; 2350 1.1.1.4 christos u_char flags; 2351 1.1.1.4 christos #endif /* USE_EAPTLS */ 2352 1.1.1.4 christos #ifdef CHAPMS 2353 1.1.1.4 christos u_char opcode; 2354 1.1.1.4 christos int (*chap_verifier)(char *, char *, int, struct chap_digest_type *, 2355 1.1.1.4 christos unsigned char *, unsigned char *, char *, int); 2356 1.1.1.4 christos char response_message[256]; 2357 1.1.1.4 christos #endif /* CHAPMS */ 2358 1.1.1.4 christos 2359 1.1.1.4 christos /* 2360 1.1.1.4 christos * Ignore responses if we're not open 2361 1.1.1.4 christos */ 2362 1.1.1.4 christos if (esp->es_server.ea_state <= eapClosed) 2363 1.1.1.4 christos return; 2364 1.1.1.4 christos 2365 1.1 christos if (esp->es_server.ea_id != id) { 2366 1.1 christos dbglog("EAP: discarding Response %d; expected ID %d", id, 2367 1.1 christos esp->es_server.ea_id); 2368 1.1 christos return; 2369 1.1 christos } 2370 1.1 christos 2371 1.1 christos esp->es_server.ea_responses++; 2372 1.1 christos 2373 1.1 christos if (len <= 0) { 2374 1.1 christos error("EAP: empty Response message discarded"); 2375 1.1 christos return; 2376 1.1 christos } 2377 1.1 christos 2378 1.1 christos GETCHAR(typenum, inp); 2379 1.1 christos len--; 2380 1.1 christos 2381 1.1 christos switch (typenum) { 2382 1.1 christos case EAPT_IDENTITY: 2383 1.1 christos if (esp->es_server.ea_state != eapIdentify) { 2384 1.1 christos dbglog("EAP discarding unwanted Identify \"%.q\"", len, 2385 1.1 christos inp); 2386 1.1 christos break; 2387 1.1 christos } 2388 1.1 christos info("EAP: unauthenticated peer name \"%.*q\"", len, inp); 2389 1.1 christos if (esp->es_server.ea_peer != NULL && 2390 1.1 christos esp->es_server.ea_peer != remote_name) 2391 1.1 christos free(esp->es_server.ea_peer); 2392 1.1 christos esp->es_server.ea_peer = malloc(len + 1); 2393 1.1 christos if (esp->es_server.ea_peer == NULL) { 2394 1.1 christos esp->es_server.ea_peerlen = 0; 2395 1.1 christos eap_figure_next_state(esp, 1); 2396 1.1 christos break; 2397 1.1 christos } 2398 1.1 christos BCOPY(inp, esp->es_server.ea_peer, len); 2399 1.1 christos esp->es_server.ea_peer[len] = '\0'; 2400 1.1 christos esp->es_server.ea_peerlen = len; 2401 1.1 christos eap_figure_next_state(esp, 0); 2402 1.1 christos break; 2403 1.1 christos 2404 1.1.1.4 christos #ifdef USE_EAPTLS 2405 1.1.1.4 christos case EAPT_TLS: 2406 1.1.1.4 christos switch(esp->es_server.ea_state) { 2407 1.1.1.4 christos 2408 1.1.1.4 christos case eapTlsRecv: 2409 1.1.1.4 christos 2410 1.1.1.4 christos ets = (struct eaptls_session *) esp->es_server.ea_session; 2411 1.1.1.4 christos 2412 1.1.1.4 christos eap_figure_next_state(esp, 2413 1.1.1.4 christos eaptls_receive(esp->es_server.ea_session, inp, len)); 2414 1.1.1.4 christos 2415 1.1.1.4 christos if(ets->alert_recv) { 2416 1.1.1.4 christos eap_send_failure(esp); 2417 1.1.1.4 christos break; 2418 1.1.1.4 christos } 2419 1.1.1.4 christos break; 2420 1.1.1.4 christos 2421 1.1.1.4 christos case eapTlsRecvAck: 2422 1.1.1.4 christos if(len > 1) { 2423 1.1.1.4 christos dbglog("EAP-TLS ACK with extra data"); 2424 1.1.1.4 christos } 2425 1.1.1.4 christos eap_figure_next_state(esp, 0); 2426 1.1.1.4 christos break; 2427 1.1.1.4 christos 2428 1.1.1.4 christos case eapTlsRecvClient: 2429 1.1.1.4 christos /* Receive authentication response from client */ 2430 1.1.1.4 christos if (len > 0) { 2431 1.1.1.4 christos GETCHAR(flags, inp); 2432 1.1.1.4 christos 2433 1.1.1.4 christos if(len == 1 && !flags) { /* Ack = ok */ 2434 1.1.1.4 christos #ifdef MPPE 2435 1.1.1.4 christos eaptls_gen_mppe_keys( esp->es_server.ea_session, 0 ); 2436 1.1.1.4 christos #endif 2437 1.1.1.4 christos eap_send_success(esp); 2438 1.1.1.4 christos } 2439 1.1.1.4 christos else { /* failure */ 2440 1.1.1.4 christos warn("Server authentication failed"); 2441 1.1.1.4 christos eap_send_failure(esp); 2442 1.1.1.4 christos } 2443 1.1.1.4 christos } 2444 1.1.1.4 christos else 2445 1.1.1.4 christos warn("Bogus EAP-TLS packet received from client"); 2446 1.1.1.4 christos 2447 1.1.1.4 christos eaptls_free_session(esp->es_server.ea_session); 2448 1.1.1.4 christos 2449 1.1.1.4 christos break; 2450 1.1.1.4 christos 2451 1.1.1.4 christos case eapTlsRecvAlertAck: 2452 1.1.1.4 christos eap_send_failure(esp); 2453 1.1.1.4 christos break; 2454 1.1.1.4 christos 2455 1.1.1.4 christos default: 2456 1.1.1.4 christos eap_figure_next_state(esp, 1); 2457 1.1.1.4 christos break; 2458 1.1.1.4 christos } 2459 1.1.1.4 christos break; 2460 1.1.1.4 christos #endif /* USE_EAPTLS */ 2461 1.1.1.4 christos 2462 1.1 christos case EAPT_NOTIFICATION: 2463 1.1 christos dbglog("EAP unexpected Notification; response discarded"); 2464 1.1 christos break; 2465 1.1 christos 2466 1.1 christos case EAPT_NAK: 2467 1.1 christos if (len < 1) { 2468 1.1 christos info("EAP: Nak Response with no suggested protocol"); 2469 1.1 christos eap_figure_next_state(esp, 1); 2470 1.1 christos break; 2471 1.1 christos } 2472 1.1 christos 2473 1.1 christos GETCHAR(vallen, inp); 2474 1.1 christos len--; 2475 1.1 christos 2476 1.1 christos if (!explicit_remote && esp->es_server.ea_state == eapIdentify){ 