📄 eapsim.c
字号:
{ memcpy(&value16, &dataoffs[packet_offset], 2); value16 = ntohs(value16); debug_printf(DEBUG_AUTHTYPES, "AT_VERSION_LIST Value : %d\n", value16); if (value16 > maxver) maxver = value16; packet_offset += 2; } if (maxver > EAPSIM_MAX_SUPPORTED_VER) maxver = EAPSIM_MAX_SUPPORTED_VER; debug_printf(DEBUG_AUTHTYPES, "Setting version to %d\n",maxver); typelenres = (struct typelengthres *)&out[outptr]; typelenres->type = AT_SELECTED_VERSION; typelenres->length = 1; typelenres->reserved = htons(maxver); outptr += sizeof(struct typelengthres); mydata->workingversion = maxver; break; default: debug_printf(DEBUG_NORMAL, "Unknown SIM type!\n"); return XESIMBADTYPE; } } // Write the length in the response header. value16 = htons(outptr); memcpy((char *)&out[1], &value16, 2); *outsize = (outptr); break; case SIM_CHALLENGE: debug_printf(DEBUG_AUTHTYPES, "Got SIM_CHALLENGE!\n"); packet_offset = 3; typelen = (struct typelength *)&out[0]; typelen->type = SIM_CHALLENGE; outptr = 3; while (packet_offset < insize) { switch (dataoffs[packet_offset]) { case AT_RAND: debug_printf(DEBUG_AUTHTYPES, "Got an AT_RAND.\n"); typelenres = (struct typelengthres *)&dataoffs[packet_offset]; packet_offset+=4; memcpy(mydata->triplet[0].random, &dataoffs[packet_offset], 16); debug_printf(DEBUG_AUTHTYPES, "Random1 = "); debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[0].random, 16); do_gsm(mydata->triplet[0].random, mydata->triplet[0].response, mydata->triplet[0].ckey); packet_offset+=16; memcpy(mydata->triplet[1].random, &dataoffs[packet_offset], 16); debug_printf(DEBUG_AUTHTYPES, "Random2 = "); debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[1].random, 16); do_gsm(mydata->triplet[1].random, mydata->triplet[1].response, mydata->triplet[1].ckey); packet_offset+=16; memcpy(mydata->triplet[2].random, &dataoffs[packet_offset], 16); debug_printf(DEBUG_AUTHTYPES, "Random3 = "); debug_hex_printf(DEBUG_AUTHTYPES, mydata->triplet[2].random, 16); do_gsm(mydata->triplet[2].random, mydata->triplet[2].response, mydata->triplet[2].ckey); packet_offset+=16; if (mydata->workingversion == 0) { hash = (char *)malloc((8*3)+16); // 3 keys + 16 nonce. if (hash == NULL) { debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to build hash!\n"); return XEMALLOC; } bzero(hash, ((8*3)+16)); memcpy(&hash[0], mydata->triplet[0].ckey, 8); memcpy(&hash[8], mydata->triplet[1].ckey, 8); memcpy(&hash[16], mydata->triplet[2].ckey, 8); memcpy(&hash[24], mydata->nonce_mt, 16); SHA1(hash, 40, &sha1resp[0]); } else { tlen = strlen(username)+(8*3)+16+ mydata->verlistlen+2; hash = (char *)malloc(tlen); if (hash == NULL) return XEMALLOC; nsres = (char *)malloc(4*3); if (nsres == NULL) return XEMALLOC; bzero(nsres, 12); memcpy(&nsres[0], mydata->triplet[0].response, 4); memcpy(&nsres[4], mydata->triplet[1].response, 4); memcpy(&nsres[8], mydata->triplet[2].response, 4); bzero(hash, tlen); memcpy(&hash[0], username, strlen(username)); memcpy(&hash[strlen(username)], mydata->triplet[0].ckey, 8); memcpy(&hash[strlen(username)+8], mydata->triplet[1].ckey, 8); memcpy(&hash[strlen(username)+16], mydata->triplet[2].ckey, 8); memcpy(&hash[strlen(username)+24], mydata->nonce_mt, 16); memcpy(&hash[strlen(username)+24+16], mydata->verlist, mydata->verlistlen); value16 = htons(mydata->workingversion); memcpy(&hash[strlen(username)+24+16+ mydata->verlistlen], &value16, 2); SHA1(hash, (strlen(username)+24+16+ mydata->verlistlen+2), sha1resp); free(hash); hash = NULL; } debug_printf(DEBUG_AUTHTYPES, "MK = "); debug_hex_printf(DEBUG_AUTHTYPES, &sha1resp[0], 20); at_mac_sres = (char *)malloc(120); if (at_mac_sres == NULL) { debug_printf(DEBUG_NORMAL, "Couldn't malloc at_mac_sres!\n"); return XEMALLOC; } fips186_2_prng(sha1resp, 20, NULL, 0, at_mac_sres, 120); if (mydata->workingversion == 0) { memcpy(&K_sres[0], &at_mac_sres[0], 16); memcpy(&K_encr[0], &at_mac_sres[16], 16); memcpy(&K_int[0], &at_mac_sres[32], 16); bzero(&K_recv[0], 32); bzero(&K_send[0], 32); memcpy(&K_recv[0], &at_mac_sres[48], 20); memcpy(&K_send[0], &at_mac_sres[68], 20); } else { // K_int is the same as K_aut in Version 1. memcpy(&K_int[0], &at_mac_sres[16], 16); memcpy(&K_recv[0], &at_mac_sres[32], 32); memcpy(&K_send[0], &at_mac_sres[64], 32); } // We should be done with at_mac_sres, so free it. free(at_mac_sres); at_mac_sres = NULL; if (mydata->keyingMaterial != NULL) { free(mydata->keyingMaterial); mydata->keyingMaterial = NULL; } mydata->keyingMaterial = (char *)malloc(64); if (mydata->keyingMaterial == NULL) return XEMALLOC; bzero(mydata->keyingMaterial, 64); memcpy(mydata->keyingMaterial, &K_recv[0], 32); memcpy(&mydata->keyingMaterial[32], &K_send[0], 32); if (mydata->workingversion == 0) { hash = (char *)malloc((4*3)+16); if (hash == NULL) return XEMALLOC; memcpy(&hash[0], mydata->triplet[0].response, 4); memcpy(&hash[4], mydata->triplet[1].response, 4); memcpy(&hash[8], mydata->triplet[2].response, 4); hash[12] = 11; HMAC(EVP_sha1(), &K_sres[0], 16, &hash[0], 13, (char *)&sha1resp[0], &i); debug_printf(DEBUG_AUTHTYPES, "Final return value : "); debug_hex_printf(DEBUG_AUTHTYPES, &sha1resp[0], i); typelenres = (struct typelengthres *)&out[outptr]; typelenres->type = AT_MAC_SRES; typelenres->length = 5; typelenres->reserved = 0; outptr += sizeof(struct typelengthres); memcpy(&out[outptr], &sha1resp, i); outptr += i; } break; case AT_IV: debug_printf(DEBUG_AUTHTYPES, "Got an IV (Not supported)\n"); packet_offset+=5; break; case AT_ENCR_DATA: debug_printf(DEBUG_AUTHTYPES, "Got an AT_ENCR_DATA (Not supported)\n"); packet_offset+=5; break; case AT_MAC: debug_printf(DEBUG_AUTHTYPES, "Got an AT_MAC\n"); saved_offset = packet_offset; memcpy(&mac_val[0], &dataoffs[packet_offset+4], 16); packet_offset+=20; if (mydata->workingversion == 0) { if (do_v0_at_mac(thisint, &K_int[0], dataoffs, insize, saved_offset, &mac_calc[0]) == -1) { debug_printf(DEBUG_NORMAL, "Error calculating AT_MAC for Version 0!\n"); return XESIMBADMAC; } } else { debug_printf(DEBUG_AUTHTYPES, "K_int[0] = "); debug_hex_printf(DEBUG_AUTHTYPES, &K_int[0], 16); if (do_v1_at_mac(thisint, &K_int[0], dataoffs, insize, saved_offset, mydata->nonce_mt, mydata->verlist, mydata->verlistlen, mydata->workingversion, &mac_calc[0]) == -1) { debug_printf(DEBUG_NORMAL, "Error calculating AT_MAC for Version 1!\n"); return XESIMBADMAC; } } if (memcmp(&mac_calc[0], &mac_val[0], 16) != 0) { debug_printf(DEBUG_NORMAL, "ERROR : AT_MAC failed MAC check!\n"); debug_printf(DEBUG_AUTHTYPES, "mac_calc = "); debug_hex_printf(DEBUG_AUTHTYPES, &mac_calc[0], 16); debug_printf(DEBUG_AUTHTYPES, "mac_val = "); debug_hex_printf(DEBUG_AUTHTYPES, &mac_val[0], 16); //return XESIMBADMAC; } } } if (mydata->workingversion == 1) { framecpy = (char *)malloc(outptr+8+20+(8*3)); if (framecpy == NULL) return XEMALLOC; bzero(framecpy, (outptr+5+20+(4*3))); framecpy[0] = 2; framecpy[1] = thisint->eapid; value16 = htons(outptr+5+20); memcpy(&framecpy[2], &value16, 2); framecpy[4] = EAP_TYPE_SIM; memcpy(&framecpy[5], &out[0], outptr); framecpy[5+outptr] = AT_MAC; framecpy[5+outptr+1] = 5; memcpy(&framecpy[5+outptr+20], nsres, (4*3)); debug_printf(DEBUG_AUTHTYPES, "Hashing against :\n"); debug_hex_dump(DEBUG_AUTHTYPES, &framecpy[0], outptr+25+12); HMAC(EVP_sha1(), &K_int[0], 16, framecpy, (outptr+5+20+12), &mac_calc[0], &i); memcpy(&out[outptr], &framecpy[5+outptr], 20); memcpy(&out[outptr+4], &mac_calc[0], 16); outptr += 20; free(framecpy); framecpy = NULL; } if (nsres != NULL) { free(nsres); nsres = NULL; } value16 = htons(outptr); memcpy((char *)&out[1], &value16, 2); *outsize = outptr; break; case SIM_NOTIFICATION: debug_printf(DEBUG_NORMAL, "Got SIM_NOTIFICATION! (Unsupported)\n"); break; case SIM_REAUTHENTICATION: debug_printf(DEBUG_NORMAL, "Got SIM_REAUTHENTICATION! (Unsupported)\n"); break; default: debug_printf(DEBUG_NORMAL, "Unknown SubType value! (%d)\n", dataoffs[0]); break; } out[2] = 0; return XENONE;}int eapsim_get_keys(struct interface_data *thisint){ struct eaptypedata *mydata; if ((!thisint) || (!thisint->userdata) || (!thisint->userdata->activemethod) || (!thisint->userdata->activemethod->eap_data)) { debug_printf(DEBUG_NORMAL, "Invalid interface structure passed to eapsim_get_keys()!\n"); return XEMALLOC; } mydata = (struct eaptypedata *)thisint->userdata->activemethod->eap_data; if (thisint->keyingMaterial != NULL) { free(thisint->keyingMaterial); } thisint->keyingMaterial = (char *)malloc(64); if (thisint->keyingMaterial == NULL) return XEMALLOC; memcpy(thisint->keyingMaterial, mydata->keyingMaterial, 64); return XENONE;}int eapsim_failed(struct generic_eap_data *thisint){ struct config_eap_sim *userdata; if ((!thisint) || (!thisint->eap_conf_data)) { debug_printf(DEBUG_AUTHTYPES, "No valid configuration information in EAP-SIM! Nothing to do!\n"); return XEMALLOC; } userdata = (struct config_eap_sim *)thisint->eap_conf_data;#ifndef NO_PWD_RESET /* if (userdata->password != NULL) { free(userdata->password); userdata->password = NULL; } */#endif return XENONE;}int eapsim_cleanup(struct generic_eap_data *thisint){ debug_printf(DEBUG_AUTHTYPES, "(EAP-SIM) Cleaning up!\n"); close_smartcard(thisint); return XENONE;}#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -