Lines Matching refs:data
51 struct eap_aka_data *data; in eap_aka_init() local
52 data = os_zalloc(sizeof(*data)); in eap_aka_init()
53 if (data == NULL) in eap_aka_init()
56 data->state = CONTINUE; in eap_aka_init()
58 return data; in eap_aka_init()
64 struct eap_aka_data *data = priv; in eap_aka_deinit() local
65 if (data) { in eap_aka_deinit()
66 os_free(data->pseudonym); in eap_aka_deinit()
67 os_free(data->reauth_id); in eap_aka_deinit()
68 os_free(data->last_eap_identity); in eap_aka_deinit()
69 os_free(data); in eap_aka_deinit()
74 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data) in eap_aka_umts_auth() argument
78 return scard_umts_auth(sm->scard_ctx, data->rand, in eap_aka_umts_auth()
79 data->autn, data->res, &data->res_len, in eap_aka_umts_auth()
80 data->ik, data->ck, data->auts); in eap_aka_umts_auth()
84 os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN); in eap_aka_umts_auth()
85 data->res_len = EAP_AKA_RES_MAX_LEN; in eap_aka_umts_auth()
86 os_memset(data->ik, '3', EAP_AKA_IK_LEN); in eap_aka_umts_auth()
87 os_memset(data->ck, '4', EAP_AKA_CK_LEN); in eap_aka_umts_auth()
91 if (os_memcmp(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) { in eap_aka_umts_auth()
116 static void eap_aka_clear_identities(struct eap_aka_data *data, int id) in eap_aka_clear_identities() argument
123 os_free(data->pseudonym); in eap_aka_clear_identities()
124 data->pseudonym = NULL; in eap_aka_clear_identities()
125 data->pseudonym_len = 0; in eap_aka_clear_identities()
128 os_free(data->reauth_id); in eap_aka_clear_identities()
129 data->reauth_id = NULL; in eap_aka_clear_identities()
130 data->reauth_id_len = 0; in eap_aka_clear_identities()
133 os_free(data->last_eap_identity); in eap_aka_clear_identities()
134 data->last_eap_identity = NULL; in eap_aka_clear_identities()
135 data->last_eap_identity_len = 0; in eap_aka_clear_identities()
140 static int eap_aka_learn_ids(struct eap_aka_data *data, in eap_aka_learn_ids() argument
144 os_free(data->pseudonym); in eap_aka_learn_ids()
145 data->pseudonym = os_malloc(attr->next_pseudonym_len); in eap_aka_learn_ids()
146 if (data->pseudonym == NULL) { in eap_aka_learn_ids()
151 os_memcpy(data->pseudonym, attr->next_pseudonym, in eap_aka_learn_ids()
153 data->pseudonym_len = attr->next_pseudonym_len; in eap_aka_learn_ids()
156 data->pseudonym, in eap_aka_learn_ids()
157 data->pseudonym_len); in eap_aka_learn_ids()
161 os_free(data->reauth_id); in eap_aka_learn_ids()
162 data->reauth_id = os_malloc(attr->next_reauth_id_len); in eap_aka_learn_ids()
163 if (data->reauth_id == NULL) { in eap_aka_learn_ids()
168 os_memcpy(data->reauth_id, attr->next_reauth_id, in eap_aka_learn_ids()
170 data->reauth_id_len = attr->next_reauth_id_len; in eap_aka_learn_ids()
173 data->reauth_id, in eap_aka_learn_ids()
174 data->reauth_id_len); in eap_aka_learn_ids()
181 static u8 * eap_aka_client_error(struct eap_aka_data *data, in eap_aka_client_error() argument
187 data->state = FAILURE; in eap_aka_client_error()
188 data->num_id_req = 0; in eap_aka_client_error()
189 data->num_notification = 0; in eap_aka_client_error()
198 static u8 * eap_aka_authentication_reject(struct eap_aka_data *data, in eap_aka_authentication_reject() argument
204 data->state = FAILURE; in eap_aka_authentication_reject()
205 data->num_id_req = 0; in eap_aka_authentication_reject()
206 data->num_notification = 0; in eap_aka_authentication_reject()
217 static u8 * eap_aka_synchronization_failure(struct eap_aka_data *data, in eap_aka_synchronization_failure() argument
223 data->num_id_req = 0; in eap_aka_synchronization_failure()
224 data->num_notification = 0; in eap_aka_synchronization_failure()
232 eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts, in eap_aka_synchronization_failure()
239 struct eap_aka_data *data, in eap_aka_response_identity() argument
248 data->reauth = 0; in eap_aka_response_identity()
249 if (id_req == ANY_ID && data->reauth_id) { in eap_aka_response_identity()
250 identity = data->reauth_id; in eap_aka_response_identity()
251 identity_len = data->reauth_id_len; in eap_aka_response_identity()
252 data->reauth = 1; in eap_aka_response_identity()
254 data->pseudonym) { in eap_aka_response_identity()
255 identity = data->pseudonym; in eap_aka_response_identity()
256 identity_len = data->pseudonym_len; in eap_aka_response_identity()
257 eap_aka_clear_identities(data, CLEAR_REAUTH_ID); in eap_aka_response_identity()
261 eap_aka_clear_identities(data, CLEAR_PSEUDONYM | in eap_aka_response_identity()
266 eap_aka_clear_identities(data, CLEAR_EAP_ID); in eap_aka_response_identity()
284 static u8 * eap_aka_response_challenge(struct eap_aka_data *data, in eap_aka_response_challenge() argument
295 eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, in eap_aka_response_challenge()
296 data->res, data->res_len); in eap_aka_response_challenge()
299 return eap_sim_msg_finish(msg, respDataLen, data->k_aut, (u8 *) "", 0); in eap_aka_response_challenge()
303 static u8 * eap_aka_response_reauth(struct eap_aka_data *data, in eap_aka_response_reauth() argument
323 counter = data->counter_too_small; in eap_aka_response_reauth()
325 counter = data->counter; in eap_aka_response_reauth()
330 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { in eap_aka_response_reauth()
338 return eap_sim_msg_finish(msg, respDataLen, data->k_aut, nonce_s, in eap_aka_response_reauth()
343 static u8 * eap_aka_response_notification(struct eap_aka_data *data, in eap_aka_response_notification() argument
349 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL; in eap_aka_response_notification()
355 if (k_aut && data->reauth) { in eap_aka_response_notification()
360 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter); in eap_aka_response_notification()
361 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, in eap_aka_response_notification()
363 if (eap_sim_msg_add_encr_end(msg, data->k_encr, in eap_aka_response_notification()
380 struct eap_aka_data *data, in eap_aka_process_identity() argument
394 if (data->num_id_req > 0) in eap_aka_process_identity()
396 data->num_id_req++; in eap_aka_process_identity()
399 if (data->num_id_req > 1) in eap_aka_process_identity()
401 data->num_id_req++; in eap_aka_process_identity()
404 if (data->num_id_req > 2) in eap_aka_process_identity()
406 data->num_id_req++; in eap_aka_process_identity()
412 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_identity()
416 return eap_aka_response_identity(sm, data, req, respDataLen, in eap_aka_process_identity()
422 struct eap_aka_data *data, in eap_aka_process_challenge() argument
434 data->reauth = 0; in eap_aka_process_challenge()
441 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_challenge()
444 os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN); in eap_aka_process_challenge()
445 os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN); in eap_aka_process_challenge()
447 res = eap_aka_umts_auth(sm, data); in eap_aka_process_challenge()
451 return eap_aka_authentication_reject(data, req, respDataLen); in eap_aka_process_challenge()
455 return eap_aka_synchronization_failure(data, req, respDataLen); in eap_aka_process_challenge()
458 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_challenge()
461 if (data->last_eap_identity) { in eap_aka_process_challenge()
462 identity = data->last_eap_identity; in eap_aka_process_challenge()
463 identity_len = data->last_eap_identity_len; in eap_aka_process_challenge()
464 } else if (data->pseudonym) { in eap_aka_process_challenge()
465 identity = data->pseudonym; in eap_aka_process_challenge()
466 identity_len = data->pseudonym_len; in eap_aka_process_challenge()
471 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck, in eap_aka_process_challenge()
472 data->mk); in eap_aka_process_challenge()
473 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, in eap_aka_process_challenge()
474 data->emsk); in eap_aka_process_challenge()
475 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen, in eap_aka_process_challenge()
479 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_challenge()
486 eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID | in eap_aka_process_challenge()
491 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_challenge()
496 data, req, respDataLen, in eap_aka_process_challenge()
499 eap_aka_learn_ids(data, &eattr); in eap_aka_process_challenge()
503 if (data->state != FAILURE) in eap_aka_process_challenge()
504 data->state = SUCCESS; in eap_aka_process_challenge()
506 data->num_id_req = 0; in eap_aka_process_challenge()
507 data->num_notification = 0; in eap_aka_process_challenge()
511 data->counter = 0; in eap_aka_process_challenge()
512 return eap_aka_response_challenge(data, req, respDataLen); in eap_aka_process_challenge()
516 static int eap_aka_process_notification_reauth(struct eap_aka_data *data, in eap_aka_process_notification_reauth() argument
528 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_notification_reauth()
537 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) { in eap_aka_process_notification_reauth()
550 static int eap_aka_process_notification_auth(struct eap_aka_data *data, in eap_aka_process_notification_auth() argument
561 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen, in eap_aka_process_notification_auth()
568 if (data->reauth && in eap_aka_process_notification_auth()
569 eap_aka_process_notification_reauth(data, attr)) { in eap_aka_process_notification_auth()
580 struct eap_aka_data *data, in eap_aka_process_notification() argument
587 if (data->num_notification > 0) { in eap_aka_process_notification()
590 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_notification()
593 data->num_notification++; in eap_aka_process_notification()
597 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_notification()
602 eap_aka_process_notification_auth(data, req, reqDataLen, attr)) { in eap_aka_process_notification()
603 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_notification()
609 data->state = FAILURE; in eap_aka_process_notification()
611 return eap_aka_response_notification(data, req, respDataLen, in eap_aka_process_notification()
617 struct eap_aka_data *data, in eap_aka_process_reauthentication() argument
628 if (data->reauth_id == NULL) { in eap_aka_process_reauthentication()
631 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_reauthentication()
635 data->reauth = 1; in eap_aka_process_reauthentication()
636 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen, in eap_aka_process_reauthentication()
640 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_reauthentication()
647 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_reauthentication()
651 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, in eap_aka_process_reauthentication()
657 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_reauthentication()
666 return eap_aka_client_error(data, req, respDataLen, in eap_aka_process_reauthentication()
670 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) { in eap_aka_process_reauthentication()
673 "(%d <= %d)", eattr.counter, data->counter); in eap_aka_process_reauthentication()
674 data->counter_too_small = eattr.counter; in eap_aka_process_reauthentication()
676 eap_sim_derive_keys_reauth(eattr.counter, data->reauth_id, in eap_aka_process_reauthentication()
677 data->reauth_id_len, eattr.nonce_s, in eap_aka_process_reauthentication()
678 data->mk, NULL, NULL); in eap_aka_process_reauthentication()
685 os_free(data->last_eap_identity); in eap_aka_process_reauthentication()
686 data->last_eap_identity = data->reauth_id; in eap_aka_process_reauthentication()
687 data->last_eap_identity_len = data->reauth_id_len; in eap_aka_process_reauthentication()
688 data->reauth_id = NULL; in eap_aka_process_reauthentication()
689 data->reauth_id_len = 0; in eap_aka_process_reauthentication()
691 res = eap_aka_response_reauth(data, req, respDataLen, 1, in eap_aka_process_reauthentication()
697 data->counter = eattr.counter; in eap_aka_process_reauthentication()
699 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
701 data->nonce_s, EAP_SIM_NONCE_S_LEN); in eap_aka_process_reauthentication()
703 eap_sim_derive_keys_reauth(data->counter, in eap_aka_process_reauthentication()
704 data->reauth_id, data->reauth_id_len, in eap_aka_process_reauthentication()
705 data->nonce_s, data->mk, data->msk, in eap_aka_process_reauthentication()
706 data->emsk); in eap_aka_process_reauthentication()
707 eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); in eap_aka_process_reauthentication()
708 eap_aka_learn_ids(data, &eattr); in eap_aka_process_reauthentication()
710 if (data->state != FAILURE) in eap_aka_process_reauthentication()
711 data->state = SUCCESS; in eap_aka_process_reauthentication()
713 data->num_id_req = 0; in eap_aka_process_reauthentication()
714 data->num_notification = 0; in eap_aka_process_reauthentication()
715 if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) { in eap_aka_process_reauthentication()
718 eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); in eap_aka_process_reauthentication()
721 return eap_aka_response_reauth(data, req, respDataLen, 0, in eap_aka_process_reauthentication()
722 data->nonce_s); in eap_aka_process_reauthentication()
731 struct eap_aka_data *data = priv; in eap_aka_process() local
765 res = eap_aka_client_error(data, req, respDataLen, in eap_aka_process()
772 res = eap_aka_process_identity(sm, data, req, in eap_aka_process()
776 res = eap_aka_process_challenge(sm, data, req, len, in eap_aka_process()
780 res = eap_aka_process_notification(sm, data, req, len, in eap_aka_process()
784 res = eap_aka_process_reauthentication(sm, data, req, len, in eap_aka_process()
789 res = eap_aka_client_error(data, req, respDataLen, in eap_aka_process()
794 res = eap_aka_client_error(data, req, respDataLen, in eap_aka_process()
800 if (data->state == FAILURE) { in eap_aka_process()
803 } else if (data->state == SUCCESS) { in eap_aka_process()
823 struct eap_aka_data *data = priv; in eap_aka_has_reauth_data() local
824 return data->pseudonym || data->reauth_id; in eap_aka_has_reauth_data()
830 struct eap_aka_data *data = priv; in eap_aka_deinit_for_reauth() local
831 eap_aka_clear_identities(data, CLEAR_EAP_ID); in eap_aka_deinit_for_reauth()
837 struct eap_aka_data *data = priv; in eap_aka_init_for_reauth() local
838 data->num_id_req = 0; in eap_aka_init_for_reauth()
839 data->num_notification = 0; in eap_aka_init_for_reauth()
840 data->state = CONTINUE; in eap_aka_init_for_reauth()
848 struct eap_aka_data *data = priv; in eap_aka_get_identity() local
850 if (data->reauth_id) { in eap_aka_get_identity()
851 *len = data->reauth_id_len; in eap_aka_get_identity()
852 return data->reauth_id; in eap_aka_get_identity()
855 if (data->pseudonym) { in eap_aka_get_identity()
856 *len = data->pseudonym_len; in eap_aka_get_identity()
857 return data->pseudonym; in eap_aka_get_identity()
866 struct eap_aka_data *data = priv; in eap_aka_isKeyAvailable() local
867 return data->state == SUCCESS; in eap_aka_isKeyAvailable()
873 struct eap_aka_data *data = priv; in eap_aka_getKey() local
876 if (data->state != SUCCESS) in eap_aka_getKey()
884 os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); in eap_aka_getKey()
892 struct eap_aka_data *data = priv; in eap_aka_get_emsk() local
895 if (data->state != SUCCESS) in eap_aka_get_emsk()
903 os_memcpy(key, data->emsk, EAP_EMSK_LEN); in eap_aka_get_emsk()