The Tcpdump Group git mirrors - tcpdump/blob - print-eap.c

   1 /*
   2  * Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that: (1) source code distributions
   6  * retain the above copyright notice and this paragraph in its entirety, (2)
   7  * distributions including binary code include the above copyright notice and
   8  * this paragraph in its entirety in the documentation or other materials
   9  * provided with the distribution, and (3) all advertising materials mentioning
  10  * features or use of this software display the following acknowledgement:
  11  * ``This product includes software developed by the University of California,
  12  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  13  * the University nor the names of its contributors may be used to endorse
  14  * or promote products derived from this software without specific prior
  15  * written permission.
  16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  17  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  19  */
  20
  21 /* \summary: Extensible Authentication Protocol (EAP) printer */
  22
  23 #include <config.h>
  24
  25 #include "netdissect-stdinc.h"
  26
  27 #define ND_LONGJMP_FROM_TCHECK
  28 #include "netdissect.h"
  29 #include "extract.h"
  30
  31 #define EAP_FRAME_TYPE_PACKET           0
  32 #define EAP_FRAME_TYPE_START            1
  33 #define EAP_FRAME_TYPE_LOGOFF           2
  34 #define EAP_FRAME_TYPE_KEY              3
  35 #define EAP_FRAME_TYPE_ENCAP_ASF_ALERT  4
  36
  37 struct eap_frame_t {
  38     nd_uint8_t  version;
  39     nd_uint8_t  type;
  40     nd_uint16_t length;
  41 };
  42
  43 static const struct tok eap_frame_type_values[] = {
  44     { EAP_FRAME_TYPE_PACKET,            "EAP packet" },
  45     { EAP_FRAME_TYPE_START,             "EAPOL start" },
  46     { EAP_FRAME_TYPE_LOGOFF,            "EAPOL logoff" },
  47     { EAP_FRAME_TYPE_KEY,               "EAPOL key" },
  48     { EAP_FRAME_TYPE_ENCAP_ASF_ALERT,   "Encapsulated ASF alert" },
  49     { 0, NULL}
  50 };
  51
  52 /* RFC 3748 */
  53 struct eap_packet_t {
  54     nd_uint8_t  code;
  55     nd_uint8_t  id;
  56     nd_uint16_t length;
  57 };
  58
  59 #define         EAP_REQUEST     1
  60 #define         EAP_RESPONSE    2
  61 #define         EAP_SUCCESS     3
  62 #define         EAP_FAILURE     4
  63
  64 static const struct tok eap_code_values[] = {
  65     { EAP_REQUEST,      "Request" },
  66     { EAP_RESPONSE,     "Response" },
  67     { EAP_SUCCESS,      "Success" },
  68     { EAP_FAILURE,      "Failure" },
  69     { 0, NULL}
  70 };
  71
  72 #define         EAP_TYPE_NO_PROPOSED    0
  73 #define         EAP_TYPE_IDENTITY       1
  74 #define         EAP_TYPE_NOTIFICATION   2
  75 #define         EAP_TYPE_NAK            3
  76 #define         EAP_TYPE_MD5_CHALLENGE  4
  77 #define         EAP_TYPE_OTP            5
  78 #define         EAP_TYPE_GTC            6
  79 #define         EAP_TYPE_TLS            13              /* RFC 5216 */
  80 #define         EAP_TYPE_SIM            18              /* RFC 4186 */
  81 #define         EAP_TYPE_TTLS           21              /* RFC 5281, draft-funk-eap-ttls-v0-01.txt */
  82 #define         EAP_TYPE_AKA            23              /* RFC 4187 */
  83 #define         EAP_TYPE_FAST           43              /* RFC 4851 */
  84 #define         EAP_TYPE_EXPANDED_TYPES 254
  85 #define         EAP_TYPE_EXPERIMENTAL   255
  86
  87 static const struct tok eap_type_values[] = {
  88     { EAP_TYPE_NO_PROPOSED,     "No proposed" },
  89     { EAP_TYPE_IDENTITY,        "Identity" },
  90     { EAP_TYPE_NOTIFICATION,    "Notification" },
  91     { EAP_TYPE_NAK,             "Nak" },
  92     { EAP_TYPE_MD5_CHALLENGE,   "MD5-challenge" },
  93     { EAP_TYPE_OTP,             "OTP" },
  94     { EAP_TYPE_GTC,             "GTC" },
  95     { EAP_TYPE_TLS,             "TLS" },
  96     { EAP_TYPE_SIM,             "SIM" },
  97     { EAP_TYPE_TTLS,            "TTLS" },
  98     { EAP_TYPE_AKA,             "AKA" },
  99     { EAP_TYPE_FAST,            "FAST" },
 100     { EAP_TYPE_EXPANDED_TYPES,  "Expanded types" },
 101     { EAP_TYPE_EXPERIMENTAL,    "Experimental" },
 102     { 0, NULL}
 103 };
 104
 105 #define EAP_TLS_EXTRACT_BIT_L(x)        (((x)&0x80)>>7)
 106
 107 /* RFC 5216 - EAP TLS bits */
 108 #define EAP_TLS_FLAGS_LEN_INCLUDED              (1 << 7)
 109 #define EAP_TLS_FLAGS_MORE_FRAGMENTS            (1 << 6)
 110 #define EAP_TLS_FLAGS_START                     (1 << 5)
 111
 112 static const struct tok eap_tls_flags_values[] = {
 113         { EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
 114         { EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
 115         { EAP_TLS_FLAGS_START, "Start bit"},
 116         { 0, NULL}
 117 };
 118
 119 #define EAP_TTLS_VERSION(x)             ((x)&0x07)
 120
 121 /* EAP-AKA and EAP-SIM - RFC 4187 */
 122 #define EAP_AKA_CHALLENGE               1
 123 #define EAP_AKA_AUTH_REJECT             2
 124 #define EAP_AKA_SYNC_FAILURE            4
 125 #define EAP_AKA_IDENTITY                5
 126 #define EAP_SIM_START                   10
 127 #define EAP_SIM_CHALLENGE               11
 128 #define EAP_AKA_NOTIFICATION            12
 129 #define EAP_AKA_REAUTH                  13
 130 #define EAP_AKA_CLIENT_ERROR            14
 131
 132 static const struct tok eap_aka_subtype_values[] = {
 133     { EAP_AKA_CHALLENGE,        "Challenge" },
 134     { EAP_AKA_AUTH_REJECT,      "Auth reject" },
 135     { EAP_AKA_SYNC_FAILURE,     "Sync failure" },
 136     { EAP_AKA_IDENTITY,         "Identity" },
 137     { EAP_SIM_START,            "Start" },
 138     { EAP_SIM_CHALLENGE,        "Challenge" },
 139     { EAP_AKA_NOTIFICATION,     "Notification" },
 140     { EAP_AKA_REAUTH,           "Reauth" },
 141     { EAP_AKA_CLIENT_ERROR,     "Client error" },
 142     { 0, NULL}
 143 };
 144
 145 /*
 146  * Print EAP requests / responses
 147  */
 148 void
 149 eap_print(netdissect_options *ndo,
 150           const u_char *cp,
 151           const u_int length)
 152 {
 153     u_int type, subtype, len;
 154     u_int count;
 155     const char *sep;
 156
 157     ndo->ndo_protocol = "eap";
 158     type = GET_U_1(cp);
 159     len = GET_BE_U_2(cp + 2);
 160     ND_ICHECK_U(len, <, 4);
 161     if (len != length) {
 162         /*
 163          * Probably a fragment; in some cases the fragmentation might
 164          * not put an EAP header on every packet, if reassembly can
 165          * be done without that (e.g., fragmentation to make a message
 166          * fit in multiple TLVs in a RADIUS packet).
 167          */
 168         ND_PRINT("EAP fragment?");
 169         return;
 170     }
 171     ND_PRINT("%s (%u), id %u, len %u",
 172             tok2str(eap_code_values, "unknown", type),
 173             type,
 174             GET_U_1((cp + 1)),
 175             len);
 176
 177     ND_TCHECK_LEN(cp, len);
 178
 179     if (type == EAP_REQUEST || type == EAP_RESPONSE) {
 180         /* RFC 3748 Section 4.1 */
 181         ND_ICHECK_U(len, <, 5);
 182         subtype = GET_U_1(cp + 4);
 183         ND_PRINT("\n\t\t Type %s (%u)",
 184                 tok2str(eap_type_values, "unknown", subtype),
 185                 subtype);
 186
 187         switch (subtype) {
 188             case EAP_TYPE_IDENTITY:
 189                 /* According to RFC 3748, the message is optional */
 190                 if (len > 5) {
 191                     ND_PRINT(", Identity: ");
 192                     nd_printjnp(ndo, cp + 5, len - 5);
 193                 }
 194                 break;
 195
 196             case EAP_TYPE_NOTIFICATION:
 197                 /* According to RFC 3748, there must be at least one octet of message */
 198                 ND_ICHECK_U(len, <, 6);
 199                 ND_PRINT(", Notification: ");
 200                 nd_printjnp(ndo, cp + 5, len - 5);
 201                 break;
 202
 203             case EAP_TYPE_NAK:
 204                 /*
 205                  * one or more octets indicating
 206                  * the desired authentication
 207                  * type one octet per type
 208                  */
 209                 ND_ICHECK_U(len, <, 6);
 210                 sep = "";
 211                 for (count = 5; count < len; count++) {
 212                     ND_PRINT("%s %s (%u)", sep,
 213                            tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
 214                            GET_U_1(cp + count));
 215                     sep = ",";
 216                 }
 217                 break;
 218
 219             case EAP_TYPE_TTLS:
 220             case EAP_TYPE_TLS:
 221                 ND_ICHECK_U(len, <, 6);
 222                 if (subtype == EAP_TYPE_TTLS)
 223                     ND_PRINT(" TTLSv%u",
 224                            EAP_TTLS_VERSION(GET_U_1((cp + 5))));
 225                 ND_PRINT(" flags [%s] 0x%02x",
 226                        bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
 227                        GET_U_1(cp + 5));
 228
 229                 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
 230                     ND_ICHECK_U(len, <, 10);
 231                     ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
 232                 }
 233                 break;
 234
 235             case EAP_TYPE_FAST:
 236                 ND_ICHECK_U(len, <, 6);
 237                 ND_PRINT(" FASTv%u",
 238                        EAP_TTLS_VERSION(GET_U_1((cp + 5))));
 239                 ND_PRINT(" flags [%s] 0x%02x",
 240                        bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
 241                        GET_U_1(cp + 5));
 242
 243                 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
 244                     ND_ICHECK_U(len, <, 10);
 245                     ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
 246                 }
 247
 248                 /* FIXME - TLV attributes follow */
 249                 break;
 250
 251             case EAP_TYPE_AKA:
 252             case EAP_TYPE_SIM:
 253                 ND_ICHECK_U(len, <, 6);
 254                 ND_PRINT(" subtype [%s] 0x%02x",
 255                        tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
 256                        GET_U_1(cp + 5));
 257
 258                 /* FIXME - TLV attributes follow */
 259                 break;
 260
 261             case EAP_TYPE_MD5_CHALLENGE:
 262             case EAP_TYPE_OTP:
 263             case EAP_TYPE_GTC:
 264             case EAP_TYPE_EXPANDED_TYPES:
 265             case EAP_TYPE_EXPERIMENTAL:
 266             default:
 267                 break;
 268         }
 269     }
 270     return;
 271
 272 invalid:
 273     nd_print_invalid(ndo);
 274 }
 275
 276 void
 277 eapol_print(netdissect_options *ndo,
 278             const u_char *cp)
 279 {
 280     const struct eap_frame_t *eap;
 281     u_int eap_type, eap_len;
 282
 283     ndo->ndo_protocol = "eap";
 284     eap = (const struct eap_frame_t *)cp;
 285     eap_type = GET_U_1(eap->type);
 286
 287     ND_PRINT("%s (%u) v%u, len %u",
 288            tok2str(eap_frame_type_values, "unknown", eap_type),
 289            eap_type,
 290            GET_U_1(eap->version),
 291            GET_BE_U_2(eap->length));
 292     if (ndo->ndo_vflag < 1)
 293         return;
 294
 295     cp += sizeof(struct eap_frame_t);
 296     eap_len = GET_BE_U_2(eap->length);
 297
 298     switch (eap_type) {
 299     case EAP_FRAME_TYPE_PACKET:
 300         if (eap_len == 0)
 301             goto invalid;
 302         ND_PRINT(", ");
 303         eap_print(ndo, cp, eap_len);
 304         break;
 305     case EAP_FRAME_TYPE_LOGOFF:
 306     case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
 307     default:
 308         break;
 309     }
 310     return;
 311
 312 invalid:
 313     nd_print_invalid(ndo);
 314 }