static void
nas_watchdog(bcm_timer_id td, nas_t *nas)
{
nas_sta_t *sta;
int i;
#ifdef BCMDBG
char eabuf[ETHER_ADDR_STR_LEN];
#endif
for (i = 0; i < MAX_SUPPLICANTS; i ++) {
for (sta = nas->sta_hashed[i]; sta; sta = sta->next) {
#ifdef BCMDBG
if (nas->auth_blockout_time) {
if (sta->pae.flags & PAE_FLAG_RADIUS_ACCESS_REJECT)
dbg(nas, "blocking %s, time remaining = %d",
ether_etoa((uchar *)&sta->ea, eabuf), sta->quiet_while);
}
#endif
/* check for time out */
switch (sta->pae.state) {
case AUTHENTICATED:
if (!sta->pae.ssnto)
break;
sta->pae.ssnto--;
/* timed out */
if (sta->pae.ssnto)
continue;
/* send Identity Request */
dbg(nas, "ID req to %s\n", ether_etoa((uchar *)&sta->ea, eabuf));
send_identity_req(nas, sta);
break;
case HELD:
if (sta->quiet_while && --sta->quiet_while == 0)
pae_state(nas, sta, CONNECTING);
break;
case CONNECTING:
if (sta->tx_when && --sta->tx_when == 0) {
if (sta->rxauths > STA_REAUTH_MAX)
pae_state(nas, sta, DISCONNECTED);
else
pae_state(nas, sta, CONNECTING);
}
break;
case AUTHENTICATING:
if (sta->auth_while && --sta->auth_while == 0) {
pae_state(nas, sta, ABORTING);
pae_state(nas, sta, CONNECTING);
}
break;
default:
break;
}
}
}
}
/* Proxy EAP packet from RADIUS server to PAE */
void
radius_dispatch(nas_t *nas, radius_header_t *response)
{
nas_sta_t *sta = &nas->sta[response->id % MAX_SUPPLICANTS];
radius_header_t *request;
int left, type, length = 0, index, authenticated = 0;
unsigned char buf[16], *cur;
eapol_header_t eapol;
eap_header_t *eap = NULL;
unsigned int vendor, ssnto;
unsigned char *mppe_send = NULL, *mppe_recv = NULL, *mppe_key;
struct iovec frags[RADIUS_MAX_ATTRIBUTES];
int nfrags = 0;
#ifdef BCMDBG
char eabuf[ETHER_ADDR_STR_LEN];
#endif
/* The STA could have been toss during the wait. */
if (!sta->used)
return;
request = sta->pae.radius.request;
if (!request || request->id != response->id) {
dbg(nas, "bogus RADIUS packet response->id=%d request->id=%d", response->id,
request->id);
return;
}
/* Parse attributes */
left = ntohs(response->length) - RADIUS_HEADER_LEN;
cur = response->attributes;
while (left >= 2) {
int attribute_error = 0;
type = *cur++;
length = *cur++ - 2;
left -= 2;
/* Bad attribute length */
if (length > left) {
dbg(nas, "bad attribute length %d", length);
break;
}
switch (type) {
case RD_TP_MESSAGE_AUTHENTICATOR:
if (length < 16) {
dbg(nas, "bad signature length %d", length);
attribute_error = 1;
break;
}
/* Validate HMAC-MD5 checksum */
memcpy(buf, cur, 16);
memset(cur, 0, 16);
memcpy(response->vector, request->vector, 16);
/* Calculate HMAC-MD5 checksum with request vector and null signature */
hmac_md5((unsigned char *) response, ntohs(response->length),
nas->secret.data, nas->secret.length, cur);
if ((authenticated = !memcmp(buf, cur, 16)) == 0) {
dbg(nas, "Invalid signature");
attribute_error = 1;
}
break;
case RD_TP_STATE:
/* Preserve server state unmodified */
sta->pae.radius.state.length = length;
if (sta->pae.radius.state.data)
free(sta->pae.radius.state.data);
sta->pae.radius.state.length = length;
if (!(sta->pae.radius.state.data = malloc(sta->pae.radius.state.length))) {
perror("malloc");
attribute_error = 1;
} else
memcpy(sta->pae.radius.state.data, cur,
sta->pae.radius.state.length);
break;
case RD_TP_EAP_MESSAGE:
/* Initialize EAPOL header */
if (!nfrags) {
memcpy(&eapol.eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN);
memcpy(&eapol.eth.ether_shost, &nas->ea, ETHER_ADDR_LEN);
