Lines Matching refs:data
79 struct eap_fast_data *data = ctx; in eap_fast_session_ticket_cb() local
87 data->session_ticket_used = 0; in eap_fast_session_ticket_cb()
88 if (data->provisioning_allowed) { in eap_fast_session_ticket_cb()
91 data->provisioning = 1; in eap_fast_session_ticket_cb()
92 data->current_pac = NULL; in eap_fast_session_ticket_cb()
99 if (data->current_pac == NULL) { in eap_fast_session_ticket_cb()
102 data->session_ticket_used = 0; in eap_fast_session_ticket_cb()
106 eap_fast_derive_master_secret(data->current_pac->pac_key, in eap_fast_session_ticket_cb()
110 data->session_ticket_used = 1; in eap_fast_session_ticket_cb()
116 static void eap_fast_parse_phase1(struct eap_fast_data *data, in eap_fast_parse_phase1() argument
123 data->provisioning_allowed = atoi(pos + 18); in eap_fast_parse_phase1()
125 "mode: %d", data->provisioning_allowed); in eap_fast_parse_phase1()
130 data->max_pac_list_len = atoi(pos + 22); in eap_fast_parse_phase1()
131 if (data->max_pac_list_len == 0) in eap_fast_parse_phase1()
132 data->max_pac_list_len = 1; in eap_fast_parse_phase1()
134 (unsigned long) data->max_pac_list_len); in eap_fast_parse_phase1()
139 data->use_pac_binary_format = 1; in eap_fast_parse_phase1()
148 struct eap_fast_data *data; in eap_fast_init() local
154 data = os_zalloc(sizeof(*data)); in eap_fast_init()
155 if (data == NULL) in eap_fast_init()
157 data->fast_version = EAP_FAST_VERSION; in eap_fast_init()
158 data->max_pac_list_len = 10; in eap_fast_init()
161 eap_fast_parse_phase1(data, config->phase1); in eap_fast_init()
164 &data->phase2_types, in eap_fast_init()
165 &data->num_phase2_types, 0) < 0) { in eap_fast_init()
166 eap_fast_deinit(sm, data); in eap_fast_init()
170 data->phase2_type.vendor = EAP_VENDOR_IETF; in eap_fast_init()
171 data->phase2_type.method = EAP_TYPE_NONE; in eap_fast_init()
173 if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_FAST)) { in eap_fast_init()
175 eap_fast_deinit(sm, data); in eap_fast_init()
179 if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn, in eap_fast_init()
181 data) < 0) { in eap_fast_init()
184 eap_fast_deinit(sm, data); in eap_fast_init()
193 if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn)) { in eap_fast_init()
200 eap_fast_deinit(sm, data); in eap_fast_init()
204 if (data->use_pac_binary_format && in eap_fast_init()
205 eap_fast_load_pac_bin(sm, &data->pac, config->pac_file) < 0) { in eap_fast_init()
207 eap_fast_deinit(sm, data); in eap_fast_init()
211 if (!data->use_pac_binary_format && in eap_fast_init()
212 eap_fast_load_pac(sm, &data->pac, config->pac_file) < 0) { in eap_fast_init()
214 eap_fast_deinit(sm, data); in eap_fast_init()
217 eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len); in eap_fast_init()
219 if (data->pac == NULL && !data->provisioning_allowed) { in eap_fast_init()
222 eap_fast_deinit(sm, data); in eap_fast_init()
226 return data; in eap_fast_init()
232 struct eap_fast_data *data = priv; in eap_fast_deinit() local
235 if (data == NULL) in eap_fast_deinit()
237 if (data->phase2_priv && data->phase2_method) in eap_fast_deinit()
238 data->phase2_method->deinit(sm, data->phase2_priv); in eap_fast_deinit()
239 os_free(data->phase2_types); in eap_fast_deinit()
240 os_free(data->key_block_p); in eap_fast_deinit()
241 eap_peer_tls_ssl_deinit(sm, &data->ssl); in eap_fast_deinit()
243 pac = data->pac; in eap_fast_deinit()
250 os_memset(data->key_data, 0, EAP_FAST_KEY_LEN); in eap_fast_deinit()
251 os_memset(data->emsk, 0, EAP_EMSK_LEN); in eap_fast_deinit()
252 os_free(data->session_id); in eap_fast_deinit()
253 wpabuf_clear_free(data->pending_phase2_req); in eap_fast_deinit()
254 wpabuf_clear_free(data->pending_resp); in eap_fast_deinit()
255 os_free(data); in eap_fast_deinit()
259 static int eap_fast_derive_msk(struct eap_fast_data *data) in eap_fast_derive_msk() argument
261 if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 || in eap_fast_derive_msk()
262 eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0) in eap_fast_derive_msk()
264 data->success = 1; in eap_fast_derive_msk()
270 struct eap_fast_data *data) in eap_fast_derive_key_auth() argument
278 sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn, in eap_fast_derive_key_auth()
293 data->simck_idx = 0; in eap_fast_derive_key_auth()
294 os_memcpy(data->simck, sks, EAP_FAST_SIMCK_LEN); in eap_fast_derive_key_auth()
301 struct eap_fast_data *data) in eap_fast_derive_key_provisioning() argument
303 os_free(data->key_block_p); in eap_fast_derive_key_provisioning()
304 data->key_block_p = (struct eap_fast_key_block_provisioning *) in eap_fast_derive_key_provisioning()
305 eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn, in eap_fast_derive_key_provisioning()
306 sizeof(*data->key_block_p)); in eap_fast_derive_key_provisioning()
307 if (data->key_block_p == NULL) { in eap_fast_derive_key_provisioning()
317 data->key_block_p->session_key_seed, in eap_fast_derive_key_provisioning()
318 sizeof(data->key_block_p->session_key_seed)); in eap_fast_derive_key_provisioning()
319 data->simck_idx = 0; in eap_fast_derive_key_provisioning()
320 os_memcpy(data->simck, data->key_block_p->session_key_seed, in eap_fast_derive_key_provisioning()
323 data->key_block_p->server_challenge, in eap_fast_derive_key_provisioning()
324 sizeof(data->key_block_p->server_challenge)); in eap_fast_derive_key_provisioning()
326 data->key_block_p->client_challenge, in eap_fast_derive_key_provisioning()
327 sizeof(data->key_block_p->client_challenge)); in eap_fast_derive_key_provisioning()
332 static int eap_fast_derive_keys(struct eap_sm *sm, struct eap_fast_data *data) in eap_fast_derive_keys() argument
336 if (data->anon_provisioning) in eap_fast_derive_keys()
337 res = eap_fast_derive_key_provisioning(sm, data); in eap_fast_derive_keys()
339 res = eap_fast_derive_key_auth(sm, data); in eap_fast_derive_keys()
345 struct eap_fast_data *data) in eap_fast_init_phase2_method() argument
347 data->phase2_method = in eap_fast_init_phase2_method()
348 eap_peer_get_eap_method(data->phase2_type.vendor, in eap_fast_init_phase2_method()
349 data->phase2_type.method); in eap_fast_init_phase2_method()
350 if (data->phase2_method == NULL) in eap_fast_init_phase2_method()
353 if (data->key_block_p) { in eap_fast_init_phase2_method()
354 sm->auth_challenge = data->key_block_p->server_challenge; in eap_fast_init_phase2_method()
355 sm->peer_challenge = data->key_block_p->client_challenge; in eap_fast_init_phase2_method()
359 data->phase2_priv = data->phase2_method->init(sm); in eap_fast_init_phase2_method()
364 return data->phase2_priv == NULL ? -1 : 0; in eap_fast_init_phase2_method()
368 static int eap_fast_select_phase2_method(struct eap_fast_data *data, in eap_fast_select_phase2_method() argument
376 if (data->anon_provisioning && in eap_fast_select_phase2_method()
