1 /* 2 * hostapd / EAP-AKA (RFC 4187) and EAP-AKA' (RFC 5448) 3 * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/sha256.h" 13 #include "crypto/crypto.h" 14 #include "crypto/random.h" 15 #include "eap_common/eap_sim_common.h" 16 #include "eap_server/eap_i.h" 17 #include "eap_server/eap_sim_db.h" 18 19 20 struct eap_aka_data { 21 u8 mk[EAP_SIM_MK_LEN]; 22 u8 nonce_s[EAP_SIM_NONCE_S_LEN]; 23 u8 k_aut[EAP_AKA_PRIME_K_AUT_LEN]; 24 u8 k_encr[EAP_SIM_K_ENCR_LEN]; 25 u8 k_re[EAP_AKA_PRIME_K_RE_LEN]; /* EAP-AKA' only */ 26 u8 msk[EAP_SIM_KEYING_DATA_LEN]; 27 u8 emsk[EAP_EMSK_LEN]; 28 u8 rand[EAP_AKA_RAND_LEN]; 29 u8 autn[EAP_AKA_AUTN_LEN]; 30 u8 ck[EAP_AKA_CK_LEN]; 31 u8 ik[EAP_AKA_IK_LEN]; 32 u8 res[EAP_AKA_RES_MAX_LEN]; 33 u8 reauth_mac[EAP_SIM_MAC_LEN]; 34 size_t res_len; 35 enum { 36 IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE 37 } state; 38 char *next_pseudonym; 39 char *next_reauth_id; 40 u16 counter; 41 struct eap_sim_reauth *reauth; 42 int auts_reported; /* whether the current AUTS has been reported to the 43 * eap_sim_db */ 44 u16 notification; 45 int use_result_ind; 46 47 struct wpabuf *id_msgs; 48 int pending_id; 49 u8 eap_method; 50 u8 *network_name; 51 size_t network_name_len; 52 u16 kdf; 53 int identity_round; 54 char permanent[20]; /* Permanent username */ 55 }; 56 57 58 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data); 59 60 61 static const char * eap_aka_state_txt(int state) 62 { 63 switch (state) { 64 case IDENTITY: 65 return "IDENTITY"; 66 case CHALLENGE: 67 return "CHALLENGE"; 68 case REAUTH: 69 return "REAUTH"; 70 case SUCCESS: 71 return "SUCCESS"; 72 case FAILURE: 73 return "FAILURE"; 74 case NOTIFICATION: 75 return "NOTIFICATION"; 76 default: 77 return "Unknown?!"; 78 } 79 } 80 81 82 static void eap_aka_state(struct eap_aka_data *data, int state) 83 { 84 wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", 85 eap_aka_state_txt(data->state), 86 eap_aka_state_txt(state)); 87 data->state = state; 88 } 89 90 91 static int eap_aka_check_identity_reauth(struct eap_sm *sm, 92 struct eap_aka_data *data, 93 const char *username) 94 { 95 if (data->eap_method == EAP_TYPE_AKA_PRIME && 96 username[0] != EAP_AKA_PRIME_REAUTH_ID_PREFIX) 97 return 0; 98 if (data->eap_method == EAP_TYPE_AKA && 99 username[0] != EAP_AKA_REAUTH_ID_PREFIX) 100 return 0; 101 102 wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username); 103 data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv, 104 username); 105 if (data->reauth == NULL) { 106 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - " 107 "request full auth identity"); 108 /* Remain in IDENTITY state for another round */ 109 return 0; 110 } 111 112 wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast re-authentication"); 113 os_strlcpy(data->permanent, data->reauth->permanent, 114 sizeof(data->permanent)); 115 data->counter = data->reauth->counter; 116 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 117 os_memcpy(data->k_encr, data->reauth->k_encr, 118 EAP_SIM_K_ENCR_LEN); 119 os_memcpy(data->k_aut, data->reauth->k_aut, 120 EAP_AKA_PRIME_K_AUT_LEN); 121 os_memcpy(data->k_re, data->reauth->k_re, 122 EAP_AKA_PRIME_K_RE_LEN); 123 } else { 124 os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN); 125 } 126 127 eap_aka_state(data, REAUTH); 128 return 1; 129 } 130 131 132 static void eap_aka_check_identity(struct eap_sm *sm, 133 struct eap_aka_data *data) 134 { 135 char *username; 136 137 /* Check if we already know the identity from EAP-Response/Identity */ 138 139 username = sim_get_username(sm->identity, sm->identity_len); 140 if (username == NULL) 141 return; 142 143 if (eap_aka_check_identity_reauth(sm, data, username) > 0) { 144 os_free(username); 145 /* 146 * Since re-auth username was recognized, skip AKA/Identity 147 * exchange. 148 */ 149 return; 150 } 151 152 if ((data->eap_method == EAP_TYPE_AKA_PRIME && 153 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) || 154 (data->eap_method == EAP_TYPE_AKA && 155 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) { 156 const char *permanent; 157 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'", 158 username); 159 permanent = eap_sim_db_get_permanent( 160 sm->eap_sim_db_priv, username); 161 if (permanent == NULL) { 162 os_free(username); 163 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym " 164 "identity - request permanent identity"); 165 /* Remain in IDENTITY state for another round */ 166 return; 167 } 168 os_strlcpy(data->permanent, permanent, 169 sizeof(data->permanent)); 170 /* 171 * Since pseudonym username was recognized, skip AKA/Identity 172 * exchange. 173 */ 174 eap_aka_fullauth(sm, data); 175 } 176 177 os_free(username); 178 } 179 180 181 static void * eap_aka_init(struct eap_sm *sm) 182 { 183 struct eap_aka_data *data; 184 185 if (sm->eap_sim_db_priv == NULL) { 186 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured"); 187 return NULL; 188 } 189 190 data = os_zalloc(sizeof(*data)); 191 if (data == NULL) 192 return NULL; 193 194 data->eap_method = EAP_TYPE_AKA; 195 196 data->state = IDENTITY; 197 data->pending_id = -1; 198 eap_aka_check_identity(sm, data); 199 200 return data; 201 } 202 203 204 #ifdef EAP_SERVER_AKA_PRIME 205 static void * eap_aka_prime_init(struct eap_sm *sm) 206 { 207 struct eap_aka_data *data; 208 /* TODO: make ANID configurable; see 3GPP TS 24.302 */ 209 char *network_name = "WLAN"; 210 211 if (sm->eap_sim_db_priv == NULL) { 212 wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured"); 213 return NULL; 214 } 215 216 data = os_zalloc(sizeof(*data)); 217 if (data == NULL) 218 return NULL; 219 220 data->eap_method = EAP_TYPE_AKA_PRIME; 221 data->network_name = (u8 *) os_strdup(network_name); 222 if (data->network_name == NULL) { 223 os_free(data); 224 return NULL; 225 } 226 227 data->network_name_len = os_strlen(network_name); 228 229 data->state = IDENTITY; 230 data->pending_id = -1; 231 eap_aka_check_identity(sm, data); 232 233 return data; 234 } 235 #endif /* EAP_SERVER_AKA_PRIME */ 236 237 238 static void eap_aka_reset(struct eap_sm *sm, void *priv) 239 { 240 struct eap_aka_data *data = priv; 241 os_free(data->next_pseudonym); 242 os_free(data->next_reauth_id); 243 wpabuf_free(data->id_msgs); 244 os_free(data->network_name); 245 bin_clear_free(data, sizeof(*data)); 246 } 247 248 249 static int eap_aka_add_id_msg(struct eap_aka_data *data, 250 const struct wpabuf *msg) 251 { 252 if (msg == NULL) 253 return -1; 254 255 if (data->id_msgs == NULL) { 256 data->id_msgs = wpabuf_dup(msg); 257 return data->id_msgs == NULL ? -1 : 0; 258 } 259 260 if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0) 261 return -1; 262 wpabuf_put_buf(data->id_msgs, msg); 263 264 return 0; 265 } 266 267 268 static void eap_aka_add_checkcode(struct eap_aka_data *data, 269 struct eap_sim_msg *msg) 270 { 271 const u8 *addr; 272 size_t len; 273 u8 hash[SHA256_MAC_LEN]; 274 275 wpa_printf(MSG_DEBUG, " AT_CHECKCODE"); 276 277 if (data->id_msgs == NULL) { 278 /* 279 * No EAP-AKA/Identity packets were exchanged - send empty 280 * checkcode. 281 */ 282 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, NULL, 0); 283 return; 284 } 285 286 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */ 287 addr = wpabuf_head(data->id_msgs); 288 len = wpabuf_len(data->id_msgs); 289 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len); 290 if (data->eap_method == EAP_TYPE_AKA_PRIME) 291 sha256_vector(1, &addr, &len, hash); 292 else 293 sha1_vector(1, &addr, &len, hash); 294 295 eap_sim_msg_add(msg, EAP_SIM_AT_CHECKCODE, 0, hash, 296 data->eap_method == EAP_TYPE_AKA_PRIME ? 297 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN); 298 } 299 300 301 static int eap_aka_verify_checkcode(struct eap_aka_data *data, 302 const u8 *checkcode, size_t checkcode_len) 303 { 304 const u8 *addr; 305 size_t len; 306 u8 hash[SHA256_MAC_LEN]; 307 size_t hash_len; 308 309 if (checkcode == NULL) 310 return -1; 311 312 if (data->id_msgs == NULL) { 313 if (checkcode_len != 0) { 314 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer " 315 "indicates that AKA/Identity messages were " 316 "used, but they were not"); 317 return -1; 318 } 319 return 0; 320 } 321 322 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ? 323 EAP_AKA_PRIME_CHECKCODE_LEN : EAP_AKA_CHECKCODE_LEN; 324 325 if (checkcode_len != hash_len) { 326 wpa_printf(MSG_DEBUG, "EAP-AKA: Checkcode from peer indicates " 327 "that AKA/Identity message were not used, but they " 328 "were"); 329 return -1; 330 } 331 332 /* Checkcode is SHA1 hash over all EAP-AKA/Identity packets. */ 333 addr = wpabuf_head(data->id_msgs); 334 len = wpabuf_len(data->id_msgs); 335 if (data->eap_method == EAP_TYPE_AKA_PRIME) 336 sha256_vector(1, &addr, &len, hash); 337 else 338 sha1_vector(1, &addr, &len, hash); 339 340 if (os_memcmp_const(hash, checkcode, hash_len) != 0) { 341 wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE"); 342 return -1; 343 } 344 345 return 0; 346 } 347 348 349 static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm, 350 struct eap_aka_data *data, u8 id) 351 { 352 struct eap_sim_msg *msg; 353 struct wpabuf *buf; 354 355 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); 356 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, 357 EAP_AKA_SUBTYPE_IDENTITY); 358 data->identity_round++; 359 if (data->identity_round == 1) { 360 /* 361 * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is 362 * ignored and the AKA/Identity is used to request the 363 * identity. 364 */ 365 wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ"); 366 eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0); 367 } else if (data->identity_round > 3) { 368 /* Cannot use more than three rounds of Identity messages */ 369 eap_sim_msg_free(msg); 370 return NULL; 371 } else if (sm->identity && sm->identity_len > 0 && 372 (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX || 373 sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) { 374 /* Reauth id may have expired - try fullauth */ 375 wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ"); 376 eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0); 377 } else { 378 wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ"); 379 eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0); 380 } 381 buf = eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0); 382 if (eap_aka_add_id_msg(data, buf) < 0) { 383 wpabuf_free(buf); 384 return NULL; 385 } 386 data->pending_id = id; 387 return buf; 388 } 389 390 391 static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data, 392 struct eap_sim_msg *msg, u16 counter, 393 const u8 *nonce_s) 394 { 395 os_free(data->next_pseudonym); 396 if (!(sm->eap_sim_id & 0x01)) { 397 /* Use of pseudonyms disabled in configuration */ 398 data->next_pseudonym = NULL; 399 } else if (!nonce_s) { 400 data->next_pseudonym = 401 eap_sim_db_get_next_pseudonym( 402 sm->eap_sim_db_priv, 403 data->eap_method == EAP_TYPE_AKA_PRIME ? 404 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA); 405 } else { 406 /* Do not update pseudonym during re-authentication */ 407 data->next_pseudonym = NULL; 408 } 409 os_free(data->next_reauth_id); 410 if (!(sm->eap_sim_id & 0x02)) { 411 /* Use of fast reauth disabled in configuration */ 412 data->next_reauth_id = NULL; 413 } else if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) { 414 data->next_reauth_id = 415 eap_sim_db_get_next_reauth_id( 416 sm->eap_sim_db_priv, 417 data->eap_method == EAP_TYPE_AKA_PRIME ? 418 EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA); 419 } else { 420 wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication " 421 "count exceeded - force full authentication"); 422 data->next_reauth_id = NULL; 423 } 424 425 if (data->next_pseudonym == NULL && data->next_reauth_id == NULL && 426 counter == 0 && nonce_s == NULL) 427 return 0; 428 429 wpa_printf(MSG_DEBUG, " AT_IV"); 430 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); 431 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA); 432 433 if (counter > 0) { 434 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter); 435 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0); 436 } 437 438 if (nonce_s) { 439 wpa_printf(MSG_DEBUG, " *AT_NONCE_S"); 440 eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s, 441 EAP_SIM_NONCE_S_LEN); 442 } 443 444 if (data->next_pseudonym) { 445 wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)", 446 data->next_pseudonym); 447 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM, 448 os_strlen(data->next_pseudonym), 449 (u8 *) data->next_pseudonym, 450 os_strlen(data->next_pseudonym)); 451 } 452 453 if (data->next_reauth_id) { 454 wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)", 455 data->next_reauth_id); 456 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID, 457 os_strlen(data->next_reauth_id), 458 (u8 *) data->next_reauth_id, 459 os_strlen(data->next_reauth_id)); 460 } 461 462 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { 463 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt " 464 "AT_ENCR_DATA"); 465 return -1; 466 } 467 468 return 0; 469 } 470 471 472 static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm, 473 struct eap_aka_data *data, 474 u8 id) 475 { 476 struct eap_sim_msg *msg; 477 478 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge"); 479 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, 480 EAP_AKA_SUBTYPE_CHALLENGE); 481 wpa_printf(MSG_DEBUG, " AT_RAND"); 482 eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN); 483 wpa_printf(MSG_DEBUG, " AT_AUTN"); 484 eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN); 485 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 486 if (data->kdf) { 487 /* Add the selected KDF into the beginning */ 488 wpa_printf(MSG_DEBUG, " AT_KDF"); 489 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, data->kdf, 490 NULL, 0); 491 } 492 wpa_printf(MSG_DEBUG, " AT_KDF"); 493 eap_sim_msg_add(msg, EAP_SIM_AT_KDF, EAP_AKA_PRIME_KDF, 494 NULL, 0); 495 wpa_printf(MSG_DEBUG, " AT_KDF_INPUT"); 496 eap_sim_msg_add(msg, EAP_SIM_AT_KDF_INPUT, 497 data->network_name_len, 498 data->network_name, data->network_name_len); 499 } 500 501 if (eap_aka_build_encr(sm, data, msg, 0, NULL)) { 502 eap_sim_msg_free(msg); 503 return NULL; 504 } 505 506 eap_aka_add_checkcode(data, msg); 507 508 if (sm->eap_sim_aka_result_ind) { 509 wpa_printf(MSG_DEBUG, " AT_RESULT_IND"); 510 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0); 511 } 512 513 #ifdef EAP_SERVER_AKA_PRIME 514 if (data->eap_method == EAP_TYPE_AKA) { 515 u16 flags = 0; 516 int i; 517 int aka_prime_preferred = 0; 518 519 i = 0; 520 while (sm->user && i < EAP_MAX_METHODS && 521 (sm->user->methods[i].vendor != EAP_VENDOR_IETF || 522 sm->user->methods[i].method != EAP_TYPE_NONE)) { 523 if (sm->user->methods[i].vendor == EAP_VENDOR_IETF) { 524 if (sm->user->methods[i].method == 525 EAP_TYPE_AKA) 526 break; 527 if (sm->user->methods[i].method == 528 EAP_TYPE_AKA_PRIME) { 529 aka_prime_preferred = 1; 530 break; 531 } 532 } 533 i++; 534 } 535 536 if (aka_prime_preferred) 537 flags |= EAP_AKA_BIDDING_FLAG_D; 538 eap_sim_msg_add(msg, EAP_SIM_AT_BIDDING, flags, NULL, 0); 539 } 540 #endif /* EAP_SERVER_AKA_PRIME */ 541 542 wpa_printf(MSG_DEBUG, " AT_MAC"); 543 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); 544 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); 545 } 546 547 548 static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm, 549 struct eap_aka_data *data, u8 id) 550 { 551 struct eap_sim_msg *msg; 552 struct wpabuf *buf; 553 554 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication"); 555 556 if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN)) 557 return NULL; 558 wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S", 559 data->nonce_s, EAP_SIM_NONCE_S_LEN); 560 561 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 562 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter, 563 sm->identity, 564 sm->identity_len, 565 data->nonce_s, 566 data->msk, data->emsk); 567 } else { 568 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, 569 data->msk, data->emsk); 570 eap_sim_derive_keys_reauth(data->counter, sm->identity, 571 sm->identity_len, data->nonce_s, 572 data->mk, data->msk, data->emsk); 573 } 574 575 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, 576 EAP_AKA_SUBTYPE_REAUTHENTICATION); 577 578 if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) { 579 eap_sim_msg_free(msg); 580 return NULL; 581 } 582 583 eap_aka_add_checkcode(data, msg); 584 585 if (sm->eap_sim_aka_result_ind) { 586 wpa_printf(MSG_DEBUG, " AT_RESULT_IND"); 587 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0); 588 } 589 590 wpa_printf(MSG_DEBUG, " AT_MAC"); 591 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); 592 buf = eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); 593 594 /* Remember this MAC before sending it to the peer. This MAC is used for 595 * Session-Id calculation after receiving response from the peer and 596 * after all other checks pass. */ 597 os_memcpy(data->reauth_mac, 598 wpabuf_head_u8(buf) + wpabuf_len(buf) - EAP_SIM_MAC_LEN, 599 EAP_SIM_MAC_LEN); 600 601 return buf; 602 } 603 604 605 static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm, 606 struct eap_aka_data *data, 607 u8 id) 608 { 609 struct eap_sim_msg *msg; 610 611 wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification"); 612 msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, 613 EAP_AKA_SUBTYPE_NOTIFICATION); 614 wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification); 615 eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification, 616 NULL, 0); 617 if (data->use_result_ind) { 618 if (data->reauth) { 619 wpa_printf(MSG_DEBUG, " AT_IV"); 620 wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); 621 eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, 622 EAP_SIM_AT_ENCR_DATA); 623 wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", 624 data->counter); 625 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter, 626 NULL, 0); 627 628 if (eap_sim_msg_add_encr_end(msg, data->k_encr, 629 EAP_SIM_AT_PADDING)) { 630 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to " 631 "encrypt AT_ENCR_DATA"); 632 eap_sim_msg_free(msg); 633 return NULL; 634 } 635 } 636 637 wpa_printf(MSG_DEBUG, " AT_MAC"); 638 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); 639 } 640 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, NULL, 0); 641 } 642 643 644 static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id) 645 { 646 struct eap_aka_data *data = priv; 647 648 data->auts_reported = 0; 649 switch (data->state) { 650 case IDENTITY: 651 return eap_aka_build_identity(sm, data, id); 652 case CHALLENGE: 653 return eap_aka_build_challenge(sm, data, id); 654 case REAUTH: 655 return eap_aka_build_reauth(sm, data, id); 656 case NOTIFICATION: 657 return eap_aka_build_notification(sm, data, id); 658 default: 659 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in " 660 "buildReq", data->state); 661 break; 662 } 663 return NULL; 664 } 665 666 667 static Boolean eap_aka_check(struct eap_sm *sm, void *priv, 668 struct wpabuf *respData) 669 { 670 struct eap_aka_data *data = priv; 671 const u8 *pos; 672 size_t len; 673 674 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, 675 &len); 676 if (pos == NULL || len < 3) { 677 wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame"); 678 return TRUE; 679 } 680 681 return FALSE; 682 } 683 684 685 static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) 686 { 687 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR || 688 subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) 689 return FALSE; 690 691 switch (data->state) { 692 case IDENTITY: 693 if (subtype != EAP_AKA_SUBTYPE_IDENTITY) { 694 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " 695 "subtype %d", subtype); 696 return TRUE; 697 } 698 break; 699 case CHALLENGE: 700 if (subtype != EAP_AKA_SUBTYPE_CHALLENGE && 701 subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) { 702 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " 703 "subtype %d", subtype); 704 return TRUE; 705 } 706 break; 707 case REAUTH: 708 if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) { 709 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " 710 "subtype %d", subtype); 711 return TRUE; 712 } 713 break; 714 case NOTIFICATION: 715 if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) { 716 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " 717 "subtype %d", subtype); 718 return TRUE; 719 } 720 break; 721 default: 722 wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for " 723 "processing a response", data->state); 724 return TRUE; 725 } 726 727 return FALSE; 728 } 729 730 731 static void eap_aka_determine_identity(struct eap_sm *sm, 732 struct eap_aka_data *data) 733 { 734 char *username; 735 736 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity", 737 sm->identity, sm->identity_len); 738 739 username = sim_get_username(sm->identity, sm->identity_len); 740 if (username == NULL) { 741 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 742 eap_aka_state(data, NOTIFICATION); 743 return; 744 } 745 746 if (eap_aka_check_identity_reauth(sm, data, username) > 0) { 747 os_free(username); 748 return; 749 } 750 751 if (((data->eap_method == EAP_TYPE_AKA_PRIME && 752 username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) || 753 (data->eap_method == EAP_TYPE_AKA && 754 username[0] == EAP_AKA_REAUTH_ID_PREFIX)) && 755 data->identity_round == 1) { 756 /* Remain in IDENTITY state for another round to request full 757 * auth identity since we did not recognize reauth id */ 758 os_free(username); 759 return; 760 } 761 762 if ((data->eap_method == EAP_TYPE_AKA_PRIME && 763 username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) || 764 (data->eap_method == EAP_TYPE_AKA && 765 username[0] == EAP_AKA_PSEUDONYM_PREFIX)) { 766 const char *permanent; 767 wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'", 768 username); 769 permanent = eap_sim_db_get_permanent( 770 sm->eap_sim_db_priv, username); 771 os_free(username); 772 if (permanent == NULL) { 773 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym " 774 "identity - request permanent identity"); 775 /* Remain in IDENTITY state for another round */ 776 return; 777 } 778 os_strlcpy(data->permanent, permanent, 779 sizeof(data->permanent)); 780 } else if ((data->eap_method == EAP_TYPE_AKA_PRIME && 781 username[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) || 782 (data->eap_method == EAP_TYPE_AKA && 783 username[0] == EAP_AKA_PERMANENT_PREFIX)) { 784 wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent username '%s'", 785 username); 786 os_strlcpy(data->permanent, username, sizeof(data->permanent)); 787 os_free(username); 788 } else { 789 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized username '%s'", 790 username); 791 os_free(username); 792 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 793 eap_aka_state(data, NOTIFICATION); 794 return; 795 } 796 797 eap_aka_fullauth(sm, data); 798 } 799 800 801 static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data) 802 { 803 size_t identity_len; 804 int res; 805 806 res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent, 807 data->rand, data->autn, data->ik, 808 data->ck, data->res, &data->res_len, sm); 809 if (res == EAP_SIM_DB_PENDING) { 810 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " 811 "not yet available - pending request"); 812 sm->method_pending = METHOD_PENDING_WAIT; 813 return; 814 } 815 816 if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX || 817 data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) 818 os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi)); 819 820 #ifdef EAP_SERVER_AKA_PRIME 821 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 822 /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the 823 * needed 6-octet SQN ^AK for CK',IK' derivation */ 824 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik, 825 data->autn, 826 data->network_name, 827 data->network_name_len); 828 } 829 #endif /* EAP_SERVER_AKA_PRIME */ 830 831 data->reauth = NULL; 832 data->counter = 0; /* reset re-auth counter since this is full auth */ 833 834 if (res != 0) { 835 wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA " 836 "authentication data for the peer"); 837 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 838 eap_aka_state(data, NOTIFICATION); 839 return; 840 } 841 if (sm->method_pending == METHOD_PENDING_WAIT) { 842 wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " 843 "available - abort pending wait"); 844 sm->method_pending = METHOD_PENDING_NONE; 845 } 846 847 identity_len = sm->identity_len; 848 while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') { 849 wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null " 850 "character from identity"); 851 identity_len--; 852 } 853 wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation", 854 sm->identity, identity_len); 855 856 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 857 eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik, 858 data->ck, data->k_encr, data->k_aut, 859 data->k_re, data->msk, data->emsk); 860 } else { 861 eap_aka_derive_mk(sm->identity, identity_len, data->ik, 862 data->ck, data->mk); 863 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, 864 data->msk, data->emsk); 865 } 866 867 eap_aka_state(data, CHALLENGE); 868 } 869 870 871 static void eap_aka_process_identity(struct eap_sm *sm, 872 struct eap_aka_data *data, 873 struct wpabuf *respData, 874 struct eap_sim_attrs *attr) 875 { 876 u8 *new_identity; 877 878 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity"); 879 880 if (attr->mac || attr->iv || attr->encr_data) { 881 wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute " 882 "received in EAP-Response/AKA-Identity"); 883 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 884 eap_aka_state(data, NOTIFICATION); 885 return; 886 } 887 888 /* 889 * We always request identity with AKA/Identity, so the peer is 890 * required to have replied with one. 891 */ 892 if (!attr->identity || attr->identity_len == 0) { 893 wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any " 894 "identity"); 895 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 896 eap_aka_state(data, NOTIFICATION); 897 return; 898 } 899 900 new_identity = os_malloc(attr->identity_len); 901 if (new_identity == NULL) { 902 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 903 eap_aka_state(data, NOTIFICATION); 904 return; 905 } 906 os_free(sm->identity); 907 sm->identity = new_identity; 908 os_memcpy(sm->identity, attr->identity, attr->identity_len); 909 sm->identity_len = attr->identity_len; 910 911 eap_aka_determine_identity(sm, data); 912 if (eap_get_id(respData) == data->pending_id) { 913 data->pending_id = -1; 914 eap_aka_add_id_msg(data, respData); 915 } 916 } 917 918 919 static int eap_aka_verify_mac(struct eap_aka_data *data, 920 const struct wpabuf *req, 921 const u8 *mac, const u8 *extra, 922 size_t extra_len) 923 { 924 if (data->eap_method == EAP_TYPE_AKA_PRIME) 925 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra, 926 extra_len); 927 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len); 928 } 929 930 931 static void eap_aka_process_challenge(struct eap_sm *sm, 932 struct eap_aka_data *data, 933 struct wpabuf *respData, 934 struct eap_sim_attrs *attr) 935 { 936 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge"); 937 938 #ifdef EAP_SERVER_AKA_PRIME 939 #if 0 940 /* KDF negotiation; to be enabled only after more than one KDF is 941 * supported */ 942 if (data->eap_method == EAP_TYPE_AKA_PRIME && 943 attr->kdf_count == 1 && attr->mac == NULL) { 944 if (attr->kdf[0] != EAP_AKA_PRIME_KDF) { 945 wpa_printf(MSG_WARNING, "EAP-AKA': Peer selected " 946 "unknown KDF"); 947 data->notification = 948 EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 949 eap_aka_state(data, NOTIFICATION); 950 return; 951 } 952 953 data->kdf = attr->kdf[0]; 954 955 /* Allow negotiation to continue with the selected KDF by 956 * sending another Challenge message */ 957 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf); 958 return; 959 } 960 #endif 961 #endif /* EAP_SERVER_AKA_PRIME */ 962 963 if (attr->checkcode && 964 eap_aka_verify_checkcode(data, attr->checkcode, 965 attr->checkcode_len)) { 966 wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the " 967 "message"); 968 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 969 eap_aka_state(data, NOTIFICATION); 970 return; 971 } 972 if (attr->mac == NULL || 973 eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) { 974 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " 975 "did not include valid AT_MAC"); 976 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 977 eap_aka_state(data, NOTIFICATION); 978 return; 979 } 980 981 /* 982 * AT_RES is padded, so verify that there is enough room for RES and 983 * that the RES length in bits matches with the expected RES. 984 */ 985 if (attr->res == NULL || attr->res_len < data->res_len || 986 attr->res_len_bits != data->res_len * 8 || 987 os_memcmp_const(attr->res, data->res, data->res_len) != 0) { 988 wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not " 989 "include valid AT_RES (attr len=%lu, res len=%lu " 990 "bits, expected %lu bits)", 991 (unsigned long) attr->res_len, 992 (unsigned long) attr->res_len_bits, 993 (unsigned long) data->res_len * 8); 994 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 995 eap_aka_state(data, NOTIFICATION); 996 return; 997 } 998 999 wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the " 1000 "correct AT_MAC"); 1001 if (sm->eap_sim_aka_result_ind && attr->result_ind) { 1002 data->use_result_ind = 1; 1003 data->notification = EAP_SIM_SUCCESS; 1004 eap_aka_state(data, NOTIFICATION); 1005 } else 1006 eap_aka_state(data, SUCCESS); 1007 1008 if (data->next_pseudonym) { 1009 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent, 1010 data->next_pseudonym); 1011 data->next_pseudonym = NULL; 1012 } 1013 if (data->next_reauth_id) { 1014 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 1015 #ifdef EAP_SERVER_AKA_PRIME 1016 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv, 1017 data->permanent, 1018 data->next_reauth_id, 1019 data->counter + 1, 1020 data->k_encr, data->k_aut, 1021 data->k_re); 1022 #endif /* EAP_SERVER_AKA_PRIME */ 1023 } else { 1024 eap_sim_db_add_reauth(sm->eap_sim_db_priv, 1025 data->permanent, 1026 data->next_reauth_id, 1027 data->counter + 1, 1028 data->mk); 1029 } 1030 data->next_reauth_id = NULL; 1031 } 1032 } 1033 1034 1035 static void eap_aka_process_sync_failure(struct eap_sm *sm, 1036 struct eap_aka_data *data, 1037 struct wpabuf *respData, 1038 struct eap_sim_attrs *attr) 1039 { 1040 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure"); 1041 1042 if (attr->auts == NULL) { 1043 wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure " 1044 "message did not include valid AT_AUTS"); 1045 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 1046 eap_aka_state(data, NOTIFICATION); 1047 return; 1048 } 1049 1050 /* Avoid re-reporting AUTS when processing pending EAP packet by 1051 * maintaining a local flag stating whether this AUTS has already been 1052 * reported. */ 1053 if (!data->auts_reported && 1054 eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent, 1055 attr->auts, data->rand)) { 1056 wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed"); 1057 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 1058 eap_aka_state(data, NOTIFICATION); 1059 return; 1060 } 1061 data->auts_reported = 1; 1062 1063 /* Remain in CHALLENGE state to re-try after resynchronization */ 1064 eap_aka_fullauth(sm, data); 1065 } 1066 1067 1068 static void eap_aka_process_reauth(struct eap_sm *sm, 1069 struct eap_aka_data *data, 1070 struct wpabuf *respData, 1071 struct eap_sim_attrs *attr) 1072 { 1073 struct eap_sim_attrs eattr; 1074 u8 *decrypted = NULL; 1075 1076 wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication"); 1077 1078 if (attr->mac == NULL || 1079 eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s, 1080 EAP_SIM_NONCE_S_LEN)) { 1081 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message " 1082 "did not include valid AT_MAC"); 1083 goto fail; 1084 } 1085 1086 if (attr->encr_data == NULL || attr->iv == NULL) { 1087 wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication " 1088 "message did not include encrypted data"); 1089 goto fail; 1090 } 1091 1092 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, 1093 attr->encr_data_len, attr->iv, &eattr, 1094 0); 1095 if (decrypted == NULL) { 1096 wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted " 1097 "data from reauthentication message"); 1098 goto fail; 1099 } 1100 1101 if (eattr.counter != data->counter) { 1102 wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message " 1103 "used incorrect counter %u, expected %u", 1104 eattr.counter, data->counter); 1105 goto fail; 1106 } 1107 os_free(decrypted); 1108 decrypted = NULL; 1109 1110 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes " 1111 "the correct AT_MAC"); 1112 1113 if (eattr.counter_too_small) { 1114 wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response " 1115 "included AT_COUNTER_TOO_SMALL - starting full " 1116 "authentication"); 1117 eap_aka_fullauth(sm, data); 1118 return; 1119 } 1120 1121 if (sm->eap_sim_aka_result_ind && attr->result_ind) { 1122 data->use_result_ind = 1; 1123 data->notification = EAP_SIM_SUCCESS; 1124 eap_aka_state(data, NOTIFICATION); 1125 } else 1126 eap_aka_state(data, SUCCESS); 1127 1128 if (data->next_reauth_id) { 1129 if (data->eap_method == EAP_TYPE_AKA_PRIME) { 1130 #ifdef EAP_SERVER_AKA_PRIME 1131 eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv, 1132 data->permanent, 1133 data->next_reauth_id, 1134 data->counter + 1, 1135 data->k_encr, data->k_aut, 1136 data->k_re); 1137 #endif /* EAP_SERVER_AKA_PRIME */ 1138 } else { 1139 eap_sim_db_add_reauth(sm->eap_sim_db_priv, 1140 data->permanent, 1141 data->next_reauth_id, 1142 data->counter + 1, 1143 data->mk); 1144 } 1145 data->next_reauth_id = NULL; 1146 } else { 1147 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); 1148 data->reauth = NULL; 1149 } 1150 1151 return; 1152 1153 fail: 1154 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 1155 eap_aka_state(data, NOTIFICATION); 1156 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); 1157 data->reauth = NULL; 1158 os_free(decrypted); 1159 } 1160 1161 1162 static void eap_aka_process_client_error(struct eap_sm *sm, 1163 struct eap_aka_data *data, 1164 struct wpabuf *respData, 1165 struct eap_sim_attrs *attr) 1166 { 1167 wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d", 1168 attr->client_error_code); 1169 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind) 1170 eap_aka_state(data, SUCCESS); 1171 else 1172 eap_aka_state(data, FAILURE); 1173 } 1174 1175 1176 static void eap_aka_process_authentication_reject( 1177 struct eap_sm *sm, struct eap_aka_data *data, 1178 struct wpabuf *respData, struct eap_sim_attrs *attr) 1179 { 1180 wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication"); 1181 eap_aka_state(data, FAILURE); 1182 } 1183 1184 1185 static void eap_aka_process_notification(struct eap_sm *sm, 1186 struct eap_aka_data *data, 1187 struct wpabuf *respData, 1188 struct eap_sim_attrs *attr) 1189 { 1190 wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification"); 1191 if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind) 1192 eap_aka_state(data, SUCCESS); 1193 else 1194 eap_aka_state(data, FAILURE); 1195 } 1196 1197 1198 static void eap_aka_process(struct eap_sm *sm, void *priv, 1199 struct wpabuf *respData) 1200 { 1201 struct eap_aka_data *data = priv; 1202 const u8 *pos, *end; 1203 u8 subtype; 1204 size_t len; 1205 struct eap_sim_attrs attr; 1206 1207 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, 1208 &len); 1209 if (pos == NULL || len < 3) 1210 return; 1211 1212 end = pos + len; 1213 subtype = *pos; 1214 pos += 3; 1215 1216 if (eap_aka_subtype_ok(data, subtype)) { 1217 wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected " 1218 "EAP-AKA Subtype in EAP Response"); 1219 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 1220 eap_aka_state(data, NOTIFICATION); 1221 return; 1222 } 1223 1224 if (eap_sim_parse_attr(pos, end, &attr, 1225 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1, 1226 0)) { 1227 wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes"); 1228 data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; 1229 eap_aka_state(data, NOTIFICATION); 1230 return; 1231 } 1232 1233 if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) { 1234 eap_aka_process_client_error(sm, data, respData, &attr); 1235 return; 1236 } 1237 1238 if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) { 1239 eap_aka_process_authentication_reject(sm, data, respData, 1240 &attr); 1241 return; 1242 } 1243 1244 switch (data->state) { 1245 case IDENTITY: 1246 eap_aka_process_identity(sm, data, respData, &attr); 1247 break; 1248 case CHALLENGE: 1249 if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) { 1250 eap_aka_process_sync_failure(sm, data, respData, 1251 &attr); 1252 } else { 1253 eap_aka_process_challenge(sm, data, respData, &attr); 1254 } 1255 break; 1256 case REAUTH: 1257 eap_aka_process_reauth(sm, data, respData, &attr); 1258 break; 1259 case NOTIFICATION: 1260 eap_aka_process_notification(sm, data, respData, &attr); 1261 break; 1262 default: 1263 wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in " 1264 "process", data->state); 1265 break; 1266 } 1267 } 1268 1269 1270 static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv) 1271 { 1272 struct eap_aka_data *data = priv; 1273 return data->state == SUCCESS || data->state == FAILURE; 1274 } 1275 1276 1277 static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len) 1278 { 1279 struct eap_aka_data *data = priv; 1280 u8 *key; 1281 1282 if (data->state != SUCCESS) 1283 return NULL; 1284 1285 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN); 1286 if (key == NULL) 1287 return NULL; 1288 *len = EAP_SIM_KEYING_DATA_LEN; 1289 return key; 1290 } 1291 1292 1293 static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len) 1294 { 1295 struct eap_aka_data *data = priv; 1296 u8 *key; 1297 1298 if (data->state != SUCCESS) 1299 return NULL; 1300 1301 key = os_memdup(data->emsk, EAP_EMSK_LEN); 1302 if (key == NULL) 1303 return NULL; 1304 *len = EAP_EMSK_LEN; 1305 return key; 1306 } 1307 1308 1309 static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv) 1310 { 1311 struct eap_aka_data *data = priv; 1312 return data->state == SUCCESS; 1313 } 1314 1315 1316 static u8 * eap_aka_get_session_id(struct eap_sm *sm, void *priv, size_t *len) 1317 { 1318 struct eap_aka_data *data = priv; 1319 u8 *id; 1320 1321 if (data->state != SUCCESS) 1322 return NULL; 1323 1324 if (!data->reauth) 1325 *len = 1 + EAP_AKA_RAND_LEN + EAP_AKA_AUTN_LEN; 1326 else 1327 *len = 1 + EAP_SIM_NONCE_S_LEN + EAP_SIM_MAC_LEN; 1328 id = os_malloc(*len); 1329 if (id == NULL) 1330 return NULL; 1331 1332 id[0] = data->eap_method; 1333 if (!data->reauth) { 1334 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN); 1335 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn, 1336 EAP_AKA_AUTN_LEN); 1337 } else { 1338 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN); 1339 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac, 1340 EAP_SIM_MAC_LEN); 1341 } 1342 wpa_hexdump(MSG_DEBUG, "EAP-AKA: Derived Session-Id", id, *len); 1343 1344 return id; 1345 } 1346 1347 1348 int eap_server_aka_register(void) 1349 { 1350 struct eap_method *eap; 1351 1352 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1353 EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA"); 1354 if (eap == NULL) 1355 return -1; 1356 1357 eap->init = eap_aka_init; 1358 eap->reset = eap_aka_reset; 1359 eap->buildReq = eap_aka_buildReq; 1360 eap->check = eap_aka_check; 1361 eap->process = eap_aka_process; 1362 eap->isDone = eap_aka_isDone; 1363 eap->getKey = eap_aka_getKey; 1364 eap->isSuccess = eap_aka_isSuccess; 1365 eap->get_emsk = eap_aka_get_emsk; 1366 eap->getSessionId = eap_aka_get_session_id; 1367 1368 return eap_server_method_register(eap); 1369 } 1370 1371 1372 #ifdef EAP_SERVER_AKA_PRIME 1373 int eap_server_aka_prime_register(void) 1374 { 1375 struct eap_method *eap; 1376 1377 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, 1378 EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, 1379 "AKA'"); 1380 if (eap == NULL) 1381 return -1; 1382 1383 eap->init = eap_aka_prime_init; 1384 eap->reset = eap_aka_reset; 1385 eap->buildReq = eap_aka_buildReq; 1386 eap->check = eap_aka_check; 1387 eap->process = eap_aka_process; 1388 eap->isDone = eap_aka_isDone; 1389 eap->getKey = eap_aka_getKey; 1390 eap->isSuccess = eap_aka_isSuccess; 1391 eap->get_emsk = eap_aka_get_emsk; 1392 eap->getSessionId = eap_aka_get_session_id; 1393 1394 return eap_server_method_register(eap); 1395 } 1396 #endif /* EAP_SERVER_AKA_PRIME */ 1397