#ifdef BCMWPA2
if (sta->flags & STA_FLAG_PRE_AUTH)
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X_PREAUTH);
else
#endif
eapol.eth.ether_type = htons(ETHER_TYPE_802_1X);
eapol.version = sta->eapol_version;
eapol.type = EAP_PACKET;
eapol.length = htons(0);
eap = (eap_header_t *) cur;
frags[nfrags].iov_base = (caddr_t) &eapol;
frags[nfrags].iov_len = EAPOL_HEADER_LEN;
nfrags++;
/* Set up internal flags */
if (eap->code == EAP_SUCCESS)
sta->pae.flags |= PAE_FLAG_EAP_SUCCESS;
}
/* Gather fragmented EAP messages */
if (nfrags < ARRAYSIZE(frags)) {
eapol.length = htons(ntohs(eapol.length) + length);
frags[nfrags].iov_base = (caddr_t) cur;
frags[nfrags].iov_len = length;
nfrags++;
}
break;
case RD_TP_VENDOR_SPECIFIC:
if (length < 6) {
dbg(nas, "bad vendor attribute length %d", length);
attribute_error = 1;
break;
}
memcpy(&vendor, cur, 4);
vendor = ntohl(vendor);
cur += 4;
type = *cur++;
length = *cur++ - 2;
left -= 6;
/* Bad attribute length */
if (length > left) {
dbg(nas, "bad vendor attribute length %d", length);
attribute_error = 1;
break;
}
/* Parse vendor-specific attributes */
switch (vendor) {
case RD_VENDOR_MICROSOFT:
switch (type) {
case RD_MS_MPPE_SEND:
case RD_MS_MPPE_RECV:
if (response->code != RADIUS_ACCESS_ACCEPT) {
dbg(nas, "ignore MS-MPPE-Key in non"
" RADIUS_ACCESS_ACCEPT packet");
break;
}
/* Key length (minus salt) must be a multiple of 16 and
* greater than 32
*/
if ((length - 2) % 16 || (length - 2) <= 32) {
dbg(nas, "bad MS-MPPE-Key length %d", length);
attribute_error = 1;
break;
}
/* Allocate key */
if (!(mppe_key = malloc(length - 2))) {
perror("malloc");
attribute_error = 1;
break;
}
/* Decrypt key */
memcpy(mppe_key, &cur[2], length - 2);
mppe_crypt(cur, mppe_key, length - 2,
nas->secret.data, nas->secret.length,
request->vector, 0);
/* Set key pointers */
if (type == RD_MS_MPPE_SEND)
mppe_send = mppe_key;
else
mppe_recv = mppe_key;
break;
}
break;
default:
dbg(nas, "unknown vendor attribute = %d", vendor);
dbg(nas, " vendor type = %d", type);
dbg(nas, " attribute string = %s", cur);
break;
}
break;
case RD_TP_SESSION_TIMEOUT:
if (response->code != RADIUS_ACCESS_ACCEPT)
break;
if (length < 4) {
dbg(nas, "bad session timeout attribute length %d", length);
attribute_error = 1;
break;
}
memcpy(&ssnto, cur, 4);
sta->pae.ssnto = ntohl(ssnto);
dbg(nas, "session timeout in %d seconds", sta->pae.ssnto);
break;
default:
/* Ignore all other attributes */
break;
}
/* Don't go on looking if something already went wrong. */
if (attribute_error)
goto done;
left -= length;
cur += length;
}
if (!authenticated && response->code != RADIUS_ACCESS_REJECT) {
dbg(nas, "missing signature");
goto done;
}
if (eap)
sta->pae.id = eap->id;
if (eap &&
(eap->code != EAP_SUCCESS || response->code != RADIUS_ACCESS_ACCEPT) &&
(eap->code != EAP_FAILURE || response->code != RADIUS_ACCESS_REJECT) &&
nfrags) {
#ifdef BCMWPA2
if (sta->flags & STA_FLAG_PRE_AUTH)
nas_preauth_send_packet(nas, frags, nfrags);
else
#endif
nas_eapol_send_packet(nas, frags, nfrags);
}
/* RADIUS event */
switch (response->code) {
case RADIUS_ACCESS_ACCEPT:
/* Check for EAP-Success before allowing complete access */
if (!(sta->pae.flags & PAE_FLAG_EAP_SUCCESS)) {
dbg(nas, "Radius success without EAP success?!");
pae_state(nas, sta, HELD);
dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_deauthorize(nas, &sta->ea);
goto done;
}
dbg(nas, "Access Accept");
pae_state(nas, sta, AUTHENTICATED);
/* overwrite session timeout with global setting */
if (!sta->pae.ssnto || sta->pae.ssnto > nas->ssn_to)
sta->pae.ssnto = nas->ssn_to;
/* WPA-mode needs to do the 4-way handshake here instead. */
if (CHECK_WPA(sta->mode) && mppe_recv) {
fix_wpa(nas, sta, (char *)&mppe_recv[1], (int)mppe_recv[0]);
break;
}
/* Plump the keys to driver and send them to peer as well */
if (mppe_recv) {
/* Cobble a multicast key if there isn't one yet. */
if (!(nas->flags & NAS_FLAG_GTK_PLUMBED)) {
nas->wpa->gtk_index = GTK_INDEX_1;
if (nas->wpa->gtk_len == 0)
nas->wpa->gtk_len = WEP128_KEY_SIZE;
nas_rand128(nas->wpa->gtk);
if (nas_set_key(nas, NULL, nas->wpa->gtk,
nas->wpa->gtk_len, nas->wpa->gtk_index,
1, 0, 0) < 0) {
err(nas, "invalid multicast key");
nas_handle_error(nas, 1);
}
nas->flags |= NAS_FLAG_GTK_PLUMBED;
}
sta->rc4keysec = -1;
sta->rc4keyusec = -1;
/* Send multicast key */
index = nas->wpa->gtk_index;
length = nas->wpa->gtk_len;
if (mppe_send)
eapol_key(nas, sta, &mppe_send[1], mppe_send[0],
&mppe_recv[1], mppe_recv[0],
nas->wpa->gtk, length, index, 0);
else
eapol_key(nas, sta, NULL, 0,
&mppe_recv[1], mppe_recv[0],
nas->wpa->gtk, length, index, 0);
/* MS-MPPE-Recv-Key is MS-MPPE-Send-Key on the Suppl */
index = DOT11_MAX_DEFAULT_KEYS - 1;
length = WEP128_KEY_SIZE;
if (nas_set_key(nas, &sta->ea, &mppe_recv[1], length, index, 1, 0, 0) < 0) {
dbg(nas, "unicast key rejected by driver, assuming too many"
" associated STAs");
cleanup_sta(nas, sta, DOT11_RC_BUSY, 0);
}
/* Set unicast key index */
if (mppe_send)
eapol_key(nas, sta, &mppe_send[1], mppe_send[0],
NULL, 0,
NULL, length, index, 1);
else
eapol_key(nas, sta, NULL, 0,
NULL, 0,
NULL, length, index, 1);
dbg(nas, "authorize %s (802.1x)", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_authorize(nas, &sta->ea);
}
break;
case RADIUS_ACCESS_REJECT:
dbg(nas, "Access Reject");
pae_state(nas, sta, HELD);
dbg(nas, "deauthenticating %s", ether_etoa((uint8 *)&sta->ea, eabuf));
nas_deauthorize(nas, &sta->ea);
sta->pae.ssnto = 0;
break;
case RADIUS_ACCESS_CHALLENGE:
dbg(nas, "Access Challenge");
break;
default:
dbg(nas, "unknown RADIUS code %d", response->code);
break;
}
done:
if (mppe_send)
free(mppe_send);
if (mppe_recv)
free(mppe_recv);
free(request);
sta->pae.radius.request = NULL;
}
static void
eapol_dispatch_ex(nas_t *nas, eapol_header_t *eapol, int preauth, int bytes)
{
nas_sta_t *sta;
eap_header_t *eap;
#ifdef BCMDBG
char eabuf[ETHER_ADDR_STR_LEN];
#endif
/* Validate EAPOL version */
if (!eapol) {
dbg(nas, "Missing EAPOL header");
return;
}
#ifdef NAS_GTK_PER_STA
if (ETHER_ISNULLADDR(eapol->eth.ether_shost) && (eapol->type == 0xFF)) {
wpa_set_gtk_per_sta(nas->wpa, eapol->body[0]);
return;
}
#endif
sta = lookup_sta(nas, (struct ether_addr *) eapol->eth.ether_shost,
SEARCH_ENTER);
if (!sta) {
dbg(nas, "no STA struct available");
return;
}
if (sta->pae.state == HELD) {
dbg(nas, "nothing done since in HELD state");
return;
}
dbg(nas, "%s message from %s", eapol_msg_type_name(eapol->type),
ether_etoa((uchar *)&sta->ea, eabuf));
if (eapol->version < sta->eapol_version) {
dbg(nas, "EAPOL version %d packet received, current version is %d", eapol->version,
sta->eapol_version);
}
if (!preauth) {
/* If this is a WPA key pkt then process it accordingly */
if ((eapol->type == EAPOL_KEY) &&
(CHECK_EAPOL_KEY(eapol->body[0]))) {
/*
* Expect to do this only for WPA_PSK or for WPA either very
* early or after RADIUS acceptance.
*/
if ((CHECK_NAS(sta->mode)) &&
((sta->pae.state == AUTHENTICATED) ||
(sta->pae.state == INITIALIZE))) {
/* process WPA key pkt */
if (process_wpa(nas->wpa, eapol, sta)) {
/* Something wrong in WPA. Lose this sta. */
cleanup_sta(nas, sta, DOT11_RC_8021X_AUTH_FAIL, 0);
}
return;
}
/* return; */
}
/* break out if STA is only PSK */
if (CHECK_PSK(sta->mode))
return;
sta->flags &= ~STA_FLAG_PRE_AUTH;
}
/*
* instead of passing the state variable saying whether this data is from a pre auth
* sta or from a normal store the variable in the sta struct and
* would be reset once the message is handled ... state variable makes sense
* only for this one message.
*/
else {
sta->flags |= STA_FLAG_PRE_AUTH;
sta->mode = WPA2;
sta->eapol_version = WPA2_EAPOL_VERSION;
}
/* EAPOL event : Radius support */
switch (eapol->type) {
case EAP_PACKET:
dbg(nas, "EAP Packet.Preauth=%d", preauth);
if (ntohs(eapol->length) >= (EAP_HEADER_LEN + 1)) {
eap = (eap_header_t *) eapol->body;
dbg(nas, "STA State=%d EAP Packet Type=%d Id=%d code=%d",
sta->pae.state, eap->type, eap->id, eap->code);
switch (eap->type) {
case EAP_IDENTITY:
/* Bogus packet */
if (eap->id != sta->pae.id ||
eap->code != EAP_RESPONSE) {
dbg(nas, "bogus EAP packet id %d code %d, expected %d",
eap->id, eap->code, sta->pae.id);
break;
}
if (sta->pae.state == AUTHENTICATING) {
dbg(nas, "NAS currently authenticating STA. "
"Tossing packet id=%d code=%d.",
eap->id, eap->code);
break;
}
/*
* Do eap length checking to prevent attacker responds to
* an EAP Identity Request with an EAP Identity Response,
* whose Message Length value is larger than the actual
* EAP packet, nas sends out a Radius message with more
* data than contained in the EAP Identity Response. That
* cause nas over-reads the heap memory when forming
* the Radius message. An attack may result in exposure
* of sensitive data from the heap or may allow to cause
* a denial-of-service.
*/
if (ntohs(eap->length) > bytes - EAPOL_HEADER_LEN) {
dbg(nas, "Invalid EAP length %d, received %d.",
ntohs(eap->length), bytes - EAPOL_HEADER_LEN);
break;
}
/* Record identity */
if (ntohs(eap->length) > (EAP_HEADER_LEN + 1)) {
if (sta->pae.radius.username.data)
free(sta->pae.radius.username.data);
sta->pae.radius.username.length = ntohs(eap->length) -
EAP_HEADER_LEN - 1;
if (!(sta->pae.radius.username.data =
malloc(sta->pae.radius.username.length))) {
perror("malloc");
return;
} else
memcpy(sta->pae.radius.username.data, eap->data,
sta->pae.radius.username.length);
}
pae_state(nas, sta, AUTHENTICATING);
/* Fall through */
default:
/* Bogus packet */
/* Forward to authentication server */
RADIUS_FORWARD(nas, sta, eap);
break;
}
}
break;
case EAPOL_START:
dbg(nas, "Start");
sta->pae.id = 0; /* reset counter */
switch (sta->pae.state) {
case AUTHENTICATING:
pae_state(nas, sta, ABORTING);
/* Fall through */
default:
pae_state(nas, sta, CONNECTING);
break;
}
sta->suppl.state = sta->suppl.retry_state = WPA_PTKSTART;
break;
case EAPOL_LOGOFF:
dbg(nas, "Logoff");
switch (sta->pae.state) {
default:
dbg(nas, "Unexpected pae state %d", sta->pae.state);
/* Fall through */
case AUTHENTICATING:
pae_state(nas, sta, ABORTING);
/* Fall through */
case CONNECTING:
case AUTHENTICATED:
pae_state(nas, sta, DISCONNECTED);
dbg(nas, "deauthenticating %s", ether_etoa((uchar *)&sta->ea, eabuf));
nas_deauthorize(nas, &sta->ea);
break;
}
break;
case EAPOL_KEY:
dbg(nas, "Key");
break;
case EAPOL_ASF:
dbg(nas, "Encapsulated ASF Alert");
break;
default:
dbg(nas, "unknown EAPOL type %d", eapol->type);
break;
}
}
