本文整理汇总了C++中eap_get_id函数的典型用法代码示例。如果您正苦于以下问题:C++ eap_get_id函数的具体用法?C++ eap_get_id怎么用?C++ eap_get_id使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了eap_get_id函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: eapol_auth_tx_req
static void eapol_auth_tx_req(struct eapol_state_machine *sm)
{
if (sm->eap_if->eapReqData == NULL ||
wpabuf_len(sm->eap_if->eapReqData) < sizeof(struct eap_hdr)) {
eapol_auth_logger(sm->eapol, sm->addr,
EAPOL_LOGGER_DEBUG,
"TxReq called, but there is no EAP request "
"from authentication server");
return;
}
if (sm->flags & EAPOL_SM_WAIT_START) {
wpa_printf(MSG_DEBUG, "EAPOL: Drop EAPOL TX to " MACSTR
" while waiting for EAPOL-Start",
MAC2STR(sm->addr));
return;
}
sm->last_eap_id = eap_get_id(sm->eap_if->eapReqData);
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_DEBUG,
"Sending EAP Packet (identifier %d)",
sm->last_eap_id);
sm->eapol->cb.eapol_send(sm->eapol->conf.ctx, sm->sta,
IEEE802_1X_TYPE_EAP_PACKET,
wpabuf_head(sm->eap_if->eapReqData),
wpabuf_len(sm->eap_if->eapReqData));
sm->dot1xAuthEapolFramesTx++;
if (eap_get_type(sm->eap_if->eapReqData) == EAP_TYPE_IDENTITY)
sm->dot1xAuthEapolReqIdFramesTx++;
else
sm->dot1xAuthEapolReqFramesTx++;
}示例2: eap_mschapv2_process
/**
* eap_mschapv2_process - Process an EAP-MSCHAPv2 request
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @priv: Pointer to private EAP method data from eap_mschapv2_init()
* @ret: Return values from EAP request validation and processing
* @reqData: EAP request to be processed (eapReqData)
* Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if
* no reply available
*/
static struct wpabuf * eap_mschapv2_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_mschapv2_data *data = priv;
struct eap_peer_config *config = eap_get_config(sm);
const struct eap_mschapv2_hdr *ms;
int using_prev_challenge = 0;
const u8 *pos;
size_t len;
u8 id;
if (eap_mschapv2_check_config(sm)) {
ret->ignore = TRUE;
return NULL;
}
if (config->mschapv2_retry && data->prev_challenge &&
data->prev_error == ERROR_AUTHENTICATION_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Replacing pending packet "
"with the previous challenge");
reqData = data->prev_challenge;
using_prev_challenge = 1;
config->mschapv2_retry = 0;
}
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqData,
&len);
if (pos == NULL || len < sizeof(*ms) + 1) {
ret->ignore = TRUE;
return NULL;
}
ms = (const struct eap_mschapv2_hdr *) pos;
if (eap_mschapv2_check_mslen(sm, len, ms)) {
ret->ignore = TRUE;
return NULL;
}
id = eap_get_id(reqData);
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: RX identifier %d mschapv2_id %d",
id, ms->mschapv2_id);
switch (ms->op_code) {
case MSCHAPV2_OP_CHALLENGE:
if (!using_prev_challenge)
eap_mschapv2_copy_challenge(data, reqData);
return eap_mschapv2_challenge(sm, data, ret, ms, len, id);
case MSCHAPV2_OP_SUCCESS:
return eap_mschapv2_success(sm, data, ret, ms, len, id);
case MSCHAPV2_OP_FAILURE:
return eap_mschapv2_failure(sm, data, ret, ms, len, id);
default:
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Unknown op %d - ignored",
ms->op_code);
ret->ignore = TRUE;
return NULL;
}
}示例3: eap_aka_process_identity
static void eap_aka_process_identity(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
"received in EAP-Response/AKA-Identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (attr->identity) {
os_free(sm->identity);
sm->identity = os_malloc(attr->identity_len);
if (sm->identity) {
os_memcpy(sm->identity, attr->identity,
attr->identity_len);
sm->identity_len = attr->identity_len;
}
}
eap_aka_determine_identity(sm, data, 0, 0);
if (eap_get_id(respData) == data->pending_id) {
data->pending_id = -1;
eap_aka_add_id_msg(data, respData);
}
}示例4: eap_otp_process
static struct wpabuf * eap_otp_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct wpabuf *resp;
const u8 *pos, *password;
size_t password_len, len;
int otp;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_OTP, reqData, &len);
if (pos == NULL) {
ret->ignore = TRUE;
return NULL;
}
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-OTP: Request message",
pos, len);
password = eap_get_config_otp(sm, &password_len);
if (password)
otp = 1;
else {
password = eap_get_config_password(sm, &password_len);
otp = 0;
}
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-OTP: Password not configured");
eap_sm_request_otp(sm, (const char *) pos, len);
ret->ignore = TRUE;
return NULL;
}
ret->ignore = FALSE;
ret->methodState = METHOD_DONE;
ret->decision = DECISION_COND_SUCC;
ret->allowNotifications = FALSE;
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_OTP, password_len,
EAP_CODE_RESPONSE, eap_get_id(reqData));
if (resp == NULL)
return NULL;
wpabuf_put_data(resp, password, password_len);
wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-OTP: Response",
password, password_len);
if (otp) {
wpa_printf(MSG_DEBUG, "EAP-OTP: Forgetting used password");
eap_clear_config_otp(sm);
}
return resp;
}示例5: eap_leap_process_success
static struct wpabuf * eap_leap_process_success(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_leap_data *data = priv;
struct wpabuf *resp;
u8 *pos;
const u8 *identity;
size_t identity_len;
wpa_printf(MSG_DEBUG, "EAP-LEAP: Processing EAP-Success");
identity = eap_get_config_identity(sm, &identity_len);
if (identity == NULL)
return NULL;
if (data->state != LEAP_WAIT_SUCCESS) {
wpa_printf(MSG_INFO, "EAP-LEAP: EAP-Success received in "
"unexpected state (%d) - ignored", data->state);
ret->ignore = TRUE;
return NULL;
}
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_LEAP,
3 + LEAP_CHALLENGE_LEN + identity_len,
EAP_CODE_REQUEST, eap_get_id(reqData));
if (resp == NULL)
return NULL;
wpabuf_put_u8(resp, LEAP_VERSION);
wpabuf_put_u8(resp, 0); /* unused */
wpabuf_put_u8(resp, LEAP_CHALLENGE_LEN);
pos = wpabuf_put(resp, LEAP_CHALLENGE_LEN);
if (random_get_bytes(pos, LEAP_CHALLENGE_LEN)) {
wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data "
"for challenge");
wpabuf_free(resp);
ret->ignore = TRUE;
return NULL;
}
os_memcpy(data->ap_challenge, pos, LEAP_CHALLENGE_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Challenge to AP/AS", pos,
LEAP_CHALLENGE_LEN);
wpabuf_put_data(resp, identity, identity_len);
data->state = LEAP_WAIT_RESPONSE;
return resp;
}示例6: eap_aka_process_identity
static void eap_aka_process_identity(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
u8 *new_identity;
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
"received in EAP-Response/AKA-Identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
/*
* We always request identity with AKA/Identity, so the peer is
* required to have replied with one.
*/
if (!attr->identity || attr->identity_len == 0) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
"identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
new_identity = os_malloc(attr->identity_len);
if (new_identity == NULL) {
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
os_free(sm->identity);
sm->identity = new_identity;
os_memcpy(sm->identity, attr->identity, attr->identity_len);
sm->identity_len = attr->identity_len;
eap_aka_determine_identity(sm, data);
if (eap_get_id(respData) == data->pending_id) {
data->pending_id = -1;
eap_aka_add_id_msg(data, respData);
}
}示例7: eap_eke_process_failure
static struct wpabuf * eap_eke_process_failure(struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Failure/Request");
if (payload_len < 4) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Failure");
} else {
u32 code;
code = WPA_GET_BE32(payload);
wpa_printf(MSG_INFO, "EAP-EKE: Failure-Code 0x%x", code);
}
return eap_eke_build_fail(data, ret, eap_get_id(reqData),
EAP_EKE_FAIL_NO_ERROR);
}示例8: eap_sake_process_identity
static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
struct eap_sake_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct eap_sake_parse_attr attr;
struct wpabuf *resp;
if (data->state != IDENTITY) {
ret->ignore = TRUE;
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Identity");
if (eap_sake_parse_attributes(payload, payload_len, &attr))
return NULL;
if (!attr.perm_id_req && !attr.any_id_req) {
wpa_printf(MSG_INFO, "EAP-SAKE: No AT_PERM_ID_REQ or "
"AT_ANY_ID_REQ in Request/Identity");
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity");
resp = eap_sake_build_msg(data, eap_get_id(reqData),
2 + data->peerid_len,
EAP_SAKE_SUBTYPE_IDENTITY);
if (resp == NULL)
return NULL;
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID,
data->peerid, data->peerid_len);
eap_sake_state(data, CHALLENGE);
return resp;
}示例9: eap_tls_process
static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
size_t left;
int res;
struct wpabuf *resp;
u8 flags, id;
const u8 *pos;
struct eap_tls_data *data = priv;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TLS, ret,
reqData, &left, &flags);
if (pos == NULL)
return NULL;
id = eap_get_id(reqData);
if (flags & EAP_TLS_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TLS: Start");
left = 0; /* make sure that this frame is empty, even though it
* should always be, anyway */
}
resp = NULL;
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id,
pos, left, &resp);
if (res < 0) {
return eap_tls_failure(sm, data, ret, res, resp, id);
}
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
eap_tls_success(sm, data, ret);
if (res == 1) {
wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_TLS, 0);
}
return resp;
}示例10: eap_gpsk_process_gpsk_1
static struct wpabuf * eap_gpsk_process_gpsk_1(struct eap_sm *sm,
struct eap_gpsk_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
size_t csuite_list_len;
const u8 *csuite_list, *pos, *end;
struct wpabuf *resp;
if (data->state != GPSK_1) {
ret->ignore = TRUE;
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Request/GPSK-1");
end = payload + payload_len;
pos = eap_gpsk_process_id_server(data, payload, end);
pos = eap_gpsk_process_rand_server(data, pos, end);
pos = eap_gpsk_process_csuite_list(sm, data, &csuite_list,
&csuite_list_len, pos, end);
if (pos == NULL) {
ret->methodState = METHOD_DONE;
eap_gpsk_state(data, FAILURE);
return NULL;
}
resp = eap_gpsk_send_gpsk_2(data, eap_get_id(reqData),
csuite_list, csuite_list_len);
if (resp == NULL)
return NULL;
eap_gpsk_state(data, GPSK_3);
return resp;
}示例11: eap_leap_process_request
static struct wpabuf * eap_leap_process_request(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_leap_data *data = priv;
struct wpabuf *resp;
const u8 *pos, *challenge, *identity, *password;
