Lines Matching refs:data
57 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data);
81 static void eap_aka_state(struct eap_aka_data *data, int state)
84 eap_aka_state_txt(data->state),
86 data->state = state;
91 struct eap_aka_data *data,
94 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
97 if (data->eap_method == EAP_TYPE_AKA &&
102 data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
104 if (data->reauth == NULL) {
112 os_strlcpy(data->permanent, data->reauth->permanent,
113 sizeof(data->permanent));
114 data->counter = data->reauth->counter;
115 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
116 os_memcpy(data->k_encr, data->reauth->k_encr,
118 os_memcpy(data->k_aut, data->reauth->k_aut,
120 os_memcpy(data->k_re, data->reauth->k_re,
123 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
126 eap_aka_state(data, REAUTH);
132 struct eap_aka_data *data)
142 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
151 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
153 (data->eap_method == EAP_TYPE_AKA &&
167 os_strlcpy(data->permanent, permanent,
168 sizeof(data->permanent));
173 eap_aka_fullauth(sm, data);
182 struct eap_aka_data *data;
189 data = os_zalloc(sizeof(*data));
190 if (data == NULL)
193 data->eap_method = EAP_TYPE_AKA;
195 data->state = IDENTITY;
196 data->pending_id = -1;
197 eap_aka_check_identity(sm, data);
199 return data;
206 struct eap_aka_data *data;
215 data = os_zalloc(sizeof(*data));
216 if (data == NULL)
219 data->eap_method = EAP_TYPE_AKA_PRIME;
220 data->network_name = (u8 *) os_strdup(network_name);
221 if (data->network_name == NULL) {
222 os_free(data);
226 data->network_name_len = os_strlen(network_name);
228 data->state = IDENTITY;
229 data->pending_id = -1;
230 eap_aka_check_identity(sm, data);
232 return data;
239 struct eap_aka_data *data = priv;
240 os_free(data->next_pseudonym);
241 os_free(data->next_reauth_id);
242 wpabuf_free(data->id_msgs);
243 os_free(data->network_name);
244 os_free(data);
248 static int eap_aka_add_id_msg(struct eap_aka_data *data,
254 if (data->id_msgs == NULL) {
255 data->id_msgs = wpabuf_dup(msg);
256 return data->id_msgs == NULL ? -1 : 0;
259 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
261 wpabuf_put_buf(data->id_msgs, msg);
267 static void eap_aka_add_checkcode(struct eap_aka_data *data,
276 if (data->id_msgs == NULL) {
286 addr = wpabuf_head(data->id_msgs);
287 len = wpabuf_len(data->id_msgs);
288 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
289 if (data->eap_method == EAP_TYPE_AKA_PRIME)
295 data->eap_method == EAP_TYPE_AKA_PRIME ?
300 static int eap_aka_verify_checkcode(struct eap_aka_data *data,
311 if (data->id_msgs == NULL) {
321 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
332 addr = wpabuf_head(data->id_msgs);
333 len = wpabuf_len(data->id_msgs);
334 if (data->eap_method == EAP_TYPE_AKA_PRIME)
349 struct eap_aka_data *data, u8 id)
355 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
357 data->identity_round++;
358 if (data->identity_round == 1) {
366 } else if (data->identity_round > 3) {
381 if (eap_aka_add_id_msg(data, buf) < 0) {
385 data->pending_id = id;
390 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
394 os_free(data->next_pseudonym);
396 data->next_pseudonym =
399 data->eap_method == EAP_TYPE_AKA_PRIME ?
403 data->next_pseudonym = NULL;
405 os_free(data->next_reauth_id);
406 if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
407 data->next_reauth_id =
410 data->eap_method == EAP_TYPE_AKA_PRIME ?