2477 1.1 christos /* Peer cannot Nak Identify Request */ 2478 1.1 christos eap_figure_next_state(esp, 1); 2479 1.1 christos break; 2480 1.1 christos } 2481 1.1 christos 2482 1.1 christos switch (vallen) { 2483 1.1 christos case EAPT_SRP: 2484 1.1 christos /* Run through SRP validator selection again. */ 2485 1.1 christos esp->es_server.ea_state = eapIdentify; 2486 1.1 christos eap_figure_next_state(esp, 0); 2487 1.1 christos break; 2488 1.1 christos 2489 1.1 christos case EAPT_MD5CHAP: 2490 1.1 christos esp->es_server.ea_state = eapMD5Chall; 2491 1.1 christos break; 2492 1.1 christos 2493 1.1.1.4 christos #ifdef USE_EAPTLS 2494 1.1.1.4 christos /* Send EAP-TLS start packet */ 2495 1.1.1.4 christos case EAPT_TLS: 2496 1.1.1.4 christos esp->es_server.ea_state = eapTlsStart; 2497 1.1.1.4 christos break; 2498 1.1.1.4 christos #endif /* USE_EAPTLS */ 2499 1.1.1.4 christos 2500 1.1.1.4 christos #ifdef CHAPMS 2501 1.1.1.4 christos case EAPT_MSCHAPV2: 2502 1.1.1.4 christos info("EAP: peer proposes MSCHAPv2"); 2503 1.1.1.4 christos esp->es_server.ea_state = eapMSCHAPv2Chall; 2504 1.1.1.4 christos break; 2505 1.1.1.4 christos #endif /* CHAPMS */ 2506 1.1.1.4 christos 2507 1.1 christos default: 2508 1.1 christos dbglog("EAP: peer requesting unknown Type %d", vallen); 2509 1.1 christos switch (esp->es_server.ea_state) { 2510 1.1 christos case eapSRP1: 2511 1.1 christos case eapSRP2: 2512 1.1 christos case eapSRP3: 2513 1.1 christos esp->es_server.ea_state = eapMD5Chall; 2514 1.1 christos break; 2515 1.1 christos case eapMD5Chall: 2516 1.1 christos case eapSRP4: 2517 1.1 christos esp->es_server.ea_state = eapIdentify; 2518 1.1 christos eap_figure_next_state(esp, 0); 2519 1.1 christos break; 2520 1.1 christos default: 2521 1.1 christos break; 2522 1.1 christos } 2523 1.1 christos break; 2524 1.1 christos } 2525 1.1 christos break; 2526 1.1 christos 2527 1.1 christos case EAPT_MD5CHAP: 2528 1.1 christos if (esp->es_server.ea_state != eapMD5Chall) { 2529 1.1 christos error("EAP: unexpected MD5-Response"); 2530 1.1 christos eap_figure_next_state(esp, 1); 2531 1.1 christos break; 2532 1.1 christos } 2533 1.1 christos if (len < 1) { 2534 1.1 christos error("EAP: received MD5-Response with no data"); 2535 1.1 christos eap_figure_next_state(esp, 1); 2536 1.1 christos break; 2537 1.1 christos } 2538 1.1 christos GETCHAR(vallen, inp); 2539 1.1 christos len--; 2540 1.1 christos if (vallen != 16 || vallen > len) { 2541 1.1 christos error("EAP: MD5-Response with bad length %d", vallen); 2542 1.1 christos eap_figure_next_state(esp, 1); 2543 1.1 christos break; 2544 1.1 christos } 2545 1.1 christos 2546 1.1 christos /* Not so likely to happen. */ 2547 1.1.1.4 christos if (len - vallen >= sizeof (rhostname)) { 2548 1.1 christos dbglog("EAP: trimming really long peer name down"); 2549 1.1 christos BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); 2550 1.1 christos rhostname[sizeof (rhostname) - 1] = '\0'; 2551 1.1 christos } else { 2552 1.1 christos BCOPY(inp + vallen, rhostname, len - vallen); 2553 1.1 christos rhostname[len - vallen] = '\0'; 2554 1.1 christos } 2555 1.1 christos 2556 1.1 christos /* In case the remote doesn't give us his name. */ 2557 1.1 christos if (explicit_remote || 2558 1.1 christos (remote_name[0] != '\0' && vallen == len)) 2559 1.1 christos strlcpy(rhostname, remote_name, sizeof (rhostname)); 2560 1.1 christos 2561 1.1 christos /* 2562 1.1 christos * Get the secret for authenticating the specified 2563 1.1 christos * host. 2564 1.1 christos */ 2565 1.1 christos if (!get_secret(esp->es_unit, rhostname, 2566 1.1 christos esp->es_server.ea_name, secret, &secret_len, 1)) { 2567 1.1 christos dbglog("EAP: no MD5 secret for auth of %q", rhostname); 2568 1.1 christos eap_send_failure(esp); 2569 1.1 christos break; 2570 1.1 christos } 2571 1.1 christos MD5_Init(&mdContext); 2572 1.1 christos MD5_Update(&mdContext, &esp->es_server.ea_id, 1); 2573 1.1 christos MD5_Update(&mdContext, (u_char *)secret, secret_len); 2574 1.1 christos BZERO(secret, sizeof (secret)); 2575 1.1 christos MD5_Update(&mdContext, esp->es_challenge, esp->es_challen); 2576 1.1 christos MD5_Final(hash, &mdContext); 2577 1.1 christos if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { 2578 1.1 christos eap_send_failure(esp); 2579 1.1 christos break; 2580 1.1 christos } 2581 1.1 christos esp->es_server.ea_type = EAPT_MD5CHAP; 2582 1.1 christos eap_send_success(esp); 2583 1.1 christos eap_figure_next_state(esp, 0); 2584 1.1 christos if (esp->es_rechallenge != 0) 2585 1.1 christos TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); 2586 1.1 christos break; 2587 1.1 christos 2588 1.1.1.4 christos #ifdef CHAPMS 2589 1.1.1.4 christos case EAPT_MSCHAPV2: 2590 1.1.1.4 christos if (len < 1) { 2591 1.1.1.4 christos error("EAP: received MSCHAPv2 with no data"); 2592 1.1.1.4 christos eap_figure_next_state(esp, 1); 2593 1.1.1.4 christos break; 2594 1.1.1.4 christos } 2595 1.1.1.4 christos GETCHAR(opcode, inp); 2596 1.1.1.4 christos len--; 2597 1.1.1.4 christos 2598 1.1.1.4 christos switch (opcode) { 2599 1.1.1.4 christos case CHAP_RESPONSE: 2600 1.1.1.4 christos if (esp->es_server.ea_state != eapMSCHAPv2Chall) { 2601 1.1.1.4 christos error("EAP: unexpected MSCHAPv2-Response"); 2602 1.1.1.4 christos eap_figure_next_state(esp, 1); 2603 1.1.1.4 christos break; 2604 1.1.1.4 christos } 2605 1.1.1.4 christos /* skip MS ID + len */ 2606 1.1.1.4 christos INCPTR(3, inp); 2607 1.1.1.4 christos GETCHAR(vallen, inp); 2608 1.1.1.4 christos len -= 4; 2609 1.1.1.4 christos 2610 1.1.1.4 christos if (vallen != MS_CHAP2_RESPONSE_LEN || vallen > len) { 2611 1.1.1.4 christos error("EAP: Invalid MSCHAPv2-Response " 2612 1.1.1.4 christos "length %d", vallen); 2613 1.1.1.4 christos eap_figure_next_state(esp, 1); 2614 1.1.1.4 christos break; 2615 1.1.1.4 christos } 2616 1.1.1.4 christos 2617 1.1.1.4 christos /* Not so likely to happen. */ 2618 1.1.1.4 christos if (len - vallen >= sizeof (rhostname)) { 2619 1.1.1.4 christos dbglog("EAP: trimming really long peer name down"); 2620 1.1.1.4 christos BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); 2621 1.1.1.4 christos rhostname[sizeof (rhostname) - 1] = '\0'; 2622 1.1.1.4 christos } else { 2623 1.1.1.4 christos BCOPY(inp + vallen, rhostname, len - vallen); 2624 1.1.1.4 christos rhostname[len - vallen] = '\0'; 2625 1.1.1.4 christos } 2626 1.1.1.4 christos 2627 1.1.1.4 christos /* In case the remote doesn't give us his name. */ 2628 1.1.1.4 christos if (explicit_remote || 2629 1.1.1.4 christos (remote_name[0] != '\0' && vallen == len)) 2630 1.1.1.4 christos strlcpy(rhostname, remote_name, sizeof (rhostname)); 2631 1.1.1.4 christos 2632 1.1.1.4 christos if (chap_verify_hook) 2633 1.1.1.4 christos chap_verifier = chap_verify_hook; 2634 1.1.1.4 christos else 2635 1.1.1.4 christos chap_verifier = eap_chap_verify_response; 2636 1.1.1.4 christos 2637 1.1.1.4 christos esp->es_server.ea_id += 1; 2638 1.1.1.4 christos if ((*chap_verifier)(rhostname, 2639 1.1.1.4 christos esp->es_server.ea_name, 2640 1.1.1.4 christos id, 2641 1.1.1.4 christos &eap_chapms2_digest, 2642 1.1.1.4 christos esp->es_challenge, 2643 1.1.1.4 christos inp - 1, 2644 1.1.1.4 christos response_message, 2645 1.1.1.4 christos sizeof(response_message))) 2646 1.1.1.4 christos { 2647 1.1.1.4 christos info("EAP: MSCHAPv2 success for peer %q", 2648 1.1.1.4 christos rhostname); 2649 1.1.1.4 christos esp->es_server.ea_type = EAPT_MSCHAPV2; 2650 1.1.1.4 christos eap_chapms2_send_request(esp, 2651 1.1.1.4 christos esp->es_server.ea_id, 2652 1.1.1.4 christos CHAP_SUCCESS, 2653 1.1.1.4 christos esp->es_server.ea_id, 2654 1.1.1.4 christos response_message, 2655 1.1.1.4 christos strlen(response_message)); 2656 1.1.1.4 christos eap_figure_next_state(esp, 0); 2657 1.1.1.4 christos if (esp->es_rechallenge != 0) 2658 1.1.1.4 christos TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); 2659 1.1.1.4 christos } 2660 1.1.1.4 christos else { 2661 1.1.1.4 christos warn("EAP: MSCHAPv2 failure for peer %q", 2662 1.1.1.4 christos rhostname); 2663 1.1.1.4 christos eap_chapms2_send_request(esp, 2664 1.1.1.4 christos esp->es_server.ea_id, 2665 1.1.1.4 christos CHAP_FAILURE, 2666 1.1.1.4 christos esp->es_server.ea_id, 2667 1.1.1.4 christos response_message, 2668 1.1.1.4 christos strlen(response_message)); 2669 1.1.1.4 christos } 2670 1.1.1.4 christos break; 2671 1.1.1.4 christos case CHAP_SUCCESS: 2672 1.1.1.4 christos info("EAP: MSCHAPv2 success confirmed"); 2673 1.1.1.4 christos break; 2674 1.1.1.4 christos case CHAP_FAILURE: 2675 1.1.1.4 christos info("EAP: MSCHAPv2 failure confirmed"); 2676 1.1.1.4 christos break; 2677 1.1.1.4 christos default: 2678 1.1.1.4 christos error("EAP: Unhandled MSCHAPv2 opcode %d", opcode); 2679 1.1.1.4 christos eap_send_nak(esp, id, EAPT_SRP); 2680 1.1.1.4 christos } 2681 1.1.1.4 christos 2682 1.1.1.4 christos break; 2683 1.1.1.4 christos #endif /* CHAPMS */ 2684 1.1.1.4 christos 2685 1.1 christos #ifdef USE_SRP 2686 1.1 christos case EAPT_SRP: 2687 1.1 christos if (len < 1) { 2688 1.1 christos error("EAP: empty SRP Response"); 2689 1.1 christos eap_figure_next_state(esp, 1); 2690 1.1 christos break; 2691 1.1 christos } 2692 1.1 christos GETCHAR(typenum, inp); 2693 1.1 christos len--; 2694 1.1 christos switch (typenum) { 2695 1.1 christos case EAPSRP_CKEY: 2696 1.1 christos if (esp->es_server.ea_state != eapSRP1) { 2697 1.1 christos error("EAP: unexpected SRP Subtype 1 Response"); 2698 1.1 christos eap_figure_next_state(esp, 1); 2699 1.1 christos break; 2700 1.1 christos } 2701 1.1 christos A.data = inp; 2702 1.1 christos A.len = len; 2703 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 2704 1.1 christos assert(ts != NULL); 2705 1.1 christos esp->es_server.ea_skey = t_servergetkey(ts, &A); 2706 1.1 christos if (esp->es_server.ea_skey == NULL) { 2707 1.1 christos /* Client's A value is bogus; terminate now */ 2708 1.1 christos error("EAP: bogus A value from client"); 2709 1.1 christos eap_send_failure(esp); 2710 1.1 christos } else { 2711 1.1 christos eap_figure_next_state(esp, 0); 2712 1.1 christos } 2713 1.1 christos break; 2714 1.1 christos 2715 1.1 christos case