u8 challenge_len, *rpos;
size_t identity_len, password_len, len;
int pwhash;
wpa_printf(MSG_DEBUG, "EAP-LEAP: Processing EAP-Request");
identity = eap_get_config_identity(sm, &identity_len);
password = eap_get_config_password2(sm, &password_len, &pwhash);
if (identity == NULL || password == NULL)
return NULL;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_LEAP, reqData, &len);
if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-LEAP: Invalid EAP-Request frame");
ret->ignore = TRUE;
return NULL;
}
if (*pos != LEAP_VERSION) {
wpa_printf(MSG_WARNING, "EAP-LEAP: Unsupported LEAP version "
"%d", *pos);
ret->ignore = TRUE;
return NULL;
}
pos++;
pos++; /* skip unused byte */
challenge_len = *pos++;
if (challenge_len != LEAP_CHALLENGE_LEN || challenge_len > len - 3) {
wpa_printf(MSG_INFO, "EAP-LEAP: Invalid challenge "
"(challenge_len=%d reqDataLen=%lu)",
challenge_len, (unsigned long) wpabuf_len(reqData));
ret->ignore = TRUE;
return NULL;
}
challenge = pos;
os_memcpy(data->peer_challenge, challenge, LEAP_CHALLENGE_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Challenge from AP",
challenge, LEAP_CHALLENGE_LEN);
wpa_printf(MSG_DEBUG, "EAP-LEAP: Generating Challenge Response");
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_LEAP,
3 + LEAP_RESPONSE_LEN + identity_len,
EAP_CODE_RESPONSE, eap_get_id(reqData));
if (resp == NULL)
return NULL;
wpabuf_put_u8(resp, LEAP_VERSION);
wpabuf_put_u8(resp, 0); /* unused */
wpabuf_put_u8(resp, LEAP_RESPONSE_LEN);
rpos = wpabuf_put(resp, LEAP_RESPONSE_LEN);
if (pwhash)
challenge_response(challenge, password, rpos);
else
nt_challenge_response(challenge, password, password_len, rpos);
os_memcpy(data->peer_response, rpos, LEAP_RESPONSE_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-LEAP: Response",
rpos, LEAP_RESPONSE_LEN);
wpabuf_put_data(resp, identity, identity_len);
data->state = LEAP_WAIT_SUCCESS;
return resp;
}示例12: eap_sake_process_challenge
static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
struct eap_sake_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct eap_sake_parse_attr attr;
struct wpabuf *resp;
u8 *rpos;
size_t rlen;
if (data->state != IDENTITY && data->state != CHALLENGE) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge received "
"in unexpected state (%d)", data->state);
ret->ignore = TRUE;
return NULL;
}
if (data->state == IDENTITY)
eap_sake_state(data, CHALLENGE);
wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Request/Challenge");
if (eap_sake_parse_attributes(payload, payload_len, &attr))
return NULL;
if (!attr.rand_s) {
wpa_printf(MSG_INFO, "EAP-SAKE: Request/Challenge did not "
"include AT_RAND_S");
return NULL;
}
os_memcpy(data->rand_s, attr.rand_s, EAP_SAKE_RAND_LEN);
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
data->rand_s, EAP_SAKE_RAND_LEN);
if (os_get_random(data->rand_p, EAP_SAKE_RAND_LEN)) {
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_P (peer rand)",
data->rand_p, EAP_SAKE_RAND_LEN);
os_free(data->serverid);
data->serverid = NULL;
data->serverid_len = 0;
if (attr.serverid) {
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-SAKE: SERVERID",
attr.serverid, attr.serverid_len);
data->serverid = os_malloc(attr.serverid_len);
if (data->serverid == NULL)
return NULL;
os_memcpy(data->serverid, attr.serverid, attr.serverid_len);
data->serverid_len = attr.serverid_len;
}
eap_sake_derive_keys(data->root_secret_a, data->root_secret_b,
data->rand_s, data->rand_p,
(u8 *) &data->tek, data->msk, data->emsk);
wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Challenge");
rlen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN;
if (data->peerid)
rlen += 2 + data->peerid_len;
resp = eap_sake_build_msg(data, eap_get_id(reqData), rlen,
EAP_SAKE_SUBTYPE_CHALLENGE);
if (resp == NULL)
return NULL;
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_P");
eap_sake_add_attr(resp, EAP_SAKE_AT_RAND_P,
data->rand_p, EAP_SAKE_RAND_LEN);
if (data->peerid) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PEERID");
eap_sake_add_attr(resp, EAP_SAKE_AT_PEERID,
data->peerid, data->peerid_len);
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_P");
wpabuf_put_u8(resp, EAP_SAKE_AT_MIC_P);
wpabuf_put_u8(resp, 2 + EAP_SAKE_MIC_LEN);
rpos = wpabuf_put(resp, EAP_SAKE_MIC_LEN);
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
data->serverid, data->serverid_len,
data->peerid, data->peerid_len, 1,
wpabuf_head(resp), wpabuf_len(resp), rpos,
rpos)) {
wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
wpabuf_free(resp);
return NULL;
}
eap_sake_state(data, CONFIRM);
return resp;
}示例13: eap_md5_process
static struct wpabuf * eap_md5_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct wpabuf *resp;
const u8 *pos, *challenge, *password;
u8 *rpos, id;
size_t len, challenge_len, password_len;
password = eap_get_config_password(sm, &password_len);
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-MD5: Password not configured");
eap_sm_request_password(sm);
ret->ignore = TRUE;
return NULL;
}
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, reqData, &len);
if (pos == NULL || len == 0) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame (pos=%p len=%lu)",
pos, (unsigned long) len);
ret->ignore = TRUE;
return NULL;
}
/*
* CHAP Challenge:
* Value-Size (1 octet) | Value(Challenge) | Name(optional)
*/
challenge_len = *pos++;
if (challenge_len == 0 || challenge_len > len - 1) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid challenge "
"(challenge_len=%lu len=%lu)",
(unsigned long) challenge_len, (unsigned long) len);
ret->ignore = TRUE;
return NULL;
}
ret->ignore = FALSE;
challenge = pos;
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Challenge",
challenge, challenge_len);
wpa_printf(MSG_DEBUG, "EAP-MD5: Generating Challenge Response");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_COND_SUCC;
ret->allowNotifications = TRUE;
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MD5, 1 + CHAP_MD5_LEN,
EAP_CODE_RESPONSE, eap_get_id(reqData));
if (resp == NULL)
return NULL;
/*
* CHAP Response:
* Value-Size (1 octet) | Value(Response) | Name(optional)
*/
wpabuf_put_u8(resp, CHAP_MD5_LEN);
id = eap_get_id(resp);
rpos = wpabuf_put(resp, CHAP_MD5_LEN);
chap_md5(id, password, password_len, challenge, challenge_len, rpos);
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, CHAP_MD5_LEN);
return resp;
}示例14: eap_pax_process
static struct wpabuf * eap_pax_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_pax_data *data = priv;
const struct eap_pax_hdr *req;
struct wpabuf *resp;
u8 icvbuf[EAP_PAX_ICV_LEN], id;
const u8 *icv, *pos;
size_t len;
u16 flen, mlen;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX, reqData, &len);
if (pos == NULL || len < sizeof(*req) + EAP_PAX_ICV_LEN) {
ret->ignore = TRUE;
return NULL;
}
id = eap_get_id(reqData);
req = (const struct eap_pax_hdr *) pos;
flen = len - EAP_PAX_ICV_LEN;
mlen = wpabuf_len(reqData) - EAP_PAX_ICV_LEN;
wpa_printf(MSG_DEBUG, "EAP-PAX: received frame: op_code 0x%x "
"flags 0x%x mac_id 0x%x dh_group_id 0x%x "
"public_key_id 0x%x",
req->op_code, req->flags, req->mac_id, req->dh_group_id,
req->public_key_id);
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: received payload",
pos, len - EAP_PAX_ICV_LEN);
if (data->state != PAX_INIT && data->mac_id != req->mac_id) {
wpa_printf(MSG_INFO, "EAP-PAX: MAC ID changed during "
"authentication (was 0x%d, is 0x%d)",
data->mac_id, req->mac_id);
ret->ignore = TRUE;
return NULL;
}
if (data->state != PAX_INIT && data->dh_group_id != req->dh_group_id) {
wpa_printf(MSG_INFO, "EAP-PAX: DH Group ID changed during "
"authentication (was 0x%d, is 0x%d)",
data->dh_group_id, req->dh_group_id);
ret->ignore = TRUE;
return NULL;
}
if (data->state != PAX_INIT &&
data->public_key_id != req->public_key_id) {
wpa_printf(MSG_INFO, "EAP-PAX: Public Key ID changed during "
"authentication (was 0x%d, is 0x%d)",
data->public_key_id, req->public_key_id);
ret->ignore = TRUE;
return NULL;
}
/* TODO: add support EAP_PAX_HMAC_SHA256_128 */
if (req->mac_id != EAP_PAX_MAC_HMAC_SHA1_128) {
wpa_printf(MSG_INFO, "EAP-PAX: Unsupported MAC ID 0x%x",
req->mac_id);
ret->ignore = TRUE;
return NULL;
}
if (req->dh_group_id != EAP_PAX_DH_GROUP_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Unsupported DH Group ID 0x%x",
req->dh_group_id);
ret->ignore = TRUE;
return NULL;
}
if (req->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Unsupported Public Key ID 0x%x",
req->public_key_id);
ret->ignore = TRUE;
return NULL;
}
if (req->flags & EAP_PAX_FLAGS_MF) {
/* TODO: add support for reassembling fragments */
wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported - "
"ignored packet");
ret->ignore = TRUE;
return NULL;
}
icv = pos + len - EAP_PAX_ICV_LEN;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN);
if (req->op_code == EAP_PAX_OP_STD_1) {
eap_pax_mac(req->mac_id, (u8 *) "", 0,
wpabuf_head(reqData), mlen, NULL, 0, NULL, 0,
icvbuf);
} else {
eap_pax_mac(req->mac_id, data->ick, EAP_PAX_ICK_LEN,
wpabuf_head(reqData), mlen, NULL, 0, NULL, 0,
icvbuf);
}
if (os_memcmp_const(icv, icvbuf, EAP_PAX_ICV_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAP-PAX: invalid ICV - ignoring the "
"message");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected ICV",
//.........这里部分代码省略.........
示例15: eap_gtc_process
static struct wpabuf * eap_gtc_process(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
const struct wpabuf *reqData)
{
struct eap_gtc_data *data = priv;
struct wpabuf *resp;
const u8 *pos, *password, *identity;
size_t password_len, identity_len, len, plen;
int otp;
u8 id;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqData, &len);
if (pos == NULL) {
ret->ignore = TRUE;
return NULL;
}
id = eap_get_id(reqData);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len);
if (data->prefix &&
(len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) {
wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with "
"expected prefix");
wpa_printf(MSG_DEBUG, "Unrecoverable error - Restarting\n");
/* Send an empty response in order to allow tunneled
* acknowledgement of the failure. This will also cover the
* error case which seems to use EAP-MSCHAPv2 like error
* reporting with EAP-GTC inside EAP-FAST tunnel. */
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC,
0, EAP_CODE_RESPONSE, id);
return resp;
}
password = eap_get_config_otp(sm, &password_len);
if (password)
otp = 1;
else {
password = eap_get_config_password(sm, &password_len);
otp = 0;
}
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-GTC: Password not configured");
eap_sm_request_otp(sm, (const char *) pos, len);
ret->ignore = TRUE;
return NULL;
}
ret->ignore = FALSE;
ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE;
ret->decision = DECISION_COND_SUCC;
ret->allowNotifications = FALSE;
plen = password_len;
identity = eap_get_config_identity(sm, &identity_len);
if (identity == NULL)
return NULL;
if (data->prefix)
plen += 9 + identity_len + 1;
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, plen,
EAP_CODE_RESPONSE, id);
if (resp == NULL)
return NULL;
if (data->prefix) {
wpabuf_put_data(resp, "RESPONSE=", 9);
wpabuf_put_data(resp, identity, identity_len);
wpabuf_put_u8(resp, '\0');
}
wpabuf_put_data(resp, password, password_len);
wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response",
wpabuf_head_u8(resp) + sizeof(struct eap_hdr) +
1, plen);
if (otp) {
wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password");
eap_clear_config_otp(sm);
}
return resp;
}