/* Send a canned EAPOL packet */ static void eapol_canned(nas_t *nas, nas_sta_t *sta, unsigned char code, unsigned char type) { eapol_header_t eapol; eap_header_t eap; struct iovec frags[2]; memcpy(&eapol.eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN); memcpy(&eapol.eth.ether_shost, &nas->ea, ETHER_ADDR_LEN); if (sta->flags & STA_FLAG_PRE_AUTH) eapol.eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH); else eapol.eth.ether_type = htons(ETHER_TYPE_802_1X); eapol.version = sta->eapol_version; eapol.type = EAP_PACKET; eapol.length = htons(type ? (EAP_HEADER_LEN + 1) : EAP_HEADER_LEN); eap.code = code; eap.id = sta->pae.id; eap.length = eapol.length; eap.type = type; frags[0].iov_base = (caddr_t) &eapol; frags[0].iov_len = EAPOL_HEADER_LEN; frags[1].iov_base = (caddr_t) &eap; frags[1].iov_len = ntohs(eapol.length); if (sta->flags & STA_FLAG_PRE_AUTH) nas_preauth_send_packet(nas, frags, 2); else nas_eapol_send_packet(nas, frags, 2); }
/* Proxy EAP packet from RADIUS server to PAE */ void radius_dispatch(nas_t *nas, radius_header_t *response) { nas_sta_t *sta = &nas->sta[response->id % MAX_SUPPLICANTS]; radius_header_t *request; int left, type, length = 0, index, authenticated = 0; unsigned char buf[16], *cur; eapol_header_t eapol; eap_header_t *eap = NULL; unsigned int vendor, ssnto; unsigned char *mppe_send = NULL, *mppe_recv = NULL, *mppe_key; struct iovec frags[RADIUS_MAX_ATTRIBUTES]; int nfrags = 0; #ifdef BCMDBG char eabuf[ETHER_ADDR_STR_LEN]; #endif /* The STA could have been toss during the wait. */ if (!sta->used) return; request = sta->pae.radius.request; if (!request || request->id != response->id) { dbg(nas, "bogus RADIUS packet response->id=%d request->id=%d", response->id, request->id); return; } /* Parse attributes */ left = ntohs(response->length) - RADIUS_HEADER_LEN; cur = response->attributes; while (left >= 2) { int attribute_error = 0; type = *cur++; length = *cur++ - 2; left -= 2; /* Bad attribute length */ if (length > left) { dbg(nas, "bad attribute length %d", length); break; } switch (type) { case RD_TP_MESSAGE_AUTHENTICATOR: if (length < 16) { dbg(nas, "bad signature length %d", length); attribute_error = 1; break; } /* Validate HMAC-MD5 checksum */ memcpy(buf, cur, 16); memset(cur, 0, 16); memcpy(response->vector, request->vector, 16); /* Calculate HMAC-MD5 checksum with request vector and null signature */ hmac_md5((unsigned char *) response, ntohs(response->length), nas->secret.data, nas->secret.length, cur); if ((authenticated = !memcmp(buf, cur, 16)) == 0) { dbg(nas, "Invalid signature"); attribute_error = 1; } break; case RD_TP_STATE: /* Preserve server state unmodified */ sta->pae.radius.state.length = length; if (sta->pae.radius.state.data) free(sta->pae.radius.state.data); sta->pae.radius.state.length = length; if (!(sta->pae.radius.state.data = malloc(sta->pae.radius.state.length))) { perror("malloc"); attribute_error = 1; } else memcpy(sta->pae.radius.state.data, cur, sta->pae.radius.state.length); break; case RD_TP_EAP_MESSAGE: /* Initialize EAPOL header */ if (!nfrags) { memcpy(&eapol.eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN); memcpy(&eapol.eth.ether_shost, &nas->ea, ETHER_ADDR_LEN); #ifdef BCMWPA2 if (sta->flags & STA_FLAG_PRE_AUTH) eapol.eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH); else #endif eapol.eth.ether_type = htons(ETHER_TYPE_802_1X); eapol.version = sta->eapol_version; eapol.type = EAP_PACKET; eapol.length = htons(0); eap = (eap_header_t *) cur; frags[nfrags].iov_base = (caddr_t) &eapol; frags[nfrags].iov_len = EAPOL_HEADER_LEN; nfrags++; /* Set up internal flags */ if (eap->code == EAP_SUCCESS) sta->pae.flags |= PAE_FLAG_EAP_SUCCESS; } /* Gather fragmented EAP messages */ if (nfrags < ARRAYSIZE(frags)) { eapol.length = htons(ntohs(eapol.length) + length); frags[nfrags].iov_base = (caddr_t) cur; frags[nfrags].iov_len = length; nfrags++; } break; case RD_TP_VENDOR_SPECIFIC: if (length < 6) { dbg(nas, "bad vendor attribute length %d", length); attribute_error = 1; break; } memcpy(&vendor, cur, 4); vendor = ntohl(vendor); cur += 4; type = *cur++; length = *cur++ - 2; left -= 6; /* Bad attribute length */ if (length > left) { dbg(nas, "bad vendor attribute length %d", length); attribute_error = 1; break; } /* Parse vendor-specific attributes */ switch (vendor) { case RD_VENDOR_MICROSOFT: switch (type) { case RD_MS_MPPE_SEND: case RD_MS_MPPE_RECV: if (response->code != RADIUS_ACCESS_ACCEPT) { dbg(nas, "ignore MS-MPPE-Key in non" " RADIUS_ACCESS_ACCEPT packet"); break; } /* Key length (minus salt) must be a multiple of 16 and * greater than 32 */ if ((length - 2) % 16 || (length - 2) <= 32) { dbg(nas, "bad MS-MPPE-Key length %d", length); attribute_error = 1; break; } /* Allocate key */ if (!(mppe_key = malloc(length - 2))) { perror("malloc"); attribute_error = 1; break; } /* Decrypt key */ memcpy(mppe_key, &cur[2], length - 2); mppe_crypt(cur, mppe_key, length - 2, nas->secret.data, nas->secret.length, request->vector, 0); /* Set key pointers */ if (type == RD_MS_MPPE_SEND) mppe_send = mppe_key; else mppe_recv = mppe_key; break; } break; default: dbg(nas, "unknown vendor attribute = %d", vendor); dbg(nas, " vendor type = %d", type); dbg(nas, " attribute string = %s", cur); break; } break; case RD_TP_SESSION_TIMEOUT: if (response->code != RADIUS_ACCESS_ACCEPT) break; if (length < 4) { dbg(nas, "bad session timeout attribute length %d", length); attribute_error = 1; break; } memcpy(&ssnto, cur, 4); sta->pae.ssnto = ntohl(ssnto); dbg(nas, "session timeout in %d seconds", sta->pae.ssnto); break; default: /* Ignore all other attributes */ break; } /* Don't go on looking if something already went wrong. */ if (attribute_error) goto done; left -= length; cur += length; } if (!authenticated && response->code != RADIUS_ACCESS_REJECT) { dbg(nas, "missing signature"); goto done; } if (eap) sta->pae.id = eap->id; if (eap && (eap->code != EAP_SUCCESS || response->code != RADIUS_ACCESS_ACCEPT) && (eap->code != EAP_FAILURE || response->code != RADIUS_ACCESS_REJECT) && nfrags) { #ifdef BCMWPA2 if (sta->flags & STA_FLAG_PRE_AUTH) nas_preauth_send_packet(nas, frags, nfrags); else #endif nas_eapol_send_packet(nas, frags, nfrags); } /* RADIUS event */ switch (response->code) { case RADIUS_ACCESS_ACCEPT: /* Check for EAP-Success before allowing complete access */ if (!(sta->pae.flags & PAE_FLAG_EAP_SUCCESS)) { dbg(nas, "Radius success without EAP success?!"); pae_state(nas, sta, HELD); dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf)); nas_deauthorize(nas, &sta->ea); goto done; } dbg(nas, "Access Accept"); pae_state(nas, sta, AUTHENTICATED); /* overwrite session timeout with global setting */ if (!sta->pae.ssnto || sta->pae.ssnto > nas->ssn_to) sta->pae.ssnto = nas->ssn_to; /* WPA-mode needs to do the 4-way handshake here instead. */ if (CHECK_WPA(sta->mode) && mppe_recv) { fix_wpa(nas, sta, (char *)&mppe_recv[1], (int)mppe_recv[0]); break; } /* Plump the keys to driver and send them to peer as well */ if (mppe_recv) { /* Cobble a multicast key if there isn't one yet. */ if (!(nas->flags & NAS_FLAG_GTK_PLUMBED)) { nas->wpa->gtk_index = GTK_INDEX_1; if (nas->wpa->gtk_len == 0) nas->wpa->gtk_len = WEP128_KEY_SIZE; nas_rand128(nas->wpa->gtk); if (nas_set_key(nas, NULL, nas->wpa->gtk, nas->wpa->gtk_len, nas->wpa->gtk_index, 1, 0, 0) < 0) { err(nas, "invalid multicast key"); nas_handle_error(nas, 1); } nas->flags |= NAS_FLAG_GTK_PLUMBED; } sta->rc4keysec = -1; sta->rc4keyusec = -1; /* Send multicast key */ index = nas->wpa->gtk_index; length = nas->wpa->gtk_len; if (mppe_send) eapol_key(nas, sta, &mppe_send[1], mppe_send[0], &mppe_recv[1], mppe_recv[0], nas->wpa->gtk, length, index, 0); else eapol_key(nas, sta, NULL, 0, &mppe_recv[1], mppe_recv[0], nas->wpa->gtk, length, index, 0); /* MS-MPPE-Recv-Key is MS-MPPE-Send-Key on the Suppl */ index = DOT11_MAX_DEFAULT_KEYS - 1; length = WEP128_KEY_SIZE; if (nas_set_key(nas, &sta->ea, &mppe_recv[1], length, index, 1, 0, 0) < 0) { dbg(nas, "unicast key rejected by driver, assuming too many" " associated STAs"); cleanup_sta(nas, sta, DOT11_RC_BUSY, 0); } /* Set unicast key index */ if (mppe_send) eapol_key(nas, sta, &mppe_send[1], mppe_send[0], NULL, 0, NULL, length, index, 1); else eapol_key(nas, sta, NULL, 0, NULL, 0, NULL, length, index, 1); dbg(nas, "authorize %s (802.1x)", ether_etoa((uint8 *)&sta->ea, eabuf)); nas_authorize(nas, &sta->ea); } break; case RADIUS_ACCESS_REJECT: dbg(nas, "Access Reject"); pae_state(nas, sta, HELD); dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf)); nas_deauthorize(nas, &sta->ea); sta->pae.ssnto = 0; break; case RADIUS_ACCESS_CHALLENGE: dbg(nas, "Access Challenge"); break; default: dbg(nas, "unknown RADIUS code %d", response->code); break; } done: if (mppe_send) free(mppe_send); if (mppe_recv) free(mppe_recv); free(request); sta->pae.radius.request = NULL; }
/* Send a EAPOL-Key packet */ void eapol_key(nas_t *nas, nas_sta_t *sta, unsigned char *send_key, int send_key_len, unsigned char *recv_key, int recv_key_len, unsigned char *key, int key_len, int index, int unicast) { struct iovec packet; eapol_header_t *eapol; eapol_key_header_t *body; struct timeval tv; struct timezone tz; unsigned short length; unsigned int replay[2]; unsigned char rc4_seed[48] = { 0 }; rc4_ks_t rc4_key; /* Allocate packet */ packet.iov_len = EAPOL_HEADER_LEN + EAPOL_KEY_HEADER_LEN; if (key) packet.iov_len += key_len; if (!(packet.iov_base = (caddr_t) malloc(packet.iov_len))) { perror("malloc"); return; } /* Fill EAPOL header */ eapol = (eapol_header_t *) packet.iov_base; memcpy(&eapol->eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN); memcpy(&eapol->eth.ether_shost, &nas->ea, ETHER_ADDR_LEN); if (sta->flags & STA_FLAG_PRE_AUTH) eapol->eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH); else eapol->eth.ether_type = htons(ETHER_TYPE_802_1X); eapol->version = sta->eapol_version; eapol->type = EAPOL_KEY; eapol->length = htons(packet.iov_len - EAPOL_HEADER_LEN); /* Fill EAPOL-Key header */ body = (eapol_key_header_t *) eapol->body; body->type = EAPOL_RC4_KEY; /* Length field is unaligned */ length = htons(key_len); memcpy(&body->length, &length, sizeof(body->length)); /* Replay Counter field is unaligned */ gettimeofday(&tv, &tz); /* * keep track timestamp locally in case gettimeofday() does not return * correct usec value, for example, on vx. It is ok to not adjust * tv.tv_sec since tv.tv_usec is not going to overflow anyway. */ if (tv.tv_usec == sta->rc4keyusec && tv.tv_sec == sta->rc4keysec) { tv.tv_usec += sta->rc4keycntr; sta->rc4keycntr ++; } else { sta->rc4keysec = tv.tv_sec; sta->rc4keyusec = tv.tv_usec; sta->rc4keycntr = 1; } replay[0] = htonl(tv.tv_sec + JAN_1970); replay[1] = htonl(NTPFRAC(tv.tv_usec)); memcpy(body->replay, replay, sizeof(body->replay)); /* Fill Key IV */ nas_rand128(body->iv); /* Fill Key Index */ body->index = index; if (unicast) body->index |= EAPOL_KEY_UNICAST; /* Encrypt Key */ if (key) { memcpy(rc4_seed, body->iv, 16); memcpy(&rc4_seed[16], recv_key, recv_key_len); prepare_key(rc4_seed, 16 + recv_key_len, &rc4_key); memcpy(body->key, key, key_len); rc4(body->key, key_len, &rc4_key); } /* Calculate HMAC-MD5 checksum with null signature */ if (send_key) { memset(body->signature, 0, 16); hmac_md5(&eapol->version, packet.iov_len - OFFSETOF(eapol_header_t, version), send_key, send_key_len, body->signature); } if (sta->flags & STA_FLAG_PRE_AUTH) nas_preauth_send_packet(nas, &packet, 1); else nas_eapol_send_packet(nas, &packet, 1); free(packet.iov_base); }