|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // This is enumeration of EAPOL source code. |
|
20 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
21 #undef EAP_FILE_NUMBER_ENUM |
|
22 #define EAP_FILE_NUMBER_ENUM 124 |
|
23 #undef EAP_FILE_NUMBER_DATE |
|
24 #define EAP_FILE_NUMBER_DATE 1127594498 |
|
25 #endif //#if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
26 |
|
27 |
|
28 #include "eap_am_memory.h" |
|
29 #include "eap_tools.h" |
|
30 #include "eap_am_tools.h" |
|
31 #include "eap_core.h" |
|
32 #include "eap_type_tls_peap_types.h" |
|
33 #include "tls_record_header.h" |
|
34 #include "abs_tls_base_application.h" |
|
35 #include "tls_application_eap_core.h" |
|
36 #include "tls_peap_types.h" |
|
37 #include "tls_peap_tlv_header.h" |
|
38 #include "eap_diameter_avp_header.h" |
|
39 #include "eap_state_notification.h" |
|
40 #include "eap_crypto_api.h" |
|
41 #include "eap_header_string.h" |
|
42 #include "abs_eap_am_mutex.h" |
|
43 #include "eap_config.h" |
|
44 #include "eapol_header.h" |
|
45 #include "eap_network_id_selector.h" |
|
46 #include "eap_tlv_message_data.h" |
|
47 #include "eap_array_algorithms.h" |
|
48 #include "eap_automatic_variable.h" |
|
49 #include "eap_base_type.h" |
|
50 |
|
51 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
52 #include "eap_type_mschapv2_types.h" |
|
53 #include "eap_type_mschapv2_header.h" |
|
54 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
55 |
|
56 |
|
57 //-------------------------------------------------- |
|
58 |
|
59 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
60 |
|
61 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::check_ttls_plain_mschapv2_payloads( |
|
62 eap_diameter_payloads_c * const payloads, |
|
63 eap_ttls_tunneled_message_type_e * const message_type) |
|
64 { |
|
65 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
66 |
|
67 EAP_TRACE_DEBUG( |
|
68 m_am_tools, |
|
69 TRACE_FLAGS_DEFAULT, |
|
70 (EAPL("TTLS: %s: tls_application_eap_core_c::check_ttls_plain_mschapv2_payloads()\n"), |
|
71 (m_is_client == true ? "client": "server"))); |
|
72 |
|
73 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::check_ttls_plain_mschapv2_payloads()"); |
|
74 |
|
75 *message_type = eap_ttls_tunneled_message_type_none; |
|
76 |
|
77 eap_status_e status(eap_status_not_found); |
|
78 |
|
79 eap_array_c<eap_diameter_avp_code_c> needed_payloads(m_am_tools); |
|
80 |
|
81 if (m_is_client == false) |
|
82 { |
|
83 { |
|
84 // First check are there User-Name, MS-CHAP-Challenge and MS-CHAP2-Response AVPs. |
|
85 |
|
86 needed_payloads.reset(); |
|
87 |
|
88 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
89 |
|
90 eap_diameter_avp_code_c code_user_name( |
|
91 eap_diameter_avp_code_user_name); |
|
92 |
|
93 status = needed_payloads.add_object(&code_user_name, false); |
|
94 if (status != eap_status_ok) |
|
95 { |
|
96 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
97 return EAP_STATUS_RETURN(m_am_tools, status); |
|
98 } |
|
99 |
|
100 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
101 |
|
102 eap_diameter_avp_code_c code_ms_chap_challenge( |
|
103 eap_diameter_vendor_code_of_microsoft_ms_chap_challenge.get_code()); |
|
104 |
|
105 status = needed_payloads.add_object(&code_ms_chap_challenge, false); |
|
106 if (status != eap_status_ok) |
|
107 { |
|
108 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
109 return EAP_STATUS_RETURN(m_am_tools, status); |
|
110 } |
|
111 |
|
112 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
113 |
|
114 eap_diameter_avp_code_c code_ms_chap2_response( |
|
115 eap_diameter_vendor_code_of_microsoft_ms_chap2_response.get_code()); |
|
116 |
|
117 status = needed_payloads.add_object(&code_ms_chap2_response, false); |
|
118 if (status != eap_status_ok) |
|
119 { |
|
120 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
121 return EAP_STATUS_RETURN(m_am_tools, status); |
|
122 } |
|
123 |
|
124 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
125 |
|
126 // Test the required attribute. |
|
127 status = payloads->check_payloads_existense( |
|
128 &needed_payloads); |
|
129 if (status == eap_status_ok) |
|
130 { |
|
131 // This packet includes required AVPs. |
|
132 |
|
133 status = payloads->check_mandatory_payloads( |
|
134 &needed_payloads); |
|
135 if (status == eap_status_ok) |
|
136 { |
|
137 // All mandatory AVPs are included. |
|
138 |
|
139 *message_type = eap_ttls_tunneled_message_type_ms_chapv2_response; |
|
140 |
|
141 EAP_TRACE_DEBUG( |
|
142 m_am_tools, |
|
143 TRACE_FLAGS_DEFAULT, |
|
144 (EAPL("Match User-Name, MS-CHAP-Challenge and MS-CHAP2-Response AVPs.\n"))); |
|
145 |
|
146 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
147 return EAP_STATUS_RETURN(m_am_tools, status); |
|
148 } |
|
149 } |
|
150 } |
|
151 |
|
152 { |
|
153 // Second check are there MS-CHAP-NT-Enc-PW, MS-CHAP2-CPW, and MS-CHAP-Challenge AVPs. |
|
154 |
|
155 needed_payloads.reset(); |
|
156 |
|
157 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
158 |
|
159 eap_diameter_avp_code_c code_ms_chap_nt_enc_pw( |
|
160 eap_diameter_vendor_code_of_microsoft_ms_chap_nt_enc_pw.get_code()); |
|
161 |
|
162 status = needed_payloads.add_object(&code_ms_chap_nt_enc_pw, false); |
|
163 if (status != eap_status_ok) |
|
164 { |
|
165 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
166 return EAP_STATUS_RETURN(m_am_tools, status); |
|
167 } |
|
168 |
|
169 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
170 |
|
171 eap_diameter_avp_code_c code_ms_chap2_cpw( |
|
172 eap_diameter_vendor_code_of_microsoft_ms_chap2_cpw.get_code()); |
|
173 |
|
174 status = needed_payloads.add_object(&code_ms_chap2_cpw, false); |
|
175 if (status != eap_status_ok) |
|
176 { |
|
177 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
178 return EAP_STATUS_RETURN(m_am_tools, status); |
|
179 } |
|
180 |
|
181 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
182 |
|
183 eap_diameter_avp_code_c code_ms_chap_challenge( |
|
184 eap_diameter_vendor_code_of_microsoft_ms_chap_challenge.get_code()); |
|
185 |
|
186 status = needed_payloads.add_object(&code_ms_chap_challenge, false); |
|
187 if (status != eap_status_ok) |
|
188 { |
|
189 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
190 return EAP_STATUS_RETURN(m_am_tools, status); |
|
191 } |
|
192 |
|
193 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
194 |
|
195 // Test the required attribute. |
|
196 status = payloads->check_payloads_existense( |
|
197 &needed_payloads); |
|
198 if (status == eap_status_ok) |
|
199 { |
|
200 // This packet includes required AVPs. |
|
201 |
|
202 status = payloads->check_mandatory_payloads( |
|
203 &needed_payloads); |
|
204 if (status == eap_status_ok) |
|
205 { |
|
206 // All mandatory AVPs are included. |
|
207 |
|
208 *message_type = eap_ttls_tunneled_message_type_ms_chapv2_change_password; |
|
209 |
|
210 EAP_TRACE_DEBUG( |
|
211 m_am_tools, |
|
212 TRACE_FLAGS_DEFAULT, |
|
213 (EAPL("Match MS-CHAP-NT-Enc-PW, MS-CHAP2-CPW, and MS-CHAP-Challenge AVPs.\n"))); |
|
214 |
|
215 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
216 return EAP_STATUS_RETURN(m_am_tools, status); |
|
217 } |
|
218 } |
|
219 } |
|
220 } |
|
221 else //if (m_is_client == true) |
|
222 { |
|
223 { |
|
224 // First check are there MS-CHAP2-Success AVP. |
|
225 |
|
226 needed_payloads.reset(); |
|
227 |
|
228 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
229 |
|
230 eap_diameter_avp_code_c code_ms_chap2_success( |
|
231 eap_diameter_vendor_code_of_microsoft_ms_chap2_success.get_code()); |
|
232 |
|
233 status = needed_payloads.add_object(&code_ms_chap2_success, false); |
|
234 if (status != eap_status_ok) |
|
235 { |
|
236 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
237 return EAP_STATUS_RETURN(m_am_tools, status); |
|
238 } |
|
239 |
|
240 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
241 |
|
242 // Test the required attribute. |
|
243 status = payloads->check_payloads_existense( |
|
244 &needed_payloads); |
|
245 if (status == eap_status_ok) |
|
246 { |
|
247 // This packet includes required AVPs. |
|
248 |
|
249 status = payloads->check_mandatory_payloads( |
|
250 &needed_payloads); |
|
251 if (status == eap_status_ok) |
|
252 { |
|
253 // All mandatory AVPs are included. |
|
254 |
|
255 *message_type = eap_ttls_tunneled_message_type_ms_chapv2_success; |
|
256 |
|
257 EAP_TRACE_DEBUG( |
|
258 m_am_tools, |
|
259 TRACE_FLAGS_DEFAULT, |
|
260 (EAPL("Match MS-CHAP2-Success AVP.\n"))); |
|
261 |
|
262 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
263 return EAP_STATUS_RETURN(m_am_tools, status); |
|
264 } |
|
265 } |
|
266 } |
|
267 |
|
268 { |
|
269 // Second check are there MS-CHAP2-Error AVP. |
|
270 |
|
271 needed_payloads.reset(); |
|
272 |
|
273 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
274 |
|
275 eap_diameter_avp_code_c code_ms_chap_error( |
|
276 eap_diameter_vendor_code_of_microsoft_ms_chap_error.get_code()); |
|
277 |
|
278 status = needed_payloads.add_object(&code_ms_chap_error, false); |
|
279 if (status != eap_status_ok) |
|
280 { |
|
281 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
282 return EAP_STATUS_RETURN(m_am_tools, status); |
|
283 } |
|
284 |
|
285 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
286 |
|
287 // Test the required attribute. |
|
288 status = payloads->check_payloads_existense( |
|
289 &needed_payloads); |
|
290 if (status == eap_status_ok) |
|
291 { |
|
292 // This packet includes required AVPs. |
|
293 |
|
294 status = payloads->check_mandatory_payloads( |
|
295 &needed_payloads); |
|
296 if (status == eap_status_ok) |
|
297 { |
|
298 // All mandatory AVPs are included. |
|
299 |
|
300 *message_type = eap_ttls_tunneled_message_type_ms_chapv2_error; |
|
301 |
|
302 EAP_TRACE_DEBUG( |
|
303 m_am_tools, |
|
304 TRACE_FLAGS_DEFAULT, |
|
305 (EAPL("Match MS-CHAP2-Error AVP.\n"))); |
|
306 |
|
307 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
308 return EAP_STATUS_RETURN(m_am_tools, status); |
|
309 } |
|
310 } |
|
311 } |
|
312 } |
|
313 |
|
314 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
315 return EAP_STATUS_RETURN(m_am_tools, status); |
|
316 } |
|
317 |
|
318 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
319 |
|
320 //-------------------------------------------------- |
|
321 |
|
322 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
323 |
|
324 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_server_handles_ms_chapv2_response( |
|
325 eap_diameter_payloads_c * const /* payloads */, |
|
326 const u8_t received_eap_identifier) |
|
327 { |
|
328 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
329 |
|
330 EAP_TRACE_DEBUG( |
|
331 m_am_tools, |
|
332 TRACE_FLAGS_DEFAULT, |
|
333 (EAPL("PEAP: %s: function: tls_application_eap_core_c::ttls_server_handles_ms_chapv2_response(): ") |
|
334 EAPL("this = 0x%08x\n"), |
|
335 (m_is_client == true ? "client": "server"), |
|
336 this)); |
|
337 |
|
338 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_server_handles_ms_chapv2_response()"); |
|
339 |
|
340 eap_status_e status(eap_status_not_found); |
|
341 |
|
342 eap_diameter_variable_data_c * const user_name_payload |
|
343 = m_ttls_received_payloads.get_payload(eap_diameter_avp_code_user_name); |
|
344 |
|
345 if (user_name_payload == 0) |
|
346 { |
|
347 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
348 } |
|
349 |
|
350 eap_variable_data_c * const user_name |
|
351 = user_name_payload->get_payload_buffer(); |
|
352 |
|
353 if (user_name->get_is_valid_data() == false) |
|
354 { |
|
355 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
356 } |
|
357 |
|
358 |
|
359 status = get_application_partner()->get_ttls_implicit_challenge( |
|
360 &m_ttls_implicit_challenge, |
|
361 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_FULL_LENGTH); |
|
362 if (status != eap_status_ok) |
|
363 { |
|
364 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
365 return EAP_STATUS_RETURN(m_am_tools, status); |
|
366 } |
|
367 |
|
368 const u8_t * const mschapv2_challenge = m_ttls_implicit_challenge.get_data_offset( |
|
369 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_OFFSET, |
|
370 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH); |
|
371 if (mschapv2_challenge == 0) |
|
372 { |
|
373 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
374 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
375 } |
|
376 |
|
377 EAP_TRACE_DATA_DEBUG( |
|
378 m_am_tools, |
|
379 TRACE_FLAGS_DEFAULT, |
|
380 (EAPL("ttls_server_handles_ms_chapv2_response(): mschapv2_challenge"), |
|
381 mschapv2_challenge, |
|
382 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH)); |
|
383 |
|
384 { |
|
385 eap_variable_data_c memory_store_key(m_am_tools); |
|
386 |
|
387 eap_status_e status = memory_store_key.set_copy_of_buffer( |
|
388 EAP_MSCHAPV2_IMPLICIT_CHALLENGE_HANDLE_KEY, |
|
389 sizeof(EAP_MSCHAPV2_IMPLICIT_CHALLENGE_HANDLE_KEY)); |
|
390 if (status != eap_status_ok) |
|
391 { |
|
392 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
393 return EAP_STATUS_RETURN(m_am_tools, status); |
|
394 } |
|
395 |
|
396 status = memory_store_key.add_data( |
|
397 &m_is_client, |
|
398 sizeof(m_is_client)); |
|
399 if (status != eap_status_ok) |
|
400 { |
|
401 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
402 return EAP_STATUS_RETURN(m_am_tools, status); |
|
403 } |
|
404 |
|
405 eap_network_id_selector_c state_selector( |
|
406 m_am_tools, |
|
407 &m_receive_network_id); |
|
408 |
|
409 status = memory_store_key.add_data( |
|
410 &state_selector); |
|
411 if (status != eap_status_ok) |
|
412 { |
|
413 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
414 return EAP_STATUS_RETURN(m_am_tools, status); |
|
415 } |
|
416 |
|
417 eap_tlv_message_data_c tlv_data(m_am_tools); |
|
418 |
|
419 status = tlv_data.add_message_data( |
|
420 eap_type_mschapv2_implicit_challenge, |
|
421 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH, |
|
422 mschapv2_challenge); |
|
423 if (status != eap_status_ok) |
|
424 { |
|
425 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
426 return EAP_STATUS_RETURN(m_am_tools, status); |
|
427 } |
|
428 |
|
429 status = m_am_tools->memory_store_remove_data(&memory_store_key); |
|
430 if (status != eap_status_ok |
|
431 && status != eap_status_not_found) |
|
432 { |
|
433 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
434 return EAP_STATUS_RETURN(m_am_tools, status); |
|
435 } |
|
436 |
|
437 status = m_am_tools->memory_store_add_data( |
|
438 &memory_store_key, |
|
439 &tlv_data, |
|
440 eap_type_default_credential_timeout); |
|
441 if (status != eap_status_ok) |
|
442 { |
|
443 EAP_TRACE_DEBUG( |
|
444 m_am_tools, |
|
445 TRACE_FLAGS_DEFAULT, |
|
446 (EAPL("ttls_server_handles_ms_chapv2_response(): cannot store credentials\n"))); |
|
447 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
448 return EAP_STATUS_RETURN(m_am_tools, status); |
|
449 } |
|
450 } |
|
451 |
|
452 // We must create EAP-Response/Identity message and forward that message |
|
453 // to tunneled EAP-MsChapv2. |
|
454 |
|
455 u32_t eap_length = eap_header_wr_c::get_header_length() + 1ul + user_name->get_data_length(); |
|
456 |
|
457 eap_buf_chain_wr_c eap_packet_buffer( |
|
458 eap_write_buffer, |
|
459 m_am_tools, |
|
460 eap_length); |
|
461 |
|
462 if (eap_packet_buffer.get_is_valid() == false) |
|
463 { |
|
464 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
465 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
466 } |
|
467 |
|
468 eap_header_wr_c forwarded_eap_packet( |
|
469 m_am_tools, |
|
470 eap_packet_buffer.get_data(eap_length), |
|
471 eap_length); |
|
472 |
|
473 if (forwarded_eap_packet.get_is_valid() == false) |
|
474 { |
|
475 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
476 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
477 } |
|
478 |
|
479 forwarded_eap_packet.reset_header( |
|
480 static_cast<u16_t>(eap_length), |
|
481 m_use_eap_expanded_type); |
|
482 forwarded_eap_packet.set_identifier(received_eap_identifier); |
|
483 forwarded_eap_packet.set_code(eap_code_response); |
|
484 forwarded_eap_packet.set_length( |
|
485 static_cast<u16_t>(eap_length), |
|
486 m_use_eap_expanded_type); |
|
487 forwarded_eap_packet.set_type( |
|
488 eap_type_identity, |
|
489 m_use_eap_expanded_type); |
|
490 |
|
491 u8_t * const eap_type_data = forwarded_eap_packet.get_type_data(user_name->get_data_length()); |
|
492 if (eap_type_data == 0) |
|
493 { |
|
494 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
495 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
496 } |
|
497 |
|
498 m_am_tools->memmove(eap_type_data, user_name->get_data(), user_name->get_data_length()); |
|
499 |
|
500 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_identity_response); |
|
501 |
|
502 status = packet_forward_to_tunnel( |
|
503 &m_receive_network_id, |
|
504 &forwarded_eap_packet, |
|
505 eap_length); |
|
506 |
|
507 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
508 return EAP_STATUS_RETURN(m_am_tools, status); |
|
509 } |
|
510 |
|
511 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
512 |
|
513 //-------------------------------------------------- |
|
514 |
|
515 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
516 |
|
517 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_server_handles_ms_chapv2_change_password( |
|
518 eap_diameter_payloads_c * const /* payloads */, |
|
519 const u8_t received_eap_identifier) |
|
520 { |
|
521 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
522 |
|
523 EAP_TRACE_DEBUG( |
|
524 m_am_tools, |
|
525 TRACE_FLAGS_DEFAULT, |
|
526 (EAPL("TTLS: %s: tls_application_eap_core_c::ttls_server_handles_ms_chapv2_change_password()\n"), |
|
527 (m_is_client == true ? "client": "server"))); |
|
528 |
|
529 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_server_handles_ms_chapv2_change_password()"); |
|
530 |
|
531 eap_status_e status(eap_status_not_found); |
|
532 |
|
533 const u32_t type_data_length = EAP_MSCHAPV2_HEADER_SIZE // OpCode, MS-CHAPv2-ID and MS-Length |
|
534 + mschapv2_change_password_c::get_header_minimum_size(); |
|
535 |
|
536 const u32_t eap_length = eap_header_base_c::get_type_data_start_offset(m_use_eap_expanded_type) |
|
537 + type_data_length; |
|
538 |
|
539 eap_buf_chain_wr_c eap_packet_buffer( |
|
540 eap_write_buffer, |
|
541 m_am_tools, |
|
542 eap_length); |
|
543 if (eap_packet_buffer.get_is_valid() == false) |
|
544 { |
|
545 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
546 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
547 } |
|
548 |
|
549 eap_header_wr_c forwarded_eap_packet( |
|
550 m_am_tools, |
|
551 eap_packet_buffer.get_data(eap_length), |
|
552 eap_length); |
|
553 if (forwarded_eap_packet.get_is_valid() == false) |
|
554 { |
|
555 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
556 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
557 } |
|
558 |
|
559 forwarded_eap_packet.set_code(eap_code_response); |
|
560 forwarded_eap_packet.set_identifier(received_eap_identifier); |
|
561 forwarded_eap_packet.set_length( |
|
562 static_cast<u16_t>(eap_length), |
|
563 m_use_eap_expanded_type); |
|
564 forwarded_eap_packet.set_type( |
|
565 eap_type_mschapv2, |
|
566 m_use_eap_expanded_type); |
|
567 |
|
568 mschapv2_header_c mschapv2_header( |
|
569 m_am_tools, |
|
570 forwarded_eap_packet.get_type_data_offset(0, forwarded_eap_packet.get_type_data_length()), |
|
571 forwarded_eap_packet.get_type_data_length()); |
|
572 mschapv2_header.set_opcode(mschapv2_opcode_change_password); |
|
573 |
|
574 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
575 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
576 sizeof(u8_t)); |
|
577 if (mschapv2ident == 0) |
|
578 { |
|
579 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
580 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
581 } |
|
582 |
|
583 EAP_TRACE_DATA_DEBUG( |
|
584 m_am_tools, |
|
585 TRACE_FLAGS_DEFAULT, |
|
586 (EAPL("ttls_server_handles_ms_chapv2_change_password(): mschapv2ident"), |
|
587 mschapv2ident, |
|
588 sizeof(*mschapv2ident))); |
|
589 |
|
590 mschapv2_header.set_mschapv2_id(*mschapv2ident); |
|
591 mschapv2_header.set_ms_length(static_cast<u16_t>(type_data_length)); |
|
592 |
|
593 mschapv2_change_password_c response( |
|
594 m_am_tools, |
|
595 mschapv2_header.get_data(), |
|
596 mschapv2_header.get_data_length()); |
|
597 if (response.get_is_valid() == false) |
|
598 { |
|
599 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
600 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
601 } |
|
602 |
|
603 status = response.set_constants(); |
|
604 if (status != eap_status_ok) |
|
605 { |
|
606 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
607 return EAP_STATUS_RETURN(m_am_tools, status); |
|
608 } |
|
609 |
|
610 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
611 |
|
612 { |
|
613 eap_diameter_variable_data_c * const nt_enc_pw_payload |
|
614 = m_ttls_received_payloads.get_payload( |
|
615 eap_diameter_vendor_code_of_microsoft_ms_chap_nt_enc_pw.get_code()); |
|
616 |
|
617 if (nt_enc_pw_payload == 0) |
|
618 { |
|
619 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
620 } |
|
621 |
|
622 eap_variable_data_c * const nt_enc_pw |
|
623 = nt_enc_pw_payload->get_payload_buffer(); |
|
624 |
|
625 if (nt_enc_pw == 0 |
|
626 || nt_enc_pw->get_is_valid_data() == false) |
|
627 { |
|
628 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
629 } |
|
630 |
|
631 if (nt_enc_pw->get_data_length() != EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_PASSWORD_SIZE) |
|
632 { |
|
633 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
634 } |
|
635 |
|
636 response.set_encrypted_pw_block(nt_enc_pw->get_data()); |
|
637 } |
|
638 |
|
639 { |
|
640 eap_diameter_variable_data_c * const cpw_payload |
|
641 = m_ttls_received_payloads.get_payload( |
|
642 eap_diameter_vendor_code_of_microsoft_ms_chap2_cpw.get_code()); |
|
643 |
|
644 if (cpw_payload == 0) |
|
645 { |
|
646 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
647 } |
|
648 |
|
649 eap_variable_data_c * const cpw |
|
650 = cpw_payload->get_payload_buffer(); |
|
651 |
|
652 if (cpw == 0 |
|
653 || cpw->get_is_valid_data() == false) |
|
654 { |
|
655 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
656 } |
|
657 |
|
658 if (cpw->get_data_length() |
|
659 != (EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_HASH_SIZE |
|
660 + EAP_MSCHAPV2_PEER_CHALLENGE_SIZE |
|
661 + EAP_MSCHAPV2_NT_RESPONSE_SIZE)) |
|
662 { |
|
663 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
664 } |
|
665 |
|
666 u32_t offset = 0ul; |
|
667 |
|
668 response.set_encrypted_hash( |
|
669 cpw->get_data_offset(offset, EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_HASH_SIZE)); |
|
670 |
|
671 offset += EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_HASH_SIZE; |
|
672 |
|
673 response.set_peer_challenge( |
|
674 cpw->get_data_offset(offset, EAP_MSCHAPV2_PEER_CHALLENGE_SIZE)); |
|
675 |
|
676 offset += EAP_MSCHAPV2_PEER_CHALLENGE_SIZE; |
|
677 |
|
678 response.set_nt_response( |
|
679 cpw->get_data_offset(offset, EAP_MSCHAPV2_NT_RESPONSE_SIZE)); |
|
680 } |
|
681 |
|
682 status = packet_forward_to_tunnel( |
|
683 &m_receive_network_id, |
|
684 &forwarded_eap_packet, |
|
685 eap_length); |
|
686 if (status != eap_status_ok) |
|
687 { |
|
688 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
689 return EAP_STATUS_RETURN(m_am_tools, status); |
|
690 } |
|
691 |
|
692 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_change_password_response); |
|
693 |
|
694 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
695 return EAP_STATUS_RETURN(m_am_tools, status); |
|
696 } |
|
697 |
|
698 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
699 |
|
700 //-------------------------------------------------- |
|
701 |
|
702 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
703 |
|
704 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_client_handles_ms_chapv2_success( |
|
705 eap_diameter_payloads_c * const /* payloads */, |
|
706 const u8_t received_eap_identifier) |
|
707 { |
|
708 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
709 |
|
710 EAP_TRACE_DEBUG( |
|
711 m_am_tools, |
|
712 TRACE_FLAGS_DEFAULT, |
|
713 (EAPL("TTLS: %s: tls_application_eap_core_c::ttls_client_handles_ms_chapv2_success()\n"), |
|
714 (m_is_client == true ? "client": "server"))); |
|
715 |
|
716 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_client_handles_ms_chapv2_success()"); |
|
717 |
|
718 eap_status_e status(eap_status_not_found); |
|
719 |
|
720 eap_diameter_variable_data_c * const success_data_payload |
|
721 = m_ttls_received_payloads.get_payload( |
|
722 eap_diameter_vendor_code_of_microsoft_ms_chap2_success.get_code()); |
|
723 |
|
724 if (success_data_payload == 0) |
|
725 { |
|
726 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
727 } |
|
728 |
|
729 eap_variable_data_c * const success_data |
|
730 = success_data_payload->get_payload_buffer(); |
|
731 |
|
732 if (success_data == 0 |
|
733 || success_data->get_is_valid_data() == false) |
|
734 { |
|
735 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
736 } |
|
737 |
|
738 const u32_t type_data_length |
|
739 = EAP_MSCHAPV2_HEADER_SIZE // OpCode, MS-CHAPv2-ID and MS-Length |
|
740 + (success_data->get_data_length() - 1ul); |
|
741 |
|
742 const u32_t eap_length |
|
743 = eap_header_base_c::get_type_data_start_offset(m_use_eap_expanded_type) |
|
744 + type_data_length; |
|
745 |
|
746 eap_buf_chain_wr_c eap_packet_buffer( |
|
747 eap_write_buffer, |
|
748 m_am_tools, |
|
749 eap_length); |
|
750 if (eap_packet_buffer.get_is_valid() == false) |
|
751 { |
|
752 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
753 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
754 } |
|
755 |
|
756 eap_header_wr_c forwarded_eap_packet( |
|
757 m_am_tools, |
|
758 eap_packet_buffer.get_data(eap_length), |
|
759 eap_length); |
|
760 |
|
761 if (forwarded_eap_packet.get_is_valid() == false) |
|
762 { |
|
763 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
764 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
765 } |
|
766 |
|
767 forwarded_eap_packet.reset_header( |
|
768 static_cast<u16_t>(eap_length), |
|
769 m_use_eap_expanded_type); |
|
770 forwarded_eap_packet.set_identifier(static_cast<u8_t>(received_eap_identifier+1ul)); |
|
771 forwarded_eap_packet.set_code(eap_code_request); |
|
772 forwarded_eap_packet.set_length( |
|
773 static_cast<u16_t>(eap_length), |
|
774 m_use_eap_expanded_type); |
|
775 |
|
776 u8_t * const eap_data = forwarded_eap_packet.get_data(success_data->get_data_length()); |
|
777 if (eap_data == 0) |
|
778 { |
|
779 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
780 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
781 } |
|
782 |
|
783 forwarded_eap_packet.set_type( |
|
784 eap_type_mschapv2, |
|
785 m_use_eap_expanded_type); |
|
786 |
|
787 mschapv2_header_c mschapv2_header( |
|
788 m_am_tools, |
|
789 forwarded_eap_packet.get_type_data_offset( |
|
790 0, |
|
791 forwarded_eap_packet.get_type_data_length()), |
|
792 forwarded_eap_packet.get_type_data_length()); |
|
793 |
|
794 mschapv2_header.set_opcode(mschapv2_opcode_success); |
|
795 |
|
796 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
797 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
798 sizeof(u8_t)); |
|
799 if (mschapv2ident == 0) |
|
800 { |
|
801 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
802 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
803 } |
|
804 |
|
805 EAP_TRACE_DATA_DEBUG( |
|
806 m_am_tools, |
|
807 TRACE_FLAGS_DEFAULT, |
|
808 (EAPL("ttls_client_handles_ms_chapv2_success(): mschapv2ident"), |
|
809 mschapv2ident, |
|
810 sizeof(*mschapv2ident))); |
|
811 |
|
812 mschapv2_header.set_mschapv2_id(*mschapv2ident); |
|
813 mschapv2_header.set_ms_length(static_cast<u16_t>(type_data_length)); |
|
814 |
|
815 mschapv2_response_c response( |
|
816 m_am_tools, |
|
817 mschapv2_header.get_data(), |
|
818 mschapv2_header.get_data_length()); |
|
819 if (response.get_is_valid() == false) |
|
820 { |
|
821 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
822 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
823 } |
|
824 |
|
825 status = response.set_constants(); |
|
826 if (status != eap_status_ok) |
|
827 { |
|
828 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
829 return EAP_STATUS_RETURN(m_am_tools, status); |
|
830 } |
|
831 |
|
832 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
833 |
|
834 u8_t * ms_success_data = mschapv2_header.get_data(); |
|
835 if (ms_success_data == 0) |
|
836 { |
|
837 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
838 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
839 } |
|
840 |
|
841 if (success_data->get_data_length() < 1ul) |
|
842 { |
|
843 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
844 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
845 } |
|
846 |
|
847 // Copy auth string after headers |
|
848 m_am_tools->memmove( |
|
849 ms_success_data, |
|
850 success_data->get_data_offset(1ul, success_data->get_data_length() - 1ul), |
|
851 success_data->get_data_length() - 1ul); |
|
852 |
|
853 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_success_request); |
|
854 |
|
855 status = packet_forward_to_tunnel( |
|
856 &m_receive_network_id, |
|
857 &forwarded_eap_packet, |
|
858 eap_length); |
|
859 if (status != eap_status_ok) |
|
860 { |
|
861 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
862 return EAP_STATUS_RETURN(m_am_tools, status); |
|
863 } |
|
864 |
|
865 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_complete_success_request) |
|
866 { |
|
867 eap_header_wr_c sent_eap_packet( |
|
868 m_am_tools, |
|
869 m_ttls_sent_eap_packet.get_data(), |
|
870 m_ttls_sent_eap_packet.get_data_length()); |
|
871 |
|
872 status = ttls_tunneled_message_state_complete_success_request(&sent_eap_packet); |
|
873 if (status != eap_status_ok) |
|
874 { |
|
875 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
876 return EAP_STATUS_RETURN(m_am_tools, status); |
|
877 } |
|
878 } |
|
879 |
|
880 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
881 return EAP_STATUS_RETURN(m_am_tools, status); |
|
882 } |
|
883 |
|
884 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
885 |
|
886 //-------------------------------------------------- |
|
887 |
|
888 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
889 |
|
890 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_client_handles_ms_chapv2_error( |
|
891 eap_diameter_payloads_c * const /* payloads */, |
|
892 const u8_t received_eap_identifier) |
|
893 { |
|
894 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
895 |
|
896 EAP_TRACE_DEBUG( |
|
897 m_am_tools, |
|
898 TRACE_FLAGS_DEFAULT, |
|
899 (EAPL("TTLS: %s: tls_application_eap_core_c::ttls_client_handles_ms_chapv2_error()\n"), |
|
900 (m_is_client == true ? "client": "server"))); |
|
901 |
|
902 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_client_handles_ms_chapv2_error()"); |
|
903 |
|
904 eap_status_e status(eap_status_not_found); |
|
905 |
|
906 eap_diameter_variable_data_c * const error_data_payload |
|
907 = m_ttls_received_payloads.get_payload( |
|
908 eap_diameter_vendor_code_of_microsoft_ms_chap_error.get_code()); |
|
909 |
|
910 if (error_data_payload == 0) |
|
911 { |
|
912 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
913 } |
|
914 |
|
915 eap_variable_data_c * const error_data |
|
916 = error_data_payload->get_payload_buffer(); |
|
917 |
|
918 if (error_data == 0 |
|
919 || error_data->get_is_valid_data() == false) |
|
920 { |
|
921 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
922 } |
|
923 |
|
924 const u32_t type_data_length = EAP_MSCHAPV2_HEADER_SIZE // OpCode, MS-CHAPv2-ID and MS-Length |
|
925 + mschapv2_challenge_c::get_header_minimum_size() |
|
926 + error_data->get_data_length(); |
|
927 |
|
928 const u32_t eap_length |
|
929 = eap_header_base_c::get_type_data_start_offset(m_use_eap_expanded_type) |
|
930 + type_data_length; |
|
931 |
|
932 eap_buf_chain_wr_c eap_packet_buffer( |
|
933 eap_write_buffer, |
|
934 m_am_tools, |
|
935 eap_length); |
|
936 if (eap_packet_buffer.get_is_valid() == false) |
|
937 { |
|
938 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
939 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
940 } |
|
941 |
|
942 eap_header_wr_c forwarded_eap_packet( |
|
943 m_am_tools, |
|
944 eap_packet_buffer.get_data(eap_length), |
|
945 eap_length); |
|
946 |
|
947 if (forwarded_eap_packet.get_is_valid() == false) |
|
948 { |
|
949 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
950 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
951 } |
|
952 |
|
953 forwarded_eap_packet.reset_header( |
|
954 static_cast<u16_t>(eap_length), |
|
955 m_use_eap_expanded_type); |
|
956 forwarded_eap_packet.set_identifier(static_cast<u8_t>(received_eap_identifier+1ul)); |
|
957 forwarded_eap_packet.set_code(eap_code_request); |
|
958 forwarded_eap_packet.set_length( |
|
959 static_cast<u16_t>(eap_length), |
|
960 m_use_eap_expanded_type); |
|
961 |
|
962 u8_t * const eap_data = forwarded_eap_packet.get_data(error_data->get_data_length()); |
|
963 if (eap_data == 0) |
|
964 { |
|
965 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
966 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
967 } |
|
968 |
|
969 forwarded_eap_packet.set_type( |
|
970 eap_type_mschapv2, |
|
971 m_use_eap_expanded_type); |
|
972 |
|
973 mschapv2_header_c mschapv2_header( |
|
974 m_am_tools, |
|
975 forwarded_eap_packet.get_type_data_offset( |
|
976 0, |
|
977 forwarded_eap_packet.get_type_data_length()), |
|
978 forwarded_eap_packet.get_type_data_length()); |
|
979 |
|
980 mschapv2_header.set_opcode(mschapv2_opcode_failure); |
|
981 |
|
982 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
983 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
984 sizeof(u8_t)); |
|
985 if (mschapv2ident == 0) |
|
986 { |
|
987 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
988 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
989 } |
|
990 |
|
991 EAP_TRACE_DATA_DEBUG( |
|
992 m_am_tools, |
|
993 TRACE_FLAGS_DEFAULT, |
|
994 (EAPL("ttls_client_handles_ms_chapv2_error(): mschapv2ident"), |
|
995 mschapv2ident, |
|
996 sizeof(*mschapv2ident))); |
|
997 |
|
998 mschapv2_header.set_mschapv2_id(*mschapv2ident); |
|
999 mschapv2_header.set_ms_length(static_cast<u16_t>(type_data_length)); |
|
1000 |
|
1001 mschapv2_response_c response( |
|
1002 m_am_tools, |
|
1003 mschapv2_header.get_data(), |
|
1004 mschapv2_header.get_data_length()); |
|
1005 if (response.get_is_valid() == false) |
|
1006 { |
|
1007 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1008 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1009 } |
|
1010 |
|
1011 status = response.set_constants(); |
|
1012 if (status != eap_status_ok) |
|
1013 { |
|
1014 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1015 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1016 } |
|
1017 |
|
1018 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1019 |
|
1020 u8_t * ms_error_data = mschapv2_header.get_data(); |
|
1021 if (ms_error_data == 0) |
|
1022 { |
|
1023 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1024 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1025 } |
|
1026 |
|
1027 // Copy auth string after headers |
|
1028 m_am_tools->memmove( |
|
1029 ms_error_data, |
|
1030 error_data->get_data(), |
|
1031 error_data->get_data_length()); |
|
1032 |
|
1033 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_error_request); |
|
1034 |
|
1035 status = packet_forward_to_tunnel( |
|
1036 &m_receive_network_id, |
|
1037 &forwarded_eap_packet, |
|
1038 eap_length); |
|
1039 if (status != eap_status_ok) |
|
1040 { |
|
1041 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1042 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1043 } |
|
1044 |
|
1045 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_complete_error_request) |
|
1046 { |
|
1047 eap_header_wr_c sent_eap_packet( |
|
1048 m_am_tools, |
|
1049 m_ttls_sent_eap_packet.get_data(), |
|
1050 m_ttls_sent_eap_packet.get_data_length()); |
|
1051 |
|
1052 status = ttls_tunneled_message_state_complete_error_request(&sent_eap_packet); |
|
1053 if (status != eap_status_ok) |
|
1054 { |
|
1055 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1056 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1057 } |
|
1058 } |
|
1059 |
|
1060 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1061 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1062 } |
|
1063 |
|
1064 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1065 |
|
1066 //-------------------------------------------------- |
|
1067 |
|
1068 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1069 |
|
1070 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::handle_ttls_plain_mschapv2_payloads( |
|
1071 eap_diameter_payloads_c * const payloads, |
|
1072 const eap_ttls_tunneled_message_type_e message_type, |
|
1073 const u8_t received_eap_identifier) |
|
1074 { |
|
1075 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1076 |
|
1077 EAP_TRACE_DEBUG( |
|
1078 m_am_tools, |
|
1079 TRACE_FLAGS_DEFAULT, |
|
1080 (EAPL("TTLS: %s: tls_application_eap_core_c::handle_ttls_plain_mschapv2_payloads()\n"), |
|
1081 (m_is_client == true ? "client": "server"))); |
|
1082 |
|
1083 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::handle_ttls_plain_mschapv2_payloads()"); |
|
1084 |
|
1085 eap_status_e status(eap_status_not_found); |
|
1086 |
|
1087 switch(message_type) |
|
1088 { |
|
1089 case eap_ttls_tunneled_message_type_ms_chapv2_response: |
|
1090 // Here are included User-Name, MS-CHAP-Challenge and MS-CHAP2-Response AVPs. |
|
1091 status = ttls_server_handles_ms_chapv2_response(payloads, received_eap_identifier); |
|
1092 break; |
|
1093 case eap_ttls_tunneled_message_type_ms_chapv2_change_password: |
|
1094 // Here are included MS-CHAP-NT-Enc-PW, MS-CHAP2-CPW, and MS-CHAP-Challenge AVPs. |
|
1095 status = ttls_server_handles_ms_chapv2_change_password(payloads, received_eap_identifier); |
|
1096 break; |
|
1097 case eap_ttls_tunneled_message_type_ms_chapv2_success: |
|
1098 // Here is included MS-CHAP2-Success AVP. |
|
1099 status = ttls_client_handles_ms_chapv2_success(payloads, received_eap_identifier); |
|
1100 break; |
|
1101 case eap_ttls_tunneled_message_type_ms_chapv2_error: |
|
1102 // Here is included MS-CHAP2-Error AVP. |
|
1103 status = ttls_client_handles_ms_chapv2_error(payloads, received_eap_identifier); |
|
1104 break; |
|
1105 default: |
|
1106 status = eap_status_unexpected_message; |
|
1107 break; |
|
1108 } |
|
1109 |
|
1110 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1111 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1112 } |
|
1113 |
|
1114 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1115 |
|
1116 //-------------------------------------------------- |
|
1117 |
|
1118 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1119 |
|
1120 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::create_ttls_diameter_avp( |
|
1121 eap_variable_data_c * const avp, |
|
1122 const eap_variable_data_c * const data, |
|
1123 eap_diameter_avp_code_c code, |
|
1124 const bool include_vendor_id) |
|
1125 { |
|
1126 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1127 |
|
1128 EAP_TRACE_DEBUG( |
|
1129 m_am_tools, |
|
1130 TRACE_FLAGS_DEFAULT, |
|
1131 (EAPL("TLS: %s: message_function: tls_application_eap_core_c::create_ttls_diameter_avp()\n"), |
|
1132 (m_is_client == true ? "client": "server"))); |
|
1133 |
|
1134 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::create_ttls_diameter_avp()"); |
|
1135 |
|
1136 if (avp == 0) |
|
1137 { |
|
1138 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1139 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
1140 } |
|
1141 |
|
1142 if (data == 0 |
|
1143 || data->get_is_valid_data() == false) |
|
1144 { |
|
1145 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1146 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
1147 } |
|
1148 |
|
1149 if (code.get_vendor_code() == eap_diameter_avp_code_none) |
|
1150 { |
|
1151 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1152 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
1153 } |
|
1154 |
|
1155 eap_status_e status = avp->reset(); |
|
1156 if (status != eap_status_ok) |
|
1157 { |
|
1158 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1159 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1160 } |
|
1161 |
|
1162 bool needs_vendor_id = include_vendor_id; |
|
1163 if (code.get_vendor_id() != eap_diameter_vendor_id_of_ietf) |
|
1164 { |
|
1165 needs_vendor_id = true; |
|
1166 } |
|
1167 |
|
1168 const u32_t padding_byte_data = 3ul; |
|
1169 const u32_t avp_payload_length |
|
1170 = eap_diameter_avp_header_c::get_header_length(needs_vendor_id) + data->get_data_length(); |
|
1171 |
|
1172 status = avp->set_buffer_length(avp_payload_length + padding_byte_data); |
|
1173 if (status != eap_status_ok) |
|
1174 { |
|
1175 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1176 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1177 } |
|
1178 |
|
1179 if (avp->get_is_valid_data() == false) |
|
1180 { |
|
1181 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1182 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1183 } |
|
1184 |
|
1185 status = avp->set_data_length(avp_payload_length); |
|
1186 if (status != eap_status_ok) |
|
1187 { |
|
1188 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1189 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1190 } |
|
1191 |
|
1192 eap_diameter_avp_header_c avp_header( |
|
1193 m_am_tools, |
|
1194 avp->get_data(), |
|
1195 avp->get_data_length()); |
|
1196 if (avp_header.get_is_valid() == false) |
|
1197 { |
|
1198 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1199 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1200 } |
|
1201 |
|
1202 // These packets are encapsulated to AVP. |
|
1203 // 0 1 2 3 |
|
1204 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
|
1205 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
1206 // | AVP Code | |
|
1207 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
1208 // |V|M|r r r r r r| AVP Length | |
|
1209 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
1210 // | Vendor-ID (optional) | |
|
1211 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
1212 // | Data ... |
|
1213 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
1214 |
|
1215 status = avp_header.reset_header(static_cast<u16_t>(avp_payload_length)); |
|
1216 if (status != eap_status_ok) |
|
1217 { |
|
1218 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1219 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1220 } |
|
1221 |
|
1222 status = avp_header.set_avp_code(code); |
|
1223 if (status != eap_status_ok) |
|
1224 { |
|
1225 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1226 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1227 } |
|
1228 |
|
1229 status = avp_header.set_avp_flag_mandatory_avp(false); |
|
1230 if (status != eap_status_ok) |
|
1231 { |
|
1232 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1233 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1234 } |
|
1235 |
|
1236 |
|
1237 { |
|
1238 // Adds data as a payload to AVP. |
|
1239 u16_t * const avp_payload = reinterpret_cast<u16_t *>( |
|
1240 avp_header.get_data_offset(0ul, data->get_data_length())); |
|
1241 if (avp_payload == 0) |
|
1242 { |
|
1243 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1244 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1245 } |
|
1246 |
|
1247 m_am_tools->memmove( |
|
1248 avp_payload, |
|
1249 data->get_data(), |
|
1250 data->get_data_length()); |
|
1251 } |
|
1252 |
|
1253 u32_t padding_length = avp_header.get_padding_length(); |
|
1254 if (padding_length != 0ul) |
|
1255 { |
|
1256 // Add padding. |
|
1257 u8_t padding_byte = 0ul; |
|
1258 |
|
1259 for (u32_t ind = 0ul; ind < padding_length; ind++) |
|
1260 { |
|
1261 status = avp->add_data( |
|
1262 &padding_byte, |
|
1263 sizeof(padding_byte)); |
|
1264 if (status != eap_status_ok) |
|
1265 { |
|
1266 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1267 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1268 } |
|
1269 } // for() |
|
1270 } |
|
1271 |
|
1272 EAP_TLS_PEAP_TRACE_TTLS_PAYLOAD("Created TTLS AVP payload", &avp_header, m_is_client); |
|
1273 |
|
1274 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1275 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
1276 } |
|
1277 |
|
1278 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1279 |
|
1280 //-------------------------------------------------- |
|
1281 |
|
1282 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1283 |
|
1284 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_response( |
|
1285 eap_header_wr_c * const sent_eap_packet) |
|
1286 { |
|
1287 EAP_TRACE_DEBUG( |
|
1288 m_am_tools, |
|
1289 TRACE_FLAGS_DEFAULT, |
|
1290 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_response(): ") |
|
1291 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
1292 (m_is_client == true ? "client": "server"), |
|
1293 this, |
|
1294 get_ttls_tunneled_message_state(), |
|
1295 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
1296 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
1297 |
|
1298 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_response()"); |
|
1299 |
|
1300 eap_status_e status(eap_status_process_general_error); |
|
1301 |
|
1302 // This message shoud include MS-CHAP-V2 Challenge. |
|
1303 // We ignore this Challenge and instead we send Implicit Challenge from client. |
|
1304 /** |
|
1305 * @{ This will require changes in EAP-MsChapv2 server. |
|
1306 * Implicit Challenge need to be used in authentication check. } |
|
1307 */ |
|
1308 |
|
1309 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
1310 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
1311 sizeof(u8_t)); |
|
1312 if (mschapv2ident == 0) |
|
1313 { |
|
1314 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1315 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1316 } |
|
1317 |
|
1318 EAP_TRACE_DATA_DEBUG( |
|
1319 m_am_tools, |
|
1320 TRACE_FLAGS_DEFAULT, |
|
1321 (EAPL("ttls_tunneled_message_state_process_identity_response(): mschapv2ident"), |
|
1322 mschapv2ident, |
|
1323 sizeof(*mschapv2ident))); |
|
1324 |
|
1325 eap_diameter_variable_data_c * const user_name_payload |
|
1326 = m_ttls_received_payloads.get_payload(eap_diameter_avp_code_user_name); |
|
1327 |
|
1328 if (user_name_payload == 0) |
|
1329 { |
|
1330 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1331 } |
|
1332 |
|
1333 eap_variable_data_c * const user_name |
|
1334 = user_name_payload->get_payload_buffer(); |
|
1335 |
|
1336 if (user_name != 0 |
|
1337 && user_name->get_is_valid_data() == false) |
|
1338 { |
|
1339 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1340 } |
|
1341 |
|
1342 const u32_t type_data_length = EAP_MSCHAPV2_HEADER_SIZE // OpCode, MS-CHAPv2-ID and MS-Length |
|
1343 + mschapv2_response_c::get_header_minimum_size() |
|
1344 + user_name->get_data_length(); |
|
1345 |
|
1346 const u32_t eap_length = eap_header_base_c::get_type_data_start_offset(m_use_eap_expanded_type) |
|
1347 + type_data_length; |
|
1348 |
|
1349 eap_buf_chain_wr_c eap_packet_buffer( |
|
1350 eap_write_buffer, |
|
1351 m_am_tools, |
|
1352 eap_length); |
|
1353 if (eap_packet_buffer.get_is_valid() == false) |
|
1354 { |
|
1355 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1356 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1357 } |
|
1358 |
|
1359 eap_header_wr_c forwarded_eap_packet( |
|
1360 m_am_tools, |
|
1361 eap_packet_buffer.get_data(eap_length), |
|
1362 eap_length); |
|
1363 |
|
1364 if (forwarded_eap_packet.get_is_valid() == false) |
|
1365 { |
|
1366 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1367 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1368 } |
|
1369 |
|
1370 forwarded_eap_packet.reset_header( |
|
1371 static_cast<u16_t>(eap_length), |
|
1372 m_use_eap_expanded_type); |
|
1373 forwarded_eap_packet.set_identifier(sent_eap_packet->get_identifier()); |
|
1374 forwarded_eap_packet.set_code(eap_code_response); |
|
1375 forwarded_eap_packet.set_length( |
|
1376 static_cast<u16_t>(eap_length), |
|
1377 m_use_eap_expanded_type); |
|
1378 forwarded_eap_packet.set_type( |
|
1379 eap_type_mschapv2, |
|
1380 m_use_eap_expanded_type); |
|
1381 |
|
1382 mschapv2_header_c mschapv2_header( |
|
1383 m_am_tools, |
|
1384 forwarded_eap_packet.get_type_data_offset( |
|
1385 0, |
|
1386 forwarded_eap_packet.get_type_data_length()), |
|
1387 forwarded_eap_packet.get_type_data_length()); |
|
1388 |
|
1389 mschapv2_header.set_opcode(mschapv2_opcode_response); |
|
1390 mschapv2_header.set_mschapv2_id(*mschapv2ident); |
|
1391 mschapv2_header.set_ms_length(static_cast<u16_t>(type_data_length)); |
|
1392 |
|
1393 mschapv2_response_c response( |
|
1394 m_am_tools, |
|
1395 mschapv2_header.get_data(), |
|
1396 mschapv2_header.get_data_length()); |
|
1397 if (response.get_is_valid() == false) |
|
1398 { |
|
1399 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1400 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1401 } |
|
1402 |
|
1403 status = response.set_constants(); |
|
1404 if (status != eap_status_ok) |
|
1405 { |
|
1406 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1407 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1408 } |
|
1409 |
|
1410 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1411 |
|
1412 eap_diameter_variable_data_c * const peer_challenge_payload |
|
1413 = m_ttls_received_payloads.get_payload( |
|
1414 eap_diameter_vendor_code_of_microsoft_ms_chap_challenge.get_code()); |
|
1415 |
|
1416 if (peer_challenge_payload == 0) |
|
1417 { |
|
1418 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1419 } |
|
1420 |
|
1421 eap_variable_data_c * const peer_challenge |
|
1422 = peer_challenge_payload->get_payload_buffer(); |
|
1423 |
|
1424 if (peer_challenge != 0 |
|
1425 && peer_challenge->get_is_valid_data() == false |
|
1426 && peer_challenge->get_data_length() == EAP_MSCHAPV2_PEER_CHALLENGE_SIZE) |
|
1427 { |
|
1428 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1429 } |
|
1430 |
|
1431 const u8_t * const mschapv2_challenge = m_ttls_implicit_challenge.get_data_offset( |
|
1432 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_OFFSET, |
|
1433 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH); |
|
1434 if (mschapv2_challenge == 0) |
|
1435 { |
|
1436 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1437 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1438 } |
|
1439 |
|
1440 if (m_am_tools->memcmp( |
|
1441 peer_challenge->get_data(), |
|
1442 mschapv2_challenge, |
|
1443 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH) != 0) |
|
1444 { |
|
1445 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1446 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
|
1447 } |
|
1448 |
|
1449 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1450 |
|
1451 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1452 |
|
1453 eap_diameter_variable_data_c * const response_data_payload |
|
1454 = m_ttls_received_payloads.get_payload( |
|
1455 eap_diameter_vendor_code_of_microsoft_ms_chap2_response.get_code()); |
|
1456 |
|
1457 if (response_data_payload == 0) |
|
1458 { |
|
1459 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1460 } |
|
1461 |
|
1462 eap_variable_data_c * const response_data |
|
1463 = response_data_payload->get_payload_buffer(); |
|
1464 |
|
1465 if (response_data != 0 |
|
1466 && response_data->get_is_valid_data() == false |
|
1467 && response_data->get_data_length() != EAP_MSCHAPV2_RESPONSE_MESSAGE_SIZE) |
|
1468 { |
|
1469 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
|
1470 } |
|
1471 |
|
1472 response.set_peer_challenge( |
|
1473 response_data->get_data_offset( |
|
1474 EAP_MSCHAPV2_PEER_CHALLENGE_OFFSET, |
|
1475 EAP_MSCHAPV2_PEER_CHALLENGE_SIZE)); |
|
1476 |
|
1477 response.set_nt_response( |
|
1478 response_data->get_data_offset( |
|
1479 EAP_MSCHAPV2_NT_RESPONSE_OFFSET, |
|
1480 EAP_MSCHAPV2_NT_RESPONSE_SIZE)); |
|
1481 |
|
1482 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1483 |
|
1484 // Copy username to end of response packet |
|
1485 response.set_name(user_name->get_data()); |
|
1486 |
|
1487 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
1488 |
|
1489 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_response); |
|
1490 |
|
1491 status = packet_forward_to_tunnel( |
|
1492 &m_receive_network_id, |
|
1493 &forwarded_eap_packet, |
|
1494 eap_length); |
|
1495 if (status != eap_status_ok) |
|
1496 { |
|
1497 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1498 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1499 } |
|
1500 |
|
1501 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1502 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1503 } |
|
1504 |
|
1505 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1506 |
|
1507 //-------------------------------------------------- |
|
1508 |
|
1509 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1510 |
|
1511 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_response( |
|
1512 eap_header_wr_c * const sent_eap_packet) |
|
1513 { |
|
1514 EAP_TRACE_DEBUG( |
|
1515 m_am_tools, |
|
1516 TRACE_FLAGS_DEFAULT, |
|
1517 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_response(): ") |
|
1518 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
1519 (m_is_client == true ? "client": "server"), |
|
1520 this, |
|
1521 get_ttls_tunneled_message_state(), |
|
1522 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
1523 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
1524 |
|
1525 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_response()"); |
|
1526 |
|
1527 eap_status_e status(eap_status_process_general_error); |
|
1528 |
|
1529 // This message should include MS-CHAP-V2 Success or MS-CHAP-V2 Error. |
|
1530 |
|
1531 mschapv2_header_c mschapv2_header( |
|
1532 m_am_tools, |
|
1533 sent_eap_packet->get_type_data_offset(0, sent_eap_packet->get_type_data_length()), |
|
1534 sent_eap_packet->get_type_data_length()); |
|
1535 |
|
1536 status = mschapv2_header.check_header(); |
|
1537 if (status != eap_status_ok) |
|
1538 { |
|
1539 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1540 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1541 } |
|
1542 |
|
1543 if (mschapv2_header.get_opcode() == mschapv2_opcode_success) |
|
1544 { |
|
1545 eap_variable_data_c avp_success(m_am_tools); |
|
1546 |
|
1547 { |
|
1548 eap_variable_data_c success_data(m_am_tools); |
|
1549 |
|
1550 success_data.reset(); |
|
1551 |
|
1552 u8_t ident = mschapv2_header.get_mschapv2_id(); |
|
1553 |
|
1554 status = success_data.add_data( |
|
1555 &ident, |
|
1556 EAP_MSCHAPV2_IDENT_SIZE); |
|
1557 if (status != eap_status_ok) |
|
1558 { |
|
1559 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1560 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1561 } |
|
1562 |
|
1563 if (mschapv2_header.get_ms_length() < EAP_MSCHAPV2_HEADER_SIZE) |
|
1564 { |
|
1565 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1566 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1567 } |
|
1568 |
|
1569 EAP_TRACE_DATA_DEBUG( |
|
1570 m_am_tools, |
|
1571 TRACE_FLAGS_DEFAULT, |
|
1572 (EAPL("ttls_tunneled_message_state_process_response(): mschapv2 data"), |
|
1573 mschapv2_header.get_data(), |
|
1574 mschapv2_header.get_ms_length()- EAP_MSCHAPV2_HEADER_SIZE)); |
|
1575 |
|
1576 status = success_data.add_data( |
|
1577 mschapv2_header.get_data(), |
|
1578 mschapv2_header.get_ms_length() - EAP_MSCHAPV2_HEADER_SIZE); |
|
1579 if (status != eap_status_ok) |
|
1580 { |
|
1581 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1582 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1583 } |
|
1584 |
|
1585 status = create_ttls_diameter_avp( |
|
1586 &avp_success, |
|
1587 &success_data, |
|
1588 eap_diameter_vendor_code_of_microsoft_ms_chap2_success.get_code(), |
|
1589 true); |
|
1590 if (status != eap_status_ok) |
|
1591 { |
|
1592 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1593 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1594 } |
|
1595 } |
|
1596 |
|
1597 eap_buf_chain_wr_c forwarded_packet( |
|
1598 eap_write_buffer, |
|
1599 m_am_tools, |
|
1600 avp_success.get_data(), |
|
1601 avp_success.get_data_length(), |
|
1602 false, |
|
1603 false, |
|
1604 0ul); |
|
1605 if (forwarded_packet.get_is_valid() == false) |
|
1606 { |
|
1607 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1608 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1609 } |
|
1610 |
|
1611 status = get_application_partner()->packet_send( |
|
1612 &forwarded_packet, |
|
1613 0ul, |
|
1614 forwarded_packet.get_data_length(), |
|
1615 forwarded_packet.get_buffer_length()); |
|
1616 if (status != eap_status_ok) |
|
1617 { |
|
1618 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1619 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1620 } |
|
1621 |
|
1622 // Here we swap the addresses. |
|
1623 eap_am_network_id_c send_network_id( |
|
1624 m_am_tools, |
|
1625 m_receive_network_id.get_destination_id(), |
|
1626 m_receive_network_id.get_source_id(), |
|
1627 m_receive_network_id.get_type()); |
|
1628 |
|
1629 eap_state_notification_c notification( |
|
1630 m_am_tools, |
|
1631 &send_network_id, |
|
1632 m_is_client, |
|
1633 eap_state_notification_eap, |
|
1634 eap_protocol_layer_internal_type, |
|
1635 eap_type_ttls, |
|
1636 eap_state_none, |
|
1637 tls_peap_state_server_waits_ttls_plain_ms_chap_v2_empty_ack, |
|
1638 sent_eap_packet->get_identifier(), |
|
1639 false); |
|
1640 get_application_partner()->state_notification(¬ification); |
|
1641 |
|
1642 m_ttls_plain_ms_chap_v2_eap_identifier = sent_eap_packet->get_identifier(); |
|
1643 } |
|
1644 else if (mschapv2_header.get_opcode() == mschapv2_opcode_failure) |
|
1645 { |
|
1646 eap_variable_data_c avp_error(m_am_tools); |
|
1647 |
|
1648 { |
|
1649 eap_variable_data_c error_data(m_am_tools); |
|
1650 status = error_data.set_buffer( |
|
1651 mschapv2_header.get_data(), |
|
1652 mschapv2_header.get_ms_length() - EAP_MSCHAPV2_HEADER_SIZE, |
|
1653 false, |
|
1654 false); |
|
1655 if (status != eap_status_ok) |
|
1656 { |
|
1657 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1658 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1659 } |
|
1660 |
|
1661 status = create_ttls_diameter_avp( |
|
1662 &avp_error, |
|
1663 &error_data, |
|
1664 eap_diameter_vendor_code_of_microsoft_ms_chap_error.get_code(), |
|
1665 true); |
|
1666 if (status != eap_status_ok) |
|
1667 { |
|
1668 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1669 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1670 } |
|
1671 } |
|
1672 |
|
1673 eap_buf_chain_wr_c forwarded_packet( |
|
1674 eap_write_buffer, |
|
1675 m_am_tools, |
|
1676 avp_error.get_data(), |
|
1677 avp_error.get_data_length(), |
|
1678 false, |
|
1679 false, |
|
1680 0ul); |
|
1681 if (forwarded_packet.get_is_valid() == false) |
|
1682 { |
|
1683 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1684 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1685 } |
|
1686 |
|
1687 status = get_application_partner()->packet_send( |
|
1688 &forwarded_packet, |
|
1689 0ul, |
|
1690 forwarded_packet.get_data_length(), |
|
1691 forwarded_packet.get_buffer_length()); |
|
1692 if (status != eap_status_ok) |
|
1693 { |
|
1694 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1695 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1696 } |
|
1697 |
|
1698 m_ttls_plain_ms_chap_v2_eap_identifier = sent_eap_packet->get_identifier(); |
|
1699 } |
|
1700 else |
|
1701 { |
|
1702 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1703 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
1704 } |
|
1705 |
|
1706 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1707 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1708 } |
|
1709 |
|
1710 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1711 |
|
1712 //-------------------------------------------------- |
|
1713 |
|
1714 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1715 |
|
1716 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_change_password_response( |
|
1717 eap_header_wr_c * const sent_eap_packet) |
|
1718 { |
|
1719 EAP_TRACE_DEBUG( |
|
1720 m_am_tools, |
|
1721 TRACE_FLAGS_DEFAULT, |
|
1722 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_change_password_response(): ") |
|
1723 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
1724 (m_is_client == true ? "client": "server"), |
|
1725 this, |
|
1726 get_ttls_tunneled_message_state(), |
|
1727 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
1728 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
1729 |
|
1730 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_change_password_response()"); |
|
1731 |
|
1732 eap_status_e status(eap_status_process_general_error); |
|
1733 |
|
1734 // This message should include MS-CHAP-V2 Success. |
|
1735 |
|
1736 status = ttls_tunneled_message_state_process_response(sent_eap_packet); |
|
1737 |
|
1738 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1739 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1740 } |
|
1741 |
|
1742 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1743 |
|
1744 //-------------------------------------------------- |
|
1745 |
|
1746 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1747 |
|
1748 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_request( |
|
1749 eap_header_wr_c * const sent_eap_packet) |
|
1750 { |
|
1751 EAP_TRACE_DEBUG( |
|
1752 m_am_tools, |
|
1753 TRACE_FLAGS_DEFAULT, |
|
1754 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_request(): ") |
|
1755 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
1756 (m_is_client == true ? "client": "server"), |
|
1757 this, |
|
1758 get_ttls_tunneled_message_state(), |
|
1759 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
1760 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
1761 |
|
1762 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_identity_request()"); |
|
1763 |
|
1764 eap_status_e status(eap_status_process_general_error); |
|
1765 |
|
1766 // This message includes username. |
|
1767 |
|
1768 u32_t user_name_length = sent_eap_packet->get_type_data_length(); |
|
1769 |
|
1770 status = m_ttls_user_name.set_copy_of_buffer( |
|
1771 sent_eap_packet->get_type_data(user_name_length), |
|
1772 user_name_length); |
|
1773 if (status != eap_status_ok) |
|
1774 { |
|
1775 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1776 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1777 } |
|
1778 |
|
1779 status = get_application_partner()->get_ttls_implicit_challenge( |
|
1780 &m_ttls_implicit_challenge, |
|
1781 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_FULL_LENGTH); |
|
1782 if (status != eap_status_ok) |
|
1783 { |
|
1784 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1785 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1786 } |
|
1787 |
|
1788 { |
|
1789 const u32_t type_data_length = EAP_MSCHAPV2_HEADER_SIZE // OpCode, MS-CHAPv2-ID and MS-Length |
|
1790 + mschapv2_challenge_c::get_header_minimum_size() |
|
1791 + m_ttls_user_name.get_data_length(); |
|
1792 |
|
1793 const u32_t eap_length = eap_header_base_c::get_type_data_start_offset(m_use_eap_expanded_type) |
|
1794 + type_data_length; |
|
1795 |
|
1796 eap_buf_chain_wr_c eap_packet_buffer( |
|
1797 eap_write_buffer, |
|
1798 m_am_tools, |
|
1799 eap_length); |
|
1800 if (eap_packet_buffer.get_is_valid() == false) |
|
1801 { |
|
1802 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1803 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1804 } |
|
1805 |
|
1806 eap_header_wr_c forwarded_eap_packet( |
|
1807 m_am_tools, |
|
1808 eap_packet_buffer.get_data(eap_length), |
|
1809 eap_length); |
|
1810 if (forwarded_eap_packet.get_is_valid() == false) |
|
1811 { |
|
1812 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1813 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
1814 } |
|
1815 forwarded_eap_packet.set_code(eap_code_request); |
|
1816 forwarded_eap_packet.set_identifier(static_cast<u8_t>(sent_eap_packet->get_identifier()+1ul)); |
|
1817 forwarded_eap_packet.set_length( |
|
1818 static_cast<u16_t>(eap_length), |
|
1819 m_use_eap_expanded_type); |
|
1820 forwarded_eap_packet.set_type( |
|
1821 eap_type_mschapv2, |
|
1822 m_use_eap_expanded_type); |
|
1823 |
|
1824 mschapv2_header_c mschapv2_header( |
|
1825 m_am_tools, |
|
1826 forwarded_eap_packet.get_type_data_offset(0, forwarded_eap_packet.get_type_data_length()), |
|
1827 forwarded_eap_packet.get_type_data_length()); |
|
1828 mschapv2_header.set_opcode(mschapv2_opcode_challenge); |
|
1829 |
|
1830 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
1831 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
1832 sizeof(u8_t)); |
|
1833 if (mschapv2ident == 0) |
|
1834 { |
|
1835 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1836 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1837 } |
|
1838 |
|
1839 EAP_TRACE_DATA_DEBUG( |
|
1840 m_am_tools, |
|
1841 TRACE_FLAGS_DEFAULT, |
|
1842 (EAPL("ttls_tunneled_message_state_process_identity_request(): mschapv2ident"), |
|
1843 mschapv2ident, |
|
1844 sizeof(*mschapv2ident))); |
|
1845 |
|
1846 mschapv2_header.set_mschapv2_id(*mschapv2ident); |
|
1847 mschapv2_header.set_ms_length(static_cast<u16_t>(type_data_length)); |
|
1848 |
|
1849 mschapv2_challenge_c challenge_packet( |
|
1850 m_am_tools, |
|
1851 mschapv2_header.get_data(), |
|
1852 mschapv2_header.get_data_length()); |
|
1853 if (challenge_packet.get_is_valid() == false) |
|
1854 { |
|
1855 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1856 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1857 } |
|
1858 |
|
1859 const u8_t * const mschapv2_challenge = m_ttls_implicit_challenge.get_data_offset( |
|
1860 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_OFFSET, |
|
1861 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH); |
|
1862 if (mschapv2_challenge == 0) |
|
1863 { |
|
1864 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1865 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1866 } |
|
1867 |
|
1868 EAP_TRACE_DATA_DEBUG( |
|
1869 m_am_tools, |
|
1870 TRACE_FLAGS_DEFAULT, |
|
1871 (EAPL("ttls_tunneled_message_state_process_identity_request(): mschapv2_challenge"), |
|
1872 mschapv2_challenge, |
|
1873 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH)); |
|
1874 |
|
1875 |
|
1876 challenge_packet.set_challenge(mschapv2_challenge); |
|
1877 challenge_packet.set_value_size(); |
|
1878 challenge_packet.set_name(m_ttls_user_name.get_data(m_ttls_user_name.get_data_length())); |
|
1879 |
|
1880 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_process_challenge_request); |
|
1881 |
|
1882 status = packet_forward_to_tunnel( |
|
1883 &m_receive_network_id, |
|
1884 &forwarded_eap_packet, |
|
1885 eap_length); |
|
1886 if (status != eap_status_ok) |
|
1887 { |
|
1888 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1889 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1890 } |
|
1891 } |
|
1892 |
|
1893 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1894 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1895 } |
|
1896 |
|
1897 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1898 |
|
1899 //-------------------------------------------------- |
|
1900 |
|
1901 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
1902 |
|
1903 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_challenge_request( |
|
1904 eap_header_wr_c * const sent_eap_packet) |
|
1905 { |
|
1906 EAP_TRACE_DEBUG( |
|
1907 m_am_tools, |
|
1908 TRACE_FLAGS_DEFAULT, |
|
1909 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_challenge_request(): ") |
|
1910 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
1911 (m_is_client == true ? "client": "server"), |
|
1912 this, |
|
1913 get_ttls_tunneled_message_state(), |
|
1914 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
1915 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
1916 |
|
1917 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_challenge_request()"); |
|
1918 |
|
1919 eap_status_e status(eap_status_process_general_error); |
|
1920 |
|
1921 // This message shoud include MS-CHAP-V2 Response. |
|
1922 |
|
1923 mschapv2_header_c mschapv2_header( |
|
1924 m_am_tools, |
|
1925 sent_eap_packet->get_type_data_offset(0, sent_eap_packet->get_type_data_length()), |
|
1926 sent_eap_packet->get_type_data_length()); |
|
1927 |
|
1928 mschapv2_response_c response( |
|
1929 m_am_tools, |
|
1930 mschapv2_header.get_data(), |
|
1931 mschapv2_header.get_data_length()); |
|
1932 if (response.get_is_valid() == false) |
|
1933 { |
|
1934 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1935 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1936 } |
|
1937 |
|
1938 |
|
1939 eap_variable_data_c tunneled_data(m_am_tools); |
|
1940 eap_variable_data_c avp(m_am_tools); |
|
1941 |
|
1942 { |
|
1943 status = create_ttls_diameter_avp( |
|
1944 &avp, |
|
1945 &m_ttls_user_name, |
|
1946 eap_diameter_avp_code_user_name, |
|
1947 false); |
|
1948 if (status != eap_status_ok) |
|
1949 { |
|
1950 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1951 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1952 } |
|
1953 |
|
1954 status = tunneled_data.add_data(&avp); |
|
1955 if (status != eap_status_ok) |
|
1956 { |
|
1957 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1958 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1959 } |
|
1960 } |
|
1961 |
|
1962 { |
|
1963 const u8_t * const mschapv2_challenge = m_ttls_implicit_challenge.get_data_offset( |
|
1964 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_OFFSET, |
|
1965 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH); |
|
1966 if (mschapv2_challenge == 0) |
|
1967 { |
|
1968 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1969 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
1970 } |
|
1971 |
|
1972 EAP_TRACE_DATA_DEBUG( |
|
1973 m_am_tools, |
|
1974 TRACE_FLAGS_DEFAULT, |
|
1975 (EAPL("ttls_tunneled_message_state_process_challenge_request(): mschapv2_challenge"), |
|
1976 mschapv2_challenge, |
|
1977 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH)); |
|
1978 |
|
1979 eap_variable_data_c peer_challenge(m_am_tools); |
|
1980 status = peer_challenge.set_buffer( |
|
1981 mschapv2_challenge, |
|
1982 EAP_MSCHAPV2_PEER_CHALLENGE_SIZE, |
|
1983 false, |
|
1984 false); |
|
1985 if (status != eap_status_ok) |
|
1986 { |
|
1987 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1988 return EAP_STATUS_RETURN(m_am_tools, status); |
|
1989 } |
|
1990 |
|
1991 status = create_ttls_diameter_avp( |
|
1992 &avp, |
|
1993 &peer_challenge, |
|
1994 eap_diameter_vendor_code_of_microsoft_ms_chap_challenge.get_code(), |
|
1995 true); |
|
1996 if (status != eap_status_ok) |
|
1997 { |
|
1998 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
1999 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2000 } |
|
2001 |
|
2002 status = tunneled_data.add_data(&avp); |
|
2003 if (status != eap_status_ok) |
|
2004 { |
|
2005 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2006 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2007 } |
|
2008 } |
|
2009 |
|
2010 { |
|
2011 eap_variable_data_c response_data(m_am_tools); |
|
2012 |
|
2013 response_data.reset(); |
|
2014 |
|
2015 const u8_t * const mschapv2ident = m_ttls_implicit_challenge.get_data_offset( |
|
2016 EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET, |
|
2017 EAP_MSCHAPV2_IDENT_SIZE); |
|
2018 if (mschapv2ident == 0) |
|
2019 { |
|
2020 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2021 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
2022 } |
|
2023 |
|
2024 status = response_data.add_data( |
|
2025 mschapv2ident, |
|
2026 EAP_MSCHAPV2_IDENT_SIZE); |
|
2027 if (status != eap_status_ok) |
|
2028 { |
|
2029 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2030 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2031 } |
|
2032 |
|
2033 u8_t flags = 0ul; |
|
2034 |
|
2035 status = response_data.add_data( |
|
2036 &flags, |
|
2037 EAP_MSCHAPV2_FLAGS_SIZE); |
|
2038 if (status != eap_status_ok) |
|
2039 { |
|
2040 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2041 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2042 } |
|
2043 |
|
2044 status = response_data.add_data( |
|
2045 response.get_peer_challenge(), |
|
2046 EAP_MSCHAPV2_PEER_CHALLENGE_SIZE); |
|
2047 if (status != eap_status_ok) |
|
2048 { |
|
2049 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2050 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2051 } |
|
2052 |
|
2053 u8_t reserved_data[EAP_MSCHAPV2_RESERVED_RESPONSE_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; |
|
2054 |
|
2055 status = response_data.add_data( |
|
2056 reserved_data, |
|
2057 EAP_MSCHAPV2_RESERVED_RESPONSE_SIZE); |
|
2058 if (status != eap_status_ok) |
|
2059 { |
|
2060 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2061 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2062 } |
|
2063 |
|
2064 status = response_data.add_data( |
|
2065 response.get_nt_response(), |
|
2066 EAP_MSCHAPV2_NT_RESPONSE_SIZE); |
|
2067 if (status != eap_status_ok) |
|
2068 { |
|
2069 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2070 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2071 } |
|
2072 |
|
2073 status = create_ttls_diameter_avp( |
|
2074 &avp, |
|
2075 &response_data, |
|
2076 eap_diameter_vendor_code_of_microsoft_ms_chap2_response.get_code(), |
|
2077 true); |
|
2078 if (status != eap_status_ok) |
|
2079 { |
|
2080 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2081 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2082 } |
|
2083 |
|
2084 status = tunneled_data.add_data(&avp); |
|
2085 if (status != eap_status_ok) |
|
2086 { |
|
2087 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2088 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2089 } |
|
2090 } |
|
2091 |
|
2092 eap_buf_chain_wr_c forwarded_packet( |
|
2093 eap_write_buffer, |
|
2094 m_am_tools, |
|
2095 tunneled_data.get_data(), |
|
2096 tunneled_data.get_data_length(), |
|
2097 false, |
|
2098 false, |
|
2099 0ul); |
|
2100 if (forwarded_packet.get_is_valid() == false) |
|
2101 { |
|
2102 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2103 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
2104 } |
|
2105 |
|
2106 status = get_application_partner()->packet_send( |
|
2107 &forwarded_packet, |
|
2108 0ul, |
|
2109 forwarded_packet.get_data_length(), |
|
2110 forwarded_packet.get_buffer_length()); |
|
2111 |
|
2112 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2113 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2114 } |
|
2115 |
|
2116 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2117 |
|
2118 //-------------------------------------------------- |
|
2119 |
|
2120 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2121 |
|
2122 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_success_request( |
|
2123 eap_header_wr_c * const sent_eap_packet) |
|
2124 { |
|
2125 EAP_TRACE_DEBUG( |
|
2126 m_am_tools, |
|
2127 TRACE_FLAGS_DEFAULT, |
|
2128 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_success_request(): ") |
|
2129 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
2130 (m_is_client == true ? "client": "server"), |
|
2131 this, |
|
2132 get_ttls_tunneled_message_state(), |
|
2133 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
2134 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
2135 |
|
2136 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_success_request()"); |
|
2137 |
|
2138 // Here should be no data. |
|
2139 |
|
2140 mschapv2_header_c mschapv2_header( |
|
2141 m_am_tools, |
|
2142 sent_eap_packet->get_type_data(sent_eap_packet->get_type_data_length()), |
|
2143 sent_eap_packet->get_type_data_length()); |
|
2144 |
|
2145 if (mschapv2_header.get_opcode() != mschapv2_opcode_success) |
|
2146 { |
|
2147 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2148 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2149 } |
|
2150 |
|
2151 eap_status_e status = m_ttls_sent_eap_packet.set_copy_of_buffer( |
|
2152 sent_eap_packet->get_header_buffer(sent_eap_packet->get_header_buffer_length()), |
|
2153 sent_eap_packet->get_header_buffer_length()); |
|
2154 if (status != eap_status_ok) |
|
2155 { |
|
2156 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2157 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2158 } |
|
2159 |
|
2160 // This will be completed after EAP-MSChapv2 returns. This is to reduce stack usage. |
|
2161 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_complete_success_request); |
|
2162 |
|
2163 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2164 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2165 } |
|
2166 |
|
2167 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2168 |
|
2169 //-------------------------------------------------- |
|
2170 |
|
2171 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2172 |
|
2173 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_complete_success_request( |
|
2174 eap_header_wr_c * const sent_eap_packet) |
|
2175 { |
|
2176 EAP_TRACE_DEBUG( |
|
2177 m_am_tools, |
|
2178 TRACE_FLAGS_DEFAULT, |
|
2179 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_complete_success_request(): ") |
|
2180 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s\n"), |
|
2181 (m_is_client == true ? "client": "server"), |
|
2182 this, |
|
2183 get_ttls_tunneled_message_state(), |
|
2184 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()) |
|
2185 )); |
|
2186 |
|
2187 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_complete_success_request()"); |
|
2188 |
|
2189 // Here we swap the addresses. |
|
2190 eap_am_network_id_c send_network_id( |
|
2191 m_am_tools, |
|
2192 m_receive_network_id.get_destination_id(), |
|
2193 m_receive_network_id.get_source_id(), |
|
2194 m_receive_network_id.get_type()); |
|
2195 |
|
2196 eap_state_notification_c notification( |
|
2197 m_am_tools, |
|
2198 &send_network_id, |
|
2199 m_is_client, |
|
2200 eap_state_notification_eap, |
|
2201 eap_protocol_layer_internal_type, |
|
2202 eap_type_ttls, |
|
2203 eap_state_none, |
|
2204 tls_peap_state_client_send_ttls_plain_ms_chap_v2_empty_ack, |
|
2205 sent_eap_packet->get_identifier(), |
|
2206 false); |
|
2207 get_application_partner()->state_notification(¬ification); |
|
2208 |
|
2209 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2210 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
2211 } |
|
2212 |
|
2213 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2214 |
|
2215 //-------------------------------------------------- |
|
2216 |
|
2217 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2218 |
|
2219 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_process_error_request( |
|
2220 eap_header_wr_c * const sent_eap_packet) |
|
2221 { |
|
2222 EAP_TRACE_DEBUG( |
|
2223 m_am_tools, |
|
2224 TRACE_FLAGS_DEFAULT, |
|
2225 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_error_request(): ") |
|
2226 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
2227 (m_is_client == true ? "client": "server"), |
|
2228 this, |
|
2229 get_ttls_tunneled_message_state(), |
|
2230 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
2231 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
2232 |
|
2233 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_process_error_request()"); |
|
2234 |
|
2235 eap_status_e status(eap_status_process_general_error); |
|
2236 |
|
2237 // This message shoud include MS-CHAP-V2 Change-Password. |
|
2238 |
|
2239 mschapv2_header_c mschapv2_header( |
|
2240 m_am_tools, |
|
2241 sent_eap_packet->get_type_data(sent_eap_packet->get_type_data_length()), |
|
2242 sent_eap_packet->get_type_data_length()); |
|
2243 |
|
2244 if (mschapv2_header.get_opcode() != mschapv2_opcode_change_password) |
|
2245 { |
|
2246 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2247 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2248 } |
|
2249 |
|
2250 status = m_ttls_sent_eap_packet.set_copy_of_buffer( |
|
2251 sent_eap_packet->get_header_buffer(sent_eap_packet->get_header_buffer_length()), |
|
2252 sent_eap_packet->get_header_buffer_length()); |
|
2253 if (status != eap_status_ok) |
|
2254 { |
|
2255 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2256 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2257 } |
|
2258 |
|
2259 // This will be completed after EAP-MSChapv2 returns. This is to reduce stack usage. |
|
2260 set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_complete_error_request); |
|
2261 |
|
2262 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2263 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2264 } |
|
2265 |
|
2266 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2267 |
|
2268 //-------------------------------------------------- |
|
2269 |
|
2270 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2271 |
|
2272 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::ttls_tunneled_message_state_complete_error_request( |
|
2273 eap_header_wr_c * const sent_eap_packet) |
|
2274 { |
|
2275 EAP_TRACE_DEBUG( |
|
2276 m_am_tools, |
|
2277 TRACE_FLAGS_DEFAULT, |
|
2278 (EAPL("TTLS: %s: function: tls_application_eap_core_c::ttls_tunneled_message_state_process_error_request(): ") |
|
2279 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
2280 (m_is_client == true ? "client": "server"), |
|
2281 this, |
|
2282 get_ttls_tunneled_message_state(), |
|
2283 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
2284 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
2285 |
|
2286 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::ttls_tunneled_message_state_complete_error_request()"); |
|
2287 |
|
2288 eap_status_e status(eap_status_process_general_error); |
|
2289 |
|
2290 // This message shoud include MS-CHAP-V2 Change-Password. |
|
2291 |
|
2292 mschapv2_header_c mschapv2_header( |
|
2293 m_am_tools, |
|
2294 sent_eap_packet->get_type_data(sent_eap_packet->get_type_data_length()), |
|
2295 sent_eap_packet->get_type_data_length()); |
|
2296 |
|
2297 if (mschapv2_header.get_opcode() != mschapv2_opcode_change_password) |
|
2298 { |
|
2299 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2300 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2301 } |
|
2302 |
|
2303 mschapv2_change_password_c response( |
|
2304 m_am_tools, |
|
2305 mschapv2_header.get_data(), |
|
2306 mschapv2_header.get_data_length()); |
|
2307 if (response.get_is_valid() == false) |
|
2308 { |
|
2309 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2310 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
2311 } |
|
2312 |
|
2313 // We need to create MS-CHAP-NT-Enc-PW, MS-CHAP2-CPW, and MS-CHAP-Challenge AVPs. |
|
2314 |
|
2315 eap_variable_data_c tunneled_data(m_am_tools); |
|
2316 eap_variable_data_c avp(m_am_tools); |
|
2317 |
|
2318 { |
|
2319 eap_variable_data_c nt_enc_pw(m_am_tools); |
|
2320 status = nt_enc_pw.set_buffer( |
|
2321 response.get_encrypted_pw_block(), |
|
2322 EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_PASSWORD_SIZE, |
|
2323 false, |
|
2324 false); |
|
2325 if (status != eap_status_ok) |
|
2326 { |
|
2327 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2328 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2329 } |
|
2330 |
|
2331 status = create_ttls_diameter_avp( |
|
2332 &avp, |
|
2333 &nt_enc_pw, |
|
2334 eap_diameter_vendor_code_of_microsoft_ms_chap_nt_enc_pw.get_code(), |
|
2335 true); |
|
2336 if (status != eap_status_ok) |
|
2337 { |
|
2338 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2339 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2340 } |
|
2341 |
|
2342 status = tunneled_data.add_data(&avp); |
|
2343 if (status != eap_status_ok) |
|
2344 { |
|
2345 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2346 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2347 } |
|
2348 } |
|
2349 |
|
2350 { |
|
2351 eap_variable_data_c cpw(m_am_tools); |
|
2352 |
|
2353 status = cpw.set_copy_of_buffer( |
|
2354 response.get_encrypted_hash(), |
|
2355 EAP_MSCHAPV2_CHANGE_PASSWORD_ENCRYPTED_HASH_SIZE); |
|
2356 if (status != eap_status_ok) |
|
2357 { |
|
2358 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2359 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2360 } |
|
2361 |
|
2362 status = cpw.add_data( |
|
2363 response.get_peer_challenge(), |
|
2364 EAP_MSCHAPV2_PEER_CHALLENGE_SIZE); |
|
2365 if (status != eap_status_ok) |
|
2366 { |
|
2367 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2368 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2369 } |
|
2370 |
|
2371 status = cpw.add_data( |
|
2372 response.get_nt_response(), |
|
2373 EAP_MSCHAPV2_NT_RESPONSE_SIZE); |
|
2374 if (status != eap_status_ok) |
|
2375 { |
|
2376 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2377 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2378 } |
|
2379 |
|
2380 status = create_ttls_diameter_avp( |
|
2381 &avp, |
|
2382 &cpw, |
|
2383 eap_diameter_vendor_code_of_microsoft_ms_chap2_cpw.get_code(), |
|
2384 true); |
|
2385 if (status != eap_status_ok) |
|
2386 { |
|
2387 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2388 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2389 } |
|
2390 |
|
2391 status = tunneled_data.add_data(&avp); |
|
2392 if (status != eap_status_ok) |
|
2393 { |
|
2394 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2395 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2396 } |
|
2397 } |
|
2398 |
|
2399 { |
|
2400 eap_variable_data_c challenge_data(m_am_tools); |
