Lines Matching full:data
17 static int ikev2_process_idr(struct ikev2_initiator_data *data,
21 void ikev2_initiator_deinit(struct ikev2_initiator_data *data)
23 ikev2_free_keys(&data->keys);
24 wpabuf_free(data->r_dh_public);
25 wpabuf_free(data->i_dh_private);
26 os_free(data->IDi);
27 os_free(data->IDr);
28 os_free(data->shared_secret);
29 wpabuf_free(data->i_sign_msg);
30 wpabuf_free(data->r_sign_msg);
31 os_free(data->key_pad);
35 static int ikev2_derive_keys(struct ikev2_initiator_data *data)
49 integ = ikev2_get_integ(data->proposal.integ);
50 prf = ikev2_get_prf(data->proposal.prf);
51 encr = ikev2_get_encr(data->proposal.encr);
57 shared = dh_derive_shared(data->r_dh_public, data->i_dh_private,
58 data->dh);
64 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN;
72 os_memcpy(pos, data->i_nonce, data->i_nonce_len);
73 pos += data->i_nonce_len;
74 os_memcpy(pos, data->r_nonce, data->r_nonce_len);
75 pos += data->r_nonce_len;
76 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN);
78 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN);
83 pad_len = data->dh->prime_len - wpabuf_len(shared);
94 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len,
105 wpabuf_free(data->r_dh_public);
106 data->r_dh_public = NULL;
107 wpabuf_free(data->i_dh_private);
108 data->i_dh_private = NULL;
114 &data->keys);
120 static int ikev2_parse_transform(struct ikev2_initiator_data *data,
164 transform_id == data->proposal.encr) {
190 transform_id == data->proposal.prf)
195 transform_id == data->proposal.integ)
200 transform_id == data->proposal.dh)
209 static int ikev2_parse_proposal(struct ikev2_initiator_data *data,
286 int tlen = ikev2_parse_transform(data, prop, ppos, pend);
293 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after "
302 static int ikev2_process_sar1(struct ikev2_initiator_data *data,
329 plen = ikev2_parse_proposal(data, &prop, pos, end);
345 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after proposal");
355 "INTEG:%d D-H:%d", data->proposal.proposal_num,
356 data->proposal.encr, data->proposal.prf,
357 data->proposal.integ, data->proposal.dh);
363 static int ikev2_process_ker(struct ikev2_initiator_data *data,
372 * Key Exchange Data (Diffie-Hellman public value)
388 if (group != data->proposal.dh) {
391 group, data->proposal.dh);
395 if (data->dh == NULL) {
404 if (ker_len - 4 != data->dh->prime_len) {
407 (long) (ker_len - 4), (long) data->dh->prime_len);
411 wpabuf_free(data->r_dh_public);
412 data->r_dh_public = wpabuf_alloc_copy(ker + 4, ker_len - 4);
413 if (data->r_dh_public == NULL)
417 data->r_dh_public);
423 static int ikev2_process_nr(struct ikev2_initiator_data *data,
437 data->r_nonce_len = nr_len;
438 os_memcpy(data->r_nonce, nr, nr_len);
440 data->r_nonce, data->r_nonce_len);
446 static int ikev2_process_sa_init_encr(struct ikev2_initiator_data *data,
456 decrypted = ikev2_decrypt_payload(data->proposal.encr,
457 data->proposal.integ, &data->keys, 0,
473 ret = ikev2_process_idr(data, pl.idr, pl.idr_len);
481 static int ikev2_process_sa_init(struct ikev2_initiator_data *data,
485 if (ikev2_process_sar1(data, pl->sa, pl->sa_len) < 0 ||
486 ikev2_process_ker(data, pl->ke, pl->ke_len) < 0 ||
487 ikev2_process_nr(data, pl->nonce, pl->nonce_len) < 0)
490 os_memcpy(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN);
492 if (ikev2_derive_keys(data) < 0)
498 if (ikev2_process_sa_init_encr(data, hdr, pl->encrypted,
507 data->state = SA_AUTH;
513 static int ikev2_process_idr(struct ikev2_initiator_data *data,
534 if (data->IDr) {
535 if (id_type != data->IDr_type || idr_len != data->IDr_len ||
536 os_memcmp(idr, data->IDr, idr_len) != 0) {
542 data->IDr, data->IDr_len);
545 os_free(data->IDr);
547 data->IDr = os_malloc(idr_len);
548 if (data->IDr == NULL)
550 os_memcpy(data->IDr, idr, idr_len);
551 data->IDr_len = idr_len;
552 data->IDr_type = id_type;
558 static int ikev2_process_cert(struct ikev2_initiator_data *data,
564 if (data->peer_auth == PEER_AUTH_CERT) {
581 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Certificate Data", cert, cert_len);
589 static int ikev2_process_auth_cert(struct ikev2_initiator_data *data,
603 static int ikev2_process_auth_secret(struct ikev2_initiator_data *data,
617 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg,
618 data->IDr, data->IDr_len, data->IDr_type,
619 &data->keys, 0, data->shared_secret,
620 data->shared_secret_len,
621 data->i_nonce, data->i_nonce_len,
622 data->key_pad, data->key_pad_len,
624 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data");
628 wpabuf_free(data->r_sign_msg);
629 data->r_sign_msg = NULL;
631 prf = ikev2_get_prf(data->proposal.prf);
637 wpa_printf(MSG_INFO, "IKEV2: Invalid Authentication Data");
638 wpa_hexdump(MSG_DEBUG, "IKEV2: Received Authentication Data",
640 wpa_hexdump(MSG_DEBUG, "IKEV2: Expected Authentication Data",
652 static int ikev2_process_auth(struct ikev2_initiator_data *data,
