本文整理汇总了C++中eap_aka_state函数的典型用法代码示例。如果您正苦于以下问题:C++ eap_aka_state函数的具体用法?C++ eap_aka_state怎么用?C++ eap_aka_state使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了eap_aka_state函数的16个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: eap_aka_process_sync_failure
static void eap_aka_process_sync_failure(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure");
if (attr->auts == NULL) {
wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure "
"message did not include valid AT_AUTS");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
/* Avoid re-reporting AUTS when processing pending EAP packet by
* maintaining a local flag stating whether this AUTS has already been
* reported. */
if (!data->auts_reported &&
eap_sim_db_resynchronize(sm->eap_sim_db_priv, sm->identity,
sm->identity_len, attr->auts,
data->rand)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
data->auts_reported = 1;
/* Try again after resynchronization */
eap_aka_determine_identity(sm, data, 0, 0);
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:32,代码来源:eap_server_aka.c
示例2: eap_aka_process_notification
static void eap_aka_process_notification(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification");
if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
eap_aka_state(data, SUCCESS);
else
eap_aka_state(data, FAILURE);
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:11,代码来源:eap_server_aka.c
示例3: eap_aka_process_client_error
static void eap_aka_process_client_error(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d",
attr->client_error_code);
if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
eap_aka_state(data, SUCCESS);
else
eap_aka_state(data, FAILURE);
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:12,代码来源:eap_server_aka.c
示例4: eap_aka_process_authentication_reject
static void eap_aka_process_authentication_reject(
struct eap_sm *sm, struct eap_aka_data *data,
struct wpabuf *respData, struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication");
eap_aka_state(data, FAILURE);
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:7,代码来源:eap_server_aka.c
示例5: eap_aka_init
static void * eap_aka_init(struct eap_sm *sm)
{
struct eap_aka_data *data;
const char *phase1 = eap_get_config_phase1(sm);
struct eap_peer_config *config = eap_get_config(sm);
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
data->eap_method = EAP_TYPE_AKA;
eap_aka_state(data, CONTINUE);
data->prev_id = -1;
data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
if (config && config->anonymous_identity) {
data->pseudonym = os_malloc(config->anonymous_identity_len);
if (data->pseudonym) {
os_memcpy(data->pseudonym, config->anonymous_identity,
config->anonymous_identity_len);
data->pseudonym_len = config->anonymous_identity_len;
}
}
return data;
}
开发者ID:PDi-Communication-Systems-Inc,项目名称:lollipop_hardware_intel_wlan_hostap_wcs,代码行数:28,代码来源:eap_aka.c
示例6: eap_aka_process_identity
static void eap_aka_process_identity(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
"received in EAP-Response/AKA-Identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (attr->identity) {
os_free(sm->identity);
sm->identity = os_malloc(attr->identity_len);
if (sm->identity) {
os_memcpy(sm->identity, attr->identity,
attr->identity_len);
sm->identity_len = attr->identity_len;
}
}
eap_aka_determine_identity(sm, data, 0, 0);
if (eap_get_id(respData) == data->pending_id) {
data->pending_id = -1;
eap_aka_add_id_msg(data, respData);
}
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:31,代码来源:eap_server_aka.c
示例7: eap_aka_process_identity
static void eap_aka_process_identity(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
u8 *new_identity;
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
"received in EAP-Response/AKA-Identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
/*
* We always request identity with AKA/Identity, so the peer is
* required to have replied with one.
*/
if (!attr->identity || attr->identity_len == 0) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
"identity");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
new_identity = os_malloc(attr->identity_len);
if (new_identity == NULL) {
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
os_free(sm->identity);
sm->identity = new_identity;
os_memcpy(sm->identity, attr->identity, attr->identity_len);
sm->identity_len = attr->identity_len;
eap_aka_determine_identity(sm, data);
if (eap_get_id(respData) == data->pending_id) {
data->pending_id = -1;
eap_aka_add_id_msg(data, respData);
}
}
开发者ID:Bebooo43,项目名称:android_hardware_mediatek,代码行数:46,代码来源:eap_server_aka.c
示例8: eap_aka_init
static void * eap_aka_init(struct eap_sm *sm)
{
struct eap_aka_data *data;
const char *phase1 = eap_get_config_phase1(sm);
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
eap_aka_state(data, CONTINUE);
data->prev_id = -1;
data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
return data;
}
开发者ID:ebichu,项目名称:dd-wrt,代码行数:16,代码来源:eap_aka.c
示例9: eap_aka_check_identity_reauth
static int eap_aka_check_identity_reauth(struct eap_sm *sm,
struct eap_aka_data *data,
const char *username)
{
if (data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] != EAP_AKA_PRIME_REAUTH_ID_PREFIX)
return 0;
if (data->eap_method == EAP_TYPE_AKA &&
username[0] != EAP_AKA_REAUTH_ID_PREFIX)
return 0;
wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username);
data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
username);
if (data->reauth == NULL) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
"request full auth identity");
/* Remain in IDENTITY state for another round */
return 0;
}
wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast re-authentication");
os_strlcpy(data->permanent, data->reauth->permanent,
sizeof(data->permanent));
data->counter = data->reauth->counter;
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
os_memcpy(data->k_encr, data->reauth->k_encr,
EAP_SIM_K_ENCR_LEN);
os_memcpy(data->k_aut, data->reauth->k_aut,
EAP_AKA_PRIME_K_AUT_LEN);
os_memcpy(data->k_re, data->reauth->k_re,
EAP_AKA_PRIME_K_RE_LEN);
} else {
os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
}
eap_aka_state(data, REAUTH);
return 1;
}
开发者ID:Bebooo43,项目名称:android_hardware_mediatek,代码行数:39,代码来源:eap_server_aka.c
示例10: eap_aka_process
static void eap_aka_process(struct eap_sm *sm, void *priv,
struct wpabuf *respData)
{
struct eap_aka_data *data = priv;
const u8 *pos, *end;
u8 subtype;
size_t len;
struct eap_sim_attrs attr;
pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
&len);
if (pos == NULL || len < 3)
return;
end = pos + len;
subtype = *pos;
pos += 3;
if (eap_aka_subtype_ok(data, subtype)) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected "
"EAP-AKA Subtype in EAP Response");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (eap_sim_parse_attr(pos, end, &attr,
data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
0)) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) {
eap_aka_process_client_error(sm, data, respData, &attr);
return;
}
if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) {
eap_aka_process_authentication_reject(sm, data, respData,
&attr);
return;
}
switch (data->state) {
case IDENTITY:
eap_aka_process_identity(sm, data, respData, &attr);
break;
case CHALLENGE:
if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
eap_aka_process_sync_failure(sm, data, respData,
&attr);
} else {
eap_aka_process_challenge(sm, data, respData, &attr);
}
break;
case REAUTH:
eap_aka_process_reauth(sm, data, respData, &attr);
break;
case NOTIFICATION:
eap_aka_process_notification(sm, data, respData, &attr);
break;
default:
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
"process", data->state);
break;
}
}
开发者ID:OpenPANA,项目名称:openpana,代码行数:70,代码来源:eap_server_aka.c
示例11: eap_aka_determine_identity
static void eap_aka_determine_identity(struct eap_sm *sm,
struct eap_aka_data *data)
{
char *username;
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
sm->identity, sm->identity_len);
username = sim_get_username(sm->identity, sm->identity_len);
if (username == NULL) {
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
os_free(username);
return;
}
if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA &&
username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
data->identity_round == 1) {
/* Remain in IDENTITY state for another round to request full
* auth identity since we did not recognize reauth id */
os_free(username);
return;
}
if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA &&
username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
const char *permanent;
wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
username);
permanent = eap_sim_db_get_permanent(
sm->eap_sim_db_priv, username);
os_free(username);
if (permanent == NULL) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
"identity - request permanent identity");
/* Remain in IDENTITY state for another round */
return;
}
os_strlcpy(data->permanent, permanent,
sizeof(data->permanent));
} else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA &&
username[0] == EAP_AKA_PERMANENT_PREFIX)) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent username '%s'",
username);
os_strlcpy(data->permanent, username, sizeof(data->permanent));
os_free(username);
} else {
wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized username '%s'",
username);
os_free(username);
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
eap_aka_fullauth(sm, data);
}
开发者ID:Bebooo43,项目名称:android_hardware_mediatek,代码行数:68,代码来源:eap_server_aka.c
示例12: eap_aka_fullauth
static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
{
size_t identity_len;
int res;
res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
data->rand, data->autn, data->ik,
data->ck, data->res, &data->res_len, sm);
if (res == EAP_SIM_DB_PENDING) {
wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
"not yet available - pending request");
sm->method_pending = METHOD_PENDING_WAIT;
return;
}
#ifdef EAP_SERVER_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
* needed 6-octet SQN ^AK for CK',IK' derivation */
eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
data->autn,
data->network_name,
data->network_name_len);
}
#endif /* EAP_SERVER_AKA_PRIME */
data->reauth = NULL;
data->counter = 0; /* reset re-auth counter since this is full auth */
if (res != 0) {
wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA "
"authentication data for the peer");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (sm->method_pending == METHOD_PENDING_WAIT) {
wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
"available - abort pending wait");
sm->method_pending = METHOD_PENDING_NONE;
}
identity_len = sm->identity_len;
while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
"character from identity");
identity_len--;
}
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
sm->identity, identity_len);
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
data->ck, data->k_encr, data->k_aut,
data->k_re, data->msk, data->emsk);
} else {
eap_aka_derive_mk(sm->identity, identity_len, data->ik,
data->ck, data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
data->msk, data->emsk);
}
eap_aka_state(data, CHALLENGE);
}
开发者ID:Bebooo43,项目名称:android_hardware_mediatek,代码行数:64,代码来源:eap_server_aka.c
示例13: eap_aka_process_reauth
static void eap_aka_process_reauth(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
struct eap_sim_attrs eattr;
u8 *decrypted = NULL;
const u8 *identity, *id2;
size_t identity_len, id2_len;
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication");
if (attr->mac == NULL ||
eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
EAP_SIM_NONCE_S_LEN)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
"did not include valid AT_MAC");
goto fail;
}
if (attr->encr_data == NULL || attr->iv == NULL) {
wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
"message did not include encrypted data");
goto fail;
}
decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
attr->encr_data_len, attr->iv, &eattr,
0);
if (decrypted == NULL) {
wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
"data from reauthentication message");
goto fail;
}
if (eattr.counter != data->counter) {
wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
"used incorrect counter %u, expected %u",
eattr.counter, data->counter);
goto fail;
}
os_free(decrypted);
decrypted = NULL;
wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes "
"the correct AT_MAC");
if (eattr.counter_too_small) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response "
"included AT_COUNTER_TOO_SMALL - starting full "
"authentication");
eap_aka_determine_identity(sm, data, 0, 1);
return;
}
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
data->use_result_ind = 1;
data->notification = EAP_SIM_SUCCESS;
eap_aka_state(data, NOTIFICATION);
} else
eap_aka_state(data, SUCCESS);
if (data->reauth) {
identity = data->reauth->identity;
identity_len = data->reauth->identity_len;
} else {
identity = sm->identity;
identity_len = sm->identity_len;
}
id2 = eap_sim_db_get_permanent(sm->eap_sim_db_priv, identity,
identity_len, &id2_len);
if (id2) {
identity = id2;
identity_len = id2_len;
}
if (data->next_pseudonym) {
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
identity_len, data->next_pseudonym);
data->next_pseudonym = NULL;
}
if (data->next_reauth_id) {
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
#ifdef EAP_SERVER_AKA_PRIME
eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
identity,
identity_len,
data->next_reauth_id,
data->counter + 1,
data->k_encr, data->k_aut,
data->k_re);
#endif /* EAP_SERVER_AKA_PRIME */
} else {
eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
identity_len,
data->next_reauth_id,
data->counter + 1,
data->mk);
}
//.........这里部分代码省略.........
开发者ID:OpenPANA,项目名称:openpana,代码行数:101,代码来源:eap_server_aka.c
示例14: eap_aka_process_challenge
static void eap_aka_process_challenge(struct eap_sm *sm,
struct eap_aka_data *data,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
const u8 *identity;
size_t identity_len;
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge");
#ifdef EAP_SERVER_AKA_PRIME
#if 0
/* KDF negotiation; to be enabled only after more than one KDF is
* supported */
if (data->eap_method == EAP_TYPE_AKA_PRIME &&
attr->kdf_count == 1 && attr->mac == NULL) {
if (attr->kdf[0] != EAP_AKA_PRIME_KDF) {
wpa_printf(MSG_WARNING, "EAP-AKA': Peer selected "
"unknown KDF");
data->notification =
EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
data->kdf = attr->kdf[0];
/* Allow negotiation to continue with the selected KDF by
* sending another Challenge message */
wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
return;
}
#endif
#endif /* EAP_SERVER_AKA_PRIME */
if (attr->checkcode &&
eap_aka_verify_checkcode(data, attr->checkcode,
attr->checkcode_len)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
"message");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
if (attr->mac == NULL ||
eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"did not include valid AT_MAC");
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
/*
* AT_RES is padded, so verify that there is enough room for RES and
* that the RES length in bits matches with the expected RES.
*/
if (attr->res == NULL || attr->res_len < data->res_len ||
attr->res_len_bits != data->res_len * 8 ||
os_memcmp(attr->res, data->res, data->res_len) != 0) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
"include valid AT_RES (attr len=%lu, res len=%lu "
"bits, expected %lu bits)",
(unsigned long) attr->res_len,
(unsigned long) attr->res_len_bits,
(unsigned long) data->res_len * 8);
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
eap_aka_state(data, NOTIFICATION);
return;
}
wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the "
"correct AT_MAC");
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
data->use_result_ind = 1;
data->notification = EAP_SIM_SUCCESS;
eap_aka_state(data, NOTIFICATION);
} else
eap_aka_state(data, SUCCESS);
identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, sm->identity,
sm->identity_len, &identity_len);
if (identity == NULL) {
identity = sm->identity;
identity_len = sm->identity_len;
}
if (data->next_pseudonym) {
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
identity_len,
data->next_pseudonym);
data->next_pseudonym = NULL;
}
if (data->next_reauth_id) {
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
#ifdef EAP_SERVER_AKA_PRIME
eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
identity,
identity_len,
data->next_reauth_id,
//.........这里部分代码省略.........
开发者ID:OpenPANA,项目名称:openpana,代码行数:101,代码来源:eap_server_aka.c
示例15: eap_aka_determine_identity
static void eap_aka_determine_identity(struct eap_sm *sm,
struct eap_aka_data *data,
int before_identity, int after_reauth)
{
const u8 *identity;
size_t identity_len;
int res;
identity = NULL;
identity_len = 0;
if (after_reauth && data->reauth) {
identity = data->reauth->identity;
identity_len = data->reauth->identity_len;
} else if (sm->identity && sm->identity_len > 0 &&
sm->identity[0] == EAP_AKA_PERMANENT_PREFIX) {
identity = sm->identity;
identity_len = sm->identity_len;
} else {
identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv,
sm->identity,
sm->identity_len,
&identity_len);
if (identity == NULL) {
data->reauth = eap_sim_db_get_reauth_entry(
sm->eap_sim_db_priv, sm->identity,
sm->identity_len);
if (data->reauth &&
data->reauth->aka_prime !=
(data->eap_method == EAP_TYPE_AKA_PRIME)) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth data "
"was for different AKA version");
data->reauth = NULL;
}
if (data->reauth) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast "
"re-authentication");
identity = data->reauth->identity;
identity_len = data->reauth->identity_len;
data->counter = data->reauth->counter;
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
os_memcpy(data->k_encr,
data->reauth->k_encr,
EAP_SIM_K_ENCR_LEN);
os_memcpy(data->k_aut,
data->reauth->k_aut,
EAP_AKA_PRIME_K_AUT_LEN);
os_memcpy(data->k_re,
data->reauth->k_re,
EAP_AKA_PRIME_K_RE_LEN);
} else {
os_memcpy(data->mk, data->reauth->mk,
EAP_SIM_MK_LEN);
}
}
}
}
if (identity == NULL ||
eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
sm->identity_len) < 0) {
if (before_identity) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent user name "
"not known - send AKA-Identity request");
eap_aka_state(data, IDENTITY);
return;
} else {
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown whether the "
"permanent user name is known; try to use "
"it");
/* eap_sim_db_get_aka_auth() will report failure, if
* this identity is not known. */
}
}
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
identity, identity_len);
if (!after_reauth && data->reauth) {
eap_aka_state(data, REAUTH);
return;
}
res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, identity,
identity_len, data->rand, data->autn,
data->ik, data->ck, data->res,
&data->res_len, sm);
if (res == EAP_SIM_DB_PENDING) {
wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
"not yet available - pending request");
sm->method_pending = METHOD_PENDING_WAIT;
return;
}
#ifdef EAP_SERVER_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
* needed 6-octet SQN ^AK for CK',IK' derivation */
eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
data->autn,
//.........这里部分代码省略.........
开发者ID:OpenPANA,项目名称:openpana,代码行数:101,代码来源:eap_server_aka.c
示例16: eap_aka_process_challenge
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
struct eap_aka_data *data,
u8 id,
const struct wpabuf *reqData,
struct eap_sim_attrs *attr)
{
const u8 *identity;
size_t identity_len;
int res;
struct eap_sim_attrs eattr;
wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
if (attr->checkcode &&
eap_aka_verify_checkcode(data, attr->checkcode,
attr->checkcode_len)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
"message");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
data->reauth = 0;
if (!attr->mac || !attr->rand || !attr->autn) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"did not include%s%s%s",
!attr->mac ? " AT_MAC" : "",
!attr->rand ? " AT_RAND" : "",
!attr->autn ? " AT_AUTN" : "");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
res = eap_aka_umts_auth(sm, data);
if (res == -1) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
"failed (AUTN)");
return eap_aka_authentication_reject(data, id);
} else if (res == -2) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
"failed (AUTN seq# -> AUTS)");
return eap_aka_synchronization_failure(data, id);
} else if (res) {
wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
} else if (data->pseudonym) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else
identity = eap_get_config_identity(sm, &identity_len);
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
"derivation", identity, identity_len);
eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
data->emsk);
if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
{
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"used invalid AT_MAC");
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
/* Old reauthentication and pseudonym identities must not be used
* anymore. In other words, if no new identities are received, full
* authentication will be used on next reauthentication. */
eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
CLEAR_EAP_ID);
if (attr->encr_data) {
u8 *decrypted;
decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
attr->encr_data_len, attr->iv,
&eattr, 0);
if (decrypted == NULL) {
return eap_aka_client_error(
data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
eap_aka_learn_ids(data, &eattr);
os_free(decrypted);
}
if (data->result_ind && attr->result_ind)
data->use_result_ind = 1;
if (data->state != FAILURE && data->state != RESULT_FAILURE) {
eap_aka_state(data, data->use_result_ind ?
RESULT_SUCCESS : SUCCESS);
}
data->num_id_req = 0;
data->num_notification = 0;
//.........这里部分代码省略.........
开发者ID:ebichu,项目名称:dd-wrt,代码行数:101,代码来源:eap_aka.c
注:本文中的eap_aka_state函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论