Lines Matching refs:data
73 static void eap_peap_parse_phase1(struct eap_peap_data *data,
80 data->force_peap_version = atoi(pos + 8);
81 data->peap_version = data->force_peap_version;
83 data->force_peap_version);
87 data->force_new_label = 1;
93 data->peap_outer_success = 0;
97 data->peap_outer_success = 1;
101 data->peap_outer_success = 2;
107 data->crypto_binding = NO_BINDING;
110 data->crypto_binding = OPTIONAL_BINDING;
113 data->crypto_binding = REQUIRE_BINDING;
119 data->soh = 2;
122 data->soh = 1;
125 data->soh = 2;
134 struct eap_peap_data *data;
137 data = os_zalloc(sizeof(*data));
138 if (data == NULL)
141 data->peap_version = EAP_PEAP_VERSION;
142 data->force_peap_version = -1;
143 data->peap_outer_success = 2;
144 data->crypto_binding = OPTIONAL_BINDING;
147 eap_peap_parse_phase1(data, config->phase1);
150 &data->phase2_types,
151 &data->num_phase2_types) < 0) {
152 eap_peap_deinit(sm, data);
156 data->phase2_type.vendor = EAP_VENDOR_IETF;
157 data->phase2_type.method = EAP_TYPE_NONE;
159 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_PEAP)) {
161 eap_peap_deinit(sm, data);
165 return data;
169 static void eap_peap_free_key(struct eap_peap_data *data)
171 if (data->key_data) {
172 bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
173 data->key_data = NULL;
180 struct eap_peap_data *data = priv;
181 if (data == NULL)
183 if (data->phase2_priv && data->phase2_method)
184 data->phase2_method->deinit(sm, data->phase2_priv);
185 os_free(data->phase2_types);
186 eap_peer_tls_ssl_deinit(sm, &data->ssl);
187 eap_peap_free_key(data);
188 os_free(data->session_id);
189 wpabuf_clear_free(data->pending_phase2_req);
190 wpabuf_clear_free(data->pending_resp);
191 bin_clear_free(data, sizeof(*data));
223 static int eap_peap_get_isk(struct eap_sm *sm, struct eap_peap_data *data,
230 if (data->phase2_method == NULL || data->phase2_priv == NULL ||
231 data->phase2_method->isKeyAvailable == NULL ||
232 data->phase2_method->getKey == NULL)
235 if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) ||
236 (key = data->phase2_method->getKey(sm, data->phase2_priv,
252 static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
262 tk = data->key_data;
267 resumed = tls_connection_resumed(sm->ssl_ctx, data->ssl.conn);
270 data->reauth, resumed, data->phase2_eap_started,
271 data->phase2_success);
272 if (data->reauth && !data->phase2_eap_started && resumed) {
274 os_memcpy(data->ipmk, tk, 40);
276 data->ipmk, 40);
277 os_memcpy(data->cmk, tk + 40, 20);
279 data->cmk, 20);
283 if (eap_peap_get_isk(sm, data, isk, sizeof(isk)) < 0)
295 res = peap_prfplus(data->peap_version, tk, 40,
304 os_memcpy(data->ipmk, imck, 40);
305 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
306 os_memcpy(data->cmk, imck + 40, 20);
307 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
315 struct eap_peap_data *data,
335 wpabuf_put_u8(buf, data->peap_version); /* Version */
336 wpabuf_put_u8(buf, data->peap_version); /* RecvVersion */
338 wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */
340 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", data->cmk, 20);
341 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1",
343 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
345 if (hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac) < 0)
348 data->crypto_binding_used = 1;
364 struct eap_peap_data *data,
371 if (data->crypto_binding == NO_BINDING)
387 if (crypto_tlv_used && eap_tlv_add_cryptobinding(sm, data, msg)) {
397 struct eap_peap_data *data,
404 if (eap_peap_derive_cmk(sm, data) < 0) {
417 if (pos[1] != data->peap_version) {
420 pos[1], data->peap_version);
430 os_memcpy(data->binding_nonce, pos, 32);
437 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Compound_MAC data",
439 hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
471 static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
535 if (crypto_tlv && data->crypto_binding != NO_BINDING) {
538 if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
547 } else if (!crypto_tlv && data->crypto_binding == REQUIRE_BINDING) {
587 *resp = eap_tlv_build_result(sm, data, crypto_tlv != NULL,
596 struct eap_peap_data *data,
620 if (eap_tlv_process(sm, data, &iret, req, resp,
621 data->phase2_eap_started &&
622 !data->phase2_eap_success)) {
631 data->phase2_success = 1;
636 if (data->soh) {
646 buf = tncc_process_soh_request(data->soh,
669 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
670 data->phase2_type.method == EAP_TYPE_NONE) {
672 for (i = 0; i < data->num_phase2_types; i++) {
673 if (data->phase2_types[i].vendor !=
675 data->phase2_types[i].method != *pos)
678 data->phase2_type.vendor =
679 data->phase2_types[i].vendor;
680 data->phase2_type.method =
681 data->phase2_types[i].method;
684 data->phase2_type.vendor,
685 data->phase2_type.method);
689 if (*pos != data->phase2_type.method ||
691 if (eap_peer_tls_phase2_nak(data->phase2_types,
692 data->num_phase2_types,
698 if (data->phase2_priv == NULL) {
699 data->phase2_method = eap_peer_get_eap_method(
700 data->phase2_type.vendor,
701 data->phase2_type.method);
702 if (data->phase2_method) {
704 data->phase2_priv =
705 data->phase2_method->init(sm);
709 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
716 data->phase2_eap_started = 1;
718 *resp = data->phase2_method->process(sm, data->phase2_priv,
724 data->phase2_eap_success = 1;
725 data->phase2_success = 1;
734 wpabuf_clear_free(data->pending_phase2_req);
735 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
742 static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
754 wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
757 if (data->pending_phase2_req) {
759 "skip decryption and use old data");
761 eap_peer_tls_reset_input(&data->ssl);
762 in_decrypted = data->pending_phase2_req;
763 data->pending_phase2_req = NULL;
769 data->phase2_success) {
775 "expected data - acknowledge with TLS ACK since "
782 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
783 data->peap_version,
787 res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
808 if (data->peap_version == 0 && !skip_change) {
846 "shorter length than full decrypted data "
856 if (eap_peap_phase2_request(sm, data, ret, in_decrypted,
866 if (data->peap_version == 1) {
870 if (data->phase2_eap_started &&
871 !data->phase2_eap_success) {
886 data->phase2_success = 1;
887 if (data->peap_outer_success == 2) {
892 } else if (data->peap_outer_success == 1) {
941 "EAP-PEAP: Encrypting Phase 2 data", resp);
948 if (data->peap_version == 0 && !skip_change2) {
955 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
956 data->peap_version, req->identifier,
978 struct eap_peap_data *data = priv;
981 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
991 data->peap_version);
992 if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version)
993 data->peap_version = flags & EAP_TLS_VERSION_MASK;
994 if (data->force_peap_version >= 0 &&
995 data->force_peap_version != data->peap_version) {
998 data->force_peap_version);
1005 data->peap_version);
1013 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1014 !data->resuming) {
1015 res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
1017 if (sm->waiting_ext_cert_check && data->pending_resp) {
1024 resp = data->pending_resp;
1025 data->pending_resp = NULL;
1045 res = eap_peer_tls_process_helper(sm, &data->ssl,
1047 data->peap_version, id, &msg,
1062 wpabuf_clear_free(data->pending_resp);
1063 data->pending_resp = resp;
1067 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1071 eap_peap_free_key(data);
1079 if (data->force_new_label)
1085 data->key_data =
1086 eap_peer_tls_derive_key(sm, &data->ssl, label,
1090 if (data->key_data) {
1093 data->key_data,
1097 data->key_data +
1105 os_free(data->session_id);
1106 data->session_id =
1107 eap_peer_tls_derive_session_id(sm, &data->ssl,
1109 &data->id_len);
1110 if (data->session_id) {
1113 data->session_id, data->id_len);
1119 if (sm->workaround && data->resuming) {
1134 data->phase2_success = 1;
1137 data->resuming = 0;
1142 * Application data included in the handshake message.
1144 wpabuf_clear_free(data->pending_phase2_req);
1145 data->pending_phase2_req = resp;
1147 res = eap_peap_decrypt(sm, data, ret, req, &msg,
1159 data->peap_version);
1168 struct eap_peap_data *data = priv;
1169 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1170 data->phase2_success;
1176 struct eap_peap_data *data = priv;
1178 if (data->phase2_priv && data->phase2_method &&
1179 data->phase2_method->deinit_for_reauth)
1180 data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
1181 wpabuf_clear_free(data->pending_phase2_req);
1182 data->pending_phase2_req = NULL;
1183 wpabuf_clear_free(data->pending_resp);
1184 data->pending_resp = NULL;
1185 data->crypto_binding_used = 0;
1191 struct eap_peap_data *data = priv;
1192 eap_peap_free_key(data);
1193 os_free(data->session_id);
1194 data->session_id = NULL;
1195 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1196 os_free(data);
1199 if (data->phase2_priv && data->phase2_method &&
1200 data->phase2_method->init_for_reauth)
1201 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1202 data->phase2_success = 0;
1203 data->phase2_eap_success = 0;
1204 data->phase2_eap_started = 0;
1205 data->resuming = 1;
1206 data->reauth = 1;
1215 struct eap_peap_data *data = priv;
1218 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
1219 if (data->phase2_method) {
1222 data->peap_version,
1223 data->phase2_method->name);
1234 struct eap_peap_data *data = priv;
1235 return data->key_data != NULL && data->phase2_success;
1241 struct eap_peap_data *data = priv;
1244 if (data->key_data == NULL || !data->phase2_success)
1253 if (data->crypto_binding_used) {
1260 if (peap_prfplus(data->peap_version, data->ipmk, 40,
1272 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
1280 struct eap_peap_data *data = priv;
1283 if (!data->key_data || !data->phase2_success)
1286 if (data->crypto_binding_used) {
1291 key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
1303 struct eap_peap_data *data = priv;
1306 if (data->session_id == NULL || !data->phase2_success)
1309 id = os_memdup(data->session_id, data->id_len);
1313 *len = data->id_len;