LCOV - code coverage report
Current view: top level - src/eap_peer - eap_aka.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 706 767 92.0 %
Date: 2015-02-03 Functions: 42 42 100.0 %

          Line data    Source code
       1             : /*
       2             :  * EAP peer method: EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448)
       3             :  * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "pcsc_funcs.h"
      13             : #include "crypto/crypto.h"
      14             : #include "crypto/sha1.h"
      15             : #include "crypto/sha256.h"
      16             : #include "crypto/milenage.h"
      17             : #include "eap_common/eap_sim_common.h"
      18             : #include "eap_config.h"
      19             : #include "eap_i.h"
      20             : 
      21             : 
      22             : struct eap_aka_data {
      23             :         u8 ik[EAP_AKA_IK_LEN], ck[EAP_AKA_CK_LEN], res[EAP_AKA_RES_MAX_LEN];
      24             :         size_t res_len;
      25             :         u8 nonce_s[EAP_SIM_NONCE_S_LEN];
      26             :         u8 mk[EAP_SIM_MK_LEN];
      27             :         u8 k_aut[EAP_AKA_PRIME_K_AUT_LEN];
      28             :         u8 k_encr[EAP_SIM_K_ENCR_LEN];
      29             :         u8 k_re[EAP_AKA_PRIME_K_RE_LEN]; /* EAP-AKA' only */
      30             :         u8 msk[EAP_SIM_KEYING_DATA_LEN];
      31             :         u8 emsk[EAP_EMSK_LEN];
      32             :         u8 rand[EAP_AKA_RAND_LEN], autn[EAP_AKA_AUTN_LEN];
      33             :         u8 auts[EAP_AKA_AUTS_LEN];
      34             : 
      35             :         int num_id_req, num_notification;
      36             :         u8 *pseudonym;
      37             :         size_t pseudonym_len;
      38             :         u8 *reauth_id;
      39             :         size_t reauth_id_len;
      40             :         int reauth;
      41             :         unsigned int counter, counter_too_small;
      42             :         u8 *last_eap_identity;
      43             :         size_t last_eap_identity_len;
      44             :         enum {
      45             :                 CONTINUE, RESULT_SUCCESS, SUCCESS, FAILURE
      46             :         } state;
      47             : 
      48             :         struct wpabuf *id_msgs;
      49             :         int prev_id;
      50             :         int result_ind, use_result_ind;
      51             :         u8 eap_method;
      52             :         u8 *network_name;
      53             :         size_t network_name_len;
      54             :         u16 kdf;
      55             :         int kdf_negotiation;
      56             : };
      57             : 
      58             : 
      59             : #ifndef CONFIG_NO_STDOUT_DEBUG
      60         490 : static const char * eap_aka_state_txt(int state)
      61             : {
      62         490 :         switch (state) {
      63             :         case CONTINUE:
      64         345 :                 return "CONTINUE";
      65             :         case RESULT_SUCCESS:
      66           8 :                 return "RESULT_SUCCESS";
      67             :         case SUCCESS:
      68          55 :                 return "SUCCESS";
      69             :         case FAILURE:
      70          82 :                 return "FAILURE";
      71             :         default:
      72           0 :                 return "?";
      73             :         }
      74             : }
      75             : #endif /* CONFIG_NO_STDOUT_DEBUG */
      76             : 
      77             : 
      78         245 : static void eap_aka_state(struct eap_aka_data *data, int state)
      79             : {
      80         490 :         wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s",
      81         245 :                    eap_aka_state_txt(data->state),
      82             :                    eap_aka_state_txt(state));
      83         245 :         data->state = state;
      84         245 : }
      85             : 
      86             : 
      87         104 : static void * eap_aka_init(struct eap_sm *sm)
      88             : {
      89             :         struct eap_aka_data *data;
      90         104 :         const char *phase1 = eap_get_config_phase1(sm);
      91         104 :         struct eap_peer_config *config = eap_get_config(sm);
      92             : 
      93         104 :         data = os_zalloc(sizeof(*data));
      94         104 :         if (data == NULL)
      95           0 :                 return NULL;
      96             : 
      97         104 :         data->eap_method = EAP_TYPE_AKA;
      98             : 
      99         104 :         eap_aka_state(data, CONTINUE);
     100         104 :         data->prev_id = -1;
     101             : 
     102         104 :         data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
     103             : 
     104         104 :         if (config && config->anonymous_identity) {
     105           4 :                 data->pseudonym = os_malloc(config->anonymous_identity_len);
     106           4 :                 if (data->pseudonym) {
     107           4 :                         os_memcpy(data->pseudonym, config->anonymous_identity,
     108             :                                   config->anonymous_identity_len);
     109           4 :                         data->pseudonym_len = config->anonymous_identity_len;
     110             :                 }
     111             :         }
     112             : 
     113         104 :         return data;
     114             : }
     115             : 
     116             : 
     117             : #ifdef EAP_AKA_PRIME
     118          26 : static void * eap_aka_prime_init(struct eap_sm *sm)
     119             : {
     120          26 :         struct eap_aka_data *data = eap_aka_init(sm);
     121          26 :         if (data == NULL)
     122           0 :                 return NULL;
     123          26 :         data->eap_method = EAP_TYPE_AKA_PRIME;
     124          26 :         return data;
     125             : }
     126             : #endif /* EAP_AKA_PRIME */
     127             : 
     128             : 
     129         126 : static void eap_aka_clear_keys(struct eap_aka_data *data, int reauth)
     130             : {
     131         126 :         if (!reauth) {
     132         104 :                 os_memset(data->mk, 0, EAP_SIM_MK_LEN);
     133         104 :                 os_memset(data->k_aut, 0, EAP_AKA_PRIME_K_AUT_LEN);
     134         104 :                 os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN);
     135         104 :                 os_memset(data->k_re, 0, EAP_AKA_PRIME_K_RE_LEN);
     136             :         }
     137         126 :         os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN);
     138         126 :         os_memset(data->emsk, 0, EAP_EMSK_LEN);
     139         126 :         os_memset(data->autn, 0, EAP_AKA_AUTN_LEN);
     140         126 :         os_memset(data->auts, 0, EAP_AKA_AUTS_LEN);
     141         126 : }
     142             : 
     143             : 
     144         104 : static void eap_aka_deinit(struct eap_sm *sm, void *priv)
     145             : {
     146         104 :         struct eap_aka_data *data = priv;
     147         104 :         if (data) {
     148         104 :                 os_free(data->pseudonym);
     149         104 :                 os_free(data->reauth_id);
     150         104 :                 os_free(data->last_eap_identity);
     151         104 :                 wpabuf_free(data->id_msgs);
     152         104 :                 os_free(data->network_name);
     153         104 :                 eap_aka_clear_keys(data, 0);
     154         104 :                 os_free(data);
     155             :         }
     156         104 : }
     157             : 
     158             : 
     159          10 : static int eap_aka_ext_sim_req(struct eap_sm *sm, struct eap_aka_data *data)
     160             : {
     161             :         char req[200], *pos, *end;
     162             : 
     163          10 :         wpa_printf(MSG_DEBUG, "EAP-AKA: Use external USIM processing");
     164          10 :         pos = req;
     165          10 :         end = pos + sizeof(req);
     166          10 :         pos += os_snprintf(pos, end - pos, "UMTS-AUTH");
     167          10 :         pos += os_snprintf(pos, end - pos, ":");
     168          10 :         pos += wpa_snprintf_hex(pos, end - pos, data->rand, EAP_AKA_RAND_LEN);
     169          10 :         pos += os_snprintf(pos, end - pos, ":");
     170          10 :         wpa_snprintf_hex(pos, end - pos, data->autn, EAP_AKA_AUTN_LEN);
     171             : 
     172          10 :         eap_sm_request_sim(sm, req);
     173          10 :         return 1;
     174             : }
     175             : 
     176             : 
     177          10 : static int eap_aka_ext_sim_result(struct eap_sm *sm, struct eap_aka_data *data,
     178             :                                   struct eap_peer_config *conf)
     179             : {
     180             :         char *resp, *pos;
     181             : 
     182          10 :         wpa_printf(MSG_DEBUG,
     183             :                    "EAP-AKA: Use result from external USIM processing");
     184             : 
     185          10 :         resp = conf->external_sim_resp;
     186          10 :         conf->external_sim_resp = NULL;
     187             : 
     188          10 :         if (os_strncmp(resp, "UMTS-AUTS:", 10) == 0) {
     189           2 :                 pos = resp + 10;
     190           2 :                 if (hexstr2bin(pos, data->auts, EAP_AKA_AUTS_LEN) < 0)
     191           1 :                         goto invalid;
     192           1 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: AUTS", data->auts,
     193             :                                 EAP_AKA_AUTS_LEN);
     194           1 :                 os_free(resp);
     195           1 :                 return -2;
     196             :         }
     197             : 
     198           8 :         if (os_strncmp(resp, "UMTS-AUTH:", 10) != 0) {
     199           1 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized external USIM processing response");
     200           1 :                 os_free(resp);
     201           1 :                 return -1;
     202             :         }
     203             : 
     204           7 :         pos = resp + 10;
     205           7 :         wpa_hexdump(MSG_DEBUG, "EAP-AKA: RAND", data->rand, EAP_AKA_RAND_LEN);
     206             : 
     207           7 :         if (hexstr2bin(pos, data->ik, EAP_AKA_IK_LEN) < 0)
     208           1 :                 goto invalid;
     209           6 :         wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", data->ik, EAP_AKA_IK_LEN);
     210           6 :         pos += EAP_AKA_IK_LEN * 2;
     211           6 :         if (*pos != ':')
     212           1 :                 goto invalid;
     213           5 :         pos++;
     214             : 
     215           5 :         if (hexstr2bin(pos, data->ck, EAP_AKA_CK_LEN) < 0)
     216           1 :                 goto invalid;
     217           4 :         wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", data->ck, EAP_AKA_CK_LEN);
     218           4 :         pos += EAP_AKA_CK_LEN * 2;
     219           4 :         if (*pos != ':')
     220           1 :                 goto invalid;
     221           3 :         pos++;
     222             : 
     223           3 :         data->res_len = os_strlen(pos) / 2;
     224           3 :         if (data->res_len > EAP_AKA_RES_MAX_LEN) {
     225           1 :                 data->res_len = 0;
     226           1 :                 goto invalid;
     227             :         }
     228           2 :         if (hexstr2bin(pos, data->res, data->res_len) < 0)
     229           1 :                 goto invalid;
     230           1 :         wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: RES", data->res, data->res_len);
     231             : 
     232           1 :         os_free(resp);
     233           1 :         return 0;
     234             : 
     235             : invalid:
     236           7 :         wpa_printf(MSG_DEBUG, "EAP-AKA: Invalid external USIM processing UMTS-AUTH response");
     237           7 :         os_free(resp);
     238           7 :         return -1;
     239             : }
     240             : 
     241             : 
     242          64 : static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
     243             : {
     244             :         struct eap_peer_config *conf;
     245             : 
     246          64 :         wpa_printf(MSG_DEBUG, "EAP-AKA: UMTS authentication algorithm");
     247             : 
     248          64 :         conf = eap_get_config(sm);
     249          64 :         if (conf == NULL)
     250           0 :                 return -1;
     251             : 
     252          64 :         if (sm->external_sim) {
     253          20 :                 if (conf->external_sim_resp)
     254          10 :                         return eap_aka_ext_sim_result(sm, data, conf);
     255             :                 else
     256          10 :                         return eap_aka_ext_sim_req(sm, data);
     257             :         }
     258             : 
     259          44 :         if (conf->pcsc) {
     260           0 :                 return scard_umts_auth(sm->scard_ctx, data->rand,
     261             :                                        data->autn, data->res, &data->res_len,
     262             :                                        data->ik, data->ck, data->auts);
     263             :         }
     264             : 
     265             : #ifdef CONFIG_USIM_SIMULATOR
     266          44 :         if (conf->password) {
     267             :                 u8 opc[16], k[16], sqn[6];
     268             :                 const char *pos;
     269          43 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Use internal Milenage "
     270             :                            "implementation for UMTS authentication");
     271          43 :                 if (conf->password_len < 78) {
     272           1 :                         wpa_printf(MSG_DEBUG, "EAP-AKA: invalid Milenage "
     273             :                                    "password");
     274           1 :                         return -1;
     275             :                 }
     276          42 :                 pos = (const char *) conf->password;
     277          42 :                 if (hexstr2bin(pos, k, 16))
     278           1 :                         return -1;
     279          41 :                 pos += 32;
     280          41 :                 if (*pos != ':')
     281           1 :                         return -1;
     282          40 :                 pos++;
     283             : 
     284          40 :                 if (hexstr2bin(pos, opc, 16))
     285           1 :                         return -1;
     286          39 :                 pos += 32;
     287          39 :                 if (*pos != ':')
     288           1 :                         return -1;
     289          38 :                 pos++;
     290             : 
     291          38 :                 if (hexstr2bin(pos, sqn, 6))
     292           1 :                         return -1;
     293             : 
     294          74 :                 return milenage_check(opc, k, sqn, data->rand, data->autn,
     295          37 :                                       data->ik, data->ck,
     296          74 :                                       data->res, &data->res_len, data->auts);
     297             :         }
     298             : #endif /* CONFIG_USIM_SIMULATOR */
     299             : 
     300             : #ifdef CONFIG_USIM_HARDCODED
     301             :         wpa_printf(MSG_DEBUG, "EAP-AKA: Use hardcoded Kc and SRES values for "
     302             :                    "testing");
     303             : 
     304             :         /* These hardcoded Kc and SRES values are used for testing.
     305             :          * Could consider making them configurable. */
     306             :         os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN);
     307             :         data->res_len = EAP_AKA_RES_MAX_LEN;
     308             :         os_memset(data->ik, '3', EAP_AKA_IK_LEN);
     309             :         os_memset(data->ck, '4', EAP_AKA_CK_LEN);
     310             :         {
     311             :                 u8 autn[EAP_AKA_AUTN_LEN];
     312             :                 os_memset(autn, '1', EAP_AKA_AUTN_LEN);
     313             :                 if (os_memcmp_const(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
     314             :                         wpa_printf(MSG_WARNING, "EAP-AKA: AUTN did not match "
     315             :                                    "with expected value");
     316             :                         return -1;
     317             :                 }
     318             :         }
     319             : #if 0
     320             :         {
     321             :                 static int test_resync = 1;
     322             :                 if (test_resync) {
     323             :                         /* Test Resynchronization */
     324             :                         test_resync = 0;
     325             :                         return -2;
     326             :                 }
     327             :         }
     328             : #endif
     329             :         return 0;
     330             : 
     331             : #else /* CONFIG_USIM_HARDCODED */
     332             : 
     333           1 :         wpa_printf(MSG_DEBUG, "EAP-AKA: No UMTS authentication algorithm "
     334             :                    "enabled");
     335           1 :         return -1;
     336             : 
     337             : #endif /* CONFIG_USIM_HARDCODED */
     338             : }
     339             : 
     340             : 
     341             : #define CLEAR_PSEUDONYM 0x01
     342             : #define CLEAR_REAUTH_ID 0x02
     343             : #define CLEAR_EAP_ID    0x04
     344             : 
     345         173 : static void eap_aka_clear_identities(struct eap_sm *sm,
     346             :                                      struct eap_aka_data *data, int id)
     347             : {
     348         173 :         if ((id & CLEAR_PSEUDONYM) && data->pseudonym) {
     349           3 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old pseudonym");
     350           3 :                 os_free(data->pseudonym);
     351           3 :                 data->pseudonym = NULL;
     352           3 :                 data->pseudonym_len = 0;
     353           3 :                 eap_set_anon_id(sm, NULL, 0);
     354             :         }
     355         173 :         if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
     356          14 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old reauth_id");
     357          14 :                 os_free(data->reauth_id);
     358          14 :                 data->reauth_id = NULL;
     359          14 :                 data->reauth_id_len = 0;
     360             :         }
     361         173 :         if ((id & CLEAR_EAP_ID) && data->last_eap_identity) {
     362           2 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old eap_id");
     363           2 :                 os_free(data->last_eap_identity);
     364           2 :                 data->last_eap_identity = NULL;
     365           2 :                 data->last_eap_identity_len = 0;
     366             :         }
     367         173 : }
     368             : 
     369             : 
     370          37 : static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
     371             :                              struct eap_sim_attrs *attr)
     372             : {
     373          37 :         if (attr->next_pseudonym) {
     374          27 :                 const u8 *identity = NULL;
     375          27 :                 size_t identity_len = 0;
     376          27 :                 const u8 *realm = NULL;
     377          27 :                 size_t realm_len = 0;
     378             : 
     379          54 :                 wpa_hexdump_ascii(MSG_DEBUG,
     380             :                                   "EAP-AKA: (encr) AT_NEXT_PSEUDONYM",
     381          27 :                                   attr->next_pseudonym,
     382             :                                   attr->next_pseudonym_len);
     383          27 :                 os_free(data->pseudonym);
     384             :                 /* Look for the realm of the permanent identity */
     385          27 :                 identity = eap_get_config_identity(sm, &identity_len);
     386          27 :                 if (identity) {
     387         486 :                         for (realm = identity, realm_len = identity_len;
     388         432 :                              realm_len > 0; realm_len--, realm++) {
     389         437 :                                 if (*realm == '@')
     390           5 :                                         break;
     391             :                         }
     392             :                 }
     393          27 :                 data->pseudonym = os_malloc(attr->next_pseudonym_len +
     394             :                                             realm_len);
     395          27 :                 if (data->pseudonym == NULL) {
     396           0 :                         wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for "
     397             :                                    "next pseudonym");
     398           0 :                         data->pseudonym_len = 0;
     399           0 :                         return -1;
     400             :                 }
     401          27 :                 os_memcpy(data->pseudonym, attr->next_pseudonym,
     402             :                           attr->next_pseudonym_len);
     403          27 :                 if (realm_len) {
     404           5 :                         os_memcpy(data->pseudonym + attr->next_pseudonym_len,
     405             :                                   realm, realm_len);
     406             :                 }
     407          27 :                 data->pseudonym_len = attr->next_pseudonym_len + realm_len;
     408          27 :                 eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
     409             :         }
     410             : 
     411          37 :         if (attr->next_reauth_id) {
     412          35 :                 os_free(data->reauth_id);
     413          35 :                 data->reauth_id = os_malloc(attr->next_reauth_id_len);
     414          35 :                 if (data->reauth_id == NULL) {
     415           0 :                         wpa_printf(MSG_INFO, "EAP-AKA: (encr) No memory for "
     416             :                                    "next reauth_id");
     417           0 :                         data->reauth_id_len = 0;
     418           0 :                         return -1;
     419             :                 }
     420          35 :                 os_memcpy(data->reauth_id, attr->next_reauth_id,
     421             :                           attr->next_reauth_id_len);
     422          35 :                 data->reauth_id_len = attr->next_reauth_id_len;
     423          70 :                 wpa_hexdump_ascii(MSG_DEBUG,
     424             :                                   "EAP-AKA: (encr) AT_NEXT_REAUTH_ID",
     425          35 :                                   data->reauth_id,
     426             :                                   data->reauth_id_len);
     427             :         }
     428             : 
     429          37 :         return 0;
     430             : }
     431             : 
     432             : 
     433         118 : static int eap_aka_add_id_msg(struct eap_aka_data *data,
     434             :                               const struct wpabuf *msg)
     435             : {
     436         118 :         if (msg == NULL)
     437           0 :                 return -1;
     438             : 
     439         118 :         if (data->id_msgs == NULL) {
     440          48 :                 data->id_msgs = wpabuf_dup(msg);
     441          48 :                 return data->id_msgs == NULL ? -1 : 0;
     442             :         }
     443             : 
     444          70 :         if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
     445           0 :                 return -1;
     446          70 :         wpabuf_put_buf(data->id_msgs, msg);
     447             : 
     448          70 :         return 0;
     449             : }
     450             : 
     451             : 
     452          39 : static void eap_aka_add_checkcode(struct eap_aka_data *data,
     453             :                                   struct eap_sim_msg *msg)
     454             : {
     455             :         const u8 *addr;
     456             :         size_t len;
     457             :         u8 hash[SHA256_MAC_LEN];
     458             : 
     459          39 :         wpa_printf(MSG_DEBUG, "   AT_CHECKCODE");
     460             : 
     461          39 :         if (data->id_msgs == NULL) {
     462             :                 /*
     463             :                  * No EAP-AKA/Identity packets were exchanged - send empty
     464             :                  * checkcode.
     465             :                  */
     466          14 :                 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, NULL, 0);
     467          53 :                 return;
     468             :         }
     469             : 
     470             :         /* Checkcode is SHA1/SHA256 hash over all EAP-AKA/Identity packets. */
     471          25 :         addr = wpabuf_head(data->id_msgs);
     472          25 :         len = wpabuf_len(data->id_msgs);
     473          25 :         wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
     474             : #ifdef EAP_AKA_PRIME
     475          25 :         if (data->eap_method == EAP_TYPE_AKA_PRIME)
     476          11 :                 sha256_vector(1, &addr, &len, hash);
     477             :         else
     478             : #endif /* EAP_AKA_PRIME */
     479          14 :                 sha1_vector(1, &addr, &len, hash);
     480             : 
     481          25 :         eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, hash,
     482          25 :                         data->eap_method == EAP_TYPE_AKA_PRIME ?
     483             :                         EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN);
     484             : }
     485             : 
     486             : 
     487          78 : static int eap_aka_verify_checkcode(struct eap_aka_data *data,
     488             :                                     const u8 *checkcode, size_t checkcode_len)
     489             : {
     490             :         const u8 *addr;
     491             :         size_t len;
     492             :         u8 hash[SHA256_MAC_LEN];
     493             :         size_t hash_len;
     494             : 
     495          78 :         if (checkcode == NULL)
     496           0 :                 return -1;
     497             : 
     498          78 :         if (data->id_msgs == NULL) {
     499          18 :                 if (checkcode_len != 0) {
     500           2 :                         wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from server "
     501             :                                    "indicates that AKA/Identity messages were "
     502             :                                    "used, but they were not");
     503           2 :                         return -1;
     504             :                 }
     505          16 :                 return 0;
     506             :         }
     507             : 
     508          60 :         hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
     509             :                 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN;
     510             : 
     511          60 :         if (checkcode_len != hash_len) {
     512           1 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from server "
     513             :                            "indicates that AKA/Identity message were not "
     514             :                            "used, but they were");
     515           1 :                 return -1;
     516             :         }
     517             : 
     518             :         /* Checkcode is SHA1/SHA256 hash over all EAP-AKA/Identity packets. */
     519          59 :         addr = wpabuf_head(data->id_msgs);
     520          59 :         len = wpabuf_len(data->id_msgs);
     521             : #ifdef EAP_AKA_PRIME
     522          59 :         if (data->eap_method == EAP_TYPE_AKA_PRIME)
     523          12 :                 sha256_vector(1, &addr, &len, hash);
     524             :         else
     525             : #endif /* EAP_AKA_PRIME */
     526          47 :                 sha1_vector(1, &addr, &len, hash);
     527             : 
     528          59 :         if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
     529           1 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
     530           1 :                 return -1;
     531             :         }
     532             : 
     533          58 :         return 0;
     534             : }
     535             : 
     536             : 
     537          52 : static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id,
     538             :                                             int err)
     539             : {
     540             :         struct eap_sim_msg *msg;
     541             : 
     542          52 :         eap_aka_state(data, FAILURE);
     543          52 :         data->num_id_req = 0;
     544          52 :         data->num_notification = 0;
     545             : 
     546          52 :         wpa_printf(MSG_DEBUG, "EAP-AKA: Send Client-Error (error code %d)",
     547             :                    err);
     548          52 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     549             :                                EAP_AKA_SUBTYPE_CLIENT_ERROR);
     550          52 :         eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
     551          52 :         return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
     552             : }
     553             : 
     554             : 
     555          28 : static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data,
     556             :                                                      u8 id)
     557             : {
     558             :         struct eap_sim_msg *msg;
     559             : 
     560          28 :         eap_aka_state(data, FAILURE);
     561          28 :         data->num_id_req = 0;
     562          28 :         data->num_notification = 0;
     563             : 
     564          28 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject "
     565             :                    "(id=%d)", id);
     566          28 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     567             :                                EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT);
     568          28 :         return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
     569             : }
     570             : 
     571             : 
     572           5 : static struct wpabuf * eap_aka_synchronization_failure(
     573             :         struct eap_aka_data *data, u8 id)
     574             : {
     575             :         struct eap_sim_msg *msg;
     576             : 
     577           5 :         data->num_id_req = 0;
     578           5 :         data->num_notification = 0;
     579             : 
     580           5 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Synchronization-Failure "
     581             :                    "(id=%d)", id);
     582           5 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     583             :                                EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE);
     584           5 :         wpa_printf(MSG_DEBUG, "   AT_AUTS");
     585           5 :         eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts,
     586             :                              EAP_AKA_AUTS_LEN);
     587           5 :         return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
     588             : }
     589             : 
     590             : 
     591          59 : static struct wpabuf * eap_aka_response_identity(struct eap_sm *sm,
     592             :                                                  struct eap_aka_data *data,
     593             :                                                  u8 id,
     594             :                                                  enum eap_sim_id_req id_req)
     595             : {
     596          59 :         const u8 *identity = NULL;
     597          59 :         size_t identity_len = 0;
     598             :         struct eap_sim_msg *msg;
     599             : 
     600          59 :         data->reauth = 0;
     601          59 :         if (id_req == ANY_ID && data->reauth_id) {
     602           4 :                 identity = data->reauth_id;
     603           4 :                 identity_len = data->reauth_id_len;
     604           4 :                 data->reauth = 1;
     605         105 :         } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
     606          50 :                    data->pseudonym) {
     607           8 :                 identity = data->pseudonym;
     608           8 :                 identity_len = data->pseudonym_len;
     609           8 :                 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
     610          47 :         } else if (id_req != NO_ID_REQ) {
     611          46 :                 identity = eap_get_config_identity(sm, &identity_len);
     612          46 :                 if (identity) {
     613          46 :                         eap_aka_clear_identities(sm, data, CLEAR_PSEUDONYM |
     614             :                                                  CLEAR_REAUTH_ID);
     615             :                 }
     616             :         }
     617          59 :         if (id_req != NO_ID_REQ)
     618          58 :                 eap_aka_clear_identities(sm, data, CLEAR_EAP_ID);
     619             : 
     620          59 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Identity (id=%d)", id);
     621          59 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     622             :                                EAP_AKA_SUBTYPE_IDENTITY);
     623             : 
     624          59 :         if (identity) {
     625          58 :                 wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
     626             :                                   identity, identity_len);
     627          58 :                 eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
     628             :                                 identity, identity_len);
     629             :         }
     630             : 
     631          59 :         return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
     632             : }
     633             : 
     634             : 
     635          27 : static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data,
     636             :                                                   u8 id)
     637             : {
     638             :         struct eap_sim_msg *msg;
     639             : 
     640          27 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d)", id);
     641          27 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     642             :                                EAP_AKA_SUBTYPE_CHALLENGE);
     643          27 :         wpa_printf(MSG_DEBUG, "   AT_RES");
     644          54 :         eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
     645          27 :                         data->res, data->res_len);
     646          27 :         eap_aka_add_checkcode(data, msg);
     647          27 :         if (data->use_result_ind) {
     648           2 :                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
     649           2 :                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
     650             :         }
     651          27 :         wpa_printf(MSG_DEBUG, "   AT_MAC");
     652          27 :         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     653          27 :         return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, (u8 *) "",
     654             :                                   0);
     655             : }
     656             : 
     657             : 
     658          12 : static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data,
     659             :                                                u8 id, int counter_too_small,
     660             :                                                const u8 *nonce_s)
     661             : {
     662             :         struct eap_sim_msg *msg;
     663             :         unsigned int counter;
     664             : 
     665          12 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)",
     666             :                    id);
     667          12 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     668             :                                EAP_AKA_SUBTYPE_REAUTHENTICATION);
     669          12 :         wpa_printf(MSG_DEBUG, "   AT_IV");
     670          12 :         wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
     671          12 :         eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
     672             : 
     673          12 :         if (counter_too_small) {
     674           2 :                 wpa_printf(MSG_DEBUG, "   *AT_COUNTER_TOO_SMALL");
     675           2 :                 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
     676           2 :                 counter = data->counter_too_small;
     677             :         } else
     678          10 :                 counter = data->counter;
     679             : 
     680          12 :         wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", counter);
     681          12 :         eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
     682             : 
     683          12 :         if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
     684           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
     685             :                            "AT_ENCR_DATA");
     686           0 :                 eap_sim_msg_free(msg);
     687           0 :                 return NULL;
     688             :         }
     689          12 :         eap_aka_add_checkcode(data, msg);
     690          12 :         if (data->use_result_ind) {
     691           2 :                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
     692           2 :                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
     693             :         }
     694          12 :         wpa_printf(MSG_DEBUG, "   AT_MAC");
     695          12 :         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     696          12 :         return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, nonce_s,
     697             :                                   EAP_SIM_NONCE_S_LEN);
     698             : }
     699             : 
     700             : 
     701           8 : static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data,
     702             :                                                      u8 id, u16 notification)
     703             : {
     704             :         struct eap_sim_msg *msg;
     705           8 :         u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
     706             : 
     707           8 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)", id);
     708           8 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     709             :                                EAP_AKA_SUBTYPE_NOTIFICATION);
     710           8 :         if (k_aut && data->reauth) {
     711           2 :                 wpa_printf(MSG_DEBUG, "   AT_IV");
     712           2 :                 wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
     713           2 :                 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
     714             :                                            EAP_SIM_AT_ENCR_DATA);
     715           2 :                 wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", data->counter);
     716           2 :                 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
     717             :                                 NULL, 0);
     718           2 :                 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
     719             :                                              EAP_SIM_AT_PADDING)) {
     720           0 :                         wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
     721             :                                    "AT_ENCR_DATA");
     722           0 :                         eap_sim_msg_free(msg);
     723           0 :                         return NULL;
     724             :                 }
     725             :         }
     726           8 :         if (k_aut) {
     727           5 :                 wpa_printf(MSG_DEBUG, "   AT_MAC");
     728           5 :                 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     729             :         }
     730           8 :         return eap_sim_msg_finish(msg, data->eap_method, k_aut, (u8 *) "", 0);
     731             : }
     732             : 
     733             : 
     734          62 : static struct wpabuf * eap_aka_process_identity(struct eap_sm *sm,
     735             :                                                 struct eap_aka_data *data,
     736             :                                                 u8 id,
     737             :                                                 const struct wpabuf *reqData,
     738             :                                                 struct eap_sim_attrs *attr)
     739             : {
     740             :         int id_error;
     741             :         struct wpabuf *buf;
     742             : 
     743          62 :         wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Identity");
     744             : 
     745          62 :         id_error = 0;
     746          62 :         switch (attr->id_req) {
     747             :         case NO_ID_REQ:
     748           1 :                 break;
     749             :         case ANY_ID:
     750          49 :                 if (data->num_id_req > 0)
     751           1 :                         id_error++;
     752          49 :                 data->num_id_req++;
     753          49 :                 break;
     754             :         case FULLAUTH_ID:
     755           7 :                 if (data->num_id_req > 1)
     756           1 :                         id_error++;
     757           7 :                 data->num_id_req++;
     758           7 :                 break;
     759             :         case PERMANENT_ID:
     760           5 :                 if (data->num_id_req > 2)
     761           1 :                         id_error++;
     762           5 :                 data->num_id_req++;
     763           5 :                 break;
     764             :         }
     765          62 :         if (id_error) {
     766           3 :                 wpa_printf(MSG_INFO, "EAP-AKA: Too many ID requests "
     767             :                            "used within one authentication");
     768           3 :                 return eap_aka_client_error(data, id,
     769             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
     770             :         }
     771             : 
     772          59 :         buf = eap_aka_response_identity(sm, data, id, attr->id_req);
     773             : 
     774          59 :         if (data->prev_id != id) {
     775          59 :                 eap_aka_add_id_msg(data, reqData);
     776          59 :                 eap_aka_add_id_msg(data, buf);
     777          59 :                 data->prev_id = id;
     778             :         }
     779             : 
     780          59 :         return buf;
     781             : }
     782             : 
     783             : 
     784          50 : static int eap_aka_verify_mac(struct eap_aka_data *data,
     785             :                               const struct wpabuf *req,
     786             :                               const u8 *mac, const u8 *extra,
     787             :                               size_t extra_len)
     788             : {
     789          50 :         if (data->eap_method == EAP_TYPE_AKA_PRIME)
     790          23 :                 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
     791             :                                                  extra_len);
     792          27 :         return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
     793             : }
     794             : 
     795             : 
     796             : #ifdef EAP_AKA_PRIME
     797           4 : static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data,
     798             :                                                 u8 id, u16 kdf)
     799             : {
     800             :         struct eap_sim_msg *msg;
     801             : 
     802           4 :         data->kdf_negotiation = 1;
     803           4 :         data->kdf = kdf;
     804           4 :         wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d) (KDF "
     805             :                    "select)", id);
     806           4 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
     807             :                                EAP_AKA_SUBTYPE_CHALLENGE);
     808           4 :         wpa_printf(MSG_DEBUG, "   AT_KDF");
     809           4 :         eap_sim_msg_add(msg, EAP_SIM_AT_KDF, kdf, NULL, 0);
     810           4 :         return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
     811             : }
     812             : 
     813             : 
     814           5 : static struct wpabuf * eap_aka_prime_kdf_neg(struct eap_aka_data *data,
     815             :                                              u8 id, struct eap_sim_attrs *attr)
     816             : {
     817             :         size_t i;
     818             : 
     819          15 :         for (i = 0; i < attr->kdf_count; i++) {
     820          14 :                 if (attr->kdf[i] == EAP_AKA_PRIME_KDF)
     821           4 :                         return eap_aka_prime_kdf_select(data, id,
     822             :                                                         EAP_AKA_PRIME_KDF);
     823             :         }
     824             : 
     825             :         /* No matching KDF found - fail authentication as if AUTN had been
     826             :          * incorrect */
     827           1 :         return eap_aka_authentication_reject(data, id);
     828             : }
     829             : 
     830             : 
     831          27 : static int eap_aka_prime_kdf_valid(struct eap_aka_data *data,
     832             :                                    struct eap_sim_attrs *attr)
     833             : {
     834             :         size_t i, j;
     835             : 
     836          27 :         if (attr->kdf_count == 0)
     837           1 :                 return 0;
     838             : 
     839             :         /* The only allowed (and required) duplication of a KDF is the addition
     840             :          * of the selected KDF into the beginning of the list. */
     841             : 
     842          26 :         if (data->kdf_negotiation) {
     843           4 :                 if (attr->kdf[0] != data->kdf) {
     844           1 :                         wpa_printf(MSG_WARNING, "EAP-AKA': The server did not "
     845             :                                    "accept the selected KDF");
     846           1 :                         return 0;
     847             :                 }
     848             : 
     849           9 :                 for (i = 1; i < attr->kdf_count; i++) {
     850           8 :                         if (attr->kdf[i] == data->kdf)
     851           2 :                                 break;
     852             :                 }
     853           4 :                 if (i == attr->kdf_count &&
     854           1 :                     attr->kdf_count < EAP_AKA_PRIME_KDF_MAX) {
     855           1 :                         wpa_printf(MSG_WARNING, "EAP-AKA': The server did not "
     856             :                                    "duplicate the selected KDF");
     857           1 :                         return 0;
     858             :                 }
     859             : 
     860             :                 /* TODO: should check that the list is identical to the one
     861             :                  * used in the previous Challenge message apart from the added
     862             :                  * entry in the beginning. */
     863             :         }
     864             : 
     865          57 :         for (i = data->kdf ? 1 : 0; i < attr->kdf_count; i++) {
     866          54 :                 for (j = i + 1; j < attr->kdf_count; j++) {
     867          21 :                         if (attr->kdf[i] == attr->kdf[j]) {
     868           1 :                                 wpa_printf(MSG_WARNING, "EAP-AKA': The server "
     869             :                                            "included a duplicated KDF");
     870           1 :                                 return 0;
     871             :                         }
     872             :                 }
     873             :         }
     874             : 
     875          23 :         return 1;
     876             : }
     877             : #endif /* EAP_AKA_PRIME */
     878             : 
     879             : 
     880          82 : static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
     881             :                                                  struct eap_aka_data *data,
     882             :                                                  u8 id,
     883             :                                                  const struct wpabuf *reqData,
     884             :                                                  struct eap_sim_attrs *attr)
     885             : {
     886             :         const u8 *identity;
     887             :         size_t identity_len;
     888             :         int res;
     889             :         struct eap_sim_attrs eattr;
     890             : 
     891          82 :         wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
     892             : 
     893         145 :         if (attr->checkcode &&
     894          63 :             eap_aka_verify_checkcode(data, attr->checkcode,
     895             :                                      attr->checkcode_len)) {
     896           3 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
     897             :                            "message");
     898           3 :                 return eap_aka_client_error(data, id,
     899             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
     900             :         }
     901             : 
     902             : #ifdef EAP_AKA_PRIME
     903          79 :         if (data->eap_method == EAP_TYPE_AKA_PRIME) {
     904          30 :                 if (!attr->kdf_input || attr->kdf_input_len == 0) {
     905           3 :                         wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message "
     906             :                                    "did not include non-empty AT_KDF_INPUT");
     907             :                         /* Fail authentication as if AUTN had been incorrect */
     908           3 :                         return eap_aka_authentication_reject(data, id);
     909             :                 }
     910          27 :                 os_free(data->network_name);
     911          27 :                 data->network_name = os_malloc(attr->kdf_input_len);
     912          27 :                 if (data->network_name == NULL) {
     913           0 :                         wpa_printf(MSG_WARNING, "EAP-AKA': No memory for "
     914             :                                    "storing Network Name");
     915           0 :                         return eap_aka_authentication_reject(data, id);
     916             :                 }
     917          27 :                 os_memcpy(data->network_name, attr->kdf_input,
     918             :                           attr->kdf_input_len);
     919          27 :                 data->network_name_len = attr->kdf_input_len;
     920          54 :                 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name "
     921             :                                   "(AT_KDF_INPUT)",
     922          27 :                                   data->network_name, data->network_name_len);
     923             :                 /* TODO: check Network Name per 3GPP.33.402 */
     924             : 
     925          27 :                 if (!eap_aka_prime_kdf_valid(data, attr))
     926           4 :                         return eap_aka_authentication_reject(data, id);
     927             : 
     928          23 :                 if (attr->kdf[0] != EAP_AKA_PRIME_KDF)
     929           5 :                         return eap_aka_prime_kdf_neg(data, id, attr);
     930             : 
     931          18 :                 data->kdf = EAP_AKA_PRIME_KDF;
     932          18 :                 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
     933             :         }
     934             : 
     935          67 :         if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
     936          48 :                 u16 flags = WPA_GET_BE16(attr->bidding);
     937          49 :                 if ((flags & EAP_AKA_BIDDING_FLAG_D) &&
     938           1 :                     eap_allowed_method(sm, EAP_VENDOR_IETF,
     939             :                                        EAP_TYPE_AKA_PRIME)) {
     940           1 :                         wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from "
     941             :                                    "AKA' to AKA detected");
     942             :                         /* Fail authentication as if AUTN had been incorrect */
     943           1 :                         return eap_aka_authentication_reject(data, id);
     944             :                 }
     945             :         }
     946             : #endif /* EAP_AKA_PRIME */
     947             : 
     948          66 :         data->reauth = 0;
     949          66 :         if (!attr->mac || !attr->rand || !attr->autn) {
     950           6 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
     951             :                            "did not include%s%s%s",
     952           2 :                            !attr->mac ? " AT_MAC" : "",
     953           2 :                            !attr->rand ? " AT_RAND" : "",
     954           2 :                            !attr->autn ? " AT_AUTN" : "");
     955           2 :                 return eap_aka_client_error(data, id,
     956             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
     957             :         }
     958          64 :         os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
     959          64 :         os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
     960             : 
     961          64 :         res = eap_aka_umts_auth(sm, data);
     962          64 :         if (res == -1) {
     963          18 :                 wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
     964             :                            "failed (AUTN)");
     965          18 :                 return eap_aka_authentication_reject(data, id);
     966          46 :         } else if (res == -2) {
     967           5 :                 wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
     968             :                            "failed (AUTN seq# -> AUTS)");
     969           5 :                 return eap_aka_synchronization_failure(data, id);
     970          41 :         } else if (res > 0) {
     971          10 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Wait for external USIM processing");
     972          10 :                 return NULL;
     973          31 :         } else if (res) {
     974           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
     975           0 :                 return eap_aka_client_error(data, id,
     976             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
     977             :         }
     978             : #ifdef EAP_AKA_PRIME
     979          31 :         if (data->eap_method == EAP_TYPE_AKA_PRIME) {
     980             :                 /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
     981             :                  * needed 6-octet SQN ^ AK for CK',IK' derivation */
     982          15 :                 u16 amf = WPA_GET_BE16(data->autn + 6);
     983          15 :                 if (!(amf & 0x8000)) {
     984           1 :                         wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
     985             :                                    "not set (AMF=0x%4x)", amf);
     986           1 :                         return eap_aka_authentication_reject(data, id);
     987             :                 }
     988          28 :                 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
     989          14 :                                                  data->autn,
     990          14 :                                                  data->network_name,
     991             :                                                  data->network_name_len);
     992             :         }
     993             : #endif /* EAP_AKA_PRIME */
     994          30 :         if (data->last_eap_identity) {
     995           2 :                 identity = data->last_eap_identity;
     996           2 :                 identity_len = data->last_eap_identity_len;
     997          28 :         } else if (data->pseudonym) {
     998           5 :                 identity = data->pseudonym;
     999           5 :                 identity_len = data->pseudonym_len;
    1000             :         } else
    1001          23 :                 identity = eap_get_config_identity(sm, &identity_len);
    1002          30 :         wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
    1003             :                           "derivation", identity, identity_len);
    1004          30 :         if (data->eap_method == EAP_TYPE_AKA_PRIME) {
    1005          14 :                 eap_aka_prime_derive_keys(identity, identity_len, data->ik,
    1006          14 :                                           data->ck, data->k_encr, data->k_aut,
    1007          14 :                                           data->k_re, data->msk, data->emsk);
    1008             :         } else {
    1009          16 :                 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
    1010          16 :                                   data->mk);
    1011          16 :                 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
    1012          16 :                                     data->msk, data->emsk);
    1013             :         }
    1014          30 :         if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
    1015           3 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
    1016             :                            "used invalid AT_MAC");
    1017           3 :                 return eap_aka_client_error(data, id,
    1018             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1019             :         }
    1020             : 
    1021             :         /* Old reauthentication identity must not be used anymore. In
    1022             :          * other words, if no new identities are received, full
    1023             :          * authentication will be used on next reauthentication (using
    1024             :          * pseudonym identity or permanent identity). */
    1025          27 :         eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    1026             : 
    1027          27 :         if (attr->encr_data) {
    1028             :                 u8 *decrypted;
    1029          27 :                 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    1030             :                                                attr->encr_data_len, attr->iv,
    1031             :                                                &eattr, 0);
    1032          27 :                 if (decrypted == NULL) {
    1033           0 :                         return eap_aka_client_error(
    1034             :                                 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1035             :                 }
    1036          27 :                 eap_aka_learn_ids(sm, data, &eattr);
    1037          27 :                 os_free(decrypted);
    1038             :         }
    1039             : 
    1040          27 :         if (data->result_ind && attr->result_ind)
    1041           2 :                 data->use_result_ind = 1;
    1042             : 
    1043          27 :         if (data->state != FAILURE) {
    1044          27 :                 eap_aka_state(data, data->use_result_ind ?
    1045             :                               RESULT_SUCCESS : SUCCESS);
    1046             :         }
    1047             : 
    1048          27 :         data->num_id_req = 0;
    1049          27 :         data->num_notification = 0;
    1050             :         /* RFC 4187 specifies that counter is initialized to one after
    1051             :          * fullauth, but initializing it to zero makes it easier to implement
    1052             :          * reauth verification. */
    1053          27 :         data->counter = 0;
    1054          27 :         return eap_aka_response_challenge(data, id);
    1055             : }
    1056             : 
    1057             : 
    1058           2 : static int eap_aka_process_notification_reauth(struct eap_aka_data *data,
    1059             :                                                struct eap_sim_attrs *attr)
    1060             : {
    1061             :         struct eap_sim_attrs eattr;
    1062             :         u8 *decrypted;
    1063             : 
    1064           2 :         if (attr->encr_data == NULL || attr->iv == NULL) {
    1065           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Notification message after "
    1066             :                            "reauth did not include encrypted data");
    1067           0 :                 return -1;
    1068             :         }
    1069             : 
    1070           2 :         decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    1071             :                                        attr->encr_data_len, attr->iv, &eattr,
    1072             :                                        0);
    1073           2 :         if (decrypted == NULL) {
    1074           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
    1075             :                            "data from notification message");
    1076           0 :                 return -1;
    1077             :         }
    1078             : 
    1079           2 :         if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
    1080           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Counter in notification "
    1081             :                            "message does not match with counter in reauth "
    1082             :                            "message");
    1083           0 :                 os_free(decrypted);
    1084           0 :                 return -1;
    1085             :         }
    1086             : 
    1087           2 :         os_free(decrypted);
    1088           2 :         return 0;
    1089             : }
    1090             : 
    1091             : 
    1092           7 : static int eap_aka_process_notification_auth(struct eap_aka_data *data,
    1093             :                                              const struct wpabuf *reqData,
    1094             :                                              struct eap_sim_attrs *attr)
    1095             : {
    1096           7 :         if (attr->mac == NULL) {
    1097           1 :                 wpa_printf(MSG_INFO, "EAP-AKA: no AT_MAC in after_auth "
    1098             :                            "Notification message");
    1099           1 :                 return -1;
    1100             :         }
    1101             : 
    1102           6 :         if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
    1103           1 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Notification message "
    1104             :                            "used invalid AT_MAC");
    1105           1 :                 return -1;
    1106             :         }
    1107             : 
    1108           7 :         if (data->reauth &&
    1109           2 :             eap_aka_process_notification_reauth(data, attr)) {
    1110           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid notification "
    1111             :                            "message after reauth");
    1112           0 :                 return -1;
    1113             :         }
    1114             : 
    1115           5 :         return 0;
    1116             : }
    1117             : 
    1118             : 
    1119          12 : static struct wpabuf * eap_aka_process_notification(
    1120             :         struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    1121             :         const struct wpabuf *reqData, struct eap_sim_attrs *attr)
    1122             : {
    1123          12 :         wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Notification");
    1124          12 :         if (data->num_notification > 0) {
    1125           1 :                 wpa_printf(MSG_INFO, "EAP-AKA: too many notification "
    1126             :                            "rounds (only one allowed)");
    1127           1 :                 return eap_aka_client_error(data, id,
    1128             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1129             :         }
    1130          11 :         data->num_notification++;
    1131          11 :         if (attr->notification == -1) {
    1132           1 :                 wpa_printf(MSG_INFO, "EAP-AKA: no AT_NOTIFICATION in "
    1133             :                            "Notification message");
    1134           1 :                 return eap_aka_client_error(data, id,
    1135             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1136             :         }
    1137             : 
    1138          17 :         if ((attr->notification & 0x4000) == 0 &&
    1139           7 :             eap_aka_process_notification_auth(data, reqData, attr)) {
    1140           2 :                 return eap_aka_client_error(data, id,
    1141             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1142             :         }
    1143             : 
    1144           8 :         eap_sim_report_notification(sm->msg_ctx, attr->notification, 1);
    1145           8 :         if (attr->notification >= 0 && attr->notification < 32768) {
    1146           2 :                 eap_aka_state(data, FAILURE);
    1147          11 :         } else if (attr->notification == EAP_SIM_SUCCESS &&
    1148           5 :                    data->state == RESULT_SUCCESS)
    1149           4 :                 eap_aka_state(data, SUCCESS);
    1150           8 :         return eap_aka_response_notification(data, id, attr->notification);
    1151             : }
    1152             : 
    1153             : 
    1154          16 : static struct wpabuf * eap_aka_process_reauthentication(
    1155             :         struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    1156             :         const struct wpabuf *reqData, struct eap_sim_attrs *attr)
    1157             : {
    1158             :         struct eap_sim_attrs eattr;
    1159             :         u8 *decrypted;
    1160             : 
    1161          16 :         wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Reauthentication");
    1162             : 
    1163          31 :         if (attr->checkcode &&
    1164          15 :             eap_aka_verify_checkcode(data, attr->checkcode,
    1165             :                                      attr->checkcode_len)) {
    1166           1 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
    1167             :                            "message");
    1168           1 :                 return eap_aka_client_error(data, id,
    1169             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1170             :         }
    1171             : 
    1172          15 :         if (data->reauth_id == NULL) {
    1173           1 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Server is trying "
    1174             :                            "reauthentication, but no reauth_id available");
    1175           1 :                 return eap_aka_client_error(data, id,
    1176             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1177             :         }
    1178             : 
    1179          14 :         data->reauth = 1;
    1180          14 :         if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
    1181           2 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
    1182             :                            "did not have valid AT_MAC");
    1183           2 :                 return eap_aka_client_error(data, id,
    1184             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1185             :         }
    1186             : 
    1187          12 :         if (attr->encr_data == NULL || attr->iv == NULL) {
    1188           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
    1189             :                            "message did not include encrypted data");
    1190           0 :                 return eap_aka_client_error(data, id,
    1191             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1192             :         }
    1193             : 
    1194          12 :         decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    1195             :                                        attr->encr_data_len, attr->iv, &eattr,
    1196             :                                        0);
    1197          12 :         if (decrypted == NULL) {
    1198           0 :                 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
    1199             :                            "data from reauthentication message");
    1200           0 :                 return eap_aka_client_error(data, id,
    1201             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1202             :         }
    1203             : 
    1204          12 :         if (eattr.nonce_s == NULL || eattr.counter < 0) {
    1205           0 :                 wpa_printf(MSG_INFO, "EAP-AKA: (encr) No%s%s in reauth packet",
    1206           0 :                            !eattr.nonce_s ? " AT_NONCE_S" : "",
    1207           0 :                            eattr.counter < 0 ? " AT_COUNTER" : "");
    1208           0 :                 os_free(decrypted);
    1209           0 :                 return eap_aka_client_error(data, id,
    1210             :                                             EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1211             :         }
    1212             : 
    1213          12 :         if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
    1214             :                 struct wpabuf *res;
    1215           2 :                 wpa_printf(MSG_INFO, "EAP-AKA: (encr) Invalid counter "
    1216             :                            "(%d <= %d)", eattr.counter, data->counter);
    1217           2 :                 data->counter_too_small = eattr.counter;
    1218             : 
    1219             :                 /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
    1220             :                  * reauth_id must not be used to start a new reauthentication.
    1221             :                  * However, since it was used in the last EAP-Response-Identity
    1222             :                  * packet, it has to saved for the following fullauth to be
    1223             :                  * used in MK derivation. */
    1224           2 :                 os_free(data->last_eap_identity);
    1225           2 :                 data->last_eap_identity = data->reauth_id;
    1226           2 :                 data->last_eap_identity_len = data->reauth_id_len;
    1227           2 :                 data->reauth_id = NULL;
    1228           2 :                 data->reauth_id_len = 0;
    1229             : 
    1230           2 :                 res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s);
    1231           2 :                 os_free(decrypted);
    1232             : 
    1233           2 :                 return res;
    1234             :         }
    1235          10 :         data->counter = eattr.counter;
    1236             : 
    1237          10 :         os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
    1238          10 :         wpa_hexdump(MSG_DEBUG, "EAP-AKA: (encr) AT_NONCE_S",
    1239          10 :                     data->nonce_s, EAP_SIM_NONCE_S_LEN);
    1240             : 
    1241          10 :         if (data->eap_method == EAP_TYPE_AKA_PRIME) {
    1242          10 :                 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
    1243           5 :                                                  data->reauth_id,
    1244             :                                                  data->reauth_id_len,
    1245           5 :                                                  data->nonce_s,
    1246           5 :                                                  data->msk, data->emsk);
    1247             :         } else {
    1248           5 :                 eap_sim_derive_keys_reauth(data->counter, data->reauth_id,
    1249             :                                            data->reauth_id_len,
    1250           5 :                                            data->nonce_s, data->mk,
    1251           5 :                                            data->msk, data->emsk);
    1252             :         }
    1253          10 :         eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    1254          10 :         eap_aka_learn_ids(sm, data, &eattr);
    1255             : 
    1256          10 :         if (data->result_ind && attr->result_ind)
    1257           2 :                 data->use_result_ind = 1;
    1258             : 
    1259          10 :         if (data->state != FAILURE) {
    1260          10 :                 eap_aka_state(data, data->use_result_ind ?
    1261             :                               RESULT_SUCCESS : SUCCESS);
    1262             :         }
    1263             : 
    1264          10 :         data->num_id_req = 0;
    1265          10 :         data->num_notification = 0;
    1266          10 :         if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
    1267           2 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Maximum number of "
    1268             :                            "fast reauths performed - force fullauth");
    1269           2 :                 eap_aka_clear_identities(sm, data,
    1270             :                                          CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    1271             :         }
    1272          10 :         os_free(decrypted);
    1273          10 :         return eap_aka_response_reauth(data, id, 0, data->nonce_s);
    1274             : }
    1275             : 
    1276             : 
    1277         207 : static struct wpabuf * eap_aka_process(struct eap_sm *sm, void *priv,
    1278             :                                        struct eap_method_ret *ret,
    1279             :                                        const struct wpabuf *reqData)
    1280             : {
    1281         207 :         struct eap_aka_data *data = priv;
    1282             :         const struct eap_hdr *req;
    1283             :         u8 subtype, id;
    1284             :         struct wpabuf *res;
    1285             :         const u8 *pos;
    1286             :         struct eap_sim_attrs attr;
    1287             :         size_t len;
    1288             : 
    1289         207 :         wpa_hexdump_buf(MSG_DEBUG, "EAP-AKA: EAP data", reqData);
    1290         207 :         if (eap_get_config_identity(sm, &len) == NULL) {
    1291           0 :                 wpa_printf(MSG_INFO, "EAP-AKA: Identity not configured");
    1292           0 :                 eap_sm_request_identity(sm);
    1293           0 :                 ret->ignore = TRUE;
    1294           0 :                 return NULL;
    1295             :         }
    1296             : 
    1297         207 :         pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData,
    1298             :                                &len);
    1299         207 :         if (pos == NULL || len < 1) {
    1300           2 :                 ret->ignore = TRUE;
    1301           2 :                 return NULL;
    1302             :         }
    1303         205 :         req = wpabuf_head(reqData);
    1304         205 :         id = req->identifier;
    1305         205 :         len = be_to_host16(req->length);
    1306             : 
    1307         205 :         ret->ignore = FALSE;
    1308         205 :         ret->methodState = METHOD_MAY_CONT;
    1309         205 :         ret->decision = DECISION_FAIL;
    1310         205 :         ret->allowNotifications = TRUE;
    1311             : 
    1312         205 :         subtype = *pos++;
    1313         205 :         wpa_printf(MSG_DEBUG, "EAP-AKA: Subtype=%d", subtype);
    1314         205 :         pos += 2; /* Reserved */
    1315             : 
    1316         205 :         if (eap_sim_parse_attr(pos, wpabuf_head_u8(reqData) + len, &attr,
    1317         205 :                                data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
    1318             :                                0)) {
    1319          31 :                 res = eap_aka_client_error(data, id,
    1320             :                                            EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1321          31 :                 goto done;
    1322             :         }
    1323             : 
    1324         174 :         switch (subtype) {
    1325             :         case EAP_AKA_SUBTYPE_IDENTITY:
    1326          62 :                 res = eap_aka_process_identity(sm, data, id, reqData, &attr);
    1327          62 :                 break;
    1328             :         case EAP_AKA_SUBTYPE_CHALLENGE:
    1329          82 :                 res = eap_aka_process_challenge(sm, data, id, reqData, &attr);
    1330          82 :                 break;
    1331             :         case EAP_AKA_SUBTYPE_NOTIFICATION:
    1332          12 :                 res = eap_aka_process_notification(sm, data, id, reqData,
    1333             :                                                    &attr);
    1334          12 :                 break;
    1335             :         case EAP_AKA_SUBTYPE_REAUTHENTICATION:
    1336          16 :                 res = eap_aka_process_reauthentication(sm, data, id, reqData,
    1337             :                                                        &attr);
    1338          16 :                 break;
    1339             :         case EAP_AKA_SUBTYPE_CLIENT_ERROR:
    1340           1 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Client-Error");
    1341           1 :                 res = eap_aka_client_error(data, id,
    1342             :                                            EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1343           1 :                 break;
    1344             :         default:
    1345           1 :                 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown subtype=%d", subtype);
    1346           1 :                 res = eap_aka_client_error(data, id,
    1347             :                                            EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    1348           1 :                 break;
    1349             :         }
    1350             : 
    1351             : done:
    1352         205 :         if (data->state == FAILURE) {
    1353          82 :                 ret->decision = DECISION_FAIL;
    1354          82 :                 ret->methodState = METHOD_DONE;
    1355         123 :         } else if (data->state == SUCCESS) {
    1356          37 :                 ret->decision = data->use_result_ind ?
    1357             :                         DECISION_UNCOND_SUCC : DECISION_COND_SUCC;
    1358             :                 /*
    1359             :                  * It is possible for the server to reply with AKA
    1360             :                  * Notification, so we must allow the method to continue and
    1361             :                  * not only accept EAP-Success at this point.
    1362             :                  */
    1363          37 :                 ret->methodState = data->use_result_ind ?
    1364             :                         METHOD_DONE : METHOD_MAY_CONT;
    1365          86 :         } else if (data->state == RESULT_SUCCESS)
    1366           4 :                 ret->methodState = METHOD_CONT;
    1367             : 
    1368         205 :         if (ret->methodState == METHOD_DONE) {
    1369          86 :                 ret->allowNotifications = FALSE;
    1370             :         }
    1371             : 
    1372         205 :         return res;
    1373             : }
    1374             : 
    1375             : 
    1376          48 : static Boolean eap_aka_has_reauth_data(struct eap_sm *sm, void *priv)
    1377             : {
    1378          48 :         struct eap_aka_data *data = priv;
    1379          48 :         return data->pseudonym || data->reauth_id;
    1380             : }
    1381             : 
    1382             : 
    1383          22 : static void eap_aka_deinit_for_reauth(struct eap_sm *sm, void *priv)
    1384             : {
    1385          22 :         struct eap_aka_data *data = priv;
    1386          22 :         eap_aka_clear_identities(sm, data, CLEAR_EAP_ID);
    1387          22 :         data->prev_id = -1;
    1388          22 :         wpabuf_free(data->id_msgs);
    1389          22 :         data->id_msgs = NULL;
    1390          22 :         data->use_result_ind = 0;
    1391          22 :         data->kdf_negotiation = 0;
    1392          22 :         eap_aka_clear_keys(data, 1);
    1393          22 : }
    1394             : 
    1395             : 
    1396          18 : static void * eap_aka_init_for_reauth(struct eap_sm *sm, void *priv)
    1397             : {
    1398          18 :         struct eap_aka_data *data = priv;
    1399          18 :         data->num_id_req = 0;
    1400          18 :         data->num_notification = 0;
    1401          18 :         eap_aka_state(data, CONTINUE);
    1402          18 :         return priv;
    1403             : }
    1404             : 
    1405             : 
    1406          18 : static const u8 * eap_aka_get_identity(struct eap_sm *sm, void *priv,
    1407             :                                        size_t *len)
    1408             : {
    1409          18 :         struct eap_aka_data *data = priv;
    1410             : 
    1411          18 :         if (data->reauth_id) {
    1412          18 :                 *len = data->reauth_id_len;
    1413          18 :                 return data->reauth_id;
    1414             :         }
    1415             : 
    1416           0 :         if (data->pseudonym) {
    1417           0 :                 *len = data->pseudonym_len;
    1418           0 :                 return data->pseudonym;
    1419             :         }
    1420             : 
    1421           0 :         return NULL;
    1422             : }
    1423             : 
    1424             : 
    1425         200 : static Boolean eap_aka_isKeyAvailable(struct eap_sm *sm, void *priv)
    1426             : {
    1427         200 :         struct eap_aka_data *data = priv;
    1428         200 :         return data->state == SUCCESS;
    1429             : }
    1430             : 
    1431             : 
    1432          35 : static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len)
    1433             : {
    1434          35 :         struct eap_aka_data *data = priv;
    1435             :         u8 *key;
    1436             : 
    1437          35 :         if (data->state != SUCCESS)
    1438           0 :                 return NULL;
    1439             : 
    1440          35 :         key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
    1441          35 :         if (key == NULL)
    1442           0 :                 return NULL;
    1443             : 
    1444          35 :         *len = EAP_SIM_KEYING_DATA_LEN;
    1445          35 :         os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
    1446             : 
    1447          35 :         return key;
    1448             : }
    1449             : 
    1450             : 
    1451          34 : static u8 * eap_aka_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
    1452             : {
    1453          34 :         struct eap_aka_data *data = priv;
    1454             :         u8 *id;
    1455             : 
    1456          34 :         if (data->state != SUCCESS)
    1457           0 :                 return NULL;
    1458             : 
    1459          34 :         *len = 1 + EAP_AKA_RAND_LEN + EAP_AKA_AUTN_LEN;
    1460          34 :         id = os_malloc(*len);
    1461          34 :         if (id == NULL)
    1462           0 :                 return NULL;
    1463             : 
    1464          34 :         id[0] = data->eap_method;
    1465          34 :         os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN);
    1466          34 :         os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, EAP_AKA_AUTN_LEN);
    1467          34 :         wpa_hexdump(MSG_DEBUG, "EAP-AKA: Derived Session-Id", id, *len);
    1468             : 
    1469          34 :         return id;
    1470             : }
    1471             : 
    1472             : 
    1473           2 : static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
    1474             : {
    1475           2 :         struct eap_aka_data *data = priv;
    1476             :         u8 *key;
    1477             : 
    1478           2 :         if (data->state != SUCCESS)
    1479           0 :                 return NULL;
    1480             : 
    1481           2 :         key = os_malloc(EAP_EMSK_LEN);
    1482           2 :         if (key == NULL)
    1483           0 :                 return NULL;
    1484             : 
    1485           2 :         *len = EAP_EMSK_LEN;
    1486           2 :         os_memcpy(key, data->emsk, EAP_EMSK_LEN);
    1487             : 
    1488           2 :         return key;
    1489             : }
    1490             : 
    1491             : 
    1492          30 : int eap_peer_aka_register(void)
    1493             : {
    1494             :         struct eap_method *eap;
    1495             :         int ret;
    1496             : 
    1497          30 :         eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
    1498             :                                     EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA");
    1499          30 :         if (eap == NULL)
    1500           0 :                 return -1;
    1501             : 
    1502          30 :         eap->init = eap_aka_init;
    1503          30 :         eap->deinit = eap_aka_deinit;
    1504          30 :         eap->process = eap_aka_process;
    1505          30 :         eap->isKeyAvailable = eap_aka_isKeyAvailable;
    1506          30 :         eap->getKey = eap_aka_getKey;
    1507          30 :         eap->getSessionId = eap_aka_get_session_id;
    1508          30 :         eap->has_reauth_data = eap_aka_has_reauth_data;
    1509          30 :         eap->deinit_for_reauth = eap_aka_deinit_for_reauth;
    1510          30 :         eap->init_for_reauth = eap_aka_init_for_reauth;
    1511          30 :         eap->get_identity = eap_aka_get_identity;
    1512          30 :         eap->get_emsk = eap_aka_get_emsk;
    1513             : 
    1514          30 :         ret = eap_peer_method_register(eap);
    1515          30 :         if (ret)
    1516           0 :                 eap_peer_method_free(eap);
    1517          30 :         return ret;
    1518             : }
    1519             : 
    1520             : 
    1521             : #ifdef EAP_AKA_PRIME
    1522          30 : int eap_peer_aka_prime_register(void)
    1523             : {
    1524             :         struct eap_method *eap;
    1525             :         int ret;
    1526             : 
    1527          30 :         eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
    1528             :                                     EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME,
    1529             :                                     "AKA'");
    1530          30 :         if (eap == NULL)
    1531           0 :                 return -1;
    1532             : 
    1533          30 :         eap->init = eap_aka_prime_init;
    1534          30 :         eap->deinit = eap_aka_deinit;
    1535          30 :         eap->process = eap_aka_process;
    1536          30 :         eap->isKeyAvailable = eap_aka_isKeyAvailable;
    1537          30 :         eap->getKey = eap_aka_getKey;
    1538          30 :         eap->getSessionId = eap_aka_get_session_id;
    1539          30 :         eap->has_reauth_data = eap_aka_has_reauth_data;
    1540          30 :         eap->deinit_for_reauth = eap_aka_deinit_for_reauth;
    1541          30 :         eap->init_for_reauth = eap_aka_init_for_reauth;
    1542          30 :         eap->get_identity = eap_aka_get_identity;
    1543          30 :         eap->get_emsk = eap_aka_get_emsk;
    1544             : 
    1545          30 :         ret = eap_peer_method_register(eap);
    1546          30 :         if (ret)
    1547           0 :                 eap_peer_method_free(eap);
    1548             : 
    1549          30 :         return ret;
    1550             : }
    1551             : #endif /* EAP_AKA_PRIME */

Generated by: LCOV version 1.10