Lines Matching full:identity
37 IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE
65 case IDENTITY:
66 return "IDENTITY";
107 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
108 "request full auth identity");
109 /* Remain in IDENTITY state for another round */
118 "EAP-AKA: Permanent identity recognized - skip AKA-Identity exchange");
159 const u8 *identity = sm->identity;
163 identity = (const u8 *) sm->sim_aka_permanent;
167 /* Check if we already know the identity from EAP-Response/Identity */
169 username = sim_get_username(identity, identity_len);
176 * Since re-auth username was recognized, skip AKA/Identity
182 if (sm->sim_aka_permanent[0] && data->state == IDENTITY) {
183 /* Skip AKA/Identity exchange since the permanent identity
204 "identity - request permanent identity");
205 /* Remain in IDENTITY state for another round */
211 * Since pseudonym username was recognized, skip AKA/Identity
236 data->state = IDENTITY;
269 data->state = IDENTITY;
319 * No EAP-AKA/Identity packets were exchanged - send empty
326 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
355 "indicates that AKA/Identity messages were "
367 "that AKA/Identity message were not used, but they "
372 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
395 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity");
401 * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
402 * ignored and the AKA/Identity is used to request the
403 * identity.
408 /* Cannot use more than three rounds of Identity messages */
411 } else if (sm->identity && sm->identity_len > 0 &&
412 (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
413 sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) {
603 sm->identity,
610 eap_sim_derive_keys_reauth(data->counter, sm->identity,
690 case IDENTITY:
732 case IDENTITY:
776 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
777 sm->identity, sm->identity_len);
779 username = sim_get_username(sm->identity, sm->identity_len);
793 /* Remain in IDENTITY state for another round to request full
794 * auth identity since we did not recognize reauth id */
811 "identity - request permanent identity");
812 /* Remain in IDENTITY state for another round */
826 } else if (sm->identity_len > 1 && sm->identity[0] == '\0') {
837 "EAP-AKA: Received encrypted identity, but no IMSI privacy key configured to decrypt it");
841 enc_id = (char *) &sm->identity[1];
842 end = (char *) &sm->identity[sm->identity_len];
850 "EAP-AKA: Encrypted permanent identity",
855 "EAP-AKA: Could not base64 decode encrypted identity");
859 "EAP-AKA: Decoded encrypted permanent identity",
870 "EAP-AKA: Failed to decrypt encrypted identity");
873 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Decrypted permanent identity",
885 os_free(sm->identity);
886 sm->identity = new_id;
956 while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
958 "character from identity");
961 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
962 sm->identity, identity_len);
965 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
969 eap_aka_derive_mk(sm->identity, identity_len, data->ik,
986 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
990 "received in EAP-Response/AKA-Identity");
997 * We always request identity with AKA/Identity, so the peer is
1000 if (!attr->identity || attr->identity_len == 0) {
1002 "identity");
1014 os_free(sm->identity);
1015 sm->identity = new_identity;
1016 os_memcpy(sm->identity, attr->identity, attr->identity_len);
1355 case IDENTITY: