BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /* |
2 | * eap.c - Extensible Authentication Protocol for PPP (RFC 2284) |
||
3 | * |
||
4 | * Copyright (c) 2001 by Sun Microsystems, Inc. |
||
5 | * All rights reserved. |
||
6 | * |
||
7 | * Non-exclusive rights to redistribute, modify, translate, and use |
||
8 | * this software in source and binary forms, in whole or in part, is |
||
9 | * hereby granted, provided that the above copyright notice is |
||
10 | * duplicated in any source form, and that neither the name of the |
||
11 | * copyright holder nor the author is used to endorse or promote |
||
12 | * products derived from this software. |
||
13 | * |
||
14 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
||
15 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
||
16 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
||
17 | * |
||
18 | * Original version by James Carlson |
||
19 | * |
||
20 | * This implementation of EAP supports MD5-Challenge and SRP-SHA1 |
||
21 | * authentication styles. Note that support of MD5-Challenge is a |
||
22 | * requirement of RFC 2284, and that it's essentially just a |
||
23 | * reimplementation of regular RFC 1994 CHAP using EAP messages. |
||
24 | * |
||
25 | * As an authenticator ("server"), there are multiple phases for each |
||
26 | * style. In the first phase of each style, the unauthenticated peer |
||
27 | * name is queried using the EAP Identity request type. If the |
||
28 | * "remotename" option is used, then this phase is skipped, because |
||
29 | * the peer's name is presumed to be known. |
||
30 | * |
||
31 | * For MD5-Challenge, there are two phases, and the second phase |
||
32 | * consists of sending the challenge itself and handling the |
||
33 | * associated response. |
||
34 | * |
||
35 | * For SRP-SHA1, there are four phases. The second sends 's', 'N', |
||
36 | * and 'g'. The reply contains 'A'. The third sends 'B', and the |
||
37 | * reply contains 'M1'. The forth sends the 'M2' value. |
||
38 | * |
||
39 | * As an authenticatee ("client"), there's just a single phase -- |
||
40 | * responding to the queries generated by the peer. EAP is an |
||
41 | * authenticator-driven protocol. |
||
42 | * |
||
43 | * Based on draft-ietf-pppext-eap-srp-03.txt. |
||
44 | */ |
||
45 | |||
46 | #include "netif/ppp/ppp_opts.h" |
||
47 | #if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ |
||
48 | |||
49 | #include "netif/ppp/ppp_impl.h" |
||
50 | #include "netif/ppp/eap.h" |
||
51 | #include "netif/ppp/magic.h" |
||
52 | #include "netif/ppp/pppcrypt.h" |
||
53 | |||
54 | #ifdef USE_SRP |
||
55 | #include <t_pwd.h> |
||
56 | #include <t_server.h> |
||
57 | #include <t_client.h> |
||
58 | #endif /* USE_SRP */ |
||
59 | |||
60 | #ifndef SHA_DIGESTSIZE |
||
61 | #define SHA_DIGESTSIZE 20 |
||
62 | #endif |
||
63 | |||
64 | #ifdef USE_SRP |
||
65 | static char *pn_secret = NULL; /* Pseudonym generating secret */ |
||
66 | #endif |
||
67 | |||
68 | #if PPP_OPTIONS |
||
69 | /* |
||
70 | * Command-line options. |
||
71 | */ |
||
72 | static option_t eap_option_list[] = { |
||
73 | { "eap-restart", o_int, &eap_states[0].es_server.ea_timeout, |
||
74 | "Set retransmit timeout for EAP Requests (server)" }, |
||
75 | { "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests, |
||
76 | "Set max number of EAP Requests sent (server)" }, |
||
77 | { "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout, |
||
78 | "Set time limit for peer EAP authentication" }, |
||
79 | { "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests, |
||
80 | "Set max number of EAP Requests allows (client)" }, |
||
81 | { "eap-interval", o_int, &eap_states[0].es_rechallenge, |
||
82 | "Set interval for EAP rechallenge" }, |
||
83 | #ifdef USE_SRP |
||
84 | { "srp-interval", o_int, &eap_states[0].es_lwrechallenge, |
||
85 | "Set interval for SRP lightweight rechallenge" }, |
||
86 | { "srp-pn-secret", o_string, &pn_secret, |
||
87 | "Long term pseudonym generation secret" }, |
||
88 | { "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo, |
||
89 | "Use pseudonym if offered one by server", 1 }, |
||
90 | #endif |
||
91 | { NULL } |
||
92 | }; |
||
93 | #endif /* PPP_OPTIONS */ |
||
94 | |||
95 | /* |
||
96 | * Protocol entry points. |
||
97 | */ |
||
98 | static void eap_init(ppp_pcb *pcb); |
||
99 | static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen); |
||
100 | static void eap_protrej(ppp_pcb *pcb); |
||
101 | static void eap_lowerup(ppp_pcb *pcb); |
||
102 | static void eap_lowerdown(ppp_pcb *pcb); |
||
103 | #if PRINTPKT_SUPPORT |
||
104 | static int eap_printpkt(const u_char *inp, int inlen, |
||
105 | void (*)(void *arg, const char *fmt, ...), void *arg); |
||
106 | #endif /* PRINTPKT_SUPPORT */ |
||
107 | |||
108 | const struct protent eap_protent = { |
||
109 | PPP_EAP, /* protocol number */ |
||
110 | eap_init, /* initialization procedure */ |
||
111 | eap_input, /* process a received packet */ |
||
112 | eap_protrej, /* process a received protocol-reject */ |
||
113 | eap_lowerup, /* lower layer has gone up */ |
||
114 | eap_lowerdown, /* lower layer has gone down */ |
||
115 | NULL, /* open the protocol */ |
||
116 | NULL, /* close the protocol */ |
||
117 | #if PRINTPKT_SUPPORT |
||
118 | eap_printpkt, /* print a packet in readable form */ |
||
119 | #endif /* PRINTPKT_SUPPORT */ |
||
120 | #if PPP_DATAINPUT |
||
121 | NULL, /* process a received data packet */ |
||
122 | #endif /* PPP_DATAINPUT */ |
||
123 | #if PRINTPKT_SUPPORT |
||
124 | "EAP", /* text name of protocol */ |
||
125 | NULL, /* text name of corresponding data protocol */ |
||
126 | #endif /* PRINTPKT_SUPPORT */ |
||
127 | #if PPP_OPTIONS |
||
128 | eap_option_list, /* list of command-line options */ |
||
129 | NULL, /* check requested options; assign defaults */ |
||
130 | #endif /* PPP_OPTIONS */ |
||
131 | #if DEMAND_SUPPORT |
||
132 | NULL, /* configure interface for demand-dial */ |
||
133 | NULL /* say whether to bring up link for this pkt */ |
||
134 | #endif /* DEMAND_SUPPORT */ |
||
135 | }; |
||
136 | |||
137 | #ifdef USE_SRP |
||
138 | /* |
||
139 | * A well-known 2048 bit modulus. |
||
140 | */ |
||
141 | static const u_char wkmodulus[] = { |
||
142 | 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, |
||
143 | 0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, |
||
144 | 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, |
||
145 | 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, |
||
146 | 0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED, |
||
147 | 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, |
||
148 | 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, |
||
149 | 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50, |
||
150 | 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, |
||
151 | 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, |
||
152 | 0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, |
||
153 | 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, |
||
154 | 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, |
||
155 | 0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74, |
||
156 | 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, |
||
157 | 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, |
||
158 | 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16, |
||
159 | 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, |
||
160 | 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, |
||
161 | 0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, |
||
162 | 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, |
||
163 | 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, |
||
164 | 0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78, |
||
165 | 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, |
||
166 | 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, |
||
167 | 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8, |
||
168 | 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, |
||
169 | 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, |
||
170 | 0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, |
||
171 | 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, |
||
172 | 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, |
||
173 | 0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73 |
||
174 | }; |
||
175 | #endif |
||
176 | |||
177 | #if PPP_SERVER |
||
178 | /* Local forward declarations. */ |
||
179 | static void eap_server_timeout(void *arg); |
||
180 | #endif /* PPP_SERVER */ |
||
181 | |||
182 | /* |
||
183 | * Convert EAP state code to printable string for debug. |
||
184 | */ |
||
185 | static const char * eap_state_name(enum eap_state_code esc) |
||
186 | { |
||
187 | static const char *state_names[] = { EAP_STATES }; |
||
188 | |||
189 | return (state_names[(int)esc]); |
||
190 | } |
||
191 | |||
192 | /* |
||
193 | * eap_init - Initialize state for an EAP user. This is currently |
||
194 | * called once by main() during start-up. |
||
195 | */ |
||
196 | static void eap_init(ppp_pcb *pcb) { |
||
197 | |||
198 | BZERO(&pcb->eap, sizeof(eap_state)); |
||
199 | #if PPP_SERVER |
||
200 | pcb->eap.es_server.ea_id = magic(); |
||
201 | #endif /* PPP_SERVER */ |
||
202 | } |
||
203 | |||
204 | /* |
||
205 | * eap_client_timeout - Give up waiting for the peer to send any |
||
206 | * Request messages. |
||
207 | */ |
||
208 | static void eap_client_timeout(void *arg) { |
||
209 | ppp_pcb *pcb = (ppp_pcb*)arg; |
||
210 | |||
211 | if (!eap_client_active(pcb)) |
||
212 | return; |
||
213 | |||
214 | ppp_error("EAP: timeout waiting for Request from peer"); |
||
215 | auth_withpeer_fail(pcb, PPP_EAP); |
||
216 | pcb->eap.es_client.ea_state = eapBadAuth; |
||
217 | } |
||
218 | |||
219 | /* |
||
220 | * eap_authwithpeer - Authenticate to our peer (behave as client). |
||
221 | * |
||
222 | * Start client state and wait for requests. This is called only |
||
223 | * after eap_lowerup. |
||
224 | */ |
||
225 | void eap_authwithpeer(ppp_pcb *pcb, const char *localname) { |
||
226 | |||
227 | if(NULL == localname) |
||
228 | return; |
||
229 | |||
230 | /* Save the peer name we're given */ |
||
231 | pcb->eap.es_client.ea_name = localname; |
||
232 | pcb->eap.es_client.ea_namelen = strlen(localname); |
||
233 | |||
234 | pcb->eap.es_client.ea_state = eapListen; |
||
235 | |||
236 | /* |
||
237 | * Start a timer so that if the other end just goes |
||
238 | * silent, we don't sit here waiting forever. |
||
239 | */ |
||
240 | if (pcb->settings.eap_req_time > 0) |
||
241 | TIMEOUT(eap_client_timeout, pcb, |
||
242 | pcb->settings.eap_req_time); |
||
243 | } |
||
244 | |||
245 | #if PPP_SERVER |
||
246 | /* |
||
247 | * Format a standard EAP Failure message and send it to the peer. |
||
248 | * (Server operation) |
||
249 | */ |
||
250 | static void eap_send_failure(ppp_pcb *pcb) { |
||
251 | struct pbuf *p; |
||
252 | u_char *outp; |
||
253 | |||
254 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE); |
||
255 | if(NULL == p) |
||
256 | return; |
||
257 | if(p->tot_len != p->len) { |
||
258 | pbuf_free(p); |
||
259 | return; |
||
260 | } |
||
261 | |||
262 | outp = (u_char*)p->payload; |
||
263 | |||
264 | MAKEHEADER(outp, PPP_EAP); |
||
265 | |||
266 | PUTCHAR(EAP_FAILURE, outp); |
||
267 | pcb->eap.es_server.ea_id++; |
||
268 | PUTCHAR(pcb->eap.es_server.ea_id, outp); |
||
269 | PUTSHORT(EAP_HEADERLEN, outp); |
||
270 | |||
271 | ppp_write(pcb, p); |
||
272 | |||
273 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
274 | auth_peer_fail(pcb, PPP_EAP); |
||
275 | } |
||
276 | |||
277 | /* |
||
278 | * Format a standard EAP Success message and send it to the peer. |
||
279 | * (Server operation) |
||
280 | */ |
||
281 | static void eap_send_success(ppp_pcb *pcb) { |
||
282 | struct pbuf *p; |
||
283 | u_char *outp; |
||
284 | |||
285 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE); |
||
286 | if(NULL == p) |
||
287 | return; |
||
288 | if(p->tot_len != p->len) { |
||
289 | pbuf_free(p); |
||
290 | return; |
||
291 | } |
||
292 | |||
293 | outp = (u_char*)p->payload; |
||
294 | |||
295 | MAKEHEADER(outp, PPP_EAP); |
||
296 | |||
297 | PUTCHAR(EAP_SUCCESS, outp); |
||
298 | pcb->eap.es_server.ea_id++; |
||
299 | PUTCHAR(pcb->eap.es_server.ea_id, outp); |
||
300 | PUTSHORT(EAP_HEADERLEN, outp); |
||
301 | |||
302 | ppp_write(pcb, p); |
||
303 | |||
304 | auth_peer_success(pcb, PPP_EAP, 0, |
||
305 | pcb->eap.es_server.ea_peer, pcb->eap.es_server.ea_peerlen); |
||
306 | } |
||
307 | #endif /* PPP_SERVER */ |
||
308 | |||
309 | #ifdef USE_SRP |
||
310 | /* |
||
311 | * Set DES key according to pseudonym-generating secret and current |
||
312 | * date. |
||
313 | */ |
||
314 | static bool |
||
315 | pncrypt_setkey(int timeoffs) |
||
316 | { |
||
317 | struct tm *tp; |
||
318 | char tbuf[9]; |
||
319 | SHA1_CTX ctxt; |
||
320 | u_char dig[SHA_DIGESTSIZE]; |
||
321 | time_t reftime; |
||
322 | |||
323 | if (pn_secret == NULL) |
||
324 | return (0); |
||
325 | reftime = time(NULL) + timeoffs; |
||
326 | tp = localtime(&reftime); |
||
327 | SHA1Init(&ctxt); |
||
328 | SHA1Update(&ctxt, pn_secret, strlen(pn_secret)); |
||
329 | strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp); |
||
330 | SHA1Update(&ctxt, tbuf, strlen(tbuf)); |
||
331 | SHA1Final(dig, &ctxt); |
||
332 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
333 | return (DesSetkey(dig)); |
||
334 | } |
||
335 | |||
336 | static char base64[] = |
||
337 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; |
||
338 | |||
339 | struct b64state { |
||
340 | u32_t bs_bits; |
||
341 | int bs_offs; |
||
342 | }; |
||
343 | |||
344 | static int |
||
345 | b64enc(bs, inp, inlen, outp) |
||
346 | struct b64state *bs; |
||
347 | u_char *inp; |
||
348 | int inlen; |
||
349 | u_char *outp; |
||
350 | { |
||
351 | int outlen = 0; |
||
352 | |||
353 | while (inlen > 0) { |
||
354 | bs->bs_bits = (bs->bs_bits << 8) | *inp++; |
||
355 | inlen--; |
||
356 | bs->bs_offs += 8; |
||
357 | if (bs->bs_offs >= 24) { |
||
358 | *outp++ = base64[(bs->bs_bits >> 18) & 0x3F]; |
||
359 | *outp++ = base64[(bs->bs_bits >> 12) & 0x3F]; |
||
360 | *outp++ = base64[(bs->bs_bits >> 6) & 0x3F]; |
||
361 | *outp++ = base64[bs->bs_bits & 0x3F]; |
||
362 | outlen += 4; |
||
363 | bs->bs_offs = 0; |
||
364 | bs->bs_bits = 0; |
||
365 | } |
||
366 | } |
||
367 | return (outlen); |
||
368 | } |
||
369 | |||
370 | static int |
||
371 | b64flush(bs, outp) |
||
372 | struct b64state *bs; |
||
373 | u_char *outp; |
||
374 | { |
||
375 | int outlen = 0; |
||
376 | |||
377 | if (bs->bs_offs == 8) { |
||
378 | *outp++ = base64[(bs->bs_bits >> 2) & 0x3F]; |
||
379 | *outp++ = base64[(bs->bs_bits << 4) & 0x3F]; |
||
380 | outlen = 2; |
||
381 | } else if (bs->bs_offs == 16) { |
||
382 | *outp++ = base64[(bs->bs_bits >> 10) & 0x3F]; |
||
383 | *outp++ = base64[(bs->bs_bits >> 4) & 0x3F]; |
||
384 | *outp++ = base64[(bs->bs_bits << 2) & 0x3F]; |
||
385 | outlen = 3; |
||
386 | } |
||
387 | bs->bs_offs = 0; |
||
388 | bs->bs_bits = 0; |
||
389 | return (outlen); |
||
390 | } |
||
391 | |||
392 | static int |
||
393 | b64dec(bs, inp, inlen, outp) |
||
394 | struct b64state *bs; |
||
395 | u_char *inp; |
||
396 | int inlen; |
||
397 | u_char *outp; |
||
398 | { |
||
399 | int outlen = 0; |
||
400 | char *cp; |
||
401 | |||
402 | while (inlen > 0) { |
||
403 | if ((cp = strchr(base64, *inp++)) == NULL) |
||
404 | break; |
||
405 | bs->bs_bits = (bs->bs_bits << 6) | (cp - base64); |
||
406 | inlen--; |
||
407 | bs->bs_offs += 6; |
||
408 | if (bs->bs_offs >= 8) { |
||
409 | *outp++ = bs->bs_bits >> (bs->bs_offs - 8); |
||
410 | outlen++; |
||
411 | bs->bs_offs -= 8; |
||
412 | } |
||
413 | } |
||
414 | return (outlen); |
||
415 | } |
||
416 | #endif /* USE_SRP */ |
||
417 | |||
418 | #if PPP_SERVER |
||
419 | /* |
||
420 | * Assume that current waiting server state is complete and figure |
||
421 | * next state to use based on available authentication data. 'status' |
||
422 | * indicates if there was an error in handling the last query. It is |
||
423 | * 0 for success and non-zero for failure. |
||
424 | */ |
||
425 | static void eap_figure_next_state(ppp_pcb *pcb, int status) { |
||
426 | #ifdef USE_SRP |
||
427 | unsigned char secbuf[MAXSECRETLEN], clear[8], *sp, *dp; |
||
428 | struct t_pw tpw; |
||
429 | struct t_confent *tce, mytce; |
||
430 | char *cp, *cp2; |
||
431 | struct t_server *ts; |
||
432 | int id, i, plen, toffs; |
||
433 | u_char vals[2]; |
||
434 | struct b64state bs; |
||
435 | #endif /* USE_SRP */ |
||
436 | |||
437 | pcb->settings.eap_timeout_time = pcb->eap.es_savedtime; |
||
438 | switch (pcb->eap.es_server.ea_state) { |
||
439 | case eapBadAuth: |
||
440 | return; |
||
441 | |||
442 | case eapIdentify: |
||
443 | #ifdef USE_SRP |
||
444 | /* Discard any previous session. */ |
||
445 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
446 | if (ts != NULL) { |
||
447 | t_serverclose(ts); |
||
448 | pcb->eap.es_server.ea_session = NULL; |
||
449 | pcb->eap.es_server.ea_skey = NULL; |
||
450 | } |
||
451 | #endif /* USE_SRP */ |
||
452 | if (status != 0) { |
||
453 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
454 | break; |
||
455 | } |
||
456 | #ifdef USE_SRP |
||
457 | /* If we've got a pseudonym, try to decode to real name. */ |
||
458 | if (pcb->eap.es_server.ea_peerlen > SRP_PSEUDO_LEN && |
||
459 | strncmp(pcb->eap.es_server.ea_peer, SRP_PSEUDO_ID, |
||
460 | SRP_PSEUDO_LEN) == 0 && |
||
461 | (pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 < |
||
462 | sizeof (secbuf)) { |
||
463 | BZERO(&bs, sizeof (bs)); |
||
464 | plen = b64dec(&bs, |
||
465 | pcb->eap.es_server.ea_peer + SRP_PSEUDO_LEN, |
||
466 | pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN, |
||
467 | secbuf); |
||
468 | toffs = 0; |
||
469 | for (i = 0; i < 5; i++) { |
||
470 | pncrypt_setkey(toffs); |
||
471 | toffs -= 86400; |
||
472 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
473 | if (!DesDecrypt(secbuf, clear)) { |
||
474 | ppp_dbglog("no DES here; cannot decode " |
||
475 | "pseudonym"); |
||
476 | return; |
||
477 | } |
||
478 | id = *(unsigned char *)clear; |
||
479 | if (id + 1 <= plen && id + 9 > plen) |
||
480 | break; |
||
481 | } |
||
482 | if (plen % 8 == 0 && i < 5) { |
||
483 | /* |
||
484 | * Note that this is always shorter than the |
||
485 | * original stored string, so there's no need |
||
486 | * to realloc. |
||
487 | */ |
||
488 | if ((i = plen = *(unsigned char *)clear) > 7) |
||
489 | i = 7; |
||
490 | pcb->eap.es_server.ea_peerlen = plen; |
||
491 | dp = (unsigned char *)pcb->eap.es_server.ea_peer; |
||
492 | MEMCPY(dp, clear + 1, i); |
||
493 | plen -= i; |
||
494 | dp += i; |
||
495 | sp = secbuf + 8; |
||
496 | while (plen > 0) { |
||
497 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
498 | (void) DesDecrypt(sp, dp); |
||
499 | sp += 8; |
||
500 | dp += 8; |
||
501 | plen -= 8; |
||
502 | } |
||
503 | pcb->eap.es_server.ea_peer[ |
||
504 | pcb->eap.es_server.ea_peerlen] = '\0'; |
||
505 | ppp_dbglog("decoded pseudonym to \"%.*q\"", |
||
506 | pcb->eap.es_server.ea_peerlen, |
||
507 | pcb->eap.es_server.ea_peer); |
||
508 | } else { |
||
509 | ppp_dbglog("failed to decode real name"); |
||
510 | /* Stay in eapIdentfy state; requery */ |
||
511 | break; |
||
512 | } |
||
513 | } |
||
514 | /* Look up user in secrets database. */ |
||
515 | if (get_srp_secret(pcb->eap.es_unit, pcb->eap.es_server.ea_peer, |
||
516 | pcb->eap.es_server.ea_name, (char *)secbuf, 1) != 0) { |
||
517 | /* Set up default in case SRP entry is bad */ |
||
518 | pcb->eap.es_server.ea_state = eapMD5Chall; |
||
519 | /* Get t_confent based on index in srp-secrets */ |
||
520 | id = strtol((char *)secbuf, &cp, 10); |
||
521 | if (*cp++ != ':' || id < 0) |
||
522 | break; |
||
523 | if (id == 0) { |
||
524 | mytce.index = 0; |
||
525 | mytce.modulus.data = (u_char *)wkmodulus; |
||
526 | mytce.modulus.len = sizeof (wkmodulus); |
||
527 | mytce.generator.data = (u_char *)"\002"; |
||
528 | mytce.generator.len = 1; |
||
529 | tce = &mytce; |
||
530 | } else if ((tce = gettcid(id)) != NULL) { |
||
531 | /* |
||
532 | * Client will have to verify this modulus/ |
||
533 | * generator combination, and that will take |
||
534 | * a while. Lengthen the timeout here. |
||
535 | */ |
||
536 | if (pcb->settings.eap_timeout_time > 0 && |
||
537 | pcb->settings.eap_timeout_time < 30) |
||
538 | pcb->settings.eap_timeout_time = 30; |
||
539 | } else { |
||
540 | break; |
||
541 | } |
||
542 | if ((cp2 = strchr(cp, ':')) == NULL) |
||
543 | break; |
||
544 | *cp2++ = '\0'; |
||
545 | tpw.pebuf.name = pcb->eap.es_server.ea_peer; |
||
546 | tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf, |
||
547 | cp); |
||
548 | tpw.pebuf.password.data = tpw.pwbuf; |
||
549 | tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf, |
||
550 | cp2); |
||
551 | tpw.pebuf.salt.data = tpw.saltbuf; |
||
552 | if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL) |
||
553 | break; |
||
554 | pcb->eap.es_server.ea_session = (void *)ts; |
||