673 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Authentication Data", auth, auth_len);
675 switch (data->peer_auth) {
677 return ikev2_process_auth_cert(data, auth_method, auth,
680 return ikev2_process_auth_secret(data, auth_method, auth,
688 static int ikev2_process_sa_auth_decrypted(struct ikev2_initiator_data *data,
703 if (ikev2_process_idr(data, pl.idr, pl.idr_len) < 0 ||
704 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 ||
705 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0)
712 static int ikev2_process_sa_auth(struct ikev2_initiator_data *data,
720 decrypted = ikev2_decrypt_payload(data->proposal.encr,
721 data->proposal.integ,
722 &data->keys, 0, hdr, pl->encrypted,
727 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload,
731 if (ret == 0 && !data->unknown_user) {
733 data->state = IKEV2_DONE;
740 static int ikev2_validate_rx_state(struct ikev2_initiator_data *data,
743 switch (data->state) {
793 int ikev2_initiator_process(struct ikev2_initiator_data *data,
837 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0)
847 if (data->state != SA_INIT) {
848 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) {
853 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) {
864 switch (data->state) {
866 if (ikev2_process_sa_init(data, hdr, &pl) < 0)
868 wpabuf_free(data->r_sign_msg);
869 data->r_sign_msg = wpabuf_dup(buf);
872 if (ikev2_process_sa_auth(data, hdr, &pl) < 0)
884 static void ikev2_build_hdr(struct ikev2_initiator_data *data,
894 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN);
895 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN);
904 static int ikev2_build_sai(struct ikev2_initiator_data *data,
921 p->proposal_num = data->proposal.proposal_num;
928 WPA_PUT_BE16(t->transform_id, data->proposal.encr);
929 if (data->proposal.encr == ENCR_AES_CBC) {
941 WPA_PUT_BE16(t->transform_id, data->proposal.prf);
947 WPA_PUT_BE16(t->transform_id, data->proposal.integ);
952 WPA_PUT_BE16(t->transform_id, data->proposal.dh);
964 static int ikev2_build_kei(struct ikev2_initiator_data *data,
973 data->dh = dh_groups_get(data->proposal.dh);
974 pv = dh_init(data->dh, &data->i_dh_private);
985 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */
991 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv));
1001 static int ikev2_build_ni(struct ikev2_initiator_data *data,
1013 wpabuf_put_data(msg, data->i_nonce, data->i_nonce_len);
1020 static int ikev2_build_idi(struct ikev2_initiator_data *data,
1028 if (data->IDi == NULL) {
1039 wpabuf_put_data(msg, data->IDi, data->IDi_len);
1046 static int ikev2_build_auth(struct ikev2_initiator_data *data,
1055 prf = ikev2_get_prf(data->proposal.prf);
1067 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg,
1068 data->IDi, data->IDi_len, ID_KEY_ID,
1069 &data->keys, 1, data->shared_secret,
1070 data->shared_secret_len,
1071 data->r_nonce, data->r_nonce_len,
1072 data->key_pad, data->key_pad_len,
1074 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data");
1077 wpabuf_free(data->i_sign_msg);
1078 data->i_sign_msg = NULL;
1086 static struct wpabuf * ikev2_build_sa_init(struct ikev2_initiator_data *data)
1092 if (os_get_random(data->i_spi, IKEV2_SPI_LEN))
1095 data->i_spi, IKEV2_SPI_LEN);
1097 data->i_nonce_len = IKEV2_NONCE_MIN_LEN;
1098 if (random_get_bytes(data->i_nonce, data->i_nonce_len))
1100 wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len);
1106 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0);
1107 if (ikev2_build_sai(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) ||
1108 ikev2_build_kei(data, msg, IKEV2_PAYLOAD_NONCE) ||
1109 ikev2_build_ni(data, msg, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) {
1118 wpabuf_free(data->i_sign_msg);
1119 data->i_sign_msg = wpabuf_dup(msg);
1125 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data)
1131 secret = data->get_shared_secret(data->cb_ctx, data->IDr,
1132 data->IDr_len, &secret_len);
1140 data->unknown_user = 1;
1141 os_free(data->shared_secret);
1142 data->shared_secret = os_malloc(16);
1143 if (data->shared_secret == NULL)
1145 data->shared_secret_len = 16;
1146 if (random_get_bytes(data->shared_secret, 16))
1149 os_free(data->shared_secret);
1150 data->shared_secret = os_malloc(secret_len);
1151 if (data->shared_secret == NULL)
1153 os_memcpy(data->shared_secret, secret, secret_len);
1154 data->shared_secret_len = secret_len;
1159 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000);
1162 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1);
1164 plain = wpabuf_alloc(data->IDr_len + 1000);
1170 if (ikev2_build_idi(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) ||
1171 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) ||
1172 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ,
1173 &data->keys, 1, msg, plain,
1187 struct wpabuf * ikev2_initiator_build(struct ikev2_initiator_data *data)
1189 switch (data->state) {
1191 return ikev2_build_sa_init(data);
1193 return ikev2_build_sa_auth(data);
