The Tcpdump Group git mirrors - tcpdump/blob - print-eap.c

   1 /*
   2  * Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that: (1) source code distributions
   6  * retain the above copyright notice and this paragraph in its entirety, (2)
   7  * distributions including binary code include the above copyright notice and
   8  * this paragraph in its entirety in the documentation or other materials
   9  * provided with the distribution, and (3) all advertising materials mentioning
  10  * features or use of this software display the following acknowledgement:
  11  * ``This product includes software developed by the University of California,
  12  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  13  * the University nor the names of its contributors may be used to endorse
  14  * or promote products derived from this software without specific prior
  15  * written permission.
  16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  17  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  19  */
  20
  21 /* \summary: Extensible Authentication Protocol (EAP) printer */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include "netdissect-stdinc.h"
  28
  29 #define ND_LONGJMP_FROM_TCHECK
  30 #include "netdissect.h"
  31 #include "extract.h"
  32
  33 #define EAP_FRAME_TYPE_PACKET           0
  34 #define EAP_FRAME_TYPE_START            1
  35 #define EAP_FRAME_TYPE_LOGOFF           2
  36 #define EAP_FRAME_TYPE_KEY              3
  37 #define EAP_FRAME_TYPE_ENCAP_ASF_ALERT  4
  38
  39 struct eap_frame_t {
  40     nd_uint8_t  version;
  41     nd_uint8_t  type;
  42     nd_uint16_t length;
  43 };
  44
  45 static const struct tok eap_frame_type_values[] = {
  46     { EAP_FRAME_TYPE_PACKET,            "EAP packet" },
  47     { EAP_FRAME_TYPE_START,             "EAPOL start" },
  48     { EAP_FRAME_TYPE_LOGOFF,            "EAPOL logoff" },
  49     { EAP_FRAME_TYPE_KEY,               "EAPOL key" },
  50     { EAP_FRAME_TYPE_ENCAP_ASF_ALERT,   "Encapsulated ASF alert" },
  51     { 0, NULL}
  52 };
  53
  54 /* RFC 3748 */
  55 struct eap_packet_t {
  56     nd_uint8_t  code;
  57     nd_uint8_t  id;
  58     nd_uint16_t length;
  59 };
  60
  61 #define         EAP_REQUEST     1
  62 #define         EAP_RESPONSE    2
  63 #define         EAP_SUCCESS     3
  64 #define         EAP_FAILURE     4
  65
  66 static const struct tok eap_code_values[] = {
  67     { EAP_REQUEST,      "Request" },
  68     { EAP_RESPONSE,     "Response" },
  69     { EAP_SUCCESS,      "Success" },
  70     { EAP_FAILURE,      "Failure" },
  71     { 0, NULL}
  72 };
  73
  74 #define         EAP_TYPE_NO_PROPOSED    0
  75 #define         EAP_TYPE_IDENTITY       1
  76 #define         EAP_TYPE_NOTIFICATION   2
  77 #define         EAP_TYPE_NAK            3
  78 #define         EAP_TYPE_MD5_CHALLENGE  4
  79 #define         EAP_TYPE_OTP            5
  80 #define         EAP_TYPE_GTC            6
  81 #define         EAP_TYPE_TLS            13              /* RFC 5216 */
  82 #define         EAP_TYPE_SIM            18              /* RFC 4186 */
  83 #define         EAP_TYPE_TTLS           21              /* RFC 5281, draft-funk-eap-ttls-v0-01.txt */
  84 #define         EAP_TYPE_AKA            23              /* RFC 4187 */
  85 #define         EAP_TYPE_FAST           43              /* RFC 4851 */
  86 #define         EAP_TYPE_EXPANDED_TYPES 254
  87 #define         EAP_TYPE_EXPERIMENTAL   255
  88
  89 static const struct tok eap_type_values[] = {
  90     { EAP_TYPE_NO_PROPOSED,     "No proposed" },
  91     { EAP_TYPE_IDENTITY,        "Identity" },
  92     { EAP_TYPE_NOTIFICATION,    "Notification" },
  93     { EAP_TYPE_NAK,             "Nak" },
  94     { EAP_TYPE_MD5_CHALLENGE,   "MD5-challenge" },
  95     { EAP_TYPE_OTP,             "OTP" },
  96     { EAP_TYPE_GTC,             "GTC" },
  97     { EAP_TYPE_TLS,             "TLS" },
  98     { EAP_TYPE_SIM,             "SIM" },
  99     { EAP_TYPE_TTLS,            "TTLS" },
 100     { EAP_TYPE_AKA,             "AKA" },
 101     { EAP_TYPE_FAST,            "FAST" },
 102     { EAP_TYPE_EXPANDED_TYPES,  "Expanded types" },
 103     { EAP_TYPE_EXPERIMENTAL,    "Experimental" },
 104     { 0, NULL}
 105 };
 106
 107 #define EAP_TLS_EXTRACT_BIT_L(x)        (((x)&0x80)>>7)
 108
 109 /* RFC 5216 - EAP TLS bits */
 110 #define EAP_TLS_FLAGS_LEN_INCLUDED              (1 << 7)
 111 #define EAP_TLS_FLAGS_MORE_FRAGMENTS            (1 << 6)
 112 #define EAP_TLS_FLAGS_START                     (1 << 5)
 113
 114 static const struct tok eap_tls_flags_values[] = {
 115         { EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
 116         { EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
 117         { EAP_TLS_FLAGS_START, "Start bit"},
 118         { 0, NULL}
 119 };
 120
 121 #define EAP_TTLS_VERSION(x)             ((x)&0x07)
 122
 123 /* EAP-AKA and EAP-SIM - RFC 4187 */
 124 #define EAP_AKA_CHALLENGE               1
 125 #define EAP_AKA_AUTH_REJECT             2
 126 #define EAP_AKA_SYNC_FAILURE            4
 127 #define EAP_AKA_IDENTITY                5
 128 #define EAP_SIM_START                   10
 129 #define EAP_SIM_CHALLENGE               11
 130 #define EAP_AKA_NOTIFICATION            12
 131 #define EAP_AKA_REAUTH                  13
 132 #define EAP_AKA_CLIENT_ERROR            14
 133
 134 static const struct tok eap_aka_subtype_values[] = {
 135     { EAP_AKA_CHALLENGE,        "Challenge" },
 136     { EAP_AKA_AUTH_REJECT,      "Auth reject" },
 137     { EAP_AKA_SYNC_FAILURE,     "Sync failure" },
 138     { EAP_AKA_IDENTITY,         "Identity" },
 139     { EAP_SIM_START,            "Start" },
 140     { EAP_SIM_CHALLENGE,        "Challenge" },
 141     { EAP_AKA_NOTIFICATION,     "Notification" },
 142     { EAP_AKA_REAUTH,           "Reauth" },
 143     { EAP_AKA_CLIENT_ERROR,     "Client error" },
 144     { 0, NULL}
 145 };
 146
 147 /*
 148  * Print EAP requests / responses
 149  */
 150 void
 151 eap_print(netdissect_options *ndo,
 152           const u_char *cp,
 153           const u_int length)
 154 {
 155     u_int type, subtype, len;
 156     u_int count;
 157     const char *sep;
 158
 159     ndo->ndo_protocol = "eap";
 160     type = GET_U_1(cp);
 161     len = GET_BE_U_2(cp + 2);
 162     ND_ICHECK_U(len, <, 4);
 163     if (len != length) {
 164         /*
 165          * Probably a fragment; in some cases the fragmentation might
 166          * not put an EAP header on every packet, if reassembly can
 167          * be done without that (e.g., fragmentation to make a message
 168          * fit in multiple TLVs in a RADIUS packet).
 169          */
 170         ND_PRINT("EAP fragment?");
 171         return;
 172     }
 173     ND_PRINT("%s (%u), id %u, len %u",
 174             tok2str(eap_code_values, "unknown", type),
 175             type,
 176             GET_U_1((cp + 1)),
 177             len);
 178
 179     ND_TCHECK_LEN(cp, len);
 180
 181     if (type == EAP_REQUEST || type == EAP_RESPONSE) {
 182         /* RFC 3748 Section 4.1 */
 183         ND_ICHECK_U(len, <, 5);
 184         subtype = GET_U_1(cp + 4);
 185         ND_PRINT("\n\t\t Type %s (%u)",
 186                 tok2str(eap_type_values, "unknown", subtype),
 187                 subtype);
 188
 189         switch (subtype) {
 190             case EAP_TYPE_IDENTITY:
 191                 /* According to RFC 3748, the message is optional */
 192                 if (len > 5) {
 193                     ND_PRINT(", Identity: ");
 194                     nd_printjnp(ndo, cp + 5, len - 5);
 195                 }
 196                 break;
 197
 198             case EAP_TYPE_NOTIFICATION:
 199                 /* According to RFC 3748, there must be at least one octet of message */
 200                 ND_ICHECK_U(len, <, 6);
 201                 ND_PRINT(", Notification: ");
 202                 nd_printjnp(ndo, cp + 5, len - 5);
 203                 break;
 204
 205             case EAP_TYPE_NAK:
 206                 /*
 207                  * one or more octets indicating
 208                  * the desired authentication
 209                  * type one octet per type
 210                  */
 211                 ND_ICHECK_U(len, <, 6);
 212                 sep = "";
 213                 for (count = 5; count < len; count++) {
 214                     ND_PRINT("%s %s (%u)", sep,
 215                            tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
 216                            GET_U_1(cp + count));
 217                     sep = ",";
 218                 }
 219                 break;
 220
 221             case EAP_TYPE_TTLS:
 222             case EAP_TYPE_TLS:
 223                 ND_ICHECK_U(len, <, 6);
 224                 if (subtype == EAP_TYPE_TTLS)
 225                     ND_PRINT(" TTLSv%u",
 226                            EAP_TTLS_VERSION(GET_U_1((cp + 5))));
 227                 ND_PRINT(" flags [%s] 0x%02x",
 228                        bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
 229                        GET_U_1(cp + 5));
 230
 231                 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
 232                     ND_ICHECK_U(len, <, 10);
 233                     ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
 234                 }
 235                 break;
 236
 237             case EAP_TYPE_FAST:
 238                 ND_ICHECK_U(len, <, 6);
 239                 ND_PRINT(" FASTv%u",
 240                        EAP_TTLS_VERSION(GET_U_1((cp + 5))));
 241                 ND_PRINT(" flags [%s] 0x%02x",
 242                        bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
 243                        GET_U_1(cp + 5));
 244
 245                 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
 246                     ND_ICHECK_U(len, <, 10);
 247                     ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
 248                 }
 249
 250                 /* FIXME - TLV attributes follow */
 251                 break;
 252
 253             case EAP_TYPE_AKA:
 254             case EAP_TYPE_SIM:
 255                 ND_ICHECK_U(len, <, 6);
 256                 ND_PRINT(" subtype [%s] 0x%02x",
 257                        tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
 258                        GET_U_1(cp + 5));
 259
 260                 /* FIXME - TLV attributes follow */
 261                 break;
 262
 263             case EAP_TYPE_MD5_CHALLENGE:
 264             case EAP_TYPE_OTP:
 265             case EAP_TYPE_GTC:
 266             case EAP_TYPE_EXPANDED_TYPES:
 267             case EAP_TYPE_EXPERIMENTAL:
 268             default:
 269                 break;
 270         }
 271     }
 272     return;
 273
 274 invalid:
 275     nd_print_invalid(ndo);
 276 }
 277
 278 void
 279 eapol_print(netdissect_options *ndo,
 280             const u_char *cp)
 281 {
 282     const struct eap_frame_t *eap;
 283     u_int eap_type, eap_len;
 284
 285     ndo->ndo_protocol = "eap";
 286     eap = (const struct eap_frame_t *)cp;
 287     eap_type = GET_U_1(eap->type);
 288
 289     ND_PRINT("%s (%u) v%u, len %u",
 290            tok2str(eap_frame_type_values, "unknown", eap_type),
 291            eap_type,
 292            GET_U_1(eap->version),
 293            GET_BE_U_2(eap->length));
 294     if (ndo->ndo_vflag < 1)
 295         return;
 296
 297     cp += sizeof(struct eap_frame_t);
 298     eap_len = GET_BE_U_2(eap->length);
 299
 300     switch (eap_type) {
 301     case EAP_FRAME_TYPE_PACKET:
 302         if (eap_len == 0)
 303             goto invalid;
 304         ND_PRINT(", ");
 305         eap_print(ndo, cp, eap_len);
 306         break;
 307     case EAP_FRAME_TYPE_LOGOFF:
 308     case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
 309     default:
 310         break;
 311     }
 312     return;
 313
 314 invalid:
 315     nd_print_invalid(ndo);
 316 }