Lines Matching refs:data
17 static int ikev2_process_idr(struct ikev2_initiator_data *data,
21 void ikev2_initiator_deinit(struct ikev2_initiator_data *data) in ikev2_initiator_deinit() argument
23 ikev2_free_keys(&data->keys); in ikev2_initiator_deinit()
24 wpabuf_free(data->r_dh_public); in ikev2_initiator_deinit()
25 wpabuf_free(data->i_dh_private); in ikev2_initiator_deinit()
26 os_free(data->IDi); in ikev2_initiator_deinit()
27 os_free(data->IDr); in ikev2_initiator_deinit()
28 os_free(data->shared_secret); in ikev2_initiator_deinit()
29 wpabuf_free(data->i_sign_msg); in ikev2_initiator_deinit()
30 wpabuf_free(data->r_sign_msg); in ikev2_initiator_deinit()
31 os_free(data->key_pad); in ikev2_initiator_deinit()
35 static int ikev2_derive_keys(struct ikev2_initiator_data *data) in ikev2_derive_keys() argument
49 integ = ikev2_get_integ(data->proposal.integ); in ikev2_derive_keys()
50 prf = ikev2_get_prf(data->proposal.prf); in ikev2_derive_keys()
51 encr = ikev2_get_encr(data->proposal.encr); in ikev2_derive_keys()
57 shared = dh_derive_shared(data->r_dh_public, data->i_dh_private, in ikev2_derive_keys()
58 data->dh); in ikev2_derive_keys()
64 buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; in ikev2_derive_keys()
72 os_memcpy(pos, data->i_nonce, data->i_nonce_len); in ikev2_derive_keys()
73 pos += data->i_nonce_len; in ikev2_derive_keys()
74 os_memcpy(pos, data->r_nonce, data->r_nonce_len); in ikev2_derive_keys()
75 pos += data->r_nonce_len; in ikev2_derive_keys()
76 os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); in ikev2_derive_keys()
78 os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); in ikev2_derive_keys()
83 pad_len = data->dh->prime_len - wpabuf_len(shared); in ikev2_derive_keys()
94 if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, in ikev2_derive_keys()
105 wpabuf_free(data->r_dh_public); in ikev2_derive_keys()
106 data->r_dh_public = NULL; in ikev2_derive_keys()
107 wpabuf_free(data->i_dh_private); in ikev2_derive_keys()
108 data->i_dh_private = NULL; in ikev2_derive_keys()
114 &data->keys); in ikev2_derive_keys()
120 static int ikev2_parse_transform(struct ikev2_initiator_data *data, in ikev2_parse_transform() argument
164 transform_id == data->proposal.encr) { in ikev2_parse_transform()
190 transform_id == data->proposal.prf) in ikev2_parse_transform()
195 transform_id == data->proposal.integ) in ikev2_parse_transform()
200 transform_id == data->proposal.dh) in ikev2_parse_transform()
209 static int ikev2_parse_proposal(struct ikev2_initiator_data *data, in ikev2_parse_proposal() argument
286 int tlen = ikev2_parse_transform(data, prop, ppos, pend); in ikev2_parse_proposal()
302 static int ikev2_process_sar1(struct ikev2_initiator_data *data, in ikev2_process_sar1() argument
329 plen = ikev2_parse_proposal(data, &prop, pos, end); in ikev2_process_sar1()
355 "INTEG:%d D-H:%d", data->proposal.proposal_num, in ikev2_process_sar1()
356 data->proposal.encr, data->proposal.prf, in ikev2_process_sar1()
357 data->proposal.integ, data->proposal.dh); in ikev2_process_sar1()
363 static int ikev2_process_ker(struct ikev2_initiator_data *data, in ikev2_process_ker() argument
388 if (group != data->proposal.dh) { in ikev2_process_ker()
391 group, data->proposal.dh); in ikev2_process_ker()
395 if (data->dh == NULL) { in ikev2_process_ker()
404 if (ker_len - 4 != data->dh->prime_len) { in ikev2_process_ker()
407 (long) (ker_len - 4), (long) data->dh->prime_len); in ikev2_process_ker()
411 wpabuf_free(data->r_dh_public); in ikev2_process_ker()
412 data->r_dh_public = wpabuf_alloc_copy(ker + 4, ker_len - 4); in ikev2_process_ker()
413 if (data->r_dh_public == NULL) in ikev2_process_ker()
417 data->r_dh_public); in ikev2_process_ker()
423 static int ikev2_process_nr(struct ikev2_initiator_data *data, in ikev2_process_nr() argument
437 data->r_nonce_len = nr_len; in ikev2_process_nr()
438 os_memcpy(data->r_nonce, nr, nr_len); in ikev2_process_nr()
440 data->r_nonce, data->r_nonce_len); in ikev2_process_nr()
446 static int ikev2_process_sa_init_encr(struct ikev2_initiator_data *data, in ikev2_process_sa_init_encr() argument
456 decrypted = ikev2_decrypt_payload(data->proposal.encr, in ikev2_process_sa_init_encr()
457 data->proposal.integ, &data->keys, 0, in ikev2_process_sa_init_encr()
473 ret = ikev2_process_idr(data, pl.idr, pl.idr_len); in ikev2_process_sa_init_encr()
481 static int ikev2_process_sa_init(struct ikev2_initiator_data *data, in ikev2_process_sa_init() argument
485 if (ikev2_process_sar1(data, pl->sa, pl->sa_len) < 0 || in ikev2_process_sa_init()
486 ikev2_process_ker(data, pl->ke, pl->ke_len) < 0 || in ikev2_process_sa_init()
487 ikev2_process_nr(data, pl->nonce, pl->nonce_len) < 0) in ikev2_process_sa_init()
490 os_memcpy(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN); in ikev2_process_sa_init()
492 if (ikev2_derive_keys(data) < 0) in ikev2_process_sa_init()
498 if (ikev2_process_sa_init_encr(data, hdr, pl->encrypted, in ikev2_process_sa_init()
507 data->state = SA_AUTH; in ikev2_process_sa_init()
513 static int ikev2_process_idr(struct ikev2_initiator_data *data, in ikev2_process_idr() argument
534 if (data->IDr) { in ikev2_process_idr()
535 if (id_type != data->IDr_type || idr_len != data->IDr_len || in ikev2_process_idr()
536 os_memcmp(idr, data->IDr, idr_len) != 0) { in ikev2_process_idr()
542 data->IDr, data->IDr_len); in ikev2_process_idr()
545 os_free(data->IDr); in ikev2_process_idr()
547 data->IDr = os_memdup(idr, idr_len); in ikev2_process_idr()
548 if (data->IDr == NULL) in ikev2_process_idr()
550 data->IDr_len = idr_len; in ikev2_process_idr()
551 data->IDr_type = id_type; in ikev2_process_idr()
557 static int ikev2_process_cert(struct ikev2_initiator_data *data, in ikev2_process_cert() argument
563 if (data->peer_auth == PEER_AUTH_CERT) { in ikev2_process_cert()
588 static int ikev2_process_auth_cert(struct ikev2_initiator_data *data, in ikev2_process_auth_cert() argument
602 static int ikev2_process_auth_secret(struct ikev2_initiator_data *data, in ikev2_process_auth_secret() argument
616 if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg, in ikev2_process_auth_secret()
617 data->IDr, data->IDr_len, data->IDr_type, in ikev2_process_auth_secret()
618 &data->keys, 0, data->shared_secret, in ikev2_process_auth_secret()
619 data->shared_secret_len, in ikev2_process_auth_secret()
620 data->i_nonce, data->i_nonce_len, in ikev2_process_auth_secret()
621 data->key_pad, data->key_pad_len, in ikev2_process_auth_secret()
627 wpabuf_free(data->r_sign_msg); in ikev2_process_auth_secret()
628 data->r_sign_msg = NULL; in ikev2_process_auth_secret()
630 prf = ikev2_get_prf(data->proposal.prf); in ikev2_process_auth_secret()
651 static int ikev2_process_auth(struct ikev2_initiator_data *data, in ikev2_process_auth() argument
674 switch (data->peer_auth) { in ikev2_process_auth()
676 return ikev2_process_auth_cert(data, auth_method, auth, in ikev2_process_auth()
679 return ikev2_process_auth_secret(data, auth_method, auth, in ikev2_process_auth()
687 static int ikev2_process_sa_auth_decrypted(struct ikev2_initiator_data *data, in ikev2_process_sa_auth_decrypted() argument
702 if (ikev2_process_idr(data, pl.idr, pl.idr_len) < 0 || in ikev2_process_sa_auth_decrypted()
703 ikev2_process_cert(data, pl.cert, pl.cert_len) < 0 || in ikev2_process_sa_auth_decrypted()
704 ikev2_process_auth(data, pl.auth, pl.auth_len) < 0) in ikev2_process_sa_auth_decrypted()
711 static int ikev2_process_sa_auth(struct ikev2_initiator_data *data, in ikev2_process_sa_auth() argument
719 decrypted = ikev2_decrypt_payload(data->proposal.encr, in ikev2_process_sa_auth()
720 data->proposal.integ, in ikev2_process_sa_auth()
721 &data->keys, 0, hdr, pl->encrypted, in ikev2_process_sa_auth()
726 ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload, in ikev2_process_sa_auth()
730 if (ret == 0 && !data->unknown_user) { in ikev2_process_sa_auth()
732 data->state = IKEV2_DONE; in ikev2_process_sa_auth()
739 static int ikev2_validate_rx_state(struct ikev2_initiator_data *data, in ikev2_validate_rx_state() argument
742 switch (data->state) { in ikev2_validate_rx_state()
792 int ikev2_initiator_process(struct ikev2_initiator_data *data, in ikev2_initiator_process() argument
836 if (ikev2_validate_rx_state(data, hdr->exchange_type, message_id) < 0) in ikev2_initiator_process()
846 if (data->state != SA_INIT) { in ikev2_initiator_process()
847 if (os_memcmp(data->i_spi, hdr->i_spi, IKEV2_SPI_LEN) != 0) { in ikev2_initiator_process()
852 if (os_memcmp(data->r_spi, hdr->r_spi, IKEV2_SPI_LEN) != 0) { in ikev2_initiator_process()
863 switch (data->state) { in ikev2_initiator_process()
865 if (ikev2_process_sa_init(data, hdr, &pl) < 0) in ikev2_initiator_process()
867 wpabuf_free(data->r_sign_msg); in ikev2_initiator_process()
868 data->r_sign_msg = wpabuf_dup(buf); in ikev2_initiator_process()
871 if (ikev2_process_sa_auth(data, hdr, &pl) < 0) in ikev2_initiator_process()
883 static void ikev2_build_hdr(struct ikev2_initiator_data *data, in ikev2_build_hdr() argument
893 os_memcpy(hdr->i_spi, data->i_spi, IKEV2_SPI_LEN); in ikev2_build_hdr()
894 os_memcpy(hdr->r_spi, data->r_spi, IKEV2_SPI_LEN); in ikev2_build_hdr()
903 static int ikev2_build_sai(struct ikev2_initiator_data *data, in ikev2_build_sai() argument
920 p->proposal_num = data->proposal.proposal_num; in ikev2_build_sai()
927 WPA_PUT_BE16(t->transform_id, data->proposal.encr); in ikev2_build_sai()
928 if (data->proposal.encr == ENCR_AES_CBC) { in ikev2_build_sai()
940 WPA_PUT_BE16(t->transform_id, data->proposal.prf); in ikev2_build_sai()
946 WPA_PUT_BE16(t->transform_id, data->proposal.integ); in ikev2_build_sai()
951 WPA_PUT_BE16(t->transform_id, data->proposal.dh); in ikev2_build_sai()
963 static int ikev2_build_kei(struct ikev2_initiator_data *data, in ikev2_build_kei() argument
972 data->dh = dh_groups_get(data->proposal.dh); in ikev2_build_kei()
973 pv = dh_init(data->dh, &data->i_dh_private); in ikev2_build_kei()
984 wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */ in ikev2_build_kei()
990 wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv)); in ikev2_build_kei()
1000 static int ikev2_build_ni(struct ikev2_initiator_data *data, in ikev2_build_ni() argument
1012 wpabuf_put_data(msg, data->i_nonce, data->i_nonce_len); in ikev2_build_ni()
1019 static int ikev2_build_idi(struct ikev2_initiator_data *data, in ikev2_build_idi() argument
1027 if (data->IDi == NULL) { in ikev2_build_idi()
1038 wpabuf_put_data(msg, data->IDi, data->IDi_len); in ikev2_build_idi()
1045 static int ikev2_build_auth(struct ikev2_initiator_data *data, in ikev2_build_auth() argument
1054 prf = ikev2_get_prf(data->proposal.prf); in ikev2_build_auth()
1066 if (ikev2_derive_auth_data(data->proposal.prf, data->i_sign_msg, in ikev2_build_auth()
1067 data->IDi, data->IDi_len, ID_KEY_ID, in ikev2_build_auth()
1068 &data->keys, 1, data->shared_secret, in ikev2_build_auth()
1069 data->shared_secret_len, in ikev2_build_auth()
1070 data->r_nonce, data->r_nonce_len, in ikev2_build_auth()
1071 data->key_pad, data->key_pad_len, in ikev2_build_auth()
1076 wpabuf_free(data->i_sign_msg); in ikev2_build_auth()
1077 data->i_sign_msg = NULL; in ikev2_build_auth()
1085 static struct wpabuf * ikev2_build_sa_init(struct ikev2_initiator_data *data) in ikev2_build_sa_init() argument
1091 if (os_get_random(data->i_spi, IKEV2_SPI_LEN)) in ikev2_build_sa_init()
1094 data->i_spi, IKEV2_SPI_LEN); in ikev2_build_sa_init()
1096 data->i_nonce_len = IKEV2_NONCE_MIN_LEN; in ikev2_build_sa_init()
1097 if (random_get_bytes(data->i_nonce, data->i_nonce_len)) in ikev2_build_sa_init()
1099 wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len); in ikev2_build_sa_init()
1105 ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0); in ikev2_build_sa_init()
1106 if (ikev2_build_sai(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) || in ikev2_build_sa_init()
1107 ikev2_build_kei(data, msg, IKEV2_PAYLOAD_NONCE) || in ikev2_build_sa_init()
1108 ikev2_build_ni(data, msg, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) { in ikev2_build_sa_init()
1117 wpabuf_free(data->i_sign_msg); in ikev2_build_sa_init()
1118 data->i_sign_msg = wpabuf_dup(msg); in ikev2_build_sa_init()
1124 static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data) in ikev2_build_sa_auth() argument
1130 secret = data->get_shared_secret(data->cb_ctx, data->IDr, in ikev2_build_sa_auth()
1131 data->IDr_len, &secret_len); in ikev2_build_sa_auth()
1139 data->unknown_user = 1; in ikev2_build_sa_auth()
1140 os_free(data->shared_secret); in ikev2_build_sa_auth()
1141 data->shared_secret = os_malloc(16); in ikev2_build_sa_auth()
1142 if (data->shared_secret == NULL) in ikev2_build_sa_auth()
1144 data->shared_secret_len = 16; in ikev2_build_sa_auth()
1145 if (random_get_bytes(data->shared_secret, 16)) in ikev2_build_sa_auth()
1148 os_free(data->shared_secret); in ikev2_build_sa_auth()
1149 data->shared_secret = os_memdup(secret, secret_len); in ikev2_build_sa_auth()
1150 if (data->shared_secret == NULL) in ikev2_build_sa_auth()
1152 data->shared_secret_len = secret_len; in ikev2_build_sa_auth()
1157 msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000); in ikev2_build_sa_auth()
1160 ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1); in ikev2_build_sa_auth()
1162 plain = wpabuf_alloc(data->IDr_len + 1000); in ikev2_build_sa_auth()
1168 if (ikev2_build_idi(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) || in ikev2_build_sa_auth()
1169 ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) || in ikev2_build_sa_auth()
1170 ikev2_build_encrypted(data->proposal.encr, data->proposal.integ, in ikev2_build_sa_auth()
1171 &data->keys, 1, msg, plain, in ikev2_build_sa_auth()
1185 struct wpabuf * ikev2_initiator_build(struct ikev2_initiator_data *data) in ikev2_initiator_build() argument
1187 switch (data->state) { in ikev2_initiator_build()
1189 return ikev2_build_sa_init(data); in ikev2_initiator_build()
1191 return ikev2_build_sa_auth(data); in ikev2_initiator_build()