static struct wpabuf * eap_aka_process_identity(struct eap_sm *sm, struct eap_aka_data *data, u8 id, const struct wpabuf *reqData, struct eap_sim_attrs *attr) { int id_error; struct wpabuf *buf; wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Identity"); id_error = 0; switch (attr->id_req) { case NO_ID_REQ: break; case ANY_ID: if (data->num_id_req > 0) id_error++; data->num_id_req++; break; case FULLAUTH_ID: if (data->num_id_req > 1) id_error++; data->num_id_req++; break; case PERMANENT_ID: if (data->num_id_req > 2) id_error++; data->num_id_req++; break; } if (id_error) { wpa_printf(MSG_INFO, "EAP-AKA: Too many ID requests " "used within one authentication"); return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } buf = eap_aka_response_identity(sm, data, id, attr->id_req); if (data->prev_id != id) { eap_aka_add_id_msg(data, reqData); eap_aka_add_id_msg(data, buf); data->prev_id = id; } return buf; }
static void eap_aka_process_identity(struct eap_sm *sm, struct eap_aka_data *data, struct wpabuf *respData, struct eap_sim_attrs *attr) { wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity"); if (attr->mac || attr->iv || attr->encr_data) { wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute " "received in EAP-Response/AKA-Identity"); data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; eap_aka_state(data, NOTIFICATION); return; } if (attr->identity) { os_free(sm->identity); sm->identity = os_malloc(attr->identity_len); if (sm->identity) { os_memcpy(sm->identity, attr->identity, attr->identity_len); sm->identity_len = attr->identity_len; } } eap_aka_determine_identity(sm, data, 0, 0); if (eap_get_id(respData) == data->pending_id) { data->pending_id = -1; eap_aka_add_id_msg(data, respData); } }
static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm, struct eap_aka_data *data, u8 id) { struct eap_sim_msg *msg; struct wpabuf *buf; wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_IDENTITY); if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, sm->identity_len)) { wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ"); eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0); } else { /* * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is * ignored and the AKA/Identity is used to request the * identity. */ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ"); eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0); } buf = eap_sim_msg_finish(msg, NULL, NULL, 0); if (eap_aka_add_id_msg(data, buf) < 0) { wpabuf_free(buf); return NULL; } data->pending_id = id; return buf; }
static void eap_aka_process_identity(struct eap_sm *sm, struct eap_aka_data *data, struct wpabuf *respData, struct eap_sim_attrs *attr) { u8 *new_identity; wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity"); if (attr->mac || attr->iv || attr->encr_data) { wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute " "received in EAP-Response/AKA-Identity"); data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; eap_aka_state(data, NOTIFICATION); return; } /* * We always request identity with AKA/Identity, so the peer is * required to have replied with one. */ if (!attr->identity || attr->identity_len == 0) { wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any " "identity"); data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; eap_aka_state(data, NOTIFICATION); return; } new_identity = os_malloc(attr->identity_len); if (new_identity == NULL) { data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; eap_aka_state(data, NOTIFICATION); return; } os_free(sm->identity); sm->identity = new_identity; os_memcpy(sm->identity, attr->identity, attr->identity_len); sm->identity_len = attr->identity_len; eap_aka_determine_identity(sm, data); if (eap_get_id(respData) == data->pending_id) { data->pending_id = -1; eap_aka_add_id_msg(data, respData); } }
static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm, struct eap_aka_data *data, u8 id) { struct eap_sim_msg *msg; struct wpabuf *buf; wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_IDENTITY); data->identity_round++; if (data->identity_round == 1) { /* * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is * ignored and the AKA/Identity is used to request the * identity. */ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ"); eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0); } else if (data->identity_round > 3) { /* Cannot use more than three rounds of Identity messages */ eap_sim_msg_free(msg); return NULL; } else if (sm->identity && sm->identity_len > 0 && (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX || sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) { /* Reauth id may have expired - try fullauth */ wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ"); eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0); } else { wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ"); eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0); } buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); if (eap_aka_add_id_msg(data, buf) < 0) { wpabuf_free(buf); return NULL; } data->pending_id = id; return buf; }