386 data->phase2_type.vendor = EAP_VENDOR_IETF; in eap_fast_select_phase2_method()
387 data->phase2_type.method = EAP_TYPE_TNC; in eap_fast_select_phase2_method()
390 data->phase2_type.vendor, in eap_fast_select_phase2_method()
391 data->phase2_type.method); in eap_fast_select_phase2_method()
396 for (i = 0; i < data->num_phase2_types; i++) { in eap_fast_select_phase2_method()
397 if (data->phase2_types[i].vendor != vendor || in eap_fast_select_phase2_method()
398 data->phase2_types[i].method != type) in eap_fast_select_phase2_method()
401 data->phase2_type.vendor = data->phase2_types[i].vendor; in eap_fast_select_phase2_method()
402 data->phase2_type.method = data->phase2_types[i].method; in eap_fast_select_phase2_method()
405 data->phase2_type.vendor, in eap_fast_select_phase2_method()
406 data->phase2_type.method); in eap_fast_select_phase2_method()
410 if (vendor != data->phase2_type.vendor || in eap_fast_select_phase2_method()
411 type != data->phase2_type.method || in eap_fast_select_phase2_method()
420 struct eap_fast_data *data, in eap_fast_phase2_request() argument
457 if (data->phase2_priv && data->phase2_method && in eap_fast_phase2_request()
458 (vendor != data->phase2_type.vendor || in eap_fast_phase2_request()
459 method != data->phase2_type.method)) { in eap_fast_phase2_request()
462 data->phase2_method->deinit(sm, data->phase2_priv); in eap_fast_phase2_request()
463 data->phase2_method = NULL; in eap_fast_phase2_request()
464 data->phase2_priv = NULL; in eap_fast_phase2_request()
465 data->phase2_type.vendor = EAP_VENDOR_IETF; in eap_fast_phase2_request()
466 data->phase2_type.method = EAP_TYPE_NONE; in eap_fast_phase2_request()
469 if (data->phase2_type.vendor == EAP_VENDOR_IETF && in eap_fast_phase2_request()
470 data->phase2_type.method == EAP_TYPE_NONE && in eap_fast_phase2_request()
471 eap_fast_select_phase2_method(data, vendor, method) < 0) { in eap_fast_phase2_request()
472 if (eap_peer_tls_phase2_nak(data->phase2_types, in eap_fast_phase2_request()
473 data->num_phase2_types, in eap_fast_phase2_request()
479 if ((data->phase2_priv == NULL && in eap_fast_phase2_request()
480 eap_fast_init_phase2_method(sm, data) < 0) || in eap_fast_phase2_request()
481 data->phase2_method == NULL) { in eap_fast_phase2_request()
492 *resp = data->phase2_method->process(sm, data->phase2_priv, &iret, in eap_fast_phase2_request()
503 data->phase2_success = 1; in eap_fast_phase2_request()
510 wpabuf_clear_free(data->pending_phase2_req); in eap_fast_phase2_request()
511 data->pending_phase2_req = wpabuf_alloc_copy(hdr, len); in eap_fast_phase2_request()
579 struct eap_sm *sm, struct eap_fast_data *data, in eap_fast_process_eap_payload_tlv() argument
606 if (eap_fast_phase2_request(sm, data, ret, hdr, &resp)) { in eap_fast_process_eap_payload_tlv()
669 struct eap_fast_data *data, in eap_fast_get_phase2_key() argument
677 if (data->phase2_method == NULL || data->phase2_priv == NULL) { in eap_fast_get_phase2_key()
683 if (data->phase2_method->isKeyAvailable == NULL || in eap_fast_get_phase2_key()
684 data->phase2_method->getKey == NULL) in eap_fast_get_phase2_key()
687 if (!data->phase2_method->isKeyAvailable(sm, data->phase2_priv) || in eap_fast_get_phase2_key()
688 (key = data->phase2_method->getKey(sm, data->phase2_priv, in eap_fast_get_phase2_key()
704 static int eap_fast_get_cmk(struct eap_sm *sm, struct eap_fast_data *data, in eap_fast_get_cmk() argument
710 "calculation", data->simck_idx + 1); in eap_fast_get_cmk()
720 if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0) in eap_fast_get_cmk()
723 if (sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN, in eap_fast_get_cmk()
727 data->simck_idx++; in eap_fast_get_cmk()
728 os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN); in eap_fast_get_cmk()
730 data->simck, EAP_FAST_SIMCK_LEN); in eap_fast_get_cmk()
764 struct eap_sm *sm, struct eap_fast_data *data, in eap_fast_process_crypto_binding() argument
777 if (eap_fast_get_cmk(sm, data, cmk) < 0) in eap_fast_process_crypto_binding()
808 if (!data->anon_provisioning && data->phase2_success && in eap_fast_process_crypto_binding()
809 eap_fast_derive_msk(data) < 0) { in eap_fast_process_crypto_binding()
813 data->phase2_success = 0; in eap_fast_process_crypto_binding()
818 if (!data->anon_provisioning && data->phase2_success) { in eap_fast_process_crypto_binding()
819 os_free(data->session_id); in eap_fast_process_crypto_binding()
820 data->session_id = eap_peer_tls_derive_session_id( in eap_fast_process_crypto_binding()
821 sm, &data->ssl, EAP_TYPE_FAST, &data->id_len); in eap_fast_process_crypto_binding()
822 if (data->session_id) { in eap_fast_process_crypto_binding()
824 data->session_id, data->id_len); in eap_fast_process_crypto_binding()
1040 struct eap_fast_data *data, in eap_fast_process_pac() argument
1052 eap_fast_add_pac(&data->pac, &data->current_pac, &entry); in eap_fast_process_pac()
1053 eap_fast_pac_list_truncate(data->pac, data->max_pac_list_len); in eap_fast_process_pac()
1054 if (data->use_pac_binary_format) in eap_fast_process_pac()
1055 eap_fast_save_pac_bin(sm, data->pac, config->pac_file); in eap_fast_process_pac()
1057 eap_fast_save_pac(sm, data->pac, config->pac_file); in eap_fast_process_pac()
1059 if (data->provisioning) { in eap_fast_process_pac()
1060 if (data->anon_provisioning) { in eap_fast_process_pac()
1066 data->success = 0; in eap_fast_process_pac()
1148 struct eap_fast_data *data, in eap_fast_encrypt_response() argument
1157 if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST, in eap_fast_encrypt_response()
1158 data->fast_version, identifier, in eap_fast_encrypt_response()
1188 struct eap_fast_data *data, in eap_fast_process_decrypted() argument
1201 return eap_fast_encrypt_response(sm, data, resp, in eap_fast_process_decrypted()
1206 return eap_fast_encrypt_response(sm, data, resp, in eap_fast_process_decrypted()
1212 return eap_fast_encrypt_response(sm, data, resp, in eap_fast_process_decrypted()
1217 tmp = eap_fast_process_crypto_binding(sm, data, ret, in eap_fast_process_decrypted()
1234 sm, data, ret, tlv.eap_payload_tlv, in eap_fast_process_decrypted()
1244 tmp = eap_fast_process_pac(sm, data, ret, tlv.pac, in eap_fast_process_decrypted()
1249 if (data->current_pac == NULL && data->provisioning && in eap_fast_process_decrypted()
1250 !data->anon_provisioning && !tlv.pac && in eap_fast_process_decrypted()
1271 tlv.crypto_binding && data->phase2_success) { in eap_fast_process_decrypted()
1272 if (data->anon_provisioning) { in eap_fast_process_decrypted()
1281 if (data->provisioning) in eap_fast_process_decrypted()
1295 return eap_fast_encrypt_response(sm, data, resp, identifier, in eap_fast_process_decrypted()
1300 static int eap_fast_decrypt(struct eap_sm *sm, struct eap_fast_data *data, in eap_fast_decrypt() argument
1311 if (data->pending_phase2_req) { in eap_fast_decrypt()
1315 eap_peer_tls_reset_input(&data->ssl); in eap_fast_decrypt()
1317 in_decrypted = data->pending_phase2_req; in eap_fast_decrypt()
1318 data->pending_phase2_req = NULL; in eap_fast_decrypt()
1324 return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST, in eap_fast_decrypt()
1325 data->fast_version, in eap_fast_decrypt()
1329 res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); in eap_fast_decrypt()
1345 res = eap_fast_process_decrypted(sm, data, ret, identifier, in eap_fast_decrypt()
1383 static void eap_fast_select_pac(struct eap_fast_data *data, in eap_fast_select_pac() argument
1386 data->current_pac = eap_fast_get_pac(data->pac, a_id, a_id_len, in eap_fast_select_pac()
1388 if (data->current_pac == NULL) { in eap_fast_select_pac()
1393 data->current_pac = eap_fast_get_pac( in eap_fast_select_pac()
1394 data->pac, a_id, a_id_len, in eap_fast_select_pac()
1398 if (data->current_pac) { in eap_fast_select_pac()
1400 "(PAC-Type %d)", data->current_pac->pac_type); in eap_fast_select_pac()
1402 data->current_pac->a_id_info, in eap_fast_select_pac()
1403 data->current_pac->a_id_info_len); in eap_fast_select_pac()
1409 struct eap_fast_data *data, in eap_fast_use_pac_opaque() argument
1426 tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn, in eap_fast_use_pac_opaque()
1441 struct eap_fast_data *data) in eap_fast_clear_pac_opaque_ext() argument
1443 if (tls_connection_client_hello_ext(sm->ssl_ctx, data->ssl.conn, in eap_fast_clear_pac_opaque_ext()
1454 struct eap_fast_data *data) in eap_fast_set_provisioning_ciphers() argument
1459 if (data->provisioning_allowed & EAP_FAST_PROV_UNAUTH) { in eap_fast_set_provisioning_ciphers()
1465 if (data->provisioning_allowed & EAP_FAST_PROV_AUTH) { in eap_fast_set_provisioning_ciphers()
1477 if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn, in eap_fast_set_provisioning_ciphers()
1489 struct eap_fast_data *data, u8 flags, in eap_fast_process_start() argument
1497 flags & EAP_TLS_VERSION_MASK, data->fast_version); in eap_fast_process_start()
1498 if ((flags & EAP_TLS_VERSION_MASK) < data->fast_version) in eap_fast_process_start()
1499 data->fast_version = flags & EAP_TLS_VERSION_MASK; in eap_fast_process_start()
1501 data->fast_version); in eap_fast_process_start()
1504 eap_fast_select_pac(data, a_id, a_id_len); in eap_fast_process_start()
1506 if (data->resuming && data->current_pac) { in eap_fast_process_start()
1509 if (eap_fast_clear_pac_opaque_ext(sm, data) < 0) in eap_fast_process_start()
1511 } else if (data->current_pac) { in eap_fast_process_start()
1516 if (eap_fast_use_pac_opaque(sm, data, data->current_pac) < 0) in eap_fast_process_start()
1520 if (!data->provisioning_allowed) { in eap_fast_process_start()
1527 if (eap_fast_set_provisioning_ciphers(sm, data) < 0 || in eap_fast_process_start()
1528 eap_fast_clear_pac_opaque_ext(sm, data) < 0) in eap_fast_process_start()
1530 data->provisioning = 1; in eap_fast_process_start()
1547 struct eap_fast_data *data = priv; in eap_fast_process() local
1550 pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret, in eap_fast_process()
1559 if (eap_fast_process_start(sm, data, flags, pos, left) < 0) in eap_fast_process()
1568 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) && in eap_fast_process()
1569 !data->resuming) { in eap_fast_process()
1571 res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp); in eap_fast_process()
1582 if (sm->waiting_ext_cert_check && data->pending_resp) { in eap_fast_process()
1589 resp = data->pending_resp; in eap_fast_process()
1590 data->pending_resp = NULL; in eap_fast_process()
1611 res = eap_peer_tls_process_helper(sm, &data->ssl, in eap_fast_process()
1613 data->fast_version, id, &msg, in eap_fast_process()
1626 wpabuf_clear_free(data->pending_resp); in eap_fast_process()
1627 data->pending_resp = resp; in eap_fast_process()
1631 if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { in eap_fast_process()
1635 if (data->provisioning && in eap_fast_process()
1636 (!(data->provisioning_allowed & in eap_fast_process()
1638 tls_get_cipher(sm->ssl_ctx, data->ssl.conn, in eap_fast_process()
1645 data->anon_provisioning = 1; in eap_fast_process()
1647 data->anon_provisioning = 0; in eap_fast_process()
1648 data->resuming = 0; in eap_fast_process()
1649 if (eap_fast_derive_keys(sm, data) < 0) { in eap_fast_process()
1663 wpabuf_clear_free(data->pending_phase2_req); in eap_fast_process()
1664 data->pending_phase2_req = resp; in eap_fast_process()
1666 res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp); in eap_fast_process()
1673 data->fast_version); in eap_fast_process()
1683 struct eap_fast_data *data = priv;
1684 return tls_connection_established(sm->ssl_ctx, data->ssl.conn);
1690 struct eap_fast_data *data = priv;
1692 if (data->phase2_priv && data->phase2_method &&
1693 data->phase2_method->deinit_for_reauth)
1694 data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
1695 os_free(data->key_block_p);
1696 data->key_block_p = NULL;
1697 wpabuf_clear_free(data->pending_phase2_req);
1698 data->pending_phase2_req = NULL;
1699 wpabuf_clear_free(data->pending_resp);
1700 data->pending_resp = NULL;
1706 struct eap_fast_data *data = priv;
1707 if (eap_peer_tls_reauth_init(sm, &data->ssl)) {
1708 os_free(data);
1711 os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
1712 os_memset(data->emsk, 0, EAP_EMSK_LEN);
1713 os_free(data->session_id);
1714 data->session_id = NULL;
1715 if (data->phase2_priv && data->phase2_method &&
1716 data->phase2_method->init_for_reauth)
1717 data->phase2_method->init_for_reauth(sm, data->phase2_priv);
1718 data->phase2_success = 0;
1719 data->resuming = 1;
1720 data->provisioning = 0;
1721 data->anon_provisioning = 0;
1722 data->simck_idx = 0;
1731 struct eap_fast_data *data = priv; in eap_fast_get_status() local
1734 len = eap_peer_tls_status(sm, &data->ssl, buf, buflen, verbose); in eap_fast_get_status()
1735 if (data->phase2_method) { in eap_fast_get_status()
1738 data->phase2_method->name); in eap_fast_get_status()
1749 struct eap_fast_data *data = priv; in eap_fast_isKeyAvailable() local
1750 return data->success; in eap_fast_isKeyAvailable()
1756 struct eap_fast_data *data = priv; in eap_fast_getKey() local
1759 if (!data->success) in eap_fast_getKey()
1762 key = os_memdup(data->key_data, EAP_FAST_KEY_LEN); in eap_fast_getKey()
1774 struct eap_fast_data *data = priv; in eap_fast_get_session_id() local
1777 if (!data->success || !data->session_id) in eap_fast_get_session_id()
1780 id = os_memdup(data->session_id, data->id_len); in eap_fast_get_session_id()
1784 *len = data->id_len; in eap_fast_get_session_id()
1792 struct eap_fast_data *data = priv; in eap_fast_get_emsk() local
1795 if (!data->success) in eap_fast_get_emsk()
1798 key = os_memdup(data->emsk, EAP_EMSK_LEN); in eap_fast_get_emsk()