Lines Matching refs:data
83 static void eap_aka_state(struct eap_aka_data *data, int state) in eap_aka_state() argument
86 eap_aka_state_txt(data->state), in eap_aka_state()
88 data->state = state; in eap_aka_state()
94 struct eap_aka_data *data; in eap_aka_init() local
98 data = os_zalloc(sizeof(*data)); in eap_aka_init()
99 if (data == NULL) in eap_aka_init()
102 data->eap_method = EAP_TYPE_AKA; in eap_aka_init()
105 data->error_code = NO_EAP_METHOD_ERROR; in eap_aka_init()
107 eap_aka_state(data, CONTINUE); in eap_aka_init()
108 data->prev_id = -1; in eap_aka_init()
110 data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL; in eap_aka_init()
112 data->use_pseudonym = !sm->init_phase2; in eap_aka_init()
113 if (config && config->anonymous_identity && data->use_pseudonym) { in eap_aka_init()
114 data->pseudonym = os_malloc(config->anonymous_identity_len); in eap_aka_init()
115 if (data->pseudonym) { in eap_aka_init()
116 os_memcpy(data->pseudonym, config->anonymous_identity, in eap_aka_init()
118 data->pseudonym_len = config->anonymous_identity_len; in eap_aka_init()
122 return data; in eap_aka_init()
129 struct eap_aka_data *data = eap_aka_init(sm); in eap_aka_prime_init() local
130 if (data == NULL) in eap_aka_prime_init()
132 data->eap_method = EAP_TYPE_AKA_PRIME; in eap_aka_prime_init()
133 return data; in eap_aka_prime_init()
138 static void eap_aka_clear_keys(struct eap_aka_data *data, int reauth) in eap_aka_clear_keys() argument
141 os_memset(data->mk, 0, EAP_SIM_MK_LEN); in eap_aka_clear_keys()
142 os_memset(data->k_aut, 0, EAP_AKA_PRIME_K_AUT_LEN); in eap_aka_clear_keys()
143 os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN); in eap_aka_clear_keys()
144 os_memset(data->k_re, 0, EAP_AKA_PRIME_K_RE_LEN); in eap_aka_clear_keys()
146 os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN); in eap_aka_clear_keys()
147 os_memset(data->emsk, 0, EAP_EMSK_LEN); in eap_aka_clear_keys()
148 os_memset(data->autn, 0, EAP_AKA_AUTN_LEN); in eap_aka_clear_keys()
149 os_memset(data->auts, 0, EAP_AKA_AUTS_LEN); in eap_aka_clear_keys()
155 struct eap_aka_data *data = priv; in eap_aka_deinit() local
156 if (data) { in eap_aka_deinit()
157 os_free(data->pseudonym); in eap_aka_deinit()
158 os_free(data->reauth_id); in eap_aka_deinit()
159 os_free(data->last_eap_identity); in eap_aka_deinit()
160 wpabuf_free(data->id_msgs); in eap_aka_deinit()
161 os_free(data->network_name); in eap_aka_deinit()
162 eap_aka_clear_keys(data, 0); in eap_aka_deinit()
163 os_free(data); in eap_aka_deinit()
168 static int eap_aka_ext_sim_req(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_ext_sim_req() argument
177 pos += wpa_snprintf_hex(pos, end - pos, data->rand, EAP_AKA_RAND_LEN); in eap_aka_ext_sim_req()
179 wpa_snprintf_hex(pos, end - pos, data->autn, EAP_AKA_AUTN_LEN); in eap_aka_ext_sim_req()
186 static int eap_aka_ext_sim_result(struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_ext_sim_result() argument
199 if (hexstr2bin(pos, data->auts, EAP_AKA_AUTS_LEN) < 0) in eap_aka_ext_sim_result()
201 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: AUTS", data->auts, in eap_aka_ext_sim_result()
214 wpa_hexdump(MSG_DEBUG, "EAP-AKA: RAND", data->rand, EAP_AKA_RAND_LEN); in eap_aka_ext_sim_result()
216 if (hexstr2bin(pos, data->ik, EAP_AKA_IK_LEN) < 0) in eap_aka_ext_sim_result()
218 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", data->ik, EAP_AKA_IK_LEN); in eap_aka_ext_sim_result()
224 if (hexstr2bin(pos, data->ck, EAP_AKA_CK_LEN) < 0) in eap_aka_ext_sim_result()
226 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", data->ck, EAP_AKA_CK_LEN); in eap_aka_ext_sim_result()
232 data->res_len = os_strlen(pos) / 2; in eap_aka_ext_sim_result()
233 if (data->res_len > EAP_AKA_RES_MAX_LEN) { in eap_aka_ext_sim_result()
234 data->res_len = 0; in eap_aka_ext_sim_result()
237 if (hexstr2bin(pos, data->res, data->res_len) < 0) in eap_aka_ext_sim_result()
239 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: RES", data->res, data->res_len); in eap_aka_ext_sim_result()
251 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_umts_auth() argument
263 return eap_aka_ext_sim_result(sm, data, conf); in eap_aka_umts_auth()
265 return eap_aka_ext_sim_req(sm, data); in eap_aka_umts_auth()
269 return scard_umts_auth(sm->scard_ctx, data->rand, in eap_aka_umts_auth()
270 data->autn, data->res, &data->res_len, in eap_aka_umts_auth()
271 data->ik, data->ck, data->auts); in eap_aka_umts_auth()
303 return milenage_check(opc, k, sqn, data->rand, data->autn, in eap_aka_umts_auth()
304 data->ik, data->ck, in eap_aka_umts_auth()
305 data->res, &data->res_len, data->auts); in eap_aka_umts_auth()
315 os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN); in eap_aka_umts_auth()
316 data->res_len = EAP_AKA_RES_MAX_LEN; in eap_aka_umts_auth()
317 os_memset(data->ik, '3', EAP_AKA_IK_LEN); in eap_aka_umts_auth()
318 os_memset(data->ck, '4', EAP_AKA_CK_LEN); in eap_aka_umts_auth()
322 if (os_memcmp_const(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) { in eap_aka_umts_auth()
355 struct eap_aka_data *data, int id) in eap_aka_clear_identities() argument
357 if ((id & CLEAR_PSEUDONYM) && data->pseudonym) { in eap_aka_clear_identities()
359 os_free(data->pseudonym); in eap_aka_clear_identities()
360 data->pseudonym = NULL; in eap_aka_clear_identities()
361 data->pseudonym_len = 0; in eap_aka_clear_identities()
362 if (data->use_pseudonym) in eap_aka_clear_identities()
365 if ((id & CLEAR_REAUTH_ID) && data->reauth_id) { in eap_aka_clear_identities()
367 os_free(data->reauth_id); in eap_aka_clear_identities()
368 data->reauth_id = NULL; in eap_aka_clear_identities()
369 data->reauth_id_len = 0; in eap_aka_clear_identities()
371 if ((id & CLEAR_EAP_ID) && data->last_eap_identity) { in eap_aka_clear_identities()
373 os_free(data->last_eap_identity); in eap_aka_clear_identities()
374 data->last_eap_identity = NULL; in eap_aka_clear_identities()
375 data->last_eap_identity_len = 0; in eap_aka_clear_identities()
380 static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data, in eap_aka_learn_ids() argument
393 os_free(data->pseudonym); in eap_aka_learn_ids()
403 data->pseudonym = os_malloc(attr->next_pseudonym_len + in eap_aka_learn_ids()
405 if (data->pseudonym == NULL) { in eap_aka_learn_ids()
408 data->pseudonym_len = 0; in eap_aka_learn_ids()
411 os_memcpy(data->pseudonym, attr->next_pseudonym, in eap_aka_learn_ids()
414 os_memcpy(data->pseudonym + attr->next_pseudonym_len, in eap_aka_learn_ids()
417 data->pseudonym_len = attr->next_pseudonym_len + realm_len; in eap_aka_learn_ids()
418 if (data->use_pseudonym) in eap_aka_learn_ids()
419 eap_set_anon_id(sm, data->pseudonym, in eap_aka_learn_ids()
420 data->pseudonym_len); in eap_aka_learn_ids()
424 os_free(data->reauth_id); in eap_aka_learn_ids()
425 data->reauth_id = os_memdup(attr->next_reauth_id, in eap_aka_learn_ids()
427 if (data->reauth_id == NULL) { in eap_aka_learn_ids()
430 data->reauth_id_len = 0; in eap_aka_learn_ids()
433 data->reauth_id_len = attr->next_reauth_id_len; in eap_aka_learn_ids()
436 data->reauth_id, in eap_aka_learn_ids()
437 data->reauth_id_len); in eap_aka_learn_ids()
444 static int eap_aka_add_id_msg(struct eap_aka_data *data, in eap_aka_add_id_msg() argument
456 if (!data->id_msgs) { in eap_aka_add_id_msg()
457 data->id_msgs = wpabuf_alloc(len); in eap_aka_add_id_msg()
458 if (!data->id_msgs) in eap_aka_add_id_msg()
460 } else if (wpabuf_resize(&data->id_msgs, len) < 0) { in eap_aka_add_id_msg()
464 wpabuf_put_buf(data->id_msgs, msg1); in eap_aka_add_id_msg()
466 wpabuf_put_buf(data->id_msgs, msg2); in eap_aka_add_id_msg()
472 static void eap_aka_add_checkcode(struct eap_aka_data *data, in eap_aka_add_checkcode() argument
481 if (data->id_msgs == NULL) { in eap_aka_add_checkcode()
491 addr = wpabuf_head(data->id_msgs); in eap_aka_add_checkcode()
492 len = wpabuf_len(data->id_msgs); in eap_aka_add_checkcode()
495 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_add_checkcode()
502 data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_add_checkcode()
507 static int eap_aka_verify_checkcode(struct eap_aka_data *data, in eap_aka_verify_checkcode() argument
518 if (data->id_msgs == NULL) { in eap_aka_verify_checkcode()
528 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ? in eap_aka_verify_checkcode()
539 addr = wpabuf_head(data->id_msgs); in eap_aka_verify_checkcode()
