• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * eap.c - Extensible Authentication Protocol for PPP (RFC 2284)
3  *
4  * Copyright (c) 2001 by Sun Microsystems, Inc.
5  * All rights reserved.
6  *
7  * Non-exclusive rights to redistribute, modify, translate, and use
8  * this software in source and binary forms, in whole or in part, is
9  * hereby granted, provided that the above copyright notice is
10  * duplicated in any source form, and that neither the name of the
11  * copyright holder nor the author is used to endorse or promote
12  * products derived from this software.
13  *
14  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17  *
18  * Original version by James Carlson
19  *
20  * This implementation of EAP supports MD5-Challenge and SRP-SHA1
21  * authentication styles.  Note that support of MD5-Challenge is a
22  * requirement of RFC 2284, and that it's essentially just a
23  * reimplementation of regular RFC 1994 CHAP using EAP messages.
24  *
25  * As an authenticator ("server"), there are multiple phases for each
26  * style.  In the first phase of each style, the unauthenticated peer
27  * name is queried using the EAP Identity request type.  If the
28  * "remotename" option is used, then this phase is skipped, because
29  * the peer's name is presumed to be known.
30  *
31  * For MD5-Challenge, there are two phases, and the second phase
32  * consists of sending the challenge itself and handling the
33  * associated response.
34  *
35  * For SRP-SHA1, there are four phases.  The second sends 's', 'N',
36  * and 'g'.  The reply contains 'A'.  The third sends 'B', and the
37  * reply contains 'M1'.  The forth sends the 'M2' value.
38  *
39  * As an authenticatee ("client"), there's just a single phase --
40  * responding to the queries generated by the peer.  EAP is an
41  * authenticator-driven protocol.
42  *
43  * Based on draft-ietf-pppext-eap-srp-03.txt.
44  */
45 
46 #include "netif/ppp/ppp_opts.h"
47 #if PPP_SUPPORT && EAP_SUPPORT  /* don't build if not configured for use in lwipopts.h */
48 
49 #include "netif/ppp/ppp_impl.h"
50 #include "netif/ppp/eap.h"
51 #include "netif/ppp/magic.h"
52 #include "netif/ppp/pppcrypt.h"
53 
54 #ifdef USE_SRP
55 #include <t_pwd.h>
56 #include <t_server.h>
57 #include <t_client.h>
58 #endif /* USE_SRP */
59 
60 #ifndef SHA_DIGESTSIZE
61 #define	SHA_DIGESTSIZE 20
62 #endif
63 
64 #ifdef USE_SRP
65 static char *pn_secret = NULL;		/* Pseudonym generating secret */
66 #endif
67 
68 #if PPP_OPTIONS
69 /*
70  * Command-line options.
71  */
72 static option_t eap_option_list[] = {
73     { "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
74       "Set retransmit timeout for EAP Requests (server)" },
75     { "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
76       "Set max number of EAP Requests sent (server)" },
77     { "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout,
78       "Set time limit for peer EAP authentication" },
79     { "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests,
80       "Set max number of EAP Requests allows (client)" },
81     { "eap-interval", o_int, &eap_states[0].es_rechallenge,
82       "Set interval for EAP rechallenge" },
83 #ifdef USE_SRP
84     { "srp-interval", o_int, &eap_states[0].es_lwrechallenge,
85       "Set interval for SRP lightweight rechallenge" },
86     { "srp-pn-secret", o_string, &pn_secret,
87       "Long term pseudonym generation secret" },
88     { "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo,
89       "Use pseudonym if offered one by server", 1 },
90 #endif
91     { NULL }
92 };
93 #endif /* PPP_OPTIONS */
94 
95 /*
96  * Protocol entry points.
97  */
98 static void eap_init(ppp_pcb *pcb);
99 static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen);
100 static void eap_protrej(ppp_pcb *pcb);
101 static void eap_lowerup(ppp_pcb *pcb);
102 static void eap_lowerdown(ppp_pcb *pcb);
103 #if PRINTPKT_SUPPORT
104 static int  eap_printpkt(const u_char *inp, int inlen,
105     void (*)(void *arg, const char *fmt, ...), void *arg);
106 #endif /* PRINTPKT_SUPPORT */
107 
108 const struct protent eap_protent = {
109 	PPP_EAP,		/* protocol number */
110 	eap_init,		/* initialization procedure */
111 	eap_input,		/* process a received packet */
112 	eap_protrej,		/* process a received protocol-reject */
113 	eap_lowerup,		/* lower layer has gone up */
114 	eap_lowerdown,		/* lower layer has gone down */
115 	NULL,			/* open the protocol */
116 	NULL,			/* close the protocol */
117 #if PRINTPKT_SUPPORT
118 	eap_printpkt,		/* print a packet in readable form */
119 #endif /* PRINTPKT_SUPPORT */
120 #if PPP_DATAINPUT
121 	NULL,			/* process a received data packet */
122 #endif /* PPP_DATAINPUT */
123 #if PRINTPKT_SUPPORT
124 	"EAP",			/* text name of protocol */
125 	NULL,			/* text name of corresponding data protocol */
126 #endif /* PRINTPKT_SUPPORT */
127 #if PPP_OPTIONS
128 	eap_option_list,	/* list of command-line options */
129 	NULL,			/* check requested options; assign defaults */
130 #endif /* PPP_OPTIONS */
131 #if DEMAND_SUPPORT
132 	NULL,			/* configure interface for demand-dial */
133 	NULL			/* say whether to bring up link for this pkt */
134 #endif /* DEMAND_SUPPORT */
135 };
136 
137 #ifdef USE_SRP
138 /*
139  * A well-known 2048 bit modulus.
140  */
141 static const u_char wkmodulus[] = {
142 	0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B,
143 	0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F,
144 	0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07,
145 	0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50,
146 	0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED,
147 	0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D,
148 	0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D,
149 	0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50,
150 	0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
151 	0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3,
152 	0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8,
153 	0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8,
154 	0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA,
155 	0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74,
156 	0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7,
157 	0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B,
158 	0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16,
159 	0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
160 	0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A,
161 	0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48,
162 	0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D,
163 	0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA,
164 	0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78,
165 	0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6,
166 	0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29,
167 	0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8,
168 	0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
169 	0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6,
170 	0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4,
171 	0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75,
172 	0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2,
173 	0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73
174 };
175 #endif
176 
177 #if PPP_SERVER
178 /* Local forward declarations. */
179 static void eap_server_timeout(void *arg);
180 #endif /* PPP_SERVER */
181 
182 /*
183  * Convert EAP state code to printable string for debug.
184  */
eap_state_name(enum eap_state_code esc)185 static const char * eap_state_name(enum eap_state_code esc)
186 {
187 	static const char *state_names[] = { EAP_STATES };
188 
189 	return (state_names[(int)esc]);
190 }
191 
192 /*
193  * eap_init - Initialize state for an EAP user.  This is currently
194  * called once by main() during start-up.
195  */
eap_init(ppp_pcb * pcb)196 static void eap_init(ppp_pcb *pcb) {
197 
198 	BZERO(&pcb->eap, sizeof(eap_state));
199 #if PPP_SERVER
200 	pcb->eap.es_server.ea_id = magic();
201 #endif /* PPP_SERVER */
202 }
203 
204 /*
205  * eap_client_timeout - Give up waiting for the peer to send any
206  * Request messages.
207  */
eap_client_timeout(void * arg)208 static void eap_client_timeout(void *arg) {
209 	ppp_pcb *pcb = (ppp_pcb*)arg;
210 
211 	if (!eap_client_active(pcb))
212 		return;
213 
214 	ppp_error("EAP: timeout waiting for Request from peer");
215 	auth_withpeer_fail(pcb, PPP_EAP);
216 	pcb->eap.es_client.ea_state = eapBadAuth;
217 }
218 
219 /*
220  * eap_authwithpeer - Authenticate to our peer (behave as client).
221  *
222  * Start client state and wait for requests.  This is called only
223  * after eap_lowerup.
224  */
eap_authwithpeer(ppp_pcb * pcb,const char * localname)225 void eap_authwithpeer(ppp_pcb *pcb, const char *localname) {
226 
227 	if(NULL == localname)
228 		return;
229 
230 	/* Save the peer name we're given */
231 	pcb->eap.es_client.ea_name = localname;
232 	pcb->eap.es_client.ea_namelen = strlen(localname);
233 
234 	pcb->eap.es_client.ea_state = eapListen;
235 
236 	/*
237 	 * Start a timer so that if the other end just goes
238 	 * silent, we don't sit here waiting forever.
239 	 */
240 	if (pcb->settings.eap_req_time > 0)
241 		TIMEOUT(eap_client_timeout, pcb,
242 		    pcb->settings.eap_req_time);
243 }
244 
245 #if PPP_SERVER
246 /*
247  * Format a standard EAP Failure message and send it to the peer.
248  * (Server operation)
249  */
eap_send_failure(ppp_pcb * pcb)250 static void eap_send_failure(ppp_pcb *pcb) {
251 	struct pbuf *p;
252 	u_char *outp;
253 
254 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
255 	if(NULL == p)
256 		return;
257 	if(p->tot_len != p->len) {
258 		pbuf_free(p);
259 		return;
260 	}
261 
262 	outp = (u_char*)p->payload;
263 
264 	MAKEHEADER(outp, PPP_EAP);
265 
266 	PUTCHAR(EAP_FAILURE, outp);
267 	pcb->eap.es_server.ea_id++;
268 	PUTCHAR(pcb->eap.es_server.ea_id, outp);
269 	PUTSHORT(EAP_HEADERLEN, outp);
270 
271 	ppp_write(pcb, p);
272 
273 	pcb->eap.es_server.ea_state = eapBadAuth;
274 	auth_peer_fail(pcb, PPP_EAP);
275 }
276 
277 /*
278  * Format a standard EAP Success message and send it to the peer.
279  * (Server operation)
280  */
eap_send_success(ppp_pcb * pcb)281 static void eap_send_success(ppp_pcb *pcb) {
282 	struct pbuf *p;
283 	u_char *outp;
284 
285 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + EAP_HEADERLEN), PPP_CTRL_PBUF_TYPE);
286 	if(NULL == p)
287 		return;
288 	if(p->tot_len != p->len) {
289 		pbuf_free(p);
290 		return;
291 	}
292 
293 	outp = (u_char*)p->payload;
294 
295 	MAKEHEADER(outp, PPP_EAP);
296 
297 	PUTCHAR(EAP_SUCCESS, outp);
298 	pcb->eap.es_server.ea_id++;
299 	PUTCHAR(pcb->eap.es_server.ea_id, outp);
300 	PUTSHORT(EAP_HEADERLEN, outp);
301 
302 	ppp_write(pcb, p);
303 
304 	auth_peer_success(pcb, PPP_EAP, 0,
305 	    pcb->eap.es_server.ea_peer, pcb->eap.es_server.ea_peerlen);
306 }
307 #endif /* PPP_SERVER */
308 
309 #ifdef USE_SRP
310 /*
311  * Set DES key according to pseudonym-generating secret and current
312  * date.
