73 static void eap_ikev2_state(struct eap_ikev2_data *data, int state)
76 		   eap_ikev2_state_txt(data->state),
78 	data->state = state;
84 	struct eap_ikev2_data *data;
86 	data = os_zalloc(sizeof(*data));
87 	if (data == NULL)
89 	data->state = MSG;
90 	data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
92 	data->ikev2.state = SA_INIT;
93 	data->ikev2.peer_auth = PEER_AUTH_SECRET;
94 	data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
95 	if (data->ikev2.key_pad == NULL)
97 	data->ikev2.key_pad_len = 21;
100 	data->ikev2.proposal.proposal_num = 1;
101 	data->ikev2.proposal.integ = AUTH_HMAC_SHA1_96;
102 	data->ikev2.proposal.prf = PRF_HMAC_SHA1;
103 	data->ikev2.proposal.encr = ENCR_AES_CBC;
104 	data->ikev2.proposal.dh = DH_GROUP2_1024BIT_MODP;
106 	data->ikev2.IDi = (u8 *) os_strdup("hostapd");
107 	data->ikev2.IDi_len = 7;
109 	data->ikev2.get_shared_secret = eap_ikev2_get_shared_secret;
110 	data->ikev2.cb_ctx = sm;
112 	return data;
115 	ikev2_initiator_deinit(&data->ikev2);
116 	os_free(data);
123 	struct eap_ikev2_data *data = priv;
124 	wpabuf_free(data->in_buf);
125 	wpabuf_free(data->out_buf);
126 	ikev2_initiator_deinit(&data->ikev2);
127 	os_free(data);
131 static struct wpabuf * eap_ikev2_build_msg(struct eap_ikev2_data *data, u8 id)
140 	send_len = wpabuf_len(data->out_buf) - data->out_used;
141 	if (1 + send_len > data->fragment_size) {
142 		send_len = data->fragment_size - 1;
144 		if (data->out_used == 0) {
153 	if (data->keys_ready) {
158 		integ = ikev2_get_integ(data->ikev2.proposal.integ);
175 		wpabuf_put_be32(req, wpabuf_len(data->out_buf));
177 	wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used,
179 	data->out_used += send_len;
184 		ikev2_integ_hash(data->ikev2.proposal.integ,
185 				 data->ikev2.keys.SK_ai,
186 				 data->ikev2.keys.SK_integ_len,
190 	if (data->out_used == wpabuf_len(data->out_buf)) {
194 		wpabuf_free(data->out_buf);
195 		data->out_buf = NULL;
196 		data->out_used = 0;
200 			   (unsigned long) wpabuf_len(data->out_buf) -
201 			   data->out_used);
202 		eap_ikev2_state(data, WAIT_FRAG_ACK);
211 	struct eap_ikev2_data *data = priv;
213 	switch (data->state) {
215 		if (data->out_buf == NULL) {
216 			data->out_buf = ikev2_initiator_build(&data->ikev2);
217 			if (data->out_buf == NULL) {
222 			data->out_used = 0;
226 		return eap_ikev2_build_msg(data, id);
231 			   "buildReq", data->state);
254 static int eap_ikev2_process_icv(struct eap_ikev2_data *data,
260 			data->ikev2.proposal.integ, &data->ikev2.keys, 0,
266 	} else if (data->keys_ready) {
276 static int eap_ikev2_process_cont(struct eap_ikev2_data *data,
280 	if (len > wpabuf_tailroom(data->in_buf)) {
282 		eap_ikev2_state(data, FAIL);
286 	wpabuf_put_data(data->in_buf, buf, len);
289 		   (unsigned long) wpabuf_tailroom(data->in_buf));
295 static int eap_ikev2_process_fragment(struct eap_ikev2_data *data,
300 	if (data->in_buf == NULL && !(flags & IKEV2_FLAGS_LENGTH_INCLUDED)) {
306 	if (data->in_buf == NULL) {
308 		data->in_buf = wpabuf_alloc(message_length);
309 		if (data->in_buf == NULL) {
314 		wpabuf_put_data(data->in_buf, buf, len);
318 			   (unsigned long) wpabuf_tailroom(data->in_buf));
325 static int eap_ikev2_server_keymat(struct eap_ikev2_data *data)
328 		    data->ikev2.proposal.prf, &data->ikev2.keys,
329 		    data->ikev2.i_nonce, data->ikev2.i_nonce_len,
330 		    data->ikev2.r_nonce, data->ikev2.r_nonce_len,
331 		    data->keymat) < 0) {
336 	data->keymat_ok = 1;
344 	struct eap_ikev2_data *data = priv;
365 	if (eap_ikev2_process_icv(data, respData, flags, pos, &end) < 0) {
366 		eap_ikev2_state(data, FAIL);
373 			eap_ikev2_state(data, FAIL);
383 			eap_ikev2_state(data, FAIL);
390 	if (data->state == WAIT_FRAG_ACK) {
394 			eap_ikev2_state(data, FAIL);
398 		eap_ikev2_state(data, MSG);
402 	if (data->in_buf && eap_ikev2_process_cont(data, pos, end - pos) < 0) {
403 		eap_ikev2_state(data, FAIL);
408 		if (eap_ikev2_process_fragment(data, flags, message_length,
410 			eap_ikev2_state(data, FAIL);
412 			eap_ikev2_state(data, FRAG_ACK);
414 	} else if (data->state == FRAG_ACK) {
416 		data->state = MSG;
419 	if (data->in_buf == NULL) {
422 		data->in_buf = &tmpbuf;
425 	if (ikev2_initiator_process(&data->ikev2, data->in_buf) < 0) {
426 		if (data->in_buf == &tmpbuf)
427 			data->in_buf = NULL;
428 		eap_ikev2_state(data, FAIL);
432 	switch (data->ikev2.state) {
436 		data->keys_ready = 1;
439 		if (data->state == FAIL)
443 		if (eap_ikev2_server_keymat(data))
445 		eap_ikev2_state(data, DONE);
451 	if (data->in_buf != &tmpbuf)
452 		wpabuf_free(data->in_buf);
453 	data->in_buf = NULL;
459 	struct eap_ikev2_data *data = priv;
460 	return data->state == DONE || data->state == FAIL;
466 	struct eap_ikev2_data *data = priv;
467 	return data->state == DONE && data->ikev2.state == IKEV2_DONE &&
468 		data->keymat_ok;
474 	struct eap_ikev2_data *data = priv;
477 	if (data->state != DONE || !data->keymat_ok)
482 		os_memcpy(key, data->keymat, EAP_MSK_LEN);
492 	struct eap_ikev2_data *data = priv;
495 	if (data->state != DONE || !data->keymat_ok)
500 		os_memcpy(key, data->keymat + EAP_MSK_LEN, EAP_EMSK_LEN);

Indexes created Tue Jun 11 21:59:41 MDT 2024