555 | pcb->eap.es_server.ea_state = eapSRP1; |
||
556 | vals[0] = pcb->eap.es_server.ea_id + 1; |
||
557 | vals[1] = EAPT_SRP; |
||
558 | t_serveraddexdata(ts, vals, 2); |
||
559 | /* Generate B; must call before t_servergetkey() */ |
||
560 | t_servergenexp(ts); |
||
561 | break; |
||
562 | } |
||
563 | #endif /* USE_SRP */ |
||
564 | pcb->eap.es_server.ea_state = eapMD5Chall; |
||
565 | break; |
||
566 | |||
567 | case eapSRP1: |
||
568 | #ifdef USE_SRP |
||
569 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
570 | if (ts != NULL && status != 0) { |
||
571 | t_serverclose(ts); |
||
572 | pcb->eap.es_server.ea_session = NULL; |
||
573 | pcb->eap.es_server.ea_skey = NULL; |
||
574 | } |
||
575 | #endif /* USE_SRP */ |
||
576 | if (status == 1) { |
||
577 | pcb->eap.es_server.ea_state = eapMD5Chall; |
||
578 | } else if (status != 0 || pcb->eap.es_server.ea_session == NULL) { |
||
579 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
580 | } else { |
||
581 | pcb->eap.es_server.ea_state = eapSRP2; |
||
582 | } |
||
583 | break; |
||
584 | |||
585 | case eapSRP2: |
||
586 | #ifdef USE_SRP |
||
587 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
588 | if (ts != NULL && status != 0) { |
||
589 | t_serverclose(ts); |
||
590 | pcb->eap.es_server.ea_session = NULL; |
||
591 | pcb->eap.es_server.ea_skey = NULL; |
||
592 | } |
||
593 | #endif /* USE_SRP */ |
||
594 | if (status != 0 || pcb->eap.es_server.ea_session == NULL) { |
||
595 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
596 | } else { |
||
597 | pcb->eap.es_server.ea_state = eapSRP3; |
||
598 | } |
||
599 | break; |
||
600 | |||
601 | case eapSRP3: |
||
602 | case eapSRP4: |
||
603 | #ifdef USE_SRP |
||
604 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
605 | if (ts != NULL && status != 0) { |
||
606 | t_serverclose(ts); |
||
607 | pcb->eap.es_server.ea_session = NULL; |
||
608 | pcb->eap.es_server.ea_skey = NULL; |
||
609 | } |
||
610 | #endif /* USE_SRP */ |
||
611 | if (status != 0 || pcb->eap.es_server.ea_session == NULL) { |
||
612 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
613 | } else { |
||
614 | pcb->eap.es_server.ea_state = eapOpen; |
||
615 | } |
||
616 | break; |
||
617 | |||
618 | case eapMD5Chall: |
||
619 | if (status != 0) { |
||
620 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
621 | } else { |
||
622 | pcb->eap.es_server.ea_state = eapOpen; |
||
623 | } |
||
624 | break; |
||
625 | |||
626 | default: |
||
627 | pcb->eap.es_server.ea_state = eapBadAuth; |
||
628 | break; |
||
629 | } |
||
630 | if (pcb->eap.es_server.ea_state == eapBadAuth) |
||
631 | eap_send_failure(pcb); |
||
632 | } |
||
633 | |||
634 | /* |
||
635 | * Format an EAP Request message and send it to the peer. Message |
||
636 | * type depends on current state. (Server operation) |
||
637 | */ |
||
638 | static void eap_send_request(ppp_pcb *pcb) { |
||
639 | struct pbuf *p; |
||
640 | u_char *outp; |
||
641 | u_char *lenloc; |
||
642 | int outlen; |
||
643 | int len; |
||
644 | const char *str; |
||
645 | #ifdef USE_SRP |
||
646 | struct t_server *ts; |
||
647 | u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp; |
||
648 | int i, j; |
||
649 | struct b64state b64; |
||
650 | SHA1_CTX ctxt; |
||
651 | #endif /* USE_SRP */ |
||
652 | |||
653 | /* Handle both initial auth and restart */ |
||
654 | if (pcb->eap.es_server.ea_state < eapIdentify && |
||
655 | pcb->eap.es_server.ea_state != eapInitial) { |
||
656 | pcb->eap.es_server.ea_state = eapIdentify; |
||
657 | #if PPP_REMOTENAME |
||
658 | if (pcb->settings.explicit_remote && pcb->remote_name) { |
||
659 | /* |
||
660 | * If we already know the peer's |
||
661 | * unauthenticated name, then there's no |
||
662 | * reason to ask. Go to next state instead. |
||
663 | */ |
||
664 | int len = (int)strlen(pcb->remote_name); |
||
665 | if (len > MAXNAMELEN) { |
||
666 | len = MAXNAMELEN; |
||
667 | } |
||
668 | MEMCPY(pcb->eap.es_server.ea_peer, pcb->remote_name, len); |
||
669 | pcb->eap.es_server.ea_peer[len] = '\0'; |
||
670 | pcb->eap.es_server.ea_peerlen = len; |
||
671 | eap_figure_next_state(pcb, 0); |
||
672 | } |
||
673 | #endif /* PPP_REMOTENAME */ |
||
674 | } |
||
675 | |||
676 | if (pcb->settings.eap_max_transmits > 0 && |
||
677 | pcb->eap.es_server.ea_requests >= pcb->settings.eap_max_transmits) { |
||
678 | if (pcb->eap.es_server.ea_responses > 0) |
||
679 | ppp_error("EAP: too many Requests sent"); |
||
680 | else |
||
681 | ppp_error("EAP: no response to Requests"); |
||
682 | eap_send_failure(pcb); |
||
683 | return; |
||
684 | } |
||
685 | |||
686 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_CTRL_PBUF_MAX_SIZE), PPP_CTRL_PBUF_TYPE); |
||
687 | if(NULL == p) |
||
688 | return; |
||
689 | if(p->tot_len != p->len) { |
||
690 | pbuf_free(p); |
||
691 | return; |
||
692 | } |
||
693 | |||
694 | outp = (u_char*)p->payload; |
||
695 | |||
696 | MAKEHEADER(outp, PPP_EAP); |
||
697 | |||
698 | PUTCHAR(EAP_REQUEST, outp); |
||
699 | PUTCHAR(pcb->eap.es_server.ea_id, outp); |
||
700 | lenloc = outp; |
||
701 | INCPTR(2, outp); |
||
702 | |||
703 | switch (pcb->eap.es_server.ea_state) { |
||
704 | case eapIdentify: |
||
705 | PUTCHAR(EAPT_IDENTITY, outp); |
||
706 | str = "Name"; |
||
707 | len = strlen(str); |
||
708 | MEMCPY(outp, str, len); |
||
709 | INCPTR(len, outp); |
||
710 | break; |
||
711 | |||
712 | case eapMD5Chall: |
||
713 | PUTCHAR(EAPT_MD5CHAP, outp); |
||
714 | /* |
||
715 | * pick a random challenge length between |
||
716 | * EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH |
||
717 | */ |
||
718 | pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH + |
||
719 | magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH); |
||
720 | PUTCHAR(pcb->eap.es_challen, outp); |
||
721 | magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen); |
||
722 | MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen); |
||
723 | INCPTR(pcb->eap.es_challen, outp); |
||
724 | MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen); |
||
725 | INCPTR(pcb->eap.es_server.ea_namelen, outp); |
||
726 | break; |
||
727 | |||
728 | #ifdef USE_SRP |
||
729 | case eapSRP1: |
||
730 | PUTCHAR(EAPT_SRP, outp); |
||
731 | PUTCHAR(EAPSRP_CHALLENGE, outp); |
||
732 | |||
733 | PUTCHAR(pcb->eap.es_server.ea_namelen, outp); |
||
734 | MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen); |
||
735 | INCPTR(pcb->eap.es_server.ea_namelen, outp); |
||
736 | |||
737 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
738 | assert(ts != NULL); |
||
739 | PUTCHAR(ts->s.len, outp); |
||
740 | MEMCPY(outp, ts->s.data, ts->s.len); |
||
741 | INCPTR(ts->s.len, outp); |
||
742 | |||
743 | if (ts->g.len == 1 && ts->g.data[0] == 2) { |
||
744 | PUTCHAR(0, outp); |
||
745 | } else { |
||
746 | PUTCHAR(ts->g.len, outp); |
||
747 | MEMCPY(outp, ts->g.data, ts->g.len); |
||
748 | INCPTR(ts->g.len, outp); |
||
749 | } |
||
750 | |||
751 | if (ts->n.len != sizeof (wkmodulus) || |
||
752 | BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) { |
||
753 | MEMCPY(outp, ts->n.data, ts->n.len); |
||
754 | INCPTR(ts->n.len, outp); |
||
755 | } |
||
756 | break; |
||
757 | |||
758 | case eapSRP2: |
||
759 | PUTCHAR(EAPT_SRP, outp); |
||
760 | PUTCHAR(EAPSRP_SKEY, outp); |
||
761 | |||
762 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
763 | assert(ts != NULL); |
||
764 | MEMCPY(outp, ts->B.data, ts->B.len); |
||
765 | INCPTR(ts->B.len, outp); |
||
766 | break; |
||
767 | |||
768 | case eapSRP3: |
||
769 | PUTCHAR(EAPT_SRP, outp); |
||
770 | PUTCHAR(EAPSRP_SVALIDATOR, outp); |
||
771 | PUTLONG(SRPVAL_EBIT, outp); |
||
772 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
773 | assert(ts != NULL); |
||
774 | MEMCPY(outp, t_serverresponse(ts), SHA_DIGESTSIZE); |
||
775 | INCPTR(SHA_DIGESTSIZE, outp); |
||
776 | |||
777 | if (pncrypt_setkey(0)) { |
||
778 | /* Generate pseudonym */ |
||
779 | optr = outp; |
||
780 | cp = (unsigned char *)pcb->eap.es_server.ea_peer; |
||
781 | if ((j = i = pcb->eap.es_server.ea_peerlen) > 7) |
||
782 | j = 7; |
||
783 | clear[0] = i; |
||
784 | MEMCPY(clear + 1, cp, j); |
||
785 | i -= j; |
||
786 | cp += j; |
||
787 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
788 | if (!DesEncrypt(clear, cipher)) { |
||
789 | ppp_dbglog("no DES here; not generating pseudonym"); |
||
790 | break; |
||
791 | } |
||
792 | BZERO(&b64, sizeof (b64)); |
||
793 | outp++; /* space for pseudonym length */ |
||
794 | outp += b64enc(&b64, cipher, 8, outp); |
||
795 | while (i >= 8) { |
||
796 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
797 | (void) DesEncrypt(cp, cipher); |
||
798 | outp += b64enc(&b64, cipher, 8, outp); |
||
799 | cp += 8; |
||
800 | i -= 8; |
||
801 | } |
||
802 | if (i > 0) { |
||
803 | MEMCPY(clear, cp, i); |
||
804 | cp += i; |
||
805 | magic_random_bytes(cp, 8-i); |
||
806 | /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ |
||
807 | (void) DesEncrypt(clear, cipher); |
||
808 | outp += b64enc(&b64, cipher, 8, outp); |
||
809 | } |
||
810 | outp += b64flush(&b64, outp); |
||
811 | |||
812 | /* Set length and pad out to next 20 octet boundary */ |
||
813 | i = outp - optr - 1; |
||
814 | *optr = i; |
||
815 | i %= SHA_DIGESTSIZE; |
||
816 | if (i != 0) { |
||
817 | magic_random_bytes(outp, SHA_DIGESTSIZE-i); |
||
818 | INCPTR(SHA_DIGESTSIZE-i, outp); |
||
819 | } |
||
820 | |||
821 | /* Obscure the pseudonym with SHA1 hash */ |
||
822 | SHA1Init(&ctxt); |
||
823 | SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1); |
||
824 | SHA1Update(&ctxt, pcb->eap.es_server.ea_skey, |
||
825 | SESSION_KEY_LEN); |
||
826 | SHA1Update(&ctxt, pcb->eap.es_server.ea_peer, |
||
827 | pcb->eap.es_server.ea_peerlen); |
||
828 | while (optr < outp) { |
||
829 | SHA1Final(dig, &ctxt); |
||
830 | cp = dig; |
||
831 | while (cp < dig + SHA_DIGESTSIZE) |
||
832 | *optr++ ^= *cp++; |
||
833 | SHA1Init(&ctxt); |
||
834 | SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1); |
||
835 | SHA1Update(&ctxt, pcb->eap.es_server.ea_skey, |
||
836 | SESSION_KEY_LEN); |
||
837 | SHA1Update(&ctxt, optr - SHA_DIGESTSIZE, |
||
838 | SHA_DIGESTSIZE); |
||
839 | } |
||
840 | } |
||
841 | break; |
||
842 | |||
843 | case eapSRP4: |
||
844 | PUTCHAR(EAPT_SRP, outp); |
||
845 | PUTCHAR(EAPSRP_LWRECHALLENGE, outp); |
||
846 | pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH + |
||
847 | magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH); |
||
848 | magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen); |
||
849 | MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen); |
||
850 | INCPTR(pcb->eap.es_challen, outp); |
||
851 | break; |
||
852 | #endif /* USE_SRP */ |
||
853 | |||
854 | default: |
||
855 | return; |
||
856 | } |
||
857 | |||
858 | outlen = (outp - (unsigned char*)p->payload) - PPP_HDRLEN; |
||
859 | PUTSHORT(outlen, lenloc); |
||
860 | |||
861 | pbuf_realloc(p, outlen + PPP_HDRLEN); |
||
862 | ppp_write(pcb, p); |
||
863 | |||
864 | pcb->eap.es_server.ea_requests++; |
||
865 | |||
866 | if (pcb->settings.eap_timeout_time > 0) |
||
867 | TIMEOUT(eap_server_timeout, pcb, pcb->settings.eap_timeout_time); |
||
868 | } |
||
869 | |||
870 | /* |
||
871 | * eap_authpeer - Authenticate our peer (behave as server). |
||
872 | * |
||
873 | * Start server state and send first request. This is called only |
||
874 | * after eap_lowerup. |
||
875 | */ |
||
876 | void eap_authpeer(ppp_pcb *pcb, const char *localname) { |
||
877 | |||
878 | /* Save the name we're given. */ |
||
879 | pcb->eap.es_server.ea_name = localname; |
||
880 | pcb->eap.es_server.ea_namelen = strlen(localname); |
||
881 | |||
882 | pcb->eap.es_savedtime = pcb->settings.eap_timeout_time; |
||
883 | |||
884 | /* Lower layer up yet? */ |
||
885 | if (pcb->eap.es_server.ea_state == eapInitial || |
||
886 | pcb->eap.es_server.ea_state == eapPending) { |
||
887 | pcb->eap.es_server.ea_state = eapPending; |
||
888 | return; |
||
889 | } |
||
890 | |||
891 | pcb->eap.es_server.ea_state = eapPending; |
||
892 | |||
893 | /* ID number not updated here intentionally; hashed into M1 */ |
||
894 | eap_send_request(pcb); |
||
895 | } |
||
896 | |||
897 | /* |
||
898 | * eap_server_timeout - Retransmission timer for sending Requests |
||
899 | * expired. |
||
900 | */ |
||
901 | static void eap_server_timeout(void *arg) { |
||
902 | ppp_pcb *pcb = (ppp_pcb*)arg; |
||
903 | |||
904 | if (!eap_server_active(pcb)) |
||
905 | return; |
||
906 | |||
907 | /* EAP ID number must not change on timeout. */ |
||
908 | eap_send_request(pcb); |
||
909 | } |
||
910 | |||
911 | /* |
||
912 | * When it's time to send rechallenge the peer, this timeout is |
||
913 | * called. Once the rechallenge is successful, the response handler |
||
914 | * will restart the timer. If it fails, then the link is dropped. |
||
915 | */ |
||
916 | static void eap_rechallenge(void *arg) { |
||
917 | ppp_pcb *pcb = (ppp_pcb*)arg; |
||
918 | |||
919 | if (pcb->eap.es_server.ea_state != eapOpen && |
||
920 | pcb->eap.es_server.ea_state != eapSRP4) |
||
921 | return; |
||
922 | |||
923 | pcb->eap.es_server.ea_requests = 0; |
||
924 | pcb->eap.es_server.ea_state = eapIdentify; |
||
925 | eap_figure_next_state(pcb, 0); |
||
926 | pcb->eap.es_server.ea_id++; |
||
927 | eap_send_request(pcb); |
||
928 | } |
||
929 | |||
930 | static void srp_lwrechallenge(void *arg) { |
||
931 | ppp_pcb *pcb = (ppp_pcb*)arg; |
||
932 | |||
933 | if (pcb->eap.es_server.ea_state != eapOpen || |
||
934 | pcb->eap.es_server.ea_type != EAPT_SRP) |
||
935 | return; |
||
936 | |||
937 | pcb->eap.es_server.ea_requests = 0; |
||
938 | pcb->eap.es_server.ea_state = eapSRP4; |
||
939 | pcb->eap.es_server.ea_id++; |
||
940 | eap_send_request(pcb); |
||
941 | } |
||
942 | #endif /* PPP_SERVER */ |
||
943 | |||
944 | /* |
||
945 | * eap_lowerup - The lower layer is now up. |
||
946 | * |
||
947 | * This is called before either eap_authpeer or eap_authwithpeer. See |
||
948 | * link_established() in auth.c. All that's necessary here is to |
||
949 | * return to closed state so that those two routines will do the right |
||
950 | * thing. |
||
951 | */ |
||
952 | static void eap_lowerup(ppp_pcb *pcb) { |
||
953 | pcb->eap.es_client.ea_state = eapClosed; |
||
954 | #if PPP_SERVER |
||
955 | pcb->eap.es_server.ea_state = eapClosed; |
||
956 | #endif /* PPP_SERVER */ |
||
957 | } |
||
958 | |||
959 | /* |
||
960 | * eap_lowerdown - The lower layer is now down. |
||
961 | * |
||
962 | * Cancel all timeouts and return to initial state. |
||
963 | */ |
||
964 | static void eap_lowerdown(ppp_pcb *pcb) { |
||
965 | |||
966 | if (eap_client_active(pcb) && pcb->settings.eap_req_time > 0) { |
||
967 | UNTIMEOUT(eap_client_timeout, pcb); |
||
968 | } |
||
969 | #if PPP_SERVER |
||
970 | if (eap_server_active(pcb)) { |
||
971 | if (pcb->settings.eap_timeout_time > 0) { |
||
972 | UNTIMEOUT(eap_server_timeout, pcb); |
||
973 | } |
||
974 | } else { |
||
975 | if ((pcb->eap.es_server.ea_state == eapOpen || |
||
976 | pcb->eap.es_server.ea_state == eapSRP4) && |
||
977 | pcb->eap.es_rechallenge > 0) { |
||
978 | UNTIMEOUT(eap_rechallenge, (void *)pcb); |
||
979 | } |
||
980 | if (pcb->eap.es_server.ea_state == eapOpen && |
||
981 | pcb->eap.es_lwrechallenge > 0) { |
||
982 | UNTIMEOUT(srp_lwrechallenge, (void *)pcb); |
||
983 | } |
||
984 | } |
||
985 | |||
986 | pcb->eap.es_client.ea_state = pcb->eap.es_server.ea_state = eapInitial; |
||
987 | pcb->eap.es_client.ea_requests = pcb->eap.es_server.ea_requests = 0; |
||
988 | #endif /* PPP_SERVER */ |
||
989 | } |
||
990 | |||
991 | /* |
||
992 | * eap_protrej - Peer doesn't speak this protocol. |
||
993 | * |
||
994 | * This shouldn't happen. If it does, it represents authentication |
||
995 | * failure. |
||
996 | */ |
||
997 | static void eap_protrej(ppp_pcb *pcb) { |
||
998 | |||
999 | if (eap_client_active(pcb)) { |
||
1000 | ppp_error("EAP authentication failed due to Protocol-Reject"); |
||
1001 | auth_withpeer_fail(pcb, PPP_EAP); |
||
1002 | } |
||
1003 | #if PPP_SERVER |
||
1004 | if (eap_server_active(pcb)) { |
||
1005 | ppp_error("EAP authentication of peer failed on Protocol-Reject"); |
||
1006 | auth_peer_fail(pcb, PPP_EAP); |
||
1007 | } |
||
1008 | #endif /* PPP_SERVER */ |
||
1009 | eap_lowerdown(pcb); |
||
1010 | } |
||
1011 | |||
1012 | /* |
||
1013 | * Format and send a regular EAP Response message. |
||
1014 | */ |
||
1015 | static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, const u_char *str, int lenstr) { |
||
1016 | struct pbuf *p; |
||
1017 | u_char *outp; |
||
1018 | int msglen; |
||
1019 | |||
1020 | msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr; |
||
1021 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE); |
||
1022 | if(NULL == p) |
||
1023 | return; |
||
1024 | if(p->tot_len != p->len) { |
||
1025 | pbuf_free(p); |
||
1026 | return; |
||
1027 | } |
||
1028 | |||
1029 | outp = (u_char*)p->payload; |
||
1030 | |||
1031 | MAKEHEADER(outp, PPP_EAP); |
||
1032 | |||
1033 | PUTCHAR(EAP_RESPONSE, outp); |
||
1034 | PUTCHAR(id, outp); |
||
1035 | pcb->eap.es_client.ea_id = id; |
||
1036 | PUTSHORT(msglen, outp); |
||
1037 | PUTCHAR(typenum, outp); |
||
1038 | if (lenstr > 0) { |
||
1039 | MEMCPY(outp, str, lenstr); |
||
1040 | } |
||
1041 | |||
1042 | ppp_write(pcb, p); |
||
1043 | } |
||
1044 | |||
1045 | /* |
||
1046 | * Format and send an MD5-Challenge EAP Response message. |
||
1047 | */ |
||
1048 | static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, const char *name, int namelen) { |
||
1049 | struct pbuf *p; |
||
1050 | u_char *outp; |
||
1051 | int msglen; |
||
1052 | |||
1053 | msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE + |
||
1054 | namelen; |
||
1055 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE); |
||
1056 | if(NULL == p) |
||
1057 | return; |
||
1058 | if(p->tot_len != p->len) { |
||
1059 | pbuf_free(p); |
||
1060 | return; |
||
1061 | } |
||
1062 | |||
1063 | outp = (u_char*)p->payload; |
||
1064 | |||
1065 | MAKEHEADER(outp, PPP_EAP); |
||
1066 | |||
1067 | PUTCHAR(EAP_RESPONSE, outp); |
||
1068 | PUTCHAR(id, outp); |
||
1069 | pcb->eap.es_client.ea_id = id; |
||
1070 | PUTSHORT(msglen, outp); |
||
1071 | PUTCHAR(EAPT_MD5CHAP, outp); |
||
1072 | PUTCHAR(MD5_SIGNATURE_SIZE, outp); |
||
1073 | MEMCPY(outp, hash, MD5_SIGNATURE_SIZE); |
||
1074 | INCPTR(MD5_SIGNATURE_SIZE, outp); |
||
1075 | if (namelen > 0) { |
||
1076 | MEMCPY(outp, name, namelen); |
||
1077 | } |
||
1078 | |||
1079 | ppp_write(pcb, p); |
||
1080 | } |
||
1081 | |||
1082 | #ifdef USE_SRP |
||
1083 | /* |
||
1084 | * Format and send a SRP EAP Response message. |
||
1085 | */ |
||
1086 | static void |
||
1087 | eap_srp_response(esp, id, subtypenum, str, lenstr) |
||
1088 | eap_state *esp; |
||
1089 | u_char id; |
||
1090 | u_char subtypenum; |
||
1091 | u_char *str; |
||
1092 | int lenstr; |
||
1093 | { |
||
1094 | ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit]; |
||
1095 | struct pbuf *p; |
||
1096 | u_char *outp; |
||
1097 | int msglen; |
||
1098 | |||
1099 | msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr; |
||
1100 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE); |
||
1101 | if(NULL == p) |
||
1102 | return; |
||
1103 | if(p->tot_len != p->len) { |
||
1104 | pbuf_free(p); |
||
1105 | return; |
||
1106 | } |
||
1107 | |||
1108 | outp = p->payload; |
||
1109 | |||
1110 | MAKEHEADER(outp, PPP_EAP); |
||
1111 | |||
1112 | PUTCHAR(EAP_RESPONSE, outp); |
||
1113 | PUTCHAR(id, outp); |
||
1114 | pcb->eap.es_client.ea_id = id; |
||
1115 | PUTSHORT(msglen, outp); |
||
1116 | PUTCHAR(EAPT_SRP, outp); |
||
1117 | PUTCHAR(subtypenum, outp); |
||
1118 | if (lenstr > 0) { |
||
1119 | MEMCPY(outp, str, lenstr); |
||
1120 | } |
||
1121 | |||
1122 | ppp_write(pcb, p); |
||
1123 | } |
||
1124 | |||
1125 | /* |
||
1126 | * Format and send a SRP EAP Client Validator Response message. |
||
1127 | */ |
||
1128 | static void |
||
1129 | eap_srpval_response(esp, id, flags, str) |
||
1130 | eap_state *esp; |
||
1131 | u_char id; |
||
1132 | u32_t flags; |
||
1133 | u_char *str; |
||
1134 | { |
||
1135 | ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit]; |
||
1136 | struct pbuf *p; |
||
1137 | u_char *outp; |
||
1138 | int msglen; |
||
1139 | |||
1140 | msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u32_t) + |
||
1141 | SHA_DIGESTSIZE; |
||
1142 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE); |
||
1143 | if(NULL == p) |
||
1144 | return; |
||
1145 | if(p->tot_len != p->len) { |
||
1146 | pbuf_free(p); |
||
1147 | return; |
||
1148 | } |
||
1149 | |||
1150 | outp = p->payload; |
||
1151 | |||
1152 | MAKEHEADER(outp, PPP_EAP); |
||
1153 | |||
1154 | PUTCHAR(EAP_RESPONSE, outp); |
||
1155 | PUTCHAR(id, outp); |
||
1156 | pcb->eap.es_client.ea_id = id; |
||
1157 | PUTSHORT(msglen, outp); |
||
1158 | PUTCHAR(EAPT_SRP, outp); |
||
1159 | PUTCHAR(EAPSRP_CVALIDATOR, outp); |
||
1160 | PUTLONG(flags, outp); |
||
1161 | MEMCPY(outp, str, SHA_DIGESTSIZE); |
||
1162 | |||
1163 | ppp_write(pcb, p); |
||
1164 | } |
||
1165 | #endif /* USE_SRP */ |
||
1166 | |||
1167 | static void eap_send_nak(ppp_pcb *pcb, u_char id, u_char type) { |
||
1168 | struct pbuf *p; |
||
1169 | u_char *outp; |
||
1170 | int msglen; |
||
1171 | |||
1172 | msglen = EAP_HEADERLEN + 2 * sizeof (u_char); |
||
1173 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE); |
||
1174 | if(NULL == p) |
||
1175 | return; |
||
1176 | if(p->tot_len != p->len) { |
||
1177 | pbuf_free(p); |
||
1178 | return; |
||
1179 | } |
||
1180 | |||
1181 | outp = (u_char*)p->payload; |
||
1182 | |||
1183 | MAKEHEADER(outp, PPP_EAP); |
||
1184 | |||
1185 | PUTCHAR(EAP_RESPONSE, outp); |
||
1186 | PUTCHAR(id, outp); |
||
1187 | pcb->eap.es_client.ea_id = id; |
||
1188 | PUTSHORT(msglen, outp); |
||
1189 | PUTCHAR(EAPT_NAK, outp); |
||
1190 | PUTCHAR(type, outp); |
||
1191 | |||
1192 | ppp_write(pcb, p); |
||
1193 | } |
||
1194 | |||
1195 | #ifdef USE_SRP |
||
1196 | static char * |
||
1197 | name_of_pn_file() |
||
1198 | { |
||
1199 | char *user, *path, *file; |
||
1200 | struct passwd *pw; |
||
1201 | size_t pl; |
||
1202 | static bool pnlogged = 0; |
||
1203 | |||
1204 | pw = getpwuid(getuid()); |
||
1205 | if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) { |
||
1206 | errno = EINVAL; |
||
1207 | return (NULL); |
||
1208 | } |
||
1209 | file = _PATH_PSEUDONYM; |
||
1210 | pl = strlen(user) + strlen(file) + 2; |
||
1211 | path = malloc(pl); |
||
1212 | if (path == NULL) |
||
1213 | return (NULL); |
||
1214 | (void) slprintf(path, pl, "%s/%s", user, file); |
||
1215 | if (!pnlogged) { |
||
1216 | ppp_dbglog("pseudonym file: %s", path); |
||
1217 | pnlogged = 1; |
||
1218 | } |
||
1219 | return (path); |
||
1220 | } |
||
1221 | |||
1222 | static int |
||
1223 | open_pn_file(modebits) |
||
1224 | mode_t modebits; |
||
1225 | { |
||
1226 | char *path; |
||
1227 | int fd, err; |
||
1228 | |||
1229 | if ((path = name_of_pn_file()) == NULL) |
||
1230 | return (-1); |
||
1231 | fd = open(path, modebits, S_IRUSR | S_IWUSR); |
||
1232 | err = errno; |
||
1233 | free(path); |
||
1234 | errno = err; |
||
1235 | return (fd); |
||
1236 | } |
||
1237 | |||
1238 | static void |
||
1239 | remove_pn_file() |
||
1240 | { |
||
1241 | char *path; |
||
1242 | |||
1243 | if ((path = name_of_pn_file()) != NULL) { |
||
1244 | (void) unlink(path); |
||
1245 | (void) free(path); |
||
1246 | } |
||
1247 | } |
||
1248 | |||
1249 | static void |
||
1250 | write_pseudonym(esp, inp, len, id) |
||
1251 | eap_state *esp; |
||
1252 | u_char *inp; |
||
1253 | int len, id; |
||
1254 | { |
||
1255 | u_char val; |
||
1256 | u_char *datp, *digp; |
||
1257 | SHA1_CTX ctxt; |
||
1258 | u_char dig[SHA_DIGESTSIZE]; |
||
1259 | int dsize, fd, olen = len; |
||
1260 | |||
1261 | /* |
||
1262 | * Do the decoding by working backwards. This eliminates the need |
||
1263 | * to save the decoded output in a separate buffer. |
||
1264 | */ |
||
1265 | val = id; |
||
1266 | while (len > 0) { |
||
1267 | if ((dsize = len % SHA_DIGESTSIZE) == 0) |
||
1268 | dsize = SHA_DIGESTSIZE; |
||
1269 | len -= dsize; |
||
1270 | datp = inp + len; |
||
1271 | SHA1Init(&ctxt); |
||
1272 | SHA1Update(&ctxt, &val, 1); |
||
1273 | SHA1Update(&ctxt, pcb->eap.es_client.ea_skey, SESSION_KEY_LEN); |
||
1274 | if (len > 0) { |
||
1275 | SHA1Update(&ctxt, datp, SHA_DIGESTSIZE); |
||
1276 | } else { |
||
1277 | SHA1Update(&ctxt, pcb->eap.es_client.ea_name, |
||
1278 | pcb->eap.es_client.ea_namelen); |
||
1279 | } |
||
1280 | SHA1Final(dig, &ctxt); |
||
1281 | for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++) |
||
1282 | *datp++ ^= *digp; |
||
1283 | } |
||
1284 | |||
1285 | /* Now check that the result is sane */ |
||
1286 | if (olen <= 0 || *inp + 1 > olen) { |
||
1287 | ppp_dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp); |
||
1288 | return; |
||
1289 | } |
||
1290 | |||
1291 | /* Save it away */ |
||
1292 | fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC); |
||
1293 | if (fd < 0) { |
||
1294 | ppp_dbglog("EAP: error saving pseudonym: %m"); |
||
1295 | return; |
||
1296 | } |
||
1297 | len = write(fd, inp + 1, *inp); |
||
1298 | if (close(fd) != -1 && len == *inp) { |
||
1299 | ppp_dbglog("EAP: saved pseudonym"); |
||
1300 | pcb->eap.es_usedpseudo = 0; |
||
1301 | } else { |
||
1302 | ppp_dbglog("EAP: failed to save pseudonym"); |
||
1303 | remove_pn_file(); |
||
1304 | } |
||
1305 | } |
||
1306 | #endif /* USE_SRP */ |
||
1307 | |||
1308 | /* |
||
1309 | * eap_request - Receive EAP Request message (client mode). |
||
1310 | */ |
||
1311 | static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) { |
||
1312 | u_char typenum; |
||
1313 | u_char vallen; |
||
1314 | int secret_len; |
||
1315 | char secret[MAXSECRETLEN]; |
||
1316 | char rhostname[MAXNAMELEN]; |
||
1317 | lwip_md5_context mdContext; |
||
1318 | u_char hash[MD5_SIGNATURE_SIZE]; |
||
1319 | #ifdef USE_SRP |
||
1320 | struct t_client *tc; |
||
1321 | struct t_num sval, gval, Nval, *Ap, Bval; |
||
1322 | u_char vals[2]; |
||
1323 | SHA1_CTX ctxt; |
||
1324 | u_char dig[SHA_DIGESTSIZE]; |
||
1325 | int fd; |
||
1326 | #endif /* USE_SRP */ |
||
1327 | |||
1328 | /* |
||
1329 | * Note: we update es_client.ea_id *only if* a Response |
||
1330 | * message is being generated. Otherwise, we leave it the |
||
1331 | * same for duplicate detection purposes. |
||
1332 | */ |
||
1333 | |||
1334 | pcb->eap.es_client.ea_requests++; |
||
1335 | if (pcb->settings.eap_allow_req != 0 && |
||
1336 | pcb->eap.es_client.ea_requests > pcb->settings.eap_allow_req) { |
||
1337 | ppp_info("EAP: received too many Request messages"); |
||
1338 | if (pcb->settings.eap_req_time > 0) { |
||
1339 | UNTIMEOUT(eap_client_timeout, pcb); |
||
1340 | } |
||
1341 | auth_withpeer_fail(pcb, PPP_EAP); |
||
1342 | return; |
||
1343 | } |
||
1344 | |||
1345 | if (len <= 0) { |
||
1346 | ppp_error("EAP: empty Request message discarded"); |
||
1347 | return; |
||
1348 | } |
||
1349 | |||
1350 | GETCHAR(typenum, inp); |
||
1351 | len--; |
||
1352 | |||
1353 | switch (typenum) { |
||
1354 | case EAPT_IDENTITY: |
||
1355 | if (len > 0) |
||
1356 | ppp_info("EAP: Identity prompt \"%.*q\"", len, inp); |
||
1357 | #ifdef USE_SRP |
||
1358 | if (pcb->eap.es_usepseudo && |
||
1359 | (pcb->eap.es_usedpseudo == 0 || |
||
1360 | (pcb->eap.es_usedpseudo == 1 && |
||
1361 | id == pcb->eap.es_client.ea_id))) { |
||
1362 | pcb->eap.es_usedpseudo = 1; |
||
1363 | /* Try to get a pseudonym */ |
||
1364 | if ((fd = open_pn_file(O_RDONLY)) >= 0) { |
||
1365 | strcpy(rhostname, SRP_PSEUDO_ID); |
||
1366 | len = read(fd, rhostname + SRP_PSEUDO_LEN, |
||
1367 | sizeof (rhostname) - SRP_PSEUDO_LEN); |
||
1368 | /* XXX NAI unsupported */ |
||
1369 | if (len > 0) { |
||
1370 | eap_send_response(pcb, id, typenum, |
||
1371 | rhostname, len + SRP_PSEUDO_LEN); |
||
1372 | } |
||
1373 | (void) close(fd); |
||
1374 | if (len > 0) |
||
1375 | break; |
||
1376 | } |
||
1377 | } |
||
1378 | /* Stop using pseudonym now. */ |
||
1379 | if (pcb->eap.es_usepseudo && pcb->eap.es_usedpseudo != 2) { |
||
1380 | remove_pn_file(); |
||
1381 | pcb->eap.es_usedpseudo = 2; |
||
1382 | } |
||
1383 | #endif /* USE_SRP */ |
||
1384 | eap_send_response(pcb, id, typenum, (const u_char*)pcb->eap.es_client.ea_name, |
||
1385 | pcb->eap.es_client.ea_namelen); |
||
1386 | break; |
||
1387 | |||
1388 | case EAPT_NOTIFICATION: |
||
1389 | if (len > 0) |
||
1390 | ppp_info("EAP: Notification \"%.*q\"", len, inp); |
||
1391 | eap_send_response(pcb, id, typenum, NULL, 0); |
||
1392 | break; |
||
1393 | |||
1394 | case EAPT_NAK: |
||
1395 | /* |
||
1396 | * Avoid the temptation to send Response Nak in reply |
||
1397 | * to Request Nak here. It can only lead to trouble. |
||
1398 | */ |
||
1399 | ppp_warn("EAP: unexpected Nak in Request; ignored"); |
||
1400 | /* Return because we're waiting for something real. */ |
||
1401 | return; |
||
1402 | |||
1403 | case EAPT_MD5CHAP: |
||
1404 | if (len < 1) { |
||
1405 | ppp_error("EAP: received MD5-Challenge with no data"); |
||
1406 | /* Bogus request; wait for something real. */ |
||
1407 | return; |
||
1408 | } |
||
1409 | GETCHAR(vallen, inp); |
||
1410 | len--; |
||
1411 | if (vallen < 8 || vallen > len) { |
||
1412 | ppp_error("EAP: MD5-Challenge with bad length %d (8..%d)", |
||
1413 | vallen, len); |
||
1414 | /* Try something better. */ |
||
1415 | eap_send_nak(pcb, id, EAPT_SRP); |
||
1416 | break; |
||
1417 | } |
||
1418 | |||
1419 | /* Not so likely to happen. */ |
||
1420 | if (vallen >= len + sizeof (rhostname)) { |
||
1421 | ppp_dbglog("EAP: trimming really long peer name down"); |
||
1422 | MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1); |
||
1423 | rhostname[sizeof (rhostname) - 1] = '\0'; |
||
1424 | } else { |
||
1425 | MEMCPY(rhostname, inp + vallen, len - vallen); |
||
1426 | rhostname[len - vallen] = '\0'; |
||
1427 | } |
||
1428 | |||
1429 | #if PPP_REMOTENAME |
||
1430 | /* In case the remote doesn't give us his name. */ |
||
1431 | if (pcb->settings.explicit_remote || |
||
1432 | (pcb->settings.remote_name[0] != '\0' && vallen == len)) |
||
1433 | strlcpy(rhostname, pcb->settings.remote_name, sizeof (rhostname)); |
||
1434 | #endif /* PPP_REMOTENAME */ |
||
1435 | |||
1436 | /* |
||
1437 | * Get the secret for authenticating ourselves with |
||
1438 | * the specified host. |
||
1439 | */ |
||
1440 | if (!get_secret(pcb, pcb->eap.es_client.ea_name, |
||
1441 | rhostname, secret, &secret_len, 0)) { |
||
1442 | ppp_dbglog("EAP: no MD5 secret for auth to %q", rhostname); |
||
1443 | eap_send_nak(pcb, id, EAPT_SRP); |
||
1444 | break; |
||
1445 | } |
||
1446 | lwip_md5_init(&mdContext); |
||
1447 | lwip_md5_starts(&mdContext); |
||
1448 | typenum = id; |
||
1449 | lwip_md5_update(&mdContext, &typenum, 1); |
||
1450 | lwip_md5_update(&mdContext, (u_char *)secret, secret_len); |
||
1451 | BZERO(secret, sizeof (secret)); |
||
1452 | lwip_md5_update(&mdContext, inp, vallen); |
||
1453 | lwip_md5_finish(&mdContext, hash); |
||
1454 | lwip_md5_free(&mdContext); |
||
1455 | eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name, |
||
1456 | pcb->eap.es_client.ea_namelen); |
||
1457 | break; |
||
1458 | |||
1459 | #ifdef USE_SRP |
||
1460 | case EAPT_SRP: |
||
1461 | if (len < 1) { |
||
1462 | ppp_error("EAP: received empty SRP Request"); |
||
1463 | /* Bogus request; wait for something real. */ |
||
1464 | return; |
||
1465 | } |
||
1466 | |||
1467 | /* Get subtype */ |
||
1468 | GETCHAR(vallen, inp); |
||
1469 | len--; |
||
1470 | switch (vallen) { |
||
1471 | case EAPSRP_CHALLENGE: |
||
1472 | tc = NULL; |
||
1473 | if (pcb->eap.es_client.ea_session != NULL) { |
||
1474 | tc = (struct t_client *)pcb->eap.es_client. |
||
1475 | ea_session; |
||
1476 | /* |
||
1477 | * If this is a new challenge, then start |
||
1478 | * over with a new client session context. |
||
1479 | * Otherwise, just resend last response. |
||
1480 | */ |
||
1481 | if (id != pcb->eap.es_client.ea_id) { |
||
1482 | t_clientclose(tc); |
||
1483 | pcb->eap.es_client.ea_session = NULL; |
||
1484 | tc = NULL; |
||
1485 | } |
||
1486 | } |
||
1487 | /* No session key just yet */ |
||
1488 | pcb->eap.es_client.ea_skey = NULL; |
||
1489 | if (tc == NULL) { |
||
1490 | int rhostnamelen; |
||
1491 | |||
1492 | GETCHAR(vallen, inp); |
||
1493 | len--; |
||
1494 | if (vallen >= len) { |
||
1495 | ppp_error("EAP: badly-formed SRP Challenge" |
||
1496 | " (name)"); |
||
1497 | /* Ignore badly-formed messages */ |
||
1498 | return; |
||
1499 | } |
||
1500 | MEMCPY(rhostname, inp, vallen); |
||
1501 | rhostname[vallen] = '\0'; |
||
1502 | INCPTR(vallen, inp); |
||
1503 | len -= vallen; |
||
1504 | |||
1505 | /* |
||
1506 | * In case the remote doesn't give us his name, |
||
1507 | * use configured name. |
||
1508 | */ |
||
1509 | if (explicit_remote || |
||
1510 | (remote_name[0] != '\0' && vallen == 0)) { |
||
1511 | strlcpy(rhostname, remote_name, |
||
1512 | sizeof (rhostname)); |
||
1513 | } |
||
1514 | |||
1515 | rhostnamelen = (int)strlen(rhostname); |
||
1516 | if (rhostnamelen > MAXNAMELEN) { |
||
1517 | rhostnamelen = MAXNAMELEN; |
||
1518 | } |
||
1519 | MEMCPY(pcb->eap.es_client.ea_peer, rhostname, rhostnamelen); |
||
1520 | pcb->eap.es_client.ea_peer[rhostnamelen] = '\0'; |
||
1521 | pcb->eap.es_client.ea_peerlen = rhostnamelen; |
||
1522 | |||
1523 | GETCHAR(vallen, inp); |
||
1524 | len--; |
||
1525 | if (vallen >= len) { |
||
1526 | ppp_error("EAP: badly-formed SRP Challenge" |
||
1527 | " (s)"); |
||
1528 | /* Ignore badly-formed messages */ |
||
1529 | return; |
||
1530 | } |
||
1531 | sval.data = inp; |
||
1532 | sval.len = vallen; |
||
1533 | INCPTR(vallen, inp); |
||
1534 | len -= vallen; |
||
1535 | |||
1536 | GETCHAR(vallen, inp); |
||
1537 | len--; |
||
1538 | if (vallen > len) { |
||
1539 | ppp_error("EAP: badly-formed SRP Challenge" |
||
1540 | " (g)"); |
||
1541 | /* Ignore badly-formed messages */ |
||
1542 | return; |
||
1543 | } |
||
1544 | /* If no generator present, then use value 2 */ |
||
1545 | if (vallen == 0) { |
||
1546 | gval.data = (u_char *)"\002"; |
||
1547 | gval.len = 1; |
||
1548 | } else { |
||
1549 | gval.data = inp; |
||
1550 | gval.len = vallen; |
||
1551 | } |
||
1552 | INCPTR(vallen, inp); |
||
1553 | len -= vallen; |
||
1554 | |||
1555 | /* |
||
1556 | * If no modulus present, then use well-known |
||
1557 | * value. |
||
1558 | */ |
||
1559 | if (len == 0) { |
||
1560 | Nval.data = (u_char *)wkmodulus; |
||
1561 | Nval.len = sizeof (wkmodulus); |
||
1562 | } else { |
||
1563 | Nval.data = inp; |
||
1564 | Nval.len = len; |
||
1565 | } |
||
1566 | tc = t_clientopen(pcb->eap.es_client.ea_name, |
||
1567 | &Nval, &gval, &sval); |
||
1568 | if (tc == NULL) { |
||
1569 | eap_send_nak(pcb, id, EAPT_MD5CHAP); |
||
1570 | break; |
||
1571 | } |
||
1572 | pcb->eap.es_client.ea_session = (void *)tc; |
||
1573 | |||
1574 | /* Add Challenge ID & type to verifier */ |
||
1575 | vals[0] = id; |
||
1576 | vals[1] = EAPT_SRP; |
||
1577 | t_clientaddexdata(tc, vals, 2); |
||
1578 | } |
||
1579 | Ap = t_clientgenexp(tc); |
||
1580 | eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data, |
||
1581 | Ap->len); |
||
1582 | break; |
||
1583 | |||
1584 | case EAPSRP_SKEY: |
||
1585 | tc = (struct t_client *)pcb->eap.es_client.ea_session; |
||
1586 | if (tc == NULL) { |
||
1587 | ppp_warn("EAP: peer sent Subtype 2 without 1"); |
||
1588 | eap_send_nak(pcb, id, EAPT_MD5CHAP); |
||
1589 | break; |
||
1590 | } |
||
1591 | if (pcb->eap.es_client.ea_skey != NULL) { |
||
1592 | /* |
||
1593 | * ID number should not change here. Warn |
||
1594 | * if it does (but otherwise ignore). |
||
1595 | */ |
||
1596 | if (id != pcb->eap.es_client.ea_id) { |
||
1597 | ppp_warn("EAP: ID changed from %d to %d " |
||
1598 | "in SRP Subtype 2 rexmit", |
||
1599 | pcb->eap.es_client.ea_id, id); |
||
1600 | } |
||
1601 | } else { |
||
1602 | if (get_srp_secret(pcb->eap.es_unit, |
||
1603 | pcb->eap.es_client.ea_name, |
||
1604 | pcb->eap.es_client.ea_peer, secret, 0) == 0) { |
||
1605 | /* |
||
1606 | * Can't work with this peer because |
||
1607 | * the secret is missing. Just give |
||
1608 | * up. |
||
1609 | */ |
||
1610 | eap_send_nak(pcb, id, EAPT_MD5CHAP); |
||
1611 | break; |
||
1612 | } |
||
1613 | Bval.data = inp; |
||
1614 | Bval.len = len; |
||
1615 | t_clientpasswd(tc, secret); |
||
1616 | BZERO(secret, sizeof (secret)); |
||
1617 | pcb->eap.es_client.ea_skey = |
||
1618 | t_clientgetkey(tc, &Bval); |
||
1619 | if (pcb->eap.es_client.ea_skey == NULL) { |
||
1620 | /* Server is rogue; stop now */ |
||
1621 | ppp_error("EAP: SRP server is rogue"); |
||
1622 | goto client_failure; |
||
1623 | } |
||
1624 | } |
||
1625 | eap_srpval_response(esp, id, SRPVAL_EBIT, |
||
1626 | t_clientresponse(tc)); |
||
1627 | break; |
||
1628 | |||
1629 | case EAPSRP_SVALIDATOR: |
||
1630 | tc = (struct t_client *)pcb->eap.es_client.ea_session; |
||
1631 | if (tc == NULL || pcb->eap.es_client.ea_skey == NULL) { |
||
1632 | ppp_warn("EAP: peer sent Subtype 3 without 1/2"); |
||
1633 | eap_send_nak(pcb, id, EAPT_MD5CHAP); |
||
1634 | break; |
||
1635 | } |
||
1636 | /* |
||
1637 | * If we're already open, then this ought to be a |
||
1638 | * duplicate. Otherwise, check that the server is |
||
1639 | * who we think it is. |
||
1640 | */ |
||
1641 | if (pcb->eap.es_client.ea_state == eapOpen) { |
||
1642 | if (id != pcb->eap.es_client.ea_id) { |
||
1643 | ppp_warn("EAP: ID changed from %d to %d " |
||
1644 | "in SRP Subtype 3 rexmit", |
||
1645 | pcb->eap.es_client.ea_id, id); |
||
1646 | } |
||
1647 | } else { |
||
1648 | len -= sizeof (u32_t) + SHA_DIGESTSIZE; |
||
1649 | if (len < 0 || t_clientverify(tc, inp + |
||
1650 | sizeof (u32_t)) != 0) { |
||
1651 | ppp_error("EAP: SRP server verification " |
||
1652 | "failed"); |
||
1653 | goto client_failure; |
||
1654 | } |
||
1655 | GETLONG(pcb->eap.es_client.ea_keyflags, inp); |
||
1656 | /* Save pseudonym if user wants it. */ |
||
1657 | if (len > 0 && pcb->eap.es_usepseudo) { |
||
1658 | INCPTR(SHA_DIGESTSIZE, inp); |
||
1659 | write_pseudonym(esp, inp, len, id); |
||
1660 | } |
||
1661 | } |
||
1662 | /* |
||
1663 | * We've verified our peer. We're now mostly done, |
||
1664 | * except for waiting on the regular EAP Success |
||
1665 | * message. |
||
1666 | */ |
||
1667 | eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0); |
||
1668 | break; |
||
1669 | |||
1670 | case EAPSRP_LWRECHALLENGE: |
||
1671 | if (len < 4) { |
||
1672 | ppp_warn("EAP: malformed Lightweight rechallenge"); |
||
1673 | return; |
||
1674 | } |
||
1675 | SHA1Init(&ctxt); |
||
1676 | vals[0] = id; |
||
1677 | SHA1Update(&ctxt, vals, 1); |
||
1678 | SHA1Update(&ctxt, pcb->eap.es_client.ea_skey, |
||
1679 | SESSION_KEY_LEN); |
||
1680 | SHA1Update(&ctxt, inp, len); |
||
1681 | SHA1Update(&ctxt, pcb->eap.es_client.ea_name, |
||
1682 | pcb->eap.es_client.ea_namelen); |
||
1683 | SHA1Final(dig, &ctxt); |
||
1684 | eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, |
||
1685 | SHA_DIGESTSIZE); |
||
1686 | break; |
||
1687 | |||
1688 | default: |
||
1689 | ppp_error("EAP: unknown SRP Subtype %d", vallen); |
||
1690 | eap_send_nak(pcb, id, EAPT_MD5CHAP); |
||
1691 | break; |
||
1692 | } |
||
1693 | break; |
||
1694 | #endif /* USE_SRP */ |
||
1695 | |||
1696 | default: |
||
1697 | ppp_info("EAP: unknown authentication type %d; Naking", typenum); |
||
1698 | eap_send_nak(pcb, id, EAPT_SRP); |
||
1699 | break; |
||
1700 | } |
||
1701 | |||
1702 | if (pcb->settings.eap_req_time > 0) { |
||
1703 | UNTIMEOUT(eap_client_timeout, pcb); |
||
1704 | TIMEOUT(eap_client_timeout, pcb, |
||
1705 | pcb->settings.eap_req_time); |
||
1706 | } |
||
1707 | return; |
||
1708 | |||
1709 | #ifdef USE_SRP |
||
1710 | client_failure: |
||
1711 | pcb->eap.es_client.ea_state = eapBadAuth; |
||
1712 | if (pcb->settings.eap_req_time > 0) { |
||
1713 | UNTIMEOUT(eap_client_timeout, (void *)esp); |
||
1714 | } |
||
1715 | pcb->eap.es_client.ea_session = NULL; |
||
1716 | t_clientclose(tc); |
||
1717 | auth_withpeer_fail(pcb, PPP_EAP); |
||
1718 | #endif /* USE_SRP */ |
||
1719 | } |
||
1720 | |||
1721 | #if PPP_SERVER |
||
1722 | /* |
||
1723 | * eap_response - Receive EAP Response message (server mode). |
||
1724 | */ |
||
1725 | static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) { |
||
1726 | u_char typenum; |
||
1727 | u_char vallen; |
||
1728 | int secret_len; |
||
1729 | char secret[MAXSECRETLEN]; |
||
1730 | char rhostname[MAXNAMELEN]; |
||
1731 | lwip_md5_context mdContext; |
||
1732 | u_char hash[MD5_SIGNATURE_SIZE]; |
||
1733 | #ifdef USE_SRP |
||
1734 | struct t_server *ts; |
||
1735 | struct t_num A; |
||
1736 | SHA1_CTX ctxt; |
||
1737 | u_char dig[SHA_DIGESTSIZE]; |
||
1738 | #endif /* USE_SRP */ |
||
1739 | |||
1740 | if (pcb->eap.es_server.ea_id != id) { |
||
1741 | ppp_dbglog("EAP: discarding Response %d; expected ID %d", id, |
||
1742 | pcb->eap.es_server.ea_id); |
||
1743 | return; |
||
1744 | } |
||
1745 | |||
1746 | pcb->eap.es_server.ea_responses++; |
||
1747 | |||
1748 | if (len <= 0) { |
||
1749 | ppp_error("EAP: empty Response message discarded"); |
||
1750 | return; |
||
1751 | } |
||
1752 | |||
1753 | GETCHAR(typenum, inp); |
||
1754 | len--; |
||
1755 | |||
1756 | switch (typenum) { |
||
1757 | case EAPT_IDENTITY: |
||
1758 | if (pcb->eap.es_server.ea_state != eapIdentify) { |
||
1759 | ppp_dbglog("EAP discarding unwanted Identify \"%.q\"", len, |
||
1760 | inp); |
||
1761 | break; |
||
1762 | } |
||
1763 | ppp_info("EAP: unauthenticated peer name \"%.*q\"", len, inp); |
||
1764 | if (len > MAXNAMELEN) { |
||
1765 | len = MAXNAMELEN; |
||
1766 | } |
||
1767 | MEMCPY(pcb->eap.es_server.ea_peer, inp, len); |
||
1768 | pcb->eap.es_server.ea_peer[len] = '\0'; |
||
1769 | pcb->eap.es_server.ea_peerlen = len; |
||
1770 | eap_figure_next_state(pcb, 0); |
||
1771 | break; |
||
1772 | |||
1773 | case EAPT_NOTIFICATION: |
||
1774 | ppp_dbglog("EAP unexpected Notification; response discarded"); |
||
1775 | break; |
||
1776 | |||
1777 | case EAPT_NAK: |
||
1778 | if (len < 1) { |
||
1779 | ppp_info("EAP: Nak Response with no suggested protocol"); |
||
1780 | eap_figure_next_state(pcb, 1); |
||
1781 | break; |
||
1782 | } |
||
1783 | |||
1784 | GETCHAR(vallen, inp); |
||
1785 | len--; |
||
1786 | |||
1787 | if ( |
||
1788 | #if PPP_REMOTENAME |
||
1789 | !pcb->explicit_remote && |
||
1790 | #endif /* PPP_REMOTENAME */ |
||
1791 | pcb->eap.es_server.ea_state == eapIdentify){ |
||
1792 | /* Peer cannot Nak Identify Request */ |
||
1793 | eap_figure_next_state(pcb, 1); |
||
1794 | break; |
||
1795 | } |
||
1796 | |||
1797 | switch (vallen) { |
||
1798 | case EAPT_SRP: |
||
1799 | /* Run through SRP validator selection again. */ |
||
1800 | pcb->eap.es_server.ea_state = eapIdentify; |
||
1801 | eap_figure_next_state(pcb, 0); |
||
1802 | break; |
||
1803 | |||
1804 | case EAPT_MD5CHAP: |
||
1805 | pcb->eap.es_server.ea_state = eapMD5Chall; |
||
1806 | break; |
||
1807 | |||
1808 | default: |
||
1809 | ppp_dbglog("EAP: peer requesting unknown Type %d", vallen); |
||
1810 | switch (pcb->eap.es_server.ea_state) { |
||
1811 | case eapSRP1: |
||
1812 | case eapSRP2: |
||
1813 | case eapSRP3: |
||
1814 | pcb->eap.es_server.ea_state = eapMD5Chall; |
||
1815 | break; |
||
1816 | case eapMD5Chall: |
||
1817 | case eapSRP4: |
||
1818 | pcb->eap.es_server.ea_state = eapIdentify; |
||
1819 | eap_figure_next_state(pcb, 0); |
||
1820 | break; |
||
1821 | default: |
||
1822 | break; |
||
1823 | } |
||
1824 | break; |
||
1825 | } |
||
1826 | break; |
||
1827 | |||
1828 | case EAPT_MD5CHAP: |
||
1829 | if (pcb->eap.es_server.ea_state != eapMD5Chall) { |
||
1830 | ppp_error("EAP: unexpected MD5-Response"); |
||
1831 | eap_figure_next_state(pcb, 1); |
||
1832 | break; |
||
1833 | } |
||
1834 | if (len < 1) { |
||
1835 | ppp_error("EAP: received MD5-Response with no data"); |
||
1836 | eap_figure_next_state(pcb, 1); |
||
1837 | break; |
||
1838 | } |
||
1839 | GETCHAR(vallen, inp); |
||
1840 | len--; |
||
1841 | if (vallen != 16 || vallen > len) { |
||
1842 | ppp_error("EAP: MD5-Response with bad length %d", vallen); |
||
1843 | eap_figure_next_state(pcb, 1); |
||
1844 | break; |
||
1845 | } |
||
1846 | |||
1847 | /* Not so likely to happen. */ |
||
1848 | if (vallen >= len + sizeof (rhostname)) { |
||
1849 | ppp_dbglog("EAP: trimming really long peer name down"); |
||
1850 | MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1); |
||
1851 | rhostname[sizeof (rhostname) - 1] = '\0'; |
||
1852 | } else { |
||
1853 | MEMCPY(rhostname, inp + vallen, len - vallen); |
||
1854 | rhostname[len - vallen] = '\0'; |
||
1855 | } |
||
1856 | |||
1857 | #if PPP_REMOTENAME |
||
1858 | /* In case the remote doesn't give us his name. */ |
||
1859 | if (explicit_remote || |
||
1860 | (remote_name[0] != '\0' && vallen == len)) |
||
1861 | strlcpy(rhostname, remote_name, sizeof (rhostname)); |
||
1862 | #endif /* PPP_REMOTENAME */ |
||
1863 | |||
1864 | /* |
||
1865 | * Get the secret for authenticating the specified |
||
1866 | * host. |
||
1867 | */ |
||
1868 | if (!get_secret(pcb, rhostname, |
||
1869 | pcb->eap.es_server.ea_name, secret, &secret_len, 1)) { |
||
1870 | ppp_dbglog("EAP: no MD5 secret for auth of %q", rhostname); |
||
1871 | eap_send_failure(pcb); |
||
1872 | break; |
||
1873 | } |
||
1874 | lwip_md5_init(&mdContext); |
||
1875 | lwip_md5_starts(&mdContext); |
||
1876 | lwip_md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1); |
||
1877 | lwip_md5_update(&mdContext, (u_char *)secret, secret_len); |
||
1878 | BZERO(secret, sizeof (secret)); |
||
1879 | lwip_md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen); |
||
1880 | lwip_md5_finish(&mdContext, hash); |
||
1881 | lwip_md5_free(&mdContext); |
||
1882 | if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { |
||
1883 | eap_send_failure(pcb); |
||
1884 | break; |
||
1885 | } |
||
1886 | pcb->eap.es_server.ea_type = EAPT_MD5CHAP; |
||
1887 | eap_send_success(pcb); |
||
1888 | eap_figure_next_state(pcb, 0); |
||
1889 | if (pcb->eap.es_rechallenge != 0) |
||
1890 | TIMEOUT(eap_rechallenge, pcb, pcb->eap.es_rechallenge); |
||
1891 | break; |
||
1892 | |||
1893 | #ifdef USE_SRP |
||
1894 | case EAPT_SRP: |
||
1895 | if (len < 1) { |
||
1896 | ppp_error("EAP: empty SRP Response"); |
||
1897 | eap_figure_next_state(pcb, 1); |
||
1898 | break; |
||
1899 | } |
||
1900 | GETCHAR(typenum, inp); |
||
1901 | len--; |
||
1902 | switch (typenum) { |
||
1903 | case EAPSRP_CKEY: |
||
1904 | if (pcb->eap.es_server.ea_state != eapSRP1) { |
||
1905 | ppp_error("EAP: unexpected SRP Subtype 1 Response"); |
||
1906 | eap_figure_next_state(pcb, 1); |
||
1907 | break; |
||
1908 | } |
||
1909 | A.data = inp; |
||
1910 | A.len = len; |
||
1911 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
1912 | assert(ts != NULL); |
||
1913 | pcb->eap.es_server.ea_skey = t_servergetkey(ts, &A); |
||
1914 | if (pcb->eap.es_server.ea_skey == NULL) { |
||
1915 | /* Client's A value is bogus; terminate now */ |
||
1916 | ppp_error("EAP: bogus A value from client"); |
||
1917 | eap_send_failure(pcb); |
||
1918 | } else { |
||
1919 | eap_figure_next_state(pcb, 0); |
||
1920 | } |
||
1921 | break; |
||
1922 | |||
1923 | case EAPSRP_CVALIDATOR: |
||
1924 | if (pcb->eap.es_server.ea_state != eapSRP2) { |
||
1925 | ppp_error("EAP: unexpected SRP Subtype 2 Response"); |
||
1926 | eap_figure_next_state(pcb, 1); |
||
1927 | break; |
||
1928 | } |
||
1929 | if (len < sizeof (u32_t) + SHA_DIGESTSIZE) { |
||
1930 | ppp_error("EAP: M1 length %d < %d", len, |
||
1931 | sizeof (u32_t) + SHA_DIGESTSIZE); |
||
1932 | eap_figure_next_state(pcb, 1); |
||
1933 | break; |
||
1934 | } |
||
1935 | GETLONG(pcb->eap.es_server.ea_keyflags, inp); |
||
1936 | ts = (struct t_server *)pcb->eap.es_server.ea_session; |
||
1937 | assert(ts != NULL); |
||
1938 | if (t_serververify(ts, inp)) { |
||
1939 | ppp_info("EAP: unable to validate client identity"); |
||
1940 | eap_send_failure(pcb); |
||
1941 | break; |
||
1942 | } |
||
1943 | eap_figure_next_state(pcb, 0); |
||
1944 | break; |
||
1945 | |||
1946 | case EAPSRP_ACK: |
||
1947 | if (pcb->eap.es_server.ea_state != eapSRP3) { |
||
1948 | ppp_error("EAP: unexpected SRP Subtype 3 Response"); |
||
1949 | eap_send_failure(esp); |
||
1950 | break; |
||
1951 | } |
||
1952 | pcb->eap.es_server.ea_type = EAPT_SRP; |
||
1953 | eap_send_success(pcb, esp); |
||
1954 | eap_figure_next_state(pcb, 0); |
||
1955 | if (pcb->eap.es_rechallenge != 0) |
||
1956 | TIMEOUT(eap_rechallenge, pcb, |
||
1957 | pcb->eap.es_rechallenge); |
||
1958 | if (pcb->eap.es_lwrechallenge != 0) |
||
1959 | TIMEOUT(srp_lwrechallenge, pcb, |
||
1960 | pcb->eap.es_lwrechallenge); |
||
1961 | break; |
||
1962 | |||
1963 | case EAPSRP_LWRECHALLENGE: |
||
1964 | if (pcb->eap.es_server.ea_state != eapSRP4) { |
||
1965 | ppp_info("EAP: unexpected SRP Subtype 4 Response"); |
||
1966 | return; |
||
1967 | } |
||
1968 | if (len != SHA_DIGESTSIZE) { |
||
1969 | ppp_error("EAP: bad Lightweight rechallenge " |
||
1970 | "response"); |
||
1971 | return; |
||
1972 | } |
||
1973 | SHA1Init(&ctxt); |
||
1974 | vallen = id; |
||
1975 | SHA1Update(&ctxt, &vallen, 1); |
||
1976 | SHA1Update(&ctxt, pcb->eap.es_server.ea_skey, |
||
1977 | SESSION_KEY_LEN); |
||
1978 | SHA1Update(&ctxt, pcb->eap.es_challenge, pcb->eap.es_challen); |
||
1979 | SHA1Update(&ctxt, pcb->eap.es_server.ea_peer, |
||
1980 | pcb->eap.es_server.ea_peerlen); |
||
1981 | SHA1Final(dig, &ctxt); |
||
1982 | if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) { |
||
1983 | ppp_error("EAP: failed Lightweight rechallenge"); |
||
1984 | eap_send_failure(pcb); |
||
1985 | break; |
||
1986 | } |
||
1987 | pcb->eap.es_server.ea_state = eapOpen; |
||
1988 | if (pcb->eap.es_lwrechallenge != 0) |
||
1989 | TIMEOUT(srp_lwrechallenge, esp, |
||
1990 | pcb->eap.es_lwrechallenge); |
||
1991 | break; |
||
1992 | } |
||
1993 | break; |
||
1994 | #endif /* USE_SRP */ |
||
1995 | |||
1996 | default: |
||
1997 | /* This can't happen. */ |
||
1998 | ppp_error("EAP: unknown Response type %d; ignored", typenum); |
||
1999 | return; |
||
2000 | } |
||
2001 | |||
2002 | if (pcb->settings.eap_timeout_time > 0) { |
||
2003 | UNTIMEOUT(eap_server_timeout, pcb); |
||
2004 | } |
||
2005 | |||
2006 | if (pcb->eap.es_server.ea_state != eapBadAuth && |
||
2007 | pcb->eap.es_server.ea_state != eapOpen) { |
||
2008 | pcb->eap.es_server.ea_id++; |
||
2009 | eap_send_request(pcb); |
||
2010 | } |
||
2011 | } |
||
2012 | #endif /* PPP_SERVER */ |
||
2013 | |||
2014 | /* |
||
2015 | * eap_success - Receive EAP Success message (client mode). |
||
2016 | */ |
||
2017 | static void eap_success(ppp_pcb *pcb, u_char *inp, int id, int len) { |
||
2018 | LWIP_UNUSED_ARG(id); |
||
2019 | |||
2020 | if (pcb->eap.es_client.ea_state != eapOpen && !eap_client_active(pcb)) { |
||
2021 | ppp_dbglog("EAP unexpected success message in state %s (%d)", |
||
2022 | eap_state_name(pcb->eap.es_client.ea_state), |
||
2023 | pcb->eap.es_client.ea_state); |
||
2024 | return; |
||
2025 | } |
||
2026 | |||
2027 | if (pcb->settings.eap_req_time > 0) { |
||
2028 | UNTIMEOUT(eap_client_timeout, pcb); |
||
2029 | } |
||
2030 | |||
2031 | if (len > 0) { |
||
2032 | /* This is odd. The spec doesn't allow for this. */ |
||
2033 | PRINTMSG(inp, len); |
||
2034 | } |
||
2035 | |||
2036 | pcb->eap.es_client.ea_state = eapOpen; |
||
2037 | auth_withpeer_success(pcb, PPP_EAP, 0); |
||
2038 | } |
||
2039 | |||
2040 | /* |
||
2041 | * eap_failure - Receive EAP Failure message (client mode). |
||
2042 | */ |
||
2043 | static void eap_failure(ppp_pcb *pcb, u_char *inp, int id, int len) { |
||
2044 | LWIP_UNUSED_ARG(id); |
||
2045 | |||
2046 | if (!eap_client_active(pcb)) { |
||
2047 | ppp_dbglog("EAP unexpected failure message in state %s (%d)", |
||
2048 | eap_state_name(pcb->eap.es_client.ea_state), |
||
2049 | pcb->eap.es_client.ea_state); |
||
2050 | } |
||
2051 | |||
2052 | if (pcb->settings.eap_req_time > 0) { |
||
2053 | UNTIMEOUT(eap_client_timeout, pcb); |
||
2054 | } |
||
2055 | |||
2056 | if (len > 0) { |
||
2057 | /* This is odd. The spec doesn't allow for this. */ |
||
2058 | PRINTMSG(inp, len); |
||
2059 | } |
||
2060 | |||
2061 | pcb->eap.es_client.ea_state = eapBadAuth; |
||
2062 | |||
2063 | ppp_error("EAP: peer reports authentication failure"); |
||
2064 | auth_withpeer_fail(pcb, PPP_EAP); |
||
2065 | } |
||
2066 | |||
2067 | /* |
||
2068 | * eap_input - Handle received EAP message. |
||
2069 | */ |
||
2070 | static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen) { |
||
2071 | u_char code, id; |
||
2072 | int len; |
||
2073 | |||
2074 | /* |
||
2075 | * Parse header (code, id and length). If packet too short, |
||
2076 | * drop it. |
||
2077 | */ |
||
2078 | if (inlen < EAP_HEADERLEN) { |
||
2079 | ppp_error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN); |
||
2080 | return; |
||
2081 | } |
||
2082 | GETCHAR(code, inp); |
||
2083 | GETCHAR(id, inp); |
||
2084 | GETSHORT(len, inp); |
||
2085 | if (len < EAP_HEADERLEN || len > inlen) { |
||
2086 | ppp_error("EAP: packet has illegal length field %d (%d..%d)", len, |
||
2087 | EAP_HEADERLEN, inlen); |
||
2088 | return; |
||
2089 | } |
||
2090 | len -= EAP_HEADERLEN; |
||
2091 | |||
2092 | /* Dispatch based on message code */ |
||
2093 | switch (code) { |
||
2094 | case EAP_REQUEST: |
||
2095 | eap_request(pcb, inp, id, len); |
||
2096 | break; |
||
2097 | |||
2098 | #if PPP_SERVER |
||
2099 | case EAP_RESPONSE: |
||
2100 | eap_response(pcb, inp, id, len); |
||
2101 | break; |
||
2102 | #endif /* PPP_SERVER */ |
||
2103 | |||
2104 | case EAP_SUCCESS: |
||
2105 | eap_success(pcb, inp, id, len); |
||
2106 | break; |
||
2107 | |||
2108 | case EAP_FAILURE: |
||
2109 | eap_failure(pcb, inp, id, len); |
||
2110 | break; |
||
2111 | |||
2112 | default: /* XXX Need code reject */ |
||
2113 | /* Note: it's not legal to send EAP Nak here. */ |
||
2114 | ppp_warn("EAP: unknown code %d received", code); |
||
2115 | break; |
||
2116 | } |
||
2117 | } |
||
2118 | |||
2119 | #if PRINTPKT_SUPPORT |
||
2120 | /* |
||
2121 | * eap_printpkt - print the contents of an EAP packet. |
||
2122 | */ |
||
2123 | static const char* const eap_codenames[] = { |
||
2124 | "Request", "Response", "Success", "Failure" |
||
2125 | }; |
||
2126 | |||
2127 | static const char* const eap_typenames[] = { |
||
2128 | "Identity", "Notification", "Nak", "MD5-Challenge", |
||
2129 | "OTP", "Generic-Token", NULL, NULL, |
||
2130 | "RSA", "DSS", "KEA", "KEA-Validate", |
||
2131 | "TLS", "Defender", "Windows 2000", "Arcot", |
||
2132 | "Cisco", "Nokia", "SRP" |
||
2133 | }; |
||
2134 | |||
2135 | static int eap_printpkt(const u_char *inp, int inlen, void (*printer) (void *, const char *, ...), void *arg) { |
||
2136 | int code, id, len, rtype, vallen; |
||
2137 | const u_char *pstart; |
||
2138 | u32_t uval; |
||
2139 | |||
2140 | if (inlen < EAP_HEADERLEN) |
||
2141 | return (0); |
||
2142 | pstart = inp; |
||
2143 | GETCHAR(code, inp); |
||
2144 | GETCHAR(id, inp); |
||
2145 | GETSHORT(len, inp); |
||
2146 | if (len < EAP_HEADERLEN || len > inlen) |
||
2147 | return (0); |
||
2148 | |||
2149 | if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(eap_codenames)) |
||
2150 | printer(arg, " %s", eap_codenames[code-1]); |
||
2151 | else |
||
2152 | printer(arg, " code=0x%x", code); |
||
2153 | printer(arg, " id=0x%x", id); |
||
2154 | len -= EAP_HEADERLEN; |
||
2155 | switch (code) { |
||
2156 | case EAP_REQUEST: |
||
2157 | if (len < 1) { |
||
2158 | printer(arg, " <missing type>"); |
||
2159 | break; |
||
2160 | } |
||
2161 | GETCHAR(rtype, inp); |
||
2162 | len--; |
||
2163 | if (rtype >= 1 && rtype <= (int)LWIP_ARRAYSIZE(eap_typenames)) |
||
2164 | printer(arg, " %s", eap_typenames[rtype-1]); |
||
2165 | else |
||
2166 | printer(arg, " type=0x%x", rtype); |
||
2167 | switch (rtype) { |
||
2168 | case EAPT_IDENTITY: |
||
2169 | case EAPT_NOTIFICATION: |
||
2170 | if (len > 0) { |
||
2171 | printer(arg, " <Message "); |
||
2172 | ppp_print_string(inp, len, printer, arg); |
||
2173 | printer(arg, ">"); |
||
2174 | INCPTR(len, inp); |
||
2175 | len = 0; |
||
2176 | } else { |
||
2177 | printer(arg, " <No message>"); |
||
2178 | } |
||
2179 | break; |
||
2180 | |||
2181 | case EAPT_MD5CHAP: |
||
2182 | if (len <= 0) |
||
2183 | break; |
||
2184 | GETCHAR(vallen, inp); |
||
2185 | len--; |
||
2186 | if (vallen > len) |
||
2187 | goto truncated; |
||
2188 | printer(arg, " <Value%.*B>", vallen, inp); |
||
2189 | INCPTR(vallen, inp); |
||
2190 | len -= vallen; |
||
2191 | if (len > 0) { |
||
2192 | printer(arg, " <Name "); |
||
2193 | ppp_print_string(inp, len, printer, arg); |
||
2194 | printer(arg, ">"); |
||
2195 | INCPTR(len, inp); |
||
2196 | len = 0; |
||
2197 | } else { |
||
2198 | printer(arg, " <No name>"); |
||
2199 | } |
||
2200 | break; |
||
2201 | |||
2202 | case EAPT_SRP: |
||
2203 | if (len < 3) |
||
2204 | goto truncated; |
||
2205 | GETCHAR(vallen, inp); |
||
2206 | len--; |
||
2207 | printer(arg, "-%d", vallen); |
||
2208 | switch (vallen) { |
||
2209 | case EAPSRP_CHALLENGE: |
||
2210 | GETCHAR(vallen, inp); |
||
2211 | len--; |
||
2212 | if (vallen >= len) |
||
2213 | goto truncated; |
||
2214 | if (vallen > 0) { |
||
2215 | printer(arg, " <Name "); |
||
2216 | ppp_print_string(inp, vallen, printer, |
||
2217 | arg); |
||
2218 | printer(arg, ">"); |
||
2219 | } else { |
||
2220 | printer(arg, " <No name>"); |
||
2221 | } |
||
2222 | INCPTR(vallen, inp); |
||
2223 | len -= vallen; |
||
2224 | GETCHAR(vallen, inp); |
||
2225 | len--; |
||
2226 | if (vallen >= len) |
||
2227 | goto truncated; |
||
2228 | printer(arg, " <s%.*B>", vallen, inp); |
||
2229 | INCPTR(vallen, inp); |
||
2230 | len -= vallen; |
||
2231 | GETCHAR(vallen, inp); |
||
2232 | len--; |
||
2233 | if (vallen > len) |
||
2234 | goto truncated; |
||
2235 | if (vallen == 0) { |
||
2236 | printer(arg, " <Default g=2>"); |
||
2237 | } else { |
||
2238 | printer(arg, " <g%.*B>", vallen, inp); |
||
2239 | } |
||
2240 | INCPTR(vallen, inp); |
||
2241 | len -= vallen; |
||
2242 | if (len == 0) { |
||
2243 | printer(arg, " <Default N>"); |
||
2244 | } else { |
||
2245 | printer(arg, " <N%.*B>", len, inp); |
||
2246 | INCPTR(len, inp); |
||
2247 | len = 0; |
||
2248 | } |
||
2249 | break; |
||
2250 | |||
2251 | case EAPSRP_SKEY: |
||
2252 | printer(arg, " <B%.*B>", len, inp); |
||
2253 | INCPTR(len, inp); |
||
2254 | len = 0; |
||
2255 | break; |
||
2256 | |||
2257 | case EAPSRP_SVALIDATOR: |
||
2258 | if (len < (int)sizeof (u32_t)) |
||
2259 | break; |
||
2260 | GETLONG(uval, inp); |
||
2261 | len -= sizeof (u32_t); |
||
2262 | if (uval & SRPVAL_EBIT) { |
||
2263 | printer(arg, " E"); |
||
2264 | uval &= ~SRPVAL_EBIT; |
||
2265 | } |
||
2266 | if (uval != 0) { |
||
2267 | printer(arg, " f<%X>", uval); |
||
2268 | } |
||
2269 | if ((vallen = len) > SHA_DIGESTSIZE) |
||
2270 | vallen = SHA_DIGESTSIZE; |
||
2271 | printer(arg, " <M2%.*B%s>", len, inp, |
||
2272 | len < SHA_DIGESTSIZE ? "?" : ""); |
||
2273 | INCPTR(vallen, inp); |
||
2274 | len -= vallen; |
||
2275 | if (len > 0) { |
||
2276 | printer(arg, " <PN%.*B>", len, inp); |
||
2277 | INCPTR(len, inp); |
||
2278 | len = 0; |
||
2279 | } |
||
2280 | break; |
||
2281 | |||
2282 | case EAPSRP_LWRECHALLENGE: |
||
2283 | printer(arg, " <Challenge%.*B>", len, inp); |
||
2284 | INCPTR(len, inp); |
||
2285 | len = 0; |
||
2286 | break; |
||
2287 | default: |
||
2288 | break; |
||
2289 | } |
||
2290 | break; |
||
2291 | default: |
||
2292 | break; |
||
2293 | } |
||
2294 | break; |
||
2295 | |||
2296 | case EAP_RESPONSE: |
||
2297 | if (len < 1) |
||
2298 | break; |
||
2299 | GETCHAR(rtype, inp); |
||
2300 | len--; |
||
2301 | if (rtype >= 1 && rtype <= (int)LWIP_ARRAYSIZE(eap_typenames)) |
||
2302 | printer(arg, " %s", eap_typenames[rtype-1]); |
||
2303 | else |
||
2304 | printer(arg, " type=0x%x", rtype); |
||
2305 | switch (rtype) { |
||
2306 | case EAPT_IDENTITY: |
||
2307 | if (len > 0) { |
||
2308 | printer(arg, " <Name "); |
||
2309 | ppp_print_string(inp, len, printer, arg); |
||
2310 | printer(arg, ">"); |
||
2311 | INCPTR(len, inp); |
||
2312 | len = 0; |
||
2313 | } |
||
2314 | break; |
||
2315 | |||
2316 | case EAPT_NAK: |
||
2317 | if (len <= 0) { |
||
2318 | printer(arg, " <missing hint>"); |
||
2319 | break; |
||
2320 | } |
||
2321 | GETCHAR(rtype, inp); |
||
2322 | len--; |
||
2323 | printer(arg, " <Suggested-type %02X", rtype); |
||
2324 | if (rtype >= 1 && rtype < (int)LWIP_ARRAYSIZE(eap_typenames)) |
||
2325 | printer(arg, " (%s)", eap_typenames[rtype-1]); |
||
2326 | printer(arg, ">"); |
||
2327 | break; |
||
2328 | |||
2329 | case EAPT_MD5CHAP: |
||
2330 | if (len <= 0) { |
||
2331 | printer(arg, " <missing length>"); |
||
2332 | break; |
||
2333 | } |
||
2334 | GETCHAR(vallen, inp); |
||
2335 | len--; |
||
2336 | if (vallen > len) |
||
2337 | goto truncated; |
||
2338 | printer(arg, " <Value%.*B>", vallen, inp); |
||
2339 | INCPTR(vallen, inp); |
||
2340 | len -= vallen; |
||
2341 | if (len > 0) { |
||
2342 | printer(arg, " <Name "); |
||
2343 | ppp_print_string(inp, len, printer, arg); |
||
2344 | printer(arg, ">"); |
||
2345 | INCPTR(len, inp); |
||
2346 | len = 0; |
||
2347 | } else { |
||
2348 | printer(arg, " <No name>"); |
||
2349 | } |
||
2350 | break; |
||
2351 | |||
2352 | case EAPT_SRP: |
||
2353 | if (len < 1) |
||
2354 | goto truncated; |
||
2355 | GETCHAR(vallen, inp); |
||
2356 | len--; |
||
2357 | printer(arg, "-%d", vallen); |
||
2358 | switch (vallen) { |
||
2359 | case EAPSRP_CKEY: |
||
2360 | printer(arg, " <A%.*B>", len, inp); |
||
2361 | INCPTR(len, inp); |
||
2362 | len = 0; |
||
2363 | break; |
||
2364 | |||
2365 | case EAPSRP_CVALIDATOR: |
||
2366 | if (len < (int)sizeof (u32_t)) |
||
2367 | break; |
||
2368 | GETLONG(uval, inp); |
||
2369 | len -= sizeof (u32_t); |
||
2370 | if (uval & SRPVAL_EBIT) { |
||
2371 | printer(arg, " E"); |
||
2372 | uval &= ~SRPVAL_EBIT; |
||
2373 | } |
||
2374 | if (uval != 0) { |
||
2375 | printer(arg, " f<%X>", uval); |
||
2376 | } |
||
2377 | printer(arg, " <M1%.*B%s>", len, inp, |
||
2378 | len == SHA_DIGESTSIZE ? "" : "?"); |
||
2379 | INCPTR(len, inp); |
||
2380 | len = 0; |
||
2381 | break; |
||
2382 | |||
2383 | case EAPSRP_ACK: |
||
2384 | break; |
||
2385 | |||
2386 | case EAPSRP_LWRECHALLENGE: |
||
2387 | printer(arg, " <Response%.*B%s>", len, inp, |
||
2388 | len == SHA_DIGESTSIZE ? "" : "?"); |
||
2389 | if ((vallen = len) > SHA_DIGESTSIZE) |
||
2390 | vallen = SHA_DIGESTSIZE; |
||
2391 | INCPTR(vallen, inp); |
||
2392 | len -= vallen; |
||
2393 | break; |
||
2394 | default: |
||
2395 | break; |
||
2396 | } |
||
2397 | break; |
||
2398 | default: |
||
2399 | break; |
||
2400 | } |
||
2401 | break; |
||
2402 | |||
2403 | case EAP_SUCCESS: /* No payload expected for these! */ |
||
2404 | case EAP_FAILURE: |
||
2405 | default: |
||
2406 | break; |
||
2407 | |||
2408 | truncated: |
||
2409 | printer(arg, " <truncated>"); |
||
2410 | break; |
||
2411 | } |
||
2412 | |||
2413 | if (len > 8) |
||
2414 | printer(arg, "%8B...", inp); |
||
2415 | else if (len > 0) |
||
2416 | printer(arg, "%.*B", len, inp); |
||
2417 | INCPTR(len, inp); |
||
2418 | |||
2419 | return (inp - pstart); |
||
2420 | } |
||
2421 | #endif /* PRINTPKT_SUPPORT */ |
||
2422 | |||
2423 | #endif /* PPP_SUPPORT && EAP_SUPPORT */ |