EAPSRP_CVALIDATOR: 2716 1.1 christos if (esp->es_server.ea_state != eapSRP2) { 2717 1.1 christos error("EAP: unexpected SRP Subtype 2 Response"); 2718 1.1 christos eap_figure_next_state(esp, 1); 2719 1.1 christos break; 2720 1.1 christos } 2721 1.1 christos if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) { 2722 1.1 christos error("EAP: M1 length %d < %d", len, 2723 1.1 christos sizeof (u_int32_t) + SHA_DIGESTSIZE); 2724 1.1 christos eap_figure_next_state(esp, 1); 2725 1.1 christos break; 2726 1.1 christos } 2727 1.1 christos GETLONG(esp->es_server.ea_keyflags, inp); 2728 1.1 christos ts = (struct t_server *)esp->es_server.ea_session; 2729 1.1 christos assert(ts != NULL); 2730 1.1 christos if (t_serververify(ts, inp)) { 2731 1.1 christos info("EAP: unable to validate client identity"); 2732 1.1 christos eap_send_failure(esp); 2733 1.1 christos break; 2734 1.1 christos } 2735 1.1 christos eap_figure_next_state(esp, 0); 2736 1.1 christos break; 2737 1.1 christos 2738 1.1 christos case EAPSRP_ACK: 2739 1.1 christos if (esp->es_server.ea_state != eapSRP3) { 2740 1.1 christos error("EAP: unexpected SRP Subtype 3 Response"); 2741 1.1 christos eap_send_failure(esp); 2742 1.1 christos break; 2743 1.1 christos } 2744 1.1 christos esp->es_server.ea_type = EAPT_SRP; 2745 1.1 christos eap_send_success(esp); 2746 1.1 christos eap_figure_next_state(esp, 0); 2747 1.1 christos if (esp->es_rechallenge != 0) 2748 1.1 christos TIMEOUT(eap_rechallenge, esp, 2749 1.1 christos esp->es_rechallenge); 2750 1.1 christos if (esp->es_lwrechallenge != 0) 2751 1.1 christos TIMEOUT(srp_lwrechallenge, esp, 2752 1.1 christos esp->es_lwrechallenge); 2753 1.1 christos break; 2754 1.1 christos 2755 1.1 christos case EAPSRP_LWRECHALLENGE: 2756 1.1 christos if (esp->es_server.ea_state != eapSRP4) { 2757 1.1 christos info("EAP: unexpected SRP Subtype 4 Response"); 2758 1.1 christos return; 2759 1.1 christos } 2760 1.1 christos if (len != SHA_DIGESTSIZE) { 2761 1.1 christos error("EAP: bad Lightweight rechallenge " 2762 1.1 christos "response"); 2763 1.1 christos return; 2764 1.1 christos } 2765 1.1 christos SHA1Init(&ctxt); 2766 1.1 christos vallen = id; 2767 1.1 christos SHA1Update(&ctxt, &vallen, 1); 2768 1.1 christos SHA1Update(&ctxt, esp->es_server.ea_skey, 2769 1.1 christos SESSION_KEY_LEN); 2770 1.1 christos SHA1Update(&ctxt, esp->es_challenge, esp->es_challen); 2771 1.1 christos SHA1Update(&ctxt, esp->es_server.ea_peer, 2772 1.1 christos esp->es_server.ea_peerlen); 2773 1.1 christos SHA1Final(dig, &ctxt); 2774 1.1 christos if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) { 2775 1.1 christos error("EAP: failed Lightweight rechallenge"); 2776 1.1 christos eap_send_failure(esp); 2777 1.1 christos break; 2778 1.1 christos } 2779 1.1 christos esp->es_server.ea_state = eapOpen; 2780 1.1 christos if (esp->es_lwrechallenge != 0) 2781 1.1 christos TIMEOUT(srp_lwrechallenge, esp, 2782 1.1 christos esp->es_lwrechallenge); 2783 1.1 christos break; 2784 1.1 christos } 2785 1.1 christos break; 2786 1.1 christos #endif /* USE_SRP */ 2787 1.1 christos 2788 1.1 christos default: 2789 1.1 christos /* This can't happen. */ 2790 1.1 christos error("EAP: unknown Response type %d; ignored", typenum); 2791 1.1 christos return; 2792 1.1 christos } 2793 1.1 christos 2794 1.1 christos if (esp->es_server.ea_timeout > 0) { 2795 1.1 christos UNTIMEOUT(eap_server_timeout, (void *)esp); 2796 1.1 christos } 2797 1.1 christos 2798 1.1 christos if (esp->es_server.ea_state != eapBadAuth && 2799 1.1 christos esp->es_server.ea_state != eapOpen) { 2800 1.1 christos esp->es_server.ea_id++; 2801 1.1 christos eap_send_request(esp); 2802 1.1 christos } 2803 1.1 christos } 2804 1.1 christos 2805 1.1 christos /* 2806 1.1 christos * eap_success - Receive EAP Success message (client mode). 2807 1.1 christos */ 2808 1.1 christos static void 2809 1.1.1.4 christos eap_success(eap_state *esp, u_char *inp, int id, int len) 2810 1.1 christos { 2811 1.1.1.4 christos if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp) 2812 1.1.1.4 christos #ifdef USE_EAPTLS 2813 1.1.1.4 christos && esp->es_client.ea_state != eapTlsRecvSuccess 2814 1.1.1.4 christos #endif /* USE_EAPTLS */ 2815 1.1.1.4 christos ) { 2816 1.1 christos dbglog("EAP unexpected success message in state %s (%d)", 2817 1.1 christos eap_state_name(esp->es_client.ea_state), 2818 1.1 christos esp->es_client.ea_state); 2819 1.1 christos return; 2820 1.1 christos } 2821 1.1 christos 2822 1.1.1.4 christos #ifdef USE_EAPTLS 2823 1.1.1.4 christos if(esp->es_client.ea_using_eaptls && esp->es_client.ea_state != 2824 1.1.1.4 christos eapTlsRecvSuccess) { 2825 1.1.1.4 christos dbglog("EAP-TLS unexpected success message in state %s (%d)", 2826 1.1.1.4 christos eap_state_name(esp->es_client.ea_state), 2827 1.1.1.4 christos esp->es_client.ea_state); 2828 1.1.1.4 christos return; 2829 1.1.1.4 christos } 2830 1.1.1.4 christos #endif /* USE_EAPTLS */ 2831 1.1.1.4 christos 2832 1.1 christos if (esp->es_client.ea_timeout > 0) { 2833 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 2834 1.1 christos } 2835 1.1 christos 2836 1.1 christos if (len > 0) { 2837 1.1 christos /* This is odd. The spec doesn't allow for this. */ 2838 1.1 christos PRINTMSG(inp, len); 2839 1.1 christos } 2840 1.1 christos 2841 1.1 christos esp->es_client.ea_state = eapOpen; 2842 1.1 christos auth_withpeer_success(esp->es_unit, PPP_EAP, 0); 2843 1.1 christos } 2844 1.1 christos 2845 1.1 christos /* 2846 1.1 christos * eap_failure - Receive EAP Failure message (client mode). 