static int gas_serv_remote_anqp_query_data(struct hostapd_data *hapd, const u8 *sta_addr, u8 dialog_token, unsigned int req, const u8 *data, size_t len) { u8 *buf; struct anqp_hdr *hdr; int ret; if (data == NULL) return -1; buf = os_malloc(sizeof(*hdr) + len); if (buf == NULL) return -1; hdr = (struct anqp_hdr *) buf; os_memset(hdr, 0, sizeof(*hdr)); hdr->anqp_type = host_to_be32(req); os_memcpy(hdr->sta_addr, sta_addr, ETH_ALEN); hdr->dialog_token = dialog_token; hdr->anqp_len = host_to_be32(len); os_memcpy(hdr->data, data, len); ret = gas_serv_send_remote_anqp_req(hapd, buf, sizeof(struct anqp_hdr) + len); os_free(buf); return ret; }
int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) { u8 xkey[64]; u32 t[5], _t[5]; int i, j, m, k; u8 *xpos = x; u32 carry; if (seed_len < sizeof(xkey)) os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len); else seed_len = sizeof(xkey); /* FIPS 186-2 + change notice 1 */ os_memcpy(xkey, seed, seed_len); t[0] = 0x67452301; t[1] = 0xEFCDAB89; t[2] = 0x98BADCFE; t[3] = 0x10325476; t[4] = 0xC3D2E1F0; m = xlen / 40; for (j = 0; j < m; j++) { /* XSEED_j = 0 */ for (i = 0; i < 2; i++) { /* XVAL = (XKEY + XSEED_j) mod 2^b */ /* w_i = G(t, XVAL) */ os_memcpy(_t, t, 20); sha1_transform((u8 *) _t, xkey); _t[0] = host_to_be32(_t[0]); _t[1] = host_to_be32(_t[1]); _t[2] = host_to_be32(_t[2]); _t[3] = host_to_be32(_t[3]); _t[4] = host_to_be32(_t[4]); os_memcpy(xpos, _t, 20); /* XKEY = (1 + XKEY + w_i) mod 2^b */ carry = 1; for (k = 19; k >= 0; k--) { carry += xkey[k] + xpos[k]; xkey[k] = carry & 0xff; carry >>= 8; } xpos += 20; } /* x_j = w_0|w_1 */ } return 0; }
/** * 所有的长度都用四字节编码 */ static int crl_req_time_list_2_file(struct cmp_db* cmdb,int fd){ struct list_head *head; struct crl_req_time* ptr; u32 size,temp; size = 0; pthread_mutex_lock(&cmdb->lock); head = &cmdb->crl_time.list; list_for_each_entry(ptr,head,list){ if( (temp = crl_req_time_2_file(ptr,fd)) < 0){ wave_printf_fl(MSG_ERROR,"crl_req_time_2_file 失败"); pthread_mutex_unlock(&cmdb->lock); return -1; } size +=1; } pthread_mutex_unlock(&cmdb->lock); size = host_to_be32(size); if( file_insert(fd,0,&size,4) ){ wave_error_printf("文件插入出错"); return -1; } if ( lseek(fd,4,SEEK_CUR) == -1){ wave_error_printf("文件移动偏移量出问题"); return -1; } return 1; }
static int lsis_array_2_file(struct cmp_db* cmdb,int fd){ u8 *mbuf,*buf = NULL; int needlen,i; pthread_mutex_lock(&cmdb->lock); needlen = cmdb->req_cert_lsises.len; needlen = sizeof(pssme_lsis) * needlen; buf = (u8*)malloc(needlen+4); if(buf == NULL){ pthread_mutex_unlcok(&cmdb->lock); goto fail; } mbuf = buf+4; for(i=0;i<cmdb->req_cert_lsises.len;i++) ptr_host_to_be(mbuf,*(cmdb->req_cert_lsises.lsis+i)); *(u32*)buf = host_to_be32(cmdb->req_cert_lsises.len); pthread_mutex_unlock(&cmdb->lock); if( write(fd,buf,needlen+4) != needlen+4){ goto fail; } free(buf); return needlen + 4; fail: if(buf != NULL) free(buf); return -1; }
static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm, struct wpa_peerkey *peerkey) { size_t mlen; struct wpa_eapol_key *msg; u8 *mbuf, *pos; size_t kde_len; u16 key_info, ver; be32 lifetime; kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + sizeof(lifetime); mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, sizeof(*msg) + kde_len, &mlen, (void *) &msg); if (mbuf == NULL) return; msg->type = EAPOL_KEY_TYPE_RSN; if (peerkey->cipher == WPA_CIPHER_CCMP) ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; else ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; WPA_PUT_BE16(msg->key_info, key_info); if (peerkey->cipher == WPA_CIPHER_CCMP) WPA_PUT_BE16(msg->key_length, 16); else WPA_PUT_BE16(msg->key_length, 32); os_memcpy(msg->replay_counter, peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); WPA_PUT_BE16(msg->key_data_length, kde_len); pos = (u8 *) (msg + 1); pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len); lifetime = host_to_be32(peerkey->lifetime); wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, (u8 *) &lifetime, sizeof(lifetime)); os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN); wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR, MAC2STR(peerkey->addr)); wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr, ETH_P_EAPOL, mbuf, mlen, msg->key_mic); }
static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, int mandatory, size_t len) { struct ttls_avp_vendor *avp; u8 flags; size_t hdrlen; avp = (struct ttls_avp_vendor *) avphdr; flags = mandatory ? AVP_FLAGS_MANDATORY : 0; if (vendor_id) { flags |= AVP_FLAGS_VENDOR; hdrlen = sizeof(*avp); avp->vendor_id = host_to_be32(vendor_id); } else { hdrlen = sizeof(struct ttls_avp); } avp->avp_code = host_to_be32(avp_code); avp->avp_length = host_to_be32((flags << 24) | (hdrlen + len)); return avphdr + hdrlen; }
static int gas_serv_remote_anqp_query(struct hostapd_data *hapd, const u8 *sta_addr, u8 dialog_token, unsigned int req) { struct anqp_hdr hdr; os_memset(&hdr, 0, sizeof(hdr)); hdr.anqp_type = host_to_be32(req); os_memcpy(hdr.sta_addr, sta_addr, ETH_ALEN); hdr.dialog_token = dialog_token; return gas_serv_send_remote_anqp_req(hapd, (u8 *) &hdr, sizeof(struct anqp_hdr)); }
static struct wpabuf * eap_fast_tlv_nak(int vendor_id, int tlv_type) { struct wpabuf *buf; struct eap_tlv_nak_tlv *nak; buf = wpabuf_alloc(sizeof(*nak)); if (buf == NULL) return NULL; nak = wpabuf_put(buf, sizeof(*nak)); nak->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY | EAP_TLV_NAK_TLV); nak->length = host_to_be16(6); nak->vendor_id = host_to_be32(vendor_id); nak->nak_type = host_to_be16(tlv_type); return buf; }
static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm, struct wpa_peerkey *peerkey, const struct wpa_eapol_key *key, u16 ver) { struct wpa_eapol_ie_parse ie; const u8 *kde; size_t len, kde_buf_len; struct wpa_ptk *stk; u8 buf[8], *kde_buf, *pos; be32 lifetime; wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from " MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); os_memset(&ie, 0, sizeof(ie)); /* RSN: msg 1/4 should contain SMKID for the selected SMK */ kde = (const u8 *) (key + 1); len = WPA_GET_BE16(key->key_data_length); wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len); if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) { wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4"); return; } if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) { wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4", ie.pmkid, PMKID_LEN); return; } if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "RSN: Failed to get random data for PNonce"); return; } wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce", peerkey->pnonce, WPA_NONCE_LEN); /* Calculate STK which will be stored as a temporary STK until it has * been verified when processing message 3/4. */ stk = &peerkey->tstk; wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion", sm->own_addr, peerkey->addr, peerkey->pnonce, key->key_nonce, (u8 *) stk, sizeof(*stk), peerkey->use_sha256); /* Supplicant: swap tx/rx Mic keys */ os_memcpy(buf, stk->u.auth.tx_mic_key, 8); os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8); os_memcpy(stk->u.auth.rx_mic_key, buf, 8); peerkey->tstk_set = 1; kde_buf_len = peerkey->rsnie_p_len + 2 + RSN_SELECTOR_LEN + sizeof(lifetime) + 2 + RSN_SELECTOR_LEN + PMKID_LEN; kde_buf = os_malloc(kde_buf_len); if (kde_buf == NULL) return; pos = kde_buf; pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len); lifetime = host_to_be32(peerkey->lifetime); pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, (u8 *) &lifetime, sizeof(lifetime)); wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN); if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver, peerkey->pnonce, kde_buf, kde_buf_len, stk)) { os_free(kde_buf); return; } os_free(kde_buf); os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN); }
static int others_2_file(struct cmp_db* cmdb,int fd){ u8 *mbuf,*buf=NULL; int needlen,i; pthread_mutex_lock(&cmdb->lock); needlen = cmdb->identifier.len + 4+ sizeof(cmdb->region.region_type)+sizeof(u32); switch(cmdb->region.region_type){ case FROM_ISSUER: case CIRCLE: needlen += sizeof(s32)*2 + sizeof(u16); break; case RECTANGLE: needlen = needlen + cmdb->region.u.rectangular_region.len * (sizeof(s32)*4) + 4; break; case POLYGON: needlen = needlen + cmdb->region.u.polygonal_region.len * (sizeof(s32) *2) + 4; break; case NONE: needlen = needlen + 4 + cmdb->region.u.other_region.len; break; default: pthread_mutex_unlock(&cmdb->lock); goto fail; } buf = (u8*)malloc(needlen); if(buf == NULL){ pthread_mutex_unlcok(&cmdb->lock); goto fail; } mbuf = buf; *(u32*)mbuf = host_to_be32(cmdb->identifier.len); mbuf += 4; memcpy(mbuf,cmdb->identifier.buf,cmdb->identifier.len); mbuf += cmdb->identifier.len; ptr_host_to_be(mbuf,cmdb->region.region_type); switch(cmdb->region.region_type){ case FROM_ISSUER: case CIRCLE: ptr_host_to_be(mbuf,cmdb->region.u.circular_region.center.latitude); ptr_host_to_be(mbuf,cmdb->region.u.circular_region.center.longitude); ptr_host_to_be(mbuf,cmdb->region.u.circular_region.radius); break; case RECTANGLE: ptr_host_to_be(mbuf,(u32)(cmdb->region.u.rectangular_region.len)); for(i=0;i<cmdb->region.u.rectangular_region.len;i++){ ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->north_west.latitude); ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->north_west.longitude); ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->south_east.latitude); ptr_host_to_be(mbuf,(cmdb->region.u.rectangular_region.buf+i)->south_east.longitude); } break; case POLYGON: ptr_host_to_be(mbuf,(u32)(cmdb->region.u.polygonal_region.len)); for(i=0;i<cmdb->region.u.polygonal_region.len;i++){ ptr_host_to_be(mbuf,(cmdb->region.u.polygonal_region.buf+i)->latitude); ptr_host_to_be(mbuf,(cmdb->region.u.polygonal_region.buf+i)->longitude); } break; case NONE: *(u32*)mbuf = host_to_be32(cmdb->region.u.other_region.len); mbuf += 4; memcpy(mbuf,cmdb->region.u.other_region.buf,cmdb->region.u.other_region.len); break; default: pthread_mutex_unlock(&cmdb->lock); goto fail; } ptr_host_to_be(mbuf,cmdb->life_time); pthread_mutex_unlock(&cmdb->lock); if ( write(fd,buf,needlen) != needlen){ wave_error_printf("文件写入失败"); goto fail; } free(buf); return 0; fail: if(buf != NULL) free(buf); return -1; }