Lines Matching full:data

59 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data);
83 static void eap_aka_state(struct eap_aka_data *data, int state) in eap_aka_state() argument
86 eap_aka_state_txt(data->state), in eap_aka_state()
88 data->state = state; in eap_aka_state()
93 struct eap_aka_data *data, in eap_aka_check_identity_reauth() argument
96 if (data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_check_identity_reauth()
99 if (data->eap_method == EAP_TYPE_AKA && in eap_aka_check_identity_reauth()
104 data->reauth = eap_sim_db_get_reauth_entry(sm->cfg->eap_sim_db_priv, in eap_aka_check_identity_reauth()
106 if (data->reauth == NULL) { in eap_aka_check_identity_reauth()
113 if (data->reauth->counter > sm->cfg->eap_sim_aka_fast_reauth_limit) { in eap_aka_check_identity_reauth()
119 os_strlcpy(data->permanent, data->reauth->permanent, in eap_aka_check_identity_reauth()
120 sizeof(data->permanent)); in eap_aka_check_identity_reauth()
122 data->reauth->permanent, in eap_aka_check_identity_reauth()
125 data->reauth); in eap_aka_check_identity_reauth()
126 data->reauth = NULL; in eap_aka_check_identity_reauth()
127 eap_aka_fullauth(sm, data); in eap_aka_check_identity_reauth()
135 data->reauth->counter); in eap_aka_check_identity_reauth()
136 os_strlcpy(data->permanent, data->reauth->permanent, in eap_aka_check_identity_reauth()
137 sizeof(data->permanent)); in eap_aka_check_identity_reauth()
138 data->counter = data->reauth->counter; in eap_aka_check_identity_reauth()
139 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_check_identity_reauth()
140 os_memcpy(data->k_encr, data->reauth->k_encr, in eap_aka_check_identity_reauth()
142 os_memcpy(data->k_aut, data->reauth->k_aut, in eap_aka_check_identity_reauth()
144 os_memcpy(data->k_re, data->reauth->k_re, in eap_aka_check_identity_reauth()
147 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN); in eap_aka_check_identity_reauth()
150 eap_aka_state(data, REAUTH); in eap_aka_check_identity_reauth()
156 struct eap_aka_data *data) in eap_aka_check_identity() argument
173 if (eap_aka_check_identity_reauth(sm, data, username) > 0) { in eap_aka_check_identity()
182 if (sm->sim_aka_permanent[0] && data->state == IDENTITY) { in eap_aka_check_identity()
186 os_strlcpy(data->permanent, sm->sim_aka_permanent, in eap_aka_check_identity()
187 sizeof(data->permanent)); in eap_aka_check_identity()
188 eap_aka_fullauth(sm, data); in eap_aka_check_identity()
192 if ((data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_check_identity()
194 (data->eap_method == EAP_TYPE_AKA && in eap_aka_check_identity()
208 os_strlcpy(data->permanent, permanent, in eap_aka_check_identity()
209 sizeof(data->permanent)); in eap_aka_check_identity()
214 eap_aka_fullauth(sm, data); in eap_aka_check_identity()
223 struct eap_aka_data *data; in eap_aka_init() local
230 data = os_zalloc(sizeof(*data)); in eap_aka_init()
231 if (data == NULL) in eap_aka_init()
234 data->eap_method = EAP_TYPE_AKA; in eap_aka_init()
236 data->state = IDENTITY; in eap_aka_init()
237 data->pending_id = -1; in eap_aka_init()
238 eap_aka_check_identity(sm, data); in eap_aka_init()
240 return data; in eap_aka_init()
247 struct eap_aka_data *data; in eap_aka_prime_init() local
256 data = os_zalloc(sizeof(*data)); in eap_aka_prime_init()
257 if (data == NULL) in eap_aka_prime_init()
260 data->eap_method = EAP_TYPE_AKA_PRIME; in eap_aka_prime_init()
261 data->network_name = (u8 *) os_strdup(network_name); in eap_aka_prime_init()
262 if (data->network_name == NULL) { in eap_aka_prime_init()
263 os_free(data); in eap_aka_prime_init()
267 data->network_name_len = os_strlen(network_name); in eap_aka_prime_init()
269 data->state = IDENTITY; in eap_aka_prime_init()
270 data->pending_id = -1; in eap_aka_prime_init()
271 eap_aka_check_identity(sm, data); in eap_aka_prime_init()
273 return data; in eap_aka_prime_init()
280 struct eap_aka_data *data = priv; in eap_aka_reset() local
281 os_free(data->next_pseudonym); in eap_aka_reset()
282 os_free(data->next_reauth_id); in eap_aka_reset()
283 wpabuf_free(data->id_msgs); in eap_aka_reset()
284 os_free(data->network_name); in eap_aka_reset()
285 bin_clear_free(data, sizeof(*data)); in eap_aka_reset()
289 static int eap_aka_add_id_msg(struct eap_aka_data *data, in eap_aka_add_id_msg() argument
295 if (data->id_msgs == NULL) { in eap_aka_add_id_msg()
296 data->id_msgs = wpabuf_dup(msg); in eap_aka_add_id_msg()
297 return data->id_msgs == NULL ? -1 : 0; in eap_aka_add_id_msg()
300 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0) in eap_aka_add_id_msg()
302 wpabuf_put_buf(data->id_msgs, msg); in eap_aka_add_id_msg()
308 static void eap_aka_add_checkcode(struct eap_aka_data *data, in eap_aka_add_checkcode() argument
317 if (data->id_msgs == NULL) { in eap_aka_add_checkcode()
327 addr = wpabuf_head(data->id_msgs); in eap_aka_add_checkcode()
328 len = wpabuf_len(data->id_msgs); in eap_aka_add_checkcode()
329 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len); in eap_aka_add_checkcode()
330 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_add_checkcode()
336 data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_add_checkcode()
341 static int eap_aka_verify_checkcode(struct eap_aka_data *data, in eap_aka_verify_checkcode() argument
352 if (data->id_msgs == NULL) { in eap_aka_verify_checkcode()
362 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_verify_checkcode()
373 addr = wpabuf_head(data->id_msgs); in eap_aka_verify_checkcode()
374 len = wpabuf_len(data->id_msgs); in eap_aka_verify_checkcode()
375 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_checkcode()
390 struct eap_aka_data *data, u8 id) in eap_aka_build_identity() argument
396 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, in eap_aka_build_identity()
398 data->identity_round++; in eap_aka_build_identity()
399 if (data->identity_round == 1) { in eap_aka_build_identity()
407 } else if (data->identity_round > 3) { in eap_aka_build_identity()
421 buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_build_identity()
422 if (eap_aka_add_id_msg(data, buf) < 0) { in eap_aka_build_identity()
426 data->pending_id = id; in eap_aka_build_identity()
431 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_build_encr() argument
435 os_free(data->next_pseudonym); in eap_aka_build_encr()
438 data->next_pseudonym = NULL; in eap_aka_build_encr()
440 data->next_pseudonym = in eap_aka_build_encr()
443 data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_build_encr()
447 data->next_pseudonym = NULL; in eap_aka_build_encr()
449 os_free(data->next_reauth_id); in eap_aka_build_encr()
452 data->next_reauth_id = NULL; in eap_aka_build_encr()
453 } else if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) { in eap_aka_build_encr()
454 data->next_reauth_id = in eap_aka_build_encr()
457 data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_build_encr()
462 data->next_reauth_id = NULL; in eap_aka_build_encr()
465 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL && in eap_aka_build_encr()
484 if (data->next_pseudonym) { in eap_aka_build_encr()
486 data->next_pseudonym); in eap_aka_build_encr()
488 os_strlen(data->next_pseudonym), in eap_aka_build_encr()
489 (u8 *) data->next_pseudonym, in eap_aka_build_encr()
490 os_strlen(data->next_pseudonym)); in eap_aka_build_encr()
493 if (data->next_reauth_id) { in eap_aka_build_encr()
495 data->next_reauth_id); in eap_aka_build_encr()
497 os_strlen(data->next_reauth_id), in eap_aka_build_encr()
498 (u8 *) data->next_reauth_id, in eap_aka_build_encr()
499 os_strlen(data->next_reauth_id)); in eap_aka_build_encr()
502 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { in eap_aka_build_encr()
513 struct eap_aka_data *data, in eap_aka_build_challenge() argument
519 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, in eap_aka_build_challenge()
522 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN); in eap_aka_build_challenge()
524 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN); in eap_aka_build_challenge()
525 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_build_challenge()
526 if (data->kdf) { in eap_aka_build_challenge()
529 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf, in eap_aka_build_challenge()
537 data->network_name_len, in eap_aka_build_challenge()
538 data->network_name, data->network_name_len); in eap_aka_build_challenge()
541 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) { in eap_aka_build_challenge()
546 eap_aka_add_checkcode(data, msg); in eap_aka_build_challenge()
554 if (data->eap_method == EAP_TYPE_AKA) { in eap_aka_build_challenge()
584 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); in eap_aka_build_challenge()
589 struct eap_aka_data *data, u8 id) in eap_aka_build_reauth() argument
596 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN)) in eap_aka_build_reauth()
599 data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_build_reauth()
601 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_build_reauth()
602 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter, in eap_aka_build_reauth()
605 data->nonce_s, in eap_aka_build_reauth()
606 data->msk, data->emsk); in eap_aka_build_reauth()
608 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, in eap_aka_build_reauth()
609 data->msk, data->emsk); in eap_aka_build_reauth()
610 eap_sim_derive_keys_reauth(data->counter, sm->identity, in eap_aka_build_reauth()
611 sm->identity_len, data->nonce_s, in eap_aka_build_reauth()
612 data->mk, data->msk, data->emsk); in eap_aka_build_reauth()
615 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, in eap_aka_build_reauth()
618 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) { in eap_aka_build_reauth()
623 eap_aka_add_checkcode(data, msg); in eap_aka_build_reauth()
632 buf = eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); in eap_aka_build_reauth()
637 os_memcpy(data->reauth_mac, in eap_aka_build_reauth()
646 struct eap_aka_data *data, in eap_aka_build_notification() argument
652 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, in eap_aka_build_notification()
654 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification); in eap_aka_build_notification()
655 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification, in eap_aka_build_notification()
657 if (data->use_result_ind) { in eap_aka_build_notification()
658 if (data->reauth) { in eap_aka_build_notification()
664 data->counter); in eap_aka_build_notification()
665 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, in eap_aka_build_notification()
668 if (eap_sim_msg_add_encr_end(msg, data->k_encr, in eap_aka_build_notification()
680 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); in eap_aka_build_notification()
686 struct eap_aka_data *data = priv; in eap_aka_buildReq() local
688 data->auts_reported = 0; in eap_aka_buildReq()
689 switch (data->state) { in eap_aka_buildReq()
691 return eap_aka_build_identity(sm, data, id); in eap_aka_buildReq()
693 return eap_aka_build_challenge(sm, data, id); in eap_aka_buildReq()
695 return eap_aka_build_reauth(sm, data, id); in eap_aka_buildReq()
697 return eap_aka_build_notification(sm, data, id); in eap_aka_buildReq()
700 "buildReq", data->state); in eap_aka_buildReq()
710 struct eap_aka_data *data = priv; in eap_aka_check() local
714 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, in eap_aka_check()
725 static bool eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) in eap_aka_subtype_ok() argument
731 switch (data->state) { in eap_aka_subtype_ok()
763 "processing a response", data->state); in eap_aka_subtype_ok()
772 struct eap_aka_data *data) in eap_aka_determine_identity() argument
783 if (eap_aka_check_identity_reauth(sm, data, username) > 0) { in eap_aka_determine_identity()
788 if (((data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_determine_identity()
790 (data->eap_method == EAP_TYPE_AKA && in eap_aka_determine_identity()
792 data->identity_round == 1) { in eap_aka_determine_identity()
799 if ((data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_determine_identity()
801 (data->eap_method == EAP_TYPE_AKA && in eap_aka_determine_identity()
815 os_strlcpy(data->permanent, permanent, in eap_aka_determine_identity()
