eapaka.c

linux下 用来通过802.1x人证

    } else {
      free(imsi);
      imsi = NULL;
    }

  return XENONE;
}


int eapaka_process(struct generic_eap_data *thisint, u_char *dataoffs,
		   int insize, u_char *out, int *outsize)
{
  int packet_offset, outptr, i, value16, retsize, retval;
  struct typelength *typelen;
  struct typelengthres *typelenres;
  struct aka_eaptypedata *mydata;
  char *username, *framecpy, mac_val[16], mac_calc[20], reslen = 0, reallen;
  unsigned char sres[16];
  struct config_eap_aka *userdata;

  if ((!thisint) || (!thisint->eap_data))
    {
      debug_printf(DEBUG_NORMAL, "Invalid interface struct passed in to eapaka_process()!\n");
      return XEMALLOC;
    }

  mydata = (struct aka_eaptypedata *)thisint->eap_data;
  userdata = (struct config_eap_aka *)thisint->eap_conf_data;

  if (!userdata)
    {
      debug_printf(DEBUG_NORMAL, "Invalid user data struct in eapaka_process()!\n");
      return XEMALLOC;
    }

  if ((thisint->tempPwd == NULL) && (userdata->password == NULL))
    {
      thisint->need_password = 1;
      thisint->eaptype = strdup("EAP-AKA");
      thisint->eapchallenge = NULL;
      
      *outsize = 0;
      return XENONE;
    }

  // Make sure we have something to process...
  if (dataoffs == NULL) return XENONE;

  if (userdata->username == NULL)
    {
      username = thisint->identity;
    } else {
      username = userdata->username;
    }

  if ((userdata->password == NULL) && (thisint->tempPwd != NULL))
    {
      userdata->password = thisint->tempPwd;
      thisint->tempPwd = NULL;
    }

  *outsize = 0;
  outptr = 0;
  bzero(&mac_calc[0], 16);
  bzero(&mac_val[0], 16);

  switch (dataoffs[0])
    {
    case AKA_IDENTITY:
      debug_printf(DEBUG_AUTHTYPES, "Got AKA_IDENTITY!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_AUTHENTICATION_REJECT:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_AUTHENTICATION_REJECT!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_SYNC_FAILURE:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_SYNC_FAILURE!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!  (And, we should *NEVER* get this!\n");
      break;

    case AKA_NOTIFICATION:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_NOTIFICATION!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_REAUTHENTICATION:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_REAUTHENTICATION!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_CLIENT_ERROR:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_CLIENT_ERROR!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_CHALLENGE:
      debug_printf(DEBUG_AUTHTYPES, "Got AKA_CHALLENGE!\n");
      packet_offset = 3;

      typelen = (struct typelength *)&out[0];
      typelen->type = AKA_CHALLENGE;
      outptr = 3;

      while (packet_offset < insize)
	{
	  switch (dataoffs[packet_offset])
	    {
	    case AT_RAND:
	      retval = aka_do_at_rand(mydata, dataoffs, &packet_offset);
	      if (retval != XENONE) return retval;
	      break;

	    case AT_AUTN:
	      retval = aka_do_at_autn(mydata, dataoffs, &packet_offset);
	      if (retval != XENONE) return retval;
	      break;

	    case AT_IV:
	      debug_printf(DEBUG_AUTHTYPES, "Got an IV (Not supported)\n");
	      aka_skip_not_implemented(dataoffs, &packet_offset);
	      break;

	    case AT_MAC:
	      retval = aka_do_at_mac(thisint, mydata, dataoffs, insize, 
				     &packet_offset, username);
	      if (retval == XEAKASYNCFAIL)
		{
		  return aka_do_sync_fail(mydata, out, outsize);
		} else if (retval != XENONE) return retval;
	      break;
	    }
	}

      if ((reslen % 4) != 0)
	{
	  reallen = reslen + (reslen % 4);
	} else {
	  reallen = reslen;
	}

      // Build the challenge response.
      typelenres = (struct typelengthres *)&out[outptr];
      typelenres->type = AT_RES;
      typelenres->length = (reallen/4)+1;
      typelenres->reserved = htons(reslen*8);
      outptr += 4;

      memcpy((char *)&out[outptr], (char *)&sres[0], reslen);
      outptr += reslen;

      if (reallen > reslen)
	{
	  for (i=0;i<(reallen-reslen);i++)
	    {
	      out[outptr+i] = 0x00;
	    }
	  outptr += (reallen-reslen);
	}

      typelenres = (struct typelengthres *)&out[outptr];
      typelenres->type = AT_MAC;
      typelenres->length = 5;
      typelenres->reserved = 0x0000;
      outptr += 4;

      retsize = outptr+16+5;
      
      framecpy = (char *)malloc(retsize);
      if (framecpy == NULL) return XEMALLOC;

      framecpy[0] = 2;   // This is a response.
      framecpy[1] = thisint->eapid;
      value16 = retsize;
      value16 = htons(value16);

      memcpy((char *)&framecpy[2], &value16, 2);
      framecpy[4] = EAP_TYPE_AKA;
      
      memcpy((char *)&framecpy[5], out, retsize);
      debug_printf(DEBUG_AUTHTYPES, "Preframe :\n");
      debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);
      // Zero out the mac.
      bzero((char *)&framecpy[outptr+5], 16);
      debug_printf(DEBUG_AUTHTYPES, "Frame to hash : \n");
      debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);

      HMAC(EVP_sha1(), (char *)&mydata->K_aut[0], 16, framecpy, retsize, (char *)&mac_calc[0], &i);

      free(framecpy);
      framecpy = NULL;

      debug_printf(DEBUG_AUTHTYPES, "MAC = ");
      debug_hex_printf(DEBUG_AUTHTYPES, (char *)&mac_calc[0], 16);

      memcpy((char *)&out[outptr], (char *)&mac_calc[0], 16);

      // Then, calculate the MAC, and return it.
      outptr +=16;
      break;
	  
    default:
      debug_printf(DEBUG_NORMAL, "Unknown SubType value! (%d)\n", 
		   dataoffs[0]);
      break;
    }
  out[2] = 0;
  *outsize = outptr;

  return XENONE;
}

int eapaka_get_keys(struct interface_data *thisint)
{
  struct aka_eaptypedata *mydata;

  if ((!thisint) || (!thisint->userdata) || (!thisint->userdata->activemethod)
      || (!thisint->userdata->activemethod->eap_data))
    {
      debug_printf(DEBUG_NORMAL, "Invalid interface structure passed to eapaka_get_keys()!\n");
      return XEMALLOC;
    }

  mydata = (struct aka_eaptypedata *)thisint->userdata->activemethod->eap_data;
  if (thisint->keyingMaterial != NULL)
    {
      free(thisint->keyingMaterial);
    }

  thisint->keyingMaterial = (char *)malloc(64);
  if (thisint->keyingMaterial == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for keying material! (%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }

  memcpy(thisint->keyingMaterial, mydata->keyingMaterial, 64);
  thisint->keyingLength = 32;

  return XENONE;
}

int eapaka_failed(struct generic_eap_data *thisint)
{
  struct config_eap_aka *userdata;

  if ((!thisint) || (!thisint->eap_conf_data))
    {
      debug_printf(DEBUG_AUTHTYPES, "No valid configuration information in EAP-AKA!  Nothing to do!\n");
      return XEMALLOC;
    }

  userdata = (struct config_eap_aka *)thisint->eap_conf_data;

#ifndef NO_PWD_RESET
  if (userdata->password != NULL)
    {
      free(userdata->password);
      userdata->password = NULL;
    }
#endif

  return XENONE;
}

int eapaka_cleanup(struct generic_eap_data *thisint)
{
  struct aka_eaptypedata *mydata;

  debug_printf(DEBUG_AUTHTYPES, "(EAP-AKA) Cleaning up!\n");
  mydata = (struct aka_eaptypedata *)thisint->eap_data;

  sm_handler_close_sc(&mydata->shdl, &mydata->scntx);

  free(mydata);
  mydata = NULL;

  return XENONE;
}

#endif