/src/wireshark/epan/dissectors/packet-peap.c

Source (jump to first uncovered line)
/* packet-peap.c
 * Routines for PEAP (Protected Extensible Authentication Protocol)
 * draft-kamath-pppext-peapv0
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "config.h"

#include <stdio.h>

#include <epan/packet.h>
#include <epan/eap.h>
#include <epan/expert.h>
#include <wsutil/pint.h>
#include <epan/proto_data.h>

void proto_register_peap(void);
void proto_reg_handoff_peap(void);

static int proto_peap;
static int proto_eap;

static dissector_handle_t peap_handle;
static dissector_handle_t eap_handle;

/*
  From draft-kamath-pppext-peapv0, sec 1.1

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |   Identifier  |            Length             | <-- NOT sent
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |   Value...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   This matches the format of an EAP header but...
    * 'Code', 'Identifier' and 'Length' are NOT sent over the wire
    * 'Code' and 'Identifier' are extracted from the *outer* EAP header
    * 'Length' is derived from the PEAP packet (ie. TLS data frame)
    * ...when 'Type' is 33, the full EAP header is sent
*/

#define EAP_TLS_FLAGS_OFFSET   5
#define EAP_TLS_FLAGS_VERSION  0x07 /* mask */

static int
dissect_peap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
  int version;
  int len;
  int offset = 0;
  tvbuff_t *eap_tvb, *eap_len_tvb, *next_tvb;
  unsigned char *eap_len_buf;
  uint32_t tls_group = pinfo->curr_proto_layer_num << 16;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "PEAP");
  col_clear(pinfo->cinfo, COL_INFO);

  len = tvb_reported_length(tvb);

  eap_tvb = (tvbuff_t *)p_get_proto_data(pinfo->pool, pinfo, proto_eap, PROTO_DATA_EAP_TVB | tls_group);
  version = tvb_get_uint8(eap_tvb, EAP_TLS_FLAGS_OFFSET) & EAP_TLS_FLAGS_VERSION;
  if (version > 0) { /* FIXME support v1 and v2 */
    goto ret;
  }

  if (!(   len >= 5
        && tvb_get_bits16(tvb, offset, 16, ENC_BIG_ENDIAN) == tvb_get_bits16(eap_tvb, 0, 16, ENC_BIG_ENDIAN)
        && tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN) <= tvb_get_uint16(eap_tvb, 2, ENC_BIG_ENDIAN)
        && (
                (tvb_get_uint8(eap_tvb, 0) == EAP_REQUEST && tvb_get_uint8(tvb, offset + 4) == EAP_TYPE_ID)
             || tvb_get_uint8(tvb, offset + 4) == EAP_TYPE_MSAUTH_TLV
           ))) {
    eap_len_buf = (unsigned char *)wmem_alloc(pinfo->pool, 2);
    eap_len_tvb = tvb_new_child_real_data(tvb, eap_len_buf, 2, 2);
    phton16(eap_len_buf, 4 + len);

    next_tvb = tvb_new_composite();
    tvb_composite_append(next_tvb, tvb_new_subset_length(eap_tvb, 0, 2));
    tvb_composite_append(next_tvb, eap_len_tvb);
    tvb_composite_append(next_tvb, tvb_new_subset_length(tvb, offset, 4 + len));
    tvb_composite_finalize(next_tvb);

    add_new_data_source(pinfo, next_tvb, "Pseudo EAP");
  } else {
    next_tvb = tvb;
  }

  call_dissector(eap_handle, next_tvb, pinfo, tree);

ret:
  return len;
}

void
proto_register_peap(void)
{
  proto_peap = proto_register_protocol("Protected Extensible Authentication Protocol",
                                       "PEAP", "peap");
  peap_handle = register_dissector("peap", dissect_peap, proto_peap);
}

void
proto_reg_handoff_peap(void)
{
  proto_eap = proto_get_id_by_filter_name("eap");
  eap_handle = find_dissector_add_dependency("eap", proto_peap);
}
/*
 * Editor modelines
 *
 * Local Variables:
 * c-basic-offset: 2
 * tab-width: 8
 * indent-tabs-mode: nil
 * End:
 *
 * ex: set shiftwidth=2 tabstop=8 expandtab:
 * :indentSize=2:tabSize=8:noTabs=true:
 */

Line	Count	Source (jump to first uncovered line)
1		/* packet-peap.c
2		* Routines for PEAP (Protected Extensible Authentication Protocol)
3		* draft-kamath-pppext-peapv0
4		*
5		* Wireshark - Network traffic analyzer
6		* By Gerald Combs <gerald@wireshark.org>
7		* Copyright 1998 Gerald Combs
8		*
9		* SPDX-License-Identifier: GPL-2.0-or-later
10		*/
11
12		#include "config.h"
13
14		#include <stdio.h>
15
16		#include <epan/packet.h>
17		#include <epan/eap.h>
18		#include <epan/expert.h>
19		#include <wsutil/pint.h>
20		#include <epan/proto_data.h>
21
22		void proto_register_peap(void);
23		void proto_reg_handoff_peap(void);
24
25		static int proto_peap;
26		static int proto_eap;
27
28		static dissector_handle_t peap_handle;
29		static dissector_handle_t eap_handle;
30
31		/*
32		From draft-kamath-pppext-peapv0, sec 1.1
33
34		0 1 2 3
35		0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
36		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
37		\| Code \| Identifier \| Length \| <-- NOT sent
38		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
39		\| Type \| Value...
40		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
41
42		This matches the format of an EAP header but...
43		* 'Code', 'Identifier' and 'Length' are NOT sent over the wire
44		* 'Code' and 'Identifier' are extracted from the outer EAP header
45		* 'Length' is derived from the PEAP packet (ie. TLS data frame)
46		* ...when 'Type' is 33, the full EAP header is sent
47		*/
48
49	0	#define EAP_TLS_FLAGS_OFFSET 5
50	0	#define EAP_TLS_FLAGS_VERSION 0x07 /* mask */
51
52		static int
53		dissect_peap(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
54	0	{
55	0	int version;
56	0	int len;
57	0	int offset = 0;
58	0	tvbuff_t eap_tvb, eap_len_tvb, *next_tvb;
59	0	unsigned char *eap_len_buf;
60	0	uint32_t tls_group = pinfo->curr_proto_layer_num << 16;
61
62	0	col_set_str(pinfo->cinfo, COL_PROTOCOL, "PEAP");
63	0	col_clear(pinfo->cinfo, COL_INFO);
64
65	0	len = tvb_reported_length(tvb);
66
67	0	eap_tvb = (tvbuff_t *)p_get_proto_data(pinfo->pool, pinfo, proto_eap, PROTO_DATA_EAP_TVB \| tls_group);
68	0	version = tvb_get_uint8(eap_tvb, EAP_TLS_FLAGS_OFFSET) & EAP_TLS_FLAGS_VERSION;
69	0	if (version > 0) { /* FIXME support v1 and v2 */
70	0	goto ret;
71	0	}
72
73	0	if (!( len >= 5
74	0	&& tvb_get_bits16(tvb, offset, 16, ENC_BIG_ENDIAN) == tvb_get_bits16(eap_tvb, 0, 16, ENC_BIG_ENDIAN)
75	0	&& tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN) <= tvb_get_uint16(eap_tvb, 2, ENC_BIG_ENDIAN)
76	0	&& (
77	0	(tvb_get_uint8(eap_tvb, 0) == EAP_REQUEST && tvb_get_uint8(tvb, offset + 4) == EAP_TYPE_ID)
78	0	\|\| tvb_get_uint8(tvb, offset + 4) == EAP_TYPE_MSAUTH_TLV
79	0	))) {
80	0	eap_len_buf = (unsigned char *)wmem_alloc(pinfo->pool, 2);
81	0	eap_len_tvb = tvb_new_child_real_data(tvb, eap_len_buf, 2, 2);
82	0	phton16(eap_len_buf, 4 + len);
83
84	0	next_tvb = tvb_new_composite();
85	0	tvb_composite_append(next_tvb, tvb_new_subset_length(eap_tvb, 0, 2));
86	0	tvb_composite_append(next_tvb, eap_len_tvb);
87	0	tvb_composite_append(next_tvb, tvb_new_subset_length(tvb, offset, 4 + len));
88	0	tvb_composite_finalize(next_tvb);
89
90	0	add_new_data_source(pinfo, next_tvb, "Pseudo EAP");
91	0	} else {
92	0	next_tvb = tvb;
93	0	}
94
95	0	call_dissector(eap_handle, next_tvb, pinfo, tree);
96
97	0	ret:
98	0	return len;
99	0	}
100
101		void
102		proto_register_peap(void)
103	14	{
104	14	proto_peap = proto_register_protocol("Protected Extensible Authentication Protocol",
105	14	"PEAP", "peap");
106	14	peap_handle = register_dissector("peap", dissect_peap, proto_peap);
107	14	}
108
109		void
110		proto_reg_handoff_peap(void)
111	14	{
112	14	proto_eap = proto_get_id_by_filter_name("eap");
113	14	eap_handle = find_dissector_add_dependency("eap", proto_peap);
114	14	}
115		/*
116		* Editor modelines
117		*
118		* Local Variables:
119		* c-basic-offset: 2
120		* tab-width: 8
121		* indent-tabs-mode: nil
122		* End:
123		*
124		* ex: set shiftwidth=2 tabstop=8 expandtab:
125		* :indentSize=2:tabSize=8:noTabs=true:
126		*/

Coverage Report

Created: 2025-08-04 07:15