📄 tls_funcs.cpp
字号:
/**************************************************************************/
/* WIRE1x Version 1.0: A client-side 802.1x implementation */
/* based on xsupplicant of Open1x for Windows XP, 2000, 98, and Me */
/* */
/* This code is released under both the GPL version 2 and BSD licenses. */
/* Either license may be used. The respective licenses are found below. */
/* */
/* Copyright (C) 2004, WIRE Lab, National Tsing Hua Univ., Hsinchu, Taiwan*/
/* All Rights Reserved */
/**************************************************************************/
/** * A client-side 802.1x implementation supporting EAP/TLS * * This code is released under both the GPL version 2 and BSD licenses. * Either license may be used. The respective licenses are found below. * * Copyright (C) 2002 Bryan D. Payne & Nick L. Petroni Jr. * All Rights Reserved * * --- GPL Version 2 License --- * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * --- BSD License --- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * Maryland at College Park and its contributors. * - Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */#include <stdafx.h>
#include <openssl/err.h>#include <string.h>#include <winsock.h>
#include "eaptls.h"#include "eapcrypt.h"#include "tls_funcs.h"#include "auth_tools.h"int tls_funcs_phase = 0, tls_funcs_cert_size = 0;int tls_funcs_init(){ return eapcrypt_tls_init();}int tls_funcs_shutdown(){ return eapcrypt_tls_shutdown();}int tls_funcs_decode_packet(u_char *in, int in_size, u_char *out, int *out_size, phase2_call phase2_func){ int rtnVal = 0; u_char *p = NULL; uint8_t *tptr = NULL; uint32_t len_long; int tcnt;#if TTLS_DEBUG int i;#endif unsigned long err; long temp_size; char *temp1=NULL, *temp2=NULL; int temp1_size, temp2_size; *out_size = 0; err = ERR_get_error(); if (err != 0) { } // since we are acting as the supplicant, we can safely assume // that the request bit is set on all packets that we receive // see what type of packet this is switch(in[0]){ case (EAPTLS_START): /* prepare to start a new handshake */ destroy_data_frags(); eapcrypt_tls_reset(); //This will reset the TLS. rtnVal = eapcrypt_tls_parse_data(NULL, 0); if (rtnVal < 0) { return rtnVal; } rtnVal = eapcrypt_tls_return_data(out, out_size); tls_funcs_phase = 1; // We are in phase 1. break;//--------------------------------------------------------------------------- case (EAPTLS_LENGTH_MORE): case (EAPTLS_MORE_FRAGS): case (EAPTLS_LENGTH_INCL): /* This is a fragment of data we care about. So, stash it away. If it is the final fragment, start returning data, instead of ACKs. */ p = in + 1; if ((in[0] == EAPTLS_LENGTH_MORE) || (in[0] == EAPTLS_LENGTH_INCL)) { memcpy(&len_long, &in[1], 4); temp_size = ntohl(len_long); tls_funcs_cert_size = temp_size; p=&in[5]; in_size-=1; } else { in_size+=3; } /* sanity check on the given packet length */ if (in_size == 0) { rtnVal = eapcrypt_tls_return_data(out, out_size); return rtnVal; } if (save_data_fragment((char *)p, in_size) != 0) { return -1; } else { } if (in[0] != EAPTLS_LENGTH_INCL) { // we should also return an ack when we are done rtnVal = tls_funcs_build_ack(out, out_size); } else { rtnVal = eapcrypt_tls_parse_data((u_char *)get_data_fragment(), get_data_frag_size()); destroy_data_frags(); rtnVal = eapcrypt_tls_return_data(out, out_size); } if ((eapcrypt_state() == 0x0003) && (phase2_func != NULL)) { // This implementation of phase 2 will only work with PAP/CHAP! Other // phase 2 authentication methods may require phase 2 hooks in // other locations. temp1 = (char *)malloc(1024); if (temp1 == NULL) { return -1; } temp2 = (char *)malloc(1024); if (temp2 == NULL) { return -1; } if (tls_funcs_phase == 2) { eapcrypt_decrypt(in, in_size+5, (u_char *)temp2, &temp2_size); phase2_func((u_char *)temp2, temp2_size, temp1, &temp1_size); } else { phase2_func(out, *out_size, temp1, (int *)&temp1_size); } tls_funcs_phase = 2; if (temp1_size>1) { eapcrypt_encrypt((u_char *)temp1, temp1_size, (u_char *)temp2, &temp2_size); *out_size = temp2_size; memcpy(out, temp2, temp2_size); } if (temp2 != NULL) { free(temp2); temp2 = NULL; } if (temp1 != NULL) { free(temp1); temp1 = NULL; } rtnVal = 0; } break;//--------------------------------------------------------------------------- case (0x00): if (((eapcrypt_state() == 0x0003) && (phase2_func != NULL)) && (in_size>0)) { tls_funcs_phase = 2; temp1 = (char *)malloc(1024); if (temp1 == NULL) { return -1; } temp2 = (char *)malloc(1024); if (temp2 == NULL) { return -1; } if (tls_funcs_phase == 2) { eapcrypt_decrypt(&in[1], in_size+3, (u_char *)temp2, &temp2_size); phase2_func((u_char *)temp2, temp2_size, temp1, &temp1_size); } else { phase2_func(out, *out_size, temp1, &temp1_size); } if (temp1[0] != 0x00) { eapcrypt_encrypt((u_char *)temp1, temp1_size, (u_char *)temp2, &temp2_size); *out_size = temp2_size; memcpy(out, temp2, temp2_size); if (temp2 != NULL) { free(temp2); temp2 = NULL; } if (temp1 != NULL) { free(temp1); temp1 = NULL; } } return 0; } // We got an ACK, so return some of our data. if (in_size > 1) { p = in +1; if (save_data_fragment((char *)p, in_size+3) != 0) { return -1; } else { } tptr = (u_char *)get_data_fragment(); tcnt = get_data_frag_size(); if (tcnt != tls_funcs_cert_size) { } rtnVal = eapcrypt_tls_parse_data((u_char *)get_data_fragment(), get_data_frag_size()); } rtnVal = eapcrypt_tls_return_data(out, out_size); destroy_data_frags(); break;//--------------------------------------------------------------------------- default: // we should never get here, return an error and do // absolutly nothing...this packet has funky flags rtnVal = -1; break; } return rtnVal;}int tls_funcs_build_ack(u_char *out, int *out_size){ *out_size = 1; out = 0x00; return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -