|
|
@ -1,10 +1,16 @@
|
|
|
|
|
|
|
|
/* eslint-disable no-bitwise */
|
|
|
|
import * as events from 'events';
|
|
|
|
import * as events from 'events';
|
|
|
|
import * as tls from 'tls';
|
|
|
|
import * as tls from 'tls';
|
|
|
|
import { encodeTunnelPW, openTLSSockets, startTLSServer } from '../tls/crypt';
|
|
|
|
import { encodeTunnelPW, openTLSSockets, startTLSServer } from '../tls/crypt';
|
|
|
|
import { AdditionalAuthHandler, IResponseHandlers } from '../types/Handler';
|
|
|
|
import { AdditionalAuthHandler, ResponseAuthHandler } from '../types/Handler';
|
|
|
|
import { PAPChallenge } from './challenges/pap';
|
|
|
|
import { PAPChallenge } from './challenges/pap';
|
|
|
|
import { IEAPType } from '../types/EAPType';
|
|
|
|
import { IEAPType } from '../types/EAPType';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
interface IEAPResponseHandlers {
|
|
|
|
|
|
|
|
response: (respData?: Buffer, msgType?: number) => void;
|
|
|
|
|
|
|
|
checkAuth: ResponseAuthHandler;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
export class EAPTTLS implements IEAPType {
|
|
|
|
export class EAPTTLS implements IEAPType {
|
|
|
|
papChallenge: PAPChallenge;
|
|
|
|
papChallenge: PAPChallenge;
|
|
|
|
|
|
|
|
|
|
|
@ -12,23 +18,48 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
this.papChallenge = new PAPChallenge();
|
|
|
|
this.papChallenge = new PAPChallenge();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
handleMessage(msg: Buffer, state: string, handlers, identifier: number) {
|
|
|
|
decode(msg: Buffer) {
|
|
|
|
const flags = msg.slice(5, 6); // .toString('hex');
|
|
|
|
const flags = msg.slice(5, 6).readUInt8(0); // .toString('hex');
|
|
|
|
|
|
|
|
|
|
|
|
// if (flags)
|
|
|
|
// if (flags)
|
|
|
|
// @todo check if "L" flag is set in flags
|
|
|
|
// @todo check if "L" flag is set in flags
|
|
|
|
const msglength = msg.slice(6, 10).readInt32BE(0); // .toString('hex');
|
|
|
|
const decodedFlags = {
|
|
|
|
const data = msg.slice(6, msg.length); // 10); //.toString('hex');
|
|
|
|
lengthIncluded: flags & 0b010000000,
|
|
|
|
|
|
|
|
moreFragments: flags & 0b001000000,
|
|
|
|
|
|
|
|
start: flags & 0b000100000,
|
|
|
|
|
|
|
|
reserved: flags & 0b000011000,
|
|
|
|
|
|
|
|
version: flags & 0b010000111
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
let msglength;
|
|
|
|
|
|
|
|
if (decodedFlags.lengthIncluded) {
|
|
|
|
|
|
|
|
msglength = msg.slice(6, 10).readInt32BE(0); // .readDoubleLE(0); // .toString('hex');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
const data = msg.slice(decodedFlags.lengthIncluded ? 10 : 6, msg.length);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
|
|
|
decodedFlags,
|
|
|
|
|
|
|
|
msglength,
|
|
|
|
|
|
|
|
data
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
handleMessage(msg: Buffer, state: string, handlers, identifier: number) {
|
|
|
|
|
|
|
|
const { decodedFlags, msglength, data } = this.decode(msg);
|
|
|
|
|
|
|
|
|
|
|
|
// check if no data package is there and we have something in the queue, if so.. empty the queue first
|
|
|
|
// check if no data package is there and we have something in the queue, if so.. empty the queue first
|
|
|
|
if (!data) {
|
|
|
|
if (!data || data.length === 0) {
|
|
|
|
// @todo: queue processing
|
|
|
|
// @todo: queue processing
|
|
|
|
console.warn('no data, just a confirmation!');
|
|
|
|
console.warn(
|
|
|
|
|
|
|
|
`>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS, ACK / NACK (no data, just a confirmation, ID: ${identifier})`
|
|
|
|
|
|
|
|
);
|
|
|
|
return;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
console.log('incoming EAP TTLS', {
|
|
|
|
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS', {
|
|
|
|
flags /*
|
|
|
|
// flags: `00000000${flags.toString(2)}`.substr(-8),
|
|
|
|
|
|
|
|
decodedFlags,
|
|
|
|
|
|
|
|
identifier,
|
|
|
|
|
|
|
|
/*
|
|
|
|
0 1 2 3 4 5 6 7
|
|
|
|
0 1 2 3 4 5 6 7
|
|
|
|
+---+---+---+---+---+---+---+---+
|
|
|
|
+---+---+---+---+---+---+---+---+
|
|
|
|
| L | M | S | R | R | V |
|
|
|
|
| L | M | S | R | R | V |
|
|
|
@ -39,14 +70,15 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
S = Start
|
|
|
|
S = Start
|
|
|
|
R = Reserved
|
|
|
|
R = Reserved
|
|
|
|
V = Version (000 for EAP-TTLSv0)
|
|
|
|
V = Version (000 for EAP-TTLSv0)
|
|
|
|
*/,
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
msglength,
|
|
|
|
msglength,
|
|
|
|
data,
|
|
|
|
data,
|
|
|
|
dataStr: data.toString()
|
|
|
|
dataStr: data.toString()
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
let currentConnection = openTLSSockets.get(state) as
|
|
|
|
let currentConnection = openTLSSockets.get(state) as
|
|
|
|
| { events: events.EventEmitter; tls: tls.TLSSocket; currentHandlers: IResponseHandlers }
|
|
|
|
| { events: events.EventEmitter; tls: tls.TLSSocket; currentHandlers: IEAPResponseHandlers }
|
|
|
|
| undefined;
|
|
|
|
| undefined;
|
|
|
|
if (!currentConnection) {
|
|
|
|
if (!currentConnection) {
|
|
|
|
const connection = startTLSServer();
|
|
|
|
const connection = startTLSServer();
|
|
|
@ -71,12 +103,15 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
// pwd not found..
|
|
|
|
// pwd not found..
|
|
|
|
console.error('pwd not found', err);
|
|
|
|
console.error('pwd not found', err);
|
|
|
|
// NAK
|
|
|
|
// NAK
|
|
|
|
|
|
|
|
currentConnection!.currentHandlers.response(undefined, 3);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
this.sendEAPResponse(
|
|
|
|
this.sendEAPResponse(
|
|
|
|
currentConnection!.currentHandlers.response,
|
|
|
|
currentConnection!.currentHandlers.response,
|
|
|
|
identifier,
|
|
|
|
identifier,
|
|
|
|
undefined,
|
|
|
|
undefined,
|
|
|
|
3
|
|
|
|
3
|
|
|
|
);
|
|
|
|
); */
|
|
|
|
currentConnection!.events.emit('end');
|
|
|
|
currentConnection!.events.emit('end');
|
|
|
|
throw new Error(`pwd not found`);
|
|
|
|
throw new Error(`pwd not found`);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -85,16 +120,28 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
console.log('data', incomingData);
|
|
|
|
console.log('data', incomingData);
|
|
|
|
console.log('data str', incomingData.toString());
|
|
|
|
console.log('data str', incomingData.toString());
|
|
|
|
|
|
|
|
|
|
|
|
currentConnection!.events.emit('end');
|
|
|
|
// currentConnection!.events.emit('end');
|
|
|
|
throw new Error(`unsupported auth type${type}`);
|
|
|
|
|
|
|
|
|
|
|
|
console.log('UNSUPPORTED AUTH TYPE, requesting PAP');
|
|
|
|
|
|
|
|
// throw new Error(`unsupported auth type${type}`);
|
|
|
|
|
|
|
|
currentConnection!.currentHandlers.response(Buffer.from([1]), 3);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
this.sendEAPResponse(
|
|
|
|
|
|
|
|
currentConnection!.currentHandlers.response,
|
|
|
|
|
|
|
|
identifier,
|
|
|
|
|
|
|
|
Buffer.from([1]),
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
|
); */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
currentConnection.events.on('response', (responseData: Buffer) => {
|
|
|
|
currentConnection.events.on('response', (responseData: Buffer) => {
|
|
|
|
console.log('sending encrypted data back to client', responseData);
|
|
|
|
// console.log('sending encrypted data back to client', responseData);
|
|
|
|
|
|
|
|
|
|
|
|
// send back...
|
|
|
|
// send back...
|
|
|
|
this.sendEAPResponse(currentConnection!.currentHandlers.response, identifier, responseData);
|
|
|
|
currentConnection!.currentHandlers.response(responseData);
|
|
|
|
|
|
|
|
// this.sendEAPResponse(currentConnection!.currentHandlers.response, identifier, responseData);
|
|
|
|
// this.sendMessage(TYPE.PRELOGIN, data, false);
|
|
|
|
// this.sendMessage(TYPE.PRELOGIN, data, false);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
@ -103,13 +150,14 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
console.log('ENDING SOCKET');
|
|
|
|
console.log('ENDING SOCKET');
|
|
|
|
openTLSSockets.del(state);
|
|
|
|
openTLSSockets.del(state);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
} /* else {
|
|
|
|
console.log('using existing socket');
|
|
|
|
console.log('using existing socket');
|
|
|
|
}
|
|
|
|
} */
|
|
|
|
|
|
|
|
|
|
|
|
// update handlers
|
|
|
|
// update handlers
|
|
|
|
currentConnection.currentHandlers = {
|
|
|
|
currentConnection.currentHandlers = {
|
|
|
|
...handlers,
|
|
|
|
response: (respData?: Buffer, msgType?: number) =>
|
|
|
|
|
|
|
|
this.sendEAPResponse(handlers.response, identifier, respData, msgType),
|
|
|
|
checkAuth: (username: string, password: string) => {
|
|
|
|
checkAuth: (username: string, password: string) => {
|
|
|
|
const additionalAuthHandler: AdditionalAuthHandler = (success, params) => {
|
|
|
|
const additionalAuthHandler: AdditionalAuthHandler = (success, params) => {
|
|
|
|
const buffer = Buffer.from([
|
|
|
|
const buffer = Buffer.from([
|
|
|
@ -138,7 +186,7 @@ export class EAPTTLS implements IEAPType {
|
|
|
|
'ttls keying material'
|
|
|
|
'ttls keying material'
|
|
|
|
);
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
console.log('keyingMaterial', keyingMaterial);
|
|
|
|
// console.log('keyingMaterial', keyingMaterial);
|
|
|
|
|
|
|
|
|
|
|
|
// eapKeyData + len
|
|
|
|
// eapKeyData + len
|
|
|
|
params.attributes.push([
|
|
|
|
params.attributes.push([
|
|
|
|