亚洲欧美第一页_禁久久精品乱码_粉嫩av一区二区三区免费野_久草精品视频

? 歡迎來到蟲蟲下載站! | ?? 資源下載 ?? 資源專輯 ?? 關(guān)于我們
? 蟲蟲下載站

?? eap_fast.c

?? 最新的Host AP 新添加了許多pcmcia 的驅(qū)動
?? C
?? 第 1 頁 / 共 3 頁
字號: 
/* * EAP-FAST server (RFC 4851) * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * Alternatively, this software may be distributed under the terms of BSD * license. * * See README and COPYING for more details. */#include "includes.h"#include "common.h"#include "aes_wrap.h"#include "sha1.h"#include "eap_i.h"#include "eap_tls_common.h"#include "tls.h"#include "eap_common/eap_tlv_common.h"#include "eap_common/eap_fast_common.h"static void eap_fast_reset(struct eap_sm *sm, void *priv);/* Private PAC-Opaque TLV types */#define PAC_OPAQUE_TYPE_PAD 0#define PAC_OPAQUE_TYPE_KEY 1#define PAC_OPAQUE_TYPE_LIFETIME 2#define PAC_OPAQUE_TYPE_IDENTITY 3struct eap_fast_data {	struct eap_ssl_data ssl;	enum {		START, PHASE1, PHASE2_START, PHASE2_ID, PHASE2_METHOD,		CRYPTO_BINDING, REQUEST_PAC, SUCCESS, FAILURE	} state;	int fast_version;	const struct eap_method *phase2_method;	void *phase2_priv;	int force_version;	int peer_version;	u8 crypto_binding_nonce[32];	int final_result;	struct eap_fast_key_block_provisioning *key_block_p;	u8 simck[EAP_FAST_SIMCK_LEN];	u8 cmk[EAP_FAST_CMK_LEN];	int simck_idx;	u8 pac_opaque_encr[16];	u8 *srv_id;	size_t srv_id_len;	char *srv_id_info;	int anon_provisioning;	int send_new_pac; /* server triggered re-keying of Tunnel PAC */	struct wpabuf *pending_phase2_resp;	u8 *identity; /* from PAC-Opaque */	size_t identity_len;	int eap_seq;	int tnc_started;	int pac_key_lifetime;	int pac_key_refresh_time;};static const char * eap_fast_state_txt(int state){	switch (state) {	case START:		return "START";	case PHASE1:		return "PHASE1";	case PHASE2_START:		return "PHASE2_START";	case PHASE2_ID:		return "PHASE2_ID";	case PHASE2_METHOD:		return "PHASE2_METHOD";	case CRYPTO_BINDING:		return "CRYPTO_BINDING";	case REQUEST_PAC:		return "REQUEST_PAC";	case SUCCESS:		return "SUCCESS";	case FAILURE:		return "FAILURE";	default:		return "Unknown?!";	}}static void eap_fast_state(struct eap_fast_data *data, int state){	wpa_printf(MSG_DEBUG, "EAP-FAST: %s -> %s",		   eap_fast_state_txt(data->state),		   eap_fast_state_txt(state));	data->state = state;}static EapType eap_fast_req_failure(struct eap_sm *sm,				    struct eap_fast_data *data){	/* TODO: send Result TLV(FAILURE) */	eap_fast_state(data, FAILURE);	return EAP_TYPE_NONE;}static int eap_fast_session_ticket_cb(void *ctx, const u8 *ticket, size_t len,				      const u8 *client_random,				      const u8 *server_random,				      u8 *master_secret){	struct eap_fast_data *data = ctx;	const u8 *pac_opaque;	size_t pac_opaque_len;	u8 *buf, *pos, *end, *pac_key = NULL;	os_time_t lifetime = 0;	struct os_time now;	u8 *identity = NULL;	size_t identity_len = 0;	wpa_printf(MSG_DEBUG, "EAP-FAST: SessionTicket callback");	wpa_hexdump(MSG_DEBUG, "EAP-FAST: SessionTicket (PAC-Opaque)",		    ticket, len);	if (len < 4 || WPA_GET_BE16(ticket) != PAC_TYPE_PAC_OPAQUE) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Ignore invalid "			   "SessionTicket");		return 0;	}	pac_opaque_len = WPA_GET_BE16(ticket + 2);	pac_opaque = ticket + 4;	if (pac_opaque_len < 8 || pac_opaque_len % 8 ||	    pac_opaque_len > len - 4) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Ignore invalid PAC-Opaque "			   "(len=%lu left=%lu)",			   (unsigned long) pac_opaque_len,			   (unsigned long) len);		return 0;	}	wpa_hexdump(MSG_DEBUG, "EAP-FAST: Received PAC-Opaque",		    pac_opaque, pac_opaque_len);	buf = os_malloc(pac_opaque_len - 8);	if (buf == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to allocate memory "			   "for decrypting PAC-Opaque");		return 0;	}	if (aes_unwrap(data->pac_opaque_encr, (pac_opaque_len - 8) / 8,		       pac_opaque, buf) < 0) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to decrypt "			   "PAC-Opaque");		os_free(buf);		/*		 * This may have been caused by server changing the PAC-Opaque		 * encryption key, so just ignore this PAC-Opaque instead of		 * failing the authentication completely. Provisioning can now		 * be used to provision a new PAC.		 */		return 0;	}	end = buf + pac_opaque_len - 8;	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Decrypted PAC-Opaque",			buf, end - buf);	pos = buf;	while (pos + 1 < end) {		if (pos + 2 + pos[1] > end)			break;		switch (*pos) {		case PAC_OPAQUE_TYPE_PAD:			pos = end;			break;		case PAC_OPAQUE_TYPE_KEY:			if (pos[1] != EAP_FAST_PAC_KEY_LEN) {				wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "					   "PAC-Key length %d", pos[1]);				os_free(buf);				return -1;			}			pac_key = pos + 2;			wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key from "					"decrypted PAC-Opaque",					pac_key, EAP_FAST_PAC_KEY_LEN);			break;		case PAC_OPAQUE_TYPE_LIFETIME:			if (pos[1] != 4) {				wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "					   "PAC-Key lifetime length %d",					   pos[1]);				os_free(buf);				return -1;			}			lifetime = WPA_GET_BE32(pos + 2);			break;		case PAC_OPAQUE_TYPE_IDENTITY:			identity = pos + 2;			identity_len = pos[1];			break;		}		pos += 2 + pos[1];	}	if (pac_key == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: No PAC-Key included in "			   "PAC-Opaque");		os_free(buf);		return -1;	}	if (identity) {		wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Identity from "				  "PAC-Opaque", identity, identity_len);		os_free(data->identity);		data->identity = os_malloc(identity_len);		if (data->identity) {			os_memcpy(data->identity, identity, identity_len);			data->identity_len = identity_len;		}	}	if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {		wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore "			   "(lifetime=%ld now=%ld)", lifetime, now.sec);		data->send_new_pac = 2;		/*		 * Allow PAC to be used to allow a PAC update with some level		 * of server authentication (i.e., do not fall back to full TLS		 * handshake since we cannot be sure that the peer would be		 * able to validate server certificate now). However, reject		 * the authentication since the PAC was not valid anymore. Peer		 * can connect again with the newly provisioned PAC after this.		 */	} else if (lifetime - now.sec < data->pac_key_refresh_time) {		wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key soft timeout; send "			   "an update if authentication succeeds");		data->send_new_pac = 1;	}	eap_fast_derive_master_secret(pac_key, server_random, client_random,				      master_secret);	os_free(buf);	return 1;}static void eap_fast_derive_key_auth(struct eap_sm *sm,				     struct eap_fast_data *data){	u8 *sks;	/* RFC 4851, Section 5.1:	 * Extra key material after TLS key_block: session_key_seed[40]	 */	sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn, "key expansion",				  EAP_FAST_SKS_LEN);	if (sks == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive "			   "session_key_seed");		return;	}	/*	 * RFC 4851, Section 5.2:	 * S-IMCK[0] = session_key_seed	 */	wpa_hexdump_key(MSG_DEBUG,			"EAP-FAST: session_key_seed (SKS = S-IMCK[0])",			sks, EAP_FAST_SKS_LEN);	data->simck_idx = 0;	os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN);	os_free(sks);}static void eap_fast_derive_key_provisioning(struct eap_sm *sm,					     struct eap_fast_data *data){	os_free(data->key_block_p);	data->key_block_p = (struct eap_fast_key_block_provisioning *)		eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,				    "key expansion",				    sizeof(*data->key_block_p));	if (data->key_block_p == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive key block");		return;	}	/*	 * RFC 4851, Section 5.2:	 * S-IMCK[0] = session_key_seed	 */	wpa_hexdump_key(MSG_DEBUG,			"EAP-FAST: session_key_seed (SKS = S-IMCK[0])",			data->key_block_p->session_key_seed,			sizeof(data->key_block_p->session_key_seed));	data->simck_idx = 0;	os_memcpy(data->simck, data->key_block_p->session_key_seed,		  EAP_FAST_SIMCK_LEN);	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: server_challenge",			data->key_block_p->server_challenge,			sizeof(data->key_block_p->server_challenge));	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: client_challenge",			data->key_block_p->client_challenge,			sizeof(data->key_block_p->client_challenge));}static int eap_fast_get_phase2_key(struct eap_sm *sm,				   struct eap_fast_data *data,				   u8 *isk, size_t isk_len){	u8 *key;	size_t key_len;	os_memset(isk, 0, isk_len);	if (data->phase2_method == NULL || data->phase2_priv == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 method not "			   "available");		return -1;	}	if (data->phase2_method->getKey == NULL)		return 0;	if ((key = data->phase2_method->getKey(sm, data->phase2_priv,					       &key_len)) == NULL) {		wpa_printf(MSG_DEBUG, "EAP-FAST: Could not get key material "			   "from Phase 2");		return -1;	}	if (key_len > isk_len)		key_len = isk_len;	if (key_len == 32 &&	    data->phase2_method->vendor == EAP_VENDOR_IETF &&	    data->phase2_method->method == EAP_TYPE_MSCHAPV2) {		/*		 * EAP-FAST uses reverse order for MS-MPPE keys when deriving		 * MSK from EAP-MSCHAPv2. Swap the keys here to get the correct		 * ISK for EAP-FAST cryptobinding.		 */		os_memcpy(isk, key + 16, 16);		os_memcpy(isk + 16, key, 16);	} else		os_memcpy(isk, key, key_len);	os_free(key);	return 0;}static int eap_fast_update_icmk(struct eap_sm *sm, struct eap_fast_data *data){	u8 isk[32], imck[60];	wpa_printf(MSG_DEBUG, "EAP-FAST: Deriving ICMK[%d] (S-IMCK and CMK)",		   data->simck_idx + 1);	/*	 * RFC 4851, Section 5.2:	 * IMCK[j] = T-PRF(S-IMCK[j-1], "Inner Methods Compound Keys",	 *                 MSK[j], 60)	 * S-IMCK[j] = first 40 octets of IMCK[j]	 * CMK[j] = last 20 octets of IMCK[j]	 */	if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0)		return -1;	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: ISK[j]", isk, sizeof(isk));	sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,		   "Inner Methods Compound Keys",		   isk, sizeof(isk), imck, sizeof(imck));	data->simck_idx++;	os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",			data->simck, EAP_FAST_SIMCK_LEN);	os_memcpy(data->cmk, imck + EAP_FAST_SIMCK_LEN, EAP_FAST_CMK_LEN);	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]",			data->cmk, EAP_FAST_CMK_LEN);	return 0;}static void * eap_fast_init(struct eap_sm *sm){	struct eap_fast_data *data;	u8 ciphers[5] = {		TLS_CIPHER_ANON_DH_AES128_SHA,		TLS_CIPHER_AES128_SHA,		TLS_CIPHER_RSA_DHE_AES128_SHA,		TLS_CIPHER_RC4_SHA,		TLS_CIPHER_NONE	};	data = os_zalloc(sizeof(*data));	if (data == NULL)		return NULL;	data->fast_version = EAP_FAST_VERSION;	data->force_version = -1;	if (sm->user && sm->user->force_version >= 0) {		data->force_version = sm->user->force_version;		wpa_printf(MSG_DEBUG, "EAP-FAST: forcing version %d",			   data->force_version);		data->fast_version = data->force_version;	}	data->state = START;	if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {		wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");		eap_fast_reset(sm, data);		return NULL;	}	if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,					   ciphers) < 0) {		wpa_printf(MSG_INFO, "EAP-FAST: Failed to set TLS cipher "			   "suites");		eap_fast_reset(sm, data);		return NULL;	}	if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,						 eap_fast_session_ticket_cb,						 data) < 0) {		wpa_printf(MSG_INFO, "EAP-FAST: Failed to set SessionTicket "			   "callback");		eap_fast_reset(sm, data);		return NULL;	}	if (sm->pac_opaque_encr_key == NULL) {		wpa_printf(MSG_INFO, "EAP-FAST: No PAC-Opaque encryption key "			   "configured");		eap_fast_reset(sm, data);		return NULL;	}	os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,		  sizeof(data->pac_opaque_encr));	if (sm->eap_fast_a_id == NULL) {		wpa_printf(MSG_INFO, "EAP-FAST: No A-ID configured");		eap_fast_reset(sm, data);		return NULL;	}	data->srv_id = os_malloc(sm->eap_fast_a_id_len);	if (data->srv_id == NULL) {		eap_fast_reset(sm, data);		return NULL;	}	os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);	data->srv_id_len = sm->eap_fast_a_id_len;	if (sm->eap_fast_a_id_info == NULL) {		wpa_printf(MSG_INFO, "EAP-FAST: No A-ID-Info configured");		eap_fast_reset(sm, data);		return NULL;	}	data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);	if (data->srv_id_info == NULL) {		eap_fast_reset(sm, data);		return NULL;	}	/* PAC-Key lifetime in seconds (hard limit) */	data->pac_key_lifetime = sm->pac_key_lifetime;	/*	 * PAC-Key refresh time in seconds (soft limit on remaining hard	 * limit). The server will generate a new PAC-Key when this number of	 * seconds (or fewer) of the lifetime remains.	 */	data->pac_key_refresh_time = sm->pac_key_refresh_time;	return data;}static void eap_fast_reset(struct eap_sm *sm, void *priv){	struct eap_fast_data *data = priv;	if (data == NULL)		return;	if (data->phase2_priv && data->phase2_method)		data->phase2_method->reset(sm, data->phase2_priv);	eap_server_tls_ssl_deinit(sm, &data->ssl);	os_free(data->srv_id);	os_free(data->srv_id_info);	os_free(data->key_block_p);	wpabuf_free(data->pending_phase2_resp);	os_free(data->identity);	os_free(data);}static struct wpabuf * eap_fast_build_start(struct eap_sm *sm,					    struct eap_fast_data *data, u8 id){	struct wpabuf *req;	req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_FAST,			    1 + sizeof(struct pac_tlv_hdr) + data->srv_id_len,			    EAP_CODE_REQUEST, id);	if (req == NULL) {		wpa_printf(MSG_ERROR, "EAP-FAST: Failed to allocate memory for"			   " request");		eap_fast_state(data, FAILURE);		return NULL;	}

?? 快捷鍵說明

復制代碼 Ctrl + C
搜索代碼 Ctrl + F
全屏模式 F11
切換主題 Ctrl + Shift + D
顯示快捷鍵 ?
增大字號 Ctrl + =
減小字號 Ctrl + -
亚洲欧美第一页_禁久久精品乱码_粉嫩av一区二区三区免费野_久草精品视频
日韩一区二区三区三四区视频在线观看 | 在线观看日韩电影| 久久久亚洲精华液精华液精华液| 国产精品不卡在线| 国产91精品精华液一区二区三区 | 久久久久久久一区| 视频在线在亚洲| 欧美一区二区三区色| 日本不卡不码高清免费观看| 色综合色综合色综合| 日本一区二区三区四区| 国产精品原创巨作av| 久久夜色精品国产欧美乱极品| 日韩精品91亚洲二区在线观看| 欧美专区在线观看一区| 亚洲激情欧美激情| 国产.欧美.日韩| 久久久99久久| 日韩一区二区三区观看| 精品写真视频在线观看| 国产调教视频一区| av在线不卡免费看| 午夜精品福利一区二区蜜股av| 欧美一区二区国产| 国产精品888| 一区二区三区鲁丝不卡| 在线观看91视频| 久久精品国产999大香线蕉| 中文字幕精品一区二区三区精品| 91黄色免费网站| 国产综合色精品一区二区三区| xnxx国产精品| 欧美一区二区观看视频| 国产69精品久久久久毛片| 亚洲精品久久嫩草网站秘色| 久久亚洲精华国产精华液 | 国产精品18久久久久久vr| 中文字幕中文在线不卡住| 欧美精品18+| 99免费精品视频| 国产精品热久久久久夜色精品三区| 欧美影视一区二区三区| 成人av资源站| 国产精品一区二区视频| 亚洲国产成人av| 国产精品萝li| 国产精品热久久久久夜色精品三区| 日韩欧美中文字幕制服| 欧美日韩一区国产| 91在线视频18| 成人性生交大片免费看中文网站| 韩国毛片一区二区三区| 久久精品国产亚洲aⅴ| 亚洲成人av在线电影| 亚洲永久免费视频| 亚洲女人****多毛耸耸8| 日本一区二区久久| 国产午夜精品福利| 中文字幕av一区二区三区| 久久综合狠狠综合久久综合88 | 成人免费毛片片v| 国产精品一二三区| 成人一区在线观看| 91丨porny丨在线| 91丝袜呻吟高潮美腿白嫩在线观看| 国产·精品毛片| 丰满放荡岳乱妇91ww| 国产69精品久久久久毛片| 菠萝蜜视频在线观看一区| 91久久国产最好的精华液| 欧美一级电影网站| 高清shemale亚洲人妖| 风间由美一区二区三区在线观看 | 日韩欧美中文字幕制服| 精品免费国产二区三区| 国产精品国产精品国产专区不片| 亚洲视频在线一区| 男男成人高潮片免费网站| 国产一区福利在线| 欧美日本高清视频在线观看| 欧美成人精品福利| 亚洲激情六月丁香| 成人av一区二区三区| 成人av电影免费观看| 香蕉成人啪国产精品视频综合网| 亚洲观看高清完整版在线观看| 九九国产精品视频| 色综合久久六月婷婷中文字幕| 91精品国产综合久久久久| 国产精品毛片无遮挡高清| 久久超碰97中文字幕| 欧美一级一区二区| 午夜精品久久久久久久久久 | 首页亚洲欧美制服丝腿| 91极品视觉盛宴| 一区二区三区在线视频免费观看| 国产真实乱子伦精品视频| 69成人精品免费视频| 一级日本不卡的影视| 成人福利在线看| 亚洲特黄一级片| www.一区二区| 中文子幕无线码一区tr| 国产九色sp调教91| 精品999在线播放| 国产毛片精品一区| 18成人在线视频| 欧美色大人视频| 久久国产免费看| 国产午夜精品美女毛片视频| 成人小视频免费观看| 亚洲美腿欧美偷拍| 欧美精品久久久久久久多人混战| 国产视频亚洲色图| 成人avav影音| 亚洲男人都懂的| 日韩欧美一区电影| 91一区在线观看| 久久国产乱子精品免费女| 国产亚洲人成网站| 色噜噜狠狠色综合欧洲selulu| 一区二区在线看| 91精品国产91久久综合桃花| 国产成人午夜视频| 天使萌一区二区三区免费观看| 精品黑人一区二区三区久久| 99久久99久久精品免费观看| 日韩精品一区第一页| 国产精品嫩草99a| 欧美日韩三级一区| 国产成人精品亚洲777人妖| 欧美高清一级片在线观看| 欧美少妇xxx| jvid福利写真一区二区三区| 中文字幕一区二区三区四区不卡 | 欧美日韩情趣电影| 99re6这里只有精品视频在线观看| 日日噜噜夜夜狠狠视频欧美人| 国产精品色哟哟| 欧美电影一区二区| 欧美日韩国产首页| 欧美日韩免费一区二区三区视频| 成人黄色av电影| 国产精品99久久久久久久vr| 久久99精品久久久久久动态图| 亚洲色图一区二区| 亚洲少妇最新在线视频| 日本一区二区三区在线观看| 久久伊人蜜桃av一区二区| 欧美一区二区啪啪| 欧美不卡一二三| 26uuuu精品一区二区| 欧美电影免费观看高清完整版在| 欧美亚洲精品一区| 欧美日韩一区高清| 精品国内二区三区| 国产亚洲一区二区在线观看| 国产日韩欧美综合在线| 国产精品日韩成人| 一区二区三区欧美日韩| 日本美女一区二区三区| 国产美女在线精品| 在线免费观看不卡av| 欧美欧美午夜aⅴ在线观看| 日韩一区二区三区av| 久久久亚洲精品石原莉奈| 中文字幕巨乱亚洲| 国产精品家庭影院| 日韩毛片视频在线看| 综合久久久久久| 麻豆91精品视频| 成人激情免费电影网址| 在线看日本不卡| 欧美一区二区福利在线| 久久一区二区视频| 亚洲综合网站在线观看| 国产伦精品一区二区三区免费迷| 91麻豆免费视频| 日韩视频在线你懂得| 国产精品二区一区二区aⅴ污介绍| 日韩av高清在线观看| 色老综合老女人久久久| 欧美一级午夜免费电影| 亚洲精品日产精品乱码不卡| 极品美女销魂一区二区三区免费| 欧美日韩一区二区欧美激情| 亚洲国产精品精华液ab| 美女视频一区在线观看| 欧美视频一区二区| 亚洲亚洲精品在线观看| 91视频91自| 欧美激情在线观看视频免费| 日本最新不卡在线| 欧美一级搡bbbb搡bbbb| 亚洲第一激情av| 色婷婷精品大视频在线蜜桃视频| 国产丝袜欧美中文另类| 国产成人综合视频| 综合久久综合久久| 色综合av在线|