Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'

This makes it easier to eventually replace EAP-AKA implementation with a
shared implementation that supports both EAP-AKA and EAP-AKA'.
This commit is contained in:
Jouni Malinen 2008-12-02 20:27:05 +02:00
parent 8c37556cd1
commit f09d19d46a
2 changed files with 32 additions and 16 deletions

View file

@ -54,6 +54,7 @@ struct eap_aka_data {
struct wpabuf *id_msgs; struct wpabuf *id_msgs;
int prev_id; int prev_id;
int result_ind, use_result_ind; int result_ind, use_result_ind;
u8 eap_method;
}; };
@ -80,7 +81,8 @@ static const char * eap_aka_state_txt(int state)
static void eap_aka_state(struct eap_aka_data *data, int state) static void eap_aka_state(struct eap_aka_data *data, int state)
{ {
wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", wpa_printf(MSG_DEBUG, "EAP-AKA%s: %s -> %s",
data->eap_method == EAP_TYPE_AKA_PRIME ? "'" : "",
eap_aka_state_txt(data->state), eap_aka_state_txt(data->state),
eap_aka_state_txt(state)); eap_aka_state_txt(state));
data->state = state; data->state = state;
@ -96,6 +98,11 @@ static void * eap_aka_init(struct eap_sm *sm)
if (data == NULL) if (data == NULL)
return NULL; return NULL;
if (1)
data->eap_method = EAP_TYPE_AKA_PRIME;
else
data->eap_method = EAP_TYPE_AKA;
eap_aka_state(data, CONTINUE); eap_aka_state(data, CONTINUE);
data->prev_id = -1; data->prev_id = -1;
@ -376,7 +383,7 @@ static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id,
data->num_id_req = 0; data->num_id_req = 0;
data->num_notification = 0; data->num_notification = 0;
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_CLIENT_ERROR); EAP_AKA_SUBTYPE_CLIENT_ERROR);
eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0); eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
return eap_sim_msg_finish(msg, NULL, NULL, 0); return eap_sim_msg_finish(msg, NULL, NULL, 0);
@ -394,7 +401,7 @@ static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data,
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject " wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject "
"(id=%d)", id); "(id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT); EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT);
return eap_sim_msg_finish(msg, NULL, NULL, 0); return eap_sim_msg_finish(msg, NULL, NULL, 0);
} }
@ -410,7 +417,7 @@ static struct wpabuf * eap_aka_synchronization_failure(
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Synchronization-Failure " wpa_printf(MSG_DEBUG, "Generating EAP-AKA Synchronization-Failure "
"(id=%d)", id); "(id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE); EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE);
wpa_printf(MSG_DEBUG, " AT_AUTS"); wpa_printf(MSG_DEBUG, " AT_AUTS");
eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts, eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts,
@ -449,7 +456,7 @@ static struct wpabuf * eap_aka_response_identity(struct eap_sm *sm,
eap_aka_clear_identities(data, CLEAR_EAP_ID); eap_aka_clear_identities(data, CLEAR_EAP_ID);
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Identity (id=%d)", id); wpa_printf(MSG_DEBUG, "Generating EAP-AKA Identity (id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_IDENTITY); EAP_AKA_SUBTYPE_IDENTITY);
if (identity) { if (identity) {
@ -469,7 +476,7 @@ static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data,
struct eap_sim_msg *msg; struct eap_sim_msg *msg;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d)", id); wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_CHALLENGE); EAP_AKA_SUBTYPE_CHALLENGE);
wpa_printf(MSG_DEBUG, " AT_RES"); wpa_printf(MSG_DEBUG, " AT_RES");
eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
@ -494,7 +501,7 @@ static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data,
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)", wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)",
id); id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_REAUTHENTICATION); EAP_AKA_SUBTYPE_REAUTHENTICATION);
wpa_printf(MSG_DEBUG, " AT_IV"); wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
@ -535,7 +542,7 @@ static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data,
u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL; u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)", id); wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_NOTIFICATION); EAP_AKA_SUBTYPE_NOTIFICATION);
if (k_aut && data->reauth) { if (k_aut && data->reauth) {
wpa_printf(MSG_DEBUG, " AT_IV"); wpa_printf(MSG_DEBUG, " AT_IV");
@ -955,7 +962,7 @@ static struct wpabuf * eap_aka_process(struct eap_sm *sm, void *priv,
return NULL; return NULL;
} }
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, reqData, pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData,
&len); &len);
if (pos == NULL || len < 1) { if (pos == NULL || len < 1) {
ret->ignore = TRUE; ret->ignore = TRUE;

View file

@ -49,6 +49,7 @@ struct eap_aka_data {
struct wpabuf *id_msgs; struct wpabuf *id_msgs;
int pending_id; int pending_id;
u8 eap_method;
}; };
@ -80,7 +81,8 @@ static const char * eap_aka_state_txt(int state)
static void eap_aka_state(struct eap_aka_data *data, int state) static void eap_aka_state(struct eap_aka_data *data, int state)
{ {
wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", wpa_printf(MSG_DEBUG, "EAP-AKA%s: %s -> %s",
data->eap_method == EAP_TYPE_AKA_PRIME ? "'" : "",
eap_aka_state_txt(data->state), eap_aka_state_txt(data->state),
eap_aka_state_txt(state)); eap_aka_state_txt(state));
data->state = state; data->state = state;
@ -99,6 +101,12 @@ static void * eap_aka_init(struct eap_sm *sm)
data = os_zalloc(sizeof(*data)); data = os_zalloc(sizeof(*data));
if (data == NULL) if (data == NULL)
return NULL; return NULL;
if (1)
data->eap_method = EAP_TYPE_AKA_PRIME;
else
data->eap_method = EAP_TYPE_AKA;
data->state = IDENTITY; data->state = IDENTITY;
eap_aka_determine_identity(sm, data, 1, 0); eap_aka_determine_identity(sm, data, 1, 0);
data->pending_id = -1; data->pending_id = -1;
@ -213,7 +221,7 @@ static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
struct wpabuf *buf; struct wpabuf *buf;
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
EAP_AKA_SUBTYPE_IDENTITY); EAP_AKA_SUBTYPE_IDENTITY);
if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
sm->identity_len)) { sm->identity_len)) {
@ -309,7 +317,7 @@ static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm,
struct eap_sim_msg *msg; struct eap_sim_msg *msg;
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge"); wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
EAP_AKA_SUBTYPE_CHALLENGE); EAP_AKA_SUBTYPE_CHALLENGE);
wpa_printf(MSG_DEBUG, " AT_RAND"); wpa_printf(MSG_DEBUG, " AT_RAND");
eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN); eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN);
@ -351,7 +359,7 @@ static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
sm->identity_len, data->nonce_s, data->mk, sm->identity_len, data->nonce_s, data->mk,
data->msk, data->emsk); data->msk, data->emsk);
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
EAP_AKA_SUBTYPE_REAUTHENTICATION); EAP_AKA_SUBTYPE_REAUTHENTICATION);
if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) { if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
@ -379,7 +387,7 @@ static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm,
struct eap_sim_msg *msg; struct eap_sim_msg *msg;
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification"); wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
EAP_AKA_SUBTYPE_NOTIFICATION); EAP_AKA_SUBTYPE_NOTIFICATION);
wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification); wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification, eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
@ -437,10 +445,11 @@ static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id)
static Boolean eap_aka_check(struct eap_sm *sm, void *priv, static Boolean eap_aka_check(struct eap_sm *sm, void *priv,
struct wpabuf *respData) struct wpabuf *respData)
{ {
struct eap_aka_data *data = priv;
const u8 *pos; const u8 *pos;
size_t len; size_t len;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, respData, pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
&len); &len);
if (pos == NULL || len < 3) { if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame"); wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame");
@ -899,7 +908,7 @@ static void eap_aka_process(struct eap_sm *sm, void *priv,
size_t len; size_t len;
struct eap_sim_attrs attr; struct eap_sim_attrs attr;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, respData, pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
&len); &len);
if (pos == NULL || len < 3) if (pos == NULL || len < 3)
return; return;