Lines Matching refs:erp
75 static int eap_erp_add_key(struct eap_sm *sm, struct eap_server_erp_key *erp)
78 return sm->eapol_cb->erp_add_key(sm->eapol_ctx, erp);
421 struct eap_server_erp_key *erp = NULL;
437 "EAP: Too long realm for ERP keyName-NAI maximum length");
441 erp = os_zalloc(sizeof(*erp) + nai_buf_len);
442 if (erp == NULL)
444 erp->recv_seq = (u32) -1;
449 "EAP: No suitable EMSK available for ERP");
464 pos = wpa_snprintf_hex(erp->keyname_nai, nai_buf_len,
466 erp->keyname_nai[pos] = '@';
467 os_memcpy(&erp->keyname_nai[pos + 1], domain, domain_len);
472 len, sizeof(len), erp->rRK, emsk_len) < 0) {
473 wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP");
476 erp->rRK_len = emsk_len;
477 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
480 WPA_PUT_BE16(&ctx[1], erp->rRK_len);
481 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
483 ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
484 wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
487 erp->rIK_len = erp->rRK_len;
488 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rIK", erp->rIK, erp->rIK_len);
490 if (eap_erp_add_key(sm, erp) == 0) {
491 wpa_printf(MSG_DEBUG, "EAP: Stored ERP keys %s",
492 erp->keyname_nai);
493 erp = NULL;
498 bin_clear_free(erp, sizeof(*erp));
532 if (sm->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
694 struct eap_server_erp_key *erp, u8 id,
703 if (erp) {
704 switch (erp->cryptosuite) {
731 if (erp) {
732 wpabuf_put_u8(msg, erp->cryptosuite);
733 if (hmac_sha256(erp->rIK, erp->rIK_len,
751 if ((flags & 0x80) || !erp) {
760 sm->eap_if.eapKeyData = os_malloc(erp->rRK_len);
765 WPA_PUT_BE16(&seed[2], erp->rRK_len);
766 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
769 sm->eap_if.eapKeyData, erp->rRK_len) < 0) {
770 wpa_printf(MSG_DEBUG, "EAP: Could not derive rMSK for ERP");
771 bin_clear_free(sm->eap_if.eapKeyData, erp->rRK_len);
775 sm->eap_if.eapKeyDataLen = erp->rRK_len;
777 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
794 struct eap_server_erp_key *erp;
870 erp = eap_erp_get_key(sm, nai);
871 if (!erp) {
872 wpa_printf(MSG_DEBUG, "EAP: No matching ERP key found for %s",
877 if (erp->recv_seq != (u32) -1 && erp->recv_seq >= seq) {
880 seq, erp->recv_seq);
888 1 + (erp->cryptosuite == EAP_ERP_CS_HMAC_SHA256_256 ? 32 : 16)) {
894 switch (erp->cryptosuite) {
896 if (end[-33] != erp->cryptosuite) {
904 if (end[-17] != erp->cryptosuite) {
917 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
930 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
937 erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_256;
942 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
949 erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_128;
969 wpa_printf(MSG_DEBUG, "EAP: ERP key %s SEQ updated to %u",
970 erp->keyname_nai, seq);
971 erp->recv_seq = seq;
975 erp_send_finish_reauth(sm, erp, ehdr->identifier, resp_flags, seq, nai);
1321 else if (sm->eap_server && sm->erp && sm->rxInitiate)
1869 sm->erp = conf->erp;
