LCOV - code coverage report
Current view: top level - src/eap_peer - eap_sim.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 572 634 90.2 %
Date: 2015-02-03 Functions: 32 32 100.0 %

          Line data    Source code
       1             : /*
       2             :  * EAP peer method: EAP-SIM (RFC 4186)
       3             :  * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "pcsc_funcs.h"
      13             : #include "crypto/milenage.h"
      14             : #include "crypto/random.h"
      15             : #include "eap_peer/eap_i.h"
      16             : #include "eap_config.h"
      17             : #include "eap_common/eap_sim_common.h"
      18             : 
      19             : 
      20             : struct eap_sim_data {
      21             :         u8 *ver_list;
      22             :         size_t ver_list_len;
      23             :         int selected_version;
      24             :         size_t min_num_chal, num_chal;
      25             : 
      26             :         u8 kc[3][EAP_SIM_KC_LEN];
      27             :         u8 sres[3][EAP_SIM_SRES_LEN];
      28             :         u8 nonce_mt[EAP_SIM_NONCE_MT_LEN], nonce_s[EAP_SIM_NONCE_S_LEN];
      29             :         u8 mk[EAP_SIM_MK_LEN];
      30             :         u8 k_aut[EAP_SIM_K_AUT_LEN];
      31             :         u8 k_encr[EAP_SIM_K_ENCR_LEN];
      32             :         u8 msk[EAP_SIM_KEYING_DATA_LEN];
      33             :         u8 emsk[EAP_EMSK_LEN];
      34             :         u8 rand[3][GSM_RAND_LEN];
      35             : 
      36             :         int num_id_req, num_notification;
      37             :         u8 *pseudonym;
      38             :         size_t pseudonym_len;
      39             :         u8 *reauth_id;
      40             :         size_t reauth_id_len;
      41             :         int reauth;
      42             :         unsigned int counter, counter_too_small;
      43             :         u8 *last_eap_identity;
      44             :         size_t last_eap_identity_len;
      45             :         enum {
      46             :                 CONTINUE, RESULT_SUCCESS, SUCCESS, FAILURE
      47             :         } state;
      48             :         int result_ind, use_result_ind;
      49             : };
      50             : 
      51             : 
      52             : #ifndef CONFIG_NO_STDOUT_DEBUG
      53         262 : static const char * eap_sim_state_txt(int state)
      54             : {
      55         262 :         switch (state) {
      56             :         case CONTINUE:
      57         185 :                 return "CONTINUE";
      58             :         case RESULT_SUCCESS:
      59           4 :                 return "RESULT_SUCCESS";
      60             :         case SUCCESS:
      61          34 :                 return "SUCCESS";
      62             :         case FAILURE:
      63          39 :                 return "FAILURE";
      64             :         default:
      65           0 :                 return "?";
      66             :         }
      67             : }
      68             : #endif /* CONFIG_NO_STDOUT_DEBUG */
      69             : 
      70             : 
      71         131 : static void eap_sim_state(struct eap_sim_data *data, int state)
      72             : {
      73         262 :         wpa_printf(MSG_DEBUG, "EAP-SIM: %s -> %s",
      74         131 :                    eap_sim_state_txt(data->state),
      75             :                    eap_sim_state_txt(state));
      76         131 :         data->state = state;
      77         131 : }
      78             : 
      79             : 
      80          58 : static void * eap_sim_init(struct eap_sm *sm)
      81             : {
      82             :         struct eap_sim_data *data;
      83          58 :         struct eap_peer_config *config = eap_get_config(sm);
      84             : 
      85          58 :         data = os_zalloc(sizeof(*data));
      86          58 :         if (data == NULL)
      87           0 :                 return NULL;
      88             : 
      89          58 :         if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
      90           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
      91             :                            "for NONCE_MT");
      92           0 :                 os_free(data);
      93           0 :                 return NULL;
      94             :         }
      95             : 
      96          58 :         data->min_num_chal = 2;
      97          58 :         if (config && config->phase1) {
      98           4 :                 char *pos = os_strstr(config->phase1, "sim_min_num_chal=");
      99           4 :                 if (pos) {
     100           3 :                         data->min_num_chal = atoi(pos + 17);
     101           3 :                         if (data->min_num_chal < 2 || data->min_num_chal > 3) {
     102           2 :                                 wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
     103             :                                            "sim_min_num_chal configuration "
     104             :                                            "(%lu, expected 2 or 3)",
     105             :                                            (unsigned long) data->min_num_chal);
     106           2 :                                 os_free(data);
     107           2 :                                 return NULL;
     108             :                         }
     109           1 :                         wpa_printf(MSG_DEBUG, "EAP-SIM: Set minimum number of "
     110             :                                    "challenges to %lu",
     111             :                                    (unsigned long) data->min_num_chal);
     112             :                 }
     113             : 
     114           2 :                 data->result_ind = os_strstr(config->phase1, "result_ind=1") !=
     115             :                         NULL;
     116             :         }
     117             : 
     118          56 :         if (config && config->anonymous_identity) {
     119           1 :                 data->pseudonym = os_malloc(config->anonymous_identity_len);
     120           1 :                 if (data->pseudonym) {
     121           1 :                         os_memcpy(data->pseudonym, config->anonymous_identity,
     122             :                                   config->anonymous_identity_len);
     123           1 :                         data->pseudonym_len = config->anonymous_identity_len;
     124             :                 }
     125             :         }
     126             : 
     127          56 :         eap_sim_state(data, CONTINUE);
     128             : 
     129          56 :         return data;
     130             : }
     131             : 
     132             : 
     133          67 : static void eap_sim_clear_keys(struct eap_sim_data *data, int reauth)
     134             : {
     135          67 :         if (!reauth) {
     136          56 :                 os_memset(data->mk, 0, EAP_SIM_MK_LEN);
     137          56 :                 os_memset(data->k_aut, 0, EAP_SIM_K_AUT_LEN);
     138          56 :                 os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN);
     139             :         }
     140          67 :         os_memset(data->kc, 0, 3 * EAP_SIM_KC_LEN);
     141          67 :         os_memset(data->sres, 0, 3 * EAP_SIM_SRES_LEN);
     142          67 :         os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN);
     143          67 :         os_memset(data->emsk, 0, EAP_EMSK_LEN);
     144          67 : }
     145             : 
     146             : 
     147          56 : static void eap_sim_deinit(struct eap_sm *sm, void *priv)
     148             : {
     149          56 :         struct eap_sim_data *data = priv;
     150          56 :         if (data) {
     151          56 :                 os_free(data->ver_list);
     152          56 :                 os_free(data->pseudonym);
     153          56 :                 os_free(data->reauth_id);
     154          56 :                 os_free(data->last_eap_identity);
     155          56 :                 eap_sim_clear_keys(data, 0);
     156          56 :                 os_free(data);
     157             :         }
     158          56 : }
     159             : 
     160             : 
     161          11 : static int eap_sim_ext_sim_req(struct eap_sm *sm, struct eap_sim_data *data)
     162             : {
     163             :         char req[200], *pos, *end;
     164             :         size_t i;
     165             : 
     166          11 :         wpa_printf(MSG_DEBUG, "EAP-SIM: Use external SIM processing");
     167          11 :         pos = req;
     168          11 :         end = pos + sizeof(req);
     169          11 :         pos += os_snprintf(pos, end - pos, "GSM-AUTH");
     170          44 :         for (i = 0; i < data->num_chal; i++) {
     171          33 :                 pos += os_snprintf(pos, end - pos, ":");
     172          33 :                 pos += wpa_snprintf_hex(pos, end - pos, data->rand[i],
     173             :                                         GSM_RAND_LEN);
     174             :         }
     175             : 
     176          11 :         eap_sm_request_sim(sm, req);
     177          11 :         return 1;
     178             : }
     179             : 
     180             : 
     181          11 : static int eap_sim_ext_sim_result(struct eap_sm *sm, struct eap_sim_data *data,
     182             :                                   struct eap_peer_config *conf)
     183             : {
     184             :         char *resp, *pos;
     185             :         size_t i;
     186             : 
     187          11 :         wpa_printf(MSG_DEBUG,
     188             :                    "EAP-SIM: Use result from external SIM processing");
     189             : 
     190          11 :         resp = conf->external_sim_resp;
     191          11 :         conf->external_sim_resp = NULL;
     192             : 
     193          11 :         if (os_strncmp(resp, "GSM-AUTH:", 9) != 0) {
     194           1 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Unrecognized external SIM processing response");
     195           1 :                 os_free(resp);
     196           1 :                 return -1;
     197             :         }
     198             : 
     199          10 :         pos = resp + 9;
     200          23 :         for (i = 0; i < data->num_chal; i++) {
     201          19 :                 wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
     202          19 :                             data->rand[i], GSM_RAND_LEN);
     203             : 
     204          19 :                 if (hexstr2bin(pos, data->kc[i], EAP_SIM_KC_LEN) < 0)
     205           3 :                         goto invalid;
     206          16 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
     207          16 :                                 data->kc[i], EAP_SIM_KC_LEN);
     208          16 :                 pos += EAP_SIM_KC_LEN * 2;
     209          16 :                 if (*pos != ':')
     210           1 :                         goto invalid;
     211          15 :                 pos++;
     212             : 
     213          15 :                 if (hexstr2bin(pos, data->sres[i], EAP_SIM_SRES_LEN) < 0)
     214           1 :                         goto invalid;
     215          14 :                 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
     216          14 :                                 data->sres[i], EAP_SIM_SRES_LEN);
     217          14 :                 pos += EAP_SIM_SRES_LEN * 2;
     218          14 :                 if (i + 1 < data->num_chal) {
     219          10 :                         if (*pos != ':')
     220           1 :                                 goto invalid;
     221           9 :                         pos++;
     222             :                 }
     223             :         }
     224             : 
     225           4 :         os_free(resp);
     226           4 :         return 0;
     227             : 
     228             : invalid:
     229           6 :         wpa_printf(MSG_DEBUG, "EAP-SIM: Invalid external SIM processing GSM-AUTH response");
     230           6 :         os_free(resp);
     231           6 :         return -1;
     232             : }
     233             : 
     234             : 
     235          44 : static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
     236             : {
     237             :         struct eap_peer_config *conf;
     238             : 
     239          44 :         wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
     240             : 
     241          44 :         conf = eap_get_config(sm);
     242          44 :         if (conf == NULL)
     243           0 :                 return -1;
     244             : 
     245          44 :         if (sm->external_sim) {
     246          22 :                 if (conf->external_sim_resp)
     247          11 :                         return eap_sim_ext_sim_result(sm, data, conf);
     248             :                 else
     249          11 :                         return eap_sim_ext_sim_req(sm, data);
     250             :         }
     251             : 
     252          22 :         if (conf->pcsc) {
     253             :                 if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
     254             :                                    data->sres[0], data->kc[0]) ||
     255             :                     scard_gsm_auth(sm->scard_ctx, data->rand[1],
     256             :                                    data->sres[1], data->kc[1]) ||
     257             :                     (data->num_chal > 2 &&
     258             :                      scard_gsm_auth(sm->scard_ctx, data->rand[2],
     259             :                                     data->sres[2], data->kc[2]))) {
     260           0 :                         wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
     261             :                                    "authentication could not be completed");
     262           0 :                         return -1;
     263             :                 }
     264             :                 return 0;
     265             :         }
     266             : 
     267             : #ifdef CONFIG_SIM_SIMULATOR
     268          22 :         if (conf->password) {
     269             :                 u8 opc[16], k[16];
     270             :                 const char *pos;
     271             :                 size_t i;
     272          21 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
     273             :                            "implementation for authentication");
     274          21 :                 if (conf->password_len < 65) {
     275           1 :                         wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
     276             :                                    "password");
     277           1 :                         return -1;
     278             :                 }
     279          20 :                 pos = (const char *) conf->password;
     280          20 :                 if (hexstr2bin(pos, k, 16))
     281           1 :                         return -1;
     282          19 :                 pos += 32;
     283          19 :                 if (*pos != ':')
     284           1 :                         return -1;
     285          18 :                 pos++;
     286             : 
     287          18 :                 if (hexstr2bin(pos, opc, 16))
     288           1 :                         return -1;
     289             : 
     290          68 :                 for (i = 0; i < data->num_chal; i++) {
     291          51 :                         if (gsm_milenage(opc, k, data->rand[i],
     292          51 :                                          data->sres[i], data->kc[i])) {
     293           0 :                                 wpa_printf(MSG_DEBUG, "EAP-SIM: "
     294             :                                            "GSM-Milenage authentication "
     295             :                                            "could not be completed");
     296           0 :                                 return -1;
     297             :                         }
     298          51 :                         wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
     299          51 :                                     data->rand[i], GSM_RAND_LEN);
     300          51 :                         wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
     301          51 :                                         data->sres[i], EAP_SIM_SRES_LEN);
     302          51 :                         wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
     303          51 :                                         data->kc[i], EAP_SIM_KC_LEN);
     304             :                 }
     305          17 :                 return 0;
     306             :         }
     307             : #endif /* CONFIG_SIM_SIMULATOR */
     308             : 
     309             : #ifdef CONFIG_SIM_HARDCODED
     310             :         /* These hardcoded Kc and SRES values are used for testing. RAND to
     311             :          * KC/SREC mapping is very bogus as far as real authentication is
     312             :          * concerned, but it is quite useful for cases where the AS is rotating
     313             :          * the order of pre-configured values. */
     314             :         {
     315             :                 size_t i;
     316             : 
     317             :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
     318             :                            "values for testing");
     319             : 
     320             :                 for (i = 0; i < data->num_chal; i++) {
     321             :                         if (data->rand[i][0] == 0xaa) {
     322             :                                 os_memcpy(data->kc[i],
     323             :                                           "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
     324             :                                           EAP_SIM_KC_LEN);
     325             :                                 os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
     326             :                                           EAP_SIM_SRES_LEN);
     327             :                         } else if (data->rand[i][0] == 0xbb) {
     328             :                                 os_memcpy(data->kc[i],
     329             :                                           "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
     330             :                                           EAP_SIM_KC_LEN);
     331             :                                 os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
     332             :                                           EAP_SIM_SRES_LEN);
     333             :                         } else {
     334             :                                 os_memcpy(data->kc[i],
     335             :                                           "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
     336             :                                           EAP_SIM_KC_LEN);
     337             :                                 os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
     338             :                                           EAP_SIM_SRES_LEN);
     339             :                         }
     340             :                 }
     341             :         }
     342             : 
     343             :         return 0;
