eapaka.c

Linux dot1x认证的实现

    return XEMALLOC;

  if ((thisint->tempPwd == NULL) && (userdata->password == NULL))
    {
      thisint->need_password = 1;
      thisint->eaptype = strdup("EAP-AKA");
      thisint->eapchallenge = NULL;
      
      *outsize = 0;
      return XENONE;
    }

  // Make sure we have something to process...
  if (dataoffs == NULL) return XENONE;

  if (userdata->username == NULL)
    {
      debug_printf(DEBUG_NORMAL, "No username, setting from identity!\n");
      username = thisint->identity;
    } else {
      username = userdata->username;
    }

  if ((userdata->password == NULL) && (thisint->tempPwd != NULL))
    {
      userdata->password = thisint->tempPwd;
      thisint->tempPwd = NULL;
    }

  *outsize = 0;
  outptr = 0;
  bzero(&mac_calc[0], 16);
  bzero(&mac_val[0], 16);

  switch (dataoffs[0])
    {
    case AKA_IDENTITY:
      debug_printf(DEBUG_AUTHTYPES, "Got AKA_IDENTITY!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_AUTHENTICATION_REJECT:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_AUTHENTICATION_REJECT!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_SYNC_FAILURE:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_SYNC_FAILURE!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!  (And, we should *NEVER* get this!\n");
      break;

    case AKA_NOTIFICATION:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_NOTIFICATION!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_REAUTHENTICATION:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_REAUTHENTICATION!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_CLIENT_ERROR:
      debug_printf(DEBUG_AUTHTYPES, "Got an AKA_CLIENT_ERROR!\n");
      debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
      break;

    case AKA_CHALLENGE:
      debug_printf(DEBUG_AUTHTYPES, "Got AKA_CHALLENGE!\n");
      packet_offset = 3;

      typelen = (struct typelength *)&out[0];
      bzero(out, 10);
      typelen->type = AKA_CHALLENGE;
      outptr = 3;

      while (packet_offset < insize)
	{
	  switch (dataoffs[packet_offset])
	    {
	    case AT_RAND:
	      retval = aka_do_at_rand(mydata, dataoffs, &packet_offset);
	      if (retval != XENONE) return retval;
	      break;

	    case AT_AUTN:
	      retval = aka_do_at_autn(mydata, dataoffs, &packet_offset);
	      if (retval != XENONE) return retval;
	      break;

	    case AT_IV:
	      debug_printf(DEBUG_AUTHTYPES, "Got an IV (Not supported)\n");
	      aka_skip_not_implemented(dataoffs, &packet_offset);
	      break;

	    case AT_MAC:
	      retval = aka_do_at_mac(thisint, mydata, dataoffs, insize, 
				     &packet_offset, username);
	      if (retval == XEAKASYNCFAIL)
		{
		  printf("Sync failure 2..  Doing sync failure.\n");
		  return aka_do_sync_fail(mydata, out, outsize);
		} else if (retval != XENONE) return retval;
	      break;
	    }
	}

      reslen = mydata->reslen;
      if ((reslen % 4) != 0)
	{
	  reallen = reslen + (reslen % 4);
	} else {
	  reallen = reslen;
	}

      // Build the challenge response.
      typelenres = (struct typelengthres *)&out[outptr];
      typelenres->type = AT_RES;
      typelenres->length = (reallen/4)+1;
      typelenres->reserved = htons(reslen);
      outptr += 4;

      memcpy((char *)&out[outptr], (char *)&mydata->res[0], reslen);
      outptr += reslen;

      if (reallen > reslen)
	{
	  for (i=0;i<(reallen-reslen);i++)
	    {
	      out[outptr+i] = 0x00;
	    }
	  outptr += (reallen-reslen);
	}

      typelenres = (struct typelengthres *)&out[outptr];
      typelenres->type = AT_MAC;
      typelenres->length = 5;
      typelenres->reserved = 0x0000;
      outptr += 4;

      retsize = outptr+16+5;
      
      framecpy = (char *)malloc(retsize);
      if (framecpy == NULL) return XEMALLOC;

      framecpy[0] = 2;   // This is a response.
      framecpy[1] = thisint->eapid;
      value16 = retsize;
      value16 = htons(value16);

      memcpy((char *)&framecpy[2], &value16, 2);
      framecpy[4] = EAP_TYPE_AKA;
      
      memcpy((char *)&framecpy[5], out, retsize);
      debug_printf(DEBUG_AUTHTYPES, "Preframe :\n");
      debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);

      // Zero out the mac.
      bzero((char *)&framecpy[outptr+5], 16);
      debug_printf(DEBUG_AUTHTYPES, "Frame to hash : \n");
      debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);

      HMAC(EVP_sha1(), (char *)&mydata->K_aut[0], 16, framecpy, retsize, (char *)&mac_calc[0], &i);

      free(framecpy);
      framecpy = NULL;

      debug_printf(DEBUG_AUTHTYPES, "MAC = ");
      debug_hex_printf(DEBUG_AUTHTYPES, (char *)&mac_calc[0], 16);

      memcpy((char *)&out[outptr], (char *)&mac_calc[0], 16);

      // Then, calculate the MAC, and return it.
      outptr +=16;
      break;
	  
    default:
      debug_printf(DEBUG_NORMAL, "Unknown SubType value! (%d)\n", 
		   dataoffs[0]);
      break;
    }
  out[2] = 0;
  *outsize = outptr;

  return XENONE;
}

int eapaka_get_keys(struct interface_data *thisint)
{
  struct aka_eaptypedata *mydata;
  struct config_network *network_data;

  if (!xsup_assert((thisint != NULL), "thisint != NULL", FALSE))
    return XEMALLOC;

  network_data = config_get_network_config();

  if (!xsup_assert((network_data != NULL), "network_data != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((network_data->activemethod != NULL), 
		   "network_data->activemethod != NULL", FALSE))
    return XEMALLOC;

  mydata = (struct aka_eaptypedata *)network_data->activemethod->eap_data;
  if (thisint->keyingMaterial != NULL)
    {
      free(thisint->keyingMaterial);
    }

  thisint->keyingMaterial = (char *)malloc(64);
  if (thisint->keyingMaterial == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for keying material! (%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }

  if (mydata->keyingMaterial == NULL)
    {
      debug_printf(DEBUG_NORMAL, "Not keying material was stored in EAP-AKA!\n");
      return XEGENERROR;
    }

  memcpy(thisint->keyingMaterial, mydata->keyingMaterial, 64);
  thisint->keyingLength = 32;

  return XENONE;
}

int eapaka_failed(struct generic_eap_data *thisint)
{
  struct config_eap_aka *userdata;

  if (!xsup_assert((thisint != NULL), "thisint != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((thisint->eap_conf_data != NULL), 
		   "thisint->eap_conf_data != NULL", FALSE))
    return XEMALLOC;

  userdata = (struct config_eap_aka *)thisint->eap_conf_data;

#ifndef NO_PWD_RESET
  if (userdata->password != NULL)
    {
      free(userdata->password);
      userdata->password = NULL;
    }
#endif

  return XENONE;
}

int eapaka_cleanup(struct generic_eap_data *thisint)
{
  struct aka_eaptypedata *mydata;

  if (!xsup_assert((thisint != NULL), "thisint != NULL", FALSE))
    return XEMALLOC;

  debug_printf(DEBUG_AUTHTYPES, "(EAP-AKA) Cleaning up!\n");
  mydata = (struct aka_eaptypedata *)thisint->eap_data;

#ifndef RADIATOR_TEST
  sm_handler_close_sc(&mydata->shdl, &mydata->scntx);
#endif

  free(mydata);
  mydata = NULL;

  return XENONE;
}

#endif