EAP server: Add debug prints to help asleap testing

This adds hexdumps of MSCHAP/MSCHAPv2 Challenge and Response in format
used by asleap. This is only enabled for CONFIG_TESTING_OPTIONS=y
builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-03-29 22:49:16 +03:00
parent 2c1cf90376
commit 1d0f42a073
4 changed files with 56 additions and 0 deletions

View file

@ -149,5 +149,8 @@ int eap_sm_method_pending(struct eap_sm *sm);
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
void eap_server_clear_identity(struct eap_sm *sm); void eap_server_clear_identity(struct eap_sm *sm);
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
const u8 *username, size_t username_len,
const u8 *challenge, const u8 *response);
#endif /* EAP_H */ #endif /* EAP_H */

View file

@ -1979,3 +1979,25 @@ void eap_server_clear_identity(struct eap_sm *sm)
os_free(sm->identity); os_free(sm->identity);
sm->identity = NULL; sm->identity = NULL;
} }
#ifdef CONFIG_TESTING_OPTIONS
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
const u8 *username, size_t username_len,
const u8 *challenge, const u8 *response)
{
char hex_challenge[30], hex_response[90], user[100];
/* Print out Challenge and Response in format supported by asleap. */
if (username)
printf_encode(user, sizeof(user), username, username_len);
else
user[0] = '\0';
wpa_snprintf_hex_sep(hex_challenge, sizeof(hex_challenge),
challenge, sizeof(challenge), ':');
wpa_snprintf_hex_sep(hex_response, sizeof(hex_response), response, 24,
':');
wpa_printf(MSG_DEBUG, "[%s/user=%s] asleap -C %s -R %s",
source, user, hex_challenge, hex_response);
}
#endif /* CONFIG_TESTING_OPTIONS */

View file

@ -360,6 +360,19 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
} }
} }
#ifdef CONFIG_TESTING_OPTIONS
{
u8 challenge[8];
if (challenge_hash(peer_challenge, data->auth_challenge,
username, username_len, challenge) == 0) {
eap_server_mschap_rx_callback(sm, "EAP-MSCHAPV2",
username, username_len,
challenge, nt_response);
}
}
#endif /* CONFIG_TESTING_OPTIONS */
if (username_len != user_len || if (username_len != user_len ||
os_memcmp(username, user, username_len) != 0) { os_memcmp(username, user, username_len) != 0) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names"); wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names");

View file

@ -618,6 +618,12 @@ static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
return; return;
} }
#ifdef CONFIG_TESTING_OPTIONS
eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP",
sm->identity, sm->identity_len,
challenge, response + 2 + 24);
#endif /* CONFIG_TESTING_OPTIONS */
if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
!= 0 || != 0 ||
response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) { response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
@ -740,6 +746,18 @@ static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
} }
rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8; rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
#ifdef CONFIG_TESTING_OPTIONS
{
u8 challenge2[8];
if (challenge_hash(peer_challenge, auth_challenge,
username, username_len, challenge2) == 0) {
eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2",
username, username_len,
challenge2, rx_resp);
}
}
#endif /* CONFIG_TESTING_OPTIONS */
if (os_memcmp_const(nt_response, rx_resp, 24) == 0) { if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct " wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
"NT-Response"); "NT-Response");