Lines Matching full:data
132 static struct eap_fast_pac * eap_fast_get_pac(struct eap_fast_data *data,
135 struct eap_fast_pac *pac = data->pac;
148 static int eap_fast_add_pac(struct eap_fast_data *data,
157 pac = data->pac;
163 data->pac = pac->next;
167 if (data->current_pac == pac)
168 data->current_pac = NULL;
232 pac->next = data->pac;
233 data->pac = pac;
304 static int eap_fast_load_pac(struct eap_sm *sm, struct eap_fast_data *data,
328 rc.pos = (char *) blob->data;
329 rc.end = (char *) blob->data + blob->len;
386 pac->next = data->pac;
387 data->pac = pac;
468 const char *field, const u8 *data,
474 if (data == NULL || *buf == NULL)
496 *pos += wpa_snprintf_hex(*pos, *buf + *buf_len - *pos, data, len);
510 "%c", data[i]);
523 static int eap_fast_save_pac(struct eap_sm *sm, struct eap_fast_data *data,
547 pac = data->pac;
569 "data");
589 blob->data = (u8 *) buf;
594 os_free(blob->data);
621 struct eap_fast_data *data;
624 data = os_zalloc(sizeof(*data));
625 if (data == NULL)
627 data->fast_version = EAP_FAST_VERSION;
631 data->provisioning_allowed = 1;
644 eap_fast_deinit(sm, data);
674 eap_fast_deinit(sm, data);
685 data->phase2_types = methods;
686 data->num_phase2_types = num_methods;
688 if (data->phase2_types == NULL) {
689 data->phase2_types =
690 eap_get_phase2_types(config, &data->num_phase2_types);
692 if (data->phase2_types == NULL) {
694 eap_fast_deinit(sm, data);
698 (u8 *) data->phase2_types,
699 data->num_phase2_types * sizeof(struct eap_method_type));
700 data->phase2_type.vendor = EAP_VENDOR_IETF;
701 data->phase2_type.method = EAP_TYPE_NONE;
703 if (eap_tls_ssl_init(sm, &data->ssl, config)) {
705 eap_fast_deinit(sm, data);
710 * fragments before data, so disable that workaround for CBC.
712 tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn);
714 if (eap_fast_load_pac(sm, data, config->pac_file) < 0) {
715 eap_fast_deinit(sm, data);
719 if (data->pac == NULL && !data->provisioning_allowed) {
722 eap_fast_deinit(sm, data);
726 return data;
732 struct eap_fast_data *data = priv;
735 if (data == NULL)
737 if (data->phase2_priv && data->phase2_method)
738 data->phase2_method->deinit(sm, data->phase2_priv);
739 os_free(data->phase2_types);
740 os_free(data->key_block_p);
741 eap_tls_ssl_deinit(sm, &data->ssl);
743 pac = data->pac;
750 os_free(data);
754 static int eap_fast_encrypt(struct eap_sm *sm, struct eap_fast_data *data,
764 resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
773 *pos++ = data->fast_version;
775 res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
777 pos, data->ssl.tls_out_limit);
780 "data");
792 static int eap_fast_phase2_nak(struct eap_fast_data *data,
803 (u8 *) data->phase2_types,
804 data->num_phase2_types * sizeof(struct eap_method_type));
806 *resp = os_malloc(*resp_len + data->num_phase2_types);
815 for (i = 0; i < data->num_phase2_types; i++) {
816 if (data->phase2_types[i].vendor == EAP_VENDOR_IETF &&
817 data->phase2_types[i].method < 256) {
819 *pos++ = data->phase2_types[i].method;
828 static int eap_fast_derive_msk(struct eap_fast_data *data)
831 sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
833 data->key_data, EAP_FAST_KEY_LEN);
835 data->key_data, EAP_FAST_KEY_LEN);
837 sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
839 (u8 *) "", 0, data->emsk, EAP_EMSK_LEN);
841 data->emsk, EAP_EMSK_LEN);
843 data->success = 1;
850 struct eap_fast_data *data,
858 if (data->tls_master_secret_set || !data->current_pac ||
859 tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
904 data->current_pac->pac_key, EAP_FAST_PAC_KEY_LEN);
907 sha1_t_prf(data->current_pac->pac_key, EAP_FAST_PAC_KEY_LEN,
914 data->tls_master_secret_set = 1;
916 return tls_connection_set_master_key(sm->ssl_ctx, data->ssl.conn,
922 static u8 * eap_fast_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
929 block_size = tls_connection_get_keyblock_size(sm->ssl_ctx, data->conn);
937 if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 1, out,
943 if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
972 struct eap_fast_data *data)
981 sks = eap_fast_derive_key(sm, &data->ssl, "key expansion",
996 data->simck_idx = 0;
997 os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN);
1003 struct eap_fast_data *data)
1005 os_free(data->key_block_p);
1006 data->key_block_p = (struct eap_fast_key_block_provisioning *)
1007 eap_fast_derive_key(sm, &data->ssl, "key expansion",
1008 sizeof(*data->key_block_p));
1009 if (data->key_block_p == NULL) {
1019 data->key_block_p->session_key_seed,
1020 sizeof(data->key_block_p->session_key_seed));
1021 data->simck_idx = 0;
1022 os_memcpy(data->simck, data->key_block_p->session_key_seed,
1025 data->key_block_p->server_challenge,
1026 sizeof(data->key_block_p->server_challenge));
1028 data->key_block_p->client_challenge,
1029 sizeof(data->key_block_p->client_challenge));
1033 static void eap_fast_derive_keys(struct eap_sm *sm, struct eap_fast_data *data)
1035 if (data->current_pac) {
1036 eap_fast_derive_key_auth(sm, data);
1038 eap_fast_derive_key_provisioning(sm, data);
1044 struct eap_fast_data *data,
1065 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
1066 data->phase2_type.method == EAP_TYPE_NONE) {
1068 for (i = 0; i < data->num_phase2_types; i++) {
1069 if (data->phase2_types[i].vendor !=
1071 data->phase2_types[i].method != *pos)
1074 data->phase2_type.vendor =
1075 data->phase2_types[i].vendor;
1076 data->phase2_type.method =
1077 data->phase2_types[i].method;
1080 data->phase2_type.vendor,
1081 data->phase2_type.method);
1085 if (*pos != data->phase2_type.method ||
1087 if (eap_fast_phase2_nak(data, hdr, resp, resp_len))
1092 if (data->phase2_priv == NULL) {
1093 data->phase2_method = eap_sm_get_eap_methods(
1094 data->phase2_type.vendor,
1095 data->phase2_type.method);
1096 if (data->phase2_method) {
1097 if (data->key_block_p) {
1099 data->key_block_p->
1102 data->key_block_p->
1107 data->phase2_priv =
1108 data->phase2_method->init(sm);
1115 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
1123 *resp = data->phase2_method->process(sm, data->phase2_priv,
1135 data->phase2_success = 1;
1228 struct eap_sm *sm, struct eap_fast_data *data,
1262 "calculation", data->simck_idx + 1);
1273 if (data->phase2_method == NULL || data->phase2_priv == NULL) {
1278 if (data->phase2_method->isKeyAvailable && data->phase2_method->getKey)
1280 data->phase2_method->isKeyAvailable(sm, data->phase2_priv)
1282 (key = data->phase2_method->getKey(sm, data->phase2_priv,
1294 sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN,
1297 data->simck_idx++;
1298 os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
1300 data->simck, EAP_FAST_SIMCK_LEN);
1336 if (!data->provisioning && data->phase2_success &&
1337 eap_fast_derive_msk(data) < 0) {
1342 data->phase2_success = 0;
1365 if (final && data->phase2_success) {
1376 static u8 * eap_fast_process_pac(struct eap_sm *sm, struct eap_fast_data *data,
1498 eap_fast_add_pac(data, &entry);
1499 eap_fast_save_pac(sm, data, config->pac_file);
1501 if (data->provisioning) {
1505 data->success = 0;
1521 static int eap_fast_decrypt(struct eap_sm *sm, struct eap_fast_data *data,
1542 wpa_printf(MSG_DEBUG, "EAP-FAST: received %lu bytes encrypted data for"
1545 msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,
1551 if (data->ssl.tls_in_total > buf_len)
1552 buf_len = data->ssl.tls_in_total;
1555 os_free(data->ssl.tls_in);
1556 data->ssl.tls_in = NULL;
1557 data->ssl.tls_in_len = 0;
1563 len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
1566 os_free(data->ssl.tls_in);
1567 data->ssl.tls_in = NULL;
1568 data->ssl.tls_in_len = 0;
1571 "data");
1725 if (eap_fast_phase2_request(sm, data, ret, hdr,
1747 resp = eap_fast_process_crypto_binding(sm, data, ret,
1769 resp = eap_fast_process_pac(sm, data, ret, pac, pac_len,
1788 wpa_hexdump(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 data",
1790 if (eap_fast_encrypt(sm, data, req->identifier, resp, resp_len,
1811 struct eap_fast_data *data = priv;
1813 pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
1827 data->fast_version);
1828 if ((flags & EAP_PEAP_VERSION_MASK) < data->fast_version)
1829 data->fast_version = flags & EAP_PEAP_VERSION_MASK;
1831 data->fast_version);
1847 data->current_pac = eap_fast_get_pac(data, a_id, a_id_len);
1848 if (data->current_pac) {
1852 data->current_pac->a_id_info,
1853 data->current_pac->a_id_info_len);
1856 if (data->resuming && data->current_pac) {
1861 sm->ssl_ctx, data->ssl.conn,
1868 } else if (data->current_pac) {
1872 olen = data->current_pac->pac_opaque_len;
1881 data->current_pac->pac_opaque, olen);
1885 sm->ssl_ctx, data->ssl.conn,
1895 if (!data->provisioning_allowed) {
1905 data->ssl.conn,
1913 sm->ssl_ctx, data->ssl.conn,
1919 data->provisioning = 1;
1926 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1927 !data->resuming) {
1928 res = eap_fast_decrypt(sm, data, ret, req, pos, left,
1938 if (eap_fast_set_tls_master_secret(sm, data, pos, left) < 0) {
1946 res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_FAST,
1947 data->fast_version, id, pos, left,
1950 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1953 data->resuming = 0;
1954 eap_fast_derive_keys(sm, data);
1959 return eap_tls_build_ack(&data->ssl, respDataLen, id,
1960 EAP_TYPE_FAST, data->fast_version);
1968 struct eap_fast_data *data = priv;
1969 return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
1975 struct eap_fast_data *data = priv;
1976 os_free(data->key_block_p);
1977 data->key_block_p = NULL;
1983 struct eap_fast_data *data = priv;
1984 if (eap_tls_reauth_init(sm, &data->ssl)) {
1985 os_free(data);
1988 if (data->phase2_priv && data->phase2_method &&
1989 data->phase2_method->init_for_reauth)
1990 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1991 data->phase2_success = 0;
1992 data->resuming = 1;
1993 data->provisioning = 0;
1994 data->simck_idx = 0;
2003 struct eap_fast_data *data = priv;
2006 len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
2007 if (data->phase2_method) {
2010 data->phase2_method->name);
2021 struct eap_fast_data *data = priv;
2022 return data->success;
2028 struct eap_fast_data *data = priv;
2031 if (!data->success)
2039 os_memcpy(key, data->key_data, EAP_FAST_KEY_LEN);
2047 struct eap_fast_data *data = priv;
2050 if (!data->success)
2058 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