     344             : 
     345             : #else /* CONFIG_SIM_HARDCODED */
     346             : 
     347           1 :         wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
     348             :                    "enabled");
     349           1 :         return -1;
     350             : 
     351             : #endif /* CONFIG_SIM_HARDCODED */
     352             : }
     353             : 
     354             : 
     355          56 : static int eap_sim_supported_ver(int version)
     356             : {
     357          56 :         return version == EAP_SIM_VERSION;
     358             : }
     359             : 
     360             : 
     361             : #define CLEAR_PSEUDONYM 0x01
     362             : #define CLEAR_REAUTH_ID 0x02
     363             : #define CLEAR_EAP_ID    0x04
     364             : 
     365         128 : static void eap_sim_clear_identities(struct eap_sm *sm,
     366             :                                      struct eap_sim_data *data, int id)
     367             : {
     368         128 :         if ((id & CLEAR_PSEUDONYM) && data->pseudonym) {
     369           2 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old pseudonym");
     370           2 :                 os_free(data->pseudonym);
     371           2 :                 data->pseudonym = NULL;
     372           2 :                 data->pseudonym_len = 0;
     373           2 :                 eap_set_anon_id(sm, NULL, 0);
     374             :         }
     375         128 :         if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
     376           7 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old reauth_id");
     377           7 :                 os_free(data->reauth_id);
     378           7 :                 data->reauth_id = NULL;
     379           7 :                 data->reauth_id_len = 0;
     380             :         }
     381         128 :         if ((id & CLEAR_EAP_ID) && data->last_eap_identity) {
     382           1 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old eap_id");
     383           1 :                 os_free(data->last_eap_identity);
     384           1 :                 data->last_eap_identity = NULL;
     385           1 :                 data->last_eap_identity_len = 0;
     386             :         }
     387         128 : }
     388             : 
     389             : 
     390          25 : static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
     391             :                              struct eap_sim_attrs *attr)
     392             : {
     393          25 :         if (attr->next_pseudonym) {
     394          20 :                 const u8 *identity = NULL;
     395          20 :                 size_t identity_len = 0;
     396          20 :                 const u8 *realm = NULL;
     397          20 :                 size_t realm_len = 0;
     398             : 
     399          40 :                 wpa_hexdump_ascii(MSG_DEBUG,
     400             :                                   "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
     401          20 :                                   attr->next_pseudonym,
     402             :                                   attr->next_pseudonym_len);
     403          20 :                 os_free(data->pseudonym);
     404             :                 /* Look for the realm of the permanent identity */
     405          20 :                 identity = eap_get_config_identity(sm, &identity_len);
     406          20 :                 if (identity) {
     407         360 :                         for (realm = identity, realm_len = identity_len;
     408         320 :                              realm_len > 0; realm_len--, realm++) {
     409         328 :                                 if (*realm == '@')
     410           8 :                                         break;
     411             :                         }
     412             :                 }
     413          20 :                 data->pseudonym = os_malloc(attr->next_pseudonym_len +
     414             :                                             realm_len);
     415          20 :                 if (data->pseudonym == NULL) {
     416           0 :                         wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
     417             :                                    "next pseudonym");
     418           0 :                         data->pseudonym_len = 0;
     419           0 :                         return -1;
     420             :                 }
     421          20 :                 os_memcpy(data->pseudonym, attr->next_pseudonym,
     422             :                           attr->next_pseudonym_len);
     423          20 :                 if (realm_len) {
     424           8 :                         os_memcpy(data->pseudonym + attr->next_pseudonym_len,
     425             :                                   realm, realm_len);
     426             :                 }
     427          20 :                 data->pseudonym_len = attr->next_pseudonym_len + realm_len;
     428          20 :                 eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
     429             :         }
     430             : 
     431          25 :         if (attr->next_reauth_id) {
     432          24 :                 os_free(data->reauth_id);
     433          24 :                 data->reauth_id = os_malloc(attr->next_reauth_id_len);
     434          24 :                 if (data->reauth_id == NULL) {
     435           0 :                         wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
     436             :                                    "next reauth_id");
     437           0 :                         data->reauth_id_len = 0;
     438           0 :                         return -1;
     439             :                 }
     440          24 :                 os_memcpy(data->reauth_id, attr->next_reauth_id,
     441             :                           attr->next_reauth_id_len);
     442          24 :                 data->reauth_id_len = attr->next_reauth_id_len;
     443          48 :                 wpa_hexdump_ascii(MSG_DEBUG,
     444             :                                   "EAP-SIM: (encr) AT_NEXT_REAUTH_ID",
     445          24 :                                   data->reauth_id,
     446             :                                   data->reauth_id_len);
     447             :         }
     448             : 
     449          25 :         return 0;
     450             : }
     451             : 
     452             : 
     453          36 : static struct wpabuf * eap_sim_client_error(struct eap_sim_data *data, u8 id,
     454             :                                             int err)
     455             : {
     456             :         struct eap_sim_msg *msg;
     457             : 
     458          36 :         eap_sim_state(data, FAILURE);
     459          36 :         data->num_id_req = 0;
     460          36 :         data->num_notification = 0;
     461             : 
     462          36 :         wpa_printf(MSG_DEBUG, "EAP-SIM: Send Client-Error (error code %d)",
     463             :                    err);
     464          36 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
     465             :                                EAP_SIM_SUBTYPE_CLIENT_ERROR);
     466          36 :         eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
     467          36 :         return eap_sim_msg_finish(msg, EAP_TYPE_SIM, NULL, NULL, 0);
     468             : }
     469             : 
     470             : 
     471          52 : static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
     472             :                                               struct eap_sim_data *data, u8 id,
     473             :                                               enum eap_sim_id_req id_req)
     474             : {
     475          52 :         const u8 *identity = NULL;
     476          52 :         size_t identity_len = 0;
     477             :         struct eap_sim_msg *msg;
     478             : 
     479          52 :         data->reauth = 0;
     480          52 :         if (id_req == ANY_ID && data->reauth_id) {
     481           9 :                 identity = data->reauth_id;
     482           9 :                 identity_len = data->reauth_id_len;
     483           9 :                 data->reauth = 1;
     484          81 :         } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
     485          38 :                    data->pseudonym) {
     486           3 :                 identity = data->pseudonym;
     487           3 :                 identity_len = data->pseudonym_len;
     488           3 :                 eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
     489          40 :         } else if (id_req != NO_ID_REQ) {
     490          38 :                 identity = eap_get_config_identity(sm, &identity_len);
     491          38 :                 if (identity) {
     492          38 :                         eap_sim_clear_identities(sm, data, CLEAR_PSEUDONYM |
     493             :                                                  CLEAR_REAUTH_ID);
     494             :                 }
     495             :         }
     496          52 :         if (id_req != NO_ID_REQ)
     497          50 :                 eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
     498             : 
     499          52 :         wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
     500          52 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
     501             :                                EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
     502          52 :         if (!data->reauth) {
     503          43 :                 wpa_hexdump(MSG_DEBUG, "   AT_NONCE_MT",
     504          43 :                             data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
     505          43 :                 eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_MT, 0,
     506          43 :                                 data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
     507          43 :                 wpa_printf(MSG_DEBUG, "   AT_SELECTED_VERSION %d",
     508             :                            data->selected_version);
     509          43 :                 eap_sim_msg_add(msg, EAP_SIM_AT_SELECTED_VERSION,
     510          43 :                                 data->selected_version, NULL, 0);
     511             :         }
     512             : 
     513          52 :         if (identity) {
     514          50 :                 wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
     515             :                                   identity, identity_len);
     516          50 :                 eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
     517             :                                 identity, identity_len);
     518             :         }
     519             : 
     520          52 :         return eap_sim_msg_finish(msg, EAP_TYPE_SIM, NULL, NULL, 0);
     521             : }
     522             : 
     523             : 
     524          20 : static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
     525             :                                                   u8 id)
     526             : {
     527             :         struct eap_sim_msg *msg;
     528             : 
     529          20 :         wpa_printf(MSG_DEBUG, "Generating EAP-SIM Challenge (id=%d)", id);
     530          20 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
     531             :                                EAP_SIM_SUBTYPE_CHALLENGE);
     532          20 :         if (data->use_result_ind) {
     533           1 :                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
     534           1 :                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
     535             :         }
     536          20 :         wpa_printf(MSG_DEBUG, "   AT_MAC");
     537          20 :         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     538          40 :         return eap_sim_msg_finish(msg, EAP_TYPE_SIM, data->k_aut,
     539          20 :                                   (u8 *) data->sres,
     540          20 :                                   data->num_chal * EAP_SIM_SRES_LEN);
     541             : }
     542             : 
     543             : 
     544           6 : static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
     545             :                                                u8 id, int counter_too_small,
     546             :                                                const u8 *nonce_s)
     547             : {
     548             :         struct eap_sim_msg *msg;
     549             :         unsigned int counter;
     550             : 
     551           6 :         wpa_printf(MSG_DEBUG, "Generating EAP-SIM Reauthentication (id=%d)",
     552             :                    id);
     553           6 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
     554             :                                EAP_SIM_SUBTYPE_REAUTHENTICATION);
     555           6 :         wpa_printf(MSG_DEBUG, "   AT_IV");
     556           6 :         wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
     557           6 :         eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
     558             : 
     559           6 :         if (counter_too_small) {
     560           1 :                 wpa_printf(MSG_DEBUG, "   *AT_COUNTER_TOO_SMALL");
     561           1 :                 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
     562           1 :                 counter = data->counter_too_small;
     563             :         } else
     564           5 :                 counter = data->counter;
     565             : 
     566           6 :         wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", counter);
     567           6 :         eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
     568             : 
     569           6 :         if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
     570           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
     571             :                            "AT_ENCR_DATA");
     572           0 :                 eap_sim_msg_free(msg);
     573           0 :                 return NULL;
     574             :         }
     575           6 :         if (data->use_result_ind) {
     576           1 :                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
     577           1 :                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
     578             :         }
     579           6 :         wpa_printf(MSG_DEBUG, "   AT_MAC");
     580           6 :         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     581           6 :         return eap_sim_msg_finish(msg, EAP_TYPE_SIM, data->k_aut, nonce_s,
     582             :                                   EAP_SIM_NONCE_S_LEN);
     583             : }
     584             : 
     585             : 
     586           6 : static struct wpabuf * eap_sim_response_notification(struct eap_sim_data *data,
     587             :                                                      u8 id, u16 notification)
     588             : {
     589             :         struct eap_sim_msg *msg;
     590           6 :         u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
     591             : 
     592           6 :         wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)", id);
     593           6 :         msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
     594             :                                EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
     595           6 :         if (k_aut && data->reauth) {
     596           1 :                 wpa_printf(MSG_DEBUG, "   AT_IV");
     597           1 :                 wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
     598           1 :                 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
     599             :                                            EAP_SIM_AT_ENCR_DATA);
     600           1 :                 wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", data->counter);
     601           1 :                 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
     602             :                                 NULL, 0);
     603           1 :                 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
     604             :                                              EAP_SIM_AT_PADDING)) {
     605           0 :                         wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
     606             :                                    "AT_ENCR_DATA");
     607           0 :                         eap_sim_msg_free(msg);
     608           0 :                         return NULL;
     609             :                 }
     610             :         }
     611           6 :         if (k_aut) {
     612           2 :                 wpa_printf(MSG_DEBUG, "   AT_MAC");
     613           2 :                 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
     614             :         }
     615           6 :         return eap_sim_msg_finish(msg, EAP_TYPE_SIM, k_aut, (u8 *) "", 0);
     616             : }
     617             : 
     618             : 
     619          57 : static struct wpabuf * eap_sim_process_start(struct eap_sm *sm,
     620             :                                              struct eap_sim_data *data, u8 id,
     621             :                                              struct eap_sim_attrs *attr)
     622             : {
     623          57 :         int selected_version = -1, id_error;
     624             :         size_t i;
     625             :         u8 *pos;
     626             : 
     627          57 :         wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Start");
     628          57 :         if (attr->version_list == NULL) {
     629           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: No AT_VERSION_LIST in "
     630             :                            "SIM/Start");
     631           1 :                 return eap_sim_client_error(data, id,
     632             :                                             EAP_SIM_UNSUPPORTED_VERSION);
     633             :         }
     634             : 
     635          56 :         os_free(data->ver_list);
     636          56 :         data->ver_list = os_malloc(attr->version_list_len);
     637          56 :         if (data->ver_list == NULL) {
     638           0 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to allocate "
     639             :                            "memory for version list");
     640           0 :                 return eap_sim_client_error(data, id,
     641             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     642             :         }
     643          56 :         os_memcpy(data->ver_list, attr->version_list, attr->version_list_len);
     644          56 :         data->ver_list_len = attr->version_list_len;
     645          56 :         pos = data->ver_list;
     646          57 :         for (i = 0; i < data->ver_list_len / 2; i++) {
     647          56 :                 int ver = pos[0] * 256 + pos[1];
     648          56 :                 pos += 2;
     649          56 :                 if (eap_sim_supported_ver(ver)) {
     650          55 :                         selected_version = ver;
     651          55 :                         break;
     652             :                 }
     653             :         }
     654          56 :         if (selected_version < 0) {
     655           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: Could not find a supported "
     656             :                            "version");
     657           1 :                 return eap_sim_client_error(data, id,
     658             :                                             EAP_SIM_UNSUPPORTED_VERSION);
     659             :         }
     660          55 :         wpa_printf(MSG_DEBUG, "EAP-SIM: Selected Version %d",
     661             :                    selected_version);
     662          55 :         data->selected_version = selected_version;
     663             : 
     664          55 :         id_error = 0;
     665          55 :         switch (attr->id_req) {
     666             :         case NO_ID_REQ:
     667           2 :                 break;
     668             :         case ANY_ID:
     669          44 :                 if (data->num_id_req > 0)
     670           1 :                         id_error++;
     671          44 :                 data->num_id_req++;
     672          44 :                 break;
     673             :         case FULLAUTH_ID:
     674           5 :                 if (data->num_id_req > 1)
     675           1 :                         id_error++;
     676           5 :                 data->num_id_req++;
     677           5 :                 break;
     678             :         case PERMANENT_ID:
     679           4 :                 if (data->num_id_req > 2)
     680           1 :                         id_error++;
     681           4 :                 data->num_id_req++;
     682           4 :                 break;
     683             :         }
     684          55 :         if (id_error) {
     685           3 :                 wpa_printf(MSG_INFO, "EAP-SIM: Too many ID requests "
     686             :                            "used within one authentication");
     687           3 :                 return eap_sim_client_error(data, id,
     688             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     689             :         }
     690             : 
     691          52 :         return eap_sim_response_start(sm, data, id, attr->id_req);
     692             : }
     693             : 
     694             : 
     695          49 : static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
     696             :                                                  struct eap_sim_data *data,
     697             :                                                  u8 id,
     698             :                                                  const struct wpabuf *reqData,
     699             :                                                  struct eap_sim_attrs *attr)
     700             : {
     701             :         const u8 *identity;
     702             :         size_t identity_len;
     703             :         struct eap_sim_attrs eattr;
     704             :         int res;
     705             : 
     706          49 :         wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Challenge");
     707          49 :         data->reauth = 0;
     708          49 :         if (!attr->mac || !attr->rand) {
     709           4 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
     710             :                            "did not include%s%s",
     711           2 :                            !attr->mac ? " AT_MAC" : "",
     712           2 :                            !attr->rand ? " AT_RAND" : "");
     713           2 :                 return eap_sim_client_error(data, id,
     714             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     715             :         }
     716             : 
     717          47 :         wpa_printf(MSG_DEBUG, "EAP-SIM: %lu challenges",
     718             :                    (unsigned long) attr->num_chal);
     719          47 :         if (attr->num_chal < data->min_num_chal) {
     720           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: Insufficient number of "
     721             :                            "challenges (%lu)", (unsigned long) attr->num_chal);
     722           1 :                 return eap_sim_client_error(data, id,
     723             :                                             EAP_SIM_INSUFFICIENT_NUM_OF_CHAL);
     724             :         }
     725          46 :         if (attr->num_chal > 3) {
     726           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: Too many challenges "
     727             :                            "(%lu)", (unsigned long) attr->num_chal);
     728           1 :                 return eap_sim_client_error(data, id,
     729             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     730             :         }
     731             : 
     732             :         /* Verify that RANDs are different */
     733          45 :         if (os_memcmp(attr->rand, attr->rand + GSM_RAND_LEN,
     734          45 :                    GSM_RAND_LEN) == 0 ||
     735          90 :             (attr->num_chal > 2 &&
     736          45 :              (os_memcmp(attr->rand, attr->rand + 2 * GSM_RAND_LEN,
     737          44 :                         GSM_RAND_LEN) == 0 ||
     738          44 :               os_memcmp(attr->rand + GSM_RAND_LEN,
     739             :                         attr->rand + 2 * GSM_RAND_LEN,
     740             :                         GSM_RAND_LEN) == 0))) {
     741           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: Same RAND used multiple times");
     742           1 :                 return eap_sim_client_error(data, id,
     743             :                                             EAP_SIM_RAND_NOT_FRESH);
     744             :         }
     745             : 
     746          44 :         os_memcpy(data->rand, attr->rand, attr->num_chal * GSM_RAND_LEN);
     747          44 :         data->num_chal = attr->num_chal;
     748             : 
     749          44 :         res = eap_sim_gsm_auth(sm, data);
     750          44 :         if (res > 0) {
     751          11 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Wait for external SIM processing");
     752          11 :                 return NULL;
     753             :         }
     754          33 :         if (res) {
     755          12 :                 wpa_printf(MSG_WARNING, "EAP-SIM: GSM authentication failed");
     756          12 :                 return eap_sim_client_error(data, id,
     757             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     758             :         }
     759          21 :         if (data->last_eap_identity) {
     760           1 :                 identity = data->last_eap_identity;
     761           1 :                 identity_len = data->last_eap_identity_len;
     762          20 :         } else if (data->pseudonym) {
     763           1 :                 identity = data->pseudonym;
     764           1 :                 identity_len = data->pseudonym_len;
     765             :         } else
     766          19 :                 identity = eap_get_config_identity(sm, &identity_len);
     767          21 :         wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Selected identity for MK "
     768             :                           "derivation", identity, identity_len);
     769          42 :         eap_sim_derive_mk(identity, identity_len, data->nonce_mt,
     770          21 :                           data->selected_version, data->ver_list,
     771          21 :                           data->ver_list_len, data->num_chal,
     772          21 :                           (const u8 *) data->kc, data->mk);
     773          21 :         eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
     774          21 :                             data->emsk);
     775          21 :         if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, data->nonce_mt,
     776             :                                EAP_SIM_NONCE_MT_LEN)) {
     777           1 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
     778             :                            "used invalid AT_MAC");
     779           1 :                 return eap_sim_client_error(data, id,
     780             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     781             :         }
     782             : 
     783             :         /* Old reauthentication identity must not be used anymore. In
     784             :          * other words, if no new reauth identity is received, full
     785             :          * authentication will be used on next reauthentication (using
     786             :          * pseudonym identity or permanent identity). */
     787          20 :         eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
     788             : 
     789          20 :         if (attr->encr_data) {
     790             :                 u8 *decrypted;
     791          20 :                 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
     792             :                                                attr->encr_data_len, attr->iv,
     793             :                                                &eattr, 0);
     794          20 :                 if (decrypted == NULL) {
     795           0 :                         return eap_sim_client_error(
     796             :                                 data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     797             :                 }
     798          20 :                 eap_sim_learn_ids(sm, data, &eattr);
     799          20 :                 os_free(decrypted);
     800             :         }
     801             : 
     802          20 :         if (data->result_ind && attr->result_ind)
     803           1 :                 data->use_result_ind = 1;
     804             : 
     805          20 :         if (data->state != FAILURE) {
     806          20 :                 eap_sim_state(data, data->use_result_ind ?
     807             :                               RESULT_SUCCESS : SUCCESS);
     808             :         }
     809             : 
     810          20 :         data->num_id_req = 0;
     811          20 :         data->num_notification = 0;
     812             :         /* RFC 4186 specifies that counter is initialized to one after
     813             :          * fullauth, but initializing it to zero makes it easier to implement
     814             :          * reauth verification. */
     815          20 :         data->counter = 0;
     816          20 :         return eap_sim_response_challenge(data, id);
     817             : }
     818             : 
     819             : 
     820           1 : static int eap_sim_process_notification_reauth(struct eap_sim_data *data,
     821             :                                                struct eap_sim_attrs *attr)
     822             : {
     823             :         struct eap_sim_attrs eattr;
     824             :         u8 *decrypted;
     825             : 
     826           1 :         if (attr->encr_data == NULL || attr->iv == NULL) {
     827           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Notification message after "
     828             :                            "reauth did not include encrypted data");
     829           0 :                 return -1;
     830             :         }
     831             : 
     832           1 :         decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
     833             :                                        attr->encr_data_len, attr->iv, &eattr,
     834             :                                        0);
     835           1 :         if (decrypted == NULL) {
     836           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
     837             :                            "data from notification message");
     838           0 :                 return -1;
     839             :         }
     840             : 
     841           1 :         if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
     842           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Counter in notification "
     843             :                            "message does not match with counter in reauth "
     844             :                            "message");
     845           0 :                 os_free(decrypted);
     846           0 :                 return -1;
     847             :         }
     848             : 
     849           1 :         os_free(decrypted);
     850           1 :         return 0;
     851             : }
     852             : 
     853             : 
     854           4 : static int eap_sim_process_notification_auth(struct eap_sim_data *data,
     855             :                                              const struct wpabuf *reqData,
     856             :                                              struct eap_sim_attrs *attr)
     857             : {
     858           4 :         if (attr->mac == NULL) {
     859           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: no AT_MAC in after_auth "
     860             :                            "Notification message");
     861           1 :                 return -1;
     862             :         }
     863             : 
     864           3 :         if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
     865             :         {
     866           1 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Notification message "
     867             :                            "used invalid AT_MAC");
     868           1 :                 return -1;
     869             :         }
     870             : 
     871           3 :         if (data->reauth &&
     872           1 :             eap_sim_process_notification_reauth(data, attr)) {
     873           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Invalid notification "
     874             :                            "message after reauth");
     875           0 :                 return -1;
     876             :         }
     877             : 
     878           2 :         return 0;
     879             : }
     880             : 
     881             : 
     882          10 : static struct wpabuf * eap_sim_process_notification(
     883             :         struct eap_sm *sm, struct eap_sim_data *data, u8 id,
     884             :         const struct wpabuf *reqData, struct eap_sim_attrs *attr)
     885             : {
     886          10 :         wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Notification");
     887          10 :         if (data->num_notification > 0) {
     888           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: too many notification "
     889             :                            "rounds (only one allowed)");
     890           1 :                 return eap_sim_client_error(data, id,
     891             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     892             :         }
     893           9 :         data->num_notification++;
     894           9 :         if (attr->notification == -1) {
     895           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: no AT_NOTIFICATION in "
     896             :                            "Notification message");
     897           1 :                 return eap_sim_client_error(data, id,
     898             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     899             :         }
     900             : 
     901          12 :         if ((attr->notification & 0x4000) == 0 &&
     902           4 :             eap_sim_process_notification_auth(data, reqData, attr)) {
     903           2 :                 return eap_sim_client_error(data, id,
     904             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     905             :         }
     906             : 
     907           6 :         eap_sim_report_notification(sm->msg_ctx, attr->notification, 0);
     908           6 :         if (attr->notification >= 0 && attr->notification < 32768) {
     909           3 :                 eap_sim_state(data, FAILURE);
     910           5 :         } else if (attr->notification == EAP_SIM_SUCCESS &&
     911           2 :                    data->state == RESULT_SUCCESS)
     912           2 :                 eap_sim_state(data, SUCCESS);
     913           6 :         return eap_sim_response_notification(data, id, attr->notification);
     914             : }
     915             : 
     916             : 
     917           8 : static struct wpabuf * eap_sim_process_reauthentication(
     918             :         struct eap_sm *sm, struct eap_sim_data *data, u8 id,
     919             :         const struct wpabuf *reqData, struct eap_sim_attrs *attr)
     920             : {
     921             :         struct eap_sim_attrs eattr;
     922             :         u8 *decrypted;
     923             : 
     924           8 :         wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Reauthentication");
     925             : 
     926           8 :         if (data->reauth_id == NULL) {
     927           1 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Server is trying "
     928             :                            "reauthentication, but no reauth_id available");
     929           1 :                 return eap_sim_client_error(data, id,
     930             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     931             :         }
     932             : 
     933           7 :         data->reauth = 1;
     934           7 :         if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
     935             :         {
     936           1 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
     937             :                            "did not have valid AT_MAC");
     938           1 :                 return eap_sim_client_error(data, id,
     939             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     940             :         }
     941             : 
     942           6 :         if (attr->encr_data == NULL || attr->iv == NULL) {
     943           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
     944             :                            "message did not include encrypted data");
     945           0 :                 return eap_sim_client_error(data, id,
     946             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     947             :         }
     948             : 
     949           6 :         decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
     950             :                                        attr->encr_data_len, attr->iv, &eattr,
     951             :                                        0);
     952           6 :         if (decrypted == NULL) {
     953           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
     954             :                            "data from reauthentication message");
     955           0 :                 return eap_sim_client_error(data, id,
     956             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     957             :         }
     958             : 
     959           6 :         if (eattr.nonce_s == NULL || eattr.counter < 0) {
     960           0 :                 wpa_printf(MSG_INFO, "EAP-SIM: (encr) No%s%s in reauth packet",
     961           0 :                            !eattr.nonce_s ? " AT_NONCE_S" : "",
     962           0 :                            eattr.counter < 0 ? " AT_COUNTER" : "");
     963           0 :                 os_free(decrypted);
     964           0 :                 return eap_sim_client_error(data, id,
     965             :                                             EAP_SIM_UNABLE_TO_PROCESS_PACKET);
     966             :         }
     967             : 
     968           6 :         if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
     969             :                 struct wpabuf *res;
     970           1 :                 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid counter "
     971             :                            "(%d <= %d)", eattr.counter, data->counter);
     972           1 :                 data->counter_too_small = eattr.counter;
     973             : 
     974             :                 /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
     975             :                  * reauth_id must not be used to start a new reauthentication.
     976             :                  * However, since it was used in the last EAP-Response-Identity
     977             :                  * packet, it has to saved for the following fullauth to be
     978             :                  * used in MK derivation. */
     979           1 :                 os_free(data->last_eap_identity);
     980           1 :                 data->last_eap_identity = data->reauth_id;
     981           1 :                 data->last_eap_identity_len = data->reauth_id_len;
     982           1 :                 data->reauth_id = NULL;
     983           1 :                 data->reauth_id_len = 0;
     984             : 
     985           1 :                 res = eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
     986           1 :                 os_free(decrypted);
     987             : 
     988           1 :                 return res;
     989             :         }
     990           5 :         data->counter = eattr.counter;
     991             : 
     992           5 :         os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
     993           5 :         wpa_hexdump(MSG_DEBUG, "EAP-SIM: (encr) AT_NONCE_S",
     994           5 :                     data->nonce_s, EAP_SIM_NONCE_S_LEN);
     995             : 
     996          10 :         eap_sim_derive_keys_reauth(data->counter,
     997           5 :                                    data->reauth_id, data->reauth_id_len,
     998           5 :                                    data->nonce_s, data->mk, data->msk,
     999           5 :                                    data->emsk);
    1000           5 :         eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    1001           5 :         eap_sim_learn_ids(sm, data, &eattr);
    1002             : 
    1003           5 :         if (data->result_ind && attr->result_ind)
    1004           1 :                 data->use_result_ind = 1;
    1005             : 
    1006           5 :         if (data->state != FAILURE) {
    1007           5 :                 eap_sim_state(data, data->use_result_ind ?
    1008             :                               RESULT_SUCCESS : SUCCESS);
    1009             :         }
    1010             : 
    1011           5 :         data->num_id_req = 0;
    1012           5 :         data->num_notification = 0;
    1013           5 :         if (data->counter > EAP_SIM_MAX_FAST_REAUTHS) {
    1014           1 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Maximum number of "
    1015             :                            "fast reauths performed - force fullauth");
    1016           1 :                 eap_sim_clear_identities(sm, data,
    1017             :                                          CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    1018             :         }
    1019           5 :         os_free(decrypted);
    1020           5 :         return eap_sim_response_reauth(data, id, 0, data->nonce_s);
    1021             : }
    1022             : 
    1023             : 
    1024         132 : static struct wpabuf * eap_sim_process(struct eap_sm *sm, void *priv,
    1025             :                                        struct eap_method_ret *ret,
    1026             :                                        const struct wpabuf *reqData)
    1027             : {
    1028         132 :         struct eap_sim_data *data = priv;
    1029             :         const struct eap_hdr *req;
    1030             :         u8 subtype, id;
    1031             :         struct wpabuf *res;
    1032             :         const u8 *pos;
    1033             :         struct eap_sim_attrs attr;
    1034             :         size_t len;
    1035             : 
    1036         132 :         wpa_hexdump_buf(MSG_DEBUG, "EAP-SIM: EAP data", reqData);
    1037         132 :         if (eap_get_config_identity(sm, &len) == NULL) {
    1038           0 :                 wpa_printf(MSG_INFO, "EAP-SIM: Identity not configured");
    1039           0 :                 eap_sm_request_identity(sm);
    1040           0 :                 ret->ignore = TRUE;
    1041           0 :                 return NULL;
    1042             :         }
    1043             : 
    1044         132 :         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, reqData, &len);
    1045         132 :         if (pos == NULL || len < 1) {
    1046           1 :                 ret->ignore = TRUE;
    1047           1 :                 return NULL;
    1048             :         }
    1049         131 :         req = wpabuf_head(reqData);
    1050         131 :         id = req->identifier;
    1051         131 :         len = be_to_host16(req->length);
    1052             : 
    1053         131 :         ret->ignore = FALSE;
    1054         131 :         ret->methodState = METHOD_MAY_CONT;
    1055         131 :         ret->decision = DECISION_FAIL;
    1056         131 :         ret->allowNotifications = TRUE;
    1057             : 
    1058         131 :         subtype = *pos++;
    1059         131 :         wpa_printf(MSG_DEBUG, "EAP-SIM: Subtype=%d", subtype);
    1060         131 :         pos += 2; /* Reserved */
    1061             : 
    1062         131 :         if (eap_sim_parse_attr(pos, wpabuf_head_u8(reqData) + len, &attr, 0,
    1063             :                                0)) {
    1064           5 :                 res = eap_sim_client_error(data, id,
    1065             :                                            EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    1066           5 :                 goto done;
    1067             :         }
    1068             : 
    1069         126 :         switch (subtype) {
    1070             :         case EAP_SIM_SUBTYPE_START:
    1071          57 :                 res = eap_sim_process_start(sm, data, id, &attr);
    1072          57 :                 break;
    1073             :         case EAP_SIM_SUBTYPE_CHALLENGE:
    1074          49 :                 res = eap_sim_process_challenge(sm, data, id, reqData, &attr);
    1075          49 :                 break;
    1076             :         case EAP_SIM_SUBTYPE_NOTIFICATION:
    1077          10 :                 res = eap_sim_process_notification(sm, data, id, reqData,
    1078             :                                                    &attr);
    1079          10 :                 break;
    1080             :         case EAP_SIM_SUBTYPE_REAUTHENTICATION:
    1081           8 :                 res = eap_sim_process_reauthentication(sm, data, id, reqData,
    1082             :                                                        &attr);
    1083           8 :                 break;
    1084             :         case EAP_SIM_SUBTYPE_CLIENT_ERROR:
    1085           1 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Client-Error");
    1086           1 :                 res = eap_sim_client_error(data, id,
    1087             :                                            EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    1088           1 :                 break;
    1089             :         default:
    1090           1 :                 wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown subtype=%d", subtype);
    1091           1 :                 res = eap_sim_client_error(data, id,
    1092             :                                            EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    1093           1 :                 break;
    1094             :         }
    1095             : 
    1096             : done:
    1097         131 :         if (data->state == FAILURE) {
    1098          39 :                 ret->decision = DECISION_FAIL;
    1099          39 :                 ret->methodState = METHOD_DONE;
    1100          92 :         } else if (data->state == SUCCESS) {
    1101          25 :                 ret->decision = data->use_result_ind ?
    1102             :                         DECISION_UNCOND_SUCC : DECISION_COND_SUCC;
    1103          25 :                 ret->methodState = data->use_result_ind ?
    1104             :                         METHOD_DONE : METHOD_MAY_CONT;
    1105          67 :         } else if (data->state == RESULT_SUCCESS)
    1106           2 :                 ret->methodState = METHOD_CONT;
    1107             : 
    1108         131 :         if (ret->methodState == METHOD_DONE) {
    1109          41 :                 ret->allowNotifications = FALSE;
    1110             :         }
    1111             : 
    1112         131 :         return res;
    1113             : }
    1114             : 
    1115             : 
    1116          26 : static Boolean eap_sim_has_reauth_data(struct eap_sm *sm, void *priv)
    1117             : {
    1118          26 :         struct eap_sim_data *data = priv;
    1119          26 :         return data->pseudonym || data->reauth_id;
    1120             : }
    1121             : 
    1122             : 
    1123          11 : static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
    1124             : {
    1125          11 :         struct eap_sim_data *data = priv;
    1126          11 :         eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
    1127          11 :         data->use_result_ind = 0;
    1128          11 :         eap_sim_clear_keys(data, 1);
    1129          11 : }
    1130             : 
    1131             : 
    1132           9 : static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
    1133             : {
    1134           9 :         struct eap_sim_data *data = priv;
    1135           9 :         if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
    1136           0 :                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
    1137             :                            "for NONCE_MT");
    1138           0 :                 os_free(data);
    1139           0 :                 return NULL;
    1140             :         }
    1141           9 :         data->num_id_req = 0;
    1142           9 :         data->num_notification = 0;
    1143           9 :         eap_sim_state(data, CONTINUE);
    1144           9 :         return priv;
    1145             : }
    1146             : 
    1147             : 
    1148           9 : static const u8 * eap_sim_get_identity(struct eap_sm *sm, void *priv,
    1149             :                                        size_t *len)
    1150             : {
    1151           9 :         struct eap_sim_data *data = priv;
    1152             : 
    1153           9 :         if (data->reauth_id) {
    1154           9 :                 *len = data->reauth_id_len;
    1155           9 :                 return data->reauth_id;
    1156             :         }
    1157             : 
    1158           0 :         if (data->pseudonym) {
    1159           0 :                 *len = data->pseudonym_len;
    1160           0 :                 return data->pseudonym;
    1161             :         }
    1162             : 
    1163           0 :         return NULL;
    1164             : }
    1165             : 
    1166             : 
    1167         131 : static Boolean eap_sim_isKeyAvailable(struct eap_sm *sm, void *priv)
    1168             : {
    1169         131 :         struct eap_sim_data *data = priv;
    1170         131 :         return data->state == SUCCESS;
    1171             : }
    1172             : 
    1173             : 
    1174          25 : static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
    1175             : {
    1176          25 :         struct eap_sim_data *data = priv;
    1177             :         u8 *key;
    1178             : 
    1179          25 :         if (data->state != SUCCESS)
    1180           0 :                 return NULL;
    1181             : 
    1182          25 :         key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
    1183          25 :         if (key == NULL)
    1184           0 :                 return NULL;
    1185             : 
    1186          25 :         *len = EAP_SIM_KEYING_DATA_LEN;
    1187          25 :         os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
    1188             : 
    1189          25 :         return key;
    1190             : }
    1191             : 
    1192             : 
    1193          25 : static u8 * eap_sim_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
    1194             : {
    1195          25 :         struct eap_sim_data *data = priv;
    1196             :         u8 *id;
    1197             : 
    1198          25 :         if (data->state != SUCCESS)
    1199           0 :                 return NULL;
    1200             : 
    1201          25 :         *len = 1 + data->num_chal * GSM_RAND_LEN + EAP_SIM_NONCE_MT_LEN;
    1202          25 :         id = os_malloc(*len);
    1203          25 :         if (id == NULL)
    1204           0 :                 return NULL;
    1205             : 
    1206          25 :         id[0] = EAP_TYPE_SIM;
    1207          25 :         os_memcpy(id + 1, data->rand, data->num_chal * GSM_RAND_LEN);
    1208          25 :         os_memcpy(id + 1 + data->num_chal * GSM_RAND_LEN, data->nonce_mt,
    1209             :                   EAP_SIM_NONCE_MT_LEN);
    1210          25 :         wpa_hexdump(MSG_DEBUG, "EAP-SIM: Derived Session-Id", id, *len);
    1211             : 
    1212          25 :         return id;
    1213             : }
    1214             : 
    1215             : 
    1216           1 : static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
    1217             : {
    1218           1 :         struct eap_sim_data *data = priv;
    1219             :         u8 *key;
    1220             : 
    1221           1 :         if (data->state != SUCCESS)
    1222           0 :                 return NULL;
    1223             : 
    1224           1 :         key = os_malloc(EAP_EMSK_LEN);
    1225           1 :         if (key == NULL)
    1226           0 :                 return NULL;
    1227             : 
    1228           1 :         *len = EAP_EMSK_LEN;
    1229           1 :         os_memcpy(key, data->emsk, EAP_EMSK_LEN);
    1230             : 
    1231           1 :         return key;
    1232             : }
    1233             : 
    1234             : 
    1235          30 : int eap_peer_sim_register(void)
    1236             : {
    1237             :         struct eap_method *eap;
    1238             :         int ret;
    1239             : 
    1240          30 :         eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
    1241             :                                     EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM");
    1242          30 :         if (eap == NULL)
    1243           0 :                 return -1;
    1244             : 
    1245          30 :         eap->init = eap_sim_init;
    1246          30 :         eap->deinit = eap_sim_deinit;
    1247          30 :         eap->process = eap_sim_process;
    1248          30 :         eap->isKeyAvailable = eap_sim_isKeyAvailable;
    1249          30 :         eap->getKey = eap_sim_getKey;
    1250          30 :         eap->getSessionId = eap_sim_get_session_id;
    1251          30 :         eap->has_reauth_data = eap_sim_has_reauth_data;
    1252          30 :         eap->deinit_for_reauth = eap_sim_deinit_for_reauth;
    1253          30 :         eap->init_for_reauth = eap_sim_init_for_reauth;
    1254          30 :         eap->get_identity = eap_sim_get_identity;
    1255          30 :         eap->get_emsk = eap_sim_get_emsk;
    1256             : 
    1257          30 :         ret = eap_peer_method_register(eap);
    1258          30 :         if (ret)
    1259           0 :                 eap_peer_method_free(eap);
    1260          30 :         return ret;
    1261             : }

Generated by: LCOV version 1.10