📄 eaptls.cpp
字号:
/**************************************************************************/
/* WIRE1x Version 1.0: A client-side 802.1x implementation */
/* based on xsupplicant of Open1x for Windows XP, 2000, 98, and Me */
/* */
/* This code is released under both the GPL version 2 and BSD licenses. */
/* Either license may be used. The respective licenses are found below. */
/* */
/* Copyright (C) 2004, WIRE Lab, National Tsing Hua Univ., Hsinchu, Taiwan*/
/* All Rights Reserved */
/**************************************************************************/
/** * A client-side 802.1x implementation supporting EAP/TLS * * This code is released under both the GPL version 2 and BSD licenses. * Either license may be used. The respective licenses are found below. * * Copyright (C) 2002 Bryan D. Payne & Nick L. Petroni Jr. * All Rights Reserved * * --- GPL Version 2 License --- * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * --- BSD License --- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * Maryland at College Park and its contributors. * - Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. *//*** *** Specifics for EAPTLS can be found in *** IETF RFC 2716 ***/#include <stdafx.h>#ifndef SSL_DEBUG#define SSL_DEBUG 0 /* turn debug info on deprecated- Use --with-tls-debug*/#endif#include <stdio.h>#include <stdlib.h>#include <unistd.h>#include <string.h>#include <sys/types.h>#include <sys/stat.h>#include <fcntl.h>
#ifdef WIN32
#include <winsock.h>
#else
#include <netinet/in.h>#endif
#include <openssl/err.h>#include "eaptls.h"#include "eapcrypt.h"#include "userconf.h"
#include "tls_funcs.h"#include "auth_tools.h"
#if MEMWATCH#include "memwatch.h"#endif/** GLOBAL VARS **/char *eaptls_netid;char *eaptls_config;int root_cert_loaded = 0;int user_cert_loaded = 0;// The number of bytes that make up our certificate.uint32_t cert_size = 0;char pw[100];/** FUNCTION DEFINITIONS **/ /** * Initialization function for EAPTLS. This initializes the * data needed for the protocol and initializes variables needed to * start the eaptls handshake. * CHANGED by npetroni to only do those things which happen *once* * at TLS startup. Added function eaptls_reset() to prepare TLS * for a new handshake * * (IN) file name to the config file * (OUT) success = 0, failure = -1 */int init_eaptls (char *config, char *netid){ eaptls_netid = netid; eaptls_config = config;
printf("EAPTLS changed state to 0\n"); return eapcrypt_tls_init();}// Shutdown and cleanup anything we need to.int eaptls_shutdown(){ // Don't free one_x_globals here. That will be handled by shutdown_eap. printf("EAPTLS Cleaning up.\n"); return eapcrypt_tls_shutdown();}/** * Decodes a packet and creates the data needed for a new packet. * This function is called by the eap layer with new packets as * they are received. The input buffer points to the beginning * of the EAPTLS portion of the packet (the flags). The reply * packet should be placed in the output buffer. * * The memory for the output buffer is created here, but will be * freed by the eap layer when it is done using it. * * (IN) input and output packet buffers, with lengths * (OUT) success = 0, failure = -1 */int eaptls_decode_packet (u_char *in, int in_size, u_char *out, int *out_size){ return tls_funcs_decode_packet(in, in_size, out, out_size, NULL);}/** * Builds a simple "ACK" packet. These packets are just sent to * indicate the receipt of a fragmented packet and such. The * packet has only one byte whose value is 0x00. * * (IN) output buffer and length * (OUT) success = 0, failure = -1 */int eaptls_build_ack (u_char *out, int *out_size){ *out_size = 1; out = 0x00;
printf("(EAPTLS) Sending an ack\n"); return 0;}int eaptls_auth_setup(){ char *client_cert = NULL; char *client_key = NULL; char *temp_password = NULL; char *temp_username = NULL; char *root_cert = NULL; char *root_dir = NULL; char *crl_dir = NULL; temp_username = get_username(); if (root_cert_loaded == 0) { // load CA cert. root_cert = get_root_cert(); //Get the filename/path for the root cert. root_dir = get_root_dir(); //Get a directory for our trusted roots (both for servers // and to build our own chain crl_dir = get_crl_dir(); // where we might want to keep crls if (eapcrypt_tls_load_root_certs(root_cert, root_dir, crl_dir) < 0) { return -1; } if (root_cert != NULL) {free(root_cert); root_cert = NULL;} if (root_dir != NULL) {free(root_dir); root_dir = NULL; } if (crl_dir != NULL) {free(crl_dir); crl_dir = NULL;} root_cert_loaded = 1; // We now have the root cert loaded. } if (user_cert_loaded == 0) { // First, get the password for the private key. temp_password = get_password(); //See if we have one in the file.
if (temp_password == NULL) { printf("(TLS Authentication) %s's Password : ", temp_username);
}
if (temp_password == NULL) // This should be impossible at this point! { if (temp_username != NULL) { free(temp_username); temp_username = NULL; } return -1; } // Clean up after ourselves.. if (temp_username != NULL) { free(temp_username); temp_username = NULL; } client_cert = get_client_cert(); client_key = get_key_file();
if (eapcrypt_tls_load_user_cert(client_cert, client_key, temp_password) < 0) { printf("Couldn't load certificate! (May be an incorrect password!)\n"); if (client_cert) { free(client_cert); client_cert = NULL; } if (client_key) { free(client_key); client_key = NULL; } return -1; } set_password(temp_password); user_cert_loaded = 1; return 0; } return 0;}int tls_gen_keyblock(){ u_char *gen_keyblock; gen_keyblock = eapcrypt_gen_keyblock((u_char *)EAPCRYPT_SESSION_KEY_CONST, EAPCRYPT_SESSION_KEY_CONST_SIZE); if (!gen_keyblock) return -1; eapcrypt_set_keyblock(gen_keyblock, EAPCRYPT_SESSION_KEY_SIZE); if(gen_keyblock != NULL) { free(gen_keyblock); gen_keyblock = NULL; } return 0;}/*** EOF ***/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -