Annotation of embedaddon/strongswan/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2009-2015 Tobias Brunner
3: * Copyright (C) 2010 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "eap_mschapv2.h"
18:
19: #include <ctype.h>
20: #include <unistd.h>
21:
22: #include <daemon.h>
23: #include <library.h>
24: #include <collections/enumerator.h>
25: #include <crypto/crypters/crypter.h>
26: #include <crypto/hashers/hasher.h>
27:
28: typedef struct private_eap_mschapv2_t private_eap_mschapv2_t;
29:
30: /**
31: * Private data of an eap_mschapv2_t object.
32: */
33: struct private_eap_mschapv2_t
34: {
35: /**
36: * Public authenticator_t interface.
37: */
38: eap_mschapv2_t public;
39:
40: /**
41: * ID of the server
42: */
43: identification_t *server;
44:
45: /**
46: * ID of the peer
47: */
48: identification_t *peer;
49:
50: /**
51: * challenge sent by the server
52: */
53: chunk_t challenge;
54:
55: /**
56: * generated NT-Response
57: */
58: chunk_t nt_response;
59:
60: /**
61: * generated Authenticator Response
62: */
63: chunk_t auth_response;
64:
65: /**
66: * generated MSK
67: */
68: chunk_t msk;
69:
70: /**
71: * EAP message identifier
72: */
73: uint8_t identifier;
74:
75: /**
76: * MS-CHAPv2-ID (session ID, increases with each retry)
77: */
78: uint8_t mschapv2id;
79:
80: /**
81: * Number of retries
82: */
83: int retries;
84:
85: /**
86: * Provide EAP-Identity
87: */
88: auth_cfg_t *auth;
89:
90: /**
91: * Current state
92: */
93: enum {
94: S_EXPECT_CHALLENGE,
95: S_EXPECT_RESPONSE,
96: S_EXPECT_SUCCESS,
97: S_DONE,
98: } state;
99: };
100:
101: /**
102: * OpCodes
103: */
104: enum mschapv2_opcode_t
105: {
106: MSCHAPV2_CHALLENGE = 1,
107: MSCHAPV2_RESPONSE = 2,
108: MSCHAPV2_SUCCESS = 3,
109: MSCHAPV2_FAILURE = 4,
110: MSCHAPV2_CHANGE_PASSWORD = 7,
111: };
112:
113: /**
114: * Names for OpCodes
115: */
116: ENUM_BEGIN(mschapv2_opcode_names, MSCHAPV2_CHALLENGE, MSCHAPV2_FAILURE,
117: "CHALLENGE",
118: "RESPONSE",
119: "SUCCESS",
120: "FAILURE");
121: ENUM_NEXT(mschapv2_opcode_names, MSCHAPV2_CHANGE_PASSWORD, MSCHAPV2_CHANGE_PASSWORD, MSCHAPV2_FAILURE,
122: "CHANGE_PASSWORD");
123: ENUM_END(mschapv2_opcode_names, MSCHAPV2_CHANGE_PASSWORD);
124:
125: /**
126: * Error codes
127: */
128: enum mschapv2_error_t
129: {
130: ERROR_RESTRICTED_LOGON_HOURS = 646,
131: ERROR_ACCT_DISABLED = 647,
132: ERROR_PASSWD_EXPIRED = 648,
133: ERROR_NO_DIALIN_PERMISSION = 649,
134: ERROR_AUTHENTICATION_FAILURE = 691,
135: ERROR_CHANGING_PASSWORD = 709,
136: };
137:
138: /**
139: * Names for error codes
140: */
141: ENUM_BEGIN(mschapv2_error_names, ERROR_RESTRICTED_LOGON_HOURS, ERROR_NO_DIALIN_PERMISSION,
142: "ERROR_RESTRICTED_LOGON_HOURS",
143: "ERROR_ACCT_DISABLED",
144: "ERROR_PASSWD_EXPIRED",
145: "ERROR_NO_DIALIN_PERMISSION");
146: ENUM_NEXT(mschapv2_error_names, ERROR_AUTHENTICATION_FAILURE, ERROR_AUTHENTICATION_FAILURE, ERROR_NO_DIALIN_PERMISSION,
147: "ERROR_AUTHENTICATION_FAILURE");
148: ENUM_NEXT(mschapv2_error_names, ERROR_CHANGING_PASSWORD, ERROR_CHANGING_PASSWORD, ERROR_AUTHENTICATION_FAILURE,
149: "ERROR_CHANGING_PASSWORD");
150: ENUM_END(mschapv2_error_names, ERROR_CHANGING_PASSWORD);
151:
152: /* Length of the challenge */
153: #define CHALLENGE_LEN 16
154: /* Length of the response (see eap_mschapv2_response_t) */
155: #define RESPONSE_LEN 49
156: /* Length of the authenticator response string ("S=<...>") */
157: #define AUTH_RESPONSE_LEN 42
158: /* Name we send as authenticator */
159: #define MSCHAPV2_HOST_NAME "strongSwan"
160: /* Message sent on success */
161: #define SUCCESS_MESSAGE " M=Welcome2strongSwan"
162: /* Message sent on failure */
163: #define FAILURE_MESSAGE "E=691 R=1 C="
164: /* Length of the complete failure message */
165: #define FAILURE_MESSAGE_LEN (sizeof(FAILURE_MESSAGE) + CHALLENGE_LEN * 2)
166:
167: /* Number of seconds to delay retries */
168: #define RETRY_DELAY 2
169: /* Maximum number of retries */
170: #define MAX_RETRIES 2
171:
172: typedef struct eap_mschapv2_header_t eap_mschapv2_header_t;
173: typedef struct eap_mschapv2_challenge_t eap_mschapv2_challenge_t;
174: typedef struct eap_mschapv2_response_t eap_mschapv2_response_t;
175:
176: /**
177: * packed EAP-MS-CHAPv2 header struct
178: */
179: struct eap_mschapv2_header_t
180: {
181: /** EAP code (REQUEST/RESPONSE) */
182: uint8_t code;
183: /** unique message identifier */
184: uint8_t identifier;
