Lines Matching full:data
77 struct eap_ttls_data *data;
81 data = os_zalloc(sizeof(*data));
82 if (data == NULL)
84 data->ttls_version = EAP_TTLS_VERSION;
85 data->force_ttls_version = -1;
87 data->phase2_type = EAP_TTLS_PHASE2_EAP;
92 data->force_ttls_version = atoi(pos + 8);
93 data->ttls_version = data->force_ttls_version;
95 "%d", data->force_ttls_version);
102 data->phase2_type = EAP_TTLS_PHASE2_EAP;
105 data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
108 data->phase2_type = EAP_TTLS_PHASE2_MSCHAP;
111 data->phase2_type = EAP_TTLS_PHASE2_PAP;
114 data->phase2_type = EAP_TTLS_PHASE2_CHAP;
119 if (data->phase2_type == EAP_TTLS_PHASE2_EAP) {
127 eap_ttls_deinit(sm, data);
158 eap_ttls_deinit(sm, data);
171 data->phase2_eap_types = methods;
172 data->num_phase2_eap_types = num_methods;
174 if (data->phase2_eap_types == NULL) {
175 data->phase2_eap_types = eap_get_phase2_types(
176 config, &data->num_phase2_eap_types);
178 if (data->phase2_eap_types == NULL) {
181 eap_ttls_deinit(sm, data);
185 (u8 *) data->phase2_eap_types,
186 data->num_phase2_eap_types *
188 data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
189 data->phase2_eap_type.method = EAP_TYPE_NONE;
193 data->ttls_version > 0) {
194 if (data->force_ttls_version > 0) {
197 data->force_ttls_version);
198 eap_ttls_deinit(sm, data);
201 data->ttls_version = 0;
204 return data;
210 struct eap_ttls_data *data = priv;
211 if (data == NULL)
213 if (data->phase2_priv && data->phase2_method)
214 data->phase2_method->deinit(sm, data->phase2_priv);
215 os_free(data->phase2_eap_types);
216 if (data->ssl_initialized)
217 eap_tls_ssl_deinit(sm, &data->ssl);
218 os_free(data->key_data);
219 os_free(data->pending_phase2_req);
220 os_free(data);
224 static int eap_ttls_encrypt(struct eap_sm *sm, struct eap_ttls_data *data,
234 resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
243 *pos++ = data->ttls_version;
245 res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
247 pos, data->ssl.tls_out_limit);
250 "data");
288 u8 *data, size_t len)
292 os_memcpy(pos, data, len);
324 struct eap_ttls_data *data,
346 data->ssl.conn,
355 struct eap_ttls_data *data)
357 os_free(data->key_data);
358 data->key_data = eap_tls_derive_key(sm, &data->ssl,
361 if (!data->key_data) {
367 data->key_data, EAP_TLS_KEY_LEN);
374 struct eap_ttls_data *data)
379 os_free(data->key_data);
380 data->key_data = NULL;
383 if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
393 data->key_data = os_malloc(EAP_TLS_KEY_LEN);
394 if (rnd == NULL || data->key_data == NULL) {
397 os_free(data->key_data);
398 data->key_data = NULL;
407 keys.server_random_len, data->key_data, EAP_TLS_KEY_LEN)) {
410 os_free(data->key_data);
411 data->key_data = NULL;
423 data->key_data, EAP_TLS_KEY_LEN);
430 struct eap_ttls_data *data, size_t len)
435 if (data->ttls_version == 0) {
436 return eap_tls_derive_key(sm, &data->ssl, "ttls challenge",
441 if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) ||
483 static int eap_ttls_phase2_nak(struct eap_ttls_data *data, struct eap_hdr *hdr,
493 (u8 *) data->phase2_eap_types, data->num_phase2_eap_types *
496 *resp = os_malloc(*resp_len + data->num_phase2_eap_types);
505 for (i = 0; i < data->num_phase2_eap_types; i++) {
506 if (data->phase2_eap_types[i].vendor == EAP_VENDOR_IETF &&
507 data->phase2_eap_types[i].method < 256) {
509 *pos++ = data->phase2_eap_types[i].method;
519 struct eap_ttls_data *data,
541 if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF &&
542 data->phase2_eap_type.method == EAP_TYPE_NONE) {
544 for (i = 0; i < data->num_phase2_eap_types; i++) {
545 if (data->phase2_eap_types[i].vendor !=
547 data->phase2_eap_types[i].method != *pos)
550 data->phase2_eap_type.vendor =
551 data->phase2_eap_types[i].vendor;
552 data->phase2_eap_type.method =
553 data->phase2_eap_types[i].method;
