summaryrefslogtreecommitdiffstats
path: root/print-eap.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--print-eap.c341
1 files changed, 341 insertions, 0 deletions
diff --git a/print-eap.c b/print-eap.c
new file mode 100644
index 0000000..78439b7
--- /dev/null
+++ b/print-eap.c
@@ -0,0 +1,341 @@
+/*
+ * Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* \summary: Extensible Authentication Protocol (EAP) printer */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "netdissect-stdinc.h"
+
+#include "netdissect.h"
+#include "extract.h"
+
+#define EAP_FRAME_TYPE_PACKET 0
+#define EAP_FRAME_TYPE_START 1
+#define EAP_FRAME_TYPE_LOGOFF 2
+#define EAP_FRAME_TYPE_KEY 3
+#define EAP_FRAME_TYPE_ENCAP_ASF_ALERT 4
+
+struct eap_frame_t {
+ nd_uint8_t version;
+ nd_uint8_t type;
+ nd_uint16_t length;
+};
+
+static const struct tok eap_frame_type_values[] = {
+ { EAP_FRAME_TYPE_PACKET, "EAP packet" },
+ { EAP_FRAME_TYPE_START, "EAPOL start" },
+ { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" },
+ { EAP_FRAME_TYPE_KEY, "EAPOL key" },
+ { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" },
+ { 0, NULL}
+};
+
+/* RFC 3748 */
+struct eap_packet_t {
+ nd_uint8_t code;
+ nd_uint8_t id;
+ nd_uint16_t length;
+};
+
+#define EAP_REQUEST 1
+#define EAP_RESPONSE 2
+#define EAP_SUCCESS 3
+#define EAP_FAILURE 4
+
+static const struct tok eap_code_values[] = {
+ { EAP_REQUEST, "Request" },
+ { EAP_RESPONSE, "Response" },
+ { EAP_SUCCESS, "Success" },
+ { EAP_FAILURE, "Failure" },
+ { 0, NULL}
+};
+
+#define EAP_TYPE_NO_PROPOSED 0
+#define EAP_TYPE_IDENTITY 1
+#define EAP_TYPE_NOTIFICATION 2
+#define EAP_TYPE_NAK 3
+#define EAP_TYPE_MD5_CHALLENGE 4
+#define EAP_TYPE_OTP 5
+#define EAP_TYPE_GTC 6
+#define EAP_TYPE_TLS 13 /* RFC 5216 */
+#define EAP_TYPE_SIM 18 /* RFC 4186 */
+#define EAP_TYPE_TTLS 21 /* RFC 5281, draft-funk-eap-ttls-v0-01.txt */
+#define EAP_TYPE_AKA 23 /* RFC 4187 */
+#define EAP_TYPE_FAST 43 /* RFC 4851 */
+#define EAP_TYPE_EXPANDED_TYPES 254
+#define EAP_TYPE_EXPERIMENTAL 255
+
+static const struct tok eap_type_values[] = {
+ { EAP_TYPE_NO_PROPOSED, "No proposed" },
+ { EAP_TYPE_IDENTITY, "Identity" },
+ { EAP_TYPE_NOTIFICATION, "Notification" },
+ { EAP_TYPE_NAK, "Nak" },
+ { EAP_TYPE_MD5_CHALLENGE, "MD5-challenge" },
+ { EAP_TYPE_OTP, "OTP" },
+ { EAP_TYPE_GTC, "GTC" },
+ { EAP_TYPE_TLS, "TLS" },
+ { EAP_TYPE_SIM, "SIM" },
+ { EAP_TYPE_TTLS, "TTLS" },
+ { EAP_TYPE_AKA, "AKA" },
+ { EAP_TYPE_FAST, "FAST" },
+ { EAP_TYPE_EXPANDED_TYPES, "Expanded types" },
+ { EAP_TYPE_EXPERIMENTAL, "Experimental" },
+ { 0, NULL}
+};
+
+#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7)
+
+/* RFC 5216 - EAP TLS bits */
+#define EAP_TLS_FLAGS_LEN_INCLUDED (1 << 7)
+#define EAP_TLS_FLAGS_MORE_FRAGMENTS (1 << 6)
+#define EAP_TLS_FLAGS_START (1 << 5)
+
+static const struct tok eap_tls_flags_values[] = {
+ { EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
+ { EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
+ { EAP_TLS_FLAGS_START, "Start bit"},
+ { 0, NULL}
+};
+
+#define EAP_TTLS_VERSION(x) ((x)&0x07)
+
+/* EAP-AKA and EAP-SIM - RFC 4187 */
+#define EAP_AKA_CHALLENGE 1
+#define EAP_AKA_AUTH_REJECT 2
+#define EAP_AKA_SYNC_FAILURE 4
+#define EAP_AKA_IDENTITY 5
+#define EAP_SIM_START 10
+#define EAP_SIM_CHALLENGE 11
+#define EAP_AKA_NOTIFICATION 12
+#define EAP_AKA_REAUTH 13
+#define EAP_AKA_CLIENT_ERROR 14
+
+static const struct tok eap_aka_subtype_values[] = {
+ { EAP_AKA_CHALLENGE, "Challenge" },
+ { EAP_AKA_AUTH_REJECT, "Auth reject" },
+ { EAP_AKA_SYNC_FAILURE, "Sync failure" },
+ { EAP_AKA_IDENTITY, "Identity" },
+ { EAP_SIM_START, "Start" },
+ { EAP_SIM_CHALLENGE, "Challenge" },
+ { EAP_AKA_NOTIFICATION, "Notification" },
+ { EAP_AKA_REAUTH, "Reauth" },
+ { EAP_AKA_CLIENT_ERROR, "Client error" },
+ { 0, NULL}
+};
+
+/*
+ * Print EAP requests / responses
+ */
+void
+eap_print(netdissect_options *ndo,
+ const u_char *cp,
+ u_int length)
+{
+ u_int type, subtype, len;
+ u_int count;
+ const char *sep;
+
+ type = GET_U_1(cp);
+ len = GET_BE_U_2(cp + 2);
+ if (len != length) {
+ /*
+ * Probably a fragment; in some cases the fragmentation might
+ * not put an EAP header on every packet, if reassembly can
+ * be done without that (e.g., fragmentation to make a message
+ * fit in multiple TLVs in a RADIUS packet).
+ */
+ ND_PRINT("EAP fragment?");
+ return;
+ }
+ ND_PRINT("%s (%u), id %u, len %u",
+ tok2str(eap_code_values, "unknown", type),
+ type,
+ GET_U_1((cp + 1)),
+ len);
+ if (len < 4) {
+ ND_PRINT(" (too short for EAP header)");
+ return;
+ }
+
+ ND_TCHECK_LEN(cp, len);
+
+ if (type == EAP_REQUEST || type == EAP_RESPONSE) {
+ /* RFC 3748 Section 4.1 */
+ if (len < 5) {
+ ND_PRINT(" (too short for EAP request/response)");
+ return;
+ }
+ subtype = GET_U_1(cp + 4);
+ ND_PRINT("\n\t\t Type %s (%u)",
+ tok2str(eap_type_values, "unknown", subtype),
+ subtype);
+
+ switch (subtype) {
+ case EAP_TYPE_IDENTITY:
+ /* According to RFC 3748, the message is optional */
+ if (len > 5) {
+ ND_PRINT(", Identity: ");
+ nd_printjnp(ndo, cp + 5, len - 5);
+ }
+ break;
+
+ case EAP_TYPE_NOTIFICATION:
+ /* According to RFC 3748, there must be at least one octet of message */
+ if (len < 6) {
+ ND_PRINT(" (too short for EAP Notification request/response)");
+ return;
+ }
+ ND_PRINT(", Notification: ");
+ nd_printjnp(ndo, cp + 5, len - 5);
+ break;
+
+ case EAP_TYPE_NAK:
+ /*
+ * one or more octets indicating
+ * the desired authentication
+ * type one octet per type
+ */
+ if (len < 6) {
+ ND_PRINT(" (too short for EAP Legacy NAK request/response)");
+ return;
+ }
+ sep = "";
+ for (count = 5; count < len; count++) {
+ ND_PRINT("%s %s (%u)", sep,
+ tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
+ GET_U_1(cp + count));
+ sep = ",";
+ }
+ break;
+
+ case EAP_TYPE_TTLS:
+ case EAP_TYPE_TLS:
+ if (len < 6) {
+ ND_PRINT(" (too short for EAP TLS/TTLS request/response)");
+ return;
+ }
+ if (subtype == EAP_TYPE_TTLS)
+ ND_PRINT(" TTLSv%u",
+ EAP_TTLS_VERSION(GET_U_1((cp + 5))));
+ ND_PRINT(" flags [%s] 0x%02x",
+ bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
+ GET_U_1(cp + 5));
+
+ if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
+ if (len < 10) {
+ ND_PRINT(" (too short for EAP TLS/TTLS request/response with length)");
+ return;
+ }
+ ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
+ }
+ break;
+
+ case EAP_TYPE_FAST:
+ if (len < 6) {
+ ND_PRINT(" (too short for EAP FAST request/response)");
+ return;
+ }
+ ND_PRINT(" FASTv%u",
+ EAP_TTLS_VERSION(GET_U_1((cp + 5))));
+ ND_PRINT(" flags [%s] 0x%02x",
+ bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
+ GET_U_1(cp + 5));
+
+ if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
+ if (len < 10) {
+ ND_PRINT(" (too short for EAP FAST request/response with length)");
+ return;
+ }
+ ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
+ }
+
+ /* FIXME - TLV attributes follow */
+ break;
+
+ case EAP_TYPE_AKA:
+ case EAP_TYPE_SIM:
+ if (len < 6) {
+ ND_PRINT(" (too short for EAP SIM/AKA request/response)");
+ return;
+ }
+ ND_PRINT(" subtype [%s] 0x%02x",
+ tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
+ GET_U_1(cp + 5));
+
+ /* FIXME - TLV attributes follow */
+ break;
+
+ case EAP_TYPE_MD5_CHALLENGE:
+ case EAP_TYPE_OTP:
+ case EAP_TYPE_GTC:
+ case EAP_TYPE_EXPANDED_TYPES:
+ case EAP_TYPE_EXPERIMENTAL:
+ default:
+ break;
+ }
+ }
+ return;
+trunc:
+ nd_print_trunc(ndo);
+}
+
+void
+eapol_print(netdissect_options *ndo,
+ const u_char *cp)
+{
+ const struct eap_frame_t *eap;
+ u_int eap_type, eap_len;
+
+ ndo->ndo_protocol = "eap";
+ eap = (const struct eap_frame_t *)cp;
+ ND_TCHECK_SIZE(eap);
+ eap_type = GET_U_1(eap->type);
+
+ ND_PRINT("%s (%u) v%u, len %u",
+ tok2str(eap_frame_type_values, "unknown", eap_type),
+ eap_type,
+ GET_U_1(eap->version),
+ GET_BE_U_2(eap->length));
+ if (ndo->ndo_vflag < 1)
+ return;
+
+ cp += sizeof(struct eap_frame_t);
+ eap_len = GET_BE_U_2(eap->length);
+
+ switch (eap_type) {
+ case EAP_FRAME_TYPE_PACKET:
+ if (eap_len == 0)
+ goto trunc;
+ ND_PRINT(", ");
+ eap_print(ndo, cp, eap_len);
+ return;
+ case EAP_FRAME_TYPE_LOGOFF:
+ case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
+ default:
+ break;
+ }
+ return;
+
+ trunc:
+ nd_print_trunc(ndo);
+}