1 /*
2 * hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448)
3 * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/sha256.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "eap_common/eap_sim_common.h"
16 #include "eap_server/eap_i.h"
17 #include "eap_server/eap_sim_db.h"
18
19
20 struct eap_aka_data {
21 u8 mk[EAP_SIM_MK_LEN];
22 u8 nonce_s[EAP_SIM_NONCE_S_LEN];
23 u8 k_aut[EAP_AKA_PRIME_K_AUT_LEN];
24 u8 k_encr[EAP_SIM_K_ENCR_LEN];
25 u8 k_re[EAP_AKA_PRIME_K_RE_LEN]; /* EAP-AKA' only */
26 u8 msk[EAP_SIM_KEYING_DATA_LEN];
27 u8 emsk[EAP_EMSK_LEN];
28 u8 rand[EAP_AKA_RAND_LEN];
29 u8 autn[EAP_AKA_AUTN_LEN];
30 u8 ck[EAP_AKA_CK_LEN];
31 u8 ik[EAP_AKA_IK_LEN];
32 u8 res[EAP_AKA_RES_MAX_LEN];
33 size_t res_len;
34 enum {
35 IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE
36 } state;
37 char *next_pseudonym;
38 char *next_reauth_id;
39 u16 counter;
40 struct eap_sim_reauth *reauth;
41 int auts_reported; /* whether the current AUTS has been reported to the
42 * eap_sim_db */
43 u16 notification;
44 int use_result_ind;
45
46 struct wpabuf *id_msgs;
47 int pending_id;
48 u8 eap_method;
49 u8 *network_name;
50 size_t network_name_len;
51 u16 kdf;
52 int identity_round;
53 char permanent[20]; /* Permanent username */
54 };
55
56
57 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data);
58
59
eap_aka_state_txt(int state)60 static const char * eap_aka_state_txt(int state)
61 {
62 switch (state) {
63 case IDENTITY:
64 return "IDENTITY";
65 case CHALLENGE:
66 return "CHALLENGE";
67 case REAUTH:
68 return "REAUTH";
69 case SUCCESS:
70 return "SUCCESS";
71 case FAILURE:
72 return "FAILURE";
73 case NOTIFICATION:
74 return "NOTIFICATION";
75 default:
76 return "Unknown?!";
77 }
78 }
79
80
eap_aka_state(struct eap_aka_data * data,int state)81 static void eap_aka_state(struct eap_aka_data *data, int state)
82 {
83 wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s",
84 eap_aka_state_txt(data->state),
85 eap_aka_state_txt(state));
86 data->state = state;
87 }
88
89
eap_aka_check_identity_reauth(struct eap_sm * sm,struct eap_aka_data * data,const char * username)90 static int eap_aka_check_identity_reauth(struct eap_sm *sm,
91 struct eap_aka_data *data,
92 const char *username)
93 {
94 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
95 username[0] != EAP_AKA_PRIME_REAUTH_ID_PREFIX)
96 return 0;
97 if (data->eap_method == EAP_TYPE_AKA &&
98 username[0] != EAP_AKA_REAUTH_ID_PREFIX)
99 return 0;
100
101 wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username);
102 data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
103 username);
104 if (data->reauth == NULL) {
105 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
106 "request full auth identity");
107 /* Remain in IDENTITY state for another round */
108 return 0;
109 }
110
111 wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast re-authentication");
112 os_strlcpy(data->permanent, data->reauth->permanent,
113 sizeof(data->permanent));
114 data->counter = data->reauth->counter;
115 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
116 os_memcpy(data->k_encr, data->reauth->k_encr,
117 EAP_SIM_K_ENCR_LEN);
118 os_memcpy(data->k_aut, data->reauth->k_aut,
119 EAP_AKA_PRIME_K_AUT_LEN);
120 os_memcpy(data->k_re, data->reauth->k_re,
121 EAP_AKA_PRIME_K_RE_LEN);
122 } else {
123 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
124 }
125
126 eap_aka_state(data, REAUTH);
127 return 1;
128 }
129
130
eap_aka_check_identity(struct eap_sm * sm,struct eap_aka_data * data)131 static void eap_aka_check_identity(struct eap_sm *sm,
132 struct eap_aka_data *data)
133 {
134 char *username;
135
136 /* Check if we already know the identity from EAP-Response/Identity */
137
138 username = sim_get_username(sm->identity, sm->identity_len);
139 if (username == NULL)
140 return;
141
142 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
143 os_free(username);
144 /*
145 * Since re-auth username was recognized, skip AKA/Identity
146 * exchange.
147 */
148 return;
149 }
150
151 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
152 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
153 (data->eap_method == EAP_TYPE_AKA &&
154 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
155 const char *permanent;
156 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
157 username);
158 permanent = eap_sim_db_get_permanent(
159 sm->eap_sim_db_priv, username);
160 if (permanent == NULL) {
161 os_free(username);
162 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
163 "identity - request permanent identity");
164 /* Remain in IDENTITY state for another round */
165 return;
166 }
167 os_strlcpy(data->permanent, permanent,
168 sizeof(data->permanent));
169 /*
170 * Since pseudonym username was recognized, skip AKA/Identity
171 * exchange.