816 sizeof(data->permanent)); in eap_aka_determine_identity()
817 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_determine_identity()
819 (data->eap_method == EAP_TYPE_AKA && in eap_aka_determine_identity()
823 os_strlcpy(data->permanent, username, sizeof(data->permanent)); in eap_aka_determine_identity()
889 os_strlcpy(data->permanent, username, sizeof(data->permanent)); in eap_aka_determine_identity()
900 eap_aka_fullauth(sm, data); in eap_aka_determine_identity()
904 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_determine_identity()
905 eap_aka_state(data, NOTIFICATION); in eap_aka_determine_identity()
909 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_fullauth() argument
914 res = eap_sim_db_get_aka_auth(sm->cfg->eap_sim_db_priv, data->permanent, in eap_aka_fullauth()
915 data->rand, data->autn, data->ik, in eap_aka_fullauth()
916 data->ck, data->res, &data->res_len, sm); in eap_aka_fullauth()
918 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " in eap_aka_fullauth()
924 if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX || in eap_aka_fullauth()
925 data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) in eap_aka_fullauth()
926 os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi)); in eap_aka_fullauth()
929 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_fullauth()
932 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik, in eap_aka_fullauth()
933 data->autn, in eap_aka_fullauth()
934 data->network_name, in eap_aka_fullauth()
935 data->network_name_len); in eap_aka_fullauth()
939 data->reauth = NULL; in eap_aka_fullauth()
940 data->counter = 0; /* reset re-auth counter since this is full auth */ in eap_aka_fullauth()
944 "authentication data for the peer"); in eap_aka_fullauth()
945 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_fullauth()
946 eap_aka_state(data, NOTIFICATION); in eap_aka_fullauth()
950 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " in eap_aka_fullauth()
964 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_fullauth()
965 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik, in eap_aka_fullauth()
966 data->ck, data->k_encr, data->k_aut, in eap_aka_fullauth()
967 data->k_re, data->msk, data->emsk); in eap_aka_fullauth()
969 eap_aka_derive_mk(sm->identity, identity_len, data->ik, in eap_aka_fullauth()
970 data->ck, data->mk); in eap_aka_fullauth()
971 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, in eap_aka_fullauth()
972 data->msk, data->emsk); in eap_aka_fullauth()
975 eap_aka_state(data, CHALLENGE); in eap_aka_fullauth()
980 struct eap_aka_data *data, in eap_aka_process_identity() argument
991 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_identity()
992 eap_aka_state(data, NOTIFICATION); in eap_aka_process_identity()
1003 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_identity()
1004 eap_aka_state(data, NOTIFICATION); in eap_aka_process_identity()
1010 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_identity()
1011 eap_aka_state(data, NOTIFICATION); in eap_aka_process_identity()
1019 eap_aka_determine_identity(sm, data); in eap_aka_process_identity()
1020 if (eap_get_id(respData) == data->pending_id) { in eap_aka_process_identity()
1021 data->pending_id = -1; in eap_aka_process_identity()
1022 eap_aka_add_id_msg(data, respData); in eap_aka_process_identity()
1027 static int eap_aka_verify_mac(struct eap_aka_data *data, in eap_aka_verify_mac() argument
1032 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_mac()
1033 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra, in eap_aka_verify_mac()
1035 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len); in eap_aka_verify_mac()
1040 struct eap_aka_data *data, in eap_aka_process_challenge() argument
1050 if (data->eap_method == EAP_TYPE_AKA_PRIME && in eap_aka_process_challenge()
1055 data->notification = in eap_aka_process_challenge()
1057 eap_aka_state(data, NOTIFICATION); in eap_aka_process_challenge()
1061 data->kdf = attr->kdf[0]; in eap_aka_process_challenge()
1065 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf); in eap_aka_process_challenge()
1072 eap_aka_verify_checkcode(data, attr->checkcode, in eap_aka_process_challenge()
1076 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_challenge()
1077 eap_aka_state(data, NOTIFICATION); in eap_aka_process_challenge()
1081 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) { in eap_aka_process_challenge()
1084 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_challenge()
1085 eap_aka_state(data, NOTIFICATION); in eap_aka_process_challenge()
1093 if (attr->res == NULL || attr->res_len < data->res_len || in eap_aka_process_challenge()
1094 attr->res_len_bits != data->res_len * 8 || in eap_aka_process_challenge()
1095 os_memcmp_const(attr->res, data->res, data->res_len) != 0) { in eap_aka_process_challenge()
1101 (unsigned long) data->res_len * 8); in eap_aka_process_challenge()
1102 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_challenge()
1103 eap_aka_state(data, NOTIFICATION); in eap_aka_process_challenge()
1110 data->use_result_ind = 1; in eap_aka_process_challenge()
1111 data->notification = EAP_SIM_SUCCESS; in eap_aka_process_challenge()
1112 eap_aka_state(data, NOTIFICATION); in eap_aka_process_challenge()
1114 eap_aka_state(data, SUCCESS); in eap_aka_process_challenge()
1116 if (data->next_pseudonym) { in eap_aka_process_challenge()
1118 data->permanent, in eap_aka_process_challenge()
1119 data->next_pseudonym); in eap_aka_process_challenge()
1120 data->next_pseudonym = NULL; in eap_aka_process_challenge()
1122 if (data->next_reauth_id) { in eap_aka_process_challenge()
1123 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1126 data->permanent, in eap_aka_process_challenge()
1127 data->next_reauth_id, in eap_aka_process_challenge()
1128 data->counter + 1, in eap_aka_process_challenge()
1129 data->k_encr, data->k_aut, in eap_aka_process_challenge()
1130 data->k_re); in eap_aka_process_challenge()
1134 data->permanent, in eap_aka_process_challenge()
1135 data->next_reauth_id, in eap_aka_process_challenge()
1136 data->counter + 1, in eap_aka_process_challenge()
1137 data->mk); in eap_aka_process_challenge()
1139 data->next_reauth_id = NULL; in eap_aka_process_challenge()
1145 struct eap_aka_data *data, in eap_aka_process_sync_failure() argument
1154 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_sync_failure()
1155 eap_aka_state(data, NOTIFICATION); in eap_aka_process_sync_failure()
1162 if (!data->auts_reported && in eap_aka_process_sync_failure()
1163 eap_sim_db_resynchronize(sm->cfg->eap_sim_db_priv, data->permanent, in eap_aka_process_sync_failure()
1164 attr->auts, data->rand)) { in eap_aka_process_sync_failure()
1166 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_sync_failure()
1167 eap_aka_state(data, NOTIFICATION); in eap_aka_process_sync_failure()
1170 data->auts_reported = 1; in eap_aka_process_sync_failure()
1173 eap_aka_fullauth(sm, data); in eap_aka_process_sync_failure()
1178 struct eap_aka_data *data, in eap_aka_process_reauth() argument
1188 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s, in eap_aka_process_reauth()
1197 "message did not include encrypted data"); in eap_aka_process_reauth()
1201 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_reauth()
1206 "data from reauthentication message"); in eap_aka_process_reauth()
1210 if (eattr.counter != data->counter) { in eap_aka_process_reauth()
1213 eattr.counter, data->counter); in eap_aka_process_reauth()
1226 eap_aka_fullauth(sm, data); in eap_aka_process_reauth()
1231 data->use_result_ind = 1; in eap_aka_process_reauth()
1232 data->notification = EAP_SIM_SUCCESS; in eap_aka_process_reauth()
1233 eap_aka_state(data, NOTIFICATION); in eap_aka_process_reauth()
1235 eap_aka_state(data, SUCCESS); in eap_aka_process_reauth()
1237 if (data->next_reauth_id) { in eap_aka_process_reauth()
1238 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_reauth()
1241 data->permanent, in eap_aka_process_reauth()
1242 data->next_reauth_id, in eap_aka_process_reauth()
1243 data->counter + 1, in eap_aka_process_reauth()
1244 data->k_encr, data->k_aut, in eap_aka_process_reauth()
1245 data->k_re); in eap_aka_process_reauth()
1249 data->permanent, in eap_aka_process_reauth()
1250 data->next_reauth_id, in eap_aka_process_reauth()
1251 data->counter + 1, in eap_aka_process_reauth()
1252 data->mk); in eap_aka_process_reauth()
1254 data->next_reauth_id = NULL; in eap_aka_process_reauth()
1257 data->reauth); in eap_aka_process_reauth()
1258 data->reauth = NULL; in eap_aka_process_reauth()
1264 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process_reauth()
1265 eap_aka_state(data, NOTIFICATION); in eap_aka_process_reauth()
1266 eap_sim_db_remove_reauth(sm->cfg->eap_sim_db_priv, data->reauth); in eap_aka_process_reauth()
1267 data->reauth = NULL; in eap_aka_process_reauth()
1273 struct eap_aka_data *data, in eap_aka_process_client_error() argument
1279 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind) in eap_aka_process_client_error()
1280 eap_aka_state(data, SUCCESS); in eap_aka_process_client_error()
1282 eap_aka_state(data, FAILURE); in eap_aka_process_client_error()
1287 struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_process_authentication_reject() argument
1291 eap_aka_state(data, FAILURE); in eap_aka_process_authentication_reject()
1296 struct eap_aka_data *data, in eap_aka_process_notification() argument
1301 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind) in eap_aka_process_notification()
1302 eap_aka_state(data, SUCCESS); in eap_aka_process_notification()
1304 eap_aka_state(data, FAILURE); in eap_aka_process_notification()
1311 struct eap_aka_data *data = priv; in eap_aka_process() local
1317 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, in eap_aka_process()
1326 if (eap_aka_subtype_ok(data, subtype)) { in eap_aka_process()
1329 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process()
1330 eap_aka_state(data, NOTIFICATION); in eap_aka_process()
1335 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1, in eap_aka_process()
1338 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; in eap_aka_process()
1339 eap_aka_state(data, NOTIFICATION); in eap_aka_process()
1344 eap_aka_process_client_error(sm, data, respData, &attr); in eap_aka_process()
1349 eap_aka_process_authentication_reject(sm, data, respData, in eap_aka_process()
1354 switch (data->state) { in eap_aka_process()
1356 eap_aka_process_identity(sm, data, respData, &attr); in eap_aka_process()
1360 eap_aka_process_sync_failure(sm, data, respData, in eap_aka_process()
1363 eap_aka_process_challenge(sm, data, respData, &attr); in eap_aka_process()
1367 eap_aka_process_reauth(sm, data, respData, &attr); in eap_aka_process()
1370 eap_aka_process_notification(sm, data, respData, &attr); in eap_aka_process()
1374 "process", data->state); in eap_aka_process()
1382 struct eap_aka_data *data = priv; in eap_aka_isDone() local
1383 return data->state == SUCCESS || data->state == FAILURE; in eap_aka_isDone()
1389 struct eap_aka_data *data = priv; in eap_aka_getKey() local
1392 if (data->state != SUCCESS) in eap_aka_getKey()
1395 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); in eap_aka_getKey()
1405 struct eap_aka_data *data = priv; in eap_aka_get_emsk() local
1408 if (data->state != SUCCESS) in eap_aka_get_emsk()
1411 key = os_memdup(data->emsk, EAP_EMSK_LEN); in eap_aka_get_emsk()
1421 struct eap_aka_data *data = priv; in eap_aka_isSuccess() local
1422 return data->state == SUCCESS; in eap_aka_isSuccess()
1428 struct eap_aka_data *data = priv; in eap_aka_get_session_id() local
1431 if (data->state != SUCCESS) in eap_aka_get_session_id()
1434 if (!data->reauth) in eap_aka_get_session_id()
1442 id[0] = data->eap_method; in eap_aka_get_session_id()
1443 if (!data->reauth) { in eap_aka_get_session_id()
1444 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN); in eap_aka_get_session_id()
1445 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, in eap_aka_get_session_id()
1448 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_get_session_id()
1449 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac, in eap_aka_get_session_id()