556 data->phase2_eap_type.vendor,
557 data->phase2_eap_type.method);
561 if (*pos != data->phase2_eap_type.method ||
563 if (eap_ttls_phase2_nak(data, hdr, resp, resp_len))
568 if (data->phase2_priv == NULL) {
569 data->phase2_method = eap_sm_get_eap_methods(
571 if (data->phase2_method) {
574 data->phase2_priv =
575 data->phase2_method->init(sm);
580 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
586 *resp = data->phase2_method->process(sm, data->phase2_priv,
597 if (data->ttls_version > 0) {
598 const struct eap_method *m = data->phase2_method;
599 void *priv = data->phase2_priv;
614 sm, data, key, key_len);
639 struct eap_ttls_data *data,
676 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
693 data->ident = challenge[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN];
694 *pos++ = data->ident;
716 pos, data->auth_response);
717 data->auth_response_valid = 1;
719 if (data->ttls_version > 0) {
732 eap_ttls_ia_permute_inner_secret(sm, data,
744 if (sm->workaround && data->ttls_version == 0) {
759 struct eap_ttls_data *data,
781 sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
797 data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN];
798 *pos++ = data->ident;
817 if (data->ttls_version > 0) {
834 struct eap_ttls_data *data,
857 * the data, so no separate encryption is used in the AVP itself.
871 if (data->ttls_version > 0) {
888 struct eap_ttls_data *data,
912 sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
926 data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN];
927 *pos++ = data->ident;
930 addr[0] = &data->ident;
953 if (data->ttls_version > 0) {
970 struct eap_ttls_data *data,
979 if (data->phase2_type == EAP_TTLS_PHASE2_MSCHAPV2 ||
980 data->phase2_type == EAP_TTLS_PHASE2_MSCHAP ||
981 data->phase2_type == EAP_TTLS_PHASE2_PAP ||
982 data->phase2_type == EAP_TTLS_PHASE2_CHAP) {
1000 switch (data->phase2_type) {
1002 res = eap_ttls_phase2_request_eap(sm, data, ret, hdr,
1006 res = eap_ttls_phase2_request_mschapv2(sm, data, ret,
1010 res = eap_ttls_phase2_request_mschap(sm, data, ret,
1014 res = eap_ttls_phase2_request_pap(sm, data, ret,
1018 res = eap_ttls_phase2_request_chap(sm, data, ret,
1037 struct eap_ttls_data *data,
1056 *pos++ = data->ttls_version;
1059 data->ssl.conn,
1073 static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
1092 wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
1095 if (data->pending_phase2_req) {
1097 "skip decryption and use old data");
1099 os_free(data->ssl.tls_in);
1100 data->ssl.tls_in = NULL;
1101 data->ssl.tls_in_len = 0;
1102 data->ssl.tls_in_left = 0;
1103 data->ssl.tls_in_total = 0;
1105 in_decrypted = data->pending_phase2_req;
1106 data->pending_phase2_req = NULL;
1107 len_decrypted = data->pending_phase2_req_len;
1108 if (data->pending_phase2_req_len == 0) {
1116 if (in_len == 0 && data->phase2_start) {
1117 data->phase2_start = 0;
1123 if (data->reauth &&
1124 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
1127 *out_data = eap_tls_build_ack(&data->ssl, out_len,
1132 data->phase2_success = 1;
1136 wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
1154 msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,
1160 if (data->ssl.tls_in_total > buf_len)
1161 buf_len = data->ssl.tls_in_total;
1164 os_free(data->ssl.tls_in);
1165 data->ssl.tls_in = NULL;
1166 data->ssl.tls_in_len = 0;
1173 data->ssl.conn,
1175 os_free(data->ssl.tls_in);
1176 data->ssl.tls_in = NULL;
1177 data->ssl.tls_in_len = 0;
1180 "data");
1186 if (data->ttls_version > 0 && len_decrypted == 0 &&
1188 data->ssl.conn)) {
1194 data->phase2_success = 1;
1195 *out_data = eap_ttls_build_phase_finished(sm, data,
1198 eap_ttls_v1_derive_key(sm, data);
1203 data->phase2_start = 0;
1262 wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen);
1272 "for Phase 2 EAP data");
1284 "for Phase 2 EAP data");
1336 switch (data->phase2_type) {
1361 "data len in AVP=%lu)",
1373 if (eap_ttls_phase2_request(sm, data, ret, req, hdr,
1394 *out_data = eap_tls_build_ack(&data->ssl, out_len,
1406 if (mschapv2[0] != data->ident) {
1410 mschapv2[0], data->ident);
1414 if (!data->auth_response_valid ||
1417 os_memcmp(data->auth_response, recv_response, 20) != 0) {
1427 if (data->ttls_version > 0) {
1436 data->phase2_success = 1;
1439 /* Reply with empty data; authentication server will reply
1449 "tunneled data");
1455 wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Encrypting Phase 2 data",
1458 if (eap_ttls_encrypt(sm, data, req->identifier,
1468 os_free(data->pending_phase2_req);
1469 data->pending_phase2_req = os_malloc(len_decrypted);
1470 if (data->pending_phase2_req) {
1471 os_memcpy(data->pending_phase2_req, in_decrypted,
1473 data->pending_phase2_req_len = len_decrypted;
1500 struct eap_ttls_data *data = priv;
1503 pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
1513 data->ttls_version);
1514 if ((flags & EAP_PEAP_VERSION_MASK) < data->ttls_version)
1515 data->ttls_version = flags & EAP_PEAP_VERSION_MASK;
1516 if (data->force_ttls_version >= 0 &&
1517 data->force_ttls_version != data->ttls_version) {
1520 data->force_ttls_version);
1527 data->ttls_version);
1529 if (data->ttls_version > 0)
1530 data->ssl.tls_ia = 1;
1531 if (!data->ssl_initialized &&
1532 eap_tls_ssl_init(sm, &data->ssl, config)) {
1537 data->ssl_initialized = 1;
1542 * allowed to contain data. Client based on this draft version
1543 * must ignore such data but must not reject the Start packet.
1546 } else if (!data->ssl_initialized) {
1556 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1557 !data->resuming) {
1558 res = eap_ttls_decrypt(sm, data, ret, req, pos, left,
1561 res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
1562 data->ttls_version, id, pos, left,
1565 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1568 if (data->resuming) {
1574 data->phase2_start = 1;
1575 if (data->ttls_version == 0)
1576 eap_ttls_v0_derive_key(sm, data);
1579 if (eap_ttls_decrypt(sm, data, ret, req, NULL,
1587 data->resuming = 0;
1592 * Application data included in the handshake message.
1594 os_free(data->pending_phase2_req);
1595 data->pending_phase2_req = resp;
1596 data->pending_phase2_req_len = *respDataLen;
1599 res = eap_ttls_decrypt(sm, data, ret, req, pos, left,
1604 if (data->ttls_version == 0 && ret->methodState == METHOD_DONE) {
1610 data->phase2_success = 1;
1612 } else if (data->ttls_version == 0 && sm->workaround &&
1618 data->phase2_success = 1;
1622 return eap_tls_build_ack(&data->ssl, respDataLen, id,
1623 EAP_TYPE_TTLS, data->ttls_version);
1631 struct eap_ttls_data *data = priv;
1632 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1633 data->phase2_success;
1639 struct eap_ttls_data *data = priv;
1640 os_free(data->pending_phase2_req);
1641 data->pending_phase2_req = NULL;
1647 struct eap_ttls_data *data = priv;
1648 os_free(data->key_data);
1649 data->key_data = NULL;
1650 if (eap_tls_reauth_init(sm, &data->ssl)) {
1651 os_free(data);
1654 if (data->phase2_priv && data->phase2_method &&
1655 data->phase2_method->init_for_reauth)
1656 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1657 data->phase2_start = 0;
1658 data->phase2_success = 0;
1659 data->resuming = 1;
1660 data->reauth = 1;
1668 struct eap_ttls_data *data = priv;
1671 len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);
1674 data->ttls_version);
1678 switch (data->phase2_type) {
1681 data->phase2_method ?
1682 data->phase2_method->name : "?");
1710 struct eap_ttls_data *data = priv;
1711 return data->key_data != NULL && data->phase2_success;
1717 struct eap_ttls_data *data = priv;
1720 if (data->key_data == NULL || !data->phase2_success)
1728 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