2847 1.1 christos */ 2848 1.1 christos static void 2849 1.1.1.4 christos eap_failure(eap_state *esp, u_char *inp, int id, int len) 2850 1.1 christos { 2851 1.1.1.4 christos /* 2852 1.1.1.4 christos * Ignore failure messages if we're not open 2853 1.1.1.4 christos */ 2854 1.1.1.4 christos if (esp->es_client.ea_state <= eapClosed) 2855 1.1.1.4 christos return; 2856 1.1.1.4 christos 2857 1.1 christos if (!eap_client_active(esp)) { 2858 1.1 christos dbglog("EAP unexpected failure message in state %s (%d)", 2859 1.1 christos eap_state_name(esp->es_client.ea_state), 2860 1.1 christos esp->es_client.ea_state); 2861 1.1 christos } 2862 1.1 christos 2863 1.1 christos if (esp->es_client.ea_timeout > 0) { 2864 1.1 christos UNTIMEOUT(eap_client_timeout, (void *)esp); 2865 1.1 christos } 2866 1.1 christos 2867 1.1 christos if (len > 0) { 2868 1.1 christos /* This is odd. The spec doesn't allow for this. */ 2869 1.1 christos PRINTMSG(inp, len); 2870 1.1 christos } 2871 1.1 christos 2872 1.1 christos esp->es_client.ea_state = eapBadAuth; 2873 1.1 christos 2874 1.1 christos error("EAP: peer reports authentication failure"); 2875 1.1 christos auth_withpeer_fail(esp->es_unit, PPP_EAP); 2876 1.1 christos } 2877 1.1 christos 2878 1.1 christos /* 2879 1.1 christos * eap_input - Handle received EAP message. 2880 1.1 christos */ 2881 1.1 christos static void 2882 1.1.1.4 christos eap_input(int unit, u_char *inp, int inlen) 2883 1.1 christos { 2884 1.1 christos eap_state *esp = &eap_states[unit]; 2885 1.1 christos u_char code, id; 2886 1.1 christos int len; 2887 1.1 christos 2888 1.1 christos /* 2889 1.1 christos * Parse header (code, id and length). If packet too short, 2890 1.1 christos * drop it. 2891 1.1 christos */ 2892 1.1 christos if (inlen < EAP_HEADERLEN) { 2893 1.1 christos error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN); 2894 1.1 christos return; 2895 1.1 christos } 2896 1.1 christos GETCHAR(code, inp); 2897 1.1 christos GETCHAR(id, inp); 2898 1.1 christos GETSHORT(len, inp); 2899 1.1 christos if (len < EAP_HEADERLEN || len > inlen) { 2900 1.1 christos error("EAP: packet has illegal length field %d (%d..%d)", len, 2901 1.1 christos EAP_HEADERLEN, inlen); 2902 1.1 christos return; 2903 1.1 christos } 2904 1.1 christos len -= EAP_HEADERLEN; 2905 1.1 christos 2906 1.1 christos /* Dispatch based on message code */ 2907 1.1 christos switch (code) { 2908 1.1 christos case EAP_REQUEST: 2909 1.1 christos eap_request(esp, inp, id, len); 2910 1.1 christos break; 2911 1.1 christos 2912 1.1 christos case EAP_RESPONSE: 2913 1.1 christos eap_response(esp, inp, id, len); 2914 1.1 christos break; 2915 1.1 christos 2916 1.1 christos case EAP_SUCCESS: 2917 1.1 christos eap_success(esp, inp, id, len); 2918 1.1 christos break; 2919 1.1 christos 2920 1.1 christos case EAP_FAILURE: 2921 1.1 christos eap_failure(esp, inp, id, len); 2922 1.1 christos break; 2923 1.1 christos 2924 1.1 christos default: /* XXX Need code reject */ 2925 1.1 christos /* Note: it's not legal to send EAP Nak here. */ 2926 1.1 christos warn("EAP: unknown code %d received", code); 2927 1.1 christos break; 2928 1.1 christos } 2929 1.1 christos } 2930 1.1 christos 2931 1.1 christos /* 2932 1.1 christos * eap_printpkt - print the contents of an EAP packet. 2933 1.1 christos */ 2934 1.1 christos static char *eap_codenames[] = { 2935 1.1 christos "Request", "Response", "Success", "Failure" 2936 1.1 christos }; 2937 1.1 christos 2938 1.1 christos static char *eap_typenames[] = { 2939 1.1 christos "Identity", "Notification", "Nak", "MD5-Challenge", 2940 1.1 christos "OTP", "Generic-Token", NULL, NULL, 2941 1.1 christos "RSA", "DSS", "KEA", "KEA-Validate", 2942 1.1 christos "TLS", "Defender", "Windows 2000", "Arcot", 2943 1.1.1.4 christos "Cisco", "Nokia", "SRP", NULL, 2944 1.1.1.4 christos "TTLS", "RAS", "AKA", "3COM", "PEAP", 2945 1.1.1.4 christos "MSCHAPv2" 2946 1.1 christos }; 2947 1.1 christos 2948 1.1 christos static int 2949 1.1.1.4 christos eap_printpkt(u_char *inp, int inlen, 2950 1.1.1.4 christos void (*printer) (void *, char *, ...), void *arg) 2951 1.1 christos { 2952 1.1 christos int code, id, len, rtype, vallen; 2953 1.1 christos u_char *pstart; 2954 1.1 christos u_int32_t uval; 2955 1.1.1.4 christos #ifdef USE_EAPTLS 2956 1.1.1.4 christos u_char flags; 2957 1.1.1.4 christos #endif /* USE_EAPTLS */ 2958 1.1.1.4 christos #ifdef CHAPMS 2959 1.1.1.4 christos u_char opcode; 2960 1.1.1.4 christos #endif /* CHAPMS */ 2961 1.1 christos 2962 1.1 christos if (inlen < EAP_HEADERLEN) 2963 1.1 christos return (0); 2964 1.1 christos pstart = inp; 2965 1.1 christos GETCHAR(code, inp); 2966 1.1 christos GETCHAR(id, inp); 2967 1.1 christos GETSHORT(len, inp); 2968 1.1 christos if (len < EAP_HEADERLEN || len > inlen) 2969 1.1 christos return (0); 2970 1.1 christos 2971 1.1 christos if (code >= 1 && code <= sizeof(eap_codenames) / sizeof(char *)) 2972 1.1 christos printer(arg, " %s", eap_codenames[code-1]); 2973 1.1 christos else 2974 1.1 christos printer(arg, " code=0x%x", code); 2975 1.1 christos printer(arg, " id=0x%x", id); 2976 1.1 christos len -= EAP_HEADERLEN; 2977 1.1 christos switch (code) { 2978 1.1 christos case EAP_REQUEST: 2979 1.1 christos if (len < 1) { 2980 1.1 christos printer(arg, " <missing type>"); 2981 1.1 christos break; 2982 1.1 christos } 2983 1.1 christos GETCHAR(rtype, inp); 2984 1.1 christos len--; 2985 1.1 christos if (rtype >= 1 && 2986 1.1 christos rtype <= sizeof (eap_typenames) / sizeof (char *)) 2987 1.1 christos printer(arg, " %s", eap_typenames[rtype-1]); 2988 1.1 christos else 2989 1.1 christos printer(arg, " type=0x%x", rtype); 2990 1.1 christos switch (rtype) { 2991 1.1 christos case EAPT_IDENTITY: 2992 1.1 christos case EAPT_NOTIFICATION: 2993 1.1 christos if (len > 0) { 2994 1.1 christos printer(arg, " <Message "); 2995 1.1 christos print_string((char *)inp, len, printer, arg); 2996 1.1 christos printer(arg, ">"); 2997 1.1 christos INCPTR(len, inp); 2998 1.1 christos len = 0; 2999 1.1 christos } else { 3000 1.1 christos printer(arg, " <No message>"); 3001 1.1 christos } 3002 1.1 christos break; 3003 1.1 christos 3004 1.1 christos case EAPT_MD5CHAP: 3005 1.1 christos if (len <= 0) 3006 1.1 christos break; 3007 1.1 christos GETCHAR(vallen, inp); 3008 1.1 christos len--; 3009 1.1 christos if (vallen > len) 3010 1.1 christos goto truncated; 3011 1.1 christos printer(arg, " <Value%.*B>", vallen, inp); 3012 1.1 christos INCPTR(vallen, inp); 3013 1.1 christos len -= vallen; 3014 1.1 christos if (len > 0) { 3015 1.1 christos printer(arg, " <Name "); 3016 1.1 christos print_string((char *)inp, len, printer, arg); 3017 1.1 christos printer(arg, ">"); 3018 1.1 christos INCPTR(len, inp); 3019 1.1 christos len = 0; 3020 1.1 christos } else { 3021 1.1 christos printer(arg, " <No name>"); 3022 1.1 christos } 3023 1.1 christos break; 3024 1.1 christos 3025 1.1.1.4 christos #ifdef CHAPMS 3026 1.1.1.4 christos case EAPT_MSCHAPV2: 3027 1.1.1.4 christos if (len <= 0) 3028 1.1.1.4 christos break; 3029 1.1.1.4 christos GETCHAR(opcode, inp); 3030 1.1.1.4 christos len--; 3031 1.1.1.4 christos switch (opcode) { 3032 1.1.1.4 christos case CHAP_CHALLENGE: 3033 1.1.1.4 christos INCPTR(3, inp); 3034 1.1.1.4 christos len -= 3; 3035 1.1.1.4 christos GETCHAR(vallen, inp); 3036 1.1.1.4 christos len--; 3037 1.1.1.4 christos if (vallen > len) 3038 1.1.1.4 christos goto truncated; 3039 1.1.1.4 christos len -= vallen; 3040 1.1.1.4 christos printer(arg, " Challenge <"); 3041 1.1.1.4 christos for (; vallen > 0; --vallen) { 3042 1.1.1.4 christos u_char val; 3043 1.1.1.4 christos GETCHAR(val, inp); 3044 1.1.1.4 christos printer(arg, "%.2x", val); 3045 1.1.1.4 christos } 3046 1.1.1.4 christos printer(arg, ">"); 3047 1.1.1.4 christos if (len > 0) { 3048 1.1.1.4 christos printer(arg, ", <Name "); 3049 1.1.1.4 christos print_string((char *)inp, len, printer, arg); 3050 1.1.1.4 christos printer(arg, ">"); 3051 1.1.1.4 christos INCPTR(len, inp); 3052 1.1.1.4 christos len = 0; 3053 1.1.1.4 christos } else { 3054 1.1.1.4 christos printer(arg, ", <No name>"); 3055 1.1.1.4 christos } 3056 1.1.1.4 christos break; 3057 1.1.1.4 christos case CHAP_SUCCESS: 3058 1.1.1.4 christos INCPTR(3, inp); 3059 1.1.1.4 christos len -= 3; 3060 1.1.1.4 christos printer(arg, " Success <Message "); 3061 1.1.1.4 christos print_string((char *)inp, len, printer, arg); 3062 1.1.1.4 christos printer(arg, ">"); 3063 1.1.1.4 christos break; 3064 1.1.1.4 christos case CHAP_FAILURE: 3065 1.1.1.4 christos INCPTR(3, inp); 3066 1.1.1.4 christos len -= 3; 3067 1.1.1.4 christos printer(arg, " Failure <Message "); 3068 1.1.1.4 christos print_string((char *)inp, len, printer, arg); 3069 1.1.1.4 christos printer(arg, ">"); 3070 1.1.1.4 christos break; 3071 1.1.1.4 christos default: 3072 1.1.1.4 christos INCPTR(3, inp); 3073 1.1.1.4 christos len -= 3; 3074 1.1.1.4 christos printer(arg, " opcode=0x%x <%.*B>", opcode, len, inp); 3075 1.1.1.4 christos break; 3076 1.1.1.4 christos } 3077 1.1.1.4 christos break; 3078 1.1.1.4 christos #endif /* CHAPMS */ 3079 1.1.1.4 christos 3080 1.1.1.4 christos #ifdef USE_EAPTLS 3081 1.1.1.4 christos case EAPT_TLS: 3082 1.1.1.4 christos if (len < 1) 3083 1.1.1.4 christos break; 3084 1.1.1.4 christos GETCHAR(flags, inp); 3085 1.1.1.4 christos len--; 3086 1.1.1.4 christos 3087 1.1.1.4 christos if(flags == 0 && len == 0){ 3088 1.1.1.4 christos printer(arg, " Ack"); 3089 1.1.1.4 christos break; 3090 1.1.1.4 christos } 3091 1.1.1.4 christos 3092 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_LI ? " L":" -"); 3093 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-"); 3094 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- "); 3095 1.1.1.4 christos break; 3096 1.1.1.4 christos #endif /* USE_EAPTLS */ 3097 1.1.1.4 christos 3098 1.1 christos case EAPT_SRP: 3099 1.1 christos if (len < 3) 3100 1.1 christos goto truncated; 3101 1.1 christos GETCHAR(vallen, inp); 3102 1.1 christos len--; 3103 1.1 christos printer(arg, "-%d", vallen); 3104 1.1 christos switch (vallen) { 3105 1.1 christos case EAPSRP_CHALLENGE: 3106 1.1 christos GETCHAR(vallen, inp); 3107 1.1 christos len--; 3108 1.1 christos if (vallen >= len) 3109 1.1 christos goto truncated; 3110 1.1 christos if (vallen > 0) { 3111 1.1 christos printer(arg, " <Name "); 3112 1.1 christos print_string((char *)inp, vallen, printer, 3113 1.1 christos arg); 3114 1.1 christos printer(arg, ">"); 3115 1.1 christos } else { 3116 1.1 christos printer(arg, " <No name>"); 3117 1.1 christos } 3118 1.1 christos INCPTR(vallen, inp); 3119 1.1 christos len -= vallen; 3120 1.1 christos GETCHAR(vallen, inp); 3121 1.1 christos len--; 3122 1.1 christos if (vallen >= len) 3123 1.1 christos goto truncated; 3124 1.1 christos printer(arg, " <s%.*B>", vallen, inp); 3125 1.1 christos INCPTR(vallen, inp); 3126 1.1 christos len -= vallen; 3127 1.1 christos GETCHAR(vallen, inp); 3128 1.1 christos len--; 3129 1.1 christos if (vallen > len) 3130 1.1 christos goto truncated; 3131 1.1 christos if (vallen == 0) { 3132 1.1 christos printer(arg, " <Default g=2>"); 3133 1.1 christos } else { 3134 1.1 christos printer(arg, " <g%.*B>", vallen, inp); 3135 1.1 christos } 3136 1.1 christos INCPTR(vallen, inp); 3137 1.1 christos len -= vallen; 3138 1.1 christos if (len == 0) { 3139 1.1 christos printer(arg, " <Default N>"); 3140 1.1 christos } else { 3141 1.1 christos printer(arg, " <N%.*B>", len, inp); 3142 1.1 christos INCPTR(len, inp); 3143 1.1 christos len = 0; 3144 1.1 christos } 3145 1.1 christos break; 3146 1.1 christos 3147 1.1 christos case EAPSRP_SKEY: 3148 1.1 christos printer(arg, " <B%.*B>", len, inp); 3149 1.1 christos INCPTR(len, inp); 3150 1.1 christos len = 0; 3151 1.1 christos break; 3152 1.1 christos 3153 1.1 christos case EAPSRP_SVALIDATOR: 3154 1.1 christos if (len < sizeof (u_int32_t)) 3155 1.1 christos break; 3156 1.1 christos GETLONG(uval, inp); 3157 1.1 christos len -= sizeof (u_int32_t); 3158 1.1 christos if (uval & SRPVAL_EBIT) { 3159 1.1 christos printer(arg, " E"); 3160 1.1 christos uval &= ~SRPVAL_EBIT; 3161 1.1 christos } 3162 1.1 christos if (uval != 0) { 3163 1.1 christos printer(arg, " f<%X>", uval); 3164 1.1 christos } 3165 1.1 christos if ((vallen = len) > SHA_DIGESTSIZE) 3166 1.1 christos vallen = SHA_DIGESTSIZE; 3167 1.1 christos printer(arg, " <M2%.*B%s>", len, inp, 3168 1.1 christos len < SHA_DIGESTSIZE ? "?" : ""); 3169 1.1 christos INCPTR(vallen, inp); 3170 1.1 christos len -= vallen; 3171 1.1 christos if (len > 0) { 3172 1.1 christos printer(arg, " <PN%.*B>", len, inp); 3173 1.1 christos INCPTR(len, inp); 3174 1.1 christos len = 0; 3175 1.1 christos } 3176 1.1 christos break; 3177 1.1 christos 3178 1.1 christos case EAPSRP_LWRECHALLENGE: 3179 1.1 christos printer(arg, " <Challenge%.*B>", len, inp); 3180 1.1 christos INCPTR(len, inp); 3181 1.1 christos len = 0; 3182 1.1 christos break; 3183 1.1 christos } 3184 1.1 christos break; 3185 1.1 christos } 3186 1.1 christos break; 3187 1.1 christos 3188 1.1 christos case EAP_RESPONSE: 3189 1.1 christos if (len < 1) 3190 1.1 christos break; 3191 1.1 christos GETCHAR(rtype, inp); 3192 1.1 christos len--; 3193 1.1 christos if (rtype >= 1 && 3194 1.1 christos rtype <= sizeof (eap_typenames) / sizeof (char *)) 3195 1.1 christos printer(arg, " %s", eap_typenames[rtype-1]); 3196 1.1 christos else 3197 1.1 christos printer(arg, " type=0x%x", rtype); 3198 1.1 christos switch (rtype) { 3199 1.1 christos case EAPT_IDENTITY: 3200 1.1 christos if (len > 0) { 3201 1.1 christos printer(arg, " <Name "); 3202 1.1 christos print_string((char *)inp, len, printer, arg); 3203 1.1 christos printer(arg, ">"); 3204 1.1 christos INCPTR(len, inp); 3205 1.1 christos len = 0; 3206 1.1 christos } 3207 1.1 christos break; 3208 1.1 christos 3209 1.1.1.4 christos #ifdef USE_EAPTLS 3210 1.1.1.4 christos case EAPT_TLS: 3211 1.1.1.4 christos if (len < 1) 3212 1.1.1.4 christos break; 3213 1.1.1.4 christos GETCHAR(flags, inp); 3214 1.1.1.4 christos len--; 3215 1.1.1.4 christos 3216 1.1.1.4 christos if(flags == 0 && len == 0){ 3217 1.1.1.4 christos printer(arg, " Ack"); 3218 1.1.1.4 christos break; 3219 1.1.1.4 christos } 3220 1.1.1.4 christos 3221 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_LI ? " L":" -"); 3222 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-"); 3223 1.1.1.4 christos printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- "); 3224 1.1.1.4 christos 3225 1.1.1.4 christos break; 3226 1.1.1.4 christos #endif /* USE_EAPTLS */ 3227 1.1.1.4 christos 3228 1.1 christos case EAPT_NAK: 3229 1.1 christos if (len <= 0) { 3230 1.1 christos printer(arg, " <missing hint>"); 3231 1.1 christos break; 3232 1.1 christos } 3233 1.1 christos GETCHAR(rtype, inp); 3234 1.1 christos len--; 3235 1.1 christos printer(arg, " <Suggested-type %02X", rtype); 3236 1.1 christos if (rtype >= 1 && 3237 1.1.1.4 christos rtype <= sizeof (eap_typenames) / sizeof (char *)) 3238 1.1 christos printer(arg, " (%s)", eap_typenames[rtype-1]); 3239 1.1 christos printer(arg, ">"); 3240 1.1 christos break; 3241 1.1 christos 3242 1.1 christos case EAPT_MD5CHAP: 3243 1.1 christos if (len <= 0) { 3244 1.1 christos printer(arg, " <missing length>"); 3245 1.1 christos break; 3246 1.1 christos } 3247 1.1 christos GETCHAR(vallen, inp); 3248 1.1 christos len--; 3249 1.1 christos if (vallen > len) 3250 1.1 christos goto truncated; 3251 1.1 christos printer(arg, " <Value%.*B>", vallen, inp); 3252 1.1 christos INCPTR(vallen, inp); 3253 1.1 christos len -= vallen; 3254 1.1 christos if (len > 0) { 3255 1.1 christos printer(arg, " <Name "); 3256 1.1 christos print_string((char *)inp, len, printer, arg); 3257 1.1 christos printer(arg, ">"); 3258 1.1 christos INCPTR(len, inp); 3259 1.1 christos len = 0; 3260 1.1 christos } else { 3261 1.1 christos printer(arg, " <No name>"); 3262 1.1 christos } 3263 1.1 christos break; 3264 1.1 christos 3265 1.1.1.4 christos #ifdef CHAPMS 3266 1.1.1.4 christos case EAPT_MSCHAPV2: 3267 1.1.1.4 christos if (len <= 0) 3268 1.1.1.4 christos break; 3269 1.1.1.4 christos GETCHAR(opcode, inp); 3270 1.1.1.4 christos len--; 3271 1.1.1.4 christos switch (opcode) { 3272 1.1.1.4 christos case CHAP_RESPONSE: 3273 1.1.1.4 christos INCPTR(3, inp); 3274 1.1.1.4 christos len -= 3; 3275 1.1.1.4 christos GETCHAR(vallen, inp); 3276 1.1.1.4 christos len--; 3277 1.1.1.4 christos if (vallen > len) 3278 1.1.1.4 christos goto truncated; 3279 1.1.1.4 christos len -= vallen; 3280 1.1.1.4 christos printer(arg, " Response <"); 3281 1.1.1.4 christos for (; vallen > 0; --vallen) { 3282 1.1.1.4 christos u_char val; 3283 1.1.1.4 christos GETCHAR(val, inp); 3284 1.1.1.4 christos printer(arg, "%.2x", val); 3285 1.1.1.4 christos } 3286 1.1.1.4 christos printer(arg, ">"); 3287 1.1.1.4 christos if (len > 0) { 3288 1.1.1.4 christos printer(arg, ", <Name "); 3289 1.1.1.4 christos print_string((char *)inp, len, printer, arg); 3290 1.1.1.4 christos printer(arg, ">"); 3291 1.1.1.4 christos INCPTR(len, inp); 3292 1.1.1.4 christos len = 0; 3293 1.1.1.4 christos } else { 3294 1.1.1.4 christos printer(arg, ", <No name>"); 3295 1.1.1.4 christos } 3296 1.1.1.4 christos break; 3297 1.1.1.4 christos case CHAP_SUCCESS: 3298 1.1.1.4 christos printer(arg, " Success"); 3299 1.1.1.4 christos break; 3300 1.1.1.4 christos case CHAP_FAILURE: 3301 1.1.1.4 christos printer(arg, " Failure"); 3302 1.1.1.4 christos break; 3303 1.1.1.4 christos default: 3304 1.1.1.4 christos printer(arg, " opcode=0x%x <%.*B>", opcode, len, inp); 3305 1.1.1.4 christos break; 3306 1.1.1.4 christos } 3307 1.1.1.4 christos break; 3308 1.1.1.4 christos #endif /* CHAPMS */ 3309 1.1.1.4 christos 3310 1.1 christos case EAPT_SRP: 3311 1.1 christos if (len < 1) 3312 1.1 christos goto truncated; 3313 1.1 christos GETCHAR(vallen, inp); 3314 1.1 christos len--; 3315 1.1 christos printer(arg, "-%d", vallen); 3316 1.1 christos switch (vallen) { 3317 1.1 christos case EAPSRP_CKEY: 3318 1.1 christos printer(arg, " <A%.*B>", len, inp); 3319 1.1 christos INCPTR(len, inp); 3320 1.1 christos len = 0; 3321 1.1 christos break; 3322 1.1 christos 3323 1.1 christos case EAPSRP_CVALIDATOR: 3324 1.1 christos if (len < sizeof (u_int32_t)) 3325 1.1 christos break; 3326 1.1 christos GETLONG(uval, inp); 3327 1.1 christos len -= sizeof (u_int32_t); 3328 1.1 christos if (uval & SRPVAL_EBIT) { 3329 1.1 christos printer(arg, " E"); 3330 1.1 christos uval &= ~SRPVAL_EBIT; 3331 1.1 christos } 3332 1.1 christos if (uval != 0) { 3333 1.1 christos printer(arg, " f<%X>", uval); 3334 1.1 christos } 3335 1.1 christos printer(arg, " <M1%.*B%s>", len, inp, 3336 1.1 christos len == SHA_DIGESTSIZE ? "" : "?"); 3337 1.1 christos INCPTR(len, inp); 3338 1.1 christos len = 0; 3339 1.1 christos break; 3340 1.1 christos 3341 1.1 christos case EAPSRP_ACK: 3342 1.1 christos break; 3343 1.1 christos 3344 1.1 christos case EAPSRP_LWRECHALLENGE: 3345 1.1 christos printer(arg, " <Response%.*B%s>", len, inp, 3346 1.1 christos len == SHA_DIGESTSIZE ? "" : "?"); 3347 1.1 christos if ((vallen = len) > SHA_DIGESTSIZE) 3348 1.1 christos vallen = SHA_DIGESTSIZE; 3349 1.1 christos INCPTR(vallen, inp); 3350 1.1 christos len -= vallen; 3351 1.1 christos break; 3352 1.1 christos } 3353 1.1 christos break; 3354 1.1 christos } 3355 1.1 christos break; 3356 1.1 christos 3357 1.1 christos case EAP_SUCCESS: /* No payload expected for these! */ 3358 1.1 christos case EAP_FAILURE: 3359 1.1 christos break; 3360 1.1 christos 3361 1.1 christos truncated: 3362 1.1 christos printer(arg, " <truncated>"); 3363 1.1 christos break; 3364 1.1 christos } 3365 1.1 christos 3366 1.1 christos if (len > 8) 3367 1.1 christos printer(arg, "%8B...", inp); 3368 1.1 christos else if (len > 0) 3369 1.1 christos printer(arg, "%.*B", len, inp); 3370 1.1 christos INCPTR(len, inp); 3371 1.1 christos 3372 1.1 christos return (inp - pstart); 3373 1.1 christos } 3374
Indexes created Sat May 02 00:23:24 UTC 2026