📄 eapcrypt.cpp
字号:
ssl = NULL; } return 0;}//-----------------------------
// This function written by Danielle Brevi
int eapcrypt_decrypt(u_char *in_data, int in_size, u_char *out_data, int *out_size)
{
int rc=0;
u_char p[1000];
memset(p, 0, 1000);
BIO_reset(ssl_in);
rc=BIO_write(ssl_in, in_data, in_size);
BIO_reset(ssl_out);
rc=SSL_read(ssl, out_data, 1000);
*out_size = rc;
return 0;
}
//-----------------------------int eapcrypt_encrypt(u_char *in_data, int in_size, u_char *out_data, int *out_size){ int rc=0; u_char *p;
int to_send_size = 0; // We need to modify this, to read more when there is more to be returned. p = (u_char *)malloc(1000); memset(p,0,1000);
BIO_reset(ssl_in); BIO_reset(ssl_out); rc=SSL_write(ssl, in_data, in_size); rc = BIO_read(ssl_out, p, 1000); // Allow largest possible read. to_send_size = rc; out_data[0] = 0x00; // No more to send. memcpy(&out_data[1], p, to_send_size); *out_size = to_send_size+1; if(p) { free(p); p = NULL; } return 0;}
struct ssl_st * ssl ;struct ssl_ctx_st * ctx;
struct bio_st * ssl_out;
struct bio_st * ssl_in;
int eapcrypt_tls_reset(){
if (ssl) { SSL_free(ssl); ssl = NULL; } ssl = SSL_new(ctx); if (!ssl) { printf("Couldn't create SSL object!\n"); return -1; } ssl_in = BIO_new(BIO_s_mem()); ssl_out = BIO_new(BIO_s_mem()); SSL_set_bio(ssl, ssl_in, ssl_out); SSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); if (pkt_out.packet != NULL) { free(pkt_out.packet); pkt_out.packet = NULL; } pkt_out.pkt_size = 0; pkt_out.pkt_ptr = 0; return 0;}/** * eapcrypt_tls_return_data * * (IN) Pointer to return TLS data, pointer to return size * (OUT) Pointer to TLS data, pointer to return size. * */int eapcrypt_tls_return_data(u_char *out_data, int *out_size){ uint32_t length; uint32_t chunk_size; uint32_t next_chunk = 0; uint8_t id_val = 0x00; // Start with nothing. if ((pkt_out.pkt_size == 0) || (pkt_out.pkt_ptr == pkt_out.pkt_size)) { out_data[0] = 0x00; // Return an ACK. *out_size = 1; return 0; } // Get the size of chunks to send. chunk_size = get_chunk_size(); // If the return is small enough, just return it. if ((unsigned)pkt_out.pkt_size <= chunk_size) { memcpy(&out_data[5], pkt_out.packet, pkt_out.pkt_size); *out_size = pkt_out.pkt_size; length = htonl(pkt_out.pkt_size); out_data[0] = 0x80; // TLS length flag memcpy(&out_data[1], &length, 4); *out_size+=5; //Accont for the length bytes, and TLS flag. // We sent everything, so destroy the buffer. if(pkt_out.packet) { free(pkt_out.packet); pkt_out.packet = NULL; pkt_out.pkt_size = 0; pkt_out.pkt_ptr = 0; } return 0; } if (((unsigned)pkt_out.pkt_size - pkt_out.pkt_ptr) > chunk_size) { next_chunk = chunk_size; } else { next_chunk = pkt_out.pkt_size - pkt_out.pkt_ptr; } // Check if this is the first packet in the group. If it is, send length. if (pkt_out.pkt_ptr == 0) { id_val = id_val | EAPTLS_LENGTH_INCL; // If there is more, include that... if ((pkt_out.pkt_ptr + next_chunk) < (unsigned)pkt_out.pkt_size) id_val = id_val | EAPTLS_MORE_FRAGS; out_data[0] = id_val; length = htonl(pkt_out.pkt_size); *out_size = next_chunk+5; memcpy(&out_data[1], &length, 4); memcpy(&out_data[5], &pkt_out.packet[pkt_out.pkt_ptr], next_chunk); } else { // Just add more data, and include the more value. if (((unsigned)pkt_out.pkt_ptr + next_chunk) < (unsigned)pkt_out.pkt_size) id_val = id_val | EAPTLS_MORE_FRAGS; memcpy(&out_data[1], &pkt_out.packet[pkt_out.pkt_ptr], next_chunk); *out_size = next_chunk+1; out_data[0] = id_val; } pkt_out.pkt_ptr += next_chunk; if (pkt_out.pkt_ptr >= pkt_out.pkt_size) // We are done with this packet. { free(pkt_out.packet); pkt_out.packet = NULL; pkt_out.pkt_size = 0; pkt_out.pkt_ptr = 0; } return 0;}int eapcrypt_tls_parse_data(u_char *in_data, int in_size){ int rc = 0; BUF_MEM *p = NULL;
