eapaka.c
来自「linux 下通过802.1认证的安装包」· C语言 代码 · 共 664 行 · 第 1/2 页
C
664 行
retval = aka_do_at_autn(aka, eappayload, &packet_offset);
if (retval != XENONE) return;
break;
case AT_IV:
debug_printf(DEBUG_AUTHTYPES, "Got an IV (Not supported)\n");
aka_skip_not_implemented(eappayload, &packet_offset);
break;
case AT_MAC:
retval = aka_do_at_mac(eapdata, aka, eappayload, size,
&packet_offset, akaconf->username);
if (retval == XEAKASYNCFAIL)
{
debug_printf(DEBUG_AUTHTYPES, "Sync failure.. Doing sync "
"failure.\n");
aka->sync_fail = TRUE;
if (retval != XENONE) return;
} else if (retval != XENONE) return;
break;
}
}
}
/************************************************************************
*
* Process an AKA request.
*
************************************************************************/
void eapaka_process(eap_type_data *eapdata)
{
uint8_t *eappayload = NULL, chal_type;
struct config_eap_aka *akaconf;
struct aka_eaptypedata *akadata;
if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE))
return;
if (!xsup_assert((eapdata->eap_data != NULL), "eapdata->eap_data != NULL",
FALSE)) return;
if (!xsup_assert((eapdata->eap_conf_data != NULL),
"eapdata->eap_conf_data != NULL", FALSE))
return;
akaconf = eapdata->eap_conf_data;
akadata = eapdata->eap_data;
eappayload = &eapdata->eapReqData[sizeof(struct eap_header)];
switch (eappayload[0])
{
case AKA_IDENTITY:
debug_printf(DEBUG_AUTHTYPES, "Got AKA_IDENTITY!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
chal_type = AKA_IDENTITY;
break;
case AKA_AUTHENTICATION_REJECT:
debug_printf(DEBUG_AUTHTYPES, "Got an AKA_AUTHENTICATION_REJECT!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
chal_type = AKA_AUTHENTICATION_REJECT;
break;
case AKA_SYNC_FAILURE:
debug_printf(DEBUG_AUTHTYPES, "Got an AKA_SYNC_FAILURE!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented! (And, we should *NEVER*"
" get this!\n");
chal_type = AKA_SYNC_FAILURE;
break;
case AKA_NOTIFICATION:
debug_printf(DEBUG_AUTHTYPES, "Got an AKA_NOTIFICATION!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
chal_type = AKA_NOTIFICATION;
break;
case AKA_REAUTHENTICATION:
debug_printf(DEBUG_AUTHTYPES, "Got an AKA_REAUTHENTICATION!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
chal_type = AKA_REAUTHENTICATION;
break;
case AKA_CLIENT_ERROR:
debug_printf(DEBUG_AUTHTYPES, "Got an AKA_CLIENT_ERROR!\n");
debug_printf(DEBUG_AUTHTYPES, "Not implemented!\n");
chal_type = AKA_CLIENT_ERROR;
break;
case AKA_CHALLENGE:
debug_printf(DEBUG_AUTHTYPES, "Got AKA_CHALLENGE!\n");
eapaka_do_challenge(eapdata, (uint8_t *)&eappayload[1]);
chal_type = AKA_CHALLENGE;
break;
default:
debug_printf(DEBUG_NORMAL, "Unknown SubType value! (%d)\n",
eappayload[0]);
eapdata->ignore = TRUE;
eapdata->decision = EAP_FAIL;
return;
break;
}
eapdata->ignore = FALSE;
eapdata->decision = COND_SUCC;
eapdata->methodState = MAY_CONT;
}
/************************************************************************
*
* Build an AKA response.
*
************************************************************************/
uint8_t *eapaka_buildResp(eap_type_data *eapdata)
{
uint16_t reslen = 0, reallen = 0;
struct config_eap_aka *akaconf = NULL;
struct aka_eaptypedata *akadata = NULL;
struct typelength *typelen = NULL;
struct typelengthres *typelenres = NULL;
uint8_t reqId, mac_calc[16];
struct eap_header *eaphdr;
uint8_t *payload = NULL, *framecpy = NULL, *data = NULL;
uint16_t offset, i = 0, retsize;
if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE))
return NULL;
if (!xsup_assert((eapdata->eap_data != NULL), "eapdata->eap_data != NULL",
FALSE))
return NULL;
if (!xsup_assert((eapdata->eap_conf_data != NULL),
"eapdata->eap_conf_data != NULL", FALSE))
return NULL;
akaconf = eapdata->eap_conf_data;
akadata = eapdata->eap_data;
if (akadata->chal_type == AKA_CHALLENGE)
{
if (akadata->sync_fail == TRUE)
{
// Handle a sync failure response.
return aka_do_sync_fail(akadata, eap_type_common_get_eap_reqId(eapdata->eapReqData));
}
reqId = eap_type_common_get_eap_reqId(eapdata->eapReqData);
data = Malloc(1024); // Should be enough to hold our response.
if (data == NULL)
{
debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to store "
"response data in %s()!\n", __FUNCTION__);
return NULL;
}
eaphdr = data;
eaphdr->eap_code = EAP_RESPONSE_PKT;
eaphdr->eap_identifier = reqId;
eaphdr->eap_type = EAP_TYPE_AKA;
payload = &data[sizeof(struct eap_header)];
memset(payload, 0x00, 10);
offset = 0;
typelen = (struct typelength *)payload;
typelen->type = AKA_CHALLENGE;
reslen = akadata->reslen;
if ((reslen % 4) != 0)
{
reallen = reslen + (reslen % 4);
}
else
{
reallen = reslen;
}
offset += 3;
typelenres = (struct typelengthres *)&payload[offset];
typelenres->type = AT_RES;
typelenres->length = (reallen/4)+1;
typelenres->reserved = htons(reslen);
offset += 4;
memcpy(&payload[offset], akadata->res, reslen);
offset += reslen;
if (reallen > reslen)
{
for (i=0;i<(reallen-reslen);i++)
{
payload[offset] = 0x00;
offset++;
}
}
typelenres = (struct typelenres *)&payload[offset];
typelenres->type = AT_MAC;
typelenres->length = 5;
typelenres->reserved = 0x0000;
offset += 4;
retsize = offset+16+sizeof(struct eap_header);
framecpy = Malloc(retsize);
if (framecpy == NULL)
{
debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to store the "
"packet to hash!\n");
eapdata->ignore = TRUE;
eapdata->decision = EAP_FAIL;
return NULL;
}
eaphdr->eap_length = htons(retsize);
memcpy(framecpy, data, retsize);
debug_printf(DEBUG_AUTHTYPES, "Preframe : \n");
debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);
// Zero out the mac.
memset((uint8_t *)&framecpy[offset+sizeof(struct eap_header)], 0x00, 16);
debug_printf(DEBUG_AUTHTYPES, "Frame to hash :\n");
debug_hex_dump(DEBUG_AUTHTYPES, framecpy, retsize);
HMAC(EVP_sha1(), (uint8_t *)&akadata->K_aut[0], 16, framecpy, retsize,
mac_calc, &i);
FREE(framecpy);
debug_printf(DEBUG_AUTHTYPES, "MAC = ");
debug_hex_printf(DEBUG_AUTHTYPES, mac_calc, 16);
memcpy(&payload[offset], mac_calc, 16);
}
else
{
eapdata->ignore = TRUE;
eapdata->decision = EAP_FAIL;
return NULL;
}
return data;
}
/************************************************************************
*
* Determine if there is keying material available.
*
************************************************************************/
uint8_t eapaka_isKeyAvailable(eap_type_data *eapdata)
{
struct aka_eaptypedata *akadata;
if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE))
return FALSE;
if (!xsup_assert((eapdata->eap_data != NULL), "eapdata->eap_data != NULL",
FALSE))
return FALSE;
akadata = (struct aka_eaptypedata *)eapdata->eap_data;
if (akadata->keyingMaterial != NULL) return TRUE;
return FALSE;
}
/************************************************************************
*
* Return the keying material.
*
************************************************************************/
uint8_t *eapaka_getKey(eap_type_data *eapdata)
{
struct aka_eaptypedata *akadata;
uint8_t *keydata;
if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE))
return FALSE;
if (!xsup_assert((eapdata->eap_data != NULL), "eapdata->eap_data != NULL",
FALSE))
return FALSE;
akadata = (struct aka_eaptypedata *)eapdata->eap_data;
keydata = Malloc(64);
if (keydata == NULL)
{
debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to return key "
"data!\n");
return NULL;
}
memcpy(keydata, akadata->keyingMaterial, 64);
return keydata;
}
/************************************************************************
*
* Clean up any resources we used.
*
************************************************************************/
void eapaka_deinit(eap_type_data *eapdata)
{
struct aka_eaptypedata *mydata;
if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE))
return;
debug_printf(DEBUG_AUTHTYPES, "(EAP-AKA) Cleaning up!\n");
mydata = (struct aka_eaptypedata *)eapdata->eap_data;
#ifndef RADIATOR_TEST
sm_handler_close_sc(&mydata->shdl, &mydata->scntx);
#endif
FREE(mydata);
}
#endif
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?