/* Send a canned EAPOL packet */
static void
eapol_canned(nas_t *nas, nas_sta_t *sta, unsigned char code, unsigned char type)
{
eapol_header_t eapol;
eap_header_t eap;
struct iovec frags[2];
memcpy(&eapol.eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN);
memcpy(&eapol.eth.ether_shost, &nas->ea, ETHER_ADDR_LEN);
if (sta->flags & STA_FLAG_PRE_AUTH)
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH);
else
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X);
eapol.version = sta->eapol_version;
eapol.type = EAP_PACKET;
eapol.length = htons(type ? (EAP_HEADER_LEN + 1) : EAP_HEADER_LEN);
eap.code = code;
eap.id = sta->pae.id;
eap.length = eapol.length;
eap.type = type;
frags[0].iov_base = (caddr_t) &eapol;
frags[0].iov_len = EAPOL_HEADER_LEN;
frags[1].iov_base = (caddr_t) &eap;
frags[1].iov_len = ntohs(eapol.length);
if (sta->flags & STA_FLAG_PRE_AUTH)
nas_preauth_send_packet(nas, frags, 2);
else
nas_eapol_send_packet(nas, frags, 2);
}
/* Proxy EAP packet from RADIUS server to PAE */
void
radius_dispatch(nas_t *nas, radius_header_t *response)
{
nas_sta_t *sta = &nas->sta[response->id % MAX_SUPPLICANTS];
radius_header_t *request;
int left, type, length = 0, index, authenticated = 0;
unsigned char buf[16], *cur;
eapol_header_t eapol;
eap_header_t *eap = NULL;
unsigned int vendor, ssnto;
unsigned char *mppe_send = NULL, *mppe_recv = NULL, *mppe_key;
struct iovec frags[RADIUS_MAX_ATTRIBUTES];
int nfrags = 0;
#ifdef BCMDBG
char eabuf[ETHER_ADDR_STR_LEN];
#endif
/* The STA could have been toss during the wait. */
if (!sta->used)
return;
request = sta->pae.radius.request;
if (!request || request->id != response->id) {
dbg(nas, "bogus RADIUS packet response->id=%d request->id=%d", response->id,
request->id);
return;
}
/* Parse attributes */
left = ntohs(response->length) - RADIUS_HEADER_LEN;
cur = response->attributes;
while (left >= 2) {
int attribute_error = 0;
type = *cur++;
length = *cur++ - 2;
left -= 2;
/* Bad attribute length */
if (length > left) {
dbg(nas, "bad attribute length %d", length);
break;
}
switch (type) {
case RD_TP_MESSAGE_AUTHENTICATOR:
if (length < 16) {
dbg(nas, "bad signature length %d", length);
attribute_error = 1;
break;
}
/* Validate HMAC-MD5 checksum */
memcpy(buf, cur, 16);
memset(cur, 0, 16);
memcpy(response->vector, request->vector, 16);
/* Calculate HMAC-MD5 checksum with request vector and null signature */
hmac_md5((unsigned char *) response, ntohs(response->length),
nas->secret.data, nas->secret.length, cur);
if ((authenticated = !memcmp(buf, cur, 16)) == 0) {
dbg(nas, "Invalid signature");
attribute_error = 1;
}
break;
case RD_TP_STATE:
/* Preserve server state unmodified */
sta->pae.radius.state.length = length;
if (sta->pae.radius.state.data)
free(sta->pae.radius.state.data);
sta->pae.radius.state.length = length;
if (!(sta->pae.radius.state.data = malloc(sta->pae.radius.state.length))) {
perror("malloc");
attribute_error = 1;
} else
memcpy(sta->pae.radius.state.data, cur,
sta->pae.radius.state.length);
break;
case RD_TP_EAP_MESSAGE:
/* Initialize EAPOL header */
if (!nfrags) {
memcpy(&eapol.eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN);
memcpy(&eapol.eth.ether_shost, &nas->ea, ETHER_ADDR_LEN);
#ifdef BCMWPA2
if (sta->flags & STA_FLAG_PRE_AUTH)
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH);
else
#endif
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X);
eapol.version = sta->eapol_version;
eapol.type = EAP_PACKET;
eapol.length = htons(0);
eap = (eap_header_t *) cur;
frags[nfrags].iov_base = (caddr_t) &eapol;
frags[nfrags].iov_len = EAPOL_HEADER_LEN;
nfrags++;
/* Set up internal flags */
if (eap->code == EAP_SUCCESS)
sta->pae.flags |= PAE_FLAG_EAP_SUCCESS;
}
/* Gather fragmented EAP messages */
if (nfrags < ARRAYSIZE(frags)) {
eapol.length = htons(ntohs(eapol.length) + length);
frags[nfrags].iov_base = (caddr_t) cur;
frags[nfrags].iov_len = length;
nfrags++;
}
break;
case RD_TP_VENDOR_SPECIFIC:
if (length < 6) {
dbg(nas, "bad vendor attribute length %d", length);
attribute_error = 1;
break;
}
memcpy(&vendor, cur, 4);
vendor = ntohl(vendor);
cur += 4;
type = *cur++;
length = *cur++ - 2;
left -= 6;
/* Bad attribute length */
if (length > left) {
dbg(nas, "bad vendor attribute length %d", length);
attribute_error = 1;
break;
}
/* Parse vendor-specific attributes */
switch (vendor) {
case RD_VENDOR_MICROSOFT:
switch (type) {
case RD_MS_MPPE_SEND:
case RD_MS_MPPE_RECV:
if (response->code != RADIUS_ACCESS_ACCEPT) {
dbg(nas, "ignore MS-MPPE-Key in non"
" RADIUS_ACCESS_ACCEPT packet");
break;
}
/* Key length (minus salt) must be a multiple of 16 and
* greater than 32
*/
if ((length - 2) % 16 || (length - 2) <= 32) {
dbg(nas, "bad MS-MPPE-Key length %d", length);
attribute_error = 1;
break;
}
/* Allocate key */
if (!(mppe_key = malloc(length - 2))) {
perror("malloc");
attribute_error = 1;
break;
}
/* Decrypt key */
memcpy(mppe_key, &cur[2], length - 2);
mppe_crypt(cur, mppe_key, length - 2,
nas->secret.data, nas->secret.length,
request->vector, 0);
/* Set key pointers */
if (type == RD_MS_MPPE_SEND)
mppe_send = mppe_key;
else
mppe_recv = mppe_key;
break;
}
break;
default:
dbg(nas, "unknown vendor attribute = %d", vendor);
dbg(nas, " vendor type = %d", type);
dbg(nas, " attribute string = %s", cur);
break;
}
break;
case RD_TP_SESSION_TIMEOUT:
if (response->code != RADIUS_ACCESS_ACCEPT)
break;
if (length < 4) {
dbg(nas, "bad session timeout attribute length %d", length);
attribute_error = 1;
break;
}
memcpy(&ssnto, cur, 4);
sta->pae.ssnto = ntohl(ssnto);
dbg(nas, "session timeout in %d seconds", sta->pae.ssnto);
break;
default:
/* Ignore all other attributes */
break;
}
/* Don't go on looking if something already went wrong. */
if (attribute_error)
goto done;
left -= length;
cur += length;
}
if (!authenticated && response->code != RADIUS_ACCESS_REJECT) {
dbg(nas, "missing signature");
goto done;
}
if (eap)
sta->pae.id = eap->id;
if (eap &&
(eap->code != EAP_SUCCESS || response->code != RADIUS_ACCESS_ACCEPT) &&
(eap->code != EAP_FAILURE || response->code != RADIUS_ACCESS_REJECT) &&
nfrags) {
#ifdef BCMWPA2
if (sta->flags & STA_FLAG_PRE_AUTH)
nas_preauth_send_packet(nas, frags, nfrags);
else
#endif
nas_eapol_send_packet(nas, frags, nfrags);
}
/* RADIUS event */
switch (response->code) {
case RADIUS_ACCESS_ACCEPT:
/* Check for EAP-Success before allowing complete access */
if (!(sta->pae.flags & PAE_FLAG_EAP_SUCCESS)) {
dbg(nas, "Radius success without EAP success?!");
pae_state(nas, sta, HELD);
dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_deauthorize(nas, &sta->ea);
goto done;
}
dbg(nas, "Access Accept");
pae_state(nas, sta, AUTHENTICATED);
/* overwrite session timeout with global setting */
if (!sta->pae.ssnto || sta->pae.ssnto > nas->ssn_to)
sta->pae.ssnto = nas->ssn_to;
/* WPA-mode needs to do the 4-way handshake here instead. */
if (CHECK_WPA(sta->mode) && mppe_recv) {
fix_wpa(nas, sta, (char *)&mppe_recv[1], (int)mppe_recv[0]);
break;
}
/* Plump the keys to driver and send them to peer as well */
if (mppe_recv) {
/* Cobble a multicast key if there isn't one yet. */
if (!(nas->flags & NAS_FLAG_GTK_PLUMBED)) {
nas->wpa->gtk_index = GTK_INDEX_1;
if (nas->wpa->gtk_len == 0)
nas->wpa->gtk_len = WEP128_KEY_SIZE;
nas_rand128(nas->wpa->gtk);
if (nas_set_key(nas, NULL, nas->wpa->gtk,
nas->wpa->gtk_len, nas->wpa->gtk_index,
1, 0, 0) < 0) {
err(nas, "invalid multicast key");
nas_handle_error(nas, 1);
}
nas->flags |= NAS_FLAG_GTK_PLUMBED;
}
sta->rc4keysec = -1;
sta->rc4keyusec = -1;
/* Send multicast key */
index = nas->wpa->gtk_index;
length = nas->wpa->gtk_len;
if (mppe_send)
eapol_key(nas, sta, &mppe_send[1], mppe_send[0],
&mppe_recv[1], mppe_recv[0],
nas->wpa->gtk, length, index, 0);
else
eapol_key(nas, sta, NULL, 0,
&mppe_recv[1], mppe_recv[0],
nas->wpa->gtk, length, index, 0);
/* MS-MPPE-Recv-Key is MS-MPPE-Send-Key on the Suppl */
index = DOT11_MAX_DEFAULT_KEYS - 1;
length = WEP128_KEY_SIZE;
if (nas_set_key(nas, &sta->ea, &mppe_recv[1], length, index, 1, 0, 0) < 0) {
dbg(nas, "unicast key rejected by driver, assuming too many"
" associated STAs");
cleanup_sta(nas, sta, DOT11_RC_BUSY, 0);
}
/* Set unicast key index */
if (mppe_send)
eapol_key(nas, sta, &mppe_send[1], mppe_send[0],
NULL, 0,
NULL, length, index, 1);
else
eapol_key(nas, sta, NULL, 0,
NULL, 0,
NULL, length, index, 1);
dbg(nas, "authorize %s (802.1x)", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_authorize(nas, &sta->ea);
}
break;
case RADIUS_ACCESS_REJECT:
dbg(nas, "Access Reject");
pae_state(nas, sta, HELD);
dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_deauthorize(nas, &sta->ea);
sta->pae.ssnto = 0;
break;
case RADIUS_ACCESS_CHALLENGE:
dbg(nas, "Access Challenge");
break;
default:
dbg(nas, "unknown RADIUS code %d", response->code);
break;
}
done:
if (mppe_send)
free(mppe_send);
if (mppe_recv)
free(mppe_recv);
free(request);
sta->pae.radius.request = NULL;
}
/* Send a EAPOL-Key packet */
void
eapol_key(nas_t *nas, nas_sta_t *sta,
unsigned char *send_key, int send_key_len,
unsigned char *recv_key, int recv_key_len,
unsigned char *key, int key_len, int index, int unicast)
{
struct iovec packet;
eapol_header_t *eapol;
eapol_key_header_t *body;
struct timeval tv;
struct timezone tz;
unsigned short length;
unsigned int replay[2];
unsigned char rc4_seed[48] = { 0 };
rc4_ks_t rc4_key;
/* Allocate packet */
packet.iov_len = EAPOL_HEADER_LEN + EAPOL_KEY_HEADER_LEN;
if (key)
packet.iov_len += key_len;
if (!(packet.iov_base = (caddr_t) malloc(packet.iov_len))) {
perror("malloc");
return;
}
/* Fill EAPOL header */
eapol = (eapol_header_t *) packet.iov_base;
memcpy(&eapol->eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN);
memcpy(&eapol->eth.ether_shost, &nas->ea, ETHER_ADDR_LEN);
if (sta->flags & STA_FLAG_PRE_AUTH)
eapol->eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH);
else
eapol->eth.ether_type = htons(ETHER_TYPE_802_1X);
eapol->version = sta->eapol_version;
eapol->type = EAPOL_KEY;
eapol->length = htons(packet.iov_len - EAPOL_HEADER_LEN);
/* Fill EAPOL-Key header */
body = (eapol_key_header_t *) eapol->body;
body->type = EAPOL_RC4_KEY;
/* Length field is unaligned */
length = htons(key_len);
memcpy(&body->length, &length, sizeof(body->length));
/* Replay Counter field is unaligned */
gettimeofday(&tv, &tz);
/*
* keep track timestamp locally in case gettimeofday() does not return
* correct usec value, for example, on vx. It is ok to not adjust
* tv.tv_sec since tv.tv_usec is not going to overflow anyway.
*/
if (tv.tv_usec == sta->rc4keyusec && tv.tv_sec == sta->rc4keysec) {
tv.tv_usec += sta->rc4keycntr;
sta->rc4keycntr ++;
}
else {
sta->rc4keysec = tv.tv_sec;
sta->rc4keyusec = tv.tv_usec;
sta->rc4keycntr = 1;
}
replay[0] = htonl(tv.tv_sec + JAN_1970);
replay[1] = htonl(NTPFRAC(tv.tv_usec));
memcpy(body->replay, replay, sizeof(body->replay));
/* Fill Key IV */
nas_rand128(body->iv);
/* Fill Key Index */
body->index = index;
if (unicast)
body->index |= EAPOL_KEY_UNICAST;
/* Encrypt Key */
if (key) {
memcpy(rc4_seed, body->iv, 16);
memcpy(&rc4_seed[16], recv_key, recv_key_len);
prepare_key(rc4_seed, 16 + recv_key_len, &rc4_key);
memcpy(body->key, key, key_len);
rc4(body->key, key_len, &rc4_key);
}
/* Calculate HMAC-MD5 checksum with null signature */
if (send_key) {
memset(body->signature, 0, 16);
hmac_md5(&eapol->version, packet.iov_len - OFFSETOF(eapol_header_t, version),
send_key, send_key_len, body->signature);
}
if (sta->flags & STA_FLAG_PRE_AUTH)
nas_preauth_send_packet(nas, &packet, 1);
else
nas_eapol_send_packet(nas, &packet, 1);
free(packet.iov_base);
}
