simd11.c

Linux上的802.1x 的supplicant的实现。很多supplicant程序都是基于它开发的

/*******************************************************************
 * EAP-SIM (draft 11 specific) functions.
 *
 * Licensed under a dual GPL/BSD license.  (See LICENSE file for more info.)
 * 
 * File: simd11.c
 *
 * Authors: Chris.Hessing@utah.edu
 *
 * $Id: simd11.c,v 1.13 2006/05/29 04:17:58 chessing Exp $
 * $Date: 2006/05/29 04:17:58 $
 * $Log: simd11.c,v $
 * Revision 1.13  2006/05/29 04:17:58  chessing
 * Fixes for some memory leaks.
 *
 * Revision 1.12  2006/04/25 01:17:44  chessing
 * LOTS of code cleanups, new error checking/debugging code added, and other misc. fixes/changes.
 *
 * Revision 1.11  2006/02/23 22:26:53  chessing
 * Fix for bug id #1415020.  'Building Xsupplicant 1.2.3 Fails on FC4'.
 *
 * Revision 1.10  2005/08/09 01:39:17  chessing
 * Cleaned out old commit notes from the released version.  Added a few small features including the ability to disable the friendly warnings that are spit out.  (Such as the warning that is displayed when keys aren't rotated after 10 minutes.)  We should also be able to start when the interface is down.  Last, but not least, we can handle empty network configs.  (This may be useful for situations where there isn't a good reason to have a default network defined.)
 *
 *
 *******************************************************************/

/*******************************************************************
 *
 * The development of the EAP/SIM support was funded by Internet
 * Foundation Austria (http://www.nic.at/ipa)
 *
 *******************************************************************/


#ifdef EAP_SIM_ENABLE
#include <inttypes.h>
#include <string.h>
#include <netinet/in.h>
#include <openssl/hmac.h>

#include "winscard.h"
#include "profile.h"
#include "xsupconfig.h"
#include "eap.h"
#include "eapsim.h"
#include "xsup_debug.h"
#include "xsup_err.h"

#ifdef USE_EFENCE
#include <efence.h>
#endif

// Draft 11 (version 1) specific calls.

int do_v1_at_mac(struct generic_eap_data *thisint, char *K_int, char *indata, 
		 int in_size, int inoffset, char *noncemt, char *vlist, 
		 int vlistlen, uint16_t selver, char *resultmac)
{
  char *framecpy, *mac_calc;
  int saved_offset, i;
  uint16_t value16;

  if (!xsup_assert((thisint != NULL), "thisint != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((K_int != NULL), "K_int != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((indata != NULL), "indata != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((noncemt != NULL), "noncemt != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((vlist != NULL), "vlist != NULL", FALSE))
    return XEMALLOC;

  if (!xsup_assert((resultmac != NULL), "resultmac != NULL", FALSE))
    return XEMALLOC;

  if (indata[inoffset] != AT_MAC)
    {
      debug_printf(DEBUG_NORMAL, "Error!  The offset passed in is not of type AT_MAC!\n");
      return -1;
    }
  
  inoffset++;
	      
  if (indata[inoffset] != 5) printf("AT_MAC length isn't 5!\n");
  inoffset+=2;  // Skip the reserved bytes.

  saved_offset = inoffset;

  framecpy = (char *)malloc(in_size+50);  // We need extra to
	                                  // reconstruct the eap 
	                                  // piece.
  if (framecpy == NULL)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for framecpy!\n");
      return XEMALLOC;
    }

  // Now, reconstruct the header for the EAP piece, so we can
  // calculate the MAC across all of it.
  framecpy[0] = 1;  // It was a request.
  framecpy[1] = thisint->eapid;
  value16 = in_size + 5;
  value16 = htons(value16);

  memcpy((char *)&framecpy[2], &value16, 2);
  framecpy[4] = EAP_TYPE_SIM;
  
  memcpy((char *)&framecpy[5], (char *)&indata[0], in_size);

  // Now, zero out the MAC value.
  for (i=(saved_offset+5);i<=(in_size+5);i++)
    {
      framecpy[i] = 0x00;
    }

  memcpy(&framecpy[(in_size+5)], noncemt, 16);
  
  // We should now be ready to calculate the AT_MAC for 
  // ourselves.

  debug_printf(DEBUG_AUTHTYPES, "Hashing this frame to get AT_MAC: \n");
  debug_hex_dump(DEBUG_AUTHTYPES, framecpy, (in_size+5+16));

  mac_calc = (char *)malloc(100);
  if (mac_calc == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for mac_calc! "
		   "(%s:%d)\n", __FUNCTION__, __LINE__);
      return XEMALLOC;
    }

  HMAC(EVP_sha1(), &K_int[0], 16, framecpy, (in_size+5+16), mac_calc, &i);

  memcpy(resultmac, mac_calc, 16);  // We get 20 back, but we only want 16.

  debug_printf(DEBUG_AUTHTYPES, "Result MAC = ");
  debug_hex_printf(DEBUG_AUTHTYPES, resultmac, 16);

  free(framecpy);
  framecpy = NULL;
  
  free(mac_calc);
  mac_calc = NULL;
  return 0;
}

#endif