Lines Matching refs:sm
22 static void eap_fast_reset(struct eap_sm *sm, void *priv);
71 static int eap_fast_process_phase2_start(struct eap_sm *sm,
111 static enum eap_type eap_fast_req_failure(struct eap_sm *sm, in eap_fast_req_failure() argument
272 static void eap_fast_derive_key_auth(struct eap_sm *sm, in eap_fast_derive_key_auth() argument
281 sks = eap_fast_derive_key(sm->cfg->ssl_ctx, data->ssl.conn, in eap_fast_derive_key_auth()
302 static void eap_fast_derive_key_provisioning(struct eap_sm *sm, in eap_fast_derive_key_provisioning() argument
307 eap_fast_derive_key(sm->cfg->ssl_ctx, data->ssl.conn, in eap_fast_derive_key_provisioning()
333 static int eap_fast_get_phase2_key(struct eap_sm *sm, in eap_fast_get_phase2_key() argument
351 if ((key = data->phase2_method->getKey(sm, data->phase2_priv, in eap_fast_get_phase2_key()
367 static int eap_fast_update_icmk(struct eap_sm *sm, struct eap_fast_data *data) in eap_fast_update_icmk() argument
382 if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0) in eap_fast_update_icmk()
400 static void * eap_fast_init(struct eap_sm *sm) in eap_fast_init() argument
418 if (sm->user && sm->user->force_version >= 0) { in eap_fast_init()
419 data->force_version = sm->user->force_version; in eap_fast_init()
426 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_FAST)) { in eap_fast_init()
428 eap_fast_reset(sm, data); in eap_fast_init()
432 if (tls_connection_set_cipher_list(sm->cfg->ssl_ctx, data->ssl.conn, in eap_fast_init()
436 eap_fast_reset(sm, data); in eap_fast_init()
440 if (tls_connection_set_session_ticket_cb(sm->cfg->ssl_ctx, in eap_fast_init()
446 eap_fast_reset(sm, data); in eap_fast_init()
450 if (sm->cfg->pac_opaque_encr_key == NULL) { in eap_fast_init()
453 eap_fast_reset(sm, data); in eap_fast_init()
456 os_memcpy(data->pac_opaque_encr, sm->cfg->pac_opaque_encr_key, in eap_fast_init()
459 if (sm->cfg->eap_fast_a_id == NULL) { in eap_fast_init()
461 eap_fast_reset(sm, data); in eap_fast_init()
464 data->srv_id = os_memdup(sm->cfg->eap_fast_a_id, in eap_fast_init()
465 sm->cfg->eap_fast_a_id_len); in eap_fast_init()
467 eap_fast_reset(sm, data); in eap_fast_init()
470 data->srv_id_len = sm->cfg->eap_fast_a_id_len; in eap_fast_init()
472 if (sm->cfg->eap_fast_a_id_info == NULL) { in eap_fast_init()
474 eap_fast_reset(sm, data); in eap_fast_init()
477 data->srv_id_info = os_strdup(sm->cfg->eap_fast_a_id_info); in eap_fast_init()
479 eap_fast_reset(sm, data); in eap_fast_init()
484 data->pac_key_lifetime = sm->cfg->pac_key_lifetime; in eap_fast_init()
491 data->pac_key_refresh_time = sm->cfg->pac_key_refresh_time; in eap_fast_init()
497 static void eap_fast_reset(struct eap_sm *sm, void *priv) in eap_fast_reset() argument
503 data->phase2_method->reset(sm, data->phase2_priv); in eap_fast_reset()
504 eap_server_tls_ssl_deinit(sm, &data->ssl); in eap_fast_reset()
514 static struct wpabuf * eap_fast_build_start(struct eap_sm *sm, in eap_fast_build_start() argument
540 static int eap_fast_phase1_done(struct eap_sm *sm, struct eap_fast_data *data) in eap_fast_phase1_done() argument
546 if (tls_get_cipher(sm->cfg->ssl_ctx, data->ssl.conn, in eap_fast_phase1_done()
557 eap_fast_derive_key_provisioning(sm, data); in eap_fast_phase1_done()
559 eap_fast_derive_key_auth(sm, data); in eap_fast_phase1_done()
567 static struct wpabuf * eap_fast_build_phase2_req(struct eap_sm *sm, in eap_fast_build_phase2_req() argument
578 req = data->phase2_method->buildReq(sm, data->phase2_priv, id); in eap_fast_build_phase2_req()
588 struct eap_sm *sm, struct eap_fast_data *data) in eap_fast_build_crypto_binding() argument
673 static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm, in eap_fast_build_pac() argument
693 (2 + sm->identity_len) + 8; in eap_fast_build_pac()
711 if (sm->identity) { in eap_fast_build_pac()
713 *pos++ = sm->identity_len; in eap_fast_build_pac()
714 os_memcpy(pos, sm->identity, sm->identity_len); in eap_fast_build_pac()
715 pos += sm->identity_len; in eap_fast_build_pac()
785 if (sm->identity) { in eap_fast_build_pac()
786 eap_fast_put_tlv(buf, PAC_TYPE_I_ID, sm->identity, in eap_fast_build_pac()
787 sm->identity_len); in eap_fast_build_pac()
807 static int eap_fast_encrypt_phase2(struct eap_sm *sm, in eap_fast_encrypt_phase2() argument
815 encr = eap_server_tls_encrypt(sm, &data->ssl, plain); in eap_fast_encrypt_phase2()
846 static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id) in eap_fast_buildReq() argument
864 return eap_fast_build_start(sm, data, id); in eap_fast_buildReq()
866 if (tls_connection_established(sm->cfg->ssl_ctx, in eap_fast_buildReq()
868 if (eap_fast_phase1_done(sm, data) < 0) in eap_fast_buildReq()
878 if (eap_fast_process_phase2_start(sm, data)) in eap_fast_buildReq()
880 req = eap_fast_build_phase2_req(sm, data, id); in eap_fast_buildReq()
887 req = eap_fast_build_phase2_req(sm, data, id); in eap_fast_buildReq()
890 req = eap_fast_build_crypto_binding(sm, data); in eap_fast_buildReq()
898 eap = eap_fast_build_phase2_req(sm, data, id); in eap_fast_buildReq()
904 req = eap_fast_build_pac(sm, data); in eap_fast_buildReq()
913 eap_fast_encrypt_phase2(sm, data, req, piggyback) < 0) in eap_fast_buildReq()
921 static bool eap_fast_check(struct eap_sm *sm, void *priv, in eap_fast_check() argument
937 static int eap_fast_phase2_init(struct eap_sm *sm, struct eap_fast_data *data, in eap_fast_phase2_init() argument
941 data->phase2_method->reset(sm, data->phase2_priv); in eap_fast_phase2_init()
950 sm->auth_challenge = data->key_block_p->server_challenge; in eap_fast_phase2_init()
951 sm->peer_challenge = data->key_block_p->client_challenge; in eap_fast_phase2_init()
953 sm->eap_fast_mschapv2 = true; in eap_fast_phase2_init()
954 sm->init_phase2 = 1; in eap_fast_phase2_init()
955 data->phase2_priv = data->phase2_method->init(sm); in eap_fast_phase2_init()
956 sm->init_phase2 = 0; in eap_fast_phase2_init()
957 sm->auth_challenge = NULL; in eap_fast_phase2_init()
958 sm->peer_challenge = NULL; in eap_fast_phase2_init()
964 static void eap_fast_process_phase2_response(struct eap_sm *sm, in eap_fast_process_phase2_response() argument
996 next_type = eap_fast_req_failure(sm, data); in eap_fast_process_phase2_response()
997 eap_fast_phase2_init(sm, data, next_vendor, next_type); in eap_fast_process_phase2_response()
1001 eap_sm_process_nak(sm, pos + 1, left - 1); in eap_fast_process_phase2_response()
1002 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && in eap_fast_process_phase2_response()
1003 sm->user->methods[sm->user_eap_method_index].method != in eap_fast_process_phase2_response()
1005 next_vendor = sm->user->methods[ in eap_fast_process_phase2_response()
1006 sm->user_eap_method_index].vendor; in eap_fast_process_phase2_response()
1007 next_type = sm->user->methods[ in eap_fast_process_phase2_response()
1008 sm->user_eap_method_index++].method; in eap_fast_process_phase2_response()
1013 next_type = eap_fast_req_failure(sm, data); in eap_fast_process_phase2_response()
1015 eap_fast_phase2_init(sm, data, next_vendor, next_type); in eap_fast_process_phase2_response()
1021 if (m->check(sm, priv, &buf)) { in eap_fast_process_phase2_response()
1024 eap_fast_req_failure(sm, data); in eap_fast_process_phase2_response()
1028 m->process(sm, priv, &buf); in eap_fast_process_phase2_response()
1030 if (!m->isDone(sm, priv)) in eap_fast_process_phase2_response()
1033 if (!m->isSuccess(sm, priv)) { in eap_fast_process_phase2_response()
1036 next_type = eap_fast_req_failure(sm, data); in eap_fast_process_phase2_response()
1037 eap_fast_phase2_init(sm, data, next_vendor, next_type); in eap_fast_process_phase2_response()
1043 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_fast_process_phase2_response()
1047 sm->identity, sm->identity_len); in eap_fast_process_phase2_response()
1049 next_type = eap_fast_req_failure(sm, data); in eap_fast_process_phase2_response()
1061 sm->user_eap_method_index = 0; in eap_fast_process_phase2_response()
1063 next_vendor = sm->user->methods[0].vendor; in eap_fast_process_phase2_response()
1064 next_type = sm->user->methods[0].method; in eap_fast_process_phase2_response()
1065 sm->user_eap_method_index = 1; in eap_fast_process_phase2_response()
1072 eap_fast_update_icmk(sm, data); in eap_fast_process_phase2_response()
1078 if (sm->cfg->tnc && !data->tnc_started) { in eap_fast_process_phase2_response()
1094 eap_fast_phase2_init(sm, data, next_vendor, next_type); in eap_fast_process_phase2_response()
1098 static void eap_fast_process_phase2_eap(struct eap_sm *sm, in eap_fast_process_phase2_eap() argument
1109 eap_fast_req_failure(sm, data); in eap_fast_process_phase2_eap()
1117 eap_fast_req_failure(sm, data); in eap_fast_process_phase2_eap()
1125 eap_fast_process_phase2_response(sm, data, (u8 *) hdr, len); in eap_fast_process_phase2_eap()
1255 static void eap_fast_process_phase2_tlvs(struct eap_sm *sm, in eap_fast_process_phase2_tlvs() argument
1342 sm->cfg->eap_fast_prov != ANON_PROV && in eap_fast_process_phase2_tlvs()
1343 sm->cfg->eap_fast_prov != BOTH_PROV) { in eap_fast_process_phase2_tlvs()
1351 if (sm->cfg->eap_fast_prov != AUTH_PROV && in eap_fast_process_phase2_tlvs()
1352 sm->cfg->eap_fast_prov != BOTH_PROV && in eap_fast_process_phase2_tlvs()
1379 eap_fast_process_phase2_eap(sm, data, tlv.eap_payload_tlv, in eap_fast_process_phase2_tlvs()
1385 static void eap_fast_process_phase2(struct eap_sm *sm, in eap_fast_process_phase2() argument
1397 eap_fast_process_phase2_tlvs(sm, data, in eap_fast_process_phase2()
1404 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, in eap_fast_process_phase2()
1416 eap_fast_process_phase2_tlvs(sm, data, in_decrypted); in eap_fast_process_phase2()
1418 if (sm->method_pending == METHOD_PENDING_WAIT) { in eap_fast_process_phase2()
1430 static int eap_fast_process_version(struct eap_sm *sm, void *priv, in eap_fast_process_version() argument
1455 static int eap_fast_process_phase1(struct eap_sm *sm, in eap_fast_process_phase1() argument
1458 if (eap_server_tls_phase1(sm, &data->ssl) < 0) { in eap_fast_process_phase1()
1464 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || in eap_fast_process_phase1()
1474 return eap_fast_phase1_done(sm, data); in eap_fast_process_phase1()
1478 static int eap_fast_process_phase2_start(struct eap_sm *sm, in eap_fast_process_phase2_start() argument
1485 os_free(sm->identity); in eap_fast_process_phase2_start()
1486 sm->identity = data->identity; in eap_fast_process_phase2_start()
1488 sm->identity_len = data->identity_len; in eap_fast_process_phase2_start()
1490 sm->require_identity_match = 1; in eap_fast_process_phase2_start()
1491 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_fast_process_phase2_start()
1495 sm->identity, sm->identity_len); in eap_fast_process_phase2_start()
1497 next_type = eap_fast_req_failure(sm, data); in eap_fast_process_phase2_start()
1501 next_vendor = sm->user->methods[0].vendor; in eap_fast_process_phase2_start()
1502 next_type = sm->user->methods[0].method; in eap_fast_process_phase2_start()
1503 sm->user_eap_method_index = 1; in eap_fast_process_phase2_start()
1513 return eap_fast_phase2_init(sm, data, next_vendor, next_type); in eap_fast_process_phase2_start()
1517 static void eap_fast_process_msg(struct eap_sm *sm, void *priv, in eap_fast_process_msg() argument
1524 if (eap_fast_process_phase1(sm, data)) in eap_fast_process_msg()
1529 eap_fast_process_phase2_start(sm, data); in eap_fast_process_msg()
1535 eap_fast_process_phase2(sm, data, data->ssl.tls_in); in eap_fast_process_msg()
1545 static void eap_fast_process(struct eap_sm *sm, void *priv, in eap_fast_process() argument
1549 if (eap_server_tls_process(sm, &data->ssl, respData, data, in eap_fast_process()
1556 static bool eap_fast_isDone(struct eap_sm *sm, void *priv) in eap_fast_isDone() argument
1563 static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len) in eap_fast_getKey() argument
1585 static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len) in eap_fast_get_emsk() argument
1607 static bool eap_fast_isSuccess(struct eap_sm *sm, void *priv) in eap_fast_isSuccess() argument
1614 static u8 * eap_fast_get_session_id(struct eap_sm *sm, void *priv, size_t *len) in eap_fast_get_session_id() argument
1621 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_FAST, in eap_fast_get_session_id()