Lines Matching full:data
85 static void eap_aka_state(struct eap_aka_data *data, int state) in eap_aka_state() argument
88 eap_aka_state_txt(data->state), in eap_aka_state()
90 data->state = state; in eap_aka_state()
96 struct eap_aka_data *data; in eap_aka_init() local
100 data = os_zalloc(sizeof(*data)); in eap_aka_init()
101 if (data == NULL) in eap_aka_init()
104 data->eap_method = EAP_TYPE_AKA; in eap_aka_init()
108 data->imsi_privacy_key = crypto_rsa_key_read( in eap_aka_init()
110 if (!data->imsi_privacy_key) { in eap_aka_init()
114 os_free(data); in eap_aka_init()
120 os_free(data); in eap_aka_init()
126 data->error_code = NO_EAP_METHOD_ERROR; in eap_aka_init()
128 eap_aka_state(data, CONTINUE); in eap_aka_init()
129 data->prev_id = -1; in eap_aka_init()
131 data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL; in eap_aka_init()
133 data->use_pseudonym = !sm->init_phase2; in eap_aka_init()
134 if (config && config->anonymous_identity && data->use_pseudonym) { in eap_aka_init()
135 data->pseudonym = os_malloc(config->anonymous_identity_len); in eap_aka_init()
136 if (data->pseudonym) { in eap_aka_init()
137 os_memcpy(data->pseudonym, config->anonymous_identity, in eap_aka_init()
139 data->pseudonym_len = config->anonymous_identity_len; in eap_aka_init()
146 data->mk_identity = os_memdup(sm->identity, sm->identity_len); in eap_aka_init()
147 data->mk_identity_len = sm->identity_len; in eap_aka_init()
150 return data; in eap_aka_init()
157 struct eap_aka_data *data = eap_aka_init(sm); in eap_aka_prime_init() local
158 if (data == NULL) in eap_aka_prime_init()
160 data->eap_method = EAP_TYPE_AKA_PRIME; in eap_aka_prime_init()
161 return data; in eap_aka_prime_init()
166 static void eap_aka_clear_keys(struct eap_aka_data *data, int reauth) in eap_aka_clear_keys() argument
169 os_memset(data->mk, 0, EAP_SIM_MK_LEN); in eap_aka_clear_keys()
170 os_memset(data->k_aut, 0, EAP_AKA_PRIME_K_AUT_LEN); in eap_aka_clear_keys()
171 os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN); in eap_aka_clear_keys()
172 os_memset(data->k_re, 0, EAP_AKA_PRIME_K_RE_LEN); in eap_aka_clear_keys()
174 os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN); in eap_aka_clear_keys()
175 os_memset(data->emsk, 0, EAP_EMSK_LEN); in eap_aka_clear_keys()
176 os_memset(data->autn, 0, EAP_AKA_AUTN_LEN); in eap_aka_clear_keys()
177 os_memset(data->auts, 0, EAP_AKA_AUTS_LEN); in eap_aka_clear_keys()
183 struct eap_aka_data *data = priv; in eap_aka_deinit() local
184 if (data) { in eap_aka_deinit()
185 os_free(data->pseudonym); in eap_aka_deinit()
186 os_free(data->reauth_id); in eap_aka_deinit()
187 os_free(data->mk_identity); in eap_aka_deinit()
188 wpabuf_free(data->id_msgs); in eap_aka_deinit()
189 os_free(data->network_name); in eap_aka_deinit()
190 eap_aka_clear_keys(data, 0); in eap_aka_deinit()
192 crypto_rsa_key_free(data->imsi_privacy_key); in eap_aka_deinit()
194 os_free(data); in eap_aka_deinit()
199 static int eap_aka_ext_sim_req(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_ext_sim_req() argument
208 pos += wpa_snprintf_hex(pos, end - pos, data->rand, EAP_AKA_RAND_LEN); in eap_aka_ext_sim_req()
210 wpa_snprintf_hex(pos, end - pos, data->autn, EAP_AKA_AUTN_LEN); in eap_aka_ext_sim_req()
217 static int eap_aka_ext_sim_result(struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_ext_sim_result() argument
230 if (hexstr2bin(pos, data->auts, EAP_AKA_AUTS_LEN) < 0) in eap_aka_ext_sim_result()
232 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: AUTS", data->auts, in eap_aka_ext_sim_result()
245 wpa_hexdump(MSG_DEBUG, "EAP-AKA: RAND", data->rand, EAP_AKA_RAND_LEN); in eap_aka_ext_sim_result()
247 if (hexstr2bin(pos, data->ik, EAP_AKA_IK_LEN) < 0) in eap_aka_ext_sim_result()
249 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", data->ik, EAP_AKA_IK_LEN); in eap_aka_ext_sim_result()
255 if (hexstr2bin(pos, data->ck, EAP_AKA_CK_LEN) < 0) in eap_aka_ext_sim_result()
257 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", data->ck, EAP_AKA_CK_LEN); in eap_aka_ext_sim_result()
263 data->res_len = os_strlen(pos) / 2; in eap_aka_ext_sim_result()
264 if (data->res_len > EAP_AKA_RES_MAX_LEN) { in eap_aka_ext_sim_result()
265 data->res_len = 0; in eap_aka_ext_sim_result()
268 if (hexstr2bin(pos, data->res, data->res_len) < 0) in eap_aka_ext_sim_result()
270 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: RES", data->res, data->res_len); in eap_aka_ext_sim_result()
282 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_umts_auth() argument
294 return eap_aka_ext_sim_result(sm, data, conf); in eap_aka_umts_auth()
296 return eap_aka_ext_sim_req(sm, data); in eap_aka_umts_auth()
300 return scard_umts_auth(sm->scard_ctx, data->rand, in eap_aka_umts_auth()
301 data->autn, data->res, &data->res_len, in eap_aka_umts_auth()
302 data->ik, data->ck, data->auts); in eap_aka_umts_auth()
334 return milenage_check(opc, k, sqn, data->rand, data->autn, in eap_aka_umts_auth()
335 data->ik, data->ck, in eap_aka_umts_auth()
336 data->res, &data->res_len, data->auts); in eap_aka_umts_auth()
346 os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN); in eap_aka_umts_auth()
347 data->res_len = EAP_AKA_RES_MAX_LEN; in eap_aka_umts_auth()
348 os_memset(data->ik, '3', EAP_AKA_IK_LEN); in eap_aka_umts_auth()
349 os_memset(data->ck, '4', EAP_AKA_CK_LEN); in eap_aka_umts_auth()
353 if (os_memcmp_const(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) { in eap_aka_umts_auth()
385 struct eap_aka_data *data, int id) in eap_aka_clear_identities() argument
387 if ((id & CLEAR_PSEUDONYM) && data->pseudonym) { in eap_aka_clear_identities()
389 os_free(data->pseudonym); in eap_aka_clear_identities()
390 data->pseudonym = NULL; in eap_aka_clear_identities()
391 data->pseudonym_len = 0; in eap_aka_clear_identities()
392 if (data->use_pseudonym) in eap_aka_clear_identities()
395 if ((id & CLEAR_REAUTH_ID) && data->reauth_id) { in eap_aka_clear_identities()
397 os_free(data->reauth_id); in eap_aka_clear_identities()
398 data->reauth_id = NULL; in eap_aka_clear_identities()
399 data->reauth_id_len = 0; in eap_aka_clear_identities()
404 static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_learn_ids() argument
417 os_free(data->pseudonym); in eap_aka_learn_ids()
427 data->pseudonym = os_malloc(attr->next_pseudonym_len + in eap_aka_learn_ids()
429 if (data->pseudonym == NULL) { in eap_aka_learn_ids()
432 data->pseudonym_len = 0; in eap_aka_learn_ids()
435 os_memcpy(data->pseudonym, attr->next_pseudonym, in eap_aka_learn_ids()
438 os_memcpy(data->pseudonym + attr->next_pseudonym_len, in eap_aka_learn_ids()
441 data->pseudonym_len = attr->next_pseudonym_len + realm_len; in eap_aka_learn_ids()
442 if (data->use_pseudonym) in eap_aka_learn_ids()
443 eap_set_anon_id(sm, data->pseudonym, in eap_aka_learn_ids()
444 data->pseudonym_len); in eap_aka_learn_ids()
448 os_free(data->reauth_id); in eap_aka_learn_ids()
449 data->reauth_id = os_memdup(attr->next_reauth_id, in eap_aka_learn_ids()
451 if (data->reauth_id == NULL) { in eap_aka_learn_ids()
454 data->reauth_id_len = 0; in eap_aka_learn_ids()
457 data->reauth_id_len = attr->next_reauth_id_len; in eap_aka_learn_ids()
460 data->reauth_id, in eap_aka_learn_ids()
461 data->reauth_id_len); in eap_aka_learn_ids()
468 static int eap_aka_add_id_msg(struct eap_aka_data *data, in eap_aka_add_id_msg() argument
480 if (!data->id_msgs) { in eap_aka_add_id_msg()
481 data->id_msgs = wpabuf_alloc(len); in eap_aka_add_id_msg()
482 if (!data->id_msgs) in eap_aka_add_id_msg()
484 } else if (wpabuf_resize(&data->id_msgs, len) < 0) { in eap_aka_add_id_msg()
488 wpabuf_put_buf(data->id_msgs, msg1); in eap_aka_add_id_msg()
490 wpabuf_put_buf(data->id_msgs, msg2); in eap_aka_add_id_msg()
496 static void eap_aka_add_checkcode(struct eap_aka_data *data, in eap_aka_add_checkcode() argument
505 if (data->id_msgs == NULL) { in eap_aka_add_checkcode()
515 addr = wpabuf_head(data->id_msgs); in eap_aka_add_checkcode()
516 len = wpabuf_len(data->id_msgs); in eap_aka_add_checkcode()
517 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len); in eap_aka_add_checkcode()
519 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_add_checkcode()
526 data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_add_checkcode()
531 static int eap_aka_verify_checkcode(struct eap_aka_data *data, in eap_aka_verify_checkcode() argument
542 if (data->id_msgs == NULL) { in eap_aka_verify_checkcode()
552 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_verify_checkcode()
563 addr = wpabuf_head(data->id_msgs); in eap_aka_verify_checkcode()
564 len = wpabuf_len(data->id_msgs); in eap_aka_verify_checkcode()
566 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_checkcode()
581 static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id, in eap_aka_client_error() argument
586 eap_aka_state(data, FAILURE); in eap_aka_client_error()
587 data->num_id_req = 0; in eap_aka_client_error()
588 data->num_notification = 0; in eap_aka_client_error()
592 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_client_error()
595 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_client_error()
599 static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data, in eap_aka_authentication_reject() argument
604 eap_aka_state(data, FAILURE); in eap_aka_authentication_reject()
605 data->num_id_req = 0; in eap_aka_authentication_reject()
606 data->num_notification = 0; in eap_aka_authentication_reject()
610 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_authentication_reject()
612 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_authentication_reject()
617 struct eap_aka_data *data, u8 id, struct eap_sim_attrs *attr) in eap_aka_synchronization_failure() argument
621 data->num_id_req = 0; in eap_aka_synchronization_failure()
622 data->num_notification = 0; in eap_aka_synchronization_failure()
626 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_synchronization_failure()
629 eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts, in eap_aka_synchronization_failure()
631 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_synchronization_failure()
640 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_synchronization_failure()
694 struct eap_aka_data *data, in eap_aka_response_identity() argument
705 data->reauth = 0; in eap_aka_response_identity()
706 if (id_req == ANY_ID && data->reauth_id) { in eap_aka_response_identity()
707 identity = data->reauth_id; in eap_aka_response_identity()
708 identity_len = data->reauth_id_len; in eap_aka_response_identity()
709 data->reauth = 1; in eap_aka_response_identity()
711 data->pseudonym && in eap_aka_response_identity()
712 !eap_sim_anonymous_username(data->pseudonym, in eap_aka_response_identity()
713 data->pseudonym_len)) { in eap_aka_response_identity()
714 identity = data->pseudonym; in eap_aka_response_identity()
715 identity_len = data->pseudonym_len; in eap_aka_response_identity()
716 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_response_identity()
722 if (data->pseudonym && in eap_aka_response_identity()
723 eap_sim_anonymous_username(data->pseudonym, in eap_aka_response_identity()
724 data->pseudonym_len)) in eap_aka_response_identity()
726 eap_aka_clear_identities(sm, data, ids); in eap_aka_response_identity()
733 if (identity && data->imsi_privacy_key) { in eap_aka_response_identity()
740 data->imsi_privacy_key, in eap_aka_response_identity()
746 data, id, in eap_aka_response_identity()
751 os_free(data->mk_identity); in eap_aka_response_identity()
752 data->mk_identity = os_memdup(identity, identity_len); in eap_aka_response_identity()
753 data->mk_identity_len = identity_len; in eap_aka_response_identity()
761 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_identity()
773 os_free(data->mk_identity); in eap_aka_response_identity()
774 data->mk_identity = os_memdup( in eap_aka_response_identity()
777 data->mk_identity_len = config->imsi_identity_len; in eap_aka_response_identity()
781 os_free(data->mk_identity); in eap_aka_response_identity()
782 data->mk_identity = os_memdup(identity, identity_len); in eap_aka_response_identity()
783 data->mk_identity_len = identity_len; in eap_aka_response_identity()
788 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_response_identity()
792 static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data, in eap_aka_response_challenge() argument
798 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_challenge()
801 eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, in eap_aka_response_challenge()
802 data->res, data->res_len); in eap_aka_response_challenge()
803 eap_aka_add_checkcode(data, msg); in eap_aka_response_challenge()
804 if (data->use_result_ind) { in eap_aka_response_challenge()
810 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, (u8 *) "", in eap_aka_response_challenge()
815 static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data, in eap_aka_response_reauth() argument
824 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_reauth()
833 counter = data->counter_too_small; in eap_aka_response_reauth()
835 counter = data->counter; in eap_aka_response_reauth()
840 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { in eap_aka_response_reauth()
846 eap_aka_add_checkcode(data, msg); in eap_aka_response_reauth()
847 if (data->use_result_ind) { in eap_aka_response_reauth()
853 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, nonce_s, in eap_aka_response_reauth()
858 static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data, in eap_aka_response_notification() argument
862 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL; in eap_aka_response_notification()
865 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_notification()
867 if (k_aut && data->reauth) { in eap_aka_response_notification()
872 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter); in eap_aka_response_notification()
873 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, in eap_aka_response_notification()
875 if (eap_sim_msg_add_encr_end(msg, data->k_encr, in eap_aka_response_notification()
887 return eap_sim_msg_finish(msg, data->eap_method, k_aut, (u8 *) "", 0); in eap_aka_response_notification()
892 struct eap_aka_data *data, in eap_aka_process_identity() argument
907 if (data->num_id_req > 0) in eap_aka_process_identity()
909 data->num_id_req++; in eap_aka_process_identity()
912 if (data->num_id_req > 1) in eap_aka_process_identity()
914 data->num_id_req++; in eap_aka_process_identity()
917 if (data->num_id_req > 2) in eap_aka_process_identity()
919 data->num_id_req++; in eap_aka_process_identity()
925 return eap_aka_client_error(data, id, in eap_aka_process_identity()
929 buf = eap_aka_response_identity(sm, data, id, attr->id_req); in eap_aka_process_identity()
931 if (data->prev_id != id) { in eap_aka_process_identity()
932 if (eap_aka_add_id_msg(data, reqData, buf) < 0) { in eap_aka_process_identity()
937 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_identity()
939 data->prev_id = id; in eap_aka_process_identity()
946 static int eap_aka_verify_mac(struct eap_aka_data *data, in eap_aka_verify_mac() argument
951 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_mac()
952 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra, in eap_aka_verify_mac()
954 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len); in eap_aka_verify_mac()
959 static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data, in eap_aka_prime_kdf_select() argument
964 data->kdf_negotiation = 1; in eap_aka_prime_kdf_select()
965 data->kdf = kdf; in eap_aka_prime_kdf_select()
968 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_prime_kdf_select()
972 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_prime_kdf_select()
976 static struct wpabuf * eap_aka_prime_kdf_neg(struct eap_aka_data *data, in eap_aka_prime_kdf_neg() argument
983 os_memcpy(data->last_kdf_attrs, attr->kdf, in eap_aka_prime_kdf_neg()
985 data->last_kdf_count = attr->kdf_count; in eap_aka_prime_kdf_neg()
986 return eap_aka_prime_kdf_select(data, id, in eap_aka_prime_kdf_neg()
993 return eap_aka_authentication_reject(data, id); in eap_aka_prime_kdf_neg()
997 static int eap_aka_prime_kdf_valid(struct eap_aka_data *data, in eap_aka_prime_kdf_valid() argument
1008 if (data->kdf_negotiation) { in eap_aka_prime_kdf_valid()
1015 if (attr->kdf[0] != data->kdf) { in eap_aka_prime_kdf_valid()
1022 attr->kdf_count != data->last_kdf_count + 1) { in eap_aka_prime_kdf_valid()
1029 if (attr->kdf[i] != data->last_kdf_attrs[i - 1]) { in eap_aka_prime_kdf_valid()
1037 for (i = data->kdf ? 1 : 0; i < attr->kdf_count; i++) { in eap_aka_prime_kdf_valid()
1053 struct eap_aka_data *data, in eap_aka_process_challenge() argument
1066 eap_aka_verify_checkcode(data, attr->checkcode, in eap_aka_process_challenge()
1074 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1080 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1085 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1087 os_free(data->network_name); in eap_aka_process_challenge()
1088 data->network_name = os_memdup(attr->kdf_input, in eap_aka_process_challenge()
1090 if (data->network_name == NULL) { in eap_aka_process_challenge()
1093 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1095 data->network_name_len = attr->kdf_input_len; in eap_aka_process_challenge()
