eap_md5.c

Go to the documentation of this file.

/*
 * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 *
 * You can also choose to distribute this program under the terms of
 * the Unmodified Binary Distribution Licence (as given in the file
 * COPYING.UBDL), provided that you have satisfied its requirements.
 */
 
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_SECBOOT ( PERMITTED );
 
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ipxe/md5.h>
#include <ipxe/chap.h>
#include <ipxe/eap.h>
 
/** @file
 *
 * EAP MD5-Challenge authentication method
 *
 */
 
/**
 * Handle EAP MD5-Challenge
 *
 * @v supplicant        EAP supplicant
 * @v req               Request type data
 * @v req_len           Length of request type data
 * @ret rc              Return status code
 */
static int eap_rx_md5 ( struct eap_supplicant *supplicant,
                        const void *req, size_t req_len ) {
        struct net_device *netdev = supplicant->netdev;
        const struct eap_md5 *md5req = req;
        struct {
                uint8_t len;
                uint8_t value[MD5_DIGEST_SIZE];
        } __attribute__ (( packed )) md5rsp;
        struct chap_response chap;
        void *secret;
        int secret_len;
        int rc;
 
        /* Sanity checks */
        if ( req_len < sizeof ( *md5req ) ) {
                DBGC ( netdev, "EAP %s underlength MD5-Challenge:\n",
                       netdev->name );
                DBGC_HDA ( netdev, 0, req, req_len );
                rc = -EINVAL;
                goto err_sanity;
        }
        if ( ( req_len - sizeof ( *md5req ) ) < md5req->len ) {
                DBGC ( netdev, "EAP %s truncated MD5-Challenge:\n",
                       netdev->name );
                DBGC_HDA ( netdev, 0, req, req_len );
                rc = -EINVAL;
                goto err_sanity;
        }
 
        /* Construct response */
        if ( ( rc = chap_init ( &chap, &md5_algorithm ) ) != 0 ) {
                DBGC ( netdev, "EAP %s could not initialise CHAP: %s\n",
                       netdev->name, strerror ( rc ) );
                goto err_chap;
        }
        chap_set_identifier ( &chap, supplicant->id );
        secret_len = fetch_raw_setting_copy ( netdev_settings ( netdev ),
                                              &password_setting, &secret );
        if ( secret_len < 0 ) {
                rc = secret_len;
                DBGC ( netdev, "EAP %s has no secret: %s\n",
                       netdev->name, strerror ( rc ) );
                goto err_secret;
        }
        chap_update ( &chap, secret, secret_len );
        chap_update ( &chap, md5req->value, md5req->len );
        chap_respond ( &chap );
        assert ( chap.response_len == sizeof ( md5rsp.value ) );
        md5rsp.len = sizeof ( md5rsp.value );
        memcpy ( md5rsp.value, chap.response, sizeof ( md5rsp.value ) );
 
        /* Transmit response */
        if ( ( rc = eap_tx_response ( supplicant, &md5rsp,
                                      sizeof ( md5rsp ) ) ) != 0 )
                goto err_tx;
 
 err_tx:
        free ( secret );
 err_secret:
        chap_finish ( &chap );
 err_chap:
 err_sanity:
        return rc;
}
 
/** EAP MD5-Challenge method */
struct eap_method eap_md5_method __eap_method = {
        .type = EAP_TYPE_MD5,
        .rx = eap_rx_md5,
};