185: /** length of whole message */
186: uint16_t length;
187: /** EAP type */
188: uint8_t type;
189: /** MS-CHAPv2 OpCode */
190: uint8_t opcode;
191: /** MS-CHAPv2-ID (equals identifier) */
192: uint8_t ms_chapv2_id;
193: /** MS-Length (defined as length - 5) */
194: uint16_t ms_length;
195: /** packet data (determined by OpCode) */
196: uint8_t data[];
197: }__attribute__((__packed__));
198:
199: /**
200: * packed data for a MS-CHAPv2 Challenge packet
201: */
202: struct eap_mschapv2_challenge_t
203: {
204: /** Value-Size */
205: uint8_t value_size;
206: /** Challenge */
207: uint8_t challenge[CHALLENGE_LEN];
208: /** Name */
209: uint8_t name[];
210: }__attribute__((__packed__));
211:
212: /**
213: * packed data for a MS-CHAPv2 Response packet
214: */
215: struct eap_mschapv2_response_t
216: {
217: /** Value-Size */
218: uint8_t value_size;
219: /** Response */
220: struct
221: {
222: /* Peer-Challenge*/
223: uint8_t peer_challenge[CHALLENGE_LEN];
224: /* Reserved (=zero) */
225: uint8_t peer_reserved[8];
226: /* NT-Response */
227: uint8_t nt_response[24];
228: /* Flags (=zero) */
229: uint8_t flags;
230: } response;
231: /** Name */
232: uint8_t name[];
233: }__attribute__((__packed__));
234:
235: /**
236: * Length of the MS-CHAPv2 header
237: */
238: #define HEADER_LEN (sizeof(eap_mschapv2_header_t))
239:
240: /**
241: * Length of the header for MS-CHAPv2 success/failure packets (does not include
242: * MS-CHAPv2-ID and MS-Length, i.e. 3 octets)
243: */
244: #define SHORT_HEADER_LEN (HEADER_LEN - 3)
245:
246: /**
247: * The minimum length of an MS-CHAPv2 Challenge packet (the name MUST be
248: * at least one octet)
249: */
250: #define CHALLENGE_PAYLOAD_LEN (HEADER_LEN + sizeof(eap_mschapv2_challenge_t))
251:
252: /**
253: * The minimum length of an MS-CHAPv2 Response packet
254: */
255: #define RESPONSE_PAYLOAD_LEN (HEADER_LEN + sizeof(eap_mschapv2_response_t))
256:
257:
258: /**
259: * Expand a 56-bit key to a 64-bit DES key by adding parity bits (odd parity)
260: */
261: static chunk_t ExpandDESKey(chunk_t key)
262: {
263: static const u_char bitmask[] = { 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
264: int i;
265: u_char carry = 0;
266: chunk_t expanded;
267:
268: /* expand the 7 octets to 8 octets */
269: expanded = chunk_alloc(8);
270: for (i = 0; i < 7; i++)
271: {
272: expanded.ptr[i] = ((key.ptr[i] & bitmask[i]) >> i) | (carry << (8 - i));
273: carry = key.ptr[i] & ~bitmask[i];
274: }
275: expanded.ptr[7] = carry << 1;
276:
277: /* add parity bits to each octet */
278: for (i = 0; i < 8; i++)
279: {
280: u_char val = expanded.ptr[i];
281: val = (val ^ (val >> 4)) & 0x0f;
282: expanded.ptr[i] |= (0x9669 >> val) & 1;
283: }
284: return expanded;
285: }
286:
287: /**
288: * Calculate the NT password hash (i.e. hash the (unicode) password with MD4)
289: */
290: static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash)
291: {
292: hasher_t *hasher;
293: hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD4);
294: if (hasher == NULL)
295: {
296: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available");
297: return FAILED;
298: }
299: if (!hasher->allocate_hash(hasher, password, password_hash))
300: {
301: hasher->destroy(hasher);
302: return FAILED;
303: }
304: hasher->destroy(hasher);
305: return SUCCESS;
306: }
307:
308: /**
309: * Calculate the challenge hash (i.e. hash [peer_challenge | server_challenge |
310: * username (without domain part)] with SHA1)
311: */
312: static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge,
313: chunk_t username, chunk_t *challenge_hash)
314: {
315: chunk_t concat;
316: hasher_t *hasher;
317: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
318: if (hasher == NULL)
319: {
320: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported");
321: return FAILED;
322: }
323: concat = chunk_cata("ccc", peer_challenge, server_challenge, username);
324: if (!hasher->allocate_hash(hasher, concat, challenge_hash))
325: {
326: hasher->destroy(hasher);
327: return FAILED;
328: }
329: hasher->destroy(hasher);
330: /* we need only the first 8 octets */
331: challenge_hash->len = 8;
332: return SUCCESS;
333: }
334:
335: /**
336: * Calculate the challenge response (i.e. expand password_hash to three DES keys
337: * and then encrypt the 8-octet challenge_hash with these keys and concatenate
338: * the results).
339: */
340: static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash,
341: chunk_t *response)
342: {
343: int i;
344: crypter_t *crypter;
345: chunk_t keys[3], z_password_hash;
346: crypter = lib->crypto->create_crypter(lib->crypto, ENCR_DES_ECB, 8);
347: if (crypter == NULL)
348: {
349: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, DES-ECB not supported");
350: return FAILED;
351: }
352: /* prepare keys: first pad password_hash to 21 octets, these get then split
353: * into 7-octet chunks, which then get expanded into 8-octet DES keys */
354: z_password_hash = chunk_alloca(21);
355: memset(z_password_hash.ptr, 0, z_password_hash.len);
356: memcpy(z_password_hash.ptr, password_hash.ptr, password_hash.len);
357: chunk_split(z_password_hash, "mmm", 7, &keys[0], 7, &keys[1], 7, &keys[2]);
358:
359: *response = chunk_alloc(24);
360: for (i = 0; i < 3; i++)
361: {
362: chunk_t expanded, encrypted;
363:
364: expanded = ExpandDESKey(keys[i]);
365: if (!crypter->set_key(crypter, expanded) ||
366: !crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
367: {
368: chunk_clear(&expanded);
369: crypter->destroy(crypter);
370: return FAILED;
371: }
372: memcpy(&response->ptr[i * 8], encrypted.ptr, encrypted.len);
373: chunk_clear(&encrypted);
374: chunk_clear(&expanded);
375: }
376: crypter->destroy(crypter);
377: return SUCCESS;
378: }
379:
380: /**
381: * Computes the authenticator response
382: */
383: static status_t AuthenticatorResponse(chunk_t password_hash_hash,
384: chunk_t challenge_hash, chunk_t nt_response, chunk_t *response)
385: {
386: chunk_t magic1 = chunk_from_chars(
387: 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
388: 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
389: 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
390: 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74);
391: chunk_t magic2 = chunk_from_chars(
392: 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
393: 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
394: 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
395: 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
396: 0x6E);
397: chunk_t digest = chunk_empty, concat;
398: hasher_t *hasher;
399:
400: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
401: if (hasher == NULL)
402: {
403: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported");
404: return FAILED;
405: }
406:
407: concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
408: if (!hasher->allocate_hash(hasher, concat, &digest))
409: {
410: hasher->destroy(hasher);
411: return FAILED;
412: }
413: concat = chunk_cata("ccc", digest, challenge_hash, magic2);
414: if (!hasher->allocate_hash(hasher, concat, response))
415: {
416: hasher->destroy(hasher);
417: return FAILED;
418: }
419: hasher->destroy(hasher);
420: chunk_free(&digest);
421: return SUCCESS;
422: }
423:
424: /**
425: * Generate the master session key according to RFC3079
426: */
427: static status_t GenerateMSK(chunk_t password_hash_hash,
428: chunk_t nt_response, chunk_t *msk)
429: {
430: chunk_t magic1 = chunk_from_chars(
431: 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
432: 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
433: 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79);
434: chunk_t magic2 = chunk_from_chars(
435: 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
436: 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
437: 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
438: 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
439: 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
440: 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
441: 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
442: 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
443: 0x6b, 0x65, 0x79, 0x2e);
444: chunk_t magic3 = chunk_from_chars(
445: 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
446: 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
447: 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
448: 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
449: 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
450: 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
451: 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
452: 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
453: 0x6b, 0x65, 0x79, 0x2e);
454: chunk_t shapad1 = chunk_from_chars(
455: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
456: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
457: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
458: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
459: chunk_t shapad2 = chunk_from_chars(
460: 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
461: 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
462: 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
463: 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2);
464: chunk_t keypad = chunk_from_chars(
465: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
466: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
467: char master_key[HASH_SIZE_SHA1];
468: char master_receive_key[HASH_SIZE_SHA1], master_send_key[HASH_SIZE_SHA1];
469: chunk_t concat, master;
470: hasher_t *hasher;
471:
472: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
473: if (hasher == NULL)
474: {
475: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported");
476: return FAILED;
477: }
478:
479: concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
480: if (!hasher->get_hash(hasher, concat, master_key))
481: {
482: hasher->destroy(hasher);
483: return FAILED;
484: }
485: master = chunk_create(master_key, 16);
486: concat = chunk_cata("cccc", master, shapad1, magic2, shapad2);
487: if (!hasher->get_hash(hasher, concat, master_receive_key))
488: {
489: hasher->destroy(hasher);
490: return FAILED;
491: }
492: concat = chunk_cata("cccc", master, shapad1, magic3, shapad2);
493: if (!hasher->get_hash(hasher, concat, master_send_key))
494: {
495: hasher->destroy(hasher);
496: return FAILED;
497: }
498:
499: *msk = chunk_cat("cccc", chunk_create(master_receive_key, 16),
500: chunk_create(master_send_key, 16), keypad, keypad);
501:
502: hasher->destroy(hasher);
503: return SUCCESS;
504: }
505:
506: static status_t GenerateStuff(private_eap_mschapv2_t *this,
507: chunk_t server_challenge, chunk_t peer_challenge,
508: chunk_t username, chunk_t nt_hash)
509: {
510: status_t status = FAILED;
511: chunk_t nt_hash_hash = chunk_empty, challenge_hash = chunk_empty;
512:
513: if (NtPasswordHash(nt_hash, &nt_hash_hash) != SUCCESS)
514: {
515: goto error;
516: }
517: if (ChallengeHash(peer_challenge, server_challenge, username,
518: &challenge_hash) != SUCCESS)
519: {
520: goto error;
521: }
522: if (ChallengeResponse(challenge_hash, nt_hash,
523: &this->nt_response) != SUCCESS)
524: {
525: goto error;
526: }
527: if (AuthenticatorResponse(nt_hash_hash, challenge_hash,
528: this->nt_response, &this->auth_response) != SUCCESS)
529: {
530: goto error;
531: }
532: if (GenerateMSK(nt_hash_hash, this->nt_response, &this->msk) != SUCCESS)
533: {
534: goto error;
535: }
536:
537: status = SUCCESS;
538:
539: error:
540: chunk_free(&nt_hash_hash);
541: chunk_free(&challenge_hash);
542: return status;
543: }
544:
545: /**
546: * Try to decode the UTF-8 byte sequence utf8 points to and advance the
547: * position. Returns FALSE if the byte sequence is incomplete (the actual
548: * values are not validated).
549: */
550: static inline bool decode_utf8(chunk_t *utf8, uint32_t *c)
551: {
552: uint8_t b1, b2, b3, b4;
553: int i = 0;
554:
555: if (!utf8->len)
556: {
557: return FALSE;
558: }
559:
560: b1 = utf8->ptr[i++];
561: if (b1 & 0x80)
562: {
563: if (i == utf8->len)
564: {
565: return FALSE;
566: }
567: b2 = utf8->ptr[i++];
568: if (b1 < 0xe0)
569: { /* two-byte encoding */
570: *c = ((b1 & 0x1f) << 6) | (b2 & 0x3f);
571: goto done;
572: }
573: if (i == utf8->len)
574: {
575: return FALSE;
576: }
577: b3 = utf8->ptr[i++];
578: if (b1 < 0xf0)
579: { /* three-byte encoding */
580: *c = ((b1 & 0x0f) << 12) | ((b2 & 0x3f) << 6) | (b3 & 0x3f);
581: goto done;
582: }
583: if (i == utf8->len)
584: {
585: return FALSE;
586: }
587: b4 = utf8->ptr[i++];
588: /* four-byte encoding */
589: *c = ((b1 & 0x07) << 18) | ((b2 & 0x3f) << 12) |
590: ((b3 & 0x3f) << 6) | (b4 & 0x3f);
591: }
592: else
593: { /* single-byte ASCII */
594: *c = b1;
595: }
596:
597: done:
598: *utf8 = chunk_skip(*utf8, i);
599: return TRUE;
600: }
601:
602: /**
603: * Encode the given code point (or surrogate) as UTF-16LE where utf16 points
604: * to and advance the position.
605: */
606: static inline void encode_utf16le_single(chunk_t *utf16, uint16_t c)
607: {
608: if (utf16->len >= 2)
609: {
610: utf16->ptr[0] = c & 0xff;
611: utf16->ptr[1] = c >> 8;
612: *utf16 = chunk_skip(*utf16, 2);
613: }
614: }
615:
616: /**
617: * Encode the given code point as UTF-16LE where utf16 points to and advance
618: * the position. Invalid code points are ignored.
619: */
620: static inline void encode_utf16le(chunk_t *utf16, uint32_t c)
621: {
622:
623: if (c >= 0xd800 && (c <= 0xdfff || c > 0x10ffff ||
624: (0xfdd0 <= c && (c <= 0xfdef || (c & 0xfffe) == 0xfffe))))
625: { /* ignore code points that are not characters: single surrogates
626: * 0xd800..0xdfff, any value > 0x10ffff, 0xfdd0..0xfdef as per
627: * Unicode 3.1, the last two in each plane 0x__fffe and 0x__ffff. */
628: return;
629: }
630: if (c < 0x10000)
631: { /* BMP code points */
632: encode_utf16le_single(utf16, c);
633: }
634: else
635: { /* supplementary code points are split into two 16-bit surrogates */
636: encode_utf16le_single(utf16, 0xd7c0 + (c >> 10));
637: encode_utf16le_single(utf16, 0xdc00 | (c & 0x3ff));
638: }
639: }
640:
641: /**
642: * Converts an (assumed) UTF-8 string into a UTF-16 (little-endian) string
643: */
644: static chunk_t utf8_to_utf16le(chunk_t utf8)
645: {
646: chunk_t utf16, buf;
647: uint32_t c;
648:
649: /* unless the input is ASCII-only this will generally be too much, but
650: * doesn't really matter for the length of strings processed here */
651: utf16 = buf = chunk_alloc(utf8.len * 2);
652:
653: while (decode_utf8(&utf8, &c))
654: {
655: encode_utf16le(&buf, c);
656: }
657:
658: utf16.len = utf16.len - buf.len;
659:
660: return utf16;
661: }
662:
663: /**
664: * sanitize a string for printing
665: */
666: static char* sanitize(char *str)
667: {
668: char *pos = str;
669:
670: while (pos && *pos)
671: {
672: if (!isprint(*pos))
673: {
674: *pos = '?';
675: }
676: pos++;
677: }
678: return str;
679: }
680:
681: /**
682: * Returns a chunk of just the username part of the given user identity.
683: * Note: the chunk points to internal data of the given chunk
684: */
685: static chunk_t extract_username(chunk_t id)
686: {
687: char *has_domain;
688:
689: has_domain = (char*)memchr(id.ptr, '\\', id.len);
690: if (has_domain)
691: {
692: int len;
693: has_domain++; /* skip the backslash */
694: len = id.len - ((u_char*)has_domain - id.ptr);
695: return len > 0 ? chunk_create(has_domain, len) : chunk_empty;
696: }
697: return id;
698: }
699:
700: /**
701: * Set the ms_length field using aligned write
702: */
703: static void set_ms_length(eap_mschapv2_header_t *eap, uint16_t len)
704: {
705: len = htons(len - 5);
706: memcpy(&eap->ms_length, &len, sizeof(uint16_t));
707: }
708:
709: METHOD(eap_method_t, initiate_peer, status_t,
710: private_eap_mschapv2_t *this, eap_payload_t **out)
711: {
712: /* peer never initiates */
713: return FAILED;
714: }
715:
716: METHOD(eap_method_t, initiate_server, status_t,
717: private_eap_mschapv2_t *this, eap_payload_t **out)
718: {
719: rng_t *rng;
720: eap_mschapv2_header_t *eap;
721: eap_mschapv2_challenge_t *cha;
722: const char *name = MSCHAPV2_HOST_NAME;
723: uint16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1;
724:
725: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
726: if (!rng || !rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge))
727: {
728: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no challenge");
729: DESTROY_IF(rng);
730: return FAILED;
731: }
732: rng->destroy(rng);
733:
734: eap = alloca(len);
735: eap->code = EAP_REQUEST;
736: eap->identifier = this->identifier;
737: eap->length = htons(len);
738: eap->type = EAP_MSCHAPV2;
739: eap->opcode = MSCHAPV2_CHALLENGE;
740: eap->ms_chapv2_id = this->mschapv2id;
741: set_ms_length(eap, len);
742:
743: cha = (eap_mschapv2_challenge_t*)eap->data;
744: cha->value_size = CHALLENGE_LEN;
745: memcpy(cha->challenge, this->challenge.ptr, this->challenge.len);
746: memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1);
747:
748: *out = eap_payload_create_data(chunk_create((void*) eap, len));
749: this->state = S_EXPECT_RESPONSE;
750: return NEED_MORE;
751: }
752:
753: static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me,
754: identification_t *other, chunk_t *nt_hash)
755: {
756: shared_key_t *shared;
757: chunk_t password;
758:
759: /* try to find a stored NT_HASH first */
760: shared = lib->credmgr->get_shared(lib->credmgr, SHARED_NT_HASH, me, other);
761: if (shared )
762: {
763: *nt_hash = chunk_clone(shared->get_key(shared));
764: shared->destroy(shared);
765: return TRUE;
766: }
767:
768: /* fallback to plaintext password */
769: shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other);
770: if (shared)
771: {
772: password = utf8_to_utf16le(shared->get_key(shared));
773: shared->destroy(shared);
774:
775: if (NtPasswordHash(password, nt_hash) == SUCCESS)
776: {
777: chunk_clear(&password);
778: return TRUE;
779: }
780: chunk_clear(&password);
781: }
782: return FALSE;
783: }
784:
785: /**
786: * Process MS-CHAPv2 Challenge Requests
787: */
788: static status_t process_peer_challenge(private_eap_mschapv2_t *this,
789: eap_payload_t *in, eap_payload_t **out)
790: {
791: rng_t *rng;
792: eap_mschapv2_header_t *eap;
793: eap_mschapv2_challenge_t *cha;
794: eap_mschapv2_response_t *res;
795: chunk_t data, peer_challenge, userid, username, nt_hash;
796: uint16_t len = RESPONSE_PAYLOAD_LEN;
797:
798: data = in->get_data(in);
799: eap = (eap_mschapv2_header_t*)data.ptr;
800:
801: /* the name MUST be at least one octet long */
802: if (data.len < CHALLENGE_PAYLOAD_LEN + 1)
803: {
804: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
805: return FAILED;
806: }
807:
808: cha = (eap_mschapv2_challenge_t*)eap->data;
809:
810: if (cha->value_size != CHALLENGE_LEN)
811: {
812: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: "
813: "invalid challenge size");
814: return FAILED;
815: }
816:
817: this->mschapv2id = eap->ms_chapv2_id;
818: this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN));
819:
820: peer_challenge = chunk_alloca(CHALLENGE_LEN);
821: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
822: if (!rng || !rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr))
823: {
824: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, allocating challenge failed");
825: DESTROY_IF(rng);
826: return FAILED;
827: }
828: rng->destroy(rng);
829:
830: if (!get_nt_hash(this, this->peer, this->server, &nt_hash))
831: {
832: DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
833: this->server, this->peer);
834: return NOT_FOUND;
835: }
836:
837: /* we transmit the whole user identity (including the domain part) but
838: * only use the user part when calculating the challenge hash */
839: userid = this->peer->get_encoding(this->peer);
840: len += userid.len;
841: username = extract_username(userid);
842:
843: if (GenerateStuff(this, this->challenge, peer_challenge,
844: username, nt_hash) != SUCCESS)
845: {
846: DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed");
847: chunk_clear(&nt_hash);
848: return FAILED;
849: }
850: chunk_clear(&nt_hash);
851:
852: eap = alloca(len);
853: eap->code = EAP_RESPONSE;
854: eap->identifier = this->identifier;
855: eap->length = htons(len);
856: eap->type = EAP_MSCHAPV2;
857: eap->opcode = MSCHAPV2_RESPONSE;
858: eap->ms_chapv2_id = this->mschapv2id;
859: set_ms_length(eap, len);
860:
861: res = (eap_mschapv2_response_t*)eap->data;
862: res->value_size = RESPONSE_LEN;
863: memset(&res->response, 0, RESPONSE_LEN);
864: memcpy(res->response.peer_challenge, peer_challenge.ptr, peer_challenge.len);
865: memcpy(res->response.nt_response, this->nt_response.ptr, this->nt_response.len);
866: memcpy(res->name, userid.ptr, userid.len);
867:
868: *out = eap_payload_create_data(chunk_create((void*) eap, len));
869: this->state = S_EXPECT_SUCCESS;
870: return NEED_MORE;
871: }
872:
873: /**
874: * Process MS-CHAPv2 Success Requests
875: */
876: static status_t process_peer_success(private_eap_mschapv2_t *this,
877: eap_payload_t *in, eap_payload_t **out)
878: {
879: status_t status = FAILED;
880: enumerator_t *enumerator;
881: eap_mschapv2_header_t *eap;
882: chunk_t data, auth_string = chunk_empty;
883: char *message, *token, *msg = NULL;
884: int message_len;
885: uint16_t len = SHORT_HEADER_LEN;
886:
887: data = in->get_data(in);
888: eap = (eap_mschapv2_header_t*)data.ptr;
889:
890: if (data.len < AUTH_RESPONSE_LEN)
891: {
892: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
893: return FAILED;
894: }
895:
896: message_len = data.len - HEADER_LEN;
897: message = malloc(message_len + 1);
898: memcpy(message, eap->data, message_len);
899: message[message_len] = '\0';
900:
901: /* S=<auth_string> M=<msg> */
902: enumerator = enumerator_create_token(message, " ", " ");
903: while (enumerator->enumerate(enumerator, &token))
904: {
905: if (strpfx(token, "S="))
906: {
907: chunk_t hex;
908: token += 2;
909: if (strlen(token) != AUTH_RESPONSE_LEN - 2)
910: {
911: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: "
912: "invalid auth string");
913: goto error;
914: }
915: chunk_free(&auth_string);
916: hex = chunk_create(token, AUTH_RESPONSE_LEN - 2);
917: auth_string = chunk_from_hex(hex, NULL);
918: }
919: else if (strpfx(token, "M="))
920: {
921: token += 2;
922: free(msg);
923: msg = strdup(token);
924: }
925: }
926: enumerator->destroy(enumerator);
927:
928: if (auth_string.ptr == NULL)
929: {
930: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: "
931: "auth string missing");
932: goto error;
933: }
934:
935: if (!chunk_equals_const(this->auth_response, auth_string))
936: {
937: DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
938: goto error;
939: }
940:
941: DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg));
942:
943: eap = alloca(len);
944: eap->code = EAP_RESPONSE;
945: eap->identifier = this->identifier;
946: eap->length = htons(len);
947: eap->type = EAP_MSCHAPV2;
948: eap->opcode = MSCHAPV2_SUCCESS;
949:
950: *out = eap_payload_create_data(chunk_create((void*) eap, len));
951: status = NEED_MORE;
952: this->state = S_DONE;
953:
954: error:
955: chunk_free(&auth_string);
956: free(message);
957: free(msg);
958: return status;
959: }
960:
961: static status_t process_peer_failure(private_eap_mschapv2_t *this,
962: eap_payload_t *in, eap_payload_t **out)
963: {
964: status_t status = FAILED;
965: enumerator_t *enumerator;
966: eap_mschapv2_header_t *eap;
967: chunk_t data;
968: char *message, *token, *msg = NULL;
969: int message_len, error = 0;
970: chunk_t challenge = chunk_empty;
971:
972: data = in->get_data(in);
973: eap = (eap_mschapv2_header_t*)data.ptr;
974:
975: if (data.len < 3) /* we want at least an error code: E=e */
976: {
977: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
978: return FAILED;
979: }
980:
981: message_len = data.len - HEADER_LEN;
982: message = malloc(message_len + 1);
983: memcpy(message, eap->data, message_len);
984: message[message_len] = '\0';
985:
986: /* E=eeeeeeeeee R=r C=cccccccccccccccccccccccccccccccc V=vvvvvvvvvv M=<msg> */
987: enumerator = enumerator_create_token(message, " ", " ");
988: while (enumerator->enumerate(enumerator, &token))
989: {
990: if (strpfx(token, "E="))
991: {
992: token += 2;
993: error = atoi(token);
994: }
995: else if (strpfx(token, "R="))
996: {
997: /* ignore retriable */
998: }
999: else if (strpfx(token, "C="))
1000: {
1001: chunk_t hex;
1002: token += 2;
1003: if (strlen(token) != 2 * CHALLENGE_LEN)
1004: {
1005: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message:"
1006: "invalid challenge");
1007: goto error;
1008: }
1009: chunk_free(&challenge);
1010: hex = chunk_create(token, 2 * CHALLENGE_LEN);
1011: challenge = chunk_from_hex(hex, NULL);
1012: }
1013: else if (strpfx(token, "V="))
1014: {
1015: /* ignore version */
1016: }
1017: else if (strpfx(token, "M="))
1018: {
1019: token += 2;
1020: free(msg);
1021: msg = strdup(token);
1022: }
1023: }
1024: enumerator->destroy(enumerator);
1025:
1026: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed with error %N: '%s'",
1027: mschapv2_error_names, error, sanitize(msg));
1028:
1029: /**
1030: * at this point, if the error is retriable, we MAY retry the authentication
1031: * or MAY send a Change Password packet.
1032: *
1033: * if the error is not retriable (or if we do neither of the above), we
1034: * SHOULD send a Failure Response packet.
1035: * windows clients don't do that, and since windows server 2008 r2 behaves
1036: * pretty odd if we do send a Failure Response, we just don't send one
1037: * either. windows 7 actually sends a delete notify (which, according to the
1038: * logs, results in an error on windows server 2008 r2).
1039: *
1040: * btw, windows server 2008 r2 does not send non-retriable errors for e.g.
1041: * a disabled account but returns the windows error code in a notify payload
1042: * of type 12345.
1043: */
1044:
1045: status = FAILED;
1046: this->state = S_DONE;
1047:
1048: error:
1049: chunk_free(&challenge);
1050: free(message);
1051: free(msg);
1052: return status;
1053: }
1054:
1055: METHOD(eap_method_t, process_peer, status_t,
1056: private_eap_mschapv2_t *this, eap_payload_t *in, eap_payload_t **out)
1057: {
1058: chunk_t data;
1059: eap_mschapv2_header_t *eap;
1060:
1061: this->identifier = in->get_identifier(in);
1062: data = in->get_data(in);
1063: if (data.len < SHORT_HEADER_LEN)
1064: {
1065: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message");
1066: return FAILED;
1067: }
1068:
1069: eap = (eap_mschapv2_header_t*)data.ptr;
1070:
1071: switch (this->state)
1072: {
1073: case S_EXPECT_CHALLENGE:
1074: if (eap->opcode == MSCHAPV2_CHALLENGE)
1075: {
1076: return process_peer_challenge(this, in, out);
1077: }
1078: break;
1079: case S_EXPECT_SUCCESS:
1080: switch (eap->opcode)
1081: {
1082: case MSCHAPV2_SUCCESS:
1083: return process_peer_success(this, in, out);
1084: case MSCHAPV2_FAILURE:
1085: return process_peer_failure(this, in, out);
1086: }
1087: break;
1088: default:
1089: break;
1090: }
1091: switch (eap->opcode)
1092: {
1093: case MSCHAPV2_CHALLENGE:
1094: case MSCHAPV2_SUCCESS:
1095: case MSCHAPV2_FAILURE:
1096: DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with "
1097: "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
1098: break;
1099: default:
1100: DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported "
1101: "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
1102: break;
1103: }
1104: return FAILED;
1105: }
1106:
1107: /**
1108: * Handles retries on the server
1109: */
1110: static status_t process_server_retry(private_eap_mschapv2_t *this,
1111: eap_payload_t **out)
1112: {
1113: eap_mschapv2_header_t *eap;
1114: rng_t *rng;
1115: chunk_t hex;
1116: char msg[FAILURE_MESSAGE_LEN];
1117: uint16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */
1118:
1119: if (++this->retries > MAX_RETRIES)
1120: {
1121: /* we MAY send a Failure Request with R=0, but windows 7 does not
1122: * really like that and does not respond with a Failure Response.
1123: * so, to clean up our state we just fail with an EAP-Failure.
1124: * this gives an unknown error on the windows side, but is also fine
1125: * with the standard. */
1126: DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed: "
1127: "maximum number of retries reached");
1128: return FAILED;
1129: }
1130:
1131: DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries);
1132:
1133: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
1134: if (!rng || !rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr))
1135: {
1136: DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, allocating challenge failed");
1137: DESTROY_IF(rng);
1138: return FAILED;
1139: }
1140: rng->destroy(rng);
1141:
1142: chunk_free(&this->nt_response);
1143: chunk_free(&this->auth_response);
1144: chunk_free(&this->msk);
1145:
1146: eap = alloca(len);
1147: eap->code = EAP_REQUEST;
1148: eap->identifier = ++this->identifier;
1149: eap->length = htons(len);
1150: eap->type = EAP_MSCHAPV2;
1151: eap->opcode = MSCHAPV2_FAILURE;
1152: eap->ms_chapv2_id = this->mschapv2id++; /* increase for each retry */
1153: set_ms_length(eap, len);
1154:
1155: hex = chunk_to_hex(this->challenge, NULL, TRUE);
1156: snprintf(msg, FAILURE_MESSAGE_LEN, "%s%s", FAILURE_MESSAGE, hex.ptr);
1157: chunk_free(&hex);
1158: memcpy(eap->data, msg, FAILURE_MESSAGE_LEN - 1); /* no null byte */
1159: *out = eap_payload_create_data(chunk_create((void*) eap, len));
1160:
1161: /* delay the response for some time to make brute-force attacks harder */
1162: sleep(RETRY_DELAY);
1163:
1164: /* since the error is retriable the state does not change, we still
1165: * expect an MSCHAPV2_RESPONSE from the peer */
1166: return NEED_MORE;
1167: }
1168:
1169: /**
1170: * Process MS-CHAPv2 Response response packets
1171: */
1172: static status_t process_server_response(private_eap_mschapv2_t *this,
1173: eap_payload_t *in, eap_payload_t **out)
1174: {
1175: eap_mschapv2_header_t *eap;
1176: eap_mschapv2_response_t *res;
1177: chunk_t data, peer_challenge, username, nt_hash;
1178: identification_t *userid;
1179: int name_len;
1180: char buf[256];
1181:
1182: data = in->get_data(in);
1183: eap = (eap_mschapv2_header_t*)data.ptr;
1184:
1185: if (data.len < RESPONSE_PAYLOAD_LEN)
1186: {
1187: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
1188: return FAILED;
1189: }
1190:
1191: res = (eap_mschapv2_response_t*)eap->data;
1192: peer_challenge = chunk_create(res->response.peer_challenge, CHALLENGE_LEN);
1193:
1194: name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255);
1195: snprintf(buf, sizeof(buf), "%.*s", name_len, res->name);
1196: userid = identification_create_from_string(buf);
1197: if (!userid->equals(userid, this->peer))
1198: {
1199: DBG1(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid);
1200: }
1201: /* userid can only be destroyed after the last use of username */
1202: username = extract_username(userid->get_encoding(userid));
1203:
1204: if (!get_nt_hash(this, this->server, userid, &nt_hash))
1205: {
1206: DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
1207: this->server, userid);
1208: /* FIXME: windows 7 always sends the username that is first entered in
1209: * the username box, even, if the user changes it during retries (probably
1210: * to keep consistent with the EAP-Identity).
