Lines Matching refs:sm
20 static void eap_teap_reset(struct eap_sm *sm, void *priv);
82 static int eap_teap_process_phase2_start(struct eap_sm *sm,
84 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data,
292 static int eap_teap_derive_key_auth(struct eap_sm *sm, in eap_teap_derive_key_auth() argument
298 res = tls_connection_export_key(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_derive_key_auth()
312 static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_update_icmk() argument
321 if (sm->cfg->eap_teap_auth == 1) in eap_teap_update_icmk()
332 msk = data->phase2_method->getKey(sm, data->phase2_priv, in eap_teap_update_icmk()
342 emsk = data->phase2_method->get_emsk(sm, data->phase2_priv, in eap_teap_update_icmk()
362 static void * eap_teap_init(struct eap_sm *sm) in eap_teap_init() argument
372 if (eap_server_tls_ssl_init(sm, &data->ssl, in eap_teap_init()
373 sm->cfg->eap_teap_auth == 2 ? 2 : 0, in eap_teap_init()
376 eap_teap_reset(sm, data); in eap_teap_init()
383 if (tls_connection_set_session_ticket_cb(sm->cfg->ssl_ctx, in eap_teap_init()
389 eap_teap_reset(sm, data); in eap_teap_init()
393 if (!sm->cfg->pac_opaque_encr_key) { in eap_teap_init()
396 eap_teap_reset(sm, data); in eap_teap_init()
399 os_memcpy(data->pac_opaque_encr, sm->cfg->pac_opaque_encr_key, in eap_teap_init()
402 if (!sm->cfg->eap_fast_a_id) { in eap_teap_init()
404 eap_teap_reset(sm, data); in eap_teap_init()
407 data->srv_id = os_malloc(sm->cfg->eap_fast_a_id_len); in eap_teap_init()
409 eap_teap_reset(sm, data); in eap_teap_init()
412 os_memcpy(data->srv_id, sm->cfg->eap_fast_a_id, in eap_teap_init()
413 sm->cfg->eap_fast_a_id_len); in eap_teap_init()
414 data->srv_id_len = sm->cfg->eap_fast_a_id_len; in eap_teap_init()
416 if (!sm->cfg->eap_fast_a_id_info) { in eap_teap_init()
418 eap_teap_reset(sm, data); in eap_teap_init()
421 data->srv_id_info = os_strdup(sm->cfg->eap_fast_a_id_info); in eap_teap_init()
423 eap_teap_reset(sm, data); in eap_teap_init()
428 data->pac_key_lifetime = sm->cfg->pac_key_lifetime; in eap_teap_init()
435 data->pac_key_refresh_time = sm->cfg->pac_key_refresh_time; in eap_teap_init()
441 static void eap_teap_reset(struct eap_sm *sm, void *priv) in eap_teap_reset() argument
448 data->phase2_method->reset(sm, data->phase2_priv); in eap_teap_reset()
449 eap_server_tls_ssl_deinit(sm, &data->ssl); in eap_teap_reset()
465 static struct wpabuf * eap_teap_build_start(struct eap_sm *sm, in eap_teap_build_start() argument
505 static int eap_teap_phase1_done(struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_phase1_done() argument
511 if (!data->identity && sm->cfg->eap_teap_auth == 2) { in eap_teap_phase1_done()
528 if (tls_get_cipher(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_phase1_done()
540 if (eap_teap_derive_key_auth(sm, data) < 0) { in eap_teap_phase1_done()
551 static struct wpabuf * eap_teap_build_phase2_req(struct eap_sm *sm, in eap_teap_build_phase2_req() argument
557 if (sm->cfg->eap_teap_auth == 1 || in eap_teap_build_phase2_req()
561 switch (sm->cfg->eap_teap_id) { in eap_teap_build_phase2_req()
584 if (sm->cfg->eap_teap_auth == 1) { in eap_teap_build_phase2_req()
605 req = data->phase2_method->buildReq(sm, data->phase2_priv, id); in eap_teap_build_phase2_req()
618 struct eap_sm *sm, struct eap_teap_data *data) in eap_teap_build_crypto_binding() argument
631 data->phase2_method || sm->cfg->eap_teap_separate_result) in eap_teap_build_crypto_binding()
637 sm->cfg->eap_teap_auth == 1) { in eap_teap_build_crypto_binding()
717 static struct wpabuf * eap_teap_build_pac(struct eap_sm *sm, in eap_teap_build_pac() argument
739 (2 + sm->identity_len) + 8; in eap_teap_build_pac()
759 if (sm->identity) { in eap_teap_build_pac()
761 sm->identity, sm->identity_len); in eap_teap_build_pac()
763 *pos++ = sm->identity_len; in eap_teap_build_pac()
764 os_memcpy(pos, sm->identity, sm->identity_len); in eap_teap_build_pac()
765 pos += sm->identity_len; in eap_teap_build_pac()
833 if (sm->identity) { in eap_teap_build_pac()
834 eap_teap_put_tlv(buf, PAC_TYPE_I_ID, sm->identity, in eap_teap_build_pac()
835 sm->identity_len); in eap_teap_build_pac()
855 static int eap_teap_encrypt_phase2(struct eap_sm *sm, in eap_teap_encrypt_phase2() argument
863 encr = eap_server_tls_encrypt(sm, &data->ssl, plain); in eap_teap_encrypt_phase2()
893 static struct wpabuf * eap_teap_buildReq(struct eap_sm *sm, void *priv, u8 id) in eap_teap_buildReq() argument
912 return eap_teap_build_start(sm, data, id); in eap_teap_buildReq()
914 if (tls_connection_established(sm->cfg->ssl_ctx, in eap_teap_buildReq()
916 if (eap_teap_phase1_done(sm, data) < 0) in eap_teap_buildReq()
928 res = eap_teap_process_phase2_start(sm, data); in eap_teap_buildReq()
931 sm, data); in eap_teap_buildReq()
938 req = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
946 req = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
949 req = eap_teap_build_crypto_binding(sm, data); in eap_teap_buildReq()
950 if (req && sm->cfg->eap_teap_auth == 0 && in eap_teap_buildReq()
953 sm->cfg->eap_teap_method_sequence == 0) { in eap_teap_buildReq()
957 if (eap_teap_phase2_init(sm, data, EAP_VENDOR_IETF, in eap_teap_buildReq()
973 eap = eap_teap_build_phase2_req(sm, data, id); in eap_teap_buildReq()
980 req = eap_teap_build_pac(sm, data); in eap_teap_buildReq()
998 if (req && eap_teap_encrypt_phase2(sm, data, req, piggyback) < 0) in eap_teap_buildReq()
1006 static bool eap_teap_check(struct eap_sm *sm, void *priv, in eap_teap_check() argument
1022 static int eap_teap_phase2_init(struct eap_sm *sm, struct eap_teap_data *data, in eap_teap_phase2_init() argument
1026 data->phase2_method->reset(sm, data->phase2_priv); in eap_teap_phase2_init()
1039 sm->eap_fast_mschapv2 = true; in eap_teap_phase2_init()
1041 sm->init_phase2 = 1; in eap_teap_phase2_init()
1042 data->phase2_priv = data->phase2_method->init(sm); in eap_teap_phase2_init()
1043 sm->init_phase2 = 0; in eap_teap_phase2_init()
1049 static int eap_teap_valid_id_type(struct eap_sm *sm, struct eap_teap_data *data, in eap_teap_valid_id_type() argument
1052 if (sm->cfg->eap_teap_id == EAP_TEAP_ID_REQUIRE_USER && in eap_teap_valid_id_type()
1055 if (sm->cfg->eap_teap_id == EAP_TEAP_ID_REQUIRE_MACHINE && in eap_teap_valid_id_type()
1058 if (sm->cfg->eap_teap_id == EAP_TEAP_ID_REQUIRE_USER_AND_MACHINE && in eap_teap_valid_id_type()
1061 if (sm->cfg->eap_teap_id != EAP_TEAP_ID_ALLOW_ANY && in eap_teap_valid_id_type()
1069 static void eap_teap_process_phase2_response(struct eap_sm *sm, in eap_teap_process_phase2_response() argument
1105 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1109 eap_sm_process_nak(sm, pos + 1, left - 1); in eap_teap_process_phase2_response()
1110 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && in eap_teap_process_phase2_response()
1111 sm->user->methods[sm->user_eap_method_index].method != in eap_teap_process_phase2_response()
1113 next_vendor = sm->user->methods[ in eap_teap_process_phase2_response()
1114 sm->user_eap_method_index].vendor; in eap_teap_process_phase2_response()
1115 next_type = sm->user->methods[ in eap_teap_process_phase2_response()
1116 sm->user_eap_method_index++].method; in eap_teap_process_phase2_response()
1123 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1129 if (m->check(sm, priv, &buf)) { in eap_teap_process_phase2_response()
1136 m->process(sm, priv, &buf); in eap_teap_process_phase2_response()
1138 if (!m->isDone(sm, priv)) in eap_teap_process_phase2_response()
1141 if (!m->isSuccess(sm, priv)) { in eap_teap_process_phase2_response()
1145 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1151 if (!eap_teap_valid_id_type(sm, data, id_type)) { in eap_teap_process_phase2_response()
1158 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_teap_process_phase2_response()
1161 sm->identity, sm->identity_len); in eap_teap_process_phase2_response()
1175 sm->user_eap_method_index = 0; in eap_teap_process_phase2_response()
1177 next_vendor = sm->user->methods[0].vendor; in eap_teap_process_phase2_response()
1178 next_type = sm->user->methods[0].method; in eap_teap_process_phase2_response()
1179 sm->user_eap_method_index = 1; in eap_teap_process_phase2_response()
1186 eap_teap_update_icmk(sm, data); in eap_teap_process_phase2_response()
1188 (sm->cfg->eap_teap_id != in eap_teap_process_phase2_response()
1197 if (sm->cfg->tnc && !data->tnc_started) { in eap_teap_process_phase2_response()
1213 eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_response()
1217 static void eap_teap_process_phase2_eap(struct eap_sm *sm, in eap_teap_process_phase2_eap() argument
1247 eap_teap_process_phase2_response(sm, data, (u8 *) hdr, len, in eap_teap_process_phase2_eap()
1259 static void eap_teap_process_basic_auth_resp(struct eap_sm *sm, in eap_teap_process_basic_auth_resp() argument
1267 if (!eap_teap_valid_id_type(sm, data, id_type)) { in eap_teap_process_basic_auth_resp()
1324 if (eap_user_get(sm, username, userlen, 1) != 0) { in eap_teap_process_basic_auth_resp()
1331 if (!sm->user || !sm->user->password || sm->user->password_hash) { in eap_teap_process_basic_auth_resp()
1338 if (sm->user->password_len != passlen || in eap_teap_process_basic_auth_resp()
1339 os_memcmp_const(sm->user->password, password, passlen) != 0) { in eap_teap_process_basic_auth_resp()
1348 os_free(sm->identity); in eap_teap_process_basic_auth_resp()
1349 sm->identity = new_id; in eap_teap_process_basic_auth_resp()
1350 sm->identity_len = userlen; in eap_teap_process_basic_auth_resp()
1352 if (sm->cfg->eap_teap_id != EAP_TEAP_ID_REQUIRE_USER_AND_MACHINE || in eap_teap_process_basic_auth_resp()
1356 eap_teap_update_icmk(sm, data); in eap_teap_process_basic_auth_resp()
1531 static void eap_teap_process_phase2_tlvs(struct eap_sm *sm, in eap_teap_process_phase2_tlvs() argument
1603 if (sm->cfg->eap_teap_auth != 1 && in eap_teap_process_phase2_tlvs()
1627 sm->cfg->eap_fast_prov != ANON_PROV && in eap_teap_process_phase2_tlvs()
1628 sm->cfg->eap_fast_prov != BOTH_PROV) { in eap_teap_process_phase2_tlvs()
1635 if (sm->cfg->eap_fast_prov != AUTH_PROV && in eap_teap_process_phase2_tlvs()
1636 sm->cfg->eap_fast_prov != BOTH_PROV && in eap_teap_process_phase2_tlvs()
1659 } else if (sm->cfg->eap_teap_separate_result) { in eap_teap_process_phase2_tlvs()
1665 if (sm->cfg->eap_teap_auth != 1) { in eap_teap_process_phase2_tlvs()
1671 eap_teap_process_basic_auth_resp(sm, data, tlv.basic_auth_resp, in eap_teap_process_phase2_tlvs()
1677 if (sm->cfg->eap_teap_auth == 1) { in eap_teap_process_phase2_tlvs()
1683 eap_teap_process_phase2_eap(sm, data, tlv.eap_payload_tlv, in eap_teap_process_phase2_tlvs()
1694 sm->cfg->eap_teap_auth == 1 && data->basic_auth_not_done) { in eap_teap_process_phase2_tlvs()
1699 sm->cfg->eap_teap_auth == 0 && data->inner_eap_not_done && in eap_teap_process_phase2_tlvs()
1700 sm->cfg->eap_teap_method_sequence == 1) { in eap_teap_process_phase2_tlvs()
1704 if (eap_teap_phase2_init(sm, data, EAP_VENDOR_IETF, in eap_teap_process_phase2_tlvs()
1711 static void eap_teap_process_phase2(struct eap_sm *sm, in eap_teap_process_phase2() argument
1724 eap_teap_process_phase2_tlvs(sm, data, in eap_teap_process_phase2()
1731 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, in eap_teap_process_phase2()
1743 eap_teap_process_phase2_tlvs(sm, data, in_decrypted); in eap_teap_process_phase2()
1745 if (sm->method_pending == METHOD_PENDING_WAIT) { in eap_teap_process_phase2()
1757 static int eap_teap_process_version(struct eap_sm *sm, void *priv, in eap_teap_process_version() argument
1783 static int eap_teap_process_phase1(struct eap_sm *sm, in eap_teap_process_phase1() argument
1786 if (eap_server_tls_phase1(sm, &data->ssl) < 0) { in eap_teap_process_phase1()
1792 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || in eap_teap_process_phase1()
1802 return eap_teap_phase1_done(sm, data); in eap_teap_process_phase1()
1806 static int eap_teap_process_phase2_start(struct eap_sm *sm, in eap_teap_process_phase2_start() argument
1814 os_free(sm->identity); in eap_teap_process_phase2_start()
1815 sm->identity = data->identity; in eap_teap_process_phase2_start()
1817 sm->identity_len = data->identity_len; in eap_teap_process_phase2_start()
1819 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_teap_process_phase2_start()
1822 sm->identity, sm->identity_len); in eap_teap_process_phase2_start()
1826 } else if (sm->cfg->eap_teap_pac_no_inner || in eap_teap_process_phase2_start()
1827 sm->cfg->eap_teap_auth == 2) { in eap_teap_process_phase2_start()
1839 } else if (sm->cfg->eap_teap_auth == 1) { in eap_teap_process_phase2_start()
1845 next_vendor = sm->user->methods[0].vendor; in eap_teap_process_phase2_start()
1846 next_type = sm->user->methods[0].method; in eap_teap_process_phase2_start()
1847 sm->user_eap_method_index = 1; in eap_teap_process_phase2_start()
1851 } else if (sm->cfg->eap_teap_auth == 1) { in eap_teap_process_phase2_start()
1860 return eap_teap_phase2_init(sm, data, next_vendor, next_type); in eap_teap_process_phase2_start()
1864 static void eap_teap_process_msg(struct eap_sm *sm, void *priv, in eap_teap_process_msg() argument
1872 if (eap_teap_process_phase1(sm, data)) in eap_teap_process_msg()
1877 eap_teap_process_phase2_start(sm, data); in eap_teap_process_msg()
1885 eap_teap_process_phase2(sm, data, data->ssl.tls_in); in eap_teap_process_msg()
1902 static void eap_teap_process(struct eap_sm *sm, void *priv, in eap_teap_process() argument
2016 if (eap_server_tls_process(sm, &data->ssl, resp, data, in eap_teap_process()
2026 static bool eap_teap_isDone(struct eap_sm *sm, void *priv) in eap_teap_isDone() argument
2034 static u8 * eap_teap_getKey(struct eap_sm *sm, void *priv, size_t *len) in eap_teap_getKey() argument
2059 static u8 * eap_teap_get_emsk(struct eap_sm *sm, void *priv, size_t *len) in eap_teap_get_emsk() argument
2084 static bool eap_teap_isSuccess(struct eap_sm *sm, void *priv) in eap_teap_isSuccess() argument
2092 static u8 * eap_teap_get_session_id(struct eap_sm *sm, void *priv, size_t *len) in eap_teap_get_session_id() argument