static int respond_eap_md5(RADIUS_PACKET *req,
RADIUS_PACKET *rep)
{
VALUE_PAIR *vp, *id, *state;
size_t valuesize;
uint8_t identifier;
uint8_t const *value;
FR_MD5_CTX context;
uint8_t response[16];
cleanresp(rep);
if ((state = paircopy2(NULL, req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no state attribute found\n");
return 0;
}
if ((id = paircopy2(NULL, req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-ID attribute found\n");
return 0;
}
identifier = id->vp_integer;
if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n");
return 0;
}
/* got the details of the MD5 challenge */
valuesize = vp->vp_octets[0];
value = &vp->vp_octets[1];
/* sanitize items */
if(valuesize > vp->length)
{
fprintf(stderr, "radeapclient: md5 valuesize if too big (%u > %u)\n",
(unsigned int) valuesize, (unsigned int) vp->length);
return 0;
}
/* now do the CHAP operation ourself, rather than build the
* buffer. We could also call rad_chap_encode, but it wants
* a CHAP-Challenge, which we don't want to bother with.
*/
fr_md5_init(&context);
fr_md5_update(&context, &identifier, 1);
fr_md5_update(&context, (uint8_t *) password, strlen(password));
fr_md5_update(&context, value, valuesize);
fr_md5_final(response, &context);
{
uint8_t *p;
uint8_t lg_response;
vp = paircreate(rep, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0);
vp->length = 17;
p = talloc_zero_array(vp, uint8_t, 17);
lg_response = 16;
memcpy(p, &lg_response, 1);
memcpy(p + 1, response, 16);
pairmemsteal(vp, p);
}
pairreplace(&(rep->vps), vp);
pairreplace(&(rep->vps), id);
/* copy the state object in */
pairreplace(&(rep->vps), state);
return 1;
}
/*
* we got an EAP-Request/Sim/Challenge message in a legal state.
*
* use the RAND challenge to produce the SRES result, and then
* use that to generate a new MAC.
*
* for the moment, we ignore the RANDs, then just plug in the SRES
* values.
*
*/
static int process_eap_challenge(RADIUS_PACKET *req,
RADIUS_PACKET *rep)
{
VALUE_PAIR *newvp;
VALUE_PAIR *mac, *randvp;
VALUE_PAIR *sres1,*sres2,*sres3;
VALUE_PAIR *Kc1, *Kc2, *Kc3;
uint8_t calcmac[20];
/* look for the AT_MAC and the challenge data */
mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY);
randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0, TAG_ANY);
if(!mac || !randvp) {
fprintf(stderr, "radeapclient: challenge message needs to contain RAND and MAC\n");
return 0;
}
/*
* compare RAND with randX, to verify this is the right response
* to this challenge.
*/
{
VALUE_PAIR *randcfgvp[3];
uint8_t const *randcfg[3];
randcfg[0] = &randvp->vp_octets[2];
randcfg[1] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE];
randcfg[2] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE*2];
randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY);
randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0, TAG_ANY);
randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0, TAG_ANY);
if(!randcfgvp[0] ||
!randcfgvp[1] ||
!randcfgvp[2]) {
fprintf(stderr, "radeapclient: needs to have rand1, 2 and 3 set.\n");
return 0;
}
if(memcmp(randcfg[0], randcfgvp[0]->vp_octets, EAPSIM_RAND_SIZE)!=0 ||
memcmp(randcfg[1], randcfgvp[1]->vp_octets, EAPSIM_RAND_SIZE)!=0 ||
memcmp(randcfg[2], randcfgvp[2]->vp_octets, EAPSIM_RAND_SIZE)!=0) {
int rnum,i,j;
fprintf(stderr, "radeapclient: one of rand 1,2,3 didn't match\n");
for(rnum = 0; rnum < 3; rnum++) {
fprintf(stderr, "received rand %d: ", rnum);
j=0;
for (i = 0; i < EAPSIM_RAND_SIZE; i++) {
if(j==4) {
printf("_");
j=0;
}
j++;
fprintf(stderr, "%02x", randcfg[rnum][i]);
}
fprintf(stderr, "\nconfigured rand %d: ", rnum);
j=0;
for (i = 0; i < EAPSIM_RAND_SIZE; i++) {
if(j==4) {
printf("_");
j=0;
}
j++;
fprintf(stderr, "%02x", randcfgvp[rnum]->vp_octets[i]);
}
fprintf(stderr, "\n");
}
return 0;
}
}
/*
* now dig up the sres values from the response packet,
* which were put there when we read things in.
*
* Really, they should be calculated from the RAND!
*
*/
sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0, TAG_ANY);
sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0, TAG_ANY);
sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0, TAG_ANY);
if(!sres1 ||
!sres2 ||
!sres3) {
fprintf(stderr, "radeapclient: needs to have sres1, 2 and 3 set.\n");
return 0;
}
memcpy(eapsim_mk.sres[0], sres1->vp_strvalue, sizeof(eapsim_mk.sres[0]));
memcpy(eapsim_mk.sres[1], sres2->vp_strvalue, sizeof(eapsim_mk.sres[1]));
memcpy(eapsim_mk.sres[2], sres3->vp_strvalue, sizeof(eapsim_mk.sres[2]));
Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0, TAG_ANY);
Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0, TAG_ANY);
Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0, TAG_ANY);
if(!Kc1 ||
!Kc2 ||
!Kc3) {
fprintf(stderr, "radeapclient: needs to have Kc1, 2 and 3 set.\n");
return 0;
}
memcpy(eapsim_mk.Kc[0], Kc1->vp_strvalue, sizeof(eapsim_mk.Kc[0]));
memcpy(eapsim_mk.Kc[1], Kc2->vp_strvalue, sizeof(eapsim_mk.Kc[1]));
memcpy(eapsim_mk.Kc[2], Kc3->vp_strvalue, sizeof(eapsim_mk.Kc[2]));
/* all set, calculate keys */
eapsim_calculate_keys(&eapsim_mk);
if(debug_flag) {
eapsim_dump_mk(&eapsim_mk);
}
/* verify the MAC, now that we have all the keys. */
if(eapsim_checkmac(NULL, req->vps, eapsim_mk.K_aut,
eapsim_mk.nonce_mt, sizeof(eapsim_mk.nonce_mt),
calcmac)) {
printf("MAC check succeed\n");
} else {
int i, j;
j=0;
printf("calculated MAC (");
for (i = 0; i < 20; i++) {
if(j==4) {
printf("_");
j=0;
}
j++;
printf("%02x", calcmac[i]);
}
printf(" did not match\n");
return 0;
}
/* form new response clear of any EAP stuff */
cleanresp(rep);
/* mark the subtype as being EAP-SIM/Response/Start */
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = eapsim_challenge;
pairreplace(&(rep->vps), newvp);
{
uint8_t *p;
/*
* fill the SIM_MAC with a field that will in fact get appended
* to the packet before the MAC is calculated
*/
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
p = talloc_zero_array(newvp, uint8_t, EAPSIM_SRES_SIZE*3);
memcpy(p+EAPSIM_SRES_SIZE * 0, sres1->vp_strvalue, EAPSIM_SRES_SIZE);
memcpy(p+EAPSIM_SRES_SIZE * 1, sres2->vp_strvalue, EAPSIM_SRES_SIZE);
memcpy(p+EAPSIM_SRES_SIZE * 2, sres3->vp_strvalue, EAPSIM_SRES_SIZE);
pairmemsteal(newvp, p);
pairreplace(&(rep->vps), newvp);
}
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_KEY, 0);
pairmemcpy(newvp, eapsim_mk.K_aut, EAPSIM_AUTH_SIZE);
pairreplace(&(rep->vps), newvp);
return 1;
}
static int
respond_eap_md5(RADIUS_PACKET *req,
RADIUS_PACKET *rep,const char* pwd)
{
VALUE_PAIR *vp, *id, *state;
size_t valuesize;
uint8_t identifier;
uint8_t *value;
FR_MD5_CTX context;
uint8_t response[16];
cleanresp(rep);
if ((state = paircopy2(req->vps, PW_STATE)) == NULL)
{
fr_strerror_printf("radeapclient: no state attribute found");
return 0;
}
if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
{
fr_strerror_printf("radeapclient: no EAP-ID attribute found");
return 0;
}
identifier = id->vp_integer;
if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5)) == NULL)
{
fr_strerror_printf("radeapclient: no EAP-MD5 attribute found");
return 0;
}
/* got the details of the MD5 challenge */
valuesize = vp->vp_octets[0];
value = &vp->vp_octets[1];
/* sanitize items */
if(valuesize > vp->length)
{
fr_strerror_printf("radeapclient: md5 valuesize if too big (%u > %u)\n",
(unsigned int) valuesize, (unsigned int) vp->length);
return 0;
}
/* now do the CHAP operation ourself, rather than build the
* buffer. We could also call rad_chap_encode, but it wants
* a CHAP-Challenge, which we don't want to bother with.
*/
fr_MD5Init(&context);
fr_MD5Update(&context, &identifier, 1);
fr_MD5Update(&context, (uint8_t *) pwd, strlen(pwd));
fr_MD5Update(&context, value, valuesize);
fr_MD5Final(response, &context);
vp = paircreate(ATTRIBUTE_EAP_BASE+PW_EAP_MD5, PW_TYPE_OCTETS);
vp->vp_octets[0]=16;
memcpy(&vp->vp_strvalue[1], response, 16);
vp->length = 17;
pairreplace(&(rep->vps), vp);
pairreplace(&(rep->vps), id);
/* copy the state object in */
pairreplace(&(rep->vps), state);
return 1;
}
/*
* we got an EAP-Request/Sim/Start message in a legal state.
*
* pick a supported version, put it into the reply, and insert a nonce.
*/
static int process_eap_start(RADIUS_PACKET *req,
RADIUS_PACKET *rep)
{
VALUE_PAIR *vp, *newvp;
VALUE_PAIR *anyidreq_vp, *fullauthidreq_vp, *permanentidreq_vp;
uint16_t const *versions;
uint16_t selectedversion;
unsigned int i,versioncount;
/* form new response clear of any EAP stuff */
cleanresp(rep);
if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0, TAG_ANY)) == NULL) {
fprintf(stderr, "illegal start message has no VERSION_LIST\n");
return 0;
}
versions = (uint16_t const *) vp->vp_strvalue;
/* verify that the attribute length is big enough for a length field */
if(vp->length < 4)
{
fprintf(stderr, "start message has illegal VERSION_LIST. Too short: %u\n", (unsigned int) vp->length);
return 0;
}
versioncount = ntohs(versions[0])/2;
/* verify that the attribute length is big enough for the given number
* of versions present.
*/
if((unsigned)vp->length <= (versioncount*2 + 2))
{
fprintf(stderr, "start message is too short. Claimed %d versions does not fit in %u bytes\n", versioncount, (unsigned int) vp->length);
return 0;
}
/*
* record the versionlist for the MK calculation.
*/
eapsim_mk.versionlistlen = versioncount*2;
memcpy(eapsim_mk.versionlist, (unsigned char const *)(versions+1),
eapsim_mk.versionlistlen);
/* walk the version list, and pick the one we support, which
* at present, is 1, EAP_SIM_VERSION.
*/
selectedversion=0;
for(i=0; i < versioncount; i++)
{
if(ntohs(versions[i+1]) == EAP_SIM_VERSION)
{
selectedversion=EAP_SIM_VERSION;
break;
}
}
if(selectedversion == 0)
{
fprintf(stderr, "eap-sim start message. No compatible version found. We need %d\n", EAP_SIM_VERSION);
for(i=0; i < versioncount; i++)
{
fprintf(stderr, "\tfound version %d\n",
ntohs(versions[i+1]));
}
}
/*
* now make sure that we have only FULLAUTH_ID_REQ.
* I think that it actually might not matter - we can answer in
* anyway we like, but it is illegal to have more than one
* present.
*/
anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0, TAG_ANY);
fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0, TAG_ANY);
permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0, TAG_ANY);
if(!fullauthidreq_vp ||
anyidreq_vp != NULL ||
permanentidreq_vp != NULL) {
fprintf(stderr, "start message has %sanyidreq, %sfullauthid and %spermanentid. Illegal combination.\n",
(anyidreq_vp != NULL ? "a " : "no "),
(fullauthidreq_vp != NULL ? "a " : "no "),
(permanentidreq_vp != NULL ? "a " : "no "));
return 0;
}
/* okay, we have just any_id_req there, so fill in response */
/* mark the subtype as being EAP-SIM/Response/Start */
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = eapsim_start;
pairreplace(&(rep->vps), newvp);
/* insert selected version into response. */
{
uint16_t no_versions;
no_versions = htons(selectedversion);
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_SELECTED_VERSION, 0);
pairmemcpy(newvp, (uint8_t *) &no_versions, 2);
pairreplace(&(rep->vps), newvp);
/* record the selected version */
memcpy(eapsim_mk.versionselect, &no_versions, 2);
}
vp = newvp = NULL;
{
uint32_t nonce[4];
uint8_t *p;
/*
* insert a nonce_mt that we make up.
*/
nonce[0]=fr_rand();
nonce[1]=fr_rand();
nonce[2]=fr_rand();
nonce[3]=fr_rand();
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0);
p = talloc_zero_array(newvp, uint8_t, 18); /* 18 = 16 bytes of nonce + padding */
memcpy(&p[2], nonce, 16);
pairmemsteal(newvp, p);
pairreplace(&(rep->vps), newvp);
/* also keep a copy of the nonce! */
memcpy(eapsim_mk.nonce_mt, nonce, 16);
}
{
uint16_t idlen;
uint8_t *p;
uint16_t no_idlen;
/*
* insert the identity here.
*/
vp = pairfind(rep->vps, PW_USER_NAME, 0, TAG_ANY);
if(!vp)
{
fprintf(stderr, "eap-sim: We need to have a User-Name attribute!\n");
return 0;
}
newvp = paircreate(rep, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_IDENTITY, 0);
idlen = strlen(vp->vp_strvalue);
p = talloc_zero_array(newvp, uint8_t, idlen + 2);
no_idlen = htons(idlen);
memcpy(p, &no_idlen, 2);
memcpy(p + 2, vp->vp_strvalue, idlen);
pairmemsteal(newvp, p);
pairreplace(&(rep->vps), newvp);
/* record it */
memcpy(eapsim_mk.identity, vp->vp_strvalue, idlen);
eapsim_mk.identitylen = idlen;
}
return 1;
}
static int respond_eap_md5(RADIUS_PACKET *req,
RADIUS_PACKET *rep)
{
VALUE_PAIR *vp, *id, *state;
int valuesize, namesize;
unsigned char identifier;
unsigned char *value;
unsigned char *name;
MD5_CTX context;
char response[16];
cleanresp(rep);
if ((state = paircopy2(req->vps, PW_STATE)) == NULL)
{
fprintf(stderr, "radeapclient: no state attribute found\n");
return 0;
}
if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-ID attribute found\n");
return 0;
}
identifier = id->lvalue;
if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n");
return 0;
}
/* got the details of the MD5 challenge */
valuesize = vp->strvalue[0];
value = &vp->strvalue[1];
name = &vp->strvalue[valuesize+1];
namesize = vp->length - (valuesize + 1);
/* sanitize items */
if(valuesize > vp->length)
{
fprintf(stderr, "radeapclient: md5 valuesize if too big (%d > %d)\n",
valuesize, vp->length);
return 0;
}
/* now do the CHAP operation ourself, rather than build the
* buffer. We could also call rad_chap_encode, but it wants
* a CHAP-Challenge, which we don't want to bother with.
*/
librad_MD5Init(&context);
librad_MD5Update(&context, &identifier, 1);
librad_MD5Update(&context, password, strlen(password));
librad_MD5Update(&context, value, valuesize);
librad_MD5Final(response, &context);
vp = paircreate(ATTRIBUTE_EAP_BASE+PW_EAP_MD5, PW_TYPE_OCTETS);
vp->strvalue[0]=16;
memcpy(&vp->strvalue[1], response, 16);
vp->length = 17;
pairreplace(&(rep->vps), vp);
pairreplace(&(rep->vps), id);
/* copy the state object in */
pairreplace(&(rep->vps), state);
return 1;
}
