eapsim.c

linux下 用来通过802.1x人证

  mydata->readers = sm_handler_get_readers(&mydata->scntx);
  if (mydata->readers == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't find any readers attached to the system!\n");
      return XESIMGENERR;
    }

  // Connect to the smart card.
  if (sm_handler_card_connect(&mydata->scntx, &mydata->shdl, mydata->readers) != 0)
    {
      debug_printf(DEBUG_NORMAL, "Error connecting to smart card reader!\n");
      return XESIMGENERR;
    }

  // Wait for up to 20 seconds for the smartcard to become ready.
  if (sm_handler_wait_card_ready(&mydata->shdl, 20) != 0)
    {
      debug_printf(DEBUG_NORMAL, "Smart Card wasn't ready after 20 seconds!\n");
      return XESIMGENERR;
    }

  imsi = sm_handler_2g_imsi(&mydata->shdl, mydata->card_mode, userdata->password);
  if (imsi == NULL)
    {
      debug_printf(DEBUG_NORMAL, "Error starting smart card, and getting IMSI!\n");
      return XESIMGENERR;
    }

  if (userdata->username == NULL)
    {
      userdata->username = imsi;
    } else {
      free(imsi);
      imsi = NULL;
    }

  return XENONE;
}

int eapsim_process(struct generic_eap_data *thisint, u_char *dataoffs,
		   int insize, u_char *out, int *outsize)
{
  int packet_offset, outptr, value16, retval;
  struct typelength *typelen;
  struct eaptypedata *mydata;
  char nsres[16], *username, mac_calc[16], K_int[16];
  struct config_eap_sim *userdata;

  if ((!thisint) || (!thisint->eap_data))
    {
      debug_printf(DEBUG_NORMAL, "Invalid interface struct passed in to eapsim_process()!\n");
      return XEMALLOC;
    }

  mydata = (struct eaptypedata *)thisint->eap_data;
  userdata = (struct config_eap_sim *)thisint->eap_conf_data;

  bzero(nsres, 16);

  if (!userdata)
    {
      debug_printf(DEBUG_NORMAL, "Invalid user data struct in eapsim_process()!\n");
      return XEMALLOC;
    }

  if ((thisint->tempPwd == NULL) && (userdata->password == NULL))
    {
      thisint->need_password = 1;
      thisint->eaptype = strdup("EAP-SIM");
      thisint->eapchallenge = NULL;
      
      *outsize = 0;
      return XENONE;
    }

  // Make sure we have something to process...
  if (dataoffs == NULL) return XENONE;

  if (userdata->username == NULL)
    {
      username = thisint->identity;
    } else {
      username = userdata->username;
    }

  if ((userdata->password == NULL) && (thisint->tempPwd != NULL))
    {
      userdata->password = thisint->tempPwd;
      thisint->tempPwd = NULL;
    }

  *outsize = 0;
  bzero(&mac_calc[0], 16);

  switch (dataoffs[0])
    {
    case SIM_START:
      retval = sim_build_start(mydata, out, &outptr);
      if (retval != XENONE) return retval;
      packet_offset = 3;
     
      // Process SIM value fields.
      while (packet_offset < insize)
	{
	  switch (dataoffs[packet_offset])
	    {
	    case AT_MAC:
	      debug_printf(DEBUG_NORMAL, "You cannot have an AT_MAC in a Start packet!\n");
	      return XESIMNOATMAC;

	    case AT_ANY_ID_REQ:
	    case AT_FULLAUTH_ID_REQ:
	    case AT_PERMANENT_ID_REQ:
	      retval = sim_build_fullauth(username, dataoffs, &packet_offset, 
					  out, &outptr);
	      if (retval != XENONE) return retval;
	      break;
	      
	    case AT_VERSION_LIST:
	      retval = sim_at_version_list(username, mydata, dataoffs, 
					   &packet_offset, out, &outptr);
	      if (retval != XENONE) return retval;
	      break;
	      
	    default:
	      debug_printf(DEBUG_NORMAL, "Unknown SIM type! (%02X)\n",
			   dataoffs[packet_offset]);
	      return XESIMBADTYPE;
	    }
	}
      // Write the length in the response header.
      value16 = htons(outptr);
      memcpy((char *)&out[1], &value16, 2); 
      *outsize = (outptr);
      break;

    case SIM_CHALLENGE:
      debug_printf(DEBUG_AUTHTYPES, "Got SIM_CHALLENGE!\n");
      packet_offset = 3;

      typelen = (struct typelength *)&out[0];
      typelen->type = SIM_CHALLENGE;
      outptr = 3;

      while (packet_offset < insize)
	{
	  switch (dataoffs[packet_offset])
	    {
	    case AT_RAND:
	      retval = sim_do_at_rand(mydata, username, (char *)&nsres, 
				      dataoffs, &packet_offset, out, &outptr, 
				      &K_int[0]);
	      if (retval != XENONE) return retval;
	      break;

	    case AT_IV:
	      debug_printf(DEBUG_AUTHTYPES, "Got an IV (Not supported)\n");
	      sim_skip_not_implemented(dataoffs, &packet_offset);
	      break;

	    case AT_ENCR_DATA:
	      debug_printf(DEBUG_AUTHTYPES, "Got an AT_ENCR_DATA (Not supported)\n");
	      sim_skip_not_implemented(dataoffs, &packet_offset);
	      break;

	    case AT_MAC:
	      retval = sim_do_at_mac(thisint, mydata, dataoffs, insize, 
				     &packet_offset, out, &outptr, &K_int[0]);
	      if (retval != XENONE) return retval;
	      break;
	    }
	}

      if (mydata->workingversion == 1)
	{
	  debug_printf(DEBUG_NORMAL, "nsres = ");
	  debug_hex_printf(DEBUG_NORMAL, nsres, 12);

	  retval = sim_do_v1_response(thisint, out, &outptr, (char *)&nsres, 
				      &K_int[0]);
	  if (retval != XENONE) return retval;
	}

      value16 = htons(outptr);
      memcpy((char *)&out[1], &value16, 2);

      *outsize = outptr;
      break;
	  
    case SIM_NOTIFICATION:
      debug_printf(DEBUG_NORMAL, "Got SIM_NOTIFICATION! (Unsupported)\n");
      break;
      
    case SIM_REAUTHENTICATION:
      debug_printf(DEBUG_NORMAL, "Got SIM_REAUTHENTICATION! (Unsupported)\n");
      break;
      
    default:
      debug_printf(DEBUG_NORMAL, "Unknown SubType value! (%d)\n", 
		   dataoffs[0]);
      break;
    }
  out[2] = 0;

  return XENONE;
}

int eapsim_get_keys(struct interface_data *thisint)
{
  struct eaptypedata *mydata;

  if ((!thisint) || (!thisint->userdata) || (!thisint->userdata->activemethod)
      || (!thisint->userdata->activemethod->eap_data))
    {
      debug_printf(DEBUG_NORMAL, "Invalid interface structure passed to eapsim_get_keys()!\n");
      return XEMALLOC;
    }

  mydata = (struct eaptypedata *)thisint->userdata->activemethod->eap_data;
  if (thisint->keyingMaterial != NULL)
    {
      free(thisint->keyingMaterial);
    }

  thisint->keyingMaterial = (char *)malloc(64);
  if (thisint->keyingMaterial == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for keying material! (%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }

  memcpy(thisint->keyingMaterial, mydata->keyingMaterial, 64);
  thisint->keyingLength = 32;

  return XENONE;
}

int eapsim_failed(struct generic_eap_data *thisint)
{
  struct config_eap_sim *userdata;

  if ((!thisint) || (!thisint->eap_conf_data))
    {
      debug_printf(DEBUG_AUTHTYPES, "No valid configuration information in EAP-SIM!  Nothing to do!\n");
      return XEMALLOC;
    }

  userdata = (struct config_eap_sim *)thisint->eap_conf_data;

#ifndef NO_PWD_RESET
  /*
  if (userdata->password != NULL)
    {
      free(userdata->password);
      userdata->password = NULL;
    }
  */
#endif

  return XENONE;
}

int eapsim_cleanup(struct generic_eap_data *thisint)
{
  struct eaptypedata *mydata;

  if (!thisint)
    {
      debug_printf(DEBUG_NORMAL, "Invalid data passed to %s!  (%s:%d)\n",
		   __FUNCTION__, __LINE__);
      return XEMALLOC;
    }

  debug_printf(DEBUG_AUTHTYPES, "(EAP-SIM) Cleaning up!\n");
  mydata = (struct eaptypedata *)thisint->eap_data;

  sm_handler_close_sc(&mydata->shdl, &mydata->scntx);
  return XENONE;
}

#endif