1098 data->network_name, data->network_name_len); in eap_aka_process_challenge()
1101 res = eap_aka_prime_kdf_valid(data, attr); in eap_aka_process_challenge()
1103 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1106 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_challenge()
1109 return eap_aka_prime_kdf_neg(data, id, attr); in eap_aka_process_challenge()
1111 data->kdf = EAP_AKA_PRIME_KDF; in eap_aka_process_challenge()
1112 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf); in eap_aka_process_challenge()
1115 if (data->eap_method == EAP_TYPE_AKA && attr->bidding) { in eap_aka_process_challenge()
1123 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1128 data->reauth = 0; in eap_aka_process_challenge()
1135 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1138 os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN); in eap_aka_process_challenge()
1139 os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN); in eap_aka_process_challenge()
1141 res = eap_aka_umts_auth(sm, data); in eap_aka_process_challenge()
1145 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1149 return eap_aka_synchronization_failure(data, id, attr); in eap_aka_process_challenge()
1155 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1159 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1162 u16 amf = WPA_GET_BE16(data->autn + 6); in eap_aka_process_challenge()
1166 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1168 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik, in eap_aka_process_challenge()
1169 data->autn, in eap_aka_process_challenge()
1170 data->network_name, in eap_aka_process_challenge()
1171 data->network_name_len); in eap_aka_process_challenge()
1175 identity = data->mk_identity; in eap_aka_process_challenge()
1176 identity_len = data->mk_identity_len; in eap_aka_process_challenge()
1179 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1180 eap_aka_prime_derive_keys(identity, identity_len, data->ik, in eap_aka_process_challenge()
1181 data->ck, data->k_encr, data->k_aut, in eap_aka_process_challenge()
1182 data->k_re, data->msk, data->emsk); in eap_aka_process_challenge()
1184 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck, in eap_aka_process_challenge()
1185 data->mk); in eap_aka_process_challenge()
1186 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, in eap_aka_process_challenge()
1187 data->msk, data->emsk); in eap_aka_process_challenge()
1189 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_challenge()
1196 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1205 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_process_challenge()
1209 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_challenge()
1214 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_challenge()
1216 eap_aka_learn_ids(sm, data, &eattr); in eap_aka_process_challenge()
1220 if (data->result_ind && attr->result_ind) in eap_aka_process_challenge()
1221 data->use_result_ind = 1; in eap_aka_process_challenge()
1223 if (data->state != FAILURE) { in eap_aka_process_challenge()
1224 eap_aka_state(data, data->use_result_ind ? in eap_aka_process_challenge()
1228 data->num_id_req = 0; in eap_aka_process_challenge()
1229 data->num_notification = 0; in eap_aka_process_challenge()
1233 data->counter = 0; in eap_aka_process_challenge()
1234 return eap_aka_response_challenge(data, id); in eap_aka_process_challenge()
1238 static int eap_aka_process_notification_reauth(struct eap_aka_data *data, in eap_aka_process_notification_reauth() argument
1246 "reauth did not include encrypted data"); in eap_aka_process_notification_reauth()
1250 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_notification_reauth()
1255 "data from notification message"); in eap_aka_process_notification_reauth()
1259 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) { in eap_aka_process_notification_reauth()
1272 static int eap_aka_process_notification_auth(struct eap_aka_data *data, in eap_aka_process_notification_auth() argument
1282 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_notification_auth()
1288 if (data->reauth && in eap_aka_process_notification_auth()
1289 eap_aka_process_notification_reauth(data, attr)) { in eap_aka_process_notification_auth()
1300 struct eap_sm *sm, struct eap_aka_data *data, u8 id, in eap_aka_process_notification() argument
1304 if (data->num_notification > 0) { in eap_aka_process_notification()
1307 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1310 data->num_notification++; in eap_aka_process_notification()
1314 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1319 eap_aka_process_notification_auth(data, reqData, attr)) { in eap_aka_process_notification()
1320 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1326 data->error_code = attr->notification; in eap_aka_process_notification()
1327 eap_aka_state(data, FAILURE); in eap_aka_process_notification()
1329 data->state == RESULT_SUCCESS) in eap_aka_process_notification()
1330 eap_aka_state(data, SUCCESS); in eap_aka_process_notification()
1331 return eap_aka_response_notification(data, id, attr->notification); in eap_aka_process_notification()
1336 struct eap_sm *sm, struct eap_aka_data *data, u8 id, in eap_aka_process_reauthentication() argument
1345 eap_aka_verify_checkcode(data, attr->checkcode, in eap_aka_process_reauthentication()
1354 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1358 if (data->reauth_id == NULL) { in eap_aka_process_reauthentication()
1361 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1365 data->reauth = 1; in eap_aka_process_reauthentication()
1366 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_reauthentication()
1369 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1377 os_memcpy(data->reauth_mac, attr->mac, EAP_SIM_MAC_LEN); in eap_aka_process_reauthentication()
1379 data->reauth_mac, EAP_SIM_MAC_LEN); in eap_aka_process_reauthentication()
1383 "message did not include encrypted data"); in eap_aka_process_reauthentication()
1384 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1388 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_reauthentication()
1393 "data from reauthentication message"); in eap_aka_process_reauthentication()
1394 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1403 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1407 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) { in eap_aka_process_reauthentication()
1410 "(%d <= %d)", eattr.counter, data->counter); in eap_aka_process_reauthentication()
1411 data->counter_too_small = eattr.counter; in eap_aka_process_reauthentication()
1416 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_process_reauthentication()
1418 res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s); in eap_aka_process_reauthentication()
1423 data->counter = eattr.counter; in eap_aka_process_reauthentication()
1425 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
1427 data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
1429 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_reauthentication()
1430 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter, in eap_aka_process_reauthentication()
1431 data->reauth_id, in eap_aka_process_reauthentication()
1432 data->reauth_id_len, in eap_aka_process_reauthentication()
1433 data->nonce_s, in eap_aka_process_reauthentication()
1434 data->msk, data->emsk); in eap_aka_process_reauthentication()
1436 eap_sim_derive_keys_reauth(data->counter, data->reauth_id, in eap_aka_process_reauthentication()
1437 data->reauth_id_len, in eap_aka_process_reauthentication()
1438 data->nonce_s, data->mk, in eap_aka_process_reauthentication()
1439 data->msk, data->emsk); in eap_aka_process_reauthentication()
1441 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_process_reauthentication()
1442 eap_aka_learn_ids(sm, data, &eattr); in eap_aka_process_reauthentication()
1444 if (data->result_ind && attr->result_ind) in eap_aka_process_reauthentication()
1445 data->use_result_ind = 1; in eap_aka_process_reauthentication()
1447 if (data->state != FAILURE) { in eap_aka_process_reauthentication()
1448 eap_aka_state(data, data->use_result_ind ? in eap_aka_process_reauthentication()
1452 data->num_id_req = 0; in eap_aka_process_reauthentication()
1453 data->num_notification = 0; in eap_aka_process_reauthentication()
1454 if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) { in eap_aka_process_reauthentication()
1457 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_process_reauthentication()
1460 return eap_aka_response_reauth(data, id, 0, data->nonce_s); in eap_aka_process_reauthentication()
1468 struct eap_aka_data *data = priv; in eap_aka_process() local
1476 wpa_hexdump_buf(MSG_DEBUG, "EAP-AKA: EAP data", reqData); in eap_aka_process()
1484 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData, in eap_aka_process()
1504 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1, in eap_aka_process()
1506 res = eap_aka_client_error(data, id, in eap_aka_process()
1513 res = eap_aka_process_identity(sm, data, id, reqData, &attr); in eap_aka_process()
1516 res = eap_aka_process_challenge(sm, data, id, reqData, &attr); in eap_aka_process()
1519 res = eap_aka_process_notification(sm, data, id, reqData, in eap_aka_process()
1523 res = eap_aka_process_reauthentication(sm, data, id, reqData, in eap_aka_process()
1528 res = eap_aka_client_error(data, id, in eap_aka_process()
1533 res = eap_aka_client_error(data, id, in eap_aka_process()
1539 if (data->state == FAILURE) { in eap_aka_process()
1542 } else if (data->state == SUCCESS) { in eap_aka_process()
1543 ret->decision = data->use_result_ind ? in eap_aka_process()
1550 ret->methodState = data->use_result_ind ? in eap_aka_process()
1552 } else if (data->state == RESULT_SUCCESS) in eap_aka_process()
1565 struct eap_aka_data *data = priv; in eap_aka_has_reauth_data() local
1566 return data->pseudonym || data->reauth_id; in eap_aka_has_reauth_data()
1572 struct eap_aka_data *data = priv; in eap_aka_deinit_for_reauth() local
1574 os_free(data->mk_identity); in eap_aka_deinit_for_reauth()
1575 data->mk_identity = NULL; in eap_aka_deinit_for_reauth()
1576 data->mk_identity_len = 0; in eap_aka_deinit_for_reauth()
1577 data->prev_id = -1; in eap_aka_deinit_for_reauth()
1578 wpabuf_free(data->id_msgs); in eap_aka_deinit_for_reauth()
1579 data->id_msgs = NULL; in eap_aka_deinit_for_reauth()
1580 data->use_result_ind = 0; in eap_aka_deinit_for_reauth()
1581 data->kdf_negotiation = 0; in eap_aka_deinit_for_reauth()
1582 eap_aka_clear_keys(data, 1); in eap_aka_deinit_for_reauth()
1588 struct eap_aka_data *data = priv; in eap_aka_init_for_reauth() local
1593 os_free(data->mk_identity); in eap_aka_init_for_reauth()
1594 data->mk_identity = os_memdup(sm->identity, sm->identity_len); in eap_aka_init_for_reauth()
1595 data->mk_identity_len = sm->identity_len; in eap_aka_init_for_reauth()
1598 data->num_id_req = 0; in eap_aka_init_for_reauth()
1599 data->num_notification = 0; in eap_aka_init_for_reauth()
1600 eap_aka_state(data, CONTINUE); in eap_aka_init_for_reauth()
1608 struct eap_aka_data *data = priv; in eap_aka_get_identity() local
1610 if (data->reauth_id) { in eap_aka_get_identity()
1611 *len = data->reauth_id_len; in eap_aka_get_identity()
1612 return data->reauth_id; in eap_aka_get_identity()
1615 if (data->pseudonym) { in eap_aka_get_identity()
1616 *len = data->pseudonym_len; in eap_aka_get_identity()
1617 return data->pseudonym; in eap_aka_get_identity()
1626 struct eap_aka_data *data = priv; in eap_aka_isKeyAvailable() local
1627 return data->state == SUCCESS; in eap_aka_isKeyAvailable()
1633 struct eap_aka_data *data = priv; in eap_aka_getKey() local
1636 if (data->state != SUCCESS) in eap_aka_getKey()
1639 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); in eap_aka_getKey()
1651 struct eap_aka_data *data = priv; in eap_aka_get_session_id() local
1654 if (data->state != SUCCESS) in eap_aka_get_session_id()
1657 if (!data->reauth) in eap_aka_get_session_id()
1665 id[0] = data->eap_method; in eap_aka_get_session_id()
1666 if (!data->reauth) { in eap_aka_get_session_id()
1667 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN); in eap_aka_get_session_id()
1668 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, in eap_aka_get_session_id()
1671 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_get_session_id()
1672 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac, in eap_aka_get_session_id()
1683 struct eap_aka_data *data = priv; in eap_aka_get_emsk() local
1686 if (data->state != SUCCESS) in eap_aka_get_emsk()
1689 key = os_memdup(data->emsk, EAP_EMSK_LEN); in eap_aka_get_emsk()
1701 struct eap_aka_data *data = priv; in eap_aka_get_error_code() local
1704 if (!data) in eap_aka_get_error_code()
1707 current_data_error = data->error_code; in eap_aka_get_error_code()
1710 data->error_code = NO_EAP_METHOD_ERROR; in eap_aka_get_error_code()