Lines Matching refs:sm

24 static void eap_ttls_reset(struct eap_sm *sm, void *priv);
79 static void eap_ttls_valid_session(struct eap_sm *sm, in eap_ttls_valid_session() argument
84 if (!sm->cfg->tls_session_lifetime) in eap_ttls_valid_session()
87 buf = wpabuf_alloc(1 + 1 + sm->identity_len); in eap_ttls_valid_session()
91 if (sm->identity) { in eap_ttls_valid_session()
94 if (sm->identity_len <= 255) in eap_ttls_valid_session()
95 id_len = sm->identity_len; in eap_ttls_valid_session()
99 wpabuf_put_data(buf, sm->identity, id_len); in eap_ttls_valid_session()
331 static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, in eap_ttls_implicit_challenge() argument
334 return eap_server_tls_derive_key(sm, &data->ssl, "ttls challenge", in eap_ttls_implicit_challenge()
339 static void * eap_ttls_init(struct eap_sm *sm) in eap_ttls_init() argument
349 if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) { in eap_ttls_init()
351 eap_ttls_reset(sm, data); in eap_ttls_init()
359 static void eap_ttls_reset(struct eap_sm *sm, void *priv) in eap_ttls_reset() argument
365 data->phase2_method->reset(sm, data->phase2_priv); in eap_ttls_reset()
366 eap_server_tls_ssl_deinit(sm, &data->ssl); in eap_ttls_reset()
372 static struct wpabuf * eap_ttls_build_start(struct eap_sm *sm, in eap_ttls_build_start() argument
395 struct eap_sm *sm, struct eap_ttls_data *data, u8 id) in eap_ttls_build_phase2_eap_req() argument
400 buf = data->phase2_method->buildReq(sm, data->phase2_priv, id); in eap_ttls_build_phase2_eap_req()
417 encr_req = eap_server_tls_encrypt(sm, &data->ssl, buf); in eap_ttls_build_phase2_eap_req()
425 struct eap_sm *sm, struct eap_ttls_data *data) in eap_ttls_build_phase2_mschapv2() argument
459 encr_req = eap_server_tls_encrypt(sm, &data->ssl, &msgbuf); in eap_ttls_build_phase2_mschapv2()
466 static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id) in eap_ttls_buildReq() argument
482 return eap_ttls_build_start(sm, data, id); in eap_ttls_buildReq()
484 if (tls_connection_established(sm->cfg->ssl_ctx, in eap_ttls_buildReq()
494 data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data, in eap_ttls_buildReq()
500 data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data); in eap_ttls_buildReq()
513 static bool eap_ttls_check(struct eap_sm *sm, void *priv, in eap_ttls_check() argument
529 static void eap_ttls_process_phase2_pap(struct eap_sm *sm, in eap_ttls_process_phase2_pap() argument
534 if (!sm->user || !sm->user->password || sm->user->password_hash || in eap_ttls_process_phase2_pap()
535 !(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) { in eap_ttls_process_phase2_pap()
542 if (sm->user->password_len != user_password_len || in eap_ttls_process_phase2_pap()
543 os_memcmp_const(sm->user->password, user_password, in eap_ttls_process_phase2_pap()
552 eap_ttls_valid_session(sm, data); in eap_ttls_process_phase2_pap()
556 static void eap_ttls_process_phase2_chap(struct eap_sm *sm, in eap_ttls_process_phase2_chap() argument
576 if (!sm->user || !sm->user->password || sm->user->password_hash || in eap_ttls_process_phase2_chap()
577 !(sm->user->ttls_auth & EAP_TTLS_AUTH_CHAP)) { in eap_ttls_process_phase2_chap()
584 chal = eap_ttls_implicit_challenge(sm, data, in eap_ttls_process_phase2_chap()
604 chap_md5(password[0], sm->user->password, sm->user->password_len, in eap_ttls_process_phase2_chap()
611 eap_ttls_valid_session(sm, data); in eap_ttls_process_phase2_chap()
619 static void eap_ttls_process_phase2_mschap(struct eap_sm *sm, in eap_ttls_process_phase2_mschap() argument
637 if (!sm->user || !sm->user->password || in eap_ttls_process_phase2_mschap()
638 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAP)) { in eap_ttls_process_phase2_mschap()
645 chal = eap_ttls_implicit_challenge(sm, data, in eap_ttls_process_phase2_mschap()
655 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAP", in eap_ttls_process_phase2_mschap()
656 sm->identity, sm->identity_len, in eap_ttls_process_phase2_mschap()
670 if ((sm->user->password_hash && in eap_ttls_process_phase2_mschap()
671 challenge_response(challenge, sm->user->password, nt_response)) || in eap_ttls_process_phase2_mschap()
672 (!sm->user->password_hash && in eap_ttls_process_phase2_mschap()
673 nt_challenge_response(challenge, sm->user->password, in eap_ttls_process_phase2_mschap()
674 sm->user->password_len, nt_response))) { in eap_ttls_process_phase2_mschap()
682 eap_ttls_valid_session(sm, data); in eap_ttls_process_phase2_mschap()
694 static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, in eap_ttls_process_phase2_mschapv2() argument
715 if (!sm->user || !sm->user->password || in eap_ttls_process_phase2_mschapv2()
716 !(sm->user->ttls_auth & EAP_TTLS_AUTH_MSCHAPV2)) { in eap_ttls_process_phase2_mschapv2()
723 if (sm->identity == NULL) { in eap_ttls_process_phase2_mschapv2()
733 username = sm->identity; in eap_ttls_process_phase2_mschapv2()
734 username_len = sm->identity_len; in eap_ttls_process_phase2_mschapv2()
744 sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); in eap_ttls_process_phase2_mschapv2()
772 if (sm->user->password_hash) { in eap_ttls_process_phase2_mschapv2()
775 sm->user->password, in eap_ttls_process_phase2_mschapv2()
780 sm->user->password, in eap_ttls_process_phase2_mschapv2()
781 sm->user->password_len, in eap_ttls_process_phase2_mschapv2()
792 eap_server_mschap_rx_callback(sm, "TTLS-MSCHAPV2", in eap_ttls_process_phase2_mschapv2()
803 if (sm->user->password_hash) { in eap_ttls_process_phase2_mschapv2()
805 sm->user->password, in eap_ttls_process_phase2_mschapv2()
811 sm->user->password, sm->user->password_len, in eap_ttls_process_phase2_mschapv2()
830 static int eap_ttls_phase2_eap_init(struct eap_sm *sm, in eap_ttls_phase2_eap_init() argument
835 data->phase2_method->reset(sm, data->phase2_priv); in eap_ttls_phase2_eap_init()
843 sm->init_phase2 = 1; in eap_ttls_phase2_eap_init()
844 data->phase2_priv = data->phase2_method->init(sm); in eap_ttls_phase2_eap_init()
845 sm->init_phase2 = 0; in eap_ttls_phase2_eap_init()
850 static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm, in eap_ttls_process_phase2_eap_response() argument
876 eap_sm_process_nak(sm, pos + 1, left - 1); in eap_ttls_process_phase2_eap_response()
877 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && in eap_ttls_process_phase2_eap_response()
878 sm->user->methods[sm->user_eap_method_index].method != in eap_ttls_process_phase2_eap_response()
880 next_vendor = sm->user->methods[ in eap_ttls_process_phase2_eap_response()
881 sm->user_eap_method_index].vendor; in eap_ttls_process_phase2_eap_response()
882 next_type = sm->user->methods[ in eap_ttls_process_phase2_eap_response()
883 sm->user_eap_method_index++].method; in eap_ttls_process_phase2_eap_response()
886 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, in eap_ttls_process_phase2_eap_response()
902 if (m->check(sm, priv, &buf)) { in eap_ttls_process_phase2_eap_response()
908 m->process(sm, priv, &buf); in eap_ttls_process_phase2_eap_response()
910 if (sm->method_pending == METHOD_PENDING_WAIT) { in eap_ttls_process_phase2_eap_response()
917 if (!m->isDone(sm, priv)) in eap_ttls_process_phase2_eap_response()
920 if (!m->isSuccess(sm, priv)) { in eap_ttls_process_phase2_eap_response()
928 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_ttls_process_phase2_eap_response()
932 sm->identity, sm->identity_len); in eap_ttls_process_phase2_eap_response()
938 next_vendor = sm->user->methods[0].vendor; in eap_ttls_process_phase2_eap_response()
939 next_type = sm->user->methods[0].method; in eap_ttls_process_phase2_eap_response()
940 sm->user_eap_method_index = 1; in eap_ttls_process_phase2_eap_response()
943 if (eap_ttls_phase2_eap_init(sm, data, next_vendor, in eap_ttls_process_phase2_eap_response()
953 eap_ttls_valid_session(sm, data); in eap_ttls_process_phase2_eap_response()
965 static void eap_ttls_process_phase2_eap(struct eap_sm *sm, in eap_ttls_process_phase2_eap() argument
974 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, in eap_ttls_process_phase2_eap()
1002 eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr, in eap_ttls_process_phase2_eap()
1013 static void eap_ttls_process_phase2(struct eap_sm *sm, in eap_ttls_process_phase2() argument
1027 sm, data, wpabuf_head(data->pending_phase2_eap_resp), in eap_ttls_process_phase2()
1034 in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn, in eap_ttls_process_phase2()
1060 eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf); in eap_ttls_process_phase2()
1064 os_free(sm->identity); in eap_ttls_process_phase2()
1065 sm->identity = os_memdup(parse.user_name, parse.user_name_len); in eap_ttls_process_phase2()
1066 if (sm->identity == NULL) { in eap_ttls_process_phase2()
1070 sm->identity_len = parse.user_name_len; in eap_ttls_process_phase2()
1071 if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) in eap_ttls_process_phase2()
1090 eap_ttls_process_phase2_eap(sm, data, parse.eap, in eap_ttls_process_phase2()
1093 eap_ttls_process_phase2_pap(sm, data, parse.user_password, in eap_ttls_process_phase2()
1096 eap_ttls_process_phase2_chap(sm, data, in eap_ttls_process_phase2()
1102 eap_ttls_process_phase2_mschap(sm, data, in eap_ttls_process_phase2()
1108 eap_ttls_process_phase2_mschapv2(sm, data, in eap_ttls_process_phase2()
1121 static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) in eap_ttls_start_tnc() argument
1124 if (!sm->cfg->tnc || data->state != SUCCESS || data->tnc_started) in eap_ttls_start_tnc()
1128 if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_TNC)) { in eap_ttls_start_tnc()
1140 static int eap_ttls_process_version(struct eap_sm *sm, void *priv, in eap_ttls_process_version() argument
1155 static void eap_ttls_process_msg(struct eap_sm *sm, void *priv, in eap_ttls_process_msg() argument
1162 if (eap_server_tls_phase1(sm, &data->ssl) < 0) in eap_ttls_process_msg()
1167 eap_ttls_process_phase2(sm, data, data->ssl.tls_in); in eap_ttls_process_msg()
1168 eap_ttls_start_tnc(sm, data); in eap_ttls_process_msg()
1176 eap_ttls_valid_session(sm, data); in eap_ttls_process_msg()
1189 eap_ttls_start_tnc(sm, data); in eap_ttls_process_msg()
1199 static void eap_ttls_process(struct eap_sm *sm, void *priv, in eap_ttls_process() argument
1207 if (eap_server_tls_process(sm, &data->ssl, respData, data, in eap_ttls_process()
1214 if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) || in eap_ttls_process()
1215 !tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) in eap_ttls_process()
1239 os_free(sm->identity); in eap_ttls_process()
1240 sm->identity = os_malloc(id_len ? id_len : 1); in eap_ttls_process()
1241 if (!sm->identity) { in eap_ttls_process()
1242 sm->identity_len = 0; in eap_ttls_process()
1247 os_memcpy(sm->identity, pos, id_len); in eap_ttls_process()
1248 sm->identity_len = id_len; in eap_ttls_process()
1250 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { in eap_ttls_process()
1252 sm->identity, sm->identity_len); in eap_ttls_process()
1264 static bool eap_ttls_isDone(struct eap_sm *sm, void *priv) in eap_ttls_isDone() argument
1271 static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) in eap_ttls_getKey() argument
1291 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, in eap_ttls_getKey()
1306 static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv) in eap_ttls_isSuccess() argument
1313 static u8 * eap_ttls_get_session_id(struct eap_sm *sm, void *priv, size_t *len) in eap_ttls_get_session_id() argument
1320 return eap_server_tls_derive_session_id(sm, &data->ssl, EAP_TYPE_TTLS, in eap_ttls_get_session_id()
1325 static u8 * eap_ttls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) in eap_ttls_get_emsk() argument
1345 eapKeyData = eap_server_tls_derive_key(sm, &data->ssl, in eap_ttls_get_emsk()