sim.c

linux 下通过802.1认证的安装包

  if (memcmp(&mac_calc[0], &mac_val[0], 16) != 0)
    {
      debug_printf(DEBUG_NORMAL, "ERROR : AT_MAC failed MAC check!\n");
      debug_printf(DEBUG_AUTHTYPES, "mac_calc = ");
      debug_hex_printf(DEBUG_AUTHTYPES, &mac_calc[0], 16);
      debug_printf(DEBUG_AUTHTYPES, "mac_val  = ");
      debug_hex_printf(DEBUG_AUTHTYPES, &mac_val[0], 16);
      return XESIMBADMAC;
    }
  
  return XENONE;
}

int sim_do_v1_response(eap_type_data *thisint, char *out, 
		       int *outptr, char *nsres, char *K_int)
{
  int i, value16;
  char *framecpy,  mac_calc[16];

  if (!xsup_assert((thisint != NULL), "thisint != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((out != NULL), "out != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((outptr != NULL), "outptr != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((nsres != NULL), "nsres != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((K_int != NULL), "K_int != NULL", FALSE))
    return XEMALLOC;

  debug_printf(DEBUG_NORMAL, "nsres = ");
  debug_hex_printf(DEBUG_NORMAL, nsres, 12);

  framecpy = (char *)Malloc((*outptr)+8+20+(8*3));
  if (framecpy == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for frame copy! "
		   "(%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }
	  
  framecpy[0] = 2;
#warning FIX use of thisint!
  framecpy[1] = eap_type_common_get_eap_reqid(thisint->eapReqData);
  value16 = htons((*outptr)+5+20);
  memcpy(&framecpy[2], &value16, 2);
  framecpy[4] = EAP_TYPE_SIM;
  memcpy(&framecpy[5], &out[0], (*outptr));
	  
  framecpy[5+(*outptr)] = AT_MAC;
  framecpy[5+(*outptr)+1] = 5;
  memcpy(&framecpy[5+(*outptr)+20], nsres, (4*3));

  debug_printf(DEBUG_AUTHTYPES, "Hashing against :\n");
  debug_hex_dump(DEBUG_AUTHTYPES, &framecpy[0], (*outptr)+25+12);
  
  HMAC(EVP_sha1(), K_int, 16, framecpy, ((*outptr)+5+20+12), &mac_calc[0], &i);
  memcpy(&out[(*outptr)], &framecpy[5+(*outptr)], 20);
  memcpy(&out[(*outptr)+4], &mac_calc[0], 16);
  *outptr += 20;
  
  FREE(framecpy);

  return XENONE;
}

int sim_v0_final_hash(struct eaptypedata *mydata, char *sha1resp, uint8_t *out,
		      int *outptr, char *K_sres)
{
  struct typelengthres *typelenres;
  char *hash;
  int i;

  if (!xsup_assert((mydata != NULL), "mydata != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((sha1resp != NULL), "sha1resp != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((out != NULL), "out != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((outptr != NULL), "outptr != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((K_sres != NULL), "K_sres != NULL", FALSE))
    return XEMALLOC;

  hash = (char *)Malloc((4*3)+16);
  if (hash == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for hash data!"
		   " (%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }
 
  memcpy(&hash[0], mydata->triplet[0].response, 4);
  memcpy(&hash[4], mydata->triplet[1].response, 4);
  memcpy(&hash[8], mydata->triplet[2].response, 4);
  hash[12] = 11;
      
  HMAC(EVP_sha1(), K_sres, 16, &hash[0], 13, sha1resp, &i);
  debug_printf(DEBUG_AUTHTYPES, "Final return value : ");
  debug_hex_printf(DEBUG_AUTHTYPES, sha1resp, i);
  
  typelenres = (struct typelengthres *)&out[*outptr];
  typelenres->type = AT_MAC_SRES;
  typelenres->length = 5;
  typelenres->reserved = 0;
  
  *outptr += sizeof(struct typelengthres);
  memcpy(&out[*outptr], &sha1resp, i);
  *outptr += i;

  return XENONE;
}

int sim_do_at_rand(struct eaptypedata *mydata, char *username, 
		   char *nsres, uint8_t *dataoffs, int *packet_offset,
		   uint8_t *out, int *outptr, char *K_int)
{
  struct typelengthres *typelenres;
  int value16, tlen, retval;
  char *hash, sha1resp[20], *at_mac_sres,  K_sres[16], K_encr[16], K_recv[32];
  char K_send[32];

  if (!xsup_assert((mydata != NULL), "mydata != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((username != NULL), "username != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((nsres != NULL), "nsres != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((dataoffs != NULL), "dataoffs != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((packet_offset != NULL), "packet_offset != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((out != NULL), "out != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((outptr != NULL), "outptr != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((K_int != NULL), "K_int != NULL", FALSE))
    return XEMALLOC;

  debug_printf(DEBUG_AUTHTYPES, "Got an AT_RAND.\n");
  typelenres = (struct typelengthres *)&dataoffs[*packet_offset];
  *packet_offset+=4;
  
  memcpy(mydata->triplet[0].random, &dataoffs[*packet_offset], 16);
  debug_printf(DEBUG_AUTHTYPES, "Random1 = ");
  debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[0].random, 16);
  sm_handler_do_2g_auth(&mydata->shdl, mydata->card_mode, 
			mydata->triplet[0].random, 
			mydata->triplet[0].response,
			mydata->triplet[0].ckey);
  debug_printf(DEBUG_AUTHTYPES, "Response = ");
  debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[0].response, 4);
  debug_printf(DEBUG_AUTHTYPES, "CKEY = ");
  debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[0].ckey, 8);
  *packet_offset+=16;
  
  memcpy(mydata->triplet[1].random, &dataoffs[*packet_offset], 16);
  debug_printf(DEBUG_AUTHTYPES, "Random2 = ");
  debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[1].random, 16);
  sm_handler_do_2g_auth(&mydata->shdl, mydata->card_mode,
			mydata->triplet[1].random, 
			mydata->triplet[1].response,
			mydata->triplet[1].ckey);
  *packet_offset+=16;
  
  memcpy(mydata->triplet[2].random, &dataoffs[*packet_offset], 16);
  debug_printf(DEBUG_AUTHTYPES, "Random3 = ");
  debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[2].random, 16);
  sm_handler_do_2g_auth(&mydata->shdl, mydata->card_mode,
			mydata->triplet[2].random, 
			mydata->triplet[2].response,
			mydata->triplet[2].ckey);
  *packet_offset+=16;
  
  if (mydata->workingversion == 0)
    {
      hash = (char *)Malloc((8*3)+16);  // 3 keys + 16 nonce.
      if (hash == NULL)
	{
	  debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to build hash!\n");
	  return XEMALLOC;
	}
      
      memcpy(&hash[0], mydata->triplet[0].ckey, 8);
      memcpy(&hash[8], mydata->triplet[1].ckey, 8);
      memcpy(&hash[16], mydata->triplet[2].ckey, 8);
      memcpy(&hash[24], mydata->nonce_mt, 16);
      
      SHA1(hash, 40, &sha1resp[0]);
    } else {
      tlen = strlen(username)+(8*3)+16+mydata->verlistlen+2;

      hash = (char *)Malloc(tlen);
      if (hash == NULL)
	{
	  debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for hash! "
		       "(%s:%d)\n", __FUNCTION__, __LINE__);
	  return XEMALLOC;
	}

      memset(nsres, 0x00, 12);
      memcpy(&nsres[0], mydata->triplet[0].response, 4);
      memcpy(&nsres[4], mydata->triplet[1].response, 4);
      memcpy(&nsres[8], mydata->triplet[2].response, 4);
      
      memset(hash, 0x00, tlen);
      memcpy(&hash[0], username, strlen(username));
      memcpy(&hash[strlen(username)], mydata->triplet[0].ckey, 8);
      memcpy(&hash[strlen(username)+8], mydata->triplet[1].ckey, 8);
      memcpy(&hash[strlen(username)+16],
	     mydata->triplet[2].ckey, 8);
      memcpy(&hash[strlen(username)+24],
	     mydata->nonce_mt, 16);
      memcpy(&hash[strlen(username)+24+16],
	     mydata->verlist, mydata->verlistlen);
      
      value16 = htons(mydata->workingversion);
      memcpy(&hash[strlen(username)+24+16+mydata->verlistlen], &value16, 2);
      
      SHA1(hash, (strlen(username)+24+16+mydata->verlistlen+2), sha1resp);
      
      FREE(hash);
    }
  
  debug_printf(DEBUG_AUTHTYPES, "MK = ");
  debug_hex_printf(DEBUG_AUTHTYPES, &sha1resp[0], 20);
  
  at_mac_sres = (char *)Malloc(120);
  if (at_mac_sres == NULL)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't malloc at_mac_sres!\n");
      return XEMALLOC;
    }
  
  fips186_2_prng(sha1resp, 20, NULL, 0, at_mac_sres, 120);
  
  if (mydata->workingversion == 0)
    {
      memcpy(&K_sres[0], &at_mac_sres[0], 16);
      memcpy(&K_encr[0], &at_mac_sres[16], 16);
      memcpy(&K_int[0], &at_mac_sres[32], 16);
      
      memset(&K_recv[0], 0x00, 32);
      memset(&K_send[0], 0x00, 32);
      
      memcpy(&K_recv[0], &at_mac_sres[48], 20);
      memcpy(&K_send[0], &at_mac_sres[68], 20);
    } else {
      // K_int is the same as K_aut in Version 1.
      memcpy(&K_int[0], &at_mac_sres[16], 16);
      memcpy(&K_recv[0], &at_mac_sres[32], 32);
      memcpy(&K_send[0], &at_mac_sres[64], 32);
    }
  
  // We should be done with at_mac_sres, so free it.
  FREE(at_mac_sres);
  FREE(mydata->keyingMaterial);

  mydata->keyingMaterial = (char *)Malloc(64);
  if (mydata->keyingMaterial == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for keying material"
		   "! (%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }
  
  memcpy(mydata->keyingMaterial, &K_recv[0], 32);
  memcpy(&mydata->keyingMaterial[32], &K_send[0], 32);
  
  if (mydata->workingversion == 0)
    {
      retval = sim_v0_final_hash(mydata, sha1resp, out, outptr, &K_sres[0]);
      if (retval != XENONE) return retval;
    }

  return XENONE;
}
 
#endif