/src/wireshark/epan/dissectors/packet-teap.c
Line | Count | Source |
1 | | /* packet-teap.c |
2 | | * Routines for TEAP (Tunnel Extensible Authentication Protocol) |
3 | | * RFC 7170 |
4 | | * |
5 | | * Wireshark - Network traffic analyzer |
6 | | * By Gerald Combs <gerald@wireshark.org> |
7 | | * Copyright 1998 Gerald Combs |
8 | | * |
9 | | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | | */ |
11 | | |
12 | | #include "config.h" |
13 | | |
14 | | #include <epan/packet.h> |
15 | | #include <epan/expert.h> |
16 | | #include <epan/proto_data.h> |
17 | | |
18 | | void proto_register_teap(void); |
19 | | void proto_reg_handoff_teap(void); |
20 | | |
21 | | static int proto_teap; |
22 | | |
23 | | static int ett_teap; |
24 | | static int ett_teap_tlv; |
25 | | static int ett_pac_attr_tlv; |
26 | | |
27 | | static expert_field ei_teap_bad_length; |
28 | | |
29 | | static dissector_handle_t teap_handle; |
30 | | |
31 | | static dissector_handle_t eap_handle; |
32 | | |
33 | | /* |
34 | | From RFC7170, pg 27 |
35 | | |
36 | | 0 1 2 3 |
37 | | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
38 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
39 | | |M|R| TLV Type | Length | |
40 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
41 | | | Value... |
42 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
43 | | */ |
44 | | |
45 | 14 | #define TEAP_TLV_MANDATORY 0x8000 |
46 | 14 | #define TEAP_TLV_RESERVED 0x4000 |
47 | 33 | #define TEAP_TLV_TYPE 0x3FFF |
48 | | |
49 | 14 | #define TEAP_CRYPTO_FLAGS 0xF0 |
50 | 14 | #define TEAP_CRYPTO_SUBTYPE 0x0F |
51 | | |
52 | | #define TEAP_UNASSIGNED 0 |
53 | 0 | #define TEAP_AUTHORITY_ID 1 |
54 | 0 | #define TEAP_IDENTITY 2 |
55 | 0 | #define TEAP_RESULT 3 |
56 | 0 | #define TEAP_NAK 4 |
57 | 0 | #define TEAP_ERROR 5 |
58 | 0 | #define TEAP_CHANNEL_BINDING 6 |
59 | 0 | #define TEAP_VENDOR_SPECIFIC 7 |
60 | 0 | #define TEAP_REQUEST_ACTION 8 |
61 | 0 | #define TEAP_EAP_PAYLOAD 9 |
62 | 0 | #define TEAP_INTERMEDIATE_RESULT 10 |
63 | 0 | #define TEAP_PAC 11 |
64 | 0 | #define TEAP_CRYPTO_BINDING 12 |
65 | 0 | #define TEAP_BASIC_PWD_AUTH_REQUEST 13 |
66 | 0 | #define TEAP_BASIC_PWD_AUTH_RESPONSE 14 |
67 | 0 | #define TEAP_PKCS7 15 |
68 | 0 | #define TEAP_PKCS10 16 |
69 | 0 | #define TEAP_TRUSTED_SERVER_ROOT 17 |
70 | | |
71 | | static const value_string teap_tlv_type_vals[] = { |
72 | | { TEAP_UNASSIGNED, "Unassigned" }, |
73 | | { TEAP_AUTHORITY_ID, "Authority-ID" }, |
74 | | { TEAP_IDENTITY, "Identity-Type" }, |
75 | | { TEAP_RESULT, "Result" }, |
76 | | { TEAP_NAK, "NAK" }, |
77 | | { TEAP_ERROR, "Error" }, |
78 | | { TEAP_CHANNEL_BINDING, "Channel-Binding" }, |
79 | | { TEAP_VENDOR_SPECIFIC, "Vendor-Specific" }, |
80 | | { TEAP_REQUEST_ACTION, "Request-Action" }, |
81 | | { TEAP_EAP_PAYLOAD, "EAP-Payload" }, |
82 | | { TEAP_INTERMEDIATE_RESULT, "Intermediate-Result" }, |
83 | | { TEAP_PAC, "PAC" }, |
84 | | { TEAP_CRYPTO_BINDING, "Crypto-Binding" }, |
85 | | { TEAP_BASIC_PWD_AUTH_REQUEST, "Basic-Password-Auth-Req" }, |
86 | | { TEAP_BASIC_PWD_AUTH_RESPONSE, "Basic-Password-Auth-Resp" }, |
87 | | { TEAP_PKCS7, "PKCS#7" }, |
88 | | { TEAP_PKCS10, "PKCS#10" }, |
89 | | { TEAP_TRUSTED_SERVER_ROOT, "Trusted-Server-Root" }, |
90 | | { 0, NULL } |
91 | | }; |
92 | | |
93 | | static const value_string teap_identity_vals[] = { |
94 | | { 1, "User" }, |
95 | | { 2, "Machine" }, |
96 | | { 0, NULL } |
97 | | }; |
98 | | |
99 | | static const value_string teap_status_vals[] = { |
100 | | { 1, "Success" }, |
101 | | { 2, "Failure" }, |
102 | | { 0, NULL } |
103 | | }; |
104 | | |
105 | | static const value_string teap_request_action_status_vals[] = { |
106 | | { 1, "Success" }, |
107 | | { 2, "Failure" }, |
108 | | { 0, NULL } |
109 | | }; |
110 | | |
111 | | static const value_string teap_request_action_action_vals[] = { |
112 | | { 1, "Process-TLV" }, |
113 | | { 2, "Negotiate-EAP" }, |
114 | | { 0, NULL } |
115 | | }; |
116 | | |
117 | 0 | #define FLAG_EMSK_PRESENT 1 |
118 | 0 | #define FLAG_MSK_PRESENT 2 |
119 | 0 | #define FLAG_BOTH_PRESENT 3 |
120 | | |
121 | | static const value_string teap_crypto_flags_vals[] = { |
122 | | { FLAG_EMSK_PRESENT, "EMSK Compound MAC is present" }, |
123 | | { FLAG_MSK_PRESENT, "MSK Compound MAC is present" }, |
124 | | { FLAG_BOTH_PRESENT, "Both EMSK and MSK Compound MAC are present" }, |
125 | | { 0, NULL } |
126 | | }; |
127 | | |
128 | | static const value_string teap_crypto_subtype_vals[] = { |
129 | | { 0, "Binding Request" }, |
130 | | { 1, "Binding Response" }, |
131 | | { 0, NULL } |
132 | | }; |
133 | | |
134 | | static const value_string teap_error_code_vals[] = { |
135 | | { 1, "User account expires soon" }, |
136 | | { 2, "User account credential expires soon" }, |
137 | | { 3, "User account authorizations change soon" }, |
138 | | { 4, "Clock skew detected" }, |
139 | | { 5, "Contact administrator" }, |
140 | | { 6, "User account credentials change required" }, |
141 | | { 1001, "Inner Method Error" }, |
142 | | { 1002, "Unspecified authentication infrastructure problem" }, |
143 | | { 1003, "Unspecified authentication failure" }, |
144 | | { 1004, "Unspecified authorization failure" }, |
145 | | { 1005, "User account credentials unavailable" }, |
146 | | { 1006, "User account expired" }, |
147 | | { 1007, "User account locked: try again later" }, |
148 | | { 1008, "User account locked: admin intervention required" }, |
149 | | { 1009, "Authentication infrastructure unavailable" }, |
150 | | { 1010, "Authentication infrastructure not trusted" }, |
151 | | { 1011, "Clock skew too great" }, |
152 | | { 1012, "Invalid inner realm" }, |
153 | | { 1013, "Token out of sync: administrator intervention required" }, |
154 | | { 1014, "Token out of sync: PIN change required" }, |
155 | | { 1015, "Token revoked" }, |
156 | | { 1016, "Tokens exhausted" }, |
157 | | { 1017, "Challenge expired" }, |
158 | | { 1018, "Challenge algorithm mismatch" }, |
159 | | { 1019, "Client certificate not supplied" }, |
160 | | { 1020, "Client certificate rejected" }, |
161 | | { 1021, "Realm mismatch between inner and outer identity" }, |
162 | | { 1022, "Unsupported Algorithm In Certificate Signing Request" }, |
163 | | { 1023, "Unsupported Extension In Certificate Signing Request" }, |
164 | | { 1024, "Bad Identity In Certificate Signing Request" }, |
165 | | { 1025, "Bad Certificate Signing Request" }, |
166 | | { 1026, "Internal CA Error" }, |
167 | | { 1027, "General PKI Error" }, |
168 | | { 1028, "Inner method's channel-binding data required but not supplied" }, |
169 | | { 1029, "Inner method's channel-binding data did not include required information" }, |
170 | | { 1030, "Inner method's channel binding failed" }, |
171 | | { 1031, "User account credentials incorrect [USAGE NOT RECOMMENDED]" }, |
172 | | { 2001, "Tunnel Compromise Error" }, |
173 | | { 2002, "Unexpected TLVs Exchanged" }, |
174 | | { 0, NULL } |
175 | | }; |
176 | | |
177 | 0 | #define PAC_KEY 1 |
178 | 0 | #define PAC_OPAQUE 2 |
179 | 0 | #define PAC_LIFETIME 3 |
180 | 0 | #define PAC_A_ID 4 |
181 | 0 | #define PAC_I_ID 5 |
182 | 0 | #define PAC_RESERVED 6 |
183 | 0 | #define PAC_A_ID_INFO 7 |
184 | 0 | #define PAC_ACK 8 |
185 | 0 | #define PAC_INFO 9 |
186 | 0 | #define PAC_TYPE 10 |
187 | | |
188 | | static const value_string pac_attr_type_vals[] = { |
189 | | { PAC_KEY, "PAC-Key" }, |
190 | | { PAC_OPAQUE, "PAC-Opaque" }, |
191 | | { PAC_LIFETIME, "PAC-Lifetime" }, |
192 | | { PAC_A_ID, "A-ID" }, |
193 | | { PAC_I_ID, "I-ID" }, |
194 | | { PAC_RESERVED, "Reserved" }, |
195 | | { PAC_A_ID_INFO, "A-ID-Info" }, |
196 | | { PAC_ACK, "PAC-Acknowledgement" }, |
197 | | { PAC_INFO, "PAC-Info" }, |
198 | | { PAC_TYPE, "PAC-Type" }, |
199 | | { 0, NULL } |
200 | | }; |
201 | | |
202 | | static const value_string pac_result_vals[] = { |
203 | | { 1, "Success" }, |
204 | | { 2, "Failure" }, |
205 | | { 0, NULL } |
206 | | }; |
207 | | |
208 | | static const value_string pac_type_vals[] = { |
209 | | { 1, "Tunnel PAC" }, |
210 | | { 0, NULL } |
211 | | }; |
212 | | |
213 | | static int hf_teap_tlv_mandatory; |
214 | | static int hf_teap_tlv_reserved; |
215 | | static int hf_teap_tlv_type; |
216 | | static int hf_teap_tlv_len; |
217 | | static int hf_teap_tlv_val; |
218 | | static int hf_teap_auth_id; |
219 | | static int hf_teap_identity; |
220 | | static int hf_teap_status; |
221 | | static int hf_teap_vendor_id; |
222 | | static int hf_teap_request_action_status; |
223 | | static int hf_teap_request_action_action; |
224 | | static int hf_teap_crypto_reserved; |
225 | | static int hf_teap_crypto_version; |
226 | | static int hf_teap_crypto_rcv_version; |
227 | | static int hf_teap_crypto_flags; |
228 | | static int hf_teap_crypto_subtype; |
229 | | static int hf_teap_crypto_nonce; |
230 | | static int hf_teap_crypto_emsk; |
231 | | static int hf_teap_crypto_msk; |
232 | | static int hf_teap_nak_type; |
233 | | static int hf_teap_error_code; |
234 | | static int hf_teap_prompt; |
235 | | static int hf_teap_user_len; |
236 | | static int hf_teap_username; |
237 | | static int hf_teap_pass_len; |
238 | | static int hf_teap_password; |
239 | | |
240 | | static int hf_pac_attr_type; |
241 | | static int hf_pac_attr_pac_key; |
242 | | static int hf_pac_attr_pac_opaque; |
243 | | static int hf_pac_attr_pac_lifetime; |
244 | | static int hf_pac_attr_pac_a_id; |
245 | | static int hf_pac_attr_pac_i_id; |
246 | | static int hf_pac_attr_pac_reserved; |
247 | | static int hf_pac_attr_pac_a_id_info; |
248 | | static int hf_pac_attr_pac_result; |
249 | | static int hf_pac_attr_pac_type; |
250 | | static int hf_pac_attr_val; |
251 | | |
252 | | static int |
253 | | dissect_teap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_); |
254 | | |
255 | | static int |
256 | | dissect_teap_tlv_pac(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t len); |
257 | | |
258 | | static int |
259 | | // NOLINTNEXTLINE(misc-no-recursion) |
260 | | dissect_pac_attr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) |
261 | 0 | { |
262 | 0 | uint16_t type; |
263 | 0 | uint16_t len; |
264 | 0 | int start_offset = offset; |
265 | |
|
266 | 0 | type = tvb_get_uint16(tvb, offset, ENC_BIG_ENDIAN); |
267 | 0 | len = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN); |
268 | |
|
269 | 0 | proto_tree_add_item(tree, hf_pac_attr_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
270 | 0 | offset += 2; |
271 | |
|
272 | 0 | proto_tree_add_item(tree, hf_teap_tlv_len, tvb, offset, 2, ENC_BIG_ENDIAN); |
273 | 0 | offset += 2; |
274 | |
|
275 | 0 | switch (type) { |
276 | 0 | case PAC_KEY: |
277 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_key, tvb, offset, len, ENC_NA); |
278 | 0 | offset += len; |
279 | 0 | break; |
280 | | |
281 | 0 | case PAC_OPAQUE: |
282 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_opaque, tvb, offset, len, ENC_NA); |
283 | 0 | offset += len; |
284 | 0 | break; |
285 | | |
286 | 0 | case PAC_LIFETIME: |
287 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN); |
288 | 0 | offset += 4; |
289 | 0 | break; |
290 | | |
291 | 0 | case PAC_A_ID: |
292 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_a_id, tvb, offset, len, ENC_ASCII); |
293 | 0 | offset += len; |
294 | 0 | break; |
295 | | |
296 | 0 | case PAC_I_ID: |
297 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_i_id, tvb, offset, len, ENC_ASCII); |
298 | 0 | offset += len; |
299 | 0 | break; |
300 | | |
301 | 0 | case PAC_RESERVED: |
302 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_reserved, tvb, offset, len, ENC_NA); |
303 | 0 | offset += len; |
304 | 0 | break; |
305 | | |
306 | 0 | case PAC_A_ID_INFO: |
307 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_a_id_info, tvb, offset, len, ENC_ASCII); |
308 | 0 | offset += len; |
309 | 0 | break; |
310 | | |
311 | 0 | case PAC_ACK: |
312 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_result, tvb, offset, len, ENC_BIG_ENDIAN); |
313 | 0 | offset += len; |
314 | 0 | break; |
315 | | |
316 | 0 | case PAC_INFO: |
317 | 0 | offset += dissect_teap_tlv_pac(tvb, pinfo, tree, offset, len); |
318 | 0 | break; |
319 | | |
320 | 0 | case PAC_TYPE: |
321 | 0 | proto_tree_add_item(tree, hf_pac_attr_pac_type, tvb, offset, len, ENC_BIG_ENDIAN); |
322 | 0 | offset += len; |
323 | 0 | break; |
324 | | |
325 | 0 | default: |
326 | 0 | proto_tree_add_item(tree, hf_pac_attr_val, tvb, offset, len, ENC_NA); |
327 | 0 | offset += len; |
328 | 0 | break; |
329 | 0 | } |
330 | 0 | return offset - start_offset; |
331 | 0 | } |
332 | | |
333 | | static int |
334 | | // NOLINTNEXTLINE(misc-no-recursion) |
335 | | dissect_teap_tlv_pac(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint16_t len) |
336 | 0 | { |
337 | 0 | int start_offset = offset; |
338 | |
|
339 | 0 | increment_dissection_depth(pinfo); |
340 | 0 | while (offset - start_offset < len) { |
341 | 0 | offset += dissect_pac_attr(tvb, pinfo, tree, offset); |
342 | 0 | } |
343 | 0 | decrement_dissection_depth(pinfo); |
344 | 0 | return offset - start_offset; |
345 | 0 | } |
346 | | |
347 | | static int |
348 | | // NOLINTNEXTLINE(misc-no-recursion) |
349 | | dissect_teap_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, bool top) |
350 | 19 | { |
351 | 19 | int start_offset = offset; |
352 | 19 | uint16_t type; |
353 | 19 | uint16_t len; |
354 | 19 | proto_tree *tlv_tree; |
355 | 19 | proto_tree *ti_len; |
356 | 19 | tvbuff_t *next_tvb; |
357 | | |
358 | 19 | type = tvb_get_uint16(tvb, offset, ENC_BIG_ENDIAN) & TEAP_TLV_TYPE; |
359 | 19 | len = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN); |
360 | | |
361 | 19 | tlv_tree = proto_tree_add_subtree_format(tree, tvb, offset, 4 + len, |
362 | 19 | ett_teap_tlv, NULL, "TLV %s (%u): ", |
363 | 19 | val_to_str_const(type, teap_tlv_type_vals, "Unknown"), type); |
364 | | |
365 | 19 | proto_tree_add_item(tlv_tree, hf_teap_tlv_mandatory, tvb, offset, 2, ENC_BIG_ENDIAN); |
366 | 19 | proto_tree_add_item(tlv_tree, hf_teap_tlv_reserved, tvb, offset, 2, ENC_BIG_ENDIAN); |
367 | 19 | proto_tree_add_item(tlv_tree, hf_teap_tlv_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
368 | 19 | offset += 2; |
369 | | |
370 | 19 | proto_tree_add_item(tlv_tree, hf_teap_tlv_len, tvb, offset, 2, ENC_BIG_ENDIAN); |
371 | 19 | offset += 2; |
372 | | |
373 | 19 | if (top) { |
374 | 10 | col_add_str(pinfo->cinfo, COL_INFO, |
375 | 10 | val_to_str(pinfo->pool, type, teap_tlv_type_vals, "Unknown TLV (0x%02X)")); |
376 | 10 | } |
377 | 19 | switch (type) { |
378 | 0 | case TEAP_AUTHORITY_ID: |
379 | 0 | proto_tree_add_item(tlv_tree, hf_teap_auth_id, tvb, offset, len, ENC_NA); |
380 | 0 | offset += len; |
381 | 0 | break; |
382 | | |
383 | 0 | case TEAP_IDENTITY: |
384 | 0 | proto_tree_add_item(tlv_tree, hf_teap_identity, tvb, offset, 2, ENC_BIG_ENDIAN); |