|
2401 status = challenge_data.set_buffer( |
|
2402 response.get_peer_challenge(), |
|
2403 EAP_MSCHAPV2_PEER_CHALLENGE_SIZE, |
|
2404 false, |
|
2405 false); |
|
2406 if (status != eap_status_ok) |
|
2407 { |
|
2408 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2409 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2410 } |
|
2411 |
|
2412 status = create_ttls_diameter_avp( |
|
2413 &avp, |
|
2414 &challenge_data, |
|
2415 eap_diameter_vendor_code_of_microsoft_ms_chap_challenge.get_code(), |
|
2416 true); |
|
2417 if (status != eap_status_ok) |
|
2418 { |
|
2419 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2420 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2421 } |
|
2422 |
|
2423 status = tunneled_data.add_data(&avp); |
|
2424 if (status != eap_status_ok) |
|
2425 { |
|
2426 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2427 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2428 } |
|
2429 } |
|
2430 |
|
2431 eap_buf_chain_wr_c forwarded_packet( |
|
2432 eap_write_buffer, |
|
2433 m_am_tools, |
|
2434 tunneled_data.get_data(), |
|
2435 tunneled_data.get_data_length(), |
|
2436 false, |
|
2437 false, |
|
2438 0ul); |
|
2439 if (forwarded_packet.get_is_valid() == false) |
|
2440 { |
|
2441 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2442 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
2443 } |
|
2444 |
|
2445 status = get_application_partner()->packet_send( |
|
2446 &forwarded_packet, |
|
2447 0ul, |
|
2448 forwarded_packet.get_data_length(), |
|
2449 forwarded_packet.get_buffer_length()); |
|
2450 |
|
2451 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2452 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2453 } |
|
2454 |
|
2455 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2456 |
|
2457 //-------------------------------------------------- |
|
2458 |
|
2459 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2460 |
|
2461 EAP_FUNC_EXPORT eap_status_e tls_application_eap_core_c::send_ttls_ms_chapv2_packet( |
|
2462 eap_header_wr_c * const sent_eap_packet) |
|
2463 { |
|
2464 EAP_TRACE_DEBUG( |
|
2465 m_am_tools, |
|
2466 TRACE_FLAGS_DEFAULT, |
|
2467 (EAPL("TTLS: %s: function: tls_application_eap_core_c::send_ttls_ms_chapv2_packet(): ") |
|
2468 EAPL("this = 0x%08x, m_ttls_tunneled_message_state=%d=%s, EAP-type=%d\n"), |
|
2469 (m_is_client == true ? "client": "server"), |
|
2470 this, |
|
2471 get_ttls_tunneled_message_state(), |
|
2472 eap_tls_trace_string_c::get_ttls_state_string(get_ttls_tunneled_message_state()), |
|
2473 convert_eap_type_to_u32_t(sent_eap_packet->get_type()))); |
|
2474 |
|
2475 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::send_ttls_ms_chapv2_packet()"); |
|
2476 |
|
2477 eap_status_e status(eap_status_process_general_error); |
|
2478 |
|
2479 |
|
2480 if (m_is_client == false) |
|
2481 { |
|
2482 // Server |
|
2483 if (sent_eap_packet->get_code() == eap_code_request |
|
2484 && sent_eap_packet->get_type() == eap_type_mschapv2) |
|
2485 { |
|
2486 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_identity_response) |
|
2487 { |
|
2488 status = ttls_tunneled_message_state_process_identity_response(sent_eap_packet); |
|
2489 if (status != eap_status_ok) |
|
2490 { |
|
2491 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2492 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2493 } |
|
2494 } |
|
2495 else if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_response) |
|
2496 { |
|
2497 status = ttls_tunneled_message_state_process_response(sent_eap_packet); |
|
2498 if (status != eap_status_ok) |
|
2499 { |
|
2500 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2501 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2502 } |
|
2503 } |
|
2504 else if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_change_password_response) |
|
2505 { |
|
2506 status = ttls_tunneled_message_state_process_change_password_response(sent_eap_packet); |
|
2507 if (status != eap_status_ok) |
|
2508 { |
|
2509 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2510 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2511 } |
|
2512 } |
|
2513 else |
|
2514 { |
|
2515 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2516 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
|
2517 } |
|
2518 } |
|
2519 else if (sent_eap_packet->get_code() == eap_code_success) |
|
2520 { |
|
2521 // EAP-Success is not needed in TTLS/MsChapv2. |
|
2522 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2523 return EAP_STATUS_RETURN(m_am_tools, eap_status_drop_packet_quietly); |
|
2524 } |
|
2525 else |
|
2526 { |
|
2527 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2528 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2529 } |
|
2530 } |
|
2531 else |
|
2532 { |
|
2533 // Client |
|
2534 if (sent_eap_packet->get_type() == eap_type_identity) |
|
2535 { |
|
2536 // Client sends EAP-Response/Identity. |
|
2537 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_identity_request |
|
2538 || get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_identity_request_pending) |
|
2539 { |
|
2540 status = m_ttls_sent_eap_packet.set_copy_of_buffer( |
|
2541 sent_eap_packet->get_header_buffer(sent_eap_packet->get_header_buffer_length()), |
|
2542 sent_eap_packet->get_header_buffer_length()); |
|
2543 if (status != eap_status_ok) |
|
2544 { |
|
2545 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2546 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2547 } |
|
2548 |
|
2549 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_identity_request_pending) |
|
2550 { |
|
2551 // NOTE, here we process client send packets separately to |
|
2552 // reduce stack consumption. |
|
2553 |
|
2554 { |
|
2555 eap_header_wr_c tmp_sent_eap_packet( |
|
2556 m_am_tools, |
|
2557 m_ttls_sent_eap_packet.get_data(), |
|
2558 m_ttls_sent_eap_packet.get_data_length()); |
|
2559 |
|
2560 if (tmp_sent_eap_packet.get_type() == eap_type_identity) |
|
2561 { |
|
2562 // Client sent EAP-Response/Identity. |
|
2563 // This message should include username. |
|
2564 |
|
2565 status = ttls_tunneled_message_state_process_identity_request(&tmp_sent_eap_packet); |
|
2566 if (status != eap_status_ok) |
|
2567 { |
|
2568 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2569 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2570 } |
|
2571 } |
|
2572 else |
|
2573 { |
|
2574 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2575 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
|
2576 } |
|
2577 } |
|
2578 |
|
2579 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
2580 |
|
2581 { |
|
2582 eap_header_wr_c tmp_sent_eap_packet( |
|
2583 m_am_tools, |
|
2584 m_ttls_sent_eap_packet.get_data(), |
|
2585 m_ttls_sent_eap_packet.get_data_length()); |
|
2586 |
|
2587 if (tmp_sent_eap_packet.get_type() == eap_type_mschapv2 |
|
2588 && get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_challenge_request) |
|
2589 { |
|
2590 // This message should include MS-CHAP-V2 Response. |
|
2591 status = ttls_tunneled_message_state_process_challenge_request(&tmp_sent_eap_packet); |
|
2592 if (status != eap_status_ok) |
|
2593 { |
|
2594 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2595 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2596 } |
|
2597 } |
|
2598 else |
|
2599 { |
|
2600 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2601 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
|
2602 } |
|
2603 } |
|
2604 |
|
2605 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
2606 } |
|
2607 } |
|
2608 else |
|
2609 { |
|
2610 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2611 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
|
2612 } |
|
2613 } |
|
2614 else if (sent_eap_packet->get_type() == eap_type_mschapv2) |
|
2615 { |
|
2616 if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_challenge_request) |
|
2617 { |
|
2618 status = m_ttls_sent_eap_packet.set_copy_of_buffer( |
|
2619 sent_eap_packet->get_header_buffer(sent_eap_packet->get_header_buffer_length()), |
|
2620 sent_eap_packet->get_header_buffer_length()); |
|
2621 if (status != eap_status_ok) |
|
2622 { |
|
2623 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2624 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2625 } |
|
2626 } |
|
2627 else if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_success_request) |
|
2628 { |
|
2629 // NOTE, here we process client send packets separately to |
|
2630 // reduce stack consumption. |
|
2631 status = ttls_tunneled_message_state_process_success_request(sent_eap_packet); |
|
2632 if (status != eap_status_ok) |
|
2633 { |
|
2634 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2635 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2636 } |
|
2637 } |
|
2638 else if (get_ttls_tunneled_message_state() == eap_ttls_tunneled_message_state_process_error_request) |
|
2639 { |
|
2640 mschapv2_header_c mschapv2_header( |
|
2641 m_am_tools, |
|
2642 sent_eap_packet->get_type_data(sent_eap_packet->get_type_data_length()), |
|
2643 sent_eap_packet->get_type_data_length()); |
|
2644 |
|
2645 if (mschapv2_header.get_opcode() == mschapv2_opcode_change_password) |
|
2646 { |
|
2647 // This message shoud include MS-CHAP-V2 Change-Password. |
|
2648 status = ttls_tunneled_message_state_process_error_request(sent_eap_packet); |
|
2649 if (status != eap_status_ok) |
|
2650 { |
|
2651 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2652 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2653 } |
|
2654 } |
|
2655 else if (mschapv2_header.get_opcode() == mschapv2_opcode_response) |
|
2656 { |
|
2657 // This message shoud include MS-CHAP-V2 Response. |
|
2658 |
|
2659 status = ttls_tunneled_message_state_process_challenge_request(sent_eap_packet); |
|
2660 if (status != eap_status_ok) |
|
2661 { |
|
2662 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2663 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2664 } |
|
2665 } |
|
2666 else |
|
2667 { |
|
2668 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2669 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2670 } |
|
2671 } |
|
2672 else |
|
2673 { |
|
2674 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2675 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
|
2676 } |
|
2677 } |
|
2678 else |
|
2679 { |
|
2680 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2681 return EAP_STATUS_RETURN(m_am_tools, eap_status_unexpected_message); |
|
2682 } |
|
2683 } |
|
2684 |
|
2685 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2686 return EAP_STATUS_RETURN(m_am_tools, status); |
|
2687 } |
|
2688 |
|
2689 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2690 |
|
2691 //-------------------------------------------------- |
|
2692 |
|
2693 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2694 |
|
2695 eap_ttls_tunneled_message_state_e tls_application_eap_core_c::get_ttls_tunneled_message_state() |
|
2696 { |
|
2697 return m_ttls_tunneled_message_state; |
|
2698 } |
|
2699 |
|
2700 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2701 |
|
2702 //-------------------------------------------------- |
|
2703 |
|
2704 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2705 |
|
2706 void tls_application_eap_core_c::set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_e ttls_state) |
|
2707 { |
|
2708 EAP_TRACE_DEBUG( |
|
2709 m_am_tools, |
|
2710 TRACE_FLAGS_DEFAULT, |
|
2711 (EAPL("TTLS: %s: function: tls_application_eap_core_c::set_ttls_tunneled_message_state(): ") |
|
2712 EAPL("old m_ttls_tunneled_message_state=%d=%s, new m_ttls_tunneled_message_state=%d=%s\n"), |
|
2713 (m_is_client == true ? "client": "server"), |
|
2714 m_ttls_tunneled_message_state, |
|
2715 eap_tls_trace_string_c::get_ttls_state_string(m_ttls_tunneled_message_state), |
|
2716 ttls_state, |
|
2717 eap_tls_trace_string_c::get_ttls_state_string(ttls_state))); |
|
2718 |
|
2719 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: tls_application_eap_core_c::set_ttls_tunneled_message_state()"); |
|
2720 |
|
2721 m_ttls_tunneled_message_state = ttls_state; |
|
2722 } |
|
2723 |
|
2724 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
2725 |
|
2726 //-------------------------------------------------- |
|
2727 |
|
2728 // End. |