Lines Matching full:data
17 void ikev2_responder_deinit(struct ikev2_responder_data *data)
19 ikev2_free_keys(&data->keys);
20 wpabuf_free(data->i_dh_public);
21 wpabuf_free(data->r_dh_private);
22 os_free(data->IDi);
23 os_free(data->IDr);
24 os_free(data->shared_secret);
25 wpabuf_free(data->i_sign_msg);
26 wpabuf_free(data->r_sign_msg);
27 os_free(data->key_pad);
31 static int ikev2_derive_keys(struct ikev2_responder_data *data)
45 integ = ikev2_get_integ(data->proposal.integ);
46 prf = ikev2_get_prf(data->proposal.prf);
47 encr = ikev2_get_encr(data->proposal.encr);
53 shared = dh_derive_shared(data->i_dh_public, data->r_dh_private,
54 data->dh);
60 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN;
68 os_memcpy(pos, data->i_nonce, data->i_nonce_len);
69 pos += data->i_nonce_len;
70 os_memcpy(pos, data->r_nonce, data->r_nonce_len);
71 pos += data->r_nonce_len;
72 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN);
74 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN);
78 pad_len = data->dh->prime_len - wpabuf_len(shared);
90 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len,
101 wpabuf_free(data->i_dh_public);
102 data->i_dh_public = NULL;
103 wpabuf_free(data->r_dh_private);
104 data->r_dh_private = NULL;
110 &data->keys);
285 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after "
294 static int ikev2_process_sai1(struct ikev2_responder_data *data,
327 os_memcpy(&data->proposal, &prop, sizeof(prop));
328 data->dh = dh_groups_get(prop.dh);
336 wpa_printf(MSG_INFO, "IKEV2: Unexpected data after proposals");
346 "INTEG:%d D-H:%d", data->proposal.proposal_num,
347 data->proposal.encr, data->proposal.prf,
348 data->proposal.integ, data->proposal.dh);
354 static int ikev2_process_kei(struct ikev2_responder_data *data,
363 * Key Exchange Data (Diffie-Hellman public value)
379 if (group != data->proposal.dh) {
382 group, data->proposal.dh);
385 data->error_type = INVALID_KE_PAYLOAD;
386 data->state = NOTIFY;
390 if (data->dh == NULL) {
399 if (kei_len - 4 != data->dh->prime_len) {
402 (long) (kei_len - 4), (long) data->dh->prime_len);
406 wpabuf_free(data->i_dh_public);
407 data->i_dh_public = wpabuf_alloc(kei_len - 4);
408 if (data->i_dh_public == NULL)
410 wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4);
413 data->i_dh_public);
419 static int ikev2_process_ni(struct ikev2_responder_data *data,
433 data->i_nonce_len = ni_len;
434 os_memcpy(data->i_nonce, ni, ni_len);
436 data->i_nonce, data->i_nonce_len);
442 static int ikev2_process_sa_init(struct ikev2_responder_data *data,
446 if (ikev2_process_sai1(data, pl->sa, pl->sa_len) < 0 ||
447 ikev2_process_kei(data, pl->ke, pl->ke_len) < 0 ||
448 ikev2_process_ni(data, pl->nonce, pl->nonce_len) < 0)
451 os_memcpy(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN);
457 static int ikev2_process_idi(struct ikev2_responder_data *data,
478 os_free(data->IDi);
479 data->IDi = os_malloc(idi_len);
480 if (data->IDi == NULL)
482 os_memcpy(data->IDi, idi, idi_len);
483 data->IDi_len = idi_len;
484 data->IDi_type = id_type;
490 static int ikev2_process_cert(struct ikev2_responder_data *data,
496 if (data->peer_auth == PEER_AUTH_CERT) {
513 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Certificate Data", cert, cert_len);
521 static int ikev2_process_auth_cert(struct ikev2_responder_data *data,
535 static int ikev2_process_auth_secret(struct ikev2_responder_data *data,
549 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg,
550 data->IDi, data->IDi_len, data->IDi_type,
551 &data->keys, 1, data->shared_secret,
552 data->shared_secret_len,
553 data->r_nonce, data->r_nonce_len,
554 data->key_pad, data->key_pad_len,
556 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data");
560 wpabuf_free(data->i_sign_msg);
561 data->i_sign_msg = NULL;
563 prf = ikev2_get_prf(data->proposal.prf);
569 wpa_printf(MSG_INFO, "IKEV2: Invalid Authentication Data");
570 wpa_hexdump(MSG_DEBUG, "IKEV2: Received Authentication Data",
572 wpa_hexdump(MSG_DEBUG, "IKEV2: Expected Authentication Data",
574 data->error_type = AUTHENTICATION_FAILED;
575 data->state = NOTIFY;
586 static int ikev2_process_auth(struct ikev2_responder_data *data,
607 wpa_hexdump(MSG_MSGDUMP, "IKEV2: Authentication Data", auth, auth_len);
609 switch (data->peer_auth) {
611 return ikev2_process_auth_cert(data, auth_method, auth,
614 return ikev2_process_auth_secret(data, auth_method, auth,
622 static int ikev2_process_sa_auth_decrypted(struct ikev2_responder_data *data,
637 if (ikev2_process_idi(data, pl.idi, pl.idi_len) < 0 ||
638 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 ||
639 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0)
646 static int ikev2_process_sa_auth(struct ikev2_responder_data *data,
654 decrypted = ikev2_decrypt_payload(data->proposal.encr,
655 data->proposal.integ,
656 &data->keys, 1, hdr, pl->encrypted,
661 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload,
669 static int ikev2_validate_rx_state(struct ikev2_responder_data *data,
672 switch (data->state) {
724 int ikev2_responder_process(struct ikev2_responder_data *data,
740 data->error_type = 0;
769 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0)
779 if (data->state != SA_INIT) {
780 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) {
785 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) {
796 if (data->state == SA_INIT) {
797 data->last_msg = LAST_MSG_SA_INIT;
798 if (ikev2_process_sa_init(data, hdr, &pl) < 0) {
799 if (data->state == NOTIFY)
803 wpabuf_free(data->i_sign_msg);
804 data->i_sign_msg = wpabuf_dup(buf);
807 if (data->state == SA_AUTH) {
808 data->last_msg = LAST_MSG_SA_AUTH;
809 if (ikev2_process_sa_auth(data, hdr, &pl) < 0) {
810 if (data->state == NOTIFY)
820 static void ikev2_build_hdr(struct ikev2_responder_data *data,
830 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN);
831 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN);
840 static int ikev2_build_sar1(struct ikev2_responder_data *data,
856 p->proposal_num = data->proposal.proposal_num;
863 WPA_PUT_BE16(t->transform_id, data->proposal.encr);
864 if (data->proposal.encr == ENCR_AES_CBC) {
876 WPA_PUT_BE16(t->transform_id, data->proposal.prf);
882 WPA_PUT_BE16(t->transform_id, data->proposal.integ);
887 WPA_PUT_BE16(t->transform_id, data->proposal.dh);
899 static int ikev2_build_ker(struct ikev2_responder_data *data,
908 pv = dh_init(data->dh, &data->r_dh_private);
919 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */
925 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv));
935 static int ikev2_build_nr(struct ikev2_responder_data *data,
947 wpabuf_put_data(msg, data->r_nonce, data->r_nonce_len);
954 static int ikev2_build_idr(struct ikev2_responder_data *data,
962 if (data->IDr == NULL) {
973 wpabuf_put_data(msg, data->IDr, data->IDr_len);
980 static int ikev2_build_auth(struct ikev2_responder_data *data,
989 prf = ikev2_get_prf(data->proposal.prf);
1001 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg,
1002 data->IDr, data->IDr_len, ID_KEY_ID,
1003 &data->keys, 0, data->shared_secret,
1004 data->shared_secret_len,
1005 data->i_nonce, data->i_nonce_len,
1006 data->key_pad, data->key_pad_len,
1008 wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data");
1011 wpabuf_free(data->r_sign_msg);
1012 data->r_sign_msg = NULL;
1020 static int ikev2_build_notification(struct ikev2_responder_data *data,
1028 if (data->error_type == 0) {
1040 wpabuf_put_be16(msg, data->error_type);
1042 switch (data->error_type) {
1044 if (data->proposal.dh == -1) {
1049 wpabuf_put_be16(msg, data->proposal.dh);
1051 "DH Group #%d", data->proposal.dh);
1054 /* no associated data */
1058 "%d", data->error_type);
1068 static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data)
1074 if (os_get_random(data->r_spi, IKEV2_SPI_LEN))
1077 data->r_spi, IKEV2_SPI_LEN);
1079 data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
1080 if (random_get_bytes(data->r_nonce, data->r_nonce_len))
1082 wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len);
1084 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500);
1088 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0);
1089 if (ikev2_build_sar1(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) ||
1090 ikev2_build_ker(data, msg, IKEV2_PAYLOAD_NONCE) ||
1091 ikev2_build_nr(data, msg, data->peer_auth == PEER_AUTH_SECRET ?
1098 if (ikev2_derive_keys(data)) {
1103 if (data->peer_auth == PEER_AUTH_CERT) {
1108 if (data->peer_auth == PEER_AUTH_SECRET) {
1109 struct wpabuf *plain = wpabuf_alloc(data->IDr_len + 1000);
1114 if (ikev2_build_idr(data, plain,
1116 ikev2_build_encrypted(data->proposal.encr,
1117 data->proposal.integ,
1118 &data->keys, 0, msg, plain,
1131 data->state = SA_AUTH;
1133 wpabuf_free(data->r_sign_msg);
1134 data->r_sign_msg = wpabuf_dup(msg);
1140 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_responder_data *data)
1146 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000);
1149 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1);
1151 plain = wpabuf_alloc(data->IDr_len + 1000);
1157 if (ikev2_build_idr(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) ||
1158 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) ||
1159 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ,
1160 &data->keys, 0, msg, plain,
1170 data->state = IKEV2_DONE;
1176 static struct wpabuf * ikev2_build_notify(struct ikev2_responder_data *data)
1183 if (data->last_msg == LAST_MSG_SA_AUTH) {
1190 ikev2_build_hdr(data, msg, IKE_SA_AUTH,
1192 if (ikev2_build_notification(data, plain,
1194 ikev2_build_encrypted(data->proposal.encr,
1195 data->proposal.integ,
1196 &data->keys, 0, msg, plain,
1203 data->state = IKEV2_FAILED;
1206 ikev2_build_hdr(data, msg, IKE_SA_INIT,
1208 if (ikev2_build_notification(data, msg,
1213 data->state = SA_INIT;
1225 struct wpabuf * ikev2_responder_build(struct ikev2_responder_data *data)
1227 switch (data->state) {
1229 return ikev2_build_sa_init(data);
1231 return ikev2_build_sa_auth(data);
1235 return ikev2_build_notify(data);
