]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/eap_server/eap_server_aka.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
EAP-AKA server: Avoid void pointer arithmetic
[thirdparty/hostap.git] / src / eap_server / eap_server_aka.c
1 /*
2 * hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448)
3 * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/sha256.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "eap_common/eap_sim_common.h"
16 #include "eap_server/eap_i.h"
17 #include "eap_server/eap_sim_db.h"
18
19
20 struct eap_aka_data {
21 u8 mk[EAP_SIM_MK_LEN];
22 u8 nonce_s[EAP_SIM_NONCE_S_LEN];
23 u8 k_aut[EAP_AKA_PRIME_K_AUT_LEN];
24 u8 k_encr[EAP_SIM_K_ENCR_LEN];
25 u8 k_re[EAP_AKA_PRIME_K_RE_LEN]; /* EAP-AKA' only */
26 u8 msk[EAP_SIM_KEYING_DATA_LEN];
27 u8 emsk[EAP_EMSK_LEN];
28 u8 rand[EAP_AKA_RAND_LEN];
29 u8 autn[EAP_AKA_AUTN_LEN];
30 u8 ck[EAP_AKA_CK_LEN];
31 u8 ik[EAP_AKA_IK_LEN];
32 u8 res[EAP_AKA_RES_MAX_LEN];
33 u8 reauth_mac[EAP_SIM_MAC_LEN];
34 size_t res_len;
35 enum {
36 IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE
37 } state;
38 char *next_pseudonym;
39 char *next_reauth_id;
40 u16 counter;
41 struct eap_sim_reauth *reauth;
42 int auts_reported; /* whether the current AUTS has been reported to the
43 * eap_sim_db */
44 u16 notification;
45 int use_result_ind;
46
47 struct wpabuf *id_msgs;
48 int pending_id;
49 u8 eap_method;
50 u8 *network_name;
51 size_t network_name_len;
52 u16 kdf;
53 int identity_round;
54 char permanent[20]; /* Permanent username */
55 };
56
57
58 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data);
59
60
61 static const char * eap_aka_state_txt(int state)
62 {
63 switch (state) {
64 case IDENTITY:
65 return "IDENTITY";
66 case CHALLENGE:
67 return "CHALLENGE";
68 case REAUTH:
69 return "REAUTH";
70 case SUCCESS:
71 return "SUCCESS";
72 case FAILURE:
73 return "FAILURE";
74 case NOTIFICATION:
75 return "NOTIFICATION";
76 default:
77 return "Unknown?!";
78 }
79 }
80
81
82 static void eap_aka_state(struct eap_aka_data *data, int state)
83 {
84 wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s",
85 eap_aka_state_txt(data->state),
86 eap_aka_state_txt(state));
87 data->state = state;
88 }
89
90
91 static int eap_aka_check_identity_reauth(struct eap_sm *sm,
92 struct eap_aka_data *data,
93 const char *username)
94 {
95 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
96 username[0] != EAP_AKA_PRIME_REAUTH_ID_PREFIX)
97 return 0;
98 if (data->eap_method == EAP_TYPE_AKA &&
99 username[0] != EAP_AKA_REAUTH_ID_PREFIX)
100 return 0;
101
102 wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username);
103 data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
104 username);
105 if (data->reauth == NULL) {
106 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
107 "request full auth identity");
108 /* Remain in IDENTITY state for another round */
109 return 0;
110 }
111
112 wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast re-authentication");
113 os_strlcpy(data->permanent, data->reauth->permanent,
114 sizeof(data->permanent));
115 data->counter = data->reauth->counter;
116 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
117 os_memcpy(data->k_encr, data->reauth->k_encr,
118 EAP_SIM_K_ENCR_LEN);
119 os_memcpy(data->k_aut, data->reauth->k_aut,
120 EAP_AKA_PRIME_K_AUT_LEN);
121 os_memcpy(data->k_re, data->reauth->k_re,
122 EAP_AKA_PRIME_K_RE_LEN);
123 } else {
124 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
125 }
126
127 eap_aka_state(data, REAUTH);
128 return 1;
129 }
130
131
132 static void eap_aka_check_identity(struct eap_sm *sm,
133 struct eap_aka_data *data)
134 {
135 char *username;
136
137 /* Check if we already know the identity from EAP-Response/Identity */
138
139 username = sim_get_username(sm->identity, sm->identity_len);
140 if (username == NULL)
141 return;
142
143 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
144 os_free(username);
145 /*
146 * Since re-auth username was recognized, skip AKA/Identity
147 * exchange.
148 */
149 return;
150 }
151
152 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
153 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
154 (data->eap_method == EAP_TYPE_AKA &&
155 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
156 const char *permanent;
157 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
158 username);
159 permanent = eap_sim_db_get_permanent(
160 sm->eap_sim_db_priv, username);
161 if (permanent == NULL) {
162 os_free(username);
163 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
164 "identity - request permanent identity");
165 /* Remain in IDENTITY state for another round */
166 return;
167 }
168 os_strlcpy(data->permanent, permanent,
169 sizeof(data->permanent));
170 /*
171 * Since pseudonym username was recognized, skip AKA/Identity
172 * exchange.
173 */
174 eap_aka_fullauth(sm, data);
175 }
176
177 os_free(username);
178 }
179
180
181 static void * eap_aka_init(struct eap_sm *sm)
182 {
183 struct eap_aka_data *data;
184
185 if (sm->eap_sim_db_priv == NULL) {
186 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
187 return NULL;
188 }
189
190 data = os_zalloc(sizeof(*data));
191 if (data == NULL)
192 return NULL;
193
194 data->eap_method = EAP_TYPE_AKA;
195
196 data->state = IDENTITY;
197 data->pending_id = -1;
198 eap_aka_check_identity(sm, data);
199
200 return data;
201 }
202
203
204 #ifdef EAP_SERVER_AKA_PRIME
205 static void * eap_aka_prime_init(struct eap_sm *sm)
206 {
207 struct eap_aka_data *data;
208 /* TODO: make ANID configurable; see 3GPP TS 24.302 */
209 char *network_name = "WLAN";
210
211 if (sm->eap_sim_db_priv == NULL) {
212 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
213 return NULL;
214 }
215
216 data = os_zalloc(sizeof(*data));
217 if (data == NULL)
218 return NULL;
219
220 data->eap_method = EAP_TYPE_AKA_PRIME;
221 data->network_name = (u8 *) os_strdup(network_name);
222 if (data->network_name == NULL) {
223 os_free(data);
224 return NULL;
225 }
226
227 data->network_name_len = os_strlen(network_name);
228
229 data->state = IDENTITY;
230 data->pending_id = -1;
231 eap_aka_check_identity(sm, data);
232
233 return data;
234 }
235 #endif /* EAP_SERVER_AKA_PRIME */
236
237
238 static void eap_aka_reset(struct eap_sm *sm, void *priv)
239 {
240 struct eap_aka_data *data = priv;
241 os_free(data->next_pseudonym);
242 os_free(data->next_reauth_id);
243 wpabuf_free(data->id_msgs);
244 os_free(data->network_name);
245 bin_clear_free(data, sizeof(*data));
246 }
247
248
249 static int eap_aka_add_id_msg(struct eap_aka_data *data,
250 const struct wpabuf *msg)
251 {
252 if (msg == NULL)
253 return -1;
254
255 if (data->id_msgs == NULL) {
256 data->id_msgs = wpabuf_dup(msg);
257 return data->id_msgs == NULL ? -1 : 0;
258 }
259
260 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
261 return -1;
262 wpabuf_put_buf(data->id_msgs, msg);
263
264 return 0;
265 }
266
267
268 static void eap_aka_add_checkcode(struct eap_aka_data *data,
269 struct eap_sim_msg *msg)
270 {
271 const u8 *addr;
272 size_t len;
273 u8 hash[SHA256_MAC_LEN];
274
275 wpa_printf(MSG_DEBUG, " AT_CHECKCODE");
276
277 if (data->id_msgs == NULL) {
278 /*
279 * No EAP-AKA/Identity packets were exchanged - send empty
280 * checkcode.
281 */
282 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, NULL, 0);
283 return;
284 }
285
286 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
287 addr = wpabuf_head(data->id_msgs);
288 len = wpabuf_len(data->id_msgs);
289 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
290 if (data->eap_method == EAP_TYPE_AKA_PRIME)
291 sha256_vector(1, &addr, &len, hash);
292 else
293 sha1_vector(1, &addr, &len, hash);
294
295 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, hash,
296 data->eap_method == EAP_TYPE_AKA_PRIME ?
297 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN);
298 }
299
300
301 static int eap_aka_verify_checkcode(struct eap_aka_data *data,
302 const u8 *checkcode, size_t checkcode_len)
303 {
304 const u8 *addr;
305 size_t len;
306 u8 hash[SHA256_MAC_LEN];
307 size_t hash_len;
308
309 if (checkcode == NULL)
310 return -1;
311
312 if (data->id_msgs == NULL) {
313 if (checkcode_len != 0) {
314 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer "
315 "indicates that AKA/Identity messages were "
316 "used, but they were not");
317 return -1;
318 }
319 return 0;
320 }
321
322 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
323 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN;
324
325 if (checkcode_len != hash_len) {
326 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer indicates "
327 "that AKA/Identity message were not used, but they "
328 "were");
329 return -1;
330 }
331
332 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
333 addr = wpabuf_head(data->id_msgs);
334 len = wpabuf_len(data->id_msgs);
335 if (data->eap_method == EAP_TYPE_AKA_PRIME)
336 sha256_vector(1, &addr, &len, hash);
337 else
338 sha1_vector(1, &addr, &len, hash);
339
340 if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
341 wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
342 return -1;
343 }
344
345 return 0;
346 }
347
348
349 static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
350 struct eap_aka_data *data, u8 id)
351 {
352 struct eap_sim_msg *msg;
353 struct wpabuf *buf;
354
355 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity");
356 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
357 EAP_AKA_SUBTYPE_IDENTITY);
358 data->identity_round++;
359 if (data->identity_round == 1) {
360 /*
361 * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
362 * ignored and the AKA/Identity is used to request the
363 * identity.
364 */
365 wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
366 eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
367 } else if (data->identity_round > 3) {
368 /* Cannot use more than three rounds of Identity messages */
369 eap_sim_msg_free(msg);
370 return NULL;
371 } else if (sm->identity && sm->identity_len > 0 &&
372 (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
373 sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) {
374 /* Reauth id may have expired - try fullauth */
375 wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ");
376 eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0);
377 } else {
378 wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
379 eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
380 }
381 buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
382 if (eap_aka_add_id_msg(data, buf) < 0) {
383 wpabuf_free(buf);
384 return NULL;
385 }
386 data->pending_id = id;
387 return buf;
388 }
389
390
391 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
392 struct eap_sim_msg *msg, u16 counter,
393 const u8 *nonce_s)
394 {
395 os_free(data->next_pseudonym);
396 if (nonce_s == NULL) {
397 data->next_pseudonym =
398 eap_sim_db_get_next_pseudonym(
399 sm->eap_sim_db_priv,
400 data->eap_method == EAP_TYPE_AKA_PRIME ?
401 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
402 } else {
403 /* Do not update pseudonym during re-authentication */
404 data->next_pseudonym = NULL;
405 }
406 os_free(data->next_reauth_id);
407 if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
408 data->next_reauth_id =
409 eap_sim_db_get_next_reauth_id(
410 sm->eap_sim_db_priv,
411 data->eap_method == EAP_TYPE_AKA_PRIME ?
412 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
413 } else {
414 wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication "
415 "count exceeded - force full authentication");
416 data->next_reauth_id = NULL;
417 }
418
419 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
420 counter == 0 && nonce_s == NULL)
421 return 0;
422
423 wpa_printf(MSG_DEBUG, " AT_IV");
424 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
425 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
426
427 if (counter > 0) {
428 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter);
429 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
430 }
431
432 if (nonce_s) {
433 wpa_printf(MSG_DEBUG, " *AT_NONCE_S");
434 eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s,
435 EAP_SIM_NONCE_S_LEN);
436 }
437
438 if (data->next_pseudonym) {
439 wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)",
440 data->next_pseudonym);
441 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM,
442 os_strlen(data->next_pseudonym),
443 (u8 *) data->next_pseudonym,
444 os_strlen(data->next_pseudonym));
445 }
446
447 if (data->next_reauth_id) {
448 wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)",
449 data->next_reauth_id);
450 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID,
451 os_strlen(data->next_reauth_id),
452 (u8 *) data->next_reauth_id,
453 os_strlen(data->next_reauth_id));
454 }
455
456 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
457 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
458 "AT_ENCR_DATA");
459 return -1;
460 }
461
462 return 0;
463 }
464
465
466 static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm,
467 struct eap_aka_data *data,
468 u8 id)
469 {
470 struct eap_sim_msg *msg;
471
472 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge");
473 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
474 EAP_AKA_SUBTYPE_CHALLENGE);
475 wpa_printf(MSG_DEBUG, " AT_RAND");
476 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN);
477 wpa_printf(MSG_DEBUG, " AT_AUTN");
478 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN);
479 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
480 if (data->kdf) {
481 /* Add the selected KDF into the beginning */
482 wpa_printf(MSG_DEBUG, " AT_KDF");
483 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf,
484 NULL, 0);
485 }
486 wpa_printf(MSG_DEBUG, " AT_KDF");
487 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, EAP_AKA_PRIME_KDF,
488 NULL, 0);
489 wpa_printf(MSG_DEBUG, " AT_KDF_INPUT");
490 eap_sim_msg_add(msg, EAP_SIM_AT_KDF_INPUT,
491 data->network_name_len,
492 data->network_name, data->network_name_len);
493 }
494
495 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) {
496 eap_sim_msg_free(msg);
497 return NULL;
498 }
499
500 eap_aka_add_checkcode(data, msg);
501
502 if (sm->eap_sim_aka_result_ind) {
503 wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
504 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
505 }
506
507 #ifdef EAP_SERVER_AKA_PRIME
508 if (data->eap_method == EAP_TYPE_AKA) {
509 u16 flags = 0;
510 int i;
511 int aka_prime_preferred = 0;
512
513 i = 0;
514 while (sm->user && i < EAP_MAX_METHODS &&
515 (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
516 sm->user->methods[i].method != EAP_TYPE_NONE)) {
517 if (sm->user->methods[i].vendor == EAP_VENDOR_IETF) {
518 if (sm->user->methods[i].method ==
519 EAP_TYPE_AKA)
520 break;
521 if (sm->user->methods[i].method ==
522 EAP_TYPE_AKA_PRIME) {
523 aka_prime_preferred = 1;
524 break;
525 }
526 }
527 i++;
528 }
529
530 if (aka_prime_preferred)
531 flags |= EAP_AKA_BIDDING_FLAG_D;
532 eap_sim_msg_add(msg, EAP_SIM_AT_BIDDING, flags, NULL, 0);
533 }
534 #endif /* EAP_SERVER_AKA_PRIME */
535
536 wpa_printf(MSG_DEBUG, " AT_MAC");
537 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
538 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
539 }
540
541
542 static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
543 struct eap_aka_data *data, u8 id)
544 {
545 struct eap_sim_msg *msg;
546 struct wpabuf *buf;
547
548 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication");
549
550 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
551 return NULL;
552 wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S",
553 data->nonce_s, EAP_SIM_NONCE_S_LEN);
554
555 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
556 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
557 sm->identity,
558 sm->identity_len,
559 data->nonce_s,
560 data->msk, data->emsk);
561 } else {
562 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
563 data->msk, data->emsk);
564 eap_sim_derive_keys_reauth(data->counter, sm->identity,
565 sm->identity_len, data->nonce_s,
566 data->mk, data->msk, data->emsk);
567 }
568
569 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
570 EAP_AKA_SUBTYPE_REAUTHENTICATION);
571
572 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
573 eap_sim_msg_free(msg);
574 return NULL;
575 }
576
577 eap_aka_add_checkcode(data, msg);
578
579 if (sm->eap_sim_aka_result_ind) {
580 wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
581 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
582 }
583
584 wpa_printf(MSG_DEBUG, " AT_MAC");
585 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
586 buf = eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
587
588 /* Remember this MAC before sending it to the peer. This MAC is used for
589 * Session-Id calculation after receiving response from the peer and
590 * after all other checks pass. */
591 os_memcpy(data->reauth_mac,
592 wpabuf_head_u8(buf) + wpabuf_len(buf) - EAP_SIM_MAC_LEN,
593 EAP_SIM_MAC_LEN);
594
595 return buf;
596 }
597
598
599 static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm,
600 struct eap_aka_data *data,
601 u8 id)
602 {
603 struct eap_sim_msg *msg;
604
605 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification");
606 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
607 EAP_AKA_SUBTYPE_NOTIFICATION);
608 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
609 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
610 NULL, 0);
611 if (data->use_result_ind) {
612 if (data->reauth) {
613 wpa_printf(MSG_DEBUG, " AT_IV");
614 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
615 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
616 EAP_SIM_AT_ENCR_DATA);
617 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
618 data->counter);
619 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
620 NULL, 0);
621
622 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
623 EAP_SIM_AT_PADDING)) {
624 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to "
625 "encrypt AT_ENCR_DATA");
626 eap_sim_msg_free(msg);
627 return NULL;
628 }
629 }
630
631 wpa_printf(MSG_DEBUG, " AT_MAC");
632 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
633 }
634 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
635 }
636
637
638 static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id)
639 {
640 struct eap_aka_data *data = priv;
641
642 data->auts_reported = 0;
643 switch (data->state) {
644 case IDENTITY:
645 return eap_aka_build_identity(sm, data, id);
646 case CHALLENGE:
647 return eap_aka_build_challenge(sm, data, id);
648 case REAUTH:
649 return eap_aka_build_reauth(sm, data, id);
650 case NOTIFICATION:
651 return eap_aka_build_notification(sm, data, id);
652 default:
653 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
654 "buildReq", data->state);
655 break;
656 }
657 return NULL;
658 }
659
660
661 static Boolean eap_aka_check(struct eap_sm *sm, void *priv,
662 struct wpabuf *respData)
663 {
664 struct eap_aka_data *data = priv;
665 const u8 *pos;
666 size_t len;
667
668 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
669 &len);
670 if (pos == NULL || len < 3) {
671 wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame");
672 return TRUE;
673 }
674
675 return FALSE;
676 }
677
678
679 static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
680 {
681 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR ||
682 subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT)
683 return FALSE;
684
685 switch (data->state) {
686 case IDENTITY:
687 if (subtype != EAP_AKA_SUBTYPE_IDENTITY) {
688 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
689 "subtype %d", subtype);
690 return TRUE;
691 }
692 break;
693 case CHALLENGE:
694 if (subtype != EAP_AKA_SUBTYPE_CHALLENGE &&
695 subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
696 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
697 "subtype %d", subtype);
698 return TRUE;
699 }
700 break;
701 case REAUTH:
702 if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) {
703 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
704 "subtype %d", subtype);
705 return TRUE;
706 }
707 break;
708 case NOTIFICATION:
709 if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) {
710 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
711 "subtype %d", subtype);
712 return TRUE;
713 }
714 break;
715 default:
716 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for "
717 "processing a response", data->state);
718 return TRUE;
719 }
720
721 return FALSE;
722 }
723
724
725 static void eap_aka_determine_identity(struct eap_sm *sm,
726 struct eap_aka_data *data)
727 {
728 char *username;
729
730 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
731 sm->identity, sm->identity_len);
732
733 username = sim_get_username(sm->identity, sm->identity_len);
734 if (username == NULL) {
735 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
736 eap_aka_state(data, NOTIFICATION);
737 return;
738 }
739
740 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
741 os_free(username);
742 return;
743 }
744
745 if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
746 username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
747 (data->eap_method == EAP_TYPE_AKA &&
748 username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
749 data->identity_round == 1) {
750 /* Remain in IDENTITY state for another round to request full
751 * auth identity since we did not recognize reauth id */
752 os_free(username);
753 return;
754 }
755
756 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
757 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
758 (data->eap_method == EAP_TYPE_AKA &&
759 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
760 const char *permanent;
761 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
762 username);
763 permanent = eap_sim_db_get_permanent(
764 sm->eap_sim_db_priv, username);
765 os_free(username);
766 if (permanent == NULL) {
767 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
768 "identity - request permanent identity");
769 /* Remain in IDENTITY state for another round */
770 return;
771 }
772 os_strlcpy(data->permanent, permanent,
773 sizeof(data->permanent));
774 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
775 username[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) ||
776 (data->eap_method == EAP_TYPE_AKA &&
777 username[0] == EAP_AKA_PERMANENT_PREFIX)) {
778 wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent username '%s'",
779 username);
780 os_strlcpy(data->permanent, username, sizeof(data->permanent));
781 os_free(username);
782 } else {
783 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized username '%s'",
784 username);
785 os_free(username);
786 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
787 eap_aka_state(data, NOTIFICATION);
788 return;
789 }
790
791 eap_aka_fullauth(sm, data);
792 }
793
794
795 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
796 {
797 size_t identity_len;
798 int res;
799
800 res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
801 data->rand, data->autn, data->ik,
802 data->ck, data->res, &data->res_len, sm);
803 if (res == EAP_SIM_DB_PENDING) {
804 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
805 "not yet available - pending request");
806 sm->method_pending = METHOD_PENDING_WAIT;
807 return;
808 }
809
810 if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
811 data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
812 os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
813
814 #ifdef EAP_SERVER_AKA_PRIME
815 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
816 /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
817 * needed 6-octet SQN ^AK for CK',IK' derivation */
818 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
819 data->autn,
820 data->network_name,
821 data->network_name_len);
822 }
823 #endif /* EAP_SERVER_AKA_PRIME */
824
825 data->reauth = NULL;
826 data->counter = 0; /* reset re-auth counter since this is full auth */
827
828 if (res != 0) {
829 wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA "
830 "authentication data for the peer");
831 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
832 eap_aka_state(data, NOTIFICATION);
833 return;
834 }
835 if (sm->method_pending == METHOD_PENDING_WAIT) {
836 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
837 "available - abort pending wait");
838 sm->method_pending = METHOD_PENDING_NONE;
839 }
840
841 identity_len = sm->identity_len;
842 while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
843 wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
844 "character from identity");
845 identity_len--;
846 }
847 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
848 sm->identity, identity_len);
849
850 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
851 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
852 data->ck, data->k_encr, data->k_aut,
853 data->k_re, data->msk, data->emsk);
854 } else {
855 eap_aka_derive_mk(sm->identity, identity_len, data->ik,
856 data->ck, data->mk);
857 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
858 data->msk, data->emsk);
859 }
860
861 eap_aka_state(data, CHALLENGE);
862 }
863
864
865 static void eap_aka_process_identity(struct eap_sm *sm,
866 struct eap_aka_data *data,
867 struct wpabuf *respData,
868 struct eap_sim_attrs *attr)
869 {
870 u8 *new_identity;
871
872 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
873
874 if (attr->mac || attr->iv || attr->encr_data) {
875 wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
876 "received in EAP-Response/AKA-Identity");
877 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
878 eap_aka_state(data, NOTIFICATION);
879 return;
880 }
881
882 /*
883 * We always request identity with AKA/Identity, so the peer is
884 * required to have replied with one.
885 */
886 if (!attr->identity || attr->identity_len == 0) {
887 wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
888 "identity");
889 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
890 eap_aka_state(data, NOTIFICATION);
891 return;
892 }
893
894 new_identity = os_malloc(attr->identity_len);
895 if (new_identity == NULL) {
896 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
897 eap_aka_state(data, NOTIFICATION);
898 return;
899 }
900 os_free(sm->identity);
901 sm->identity = new_identity;
902 os_memcpy(sm->identity, attr->identity, attr->identity_len);
903 sm->identity_len = attr->identity_len;
904
905 eap_aka_determine_identity(sm, data);
906 if (eap_get_id(respData) == data->pending_id) {
907 data->pending_id = -1;
908 eap_aka_add_id_msg(data, respData);
909 }
910 }
911
912
913 static int eap_aka_verify_mac(struct eap_aka_data *data,
914 const struct wpabuf *req,
915 const u8 *mac, const u8 *extra,
916 size_t extra_len)
917 {
918 if (data->eap_method == EAP_TYPE_AKA_PRIME)
919 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
920 extra_len);
921 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
922 }
923
924
925 static void eap_aka_process_challenge(struct eap_sm *sm,
926 struct eap_aka_data *data,
927 struct wpabuf *respData,
928 struct eap_sim_attrs *attr)
929 {
930 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge");
931
932 #ifdef EAP_SERVER_AKA_PRIME
933 #if 0
934 /* KDF negotiation; to be enabled only after more than one KDF is
935 * supported */
936 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
937 attr->kdf_count == 1 && attr->mac == NULL) {
938 if (attr->kdf[0] != EAP_AKA_PRIME_KDF) {
939 wpa_printf(MSG_WARNING, "EAP-AKA': Peer selected "
940 "unknown KDF");
941 data->notification =
942 EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
943 eap_aka_state(data, NOTIFICATION);
944 return;
945 }
946
947 data->kdf = attr->kdf[0];
948
949 /* Allow negotiation to continue with the selected KDF by
950 * sending another Challenge message */
951 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
952 return;
953 }
954 #endif
955 #endif /* EAP_SERVER_AKA_PRIME */
956
957 if (attr->checkcode &&
958 eap_aka_verify_checkcode(data, attr->checkcode,
959 attr->checkcode_len)) {
960 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
961 "message");
962 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
963 eap_aka_state(data, NOTIFICATION);
964 return;
965 }
966 if (attr->mac == NULL ||
967 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
968 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
969 "did not include valid AT_MAC");
970 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
971 eap_aka_state(data, NOTIFICATION);
972 return;
973 }
974
975 /*
976 * AT_RES is padded, so verify that there is enough room for RES and
977 * that the RES length in bits matches with the expected RES.
978 */
979 if (attr->res == NULL || attr->res_len < data->res_len ||
980 attr->res_len_bits != data->res_len * 8 ||
981 os_memcmp_const(attr->res, data->res, data->res_len) != 0) {
982 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
983 "include valid AT_RES (attr len=%lu, res len=%lu "
984 "bits, expected %lu bits)",
985 (unsigned long) attr->res_len,
986 (unsigned long) attr->res_len_bits,
987 (unsigned long) data->res_len * 8);
988 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
989 eap_aka_state(data, NOTIFICATION);
990 return;
991 }
992
993 wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the "
994 "correct AT_MAC");
995 if (sm->eap_sim_aka_result_ind && attr->result_ind) {
996 data->use_result_ind = 1;
997 data->notification = EAP_SIM_SUCCESS;
998 eap_aka_state(data, NOTIFICATION);
999 } else
1000 eap_aka_state(data, SUCCESS);
1001
1002 if (data->next_pseudonym) {
1003 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
1004 data->next_pseudonym);
1005 data->next_pseudonym = NULL;
1006 }
1007 if (data->next_reauth_id) {
1008 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1009 #ifdef EAP_SERVER_AKA_PRIME
1010 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
1011 data->permanent,
1012 data->next_reauth_id,
1013 data->counter + 1,
1014 data->k_encr, data->k_aut,
1015 data->k_re);
1016 #endif /* EAP_SERVER_AKA_PRIME */
1017 } else {
1018 eap_sim_db_add_reauth(sm->eap_sim_db_priv,
1019 data->permanent,
1020 data->next_reauth_id,
1021 data->counter + 1,
1022 data->mk);
1023 }
1024 data->next_reauth_id = NULL;
1025 }
1026 }
1027
1028
1029 static void eap_aka_process_sync_failure(struct eap_sm *sm,
1030 struct eap_aka_data *data,
1031 struct wpabuf *respData,
1032 struct eap_sim_attrs *attr)
1033 {
1034 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure");
1035
1036 if (attr->auts == NULL) {
1037 wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure "
1038 "message did not include valid AT_AUTS");
1039 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1040 eap_aka_state(data, NOTIFICATION);
1041 return;
1042 }
1043
1044 /* Avoid re-reporting AUTS when processing pending EAP packet by
1045 * maintaining a local flag stating whether this AUTS has already been
1046 * reported. */
1047 if (!data->auts_reported &&
1048 eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent,
1049 attr->auts, data->rand)) {
1050 wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed");
1051 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1052 eap_aka_state(data, NOTIFICATION);
1053 return;
1054 }
1055 data->auts_reported = 1;
1056
1057 /* Remain in CHALLENGE state to re-try after resynchronization */
1058 eap_aka_fullauth(sm, data);
1059 }
1060
1061
1062 static void eap_aka_process_reauth(struct eap_sm *sm,
1063 struct eap_aka_data *data,
1064 struct wpabuf *respData,
1065 struct eap_sim_attrs *attr)
1066 {
1067 struct eap_sim_attrs eattr;
1068 u8 *decrypted = NULL;
1069
1070 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication");
1071
1072 if (attr->mac == NULL ||
1073 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
1074 EAP_SIM_NONCE_S_LEN)) {
1075 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
1076 "did not include valid AT_MAC");
1077 goto fail;
1078 }
1079
1080 if (attr->encr_data == NULL || attr->iv == NULL) {
1081 wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
1082 "message did not include encrypted data");
1083 goto fail;
1084 }
1085
1086 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1087 attr->encr_data_len, attr->iv, &eattr,
1088 0);
1089 if (decrypted == NULL) {
1090 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
1091 "data from reauthentication message");
1092 goto fail;
1093 }
1094
1095 if (eattr.counter != data->counter) {
1096 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
1097 "used incorrect counter %u, expected %u",
1098 eattr.counter, data->counter);
1099 goto fail;
1100 }
1101 os_free(decrypted);
1102 decrypted = NULL;
1103
1104 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes "
1105 "the correct AT_MAC");
1106
1107 if (eattr.counter_too_small) {
1108 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response "
1109 "included AT_COUNTER_TOO_SMALL - starting full "
1110 "authentication");
1111 eap_aka_fullauth(sm, data);
1112 return;
1113 }
1114
1115 if (sm->eap_sim_aka_result_ind && attr->result_ind) {
1116 data->use_result_ind = 1;
1117 data->notification = EAP_SIM_SUCCESS;
1118 eap_aka_state(data, NOTIFICATION);
1119 } else
1120 eap_aka_state(data, SUCCESS);
1121
1122 if (data->next_reauth_id) {
1123 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1124 #ifdef EAP_SERVER_AKA_PRIME
1125 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
1126 data->permanent,
1127 data->next_reauth_id,
1128 data->counter + 1,
1129 data->k_encr, data->k_aut,
1130 data->k_re);
1131 #endif /* EAP_SERVER_AKA_PRIME */
1132 } else {
1133 eap_sim_db_add_reauth(sm->eap_sim_db_priv,
1134 data->permanent,
1135 data->next_reauth_id,
1136 data->counter + 1,
1137 data->mk);
1138 }
1139 data->next_reauth_id = NULL;
1140 } else {
1141 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1142 data->reauth = NULL;
1143 }
1144
1145 return;
1146
1147 fail:
1148 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1149 eap_aka_state(data, NOTIFICATION);
1150 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1151 data->reauth = NULL;
1152 os_free(decrypted);
1153 }
1154
1155
1156 static void eap_aka_process_client_error(struct eap_sm *sm,
1157 struct eap_aka_data *data,
1158 struct wpabuf *respData,
1159 struct eap_sim_attrs *attr)
1160 {
1161 wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d",
1162 attr->client_error_code);
1163 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1164 eap_aka_state(data, SUCCESS);
1165 else
1166 eap_aka_state(data, FAILURE);
1167 }
1168
1169
1170 static void eap_aka_process_authentication_reject(
1171 struct eap_sm *sm, struct eap_aka_data *data,
1172 struct wpabuf *respData, struct eap_sim_attrs *attr)
1173 {
1174 wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication");
1175 eap_aka_state(data, FAILURE);
1176 }
1177
1178
1179 static void eap_aka_process_notification(struct eap_sm *sm,
1180 struct eap_aka_data *data,
1181 struct wpabuf *respData,
1182 struct eap_sim_attrs *attr)
1183 {
1184 wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification");
1185 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1186 eap_aka_state(data, SUCCESS);
1187 else
1188 eap_aka_state(data, FAILURE);
1189 }
1190
1191
1192 static void eap_aka_process(struct eap_sm *sm, void *priv,
1193 struct wpabuf *respData)
1194 {
1195 struct eap_aka_data *data = priv;
1196 const u8 *pos, *end;
1197 u8 subtype;
1198 size_t len;
1199 struct eap_sim_attrs attr;
1200
1201 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
1202 &len);
1203 if (pos == NULL || len < 3)
1204 return;
1205
1206 end = pos + len;
1207 subtype = *pos;
1208 pos += 3;
1209
1210 if (eap_aka_subtype_ok(data, subtype)) {
1211 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected "
1212 "EAP-AKA Subtype in EAP Response");
1213 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1214 eap_aka_state(data, NOTIFICATION);
1215 return;
1216 }
1217
1218 if (eap_sim_parse_attr(pos, end, &attr,
1219 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
1220 0)) {
1221 wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes");
1222 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1223 eap_aka_state(data, NOTIFICATION);
1224 return;
1225 }
1226
1227 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) {
1228 eap_aka_process_client_error(sm, data, respData, &attr);
1229 return;
1230 }
1231
1232 if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) {
1233 eap_aka_process_authentication_reject(sm, data, respData,
1234 &attr);
1235 return;
1236 }
1237
1238 switch (data->state) {
1239 case IDENTITY:
1240 eap_aka_process_identity(sm, data, respData, &attr);
1241 break;
1242 case CHALLENGE:
1243 if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
1244 eap_aka_process_sync_failure(sm, data, respData,
1245 &attr);
1246 } else {
1247 eap_aka_process_challenge(sm, data, respData, &attr);
1248 }
1249 break;
1250 case REAUTH:
1251 eap_aka_process_reauth(sm, data, respData, &attr);
1252 break;
1253 case NOTIFICATION:
1254 eap_aka_process_notification(sm, data, respData, &attr);
1255 break;
1256 default:
1257 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
1258 "process", data->state);
1259 break;
1260 }
1261 }
1262
1263
1264 static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv)
1265 {
1266 struct eap_aka_data *data = priv;
1267 return data->state == SUCCESS || data->state == FAILURE;
1268 }
1269
1270
1271 static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len)
1272 {
1273 struct eap_aka_data *data = priv;
1274 u8 *key;
1275
1276 if (data->state != SUCCESS)
1277 return NULL;
1278
1279 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN);
1280 if (key == NULL)
1281 return NULL;
1282 *len = EAP_SIM_KEYING_DATA_LEN;
1283 return key;
1284 }
1285
1286
1287 static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1288 {
1289 struct eap_aka_data *data = priv;
1290 u8 *key;
1291
1292 if (data->state != SUCCESS)
1293 return NULL;
1294
1295 key = os_memdup(data->emsk, EAP_EMSK_LEN);
1296 if (key == NULL)
1297 return NULL;
1298 *len = EAP_EMSK_LEN;
1299 return key;
1300 }
1301
1302
1303 static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv)
1304 {
1305 struct eap_aka_data *data = priv;
1306 return data->state == SUCCESS;
1307 }
1308
1309
1310 static u8 * eap_aka_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1311 {
1312 struct eap_aka_data *data = priv;
1313 u8 *id;
1314
1315 if (data->state != SUCCESS)
1316 return NULL;
1317
1318 if (!data->reauth)
1319 *len = 1 + EAP_AKA_RAND_LEN + EAP_AKA_AUTN_LEN;
1320 else
1321 *len = 1 + EAP_SIM_NONCE_S_LEN + EAP_SIM_MAC_LEN;
1322 id = os_malloc(*len);
1323 if (id == NULL)
1324 return NULL;
1325
1326 id[0] = data->eap_method;
1327 if (!data->reauth) {
1328 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN);
1329 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn,
1330 EAP_AKA_AUTN_LEN);
1331 } else {
1332 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN);
1333 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac,
1334 EAP_SIM_MAC_LEN);
1335 }
1336 wpa_hexdump(MSG_DEBUG, "EAP-AKA: Derived Session-Id", id, *len);
1337
1338 return id;
1339 }
1340
1341
1342 int eap_server_aka_register(void)
1343 {
1344 struct eap_method *eap;
1345
1346 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1347 EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA");
1348 if (eap == NULL)
1349 return -1;
1350
1351 eap->init = eap_aka_init;
1352 eap->reset = eap_aka_reset;
1353 eap->buildReq = eap_aka_buildReq;
1354 eap->check = eap_aka_check;
1355 eap->process = eap_aka_process;
1356 eap->isDone = eap_aka_isDone;
1357 eap->getKey = eap_aka_getKey;
1358 eap->isSuccess = eap_aka_isSuccess;
1359 eap->get_emsk = eap_aka_get_emsk;
1360 eap->getSessionId = eap_aka_get_session_id;
1361
1362 return eap_server_method_register(eap);
1363 }
1364
1365
1366 #ifdef EAP_SERVER_AKA_PRIME
1367 int eap_server_aka_prime_register(void)
1368 {
1369 struct eap_method *eap;
1370
1371 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1372 EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME,
1373 "AKA'");
1374 if (eap == NULL)
1375 return -1;
1376
1377 eap->init = eap_aka_prime_init;
1378 eap->reset = eap_aka_reset;
1379 eap->buildReq = eap_aka_buildReq;
1380 eap->check = eap_aka_check;
1381 eap->process = eap_aka_process;
1382 eap->isDone = eap_aka_isDone;
1383 eap->getKey = eap_aka_getKey;
1384 eap->isSuccess = eap_aka_isSuccess;
1385 eap->get_emsk = eap_aka_get_emsk;
1386 eap->getSessionId = eap_aka_get_session_id;
1387
1388 return eap_server_method_register(eap);
1389 }
1390 #endif /* EAP_SERVER_AKA_PRIME */
Unnamed repository; edit this file 'description' to name the repository.