Skip to content

Commit

Permalink
Ian's initial patch to handle EAP networks, capturetheir hashes and s…
Browse files Browse the repository at this point in the history
…end them off for cracking. Based on Brad's initial hostapd-wpe work.
  • Loading branch information
singe committed Aug 4, 2014
1 parent 41c516f commit a212242
Show file tree
Hide file tree
Showing 10 changed files with 173 additions and 35 deletions.
8 changes: 8 additions & 0 deletions hostapd/config_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,8 @@ static int hostapd_config_read_eap_user(const char *fname,
user->phase2 = 1;
}

//wpa_printf(MSG_INFO, "ZZZZ : user->identity : %s\tuser->password : %s", user->identity, user->password);

done:
if (tail == NULL) {
tail = conf->eap_user = user;
Expand Down Expand Up @@ -3153,6 +3155,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line, pos);
return 1;
}
// ZZZZ -> STR INPUT AND OUTPUT NODES
//} else if (os_strcmp(buf, "ennode") == 0) {
//wpa_printf(MSG_INFO, "ZZZZ : ENNODE");
//} else if (os_strcmp(buf, "exnode") == 0) {
//wpa_printf(MSG_INFO, "ZZZZ : EXNODE");
// ZZZZ -> END INPUT AND OUTPUT NODES
} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
Expand Down
24 changes: 23 additions & 1 deletion hostapd/ctrl_iface.c
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
#include "ctrl_iface.h"
#include "ap/beacon.h"


struct wpa_ctrl_dst {
struct wpa_ctrl_dst *next;
struct sockaddr_un addr;
Expand Down Expand Up @@ -246,6 +245,25 @@ static int hostapd_ctrl_iface_karma_enable_disable (struct hostapd_data *hapd,

return 0;
}

static int hostapd_ctrl_iface_karma_eap (struct hostapd_data *hapd)
{
//wpa_printf(MSG_INFO, "ZZZZ : %s", hapd->conf->eap_user->identity['t\0']);
//hapd.hostapd_reload_bss();
//hostapd_reload_bss(hapd);
//const u8 *ident = 't';
//wpa_printf(MSG_INFO, "ZZZZ : HERE 1");
//hostapd_get_eap_user(hapd, ident, 1, 1);
//wpa_printf(MSG_INFO, "ZZZZ : HERE 2");
//wpa_printf(MSG_INFO, "ZZZZ : %s", hostapd_get_eap_user(hapd, ident, 1, 0));
//wpa_printf(MSG_INFO, "ZZZZ : %s", user->password);
//wpa_hexdump_ascii(MSG_INFO, "ZZZZ : ", hapd->conf->eap_user->password, hapd->conf->eap_user);
// ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
//wpa_printf(MSG_INFO, "ZZZZ : %s", hapd);
//int n = sizeof(hapd->conf->eap_user->password);
//wpa_printf(MSG_INFO, "ZZZZ : USERPASSWORDSIZE: %d", n);
return 0;
}
// KARMA END

#ifdef CONFIG_IEEE80211W
Expand Down Expand Up @@ -1681,6 +1699,10 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strcmp(buf, "KARMA_ENABLE") == 0) {
if (hostapd_ctrl_iface_karma_enable_disable(hapd, 1))
reply_len = -1;
} else if (os_strcmp(buf, "KARMA_EAP") == 0) {
hostapd_ctrl_iface_karma_eap(hapd);
os_memcpy(reply, "EAP USERS RELOADED\n", 19);
reply_len = 19;
// END KARMA
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
Expand Down
6 changes: 6 additions & 0 deletions hostapd/hostapd_cli.c
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ static const char *commands_help =
" karma_get_state get the state of Karma\n"
" karma_add_black_mac add a MAC to the black list\n"
" karma_add_white_mac add a MAC to the white list\n"
" karma_reload_eap reload users when challenge/response is cracked\n"
// KARMA END
" quit exit hostapd_cli\n";

Expand Down Expand Up @@ -433,6 +434,10 @@ static int hostapd_cli_cmd_karma_get_state(struct wpa_ctrl *ctrl, int argc, char
{
return wpa_ctrl_command(ctrl, "KARMA_STATE");
}
static int hostapd_cli_cmd_karma_reload_eap(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
return wpa_ctrl_command(ctrl, "KARMA_EAP");
}
// END KARMA


Expand Down Expand Up @@ -1104,6 +1109,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "karma_get_state", hostapd_cli_cmd_karma_get_state},
{ "karma_disable", hostapd_cli_cmd_karma_disable},
{ "karma_enable", hostapd_cli_cmd_karma_enable},
{ "karma_reload_eap", hostapd_cli_cmd_karma_reload_eap},
// END KARMA
{ "set_qos_map_set", hostapd_cli_cmd_set_qos_map_set },
{ "send_qos_map_conf", hostapd_cli_cmd_send_qos_map_conf },
Expand Down
2 changes: 1 addition & 1 deletion src/crypto/ms_funcs.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
Expand Down
4 changes: 4 additions & 0 deletions src/crypto/ms_funcs.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ int generate_authenticator_response_pwhash(
int nt_challenge_response(const u8 *challenge, const u8 *password,
size_t password_len, u8 *response);

int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge);

void challenge_response(const u8 *challenge, const u8 *password_hash,
u8 *response);
int nt_password_hash(const u8 *password, size_t password_len,
Expand Down
6 changes: 3 additions & 3 deletions src/crypto/tls_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2898,7 +2898,7 @@ int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
data_len) != 1)
return -1;
#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
if (SSL_set_session_ticket_ext(conn->ssl, ext_type, (void *) data,
data_len) != 1)
return -1;
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
Expand Down Expand Up @@ -3518,7 +3518,7 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
if (SSL_set_session_ticket_ext_cb(conn->ssl, tls_hello_ext_cb,
conn) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
Expand All @@ -3533,7 +3533,7 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
SSL_set_tlsext_debug_callback(conn->ssl, NULL);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
if (SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
Expand Down
34 changes: 31 additions & 3 deletions src/eap_server/eap_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -94,27 +94,55 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
int phase2)
{
struct eap_user *user;
struct eap_user *user2;
char ident = 't';

wpa_printf(MSG_INFO, "ZZZZ : identity: %s", identity);

if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
sm->eapol_cb->get_eap_user == NULL) {
wpa_printf(MSG_INFO, "ZZZZ : Start 1");
return -1;
}

eap_user_free(sm->user);
sm->user = NULL;

wpa_printf(MSG_INFO, "ZZZZ : Start 2");
user = os_zalloc(sizeof(*user));
if (user == NULL)
wpa_printf(MSG_INFO, "ZZZZ : Start 3");
if (user == NULL) {
wpa_printf(MSG_INFO, "ZZZZ : Start 4");
return -1;

}
user2 = os_zalloc(sizeof(*user2));
if (user2 == NULL) {
return -1;
}
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity, identity_len, phase2, user2) != 0) {
user2 = NULL;
}
if(phase2) {
//wpa_printf(MSG_INFO, "ZZZZ : Start 4");
identity = (const u8 *)&ident;
identity_len = 1;
}
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
wpa_printf(MSG_INFO, "ZZZZ : Start 5");
return -1;
}
if (user2 != NULL) {
user->password = user2->password;
user->password_len = user2->password_len;
}

sm->user = user;
sm->user_eap_method_index = 0;

wpa_printf(MSG_INFO, "ZZZZ : user->password: %s", user->password);

return 0;
}

Expand Down
3 changes: 2 additions & 1 deletion src/eap_server/eap_server_fast.c
Original file line number Diff line number Diff line change
Expand Up @@ -1034,7 +1034,8 @@ static void eap_fast_process_phase2_response(struct eap_sm *sm,

switch (data->state) {
case PHASE2_ID:
if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
//if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Phase2 "
"Identity not found in the user "
"database",
Expand Down
Loading

0 comments on commit a212242

Please sign in to comment.