Lines Matching refs:data
58 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data);
82 static void eap_aka_state(struct eap_aka_data *data, int state)
85 eap_aka_state_txt(data->state),
87 data->state = state;
92 struct eap_aka_data *data,
95 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
98 if (data->eap_method == EAP_TYPE_AKA &&
103 data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
105 if (data->reauth == NULL) {
113 os_strlcpy(data->permanent, data->reauth->permanent,
114 sizeof(data->permanent));
115 data->counter = data->reauth->counter;
116 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
117 os_memcpy(data->k_encr, data->reauth->k_encr,
119 os_memcpy(data->k_aut, data->reauth->k_aut,
121 os_memcpy(data->k_re, data->reauth->k_re,
124 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
127 eap_aka_state(data, REAUTH);
133 struct eap_aka_data *data)
143 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
152 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
154 (data->eap_method == EAP_TYPE_AKA &&
168 os_strlcpy(data->permanent, permanent,
169 sizeof(data->permanent));
174 eap_aka_fullauth(sm, data);
183 struct eap_aka_data *data;
190 data = os_zalloc(sizeof(*data));
191 if (data == NULL)
194 data->eap_method = EAP_TYPE_AKA;
196 data->state = IDENTITY;
197 data->pending_id = -1;
198 eap_aka_check_identity(sm, data);
200 return data;
207 struct eap_aka_data *data;
216 data = os_zalloc(sizeof(*data));
217 if (data == NULL)
220 data->eap_method = EAP_TYPE_AKA_PRIME;
221 data->network_name = (u8 *) os_strdup(network_name);
222 if (data->network_name == NULL) {
223 os_free(data);
227 data->network_name_len = os_strlen(network_name);
229 data->state = IDENTITY;
230 data->pending_id = -1;
231 eap_aka_check_identity(sm, data);
233 return data;
240 struct eap_aka_data *data = priv;
241 os_free(data->next_pseudonym);
242 os_free(data->next_reauth_id);
243 wpabuf_free(data->id_msgs);
244 os_free(data->network_name);
245 bin_clear_free(data, sizeof(*data));
249 static int eap_aka_add_id_msg(struct eap_aka_data *data,
255 if (data->id_msgs == NULL) {
256 data->id_msgs = wpabuf_dup(msg);
257 return data->id_msgs == NULL ? -1 : 0;
260 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
262 wpabuf_put_buf(data->id_msgs, msg);
268 static void eap_aka_add_checkcode(struct eap_aka_data *data,
277 if (data->id_msgs == NULL) {
287 addr = wpabuf_head(data->id_msgs);
288 len = wpabuf_len(data->id_msgs);
289 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
290 if (data->eap_method == EAP_TYPE_AKA_PRIME)
296 data->eap_method == EAP_TYPE_AKA_PRIME ?
301 static int eap_aka_verify_checkcode(struct eap_aka_data *data,
312 if (data->id_msgs == NULL) {
322 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
333 addr = wpabuf_head(data->id_msgs);
334 len = wpabuf_len(data->id_msgs);
335 if (data->eap_method == EAP_TYPE_AKA_PRIME)
350 struct eap_aka_data *data, u8 id)
356 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
358 data->identity_round++;
359 if (data->identity_round == 1) {
367 } else if (data->identity_round > 3) {
381 buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
382 if (eap_aka_add_id_msg(data, buf) < 0) {
386 data->pending_id = id;
391 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
395 os_free(data->next_pseudonym);
398 data->next_pseudonym = NULL;
400 data->next_pseudonym =
403 data->eap_method == EAP_TYPE_AKA_PRIME ?
407 data->next_pseudonym = NULL;
409 os_free(data->next_reauth_id);
412 data->next_reauth_id = NULL;
413 } else if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
414 data->next_reauth_id =
417 data->eap_method == EAP_TYPE_AKA_PRIME ?
422 data->next_reauth_id = NULL;
425 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
444 if (data->next_pseudonym) {
446 data->next_pseudonym);
448 os_strlen(data->next_pseudonym),
449 (u8 *) data->next_pseudonym,
450 os_strlen(data->next_pseudonym));
453 if (data->next_reauth_id) {
455 data->next_reauth_id);
457 os_strlen(data->next_reauth_id),
458 (u8 *) data->next_reauth_id,
459 os_strlen(data->next_reauth_id));
462 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
473 struct eap_aka_data *data,
479 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
482 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN);
484 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN);
485 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
486 if (data->kdf) {
489 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf,
497 data->network_name_len,
498 data->network_name, data->network_name_len);
501 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) {
506 eap_aka_add_checkcode(data, msg);
514 if (data->eap_method == EAP_TYPE_AKA) {
544 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
549 struct eap_aka_data *data, u8 id)
556 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
559 data->nonce_s, EAP_SIM_NONCE_S_LEN);
561 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
562 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
565 data->nonce_s,
566 data->msk, data->emsk);
568 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
569 data->msk, data->emsk);
570 eap_sim_derive_keys_reauth(data->counter, sm->identity,
571 sm->identity_len, data->nonce_s,
572 data->mk, data->msk, data->emsk);
575 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
578 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
583 eap_aka_add_checkcode(data, msg);
592 buf = eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
597 os_memcpy(data->reauth_mac,
606 struct eap_aka_data *data,
612 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
614 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
615 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
617 if (data->use_result_ind) {
618 if (data->reauth) {
624 data->counter);
625 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
628 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
640 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
646 struct eap_aka_data *data = priv;
648 data->auts_reported = 0;
649 switch (data->state) {
651 return eap_aka_build_identity(sm, data, id);
653 return eap_aka_build_challenge(sm, data, id);
655 return eap_aka_build_reauth(sm, data, id);
657 return eap_aka_build_notification(sm, data, id);
660 "buildReq", data->state);
670 struct eap_aka_data *data = priv;
674 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
685 static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
691 switch (data->state) {
723 "processing a response", data->state);
732 struct eap_aka_data *data)
741 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
742 eap_aka_state(data, NOTIFICATION);
746 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
751 if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
753 (data->eap_method == EAP_TYPE_AKA &&
755 data->identity_round == 1) {
762 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
764 (data->eap_method == EAP_TYPE_AKA &&
778 os_strlcpy(data->permanent, permanent,
779 sizeof(data->permanent));
780 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
782 (data->eap_method == EAP_TYPE_AKA &&
786 os_strlcpy(data->permanent, username, sizeof(data->permanent));
792 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
793 eap_aka_state(data, NOTIFICATION);
797 eap_aka_fullauth(sm, data);
801 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
806 res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
807 data->rand, data->autn, data->ik,
808 data->ck, data->res, &data->res_len, sm);
810 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
816 if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
817 data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
818 os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
821 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
824 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
825 data->autn,
826 data->network_name,
827 data->network_name_len);
831 data->reauth = NULL;
832 data->counter = 0; /* reset re-auth counter since this is full auth */
836 "authentication data for the peer");
837 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
838 eap_aka_state(data, NOTIFICATION);
842 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
856 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
857 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
858 data->ck, data->k_encr, data->k_aut,
859 data->k_re, data->msk, data->emsk);
861 eap_aka_derive_mk(sm->identity, identity_len, data->ik,
862 data->ck, data->mk);
863 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
864 data->msk, data->emsk);
867 eap_aka_state(data, CHALLENGE);
872 struct eap_aka_data *data,
883 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
884 eap_aka_state(data, NOTIFICATION);
895 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
896 eap_aka_state(data, NOTIFICATION);
902 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
903 eap_aka_state(data, NOTIFICATION);
911 eap_aka_determine_identity(sm, data);
912 if (eap_get_id(respData) == data->pending_id) {
913 data->pending_id = -1;
914 eap_aka_add_id_msg(data, respData);
919 static int eap_aka_verify_mac(struct eap_aka_data *data,
924 if (data->eap_method == EAP_TYPE_AKA_PRIME)
925 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
927 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
932 struct eap_aka_data *data,
942 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
947 data->notification =
949 eap_aka_state(data, NOTIFICATION);
953 data->kdf = attr->kdf[0];
957 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
964 eap_aka_verify_checkcode(data, attr->checkcode,
968 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
969 eap_aka_state(data, NOTIFICATION);
973 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
976 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
977 eap_aka_state(data, NOTIFICATION);
985 if (attr->res == NULL || attr->res_len < data->res_len ||
986 attr->res_len_bits != data->res_len * 8 ||
987 os_memcmp_const(attr->res, data->res, data->res_len) != 0) {
993 (unsigned long) data->res_len * 8);
994 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
995 eap_aka_state(data, NOTIFICATION);
1002 data->use_result_ind = 1;
1003 data->notification = EAP_SIM_SUCCESS;
1004 eap_aka_state(data, NOTIFICATION);
1006 eap_aka_state(data, SUCCESS);
1008 if (data->next_pseudonym) {
1009 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
1010 data->next_pseudonym);
1011 data->next_pseudonym = NULL;
1013 if (data->next_reauth_id) {
1014 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1017 data->permanent,
1018 data->next_reauth_id,
1019 data->counter + 1,
1020 data->k_encr, data->k_aut,
1021 data->k_re);
1025 data->permanent,
1026 data->next_reauth_id,
1027 data->counter + 1,
1028 data->mk);
1030 data->next_reauth_id = NULL;
1036 struct eap_aka_data *data,
1045 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1046 eap_aka_state(data, NOTIFICATION);
1053 if (!data->auts_reported &&
1054 eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent,
1055 attr->auts, data->rand)) {
1057 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1058 eap_aka_state(data, NOTIFICATION);
1061 data->auts_reported = 1;
1064 eap_aka_fullauth(sm, data);
1069 struct eap_aka_data *data,
1079 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
1088 "message did not include encrypted data");
1092 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1097 "data from reauthentication message");
1101 if (eattr.counter != data->counter) {
1104 eattr.counter, data->counter);
1117 eap_aka_fullauth(sm, data);
1122 data->use_result_ind = 1;
1123 data->notification = EAP_SIM_SUCCESS;
1124 eap_aka_state(data, NOTIFICATION);
1126 eap_aka_state(data, SUCCESS);
1128 if (data->next_reauth_id) {
1129 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1132 data->permanent,
1133 data->next_reauth_id,
1134 data->counter + 1,
1135 data->k_encr, data->k_aut,
1136 data->k_re);
1140 data->permanent,
1141 data->next_reauth_id,
1142 data->counter + 1,
1143 data->mk);
1145 data->next_reauth_id = NULL;
1147 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1148 data->reauth = NULL;
1154 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1155 eap_aka_state(data, NOTIFICATION);
1156 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1157 data->reauth = NULL;
1163 struct eap_aka_data *data,
1169 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1170 eap_aka_state(data, SUCCESS);
1172 eap_aka_state(data, FAILURE);
1177 struct eap_sm *sm, struct eap_aka_data *data,
1181 eap_aka_state(data, FAILURE);
1186 struct eap_aka_data *data,
1191 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1192 eap_aka_state(data, SUCCESS);
1194 eap_aka_state(data, FAILURE);
1201 struct eap_aka_data *data = priv;
1207 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
1216 if (eap_aka_subtype_ok(data, subtype)) {
1219 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1220 eap_aka_state(data, NOTIFICATION);
1225 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
1228 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1229 eap_aka_state(data, NOTIFICATION);
1234 eap_aka_process_client_error(sm, data, respData, &attr);
1239 eap_aka_process_authentication_reject(sm, data, respData,
1244 switch (data->state) {
1246 eap_aka_process_identity(sm, data, respData, &attr);
1250 eap_aka_process_sync_failure(sm, data, respData,
1253 eap_aka_process_challenge(sm, data, respData, &attr);
1257 eap_aka_process_reauth(sm, data, respData, &attr);
1260 eap_aka_process_notification(sm, data, respData, &attr);
1264 "process", data->state);
1272 struct eap_aka_data *data = priv;
1273 return data->state == SUCCESS || data->state == FAILURE;
1279 struct eap_aka_data *data = priv;
1282 if (data->state != SUCCESS)
1285 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN);
1295 struct eap_aka_data *data = priv;
1298 if (data->state != SUCCESS)
1301 key = os_memdup(data->emsk, EAP_EMSK_LEN);
1311 struct eap_aka_data *data = priv;
1312 return data->state == SUCCESS;
1318 struct eap_aka_data *data = priv;
1321 if (data->state != SUCCESS)
1324 if (!data->reauth)
1332 id[0] = data->eap_method;
1333 if (!data->reauth) {
1334 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN);
1335 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn,
1338 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN);
1339 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac,