📄 eapol_test.c

📁 一个Linux下无线网卡的设置工具
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
		wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);		break;	}	wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "		       "id=%d len=%d) from RADIUS server: %s",		      hdr->code, hdr->identifier, ntohs(hdr->length), buf);	/* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */	free(e->last_eap_radius);	e->last_eap_radius = eap;	e->last_eap_radius_len = len;	{		struct ieee802_1x_hdr *hdr;		hdr = malloc(sizeof(*hdr) + len);		assert(hdr != NULL);		hdr->version = EAPOL_VERSION;		hdr->type = IEEE802_1X_TYPE_EAP_PACKET;		hdr->length = htons(len);		memcpy((u8 *) (hdr + 1), eap, len);		eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,				  (u8 *) hdr, sizeof(*hdr) + len);		free(hdr);	}}static void ieee802_1x_get_keys(struct eapol_test_data *e,				struct radius_msg *msg, struct radius_msg *req,				u8 *shared_secret, size_t shared_secret_len){	struct radius_ms_mppe_keys *keys;	keys = radius_msg_get_ms_keys(msg, req, shared_secret,				      shared_secret_len);	if (keys && keys->send == NULL && keys->recv == NULL) {		free(keys);		keys = radius_msg_get_cisco_keys(msg, req, shared_secret,						 shared_secret_len);	}	if (keys) {		if (keys->send) {			wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",				    keys->send, keys->send_len);		}		if (keys->recv) {			wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",				    keys->recv, keys->recv_len);			e->authenticator_pmk_len =				keys->recv_len > PMK_LEN ? PMK_LEN :				keys->recv_len;			memcpy(e->authenticator_pmk, keys->recv,			       e->authenticator_pmk_len);		}		free(keys->send);		free(keys->recv);		free(keys);	}}/* Process the RADIUS frames from Authentication Server */static RadiusRxResultieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,			u8 *shared_secret, size_t shared_secret_len,			void *data){	struct eapol_test_data *e = data;	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be	 * present when packet contains an EAP-Message attribute */	if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,				0) < 0 &&	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {		wpa_printf(MSG_DEBUG, "Allowing RADIUS "			      "Access-Reject without Message-Authenticator "			      "since it does not include EAP-Message\n");	} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,				     req, 1)) {		printf("Incoming RADIUS packet did not have correct "		       "Message-Authenticator - dropped\n");		return RADIUS_RX_UNKNOWN;	}	if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&	    msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&	    msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {		printf("Unknown RADIUS message code\n");		return RADIUS_RX_UNKNOWN;	}	e->radius_identifier = -1;	wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");	if (e->last_recv_radius) {		radius_msg_free(e->last_recv_radius);		free(e->last_recv_radius);	}	e->last_recv_radius = msg;	switch (msg->hdr->code) {	case RADIUS_CODE_ACCESS_ACCEPT:		e->radius_access_accept_received = 1;		ieee802_1x_get_keys(e, msg, req, shared_secret,				    shared_secret_len);		break;	case RADIUS_CODE_ACCESS_REJECT:		e->radius_access_reject_received = 1;		break;	}	ieee802_1x_decapsulate_radius(e);	if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&	     e->eapol_test_num_reauths < 0) ||	    msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) {		eloop_terminate();	}	return RADIUS_RX_QUEUED;}static void wpa_init_conf(struct eapol_test_data *e,			  struct wpa_supplicant *wpa_s, const char *authsrv,			  int port, const char *secret){	struct hostapd_radius_server *as;	int res;	wpa_s->bssid[5] = 1;	wpa_s->own_addr[5] = 2;	e->own_ip_addr.s_addr = htonl((127 << 24) | 1);	strncpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));	e->radius_conf = malloc(sizeof(struct hostapd_radius_servers));	assert(e->radius_conf != NULL);	memset(e->radius_conf, 0, sizeof(struct hostapd_radius_servers));	e->radius_conf->num_auth_servers = 1;	as = malloc(sizeof(struct hostapd_radius_server));	assert(as != NULL);	memset(as, 0, sizeof(*as));#ifdef CONFIG_NATIVE_WINDOWS	{		int a[4];		u8 *pos;		sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);		pos = (u8 *) &as->addr.u.v4;		*pos++ = a[0];		*pos++ = a[1];		*pos++ = a[2];		*pos++ = a[3];	}#else /* CONFIG_NATIVE_WINDOWS */	inet_aton(authsrv, &as->addr.u.v4);#endif /* CONFIG_NATIVE_WINDOWS */	as->addr.af = AF_INET;	as->port = port;	as->shared_secret = (u8 *) strdup(secret);	as->shared_secret_len = strlen(secret);	e->radius_conf->auth_server = as;	e->radius_conf->auth_servers = as;	e->radius_conf->msg_dumps = 1;	e->radius = radius_client_init(wpa_s, e->radius_conf);	assert(e->radius != NULL);	res = radius_client_register(e->radius, RADIUS_AUTH,				     ieee802_1x_receive_auth, e);	assert(res == 0);}static int scard_test(void){	struct scard_data *scard;	size_t len;	char imsi[20];	unsigned char rand[16];#ifdef PCSC_FUNCS	unsigned char sres[4];	unsigned char kc[8];#endif /* PCSC_FUNCS */#define num_triplets 5	unsigned char rand_[num_triplets][16];	unsigned char sres_[num_triplets][4];	unsigned char kc_[num_triplets][8];	int i, j, res;#define AKA_RAND_LEN 16#define AKA_AUTN_LEN 16#define AKA_AUTS_LEN 14#define RES_MAX_LEN 16#define IK_LEN 16#define CK_LEN 16	unsigned char aka_rand[AKA_RAND_LEN];	unsigned char aka_autn[AKA_AUTN_LEN];	unsigned char aka_auts[AKA_AUTS_LEN];	unsigned char aka_res[RES_MAX_LEN];	size_t aka_res_len;	unsigned char aka_ik[IK_LEN];	unsigned char aka_ck[CK_LEN];	scard = scard_init(SCARD_TRY_BOTH);	if (scard == NULL)		return -1;	if (scard_set_pin(scard, "1234")) {		wpa_printf(MSG_WARNING, "PIN validation failed");		scard_deinit(scard);		return -1;	}	len = sizeof(imsi);	if (scard_get_imsi(scard, imsi, &len))		goto failed;	wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);	/* NOTE: Permanent Username: 1 | IMSI */	memset(rand, 0, sizeof(rand));	if (scard_gsm_auth(scard, rand, sres, kc))		goto failed;	memset(rand, 0xff, sizeof(rand));	if (scard_gsm_auth(scard, rand, sres, kc))		goto failed;	for (i = 0; i < num_triplets; i++) {		memset(rand_[i], i, sizeof(rand_[i]));		if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))			goto failed;	}	for (i = 0; i < num_triplets; i++) {		printf("1");		for (j = 0; j < len; j++)			printf("%c", imsi[j]);		printf(",");		for (j = 0; j < 16; j++)			printf("%02X", rand_[i][j]);		printf(",");		for (j = 0; j < 4; j++)			printf("%02X", sres_[i][j]);		printf(",");		for (j = 0; j < 8; j++)			printf("%02X", kc_[i][j]);		printf("\n");	}	wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");	/* seq 39 (0x28) */	memset(aka_rand, 0xaa, 16);	memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"	       "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);	res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,			      aka_ik, aka_ck, aka_auts);	if (res == 0) {		wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");		wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);		wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);		wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);	} else if (res == -2) {		wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "			   "failure");		wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);	} else {		wpa_printf(MSG_DEBUG, "UMTS auth failed");	}failed:	scard_deinit(scard);	return 0;#undef num_triplets}static int scard_get_triplets(int argc, char *argv[]){	struct scard_data *scard;	size_t len;	char imsi[20];	unsigned char rand[16];	unsigned char sres[4];	unsigned char kc[8];	int num_triplets;	int i, j;	if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {		printf("invalid parameters for sim command\n");		return -1;	}	if (argc <= 2 || strcmp(argv[2], "debug") != 0) {		/* disable debug output */		wpa_debug_level = 99;	}	scard = scard_init(SCARD_GSM_SIM_ONLY);	if (scard == NULL) {		printf("Failed to open smartcard connection\n");		return -1;	}	if (scard_set_pin(scard, argv[0])) {		wpa_printf(MSG_WARNING, "PIN validation failed");		scard_deinit(scard);		return -1;	}	len = sizeof(imsi);	if (scard_get_imsi(scard, imsi, &len)) {		scard_deinit(scard);		return -1;	}	for (i = 0; i < num_triplets; i++) {		memset(rand, i, sizeof(rand));		if (scard_gsm_auth(scard, rand, sres, kc))			break;		/* IMSI:Kc:SRES:RAND */		for (j = 0; j < len; j++)			printf("%c", imsi[j]);		printf(":");		for (j = 0; j < 8; j++)			printf("%02X", kc[j]);		printf(":");		for (j = 0; j < 4; j++)			printf("%02X", sres[j]);		printf(":");		for (j = 0; j < 16; j++)			printf("%02X", rand[j]);		printf("\n");	}	scard_deinit(scard);	return 0;}static void eapol_test_terminate(int sig, void *eloop_ctx,				 void *signal_ctx){	struct wpa_supplicant *wpa_s = eloop_ctx;	wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);	eloop_terminate();}static void usage(void){	printf("usage:\n"	       "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "	       "[-s<AS secret>] [-r<count>]\n"	       "eapol_test scard\n"	       "eapol_test sim <PIN> <num triplets> [debug]\n"	       "\n"	       "options:\n"	       "  -c<conf> = configuration file\n"	       "  -a<AS IP> = IP address of the authentication server, "	       "default 127.0.0.1\n"	       "  -p<AS port> = UDP port of the authentication server, "	       "default 1812\n"	       "  -s<AS secret> = shared secret with the authentication "	       "server, default 'radius'\n"	       "  -r<count> = number of re-authentications\n"	       "  -W = wait for a control interface monitor before starting\n"	       "  -S = save configuration after authentiation\n"	       "  -n = no MPPE keys expected\n");}int main(int argc, char *argv[]){	struct wpa_supplicant wpa_s;	int c, ret = 1, wait_for_monitor = 0, save_config = 0;	char *as_addr = "127.0.0.1";	int as_port = 1812;	char *as_secret = "radius";	char *conf = NULL;#ifdef CONFIG_NATIVE_WINDOWS	WSADATA wsaData;	if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {		printf("Could not find a usable WinSock.dll\n");		return -1;	}#endif /* CONFIG_NATIVE_WINDOWS */	memset(&eapol_test, 0, sizeof(eapol_test));	wpa_debug_level = 0;	wpa_debug_show_keys = 1;	for (;;) {		c = getopt(argc, argv, "a:c:np:r:s:SW");		if (c < 0)			break;		switch (c) {		case 'a':			as_addr = optarg;			break;		case 'c':			conf = optarg;			break;		case 'n':			eapol_test.no_mppe_keys++;			break;		case 'p':			as_port = atoi(optarg);			break;		case 'r':			eapol_test.eapol_test_num_reauths = atoi(optarg);			break;		case 's':			as_secret = optarg;			break;		case 'S':			save_config++;			break;		case 'W':			wait_for_monitor++;			break;		default:			usage();			return -1;		}	}	if (argc > optind && strcmp(argv[optind], "scard") == 0) {		return scard_test();	}	if (argc > optind && strcmp(argv[optind], "sim") == 0) {		return scard_get_triplets(argc - optind - 1,					  &argv[optind + 1]);	}	if (conf == NULL) {		usage();		printf("Configuration file is required.\n");		return -1;	}	eloop_init(&wpa_s);	memset(&wpa_s, 0, sizeof(wpa_s));	eapol_test.wpa_s = &wpa_s;	wpa_s.conf = wpa_config_read(conf);	if (wpa_s.conf == NULL) {		printf("Failed to parse configuration file '%s'.\n", conf);		return -1;	}	if (wpa_s.conf->ssid == NULL) {		printf("No networks defined.\n");		return -1;	}	wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret);	if (wpa_supplicant_ctrl_iface_init(&wpa_s)) {		printf("Failed to initialize control interface '%s'.\n"		       "You may have another eapol_test process already "		       "running or the file was\n"		       "left by an unclean termination of eapol_test in "		       "which case you will need\n"		       "to manually remove this file before starting "		       "eapol_test again.\n",		       wpa_s.conf->ctrl_interface);		return -1;	}	if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))		return -1;	if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))		return -1;	if (wait_for_monitor)		wpa_supplicant_ctrl_iface_wait(&wpa_s);	eloop_register_timeout(30, 0, eapol_test_timeout, &eapol_test, NULL);	eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);	eloop_register_signal(SIGINT, eapol_test_terminate, NULL);	eloop_register_signal(SIGTERM, eapol_test_terminate, NULL);#ifndef CONFIG_NATIVE_WINDOWS	eloop_register_signal(SIGHUP, eapol_test_terminate, NULL);#endif /* CONFIG_NATIVE_WINDOWS */	eloop_run();	if (eapol_test_compare_pmk(&eapol_test) == 0)		ret = 0;	if (eapol_test.auth_timed_out)		ret = -2;	if (eapol_test.radius_access_reject_received)		ret = -3;	if (save_config)		wpa_config_write(conf, wpa_s.conf);	test_eapol_clean(&eapol_test, &wpa_s);	eloop_destroy();	printf("MPPE keys OK: %d  mismatch: %d\n",	       eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);	if (eapol_test.num_mppe_mismatch)		ret = -4;	if (ret)		printf("FAILURE\n");	else		printf("SUCCESS\n");#ifdef CONFIG_NATIVE_WINDOWS	WSACleanup();#endif /* CONFIG_NATIVE_WINDOWS */	return ret;}
上一页 12
💿 文件大小 472 K
👤 上传用户 flashlee2003200
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#Linux #无线网卡
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -