Lines Matching refs:data
83 struct eap_teap_data *data);
84 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
123 static void eap_teap_state(struct eap_teap_data *data, int state) in eap_teap_state() argument
126 eap_teap_state_txt(data->state), in eap_teap_state()
128 data->state = state; in eap_teap_state()
132 static enum eap_type eap_teap_req_failure(struct eap_teap_data *data, in eap_teap_req_failure() argument
135 eap_teap_state(data, FAILURE_SEND_RESULT); in eap_teap_req_failure()
145 struct eap_teap_data *data = ctx; in eap_teap_session_ticket_cb() local
183 if (aes_unwrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr), in eap_teap_session_ticket_cb()
256 os_free(data->identity); in eap_teap_session_ticket_cb()
257 data->identity = os_malloc(identity_len); in eap_teap_session_ticket_cb()
258 if (data->identity) { in eap_teap_session_ticket_cb()
259 os_memcpy(data->identity, identity, identity_len); in eap_teap_session_ticket_cb()
260 data->identity_len = identity_len; in eap_teap_session_ticket_cb()
268 data->send_new_pac = 2; in eap_teap_session_ticket_cb()
277 } else if (lifetime - now.sec < data->pac_key_refresh_time) { in eap_teap_session_ticket_cb()
280 data->send_new_pac = 1; in eap_teap_session_ticket_cb()
293 struct eap_teap_data *data) in eap_teap_derive_key_auth() argument
298 res = tls_connection_export_key(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_derive_key_auth()
300 data->simck_msk, EAP_TEAP_SIMCK_LEN); in eap_teap_derive_key_auth()
305 data->simck_msk, EAP_TEAP_SIMCK_LEN); in eap_teap_derive_key_auth()
306 os_memcpy(data->simck_emsk, data->simck_msk, EAP_TEAP_SIMCK_LEN); in eap_teap_derive_key_auth()
307 data->simck_idx = 0; in eap_teap_derive_key_auth()
312 static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_update_icmk() argument
319 data->simck_idx + 1); in eap_teap_update_icmk()
322 return eap_teap_derive_cmk_basic_pw_auth(data->tls_cs, in eap_teap_update_icmk()
323 data->simck_msk, in eap_teap_update_icmk()
324 data->cmk_msk); in eap_teap_update_icmk()
326 if (!data->phase2_method || !data->phase2_priv) { in eap_teap_update_icmk()
331 if (data->phase2_method->getKey) { in eap_teap_update_icmk()
332 msk = data->phase2_method->getKey(sm, data->phase2_priv, in eap_teap_update_icmk()
341 if (data->phase2_method->get_emsk) { in eap_teap_update_icmk()
342 emsk = data->phase2_method->get_emsk(sm, data->phase2_priv, in eap_teap_update_icmk()
346 res = eap_teap_derive_imck(data->tls_cs, in eap_teap_update_icmk()
347 data->simck_msk, data->simck_emsk, in eap_teap_update_icmk()
349 data->simck_msk, data->cmk_msk, in eap_teap_update_icmk()
350 data->simck_emsk, data->cmk_emsk); in eap_teap_update_icmk()
354 data->simck_idx++; in eap_teap_update_icmk()
356 data->cmk_emsk_available = 1; in eap_teap_update_icmk()
364 struct eap_teap_data *data; in eap_teap_init() local
366 data = os_zalloc(sizeof(*data)); in eap_teap_init()
367 if (!data) in eap_teap_init()
369 data->teap_version = EAP_TEAP_VERSION; in eap_teap_init()
370 data->state = START; in eap_teap_init()
372 if (eap_server_tls_ssl_init(sm, &data->ssl, in eap_teap_init()
376 eap_teap_reset(sm, data); in eap_teap_init()
384 data->ssl.conn, in eap_teap_init()
386 data) < 0) { in eap_teap_init()
389 eap_teap_reset(sm, data); in eap_teap_init()
396 eap_teap_reset(sm, data); in eap_teap_init()
399 os_memcpy(data->pac_opaque_encr, sm->cfg->pac_opaque_encr_key, in eap_teap_init()
400 sizeof(data->pac_opaque_encr)); in eap_teap_init()
404 eap_teap_reset(sm, data); in eap_teap_init()
407 data->srv_id = os_malloc(sm->cfg->eap_fast_a_id_len); in eap_teap_init()
408 if (!data->srv_id) { in eap_teap_init()
409 eap_teap_reset(sm, data); in eap_teap_init()
412 os_memcpy(data->srv_id, sm->cfg->eap_fast_a_id, in eap_teap_init()
414 data->srv_id_len = sm->cfg->eap_fast_a_id_len; in eap_teap_init()
418 eap_teap_reset(sm, data); in eap_teap_init()
421 data->srv_id_info = os_strdup(sm->cfg->eap_fast_a_id_info); in eap_teap_init()
422 if (!data->srv_id_info) { in eap_teap_init()
423 eap_teap_reset(sm, data); in eap_teap_init()
428 data->pac_key_lifetime = sm->cfg->pac_key_lifetime; in eap_teap_init()
435 data->pac_key_refresh_time = sm->cfg->pac_key_refresh_time; in eap_teap_init()
437 return data; in eap_teap_init()
443 struct eap_teap_data *data = priv; in eap_teap_reset() local
445 if (!data) in eap_teap_reset()
447 if (data->phase2_priv && data->phase2_method) in eap_teap_reset()
448 data->phase2_method->reset(sm, data->phase2_priv); in eap_teap_reset()
449 eap_server_tls_ssl_deinit(sm, &data->ssl); in eap_teap_reset()
450 os_free(data->srv_id); in eap_teap_reset()
451 os_free(data->srv_id_info); in eap_teap_reset()
452 wpabuf_free(data->pending_phase2_resp); in eap_teap_reset()
453 wpabuf_free(data->server_outer_tlvs); in eap_teap_reset()
454 wpabuf_free(data->peer_outer_tlvs); in eap_teap_reset()
455 os_free(data->identity); in eap_teap_reset()
456 forced_memzero(data->simck_msk, EAP_TEAP_SIMCK_LEN); in eap_teap_reset()
457 forced_memzero(data->simck_emsk, EAP_TEAP_SIMCK_LEN); in eap_teap_reset()
458 forced_memzero(data->cmk_msk, EAP_TEAP_CMK_LEN); in eap_teap_reset()
459 forced_memzero(data->cmk_emsk, EAP_TEAP_CMK_LEN); in eap_teap_reset()
460 forced_memzero(data->pac_opaque_encr, sizeof(data->pac_opaque_encr)); in eap_teap_reset()
461 bin_clear_free(data, sizeof(*data)); in eap_teap_reset()
466 struct eap_teap_data *data, u8 id) in eap_teap_build_start() argument
469 size_t outer_tlv_len = sizeof(struct teap_tlv_hdr) + data->srv_id_len; in eap_teap_build_start()
477 eap_teap_state(data, FAILURE); in eap_teap_build_start()
482 data->teap_version); in eap_teap_build_start()
489 data->srv_id, data->srv_id_len); in eap_teap_build_start()
492 wpabuf_free(data->server_outer_tlvs); in eap_teap_build_start()
493 data->server_outer_tlvs = wpabuf_alloc_copy(start, end - start); in eap_teap_build_start()
494 if (!data->server_outer_tlvs) { in eap_teap_build_start()
495 eap_teap_state(data, FAILURE); in eap_teap_build_start()
499 eap_teap_state(data, PHASE1); in eap_teap_build_start()
505 static int eap_teap_phase1_done(struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_phase1_done() argument
511 if (!data->identity && sm->cfg->eap_teap_auth == 2) { in eap_teap_phase1_done()
514 subject = tls_connection_get_peer_subject(data->ssl.conn); in eap_teap_phase1_done()
519 data->identity = (u8 *) os_strdup(subject); in eap_teap_phase1_done()
520 data->identity_len = os_strlen(subject); in eap_teap_phase1_done()
524 data->tls_cs = tls_connection_get_cipher_suite(data->ssl.conn); in eap_teap_phase1_done()
526 data->tls_cs); in eap_teap_phase1_done()
528 if (tls_get_cipher(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_phase1_done()
532 eap_teap_state(data, FAILURE); in eap_teap_phase1_done()
535 data->anon_provisioning = os_strstr(cipher, "ADH") != NULL; in eap_teap_phase1_done()
537 if (data->anon_provisioning) in eap_teap_phase1_done()
540 if (eap_teap_derive_key_auth(sm, data) < 0) { in eap_teap_phase1_done()
541 eap_teap_state(data, FAILURE); in eap_teap_phase1_done()
545 eap_teap_state(data, PHASE2_START); in eap_teap_phase1_done()
552 struct eap_teap_data *data, in eap_teap_build_phase2_req() argument
558 (data->phase2_priv && data->phase2_method && in eap_teap_build_phase2_req()
559 data->phase2_method->vendor == EAP_VENDOR_IETF && in eap_teap_build_phase2_req()
560 data->phase2_method->method == EAP_TYPE_IDENTITY)) { in eap_teap_build_phase2_req()
566 data->cur_id_type = TEAP_IDENTITY_TYPE_USER; in eap_teap_build_phase2_req()
567 id_tlv = eap_teap_tlv_identity_type(data->cur_id_type); in eap_teap_build_phase2_req()
571 data->cur_id_type = TEAP_IDENTITY_TYPE_MACHINE; in eap_teap_build_phase2_req()
572 id_tlv = eap_teap_tlv_identity_type(data->cur_id_type); in eap_teap_build_phase2_req()
575 if (data->cur_id_type == TEAP_IDENTITY_TYPE_USER) in eap_teap_build_phase2_req()
576 data->cur_id_type = TEAP_IDENTITY_TYPE_MACHINE; in eap_teap_build_phase2_req()
578 data->cur_id_type = TEAP_IDENTITY_TYPE_USER; in eap_teap_build_phase2_req()
579 id_tlv = eap_teap_tlv_identity_type(data->cur_id_type); in eap_teap_build_phase2_req()
586 data->basic_auth_not_done = 1; in eap_teap_build_phase2_req()
597 data->inner_eap_not_done = 1; in eap_teap_build_phase2_req()
598 if (!data->phase2_priv) { in eap_teap_build_phase2_req()
605 req = data->phase2_method->buildReq(sm, data->phase2_priv, id); in eap_teap_build_phase2_req()
618 struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_build_crypto_binding() argument
629 if (data->send_new_pac || data->anon_provisioning || in eap_teap_build_crypto_binding()
630 data->basic_auth_not_done || data->inner_eap_not_done || in eap_teap_build_crypto_binding()
631 data->phase2_method || sm->cfg->eap_teap_separate_result) in eap_teap_build_crypto_binding()
632 data->final_result = 0; in eap_teap_build_crypto_binding()
634 data->final_result = 1; in eap_teap_build_crypto_binding()
636 if (!data->final_result || data->eap_seq > 0 || in eap_teap_build_crypto_binding()
648 if (data->final_result) { in eap_teap_build_crypto_binding()
665 cb->received_version = data->peer_version; in eap_teap_build_crypto_binding()
668 flags = data->cmk_emsk_available ? in eap_teap_build_crypto_binding()
684 os_memcpy(data->crypto_binding_nonce, cb->nonce, sizeof(cb->nonce)); in eap_teap_build_crypto_binding()
686 if (eap_teap_compound_mac(data->tls_cs, cb, data->server_outer_tlvs, in eap_teap_build_crypto_binding()
687 data->peer_outer_tlvs, data->cmk_msk, in eap_teap_build_crypto_binding()
693 if (data->cmk_emsk_available && in eap_teap_build_crypto_binding()
694 eap_teap_compound_mac(data->tls_cs, cb, data->server_outer_tlvs, in eap_teap_build_crypto_binding()
695 data->peer_outer_tlvs, data->cmk_emsk, in eap_teap_build_crypto_binding()
711 data->check_crypto_binding = true; in eap_teap_build_crypto_binding()
718 struct eap_teap_data *data) in eap_teap_build_pac() argument
744 srv_id_info_len = os_strlen(data->srv_id_info); in eap_teap_build_pac()
753 data->pac_key_lifetime); in eap_teap_build_pac()
756 WPA_PUT_BE32(pos, now.sec + data->pac_key_lifetime); in eap_teap_build_pac()
779 if (aes_wrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr), in eap_teap_build_pac()
793 data->srv_id_len + srv_id_info_len + 100 + sizeof(*result); in eap_teap_build_pac()
826 wpabuf_put_be32(buf, now.sec + data->pac_key_lifetime); in eap_teap_build_pac()
829 eap_teap_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len); in eap_teap_build_pac()
839 eap_teap_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id_info, in eap_teap_build_pac()
856 struct eap_teap_data *data, in eap_teap_encrypt_phase2() argument
863 encr = eap_server_tls_encrypt(sm, &data->ssl, plain); in eap_teap_encrypt_phase2()
869 if (data->ssl.tls_out && piggyback) { in eap_teap_encrypt_phase2()
873 (int) wpabuf_len(data->ssl.tls_out), in eap_teap_encrypt_phase2()
874 (int) data->ssl.tls_out_pos); in eap_teap_encrypt_phase2()
875 if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) { in eap_teap_encrypt_phase2()
881 wpabuf_put_buf(data->ssl.tls_out, encr); in eap_teap_encrypt_phase2()
884 wpabuf_free(data->ssl.tls_out); in eap_teap_encrypt_phase2()
885 data->ssl.tls_out_pos = 0; in eap_teap_encrypt_phase2()
886 data->ssl.tls_out = encr; in eap_teap_encrypt_phase2()
895 struct eap_teap_data *data = priv; in eap_teap_buildReq() local
900 if (data->ssl.state == FRAG_ACK) { in eap_teap_buildReq()
902 data->teap_version); in eap_teap_buildReq()
905 if (data->ssl.state == WAIT_FRAG_ACK) { in eap_teap_buildReq()
906 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TEAP, in eap_teap_buildReq()
907 data->teap_version, id); in eap_teap_buildReq()
910 switch (data->state) { in eap_teap_buildReq()
912 return eap_teap_build_start(sm, data, id); in eap_teap_buildReq()
915 data->ssl.conn)) { in eap_teap_buildReq()
916 if (eap_teap_phase1_done(sm, data) < 0) in eap_teap_buildReq()
918 if (data->state == PHASE2_START) { in eap_teap_buildReq()
928 res = eap_teap_process_phase2_start(sm, data); in eap_teap_buildReq()
931 sm, data); in eap_teap_buildReq()
938 req = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
946 req = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
949 req = eap_teap_build_crypto_binding(sm, data); in eap_teap_buildReq()
951 data->inner_eap_not_done && in eap_teap_buildReq()
952 !data->phase2_method && in eap_teap_buildReq()
956 eap_teap_state(data, PHASE2_ID); in eap_teap_buildReq()
957 if (eap_teap_phase2_init(sm, data, EAP_VENDOR_IETF, in eap_teap_buildReq()
959 eap_teap_state(data, FAILURE); in eap_teap_buildReq()
965 if (data->phase2_method) { in eap_teap_buildReq()
973 eap = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
976 eap_teap_state(data, PHASE2_METHOD); in eap_teap_buildReq()
980 req = eap_teap_build_pac(sm, data); in eap_teap_buildReq()
984 if (data->error_code) in eap_teap_buildReq()
986 req, eap_teap_tlv_error(data->error_code)); in eap_teap_buildReq()
990 data->final_result = 1; in eap_teap_buildReq()
994 __func__, data->state); in eap_teap_buildReq()
998 if (req && eap_teap_encrypt_phase2(sm, data, req, piggyback) < 0) in eap_teap_buildReq()
1001 return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_TEAP, in eap_teap_buildReq()
1002 data->teap_version, id); in eap_teap_buildReq()
1022 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data, in eap_teap_phase2_init() argument
1025 if (data->phase2_priv && data->phase2_method) { in eap_teap_phase2_init()
1026 data->phase2_method->reset(sm, data->phase2_priv); in eap_teap_phase2_init()
1027 data->phase2_method = NULL; in eap_teap_phase2_init()
1028 data->phase2_priv = NULL; in eap_teap_phase2_init()
1030 data->phase2_method = eap_server_get_eap_method(vendor, eap_type); in eap_teap_phase2_init()
1031 if (!data->phase2_method) in eap_teap_phase2_init()
1042 data->phase2_priv = data->phase2_method->init(sm); in eap_teap_phase2_init()
1045 return data->phase2_priv ? 0 : -1; in eap_teap_phase2_init()
1049 static int eap_teap_valid_id_type(struct eap_sm *sm, struct eap_teap_data *data, in eap_teap_valid_id_type() argument
1059 id_type != data->cur_id_type) in eap_teap_valid_id_type()
1070 struct eap_teap_data *data, in eap_teap_process_phase2_response() argument
1080 const struct eap_method *m = data->phase2_method; in eap_teap_process_phase2_response()
1081 void *priv = data->phase2_priv; in eap_teap_process_phase2_response()
1104 next_type = eap_teap_req_failure(data, 0); in eap_teap_process_phase2_response()
1105 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1121 next_type = eap_teap_req_failure(data, 0); in eap_teap_process_phase2_response()
1123 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1132 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_response()
1144 next_type = eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_response()
1145 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1149 switch (data->state) { in eap_teap_process_phase2_response()
1151 if (!eap_teap_valid_id_type(sm, data, id_type)) { in eap_teap_process_phase2_response()
1155 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_response()
1164 data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_response()
1168 eap_teap_state(data, PHASE2_METHOD); in eap_teap_process_phase2_response()
1169 if (data->anon_provisioning) { in eap_teap_process_phase2_response()
1186 eap_teap_update_icmk(sm, data); in eap_teap_process_phase2_response()
1187 if (data->state == PHASE2_METHOD && in eap_teap_process_phase2_response()
1190 data->cur_id_type == TEAP_IDENTITY_TYPE_MACHINE)) in eap_teap_process_phase2_response()
1191 data->inner_eap_not_done = 0; in eap_teap_process_phase2_response()
1192 eap_teap_state(data, CRYPTO_BINDING); in eap_teap_process_phase2_response()
1193 data->eap_seq++; in eap_teap_process_phase2_response()
1197 if (sm->cfg->tnc && !data->tnc_started) { in eap_teap_process_phase2_response()
1201 data->tnc_started = 1; in eap_teap_process_phase2_response()
1209 __func__, data->state); in eap_teap_process_phase2_response()
1213 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1218 struct eap_teap_data *data, in eap_teap_process_phase2_eap() argument
1230 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_eap()
1238 eap_teap_req_failure(data, TEAP_ERROR_INNER_METHOD); in eap_teap_process_phase2_eap()
1247 eap_teap_process_phase2_response(sm, data, (u8 *) hdr, len, in eap_teap_process_phase2_eap()
1260 struct eap_teap_data *data, in eap_teap_process_basic_auth_resp() argument
1267 if (!eap_teap_valid_id_type(sm, data, id_type)) { in eap_teap_process_basic_auth_resp()
1271 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1281 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1288 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1300 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1307 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1320 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1327 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1334 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1341 eap_teap_req_failure(data, 0); in eap_teap_process_basic_auth_resp()
1353 data->cur_id_type == TEAP_IDENTITY_TYPE_MACHINE) in eap_teap_process_basic_auth_resp()
1354 data->basic_auth_not_done = 0; in eap_teap_process_basic_auth_resp()
1355 eap_teap_state(data, CRYPTO_BINDING); in eap_teap_process_basic_auth_resp()
1356 eap_teap_update_icmk(sm, data); in eap_teap_process_basic_auth_resp()
1360 static int eap_teap_parse_tlvs(struct wpabuf *data, in eap_teap_parse_tlvs() argument
1370 pos = wpabuf_mhead(data); in eap_teap_parse_tlvs()
1371 end = pos + wpabuf_len(data); in eap_teap_parse_tlvs()
1413 struct eap_teap_data *data, const struct teap_tlv_crypto_binding *cb, in eap_teap_validate_crypto_binding() argument
1432 cb->received_version != data->peer_version) { in eap_teap_validate_crypto_binding()
1453 if (os_memcmp_const(data->crypto_binding_nonce, cb->nonce, in eap_teap_validate_crypto_binding()
1455 (data->crypto_binding_nonce[EAP_TEAP_NONCE_LEN - 1] | 1) != in eap_teap_validate_crypto_binding()
1466 if (eap_teap_compound_mac(data->tls_cs, cb, in eap_teap_validate_crypto_binding()
1467 data->server_outer_tlvs, in eap_teap_validate_crypto_binding()
1468 data->peer_outer_tlvs, data->cmk_msk, in eap_teap_validate_crypto_binding()
1485 data->cmk_emsk_available) { in eap_teap_validate_crypto_binding()
1488 if (eap_teap_compound_mac(data->tls_cs, cb, in eap_teap_validate_crypto_binding()
1489 data->server_outer_tlvs, in eap_teap_validate_crypto_binding()
1490 data->peer_outer_tlvs, data->cmk_emsk, in eap_teap_validate_crypto_binding()
1506 !data->cmk_emsk_available) { in eap_teap_validate_crypto_binding()
1532 struct eap_teap_data *data, in eap_teap_process_phase2_tlvs() argument
1536 bool check_crypto_binding = data->state == CRYPTO_BINDING || in eap_teap_process_phase2_tlvs()
1537 data->check_crypto_binding; in eap_teap_process_phase2_tlvs()
1547 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1555 eap_teap_state(data, FAILURE_SEND_RESULT); in eap_teap_process_phase2_tlvs()
1559 if (data->state == REQUEST_PAC) { in eap_teap_process_phase2_tlvs()
1565 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1577 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1583 eap_teap_state(data, SUCCESS); in eap_teap_process_phase2_tlvs()
1591 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1595 if (data->final_result && in eap_teap_process_phase2_tlvs()
1599 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1604 !data->skipped_inner_auth && in eap_teap_process_phase2_tlvs()
1608 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1612 if (eap_teap_validate_crypto_binding(data, tlv.crypto_binding, in eap_teap_process_phase2_tlvs()
1614 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1620 data->check_crypto_binding = false; in eap_teap_process_phase2_tlvs()
1621 if (data->final_result) { in eap_teap_process_phase2_tlvs()
1626 if (data->anon_provisioning && in eap_teap_process_phase2_tlvs()
1631 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1642 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1646 if (data->anon_provisioning || in eap_teap_process_phase2_tlvs()
1652 eap_teap_state(data, REQUEST_PAC); in eap_teap_process_phase2_tlvs()
1653 } else if (data->send_new_pac) { in eap_teap_process_phase2_tlvs()
1656 eap_teap_state(data, REQUEST_PAC); in eap_teap_process_phase2_tlvs()
1657 } else if (data->final_result) { in eap_teap_process_phase2_tlvs()
1658 eap_teap_state(data, SUCCESS); in eap_teap_process_phase2_tlvs()
1660 eap_teap_state(data, SUCCESS_SEND_RESULT); in eap_teap_process_phase2_tlvs()
1668 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1671 eap_teap_process_basic_auth_resp(sm, data, tlv.basic_auth_resp, in eap_teap_process_phase2_tlvs()
1680 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1683 eap_teap_process_phase2_eap(sm, data, tlv.eap_payload_tlv, in eap_teap_process_phase2_tlvs()
1688 if (data->state == SUCCESS_SEND_RESULT && in eap_teap_process_phase2_tlvs()
1692 eap_teap_state(data, SUCCESS); in eap_teap_process_phase2_tlvs()
1693 } else if (check_crypto_binding && data->state == CRYPTO_BINDING && in eap_teap_process_phase2_tlvs()
1694 sm->cfg->eap_teap_auth == 1 && data->basic_auth_not_done) { in eap_teap_process_phase2_tlvs()
1697 eap_teap_state(data, PHASE2_BASIC_AUTH); in eap_teap_process_phase2_tlvs()
1698 } else if (check_crypto_binding && data->state == CRYPTO_BINDING && in eap_teap_process_phase2_tlvs()
1699 sm->cfg->eap_teap_auth == 0 && data->inner_eap_not_done && in eap_teap_process_phase2_tlvs()
1703 eap_teap_state(data, PHASE2_ID); in eap_teap_process_phase2_tlvs()
1704 if (eap_teap_phase2_init(sm, data, EAP_VENDOR_IETF, in eap_teap_process_phase2_tlvs()
1706 eap_teap_state(data, FAILURE); in eap_teap_process_phase2_tlvs()
1712 struct eap_teap_data *data, in eap_teap_process_phase2() argument
1721 if (data->pending_phase2_resp) { in eap_teap_process_phase2()
1724 eap_teap_process_phase2_tlvs(sm, data, in eap_teap_process_phase2()
1725 data->pending_phase2_resp); in eap_teap_process_phase2()
1726 wpabuf_free(data->pending_phase2_resp); in eap_teap_process_phase2()
1727 data->pending_phase2_resp = NULL; in eap_teap_process_phase2()
1731 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_process_phase2()
1736 eap_teap_state(data, FAILURE); in eap_teap_process_phase2()
1743 eap_teap_process_phase2_tlvs(sm, data, in_decrypted); in eap_teap_process_phase2()
1748 wpabuf_free(data->pending_phase2_resp); in eap_teap_process_phase2()
1749 data->pending_phase2_resp = in_decrypted; in eap_teap_process_phase2()
1760 struct eap_teap_data *data = priv; in eap_teap_process_version() local
1770 if (peer_version < data->teap_version) { in eap_teap_process_version()
1773 peer_version, data->teap_version, peer_version); in eap_teap_process_version()
1774 data->teap_version = peer_version; in eap_teap_process_version()
1777 data->peer_version = peer_version; in eap_teap_process_version()
1784 struct eap_teap_data *data) in eap_teap_process_phase1() argument
1786 if (eap_server_tls_phase1(sm, &data->ssl) < 0) { in eap_teap_process_phase1()
1788 eap_teap_state(data, FAILURE); in eap_teap_process_phase1()
1792 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || in eap_teap_process_phase1()
1793 wpabuf_len(data->ssl.tls_out) > 0) in eap_teap_process_phase1()
1802 return eap_teap_phase1_done(sm, data); in eap_teap_process_phase1()
1807 struct eap_teap_data *data) in eap_teap_process_phase2_start() argument
1812 if (data->identity) { in eap_teap_process_phase2_start()
1815 sm->identity = data->identity; in eap_teap_process_phase2_start()
1816 data->identity = NULL; in eap_teap_process_phase2_start()
1817 sm->identity_len = data->identity_len; in eap_teap_process_phase2_start()
1818 data->identity_len = 0; in eap_teap_process_phase2_start()
1825 eap_teap_state(data, PHASE2_METHOD); in eap_teap_process_phase2_start()
1830 data->skipped_inner_auth = 1; in eap_teap_process_phase2_start()
1834 eap_teap_derive_cmk_basic_pw_auth(data->tls_cs, in eap_teap_process_phase2_start()
1835 data->simck_msk, in eap_teap_process_phase2_start()
1836 data->cmk_msk); in eap_teap_process_phase2_start()
1837 eap_teap_state(data, CRYPTO_BINDING); in eap_teap_process_phase2_start()
1840 eap_teap_state(data, PHASE2_BASIC_AUTH); in eap_teap_process_phase2_start()
1848 eap_teap_state(data, PHASE2_METHOD); in eap_teap_process_phase2_start()
1852 eap_teap_state(data, PHASE2_BASIC_AUTH); in eap_teap_process_phase2_start()
1855 eap_teap_state(data, PHASE2_ID); in eap_teap_process_phase2_start()
1860 return eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_start()
1867 struct eap_teap_data *data = priv; in eap_teap_process_msg() local
1869 switch (data->state) { in eap_teap_process_msg()
1872 if (eap_teap_process_phase1(sm, data)) in eap_teap_process_msg()
1877 eap_teap_process_phase2_start(sm, data); in eap_teap_process_msg()
1885 eap_teap_process_phase2(sm, data, data->ssl.tls_in); in eap_teap_process_msg()
1892 eap_teap_state(data, FAILURE); in eap_teap_process_msg()
1896 data->state, __func__); in eap_teap_process_msg()
1905 struct eap_teap_data *data = priv; in eap_teap_process() local
1924 if (data->state != PHASE1) { in eap_teap_process()
1994 wpabuf_free(data->peer_outer_tlvs); in eap_teap_process()
1995 data->peer_outer_tlvs = wpabuf_alloc_copy(pos, outer_tlv_len); in eap_teap_process()
1996 if (!data->peer_outer_tlvs) in eap_teap_process()
1999 data->peer_outer_tlvs); in eap_teap_process()
2013 if (data->state == PHASE1) in eap_teap_process()
2014 eap_teap_state(data, PHASE1B); in eap_teap_process()
2016 if (eap_server_tls_process(sm, &data->ssl, resp, data, in eap_teap_process()
2019 eap_teap_state(data, FAILURE); in eap_teap_process()
2028 struct eap_teap_data *data = priv; in eap_teap_isDone() local
2030 return data->state == SUCCESS || data->state == FAILURE; in eap_teap_isDone()
2036 struct eap_teap_data *data = priv; in eap_teap_getKey() local
2039 if (data->state != SUCCESS) in eap_teap_getKey()
2048 if (eap_teap_derive_eap_msk(data->tls_cs, data->simck_msk, in eap_teap_getKey()
2061 struct eap_teap_data *data = priv; in eap_teap_get_emsk() local
2064 if (data->state != SUCCESS) in eap_teap_get_emsk()
2073 if (eap_teap_derive_eap_emsk(data->tls_cs, data->simck_msk, in eap_teap_get_emsk()
2086 struct eap_teap_data *data = priv; in eap_teap_isSuccess() local
2088 return data->state == SUCCESS; in eap_teap_isSuccess()
2094 struct eap_teap_data *data = priv; in eap_teap_get_session_id() local
2099 if (data->state != SUCCESS) in eap_teap_get_session_id()
2107 res = tls_get_tls_unique(data->ssl.conn, id + 1, max_id_len - 1); in eap_teap_get_session_id()