540 len = wpabuf_len(data->id_msgs); in eap_aka_verify_checkcode()
542 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_checkcode()
557 static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id, in eap_aka_client_error() argument
562 eap_aka_state(data, FAILURE); in eap_aka_client_error()
563 data->num_id_req = 0; in eap_aka_client_error()
564 data->num_notification = 0; in eap_aka_client_error()
568 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_client_error()
571 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_client_error()
575 static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data, in eap_aka_authentication_reject() argument
580 eap_aka_state(data, FAILURE); in eap_aka_authentication_reject()
581 data->num_id_req = 0; in eap_aka_authentication_reject()
582 data->num_notification = 0; in eap_aka_authentication_reject()
586 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_authentication_reject()
588 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_authentication_reject()
593 struct eap_aka_data *data, u8 id, struct eap_sim_attrs *attr) in eap_aka_synchronization_failure() argument
597 data->num_id_req = 0; in eap_aka_synchronization_failure()
598 data->num_notification = 0; in eap_aka_synchronization_failure()
602 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_synchronization_failure()
605 eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts, in eap_aka_synchronization_failure()
607 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_synchronization_failure()
616 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_synchronization_failure()
621 struct eap_aka_data *data, in eap_aka_response_identity() argument
629 data->reauth = 0; in eap_aka_response_identity()
630 if (id_req == ANY_ID && data->reauth_id) { in eap_aka_response_identity()
631 identity = data->reauth_id; in eap_aka_response_identity()
632 identity_len = data->reauth_id_len; in eap_aka_response_identity()
633 data->reauth = 1; in eap_aka_response_identity()
635 data->pseudonym && in eap_aka_response_identity()
636 !eap_sim_anonymous_username(data->pseudonym, in eap_aka_response_identity()
637 data->pseudonym_len)) { in eap_aka_response_identity()
638 identity = data->pseudonym; in eap_aka_response_identity()
639 identity_len = data->pseudonym_len; in eap_aka_response_identity()
640 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); in eap_aka_response_identity()
646 if (data->pseudonym && in eap_aka_response_identity()
647 eap_sim_anonymous_username(data->pseudonym, in eap_aka_response_identity()
648 data->pseudonym_len)) in eap_aka_response_identity()
650 eap_aka_clear_identities(sm, data, ids); in eap_aka_response_identity()
654 eap_aka_clear_identities(sm, data, CLEAR_EAP_ID); in eap_aka_response_identity()
657 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_identity()
667 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_response_identity()
671 static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data, in eap_aka_response_challenge() argument
677 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_challenge()
680 eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, in eap_aka_response_challenge()
681 data->res, data->res_len); in eap_aka_response_challenge()
682 eap_aka_add_checkcode(data, msg); in eap_aka_response_challenge()
683 if (data->use_result_ind) { in eap_aka_response_challenge()
689 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, (u8 *) "", in eap_aka_response_challenge()
694 static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data, in eap_aka_response_reauth() argument
703 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_reauth()
712 counter = data->counter_too_small; in eap_aka_response_reauth()
714 counter = data->counter; in eap_aka_response_reauth()
719 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { in eap_aka_response_reauth()
725 eap_aka_add_checkcode(data, msg); in eap_aka_response_reauth()
726 if (data->use_result_ind) { in eap_aka_response_reauth()
732 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, nonce_s, in eap_aka_response_reauth()
737 static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data, in eap_aka_response_notification() argument
