search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import hostapd 0.5.8
[dragonfly.git] / contrib / hostapd-0.5.8 / eap_sim_common.c
blobdc8b2f6f4b10e511c3e39a3278fe4ec26a652dcc
1 /*
2 * EAP peer: EAP-SIM/AKA shared routines
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "eap_i.h"
19 #include "sha1.h"
20 #include "crypto.h"
21 #include "aes_wrap.h"
22 #include "eap_sim_common.h"
23
24
25 static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
26 {
27 return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
28 }
29
30
31 void eap_sim_derive_mk(const u8 *identity, size_t identity_len,
32 const u8 *nonce_mt, u16 selected_version,
33 const u8 *ver_list, size_t ver_list_len,
34 int num_chal, const u8 *kc, u8 *mk)
35 {
36 u8 sel_ver[2];
37 const unsigned char *addr[5];
38 size_t len[5];
39
40 addr[0] = identity;
41 len[0] = identity_len;
42 addr[1] = kc;
43 len[1] = num_chal * EAP_SIM_KC_LEN;
44 addr[2] = nonce_mt;
45 len[2] = EAP_SIM_NONCE_MT_LEN;
46 addr[3] = ver_list;
47 len[3] = ver_list_len;
48 addr[4] = sel_ver;
49 len[4] = 2;
50
51 WPA_PUT_BE16(sel_ver, selected_version);
52
53 /* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
54 sha1_vector(5, addr, len, mk);
55 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN);
56 }
57
58
59 void eap_aka_derive_mk(const u8 *identity, size_t identity_len,
60 const u8 *ik, const u8 *ck, u8 *mk)
61 {
62 const u8 *addr[3];
63 size_t len[3];
64
65 addr[0] = identity;
66 len[0] = identity_len;
67 addr[1] = ik;
68 len[1] = EAP_AKA_IK_LEN;
69 addr[2] = ck;
70 len[2] = EAP_AKA_CK_LEN;
71
72 /* MK = SHA1(Identity|IK|CK) */
73 sha1_vector(3, addr, len, mk);
74 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", ik, EAP_AKA_IK_LEN);
75 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", ck, EAP_AKA_CK_LEN);
76 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: MK", mk, EAP_SIM_MK_LEN);
77 }
78
79
80 int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, u8 *emsk)
81 {
82 u8 buf[EAP_SIM_K_ENCR_LEN + EAP_SIM_K_AUT_LEN +
83 EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN], *pos;
84 if (eap_sim_prf(mk, buf, sizeof(buf)) < 0) {
85 wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys");
86 return -1;
87 }
88 pos = buf;
89 os_memcpy(k_encr, pos, EAP_SIM_K_ENCR_LEN);
90 pos += EAP_SIM_K_ENCR_LEN;
91 os_memcpy(k_aut, pos, EAP_SIM_K_AUT_LEN);
92 pos += EAP_SIM_K_AUT_LEN;
93 os_memcpy(msk, pos, EAP_SIM_KEYING_DATA_LEN);
94 pos += EAP_SIM_KEYING_DATA_LEN;
95 os_memcpy(emsk, pos, EAP_EMSK_LEN);
96
97 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_encr",
98 k_encr, EAP_SIM_K_ENCR_LEN);
99 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_aut",
100 k_aut, EAP_SIM_K_AUT_LEN);
101 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: keying material (MSK)",
102 msk, EAP_SIM_KEYING_DATA_LEN);
103 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN);
104 os_memset(buf, 0, sizeof(buf));
105
106 return 0;
107 }
108
109
110 int eap_sim_derive_keys_reauth(u16 _counter,
111 const u8 *identity, size_t identity_len,
112 const u8 *nonce_s, const u8 *mk, u8 *msk,
113 u8 *emsk)
114 {
115 u8 xkey[SHA1_MAC_LEN];
116 u8 buf[EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN + 32];
117 u8 counter[2];
118 const u8 *addr[4];
119 size_t len[4];
120
121 addr[0] = identity;
122 len[0] = identity_len;
123 addr[1] = counter;
124 len[1] = 2;
125 addr[2] = nonce_s;
126 len[2] = EAP_SIM_NONCE_S_LEN;
127 addr[3] = mk;
128 len[3] = EAP_SIM_MK_LEN;
129
130 WPA_PUT_BE16(counter, _counter);
131
132 wpa_printf(MSG_DEBUG, "EAP-SIM: Deriving keying data from reauth");
133 wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity",
134 identity, identity_len);
135 wpa_hexdump(MSG_DEBUG, "EAP-SIM: counter", counter, 2);
136 wpa_hexdump(MSG_DEBUG, "EAP-SIM: NONCE_S", nonce_s,
137 EAP_SIM_NONCE_S_LEN);
138 wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN);
139
140 /* XKEY' = SHA1(Identity|counter|NONCE_S|MK) */
141 sha1_vector(4, addr, len, xkey);
142 wpa_hexdump(MSG_DEBUG, "EAP-SIM: XKEY'", xkey, SHA1_MAC_LEN);
143
144 if (eap_sim_prf(xkey, buf, sizeof(buf)) < 0) {
145 wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys");
146 return -1;
147 }
148 if (msk) {
149 os_memcpy(msk, buf, EAP_SIM_KEYING_DATA_LEN);
150 wpa_hexdump(MSG_DEBUG, "EAP-SIM: keying material (MSK)",
151 msk, EAP_SIM_KEYING_DATA_LEN);
152 }
153 if (emsk) {
154 os_memcpy(emsk, buf + EAP_SIM_KEYING_DATA_LEN, EAP_EMSK_LEN);
155 wpa_hexdump(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN);
156 }
157 os_memset(buf, 0, sizeof(buf));
158
159 return 0;
160 }
161
162
163 int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len,
164 const u8 *mac, const u8 *extra, size_t extra_len)
165 {
166 unsigned char hmac[SHA1_MAC_LEN];
167 const u8 *addr[2];
168 size_t len[2];
169 u8 *tmp;
170
171 if (mac == NULL || req_len < EAP_SIM_MAC_LEN || mac < req ||
172 mac > req + req_len - EAP_SIM_MAC_LEN)
173 return -1;
174
175 tmp = os_malloc(req_len);
176 if (tmp == NULL)
177 return -1;
178
179 addr[0] = tmp;
180 len[0] = req_len;
181 addr[1] = extra;
182 len[1] = extra_len;
183
184 /* HMAC-SHA1-128 */
185 os_memcpy(tmp, req, req_len);
186 os_memset(tmp + (mac - req), 0, EAP_SIM_MAC_LEN);
187 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - msg", tmp, req_len);
188 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - extra data",
189 extra, extra_len);
190 wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Verify MAC - K_aut",
191 k_aut, EAP_SIM_K_AUT_LEN);
192 hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac);
193 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC: MAC",
194 hmac, EAP_SIM_MAC_LEN);
195 os_free(tmp);
196
197 return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
198 }
199
200
201 void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac,
202 const u8 *extra, size_t extra_len)
203 {
204 unsigned char hmac[SHA1_MAC_LEN];
205 const u8 *addr[2];
206 size_t len[2];
207
208 addr[0] = msg;
209 len[0] = msg_len;
210 addr[1] = extra;
211 len[1] = extra_len;
212
213 /* HMAC-SHA1-128 */
214 os_memset(mac, 0, EAP_SIM_MAC_LEN);
215 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - msg", msg, msg_len);
216 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - extra data",
217 extra, extra_len);
218 wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Add MAC - K_aut",
219 k_aut, EAP_SIM_K_AUT_LEN);
220 hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac);
221 os_memcpy(mac, hmac, EAP_SIM_MAC_LEN);
222 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC: MAC",
223 mac, EAP_SIM_MAC_LEN);
224 }
225
226
227 int eap_sim_parse_attr(const u8 *start, const u8 *end,
228 struct eap_sim_attrs *attr, int aka, int encr)
229 {
230 const u8 *pos = start, *apos;
231 size_t alen, plen, i, list_len;
232
233 os_memset(attr, 0, sizeof(*attr));
234 attr->id_req = NO_ID_REQ;
235 attr->notification = -1;
236 attr->counter = -1;
237 attr->selected_version = -1;
238 attr->client_error_code = -1;
239
240 while (pos < end) {
241 if (pos + 2 > end) {
242 wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow(1)");
243 return -1;
244 }
245 wpa_printf(MSG_MSGDUMP, "EAP-SIM: Attribute: Type=%d Len=%d",
246 pos[0], pos[1] * 4);
247 if (pos + pos[1] * 4 > end) {
248 wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow "
249 "(pos=%p len=%d end=%p)",
250 pos, pos[1] * 4, end);
251 return -1;
252 }
253 apos = pos + 2;
254 alen = pos[1] * 4 - 2;
255 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Attribute data",
256 apos, alen);
257
258 switch (pos[0]) {
259 case EAP_SIM_AT_RAND:
260 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RAND");
261 apos += 2;
262 alen -= 2;
263 if ((!aka && (alen % GSM_RAND_LEN)) ||
264 (aka && alen != EAP_AKA_RAND_LEN)) {
265 wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RAND"
266 " (len %lu)",
267 (unsigned long) alen);
268 return -1;
269 }
270 attr->rand = apos;
271 attr->num_chal = alen / GSM_RAND_LEN;
272 break;
273 case EAP_SIM_AT_AUTN:
274 wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTN");
275 if (!aka) {
276 wpa_printf(MSG_DEBUG, "EAP-SIM: "
277 "Unexpected AT_AUTN");
278 return -1;
279 }
280 apos += 2;
281 alen -= 2;
282 if (alen != EAP_AKA_AUTN_LEN) {
283 wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTN"
284 " (len %lu)",
285 (unsigned long) alen);
286 return -1;
287 }
288 attr->autn = apos;
289 break;
290 case EAP_SIM_AT_PADDING:
291 if (!encr) {
292 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
293 "AT_PADDING");
294 return -1;
295 }
296 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_PADDING");
297 for (i = 2; i < alen; i++) {
298 if (apos[i] != 0) {
299 wpa_printf(MSG_INFO, "EAP-SIM: (encr) "
300 "AT_PADDING used a non-zero"
301 " padding byte");
302 wpa_hexdump(MSG_DEBUG, "EAP-SIM: "
303 "(encr) padding bytes",
304 apos + 2, alen - 2);
305 return -1;
306 }
307 }
308 break;
309 case EAP_SIM_AT_NONCE_MT:
310 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NONCE_MT");
311 if (alen != 2 + EAP_SIM_NONCE_MT_LEN) {
312 wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
313 "AT_NONCE_MT length");
314 return -1;
315 }
316 attr->nonce_mt = apos + 2;
317 break;
318 case EAP_SIM_AT_PERMANENT_ID_REQ:
319 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_PERMANENT_ID_REQ");
320 attr->id_req = PERMANENT_ID;
321 break;
322 case EAP_SIM_AT_MAC:
323 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_MAC");
324 if (alen != 2 + EAP_SIM_MAC_LEN) {
325 wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_MAC "
326 "length");
327 return -1;
328 }
329 attr->mac = apos + 2;
330 break;
331 case EAP_SIM_AT_NOTIFICATION:
332 if (alen != 2) {
333 wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
334 "AT_NOTIFICATION length %lu",
335 (unsigned long) alen);
336 return -1;
337 }
338 attr->notification = apos[0] * 256 + apos[1];
339 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NOTIFICATION %d",
340 attr->notification);
341 break;
342 case EAP_SIM_AT_ANY_ID_REQ:
343 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ANY_ID_REQ");
344 attr->id_req = ANY_ID;
345 break;
346 case EAP_SIM_AT_IDENTITY:
347 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
348 attr->identity = apos + 2;
349 attr->identity_len = alen - 2;
350 break;
351 case EAP_SIM_AT_VERSION_LIST:
352 if (aka) {
353 wpa_printf(MSG_DEBUG, "EAP-AKA: "
354 "Unexpected AT_VERSION_LIST");
355 return -1;
356 }
357 list_len = apos[0] * 256 + apos[1];
358 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_VERSION_LIST");
359 if (list_len < 2 || list_len > alen - 2) {
360 wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
361 "AT_VERSION_LIST (list_len=%lu "
362 "attr_len=%lu)",
363 (unsigned long) list_len,
364 (unsigned long) alen);
365 return -1;
366 }
367 attr->version_list = apos + 2;
368 attr->version_list_len = list_len;
369 break;
370 case EAP_SIM_AT_SELECTED_VERSION:
371 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION");
372 if (alen != 2) {
373 wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
374 "AT_SELECTED_VERSION length %lu",
375 (unsigned long) alen);
376 return -1;
377 }
378 attr->selected_version = apos[0] * 256 + apos[1];
379 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION "
380 "%d", attr->selected_version);
381 break;
382 case EAP_SIM_AT_FULLAUTH_ID_REQ:
383 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_FULLAUTH_ID_REQ");
384 attr->id_req = FULLAUTH_ID;
385 break;
386 case EAP_SIM_AT_COUNTER:
387 if (!encr) {
388 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
389 "AT_COUNTER");
390 return -1;
391 }
392 if (alen != 2) {
393 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
394 "AT_COUNTER (alen=%lu)",
395 (unsigned long) alen);
396 return -1;
397 }
398 attr->counter = apos[0] * 256 + apos[1];
399 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_COUNTER %d",
400 attr->counter);
401 break;
402 case EAP_SIM_AT_COUNTER_TOO_SMALL:
403 if (!encr) {
404 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
405 "AT_COUNTER_TOO_SMALL");
406 return -1;
407 }
408 if (alen != 2) {
409 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
410 "AT_COUNTER_TOO_SMALL (alen=%lu)",
411 (unsigned long) alen);
412 return -1;
413 }
414 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
415 "AT_COUNTER_TOO_SMALL");
416 attr->counter_too_small = 1;
417 break;
418 case EAP_SIM_AT_NONCE_S:
419 if (!encr) {
420 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
421 "AT_NONCE_S");
422 return -1;
423 }
424 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
425 "AT_NONCE_S");
426 if (alen != 2 + EAP_SIM_NONCE_S_LEN) {
427 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid "
428 "AT_NONCE_S (alen=%lu)",
429 (unsigned long) alen);
430 return -1;
431 }
432 attr->nonce_s = apos + 2;
433 break;
434 case EAP_SIM_AT_CLIENT_ERROR_CODE:
435 if (alen != 2) {
436 wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
437 "AT_CLIENT_ERROR_CODE length %lu",
438 (unsigned long) alen);
439 return -1;
440 }
441 attr->client_error_code = apos[0] * 256 + apos[1];
442 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_CLIENT_ERROR_CODE "
443 "%d", attr->client_error_code);
444 break;
445 case EAP_SIM_AT_IV:
446 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IV");
447 if (alen != 2 + EAP_SIM_MAC_LEN) {
448 wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_IV "
449 "length %lu", (unsigned long) alen);
450 return -1;
451 }
452 attr->iv = apos + 2;
453 break;
454 case EAP_SIM_AT_ENCR_DATA:
455 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ENCR_DATA");
456 attr->encr_data = apos + 2;
457 attr->encr_data_len = alen - 2;
458 if (attr->encr_data_len % 16) {
459 wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
460 "AT_ENCR_DATA length %lu",
461 (unsigned long)
462 attr->encr_data_len);
463 return -1;
464 }
465 break;
466 case EAP_SIM_AT_NEXT_PSEUDONYM:
467 if (!encr) {
468 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
469 "AT_NEXT_PSEUDONYM");
470 return -1;
471 }
472 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
473 "AT_NEXT_PSEUDONYM");
474 plen = apos[0] * 256 + apos[1];
475 if (plen > alen - 2) {
476 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid"
477 " AT_NEXT_PSEUDONYM (actual"
478 " len %lu, attr len %lu)",
479 (unsigned long) plen,
480 (unsigned long) alen);
481 return -1;
482 }
483 attr->next_pseudonym = pos + 4;
484 attr->next_pseudonym_len = plen;
485 break;
486 case EAP_SIM_AT_NEXT_REAUTH_ID:
487 if (!encr) {
488 wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted "
489 "AT_NEXT_REAUTH_ID");
490 return -1;
491 }
492 wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) "
493 "AT_NEXT_REAUTH_ID");
494 plen = apos[0] * 256 + apos[1];
495 if (plen > alen - 2) {
496 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid"
497 " AT_NEXT_REAUTH_ID (actual"
498 " len %lu, attr len %lu)",
499 (unsigned long) plen,
500 (unsigned long) alen);
501 return -1;
502 }
503 attr->next_reauth_id = pos + 4;
504 attr->next_reauth_id_len = plen;
505 break;
506 case EAP_SIM_AT_RES:
507 wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RES");
508 apos += 2;
509 alen -= 2;
510 if (!aka || alen < EAP_AKA_MIN_RES_LEN ||
511 alen > EAP_AKA_MAX_RES_LEN) {
512 wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RES "
513 "(len %lu)",
514 (unsigned long) alen);
515 return -1;
516 }
517 attr->res = apos;
518 attr->res_len = alen;
519 break;
520 case EAP_SIM_AT_AUTS:
521 wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTS");
522 if (!aka) {
523 wpa_printf(MSG_DEBUG, "EAP-SIM: "
524 "Unexpected AT_AUTS");
525 return -1;
526 }
527 if (alen != EAP_AKA_AUTS_LEN) {
528 wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTS"
529 " (len %lu)",
530 (unsigned long) alen);
531 return -1;
532 }
533 attr->auts = apos;
534 break;
535 default:
536 if (pos[0] < 128) {
537 wpa_printf(MSG_INFO, "EAP-SIM: Unrecognized "
538 "non-skippable attribute %d",
539 pos[0]);
540 return -1;
541 }
542
543 wpa_printf(MSG_DEBUG, "EAP-SIM: Unrecognized skippable"
544 " attribute %d ignored", pos[0]);
545 break;
546 }
547
548 pos += pos[1] * 4;
549 }
550
551 wpa_printf(MSG_DEBUG, "EAP-SIM: Attributes parsed successfully "
552 "(aka=%d encr=%d)", aka, encr);
553
554 return 0;
555 }
556
557
558 u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data,
559 size_t encr_data_len, const u8 *iv,
560 struct eap_sim_attrs *attr, int aka)
561 {
562 u8 *decrypted;
563
564 if (!iv) {
565 wpa_printf(MSG_INFO, "EAP-SIM: Encrypted data, but no IV");
566 return NULL;
567 }
568
569 decrypted = os_malloc(encr_data_len);
570 if (decrypted == NULL)
571 return NULL;
572 os_memcpy(decrypted, encr_data, encr_data_len);
573
574 aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len);
575 wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Decrypted AT_ENCR_DATA",
576 decrypted, encr_data_len);
577
578 if (eap_sim_parse_attr(decrypted, decrypted + encr_data_len, attr,
579 aka, 1)) {
580 wpa_printf(MSG_INFO, "EAP-SIM: (encr) Failed to parse "
581 "decrypted AT_ENCR_DATA");
582 os_free(decrypted);
583 return NULL;
584 }
585
586 return decrypted;
587 }
588
589
590 #define EAP_SIM_INIT_LEN 128
591
592 struct eap_sim_msg {
593 u8 *buf;
594 size_t buf_len, used;
595 size_t mac, iv, encr; /* index from buf */
596 };
597
598
599 struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype)
600 {
601 struct eap_sim_msg *msg;
602 struct eap_hdr *eap;
603 u8 *pos;
604
605 msg = os_zalloc(sizeof(*msg));
606 if (msg == NULL)
607 return NULL;
608
609 msg->buf = os_zalloc(EAP_SIM_INIT_LEN);
610 if (msg->buf == NULL) {
611 os_free(msg);
612 return NULL;
613 }
614 msg->buf_len = EAP_SIM_INIT_LEN;
615 eap = (struct eap_hdr *) msg->buf;
616 eap->code = code;
617 eap->identifier = id;
618 msg->used = sizeof(*eap);
619
620 pos = (u8 *) (eap + 1);
621 *pos++ = type;
622 *pos++ = subtype;
623 *pos++ = 0; /* Reserved */
624 *pos++ = 0; /* Reserved */
625 msg->used += 4;
626
627 return msg;
628 }
629
630
631 u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut,
632 const u8 *extra, size_t extra_len)
633 {
634 struct eap_hdr *eap;
635 u8 *buf;
636
637 if (msg == NULL)
638 return NULL;
639
640 eap = (struct eap_hdr *) msg->buf;
641 eap->length = host_to_be16(msg->used);
642
643 if (k_aut && msg->mac) {
644 eap_sim_add_mac(k_aut, msg->buf, msg->used,
645 msg->buf + msg->mac, extra, extra_len);
646 }
647
648 *len = msg->used;
649 buf = msg->buf;
650 os_free(msg);
651 return buf;
652 }
653
654
655 void eap_sim_msg_free(struct eap_sim_msg *msg)
656 {
657 if (msg) {
658 os_free(msg->buf);
659 os_free(msg);
660 }
661 }
662
663
664 static int eap_sim_msg_resize(struct eap_sim_msg *msg, size_t add_len)
665 {
666 if (msg->used + add_len > msg->buf_len) {
667 u8 *nbuf = os_realloc(msg->buf, msg->used + add_len);
668 if (nbuf == NULL)
669 return -1;
670 msg->buf = nbuf;
671 msg->buf_len = msg->used + add_len;
672 }
673 return 0;
674 }
675
676
677 u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr,
678 const u8 *data, size_t len)
679 {
680 int attr_len = 2 + len;
681 int pad_len;
682 u8 *start, *pos;
683
684 if (msg == NULL)
685 return NULL;
686
687 pad_len = (4 - attr_len % 4) % 4;
688 attr_len += pad_len;
689 if (eap_sim_msg_resize(msg, attr_len))
690 return NULL;
691 start = pos = msg->buf + msg->used;
692 *pos++ = attr;
693 *pos++ = attr_len / 4;
694 os_memcpy(pos, data, len);
695 if (pad_len) {
696 pos += len;
697 os_memset(pos, 0, pad_len);
698 }
699 msg->used += attr_len;
700 return start;
701 }
702
703
704 u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, u16 value,
705 const u8 *data, size_t len)
706 {
707 int attr_len = 4 + len;
708 int pad_len;
709 u8 *start, *pos;
710
711 if (msg == NULL)
712 return NULL;
713
714 pad_len = (4 - attr_len % 4) % 4;
715 attr_len += pad_len;
716 if (eap_sim_msg_resize(msg, attr_len))
717 return NULL;
718 start = pos = msg->buf + msg->used;
719 *pos++ = attr;
720 *pos++ = attr_len / 4;
721 WPA_PUT_BE16(pos, value);
722 pos += 2;
723 if (data)
724 os_memcpy(pos, data, len);
725 if (pad_len) {
726 pos += len;
727 os_memset(pos, 0, pad_len);
728 }
729 msg->used += attr_len;
730 return start;
731 }
732
733
734 u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr)
735 {
736 u8 *pos = eap_sim_msg_add(msg, attr, 0, NULL, EAP_SIM_MAC_LEN);
737 if (pos)
738 msg->mac = (pos - msg->buf) + 4;
739 return pos;
740 }
741
742
743 int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
744 u8 attr_encr)
745 {
746 u8 *pos = eap_sim_msg_add(msg, attr_iv, 0, NULL, EAP_SIM_IV_LEN);
747 if (pos == NULL)
748 return -1;
749 msg->iv = (pos - msg->buf) + 4;
750 if (hostapd_get_rand(msg->buf + msg->iv, EAP_SIM_IV_LEN)) {
751 msg->iv = 0;
752 return -1;
753 }
754
755 pos = eap_sim_msg_add(msg, attr_encr, 0, NULL, 0);
756 if (pos == NULL) {
757 msg->iv = 0;
758 return -1;
759 }
760 msg->encr = pos - msg->buf;
761
762 return 0;
763 }
764
765
766 int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, int attr_pad)
767 {
768 size_t encr_len;
769
770 if (msg == NULL || k_encr == NULL || msg->iv == 0 || msg->encr == 0)
771 return -1;
772
773 encr_len = msg->used - msg->encr - 4;
774 if (encr_len % 16) {
775 u8 *pos;
776 int pad_len = 16 - (encr_len % 16);
777 if (pad_len < 4) {
778 wpa_printf(MSG_WARNING, "EAP-SIM: "
779 "eap_sim_msg_add_encr_end - invalid pad_len"
780 " %d", pad_len);
781 return -1;
782 }
783 wpa_printf(MSG_DEBUG, " *AT_PADDING");
784 pos = eap_sim_msg_add(msg, attr_pad, 0, NULL, pad_len - 4);
785 if (pos == NULL)
786 return -1;
787 os_memset(pos + 4, 0, pad_len - 4);
788 encr_len += pad_len;
789 }
790 wpa_printf(MSG_DEBUG, " (AT_ENCR_DATA data len %lu)",
791 (unsigned long) encr_len);
792 msg->buf[msg->encr + 1] = encr_len / 4 + 1;
793 aes_128_cbc_encrypt(k_encr, msg->buf + msg->iv,
794 msg->buf + msg->encr + 4, encr_len);
795
796 return 0;
797 }
798
799
800 void eap_sim_report_notification(void *msg_ctx, int notification, int aka)
801 {
802 #ifndef CONFIG_NO_STDOUT_DEBUG
803 const char *type = aka ? "AKA" : "SIM";
804 #endif /* CONFIG_NO_STDOUT_DEBUG */
805
806 switch (notification) {
807 case EAP_SIM_GENERAL_FAILURE_AFTER_AUTH:
808 wpa_printf(MSG_WARNING, "EAP-%s: General failure "
809 "notification (after authentication)", type);
810 break;
811 case EAP_SIM_TEMPORARILY_DENIED:
812 wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: "
813 "User has been temporarily denied access to the "
814 "requested service", type);
815 break;
816 case EAP_SIM_NOT_SUBSCRIBED:
817 wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: "
818 "User has not subscribed to the requested service",
819 type);
820 break;
821 case EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH:
822 wpa_printf(MSG_WARNING, "EAP-%s: General failure "
823 "notification (before authentication)", type);
824 break;
825 case EAP_SIM_SUCCESS:
826 wpa_printf(MSG_INFO, "EAP-%s: Successful authentication "
827 "notification", type);
828 break;
829 default:
830 if (notification >= 32768) {
831 wpa_printf(MSG_INFO, "EAP-%s: Unrecognized "
832 "non-failure notification %d",
833 type, notification);
834 } else {
835 wpa_printf(MSG_WARNING, "EAP-%s: Unrecognized "
836 "failure notification %d",
837 type, notification);
838 }
839 }
840 }
DragonFly BSD