if (in_data != NULL) { if (in_data[0] == 0x17) // We have an alert. { printf("(TLS) ALERT! There is a problem with the connection!\n"); return -1; } BIO_reset(ssl_in); print_hex(in_data, 16); BIO_write(ssl_in, in_data, in_size); } BIO_reset(ssl_out); rc = SSL_connect(ssl); BIO_get_mem_ptr(ssl_out, &p); pkt_out.pkt_size = p->length; pkt_out.packet = (char *)malloc(pkt_out.pkt_size); if (pkt_out.packet == NULL) { printf("Error with malloc of pkt_out.packet in eapcrypt_tls_parse_data().\n"); return -1; } memcpy(pkt_out.packet, p->data, pkt_out.pkt_size); return 0;}
static void ssl_info_callback(SSL *ssl, int w, int r){ printf(" --- SSL : %s\n", SSL_state_string_long(ssl)); if (w & SSL_CB_ALERT) printf(" --- ALERT : %s\n", SSL_alert_desc_string_long(r));}static int return_password(char *buf, int size, int rwflag, void *userdata){ strncpy(buf, (char *)(userdata), size); buf[size-1] = '\0'; return(strlen(buf));}int eapcrypt_tls_load_root_certs(char *path_to_cert, char *root_dir, char *crl_dir){
print_userconf();
if (path_to_cert == NULL) { printf("Error loading cert! Path to cert is NULL!\n"); return -1; } else { printf("Loading certificate %s . . . \n", path_to_cert); } SSL_CTX_set_info_callback(ctx, (void (*) (const struct ssl_st *,int,int)) ssl_info_callback);
//-------------------------------------------------
ret1 = SSL_CTX_add_client_CA(ctx,x);
X509_free(x);
//-------------------------------------------------
if (SSL_CTX_load_verify_locations(ctx, path_to_cert, root_dir) == 0)
{ printf("(TLS) Failed to initalize path to root certificate!\n");
printf("Error : %s\n", ERR_error_string(ERR_get_error(), NULL)); if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } return -1; }
printf("(TLS)Loaded root certificate %s and dirctory %s\n", path_to_cert, root_dir); if (crl_dir) { if (SSL_CTX_load_verify_locations(ctx, NULL, crl_dir) == 0) { printf("(TLS) Failed to initalize path to CRLs!\n"); printf("Error : %s\n", ERR_error_string(ERR_get_error(), NULL)); if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } return -1; } } /* Do we really want to pick up the default paths? */ if (SSL_CTX_set_default_verify_paths(ctx) == 0) { printf("(TLS) Failed to initalize default paths for root certificates!\n"); printf("Error : %s\n", ERR_error_string(ERR_get_error(), NULL)); if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } return -1; } return 0;}int eapcrypt_tls_load_user_cert(char *path_to_user_cert, char *path_to_private_key, char *password){ SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)password); SSL_CTX_set_default_passwd_cb(ctx, return_password); if (SSL_CTX_use_certificate_file(ctx, path_to_user_cert, SSL_FILETYPE_ASN1) != 1 && SSL_CTX_use_certificate_file(ctx, path_to_user_cert, SSL_FILETYPE_PEM) != 1 )
{ printf("(TLS) Couldn't load client certificate data!\n"); if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } return -1; } if (SSL_CTX_use_PrivateKey_file(ctx, path_to_private_key, SSL_FILETYPE_PEM) != 1 && SSL_CTX_use_PrivateKey_file(ctx, path_to_private_key, SSL_FILETYPE_ASN1) != 1 )
{ if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } printf("(TLS) Couldn't load client private key!\n"); return -1; } if (!SSL_CTX_check_private_key(ctx)) { printf("(TLS) Private key isn't valid!\n"); return -2; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); if (!(RAND_load_file(get_random_file(), 1024))) { if(ctx) { SSL_CTX_free(ctx); ctx = NULL; } printf("(TLS) Couldn't load random data from %s\n",get_random_file()); return -1; } return 0;}/*** EOF ***/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -