1 /* 2 * EAP peer: EAP-SIM/AKA shared routines 3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef EAP_SIM_COMMON_H 16 #define EAP_SIM_COMMON_H 17 18 #define EAP_SIM_NONCE_S_LEN 16 19 #define EAP_SIM_NONCE_MT_LEN 16 20 #define EAP_SIM_MAC_LEN 16 21 #define EAP_SIM_MK_LEN 20 22 #define EAP_SIM_K_AUT_LEN 16 23 #define EAP_SIM_K_ENCR_LEN 16 24 #define EAP_SIM_KEYING_DATA_LEN 64 25 #define EAP_SIM_IV_LEN 16 26 #define EAP_SIM_KC_LEN 8 27 #define EAP_SIM_SRES_LEN 4 28 29 #define GSM_RAND_LEN 16 30 31 #define EAP_SIM_VERSION 1 32 33 /* EAP-SIM Subtypes */ 34 #define EAP_SIM_SUBTYPE_START 10 35 #define EAP_SIM_SUBTYPE_CHALLENGE 11 36 #define EAP_SIM_SUBTYPE_NOTIFICATION 12 37 #define EAP_SIM_SUBTYPE_REAUTHENTICATION 13 38 #define EAP_SIM_SUBTYPE_CLIENT_ERROR 14 39 40 /* AT_CLIENT_ERROR_CODE error codes */ 41 #define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0 42 #define EAP_SIM_UNSUPPORTED_VERSION 1 43 #define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2 44 #define EAP_SIM_RAND_NOT_FRESH 3 45 46 #define EAP_SIM_MAX_FAST_REAUTHS 1000 47 48 #define EAP_SIM_MAX_CHAL 3 49 50 51 /* EAP-AKA Subtypes */ 52 #define EAP_AKA_SUBTYPE_CHALLENGE 1 53 #define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2 54 #define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4 55 #define EAP_AKA_SUBTYPE_IDENTITY 5 56 #define EAP_AKA_SUBTYPE_NOTIFICATION 12 57 #define EAP_AKA_SUBTYPE_REAUTHENTICATION 13 58 #define EAP_AKA_SUBTYPE_CLIENT_ERROR 14 59 60 /* AT_CLIENT_ERROR_CODE error codes */ 61 #define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0 62 63 #define EAP_AKA_RAND_LEN 16 64 #define EAP_AKA_AUTN_LEN 16 65 #define EAP_AKA_AUTS_LEN 14 66 #define EAP_AKA_RES_MAX_LEN 16 67 #define EAP_AKA_IK_LEN 16 68 #define EAP_AKA_CK_LEN 16 69 #define EAP_AKA_MAX_FAST_REAUTHS 1000 70 #define EAP_AKA_MIN_RES_LEN 4 71 #define EAP_AKA_MAX_RES_LEN 16 72 73 void eap_sim_derive_mk(const u8 *identity, size_t identity_len, 74 const u8 *nonce_mt, u16 selected_version, 75 const u8 *ver_list, size_t ver_list_len, 76 int num_chal, const u8 *kc, u8 *mk); 77 void eap_aka_derive_mk(const u8 *identity, size_t identity_len, 78 const u8 *ik, const u8 *ck, u8 *mk); 79 int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, 80 u8 *emsk); 81 int eap_sim_derive_keys_reauth(u16 _counter, 82 const u8 *identity, size_t identity_len, 83 const u8 *nonce_s, const u8 *mk, u8 *msk, 84 u8 *emsk); 85 int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len, 86 const u8 *mac, const u8 *extra, size_t extra_len); 87 void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac, 88 const u8 *extra, size_t extra_len); 89 90 91 /* EAP-SIM/AKA Attributes (0..127 non-skippable) */ 92 #define EAP_SIM_AT_RAND 1 93 #define EAP_SIM_AT_AUTN 2 /* only AKA */ 94 #define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */ 95 #define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */ 96 #define EAP_SIM_AT_PADDING 6 /* only encrypted */ 97 #define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */ 98 #define EAP_SIM_AT_PERMANENT_ID_REQ 10 99 #define EAP_SIM_AT_MAC 11 100 #define EAP_SIM_AT_NOTIFICATION 12 101 #define EAP_SIM_AT_ANY_ID_REQ 13 102 #define EAP_SIM_AT_IDENTITY 14 /* only send */ 103 #define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */ 104 #define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */ 105 #define EAP_SIM_AT_FULLAUTH_ID_REQ 17 106 #define EAP_SIM_AT_COUNTER 19 /* only encrypted */ 107 #define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */ 108 #define EAP_SIM_AT_NONCE_S 21 /* only encrypted */ 109 #define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */ 110 #define EAP_SIM_AT_IV 129 111 #define EAP_SIM_AT_ENCR_DATA 130 112 #define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */ 113 #define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */ 114 #define EAP_SIM_AT_CHECKCODE 134 /* only AKA */ 115 #define EAP_SIM_AT_RESULT_IND 135 116 117 /* AT_NOTIFICATION notification code values */ 118 #define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0 119 #define EAP_SIM_TEMPORARILY_DENIED 1026 120 #define EAP_SIM_NOT_SUBSCRIBED 1031 121 #define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384 122 #define EAP_SIM_SUCCESS 32768 123 124 125 enum eap_sim_id_req { 126 NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID 127 }; 128 129 130 struct eap_sim_attrs { 131 const u8 *rand, *autn, *mac, *iv, *encr_data, *version_list, *nonce_s; 132 const u8 *next_pseudonym, *next_reauth_id; 133 const u8 *nonce_mt, *identity, *res, *auts; 134 size_t num_chal, version_list_len, encr_data_len; 135 size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len; 136 enum eap_sim_id_req id_req; 137 int notification, counter, selected_version, client_error_code; 138 int counter_too_small; 139 }; 140 141 int eap_sim_parse_attr(const u8 *start, const u8 *end, 142 struct eap_sim_attrs *attr, int aka, int encr); 143 u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, 144 size_t encr_data_len, const u8 *iv, 145 struct eap_sim_attrs *attr, int aka); 146 147 148 struct eap_sim_msg; 149 150 struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype); 151 u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut, 152 const u8 *extra, size_t extra_len); 153 void eap_sim_msg_free(struct eap_sim_msg *msg); 154 u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr, 155 const u8 *data, size_t len); 156 u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, 157 u16 value, const u8 *data, size_t len); 158 u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr); 159 int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv, 160 u8 attr_encr); 161 int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, 162 int attr_pad); 163 164 void eap_sim_report_notification(void *msg_ctx, int notification, int aka); 165 166 #endif /* EAP_SIM_COMMON_H */ 167