Ethereal-dev: [Ethereal-dev] [PATCH] Dissect EAP-MD5, EAP-SIM, EAP-PEAP, EAP-MSCHAPv2
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jouni Malinen <jkmaline@xxxxxxxxx>
Date: Sat, 3 Jul 2004 22:39:17 -0700
The attached patch adds dissecting of some EAP methods. EAP-PEAP re-uses code for EAP-TLS/EAP-TTLS; the only change is in adding PEAP Version field. EAP-MD5, EAP-MSCHAPv2, and EAP-SIM are new code. -- Jouni Malinen PGP id EFC895FA
Index: packet-eap.c =================================================================== RCS file: /cvsroot/ethereal/packet-eap.c,v retrieving revision 1.36 diff -u -p -r1.36 packet-eap.c --- packet-eap.c 28 Jun 2004 05:41:50 -0000 1.36 +++ packet-eap.c 4 Jul 2004 05:33:43 -0000 @@ -70,15 +70,19 @@ References: #define EAP_TYPE_ID 1 #define EAP_TYPE_NOTIFY 2 #define EAP_TYPE_NAK 3 +#define EAP_TYPE_MD5 4 #define EAP_TYPE_TLS 13 #define EAP_TYPE_LEAP 17 +#define EAP_TYPE_SIM 18 #define EAP_TYPE_TTLS 21 +#define EAP_TYPE_PEAP 25 +#define EAP_TYPE_MSCHAPV2 26 static const value_string eap_type_vals[] = { {EAP_TYPE_ID, "Identity [RFC3748]" }, {EAP_TYPE_NOTIFY,"Notification [RFC3748]" }, {EAP_TYPE_NAK, "Nak (Response only) [RFC3748]" }, - { 4, "MD5-Challenge [RFC3748]" }, + {EAP_TYPE_MD5, "MD5-Challenge [RFC3748]" }, { 5, "One Time Password (OTP) [RFC2289]" }, { 6, "Generic Token Card [RFC3748]" }, { 7, "?? RESERVED ?? " }, /* ??? */ @@ -92,15 +96,15 @@ static const value_string eap_type_vals[ { 15, "RSA Security SecurID EAP [Asnes, Liberman]" }, { 16, "Arcot Systems EAP [Jerdonek]" }, {EAP_TYPE_LEAP,"EAP-Cisco Wireless (LEAP) [Norman]" }, - { 18, "Nokia IP smart card authentication [Haverinen]" }, + {EAP_TYPE_SIM, "EAP-SIM Nokia IP smart card authentication [Haverinen]" }, { 19, "SRP-SHA1 Part 1 [Carlson]" }, { 20, "SRP-SHA1 Part 2 [Carlson]" }, {EAP_TYPE_TTLS,"EAP-TTLS [Funk]" }, { 22, "Remote Access Service [Fields]" }, { 23, "UMTS Authentication and Key Agreement [Haverinen]" }, { 24, "EAP-3Com Wireless [Young]" }, - { 25, "PEAP [Palekar]" }, - { 26, "MS-EAP-Authentication [Palekar]" }, + {EAP_TYPE_PEAP,"PEAP [Palekar]" }, + {EAP_TYPE_MSCHAPV2,"MS-EAP-Authentication [Palekar]" }, { 27, "Mutual Authentication w/Key Exchange (MAKE)[Berrendonner]" }, { 28, "CRYPTOCard [Webb]" }, { 29, "EAP-MSCHAP-V2 [Potter]" }, @@ -183,18 +187,20 @@ from RFC2716, pg 17 0 1 2 3 4 5 6 7 8 +-+-+-+-+-+-+-+-+ - |L M S R R R R R| + |L M S R R Vers | +-+-+-+-+-+-+-+-+ L = Length included M = More fragments S = EAP-TLS start R = Reserved + Vers = PEAP version (Reserved for TLS and TTLS) */ #define EAP_TLS_FLAG_L 0x80 /* Length included */ #define EAP_TLS_FLAG_M 0x40 /* More fragments */ #define EAP_TLS_FLAG_S 0x20 /* EAP-TLS start */ +#define EAP_PEAP_FLAG_VERSION 0x07 /* EAP-PEAP version */ /* * reassembly of EAP-TLS @@ -210,6 +216,7 @@ static int hf_eaptls_fragment_too_long static int hf_eaptls_fragment_error = -1; static gint ett_eaptls_fragment = -1; static gint ett_eaptls_fragments = -1; +static gint ett_eap_sim_attr = -1; static const fragment_items eaptls_frag_items = { &ett_eaptls_fragment, @@ -259,6 +266,231 @@ eap_init_protocol(void) G_ALLOC_ONLY); } +static void +dissect_eap_mschapv2(proto_tree *eap_tree, tvbuff_t *tvb, int offset, + gint size) +{ + gint left = size; + gint ms_len; + guint8 *tmp, value_size; + enum { + MS_CHAPv2_CHALLENGE = 1, + MS_CHAPv2_RESPONSE = 2, + MS_CHAPv2_SUCCESS = 3, + MS_CHAPv2_FAILURE = 4, + MS_CHAPv2_CHANGE_PASSWORD = 5 + } opcode; + static const value_string opcodes[] = { + { MS_CHAPv2_CHALLENGE, "Challenge" }, + { MS_CHAPv2_RESPONSE, "Response" }, + { MS_CHAPv2_SUCCESS, "Success" }, + { MS_CHAPv2_FAILURE, "Failure" }, + { MS_CHAPv2_CHANGE_PASSWORD, "Change-Password" }, + { 0, NULL } + }; + + /* OpCode (1 byte), MS-CHAPv2-ID (1 byte), MS-Length (2 bytes), Data */ + opcode = tvb_get_guint8(tvb, offset); + proto_tree_add_text(eap_tree, tvb, offset, 1, + "OpCode: %d (%s)", + opcode, val_to_str(opcode, opcodes, "Unknown")); + offset++; + left--; + if (left <= 0) + return; + + proto_tree_add_text(eap_tree, tvb, offset, 1, "MS-CHAPv2-ID: %d", + tvb_get_guint8(tvb, offset)); + offset++; + left--; + if (left <= 0) + return; + + ms_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_text(eap_tree, tvb, offset, 2, "MS-Length: %d%s", + ms_len, + ms_len != size ? " (invalid len)" : ""); + offset += 2; + left -= 2; + + switch (opcode) { + case MS_CHAPv2_CHALLENGE: + if (left <= 0) + break; + value_size = tvb_get_guint8(tvb, offset); + proto_tree_add_text(eap_tree, tvb, offset, 1, + "Value-Size: %d", value_size); + offset++; + left--; + proto_tree_add_text(eap_tree, tvb, offset, value_size, + "Challenge: %s", + tvb_bytes_to_str(tvb, offset, value_size)); + offset += value_size; + left -= value_size; + if (left <= 0) + break; + proto_tree_add_text(eap_tree, tvb, offset, left, + "Name: %s", + tvb_format_text(tvb, offset, left)); + break; + case MS_CHAPv2_RESPONSE: + if (left <= 0) + break; + value_size = tvb_get_guint8(tvb, offset); + proto_tree_add_text(eap_tree, tvb, offset, 1, + "Value-Size: %d", value_size); + offset++; + left--; + if (value_size == 49) { + proto_tree_add_text(eap_tree, tvb, offset, 16, + "Peer-Challenge: %s", + tvb_bytes_to_str(tvb, offset, 16)); + offset += 16; + proto_tree_add_text(eap_tree, tvb, offset, 8, + "Reserved, must be zero: %s", + tvb_bytes_to_str(tvb, offset, 8)); + offset += 8; + proto_tree_add_text(eap_tree, tvb, offset, 24, + "NT-Response: %s", + tvb_bytes_to_str(tvb, offset, 24)); + offset += 24; + proto_tree_add_text(eap_tree, tvb, offset, 1, + "Flags: %d", + tvb_get_guint8(tvb, offset)); + offset++; + left -= value_size; + } else { + proto_tree_add_text(eap_tree, tvb, offset, value_size, + "Response (unknown length): %s", + tvb_bytes_to_str(tvb, offset, + value_size)); + offset += value_size; + left -= value_size; + } + if (left <= 0) + break; + proto_tree_add_text(eap_tree, tvb, offset, left, + "Name: %s", + tvb_format_text(tvb, offset, left)); + break; + case MS_CHAPv2_SUCCESS: + if (left <= 0) + break; + proto_tree_add_text(eap_tree, tvb, offset, left, + "Message: %s", + tvb_format_text(tvb, offset, left)); + break; + case MS_CHAPv2_FAILURE: + if (left <= 0) + break; + proto_tree_add_text(eap_tree, tvb, offset, left, + "Failure Request: %s", + tvb_format_text(tvb, offset, left)); + break; + default: + proto_tree_add_text(eap_tree, tvb, offset, left, + "Data (%d byte%s) Value: %s", + left, plurality(left, "", "s"), + tvb_bytes_to_str(tvb, offset, left)); + break; + } +} + +static void +dissect_eap_sim(proto_tree *eap_tree, tvbuff_t *tvb, int offset, gint size) +{ + gint left = size; + enum { + SIM_START = 10, + SIM_CHALLENGE = 11, + SIM_NOTIFICATION = 12, + SIM_RE_AUTHENTICATION = 13, + SIM_CLIENT_ERROR = 14 + } subtype; + static const value_string subtypes[] = { + { SIM_START, "Start" }, + { SIM_CHALLENGE, "Challenge" }, + { SIM_NOTIFICATION, "Notification" }, + { SIM_RE_AUTHENTICATION, "Re-authentication" }, + { SIM_CLIENT_ERROR, "Client-Error" }, + { 0, NULL } + }; + static const value_string attributes[] = { + { 1, "AT_RAND" }, + { 6, "AT_PADDING" }, + { 7, "AT_NONCE_MT" }, + { 10, "AT_PERMANENT_ID_REQ" }, + { 11, "AT_MAC" }, + { 12, "AT_NOTIFICATION" }, + { 13, "AT_ANY_ID_REQ" }, + { 14, "AT_IDENTITY" }, + { 15, "AT_VERSION_LIST" }, + { 16, "AT_SELECTED_VERSION" }, + { 17, "AT_FULLAUTH_ID_REQ" }, + { 18, "AT_COUNTER" }, + { 19, "AT_COUNTER_TOO_SMALL" }, + { 20, "AT_NONCE_S" }, + { 21, "AT_CLIENT_ERROR_CODE" }, + { 129, "AT_IV" }, + { 130, "AT_ENCR_DATA" }, + { 132, "AT_NEXT_PSEUDONYM" }, + { 133, "AT_NEXT_REAUTH_ID" }, + { 0, NULL } + }; + + subtype = tvb_get_guint8(tvb, offset); + proto_tree_add_text(eap_tree, tvb, offset, 1, + "subtype: %d (%s)", + subtype, val_to_str(subtype, subtypes, "Unknown")); + + offset++; + left--; + + if (left < 2) + return; + proto_tree_add_text(eap_tree, tvb, offset, 2, "Reserved: %d", + tvb_get_ntohs(tvb, offset)); + offset += 2; + left -= 2; + + /* Rest of EAP-SIM data is in Type-Len-Value format. */ + while (left >= 2) { + guint8 type, length; + proto_item *pi; + proto_tree *attr_tree; + int aoffset; + gint aleft; + aoffset = offset; + type = tvb_get_guint8(tvb, aoffset); + length = tvb_get_guint8(tvb, aoffset + 1); + aleft = 4 * length; + + pi = proto_tree_add_text(eap_tree, tvb, aoffset, aleft, + "Attribute: %s", + val_to_str(type, attributes, + "Unknown %u")); + attr_tree = proto_item_add_subtree(pi, ett_eap_sim_attr); + proto_tree_add_text(attr_tree, tvb, aoffset, 1, + "Type: %u", type); + aoffset++; + aleft--; + + if (aleft <= 0) + break; + proto_tree_add_text(attr_tree, tvb, aoffset, 1, + "Length: %d (%d bytes)", + length, 4 * length); + aoffset++; + aleft--; + proto_tree_add_text(attr_tree, tvb, aoffset, aleft, + "Value: %s", + tvb_bytes_to_str(tvb, aoffset, aleft)); + + offset += 4 * length; + left -= 4 * length; + } +} + static int dissect_eap_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean fragmented) @@ -437,8 +669,33 @@ dissect_eap_data(tvbuff_t *tvb, packet_i } break; /********************************************************************* + **********************************************************************/ + case EAP_TYPE_MD5: + if (tree) { + guint8 value_size = tvb_get_guint8(tvb, offset); + gint extra_len = size - 1 - value_size; + proto_tree_add_text(eap_tree, tvb, offset, 1, "Value-Size: %d%s", + value_size, + value_size > size - 1 ? " (overflow)": ""); + if (value_size > size - 1) + value_size = size - 1; + offset++; + proto_tree_add_text(eap_tree, tvb, offset, value_size, + "Value: %s", + tvb_bytes_to_str(tvb, offset, value_size)); + offset += value_size; + if (extra_len > 0) { + proto_tree_add_text(eap_tree, tvb, offset, extra_len, + "Extra data (%d byte%s): %s", extra_len, + plurality(extra_len, "", "s"), + tvb_bytes_to_str(tvb, offset, extra_len)); + } + } + break; + /********************************************************************* EAP-TLS **********************************************************************/ + case EAP_TYPE_PEAP: case EAP_TYPE_TTLS: case EAP_TYPE_TLS: { @@ -454,12 +711,18 @@ dissect_eap_data(tvbuff_t *tvb, packet_i has_length = test_flag(flags,EAP_TLS_FLAG_L); /* Flags field, 1 byte */ - if (tree) + if (tree) { proto_tree_add_text(eap_tree, tvb, offset, 1, "Flags(0x%X): %s%s%s", flags, has_length ? "Length ":"", more_fragments ? "More " :"", test_flag(flags,EAP_TLS_FLAG_S) ? "Start " :""); + if (eap_type == EAP_TYPE_PEAP) { + proto_tree_add_text(eap_tree, tvb, offset, 1, + "PEAP version %d", + flags & EAP_PEAP_FLAG_VERSION); + } + } size--; offset++; @@ -776,6 +1039,20 @@ dissect_eap_data(tvbuff_t *tvb, packet_i break; /* EAP_TYPE_LEAP */ /********************************************************************* + EAP-MSCHAPv2 - draft-kamath-pppext-eap-mschapv2-00.txt + **********************************************************************/ + case EAP_TYPE_MSCHAPV2: + if (tree) + dissect_eap_mschapv2(eap_tree, tvb, offset, size); + break; /* EAP_TYPE_MSCHAPV2 */ + /********************************************************************* + EAP-SIM - draft-haverinen-pppext-eap-sim-12.txt + **********************************************************************/ + case EAP_TYPE_SIM: + if (tree) + dissect_eap_sim(eap_tree, tvb, offset, size); + break; /* EAP_TYPE_SIM */ + /********************************************************************* **********************************************************************/ default: if (tree) { @@ -860,6 +1137,7 @@ proto_register_eap(void) &ett_eap, &ett_eaptls_fragment, &ett_eaptls_fragments, + &ett_eap_sim_attr, }; proto_eap = proto_register_protocol("Extensible Authentication Protocol",
- Follow-Ups:
- Prev by Date: Re: [Ethereal-dev] [PATCH] [ISUP] Certain ISUP messages are reported as malformed
- Next by Date: [Ethereal-dev] [PATCH] Adding new columns for IEEE 802.11 use
- Previous by thread: Re: [Ethereal-dev] Bug causing ethereal to crash
- Next by thread: Re: [Ethereal-dev] [PATCH] Dissect EAP-MD5, EAP-SIM, EAP-PEAP, EAP-MSCHAPv2
- Index(es):