2 * eap_md5.c EAP MD5 functionality.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000,2001,2006 The FreeRADIUS server project
21 * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
26 * MD5 Packet Format in EAP Type-Data
27 * --- ------ ------ -- --- ---------
29 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
30 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
31 * | Value-Size | Value ...
32 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
34 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
38 #include <freeradius-devel/ident.h>
48 * Allocate a new MD5_PACKET
50 MD5_PACKET *eapmd5_alloc(void)
54 if ((rp = malloc(sizeof(MD5_PACKET))) == NULL) {
55 radlog(L_ERR, "rlm_eap_md5: out of memory");
58 memset(rp, 0, sizeof(MD5_PACKET));
65 void eapmd5_free(MD5_PACKET **md5_packet_ptr)
67 MD5_PACKET *md5_packet;
69 if (!md5_packet_ptr) return;
70 md5_packet = *md5_packet_ptr;
71 if (md5_packet == NULL) return;
73 if (md5_packet->value) free(md5_packet->value);
74 if (md5_packet->name) free(md5_packet->name);
78 *md5_packet_ptr = NULL;
82 * We expect only RESPONSE for which SUCCESS or FAILURE is sent back
84 MD5_PACKET *eapmd5_extract(EAP_DS *eap_ds)
88 unsigned short name_len;
91 * We need a response, of type EAP-MD5, with at least
92 * one byte of type data (EAP-MD5) following the 4-byte
97 (eap_ds->response->code != PW_MD5_RESPONSE) ||
98 eap_ds->response->type.type != PW_EAP_MD5 ||
99 !eap_ds->response->type.data ||
100 (eap_ds->response->length <= MD5_HEADER_LEN) ||
101 (eap_ds->response->type.data[0] <= 0)) {
102 radlog(L_ERR, "rlm_eap_md5: corrupted data");
106 packet = eapmd5_alloc();
107 if (!packet) return NULL;
110 * Code & id for MD5 & EAP are same
112 * but md5_length = length of the EAP-MD5 data, which
113 * doesn't include the EAP header, or the octet saying
116 packet->code = eap_ds->response->code;
117 packet->id = eap_ds->response->id;
118 packet->length = eap_ds->response->length - (MD5_HEADER_LEN + 1);
121 * Sanity check the EAP-MD5 packet sent to us
124 data = (md5_packet_t *)eap_ds->response->type.data;
127 * Already checked the size above.
129 packet->value_size = data->value_size;
132 * Allocate room for the data, and copy over the data.
134 packet->value = malloc(packet->value_size);
135 if (packet->value == NULL) {
136 radlog(L_ERR, "rlm_eap_md5: out of memory");
137 eapmd5_free(&packet);
140 memcpy(packet->value, data->value_name, packet->value_size);
143 * Name is optional and is present after Value, but we
144 * need to check for it, as eapmd5_compose()
146 name_len = packet->length - (packet->value_size + 1);
148 packet->name = malloc(name_len + 1);
150 radlog(L_ERR, "rlm_eap_md5: out of memory");
151 eapmd5_free(&packet);
154 memcpy(packet->name, data->value_name + packet->value_size,
156 packet->name[name_len] = 0;
164 * verify = MD5(id+password+challenge_sent)
166 int eapmd5_verify(MD5_PACKET *packet, VALUE_PAIR* password,
170 char string[1 + MAX_STRING_LEN*2];
171 unsigned char output[MAX_STRING_LEN];
177 if (packet->value_size != 16) {
178 radlog(L_ERR, "rlm_eap_md5: Expected 16 bytes of response to challenge, got %d", packet->value_size);
186 * This is really rad_chap_pwencode()...
190 memcpy(ptr, password->vp_strvalue, password->length);
191 ptr += password->length;
192 len += password->length;
195 * The challenge size is hard-coded.
197 memcpy(ptr, challenge, MD5_CHALLENGE_LEN);
198 len += MD5_CHALLENGE_LEN;
200 librad_md5_calc((u_char *)output, (u_char *)string, len);
203 * The length of the response is always 16 for MD5.
205 if (memcmp(output, packet->value, 16) != 0) {
212 * Compose the portions of the reply packet specific to the
213 * EAP-MD5 protocol, in the EAP reply typedata
215 int eapmd5_compose(EAP_DS *eap_ds, MD5_PACKET *reply)
218 unsigned short name_len;
221 * We really only send Challenge (EAP-Identity),
222 * and EAP-Success, and EAP-Failure.
224 if (reply->code < 3) {
225 eap_ds->request->type.type = PW_EAP_MD5;
227 rad_assert(reply->length > 0);
229 eap_ds->request->type.data = malloc(reply->length);
230 if (eap_ds->request->type.data == NULL) {
231 radlog(L_ERR, "rlm_eap_md5: out of memory");
234 ptr = eap_ds->request->type.data;
235 *ptr++ = (uint8_t)(reply->value_size & 0xFF);
236 memcpy(ptr, reply->value, reply->value_size);
238 /* Just the Challenge length */
239 eap_ds->request->type.length = reply->value_size + 1;
242 * Return the name, if necessary.
244 * Don't see why this is *ever* necessary...
246 name_len = reply->length - (reply->value_size + 1);
247 if (name_len && reply->name) {
248 ptr += reply->value_size;
249 memcpy(ptr, reply->name, name_len);
250 /* Challenge length + Name length */
251 eap_ds->request->type.length += name_len;
254 eap_ds->request->type.length = 0;
255 /* TODO: In future we might add message here wrt rfc1994 */
257 eap_ds->request->code = reply->code;