49 static void eap_ikev2_state(struct eap_ikev2_data *data, int state)  in eap_ikev2_state()  argument
52 		   eap_ikev2_state_txt(data->state),  in eap_ikev2_state()
54 	data->state = state;  in eap_ikev2_state()
60 	struct eap_ikev2_data *data;  in eap_ikev2_init()  local
71 	data = os_zalloc(sizeof(*data));  in eap_ikev2_init()
72 	if (data == NULL)  in eap_ikev2_init()
74 	data->state = WAIT_START;  in eap_ikev2_init()
77 		data->fragment_size = IKEV2_FRAGMENT_SIZE;  in eap_ikev2_init()
79 		data->fragment_size = fragment_size;  in eap_ikev2_init()
80 	data->ikev2.state = SA_INIT;  in eap_ikev2_init()
81 	data->ikev2.peer_auth = PEER_AUTH_SECRET;  in eap_ikev2_init()
82 	data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");  in eap_ikev2_init()
83 	if (data->ikev2.key_pad == NULL)  in eap_ikev2_init()
85 	data->ikev2.key_pad_len = 21;  in eap_ikev2_init()
86 	data->ikev2.IDr = os_memdup(identity, identity_len);  in eap_ikev2_init()
87 	if (data->ikev2.IDr == NULL)  in eap_ikev2_init()
89 	data->ikev2.IDr_len = identity_len;  in eap_ikev2_init()
93 		data->ikev2.shared_secret = os_memdup(password, password_len);  in eap_ikev2_init()
94 		if (data->ikev2.shared_secret == NULL)  in eap_ikev2_init()
96 		data->ikev2.shared_secret_len = password_len;  in eap_ikev2_init()
99 	return data;  in eap_ikev2_init()
102 	ikev2_responder_deinit(&data->ikev2);  in eap_ikev2_init()
103 	os_free(data);  in eap_ikev2_init()
110 	struct eap_ikev2_data *data = priv;  in eap_ikev2_deinit()  local
111 	wpabuf_free(data->in_buf);  in eap_ikev2_deinit()
112 	wpabuf_free(data->out_buf);  in eap_ikev2_deinit()
113 	ikev2_responder_deinit(&data->ikev2);  in eap_ikev2_deinit()
114 	bin_clear_free(data, sizeof(*data));  in eap_ikev2_deinit()
118 static int eap_ikev2_peer_keymat(struct eap_ikev2_data *data)  in eap_ikev2_peer_keymat()  argument
121 		    data->ikev2.proposal.prf, &data->ikev2.keys,  in eap_ikev2_peer_keymat()
122 		    data->ikev2.i_nonce, data->ikev2.i_nonce_len,  in eap_ikev2_peer_keymat()
123 		    data->ikev2.r_nonce, data->ikev2.r_nonce_len,  in eap_ikev2_peer_keymat()
124 		    data->keymat) < 0) {  in eap_ikev2_peer_keymat()
129 	data->keymat_ok = 1;  in eap_ikev2_peer_keymat()
134 static struct wpabuf * eap_ikev2_build_msg(struct eap_ikev2_data *data,  in eap_ikev2_build_msg()  argument
146 	send_len = wpabuf_len(data->out_buf) - data->out_used;  in eap_ikev2_build_msg()
147 	if (1 + send_len > data->fragment_size) {  in eap_ikev2_build_msg()
148 		send_len = data->fragment_size - 1;  in eap_ikev2_build_msg()
150 		if (data->out_used == 0) {  in eap_ikev2_build_msg()
159 	if (data->keys_ready) {  in eap_ikev2_build_msg()
164 		integ = ikev2_get_integ(data->ikev2.proposal.integ);  in eap_ikev2_build_msg()
181 		wpabuf_put_be32(resp, wpabuf_len(data->out_buf));  in eap_ikev2_build_msg()
183 	wpabuf_put_data(resp, wpabuf_head_u8(data->out_buf) + data->out_used,  in eap_ikev2_build_msg()
185 	data->out_used += send_len;  in eap_ikev2_build_msg()
190 		ikev2_integ_hash(data->ikev2.proposal.integ,  in eap_ikev2_build_msg()
191 				 data->ikev2.keys.SK_ar,  in eap_ikev2_build_msg()
192 				 data->ikev2.keys.SK_integ_len,  in eap_ikev2_build_msg()
199 	if (data->out_used == wpabuf_len(data->out_buf)) {  in eap_ikev2_build_msg()
203 		wpabuf_free(data->out_buf);  in eap_ikev2_build_msg()
204 		data->out_buf = NULL;  in eap_ikev2_build_msg()
205 		data->out_used = 0;  in eap_ikev2_build_msg()
206 		switch (data->ikev2.state) {  in eap_ikev2_build_msg()
210 			data->keys_ready = 1;  in eap_ikev2_build_msg()
214 			if (data->state == FAIL)  in eap_ikev2_build_msg()
219 			if (eap_ikev2_peer_keymat(data))  in eap_ikev2_build_msg()
221 			eap_ikev2_state(data, DONE);  in eap_ikev2_build_msg()
235 			   (unsigned long) wpabuf_len(data->out_buf) -  in eap_ikev2_build_msg()
236 			   data->out_used);  in eap_ikev2_build_msg()
237 		eap_ikev2_state(data, WAIT_FRAG_ACK);  in eap_ikev2_build_msg()
244 static int eap_ikev2_process_icv(struct eap_ikev2_data *data,  in eap_ikev2_process_icv()  argument
251 			data->ikev2.proposal.integ, &data->ikev2.keys, 1,  in eap_ikev2_process_icv()
257 	} else if (data->keys_ready && !frag_ack) {  in eap_ikev2_process_icv()
267 static int eap_ikev2_process_cont(struct eap_ikev2_data *data,  in eap_ikev2_process_cont()  argument
271 	if (len > wpabuf_tailroom(data->in_buf)) {  in eap_ikev2_process_cont()
273 		eap_ikev2_state(data, FAIL);  in eap_ikev2_process_cont()
277 	wpabuf_put_data(data->in_buf, buf, len);  in eap_ikev2_process_cont()
280 		   (unsigned long) wpabuf_tailroom(data->in_buf));  in eap_ikev2_process_cont()
286 static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,  in eap_ikev2_process_fragment()  argument
293 	if (data->in_buf == NULL && !(flags & IKEV2_FLAGS_LENGTH_INCLUDED)) {  in eap_ikev2_process_fragment()
300 	if (data->in_buf == NULL) {  in eap_ikev2_process_fragment()
309 		data->in_buf = wpabuf_alloc(message_length);  in eap_ikev2_process_fragment()
310 		if (data->in_buf == NULL) {  in eap_ikev2_process_fragment()
316 		wpabuf_put_data(data->in_buf, buf, len);  in eap_ikev2_process_fragment()
320 			   (unsigned long) wpabuf_tailroom(data->in_buf));  in eap_ikev2_process_fragment()
332 	struct eap_ikev2_data *data = priv;  in eap_ikev2_process()  local
355 	if (eap_ikev2_process_icv(data, reqData, flags, pos, &end,  in eap_ikev2_process()
356 				  data->state == WAIT_FRAG_ACK && len == 0) < 0)  in eap_ikev2_process()
383 	if (data->state == WAIT_FRAG_ACK) {  in eap_ikev2_process()
391 		eap_ikev2_state(data, PROC_MSG);  in eap_ikev2_process()
392 		return eap_ikev2_build_msg(data, ret, id);  in eap_ikev2_process()
395 	if (data->in_buf && eap_ikev2_process_cont(data, pos, end - pos) < 0) {  in eap_ikev2_process()
401 		return eap_ikev2_process_fragment(data, ret, id, flags,  in eap_ikev2_process()
406 	if (data->in_buf == NULL) {  in eap_ikev2_process()
409 		data->in_buf = &tmpbuf;  in eap_ikev2_process()
412 	if (ikev2_responder_process(&data->ikev2, data->in_buf) < 0) {  in eap_ikev2_process()
413 		if (data->in_buf == &tmpbuf)  in eap_ikev2_process()
414 			data->in_buf = NULL;  in eap_ikev2_process()
415 		eap_ikev2_state(data, FAIL);  in eap_ikev2_process()
419 	if (data->in_buf != &tmpbuf)  in eap_ikev2_process()
420 		wpabuf_free(data->in_buf);  in eap_ikev2_process()
421 	data->in_buf = NULL;  in eap_ikev2_process()
423 	if (data->out_buf == NULL) {  in eap_ikev2_process()
424 		data->out_buf = ikev2_responder_build(&data->ikev2);  in eap_ikev2_process()
425 		if (data->out_buf == NULL) {  in eap_ikev2_process()
430 		data->out_used = 0;  in eap_ikev2_process()
433 	eap_ikev2_state(data, PROC_MSG);  in eap_ikev2_process()
434 	return eap_ikev2_build_msg(data, ret, id);  in eap_ikev2_process()
440 	struct eap_ikev2_data *data = priv;  in eap_ikev2_isKeyAvailable()  local
441 	return data->state == DONE && data->keymat_ok;  in eap_ikev2_isKeyAvailable()
447 	struct eap_ikev2_data *data = priv;  in eap_ikev2_getKey()  local
450 	if (data->state != DONE || !data->keymat_ok)  in eap_ikev2_getKey()
455 		os_memcpy(key, data->keymat, EAP_MSK_LEN);  in eap_ikev2_getKey()
465 	struct eap_ikev2_data *data = priv;  in eap_ikev2_get_emsk()  local
468 	if (data->state != DONE || !data->keymat_ok)  in eap_ikev2_get_emsk()
473 		os_memcpy(key, data->keymat + EAP_MSK_LEN, EAP_EMSK_LEN);  in eap_ikev2_get_emsk()
483 	struct eap_ikev2_data *data = priv;  in eap_ikev2_get_session_id()  local
488 	if (data->state != DONE || !data->keymat_ok)  in eap_ikev2_get_session_id()
491 	sid_len = 1 + data->ikev2.i_nonce_len + data->ikev2.r_nonce_len;  in eap_ikev2_get_session_id()
497 		os_memcpy(sid + offset, data->ikev2.i_nonce,  in eap_ikev2_get_session_id()
498 			  data->ikev2.i_nonce_len);  in eap_ikev2_get_session_id()
499 		offset += data->ikev2.i_nonce_len;  in eap_ikev2_get_session_id()
500 		os_memcpy(sid + offset, data->ikev2.r_nonce,  in eap_ikev2_get_session_id()
501 			  data->ikev2.r_nonce_len);  in eap_ikev2_get_session_id()