eap__md5_8c_source.html

/*

 * eap_md5.c  EAP MD5 functionality.

 *

 * Version:     $Id: 5e5a47797235a024dd10ee59906ae75b5791e841 $

 *

 *   This program is free software; you can redistribute it and/or modify

 *   it under the terms of the GNU General Public License as published by

 *   the Free Software Foundation; either version 2 of the License, or

 *   (at your option) any later version.

 *

 *   This program is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *   GNU General Public License for more details.

 *

 *   You should have received a copy of the GNU General Public License

 *   along with this program; if not, write to the Free Software

 *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

 *

 * @copyright 2000,2001,2006 The FreeRADIUS server project

 * @copyright 2001 hereUare Communications, Inc. (raghud@hereuare.com)

 */


/*

 *

 *  MD5 Packet Format in EAP Type-Data

 *  --- ------ ------ -- --- ---------

 *  0              1               2               3

 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 * |  Value-Size   |  Value ...

 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 * |  Name ...

 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 *

 */

RCSID("$Id: 5e5a47797235a024dd10ee59906ae75b5791e841 $")


#include <stdio.h>

#include <stdlib.h>

#include <freeradius-devel/eap/base.h>


#include "eap_md5.h"

#include <freeradius-devel/util/md5.h>


/*

 *      We expect only RESPONSE for which SUCCESS or FAILURE is sent back

 */


MD5_PACKET *eap_md5_extract(request_t *request, eap_round_t *eap_round)

{

        md5_packet_t    *data;

        MD5_PACKET      *packet;


        /*

         *      We need a response, of type EAP-MD5, with at least

         *      one byte of type data (EAP-MD5) following the 4-byte

         *      EAP-Packet header.

         */

        if (!eap_round                                   ||

            !eap_round->response                                 ||

            (eap_round->response->code != FR_MD5_RESPONSE)       ||

            eap_round->response->type.num != FR_EAP_METHOD_MD5   ||

            !eap_round->response->type.data              ||

            (eap_round->response->length <= MD5_HEADER_LEN) ||

            (eap_round->response->type.data[0] == 0)) {

                REDEBUG("corrupted data");

                return NULL;

        }


        /*

         *      Sanity check the EAP-MD5 packet sent to us

         *      by the client.

         */

        data = (md5_packet_t *)eap_round->response->type.data;

        if (data->value_size > (eap_round->response->length - 6)) {

                REDEBUG("corrupted data");

                return NULL;

        }


        MEM(packet = talloc_zero(eap_round, MD5_PACKET));


        /*

         *      Code & id for MD5 & EAP are same

         *

         *      but md5_length = length of the EAP-MD5 data, which

         *      doesn't include the EAP header, or the octet saying

         *      EAP-MD5.

         */

        packet->code = eap_round->response->code;

        packet->id = eap_round->response->id;

        packet->length = eap_round->response->length - (MD5_HEADER_LEN + 1);


        /*

         *      Already checked the size above.

         */

        packet->value_size = data->value_size;


        /*

         *      Allocate room for the data, and copy over the data.

         */

        MEM(packet->value = talloc_array(packet, uint8_t, packet->value_size));

        memcpy(packet->value, data->value_name, packet->value_size);


        /*

         *      Name is optional and is present after Value.  We

         *      ignore it.

         */


        return packet;

}


/*

 * verify = MD5(id+password+challenge_sent)

 */


int eap_md5_verify(request_t *request, MD5_PACKET *packet, fr_pair_t *password,

                  uint8_t *challenge)

{

        char    *ptr;

        char    string[1 + FR_MAX_STRING_LEN + MD5_CHALLENGE_LEN];

        uint8_t digest[16];

        unsigned short len;


        /*

         *      Sanity check it.

         */

        if (packet->value_size != 16) {

                REDEBUG("Expected 16 bytes of response to challenge, got %d", packet->value_size);

                return 0;

        }


        if ((1 + password->vp_length + MD5_CHALLENGE_LEN) > sizeof(string)) {

                REDEBUG("Password is too long (expected <= %u", FR_MAX_STRING_LEN);

                return 0;

        }


        len = 0;

        ptr = string;


        /*

         *      This is really rad_chap_pwencode()...

         */

        *ptr++ = packet->id;

        len++;

        memcpy(ptr, password->vp_strvalue, password->vp_length);

        ptr += password->vp_length;

        len += password->vp_length;


        /*

         *      The challenge size is hard-coded.

         */

        memcpy(ptr, challenge, MD5_CHALLENGE_LEN);

        len += MD5_CHALLENGE_LEN;


        fr_md5_calc(digest, (uint8_t *)string, len);


        /*

         *      The length of the response is always 16 for MD5.

         */

        if (fr_digest_cmp(digest, packet->value, 16) != 0) {

                return 0;

        }


        return 1;

}


/*

 *      Compose the portions of the reply packet specific to the

 *      EAP-MD5 protocol, in the EAP reply typedata

 */


int eap_md5_compose(eap_round_t *eap_round, MD5_PACKET *reply)

{

        uint8_t *ptr;


        /*

         *      We really only send Challenge (EAP-Identity),

         *      and EAP-Success, and EAP-Failure.

         */

        if (reply->code < 3) {

                eap_round->request->type.num = FR_EAP_METHOD_MD5;


                fr_assert(reply->length > 0);


                eap_round->request->type.data = talloc_array(eap_round->request,

                                                          uint8_t,

                                                          reply->length);

                if (!eap_round->request->type.data) {

                        talloc_free(reply);

                        return 0;

                }

                ptr = eap_round->request->type.data;

                *ptr++ = (uint8_t)(reply->value_size & 0xFF);

                memcpy(ptr, reply->value, reply->value_size);


                /* Just the Challenge length */

                eap_round->request->type.length = reply->value_size + 1;


                /*

                 *      We don't send a name.

                 */

        } else {

                eap_round->request->type.length = 0;

                /* TODO: In future we might add message here wrt rfc1994 */

        }

        eap_round->request->code = reply->code;

        talloc_free(reply);


        return 1;

}


RCSID
#define RCSID(id)
Definition build.h:487

eap_packet_t::type
eap_type_data_t type
Definition compose.h:39

eap_packet_t::length
size_t length
Definition compose.h:38

eap_round_t::response
eap_packet_t * response
Packet we received from the peer.
Definition compose.h:49

eap_packet_t::code
eap_code_t code
Definition compose.h:36

eap_packet_t::id
uint8_t id
Definition compose.h:37

eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition compose.h:50

eap_round_t
Contains a pair of request and response packets.
Definition compose.h:48

MEM
#define MEM(x)
Definition debug.h:36

eap_type_data_t::num
eap_type_t num
Definition types.h:110

eap_type_data_t::length
size_t length
Definition types.h:111

eap_type_data_t::data
uint8_t * data
Definition types.h:112

FR_EAP_METHOD_MD5
@ FR_EAP_METHOD_MD5
Definition types.h:49

eap_md5_verify
int eap_md5_verify(request_t *request, MD5_PACKET *packet, fr_pair_t *password, uint8_t *challenge)
Definition eap_md5.c:116

eap_md5_compose
int eap_md5_compose(eap_round_t *eap_round, MD5_PACKET *reply)
Definition eap_md5.c:171

eap_md5_extract
MD5_PACKET * eap_md5_extract(request_t *request, eap_round_t *eap_round)
Definition eap_md5.c:49

eap_md5.h

MD5_HEADER_LEN
#define MD5_HEADER_LEN
Definition eap_md5.h:12

FR_MD5_RESPONSE
#define FR_MD5_RESPONSE
Definition eap_md5.h:7

MD5_PACKET::id
unsigned char id
Definition eap_md5.h:38

MD5_CHALLENGE_LEN
#define MD5_CHALLENGE_LEN
Definition eap_md5.h:13

MD5_PACKET::length
unsigned short length
Definition eap_md5.h:39

MD5_PACKET::code
unsigned char code
Definition eap_md5.h:37

MD5_PACKET::value
unsigned char * value
Definition eap_md5.h:41

MD5_PACKET::value_size
unsigned char value_size
Definition eap_md5.h:40

MD5_PACKET
Definition eap_md5.h:36

md5_packet_t
Definition eap_md5.h:26

talloc_free
talloc_free(hp)

fr_md5_calc
void fr_md5_calc(uint8_t out[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen)
Perform a single digest operation on a single input buffer.
Definition merged_model.c:245

uint8_t
unsigned char uint8_t
Definition merged_model.c:30

request_t
Definition merged_model.c:210

fr_digest_cmp
int fr_digest_cmp(uint8_t const *a, uint8_t const *b, size_t length)
Do a comparison of two authentication digests by comparing the FULL data.
Definition misc.c:505

fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38

REDEBUG
#define REDEBUG(fmt,...)
Definition radclient-ng.h:52

value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68

data
static fr_slen_t data
Definition value.h:1340

FR_MAX_STRING_LEN
#define FR_MAX_STRING_LEN
Definition value.h:30