37 		IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE  enumerator
65 	case IDENTITY:  in eap_aka_state_txt()
66 		return "IDENTITY";  in eap_aka_state_txt()
107 		wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "  in eap_aka_check_identity_reauth()
108 			   "request full auth identity");  in eap_aka_check_identity_reauth()
109 		/* Remain in IDENTITY state for another round */  in eap_aka_check_identity_reauth()
118 				   "EAP-AKA: Permanent identity recognized - skip AKA-Identity exchange");  in eap_aka_check_identity_reauth()
159 	const u8 *identity = sm->identity;  in eap_aka_check_identity()  local
163 		identity = (const u8 *) sm->sim_aka_permanent;  in eap_aka_check_identity()
167 	/* Check if we already know the identity from EAP-Response/Identity */  in eap_aka_check_identity()
169 	username = sim_get_username(identity, identity_len);  in eap_aka_check_identity()
176 		 * Since re-auth username was recognized, skip AKA/Identity  in eap_aka_check_identity()
182 	if (sm->sim_aka_permanent[0] && data->state == IDENTITY) {  in eap_aka_check_identity()
183 		/* Skip AKA/Identity exchange since the permanent identity  in eap_aka_check_identity()
204 				   "identity - request permanent identity");  in eap_aka_check_identity()
205 			/* Remain in IDENTITY state for another round */  in eap_aka_check_identity()
211 		 * Since pseudonym username was recognized, skip AKA/Identity  in eap_aka_check_identity()
236 	data->state = IDENTITY;  in eap_aka_init()
269 	data->state = IDENTITY;  in eap_aka_prime_init()
319 		 * No EAP-AKA/Identity packets were exchanged - send empty  in eap_aka_add_checkcode()
326 	/* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */  in eap_aka_add_checkcode()
355 				   "indicates that AKA/Identity messages were "  in eap_aka_verify_checkcode()
367 			   "that AKA/Identity message were not used, but they "  in eap_aka_verify_checkcode()
372 	/* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */  in eap_aka_verify_checkcode()
395 	wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity");  in eap_aka_build_identity()
401 		 * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is  in eap_aka_build_identity()
402 		 * ignored and the AKA/Identity is used to request the  in eap_aka_build_identity()
403 		 * identity.  in eap_aka_build_identity()
408 		/* Cannot use more than three rounds of Identity messages */  in eap_aka_build_identity()
411 	} else if (sm->identity && sm->identity_len > 0 &&  in eap_aka_build_identity()
412 		   (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||  in eap_aka_build_identity()
413 		    sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) {  in eap_aka_build_identity()
603 						 sm->identity,  in eap_aka_build_reauth()
610 		eap_sim_derive_keys_reauth(data->counter, sm->identity,  in eap_aka_build_reauth()
690 	case IDENTITY:  in eap_aka_buildReq()
732 	case IDENTITY:  in eap_aka_subtype_ok()
776 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",  in eap_aka_determine_identity()
777 			  sm->identity, sm->identity_len);  in eap_aka_determine_identity()
779 	username = sim_get_username(sm->identity, sm->identity_len);  in eap_aka_determine_identity()
793 		/* Remain in IDENTITY state for another round to request full  in eap_aka_determine_identity()
794 		 * auth identity since we did not recognize reauth id */  in eap_aka_determine_identity()
811 				   "identity - request permanent identity");  in eap_aka_determine_identity()
812 			/* Remain in IDENTITY state for another round */  in eap_aka_determine_identity()
826 	} else if (sm->identity_len > 1 && sm->identity[0] == '\0') {  in eap_aka_determine_identity()
837 				   "EAP-AKA: Received encrypted identity, but no IMSI privacy key configured to decrypt it");  in eap_aka_determine_identity()
841 		enc_id = (char *) &sm->identity[1];  in eap_aka_determine_identity()
842 		end = (char *) &sm->identity[sm->identity_len];  in eap_aka_determine_identity()
850 				  "EAP-AKA: Encrypted permanent identity",  in eap_aka_determine_identity()
855 				   "EAP-AKA: Could not base64 decode encrypted identity");  in eap_aka_determine_identity()
859 			    "EAP-AKA: Decoded encrypted permanent identity",  in eap_aka_determine_identity()
870 				   "EAP-AKA: Failed to decrypt encrypted identity");  in eap_aka_determine_identity()
873 		wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Decrypted permanent identity",  in eap_aka_determine_identity()
885 		os_free(sm->identity);  in eap_aka_determine_identity()
886 		sm->identity = new_id;  in eap_aka_determine_identity()
956 	while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {  in eap_aka_fullauth()
958 			   "character from identity");  in eap_aka_fullauth()
961 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",  in eap_aka_fullauth()
962 			  sm->identity, identity_len);  in eap_aka_fullauth()
965 		eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,  in eap_aka_fullauth()
969 		eap_aka_derive_mk(sm->identity, identity_len, data->ik,  in eap_aka_fullauth()
986 	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");  in eap_aka_process_identity()
990 			   "received in EAP-Response/AKA-Identity");  in eap_aka_process_identity()
997 	 * We always request identity with AKA/Identity, so the peer is  in eap_aka_process_identity()
1000 	if (!attr->identity || attr->identity_len == 0) {  in eap_aka_process_identity()
1002 			   "identity");  in eap_aka_process_identity()
1014 	os_free(sm->identity);  in eap_aka_process_identity()
1015 	sm->identity = new_identity;  in eap_aka_process_identity()
1016 	os_memcpy(sm->identity, attr->identity, attr->identity_len);  in eap_aka_process_identity()
1355 	case IDENTITY:  in eap_aka_process()