Lines Matching defs:sm
22 static void eap_fast_reset(struct eap_sm *sm, void *priv);
71 static int eap_fast_process_phase2_start(struct eap_sm *sm,
111 static EapType eap_fast_req_failure(struct eap_sm *sm,
272 static void eap_fast_derive_key_auth(struct eap_sm *sm,
281 sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
302 static void eap_fast_derive_key_provisioning(struct eap_sm *sm,
307 eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
333 static int eap_fast_get_phase2_key(struct eap_sm *sm,
351 if ((key = data->phase2_method->getKey(sm, data->phase2_priv,
378 static int eap_fast_update_icmk(struct eap_sm *sm, struct eap_fast_data *data)
393 if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0)
411 static void * eap_fast_init(struct eap_sm *sm)
429 if (sm->user && sm->user->force_version >= 0) {
430 data->force_version = sm->user->force_version;
437 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_FAST)) {
439 eap_fast_reset(sm, data);
443 if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,
447 eap_fast_reset(sm, data);
451 if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
456 eap_fast_reset(sm, data);
460 if (sm->pac_opaque_encr_key == NULL) {
463 eap_fast_reset(sm, data);
466 os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
469 if (sm->eap_fast_a_id == NULL) {
471 eap_fast_reset(sm, data);
474 data->srv_id = os_memdup(sm->eap_fast_a_id, sm->eap_fast_a_id_len);
476 eap_fast_reset(sm, data);
479 data->srv_id_len = sm->eap_fast_a_id_len;
481 if (sm->eap_fast_a_id_info == NULL) {
483 eap_fast_reset(sm, data);
486 data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
488 eap_fast_reset(sm, data);
493 data->pac_key_lifetime = sm->pac_key_lifetime;
500 data->pac_key_refresh_time = sm->pac_key_refresh_time;
506 static void eap_fast_reset(struct eap_sm *sm, void *priv)
512 data->phase2_method->reset(sm, data->phase2_priv);
513 eap_server_tls_ssl_deinit(sm, &data->ssl);
523 static struct wpabuf * eap_fast_build_start(struct eap_sm *sm,
549 static int eap_fast_phase1_done(struct eap_sm *sm, struct eap_fast_data *data)
555 if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
566 eap_fast_derive_key_provisioning(sm, data);
568 eap_fast_derive_key_auth(sm, data);
576 static struct wpabuf * eap_fast_build_phase2_req(struct eap_sm *sm,
587 req = data->phase2_method->buildReq(sm, data->phase2_priv, id);
597 struct eap_sm *sm, struct eap_fast_data *data)
682 static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
702 (2 + sm->identity_len) + 8;
720 if (sm->identity) {
722 *pos++ = sm->identity_len;
723 os_memcpy(pos, sm->identity, sm->identity_len);
724 pos += sm->identity_len;
794 if (sm->identity) {
795 eap_fast_put_tlv(buf, PAC_TYPE_I_ID, sm->identity,
796 sm->identity_len);
816 static int eap_fast_encrypt_phase2(struct eap_sm *sm,
824 encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
855 static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id)
873 return eap_fast_build_start(sm, data, id);
875 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
876 if (eap_fast_phase1_done(sm, data) < 0)
886 if (eap_fast_process_phase2_start(sm, data))
888 req = eap_fast_build_phase2_req(sm, data, id);
895 req = eap_fast_build_phase2_req(sm, data, id);
898 req = eap_fast_build_crypto_binding(sm, data);
906 eap = eap_fast_build_phase2_req(sm, data, id);
912 req = eap_fast_build_pac(sm, data);
921 eap_fast_encrypt_phase2(sm, data, req, piggyback) < 0)
929 static Boolean eap_fast_check(struct eap_sm *sm, void *priv,
945 static int eap_fast_phase2_init(struct eap_sm *sm, struct eap_fast_data *data,
949 data->phase2_method->reset(sm, data->phase2_priv);
959 sm->auth_challenge = data->key_block_p->server_challenge;
