2001-11-06 20:30:40 +00:00
|
|
|
/* packet-eap.c
|
2002-02-25 23:28:32 +00:00
|
|
|
* Routines for EAP Extensible Authentication Protocol dissection
|
2002-02-22 09:52:01 +00:00
|
|
|
* RFC 2284
|
2001-11-06 20:30:40 +00:00
|
|
|
*
|
2002-03-18 00:26:27 +00:00
|
|
|
* $Id: packet-eap.c,v 1.16 2002/03/18 00:26:27 guy Exp $
|
2001-11-06 20:30:40 +00:00
|
|
|
*
|
|
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
|
# include <sys/types.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
|
# include <netinet/in.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2001-11-06 20:30:40 +00:00
|
|
|
#include "packet-ieee8023.h"
|
|
|
|
|
#include "packet-ipx.h"
|
|
|
|
|
#include "packet-llc.h"
|
|
|
|
|
#include "etypes.h"
|
|
|
|
|
#include "ppptypes.h"
|
|
|
|
|
|
|
|
|
|
static int proto_eap = -1;
|
|
|
|
|
static int hf_eap_code = -1;
|
|
|
|
|
static int hf_eap_identifier = -1;
|
|
|
|
|
static int hf_eap_len = -1;
|
|
|
|
|
static int hf_eap_type = -1;
|
|
|
|
|
|
|
|
|
|
static gint ett_eap = -1;
|
|
|
|
|
|
2002-03-18 00:26:27 +00:00
|
|
|
static int leap_state = -1;
|
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
static dissector_handle_t ssl_handle;
|
|
|
|
|
|
2002-02-22 09:52:01 +00:00
|
|
|
#define EAP_REQUEST 1
|
|
|
|
|
#define EAP_RESPONSE 2
|
|
|
|
|
#define EAP_SUCCESS 3
|
|
|
|
|
#define EAP_FAILURE 4
|
|
|
|
|
|
2002-02-06 22:45:43 +00:00
|
|
|
static const value_string eap_code_vals[] = {
|
2002-02-22 09:52:01 +00:00
|
|
|
{ EAP_REQUEST, "Request" },
|
|
|
|
|
{ EAP_RESPONSE, "Response" },
|
|
|
|
|
{ EAP_SUCCESS, "Success" },
|
|
|
|
|
{ EAP_FAILURE, "Failure" },
|
|
|
|
|
{ 0, NULL }
|
2001-11-06 20:30:40 +00:00
|
|
|
};
|
|
|
|
|
|
2002-03-18 00:26:27 +00:00
|
|
|
#define EAP_TYPE_ID 1
|
2002-02-25 23:28:32 +00:00
|
|
|
#define EAP_TYPE_TLS 13
|
2002-03-18 00:26:27 +00:00
|
|
|
#define EAP_TYPE_LEAP 17
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-02-06 22:45:43 +00:00
|
|
|
static const value_string eap_type_vals[] = {
|
2002-03-18 00:26:27 +00:00
|
|
|
{ EAP_TYPE_ID, "Identity" },
|
2002-02-25 23:28:32 +00:00
|
|
|
{ 2, "Notification" },
|
|
|
|
|
{ 3, "Nak (Response only)" },
|
|
|
|
|
{ 4, "MD5-Challenge" },
|
|
|
|
|
{ 5, "One-Time Password (OTP) (RFC 1938)" },
|
|
|
|
|
{ 6, "Generic Token Card" },
|
|
|
|
|
{ EAP_TYPE_TLS, "EAP/TLS (RFC2716)" },
|
2002-03-18 00:26:27 +00:00
|
|
|
{ EAP_TYPE_LEAP,"Cisco LEAP" },
|
2002-02-25 23:28:32 +00:00
|
|
|
{ 0, NULL }
|
2002-02-06 22:45:43 +00:00
|
|
|
};
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-26 11:55:39 +00:00
|
|
|
static int
|
|
|
|
|
dissect_eap_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
|
|
gboolean fragmented)
|
2001-11-06 20:30:40 +00:00
|
|
|
{
|
2002-02-24 08:10:07 +00:00
|
|
|
guint8 eap_code;
|
|
|
|
|
guint8 eap_id;
|
|
|
|
|
guint16 eap_len;
|
|
|
|
|
guint8 eap_type;
|
2002-02-26 11:55:39 +00:00
|
|
|
gint len;
|
2001-11-06 20:30:40 +00:00
|
|
|
proto_tree *ti;
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree *eap_tree = NULL;
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-26 00:51:41 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "EAP");
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
eap_code = tvb_get_guint8(tvb, 0);
|
2002-02-26 00:51:41 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
|
|
|
|
val_to_str(eap_code, eap_code_vals, "Unknown code (0x%02X)"));
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-18 00:26:27 +00:00
|
|
|
if (eap_code == EAP_FAILURE)
|
|
|
|
|
leap_state = -1;
|
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
eap_len = tvb_get_ntohs(tvb, 2);
|
|
|
|
|
len = eap_len;
|
|
|
|
|
|
2002-02-26 11:55:39 +00:00
|
|
|
if (fragmented) {
|
|
|
|
|
/*
|
|
|
|
|
* This is an EAP fragment inside, for example, RADIUS. If we don't
|
|
|
|
|
* have all of the packet data, return the negative of the amount of
|
|
|
|
|
* additional data we need.
|
|
|
|
|
*/
|
|
|
|
|
int reported_len = tvb_reported_length_remaining(tvb, 0);
|
|
|
|
|
|
|
|
|
|
if (reported_len < len)
|
|
|
|
|
return -(len - reported_len);
|
|
|
|
|
}
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
if (tree) {
|
2002-02-26 00:51:41 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_eap, tvb, 0, len, FALSE);
|
|
|
|
|
eap_tree = proto_item_add_subtree(ti, ett_eap);
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_code, tvb, 0, 1, eap_code);
|
2002-02-22 09:52:01 +00:00
|
|
|
}
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_item(eap_tree, hf_eap_identifier, tvb, 1, 1, FALSE);
|
|
|
|
|
|
|
|
|
|
if (tree)
|
|
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_len, tvb, 2, 2, eap_len);
|
|
|
|
|
|
|
|
|
|
switch (eap_code) {
|
2002-02-22 09:52:01 +00:00
|
|
|
|
|
|
|
|
case EAP_REQUEST:
|
|
|
|
|
case EAP_RESPONSE:
|
2002-02-24 08:10:07 +00:00
|
|
|
eap_type = tvb_get_guint8(tvb, 4);
|
2002-03-18 00:26:27 +00:00
|
|
|
|
|
|
|
|
if(eap_type == EAP_TYPE_ID)
|
|
|
|
|
leap_state = 0;
|
|
|
|
|
|
2002-02-26 00:51:41 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
|
|
|
|
|
val_to_str(eap_type, eap_type_vals,
|
|
|
|
|
"Unknown type (0x%02X)"));
|
2002-02-22 09:52:01 +00:00
|
|
|
if (tree) {
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_type, tvb, 4, 1, eap_type);
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-02-22 09:52:01 +00:00
|
|
|
if (len > 5) {
|
2002-02-26 11:55:39 +00:00
|
|
|
int offset = 5;
|
|
|
|
|
gint size = len - offset;
|
2002-02-25 23:28:32 +00:00
|
|
|
|
|
|
|
|
switch (eap_type) {
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_TLS:
|
|
|
|
|
{
|
|
|
|
|
guint8 flags = tvb_get_guint8(tvb, offset);
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Flags(%i): %s%s%s",
|
|
|
|
|
flags,
|
|
|
|
|
flags & 128 ? "Length " : "",
|
|
|
|
|
flags & 64 ? "More " : "",
|
|
|
|
|
flags & 32 ? "Start " : "");
|
|
|
|
|
size--;
|
|
|
|
|
offset++;
|
|
|
|
|
|
|
|
|
|
if (flags >> 7) {
|
|
|
|
|
guint32 length = tvb_get_ntohl(tvb, offset);
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 4, "Length: %i",
|
|
|
|
|
length);
|
|
|
|
|
size -= 4;
|
|
|
|
|
offset += 4;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (size>0) {
|
2002-02-26 00:51:41 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
gint tvb_len;
|
|
|
|
|
|
|
|
|
|
tvb_len = tvb_length_remaining(tvb, offset);
|
|
|
|
|
if (size < tvb_len)
|
|
|
|
|
tvb_len = size;
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, tvb_len, size);
|
2002-02-25 23:55:21 +00:00
|
|
|
call_dissector(ssl_handle, next_tvb, pinfo, eap_tree);
|
2002-02-25 23:28:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2002-03-18 00:26:27 +00:00
|
|
|
/*
|
|
|
|
|
Cisco's LEAP
|
|
|
|
|
http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
case EAP_TYPE_LEAP:
|
|
|
|
|
{
|
|
|
|
|
guint8 field,count,namesize;
|
|
|
|
|
|
|
|
|
|
/* Version (byte) */
|
|
|
|
|
field = tvb_get_guint8(tvb, offset);
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Version: %i",field);
|
|
|
|
|
size--;
|
|
|
|
|
offset++;
|
|
|
|
|
|
|
|
|
|
/* Unused (byte) */
|
|
|
|
|
field = tvb_get_guint8(tvb, offset);
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Reserved: %i",field);
|
|
|
|
|
size--;
|
|
|
|
|
offset++;
|
|
|
|
|
|
|
|
|
|
/* Count (byte) */
|
|
|
|
|
count = tvb_get_guint8(tvb, offset);
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Count: %i",count);
|
|
|
|
|
size--;
|
|
|
|
|
offset++;
|
|
|
|
|
|
|
|
|
|
/* Data (byte*Count)
|
|
|
|
|
This part is state-dependent. */
|
|
|
|
|
if (leap_state==0) {
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
|
|
|
|
"Peer Challenge [R8] (%d byte%s) Value:'%s'",
|
|
|
|
|
count, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, count));
|
|
|
|
|
leap_state++;
|
|
|
|
|
} else if (leap_state==1) {
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
|
|
|
|
"Peer Response MSCHAP [24] (%d byte%s) NtChallengeResponse(%s)",
|
|
|
|
|
count, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, count));
|
|
|
|
|
leap_state++;
|
|
|
|
|
} else if (leap_state==2) {
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
|
|
|
|
"AP Challenge [R8] (%d byte%s) Value:'%s'",
|
|
|
|
|
count, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, count));
|
|
|
|
|
leap_state++;
|
|
|
|
|
} else if (leap_state==3) {
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
|
|
|
|
"AP Response [24] (%d byte%s) NtChallengeResponse(%s)",
|
|
|
|
|
count, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, count));
|
|
|
|
|
leap_state++;
|
|
|
|
|
} else
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
|
|
|
|
"Data (%d byte%s): %s",
|
|
|
|
|
count, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, count));
|
|
|
|
|
|
|
|
|
|
size -= count;
|
|
|
|
|
offset += count;
|
|
|
|
|
|
|
|
|
|
/* Name (Length-(8+Count)) */
|
|
|
|
|
namesize = eap_len - (8+count);
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, namesize,
|
|
|
|
|
"Name (%d byte%s): %s",
|
|
|
|
|
namesize, plurality(count, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, namesize));
|
|
|
|
|
size -= namesize;
|
|
|
|
|
offset += namesize;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
default:
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, size,
|
|
|
|
|
"Type-Data (%d byte%s) Value: %s",
|
|
|
|
|
size, plurality(size, "", "s"),
|
|
|
|
|
tvb_format_text(tvb, offset, size));
|
|
|
|
|
break;
|
|
|
|
|
}
|
2002-02-22 09:52:01 +00:00
|
|
|
}
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
2002-02-26 11:55:39 +00:00
|
|
|
|
|
|
|
|
return tvb_length(tvb);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_eap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
|
{
|
|
|
|
|
return dissect_eap_data(tvb, pinfo, tree, FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dissect_eap_fragment(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
|
{
|
|
|
|
|
return dissect_eap_data(tvb, pinfo, tree, TRUE);
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_register_eap(void)
|
|
|
|
|
{
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
{ &hf_eap_code, {
|
|
|
|
|
"Code", "eap.code", FT_UINT8, BASE_DEC,
|
2002-02-22 09:52:01 +00:00
|
|
|
VALS(eap_code_vals), 0x0, "", HFILL }},
|
2001-11-06 20:30:40 +00:00
|
|
|
{ &hf_eap_identifier, {
|
|
|
|
|
"Id", "eap.id", FT_UINT8, BASE_DEC,
|
|
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
{ &hf_eap_len, {
|
|
|
|
|
"Length", "eap.len", FT_UINT16, BASE_DEC,
|
|
|
|
|
NULL, 0x0, "", HFILL }},
|
|
|
|
|
{ &hf_eap_type, {
|
|
|
|
|
"Type", "eap.type", FT_UINT8, BASE_DEC,
|
2002-02-22 09:52:01 +00:00
|
|
|
VALS(eap_type_vals), 0x0, "", HFILL }},
|
2001-11-06 20:30:40 +00:00
|
|
|
};
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_eap,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
proto_eap = proto_register_protocol("Extensible Authentication Protocol",
|
|
|
|
|
"EAP", "eap");
|
|
|
|
|
proto_register_field_array(proto_eap, hf, array_length(hf));
|
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2002-02-22 21:31:49 +00:00
|
|
|
|
2002-02-26 11:55:39 +00:00
|
|
|
new_register_dissector("eap", dissect_eap, proto_eap);
|
|
|
|
|
new_register_dissector("eap_fragment", dissect_eap_fragment, proto_eap);
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_reg_handoff_eap(void)
|
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t eap_handle;
|
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
/*
|
|
|
|
|
* Get a handle for the SSL/TLS dissector.
|
|
|
|
|
*/
|
|
|
|
|
ssl_handle = find_dissector("ssl");
|
|
|
|
|
|
2002-02-22 21:31:49 +00:00
|
|
|
eap_handle = find_dissector("eap");
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_add("ppp.protocol", PPP_EAP, eap_handle);
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
