2004-03-25 11:29:53 +08:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
|
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
|
|
|
* distributions including binary code include the above copyright notice and
|
|
|
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
|
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
|
|
|
* features or use of this software display the following acknowledgement:
|
|
|
|
|
* ``This product includes software developed by the University of California,
|
|
|
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
|
|
|
* the University nor the names of its contributors may be used to endorse
|
|
|
|
|
* or promote products derived from this software without specific prior
|
|
|
|
|
* written permission.
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
|
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-08-14 21:42:19 +08:00
|
|
|
/* \summary: Extensible Authentication Protocol (EAP) printer */
|
|
|
|
|
|
2004-03-25 11:29:53 +08:00
|
|
|
#ifdef HAVE_CONFIG_H
|
2018-01-22 04:27:08 +08:00
|
|
|
#include <config.h>
|
2004-03-25 11:29:53 +08:00
|
|
|
#endif
|
|
|
|
|
|
2018-01-20 22:59:49 +08:00
|
|
|
#include "netdissect-stdinc.h"
|
2004-03-25 11:29:53 +08:00
|
|
|
|
2015-09-06 05:35:58 +08:00
|
|
|
#include "netdissect.h"
|
2004-03-25 11:29:53 +08:00
|
|
|
#include "extract.h"
|
|
|
|
|
|
2007-10-04 16:34:28 +08:00
|
|
|
#define EAP_FRAME_TYPE_PACKET 0
|
|
|
|
|
#define EAP_FRAME_TYPE_START 1
|
|
|
|
|
#define EAP_FRAME_TYPE_LOGOFF 2
|
|
|
|
|
#define EAP_FRAME_TYPE_KEY 3
|
|
|
|
|
#define EAP_FRAME_TYPE_ENCAP_ASF_ALERT 4
|
|
|
|
|
|
|
|
|
|
struct eap_frame_t {
|
2017-12-30 13:08:07 +08:00
|
|
|
nd_uint8_t version;
|
|
|
|
|
nd_uint8_t type;
|
|
|
|
|
nd_uint16_t length;
|
2007-10-04 16:34:28 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const struct tok eap_frame_type_values[] = {
|
2023-02-15 18:53:09 +08:00
|
|
|
{ EAP_FRAME_TYPE_PACKET, "EAP packet" },
|
|
|
|
|
{ EAP_FRAME_TYPE_START, "EAPOL start" },
|
|
|
|
|
{ EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" },
|
|
|
|
|
{ EAP_FRAME_TYPE_KEY, "EAPOL key" },
|
|
|
|
|
{ EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" },
|
2007-10-04 16:34:28 +08:00
|
|
|
{ 0, NULL}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* RFC 3748 */
|
2004-03-25 11:29:53 +08:00
|
|
|
struct eap_packet_t {
|
2017-12-30 13:08:07 +08:00
|
|
|
nd_uint8_t code;
|
|
|
|
|
nd_uint8_t id;
|
|
|
|
|
nd_uint16_t length;
|
2004-03-25 11:29:53 +08:00
|
|
|
};
|
|
|
|
|
|
2007-10-04 16:34:28 +08:00
|
|
|
#define EAP_REQUEST 1
|
|
|
|
|
#define EAP_RESPONSE 2
|
|
|
|
|
#define EAP_SUCCESS 3
|
|
|
|
|
#define EAP_FAILURE 4
|
|
|
|
|
|
|
|
|
|
static const struct tok eap_code_values[] = {
|
|
|
|
|
{ EAP_REQUEST, "Request" },
|
|
|
|
|
{ EAP_RESPONSE, "Response" },
|
|
|
|
|
{ EAP_SUCCESS, "Success" },
|
|
|
|
|
{ EAP_FAILURE, "Failure" },
|
|
|
|
|
{ 0, NULL}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define EAP_TYPE_NO_PROPOSED 0
|
|
|
|
|
#define EAP_TYPE_IDENTITY 1
|
|
|
|
|
#define EAP_TYPE_NOTIFICATION 2
|
|
|
|
|
#define EAP_TYPE_NAK 3
|
|
|
|
|
#define EAP_TYPE_MD5_CHALLENGE 4
|
|
|
|
|
#define EAP_TYPE_OTP 5
|
|
|
|
|
#define EAP_TYPE_GTC 6
|
2021-11-14 10:18:47 +08:00
|
|
|
#define EAP_TYPE_TLS 13 /* RFC 5216 */
|
2007-10-05 00:41:33 +08:00
|
|
|
#define EAP_TYPE_SIM 18 /* RFC 4186 */
|
2021-11-14 10:18:47 +08:00
|
|
|
#define EAP_TYPE_TTLS 21 /* RFC 5281, draft-funk-eap-ttls-v0-01.txt */
|
2007-10-05 00:41:33 +08:00
|
|
|
#define EAP_TYPE_AKA 23 /* RFC 4187 */
|
|
|
|
|
#define EAP_TYPE_FAST 43 /* RFC 4851 */
|
2007-10-04 16:34:28 +08:00
|
|
|
#define EAP_TYPE_EXPANDED_TYPES 254
|
|
|
|
|
#define EAP_TYPE_EXPERIMENTAL 255
|
|
|
|
|
|
|
|
|
|
static const struct tok eap_type_values[] = {
|
|
|
|
|
{ EAP_TYPE_NO_PROPOSED, "No proposed" },
|
|
|
|
|
{ EAP_TYPE_IDENTITY, "Identity" },
|
|
|
|
|
{ EAP_TYPE_NOTIFICATION, "Notification" },
|
2023-02-15 18:53:09 +08:00
|
|
|
{ EAP_TYPE_NAK, "Nak" },
|
2007-10-04 16:34:28 +08:00
|
|
|
{ EAP_TYPE_MD5_CHALLENGE, "MD5-challenge" },
|
2023-02-15 18:53:09 +08:00
|
|
|
{ EAP_TYPE_OTP, "OTP" },
|
|
|
|
|
{ EAP_TYPE_GTC, "GTC" },
|
|
|
|
|
{ EAP_TYPE_TLS, "TLS" },
|
|
|
|
|
{ EAP_TYPE_SIM, "SIM" },
|
|
|
|
|
{ EAP_TYPE_TTLS, "TTLS" },
|
|
|
|
|
{ EAP_TYPE_AKA, "AKA" },
|
|
|
|
|
{ EAP_TYPE_FAST, "FAST" },
|
2007-10-04 16:34:28 +08:00
|
|
|
{ EAP_TYPE_EXPANDED_TYPES, "Expanded types" },
|
|
|
|
|
{ EAP_TYPE_EXPERIMENTAL, "Experimental" },
|
|
|
|
|
{ 0, NULL}
|
2014-01-02 10:27:54 +08:00
|
|
|
};
|
2007-10-04 16:34:28 +08:00
|
|
|
|
2023-02-15 18:53:09 +08:00
|
|
|
#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7)
|
2007-10-05 00:41:33 +08:00
|
|
|
|
2021-11-14 10:18:47 +08:00
|
|
|
/* RFC 5216 - EAP TLS bits */
|
2007-10-05 00:41:33 +08:00
|
|
|
#define EAP_TLS_FLAGS_LEN_INCLUDED (1 << 7)
|
|
|
|
|
#define EAP_TLS_FLAGS_MORE_FRAGMENTS (1 << 6)
|
|
|
|
|
#define EAP_TLS_FLAGS_START (1 << 5)
|
|
|
|
|
|
|
|
|
|
static const struct tok eap_tls_flags_values[] = {
|
|
|
|
|
{ EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
|
|
|
|
|
{ EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
|
|
|
|
|
{ EAP_TLS_FLAGS_START, "Start bit"},
|
|
|
|
|
{ 0, NULL}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define EAP_TTLS_VERSION(x) ((x)&0x07)
|
|
|
|
|
|
|
|
|
|
/* EAP-AKA and EAP-SIM - RFC 4187 */
|
|
|
|
|
#define EAP_AKA_CHALLENGE 1
|
|
|
|
|
#define EAP_AKA_AUTH_REJECT 2
|
|
|
|
|
#define EAP_AKA_SYNC_FAILURE 4
|
|
|
|
|
#define EAP_AKA_IDENTITY 5
|
|
|
|
|
#define EAP_SIM_START 10
|
|
|
|
|
#define EAP_SIM_CHALLENGE 11
|
|
|
|
|
#define EAP_AKA_NOTIFICATION 12
|
|
|
|
|
#define EAP_AKA_REAUTH 13
|
|
|
|
|
#define EAP_AKA_CLIENT_ERROR 14
|
|
|
|
|
|
|
|
|
|
static const struct tok eap_aka_subtype_values[] = {
|
|
|
|
|
{ EAP_AKA_CHALLENGE, "Challenge" },
|
|
|
|
|
{ EAP_AKA_AUTH_REJECT, "Auth reject" },
|
|
|
|
|
{ EAP_AKA_SYNC_FAILURE, "Sync failure" },
|
|
|
|
|
{ EAP_AKA_IDENTITY, "Identity" },
|
|
|
|
|
{ EAP_SIM_START, "Start" },
|
|
|
|
|
{ EAP_SIM_CHALLENGE, "Challenge" },
|
|
|
|
|
{ EAP_AKA_NOTIFICATION, "Notification" },
|
|
|
|
|
{ EAP_AKA_REAUTH, "Reauth" },
|
|
|
|
|
{ EAP_AKA_CLIENT_ERROR, "Client error" },
|
|
|
|
|
{ 0, NULL}
|
|
|
|
|
};
|
|
|
|
|
|
2004-03-25 11:29:53 +08:00
|
|
|
/*
|
2007-10-04 16:34:28 +08:00
|
|
|
* Print EAP requests / responses
|
2004-03-25 11:29:53 +08:00
|
|
|
*/
|
|
|
|
|
void
|
2014-04-01 23:42:33 +08:00
|
|
|
eap_print(netdissect_options *ndo,
|
2017-12-14 02:17:47 +08:00
|
|
|
const u_char *cp,
|
2016-08-19 07:58:35 +08:00
|
|
|
u_int length)
|
2004-03-25 11:29:53 +08:00
|
|
|
{
|
2020-07-16 18:13:25 +08:00
|
|
|
u_int type, subtype, len;
|
2021-11-14 10:34:00 +08:00
|
|
|
u_int count;
|
2021-11-14 21:10:40 +08:00
|
|
|
const char *sep;
|
2020-07-16 18:13:25 +08:00
|
|
|
|
2023-04-12 15:52:04 +08:00
|
|
|
ndo->ndo_protocol = "eap";
|
2020-07-16 18:13:25 +08:00
|
|
|
type = GET_U_1(cp);
|
|
|
|
|
len = GET_BE_U_2(cp + 2);
|
2021-11-14 10:50:53 +08:00
|
|
|
if (len != length) {
|
2021-11-14 10:44:57 +08:00
|
|
|
/*
|
|
|
|
|
* Probably a fragment; in some cases the fragmentation might
|
|
|
|
|
* not put an EAP header on every packet, if reassembly can
|
|
|
|
|
* be done without that (e.g., fragmentation to make a message
|
|
|
|
|
* fit in multiple TLVs in a RADIUS packet).
|
|
|
|
|
*/
|
|
|
|
|
ND_PRINT("EAP fragment?");
|
|
|
|
|
return;
|
2020-07-16 18:13:25 +08:00
|
|
|
}
|
|
|
|
|
ND_PRINT("%s (%u), id %u, len %u",
|
|
|
|
|
tok2str(eap_code_values, "unknown", type),
|
|
|
|
|
type,
|
|
|
|
|
GET_U_1((cp + 1)),
|
|
|
|
|
len);
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 4) {
|
|
|
|
|
ND_PRINT(" (too short for EAP header)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-07-16 18:13:25 +08:00
|
|
|
|
|
|
|
|
ND_TCHECK_LEN(cp, len);
|
|
|
|
|
|
|
|
|
|
if (type == EAP_REQUEST || type == EAP_RESPONSE) {
|
|
|
|
|
/* RFC 3748 Section 4.1 */
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 5) {
|
|
|
|
|
ND_PRINT(" (too short for EAP request/response)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-07-16 18:13:25 +08:00
|
|
|
subtype = GET_U_1(cp + 4);
|
|
|
|
|
ND_PRINT("\n\t\t Type %s (%u)",
|
|
|
|
|
tok2str(eap_type_values, "unknown", subtype),
|
|
|
|
|
subtype);
|
|
|
|
|
|
|
|
|
|
switch (subtype) {
|
2007-10-04 16:34:28 +08:00
|
|
|
case EAP_TYPE_IDENTITY:
|
2021-11-14 10:50:02 +08:00
|
|
|
/* According to RFC 3748, the message is optional */
|
2021-11-14 10:50:53 +08:00
|
|
|
if (len > 5) {
|
2018-01-07 18:47:30 +08:00
|
|
|
ND_PRINT(", Identity: ");
|
2020-12-11 03:34:09 +08:00
|
|
|
nd_printjnp(ndo, cp + 5, len - 5);
|
2007-10-04 16:34:28 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_NOTIFICATION:
|
2021-11-14 10:50:02 +08:00
|
|
|
/* According to RFC 3748, there must be at least one octet of message */
|
|
|
|
|
if (len < 6) {
|
|
|
|
|
ND_PRINT(" (too short for EAP Notification request/response)");
|
|
|
|
|
return;
|
2007-10-04 16:34:28 +08:00
|
|
|
}
|
2021-11-14 10:50:02 +08:00
|
|
|
ND_PRINT(", Notification: ");
|
|
|
|
|
nd_printjnp(ndo, cp + 5, len - 5);
|
2007-10-04 16:34:28 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_NAK:
|
|
|
|
|
/*
|
|
|
|
|
* one or more octets indicating
|
|
|
|
|
* the desired authentication
|
|
|
|
|
* type one octet per type
|
|
|
|
|
*/
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 6) {
|
|
|
|
|
ND_PRINT(" (too short for EAP Legacy NAK request/response)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2021-11-14 21:10:40 +08:00
|
|
|
sep = "";
|
2021-11-14 10:34:00 +08:00
|
|
|
for (count = 5; count < len; count++) {
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT("%s %s (%u)", sep,
|
2020-07-16 18:13:25 +08:00
|
|
|
tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
|
|
|
|
|
GET_U_1(cp + count));
|
2021-11-14 21:10:40 +08:00
|
|
|
sep = ",";
|
2007-10-04 16:34:28 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2007-10-05 00:41:33 +08:00
|
|
|
case EAP_TYPE_TTLS:
|
|
|
|
|
case EAP_TYPE_TLS:
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 6) {
|
|
|
|
|
ND_PRINT(" (too short for EAP TLS/TTLS request/response)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-03-17 03:02:20 +08:00
|
|
|
if (subtype == EAP_TYPE_TTLS)
|
2018-01-07 18:47:30 +08:00
|
|
|
ND_PRINT(" TTLSv%u",
|
2020-07-16 18:13:25 +08:00
|
|
|
EAP_TTLS_VERSION(GET_U_1((cp + 5))));
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT(" flags [%s] 0x%02x",
|
2020-07-16 18:13:25 +08:00
|
|
|
bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
|
|
|
|
|
GET_U_1(cp + 5));
|
2007-10-05 00:41:33 +08:00
|
|
|
|
2020-07-16 18:13:25 +08:00
|
|
|
