Line data Source code
1 : /*
2 : * EAP peer method: EAP-SIM (RFC 4186)
3 : * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "pcsc_funcs.h"
13 : #include "crypto/milenage.h"
14 : #include "crypto/random.h"
15 : #include "eap_peer/eap_i.h"
16 : #include "eap_config.h"
17 : #include "eap_common/eap_sim_common.h"
18 :
19 :
20 : struct eap_sim_data {
21 : u8 *ver_list;
22 : size_t ver_list_len;
23 : int selected_version;
24 : size_t min_num_chal, num_chal;
25 :
26 : u8 kc[3][EAP_SIM_KC_LEN];
27 : u8 sres[3][EAP_SIM_SRES_LEN];
28 : u8 nonce_mt[EAP_SIM_NONCE_MT_LEN], nonce_s[EAP_SIM_NONCE_S_LEN];
29 : u8 mk[EAP_SIM_MK_LEN];
30 : u8 k_aut[EAP_SIM_K_AUT_LEN];
31 : u8 k_encr[EAP_SIM_K_ENCR_LEN];
32 : u8 msk[EAP_SIM_KEYING_DATA_LEN];
33 : u8 emsk[EAP_EMSK_LEN];
34 : u8 rand[3][GSM_RAND_LEN];
35 :
36 : int num_id_req, num_notification;
37 : u8 *pseudonym;
38 : size_t pseudonym_len;
39 : u8 *reauth_id;
40 : size_t reauth_id_len;
41 : int reauth;
42 : unsigned int counter, counter_too_small;
43 : u8 *last_eap_identity;
44 : size_t last_eap_identity_len;
45 : enum {
46 : CONTINUE, RESULT_SUCCESS, RESULT_FAILURE, SUCCESS, FAILURE
47 : } state;
48 : int result_ind, use_result_ind;
49 : };
50 :
51 :
52 : #ifndef CONFIG_NO_STDOUT_DEBUG
53 112 : static const char * eap_sim_state_txt(int state)
54 : {
55 112 : switch (state) {
56 : case CONTINUE:
57 72 : return "CONTINUE";
58 : case RESULT_SUCCESS:
59 4 : return "RESULT_SUCCESS";
60 : case RESULT_FAILURE:
61 0 : return "RESULT_FAILURE";
62 : case SUCCESS:
63 33 : return "SUCCESS";
64 : case FAILURE:
65 3 : return "FAILURE";
66 : default:
67 0 : return "?";
68 : }
69 : }
70 : #endif /* CONFIG_NO_STDOUT_DEBUG */
71 :
72 :
73 56 : static void eap_sim_state(struct eap_sim_data *data, int state)
74 : {
75 112 : wpa_printf(MSG_DEBUG, "EAP-SIM: %s -> %s",
76 56 : eap_sim_state_txt(data->state),
77 : eap_sim_state_txt(state));
78 56 : data->state = state;
79 56 : }
80 :
81 :
82 20 : static void * eap_sim_init(struct eap_sm *sm)
83 : {
84 : struct eap_sim_data *data;
85 20 : struct eap_peer_config *config = eap_get_config(sm);
86 :
87 20 : data = os_zalloc(sizeof(*data));
88 20 : if (data == NULL)
89 0 : return NULL;
90 :
91 20 : if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
92 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
93 : "for NONCE_MT");
94 0 : os_free(data);
95 0 : return NULL;
96 : }
97 :
98 20 : data->min_num_chal = 2;
99 20 : if (config && config->phase1) {
100 4 : char *pos = os_strstr(config->phase1, "sim_min_num_chal=");
101 4 : if (pos) {
102 3 : data->min_num_chal = atoi(pos + 17);
103 3 : if (data->min_num_chal < 2 || data->min_num_chal > 3) {
104 2 : wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
105 : "sim_min_num_chal configuration "
106 : "(%lu, expected 2 or 3)",
107 : (unsigned long) data->min_num_chal);
108 2 : os_free(data);
109 2 : return NULL;
110 : }
111 1 : wpa_printf(MSG_DEBUG, "EAP-SIM: Set minimum number of "
112 : "challenges to %lu",
113 : (unsigned long) data->min_num_chal);
114 : }
115 :
116 2 : data->result_ind = os_strstr(config->phase1, "result_ind=1") !=
117 : NULL;
118 : }
119 :
120 18 : if (config && config->anonymous_identity) {
121 1 : data->pseudonym = os_malloc(config->anonymous_identity_len);
122 1 : if (data->pseudonym) {
123 1 : os_memcpy(data->pseudonym, config->anonymous_identity,
124 : config->anonymous_identity_len);
125 1 : data->pseudonym_len = config->anonymous_identity_len;
126 : }
127 : }
128 :
129 18 : eap_sim_state(data, CONTINUE);
130 :
131 18 : return data;
132 : }
133 :
134 :
135 18 : static void eap_sim_deinit(struct eap_sm *sm, void *priv)
136 : {
137 18 : struct eap_sim_data *data = priv;
138 18 : if (data) {
139 18 : os_free(data->ver_list);
140 18 : os_free(data->pseudonym);
141 18 : os_free(data->reauth_id);
142 18 : os_free(data->last_eap_identity);
143 18 : os_free(data);
144 : }
145 18 : }
146 :
147 :
148 4 : static int eap_sim_ext_sim_req(struct eap_sm *sm, struct eap_sim_data *data)
149 : {
150 : char req[200], *pos, *end;
151 : size_t i;
152 :
153 4 : wpa_printf(MSG_DEBUG, "EAP-SIM: Use external SIM processing");
154 4 : pos = req;
155 4 : end = pos + sizeof(req);
156 4 : pos += os_snprintf(pos, end - pos, "GSM-AUTH");
157 16 : for (i = 0; i < data->num_chal; i++) {
158 12 : pos += os_snprintf(pos, end - pos, ":");
159 12 : pos += wpa_snprintf_hex(pos, end - pos, data->rand[i],
160 : GSM_RAND_LEN);
161 : }
162 :
163 4 : eap_sm_request_sim(sm, req);
164 4 : return 1;
165 : }
166 :
167 :
168 4 : static int eap_sim_ext_sim_result(struct eap_sm *sm, struct eap_sim_data *data,
169 : struct eap_peer_config *conf)
170 : {
171 : char *resp, *pos;
172 : size_t i;
173 :
174 4 : wpa_printf(MSG_DEBUG,
175 : "EAP-SIM: Use result from external SIM processing");
176 :
177 4 : resp = conf->external_sim_resp;
178 4 : conf->external_sim_resp = NULL;
179 :
180 4 : if (os_strncmp(resp, "GSM-AUTH:", 9) != 0) {
181 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: Unrecognized external SIM processing response");
182 0 : os_free(resp);
183 0 : return -1;
184 : }
185 :
186 4 : pos = resp + 9;
187 16 : for (i = 0; i < data->num_chal; i++) {
188 12 : wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
189 12 : data->rand[i], GSM_RAND_LEN);
190 :
191 12 : if (hexstr2bin(pos, data->kc[i], EAP_SIM_KC_LEN) < 0)
192 0 : goto invalid;
193 12 : wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
194 12 : data->kc[i], EAP_SIM_KC_LEN);
195 12 : pos += EAP_SIM_KC_LEN * 2;
196 12 : if (*pos != ':')
197 0 : goto invalid;
198 12 : pos++;
199 :
200 12 : if (hexstr2bin(pos, data->sres[i], EAP_SIM_SRES_LEN) < 0)
201 0 : goto invalid;
202 12 : wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
203 12 : data->sres[i], EAP_SIM_SRES_LEN);
204 12 : pos += EAP_SIM_SRES_LEN * 2;
205 12 : if (i + 1 < data->num_chal) {
206 8 : if (*pos != ':')
207 0 : goto invalid;
208 8 : pos++;
209 : }
210 : }
211 :
212 4 : os_free(resp);
213 4 : return 0;
214 :
215 : invalid:
216 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: Invalid external SIM processing GSM-AUTH response");
217 0 : os_free(resp);
218 0 : return -1;
219 : }
220 :
221 :
222 24 : static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
223 : {
224 : struct eap_peer_config *conf;
225 :
226 24 : wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
227 :
228 24 : conf = eap_get_config(sm);
229 24 : if (conf == NULL)
230 0 : return -1;
231 :
232 24 : if (sm->external_sim) {
233 8 : if (conf->external_sim_resp)
234 4 : return eap_sim_ext_sim_result(sm, data, conf);
235 : else
236 4 : return eap_sim_ext_sim_req(sm, data);
237 : }
238 :
239 16 : if (conf->pcsc) {
240 : if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
241 : data->sres[0], data->kc[0]) ||
242 : scard_gsm_auth(sm->scard_ctx, data->rand[1],
243 : data->sres[1], data->kc[1]) ||
244 : (data->num_chal > 2 &&
245 : scard_gsm_auth(sm->scard_ctx, data->rand[2],
246 : data->sres[2], data->kc[2]))) {
247 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
248 : "authentication could not be completed");
249 0 : return -1;
250 : }
251 : return 0;
252 : }
253 :
254 : #ifdef CONFIG_SIM_SIMULATOR
255 16 : if (conf->password) {
256 : u8 opc[16], k[16];
257 : const char *pos;
258 : size_t i;
259 16 : wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
260 : "implementation for authentication");
261 16 : if (conf->password_len < 65) {
262 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
263 : "password");
264 0 : return -1;
265 : }
266 16 : pos = (const char *) conf->password;
267 16 : if (hexstr2bin(pos, k, 16))
268 0 : return -1;
269 16 : pos += 32;
270 16 : if (*pos != ':')
271 0 : return -1;
272 16 : pos++;
273 :
274 16 : if (hexstr2bin(pos, opc, 16))
275 0 : return -1;
276 :
277 64 : for (i = 0; i < data->num_chal; i++) {
278 48 : if (gsm_milenage(opc, k, data->rand[i],
279 48 : data->sres[i], data->kc[i])) {
280 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: "
281 : "GSM-Milenage authentication "
282 : "could not be completed");
283 0 : return -1;
284 : }
285 48 : wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
286 48 : data->rand[i], GSM_RAND_LEN);
287 48 : wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
288 48 : data->sres[i], EAP_SIM_SRES_LEN);
289 48 : wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
290 48 : data->kc[i], EAP_SIM_KC_LEN);
291 : }
292 16 : return 0;
293 : }
294 : #endif /* CONFIG_SIM_SIMULATOR */
295 :
296 : #ifdef CONFIG_SIM_HARDCODED
297 : /* These hardcoded Kc and SRES values are used for testing. RAND to
298 : * KC/SREC mapping is very bogus as far as real authentication is
299 : * concerned, but it is quite useful for cases where the AS is rotating
300 : * the order of pre-configured values. */
301 : {
302 : size_t i;
303 :
304 : wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
305 : "values for testing");
306 :
307 : for (i = 0; i < data->num_chal; i++) {
308 : if (data->rand[i][0] == 0xaa) {
309 : os_memcpy(data->kc[i],
310 : "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
311 : EAP_SIM_KC_LEN);
312 : os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
313 : EAP_SIM_SRES_LEN);
314 : } else if (data->rand[i][0] == 0xbb) {
315 : os_memcpy(data->kc[i],
316 : "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
317 : EAP_SIM_KC_LEN);
318 : os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
319 : EAP_SIM_SRES_LEN);
320 : } else {
321 : os_memcpy(data->kc[i],
322 : "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
323 : EAP_SIM_KC_LEN);
324 : os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
325 : EAP_SIM_SRES_LEN);
326 : }
327 : }
328 : }
329 :
330 : return 0;
331 :
332 : #else /* CONFIG_SIM_HARDCODED */
333 :
334 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
335 : "enabled");
336 0 : return -1;
337 :
338 : #endif /* CONFIG_SIM_HARDCODED */
339 : }
340 :
341 :
342 32 : static int eap_sim_supported_ver(int version)
343 : {
344 32 : return version == EAP_SIM_VERSION;
345 : }
346 :
347 :
348 : #define CLEAR_PSEUDONYM 0x01
349 : #define CLEAR_REAUTH_ID 0x02
350 : #define CLEAR_EAP_ID 0x04
351 :
352 87 : static void eap_sim_clear_identities(struct eap_sm *sm,
353 : struct eap_sim_data *data, int id)
354 : {
355 87 : if ((id & CLEAR_PSEUDONYM) && data->pseudonym) {
356 2 : wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old pseudonym");
357 2 : os_free(data->pseudonym);
358 2 : data->pseudonym = NULL;
359 2 : data->pseudonym_len = 0;
360 2 : eap_set_anon_id(sm, NULL, 0);
361 : }
362 87 : if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
363 7 : wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old reauth_id");
364 7 : os_free(data->reauth_id);
365 7 : data->reauth_id = NULL;
366 7 : data->reauth_id_len = 0;
367 : }
368 87 : if ((id & CLEAR_EAP_ID) && data->last_eap_identity) {
369 1 : wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old eap_id");
370 1 : os_free(data->last_eap_identity);
371 1 : data->last_eap_identity = NULL;
372 1 : data->last_eap_identity_len = 0;
373 : }
374 87 : }
375 :
376 :
377 24 : static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
378 : struct eap_sim_attrs *attr)
379 : {
380 24 : if (attr->next_pseudonym) {
381 19 : const u8 *identity = NULL;
382 19 : size_t identity_len = 0;
383 19 : const u8 *realm = NULL;
384 19 : size_t realm_len = 0;
385 :
386 38 : wpa_hexdump_ascii(MSG_DEBUG,
387 : "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
388 19 : attr->next_pseudonym,
389 : attr->next_pseudonym_len);
390 19 : os_free(data->pseudonym);
391 : /* Look for the realm of the permanent identity */
392 19 : identity = eap_get_config_identity(sm, &identity_len);
393 19 : if (identity) {
394 342 : for (realm = identity, realm_len = identity_len;
395 304 : realm_len > 0; realm_len--, realm++) {
396 311 : if (*realm == '@')
397 7 : break;
398 : }
399 : }
400 19 : data->pseudonym = os_malloc(attr->next_pseudonym_len +
401 : realm_len);
402 19 : if (data->pseudonym == NULL) {
403 0 : wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
404 : "next pseudonym");
405 0 : data->pseudonym_len = 0;
406 0 : return -1;
407 : }
408 19 : os_memcpy(data->pseudonym, attr->next_pseudonym,
409 : attr->next_pseudonym_len);
410 19 : if (realm_len) {
411 7 : os_memcpy(data->pseudonym + attr->next_pseudonym_len,
412 : realm, realm_len);
413 : }
414 19 : data->pseudonym_len = attr->next_pseudonym_len + realm_len;
415 19 : eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
416 : }
417 :
418 24 : if (attr->next_reauth_id) {
419 23 : os_free(data->reauth_id);
420 23 : data->reauth_id = os_malloc(attr->next_reauth_id_len);
421 23 : if (data->reauth_id == NULL) {
422 0 : wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
423 : "next reauth_id");
424 0 : data->reauth_id_len = 0;
425 0 : return -1;
426 : }
427 23 : os_memcpy(data->reauth_id, attr->next_reauth_id,
428 : attr->next_reauth_id_len);
429 23 : data->reauth_id_len = attr->next_reauth_id_len;
430 46 : wpa_hexdump_ascii(MSG_DEBUG,
431 : "EAP-SIM: (encr) AT_NEXT_REAUTH_ID",
432 23 : data->reauth_id,
433 : data->reauth_id_len);
434 : }
435 :
436 24 : return 0;
437 : }
438 :
439 :
440 2 : static struct wpabuf * eap_sim_client_error(struct eap_sim_data *data, u8 id,
441 : int err)
442 : {
443 : struct eap_sim_msg *msg;
444 :
445 2 : eap_sim_state(data, FAILURE);
446 2 : data->num_id_req = 0;
447 2 : data->num_notification = 0;
448 :
449 2 : wpa_printf(MSG_DEBUG, "EAP-SIM: Send Client-Error (error code %d)",
450 : err);
451 2 : msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
452 : EAP_SIM_SUBTYPE_CLIENT_ERROR);
453 2 : eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
454 2 : return eap_sim_msg_finish(msg, NULL, NULL, 0);
455 : }
456 :
457 :
458 32 : static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
459 : struct eap_sim_data *data, u8 id,
460 : enum eap_sim_id_req id_req)
461 : {
462 32 : const u8 *identity = NULL;
463 32 : size_t identity_len = 0;
464 : struct eap_sim_msg *msg;
465 :
466 32 : data->reauth = 0;
467 32 : if (id_req == ANY_ID && data->reauth_id) {
468 9 : identity = data->reauth_id;
469 9 : identity_len = data->reauth_id_len;
470 9 : data->reauth = 1;
471 43 : } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
472 20 : data->pseudonym) {
473 3 : identity = data->pseudonym;
474 3 : identity_len = data->pseudonym_len;
475 3 : eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
476 20 : } else if (id_req != NO_ID_REQ) {
477 19 : identity = eap_get_config_identity(sm, &identity_len);
478 19 : if (identity) {
479 19 : eap_sim_clear_identities(sm, data, CLEAR_PSEUDONYM |
480 : CLEAR_REAUTH_ID);
481 : }
482 : }
483 32 : if (id_req != NO_ID_REQ)
484 31 : eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
485 :
486 32 : wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
487 32 : msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
488 : EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
489 32 : if (!data->reauth) {
490 23 : wpa_hexdump(MSG_DEBUG, " AT_NONCE_MT",
491 23 : data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
492 23 : eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_MT, 0,
493 23 : data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
494 23 : wpa_printf(MSG_DEBUG, " AT_SELECTED_VERSION %d",
495 : data->selected_version);
496 23 : eap_sim_msg_add(msg, EAP_SIM_AT_SELECTED_VERSION,
497 23 : data->selected_version, NULL, 0);
498 : }
499 :
500 32 : if (identity) {
501 31 : wpa_hexdump_ascii(MSG_DEBUG, " AT_IDENTITY",
502 : identity, identity_len);
503 31 : eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
504 : identity, identity_len);
505 : }
506 :
507 32 : return eap_sim_msg_finish(msg, NULL, NULL, 0);
508 : }
509 :
510 :
511 19 : static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
512 : u8 id)
513 : {
514 : struct eap_sim_msg *msg;
515 :
516 19 : wpa_printf(MSG_DEBUG, "Generating EAP-SIM Challenge (id=%d)", id);
517 19 : msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
518 : EAP_SIM_SUBTYPE_CHALLENGE);
519 19 : if (data->use_result_ind) {
520 1 : wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
521 1 : eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
522 : }
523 19 : wpa_printf(MSG_DEBUG, " AT_MAC");
524 19 : eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
525 19 : return eap_sim_msg_finish(msg, data->k_aut, (u8 *) data->sres,
526 19 : data->num_chal * EAP_SIM_SRES_LEN);
527 : }
528 :
529 :
530 6 : static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
531 : u8 id, int counter_too_small,
532 : const u8 *nonce_s)
533 : {
534 : struct eap_sim_msg *msg;
535 : unsigned int counter;
536 :
537 6 : wpa_printf(MSG_DEBUG, "Generating EAP-SIM Reauthentication (id=%d)",
538 : id);
539 6 : msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
540 : EAP_SIM_SUBTYPE_REAUTHENTICATION);
541 6 : wpa_printf(MSG_DEBUG, " AT_IV");
542 6 : wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
543 6 : eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
544 :
545 6 : if (counter_too_small) {
546 1 : wpa_printf(MSG_DEBUG, " *AT_COUNTER_TOO_SMALL");
547 1 : eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
548 1 : counter = data->counter_too_small;
549 : } else
550 5 : counter = data->counter;
551 :
552 6 : wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", counter);
553 6 : eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
554 :
555 6 : if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
556 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
557 : "AT_ENCR_DATA");
558 0 : eap_sim_msg_free(msg);
559 0 : return NULL;
560 : }
561 6 : if (data->use_result_ind) {
562 1 : wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
563 1 : eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
564 : }
565 6 : wpa_printf(MSG_DEBUG, " AT_MAC");
566 6 : eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
567 6 : return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
568 : EAP_SIM_NONCE_S_LEN);
569 : }
570 :
571 :
572 3 : static struct wpabuf * eap_sim_response_notification(struct eap_sim_data *data,
573 : u8 id, u16 notification)
574 : {
575 : struct eap_sim_msg *msg;
576 3 : u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
577 :
578 3 : wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)", id);
579 3 : msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
580 : EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
581 3 : if (k_aut && data->reauth) {
582 1 : wpa_printf(MSG_DEBUG, " AT_IV");
583 1 : wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
584 1 : eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
585 : EAP_SIM_AT_ENCR_DATA);
586 1 : wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
587 1 : eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
588 : NULL, 0);
589 1 : if (eap_sim_msg_add_encr_end(msg, data->k_encr,
590 : EAP_SIM_AT_PADDING)) {
591 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
592 : "AT_ENCR_DATA");
593 0 : eap_sim_msg_free(msg);
594 0 : return NULL;
595 : }
596 : }
597 3 : if (k_aut) {
598 2 : wpa_printf(MSG_DEBUG, " AT_MAC");
599 2 : eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
600 : }
601 3 : return eap_sim_msg_finish(msg, k_aut, (u8 *) "", 0);
602 : }
603 :
604 :
605 32 : static struct wpabuf * eap_sim_process_start(struct eap_sm *sm,
606 : struct eap_sim_data *data, u8 id,
607 : struct eap_sim_attrs *attr)
608 : {
609 32 : int selected_version = -1, id_error;
610 : size_t i;
611 : u8 *pos;
612 :
613 32 : wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Start");
614 32 : if (attr->version_list == NULL) {
615 0 : wpa_printf(MSG_INFO, "EAP-SIM: No AT_VERSION_LIST in "
616 : "SIM/Start");
617 0 : return eap_sim_client_error(data, id,
618 : EAP_SIM_UNSUPPORTED_VERSION);
619 : }
620 :
621 32 : os_free(data->ver_list);
622 32 : data->ver_list = os_malloc(attr->version_list_len);
623 32 : if (data->ver_list == NULL) {
624 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to allocate "
625 : "memory for version list");
626 0 : return eap_sim_client_error(data, id,
627 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
628 : }
629 32 : os_memcpy(data->ver_list, attr->version_list, attr->version_list_len);
630 32 : data->ver_list_len = attr->version_list_len;
631 32 : pos = data->ver_list;
632 32 : for (i = 0; i < data->ver_list_len / 2; i++) {
633 32 : int ver = pos[0] * 256 + pos[1];
634 32 : pos += 2;
635 32 : if (eap_sim_supported_ver(ver)) {
636 32 : selected_version = ver;
637 32 : break;
638 : }
639 : }
640 32 : if (selected_version < 0) {
641 0 : wpa_printf(MSG_INFO, "EAP-SIM: Could not find a supported "
642 : "version");
643 0 : return eap_sim_client_error(data, id,
644 : EAP_SIM_UNSUPPORTED_VERSION);
645 : }
646 32 : wpa_printf(MSG_DEBUG, "EAP-SIM: Selected Version %d",
647 : selected_version);
648 32 : data->selected_version = selected_version;
649 :
650 32 : id_error = 0;
651 32 : switch (attr->id_req) {
652 : case NO_ID_REQ:
653 1 : break;
654 : case ANY_ID:
655 27 : if (data->num_id_req > 0)
656 0 : id_error++;
657 27 : data->num_id_req++;
658 27 : break;
659 : case FULLAUTH_ID:
660 2 : if (data->num_id_req > 1)
661 0 : id_error++;
662 2 : data->num_id_req++;
663 2 : break;
664 : case PERMANENT_ID:
665 2 : if (data->num_id_req > 2)
666 0 : id_error++;
667 2 : data->num_id_req++;
668 2 : break;
669 : }
670 32 : if (id_error) {
671 0 : wpa_printf(MSG_INFO, "EAP-SIM: Too many ID requests "
672 : "used within one authentication");
673 0 : return eap_sim_client_error(data, id,
674 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
675 : }
676 :
677 32 : return eap_sim_response_start(sm, data, id, attr->id_req);
678 : }
679 :
680 :
681 24 : static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
682 : struct eap_sim_data *data,
683 : u8 id,
684 : const struct wpabuf *reqData,
685 : struct eap_sim_attrs *attr)
686 : {
687 : const u8 *identity;
688 : size_t identity_len;
689 : struct eap_sim_attrs eattr;
690 : int res;
691 :
692 24 : wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Challenge");
693 24 : data->reauth = 0;
694 24 : if (!attr->mac || !attr->rand) {
695 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
696 : "did not include%s%s",
697 0 : !attr->mac ? " AT_MAC" : "",
698 0 : !attr->rand ? " AT_RAND" : "");
699 0 : return eap_sim_client_error(data, id,
700 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
701 : }
702 :
703 24 : wpa_printf(MSG_DEBUG, "EAP-SIM: %lu challenges",
704 : (unsigned long) attr->num_chal);
705 24 : if (attr->num_chal < data->min_num_chal) {
706 0 : wpa_printf(MSG_INFO, "EAP-SIM: Insufficient number of "
707 : "challenges (%lu)", (unsigned long) attr->num_chal);
708 0 : return eap_sim_client_error(data, id,
709 : EAP_SIM_INSUFFICIENT_NUM_OF_CHAL);
710 : }
711 24 : if (attr->num_chal > 3) {
712 0 : wpa_printf(MSG_INFO, "EAP-SIM: Too many challenges "
713 : "(%lu)", (unsigned long) attr->num_chal);
714 0 : return eap_sim_client_error(data, id,
715 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
716 : }
717 :
718 : /* Verify that RANDs are different */
719 24 : if (os_memcmp(attr->rand, attr->rand + GSM_RAND_LEN,
720 24 : GSM_RAND_LEN) == 0 ||
721 48 : (attr->num_chal > 2 &&
722 24 : (os_memcmp(attr->rand, attr->rand + 2 * GSM_RAND_LEN,
723 24 : GSM_RAND_LEN) == 0 ||
724 24 : os_memcmp(attr->rand + GSM_RAND_LEN,
725 : attr->rand + 2 * GSM_RAND_LEN,
726 : GSM_RAND_LEN) == 0))) {
727 0 : wpa_printf(MSG_INFO, "EAP-SIM: Same RAND used multiple times");
728 0 : return eap_sim_client_error(data, id,
729 : EAP_SIM_RAND_NOT_FRESH);
730 : }
731 :
732 24 : os_memcpy(data->rand, attr->rand, attr->num_chal * GSM_RAND_LEN);
733 24 : data->num_chal = attr->num_chal;
734 :
735 24 : res = eap_sim_gsm_auth(sm, data);
736 24 : if (res > 0) {
737 4 : wpa_printf(MSG_DEBUG, "EAP-SIM: Wait for external SIM processing");
738 4 : return NULL;
739 : }
740 20 : if (res) {
741 0 : wpa_printf(MSG_WARNING, "EAP-SIM: GSM authentication failed");
742 0 : return eap_sim_client_error(data, id,
743 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
744 : }
745 20 : if (data->last_eap_identity) {
746 1 : identity = data->last_eap_identity;
747 1 : identity_len = data->last_eap_identity_len;
748 19 : } else if (data->pseudonym) {
749 1 : identity = data->pseudonym;
750 1 : identity_len = data->pseudonym_len;
751 : } else
752 18 : identity = eap_get_config_identity(sm, &identity_len);
753 20 : wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Selected identity for MK "
754 : "derivation", identity, identity_len);
755 40 : eap_sim_derive_mk(identity, identity_len, data->nonce_mt,
756 20 : data->selected_version, data->ver_list,
757 20 : data->ver_list_len, data->num_chal,
758 20 : (const u8 *) data->kc, data->mk);
759 20 : eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
760 20 : data->emsk);
761 20 : if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, data->nonce_mt,
762 : EAP_SIM_NONCE_MT_LEN)) {
763 1 : wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
764 : "used invalid AT_MAC");
765 1 : return eap_sim_client_error(data, id,
766 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
767 : }
768 :
769 : /* Old reauthentication identity must not be used anymore. In
770 : * other words, if no new reauth identity is received, full
771 : * authentication will be used on next reauthentication (using
772 : * pseudonym identity or permanent identity). */
773 19 : eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
774 :
775 19 : if (attr->encr_data) {
776 : u8 *decrypted;
777 19 : decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
778 : attr->encr_data_len, attr->iv,
779 : &eattr, 0);
780 19 : if (decrypted == NULL) {
781 0 : return eap_sim_client_error(
782 : data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
783 : }
784 19 : eap_sim_learn_ids(sm, data, &eattr);
785 19 : os_free(decrypted);
786 : }
787 :
788 19 : if (data->result_ind && attr->result_ind)
789 1 : data->use_result_ind = 1;
790 :
791 19 : if (data->state != FAILURE && data->state != RESULT_FAILURE) {
792 19 : eap_sim_state(data, data->use_result_ind ?
793 : RESULT_SUCCESS : SUCCESS);
794 : }
795 :
796 19 : data->num_id_req = 0;
797 19 : data->num_notification = 0;
798 : /* RFC 4186 specifies that counter is initialized to one after
799 : * fullauth, but initializing it to zero makes it easier to implement
800 : * reauth verification. */
801 19 : data->counter = 0;
802 19 : return eap_sim_response_challenge(data, id);
803 : }
804 :
805 :
806 1 : static int eap_sim_process_notification_reauth(struct eap_sim_data *data,
807 : struct eap_sim_attrs *attr)
808 : {
809 : struct eap_sim_attrs eattr;
810 : u8 *decrypted;
811 :
812 1 : if (attr->encr_data == NULL || attr->iv == NULL) {
813 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Notification message after "
814 : "reauth did not include encrypted data");
815 0 : return -1;
816 : }
817 :
818 1 : decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
819 : attr->encr_data_len, attr->iv, &eattr,
820 : 0);
821 1 : if (decrypted == NULL) {
822 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
823 : "data from notification message");
824 0 : return -1;
825 : }
826 :
827 1 : if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
828 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Counter in notification "
829 : "message does not match with counter in reauth "
830 : "message");
831 0 : os_free(decrypted);
832 0 : return -1;
833 : }
834 :
835 1 : os_free(decrypted);
836 1 : return 0;
837 : }
838 :
839 :
840 2 : static int eap_sim_process_notification_auth(struct eap_sim_data *data,
841 : const struct wpabuf *reqData,
842 : struct eap_sim_attrs *attr)
843 : {
844 2 : if (attr->mac == NULL) {
845 0 : wpa_printf(MSG_INFO, "EAP-SIM: no AT_MAC in after_auth "
846 : "Notification message");
847 0 : return -1;
848 : }
849 :
850 2 : if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
851 : {
852 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Notification message "
853 : "used invalid AT_MAC");
854 0 : return -1;
855 : }
856 :
857 3 : if (data->reauth &&
858 1 : eap_sim_process_notification_reauth(data, attr)) {
859 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Invalid notification "
860 : "message after reauth");
861 0 : return -1;
862 : }
863 :
864 2 : return 0;
865 : }
866 :
867 :
868 3 : static struct wpabuf * eap_sim_process_notification(
869 : struct eap_sm *sm, struct eap_sim_data *data, u8 id,
870 : const struct wpabuf *reqData, struct eap_sim_attrs *attr)
871 : {
872 3 : wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Notification");
873 3 : if (data->num_notification > 0) {
874 0 : wpa_printf(MSG_INFO, "EAP-SIM: too many notification "
875 : "rounds (only one allowed)");
876 0 : return eap_sim_client_error(data, id,
877 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
878 : }
879 3 : data->num_notification++;
880 3 : if (attr->notification == -1) {
881 0 : wpa_printf(MSG_INFO, "EAP-SIM: no AT_NOTIFICATION in "
882 : "Notification message");
883 0 : return eap_sim_client_error(data, id,
884 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
885 : }
886 :
887 5 : if ((attr->notification & 0x4000) == 0 &&
888 2 : eap_sim_process_notification_auth(data, reqData, attr)) {
889 0 : return eap_sim_client_error(data, id,
890 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
891 : }
892 :
893 3 : eap_sim_report_notification(sm->msg_ctx, attr->notification, 0);
894 3 : if (attr->notification >= 0 && attr->notification < 32768) {
895 1 : eap_sim_state(data, FAILURE);
896 4 : } else if (attr->notification == EAP_SIM_SUCCESS &&
897 2 : data->state == RESULT_SUCCESS)
898 2 : eap_sim_state(data, SUCCESS);
899 3 : return eap_sim_response_notification(data, id, attr->notification);
900 : }
901 :
902 :
903 7 : static struct wpabuf * eap_sim_process_reauthentication(
904 : struct eap_sm *sm, struct eap_sim_data *data, u8 id,
905 : const struct wpabuf *reqData, struct eap_sim_attrs *attr)
906 : {
907 : struct eap_sim_attrs eattr;
908 : u8 *decrypted;
909 :
910 7 : wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Reauthentication");
911 :
912 7 : if (data->reauth_id == NULL) {
913 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Server is trying "
914 : "reauthentication, but no reauth_id available");
915 0 : return eap_sim_client_error(data, id,
916 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
917 : }
918 :
919 7 : data->reauth = 1;
920 7 : if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
921 : {
922 1 : wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
923 : "did not have valid AT_MAC");
924 1 : return eap_sim_client_error(data, id,
925 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
926 : }
927 :
928 6 : if (attr->encr_data == NULL || attr->iv == NULL) {
929 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
930 : "message did not include encrypted data");
931 0 : return eap_sim_client_error(data, id,
932 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
933 : }
934 :
935 6 : decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
936 : attr->encr_data_len, attr->iv, &eattr,
937 : 0);
938 6 : if (decrypted == NULL) {
939 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
940 : "data from reauthentication message");
941 0 : return eap_sim_client_error(data, id,
942 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
943 : }
944 :
945 6 : if (eattr.nonce_s == NULL || eattr.counter < 0) {
946 0 : wpa_printf(MSG_INFO, "EAP-SIM: (encr) No%s%s in reauth packet",
947 0 : !eattr.nonce_s ? " AT_NONCE_S" : "",
948 0 : eattr.counter < 0 ? " AT_COUNTER" : "");
949 0 : os_free(decrypted);
950 0 : return eap_sim_client_error(data, id,
951 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
952 : }
953 :
954 6 : if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
955 : struct wpabuf *res;
956 1 : wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid counter "
957 : "(%d <= %d)", eattr.counter, data->counter);
958 1 : data->counter_too_small = eattr.counter;
959 :
960 : /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
961 : * reauth_id must not be used to start a new reauthentication.
962 : * However, since it was used in the last EAP-Response-Identity
963 : * packet, it has to saved for the following fullauth to be
964 : * used in MK derivation. */
965 1 : os_free(data->last_eap_identity);
966 1 : data->last_eap_identity = data->reauth_id;
967 1 : data->last_eap_identity_len = data->reauth_id_len;
968 1 : data->reauth_id = NULL;
969 1 : data->reauth_id_len = 0;
970 :
971 1 : res = eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
972 1 : os_free(decrypted);
973 :
974 1 : return res;
975 : }
976 5 : data->counter = eattr.counter;
977 :
978 5 : os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
979 5 : wpa_hexdump(MSG_DEBUG, "EAP-SIM: (encr) AT_NONCE_S",
980 5 : data->nonce_s, EAP_SIM_NONCE_S_LEN);
981 :
982 10 : eap_sim_derive_keys_reauth(data->counter,
983 5 : data->reauth_id, data->reauth_id_len,
984 5 : data->nonce_s, data->mk, data->msk,
985 5 : data->emsk);
986 5 : eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
987 5 : eap_sim_learn_ids(sm, data, &eattr);
988 :
989 5 : if (data->result_ind && attr->result_ind)
990 1 : data->use_result_ind = 1;
991 :
992 5 : if (data->state != FAILURE && data->state != RESULT_FAILURE) {
993 5 : eap_sim_state(data, data->use_result_ind ?
994 : RESULT_SUCCESS : SUCCESS);
995 : }
996 :
997 5 : data->num_id_req = 0;
998 5 : data->num_notification = 0;
999 5 : if (data->counter > EAP_SIM_MAX_FAST_REAUTHS) {
1000 1 : wpa_printf(MSG_DEBUG, "EAP-SIM: Maximum number of "
1001 : "fast reauths performed - force fullauth");
1002 1 : eap_sim_clear_identities(sm, data,
1003 : CLEAR_REAUTH_ID | CLEAR_EAP_ID);
1004 : }
1005 5 : os_free(decrypted);
1006 5 : return eap_sim_response_reauth(data, id, 0, data->nonce_s);
1007 : }
1008 :
1009 :
1010 66 : static struct wpabuf * eap_sim_process(struct eap_sm *sm, void *priv,
1011 : struct eap_method_ret *ret,
1012 : const struct wpabuf *reqData)
1013 : {
1014 66 : struct eap_sim_data *data = priv;
1015 : const struct eap_hdr *req;
1016 : u8 subtype, id;
1017 : struct wpabuf *res;
1018 : const u8 *pos;
1019 : struct eap_sim_attrs attr;
1020 : size_t len;
1021 :
1022 66 : wpa_hexdump_buf(MSG_DEBUG, "EAP-SIM: EAP data", reqData);
1023 66 : if (eap_get_config_identity(sm, &len) == NULL) {
1024 0 : wpa_printf(MSG_INFO, "EAP-SIM: Identity not configured");
1025 0 : eap_sm_request_identity(sm);
1026 0 : ret->ignore = TRUE;
1027 0 : return NULL;
1028 : }
1029 :
1030 66 : pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, reqData, &len);
1031 66 : if (pos == NULL || len < 1) {
1032 0 : ret->ignore = TRUE;
1033 0 : return NULL;
1034 : }
1035 66 : req = wpabuf_head(reqData);
1036 66 : id = req->identifier;
1037 66 : len = be_to_host16(req->length);
1038 :
1039 66 : ret->ignore = FALSE;
1040 66 : ret->methodState = METHOD_MAY_CONT;
1041 66 : ret->decision = DECISION_FAIL;
1042 66 : ret->allowNotifications = TRUE;
1043 :
1044 66 : subtype = *pos++;
1045 66 : wpa_printf(MSG_DEBUG, "EAP-SIM: Subtype=%d", subtype);
1046 66 : pos += 2; /* Reserved */
1047 :
1048 66 : if (eap_sim_parse_attr(pos, wpabuf_head_u8(reqData) + len, &attr, 0,
1049 : 0)) {
1050 0 : res = eap_sim_client_error(data, id,
1051 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
1052 0 : goto done;
1053 : }
1054 :
1055 66 : switch (subtype) {
1056 : case EAP_SIM_SUBTYPE_START:
1057 32 : res = eap_sim_process_start(sm, data, id, &attr);
1058 32 : break;
1059 : case EAP_SIM_SUBTYPE_CHALLENGE:
1060 24 : res = eap_sim_process_challenge(sm, data, id, reqData, &attr);
1061 24 : break;
1062 : case EAP_SIM_SUBTYPE_NOTIFICATION:
1063 3 : res = eap_sim_process_notification(sm, data, id, reqData,
1064 : &attr);
1065 3 : break;
1066 : case EAP_SIM_SUBTYPE_REAUTHENTICATION:
1067 7 : res = eap_sim_process_reauthentication(sm, data, id, reqData,
1068 : &attr);
1069 7 : break;
1070 : case EAP_SIM_SUBTYPE_CLIENT_ERROR:
1071 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Client-Error");
1072 0 : res = eap_sim_client_error(data, id,
1073 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
1074 0 : break;
1075 : default:
1076 0 : wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown subtype=%d", subtype);
1077 0 : res = eap_sim_client_error(data, id,
1078 : EAP_SIM_UNABLE_TO_PROCESS_PACKET);
1079 0 : break;
1080 : }
1081 :
1082 : done:
1083 66 : if (data->state == FAILURE) {
1084 3 : ret->decision = DECISION_FAIL;
1085 3 : ret->methodState = METHOD_DONE;
1086 63 : } else if (data->state == SUCCESS) {
1087 24 : ret->decision = data->use_result_ind ?
1088 : DECISION_UNCOND_SUCC : DECISION_COND_SUCC;
1089 24 : ret->methodState = data->use_result_ind ?
1090 : METHOD_DONE : METHOD_MAY_CONT;
1091 39 : } else if (data->state == RESULT_FAILURE)
1092 0 : ret->methodState = METHOD_CONT;
1093 39 : else if (data->state == RESULT_SUCCESS)
1094 2 : ret->methodState = METHOD_CONT;
1095 :
1096 66 : if (ret->methodState == METHOD_DONE) {
1097 5 : ret->allowNotifications = FALSE;
1098 : }
1099 :
1100 66 : return res;
1101 : }
1102 :
1103 :
1104 18 : static Boolean eap_sim_has_reauth_data(struct eap_sm *sm, void *priv)
1105 : {
1106 18 : struct eap_sim_data *data = priv;
1107 18 : return data->pseudonym || data->reauth_id;
1108 : }
1109 :
1110 :
1111 9 : static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
1112 : {
1113 9 : struct eap_sim_data *data = priv;
1114 9 : eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
1115 9 : data->use_result_ind = 0;
1116 9 : }
1117 :
1118 :
1119 9 : static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
1120 : {
1121 9 : struct eap_sim_data *data = priv;
1122 9 : if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
1123 0 : wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
1124 : "for NONCE_MT");
1125 0 : os_free(data);
1126 0 : return NULL;
1127 : }
1128 9 : data->num_id_req = 0;
1129 9 : data->num_notification = 0;
1130 9 : eap_sim_state(data, CONTINUE);
1131 9 : return priv;
1132 : }
1133 :
1134 :
1135 9 : static const u8 * eap_sim_get_identity(struct eap_sm *sm, void *priv,
1136 : size_t *len)
1137 : {
1138 9 : struct eap_sim_data *data = priv;
1139 :
1140 9 : if (data->reauth_id) {
1141 9 : *len = data->reauth_id_len;
1142 9 : return data->reauth_id;
1143 : }
1144 :
1145 0 : if (data->pseudonym) {
1146 0 : *len = data->pseudonym_len;
1147 0 : return data->pseudonym;
1148 : }
1149 :
1150 0 : return NULL;
1151 : }
1152 :
1153 :
1154 66 : static Boolean eap_sim_isKeyAvailable(struct eap_sm *sm, void *priv)
1155 : {
1156 66 : struct eap_sim_data *data = priv;
1157 66 : return data->state == SUCCESS;
1158 : }
1159 :
1160 :
1161 24 : static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
1162 : {
1163 24 : struct eap_sim_data *data = priv;
1164 : u8 *key;
1165 :
1166 24 : if (data->state != SUCCESS)
1167 0 : return NULL;
1168 :
1169 24 : key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
1170 24 : if (key == NULL)
1171 0 : return NULL;
1172 :
1173 24 : *len = EAP_SIM_KEYING_DATA_LEN;
1174 24 : os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
1175 :
1176 24 : return key;
1177 : }
1178 :
1179 :
1180 24 : static u8 * eap_sim_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1181 : {
1182 24 : struct eap_sim_data *data = priv;
1183 : u8 *id;
1184 :
1185 24 : if (data->state != SUCCESS)
1186 0 : return NULL;
1187 :
1188 24 : *len = 1 + data->num_chal * GSM_RAND_LEN + EAP_SIM_NONCE_MT_LEN;
1189 24 : id = os_malloc(*len);
1190 24 : if (id == NULL)
1191 0 : return NULL;
1192 :
1193 24 : id[0] = EAP_TYPE_SIM;
1194 24 : os_memcpy(id + 1, data->rand, data->num_chal * GSM_RAND_LEN);
1195 24 : os_memcpy(id + 1 + data->num_chal * GSM_RAND_LEN, data->nonce_mt,
1196 : EAP_SIM_NONCE_MT_LEN);
1197 24 : wpa_hexdump(MSG_DEBUG, "EAP-SIM: Derived Session-Id", id, *len);
1198 :
1199 24 : return id;
1200 : }
1201 :
1202 :
1203 0 : static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1204 : {
1205 0 : struct eap_sim_data *data = priv;
1206 : u8 *key;
1207 :
1208 0 : if (data->state != SUCCESS)
1209 0 : return NULL;
1210 :
1211 0 : key = os_malloc(EAP_EMSK_LEN);
1212 0 : if (key == NULL)
1213 0 : return NULL;
1214 :
1215 0 : *len = EAP_EMSK_LEN;
1216 0 : os_memcpy(key, data->emsk, EAP_EMSK_LEN);
1217 :
1218 0 : return key;
1219 : }
1220 :
1221 :
1222 4 : int eap_peer_sim_register(void)
1223 : {
1224 : struct eap_method *eap;
1225 : int ret;
1226 :
1227 4 : eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
1228 : EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM");
1229 4 : if (eap == NULL)
1230 0 : return -1;
1231 :
1232 4 : eap->init = eap_sim_init;
1233 4 : eap->deinit = eap_sim_deinit;
1234 4 : eap->process = eap_sim_process;
1235 4 : eap->isKeyAvailable = eap_sim_isKeyAvailable;
1236 4 : eap->getKey = eap_sim_getKey;
1237 4 : eap->getSessionId = eap_sim_get_session_id;
1238 4 : eap->has_reauth_data = eap_sim_has_reauth_data;
1239 4 : eap->deinit_for_reauth = eap_sim_deinit_for_reauth;
1240 4 : eap->init_for_reauth = eap_sim_init_for_reauth;
1241 4 : eap->get_identity = eap_sim_get_identity;
1242 4 : eap->get_emsk = eap_sim_get_emsk;
1243 :
1244 4 : ret = eap_peer_method_register(eap);
1245 4 : if (ret)
1246 0 : eap_peer_method_free(eap);
1247 4 : return ret;
1248 : }
|
