diff --git a/bundle.json b/bundle.json index 637549b2541ca01b7e5130d2b88eaddefaca9365..39257539a3e4677d1ca8fcb7d898b84ba344ff45 100644 --- a/bundle.json +++ b/bundle.json @@ -30,6 +30,7 @@ "wpa_supplicant_config_mlo", "wpa_supplicant_ieee80211be", "wpa_supplicant_config_okc_roam", + "wpa_supplicant_config_ext_auth", "wpa_supplicant_hisysevent_module" ], "adapted_system_type": ["small","standard"], diff --git a/wpa_supplicant-2.9_standard/BUILD.gn b/wpa_supplicant-2.9_standard/BUILD.gn index 4461291f9d43eb8f977069c53dfb9855787b4bbc..226a4fc77b9b3b5b082e1c5763549696b765901a 100644 --- a/wpa_supplicant-2.9_standard/BUILD.gn +++ b/wpa_supplicant-2.9_standard/BUILD.gn @@ -31,6 +31,7 @@ declare_args() { wpa_supplicant_config_wfd = true wpa_supplicant_config_mlo = false wpa_supplicant_config_okc_roam = false + wpa_supplicant_config_ext_auth = false } if (wpa_supplicant_ohos_certmgr) { @@ -88,6 +89,9 @@ CONFIG_MAIN = "main" config("wpa_warnings") { cflags = [ "-Wno-error=sign-compare" ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } ldflags = [ "-flto", "-fsanitize=cfi", @@ -173,6 +177,9 @@ ohos_shared_library("wpa_client") { include_dirs = wpa_client_base_include_dirs cflags = wpa_client_base_cflags + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -215,6 +222,9 @@ ohos_shared_library("wpa_client_vendor") { include_dirs = wpa_client_vendor_base_include_dirs cflags = wpa_client_base_cflags + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -258,6 +268,9 @@ ohos_shared_library("wpa_client_updater") { include_dirs = wpa_client_base_include_dirs cflags = wpa_client_base_cflags + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -408,6 +421,7 @@ wpa_base_sources = [ "$WPA_ROOT_DIR/src/eap_common/eap_pwd_common.c", "$WPA_ROOT_DIR/src/eap_common/eap_sim_common.c", "$WPA_ROOT_DIR/src/eap_common/eap_wsc_common.c", + "$WPA_ROOT_DIR/src/eap_common/ext_authentication.c", "$WPA_ROOT_DIR/src/eap_peer/eap_aka.c", "$WPA_ROOT_DIR/src/eap_peer/eap_gtc.c", "$WPA_ROOT_DIR/src/eap_peer/eap_mschapv2.c", @@ -552,6 +566,9 @@ ohos_shared_library("wpa_sys") { "-DEAP_GTC", "-DCONFIG_P2P_USER_REJECT", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -587,6 +604,10 @@ ohos_shared_library("wpa_sys") { external_deps += [ "hilog:libhilog" ] } + if (wpa_supplicant_config_ext_auth) { + external_deps += [ "drivers_peripheral_wlan:wpa_hdi_client" ] + } + if ("${CONFIG_DRIVER}" == "nl80211") { sources += [ "$WPA_ROOT_DIR/src/ap/ieee802_11_he.c", @@ -714,6 +735,9 @@ ohos_shared_library("wpa_sys_updater") { "-DPKCS12_FUNCS", "-DCONFIG_P2P_USER_REJECT", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -888,6 +912,9 @@ ohos_shared_library("wpa") { "-DCONFIG_P2P_USER_REJECT", "-DCONFIG_HUKS_ENCRYPTION_SUPPORT", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -1057,6 +1084,9 @@ ohos_shared_library("wpa_updater") { "-DPKCS12_FUNCS", "-DCONFIG_P2P_USER_REJECT", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -1082,6 +1112,9 @@ ohos_shared_library("wpa_updater") { "drivers_peripheral_wlan:wpa_hdi_client", "init:libbegetutil", ] + if (wpa_supplicant_config_ext_auth) { + external_deps += [ "drivers_peripheral_wlan:wpa_hdi_client" ] + } if (wpa_supplicant_config_openssl) { external_deps += [ "openssl:libcrypto_shared", @@ -1197,6 +1230,10 @@ ohos_executable("wpa_cli") { "-DCONFIG_DEBUG_FILE", "-DCONFIG_OPEN_HARMONY_PATCH", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } + if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] } else { @@ -1291,6 +1328,9 @@ ohos_executable("hostapd_cli") { "-DCONFIG_DEBUG_FILE", "-DCONFIG_OPEN_HARMONY_PATCH", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } if ("${CONFIG_CTRL_IFACE}" == "udp") { cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ] @@ -1340,6 +1380,9 @@ ohos_executable("wpa_supplicant") { "-DCONFIG_DEBUG_FILE", "-DCONFIG_OPEN_HARMONY_PATCH", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } install_images = [ chipset_base_dir ] part_name = "wpa_supplicant" subsystem_name = "thirdparty" @@ -1357,6 +1400,9 @@ ohos_executable("hostapd") { "-DCONFIG_DEBUG_FILE", "-DCONFIG_OPEN_HARMONY_PATCH", ] + if (wpa_supplicant_config_ext_auth) { + cflags += [ "-DEXT_AUTHENTICATION_SUPPORT" ] + } install_images = [ chipset_base_dir ] part_name = "wpa_supplicant" subsystem_name = "thirdparty" diff --git a/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.c b/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.c new file mode 100644 index 0000000000000000000000000000000000000000..d2af5f849dd079d4a8cab93a032981a4a80f1689 --- /dev/null +++ b/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.c @@ -0,0 +1,162 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. + */ +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "ext_authentication.h" + +#include "common.h" +#include "includes.h" +#include "securec.h" +#include "trace.h" +#include "wpa_debug.h" + +#define EXT_AUTH_CODE_SIZE 5 +#define EAP_TYPE_SIZE 255 + +static u8 g_authMap[EXT_AUTH_CODE_SIZE][EAP_TYPE_SIZE] = {0}; + +const char *g_ifnameToString[] = { + "unkown", + "wlan0", + "eth0" +}; + +bool reg_ext_auth(int code, int type, int ifname) +{ + wpa_printf(MSG_INFO, "ext_certification reg_ext_auth : code : %d , type : %d, ifname : %d", code, type, ifname); + bool illegal = code < 1 || code >= EXT_AUTH_CODE_SIZE || type < 0 || type >= EAP_TYPE_SIZE || ifname < 0 || + ifname >= IFNAME_SIZE; + if (illegal) { + wpa_printf(MSG_ERROR, "ext_authentication reg_ext_auth : code : %d , type : %d, ifname : %d", code, type, + ifname); + return false; + } + g_authMap[code][type] = ifname; + return true; +} + +bool un_reg_ext_auth(int code, int type) +{ + wpa_printf(MSG_INFO, "ext_certification un_reg_ext_auth : code : %d , type : %d", code, type); + if (code < 1 || code >= EXT_AUTH_CODE_SIZE || type < 0 || type >= EAP_TYPE_SIZE) { + wpa_printf(MSG_ERROR, "ext_certification un_reg_ext_auth : code : %d , type : %d", code, type); + return false; + } + g_authMap[code][type] = IFNAME_UNKNOWN; + return true; +} + +int get_ext_auth(int code, int type) +{ + wpa_printf(MSG_DEBUG, "ext_certification get_ext_auth : code : %d , type : %d, res : %d", code, type, + (int)g_authMap[code][type]); + if (code < 1 || code >= EXT_AUTH_CODE_SIZE || type < 0 || type >= EAP_TYPE_SIZE) { + wpa_printf(MSG_ERROR, "ext_authentication get_ext_auth : code : %d , type : %d", code, type); + return IFNAME_UNKNOWN; + } + return g_authMap[code][type]; +} + +static int g_idx = 0; + +int get_authentication_idx() +{ + return g_idx; +} + +void add_authentication_idx() +{ + int idxMod = 100; + g_idx = (g_idx + 1) % idxMod; +} + +static uint8_t* g_eapData = NULL; +static int g_eapDataLen = 0; + +uint8_t* get_eap_data() +{ + return g_eapData; +} + +int get_eap_data_len() +{ + return g_eapDataLen; +} + +void clear_eap_data() +{ + free(g_eapData); + g_eapData = NULL; + g_eapDataLen = 0; +} + +void set_eap_data(u8* eapData, int eapDataLen) +{ + if (eapData == NULL || eapDataLen <= 0) { + wpa_printf(MSG_ERROR, "set_eap_data input error"); + return; + } + if (g_eapData != NULL) { + free(g_eapData); // 保险机制 + } + + g_eapDataLen = eapDataLen; + g_eapData = (u8*)malloc(eapDataLen * sizeof(u8)); + if (g_eapData == NULL) { + wpa_printf(MSG_ERROR, "set_eap_data malloc error"); + return; + } + // 拷贝数据 + if (memcpy_s(g_eapData, eapDataLen, eapData, eapDataLen) != 0) { + wpa_printf(MSG_ERROR, "set_eap_data memcpy_s error"); + clear_eap_data(); + } +} + +static struct eap_sm* g_eapSm = NULL; + +void set_eap_sm(struct eap_sm *eapSm) +{ + g_eapSm = eapSm; +} + +struct eap_sm* get_eap_sm() +{ + return g_eapSm; +} + +static struct encrypt_data g_encryptData; +void set_encrypt_data(struct eap_ssl_data *ssl, int eapType, int version, unsigned char id) +{ + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_data : eapType : %d , version : %d", eapType, + vertion, (u8)id); + g_encryptData.ssl = ssl; + g_encryptData.eapType = eapType; + g_encryptData.vertion = vertion; + g_encryptData.id = id; +} + +void set_encrypt_eap_type(int eapType) +{ + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_eap_type : eapType : %d", eapType); + g_encryptData.eapType = eapType; +} + +struct encrypt_data* get_encrypt_data() +{ + return &g_encryptData; +} + +int g_code = 0; + +int get_code() +{ + return g_code; +} + +void set_code(int code) +{ + g_code = code; +} + +#endif /* EXT_AUTHENTICATION_SUPPORT */ \ No newline at end of file diff --git a/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.h b/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.h new file mode 100644 index 0000000000000000000000000000000000000000..1de63b2eeed48f0c183992382a4f7dfa2a0bb505 --- /dev/null +++ b/wpa_supplicant-2.9_standard/src/eap_common/ext_authentication.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. + */ +#ifndef EXT_AUTHENTICATION_H +#define EXT_AUTHENTICATION_H + +#ifdef EXT_AUTHENTICATION_SUPPORT +#include +#include + +#define TYPE_OFFSET 4 +#define IFNAME_LENGTH 2 +#define BUF_SIZE 2048 +#define PARAM_LEN 30 +#define BASE64_NUM 3 + +enum Ifname { + IFNAME_UNKNOWN = 0, + IFNAME_WIFI0 = 1, + IFNAME_ETH0 = 2, + IFNAME_SIZE = 3 + }; + + extern const char* g_ifnameToString[]; + + bool reg_ext_auth(int code, int type, int ifname); + bool un_reg_ext_auth(int code, int type); + int get_ext_auth(int code, int type); + +// 递增的数字标识符 +int get_authentication_idx(); +void add_authentication_idx(); + +uint8_t* get_eap_data(); +int get_eap_data_len(); +void clear_eap_data(); +void set_eap_data(uint8_t* eapData, int eapDataLen); + +struct eap_sm; +void set_eap_sm(struct eap *eapSm); +struct eap_sm* get_eap_sm(); + +struct eap_ssl_data; +struct encrypt_data{ + struct eap_ssl_data *ssl; + int eapType; + int version; + unsigned char id; +}; + +void set_encrypt_data(struct eap_ssl_data *ssl, int eapType, int version, unsigned char id); +void set_encrypt_eap_type(int eapType); +struct encrypt_data* get_encrypt_data(); + +int get_code(); +void set_code(int code); +#endif /* EXT_AUTHENTICATION_SUPPORT */ +#endif /* EXT_AUTHENTICATION_H */ \ No newline at end of file diff --git a/wpa_supplicant-2.9_standard/src/eap_peer/eap.c b/wpa_supplicant-2.9_standard/src/eap_peer/eap.c index 5d77c15234ae036fecdb34b8d1f41a675b97a71e..f1b5b2400d78683f61eeeefe7a74fcd8187c41c9 100644 --- a/wpa_supplicant-2.9_standard/src/eap_peer/eap.c +++ b/wpa_supplicant-2.9_standard/src/eap_peer/eap.c @@ -29,6 +29,17 @@ #include "eap_i.h" #include "eap_config.h" +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "base64.h" +#include "ext_authentication.h" +#include "ext_auth_eap_peap.h" +#include "eap_tls_common.h" +#include "securec.h" +#ifdef CONFIG_LIBWPA_VENDOR +#include "wpa_client.h" +#endif +#endif /* EXT_AUTHENTICATION_SUPPORT */ + #define STATE_MACHINE_DATA struct eap_sm #define STATE_MACHINE_DEBUG_PREFIX "EAP" @@ -60,7 +71,7 @@ static bool eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var) } -static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var, +void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var, bool value) { sm->eapol_cb->set_bool(sm->eapol_ctx, var, value); @@ -668,6 +679,7 @@ int eap_peer_get_erp_info(struct eap_sm *sm, struct eap_peer_config *config, #endif /* CONFIG_ERP */ + void eap_peer_erp_free_keys(struct eap_sm *sm) { #ifdef CONFIG_ERP @@ -871,7 +883,66 @@ static int eap_peer_erp_reauth_start(struct eap_sm *sm, u8 eap_id) return 0; } #endif /* CONFIG_ERP */ +#ifdef EXT_AUTHENTICATION_SUPPORT +#ifdef CONFIG_LIBWPA_VENDOR +static char* get_base64_parm(STATE_MACHINE_DATA *sm) +{ + size_t outLen = 0; + if (get_encrypt_data()->eapType != EAP_TYPE_NONE) { + u8* eapData = get_eap_data(); + int length = get_eap_data_len(); + return base64_encode_no_lf((void*)(eapData), length, &outLen); + } else { + return base64_encode_no_lf((void*)(sm->eapRespData->buf), sm->eapRespData->size, &outLen); + } +} +#endif +static void tx_ext_certification(STATE_MACHINE_DATA *sm) +{ + if(sm == NULL || sm->eapRespData == NULL) { + wpa_printf(MSG_ERROR, "ext_certification tx_ext_certification ptr is NULL"); + eapol_set_bool(sm, EAPOL_eapResp, true); + return; + } + wpa_printf(MSG_DEBUG, "ext_certification tx_ext_certification %u:2:%d", get_authentication_idx(), + sm->eapRespData->buf[TYPE_OFFSET]); + int ifname = get_ext_auth(EAP_CODE_RESPONSE, (int)(sm->eapRespData->buf[TYPE_OFFSET])); + if (ifname == IFNAME_UNKNOWN || ifname >= IFNAME_SIZE) { + eapol_set_bool(sm, EAPOL_eapResp, true); + return; + } + + set_eap_sm(sm); + size_t length = PARAM_LEN +(size_t)((sm->eapRespData->size + BASE64_NUM - 1) / BASE64_NUM * (BASE64_NUM + 1)); + if (length > BUF_SIZE) { + wpa_printf(MSG_ERROR, "length overflow"); + return; + } + +#ifdef CONFIG_LIBWPA_VENDOR + char param[length]; + add_authentication_idx(); + set_code(EAP_CODE_RESPONSE); + char* base64Parm = get_base64_parm(sm); + if (base64Parm == NULL){ + wpa_printf(MSG_ERROR, "get_base64_parm error, base64Parm is NULL"); + return; + } + // 标识符 code:EAP_CODE_REQUEST type string长度 + int res = snprintf_s(param, sizeof(param), sizeof(param) - 1, "06:%u:2:%d:%zu:%s", get_authentication_idx(), + sm->eapRespData->buf[TYPE_OFFSET], sm->eapRespData->size, base64Parm); + if (res < 0) { + wpa_printf(MSG_ERROR, "snprintf_s error: %d", res); + return; + } + + WpaEventReport(g_ifnameToString[ifname], WPA_EVENT_STA_NOTIFY, (void *) param); + clear_eap_data(); + eapol_set_bool(sm, EAPOL_eapResp, false); +#endif +} +#endif /* EXT_AUTHENTICATION_SUPPORT */ /* * The method processing happens here. The request from the authenticator is @@ -895,6 +966,9 @@ SM_STATE(EAP, METHOD) if (!eap_hdr_len_valid(eapReqData, min_len)) return; +#ifdef EXT_AUTHENTICATION_SUPPORT + set_encrypt_eap_type(EAP_TYPE_NONE); +#endif /* EXT_AUTHENTICATION_SUPPORT */ /* * Get ignore, methodState, decision, allowNotifications, and * eapRespData. RFC 4137 uses three separate method procedure (check, @@ -916,14 +990,10 @@ SM_STATE(EAP, METHOD) ret.allowNotifications = sm->allowNotifications; wpabuf_free(sm->eapRespData); sm->eapRespData = NULL; - sm->eapRespData = sm->m->process(sm, sm->eap_method_priv, &ret, - eapReqData); + sm->eapRespData = sm->m->process(sm, sm->eap_method_priv, &ret, eapReqData); wpa_printf(MSG_EXCESSIVE, "EAP: method process -> ignore=%s " - "methodState=%s decision=%s eapRespData=%p", - ret.ignore ? "TRUE" : "FALSE", - eap_sm_method_state_txt(ret.methodState), - eap_sm_decision_txt(ret.decision), - sm->eapRespData); + "methodState=%s decision=%s eapRespData=%p", ret.ignore ? "TRUE" : "FALSE", + eap_sm_method_state_txt(ret.methodState), eap_sm_decision_txt(ret.decision), sm->eapRespData); sm->ignore = ret.ignore; if (sm->ignore) @@ -932,19 +1002,14 @@ SM_STATE(EAP, METHOD) sm->decision = ret.decision; sm->allowNotifications = ret.allowNotifications; - if (sm->m->isKeyAvailable && sm->m->getKey && - sm->m->isKeyAvailable(sm, sm->eap_method_priv)) { + if (sm->m->isKeyAvailable && sm->m->getKey && sm->m->isKeyAvailable(sm, sm->eap_method_priv)) { eap_sm_free_key(sm); - sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv, - &sm->eapKeyDataLen); + sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv, &sm->eapKeyDataLen); os_free(sm->eapSessionId); sm->eapSessionId = NULL; if (sm->m->getSessionId) { - sm->eapSessionId = sm->m->getSessionId( - sm, sm->eap_method_priv, - &sm->eapSessionIdLen); - wpa_hexdump(MSG_DEBUG, "EAP: Session-Id", - sm->eapSessionId, sm->eapSessionIdLen); + sm->eapSessionId = sm->m->getSessionId(sm, sm->eap_method_priv, &sm->eapSessionIdLen); + wpa_hexdump(MSG_DEBUG, "EAP: Session-Id", sm->eapSessionId, sm->eapSessionIdLen); } } } @@ -965,7 +1030,11 @@ SM_STATE(EAP, SEND_RESPONSE) os_memcpy(sm->last_sha1, sm->req_sha1, 20); sm->lastId = sm->reqId; sm->lastRespData = wpabuf_dup(sm->eapRespData); +#ifdef EXT_AUTHENTICATION_SUPPORT + tx_ext_certification(sm); +#else eapol_set_bool(sm, EAPOL_eapResp, true); +#endif /* EXT_AUTHENTICATION_SUPPORT */ } else { wpa_printf(MSG_DEBUG, "EAP: No eapRespData available"); sm->lastRespData = NULL; diff --git a/wpa_supplicant-2.9_standard/src/eap_peer/eap.h b/wpa_supplicant-2.9_standard/src/eap_peer/eap.h index a40d007d99605279e13a2553634a441bc3bb153e..f07ad6bd1c4bee7553b298d1fcbd12440ed1c946 100644 --- a/wpa_supplicant-2.9_standard/src/eap_peer/eap.h +++ b/wpa_supplicant-2.9_standard/src/eap_peer/eap.h @@ -378,6 +378,8 @@ int eap_peer_update_erp_next_seq_num(struct eap_sm *sm, u16 seq_num); void eap_peer_erp_init(struct eap_sm *sm, u8 *ext_session_id, size_t ext_session_id_len, u8 *ext_emsk, size_t ext_emsk_len); +void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var, + bool value); #endif /* IEEE8021X_EAPOL */ diff --git a/wpa_supplicant-2.9_standard/src/eap_peer/eap_peap.c b/wpa_supplicant-2.9_standard/src/eap_peer/eap_peap.c index b1d0c314ccfb2a3ca8ceccc5db8b385fa6c48c65..338c3cb38ee58bbf1fb39cd861c274fab874714c 100644 --- a/wpa_supplicant-2.9_standard/src/eap_peer/eap_peap.c +++ b/wpa_supplicant-2.9_standard/src/eap_peer/eap_peap.c @@ -17,6 +17,9 @@ #include "eap_tls_common.h" #include "eap_config.h" #include "tncc.h" +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "ext_authentication.h" +#endif /* EXT_AUTHENTICATION_SUPPORT */ /* Maximum supported PEAP version @@ -828,6 +831,16 @@ static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data, ret->methodState = METHOD_DONE; return 1; } else if (wpabuf_len(in_data) == 0) { +#ifdef EXT_AUTHENTICATION_SUPPORT + if (sm->eapRespData != NULL && sm->eapRespData->size > TYPE_OFFSET) { + int ifname = get_ext_auth(EAP_CODE_RESPONSE, (int)(sm->eapRespData->buf[TYPE_OFFSET])); + if (IFNAME_UNKNOWN < ifname && ifname < IFNAME_SIZE) { + set_eap_data(sm->eapRespData->buf, sm->eapRespData->size); + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_data"); + set_encrypt_data(&data->ssl, EAP_TYPE_PEAP, data->peap_version, req->identifier); + } + } +#endif /* EXT_AUTHENTICATION_SUPPORT */ /* Received TLS ACK - requesting more fragments */ return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, @@ -1005,6 +1018,16 @@ continue_req: rmsg = &buf; } +#ifdef EXT_AUTHENTICATION_SUPPORT + if (sm->eapRespData != NULL && sm->eapRespData->size > TYPE_OFFSET) { + int ifname = get_ext_auth(EAP_CODE_RESPONSE, (int)(sm->eapRespData->buf[TYPE_OFFSET])); + if (IFNAME_UNKNOWN < ifname && ifname < IFNAME_SIZE) { + set_eap_data(sm->eapRespData->buf, sm->eapRespData->size); + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_data"); + set_encrypt_data(&data->ssl, EAP_TYPE_PEAP, data->peap_version, req->identifier); + } + } +#endif /* EXT_AUTHENTICATION_SUPPORT */ if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, req->identifier, rmsg, out_data)) { diff --git a/wpa_supplicant-2.9_standard/src/eap_peer/eap_ttls.c b/wpa_supplicant-2.9_standard/src/eap_peer/eap_ttls.c index 6adc22277c3616818ce2d5f17281cf180c4bf729..d3efa6aff8c376e9614066fc9a1a87b56841bb8e 100644 --- a/wpa_supplicant-2.9_standard/src/eap_peer/eap_ttls.c +++ b/wpa_supplicant-2.9_standard/src/eap_peer/eap_ttls.c @@ -18,7 +18,9 @@ #include "eap_i.h" #include "eap_tls_common.h" #include "eap_config.h" - +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "ext_authentication.h" +#endif /* EXT_AUTHENTICATION_SUPPORT */ #define EAP_TTLS_VERSION 0 @@ -1124,6 +1126,16 @@ static int eap_ttls_encrypt_response(struct eap_sm *sm, wpa_hexdump_buf_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data", resp); +#ifdef EXT_AUTHENTICATION_SUPPORT + if (sm->eapRespData != NULL && sm->eapRespData->size > TYPE_OFFSET) { + int ifname = get_ext_auth(EAP_CODE_RESPONSE, (int)(sm->eapRespData->buf[TYPE_OFFSET])); + if (IFNAME_UNKNOWN < ifname && ifname < IFNAME_SIZE) { + set_eap_data(sm->eapRespData->buf, sm->eapRespData->size); + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_data"); + set_encrypt_data(&data->ssl, EAP_TYPE_TTLS, data->ttls_version, identifier); + } + } +#endif /* EXT_AUTHENTICATION_SUPPORT */ if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, data->ttls_version, identifier, resp, out_data)) { @@ -1484,6 +1496,16 @@ start: } if (in_data == NULL || wpabuf_len(in_data) == 0) { +#ifdef EXT_AUTHENTICATION_SUPPORT + if (sm->eapRespData != NULL && sm->eapRespData->size > TYPE_OFFSET) { + int ifname = get_ext_auth(EAP_CODE_RESPONSE, (int)(sm->eapRespData->buf[TYPE_OFFSET])); + if (IFNAME_UNKOWN < ifname && ifname < IFNAME_SIZE) { + set_eap_data(sm->eapRespData->buf, sm->eapRespData->size); + wpa_printf(MSG_DEBUG, "ext_certification set_encrypt_data"); + set_encrypt_data(&data->ssl, EAP_TYPE_TTLS, data->ttls_version, identifier); + } + } +#endif /* EXT_AUTHENTICATION_SUPPORT */ /* Received TLS ACK - requesting more fragments */ return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS, data->ttls_version, diff --git a/wpa_supplicant-2.9_standard/src/eap_peer/ext_auth_eap_peap.h b/wpa_supplicant-2.9_standard/src/eap_peer/ext_auth_eap_peap.h new file mode 100644 index 0000000000000000000000000000000000000000..5e4e4ee46aa245941ef9986364eaa9542fba3678 --- /dev/null +++ b/wpa_supplicant-2.9_standard/src/eap_peer/ext_auth_eap_peap.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. + */ +#ifndef EXT_AUTH_EAP_PEAP_H +#define EXT_AUTH_EAP_PEAP_H + +#include "eap_tls_common.h" +// 复制代码,不作修改 +struct eap_peap_data { + struct eap_ssl_data ssl; + + int peap_version, force_peap_version, force_new_label; + + const struct eap_method *phase2_method; + void *phase2_priv; + int phase2_success; + int phase2_eap_success; + int phase2_eap_started; + + struct eap_method_type phase2_type; + struct eap_method_type *phase2_types; + size_t num_phase2_types; + + int peap_outer_success; /* 0 = PEAP terminated on Phase 2 inner + * EAP-Success + * 1 = reply with tunneled EAP-Success to inner + * EAP-Success and expect AS to send outer + * (unencrypted) EAP-Success after this + * 2 = reply with PEAP/TLS ACK to inner + * EAP-Success and expect AS to send outer + * (unencrypted) EAP-Success after this */ + int resuming; /* starting a resumed session */ + int reauth; /* reauthentication */ + u8 *key_data; + u8 *session_id; + size_t id_len; + + struct wpabuf *pending_phase2_req; + struct wpabuf *pending_resp; + enum { NO_BINDING, OPTIONAL_BINDING, REQUIRE_BINDING } crypto_binding; + int crypto_binding_used; + u8 binding_nonce[32]; + u8 ipmk[40]; + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ +}; +#endif diff --git a/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.c b/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.c index b2a61acb10f0e9ebdddd32b21fbaf9c106f9e654..94f27bde1d14bba0cfa7c982e3566abd05059a47 100644 --- a/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.c +++ b/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.c @@ -19,137 +19,22 @@ #include "eap_peer/eap_config.h" #include "eap_peer/eap_proxy.h" #include "eapol_supp_sm.h" +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "base64.h" +#include "eap_peer/eap_i.h" +#include "ext_authentication.h" +#include "list.h" +#include "securec.h" +#ifdef CONFIG_LIBWPA_VENDOR +#include "wpa_client.h" +#endif +#endif /* EXT_AUTHENTICATION_SUPPORT */ #define STATE_MACHINE_DATA struct eapol_sm #define STATE_MACHINE_DEBUG_PREFIX "EAPOL" #define EAP_FAIL_REASON 4 #define EAP_SM_ID_LEN 5 -/* IEEE 802.1X-2004 - Supplicant - EAPOL state machines */ - -/** - * struct eapol_sm - Internal data for EAPOL state machines - */ -struct eapol_sm { - /* Timers */ - unsigned int authWhile; - unsigned int heldWhile; - unsigned int startWhen; - unsigned int idleWhile; /* for EAP state machine */ - int timer_tick_enabled; - - /* Global variables */ - bool eapFail; - bool eapolEap; - bool eapSuccess; - bool initialize; - bool keyDone; - bool keyRun; - PortControl portControl; - bool portEnabled; - PortStatus suppPortStatus; /* dot1xSuppControlledPortStatus */ - bool portValid; - bool suppAbort; - bool suppFail; - bool suppStart; - bool suppSuccess; - bool suppTimeout; - - /* Supplicant PAE state machine */ - enum { - SUPP_PAE_UNKNOWN = 0, - SUPP_PAE_DISCONNECTED = 1, - SUPP_PAE_LOGOFF = 2, - SUPP_PAE_CONNECTING = 3, - SUPP_PAE_AUTHENTICATING = 4, - SUPP_PAE_AUTHENTICATED = 5, - /* unused(6) */ - SUPP_PAE_HELD = 7, - SUPP_PAE_RESTART = 8, - SUPP_PAE_S_FORCE_AUTH = 9, - SUPP_PAE_S_FORCE_UNAUTH = 10 - } SUPP_PAE_state; /* dot1xSuppPaeState */ - /* Variables */ - bool userLogoff; - bool logoffSent; - unsigned int startCount; - bool eapRestart; - PortControl sPortMode; - /* Constants */ - unsigned int heldPeriod; /* dot1xSuppHeldPeriod */ - unsigned int startPeriod; /* dot1xSuppStartPeriod */ - unsigned int maxStart; /* dot1xSuppMaxStart */ - - /* Key Receive state machine */ - enum { - KEY_RX_UNKNOWN = 0, - KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE - } KEY_RX_state; - /* Variables */ - bool rxKey; - - /* Supplicant Backend state machine */ - enum { - SUPP_BE_UNKNOWN = 0, - SUPP_BE_INITIALIZE = 1, - SUPP_BE_IDLE = 2, - SUPP_BE_REQUEST = 3, - SUPP_BE_RECEIVE = 4, - SUPP_BE_RESPONSE = 5, - SUPP_BE_FAIL = 6, - SUPP_BE_TIMEOUT = 7, - SUPP_BE_SUCCESS = 8 - } SUPP_BE_state; /* dot1xSuppBackendPaeState */ - /* Variables */ - bool eapNoResp; - bool eapReq; - bool eapResp; - /* Constants */ - unsigned int authPeriod; /* dot1xSuppAuthPeriod */ - - /* Statistics */ - unsigned int dot1xSuppEapolFramesRx; - unsigned int dot1xSuppEapolFramesTx; - unsigned int dot1xSuppEapolStartFramesTx; - unsigned int dot1xSuppEapolLogoffFramesTx; - unsigned int dot1xSuppEapolRespFramesTx; - unsigned int dot1xSuppEapolReqIdFramesRx; - unsigned int dot1xSuppEapolReqFramesRx; - unsigned int dot1xSuppInvalidEapolFramesRx; - unsigned int dot1xSuppEapLengthErrorFramesRx; - unsigned int dot1xSuppLastEapolFrameVersion; - unsigned char dot1xSuppLastEapolFrameSource[6]; - - /* Miscellaneous variables (not defined in IEEE 802.1X-2004) */ - bool changed; - struct eap_sm *eap; - struct eap_peer_config *config; - bool initial_req; - u8 *last_rx_key; - size_t last_rx_key_len; - struct wpabuf *eapReqData; /* for EAP */ - bool altAccept; /* for EAP */ - bool altReject; /* for EAP */ - bool eapTriggerStart; - bool replay_counter_valid; - u8 last_replay_counter[16]; - struct eapol_config conf; - struct eapol_ctx *ctx; - enum { EAPOL_CB_IN_PROGRESS = 0, EAPOL_CB_SUCCESS, EAPOL_CB_FAILURE } - cb_status; - bool cached_pmk; - - bool unicast_key_received, broadcast_key_received; - - bool force_authorized_update; - -#ifdef CONFIG_EAP_PROXY - bool use_eap_proxy; - struct eap_proxy_sm *eap_proxy; -#endif /* CONFIG_EAP_PROXY */ -}; - - static void eapol_sm_txLogoff(struct eapol_sm *sm); static void eapol_sm_txStart(struct eapol_sm *sm); static void eapol_sm_processKey(struct eapol_sm *sm); @@ -1285,6 +1170,46 @@ int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen) } #endif /* CONFIG_CTRL_IFACE */ +#ifdef EXT_AUTHENTICATION_SUPPORT +static void rx_ext_certification(struct eapol_sm *sm) +{ + if (sm == NULL || sm->eap == NULL) { + wpa_printf(MSG_ERROR, "ext_certification rx_ext_certification ptr is NULL"); + return; + } + wpa_printf(MSG_DEBUG, "ext_certification rx_ext_certification %u:1:%d", get_authentication_idx(), + sm->eapReqData->buf[TYPE_OFFSET]); + int ifname = get_ext_auth(EAP_CODE_REQUEST, (int)(sm->eapReqData->buf[TYPE_OFFSET])); + if (ifname == IFNAME_UNKNOWN || ifname >= IFNAME_SIZE) { + eapol_sm_step(sm); + return; + } + + set_eap_sm(sm); + size_t length = PARAM_LEN + (size_t)((sm->eapReqData->size + BASE64_NUM - 1) / BASE64_NUM * (BASE64_NUM + 1)); + if (length > BUF_SIZE) { + wpa_printf(MSG_ERROR, "ext_certification rx_ext_certification ptr is NULL"); + return; + } +#ifdef CONFIG_LIBWPA_VENDOR + char param[length]; + add_authentication_idx(); + set_code(EAP_CODE_REQUEST); + + size_t outLen = 0; + char* base64Parm = base64_encode_no_lf((void*)(sm->eapReqData->buf), sm->eapReqData->size, &outLen); + // 标识符 code:EAP_CODE_REQUEST type string长度 base64转换过的buf + int res = snprintf_s(param, sizeof(param), sizeof(param) - 1, "06:%u:1:%d:%zu:%s", get_authentication_idx(), + sm->eapReqData->buf[TYPE_OFFSET], sm->eapReqData->size, base64Parm); + if (res < 0) { + wpa_printf(MSG_ERROR, "snprintf_s error: %d", res); + return; + } + free(base64Parm); + WpaEventReport(g_ifnameToString[ifname], WPA_EVENT_STA_NOTIFY, (void *)param); +#endif +} +#endif /* EXT_AUTHENTICATION_SUPPORT */ /** * eapol_sm_rx_eapol - Process received EAPOL frames @@ -1410,7 +1335,11 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, "EAP Req updated"); } #endif /* CONFIG_EAP_PROXY */ +#ifdef EXT_AUTHENTICATION_SUPPORT + rx_ext_certification(sm); +#else eapol_sm_step(sm); +#endif /* EXT_AUTHENTICATION_SUPPORT */ } break; case IEEE802_1X_TYPE_EAPOL_KEY: @@ -1441,7 +1370,11 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, os_memcpy(sm->last_rx_key, buf, data_len); sm->last_rx_key_len = data_len; sm->rxKey = true; +#ifdef EXT_AUTHENTICATION_SUPPORT + rx_ext_certification(sm); +#else eapol_sm_step(sm); +#endif /* EXT_AUTHENTICATION_SUPPORT */ } break; #ifdef CONFIG_MACSEC diff --git a/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.h b/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.h index d0eb523914d6d0f37aab41932dbbc012a65639ca..784b5b3a197bafdda0068741dda01f48865669b2 100644 --- a/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.h +++ b/wpa_supplicant-2.9_standard/src/eapol_supp/eapol_supp_sm.h @@ -69,6 +69,132 @@ struct eapol_config { int wps; }; +/* IEEE 802.1X-2004 - Supplicant - EAPOL state machines */ + +/** + * struct eapol_sm - Internal data for EAPOL state machines + */ + // 将定义放到.h +struct eapol_sm { + /* Timers */ + unsigned int authWhile; + unsigned int heldWhile; + unsigned int startWhen; + unsigned int idleWhile; /* for EAP state machine */ + int timer_tick_enabled; + + /* Global variables */ + Boolean eapFail; + Boolean eapolEap; + Boolean eapSuccess; + Boolean initialize; + Boolean keyDone; + Boolean keyRun; + PortControl portControl; + Boolean portEnabled; + PortStatus suppPortStatus; /* dot1xSuppControlledPortStatus */ + Boolean portValid; + Boolean suppAbort; + Boolean suppFail; + Boolean suppStart; + Boolean suppSuccess; + Boolean suppTimeout; + + /* Supplicant PAE state machine */ + enum { + SUPP_PAE_UNKNOWN = 0, + SUPP_PAE_DISCONNECTED = 1, + SUPP_PAE_LOGOFF = 2, + SUPP_PAE_CONNECTING = 3, + SUPP_PAE_AUTHENTICATING = 