📄 eappeap.cpp
字号:
/**************************************************************************/
/* WIRE1x Version 1.0: A client-side 802.1x implementation */
/* based on xsupplicant of Open1x for Windows XP, 2000, 98, and Me */
/* */
/* This code is released under both the GPL version 2 and BSD licenses. */
/* Either license may be used. The respective licenses are found below. */
/* */
/* Copyright (C) 2004, WIRE Lab, National Tsing Hua Univ., Hsinchu, Taiwan*/
/* All Rights Reserved */
/**************************************************************************/
/** * A client-side 802.1x implementation supporting EAP/TLS * * This code is released under both the GPL version 2 and BSD licenses. * Either license may be used. The respective licenses are found below. * * Copyright (C) 2002 Bryan D. Payne & Nick L. Petroni Jr. * All Rights Reserved * * --- GPL Version 2 License --- * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * --- BSD License --- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * Maryland at College Park and its contributors. * - Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */#include <stdafx.h>#include <stdio.h>#include <stdlib.h>#include <unistd.h>#include <string.h>#include <sys/types.h>#include <sys/stat.h>#include <unistd.h>#include <fcntl.h>#include <winsock.h>
#include <openssl/err.h>#include "eappeap.h"#include "tls_funcs.h"#include "peap_phase2.h"#include "eapcrypt.h"#include "userconf.h"#include "auth_tools.h"#define PEAP_SESSION_KEY_CONST "client EAP encryption"#define PEAP_SESSION_KEY_CONST_SIZE 21#define PEAPv1_SESSION_KEY_CONST "client PEAP encryption"#define PEAPv1_SESSION_KEY_CONST_SIZE 22/** GLOBAL VARS **/char *eappeap_netid;char *eappeap_config;int peap_root_cert_loaded = 0;int peap_user_cert_loaded = 0;int peap_version = 0;/** FUNCTION DEFINITIONS **/ /** * Initialization function for EAPTLS. This initializes the * data needed for the protocol and initializes variables needed to * start the eaptls handshake. * CHANGED by npetroni to only do those things which happen *once* * at TLS startup. Added function eaptls_reset() to prepare TLS * for a new handshake * * (IN) file name to the config file * (OUT) success = 0, failure = -1 */int init_eappeap (char *config, char *netid){ eappeap_netid = netid; eappeap_config = config; return tls_funcs_init();}// Shutdown and cleanup anything we need to.int eappeap_shutdown(){ // Don't free one_x_globals here. That will be handled by shutdown_eap. return tls_funcs_shutdown();}/** * Decodes a packet and creates the data needed for a new packet. * This function is called by the eap layer with new packets as * they are received. The input buffer points to the beginning * of the EAPTLS portion of the packet (the flags). The reply * packet should be placed in the output buffer. * * The memory for the output buffer is created here, but will be * freed by the eap layer when it is done using it. * * (IN) input and output packet buffers, with lengths * (OUT) success = 0, failure = -1 */int eappeap_decode_packet(u_char *in, int in_size, u_char *out, int *out_size){ int i; /* PEAP adds some version bits to flags byte. They need to be stripped out. */ peap_version = (in[0] & 0x03); // Get the version #. set_peap_version(peap_version); // Tell PEAP what version we want to use. in[0] = (in[0] & 0xfc); // Mask out the version bits. i=tls_funcs_decode_packet(in, in_size, out, out_size, (phase2_call)peap_do_phase2); /* We need to add the PEAP version flags back in. */ out[0] = out[0]+get_peap_version(); return i;}int eappeap_auth_setup(){ char *temp_username = NULL; char *root_cert = NULL; temp_username = get_username(); if (peap_root_cert_loaded == 0) { // load CA cert. root_cert = get_root_cert(); //Get the filename/path for the root cert. if (eapcrypt_tls_load_root_certs(root_cert, NULL, NULL) < 0) { return -1; } if (root_cert != NULL) { free(root_cert); root_cert = NULL; } peap_root_cert_loaded = 1; // We now have the root cert loaded. } // We shouldn't need to load the user cert, unless there is one to load. /* if (peap_user_cert_loaded == 0) { // First, get the password for the private key. temp_password = get_password(); //See if we have one in the file. if (temp_password == NULL) { xlogf(DEBUG_NORMAL, FORCE, "(PEAP Authentication) %s's Password : ", temp_username); temp_password = getpass(""); //This is obsolete! Fix it! (It also causes problems with incorrect passwords.) } if (temp_password == NULL) // This should be impossible at this point! { if (temp_username != NULL) { free(temp_username); temp_username = NULL; } return -1; } // Clean up after ourselves.. if (temp_username != NULL) { free(temp_username); temp_username = NULL: } client_cert = get_client_cert(); client_key = get_key_file(); if (eapcrypt_tls_load_user_cert(client_cert, client_key, temp_password) < 0) { xlogf(DEBUG_NORMAL, FORCE, "Couldn't load certificate! (May be an incorrect password!)\n"); if (client_cert) { free(client_cert); client_cert = NULL; } if (client_key) { free(client_key); client_key = NULL; } return -1; } set_password(temp_password); peap_user_cert_loaded = 1; return 0; } */ if (temp_username != NULL) { free(temp_username); temp_username = NULL; } return 0;}int peap_gen_keyblock(){ u_char *gen_keyblock = NULL; switch (get_peap_version()) { case 0: gen_keyblock = eapcrypt_gen_keyblock((u_char *)PEAP_SESSION_KEY_CONST, PEAP_SESSION_KEY_CONST_SIZE); break; case 1: gen_keyblock = eapcrypt_gen_keyblock((u_char *)PEAPv1_SESSION_KEY_CONST, PEAPv1_SESSION_KEY_CONST_SIZE); break; } if (!gen_keyblock) return -1; eapcrypt_set_keyblock(gen_keyblock, EAPCRYPT_SESSION_KEY_SIZE); if(gen_keyblock!=NULL) { free(gen_keyblock); gen_keyblock = NULL; } return 0;}/*** EOF ***/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -