search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Re-enable hardware UDP/TCP checksum calculation with pseudo header on
[dragonfly/port-amd64.git] / contrib / wpa_supplicant-0.4.9 / pcsc_funcs.c
blobb881abc607f81cf5430fa353d4799a44b2bec509
1 /*
2 * WPA Supplicant / PC/SC smartcard interface for USIM, GSM SIM
3 * Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements wrapper functions for accessing GSM SIM and 3GPP USIM
15 * cards through PC/SC smartcard library. These functions are used to implement
16 * authentication routines for EAP-SIM and EAP-AKA.
17 */
18
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include <winscard.h>
23
24 #include "common.h"
25 #include "wpa_supplicant.h"
26 #include "pcsc_funcs.h"
27
28
29 /* See ETSI GSM 11.11 and ETSI TS 102 221 for details.
30 * SIM commands:
31 * Command APDU: CLA INS P1 P2 P3 Data
32 * CLA (class of instruction): A0 for GSM, 00 for USIM
33 * INS (instruction)
34 * P1 P2 P3 (parameters, P3 = length of Data)
35 * Response APDU: Data SW1 SW2
36 * SW1 SW2 (Status words)
37 * Commands (INS P1 P2 P3):
38 * SELECT: A4 00 00 02 <file_id, 2 bytes>
39 * GET RESPONSE: C0 00 00 <len>
40 * RUN GSM ALG: 88 00 00 00 <RAND len = 10>
41 * RUN UMTS ALG: 88 00 81 <len=0x22> data: 0x10 | RAND | 0x10 | AUTN
42 * P1 = ID of alg in card
43 * P2 = ID of secret key
44 * READ BINARY: B0 <offset high> <offset low> <len>
45 * VERIFY CHV: 20 00 <CHV number> 08
46 * CHANGE CHV: 24 00 <CHV number> 10
47 * DISABLE CHV: 26 00 01 08
48 * ENABLE CHV: 28 00 01 08
49 * UNBLOCK CHV: 2C 00 <00=CHV1, 02=CHV2> 10
50 * SLEEP: FA 00 00 00
51 */
52
53 /* GSM SIM commands */
54 #define SIM_CMD_SELECT 0xa0, 0xa4, 0x00, 0x00, 0x02
55 #define SIM_CMD_RUN_GSM_ALG 0xa0, 0x88, 0x00, 0x00, 0x10
56 #define SIM_CMD_GET_RESPONSE 0xa0, 0xc0, 0x00, 0x00
57 #define SIM_CMD_READ_BIN 0xa0, 0xb0, 0x00, 0x00
58 #define SIM_CMD_VERIFY_CHV1 0xa0, 0x20, 0x00, 0x01, 0x08
59
60 /* USIM commands */
61 #define USIM_CLA 0x00
62 #define USIM_CMD_RUN_UMTS_ALG 0x00, 0x88, 0x00, 0x81, 0x22
63 #define USIM_CMD_GET_RESPONSE 0x00, 0xc0, 0x00, 0x00
64
65 #define USIM_FSP_TEMPL_TAG 0x62
66
67 #define USIM_TLV_FILE_DESC 0x82
68 #define USIM_TLV_FILE_ID 0x83
69 #define USIM_TLV_DF_NAME 0x84
70 #define USIM_TLV_PROPR_INFO 0xA5
71 #define USIM_TLV_LIFE_CYCLE_STATUS 0x8A
72 #define USIM_TLV_FILE_SIZE 0x80
73 #define USIM_TLV_TOTAL_FILE_SIZE 0x81
74 #define USIM_TLV_PIN_STATUS_TEMPLATE 0xC6
75 #define USIM_TLV_SHORT_FILE_ID 0x88
76
77 #define USIM_PS_DO_TAG 0x90
78
79 #define AKA_RAND_LEN 16
80 #define AKA_AUTN_LEN 16
81 #define AKA_AUTS_LEN 14
82 #define RES_MAX_LEN 16
83 #define IK_LEN 16
84 #define CK_LEN 16
85
86
87 typedef enum { SCARD_GSM_SIM, SCARD_USIM } sim_types;
88
89 struct scard_data {
90 long ctx;
91 long card;
92 unsigned long protocol;
93 sim_types sim_type;
94 int pin1_required;
95 };
96
97
98 static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
99 unsigned char *buf, size_t *buf_len,
100 sim_types sim_type, unsigned char *aid);
101 static int scard_select_file(struct scard_data *scard, unsigned short file_id,
102 unsigned char *buf, size_t *buf_len);
103 static int scard_verify_pin(struct scard_data *scard, const char *pin);
104
105
106 static int scard_parse_fsp_templ(unsigned char *buf, size_t buf_len,
107 int *ps_do, int *file_len)
108 {
109 unsigned char *pos, *end;
110
111 if (ps_do)
112 *ps_do = -1;
113 if (file_len)
114 *file_len = -1;
115
116 pos = buf;
117 end = pos + buf_len;
118 if (*pos != USIM_FSP_TEMPL_TAG) {
119 wpa_printf(MSG_DEBUG, "SCARD: file header did not "
120 "start with FSP template tag");
121 return -1;
122 }
123 pos++;
124 if (pos >= end)
125 return -1;
126 if ((pos + pos[0]) < end)
127 end = pos + 1 + pos[0];
128 pos++;
129 wpa_hexdump(MSG_DEBUG, "SCARD: file header FSP template",
130 pos, end - pos);
131
132 while (pos + 1 < end) {
133 wpa_printf(MSG_MSGDUMP, "SCARD: file header TLV "
134 "0x%02x len=%d", pos[0], pos[1]);
135 if (pos + 2 + pos[1] > end)
136 break;
137
138 if (pos[0] == USIM_TLV_FILE_SIZE &&
139 (pos[1] == 1 || pos[1] == 2) && file_len) {
140 if (pos[1] == 1)
141 *file_len = (int) pos[2];
142 else
143 *file_len = ((int) pos[2] << 8) |
144 (int) pos[3];
145 wpa_printf(MSG_DEBUG, "SCARD: file_size=%d",
146 *file_len);
147 }
148
149 if (pos[0] == USIM_TLV_PIN_STATUS_TEMPLATE &&
150 pos[1] >= 2 && pos[2] == USIM_PS_DO_TAG &&
151 pos[3] >= 1 && ps_do) {
152 wpa_printf(MSG_DEBUG, "SCARD: PS_DO=0x%02x",
153 pos[4]);
154 *ps_do = (int) pos[4];
155 }
156
157 pos += 2 + pos[1];
158
159 if (pos == end)
160 return 0;
161 }
162 return -1;
163 }
164
165
166 static int scard_pin_needed(struct scard_data *scard,
167 unsigned char *hdr, size_t hlen)
168 {
169 if (scard->sim_type == SCARD_GSM_SIM) {
170 if (hlen > SCARD_CHV1_OFFSET &&
171 !(hdr[SCARD_CHV1_OFFSET] & SCARD_CHV1_FLAG))
172 return 1;
173 return 0;
174 }
175
176 if (scard->sim_type == SCARD_USIM) {
177 int ps_do;
178 if (scard_parse_fsp_templ(hdr, hlen, &ps_do, NULL))
179 return -1;
180 /* TODO: there could be more than one PS_DO entry because of
181 * multiple PINs in key reference.. */
182 if (ps_do)
183 return 1;
184 }
185
186 return -1;
187 }
188
189
190 /**
191 * scard_init - Initialize SIM/USIM connection using PC/SC
192 * @sim_type: Allowed SIM types (SIM, USIM, or both)
193 * Returns: Pointer to private data structure, or %NULL on failure
194 *
195 * This function is used to initialize SIM/USIM connection. PC/SC is used to
196 * open connection to the SIM/USIM card and the card is verified to support the
197 * selected sim_type. In addition, local flag is set if a PIN is needed to
198 * access some of the card functions. Once the connection is not needed
199 * anymore, scard_deinit() can be used to close it.
200 */
201 struct scard_data * scard_init(scard_sim_type sim_type)
202 {
203 long ret, len;
204 struct scard_data *scard;
205 char *readers = NULL;
206 char buf[100];
207 size_t blen;
208
209 wpa_printf(MSG_DEBUG, "SCARD: initializing smart card interface");
210 scard = malloc(sizeof(*scard));
211 if (scard == NULL)
212 return NULL;
213 memset(scard, 0, sizeof(*scard));
214
215 ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL,
216 &scard->ctx);
217 if (ret != SCARD_S_SUCCESS) {
218 wpa_printf(MSG_DEBUG, "SCARD: Could not establish smart card "
219 "context (err=%ld)", ret);
220 goto failed;
221 }
222
223 ret = SCardListReaders(scard->ctx, NULL, NULL, &len);
224 if (ret != SCARD_S_SUCCESS) {
225 wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed "
226 "(err=%ld)", ret);
227 goto failed;
228 }
229
230 readers = malloc(len);
231 if (readers == NULL) {
232 printf("malloc failed\n");
233 goto failed;
234 }
235
236 ret = SCardListReaders(scard->ctx, NULL, readers, &len);
237 if (ret != SCARD_S_SUCCESS) {
238 wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed(2) "
239 "(err=%ld)", ret);
240 goto failed;
241 }
242 if (len < 3) {
243 wpa_printf(MSG_WARNING, "SCARD: No smart card readers "
244 "available.");
245 goto failed;
246 }
247 /* readers is a list of available reader. Last entry is terminated with
248 * double NUL.
249 * TODO: add support for selecting the reader; now just use the first
250 * one.. */
251 wpa_printf(MSG_DEBUG, "SCARD: Selected reader='%s'", readers);
252
253 ret = SCardConnect(scard->ctx, readers, SCARD_SHARE_SHARED,
254 SCARD_PROTOCOL_T0, &scard->card, &scard->protocol);
255 if (ret != SCARD_S_SUCCESS) {
256 if (ret == SCARD_E_NO_SMARTCARD)
257 wpa_printf(MSG_INFO, "No smart card inserted.");
258 else
259 wpa_printf(MSG_WARNING, "SCardConnect err=%lx", ret);
260 goto failed;
261 }
262
263 free(readers);
264 readers = NULL;
265
266 wpa_printf(MSG_DEBUG, "SCARD: card=%ld active_protocol=%lu",
267 scard->card, scard->protocol);
268
269 blen = sizeof(buf);
270
271 scard->sim_type = SCARD_GSM_SIM;
272 if (sim_type == SCARD_USIM_ONLY || sim_type == SCARD_TRY_BOTH) {
273 wpa_printf(MSG_DEBUG, "SCARD: verifying USIM support");
274 if (_scard_select_file(scard, SCARD_FILE_MF, buf, &blen,
275 SCARD_USIM, NULL)) {
276 wpa_printf(MSG_DEBUG, "SCARD: USIM is not supported");
277 if (sim_type == SCARD_USIM_ONLY)
278 goto failed;
279 wpa_printf(MSG_DEBUG, "SCARD: Trying to use GSM SIM");
280 scard->sim_type = SCARD_GSM_SIM;
281 } else {
282 wpa_printf(MSG_DEBUG, "SCARD: USIM is supported");
283 scard->sim_type = SCARD_USIM;
284 }
285 }
286
287 if (scard->sim_type == SCARD_GSM_SIM) {
288 blen = sizeof(buf);
289 if (scard_select_file(scard, SCARD_FILE_MF, buf, &blen)) {
290 wpa_printf(MSG_DEBUG, "SCARD: Failed to read MF");
291 goto failed;
292 }
293
294 blen = sizeof(buf);
295 if (scard_select_file(scard, SCARD_FILE_GSM_DF, buf, &blen)) {
296 wpa_printf(MSG_DEBUG, "SCARD: Failed to read GSM DF");
297 goto failed;
298 }
299 } else {
300 /* Select based on AID = 3G RID */
301 blen = sizeof(buf);
302 if (_scard_select_file(scard, 0, buf, &blen, scard->sim_type,
303 "\xA0\x00\x00\x00\x87")) {
304 wpa_printf(MSG_DEBUG, "SCARD: Failed to read 3G RID "
305 "AID");
306 goto failed;
307 }
308 }
309
310 /* Verify whether CHV1 (PIN1) is needed to access the card. */
311 if (scard_pin_needed(scard, buf, blen)) {
312 scard->pin1_required = 1;
313 wpa_printf(MSG_DEBUG, "PIN1 needed for SIM access");
314 }
315
316 return scard;
317
318 failed:
319 free(readers);
320 scard_deinit(scard);
321 return NULL;
322 }
323
324
325 /**
326 * scard_set_pin - Set PIN (CHV1/PIN1) code for accessing SIM/USIM commands
327 * @scard: Pointer to private data from scard_init()
328 * pin: PIN code as an ASCII string (e.g., "1234")
329 * Returns: 0 on success, -1 on failure
330 */
331 int scard_set_pin(struct scard_data *scard, const char *pin)
332 {
333 if (scard == NULL)
334 return -1;
335
336 /* Verify whether CHV1 (PIN1) is needed to access the card. */
337 if (scard->pin1_required) {
338 if (pin == NULL) {
339 wpa_printf(MSG_DEBUG, "No PIN configured for SIM "
340 "access");
341 return -1;
342 }
343 if (scard_verify_pin(scard, pin)) {
344 wpa_printf(MSG_INFO, "PIN verification failed for "
345 "SIM access");
346 return -1;
347 }
348 }
349
350 return 0;
351 }
352
353
354 /**
355 * scard_deinit - Deinitialize SIM/USIM connection
356 * @scard: Pointer to private data from scard_init()
357 *
358 * This function closes the SIM/USIM connect opened with scard_init().
359 */
360 void scard_deinit(struct scard_data *scard)
361 {
362 long ret;
363
364 if (scard == NULL)
365 return;
366
367 wpa_printf(MSG_DEBUG, "SCARD: deinitializing smart card interface");
368 if (scard->card) {
369 ret = SCardDisconnect(scard->card, SCARD_UNPOWER_CARD);
370 if (ret != SCARD_S_SUCCESS) {
371 wpa_printf(MSG_DEBUG, "SCARD: Failed to disconnect "
372 "smart card (err=%ld)", ret);
373 }
374 }
375
376 if (scard->ctx) {
377 ret = SCardReleaseContext(scard->ctx);
378 if (ret != SCARD_S_SUCCESS) {
379 wpa_printf(MSG_DEBUG, "Failed to release smart card "
380 "context (err=%ld)", ret);
381 }
382 }
383 free(scard);
384 }
385
386
387 static long scard_transmit(struct scard_data *scard,
388 unsigned char *send, size_t send_len,
389 unsigned char *recv, size_t *recv_len)
390 {
391 long ret;
392 unsigned long rlen;
393
394 wpa_hexdump_key(MSG_DEBUG, "SCARD: scard_transmit: send",
395 send, send_len);
396 rlen = *recv_len;
397 ret = SCardTransmit(scard->card,
398 scard->protocol == SCARD_PROTOCOL_T1 ?
399 SCARD_PCI_T1 : SCARD_PCI_T0,
400 send, (unsigned long) send_len,
401 NULL, recv, &rlen);
402 *recv_len = rlen;
403 if (ret == SCARD_S_SUCCESS) {
404 wpa_hexdump(MSG_DEBUG, "SCARD: scard_transmit: recv",
405 recv, rlen);
406 } else {
407 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
408 "(err=0x%lx)", ret);
409 }
410 return ret;
411 }
412
413
414 static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
415 unsigned char *buf, size_t *buf_len,
416 sim_types sim_type, unsigned char *aid)
417 {
418 long ret;
419 unsigned char resp[3];
420 unsigned char cmd[10] = { SIM_CMD_SELECT };
421 int cmdlen;
422 unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
423 size_t len, rlen;
424
425 if (sim_type == SCARD_USIM) {
426 cmd[0] = USIM_CLA;
427 cmd[3] = 0x04;
428 get_resp[0] = USIM_CLA;
429 }
430
431 wpa_printf(MSG_DEBUG, "SCARD: select file %04x", file_id);
432 if (aid) {
433 cmd[2] = 0x04; /* Select by AID */
434 cmd[4] = 5; /* len */
435 memcpy(cmd + 5, aid, 5);
436 cmdlen = 10;
437 } else {
438 cmd[5] = file_id >> 8;
439 cmd[6] = file_id & 0xff;
440 cmdlen = 7;
441 }
442 len = sizeof(resp);
443 ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
444 if (ret != SCARD_S_SUCCESS) {
445 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
446 "(err=0x%lx)", ret);
447 return -1;
448 }
449
450 if (len != 2) {
451 wpa_printf(MSG_WARNING, "SCARD: unexpected resp len "
452 "%d (expected 2)", (int) len);
453 return -1;
454 }
455
456 if (resp[0] == 0x98 && resp[1] == 0x04) {
457 /* Security status not satisfied (PIN_WLAN) */
458 wpa_printf(MSG_WARNING, "SCARD: Security status not satisfied "
459 "(PIN_WLAN)");
460 return -1;
461 }
462
463 if (resp[0] == 0x6e) {
464 wpa_printf(MSG_DEBUG, "SCARD: used CLA not supported");
465 return -1;
466 }
467
468 if (resp[0] != 0x6c && resp[0] != 0x9f && resp[0] != 0x61) {
469 wpa_printf(MSG_WARNING, "SCARD: unexpected response 0x%02x "
470 "(expected 0x61, 0x6c, or 0x9f)", resp[0]);
471 return -1;
472 }
473 /* Normal ending of command; resp[1] bytes available */
474 get_resp[4] = resp[1];
475 wpa_printf(MSG_DEBUG, "SCARD: trying to get response (%d bytes)",
476 resp[1]);
477
478 rlen = *buf_len;
479 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &rlen);
480 if (ret == SCARD_S_SUCCESS) {
481 *buf_len = resp[1] < rlen ? resp[1] : rlen;
482 return 0;
483 }
484
485 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit err=0x%lx\n", ret);
486 return -1;
487 }
488
489
490 static int scard_select_file(struct scard_data *scard, unsigned short file_id,
491 unsigned char *buf, size_t *buf_len)
492 {
493 return _scard_select_file(scard, file_id, buf, buf_len,
494 scard->sim_type, NULL);
495 }
496
497
498 static int scard_read_file(struct scard_data *scard,
499 unsigned char *data, size_t len)
500 {
501 char cmd[5] = { SIM_CMD_READ_BIN, len };
502 size_t blen = len + 3;
503 unsigned char *buf;
504 long ret;
505
506 buf = malloc(blen);
507 if (buf == NULL)
508 return -1;
509
510 if (scard->sim_type == SCARD_USIM)
511 cmd[0] = USIM_CLA;
512 ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
513 if (ret != SCARD_S_SUCCESS) {
514 free(buf);
515 return -2;
516 }
517 if (blen != len + 2) {
518 wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
519 "length %d (expected %d)", blen, len + 2);
520 free(buf);
521 return -3;
522 }
523
524 if (buf[len] != 0x90 || buf[len + 1] != 0x00) {
525 wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
526 "status %02x %02x (expected 90 00)",
527 buf[len], buf[len + 1]);
528 free(buf);
529 return -4;
530 }
531
532 memcpy(data, buf, len);
533 free(buf);
534
535 return 0;
536 }
537
538
539 static int scard_verify_pin(struct scard_data *scard, const char *pin)
540 {
541 long ret;
542 unsigned char resp[3];
543 char cmd[5 + 8] = { SIM_CMD_VERIFY_CHV1 };
544 size_t len;
545
546 wpa_printf(MSG_DEBUG, "SCARD: verifying PIN");
547
548 if (pin == NULL || strlen(pin) > 8)
549 return -1;
550
551 if (scard->sim_type == SCARD_USIM)
552 cmd[0] = USIM_CLA;
553 memcpy(cmd + 5, pin, strlen(pin));
554 memset(cmd + 5 + strlen(pin), 0xff, 8 - strlen(pin));
555
556 len = sizeof(resp);
557 ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
558 if (ret != SCARD_S_SUCCESS)
559 return -2;
560
561 if (len != 2 || resp[0] != 0x90 || resp[1] != 0x00) {
562 wpa_printf(MSG_WARNING, "SCARD: PIN verification failed");
563 return -1;
564 }
565
566 wpa_printf(MSG_DEBUG, "SCARD: PIN verified successfully");
567 return 0;
568 }
569
570
571 /**
572 * scard_get_imsi - Read IMSI from SIM/USIM card
573 * @scard: Pointer to private data from scard_init()
574 * @imsi: Buffer for IMSI
575 * @len: Length of imsi buffer; set to IMSI length on success
576 * Returns: 0 on success, -1 if IMSI file cannot be selected, -2 if IMSI file
577 * selection returns invalid result code, -3 if parsing FSP template file fails
578 * (USIM only), -4 if IMSI does not fit in the provided imsi buffer (len is set
579 * to needed length), -5 if reading IMSI file fails.
580 *
581 * This function can be used to read IMSI from the SIM/USIM card. If the IMSI
582 * file is PIN protected, scard_set_pin() must have been used to set the
583 * correct PIN code before calling scard_get_imsi().
584 */
585 int scard_get_imsi(struct scard_data *scard, char *imsi, size_t *len)
586 {
587 char buf[100];
588 size_t blen, imsilen;
589 char *pos;
590 int i;
591
592 wpa_printf(MSG_DEBUG, "SCARD: reading IMSI from (GSM) EF-IMSI");
593 blen = sizeof(buf);
594 if (scard_select_file(scard, SCARD_FILE_GSM_EF_IMSI, buf, &blen))
595 return -1;
596 if (blen < 4) {
597 wpa_printf(MSG_WARNING, "SCARD: too short (GSM) EF-IMSI "
598 "header (len=%d)", blen);
599 return -2;
600 }
601
602 if (scard->sim_type == SCARD_GSM_SIM) {
603 blen = (buf[2] << 8) | buf[3];
604 } else {
605 int file_size;
606 if (scard_parse_fsp_templ(buf, blen, NULL, &file_size))
607 return -3;
608 blen = file_size;
609 }
610 if (blen < 2 || blen > sizeof(buf)) {
611 wpa_printf(MSG_DEBUG, "SCARD: invalid IMSI file length=%d",
612 blen);
613 return -3;
614 }
615
616 imsilen = (blen - 2) * 2 + 1;
617 wpa_printf(MSG_DEBUG, "SCARD: IMSI file length=%d imsilen=%d",
618 blen, imsilen);
619 if (blen < 2 || imsilen > *len) {
620 *len = imsilen;
621 return -4;
622 }
623
624 if (scard_read_file(scard, buf, blen))
625 return -5;
626
627 pos = imsi;
628 *pos++ = '0' + (buf[1] >> 4 & 0x0f);
629 for (i = 2; i < blen; i++) {
630 unsigned char digit;
631
632 digit = buf[i] & 0x0f;
633 if (digit < 10)
634 *pos++ = '0' + digit;
635 else
636 imsilen--;
637
638 digit = buf[i] >> 4 & 0x0f;
639 if (digit < 10)
640 *pos++ = '0' + digit;
641 else
642 imsilen--;
643 }
644 *len = imsilen;
645
646 return 0;
647 }
648
649
650 /**
651 * scard_gsm_auth - Run GSM authentication command on SIM card
652 * @scard: Pointer to private data from scard_init()
653 * @rand: 16-byte RAND value from HLR/AuC
654 * @sres: 4-byte buffer for SRES
655 * @kc: 8-byte buffer for Kc
656 * Returns: 0 on success, -1 if SIM/USIM connection has not been initialized,
657 * -2 if authentication command execution fails, -3 if unknown response code
658 * for authentication command is received, -4 if reading of response fails,
659 * -5 if if response data is of unexpected length
660 *
661 * This function performs GSM authentication using SIM/USIM card and the
662 * provided RAND value from HLR/AuC. If authentication command can be completed
663 * successfully, SRES and Kc values will be written into sres and kc buffers.
664 */
665 int scard_gsm_auth(struct scard_data *scard, const unsigned char *rand,
666 unsigned char *sres, unsigned char *kc)
667 {
668 unsigned char cmd[5 + 1 + 16] = { SIM_CMD_RUN_GSM_ALG };
669 int cmdlen;
670 unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
671 unsigned char resp[3], buf[12 + 3 + 2];
672 size_t len;
673 long ret;
674
675 if (scard == NULL)
676 return -1;
677
678 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - RAND", rand, 16);
679 if (scard->sim_type == SCARD_GSM_SIM) {
680 cmdlen = 5 + 16;
681 memcpy(cmd + 5, rand, 16);
682 } else {
683 cmdlen = 5 + 1 + 16;
684 cmd[0] = USIM_CLA;
685 cmd[3] = 0x80;
686 cmd[4] = 17;
687 cmd[5] = 16;
688 memcpy(cmd + 6, rand, 16);
689 }
690 len = sizeof(resp);
691 ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
692 if (ret != SCARD_S_SUCCESS)
693 return -2;
694
695 if ((scard->sim_type == SCARD_GSM_SIM &&
696 (len != 2 || resp[0] != 0x9f || resp[1] != 0x0c)) ||
697 (scard->sim_type == SCARD_USIM &&
698 (len != 2 || resp[0] != 0x61 || resp[1] != 0x0e))) {
699 wpa_printf(MSG_WARNING, "SCARD: unexpected response for GSM "
700 "auth request (len=%d resp=%02x %02x)",
701 len, resp[0], resp[1]);
702 return -3;
703 }
704 get_resp[4] = resp[1];
705
706 len = sizeof(buf);
707 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
708 if (ret != SCARD_S_SUCCESS)
709 return -4;
710
711 if (scard->sim_type == SCARD_GSM_SIM) {
712 if (len != 4 + 8 + 2) {
713 wpa_printf(MSG_WARNING, "SCARD: unexpected data "
714 "length for GSM auth (len=%d, expected 14)",
715 len);
716 return -5;
717 }
718 memcpy(sres, buf, 4);
719 memcpy(kc, buf + 4, 8);
720 } else {
721 if (len != 1 + 4 + 1 + 8 + 2) {
722 wpa_printf(MSG_WARNING, "SCARD: unexpected data "
723 "length for USIM auth (len=%d, "
724 "expected 16)", len);
725 return -5;
726 }
727 if (buf[0] != 4 || buf[5] != 8) {
728 wpa_printf(MSG_WARNING, "SCARD: unexpected SREC/Kc "
729 "length (%d %d, expected 4 8)",
730 buf[0], buf[5]);
731 }
732 memcpy(sres, buf + 1, 4);
733 memcpy(kc, buf + 6, 8);
734 }
735
736 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - SRES", sres, 4);
737 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - Kc", kc, 8);
738
739 return 0;
740 }
741
742
743 /**
744 * scard_umts_auth - Run UMTS authentication command on USIM card
745 * @scard: Pointer to private data from scard_init()
746 * @rand: 16-byte RAND value from HLR/AuC
747 * @autn: 16-byte AUTN value from HLR/AuC
748 * @res: 16-byte buffer for RES
749 * @res_len: Variable that will be set to RES length
750 * @ik: 16-byte buffer for IK
751 * @ck: 16-byte buffer for CK
752 * @auts: 14-byte buffer for AUTS
753 * Returns: 0 on success, -1 on failure, or -2 if USIM reports synchronization
754 * failure
755 *
756 * This function performs AKA authentication using USIM card and the provided
757 * RAND and AUTN values from HLR/AuC. If authentication command can be
758 * completed successfully, RES, IK, and CK values will be written into provided
759 * buffers and res_len is set to length of received RES value. If USIM reports
760 * synchronization failure, the received AUTS value will be written into auts
761 * buffer. In this case, RES, IK, and CK are not valid.
762 */
763 int scard_umts_auth(struct scard_data *scard, const unsigned char *rand,
764 const unsigned char *autn,
765 unsigned char *res, size_t *res_len,
766 unsigned char *ik, unsigned char *ck, unsigned char *auts)
767 {
768 unsigned char cmd[5 + 1 + AKA_RAND_LEN + 1 + AKA_AUTN_LEN] =
769 { USIM_CMD_RUN_UMTS_ALG };
770 int cmdlen;
771 unsigned char get_resp[5] = { USIM_CMD_GET_RESPONSE };
772 unsigned char resp[3], buf[64], *pos, *end;
773 size_t len;
774 long ret;
775
776 if (scard == NULL)
777 return -1;
778
779 if (scard->sim_type == SCARD_GSM_SIM) {
780 wpa_printf(MSG_ERROR, "SCARD: Non-USIM card - cannot do UMTS "
781 "auth");
782 return -1;
783 }
784
785 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - RAND", rand, AKA_RAND_LEN);
786 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - AUTN", autn, AKA_AUTN_LEN);
787 cmdlen = 5 + 1 + AKA_RAND_LEN + 1 + AKA_AUTN_LEN;
788 cmd[5] = AKA_RAND_LEN;
789 memcpy(cmd + 6, rand, AKA_RAND_LEN);
790 cmd[6 + AKA_RAND_LEN] = AKA_AUTN_LEN;
791 memcpy(cmd + 6 + AKA_RAND_LEN + 1, autn, AKA_AUTN_LEN);
792
793 len = sizeof(resp);
794 ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
795 if (ret != SCARD_S_SUCCESS)
796 return -1;
797
798 if (len >= 0 && len <= sizeof(resp))
799 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS alg response", resp, len);
800
801 if (len == 2 && resp[0] == 0x98 && resp[1] == 0x62) {
802 wpa_printf(MSG_WARNING, "SCARD: UMTS auth failed - "
803 "MAC != XMAC");
804 return -1;
805 } else if (len != 2 || resp[0] != 0x61) {
806 wpa_printf(MSG_WARNING, "SCARD: unexpected response for UMTS "
807 "auth request (len=%d resp=%02x %02x)",
808 len, resp[0], resp[1]);
809 return -1;
810 }
811 get_resp[4] = resp[1];
812
813 len = sizeof(buf);
814 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
815 if (ret != SCARD_S_SUCCESS || len < 0 || len > sizeof(buf))
816 return -1;
817
818 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS get response result", buf, len);
819 if (len >= 2 + AKA_AUTS_LEN && buf[0] == 0xdc &&
820 buf[1] == AKA_AUTS_LEN) {
821 wpa_printf(MSG_DEBUG, "SCARD: UMTS Synchronization-Failure");
822 memcpy(auts, buf + 2, AKA_AUTS_LEN);
823 wpa_hexdump(MSG_DEBUG, "SCARD: AUTS", auts, AKA_AUTS_LEN);
824 return -2;
825 } else if (len >= 6 + IK_LEN + CK_LEN && buf[0] == 0xdb) {
826 pos = buf + 1;
827 end = buf + len;
828
829 /* RES */
830 if (pos[0] > RES_MAX_LEN || pos + pos[0] > end) {
831 wpa_printf(MSG_DEBUG, "SCARD: Invalid RES");
832 return -1;
833 }
834 *res_len = *pos++;
835 memcpy(res, pos, *res_len);
836 pos += *res_len;
837 wpa_hexdump(MSG_DEBUG, "SCARD: RES", res, *res_len);
838
839 /* CK */
840 if (pos[0] != CK_LEN || pos + CK_LEN > end) {
841 wpa_printf(MSG_DEBUG, "SCARD: Invalid CK");
842 return -1;
843 }
844 pos++;
845 memcpy(ck, pos, CK_LEN);
846 pos += CK_LEN;
847 wpa_hexdump(MSG_DEBUG, "SCARD: CK", ck, CK_LEN);
848
849 /* IK */
850 if (pos[0] != IK_LEN || pos + IK_LEN > end) {
851 wpa_printf(MSG_DEBUG, "SCARD: Invalid IK");
852 return -1;
853 }
854 pos++;
855 memcpy(ik, pos, IK_LEN);
856 pos += IK_LEN;
857 wpa_hexdump(MSG_DEBUG, "SCARD: IK", ik, IK_LEN);
858
859 return 0;
860 }
861
862 wpa_printf(MSG_DEBUG, "SCARD: Unrecognized response");
863 return -1;
864 }
A repo for keeping AMD64 port code before merging with the master