415 data->next_reauth_id = NULL;
418 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
437 if (data->next_pseudonym) {
439 data->next_pseudonym);
441 os_strlen(data->next_pseudonym),
442 (u8 *) data->next_pseudonym,
443 os_strlen(data->next_pseudonym));
446 if (data->next_reauth_id) {
448 data->next_reauth_id);
450 os_strlen(data->next_reauth_id),
451 (u8 *) data->next_reauth_id,
452 os_strlen(data->next_reauth_id));
455 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
466 struct eap_aka_data *data,
472 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
475 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN);
477 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN);
478 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
479 if (data->kdf) {
482 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf,
490 data->network_name_len,
491 data->network_name, data->network_name_len);
494 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) {
499 eap_aka_add_checkcode(data, msg);
507 if (data->eap_method == EAP_TYPE_AKA) {
537 return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
542 struct eap_aka_data *data, u8 id)
548 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
551 data->nonce_s, EAP_SIM_NONCE_S_LEN);
553 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
554 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
557 data->nonce_s,
558 data->msk, data->emsk);
560 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
561 data->msk, data->emsk);
562 eap_sim_derive_keys_reauth(data->counter, sm->identity,
563 sm->identity_len, data->nonce_s,
564 data->mk, data->msk, data->emsk);
567 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
570 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
575 eap_aka_add_checkcode(data, msg);
584 return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
589 struct eap_aka_data *data,
595 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
597 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
598 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
600 if (data->use_result_ind) {
601 if (data->reauth) {
607 data->counter);
608 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
611 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
623 return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
629 struct eap_aka_data *data = priv;
631 data->auts_reported = 0;
632 switch (data->state) {
634 return eap_aka_build_identity(sm, data, id);
636 return eap_aka_build_challenge(sm, data, id);
638 return eap_aka_build_reauth(sm, data, id);
640 return eap_aka_build_notification(sm, data, id);
643 "buildReq", data->state);
653 struct eap_aka_data *data = priv;
657 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
668 static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
674 switch (data->state) {
706 "processing a response", data->state);
715 struct eap_aka_data *data)
724 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
725 eap_aka_state(data, NOTIFICATION);
729 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
734 if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
736 (data->eap_method == EAP_TYPE_AKA &&
738 data->identity_round == 1) {
745 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
747 (data->eap_method == EAP_TYPE_AKA &&
761 os_strlcpy(data->permanent, permanent,
762 sizeof(data->permanent));
763 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
765 (data->eap_method == EAP_TYPE_AKA &&
769 os_strlcpy(data->permanent, username, sizeof(data->permanent));
775 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
776 eap_aka_state(data, NOTIFICATION);
780 eap_aka_fullauth(sm, data);
784 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
789 res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
790 data->rand, data->autn, data->ik,
791 data->ck, data->res, &data->res_len, sm);
793 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
800 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
803 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
804 data->autn,
805 data->network_name,
806 data->network_name_len);
810 data->reauth = NULL;
811 data->counter = 0; /* reset re-auth counter since this is full auth */
815 "authentication data for the peer");
816 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
817 eap_aka_state(data, NOTIFICATION);
821 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
835 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
836 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
837 data->ck, data->k_encr, data->k_aut,
838 data->k_re, data->msk, data->emsk);
840 eap_aka_derive_mk(sm->identity, identity_len, data->ik,
841 data->ck, data->mk);
842 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
843 data->msk, data->emsk);
846 eap_aka_state(data, CHALLENGE);
851 struct eap_aka_data *data,
862 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
863 eap_aka_state(data, NOTIFICATION);
874 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
875 eap_aka_state(data, NOTIFICATION);
881 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