313  */
314 static bool
pncrypt_setkey(int timeoffs)315 pncrypt_setkey(int timeoffs)
316 {
317 	struct tm *tp;
318 	char tbuf[9];
319 	SHA1_CTX ctxt;
320 	u_char dig[SHA_DIGESTSIZE];
321 	time_t reftime;
322 
323 	if (pn_secret == NULL)
324 		return (0);
325 	reftime = time(NULL) + timeoffs;
326 	tp = localtime(&reftime);
327 	SHA1Init(&ctxt);
328 	SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
329 	strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
330 	SHA1Update(&ctxt, tbuf, strlen(tbuf));
331 	SHA1Final(dig, &ctxt);
332 	/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
333 	return (DesSetkey(dig));
334 }
335 
336 static char base64[] =
337 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
338 
339 struct b64state {
340 	u32_t bs_bits;
341 	int bs_offs;
342 };
343 
344 static int
b64enc(bs,inp,inlen,outp)345 b64enc(bs, inp, inlen, outp)
346 struct b64state *bs;
347 u_char *inp;
348 int inlen;
349 u_char *outp;
350 {
351 	int outlen = 0;
352 
353 	while (inlen > 0) {
354 		bs->bs_bits = (bs->bs_bits << 8) | *inp++;
355 		inlen--;
356 		bs->bs_offs += 8;
357 		if (bs->bs_offs >= 24) {
358 			*outp++ = base64[(bs->bs_bits >> 18) & 0x3F];
359 			*outp++ = base64[(bs->bs_bits >> 12) & 0x3F];
360 			*outp++ = base64[(bs->bs_bits >> 6) & 0x3F];
361 			*outp++ = base64[bs->bs_bits & 0x3F];
362 			outlen += 4;
363 			bs->bs_offs = 0;
364 			bs->bs_bits = 0;
365 		}
366 	}
367 	return (outlen);
368 }
369 
370 static int
b64flush(bs,outp)371 b64flush(bs, outp)
372 struct b64state *bs;
373 u_char *outp;
374 {
375 	int outlen = 0;
376 
377 	if (bs->bs_offs == 8) {
378 		*outp++ = base64[(bs->bs_bits >> 2) & 0x3F];
379 		*outp++ = base64[(bs->bs_bits << 4) & 0x3F];
380 		outlen = 2;
381 	} else if (bs->bs_offs == 16) {
382 		*outp++ = base64[(bs->bs_bits >> 10) & 0x3F];
383 		*outp++ = base64[(bs->bs_bits >> 4) & 0x3F];
384 		*outp++ = base64[(bs->bs_bits << 2) & 0x3F];
385 		outlen = 3;
386 	}
387 	bs->bs_offs = 0;
388 	bs->bs_bits = 0;
389 	return (outlen);
390 }
391 
392 static int
b64dec(bs,inp,inlen,outp)393 b64dec(bs, inp, inlen, outp)
394 struct b64state *bs;
395 u_char *inp;
396 int inlen;
397 u_char *outp;
398 {
399 	int outlen = 0;
400 	char *cp;
401 
402 	while (inlen > 0) {
403 		if ((cp = strchr(base64, *inp++)) == NULL)
404 			break;
405 		bs->bs_bits = (bs->bs_bits << 6) | (cp - base64);
406 		inlen--;
407 		bs->bs_offs += 6;
408 		if (bs->bs_offs >= 8) {
409 			*outp++ = bs->bs_bits >> (bs->bs_offs - 8);
410 			outlen++;
411 			bs->bs_offs -= 8;
412 		}
413 	}
414 	return (outlen);
415 }
416 #endif /* USE_SRP */
417 
418 #if PPP_SERVER
419 /*
420  * Assume that current waiting server state is complete and figure
421  * next state to use based on available authentication data.  'status'
422  * indicates if there was an error in handling the last query.  It is
423  * 0 for success and non-zero for failure.
424  */
eap_figure_next_state(ppp_pcb * pcb,int status)425 static void eap_figure_next_state(ppp_pcb *pcb, int status) {
426 #ifdef USE_SRP
427 	unsigned char secbuf[MAXSECRETLEN], clear[8], *sp, *dp;
428 	struct t_pw tpw;
429 	struct t_confent *tce, mytce;
430 	char *cp, *cp2;
431 	struct t_server *ts;
432 	int id, i, plen, toffs;
433 	u_char vals[2];
434 	struct b64state bs;
435 #endif /* USE_SRP */
436 
437 	pcb->settings.eap_timeout_time = pcb->eap.es_savedtime;
438 	switch (pcb->eap.es_server.ea_state) {
439 	case eapBadAuth:
440 		return;
441 
442 	case eapIdentify:
443 #ifdef USE_SRP
444 		/* Discard any previous session. */
445 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
446 		if (ts != NULL) {
447 			t_serverclose(ts);
448 			pcb->eap.es_server.ea_session = NULL;
449 			pcb->eap.es_server.ea_skey = NULL;
450 		}
451 #endif /* USE_SRP */
452 		if (status != 0) {
453 			pcb->eap.es_server.ea_state = eapBadAuth;
454 			break;
455 		}
456 #ifdef USE_SRP
457 		/* If we've got a pseudonym, try to decode to real name. */
458 		if (pcb->eap.es_server.ea_peerlen > SRP_PSEUDO_LEN &&
459 		    strncmp(pcb->eap.es_server.ea_peer, SRP_PSEUDO_ID,
460 			SRP_PSEUDO_LEN) == 0 &&
461 		    (pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 <
462 		    sizeof (secbuf)) {
463 			BZERO(&bs, sizeof (bs));
464 			plen = b64dec(&bs,
465 			    pcb->eap.es_server.ea_peer + SRP_PSEUDO_LEN,
466 			    pcb->eap.es_server.ea_peerlen - SRP_PSEUDO_LEN,
467 			    secbuf);
468 			toffs = 0;
469 			for (i = 0; i < 5; i++) {
470 				pncrypt_setkey(toffs);
471 				toffs -= 86400;
472 				/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
473 				if (!DesDecrypt(secbuf, clear)) {
474 					ppp_dbglog("no DES here; cannot decode "
475 					    "pseudonym");
476 					return;
477 				}
478 				id = *(unsigned char *)clear;
479 				if (id + 1 <= plen && id + 9 > plen)
480 					break;
481 			}
482 			if (plen % 8 == 0 && i < 5) {
483 				/*
484 				 * Note that this is always shorter than the
485 				 * original stored string, so there's no need
486 				 * to realloc.
487 				 */
488 				if ((i = plen = *(unsigned char *)clear) > 7)
489 					i = 7;
490 				pcb->eap.es_server.ea_peerlen = plen;
491 				dp = (unsigned char *)pcb->eap.es_server.ea_peer;
492 				MEMCPY(dp, clear + 1, i);
493 				plen -= i;
494 				dp += i;
495 				sp = secbuf + 8;
496 				while (plen > 0) {
497 					/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
498 					(void) DesDecrypt(sp, dp);
499 					sp += 8;
500 					dp += 8;
501 					plen -= 8;
502 				}
503 				pcb->eap.es_server.ea_peer[
504 					pcb->eap.es_server.ea_peerlen] = '\0';
505 				ppp_dbglog("decoded pseudonym to \"%.*q\"",
506 				    pcb->eap.es_server.ea_peerlen,
507 				    pcb->eap.es_server.ea_peer);
508 			} else {
509 				ppp_dbglog("failed to decode real name");
510 				/* Stay in eapIdentfy state; requery */
511 				break;
512 			}
513 		}
514 		/* Look up user in secrets database. */
515 		if (get_srp_secret(pcb->eap.es_unit, pcb->eap.es_server.ea_peer,
516 		    pcb->eap.es_server.ea_name, (char *)secbuf, 1) != 0) {
517 			/* Set up default in case SRP entry is bad */
518 			pcb->eap.es_server.ea_state = eapMD5Chall;
519 			/* Get t_confent based on index in srp-secrets */
520 			id = strtol((char *)secbuf, &cp, 10);
521 			if (*cp++ != ':' || id < 0)
522 				break;
523 			if (id == 0) {
524 				mytce.index = 0;
525 				mytce.modulus.data = (u_char *)wkmodulus;
526 				mytce.modulus.len = sizeof (wkmodulus);
527 				mytce.generator.data = (u_char *)"\002";
528 				mytce.generator.len = 1;
529 				tce = &mytce;
530 			} else if ((tce = gettcid(id)) != NULL) {
531 				/*
532 				 * Client will have to verify this modulus/
533 				 * generator combination, and that will take
534 				 * a while.  Lengthen the timeout here.
535 				 */
536 				if (pcb->settings.eap_timeout_time > 0 &&
537 				    pcb->settings.eap_timeout_time < 30)
538 					pcb->settings.eap_timeout_time = 30;
539 			} else {
540 				break;
541 			}
542 			if ((cp2 = strchr(cp, ':')) == NULL)
543 				break;
544 			*cp2++ = '\0';
545 			tpw.pebuf.name = pcb->eap.es_server.ea_peer;
546 			tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf,
547 			    cp);
548 			tpw.pebuf.password.data = tpw.pwbuf;
549 			tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf,
550 			    cp2);
551 			tpw.pebuf.salt.data = tpw.saltbuf;
552 			if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL)
553 				break;
554 			pcb->eap.es_server.ea_session = (void *)ts;
555 			pcb->eap.es_server.ea_state = eapSRP1;
556 			vals[0] = pcb->eap.es_server.ea_id + 1;
557 			vals[1] = EAPT_SRP;
558 			t_serveraddexdata(ts, vals, 2);
559 			/* Generate B; must call before t_servergetkey() */
560 			t_servergenexp(ts);
561 			break;
562 		}
563 #endif /* USE_SRP */
564 		pcb->eap.es_server.ea_state = eapMD5Chall;
565 		break;
566 
567 	case eapSRP1:
568 #ifdef USE_SRP
569 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
570 		if (ts != NULL && status != 0) {
571 			t_serverclose(ts);
572 			pcb->eap.es_server.ea_session = NULL;
573 			pcb->eap.es_server.ea_skey = NULL;
574 		}
575 #endif /* USE_SRP */
576 		if (status == 1) {
577 			pcb->eap.es_server.ea_state = eapMD5Chall;
578 		} else if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
579 			pcb->eap.es_server.ea_state = eapBadAuth;
580 		} else {
581 			pcb->eap.es_server.ea_state = eapSRP2;
582 		}
583 		break;
584 
585 	case eapSRP2:
586 #ifdef USE_SRP
587 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
588 		if (ts != NULL && status != 0) {
589 			t_serverclose(ts);
590 			pcb->eap.es_server.ea_session = NULL;
591 			pcb->eap.es_server.ea_skey = NULL;
592 		}
593 #endif /* USE_SRP */
594 		if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
595 			pcb->eap.es_server.ea_state = eapBadAuth;
596 		} else {
597 			pcb->eap.es_server.ea_state = eapSRP3;
598 		}
599 		break;
600 
601 	case eapSRP3:
602 	case eapSRP4:
603 #ifdef USE_SRP
604 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
605 		if (ts != NULL && status != 0) {
606 			t_serverclose(ts);
607 			pcb->eap.es_server.ea_session = NULL;
608 			pcb->eap.es_server.ea_skey = NULL;
609 		}
610 #endif /* USE_SRP */
611 		if (status != 0 || pcb->eap.es_server.ea_session == NULL) {
612 			pcb->eap.es_server.ea_state = eapBadAuth;
613 		} else {
614 			pcb->eap.es_server.ea_state = eapOpen;
615 		}
616 		break;
617 
618 	case eapMD5Chall:
619 		if (status != 0) {
620 			pcb->eap.es_server.ea_state = eapBadAuth;
621 		} else {
622 			pcb->eap.es_server.ea_state = eapOpen;
623 		}
624 		break;
625 
626 	default:
627 		pcb->eap.es_server.ea_state = eapBadAuth;
628 		break;
629 	}
630 	if (pcb->eap.es_server.ea_state == eapBadAuth)
631 		eap_send_failure(pcb);
632 }
633 
634 /*
635  * Format an EAP Request message and send it to the peer.  Message
636  * type depends on current state.  (Server operation)
637  */
eap_send_request(ppp_pcb * pcb)638 static void eap_send_request(ppp_pcb *pcb) {
639 	struct pbuf *p;
640 	u_char *outp;
641 	u_char *lenloc;
642 	int outlen;
643 	int len;
644 	const char *str;
645 #ifdef USE_SRP
646 	struct t_server *ts;
647 	u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp;
648 	int i, j;
649 	struct b64state b64;
650 	SHA1_CTX ctxt;
651 #endif /* USE_SRP */
652 
653 	/* Handle both initial auth and restart */
654 	if (pcb->eap.es_server.ea_state < eapIdentify &&
655 	    pcb->eap.es_server.ea_state != eapInitial) {
656 		pcb->eap.es_server.ea_state = eapIdentify;
657 #if PPP_REMOTENAME
658 		if (pcb->settings.explicit_remote && pcb->remote_name) {
659 			/*
660 			 * If we already know the peer's
661 			 * unauthenticated name, then there's no
662 			 * reason to ask.  Go to next state instead.
663 			 */
664 			int len = (int)strlen(pcb->remote_name);
665 			if (len > MAXNAMELEN) {
666 				len = MAXNAMELEN;
667 			}
668 			MEMCPY(pcb->eap.es_server.ea_peer, pcb->remote_name, len);
669 			pcb->eap.es_server.ea_peer[len] = '\0';
670 			pcb->eap.es_server.ea_peerlen = len;
671 			eap_figure_next_state(pcb, 0);
672 		}
673 #endif /* PPP_REMOTENAME */
674 	}
675 
676 	if (pcb->settings.eap_max_transmits > 0 &&
677 	    pcb->eap.es_server.ea_requests >= pcb->settings.eap_max_transmits) {
678 		if (pcb->eap.es_server.ea_responses > 0)
679 			ppp_error("EAP: too many Requests sent");
680 		else
681 			ppp_error("EAP: no response to Requests");
682 		eap_send_failure(pcb);
683 		return;
684 	}
685 
686 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_CTRL_PBUF_MAX_SIZE), PPP_CTRL_PBUF_TYPE);
687 	if(NULL == p)
688 		return;
689 	if(p->tot_len != p->len) {
690 		pbuf_free(p);
691 		return;
692 	}
693 
694 	outp = (u_char*)p->payload;
695 
696 	MAKEHEADER(outp, PPP_EAP);
697 
698 	PUTCHAR(EAP_REQUEST, outp);
699 	PUTCHAR(pcb->eap.es_server.ea_id, outp);
700 	lenloc = outp;
701 	INCPTR(2, outp);
702 
703 	switch (pcb->eap.es_server.ea_state) {
704 	case eapIdentify:
705 		PUTCHAR(EAPT_IDENTITY, outp);
706 		str = "Name";
707 		len = strlen(str);
708 		MEMCPY(outp, str, len);
709 		INCPTR(len, outp);
710 		break;
711 
712 	case eapMD5Chall:
713 		PUTCHAR(EAPT_MD5CHAP, outp);
714 		/*
715 		 * pick a random challenge length between
716 		 * EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH
717 		 */
718 		pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
719 		    magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
720 		PUTCHAR(pcb->eap.es_challen, outp);
721 		magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
722 		MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
723 		INCPTR(pcb->eap.es_challen, outp);
724 		MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
725 		INCPTR(pcb->eap.es_server.ea_namelen, outp);
726 		break;
727 
728 #ifdef USE_SRP
729 	case eapSRP1:
730 		PUTCHAR(EAPT_SRP, outp);
731 		PUTCHAR(EAPSRP_CHALLENGE, outp);
732 
733 		PUTCHAR(pcb->eap.es_server.ea_namelen, outp);
734 		MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
735 		INCPTR(pcb->eap.es_server.ea_namelen, outp);
736 
737 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
738 		assert(ts != NULL);
739 		PUTCHAR(ts->s.len, outp);
740 		MEMCPY(outp, ts->s.data, ts->s.len);
741 		INCPTR(ts->s.len, outp);
742 
743 		if (ts->g.len == 1 && ts->g.data[0] == 2) {
744 			PUTCHAR(0, outp);
745 		} else {
746 			PUTCHAR(ts->g.len, outp);
747 			MEMCPY(outp, ts->g.data, ts->g.len);
748 			INCPTR(ts->g.len, outp);
749 		}
750 
751 		if (ts->n.len != sizeof (wkmodulus) ||
752 		    BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) {
753 			MEMCPY(outp, ts->n.data, ts->n.len);
754 			INCPTR(ts->n.len, outp);
755 		}
756 		break;
757 
758 	case eapSRP2:
759 		PUTCHAR(EAPT_SRP, outp);
760 		PUTCHAR(EAPSRP_SKEY, outp);
761 
762 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
763 		assert(ts != NULL);
764 		MEMCPY(outp, ts->B.data, ts->B.len);
765 		INCPTR(ts->B.len, outp);
766 		break;
767 
768 	case eapSRP3:
769 		PUTCHAR(EAPT_SRP, outp);
770 		PUTCHAR(EAPSRP_SVALIDATOR, outp);
771 		PUTLONG(SRPVAL_EBIT, outp);
772 		ts = (struct t_server *)pcb->eap.es_server.ea_session;
773 		assert(ts != NULL);
774 		MEMCPY(outp, t_serverresponse(ts), SHA_DIGESTSIZE);
775 		INCPTR(SHA_DIGESTSIZE, outp);
776 
777 		if (pncrypt_setkey(0)) {
778 			/* Generate pseudonym */
779 			optr = outp;
780 			cp = (unsigned char *)pcb->eap.es_server.ea_peer;
781 			if ((j = i = pcb->eap.es_server.ea_peerlen) > 7)
782 				j = 7;
783 			clear[0] = i;
784 			MEMCPY(clear + 1, cp, j);
785 			i -= j;
786 			cp += j;
787 			/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
788 			if (!DesEncrypt(clear, cipher)) {
789 				ppp_dbglog("no DES here; not generating pseudonym");
790 				break;
791 			}
792 			BZERO(&b64, sizeof (b64));
793 			outp++;		/* space for pseudonym length */
794 			outp += b64enc(&b64, cipher, 8, outp);
795 			while (i >= 8) {
796 				/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
797 				(void) DesEncrypt(cp, cipher);
798 				outp += b64enc(&b64, cipher, 8, outp);
799 				cp += 8;
800 				i -= 8;
801 			}
802 			if (i > 0) {
803 				MEMCPY(clear, cp, i);
804 				cp += i;
805 				magic_random_bytes(cp, 8-i);
806 				/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
807 				(void) DesEncrypt(clear, cipher);
808 				outp += b64enc(&b64, cipher, 8, outp);
809 			}
810 			outp += b64flush(&b64, outp);
811 
812 			/* Set length and pad out to next 20 octet boundary */
813 			i = outp - optr - 1;
814 			*optr = i;
815 			i %= SHA_DIGESTSIZE;
816 			if (i != 0) {
817 				magic_random_bytes(outp, SHA_DIGESTSIZE-i);
818 				INCPTR(SHA_DIGESTSIZE-i, outp);
819 			}
820 
821 			/* Obscure the pseudonym with SHA1 hash */
822 			SHA1Init(&ctxt);
823 			SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
824 			SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
825 			    SESSION_KEY_LEN);
826 			SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
827 			    pcb->eap.es_server.ea_peerlen);
828 			while (optr < outp) {
829 				SHA1Final(dig, &ctxt);
830 				cp = dig;
831 				while (cp < dig + SHA_DIGESTSIZE)
832 					*optr++ ^= *cp++;
833 				SHA1Init(&ctxt);
834 				SHA1Update(&ctxt, &pcb->eap.es_server.ea_id, 1);
835 				SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
836 				    SESSION_KEY_LEN);
837 				SHA1Update(&ctxt, optr - SHA_DIGESTSIZE,
838 				    SHA_DIGESTSIZE);
839 			}
840 		}
841 		break;
842 
843 	case eapSRP4:
844 		PUTCHAR(EAPT_SRP, outp);
845 		PUTCHAR(EAPSRP_LWRECHALLENGE, outp);
846 		pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
847 		    magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
848 		magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
849 		MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
850 		INCPTR(pcb->eap.es_challen, outp);
851 		break;
852 #endif /* USE_SRP */
853 
854 	default:
855 		return;
856 	}
857 
858 	outlen = (outp - (unsigned char*)p->payload) - PPP_HDRLEN;
859 	PUTSHORT(outlen, lenloc);
860 
861 	pbuf_realloc(p, outlen + PPP_HDRLEN);
862 	ppp_write(pcb, p);
863 
864 	pcb->eap.es_server.ea_requests++;
865 
866 	if (pcb->settings.eap_timeout_time > 0)
867 		TIMEOUT(eap_server_timeout, pcb, pcb->settings.eap_timeout_time);
868 }
869 
870 /*
871  * eap_authpeer - Authenticate our peer (behave as server).
872  *
873  * Start server state and send first request.  This is called only
874  * after eap_lowerup.
875  */
eap_authpeer(ppp_pcb * pcb,const char * localname)876 void eap_authpeer(ppp_pcb *pcb, const char *localname) {
877 
878 	/* Save the name we're given. */
879 	pcb->eap.es_server.ea_name = localname;
880 	pcb->eap.es_server.ea_namelen = strlen(localname);
881 
882 	pcb->eap.es_savedtime = pcb->settings.eap_timeout_time;
883 
884 	/* Lower layer up yet? */
885 	if (pcb->eap.es_server.ea_state == eapInitial ||
886 	    pcb->eap.es_server.ea_state == eapPending) {
887 		pcb->eap.es_server.ea_state = eapPending;
888 		return;
889 	}
890 
891 	pcb->eap.es_server.ea_state = eapPending;
892 
893 	/* ID number not updated here intentionally; hashed into M1 */
894 	eap_send_request(pcb);
895 }
896 
897 /*
898  * eap_server_timeout - Retransmission timer for sending Requests
899  * expired.
900  */
eap_server_timeout(void * arg)901 static void eap_server_timeout(void *arg) {
902 	ppp_pcb *pcb = (ppp_pcb*)arg;
903 
904 	if (!eap_server_active(pcb))
905 		return;
906 
907 	/* EAP ID number must not change on timeout. */
908 	eap_send_request(pcb);
909 }
910 
911 /*
912  * When it's time to send rechallenge the peer, this timeout is
913  * called.  Once the rechallenge is successful, the response handler
914  * will restart the timer.  If it fails, then the link is dropped.
915  */
eap_rechallenge(void * arg)916 static void eap_rechallenge(void *arg) {
917 	ppp_pcb *pcb = (ppp_pcb*)arg;
918 
919 	if (pcb->eap.es_server.ea_state != eapOpen &&
920 	    pcb->eap.es_server.ea_state != eapSRP4)
921 		return;
922 
923 	pcb->eap.es_server.ea_requests = 0;
924 	pcb->eap.es_server.ea_state = eapIdentify;
925 	eap_figure_next_state(pcb, 0);
926 	pcb->eap.es_server.ea_id++;
927 	eap_send_request(pcb);
928 }
929 
srp_lwrechallenge(void * arg)930 static void srp_lwrechallenge(void *arg) {
931 	ppp_pcb *pcb = (ppp_pcb*)arg;
932 
933 	if (pcb->eap.es_server.ea_state != eapOpen ||
934 	    pcb->eap.es_server.ea_type != EAPT_SRP)
935 		return;
936 
937 	pcb->eap.es_server.ea_requests = 0;
938 	pcb->eap.es_server.ea_state = eapSRP4;
939 	pcb->eap.es_server.ea_id++;
940 	eap_send_request(pcb);
941 }
942 #endif /* PPP_SERVER */
943 
944 /*
945  * eap_lowerup - The lower layer is now up.
946  *
947  * This is called before either eap_authpeer or eap_authwithpeer.  See
948  * link_established() in auth.c.  All that's necessary here is to
949  * return to closed state so that those two routines will do the right
950  * thing.
951  */
eap_lowerup(ppp_pcb * pcb)952 static void eap_lowerup(ppp_pcb *pcb) {
953 	pcb->eap.es_client.ea_state = eapClosed;
954 #if PPP_SERVER
955 	pcb->eap.es_server.ea_state = eapClosed;
956 #endif /* PPP_SERVER */
957 }
958 
959 /*
960  * eap_lowerdown - The lower layer is now down.
961  *
962  * Cancel all timeouts and return to initial state.
963  */
eap_lowerdown(ppp_pcb * pcb)964 static void eap_lowerdown(ppp_pcb *pcb) {
965 
966 	if (eap_client_active(pcb) && pcb->settings.eap_req_time > 0) {
967 		UNTIMEOUT(eap_client_timeout, pcb);
968 	}
969 #if PPP_SERVER
970 	if (eap_server_active(pcb)) {
971 		if (pcb->settings.eap_timeout_time > 0) {
972 			UNTIMEOUT(eap_server_timeout, pcb);
973 		}
974 	} else {
975 		if ((pcb->eap.es_server.ea_state == eapOpen ||
976 		    pcb->eap.es_server.ea_state == eapSRP4) &&
977 		    pcb->eap.es_rechallenge > 0) {
978 			UNTIMEOUT(eap_rechallenge, (void *)pcb);
979 		}
980 		if (pcb->eap.es_server.ea_state == eapOpen &&
981 		    pcb->eap.es_lwrechallenge > 0) {
982 			UNTIMEOUT(srp_lwrechallenge, (void *)pcb);
983 		}
984 	}
985 
986 	pcb->eap.es_client.ea_state = pcb->eap.es_server.ea_state = eapInitial;
987 	pcb->eap.es_client.ea_requests = pcb->eap.es_server.ea_requests = 0;
988 #endif /* PPP_SERVER */
989 }
990 
991 /*
992  * eap_protrej - Peer doesn't speak this protocol.
993  *
994  * This shouldn't happen.  If it does, it represents authentication
995  * failure.
996  */
eap_protrej(ppp_pcb * pcb)997 static void eap_protrej(ppp_pcb *pcb) {
998 
999 	if (eap_client_active(pcb)) {
1000 		ppp_error("EAP authentication failed due to Protocol-Reject");
1001 		auth_withpeer_fail(pcb, PPP_EAP);
1002 	}
1003 #if PPP_SERVER
1004 	if (eap_server_active(pcb)) {
1005 		ppp_error("EAP authentication of peer failed on Protocol-Reject");
1006 		auth_peer_fail(pcb, PPP_EAP);
1007 	}
1008 #endif /* PPP_SERVER */
1009 	eap_lowerdown(pcb);
1010 }
1011 
1012 /*
1013  * Format and send a regular EAP Response message.
1014  */
eap_send_response(ppp_pcb * pcb,u_char id,u_char typenum,const u_char * str,int lenstr)1015 static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, const u_char *str, int lenstr) {
1016 	struct pbuf *p;
1017 	u_char *outp;
1018 	int msglen;
1019 
1020 	msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr;
1021 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
1022 	if(NULL == p)
1023 		return;
1024 	if(p->tot_len != p->len) {
1025 		pbuf_free(p);
1026 		return;
1027 	}
1028 
1029 	outp = (u_char*)p->payload;
1030 
1031 	MAKEHEADER(outp, PPP_EAP);
1032 
1033 	PUTCHAR(EAP_RESPONSE, outp);
1034 	PUTCHAR(id, outp);
1035 	pcb->eap.es_client.ea_id = id;
1036 	PUTSHORT(msglen, outp);
1037 	PUTCHAR(typenum, outp);
1038 	if (lenstr > 0) {
1039 		MEMCPY(outp, str, lenstr);
1040 	}
1041 
1042 	ppp_write(pcb, p);
1043 }
1044 
1045 /*
1046  * Format and send an MD5-Challenge EAP Response message.
1047  */
eap_chap_response(ppp_pcb * pcb,u_char id,u_char * hash,const char * name,int namelen)1048 static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, const char *name, int namelen) {
1049 	struct pbuf *p;
1050 	u_char *outp;
1051 	int msglen;
1052 
1053 	msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
1054 	    namelen;
1055 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
1056 	if(NULL == p)
1057 		return;
1058 	if(p->tot_len != p->len) {
1059 		pbuf_free(p);
1060 		return;
1061 	}
1062 
1063 	outp = (u_char*)p->payload;
1064 
1065 	MAKEHEADER(outp, PPP_EAP);
1066 
1067 	PUTCHAR(EAP_RESPONSE, outp);
1068 	PUTCHAR(id, outp);
1069 	pcb->eap.es_client.ea_id = id;
1070 	PUTSHORT(msglen, outp);
1071 	PUTCHAR(EAPT_MD5CHAP, outp);
1072 	PUTCHAR(MD5_SIGNATURE_SIZE, outp);
1073 	MEMCPY(outp, hash, MD5_SIGNATURE_SIZE);
1074 	INCPTR(MD5_SIGNATURE_SIZE, outp);
1075 	if (namelen > 0) {
1076 		MEMCPY(outp, name, namelen);
1077 	}
1078 
1079 	ppp_write(pcb, p);
1080 }
1081 
1082 #ifdef USE_SRP
1083 /*
1084  * Format and send a SRP EAP Response message.
1085  */
1086 static void
eap_srp_response(esp,id,subtypenum,str,lenstr)1087 eap_srp_response(esp, id, subtypenum, str, lenstr)
1088 eap_state *esp;
1089 u_char id;
1090 u_char subtypenum;
1091 u_char *str;
1092 int lenstr;
1093 {
1094 	ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
1095 	struct pbuf *p;
1096 	u_char *outp;
1097 	int msglen;
1098 
1099 	msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr;
1100 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
1101 	if(NULL == p)
1102 		return;
1103 	if(p->tot_len != p->len) {
1104 		pbuf_free(p);
1105 		return;
1106 	}
1107 
1108 	outp = p->payload;
1109 
1110 	MAKEHEADER(outp, PPP_EAP);
1111 
1112 	PUTCHAR(EAP_RESPONSE, outp);
1113 	PUTCHAR(id, outp);
1114 	pcb->eap.es_client.ea_id = id;
1115 	PUTSHORT(msglen, outp);
1116 	PUTCHAR(EAPT_SRP, outp);
1117 	PUTCHAR(subtypenum, outp);
1118 	if (lenstr > 0) {
1119 		MEMCPY(outp, str, lenstr);
1120 	}
1121 
1122 	ppp_write(pcb, p);
1123 }
1124 
1125 /*
1126  * Format and send a SRP EAP Client Validator Response message.
1127  */
1128 static void
eap_srpval_response(esp,id,flags,str)1129 eap_srpval_response(esp, id, flags, str)
1130 eap_state *esp;
1131 u_char id;
1132 u32_t flags;
1133 u_char *str;
1134 {
1135 	ppp_pcb *pcb = &ppp_pcb_list[pcb->eap.es_unit];
1136 	struct pbuf *p;
1137 	u_char *outp;
1138 	int msglen;
1139 
1140 	msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u32_t) +
1141 	    SHA_DIGESTSIZE;
1142 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
1143 	if(NULL == p)
1144 		return;
1145 	if(p->tot_len != p->len) {
1146 		pbuf_free(p);
1147 		return;
1148 	}
1149 
1150 	outp = p->payload;
1151 
1152 	MAKEHEADER(outp, PPP_EAP);
1153 
1154 	PUTCHAR(EAP_RESPONSE, outp);
1155 	PUTCHAR(id, outp);
1156 	pcb->eap.es_client.ea_id = id;
1157 	PUTSHORT(msglen, outp);
1158 	PUTCHAR(EAPT_SRP, outp);
1159 	PUTCHAR(EAPSRP_CVALIDATOR, outp);
1160 	PUTLONG(flags, outp);
1161 	MEMCPY(outp, str, SHA_DIGESTSIZE);
1162 
1163 	ppp_write(pcb, p);
1164 }
1165 #endif /* USE_SRP */
1166 
eap_send_nak(ppp_pcb * pcb,u_char id,u_char type)1167 static void eap_send_nak(ppp_pcb *pcb, u_char id, u_char type) {
1168 	struct pbuf *p;
1169 	u_char *outp;
1170 	int msglen;
1171 
1172 	msglen = EAP_HEADERLEN + 2 * sizeof (u_char);
1173 	p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + msglen), PPP_CTRL_PBUF_TYPE);
1174 	if(NULL == p)
1175 		return;
1176 	if(p->tot_len != p->len) {
1177 		pbuf_free(p);
1178 		return;
1179 	}
1180 
1181 	outp = (u_char*)p->payload;
1182 
1183 	MAKEHEADER(outp, PPP_EAP);
1184 
1185 	PUTCHAR(EAP_RESPONSE, outp);
1186 	PUTCHAR(id, outp);
1187 	pcb->eap.es_client.ea_id = id;
1188 	PUTSHORT(msglen, outp);
1189 	PUTCHAR(EAPT_NAK, outp);
1190 	PUTCHAR(type, outp);
1191 
1192 	ppp_write(pcb, p);
1193 }
1194 
1195 #ifdef USE_SRP
1196 static char *
name_of_pn_file()1197 name_of_pn_file()
1198 {
1199 	char *user, *path, *file;
1200 	struct passwd *pw;
1201 	size_t pl;
1202 	static bool pnlogged = 0;
1203 
1204 	pw = getpwuid(getuid());
1205 	if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) {
1206 		errno = EINVAL;
1207 		return (NULL);
1208 	}
1209 	file = _PATH_PSEUDONYM;
1210 	pl = strlen(user) + strlen(file) + 2;
1211 	path = malloc(pl);
1212 	if (path == NULL)
1213 		return (NULL);
1214 	(void) slprintf(path, pl, "%s/%s", user, file);
1215 	if (!pnlogged) {
1216 		ppp_dbglog("pseudonym file: %s", path);
1217 		pnlogged = 1;
1218 	}
1219 	return (path);
1220 }
1221 
1222 static int
open_pn_file(modebits)1223 open_pn_file(modebits)
1224 mode_t modebits;
1225 {
1226 	char *path;
1227 	int fd, err;
1228 
1229 	if ((path = name_of_pn_file()) == NULL)
1230 		return (-1);
1231 	fd = open(path, modebits, S_IRUSR | S_IWUSR);
1232 	err = errno;
1233 	free(path);
1234 	errno = err;
1235 	return (fd);
1236 }
1237 
1238 static void
remove_pn_file()1239 remove_pn_file()
1240 {
1241 	char *path;
1242 
1243 	if ((path = name_of_pn_file()) != NULL) {
1244 		(void) unlink(path);
1245 		(void) free(path);
1246 	}
1247 }
1248 
1249 static void
write_pseudonym(esp,inp,len,id)1250 write_pseudonym(esp, inp, len, id)
1251 eap_state *esp;
1252 u_char *inp;
1253 int len, id;
1254 {
1255 	u_char val;
1256 	u_char *datp, *digp;
1257 	SHA1_CTX ctxt;
1258 	u_char dig[SHA_DIGESTSIZE];
1259 	int dsize, fd, olen = len;
1260 
1261 	/*
1262 	 * Do the decoding by working backwards.  This eliminates the need
1263 	 * to save the decoded output in a separate buffer.
1264 	 */
1265 	val = id;
1266 	while (len > 0) {
1267 		if ((dsize = len % SHA_DIGESTSIZE) == 0)
1268 			dsize = SHA_DIGESTSIZE;
1269 		len -= dsize;
1270 		datp = inp + len;
1271 		SHA1Init(&ctxt);
1272 		SHA1Update(&ctxt, &val, 1);
1273 		SHA1Update(&ctxt, pcb->eap.es_client.ea_skey, SESSION_KEY_LEN);
1274 		if (len > 0) {
1275 			SHA1Update(&ctxt, datp, SHA_DIGESTSIZE);
1276 		} else {
1277 			SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
1278 			    pcb->eap.es_client.ea_namelen);
1279 		}
1280 		SHA1Final(dig, &ctxt);
1281 		for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++)
1282 			*datp++ ^= *digp;
1283 	}
1284 
1285 	/* Now check that the result is sane */
1286 	if (olen <= 0 || *inp + 1 > olen) {
1287 		ppp_dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp);
1288 		return;
1289 	}
1290 
1291 	/* Save it away */
1292 	fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC);
1293 	if (fd < 0) {
1294 		ppp_dbglog("EAP: error saving pseudonym: %m");
1295 		return;
1296 	}
1297 	len = write(fd, inp + 1, *inp);
1298 	if (close(fd) != -1 && len == *inp) {
1299 		ppp_dbglog("EAP: saved pseudonym");
1300 		pcb->eap.es_usedpseudo = 0;
1301 	} else {
1302 		ppp_dbglog("EAP: failed to save pseudonym");
1303 		remove_pn_file();
1304 	}
1305 }
1306 #endif /* USE_SRP */
1307 
1308 /*
1309  * eap_request - Receive EAP Request message (client mode).
1310  */
eap_request(ppp_pcb * pcb,u_char * inp,int id,int len)1311 static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) {
1312 	u_char typenum;
1313 	u_char vallen;
1314 	int secret_len;
1315 	char secret[MAXSECRETLEN];
1316 	char rhostname[MAXNAMELEN];
1317 	lwip_md5_context mdContext;
1318 	u_char hash[MD5_SIGNATURE_SIZE];
1319 #ifdef USE_SRP
1320 	struct t_client *tc;
1321 	struct t_num sval, gval, Nval, *Ap, Bval;
1322 	u_char vals[2];
1323 	SHA1_CTX ctxt;
1324 	u_char dig[SHA_DIGESTSIZE];
1325 	int fd;
1326 #endif /* USE_SRP */
1327 
1328 	/*
1329 	 * Note: we update es_client.ea_id *only if* a Response
1330 	 * message is being generated.  Otherwise, we leave it the
1331 	 * same for duplicate detection purposes.
1332 	 */
1333 
1334 	pcb->eap.es_client.ea_requests++;
1335 	if (pcb->settings.eap_allow_req != 0 &&
1336 	    pcb->eap.es_client.ea_requests > pcb->settings.eap_allow_req) {
1337 		ppp_info("EAP: received too many Request messages");
1338 		if (pcb->settings.eap_req_time > 0) {
1339 			UNTIMEOUT(eap_client_timeout, pcb);
1340 		}
1341 		auth_withpeer_fail(pcb, PPP_EAP);
1342 		return;
1343 	}
1344 
1345 	if (len <= 0) {
1346 		ppp_error("EAP: empty Request message discarded");
1347 		return;
1348 	}
1349 
1350 	GETCHAR(typenum, inp);
1351 	len--;
1352 
1353 	switch (typenum) {
1354 	case EAPT_IDENTITY:
1355 		if (len > 0)
1356 			ppp_info("EAP: Identity prompt \"%.*q\"", len, inp);
1357 #ifdef USE_SRP
1358 		if (pcb->eap.es_usepseudo &&
1359 		    (pcb->eap.es_usedpseudo == 0 ||
1360 			(pcb->eap.es_usedpseudo == 1 &&
1361 			    id == pcb->eap.es_client.ea_id))) {
1362 			pcb->eap.es_usedpseudo = 1;
1363 			/* Try to get a pseudonym */
1364 			if ((fd = open_pn_file(O_RDONLY)) >= 0) {
1365 				strcpy(rhostname, SRP_PSEUDO_ID);
1366 				len = read(fd, rhostname + SRP_PSEUDO_LEN,
1367 				    sizeof (rhostname) - SRP_PSEUDO_LEN);
1368 				/* XXX NAI unsupported */
1369 				if (len > 0) {
1370 					eap_send_response(pcb, id, typenum,
1371 					    rhostname, len + SRP_PSEUDO_LEN);
1372 				}
1373 				(void) close(fd);
1374 				if (len > 0)
1375 					break;
1376 			}
1377 		}
1378 		/* Stop using pseudonym now. */
1379 		if (pcb->eap.es_usepseudo && pcb->eap.es_usedpseudo != 2) {
1380 			remove_pn_file();
1381 			pcb->eap.es_usedpseudo = 2;
1382 		}
1383 #endif /* USE_SRP */
1384 		eap_send_response(pcb, id, typenum, (const u_char*)pcb->eap.es_client.ea_name,
1385 		    pcb->eap.es_client.ea_namelen);
1386 		break;
1387 
1388 	case EAPT_NOTIFICATION:
1389 		if (len > 0)
1390 			ppp_info("EAP: Notification \"%.*q\"", len, inp);
1391 		eap_send_response(pcb, id, typenum, NULL, 0);
1392 		break;
1393 
1394 	case EAPT_NAK:
1395 		/*
1396 		 * Avoid the temptation to send Response Nak in reply
1397 		 * to Request Nak here.  It can only lead to trouble.
1398 		 */
1399 		ppp_warn("EAP: unexpected Nak in Request; ignored");
1400 		/* Return because we're waiting for something real. */
1401 		return;
1402 
1403 	case EAPT_MD5CHAP:
1404 		if (len < 1) {
1405 			ppp_error("EAP: received MD5-Challenge with no data");
1406 			/* Bogus request; wait for something real. */
1407 			return;
1408 		}
1409 		GETCHAR(vallen, inp);
1410 		len--;
1411 		if (vallen < 8 || vallen > len) {
1412 			ppp_error("EAP: MD5-Challenge with bad length %d (8..%d)",
1413 			    vallen, len);
1414 			/* Try something better. */
1415 			eap_send_nak(pcb, id, EAPT_SRP);
1416 			break;
1417 		}
1418 
1419 		/* Not so likely to happen. */
1420 		if (vallen >= len + sizeof (rhostname)) {
1421 			ppp_dbglog("EAP: trimming really long peer name down");
1422 			MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
1423 			rhostname[sizeof (rhostname) - 1] = '\0';
1424 		} else {
1425 			MEMCPY(rhostname, inp + vallen, len - vallen);
1426 			rhostname[len - vallen] = '\0';
1427 		}
1428 
1429 #if PPP_REMOTENAME
1430 		/* In case the remote doesn't give us his name. */
1431 		if (pcb->settings.explicit_remote ||
1432 		    (pcb->settings.remote_name[0] != '\0' && vallen == len))
1433 			strlcpy(rhostname, pcb->settings.remote_name, sizeof (rhostname));
1434 #endif /* PPP_REMOTENAME */
1435 
1436 		/*
1437 		 * Get the secret for authenticating ourselves with
1438 		 * the specified host.
1439 		 */
1440 		if (!get_secret(pcb, pcb->eap.es_client.ea_name,
1441 		    rhostname, secret, &secret_len, 0)) {
1442 			ppp_dbglog("EAP: no MD5 secret for auth to %q", rhostname);
1443 			eap_send_nak(pcb, id, EAPT_SRP);
1444 			break;
1445 		}
1446 		lwip_md5_init(&mdContext);
1447 		lwip_md5_starts(&mdContext);
1448 		typenum = id;
1449 		lwip_md5_update(&mdContext, &typenum, 1);
1450 		lwip_md5_update(&mdContext, (u_char *)secret, secret_len);
1451 		BZERO(secret, sizeof (secret));
1452 		lwip_md5_update(&mdContext, inp, vallen);
1453 		lwip_md5_finish(&mdContext, hash);
1454 		lwip_md5_free(&mdContext);
1455 		eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name,
1456 		    pcb->eap.es_client.ea_namelen);
1457 		break;
1458 
1459 #ifdef USE_SRP
1460 	case EAPT_SRP:
1461 		if (len < 1) {
1462 			ppp_error("EAP: received empty SRP Request");
1463 			/* Bogus request; wait for something real. */
1464 			return;
1465 		}
1466 
1467 		/* Get subtype */
1468 		GETCHAR(vallen, inp);
1469 		len--;
1470 		switch (vallen) {
1471 		case EAPSRP_CHALLENGE:
1472 			tc = NULL;
1473 			if (pcb->eap.es_client.ea_session != NULL) {
1474 				tc = (struct t_client *)pcb->eap.es_client.
1475 				    ea_session;
1476 				/*
1477 				 * If this is a new challenge, then start
1478 				 * over with a new client session context.
1479 				 * Otherwise, just resend last response.
1480 				 */
1481 				if (id != pcb->eap.es_client.ea_id) {
1482 					t_clientclose(tc);
1483 					pcb->eap.es_client.ea_session = NULL;
1484 					tc = NULL;
1485 				}
1486 			}
1487 			/* No session key just yet */
1488 			pcb->eap.es_client.ea_skey = NULL;
1489 			if (tc == NULL) {
1490 				int rhostnamelen;
1491 
1492 				GETCHAR(vallen, inp);
1493 				len--;
1494 				if (vallen >= len) {
1495 					ppp_error("EAP: badly-formed SRP Challenge"
1496 					    " (name)");
1497 					/* Ignore badly-formed messages */
1498 					return;
1499 				}
1500 				MEMCPY(rhostname, inp, vallen);
1501 				rhostname[vallen] = '\0';
1502 				INCPTR(vallen, inp);
1503 				len -= vallen;
1504 
1505 				/*
1506 				 * In case the remote doesn't give us his name,
1507 				 * use configured name.
1508 				 */
1509 				if (explicit_remote ||
1510 				    (remote_name[0] != '\0' && vallen == 0)) {
1511 					strlcpy(rhostname, remote_name,
1512 					    sizeof (rhostname));
1513 				}
1514 
1515 				rhostnamelen = (int)strlen(rhostname);
1516 				if (rhostnamelen > MAXNAMELEN) {
1517 					rhostnamelen = MAXNAMELEN;
1518 				}
1519 				MEMCPY(pcb->eap.es_client.ea_peer, rhostname, rhostnamelen);
1520 				pcb->eap.es_client.ea_peer[rhostnamelen] = '\0';
1521 				pcb->eap.es_client.ea_peerlen = rhostnamelen;
1522 
1523 				GETCHAR(vallen, inp);
1524 				len--;
1525 				if (vallen >= len) {
1526 					ppp_error("EAP: badly-formed SRP Challenge"
1527 					    " (s)");
1528 					/* Ignore badly-formed messages */
1529 					return;
1530 				}
1531 				sval.data = inp;
1532 				sval.len = vallen;
1533 				INCPTR(vallen, inp);
1534 				len -= vallen;
1535 
1536 				GETCHAR(vallen, inp);
1537 				len--;
1538 				if (vallen > len) {
1539 					ppp_error("EAP: badly-formed SRP Challenge"
1540 					    " (g)");
1541 					/* Ignore badly-formed messages */
1542 					return;
1543 				}
1544 				/* If no generator present, then use value 2 */
1545 				if (vallen == 0) {
1546 					gval.data = (u_char *)"\002";
1547 					gval.len = 1;
1548 				} else {
1549 					gval.data = inp;
1550 					gval.len = vallen;
1551 				}
1552 				INCPTR(vallen, inp);
1553 				len -= vallen;
1554 
1555 				/*
1556 				 * If no modulus present, then use well-known
1557 				 * value.
1558 				 */
1559 				if (len == 0) {
1560 					Nval.data = (u_char *)wkmodulus;
1561 					Nval.len = sizeof (wkmodulus);
1562 				} else {
1563 					Nval.data = inp;
1564 					Nval.len = len;
1565 				}
1566 				tc = t_clientopen(pcb->eap.es_client.ea_name,
1567 				    &Nval, &gval, &sval);
1568 				if (tc == NULL) {
1569 					eap_send_nak(pcb, id, EAPT_MD5CHAP);
1570 					break;
1571 				}
1572 				pcb->eap.es_client.ea_session = (void *)tc;
1573 
1574 				/* Add Challenge ID & type to verifier */
1575 				vals[0] = id;
1576 				vals[1] = EAPT_SRP;
1577 				t_clientaddexdata(tc, vals, 2);
1578 			}
1579 			Ap = t_clientgenexp(tc);
1580 			eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data,
1581 			    Ap->len);
1582 			break;
1583 
1584 		case EAPSRP_SKEY:
1585 			tc = (struct t_client *)pcb->eap.es_client.ea_session;
1586 			if (tc == NULL) {
1587 				ppp_warn("EAP: peer sent Subtype 2 without 1");
1588 				eap_send_nak(pcb, id, EAPT_MD5CHAP);
1589 				break;
1590 			}
1591 			if (pcb->eap.es_client.ea_skey != NULL) {
1592 				/*
1593 				 * ID number should not change here.  Warn
1594 				 * if it does (but otherwise ignore).
1595 				 */
1596 				if (id != pcb->eap.es_client.ea_id) {
1597 					ppp_warn("EAP: ID changed from %d to %d "
1598 					    "in SRP Subtype 2 rexmit",
1599 					    pcb->eap.es_client.ea_id, id);
1600 				}
1601 			} else {
1602 				if (get_srp_secret(pcb->eap.es_unit,
1603 				    pcb->eap.es_client.ea_name,
1604 				    pcb->eap.es_client.ea_peer, secret, 0) == 0) {
1605 					/*
1606 					 * Can't work with this peer because
1607 					 * the secret is missing.  Just give
1608 					 * up.
1609 					 */
1610 					eap_send_nak(pcb, id, EAPT_MD5CHAP);
1611 					break;
1612 				}
1613 				Bval.data = inp;
1614 				Bval.len = len;
1615 				t_clientpasswd(tc, secret);
1616 				BZERO(secret, sizeof (secret));
1617 				pcb->eap.es_client.ea_skey =
1618 				    t_clientgetkey(tc, &Bval);
1619 				if (pcb->eap.es_client.ea_skey == NULL) {
1620 					/* Server is rogue; stop now */
1621 					ppp_error("EAP: SRP server is rogue");
1622 					goto client_failure;
1623 				}
1624 			}
1625 			eap_srpval_response(esp, id, SRPVAL_EBIT,
1626 			    t_clientresponse(tc));
1627 			break;
1628 
1629 		case EAPSRP_SVALIDATOR:
1630 			tc = (struct t_client *)pcb->eap.es_client.ea_session;
1631 			if (tc == NULL || pcb->eap.es_client.ea_skey == NULL) {
1632 				ppp_warn("EAP: peer sent Subtype 3 without 1/2");
1633 				eap_send_nak(pcb, id, EAPT_MD5CHAP);
1634 				break;
1635 			}
1636 			/*
1637 			 * If we're already open, then this ought to be a
1638 			 * duplicate.  Otherwise, check that the server is
1639 			 * who we think it is.
1640 			 */
1641 			if (pcb->eap.es_client.ea_state == eapOpen) {
1642 				if (id != pcb->eap.es_client.ea_id) {
1643 					ppp_warn("EAP: ID changed from %d to %d "
1644 					    "in SRP Subtype 3 rexmit",
1645 					    pcb->eap.es_client.ea_id, id);
1646 				}
1647 			} else {
1648 				len -= sizeof (u32_t) + SHA_DIGESTSIZE;
1649 				if (len < 0 || t_clientverify(tc, inp +
1650 					sizeof (u32_t)) != 0) {
1651 					ppp_error("EAP: SRP server verification "
1652 					    "failed");
1653 					goto client_failure;
1654 				}
1655 				GETLONG(pcb->eap.es_client.ea_keyflags, inp);
1656 				/* Save pseudonym if user wants it. */
1657 				if (len > 0 && pcb->eap.es_usepseudo) {
1658 					INCPTR(SHA_DIGESTSIZE, inp);
1659 					write_pseudonym(esp, inp, len, id);
1660 				}
1661 			}
1662 			/*
1663 			 * We've verified our peer.  We're now mostly done,
1664 			 * except for waiting on the regular EAP Success
1665 			 * message.
1666 			 */
1667 			eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0);
1668 			break;
1669 
1670 		case EAPSRP_LWRECHALLENGE:
1671 			if (len < 4) {
1672 				ppp_warn("EAP: malformed Lightweight rechallenge");
1673 				return;
1674 			}
1675 			SHA1Init(&ctxt);
1676 			vals[0] = id;
1677 			SHA1Update(&ctxt, vals, 1);
1678 			SHA1Update(&ctxt, pcb->eap.es_client.ea_skey,
1679 			    SESSION_KEY_LEN);
1680 			SHA1Update(&ctxt, inp, len);
1681 			SHA1Update(&ctxt, pcb->eap.es_client.ea_name,
1682 			    pcb->eap.es_client.ea_namelen);
1683 			SHA1Final(dig, &ctxt);
1684 			eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
1685 			    SHA_DIGESTSIZE);
1686 			break;
1687 
1688 		default:
1689 			ppp_error("EAP: unknown SRP Subtype %d", vallen);
1690 			eap_send_nak(pcb, id, EAPT_MD5CHAP);
1691 			break;
1692 		}
1693 		break;
1694 #endif /* USE_SRP */
1695 
1696 	default:
1697 		ppp_info("EAP: unknown authentication type %d; Naking", typenum);
1698 		eap_send_nak(pcb, id, EAPT_SRP);
1699 		break;
1700 	}
1701 
1702 	if (pcb->settings.eap_req_time > 0) {
1703 		UNTIMEOUT(eap_client_timeout, pcb);
1704 		TIMEOUT(eap_client_timeout, pcb,
1705 		    pcb->settings.eap_req_time);
1706 	}
1707 	return;
1708 
1709 #ifdef USE_SRP
1710 client_failure:
1711 	pcb->eap.es_client.ea_state = eapBadAuth;
1712 	if (pcb->settings.eap_req_time > 0) {
1713 		UNTIMEOUT(eap_client_timeout, (void *)esp);
1714 	}
1715 	pcb->eap.es_client.ea_session = NULL;
1716 	t_clientclose(tc);
1717 	auth_withpeer_fail(pcb, PPP_EAP);
1718 #endif /* USE_SRP */
1719 }
1720 
1721 #if PPP_SERVER
1722 /*
1723  * eap_response - Receive EAP Response message (server mode).
1724  */
eap_response(ppp_pcb * pcb,u_char * inp,int id,int len)1725 static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) {
1726 	u_char typenum;
1727 	u_char vallen;
1728 	int secret_len;
1729 	char secret[MAXSECRETLEN];
1730 	char rhostname[MAXNAMELEN];
1731 	lwip_md5_context mdContext;
1732 	u_char hash[MD5_SIGNATURE_SIZE];
1733 #ifdef USE_SRP
1734 	struct t_server *ts;
1735 	struct t_num A;
1736 	SHA1_CTX ctxt;
1737 	u_char dig[SHA_DIGESTSIZE];
1738 #endif /* USE_SRP */
1739 
1740 	if (pcb->eap.es_server.ea_id != id) {
1741 		ppp_dbglog("EAP: discarding Response %d; expected ID %d", id,
1742 		    pcb->eap.es_server.ea_id);
1743 		return;
1744 	}
1745 
1746 	pcb->eap.es_server.ea_responses++;
1747 
1748 	if (len <= 0) {
1749 		ppp_error("EAP: empty Response message discarded");
1750 		return;
1751 	}
1752 
1753 	GETCHAR(typenum, inp);
1754 	len--;
1755 
1756 	switch (typenum) {
1757 	case EAPT_IDENTITY:
1758 		if (pcb->eap.es_server.ea_state != eapIdentify) {
1759 			ppp_dbglog("EAP discarding unwanted Identify \"%.q\"", len,
1760 			    inp);
1761 			break;
1762 		}
1763 		ppp_info("EAP: unauthenticated peer name \"%.*q\"", len, inp);
1764 		if (len > MAXNAMELEN) {
1765 		  len = MAXNAMELEN;
1766 		}
1767 		MEMCPY(pcb->eap.es_server.ea_peer, inp, len);
1768 		pcb->eap.es_server.ea_peer[len] = '\0';
1769 		pcb->eap.es_server.ea_peerlen = len;
1770 		eap_figure_next_state(pcb, 0);
1771 		break;
1772 
1773 	case EAPT_NOTIFICATION:
1774 		ppp_dbglog("EAP unexpected Notification; response discarded");
1775 		break;
1776 
1777 	case EAPT_NAK:
1778 		if (len < 1) {
1779 			ppp_info("EAP: Nak Response with no suggested protocol");
1780 			eap_figure_next_state(pcb, 1);
1781 			break;
1782 		}
1783 
1784 		GETCHAR(vallen, inp);
1785 		len--;
1786 
1787 		if (
1788 #if PPP_REMOTENAME
1789 		!pcb->explicit_remote &&
1790 #endif /* PPP_REMOTENAME */
1791 		pcb->eap.es_server.ea_state == eapIdentify){
1792 			/* Peer cannot Nak Identify Request */
1793 			eap_figure_next_state(pcb, 1);
1794 			break;
1795 		}
1796 
1797 		switch (vallen) {
1798 		case EAPT_SRP:
1799 			/* Run through SRP validator selection again. */
1800 			pcb->eap.es_server.ea_state = eapIdentify;
1801 			eap_figure_next_state(pcb, 0);
1802 			break;
1803 
1804 		case EAPT_MD5CHAP:
1805 			pcb->eap.es_server.ea_state = eapMD5Chall;
1806 			break;
1807 
1808 		default:
1809 			ppp_dbglog("EAP: peer requesting unknown Type %d", vallen);
1810 			switch (pcb->eap.es_server.ea_state) {
1811 			case eapSRP1:
1812 			case eapSRP2:
1813 			case eapSRP3:
1814 				pcb->eap.es_server.ea_state = eapMD5Chall;
1815 				break;
1816 			case eapMD5Chall:
1817 			case eapSRP4:
1818 				pcb->eap.es_server.ea_state = eapIdentify;
1819 				eap_figure_next_state(pcb, 0);
1820 				break;
1821 			default:
1822 				break;
1823 			}
1824 			break;
1825 		}
1826 		break;
1827 
1828 	case EAPT_MD5CHAP:
1829 		if (pcb->eap.es_server.ea_state != eapMD5Chall) {
1830 			ppp_error("EAP: unexpected MD5-Response");
1831 			eap_figure_next_state(pcb, 1);
1832 			break;
1833 		}
1834 		if (len < 1) {
1835 			ppp_error("EAP: received MD5-Response with no data");
1836 			eap_figure_next_state(pcb, 1);
1837 			break;
1838 		}
1839 		GETCHAR(vallen, inp);
1840 		len--;
1841 		if (vallen != 16 || vallen > len) {
1842 			ppp_error("EAP: MD5-Response with bad length %d", vallen);
1843 			eap_figure_next_state(pcb, 1);
1844 			break;
1845 		}
1846 
1847 		/* Not so likely to happen. */
1848 		if (vallen >= len + sizeof (rhostname)) {
1849 			ppp_dbglog("EAP: trimming really long peer name down");
1850 			MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
1851 			rhostname[sizeof (rhostname) - 1] = '\0';
1852 		} else {
1853 			MEMCPY(rhostname, inp + vallen, len - vallen);
1854 			rhostname[len - vallen] = '\0';
1855 		}
1856 
1857 #if PPP_REMOTENAME
1858 		/* In case the remote doesn't give us his name. */
1859 		if (explicit_remote ||
1860 		    (remote_name[0] != '\0' && vallen == len))
1861 			strlcpy(rhostname, remote_name, sizeof (rhostname));
1862 #endif /* PPP_REMOTENAME */
1863 
1864 		/*
1865 		 * Get the secret for authenticating the specified
1866 		 * host.
1867 		 */
1868 		if (!get_secret(pcb, rhostname,
1869 		    pcb->eap.es_server.ea_name, secret, &secret_len, 1)) {
1870 			ppp_dbglog("EAP: no MD5 secret for auth of %q", rhostname);
1871 			eap_send_failure(pcb);
1872 			break;
1873 		}
1874 		lwip_md5_init(&mdContext);
1875 		lwip_md5_starts(&mdContext);
1876 		lwip_md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1);
1877 		lwip_md5_update(&mdContext, (u_char *)secret, secret_len);
1878 		BZERO(secret, sizeof (secret));
1879 		lwip_md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen);
1880 		lwip_md5_finish(&mdContext, hash);
1881 		lwip_md5_free(&mdContext);
1882 		if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
1883 			eap_send_failure(pcb);
1884 			break;
1885 		}
1886 		pcb->eap.es_server.ea_type = EAPT_MD5CHAP;
1887 		eap_send_success(pcb);
1888 		eap_figure_next_state(pcb, 0);
1889 		if (pcb->eap.es_rechallenge != 0)
1890 			TIMEOUT(eap_rechallenge, pcb, pcb->eap.es_rechallenge);
1891 		break;
1892 
1893 #ifdef USE_SRP
1894 	case EAPT_SRP:
1895 		if (len < 1) {
1896 			ppp_error("EAP: empty SRP Response");
1897 			eap_figure_next_state(pcb, 1);
1898 			break;
1899 		}
1900 		GETCHAR(typenum, inp);
1901 		len--;
1902 		switch (typenum) {
1903 		case EAPSRP_CKEY:
1904 			if (pcb->eap.es_server.ea_state != eapSRP1) {
1905 				ppp_error("EAP: unexpected SRP Subtype 1 Response");
1906 				eap_figure_next_state(pcb, 1);
1907 				break;
1908 			}
1909 			A.data = inp;
1910 			A.len = len;
1911 			ts = (struct t_server *)pcb->eap.es_server.ea_session;
1912 			assert(ts != NULL);
1913 			pcb->eap.es_server.ea_skey = t_servergetkey(ts, &A);
1914 			if (pcb->eap.es_server.ea_skey == NULL) {
1915 				/* Client's A value is bogus; terminate now */
1916 				ppp_error("EAP: bogus A value from client");
1917 				eap_send_failure(pcb);
1918 			} else {
1919 				eap_figure_next_state(pcb, 0);
1920 			}
1921 			break;
1922 
1923 		case EAPSRP_CVALIDATOR:
1924 			if (pcb->eap.es_server.ea_state != eapSRP2) {
1925 				ppp_error("EAP: unexpected SRP Subtype 2 Response");
1926 				eap_figure_next_state(pcb, 1);
1927 				break;
1928 			}
1929 			if (len < sizeof (u32_t) + SHA_DIGESTSIZE) {
1930 				ppp_error("EAP: M1 length %d < %d", len,
1931 				    sizeof (u32_t) + SHA_DIGESTSIZE);
1932 				eap_figure_next_state(pcb, 1);
1933 				break;
1934 			}
1935 			GETLONG(pcb->eap.es_server.ea_keyflags, inp);
1936 			ts = (struct t_server *)pcb->eap.es_server.ea_session;
1937 			assert(ts != NULL);
1938 			if (t_serververify(ts, inp)) {
1939 				ppp_info("EAP: unable to validate client identity");
1940 				eap_send_failure(pcb);
1941 				break;
1942 			}
1943 			eap_figure_next_state(pcb, 0);
1944 			break;
1945 
1946 		case EAPSRP_ACK:
1947 			if (pcb->eap.es_server.ea_state != eapSRP3) {
1948 				ppp_error("EAP: unexpected SRP Subtype 3 Response");
1949 				eap_send_failure(esp);
1950 				break;
1951 			}
1952 			pcb->eap.es_server.ea_type = EAPT_SRP;
1953 			eap_send_success(pcb, esp);
1954 			eap_figure_next_state(pcb, 0);
1955 			if (pcb->eap.es_rechallenge != 0)
1956 				TIMEOUT(eap_rechallenge, pcb,
1957 				    pcb->eap.es_rechallenge);
1958 			if (pcb->eap.es_lwrechallenge != 0)
1959 				TIMEOUT(srp_lwrechallenge, pcb,
1960 				    pcb->eap.es_lwrechallenge);
1961 			break;
1962 
1963 		case EAPSRP_LWRECHALLENGE:
1964 			if (pcb->eap.es_server.ea_state != eapSRP4) {
1965 				ppp_info("EAP: unexpected SRP Subtype 4 Response");
1966 				return;
1967 			}
1968 			if (len != SHA_DIGESTSIZE) {
1969 				ppp_error("EAP: bad Lightweight rechallenge "
1970 				    "response");
1971 				return;
1972 			}
1973 			SHA1Init(&ctxt);
1974 			vallen = id;
1975 			SHA1Update(&ctxt, &vallen, 1);
1976 			SHA1Update(&ctxt, pcb->eap.es_server.ea_skey,
1977 			    SESSION_KEY_LEN);
1978 			SHA1Update(&ctxt, pcb->eap.es_challenge, pcb->eap.es_challen);
1979 			SHA1Update(&ctxt, pcb->eap.es_server.ea_peer,
1980 			    pcb->eap.es_server.ea_peerlen);
1981 			SHA1Final(dig, &ctxt);
1982 			if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) {
1983 				ppp_error("EAP: failed Lightweight rechallenge");
1984 				eap_send_failure(pcb);
1985 				break;
1986 			}
1987 			pcb->eap.es_server.ea_state = eapOpen;
1988 			if (pcb->eap.es_lwrechallenge != 0)
1989 				TIMEOUT(srp_lwrechallenge, esp,
1990 				    pcb->eap.es_lwrechallenge);
1991 			break;
1992 		}
1993 		break;
1994 #endif /* USE_SRP */
1995 
1996 	default:
1997 		/* This can't happen. */
1998 		ppp_error("EAP: unknown Response type %d; ignored", typenum);
1999 		return;
2000 	}
2001 
2002 	if (pcb->settings.eap_timeout_time > 0) {
2003 		UNTIMEOUT(eap_server_timeout, pcb);
2004 	}
2005 
2006 	if (pcb->eap.es_server.ea_state != eapBadAuth &&
2007 	    pcb->eap.es_server.ea_state != eapOpen) {
2008 		pcb->eap.es_server.ea_id++;
2009 		eap_send_request(pcb);
2010 	}
2011 }
2012 #endif /* PPP_SERVER */
2013 
2014 /*
2015  * eap_success - Receive EAP Success message (client mode).
2016  */
eap_success(ppp_pcb * pcb,u_char * inp,int id,int len)2017 static void eap_success(ppp_pcb *pcb, u_char *inp, int id, int len) {
2018 	LWIP_UNUSED_ARG(id);
2019 
2020 	if (pcb->eap.es_client.ea_state != eapOpen && !eap_client_active(pcb)) {
2021 		ppp_dbglog("EAP unexpected success message in state %s (%d)",
2022 		    eap_state_name(pcb->eap.es_client.ea_state),
2023 		    pcb->eap.es_client.ea_state);
2024 		return;
2025 	}
2026 
2027 	if (pcb->settings.eap_req_time > 0) {
2028 		UNTIMEOUT(eap_client_timeout, pcb);
2029 	}
2030 
2031 	if (len > 0) {
2032 		/* This is odd.  The spec doesn't allow for this. */
2033 		PRINTMSG(inp, len);
2034 	}
2035 
2036 	pcb->eap.es_client.ea_state = eapOpen;
2037 	auth_withpeer_success(pcb, PPP_EAP, 0);
2038 }
2039 
2040 /*
2041  * eap_failure - Receive EAP Failure message (client mode).
2042  */
eap_failure(ppp_pcb * pcb,u_char * inp,int id,int len)2043 static void eap_failure(ppp_pcb *pcb, u_char *inp, int id, int len) {
2044 	LWIP_UNUSED_ARG(id);
2045 
2046 	if (!eap_client_active(pcb)) {
2047 		ppp_dbglog("EAP unexpected failure message in state %s (%d)",
2048 		    eap_state_name(pcb->eap.es_client.ea_state),
2049 		    pcb->eap.es_client.ea_state);
2050 	}
2051 
2052 	if (pcb->settings.eap_req_time > 0) {
2053 		UNTIMEOUT(eap_client_timeout, pcb);
2054 	}
2055 
2056 	if (len > 0) {
2057 		/* This is odd.  The spec doesn't allow for this. */
2058 		PRINTMSG(inp, len);
2059 	}
2060 
2061 	pcb->eap.es_client.ea_state = eapBadAuth;
2062 
2063 	ppp_error("EAP: peer reports authentication failure");
2064 	auth_withpeer_fail(pcb, PPP_EAP);
2065 }
2066 
2067 /*
2068  * eap_input - Handle received EAP message.
2069  */
eap_input(ppp_pcb * pcb,u_char * inp,int inlen)2070 static void eap_input(ppp_pcb *pcb, u_char *inp, int inlen) {
2071 	u_char code, id;
2072 	int len;
2073 
2074 	/*
2075 	 * Parse header (code, id and length).  If packet too short,
2076 	 * drop it.
2077 	 */
2078 	if (inlen < EAP_HEADERLEN) {
2079 		ppp_error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN);
2080 		return;
2081 	}
2082 	GETCHAR(code, inp);
2083 	GETCHAR(id, inp);
2084 	GETSHORT(len, inp);
2085 	if (len < EAP_HEADERLEN || len > inlen) {
2086 		ppp_error("EAP: packet has illegal length field %d (%d..%d)", len,
2087 		    EAP_HEADERLEN, inlen);
2088 		return;
2089 	}
2090 	len -= EAP_HEADERLEN;
2091 
2092 	/* Dispatch based on message code */
2093 	switch (code) {
2094 	case EAP_REQUEST:
2095 		eap_request(pcb, inp, id, len);
2096 		break;
2097 
2098 #if PPP_SERVER
2099 	case EAP_RESPONSE:
2100 		eap_response(pcb, inp, id, len);
2101 		break;
2102 #endif /* PPP_SERVER */
2103 
2104 	case EAP_SUCCESS:
2105 		eap_success(pcb, inp, id, len);
2106 		break;
2107 
2108 	case EAP_FAILURE:
2109 		eap_failure(pcb, inp, id, len);
2110 		break;
2111 
2112 	default:				/* XXX Need code reject */
2113 		/* Note: it's not legal to send EAP Nak here. */
2114 		ppp_warn("EAP: unknown code %d received", code);
2115 		break;
2116 	}
2117 }
2118 
2119 #if PRINTPKT_SUPPORT
2120 /*
2121  * eap_printpkt - print the contents of an EAP packet.
2122  */
2123 static const char* const eap_codenames[] = {
2124 	"Request", "Response", "Success", "Failure"
2125 };
2126 
2127 static const char* const eap_typenames[] = {
2128 	"Identity", "Notification", "Nak", "MD5-Challenge",
2129 	"OTP", "Generic-Token", NULL, NULL,
2130 	"RSA", "DSS", "KEA", "KEA-Validate",
2131 	"TLS", "Defender", "Windows 2000", "Arcot",
2132 	"Cisco", "Nokia", "SRP"
2133 };
2134 
eap_printpkt(const u_char * inp,int inlen,void (* printer)(void *,const char *,...),void * arg)2135 static int eap_printpkt(const u_char *inp, int inlen, void (*printer) (void *, const char *, ...), void *arg) {
2136 	int code, id, len, rtype, vallen;
2137 	const u_char *pstart;
2138 	u32_t uval;
2139 
2140 	if (inlen < EAP_HEADERLEN)
2141 		return (0);
2142 	pstart = inp;
2143 	GETCHAR(code, inp);
2144 	GETCHAR(id, inp);
2145 	GETSHORT(len, inp);
2146 	if (len < EAP_HEADERLEN || len > inlen)
2147 		return (0);
2148 
2149 	if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(eap_codenames))
2150 		printer(arg, " %s", eap_codenames[code-1]);
2151 	else
2152 		printer(arg, " code=0x%x", code);
2153 	printer(arg, " id=0x%x", id);
2154 	len -= EAP_HEADERLEN;
2155 	switch (code) {
2156 	case EAP_REQUEST:
2157 		if (len < 1) {
2158 			printer(arg, " <missing type>");
2159 			break;
2160 		}
2161 		GETCHAR(rtype, inp);
2162 		len--;
2163 		if (rtype >= 1 && rtype <= (int)LWIP_ARRAYSIZE(eap_typenames))
2164 			printer(arg, " %s", eap_typenames[rtype-1]);
2165 		else
2166 			printer(arg, " type=0x%x", rtype);
2167 		switch (rtype) {
2168 		case EAPT_IDENTITY:
2169 		case EAPT_NOTIFICATION:
2170 			if (len > 0) {
2171 				printer(arg, " <Message ");
2172 				ppp_print_string(inp, len, printer, arg);
2173 				printer(arg, ">");
2174 				INCPTR(len, inp);
2175 				len = 0;
2176 			} else {
2177 				printer(arg, " <No message>");
2178 			}
2179 			break;
2180 
2181 		case EAPT_MD5CHAP:
2182 			if (len <= 0)
2183 				break;
2184 			GETCHAR(vallen, inp);
2185 			len--;
2186 			if (vallen > len)
2187 				goto truncated;
2188 			printer(arg, " <Value%.*B>", vallen, inp);
2189 			INCPTR(vallen, inp);
2190 			len -= vallen;
2191 			if (len > 0) {
2192 				printer(arg, " <Name ");
2193 				ppp_print_string(inp, len, printer, arg);
2194 				printer(arg, ">");
2195 				INCPTR(len, inp);
2196 				len = 0;
2197 			} else {
2198 				printer(arg, " <No name>");
2199 			}
2200 			break;
2201 
2202 		case EAPT_SRP:
2203 			if (len < 3)
2204 				goto truncated;
2205 			GETCHAR(vallen, inp);
2206 			len--;
2207 			printer(arg, "-%d", vallen);
2208 			switch (vallen) {
2209 			case EAPSRP_CHALLENGE:
2210 				GETCHAR(vallen, inp);
2211 				len--;
2212 				if (vallen >= len)
2213 					goto truncated;
2214 				if (vallen > 0) {
2215 					printer(arg, " <Name ");
2216 					ppp_print_string(inp, vallen, printer,
2217 					    arg);
2218 					printer(arg, ">");
2219 				} else {
2220 					printer(arg, " <No name>");
2221 				}
2222 				INCPTR(vallen, inp);
2223 				len -= vallen;
2224 				GETCHAR(vallen, inp);
2225 				len--;
2226 				if (vallen >= len)
2227 					goto truncated;
2228 				printer(arg, " <s%.*B>", vallen, inp);
2229 				INCPTR(vallen, inp);
2230 				len -= vallen;
2231 				GETCHAR(vallen, inp);
2232 				len--;
2233 				if (vallen > len)
2234 					goto truncated;
2235 				if (vallen == 0) {
2236 					printer(arg, " <Default g=2>");
2237 				} else {
2238 					printer(arg, " <g%.*B>", vallen, inp);
2239 				}
2240 				INCPTR(vallen, inp);
2241 				len -= vallen;
2242 				if (len == 0) {
2243 					printer(arg, " <Default N>");
2244 				} else {
2245 					printer(arg, " <N%.*B>", len, inp);
2246 					INCPTR(len, inp);
2247 					len = 0;
2248 				}
2249 				break;
2250 
2251 			case EAPSRP_SKEY:
2252 				printer(arg, " <B%.*B>", len, inp);
2253 				INCPTR(len, inp);
2254 				len = 0;
2255 				break;
2256 
2257 			case EAPSRP_SVALIDATOR:
2258 				if (len < (int)sizeof (u32_t))
2259 					break;
2260 				GETLONG(uval, inp);
2261 				len -= sizeof (u32_t);
2262 				if (uval & SRPVAL_EBIT) {
2263 					printer(arg, " E");
2264 					uval &= ~SRPVAL_EBIT;
2265 				}
2266 				if (uval != 0) {
2267 					printer(arg, " f<%X>", uval);
2268 				}
2269 				if ((vallen = len) > SHA_DIGESTSIZE)
2270 					vallen = SHA_DIGESTSIZE;
2271 				printer(arg, " <M2%.*B%s>", len, inp,
2272 				    len < SHA_DIGESTSIZE ? "?" : "");
2273 				INCPTR(vallen, inp);
2274 				len -= vallen;
2275 				if (len > 0) {
2276 					printer(arg, " <PN%.*B>", len, inp);
2277 					INCPTR(len, inp);
2278 					len = 0;
2279 				}
2280 				break;
2281 
2282 			case EAPSRP_LWRECHALLENGE:
2283 				printer(arg, " <Challenge%.*B>", len, inp);
2284 				INCPTR(len, inp);
2285 				len = 0;
2286 				break;
2287 			default:
2288 				break;
2289 			}
2290 			break;
2291 		default:
2292 			break;
2293 		}
2294 		break;
2295 
2296 	case EAP_RESPONSE:
2297 		if (len < 1)
2298 			break;
2299 		GETCHAR(rtype, inp);
2300 		len--;
2301 		if (rtype >= 1 && rtype <= (int)LWIP_ARRAYSIZE(eap_typenames))
2302 			printer(arg, " %s", eap_typenames[rtype-1]);
2303 		else
2304 			printer(arg, " type=0x%x", rtype);
2305 		switch (rtype) {
2306 		case EAPT_IDENTITY:
2307 			if (len > 0) {
2308 				printer(arg, " <Name ");
2309 				ppp_print_string(inp, len, printer, arg);
2310 				printer(arg, ">");
2311 				INCPTR(len, inp);
2312 				len = 0;
2313 			}
2314 			break;
2315 
2316 		case EAPT_NAK:
2317 			if (len <= 0) {
2318 				printer(arg, " <missing hint>");
2319 				break;
2320 			}
2321 			GETCHAR(rtype, inp);
2322 			len--;
2323 			printer(arg, " <Suggested-type %02X", rtype);
2324 			if (rtype >= 1 && rtype < (int)LWIP_ARRAYSIZE(eap_typenames))
2325 				printer(arg, " (%s)", eap_typenames[rtype-1]);
2326 			printer(arg, ">");
2327 			break;
2328 
2329 		case EAPT_MD5CHAP:
2330 			if (len <= 0) {
2331 				printer(arg, " <missing length>");
2332 				break;
2333 			}
2334 			GETCHAR(vallen, inp);
2335 			len--;
2336 			if (vallen > len)
2337 				goto truncated;
2338 			printer(arg, " <Value%.*B>", vallen, inp);
2339 			INCPTR(vallen, inp);
2340 			len -= vallen;
2341 			if (len > 0) {
2342 				printer(arg, " <Name ");
2343 				ppp_print_string(inp, len, printer, arg);
2344 				printer(arg, ">");
2345 				INCPTR(len, inp);
2346 				len = 0;
2347 			} else {
2348 				printer(arg, " <No name>");
2349 			}
2350 			break;
2351 
2352 		case EAPT_SRP:
2353 			if (len < 1)
2354 				goto truncated;
2355 			GETCHAR(vallen, inp);
2356 			len--;
2357 			printer(arg, "-%d", vallen);
2358 			switch (vallen) {
2359 			case EAPSRP_CKEY:
2360 				printer(arg, " <A%.*B>", len, inp);
2361 				INCPTR(len, inp);
2362 				len = 0;
2363 				break;
2364 
2365 			case EAPSRP_CVALIDATOR:
2366 				if (len < (int)sizeof (u32_t))
2367 					break;
2368 				GETLONG(uval, inp);
2369 				len -= sizeof (u32_t);
2370 				if (uval & SRPVAL_EBIT) {
2371 					printer(arg, " E");
2372 					uval &= ~SRPVAL_EBIT;
2373 				}
2374 				if (uval != 0) {
2375 					printer(arg, " f<%X>", uval);
2376 				}
2377 				printer(arg, " <M1%.*B%s>", len, inp,
2378 				    len == SHA_DIGESTSIZE ? "" : "?");
2379 				INCPTR(len, inp);
2380 				len = 0;
2381 				break;
2382 
2383 			case EAPSRP_ACK:
2384 				break;
2385 
2386 			case EAPSRP_LWRECHALLENGE:
2387 				printer(arg, " <Response%.*B%s>", len, inp,
2388 				    len == SHA_DIGESTSIZE ? "" : "?");
2389 				if ((vallen = len) > SHA_DIGESTSIZE)
2390 					vallen = SHA_DIGESTSIZE;
2391 				INCPTR(vallen, inp);
2392 				len -= vallen;
2393 				break;
2394 			default:
2395 				break;
2396 			}
2397 			break;
2398 		default:
2399 			break;
2400 		}
2401 		break;
2402 
2403 	case EAP_SUCCESS:	/* No payload expected for these! */
2404 	case EAP_FAILURE:
2405 	default:
2406 		break;
2407 
2408 	truncated:
2409 		printer(arg, " <truncated>");
2410 		break;
2411 	}
2412 
2413 	if (len > 8)
2414 		printer(arg, "%8B...", inp);
2415 	else if (len > 0)
2416 		printer(arg, "%.*B", len, inp);
2417 	INCPTR(len, inp);
2418 
2419 	return (inp - pstart);
2420 }
2421 #endif /* PRINTPKT_SUPPORT */
2422 
2423 #endif /* PPP_SUPPORT && EAP_SUPPORT */
2424