if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 10) {
|
|
|
|
|
ND_PRINT(" (too short for EAP TLS/TTLS request/response with length)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
|
2007-10-05 00:41:33 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_FAST:
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 6) {
|
|
|
|
|
ND_PRINT(" (too short for EAP FAST request/response)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-01-07 18:47:30 +08:00
|
|
|
ND_PRINT(" FASTv%u",
|
2020-07-16 18:13:25 +08:00
|
|
|
EAP_TTLS_VERSION(GET_U_1((cp + 5))));
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT(" flags [%s] 0x%02x",
|
2020-07-16 18:13:25 +08:00
|
|
|
bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
|
|
|
|
|
GET_U_1(cp + 5));
|
2007-10-05 00:41:33 +08:00
|
|
|
|
2020-07-16 18:13:25 +08:00
|
|
|
if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 10) {
|
|
|
|
|
ND_PRINT(" (too short for EAP FAST request/response with length)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
|
2007-10-05 00:41:33 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* FIXME - TLV attributes follow */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_AKA:
|
|
|
|
|
case EAP_TYPE_SIM:
|
2021-11-14 10:50:02 +08:00
|
|
|
if (len < 6) {
|
|
|
|
|
ND_PRINT(" (too short for EAP SIM/AKA request/response)");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2021-11-14 21:10:40 +08:00
|
|
|
ND_PRINT(" subtype [%s] 0x%02x",
|
2020-07-16 18:13:25 +08:00
|
|
|
tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
|
|
|
|
|
GET_U_1(cp + 5));
|
2007-10-05 00:41:33 +08:00
|
|
|
|
|
|
|
|
/* FIXME - TLV attributes follow */
|
|
|
|
|
break;
|
|
|
|
|
|
2014-01-02 10:27:54 +08:00
|
|
|
case EAP_TYPE_MD5_CHALLENGE:
|
2007-10-04 16:34:28 +08:00
|
|
|
case EAP_TYPE_OTP:
|
|
|
|
|
case EAP_TYPE_GTC:
|
|
|
|
|
case EAP_TYPE_EXPANDED_TYPES:
|
|
|
|
|
case EAP_TYPE_EXPERIMENTAL:
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-07-16 18:13:25 +08:00
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
trunc:
|
|
|
|
|
nd_print_trunc(ndo);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
eapol_print(netdissect_options *ndo,
|
|
|
|
|
const u_char *cp)
|
|
|
|
|
{
|
|
|
|
|
const struct eap_frame_t *eap;
|
|
|
|
|
u_int eap_type, eap_len;
|
2007-10-04 16:34:28 +08:00
|
|
|
|
2020-07-16 18:13:25 +08:00
|
|
|
ndo->ndo_protocol = "eap";
|
|
|
|
|
eap = (const struct eap_frame_t *)cp;
|
|
|
|
|
ND_TCHECK_SIZE(eap);
|
|
|
|
|
eap_type = GET_U_1(eap->type);
|
|
|
|
|
|
|
|
|
|
ND_PRINT("%s (%u) v%u, len %u",
|
|
|
|
|
tok2str(eap_frame_type_values, "unknown", eap_type),
|
|
|
|
|
eap_type,
|
|
|
|
|
GET_U_1(eap->version),
|
|
|
|
|
GET_BE_U_2(eap->length));
|
|
|
|
|
if (ndo->ndo_vflag < 1)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
cp += sizeof(struct eap_frame_t);
|
|
|
|
|
eap_len = GET_BE_U_2(eap->length);
|
|
|
|
|
|
|
|
|
|
switch (eap_type) {
|
|
|
|
|
case EAP_FRAME_TYPE_PACKET:
|
|
|
|
|
if (eap_len == 0)
|
|
|
|
|
goto trunc;
|
|
|
|
|
ND_PRINT(", ");
|
|
|
|
|
eap_print(ndo, cp, eap_len);
|
|
|
|
|
return;
|
2007-10-04 16:34:28 +08:00
|
|
|
case EAP_FRAME_TYPE_LOGOFF:
|
|
|
|
|
case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
trunc:
|
2018-05-06 16:33:07 +08:00
|
|
|
nd_print_trunc(ndo);
|
2004-03-25 11:29:53 +08:00
|
|
|
}
|