960 sm->peer_challenge = data->key_block_p->client_challenge;
962 sm->init_phase2 = 1;
963 data->phase2_priv = data->phase2_method->init(sm);
964 sm->init_phase2 = 0;
965 sm->auth_challenge = NULL;
966 sm->peer_challenge = NULL;
972 static void eap_fast_process_phase2_response(struct eap_sm *sm,
1002 next_type = eap_fast_req_failure(sm, data);
1003 eap_fast_phase2_init(sm, data, next_type);
1007 eap_sm_process_nak(sm, pos + 1, left - 1);
1008 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1009 sm->user->methods[sm->user_eap_method_index].method !=
1011 next_type = sm->user->methods[
1012 sm->user_eap_method_index++].method;
1016 next_type = eap_fast_req_failure(sm, data);
1018 eap_fast_phase2_init(sm, data, next_type);
1024 if (m->check(sm, priv, &buf)) {
1027 eap_fast_req_failure(sm, data);
1031 m->process(sm, priv, &buf);
1033 if (!m->isDone(sm, priv))
1036 if (!m->isSuccess(sm, priv)) {
1038 next_type = eap_fast_req_failure(sm, data);
1039 eap_fast_phase2_init(sm, data, next_type);
1045 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1049 sm->identity, sm->identity_len);
1050 next_type = eap_fast_req_failure(sm, data);
1061 sm->user_eap_method_index = 0;
1063 next_type = sm->user->methods[0].method;
1064 sm->user_eap_method_index = 1;
1070 eap_fast_update_icmk(sm, data);
1075 if (sm->tnc && !data->tnc_started) {
1090 eap_fast_phase2_init(sm, data, next_type);
1094 static void eap_fast_process_phase2_eap(struct eap_sm *sm,
1105 eap_fast_req_failure(sm, data);
1113 eap_fast_req_failure(sm, data);
1121 eap_fast_process_phase2_response(sm, data, (u8 *) hdr, len);
1251 static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
1338 sm->eap_fast_prov != ANON_PROV &&
1339 sm->eap_fast_prov != BOTH_PROV) {
1347 if (sm->eap_fast_prov != AUTH_PROV &&
1348 sm->eap_fast_prov != BOTH_PROV &&
1375 eap_fast_process_phase2_eap(sm, data, tlv.eap_payload_tlv,
1381 static void eap_fast_process_phase2(struct eap_sm *sm,
1393 eap_fast_process_phase2_tlvs(sm, data,
1400 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1412 eap_fast_process_phase2_tlvs(sm, data, in_decrypted);
1414 if (sm->method_pending == METHOD_PENDING_WAIT) {
1426 static int eap_fast_process_version(struct eap_sm *sm, void *priv,
1451 static int eap_fast_process_phase1(struct eap_sm *sm,
1454 if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
1460 if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
1470 return eap_fast_phase1_done(sm, data);
1474 static int eap_fast_process_phase2_start(struct eap_sm *sm,
1480 os_free(sm->identity);
1481 sm->identity = data->identity;
1483 sm->identity_len = data->identity_len;
1485 sm->require_identity_match = 1;
1486 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
1490 sm->identity, sm->identity_len);
1491 next_type = eap_fast_req_failure(sm, data);
1495 next_type = sm->user->methods[0].method;
1496 sm->user_eap_method_index = 1;
1505 return eap_fast_phase2_init(sm, data, next_type);
1509 static void eap_fast_process_msg(struct eap_sm *sm, void *priv,
1516 if (eap_fast_process_phase1(sm, data))
1521 eap_fast_process_phase2_start(sm, data);
1527 eap_fast_process_phase2(sm, data, data->ssl.tls_in);
1537 static void eap_fast_process(struct eap_sm *sm, void *priv,
1541 if (eap_server_tls_process(sm, &data->ssl, respData, data,
1548 static Boolean eap_fast_isDone(struct eap_sm *sm, void *priv)
1555 static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
1577 static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1599 static Boolean eap_fast_isSuccess(struct eap_sm *sm, void *priv)
1606 static u8 * eap_fast_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1613 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_FAST,