File: | builds/wireshark/wireshark/epan/dissectors/packet-eap.c |
Warning: | line 969, column 5 Value stored to 'item' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* packet-eap.c |
2 | * Routines for EAP Extensible Authentication Protocol dissection |
3 | * RFC 2284, RFC 3748 |
4 | * |
5 | * Wireshark - Network traffic analyzer |
6 | * By Gerald Combs <[email protected]> |
7 | * Copyright 1998 Gerald Combs |
8 | * |
9 | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | */ |
11 | |
12 | #include "config.h" |
13 | |
14 | #include <epan/packet.h> |
15 | #include <epan/conversation.h> |
16 | #include <epan/ppptypes.h> |
17 | #include <epan/reassemble.h> |
18 | #include <epan/eap.h> |
19 | #include <epan/expert.h> |
20 | #include <epan/proto_data.h> |
21 | #include <wsutil/strtoi.h> |
22 | |
23 | #include "packet-eapol.h" |
24 | #include "packet-wps.h" |
25 | #include "packet-e212.h" |
26 | #include "packet-tls-utils.h" |
27 | |
28 | void proto_register_eap(void); |
29 | void proto_reg_handoff_eap(void); |
30 | |
31 | static int proto_eap; |
32 | static int hf_eap_code; |
33 | static int hf_eap_identifier; |
34 | static int hf_eap_len; |
35 | static int hf_eap_type; |
36 | static int hf_eap_type_nak; |
37 | |
38 | static int hf_eap_identity; |
39 | static int hf_eap_identity_full; |
40 | static int hf_eap_identity_actual_len; |
41 | static int hf_eap_identity_prefix; |
42 | static int hf_eap_identity_type; |
43 | static int hf_eap_identity_certificate_sn; |
44 | static int hf_eap_identity_mcc; |
45 | static int hf_eap_identity_mcc_mnc_2digits; |
46 | static int hf_eap_identity_mcc_mnc_3digits; |
47 | static int hf_eap_identity_padding; |
48 | |
49 | static int hf_eap_notification; |
50 | |
51 | static int hf_eap_md5_value_size; |
52 | static int hf_eap_md5_value; |
53 | static int hf_eap_md5_extra_data; |
54 | |
55 | static int hf_eap_sim_subtype; |
56 | static int hf_eap_sim_reserved; |
57 | static int hf_eap_sim_subtype_attribute; |
58 | static int hf_eap_sim_subtype_type; |
59 | static int hf_eap_sim_subtype_length; |
60 | static int hf_eap_sim_notification_type; |
61 | static int hf_eap_sim_error_code_type; |
62 | static int hf_eap_sim_subtype_value; |
63 | |
64 | static int hf_eap_aka_subtype; |
65 | static int hf_eap_aka_reserved; |
66 | static int hf_eap_aka_subtype_attribute; |
67 | static int hf_eap_aka_subtype_type; |
68 | static int hf_eap_aka_subtype_length; |
69 | static int hf_eap_aka_notification_type; |
70 | static int hf_eap_aka_error_code_type; |
71 | static int hf_eap_aka_rand; |
72 | static int hf_eap_aka_autn; |
73 | static int hf_eap_aka_res_len; |
74 | static int hf_eap_aka_res; |
75 | static int hf_eap_aka_auts; |
76 | static int hf_eap_aka_subtype_value; |
77 | |
78 | static int hf_eap_leap_version; |
79 | static int hf_eap_leap_reserved; |
80 | static int hf_eap_leap_count; |
81 | static int hf_eap_leap_peer_challenge; |
82 | static int hf_eap_leap_peer_response; |
83 | static int hf_eap_leap_ap_challenge; |
84 | static int hf_eap_leap_ap_response; |
85 | static int hf_eap_leap_data; |
86 | static int hf_eap_leap_name; |
87 | |
88 | static int hf_eap_ms_chap_v2_opcode; |
89 | static int hf_eap_ms_chap_v2_id; |
90 | static int hf_eap_ms_chap_v2_length; |
91 | static int hf_eap_ms_chap_v2_value_size; |
92 | static int hf_eap_ms_chap_v2_challenge; |
93 | static int hf_eap_ms_chap_v2_name; |
94 | static int hf_eap_ms_chap_v2_peer_challenge; |
95 | static int hf_eap_ms_chap_v2_reserved; |
96 | static int hf_eap_ms_chap_v2_nt_response; |
97 | static int hf_eap_ms_chap_v2_flags; |
98 | static int hf_eap_ms_chap_v2_response; |
99 | static int hf_eap_ms_chap_v2_message; |
100 | static int hf_eap_ms_chap_v2_failure_request; |
101 | static int hf_eap_ms_chap_v2_data; |
102 | |
103 | static int hf_eap_pax_opcode; |
104 | static int hf_eap_pax_flags; |
105 | static int hf_eap_pax_flags_mf; |
106 | static int hf_eap_pax_flags_ce; |
107 | static int hf_eap_pax_flags_ai; |
108 | static int hf_eap_pax_flags_reserved; |
109 | static int hf_eap_pax_mac_id; |
110 | static int hf_eap_pax_dh_group_id; |
111 | static int hf_eap_pax_public_key_id; |
112 | static int hf_eap_pax_a_len; |
113 | static int hf_eap_pax_a; |
114 | static int hf_eap_pax_b_len; |
115 | static int hf_eap_pax_b; |
116 | static int hf_eap_pax_cid_len; |
117 | static int hf_eap_pax_cid; |
118 | static int hf_eap_pax_mac_ck_len; |
119 | static int hf_eap_pax_mac_ck; |
120 | static int hf_eap_pax_ade_len; |
121 | static int hf_eap_pax_ade; |
122 | static int hf_eap_pax_mac_icv; |
123 | |
124 | static int hf_eap_psk_flags; |
125 | static int hf_eap_psk_flags_t; |
126 | static int hf_eap_psk_flags_reserved; |
127 | static int hf_eap_psk_rand_p; |
128 | static int hf_eap_psk_rand_s; |
129 | static int hf_eap_psk_mac_p; |
130 | static int hf_eap_psk_mac_s; |
131 | static int hf_eap_psk_id_p; |
132 | static int hf_eap_psk_id_s; |
133 | static int hf_eap_psk_pchannel; |
134 | |
135 | static int hf_eap_sake_version; |
136 | static int hf_eap_sake_session_id; |
137 | static int hf_eap_sake_subtype; |
138 | static int hf_eap_sake_attr_type; |
139 | static int hf_eap_sake_attr_len; |
140 | static int hf_eap_sake_attr_value; |
141 | static int hf_eap_sake_attr_value_str; |
142 | static int hf_eap_sake_attr_value_uint48; |
143 | |
144 | static int hf_eap_gpsk_opcode; |
145 | static int hf_eap_gpsk_id_server_len; |
146 | static int hf_eap_gpsk_id_server; |
147 | static int hf_eap_gpsk_id_peer_len; |
148 | static int hf_eap_gpsk_id_peer; |
149 | static int hf_eap_gpsk_rand_server; |
150 | static int hf_eap_gpsk_rand_peer; |
151 | static int hf_eap_gpsk_csuite_list_len; |
152 | static int hf_eap_gpsk_csuite_vendor; |
153 | static int hf_eap_gpsk_csuite_specifier; |
154 | static int hf_eap_gpsk_pd_payload_len; |
155 | static int hf_eap_gpsk_pd_payload; |
156 | static int hf_eap_gpsk_payload_mac; |
157 | static int hf_eap_gpsk_failure_code; |
158 | |
159 | static int hf_eap_msauth_tlv_mandatory; |
160 | static int hf_eap_msauth_tlv_reserved; |
161 | static int hf_eap_msauth_tlv_type; |
162 | static int hf_eap_msauth_tlv_len; |
163 | static int hf_eap_msauth_tlv_val; |
164 | static int hf_eap_msauth_tlv_status; |
165 | static int hf_eap_msauth_tlv_crypto_reserved; |
166 | static int hf_eap_msauth_tlv_crypto_version; |
167 | static int hf_eap_msauth_tlv_crypto_rcv_version; |
168 | static int hf_eap_msauth_tlv_crypto_subtype; |
169 | static int hf_eap_msauth_tlv_crypto_nonce; |
170 | static int hf_eap_msauth_tlv_crypto_cmac; |
171 | |
172 | static int hf_eap_data; |
173 | |
174 | static int ett_eap; |
175 | static int ett_eap_pax_flags; |
176 | static int ett_eap_psk_flags; |
177 | static int ett_eap_sake_attr; |
178 | static int ett_eap_gpsk_csuite_list; |
179 | static int ett_eap_gpsk_csuite; |
180 | static int ett_eap_gpsk_csuite_sel; |
181 | static int ett_eap_msauth_tlv; |
182 | static int ett_eap_msauth_tlv_tree; |
183 | |
184 | static expert_field ei_eap_ms_chap_v2_length; |
185 | static expert_field ei_eap_mitm_attacks; |
186 | static expert_field ei_eap_md5_value_size_overflow; |
187 | static expert_field ei_eap_dictionary_attacks; |
188 | static expert_field ei_eap_identity_nonascii; |
189 | static expert_field ei_eap_identity_invalid; |
190 | static expert_field ei_eap_retransmission; |
191 | static expert_field ei_eap_bad_length; |
192 | |
193 | static dissector_table_t eap_expanded_type_dissector_table; |
194 | |
195 | static dissector_handle_t eap_handle; |
196 | |
197 | static dissector_handle_t tls_handle; |
198 | static dissector_handle_t diameter_avps_handle; |
199 | static dissector_handle_t peap_handle; |
200 | static dissector_handle_t teap_handle; |
201 | |
202 | static dissector_handle_t isakmp_handle; |
203 | |
204 | const value_string eap_code_vals[] = { |
205 | { EAP_REQUEST1, "Request" }, |
206 | { EAP_RESPONSE2, "Response" }, |
207 | { EAP_SUCCESS3, "Success" }, |
208 | { EAP_FAILURE4, "Failure" }, |
209 | { EAP_INITIATE5, "Initiate" }, /* [RFC5296] */ |
210 | { EAP_FINISH6, "Finish" }, /* [RFC5296] */ |
211 | { 0, NULL((void*)0) } |
212 | }; |
213 | |
214 | /* |
215 | References: |
216 | 1) https://www.iana.org/assignments/ppp-numbers PPP EAP REQUEST/RESPONSE TYPES |
217 | 2) https://tools.ietf.org/html/draft-ietf-pppext-rfc2284bis-02 |
218 | 3) RFC2284 |
219 | 4) RFC3748 |
220 | 5) https://www.iana.org/assignments/eap-numbers EAP registry (updated 2011-02-22) |
221 | 6) https://tools.ietf.org/html/draft-bersani-eap-synthesis-sharedkeymethods-00 |
222 | */ |
223 | |
224 | static const value_string eap_type_vals[] = { |
225 | { 1, "Identity" }, |
226 | { 2, "Notification" }, |
227 | { 3, "Legacy Nak (Response Only)" }, |
228 | { 4, "MD5-Challenge EAP (EAP-MD5-CHALLENGE)" }, |
229 | { 5, "One-Time Password EAP (EAP-OTP)" }, |
230 | { 6, "Generic Token Card EAP (EAP-GTC)" }, |
231 | { 7, "Allocated" }, |
232 | { 8, "Allocated" }, |
233 | { 9, "RSA Public Key Authentication EAP (EAP-RSA-PKA)" }, |
234 | { 10, "DSS Unilateral EAP (EAP-DSS)" }, |
235 | { 11, "KEA EAP (EAP-KEA)" }, |
236 | { 12, "KEA Validate EAP (EAP-KEA-VALIDATE)" }, |
237 | { 13, "TLS EAP (EAP-TLS)" }, |
238 | { 14, "Defender Token EAP (EAP-AXENT)" }, |
239 | { 15, "RSA Security SecurID EAP (EAP-RSA-SECURID)" }, |
240 | { 16, "Arcot Systems EAP (EAP-ARCOT-SYSTEMS)" }, |
241 | { 17, "Cisco Wireless EAP / Lightweight EAP (EAP-LEAP)" }, |
242 | { 18, "GSM Subscriber Identity Modules EAP (EAP-SIM)" }, |
243 | { 19, "Secure Remote Password SHA1 Part 1 EAP (EAP-SRP-SHA1-PART1)" }, |
244 | { 20, "Secure Remote Password SHA1 Part 2 EAP (EAP-SRP-SHA1-PART2)" }, |
245 | { 21, "Tunneled TLS EAP (EAP-TTLS)" }, |
246 | { 22, "Remote Access Service EAP (EAP-RAS)" }, |
247 | { 23, "UMTS Authentication and Key Agreement EAP (EAP-AKA)" }, |
248 | { 24, "3Com Wireless EAP (EAP-3COM-WIRELESS)" }, |
249 | { 25, "Protected EAP (EAP-PEAP)" }, |
250 | { 26, "MS-Authentication EAP (EAP-MS-AUTH)" }, |
251 | { 27, "Mutual Authentication w/Key Exchange EAP (EAP-MAKE)" }, |
252 | { 28, "CRYPTOCard EAP (EAP-CRYPTOCARD)" }, |
253 | { 29, "MS-CHAP-v2 EAP (EAP-MS-CHAP-V2)" }, |
254 | { 30, "DynamID EAP (EAP-DYNAMID)" }, |
255 | { 31, "Rob EAP (EAP-ROB)" }, |
256 | { 32, "Protected One-Time Password EAP (EAP-POTP)" }, |
257 | { 33, "MS-Authentication TLV EAP (EAP-MS-AUTH-TLV)" }, |
258 | { 34, "SentriNET (EAP-SENTRINET)" }, |
259 | { 35, "Actiontec Wireless EAP (EAP-ACTIONTEC-WIRELESS)" }, |
260 | { 36, "Cogent Systems Biometrics Authentication EAP (EAP-COGENT-BIOMETRIC)" }, |
261 | { 37, "AirFortress EAP (EAP-AIRFORTRESS)" }, |
262 | { 38, "HTTP Digest EAP (EAP-HTTP-DIGEST)" }, |
263 | { 39, "SecureSuite EAP (EAP-SECURESUITE)" }, |
264 | { 40, "DeviceConnect EAP (EAP-DEVICECONNECT)" }, |
265 | { 41, "Simple Password Exponential Key Exchange EAP (EAP-SPEKE)" }, |
266 | { 42, "MOBAC EAP (EAP-MOBAC)" }, |
267 | { 43, "Flexible Authentication via Secure Tunneling EAP (EAP-FAST)" }, |
268 | { 44, "ZoneLabs EAP (EAP-ZLXEAP)" }, |
269 | { 45, "Link EAP (EAP-LINK)" }, |
270 | { 46, "Password Authenticated eXchange EAP (EAP-PAX)" }, |
271 | { 47, "Pre-Shared Key EAP (EAP-PSK)" }, |
272 | { 48, "Shared-secret Authentication and Key Establishment EAP (EAP-SAKE)" }, |
273 | { 49, "Internet Key Exchange v2 EAP (EAP-IKEv2)" }, |
274 | { 50, "UMTS Authentication and Key Agreement' EAP (EAP-AKA')" }, |
275 | { 51, "Generalized Pre-Shared Key EAP (EAP-GPSK)" }, |
276 | { 52, "Password EAP (EAP-pwd)" }, |
277 | { 53, "Encrypted Key Exchange v1 EAP (EAP-EKEv1)" }, |
278 | { 55, "Tunneled EAP protocol" }, |
279 | { 254, "Expanded Type" }, |
280 | { 255, "Experimental" }, |
281 | { 0, NULL((void*)0) } |
282 | }; |
283 | value_string_ext eap_type_vals_ext = VALUE_STRING_EXT_INIT(eap_type_vals){ _try_val_to_str_ext_init, 0, (sizeof (eap_type_vals) / sizeof ((eap_type_vals)[0]))-1, eap_type_vals, "eap_type_vals" }; |
284 | |
285 | static const value_string eap_identity_prefix_vals[] = { |
286 | { 0x00, "Encrypted IMSI" }, |
287 | { '0', "EAP-AKA Permanent" }, |
288 | { '1', "EAP-SIM Permanent" }, |
289 | { '2', "EAP-AKA Pseudonym" }, |
290 | { '3', "EAP-SIM Pseudonym" }, |
291 | { '4', "EAP-AKA Reauth ID" }, |
292 | { '5', "EAP-SIM Reauth ID" }, |
293 | { '6', "EAP-AKA Prime Permanent" }, |
294 | { '7', "EAP-AKA Prime Pseudonym" }, |
295 | { '8', "EAP-AKA Prime Reauth ID" }, |
296 | { 'C', "Conservative Peer" }, |
297 | { 'a', "Anonymous Identity" }, |
298 | { 0, NULL((void*)0) } |
299 | }; |
300 | |
301 | const value_string eap_sim_subtype_vals[] = { |
302 | { SIM_START10, "Start" }, |
303 | { SIM_CHALLENGE11, "Challenge" }, |
304 | { SIM_NOTIFICATION12, "Notification" }, |
305 | { SIM_RE_AUTHENTICATION13, "Re-authentication" }, |
306 | { SIM_CLIENT_ERROR14, "Client-Error" }, |
307 | { 0, NULL((void*)0) } |
308 | }; |
309 | |
310 | const value_string eap_aka_subtype_vals[] = { |
311 | { AKA_CHALLENGE1, "AKA-Challenge" }, |
312 | { AKA_AUTHENTICATION_REJECT2, "AKA-Authentication-Reject" }, |
313 | { AKA_SYNCHRONIZATION_FAILURE4, "AKA-Synchronization-Failure" }, |
314 | { AKA_IDENTITY5, "AKA-Identity" }, |
315 | { AKA_NOTIFICATION12, "Notification" }, |
316 | { AKA_REAUTHENTICATION13, "Re-authentication" }, |
317 | { AKA_CLIENT_ERROR14, "Client-Error" }, |
318 | { 0, NULL((void*)0) } |
319 | }; |
320 | |
321 | /* |
322 | References: |
323 | 1) http://www.iana.org/assignments/eapsimaka-numbers/eapsimaka-numbers.xml |
324 | 3) RFC4186 |
325 | 3) RFC4187 |
326 | 4) RFC5448 |
327 | 5) 3GPP TS 24.302 |
328 | 6) RFC9048 |
329 | */ |
330 | |
331 | #define AT_RAND1 1 |
332 | #define AT_AUTN2 2 |
333 | #define AT_RES3 3 |
334 | #define AT_AUTS4 4 |
335 | #define AT_NOTIFICATION12 12 |
336 | #define AT_IDENTITY14 14 |
337 | #define AT_CLIENT_ERROR_CODE22 22 |
338 | |
339 | static const value_string eap_sim_aka_attribute_vals[] = { |
340 | { 1, "AT_RAND" }, |
341 | { 2, "AT_AUTN" }, |
342 | { 3, "AT_RES" }, |
343 | { 4, "AT_AUTS" }, |
344 | { 6, "AT_PADDING" }, |
345 | { 7, "AT_NONCE_MT" }, |
346 | { 10, "AT_PERMANENT_ID_REQ" }, |
347 | { 11, "AT_MAC" }, |
348 | { 12, "AT_NOTIFICATION" }, |
349 | { 13, "AT_ANY_ID_REQ" }, |
350 | { 14, "AT_IDENTITY" }, |
351 | { 15, "AT_VERSION_LIST" }, |
352 | { 16, "AT_SELECTED_VERSION" }, |
353 | { 17, "AT_FULLAUTH_ID_REQ" }, |
354 | { 19, "AT_COUNTER" }, |
355 | { 20, "AT_COUNTER_TOO_SMALL" }, |
356 | { 21, "AT_NONCE_S" }, |
357 | { 22, "AT_CLIENT_ERROR_CODE" }, |
358 | { 23, "AT_KDF_INPUT"}, |
359 | { 24, "AT_KDF"}, |
360 | { 128, "Unassigned" }, |
361 | { 129, "AT_IV" }, |
362 | { 130, "AT_ENCR_DATA" }, |
363 | { 131, "Unassigned" }, |
364 | { 132, "AT_NEXT_PSEUDONYM" }, |
365 | { 133, "AT_NEXT_REAUTH_ID" }, |
366 | { 134, "AT_CHECKCODE" }, |
367 | { 135, "AT_RESULT_IND" }, |
368 | { 136, "AT_BIDDING" }, |
369 | { 137, "AT_IPMS_IND" }, |
370 | { 138, "AT_IPMS_RES" }, |
371 | { 139, "AT_TRUST_IND" }, |
372 | { 140, "AT_SHORT_NAME_FOR_NETWORK" }, |
373 | { 141, "AT_FULL_NAME_FOR_NETWORK" }, |
374 | { 142, "AT_RQSI_IND" }, |
375 | { 143, "AT_RQSI_RES" }, |
376 | { 144, "AT_TWAN_CONN_MODE" }, |
377 | { 145, "AT_VIRTUAL_NETWORK_ID" }, |
378 | { 146, "AT_VIRTUAL_NETWORK_REQ" }, |
379 | { 147, "AT_CONNECTIVITY_TYPE" }, |
380 | { 148, "AT_HANDOVER_INDICATION" }, |
381 | { 149, "AT_HANDOVER_SESSION_ID" }, |
382 | { 150, "AT_MN_SERIAL_ID" }, |
383 | { 151, "AT_DEVICE_IDENTITY" }, |
384 | { 0, NULL((void*)0) } |
385 | }; |
386 | static value_string_ext eap_sim_aka_attribute_vals_ext = VALUE_STRING_EXT_INIT(eap_sim_aka_attribute_vals){ _try_val_to_str_ext_init, 0, (sizeof (eap_sim_aka_attribute_vals ) / sizeof ((eap_sim_aka_attribute_vals)[0]))-1, eap_sim_aka_attribute_vals , "eap_sim_aka_attribute_vals" }; |
387 | |
388 | static const value_string eap_sim_aka_notification_vals[] = { |
389 | { 0, "General Failure after Authentication" }, |
390 | { 1026, "User has been temporarily denied access" }, |
391 | { 1031, "User has not subscribed to the requested service" }, |
392 | { 8192, "Failure to Terminate the Authentication Exchange" }, |
393 | {16384, "General Failure" }, |
394 | {32768, "Success" }, |
395 | {0, NULL((void*)0) } |
396 | }; |
397 | |
398 | static const value_string eap_sim_aka_client_error_codes[] = { |
399 | { 0, "Unable to process packet" }, |
400 | { 1, "Unsupported version" }, |
401 | { 2, "Insufficient number of challenges" }, |
402 | { 3, "RANDs are not fresh" }, |
403 | { 0, NULL((void*)0) } |
404 | }; |
405 | |
406 | const value_string eap_ms_chap_v2_opcode_vals[] = { |
407 | { MS_CHAP_V2_CHALLENGE1, "Challenge" }, |
408 | { MS_CHAP_V2_RESPONSE2, "Response" }, |
409 | { MS_CHAP_V2_SUCCESS3, "Success" }, |
410 | { MS_CHAP_V2_FAILURE4, "Failure" }, |
411 | { MS_CHAP_V2_CHANGE_PASSWORD7, "Change-Password" }, |
412 | { 0, NULL((void*)0) } |
413 | }; |
414 | |
415 | #define PAX_STD_10x01 0x01 |
416 | #define PAX_STD_20x02 0x02 |
417 | #define PAX_STD_30x03 0x03 |
418 | #define PAX_SEC_10x11 0x11 |
419 | #define PAX_SEC_20x12 0x12 |
420 | #define PAX_SEC_30x13 0x13 |
421 | #define PAX_SEC_40x14 0x14 |
422 | #define PAX_SEC_50x15 0x15 |
423 | #define PAX_ACK0x21 0x21 |
424 | |
425 | static const value_string eap_pax_opcode_vals[] = { |
426 | { PAX_STD_10x01, "STD-1" }, |
427 | { PAX_STD_20x02, "STD-2" }, |
428 | { PAX_STD_30x03, "STD-3" }, |
429 | { PAX_SEC_10x11, "SEC-1" }, |
430 | { PAX_SEC_20x12, "SEC-2" }, |
431 | { PAX_SEC_30x13, "SEC-3" }, |
432 | { PAX_SEC_40x14, "SEC-4" }, |
433 | { PAX_SEC_50x15, "SEC-5" }, |
434 | { PAX_ACK0x21, "ACK" }, |
435 | { 0, NULL((void*)0) } |
436 | }; |
437 | |
438 | #define EAP_PAX_FLAG_MF0x01 0x01 /* more fragments */ |
439 | #define EAP_PAX_FLAG_CE0x02 0x02 /* certificate enabled */ |
440 | #define EAP_PAX_FLAG_AI0x04 0x04 /* ADE included */ |
441 | #define EAP_PAX_FLAG_RESERVED0xF8 0xF8 /* reserved */ |
442 | |
443 | #define PAX_MAC_ID_HMAC_SHA1_1280x01 0x01 |
444 | #define PAX_MAC_ID_HMAC_SHA256_1280x02 0x02 |
445 | |
446 | static const value_string eap_pax_mac_id_vals[] = { |
447 | { PAX_MAC_ID_HMAC_SHA1_1280x01, "HMAC_SHA1_128" }, |
448 | { PAX_MAC_ID_HMAC_SHA256_1280x02, "HMAXĆ_SHA256_128" }, |
449 | { 0, NULL((void*)0) } |
450 | }; |
451 | |
452 | #define PAX_DH_GROUP_ID_NONE0x00 0x00 |
453 | #define PAX_DH_GROUP_ID_DH_140x01 0x01 |
454 | #define PAX_DH_GROUP_ID_DH_150x02 0x02 |
455 | #define PAX_DH_GROUP_ID_ECC_P2560x03 0x03 |
456 | |
457 | static const value_string eap_pax_dh_group_id_vals[] = { |
458 | { PAX_DH_GROUP_ID_NONE0x00, "NONE" }, |
459 | { PAX_DH_GROUP_ID_DH_140x01, "2048-bit MODP Group (IANA DH Group 14)" }, |
460 | { PAX_DH_GROUP_ID_DH_150x02, "3072-bit MODP Group (IANA DH Group 15)" }, |
461 | { PAX_DH_GROUP_ID_ECC_P2560x03, "NIST ECC Group P-256" }, |
462 | { 0, NULL((void*)0) } |
463 | }; |
464 | |
465 | #define PAX_PUBLIC_KEY_ID_NONE0x00 0x00 |
466 | #define PAX_PUBLIC_KEY_ID_RSAES_OAEP0x01 0x01 |
467 | #define PAX_PUBLIC_KEY_ID_RSA_PKCS1_V1_50x02 0x02 |
468 | #define PAX_PUBLIC_KEY_ID_EL_GAMAL_ECC_P2560x03 0x03 |
469 | |
470 | static const value_string eap_pax_public_key_id_vals[] = { |
471 | { PAX_PUBLIC_KEY_ID_NONE0x00, "NONE" }, |
472 | { PAX_PUBLIC_KEY_ID_RSAES_OAEP0x01, "RSAES-OAEP" }, |
473 | { PAX_PUBLIC_KEY_ID_RSA_PKCS1_V1_50x02, "RSA-PKCS1-V1_5" }, |
474 | { PAX_PUBLIC_KEY_ID_EL_GAMAL_ECC_P2560x03, "El-Gamal Over NIST ECC Group P-256" }, |
475 | { 0, NULL((void*)0) } |
476 | }; |
477 | |
478 | #define EAP_PSK_FLAGS_T_MASK0xC0 0xC0 |
479 | |
480 | #define SAKE_CHALLENGE1 1 |
481 | #define SAKE_CONFIRM2 2 |
482 | #define SAKE_AUTH_REJECT3 3 |
483 | #define SAKE_IDENTITY4 4 |
484 | |
485 | static const value_string eap_sake_subtype_vals[] = { |
486 | { SAKE_CHALLENGE1, "SAKE/Challenge" }, |
487 | { SAKE_CONFIRM2, "SAKE/Confirm" }, |
488 | { SAKE_AUTH_REJECT3, "SAKE/Auth-Reject" }, |
489 | { SAKE_IDENTITY4, "SAKE/Identity" }, |
490 | { 0, NULL((void*)0) } |
491 | }; |
492 | |
493 | #define SAKE_AT_RAND_S1 1 |
494 | #define SAKE_AT_RAND_P2 2 |
495 | #define SAKE_AT_MIC_S3 3 |
496 | #define SAKE_AT_MIC_P4 4 |
497 | #define SAKE_AT_SERVERID5 5 |
498 | #define SAKE_AT_PEERID6 6 |
499 | #define SAKE_AT_SPI_S7 7 |
500 | #define SAKE_AT_SPI_P8 8 |
501 | #define SAKE_AT_ANY_ID_REQ9 9 |
502 | #define SAKE_AT_PERM_ID_REQ10 10 |
503 | #define SAKE_AT_ENCR_DATA128 128 |
504 | #define SAKE_AT_IV129 129 |
505 | #define SAKE_AT_PADDING130 130 |
506 | #define SAKE_AT_NEXT_TMPID131 131 |
507 | #define SAKE_AT_MSK_LIFE132 132 |
508 | |
509 | static const value_string eap_sake_attr_type_vals[] = { |
510 | { SAKE_AT_RAND_S1, "Server Nonce RAND_S" }, |
511 | { SAKE_AT_RAND_P2, "Peer Nonce RAND_P" }, |
512 | { SAKE_AT_MIC_S3, "Server MIC" }, |
513 | { SAKE_AT_MIC_P4, "Peer MIC" }, |
514 | { SAKE_AT_SERVERID5, "Server FQDN" }, |
515 | { SAKE_AT_PEERID6, "Peer NAI (tmp, perm)" }, |
516 | { SAKE_AT_SPI_S7, "Server chosen SPI SPI_S" }, |
517 | { SAKE_AT_SPI_P8, "Peer SPI list SPI_P" }, |
518 | { SAKE_AT_ANY_ID_REQ9, "Requires any Peer Id (tmp, perm)" }, |
519 | { SAKE_AT_PERM_ID_REQ10, "Requires Peer's permanent Id/NAI" }, |
520 | { SAKE_AT_ENCR_DATA128, "Contains encrypted attributes" }, |
521 | { SAKE_AT_IV129, "IV for encrypted attributes" }, |
522 | { SAKE_AT_PADDING130, "Padding for encrypted attributes" }, |
523 | { SAKE_AT_NEXT_TMPID131, "TempID for next EAP-SAKE phase" }, |
524 | { SAKE_AT_MSK_LIFE132, "MSK Lifetime" }, |
525 | { 0, NULL((void*)0) } |
526 | }; |
527 | |
528 | #define GPSK_RESERVED0 0 |
529 | #define GPSK_GPSK_11 1 |
530 | #define GPSK_GPSK_22 2 |
531 | #define GPSK_GPSK_33 3 |
532 | #define GPSK_GPSK_44 4 |
533 | #define GPSK_FAIL5 5 |
534 | #define GPSK_PROTECTED_FAIL6 6 |
535 | |
536 | static const value_string eap_gpsk_opcode_vals[] = { |
537 | { GPSK_RESERVED0, "Reserved" }, |
538 | { GPSK_GPSK_11, "GPSK-1" }, |
539 | { GPSK_GPSK_22, "GPSK-2" }, |
540 | { GPSK_GPSK_33, "GPSK-3" }, |
541 | { GPSK_GPSK_44, "GPSK-4" }, |
542 | { GPSK_FAIL5, "Fail" }, |
543 | { GPSK_PROTECTED_FAIL6, "Protected Fail" }, |
544 | { 0, NULL((void*)0) } |
545 | }; |
546 | |
547 | static const value_string eap_gpsk_failure_code_vals[] = { |
548 | { 0x00000000, "Reserved" }, |
549 | { 0x00000001, "PSK Not Found" }, |
550 | { 0x00000002, "Authentication Failure" }, |
551 | { 0x00000003, "Authorization Failure" }, |
552 | { 0, NULL((void*)0) } |
553 | }; |
554 | |
555 | #define MSAUTH_TLV_MANDATORY0x8000 0x8000 |
556 | #define MSAUTH_TLV_RESERVED0x4000 0x4000 |
557 | #define MSAUTH_TLV_TYPE0x3FFF 0x3FFF |
558 | |
559 | #define MSAUTH_TLV_TYPE_EXTENSION_UNASSIGNED0 0 |
560 | #define MSAUTH_TLV_TYPE_EXTENSION_RESULT3 3 |
561 | #define MSAUTH_TLV_TYPE_EXTENSION_CRYPTOBINDING12 12 |
562 | |
563 | #define MSAUTH_TLV_TYPE_EXPANDED_SOH33 33 |
564 | |
565 | static const value_string eap_msauth_tlv_type_vals[] = { |
566 | { MSAUTH_TLV_TYPE_EXTENSION_UNASSIGNED0, "Unassigned" }, |
567 | { MSAUTH_TLV_TYPE_EXTENSION_RESULT3, "Result" }, |
568 | { MSAUTH_TLV_TYPE_EXTENSION_CRYPTOBINDING12, "Cryptobinding" }, |
569 | { 0, NULL((void*)0) } |
570 | }; |
571 | |
572 | static const value_string eap_msauth_tlv_status_vals[] = { |
573 | { 1, "Success" }, |
574 | { 2, "Failure" }, |
575 | { 0, NULL((void*)0) } |
576 | }; |
577 | |
578 | static const value_string eap_msauth_tlv_crypto_subtype_vals[] = { |
579 | { 0, "Binding Request" }, |
580 | { 1, "Binding Response" }, |
581 | { 0, NULL((void*)0) } |
582 | }; |
583 | |
584 | /* |
585 | * State information for EAP-TLS (RFC2716) and Lightweight EAP: |
586 | * |
587 | * http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |
588 | * |
589 | * Attach to all conversations: |
590 | * |
591 | * a sequence number to be handed to "fragment_add_seq()" as |
592 | * the fragment sequence number - if it's -1, no reassembly |
593 | * is in progress, but if it's not, it's the sequence number |
594 | * to use for the current fragment; |
595 | * |
596 | * a value to be handed to "fragment_add_seq()" as the |
597 | * reassembly ID - when a reassembly is started, it's set to |
598 | * the frame number of the current frame, i.e. the frame |
599 | * that starts the reassembly; |
600 | * |
601 | * an indication of the current state of LEAP negotiation, |
602 | * with -1 meaning no LEAP negotiation is in progress. |
603 | * |
604 | * Attach to frames containing fragments of EAP-TLS messages the |
605 | * reassembly ID for those fragments, so we can find the reassembled |
606 | * data after the first pass through the packets. |
607 | * |
608 | * Attach to LEAP frames the state of the LEAP negotiation when the |
609 | * frame was processed, so we can properly dissect |
610 | * the LEAP message after the first pass through the packets. |
611 | * |
612 | * Attach to all conversations both pieces of information, to keep |
613 | * track of EAP-TLS reassembly and the LEAP state machine. |
614 | */ |
615 | |
616 | typedef struct { |
617 | int eap_tls_seq; |
618 | uint32_t eap_reass_cookie; |
619 | int leap_state; |
620 | int16_t last_eap_id_req; /* Last ID of the request from the authenticator. */ |
621 | int16_t last_eap_id_resp; /* Last ID of the response from the peer. */ |
622 | } conv_state_t; |
623 | |
624 | typedef struct { |
625 | int info; /* interpretation depends on EAP message type */ |
626 | } frame_state_t; |
627 | |
628 | /* |
629 | from RFC5216, pg 21 |
630 | |
631 | Flags |
632 | |
633 | 0 1 2 3 4 5 6 7 8 |
634 | +-+-+-+-+-+-+-+-+ |
635 | |L M S R R R R R| TLS (RFC5216) |
636 | +-+-+-+-+-+-+-+-+ |
637 | |L M S R R| V | TTLS (RFC5281) and FAST (RFC4851) |
638 | +-+-+-+-+-+-+-+-+ |
639 | |L M S O R| V | TEAP (RFC7170) |
640 | +-+-+-+-+-+-+-+-+ |
641 | |L M S R R R| V | PEAPv0 (draft-kamath-pppext-peapv0) |
642 | +-+-+-+-+-+-+-+-+ |
643 | |L M S R R| V | PEAPv1 (draft-josefsson-pppext-eap-tls-eap-06) and PEAPv2 (draft-josefsson-pppext-eap-tls-eap-10) |
644 | +-+-+-+-+-+-+-+-+ |
645 | |
646 | L = Length included |
647 | M = More fragments |
648 | S = EAP-TLS start |
649 | O = Outer TLV length included (TEAP only) |
650 | R = Reserved |
651 | V = TTLS/FAST/TEAP/PEAP version (Reserved for TLS) |
652 | */ |
653 | |
654 | #define EAP_TLS_FLAG_L0x80 0x80 /* Length included */ |
655 | #define EAP_TLS_FLAG_M0x40 0x40 /* More fragments */ |
656 | #define EAP_TLS_FLAG_S0x20 0x20 /* EAP-TLS start */ |
657 | #define EAP_TLS_FLAG_O0x10 0x10 /* Outer TLV length included */ |
658 | |
659 | #define EAP_TLS_FLAGS_VERSION0x07 0x07 /* Version mask */ |
660 | |
661 | /* |
662 | * reassembly of EAP-TLS |
663 | */ |
664 | static reassembly_table eap_tls_reassembly_table; |
665 | |
666 | static int hf_eap_tls_flags; |
667 | static int hf_eap_tls_flag_l; |
668 | static int hf_eap_tls_flag_m; |
669 | static int hf_eap_tls_flag_s; |
670 | static int hf_eap_tls_flag_o; |
671 | static int hf_eap_tls_flags_version; |
672 | static int hf_eap_tls_len; |
673 | static int hf_eap_tls_outer_tlvs_len; |
674 | static int hf_eap_tls_fragment; |
675 | static int hf_eap_tls_fragments; |
676 | static int hf_eap_tls_fragment_overlap; |
677 | static int hf_eap_tls_fragment_overlap_conflict; |
678 | static int hf_eap_tls_fragment_multiple_tails; |
679 | static int hf_eap_tls_fragment_too_long_fragment; |
680 | static int hf_eap_tls_fragment_error; |
681 | static int hf_eap_tls_fragment_count; |
682 | static int hf_eap_tls_reassembled_in; |
683 | static int hf_eap_tls_reassembled_length; |
684 | static int hf_eap_fast_type; |
685 | static int hf_eap_fast_length; |
686 | static int hf_eap_fast_aidd; |
687 | static int ett_eap_tls_fragment; |
688 | static int ett_eap_tls_fragments; |
689 | static int ett_eap_sim_attr; |
690 | static int ett_eap_aka_attr; |
691 | static int ett_eap_exp_attr; |
692 | static int ett_eap_tls_flags; |
693 | static int ett_identity; |
694 | static int ett_eap_ikev2_flags; |
695 | |
696 | static const fragment_items eap_tls_frag_items = { |
697 | &ett_eap_tls_fragment, |
698 | &ett_eap_tls_fragments, |
699 | &hf_eap_tls_fragments, |
700 | &hf_eap_tls_fragment, |
701 | &hf_eap_tls_fragment_overlap, |
702 | &hf_eap_tls_fragment_overlap_conflict, |
703 | &hf_eap_tls_fragment_multiple_tails, |
704 | &hf_eap_tls_fragment_too_long_fragment, |
705 | &hf_eap_tls_fragment_error, |
706 | &hf_eap_tls_fragment_count, |
707 | &hf_eap_tls_reassembled_in, |
708 | &hf_eap_tls_reassembled_length, |
709 | /* Reassembled data field */ |
710 | NULL((void*)0), |
711 | "fragments" |
712 | }; |
713 | |
714 | |
715 | /* |
716 | * EAP-IKE2, RFC5106 |
717 | */ |
718 | |
719 | /* |
720 | RFC5106, 8.1, page 17 |
721 | |
722 | 0 1 2 3 4 5 6 7 |
723 | +-+-+-+-+-+-+-+-+ |
724 | |L M I 0 0 0 0 0| |
725 | +-+-+-+-+-+-+-+-+ |
726 | |
727 | L = Length included |
728 | M = More fragments |
729 | I = Integrity Checksum Data included |
730 | */ |
731 | #define EAP_IKEV2_FLAG_L0x80 0x80 /* Length included */ |
732 | #define EAP_IKEV2_FLAG_M0x40 0x40 /* More fragments */ |
733 | #define EAP_IKEV2_FLAG_I0x20 0x20 /* Integrity checksum data included */ |
734 | |
735 | static int hf_eap_ikev2_flags; |
736 | static int hf_eap_ikev2_flag_l; |
737 | static int hf_eap_ikev2_flag_m; |
738 | static int hf_eap_ikev2_flag_i; |
739 | static int hf_eap_ikev2_len; |
740 | static int hf_eap_ikev2_int_chk_data; |
741 | |
742 | /********************************************************************** |
743 | Support for EAP Expanded Type. |
744 | |
745 | Currently this is limited to WifiProtectedSetup. Maybe we need |
746 | a generic method to support EAP extended types ? |
747 | *********************************************************************/ |
748 | static int hf_eap_ext_vendor_id; |
749 | static int hf_eap_ext_vendor_type; |
750 | |
751 | static const value_string eap_ext_vendor_id_vals[] = { |
752 | { WFA_VENDOR_ID0x00372A, "WFA" }, |
753 | { 0, NULL((void*)0) } |
754 | }; |
755 | |
756 | static const value_string eap_ext_vendor_type_vals[] = { |
757 | { WFA_SIMPLECONFIG_TYPE0x1, "SimpleConfig" }, |
758 | { 0, NULL((void*)0) } |
759 | }; |
760 | |
761 | static void |
762 | dissect_exteap(proto_tree *eap_tree, tvbuff_t *tvb, int offset, |
763 | int size _U___attribute__((unused)), packet_info* pinfo, uint8_t eap_code, uint8_t eap_identifier) |
764 | { |
765 | tvbuff_t *next_tvb; |
766 | uint32_t vendor_id; |
767 | uint32_t vendor_type; |
768 | eap_vendor_context *vendor_context; |
769 | |
770 | vendor_context = wmem_new(pinfo->pool, eap_vendor_context)((eap_vendor_context*)wmem_alloc((pinfo->pool), sizeof(eap_vendor_context ))); |
771 | |
772 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_ext_vendor_id, tvb, offset, 3, ENC_BIG_ENDIAN0x00000000, &vendor_id); |
773 | offset += 3; |
774 | |
775 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_ext_vendor_type, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &vendor_type); |
776 | offset += 4; |
777 | |
778 | vendor_context->eap_code = eap_code; |
779 | vendor_context->eap_identifier = eap_identifier; |
780 | vendor_context->vendor_id = vendor_id; |
781 | vendor_context->vendor_type = vendor_type; |
782 | |
783 | next_tvb = tvb_new_subset_remaining(tvb, offset); |
784 | if (!dissector_try_uint_with_data(eap_expanded_type_dissector_table, |
785 | vendor_id, next_tvb, pinfo, eap_tree, |
786 | false0, vendor_context)) { |
787 | call_data_dissector(next_tvb, pinfo, eap_tree); |
788 | } |
789 | } |
790 | /* ********************************************************************* |
791 | ********************************************************************* */ |
792 | |
793 | static void |
794 | dissect_eap_mschapv2(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo, int offset, |
795 | int size) |
796 | { |
797 | proto_item *item; |
798 | int left = size; |
799 | int ms_len; |
800 | uint8_t value_size; |
801 | uint8_t opcode; |
802 | |
803 | /* OpCode (1 byte), MS-CHAPv2-ID (1 byte), MS-Length (2 bytes), Data */ |
804 | opcode = tvb_get_uint8(tvb, offset); |
805 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_opcode, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
806 | offset += 1; |
807 | left -= 1; |
808 | if (left <= 0) |
809 | return; |
810 | |
811 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_id, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
812 | offset += 1; |
813 | left -= 1; |
814 | if (left <= 0) |
815 | return; |
816 | |
817 | item = proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
818 | ms_len = tvb_get_ntohs(tvb, offset); |
819 | if (ms_len != size) |
820 | expert_add_info(pinfo, item, &ei_eap_ms_chap_v2_length); |
821 | offset += 2; |
822 | left -= 2; |
823 | |
824 | switch (opcode) { |
825 | case MS_CHAP_V2_CHALLENGE1: |
826 | if (left <= 0) |
827 | break; |
828 | value_size = tvb_get_uint8(tvb, offset); |
829 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_value_size, |
830 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
831 | offset += 1; |
832 | left -= 1; |
833 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_challenge, |
834 | tvb, offset, value_size, ENC_NA0x00000000); |
835 | offset += value_size; |
836 | left -= value_size; |
837 | if (left <= 0) |
838 | break; |
839 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_name, |
840 | tvb, offset, left, ENC_ASCII0x00000000); |
841 | break; |
842 | case MS_CHAP_V2_RESPONSE2: |
843 | if (left <= 0) |
844 | break; |
845 | value_size = tvb_get_uint8(tvb, offset); |
846 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_value_size, |
847 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
848 | offset += 1; |
849 | left -= 1; |
850 | if (value_size == 49) { |
851 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_peer_challenge, |
852 | tvb, offset, 16, ENC_NA0x00000000); |
853 | offset += 16; |
854 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_reserved, |
855 | tvb, offset, 8, ENC_NA0x00000000); |
856 | offset += 8; |
857 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_nt_response, |
858 | tvb, offset, 24, ENC_NA0x00000000); |
859 | offset += 24; |
860 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_flags, |
861 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
862 | offset += 1; |
863 | left -= value_size; |
864 | } else { |
865 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_response, tvb, offset, value_size, ENC_NA0x00000000); |
866 | offset += value_size; |
867 | left -= value_size; |
868 | } |
869 | if (left <= 0) |
870 | break; |
871 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_name, tvb, offset, left, ENC_ASCII0x00000000); |
872 | break; |
873 | case MS_CHAP_V2_SUCCESS3: |
874 | if (left <= 0) |
875 | break; |
876 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_message, |
877 | tvb, offset, left, ENC_ASCII0x00000000); |
878 | break; |
879 | case MS_CHAP_V2_FAILURE4: |
880 | if (left <= 0) |
881 | break; |
882 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_failure_request, |
883 | tvb, offset, left, ENC_ASCII0x00000000); |
884 | break; |
885 | default: |
886 | proto_tree_add_item(eap_tree, hf_eap_ms_chap_v2_data, tvb, offset, left, ENC_NA0x00000000); |
887 | break; |
888 | } |
889 | } |
890 | |
891 | static bool_Bool |
892 | realm_is_3gpp(char** realm_tokens, unsigned *nrealm_tokensp) |
893 | { |
894 | unsigned nrealm_tokens = g_strv_length(realm_tokens); |
895 | if (nrealm_tokensp) { |
896 | *nrealm_tokensp = nrealm_tokens; |
897 | } |
898 | |
899 | if (nrealm_tokens < 5 || |
900 | g_ascii_strncasecmp(realm_tokens[nrealm_tokens - 4], "mnc", 3) || |
901 | g_ascii_strncasecmp(realm_tokens[nrealm_tokens - 3], "mcc", 3) || |
902 | g_ascii_strncasecmp(realm_tokens[nrealm_tokens - 2], "3gppnetwork", 11) || |
903 | g_ascii_strncasecmp(realm_tokens[nrealm_tokens - 1], "org", 3)) { |
904 | return false0; |
905 | } |
906 | return true1; |
907 | } |
908 | |
909 | /* Dissect the 3GPP identity */ |
910 | bool_Bool |
911 | dissect_eap_identity_3gpp(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, int offset, int size) |
912 | { |
913 | unsigned mnc = 0; |
914 | unsigned mcc = 0; |
915 | unsigned mcc_mnc = 0; |
916 | proto_tree* eap_identity_tree = NULL((void*)0); |
917 | uint32_t eap_identity_prefix = 0; |
918 | uint8_t* identity = NULL((void*)0); |
919 | char** tokens = NULL((void*)0); |
920 | char** realm_tokens = NULL((void*)0); |
921 | unsigned ntokens = 0; |
922 | unsigned nrealm_tokens = 0; |
923 | const char* mnc_token; |
924 | const char* mcc_token; |
925 | bool_Bool ret = false0; |
926 | int hf_eap_identity_mcc_mnc; |
927 | proto_item* item; |
928 | |
929 | /* See 3GPP TS 23.003, 3GPP TS 29.273, and RFCs 4186, 4187, 5247, 9048. |
930 | * |
931 | * XXX - The possible use of "Decorated NAIs" (prepending a string for |
932 | * source routing as described in RFC 4282 Section 2.7) is not handled |
933 | * here. We would need to process '!' as a delimiter in the username. |
934 | */ |
935 | |
936 | /* Check for Encrypted IMSI - NULL prefix byte */ |
937 | if (tvb_get_uint8(tvb, offset) == 0x00) { |
938 | /* Check if the identity string complies with ASCII character set. Encrypted IMSI |
939 | * identities use Base64 encoding and should therefore be ASCII-compliant. |
940 | */ |
941 | if (size < 2 || tvb_ascii_isprint(tvb, offset + 1, size - 1) == false0) { |
942 | goto end; |
943 | } |
944 | identity = tvb_get_string_enc(pinfo->pool, tvb, offset + 1, size - 1, ENC_ASCII0x00000000); |
945 | /* Encrypted IMSIs must be delimited twice: |
946 | * (1) Once to tokenize the 3GPP realm from the Certificate Serial Number |
947 | * using the ',' character |
948 | * (2) Once to tokenize the 3GPP realm using the '@' character |
949 | */ |
950 | tokens = g_strsplit_set(identity, ",", -1); |
951 | |
952 | ntokens = g_strv_length(tokens); |
953 | if (ntokens < 2 || g_ascii_strncasecmp(tokens[1], "CertificateSerialNumber=", strlen("CertificateSerialNumber="))) { |
954 | goto end; |
955 | } |
956 | |
957 | /* The Realm is optional in the Encrypted IMSI format, apparently. |
958 | * So add the prefix, identity, and cert before checking for the realm. |
959 | * Consider the dissection successful and return true from this point. |
960 | */ |
961 | ret = true1; |
962 | |
963 | /* Skip the null byte when adding the full identity to avoid an expert info. |
964 | * (Does escaping it make sense?) |
965 | */ |
966 | item = proto_tree_add_item(tree, hf_eap_identity_full, tvb, offset + 1, size - 1, ENC_ASCII0x00000000); |
967 | eap_identity_tree = proto_item_add_subtree(item, ett_identity); |
968 | proto_tree_add_item_ret_uint(eap_identity_tree, hf_eap_identity_prefix, tvb, offset, 1, ENC_NA0x00000000, &eap_identity_prefix); |
969 | item = proto_tree_add_string(eap_identity_tree, hf_eap_identity_type, |
Value stored to 'item' is never read | |
970 | tvb, offset, 1, val_to_str_const(eap_identity_prefix, eap_identity_prefix_vals, "Unknown")); |
971 | offset += 1; |
972 | size -= 1; |
973 | |
974 | #if 0 |
975 | /* XXX - Would adding the Base64 decoded (but still encrypted) IMSI |
976 | * be of any use? |
977 | */ |
978 | tvbuff_t *decoded_tvb = base64_to_tvb(tvb, tokens[0]); |
979 | if (tvb_reported_length(decoded_tvb)) { |
980 | add_new_data_source(pinfo, decoded_tvb, "Encrypted IMSI"); |
981 | } |
982 | #endif |
983 | |
984 | /* We have already checked above that the identity was valid ASCII so |
985 | * offsets in the tokens are the same as in the TVB. */ |
986 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset, (int)strlen(tokens[0]), ENC_ASCII0x00000000); |
987 | offset += (int)(strlen(tokens[0]) + 1 + strlen("CertificateSerialNumber=")); |
988 | const char* cert = tokens[1] + strlen("CertificateSerialNumber="); |
989 | |
990 | /* Add Certificate Serial Number to the tree */ |
991 | proto_tree_add_item(eap_identity_tree, hf_eap_identity_certificate_sn, tvb, |
992 | offset, (int)strlen(cert), ENC_ASCII0x00000000); |
993 | |
994 | /* Check for the optional NAI Realm string */ |
995 | if (ntokens != 3 || g_ascii_strncasecmp(tokens[2], "Realm=", 6)) { |
996 | goto end; |
997 | } |
998 | |
999 | const char* realm = strchr(tokens[2], '@'); |
1000 | if (!realm) { |
1001 | goto end; |
1002 | } |
1003 | |
1004 | realm += 1; |
1005 | realm_tokens = g_strsplit_set(realm, ".", -1); |
1006 | |
1007 | /* Check for a realm of the form |
1008 | .mnc<mnc>.mcc<mcc>.3gppnetwork.org |
1009 | */ |
1010 | if (!realm_is_3gpp(realm_tokens, &nrealm_tokens)) { |
1011 | goto end; |
1012 | } |
1013 | } else { |
1014 | /* Check if identity string complies with ASCII character set */ |
1015 | if (tvb_ascii_isprint(tvb, offset, size) == false0) { |
1016 | goto end; |
1017 | } |
1018 | /* All other identities may be delimited with the '@' character */ |
1019 | identity = tvb_get_string_enc(pinfo->pool, tvb, offset, size, ENC_ASCII0x00000000); |
1020 | tokens = g_strsplit_set(identity, "@", -1); |
1021 | |
1022 | ntokens = g_strv_length(tokens); |
1023 | /* tokens[0] is the identity, tokens[1] is the NAI Realm */ |
1024 | if (ntokens != 2) { |
1025 | goto end; |
1026 | } |
1027 | |
1028 | /* Check for valid EAP Identity strings based on tokens and 3GPP-format */ |
1029 | realm_tokens = g_strsplit_set(tokens[1], ".", -1); |
1030 | |
1031 | /* The identity must have the form of |
1032 | <username>@...mnc<mnc>.mcc<mcc>.3gppnetwork.org |
1033 | If not, we don't have a 3GPP identity. |
1034 | */ |
1035 | if (!realm_is_3gpp(realm_tokens, &nrealm_tokens)) { |
1036 | goto end; |
1037 | } |
1038 | |
1039 | const char* label = realm_tokens[nrealm_tokens - 5]; |
1040 | |
1041 | /* We have a 3GPP realm. Add the full identity, and a tree to add the |
1042 | * MNC and MCC below. |
1043 | */ |
1044 | ret = true1; |
1045 | item = proto_tree_add_item(tree, hf_eap_identity_full, tvb, offset, size, ENC_ASCII0x00000000); |
1046 | eap_identity_tree = proto_item_add_subtree(item, ett_identity); |
1047 | |
1048 | if ((g_ascii_strncasecmp(label, "wlan", 4) == 0) || |
1049 | (g_ascii_strncasecmp(label, "epc", 3) == 0) || |
1050 | (g_ascii_strncasecmp(label, "gan", 3) == 0)) { |
1051 | |
1052 | /* It is very likely that we have an identity (EAP-AKA/EAP-SIM) using |
1053 | * a single-character prefix. (XXX - Perhaps not all of these should |
1054 | * be treated as prefixes. GAN might not use the prefix for fast |
1055 | * re-authentication.) */ |
1056 | proto_tree_add_item_ret_uint(eap_identity_tree, hf_eap_identity_prefix, tvb, offset, 1, ENC_NA0x00000000, &eap_identity_prefix); |
1057 | item = proto_tree_add_string(eap_identity_tree, hf_eap_identity_type, |
1058 | tvb, offset, 1, val_to_str_const(eap_identity_prefix, eap_identity_prefix_vals, "Unknown")); |
1059 | |
1060 | switch(eap_identity_prefix) { |
1061 | case '0': /* EAP-AKA Permanent */ |
1062 | case '1': /* EAP-SIM Permanent */ |
1063 | case '6': /* EAP-AKA' Permanent */ |
1064 | dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (unsigned)strlen(tokens[0]) - 1); |
1065 | break; |
1066 | case '2': /* EAP-AKA Pseudonym */ |
1067 | case '3': /* EAP-SIM Pseudonym */ |
1068 | case '7': /* EAP-AKA' Pseudonym */ |
1069 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset + 1, (unsigned)strlen(tokens[0]) - 1, ENC_ASCII0x00000000); |
1070 | break; |
1071 | case '4': /* EAP-AKA Reauth ID */ |
1072 | case '5': /* EAP-SIM Reauth ID */ |
1073 | case '8': /* EAP-AKA' Reauth ID */ |
1074 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset + 1, (unsigned)strlen(tokens[0]) - 1, ENC_ASCII0x00000000); |
1075 | break; |
1076 | case 'C': /* Conservative Peer */ |
1077 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset + 1, (unsigned)strlen(tokens[0]) - 1, ENC_ASCII0x00000000); |
1078 | break; |
1079 | case 'a': /* Anonymous User */ |
1080 | /* This is not really a prefix, just a username "anonymous" */ |
1081 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset, (unsigned)strlen(tokens[0]), ENC_ASCII0x00000000); |
1082 | break; |
1083 | case 'G': /* TODO: 'G' Unknown */ |
1084 | case 'I': /* TODO: 'I' Unknown */ |
1085 | default: |
1086 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset + 1, (unsigned)strlen(tokens[0]) - 1, ENC_ASCII0x00000000); |
1087 | expert_add_info(pinfo, item, &ei_eap_identity_invalid); |
1088 | } |
1089 | } else { |
1090 | /* It's a 3GPP realm, but probably not using a prefix, e.g. in 5G. */ |
1091 | proto_tree_add_item(eap_identity_tree, hf_eap_identity, tvb, offset, (int)strlen(tokens[0]), ENC_ASCII0x00000000); |
1092 | } |
1093 | } |
1094 | |
1095 | /* EAP identities do not always equate to IMSIs. We should |
1096 | * still add the MCC and MNC values if present. */ |
1097 | mnc_token = realm_tokens[nrealm_tokens - 4]; |
1098 | mcc_token = realm_tokens[nrealm_tokens - 3]; |
1099 | if (!ws_strtou(mnc_token + 3, NULL((void*)0), &mnc) || !ws_strtou(mcc_token + 3, NULL((void*)0), &mcc)) { |
1100 | goto end; |
1101 | } |
1102 | |
1103 | if (!try_val_to_str_ext(mcc * 100 + mnc, &mcc_mnc_2digits_codes_ext)) { |
1104 | /* May have |
1105 | * (1) an invalid 2-digit MNC so it won't resolve, |
1106 | * (2) an invalid 3-digit MNC so it won't resolve, or |
1107 | * (3) a valid 3-digit MNC. |
1108 | * For all cases we treat as 3-digit MNC and continue. */ |
1109 | mcc_mnc = 1000 * mcc + mnc; |
1110 | hf_eap_identity_mcc_mnc = hf_eap_identity_mcc_mnc_3digits; |
1111 | } else { |
1112 | /* We got a 2-digit MNC match */ |
1113 | mcc_mnc = 100 * mcc + mnc; |
1114 | hf_eap_identity_mcc_mnc = hf_eap_identity_mcc_mnc_2digits; |
1115 | } |
1116 | |
1117 | offset = tvb_find_uint8(tvb, offset, size, '@'); |
1118 | if (offset != -1) { |
1119 | /* Should always be true. */ |
1120 | offset += 1; |
1121 | for (int i = 0; realm_tokens[i] != mnc_token; ++i) { |
1122 | offset += (int)(strlen(realm_tokens[i])) + 1; |
1123 | } |
1124 | /* XXX - This presentation order is the opposite of the "usual" one. |
1125 | * Move the MCC item above after adding? (#16538) |
1126 | */ |
1127 | /* Add MNC to tree */ |
1128 | proto_tree_add_uint(eap_identity_tree, hf_eap_identity_mcc_mnc, tvb, |
1129 | offset + (int)strlen("mnc"), (int)strlen(mnc_token) - (int)strlen("mnc"), mcc_mnc); |
1130 | offset += (int)strlen(mnc_token) + 1; |
1131 | /* Add MCC to tree */ |
1132 | proto_tree_add_uint(eap_identity_tree, hf_eap_identity_mcc, tvb, |
1133 | offset + (int)strlen("mcc"), (int)strlen(mcc_token) - (int)strlen("mcc"), mcc); |
1134 | } |
1135 | |
1136 | end: |
1137 | g_strfreev(tokens); |
1138 | g_strfreev(realm_tokens); |
1139 | |
1140 | return ret; |
1141 | } |
1142 | |
1143 | static void |
1144 | dissect_eap_identity(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, int offset, int size) |
1145 | { |
1146 | proto_item *item; |
1147 | /* |
1148 | * Try to dissect as a 3GPP identity. |
1149 | * |
1150 | * XXX - what other types of identity are there? |
1151 | */ |
1152 | if (!dissect_eap_identity_3gpp(tvb, pinfo, tree, offset, size)) { |
1153 | item = proto_tree_add_item(tree, hf_eap_identity, tvb, offset, size, ENC_ASCII0x00000000); |
1154 | /* XXX - RFC 7542 revises earlier standards by allowing UTF-8 in the |
1155 | * NAI (username and realm); if this happens in EAP, remove the expert info. */ |
1156 | if (tvb_ascii_isprint(tvb, offset, size) == false0) { |
1157 | expert_add_info(pinfo, item, &ei_eap_identity_nonascii); |
1158 | } |
1159 | } |
1160 | } |
1161 | |
1162 | static void |
1163 | dissect_eap_sim(proto_tree *eap_tree, tvbuff_t *tvb, packet_info* pinfo, int offset, int size) |
1164 | { |
1165 | int left = size; |
1166 | |
1167 | proto_tree_add_item(eap_tree, hf_eap_sim_subtype, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1168 | |
1169 | offset += 1; |
1170 | left -= 1; |
1171 | |
1172 | if (left < 2) |
1173 | return; |
1174 | proto_tree_add_item(eap_tree, hf_eap_sim_reserved, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1175 | offset += 2; |
1176 | left -= 2; |
1177 | |
1178 | /* Rest of EAP-SIM data is in Type-Len-Value format. */ |
1179 | while (left >= 2) { |
1180 | uint8_t type, length; |
1181 | int padding; |
1182 | proto_item *pi; |
1183 | proto_tree *attr_tree; |
1184 | int aoffset; |
1185 | int aleft; |
1186 | |
1187 | aoffset = offset; |
1188 | type = tvb_get_uint8(tvb, aoffset); |
1189 | length = tvb_get_uint8(tvb, aoffset + 1); |
1190 | aleft = 4 * length; |
1191 | |
1192 | pi = proto_tree_add_none_format(eap_tree, hf_eap_sim_subtype_attribute, tvb, |
1193 | aoffset, aleft, "EAP-SIM Attribute: %s (%d)", |
1194 | val_to_str_ext_const(type, |
1195 | &eap_sim_aka_attribute_vals_ext, |
1196 | "Unknown"), |
1197 | type); |
1198 | attr_tree = proto_item_add_subtree(pi, ett_eap_sim_attr); |
1199 | proto_tree_add_uint(attr_tree, hf_eap_sim_subtype_type, tvb, aoffset, 1, type); |
1200 | aoffset += 1; |
1201 | aleft -= 1; |
1202 | |
1203 | if (aleft <= 0) |
1204 | break; |
1205 | proto_tree_add_item(attr_tree, hf_eap_sim_subtype_length, tvb, aoffset, 1, ENC_BIG_ENDIAN0x00000000); |
1206 | aoffset += 1; |
1207 | aleft -= 1; |
1208 | |
1209 | switch(type){ |
1210 | case AT_IDENTITY14: |
1211 | proto_tree_add_item(attr_tree, hf_eap_identity_actual_len, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1212 | dissect_eap_identity(tvb, pinfo, attr_tree, aoffset + 2, tvb_get_ntohs(tvb, aoffset)); |
1213 | /* If we have a disparity between the EAP-SIM length (minus the |
1214 | * first 4 bytes of header fields) * 4 and the Identity Actual |
1215 | * Length then it's padding and we need to adjust for that |
1216 | * accurately before looking at the next EAP-SIM attribute. */ |
1217 | padding = ((length - 1) * 4) - tvb_get_ntohs(tvb, aoffset); |
1218 | if (padding != 0) { |
1219 | proto_tree_add_item(attr_tree, hf_eap_identity_padding, tvb, |
1220 | aoffset + 2 + tvb_get_ntohs(tvb, aoffset), padding, ENC_NA0x00000000); |
1221 | } |
1222 | break; |
1223 | case AT_NOTIFICATION12: |
1224 | proto_tree_add_item(attr_tree, hf_eap_sim_notification_type, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1225 | break; |
1226 | case AT_CLIENT_ERROR_CODE22: |
1227 | proto_tree_add_item(attr_tree, hf_eap_sim_error_code_type, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1228 | break; |
1229 | default: |
1230 | proto_tree_add_item(attr_tree, hf_eap_sim_subtype_value, tvb, aoffset, aleft, ENC_NA0x00000000); |
1231 | } |
1232 | |
1233 | offset += 4 * length; |
1234 | left -= 4 * length; |
1235 | } |
1236 | } |
1237 | |
1238 | static void |
1239 | dissect_eap_aka(proto_tree *eap_tree, tvbuff_t *tvb, packet_info* pinfo, int offset, int size) |
1240 | { |
1241 | int left = size; |
1242 | |
1243 | proto_tree_add_item(eap_tree, hf_eap_aka_subtype, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1244 | |
1245 | offset += 1; |
1246 | left -= 1; |
1247 | |
1248 | if (left < 2) |
1249 | return; |
1250 | proto_tree_add_item(eap_tree, hf_eap_aka_reserved, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1251 | offset += 2; |
1252 | left -= 2; |
1253 | |
1254 | /* Rest of EAP-AKA data is in Type-Len-Value format. */ |
1255 | while (left >= 2) { |
1256 | uint8_t type, length; |
1257 | uint32_t actual_length; |
1258 | int padding; |
1259 | proto_item *pi; |
1260 | proto_tree *attr_tree; |
1261 | int aoffset; |
1262 | int aleft; |
1263 | |
1264 | aoffset = offset; |
1265 | type = tvb_get_uint8(tvb, aoffset); |
1266 | length = tvb_get_uint8(tvb, aoffset + 1); |
1267 | aleft = 4 * length; |
1268 | |
1269 | pi = proto_tree_add_none_format(eap_tree, hf_eap_aka_subtype_attribute, tvb, |
1270 | aoffset, aleft, "EAP-AKA Attribute: %s (%d)", |
1271 | val_to_str_ext_const(type, |
1272 | &eap_sim_aka_attribute_vals_ext, |
1273 | "Unknown"), |
1274 | type); |
1275 | attr_tree = proto_item_add_subtree(pi, ett_eap_aka_attr); |
1276 | proto_tree_add_uint(attr_tree, hf_eap_aka_subtype_type, tvb, aoffset, 1, type); |
1277 | aoffset += 1; |
1278 | aleft -= 1; |
1279 | |
1280 | if (aleft <= 0) |
1281 | break; |
1282 | proto_tree_add_item(attr_tree, hf_eap_aka_subtype_length, tvb, aoffset, 1, ENC_BIG_ENDIAN0x00000000); |
1283 | aoffset += 1; |
1284 | aleft -= 1; |
1285 | |
1286 | switch(type){ |
1287 | case AT_RAND1: |
1288 | proto_tree_add_item(attr_tree, hf_eap_aka_reserved, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1289 | aoffset += 2; |
1290 | aleft -= 2; |
1291 | proto_tree_add_item(attr_tree, hf_eap_aka_rand, tvb, aoffset, aleft, ENC_NA0x00000000); |
1292 | break; |
1293 | case AT_AUTN2: |
1294 | proto_tree_add_item(attr_tree, hf_eap_aka_reserved, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1295 | aoffset += 2; |
1296 | aleft -= 2; |
1297 | proto_tree_add_item(attr_tree, hf_eap_aka_autn, tvb, aoffset, aleft, ENC_NA0x00000000); |
1298 | break; |
1299 | case AT_RES3: |
1300 | proto_tree_add_item_ret_uint(attr_tree, hf_eap_aka_res_len, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000, &actual_length); |
1301 | aoffset += 2; |
1302 | aleft -= 2; |
1303 | proto_tree_add_bits_item(attr_tree, hf_eap_aka_res, tvb, aoffset << 3, actual_length, ENC_NA0x00000000); |
1304 | break; |
1305 | case AT_AUTS4: |
1306 | proto_tree_add_item(attr_tree, hf_eap_aka_auts, tvb, aoffset, aleft, ENC_NA0x00000000); |
1307 | break; |
1308 | case AT_IDENTITY14: |
1309 | proto_tree_add_item_ret_uint(attr_tree, hf_eap_identity_actual_len, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000, &actual_length); |
1310 | dissect_eap_identity(tvb, pinfo, attr_tree, aoffset + 2, actual_length); |
1311 | /* If we have a disparity between the EAP-AKA length (minus the |
1312 | * first 4 bytes of header fields) * 4 and the Identity Actual |
1313 | * Length then it's padding and we need to adjust for that |
1314 | * accurately before looking at the next EAP-AKA attribute. */ |
1315 | padding = ((length - 1) * 4) - actual_length; |
1316 | if (padding != 0) { |
1317 | proto_tree_add_item(attr_tree, hf_eap_identity_padding, tvb, |
1318 | aoffset + 2 + actual_length, padding, ENC_NA0x00000000); |
1319 | } |
1320 | break; |
1321 | case AT_NOTIFICATION12: |
1322 | proto_tree_add_item(attr_tree, hf_eap_aka_notification_type, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1323 | break; |
1324 | case AT_CLIENT_ERROR_CODE22: |
1325 | proto_tree_add_item(attr_tree, hf_eap_aka_error_code_type, tvb, aoffset, 2, ENC_BIG_ENDIAN0x00000000); |
1326 | break; |
1327 | default: |
1328 | proto_tree_add_item(attr_tree, hf_eap_aka_subtype_value, tvb, aoffset, aleft, ENC_NA0x00000000); |
1329 | } |
1330 | |
1331 | offset += 4 * length; |
1332 | left -= 4 * length; |
1333 | } |
1334 | } |
1335 | |
1336 | static int |
1337 | dissect_eap_pax(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo, int offset, int size) |
1338 | { |
1339 | static int * const pax_flags[] = { |
1340 | &hf_eap_pax_flags_mf, |
1341 | &hf_eap_pax_flags_ce, |
1342 | &hf_eap_pax_flags_ai, |
1343 | &hf_eap_pax_flags_reserved, |
1344 | NULL((void*)0) |
1345 | }; |
1346 | uint32_t opcode; |
1347 | uint64_t flags; |
1348 | uint32_t len; |
1349 | |
1350 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_opcode, tvb, offset, 1, ENC_NA0x00000000, &opcode); |
1351 | offset++; |
1352 | |
1353 | col_append_fstr(pinfo->cinfo, COL_INFO, " %s", |
1354 | val_to_str(opcode, eap_pax_opcode_vals, "Unknown opcode (0x%02X)")); |
1355 | |
1356 | proto_tree_add_bitmask_ret_uint64(eap_tree, tvb, offset, hf_eap_pax_flags, ett_eap_pax_flags, |
1357 | pax_flags, ENC_BIG_ENDIAN0x00000000, &flags); |
1358 | offset++; |
1359 | |
1360 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_id, tvb, offset, 1, ENC_NA0x00000000); |
1361 | offset++; |
1362 | |
1363 | proto_tree_add_item(eap_tree, hf_eap_pax_dh_group_id, tvb, offset, 1, ENC_NA0x00000000); |
1364 | offset++; |
1365 | |
1366 | proto_tree_add_item(eap_tree, hf_eap_pax_public_key_id, tvb, offset, 1, ENC_NA0x00000000); |
1367 | offset++; |
1368 | |
1369 | switch (opcode) { |
1370 | case PAX_STD_10x01: |
1371 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_a_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1372 | offset += 2; |
1373 | proto_tree_add_item(eap_tree, hf_eap_pax_a, tvb, offset, len, ENC_NA0x00000000); |
1374 | offset += len; |
1375 | len = 5 + size - offset; |
1376 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_icv, tvb, offset, len, ENC_NA0x00000000); |
1377 | offset += len; |
1378 | break; |
1379 | case PAX_STD_20x02: |
1380 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_b_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1381 | offset += 2; |
1382 | proto_tree_add_item(eap_tree, hf_eap_pax_b, tvb, offset, len, ENC_NA0x00000000); |
1383 | offset += len; |
1384 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_cid_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1385 | offset += 2; |
1386 | proto_tree_add_item(eap_tree, hf_eap_pax_cid, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1387 | offset += len; |
1388 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_mac_ck_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1389 | offset += 2; |
1390 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_ck, tvb, offset, len, ENC_NA0x00000000); |
1391 | offset += len; |
1392 | if (flags & EAP_PAX_FLAG_AI0x04) { |
1393 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_ade_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1394 | offset += 2; |
1395 | proto_tree_add_item(eap_tree, hf_eap_pax_ade, tvb, offset, len, ENC_NA0x00000000); |
1396 | offset += len; |
1397 | } |
1398 | len = 5 + size - offset; |
1399 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_icv, tvb, offset, len, ENC_NA0x00000000); |
1400 | offset += len; |
1401 | break; |
1402 | case PAX_STD_30x03: |
1403 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_mac_ck_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1404 | offset += 2; |
1405 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_ck, tvb, offset, len, ENC_NA0x00000000); |
1406 | offset += len; |
1407 | if (flags & EAP_PAX_FLAG_AI0x04) { |
1408 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_ade_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1409 | offset += 2; |
1410 | proto_tree_add_item(eap_tree, hf_eap_pax_ade, tvb, offset, len, ENC_NA0x00000000); |
1411 | offset += len; |
1412 | } |
1413 | len = 5 + size - offset; |
1414 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_icv, tvb, offset, len, ENC_NA0x00000000); |
1415 | offset += len; |
1416 | break; |
1417 | case PAX_ACK0x21: |
1418 | if (flags & EAP_PAX_FLAG_AI0x04) { |
1419 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_pax_ade_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1420 | offset += 2; |
1421 | proto_tree_add_item(eap_tree, hf_eap_pax_ade, tvb, offset, len, ENC_NA0x00000000); |
1422 | offset += len; |
1423 | } |
1424 | len = 5 + size - offset; |
1425 | proto_tree_add_item(eap_tree, hf_eap_pax_mac_icv, tvb, offset, len, ENC_NA0x00000000); |
1426 | offset += len; |
1427 | break; |
1428 | case PAX_SEC_10x11: |
1429 | case PAX_SEC_20x12: |
1430 | case PAX_SEC_30x13: |
1431 | case PAX_SEC_40x14: |
1432 | case PAX_SEC_50x15: |
1433 | /* TODO implement */ |
1434 | default: |
1435 | break; |
1436 | } |
1437 | |
1438 | return offset; |
1439 | } |
1440 | |
1441 | static int |
1442 | dissect_eap_psk_pchannel(proto_tree *eap_tree, tvbuff_t *tvb, int offset, int size) |
1443 | { |
1444 | /* The protected channel (PCHANNEL) content is encrypted so for now just present |
1445 | * it as a binary blob */ |
1446 | proto_tree_add_item(eap_tree, hf_eap_psk_pchannel, tvb, offset, size, ENC_NA0x00000000); |
1447 | offset += size; |
1448 | return offset; |
1449 | } |
1450 | |
1451 | static int |
1452 | dissect_eap_psk(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo, int offset, int size) |
1453 | { |
1454 | static int * const psk_flags[] = { |
1455 | &hf_eap_psk_flags_t, |
1456 | &hf_eap_psk_flags_reserved, |
1457 | NULL((void*)0) |
1458 | }; |
1459 | uint64_t flags; |
1460 | |
1461 | proto_tree_add_bitmask_ret_uint64(eap_tree, tvb, offset, hf_eap_psk_flags, ett_eap_psk_flags, |
1462 | psk_flags, ENC_NA0x00000000, &flags); |
1463 | offset++; |
1464 | |
1465 | switch (flags & EAP_PSK_FLAGS_T_MASK0xC0) { |
1466 | case 0x00: /* T == 0 - EAP-PSK First Message */ |
1467 | col_append_str(pinfo->cinfo, COL_INFO, " First Message"); |
1468 | proto_tree_add_item(eap_tree, hf_eap_psk_rand_s, tvb, offset, 16, ENC_NA0x00000000); |
1469 | offset += 16; |
1470 | proto_tree_add_item(eap_tree, hf_eap_psk_id_s, tvb, offset, size + 5 - offset, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1471 | offset = size; |
1472 | break; |
1473 | case 0x40: /* T == 1 - EAP-PSK Second Message */ |
1474 | col_append_str(pinfo->cinfo, COL_INFO, " Second Message"); |
1475 | proto_tree_add_item(eap_tree, hf_eap_psk_rand_s, tvb, offset, 16, ENC_NA0x00000000); |
1476 | offset += 16; |
1477 | proto_tree_add_item(eap_tree, hf_eap_psk_rand_p, tvb, offset, 16, ENC_NA0x00000000); |
1478 | offset += 16; |
1479 | proto_tree_add_item(eap_tree, hf_eap_psk_mac_p, tvb, offset, 16, ENC_NA0x00000000); |
1480 | offset += 16; |
1481 | proto_tree_add_item(eap_tree, hf_eap_psk_id_p, tvb, offset, size + 5 - offset, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1482 | offset = size; |
1483 | break; |
1484 | case 0x80: /* T == 2 - EAP-PSK Third Message */ |
1485 | col_append_str(pinfo->cinfo, COL_INFO, " Third Message"); |
1486 | proto_tree_add_item(eap_tree, hf_eap_psk_rand_s, tvb, offset, 16, ENC_NA0x00000000); |
1487 | offset += 16; |
1488 | proto_tree_add_item(eap_tree, hf_eap_psk_mac_s, tvb, offset, 16, ENC_NA0x00000000); |
1489 | offset += 16; |
1490 | offset = dissect_eap_psk_pchannel(eap_tree, tvb, offset, size + 5 - offset); |
1491 | break; |
1492 | case 0xC0: /* T == 3 - EAP-PSK Fourth Message */ |
1493 | col_append_str(pinfo->cinfo, COL_INFO, " Fourth Message"); |
1494 | proto_tree_add_item(eap_tree, hf_eap_psk_rand_s, tvb, offset, 16, ENC_NA0x00000000); |
1495 | offset += 16; |
1496 | offset = dissect_eap_psk_pchannel(eap_tree, tvb, offset, size + 5 - offset); |
1497 | break; |
1498 | default: |
1499 | break; |
1500 | } |
1501 | |
1502 | return offset; |
1503 | } |
1504 | |
1505 | static int |
1506 | dissect_eap_gpsk_csuite_sel(proto_tree *eap_tree, tvbuff_t *tvb, int offset) |
1507 | { |
1508 | proto_tree *csuite_tree; |
1509 | csuite_tree = proto_tree_add_subtree(eap_tree, tvb, offset, 6, ett_eap_gpsk_csuite_sel, |
1510 | NULL((void*)0), "EAP-GPSK CSuite_Sel"); |
1511 | proto_tree_add_item(csuite_tree, hf_eap_gpsk_csuite_vendor, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
1512 | offset += 4; |
1513 | proto_tree_add_item(csuite_tree, hf_eap_gpsk_csuite_specifier, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1514 | offset += 2; |
1515 | return offset; |
1516 | } |
1517 | |
1518 | static int |
1519 | dissect_eap_gpsk_csuite_list(proto_tree *eap_tree, tvbuff_t *tvb, int offset) |
1520 | { |
1521 | int start_offset = offset; |
1522 | uint16_t len; |
1523 | proto_tree *list_tree, *csuite_tree; |
1524 | |
1525 | len = tvb_get_ntohs(tvb, offset) + 2; |
1526 | list_tree = proto_tree_add_subtree(eap_tree, tvb, offset, len, ett_eap_gpsk_csuite_list, |
1527 | NULL((void*)0), "EAP-GPSK CSuite List"); |
1528 | proto_tree_add_item(list_tree, hf_eap_gpsk_csuite_list_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1529 | offset += 2; |
1530 | |
1531 | while (offset < start_offset + len) { |
1532 | csuite_tree = proto_tree_add_subtree(list_tree, tvb, offset, 6, ett_eap_gpsk_csuite, |
1533 | NULL((void*)0), "CSuite"); |
1534 | proto_tree_add_item(csuite_tree, hf_eap_gpsk_csuite_vendor, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
1535 | offset += 4; |
1536 | proto_tree_add_item(csuite_tree, hf_eap_gpsk_csuite_specifier, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1537 | offset += 2; |
1538 | } |
1539 | return offset; |
1540 | } |
1541 | |
1542 | static int |
1543 | dissect_eap_sake_attribute(proto_tree *eap_tree, tvbuff_t *tvb, int offset, int size) |
1544 | { |
1545 | int start_offset = offset; |
1546 | uint8_t type; |
1547 | uint8_t len; |
1548 | proto_tree *attr_tree; |
1549 | |
1550 | type = tvb_get_uint8(tvb, offset); |
1551 | len = tvb_get_uint8(tvb, offset + 1); |
1552 | |
1553 | if (len < 2 || len > size) { |
1554 | return -1; |
1555 | } |
1556 | attr_tree = proto_tree_add_subtree_format(eap_tree, tvb, offset, len, ett_eap_sake_attr, NULL((void*)0), |
1557 | "EAP-SAKE Attribute: %s", |
1558 | val_to_str(type, eap_sake_attr_type_vals, |
1559 | "Unknown (%d)")); |
1560 | |
1561 | proto_tree_add_item(attr_tree, hf_eap_sake_attr_type, tvb, offset, 1, ENC_NA0x00000000); |
1562 | offset++; |
1563 | proto_tree_add_item(attr_tree, hf_eap_sake_attr_len, tvb, offset, 1, ENC_NA0x00000000); |
1564 | offset++; |
1565 | len -= 2; |
1566 | |
1567 | switch (type) { |
1568 | case SAKE_AT_SERVERID5: |
1569 | case SAKE_AT_PEERID6: |
1570 | proto_tree_add_item(attr_tree, hf_eap_sake_attr_value_str, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1571 | offset += len; |
1572 | break; |
1573 | case SAKE_AT_MSK_LIFE132: |
1574 | proto_tree_add_item(attr_tree, hf_eap_sake_attr_value_uint48, tvb, offset, len, |
1575 | ENC_BIG_ENDIAN0x00000000); |
1576 | offset += len; |
1577 | break; |
1578 | case SAKE_AT_RAND_S1: |
1579 | case SAKE_AT_RAND_P2: |
1580 | case SAKE_AT_MIC_S3: |
1581 | case SAKE_AT_MIC_P4: |
1582 | case SAKE_AT_SPI_S7: |
1583 | case SAKE_AT_SPI_P8: |
1584 | case SAKE_AT_ANY_ID_REQ9: |
1585 | case SAKE_AT_PERM_ID_REQ10: |
1586 | case SAKE_AT_ENCR_DATA128: |
1587 | case SAKE_AT_IV129: |
1588 | case SAKE_AT_PADDING130: |
1589 | case SAKE_AT_NEXT_TMPID131: |
1590 | default: |
1591 | proto_tree_add_item(attr_tree, hf_eap_sake_attr_value, tvb, offset, len, ENC_NA0x00000000); |
1592 | offset += len; |
1593 | break; |
1594 | } |
1595 | return offset - start_offset; |
1596 | } |
1597 | |
1598 | static void |
1599 | dissect_eap_sake_attributes(proto_tree *eap_tree, tvbuff_t *tvb, int offset, int size) |
1600 | { |
1601 | int attr_size; |
1602 | while (offset < size) { |
1603 | attr_size = dissect_eap_sake_attribute(eap_tree, tvb, offset, size); |
1604 | if (attr_size == -1) { |
1605 | break; |
1606 | } |
1607 | offset += attr_size; |
1608 | } |
1609 | } |
1610 | |
1611 | static void |
1612 | dissect_eap_sake(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), int offset, int size) |
1613 | { |
1614 | uint32_t version; |
1615 | uint32_t subtype; |
1616 | |
1617 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_sake_version, tvb, offset, 1, ENC_NA0x00000000, &version); |
1618 | offset++; |
1619 | if (version != 2) { |
1620 | /* RFC 4763 specify version 2. Everything else is unsupported */ |
1621 | return; |
1622 | } |
1623 | proto_tree_add_item(eap_tree, hf_eap_sake_session_id, tvb, offset, 1, ENC_NA0x00000000); |
1624 | offset++; |
1625 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_sake_subtype, tvb, offset, 1, ENC_NA0x00000000, &subtype); |
1626 | offset++; |
1627 | |
1628 | switch (subtype) { |
1629 | case SAKE_CHALLENGE1: |
1630 | case SAKE_CONFIRM2: |
1631 | case SAKE_AUTH_REJECT3: |
1632 | case SAKE_IDENTITY4: |
1633 | dissect_eap_sake_attributes(eap_tree, tvb, offset, size + 5 - offset); |
1634 | break; |
1635 | default: |
1636 | break; |
1637 | } |
1638 | } |
1639 | |
1640 | static int |
1641 | dissect_eap_gpsk(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo, int offset, int size) |
1642 | { |
1643 | uint32_t opcode; |
1644 | uint32_t len; |
1645 | |
1646 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_opcode, tvb, offset, 1, ENC_NA0x00000000, &opcode); |
1647 | offset++; |
1648 | col_append_fstr(pinfo->cinfo, COL_INFO, " %s", |
1649 | val_to_str(opcode, eap_gpsk_opcode_vals, "Unknown opcode (0x%02X)")); |
1650 | |
1651 | switch (opcode) { |
1652 | case GPSK_GPSK_11: |
1653 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_id_server_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1654 | offset += 2; |
1655 | proto_tree_add_item(eap_tree, hf_eap_gpsk_id_server, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1656 | offset += len; |
1657 | proto_tree_add_item(eap_tree, hf_eap_gpsk_rand_server, tvb, offset, 32, ENC_NA0x00000000); |
1658 | offset += 32; |
1659 | offset = dissect_eap_gpsk_csuite_list(eap_tree, tvb, offset); |
1660 | break; |
1661 | case GPSK_GPSK_22: |
1662 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_id_peer_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1663 | offset += 2; |
1664 | proto_tree_add_item(eap_tree, hf_eap_gpsk_id_peer, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1665 | offset += len; |
1666 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_id_server_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1667 | offset += 2; |
1668 | proto_tree_add_item(eap_tree, hf_eap_gpsk_id_server, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1669 | offset += len; |
1670 | proto_tree_add_item(eap_tree, hf_eap_gpsk_rand_peer, tvb, offset, 32, ENC_NA0x00000000); |
1671 | offset += 32; |
1672 | proto_tree_add_item(eap_tree, hf_eap_gpsk_rand_server, tvb, offset, 32, ENC_NA0x00000000); |
1673 | offset += 32; |
1674 | offset = dissect_eap_gpsk_csuite_list(eap_tree, tvb, offset); |
1675 | offset = dissect_eap_gpsk_csuite_sel(eap_tree, tvb, offset); |
1676 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_pd_payload_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1677 | offset += 2; |
1678 | if (len > 0) { |
1679 | proto_tree_add_item(eap_tree, hf_eap_gpsk_pd_payload, tvb, offset, len, ENC_NA0x00000000); |
1680 | offset += len; |
1681 | } |
1682 | len = size + 5 - offset; |
1683 | proto_tree_add_item(eap_tree, hf_eap_gpsk_payload_mac, tvb, offset, len, ENC_NA0x00000000); |
1684 | offset += len; |
1685 | break; |
1686 | case GPSK_GPSK_33: |
1687 | proto_tree_add_item(eap_tree, hf_eap_gpsk_rand_peer, tvb, offset, 32, ENC_NA0x00000000); |
1688 | offset += 32; |
1689 | proto_tree_add_item(eap_tree, hf_eap_gpsk_rand_server, tvb, offset, 32, ENC_NA0x00000000); |
1690 | offset += 32; |
1691 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_id_server_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1692 | offset += 2; |
1693 | proto_tree_add_item(eap_tree, hf_eap_gpsk_id_server, tvb, offset, len, ENC_ASCII0x00000000 | ENC_NA0x00000000); |
1694 | offset += len; |
1695 | offset = dissect_eap_gpsk_csuite_sel(eap_tree, tvb, offset); |
1696 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_pd_payload_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1697 | offset += 2; |
1698 | if (len > 0) { |
1699 | proto_tree_add_item(eap_tree, hf_eap_gpsk_pd_payload, tvb, offset, len, ENC_NA0x00000000); |
1700 | offset += len; |
1701 | } |
1702 | len = size + 5 - offset; |
1703 | proto_tree_add_item(eap_tree, hf_eap_gpsk_payload_mac, tvb, offset, len, ENC_NA0x00000000); |
1704 | offset += len; |
1705 | break; |
1706 | case GPSK_GPSK_44: |
1707 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_gpsk_pd_payload_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &len); |
1708 | offset += 2; |
1709 | if (len > 0) { |
1710 | proto_tree_add_item(eap_tree, hf_eap_gpsk_pd_payload, tvb, offset, len, ENC_NA0x00000000); |
1711 | offset += len; |
1712 | } |
1713 | len = size + 5 - offset; |
1714 | proto_tree_add_item(eap_tree, hf_eap_gpsk_payload_mac, tvb, offset, len, ENC_NA0x00000000); |
1715 | offset += len; |
1716 | break; |
1717 | case GPSK_FAIL5: |
1718 | proto_tree_add_item(eap_tree, hf_eap_gpsk_failure_code, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
1719 | offset += 4; |
1720 | break; |
1721 | case GPSK_PROTECTED_FAIL6: |
1722 | proto_tree_add_item(eap_tree, hf_eap_gpsk_failure_code, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
1723 | offset += 4; |
1724 | len = size + 5 - offset; |
1725 | proto_tree_add_item(eap_tree, hf_eap_gpsk_payload_mac, tvb, offset, len, ENC_NA0x00000000); |
1726 | offset += len; |
1727 | break; |
1728 | default: |
1729 | break; |
1730 | } |
1731 | |
1732 | return offset; |
1733 | } |
1734 | |
1735 | static int |
1736 | dissect_eap_msauth_tlv(proto_tree *eap_tree, tvbuff_t *tvb, packet_info *pinfo, int offset, int size) |
1737 | { |
1738 | unsigned tlv_type, tlv_len; |
1739 | proto_tree *tlv_tree, *tree, *ti_len; |
1740 | |
1741 | tlv_tree = proto_tree_add_subtree(eap_tree, tvb, offset, size, ett_eap_msauth_tlv, |
1742 | NULL((void*)0), "Tag Length Values"); |
1743 | |
1744 | next_tlv: |
1745 | tlv_type = tvb_get_uint16(tvb, offset, ENC_BIG_ENDIAN0x00000000) & MSAUTH_TLV_TYPE0x3FFF; |
1746 | tlv_len = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN0x00000000); |
1747 | |
1748 | tree = proto_tree_add_subtree_format(tlv_tree, tvb, offset, 4 + tlv_len, |
1749 | ett_eap_msauth_tlv_tree, NULL((void*)0), "TLV: t=%s(%d) l=%d", |
1750 | val_to_str_const(tlv_type, eap_msauth_tlv_type_vals, "Unknown"), |
1751 | tlv_type, 4 + tlv_len); |
1752 | |
1753 | proto_tree_add_item(tree, hf_eap_msauth_tlv_mandatory, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1754 | proto_tree_add_item(tree, hf_eap_msauth_tlv_reserved, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1755 | proto_tree_add_item(tree, hf_eap_msauth_tlv_type, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1756 | offset += 2; |
1757 | |
1758 | proto_tree_add_item(tree, hf_eap_msauth_tlv_len, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1759 | offset += 2; |
1760 | |
1761 | switch (tlv_type) { |
1762 | case MSAUTH_TLV_TYPE_EXTENSION_RESULT3: |
1763 | proto_tree_add_item(tree, hf_eap_msauth_tlv_status, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
1764 | offset += 2; |
1765 | break; |
1766 | |
1767 | case MSAUTH_TLV_TYPE_EXTENSION_CRYPTOBINDING12: |
1768 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_reserved, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1769 | offset += 1; |
1770 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_version, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1771 | offset += 1; |
1772 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_rcv_version, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1773 | offset += 1; |
1774 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_subtype, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
1775 | offset += 1; |
1776 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_nonce, tvb, offset, 32, ENC_NA0x00000000); |
1777 | offset += 32; |
1778 | proto_tree_add_item(tree, hf_eap_msauth_tlv_crypto_cmac, tvb, offset, 20, ENC_NA0x00000000); |
1779 | offset += 20; |
1780 | break; |
1781 | |
1782 | default: |
1783 | ti_len = proto_tree_add_item(tree, hf_eap_msauth_tlv_val, tvb, offset, tlv_len, ENC_NA0x00000000); |
1784 | if (4 + tlv_len > (unsigned)size - offset) { |
1785 | expert_add_info(pinfo, ti_len, &ei_eap_bad_length); |
1786 | } |
1787 | offset += tlv_len; |
1788 | } |
1789 | |
1790 | if (offset < size) { |
1791 | goto next_tlv; |
1792 | } |
1793 | |
1794 | return offset; |
1795 | } |
1796 | |
1797 | |
1798 | static int |
1799 | dissect_eap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U___attribute__((unused))) |
1800 | { |
1801 | uint8_t eap_code; |
1802 | uint8_t eap_identifier; |
1803 | uint16_t eap_len; |
1804 | uint8_t eap_type; |
1805 | int len; |
1806 | conversation_t *conversation = NULL((void*)0); |
1807 | conv_state_t *conversation_state = NULL((void*)0); |
1808 | frame_state_t *packet_state; |
1809 | int leap_state; |
1810 | proto_tree *ti, *ti_id, *ti_len; |
1811 | proto_tree *eap_tree; |
1812 | proto_tree *eap_tls_flags_tree; |
1813 | proto_item *eap_type_item; |
1814 | static address null_address = ADDRESS_INIT_NONE{AT_NONE, 0, ((void*)0), ((void*)0)}; |
1815 | static uint8_t pae_group_address_mac_addr[6] = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 }; |
1816 | static address pae_group_address = ADDRESS_INIT(AT_ETHER, sizeof(pae_group_address_mac_addr), pae_group_address_mac_addr){AT_ETHER, sizeof(pae_group_address_mac_addr), pae_group_address_mac_addr , ((void*)0)}; |
1817 | |
1818 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "EAP"); |
1819 | col_clear(pinfo->cinfo, COL_INFO); |
1820 | |
1821 | eap_code = tvb_get_uint8(tvb, 0); |
1822 | eap_identifier = tvb_get_uint8(tvb, 1); |
1823 | |
1824 | col_add_str(pinfo->cinfo, COL_INFO, |
1825 | val_to_str(eap_code, eap_code_vals, "Unknown code (0x%02X)")); |
1826 | |
1827 | /* |
1828 | * Find a conversation to which we belong; create one if we don't find it. |
1829 | * |
1830 | * EAP runs over RADIUS (which runs over UDP), EAPOL (802.1X Authentication) |
1831 | * or other transports. In case of RADIUS, a single "session" may consist |
1832 | * of two UDP associations (one for authorization, one for accounting) which |
1833 | * results in two separate conversations. This wastes memory, but won't affect |
1834 | * the use cases below. In case of EAPOL, there are no ports. In any case, |
1835 | * force a new conversation when the EAP-Request/Identity message is found. |
1836 | * |
1837 | * Conversation tracking is required for 1) EAP-TLS reassembly and 2) tracking |
1838 | * the stage in the LEAP protocol. In both cases, the protocol starts with an |
1839 | * EAP-Request/Identity message which cannot be found in the middle of the |
1840 | * session. Use it as a signal to start a new conversation. This ensures that |
1841 | * the TLS dissector associates new TLS messages with a unique TLS session. |
1842 | * |
1843 | * For EAPOL frames we need to massage the source/destination addresses into |
1844 | * something stable for the TLS decoder as wireshark typically thinks there |
1845 | * are three conversations occurring when there is only one: |
1846 | * * src ether = server mac -> dst ether = PAE multicast group address |
1847 | * * src ether = server mac -> dst ether = client mac |
1848 | * * src ether = client mac -> dst ether = PAE multicast group address |
1849 | * We set the port so the TLS decoder can figure out which side is the server |
1850 | */ |
1851 | address conv_src, conv_dst; |
1852 | uint32_t tls_group = pinfo->curr_proto_layer_num << 16; |
1853 | uint32_t conv_srcport = pinfo->srcport; |
1854 | uint32_t conv_destport = pinfo->destport; |
1855 | if (pinfo->src.type == AT_ETHER) { |
1856 | if (eap_code == EAP_REQUEST1) { /* server -> client */ |
1857 | copy_address_shallow(&conv_src, &null_address); |
1858 | copy_address_shallow(&conv_dst, &pae_group_address); |
1859 | conv_srcport = 443; |
1860 | } else { /* client -> server */ |
1861 | copy_address_shallow(&conv_src, &pae_group_address); |
1862 | copy_address_shallow(&conv_dst, &null_address); |
1863 | conv_destport = 443; |
1864 | } |
1865 | } |
1866 | else { |
1867 | copy_address_shallow(&conv_src, &pinfo->src); |
1868 | copy_address_shallow(&conv_dst, &pinfo->dst); |
1869 | } |
1870 | |
1871 | /* |
1872 | * To support tunneled EAP-TLS (e.g. {TTLS,PEAP,TEAP,...}/EAP-TLS) we |
1873 | * group our TLS frames by the depth they are found at and use this |
1874 | * as offsets for p_get_proto_data/p_add_proto_data and as done for |
1875 | * EAPOL above we massage the client port using this too |
1876 | */ |
1877 | |
1878 | if (eap_code == EAP_REQUEST1) { /* server -> client */ |
1879 | conv_destport |= tls_group; |
1880 | } |
1881 | else { /* client -> server */ |
1882 | conv_srcport |= tls_group; |
1883 | } |
1884 | |
1885 | conversation_set_conv_addr_port_endpoints(pinfo, &conv_src, &conv_dst, |
1886 | conversation_pt_to_conversation_type(pinfo->ptype), conv_srcport, conv_destport); |
1887 | |
1888 | if (PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited) || !(eap_code == EAP_REQUEST1 && tvb_get_uint8(tvb, 4) == EAP_TYPE_ID1)) { |
1889 | conversation = find_or_create_conversation(pinfo); |
1890 | } |
1891 | if (conversation == NULL((void*)0)) { |
1892 | conversation = conversation_new(pinfo->num, &conv_src, |
1893 | &conv_dst, conversation_pt_to_conversation_type(pinfo->ptype), |
1894 | conv_srcport, conv_destport, 0); |
1895 | } |
1896 | |
1897 | /* |
1898 | * Get the state information for the conversation; attach some if |
1899 | * we don't find it. |
1900 | */ |
1901 | conversation_state = (conv_state_t *)conversation_get_proto_data(conversation, proto_eap); |
1902 | if (conversation_state == NULL((void*)0)) { |
1903 | /* |
1904 | * Attach state information to the conversation. |
1905 | */ |
1906 | conversation_state = wmem_new(wmem_file_scope(), conv_state_t)((conv_state_t*)wmem_alloc((wmem_file_scope()), sizeof(conv_state_t ))); |
1907 | conversation_state->eap_tls_seq = -1; |
1908 | conversation_state->eap_reass_cookie = 0; |
1909 | conversation_state->leap_state = -1; |
1910 | conversation_state->last_eap_id_req = -1; |
1911 | conversation_state->last_eap_id_resp = -1; |
1912 | conversation_add_proto_data(conversation, proto_eap, conversation_state); |
1913 | } |
1914 | |
1915 | /* |
1916 | * Set this now, so that it gets remembered even if we throw an exception |
1917 | * later. |
1918 | */ |
1919 | if (eap_code == EAP_FAILURE4) |
1920 | conversation_state->leap_state = -1; |
1921 | |
1922 | eap_len = tvb_get_ntohs(tvb, 2); |
1923 | len = eap_len; |
1924 | |
1925 | ti = proto_tree_add_item(tree, proto_eap, tvb, 0, len, ENC_NA0x00000000); |
1926 | eap_tree = proto_item_add_subtree(ti, ett_eap); |
1927 | |
1928 | proto_tree_add_item(eap_tree, hf_eap_code, tvb, 0, 1, ENC_BIG_ENDIAN0x00000000); |
1929 | ti_id = proto_tree_add_item(eap_tree, hf_eap_identifier, tvb, 1, 1, ENC_BIG_ENDIAN0x00000000); |
1930 | ti_len = proto_tree_add_item(eap_tree, hf_eap_len, tvb, 2, 2, ENC_BIG_ENDIAN0x00000000); |
1931 | if (len < 4 || (unsigned)len > tvb_reported_length(tvb)) { |
1932 | expert_add_info(pinfo, ti_len, &ei_eap_bad_length); |
1933 | } |
1934 | |
1935 | /* Detect message retransmissions. Since the protocol proceeds in lock-step, |
1936 | * reordering is not expected. If retransmissions somehow occur, we would have |
1937 | * to detect retransmissions via a bitmap. */ |
1938 | bool_Bool is_duplicate_id = false0; |
1939 | if (conversation_state) { |
1940 | if (eap_code == EAP_REQUEST1 || eap_code == EAP_RESPONSE2 || |
1941 | eap_code == EAP_INITIATE5 || eap_code == EAP_FINISH6) { |
1942 | if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { |
1943 | int16_t *last_eap_id = eap_code == EAP_REQUEST1 || eap_code == EAP_INITIATE5 ? |
1944 | &conversation_state->last_eap_id_req : |
1945 | &conversation_state->last_eap_id_resp; |
1946 | is_duplicate_id = *last_eap_id == eap_identifier; |
1947 | *last_eap_id = eap_identifier; |
1948 | if (is_duplicate_id) { |
1949 | // Use a dummy value to remember that this packet is a duplicate. |
1950 | p_add_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_DUPLICATE_ID | tls_group, GINT_TO_POINTER(1)((gpointer) (glong) (1))); |
1951 | } |
1952 | } else { |
1953 | is_duplicate_id = !!p_get_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_DUPLICATE_ID | tls_group); |
1954 | } |
1955 | if (is_duplicate_id) { |
1956 | expert_add_info(pinfo, ti_id, &ei_eap_retransmission); |
1957 | } |
1958 | } |
1959 | } |
1960 | |
1961 | switch (eap_code) { |
1962 | |
1963 | case EAP_SUCCESS3: |
1964 | case EAP_FAILURE4: |
1965 | break; |
1966 | |
1967 | case EAP_REQUEST1: |
1968 | case EAP_RESPONSE2: |
1969 | eap_type = tvb_get_uint8(tvb, 4); |
1970 | |
1971 | col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", |
1972 | val_to_str_ext(eap_type, &eap_type_vals_ext, |
1973 | "Unknown type (0x%02x)")); |
1974 | eap_type_item = proto_tree_add_item(eap_tree, hf_eap_type, tvb, 4, 1, ENC_BIG_ENDIAN0x00000000); |
1975 | |
1976 | if ((len > 5) || ((len == 5) && (eap_type == EAP_TYPE_ID1))) { |
1977 | int offset = 5; |
1978 | int size = len - offset; |
1979 | |
1980 | switch (eap_type) { |
1981 | /********************************************************************* |
1982 | **********************************************************************/ |
1983 | case EAP_TYPE_ID1: |
1984 | if (size > 0) { |
1985 | dissect_eap_identity(tvb, pinfo, eap_tree, offset, size); |
1986 | } |
1987 | if (conversation_state && !PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { |
1988 | conversation_state->leap_state = 0; |
1989 | conversation_state->eap_tls_seq = -1; |
1990 | } |
1991 | break; |
1992 | |
1993 | /********************************************************************* |
1994 | **********************************************************************/ |
1995 | case EAP_TYPE_NOTIFY2: |
1996 | proto_tree_add_item(eap_tree, hf_eap_notification, tvb, |
1997 | offset, size, ENC_ASCII0x00000000); |
1998 | break; |
1999 | |
2000 | /********************************************************************* |
2001 | **********************************************************************/ |
2002 | case EAP_TYPE_NAK3: |
2003 | proto_tree_add_item(eap_tree, hf_eap_type_nak, tvb, |
2004 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
2005 | break; |
2006 | /********************************************************************* |
2007 | **********************************************************************/ |
2008 | case EAP_TYPE_MD54: |
2009 | { |
2010 | uint8_t value_size = tvb_get_uint8(tvb, offset); |
2011 | int extra_len = size - 1 - value_size; |
2012 | proto_item *item; |
2013 | |
2014 | /* Warn that this is an insecure EAP type. */ |
2015 | expert_add_info(pinfo, eap_type_item, &ei_eap_mitm_attacks); |
2016 | |
2017 | item = proto_tree_add_item(eap_tree, hf_eap_md5_value_size, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2018 | if (value_size > (size - 1)) |
2019 | { |
2020 | expert_add_info(pinfo, item, &ei_eap_md5_value_size_overflow); |
2021 | value_size = size - 1; |
2022 | } |
2023 | |
2024 | offset += 1; |
2025 | proto_tree_add_item(eap_tree, hf_eap_md5_value, tvb, offset, value_size, ENC_NA0x00000000); |
2026 | offset += value_size; |
2027 | if (extra_len > 0) { |
2028 | proto_tree_add_item(eap_tree, hf_eap_md5_extra_data, tvb, offset, extra_len, ENC_NA0x00000000); |
2029 | } |
2030 | } |
2031 | break; |
2032 | |
2033 | /********************************************************************* |
2034 | EAP-TLS |
2035 | **********************************************************************/ |
2036 | case EAP_TYPE_FAST43: |
2037 | case EAP_TYPE_PEAP25: |
2038 | case EAP_TYPE_TTLS21: |
2039 | case EAP_TYPE_TLS13: |
2040 | case EAP_TYPE_TEAP55: |
2041 | { |
2042 | bool_Bool more_fragments; |
2043 | bool_Bool has_length; |
2044 | bool_Bool is_start; |
2045 | bool_Bool outer_tlvs = false0; |
2046 | int outer_tlvs_length = 0; |
2047 | int eap_tls_seq = -1; |
2048 | uint32_t eap_reass_cookie = 0; |
2049 | bool_Bool needs_reassembly = false0; |
2050 | |
2051 | if (!conversation_state) { |
2052 | // XXX expert info? There cannot be another EAP-TTLS message within |
2053 | // the EAP-Message inside EAP-TTLS. |
2054 | break; |
2055 | } |
2056 | |
2057 | /* Flags field, 1 byte */ |
2058 | ti = proto_tree_add_item(eap_tree, hf_eap_tls_flags, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2059 | eap_tls_flags_tree = proto_item_add_subtree(ti, ett_eap_tls_flags); |
2060 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_tls_flag_l, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &has_length); |
2061 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_tls_flag_m, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &more_fragments); |
2062 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_tls_flag_s, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &is_start); |
2063 | |
2064 | switch (eap_type) { |
2065 | case EAP_TYPE_TEAP55: |
2066 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_tls_flag_o, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &outer_tlvs); |
2067 | /* FALLTHROUGH */ |
2068 | case EAP_TYPE_TTLS21: |
2069 | case EAP_TYPE_FAST43: |
2070 | case EAP_TYPE_PEAP25: |
2071 | proto_tree_add_item(eap_tls_flags_tree, hf_eap_tls_flags_version, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2072 | break; |
2073 | } |
2074 | size -= 1; |
2075 | offset += 1; |
2076 | |
2077 | /* Length field, 4 bytes, OPTIONAL. */ |
2078 | if (has_length) { |
2079 | proto_tree_add_item(eap_tree, hf_eap_tls_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
2080 | size -= 4; |
2081 | offset += 4; |
2082 | } |
2083 | |
2084 | /* Outer TLV Length field, 4 bytes, OPTIONAL. */ |
2085 | if (outer_tlvs) { |
2086 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_tls_outer_tlvs_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &outer_tlvs_length); |
2087 | size -= 4; |
2088 | offset += 4; |
2089 | } |
2090 | |
2091 | if (is_start) |
2092 | conversation_state->eap_tls_seq = -1; |
2093 | |
2094 | /* 4.1.1 Authority ID Data https://datatracker.ietf.org/doc/html/rfc4851#section-4.1.1 */ |
2095 | if (eap_type == EAP_TYPE_FAST43 && is_start) { |
2096 | uint32_t length, type; |
2097 | |
2098 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_fast_type, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &type); |
2099 | size -= 2; |
2100 | offset += 2; |
2101 | |
2102 | proto_tree_add_item_ret_uint(eap_tree, hf_eap_fast_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); |
2103 | size -= 2; |
2104 | offset += 2; |
2105 | |
2106 | proto_tree_add_item(eap_tree, hf_eap_data, tvb, offset, length, ENC_NA0x00000000); |
2107 | |
2108 | switch (type) { |
2109 | case 4: |
2110 | proto_tree_add_item(eap_tree, hf_eap_fast_aidd, tvb, offset, length, ENC_NA0x00000000); |
2111 | break; |
2112 | } |
2113 | size -= length; |
2114 | offset += length; |
2115 | |
2116 | } |
2117 | |
2118 | if (size > 0) { |
2119 | |
2120 | tvbuff_t *next_tvb = NULL((void*)0); |
2121 | int tvb_len; |
2122 | bool_Bool save_fragmented; |
2123 | |
2124 | tvb_len = tvb_captured_length_remaining(tvb, offset); |
2125 | if (size < tvb_len) |
2126 | tvb_len = size; |
2127 | |
2128 | /* If this is a retransmission, do not save the fragment. */ |
2129 | if (is_duplicate_id) { |
2130 | next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_len, size); |
2131 | call_data_dissector(next_tvb, pinfo, eap_tree); |
2132 | break; |
2133 | } |
2134 | |
2135 | /* |
2136 | EAP/TLS is weird protocol (it comes from |
2137 | Microsoft after all). |
2138 | |
2139 | If we have series of fragmented packets, |
2140 | then there's no way of knowing that from |
2141 | the packet itself, if it is the last packet |
2142 | in series, that is that the packet part of |
2143 | bigger fragmented set of data. |
2144 | |
2145 | The only way to know is, by knowing |
2146 | that we are already in defragmentation |
2147 | "mode" and we are expecing packet |
2148 | carrying fragment of data. (either |
2149 | because we have not received expected |
2150 | amount of data, or because the packet before |
2151 | had "F"ragment flag set.) |
2152 | |
2153 | The situation is alleviated by fact that it |
2154 | is simple ack/nack protcol so there's no |
2155 | place for out-of-order packets like it is |
2156 | possible with IP. |
2157 | |
2158 | Anyway, point of this lengthy essay is that |
2159 | we have to keep state information in the |
2160 | conversation, so that we can put ourselves in |
2161 | defragmenting mode and wait for the last packet, |
2162 | and have to attach state to frames as well, so |
2163 | that we can handle defragmentation after the |
2164 | first pass through the capture. |
2165 | */ |
2166 | /* See if we have a remembered defragmentation EAP ID. */ |
2167 | packet_state = (frame_state_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_FRAME_STATE | tls_group); |
2168 | if (packet_state == NULL((void*)0)) { |
2169 | /* |
2170 | * We haven't - does this message require reassembly? |
2171 | */ |
2172 | if (!pinfo->fd->visited) { |
2173 | /* |
2174 | * This is the first time we've looked at this frame, |
2175 | * so it wouldn't have any remembered information. |
2176 | * |
2177 | * Therefore, we check whether this conversation has |
2178 | * a reassembly operation in progress, or whether |
2179 | * this frame has the Fragment flag set. |
2180 | */ |
2181 | if (conversation_state->eap_tls_seq != -1) { |
2182 | /* |
2183 | * There's a reassembly in progress; the sequence number |
2184 | * of the previous fragment is |
2185 | * "conversation_state->eap_tls_seq", and the reassembly |
2186 | * ID is "conversation_state->eap_reass_cookie". |
2187 | * |
2188 | * We must include this frame in the reassembly. |
2189 | * We advance the sequence number, giving us the |
2190 | * sequence number for this fragment. |
2191 | */ |
2192 | needs_reassembly = true1; |
2193 | conversation_state->eap_tls_seq++; |
2194 | |
2195 | eap_reass_cookie = conversation_state->eap_reass_cookie; |
2196 | eap_tls_seq = conversation_state->eap_tls_seq; |
2197 | } else if (more_fragments && has_length) { |
2198 | /* |
2199 | * This message has the Fragment flag set, so it requires |
2200 | * reassembly. It's the message containing the first |
2201 | * fragment (if it's a later fragment, the sequence |
2202 | * number in the conversation state would not be -1). |
2203 | * |
2204 | * If it doesn't include a length, however, we can't |
2205 | * do reassembly (either the message is in error, as |
2206 | * the first fragment *must* contain a length, or we |
2207 | * didn't capture the first fragment, and this just |
2208 | * happens to be the first fragment we saw), so we |
2209 | * also check that we have a length; |
2210 | */ |
2211 | needs_reassembly = true1; |
2212 | conversation_state->eap_reass_cookie = pinfo->num; |
2213 | |
2214 | /* |
2215 | * Start the reassembly sequence number at 0. |
2216 | */ |
2217 | conversation_state->eap_tls_seq = 0; |
2218 | |
2219 | eap_tls_seq = conversation_state->eap_tls_seq; |
2220 | eap_reass_cookie = conversation_state->eap_reass_cookie; |
2221 | } |
2222 | |
2223 | if (needs_reassembly) { |
2224 | /* |
2225 | * This frame requires reassembly; remember the reassembly |
2226 | * ID for subsequent accesses to it. |
2227 | */ |
2228 | packet_state = wmem_new(wmem_file_scope(), frame_state_t)((frame_state_t*)wmem_alloc((wmem_file_scope()), sizeof(frame_state_t ))); |
2229 | packet_state->info = eap_reass_cookie; |
2230 | p_add_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_FRAME_STATE | tls_group, packet_state); |
2231 | } |
2232 | } |
2233 | } else { |
2234 | /* |
2235 | * This frame has a reassembly cookie associated with it, so |
2236 | * it requires reassembly. We've already done the |
2237 | * reassembly in the first pass, so "fragment_add_seq()" |
2238 | * won't look at the sequence number; set it to 0. |
2239 | * |
2240 | * XXX - a frame isn't supposed to have more than one |
2241 | * EAP message in it, but if it includes both an EAP-TLS |
2242 | * message and a LEAP message, we might be mistakenly |
2243 | * concluding it requires reassembly because the "info" |
2244 | * field isn't -1. We could, I guess, pack both EAP-TLS |
2245 | * ID and LEAP state into the structure, but that doesn't |
2246 | * work if you have multiple EAP-TLS or LEAP messages in |
2247 | * the frame. |
2248 | * |
2249 | * But it's not clear how much work we should do to handle |
2250 | * a bogus message such as that; as long as we don't crash |
2251 | * or do something else equally horrible, we may not |
2252 | * have to worry about this at all. |
2253 | */ |
2254 | needs_reassembly = true1; |
2255 | eap_reass_cookie = packet_state->info; |
2256 | eap_tls_seq = 0; |
2257 | } |
2258 | |
2259 | /* |
2260 | We test here to see whether EAP-TLS packet |
2261 | carry fragmented of TLS data. |
2262 | |
2263 | If this is the case, we do reasembly below, |
2264 | otherwise we just call dissector. |
2265 | */ |
2266 | if (needs_reassembly) { |
2267 | fragment_head *fd_head; |
2268 | |
2269 | /* |
2270 | * Yes, this frame contains a fragment that requires |
2271 | * reassembly. |
2272 | */ |
2273 | save_fragmented = pinfo->fragmented; |
2274 | pinfo->fragmented = true1; |
2275 | fd_head = fragment_add_seq(&eap_tls_reassembly_table, |
2276 | tvb, offset, |
2277 | pinfo, eap_reass_cookie, NULL((void*)0), |
2278 | eap_tls_seq, |
2279 | size, |
2280 | more_fragments, 0); |
2281 | |
2282 | if (fd_head != NULL((void*)0)) { |
2283 | if (fd_head->reassembled_in == pinfo->num) { |
2284 | /* Reassembled */ |
2285 | proto_item* frag_tree_item; |
2286 | |
2287 | next_tvb = tvb_new_chain(tvb, fd_head->tvb_data); |
2288 | add_new_data_source(pinfo, next_tvb, "Reassembled EAP-TLS"); |
2289 | |
2290 | show_fragment_seq_tree(fd_head, &eap_tls_frag_items, |
2291 | eap_tree, pinfo, next_tvb, &frag_tree_item); |
2292 | |
2293 | /* |
2294 | * We're finished reassembing this frame. |
2295 | * Reinitialize the reassembly state. |
2296 | */ |
2297 | if (!pinfo->fd->visited) |
2298 | conversation_state->eap_tls_seq = -1; |
2299 | } else { |
2300 | ti = proto_tree_add_uint(eap_tree, hf_eap_tls_reassembled_in, tvb, |
2301 | 0, 0, fd_head->reassembled_in); |
2302 | proto_item_set_generated(ti); |
2303 | } |
2304 | } |
2305 | |
2306 | pinfo->fragmented = save_fragmented; |
2307 | |
2308 | } else { /* this data is NOT fragmented */ |
2309 | next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_len, size); |
2310 | } |
2311 | |
2312 | if (next_tvb) { |
2313 | switch (eap_type) { |
2314 | case EAP_TYPE_TTLS21: |
2315 | tls_set_appdata_dissector(tls_handle, pinfo, diameter_avps_handle); |
2316 | break; |
2317 | case EAP_TYPE_PEAP25: |
2318 | p_add_proto_data(pinfo->pool, pinfo, proto_eap, PROTO_DATA_EAP_TVB | tls_group, tvb); |
2319 | tls_set_appdata_dissector(tls_handle, pinfo, peap_handle); |
2320 | break; |
2321 | case EAP_TYPE_TEAP55: |
2322 | if (outer_tlvs) { /* https://www.rfc-editor.org/rfc/rfc7170.html#section-4.1 */ |
2323 | tvbuff_t *teap_tvb = tvb_new_subset_length(tvb, offset + size - outer_tlvs_length, outer_tlvs_length); |
2324 | call_dissector(teap_handle, teap_tvb, pinfo, eap_tree); |
2325 | if (size == outer_tlvs_length) goto skip_tls_dissector; |
2326 | next_tvb = tvb_new_subset_length(next_tvb, 0, size - outer_tlvs_length); |
2327 | } |
2328 | tls_set_appdata_dissector(tls_handle, pinfo, teap_handle); |
2329 | break; |
2330 | } |
2331 | call_dissector(tls_handle, next_tvb, pinfo, eap_tree); |
2332 | } |
2333 | } |
2334 | } |
2335 | skip_tls_dissector: |
2336 | break; /* EAP_TYPE_TLS */ |
2337 | |
2338 | /********************************************************************* |
2339 | Cisco's Lightweight EAP (LEAP) |
2340 | https://web.archive.org/web/20070623090417if_/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |
2341 | **********************************************************************/ |
2342 | case EAP_TYPE_LEAP17: |
2343 | { |
2344 | uint8_t count, namesize; |
2345 | |
2346 | /* Warn that this is an insecure EAP type. */ |
2347 | expert_add_info(pinfo, eap_type_item, &ei_eap_dictionary_attacks); |
2348 | |
2349 | /* Version (byte) */ |
2350 | proto_tree_add_item(eap_tree, hf_eap_leap_version, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2351 | offset += 1; |
2352 | |
2353 | /* Unused (byte) */ |
2354 | proto_tree_add_item(eap_tree, hf_eap_leap_reserved, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2355 | offset += 1; |
2356 | |
2357 | /* Count (byte) */ |
2358 | count = tvb_get_uint8(tvb, offset); |
2359 | proto_tree_add_item(eap_tree, hf_eap_leap_count, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2360 | offset += 1; |
2361 | |
2362 | /* Data (byte*Count) */ |
2363 | /* This part is state-dependent. */ |
2364 | |
2365 | if (!conversation_state) { |
2366 | // XXX expert info? LEAP is not expected within the EAP-Message within EAP-TTLS. |
2367 | break; |
2368 | } |
2369 | /* XXX - are duplicates possible (is_duplicate_id)? |
2370 | * If so, should we stop here to avoid modifying conversation_state? */ |
2371 | |
2372 | /* See if we've already remembered the state. */ |
2373 | packet_state = (frame_state_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_FRAME_STATE | tls_group); |
2374 | if (packet_state == NULL((void*)0)) { |
2375 | /* |
2376 | * We haven't - compute the state based on the current |
2377 | * state in the conversation. |
2378 | */ |
2379 | leap_state = conversation_state->leap_state; |
2380 | |
2381 | /* Advance the state machine. */ |
2382 | if (leap_state==0) leap_state = 1; else |
2383 | if (leap_state==1) leap_state = 2; else |
2384 | if (leap_state==2) leap_state = 3; else |
2385 | if (leap_state==3) leap_state = 4; else |
2386 | if (leap_state==4) leap_state = -1; |
2387 | |
2388 | /* |
2389 | * Remember the state for subsequent accesses to this |
2390 | * frame. |
2391 | */ |
2392 | packet_state = wmem_new(wmem_file_scope(), frame_state_t)((frame_state_t*)wmem_alloc((wmem_file_scope()), sizeof(frame_state_t ))); |
2393 | packet_state->info = leap_state; |
2394 | p_add_proto_data(wmem_file_scope(), pinfo, proto_eap, PROTO_DATA_EAP_FRAME_STATE | tls_group, packet_state); |
2395 | |
2396 | /* |
2397 | * Update the conversation's state. |
2398 | */ |
2399 | conversation_state->leap_state = leap_state; |
2400 | } |
2401 | |
2402 | /* Get the remembered state. */ |
2403 | leap_state = packet_state->info; |
2404 | |
2405 | switch (leap_state) { |
2406 | case 1: |
2407 | proto_tree_add_item(eap_tree, hf_eap_leap_peer_challenge, tvb, offset, count, ENC_NA0x00000000); |
2408 | break; |
2409 | |
2410 | case 2: |
2411 | proto_tree_add_item(eap_tree, hf_eap_leap_peer_response, tvb, offset, count, ENC_NA0x00000000); |
2412 | break; |
2413 | |
2414 | case 3: |
2415 | proto_tree_add_item(eap_tree, hf_eap_leap_ap_challenge, tvb, offset, count, ENC_NA0x00000000); |
2416 | break; |
2417 | |
2418 | case 4: |
2419 | proto_tree_add_item(eap_tree, hf_eap_leap_ap_response, tvb, offset, count, ENC_NA0x00000000); |
2420 | break; |
2421 | |
2422 | default: |
2423 | proto_tree_add_item(eap_tree, hf_eap_leap_data, tvb, offset, count, ENC_NA0x00000000); |
2424 | break; |
2425 | } |
2426 | |
2427 | offset += count; |
2428 | |
2429 | /* Name (Length-(8+Count)) */ |
2430 | namesize = eap_len - (8+count); |
2431 | proto_tree_add_item(eap_tree, hf_eap_leap_name, tvb, offset, namesize, ENC_ASCII0x00000000); |
2432 | } |
2433 | |
2434 | break; /* EAP_TYPE_LEAP */ |
2435 | |
2436 | /********************************************************************* |
2437 | EAP-MSCHAPv2 - draft-kamath-pppext-eap-mschapv2-00.txt |
2438 | **********************************************************************/ |
2439 | case EAP_TYPE_MSCHAPV226: |
2440 | dissect_eap_mschapv2(eap_tree, tvb, pinfo, offset, size); |
2441 | break; /* EAP_TYPE_MSCHAPV2 */ |
2442 | |
2443 | /********************************************************************* |
2444 | EAP-SIM - draft-haverinen-pppext-eap-sim-13.txt |
2445 | **********************************************************************/ |
2446 | case EAP_TYPE_SIM18: |
2447 | dissect_eap_sim(eap_tree, tvb, pinfo, offset, size); |
2448 | break; /* EAP_TYPE_SIM */ |
2449 | |
2450 | /********************************************************************* |
2451 | EAP-AKA - draft-arkko-pppext-eap-aka-12.txt |
2452 | **********************************************************************/ |
2453 | case EAP_TYPE_AKA23: |
2454 | case EAP_TYPE_AKA_PRIME50: |
2455 | dissect_eap_aka(eap_tree, tvb, pinfo, offset, size); |
2456 | break; /* EAP_TYPE_AKA */ |
2457 | |
2458 | /********************************************************************* |
2459 | EAP Expanded Type |
2460 | **********************************************************************/ |
2461 | case EAP_TYPE_EXT254: |
2462 | { |
2463 | proto_tree *exptree; |
2464 | |
2465 | exptree = proto_tree_add_subtree(eap_tree, tvb, offset, size, ett_eap_exp_attr, NULL((void*)0), "Expanded Type"); |
2466 | dissect_exteap(exptree, tvb, offset, size, pinfo, eap_code, eap_identifier); |
2467 | } |
2468 | break; |
2469 | |
2470 | /********************************************************************* |
2471 | EAP-PAX - RFC 4746 |
2472 | **********************************************************************/ |
2473 | case EAP_TYPE_PAX46: |
2474 | dissect_eap_pax(eap_tree, tvb, pinfo, offset, size); |
2475 | break; /* EAP_TYPE_PAX */ |
2476 | |
2477 | /********************************************************************* |
2478 | EAP-PSK - RFC 4764 |
2479 | **********************************************************************/ |
2480 | case EAP_TYPE_PSK47: |
2481 | dissect_eap_psk(eap_tree, tvb, pinfo, offset, size); |
2482 | break; /* EAP_TYPE_PSK */ |
2483 | |
2484 | /********************************************************************* |
2485 | EAP-SAKE - RFC 4763 |
2486 | **********************************************************************/ |
2487 | case EAP_TYPE_SAKE48: |
2488 | dissect_eap_sake(eap_tree, tvb, pinfo, offset, size); |
2489 | break; /* EAP_TYPE_SAKE */ |
2490 | |
2491 | /********************************************************************* |
2492 | EAP-GPSK - RFC 5433 |
2493 | **********************************************************************/ |
2494 | case EAP_TYPE_GPSK51: |
2495 | dissect_eap_gpsk(eap_tree, tvb, pinfo, offset, size); |
2496 | break; /* EAP_TYPE_GPSK */ |
2497 | |
2498 | /********************************************************************* |
2499 | EAP-IKEv2 - RFC 5106 |
2500 | **********************************************************************/ |
2501 | case EAP_TYPE_IKEV249: |
2502 | { |
2503 | bool_Bool more_fragments; |
2504 | bool_Bool has_length; |
2505 | bool_Bool icv_present; |
2506 | |
2507 | /* Flags field, 1 byte */ |
2508 | ti = proto_tree_add_item(eap_tree, hf_eap_ikev2_flags, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
2509 | eap_tls_flags_tree = proto_item_add_subtree(ti, hf_eap_ikev2_flags); |
2510 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_ikev2_flag_l, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &has_length); |
2511 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_ikev2_flag_m, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &more_fragments); |
2512 | proto_tree_add_item_ret_boolean(eap_tls_flags_tree, hf_eap_ikev2_flag_i, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &icv_present); |
2513 | |
2514 | size -= 1; |
2515 | offset += 1; |
2516 | |
2517 | /* Length field, 4 bytes, OPTIONAL. */ |
2518 | if (has_length) { |
2519 | proto_tree_add_item(eap_tree, hf_eap_ikev2_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
2520 | size -= 4; |
2521 | offset += 4; |
2522 | } |
2523 | |
2524 | if (size > 0) { |
2525 | tvbuff_t* next_tvb = NULL((void*)0); |
2526 | int tvb_len; |
2527 | |
2528 | tvb_len = tvb_captured_length_remaining(tvb, offset); |
2529 | if (size < tvb_len) { |
2530 | tvb_len = size; |
2531 | } |
2532 | |
2533 | if (has_length || more_fragments) { |
2534 | /* TODO: Add fragmentation support |
2535 | * Length of integrity check data needs to be determined in case of fragmentation. Chosen INTEG transform? |
2536 | */ |
2537 | } else { |
2538 | next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_len, size); |
2539 | unsigned tmp = call_dissector(isakmp_handle, next_tvb, pinfo, eap_tree); |
2540 | size -= tmp; |
2541 | offset += tmp; |
2542 | |
2543 | if (icv_present && size > 0) { |
2544 | /* We assume that all data present is integrity check data. We cannot detect too short/long right now. */ |
2545 | proto_tree_add_item(eap_tree, hf_eap_ikev2_int_chk_data, tvb, offset, size, ENC_NA0x00000000); |
2546 | } |
2547 | } |
2548 | } |
2549 | |
2550 | break; |
2551 | } /* EAP_TYPE_IKEV2 */ |
2552 | |
2553 | /********************************************************************* |
2554 | MS-Authentication-TLV - MS-PEAP section 2.2.8.1 |
2555 | **********************************************************************/ |
2556 | case EAP_TYPE_MSAUTH_TLV33: |
2557 | dissect_eap_msauth_tlv(eap_tree, tvb, pinfo, offset, size); |
2558 | break; /* EAP_TYPE_MSAUTH_TLV */ |
2559 | |
2560 | /********************************************************************* |
2561 | **********************************************************************/ |
2562 | default: |
2563 | proto_tree_add_item(eap_tree, hf_eap_data, tvb, offset, size, ENC_NA0x00000000); |
2564 | break; |
2565 | /********************************************************************* |
2566 | **********************************************************************/ |
2567 | } /* switch (eap_type) */ |
2568 | |
2569 | } |
2570 | |
2571 | } /* switch (eap_code) */ |
2572 | |
2573 | return tvb_captured_length(tvb); |
2574 | } |
2575 | |
2576 | void |
2577 | proto_register_eap(void) |
2578 | { |
2579 | static hf_register_info hf[] = { |
2580 | { &hf_eap_code, { |
2581 | "Code", "eap.code", |
2582 | FT_UINT8, BASE_DEC, VALS(eap_code_vals)((0 ? (const struct _value_string*)0 : ((eap_code_vals)))), 0x0, |
2583 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2584 | |
2585 | { &hf_eap_identifier, { |
2586 | "Id", "eap.id", |
2587 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2588 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2589 | |
2590 | { &hf_eap_len, { |
2591 | "Length", "eap.len", |
2592 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
2593 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2594 | |
2595 | { &hf_eap_type, { |
2596 | "Type", "eap.type", |
2597 | FT_UINT8, BASE_DEC|BASE_EXT_STRING0x00000200, &eap_type_vals_ext, 0x0, |
2598 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2599 | |
2600 | { &hf_eap_type_nak, { |
2601 | "Desired Auth Type", "eap.desired_type", |
2602 | FT_UINT8, BASE_DEC|BASE_EXT_STRING0x00000200, &eap_type_vals_ext, 0x0, |
2603 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2604 | |
2605 | { &hf_eap_identity, { |
2606 | "Identity", "eap.identity", |
2607 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2608 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2609 | |
2610 | { &hf_eap_identity_prefix, { |
2611 | "Identity Prefix", "eap.identity.prefix", |
2612 | FT_CHAR, BASE_HEX, NULL((void*)0), 0x0, |
2613 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2614 | |
2615 | { &hf_eap_identity_type, { |
2616 | "Identity Type", "eap.identity.type", |
2617 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2618 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2619 | |
2620 | { &hf_eap_identity_full, { |
2621 | "Identity (Full)", "eap.identity.full", |
2622 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2623 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2624 | |
2625 | { &hf_eap_identity_certificate_sn, { |
2626 | "Certificate Serial Number", "eap.identity.cert_sn", |
2627 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2628 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2629 | |
2630 | { &hf_eap_identity_mcc, { |
2631 | "Identity Mobile Country Code", "eap.identity.mcc", |
2632 | FT_UINT16, BASE_DEC|BASE_EXT_STRING0x00000200, &E212_codes_ext, 0x0, NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2633 | |
2634 | { &hf_eap_identity_mcc_mnc_2digits, { |
2635 | "Identity Mobile Network Code", "eap.identity.mnc", |
2636 | FT_UINT16, BASE_DEC|BASE_EXT_STRING0x00000200, &mcc_mnc_2digits_codes_ext, 0x0, NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2637 | |
2638 | { &hf_eap_identity_mcc_mnc_3digits, { |
2639 | "Identity Mobile Network Code", "eap.identity.mnc", |
2640 | FT_UINT16, BASE_DEC|BASE_EXT_STRING0x00000200, &mcc_mnc_3digits_codes_ext, 0x0, NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2641 | |
2642 | { &hf_eap_identity_padding, { |
2643 | "Padding", "eap.identity.padding", |
2644 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2645 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2646 | |
2647 | { &hf_eap_identity_actual_len, { |
2648 | "Identity Actual Length", "eap.identity.actual_len", |
2649 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
2650 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2651 | |
2652 | { &hf_eap_notification, { |
2653 | "Notification", "eap.notification", |
2654 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2655 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2656 | |
2657 | { &hf_eap_md5_value_size, { |
2658 | "EAP-MD5 Value-Size", "eap.md5.value_size", |
2659 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2660 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2661 | |
2662 | { &hf_eap_md5_value, { |
2663 | "EAP-MD5 Value", "eap.md5.value", |
2664 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2665 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2666 | |
2667 | { &hf_eap_md5_extra_data, { |
2668 | "EAP-MD5 Extra Data", "eap.md5.extra_data", |
2669 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2670 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2671 | |
2672 | { &hf_eap_tls_flags, { |
2673 | "EAP-TLS Flags", "eap.tls.flags", |
2674 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
2675 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2676 | |
2677 | { &hf_eap_tls_flag_l, { |
2678 | "Length Included", "eap.tls.flags.len_included", |
2679 | FT_BOOLEAN, 8, NULL((void*)0), EAP_TLS_FLAG_L0x80, |
2680 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2681 | |
2682 | { &hf_eap_tls_flag_m, { |
2683 | "More Fragments", "eap.tls.flags.more_fragments", |
2684 | FT_BOOLEAN, 8, NULL((void*)0), EAP_TLS_FLAG_M0x40, |
2685 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2686 | |
2687 | { &hf_eap_tls_flag_s, { |
2688 | "Start", "eap.tls.flags.start", |
2689 | FT_BOOLEAN, 8, NULL((void*)0), EAP_TLS_FLAG_S0x20, |
2690 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2691 | |
2692 | { &hf_eap_tls_flag_o, { |
2693 | "Outer TLV Length Included", "eap.tls.flags.outer_tlv_len_included", |
2694 | FT_BOOLEAN, 8, NULL((void*)0), EAP_TLS_FLAG_O0x10, |
2695 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2696 | |
2697 | { &hf_eap_tls_flags_version, { |
2698 | "Version", "eap.tls.flags.version", |
2699 | FT_UINT8, BASE_DEC, NULL((void*)0), EAP_TLS_FLAGS_VERSION0x07, |
2700 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2701 | |
2702 | { &hf_eap_tls_len, { |
2703 | "EAP-TLS Length", "eap.tls.len", |
2704 | FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, |
2705 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2706 | |
2707 | { &hf_eap_tls_outer_tlvs_len, { |
2708 | "TEAP Outer TLVs Length", "eap.tls.outer_tlvs_len", |
2709 | FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, |
2710 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2711 | |
2712 | { &hf_eap_tls_fragment, { |
2713 | "EAP-TLS Fragment", "eap.tls.fragment", |
2714 | FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0, |
2715 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2716 | |
2717 | { &hf_eap_tls_fragments, { |
2718 | "EAP-TLS Fragments", "eap.tls.fragments", |
2719 | FT_NONE, BASE_NONE, NULL((void*)0), 0x0, |
2720 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2721 | |
2722 | { &hf_eap_tls_fragment_overlap, { |
2723 | "Fragment Overlap", "eap.tls.fragment.overlap", |
2724 | FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0, |
2725 | "Fragment overlaps with other fragments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2726 | |
2727 | { &hf_eap_tls_fragment_overlap_conflict, { |
2728 | "Conflicting Data In Fragment Overlap", "eap.tls.fragment.overlap_conflict", |
2729 | FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0, |
2730 | "Overlapping fragments contained conflicting data", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2731 | |
2732 | { &hf_eap_tls_fragment_multiple_tails, { |
2733 | "Multiple Tail Fragments Found", "eap.tls.fragment.multiple_tails", |
2734 | FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0, |
2735 | "Several tails were found when defragmenting the packet", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2736 | |
2737 | { &hf_eap_tls_fragment_too_long_fragment,{ |
2738 | "Fragment Too Long", "eap.tls.fragment.fragment.too_long", |
2739 | FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0, |
2740 | "Fragment contained data past end of packet", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2741 | |
2742 | { &hf_eap_tls_fragment_error, { |
2743 | "Defragmentation Error", "eap.tls.fragment.error", |
2744 | FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0, |
2745 | "Defragmentation error due to illegal fragments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2746 | |
2747 | { &hf_eap_tls_fragment_count, { |
2748 | "Fragment Count", "eap.tls.fragment.count", |
2749 | FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, |
2750 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2751 | |
2752 | { &hf_eap_tls_reassembled_in, { |
2753 | "Reassembled EAP-TLS PDU in frame", "eap.tls.reassembled_in", |
2754 | FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0, |
2755 | "A PDU with a fragment from this frame is reassembled in this frame", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
2756 | |
2757 | { &hf_eap_tls_reassembled_length, { |
2758 | "Reassembled EAP-TLS Length", "eap.tls.reassembled.len", |
2759 | FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, |
2760 | "Total length of the reassembled payload", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2761 | |
2762 | { &hf_eap_sim_subtype, { |
2763 | "EAP-SIM Subtype", "eap.sim.subtype", |
2764 | FT_UINT8, BASE_DEC, VALS(eap_sim_subtype_vals)((0 ? (const struct _value_string*)0 : ((eap_sim_subtype_vals )))), 0x0, |
2765 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2766 | |
2767 | { &hf_eap_sim_reserved, { |
2768 | "EAP-SIM Reserved", "eap.sim.reserved", |
2769 | FT_UINT16, BASE_HEX, NULL((void*)0), 0x0, |
2770 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2771 | |
2772 | { &hf_eap_sim_subtype_attribute, { |
2773 | "EAP-SIM Attribute", "eap.sim.subtype.attribute", |
2774 | FT_NONE, BASE_NONE, NULL((void*)0), 0x0, |
2775 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2776 | |
2777 | { &hf_eap_sim_subtype_type, { |
2778 | "EAP-SIM Type", "eap.sim.subtype.type", |
2779 | FT_UINT8, BASE_DEC|BASE_EXT_STRING0x00000200, &eap_sim_aka_attribute_vals_ext, 0x0, |
2780 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2781 | |
2782 | { &hf_eap_sim_subtype_length, { |
2783 | "EAP-SIM Length", "eap.sim.subtype.len", |
2784 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2785 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2786 | |
2787 | { &hf_eap_sim_notification_type, { |
2788 | "EAP-SIM Notification Type", "eap.sim.notification_type", |
2789 | FT_UINT16, BASE_DEC, VALS(eap_sim_aka_notification_vals)((0 ? (const struct _value_string*)0 : ((eap_sim_aka_notification_vals )))), 0x0, |
2790 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2791 | |
2792 | { &hf_eap_sim_error_code_type, { |
2793 | "EAP-SIM Error Code", "eap.sim.error_code", |
2794 | FT_UINT16, BASE_DEC, VALS(eap_sim_aka_client_error_codes)((0 ? (const struct _value_string*)0 : ((eap_sim_aka_client_error_codes )))), 0x0, |
2795 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2796 | |
2797 | { &hf_eap_sim_subtype_value, { |
2798 | "EAP-SIM Value", "eap.sim.subtype.value", |
2799 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2800 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2801 | |
2802 | { &hf_eap_aka_subtype, { |
2803 | "EAP-AKA Subtype", "eap.aka.subtype", |
2804 | FT_UINT8, BASE_DEC, VALS(eap_aka_subtype_vals)((0 ? (const struct _value_string*)0 : ((eap_aka_subtype_vals )))), 0x0, |
2805 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2806 | |
2807 | { &hf_eap_aka_reserved, { |
2808 | "EAP-AKA Reserved", "eap.aka.reserved", |
2809 | FT_UINT16, BASE_HEX, NULL((void*)0), 0x0, |
2810 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2811 | |
2812 | { &hf_eap_aka_subtype_attribute, { |
2813 | "EAP-AKA Attribute", "eap.aka.subtype.attribute", |
2814 | FT_NONE, BASE_NONE, NULL((void*)0), 0x0, |
2815 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2816 | |
2817 | { &hf_eap_aka_subtype_type, { |
2818 | "EAP-AKA Type", "eap.aka.subtype.type", |
2819 | FT_UINT8, BASE_DEC|BASE_EXT_STRING0x00000200, &eap_sim_aka_attribute_vals_ext, 0x0, |
2820 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2821 | |
2822 | { &hf_eap_aka_subtype_length, { |
2823 | "EAP-AKA Length", "eap.aka.subtype.len", |
2824 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2825 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2826 | |
2827 | { &hf_eap_aka_notification_type, { |
2828 | "EAP-AKA Notification Type", "eap.aka.notification_type", |
2829 | FT_UINT16, BASE_DEC, VALS(eap_sim_aka_notification_vals)((0 ? (const struct _value_string*)0 : ((eap_sim_aka_notification_vals )))), 0x0, |
2830 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2831 | |
2832 | { &hf_eap_aka_error_code_type, { |
2833 | "EAP-AKA Error Code", "eap.aka.error_code", |
2834 | FT_UINT16, BASE_DEC, VALS(eap_sim_aka_client_error_codes)((0 ? (const struct _value_string*)0 : ((eap_sim_aka_client_error_codes )))), 0x0, |
2835 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2836 | |
2837 | { &hf_eap_aka_rand, { |
2838 | "EAP-AKA RAND", "eap.aka.rand", |
2839 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2840 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2841 | |
2842 | { &hf_eap_aka_autn, { |
2843 | "EAP-AKA AUTN", "eap.aka.autn", |
2844 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2845 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2846 | |
2847 | { &hf_eap_aka_res_len, { |
2848 | "EAP-AKA RES Length", "eap.aka.res.len", |
2849 | FT_UINT16, BASE_DEC|BASE_UNIT_STRING0x00001000, UNS(&units_bit_bits)((0 ? (const struct unit_name_string*)0 : ((&units_bit_bits )))), 0x0, |
2850 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2851 | |
2852 | { &hf_eap_aka_res, { |
2853 | "EAP-AKA RES", "eap.aka.res", |
2854 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2855 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2856 | |
2857 | { &hf_eap_aka_auts, { |
2858 | "EAP-AKA AUTS", "eap.aka.auts", |
2859 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2860 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2861 | |
2862 | { &hf_eap_aka_subtype_value, { |
2863 | "EAP-AKA Value", "eap.aka.subtype.value", |
2864 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2865 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2866 | |
2867 | { &hf_eap_leap_version, { |
2868 | "EAP-LEAP Version", "eap.leap.version", |
2869 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2870 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2871 | |
2872 | { &hf_eap_leap_reserved, { |
2873 | "EAP-LEAP Reserved", "eap.leap.reserved", |
2874 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
2875 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2876 | |
2877 | { &hf_eap_leap_count, { |
2878 | "EAP-LEAP Count", "eap.leap.count", |
2879 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2880 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2881 | |
2882 | { &hf_eap_leap_peer_challenge, { |
2883 | "EAP-LEAP Peer-Challenge", "eap.leap.peer_challenge", |
2884 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2885 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2886 | |
2887 | { &hf_eap_leap_peer_response, { |
2888 | "EAP-LEAP Peer-Response", "eap.leap.peer_response", |
2889 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2890 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2891 | |
2892 | { &hf_eap_leap_ap_challenge, { |
2893 | "EAP-LEAP AP-Challenge", "eap.leap.ap_challenge", |
2894 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2895 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2896 | |
2897 | { &hf_eap_leap_ap_response, { |
2898 | "EAP-LEAP AP-Response", "eap.leap.ap_response", |
2899 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2900 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2901 | |
2902 | { &hf_eap_leap_data, { |
2903 | "EAP-LEAP Data", "eap.leap.data", |
2904 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2905 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2906 | |
2907 | { &hf_eap_leap_name, { |
2908 | "EAP-LEAP Name", "eap.leap.name", |
2909 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2910 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2911 | |
2912 | { &hf_eap_ms_chap_v2_opcode, { |
2913 | "EAP-MS-CHAP-v2 OpCode", "eap.ms_chap_v2.opcode", |
2914 | FT_UINT8, BASE_DEC, VALS(eap_ms_chap_v2_opcode_vals)((0 ? (const struct _value_string*)0 : ((eap_ms_chap_v2_opcode_vals )))), 0x0, |
2915 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2916 | |
2917 | { &hf_eap_ms_chap_v2_id, { |
2918 | "EAP-MS-CHAP-v2 Id", "eap.ms_chap_v2.id", |
2919 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2920 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2921 | |
2922 | { &hf_eap_ms_chap_v2_length, { |
2923 | "EAP-MS-CHAP-v2 Length", "eap.ms_chap_v2.length", |
2924 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
2925 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2926 | |
2927 | { &hf_eap_ms_chap_v2_value_size, { |
2928 | "EAP-MS-CHAP-v2 Value-Size", "eap.ms_chap_v2.value_size", |
2929 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
2930 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2931 | |
2932 | { &hf_eap_ms_chap_v2_challenge, { |
2933 | "EAP-MS-CHAP-v2 Challenge", "eap.ms_chap_v2.challenge", |
2934 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2935 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2936 | |
2937 | { &hf_eap_ms_chap_v2_name, { |
2938 | "EAP-MS-CHAP-v2 Name", "eap.ms_chap_v2.name", |
2939 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2940 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2941 | |
2942 | { &hf_eap_ms_chap_v2_peer_challenge, { |
2943 | "EAP-MS-CHAP-v2 Peer-Challenge", "eap.ms_chap_v2.peer_challenge", |
2944 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2945 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2946 | |
2947 | { &hf_eap_ms_chap_v2_reserved, { |
2948 | "EAP-MS-CHAP-v2 Reserved", "eap.ms_chap_v2.reserved", |
2949 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2950 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2951 | |
2952 | { &hf_eap_ms_chap_v2_nt_response, { |
2953 | "EAP-MS-CHAP-v2 NT-Response", "eap.ms_chap_v2.nt_response", |
2954 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2955 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2956 | |
2957 | { &hf_eap_ms_chap_v2_flags, { |
2958 | "EAP-MS-CHAP-v2 Flags", "eap.ms_chap_v2.flags", |
2959 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
2960 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2961 | |
2962 | { &hf_eap_ms_chap_v2_response, { |
2963 | "EAP-MS-CHAP-v2 Response (Unknown Length)", "eap.ms_chap_v2.response", |
2964 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2965 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2966 | |
2967 | { &hf_eap_ms_chap_v2_message, { |
2968 | "EAP-MS-CHAP-v2 Message", "eap.ms_chap_v2.message", |
2969 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2970 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2971 | |
2972 | { &hf_eap_ms_chap_v2_failure_request, { |
2973 | "EAP-MS-CHAP-v2 Failure-Request", "eap.ms_chap_v2.failure_request", |
2974 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
2975 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2976 | |
2977 | { &hf_eap_ms_chap_v2_data, { |
2978 | "EAP-MS-CHAP-v2 Data", "eap.ms_chap_v2.data", |
2979 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
2980 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2981 | |
2982 | { &hf_eap_pax_opcode, { |
2983 | "EAP-PAX OP-Code", "eap.pax.opcode", |
2984 | FT_UINT8, BASE_HEX, VALS(eap_pax_opcode_vals)((0 ? (const struct _value_string*)0 : ((eap_pax_opcode_vals) ))), 0x0, |
2985 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2986 | |
2987 | { &hf_eap_pax_flags, { |
2988 | "EAP-PAX Flags", "eap.pax.flags", |
2989 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
2990 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2991 | |
2992 | { &hf_eap_pax_flags_mf, { |
2993 | "more fragments", "eap.pax.flags.mf", |
2994 | FT_BOOLEAN, 8, NULL((void*)0), EAP_PAX_FLAG_MF0x01, |
2995 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
2996 | |
2997 | { &hf_eap_pax_flags_ce, { |
2998 | "certificate enabled", "eap.pax.flags.ce", |
2999 | FT_BOOLEAN, 8, NULL((void*)0), EAP_PAX_FLAG_CE0x02, |
3000 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3001 | |
3002 | { &hf_eap_pax_flags_ai, { |
3003 | "ADE Included", "eap.pax.flags.ai", |
3004 | FT_BOOLEAN, 8, NULL((void*)0), EAP_PAX_FLAG_AI0x04, |
3005 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3006 | |
3007 | { &hf_eap_pax_flags_reserved, { |
3008 | "reserved", "eap.pax.flags.reserved", |
3009 | FT_BOOLEAN, 8, NULL((void*)0), EAP_PAX_FLAG_RESERVED0xF8, |
3010 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3011 | |
3012 | { &hf_eap_pax_mac_id, { |
3013 | "EAP-PAX MAC ID", "eap.pax.mac_id", |
3014 | FT_UINT8, BASE_HEX, VALS(eap_pax_mac_id_vals)((0 ? (const struct _value_string*)0 : ((eap_pax_mac_id_vals) ))), 0x0, |
3015 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3016 | |
3017 | { &hf_eap_pax_dh_group_id, { |
3018 | "EAP-PAX DH Group ID", "eap.pax.dh_group_id", |
3019 | FT_UINT8, BASE_HEX, VALS(eap_pax_dh_group_id_vals)((0 ? (const struct _value_string*)0 : ((eap_pax_dh_group_id_vals )))), 0x0, |
3020 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3021 | |
3022 | { &hf_eap_pax_public_key_id, { |
3023 | "EAP-PAX Public Key ID", "eap.pax.public_key_id", |
3024 | FT_UINT8, BASE_HEX, VALS(eap_pax_public_key_id_vals)((0 ? (const struct _value_string*)0 : ((eap_pax_public_key_id_vals )))), 0x0, |
3025 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3026 | |
3027 | { &hf_eap_pax_a_len, { |
3028 | "EAP-PAX A len", "eap.pax.a.len", |
3029 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3030 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3031 | |
3032 | { &hf_eap_pax_a, { |
3033 | "EAP-PAX A", "eap.pax.a", |
3034 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3035 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3036 | |
3037 | { &hf_eap_pax_b_len, { |
3038 | "EAP-PAX B len", "eap.pax.b.len", |
3039 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3040 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3041 | |
3042 | { &hf_eap_pax_b, { |
3043 | "EAP-PAX B", "eap.pax.b", |
3044 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3045 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3046 | |
3047 | { &hf_eap_pax_cid_len, { |
3048 | "EAP-PAX CID len", "eap.pax.cid.len", |
3049 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3050 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3051 | |
3052 | { &hf_eap_pax_cid, { |
3053 | "EAP-PAX CID", "eap.pax.cid", |
3054 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3055 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3056 | |
3057 | { &hf_eap_pax_mac_ck_len, { |
3058 | "EAP-PAX MAC_CK len", "eap.pax.mac_ck.len", |
3059 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3060 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3061 | |
3062 | { &hf_eap_pax_mac_ck, { |
3063 | "EAP-PAX MAC_CK", "eap.pax.mac_ck", |
3064 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3065 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3066 | |
3067 | { &hf_eap_pax_ade_len, { |
3068 | "EAP-PAX ADE len", "eap.pax.ade.len", |
3069 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3070 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3071 | |
3072 | { &hf_eap_pax_ade, { |
3073 | "EAP-PAX ADE", "eap.pax.ade", |
3074 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3075 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3076 | |
3077 | { &hf_eap_pax_mac_icv, { |
3078 | "EAP-PAX ICV", "eap.pax.icv", |
3079 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3080 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3081 | |
3082 | { &hf_eap_psk_flags, { |
3083 | "EAP-PSK Flags", "eap.psk.flags", |
3084 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
3085 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3086 | |
3087 | { &hf_eap_psk_flags_t, { |
3088 | "T", "eap.psk.flags.t", |
3089 | FT_UINT8, BASE_HEX, NULL((void*)0), EAP_PSK_FLAGS_T_MASK0xC0, |
3090 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3091 | |
3092 | { &hf_eap_psk_flags_reserved, { |
3093 | "Reserved", "eap.psk.flags.reserved", |
3094 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x3F, |
3095 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3096 | |
3097 | { &hf_eap_psk_rand_p, { |
3098 | "EAP-PSK RAND_P", "eap.psk.rand_p", |
3099 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3100 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3101 | |
3102 | { &hf_eap_psk_rand_s, { |
3103 | "EAP-PSK RAND_S", "eap.psk.rand_s", |
3104 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3105 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3106 | |
3107 | { &hf_eap_psk_mac_p, { |
3108 | "EAP-PSK MAC_P", "eap.psk.mac_p", |
3109 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3110 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3111 | |
3112 | { &hf_eap_psk_mac_s, { |
3113 | "EAP-PSK MAC_S", "eap.psk.mac_s", |
3114 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3115 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3116 | |
3117 | { &hf_eap_psk_id_p, { |
3118 | "EAP-PSK ID_P", "eap.psk.id_p", |
3119 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3120 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3121 | |
3122 | { &hf_eap_psk_id_s, { |
3123 | "EAP-PSK ID_S", "eap.psk.id_s", |
3124 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3125 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3126 | |
3127 | { &hf_eap_psk_pchannel, { |
3128 | "EAP-PSK Protected Channel (encrypted)", "eap.psk.pchannel", |
3129 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3130 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3131 | |
3132 | { &hf_eap_sake_version, { |
3133 | "EAP-SAKE Version", "eap.sake.version", |
3134 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
3135 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3136 | |
3137 | { &hf_eap_sake_session_id, { |
3138 | "EAP-SAKE Session ID", "eap.sake.session_id", |
3139 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
3140 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3141 | |
3142 | { &hf_eap_sake_subtype, { |
3143 | "EAP-SAKE Subtype", "eap.sake.subtype", |
3144 | FT_UINT8, BASE_HEX, VALS(eap_sake_subtype_vals)((0 ? (const struct _value_string*)0 : ((eap_sake_subtype_vals )))), 0x0, |
3145 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3146 | |
3147 | { &hf_eap_sake_attr_type, { |
3148 | "Attribute Type", "eap.sake.attr.type", |
3149 | FT_UINT8, BASE_HEX, VALS(eap_sake_attr_type_vals)((0 ? (const struct _value_string*)0 : ((eap_sake_attr_type_vals )))), 0x0, |
3150 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3151 | |
3152 | { &hf_eap_sake_attr_len, { |
3153 | "Attribute Length", "eap.sake.attr.len", |
3154 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
3155 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3156 | |
3157 | { &hf_eap_sake_attr_value, { |
3158 | "Attribute Value", "eap.sake.attr.val", |
3159 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3160 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3161 | |
3162 | { &hf_eap_sake_attr_value_str, { |
3163 | "Attribute Value", "eap.sake.attr.val_str", |
3164 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3165 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3166 | |
3167 | { &hf_eap_sake_attr_value_uint48, { |
3168 | "Attribute Value", "eap.sake.attr.val_uint48", |
3169 | FT_UINT48, BASE_DEC, NULL((void*)0), 0x0, |
3170 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3171 | |
3172 | { &hf_eap_gpsk_opcode, { |
3173 | "EAP-GPSK OP-Code", "eap.gpsk.opcode", |
3174 | FT_UINT8, BASE_HEX, VALS(eap_gpsk_opcode_vals)((0 ? (const struct _value_string*)0 : ((eap_gpsk_opcode_vals )))), 0x0, |
3175 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3176 | |
3177 | { &hf_eap_gpsk_id_server_len, { |
3178 | "EAP-GPSK ID_Server len", "eap.gpsk.id_server.len", |
3179 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3180 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3181 | |
3182 | { &hf_eap_gpsk_id_server, { |
3183 | "EAP-GPSK ID_Server", "eap.gpsk.id_server", |
3184 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3185 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3186 | |
3187 | { &hf_eap_gpsk_id_peer_len, { |
3188 | "EAP-GPSK ID_Peer len", "eap.gpsk.id_peer.len", |
3189 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3190 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3191 | |
3192 | { &hf_eap_gpsk_id_peer, { |
3193 | "EAP-GPSK ID_Peer", "eap.gpsk.id_peer", |
3194 | FT_STRING, BASE_NONE, NULL((void*)0), 0x0, |
3195 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3196 | |
3197 | { &hf_eap_gpsk_rand_server, { |
3198 | "EAP-GPSK Rand_Server", "eap.gpsk.rand_server", |
3199 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3200 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3201 | |
3202 | { &hf_eap_gpsk_rand_peer, { |
3203 | "EAP-GPSK Rand_Peer", "eap.gpsk.rand_peer", |
3204 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3205 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3206 | |
3207 | { &hf_eap_gpsk_csuite_list_len, { |
3208 | "Len", "eap.gpsk.csuite_list_len", |
3209 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3210 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3211 | |
3212 | { &hf_eap_gpsk_csuite_vendor, { |
3213 | "Vendor", "eap.gpsk.csuite.vendor", |
3214 | FT_UINT32, BASE_HEX, NULL((void*)0), 0x0, |
3215 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3216 | |
3217 | { &hf_eap_gpsk_csuite_specifier, { |
3218 | "Specifier", "eap.gpsk.csuite.specifier", |
3219 | FT_UINT16, BASE_HEX, NULL((void*)0), 0x0, |
3220 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3221 | |
3222 | { &hf_eap_gpsk_pd_payload_len, { |
3223 | "EAP-GPSK PD_Payload len", "eap.gpsk.pd_payload.len", |
3224 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3225 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3226 | |
3227 | { &hf_eap_gpsk_pd_payload, { |
3228 | "EAP-GPSK PD_Payload", "eap.gpsk.pd_payload", |
3229 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3230 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3231 | |
3232 | { &hf_eap_gpsk_payload_mac, { |
3233 | "EAP-GPSK Payload MAC", "eap.gpsk.payload_mac", |
3234 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3235 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3236 | |
3237 | { &hf_eap_gpsk_failure_code, { |
3238 | "EAP-GPSK Failure code", "eap.gpsk.failure_code", |
3239 | FT_UINT32, BASE_HEX, VALS(eap_gpsk_failure_code_vals)((0 ? (const struct _value_string*)0 : ((eap_gpsk_failure_code_vals )))), 0x0, |
3240 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3241 | |
3242 | { &hf_eap_data, { |
3243 | "EAP Data", "eap.data", |
3244 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3245 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3246 | |
3247 | { &hf_eap_fast_type, { |
3248 | "EAP-FAST Type", "eap.fast.type", |
3249 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3250 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3251 | |
3252 | { &hf_eap_fast_length, { |
3253 | "EAP-FAST Length", "eap.fast.length", |
3254 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x0, |
3255 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3256 | |
3257 | { &hf_eap_fast_aidd, { |
3258 | "Authority ID Data", "eap.fast.authority_id_data", |
3259 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3260 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3261 | |
3262 | { &hf_eap_msauth_tlv_mandatory, { |
3263 | "Mandatory", "eap.msauth-tlv.mandatory", |
3264 | FT_BOOLEAN, 16, NULL((void*)0), MSAUTH_TLV_MANDATORY0x8000, |
3265 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3266 | |
3267 | { &hf_eap_msauth_tlv_reserved, { |
3268 | "Reserved", "eap.msauth-tlv.reserved", |
3269 | FT_BOOLEAN, 16, NULL((void*)0), MSAUTH_TLV_RESERVED0x4000, |
3270 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3271 | |
3272 | { &hf_eap_msauth_tlv_type, { |
3273 | "Type", "eap.msauth-tlv.type", |
3274 | FT_UINT16, BASE_DEC, VALS(eap_msauth_tlv_type_vals)((0 ? (const struct _value_string*)0 : ((eap_msauth_tlv_type_vals )))), MSAUTH_TLV_TYPE0x3FFF, |
3275 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3276 | |
3277 | { &hf_eap_msauth_tlv_len, { |
3278 | "Length", "eap.msauth-tlv.len", |
3279 | FT_UINT16, BASE_DEC, NULL((void*)0), 0x00, |
3280 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3281 | |
3282 | { &hf_eap_msauth_tlv_val, { |
3283 | "Value", "eap.msauth-tlv.val", |
3284 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3285 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3286 | |
3287 | { &hf_eap_msauth_tlv_status, { |
3288 | "Status", "eap.msauth-tlv.status", |
3289 | FT_UINT16, BASE_DEC, VALS(eap_msauth_tlv_status_vals)((0 ? (const struct _value_string*)0 : ((eap_msauth_tlv_status_vals )))), 0x0, |
3290 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3291 | |
3292 | { &hf_eap_msauth_tlv_crypto_reserved, { |
3293 | "Reserved", "eap.msauth-tlv.crypto.reserved", |
3294 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
3295 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3296 | |
3297 | { &hf_eap_msauth_tlv_crypto_version, { |
3298 | "Version", "eap.msauth-tlv.crypto.version", |
3299 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
3300 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3301 | |
3302 | { &hf_eap_msauth_tlv_crypto_rcv_version, { |
3303 | "Received Version", "eap.msauth-tlv.crypto.received-version", |
3304 | FT_UINT8, BASE_DEC, NULL((void*)0), 0x0, |
3305 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3306 | |
3307 | { &hf_eap_msauth_tlv_crypto_subtype, { |
3308 | "Subtype", "eap.msauth-tlv.crypto.subtype", |
3309 | FT_UINT8, BASE_DEC, VALS(eap_msauth_tlv_crypto_subtype_vals)((0 ? (const struct _value_string*)0 : ((eap_msauth_tlv_crypto_subtype_vals )))), 0x0, |
3310 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3311 | |
3312 | { &hf_eap_msauth_tlv_crypto_nonce, { |
3313 | "Nonce", "eap.msauth-tlv.crypto.nonce", |
3314 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3315 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3316 | |
3317 | { &hf_eap_msauth_tlv_crypto_cmac, { |
3318 | "Compound MAC", "eap.msauth-tlv.crypto.cmac", |
3319 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3320 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3321 | |
3322 | /* Expanded type fields */ |
3323 | { &hf_eap_ext_vendor_id, { |
3324 | "EAP-EXT Vendor Id", "eap.ext.vendor_id", |
3325 | FT_UINT24, BASE_HEX, VALS(eap_ext_vendor_id_vals)((0 ? (const struct _value_string*)0 : ((eap_ext_vendor_id_vals )))), 0x0, |
3326 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3327 | |
3328 | { &hf_eap_ext_vendor_type, { |
3329 | "EAP-EXT Vendor Type", "eap.ext.vendor_type", |
3330 | FT_UINT32, BASE_HEX, VALS(eap_ext_vendor_type_vals)((0 ? (const struct _value_string*)0 : ((eap_ext_vendor_type_vals )))), 0x0, |
3331 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }}, |
3332 | |
3333 | { &hf_eap_ikev2_flags, { |
3334 | "EAP-IKEv2 Flags", "eap.ikev2.flags", |
3335 | FT_UINT8, BASE_HEX, NULL((void*)0), 0x0, |
3336 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3337 | |
3338 | { &hf_eap_ikev2_flag_l, { |
3339 | "Length Included", "eap.ikve2.flags.len_included", |
3340 | FT_BOOLEAN, 8, NULL((void*)0), EAP_IKEV2_FLAG_L0x80, |
3341 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3342 | |
3343 | { &hf_eap_ikev2_flag_m, { |
3344 | "More Fragments", "eap.ikev2.flags.more_fragments", |
3345 | FT_BOOLEAN, 8, NULL((void*)0), EAP_IKEV2_FLAG_M0x40, |
3346 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3347 | |
3348 | { &hf_eap_ikev2_flag_i, { |
3349 | "Integrity Checksum Data present", "eap.ikev2.flags.icv_present", |
3350 | FT_BOOLEAN, 8, NULL((void*)0), EAP_IKEV2_FLAG_I0x20, |
3351 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3352 | |
3353 | { &hf_eap_ikev2_len, { |
3354 | "EAP-IKEv2 Length", "eap.ikev2.len", |
3355 | FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, |
3356 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3357 | |
3358 | { &hf_eap_ikev2_int_chk_data, { |
3359 | "EAP-IKEv2 Integrity Checksum Data", "eap.ikev2.integrity_checksum_data", |
3360 | FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, |
3361 | NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } }, |
3362 | }; |
3363 | static int *ett[] = { |
3364 | &ett_eap, |
3365 | &ett_eap_pax_flags, |
3366 | &ett_eap_psk_flags, |
3367 | &ett_eap_gpsk_csuite_list, |
3368 | &ett_eap_gpsk_csuite, |
3369 | &ett_eap_gpsk_csuite_sel, |
3370 | &ett_eap_sake_attr, |
3371 | &ett_eap_msauth_tlv, |
3372 | &ett_eap_msauth_tlv_tree, |
3373 | &ett_eap_tls_fragment, |
3374 | &ett_eap_tls_fragments, |
3375 | &ett_eap_sim_attr, |
3376 | &ett_eap_aka_attr, |
3377 | &ett_eap_exp_attr, |
3378 | &ett_eap_tls_flags, |
3379 | &ett_identity, |
3380 | &ett_eap_ikev2_flags, |
3381 | }; |
3382 | static ei_register_info ei[] = { |
3383 | { &ei_eap_ms_chap_v2_length, { "eap.ms_chap_v2.length.invalid", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid Length", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3384 | { &ei_eap_mitm_attacks, { "eap.mitm_attacks", PI_SECURITY0x0a000000, PI_WARN0x00600000, "Vulnerable to MITM attacks. If possible, change EAP type.", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3385 | { &ei_eap_md5_value_size_overflow, { "eap.md5.value_size.overflow", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Overflow", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3386 | { &ei_eap_dictionary_attacks, { "eap.dictionary_attacks", PI_SECURITY0x0a000000, PI_WARN0x00600000, |
3387 | "Vulnerable to dictionary attacks. If possible, change EAP type." |
3388 | " See http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/2331_pp.pdf", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3389 | { &ei_eap_identity_nonascii, { "eap.identity.nonascii", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Non-ASCII characters within identity", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3390 | { &ei_eap_identity_invalid, { "eap.identity.invalid", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid identity code", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3391 | { &ei_eap_retransmission, { "eap.retransmission", PI_SEQUENCE0x02000000, PI_NOTE0x00400000, "This packet is a retransmission", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3392 | { &ei_eap_bad_length, { "eap.bad_length", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Bad length (too small or too large)", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE , ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void *)0)}} }}, |
3393 | }; |
3394 | |
3395 | expert_module_t* expert_eap; |
3396 | |
3397 | proto_eap = proto_register_protocol("Extensible Authentication Protocol", |
3398 | "EAP", "eap"); |
3399 | proto_register_field_array(proto_eap, hf, array_length(hf)(sizeof (hf) / sizeof (hf)[0])); |
3400 | proto_register_subtree_array(ett, array_length(ett)(sizeof (ett) / sizeof (ett)[0])); |
3401 | expert_eap = expert_register_protocol(proto_eap); |
3402 | expert_register_field_array(expert_eap, ei, array_length(ei)(sizeof (ei) / sizeof (ei)[0])); |
3403 | |
3404 | eap_handle = register_dissector("eap", dissect_eap, proto_eap); |
3405 | |
3406 | reassembly_table_register(&eap_tls_reassembly_table, |
3407 | &addresses_reassembly_table_functions); |
3408 | |
3409 | eap_expanded_type_dissector_table = register_dissector_table("eap.ext.vendor_id", |
3410 | "EAP-EXT Vendor Id", |
3411 | proto_eap, FT_UINT24, |
3412 | BASE_HEX); |
3413 | |
3414 | } |
3415 | |
3416 | void |
3417 | proto_reg_handoff_eap(void) |
3418 | { |
3419 | /* |
3420 | * Get a handle for the SSL/TLS dissector. |
3421 | */ |
3422 | tls_handle = find_dissector_add_dependency("tls", proto_eap); |
3423 | diameter_avps_handle = find_dissector_add_dependency("diameter_avps", proto_eap); |
3424 | peap_handle = find_dissector_add_dependency("peap", proto_eap); |
3425 | teap_handle = find_dissector_add_dependency("teap", proto_eap); |
3426 | |
3427 | isakmp_handle = find_dissector_add_dependency("isakmp", proto_eap); |
3428 | |
3429 | dissector_add_uint("ppp.protocol", PPP_EAP0xc227, eap_handle); |
3430 | dissector_add_uint("eapol.type", EAPOL_EAP0, eap_handle); |
3431 | } |
3432 | /* |
3433 | * Editor modelines |
3434 | * |
3435 | * Local Variables: |
3436 | * c-basic-offset: 2 |
3437 | * tab-width: 8 |
3438 | * indent-tabs-mode: nil |
3439 | * End: |
3440 | * |
3441 | * ex: set shiftwidth=2 tabstop=8 expandtab: |
3442 | * :indentSize=2:tabSize=8:noTabs=true: |
3443 | */ |