[Ethereal-dev] [PATCH] EAP-TTLS and EAP-TLS are similar ...

Mon, 02 Feb 2004 15:07:15 -0800 

Current, when you trace a TTLS session, you won't see much.

With this patch you see more.


Background
----------
The Extended Authorization Protocol EAP is used by various things, but 
AFAIK mostly by the wireless authentication 802.1x. EAP defines loooots 
of sub-protocols.

EAP-TLS is an SSL-based authentication where both the supplicant (client) 
and authenticator (server) have their mutual SSL keys.

EAP-TTLS is more like your usualy web-browser setup. The supplicant has 
the ssl-public key from the authenticator, set's up an TLS session and 
checks the identity of the server. My patch allows this to be observed in 
Ethereal.

Once this is done, then inside the TLS connection another protocol, e.g. 
PAP, CHAP, MSCHAPv2 or even another full EAP checks the identity the 
client. I have no patch for this and no clue on how to do this :-)



Attached
--------
Patch
small dump a (failed) 802.1x session

-- 
MN-Logistik GmbH         http://www.mn-logistik.de
Holger Schurig
Dieselstr. 18
61191 Rosbach v.d.Höhe
Tel: (+49) 6003 9141 0   Fax: (+49) 6003 9141 49

#
# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher
#

--- ethereal/packet-eap.c~ttls
+++ ethereal/packet-eap.c
@@ -70,6 +70,7 @@
 #define EAP_TYPE_NAK    3
 #define EAP_TYPE_TLS	13
 #define EAP_TYPE_LEAP	17
+#define EAP_TYPE_TTLS	21
 
 static const value_string eap_type_vals[] = {
   {EAP_TYPE_ID,  "Identity [RFC2284]" },
@@ -92,7 +93,7 @@
   { 18,          "Nokia IP smart card authentication [Haverinen]" },
   { 19,          "SRP-SHA1 Part 1 [Carlson]" },
   { 20,          "SRP-SHA1 Part 2 [Carlson]" },
-  { 21,          "EAP-TTLS [Funk]" },
+  {EAP_TYPE_TTLS,"EAP-TTLS [Funk]" },
   { 22,          "Remote Access Service [Fields]" },
   { 23,          "UMTS Authentication and Key Agreement [Haverinen]" },
   { 24,          "EAP-3Com Wireless [Young]" },
@@ -431,6 +432,7 @@
       /*********************************************************************
                                   EAP-TLS
       **********************************************************************/
+      case EAP_TYPE_TTLS:
       case EAP_TYPE_TLS:
 	{
 	guint8 flags   = tvb_get_guint8(tvb, offset);

Attachment: dump
Description: Binary data

_______________________________________________
Ethereal-dev mailing list
[EMAIL PROTECTED]
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Reply via email to