741 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL; in eap_aka_response_notification()
744 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_response_notification()
746 if (k_aut && data->reauth) { in eap_aka_response_notification()
751 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter); in eap_aka_response_notification()
752 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, in eap_aka_response_notification()
754 if (eap_sim_msg_add_encr_end(msg, data->k_encr, in eap_aka_response_notification()
766 return eap_sim_msg_finish(msg, data->eap_method, k_aut, (u8 *) "", 0); in eap_aka_response_notification()
771 struct eap_aka_data *data, in eap_aka_process_identity() argument
786 if (data->num_id_req > 0) in eap_aka_process_identity()
788 data->num_id_req++; in eap_aka_process_identity()
791 if (data->num_id_req > 1) in eap_aka_process_identity()
793 data->num_id_req++; in eap_aka_process_identity()
796 if (data->num_id_req > 2) in eap_aka_process_identity()
798 data->num_id_req++; in eap_aka_process_identity()
804 return eap_aka_client_error(data, id, in eap_aka_process_identity()
808 buf = eap_aka_response_identity(sm, data, id, attr->id_req); in eap_aka_process_identity()
810 if (data->prev_id != id) { in eap_aka_process_identity()
811 if (eap_aka_add_id_msg(data, reqData, buf) < 0) { in eap_aka_process_identity()
816 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_identity()
818 data->prev_id = id; in eap_aka_process_identity()
825 static int eap_aka_verify_mac(struct eap_aka_data *data, in eap_aka_verify_mac() argument
830 if (data->eap_method == EAP_TYPE_AKA_PRIME) in eap_aka_verify_mac()
831 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra, in eap_aka_verify_mac()
833 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len); in eap_aka_verify_mac()
838 static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data, in eap_aka_prime_kdf_select() argument
843 data->kdf_negotiation = 1; in eap_aka_prime_kdf_select()
844 data->kdf = kdf; in eap_aka_prime_kdf_select()
847 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, in eap_aka_prime_kdf_select()
851 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); in eap_aka_prime_kdf_select()
855 static struct wpabuf * eap_aka_prime_kdf_neg(struct eap_aka_data *data, in eap_aka_prime_kdf_neg() argument
862 os_memcpy(data->last_kdf_attrs, attr->kdf, in eap_aka_prime_kdf_neg()
864 data->last_kdf_count = attr->kdf_count; in eap_aka_prime_kdf_neg()
865 return eap_aka_prime_kdf_select(data, id, in eap_aka_prime_kdf_neg()
872 return eap_aka_authentication_reject(data, id); in eap_aka_prime_kdf_neg()
876 static int eap_aka_prime_kdf_valid(struct eap_aka_data *data, in eap_aka_prime_kdf_valid() argument
887 if (data->kdf_negotiation) { in eap_aka_prime_kdf_valid()
894 if (attr->kdf[0] != data->kdf) { in eap_aka_prime_kdf_valid()
901 attr->kdf_count != data->last_kdf_count + 1) { in eap_aka_prime_kdf_valid()
908 if (attr->kdf[i] != data->last_kdf_attrs[i - 1]) { in eap_aka_prime_kdf_valid()
916 for (i = data->kdf ? 1 : 0; i < attr->kdf_count; i++) { in eap_aka_prime_kdf_valid()
932 struct eap_aka_data *data, in eap_aka_process_challenge() argument
945 eap_aka_verify_checkcode(data, attr->checkcode, in eap_aka_process_challenge()
953 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
959 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
964 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
966 os_free(data->network_name); in eap_aka_process_challenge()
967 data->network_name = os_memdup(attr->kdf_input, in eap_aka_process_challenge()
969 if (data->network_name == NULL) { in eap_aka_process_challenge()
972 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
974 data->network_name_len = attr->kdf_input_len; in eap_aka_process_challenge()
977 data->network_name, data->network_name_len); in eap_aka_process_challenge()
980 res = eap_aka_prime_kdf_valid(data, attr); in eap_aka_process_challenge()
982 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
985 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_challenge()
988 return eap_aka_prime_kdf_neg(data, id, attr); in eap_aka_process_challenge()
990 data->kdf = EAP_AKA_PRIME_KDF; in eap_aka_process_challenge()
991 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf); in eap_aka_process_challenge()
994 if (data->eap_method == EAP_TYPE_AKA && attr->bidding) { in eap_aka_process_challenge()
1002 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1007 data->reauth = 0; in eap_aka_process_challenge()
1014 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1017 os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN); in eap_aka_process_challenge()
1018 os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN); in eap_aka_process_challenge()
1020 res = eap_aka_umts_auth(sm, data); in eap_aka_process_challenge()
1024 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1028 return eap_aka_synchronization_failure(data, id, attr); in eap_aka_process_challenge()
1034 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1038 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1041 u16 amf = WPA_GET_BE16(data->autn + 6); in eap_aka_process_challenge()
1045 return eap_aka_authentication_reject(data, id); in eap_aka_process_challenge()
1047 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik, in eap_aka_process_challenge()
1048 data->autn, in eap_aka_process_challenge()
1049 data->network_name, in eap_aka_process_challenge()
1050 data->network_name_len); in eap_aka_process_challenge()
1053 if (data->last_eap_identity) { in eap_aka_process_challenge()
1054 identity = data->last_eap_identity; in eap_aka_process_challenge()
1055 identity_len = data->last_eap_identity_len; in eap_aka_process_challenge()
1056 } else if (data->pseudonym && in eap_aka_process_challenge()
1057 !eap_sim_anonymous_username(data->pseudonym, in eap_aka_process_challenge()
1058 data->pseudonym_len)) { in eap_aka_process_challenge()
1059 identity = data->pseudonym; in eap_aka_process_challenge()
1060 identity_len = data->pseudonym_len; in eap_aka_process_challenge()
1074 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_challenge()
1075 eap_aka_prime_derive_keys(identity, identity_len, data->ik, in eap_aka_process_challenge()
1076 data->ck, data->k_encr, data->k_aut, in eap_aka_process_challenge()
1077 data->k_re, data->msk, data->emsk); in eap_aka_process_challenge()
1079 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck, in eap_aka_process_challenge()
1080 data->mk); in eap_aka_process_challenge()
1081 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, in eap_aka_process_challenge()
1082 data->msk, data->emsk); in eap_aka_process_challenge()
1084 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_challenge()
1091 return eap_aka_client_error(data, id, in eap_aka_process_challenge()
1100 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); in eap_aka_process_challenge()
1104 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_challenge()
1109 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); in eap_aka_process_challenge()
1111 eap_aka_learn_ids(sm, data, &eattr); in eap_aka_process_challenge()
1115 if (data->result_ind && attr->result_ind) in eap_aka_process_challenge()
1116 data->use_result_ind = 1; in eap_aka_process_challenge()
1118 if (data->state != FAILURE) { in eap_aka_process_challenge()
1119 eap_aka_state(data, data->use_result_ind ? in eap_aka_process_challenge()
1123 data->num_id_req = 0; in eap_aka_process_challenge()
1124 data->num_notification = 0; in eap_aka_process_challenge()
1128 data->counter = 0; in eap_aka_process_challenge()
1129 return eap_aka_response_challenge(data, id); in eap_aka_process_challenge()
1133 static int eap_aka_process_notification_reauth(struct eap_aka_data *data, in eap_aka_process_notification_reauth() argument
1145 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_notification_reauth()
1154 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) { in eap_aka_process_notification_reauth()
1167 static int eap_aka_process_notification_auth(struct eap_aka_data *data, in eap_aka_process_notification_auth() argument
1177 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_notification_auth()
1183 if (data->reauth && in eap_aka_process_notification_auth()
1184 eap_aka_process_notification_reauth(data, attr)) { in eap_aka_process_notification_auth()
1195 struct eap_sm *sm, struct eap_aka_data *data, u8 id, in eap_aka_process_notification() argument
1199 if (data->num_notification > 0) { in eap_aka_process_notification()
1202 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1205 data->num_notification++; in eap_aka_process_notification()
1209 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1214 eap_aka_process_notification_auth(data, reqData, attr)) { in eap_aka_process_notification()
1215 return eap_aka_client_error(data, id, in eap_aka_process_notification()
1221 data->error_code = attr->notification; in eap_aka_process_notification()
1222 eap_aka_state(data, FAILURE); in eap_aka_process_notification()
1224 data->state == RESULT_SUCCESS) in eap_aka_process_notification()
1225 eap_aka_state(data, SUCCESS); in eap_aka_process_notification()
1226 return eap_aka_response_notification(data, id, attr->notification); in eap_aka_process_notification()
1231 struct eap_sm *sm, struct eap_aka_data *data, u8 id, in eap_aka_process_reauthentication() argument
1240 eap_aka_verify_checkcode(data, attr->checkcode, in eap_aka_process_reauthentication()
1249 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1253 if (data->reauth_id == NULL) { in eap_aka_process_reauthentication()
1256 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1260 data->reauth = 1; in eap_aka_process_reauthentication()
1261 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { in eap_aka_process_reauthentication()
1264 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1272 os_memcpy(data->reauth_mac, attr->mac, EAP_SIM_MAC_LEN); in eap_aka_process_reauthentication()
1274 data->reauth_mac, EAP_SIM_MAC_LEN); in eap_aka_process_reauthentication()
1279 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1283 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_reauthentication()
1289 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1298 return eap_aka_client_error(data, id, in eap_aka_process_reauthentication()
1302 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) { in eap_aka_process_reauthentication()
1305 "(%d <= %d)", eattr.counter, data->counter); in eap_aka_process_reauthentication()
1306 data->counter_too_small = eattr.counter; in eap_aka_process_reauthentication()
1313 os_free(data->last_eap_identity); in eap_aka_process_reauthentication()
1314 data->last_eap_identity = data->reauth_id; in eap_aka_process_reauthentication()
1315 data->last_eap_identity_len = data->reauth_id_len; in eap_aka_process_reauthentication()
1316 data->reauth_id = NULL; in eap_aka_process_reauthentication()
1317 data->reauth_id_len = 0; in eap_aka_process_reauthentication()
1319 res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s); in eap_aka_process_reauthentication()
1324 data->counter = eattr.counter; in eap_aka_process_reauthentication()
1326 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
1328 data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
1330 if (data->eap_method == EAP_TYPE_AKA_PRIME) { in eap_aka_process_reauthentication()
1331 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter, in eap_aka_process_reauthentication()
1332 data->reauth_id, in eap_aka_process_reauthentication()
1333 data->reauth_id_len, in eap_aka_process_reauthentication()
1334 data->nonce_s, in eap_aka_process_reauthentication()
1335 data->msk, data->emsk); in eap_aka_process_reauthentication()
1337 eap_sim_derive_keys_reauth(data->counter, data->reauth_id, in eap_aka_process_reauthentication()
1338 data->reauth_id_len, in eap_aka_process_reauthentication()
1339 data->nonce_s, data->mk, in eap_aka_process_reauthentication()
1340 data->msk, data->emsk); in eap_aka_process_reauthentication()
1342 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); in eap_aka_process_reauthentication()
1343 eap_aka_learn_ids(sm, data, &eattr); in eap_aka_process_reauthentication()
1345 if (data->result_ind && attr->result_ind) in eap_aka_process_reauthentication()
1346 data->use_result_ind = 1; in eap_aka_process_reauthentication()
1348 if (data->state != FAILURE) { in eap_aka_process_reauthentication()
1349 eap_aka_state(data, data->use_result_ind ? in eap_aka_process_reauthentication()
1353 data->num_id_req = 0; in eap_aka_process_reauthentication()
1354 data->num_notification = 0; in eap_aka_process_reauthentication()
1355 if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) { in eap_aka_process_reauthentication()
1358 eap_aka_clear_identities(sm, data, in eap_aka_process_reauthentication()
1362 return eap_aka_response_reauth(data, id, 0, data->nonce_s); in eap_aka_process_reauthentication()
1370 struct eap_aka_data *data = priv; in eap_aka_process() local
1386 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData, in eap_aka_process()
1406 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1, in eap_aka_process()
1408 res = eap_aka_client_error(data, id, in eap_aka_process()
1415 res = eap_aka_process_identity(sm, data, id, reqData, &attr); in eap_aka_process()
1418 res = eap_aka_process_challenge(sm, data, id, reqData, &attr); in eap_aka_process()
1421 res = eap_aka_process_notification(sm, data, id, reqData, in eap_aka_process()
1425 res = eap_aka_process_reauthentication(sm, data, id, reqData, in eap_aka_process()
1430 res = eap_aka_client_error(data, id, in eap_aka_process()
1435 res = eap_aka_client_error(data, id, in eap_aka_process()
1441 if (data->state == FAILURE) { in eap_aka_process()
1444 } else if (data->state == SUCCESS) { in eap_aka_process()
1445 ret->decision = data->use_result_ind ? in eap_aka_process()
1452 ret->methodState = data->use_result_ind ? in eap_aka_process()
1454 } else if (data->state == RESULT_SUCCESS) in eap_aka_process()
1467 struct eap_aka_data *data = priv; in eap_aka_has_reauth_data() local
1468 return data->pseudonym || data->reauth_id; in eap_aka_has_reauth_data()
1474 struct eap_aka_data *data = priv; in eap_aka_deinit_for_reauth() local
1475 eap_aka_clear_identities(sm, data, CLEAR_EAP_ID); in eap_aka_deinit_for_reauth()
1476 data->prev_id = -1; in eap_aka_deinit_for_reauth()
1477 wpabuf_free(data->id_msgs); in eap_aka_deinit_for_reauth()
1478 data->id_msgs = NULL; in eap_aka_deinit_for_reauth()
1479 data->use_result_ind = 0; in eap_aka_deinit_for_reauth()
1480 data->kdf_negotiation = 0; in eap_aka_deinit_for_reauth()
1481 eap_aka_clear_keys(data, 1); in eap_aka_deinit_for_reauth()
1487 struct eap_aka_data *data = priv; in eap_aka_init_for_reauth() local
1488 data->num_id_req = 0; in eap_aka_init_for_reauth()
1489 data->num_notification = 0; in eap_aka_init_for_reauth()
1490 eap_aka_state(data, CONTINUE); in eap_aka_init_for_reauth()
1498 struct eap_aka_data *data = priv; in eap_aka_get_identity() local
1500 if (data->reauth_id) { in eap_aka_get_identity()
1501 *len = data->reauth_id_len; in eap_aka_get_identity()
1502 return data->reauth_id; in eap_aka_get_identity()
1505 if (data->pseudonym) { in eap_aka_get_identity()
1506 *len = data->pseudonym_len; in eap_aka_get_identity()
1507 return data->pseudonym; in eap_aka_get_identity()
1516 struct eap_aka_data *data = priv; in eap_aka_isKeyAvailable() local
1517 return data->state == SUCCESS; in eap_aka_isKeyAvailable()
1523 struct eap_aka_data *data = priv; in eap_aka_getKey() local
1526 if (data->state != SUCCESS) in eap_aka_getKey()
1529 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); in eap_aka_getKey()
1541 struct eap_aka_data *data = priv; in eap_aka_get_session_id() local
1544 if (data->state != SUCCESS) in eap_aka_get_session_id()
1547 if (!data->reauth) in eap_aka_get_session_id()
1555 id[0] = data->eap_method; in eap_aka_get_session_id()
1556 if (!data->reauth) { in eap_aka_get_session_id()
1557 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN); in eap_aka_get_session_id()
1558 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, in eap_aka_get_session_id()
1561 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_get_session_id()
1562 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac, in eap_aka_get_session_id()
1573 struct eap_aka_data *data = priv; in eap_aka_get_emsk() local
1576 if (data->state != SUCCESS) in eap_aka_get_emsk()
1579 key = os_memdup(data->emsk, EAP_EMSK_LEN); in eap_aka_get_emsk()
1591 struct eap_aka_data *data = priv; in eap_aka_get_error_code() local
1594 if (!data) in eap_aka_get_error_code()
1597 current_data_error = data->error_code; in eap_aka_get_error_code()
1600 data->error_code = NO_EAP_METHOD_ERROR; in eap_aka_get_error_code()