[prev in list] [next in list] [prev in thread] [next in thread]
List: open1x-xsupplicant
Subject: [Open1x-xsupplicant] Fragment implementation
From: Lidia =?ISO-8859-1?Q?Fern=E1ndez?= <lidia.fernandez () dif ! um ! es>
Date: 2007-09-07 11:16:30
Message-ID: 1189163791.5046.36.camel () lidia-desktop
[Download RAW message or body]
Hello all!
I have been worked with open1x because i need a peap.
I have found some things that i needed but that open1x didn't have
implemented, we are trying solve the problem...i tell you the changes
that i had for your suggestions and comment.
Fragment: I need fragment, in the actual open1x implementation only
fragment in the handshake, but not after that.
I need fragment after handshake before i wait for a long success message
that included one tlv more.
To obtain this behaviour i have had to change some thing:
First, we find the error, and return it to up.
---------------
| tls_crypt.c |
---------------
int tls_crypt_decrypt(struct generic_eap_data *thisint, uint8_t
*in_data, int in_size, uint8_t *out_data, int *out_size)
.............................
rc=SSL_read(mytls_vars->ssl, out_data,1000);
if(rc<0){ // if error, we need more data
return XTLSNEEDDATA;
}
...........................
--------------
peap_phase2.c
--------------
#include "../tls/tls_funcs.h"
.............
int ret = tls_crypt_decrypt(thisint, in, in_size, decr_data,
&decrsize);
if (ret != XENONE)
{
//Now, we check if tls_crypt_decrypt return us NEEDDATA
if (ret == XTLSNEEDDATA){
// Build a ack, as same as you do in handshake
tls_funcs_build_ack(out, out_size);
return XENONE;
}
else{
debug_printf(DEBUG_AUTHTYPES, "Decryption failed.\n");
bzero(in, 50);
*out_size = 0;
if (encr_data != NULL)
free(encr_data);
if (decr_data != NULL)
free(decr_data);
return XETLSCRYPTFAIL;
}
}
.........................
if (encrsize > 0)
{
debug_printf(DEBUG_AUTHTYPES, "Unencrypted return frame : \n");
debug_hex_dump(DEBUG_AUTHTYPES, encr_data, encrsize);
//I modify the leaving packet. The length of this packet will be
only 11 bytes, this is that the server need to view only the SUCCESS
int i=0;
int flag=0;
int type=0;
int length=0;
if (encr_data[4] == EAP_TLV){
i = 5;
while ( i <encrsize && flag == 0){
if (encr_data[i++] == MANDATORY){
type=encr_data[i++];
if (type == EAP_TLV_ACK_RESULT){
length = encr_data[++i];
i = i + length + 1;
}
if (type == EAP_TLV_VENDOR_SPECIFIC){
encr_data[3]=11;
encrsize=11;
}
}
}
}
With this changes, (and other more in server) you can do fragmente in
all moment.
I wait for your comment.
Regards, Lidia Fernández.
--
*******************************************************************
LIDIA FERNANDEZ CARPES
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica
Universidad de Murcia. Campus de Espinardo
30080 Murcia (SPAIN)
Tel.: +34 968 364644
Fax: +34 968 364151
email: lidia.fernandez@dif.um.es
*******************************************************************
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Open1x-xsupplicant mailing list
Open1x-xsupplicant@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/open1x-xsupplicant
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic