[thirdparty/hostap.git] / src / eap_common / eap_sim_common.h

/*
 * EAP peer/server: EAP-SIM/AKA/AKA' shared routines
 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#ifndef EAP_SIM_COMMON_H
#define EAP_SIM_COMMON_H

#define EAP_SIM_NONCE_S_LEN 16
#define EAP_SIM_NONCE_MT_LEN 16
#define EAP_SIM_MAC_LEN 16
#define EAP_SIM_MK_LEN 20
#define EAP_SIM_K_AUT_LEN 16
#define EAP_SIM_K_ENCR_LEN 16
#define EAP_SIM_KEYING_DATA_LEN 64
#define EAP_SIM_IV_LEN 16
#define EAP_SIM_KC_LEN 8
#define EAP_SIM_SRES_LEN 4

#define GSM_RAND_LEN 16

#define EAP_SIM_VERSION 1

/* EAP-SIM Subtypes */
#define EAP_SIM_SUBTYPE_START 10
#define EAP_SIM_SUBTYPE_CHALLENGE 11
#define EAP_SIM_SUBTYPE_NOTIFICATION 12
#define EAP_SIM_SUBTYPE_REAUTHENTICATION 13
#define EAP_SIM_SUBTYPE_CLIENT_ERROR 14

/* AT_CLIENT_ERROR_CODE error codes */
#define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0
#define EAP_SIM_UNSUPPORTED_VERSION 1
#define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2
#define EAP_SIM_RAND_NOT_FRESH 3

#define EAP_SIM_MAX_FAST_REAUTHS 1000

#define EAP_SIM_MAX_CHAL 3


/* EAP-AKA Subtypes */
#define EAP_AKA_SUBTYPE_CHALLENGE 1
#define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2
#define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4
#define EAP_AKA_SUBTYPE_IDENTITY 5
#define EAP_AKA_SUBTYPE_NOTIFICATION 12
#define EAP_AKA_SUBTYPE_REAUTHENTICATION 13
#define EAP_AKA_SUBTYPE_CLIENT_ERROR 14

/* AT_CLIENT_ERROR_CODE error codes */
#define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0

#define EAP_AKA_RAND_LEN 16
#define EAP_AKA_AUTN_LEN 16
#define EAP_AKA_AUTS_LEN 14
#define EAP_AKA_RES_MAX_LEN 16
#define EAP_AKA_IK_LEN 16
#define EAP_AKA_CK_LEN 16
#define EAP_AKA_MAX_FAST_REAUTHS 1000
#define EAP_AKA_MIN_RES_LEN 4
#define EAP_AKA_MAX_RES_LEN 16
#define EAP_AKA_CHECKCODE_LEN 20

#define EAP_AKA_PRIME_K_AUT_LEN 32
#define EAP_AKA_PRIME_CHECKCODE_LEN 32
#define EAP_AKA_PRIME_K_RE_LEN 32

struct wpabuf;

void eap_sim_derive_mk(const u8 *identity, size_t identity_len,
		       const u8 *nonce_mt, u16 selected_version,
		       const u8 *ver_list, size_t ver_list_len,
		       int num_chal, const u8 *kc, u8 *mk);
void eap_aka_derive_mk(const u8 *identity, size_t identity_len,
		       const u8 *ik, const u8 *ck, u8 *mk);
int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk,
			u8 *emsk);
int eap_sim_derive_keys_reauth(u16 _counter,
			       const u8 *identity, size_t identity_len,
			       const u8 *nonce_s, const u8 *mk, u8 *msk,
			       u8 *emsk);
int eap_sim_verify_mac(const u8 *k_aut, const struct wpabuf *req,
		       const u8 *mac, const u8 *extra, size_t extra_len);
void eap_sim_add_mac(const u8 *k_aut, const u8 *msg, size_t msg_len, u8 *mac,
		     const u8 *extra, size_t extra_len);

#if defined(EAP_AKA_PRIME) || defined(EAP_SERVER_AKA_PRIME)
void eap_aka_prime_derive_keys(const u8 *identity, size_t identity_len,
			       const u8 *ik, const u8 *ck, u8 *k_encr,
			       u8 *k_aut, u8 *k_re, u8 *msk, u8 *emsk);
int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter,
				     const u8 *identity, size_t identity_len,
				     const u8 *nonce_s, u8 *msk, u8 *emsk);
int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req,
			      const u8 *mac, const u8 *extra,
			      size_t extra_len);
void eap_sim_add_mac_sha256(const u8 *k_aut, const u8 *msg, size_t msg_len,
			    u8 *mac, const u8 *extra, size_t extra_len);

void eap_aka_prime_derive_ck_ik_prime(u8 *ck, u8 *ik, const u8 *sqn_ak,
				      const u8 *network_name,
				      size_t network_name_len);
#else /* EAP_AKA_PRIME || EAP_SERVER_AKA_PRIME */
static inline void eap_aka_prime_derive_keys(const u8 *identity,
					     size_t identity_len,
					     const u8 *ik, const u8 *ck,
					     u8 *k_encr, u8 *k_aut, u8 *k_re,
					     u8 *msk, u8 *emsk)
{
}

static inline int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter,
						   const u8 *identity,
						   size_t identity_len,
						   const u8 *nonce_s, u8 *msk,
						   u8 *emsk)
{
	return -1;
}

static inline int eap_sim_verify_mac_sha256(const u8 *k_aut,
					    const struct wpabuf *req,
					    const u8 *mac, const u8 *extra,
					    size_t extra_len)
{
	return -1;
}
#endif /* EAP_AKA_PRIME || EAP_SERVER_AKA_PRIME */


/* EAP-SIM/AKA Attributes (0..127 non-skippable) */
#define EAP_SIM_AT_RAND 1
#define EAP_SIM_AT_AUTN 2 /* only AKA */
#define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */
#define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */
#define EAP_SIM_AT_PADDING 6 /* only encrypted */
#define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */
#define EAP_SIM_AT_PERMANENT_ID_REQ 10
#define EAP_SIM_AT_MAC 11
#define EAP_SIM_AT_NOTIFICATION 12
#define EAP_SIM_AT_ANY_ID_REQ 13
#define EAP_SIM_AT_IDENTITY 14 /* only send */
#define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */
#define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */
#define EAP_SIM_AT_FULLAUTH_ID_REQ 17
#define EAP_SIM_AT_COUNTER 19 /* only encrypted */
#define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */
#define EAP_SIM_AT_NONCE_S 21 /* only encrypted */
#define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */
#define EAP_SIM_AT_KDF_INPUT 23 /* only AKA' */
#define EAP_SIM_AT_KDF 24 /* only AKA' */
#define EAP_SIM_AT_IV 129
#define EAP_SIM_AT_ENCR_DATA 130
#define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */
#define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */
#define EAP_SIM_AT_CHECKCODE 134 /* only AKA */
#define EAP_SIM_AT_RESULT_IND 135
#define EAP_SIM_AT_BIDDING 136

/* AT_NOTIFICATION notification code values */
#define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0
#define EAP_SIM_TEMPORARILY_DENIED 1026
#define EAP_SIM_NOT_SUBSCRIBED 1031
#define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384
#define EAP_SIM_SUCCESS 32768

/* EAP-AKA' AT_KDF Key Derivation Function values */
#define EAP_AKA_PRIME_KDF 1

/* AT_BIDDING flags */
#define EAP_AKA_BIDDING_FLAG_D 0x8000


enum eap_sim_id_req {
	NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID
};


struct eap_sim_attrs {
	const u8 *rand, *autn, *mac, *iv, *encr_data, *version_list, *nonce_s;
	const u8 *next_pseudonym, *next_reauth_id;
	const u8 *nonce_mt, *identity, *res, *auts;
	const u8 *checkcode;
	const u8 *kdf_input;
	const u8 *bidding;
	size_t num_chal, version_list_len, encr_data_len;
	size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len;
	size_t res_len_bits;
	size_t checkcode_len;
	size_t kdf_input_len;
	enum eap_sim_id_req id_req;
	int notification, counter, selected_version, client_error_code;
	int counter_too_small;
	int result_ind;
#define EAP_AKA_PRIME_KDF_MAX 10
	u16 kdf[EAP_AKA_PRIME_KDF_MAX];
	size_t kdf_count;
};

int eap_sim_parse_attr(const u8 *start, const u8 *end,
		       struct eap_sim_attrs *attr, int aka, int encr);
u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data,
			size_t encr_data_len, const u8 *iv,
			struct eap_sim_attrs *attr, int aka);


struct eap_sim_msg;

struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype);
struct wpabuf * eap_sim_msg_finish(struct eap_sim_msg *msg, int type,
				   const u8 *k_aut,
				   const u8 *extra, size_t extra_len);
void eap_sim_msg_free(struct eap_sim_msg *msg);
u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr,
			  const u8 *data, size_t len);
u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr,
		     u16 value, const u8 *data, size_t len);
u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr);
int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
			       u8 attr_encr);
int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr,
			     int attr_pad);

void eap_sim_report_notification(void *msg_ctx, int notification, int aka);
int eap_sim_anonymous_username(const u8 *id, size_t id_len);

#endif /* EAP_SIM_COMMON_H */
Commit	Line	Data
6fc6879b	1	/*
f54e2c34 JM	2	* EAP peer/server: EAP-SIM/AKA/AKA' shared routines
f54e2c34 JM	3	* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
6fc6879b	4	*
0f3d578e JM	5	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	6	* See README for more details.
6fc6879b JM	7	*/
	8
	9	#ifndef EAP_SIM_COMMON_H
	10	#define EAP_SIM_COMMON_H
	11
	12	#define EAP_SIM_NONCE_S_LEN 16
	13	#define EAP_SIM_NONCE_MT_LEN 16
	14	#define EAP_SIM_MAC_LEN 16
	15	#define EAP_SIM_MK_LEN 20
	16	#define EAP_SIM_K_AUT_LEN 16
	17	#define EAP_SIM_K_ENCR_LEN 16
	18	#define EAP_SIM_KEYING_DATA_LEN 64
	19	#define EAP_SIM_IV_LEN 16
	20	#define EAP_SIM_KC_LEN 8
	21	#define EAP_SIM_SRES_LEN 4
	22
	23	#define GSM_RAND_LEN 16
	24
	25	#define EAP_SIM_VERSION 1
	26
	27	/* EAP-SIM Subtypes */
	28	#define EAP_SIM_SUBTYPE_START 10
	29	#define EAP_SIM_SUBTYPE_CHALLENGE 11
	30	#define EAP_SIM_SUBTYPE_NOTIFICATION 12
	31	#define EAP_SIM_SUBTYPE_REAUTHENTICATION 13
	32	#define EAP_SIM_SUBTYPE_CLIENT_ERROR 14
	33
	34	/* AT_CLIENT_ERROR_CODE error codes */
	35	#define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0
	36	#define EAP_SIM_UNSUPPORTED_VERSION 1
	37	#define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2
	38	#define EAP_SIM_RAND_NOT_FRESH 3
	39
	40	#define EAP_SIM_MAX_FAST_REAUTHS 1000
	41
	42	#define EAP_SIM_MAX_CHAL 3
	43
	44
	45	/* EAP-AKA Subtypes */
	46	#define EAP_AKA_SUBTYPE_CHALLENGE 1
	47	#define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2
	48	#define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4
	49	#define EAP_AKA_SUBTYPE_IDENTITY 5
	50	#define EAP_AKA_SUBTYPE_NOTIFICATION 12
	51	#define EAP_AKA_SUBTYPE_REAUTHENTICATION 13
	52	#define EAP_AKA_SUBTYPE_CLIENT_ERROR 14
	53
	54	/* AT_CLIENT_ERROR_CODE error codes */
	55	#define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0
	56
	57	#define EAP_AKA_RAND_LEN 16
	58	#define EAP_AKA_AUTN_LEN 16
	59	#define EAP_AKA_AUTS_LEN 14
	60	#define EAP_AKA_RES_MAX_LEN 16
	61	#define EAP_AKA_IK_LEN 16
	62	#define EAP_AKA_CK_LEN 16
	63	#define EAP_AKA_MAX_FAST_REAUTHS 1000
	64	#define EAP_AKA_MIN_RES_LEN 4
	65	#define EAP_AKA_MAX_RES_LEN 16
	66	#define EAP_AKA_CHECKCODE_LEN 20
806f8699 JM	67
806f8699 JM	68	#define EAP_AKA_PRIME_K_AUT_LEN 32
f54e2c34	69	#define EAP_AKA_PRIME_CHECKCODE_LEN 32
9881795e	70	#define EAP_AKA_PRIME_K_RE_LEN 32
6fc6879b JM	71
	72	struct wpabuf;
	73
	74	void eap_sim_derive_mk(const u8 *identity, size_t identity_len,
	75	const u8 *nonce_mt, u16 selected_version,
	76	const u8 *ver_list, size_t ver_list_len,
	77	int num_chal, const u8 kc, u8 mk);
	78	void eap_aka_derive_mk(const u8 *identity, size_t identity_len,
	79	const u8 ik, const u8 ck, u8 *mk);
	80	int eap_sim_derive_keys(const u8 mk, u8 k_encr, u8 k_aut, u8 msk,
	81	u8 *emsk);
	82	int eap_sim_derive_keys_reauth(u16 _counter,
	83	const u8 *identity, size_t identity_len,
	84	const u8 nonce_s, const u8 mk, u8 *msk,
	85	u8 *emsk);
	86	int eap_sim_verify_mac(const u8 k_aut, const struct wpabuf req,
	87	const u8 mac, const u8 extra, size_t extra_len);
	88	void eap_sim_add_mac(const u8 k_aut, const u8 msg, size_t msg_len, u8 *mac,
	89	const u8 *extra, size_t extra_len);
9881795e	90
1e5839e0	91	#if defined(EAP_AKA_PRIME) \|\| defined(EAP_SERVER_AKA_PRIME)
9881795e JM	92	void eap_aka_prime_derive_keys(const u8 *identity, size_t identity_len,
	93	const u8 ik, const u8 ck, u8 *k_encr,
	94	u8 k_aut, u8 k_re, u8 msk, u8 emsk);
	95	int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter,
	96	const u8 *identity, size_t identity_len,
	97	const u8 nonce_s, u8 msk, u8 *emsk);
806f8699 JM	98	int eap_sim_verify_mac_sha256(const u8 k_aut, const struct wpabuf req,
	99	const u8 mac, const u8 extra,
	100	size_t extra_len);
	101	void eap_sim_add_mac_sha256(const u8 k_aut, const u8 msg, size_t msg_len,
	102	u8 mac, const u8 extra, size_t extra_len);
6fc6879b	103
a478ef0d JM	104	void eap_aka_prime_derive_ck_ik_prime(u8 ck, u8 ik, const u8 *sqn_ak,
	105	const u8 *network_name,
	106	size_t network_name_len);
1e5839e0	107	#else /* EAP_AKA_PRIME \|\| EAP_SERVER_AKA_PRIME */
a9d1364c JM	108	static inline void eap_aka_prime_derive_keys(const u8 *identity,
	109	size_t identity_len,
	110	const u8 ik, const u8 ck,
	111	u8 k_encr, u8 k_aut, u8 *k_re,
	112	u8 msk, u8 emsk)
	113	{
	114	}
	115
	116	static inline int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter,
	117	const u8 *identity,
	118	size_t identity_len,
	119	const u8 nonce_s, u8 msk,
	120	u8 *emsk)
	121	{
	122	return -1;
	123	}
	124
	125	static inline int eap_sim_verify_mac_sha256(const u8 *k_aut,
	126	const struct wpabuf *req,
	127	const u8 mac, const u8 extra,
	128	size_t extra_len)
	129	{
	130	return -1;
	131	}
1e5839e0	132	#endif /* EAP_AKA_PRIME \|\| EAP_SERVER_AKA_PRIME */
a478ef0d	133
6fc6879b JM	134
	135	/* EAP-SIM/AKA Attributes (0..127 non-skippable) */
	136	#define EAP_SIM_AT_RAND 1
	137	#define EAP_SIM_AT_AUTN 2 /* only AKA */
	138	#define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */
	139	#define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */
	140	#define EAP_SIM_AT_PADDING 6 /* only encrypted */
	141	#define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */
	142	#define EAP_SIM_AT_PERMANENT_ID_REQ 10
	143	#define EAP_SIM_AT_MAC 11
	144	#define EAP_SIM_AT_NOTIFICATION 12
	145	#define EAP_SIM_AT_ANY_ID_REQ 13
	146	#define EAP_SIM_AT_IDENTITY 14 /* only send */
	147	#define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */
	148	#define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */
	149	#define EAP_SIM_AT_FULLAUTH_ID_REQ 17
	150	#define EAP_SIM_AT_COUNTER 19 /* only encrypted */
	151	#define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */
	152	#define EAP_SIM_AT_NONCE_S 21 /* only encrypted */
	153	#define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */
6ec4021c JM	154	#define EAP_SIM_AT_KDF_INPUT 23 /* only AKA' */
6ec4021c JM	155	#define EAP_SIM_AT_KDF 24 /* only AKA' */
6fc6879b JM	156	#define EAP_SIM_AT_IV 129
	157	#define EAP_SIM_AT_ENCR_DATA 130
	158	#define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */
	159	#define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */
	160	#define EAP_SIM_AT_CHECKCODE 134 /* only AKA */
	161	#define EAP_SIM_AT_RESULT_IND 135
01b05694	162	#define EAP_SIM_AT_BIDDING 136
6fc6879b JM	163
	164	/* AT_NOTIFICATION notification code values */
	165	#define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0
	166	#define EAP_SIM_TEMPORARILY_DENIED 1026
	167	#define EAP_SIM_NOT_SUBSCRIBED 1031
	168	#define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384
	169	#define EAP_SIM_SUCCESS 32768
	170
6ec4021c JM	171	/* EAP-AKA' AT_KDF Key Derivation Function values */
6ec4021c JM	172	#define EAP_AKA_PRIME_KDF 1
6fc6879b	173
01b05694 JM	174	/* AT_BIDDING flags */
	175	#define EAP_AKA_BIDDING_FLAG_D 0x8000
	176
	177
6fc6879b JM	178	enum eap_sim_id_req {
	179	NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID
	180	};
	181
	182
	183	struct eap_sim_attrs {
	184	const u8 rand, autn, mac, iv, encr_data, version_list, *nonce_s;
	185	const u8 next_pseudonym, next_reauth_id;
	186	const u8 nonce_mt, identity, res, auts;
	187	const u8 *checkcode;
6ec4021c	188	const u8 *kdf_input;
01b05694	189	const u8 *bidding;
6fc6879b JM	190	size_t num_chal, version_list_len, encr_data_len;
6fc6879b JM	191	size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len;
04a5bad6	192	size_t res_len_bits;
6fc6879b	193	size_t checkcode_len;
6ec4021c	194	size_t kdf_input_len;
6fc6879b JM	195	enum eap_sim_id_req id_req;
	196	int notification, counter, selected_version, client_error_code;
	197	int counter_too_small;
	198	int result_ind;
6ec4021c JM	199	#define EAP_AKA_PRIME_KDF_MAX 10
	200	u16 kdf[EAP_AKA_PRIME_KDF_MAX];
	201	size_t kdf_count;
6fc6879b JM	202	};
	203
	204	int eap_sim_parse_attr(const u8 start, const u8 end,
	205	struct eap_sim_attrs *attr, int aka, int encr);
	206	u8 * eap_sim_parse_encr(const u8 k_encr, const u8 encr_data,
	207	size_t encr_data_len, const u8 *iv,
	208	struct eap_sim_attrs *attr, int aka);
	209
	210
	211	struct eap_sim_msg;
	212
	213	struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype);
b2b8a4cb JM	214	struct wpabuf * eap_sim_msg_finish(struct eap_sim_msg *msg, int type,
b2b8a4cb JM	215	const u8 *k_aut,
6fc6879b JM	216	const u8 *extra, size_t extra_len);
	217	void eap_sim_msg_free(struct eap_sim_msg *msg);
	218	u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr,
	219	const u8 *data, size_t len);
	220	u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr,
	221	u16 value, const u8 *data, size_t len);
	222	u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr);
	223	int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
	224	u8 attr_encr);
	225	int eap_sim_msg_add_encr_end(struct eap_sim_msg msg, u8 k_encr,
	226	int attr_pad);
	227
	228	void eap_sim_report_notification(void *msg_ctx, int notification, int aka);
4df41339	229	int eap_sim_anonymous_username(const u8 *id, size_t id_len);
6fc6879b JM	230
6fc6879b JM	231	#endif /* EAP_SIM_COMMON_H */