Lines Matching refs:data
17 void ikev2_responder_deinit(struct ikev2_responder_data *data) in ikev2_responder_deinit() argument
19 ikev2_free_keys(&data->keys); in ikev2_responder_deinit()
20 wpabuf_free(data->i_dh_public); in ikev2_responder_deinit()
21 wpabuf_free(data->r_dh_private); in ikev2_responder_deinit()
22 os_free(data->IDi); in ikev2_responder_deinit()
23 os_free(data->IDr); in ikev2_responder_deinit()
24 os_free(data->shared_secret); in ikev2_responder_deinit()
25 wpabuf_free(data->i_sign_msg); in ikev2_responder_deinit()
26 wpabuf_free(data->r_sign_msg); in ikev2_responder_deinit()
27 os_free(data->key_pad); in ikev2_responder_deinit()
31 static int ikev2_derive_keys(struct ikev2_responder_data *data) in ikev2_derive_keys() argument
45 integ = ikev2_get_integ(data->proposal.integ); in ikev2_derive_keys()
46 prf = ikev2_get_prf(data->proposal.prf); in ikev2_derive_keys()
47 encr = ikev2_get_encr(data->proposal.encr); in ikev2_derive_keys()
53 shared = dh_derive_shared(data->i_dh_public, data->r_dh_private, in ikev2_derive_keys()
54 data->dh); in ikev2_derive_keys()
60 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; in ikev2_derive_keys()
68 os_memcpy(pos, data->i_nonce, data->i_nonce_len); in ikev2_derive_keys()
69 pos += data->i_nonce_len; in ikev2_derive_keys()
70 os_memcpy(pos, data->r_nonce, data->r_nonce_len); in ikev2_derive_keys()
71 pos += data->r_nonce_len; in ikev2_derive_keys()
72 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); in ikev2_derive_keys()
74 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); in ikev2_derive_keys()
78 pad_len = data->dh->prime_len - wpabuf_len(shared); in ikev2_derive_keys()
90 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, in ikev2_derive_keys()
101 wpabuf_free(data->i_dh_public); in ikev2_derive_keys()
102 data->i_dh_public = NULL; in ikev2_derive_keys()
103 wpabuf_free(data->r_dh_private); in ikev2_derive_keys()
104 data->r_dh_private = NULL; in ikev2_derive_keys()
110 &data->keys); in ikev2_derive_keys()
296 static int ikev2_process_sai1(struct ikev2_responder_data *data, in ikev2_process_sai1() argument
329 os_memcpy(&data->proposal, &prop, sizeof(prop)); in ikev2_process_sai1()
330 data->dh = dh_groups_get(prop.dh); in ikev2_process_sai1()
348 "INTEG:%d D-H:%d", data->proposal.proposal_num, in ikev2_process_sai1()
349 data->proposal.encr, data->proposal.prf, in ikev2_process_sai1()
350 data->proposal.integ, data->proposal.dh); in ikev2_process_sai1()
356 static int ikev2_process_kei(struct ikev2_responder_data *data, in ikev2_process_kei() argument
381 if (group != data->proposal.dh) { in ikev2_process_kei()
384 group, data->proposal.dh); in ikev2_process_kei()
387 data->error_type = INVALID_KE_PAYLOAD; in ikev2_process_kei()
388 data->state = NOTIFY; in ikev2_process_kei()
392 if (data->dh == NULL) { in ikev2_process_kei()
401 if (kei_len - 4 != data->dh->prime_len) { in ikev2_process_kei()
404 (long) (kei_len - 4), (long) data->dh->prime_len); in ikev2_process_kei()
408 wpabuf_free(data->i_dh_public); in ikev2_process_kei()
409 data->i_dh_public = wpabuf_alloc(kei_len - 4); in ikev2_process_kei()
410 if (data->i_dh_public == NULL) in ikev2_process_kei()
412 wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4); in ikev2_process_kei()
415 data->i_dh_public); in ikev2_process_kei()
421 static int ikev2_process_ni(struct ikev2_responder_data *data, in ikev2_process_ni() argument
435 data->i_nonce_len = ni_len; in ikev2_process_ni()
436 os_memcpy(data->i_nonce, ni, ni_len); in ikev2_process_ni()
438 data->i_nonce, data->i_nonce_len); in ikev2_process_ni()
444 static int ikev2_process_sa_init(struct ikev2_responder_data *data, in ikev2_process_sa_init() argument
448 if (ikev2_process_sai1(data, pl->sa, pl->sa_len) < 0 || in ikev2_process_sa_init()
449 ikev2_process_kei(data, pl->ke, pl->ke_len) < 0 || in ikev2_process_sa_init()
450 ikev2_process_ni(data, pl->nonce, pl->nonce_len) < 0) in ikev2_process_sa_init()
453 os_memcpy(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN); in ikev2_process_sa_init()
459 static int ikev2_process_idi(struct ikev2_responder_data *data, in ikev2_process_idi() argument
480 os_free(data->IDi); in ikev2_process_idi()
481 data->IDi = os_memdup(idi, idi_len); in ikev2_process_idi()
482 if (data->IDi == NULL) in ikev2_process_idi()
484 data->IDi_len = idi_len; in ikev2_process_idi()
485 data->IDi_type = id_type; in ikev2_process_idi()
491 static int ikev2_process_cert(struct ikev2_responder_data *data, in ikev2_process_cert() argument
497 if (data->peer_auth == PEER_AUTH_CERT) { in ikev2_process_cert()
522 static int ikev2_process_auth_cert(struct ikev2_responder_data *data, in ikev2_process_auth_cert() argument
536 static int ikev2_process_auth_secret(struct ikev2_responder_data *data, in ikev2_process_auth_secret() argument
550 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg, in ikev2_process_auth_secret()
551 data->IDi, data->IDi_len, data->IDi_type, in ikev2_process_auth_secret()
552 &data->keys, 1, data->shared_secret, in ikev2_process_auth_secret()
553 data->shared_secret_len, in ikev2_process_auth_secret()
554 data->r_nonce, data->r_nonce_len, in ikev2_process_auth_secret()
555 data->key_pad, data->key_pad_len, in ikev2_process_auth_secret()
561 wpabuf_free(data->i_sign_msg); in ikev2_process_auth_secret()
562 data->i_sign_msg = NULL; in ikev2_process_auth_secret()
564 prf = ikev2_get_prf(data->proposal.prf); in ikev2_process_auth_secret()
575 data->error_type = AUTHENTICATION_FAILED; in ikev2_process_auth_secret()
576 data->state = NOTIFY; in ikev2_process_auth_secret()
587 static int ikev2_process_auth(struct ikev2_responder_data *data, in ikev2_process_auth() argument
610 switch (data->peer_auth) { in ikev2_process_auth()
612 return ikev2_process_auth_cert(data, auth_method, auth, in ikev2_process_auth()
615 return ikev2_process_auth_secret(data, auth_method, auth, in ikev2_process_auth()
623 static int ikev2_process_sa_auth_decrypted(struct ikev2_responder_data *data, in ikev2_process_sa_auth_decrypted() argument
638 if (ikev2_process_idi(data, pl.idi, pl.idi_len) < 0 || in ikev2_process_sa_auth_decrypted()
639 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 || in ikev2_process_sa_auth_decrypted()
640 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0) in ikev2_process_sa_auth_decrypted()
647 static int ikev2_process_sa_auth(struct ikev2_responder_data *data, in ikev2_process_sa_auth() argument
655 decrypted = ikev2_decrypt_payload(data->proposal.encr, in ikev2_process_sa_auth()
656 data->proposal.integ, in ikev2_process_sa_auth()
657 &data->keys, 1, hdr, pl->encrypted, in ikev2_process_sa_auth()
662 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload, in ikev2_process_sa_auth()
670 static int ikev2_validate_rx_state(struct ikev2_responder_data *data, in ikev2_validate_rx_state() argument
673 switch (data->state) { in ikev2_validate_rx_state()
725 int ikev2_responder_process(struct ikev2_responder_data *data, in ikev2_responder_process() argument
741 data->error_type = 0; in ikev2_responder_process()
770 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0) in ikev2_responder_process()
780 if (data->state != SA_INIT) { in ikev2_responder_process()
781 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) { in ikev2_responder_process()
786 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) { in ikev2_responder_process()
797 if (data->state == SA_INIT) { in ikev2_responder_process()
798 data->last_msg = LAST_MSG_SA_INIT; in ikev2_responder_process()
799 if (ikev2_process_sa_init(data, hdr, &pl) < 0) { in ikev2_responder_process()
800 if (data->state == NOTIFY) in ikev2_responder_process()
804 wpabuf_free(data->i_sign_msg); in ikev2_responder_process()
805 data->i_sign_msg = wpabuf_dup(buf); in ikev2_responder_process()
808 if (data->state == SA_AUTH) { in ikev2_responder_process()
809 data->last_msg = LAST_MSG_SA_AUTH; in ikev2_responder_process()
810 if (ikev2_process_sa_auth(data, hdr, &pl) < 0) { in ikev2_responder_process()
811 if (data->state == NOTIFY) in ikev2_responder_process()
821 static void ikev2_build_hdr(struct ikev2_responder_data *data, in ikev2_build_hdr() argument
831 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN); in ikev2_build_hdr()
832 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN); in ikev2_build_hdr()
841 static int ikev2_build_sar1(struct ikev2_responder_data *data, in ikev2_build_sar1() argument
857 p->proposal_num = data->proposal.proposal_num; in ikev2_build_sar1()
864 WPA_PUT_BE16(t->transform_id, data->proposal.encr); in ikev2_build_sar1()
865 if (data->proposal.encr == ENCR_AES_CBC) { in ikev2_build_sar1()
877 WPA_PUT_BE16(t->transform_id, data->proposal.prf); in ikev2_build_sar1()
883 WPA_PUT_BE16(t->transform_id, data->proposal.integ); in ikev2_build_sar1()
888 WPA_PUT_BE16(t->transform_id, data->proposal.dh); in ikev2_build_sar1()
900 static int ikev2_build_ker(struct ikev2_responder_data *data, in ikev2_build_ker() argument
909 pv = dh_init(data->dh, &data->r_dh_private); in ikev2_build_ker()
920 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */ in ikev2_build_ker()
926 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv)); in ikev2_build_ker()
936 static int ikev2_build_nr(struct ikev2_responder_data *data, in ikev2_build_nr() argument
948 wpabuf_put_data(msg, data->r_nonce, data->r_nonce_len); in ikev2_build_nr()
955 static int ikev2_build_idr(struct ikev2_responder_data *data, in ikev2_build_idr() argument
963 if (data->IDr == NULL) { in ikev2_build_idr()
974 wpabuf_put_data(msg, data->IDr, data->IDr_len); in ikev2_build_idr()
981 static int ikev2_build_auth(struct ikev2_responder_data *data, in ikev2_build_auth() argument
990 prf = ikev2_get_prf(data->proposal.prf); in ikev2_build_auth()
1002 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg, in ikev2_build_auth()
1003 data->IDr, data->IDr_len, ID_KEY_ID, in ikev2_build_auth()
1004 &data->keys, 0, data->shared_secret, in ikev2_build_auth()
1005 data->shared_secret_len, in ikev2_build_auth()
1006 data->i_nonce, data->i_nonce_len, in ikev2_build_auth()
1007 data->key_pad, data->key_pad_len, in ikev2_build_auth()
1012 wpabuf_free(data->r_sign_msg); in ikev2_build_auth()
1013 data->r_sign_msg = NULL; in ikev2_build_auth()
1021 static int ikev2_build_notification(struct ikev2_responder_data *data, in ikev2_build_notification() argument
1029 if (data->error_type == 0) { in ikev2_build_notification()
1041 wpabuf_put_be16(msg, data->error_type); in ikev2_build_notification()
1043 switch (data->error_type) { in ikev2_build_notification()
1045 if (data->proposal.dh == -1) { in ikev2_build_notification()
1050 wpabuf_put_be16(msg, data->proposal.dh); in ikev2_build_notification()
1052 "DH Group #%d", data->proposal.dh); in ikev2_build_notification()
1059 "%d", data->error_type); in ikev2_build_notification()
1069 static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data) in ikev2_build_sa_init() argument
1075 if (os_get_random(data->r_spi, IKEV2_SPI_LEN)) in ikev2_build_sa_init()
1078 data->r_spi, IKEV2_SPI_LEN); in ikev2_build_sa_init()
1080 data->r_nonce_len = IKEV2_NONCE_MIN_LEN; in ikev2_build_sa_init()
1081 if (random_get_bytes(data->r_nonce, data->r_nonce_len)) in ikev2_build_sa_init()
1083 wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len); in ikev2_build_sa_init()
1085 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500); in ikev2_build_sa_init()
1089 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0); in ikev2_build_sa_init()
1090 if (ikev2_build_sar1(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) || in ikev2_build_sa_init()
1091 ikev2_build_ker(data, msg, IKEV2_PAYLOAD_NONCE) || in ikev2_build_sa_init()
1092 ikev2_build_nr(data, msg, data->peer_auth == PEER_AUTH_SECRET ? in ikev2_build_sa_init()
1099 if (ikev2_derive_keys(data)) { in ikev2_build_sa_init()
1104 if (data->peer_auth == PEER_AUTH_CERT) { in ikev2_build_sa_init()
1109 if (data->peer_auth == PEER_AUTH_SECRET) { in ikev2_build_sa_init()
1110 struct wpabuf *plain = wpabuf_alloc(data->IDr_len + 1000); in ikev2_build_sa_init()
1115 if (ikev2_build_idr(data, plain, in ikev2_build_sa_init()
1117 ikev2_build_encrypted(data->proposal.encr, in ikev2_build_sa_init()
1118 data->proposal.integ, in ikev2_build_sa_init()
1119 &data->keys, 0, msg, plain, in ikev2_build_sa_init()
1132 data->state = SA_AUTH; in ikev2_build_sa_init()
1134 wpabuf_free(data->r_sign_msg); in ikev2_build_sa_init()
1135 data->r_sign_msg = wpabuf_dup(msg); in ikev2_build_sa_init()
1141 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_responder_data *data) in ikev2_build_sa_auth() argument
1147 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000); in ikev2_build_sa_auth()
1150 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1); in ikev2_build_sa_auth()
1152 plain = wpabuf_alloc(data->IDr_len + 1000); in ikev2_build_sa_auth()
1158 if (ikev2_build_idr(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) || in ikev2_build_sa_auth()
1159 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || in ikev2_build_sa_auth()
1160 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ, in ikev2_build_sa_auth()
1161 &data->keys, 0, msg, plain, in ikev2_build_sa_auth()
1171 data->state = IKEV2_DONE; in ikev2_build_sa_auth()
1177 static struct wpabuf * ikev2_build_notify(struct ikev2_responder_data *data) in ikev2_build_notify() argument
1184 if (data->last_msg == LAST_MSG_SA_AUTH) { in ikev2_build_notify()
1191 ikev2_build_hdr(data, msg, IKE_SA_AUTH, in ikev2_build_notify()
1193 if (ikev2_build_notification(data, plain, in ikev2_build_notify()
1195 ikev2_build_encrypted(data->proposal.encr, in ikev2_build_notify()
1196 data->proposal.integ, in ikev2_build_notify()
1197 &data->keys, 0, msg, plain, in ikev2_build_notify()
1204 data->state = IKEV2_FAILED; in ikev2_build_notify()
1207 ikev2_build_hdr(data, msg, IKE_SA_INIT, in ikev2_build_notify()
1209 if (ikev2_build_notification(data, msg, in ikev2_build_notify()
1214 data->state = SA_INIT; in ikev2_build_notify()
1226 struct wpabuf * ikev2_responder_build(struct ikev2_responder_data *data) in ikev2_responder_build() argument
1228 switch (data->state) { in ikev2_responder_build()
1230 return ikev2_build_sa_init(data); in ikev2_responder_build()
1232 return ikev2_build_sa_auth(data); in ikev2_responder_build()
1236 return ikev2_build_notify(data); in ikev2_responder_build()