4, + SUPP_PAE_AUTHENTICATED = 5, + /* unused(6) */ + SUPP_PAE_HELD = 7, + SUPP_PAE_RESTART = 8, + SUPP_PAE_S_FORCE_AUTH = 9, + SUPP_PAE_S_FORCE_UNAUTH = 10 + } SUPP_PAE_state; /* dot1xSuppPaeState */ + /* Variables */ + Boolean userLogoff; + Boolean logoffSent; + unsigned int startCount; + Boolean eapRestart; + PortControl sPortMode; + /* Constants */ + unsigned int heldPeriod; /* dot1xSuppHeldPeriod */ + unsigned int startPeriod; /* dot1xSuppStartPeriod */ + unsigned int maxStart; /* dot1xSuppMaxStart */ + + /* Key Receive state machine */ + enum { + KEY_RX_UNKNOWN = 0, + KEY_RX_NO_KEY_RECEIVE, + KEY_RX_KEY_RECEIVE + } KEY_RX_state; + /* Variables */ + Boolean rxKey; + + /* Supplicant Backend state machine */ + enum { + SUPP_BE_UNKNOWN = 0, + SUPP_BE_INITIALIZE = 1, + SUPP_BE_IDLE = 2, + SUPP_BE_REQUEST = 3, + SUPP_BE_RECEIVE = 4, + SUPP_BE_RESPONSE = 5, + SUPP_BE_FAIL = 6, + SUPP_BE_TIMEOUT = 7, + SUPP_BE_SUCCESS = 8 + } SUPP_BE_state; /* dot1xSuppBackendPaeState */ + /* Variables */ + Boolean eapNoResp; + Boolean eapReq; + Boolean eapResp; + /* Constants */ + unsigned int authPeriod; /* dot1xSuppAuthPeriod */ + + /* Statistics */ + unsigned int dot1xSuppEapolFramesRx; + unsigned int dot1xSuppEapolFramesTx; + unsigned int dot1xSuppEapolStartFramesTx; + unsigned int dot1xSuppEapolLogoffFramesTx; + unsigned int dot1xSuppEapolRespFramesTx; + unsigned int dot1xSuppEapolReqIdFramesRx; + unsigned int dot1xSuppEapolReqFramesRx; + unsigned int dot1xSuppInvalidEapolFramesRx; + unsigned int dot1xSuppEapLengthErrorFramesRx; + unsigned int dot1xSuppLastEapolFrameVersion; + unsigned char dot1xSuppLastEapolFrameSource[6]; + + /* Miscellaneous variables (not defined in IEEE 802.1X-2004) */ + Boolean changed; + struct eap_sm *eap; + struct eap_peer_config *config; + Boolean initial_req; + u8 *last_rx_key; + size_t last_rx_key_len; + struct wpabuf *eapReqData; /* for EAP */ + Boolean altAccept; /* for EAP */ + Boolean altReject; /* for EAP */ + Boolean eapTriggerStart; + Boolean replay_counter_valid; + u8 last_replay_counter[16]; + struct eapol_config conf; + struct eapol_ctx *ctx; + enum { EAPOL_CB_IN_PROGRESS = 0, EAPOL_CB_SUCCESS, EAPOL_CB_FAILURE } + cb_status; + Boolean cached_pmk; + + Boolean unicast_key_received, broadcast_key_received; + + Boolean force_authorized_update; + +#ifdef CONFIG_EAP_PROXY + Boolean use_eap_proxy; + struct eap_proxy_sm *eap_proxy; +#endif /* CONFIG_EAP_PROXY */ +}; + struct eapol_sm; struct wpa_config_blob; diff --git a/wpa_supplicant-2.9_standard/wpa_supplicant/ctrl_iface.c b/wpa_supplicant-2.9_standard/wpa_supplicant/ctrl_iface.c index 545398bce889ab9772d6a78620b04e99284d6721..b6cc3ffc632dedf9db0c15456b9f18187444ab80 100644 --- a/wpa_supplicant-2.9_standard/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant-2.9_standard/wpa_supplicant/ctrl_iface.c @@ -98,6 +98,21 @@ #include "securec.h" #include "hilink_okc.h" #endif + +#ifdef EXT_AUTHENTICATION_SUPPORT +#include "base64.h" +#include "ext_authentication.h" +#include "eap_peer/eap_tls_common.h" +#include "securec.h" +#define EXT_OFFSET 8 + +enum { + EXT_AUTH_FAIL = 0, + EXT_AUTH_NEXT = 1, + EXT_AUTH_FINISH = 2 +} ExtResult; +#endif /* EXT_AUTHENTICATION_SUPPORT */ + #define P2P_160M_MASK 0x08000000 #define DISCOVER_TIMEOUT_S 120 #define DISCOVER_CHANNELID 20000 @@ -12757,6 +12772,176 @@ static int wpa_supplicant_ctrl_iface_get_require_pmf(struct wpa_supplicant *wpa_ return 0; } +#ifdef EXT_AUTHENTICATION_SUPPORT +static int* parse_codes(char* input, int* count) { + char* token = strtok(input, ":"); + if (token == NULL) { + *count = 0; + return NULL; + } + int num = atoi(token); + if (num <= 0) { + *count = 0; + return NULL; + } + + int* datas = (int*)malloc(num * sizeof(int)); + if (datas == NULL) { + *count = 0; + return NULL; + } + + int i = 0; + token = strtok(NULL, ":"); + while (token != NULL && i < num) { + datas[i++] = atoi(token); + token = strtok(NULL, ":"); + } + + *count = i; + if (i < num) { + wpa_printf(MSG_ERROR, "num error"); + return NULL; + } + + return datas; +} + +static int ext_auth_reg(char *params) +{ + if (strlen(params) < EXT_AUTH_REG_PREFIX_SIZE + IFNAME_LENGTH) { + wpa_printf(MSG_ERROR, "ext_auth_reg params error"); + return -1; + } + int count = 0; + int ifname = (params[EXT_AUTH_REG_PREFIX_SIZE] - '0'); + wpa_printf(MSG_INFO, "ext_certification EXT_AUTH_REG: ifname: %d", ifname); + int* datas = parse_codes(params + EXT_AUTH_REG_PREFIX_SIZE + IFNAME_LENGTH, &count); + + if (datas != NULL) { + // 输出解析结果 + for (int i = 0; i < count; ++i) { + int value = datas[i]; + uint type = ((int64_t)value) & ((1 << EXT_OFFSET) - 1); + uint code = ((int64_t)value) >> EXT_OFFSET; + wpa_printf(MSG_DEBUG, "ext_certification EXT_AUTH_REG_PREFIX: value: %d, %u, %u", value, type, code); + reg_ext_auth(code, type, ifname); + } + // 释放内存 + free(datas); + return 0; + } + wpa_printf(MSG_ERROR, "ext_auth_reg parse_codes error, datas = NULL"); + return -1; +} + +static int ext_auth_unreg(char *params) +{ + int count = 0; + int* datas = parse_codes(params + EXT_AUTH_UNREG_PREFIX_SIZE, &count); + + if (datas != NULL) { + // 输出解析结果 + for (int i = 0; i < count; ++i) { + int value = datas[i]; + uint type = ((int64_t)value) & ((1 << EXT_OFFSET) - 1); + uint code = ((int64_t)value) >> EXT_OFFSET; + wpa_printf(MSG_DEBUG, "ext_certification EXT_AUTH_UNREG_PREFIX_SIZE: value: %d, %u, %u", + value, type, code); + un_reg_ext_auth(code, type); + } + // 释放内存 + free(datas); + return 0; + } + wpa_printf(MSG_ERROR, "ext_auth_unreg parse_codes error, datas = NULL"); + return -1; +} + +static int ext_auth_data_inner(struct wpa_supplicant * wpa_s, u8* dataBuf, int result, int bufferLen) +{ + int code = get_code(); + if (result == EXT_AUTH_FAIL) { + wpa_printf(MSG_ERROR, "ext_auth_data_inner EXT_AUTH_FAIL"); + eapol_sm_notify_eap_fail(wpa_s->eapol, true); + return 0; + } + if (result == EXT_AUTH_FINISH) { + wpa_printf(MSG_DEBUG, "ext_auth_data_inner EXT_AUTH_FINISH"); + eapol_sm_notify_eap_success(wpa_s->eapol, true); + return 0; + } + // 修改sm + if (code == EAP_CODE_REQUEST) { + wpa_printf(MSG_DEBUG, "ext_certification code = EAP_CODE_REQUEST"); + wpa_s->eapol->eapReqData->size = bufferLen; + wpa_s->eapol->eapReqData->buf = dataBuf; + eapol_sm_step(wpa_s->eapol); + return 0; + } else if (code == EAP_CODE_RESPONSE) { + struct wpabuf *respData = wpa_s->eapol->eap->eapRespData; + respData->size = bufferLen; + respData->buf = dataBuf; + struct encrypt_data* data = get_encrypt_data(); + wpa_printf(MSG_DEBUG, "ext_certification code = EAP_CODE_RESPONSE, eapType: %d", data->eapType); + if (data->eapType != EAP_TYPE_NONE) { + wpa_printf(MSG_DEBUG, "ext_certification Encrypt get_encrypt_data"); + // 加密相关操作 + (void)eap_peer_tls_encrypt(get_eap_sm(), data->ssl, data->eapType, data->version, data->id, + NULL, &wpa_s->eapol->eap->eapRespData); + set_encrypt_eap_type(EAP_TYPE_NONE); + } + eapol_set_bool(get_eap_sm(), EAPOL_eapResp, true); + eapol_sm_step(wpa_s->eapol); + return 0; + } + return -1; +} + +static int ext_auth_data(struct wpa_supplicant *wpa_s, char *params) +{ + wpa_printf(MSG_DEBUG, "ext_certification ext_auth_data enter"); + params = params + EXT_AUTH_DATA_PREFIX_SIZE; + + // 处理字符串 + size_t result, idx, bufferLen; + if (sscanf_s(params, "%zu:%zu:%zu:", &result, &idx, &bufferLen) != 3) { + wpa_printf(MSG_ERROR, "sscanf error %zu:%zu:%zu", result, idx, bufferLen); + return -1; + } + wpa_printf(MSG_DEBUG, "ext_certification ext_auth_data result %zu:%zu:%zu", result, idx, bufferLen); + size_t length = strlen(params); + size_t startIdx = 0; + size_t cnt = 0; + size_t paramCnt = 3; + for (; startIdx < length; ++startIdx) { + if (params[startIdx] == ':') { + ++cnt; + } + if (cnt == paramCnt) { + break; + } + } + ++startIdx; + size_t count = 0; + u8* databuf = base64_decode(params + startIdx, strlen(params + startIdx), &count); + + bool illegal = (count != bufferLen) || (get_authentication_idx() != (int)idx) ||(dataBuf == NULL); + if (illegal) { + os_free(dataBuf); + dataBuf = NULL; + wpa_printf(MSG_ERROR, "ext_auth_data base64_decode error %zu:%zu:%zu:%zu:%zu", + result, idx, bufferLen, startIdx, length); + return -1; + } + + int res = ext_auth_data_inner(wpa_s, dataBuf, result, bufferLen); + os_free(dataBuf); + dataBuf = NULL; + return res; +} +#endif /* EXT_AUTHENTICATION_SUPPORT */ + static int wpa_supplicant_sta_shell_cmd(struct wpa_supplicant *wpa_s, char *params) { int ret; @@ -12765,6 +12950,21 @@ static int wpa_supplicant_sta_shell_cmd(struct wpa_supplicant *wpa_s, char *para } wpa_printf(MSG_DEBUG, "ctrl_iface: wpa_supplicant_sta_shell_cmd"); + +#ifdef EXT_AUTHENTICATION_SUPPORT + if (strncmp(params, EXT_AUTH_REG_PREFIX, EXT_AUTH_REG_PREFIX_SIZE) == 0) { + return ext_auth_reg(params); + } + + if (strncmp(params, EXT_AUTH_UNREG_PREFIX, EXT_AUTH_UNREG_PREFIX_SIZE) == 0) { + return ext_auth_unreg(params); + } + + if (strncmp(params, EXT_AUTH_DATA_PREFIX, EXT_AUTH_DATA_PREFIX_SIZE) == 0) { + return ext_auth_data(wpa_s, params); + } +#endif /* EXT_AUTHENTICATION_SUPPORT */ + if ((strncmp(params, GSM_AUTH_PREFIX, GSM_AUTH_PREFIX_SIZE) == 0) || (strncmp(params, UMTS_AUTH_PREFIX, UMTS_AUTH_PREFIX_SIZE) == 0) || (strncmp(params, UMTS_AUTS_PREFIX, UMTS_AUTS_PREFIX_SIZE) == 0)) { diff --git a/wpa_supplicant-2.9_standard/wpa_supplicant/notify.h b/wpa_supplicant-2.9_standard/wpa_supplicant/notify.h index aaea046e1fc061c7bc9b31584ee1bf3e651ecfd8..71ffc535afcd462be2728483a39ca1d8cc5d840a 100644 --- a/wpa_supplicant-2.9_standard/wpa_supplicant/notify.h +++ b/wpa_supplicant-2.9_standard/wpa_supplicant/notify.h @@ -22,6 +22,16 @@ struct wpa_cred; struct rsn_pmksa_cache_entry; #define RSP_PARAM_SIZE 120 + +#ifdef EXT_AUTHENTICATION_SUPPORT +#define EXT_AUTH_REG_PREFIX "EXT_AUTH_REG " +#define EXT_AUTH_REG_PREFIX_SIZE 13 +#define EXT_AUTH_UNREG_PREFIX "EXT_AUTH_UNREG " +#define EXT_AUTH_UNREG_PREFIX_SIZE 15 +#define EXT_AUTH_DATA_PREFIX "EXT_AUTH_DATA " +#define EXT_AUTH_DATA_PREFIX_SIZE 14 +#endif /* EXT_AUTHENTICATION_SUPPORT */ + #define GSM_AUTH_PREFIX "GSM-AUTH" #define GSM_AUTH_PREFIX_SIZE 8 #define UMTS_AUTH_PREFIX "UMTS-AUTH"