EAP server: Add debug prints to help asleap testing
This adds hexdumps of MSCHAP/MSCHAPv2 Challenge and Response in format used by asleap. This is only enabled for CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
2c1cf90376
commit
1d0f42a073
4 changed files with 56 additions and 0 deletions
|
@ -149,5 +149,8 @@ int eap_sm_method_pending(struct eap_sm *sm);
|
||||||
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
|
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
|
||||||
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
|
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
|
||||||
void eap_server_clear_identity(struct eap_sm *sm);
|
void eap_server_clear_identity(struct eap_sm *sm);
|
||||||
|
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
|
||||||
|
const u8 *username, size_t username_len,
|
||||||
|
const u8 *challenge, const u8 *response);
|
||||||
|
|
||||||
#endif /* EAP_H */
|
#endif /* EAP_H */
|
||||||
|
|
|
@ -1979,3 +1979,25 @@ void eap_server_clear_identity(struct eap_sm *sm)
|
||||||
os_free(sm->identity);
|
os_free(sm->identity);
|
||||||
sm->identity = NULL;
|
sm->identity = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
|
||||||
|
const u8 *username, size_t username_len,
|
||||||
|
const u8 *challenge, const u8 *response)
|
||||||
|
{
|
||||||
|
char hex_challenge[30], hex_response[90], user[100];
|
||||||
|
|
||||||
|
/* Print out Challenge and Response in format supported by asleap. */
|
||||||
|
if (username)
|
||||||
|
printf_encode(user, sizeof(user), username, username_len);
|
||||||
|
else
|
||||||
|
user[0] = '\0';
|
||||||
|
wpa_snprintf_hex_sep(hex_challenge, sizeof(hex_challenge),
|
||||||
|
challenge, sizeof(challenge), ':');
|
||||||
|
wpa_snprintf_hex_sep(hex_response, sizeof(hex_response), response, 24,
|
||||||
|
':');
|
||||||
|
wpa_printf(MSG_DEBUG, "[%s/user=%s] asleap -C %s -R %s",
|
||||||
|
source, user, hex_challenge, hex_response);
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
|
@ -360,6 +360,19 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
{
|
||||||
|
u8 challenge[8];
|
||||||
|
|
||||||
|
if (challenge_hash(peer_challenge, data->auth_challenge,
|
||||||
|
username, username_len, challenge) == 0) {
|
||||||
|
eap_server_mschap_rx_callback(sm, "EAP-MSCHAPV2",
|
||||||
|
username, username_len,
|
||||||
|
challenge, nt_response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
if (username_len != user_len ||
|
if (username_len != user_len ||
|
||||||
os_memcmp(username, user, username_len) != 0) {
|
os_memcmp(username, user, username_len) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names");
|
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names");
|
||||||
|
|
|
@ -618,6 +618,12 @@ static void eap_ttls_process_phase2_mschap(struct eap_sm *sm,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP",
|
||||||
|
sm->identity, sm->identity_len,
|
||||||
|
challenge, response + 2 + 24);
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
|
if (os_memcmp_const(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN)
|
||||||
!= 0 ||
|
!= 0 ||
|
||||||
response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
|
response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) {
|
||||||
|
@ -740,6 +746,18 @@ static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
||||||
}
|
}
|
||||||
|
|
||||||
rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
|
rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
{
|
||||||
|
u8 challenge2[8];
|
||||||
|
|
||||||
|
if (challenge_hash(peer_challenge, auth_challenge,
|
||||||
|
username, username_len, challenge2) == 0) {
|
||||||
|
eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2",
|
||||||
|
username, username_len,
|
||||||
|
challenge2, rx_resp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
|
if (os_memcmp_const(nt_response, rx_resp, 24) == 0) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
|
||||||
"NT-Response");
|
"NT-Response");
|
||||||
|
|
Loading…
Reference in a new issue