Lines Matching full:data
56 struct eap_sim_data *data;
59 data = os_zalloc(sizeof(*data));
60 if (data == NULL)
63 if (hostapd_get_rand(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
64 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
66 os_free(data);
70 data->min_num_chal = 2;
74 data->min_num_chal = atoi(pos + 17);
75 if (data->min_num_chal < 2 || data->min_num_chal > 3) {
79 (unsigned long) data->min_num_chal);
80 os_free(data);
85 (unsigned long) data->min_num_chal);
89 data->state = CONTINUE;
91 return data;
97 struct eap_sim_data *data = priv;
98 if (data) {
99 os_free(data->ver_list);
100 os_free(data->pseudonym);
101 os_free(data->reauth_id);
102 os_free(data->last_eap_identity);
103 os_free(data);
108 static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
112 if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
113 data->sres[0], data->kc[0]) ||
114 scard_gsm_auth(sm->scard_ctx, data->rand[1],
115 data->sres[1], data->kc[1]) ||
116 (data->num_chal > 2 &&
117 scard_gsm_auth(sm->scard_ctx, data->rand[2],
118 data->sres[2], data->kc[2]))) {
130 for (i = 0; i < data->num_chal; i++) {
131 if (data->rand[i][0] == 0xaa) {
132 os_memcpy(data->kc[i],
135 os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
137 } else if (data->rand[i][0] == 0xbb) {
138 os_memcpy(data->kc[i],
141 os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
144 os_memcpy(data->kc[i],
147 os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
167 static void eap_sim_clear_identities(struct eap_sim_data *data, int id)
174 os_free(data->pseudonym);
175 data->pseudonym = NULL;
176 data->pseudonym_len = 0;
179 os_free(data->reauth_id);
180 data->reauth_id = NULL;
181 data->reauth_id_len = 0;
184 os_free(data->last_eap_identity);
185 data->last_eap_identity = NULL;
186 data->last_eap_identity_len = 0;
191 static int eap_sim_learn_ids(struct eap_sim_data *data,
195 os_free(data->pseudonym);
196 data->pseudonym = os_malloc(attr->next_pseudonym_len);
197 if (data->pseudonym == NULL) {
202 os_memcpy(data->pseudonym, attr->next_pseudonym,
204 data->pseudonym_len = attr->next_pseudonym_len;
207 data->pseudonym,
208 data->pseudonym_len);
212 os_free(data->reauth_id);
213 data->reauth_id = os_malloc(attr->next_reauth_id_len);
214 if (data->reauth_id == NULL) {
219 os_memcpy(data->reauth_id, attr->next_reauth_id,
221 data->reauth_id_len = attr->next_reauth_id_len;
224 data->reauth_id,
225 data->reauth_id_len);
232 static u8 * eap_sim_client_error(struct eap_sim_data *data,
238 data->state = FAILURE;
239 data->num_id_req = 0;
240 data->num_notification = 0;
250 struct eap_sim_data *data,
259 data->reauth = 0;
260 if (id_req == ANY_ID && data->reauth_id) {
261 identity = data->reauth_id;
262 identity_len = data->reauth_id_len;
263 data->reauth = 1;
265 data->pseudonym) {
266 identity = data->pseudonym;
267 identity_len = data->pseudonym_len;
268 eap_sim_clear_identities(data, CLEAR_REAUTH_ID);
272 eap_sim_clear_identities(data, CLEAR_PSEUDONYM |
277 eap_sim_clear_identities(data, CLEAR_EAP_ID);
283 if (!data->reauth) {
285 data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
287 data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
289 data->selected_version);
291 data->selected_version, NULL, 0);
305 static u8 * eap_sim_response_challenge(struct eap_sim_data *data,
317 return eap_sim_msg_finish(msg, respDataLen, data->k_aut,
318 (u8 *) data->sres,
319 data->num_chal * EAP_SIM_SRES_LEN);
323 static u8 * eap_sim_response_reauth(struct eap_sim_data *data,
342 counter = data->counter_too_small;
344 counter = data->counter;
349 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
357 return eap_sim_msg_finish(msg, respDataLen, data->k_aut, data->nonce_s,
362 static u8 * eap_sim_response_notification(struct eap_sim_data *data,
368 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
376 if (k_aut && data->reauth) {
381 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
382 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
384 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
400 static u8 * eap_sim_process_start(struct eap_sm *sm, struct eap_sim_data *data,
413 return eap_sim_client_error(data, req, respDataLen,
417 os_free(data->ver_list);
418 data->ver_list = os_malloc(attr->version_list_len);
419 if (data->ver_list == NULL) {
422 return eap_sim_client_error(data, req, respDataLen,
425 os_memcpy(data->ver_list, attr->version_list, attr->version_list_len);
426 data->ver_list_len = attr->version_list_len;
427 pos = data->ver_list;
428 for (i = 0; i < data->ver_list_len / 2; i++) {
439 return eap_sim_client_error(data, req, respDataLen,
444 data->selected_version = selected_version;
451 if (data->num_id_req > 0)
453 data->num_id_req++;
456 if (data->num_id_req > 1)
458 data->num_id_req++;
461 if (data->num_id_req > 2)
463 data->num_id_req++;
469 return eap_sim_client_error(data, req, respDataLen,
473 return eap_sim_response_start(sm, data, req, respDataLen,
479 struct eap_sim_data *data,
490 data->reauth = 0;
496 return eap_sim_client_error(data, req, respDataLen,
502 if (attr->num_chal < data->min_num_chal) {
505 return eap_sim_client_error(data, req, respDataLen,
511 return eap_sim_client_error(data, req, respDataLen,
525 return eap_sim_client_error(data, req, respDataLen,
529 os_memcpy(data->rand, attr->rand, attr->num_chal * GSM_RAND_LEN);
530 data->num_chal = attr->num_chal;
532 if (eap_sim_gsm_auth(sm, data)) {
534 return eap_sim_client_error(data, req, respDataLen,
537 if (data->last_eap_identity) {
538 identity = data->last_eap_identity;
539 identity_len = data->last_eap_identity_len;
540 } else if (data->pseudonym) {
541 identity = data->pseudonym;
542 identity_len = data->pseudonym_len;
547 eap_sim_derive_mk(identity, identity_len, data->nonce_mt,
548 data->selected_version, data->ver_list,
549 data->ver_list_len, data->num_chal,
550 (const u8 *) data->kc, data->mk);
551 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
552 data->emsk);
553 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
554 attr->mac, data->nonce_mt,
558 data, req, respDataLen,
565 eap_sim_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
570 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
575 data, req, respDataLen,
578 eap_sim_learn_ids(data, &eattr);
582 if (data->state != FAILURE)
583 data->state = SUCCESS;
585 data->num_id_req = 0;
586 data->num_notification = 0;
590 data->counter = 0;
591 return eap_sim_response_challenge(data, req, respDataLen);
595 static int eap_sim_process_notification_reauth(struct eap_sim_data *data,
603 "reauth did not include encrypted data");
607 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
612 "data from notification message");
616 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
629 static int eap_sim_process_notification_auth(struct eap_sim_data *data,
640 if (eap_sim_verify_mac(data->k_aut, (u8 *) req, reqDataLen, attr->mac,
647 if (data->reauth &&
648 eap_sim_process_notification_reauth(data, attr)) {
659 struct eap_sim_data *data,
666 if (data->num_notification > 0) {
669 return eap_sim_client_error(data, req, respDataLen,
672 data->num_notification++;
676 return eap_sim_client_error(data, req, respDataLen,
681 eap_sim_process_notification_auth(data, req, reqDataLen, attr)) {
682 return eap_sim_client_error(data, req, respDataLen,
688 data->state = FAILURE;
690 return eap_sim_response_notification(data, req, respDataLen,
696 struct eap_sim_data *data,
707 if (data->reauth_id == NULL) {
710 return eap_sim_client_error(data, req, respDataLen,
714 data->reauth = 1;
715 if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
719 return eap_sim_client_error(data, req, respDataLen,
725 "message did not include encrypted data");
726 return eap_sim_client_error(data, req, respDataLen,
730 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
735 "data from reauthentication message");
736 return eap_sim_client_error(data, req, respDataLen,
745 return eap_sim_client_error(data, req, respDataLen,
749 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
751 "(%d <= %d)", eattr.counter, data->counter);
752 data->counter_too_small = eattr.counter;
758 os_free(data->last_eap_identity);
759 data->last_eap_identity = data->reauth_id;
760 data->last_eap_identity_len = data->reauth_id_len;
761 data->reauth_id = NULL;
762 data->reauth_id_len = 0;
764 return eap_sim_response_reauth(data, req, respDataLen, 1);
766 data->counter = eattr.counter;
768 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
770 data->nonce_s, EAP_SIM_NONCE_S_LEN);
772 eap_sim_derive_keys_reauth(data->counter,
773 data->reauth_id, data->reauth_id_len,
774 data->nonce_s, data->mk, data->msk,
775 data->emsk);
776 eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
777 eap_sim_learn_ids(data, &eattr);
779 if (data->state != FAILURE)
780 data->state = SUCCESS;
782 data->num_id_req = 0;
783 data->num_notification = 0;
784 if (data->counter > EAP_SIM_MAX_FAST_REAUTHS) {
787 eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
790 return eap_sim_response_reauth(data, req, respDataLen, 0);
799 struct eap_sim_data *data = priv;
806 wpa_hexdump(MSG_DEBUG, "EAP-SIM: EAP data", reqData, reqDataLen);
833 res = eap_sim_client_error(data, req, respDataLen,
840 res = eap_sim_process_start(sm, data, req,
844 res = eap_sim_process_challenge(sm, data, req, len,
848 res = eap_sim_process_notification(sm, data, req, len,
852 res = eap_sim_process_reauthentication(sm, data, req, len,
857 res = eap_sim_client_error(data, req, respDataLen,
862 res = eap_sim_client_error(data, req, respDataLen,
868 if (data->state == FAILURE) {
871 } else if (data->state == SUCCESS) {
886 struct eap_sim_data *data = priv;
887 return data->pseudonym || data->reauth_id;
893 struct eap_sim_data *data = priv;
894 eap_sim_clear_identities(data, CLEAR_EAP_ID);
900 struct eap_sim_data *data = priv;
901 if (hostapd_get_rand(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
902 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
904 os_free(data);
907 data->num_id_req = 0;
908 data->num_notification = 0;
909 data->state = CONTINUE;
917 struct eap_sim_data *data = priv;
919 if (data->reauth_id) {
920 *len = data->reauth_id_len;
921 return data->reauth_id;
924 if (data->pseudonym) {
925 *len = data->pseudonym_len;
926 return data->pseudonym;
935 struct eap_sim_data *data = priv;
936 return data->state == SUCCESS;
942 struct eap_sim_data *data = priv;
945 if (data->state != SUCCESS)
953 os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
961 struct eap_sim_data *data = priv;
964 if (data->state != SUCCESS)
972 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