882 eap_aka_state(data, NOTIFICATION);
890 eap_aka_determine_identity(sm, data);
891 if (eap_get_id(respData) == data->pending_id) {
892 data->pending_id = -1;
893 eap_aka_add_id_msg(data, respData);
898 static int eap_aka_verify_mac(struct eap_aka_data *data,
903 if (data->eap_method == EAP_TYPE_AKA_PRIME)
904 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
906 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
911 struct eap_aka_data *data,
921 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
926 data->notification =
928 eap_aka_state(data, NOTIFICATION);
932 data->kdf = attr->kdf[0];
936 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
943 eap_aka_verify_checkcode(data, attr->checkcode,
947 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
948 eap_aka_state(data, NOTIFICATION);
952 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
955 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
956 eap_aka_state(data, NOTIFICATION);
964 if (attr->res == NULL || attr->res_len < data->res_len ||
965 attr->res_len_bits != data->res_len * 8 ||
966 os_memcmp(attr->res, data->res, data->res_len) != 0) {
972 (unsigned long) data->res_len * 8);
973 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
974 eap_aka_state(data, NOTIFICATION);
981 data->use_result_ind = 1;
982 data->notification = EAP_SIM_SUCCESS;
983 eap_aka_state(data, NOTIFICATION);
985 eap_aka_state(data, SUCCESS);
987 if (data->next_pseudonym) {
988 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
989 data->next_pseudonym);
990 data->next_pseudonym = NULL;
992 if (data->next_reauth_id) {
993 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
996 data->permanent,
997 data->next_reauth_id,
998 data->counter + 1,
999 data->k_encr, data->k_aut,
1000 data->k_re);
1004 data->permanent,
1005 data->next_reauth_id,
1006 data->counter + 1,
1007 data->mk);
1009 data->next_reauth_id = NULL;
1015 struct eap_aka_data *data,
1024 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1025 eap_aka_state(data, NOTIFICATION);
1032 if (!data->auts_reported &&
1033 eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent,
1034 attr->auts, data->rand)) {
1036 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1037 eap_aka_state(data, NOTIFICATION);
1040 data->auts_reported = 1;
1047 struct eap_aka_data *data,
1057 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
1066 "message did not include encrypted data");
1070 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1075 "data from reauthentication message");
1079 if (eattr.counter != data->counter) {
1082 eattr.counter, data->counter);
1095 eap_aka_fullauth(sm, data);
1100 data->use_result_ind = 1;
1101 data->notification = EAP_SIM_SUCCESS;
1102 eap_aka_state(data, NOTIFICATION);
1104 eap_aka_state(data, SUCCESS);
1106 if (data->next_reauth_id) {
1107 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1110 data->permanent,
1111 data->next_reauth_id,
1112 data->counter + 1,
1113 data->k_encr, data->k_aut,
1114 data->k_re);
1118 data->permanent,
1119 data->next_reauth_id,
1120 data->counter + 1,
1121 data->mk);
1123 data->next_reauth_id = NULL;
1125 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1126 data->reauth = NULL;
1132 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1133 eap_aka_state(data, NOTIFICATION);
1134 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1135 data->reauth = NULL;
1141 struct eap_aka_data *data,
1147 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1148 eap_aka_state(data, SUCCESS);
1150 eap_aka_state(data, FAILURE);
1155 struct eap_sm *sm, struct eap_aka_data *data,
1159 eap_aka_state(data, FAILURE);
1164 struct eap_aka_data *data,
1169 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1170 eap_aka_state(data, SUCCESS);
1172 eap_aka_state(data, FAILURE);
1179 struct eap_aka_data *data = priv;
1185 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
1194 if (eap_aka_subtype_ok(data, subtype)) {
1197 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1198 eap_aka_state(data, NOTIFICATION);
1203 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
1206 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1207 eap_aka_state(data, NOTIFICATION);
1212 eap_aka_process_client_error(sm, data, respData, &attr);
1217 eap_aka_process_authentication_reject(sm, data, respData,
1222 switch (data->state) {
1224 eap_aka_process_identity(sm, data, respData, &attr);
1228 eap_aka_process_sync_failure(sm, data, respData,
1231 eap_aka_process_challenge(sm, data, respData, &attr);
1235 eap_aka_process_reauth(sm, data, respData, &attr);
1238 eap_aka_process_notification(sm, data, respData, &attr);
1242 "process", data->state);
1250 struct eap_aka_data *data = priv;
1251 return data->state == SUCCESS || data->state == FAILURE;
1257 struct eap_aka_data *data = priv;
1260 if (data->state != SUCCESS)
1266 os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
1274 struct eap_aka_data *data = priv;
1277 if (data->state != SUCCESS)
1283 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
1291 struct eap_aka_data *data = priv;
1292 return data->state == SUCCESS;