1211: * thus, we could actually fail here, because retries do not make much
1212: * sense. on the other hand, an attacker could guess usernames, if the
1213: * error messages were different. */
1214: userid->destroy(userid);
1215: return process_server_retry(this, out);
1216: }
1217:
1218: if (GenerateStuff(this, this->challenge, peer_challenge,
1219: username, nt_hash) != SUCCESS)
1220: {
1221: DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
1222: userid->destroy(userid);
1223: chunk_clear(&nt_hash);
1224: return FAILED;
1225: }
1226: chunk_clear(&nt_hash);
1227:
1228: if (memeq_const(res->response.nt_response, this->nt_response.ptr,
1229: this->nt_response.len))
1230: {
1231: chunk_t hex;
1232: char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
1233: uint16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE);
1234:
1235: eap = alloca(len);
1236: eap->code = EAP_REQUEST;
1237: eap->identifier = ++this->identifier;
1238: eap->length = htons(len);
1239: eap->type = EAP_MSCHAPV2;
1240: eap->opcode = MSCHAPV2_SUCCESS;
1241: eap->ms_chapv2_id = this->mschapv2id;
1242: set_ms_length(eap, len);
1243:
1244: hex = chunk_to_hex(this->auth_response, NULL, TRUE);
1245: snprintf(msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE),
1246: "S=%s%s", hex.ptr, SUCCESS_MESSAGE);
1247: chunk_free(&hex);
1248: memcpy(eap->data, msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE));
1249: *out = eap_payload_create_data(chunk_create((void*) eap, len));
1250:
1251: this->auth->add(this->auth, AUTH_RULE_EAP_IDENTITY, userid);
1252: this->state = S_EXPECT_SUCCESS;
1253: return NEED_MORE;
1254: }
1255: userid->destroy(userid);
1256: return process_server_retry(this, out);
1257: }
1258:
1259: METHOD(eap_method_t, process_server, status_t,
1260: private_eap_mschapv2_t *this, eap_payload_t *in, eap_payload_t **out)
1261: {
1262: eap_mschapv2_header_t *eap;
1263: chunk_t data;
1264:
1265: if (this->identifier != in->get_identifier(in))
1266: {
1267: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: "
1268: "unexpected identifier");
1269: return FAILED;
1270: }
1271:
1272: data = in->get_data(in);
1273: if (data.len < SHORT_HEADER_LEN)
1274: {
1275: DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
1276: return FAILED;
1277: }
1278:
1279: eap = (eap_mschapv2_header_t*)data.ptr;
1280:
1281: switch (this->state)
1282: {
1283: case S_EXPECT_RESPONSE:
1284: if (eap->opcode == MSCHAPV2_RESPONSE)
1285: {
1286: return process_server_response(this, in, out);
1287: }
1288: break;
1289: case S_EXPECT_SUCCESS:
1290: if (eap->opcode == MSCHAPV2_SUCCESS &&
1291: this->msk.ptr)
1292: {
1293: return SUCCESS;
1294: }
1295: break;
1296: default:
1297: break;
1298: }
1299: switch (eap->opcode)
1300: {
1301: case MSCHAPV2_FAILURE:
1302: /* the client may abort the authentication by sending us a failure
1303: * in any state */
1304: return FAILED;
1305: case MSCHAPV2_RESPONSE:
1306: case MSCHAPV2_SUCCESS:
1307: DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with "
1308: "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
1309: break;
1310: default:
1311: DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported "
1312: "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
1313: break;
1314: }
1315: return FAILED;
1316: }
1317:
1318: METHOD(eap_method_t, get_type, eap_type_t,
1319: private_eap_mschapv2_t *this, uint32_t *vendor)
1320: {
1321: *vendor = 0;
1322: return EAP_MSCHAPV2;
1323: }
1324:
1325: METHOD(eap_method_t, get_msk, status_t,
1326: private_eap_mschapv2_t *this, chunk_t *msk)
1327: {
1328: if (this->msk.ptr)
1329: {
1330: *msk = this->msk;
1331: return SUCCESS;
1332: }
1333: return FAILED;
1334: }
1335:
1336: METHOD(eap_method_t, get_identifier, uint8_t,
1337: private_eap_mschapv2_t *this)
1338: {
1339: return this->identifier;
1340: }
1341:
1342: METHOD(eap_method_t, set_identifier, void,
1343: private_eap_mschapv2_t *this, uint8_t identifier)
1344: {
1345: this->identifier = identifier;
1346: }
1347:
1348: METHOD(eap_method_t, is_mutual, bool,
1349: private_eap_mschapv2_t *this)
1350: {
1351: return FALSE;
1352: }
1353:
1354: METHOD(eap_method_t, get_auth, auth_cfg_t*,
1355: private_eap_mschapv2_t *this)
1356: {
1357: return this->auth;
1358: }
1359:
1360: METHOD(eap_method_t, destroy, void,
1361: private_eap_mschapv2_t *this)
1362: {
1363: this->peer->destroy(this->peer);
1364: this->server->destroy(this->server);
1365: this->auth->destroy(this->auth);
1366: chunk_free(&this->challenge);
1367: chunk_free(&this->nt_response);
1368: chunk_free(&this->auth_response);
1369: chunk_free(&this->msk);
1370: free(this);
1371: }
1372:
1373: /**
1374: * Generic constructor
1375: */
1376: static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer)
1377: {
1378: private_eap_mschapv2_t *this;
1379:
1380: INIT(this,
1381: .public = {
1382: .eap_method_interface = {
1383: .get_type = _get_type,
1384: .is_mutual = _is_mutual,
1385: .get_msk = _get_msk,
1386: .get_identifier = _get_identifier,
1387: .set_identifier = _set_identifier,
1388: .get_auth = _get_auth,
1389: .destroy = _destroy,
1390: },
1391: },
1392: .peer = peer->clone(peer),
1393: .server = server->clone(server),
1394: .auth = auth_cfg_create(),
1395: .state = S_EXPECT_CHALLENGE,
1396: );
1397:
1398: return this;
1399: }
1400:
1401: /*
1402: * see header
1403: */
1404: eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identification_t *peer)
1405: {
1406: private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer);
1407:
1408: this->public.eap_method_interface.initiate = _initiate_server;
1409: this->public.eap_method_interface.process = _process_server;
1410:
1411: /* generate a non-zero identifier */
1412: do
1413: {
1414: this->identifier = random();
1415: } while (!this->identifier);
1416:
1417: this->mschapv2id = this->identifier;
1418:
1419: return &this->public;
1420: }
1421:
1422: /*
1423: * see header
1424: */
1425: eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer)
1426: {
1427: private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer);
1428:
1429: this->public.eap_method_interface.initiate = _initiate_peer;
1430: this->public.eap_method_interface.process = _process_peer;
1431:
1432: return &this->public;
1433: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap_mschapv2.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_mschapv2