Lines Matching refs:data
73 static int eap_peap_parse_phase1(struct eap_peap_data *data,
80 data->force_peap_version = atoi(pos + 8);
81 data->peap_version = data->force_peap_version;
83 data->force_peap_version);
87 data->force_new_label = 1;
93 data->peap_outer_success = 0;
97 data->peap_outer_success = 1;
101 data->peap_outer_success = 2;
107 data->crypto_binding = NO_BINDING;
110 data->crypto_binding = OPTIONAL_BINDING;
113 data->crypto_binding = REQUIRE_BINDING;
119 data->soh = 2;
122 data->soh = 1;
125 data->soh = 2;
136 struct eap_peap_data *data;
139 data = os_zalloc(sizeof(*data));
140 if (data == NULL)
143 data->peap_version = EAP_PEAP_VERSION;
144 data->force_peap_version = -1;
145 data->peap_outer_success = 2;
146 data->crypto_binding = OPTIONAL_BINDING;
149 eap_peap_parse_phase1(data, config->phase1) < 0) {
150 eap_peap_deinit(sm, data);
155 &data->phase2_types,
156 &data->num_phase2_types) < 0) {
157 eap_peap_deinit(sm, data);
161 data->phase2_type.vendor = EAP_VENDOR_IETF;
162 data->phase2_type.method = EAP_TYPE_NONE;
164 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_PEAP)) {
166 eap_peap_deinit(sm, data);
170 return data;
176 struct eap_peap_data *data = priv;
177 if (data == NULL)
179 if (data->phase2_priv && data->phase2_method)
180 data->phase2_method->deinit(sm, data->phase2_priv);
181 os_free(data->phase2_types);
182 eap_peer_tls_ssl_deinit(sm, &data->ssl);
183 os_free(data->key_data);
184 os_free(data->session_id);
185 wpabuf_free(data->pending_phase2_req);
186 os_free(data);
218 static int eap_peap_get_isk(struct eap_sm *sm, struct eap_peap_data *data,
225 if (data->phase2_method == NULL || data->phase2_priv == NULL ||
226 data->phase2_method->isKeyAvailable == NULL ||
227 data->phase2_method->getKey == NULL)
230 if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) ||
231 (key = data->phase2_method->getKey(sm, data->phase2_priv,
247 static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
256 tk = data->key_data;
261 if (data->reauth &&
262 tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
264 os_memcpy(data->ipmk, tk, 40);
266 data->ipmk, 40);
267 os_memcpy(data->cmk, tk + 40, 20);
269 data->cmk, 20);
273 if (eap_peap_get_isk(sm, data, isk, sizeof(isk)) < 0)
285 if (peap_prfplus(data->peap_version, tk, 40,
292 os_memcpy(data->ipmk, imck, 40);
293 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
294 os_memcpy(data->cmk, imck + 40, 20);
295 wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
302 struct eap_peap_data *data,
318 if (data->peap_version >= 2)
324 wpabuf_put_u8(buf, data->peap_version); /* Version */
325 wpabuf_put_u8(buf, data->peap_version); /* RecvVersion */
327 wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */
329 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", data->cmk, 20);
330 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1",
332 wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
334 hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
336 data->crypto_binding_used = 1;
352 struct eap_peap_data *data,
359 if (data->crypto_binding == NO_BINDING)
375 if (crypto_tlv_used && eap_tlv_add_cryptobinding(sm, data, msg)) {
385 struct eap_peap_data *data,
392 if (eap_peap_derive_cmk(sm, data) < 0) {
405 if (pos[1] != data->peap_version) {
408 pos[1], data->peap_version);
418 os_memcpy(data->binding_nonce, pos, 32);
425 wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Compound_MAC data",
427 hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
459 static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
523 if (crypto_tlv && data->crypto_binding != NO_BINDING) {
526 if (eap_tlv_validate_cryptobinding(sm, data, crypto_tlv - 4,
535 } else if (!crypto_tlv && data->crypto_binding == REQUIRE_BINDING) {
575 *resp = eap_tlv_build_result(sm, data, crypto_tlv != NULL,
611 struct eap_peap_data *data,
635 if (eap_tlv_process(sm, data, &iret, req, resp,
636 data->phase2_eap_started &&
637 !data->phase2_eap_success)) {
646 data->phase2_success = 1;
651 if (data->soh) {
661 buf = tncc_process_soh_request(data->soh,
683 if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
684 data->phase2_type.method == EAP_TYPE_NONE) {
686 for (i = 0; i < data->num_phase2_types; i++) {
687 if (data->phase2_types[i].vendor !=
689 data->phase2_types[i].method != *pos)
692 data->phase2_type.vendor =
693 data->phase2_types[i].vendor;
694 data->phase2_type.method =
695 data->phase2_types[i].method;
698 data->phase2_type.vendor,
699 data->phase2_type.method);
703 if (*pos != data->phase2_type.method ||
705 if (eap_peer_tls_phase2_nak(data->phase2_types,
706 data->num_phase2_types,
712 if (data->phase2_priv == NULL) {
713 data->phase2_method = eap_peer_get_eap_method(
