2 * eap_md5.c EAP MD5 functionality.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2000,2001 The FreeRADIUS server project
21 * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
26 * MD5 Packet Format in EAP Type-Data
27 * --- ------ ------ -- --- ---------
29 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
30 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
31 * | Value-Size | Value ...
32 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
34 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * Allocate a new MD5_PACKET
47 MD5_PACKET *eapmd5_alloc(void)
51 if ((rp = malloc(sizeof(MD5_PACKET))) == NULL) {
52 radlog(L_ERR, "rlm_eap_md5: out of memory");
55 memset(rp, 0, sizeof(MD5_PACKET));
62 void eapmd5_free(MD5_PACKET **md5_packet_ptr)
64 MD5_PACKET *md5_packet;
66 if (!md5_packet_ptr) return;
67 md5_packet = *md5_packet_ptr;
68 if (md5_packet == NULL) return;
70 if (md5_packet->value) free(md5_packet->value);
71 if (md5_packet->name) free(md5_packet->name);
75 *md5_packet_ptr = NULL;
79 * We expect only RESPONSE for which SUCCESS or FAILURE is sent back
81 MD5_PACKET *eapmd5_extract(EAP_DS *eap_ds)
85 unsigned short name_len;
88 * We need a response, of type EAP-MD5, with at least
89 * one byte of type data (EAP-MD5) following the 4-byte
94 (eap_ds->response->code != PW_MD5_RESPONSE) ||
95 eap_ds->response->type.type != PW_EAP_MD5 ||
96 !eap_ds->response->type.data ||
97 (eap_ds->response->length <= MD5_HEADER_LEN) ||
98 (eap_ds->response->type.data[0] <= 0)) {
99 radlog(L_ERR, "rlm_eap_md5: corrupted data");
103 packet = eapmd5_alloc();
104 if (!packet) return NULL;
107 * Code & id for MD5 & EAP are same
109 * but md5_length = length of the EAP-MD5 data, which
110 * doesn't include the EAP header, or the octet saying
113 packet->code = eap_ds->response->code;
114 packet->id = eap_ds->response->id;
115 packet->length = eap_ds->response->length - (MD5_HEADER_LEN + 1);
118 * Sanity check the EAP-MD5 packet sent to us
121 data = (md5_packet_t *)eap_ds->response->type.data;
124 * Already checked the size above.
126 packet->value_size = data->value_size;
129 * Allocate room for the data, and copy over the data.
131 packet->value = malloc(packet->value_size);
132 if (packet->value == NULL) {
133 radlog(L_ERR, "rlm_eap_md5: out of memory");
134 eapmd5_free(&packet);
137 memcpy(packet->value, data->value_name, packet->value_size);
140 * Name is optional and is present after Value, but we
141 * need to check for it, as eapmd5_compose()
143 name_len = packet->length - (packet->value_size + 1);
145 packet->name = malloc(name_len + 1);
147 radlog(L_ERR, "rlm_eap_md5: out of memory");
148 eapmd5_free(&packet);
151 memcpy(packet->name, data->value_name + packet->value_size,
153 packet->name[name_len] = 0;
161 * verify = MD5(id+password+challenge_sent)
163 int eapmd5_verify(MD5_PACKET *packet, VALUE_PAIR* password,
167 char string[1 + MAX_STRING_LEN*2];
168 unsigned char output[MAX_STRING_LEN];
174 if (packet->value_size != 16) {
175 radlog(L_ERR, "rlm_eap_md5: Expected 16 bytes of response to challenge, got %d", packet->value_size);
183 * This is really rad_chap_pwencode()...
187 memcpy(ptr, password->strvalue, password->length);
188 ptr += password->length;
189 len += password->length;
192 * The challenge size is hard-coded.
194 memcpy(ptr, challenge, MD5_CHALLENGE_LEN);
195 len += MD5_CHALLENGE_LEN;
197 librad_md5_calc((u_char *)output, (u_char *)string, len);
200 * The length of the response is always 16 for MD5.
202 if (memcmp(output, packet->value, 16) != 0) {
209 * Compose the portions of the reply packet specific to the
210 * EAP-MD5 protocol, in the EAP reply typedata
212 int eapmd5_compose(EAP_DS *eap_ds, MD5_PACKET *reply)
215 unsigned short name_len;
218 * We really only send Challenge (EAP-Identity),
219 * and EAP-Success, and EAP-Failure.
221 if (reply->code < 3) {
222 eap_ds->request->type.type = PW_EAP_MD5;
224 rad_assert(reply->length > 0);
225 rad_assert(reply->value_size < 256);
227 eap_ds->request->type.data = malloc(reply->length);
228 if (eap_ds->request->type.data == NULL) {
229 radlog(L_ERR, "rlm_eap_md5: out of memory");
232 ptr = eap_ds->request->type.data;
233 *ptr++ = (uint8_t)(reply->value_size & 0xFF);
234 memcpy(ptr, reply->value, reply->value_size);
236 /* Just the Challenge length */
237 eap_ds->request->type.length = reply->value_size + 1;
240 * Return the name, if necessary.
242 * Don't see why this is *ever* necessary...
244 name_len = reply->length - (reply->value_size + 1);
245 if (name_len && reply->name) {
246 ptr += reply->value_size;
247 memcpy(ptr, reply->name, name_len);
248 /* Challenge length + Name length */
249 eap_ds->request->type.length += name_len;
252 eap_ds->request->type.length = 0;
253 /* TODO: In future we might add message here wrt rfc1994 */
255 eap_ds->request->code = reply->code;