]>
Commit | Line | Data |
---|---|---|
6fc6879b | 1 | /* |
f54e2c34 JM |
2 | * EAP peer/server: EAP-SIM/AKA/AKA' shared routines |
3 | * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> | |
6fc6879b | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
6fc6879b JM |
7 | */ |
8 | ||
9 | #ifndef EAP_SIM_COMMON_H | |
10 | #define EAP_SIM_COMMON_H | |
11 | ||
12 | #define EAP_SIM_NONCE_S_LEN 16 | |
13 | #define EAP_SIM_NONCE_MT_LEN 16 | |
14 | #define EAP_SIM_MAC_LEN 16 | |
15 | #define EAP_SIM_MK_LEN 20 | |
16 | #define EAP_SIM_K_AUT_LEN 16 | |
17 | #define EAP_SIM_K_ENCR_LEN 16 | |
18 | #define EAP_SIM_KEYING_DATA_LEN 64 | |
19 | #define EAP_SIM_IV_LEN 16 | |
20 | #define EAP_SIM_KC_LEN 8 | |
21 | #define EAP_SIM_SRES_LEN 4 | |
22 | ||
23 | #define GSM_RAND_LEN 16 | |
24 | ||
25 | #define EAP_SIM_VERSION 1 | |
26 | ||
27 | /* EAP-SIM Subtypes */ | |
28 | #define EAP_SIM_SUBTYPE_START 10 | |
29 | #define EAP_SIM_SUBTYPE_CHALLENGE 11 | |
30 | #define EAP_SIM_SUBTYPE_NOTIFICATION 12 | |
31 | #define EAP_SIM_SUBTYPE_REAUTHENTICATION 13 | |
32 | #define EAP_SIM_SUBTYPE_CLIENT_ERROR 14 | |
33 | ||
34 | /* AT_CLIENT_ERROR_CODE error codes */ | |
35 | #define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0 | |
36 | #define EAP_SIM_UNSUPPORTED_VERSION 1 | |
37 | #define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2 | |
38 | #define EAP_SIM_RAND_NOT_FRESH 3 | |
39 | ||
40 | #define EAP_SIM_MAX_FAST_REAUTHS 1000 | |
41 | ||
42 | #define EAP_SIM_MAX_CHAL 3 | |
43 | ||
44 | ||
45 | /* EAP-AKA Subtypes */ | |
46 | #define EAP_AKA_SUBTYPE_CHALLENGE 1 | |
47 | #define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2 | |
48 | #define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4 | |
49 | #define EAP_AKA_SUBTYPE_IDENTITY 5 | |
50 | #define EAP_AKA_SUBTYPE_NOTIFICATION 12 | |
51 | #define EAP_AKA_SUBTYPE_REAUTHENTICATION 13 | |
52 | #define EAP_AKA_SUBTYPE_CLIENT_ERROR 14 | |
53 | ||
54 | /* AT_CLIENT_ERROR_CODE error codes */ | |
55 | #define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0 | |
56 | ||
57 | #define EAP_AKA_RAND_LEN 16 | |
58 | #define EAP_AKA_AUTN_LEN 16 | |
59 | #define EAP_AKA_AUTS_LEN 14 | |
60 | #define EAP_AKA_RES_MAX_LEN 16 | |
61 | #define EAP_AKA_IK_LEN 16 | |
62 | #define EAP_AKA_CK_LEN 16 | |
63 | #define EAP_AKA_MAX_FAST_REAUTHS 1000 | |
64 | #define EAP_AKA_MIN_RES_LEN 4 | |
65 | #define EAP_AKA_MAX_RES_LEN 16 | |
66 | #define EAP_AKA_CHECKCODE_LEN 20 | |
806f8699 JM |
67 | |
68 | #define EAP_AKA_PRIME_K_AUT_LEN 32 | |
f54e2c34 | 69 | #define EAP_AKA_PRIME_CHECKCODE_LEN 32 |
9881795e | 70 | #define EAP_AKA_PRIME_K_RE_LEN 32 |
6fc6879b JM |
71 | |
72 | struct wpabuf; | |
73 | ||
74 | void eap_sim_derive_mk(const u8 *identity, size_t identity_len, | |
75 | const u8 *nonce_mt, u16 selected_version, | |
76 | const u8 *ver_list, size_t ver_list_len, | |
77 | int num_chal, const u8 *kc, u8 *mk); | |
78 | void eap_aka_derive_mk(const u8 *identity, size_t identity_len, | |
79 | const u8 *ik, const u8 *ck, u8 *mk); | |
80 | int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, | |
81 | u8 *emsk); | |
82 | int eap_sim_derive_keys_reauth(u16 _counter, | |
83 | const u8 *identity, size_t identity_len, | |
84 | const u8 *nonce_s, const u8 *mk, u8 *msk, | |
85 | u8 *emsk); | |
86 | int eap_sim_verify_mac(const u8 *k_aut, const struct wpabuf *req, | |
87 | const u8 *mac, const u8 *extra, size_t extra_len); | |
88 | void eap_sim_add_mac(const u8 *k_aut, const u8 *msg, size_t msg_len, u8 *mac, | |
89 | const u8 *extra, size_t extra_len); | |
9881795e | 90 | |
1e5839e0 | 91 | #if defined(EAP_AKA_PRIME) || defined(EAP_SERVER_AKA_PRIME) |
9881795e JM |
92 | void eap_aka_prime_derive_keys(const u8 *identity, size_t identity_len, |
93 | const u8 *ik, const u8 *ck, u8 *k_encr, | |
94 | u8 *k_aut, u8 *k_re, u8 *msk, u8 *emsk); | |
95 | int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter, | |
96 | const u8 *identity, size_t identity_len, | |
97 | const u8 *nonce_s, u8 *msk, u8 *emsk); | |
806f8699 JM |
98 | int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req, |
99 | const u8 *mac, const u8 *extra, | |
100 | size_t extra_len); | |
101 | void eap_sim_add_mac_sha256(const u8 *k_aut, const u8 *msg, size_t msg_len, | |
102 | u8 *mac, const u8 *extra, size_t extra_len); | |
6fc6879b | 103 | |
a478ef0d JM |
104 | void eap_aka_prime_derive_ck_ik_prime(u8 *ck, u8 *ik, const u8 *sqn_ak, |
105 | const u8 *network_name, | |
106 | size_t network_name_len); | |
1e5839e0 | 107 | #else /* EAP_AKA_PRIME || EAP_SERVER_AKA_PRIME */ |
a9d1364c JM |
108 | static inline void eap_aka_prime_derive_keys(const u8 *identity, |
109 | size_t identity_len, | |
110 | const u8 *ik, const u8 *ck, | |
111 | u8 *k_encr, u8 *k_aut, u8 *k_re, | |
112 | u8 *msk, u8 *emsk) | |
113 | { | |
114 | } | |
115 | ||
116 | static inline int eap_aka_prime_derive_keys_reauth(const u8 *k_re, u16 counter, | |
117 | const u8 *identity, | |
118 | size_t identity_len, | |
119 | const u8 *nonce_s, u8 *msk, | |
120 | u8 *emsk) | |
121 | { | |
122 | return -1; | |
123 | } | |
124 | ||
125 | static inline int eap_sim_verify_mac_sha256(const u8 *k_aut, | |
126 | const struct wpabuf *req, | |
127 | const u8 *mac, const u8 *extra, | |
128 | size_t extra_len) | |
129 | { | |
130 | return -1; | |
131 | } | |
1e5839e0 | 132 | #endif /* EAP_AKA_PRIME || EAP_SERVER_AKA_PRIME */ |
a478ef0d | 133 | |
6fc6879b JM |
134 | |
135 | /* EAP-SIM/AKA Attributes (0..127 non-skippable) */ | |
136 | #define EAP_SIM_AT_RAND 1 | |
137 | #define EAP_SIM_AT_AUTN 2 /* only AKA */ | |
138 | #define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */ | |
139 | #define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */ | |
140 | #define EAP_SIM_AT_PADDING 6 /* only encrypted */ | |
141 | #define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */ | |
142 | #define EAP_SIM_AT_PERMANENT_ID_REQ 10 | |
143 | #define EAP_SIM_AT_MAC 11 | |
144 | #define EAP_SIM_AT_NOTIFICATION 12 | |
145 | #define EAP_SIM_AT_ANY_ID_REQ 13 | |
146 | #define EAP_SIM_AT_IDENTITY 14 /* only send */ | |
147 | #define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */ | |
148 | #define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */ | |
149 | #define EAP_SIM_AT_FULLAUTH_ID_REQ 17 | |
150 | #define EAP_SIM_AT_COUNTER 19 /* only encrypted */ | |
151 | #define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */ | |
152 | #define EAP_SIM_AT_NONCE_S 21 /* only encrypted */ | |
153 | #define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */ | |
6ec4021c JM |
154 | #define EAP_SIM_AT_KDF_INPUT 23 /* only AKA' */ |
155 | #define EAP_SIM_AT_KDF 24 /* only AKA' */ | |
6fc6879b JM |
156 | #define EAP_SIM_AT_IV 129 |
157 | #define EAP_SIM_AT_ENCR_DATA 130 | |
158 | #define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */ | |
159 | #define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */ | |
160 | #define EAP_SIM_AT_CHECKCODE 134 /* only AKA */ | |
161 | #define EAP_SIM_AT_RESULT_IND 135 | |
01b05694 | 162 | #define EAP_SIM_AT_BIDDING 136 |
6fc6879b JM |
163 | |
164 | /* AT_NOTIFICATION notification code values */ | |
165 | #define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0 | |
166 | #define EAP_SIM_TEMPORARILY_DENIED 1026 | |
167 | #define EAP_SIM_NOT_SUBSCRIBED 1031 | |
168 | #define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384 | |
169 | #define EAP_SIM_SUCCESS 32768 | |
170 | ||
6ec4021c JM |
171 | /* EAP-AKA' AT_KDF Key Derivation Function values */ |
172 | #define EAP_AKA_PRIME_KDF 1 | |
6fc6879b | 173 | |
01b05694 JM |
174 | /* AT_BIDDING flags */ |
175 | #define EAP_AKA_BIDDING_FLAG_D 0x8000 | |
176 | ||
177 | ||
6fc6879b JM |
178 | enum eap_sim_id_req { |
179 | NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID | |
180 | }; | |
181 | ||
182 | ||
183 | struct eap_sim_attrs { | |
184 | const u8 *rand, *autn, *mac, *iv, *encr_data, *version_list, *nonce_s; | |
185 | const u8 *next_pseudonym, *next_reauth_id; | |
186 | const u8 *nonce_mt, *identity, *res, *auts; | |
187 | const u8 *checkcode; | |
6ec4021c | 188 | const u8 *kdf_input; |
01b05694 | 189 | const u8 *bidding; |
6fc6879b JM |
190 | size_t num_chal, version_list_len, encr_data_len; |
191 | size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len; | |
04a5bad6 | 192 | size_t res_len_bits; |
6fc6879b | 193 | size_t checkcode_len; |
6ec4021c | 194 | size_t kdf_input_len; |
6fc6879b JM |
195 | enum eap_sim_id_req id_req; |
196 | int notification, counter, selected_version, client_error_code; | |
197 | int counter_too_small; | |
198 | int result_ind; | |
6ec4021c JM |
199 | #define EAP_AKA_PRIME_KDF_MAX 10 |
200 | u16 kdf[EAP_AKA_PRIME_KDF_MAX]; | |
201 | size_t kdf_count; | |
6fc6879b JM |
202 | }; |
203 | ||
204 | int eap_sim_parse_attr(const u8 *start, const u8 *end, | |
205 | struct eap_sim_attrs *attr, int aka, int encr); | |
206 | u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, | |
207 | size_t encr_data_len, const u8 *iv, | |
208 | struct eap_sim_attrs *attr, int aka); | |
209 | ||
210 | ||
211 | struct eap_sim_msg; | |
212 | ||
213 | struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype); | |
b2b8a4cb JM |
214 | struct wpabuf * eap_sim_msg_finish(struct eap_sim_msg *msg, int type, |
215 | const u8 *k_aut, | |
6fc6879b JM |
216 | const u8 *extra, size_t extra_len); |
217 | void eap_sim_msg_free(struct eap_sim_msg *msg); | |
218 | u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr, | |
219 | const u8 *data, size_t len); | |
220 | u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, | |
221 | u16 value, const u8 *data, size_t len); | |
222 | u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr); | |
223 | int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv, | |
224 | u8 attr_encr); | |
225 | int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, | |
226 | int attr_pad); | |
227 | ||
228 | void eap_sim_report_notification(void *msg_ctx, int notification, int aka); | |
4df41339 | 229 | int eap_sim_anonymous_username(const u8 *id, size_t id_len); |
6fc6879b JM |
230 | |
231 | #endif /* EAP_SIM_COMMON_H */ |