714 data->phase2_type.vendor,
715 data->phase2_type.method);
716 if (data->phase2_method) {
718 data->phase2_priv =
719 data->phase2_method->init(sm);
723 if (data->phase2_priv == NULL || data->phase2_method == NULL) {
730 data->phase2_eap_started = 1;
732 *resp = data->phase2_method->process(sm, data->phase2_priv,
738 data->phase2_eap_success = 1;
739 data->phase2_success = 1;
747 wpabuf_free(data->pending_phase2_req);
748 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
755 static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
767 wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
770 if (data->pending_phase2_req) {
772 "skip decryption and use old data");
774 eap_peer_tls_reset_input(&data->ssl);
775 in_decrypted = data->pending_phase2_req;
776 data->pending_phase2_req = NULL;
782 data->phase2_success) {
788 "expected data - acknowledge with TLS ACK since "
795 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
796 data->peap_version,
800 res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
821 if (data->peap_version == 0 && !skip_change) {
840 if (data->peap_version >= 2) {
902 "shorter length than full decrypted data "
912 if (eap_peap_phase2_request(sm, data, ret, in_decrypted,
922 if (data->peap_version == 1) {
926 if (data->phase2_eap_started &&
927 !data->phase2_eap_success) {
942 data->phase2_success = 1;
943 if (data->peap_outer_success == 2) {
948 } else if (data->peap_outer_success == 1) {
997 "EAP-PEAP: Encrypting Phase 2 data", resp);
999 if (data->peap_version >= 2) {
1009 if (data->peap_version == 0 && !skip_change2) {
1016 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP,
1017 data->peap_version, req->identifier,
1039 struct eap_peap_data *data = priv;
1041 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
1051 data->peap_version);
1052 if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version)
1053 data->peap_version = flags & EAP_TLS_VERSION_MASK;
1054 if (data->force_peap_version >= 0 &&
1055 data->force_peap_version != data->peap_version) {
1058 data->force_peap_version);
1065 data->peap_version);
1071 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1072 !data->resuming) {
1075 res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
1077 res = eap_peer_tls_process_helper(sm, &data->ssl,
1079 data->peap_version, id, pos,
1082 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
1086 os_free(data->key_data);
1094 if (data->peap_version > 1 || data->force_new_label)
1100 data->key_data =
1101 eap_peer_tls_derive_key(sm, &data->ssl, label,
1103 if (data->key_data) {
1106 data->key_data,
1113 os_free(data->session_id);
1114 data->session_id =
1115 eap_peer_tls_derive_session_id(sm, &data->ssl,
1117 &data->id_len);
1118 if (data->session_id) {
1121 data->session_id, data->id_len);
1127 if (sm->workaround && data->resuming) {
1142 data->phase2_success = 1;
1145 data->resuming = 0;
1151 * Application data included in the handshake message.
1153 wpabuf_free(data->pending_phase2_req);
1154 data->pending_phase2_req = resp;
1157 res = eap_peap_decrypt(sm, data, ret, req, &msg,
1169 data->peap_version);
1178 struct eap_peap_data *data = priv;
1179 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
1180 data->phase2_success;
1186 struct eap_peap_data *data = priv;
1187 wpabuf_free(data->pending_phase2_req);
1188 data->pending_phase2_req = NULL;
1189 data->crypto_binding_used = 0;
1195 struct eap_peap_data *data = priv;
1196 os_free(data->key_data);
1197 data->key_data = NULL;
1198 os_free(data->session_id);
1199 data->session_id = NULL;
1200 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1201 os_free(data);
1204 if (data->phase2_priv && data->phase2_method &&
1205 data->phase2_method->init_for_reauth)
1206 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1207 data->phase2_success = 0;
1208 data->phase2_eap_success = 0;
1209 data->phase2_eap_started = 0;
1210 data->resuming = 1;
1211 data->reauth = 1;
1220 struct eap_peap_data *data = priv;
1223 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose);
1224 if (data->phase2_method) {
1227 data->peap_version,
1228 data->phase2_method->name);
1239 struct eap_peap_data *data = priv;
1240 return data->key_data != NULL && data->phase2_success;
1246 struct eap_peap_data *data = priv;
1249 if (data->key_data == NULL || !data->phase2_success)
1258 if (data->crypto_binding_used) {
1265 if (peap_prfplus(data->peap_version, data->ipmk, 40,
1276 os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
1284 struct eap_peap_data *data = priv;
1287 if (data->session_id == NULL || !data->phase2_success)
1290 id = os_malloc(data->id_len);
1294 *len = data->id_len;
1295 os_memcpy(id, data->session_id, data->id_len);