172 */
173 eap_aka_fullauth(sm, data);
174 }
175
176 os_free(username);
177 }
178
179
eap_aka_init(struct eap_sm * sm)180 static void * eap_aka_init(struct eap_sm *sm)
181 {
182 struct eap_aka_data *data;
183
184 if (sm->eap_sim_db_priv == NULL) {
185 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
186 return NULL;
187 }
188
189 data = os_zalloc(sizeof(*data));
190 if (data == NULL)
191 return NULL;
192
193 data->eap_method = EAP_TYPE_AKA;
194
195 data->state = IDENTITY;
196 data->pending_id = -1;
197 eap_aka_check_identity(sm, data);
198
199 return data;
200 }
201
202
203 #ifdef EAP_SERVER_AKA_PRIME
eap_aka_prime_init(struct eap_sm * sm)204 static void * eap_aka_prime_init(struct eap_sm *sm)
205 {
206 struct eap_aka_data *data;
207 /* TODO: make ANID configurable; see 3GPP TS 24.302 */
208 char *network_name = "WLAN";
209
210 if (sm->eap_sim_db_priv == NULL) {
211 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
212 return NULL;
213 }
214
215 data = os_zalloc(sizeof(*data));
216 if (data == NULL)
217 return NULL;
218
219 data->eap_method = EAP_TYPE_AKA_PRIME;
220 data->network_name = (u8 *) os_strdup(network_name);
221 if (data->network_name == NULL) {
222 os_free(data);
223 return NULL;
224 }
225
226 data->network_name_len = os_strlen(network_name);
227
228 data->state = IDENTITY;
229 data->pending_id = -1;
230 eap_aka_check_identity(sm, data);
231
232 return data;
233 }
234 #endif /* EAP_SERVER_AKA_PRIME */
235
236
eap_aka_reset(struct eap_sm * sm,void * priv)237 static void eap_aka_reset(struct eap_sm *sm, void *priv)
238 {
239 struct eap_aka_data *data = priv;
240 os_free(data->next_pseudonym);
241 os_free(data->next_reauth_id);
242 wpabuf_free(data->id_msgs);
243 os_free(data->network_name);
244 bin_clear_free(data, sizeof(*data));
245 }
246
247
eap_aka_add_id_msg(struct eap_aka_data * data,const struct wpabuf * msg)248 static int eap_aka_add_id_msg(struct eap_aka_data *data,
249 const struct wpabuf *msg)
250 {
251 if (msg == NULL)
252 return -1;
253
254 if (data->id_msgs == NULL) {
255 data->id_msgs = wpabuf_dup(msg);
256 return data->id_msgs == NULL ? -1 : 0;
257 }
258
259 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
260 return -1;
261 wpabuf_put_buf(data->id_msgs, msg);
262
263 return 0;
264 }
265
266
eap_aka_add_checkcode(struct eap_aka_data * data,struct eap_sim_msg * msg)267 static void eap_aka_add_checkcode(struct eap_aka_data *data,
268 struct eap_sim_msg *msg)
269 {
270 const u8 *addr;
271 size_t len;
272 u8 hash[SHA256_MAC_LEN];
273
274 wpa_printf(MSG_DEBUG, " AT_CHECKCODE");
275
276 if (data->id_msgs == NULL) {
277 /*
278 * No EAP-AKA/Identity packets were exchanged - send empty
279 * checkcode.
280 */
281 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, NULL, 0);
282 return;
283 }
284
285 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
286 addr = wpabuf_head(data->id_msgs);
287 len = wpabuf_len(data->id_msgs);
288 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
289 if (data->eap_method == EAP_TYPE_AKA_PRIME)
290 sha256_vector(1, &addr, &len, hash);
291 else
292 sha1_vector(1, &addr, &len, hash);
293
294 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, hash,
295 data->eap_method == EAP_TYPE_AKA_PRIME ?
296 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN);
297 }
298
299
eap_aka_verify_checkcode(struct eap_aka_data * data,const u8 * checkcode,size_t checkcode_len)300 static int eap_aka_verify_checkcode(struct eap_aka_data *data,
301 const u8 *checkcode, size_t checkcode_len)
302 {
303 const u8 *addr;
304 size_t len;
305 u8 hash[SHA256_MAC_LEN];
306 size_t hash_len;
307
308 if (checkcode == NULL)
309 return -1;
310
311 if (data->id_msgs == NULL) {
312 if (checkcode_len != 0) {
313 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer "
314 "indicates that AKA/Identity messages were "
315 "used, but they were not");
316 return -1;
317 }
318 return 0;
319 }
320
321 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
322 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN;
323
324 if (checkcode_len != hash_len) {
325 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer indicates "
326 "that AKA/Identity message were not used, but they "
327 "were");
328 return -1;
329 }
330
331 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */
332 addr = wpabuf_head(data->id_msgs);
333 len = wpabuf_len(data->id_msgs);
334 if (data->eap_method == EAP_TYPE_AKA_PRIME)
335 sha256_vector(1, &addr, &len, hash);
336 else
337 sha1_vector(1, &addr, &len, hash);
338
339 if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
340 wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
341 return -1;
342 }
343
344 return 0;
345 }
346
347
eap_aka_build_identity(struct eap_sm * sm,struct eap_aka_data * data,u8 id)348 static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
349 struct eap_aka_data *data, u8 id)
350 {
351 struct eap_sim_msg *msg;
352 struct wpabuf *buf;
353
354 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity");
355 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
356 EAP_AKA_SUBTYPE_IDENTITY);
357 data->identity_round++;
358 if (data->identity_round == 1) {
359 /*
360 * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
361 * ignored and the AKA/Identity is used to request the
362 * identity.
363 */
364 wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
365 eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
366 } else if (data->identity_round > 3) {
367 /* Cannot use more than three rounds of Identity messages */
368 eap_sim_msg_free(msg);
369 return NULL;
370 } else if (sm->identity && sm->identity_len > 0 &&
371 (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
372 sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) {
373 /* Reauth id may have expired - try fullauth */
374 wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ");
375 eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0);
376 } else {
377 wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
378 eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
379 }
380 buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
381 if (eap_aka_add_id_msg(data, buf) < 0) {
382 wpabuf_free(buf);
383 return NULL;
384 }
385 data->pending_id = id;
386 return buf;
387 }
388
389
eap_aka_build_encr(struct eap_sm * sm,struct eap_aka_data * data,struct eap_sim_msg * msg,u16 counter,const u8 * nonce_s)390 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
391 struct eap_sim_msg *msg, u16 counter,
392 const u8 *nonce_s)
393 {
394 os_free(data->next_pseudonym);
395 if (nonce_s == NULL) {
396 data->next_pseudonym =
397 eap_sim_db_get_next_pseudonym(
398 sm->eap_sim_db_priv,
399 data->eap_method == EAP_TYPE_AKA_PRIME ?
400 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
401 } else {
402 /* Do not update pseudonym during re-authentication */
403 data->next_pseudonym = NULL;
404 }
405 os_free(data->next_reauth_id);
406 if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
407 data->next_reauth_id =
408 eap_sim_db_get_next_reauth_id(
409 sm->eap_sim_db_priv,
410 data->eap_method == EAP_TYPE_AKA_PRIME ?
411 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
412 } else {
413 wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication "
414 "count exceeded - force full authentication");
415 data->next_reauth_id = NULL;
416 }
417
418 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
419 counter == 0 && nonce_s == NULL)
420 return 0;
421
422 wpa_printf(MSG_DEBUG, " AT_IV");
423 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
424 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
425
426 if (counter > 0) {
427 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter);
428 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
429 }
430
431 if (nonce_s) {
432 wpa_printf(MSG_DEBUG, " *AT_NONCE_S");
433 eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s,
434 EAP_SIM_NONCE_S_LEN);
435 }
436
437 if (data->next_pseudonym) {
438 wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)",
439 data->next_pseudonym);
440 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM,
441 os_strlen(data->next_pseudonym),
442 (u8 *) data->next_pseudonym,
443 os_strlen(data->next_pseudonym));
444 }
445
446 if (data->next_reauth_id) {
447 wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)",
448 data->next_reauth_id);
449 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID,
450 os_strlen(data->next_reauth_id),
451 (u8 *) data->next_reauth_id,
452 os_strlen(data->next_reauth_id));
453 }
454
455 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
456 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
457 "AT_ENCR_DATA");
458 return -1;
459 }
460
461 return 0;
462 }
463
464
eap_aka_build_challenge(struct eap_sm * sm,struct eap_aka_data * data,u8 id)465 static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm,
466 struct eap_aka_data *data,
467 u8 id)
468 {
469 struct eap_sim_msg *msg;
470
471 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge");
472 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
473 EAP_AKA_SUBTYPE_CHALLENGE);
474 wpa_printf(MSG_DEBUG, " AT_RAND");
475 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN);
476 wpa_printf(MSG_DEBUG, " AT_AUTN");
477 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN);
478 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
479 if (data->kdf) {
480 /* Add the selected KDF into the beginning */
481 wpa_printf(MSG_DEBUG, " AT_KDF");
482 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf,
483 NULL, 0);
484 }
485 wpa_printf(MSG_DEBUG, " AT_KDF");
486 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, EAP_AKA_PRIME_KDF,
487 NULL, 0);
488 wpa_printf(MSG_DEBUG, " AT_KDF_INPUT");
489 eap_sim_msg_add(msg, EAP_SIM_AT_KDF_INPUT,
490 data->network_name_len,
491 data->network_name, data->network_name_len);
492 }
493
494 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) {
495 eap_sim_msg_free(msg);
496 return NULL;
497 }
498
499 eap_aka_add_checkcode(data, msg);
500
501 if (sm->eap_sim_aka_result_ind) {
502 wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
503 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
504 }
505
506 #ifdef EAP_SERVER_AKA_PRIME
507 if (data->eap_method == EAP_TYPE_AKA) {
508 u16 flags = 0;
509 int i;
510 int aka_prime_preferred = 0;
511
512 i = 0;
513 while (sm->user && i < EAP_MAX_METHODS &&
514 (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
515 sm->user->methods[i].method != EAP_TYPE_NONE)) {
516 if (sm->user->methods[i].vendor == EAP_VENDOR_IETF) {
517 if (sm->user->methods[i].method ==
518 EAP_TYPE_AKA)
519 break;
520 if (sm->user->methods[i].method ==
521 EAP_TYPE_AKA_PRIME) {
522 aka_prime_preferred = 1;
523 break;
524 }
525 }
526 i++;
527 }
528
529 if (aka_prime_preferred)
530 flags |= EAP_AKA_BIDDING_FLAG_D;
531 eap_sim_msg_add(msg, EAP_SIM_AT_BIDDING, flags, NULL, 0);
532 }
533 #endif /* EAP_SERVER_AKA_PRIME */
534
535 wpa_printf(MSG_DEBUG, " AT_MAC");
536 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
537 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
538 }
539
540
eap_aka_build_reauth(struct eap_sm * sm,struct eap_aka_data * data,u8 id)541 static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
542 struct eap_aka_data *data, u8 id)
543 {
544 struct eap_sim_msg *msg;
545
546 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication");
547
548 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
549 return NULL;
550 wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S",
551 data->nonce_s, EAP_SIM_NONCE_S_LEN);
552
553 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
554 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
555 sm->identity,
556 sm->identity_len,
557 data->nonce_s,
558 data->msk, data->emsk);
559 } else {
560 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
561 data->msk, data->emsk);
562 eap_sim_derive_keys_reauth(data->counter, sm->identity,
563 sm->identity_len, data->nonce_s,
564 data->mk, data->msk, data->emsk);
565 }
566
567 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
568 EAP_AKA_SUBTYPE_REAUTHENTICATION);
569
570 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
571 eap_sim_msg_free(msg);
572 return NULL;
573 }
574
575 eap_aka_add_checkcode(data, msg);
576
577 if (sm->eap_sim_aka_result_ind) {
578 wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
579 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
580 }
581
582 wpa_printf(MSG_DEBUG, " AT_MAC");
583 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
584 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
585 }
586
587
eap_aka_build_notification(struct eap_sm * sm,struct eap_aka_data * data,u8 id)588 static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm,
589 struct eap_aka_data *data,
590 u8 id)
591 {
592 struct eap_sim_msg *msg;
593
594 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification");
595 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
596 EAP_AKA_SUBTYPE_NOTIFICATION);
597 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
598 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
599 NULL, 0);
600 if (data->use_result_ind) {
601 if (data->reauth) {
602 wpa_printf(MSG_DEBUG, " AT_IV");
603 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
604 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
605 EAP_SIM_AT_ENCR_DATA);
606 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
607 data->counter);
608 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
609 NULL, 0);
610
611 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
612 EAP_SIM_AT_PADDING)) {
613 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to "
614 "encrypt AT_ENCR_DATA");
615 eap_sim_msg_free(msg);
616 return NULL;
617 }
618 }
619
620 wpa_printf(MSG_DEBUG, " AT_MAC");
621 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
622 }
623 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0);
624 }
625
626
eap_aka_buildReq(struct eap_sm * sm,void * priv,u8 id)627 static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id)
628 {
629 struct eap_aka_data *data = priv;
630
631 data->auts_reported = 0;
632 switch (data->state) {
633 case IDENTITY:
634 return eap_aka_build_identity(sm, data, id);
635 case CHALLENGE:
636 return eap_aka_build_challenge(sm, data, id);
637 case REAUTH:
638 return eap_aka_build_reauth(sm, data, id);
639 case NOTIFICATION:
640 return eap_aka_build_notification(sm, data, id);
641 default:
642 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
643 "buildReq", data->state);
644 break;
645 }
646 return NULL;
647 }
648
649
eap_aka_check(struct eap_sm * sm,void * priv,struct wpabuf * respData)650 static Boolean eap_aka_check(struct eap_sm *sm, void *priv,
651 struct wpabuf *respData)
652 {
653 struct eap_aka_data *data = priv;
654 const u8 *pos;
655 size_t len;
656
657 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
658 &len);
659 if (pos == NULL || len < 3) {
660 wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame");
661 return TRUE;
662 }
663
664 return FALSE;
665 }
666
667
eap_aka_subtype_ok(struct eap_aka_data * data,u8 subtype)668 static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
669 {
670 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR ||
671 subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT)
672 return FALSE;
673
674 switch (data->state) {
675 case IDENTITY:
676 if (subtype != EAP_AKA_SUBTYPE_IDENTITY) {
677 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
678 "subtype %d", subtype);
679 return TRUE;
680 }
681 break;
682 case CHALLENGE:
683 if (subtype != EAP_AKA_SUBTYPE_CHALLENGE &&
684 subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
685 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
686 "subtype %d", subtype);
687 return TRUE;
688 }
689 break;
690 case REAUTH:
691 if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) {
692 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
693 "subtype %d", subtype);
694 return TRUE;
695 }
696 break;
697 case NOTIFICATION:
698 if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) {
699 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
700 "subtype %d", subtype);
701 return TRUE;
702 }
703 break;
704 default:
705 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for "
706 "processing a response", data->state);
707 return TRUE;
708 }
709
710 return FALSE;
711 }
712
713
eap_aka_determine_identity(struct eap_sm * sm,struct eap_aka_data * data)714 static void eap_aka_determine_identity(struct eap_sm *sm,
715 struct eap_aka_data *data)
716 {
717 char *username;
718
719 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
720 sm->identity, sm->identity_len);
721
722 username = sim_get_username(sm->identity, sm->identity_len);
723 if (username == NULL) {
724 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
725 eap_aka_state(data, NOTIFICATION);
726 return;
727 }
728
729 if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
730 os_free(username);
731 return;
732 }
733
734 if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
735 username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
736 (data->eap_method == EAP_TYPE_AKA &&
737 username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
738 data->identity_round == 1) {
739 /* Remain in IDENTITY state for another round to request full
740 * auth identity since we did not recognize reauth id */
741 os_free(username);
742 return;
743 }
744
745 if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
746 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
747 (data->eap_method == EAP_TYPE_AKA &&
748 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
749 const char *permanent;
750 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
751 username);
752 permanent = eap_sim_db_get_permanent(
753 sm->eap_sim_db_priv, username);
754 os_free(username);
755 if (permanent == NULL) {
756 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
757 "identity - request permanent identity");
758 /* Remain in IDENTITY state for another round */
759 return;
760 }
761 os_strlcpy(data->permanent, permanent,
762 sizeof(data->permanent));
763 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
764 username[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) ||
765 (data->eap_method == EAP_TYPE_AKA &&
766 username[0] == EAP_AKA_PERMANENT_PREFIX)) {
767 wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent username '%s'",
768 username);
769 os_strlcpy(data->permanent, username, sizeof(data->permanent));
770 os_free(username);
771 } else {
772 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized username '%s'",
773 username);
774 os_free(username);
775 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
776 eap_aka_state(data, NOTIFICATION);
777 return;
778 }
779
780 eap_aka_fullauth(sm, data);
781 }
782
783
eap_aka_fullauth(struct eap_sm * sm,struct eap_aka_data * data)784 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
785 {
786 size_t identity_len;
787 int res;
788
789 res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
790 data->rand, data->autn, data->ik,
791 data->ck, data->res, &data->res_len, sm);
792 if (res == EAP_SIM_DB_PENDING) {
793 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
794 "not yet available - pending request");
795 sm->method_pending = METHOD_PENDING_WAIT;
796 return;
797 }
798
799 #ifdef EAP_SERVER_AKA_PRIME
800 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
801 /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
802 * needed 6-octet SQN ^AK for CK',IK' derivation */
803 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
804 data->autn,
805 data->network_name,
806 data->network_name_len);
807 }
808 #endif /* EAP_SERVER_AKA_PRIME */
809
810 data->reauth = NULL;
811 data->counter = 0; /* reset re-auth counter since this is full auth */
812
813 if (res != 0) {
814 wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA "
815 "authentication data for the peer");
816 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
817 eap_aka_state(data, NOTIFICATION);
818 return;
819 }
820 if (sm->method_pending == METHOD_PENDING_WAIT) {
821 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
822 "available - abort pending wait");
823 sm->method_pending = METHOD_PENDING_NONE;
824 }
825
826 identity_len = sm->identity_len;
827 while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
828 wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
829 "character from identity");
830 identity_len--;
831 }
832 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
833 sm->identity, identity_len);
834
835 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
836 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
837 data->ck, data->k_encr, data->k_aut,
838 data->k_re, data->msk, data->emsk);
839 } else {
840 eap_aka_derive_mk(sm->identity, identity_len, data->ik,
841 data->ck, data->mk);
842 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
843 data->msk, data->emsk);
844 }
845
846 eap_aka_state(data, CHALLENGE);
847 }
848
849
eap_aka_process_identity(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)850 static void eap_aka_process_identity(struct eap_sm *sm,
851 struct eap_aka_data *data,
852 struct wpabuf *respData,
853 struct eap_sim_attrs *attr)
854 {
855 u8 *new_identity;
856
857 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
858
859 if (attr->mac || attr->iv || attr->encr_data) {
860 wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
861 "received in EAP-Response/AKA-Identity");
862 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
863 eap_aka_state(data, NOTIFICATION);
864 return;
865 }
866
867 /*
868 * We always request identity with AKA/Identity, so the peer is
869 * required to have replied with one.
870 */
871 if (!attr->identity || attr->identity_len == 0) {
872 wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
873 "identity");
874 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
875 eap_aka_state(data, NOTIFICATION);
876 return;
877 }
878
879 new_identity = os_malloc(attr->identity_len);
880 if (new_identity == NULL) {
881 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
882 eap_aka_state(data, NOTIFICATION);
883 return;
884 }
885 os_free(sm->identity);
886 sm->identity = new_identity;
887 os_memcpy(sm->identity, attr->identity, attr->identity_len);
888 sm->identity_len = attr->identity_len;
889
890 eap_aka_determine_identity(sm, data);
891 if (eap_get_id(respData) == data->pending_id) {
892 data->pending_id = -1;
893 eap_aka_add_id_msg(data, respData);
894 }
895 }
896
897
eap_aka_verify_mac(struct eap_aka_data * data,const struct wpabuf * req,const u8 * mac,const u8 * extra,size_t extra_len)898 static int eap_aka_verify_mac(struct eap_aka_data *data,
899 const struct wpabuf *req,
900 const u8 *mac, const u8 *extra,
901 size_t extra_len)
902 {
903 if (data->eap_method == EAP_TYPE_AKA_PRIME)
904 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
905 extra_len);
906 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
907 }
908
909
eap_aka_process_challenge(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)910 static void eap_aka_process_challenge(struct eap_sm *sm,
911 struct eap_aka_data *data,
912 struct wpabuf *respData,
913 struct eap_sim_attrs *attr)
914 {
915 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge");
916
917 #ifdef EAP_SERVER_AKA_PRIME
918 #if 0
919 /* KDF negotiation; to be enabled only after more than one KDF is
920 * supported */
921 if (data->eap_method == EAP_TYPE_AKA_PRIME &&
922 attr->kdf_count == 1 && attr->mac == NULL) {
923 if (attr->kdf[0] != EAP_AKA_PRIME_KDF) {
924 wpa_printf(MSG_WARNING, "EAP-AKA': Peer selected "
925 "unknown KDF");
926 data->notification =
927 EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
928 eap_aka_state(data, NOTIFICATION);
929 return;
930 }
931
932 data->kdf = attr->kdf[0];
933
934 /* Allow negotiation to continue with the selected KDF by
935 * sending another Challenge message */
936 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
937 return;
938 }
939 #endif
940 #endif /* EAP_SERVER_AKA_PRIME */
941
942 if (attr->checkcode &&
943 eap_aka_verify_checkcode(data, attr->checkcode,
944 attr->checkcode_len)) {
945 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
946 "message");
947 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
948 eap_aka_state(data, NOTIFICATION);
949 return;
950 }
951 if (attr->mac == NULL ||
952 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
953 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
954 "did not include valid AT_MAC");
955 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
956 eap_aka_state(data, NOTIFICATION);
957 return;
958 }
959
960 /*
961 * AT_RES is padded, so verify that there is enough room for RES and
962 * that the RES length in bits matches with the expected RES.
963 */
964 if (attr->res == NULL || attr->res_len < data->res_len ||
965 attr->res_len_bits != data->res_len * 8 ||
966 os_memcmp_const(attr->res, data->res, data->res_len) != 0) {
967 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
968 "include valid AT_RES (attr len=%lu, res len=%lu "
969 "bits, expected %lu bits)",
970 (unsigned long) attr->res_len,
971 (unsigned long) attr->res_len_bits,
972 (unsigned long) data->res_len * 8);
973 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
974 eap_aka_state(data, NOTIFICATION);
975 return;
976 }
977
978 wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the "
979 "correct AT_MAC");
980 if (sm->eap_sim_aka_result_ind && attr->result_ind) {
981 data->use_result_ind = 1;
982 data->notification = EAP_SIM_SUCCESS;
983 eap_aka_state(data, NOTIFICATION);
984 } else
985 eap_aka_state(data, SUCCESS);
986
987 if (data->next_pseudonym) {
988 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
989 data->next_pseudonym);
990 data->next_pseudonym = NULL;
991 }
992 if (data->next_reauth_id) {
993 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
994 #ifdef EAP_SERVER_AKA_PRIME
995 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
996 data->permanent,
997 data->next_reauth_id,
998 data->counter + 1,
999 data->k_encr, data->k_aut,
1000 data->k_re);
1001 #endif /* EAP_SERVER_AKA_PRIME */
1002 } else {
1003 eap_sim_db_add_reauth(sm->eap_sim_db_priv,
1004 data->permanent,
1005 data->next_reauth_id,
1006 data->counter + 1,
1007 data->mk);
1008 }
1009 data->next_reauth_id = NULL;
1010 }
1011 }
1012
1013
eap_aka_process_sync_failure(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)1014 static void eap_aka_process_sync_failure(struct eap_sm *sm,
1015 struct eap_aka_data *data,
1016 struct wpabuf *respData,
1017 struct eap_sim_attrs *attr)
1018 {
1019 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure");
1020
1021 if (attr->auts == NULL) {
1022 wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure "
1023 "message did not include valid AT_AUTS");
1024 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1025 eap_aka_state(data, NOTIFICATION);
1026 return;
1027 }
1028
1029 /* Avoid re-reporting AUTS when processing pending EAP packet by
1030 * maintaining a local flag stating whether this AUTS has already been
1031 * reported. */
1032 if (!data->auts_reported &&
1033 eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent,
1034 attr->auts, data->rand)) {
1035 wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed");
1036 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1037 eap_aka_state(data, NOTIFICATION);
1038 return;
1039 }
1040 data->auts_reported = 1;
1041
1042 /* Remain in CHALLENGE state to re-try after resynchronization */
1043 eap_aka_fullauth(sm, data);
1044 }
1045
1046
eap_aka_process_reauth(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)1047 static void eap_aka_process_reauth(struct eap_sm *sm,
1048 struct eap_aka_data *data,
1049 struct wpabuf *respData,
1050 struct eap_sim_attrs *attr)
1051 {
1052 struct eap_sim_attrs eattr;
1053 u8 *decrypted = NULL;
1054
1055 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication");
1056
1057 if (attr->mac == NULL ||
1058 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
1059 EAP_SIM_NONCE_S_LEN)) {
1060 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
1061 "did not include valid AT_MAC");
1062 goto fail;
1063 }
1064
1065 if (attr->encr_data == NULL || attr->iv == NULL) {
1066 wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
1067 "message did not include encrypted data");
1068 goto fail;
1069 }
1070
1071 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1072 attr->encr_data_len, attr->iv, &eattr,
1073 0);
1074 if (decrypted == NULL) {
1075 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
1076 "data from reauthentication message");
1077 goto fail;
1078 }
1079
1080 if (eattr.counter != data->counter) {
1081 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
1082 "used incorrect counter %u, expected %u",
1083 eattr.counter, data->counter);
1084 goto fail;
1085 }
1086 os_free(decrypted);
1087 decrypted = NULL;
1088
1089 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes "
1090 "the correct AT_MAC");
1091
1092 if (eattr.counter_too_small) {
1093 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response "
1094 "included AT_COUNTER_TOO_SMALL - starting full "
1095 "authentication");
1096 eap_aka_fullauth(sm, data);
1097 return;
1098 }
1099
1100 if (sm->eap_sim_aka_result_ind && attr->result_ind) {
1101 data->use_result_ind = 1;
1102 data->notification = EAP_SIM_SUCCESS;
1103 eap_aka_state(data, NOTIFICATION);
1104 } else
1105 eap_aka_state(data, SUCCESS);
1106
1107 if (data->next_reauth_id) {
1108 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1109 #ifdef EAP_SERVER_AKA_PRIME
1110 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
1111 data->permanent,
1112 data->next_reauth_id,
1113 data->counter + 1,
1114 data->k_encr, data->k_aut,
1115 data->k_re);
1116 #endif /* EAP_SERVER_AKA_PRIME */
1117 } else {
1118 eap_sim_db_add_reauth(sm->eap_sim_db_priv,
1119 data->permanent,
1120 data->next_reauth_id,
1121 data->counter + 1,
1122 data->mk);
1123 }
1124 data->next_reauth_id = NULL;
1125 } else {
1126 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1127 data->reauth = NULL;
1128 }
1129
1130 return;
1131
1132 fail:
1133 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1134 eap_aka_state(data, NOTIFICATION);
1135 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
1136 data->reauth = NULL;
1137 os_free(decrypted);
1138 }
1139
1140
eap_aka_process_client_error(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)1141 static void eap_aka_process_client_error(struct eap_sm *sm,
1142 struct eap_aka_data *data,
1143 struct wpabuf *respData,
1144 struct eap_sim_attrs *attr)
1145 {
1146 wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d",
1147 attr->client_error_code);
1148 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1149 eap_aka_state(data, SUCCESS);
1150 else
1151 eap_aka_state(data, FAILURE);
1152 }
1153
1154
eap_aka_process_authentication_reject(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)1155 static void eap_aka_process_authentication_reject(
1156 struct eap_sm *sm, struct eap_aka_data *data,
1157 struct wpabuf *respData, struct eap_sim_attrs *attr)
1158 {
1159 wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication");
1160 eap_aka_state(data, FAILURE);
1161 }
1162
1163
eap_aka_process_notification(struct eap_sm * sm,struct eap_aka_data * data,struct wpabuf * respData,struct eap_sim_attrs * attr)1164 static void eap_aka_process_notification(struct eap_sm *sm,
1165 struct eap_aka_data *data,
1166 struct wpabuf *respData,
1167 struct eap_sim_attrs *attr)
1168 {
1169 wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification");
1170 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
1171 eap_aka_state(data, SUCCESS);
1172 else
1173 eap_aka_state(data, FAILURE);
1174 }
1175
1176
eap_aka_process(struct eap_sm * sm,void * priv,struct wpabuf * respData)1177 static void eap_aka_process(struct eap_sm *sm, void *priv,
1178 struct wpabuf *respData)
1179 {
1180 struct eap_aka_data *data = priv;
1181 const u8 *pos, *end;
1182 u8 subtype;
1183 size_t len;
1184 struct eap_sim_attrs attr;
1185
1186 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
1187 &len);
1188 if (pos == NULL || len < 3)
1189 return;
1190
1191 end = pos + len;
1192 subtype = *pos;
1193 pos += 3;
1194
1195 if (eap_aka_subtype_ok(data, subtype)) {
1196 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected "
1197 "EAP-AKA Subtype in EAP Response");
1198 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1199 eap_aka_state(data, NOTIFICATION);
1200 return;
1201 }
1202
1203 if (eap_sim_parse_attr(pos, end, &attr,
1204 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
1205 0)) {
1206 wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes");
1207 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
1208 eap_aka_state(data, NOTIFICATION);
1209 return;
1210 }
1211
1212 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) {
1213 eap_aka_process_client_error(sm, data, respData, &attr);
1214 return;
1215 }
1216
1217 if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) {
1218 eap_aka_process_authentication_reject(sm, data, respData,
1219 &attr);
1220 return;
1221 }
1222
1223 switch (data->state) {
1224 case IDENTITY:
1225 eap_aka_process_identity(sm, data, respData, &attr);
1226 break;
1227 case CHALLENGE:
1228 if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
1229 eap_aka_process_sync_failure(sm, data, respData,
1230 &attr);
1231 } else {
1232 eap_aka_process_challenge(sm, data, respData, &attr);
1233 }
1234 break;
1235 case REAUTH:
1236 eap_aka_process_reauth(sm, data, respData, &attr);
1237 break;
1238 case NOTIFICATION:
1239 eap_aka_process_notification(sm, data, respData, &attr);
1240 break;
1241 default:
1242 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
1243 "process", data->state);
1244 break;
1245 }
1246 }
1247
1248
eap_aka_isDone(struct eap_sm * sm,void * priv)1249 static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv)
1250 {
1251 struct eap_aka_data *data = priv;
1252 return data->state == SUCCESS || data->state == FAILURE;
1253 }
1254
1255
eap_aka_getKey(struct eap_sm * sm,void * priv,size_t * len)1256 static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len)
1257 {
1258 struct eap_aka_data *data = priv;
1259 u8 *key;
1260
1261 if (data->state != SUCCESS)
1262 return NULL;
1263
1264 key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
1265 if (key == NULL)
1266 return NULL;
1267 os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
1268 *len = EAP_SIM_KEYING_DATA_LEN;
1269 return key;
1270 }
1271
1272
eap_aka_get_emsk(struct eap_sm * sm,void * priv,size_t * len)1273 static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
1274 {
1275 struct eap_aka_data *data = priv;
1276 u8 *key;
1277
1278 if (data->state != SUCCESS)
1279 return NULL;
1280
1281 key = os_malloc(EAP_EMSK_LEN);
1282 if (key == NULL)
1283 return NULL;
1284 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
1285 *len = EAP_EMSK_LEN;
1286 return key;
1287 }
1288
1289
eap_aka_isSuccess(struct eap_sm * sm,void * priv)1290 static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv)
1291 {
1292 struct eap_aka_data *data = priv;
1293 return data->state == SUCCESS;
1294 }
1295
1296
eap_aka_get_session_id(struct eap_sm * sm,void * priv,size_t * len)1297 static u8 * eap_aka_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
1298 {
1299 struct eap_aka_data *data = priv;
1300 u8 *id;
1301
1302 if (data->state != SUCCESS)
1303 return NULL;
1304
1305 *len = 1 + EAP_AKA_RAND_LEN + EAP_AKA_AUTN_LEN;
1306 id = os_malloc(*len);
1307 if (id == NULL)
1308 return NULL;
1309
1310 id[0] = data->eap_method;
1311 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN);
1312 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, EAP_AKA_AUTN_LEN);
1313 wpa_hexdump(MSG_DEBUG, "EAP-AKA: Derived Session-Id", id, *len);
1314
1315 return id;
1316 }
1317
1318
eap_server_aka_register(void)1319 int eap_server_aka_register(void)
1320 {
1321 struct eap_method *eap;
1322
1323 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1324 EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA");
1325 if (eap == NULL)
1326 return -1;
1327
1328 eap->init = eap_aka_init;
1329 eap->reset = eap_aka_reset;
1330 eap->buildReq = eap_aka_buildReq;
1331 eap->check = eap_aka_check;
1332 eap->process = eap_aka_process;
1333 eap->isDone = eap_aka_isDone;
1334 eap->getKey = eap_aka_getKey;
1335 eap->isSuccess = eap_aka_isSuccess;
1336 eap->get_emsk = eap_aka_get_emsk;
1337 eap->getSessionId = eap_aka_get_session_id;
1338
1339 return eap_server_method_register(eap);
1340 }
1341
1342
1343 #ifdef EAP_SERVER_AKA_PRIME
eap_server_aka_prime_register(void)1344 int eap_server_aka_prime_register(void)
1345 {
1346 struct eap_method *eap;
1347
1348 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
1349 EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME,
1350 "AKA'");
1351 if (eap == NULL)
1352 return -1;
1353
1354 eap->init = eap_aka_prime_init;
1355 eap->reset = eap_aka_reset;
1356 eap->buildReq = eap_aka_buildReq;
1357 eap->check = eap_aka_check;
1358 eap->process = eap_aka_process;
1359 eap->isDone = eap_aka_isDone;
1360 eap->getKey = eap_aka_getKey;
1361 eap->isSuccess = eap_aka_isSuccess;
1362 eap->get_emsk = eap_aka_get_emsk;
1363 eap->getSessionId = eap_aka_get_session_id;
1364
1365 return eap_server_method_register(eap);
1366 }
1367 #endif /* EAP_SERVER_AKA_PRIME */
1368