Lines Matching refs:data
77 struct eap_teap_data *data);
113 static void eap_teap_state(struct eap_teap_data *data, int state)
116 eap_teap_state_txt(data->state),
118 data->state = state;
122 static EapType eap_teap_req_failure(struct eap_teap_data *data,
125 eap_teap_state(data, FAILURE_SEND_RESULT);
135 struct eap_teap_data *data = ctx;
173 if (aes_unwrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr),
246 os_free(data->identity);
247 data->identity = os_malloc(identity_len);
248 if (data->identity) {
249 os_memcpy(data->identity, identity, identity_len);
250 data->identity_len = identity_len;
258 data->send_new_pac = 2;
267 } else if (lifetime - now.sec < data->pac_key_refresh_time) {
270 data->send_new_pac = 1;
283 struct eap_teap_data *data)
288 res = tls_connection_export_key(sm->ssl_ctx, data->ssl.conn,
290 data->simck_msk, EAP_TEAP_SIMCK_LEN);
295 data->simck_msk, EAP_TEAP_SIMCK_LEN);
296 os_memcpy(data->simck_emsk, data->simck_msk, EAP_TEAP_SIMCK_LEN);
297 data->simck_idx = 0;
302 static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data)
309 data->simck_idx + 1);
312 return eap_teap_derive_cmk_basic_pw_auth(data->simck_msk,
313 data->cmk_msk);
315 if (!data->phase2_method || !data->phase2_priv) {
320 if (data->phase2_method->getKey) {
321 msk = data->phase2_method->getKey(sm, data->phase2_priv,
330 if (data->phase2_method->get_emsk) {
331 emsk = data->phase2_method->get_emsk(sm, data->phase2_priv,
335 res = eap_teap_derive_imck(data->simck_msk, data->simck_emsk,
337 data->simck_msk, data->cmk_msk,
338 data->simck_emsk, data->cmk_emsk);
342 data->simck_idx++;
344 data->cmk_emsk_available = 1;
352 struct eap_teap_data *data;
354 data = os_zalloc(sizeof(*data));
355 if (!data)
357 data->teap_version = EAP_TEAP_VERSION;
358 data->state = START;
360 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TEAP)) {
362 eap_teap_reset(sm, data);
369 if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
371 data) < 0) {
374 eap_teap_reset(sm, data);
381 eap_teap_reset(sm, data);
384 os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
385 sizeof(data->pac_opaque_encr));
389 eap_teap_reset(sm, data);
392 data->srv_id = os_malloc(sm->eap_fast_a_id_len);
393 if (!data->srv_id) {
394 eap_teap_reset(sm, data);
397 os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
398 data->srv_id_len = sm->eap_fast_a_id_len;
402 eap_teap_reset(sm, data);
405 data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
406 if (!data->srv_id_info) {
407 eap_teap_reset(sm, data);
412 data->pac_key_lifetime = sm->pac_key_lifetime;
419 data->pac_key_refresh_time = sm->pac_key_refresh_time;
421 return data;
427 struct eap_teap_data *data = priv;
429 if (!data)
431 if (data->phase2_priv && data->phase2_method)
432 data->phase2_method->reset(sm, data->phase2_priv);
433 eap_server_tls_ssl_deinit(sm, &data->ssl);
434 os_free(data->srv_id);
435 os_free(data->srv_id_info);
436 wpabuf_free(data->pending_phase2_resp);
437 wpabuf_free(data->server_outer_tlvs);
438 wpabuf_free(data->peer_outer_tlvs);
439 os_free(data->identity);
440 forced_memzero(data->simck_msk, EAP_TEAP_SIMCK_LEN);
441 forced_memzero(data->simck_emsk, EAP_TEAP_SIMCK_LEN);
442 forced_memzero(data->cmk_msk, EAP_TEAP_CMK_LEN);
443 forced_memzero(data->cmk_emsk, EAP_TEAP_CMK_LEN);
444 forced_memzero(data->pac_opaque_encr, sizeof(data->pac_opaque_encr));
445 bin_clear_free(data, sizeof(*data));
450 struct eap_teap_data *data, u8 id)
453 size_t outer_tlv_len = sizeof(struct teap_tlv_hdr) + data->srv_id_len;
461 eap_teap_state(data, FAILURE);
466 data->teap_version);
473 data->srv_id, data->srv_id_len);
476 wpabuf_free(data->server_outer_tlvs);
477 data->server_outer_tlvs = wpabuf_alloc_copy(start, end - start);
478 if (!data->server_outer_tlvs) {
479 eap_teap_state(data, FAILURE);
483 eap_teap_state(data, PHASE1);
489 static int eap_teap_phase1_done(struct eap_sm *sm, struct eap_teap_data *data)
495 data->tls_cs = tls_connection_get_cipher_suite(data->ssl.conn);
497 data->tls_cs);
499 if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
503 eap_teap_state(data, FAILURE);
506 data->anon_provisioning = os_strstr(cipher, "ADH") != NULL;
508 if (data->anon_provisioning)
511 if (eap_teap_derive_key_auth(sm, data) < 0) {
512 eap_teap_state(data, FAILURE);
516 eap_teap_state(data, PHASE2_START);
523 struct eap_teap_data *data,
538 if (!data->phase2_priv) {
544 req = data->phase2_method->buildReq(sm, data->phase2_priv, id);
554 struct eap_sm *sm, struct eap_teap_data *data)
565 if (data->send_new_pac || data->anon_provisioning ||
566 data->phase2_method)
567 data->final_result = 0;
569 data->final_result = 1;
571 if (!data->final_result || data->eap_seq > 0) {
582 if (data->final_result) {
599 cb->received_version = data->peer_version;
602 flags = data->cmk_emsk_available ?
618 os_memcpy(data->crypto_binding_nonce, cb->nonce, sizeof(cb->nonce));
620 if (eap_teap_compound_mac(data->tls_cs, cb, data->server_outer_tlvs,
621 data->peer_outer_tlvs, data->cmk_msk,
627 if (data->cmk_emsk_available &&
628 eap_teap_compound_mac(data->tls_cs, cb, data->server_outer_tlvs,
629 data->peer_outer_tlvs, data->cmk_emsk,
650 struct eap_teap_data *data)
676 srv_id_info_len = os_strlen(data->srv_id_info);
685 data->pac_key_lifetime);
688 WPA_PUT_BE32(pos, now.sec + data->pac_key_lifetime);
711 if (aes_wrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr),
725 data->srv_id_len + srv_id_info_len + 100 + sizeof(*result);
758 wpabuf_put_be32(buf, now.sec + data->pac_key_lifetime);
761 eap_teap_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len);
771 eap_teap_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id_info,
788 struct eap_teap_data *data,
795 encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
801 if (data->ssl.tls_out && piggyback) {
803 "EAP-TEAP: Piggyback Phase 2 data (len=%d) with last Phase 1 Message (len=%d used=%d)",
805 (int) wpabuf_len(data->ssl.tls_out),
806 (int) data->ssl.tls_out_pos);
807 if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
813 wpabuf_put_buf(data->ssl.tls_out, encr);
816 wpabuf_free(data->ssl.tls_out);
817 data->ssl.tls_out_pos = 0;
818 data->ssl.tls_out = encr;
827 struct eap_teap_data *data = priv;
831 if (data->ssl.state == FRAG_ACK) {
833 data->teap_version);
836 if (data->ssl.state == WAIT_FRAG_ACK) {
837 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TEAP,
838 data->teap_version, id);
841 switch (data->state) {
843 return eap_teap_build_start(sm, data, id);
845 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
846 if (eap_teap_phase1_done(sm, data) < 0)
848 if (data->state == PHASE2_START) {
852 * Try to generate Phase 2 data to piggyback
858 res = eap_teap_process_phase2_start(sm, data);
861 sm, data);
868 req = eap_teap_build_phase2_req(sm, data, id);
876 req = eap_teap_build_phase2_req(sm, data, id);
879 req = eap_teap_build_crypto_binding(sm, data);
880 if (data->phase2_method) {
888 eap = eap_teap_build_phase2_req(sm, data, id);
890 eap_teap_state(data, PHASE2_METHOD);
894 req = eap_teap_build_pac(sm, data);
898 if (data->error_code)
900 req, eap_teap_tlv_error(data->error_code));
904 __func__, data->state);
908 if (req && eap_teap_encrypt_phase2(sm, data, req, piggyback) < 0)
911 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TEAP,
912 data->teap_version, id);
932 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
935 if (data->phase2_priv && data->phase2_method) {
936 data->phase2_method->reset(sm, data->phase2_priv);
937 data->phase2_method = NULL;
938 data->phase2_priv = NULL;
940 data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF,
942 if (!data->phase2_method)
946 data->phase2_priv = data->phase2_method->init(sm);
949 return data->phase2_priv ? 0 : -1;
954 struct eap_teap_data *data,
962 const struct eap_method *m = data->phase2_method;
963 void *priv = data->phase2_priv;
985 next_type = eap_teap_req_failure(data, 0);
986 eap_teap_phase2_init(sm, data, next_type);
999 next_type = eap_teap_req_failure(data, 0);
1001 eap_teap_phase2_init(sm, data, next_type);
1010 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD);
1021 next_type = eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD);
1022 eap_teap_phase2_init(sm, data, next_type);
1026 switch (data->state) {
1033 data, TEAP_ERROR_INNER_METHOD);
1037 eap_teap_state(data, PHASE2_METHOD);
1038 if (data->anon_provisioning) {
1052 eap_teap_update_icmk(sm, data);
1053 eap_teap_state(data, CRYPTO_BINDING);
1054 data->eap_seq++;
1057 if (sm->tnc && !data->tnc_started) {
1060 data->tnc_started = 1;
1068 __func__, data->state);
1072 eap_teap_phase2_init(sm, data, next_type);
1077 struct eap_teap_data *data,
1088 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD);
1096 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD);
1105 eap_teap_process_phase2_response(sm, data, (u8 *) hdr, len);
1117 struct eap_teap_data *data,
1129 eap_teap_req_failure(data, 0);
1136 eap_teap_req_failure(data, 0);
1148 eap_teap_req_failure(data, 0);
1155 eap_teap_req_failure(data, 0);
1168 eap_teap_req_failure(data, 0);
1175 eap_teap_req_failure(data, 0);
1182 eap_teap_req_failure(data, 0);
1189 eap_teap_req_failure(data, 0);
1200 eap_teap_state(data, CRYPTO_BINDING);
1201 eap_teap_update_icmk(sm, data);
1205 static int eap_teap_parse_tlvs(struct wpabuf *data,
1215 pos = wpabuf_mhead(data);
1216 end = pos + wpabuf_len(data);
1258 struct eap_teap_data *data, const struct teap_tlv_crypto_binding *cb,
1277 cb->received_version != data->peer_version) {
1298 if (os_memcmp_const(data->crypto_binding_nonce, cb->nonce,
1300 (data->crypto_binding_nonce[EAP_TEAP_NONCE_LEN - 1] | 1) !=
1311 if (eap_teap_compound_mac(data->tls_cs, cb,
1312 data->server_outer_tlvs,
1313 data->peer_outer_tlvs, data->cmk_msk,
1330 data->cmk_emsk_available) {
1333 if (eap_teap_compound_mac(data->tls_cs, cb,
1334 data->server_outer_tlvs,
1335 data->peer_outer_tlvs, data->cmk_emsk,
1351 !data->cmk_emsk_available) {
1377 struct eap_teap_data *data,
1381 int check_crypto_binding = data->state == CRYPTO_BINDING;
1391 eap_teap_state(data, FAILURE);
1399 eap_teap_state(data, FAILURE_SEND_RESULT);
1403 if (data->state == REQUEST_PAC) {
1409 eap_teap_state(data, FAILURE);
1421 eap_teap_state(data, FAILURE);
1427 eap_teap_state(data, SUCCESS);
1435 eap_teap_state(data, FAILURE);
1439 if (data->final_result &&
1443 eap_teap_state(data, FAILURE);
1447 if (!data->final_result &&
1451 eap_teap_state(data, FAILURE);
1455 if (eap_teap_validate_crypto_binding(data, tlv.crypto_binding,
1457 eap_teap_state(data, FAILURE);
1463 if (data->final_result) {
1468 if (data->anon_provisioning &&
1473 eap_teap_state(data, FAILURE);
1484 eap_teap_state(data, FAILURE);
1488 if (data->anon_provisioning ||
1494 eap_teap_state(data, REQUEST_PAC);
1495 } else if (data->send_new_pac) {
1498 eap_teap_state(data, REQUEST_PAC);
1499 } else if (data->final_result)
1500 eap_teap_state(data, SUCCESS);
1507 eap_teap_state(data, FAILURE);
1510 eap_teap_process_basic_auth_resp(sm, data, tlv.basic_auth_resp,
1518 eap_teap_state(data, FAILURE);
1521 eap_teap_process_phase2_eap(sm, data, tlv.eap_payload_tlv,
1528 struct eap_teap_data *data,
1534 "EAP-TEAP: Received %lu bytes encrypted data for Phase 2",
1537 if (data->pending_phase2_resp) {
1539 "EAP-TEAP: Pending Phase 2 response - skip decryption and use old data");
1540 eap_teap_process_phase2_tlvs(sm, data,
1541 data->pending_phase2_resp);
1542 wpabuf_free(data->pending_phase2_resp);
1543 data->pending_phase2_resp = NULL;
1547 in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1551 "EAP-TEAP: Failed to decrypt Phase 2 data");
1552 eap_teap_state(data, FAILURE);
1559 eap_teap_process_phase2_tlvs(sm, data, in_decrypted);
1564 wpabuf_free(data->pending_phase2_resp);
1565 data->pending_phase2_resp = in_decrypted;
1576 struct eap_teap_data *data = priv;
1586 if (peer_version < data->teap_version) {
1589 peer_version, data->teap_version, peer_version);
1590 data->teap_version = peer_version;
1593 data->peer_version = peer_version;
1600 struct eap_teap_data *data)
1602 if (eap_server_tls_phase1(sm, &data->ssl) < 0) {
1604 eap_teap_state(data, FAILURE);
1608 if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
1609 wpabuf_len(data->ssl.tls_out) > 0)
1618 return eap_teap_phase1_done(sm, data);
1623 struct eap_teap_data *data)
1627 if (data->identity) {
1630 sm->identity = data->identity;
1631 data->identity = NULL;
1632 sm->identity_len = data->identity_len;
1633 data->identity_len = 0;
1639 eap_teap_state(data, PHASE2_METHOD);
1646 eap_teap_derive_cmk_basic_pw_auth(data->simck_msk,
1647 data->cmk_msk);
1648 eap_teap_state(data, CRYPTO_BINDING);
1651 eap_teap_state(data, PHASE2_BASIC_AUTH);
1658 eap_teap_state(data, PHASE2_METHOD);
1662 eap_teap_state(data, PHASE2_BASIC_AUTH);
1665 eap_teap_state(data, PHASE2_ID);
1669 return eap_teap_phase2_init(sm, data, next_type);
1676 struct eap_teap_data *data = priv;
1678 switch (data->state) {
1681 if (eap_teap_process_phase1(sm, data))
1686 eap_teap_process_phase2_start(sm, data);
1693 eap_teap_process_phase2(sm, data, data->ssl.tls_in);
1700 eap_teap_state(data, FAILURE);
1704 data->state, __func__);
1713 struct eap_teap_data *data = priv;
1732 if (data->state != PHASE1) {
1802 wpabuf_free(data->peer_outer_tlvs);
1803 data->peer_outer_tlvs = wpabuf_alloc_copy(pos, outer_tlv_len);
1804 if (!data->peer_outer_tlvs)
1807 data->peer_outer_tlvs);
1821 if (data->state == PHASE1)
1822 eap_teap_state(data, PHASE1B);
1824 if (eap_server_tls_process(sm, &data->ssl, resp, data,
1827 eap_teap_state(data, FAILURE);
1836 struct eap_teap_data *data = priv;
1838 return data->state == SUCCESS || data->state == FAILURE;
1844 struct eap_teap_data *data = priv;
1847 if (data->state != SUCCESS)
1856 if (eap_teap_derive_eap_msk(data->simck_msk, eapKeyData) < 0) {
1868 struct eap_teap_data *data = priv;
1871 if (data->state != SUCCESS)
1880 if (eap_teap_derive_eap_emsk(data->simck_msk, eapKeyData) < 0) {
1892 struct eap_teap_data *data = priv;
1894 return data->state == SUCCESS;
1900 struct eap_teap_data *data = priv;
1905 if (data->state != SUCCESS)
1913 res = tls_get_tls_unique(data->ssl.conn, id + 1, max_id_len - 1);