Lines Matching full:data
51 struct eap_aka_data *data;
52 data = os_zalloc(sizeof(*data));
53 if (data == NULL)
56 data->state = CONTINUE;
58 return data;
64 struct eap_aka_data *data = priv;
65 if (data) {
66 os_free(data->pseudonym);
67 os_free(data->reauth_id);
68 os_free(data->last_eap_identity);
69 os_free(data);
74 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
78 return scard_umts_auth(sm->scard_ctx, data->rand,
79 data->autn, data->res, &data->res_len,
80 data->ik, data->ck, data->auts);
84 os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN);
85 data->res_len = EAP_AKA_RES_MAX_LEN;
86 os_memset(data->ik, '3', EAP_AKA_IK_LEN);
87 os_memset(data->ck, '4', EAP_AKA_CK_LEN);
91 if (os_memcmp(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
116 static void eap_aka_clear_identities(struct eap_aka_data *data, int id)
123 os_free(data->pseudonym);
124 data->pseudonym = NULL;
125 data->pseudonym_len = 0;
128 os_free(data->reauth_id);
129 data->reauth_id = NULL;
130 data->reauth_id_len = 0;
133 os_free(data->last_eap_identity);
134 data->last_eap_identity = NULL;
135 data->last_eap_identity_len = 0;
140 static int eap_aka_learn_ids(struct eap_aka_data *data,
144 os_free(data->pseudonym);
145 data->pseudonym = os_malloc(attr->next_pseudonym_len);
146 if (data->pseudonym == NULL) {
151 os_memcpy(data->pseudonym, attr->next_pseudonym,
153 data->pseudonym_len = attr->next_pseudonym_len;
156 data->pseudonym,
157 data->pseudonym_len);
161 os_free(data->reauth_id);
162 data->reauth_id = os_malloc(attr->next_reauth_id_len);
163 if (data->reauth_id == NULL) {
168 os_memcpy(data->reauth_id, attr->next_reauth_id,
170 data->reauth_id_len = attr->next_reauth_id_len;
173 data->reauth_id,
174 data->reauth_id_len);
181 static u8 * eap_aka_client_error(struct eap_aka_data *data,
187 data->state = FAILURE;
188 data->num_id_req = 0;
189 data->num_notification = 0;
198 static u8 * eap_aka_authentication_reject(struct eap_aka_data *data,
204 data->state = FAILURE;
205 data->num_id_req = 0;
206 data->num_notification = 0;
217 static u8 * eap_aka_synchronization_failure(struct eap_aka_data *data,
223 data->num_id_req = 0;
224 data->num_notification = 0;
232 eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts,
239 struct eap_aka_data *data,
248 data->reauth = 0;
249 if (id_req == ANY_ID && data->reauth_id) {
250 identity = data->reauth_id;
251 identity_len = data->reauth_id_len;
252 data->reauth = 1;
254 data->pseudonym) {
255 identity = data->pseudonym;
256 identity_len = data->pseudonym_len;
257 eap_aka_clear_identities(data, CLEAR_REAUTH_ID);
261 eap_aka_clear_identities(data, CLEAR_PSEUDONYM |
266 eap_aka_clear_identities(data, CLEAR_EAP_ID);
284 static u8 * eap_aka_response_challenge(struct eap_aka_data *data,
295 eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
296 data->res, data->res_len);
299 return eap_sim_msg_finish(msg, respDataLen, data->k_aut, (u8 *) "", 0);
303 static u8 * eap_aka_response_reauth(struct eap_aka_data *data,
323 counter = data->counter_too_small;
325 counter = data->counter;
330 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
338 return eap_sim_msg_finish(msg, respDataLen, data->k_aut, nonce_s,
343 static u8 * eap_aka_response_notification(struct eap_aka_data *data,
349 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
355 if (k_aut && data->reauth) {
360 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
361 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
363 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
380 struct eap_aka_data *data,
394 if (data->num_id_req > 0)
396 data->num_id_req++;
399 if (data->num_id_req > 1)
401 data->num_id_req++;
404 if (data->num_id_req > 2)
406 data->num_id_req++;
412 return eap_aka_client_error(data, req, respDataLen,
416 return eap_aka_response_identity(sm, data, req, respDataLen,
422 struct eap_aka_data *data,
434 data->reauth = 0;
441 return eap_aka_client_error(data, req, respDataLen,
444 os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
445 os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
447 res = eap_aka_umts_auth(sm, data);
451 return eap_aka_authentication_reject(data, req, respDataLen);
455 return eap_aka_synchronization_failure(data, req, respDataLen);
458 return eap_aka_client_error(data, req, respDataLen,
461 if (data->last_eap_identity) {
462 identity = data->last_eap_identity;
463 identity_len = data->last_eap_identity_len;
464 } else if (data->pseudonym) {
465 identity = data->pseudonym;
466 identity_len = data->pseudonym_len;
471 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
472 data->mk);
473 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
