Lines Matching full:data
85 static void eap_aka_state(struct eap_aka_data *data, int state)
88 eap_aka_state_txt(data->state),
90 data->state = state;
96 struct eap_aka_data *data;
100 data = os_zalloc(sizeof(*data));
101 if (data == NULL)
104 data->eap_method = EAP_TYPE_AKA;
108 data->imsi_privacy_key = crypto_rsa_key_read(
110 if (!data->imsi_privacy_key) {
114 os_free(data);
120 os_free(data);
126 data->error_code = NO_EAP_METHOD_ERROR;
128 eap_aka_state(data, CONTINUE);
129 data->prev_id = -1;
131 data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
133 data->use_pseudonym = !sm->init_phase2;
134 if (config && config->anonymous_identity && data->use_pseudonym) {
135 data->pseudonym = os_malloc(config->anonymous_identity_len);
136 if (data->pseudonym) {
137 os_memcpy(data->pseudonym, config->anonymous_identity,
139 data->pseudonym_len = config->anonymous_identity_len;
146 data->mk_identity = os_memdup(sm->identity, sm->identity_len);
147 data->mk_identity_len = sm->identity_len;
150 return data;
157 struct eap_aka_data *data = eap_aka_init(sm);
158 if (data == NULL)
160 data->eap_method = EAP_TYPE_AKA_PRIME;
161 return data;
166 static void eap_aka_clear_keys(struct eap_aka_data *data, int reauth)
169 os_memset(data->mk, 0, EAP_SIM_MK_LEN);
170 os_memset(data->k_aut, 0, EAP_AKA_PRIME_K_AUT_LEN);
171 os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN);
172 os_memset(data->k_re, 0, EAP_AKA_PRIME_K_RE_LEN);
174 os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN);
175 os_memset(data->emsk, 0, EAP_EMSK_LEN);
176 os_memset(data->autn, 0, EAP_AKA_AUTN_LEN);
177 os_memset(data->auts, 0, EAP_AKA_AUTS_LEN);
183 struct eap_aka_data *data = priv;
184 if (data) {
185 os_free(data->pseudonym);
186 os_free(data->reauth_id);
187 os_free(data->mk_identity);
188 wpabuf_free(data->id_msgs);
189 os_free(data->network_name);
190 eap_aka_clear_keys(data, 0);
192 crypto_rsa_key_free(data->imsi_privacy_key);
194 os_free(data);
199 static int eap_aka_ext_sim_req(struct eap_sm *sm, struct eap_aka_data *data)
208 pos += wpa_snprintf_hex(pos, end - pos, data->rand, EAP_AKA_RAND_LEN);
210 wpa_snprintf_hex(pos, end - pos, data->autn, EAP_AKA_AUTN_LEN);
217 static int eap_aka_ext_sim_result(struct eap_sm *sm, struct eap_aka_data *data,
230 if (hexstr2bin(pos, data->auts, EAP_AKA_AUTS_LEN) < 0)
232 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: AUTS", data->auts,
245 wpa_hexdump(MSG_DEBUG, "EAP-AKA: RAND", data->rand, EAP_AKA_RAND_LEN);
247 if (hexstr2bin(pos, data->ik, EAP_AKA_IK_LEN) < 0)
249 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", data->ik, EAP_AKA_IK_LEN);
255 if (hexstr2bin(pos, data->ck, EAP_AKA_CK_LEN) < 0)
257 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", data->ck, EAP_AKA_CK_LEN);
263 data->res_len = os_strlen(pos) / 2;
264 if (data->res_len > EAP_AKA_RES_MAX_LEN) {
265 data->res_len = 0;
268 if (hexstr2bin(pos, data->res, data->res_len) < 0)
270 wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: RES", data->res, data->res_len);
282 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
294 return eap_aka_ext_sim_result(sm, data, conf);
296 return eap_aka_ext_sim_req(sm, data);
300 return scard_umts_auth(sm->scard_ctx, data->rand,
301 data->autn, data->res, &data->res_len,
302 data->ik, data->ck, data->auts);
334 return milenage_check(opc, k, sqn, data->rand, data->autn,
335 data->ik, data->ck,
336 data->res, &data->res_len, data->auts);
346 os_memset(data->res, '2', EAP_AKA_RES_MAX_LEN);
347 data->res_len = EAP_AKA_RES_MAX_LEN;
348 os_memset(data->ik, '3', EAP_AKA_IK_LEN);
349 os_memset(data->ck, '4', EAP_AKA_CK_LEN);
353 if (os_memcmp_const(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
385 struct eap_aka_data *data, int id)
387 if ((id & CLEAR_PSEUDONYM) && data->pseudonym) {
389 os_free(data->pseudonym);
390 data->pseudonym = NULL;
391 data->pseudonym_len = 0;
392 if (data->use_pseudonym)
395 if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
397 os_free(data->reauth_id);
398 data->reauth_id = NULL;
399 data->reauth_id_len = 0;
404 static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
417 os_free(data->pseudonym);
427 data->pseudonym = os_malloc(attr->next_pseudonym_len +
429 if (data->pseudonym == NULL) {
432 data->pseudonym_len = 0;
435 os_memcpy(data->pseudonym, attr->next_pseudonym,
438 os_memcpy(data->pseudonym + attr->next_pseudonym_len,
441 data->pseudonym_len = attr->next_pseudonym_len + realm_len;
442 if (data->use_pseudonym)
443 eap_set_anon_id(sm, data->pseudonym,
444 data->pseudonym_len);
448 os_free(data->reauth_id);
449 data->reauth_id = os_memdup(attr->next_reauth_id,
451 if (data->reauth_id == NULL) {
454 data->reauth_id_len = 0;
457 data->reauth_id_len = attr->next_reauth_id_len;
460 data->reauth_id,
461 data->reauth_id_len);
468 static int eap_aka_add_id_msg(struct eap_aka_data *data,
480 if (!data->id_msgs) {
481 data->id_msgs = wpabuf_alloc(len);
482 if (!data->id_msgs)
484 } else if (wpabuf_resize(&data->id_msgs, len) < 0) {
488 wpabuf_put_buf(data->id_msgs, msg1);
490 wpabuf_put_buf(data->id_msgs, msg2);
496 static void eap_aka_add_checkcode(struct eap_aka_data *data,
505 if (data->id_msgs == NULL) {
515 addr = wpabuf_head(data->id_msgs);
516 len = wpabuf_len(data->id_msgs);
517 wpa_hexdump(MSG_MSGDUMP, "EAP-AKA: AT_CHECKCODE data", addr, len);
519 if (data->eap_method == EAP_TYPE_AKA_PRIME)
526 data->eap_method == EAP_TYPE_AKA_PRIME ?
531 static int eap_aka_verify_checkcode(struct eap_aka_data *data,
542 if (data->id_msgs == NULL) {
552 hash_len = data->eap_method == EAP_TYPE_AKA_PRIME ?
563 addr = wpabuf_head(data->id_msgs);
564 len = wpabuf_len(data->id_msgs);
566 if (data->eap_method == EAP_TYPE_AKA_PRIME)
581 static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id,
586 eap_aka_state(data, FAILURE);
587 data->num_id_req = 0;
588 data->num_notification = 0;
592 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
595 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
599 static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data,
604 eap_aka_state(data, FAILURE);
605 data->num_id_req = 0;
606 data->num_notification = 0;
610 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
612 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
617 struct eap_aka_data *data, u8 id, struct eap_sim_attrs *attr)
621 data->num_id_req = 0;
622 data->num_notification = 0;
626 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
629 eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts,
631 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
640 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
694 struct eap_aka_data *data,
705 data->reauth = 0;
706 if (id_req == ANY_ID && data->reauth_id) {
707 identity = data->reauth_id;
708 identity_len = data->reauth_id_len;
709 data->reauth = 1;
711 data->pseudonym &&
712 !eap_sim_anonymous_username(data->pseudonym,
713 data->pseudonym_len)) {
714 identity = data->pseudonym;
715 identity_len = data->pseudonym_len;
716 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
722 if (data->pseudonym &&
723 eap_sim_anonymous_username(data->pseudonym,
724 data->pseudonym_len))
726 eap_aka_clear_identities(sm, data, ids);
733 if (identity && data->imsi_privacy_key) {
740 data->imsi_privacy_key,
746 data, id,
751 os_free(data->mk_identity);
752 data->mk_identity = os_memdup(identity, identity_len);
753 data->mk_identity_len = identity_len;
761 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
773 os_free(data->mk_identity);
774 data->mk_identity = os_memdup(
777 data->mk_identity_len = config->imsi_identity_len;
781 os_free(data->mk_identity);
782 data->mk_identity = os_memdup(identity, identity_len);
783 data->mk_identity_len = identity_len;
788 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
792 static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data,
798 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
801 eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
802 data->res, data->res_len);
803 eap_aka_add_checkcode(data, msg);
804 if (data->use_result_ind) {
810 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, (u8 *) "",
815 static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data,
824 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
833 counter = data->counter_too_small;
835 counter = data->counter;
840 if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
846 eap_aka_add_checkcode(data, msg);
847 if (data->use_result_ind) {
853 return eap_sim_msg_finish(msg, data->eap_method, data->k_aut, nonce_s,
858 static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data,
862 u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
865 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
867 if (k_aut && data->reauth) {
872 wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
873 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
875 if (eap_sim_msg_add_encr_end(msg, data->k_encr,
887 return eap_sim_msg_finish(msg, data->eap_method, k_aut, (u8 *) "", 0);
892 struct eap_aka_data *data,
907 if (data->num_id_req > 0)
909 data->num_id_req++;
912 if (data->num_id_req > 1)
914 data->num_id_req++;
917 if (data->num_id_req > 2)
919 data->num_id_req++;
925 return eap_aka_client_error(data, id,
929 buf = eap_aka_response_identity(sm, data, id, attr->id_req);
931 if (data->prev_id != id) {
932 if (eap_aka_add_id_msg(data, reqData, buf) < 0) {
937 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
939 data->prev_id = id;
946 static int eap_aka_verify_mac(struct eap_aka_data *data,
951 if (data->eap_method == EAP_TYPE_AKA_PRIME)
952 return eap_sim_verify_mac_sha256(data->k_aut, req, mac, extra,
954 return eap_sim_verify_mac(data->k_aut, req, mac, extra, extra_len);
959 static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data,
964 data->kdf_negotiation = 1;
965 data->kdf = kdf;
968 msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
972 return eap_sim_msg_finish(msg, data->eap_method, NULL, NULL, 0);
976 static struct wpabuf * eap_aka_prime_kdf_neg(struct eap_aka_data *data,
983 os_memcpy(data->last_kdf_attrs, attr->kdf,
985 data->last_kdf_count = attr->kdf_count;
986 return eap_aka_prime_kdf_select(data, id,
993 return eap_aka_authentication_reject(data, id);
997 static int eap_aka_prime_kdf_valid(struct eap_aka_data *data,
1008 if (data->kdf_negotiation) {
1015 if (attr->kdf[0] != data->kdf) {
1022 attr->kdf_count != data->last_kdf_count + 1) {
1029 if (attr->kdf[i] != data->last_kdf_attrs[i - 1]) {
1037 for (i = data->kdf ? 1 : 0; i < attr->kdf_count; i++) {
1053 struct eap_aka_data *data,
1066 eap_aka_verify_checkcode(data, attr->checkcode,
1074 return eap_aka_client_error(data, id,
1080 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1085 return eap_aka_authentication_reject(data, id);
1087 os_free(data->network_name);
1088 data->network_name = os_memdup(attr->kdf_input,
1090 if (data->network_name == NULL) {
1093 return eap_aka_authentication_reject(data, id);
1095 data->network_name_len = attr->kdf_input_len;
1098 data->network_name, data->network_name_len);
1101 res = eap_aka_prime_kdf_valid(data, attr);
1103 return eap_aka_authentication_reject(data, id);
1106 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
1109 return eap_aka_prime_kdf_neg(data, id, attr);
1111 data->kdf = EAP_AKA_PRIME_KDF;
1112 wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
1115 if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
1123 return eap_aka_authentication_reject(data, id);
1128 data->reauth = 0;
1135 return eap_aka_client_error(data, id,
1138 os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
1139 os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);
1141 res = eap_aka_umts_auth(sm, data);
1145 return eap_aka_authentication_reject(data, id);
1149 return eap_aka_synchronization_failure(data, id, attr);
1155 return eap_aka_client_error(data, id,
1159 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1162 u16 amf = WPA_GET_BE16(data->autn + 6);
1166 return eap_aka_authentication_reject(data, id);
1168 eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
1169 data->autn,
1170 data->network_name,
1171 data->network_name_len);
1175 identity = data->mk_identity;
1176 identity_len = data->mk_identity_len;
1179 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1180 eap_aka_prime_derive_keys(identity, identity_len, data->ik,
1181 data->ck, data->k_encr, data->k_aut,
1182 data->k_re, data->msk, data->emsk);
1184 eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
1185 data->mk);
1186 eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
1187 data->msk, data->emsk);
1189 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
1196 return eap_aka_client_error(data, id,
1205 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
1209 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1214 data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
1216 eap_aka_learn_ids(sm, data, &eattr);
1220 if (data->result_ind && attr->result_ind)
1221 data->use_result_ind = 1;
1223 if (data->state != FAILURE) {
1224 eap_aka_state(data, data->use_result_ind ?
1228 data->num_id_req = 0;
1229 data->num_notification = 0;
1233 data->counter = 0;
1234 return eap_aka_response_challenge(data, id);
1238 static int eap_aka_process_notification_reauth(struct eap_aka_data *data,
1246 "reauth did not include encrypted data");
1250 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1255 "data from notification message");
1259 if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
1272 static int eap_aka_process_notification_auth(struct eap_aka_data *data,
1282 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
1288 if (data->reauth &&
1289 eap_aka_process_notification_reauth(data, attr)) {
1300 struct eap_sm *sm, struct eap_aka_data *data, u8 id,
1304 if (data->num_notification > 0) {
1307 return eap_aka_client_error(data, id,
1310 data->num_notification++;
1314 return eap_aka_client_error(data, id,
1319 eap_aka_process_notification_auth(data, reqData, attr)) {
1320 return eap_aka_client_error(data, id,
1326 data->error_code = attr->notification;
1327 eap_aka_state(data, FAILURE);
1329 data->state == RESULT_SUCCESS)
1330 eap_aka_state(data, SUCCESS);
1331 return eap_aka_response_notification(data, id, attr->notification);
1336 struct eap_sm *sm, struct eap_aka_data *data, u8 id,
1345 eap_aka_verify_checkcode(data, attr->checkcode,
1354 return eap_aka_client_error(data, id,
1358 if (data->reauth_id == NULL) {
1361 return eap_aka_client_error(data, id,
1365 data->reauth = 1;
1366 if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
1369 return eap_aka_client_error(data, id,
1377 os_memcpy(data->reauth_mac, attr->mac, EAP_SIM_MAC_LEN);
1379 data->reauth_mac, EAP_SIM_MAC_LEN);
1383 "message did not include encrypted data");
1384 return eap_aka_client_error(data, id,
1388 decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
1393 "data from reauthentication message");
1394 return eap_aka_client_error(data, id,
1403 return eap_aka_client_error(data, id,
1407 if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
1410 "(%d <= %d)", eattr.counter, data->counter);
1411 data->counter_too_small = eattr.counter;
1416 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
1418 res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s);
1423 data->counter = eattr.counter;
1425 os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
1427 data->nonce_s, EAP_SIM_NONCE_S_LEN);
1429 if (data->eap_method == EAP_TYPE_AKA_PRIME) {
1430 eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
1431 data->reauth_id,
1432 data->reauth_id_len,
1433 data->nonce_s,
1434 data->msk, data->emsk);
1436 eap_sim_derive_keys_reauth(data->counter, data->reauth_id,
1437 data->reauth_id_len,
1438 data->nonce_s, data->mk,
1439 data->msk, data->emsk);
1441 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
1442 eap_aka_learn_ids(sm, data, &eattr);
1444 if (data->result_ind && attr->result_ind)
1445 data->use_result_ind = 1;
1447 if (data->state != FAILURE) {
1448 eap_aka_state(data, data->use_result_ind ?
1452 data->num_id_req = 0;
1453 data->num_notification = 0;
1454 if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
1457 eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
1460 return eap_aka_response_reauth(data, id, 0, data->nonce_s);
1468 struct eap_aka_data *data = priv;
1476 wpa_hexdump_buf(MSG_DEBUG, "EAP-AKA: EAP data", reqData);
1484 pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData,
1504 data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
1506 res = eap_aka_client_error(data, id,
1513 res = eap_aka_process_identity(sm, data, id, reqData, &attr);
1516 res = eap_aka_process_challenge(sm, data, id, reqData, &attr);
1519 res = eap_aka_process_notification(sm, data, id, reqData,
1523 res = eap_aka_process_reauthentication(sm, data, id, reqData,
1528 res = eap_aka_client_error(data, id,
1533 res = eap_aka_client_error(data, id,
1539 if (data->state == FAILURE) {
1542 } else if (data->state == SUCCESS) {
1543 ret->decision = data->use_result_ind ?
1550 ret->methodState = data->use_result_ind ?
1552 } else if (data->state == RESULT_SUCCESS)
1565 struct eap_aka_data *data = priv;
1566 return data->pseudonym || data->reauth_id;
1572 struct eap_aka_data *data = priv;
1574 os_free(data->mk_identity);
1575 data->mk_identity = NULL;
1576 data->mk_identity_len = 0;
1577 data->prev_id = -1;
1578 wpabuf_free(data->id_msgs);
1579 data->id_msgs = NULL;
1580 data->use_result_ind = 0;
1581 data->kdf_negotiation = 0;
1582 eap_aka_clear_keys(data, 1);
1588 struct eap_aka_data *data = priv;
1593 os_free(data->mk_identity);
1594 data->mk_identity = os_memdup(sm->identity, sm->identity_len);
1595 data->mk_identity_len = sm->identity_len;
1598 data->num_id_req = 0;
1599 data->num_notification = 0;
1600 eap_aka_state(data, CONTINUE);
1608 struct eap_aka_data *data = priv;
1610 if (data->reauth_id) {
1611 *len = data->reauth_id_len;
1612 return data->reauth_id;
1615 if (data->pseudonym) {
1616 *len = data->pseudonym_len;
1617 return data->pseudonym;
1626 struct eap_aka_data *data = priv;
1627 return data->state == SUCCESS;
1633 struct eap_aka_data *data = priv;
1636 if (data->state != SUCCESS)
1639 key = os_memdup(data->msk, EAP_SIM_KEYING_DATA_LEN);
1651 struct eap_aka_data *data = priv;
1654 if (data->state != SUCCESS)
1657 if (!data->reauth)
1665 id[0] = data->eap_method;
1666 if (!data->reauth) {
1667 os_memcpy(id + 1, data->rand, EAP_AKA_RAND_LEN);
1668 os_memcpy(id + 1 + EAP_AKA_RAND_LEN, data->autn,
1671 os_memcpy(id + 1, data->nonce_s, EAP_SIM_NONCE_S_LEN);
1672 os_memcpy(id + 1 + EAP_SIM_NONCE_S_LEN, data->reauth_mac,
1683 struct eap_aka_data *data = priv;
1686 if (data->state != SUCCESS)
1689 key = os_memdup(data->emsk, EAP_EMSK_LEN);
1701 struct eap_aka_data *data = priv;
1704 if (!data)
1707 current_data_error = data->error_code;
1710 data->error_code = NO_EAP_METHOD_ERROR;