385 | 0 | offset += len; |
386 | 0 | break; |
387 | | |
388 | 0 | case TEAP_RESULT: |
389 | 0 | proto_tree_add_item(tlv_tree, hf_teap_status, tvb, offset, 2, ENC_BIG_ENDIAN); |
390 | 0 | offset += len; |
391 | 0 | break; |
392 | | |
393 | 0 | case TEAP_NAK: |
394 | 0 | proto_tree_add_item(tlv_tree, hf_teap_vendor_id, tvb, offset, 4, ENC_BIG_ENDIAN); |
395 | 0 | offset += 4; |
396 | 0 | proto_tree_add_item(tlv_tree, hf_teap_nak_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
397 | 0 | offset += 2; |
398 | |
|
399 | 0 | if (len > 6) { |
400 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, len - 6); |
401 | 0 | increment_dissection_depth(pinfo); |
402 | 0 | offset += dissect_teap(next_tvb, pinfo, tlv_tree, NULL); |
403 | 0 | decrement_dissection_depth(pinfo); |
404 | 0 | } |
405 | |
|
406 | 0 | break; |
407 | | |
408 | 0 | case TEAP_ERROR: |
409 | 0 | proto_tree_add_item(tlv_tree, hf_teap_error_code, tvb, offset, 4, ENC_BIG_ENDIAN); |
410 | 0 | offset += len; |
411 | 0 | break; |
412 | | |
413 | 0 | case TEAP_VENDOR_SPECIFIC: |
414 | 0 | proto_tree_add_item(tlv_tree, hf_teap_vendor_id, tvb, offset, 4, ENC_BIG_ENDIAN); |
415 | 0 | offset += len; |
416 | 0 | break; |
417 | | |
418 | 0 | case TEAP_REQUEST_ACTION: |
419 | 0 | proto_tree_add_item(tlv_tree, hf_teap_request_action_status, tvb, offset, 1, ENC_BIG_ENDIAN); |
420 | 0 | offset += 1; |
421 | 0 | proto_tree_add_item(tlv_tree, hf_teap_request_action_action, tvb, offset, 1, ENC_BIG_ENDIAN); |
422 | 0 | offset += 1; |
423 | |
|
424 | 0 | if (len > 2) { |
425 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, len - 2); |
426 | 0 | offset += dissect_teap(next_tvb, pinfo, tlv_tree, NULL); |
427 | 0 | } |
428 | |
|
429 | 0 | break; |
430 | | |
431 | 0 | case TEAP_EAP_PAYLOAD: |
432 | 0 | { |
433 | 0 | uint16_t eaplen = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN); |
434 | |
|
435 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, eaplen); |
436 | 0 | call_dissector(eap_handle, next_tvb, pinfo, tlv_tree); |
437 | 0 | offset += eaplen; |
438 | |
|
439 | 0 | if (len > eaplen) { |
440 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, len - eaplen); |
441 | 0 | offset += dissect_teap(next_tvb, pinfo, tlv_tree, NULL); |
442 | 0 | } |
443 | 0 | } |
444 | 0 | break; |
445 | | |
446 | 0 | case TEAP_INTERMEDIATE_RESULT: |
447 | 0 | proto_tree_add_item(tlv_tree, hf_teap_status, tvb, offset, 2, ENC_BIG_ENDIAN); |
448 | 0 | offset += 2; |
449 | |
|
450 | 0 | if (len > 2) { |
451 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, len - 2); |
452 | 0 | offset += dissect_teap(next_tvb, pinfo, tlv_tree, NULL); |
453 | 0 | } |
454 | |
|
455 | 0 | break; |
456 | | |
457 | 0 | case TEAP_PAC: |
458 | 0 | offset += dissect_teap_tlv_pac(tvb, pinfo, tlv_tree, offset, len); |
459 | 0 | break; |
460 | | |
461 | 0 | case TEAP_CRYPTO_BINDING: |
462 | 0 | { |
463 | 0 | uint8_t flags; |
464 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_reserved, tvb, offset, 1, ENC_BIG_ENDIAN); |
465 | 0 | offset += 1; |
466 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_version, tvb, offset, 1, ENC_BIG_ENDIAN); |
467 | 0 | offset += 1; |
468 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_rcv_version, tvb, offset, 1, ENC_BIG_ENDIAN); |
469 | 0 | offset += 1; |
470 | 0 | flags = (tvb_get_uint8(tvb, offset) & TEAP_CRYPTO_FLAGS) >> 4; |
471 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_flags, tvb, offset, 1, ENC_BIG_ENDIAN); |
472 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_subtype, tvb, offset, 1, ENC_BIG_ENDIAN); |
473 | 0 | offset += 1; |
474 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_nonce, tvb, offset, 32, ENC_NA); |
475 | 0 | offset += 32; |
476 | 0 | if (flags == FLAG_EMSK_PRESENT || flags == FLAG_BOTH_PRESENT) { |
477 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_emsk, tvb, offset, 20, ENC_NA); |
478 | 0 | } |
479 | 0 | offset += 20; |
480 | 0 | if (flags == FLAG_MSK_PRESENT || flags == FLAG_BOTH_PRESENT) { |
481 | 0 | proto_tree_add_item(tlv_tree, hf_teap_crypto_msk, tvb, offset, 20, ENC_NA); |
482 | 0 | } |
483 | 0 | offset += 20; |
484 | 0 | } |
485 | 0 | break; |
486 | | |
487 | 0 | case TEAP_BASIC_PWD_AUTH_REQUEST: |
488 | 0 | if (len > 0) { |
489 | 0 | proto_tree_add_item(tlv_tree, hf_teap_prompt, tvb, offset, len, ENC_ASCII); |
490 | 0 | offset += len; |
491 | 0 | } |
492 | 0 | break; |
493 | | |
494 | 0 | case TEAP_BASIC_PWD_AUTH_RESPONSE: |
495 | 0 | { |
496 | 0 | uint8_t auth_len; |
497 | 0 | auth_len = tvb_get_uint8(tvb, offset); |
498 | 0 | proto_tree_add_item(tlv_tree, hf_teap_user_len, tvb, offset, 1, ENC_BIG_ENDIAN); |
499 | 0 | offset += 1; |
500 | 0 | proto_tree_add_item(tlv_tree, hf_teap_username, tvb, offset, auth_len, ENC_ASCII); |
501 | 0 | offset += auth_len; |
502 | |
|
503 | 0 | auth_len = tvb_get_uint8(tvb, offset); |
504 | 0 | proto_tree_add_item(tlv_tree, hf_teap_pass_len, tvb, offset, 1, ENC_BIG_ENDIAN); |
505 | 0 | offset += 1; |
506 | 0 | proto_tree_add_item(tlv_tree, hf_teap_password, tvb, offset, auth_len, ENC_ASCII); |
507 | 0 | offset += auth_len; |
508 | 0 | } |
509 | 0 | break; |
510 | | |
511 | 0 | case TEAP_CHANNEL_BINDING: |
512 | 0 | case TEAP_TRUSTED_SERVER_ROOT: |
513 | 0 | case TEAP_PKCS7: |
514 | 0 | case TEAP_PKCS10: |
515 | 13 | default: |
516 | 13 | ti_len = proto_tree_add_item(tlv_tree, hf_teap_tlv_val, tvb, offset, len, ENC_NA); |
517 | 13 | if ((unsigned)len + 4 > tvb_reported_length(tvb)) { |
518 | 0 | expert_add_info(pinfo, ti_len, &ei_teap_bad_length); |
519 | 0 | } |
520 | 13 | offset += len; |
521 | 13 | break; |
522 | 19 | } |
523 | | |
524 | 3 | return offset - start_offset; |
525 | 19 | } |
526 | | |
527 | | static int |
528 | | // NOLINTNEXTLINE(misc-no-recursion) |
529 | | dissect_teap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) |
530 | 17 | { |
531 | 17 | proto_tree *ti; |
532 | 17 | proto_tree *teap_tree; |
533 | 17 | int offset = 0; |
534 | | |
535 | 17 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "TEAP"); |
536 | 17 | col_clear(pinfo->cinfo, COL_INFO); |
537 | | |
538 | 17 | ti = proto_tree_add_item(tree, proto_teap, tvb, 0, tvb_captured_length(tvb), ENC_NA); |
539 | 17 | teap_tree = proto_item_add_subtree(ti, ett_teap); |
540 | | |
541 | 36 | while (offset < (int)tvb_captured_length(tvb)) { |
542 | 19 | offset += dissect_teap_tlv(tvb, pinfo, teap_tree, offset, offset == 0); |
543 | 19 | } |
544 | | |
545 | 17 | return tvb_captured_length(tvb); |
546 | 17 | } |
547 | | |
548 | | void |
549 | | proto_register_teap(void) |
550 | 14 | { |
551 | 14 | static hf_register_info hf[] = { |
552 | 14 | { &hf_teap_tlv_mandatory, { |
553 | 14 | "Mandatory", "teap.tlv.mandatory", |
554 | 14 | FT_BOOLEAN, 16, NULL, TEAP_TLV_MANDATORY, |
555 | 14 | NULL, HFILL }}, |
556 | | |
557 | 14 | { &hf_teap_tlv_reserved, { |
558 | 14 | "Reserved", "teap.tlv.reserved", |
559 | 14 | FT_UINT16, BASE_DEC, NULL, TEAP_TLV_RESERVED, |
560 | 14 | NULL, HFILL }}, |
561 | | |
562 | 14 | { &hf_teap_tlv_type, { |
563 | 14 | "Type", "teap.tlv.type", |
564 | 14 | FT_UINT16, BASE_DEC, VALS(teap_tlv_type_vals), TEAP_TLV_TYPE, |
565 | 14 | NULL, HFILL }}, |
566 | | |
567 | 14 | { &hf_teap_tlv_len, { |
568 | 14 | "Length", "teap.tlv.len", |
569 | 14 | FT_UINT16, BASE_DEC, NULL, 0x00, |
570 | 14 | NULL, HFILL }}, |
571 | | |
572 | 14 | { &hf_teap_auth_id, { |
573 | 14 | "ID", "teap.authority-id", |
574 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
575 | 14 | NULL, HFILL }}, |
576 | | |
577 | 14 | { &hf_teap_identity, { |
578 | 14 | "Identity", "teap.identity", |
579 | 14 | FT_UINT16, BASE_DEC, VALS(teap_identity_vals), 0x0, |
580 | 14 | NULL, HFILL }}, |
581 | | |
582 | 14 | { &hf_teap_status, { |
583 | 14 | "Status", "teap.status", |
584 | 14 | FT_UINT16, BASE_DEC, VALS(teap_status_vals), 0x0, |
585 | 14 | NULL, HFILL }}, |
586 | | |
587 | 14 | { &hf_teap_vendor_id, { |
588 | 14 | "Vendor-Id", "teap.vendor-id", |
589 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
590 | 14 | NULL, HFILL }}, |
591 | | |
592 | 14 | { &hf_teap_crypto_reserved, { |
593 | 14 | "Reserved", "teap.crypto.reserved", |
594 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
595 | 14 | NULL, HFILL }}, |
596 | | |
597 | 14 | { &hf_teap_crypto_version, { |
598 | 14 | "Version", "teap.crypto.version", |
599 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
600 | 14 | NULL, HFILL }}, |
601 | | |
602 | 14 | { &hf_teap_crypto_rcv_version, { |
603 | 14 | "Received Version", "teap.crypto.received-version", |
604 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
605 | 14 | NULL, HFILL }}, |
606 | | |
607 | 14 | { &hf_teap_crypto_flags, { |
608 | 14 | "Flags", "teap.crypto.flags", |
609 | 14 | FT_UINT8, BASE_DEC, VALS(teap_crypto_flags_vals), TEAP_CRYPTO_FLAGS, |
610 | 14 | NULL, HFILL }}, |
611 | | |
612 | 14 | { &hf_teap_crypto_subtype, { |
613 | 14 | "Subtype", "teap.crypto.subtype", |
614 | 14 | FT_UINT8, BASE_DEC, VALS(teap_crypto_subtype_vals), TEAP_CRYPTO_SUBTYPE, |
615 | 14 | NULL, HFILL }}, |
616 | | |
617 | 14 | { &hf_teap_crypto_nonce, { |
618 | 14 | "Nonce", "teap.crypto.nonce", |
619 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
620 | 14 | NULL, HFILL }}, |
621 | | |
622 | 14 | { &hf_teap_crypto_emsk, { |
623 | 14 | "EMSK Compound MAC", "teap.crypto.emsk", |
624 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
625 | 14 | NULL, HFILL }}, |
626 | | |
627 | 14 | { &hf_teap_crypto_msk, { |
628 | 14 | "MSK Compound MAC", "teap.crypto.msk", |
629 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
630 | 14 | NULL, HFILL }}, |
631 | | |
632 | 14 | { &hf_teap_nak_type, { |
633 | 14 | "NAK-Type", "teap.nak-type", |
634 | 14 | FT_UINT16, BASE_HEX, NULL, 0x0, |
635 | 14 | NULL, HFILL }}, |
636 | | |
637 | 14 | { &hf_teap_error_code, { |
638 | 14 | "Error-Code", "teap.error-code", |
639 | 14 | FT_UINT32, BASE_DEC, VALS(teap_error_code_vals), 0x0, |
640 | 14 | NULL, HFILL }}, |
641 | | |
642 | 14 | { &hf_teap_request_action_action, { |
643 | 14 | "Action", "teap.request-action.action", |
644 | 14 | FT_UINT8, BASE_DEC, VALS(teap_request_action_action_vals), 0x0, |
645 | 14 | NULL, HFILL }}, |
646 | | |
647 | 14 | { &hf_teap_request_action_status, { |
648 | 14 | "Status", "teap.request-action.status", |
649 | 14 | FT_UINT8, BASE_DEC, VALS(teap_request_action_status_vals), 0x0, |
650 | 14 | NULL, HFILL }}, |
651 | | |
652 | 14 | { &hf_teap_prompt, { |
653 | 14 | "Prompt", "teap.prompt", |
654 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
655 | 14 | NULL, HFILL }}, |
656 | | |
657 | 14 | { &hf_teap_user_len, { |
658 | 14 | "Userlen", "teap.user_len", |
659 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
660 | 14 | NULL, HFILL }}, |
661 | | |
662 | 14 | { &hf_teap_username, { |
663 | 14 | "Username", "teap.username", |
664 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
665 | 14 | NULL, HFILL }}, |
666 | | |
667 | 14 | { &hf_teap_pass_len, { |
668 | 14 | "Passlen", "teap.pass_len", |
669 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
670 | 14 | NULL, HFILL }}, |
671 | | |
672 | 14 | { &hf_teap_password, { |
673 | 14 | "Password", "teap.password", |
674 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
675 | 14 | NULL, HFILL }}, |
676 | | |
677 | 14 | { &hf_teap_tlv_val, { |
678 | 14 | "Value", "teap.tlv.val", |
679 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
680 | 14 | NULL, HFILL }}, |
681 | | |
682 | 14 | { &hf_pac_attr_type, { |
683 | 14 | "Type", "teap.pac.type", |
684 | 14 | FT_UINT16, BASE_DEC, VALS(pac_attr_type_vals), 0x0, |
685 | 14 | NULL, HFILL }}, |
686 | | |
687 | 14 | { &hf_pac_attr_pac_key, { |
688 | 14 | "Key", "teap.pac.key", |
689 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
690 | 14 | NULL, HFILL }}, |
691 | | |
692 | 14 | { &hf_pac_attr_pac_opaque, { |
693 | 14 | "Opaque", "teap.pac.opaque", |
694 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
695 | 14 | NULL, HFILL }}, |
696 | | |
697 | 14 | { &hf_pac_attr_pac_lifetime, { |
698 | 14 | "Lifetime", "teap.pac.lifetime", |
699 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
700 | 14 | NULL, HFILL }}, |
701 | | |
702 | 14 | { &hf_pac_attr_pac_a_id, { |
703 | 14 | "A-ID", "teap.pac.a-id", |
704 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
705 | 14 | NULL, HFILL }}, |
706 | | |
707 | 14 | { &hf_pac_attr_pac_i_id, { |
708 | 14 | "I-ID", "teap.pac.i-id", |
709 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
710 | 14 | NULL, HFILL }}, |
711 | | |
712 | 14 | { &hf_pac_attr_pac_reserved, { |
713 | 14 | "Reserved", "teap.pac.reserved", |
714 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
715 | 14 | NULL, HFILL }}, |
716 | | |
717 | 14 | { &hf_pac_attr_pac_a_id_info, { |
718 | 14 | "A-ID-Info", "teap.pac.a-id-info", |
719 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
720 | 14 | NULL, HFILL }}, |
721 | | |
722 | 14 | { &hf_pac_attr_pac_result, { |
723 | 14 | "Type", "teap.pac.result", |
724 | 14 | FT_UINT16, BASE_DEC, VALS(pac_result_vals), 0x0, |
725 | 14 | NULL, HFILL }}, |
726 | | |
727 | 14 | { &hf_pac_attr_pac_type, { |
728 | 14 | "Type", "teap.pac.pac-type", |
729 | 14 | FT_UINT16, BASE_DEC, VALS(pac_type_vals), 0x0, |
730 | 14 | NULL, HFILL }}, |
731 | | |
732 | 14 | { &hf_pac_attr_val, { |
733 | 14 | "Value", "teap.pac.val", |
734 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
735 | 14 | NULL, HFILL }}, |
736 | 14 | }; |
737 | | |
738 | 14 | static int *ett[] = { |
739 | 14 | &ett_teap, |
740 | 14 | &ett_teap_tlv, |
741 | 14 | &ett_pac_attr_tlv, |
742 | 14 | }; |
743 | 14 | static ei_register_info ei[] = { |
744 | 14 | { &ei_teap_bad_length, { "teap.bad_length", PI_PROTOCOL, PI_WARN, "Bad length (too large)", EXPFILL }}, |
745 | 14 | }; |
746 | | |
747 | 14 | expert_module_t* expert_teap; |
748 | | |
749 | 14 | proto_teap = proto_register_protocol("Tunnel Extensible Authentication Protocol", |
750 | 14 | "TEAP", "teap"); |
751 | 14 | proto_register_field_array(proto_teap, hf, array_length(hf)); |
752 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
753 | 14 | expert_teap = expert_register_protocol(proto_teap); |
754 | 14 | expert_register_field_array(expert_teap, ei, array_length(ei)); |
755 | | |
756 | 14 | teap_handle = register_dissector("teap", dissect_teap, proto_teap); |
757 | 14 | } |
758 | | |
759 | | void |
760 | | proto_reg_handoff_teap(void) |
761 | 14 | { |
762 | 14 | eap_handle = find_dissector_add_dependency("eap", proto_teap); |
763 | 14 | } |
764 | | /* |
765 | | * Editor modelines |
766 | | * |
767 | | * Local Variables: |
768 | | * c-basic-offset: 2 |
769 | | * tab-width: 8 |
770 | | * indent-tabs-mode: nil |
771 | | * End: |
772 | | * |
773 | | * ex: set shiftwidth=2 tabstop=8 expandtab: |
774 | | * :indentSize=2:tabSize=8:noTabs=true: |
775 | | */ |