474 data->emsk);
475 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
479 return eap_aka_client_error(data, req, respDataLen,
486 eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
491 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
496 data, req, respDataLen,
499 eap_aka_learn_ids(data, &eattr);
503 if (data->state != FAILURE)
504 data->state = SUCCESS;
506 data->num_id_req = 0;
507 data->num_notification = 0;
511 data->counter = 0;
512 return eap_aka_response_challenge(data, req, respDataLen);
516 static int eap_aka_process_notification_reauth(struct eap_aka_data *data,
524 "reauth did not include encrypted data");
528 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
533 "data from notification message");
537 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
550 static int eap_aka_process_notification_auth(struct eap_aka_data *data,
561 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
568 if (data->reauth &&
569 eap_aka_process_notification_reauth(data, attr)) {
580 struct eap_aka_data *data,
587 if (data->num_notification > 0) {
590 return eap_aka_client_error(data, req, respDataLen,
593 data->num_notification++;
597 return eap_aka_client_error(data, req, respDataLen,
602 eap_aka_process_notification_auth(data, req, reqDataLen, attr)) {
603 return eap_aka_client_error(data, req, respDataLen,
609 data->state = FAILURE;
611 return eap_aka_response_notification(data, req, respDataLen,
617 struct eap_aka_data *data,
628 if (data->reauth_id == NULL) {
631 return eap_aka_client_error(data, req, respDataLen,
635 data->reauth = 1;
636 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
640 return eap_aka_client_error(data, req, respDataLen,
646 "message did not include encrypted data");
647 return eap_aka_client_error(data, req, respDataLen,
651 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
656 "data from reauthentication message");
657 return eap_aka_client_error(data, req, respDataLen,
666 return eap_aka_client_error(data, req, respDataLen,
670 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
673 "(%d <= %d)", eattr.counter, data->counter);
674 data->counter_too_small = eattr.counter;
676 eap_sim_derive_keys_reauth(eattr.counter, data->reauth_id,
677 data->reauth_id_len, eattr.nonce_s,
678 data->mk, NULL, NULL);
685 os_free(data->last_eap_identity);
686 data->last_eap_identity = data->reauth_id;
687 data->last_eap_identity_len = data->reauth_id_len;
688 data->reauth_id = NULL;
689 data->reauth_id_len = 0;
691 res = eap_aka_response_reauth(data, req, respDataLen, 1,
697 data->counter = eattr.counter;
699 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
701 data->nonce_s, EAP_SIM_NONCE_S_LEN);
703 eap_sim_derive_keys_reauth(data->counter,
704 data->reauth_id, data->reauth_id_len,
705 data->nonce_s, data->mk, data->msk,
706 data->emsk);
707 eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
708 eap_aka_learn_ids(data, &eattr);
710 if (data->state != FAILURE)
711 data->state = SUCCESS;
713 data->num_id_req = 0;
714 data->num_notification = 0;
715 if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
718 eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
721 return eap_aka_response_reauth(data, req, respDataLen, 0,
722 data->nonce_s);
731 struct eap_aka_data *data = priv;
738 wpa_hexdump(MSG_DEBUG, "EAP-AKA: EAP data", reqData, reqDataLen);
765 res = eap_aka_client_error(data, req, respDataLen,
772 res = eap_aka_process_identity(sm, data, req,
776 res = eap_aka_process_challenge(sm, data, req, len,
780 res = eap_aka_process_notification(sm, data, req, len,
784 res = eap_aka_process_reauthentication(sm, data, req, len,
789 res = eap_aka_client_error(data, req, respDataLen,
794 res = eap_aka_client_error(data, req, respDataLen,
800 if (data->state == FAILURE) {
803 } else if (data->state == SUCCESS) {
823 struct eap_aka_data *data = priv;
824 return data->pseudonym || data->reauth_id;
830 struct eap_aka_data *data = priv;
831 eap_aka_clear_identities(data, CLEAR_EAP_ID);
837 struct eap_aka_data *data = priv;
838 data->num_id_req = 0;
839 data->num_notification = 0;
840 data->state = CONTINUE;
848 struct eap_aka_data *data = priv;
850 if (data->reauth_id) {
851 *len = data->reauth_id_len;
852 return data->reauth_id;
855 if (data->pseudonym) {
856 *len = data->pseudonym_len;
857 return data->pseudonym;
866 struct eap_aka_data *data = priv;
867 return data->state == SUCCESS;
873 struct eap_aka_data *data = priv;
876 if (data->state != SUCCESS)
884 os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
892 struct eap_aka_data *data = priv;
895 if (data->state != SUCCESS)
903 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
