/* * eapsimlib.c based upon draft-haverinen-pppext-eap-sim-11.txt. * * The development of the EAP/SIM support was funded by Internet Foundation * Austria (http://www.nic.at/ipa). * * code common to EAP-SIM clients and to servers. * * Version: $Id$ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * * Copyright 2000-2003,2006 The FreeRADIUS server project * Copyright 2003 Michael Richardson */ /* * EAP-SIM PACKET FORMAT * ------- ------ ------ * * EAP Request and Response Packet Format * --- ------- --- -------- ------ ------ * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Code | Identifier | Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Type | SIM-Type | SIM-Length | value ... | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * * with SIM-Type/SIM-Length/Value... repeating. SIM-Length is in units * of 32 bits, and includes the Sim-Type/Sim-Length fields. * * The SIM-Type's are mapped to PW_EAP_SIM_BASE+Sim-type and * unmapped by these functions. * */ RCSID("$Id$") #include #include "eap_types.h" #include "eap_sim.h" #include /* * given a radius request with many attributes in the EAP-SIM range, build * them all into a single EAP-SIM body. * */ int map_eapsim_basictypes(RADIUS_PACKET *r, eap_packet_t *ep) { VALUE_PAIR *vp; int encoded_size; uint8_t *encodedmsg, *attr; unsigned int id, eapcode; uint8_t *macspace; uint8_t const *append; int appendlen; unsigned char subtype; vp_cursor_t cursor; macspace = NULL; append = NULL; appendlen = 0; /* * encodedmsg is now an EAP-SIM message. * it might be too big for putting into an EAP-Type-SIM * */ subtype = (vp = fr_pair_find_by_num(r->vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY)) ? vp->vp_integer : EAPSIM_START; id = (vp = fr_pair_find_by_num(r->vps, PW_EAP_ID, 0, TAG_ANY)) ? vp->vp_integer : ((int)getpid() & 0xff); eapcode = (vp = fr_pair_find_by_num(r->vps, PW_EAP_CODE, 0, TAG_ANY)) ? vp->vp_integer : PW_EAP_REQUEST; /* * take a walk through the attribute list to see how much space * that we need to encode all of this. */ encoded_size = 0; for (vp = fr_cursor_init(&cursor, &r->vps); vp; vp = fr_cursor_next(&cursor)) { int roundedlen; int vplen; if ((vp->da->attr < PW_EAP_SIM_BASE) || (vp->da->attr >= (PW_EAP_SIM_BASE + 256))) { continue; } vplen = vp->vp_length; /* * the AT_MAC attribute is a bit different, when we get to this * attribute, we pull the contents out, save it for later * processing, set the size to 16 bytes (plus 2 bytes padding). * * At this point, we only care about the size. */ if(vp->da->attr == PW_EAP_SIM_MAC) { vplen = 18; } /* round up to next multiple of 4, after taking in * account the type and length bytes */ roundedlen = (vplen + 2 + 3) & ~3; encoded_size += roundedlen; } if (ep->code != PW_EAP_SUCCESS) { ep->code = eapcode; } ep->id = (id & 0xff); ep->type.num = PW_EAP_SIM; /* * if no attributes were found, do very little. * */ if (encoded_size == 0) { encodedmsg = talloc_array(ep, uint8_t, 3); /* FIX: could be NULL */ encodedmsg[0] = subtype; encodedmsg[1] = 0; encodedmsg[2] = 0; ep->type.length = 3; ep->type.data = encodedmsg; return 1; } /* * figured out the length, so allocate some space for the results. * * Note that we do not bother going through an "EAP" stage, which * is a bit strange compared to the unmap, which expects to see * an EAP-SIM virtual attributes. * * EAP is 1-code, 1-identifier, 2-length, 1-type = 5 overhead. * * SIM code adds a subtype, and 2 bytes of reserved = 3. * */ encoded_size += 3; encodedmsg = talloc_array(ep, uint8_t, encoded_size); if (!encodedmsg) { return 0; } memset(encodedmsg, 0, encoded_size); /* * now walk the attributes again, sticking them in. * * we go three bytes into the encoded message, because there are two * bytes of reserved, and we will fill the "subtype" in later. * */ attr = encodedmsg+3; for (vp = fr_cursor_first(&cursor); vp; vp = fr_cursor_next(&cursor)) { int roundedlen; if(vp->da->attr < PW_EAP_SIM_BASE || vp->da->attr >= PW_EAP_SIM_BASE + 256) { continue; } /* * the AT_MAC attribute is a bit different, when we get to this * attribute, we pull the contents out, save it for later * processing, set the size to 16 bytes (plus 2 bytes padding). * * At this point, we put in zeros, and remember where the * sixteen bytes go. */ if(vp->da->attr == PW_EAP_SIM_MAC) { roundedlen = 20; memset(&attr[2], 0, 18); macspace = &attr[4]; append = vp->vp_octets; appendlen = vp->vp_length; } else { roundedlen = (vp->vp_length + 2 + 3) & ~3; memset(attr, 0, roundedlen); memcpy(&attr[2], vp->vp_strvalue, vp->vp_length); } attr[0] = vp->da->attr - PW_EAP_SIM_BASE; attr[1] = roundedlen >> 2; attr += roundedlen; } encodedmsg[0] = subtype; ep->type.length = encoded_size; ep->type.data = encodedmsg; /* * if macspace was set and we have a key, * then we should calculate the HMAC-SHA1 of the resulting EAP-SIM * packet, appended with the value of append. */ vp = fr_pair_find_by_num(r->vps, PW_EAP_SIM_KEY, 0, TAG_ANY); if(macspace != NULL && vp != NULL) { unsigned char *buffer; eap_packet_raw_t *hdr; uint16_t hmaclen, total_length = 0; unsigned char sha1digest[20]; total_length = EAP_HEADER_LEN + 1 + encoded_size; hmaclen = total_length + appendlen; buffer = talloc_array(r, uint8_t, hmaclen); hdr = (eap_packet_raw_t *) buffer; if (!hdr) { talloc_free(encodedmsg); return 0; } hdr->code = eapcode & 0xFF; hdr->id = (id & 0xFF); total_length = htons(total_length); memcpy(hdr->length, &total_length, sizeof(total_length)); hdr->data[0] = PW_EAP_SIM; /* copy the data */ memcpy(&hdr->data[1], encodedmsg, encoded_size); /* copy the nonce */ memcpy(&hdr->data[encoded_size+1], append, appendlen); /* HMAC it! */ fr_hmac_sha1(sha1digest, buffer, hmaclen, vp->vp_octets, vp->vp_length); /* done with the buffer, free it */ talloc_free(buffer); /* now copy the digest to where it belongs in the AT_MAC */ /* note that it is truncated to 128-bits */ memcpy(macspace, sha1digest, 16); } /* if we had an AT_MAC and no key, then fail */ if ((macspace != NULL) && !vp) { if (encodedmsg != NULL) { talloc_free(encodedmsg); } return 0; } return 1; } /* * given a radius request with an EAP-SIM body, decode it into TLV pairs * * return value is true if it succeeded, false if there was something * wrong and the packet should be discarded. * */ int unmap_eapsim_basictypes(RADIUS_PACKET *r, uint8_t *attr, unsigned int attrlen) { VALUE_PAIR *newvp; int eapsim_attribute; unsigned int eapsim_len; int es_attribute_count; es_attribute_count = 0; /* big enough to have even a single attribute */ if (attrlen < 5) { fr_strerror_printf("EAP-Sim attribute too short: %d < 5", attrlen); return 0; } newvp = fr_pair_afrom_num(r, PW_EAP_SIM_SUBTYPE, 0); if (!newvp) { fr_strerror_printf("Failed creating EAP-SIM-Subtype"); return 0; } newvp->vp_integer = attr[0]; newvp->vp_length = 1; fr_pair_add(&(r->vps), newvp); /* * EAP-SIM has a 1 octet of subtype, and 2 octets * reserved. */ attr += 3; attrlen -= 3; /* * Loop over each attribute. The format is: * * 1 octet of type * 1 octet of length (value 1..255) * ((4 * length) - 2) octets of data. */ while (attrlen > 0) { uint8_t *p; if (attrlen < 2) { fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); return 0; } if (!attr[1]) { fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", attr[0], es_attribute_count); return 0; } eapsim_attribute = attr[0]; eapsim_len = attr[1] * 4; /* * The length includes the 2-byte header. */ if (eapsim_len > attrlen) { fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)", eapsim_attribute, es_attribute_count, eapsim_len, attrlen); return 0; } newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0); if (!newvp) { /* * RFC 4186 Section 8.1 says 0..127 are * "non-skippable". If one such * attribute is found and we don't * understand it, the server has to send: * * EAP-Request/SIM/Notification packet with an * (AT_NOTIFICATION code, which implies general failure ("General * failure after authentication" (0), or "General failure" (16384), * depending on the phase of the exchange), which terminates the * authentication exchange. */ if (eapsim_attribute <= 127) { fr_strerror_printf("Unknown mandatory attribute %d, failing", eapsim_attribute); return 0; } } else { /* * It's known, ccount for header, and * copy the value over. */ newvp->vp_length = eapsim_len - 2; newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); memcpy(p, &attr[2], newvp->vp_length); fr_pair_add(&(r->vps), newvp); } /* advance pointers, decrement length */ attr += eapsim_len; attrlen -= eapsim_len; es_attribute_count++; } return 1; } /* * calculate the MAC for the EAP message, given the key. * The "extra" will be appended to the EAP message and included in the * HMAC. * */ int eapsim_checkmac(TALLOC_CTX *ctx, VALUE_PAIR *rvps, uint8_t key[EAPSIM_AUTH_SIZE], uint8_t *extra, int extralen, uint8_t calcmac[20]) { int ret; eap_packet_raw_t *e; uint8_t *buffer; int elen,len; VALUE_PAIR *mac; mac = fr_pair_find_by_num(rvps, PW_EAP_SIM_MAC, 0, TAG_ANY); if(!mac || mac->vp_length != 18) { /* can't check a packet with no AT_MAC attribute */ return 0; } /* get original copy of EAP message, note that it was sanitized * to have a valid length, which we depend upon. */ e = eap_vp2packet(ctx, rvps); if (!e) return 0; /* make copy big enough for everything */ elen = (e->length[0] * 256) + e->length[1]; len = elen + extralen; buffer = talloc_array(ctx, uint8_t, len); if (!buffer) { talloc_free(e); return 0; } memcpy(buffer, e, elen); memcpy(buffer + elen, extra, extralen); /* * now look for the AT_MAC attribute in the copy of the buffer * and make sure that the checksum is zero. * */ { uint8_t *attr; /* first attribute is 8 bytes into the EAP packet. * 4 bytes for EAP, 1 for type, 1 for subtype, 2 reserved. */ attr = buffer+8; while(attr < (buffer+elen)) { if (attr[0] == (PW_EAP_SIM_MAC - PW_EAP_SIM_BASE)) { /* zero the data portion, after making sure * the size is >=5. Maybe future versions. * will use more bytes, so be liberal. */ if(attr[1] < 5) { ret = 0; goto done; } memset(&attr[4], 0, (attr[1]-1)*4); } /* advance the pointer */ attr += attr[1]*4; } } /* now, HMAC-SHA1 it with the key. */ fr_hmac_sha1(calcmac, buffer, len, key, 16); ret = memcmp(&mac->vp_strvalue[2], calcmac, 16) == 0 ? 1 : 0; done: talloc_free(e); talloc_free(buffer); return(ret); } /* * definitions changed to take a buffer for unknowns * as this is more thread safe. */ static char const *simstates[] = { "init", "start", NULL }; char const *sim_state2name(enum eapsim_clientstates state, char *statenamebuf, int statenamebuflen) { if(state >= EAPSIM_CLIENT_MAXSTATES) { snprintf(statenamebuf, statenamebuflen, "eapstate:%d", state); return statenamebuf; } return simstates[state]; } static char const *subtypes[] = { "subtype0", "subtype1", "subtype2", "subtype3", "subtype4", "subtype5", "subtype6", "subtype7", "subtype8", "subtype9", "start", "challenge", "notification", "reauth", "client-error", NULL }; char const *sim_subtype2name(enum eapsim_subtype subtype, char *subtypenamebuf, int subtypenamebuflen) { if (subtype >= EAPSIM_MAX_SUBTYPE) { snprintf(subtypenamebuf, subtypenamebuflen, "illegal-subtype:%d", subtype); return subtypenamebuf; } return subtypes[subtype]; }