static int gas_serv_remote_anqp_query_data(struct hostapd_data *hapd,
const u8 *sta_addr, u8 dialog_token,
unsigned int req,
const u8 *data, size_t len)
{
u8 *buf;
struct anqp_hdr *hdr;
int ret;
if (data == NULL)
return -1;
buf = os_malloc(sizeof(*hdr) + len);
if (buf == NULL)
return -1;
hdr = (struct anqp_hdr *) buf;
os_memset(hdr, 0, sizeof(*hdr));
hdr->anqp_type = host_to_be32(req);
os_memcpy(hdr->sta_addr, sta_addr, ETH_ALEN);
hdr->dialog_token = dialog_token;
hdr->anqp_len = host_to_be32(len);
os_memcpy(hdr->data, data, len);
ret = gas_serv_send_remote_anqp_req(hapd, buf,
sizeof(struct anqp_hdr) + len);
os_free(buf);
return ret;
}
int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
{
u8 xkey[64];
u32 t[5], _t[5];
int i, j, m, k;
u8 *xpos = x;
u32 carry;
if (seed_len < sizeof(xkey))
os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
else
seed_len = sizeof(xkey);
/* FIPS 186-2 + change notice 1 */
os_memcpy(xkey, seed, seed_len);
t[0] = 0x67452301;
t[1] = 0xEFCDAB89;
t[2] = 0x98BADCFE;
t[3] = 0x10325476;
t[4] = 0xC3D2E1F0;
m = xlen / 40;
for (j = 0; j < m; j++) {
/* XSEED_j = 0 */
for (i = 0; i < 2; i++) {
/* XVAL = (XKEY + XSEED_j) mod 2^b */
/* w_i = G(t, XVAL) */
os_memcpy(_t, t, 20);
sha1_transform((u8 *) _t, xkey);
_t[0] = host_to_be32(_t[0]);
_t[1] = host_to_be32(_t[1]);
_t[2] = host_to_be32(_t[2]);
_t[3] = host_to_be32(_t[3]);
_t[4] = host_to_be32(_t[4]);
os_memcpy(xpos, _t, 20);
/* XKEY = (1 + XKEY + w_i) mod 2^b */
carry = 1;
for (k = 19; k >= 0; k--) {
carry += xkey[k] + xpos[k];
xkey[k] = carry & 0xff;
carry >>= 8;
}
xpos += 20;
}
/* x_j = w_0|w_1 */
}
return 0;
}
/**
* 所有的长度都用四字节编码
*/
static int crl_req_time_list_2_file(struct cmp_db* cmdb,int fd){
struct list_head *head;
struct crl_req_time* ptr;
u32 size,temp;
size = 0;
pthread_mutex_lock(&cmdb->lock);
head = &cmdb->crl_time.list;
list_for_each_entry(ptr,head,list){
if( (temp = crl_req_time_2_file(ptr,fd)) < 0){
wave_printf_fl(MSG_ERROR,"crl_req_time_2_file 失败");
pthread_mutex_unlock(&cmdb->lock);
return -1;
}
size +=1;
}
pthread_mutex_unlock(&cmdb->lock);
size = host_to_be32(size);
if( file_insert(fd,0,&size,4) ){
wave_error_printf("文件插入出错");
return -1;
}
if ( lseek(fd,4,SEEK_CUR) == -1){
wave_error_printf("文件移动偏移量出问题");
return -1;
}
return 1;
}
static int lsis_array_2_file(struct cmp_db* cmdb,int fd){
u8 *mbuf,*buf = NULL;
int needlen,i;
pthread_mutex_lock(&cmdb->lock);
needlen = cmdb->req_cert_lsises.len;
needlen = sizeof(pssme_lsis) * needlen;
buf = (u8*)malloc(needlen+4);
if(buf == NULL){
pthread_mutex_unlcok(&cmdb->lock);
goto fail;
}
mbuf = buf+4;
for(i=0;i<cmdb->req_cert_lsises.len;i++)
ptr_host_to_be(mbuf,*(cmdb->req_cert_lsises.lsis+i));
*(u32*)buf = host_to_be32(cmdb->req_cert_lsises.len);
pthread_mutex_unlock(&cmdb->lock);
if( write(fd,buf,needlen+4) != needlen+4){
goto fail;
}
free(buf);
return needlen + 4;
fail:
if(buf != NULL)
free(buf);
return -1;
}
static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
struct wpa_peerkey *peerkey)
{
size_t mlen;
struct wpa_eapol_key *msg;
u8 *mbuf, *pos;
size_t kde_len;
u16 key_info, ver;
be32 lifetime;
kde_len = peerkey->rsnie_i_len +
2 + RSN_SELECTOR_LEN + sizeof(lifetime);
mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
sizeof(*msg) + kde_len, &mlen,
(void *) &msg);
if (mbuf == NULL)
return;
msg->type = EAPOL_KEY_TYPE_RSN;
if (peerkey->cipher == WPA_CIPHER_CCMP)
ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
else
ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
WPA_PUT_BE16(msg->key_info, key_info);
if (peerkey->cipher == WPA_CIPHER_CCMP)
WPA_PUT_BE16(msg->key_length, 16);
else
WPA_PUT_BE16(msg->key_length, 32);
os_memcpy(msg->replay_counter, peerkey->replay_counter,
WPA_REPLAY_COUNTER_LEN);
inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
WPA_PUT_BE16(msg->key_data_length, kde_len);
pos = (u8 *) (msg + 1);
pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
lifetime = host_to_be32(peerkey->lifetime);
wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
(u8 *) &lifetime, sizeof(lifetime));
os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
MAC2STR(peerkey->addr));
wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
}
static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
int mandatory, size_t len)
{
struct ttls_avp_vendor *avp;
u8 flags;
size_t hdrlen;
avp = (struct ttls_avp_vendor *) avphdr;
flags = mandatory ? AVP_FLAGS_MANDATORY : 0;
if (vendor_id) {
flags |= AVP_FLAGS_VENDOR;
hdrlen = sizeof(*avp);
avp->vendor_id = host_to_be32(vendor_id);
} else {
hdrlen = sizeof(struct ttls_avp);
}
avp->avp_code = host_to_be32(avp_code);
avp->avp_length = host_to_be32((flags << 24) | (hdrlen + len));
return avphdr + hdrlen;
}
static int gas_serv_remote_anqp_query(struct hostapd_data *hapd,
const u8 *sta_addr, u8 dialog_token,
unsigned int req)
{
struct anqp_hdr hdr;
os_memset(&hdr, 0, sizeof(hdr));
hdr.anqp_type = host_to_be32(req);
os_memcpy(hdr.sta_addr, sta_addr, ETH_ALEN);
hdr.dialog_token = dialog_token;
return gas_serv_send_remote_anqp_req(hapd, (u8 *) &hdr,
sizeof(struct anqp_hdr));
}
static struct wpabuf * eap_fast_tlv_nak(int vendor_id, int tlv_type)
{
struct wpabuf *buf;
struct eap_tlv_nak_tlv *nak;
buf = wpabuf_alloc(sizeof(*nak));
if (buf == NULL)
return NULL;
nak = wpabuf_put(buf, sizeof(*nak));
nak->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | EAP_TLV_NAK_TLV);
nak->length = host_to_be16(6);
nak->vendor_id = host_to_be32(vendor_id);
nak->nak_type = host_to_be16(tlv_type);
return buf;
}
static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
struct wpa_peerkey *peerkey,
const struct wpa_eapol_key *key,
u16 ver)
{
struct wpa_eapol_ie_parse ie;
const u8 *kde;
size_t len, kde_buf_len;
struct wpa_ptk *stk;
u8 buf[8], *kde_buf, *pos;
be32 lifetime;
wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
os_memset(&ie, 0, sizeof(ie));
/* RSN: msg 1/4 should contain SMKID for the selected SMK */
kde = (const u8 *) (key + 1);
len = WPA_GET_BE16(key->key_data_length);
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
return;
}
if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
ie.pmkid, PMKID_LEN);
return;
}
if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"RSN: Failed to get random data for PNonce");
return;
}
wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
peerkey->pnonce, WPA_NONCE_LEN);
/* Calculate STK which will be stored as a temporary STK until it has
* been verified when processing message 3/4. */
stk = &peerkey->tstk;
wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
sm->own_addr, peerkey->addr,
peerkey->pnonce, key->key_nonce,
(u8 *) stk, sizeof(*stk),
peerkey->use_sha256);
/* Supplicant: swap tx/rx Mic keys */
os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
peerkey->tstk_set = 1;
kde_buf_len = peerkey->rsnie_p_len +
2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
2 + RSN_SELECTOR_LEN + PMKID_LEN;
kde_buf = os_malloc(kde_buf_len);
if (kde_buf == NULL)
return;
pos = kde_buf;
pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
lifetime = host_to_be32(peerkey->lifetime);
pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
(u8 *) &lifetime, sizeof(lifetime));
wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
peerkey->pnonce, kde_buf, kde_buf_len,
stk)) {
os_free(kde_buf);
return;
}
os_free(kde_buf);
os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
}
static int others_2_file(struct cmp_db* cmdb,int fd){
u8 *mbuf,*buf=NULL;
int needlen,i;
pthread_mutex_lock(&cmdb->lock);
needlen = cmdb->identifier.len + 4+
sizeof(cmdb->region.region_type)+sizeof(u32);
switch(cmdb->region.region_type){
case FROM_ISSUER:
case CIRCLE:
needlen += sizeof(s32)*2 + sizeof(u16);
break;
case RECTANGLE:
needlen = needlen + cmdb->region.u.rectangular_region.len * (sizeof(s32)*4) + 4;
break;
case POLYGON:
needlen = needlen + cmdb->region.u.polygonal_region.len * (sizeof(s32) *2) + 4;
break;
case NONE:
needlen = needlen + 4 + cmdb->region.u.other_region.len;
break;
default:
pthread_mutex_unlock(&cmdb->lock);
goto fail;
}
buf = (u8*)malloc(needlen);
if(buf == NULL){
pthread_mutex_unlcok(&cmdb->lock);
goto fail;
}
mbuf = buf;
*(u32*)mbuf = host_to_be32(cmdb->identifier.len);
mbuf += 4;
memcpy(mbuf,cmdb->identifier.buf,cmdb->identifier.len);
mbuf += cmdb->identifier.len;
ptr_host_to_be(mbuf,cmdb->region.region_type);
switch(cmdb->region.region_type){
case FROM_ISSUER:
case CIRCLE:
ptr_host_to_be(mbuf,cmdb->region.u.circular_region.center.latitude);
ptr_host_to_be(mbuf,cmdb->region.u.circular_region.center.longitude);
ptr_host_to_be(mbuf,cmdb->region.u.circular_region.radius);
break;
case RECTANGLE:
ptr_host_to_be(mbuf,(u32)(cmdb->region.u.rectangular_region.len));
for(i=0;i<cmdb->region.u.rectangular_region.len;i++){
ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->north_west.latitude);
ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->north_west.longitude);
ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->south_east.latitude);
ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->south_east.longitude);
}
break;
case POLYGON:
ptr_host_to_be(mbuf,(u32)(cmdb->region.u.polygonal_region.len));
for(i=0;i<cmdb->region.u.polygonal_region.len;i++){
ptr_host_to_be(mbuf,(cmdb->region.u.polygonal_region.buf+i)->latitude);
ptr_host_to_be(mbuf,(cmdb->region.u.polygonal_region.buf+i)->longitude);
}
break;
case NONE:
*(u32*)mbuf = host_to_be32(cmdb->region.u.other_region.len);
mbuf += 4;
memcpy(mbuf,cmdb->region.u.other_region.buf,cmdb->region.u.other_region.len);
break;
default:
pthread_mutex_unlock(&cmdb->lock);
goto fail;
}
ptr_host_to_be(mbuf,cmdb->life_time);
pthread_mutex_unlock(&cmdb->lock);
if ( write(fd,buf,needlen) != needlen){
wave_error_printf("文件写入失败");
goto fail;
}
free(buf);
return 0;
fail:
if(buf != NULL)
free(buf);
return -1;
}
